Пример #1
0
 public function assignProjectTeamAction()
 {
     $userList = Zend_Json::decode($this->_getParam('user_list'));
     if (!is_array($userList)) {
         $userList = array();
     }
     $projectId = $this->_getParam('id');
     $badUsers = array();
     //These are user_ids that will be dropped for not meeting a condition below.
     $requested_users = Application_Model_Users::getUsers(array_keys($userList));
     $project = Application_Model_Projects::GetProjectInfo($projectId);
     //When saving the team all users are sent back.
     //However, users are permissioned as to what kinds of users they can add.
     //Since they whole team is sent back, we simply strip out any users that they are not allowed to manipulate.
     //This will then allows them to only perform actions on the users that they CAN manipulate.
     //No errors are generated.
     foreach ($userList as $user_id => $action) {
         if (ProNav_Auth::isEmployee()) {
             //Employess
             if ($action == '0' && !ProNav_Auth::hasPerm(ProNav_Auth::PERM_PROJECTS_TEAM_REMOVE_USERS)) {
                 //Removing users is a permission.
                 $badUsers[] = $user_id;
             } else {
                 $isTriMUser = $requested_users[$user_id]->corporation_id == ProNav_Utils::TriMId;
                 $isCorpUser = $requested_users[$user_id]->corporation_id == $project->done_for_corporation;
                 $isOtherUser = !$isTriMUser && !$isCorpUser;
                 if ($isTriMUser && !ProNav_Auth::hasPerm(ProNav_Auth::PERM_PROJECTS_TEAM_ADD_TRIM)) {
                     $badUsers[] = $user_id;
                 } else {
                     if ($isCorpUser && !ProNav_Auth::hasPerm(ProNav_Auth::PERM_PROJECTS_TEAM_ADD_CUSTOMERS)) {
                         $badUsers[] = $user_id;
                     } else {
                         if ($isOtherUser && !ProNav_Auth::hasPerm(ProNav_Auth::PERM_PROJECTS_TEAM_ADD_OTHERS)) {
                             $badUsers[] = $user_id;
                         }
                     }
                 }
             }
         } else {
             //Non employees canot add users outside of the projects done for workgroup.
             if (!in_array($project->done_for_workgroup, $requested_users[$user_id]->workgroups)) {
                 $badUsers[] = $user_id;
             }
         }
     }
     //strip out all users that should be ignored because of permission violations.
     foreach ($badUsers as $user_id) {
         unset($userList[$user_id]);
     }
     Application_Model_Projects::setProjectTeamAssignments($projectId, $userList);
     $projectTeam = Application_Model_Projects::getProjectTeam($projectId);
     //I return a JSON because I need to do two things
     //1. Update the users table with a new table.
     //2. Update the "Add/Remove Me" link to the appropriate value.
     $output = array('table' => $this->view->partial('project/project-team.phtml', array('users' => $projectTeam)), 'userIsOnTeam' => array_key_exists(ProNav_Auth::getUserID(), $projectTeam));
     echo Zend_Json::encode($output);
 }