/** * Builds a page with form for edit operator's permissions. * * @param Request $request Incoming request. * @return string Rendered page content. * @throws NotFoundException If the operator with specified ID is not found * in the system. */ public function showFormAction(Request $request) { $operator = $this->getOperator(); $op_id = $request->attributes->get('operator_id'); $page = array('opid' => $op_id, 'canmodify' => is_capable(CAN_ADMINISTRATE, $operator) ? '1' : '', 'errors' => array()); $op = operator_by_id($op_id); if (!$op) { throw new NotFoundException('The operator is not found.'); } // Check if the target operator exists $page['currentop'] = $op ? get_operator_name($op) . ' (' . $op['vclogin'] . ')' : getlocal('-not found-'); // Build list of permissions which belongs to the target operator. $checked_permissions = array(); foreach (permission_ids() as $perm => $id) { if (is_capable($perm, $op)) { $checked_permissions[] = $id; } } // Build list of all available permissions $page['permissionsList'] = array(); foreach (get_permission_list() as $perm) { $perm['checked'] = in_array($perm['id'], $checked_permissions); $page['permissionsList'][] = $perm; } $page['stored'] = $request->query->has('stored'); $page['title'] = getlocal('Permissions'); $page['menuid'] = $operator['operatorid'] == $op_id ? 'profile' : 'operators'; $page = array_merge($page, prepare_menu($operator)); $page['tabs'] = $this->buildTabs($request); return $this->render('operator_permissions', $page); }
/** * Builds a page with form for features system settings. * * @param Request $request Incoming request. * @return string Rendered page content. */ public function showFormAction(Request $request) { $operator = $this->getOperator(); $page = array( 'agentId' => '', 'errors' => array(), ); // Load all needed options and fill form with them. $options = $this->getOptionsList(); foreach ($options as $opt) { $page['form' . $opt] = (Settings::get($opt) == '1'); } $page['canmodify'] = is_capable(CAN_ADMINISTRATE, $operator); $page['stored'] = $request->query->get('stored'); $page['title'] = getlocal('Messenger settings'); $page['menuid'] = 'settings'; $page = array_merge($page, prepare_menu($operator)); $page['tabs'] = $this->buildTabs($request); $this->getAssetManager()->attachJs('js/compiled/features.js'); return $this->render('settings_features', $page); }
/** * Builds a page with form for edit operator's groups. * * @param Request $request Incoming request. * @return string Rendered page content. * @throws NotFoundException If the operator with specified ID is not found * in the system. */ public function showFormAction(Request $request) { $operator = $this->getOperator(); $operator_in_isolation = in_isolation($operator); $op_id = $request->attributes->getInt('operator_id'); // Check if the target user exists $op = operator_by_id($op_id); if (!$op) { throw new NotFoundException('The operator is not found.'); } $page = array('opid' => $op_id, 'errors' => array()); $groups = $operator_in_isolation ? get_groups_for_operator($operator) : get_all_groups(); $can_modify = is_capable(CAN_ADMINISTRATE, $operator); $page['currentop'] = $op ? get_operator_name($op) . ' (' . $op['vclogin'] . ')' : getlocal('-not found-'); $page['canmodify'] = $can_modify ? '1' : ''; // Get IDs of groups the operator belongs to. $checked_groups = array(); if ($op) { $checked_groups = get_operator_group_ids($op_id); } // Get all available groups $page['groups'] = array(); foreach ($groups as $group) { $group['vclocalname'] = $group['vclocalname']; $group['vclocaldescription'] = $group['vclocaldescription']; $group['checked'] = in_array($group['groupid'], $checked_groups); $page['groups'][] = $group; } $page['stored'] = $request->query->has('stored'); $page['title'] = getlocal('Operator groups'); $page['menuid'] = $operator['operatorid'] == $op_id ? 'profile' : 'operators'; $page = array_merge($page, prepare_menu($operator)); $page['tabs'] = $this->buildTabs($request); return $this->render('operator_groups', $page); }
/** * Generates list of all available groups. * * @param Request $request Incoming request. * @return string Rendered page content. */ public function indexAction(Request $request) { $operator = $this->getOperator(); $page = array('errors' => array()); $sort_by = $request->query->get('sortby'); if (!in_array($sort_by, array('name', 'lastseen', 'weight'))) { $sort_by = 'name'; } $sort['by'] = $sort_by; $sort['desc'] = $request->query->get('sortdirection', 'desc') == 'desc'; // Load and prepare groups $groups = get_sorted_groups($sort); foreach ($groups as &$group) { $group['vclocalname'] = $group['vclocalname']; $group['vclocaldescription'] = $group['vclocaldescription']; $group['isOnline'] = group_is_online($group); $group['isAway'] = group_is_away($group); $group['lastTimeOnline'] = time() - ($group['ilastseen'] ? $group['ilastseen'] : time()); $group['inumofagents'] = $group['inumofagents']; } unset($group); // Set values that are needed to build sorting block. $page['groups'] = $groups; $page['formsortby'] = $sort['by']; $page['formsortdirection'] = $sort['desc'] ? 'desc' : 'asc'; $page['canmodify'] = is_capable(CAN_ADMINISTRATE, $operator); $page['availableOrders'] = array(array('id' => 'name', 'name' => getlocal('Name')), array('id' => 'lastseen', 'name' => getlocal('Last active')), array('id' => 'weight', 'name' => getlocal('Weight'))); $page['availableDirections'] = array(array('id' => 'desc', 'name' => getlocal('descending')), array('id' => 'asc', 'name' => getlocal('ascending'))); // Set other variables and render the response. $page['title'] = getlocal('Groups'); $page['menuid'] = 'groups'; $page = array_merge($page, prepare_menu($operator)); $this->getAssetManager()->attachJs('js/compiled/groups.js'); return $this->render('groups', $page); }
/** * Checks the access. * * @param Request $request Incoming request * @return boolean Indicates if an operator has access or not. */ public function __invoke(Request $request) { // Check if the operator is logged in if (!parent::__invoke($request)) { return false; } $operator = $this->getOperator(); $target_operator_id = $request->attributes->getInt('operator_id', false); return is_capable(CAN_ADMINISTRATE, $operator) || is_capable(CAN_MODIFYPROFILE, $operator) && $operator['operatorid'] == $target_operator_id; }
function thread_to_xml($thread, $link) { global $state_chatting, $threadstate_to_string, $threadstate_key, $mibew_encoding, $operator, $settings, $can_viewthreads, $can_takeover, $mysqlprefix; $state = $threadstate_to_string[$thread['istate']]; $result = "<thread id=\"" . safe_htmlspecialchars(safe_htmlspecialchars($thread['threadid'])) . "\" stateid=\"{$state}\""; if ($state == "closed") { return $result . "/>"; } $state = getstring($threadstate_key[$thread['istate']]); $nextagent = $thread['nextagent'] != 0 ? operator_by_id_($thread['nextagent'], $link) : null; $threadoperator = $nextagent ? get_operator_name($nextagent) : ($thread['agentName'] ? $thread['agentName'] : "-"); if ($threadoperator == "-" && $thread['groupname']) { $threadoperator = "- " . $thread['groupname'] . " -"; } if (!($thread['istate'] == $state_chatting && $thread['agentId'] != $operator['operatorid'] && !is_capable($can_takeover, $operator))) { $result .= " canopen=\"true\""; } if ($thread['agentId'] != $operator['operatorid'] && $thread['nextagent'] != $operator['operatorid'] && is_capable($can_viewthreads, $operator)) { $result .= " canview=\"true\""; } if ($settings['enableban'] == "1") { $result .= " canban=\"true\""; } $banForThread = $settings['enableban'] == "1" ? ban_for_addr_($thread['remote'], $link) : false; if ($banForThread) { $result .= " ban=\"blocked\" banid=\"" . safe_htmlspecialchars(safe_htmlspecialchars($banForThread['banid'])) . "\""; } $result .= " state=\"{$state}\" typing=\"" . safe_htmlspecialchars(safe_htmlspecialchars($thread['userTyping'])) . "\">"; $result .= "<name>"; if ($banForThread) { $result .= safe_htmlspecialchars(getstring('chat.client.spam.prefix')); } $result .= safe_htmlspecialchars(safe_htmlspecialchars(get_user_name($thread['userName'], $thread['remote'], $thread['userid']))) . "</name>"; $result .= "<addr>" . safe_htmlspecialchars(get_user_addr($thread['remote'])) . "</addr>"; $result .= "<agent>" . safe_htmlspecialchars(safe_htmlspecialchars($threadoperator)) . "</agent>"; $result .= "<time>" . safe_htmlspecialchars(safe_htmlspecialchars($thread['unix_timestamp(dtmcreated)'])) . "000</time>"; $result .= "<modified>" . safe_htmlspecialchars(safe_htmlspecialchars($thread['unix_timestamp(dtmmodified)'])) . "000</modified>"; if ($banForThread) { $result .= "<reason>" . safe_htmlspecialchars(safe_htmlspecialchars($banForThread['comment'])) . "</reason>"; } $userAgent = get_useragent_version($thread['userAgent']); $result .= "<useragent>" . safe_htmlspecialchars($userAgent) . "</useragent>"; if ($thread["shownmessageid"] != 0) { $query = "select tmessage from {$mysqlprefix}chatmessage where messageid = " . intval($thread["shownmessageid"]); $line = select_one_row($query, $link); if ($line) { $message = preg_replace("/[\r\n\t]+/", " ", $line["tmessage"]); $result .= "<message>" . safe_htmlspecialchars(safe_htmlspecialchars($message)) . "</message>"; } } $result .= "</thread>"; return $result; }
/** * Builds a page with form for add/edit operator. * * @param Request $request Incoming request. * @return string Rendered page content. * @throws NotFoundException If the operator with specified ID is not found * in the system. */ public function showFormAction(Request $request) { $operator = $this->getOperator(); $page = array('opid' => false, 'errors' => $request->attributes->get('errors', array())); $op_id = false; if ($request->attributes->has('operator_id')) { // Load and validate an operator to edit $op_id = $request->attributes->getInt('operator_id'); $op = operator_by_id($op_id); if (!$op) { throw new NotFoundException('The operator is not found.'); } // Show an error if the admin password hasn't been set yet. $no_password = check_password_hash($operator['vclogin'], '', $operator['vcpassword']) && !$request->query->has('stored'); if ($no_password) { $page['errors'][] = getlocal('No Password set for the Administrator'); } $page['formlogin'] = $op['vclogin']; $page['formname'] = $op['vclocalename']; $page['formemail'] = $op['vcemail']; $page['formcommonname'] = $op['vccommonname']; $page['formcode'] = $op['code']; $page['opid'] = $op['operatorid']; } // Override group's fields from the request if it's needed. This // case will take place when a save handler fails and passes the request // to this action. if ($request->isMethod('POST')) { // The login field can be disabled in the form. In that case it will // not has a value. Thus we should override login field only when it // is set. if ($request->request->has('login')) { $page['formlogin'] = $request->request->get('login'); } $page['formname'] = $request->request->get('name'); $page['formemail'] = $request->request->get('email'); $page['formcommonname'] = $request->request->get('commonname'); $page['formcode'] = $request->request->get('code'); } $can_modify = $op_id == $operator['operatorid'] && is_capable(CAN_MODIFYPROFILE, $operator) || is_capable(CAN_ADMINISTRATE, $operator); $page['stored'] = $request->query->has('stored'); $page['canmodify'] = $can_modify ? '1' : ''; // The login cannot be changed for existing operators because it will // make the stored password hash invalid. $page['canchangelogin'] = is_capable(CAN_ADMINISTRATE, $operator) && !$op_id; $page['title'] = getlocal('Operator details'); $page['menuid'] = $op_id == $operator['operatorid'] ? 'profile' : 'operators'; $page['requirePassword'] = !$op_id; $page['formaction'] = $request->getBaseUrl() . $request->getPathInfo(); $page = array_merge($page, prepare_menu($operator)); $page['tabs'] = $this->buildTabs($request); return $this->render('operator_edit', $page); }
/** * Checks the access. * * @param Request $request Incoming request * @return boolean Indicates if an operator has access or not. */ public function __invoke(Request $request) { // Check if the operator is logged in if (!parent::__invoke($request)) { return false; } $operator = $this->getOperator(); $permissions = $request->attributes->get('_access_permissions', array()); foreach ($permissions as $permission) { if (!is_capable($this->resolvePermission($permission), $operator)) { return false; } } return true; }
/** * Builds a page with form for edit operator's avatar. * * @param Request $request incoming request. * @return string Rendered page content. * @throws NotFoundException If the operator with specified ID is not found * in the system. */ public function showFormAction(Request $request) { $operator = $this->getOperator(); $op_id = $request->attributes->get('operator_id'); $page = array('opid' => $op_id, 'errors' => $request->attributes->get('errors', array())); $can_modify = $op_id == $operator['operatorid'] && is_capable(CAN_MODIFYPROFILE, $operator) || is_capable(CAN_ADMINISTRATE, $operator); // Try to load the target operator. $op = operator_by_id($op_id); if (!$op) { throw new NotFoundException('The operator is not found'); } $page['avatar'] = $op['vcavatar'] ? $this->asset($op['vcavatar']) : ''; $page['currentop'] = $op ? get_operator_name($op) . ' (' . $op['vclogin'] . ')' : getlocal('-not found-'); $page['canmodify'] = $can_modify ? '1' : ''; $page['title'] = getlocal('Upload photo'); $page['menuid'] = $operator['operatorid'] == $op_id ? 'profile' : 'operators'; $page = array_merge($page, prepare_menu($operator)); $page['tabs'] = $this->buildTabs($request); return $this->render('operator_avatar', $page); }
/** * Generates list of all operators in the system. * * @param Request $request Incoming request. * @return string Rendered page content. */ public function indexAction(Request $request) { $operator = $this->getOperator(); $page = array('errors' => $request->attributes->get('errors', array())); $sort['by'] = $request->query->get('sortby'); if (!in_array($sort['by'], array('login', 'commonname', 'localename', 'lastseen'))) { $sort['by'] = 'login'; } $sort['desc'] = $request->query->get('sortdirection', 'desc') == 'desc'; $page['formsortby'] = $sort['by']; $page['formsortdirection'] = $sort['desc'] ? 'desc' : 'asc'; $list_options['sort'] = $sort; if (in_isolation($operator)) { $list_options['isolated_operator_id'] = $operator['operatorid']; } $operators_list = get_operators_list($list_options); // Prepare operator to render in template foreach ($operators_list as &$item) { $item['vclogin'] = $item['vclogin']; $item['vclocalename'] = $item['vclocalename']; $item['vccommonname'] = $item['vccommonname']; $item['isAvailable'] = operator_is_available($item); $item['isAway'] = operator_is_away($item); $item['lastTimeOnline'] = time() - $item['time']; $item['isDisabled'] = operator_is_disabled($item); } unset($item); $page['allowedAgents'] = $operators_list; $page['canmodify'] = is_capable(CAN_ADMINISTRATE, $operator); $page['availableOrders'] = array(array('id' => 'login', 'name' => getlocal('Login')), array('id' => 'localename', 'name' => getlocal('Name')), array('id' => 'commonname', 'name' => getlocal('International name')), array('id' => 'lastseen', 'name' => getlocal('Last active'))); $page['availableDirections'] = array(array('id' => 'desc', 'name' => getlocal('descending')), array('id' => 'asc', 'name' => getlocal('ascending'))); $page['title'] = getlocal('Operators'); $page['menuid'] = 'operators'; $page = array_merge($page, prepare_menu($operator)); $this->getAssetManager()->attachJs('js/compiled/operators.js'); return $this->render('operators', $page); }
} } else { if (isset($_GET['op'])) { $opId = verifyparam('op', "/^\\d{1,9}\$/"); $op = operator_by_id($opId); if (!$op) { $errors[] = getlocal("no_such_operator"); $page['opid'] = topage($opId); } else { $page['formlogin'] = topage($op['vclogin']); $page['formname'] = topage($op['vclocalename']); $page['formemail'] = topage($op['vcemail']); $page['formjabber'] = topage($op['vcjabbername']); $page['formjabbernotify'] = $op['inotify'] != 0; $page['formcommonname'] = topage($op['vccommonname']); $page['opid'] = topage($op['operatorid']); } } } if (!$opId && !is_capable($can_administrate, $operator)) { $errors[] = "You are not allowed to create operators"; } $canmodify = $opId == $operator['operatorid'] && is_capable($can_modifyprofile, $operator) || is_capable($can_administrate, $operator); $page['stored'] = isset($_GET['stored']); $page['canmodify'] = $canmodify ? "1" : ""; $page['showjabber'] = $settings['enablejabber'] == "1"; $page['needChangePassword'] = $operator['vcpassword'] == md5(''); prepare_menu($operator); setup_operator_settings_tabs($opId, 0); start_html_output(); require '../view/agent.php';
/** * Return updated threads list. API function * * Triggers * {@link \Mibew\EventDispatcher\Events::USERS_UPDATE_THREADS_ALTER} event. * * @param array $args Associative array of arguments. It must contains the * following keys: * - 'agentId': Id of the agent related to users window * - 'revision': last revision number at client side * @return array Array of results. It contains the following keys: * - 'threads': array of threads changes */ protected function apiUpdateThreads($args) { $operator = $this->checkOperator($args['agentId']); $since = $args['revision']; // Get operator groups if (!isset($_SESSION[SESSION_PREFIX . "operatorgroups"])) { $_SESSION[SESSION_PREFIX . "operatorgroups"] = get_operator_groups_list($operator['operatorid']); } $group_ids = $_SESSION[SESSION_PREFIX . "operatorgroups"]; $db = Database::getInstance(); $query = "SELECT t.*, " . " g.vclocalname AS group_localname, " . " g.vccommonname AS group_commonname " . " FROM {thread} t LEFT OUTER JOIN {opgroup} g ON " . " t.groupid = g.groupid " . " WHERE t.lrevision > :since " . " AND t.istate <> " . Thread::STATE_INVITED . ($since == 0 ? " AND t.istate <> " . Thread::STATE_CLOSED . " AND t.istate <> " . Thread::STATE_LEFT : "") . (Settings::get('enablegroups') == '1' ? " AND (g.groupid is NULL" . ($group_ids ? " OR g.groupid IN ({$group_ids}) OR g.groupid IN " . "(SELECT parent FROM {opgroup} " . "WHERE groupid IN ({$group_ids})) " : "") . ") " : "") . " ORDER BY t.threadid"; $rows = $db->query($query, array(':since' => $since), array('return_rows' => Database::RETURN_ALL_ROWS)); $revision = $since; $threads = array(); foreach ($rows as $row) { // Create thread instance $thread = Thread::createFromDbInfo($row); // Calculate agent permissions $can_open = !($thread->state == Thread::STATE_CHATTING && $thread->agentId != $operator['operatorid'] && !is_capable(CAN_TAKEOVER, $operator)); $can_view = $thread->agentId != $operator['operatorid'] && $thread->nextAgent != $operator['operatorid'] && is_capable(CAN_VIEWTHREADS, $operator); $can_ban = Settings::get('enableban') == "1"; // Get ban info $ban = Settings::get('enableban') == "1" ? Ban::loadByAddress($thread->remote) : false; if ($ban !== false && !$ban->isExpired()) { $ban_info = array('id' => $ban->id, 'reason' => $ban->comment); } else { $ban_info = false; } // Get user name $user_name = get_user_name($thread->userName, $thread->remote, $thread->userId); // Get user ip if (preg_match("/(\\d+\\.\\d+\\.\\d+\\.\\d+)/", $thread->remote, $matches) != 0) { $user_ip = $matches[1]; } else { $user_ip = false; } // Get thread operartor name $next_agent = $thread->nextAgent != 0 ? operator_by_id($thread->nextAgent) : false; if ($next_agent) { $agent_name = get_operator_name($next_agent); } else { if ($thread->agentName) { $agent_name = $thread->agentName; } else { $group_name = get_group_name(array('vccommonname' => $row['group_commonname'], 'vclocalname' => $row['group_localname'])); if ($group_name) { $agent_name = '-' . $group_name . '-'; } else { $agent_name = '-'; } } } // Get first message $first_message = null; if ($thread->shownMessageId != 0) { $line = $db->query("SELECT tmessage FROM {message} WHERE messageid = ? LIMIT 1", array($thread->shownMessageId), array('return_rows' => Database::RETURN_ONE_ROW)); if ($line) { $first_message = preg_replace("/[\r\n\t]+/", " ", $line["tmessage"]); } } $threads[] = array('id' => $thread->id, 'token' => $thread->lastToken, 'userId' => $thread->userId, 'userName' => $user_name, 'userIp' => $user_ip, 'remote' => $thread->remote, 'userAgent' => get_user_agent_version($thread->userAgent), 'agentId' => $thread->agentId, 'agentName' => $agent_name, 'canOpen' => $can_open, 'canView' => $can_view, 'canBan' => $can_ban, 'ban' => $ban_info, 'state' => $thread->state, 'totalTime' => $thread->created, 'waitingTime' => $thread->modified, 'firstMessage' => $first_message); // Get max revision if ($thread->lastRevision > $revision) { $revision = $thread->lastRevision; } // Clean up unset($thread); } // Provide an ability to alter threads list $arguments = array('threads' => $threads); $dispatcher = EventDispatcher::getInstance(); $dispatcher->triggerEvent(Events::USERS_UPDATE_THREADS_ALTER, $arguments); // Send results back to the client. "array_values" function should be // used to avoid problems with JSON conversion. If there will be gaps in // keys (the keys are not serial) JSON Object will be produced instead // of an Array. return array('threads' => array_values($arguments['threads']), 'lastRevision' => $revision); }
/** * Prepare values to render page menu. * * @param array $operator An array with operators data. * @param boolean $has_right Restricts access to menu items. If it equals to * FALSE only "Home", "Visitors", and "Chat history" items will be displayed. * Otherwise items set depends on operator's permissions and system settings. * Default value is TRUE. * @return array */ function prepare_menu($operator, $has_right = true) { $result = array(); $result['showMenu'] = true; $result['operator'] = get_operator_name($operator); if ($has_right) { $result['showban'] = Settings::get('enableban') == "1"; $result['showstat'] = Settings::get('enablestatistics') == "1"; $result['showadmin'] = is_capable(CAN_ADMINISTRATE, $operator); $result['currentopid'] = $operator['operatorid']; } return $result; }
function prepare_menu($operator, $hasright = true) { global $page, $settings, $can_administrate, $can_viewnotifications; $page['operator'] = topage(get_operator_name($operator)); if ($hasright) { loadsettings(); $page['showban'] = $settings['enableban'] == "1"; $page['showgroups'] = $settings['enablegroups'] == "1"; $page['showstat'] = $settings['enablestatistics'] == "1"; $page['shownotifications'] = is_capable($can_viewnotifications, $operator); $page['showadmin'] = is_capable($can_administrate, $operator); $page['currentopid'] = $operator['operatorid']; } }
/** * Starts chat process. * * @param Request $request Incoming request. * @return string|\Symfony\Component\HttpFoundation\RedirectResponse Rendered * page content or a redirect response. */ public function startAction(Request $request) { $operator = $this->getOperator(); $thread_id = $request->attributes->getInt('thread_id'); // Check if the thread can be loaded. $thread = Thread::load($thread_id); if (!$thread || !isset($thread->lastToken)) { return $this->showErrors(array(getlocal('Wrong thread'))); } $view_only = $request->query->get('viewonly') == 'true'; $force_take = $request->query->get('force') == 'true'; $try_take_over = !$view_only && $thread->state == Thread::STATE_CHATTING && $operator['operatorid'] != $thread->agentId; if ($try_take_over) { if (!is_capable(CAN_TAKEOVER, $operator)) { return $this->showErrors(array(getlocal('Cannot take over'))); } if ($force_take == false) { $link = $this->generateUrl('chat_operator_start', array('thread_id' => $thread_id, 'force' => 'true')); $page = array('user' => $thread->userName, 'agent' => $thread->agentName, 'link' => $link, 'title' => getlocal('Change operator')); // Show confirmation page. return $this->render('confirm', $page); } } if (!$view_only) { if (!$thread->take($operator)) { return $this->showErrors(array(getlocal('Cannot take thread'))); } } elseif (!is_capable(CAN_VIEWTHREADS, $operator)) { return $this->showErrors(array(getlocal('Cannot view threads'))); } // Redrect the operator to initialized chat page $redirect_to = $this->generateUrl('chat_operator', array('thread_id' => intval($thread_id), 'token' => urlencode($thread->lastToken))); return $this->redirect($redirect_to); }
if (!is_capable($can_administrate, $operator)) { $errors[] = "You are not allowed to remove groups"; } if (count($errors) == 0) { $link = connect(); perform_query("delete from {$mysqlprefix}chatgroup where groupid = " . intval($groupid), $link); perform_query("delete from {$mysqlprefix}chatgroupoperator where groupid = " . intval($groupid), $link); perform_query("update {$mysqlprefix}chatthread set groupid = 0 where groupid = " . intval($groupid), $link); mysql_close($link); header("Location: {$mibewroot}/operator/groups.php"); exit; } } function is_online($group) { global $settings; return $group['ilastseen'] !== NULL && $group['ilastseen'] < $settings['online_timeout'] ? "1" : ""; } function is_away($group) { global $settings; return $group['ilastseenaway'] !== NULL && $group['ilastseenaway'] < $settings['online_timeout'] ? "1" : ""; } $page = array(); $link = connect(); $page['groups'] = get_groups($link, true); mysql_close($link); $page['canmodify'] = is_capable($can_administrate, $operator); prepare_menu($operator); start_html_output(); require '../view/groups.php';
if (verifyparam("permissions{$id}", "/^on\$/", "") == "on") { $new_permissions |= 1 << $perm; } else { $new_permissions &= ~(1 << $perm); } } if (count($errors) == 0) { update_operator_permissions($op['operatorid'], $new_permissions); if ($opId && $_SESSION["{$mysqlprefix}operator"] && $operator['operatorid'] == $opId) { $_SESSION["{$mysqlprefix}operator"]['iperm'] = $new_permissions; } header("Location: {$webimroot}/operator/permissions.php?op={$opId}&stored"); exit; } } } $page['permissionsList'] = get_permission_list(); $page['formpermissions'] = array(""); $page['currentop'] = $op ? topage(get_operator_name($op)) . " (" . $op['vclogin'] . ")" : "-not found-"; if ($op) { foreach ($permission_ids as $perm => $id) { if (is_capable($perm, $op)) { $page['formpermissions'][] = $id; } } } $page['stored'] = isset($_GET['stored']); prepare_menu($operator); setup_operator_settings_tabs($opId, 3); start_html_output(); require '../view/permissions.php';
if (!is_capable($can_viewthreads, $operator)) { $errors = array("Cannot view threads"); start_html_output(); expand("../styles", getchatstyle(), "error.tpl"); exit; } } $token = $thread['ltoken']; header("Location: {$mibewroot}/operator/agent.php?thread=" . intval($threadid) . "&token=" . intval($token) . "&level=" . urlencode($remote_level)); exit; } $token = verifyparam("token", "/^\\d{1,10}\$/"); $thread = thread_by_id($threadid); if (!$thread || !isset($thread['ltoken']) || $token != $thread['ltoken']) { die("wrong thread"); } if ($thread['agentId'] != $operator['operatorid'] && !is_capable($can_viewthreads, $operator)) { $errors = array("Cannot view threads"); start_html_output(); expand("../styles", getchatstyle(), "error.tpl"); exit; } setup_chatview_for_operator($thread, $operator); start_html_output(); $pparam = verifyparam("act", "/^(redirect)\$/", "default"); if ($pparam == "redirect") { setup_redirect_links($threadid, $token); expand("../styles", getchatstyle(), "redirect.tpl"); } else { expand("../styles", getchatstyle(), "chat.tpl"); }
* http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ require_once '../libs/common.php'; require_once '../libs/chat.php'; require_once '../libs/operator.php'; require_once '../libs/pagination.php'; $operator = check_login(); $page = array(); $errors = array(); if (!is_capable($can_administrate, $operator)) { die("Permission denied."); } setlocale(LC_TIME, getstring("time.locale")); # locales $all_locales = get_available_locales(); $locales_with_label = array(array('id' => '', 'name' => getlocal("notifications.locale.all"))); foreach ($all_locales as $id) { $locales_with_label[] = array('id' => $id, 'name' => getlocal_($id, "names")); } $page['locales'] = $locales_with_label; $lang = verifyparam("lang", "/^([\\w-]{2,5})?\$/", ""); if ($lang && !in_array($lang, $all_locales)) { $lang = ""; } # kind
/** * Builds access condition for history select query. * * @param array $operator List of operator's fields. * @return array Associative array with the following keys: * - "condition": string, additional condition that should be used in SQL * query's where clause. * - "values": array, list of additional values for placeholders. */ protected function buildAccessCondition($operator) { // Administrators can view anything if (is_capable(CAN_ADMINISTRATE, $operator)) { return array('condition' => '', 'values' => array()); } // Operators without "view threads" permission can view only their // own history. if (!is_capable(CAN_VIEWTHREADS, $operator)) { return array('condition' => ' AND {thread}.agentid = :operator_id ', 'values' => array(':operator_id' => $operator['operatorid'])); } // Operators who have "view threads" permission can be in isolation. if (in_isolation($operator)) { // This is not the best way of getting operators from adjacent // groups, but it's the only way that does not break encapsulation // of operators storage. $operators = get_operators_list(array('isolated_operator_id' => $operator['operatorid'])); $operators_placeholders = array(); $counter = 0; foreach ($operators as $op) { $operators_placeholders[':_access_op_' . $counter] = $op['operatorid']; $counter++; } $operators_in_statement = implode(', ', array_keys($operators_placeholders)); // Also the operator can view threads for the groups he belongs too. // These threads include ones that had no related operator but were // started for a specified group. $groups = get_all_groups_for_operator($operator); $groups_placeholders = array(); $counter = 0; foreach ($groups as $group) { $groups_placeholders[':_access_grp_' . $counter] = $group['groupid']; $counter++; } $groups_in_statement = implode(', ', array_keys($groups_placeholders)); return array('condition' => ' AND (' . '{thread}.agentid IN (' . $operators_in_statement . ') ' . 'OR {thread}.groupid IN (' . $groups_in_statement . ')' . ') ', 'values' => $operators_placeholders + $groups_placeholders); } // It seems that the operator can view anything. return array('condition' => '', 'values' => array()); }