예제 #1
0
 /**
  * surveypermission::surveyright()
  * Function responsible to process setting of permission of a user/usergroup.
  * @param mixed $surveyid
  * @return void
  */
 function surveyright($surveyid)
 {
     $aData['surveyid'] = $surveyid = sanitize_int($surveyid);
     $aViewUrls = array();
     $action = $_POST['action'];
     $clang = Yii::app()->lang;
     $imageurl = Yii::app()->getConfig('imageurl');
     $postuserid = !empty($_POST['uid']) ? $_POST['uid'] : false;
     $postusergroupid = !empty($_POST['ugid']) ? $_POST['ugid'] : false;
     if ($action == "surveyrights") {
         $addsummary = "<div class='header ui-widget-header'>" . $clang->gT("Edit survey permissions") . "</div>\n";
         $addsummary .= "<div class='messagebox ui-corner-all'>\n";
         $where = ' ';
         if ($postuserid) {
             if (Yii::app()->session['USER_RIGHT_SUPERADMIN'] != 1) {
                 $where .= "sid = :surveyid AND owner_id != :postuserid AND owner_id = :owner_id";
                 $resrow = Survey::model()->find($where, array(':sid' => $surveyid, ':owner_id' => Yii::app()->session['loginID'], ':postuserid' => $postuserid));
             }
         } else {
             $where .= "sid = :sid";
             $resrow = Survey::model()->find($where, array(':sid' => $surveyid));
             $iOwnerID = $resrow['owner_id'];
         }
         $aBaseSurveyPermissions = Survey_permissions::model()->getBasePermissions();
         $aPermissions = array();
         foreach ($aBaseSurveyPermissions as $sPermissionKey => $aCRUDPermissions) {
             foreach ($aCRUDPermissions as $sCRUDKey => $CRUDValue) {
                 if (!in_array($sCRUDKey, array('create', 'read', 'update', 'delete', 'import', 'export'))) {
                     continue;
                 }
                 if ($CRUDValue) {
                     if (isset($_POST["perm_{$sPermissionKey}_{$sCRUDKey}"])) {
                         $aPermissions[$sPermissionKey][$sCRUDKey] = 1;
                     } else {
                         $aPermissions[$sPermissionKey][$sCRUDKey] = 0;
                     }
                 }
             }
         }
         if (isset($postusergroupid) && $postusergroupid > 0) {
             $oResult = User_in_groups::model()->findAll('ugid = :ugid AND uid <> :uid AND uid <> :iOwnerID', array(':ugid' => $postusergroupid, ':uid' => Yii::app()->session['loginID'], ':iOwnerID' => $iOwnerID));
             if (count($oResult) > 0) {
                 foreach ($oResult as $aRow) {
                     Survey_permissions::model()->setPermission($aRow->uid, $surveyid, $aPermissions);
                 }
                 $addsummary .= "<div class=\"successheader\">" . $clang->gT("Survey permissions for all users in this group were successfully updated.") . "</div>\n";
             }
         } else {
             if (Survey_permissions::model()->setPermission($postuserid, $surveyid, $aPermissions)) {
                 $addsummary .= "<div class=\"successheader\">" . $clang->gT("Survey permissions were successfully updated.") . "</div>\n";
             } else {
                 $addsummary .= "<div class=\"warningheader\">" . $clang->gT("Failed to update survey permissions!") . "</div>\n";
             }
         }
         $addsummary .= "<br/><input type=\"submit\" onclick=\"window.open('" . $this->getController()->createUrl('admin/surveypermission/sa/view/surveyid/' . $surveyid) . "', '_top')\" value=\"" . $clang->gT("Continue") . "\"/>\n";
         $addsummary .= "</div>\n";
         $aViewUrls['output'] = $addsummary;
     }
     $this->_renderWrappedTemplate('authentication', $aViewUrls, $aData);
 }
 function user($ugid, $action = 'add')
 {
     if (Yii::app()->session['USER_RIGHT_SUPERADMIN'] != true || !in_array($action, array('add', 'remove'))) {
         die('access denied');
     }
     $clang = Yii::app()->lang;
     $uid = (int) Yii::app()->request->getPost('uid');
     $group = User_groups::model()->findByAttributes(array('ugid' => $ugid, 'owner_id' => Yii::app()->session['loginID']));
     if (empty($group)) {
         list($aViewUrls, $aData) = $this->index(0, array('type' => 'warning', 'message' => $clang->gT('Failed.') . '<br />' . $clang->gT('Group not found.')));
     } else {
         if ($uid > 0 && User::model()->findByPk($uid)) {
             if ($group->owner_id == $uid) {
                 list($aViewUrls, $aData) = $this->index($ugid, array('type' => 'warning', 'message' => $clang->gT('Failed.') . '<br />' . $clang->gT('You can not add or remove the group owner from the group.')));
             }
             $user_in_group = User_in_groups::model()->findByPk(array('ugid' => $ugid, 'uid' => $uid));
             switch ($action) {
                 case 'add':
                     if (empty($user_in_group) && User_in_groups::model()->insertRecords(array('ugid' => $ugid, 'uid' => $uid))) {
                         list($aViewUrls, $aData) = $this->index($ugid, array('type' => 'success', 'message' => $clang->gT('User added.')));
                     } else {
                         list($aViewUrls, $aData) = $this->index($ugid, array('type' => 'warning', 'message' => $clang->gT('Failed to add user.') . '<br />' . $clang->gT('User already exists in the group.')));
                     }
                     break;
                 case 'remove':
                     if (!empty($user_in_group) && User_in_groups::model()->deleteByPk(array('ugid' => $ugid, 'uid' => $uid))) {
                         list($aViewUrls, $aData) = $this->index($ugid, array('type' => 'success', 'message' => $clang->gT('User removed.')));
                     } else {
                         list($aViewUrls, $aData) = $this->index($ugid, array('type' => 'warning', 'message' => $clang->gT('Failed to remove user.') . '<br />' . $clang->gT('User does not exist in the group.')));
                     }
                     break;
             }
         } else {
             list($aViewUrls, $aData) = $this->index($ugid, array('type' => 'warning', 'message' => $clang->gT('Failed.') . '<br />' . $clang->gT('User not found.')));
         }
     }
     $this->_renderWrappedTemplate('usergroup', $aViewUrls, $aData);
 }