// customers should not be able to see this page
$role_id = Auth::getCurrentRole();
if ($role_id < User::getRoleID('Standard User')) {
Auth::redirect(APP_RELATIVE_URL . "list.php");
}
$prj_id = Auth::getCurrentProject();
// generate options for assign list. If there are groups and user is above a customer, include groups
$groups = Group::getAssocList($prj_id);
$users = Project::getUserAssocList($prj_id, 'active', User::getRoleID('Customer'));
$assign_options = array("" => "Any", "-1" => "un-assigned", "-2" => "myself and un-assigned");
if (User::getGroupID(Auth::getUserID()) != '') {
$assign_options['-3'] = 'myself and my group';
$assign_options['-4'] = 'myself, un-assigned and my group';
}
if (count($groups) > 0 && $role_id > User::getRoleID("Customer")) {
foreach ($groups as $grp_id => $grp_name) {
$assign_options["grp:{$grp_id}"] = "Group: " . $grp_name;
}
}
$assign_options += $users;
$tpl->assign(array("cats" => Category::getAssocList($prj_id), "priorities" => Priority::getList($prj_id), "status" => Status::getAssocStatusList($prj_id), "users" => $assign_options, "releases" => Release::getAssocList($prj_id, TRUE), "custom" => Filter::getListing($prj_id), "custom_fields" => Custom_Field::getListByProject($prj_id, ''), "reporters" => Project::getReporters($prj_id)));
if (!empty($HTTP_GET_VARS["custom_id"])) {
$check_perm = true;
if (Filter::isGlobal($HTTP_GET_VARS["custom_id"])) {
if ($role_id >= User::getRoleID('Manager')) {
$check_perm = false;
}
}
$tpl->assign("options", Filter::getDetails($HTTP_GET_VARS["custom_id"], $check_perm));
}
$tpl->displayTemplate();
/**
* Authorize request.
* TODO: translations
* TODO: ip based control
*/
function authorizeRequest()
{
// try current auth cookie
$usr_id = Auth::getUserID();
if (!$usr_id) {
// otherwise setup HTTP Auth headers
$authData = getAuthData();
if ($authData === null) {
sendAuthenticateHeader();
echo 'Error: You are required to authenticate in order to access the requested RSS feed.';
exit;
}
list($authUser, $authPassword) = $authData;
// check the authentication
if (Validation::isWhitespace($authUser)) {
sendAuthenticateHeader();
echo 'Error: Please provide your email address.';
exit;
}
if (Validation::isWhitespace($authPassword)) {
sendAuthenticateHeader();
echo 'Error: Please provide your password.';
exit;
}
// check if user exists
if (!Auth::userExists($authUser)) {
sendAuthenticateHeader();
echo 'Error: The user specified does not exist.';
exit;
}
// check if the password matches
if (!Auth::isCorrectPassword($authUser, $authPassword)) {
sendAuthenticateHeader();
echo 'Error: The provided email address/password combo is not correct.';
exit;
}
// check if this user did already confirm his account
if (Auth::isPendingUser($authUser)) {
sendAuthenticateHeader();
echo 'Error: The provided user still needs to have its account confirmed.';
exit;
}
// check if this user is really an active one
if (!Auth::isActiveUser($authUser)) {
sendAuthenticateHeader();
echo 'Error: The provided user is currently set as an inactive user.';
exit;
}
$usr_id = User::getUserIDByEmail($authUser);
Auth::createFakeCookie($usr_id);
}
// check if the required parameter 'custom_id' is really being passed
if (empty($_GET['custom_id'])) {
rssError("Error: The required 'custom_id' parameter was not provided.");
exit;
}
// check if the passed 'custom_id' parameter is associated with the usr_id
if (!Filter::isGlobal($_GET['custom_id']) && !Filter::isOwner($_GET['custom_id'], $usr_id)) {
rssError('Error: The provided custom filter ID is not associated with the given email address.');
exit;
}
}
exit;
}
// check if this user is really an active one
if (!Auth::isActiveUser($HTTP_SERVER_VARS['PHP_AUTH_USER'])) {
authenticate();
echo 'Error: The provided user is currently set as an inactive user.';
exit;
}
// check if the required parameter 'custom_id' is really being passed
if (empty($HTTP_GET_VARS['custom_id'])) {
returnError("Error: The required 'custom_id' parameter was not provided.");
exit;
}
$usr_id = User::getUserIDByEmail($HTTP_SERVER_VARS['PHP_AUTH_USER']);
// check if the passed 'custom_id' parameter is associated with the usr_id
if (!Filter::isGlobal($HTTP_GET_VARS['custom_id']) && !Filter::isOwner($HTTP_GET_VARS['custom_id'], $usr_id)) {
returnError('Error: The provided custom filter ID is not associated with the given email address.');
exit;
}
}
$filter = Filter::getDetails($HTTP_GET_VARS["custom_id"], FALSE);
Auth::createFakeCookie(User::getUserIDByEmail($HTTP_SERVER_VARS['PHP_AUTH_USER']), $filter['cst_prj_id']);
$options = array('users' => $filter['cst_users'], 'keywords' => $filter['cst_keywords'], 'priority' => $filter['cst_iss_pri_id'], 'category' => $filter['cst_iss_prc_id'], 'status' => $filter['cst_iss_sta_id'], 'hide_closed' => $filter['cst_hide_closed'], 'hide_answered' => $filter['cst_hide_answered'], 'sort_by' => $filter['cst_sort_by'], 'sort_order' => $filter['cst_sort_order']);
$issues = Issue::getListing($filter['cst_prj_id'], $options, 0, 'ALL', TRUE);
$issues = $issues['list'];
$project_title = Project::getName($filter['cst_prj_id']);
Issue::getDescriptionByIssues($issues);
Header("Content-Type: text/xml; charset=" . APP_CHARSET);
echo '<?xml version="1.0" encoding="' . APP_CHARSET . '"?>' . "\n";
?>
<rss version="2.0"
/**
* Method used to remove specific custom filters.
*
* @access public
* @return integer 1 if the removals worked properly, any other value otherwise
*/
function remove()
{
global $HTTP_POST_VARS;
$items = implode(", ", Misc::escapeInteger($HTTP_POST_VARS["item"]));
foreach ($HTTP_POST_VARS["item"] as $cst_id) {
$stmt = "DELETE FROM\n " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "custom_filter\n WHERE";
if (Filter::isGlobal($cst_id)) {
if (Auth::getCurrentRole() >= User::getRoleID('Manager')) {
$stmt .= " cst_is_global=1 AND ";
} else {
$stmt .= " \n cst_is_global=1 AND\n cst_usr_id=" . Auth::getUserID() . " AND ";
}
} else {
$stmt .= " cst_usr_id=" . Auth::getUserID() . " AND ";
}
$stmt .= "\n cst_prj_id=" . Auth::getCurrentProject() . " AND\n cst_id={$cst_id}";
$res = $GLOBALS["db_api"]->dbh->query($stmt);
if (PEAR::isError($res)) {
Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__);
return -1;
}
}
return 1;
}
// generate options for assign list. If there are groups and user is above a customer, include groups
$groups = Group::getAssocList($prj_id);
$users = Project::getUserAssocList($prj_id, 'active', User::getRoleID('Customer'));
$assign_options = array('' => ev_gettext('Any'), '-1' => ev_gettext('un-assigned'), '-2' => ev_gettext('myself and un-assigned'));
if (Auth::isAnonUser()) {
unset($assign_options['-2']);
} elseif (User::getGroupID(Auth::getUserID()) != '') {
$assign_options['-3'] = ev_gettext('myself and my group');
$assign_options['-4'] = ev_gettext('myself, un-assigned and my group');
}
if (count($groups) > 0 && $role_id > User::getRoleID('Customer')) {
foreach ($groups as $grp_id => $grp_name) {
$assign_options["grp:{$grp_id}"] = 'Group: ' . $grp_name;
}
}
$assign_options += $users;
$tpl->assign(array('cats' => Category::getAssocList($prj_id), 'priorities' => Priority::getList($prj_id), 'severities' => Severity::getList($prj_id), 'status' => Status::getAssocStatusList($prj_id), 'users' => $assign_options, 'releases' => Release::getAssocList($prj_id, true), 'custom' => Filter::getListing($prj_id), 'custom_fields' => Custom_Field::getListByProject($prj_id, ''), 'reporters' => Project::getReporters($prj_id), 'products' => Product::getAssocList(false)));
if (!empty($_GET['custom_id'])) {
$check_perm = true;
if (Filter::isGlobal($_GET['custom_id'])) {
if ($role_id >= User::getRoleID('Manager')) {
$check_perm = false;
}
}
$options = Filter::getDetails($_GET['custom_id'], $check_perm);
} else {
$options = array();
$options['cst_rows'] = APP_DEFAULT_PAGER_SIZE;
}
$tpl->assign('options', $options);
$tpl->displayTemplate();