/**
* Render view
*
* @param $view string The name of the view
* @param $data array The data to use in rendering in the view
*/
public function render($view, $data = array())
{
// Retrieve data necessary for properly rendering header and footer, and
// add that data to the template data
$areaAcc = new \TMT\accessor\AreaAccessor();
$employeeAcc = new \TMT\accessor\Employee();
$linkAcc = new \TMT\accessor\Links();
// Determine if user is admin or superuser
$admin = $this->isAdmin();
$su = $this->isSuperuser();
// Get user and area information
$user = $employeeAcc->get($this->user['netId']);
$areaArray = $areaAcc->getAll($this->user['netId']);
$areas = array();
if (isset($this->user['area'])) {
foreach ($areaArray as $area) {
$areas[] = array('id' => $area->ID, 'name' => $area->longName);
}
// Retrieve link tree
$links = $linkAcc->getTree($this->user['area']);
$this->cleanLinkTree($links, $admin, $su);
}
// Check environment
$environment = $this->getEnvironment();
// Get quicklinks
$quicklinks = $this->getAccessor("Quicklinks")->getByUser($this->user['netId']);
$notificationsUrl = getenv("NOTIFICATIONSURL");
// Add data necessary for the main header and footer to load properly
$data['templateData'] = array("area" => isset($this->user['area']) ? $this->user['area'] : null, "areaName" => isset($this->user['area']) ? $areaAcc->get($this->user['area'])->longName : null, "areaGuid" => isset($this->user['areaGuid']) ? $this->user['areaGuid'] : null, "areas" => $areas, "authenticated" => $this->authenticated, "canSU" => $this->canBeSuperuser(), "environment" => $environment, "firstName" => $user->firstName, "isSU" => $su, "jwt" => $this->createJWT(), "lastName" => $user->lastName, "links" => isset($links) ? $links : null, "netId" => $this->user['netId'], "notificationsUrl" => $notificationsUrl, "quicklinks" => $quicklinks, "server" => $_SERVER['SERVER_NAME']);
// load twig
$twigLoader = new \Twig_Loader_Filesystem(self::VIEWS_PATH);
$twig = new \Twig_Environment($twigLoader);
// to avoid conflicts with angularjs use of {{ }}
$lexer = new \Twig_Lexer($twig, array('tag_comment' => array('[#', '#]'), 'tag_block' => array('[%', '%]'), 'tag_variable' => array('[[', ']]'), 'interpolation' => array('#[', ']')));
$twig->setLexer($lexer);
// render a view
echo $twig->render($view . self::VIEW_FILE_TYPE, $data);
}
/**
* Retrieve all employees from the given area
* GET /api/employee/area/:area?active=x&defaultOnly=true&areas[]=1
*
* The main route is /api/employee/area. The rest is optional, although
* if all options are omitted, it won't be very useful
*
* Either :area or areas[] get data must be set, both can be used in the
* same request and it will be processed as if it were all passed in
* through an array in the get data.
* active = -1/0/1 for terminated/inactive/active to filter out
* search results by activity status
* defaultOnly = true/false true to get only employees defaulted to the given area
* or false to get all employees with access to the given area(s). Defaults to true.
* customData = true/false true to get the custom data fields for the area (note, this
* is only allowed if one area is specified. (Defaults to false)
*
* Examples:
* GET /api/employee/area/3
* Retrieve all employees in area 3
*
* GET /api/employee/area?areas[]=3&areas[]=4 OR GET /api/employee/area/3?areas[]=4
* Retrieve all employees defaulted to area 3 or 4
*
* GET /api/employee/area?areas[]=2&defaultOnly=false
* Retrieve all employees who have access to group 2
*
* GET /api/employee/area?areas[]=2&areas[]=3&defaultOnly=false&active=1
* Retrieve all active employees who have access to groups 2 or 3
*
* GET /api/employee/area/1?customData=true
* Retrieve all employees from group 1 with their custom data for group 1
*
* returns:
* {
* status: OK/ERROR,
* data: [
* {
* netID: "",
* active: -1/0/1,
* area: int,
* firstName: "",
* lastName: "",
* maidenName: "",
* phone: "",
* email: "",
* chqId: "",
* birthday: "",
* languages: "",
* hometown: "",
* major: "",
* mission: "",
* graduation: "",
* position: int,
* shift: "",
* supervisor: "",
* hireDate: "",
* certification: "",
* international: 0/1,
* byuId: "",
* fullTime: 0/1
* }
* ]
* }
*/
public function get($params)
{
$this->requireAuthentication();
// Parse areas
$area = isset($params['url'][3]) ? $params['url'][3] : null;
$areas = isset($params['request']['areas']) ? $params['request']['areas'] : null;
if ($area === null && $areas === null) {
$areas = array($this->user['area']);
} else {
if ($area !== null && $areas !== null) {
$areas[] = $area;
$areas = \array_unique($areas);
} else {
if ($area !== null && $areas === null) {
$areas = array($area);
}
}
}
// Parse active and defaultOnly
$active = isset($params['request']['active']) ? (int) $params['request']['active'] : null;
$defaultOnly = isset($params['request']['defaultOnly']) ? \filter_var($params['request']['defaultOnly'], \FILTER_VALIDATE_BOOLEAN) : true;
$customData = isset($params['request']['customData']) ? \filter_var($params['request']['customData'], \FILTER_VALIDATE_BOOLEAN) : false;
$employeeAccessor = new \TMT\accessor\Employee();
$areaAccessor = new \TMT\accessor\AreaAccessor();
$employees = $employeeAccessor->getByArea($areas, $defaultOnly, $active);
$userAreas = $areaAccessor->getAll($this->user['netId']);
$results = array();
for ($i = 0; $i < count($employees); $i++) {
$employeeAreas = $areaAccessor->getAll($employees[$i]->netID);
$overlap = false;
foreach ($employeeAreas as $eArea) {
foreach ($userAreas as $uArea) {
if ($uArea->ID == $eArea->ID) {
$overlap = true;
$results[] = $employees[$i];
break;
}
}
if ($overlap) {
break;
}
}
}
// If there is only one area specified and customData is true, add the fields to the employee
if ($customData && count($areas) == 1) {
for ($i = 0; $i < count($results); $i++) {
$data = $this->getCustomDataFields($results[$i]->netID, $areas[0]);
foreach ($data as $field => $value) {
$results[$i]->{$field} = $value;
}
}
}
$this->respond($results);
}
/**
* Update an existing employee
* PUT /api/employee/:netID
*
* Fields to be updated should be provided in the body of the request
*
* Returns a model of the updated employee
*/
public function put($params)
{
$this->requireAuthentication();
if (count($params['url']) < 3) {
$this->error("No netID provided", 400);
}
$netID = $params['url'][2];
$employeeAcc = new \TMT\accessor\Employee();
$model = $employeeAcc->get($netID);
$allow_self_update = array("phone", "email");
$require_permission = false;
foreach ($params['request'] as $key => $value) {
if (property_exists($model, $key)) {
switch ($key) {
case "area":
if (!$this->isSuperuser()) {
$this->error($message, 403);
exit;
}
$model->area = $value;
break;
case "netID":
// Never update a netID
continue;
break;
case "position":
// Positions should only be updated from the default area
if ($model->area == $this->user['area']) {
$model->{$key} = $value;
}
break;
default:
if (!in_array($key, $allow_self_update)) {
$require_permission = true;
}
$model->{$key} = $value;
}
}
}
if ($require_permission) {
$this->forcePermission("update", "1450ff35-82a7-45ed-adcf-ffa254ebafa2");
}
$employeeAcc->save($model);
$this->respond($model);
}
/**
* @covers ::getByArea
*/
public function testGetByAreaNotDefault()
{
$accessor = new \TMT\accessor\Employee();
$host = getenv('DBHOST');
$user = getenv('DBUSER');
$pass = getenv('DBPASS');
$db = getenv('DBNAME');
$connectStr = "mysql:dbname=" . $db . ";host=" . $host . ";port=3306";
$options = array(\PDO::ATTR_ERRMODE => \PDO::ERRMODE_EXCEPTION, \PDO::ATTR_DEFAULT_FETCH_MODE => \PDO::FETCH_OBJ);
$pdo = new \PDO($connectStr, $user, $pass, $options);
$stmt = $pdo->prepare("INSERT INTO employeeAreaPermissions (netID, area, guid) VALUES (:netId1, :area1, :guid), (:netId2, :area2, :guid2)");
$stmt->execute(array(':netId1' => 'employee2', ':area1' => 1, ':guid' => $accessor->newGuid(), ':netId2' => 'netId', ':area2' => 2, ':guid2' => $accessor->newGuid()));
$accessor = new \TMT\accessor\Employee();
$employees = $accessor->getByArea(1, false);
$this->assertEquals(2, count($employees));
$employees = $accessor->getByArea(2, false);
$this->assertEquals(4, count($employees));
$employees = $accessor->getByArea(2, false, 1);
$this->assertEquals(2, count($employees));
$employees = $accessor->getByArea(array(1), false, 0);
$this->assertEquals(1, count($employees));
$stmt2 = $pdo->prepare("DELETE FROM employeeAreaPermissions");
$stmt2->execute();
}
