function set_permission($values, $r_processed, $set_grant = false, $initials = '')
{
$this->acl->enable_inheritance = phpgw::get_var('enable_inheritance', 'bool', 'POST');
if ($initials) {
$this->so->set_initials($initials);
}
$process = explode('_', $r_processed);
if (!isset($values['right']) || !is_array($values['right'])) {
$values['right'] = array();
}
if (!isset($values['mask']) || !is_array($values['mask'])) {
$values['mask'] = array();
}
$grantor = -1;
if ($set_grant) {
if ($this->granting_group) {
$grantor = $this->granting_group;
} else {
$grantor = $this->account_id;
}
}
$this->set_permission2($values['right'], $process, $grantor, 0);
$this->set_permission2($values['mask'], $process, $grantor, 1);
$cleared = $this->bocommon->reset_fm_cache_userlist();
$receipt['message'][] = array('msg' => lang('permissions are updated!'));
$receipt['message'][] = array('msg' => lang('%1 userlists cleared from cache', $cleared));
phpgwapi_cache::user_clear('phpgwapi', 'menu', -1);
return $receipt;
}
/**
* Clear the user's menu so it can be regenerated cleanly
*
* @return void
*/
public function clear()
{
$account_id = $GLOBALS['phpgw_info']['user']['account_id'];
phpgwapi_cache::user_clear('phpgwapi', 'menu', $account_id);
}
/**
* Delete ACL information from cache
*
* @param integer $account_id the account to delete data from the cache for
*
* @return null
*/
protected function _delete_cache($account_id, $location_id)
{
$accounts = array();
if ($GLOBALS['phpgw']->accounts->get_type($account_id) == phpgwapi_account::TYPE_GROUP) {
$accounts = $GLOBALS['phpgw']->accounts->get_members($account_id);
}
$accounts[] = $account_id;
$sql = "SELECT app_id FROM phpgw_locations WHERE location_id = {$location_id}";
$this->_db->query($sql, __LINE__, __FILE__);
$this->_db->next_record();
$app_id = $this->_db->f('app_id');
foreach ($accounts as $id) {
phpgwapi_cache::user_clear('phpgwapi', "acl_data_{$app_id}_{$location_id}", $id);
}
}
function set_permission($values, $r_processed, $set_grant = false)
{
$this->acl->enable_inheritance = phpgw::get_var('enable_inheritance', 'bool', 'POST');
$process = explode('_', $r_processed);
if (!isset($values['right']) || !is_array($values['right'])) {
$values['right'] = array();
}
if (!isset($values['mask']) || !is_array($values['mask'])) {
$values['mask'] = array();
}
$grantor = -1;
if ($set_grant) {
if ($this->granting_group) {
$grantor = $this->granting_group;
} else {
$grantor = $GLOBALS['phpgw_info']['user']['account_id'];
}
}
$this->set_permission2($values['right'], $process, $grantor, 0);
$this->set_permission2($values['mask'], $process, $grantor, 1);
$receipt['message'][] = array('msg' => lang('permissions are updated!'));
// this feature will probably move into the api as standard
if ($this->acl_app == 'property') {
$cleared = execMethod('property.bocommon.reset_fm_cache_userlist');
$receipt['message'][] = array('msg' => lang('%1 userlists cleared from cache', $cleared));
}
phpgwapi_cache::user_clear('phpgwapi', 'menu', -1);
return $receipt;
}
/**
* Saves a new user (account) or update an existing one
*
* @param array &$values Account details
*
* @return integer the account id - 0 = error
*/
function save_user(&$values)
{
if (!is_array($values)) {
throw new Exception(lang('Invalid data'));
}
if (!(isset($values['id']) && $values['id']) && $GLOBALS['phpgw']->acl->check('account_access', phpgwapi_acl::ADD, 'admin')) {
throw new Exception(lang('no permission to add users'));
}
if ($values['id']) {
$user = $GLOBALS['phpgw']->accounts->get($values['id']);
} else {
$user = new phpgwapi_user();
}
if (isset($values['expires_never']) && $values['expires_never']) {
$values['expires'] = -1;
$values['account_expires'] = $values['expires'];
} else {
$date_valid = checkdate($values['account_expires_month'], $values['account_expires_day'], $values['account_expires_year']);
if (!$date_valid) {
throw new Exception(lang('You have entered an invalid expiration date'));
}
$values['expires'] = mktime(2, 0, 0, $values['account_expires_month'], $values['account_expires_day'], $values['account_expires_year']);
$values['account_expires'] = $values['expires'];
}
if (!$user->old_loginid && !$values['passwd']) {
throw new Exception('You must enter a password');
}
if (!$values['lid']) {
throw new Exception(lang('You must enter a loginid'));
}
if ($user->old_loginid != $values['lid']) {
if ($GLOBALS['phpgw']->accounts->exists($values['lid'])) {
throw new Exception(lang('That loginid has already been taken'));
}
}
if ($values['passwd'] || $values['passwd_2']) {
if ($values['passwd'] != $values['passwd_2']) {
throw new Exception(lang('The passwords don\'t match'));
}
}
if (!count($values['account_permissions']) && !count($values['account_groups'])) {
throw new Exception(lang('You must add at least 1 application or group to this account'));
}
$user_data = array('id' => (int) $values['id'], 'lid' => $values['lid'], 'firstname' => $values['firstname'], 'lastname' => $values['lastname'], 'enabled' => isset($values['enabled']) ? $values['enabled'] : '', 'expires' => $values['expires'], 'quota' => $values['quota']);
if ($values['passwd']) {
$user_data['passwd'] = $values['passwd'];
}
if (false) {
$user_data['homedirectory'] = $values['homedirectory'];
$user_data['loginshell'] = $values['loginshell'];
}
$groups = $values['account_groups'];
$acls = array();
if (isset($values['changepassword']) && $values['changepassword']) {
$acls[] = array('appname' => 'preferences', 'location' => 'changepassword', 'rights' => 1);
}
if (isset($values['anonymous']) && $values['anonymous']) {
$acls[] = array('appname' => 'phpgwapi', 'location' => 'anonymous', 'rights' => 1);
}
$apps_admin = $values['account_permissions_admin'] ? array_keys($values['account_permissions_admin']) : array();
foreach ($apps_admin as $app_admin) {
$acls[] = array('appname' => $app_admin, 'location' => 'admin', 'rights' => phpgwapi_acl::ADD);
}
$apps = $values['account_permissions'] ? array_keys($values['account_permissions']) : array();
unset($values['account_groups'], $values['account_permissions'], $values['account_permissions_admin']);
try {
foreach ($user_data as $key => $val) {
$user->{$key} = $val;
}
} catch (Exception $e) {
throw $e;
}
if ($user->id) {
phpgwapi_cache::user_clear('phpgwapi', 'menu', $user->id);
}
if (!$user->is_dirty()) {
return $user->id;
}
if ($user->id) {
if ($GLOBALS['phpgw']->accounts->update_user($user, $groups, $acls, $apps)) {
return $user->id;
}
} else {
return $GLOBALS['phpgw']->accounts->create($user, $groups, $acls, $apps);
return $user->id;
}
return 0;
}
/**
* process application add credential to admins at install
*
* @param $setup_info array of application info from setup.inc.php files, etc.
*/
function add_credential($appname)
{
$GLOBALS['phpgw']->accounts = createObject('phpgwapi.accounts');
$GLOBALS['phpgw']->acl = CreateObject('phpgwapi.acl');
$admins = array();
$accounts = $GLOBALS['phpgw']->acl->get_ids_for_location('run', phpgwapi_acl::READ, 'admin');
foreach ($accounts as $account_id) {
$account = $GLOBALS['phpgw']->accounts->get($account_id);
if ($account->type == phpgwapi_account::TYPE_GROUP) {
$admins[] = $account_id;
}
}
$members = array();
foreach ($admins as $admin) {
if (!$GLOBALS['phpgw']->acl->check('run', phpgwapi_acl::READ, $appname)) {
$locations = $GLOBALS['phpgw']->locations->get_locations(false, $appname);
$aclobj =& $GLOBALS['phpgw']->acl;
$aclobj->set_account_id($admin, true);
// application permissions
$aclobj->add($appname, 'run', phpgwapi_acl::READ);
foreach ($locations as $location => $info) {
$aclobj->add($appname, $location, 31);
}
$aclobj->save_repository();
$members = array_merge($members, $GLOBALS['phpgw']->accounts->get_members($admin));
}
}
$members = array_unique($members);
//Clear the user's menu so it can be regenerated cleanly
//FIXME - the cache is not cleared
foreach ($members as $account_id) {
phpgwapi_cache::user_clear('phpgwapi', 'menu', $account_id);
}
}
