/** * surveypermission::set() * Function responsible to set permissions to a user/usergroup. * @param mixed $surveyid * @return void */ function set($surveyid) { $aData['surveyid'] = $surveyid = sanitize_int($surveyid); $aViewUrls = array(); $action = $_POST['action']; $clang = Yii::app()->lang; $imageurl = Yii::app()->getConfig('adminimageurl'); $postuserid = !empty($_POST['uid']) ? $_POST['uid'] : null; $postusergroupid = !empty($_POST['ugid']) ? $_POST['ugid'] : null; if ($action == "setsurveysecurity" || $action == "setusergroupsurveysecurity") { $where = 'sid = :surveyid AND owner_id = :owner_id '; $params = array(':surveyid' => $surveyid, ':owner_id' => Yii::app()->session['loginID']); if ($action == "setsurveysecurity") { $where .= "AND owner_id != :postuserid"; $params[':postuserid'] = $postuserid; } $result = Survey::model()->count($where, $params); if ($result > 0 || Yii::app()->session['USER_RIGHT_SUPERADMIN'] == 1) { //$js_admin_includes[]='../scripts/jquery/jquery.tablesorter.min.js'; //$js_admin_includes[]='scripts/surveysecurity.js'; $this->getController()->_js_admin_includes(Yii::app()->getConfig('generalscripts') . 'jquery/jquery.tablesorter.min.js'); $this->getController()->_js_admin_includes(Yii::app()->getConfig('adminscripts') . 'surveysecurity.js'); if ($action == "setsurveysecurity") { $query = "select users_name from {{users}} where uid=:uid"; $resrow = Yii::app()->db->createCommand($query)->bindParam(":uid", $postuserid, PDO::PARAM_INT)->queryRow(); $sUsername = $resrow['users_name']; $usersummary = "<div class='header ui-widget-header'>" . sprintf($clang->gT("Edit survey permissions for user %s"), "<span style='font-style:italic'>" . $sUsername . "</span>") . "</div>"; } else { $resrow = User_groups::model()->find('ugid = :ugid', array(':ugid' => $postusergroupid)); $sUsergroupName = $resrow['name']; $usersummary = "<div class='header ui-widget-header'>" . sprintf($clang->gT("Edit survey permissions for group %s"), "<span style='font-style:italic'>" . $sUsergroupName . "</span>") . "</div>"; } $usersummary .= "<br />" . CHtml::form(array("admin/surveypermission/sa/surveyright/surveyid/{$surveyid}"), 'post') . "<table style='margin:0 auto;' class='usersurveypermissions'><thead>\n"; $usersummary .= "" . "<tr><th></th><th>" . $clang->gT("Permission") . "</th>\n" . "<th><input type='button' id='btnToggleAdvanced' value='<<' /></th>\n" . "<th class='extended'>" . $clang->gT("Create") . "</th>\n" . "<th class='extended'>" . $clang->gT("View/read") . "</th>\n" . "<th class='extended'>" . $clang->gT("Update") . "</th>\n" . "<th class='extended'>" . $clang->gT("Delete") . "</th>\n" . "<th class='extended'>" . $clang->gT("Import") . "</th>\n" . "<th class='extended'>" . $clang->gT("Export") . "</th>\n" . "</tr></thead>\n"; //content $aBasePermissions = Survey_permissions::model()->getBasePermissions(); $oddcolumn = false; foreach ($aBasePermissions as $sPermissionKey => $aCRUDPermissions) { $oddcolumn = !$oddcolumn; $usersummary .= "<tr><td><img src='{$imageurl}{$aCRUDPermissions['img']}_30.png' alt='{$aCRUDPermissions['description']}'/></td>"; $usersummary .= "<td>{$aCRUDPermissions['title']}</td>"; $usersummary .= "<td ><input type=\"checkbox\" class=\"markrow\" name='all_{$sPermissionKey}' /></td>"; foreach ($aCRUDPermissions as $sCRUDKey => $CRUDValue) { if (!in_array($sCRUDKey, array('create', 'read', 'update', 'delete', 'import', 'export'))) { continue; } $usersummary .= "<td class='extended'>"; if ($CRUDValue) { if (!($sPermissionKey == 'survey' && $sCRUDKey == 'read')) { $usersummary .= "<input type=\"checkbox\" class=\"checkboxbtn\" name='perm_{$sPermissionKey}_{$sCRUDKey}' "; if ($action == 'setsurveysecurity' && hasSurveyPermission($surveyid, $sPermissionKey, $sCRUDKey, $postuserid)) { $usersummary .= ' checked="checked" '; } $usersummary .= " />"; } } $usersummary .= "</td>"; } $usersummary .= "</tr>"; } $usersummary .= "\n</table>" . "<p><input type='submit' value='" . $clang->gT("Save Now") . "' />" . "<input type='hidden' name='perm_survey_read' value='1' />" . "<input type='hidden' name='action' value='surveyrights' />"; if ($action == 'setsurveysecurity') { $usersummary .= "<input type='hidden' name='uid' value='{$postuserid}' />"; } else { $usersummary .= "<input type='hidden' name='ugid' value='{$postusergroupid}' />"; } $usersummary .= "</form>\n"; $aViewUrls['output'] = $usersummary; } else { include "accessDenied.php"; } } $this->_renderWrappedTemplate('authentication', $aViewUrls, $aData); }
function user($ugid, $action = 'add') { if (Yii::app()->session['USER_RIGHT_SUPERADMIN'] != true || !in_array($action, array('add', 'remove'))) { die('access denied'); } $clang = Yii::app()->lang; $uid = (int) Yii::app()->request->getPost('uid'); $group = User_groups::model()->findByAttributes(array('ugid' => $ugid, 'owner_id' => Yii::app()->session['loginID'])); if (empty($group)) { list($aViewUrls, $aData) = $this->index(0, array('type' => 'warning', 'message' => $clang->gT('Failed.') . '<br />' . $clang->gT('Group not found.'))); } else { if ($uid > 0 && User::model()->findByPk($uid)) { if ($group->owner_id == $uid) { list($aViewUrls, $aData) = $this->index($ugid, array('type' => 'warning', 'message' => $clang->gT('Failed.') . '<br />' . $clang->gT('You can not add or remove the group owner from the group.'))); } $user_in_group = User_in_groups::model()->findByPk(array('ugid' => $ugid, 'uid' => $uid)); switch ($action) { case 'add': if (empty($user_in_group) && User_in_groups::model()->insertRecords(array('ugid' => $ugid, 'uid' => $uid))) { list($aViewUrls, $aData) = $this->index($ugid, array('type' => 'success', 'message' => $clang->gT('User added.'))); } else { list($aViewUrls, $aData) = $this->index($ugid, array('type' => 'warning', 'message' => $clang->gT('Failed to add user.') . '<br />' . $clang->gT('User already exists in the group.'))); } break; case 'remove': if (!empty($user_in_group) && User_in_groups::model()->deleteByPk(array('ugid' => $ugid, 'uid' => $uid))) { list($aViewUrls, $aData) = $this->index($ugid, array('type' => 'success', 'message' => $clang->gT('User removed.'))); } else { list($aViewUrls, $aData) = $this->index($ugid, array('type' => 'warning', 'message' => $clang->gT('Failed to remove user.') . '<br />' . $clang->gT('User does not exist in the group.'))); } break; } } else { list($aViewUrls, $aData) = $this->index($ugid, array('type' => 'warning', 'message' => $clang->gT('Failed.') . '<br />' . $clang->gT('User not found.'))); } } $this->_renderWrappedTemplate('usergroup', $aViewUrls, $aData); }
function deleteGroup($ugid, $ownerid) { $aParams = array(); $aParams[':ugid'] = $ugid; $sCondition = "ugid = :ugid"; if (!Yii::app()->session['USER_RIGHT_SUPERADMIN']) { $sCondition .= " AND owner_id=:ownerid"; $aParams[':ownerid'] = $ownerid; } $group = User_groups::model()->find($sCondition, $aParams); $group->delete(); if ($group->getErrors()) { return false; } else { return true; } }
function deleteGroup($ugid, $ownerid) { $group = User_groups::model()->find("owner_id = :ownerid AND ugid = :ugid", array(":ownerid" => $ownerid, ":ugid" => $ugid)); $group->delete(); if ($group->getErrors()) { return false; } else { return true; } }