/** * Returns the logged user. * * @param boolean $reset * If TREU fetches the userdata from the database. (default FALSE) * To increase performance once the user is fetched it is stored in a * static variable. * * @return mixed * User entity if there's a logged user, FALSE otherwise */ function current_user($reset = FALSE) { static $current_user; if (!isset($current_user) || $reset) { $CI = get_instance(); $uid = $CI->session->userdata('user_uid'); if ($uid !== FALSE) { // There is a logged user. $current_user = $CI->user_model->get($uid); if ($current_user && $current_user->is_active()) { // Logged user found. Set logged and return. $current_user->set_logged(); return $current_user; } elseif ($current_user && !$current_user->is_active()) { // The user is no longer active. // Kill session and redirect to login. $CI->session->sess_destroy(); redirect('login'); } } $current_user = User_entity::build(array()); $current_user->set_logged(FALSE); } return $current_user; }
public function test_api_survey_with_status_restrictions() { // Here we are testing all the API but only for status restrictions. // Every other test case should be tested elsewhere. // Cleanup self::$CI->mongo_db->dropCollection('aw_datacollection_test', 'surveys'); self::$CI->mongo_db->dropCollection('aw_datacollection_test', 'call_tasks'); $this->_reset_status_restrictions(); // Shorter statuses. $draft = Survey_entity::STATUS_DRAFT; $open = Survey_entity::STATUS_OPEN; $closed = Survey_entity::STATUS_CLOSED; $canceled = Survey_entity::STATUS_CANCELED; // Login user $this->_change_user(9903); ///////////////////////////////////////////////////////////////// // Set actions to be allowed only in Draft status. $mock_config = self::$status_resctriction_config; $mock_config['enketo collect data'] = array(Survey_entity::STATUS_DRAFT); $mock_config['enketo testrun'] = array(Survey_entity::STATUS_DRAFT); $this->_set_status_restrictions($mock_config); // Logged user is 9903 // User is agent. // Create survey. // Status open. // Valid xml file. // User is assigned to survey. $survey = Survey_entity::build(array('sid' => 1, 'status' => Survey_entity::STATUS_OPEN, 'files' => array('xml' => 'valid_survey.xml'), 'agents' => array(9903))); self::$CI->survey_model->save($survey); // Create call task self::$CI->mongo_db->insert('call_tasks', array('ctid' => 1001, 'number' => "1100500000000", 'created' => Mongo_db::date(), 'updated' => Mongo_db::date(), 'assigned' => Mongo_db::date(), 'author' => 1, 'assignee_uid' => 9903, 'survey_sid' => 1, 'activity' => array())); self::$CI->api_survey_xslt_transform(1); $result = json_decode(self::$CI->output->get_output(), TRUE); $this->assertEquals(array('code' => 403, 'message' => 'Not allowed.'), $result['status']); $this->assertArrayHasKey('xml_form', $result); self::$CI->api_survey_request_respondents(1); $result = json_decode(self::$CI->output->get_output(), TRUE); $this->assertEquals(array('code' => 403, 'message' => 'Not allowed.'), $result['status']); // User assigned to call task. // Call task is assigned to survey. // User is assigned to survey. // Survey is the one data is being submitted for. $_POST = array('csrf_aw_datacollection' => self::$CI->security->get_csrf_hash(), 'respondent' => array('ctid' => 1001, 'form_data' => '<valid><tag/></valid>')); self::$CI->api_survey_enketo_form_submit(1); $result = json_decode(self::$CI->output->get_output(), TRUE); $this->assertEquals(array('code' => 403, 'message' => 'Not allowed.'), $result['status']); ///////////////////////////////////////////////////////////////// // Test again with correct status restrictions. $mock_config = self::$status_resctriction_config; $mock_config['enketo collect data'] = array(Survey_entity::STATUS_OPEN); $mock_config['enketo testrun'] = array(Survey_entity::STATUS_OPEN); $this->_set_status_restrictions($mock_config); self::$CI->api_survey_xslt_transform(1); $result = json_decode(self::$CI->output->get_output(), TRUE); $this->assertEquals(array('code' => 200, 'message' => 'Ok!'), $result['status']); $this->assertArrayHasKey('xml_form', $result); self::$CI->api_survey_request_respondents(1); $result = json_decode(self::$CI->output->get_output(), TRUE); $this->assertEquals(array('code' => 200, 'message' => 'Ok!'), $result['status']); // User assigned to call task. // Call task is assigned to survey. // User is assigned to survey. // Survey is the one data is being submitted for. $_POST = array('csrf_aw_datacollection' => self::$CI->security->get_csrf_hash(), 'respondent' => array('ctid' => 1001, 'form_data' => '<valid><tag/></valid>')); self::$CI->api_survey_enketo_form_submit(1); $result = json_decode(self::$CI->output->get_output(), TRUE); $this->assertEquals(array('code' => 200, 'message' => 'Ok!'), $result['status']); ///////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////// // To test the manage agents api we need an admin. $this->_change_user(9901); // Logged user 9901. // User is administrator. // Create survey. // Status open. // Valid xml file. $survey = Survey_entity::build(array('sid' => 2, 'status' => Survey_entity::STATUS_OPEN, 'files' => array('xml' => 'valid_survey.xml'), 'agents' => array())); self::$CI->survey_model->save($survey); // Create new agent. // Absolute minimum properties for the test. $user_agent = User_entity::build(array('uid' => 8801, 'status' => User_entity::STATUS_ACTIVE, 'roles' => array(ROLE_CC_AGENT))); self::$CI->user_model->save($user_agent); // Set conditions. $mock_config = self::$status_resctriction_config; $mock_config['manage agents'] = array(Survey_entity::STATUS_DRAFT); $this->_set_status_restrictions($mock_config); // User is an agent. // Action assign $_POST = array('uid' => 8801, 'action' => 'assign', 'csrf_aw_datacollection' => self::$CI->security->get_csrf_hash()); self::$CI->api_survey_manage_agents(1); $result = json_decode(self::$CI->output->get_output(), TRUE); $this->assertEquals(array('code' => 403, 'message' => 'Not allowed.'), $result['status']); ///////////////////////////////////////////////////////////////// // Set conditions. $mock_config = self::$status_resctriction_config; $mock_config['manage agents'] = array(Survey_entity::STATUS_OPEN); $this->_set_status_restrictions($mock_config); // User is an agent. // Action assign $_POST = array('uid' => 8801, 'action' => 'assign', 'csrf_aw_datacollection' => self::$CI->security->get_csrf_hash()); self::$CI->api_survey_manage_agents(1); $result = json_decode(self::$CI->output->get_output(), TRUE); $this->assertEquals(array('code' => 200, 'message' => 'Ok!'), $result['status']); }
/** * Returns the users with the given roles. * @param mixed roles * Single role or array of roles the user has to have. * If an empty array is provided it will return users without roles. * If ROLE_REGISTERED is provided, all users will be returned. * @param mixed $statuses * Status or array of statuses to query for. Providing NULL is the same as * providing all the statuses. * By default only returns all users. * * Note: Users with deleted status will never be returned. They are left * in the database for consistency reasons but they are deleted. * * @return User_entity */ public function get_with_role($roles, $statuses = User_entity::STATUS_ACTIVE) { if (!is_array($roles)) { $roles = array($roles); } if ($statuses != NULL) { $statuses = !is_array($statuses) ? array($statuses) : $statuses; $this->mongo_db->whereIn('status', $statuses); } if (!in_array(ROLE_REGISTERED, $roles)) { if (empty($roles)) { $this->mongo_db->where('roles', array()); } else { $this->mongo_db->whereInAll('roles', $roles); } } $result = $this->mongo_db->whereNe('status', User_entity::STATUS_DELETED)->get(self::COLLECTION); $users = array(); foreach ($result as $value) { $users[] = User_entity::build($value); } return $users; }
/** * Used by user_add * When adding an account. */ protected function _add_account() { $this->form_validation->set_rules('user_name', 'Name', 'trim|required|xss_clean'); $this->form_validation->set_rules('user_username', 'Username', 'trim|required|xss_clean|alpha_dash|callback__cb_check_unique[username]'); $this->form_validation->set_rules('user_email', 'Email', 'trim|required|xss_clean|valid_email|callback__cb_check_unique[email]'); $this->form_validation->set_rules('user_new_password', 'Password', 'trim|required|min_length[8]'); $this->form_validation->set_rules('user_roles', 'Roles', 'callback__cb_check_roles'); $this->form_validation->set_rules('user_status', 'Status', 'callback__cb_check_status'); // To be picked up by the validation object needs a rule, even if empty. $this->form_validation->set_rules('user_notify', 'Notify'); $this->form_validation->set_error_delimiters('<small class="error">', '</small>'); if ($this->form_validation->run() == FALSE) { $this->load->view('base/html_start'); $this->load->view('components/navigation', array('active_menu' => 'users')); $this->load->view('users/user_form', array('user' => NULL, 'action' => 'add')); $this->load->view('base/html_end'); } else { // Some values can be set in the constructor. $userdata = array('name' => $this->input->post('user_name'), 'username' => $this->input->post('user_username'), 'email' => $this->input->post('user_email'), 'author' => current_user()->uid); $user = User_entity::build($userdata); $user->set_password(hash_password($this->input->post('user_new_password')))->set_status($this->input->post('user_status'))->set_roles($this->input->post('user_roles')); // Save $this->user_model->save($user); // Notify user? if ($this->input->post('user_notify') == 'notify') { $this->load->library('email'); $this->email->from($this->config->item('aw_admin_email'), $this->config->item('aw_admin_name')); $this->email->to($user->email); // Load message data from config. $this->config->load('email_messages'); $message_account_created = $this->config->item('message_account_created'); // Replace placeholders. $placeholders = array('{{username}}' => $user->username, '{{name}}' => $user->name, '{{password}}' => $this->input->post('user_new_password')); $message_account_created['subject'] = strtr($message_account_created['subject'], $placeholders); $message_account_created['message'] = strtr($message_account_created['message'], $placeholders); $this->email->subject($message_account_created['subject']); $this->email->message($message_account_created['message']); $this->email->send(); } if ($this->user_model->save($user)) { Status_msg::success('User successfully created.'); } else { Status_msg::error('Error creating user. Try again.'); } redirect('users'); } }