function prj_addTeamMemberTaskPerms($pid, $taskID) { global $_TABLES; $sql = "select id, uid, gid, viewread, writechange, fullaccess, seedetails from {$_TABLES['prj_projPerms']} "; $sql .= "where pid='{$pid}' and taskID='0' and writechange='1'"; $cursorRes = DB_query($sql); $nCursorRows = DB_numRows($cursorRes); //use cursorRes as an in-code cursor to run thru to insert or update permissions //need to revoke anyone's who has monitor only rights to this task. delete the row $sql = "delete from {$_TABLES['prj_projPerms']} "; $sql .= "where pid='{$pid}' and taskID='{$taskID}' and ((viewread='1' and writechange='0' and fullaccess='0') "; $sql .= "or (viewread='0' and writechange='0' and fullaccess='0')) "; DB_query($sql); for ($cntr = 0; $cntr < $nCursorRows; $cntr++) { list($rid, $uid, $gid, $pvr, $pwc, $pfa, $psd) = DB_fetchArray($cursorRes); //now we hold the project perms..we have to do the same check to see if a user/group already has perms to add them properly here $sql = "select id from {$_TABLES['prj_projPerms']} "; if ($uid == '0') { $sql .= "where gid='{$gid}'"; } else { $sql .= "where uid='{$uid}'"; } $sql .= " and pid='{$pid}' and taskID='{$taskID}'"; $countRes = DB_query($sql); list($rid) = DB_fetchArray($countRes); $cnt = DB_numRows($countRes); if ($cnt > 0) { //already have a row.. update $sql = "select viewRead,writeChange,fullAccess from {$_TABLES['prj_projPerms']} where id='{$rid}'"; $res = DB_query($sql); list($vr, $wc, $fa) = DB_fetchArray($res); $vr = (bool) ($vr + $pvr); $vr = ppApplyFilter($vr, true, true); $wc = (bool) ($wc + $pwc); $wc = ppApplyFilter($wc, true, true); $fa = (bool) ($fa + $pfa); $fa = ppApplyFilter($fa, true, true); //we're now holding the new booleans for the database $sql = "update {$_TABLES['prj_projPerms']} set viewRead='{$vr}', writeChange='{$wc}', fullAccess='{$fa}' where id='{$rid}'"; DB_query($sql); } else { //no row, insert $vr = (bool) $pvr; $vr = ppApplyFilter($vr, true, true); $wc = (bool) $pwc; $wc = ppApplyFilter($wc, true, true); $fa = (bool) $pfa; $fa = ppApplyFilter($fa, true, true); $sql = "insert into {$_TABLES['prj_projPerms']} (pid,taskID, uid, gid, viewRead, writeChange, fullAccess) values("; $sql .= "'{$pid}',"; $sql .= "'{$taskID}',"; if ($uid != '0') { $sql .= "'{$uid}',"; } else { $sql .= "'0',"; } if ($gid != '0') { $sql .= "'{$gid}',"; } else { $sql .= "'0',"; } $sql .= "'{$vr}',"; $sql .= "'{$wc}',"; $sql .= "'{$fa}'"; $sql .= ")"; DB_query($sql); } } }
function prj_drawProjectGanttBar(&$graph, &$row, &$count, $pid = 0, $nameIndent = '', $sm, $stm) { global $_TABLES, $_CONF, $showTasksForExpandedProjects, $expandedCookie, $userid, $_PRJCONF, $filterCSV, $proj_query_from, $proj_query_where; // Determine the expanded projects $expanded = split(',', $expandedCookie); $sm = ppApplyFilter($sm, true, true); $stm = ppApplyFilter($stm, true, true); $filter = COM_applyFilter($_COOKIE['filter']); $category_string = substr("{$filter}", 0, 3); // Get a list of groups user is a member of and setup to be used in SQL to test user can view project $groups = SEC_getUserGroups($uid); foreach ($groups as $id) { $aGroups[] = $id; } $prjPermGroups = implode(',', $aGroups); if (SEC_inGroup('Root')) { $queryfrom = "FROM {$_TABLES['prj_projects']} a"; $querywhere = " WHERE 1=1 "; } else { $queryfrom = "FROM {$_TABLES['prj_projects']} a, {$_TABLES['prj_projPerms']} b "; $querywhere .= "WHERE b.pid =a.pid"; $querywhere .= " AND b.taskID=0 AND (b.uid={$userid} OR b.gid in ({$prjPermGroups})) "; } switch ($category_string) { case 'cat': $needle = substr("{$filter}", 3, 3); $queryfrom = $queryfrom . ", {$_TABLES['prj_category']} c "; $querywhere = $querywhere . "AND c.pid=a.pid AND c.category_id={$needle} "; $header = nexlistOptionList('view', '', $_PRJCONF['nexlist_category'], 0, $needle); break; case 'loc': $needle = substr("{$filter}", 3, 3); $queryfrom = $queryfrom . ", {$_TABLES['prj_location']} c "; $querywhere = $querywhere . "AND c.pid=a.pid AND c.location_id={$needle} "; $header = nexlistOptionList('view', '', $_PRJCONF['nexlist_locations'], 0, $needle); break; case 'dep': $needle = substr("{$filter}", 3, 3); $queryfrom = $queryfrom . ", {$_TABLES['prj_department']} c "; $querywhere = $querywhere . "AND c.pid=a.pid AND c.department_id={$needle} "; $header = nexlistOptionList('view', '', $_PRJCONF['nexlist_departments'], 0, $needle); break; case 'pri': $needle = substr("{$filter}", 3, 3); $querywhere = $querywhere . " AND a.priority_id={$needle} "; $header = $strings["filter_priority"] . $priority[$needle]; break; case 'pro': $needle = substr("{$filter}", 3, 3); $querywhere = $querywhere . " AND a.progress_id={$needle} "; $header = $strings["filter_progress"] . $progress[$needle]; break; case 'sta': $needle = substr("{$filter}", 3, 3); $querywhere = $querywhere . " AND a.status_id={$needle} "; $header = $strings["filter_status"] . $status[$needle]; break; default: $needle = ''; $customFilter = ''; $header = ''; } $sql = "SELECT a.pid, a.name, a.start_date, a.estimated_end_date, a.parent_id, a.percent_completion as progress, progress_id "; $sql .= $queryfrom; $sql .= $querywhere; if ($pid == 0) { $sql .= "AND parent_id=0 AND a.pid=c.pid "; } else { $sql .= "AND parent_id='{$pid}' "; } if ($filterCSV != '') { $sql .= "AND pid in ({$filterCSV}) "; } $sql .= " ORDER BY lhs ASC"; $result = DB_query($sql, true); $testrows = DB_numRows($result); if ($testrows == 0) { $sql = "SELECT a.pid, a.name, a.start_date, a.estimated_end_date, a.parent_id, a.percent_completion as progress, progress_id "; $sql .= $queryfrom; $sql .= $querywhere; if ($pid == 0) { $sql .= "AND parent_id=0 "; } else { $sql .= "AND parent_id='{$pid}' "; } $sql .= " ORDER BY lhs ASC"; $result = DB_query($sql); } for ($j = 0; $j < DB_numrows($result); $j++) { list($pid, $name, $startdate, $enddate, $parent_task, $progress, $status) = DB_fetchArray($result); $permsArray = prj_getProjectPermissions($pid, $userid); $ownertoken = getProjectToken($pid, $userid, "{$_TABLES['prj_users']}"); if ($sm == '0' && $stm == '1') { //only show team members (my projects) if ($permsArray['teammember'] == '1' || $permsArray['full'] == '1' || $ownertoken == '1') { prj_paintProjectBar(false, $pid, $name, $startdate, $enddate, $parent_task, $progress, $status, $expanded, $userid, $nameIndent, $graph, $count, $row, $sm, $stm); } //end if for perms checking } elseif ($sm == '1' && $stm == '1') { //show everything you have monitor and upwards access to (all projects) if ($permsArray['monitor'] == '1' || $permsArray['teammember'] == '1' || $permsArray['full'] == '1' || $ownertoken == '1') { prj_paintProjectBar(true, $pid, $name, $startdate, $enddate, $parent_task, $progress, $status, $expanded, $userid, $nameIndent, $graph, $count, $row, $sm, $stm); } } //if this project has no child projects AND it has tasks AND the expansion sign is empty if (DB_count($_TABLES['prj_projects'], 'parent_id', $pid) == 0 && DB_count($_TABLES['prj_tasks'], 'pid', $pid) > 0 && $sign == '') { if ($showTasksForExpandedProjects == 'true') { prj_drawProjectTasksGanttBar($graph, $row, $count, $pid, $nameIndent . ' ', 0, 0, $sm, $stm); } } $tempPerms = prj_getProjectPermissions($pid, $userid); if (array_keys($expanded, $pid) != array() && DB_count($_TABLES['prj_projects'], 'parent_id', $pid) > 0 || $tempPerms['monitor'] == '0' && $tempPerms['teammember'] == '0') { if ($showTasksForExpandedProjects == 'true') { prj_drawProjectTasksGanttBar($graph, $row, $count, $pid, $nameIndent . ' ', 0, 0, $sm, $stm); } prj_drawProjectGanttBar($graph, $row, $count, $pid, $nameIndent . ' ', $sm, $stm); $activity = NULL; } } //end for }
function ppGetData($vars, $setglobal = false, $type = '', $option = '') { $return_data = array(); if (!is_array($vars)) { $vars = array($vars); } #setup common reference to SuperGlobals depending which array is needed if ($type == 'GET' or $type == 'POST') { if ($type == 'GET') { $SG_Array =& $_GET; } if ($type == 'POST') { $SG_Array =& $_POST; } # loop through SuperGlobal data array and grab out data for allowed fields if found foreach ($vars as $key) { if (array_key_exists($key, $SG_Array)) { $return_data[$key] = $SG_Array[$key]; } } } else { foreach ($vars as $key) { if (array_key_exists($key, $_POST)) { $return_data[$key] = $_POST[$key]; } elseif (array_key_exists($key, $_GET)) { $return_data[$key] = $_GET[$key]; } } } # loop through $vars array and apply the filter foreach ($vars as $value) { if ($option == 'text') { // Check if this variable is an array - maybe a checkbox or multiple select if (is_array($return_data[$value])) { $subvalues_array = array(); foreach ($return_data[$value] as $subvalue) { $subvalues_array[] = ppFilterText($subvalue); } $return_data[$value] = $subvalues_array; } else { $return_data[$value] = ppFilterText($return_data[$value]); } } else { // Check if this variable is an array - maybe a checkbox or multiple select if (is_array($return_data[$value])) { $subvalues_array = array(); foreach ($return_data[$value] as $subvalue) { if ($option == 'int') { $subvalues_array[] = ppApplyFilter($subvalue, true, true); } else { $subvalues_array[] = ppApplyFilter($subvalue); } } $return_data[$value] = $subvalues_array; } else { if ($option == 'int') { $return_data[$value] = ppApplyFilter($return_data[$value], true); } else { $return_data[$value] = ppApplyFilter($return_data[$value]); } } } } // Optionally set $GLOBALS or return the array if ($setglobal) { # loop through final data and define all the variables using the $GLOBALS array foreach ($return_data as $key => $value) { $GLOBALS[$key] = $value; } } else { return $return_data; } }
function ppGetData($vars, $setglobal = false, $type = '') { $return_data = array(); #setup common reference to SuperGlobals depending which array is needed if ($type == "GET" or $type == "POST") { if ($type == "GET") { $SG_Array =& $_GET; } if ($type == "POST") { $SG_Array =& $_POST; } # loop through SuperGlobal data array and grab out data for allowed fields if found foreach ($vars as $key) { if (array_key_exists($key, $SG_Array)) { $return_data[$key] = $SG_Array[$key]; } } } else { foreach ($vars as $key) { if (array_key_exists($key, $_POST)) { $return_data[$key] = $_POST[$key]; } elseif (array_key_exists($key, $_GET)) { $return_data[$key] = $_GET[$key]; } } } # loop through $vars array and apply the filter foreach ($vars as $value) { $return_data[$value] = ppApplyFilter($return_data[$value]); } // Optionally set $GLOBALS or return the array if ($setglobal) { # loop through final data and define all the variables using the $GLOBALS array foreach ($return_data as $key => $value) { $GLOBALS[$key] = $value; } } else { return $return_data; } }