/**
* After Save method
*
* @param boolean $created
*/
public function afterSave($created, $options = array())
{
$this->updateUserRolesViewPrefix();
if (!empty($this->data['UserRole']['duplicate'])) {
App::uses('Privilege', 'Privileges.Model');
$Privilege = new Privilege();
$Privilege->duplicatePermissions('UserRole', $this->data['UserRole']['duplicate'], $this->id);
}
return parent::afterSave($created);
}
public function run()
{
preg_match("/(^.*?)\\?|(^.*)/", $_SERVER['REQUEST_URI'], $matchs);
$currentRoute = empty($matchs[1]) ? $matchs[2] : $matchs[1];
//$closeUser = Yii::app()->params['close_user'];
if ($this->allMenu) {
$actions = Action::model()->getAllMenu();
} else {
$actions = Privilege::getMenu($this->userid);
}
//var_dump($this->userid,$actions);exit;
$first = $second = array();
foreach ($actions as $v) {
if ($v['is_menu'] == 1) {
$first[$v['aid']] = $v;
} else {
if ($v['is_menu'] == 2) {
if (!isset($second[$v['first_menu']])) {
$second[$v['first_menu']] = array();
}
$second[$v['first_menu']][] = $v;
}
}
}
if (empty($this->horiz)) {
$this->render('main.views.widget.left_menu_metro', array('first' => $first, 'second' => $second));
} else {
$this->render('main.views.widget.horiz_menu_metro', array('first' => $first, 'second' => $second));
}
}
protected function beforeAction($action)
{
header("Cache-Control: no-cache, must-revalidate");
date_default_timezone_set('PRC');
// 登陆
preg_match("/(^.*?)\\?|(^.*)/", $_SERVER['REQUEST_URI'], $matchs);
$requestUrl = empty($matchs[1]) ? $matchs[2] : $matchs[1];
// 页面title
$actionInfo = Action::model()->find("route=:route", array(':route' => $requestUrl));
if (!empty($actionInfo)) {
$this->actionName = $actionInfo['aname'];
}
$closeUser = Yii::app()->params['close_user'];
// 登陆限制
if ($closeUser || ($_SERVER['REQUEST_URI'] == '/main/user/logout' || preg_match('|^/main/user/login|', $_SERVER['REQUEST_URI']) || preg_match('|^/main/user/register|', $_SERVER['REQUEST_URI']) || $requestUrl == '/site/error')) {
return true;
}
// get user info
$userInfo = Login::getLoginInfo();
$url = urlencode($_SERVER['REQUEST_URI']);
if (empty($userInfo)) {
$this->redirect('/main/user/login?url=' . $url);
}
$this->userid = $userInfo['uid'];
$this->userInfo = $userInfo;
// 权限限制
if ($userInfo['uname'] == 'superman' && !Privilege::hasPrivilege($userInfo['uid'], $requestUrl) && $requestUrl != '/site/index' && $requestUrl != '/main/user/lock') {
return false;
}
return true;
}
public function logIn($user)
{
session_set_cookie_params(60 * 30, '../rezervime');
$userId = $user->getId();
$username = $user->getUsername();
$fullName = $user->getName() . " " . $user->getLastname();
$email = $user->getEmail();
$privilegeId = $user->getPrivilegeId();
$privilege = new Privilege();
$privilege->setId($privilegeId);
$privilege->getPrivilegeById();
$privilegeName = $privilege->getPrivilege();
if (!isset($_SESSION[$this->session_id_to_destroy])) {
$_SESSION['USID'] = $userId;
$_SESSION[$this->session_id_to_destroy] = $this->session_id_to_destroy;
$_SESSION['USNM'] = $username;
$_SESSION['USFN'] = $fullName;
$_SESSION['USE'] = $email;
$_SESSION['USPRID'] = $privilegeId;
$_SESSION['USPR'] = $privilegeName;
$this->isLogin = true;
}
}
public static function login()
{
$connection = Flight::dbMain();
try {
$session = json_decode(file_get_contents("php://input"));
if ($session == null) {
throw new Exception(json_get_error());
}
$sql = "SELECT * FROM user WHERE user.user_name = :name and user.user_password = :password;";
$query = $connection->prepare($sql);
$password = hash('sha256', $session->Password);
$query->bindParam(':name', $session->Name, PDO::PARAM_STR);
$query->bindParam(':password', $password, PDO::PARAM_STR);
$query->execute();
$row = $query->fetch(PDO::FETCH_ASSOC);
if ($query->rowCount() < 1) {
throw new Exception("Username or Password is not exist");
}
$user = new User();
$user->Id = (int) $row['id'];
$user->Name = $row['user_name'];
$user->DtCreated = $row['user_dt_created'];
$user->DtExpired = $row['user_dt_expired'];
// $user->Privilege = (int) $row['e_privilege_id'];
// $user->Status = (int) $row['e_status_id'];
// $user->Company = (int) $row['company_id'];
// $user->Sim = $row['sim_id'] == null ? null : (int) $row['sim_id'];
$user->Privilege = Privilege::select($row['e_privilege_id']);
$user->Status = Status::select($row['e_status_id']);
$user->Company = Company::select($row['company_id']);
$user->Sim = Sim::select($row['sim_id']);
Flight::ok($user);
} catch (PDOException $pdoException) {
Flight::error($pdoException);
} catch (Exception $exception) {
Flight::error($exception);
} finally {
$connection = null;
}
}
public function run()
{
preg_match("/(^.*?)\\?|(^.*)/", $_SERVER['REQUEST_URI'], $matchs);
$currentRoute = empty($matchs[1]) ? $matchs[2] : $matchs[1];
$actions = Privilege::getMenu($this->userid);
$content = " <ul class='left_nav_ul'> ";
foreach ($actions as $k => $v) {
if (preg_match("|^{$v['route']}|", $currentRoute)) {
// 点击后
$logopath = $v['logo_click'];
$class = "click";
} else {
$logopath = $v['logo'];
$class = "";
}
if ($this->type == 'logo' && !empty($v['logo'])) {
$content .= "\n <li class='{$class}'><a href='{$v['route']}'><img src='{$logopath}' /></a></li>\n ";
} else {
$content .= "\n <li class='{$class}'><a href='{$v['route']}'>{$v['aname']}</a></li>\n ";
}
}
$content .= " </ul> ";
$this->render('main.views.widget.left_menu', array('show' => $content));
}
<?php
if (isset($_GET['loginID'])) {
$loginID = $_GET['loginID'];
} else {
$loginID = '';
}
$user = new User(new NamedArguments(array('primaryKey' => $loginID)));
//get all roles for output in drop down
$privilegeArray = array();
$privilegeObj = new Privilege();
$privilegeArray = $privilegeObj->allAsArray();
if ($user->accountTabIndicator == '1') {
$accountTab = 'checked';
} else {
$accountTab = '';
}
?>
<div id='div_updateForm'>
<input type='hidden' id='editLoginID' value='<?php
echo $loginID;
?>
'>
<div class='formTitle' style='width:295px;'><span class='headerText' style='margin-left:7px;'><?php
if ($loginID) {
echo _("Edit User");
} else {
echo _("Add New User");
}
<form name="form_query" method="post">
<tr>
<td bgcolor="#EEEEEE" width="100%" valign="top" class="form_title" colspan="2">
Privilégios
</td>
</tr>
<tr>
<td bgcolor="#FFFFFF" width="30%" valign="center" align="right">
Id:
</td>
<td bgcolor="#FFFFFF" width="70%" valign="center" align="left">
<select name="p_priv_id">
<option value="">Selecione</option>
<?php
$privilege = new Privilege();
$privilege->SetDatabase($database);
$result = $privilege->SelectCombo();
while ($data = $database->FetchArray($result)) {
$priv_id = $data["priv_id"];
$profile = $data["prof_name"];
$module = $data["modu_name"];
echo "<option value=\"" . $priv_id . "\">" . $profile . " - " . $module . "</option>";
}
?>
</select>
</td>
</tr>
<tr>
<td bgcolor="#FFFFFF" width="100%" valign="center" align="center" colspan="2">
<?php
$user = new User();
$message = new Message();
$m1 = $message->getMessage();
$privilege = new Privilege();
$role = $privilege->judge($user);
?>
<nav class="navbar navbar-default navbar-fixed-top">
<div class="container-fluid">
<div class="row">
<div class="col-md-10 col-md-offset-1">
<!-- Brand and toggle get grouped for better mobile display -->
<div class="navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1" aria-expanded="false">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="index.php"><i class="fa fa-leaf icon-leaf green"></i></a>
</div>
<!-- Collect the nav links, forms, and other content for toggling -->
<div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
<ul class="nav navbar-nav">
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false">分布式课程<span class="caret"></span></a>
<ul class="dropdown-menu">
<li><a href="course.php">课程首页</a></li>
<li role="separator" class="divider"></li>
<?php
if (!isset($_SESSION)) {
session_start();
}
require_once 'initClass.php';
require_once 'init.php';
if (isset($_SESSION['idJoueurCourant']) && $_SESSION['idJoueurCourant'] != '') {
// Instance manager
$IconePersonnageManager = new IconePersonnageManager($db);
$JoueurManager = new JoueurManager($db);
$Joueur = new Joueur($JoueurManager->get($_SESSION['idJoueurCourant']));
$FormulaireUniqueId = new FormulaireUniqueId();
$Privilege = new Privilege($JoueurManager->getPrivilege($Joueur->getId()));
if ($Privilege->hasPermission('IconePersonnage')) {
if ($FormulaireUniqueId->validate()) {
// Vérification du fichier files
if (isset($_FILES) && count($_FILES) > 0) {
$dossier = dossierIconePersonnageAbsolue;
$destination = $dossier . basename($_FILES['chemin']['name']);
// Upload du fichier
if (move_uploaded_file($_FILES['chemin']['tmp_name'], $destination)) {
$_POST['chemin'] = dossierIconePersonnage . $_FILES['chemin']['name'];
$iconePersonnage = new IconePersonnage($_POST);
// Insertion de l'icone
$IconePersonnageManager->insert($iconePersonnage);
$_SESSION['insertIconePersonnage'] = true;
}
}
}
//Liste des icones personnages
<?php
if (!isset($_SESSION)) {
session_start();
}
require_once 'initClass.php';
require_once 'init.php';
if (isset($_SESSION['idJoueurCourant']) && $_SESSION['idJoueurCourant'] != '') {
// Instance manager
$PersonnageTypeManager = new PersonnageTypeManager($db);
$PersonnageManager = new PersonnageManager($db);
$JoueurManager = new JoueurManager($db);
$EvolutionManager = new EvolutionManager($db);
$FormulaireUniqueId = new FormulaireUniqueId();
$Joueur = new Joueur($JoueurManager->get($_SESSION['idJoueurCourant']));
$Privilege = new Privilege($JoueurManager->getPrivilege($Joueur->getId()));
if ($Privilege->hasPermission('personnageCreer')) {
// Insertion du nouveau personnage.
if (isset($_POST) && count($_POST) > 0) {
if ($FormulaireUniqueId->validate()) {
$insert = true;
// Si un champ n'a pas été saisie par l'utisateur
foreach ($_POST as $key => $value) {
if ($value == '') {
$insert = false;
}
}
if ($insert) {
// Personnagetype avec les données du POST
$PersonnageType = new PersonnageType($PersonnageTypeManager->get($_POST['personnageTypeId']));
// Création du personnage avec les données POST
/**
* Allows the user to delete an existing privilege. All the flippers related to
* this privilege will be removed
*
* @access public
* @return void
*/
public function deleteAction()
{
$this->title = 'Delete privilege';
$form = new DeleteForm();
$privilegeModel = new Privilege();
if ($this->getRequest()->isPost()) {
if ($form->isValid($this->getRequest()->getPost())) {
$privilegeModel->deleteById($form->getValue('id'));
$this->_helper->FlashMessenger(array('msg-success' => 'The privilege was successfully deleted.'));
//Regenerate Flag and Flippers
App_FlagFlippers_Manager::save();
$this->_redirect('/privileges/');
}
} else {
$id = $this->_getParam('id');
$row = $privilegeModel->findById($id);
if (empty($row)) {
$this->_helper->FlashMessenger(array('msg-warning' => sprintf('We cannot find privilege with id %s', $id)));
$this->_redirect('/privileges/');
}
$form->populate($row->toArray());
$this->view->item = $row;
}
$this->view->form = $form;
}
/**
* Returns the data model based on the primary key given in the GET variable.
* If the data model is not found, an HTTP exception will be raised.
* @param integer $id the ID of the model to be loaded
* @return Privilege the loaded model
* @throws CHttpException
*/
public function loadModel($id)
{
$model = Privilege::model()->findByPk($id);
if ($model === null) {
throw new CHttpException(404, 'The requested page does not exist.');
}
return $model;
}
$menu = new Menu(); $menu->SetDatabase($database); $menu->Backup($handle1, $handle2); $module = new Module(); $module->SetDatabase($database); $module->Backup($handle1, $handle2); $new = new News(); $new->SetDatabase($database); $new->Backup($handle1, $handle2); $profile = new Profile(); $profile->SetDatabase($database); $profile->Backup($handle1, $handle2); $paragraph = new Paragraph(); $paragraph->SetDatabase($database); $paragraph->Backup($handle1, $handle2); $privilege = new Privilege(); $privilege->SetDatabase($database); $privilege->Backup($handle1, $handle2); $role = new Role(); $role->SetDatabase($database); $role->Backup($handle1, $handle2); $menu_item = new MenuItem(); $menu_item->SetDatabase($database); $menu_item->Backup($handle1, $handle2); $shout = new Shout(); $shout->SetDatabase($database); $shout->Backup($handle1, $handle2); $user_info = new UserInfo(); $user_info->SetDatabase($database); $user_info->Backup($handle1, $handle2); $topic = new Topic();
echo $form->labelEx($model, 'NAMA');
?>
<?php
echo $form->textField($model, 'NAMA', array('size' => 25, 'maxlength' => 25));
?>
<?php
echo $form->error($model, 'NAMA');
?>
</div>
<div class="row">
<?php
echo $form->labelEx($model, 'Pilih Privilege');
?>
<?php
$data = CHtml::listData(Privilege::model()->findAll(), 'ID_PRIVILEGE', 'NAMA_PRIVILEGE');
echo $form->dropDownList($model, 'ID_PRIVILEGE', $data);
?>
<?php
echo $form->error($model, 'ID_PRIVILEGE');
?>
</div>
<div class="row">
<?php
echo $form->labelEx($model, 'NO_HP');
?>
<?php
echo $form->textField($model, 'NO_HP', array('size' => 15, 'maxlength' => 15));
?>
<?php
<?php
if (!isset($_SESSION)) {
session_start();
}
require_once 'initClass.php';
require_once 'init.php';
if (isset($_SESSION['idJoueurCourant']) && $_SESSION['idJoueurCourant'] != '') {
$PersonnageTypeManager = new PersonnageTypeManager($db);
$EvolutionManager = new EvolutionManager($db);
$IconePersonnageManager = new IconePersonnageManager($db);
$JoueurManager = new JoueurManager($db);
$Joueur = new Joueur($JoueurManager->get($_SESSION['idJoueurCourant']));
$Privilege = new Privilege($JoueurManager->getPrivilege($Joueur->getId()));
$FormulaireUniqueId = new FormulaireUniqueId();
if ($Privilege->hasPermission('evolutionCreerModifier')) {
// Si aucun evolution à modifier
$evolutionSelected = '';
// Enregistrement de l'évolution
if (isset($_POST) && count($_POST) > 0) {
// Le traitement de l'insert et de l'update se fait via le même formulaire
if ($_POST['action'] == "ajouter") {
if ($FormulaireUniqueId->validate()) {
$insert = true;
// Si un champ n'a pas été saisie par l'utisateur
foreach ($_POST as $key => $value) {
if ($value == '') {
$insert = false;
}
}
// Si champs compelts, insertion en base de donnée
public static function selectByCompany($id)
{
$connection = Flight::dbMain();
try {
$sql = "SELECT * FROM user WHERE company_id = :company;";
$query = $connection->prepare($sql);
$query->bindParam(':company', $id, PDO::PARAM_INT);
$query->execute();
$rows = $query->fetchAll(PDO::FETCH_ASSOC);
$result = array();
foreach ($rows as $row) {
$user = new User();
$user->Id = (int) $row['id'];
$user->Name = $row['user_name'];
$user->DtCreated = $row['user_dt_created'];
$user->DtExpired = $row['user_dt_expired'];
// $user->Privilege = (int) $row['e_privilege_id'];
// $user->Status = (int) $row['e_status_id'];
// $user->Company = (int) $row['company_id'];
// $user->Sim = $row['sim_id'] == null ? null : (int) $row['sim_id'];
$user->Privilege = Privilege::select($row['e_privilege_id']);
$user->Status = Status::select($row['e_status_id']);
$user->Company = Company::select($row['company_id']);
$user->Sim = Sim::select($row['sim_id']);
array_push($result, $user);
}
return $result;
} catch (PDOException $pdoException) {
throw $pdoException;
} catch (Exception $exception) {
throw $exception;
} finally {
$connection = null;
}
}
<?php
require_once 'initClass.php';
require_once 'init.php';
if (!isset($_SESSION)) {
session_start();
}
if (isset($_SESSION['idJoueurCourant']) && $_SESSION['idJoueurCourant'] != '') {
$JoueurManager = new JoueurManager($db);
$Joueur = new Joueur($JoueurManager->get($_SESSION['idJoueurCourant']));
$PermissionManager = new PermissionManager($db);
$RoleManager = new RoleManager($db);
$Privilege = new Privilege($JoueurManager->getPrivilege($Joueur->getId()));
if ($Privilege->hasPermission('rolePermission')) {
if (isset($_POST) && count($_POST) > 0) {
// Le traitement de l'insert
if ($_POST['action'] == "ajouter") {
// Test si un roleid est sélectionné
if ($_POST['roleId'] != '') {
// Suppression des enregistrements de la table de jointure
$RoleManager->delete_permission_role($_POST['roleId']);
// Insertion + verification du post permission id
if (isset($_POST['permissionId']) && count($_POST['permissionId']) > 0) {
$permissionIdCheckbox = $_POST['permissionId'];
// Parcours de toute les permissions sélectionnés
foreach ($permissionIdCheckbox as $key => $permissionId) {
$RoleManager->insert_permission_role($_POST['roleId'], $permissionId);
}
// Pour que les options soit décoché après avoir fait un insert
$_SESSION['listePermissionSelected'] = '';
$_SESSION['roleIdSelected'] = '';
}
}
if ($action == 3) {
$privilege = new Privilege();
$privilege->SetDatabase($database);
$privilege->SetId($priv_id);
$privilege->SetModule($priv_modu_id);
$privilege->SetProfile($priv_prof_id);
if ($privilege->Update()) {
$message = $screen_module_name . " alterado com sucesso.";
} else {
$message = "Problemas na operação.";
}
}
if ($action == 4) {
$privilege = new Privilege();
$privilege->SetDatabase($database);
$privilege->SetId($priv_id);
if ($privilege->Delete()) {
$message = $screen_module_name . " excluído com sucesso.";
$priv_id = "";
$priv_modu_id = "";
$priv_prof_id = "";
} else {
$message = "Problemas na operação.";
}
}
}
?>
<html>
</form>
<br>
<h2 id="by-calling">Privileges granted to callings</h2>
<table class="privList">
<tr>
<th>Calling</th>
<th>Privilege</th>
<th>Options</th>
</tr>
<?php
$rm = DB::Run("SELECT CallingID, PrivilegeID FROM GrantedPrivileges INNER JOIN Callings ON Callings.ID = CallingID INNER JOIN Privileges ON Privileges.ID = GrantedPrivileges.PrivilegeID WHERE CallingID > 0 AND Callings.WardID={$MEMBER->WardID} ORDER BY Callings.Name ASC, Privileges.Privilege ASC");
while ($row = mysql_fetch_array($rm)) {
$priv = Privilege::Load($row['PrivilegeID']);
$call = Calling::Load($row['CallingID']);
?>
<tr>
<td>
<b><?php
echo $call->Name;
?>
</b>
</td>
<td>
<span title="<?php
echo $priv->HelpText();
?>
"><?php
echo $priv->Privilege();
public static function Create($name, $stakeID, $rawPwd)
{
if (!strlen(trim($name)) || !$stakeID || !strlen(trim($rawPwd))) {
fail("Cannot create a ward without a name, stake ID, and password (and residences are strongly recommended, if possible).");
}
if (!Stake::Load($stakeID)) {
fail("Could not create ward because stake ID was found to be invalid.");
}
$ward = new Ward();
$ward->Name = strip_tags($name);
$ward->StakeID = $stakeID;
$ward->Salt = salt();
$ward->Password = hashPwd($rawPwd, $ward->Salt);
$ward->Balance = 2.5;
$ward->Deleted = false;
if (!$ward->Save()) {
return null;
}
// Set up pre-defined callings, privileges, permissions, and a sample survey question or two.
$callings = array();
$callings[1] = new Calling("Bishop", $ward->ID, true);
$callings[2] = new Calling("Bishopric 1st Counselor", $ward->ID, true);
$callings[3] = new Calling("Bishopric 2nd Counselor", $ward->ID, true);
$callings[4] = new Calling("Executive Secretary", $ward->ID, true);
$callings[5] = new Calling("Elders Quorum President", $ward->ID, true);
$callings[6] = new Calling("Elders Quorum 1st Counselor", $ward->ID, true);
$callings[7] = new Calling("Elders Quorum 2nd Counselor", $ward->ID, true);
$callings[8] = new Calling("Elders Quorum Secretary", $ward->ID, true);
$callings[9] = new Calling("Relief Society President", $ward->ID, true);
$callings[10] = new Calling("Relief Society 1st Counselor", $ward->ID, true);
$callings[11] = new Calling("Relief Society 2nd Counselor", $ward->ID, true);
$callings[12] = new Calling("Relief Society Secretary", $ward->ID, true);
$callings[13] = new Calling("Ward Clerk", $ward->ID, true);
$callings[14] = new Calling("Membership Clerk", $ward->ID, true);
foreach ($callings as $c) {
$c->Save();
}
// Save each calling
// Compile an array of each privilege in the database; currently, we have IDs 1 through 13
$privileges = array();
$priv_count = mysql_fetch_row(DB::Run("SELECT COUNT(1) FROM Privileges"))[0];
for ($i = 1; $i <= $priv_count; $i++) {
$privileges[$i] = Privilege::Load($i);
}
// Bishopric (excluding executive secretary) can mass email all ward members,
// see everything in the export file, and manage privileges, and send texts
for ($i = 1; $i <= 3; $i++) {
$privileges[PRIV_EMAIL_ALL]->GrantToCalling($callings[$i]->ID());
$privileges[PRIV_EXPORT_EMAIL]->GrantToCalling($callings[$i]->ID());
$privileges[PRIV_EXPORT_PHONE]->GrantToCalling($callings[$i]->ID());
$privileges[PRIV_EXPORT_BDATE]->GrantToCalling($callings[$i]->ID());
$privileges[PRIV_MNG_SITE_PRIV]->GrantToCalling($callings[$i]->ID());
$privileges[PRIV_TEXT_ALL]->GrantToCalling($callings[$i]->ID());
}
// Executive secretary gets all privileges (except redundant ones 2 and 3 - mass email brothers/sisters)
for ($i = PRIV_EMAIL_ALL; $i <= PRIV_TEXT_ALL; $i++) {
if ($i != PRIV_EMAIL_BRO && $i != PRIV_EMAIL_SIS) {
$privileges[$i]->GrantToCalling($callings[4]->ID());
}
}
// EQ presidency gets to mass-email all brothers
for ($i = 5; $i <= 8; $i++) {
$privileges[PRIV_EMAIL_BRO]->GrantToCalling($callings[$i]->ID());
}
// The EQ president needs to see more in the export file
$privileges[PRIV_EXPORT_EMAIL]->GrantToCalling($callings[5]->ID());
$privileges[PRIV_EXPORT_PHONE]->GrantToCalling($callings[5]->ID());
$privileges[PRIV_EXPORT_BDATE]->GrantToCalling($callings[5]->ID());
// RS presidency gets to mass-email all sisters
for ($i = 9; $i <= 12; $i++) {
$privileges[PRIV_EMAIL_SIS]->GrantToCalling($callings[$i]->ID());
}
// RS president can see more in the export file, too
$privileges[PRIV_EXPORT_EMAIL]->GrantToCalling($callings[9]->ID());
$privileges[PRIV_EXPORT_PHONE]->GrantToCalling($callings[9]->ID());
$privileges[PRIV_EXPORT_BDATE]->GrantToCalling($callings[9]->ID());
// Ward clerks can see all info in export file and manage site privileges
$privileges[PRIV_EXPORT_EMAIL]->GrantToCalling($callings[13]->ID());
$privileges[PRIV_EXPORT_PHONE]->GrantToCalling($callings[13]->ID());
$privileges[PRIV_EXPORT_BDATE]->GrantToCalling($callings[13]->ID());
$privileges[PRIV_MNG_SITE_PRIV]->GrantToCalling($callings[13]->ID());
// Membership clerks needs to see all info in export file, and can
// manage callings, profile pictures, and delete accounts
$privileges[PRIV_EXPORT_EMAIL]->GrantToCalling($callings[14]->ID());
$privileges[PRIV_EXPORT_PHONE]->GrantToCalling($callings[14]->ID());
$privileges[PRIV_EXPORT_BDATE]->GrantToCalling($callings[14]->ID());
$privileges[PRIV_MNG_CALLINGS]->GrantToCalling($callings[14]->ID());
$privileges[PRIV_MNG_PROFILE_PICS]->GrantToCalling($callings[14]->ID());
$privileges[PRIV_DELETE_ACCTS]->GrantToCalling($callings[14]->ID());
// --------------------------------------------------- //
// Create a sample/starter question.
$qu = new SurveyQuestion();
$qu->Question = "Welcome to the singles ward! Do you prefer blue, brown, or green eyes?";
$qu->QuestionType = QuestionType::MultipleChoice;
$qu->Required = false;
$qu->Visible = true;
$qu->WardID = $ward->ID();
$qu->Save();
$qu->AddAnswerOption("Brown eyes");
$qu->AddAnswerOption("Blue eyes");
$qu->AddAnswerOption("Green eyes");
// Let a few people see it: Bishop, Exec. Sec, EQP, and RSP
$p = new Permission();
$p->QuestionID($qu->ID());
$p->Allow($callings[1]->ID(), "Calling", true);
$p->Allow($callings[4]->ID(), "Calling", true);
$p->Allow($callings[5]->ID(), "Calling", true);
$p->Allow($callings[9]->ID(), "Calling", true);
// I think we're all done here!
return $ward;
}
<?php
require_once 'models/Http.php';
require_once 'models/Privilege.php';
require_once 'models/User.php';
require_once 'views/Standard.php';
require_once 'views/Userpage.php';
$privileges = Privilege::getPrivileges();
$username = Http::get('name');
$logged_in_as = User::getCurrentLogin();
$viewerinfo = User::getUser($logged_in_as);
$userinfo = User::getUser($username);
if ($viewerinfo == false) {
$error = Userpage::renderNoPrivilege($username);
echo Standard::render('', $error);
die;
}
if ($userinfo == false) {
$error = Userpage::renderNotExist($username);
echo Standard::render('', $error);
die;
}
if ($username == $logged_in_as || $userinfo['privilege'] > $viewerinfo['privilege'] && $viewerinfo['privilege'] <= 4) {
$privilege = Userpage::renderPrivileged($username, $userinfo['email'], $privileges, $userinfo['privilege'], $viewerinfo['privilege'], $viewerinfo['username']);
$sidebar = Userpage::renderPrivilegedStatistics();
$sidebar .= Userpage::renderReason(Http::get('reason'));
if (Http::get('reason') == 'success') {
$sidebar .= Userpage::renderSuccessTime(Http::get('time'));
} else {
if (Http::get('reason') == 'nothing_changed') {
$sidebar .= Userpage::renderNothingChanged();
?>
" style='width:140px;' /></td></tr>
<tr><td><label for='privilegeID'><b>Privilege</b></label</td>
<td>
<fieldset id="fieldsetPrivilege">
<a title = "Add/Edit users can add, edit, or remove licenses and associated fields<br /><br />Admin users have access to the Admin page and the SFX tab.<br /><br />Restricted users do not have the ability to view documents<br /><br />View only users can view all license information, including the license pdf" href=""><img src='images/help.gif'></a>
</fieldset>
<div id="footnote_priv" style='display:none;'>Add/Edit users can add, edit, or remove licenses and associated fields<br /><br />Admin users have access to the Admin page and the SFX tab.<br /><br />Restricted users do not have the ability to view documents<br /><br />View only users can view all license information, including the license pdf</div>
</td>
<td>
<select name='privilegeID' id='privilegeID' style='width:145px'>
<?php
$display = array();
$privilege = new Privilege();
foreach ($privilege->allAsArray() as $display) {
if ($updateUser->privilegeID == $display['privilegeID']) {
echo "<option value='" . $display['privilegeID'] . "' selected>" . $display['shortName'] . "</option>";
} else {
echo "<option value='" . $display['privilegeID'] . "'>" . $display['shortName'] . "</option>";
}
}
?>
</select>
</td>
</tr>
<?php
//if not configured to use SFX, hide the Terms Tool Report
if ($util->useTermsTool()) {
$new = new News();
$new->SetDatabase($database);
$new->Create();
break;
case 11:
$profile = new Profile();
$profile->SetDatabase($database);
$profile->Create();
break;
case 12:
$paragraph = new Paragraph();
$paragraph->SetDatabase($database);
$paragraph->Create();
break;
case 13:
$privilege = new Privilege();
$privilege->SetDatabase($database);
$privilege->Create();
break;
case 14:
$role = new Role();
$role->SetDatabase($database);
$role->Create();
break;
case 15:
$menu_item = new MenuItem();
$menu_item->SetDatabase($database);
$menu_item->Create();
break;
case 16:
$shout = new Shout();
<?php
session_start();
require_once "../config.php";
require_once "Privilege.php";
if ($_SESSION['online'] && Privilege::hasSuperAdmin($_SESSION['privileges'])) {
$id = $_POST['id'];
$stmt = $db->prepare("SELECT privileges FROM " . $prefix . "users WHERE id=?");
$stmt->bind_param("i", $id);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($priv);
if ($stmt->num_rows > 0) {
while ($stmt->fetch()) {
if ($priv == "superadmin") {
echo "You cannot delete the superadmin";
die;
}
}
$stmt->close();
}
$stmt = $db->prepare("DELETE FROM " . $prefix . "users WHERE id = ?");
$stmt->bind_param("i", $id);
if ($stmt->execute()) {
echo "User deleted successfully";
} else {
echo "Could not delete user";
}
$stmt->close();
}
function DropTables()
{
$moderator = new Moderator();
$moderator->SetDatabase($this);
$moderator->Drop();
$message = new Message();
$message->SetDatabase($this);
$message->Drop();
$topic = new Topic();
$topic->SetDatabase($this);
$topic->Drop();
$user_info = new UserInfo();
$user_info->SetDatabase($this);
$user_info->Drop();
$session = new Session();
$session->SetDatabase($this);
$session->Drop();
$new = new News();
$new->SetDatabase($this);
$new->Drop();
$shout = new Shout();
$shout->SetDatabase($this);
$shout->Drop();
$paragraph = new Paragraph();
$paragraph->SetDatabase($this);
$paragraph->Drop();
$privilege = new Privilege();
$privilege->SetDatabase($this);
$privilege->Drop();
$role = new Role();
$role->SetDatabase($this);
$role->Drop();
$menu_item = new MenuItem();
$menu_item->SetDatabase($this);
$menu_item->Drop();
$module = new Module();
$module->SetDatabase($this);
$module->Drop();
$page = new Page();
$page->SetDatabase($this);
$page->Drop();
$article = new Article();
$article->SetDatabase($this);
$article->Drop();
$subject = new Subject();
$subject->SetDatabase($this);
$subject->Drop();
$menu = new Menu();
$menu->SetDatabase($this);
$menu->Drop();
$profile = new Profile();
$profile->SetDatabase($this);
$profile->Drop();
$user = new User();
$user->SetDatabase($this);
$user->Drop();
}
if (Privilege::hasAdmin($_SESSION['privileges'])) {
?>
<li><a>Config</a>
<ul>
<li><a href="groups.php">Groups</a></li>
<li><a href="rules.php">Rules</a></li>
<li><a href="lang.php">Lang</a></li>
<li><a href="magic.php">Magic</a></li>
</ul>
</li>
<?php
}
?>
<li><a href="account.php">Account</a>
<?php
if (Privilege::hasSuperAdmin($_SESSION['privileges'])) {
?>
<li><a href="admin.php">Admin</a>
<?php
}
?>
</ul>
</nav>
</div>
<?php
}
?>
</div>
<div class="grid-container">
<div class="grid-100">
<div class="well text-center">
Flight::ok($object);
} catch (Exception $exception) {
Flight::error($exception);
}
});
Flight::route('PUT /v1/main/privilege/@id', function ($id) {
try {
$object = Privilege::update($id);
Flight::ok($object);
} catch (Exception $exception) {
Flight::error($exception);
}
});
Flight::route('DELETE /v1/main/privilege/@id', function ($id) {
try {
$object = Privilege::delete($id);
Flight::ok($object);
} catch (Exception $exception) {
Flight::error($exception);
}
});
//=============================================================================
//Route
//=============================================================================
Flight::route('GET /v1/main/route', function () {
try {
$array = Route::selectAll();
Flight::ok($array);
} catch (Exception $exception) {
Flight::error($exception);
}
static function setAcl($blogid, $priv = null, $add = false)
{
if (!isset($_SESSION['acl'])) {
$_SESSION['acl'] = array();
}
if (!isset($_SESSION['acl']["blog.{$blogid}"])) {
$_SESSION['acl']["blog.{$blogid}"] = array();
}
if (is_null($priv)) {
return;
}
if (!is_array($priv)) {
$priv = array($priv);
}
if ($add) {
$priv = array_merge($_SESSION['acl']["blog.{$blogid}"], $priv);
}
$_SESSION['acl']["blog.{$blogid}"] = Privilege::expand($priv);
}
}
}
} elseif (sizeof($_GET) > 0) {
@($action = $_GET['action']);
@($privID = $_GET['id']);
@($m = $_GET['m']);
@($c = $_GET['c']);
if ($action == "revoke") {
// Revoke this privilege
if (!$privID) {
fail("Need a privilege ID to revoke; cannot revoke no privilege!");
}
if ($m && $c || !$m && !$c) {
fail("Please choose a member or a calling to revoke from.");
}
$priv = Privilege::Load($privID);
if ($privID == 10) {
// 10 is Manage Site Privileges; at least one member or calling from the ward should always have this.
// This query gets a list of unique privileges.
$epicQuery = "SELECT GrantedPrivileges.ID, Members.WardID FROM GrantedPrivileges\n\t\t\t\t\t\tINNER JOIN Members ON Members.ID = GrantedPrivileges.MemberID\n\t\t\t\t\t\tWHERE WardID = {$MEMBER->WardID} AND GrantedPrivileges.PrivilegeID = 10\n\t\t\t\t\t\tUNION\n\t\t\t\t\t\tSELECT GrantedPrivileges.ID, Callings.WardID FROM GrantedPrivileges\n\t\t\t\t\t\tINNER JOIN Callings ON Callings.ID = GrantedPrivileges.CallingID\n\t\t\t\t\t\tWHERE WardID = {$MEMBER->WardID} AND GrantedPrivileges.PrivilegeID = 10;";
if (mysql_num_rows(DB::Run($epicQuery)) == 1) {
fail("At least one member or calling of your ward must be able to manage the site privileges. This was the last one; could not revoke.");
}
}
if ($m) {
$mem = Member::Load($m);
if ($mem->WardID != $MEMBER->WardID) {
fail("You can only revoke privileges from members of your ward.");
} else {
$priv->RevokeFromMember($m);
}
