Returns whether a user has a certain permission on a single resource.
| public static hasPermission ( mixed $in, string $filter, string | integer $permission, string $user = null ) : boolean | ||
| $in | mixed | A single resource to check. |
| $filter | string | The kind of resource specified in $in, currently only 'queue'. |
| $permission | string | integer | A permission, either 'assign' or 'update', 'requester', or one of the PERM_* constants. |
| $user | string | A user name. |
| 리턴 | boolean | True if the user has the specified permission. |
public function validate(&$vars)
{
if (!Whups::hasPermission($this->_queue, 'queue', Horde_Perms::DELETE)) {
$this->setError('yesno', _("Permission Denied."));
}
return parent::validate($vars);
}
public function validate(&$vars)
{
if (Whups::hasPermission($this->_queue, 'queue', Horde_Perms::DELETE)) {
$this->_warn->setDefault('<span class="horde-form-error">' . _("Permission Denied.") . '</span>');
}
return parent::validate($vars);
}
public function __construct(&$vars)
{
global $whups_driver, $conf;
parent::__construct($vars, _("Create Ticket - Step 3"));
$states = $whups_driver->getStates($vars->get('type'), 'unconfirmed');
$attributes = $whups_driver->getAttributesForType($vars->get('type'));
$queue = $vars->get('queue');
$info = $whups_driver->getQueue($queue);
if ($GLOBALS['registry']->getAuth()) {
$states2 = $whups_driver->getStates($vars->get('type'), array('new', 'assigned'));
if (is_array($states2)) {
$states = $states + $states2;
}
}
if (Whups::hasPermission($queue, 'queue', 'requester')) {
$test = $this->addVariable(_("The Requester's Email Address"), 'user_email', 'whups:whupsemail', false);
} elseif (!$GLOBALS['registry']->getAuth()) {
$this->addVariable(_("Your Email Address"), 'user_email', 'email', true);
if (!empty($conf['guests']['captcha'])) {
$this->addVariable(_("Spam protection"), 'captcha', 'figlet', true, null, null, array(Whups::getCAPTCHA(!$this->isSubmitted()), $conf['guests']['figlet_font']));
}
}
// Silently default the state if there is only one choice
if (count($states) == 1) {
$vars->set('state', reset(array_keys($states)));
$f_state =& $this->addHidden(_("Ticket State"), 'state', 'enum', true, false, null, array($states));
} else {
$f_state =& $this->addVariable(_("Ticket State"), 'state', 'enum', true, false, null, array($states));
$f_state->setDefault($whups_driver->getDefaultState($vars->get('type')));
}
$f_priority =& $this->addVariable(_("Priority"), 'priority', 'enum', true, false, null, array($whups_driver->getPriorities($vars->get('type'))));
$f_priority->setDefault($whups_driver->getDefaultPriority($vars->get('type')));
$this->addVariable(_("Due Date"), 'due', 'datetime', false, false);
$this->addVariable(_("Summary"), 'summary', 'text', true, false);
$this->addVariable(_("Attachment"), 'newattachment', 'file', false);
$this->addVariable(_("Description"), 'comment', 'longtext', true);
foreach ($attributes as $attribute_id => $attribute_value) {
$this->addVariable($attribute_value['human_name'], 'attributes[' . $attribute_id . ']', $attribute_value['type'], $attribute_value['required'], $attribute_value['readonly'], $attribute_value['desc'], $attribute_value['params']);
}
/* Comment permissions. */
$groups = $GLOBALS['injector']->getInstance('Horde_Group');
$mygroups = $groups->listGroups($GLOBALS['registry']->getAuth());
if ($mygroups) {
$mygroups = array(0 => _("This comment is visible to everyone")) + $mygroups;
$v = $this->addVariable(_("Make this comment visible only to members of a group?"), 'group', 'enum', false, false, null, array($mygroups));
$v->setDefault(0);
}
}
/**
* Constructor.
*/
public function __construct($vars, $title = '')
{
global $whups_driver;
parent::__construct($vars, $title);
$this->addHidden('', 'tickets', 'text', true, true);
$this->addHidden('', 'url', 'text', true, true);
$tickets = array();
foreach ((array) $vars->get('ticket') as $id) {
$ticket = $whups_driver->getTicketDetails($id, false);
if (Whups::hasPermission($ticket['queue'], 'queue', Horde_Perms::DELETE)) {
$this->_tickets[] = (int) $id;
$this->addVariable(_("Ticket") . ' ' . $id, 'summary' . $id, 'text', false, true)->setDefault($ticket['summary']);
}
}
$this->addVariable('', 'warn', 'html', false)->setDefault('<span class="horde-form-error">' . _("Really delete these tickets? They will NOT be archived, and will be gone forever.") . '</span>');
$this->setButtons(array(array('class' => 'horde-delete', 'value' => _("Delete")), array('class' => 'horde-cancel', 'value' => _("Cancel"))));
}
$editform = new Whups_Form_Ticket_Edit($vars, $ticket, sprintf(_("Update %s"), $title));
if ($vars->get('formname') == 'whups_form_ticket_edit') {
if ($editform->validate($vars)) {
$editform->getInfo($vars, $info);
$ticket->change('summary', $info['summary']);
$ticket->change('state', $info['state']);
$ticket->change('priority', $info['priority']);
$ticket->change('due', $info['due']);
if (!empty($info['version'])) {
$ticket->change('version', $info['version']);
}
if (!empty($info['newcomment'])) {
$ticket->change('comment', $info['newcomment']);
}
// Update user and group assignments.
if (Whups::hasPermission($vars->get('queue'), 'queue', 'assign')) {
$ticket->change('owners', array_merge(isset($info['owners']) ? $info['owners'] : array(), isset($info['group_owners']) ? $info['group_owners'] : array()));
}
// Update attributes.
$whups_driver->setAttributes($info, $ticket);
// Add attachment if one was uploaded.
if (!empty($info['newattachment']['name'])) {
$ticket->change('attachment', array('name' => $info['newattachment']['name'], 'tmp_name' => $info['newattachment']['tmp_name']));
}
// If there was a new comment and permissions were specified
// on it, set them.
if (!empty($info['group'])) {
$ticket->change('comment-perms', $info['group']);
}
try {
$ticket->commit();
public function render($transaction, &$vars)
{
global $prefs, $conf, $registry;
static $canUpdate, $comment_count = 0;
if (!isset($canUpdate)) {
$canUpdate = $GLOBALS['registry']->getAuth() && Whups::hasPermission($vars->get('queue'), 'queue', 'update');
}
$comment = '';
$private = false;
$changes = array();
$changelist = $vars->get('changes');
if (!$changelist) {
return '';
}
/* Format each change in this history entry, including comments,
* etc. */
foreach ($changelist as $change) {
switch ($change['type']) {
case 'summary':
$changes[] = sprintf(_("Summary ⇒ %s"), htmlspecialchars($change['value']));
break;
case 'message':
$ticket = $vars->get('ticket_id');
try {
if (Whups::hasMessage($ticket, $change['value'])) {
$changes[] = implode(' ', Whups::messageUrls($ticket, $change['value'], $vars->get('queue')));
}
} catch (Whups_Exception $e) {
}
break;
case 'delete-attachment':
$changes[] = _("Deleted Original Message");
break;
case 'attachment':
$ticket = $vars->get('ticket_id');
try {
if ($file = Whups::getAttachments($ticket, $change['value'])) {
$changes[] = sprintf(_("New Attachment: %s"), implode(' ', Whups::attachmentUrl($ticket, $file, $vars->get('queue'))));
} else {
$changes[] = sprintf(_("New Attachment: %s"), htmlspecialchars($change['value']));
}
} catch (Whups_Exception $e) {
$changes[] = sprintf(_("New Attachment: %s"), htmlspecialchars($change['value']));
}
break;
case 'delete-attachment':
$changes[] = sprintf(_("Deleted Attachment: %s"), htmlspecialchars($change['value']));
break;
case 'assign':
$changes[] = sprintf(_("Assigned to %s"), Whups::formatUser($change['value'], false, true, true));
break;
case 'unassign':
$changes[] = sprintf(_("Taken from %s"), Whups::formatUser($change['value'], false, true, true));
break;
case 'comment':
$comment = $change['comment'];
$private = !empty($change['private']);
if ($comment) {
$reply = Horde::link(Horde::url($canUpdate ? 'ticket/update.php' : 'ticket/comment.php')->add(array('id' => $vars->get('ticket_id'), 'transaction' => $transaction))) . _("Reply to this comment") . '</a>';
}
break;
case 'queue':
$changes[] = sprintf(_("Queue ⇒ %s"), htmlspecialchars($change['label']));
break;
case 'version':
$changes[] = sprintf(_("Version ⇒ %s"), htmlspecialchars($change['label']));
break;
case 'type':
$changes[] = sprintf(_("Type ⇒ %s"), htmlspecialchars($change['label']));
break;
case 'state':
$changes[] = sprintf(_("State ⇒ %s"), htmlspecialchars($change['label']));
break;
case 'priority':
$changes[] = sprintf(_("Priority ⇒ %s"), htmlspecialchars($change['label']));
break;
case 'attribute':
$changes[] = sprintf(_("%s ⇒ %s"), htmlspecialchars($change['label']), htmlspecialchars($change['human']));
break;
case 'due':
if ($change['label']) {
$changes[] = sprintf(_("Due ⇒ %s"), strftime($prefs->getValue('date_format'), $change['label']));
}
break;
}
}
if ($comment) {
$flowed = new Horde_Text_Flowed($comment, 'UTF-8');
$flowed->setDelSp(true);
$comment = $flowed->toFlowed(false);
$comment = $GLOBALS['injector']->getInstance('Horde_Core_Factory_TextFilter')->filter($comment, array('text2html', 'simplemarkup', 'highlightquotes'), array(array('parselevel' => Horde_Text_Filter_Text2html::MICRO), array('html' => true), array('hideBlocks' => true)));
if ($prefs->getValue('autolink_tickets') && $conf['prefs']['autolink_terms']) {
// Replace existing links by tokens to avoid double linking.
$comment = preg_replace_callback('/<a.*?<\\/a>/', array($this, '_writeTokens'), $comment);
$comment = preg_replace_callback('/(' . $conf['prefs']['autolink_terms'] . ')\\s*#?(\\d+)/i', array($this, '_autolink'), $comment);
$comment = preg_replace_callback('/\\0/', array($this, '_readTokens'), $comment);
}
$comment_count++;
if ($private) {
$comment_label = Horde::img('locked.png') . sprintf(_("Comment #%d (Private)"), $comment_count);
} else {
$comment_label = sprintf(_("Comment #%d"), $comment_count);
}
array_unshift($changes, '<a href="#c' . $comment_count . '" id="c' . $comment_count . '">' . $comment_label . '</a>');
}
if (count($changes)) {
// Admins can delete entries.
$delete_link = '';
if (Whups::hasPermission($vars->get('queue'), 'queue', Horde_Perms::DELETE)) {
$delete_link = Horde::url('ticket/delete_history.php')->add(array('transaction' => $transaction, 'id' => $vars->get('ticket_id'), 'url' => Whups::urlFor('ticket', $vars->get('ticket_id'), true)))->link(array('title' => _("Delete entry"), 'onclick' => 'return window.confirm(\'' . addslashes(_("Permanently delete entry?")) . '\');')) . Horde::img('delete.png', _("Delete entry")) . '</a>';
}
Horde::startBuffer();
$class = $private ? 'pc' : 'c';
?>
<div id="t<?php
echo (int) $transaction;
?>
">
<table cellspacing="0" width="100%">
<tr>
<td width="20%" class="<?php
echo $class;
?>
_l nowrap" valign="top"><?php
echo strftime($prefs->getValue('date_format') . ' ' . $prefs->getValue('time_format'), $vars->get('timestamp'));
?>
</td>
<td width="20%" class="<?php
echo $class;
?>
_m" valign="top"><?php
echo $vars->get('user_id') ? Whups::formatUser($vars->get('user_id'), false, true, true) : ' ';
?>
</td>
<td width="30%" class="<?php
echo $class;
?>
_m" valign="top"><?php
echo implode('<br />', $changes);
?>
</td>
<td width="30%" class="<?php
echo $class;
?>
_r rightAlign" valign="top"><?php
if ($comment && !$private) {
echo $reply . ' ';
}
echo $delete_link;
?>
</td>
</tr>
<?php
if ($comment) {
?>
<tr><td colspan="4" class="<?php
echo $class;
?>
_b">
<div class="comment-body fixed">
<?php
echo $comment;
?>
</div>
</td></tr>
<?php
} else {
?>
<tr><td colspan="4" class="c_b"> </td></tr>
<?php
}
?>
</table>
</div>
<?php
$html = Horde::endBuffer();
return $html;
}
return '';
}
<?php
/**
* Displays and handles the form to delete an attachment from the ticket.
*
* Copyright 2001-2002 Robert E. Coyle <*****@*****.**>
* Copyright 2001-2015 Horde LLC (http://www.horde.org/)
*
* See the enclosed file LICENSE for license information (BSD). If you
* did not receive this file, see http://www.horde.org/licenses/bsdl.php.
*/
require_once __DIR__ . '/../lib/Application.php';
Horde_Registry::appInit('whups');
$ticket = Whups::getCurrentTicket();
if (!Whups::hasPermission($ticket->get('queue'), 'queue', Horde_Perms::DELETE)) {
$notification->push(_("Permission Denied"), 'horde.error');
Horde::url($prefs->getValue('whups_default_view') . '.php', true)->redirect();
}
$file = basename(Horde_Util::getFormData('file'));
$ticket->change('delete-attachment', $file);
try {
$ticket->commit();
$notification->push(sprintf(_("Attachment %s deleted."), $file), 'horde.success');
} catch (Whups_Exception $e) {
$notification->push($e, 'horde.error');
}
if ($url = Horde_Util::getFormData('url')) {
header('Location: ' . $url);
} else {
Horde::url($prefs->getValue('whups_default_view') . '.php', true)->redirect();
}
/**
* Displays and handles the form to delete a ticket.
*
* Copyright 2001-2002 Robert E. Coyle <*****@*****.**>
* Copyright 2001-2016 Horde LLC (http://www.horde.org/)
*
* See the enclosed file LICENSE for license information (BSD). If you
* did not receive this file, see http://www.horde.org/licenses/bsdl.php.
*/
require_once __DIR__ . '/../lib/Application.php';
Horde_Registry::appInit('whups');
$ticket = Whups::getCurrentTicket();
$page_output->addLinkTag($ticket->feedLink());
$details = $ticket->getDetails();
if (!Whups::hasPermission($details['queue'], 'queue', Horde_Perms::DELETE)) {
$notification->push(_("Permission Denied"), 'horde.error');
Horde::url($prefs->getValue('whups_default_view') . '.php', true)->redirect();
}
Whups::addTopbarSearch();
$vars = Horde_Variables::getDefaultVariables();
$vars->set('id', $id = $ticket->getId());
foreach ($details as $varname => $value) {
$vars->add($varname, $value);
}
$title = sprintf(_("Delete %s?"), '[#' . $id . '] ' . $ticket->get('summary'));
$deleteform = new Whups_Form_Ticket_Delete($vars, $title);
if ($vars->get('formname') == 'whups_form_ticket_delete' && $deleteform->validate($vars)) {
if ($vars->get('submitbutton') == _("Delete")) {
$deleteform->getInfo($vars, $info);
try {
/**
* Update a ticket's properties.
*
* @param integer $ticket_id The id of the id to changes.
* @param array $ticket_info The attributes to set, from
* Whups_Form_Ticket_Edit.
*
* @return boolean True
*/
public function updateTicket($ticket_id, $ticket_info)
{
global $whups_driver;
// Cast as an int for safety.
$ticket = Whups_Ticket::makeTicket((int) $ticket_id);
// Check that we have permission to update the ticket
if (!$GLOBALS['registry']->getAuth() || !Whups::hasPermission($ticket->get('queue'), 'queue', 'update')) {
throw new Whups_Exception_PermissionDenied(_('You do not have permission to update this ticket.'));
}
// Populate $vars with existing ticket details.
$vars = new Horde_Variables();
$ticket->setDetails($vars);
// Copy new ticket details in.
foreach ($ticket_info as $detail => $newval) {
$vars->set($detail, $newval);
}
// Create and populate the EditTicketForm for validation. API calls can't
// use form tokens and aren't the result of the EditTicketForm being
// submitted.
$editform = new Whups_Form_Ticket_Edit($vars, $ticket);
$editform->useToken(false);
$editform->setSubmitted(true);
// Attempt to validate and update the ticket.
if (!$editform->validate($vars)) {
$form_errors = var_export($editform->getErrors(), true);
throw new Whups_Exception(sprintf(_("Invalid ticket data supplied: %s"), $form_errors));
}
$editform->getInfo($vars, $info);
$ticket->change('summary', $info['summary']);
$ticket->change('state', $info['state']);
$ticket->change('due', $info['due']);
$ticket->change('priority', $info['priority']);
if (!empty($info['newcomment'])) {
$ticket->change('comment', $info['newcomment']);
}
if (!empty($info['due'])) {
$ticket->change('due', $info['due']);
}
// Update attributes.
$whups_driver->setAttributes($info, $ticket);
// Add attachment if one was uploaded.
if (!empty($info['newattachment']['name'])) {
$ticket->change('attachment', array('name' => $info['newattachment']['name'], 'tmp_name' => $info['newattachment']['tmp_name']));
}
// If there was a new comment and permissions were specified on
// it, set them.
if (!empty($info['group'])) {
$ticket->change('comment-perms', $info['group']);
}
$ticket->commit();
// Ticket updated successfully
return true;
}
/**
* Displays and handles the form to change the ticket type.
*
* Copyright 2001-2002 Robert E. Coyle <*****@*****.**>
* Copyright 2001-2015 Horde LLC (http://www.horde.org/)
*
* See the enclosed file LICENSE for license information (BSD). If you
* did not receive this file, see http://www.horde.org/licenses/bsdl.php.
*/
require_once __DIR__ . '/../lib/Application.php';
Horde_Registry::appInit('whups');
$ticket = Whups::getCurrentTicket();
$page_output->addLinkTag($ticket->feedLink());
$details = $ticket->getDetails();
if (!Whups::hasPermission($details['queue'], 'queue', 'update')) {
$notification->push(_("Permission Denied"), 'horde.error');
Horde::url($prefs->getValue('whups_default_view') . '.php', true)->redirect();
}
Whups::addTopbarSearch();
$vars = Horde_Variables::getDefaultVariables();
$vars->set('id', $id = $ticket->getId());
foreach ($ticket->getDetails() as $varname => $value) {
$vars->add($varname, $value);
}
$action = $vars->get('action');
$form = $vars->get('formname');
/* Set Type action. */
if ($form == 'whups_form_settypestepone') {
$settypeform = new Whups_Form_SetTypeStepOne($vars);
if ($settypeform->validate($vars)) {
public function __construct(&$vars, &$ticket, $title = '')
{
global $whups_driver;
parent::__construct($vars, $title);
$type = $vars->get('type');
$start_year = date('Y');
if (is_numeric($d = $vars->get('due'))) {
$start_year = min($start_year, date('Y', $d));
}
$fields = array('summary');
$qinfo = $whups_driver->getQueue($vars->get('queue'));
if (!empty($qinfo['versioned'])) {
$fields[] = 'version';
}
$fields = array_merge($fields, array('state', 'priority', 'due'));
try {
$attributes = $ticket->addAttributes();
} catch (Whups_Exception $e) {
$attributes = array();
}
foreach ($attributes as $attribute) {
$fields[] = 'attribute_' . $attribute['id'];
}
$fields = array_merge($fields, array('owner', 'attachments', 'comment'));
$grouped_fields = array($fields);
$grouped_hook = false;
try {
$grouped_fields = Horde::callHook('group_fields', array($ticket->get('type'), $fields), 'whups');
$grouped_hook = true;
} catch (Horde_Exception_HookNotSet $e) {
} catch (Horde_Exception $e) {
Horde::log($e, 'ERR');
}
$this->addHidden('', 'id', 'int', true, true);
$this->addHidden('', 'type', 'int', true, true);
foreach ($grouped_fields as $header => $fields) {
if ($grouped_hook) {
$this->addVariable($header, null, 'header', false);
}
foreach ($fields as $field) {
switch ($field) {
case 'summary':
$this->addVariable(_("Summary"), 'summary', 'text', true);
break;
case 'version':
$versions = $whups_driver->getVersions($vars->get('queue'));
if (count($versions) == 0) {
$vtype = 'invalid';
$v_params = array(_("This queue requires that you specify a version, but there are no versions associated with it. Until versions are created for this queue, you will not be able to create tickets."));
} else {
$vtype = 'enum';
$v_params = array($versions);
}
$this->addVariable(_("Queue Version"), 'version', $vtype, true, false, null, $v_params);
break;
case 'state':
$this->addVariable(_("State"), 'state', 'enum', true, false, null, array($whups_driver->getStates($type)));
break;
case 'priority':
$this->addVariable(_("Priority"), 'priority', 'enum', true, false, null, array($whups_driver->getPriorities($type)));
break;
case 'due':
$this->addVariable(_("Due Date"), 'due', 'datetime', false, false, null, array($start_year));
break;
case 'owner':
if (Whups::hasPermission($vars->get('queue'), 'queue', 'assign')) {
$groups = $GLOBALS['injector']->getInstance('Horde_Group');
$mygroups = $groups->listAll($GLOBALS['conf']['prefs']['assign_all_groups'] ? null : $GLOBALS['registry']->getAuth());
asort($mygroups);
$f_users = array();
$users = $whups_driver->getQueueUsers($vars->get('queue'));
foreach ($users as $user) {
$f_users['user:'******'group:' . $id] = $groups->getName($id);
}
}
if (count($f_users)) {
asort($f_users);
$this->addVariable(_("Owners"), 'owners', 'multienum', false, false, null, array($f_users));
}
if (count($f_groups)) {
asort($f_groups);
$this->addVariable(_("Group Owners"), 'group_owners', 'multienum', false, false, null, array($f_groups));
}
}
break;
case 'attachments':
$this->addVariable(_("Attachment"), 'newattachment', 'file', false);
break;
case 'comment':
$cvar = $this->addVariable(_("Comment"), 'newcomment', 'longtext', false);
/* Form replies. */
try {
$replies = Whups::permissionsFilter($whups_driver->getReplies($type), 'reply');
} catch (Whups_Exception $e) {
$replies = array();
}
if (count($replies)) {
$params = array();
foreach ($replies as $key => $reply) {
$params[$key] = $reply['reply_name'];
}
$rvar = $this->addVariable(_("Form Reply:"), 'reply', 'enum', false, false, null, array($params, true));
$rvar->setAction(Horde_Form_Action::factory('reload'));
if ($vars->get('reply')) {
$reply = $vars->get('newcomment');
if (strlen($reply)) {
$reply .= "\n\n";
}
$reply .= $replies[$vars->get('reply')]['reply_text'];
$vars->set('newcomment', $reply);
$vars->remove('reply');
}
}
/* Comment permissions. */
$groups = $GLOBALS['injector']->getInstance('Horde_Group');
$mygroups = $groups->listGroups($GLOBALS['registry']->getAuth());
if ($mygroups) {
foreach (array_keys($mygroups) as $gid) {
$grouplist[$gid] = $groups->getName($gid, true);
}
asort($grouplist);
$grouplist = array(0 => _("This comment is visible to everyone")) + $grouplist;
$this->addVariable(_("Make this comment visible only to members of a group?"), 'group', 'enum', false, false, null, array($grouplist));
}
break;
default:
/* Ticket attributes. */
if ($ticket && substr($field, 0, 10) == 'attribute_' && isset($attributes[substr($field, 10)])) {
$attribute = $attributes[substr($field, 10)];
$var = $this->addVariable($attribute['human_name'], 'attribute_' . $attribute['id'], $attribute['type'], $attribute['required'], $attribute['readonly'], $attribute['desc'], $attribute['params']);
$var->setDefault($attribute['value']);
}
}
}
}
}
