/**
* Reset API key
*
* @param void
* @return null
*/
function api_reset_key()
{
if ($this->active_user->isNew()) {
$this->httpError(HTTP_ERR_NOT_FOUND);
}
// if
if (!$this->active_user->canEdit($this->logged_user)) {
$this->httpError(HTTP_ERR_FORBIDDEN);
}
// if
if ($this->request->isSubmitted()) {
$this->active_user->setToken(make_string(40));
$save = $this->active_user->save();
if ($save && !is_error($save)) {
flash_success('API key updated');
} else {
flash_error('Failed to update API key. Try again in a few minutes');
}
// if
$this->redirectToUrl($this->active_user->getApiSettingsUrl());
} else {
$this->httpError(HTTP_ERR_BAD_REQUEST);
}
// if
}
public function indexAction()
{
$this->_resource->addInlineJs('
var canEdit = ' . intval($this->_user->canEdit($this->_module)) . ';
var canDelete = ' . intval($this->_user->canDelete($this->_module)) . ';
var canPublish = ' . intval($this->_user->canPublish($this->_module)) . ';
');
$this->includeScripts();
}
/**
* Default action
*/
public function indexAction()
{
$this->_resource->addInlineJs('
var canEdit = ' . intval($this->_user->canEdit($this->_module)) . ';
var canDelete = ' . intval($this->_user->canDelete($this->_module)) . ';
');
$this->includeScripts();
$modulesConfig = Config::factory(Config::File_Array, $this->_configMain->get('backend_modules'));
$moduleCfg = $modulesConfig->get($this->_module);
if (strlen($moduleCfg['designer'])) {
$this->_runDesignerProject($moduleCfg['designer']);
} else {
if (file_exists('./js/app/system/crud/' . strtolower($this->_module) . '.js')) {
$this->_resource->addJs('/js/app/system/crud/' . strtolower($this->_module) . '.js', 4);
}
}
}
/**
* Show rights of a user
*
* @param $user User object
**/
static function showForUser(User $user)
{
global $DB, $CFG_GLPI;
$ID = $user->getField('id');
if (!$user->can($ID, READ)) {
return false;
}
$canedit = $user->canEdit($ID);
$strict_entities = self::getUserEntities($ID, false);
if (!Session::haveAccessToOneOfEntities($strict_entities) && !Session::isViewAllEntities()) {
$canedit = false;
}
$canshowentity = Entity::canView();
$rand = mt_rand();
if ($canedit) {
echo "<div class='firstbloc'>";
echo "<form name='entityuser_form{$rand}' id='entityuser_form{$rand}' method='post' action='";
echo Toolbox::getItemTypeFormURL(__CLASS__) . "'>";
echo "<table class='tab_cadre_fixe'>";
echo "<tr class='tab_bg_1'><th colspan='6'>" . __('Add an authorization to a user') . "</tr>";
echo "<tr class='tab_bg_2'><td class='center'>";
echo "<input type='hidden' name='users_id' value='{$ID}'>";
Entity::dropdown(array('entity' => $_SESSION['glpiactiveentities']));
echo "</td><td class='center'>" . self::getTypeName(1) . "</td><td>";
Profile::dropdownUnder(array('value' => Profile::getDefault()));
echo "</td><td>" . __('Recursive') . "</td><td>";
Dropdown::showYesNo("is_recursive", 0);
echo "</td><td class='center'>";
echo "<input type='submit' name='add' value=\"" . _sx('button', 'Add') . "\" class='submit'>";
echo "</td></tr>";
echo "</table>";
Html::closeForm();
echo "</div>";
}
$query = "SELECT DISTINCT `glpi_profiles_users`.`id` AS linkID,\n `glpi_profiles`.`id`,\n `glpi_profiles`.`name`,\n `glpi_profiles_users`.`is_recursive`,\n `glpi_profiles_users`.`is_dynamic`,\n `glpi_entities`.`completename`,\n `glpi_profiles_users`.`entities_id`\n FROM `glpi_profiles_users`\n LEFT JOIN `glpi_profiles`\n ON (`glpi_profiles_users`.`profiles_id` = `glpi_profiles`.`id`)\n LEFT JOIN `glpi_entities`\n ON (`glpi_profiles_users`.`entities_id` = `glpi_entities`.`id`)\n WHERE `glpi_profiles_users`.`users_id` = '{$ID}'\n ORDER BY `glpi_profiles`.`name`, `glpi_entities`.`completename`";
$result = $DB->query($query);
$num = $DB->numrows($result);
echo "<div class='spaced'>";
Html::openMassiveActionsForm('mass' . __CLASS__ . $rand);
if ($canedit && $num) {
$massiveactionparams = array('num_displayed' => $num, 'container' => 'mass' . __CLASS__ . $rand);
Html::showMassiveActions($massiveactionparams);
}
if ($num > 0) {
echo "<table class='tab_cadre_fixehov'>";
$header_begin = "<tr>";
$header_top = '';
$header_bottom = '';
$header_end = '';
if ($canedit) {
$header_begin .= "<th>";
$header_top .= Html::getCheckAllAsCheckbox('mass' . __CLASS__ . $rand);
$header_bottom .= Html::getCheckAllAsCheckbox('mass' . __CLASS__ . $rand);
$header_end .= "</th>";
}
$header_end .= "<th>" . _n('Entity', 'Entities', Session::getPluralNumber()) . "</th>";
$header_end .= "<th>" . sprintf(__('%1$s (%2$s)'), self::getTypeName(Session::getPluralNumber()), __('D=Dynamic, R=Recursive'));
$header_end .= "</th></tr>";
echo $header_begin . $header_top . $header_end;
while ($data = $DB->fetch_assoc($result)) {
echo "<tr class='tab_bg_1'>";
if ($canedit) {
echo "<td width='10'>";
if (in_array($data["entities_id"], $_SESSION['glpiactiveentities'])) {
Html::showMassiveActionCheckBox(__CLASS__, $data["linkID"]);
} else {
echo " ";
}
echo "</td>";
}
echo "<td>";
$link = $data["completename"];
if ($_SESSION["glpiis_ids_visible"]) {
$link = sprintf(__('%1$s (%2$s)'), $link, $data["entities_id"]);
}
if ($canshowentity) {
echo "<a href='" . Toolbox::getItemTypeFormURL('Entity') . "?id=" . $data["entities_id"] . "'>";
}
echo $link . ($canshowentity ? "</a>" : '');
echo "</td>";
if (Profile::canView()) {
$entname = "<a href='" . Toolbox::getItemTypeFormURL('Profile') . "?id=" . $data["id"] . "'>" . $data["name"] . "</a>";
} else {
$entname = $data["name"];
}
if ($data["is_dynamic"] || $data["is_recursive"]) {
$entname = sprintf(__('%1$s %2$s'), $entname, "<span class='b'>(");
if ($data["is_dynamic"]) {
//TRANS: letter 'D' for Dynamic
$entname = sprintf(__('%1$s%2$s'), $entname, __('D'));
}
if ($data["is_dynamic"] && $data["is_recursive"]) {
$entname = sprintf(__('%1$s%2$s'), $entname, ", ");
}
if ($data["is_recursive"]) {
//TRANS: letter 'R' for Recursive
$entname = sprintf(__('%1$s%2$s'), $entname, __('R'));
}
$entname = sprintf(__('%1$s%2$s'), $entname, ")</span>");
}
echo "<td>" . $entname . "</td>";
echo "</tr>";
}
echo $header_begin . $header_bottom . $header_end;
echo "</table>";
} else {
echo "<table class='tab_cadre_fixe'>";
echo "<tr><th>" . __('No item found') . "</th></tr>";
echo "</table>\n";
}
if ($canedit && $num) {
$massiveactionparams['ontop'] = false;
Html::showMassiveActions($massiveactionparams);
}
Html::closeForm();
echo "</div>";
}
target='_blank'><i class='fa fa-comment'></i> Send PM</a><a
class='btn btn-default btn-xs popup-link'
href='<?php
echo EMAIL . $memberInfo->member_id;
?>
&url=<?php
echo CLANAOD . $memberInfo->member_id;
?>
'
target='_blank'><i class='fa fa-envelope'></i> Send Email</a>
</h2>
</div>
<div class='col-xs-6'>
<?php
if (User::canEdit($memberInfo->member_id, $user, $member)) {
?>
<div class='btn-group pull-right' data-player-id='<?php
echo $memberInfo->member_id;
?>
'
data-user-id='<?php
echo $member->member_id;
?>
'>
<button type='button' class='btn btn-info edit-member'><i class="fa fa-pencil fa-lg"></i> Edit
</button>
<!-- <button type='button' class='btn btn-success'><i class="fa fa-user-plus fa-lg"></i> <span class="hidden-sm hidden-xs">Promote</span></button> -->
<?php
if ($user->role >= 2 && $member->rank_id >= 9 && $memberInfo->status_id != 4) {
?>
public static function resizeEvent($frm_submitted)
{
global $obj_db;
$arr_calendar = array();
if ($frm_submitted['cal_id'] > 0) {
$arr_calendar = Calendar::getCalendar($frm_submitted['cal_id']);
} else {
$int_calendar_id = Calendar::getCalendarIdByEventId($frm_submitted['event_id']);
$arr_calendar = Calendar::getCalendar($int_calendar_id);
}
if (IGNORE_TIMEZONE) {
$str_startdate = $frm_submitted['str_date_start'];
$str_enddate = $frm_submitted['str_date_end'];
$str_starttime = substr($frm_submitted['str_date_start'], 10);
$str_endtime = substr($frm_submitted['str_date_end'], 10);
} else {
$frm_submitted['date_start'] -= TIME_OFFSET;
$frm_submitted['date_end'] -= TIME_OFFSET;
$str_startdate = date('Y-m-d', $frm_submitted['date_start']);
$str_enddate = date('Y-m-d', $frm_submitted['date_end']);
$str_starttime = date('H:i:s', $frm_submitted['date_start']);
$str_endtime = date('H:i:s', $frm_submitted['date_end']);
}
$str_query = 'UPDATE events SET date_start = "' . $str_startdate . '" ' . ', date_end = "' . $str_enddate . '" ' . ', time_start = "' . $str_starttime . '" ' . ', time_end = "' . $str_endtime . '" ' . ' WHERE event_id = ' . $frm_submitted['event_id'];
// if(isset($_SESSION['calendar-uid']['uid']) && $_SESSION['calendar-uid']['uid'] > 0) {
// $bln_users_can_change_items_from_others = Settings::getAdminSetting('users_can_change_items_from_others', $_SESSION['calendar-uid']['uid']);
// } else {
// $bln_users_can_change_items_from_others = USERS_CAN_CHANGE_ITEMS_FROM_OTHERS;
// }
//if($bln_users_can_change_items_from_others) {
$bln_admin_and_full_control = ADMIN_HAS_FULL_CONTROL && (User::isAdmin() || User::isSuperAdmin());
$bln_public_cal_and_edit_allowed = $arr_calendar['share_type'] == 'public' && $arr_calendar['can_edit'];
if (User::isLoggedIn() && $bln_admin_and_full_control) {
// don't check on user_id
} else {
if (!User::isLoggedIn() && $bln_public_cal_and_edit_allowed) {
// don't check on user_id
} else {
$str_query .= ' AND user_id = ' . $_SESSION['calendar-uid']['uid'];
}
}
$obj_result = mysqli_query($obj_db, $str_query);
if ($obj_result !== false) {
$str_query = 'SELECT *, event_id as id, concat_ws(" ",date_start,time_start) as start,concat_ws(" ",date_end,time_end) as end ' . 'FROM events WHERE event_id = ' . $frm_submitted['event_id'];
$obj_result = mysqli_query($obj_db, $str_query);
$arr_event = mysqli_fetch_array($obj_result, MYSQLI_ASSOC);
$arr_event['allDay'] = $arr_event['allDay'] == 0 ? false : true;
$arr_event['allowEdit'] = User::canEdit($arr_event['user_id']);
$arr_event['deletable'] = User::canDelete($arr_event['user_id']);
return $arr_event;
}
return false;
}
public static function resizeEvent($frm_submitted)
{
global $link;
global $hostname, $username, $password, $database, $eventTable, $repeatTable;
//$link = mysqli_connect($hostname, $username, $password, $database);
if ($link === FALSE) {
$error = "Database connection failed";
printf("Connect failed: %s\n", mysqli_connect_error());
exit;
}
mysqli_set_charset($link, 'utf8');
$frm_submitted['date_start'] -= TIME_OFFSET;
$frm_submitted['date_end'] -= TIME_OFFSET;
$str_query = 'UPDATE ' . $eventTable . ' SET date_start = "' . date('Y-m-d', $frm_submitted['date_start']) . '" ' . ', date_end = "' . date('Y-m-d', $frm_submitted['date_end']) . '" ' . ', time_start = "' . date('H:i:s', $frm_submitted['date_start']) . '" ' . ', time_end = "' . date('H:i:s', $frm_submitted['date_end']) . '" ' . ' WHERE event_id = ' . $frm_submitted['event_id'];
if (defined('USERS_CAN_CHANGE_ITEMS_FROM_OTHERS') && USERS_CAN_CHANGE_ITEMS_FROM_OTHERS) {
// don't check on user_id
} else {
$str_query .= ' AND user_id = ' . $_SESSION['calendar-uid']['uid'];
}
$obj_result = mysqli_query($link, $str_query);
if ($obj_result !== false) {
$str_query = 'SELECT *, event_id as id, concat_ws(" ",date_start,time_start) as start,concat_ws(" ",date_end,time_end) as end ' . 'FROM ' . $eventTable . ' WHERE event_id = ' . $frm_submitted['event_id'];
$obj_result = mysqli_query($link, $str_query);
$arr_event = mysqli_fetch_array($obj_result, MYSQLI_ASSOC);
$arr_event['allDay'] = $arr_event['allDay'] == 0 ? false : true;
$arr_event['allowEdit'] = User::canEdit($arr_event['user_id']);
$arr_event['deletable'] = User::canDelete($arr_event['user_id']);
return $arr_event;
}
return false;
}
public static function _doUpdateMember()
{
// user attempting to make changes
$respUser = User::find(intval($_SESSION['userid']));
$respMember = Member::find(intval($_SESSION['memberid']));
// member being changed
$memberData = $_POST['memberData'];
$member = Member::findByMemberId($memberData['member_id']);
$user = User::findByMemberId(Member::findId($memberData['member_id']));
// only update values allowed by role
if (!User::isDev()) {
if ($respUser->role < 2) {
unset($memberData['squad_id'], $memberData['position_id'], $memberData['platoon_id']);
}
if ($respUser->role < 3) {
unset($memberData['platoon_id']);
}
}
// only continue if we have permission to edit the user
if (User::canEdit($memberData['member_id'], $respUser, $member) == true) {
// don't log if user edits their own profile
if ($respMember->member_id != $member->member_id) {
UserAction::create(array('type_id' => 3, 'date' => date("Y-m-d H:i:s"), 'user_id' => $respMember->member_id, 'target_id' => $member->member_id));
}
// validate recruiter
if ($memberData['recruiter'] != 0 && !Member::exists($memberData['recruiter'])) {
$data = array('success' => false, 'message' => "Recruiter id is invalid.");
// validate squad leader / squad_id setting
} else {
if ($respMember->member_id != $member->member_id && $memberData['position_id'] == 5 && $memberData['squad_id'] != 0) {
$data = array('success' => false, 'message' => "Squad leaders cannot be in a squad.");
} else {
// update member info
Member::modify($memberData);
}
}
// update games
if (isset($_POST['played_games'])) {
$games = $_POST['played_games'];
foreach ($games as $game) {
$params = new stdClass();
$params->member_id = $member->id;
$params->game_id = $game;
MemberGame::add($params);
}
}
// update user
if (isset($_POST['userData'])) {
$userData = $_POST['userData'];
// wish I had a better way to do this... yuck
$userData['developer'] = isset($userData['developer']) ? $userData['developer'] : 0;
if (!User::isDev()) {
unset($userData['developer']);
}
if ($respMember->member_id != $member->member_id && $user->role >= $respUser->role && !User::isDev()) {
$data = array('success' => false, 'message' => "You are not authorized to make that change.");
} else {
User::modify($userData);
}
}
// update aliases
if (isset($_POST['userAliases'])) {
$aliases = $_POST['userAliases'];
foreach ($aliases as $type => $value) {
$type = Handle::findByName($type)->id;
if ($value != '') {
$params = array('member_id' => $memberData['id'], 'handle_type' => $type, 'handle_value' => trim($value), 'handle_account_id' => '0', 'invalid' => '0', 'invalid_date' => '0000-00-00');
$id = MemberHandle::hasAlias($type, $memberData['id']);
if ($id) {
$params['id'] = $id;
MemberHandle::modify($params);
} else {
MemberHandle::add($params);
}
}
}
}
} else {
$data = array('success' => false, 'message' => 'You do not have permission to modify this player.');
}
if (!isset($data['success'])) {
$data = array('success' => true, 'message' => "Member information updated!");
}
// print out a pretty response
echo json_encode($data);
}
/**
* Check if this user can add new account to this group
*
* @access public
* @param User $user
* @return boolean
*/
function canAddUser(User $user)
{
return User::canEdit($user);
}
