public function testLoad() { $this->obj->bind($this->post_data); $result = $this->obj->store(); $this->assertTrue($result); $item = new CContact(); $item->overrideDatabase($this->mockDB); $this->post_data['contact_id'] = $this->obj->contact_id; $this->mockDB->stageHash($this->post_data); $item->load($this->obj->contact_id); $this->assertEquals($this->obj->contact_first_name, $item->contact_first_name); $this->assertEquals($this->obj->contact_last_name, $item->contact_last_name); $this->assertEquals($this->obj->contact_display_name, $item->contact_display_name); $this->assertEquals($this->obj->contact_company, $item->contact_company); $this->assertEquals($this->obj->contact_department, $item->contact_department); $this->assertEquals($this->obj->contact_icon, $item->contact_icon); $this->assertEquals($this->obj->contact_owner, $item->contact_owner); $this->assertEquals($this->obj->contact_id, $item->contact_id); }
$msg = ''; $row = new CContact(); $canDelete = $row->canDelete($msg, $contact_id); // Don't allow to delete contacts, that have a user associated to them. $q = new DBQuery(); $q->addTable('users'); $q->addQuery('user_id'); $q->addWhere('user_contact = ' . $contact_id); $sql = $q->prepare(); $q->clear(); $tmp_user = db_loadResult($sql); if (!empty($tmp_user)) { $canDelete = false; } $canEdit = getPermission($m, 'edit', $contact_id); if (!$row->load($contact_id) && $contact_id > 0) { $AppUI->setMsg('Contact'); $AppUI->setMsg('invalidID', UI_MSG_ERROR, true); $AppUI->redirect(); } else { if ($row->contact_private && $row->contact_owner != $AppUI->user_id && $row->contact_owner && $contact_id != 0) { $AppUI->redirect('m=public&a=access_denied'); } } // setup the title block $ttl = 'View Contact'; $titleBlock = new CTitleBlock($ttl, 'monkeychat-48.png', $m, "{$m}.{$a}"); $titleBlock->addCrumb('?m=contacts', 'contacts list'); if ($canEdit && $contact_id) { $titleBlock->addCrumb('?m=contacts&a=addedit&contact_id=' . $contact_id, 'edit'); }
$del = isset($_REQUEST['del']) ? w2PgetParam($_REQUEST, 'del', false) : false; $notify_new_user = isset($_POST['notify_new_user']) ? $_POST['notify_new_user'] : 0; $perms =& $AppUI->acl(); if (!$perms->checkModule('admin', 'edit')) { $AppUI->redirect('m=public&a=access_denied'); } if (!$perms->checkModule('users', 'edit')) { $AppUI->redirect('m=public&a=access_denied'); } // prepare (and translate) the module name ready for the suffix $AppUI->setMsg('Roles'); if ($_REQUEST['user_id']) { $user = new CUser(); $user->load($_REQUEST['user_id']); $contact = new CContact(); $contact->load($user->user_contact); } if ($del) { if ($perms->deleteUserRole(w2PgetParam($_REQUEST, 'role_id', 0), w2PgetParam($_REQUEST, 'user_id', 0))) { $AppUI->setMsg('deleted', UI_MSG_ALERT, true); $AppUI->redirect(); } else { $AppUI->setMsg('failed to delete role', UI_MSG_ERROR); $AppUI->redirect(); } return; } if (isset($_REQUEST['user_role']) && $_REQUEST['user_role']) { if ($perms->insertUserRole($_REQUEST['user_role'], $_REQUEST['user_id'])) { if ($notify_new_user) { notifyNewUser($contact->contact_email, $contact->contact_first_name);
$contact->contact_private = 1; $contact->store(); } } } else { $AppUI->setMsg('failed to delete role', UI_MSG_ERROR); } } else { if ($user_role) { $public_contact = false; if (dPgetConfig('user_contact_activate') && !$perms->checkLogin($user_id)) { $public_contact = true; } if ($perms->insertUserRole($user_role, $user_id)) { $AppUI->setMsg('added', UI_MSG_OK, true); if ($public_contact) { // Mark contact as public $obj = new CUser(); $contact = new CContact(); $obj->load($user_id); if ($contact->load($obj->user_contact)) { $contact->contact_private = 0; $contact->store(); } } } else { $AppUI->setMsg('failed to add role', UI_MSG_ERROR); } } } $AppUI->redirect();
//check permissions for this record $perms =& $AppUI->acl(); $canRead = $perms->checkModuleItem($m, 'view', $contact_id); if (!$canRead) { $AppUI->redirect('m=public&a=access_denied'); } $tab = $AppUI->processIntState('ContactVwTab', $_GET, 'tab', 0); $df = $AppUI->getPref('SHDATEFORMAT'); $df .= ' ' . $AppUI->getPref('TIMEFORMAT'); // load the record data $msg = ''; $contact = new CContact(); $canDelete = $contact->canDelete($msg, $contact_id); $is_user = $contact->isUser($contact_id); $canEdit = $perms->checkModuleItem($m, 'edit', $contact_id); if (!$contact->load($contact_id) && $contact_id > 0) { $AppUI->setMsg('Contact'); $AppUI->setMsg('invalidID', UI_MSG_ERROR, true); $AppUI->redirect(); } elseif ($contact->contact_private && $contact->contact_owner != $AppUI->user_id && $contact->contact_owner && $contact_id != 0) { // check only owner can edit $AppUI->redirect('m=public&a=access_denied'); } $countries = w2PgetSysVal('GlobalCountries'); // Get the contact details for company and department $company_detail = $contact->getCompanyDetails(); $dept_detail = $contact->getDepartmentDetails(); // Get the Contact info (phone, emails, etc) for the contact $methods = $contact->getContactMethods(); $methodLabels = w2PgetSysVal('ContactMethods'); // setup the title block
$AppUI->redirect('m=public&a=access_denied'); } } else { if ($user_id != $AppUI->user_id) { if (!$perms->checkModule('admin', 'edit')) { $AppUI->redirect('m=public&a=access_denied'); } if (!$perms->checkModule('users', 'edit')) { $AppUI->redirect('m=public&a=access_denied'); } } } $obj = new CUser(); $contact = new CContact(); if ($contact_id) { $contact->load($contact_id); } if (!$obj->bind($_POST)) { $AppUI->setMsg($obj->getError(), UI_MSG_ERROR); $AppUI->redirect(); } if (!$contact->bind($_POST)) { $AppUI->setMsg($contact->getError(), UI_MSG_ERROR); $AppUI->redirect(); } $obj->user_username = strtolower($obj->user_username); // prepare (and translate) the module name ready for the suffix $AppUI->setMsg('User'); // !User's contact information not deleted - left for history. if ($del) { if ($msg = $obj->delete()) {
public function canEdit() { $q = $this->_getQuery(); $q->addQuery('user_contact'); $q->addTable('users'); $q->addWhere('user_id = ' . $this->_AppUI->user_id); $contact_id = $q->loadResult(); /* A user can *always* edit themselves. */ if ($this->contact_id == $contact_id) { return true; } $thisCanEdit = false; $baseCanEdit = parent::canEdit(); $tmp = new CContact(); $tmp->overrideDatabase($this->_query); $tmp->load($this->contact_id); /* * This check is one of the more complex ones.. it will only allow the user * to edit the contact if either: * a) the contact is not private; OR * b) the contact is private and the user is the contact owner. */ if (!$tmp->contact_private || $tmp->contact_private && $tmp->contact_owner == $this->_AppUI->user_id) { $thisCanEdit = true; } return $thisCanEdit && $baseCanEdit; }
/** * Delete Request Handler * * This method is called when a request is a DELETE * * @return array */ public function executeDelete() { $valid = $this->hasRequiredParameters($this->requiredParams); if ($valid instanceof Frapi_Error) { return $valid; } $username = $this->getParam('username'); $password = $this->getParam('password'); $contact_id = $this->getParam('contact_id', self::TYPE_INT); // Attempt to login as user, a little bit of a hack as we currently // require the $_POST['login'] var to be set as well as a global AppUI $AppUI = new CAppUI(); $GLOBALS['AppUI'] = $AppUI; $_POST['login'] = '******'; if (!$AppUI->login($username, $password)) { throw new Frapi_Error('INVALID_LOGIN'); } $contact = new CContact(); $contact->load($contact_id); if (!$contact->delete($AppUI)) { throw new Frapi_Error('PERMISSION_ERROR'); } $this->data['success'] = true; return $this->toArray(); }
<?php if (!defined('W2P_BASE_DIR')) { die('You should not access this file directly.'); } $contact_id = (int) w2PgetParam($_GET, 'contact_id', 0); $tab = $AppUI->processIntState('ContactVwTab', $_GET, 'tab', 0); $contact = new CContact(); if (!$contact->load($contact_id)) { $AppUI->redirect(ACCESS_DENIED); } $canEdit = $contact->canEdit(); $canDelete = $contact->canDelete(); $is_user = $contact->isUser($contact_id); // Get the contact details for company and department $company_detail = $contact->getCompanyDetails(); $dept_detail = $contact->getDepartmentDetails(); // Get the Contact info (phone, emails, etc) for the contact $methods = $contact->getContactMethods(); $methodLabels = w2PgetSysVal('ContactMethods'); // setup the title block $ttl = 'View Contact'; $titleBlock = new w2p_Theme_TitleBlock($ttl, 'icon.png', $m); $titleBlock->addCrumb('?m=contacts', 'contacts list'); if ($canEdit) { $titleBlock->addCrumb('?m=contacts&a=addedit&contact_id=' . $contact_id, 'edit this contact'); } if ($contact->user_id) { $titleBlock->addCrumb('?m=users&a=view&user_id=' . $contact->user_id, 'view this user'); } if ($canDelete) {
public function testDelete() { $this->obj->bind($this->post_data); $result = $this->obj->store(); $this->assertTrue($result); $original_id = $this->obj->contact_id; $result = $this->obj->delete(); $item = new CContact(); $item->overrideDatabase($this->mockDB); $this->mockDB->stageHash(array('contact_first_name' => '', 'contact_display_name' => '')); $item->load($original_id); $this->assertTrue(is_a($item, 'CContact')); $this->assertEquals('', $item->contact_first_name); $this->assertEquals('', $item->contact_display_name); }
public function testClearUpdateKey() { $contact = new CContact(); $contact->load(1); $this->assertEquals('ASDFASDFASDF', $contact->contact_updatekey); $contact->clearUpdateKey(); $this->assertEquals('', $contact->contact_updatekey); $contact = new CContact(); $contact->contact_id = 1; $this->assertEquals('', $contact->getUpdateKey()); }