PHP module_company::add_user_to_companyの例

コード例 #1

ファイル: user.php プロジェクト: sgh1986915/php-crm

 public function save_user($user_id, $data, $from_public = false)
 {
     $use_master_key = $this->get_contact_master_key();
     if ($from_public) {
         $user_id = 0;
     } else {
         if ($use_master_key && isset($data[$use_master_key]) && $data[$use_master_key]) {
             if (!module_user::can_i('edit', 'Contacts', 'Customer')) {
                 set_error('Unable to edit contacts.');
                 return false;
             }
         } else {
             if (!self::can_i('edit', 'Users', 'Config')) {
                 set_error('Unable to edit users.');
                 return false;
             }
         }
         $user_id = (int) $user_id;
     }
     $temp_user = array();
     if ($user_id > 0) {
         // check permissions
         $temp_user = $this->get_user($user_id, true, false);
         if (!$temp_user || $temp_user['user_id'] != $user_id || isset($temp_user['_perms'])) {
             $user_id = false;
         }
     }
     if (!$user_id && !$from_public) {
         if ($use_master_key && isset($data[$use_master_key]) && $data[$use_master_key]) {
             if (!module_user::can_i('create', 'Contacts', 'Customer')) {
                 set_error('Unable to create new contacts.');
                 return false;
             }
         } else {
             if (!self::can_i('create', 'Users', 'Config')) {
                 set_error('Unable to create new users.');
                 return false;
             }
         }
     } else {
         if ($user_id == 1 && module_security::get_loggedin_id() != 1) {
             set_error('Sorry only the administrator can modify this account');
         }
     }
     // check the customer id is valid assignment to someone who has these perms.
     if (!$from_public) {
         if (isset($data['customer_id']) && (int) $data['customer_id'] > 0) {
             $temp_customer = module_customer::get_customer($data['customer_id']);
             if (!$temp_customer || $temp_customer['customer_id'] != $data['customer_id']) {
                 unset($data['customer_id']);
             }
         }
         if (isset($data['vendor_id']) && (int) $data['vendor_id'] > 0) {
             $temp_vendor = module_vendor::get_vendor($data['vendor_id']);
             if (!$temp_vendor || $temp_vendor['vendor_id'] != $data['vendor_id']) {
                 unset($data['vendor_id']);
             }
         }
     }
     if (isset($data['password'])) {
         unset($data['password']);
     }
     // we do the password hash thing here.
     if (isset($data['password_new']) && strlen($data['password_new'])) {
         // an admin is trying to set the password for this account.
         // same permissions checks as on the user_admin_edit_login.php page
         if (!$user_id || isset($temp_user['password']) && !$temp_user['password'] || module_user::can_i('create', 'Users Passwords', 'Config') || isset($_REQUEST['reset_password']) && $_REQUEST['reset_password'] == module_security::get_auto_login_string($user_id)) {
             // we allow the admin to set a new password without typing in previous password.
             $data['password'] = $data['password_new'];
         } else {
             set_error('Sorry, no permissions to set a new password.');
         }
     } else {
         if ($user_id && isset($data['password_new1']) && isset($data['password_new2']) && strlen($data['password_new1'])) {
             // the user is trying to change their password.
             // only do this if the user has edit password permissions and their password matches.
             if (module_user::can_i('edit', 'Users Passwords', 'Config') || $user_id == module_security::get_loggedin_id()) {
                 if (isset($data['password_old']) && (md5($data['password_old']) == $temp_user['password'] || $data['password_old'] == $temp_user['password'])) {
                     // correct old password
                     // verify new password.
                     if ($data['password_new1'] == $data['password_new2']) {
                         $data['password'] = $data['password_new1'];
                     } else {
                         set_error('Verified password mismatch. Password unchanged.');
                     }
                 } else {
                     set_error('Old password does not match. Password unchanged.');
                 }
             } else {
                 set_error('No permissions to change passwords');
             }
         }
     }
     // and we finally hash our password
     if (isset($data['password']) && strlen($data['password']) > 0) {
         $data['password'] = md5($data['password']);
         // if you change md5 also change it in customer import.
         // todo - salt? meh.
     }
     $user_id = update_insert("user_id", $user_id, "user", $data);
     $use_master_key = $this->get_contact_master_key();
     // this will be customer_id or supplier_id
     if ($use_master_key && (isset($data[$use_master_key]) && $data[$use_master_key])) {
         if ($user_id) {
             if (isset($data['customer_primary']) && $data['customer_primary']) {
                 // update the customer/supplier to mark them as primary or not..
                 switch ($use_master_key) {
                     case 'customer_id':
                         module_customer::set_primary_user_id($data['customer_id'], $user_id);
                         break;
                     case 'vendor_id':
                         module_vendor::set_primary_user_id($data['vendor_id'], $user_id);
                         break;
                 }
             } else {
                 // check if this contact was the old customer/supplier primary and
                 switch ($use_master_key) {
                     case 'customer_id':
                         $customer_data = module_customer::get_customer($data['customer_id']);
                         if ($customer_data['primary_user_id'] == $user_id) {
                             module_customer::set_primary_user_id($data['customer_id'], 0);
                         }
                         break;
                     case 'vendor_id':
                         $vendor_data = module_vendor::get_vendor($data['vendor_id']);
                         if ($vendor_data['primary_user_id'] == $user_id) {
                             module_vendor::set_primary_user_id($data['vendor_id'], 0);
                         }
                         break;
                 }
             }
         }
     }
     if (!$from_public) {
         // hack for linked user accounts.
         if ($user_id && isset($data['link_customers']) && $data['link_customers'] == 'yes' && isset($data['link_user_ids']) && is_array($data['link_user_ids']) && isset($data['email']) && $data['email']) {
             $others = module_user::get_contacts(array('email' => $data['email']));
             foreach ($data['link_user_ids'] as $link_user_id) {
                 if (!(int) $link_user_id) {
                     continue;
                 }
                 if ($link_user_id == $user_id) {
                     continue;
                 }
                 // shouldnt happen
                 foreach ($others as $other) {
                     if ($other['user_id'] == $link_user_id) {
                         // success! they'renot trying to hack us.
                         $sql = "REPLACE INTO `" . _DB_PREFIX . "user_customer_rel` SET user_id = '" . (int) $link_user_id . "', customer_id = '" . (int) $other['customer_id'] . "', `primary` = " . (int) $user_id;
                         query($sql);
                         update_insert('user_id', $link_user_id, 'user', array('linked_parent_user_id' => $user_id));
                     }
                 }
             }
             update_insert('user_id', $user_id, 'user', array('linked_parent_user_id' => $user_id));
         }
         if ($user_id && isset($data['unlink']) && $data['unlink'] == 'yes') {
             $sql = "DELETE FROM `" . _DB_PREFIX . "user_customer_rel` WHERE user_id = '" . (int) $user_id . "'";
             query($sql);
             update_insert('user_id', $user_id, 'user', array('linked_parent_user_id' => 0));
         }
         handle_hook("address_block_save", $this, "physical", "user", "user_id", $user_id);
         handle_hook("address_block_save", $this, "postal", "user", "user_id", $user_id);
         if (class_exists('module_extra', false) && module_extra::is_plugin_enabled()) {
             module_extra::save_extras('user', 'user_id', $user_id);
         }
         // find current role / permissions
         $user_data = $this->get_user($user_id);
         $previous_user_roles = $user_data['roles'];
         $re_save_role_perms = false;
         // hack to support only 1 role (we may support multi-role in the future)
         // TODO: check we have permissions to set this role id, otherwise anyone can set their own role.
         if (isset($_REQUEST['role_id'])) {
             $sql = "DELETE FROM `" . _DB_PREFIX . "user_role` WHERE user_id = '" . (int) $user_id . "'";
             query($sql);
             if ((int) $_REQUEST['role_id'] > 0) {
                 if (!isset($previous_user_roles[$_REQUEST['role_id']])) {
                     $re_save_role_perms = (int) $_REQUEST['role_id'];
                 }
                 $_REQUEST['role'] = array($_REQUEST['role_id'] => 1);
             }
         }
         // save users roles (support for multi roles in future - but probably will never happen)
         if (isset($_REQUEST['role']) && is_array($_REQUEST['role'])) {
             foreach ($_REQUEST['role'] as $role_id => $tf) {
                 $this->add_user_to_role($user_id, $role_id);
             }
         }
         if ($re_save_role_perms) {
             // copy role permissiosn to user permissions
             $sql = "DELETE FROM `" . _DB_PREFIX . "user_perm` WHERE user_id = " . (int) $user_id;
             query($sql);
             // update - we are not relying on these permissions any more.
             // if the user has a role assigned, we use those permissions period
             // we ignore all permissions in the user_perm table if the user has a role.
             // if the user doesn't have a role, then we use these user_perm permissions.
             /*$security_role = module_security::get_security_role($re_save_role_perms);
             		foreach($security_role['permissions'] as $security_permission_id => $d){
             			$sql = "INSERT INTO `"._DB_PREFIX."user_perm` SET user_id = ".(int)$user_id.", security_permission_id = '".(int)$security_permission_id."'";
             			foreach(module_security::$available_permissions as $perm){
             				$sql .= ", `".$perm."` = ".(int)$d[$perm];
             			}
             			query($sql);
             		}*/
         } else {
             if (isset($_REQUEST['permission']) && is_array($_REQUEST['permission'])) {
                 $sql = "DELETE FROM `" . _DB_PREFIX . "user_perm` WHERE user_id = '" . (int) $user_id . "'";
                 query($sql);
                 // update permissions for this user.
                 foreach ($_REQUEST['permission'] as $security_permission_id => $permissions) {
                     $actions = array();
                     foreach (module_security::$available_permissions as $permission) {
                         if (isset($permissions[$permission]) && $permissions[$permission]) {
                             $actions[$permission] = 1;
                         }
                     }
                     $sql = "REPLACE INTO `" . _DB_PREFIX . "user_perm` SET user_id = '" . (int) $user_id . "', security_permission_id = '" . (int) $security_permission_id . "' ";
                     foreach ($actions as $permission => $tf) {
                         $sql .= ", `" . mysql_real_escape_string($permission) . "` = 1";
                     }
                     query($sql);
                 }
             }
         }
         /*global $plugins;
         		if($user_id && isset($data['user_type_id']) && $data['user_type_id'] == 1 && $data['site_id']){
         			// update the site.
         			$plugins['site']->set_primary_user_id($data['site_id'],$user_id);
         		}else{
         			//this use isn't (or isnt any more) the sites primary user.
         			// unset this if he was the primary user before
         			$site_data = $plugins['site']->get_site($data['site_id']);
         			if(isset($site_data['primary_user_id']) && $site_data['primary_user_id'] == $user_id){
         				$plugins['site']->set_primary_user_id($data['site_id'],0);
         			}
         		}*/
         // save the company information if it's available
         if (class_exists('module_company', false) && module_company::can_i('edit', 'Company') && module_company::is_enabled() && module_user::can_i('edit', 'User')) {
             if (isset($_REQUEST['available_user_company']) && is_array($_REQUEST['available_user_company'])) {
                 $selected_companies = isset($_POST['user_company']) && is_array($_POST['user_company']) ? $_POST['user_company'] : array();
                 foreach ($_REQUEST['available_user_company'] as $company_id => $tf) {
                     if (!isset($selected_companies[$company_id]) || !$selected_companies[$company_id]) {
                         // remove user from this company
                         module_company::delete_user($company_id, $user_id);
                     } else {
                         // add user to this company (if they are not already existing)
                         module_company::add_user_to_company($company_id, $user_id);
                     }
                 }
             }
         }
     }
     module_cache::clear('user');
     return $user_id;
 }