function actionAllowed($controller, $action, $user_id = false)
{
$objPermissionModel = new PermissionsModel();
if ($objPermissionModel->permissionExist($controller, $action)) {
$allowed = $objPermissionModel->hasPermission($controller, $action, $user_id);
if ($allowed) {
return true;
} else {
return false;
}
} else {
// if permission dosnt exist - its allowed by default!
return true;
}
}
function actionCreatePermissions($params = '')
{
$objPermissions = new PermissionsModel();
if (!empty($params['dosubmit'])) {
if (!empty($params['permission']) && is_array($params['permission'])) {
foreach ($params['permission'] as $newPermission) {
if (!empty($newPermission['enable'])) {
if (!empty($newPermission['name']) && !empty($newPermission['description'])) {
unset($newPermission['enable']);
$objPermissions->createPermission($newPermission);
}
}
}
}
}
$possiblePermissions = $objPermissions->findNewPermissions();
$this->view->assign('messages', $this->messages);
$this->view->assign('possiblePermissions', $possiblePermissions);
$this->view->assign('content', $this->view->fetch('tpl/administration/createpermissions.tpl'));
$this->finish();
}
public function get_view()
{
$uid = FannieAuth::getUID(FannieAuth::checkLogin());
$dbc = CalendarPluginDB::get();
$perm = new PermissionsModel($dbc);
$perm->uid($uid);
$calIDs = array();
foreach ($perm->find() as $obj) {
if ($obj->classID() > 1) {
$calIDs[] = $obj->calendarID();
}
}
$ret = '<form action="CalendarAttendedEventPage.php" method="post">';
$ret .= '<div class"form-group">
<label>Calendar</label>:
<select name="calendarID" class="form-control">';
$cal = new CalendarsModel($dbc);
foreach ($calIDs as $id) {
$cal->calendarID($id);
$cal->load();
$ret .= sprintf('<option value="%d">%s</option>', $id, $cal->name());
}
$ret .= '</select></div>';
$ret .= '<div class="form-group">
<label>Date</label>:
<input type="text" class="form-control date-field" id="datestr"
required name="datestr" /></div>';
$ret .= '<div class="form-group">
<label>Max Attendees</label>:
<input type="number" class="form-control" required name="limit" />
</div>';
$ret .= '<div class="form-group">
<label>Event Description</label>:
<textarea name="text" class="form-control"></textarea>
</div>';
$ret .= '<p><button type="submit" class="btn btn-default">Create Event</button></p>';
$ret .= '</form>';
$ret .= '<p><a class="btn btn-default" href="CalendarMainPage.php">Home</a></p>';
return $ret;
}
public function run($args = array())
{
global $FANNIE_URL;
$data = array();
$action = FormLib::get_form_value('action');
if ($action !== '') {
$data[] = $action;
switch ($action) {
case 'save_or_add_event':
$calID = FormLib::get('id', 0);
$text = FormLib::get('text');
$text = str_replace('<br>', "\n", $text);
$text = htmlspecialchars($text);
$text = str_replace("\n", '<br>', $text);
$db = CalendarPluginDB::get();
$event = new MonthviewEventsModel($db);
$eventID = FormLib::get('eventID', false);
if ($eventID !== false) {
$event->eventID($eventID);
$event->eventText($text);
if (!empty($text)) {
$event->save();
} else {
$event->delete();
}
} else {
$date = FormLib::get('datestr');
$uid = FormLib::get('uid');
$event->eventDate($date);
$event->calendarID($calID);
$event->uid($uid);
$event->eventText($text);
if (!empty($text)) {
$eventID = $event->save();
$data = array();
echo $eventID;
}
}
$calendar = new CalendarsModel($db);
$calendar->calendarID($calID);
$calendar->modified(1);
$calendar->save();
break;
case 'monthview_save':
$date = FormLib::get_form_value('date');
$id = FormLib::get_form_value('id', 0);
$text = FormLib::get_form_value('text');
$uid = FormLib::get_form_value('uid', 0);
$db = CalendarPluginDB::get();
$chkP = $db->prepare_statement("SELECT calendarID FROM monthview_events \n WHERE eventDate=? and uid=? and calendarID=?");
$rowCheck = $db->exec_statement($chkP, array($date, $uid, $id));
if ($db->num_rows($rowCheck) <= 0 && $text != "") {
$insP = $db->prepare_statement("INSERT INTO monthview_events \n (calendarID, eventDate, eventText, uid) VALUES (?,?,?,?)");
$db->exec_statement($insP, array($id, $date, $text, $uid));
} else {
if ($text == "") {
$delP = $db->prepare_statement("DELETE FROM monthview_events WHERE\n calendarID=? AND eventDate=?\n AND uid=?");
$db->exec_statement($delP, array($id, $date, $uid));
} else {
$upP = $db->prepare_statement("UPDATE monthview_events SET\n eventText=?\n WHERE calendarID=? AND eventDate=?\n AND uid=?");
$db->exec_statement($upP, array($text, $id, $date, $uid));
}
}
$calendar = new CalendarsModel($db);
$calendar->calendarID($id);
$calendar->modified(1);
$calendar->save();
break;
case 'createCalendar':
$name = FormLib::get_form_value('name');
$uid = FormLib::get_form_value('uid', 0);
$db = CalendarPluginDB::get();
$p = $db->prepare_statement("INSERT INTO calendars (name) VALUES (?)");
$db->exec_statement($p, array($name));
$id = $db->insert_id();
$p = $db->prepare_statement("INSERT INTO permissions (calendarID,uid,classID)\n VALUES (?,?,4)");
$db->exec_statement($p, array($id, $uid));
$data[] = "<p class=\"index\"><a href=\"?calID={$id}&view=month\">{$name}</a></p>";
break;
case 'createSubscription':
$db = CalendarPluginDB::get();
$name = FormLib::get('name');
$url = FormLib::get('url');
$uid = FormLib::get_form_value('uid', 0);
$subscription = new CalendarSubscriptionsModel($db);
$subscription->url($url);
$subscriptionID = $subscription->save();
$calendar = new CalendarsModel($db);
$calendar->name($name);
$calendar->calendarSubscriptionID($subscriptionID);
$calendarID = $calendar->save();
$permissions = new PermissionsModel($db);
$permissions->calendarID($calendarID);
$permissions->uid($uid);
$permissions->classID(4);
$permissions->save();
$data[] = 'Subscribed';
break;
case 'savePrefs':
$calID = FormLib::get_form_value('calID');
$name = str_replace("'", "''", $_GET['name']);
$name = FormLib::get_form_value('name');
$viewers = FormLib::get_form_value('viewers', array());
$writers = FormLib::get_form_value('writers', array());
$db = CalendarPluginDB::get();
$calendar = new CalendarsModel($db);
$calendar->calendarID($calID);
$calendar->load();
$calendar->name($name);
$calendar->save();
$p = $db->prepare_statement("DELETE FROM permissions WHERE calendarID=? and classID < 4");
$db->exec_statement($p, array($calID));
$insP = $db->prepare_statement("INSERT INTO permissions (calendarID,uid,classID) VALUES (?,?,?)");
if ($viewers != "") {
foreach (explode(",", $viewers) as $v) {
$db->exec_statement($insP, array($calID, $v, 1));
}
}
if ($writers != "") {
foreach (explode(",", $writers) as $w) {
$db->exec_statement($insP, array($calID, $w, 2));
}
}
if (FormLib::get('url')) {
$url = FormLib::get('url');
$sub = new CalendarSubscriptionsModel($db);
$sub->calendarSubscriptionID($calendar->calendarSubscriptionID());
$sub->url($url);
$sub->save();
}
break;
case 'weekview_save':
$timestamp = FormLib::get_form_value('ts');
$date = date('Y-m-d H:i:00', $timestamp);
$calID = FormLib::get_form_value('id', 0);
$text = trim(FormLib::get_form_value('text'));
$eID = FormLib::get('eventID', false);
$uid = FannieAuth::getUID(FannieAuth::checkLogin());
$pat = '/#(\\d+)/';
$rep = '<a href="' . $FANNIE_URL . 'modules/plugins2.0/PIKiller/PIMemberPage.php?id=${1}" onclick="noBubble(event);">#${1}</a>';
$text = preg_replace($pat, $rep, $text);
$db = CalendarPluginDB::get();
$model = new MonthviewEventsModel($db);
if ($eID) {
$model->eventID($eID);
}
if (empty($text) && $eID) {
// delete empty event
// no eID implies event doesn't exist
// just opened/closed w/o content
$model->delete();
} else {
if (!empty($text)) {
$model->uid($uid);
$model->eventDate($date);
$model->eventText($text);
$model->calendarID($calID);
$newID = $model->save();
if (!$eID) {
$data[] = $newID;
}
}
}
break;
}
}
return $data;
}