/**
* surveypermission::surveyright()
* Function responsible to process setting of permission of a user/usergroup.
* @param mixed $surveyid
* @return void
*/
function surveyright($surveyid)
{
$aData['surveyid'] = $surveyid = sanitize_int($surveyid);
$aViewUrls = array();
$action = $_POST['action'];
$clang = Yii::app()->lang;
$imageurl = Yii::app()->getConfig('imageurl');
$postuserid = !empty($_POST['uid']) ? $_POST['uid'] : false;
$postusergroupid = !empty($_POST['ugid']) ? $_POST['ugid'] : false;
if ($action == "surveyrights") {
$addsummary = "<div class='header ui-widget-header'>" . $clang->gT("Edit survey permissions") . "</div>\n";
$addsummary .= "<div class='messagebox ui-corner-all'>\n";
$where = ' ';
if ($postuserid) {
if (Yii::app()->session['USER_RIGHT_SUPERADMIN'] != 1) {
$where .= "sid = :surveyid AND owner_id != :postuserid AND owner_id = :owner_id";
$resrow = Survey::model()->find($where, array(':sid' => $surveyid, ':owner_id' => Yii::app()->session['loginID'], ':postuserid' => $postuserid));
}
} else {
$where .= "sid = :sid";
$resrow = Survey::model()->find($where, array(':sid' => $surveyid));
$iOwnerID = $resrow['owner_id'];
}
$aBaseSurveyPermissions = Survey_permissions::model()->getBasePermissions();
$aPermissions = array();
foreach ($aBaseSurveyPermissions as $sPermissionKey => $aCRUDPermissions) {
foreach ($aCRUDPermissions as $sCRUDKey => $CRUDValue) {
if (!in_array($sCRUDKey, array('create', 'read', 'update', 'delete', 'import', 'export'))) {
continue;
}
if ($CRUDValue) {
if (isset($_POST["perm_{$sPermissionKey}_{$sCRUDKey}"])) {
$aPermissions[$sPermissionKey][$sCRUDKey] = 1;
} else {
$aPermissions[$sPermissionKey][$sCRUDKey] = 0;
}
}
}
}
if (isset($postusergroupid) && $postusergroupid > 0) {
$oResult = User_in_groups::model()->findAll('ugid = :ugid AND uid <> :uid AND uid <> :iOwnerID', array(':ugid' => $postusergroupid, ':uid' => Yii::app()->session['loginID'], ':iOwnerID' => $iOwnerID));
if (count($oResult) > 0) {
foreach ($oResult as $aRow) {
Survey_permissions::model()->setPermission($aRow->uid, $surveyid, $aPermissions);
}
$addsummary .= "<div class=\"successheader\">" . $clang->gT("Survey permissions for all users in this group were successfully updated.") . "</div>\n";
}
} else {
if (Survey_permissions::model()->setPermission($postuserid, $surveyid, $aPermissions)) {
$addsummary .= "<div class=\"successheader\">" . $clang->gT("Survey permissions were successfully updated.") . "</div>\n";
} else {
$addsummary .= "<div class=\"warningheader\">" . $clang->gT("Failed to update survey permissions!") . "</div>\n";
}
}
$addsummary .= "<br/><input type=\"submit\" onclick=\"window.open('" . $this->getController()->createUrl('admin/surveypermission/sa/view/surveyid/' . $surveyid) . "', '_top')\" value=\"" . $clang->gT("Continue") . "\"/>\n";
$addsummary .= "</div>\n";
$aViewUrls['output'] = $addsummary;
}
$this->_renderWrappedTemplate('authentication', $aViewUrls, $aData);
}
function user($ugid, $action = 'add')
{
if (Yii::app()->session['USER_RIGHT_SUPERADMIN'] != true || !in_array($action, array('add', 'remove'))) {
die('access denied');
}
$clang = Yii::app()->lang;
$uid = (int) Yii::app()->request->getPost('uid');
$group = User_groups::model()->findByAttributes(array('ugid' => $ugid, 'owner_id' => Yii::app()->session['loginID']));
if (empty($group)) {
list($aViewUrls, $aData) = $this->index(0, array('type' => 'warning', 'message' => $clang->gT('Failed.') . '<br />' . $clang->gT('Group not found.')));
} else {
if ($uid > 0 && User::model()->findByPk($uid)) {
if ($group->owner_id == $uid) {
list($aViewUrls, $aData) = $this->index($ugid, array('type' => 'warning', 'message' => $clang->gT('Failed.') . '<br />' . $clang->gT('You can not add or remove the group owner from the group.')));
}
$user_in_group = User_in_groups::model()->findByPk(array('ugid' => $ugid, 'uid' => $uid));
switch ($action) {
case 'add':
if (empty($user_in_group) && User_in_groups::model()->insertRecords(array('ugid' => $ugid, 'uid' => $uid))) {
list($aViewUrls, $aData) = $this->index($ugid, array('type' => 'success', 'message' => $clang->gT('User added.')));
} else {
list($aViewUrls, $aData) = $this->index($ugid, array('type' => 'warning', 'message' => $clang->gT('Failed to add user.') . '<br />' . $clang->gT('User already exists in the group.')));
}
break;
case 'remove':
if (!empty($user_in_group) && User_in_groups::model()->deleteByPk(array('ugid' => $ugid, 'uid' => $uid))) {
list($aViewUrls, $aData) = $this->index($ugid, array('type' => 'success', 'message' => $clang->gT('User removed.')));
} else {
list($aViewUrls, $aData) = $this->index($ugid, array('type' => 'warning', 'message' => $clang->gT('Failed to remove user.') . '<br />' . $clang->gT('User does not exist in the group.')));
}
break;
}
} else {
list($aViewUrls, $aData) = $this->index($ugid, array('type' => 'warning', 'message' => $clang->gT('Failed.') . '<br />' . $clang->gT('User not found.')));
}
}
$this->_renderWrappedTemplate('usergroup', $aViewUrls, $aData);
}