public function savePermissions($request, $product)
{
$acl = SJB_Acl::getInstance();
$resources = $acl->getResources();
$type = 'product';
$role = $product->getSID();
SJB_Acl::clearPermissions($type, $role);
$userGroupSID = $product->getPropertyValue('user_group_sid');
$groupPermissions = SJB_DB::query('select * from `permissions` where `type` = ?s and `role` = ?s', 'group', $userGroupSID);
foreach ($groupPermissions as $key => $groupPermission) {
$groupPermissions[$groupPermission['name']] = $groupPermission;
unset($groupPermissions[$key]);
}
foreach ($resources as $name => $resource) {
$params = isset($request[$name . '_params']) ? $request[$name . '_params'] : '';
$params1 = isset($request[$name . '_params1']) ? $request[$name . '_params1'] : '';
$value = isset($request[$name]) ? $request[$name] : '';
$message = isset($request[$name . '_message']) ? $request[$name . '_message'] : '';
if (empty($value) && isset($groupPermissions[$name])) {
$value = 'inherit';
$message = $groupPermissions[$name]['message'];
$params = $groupPermissions[$name]['params'];
} elseif ($value == 'deny' && $params1) {
$params = $params1;
}
SJB_Acl::allow($name, $type, $role, $value, $params, $message);
}
}
public function execute()
{
$tp = SJB_System::getTemplateProcessor();
$subAdminSID = SJB_Request::getVar('subadmin', 0);
if (!empty($subAdminSID) && ($adminInfo = SJB_SubAdminManager::getSubAdminInfoBySID($subAdminSID))) {
$editedSubAdminInfo = $_REQUEST;
$subAdminInfo = array_merge($adminInfo, $editedSubAdminInfo);
// create subAdmin object
$oSubAdmin = SJB_ObjectMother::createSubAdmin($subAdminInfo);
$oSubAdmin->setSID($adminInfo['sid']);
$oSubAdmin->makePropertyNotRequired("password");
// permissions
$acl = SJB_SubAdminAcl::getInstance();
$type = 'subadmin';
$resources = $acl->getResources();
$perms = SJB_SubAdminAcl::getAllPermissions($type, $oSubAdmin->getSID());
// /permissions
SJB_SubAdminAcl::mergePermissionsWithResources($resources, $perms);
$registration_form = SJB_ObjectMother::createForm($oSubAdmin);
$action = SJB_Request::getVar('action', '');
$registration_form->registerTags($tp);
$errors = array();
if ('save' == $action || $action == 'apply') {
if ($adminInfo['username'] == $subAdminInfo['username']) {
$oSubAdmin->deleteProperty('username');
}
if ($adminInfo['email'] == $subAdminInfo['email']) {
$oSubAdmin->deleteProperty('email');
}
if ($registration_form->isDataValid($errors)) {
$password_value = $oSubAdmin->getPropertyValue('password');
if (empty($password_value['original'])) {
$oSubAdmin->deleteProperty('password');
}
// save subAdmin
SJB_SubAdminManager::saveSubAdmin($oSubAdmin);
$role = $oSubAdmin->getSID();
SJB_Acl::clearPermissions($type, $role);
foreach ($resources as $name => $resource) {
SJB_SubAdminAcl::allow($name, $type, $role, SJB_SubAdminAcl::definePermission($name), SJB_Array::get($resource, 'params', ''));
}
SJB_FlashMessages::getInstance()->addMessage('CHANGES_SAVED');
if ($action == 'save') {
SJB_HelperFunctions::redirect(SJB_System::getSystemSettings('SITE_URL') . "/manage-subadmins/");
}
}
SJB_SubAdminAcl::mergePermissionsWithRequest($resources);
}
SJB_SubAdminAcl::prepareSubPermissions($resources);
$tp->assign("errors", $errors);
$tp->assign("form_fields", $registration_form->getFormFieldsInfo());
$tp->assign('groups', SJB_SubAdminAcl::getPermissionGroups());
$tp->assign('resources', $resources);
$tp->assign('type', $type);
$tp->assign('sid', $subAdminInfo['sid']);
$tp->display('add_subadmin.tpl');
}
}
public function execute()
{
$tp = SJB_System::getTemplateProcessor();
$oSubAdmin = SJB_ObjectMother::createSubAdmin($_REQUEST);
$registration_form = SJB_ObjectMother::createForm($oSubAdmin);
$registration_form->registerTags($tp);
$form_submitted = SJB_Request::getVar('action', '') == 'add';
$errors = array();
$acl = SJB_SubAdminAcl::getInstance();
$type = 'subadmin';
$resources = $acl->getResources();
SJB_SubAdminAcl::mergePermissionsWithResources($resources);
switch (SJB_Request::getVar('action')) {
case 'save':
if ($registration_form->isDataValid($errors)) {
SJB_SubAdminManager::saveSubAdmin($oSubAdmin);
$role = $oSubAdmin->getSID();
SJB_Acl::clearPermissions($type, $role);
foreach ($resources as $name => $resource) {
SJB_SubAdminAcl::allow($name, $type, $role, SJB_SubAdminAcl::definePermission($name), SJB_Request::getVar($name . '_params'));
}
// get new defined permissions for notification letter
$permissions = SJB_SubAdminAcl::getAllPermissions($type, $role);
$resources = $acl->getResources();
SJB_SubAdminAcl::mergePermissionsWithResources($resources, $permissions);
SJB_Notifications::sendSubAdminRegistrationLetter($oSubAdmin, SJB_Request::get(), $resources);
SJB_HelperFunctions::redirect(SJB_System::getSystemSettings('SITE_URL') . '/manage-subadmins/');
}
break;
case 'delete':
$subadmins = SJB_Request::getVar('subadmin', array());
foreach ($subadmins as $subadmin_sid) {
$username = SJB_SubAdminManager::getUserNameBySubAdminSID($subadmin_sid);
SJB_SubAdminManager::deleteSubAdminByUserName($username);
}
SJB_HelperFunctions::redirect(SJB_System::getSystemSettings('SITE_URL') . '/manage-subadmins/');
break;
default:
break;
}
$tp->assign('errors', $errors);
$tp->assign('form_fields', $registration_form->getFormFieldsInfo());
$aPermissionGroups = SJB_SubAdminAcl::getPermissionGroups();
if ('save' == SJB_Request::getVar('action', '')) {
SJB_SubAdminAcl::mergePermissionsWithRequest($resources);
}
SJB_SubAdminAcl::prepareSubPermissions($resources);
$tp->assign('groups', $aPermissionGroups);
$tp->assign('resources', $resources);
$tp->assign('type', $type);
$tp->assign('role', 0);
$tp->display('add_subadmin.tpl');
}
function saveInDB()
{
$result = SJB_ContractSQL::insert($this->_getHashedFields());
if ($result) {
if (!$this->id) {
$this->id = $result;
}
SJB_ContractSQL::updateContractExtraInfoByProductSID($this);
if ($this->status == 'active') {
SJB_Acl::copyPermissions($this->product_sid, $this->id, $this->number_of_listings);
} else {
SJB_Acl::clearPermissions('contract', $this->id);
}
$userInfo = SJB_UserManager::getUserInfoBySID($this->user_sid);
$user = new SJB_User($userInfo, $userInfo['user_group_sid']);
$user->updateSubscribeOnceUsersProperties($this->product_sid, $this->user_sid);
}
return (bool) $result;
}
public function savePermissions($request, $product)
{
$acl = SJB_Acl::getInstance();
$resources = $acl->getResources();
$type = 'product';
$role = $product->getSID();
$serialized_extra_info = unserialize($product->getPropertyValue('serialized_extra_info'));
$pricingType = $serialized_extra_info['pricing_type'];
$listingTypeSid = $serialized_extra_info['listing_type_sid'];
$listingTypeId = strtolower(SJB_ListingTypeManager::getListingTypeIDBySID($listingTypeSid));
$userGroupSID = $product->getPropertyValue('user_group_sid');
$groupPermissions = SJB_DB::query('select * from `permissions` where `type` = ?s and `role` = ?s', 'group', $userGroupSID);
SJB_Acl::clearPermissions($type, $role);
foreach ($groupPermissions as $key => $groupPermission) {
$groupPermissions[$groupPermission['name']] = $groupPermission;
unset($groupPermissions[$key]);
}
foreach ($resources as $name => $resource) {
$params = isset($request[$name . '_params']) ? $request[$name . '_params'] : '';
$params1 = isset($request[$name . '_params1']) ? $request[$name . '_params1'] : '';
$value = isset($request[$name]) ? $request[$name] : '';
$message = isset($request[$name . '_message']) ? $request[$name . '_message'] : '';
if ($name == 'post_' . $listingTypeId) {
$value = 'allow';
if ($pricingType == 'fixed') {
$params = $product->getPropertyValue('number_of_listings');
}
} elseif ($name == 'add_featured_listings' && (!empty($serialized_extra_info['featured']) || !empty($serialized_extra_info['upgrade_to_featured_listing_price']))) {
$value = 'allow';
} elseif ($name == 'add_priority_listings' && (!empty($serialized_extra_info['priority']) || !empty($serialized_extra_info['upgrade_to_priority_listing_price']))) {
$value = 'allow';
}
if (empty($value) && isset($groupPermissions[$name])) {
$value = 'inherit';
$message = $groupPermissions[$name]['message'];
$params = $groupPermissions[$name]['params'];
} elseif ($value == 'deny' && $params1) {
$params = $params1;
}
SJB_Acl::allow($name, $type, $role, $value, $params, $message);
}
}
public function execute()
{
$tp = SJB_System::getTemplateProcessor();
$errors = array();
$template = 'sub_accounts.tpl';
$currentUserInfo = SJB_UserManager::getCurrentUserInfo();
$listSubusers = false;
if (!empty($currentUserInfo['subuser']) && SJB_Request::getVar('action_name') != 'edit' && SJB_Request::getVar('user_id', 0) != $currentUserInfo['subuser']['sid']) {
$errors['ACCESS_DENIED'] = 'ACCESS_DENIED';
}
switch (SJB_Request::getVar('action_name')) {
case 'new':
$form_submitted = SJB_Request::getMethod() === SJB_Request::METHOD_POST;
$user_group_sid = $currentUserInfo['user_group_sid'];
$user_group_info = SJB_UserGroupManager::getUserGroupInfoBySID($user_group_sid);
$_REQUEST['user_group_id'] = $user_group_info['id'];
$user = SJB_ObjectMother::createUser($_REQUEST, $user_group_sid);
$props = $user->getProperties();
$allowedProperties = array('username', 'email', 'password');
foreach ($props as $prop) {
if (!in_array($prop->getID(), $allowedProperties)) {
$user->deleteProperty($prop->getID());
}
}
$registration_form = SJB_ObjectMother::createForm($user);
$registration_form->registerTags($tp);
if (SJB_UserGroupManager::isUserEmailAsUsernameInUserGroup($user_group_sid) && $form_submitted) {
$email = $user->getPropertyValue('email');
if (is_array($email)) {
$email = $email['original'];
}
$user->setPropertyValue('username', $email);
}
$registration_form = SJB_ObjectMother::createForm($user);
if ($form_submitted && $registration_form->isDataValid($errors)) {
$user->addParentProperty($currentUserInfo['sid']);
$subuserPermissions = array('subuser_add_listings' => array('title' => 'Add new listings', 'value' => 'deny'), 'subuser_manage_listings' => array('title' => 'Manage listings and applications of other sub users', 'value' => 'deny'), 'subuser_manage_subscription' => array('title' => 'View and update subscription', 'value' => 'deny'), 'subuser_use_screening_questionnaires' => array('title' => 'Manage Questionnaries', 'value' => 'deny'));
SJB_UserManager::saveUser($user);
SJB_Statistics::addStatistics('addSubAccount', $user->getUserGroupSID(), $user->getSID());
SJB_Acl::clearPermissions('user', $user->getSID());
foreach ($subuserPermissions as $permissionID => $permission) {
$allowDeny = SJB_Request::getVar($permissionID, 'deny');
$subuserPermissions[$permissionID]['value'] = $allowDeny;
SJB_Acl::allow($permissionID, 'user', $user->getSID(), $allowDeny);
}
SJB_UserManager::activateUserByUserName($user->getUserName());
SJB_Notifications::sendSubuserRegistrationLetter($user, SJB_Request::get(), $subuserPermissions);
$tp->assign('isSubuserRegistered', true);
$listSubusers = true;
} else {
if (SJB_UserGroupManager::isUserEmailAsUsernameInUserGroup($user_group_sid)) {
$user->deleteProperty("username");
}
$registration_form = SJB_ObjectMother::createForm($user);
if ($form_submitted) {
$registration_form->isDataValid($errors);
}
$registration_form->registerTags($tp);
$form_fields = $registration_form->getFormFieldsInfo();
$user_group_info = SJB_UserGroupManager::getUserGroupInfoBySID($user_group_sid);
$tp->assign("user_group_info", $user_group_info);
$tp->assign("errors", $errors);
$tp->assign("form_fields", $form_fields);
$metaDataProvider = SJB_ObjectMother::getMetaDataProvider();
$tp->assign("METADATA", array("form_fields" => $metaDataProvider->getFormFieldsMetadata($form_fields)));
$tp->display('subuser_registration_form.tpl');
}
break;
case 'edit':
$userInfo = SJB_UserManager::getUserInfoBySID(SJB_Request::getVar('user_id', 0));
if (!empty($userInfo) && $userInfo['parent_sid'] === $currentUserInfo['sid']) {
$userInfo = array_merge($userInfo, $_REQUEST);
$user_group_info = SJB_UserGroupManager::getUserGroupInfoBySID($currentUserInfo['user_group_sid']);
$user = new SJB_User($userInfo, $userInfo['user_group_sid']);
$user->setSID($userInfo['sid']);
$user->addParentProperty($currentUserInfo['sid']);
$props = $user->getProperties();
$allowedProperties = array('username', 'email', 'password');
foreach ($props as $prop) {
if (!in_array($prop->getID(), $allowedProperties)) {
$user->deleteProperty($prop->getID());
}
}
$user->makePropertyNotRequired("password");
$edit_profile_form = SJB_ObjectMother::createForm($user);
$edit_profile_form->registerTags($tp);
$edit_profile_form->makeDisabled("username");
$form_submitted = SJB_Request::getMethod() == SJB_Request::METHOD_POST;
if (empty($errors) && $form_submitted && $edit_profile_form->isDataValid($errors)) {
$password_value = $user->getPropertyValue('password');
if (empty($password_value['original'])) {
$user->deleteProperty('password');
}
$currentUser = SJB_UserManager::getCurrentUser();
if (!$currentUser->isSubuser()) {
$subuserPermissions = array('subuser_add_listings', 'subuser_manage_listings', 'subuser_manage_subscription', 'subuser_use_screening_questionnaires');
SJB_Acl::clearPermissions('user', $user->getSID());
foreach ($subuserPermissions as $permission) {
SJB_Acl::allow($permission, 'user', $user->getSID(), SJB_Request::getVar($permission, 'deny'));
}
}
SJB_UserManager::saveUser($user);
$tp->assign("form_is_submitted", true);
} else {
$tp->assign("errors", $errors);
}
$form_fields = $edit_profile_form->getFormFieldsInfo();
$metaDataProvider = SJB_ObjectMother::getMetaDataProvider();
$tp->assign("METADATA", array("form_fields" => $metaDataProvider->getFormFieldsMetadata($form_fields)));
$tp->assign("form_fields", $form_fields);
$tp->assign('user_info', $userInfo);
$tp->display('edit_subuser_profile.tpl');
}
break;
case 'delete':
$users = SJB_Request::getVar('user_id', array());
foreach ($users as $user) {
SJB_UserManager::deleteUserById($user);
}
$listSubusers = true;
break;
default:
$listSubusers = true;
break;
}
if ($listSubusers) {
$tp->assign('errors', $errors);
$tp->assign('subusers', SJB_UserManager::getSubusers($currentUserInfo['sid']));
$tp->assign('isEmailAsUsername', SJB_UserGroupManager::isUserEmailAsUsernameInUserGroup($currentUserInfo['user_group_sid']));
$tp->display($template);
}
}
public function execute()
{
$acl = SJB_Acl::getInstance();
$type = SJB_Request::getVar('type', '');
$role = SJB_Request::getVar('role', '');
$tp = SJB_System::getTemplateProcessor();
$resources = $acl->getResources();
$form_submitted = SJB_Request::getVar('action');
if ($form_submitted) {
SJB_Acl::clearPermissions($type, $role);
foreach ($resources as $name => $resource) {
$params = SJB_Request::getVar($name . '_params');
$message = '';
if (SJB_Request::getVar($name) == 'deny') {
$params = SJB_Request::getVar($name . '_params1');
if ($params == 'message') {
$message = SJB_Request::getVar($name . '_message');
}
}
SJB_Acl::allow($name, $type, $role, SJB_Request::getVar($name, ''), $params, SJB_Request::getVar($name . '_message'));
}
if ($type == 'plan' && SJB_Request::getVar('update_users', 0) == 1) {
$contracts = SJB_ContractManager::getAllContractsByMemebershipPlanSID($role);
foreach ($contracts as $contract_id) {
SJB_Acl::clearPermissions('contract', $contract_id['id']);
SJB_DB::query("insert into `permissions` (`type`, `role`, `name`, `value`, `params`, `message`)" . " select 'contract', ?s, `name`, `value`, `params`, `message` from `permissions` " . " where `type` = 'plan' and `role` = ?s", $contract_id['id'], $role);
}
}
if ($form_submitted == 'save') {
switch ($type) {
case 'group':
$parameter = "/edit-user-group/?sid=" . $role;
break;
case 'guest':
$parameter = "/user-groups/";
break;
}
SJB_HelperFunctions::redirect(SJB_System::getSystemSettings("SITE_URL") . $parameter);
}
}
$acl = SJB_Acl::getInstance(true);
$resources = $acl->getResources($type);
$perms = SJB_DB::query('select * from `permissions` where `type` = ?s and `role` = ?s', $type, $role);
foreach ($resources as $key => $resource) {
$resources[$key]['value'] = 'inherit';
$resources[$key]['name'] = $key;
foreach ($perms as $perm) {
if ($key == $perm['name']) {
$resources[$key]['value'] = $perm['value'];
$resources[$key]['params'] = $perm['params'];
$resources[$key]['message'] = $perm['message'];
break;
}
}
}
$tp->assign('resources', $resources);
$tp->assign('type', $type);
$tp->assign('listingTypes', SJB_ListingTypeManager::getAllListingTypesInfo());
$tp->assign('role', $role);
switch ($type) {
case 'group':
$tp->assign('userGroupInfo', SJB_UserGroupManager::getUserGroupInfoBySID($role));
break;
case 'user':
$userInfo = SJB_UserManager::getUserInfoBySID($role);
$tp->assign('userGroupInfo', SJB_UserGroupManager::getUserGroupInfoBySID($userInfo['user_group_sid']));
break;
}
$tp->display('acl.tpl');
}
