function do_updateGroups() { $old_search = KTUtil::arrayGet($_REQUEST, 'old_search'); $user_id = KTUtil::arrayGet($_REQUEST, 'user_id'); $oUser = User::get($user_id); if (PEAR::isError($oUser) || $oUser === false) { $this->errorRedirectToMain(_kt('Please select a user first.'), sprintf("old_search=%s&do_search=1", $old_search)); } $groupAdded = KTUtil::arrayGet($_REQUEST, 'groups_items_added', ''); $groupRemoved = KTUtil::arrayGet($_REQUEST, 'groups_items_removed', ''); $aGroupToAddIDs = explode(",", $groupAdded); $aGroupToRemoveIDs = explode(",", $groupRemoved); // FIXME we need to ensure that only groups which are allocatable by the admin are added here. // FIXME what groups are _allocatable_? $this->startTransaction(); $groupsAdded = array(); $groupsRemoved = array(); $addWarnings = array(); $removeWarnings = array(); foreach ($aGroupToAddIDs as $iGroupID) { if ($iGroupID > 0) { $oGroup = Group::get($iGroupID); $memberReason = GroupUtil::getMembershipReason($oUser, $oGroup); //var_dump($memberReason); if (!(PEAR::isError($memberReason) || is_null($memberReason))) { $addWarnings[] = $memberReason; } $res = $oGroup->addMember($oUser); if (PEAR::isError($res) || $res == false) { $this->errorRedirectToMain(sprintf(_kt('Unable to add user to group "%s"'), $oGroup->getName()), sprintf("old_search=%s&do_search=1", $old_search)); } else { $groupsAdded[] = $oGroup->getName(); } } } // Remove groups foreach ($aGroupToRemoveIDs as $iGroupID) { if ($iGroupID > 0) { $oGroup = Group::get($iGroupID); $res = $oGroup->removeMember($oUser); if (PEAR::isError($res) || $res == false) { $this->errorRedirectToMain(sprintf(_kt('Unable to remove user from group "%s"'), $oGroup->getName()), sprintf("old_search=%s&do_search=1", $old_search)); } else { $groupsRemoved[] = $oGroup->getName(); $memberReason = GroupUtil::getMembershipReason($oUser, $oGroup); //var_dump($memberReason); if (!(PEAR::isError($memberReason) || is_null($memberReason))) { $removeWarnings[] = $memberReason; } } } } if (!empty($addWarnings)) { $sWarnStr = _kt('Warning: the user was already a member of some subgroups') . ' — '; $sWarnStr .= implode(', ', $addWarnings); $_SESSION['KTInfoMessage'][] = $sWarnStr; } if (!empty($removeWarnings)) { $sWarnStr = _kt('Warning: the user is still a member of some subgroups') . ' — '; $sWarnStr .= implode(', ', $removeWarnings); $_SESSION['KTInfoMessage'][] = $sWarnStr; } $msg = ''; if (!empty($groupsAdded)) { $msg .= ' ' . _kt('Added to groups') . ': ' . implode(', ', $groupsAdded) . '.'; } if (!empty($groupsRemoved)) { $msg .= ' ' . _kt('Removed from groups') . ': ' . implode(', ', $groupsRemoved) . '.'; } if (!Permission::userIsSystemAdministrator($_SESSION['userID'])) { $this->rollbackTransaction(); $this->errorRedirectTo('editgroups', _kt('For security purposes, you cannot remove your own administration priviledges.'), sprintf('user_id=%d&do_search=1&old_search=%s', $oUser->getId(), $old_search)); exit(0); } $this->commitTransaction(); $this->successRedirectToMain($msg, sprintf("old_search=%s&do_search=1", $old_search)); }
function do_updateUserMembers() { $old_search = KTUtil::arrayGet($_REQUEST, 'old_search'); $group_id = KTUtil::arrayGet($_REQUEST, 'group_id'); $oGroup = Group::get($group_id); if (PEAR::isError($oGroup) || $oGroup === false) { $this->errorRedirectToMain(_kt('No such group.')); } $userAdded = KTUtil::arrayGet($_REQUEST, 'users_items_added', ''); $userRemoved = KTUtil::arrayGet($_REQUEST, 'users_items_removed', ''); $aUserToAddIDs = explode(",", $userAdded); $aUserToRemoveIDs = explode(",", $userRemoved); $this->startTransaction(); $usersAdded = array(); $usersRemoved = array(); $addWarnings = array(); $removeWarnings = array(); foreach ($aUserToAddIDs as $iUserId) { if ($iUserId > 0) { $oUser = User::Get($iUserId); $memberReason = GroupUtil::getMembershipReason($oUser, $oGroup); //var_dump($memberReason); if (!(PEAR::isError($memberReason) || is_null($memberReason))) { $addWarnings[] = $memberReason; } $res = $oGroup->addMember($oUser); if (PEAR::isError($res) || $res == false) { $this->errorRedirectToMain(sprintf(_kt('Unable to add user "%s" to group "%s"'), $oUser->getName(), $oGroup->getName()), sprintf("old_search=%s&do_search=1", $old_search)); } else { $usersAdded[] = $oUser->getName(); } } } // Remove groups foreach ($aUserToRemoveIDs as $iUserId) { if ($iUserId > 0) { $oUser = User::get($iUserId); $res = $oGroup->removeMember($oUser); if (PEAR::isError($res) || $res == false) { $this->errorRedirectToMain(sprintf(_kt('Unable to remove user "%s" from group "%s"'), $oUser->getName(), $oGroup->getName()), sprintf("old_search=%s&do_search=1", $old_search)); } else { $usersRemoved[] = $oUser->getName(); $memberReason = GroupUtil::getMembershipReason($oUser, $oGroup); //var_dump($memberReason); if (!(PEAR::isError($memberReason) || is_null($memberReason))) { $removeWarnings[] = $memberReason; } } } } if (!empty($addWarnings)) { $sWarnStr = _kt('Warning: some users were already members of some subgroups') . ' — '; $sWarnStr .= implode(', ', $addWarnings); $_SESSION['KTInfoMessage'][] = $sWarnStr; } if (!empty($removeWarnings)) { $sWarnStr = _kt('Warning: some users are still members of some subgroups') . ' — '; $sWarnStr .= implode(', ', $removeWarnings); $_SESSION['KTInfoMessage'][] = $sWarnStr; } $msg = ''; if (!empty($usersAdded)) { $msg .= ' ' . _kt('Added') . ': ' . implode(', ', $usersAdded) . '. '; } if (!empty($usersRemoved)) { $msg .= ' ' . _kt('Removed') . ': ' . implode(', ', $usersRemoved) . '.'; } if (!Permission::userIsSystemAdministrator($_SESSION['userID'])) { $this->rollbackTransaction(); $this->errorRedirectTo('manageUsers', _kt('For security purposes, you cannot remove your own administration priviledges.'), sprintf('group_id=%d', $oGroup->getId()), sprintf("old_search=%s&do_search=1", $old_search)); exit(0); } $this->commitTransaction(); $this->successRedirectToMain($msg, sprintf("old_search=%s&do_search=1", $old_search)); }
function hasMember($oUser) { $oPD = $this->getPermissionDescriptor(); if (PEAR::isError($oPD) || $oPD == false) { return false; } $aAllowed = $oPD->getAllowed(); $iUserId = $oUser->getId(); if ($aAllowed['user'] != null) { if (array_search($iUserId, $aAllowed['user']) !== false) { return true; } } // now we need the group objects. // FIXME this could accelerated to a single SQL query on group_user_link. $aGroups = $this->getGroups(); if (PEAR::isError($aGroups) || $aGroups == false) { return false; } else { foreach ($aGroups as $oGroup) { $reason = GroupUtil::getMembershipReason($oUser, $oGroup); if (PEAR::isError($reason) || is_null($reason)) { continue; } return true; // don't bother continuing - short-circuit for performance. } } return false; }
function allowTransition($oDocument, $oUser) { if (!$this->isLoaded()) { return true; } $iGroupId = $this->aConfig['group_id']; $oGroup = Group::get($this->aConfig['group_id']); if (PEAR::isError($oGroup)) { return true; // fail safe for cases where the role is deleted. } $res = GroupUtil::getMembershipReason($oUser, $oGroup); if (PEAR::isError($res) || empty($res)) { // broken setup, or no reason return false; } else { return true; } }