/** * Reset API key * * @param void * @return null */ function api_reset_key() { if ($this->active_user->isNew()) { $this->httpError(HTTP_ERR_NOT_FOUND); } // if if (!$this->active_user->canEdit($this->logged_user)) { $this->httpError(HTTP_ERR_FORBIDDEN); } // if if ($this->request->isSubmitted()) { $this->active_user->setToken(make_string(40)); $save = $this->active_user->save(); if ($save && !is_error($save)) { flash_success('API key updated'); } else { flash_error('Failed to update API key. Try again in a few minutes'); } // if $this->redirectToUrl($this->active_user->getApiSettingsUrl()); } else { $this->httpError(HTTP_ERR_BAD_REQUEST); } // if }
public function indexAction() { $this->_resource->addInlineJs(' var canEdit = ' . intval($this->_user->canEdit($this->_module)) . '; var canDelete = ' . intval($this->_user->canDelete($this->_module)) . '; var canPublish = ' . intval($this->_user->canPublish($this->_module)) . '; '); $this->includeScripts(); }
/** * Default action */ public function indexAction() { $this->_resource->addInlineJs(' var canEdit = ' . intval($this->_user->canEdit($this->_module)) . '; var canDelete = ' . intval($this->_user->canDelete($this->_module)) . '; '); $this->includeScripts(); $modulesConfig = Config::factory(Config::File_Array, $this->_configMain->get('backend_modules')); $moduleCfg = $modulesConfig->get($this->_module); if (strlen($moduleCfg['designer'])) { $this->_runDesignerProject($moduleCfg['designer']); } else { if (file_exists('./js/app/system/crud/' . strtolower($this->_module) . '.js')) { $this->_resource->addJs('/js/app/system/crud/' . strtolower($this->_module) . '.js', 4); } } }
/** * Show rights of a user * * @param $user User object **/ static function showForUser(User $user) { global $DB, $CFG_GLPI; $ID = $user->getField('id'); if (!$user->can($ID, READ)) { return false; } $canedit = $user->canEdit($ID); $strict_entities = self::getUserEntities($ID, false); if (!Session::haveAccessToOneOfEntities($strict_entities) && !Session::isViewAllEntities()) { $canedit = false; } $canshowentity = Entity::canView(); $rand = mt_rand(); if ($canedit) { echo "<div class='firstbloc'>"; echo "<form name='entityuser_form{$rand}' id='entityuser_form{$rand}' method='post' action='"; echo Toolbox::getItemTypeFormURL(__CLASS__) . "'>"; echo "<table class='tab_cadre_fixe'>"; echo "<tr class='tab_bg_1'><th colspan='6'>" . __('Add an authorization to a user') . "</tr>"; echo "<tr class='tab_bg_2'><td class='center'>"; echo "<input type='hidden' name='users_id' value='{$ID}'>"; Entity::dropdown(array('entity' => $_SESSION['glpiactiveentities'])); echo "</td><td class='center'>" . self::getTypeName(1) . "</td><td>"; Profile::dropdownUnder(array('value' => Profile::getDefault())); echo "</td><td>" . __('Recursive') . "</td><td>"; Dropdown::showYesNo("is_recursive", 0); echo "</td><td class='center'>"; echo "<input type='submit' name='add' value=\"" . _sx('button', 'Add') . "\" class='submit'>"; echo "</td></tr>"; echo "</table>"; Html::closeForm(); echo "</div>"; } $query = "SELECT DISTINCT `glpi_profiles_users`.`id` AS linkID,\n `glpi_profiles`.`id`,\n `glpi_profiles`.`name`,\n `glpi_profiles_users`.`is_recursive`,\n `glpi_profiles_users`.`is_dynamic`,\n `glpi_entities`.`completename`,\n `glpi_profiles_users`.`entities_id`\n FROM `glpi_profiles_users`\n LEFT JOIN `glpi_profiles`\n ON (`glpi_profiles_users`.`profiles_id` = `glpi_profiles`.`id`)\n LEFT JOIN `glpi_entities`\n ON (`glpi_profiles_users`.`entities_id` = `glpi_entities`.`id`)\n WHERE `glpi_profiles_users`.`users_id` = '{$ID}'\n ORDER BY `glpi_profiles`.`name`, `glpi_entities`.`completename`"; $result = $DB->query($query); $num = $DB->numrows($result); echo "<div class='spaced'>"; Html::openMassiveActionsForm('mass' . __CLASS__ . $rand); if ($canedit && $num) { $massiveactionparams = array('num_displayed' => $num, 'container' => 'mass' . __CLASS__ . $rand); Html::showMassiveActions($massiveactionparams); } if ($num > 0) { echo "<table class='tab_cadre_fixehov'>"; $header_begin = "<tr>"; $header_top = ''; $header_bottom = ''; $header_end = ''; if ($canedit) { $header_begin .= "<th>"; $header_top .= Html::getCheckAllAsCheckbox('mass' . __CLASS__ . $rand); $header_bottom .= Html::getCheckAllAsCheckbox('mass' . __CLASS__ . $rand); $header_end .= "</th>"; } $header_end .= "<th>" . _n('Entity', 'Entities', Session::getPluralNumber()) . "</th>"; $header_end .= "<th>" . sprintf(__('%1$s (%2$s)'), self::getTypeName(Session::getPluralNumber()), __('D=Dynamic, R=Recursive')); $header_end .= "</th></tr>"; echo $header_begin . $header_top . $header_end; while ($data = $DB->fetch_assoc($result)) { echo "<tr class='tab_bg_1'>"; if ($canedit) { echo "<td width='10'>"; if (in_array($data["entities_id"], $_SESSION['glpiactiveentities'])) { Html::showMassiveActionCheckBox(__CLASS__, $data["linkID"]); } else { echo " "; } echo "</td>"; } echo "<td>"; $link = $data["completename"]; if ($_SESSION["glpiis_ids_visible"]) { $link = sprintf(__('%1$s (%2$s)'), $link, $data["entities_id"]); } if ($canshowentity) { echo "<a href='" . Toolbox::getItemTypeFormURL('Entity') . "?id=" . $data["entities_id"] . "'>"; } echo $link . ($canshowentity ? "</a>" : ''); echo "</td>"; if (Profile::canView()) { $entname = "<a href='" . Toolbox::getItemTypeFormURL('Profile') . "?id=" . $data["id"] . "'>" . $data["name"] . "</a>"; } else { $entname = $data["name"]; } if ($data["is_dynamic"] || $data["is_recursive"]) { $entname = sprintf(__('%1$s %2$s'), $entname, "<span class='b'>("); if ($data["is_dynamic"]) { //TRANS: letter 'D' for Dynamic $entname = sprintf(__('%1$s%2$s'), $entname, __('D')); } if ($data["is_dynamic"] && $data["is_recursive"]) { $entname = sprintf(__('%1$s%2$s'), $entname, ", "); } if ($data["is_recursive"]) { //TRANS: letter 'R' for Recursive $entname = sprintf(__('%1$s%2$s'), $entname, __('R')); } $entname = sprintf(__('%1$s%2$s'), $entname, ")</span>"); } echo "<td>" . $entname . "</td>"; echo "</tr>"; } echo $header_begin . $header_bottom . $header_end; echo "</table>"; } else { echo "<table class='tab_cadre_fixe'>"; echo "<tr><th>" . __('No item found') . "</th></tr>"; echo "</table>\n"; } if ($canedit && $num) { $massiveactionparams['ontop'] = false; Html::showMassiveActions($massiveactionparams); } Html::closeForm(); echo "</div>"; }
target='_blank'><i class='fa fa-comment'></i> Send PM</a><a class='btn btn-default btn-xs popup-link' href='<?php echo EMAIL . $memberInfo->member_id; ?> &url=<?php echo CLANAOD . $memberInfo->member_id; ?> ' target='_blank'><i class='fa fa-envelope'></i> Send Email</a> </h2> </div> <div class='col-xs-6'> <?php if (User::canEdit($memberInfo->member_id, $user, $member)) { ?> <div class='btn-group pull-right' data-player-id='<?php echo $memberInfo->member_id; ?> ' data-user-id='<?php echo $member->member_id; ?> '> <button type='button' class='btn btn-info edit-member'><i class="fa fa-pencil fa-lg"></i> Edit </button> <!-- <button type='button' class='btn btn-success'><i class="fa fa-user-plus fa-lg"></i> <span class="hidden-sm hidden-xs">Promote</span></button> --> <?php if ($user->role >= 2 && $member->rank_id >= 9 && $memberInfo->status_id != 4) { ?>
public static function resizeEvent($frm_submitted) { global $obj_db; $arr_calendar = array(); if ($frm_submitted['cal_id'] > 0) { $arr_calendar = Calendar::getCalendar($frm_submitted['cal_id']); } else { $int_calendar_id = Calendar::getCalendarIdByEventId($frm_submitted['event_id']); $arr_calendar = Calendar::getCalendar($int_calendar_id); } if (IGNORE_TIMEZONE) { $str_startdate = $frm_submitted['str_date_start']; $str_enddate = $frm_submitted['str_date_end']; $str_starttime = substr($frm_submitted['str_date_start'], 10); $str_endtime = substr($frm_submitted['str_date_end'], 10); } else { $frm_submitted['date_start'] -= TIME_OFFSET; $frm_submitted['date_end'] -= TIME_OFFSET; $str_startdate = date('Y-m-d', $frm_submitted['date_start']); $str_enddate = date('Y-m-d', $frm_submitted['date_end']); $str_starttime = date('H:i:s', $frm_submitted['date_start']); $str_endtime = date('H:i:s', $frm_submitted['date_end']); } $str_query = 'UPDATE events SET date_start = "' . $str_startdate . '" ' . ', date_end = "' . $str_enddate . '" ' . ', time_start = "' . $str_starttime . '" ' . ', time_end = "' . $str_endtime . '" ' . ' WHERE event_id = ' . $frm_submitted['event_id']; // if(isset($_SESSION['calendar-uid']['uid']) && $_SESSION['calendar-uid']['uid'] > 0) { // $bln_users_can_change_items_from_others = Settings::getAdminSetting('users_can_change_items_from_others', $_SESSION['calendar-uid']['uid']); // } else { // $bln_users_can_change_items_from_others = USERS_CAN_CHANGE_ITEMS_FROM_OTHERS; // } //if($bln_users_can_change_items_from_others) { $bln_admin_and_full_control = ADMIN_HAS_FULL_CONTROL && (User::isAdmin() || User::isSuperAdmin()); $bln_public_cal_and_edit_allowed = $arr_calendar['share_type'] == 'public' && $arr_calendar['can_edit']; if (User::isLoggedIn() && $bln_admin_and_full_control) { // don't check on user_id } else { if (!User::isLoggedIn() && $bln_public_cal_and_edit_allowed) { // don't check on user_id } else { $str_query .= ' AND user_id = ' . $_SESSION['calendar-uid']['uid']; } } $obj_result = mysqli_query($obj_db, $str_query); if ($obj_result !== false) { $str_query = 'SELECT *, event_id as id, concat_ws(" ",date_start,time_start) as start,concat_ws(" ",date_end,time_end) as end ' . 'FROM events WHERE event_id = ' . $frm_submitted['event_id']; $obj_result = mysqli_query($obj_db, $str_query); $arr_event = mysqli_fetch_array($obj_result, MYSQLI_ASSOC); $arr_event['allDay'] = $arr_event['allDay'] == 0 ? false : true; $arr_event['allowEdit'] = User::canEdit($arr_event['user_id']); $arr_event['deletable'] = User::canDelete($arr_event['user_id']); return $arr_event; } return false; }
public static function resizeEvent($frm_submitted) { global $link; global $hostname, $username, $password, $database, $eventTable, $repeatTable; //$link = mysqli_connect($hostname, $username, $password, $database); if ($link === FALSE) { $error = "Database connection failed"; printf("Connect failed: %s\n", mysqli_connect_error()); exit; } mysqli_set_charset($link, 'utf8'); $frm_submitted['date_start'] -= TIME_OFFSET; $frm_submitted['date_end'] -= TIME_OFFSET; $str_query = 'UPDATE ' . $eventTable . ' SET date_start = "' . date('Y-m-d', $frm_submitted['date_start']) . '" ' . ', date_end = "' . date('Y-m-d', $frm_submitted['date_end']) . '" ' . ', time_start = "' . date('H:i:s', $frm_submitted['date_start']) . '" ' . ', time_end = "' . date('H:i:s', $frm_submitted['date_end']) . '" ' . ' WHERE event_id = ' . $frm_submitted['event_id']; if (defined('USERS_CAN_CHANGE_ITEMS_FROM_OTHERS') && USERS_CAN_CHANGE_ITEMS_FROM_OTHERS) { // don't check on user_id } else { $str_query .= ' AND user_id = ' . $_SESSION['calendar-uid']['uid']; } $obj_result = mysqli_query($link, $str_query); if ($obj_result !== false) { $str_query = 'SELECT *, event_id as id, concat_ws(" ",date_start,time_start) as start,concat_ws(" ",date_end,time_end) as end ' . 'FROM ' . $eventTable . ' WHERE event_id = ' . $frm_submitted['event_id']; $obj_result = mysqli_query($link, $str_query); $arr_event = mysqli_fetch_array($obj_result, MYSQLI_ASSOC); $arr_event['allDay'] = $arr_event['allDay'] == 0 ? false : true; $arr_event['allowEdit'] = User::canEdit($arr_event['user_id']); $arr_event['deletable'] = User::canDelete($arr_event['user_id']); return $arr_event; } return false; }
public static function _doUpdateMember() { // user attempting to make changes $respUser = User::find(intval($_SESSION['userid'])); $respMember = Member::find(intval($_SESSION['memberid'])); // member being changed $memberData = $_POST['memberData']; $member = Member::findByMemberId($memberData['member_id']); $user = User::findByMemberId(Member::findId($memberData['member_id'])); // only update values allowed by role if (!User::isDev()) { if ($respUser->role < 2) { unset($memberData['squad_id'], $memberData['position_id'], $memberData['platoon_id']); } if ($respUser->role < 3) { unset($memberData['platoon_id']); } } // only continue if we have permission to edit the user if (User::canEdit($memberData['member_id'], $respUser, $member) == true) { // don't log if user edits their own profile if ($respMember->member_id != $member->member_id) { UserAction::create(array('type_id' => 3, 'date' => date("Y-m-d H:i:s"), 'user_id' => $respMember->member_id, 'target_id' => $member->member_id)); } // validate recruiter if ($memberData['recruiter'] != 0 && !Member::exists($memberData['recruiter'])) { $data = array('success' => false, 'message' => "Recruiter id is invalid."); // validate squad leader / squad_id setting } else { if ($respMember->member_id != $member->member_id && $memberData['position_id'] == 5 && $memberData['squad_id'] != 0) { $data = array('success' => false, 'message' => "Squad leaders cannot be in a squad."); } else { // update member info Member::modify($memberData); } } // update games if (isset($_POST['played_games'])) { $games = $_POST['played_games']; foreach ($games as $game) { $params = new stdClass(); $params->member_id = $member->id; $params->game_id = $game; MemberGame::add($params); } } // update user if (isset($_POST['userData'])) { $userData = $_POST['userData']; // wish I had a better way to do this... yuck $userData['developer'] = isset($userData['developer']) ? $userData['developer'] : 0; if (!User::isDev()) { unset($userData['developer']); } if ($respMember->member_id != $member->member_id && $user->role >= $respUser->role && !User::isDev()) { $data = array('success' => false, 'message' => "You are not authorized to make that change."); } else { User::modify($userData); } } // update aliases if (isset($_POST['userAliases'])) { $aliases = $_POST['userAliases']; foreach ($aliases as $type => $value) { $type = Handle::findByName($type)->id; if ($value != '') { $params = array('member_id' => $memberData['id'], 'handle_type' => $type, 'handle_value' => trim($value), 'handle_account_id' => '0', 'invalid' => '0', 'invalid_date' => '0000-00-00'); $id = MemberHandle::hasAlias($type, $memberData['id']); if ($id) { $params['id'] = $id; MemberHandle::modify($params); } else { MemberHandle::add($params); } } } } } else { $data = array('success' => false, 'message' => 'You do not have permission to modify this player.'); } if (!isset($data['success'])) { $data = array('success' => true, 'message' => "Member information updated!"); } // print out a pretty response echo json_encode($data); }
/** * Check if this user can add new account to this group * * @access public * @param User $user * @return boolean */ function canAddUser(User $user) { return User::canEdit($user); }