public function testLoad()
{
$this->obj->bind($this->post_data);
$result = $this->obj->store();
$this->assertTrue($result);
$item = new CContact();
$item->overrideDatabase($this->mockDB);
$this->post_data['contact_id'] = $this->obj->contact_id;
$this->mockDB->stageHash($this->post_data);
$item->load($this->obj->contact_id);
$this->assertEquals($this->obj->contact_first_name, $item->contact_first_name);
$this->assertEquals($this->obj->contact_last_name, $item->contact_last_name);
$this->assertEquals($this->obj->contact_display_name, $item->contact_display_name);
$this->assertEquals($this->obj->contact_company, $item->contact_company);
$this->assertEquals($this->obj->contact_department, $item->contact_department);
$this->assertEquals($this->obj->contact_icon, $item->contact_icon);
$this->assertEquals($this->obj->contact_owner, $item->contact_owner);
$this->assertEquals($this->obj->contact_id, $item->contact_id);
}
$msg = '';
$row = new CContact();
$canDelete = $row->canDelete($msg, $contact_id);
// Don't allow to delete contacts, that have a user associated to them.
$q = new DBQuery();
$q->addTable('users');
$q->addQuery('user_id');
$q->addWhere('user_contact = ' . $contact_id);
$sql = $q->prepare();
$q->clear();
$tmp_user = db_loadResult($sql);
if (!empty($tmp_user)) {
$canDelete = false;
}
$canEdit = getPermission($m, 'edit', $contact_id);
if (!$row->load($contact_id) && $contact_id > 0) {
$AppUI->setMsg('Contact');
$AppUI->setMsg('invalidID', UI_MSG_ERROR, true);
$AppUI->redirect();
} else {
if ($row->contact_private && $row->contact_owner != $AppUI->user_id && $row->contact_owner && $contact_id != 0) {
$AppUI->redirect('m=public&a=access_denied');
}
}
// setup the title block
$ttl = 'View Contact';
$titleBlock = new CTitleBlock($ttl, 'monkeychat-48.png', $m, "{$m}.{$a}");
$titleBlock->addCrumb('?m=contacts', 'contacts list');
if ($canEdit && $contact_id) {
$titleBlock->addCrumb('?m=contacts&a=addedit&contact_id=' . $contact_id, 'edit');
}
$del = isset($_REQUEST['del']) ? w2PgetParam($_REQUEST, 'del', false) : false;
$notify_new_user = isset($_POST['notify_new_user']) ? $_POST['notify_new_user'] : 0;
$perms =& $AppUI->acl();
if (!$perms->checkModule('admin', 'edit')) {
$AppUI->redirect('m=public&a=access_denied');
}
if (!$perms->checkModule('users', 'edit')) {
$AppUI->redirect('m=public&a=access_denied');
}
// prepare (and translate) the module name ready for the suffix
$AppUI->setMsg('Roles');
if ($_REQUEST['user_id']) {
$user = new CUser();
$user->load($_REQUEST['user_id']);
$contact = new CContact();
$contact->load($user->user_contact);
}
if ($del) {
if ($perms->deleteUserRole(w2PgetParam($_REQUEST, 'role_id', 0), w2PgetParam($_REQUEST, 'user_id', 0))) {
$AppUI->setMsg('deleted', UI_MSG_ALERT, true);
$AppUI->redirect();
} else {
$AppUI->setMsg('failed to delete role', UI_MSG_ERROR);
$AppUI->redirect();
}
return;
}
if (isset($_REQUEST['user_role']) && $_REQUEST['user_role']) {
if ($perms->insertUserRole($_REQUEST['user_role'], $_REQUEST['user_id'])) {
if ($notify_new_user) {
notifyNewUser($contact->contact_email, $contact->contact_first_name);
$contact->contact_private = 1;
$contact->store();
}
}
} else {
$AppUI->setMsg('failed to delete role', UI_MSG_ERROR);
}
} else {
if ($user_role) {
$public_contact = false;
if (dPgetConfig('user_contact_activate') && !$perms->checkLogin($user_id)) {
$public_contact = true;
}
if ($perms->insertUserRole($user_role, $user_id)) {
$AppUI->setMsg('added', UI_MSG_OK, true);
if ($public_contact) {
// Mark contact as public
$obj = new CUser();
$contact = new CContact();
$obj->load($user_id);
if ($contact->load($obj->user_contact)) {
$contact->contact_private = 0;
$contact->store();
}
}
} else {
$AppUI->setMsg('failed to add role', UI_MSG_ERROR);
}
}
}
$AppUI->redirect();
//check permissions for this record
$perms =& $AppUI->acl();
$canRead = $perms->checkModuleItem($m, 'view', $contact_id);
if (!$canRead) {
$AppUI->redirect('m=public&a=access_denied');
}
$tab = $AppUI->processIntState('ContactVwTab', $_GET, 'tab', 0);
$df = $AppUI->getPref('SHDATEFORMAT');
$df .= ' ' . $AppUI->getPref('TIMEFORMAT');
// load the record data
$msg = '';
$contact = new CContact();
$canDelete = $contact->canDelete($msg, $contact_id);
$is_user = $contact->isUser($contact_id);
$canEdit = $perms->checkModuleItem($m, 'edit', $contact_id);
if (!$contact->load($contact_id) && $contact_id > 0) {
$AppUI->setMsg('Contact');
$AppUI->setMsg('invalidID', UI_MSG_ERROR, true);
$AppUI->redirect();
} elseif ($contact->contact_private && $contact->contact_owner != $AppUI->user_id && $contact->contact_owner && $contact_id != 0) {
// check only owner can edit
$AppUI->redirect('m=public&a=access_denied');
}
$countries = w2PgetSysVal('GlobalCountries');
// Get the contact details for company and department
$company_detail = $contact->getCompanyDetails();
$dept_detail = $contact->getDepartmentDetails();
// Get the Contact info (phone, emails, etc) for the contact
$methods = $contact->getContactMethods();
$methodLabels = w2PgetSysVal('ContactMethods');
// setup the title block
$AppUI->redirect('m=public&a=access_denied');
}
} else {
if ($user_id != $AppUI->user_id) {
if (!$perms->checkModule('admin', 'edit')) {
$AppUI->redirect('m=public&a=access_denied');
}
if (!$perms->checkModule('users', 'edit')) {
$AppUI->redirect('m=public&a=access_denied');
}
}
}
$obj = new CUser();
$contact = new CContact();
if ($contact_id) {
$contact->load($contact_id);
}
if (!$obj->bind($_POST)) {
$AppUI->setMsg($obj->getError(), UI_MSG_ERROR);
$AppUI->redirect();
}
if (!$contact->bind($_POST)) {
$AppUI->setMsg($contact->getError(), UI_MSG_ERROR);
$AppUI->redirect();
}
$obj->user_username = strtolower($obj->user_username);
// prepare (and translate) the module name ready for the suffix
$AppUI->setMsg('User');
// !User's contact information not deleted - left for history.
if ($del) {
if ($msg = $obj->delete()) {
public function canEdit()
{
$q = $this->_getQuery();
$q->addQuery('user_contact');
$q->addTable('users');
$q->addWhere('user_id = ' . $this->_AppUI->user_id);
$contact_id = $q->loadResult();
/* A user can *always* edit themselves. */
if ($this->contact_id == $contact_id) {
return true;
}
$thisCanEdit = false;
$baseCanEdit = parent::canEdit();
$tmp = new CContact();
$tmp->overrideDatabase($this->_query);
$tmp->load($this->contact_id);
/*
* This check is one of the more complex ones.. it will only allow the user
* to edit the contact if either:
* a) the contact is not private; OR
* b) the contact is private and the user is the contact owner.
*/
if (!$tmp->contact_private || $tmp->contact_private && $tmp->contact_owner == $this->_AppUI->user_id) {
$thisCanEdit = true;
}
return $thisCanEdit && $baseCanEdit;
}
/**
* Delete Request Handler
*
* This method is called when a request is a DELETE
*
* @return array
*/
public function executeDelete()
{
$valid = $this->hasRequiredParameters($this->requiredParams);
if ($valid instanceof Frapi_Error) {
return $valid;
}
$username = $this->getParam('username');
$password = $this->getParam('password');
$contact_id = $this->getParam('contact_id', self::TYPE_INT);
// Attempt to login as user, a little bit of a hack as we currently
// require the $_POST['login'] var to be set as well as a global AppUI
$AppUI = new CAppUI();
$GLOBALS['AppUI'] = $AppUI;
$_POST['login'] = '******';
if (!$AppUI->login($username, $password)) {
throw new Frapi_Error('INVALID_LOGIN');
}
$contact = new CContact();
$contact->load($contact_id);
if (!$contact->delete($AppUI)) {
throw new Frapi_Error('PERMISSION_ERROR');
}
$this->data['success'] = true;
return $this->toArray();
}
<?php
if (!defined('W2P_BASE_DIR')) {
die('You should not access this file directly.');
}
$contact_id = (int) w2PgetParam($_GET, 'contact_id', 0);
$tab = $AppUI->processIntState('ContactVwTab', $_GET, 'tab', 0);
$contact = new CContact();
if (!$contact->load($contact_id)) {
$AppUI->redirect(ACCESS_DENIED);
}
$canEdit = $contact->canEdit();
$canDelete = $contact->canDelete();
$is_user = $contact->isUser($contact_id);
// Get the contact details for company and department
$company_detail = $contact->getCompanyDetails();
$dept_detail = $contact->getDepartmentDetails();
// Get the Contact info (phone, emails, etc) for the contact
$methods = $contact->getContactMethods();
$methodLabels = w2PgetSysVal('ContactMethods');
// setup the title block
$ttl = 'View Contact';
$titleBlock = new w2p_Theme_TitleBlock($ttl, 'icon.png', $m);
$titleBlock->addCrumb('?m=contacts', 'contacts list');
if ($canEdit) {
$titleBlock->addCrumb('?m=contacts&a=addedit&contact_id=' . $contact_id, 'edit this contact');
}
if ($contact->user_id) {
$titleBlock->addCrumb('?m=users&a=view&user_id=' . $contact->user_id, 'view this user');
}
if ($canDelete) {
public function testDelete()
{
$this->obj->bind($this->post_data);
$result = $this->obj->store();
$this->assertTrue($result);
$original_id = $this->obj->contact_id;
$result = $this->obj->delete();
$item = new CContact();
$item->overrideDatabase($this->mockDB);
$this->mockDB->stageHash(array('contact_first_name' => '', 'contact_display_name' => ''));
$item->load($original_id);
$this->assertTrue(is_a($item, 'CContact'));
$this->assertEquals('', $item->contact_first_name);
$this->assertEquals('', $item->contact_display_name);
}
public function testClearUpdateKey()
{
$contact = new CContact();
$contact->load(1);
$this->assertEquals('ASDFASDFASDF', $contact->contact_updatekey);
$contact->clearUpdateKey();
$this->assertEquals('', $contact->contact_updatekey);
$contact = new CContact();
$contact->contact_id = 1;
$this->assertEquals('', $contact->getUpdateKey());
}
