public function GetPermissions($objectId)
{
$userGroup = new UserGroup();
if (!($result = $userGroup->GetPermissionsForObject('lkcampaigngroup', 'CampaignID', $objectId))) {
return $this->SetError($userGroup->GetErrorMessage());
}
return $result;
}
public function ListSecurity($dataSetId, $groupId)
{
if ($dataSetId == 0 || $dataSetId == '') {
return $this->SetError(25001, __('Missing dataSetId'));
}
$userGroup = new UserGroup();
if (!($result = $userGroup->GetPermissionsForObject('lkdatasetgroup', 'DataSetID', $dataSetId))) {
return $this->SetError($userGroup->GetErrorMessage());
}
$security = array();
foreach ($result as $row) {
$security[] = array('groupid' => Kit::ValidateParam($row['groupid'], _INT), 'group' => Kit::ValidateParam($row['group'], _STRING), 'view' => Kit::ValidateParam($row['view'], _INT), 'edit' => Kit::ValidateParam($row['edit'], _INT), 'del' => Kit::ValidateParam($row['del'], _INT), 'isuserspecific' => Kit::ValidateParam($row['isuserspecific'], _INT));
}
return $security;
}
/**
* Permissions form
*/
public function PermissionsForm()
{
$db =& $this->db;
$user =& $this->user;
$response = new ResponseManager();
$helpManager = new HelpManager($db, $user);
if (!$this->auth->modifyPermissions) {
trigger_error(__('You do not have permissions to edit this media'), E_USER_ERROR);
}
// List of all Groups with a view / edit / delete check box
$permissions = new UserGroup();
if ($this->assignedMedia) {
if (!($result = $permissions->GetPermissionsForObject('lklayoutmediagroup', NULL, NULL, sprintf(" AND lklayoutmediagroup.MediaID = '%s' AND lklayoutmediagroup.RegionID = '%s' AND lklayoutmediagroup.LayoutID = %d ", $this->mediaid, $this->regionid, $this->layoutid)))) {
trigger_error($permissions->GetErrorMessage(), E_USER_ERROR);
}
} else {
if (!($result = $permissions->GetPermissionsForObject('lkmediagroup', 'MediaID', $this->mediaid))) {
trigger_error($permissions->GetErrorMessage(), E_USER_ERROR);
}
}
if (count($result) <= 0) {
trigger_error(__('Unable to get permissions'), E_USER_ERROR);
}
$checkboxes = array();
foreach ($result as $row) {
$groupId = $row['groupid'];
$rowClass = $row['isuserspecific'] == 0 ? 'strong_text' : '';
$checkbox = array('id' => $groupId, 'name' => Kit::ValidateParam($row['group'], _STRING), 'class' => $rowClass, 'value_view' => $groupId . '_view', 'value_view_checked' => $row['view'] == 1 ? 'checked' : '', 'value_edit' => $groupId . '_edit', 'value_edit_checked' => $row['edit'] == 1 ? 'checked' : '', 'value_del' => $groupId . '_del', 'value_del_checked' => $row['del'] == 1 ? 'checked' : '');
$checkboxes[] = $checkbox;
}
$formFields = array();
$formFields[] = FormManager::AddPermissions('groupids[]', $checkboxes);
Theme::Set('form_fields', $formFields);
// Set some information about the form
Theme::Set('form_id', 'LayoutPermissionsForm');
Theme::Set('form_action', 'index.php?p=module&mod=' . $this->type . '&q=Exec&method=Permissions');
Theme::Set('form_meta', '<input type="hidden" name="layoutid" value="' . $this->layoutid . '" /><input type="hidden" name="regionid" value="' . $this->regionid . '" /><input type="hidden" name="mediaid" value="' . $this->mediaid . '" />');
$response->SetFormRequestResponse(NULL, __('Permissions'), '350px', '500px');
$response->AddButton(__('Help'), 'XiboHelpRender("' . ($this->layoutid != 0 ? $helpManager->Link('LayoutMedia', 'Permissions') : $helpManager->Link('Media', 'Permissions')) . '")');
if ($this->assignedMedia) {
$response->AddButton(__('Cancel'), 'XiboSwapDialog("index.php?p=timeline&layoutid=' . $this->layoutid . '®ionid=' . $this->regionid . '&q=RegionOptions")');
} else {
$response->AddButton(__('Cancel'), 'XiboDialogClose()');
}
$response->AddButton(__('Save'), '$("#LayoutPermissionsForm").submit()');
return $response;
}
/**
* Sets the Members of a group
* @return
*/
public function SetMembers()
{
$db =& $this->db;
$response = new ResponseManager();
$groupObject = new UserGroup($db);
$groupID = Kit::GetParam('GroupID', _REQUEST, _INT);
$users = Kit::GetParam('UserID', _POST, _ARRAY, array());
$members = array();
// Users in group
$SQL = "";
$SQL .= "SELECT user.UserID, ";
$SQL .= " user.UserName ";
$SQL .= "FROM `user` ";
$SQL .= " INNER JOIN lkusergroup ";
$SQL .= " ON lkusergroup.UserID = user.UserID ";
$SQL .= sprintf("WHERE lkusergroup.GroupID = %d", $groupID);
if (!($resultIn = $db->query($SQL))) {
trigger_error($db->error());
trigger_error(__('Error getting Users'));
}
while ($row = $db->get_assoc_row($resultIn)) {
// Test whether this ID is in the array or not
$userID = Kit::ValidateParam($row['UserID'], _INT);
if (!in_array($userID, $users)) {
// Its currently assigned but not in the $displays array
// so we unassign
if (!$groupObject->Unlink($groupID, $userID)) {
trigger_error($groupObject->GetErrorMessage(), E_USER_ERROR);
}
} else {
$members[] = $userID;
}
}
foreach ($users as $userID) {
// Add any that are missing
if (!in_array($userID, $members)) {
if (!$groupObject->Link($groupID, $userID)) {
trigger_error($groupObject->GetErrorMessage(), E_USER_ERROR);
}
}
}
$response->SetFormSubmitResponse(__('Group membership set'), false);
$response->Respond();
}
/**
* Show the Permissions for this Display Group
*/
public function PermissionsForm()
{
$db =& $this->db;
$user =& $this->user;
$response = new ResponseManager();
$helpManager = new HelpManager($db, $user);
$displayGroupId = Kit::GetParam('DisplayGroupID', _GET, _INT);
$auth = $this->user->DisplayGroupAuth($displayGroupId, true);
if (!$auth->modifyPermissions) {
trigger_error(__('You do not have permissions to edit this display group'), E_USER_ERROR);
}
// Set some information about the form
Theme::Set('form_id', 'DisplayGroupPermissionsForm');
Theme::Set('form_action', 'index.php?p=displaygroup&q=Permissions');
Theme::Set('form_meta', '<input type="hidden" name="displayGroupId" value="' . $displayGroupId . '" />');
// List of all Groups with a view / edit / delete check box
$permissions = new UserGroup();
if (!($result = $permissions->GetPermissionsForObject('lkdisplaygroupgroup', 'DisplayGroupID', $displayGroupId))) {
trigger_error($permissions->GetErrorMessage(), E_USER_ERROR);
}
if (count($result) <= 0) {
trigger_error(__('Unable to get permissions for this Display Group'), E_USER_ERROR);
}
$checkboxes = array();
foreach ($result as $row) {
$groupId = $row['groupid'];
$rowClass = $row['isuserspecific'] == 0 ? 'strong_text' : '';
$checkbox = array('id' => $groupId, 'name' => Kit::ValidateParam($row['group'], _STRING), 'class' => $rowClass, 'value_view' => $groupId . '_view', 'value_view_checked' => $row['view'] == 1 ? 'checked' : '', 'value_edit' => $groupId . '_edit', 'value_edit_checked' => $row['edit'] == 1 ? 'checked' : '', 'value_del' => $groupId . '_del', 'value_del_checked' => $row['del'] == 1 ? 'checked' : '');
$checkboxes[] = $checkbox;
}
$formFields = array();
$formFields[] = FormManager::AddPermissions('groupids[]', $checkboxes);
Theme::Set('form_fields', $formFields);
$response->SetFormRequestResponse(NULL, __('Permissions'), '350px', '500px');
$response->AddButton(__('Help'), 'XiboHelpRender("' . HelpManager::Link('DisplayGroup', 'Permissions') . '")');
$response->AddButton(__('Cancel'), 'XiboDialogClose()');
$response->AddButton(__('Save'), '$("#DisplayGroupPermissionsForm").submit()');
$response->Respond();
}
public function RegionPermissionsForm()
{
$db =& $this->db;
$user =& $this->user;
$response = new ResponseManager();
$helpManager = new HelpManager($db, $user);
$layoutid = Kit::GetParam('layoutid', _GET, _INT);
$regionid = Kit::GetParam('regionid', _GET, _STRING);
Kit::ClassLoader('region');
$region = new region($db);
$ownerId = $region->GetOwnerId($layoutid, $regionid);
$regionAuth = $this->user->RegionAssignmentAuth($ownerId, $layoutid, $regionid, true);
if (!$regionAuth->modifyPermissions) {
trigger_error(__("You do not have permissions to edit this regions permissions"), E_USER_ERROR);
}
// List of all Groups with a view / edit / delete check box
$permissions = new UserGroup();
if (!($result = $permissions->GetPermissionsForObject('lklayoutregiongroup', NULL, NULL, sprintf(" AND lklayoutregiongroup.LayoutID = %d AND lklayoutregiongroup.RegionID = '%s' ", $layoutid, $regionid)))) {
trigger_error($permissions->GetErrorMessage(), E_USER_ERROR);
}
if (count($result) <= 0) {
trigger_error(__('Unable to get permissions'), E_USER_ERROR);
}
$checkboxes = array();
foreach ($result as $row) {
$groupId = $row['groupid'];
$rowClass = $row['isuserspecific'] == 0 ? 'strong_text' : '';
$checkbox = array('id' => $groupId, 'name' => Kit::ValidateParam($row['group'], _STRING), 'class' => $rowClass, 'value_view' => $groupId . '_view', 'value_view_checked' => $row['view'] == 1 ? 'checked' : '', 'value_edit' => $groupId . '_edit', 'value_edit_checked' => $row['edit'] == 1 ? 'checked' : '', 'value_del' => $groupId . '_del', 'value_del_checked' => $row['del'] == 1 ? 'checked' : '');
$checkboxes[] = $checkbox;
}
$formFields = array();
$formFields[] = FormManager::AddPermissions('groupids[]', $checkboxes);
Theme::Set('form_fields', $formFields);
// Set some information about the form
Theme::Set('form_id', 'RegionPermissionsForm');
Theme::Set('form_action', 'index.php?p=timeline&q=RegionPermissions');
Theme::Set('form_meta', '<input type="hidden" name="layoutid" value="' . $layoutid . '" /><input type="hidden" name="regionid" value="' . $regionid . '" />');
$response->SetFormRequestResponse(NULL, __('Permissions'), '350px', '500px');
$response->AddButton(__('Help'), 'XiboHelpRender("' . $helpManager->Link('Region', 'Permissions') . '")');
$response->AddButton(__('Cancel'), 'XiboDialogClose()');
$response->AddButton(__('Save'), '$("#RegionPermissionsForm").submit()');
$response->Respond();
}
public function edit()
{
// Validation
if ($this->userName == '' || strlen($this->userName) > 50) {
return $this->SetError(__('User name must be between 1 and 50 characters.'));
}
if ($this->homePage == '') {
$this->homePage = "dashboard";
}
try {
$dbh = PDOConnect::init();
// Check for duplicate user name
$sth = $dbh->prepare('SELECT UserName FROM `user` WHERE UserName = :userName AND userId <> :userId');
$sth->execute(array('userName' => $this->userName, 'userId' => $this->userId));
$results = $sth->fetchAll();
if (count($results) > 0) {
$this->ThrowError(__('There is already a user with this name. Please choose another.'));
}
// Run the UPDATE statement
$SQL = 'UPDATE user SET UserName = :userName, HomePage = :homePage, Email = :email, Retired = :retired, userTypeId = :userTypeId
WHERE userId = :userId ';
$updateSth = $dbh->prepare($SQL);
$updateSth->execute(array('userName' => $this->userName, 'userTypeId' => $this->userTypeId, 'email' => $this->email, 'homePage' => $this->homePage, 'retired' => $this->retired, 'userId' => $this->userId));
// Update the user group
$userGroup = new UserGroup();
if (!$userGroup->EditUserGroup($this->userId, $this->userName)) {
$this->ThrowError($userGroup->GetErrorNumber(), $userGroup->GetErrorMessage());
}
return true;
} catch (Exception $e) {
Debug::Error($e->getMessage());
if (!$this->IsError()) {
$this->SetError(1, __('Unknown Error'));
}
return false;
}
}
/**
* Deletes a user
*
* @param int $id
* @return unknown
*/
function DeleteUser()
{
// Check the token
if (!Kit::CheckToken()) {
trigger_error('Token does not match', E_USER_ERROR);
}
$db =& $this->db;
$user =& $this->user;
$response = new ResponseManager();
$userid = Kit::GetParam('userid', _POST, _INT, 0);
$groupID = $user->getGroupFromID($userid, true);
// Can we delete this user? Dont even try if we cant. Check tables that have this userid or this groupid
if ($this->db->GetCountOfRows(sprintf('SELECT LayoutID FROM layout WHERE UserID = %d', $userid)) > 0) {
trigger_error(__('Cannot delete this user, they have layouts'), E_USER_ERROR);
}
if ($this->db->GetCountOfRows(sprintf('SELECT MediaID FROM media WHERE UserID = %d', $userid)) > 0) {
trigger_error(__('Cannot delete this user, they have media'), E_USER_ERROR);
}
if ($this->db->GetCountOfRows(sprintf('SELECT EventID FROM schedule WHERE UserID = %d', $userid)) > 0) {
trigger_error(__('Cannot delete this user, they have scheduled layouts'), E_USER_ERROR);
}
if ($this->db->GetCountOfRows(sprintf('SELECT Schedule_DetailID FROM schedule_detail WHERE UserID = %d', $userid)) > 0) {
trigger_error(__('Cannot delete this user, they have schedule detail records'), E_USER_ERROR);
}
if ($this->db->GetCountOfRows(sprintf('SELECT TemplateID FROM template WHERE UserID = %d', $userid)) > 0) {
trigger_error(__('Cannot delete this user, they have templates'), E_USER_ERROR);
}
if ($this->db->GetCountOfRows(sprintf('SELECT osr_id FROM oauth_server_registry WHERE osr_usa_id_ref = %d', $userid)) > 0) {
trigger_error(__('Cannot delete this user, they have applications'), E_USER_ERROR);
}
if ($this->db->GetCountOfRows(sprintf('SELECT GroupID FROM lkdatasetgroup WHERE GroupID = %d', $groupID)) > 0) {
trigger_error(__('Cannot delete this user, they have permissions to data sets'), E_USER_ERROR);
}
if ($this->db->GetCountOfRows(sprintf('SELECT GroupID FROM lkdisplaygroupgroup WHERE GroupID = %d', $groupID)) > 0) {
trigger_error(__('Cannot delete this user, they have permissions to display groups'), E_USER_ERROR);
}
if ($this->db->GetCountOfRows(sprintf('SELECT GroupID FROM lklayoutgroup WHERE GroupID = %d', $groupID)) > 0) {
trigger_error(__('Cannot delete this user, they have permissions to layouts'), E_USER_ERROR);
}
if ($this->db->GetCountOfRows(sprintf('SELECT GroupID FROM lklayoutmediagroup WHERE GroupID = %d', $groupID)) > 0) {
trigger_error(__('Cannot delete this user, they have permissions to media on layouts'), E_USER_ERROR);
}
if ($this->db->GetCountOfRows(sprintf('SELECT GroupID FROM lklayoutregiongroup WHERE GroupID = %d', $groupID)) > 0) {
trigger_error(__('Cannot delete this user, they have permissions to regions on layouts'), E_USER_ERROR);
}
if ($this->db->GetCountOfRows(sprintf('SELECT GroupID FROM lkmediagroup WHERE GroupID = %d', $groupID)) > 0) {
trigger_error(__('Cannot delete this user, they have permissions to media'), E_USER_ERROR);
}
if ($this->db->GetCountOfRows(sprintf('SELECT GroupID FROM lktemplategroup WHERE GroupID = %d', $groupID)) > 0) {
trigger_error(__('Cannot delete this user, they have permissions to templates'), E_USER_ERROR);
}
// Firstly delete the group for this user
$userGroupObject = new UserGroup($db);
// Remove this user from all user groups (including their own)
$userGroupObject->UnlinkAllGroups($userid);
// Delete the user specific group
if (!$userGroupObject->Delete($groupID)) {
trigger_error($userGroupObject->GetErrorMessage(), E_USER_ERROR);
}
// Delete the user
$sqldel = "DELETE FROM user";
$sqldel .= " WHERE UserID = %d";
if (!$db->query(sprintf($sqldel, $userid))) {
trigger_error($db->error());
trigger_error(__("This user has been active, you may only retire them."), E_USER_ERROR);
}
// We should delete this users sessions record.
$SQL = "DELETE FROM session WHERE userID = %d ";
if (!$db->query(sprintf($SQL, $userid))) {
trigger_error($db->error());
trigger_error(__("If logged in, this user will be deleted once they log out."), E_USER_ERROR);
}
$response->SetFormSubmitResponse(__('User Deleted.'));
$response->Respond();
}
/**
* Deletes a user
*/
function DeleteUser()
{
// Check the token
if (!Kit::CheckToken()) {
trigger_error(__('Sorry the form has expired. Please refresh.'), E_USER_ERROR);
}
$response = new ResponseManager();
$deleteAllItems = Kit::GetParam('deleteAllItems', _POST, _CHECKBOX) == 1;
$userId = Kit::GetParam('userid', _POST, _INT, 0);
$groupId = $this->user->getGroupFromID($userId, true);
$user = new Userdata();
$user->userId = $userId;
$userGroup = new UserGroup();
if (!$deleteAllItems) {
// Can we delete this user? Don't even try if we cant.
$children = $user->getChildTypes();
if (count($children) > 0) {
trigger_error(sprintf(__('Cannot delete user, they own %s'), implode(', ', $children)), E_USER_ERROR);
}
// Can we delete this group?
$children = $userGroup->getChildTypes($groupId);
if (count($children) > 0) {
trigger_error(sprintf(__('Cannot delete user, they own %s'), implode(', ', $children)), E_USER_ERROR);
}
}
// Delete all items has been selected, so call delete on the group, then the user
$userGroup->UnlinkAllGroups($userId);
// Delete the user specific group
if (!$userGroup->Delete($groupId)) {
trigger_error($userGroup->GetErrorMessage(), E_USER_ERROR);
}
// Delete the user
if (!$user->Delete()) {
trigger_error($user->GetErrorMessage(), E_USER_ERROR);
}
$response->SetFormSubmitResponse(__('User Deleted.'));
$response->Respond();
}
/**
* Sets the Members of a group
*/
public function SetMembers()
{
$db =& $this->db;
$response = new ResponseManager();
$groupObject = new UserGroup($db);
$groupId = Kit::GetParam('GroupID', _REQUEST, _INT);
$users = Kit::GetParam('UserID', _POST, _ARRAY, array());
// We will receive a list of users from the UI which are in the "assign column" at the time the form is
// submitted.
// We want to go through and unlink any users that are NOT in that list, but that the current user has access
// to edit.
// We want to add any users that are in that list (but aren't already assigned)
// All users that this session has access to
if (!($allUsers = $this->user->userList())) {
trigger_error(__('Error getting all users'), E_USER_ERROR);
}
// Convert to an array of ID's for convenience
$allUserIds = array_map(function ($array) {
return $array['userid'];
}, $allUsers);
// Users in group
$usersAssigned = UserData::entries(null, array('groupIds' => array($groupId)));
Debug::Audit('All userIds we want to assign: ' . var_export($users, true));
Debug::Audit('All userIds we have access to: ' . var_export($allUserIds, true));
foreach ($usersAssigned as $user) {
/* @var Userdata $user */
// Did this session have permission to do anything to this user?
// If not, move on
if (!in_array($user->userId, $allUserIds)) {
continue;
}
Debug::Audit('Logged in user has permission to make changes to this assigned user ' . $user->userId);
// Is this user in the provided list of users?
if (in_array($user->userId, $users)) {
// This user is already assigned, so we remove it from the $users array
Debug::Audit('This user is already assigned ' . $user->userId);
if (($key = array_search($user->userId, $users)) !== false) {
unset($users[$key]);
}
} else {
Debug::Audit('This user is assigned, but not in the list of assignments ' . $user->userId);
// It isn't therefore needs to be removed
if (!$groupObject->Unlink($groupId, $user->userId)) {
trigger_error($groupObject->GetErrorMessage(), E_USER_ERROR);
}
}
}
Debug::Audit('All userIds we want to assign after sorting: ' . var_export($users, true));
// Add any users that are still missing after tha assignment process
foreach ($users as $userId) {
Debug::Audit('User was missing, linking them: ' . $userId);
// Add any that are missing
if (!$groupObject->Link($groupId, $userId)) {
trigger_error($groupObject->GetErrorMessage(), E_USER_ERROR);
}
}
$response->SetFormSubmitResponse(__('Group membership set'), false);
$response->Respond();
}
