public function savePermissions($request, $product) { $acl = SJB_Acl::getInstance(); $resources = $acl->getResources(); $type = 'product'; $role = $product->getSID(); SJB_Acl::clearPermissions($type, $role); $userGroupSID = $product->getPropertyValue('user_group_sid'); $groupPermissions = SJB_DB::query('select * from `permissions` where `type` = ?s and `role` = ?s', 'group', $userGroupSID); foreach ($groupPermissions as $key => $groupPermission) { $groupPermissions[$groupPermission['name']] = $groupPermission; unset($groupPermissions[$key]); } foreach ($resources as $name => $resource) { $params = isset($request[$name . '_params']) ? $request[$name . '_params'] : ''; $params1 = isset($request[$name . '_params1']) ? $request[$name . '_params1'] : ''; $value = isset($request[$name]) ? $request[$name] : ''; $message = isset($request[$name . '_message']) ? $request[$name . '_message'] : ''; if (empty($value) && isset($groupPermissions[$name])) { $value = 'inherit'; $message = $groupPermissions[$name]['message']; $params = $groupPermissions[$name]['params']; } elseif ($value == 'deny' && $params1) { $params = $params1; } SJB_Acl::allow($name, $type, $role, $value, $params, $message); } }
public function execute() { $tp = SJB_System::getTemplateProcessor(); $subAdminSID = SJB_Request::getVar('subadmin', 0); if (!empty($subAdminSID) && ($adminInfo = SJB_SubAdminManager::getSubAdminInfoBySID($subAdminSID))) { $editedSubAdminInfo = $_REQUEST; $subAdminInfo = array_merge($adminInfo, $editedSubAdminInfo); // create subAdmin object $oSubAdmin = SJB_ObjectMother::createSubAdmin($subAdminInfo); $oSubAdmin->setSID($adminInfo['sid']); $oSubAdmin->makePropertyNotRequired("password"); // permissions $acl = SJB_SubAdminAcl::getInstance(); $type = 'subadmin'; $resources = $acl->getResources(); $perms = SJB_SubAdminAcl::getAllPermissions($type, $oSubAdmin->getSID()); // /permissions SJB_SubAdminAcl::mergePermissionsWithResources($resources, $perms); $registration_form = SJB_ObjectMother::createForm($oSubAdmin); $action = SJB_Request::getVar('action', ''); $registration_form->registerTags($tp); $errors = array(); if ('save' == $action || $action == 'apply') { if ($adminInfo['username'] == $subAdminInfo['username']) { $oSubAdmin->deleteProperty('username'); } if ($adminInfo['email'] == $subAdminInfo['email']) { $oSubAdmin->deleteProperty('email'); } if ($registration_form->isDataValid($errors)) { $password_value = $oSubAdmin->getPropertyValue('password'); if (empty($password_value['original'])) { $oSubAdmin->deleteProperty('password'); } // save subAdmin SJB_SubAdminManager::saveSubAdmin($oSubAdmin); $role = $oSubAdmin->getSID(); SJB_Acl::clearPermissions($type, $role); foreach ($resources as $name => $resource) { SJB_SubAdminAcl::allow($name, $type, $role, SJB_SubAdminAcl::definePermission($name), SJB_Array::get($resource, 'params', '')); } SJB_FlashMessages::getInstance()->addMessage('CHANGES_SAVED'); if ($action == 'save') { SJB_HelperFunctions::redirect(SJB_System::getSystemSettings('SITE_URL') . "/manage-subadmins/"); } } SJB_SubAdminAcl::mergePermissionsWithRequest($resources); } SJB_SubAdminAcl::prepareSubPermissions($resources); $tp->assign("errors", $errors); $tp->assign("form_fields", $registration_form->getFormFieldsInfo()); $tp->assign('groups', SJB_SubAdminAcl::getPermissionGroups()); $tp->assign('resources', $resources); $tp->assign('type', $type); $tp->assign('sid', $subAdminInfo['sid']); $tp->display('add_subadmin.tpl'); } }
public function execute() { $tp = SJB_System::getTemplateProcessor(); $oSubAdmin = SJB_ObjectMother::createSubAdmin($_REQUEST); $registration_form = SJB_ObjectMother::createForm($oSubAdmin); $registration_form->registerTags($tp); $form_submitted = SJB_Request::getVar('action', '') == 'add'; $errors = array(); $acl = SJB_SubAdminAcl::getInstance(); $type = 'subadmin'; $resources = $acl->getResources(); SJB_SubAdminAcl::mergePermissionsWithResources($resources); switch (SJB_Request::getVar('action')) { case 'save': if ($registration_form->isDataValid($errors)) { SJB_SubAdminManager::saveSubAdmin($oSubAdmin); $role = $oSubAdmin->getSID(); SJB_Acl::clearPermissions($type, $role); foreach ($resources as $name => $resource) { SJB_SubAdminAcl::allow($name, $type, $role, SJB_SubAdminAcl::definePermission($name), SJB_Request::getVar($name . '_params')); } // get new defined permissions for notification letter $permissions = SJB_SubAdminAcl::getAllPermissions($type, $role); $resources = $acl->getResources(); SJB_SubAdminAcl::mergePermissionsWithResources($resources, $permissions); SJB_Notifications::sendSubAdminRegistrationLetter($oSubAdmin, SJB_Request::get(), $resources); SJB_HelperFunctions::redirect(SJB_System::getSystemSettings('SITE_URL') . '/manage-subadmins/'); } break; case 'delete': $subadmins = SJB_Request::getVar('subadmin', array()); foreach ($subadmins as $subadmin_sid) { $username = SJB_SubAdminManager::getUserNameBySubAdminSID($subadmin_sid); SJB_SubAdminManager::deleteSubAdminByUserName($username); } SJB_HelperFunctions::redirect(SJB_System::getSystemSettings('SITE_URL') . '/manage-subadmins/'); break; default: break; } $tp->assign('errors', $errors); $tp->assign('form_fields', $registration_form->getFormFieldsInfo()); $aPermissionGroups = SJB_SubAdminAcl::getPermissionGroups(); if ('save' == SJB_Request::getVar('action', '')) { SJB_SubAdminAcl::mergePermissionsWithRequest($resources); } SJB_SubAdminAcl::prepareSubPermissions($resources); $tp->assign('groups', $aPermissionGroups); $tp->assign('resources', $resources); $tp->assign('type', $type); $tp->assign('role', 0); $tp->display('add_subadmin.tpl'); }
function saveInDB() { $result = SJB_ContractSQL::insert($this->_getHashedFields()); if ($result) { if (!$this->id) { $this->id = $result; } SJB_ContractSQL::updateContractExtraInfoByProductSID($this); if ($this->status == 'active') { SJB_Acl::copyPermissions($this->product_sid, $this->id, $this->number_of_listings); } else { SJB_Acl::clearPermissions('contract', $this->id); } $userInfo = SJB_UserManager::getUserInfoBySID($this->user_sid); $user = new SJB_User($userInfo, $userInfo['user_group_sid']); $user->updateSubscribeOnceUsersProperties($this->product_sid, $this->user_sid); } return (bool) $result; }
public function savePermissions($request, $product) { $acl = SJB_Acl::getInstance(); $resources = $acl->getResources(); $type = 'product'; $role = $product->getSID(); $serialized_extra_info = unserialize($product->getPropertyValue('serialized_extra_info')); $pricingType = $serialized_extra_info['pricing_type']; $listingTypeSid = $serialized_extra_info['listing_type_sid']; $listingTypeId = strtolower(SJB_ListingTypeManager::getListingTypeIDBySID($listingTypeSid)); $userGroupSID = $product->getPropertyValue('user_group_sid'); $groupPermissions = SJB_DB::query('select * from `permissions` where `type` = ?s and `role` = ?s', 'group', $userGroupSID); SJB_Acl::clearPermissions($type, $role); foreach ($groupPermissions as $key => $groupPermission) { $groupPermissions[$groupPermission['name']] = $groupPermission; unset($groupPermissions[$key]); } foreach ($resources as $name => $resource) { $params = isset($request[$name . '_params']) ? $request[$name . '_params'] : ''; $params1 = isset($request[$name . '_params1']) ? $request[$name . '_params1'] : ''; $value = isset($request[$name]) ? $request[$name] : ''; $message = isset($request[$name . '_message']) ? $request[$name . '_message'] : ''; if ($name == 'post_' . $listingTypeId) { $value = 'allow'; if ($pricingType == 'fixed') { $params = $product->getPropertyValue('number_of_listings'); } } elseif ($name == 'add_featured_listings' && (!empty($serialized_extra_info['featured']) || !empty($serialized_extra_info['upgrade_to_featured_listing_price']))) { $value = 'allow'; } elseif ($name == 'add_priority_listings' && (!empty($serialized_extra_info['priority']) || !empty($serialized_extra_info['upgrade_to_priority_listing_price']))) { $value = 'allow'; } if (empty($value) && isset($groupPermissions[$name])) { $value = 'inherit'; $message = $groupPermissions[$name]['message']; $params = $groupPermissions[$name]['params']; } elseif ($value == 'deny' && $params1) { $params = $params1; } SJB_Acl::allow($name, $type, $role, $value, $params, $message); } }
public function execute() { $tp = SJB_System::getTemplateProcessor(); $errors = array(); $template = 'sub_accounts.tpl'; $currentUserInfo = SJB_UserManager::getCurrentUserInfo(); $listSubusers = false; if (!empty($currentUserInfo['subuser']) && SJB_Request::getVar('action_name') != 'edit' && SJB_Request::getVar('user_id', 0) != $currentUserInfo['subuser']['sid']) { $errors['ACCESS_DENIED'] = 'ACCESS_DENIED'; } switch (SJB_Request::getVar('action_name')) { case 'new': $form_submitted = SJB_Request::getMethod() === SJB_Request::METHOD_POST; $user_group_sid = $currentUserInfo['user_group_sid']; $user_group_info = SJB_UserGroupManager::getUserGroupInfoBySID($user_group_sid); $_REQUEST['user_group_id'] = $user_group_info['id']; $user = SJB_ObjectMother::createUser($_REQUEST, $user_group_sid); $props = $user->getProperties(); $allowedProperties = array('username', 'email', 'password'); foreach ($props as $prop) { if (!in_array($prop->getID(), $allowedProperties)) { $user->deleteProperty($prop->getID()); } } $registration_form = SJB_ObjectMother::createForm($user); $registration_form->registerTags($tp); if (SJB_UserGroupManager::isUserEmailAsUsernameInUserGroup($user_group_sid) && $form_submitted) { $email = $user->getPropertyValue('email'); if (is_array($email)) { $email = $email['original']; } $user->setPropertyValue('username', $email); } $registration_form = SJB_ObjectMother::createForm($user); if ($form_submitted && $registration_form->isDataValid($errors)) { $user->addParentProperty($currentUserInfo['sid']); $subuserPermissions = array('subuser_add_listings' => array('title' => 'Add new listings', 'value' => 'deny'), 'subuser_manage_listings' => array('title' => 'Manage listings and applications of other sub users', 'value' => 'deny'), 'subuser_manage_subscription' => array('title' => 'View and update subscription', 'value' => 'deny'), 'subuser_use_screening_questionnaires' => array('title' => 'Manage Questionnaries', 'value' => 'deny')); SJB_UserManager::saveUser($user); SJB_Statistics::addStatistics('addSubAccount', $user->getUserGroupSID(), $user->getSID()); SJB_Acl::clearPermissions('user', $user->getSID()); foreach ($subuserPermissions as $permissionID => $permission) { $allowDeny = SJB_Request::getVar($permissionID, 'deny'); $subuserPermissions[$permissionID]['value'] = $allowDeny; SJB_Acl::allow($permissionID, 'user', $user->getSID(), $allowDeny); } SJB_UserManager::activateUserByUserName($user->getUserName()); SJB_Notifications::sendSubuserRegistrationLetter($user, SJB_Request::get(), $subuserPermissions); $tp->assign('isSubuserRegistered', true); $listSubusers = true; } else { if (SJB_UserGroupManager::isUserEmailAsUsernameInUserGroup($user_group_sid)) { $user->deleteProperty("username"); } $registration_form = SJB_ObjectMother::createForm($user); if ($form_submitted) { $registration_form->isDataValid($errors); } $registration_form->registerTags($tp); $form_fields = $registration_form->getFormFieldsInfo(); $user_group_info = SJB_UserGroupManager::getUserGroupInfoBySID($user_group_sid); $tp->assign("user_group_info", $user_group_info); $tp->assign("errors", $errors); $tp->assign("form_fields", $form_fields); $metaDataProvider = SJB_ObjectMother::getMetaDataProvider(); $tp->assign("METADATA", array("form_fields" => $metaDataProvider->getFormFieldsMetadata($form_fields))); $tp->display('subuser_registration_form.tpl'); } break; case 'edit': $userInfo = SJB_UserManager::getUserInfoBySID(SJB_Request::getVar('user_id', 0)); if (!empty($userInfo) && $userInfo['parent_sid'] === $currentUserInfo['sid']) { $userInfo = array_merge($userInfo, $_REQUEST); $user_group_info = SJB_UserGroupManager::getUserGroupInfoBySID($currentUserInfo['user_group_sid']); $user = new SJB_User($userInfo, $userInfo['user_group_sid']); $user->setSID($userInfo['sid']); $user->addParentProperty($currentUserInfo['sid']); $props = $user->getProperties(); $allowedProperties = array('username', 'email', 'password'); foreach ($props as $prop) { if (!in_array($prop->getID(), $allowedProperties)) { $user->deleteProperty($prop->getID()); } } $user->makePropertyNotRequired("password"); $edit_profile_form = SJB_ObjectMother::createForm($user); $edit_profile_form->registerTags($tp); $edit_profile_form->makeDisabled("username"); $form_submitted = SJB_Request::getMethod() == SJB_Request::METHOD_POST; if (empty($errors) && $form_submitted && $edit_profile_form->isDataValid($errors)) { $password_value = $user->getPropertyValue('password'); if (empty($password_value['original'])) { $user->deleteProperty('password'); } $currentUser = SJB_UserManager::getCurrentUser(); if (!$currentUser->isSubuser()) { $subuserPermissions = array('subuser_add_listings', 'subuser_manage_listings', 'subuser_manage_subscription', 'subuser_use_screening_questionnaires'); SJB_Acl::clearPermissions('user', $user->getSID()); foreach ($subuserPermissions as $permission) { SJB_Acl::allow($permission, 'user', $user->getSID(), SJB_Request::getVar($permission, 'deny')); } } SJB_UserManager::saveUser($user); $tp->assign("form_is_submitted", true); } else { $tp->assign("errors", $errors); } $form_fields = $edit_profile_form->getFormFieldsInfo(); $metaDataProvider = SJB_ObjectMother::getMetaDataProvider(); $tp->assign("METADATA", array("form_fields" => $metaDataProvider->getFormFieldsMetadata($form_fields))); $tp->assign("form_fields", $form_fields); $tp->assign('user_info', $userInfo); $tp->display('edit_subuser_profile.tpl'); } break; case 'delete': $users = SJB_Request::getVar('user_id', array()); foreach ($users as $user) { SJB_UserManager::deleteUserById($user); } $listSubusers = true; break; default: $listSubusers = true; break; } if ($listSubusers) { $tp->assign('errors', $errors); $tp->assign('subusers', SJB_UserManager::getSubusers($currentUserInfo['sid'])); $tp->assign('isEmailAsUsername', SJB_UserGroupManager::isUserEmailAsUsernameInUserGroup($currentUserInfo['user_group_sid'])); $tp->display($template); } }
public function execute() { $acl = SJB_Acl::getInstance(); $type = SJB_Request::getVar('type', ''); $role = SJB_Request::getVar('role', ''); $tp = SJB_System::getTemplateProcessor(); $resources = $acl->getResources(); $form_submitted = SJB_Request::getVar('action'); if ($form_submitted) { SJB_Acl::clearPermissions($type, $role); foreach ($resources as $name => $resource) { $params = SJB_Request::getVar($name . '_params'); $message = ''; if (SJB_Request::getVar($name) == 'deny') { $params = SJB_Request::getVar($name . '_params1'); if ($params == 'message') { $message = SJB_Request::getVar($name . '_message'); } } SJB_Acl::allow($name, $type, $role, SJB_Request::getVar($name, ''), $params, SJB_Request::getVar($name . '_message')); } if ($type == 'plan' && SJB_Request::getVar('update_users', 0) == 1) { $contracts = SJB_ContractManager::getAllContractsByMemebershipPlanSID($role); foreach ($contracts as $contract_id) { SJB_Acl::clearPermissions('contract', $contract_id['id']); SJB_DB::query("insert into `permissions` (`type`, `role`, `name`, `value`, `params`, `message`)" . " select 'contract', ?s, `name`, `value`, `params`, `message` from `permissions` " . " where `type` = 'plan' and `role` = ?s", $contract_id['id'], $role); } } if ($form_submitted == 'save') { switch ($type) { case 'group': $parameter = "/edit-user-group/?sid=" . $role; break; case 'guest': $parameter = "/user-groups/"; break; } SJB_HelperFunctions::redirect(SJB_System::getSystemSettings("SITE_URL") . $parameter); } } $acl = SJB_Acl::getInstance(true); $resources = $acl->getResources($type); $perms = SJB_DB::query('select * from `permissions` where `type` = ?s and `role` = ?s', $type, $role); foreach ($resources as $key => $resource) { $resources[$key]['value'] = 'inherit'; $resources[$key]['name'] = $key; foreach ($perms as $perm) { if ($key == $perm['name']) { $resources[$key]['value'] = $perm['value']; $resources[$key]['params'] = $perm['params']; $resources[$key]['message'] = $perm['message']; break; } } } $tp->assign('resources', $resources); $tp->assign('type', $type); $tp->assign('listingTypes', SJB_ListingTypeManager::getAllListingTypesInfo()); $tp->assign('role', $role); switch ($type) { case 'group': $tp->assign('userGroupInfo', SJB_UserGroupManager::getUserGroupInfoBySID($role)); break; case 'user': $userInfo = SJB_UserManager::getUserInfoBySID($role); $tp->assign('userGroupInfo', SJB_UserGroupManager::getUserGroupInfoBySID($userInfo['user_group_sid'])); break; } $tp->display('acl.tpl'); }