/**
* Create a workflow based exception for a role.
*
* This method is called by a form on the {@link AdminController::manageRoles}
* page to allow for the creation of workflow based exceptions for a role.
* Workflow exceptions modify which fields are visible or editable based on
* what stage of a workflow a contact is in.
*/
public function actionRoleException()
{
$model = new Roles();
$temp = Workflow::model()->findAll();
$workflows = array();
foreach ($temp as $workflow) {
$workflows[$workflow->id] = $workflow->name;
}
$roleInput = filter_input(INPUT_POST, 'Roles', FILTER_DEFAULT, FILTER_REQUIRE_ARRAY);
if (!empty($roleInput)) {
$workflowId = filter_input(INPUT_POST, 'workflow', FILTER_SANITIZE_NUMBER_INT);
if (!empty($workflowId)) {
$workflowName = Workflow::model()->findByPk($workflowId)->name;
} else {
$this->redirect('manageRoles');
}
$stage = $_POST['workflowStages'];
if (isset($stage) && !empty($stage)) {
$stageName = X2Model::model('WorkflowStage')->findByAttributes(array('workflowId' => $workflow, 'stageNumber' => $stage))->name;
} else {
$this->redirect('manageRoles');
}
if (!isset($_POST['viewPermissions'])) {
$viewPermissions = array();
} else {
$viewPermissions = $_POST['viewPermissions'];
}
if (!isset($_POST['editPermissions'])) {
$editPermissions = array();
} else {
$editPermissions = $_POST['editPermissions'];
}
$model->attributes = $_POST['Roles'];
$model->timeout *= 60;
$oldRole = Roles::model()->findByAttributes(array('name' => $model->name));
$model->users = "";
$model->name .= " - {$workflowName}: {$stageName}";
if ($model->save()) {
$replacement = new RoleToWorkflow();
$replacement->workflowId = $workflow;
$replacement->stageId = $stage;
$replacement->roleId = $oldRole->id;
$replacement->replacementId = $model->id;
$replacement->save();
$fields = Fields::model()->findAll();
$temp = array();
foreach ($fields as $field) {
$temp[] = $field->id;
}
$both = array_intersect($viewPermissions, $editPermissions);
$view = array_diff($viewPermissions, $editPermissions);
$neither = array_diff($temp, $viewPermissions);
foreach ($both as $field) {
$rolePerm = new RoleToPermission();
$rolePerm->roleId = $model->id;
$rolePerm->fieldId = $field;
$rolePerm->permission = 2;
$rolePerm->save();
}
foreach ($view as $field) {
$rolePerm = new RoleToPermission();
$rolePerm->roleId = $model->id;
$rolePerm->fieldId = $field;
$rolePerm->permission = 1;
$rolePerm->save();
}
foreach ($neither as $field) {
$rolePerm = new RoleToPermission();
$rolePerm->roleId = $model->id;
$rolePerm->fieldId = $field;
$rolePerm->permission = 0;
$rolePerm->save();
}
}
$this->redirect('manageRoles');
}
}
/**
* A catch all page for roles.
*
* This action renders a page with forms for the creation, editing, and deletion
* of roles. It also displays a grid with all user created roles (default
* roles are not included and cannot be edited this way).
*/
public function actionManageRoles()
{
$dataProvider = new CActiveDataProvider('Roles');
$roles = $dataProvider->getData();
$arr = array();
foreach ($roles as $role) {
$arr[$role->name] = $role->name;
}
$temp = Workflow::model()->findAll();
$workflows = array();
foreach ($temp as $workflow) {
$workflows[$workflow->id] = $workflow->name;
}
$model = new Roles();
$model->timeout = 60;
if (isset($_POST['Roles'])) {
$model->attributes = $_POST['Roles'];
if (!isset($_POST['viewPermissions'])) {
$viewPermissions = array();
} else {
$viewPermissions = $_POST['viewPermissions'];
}
if (!isset($_POST['editPermissions'])) {
$editPermissions = array();
} else {
$editPermissions = $_POST['editPermissions'];
}
if (isset($_POST['Roles']['users'])) {
$users = $model->users;
} else {
$users = array();
}
$model->users = "";
$model->timeout *= 60;
if ($model->save()) {
foreach ($users as $user) {
$role = new RoleToUser();
$role->roleId = $model->id;
if (!is_numeric($user)) {
$userRecord = User::model()->findByAttributes(array('username' => $user));
$role->userId = $userRecord->id;
$role->type = 'user';
} else {
$role->userId = $user;
$role->type = 'group';
}
/* end x2temp */
$role->save();
}
$fields = Fields::model()->findAll();
$temp = array();
foreach ($fields as $field) {
$temp[] = $field->id;
}
$both = array_intersect($viewPermissions, $editPermissions);
$view = array_diff($viewPermissions, $editPermissions);
$neither = array_diff($temp, $viewPermissions);
foreach ($both as $field) {
$rolePerm = new RoleToPermission();
$rolePerm->roleId = $model->id;
$rolePerm->fieldId = $field;
$rolePerm->permission = 2;
$rolePerm->save();
}
foreach ($view as $field) {
$rolePerm = new RoleToPermission();
$rolePerm->roleId = $model->id;
$rolePerm->fieldId = $field;
$rolePerm->permission = 1;
$rolePerm->save();
}
foreach ($neither as $field) {
$rolePerm = new RoleToPermission();
$rolePerm->roleId = $model->id;
$rolePerm->fieldId = $field;
$rolePerm->permission = 0;
$rolePerm->save();
}
} else {
foreach ($model->getErrors() as $err) {
$errors = $err;
}
$errors = implode(',', $errors);
Yii::app()->user->setFlash('error', Yii::t('admin', "Unable to save role: {errors}", array('{errors}' => $errors)));
}
$this->redirect('manageRoles');
}
$this->render('manageRoles', array('dataProvider' => $dataProvider, 'model' => $model, 'roles' => $arr, 'workflows' => $workflows));
}
/**
* Perform the creation of a new database column.
*
* The extra work in this method is skipped over in the "newModule" scenario
* because the database schema altering commands to set up columns are
* performed separately in that case.
*
* @return type
*/
public function afterSave()
{
// Does the column already exist?
$table = Yii::app()->db->schema->tables[$this->myTableName];
$existing = array_key_exists($this->fieldName, $table->columns) && $table->columns[$this->fieldName] instanceof CDbColumnSchema;
if (!$existing) {
// Going to create the column.
$this->createColumn();
}
if ($this->keyType != 'PRI' && $this->keyType != 'FIX') {
// The key for this column is not primary/hard-coded (managed by
// X2Engine developers, and cannot be user-modified), so it can
// be allowed to change.
if ($this->keyType != null) {
$this->dropIndex();
$this->createIndex($this->keyType === 'UNI');
} else {
$this->dropIndex();
}
}
if ($this->isNewRecord) {
// A new fields permissions default to read/write for all roles
$dataProvider = new CActiveDataProvider('Roles');
foreach ($dataProvider->getData() as $role) {
$permission = new RoleToPermission();
$permission->roleId = $role->id;
$permission->fieldId = $this->id;
$permission->permission = 2;
$permission->save();
}
}
return parent::afterSave();
}
public function actionRoleException()
{
$model = new Roles();
$temp = Workflow::model()->findAll();
$workflows = array();
foreach ($temp as $workflow) {
$workflows[$workflow->id] = $workflow->name;
}
if (isset($_POST['Roles'])) {
$workflow = $_POST['workflow'];
$workflowName = Workflow::model()->findByPk($workflow)->name;
$stage = $_POST['workflowStages'];
$stageName = WorkflowStage::model()->findByPk($stage)->name;
$viewPermissions = $_POST['viewPermissions'];
$editPermissions = $_POST['editPermissions'];
$users = $_POST['users'];
$model->attributes = $_POST['Roles'];
$oldRole = Roles::model()->findByAttributes(array('name' => $model->name));
$model->users = "";
$model->name .= " - {$workflowName}: {$stageName}";
if ($model->save()) {
$replacement = new RoleToWorkflow();
$replacement->workflowId = $workflow;
$replacement->stageId = $stage;
$replacement->roleId = $oldRole->id;
$replacement->replacementId = $model->id;
$replacement->save();
$fields = Fields::model()->findAll();
$temp = array();
foreach ($fields as $field) {
$temp[] = $field->id;
}
$both = array_intersect($viewPermissions, $editPermissions);
$view = array_diff($viewPermissions, $editPermissions);
$neither = array_diff($temp, $viewPermissions);
foreach ($both as $field) {
$rolePerm = new RoleToPermission();
$rolePerm->roleId = $model->id;
$rolePerm->fieldId = $field;
$rolePerm->permission = 2;
$rolePerm->save();
}
foreach ($view as $field) {
$rolePerm = new RoleToPermission();
$rolePerm->roleId = $model->id;
$rolePerm->fieldId = $field;
$rolePerm->permission = 1;
$rolePerm->save();
}
foreach ($neither as $field) {
$rolePerm = new RoleToPermission();
$rolePerm->roleId = $model->id;
$rolePerm->fieldId = $field;
$rolePerm->permission = 0;
$rolePerm->save();
}
}
$this->redirect('manageRoles');
}
$this->render('roleException', array('model' => $model, 'workflows' => $workflows));
}
