/** * @return int * @param Team $team * @desc Save the supplied Team to the database, and return the id */ public function SaveTeam(Team $team) { # First job is to check permissions. There are several scenarios: # - adding regular teams requires the highest privileges # - adding once-only teams requires low privileges # - editing teams has less access for a team owner than for a site admin # # Important to check the previous team type from the database before trusting # the one submitted, as changing the team type changes editing privileges $user = AuthenticationManager::GetUser(); $is_admin = $user->Permissions()->HasPermission(PermissionType::MANAGE_TEAMS); $is_team_owner = $user->Permissions()->HasPermission(PermissionType::MANAGE_TEAMS, $team->GetLinkedDataUri()); $adding = !(bool) $team->GetId(); $old_team = null; if (!$adding) { $this->ReadById(array($team->GetId())); $old_team = $this->GetFirst(); $team->SetTeamType($this->GetPermittedTeamType($old_team->GetTeamType(), $team->GetTeamType())); } $is_once_only = $team->GetTeamType() == Team::ONCE; # To add a regular team we need global manage teams permission if ($adding and !$is_once_only and !$is_admin) { throw new Exception("Unauthorised"); } # To edit a team we need global manage teams permission, or team owner permission if (!$adding and !$is_admin and !$is_team_owner) { throw new Exception("Unauthorised"); } # Only an admin can change the short URL after the team is created if ($adding or $is_admin) { # Set up short URL manager # Before changing the short URL, important that $old_team has a note of the current resource URI require_once 'http/short-url-manager.class.php'; $o_url_manager = new ShortUrlManager($this->GetSettings(), $this->GetDataConnection()); $new_short_url = $o_url_manager->EnsureShortUrl($team); } # build query $i_club_id = !is_null($team->GetClub()) ? $team->GetClub()->GetId() : null; $allowed_html = array('p', 'br', 'strong', 'em', 'a[href]', 'ul', 'ol', 'li'); $school_years = $team->GetSchoolYears(); $school_years_sql = "year1 = " . Sql::ProtectBool(array_key_exists(1, $school_years) and $school_years[1], false, false) . ", \r\n year2 = " . Sql::ProtectBool(array_key_exists(2, $school_years) and $school_years[2], false, false) . ", \r\n year3 = " . Sql::ProtectBool(array_key_exists(3, $school_years) and $school_years[3], false, false) . ", \r\n year4 = " . Sql::ProtectBool(array_key_exists(4, $school_years) and $school_years[4], false, false) . ", \r\n year5 = " . Sql::ProtectBool(array_key_exists(5, $school_years) and $school_years[5], false, false) . ", \r\n year6 = " . Sql::ProtectBool(array_key_exists(6, $school_years) and $school_years[6], false, false) . ", \r\n year7 = " . Sql::ProtectBool(array_key_exists(7, $school_years) and $school_years[7], false, false) . ", \r\n year8 = " . Sql::ProtectBool(array_key_exists(8, $school_years) and $school_years[8], false, false) . ", \r\n year9 = " . Sql::ProtectBool(array_key_exists(9, $school_years) and $school_years[9], false, false) . ", \r\n year10 = " . Sql::ProtectBool(array_key_exists(10, $school_years) and $school_years[10], false, false) . ", \r\n year11 = " . Sql::ProtectBool(array_key_exists(11, $school_years) and $school_years[11], false, false) . ", \r\n year12 = " . Sql::ProtectBool(array_key_exists(12, $school_years) and $school_years[12], false, false) . ", "; # if no id, it's a new Team; otherwise update the Team if ($adding) { $sql = 'INSERT INTO nsa_team SET ' . "team_name = " . $this->SqlString($team->GetName()) . ", \r\n comparable_name = " . Sql::ProtectString($this->GetDataConnection(), $team->GetComparableName(), false) . ",\r\n club_id = " . Sql::ProtectNumeric($i_club_id, true) . ", \r\n website = " . $this->SqlString($team->GetWebsiteUrl()) . ", " . 'ground_id = ' . Sql::ProtectNumeric($team->GetGround()->GetId(), true) . ', ' . 'active = ' . Sql::ProtectBool($team->GetIsActive()) . ", \r\n team_type = " . Sql::ProtectNumeric($team->GetTeamType()) . ", \r\n {$school_years_sql}\r\n player_type_id = " . Sql::ProtectNumeric($team->GetPlayerType()) . ",\r\n intro = " . $this->SqlHtmlString($team->GetIntro(), $allowed_html) . ",\r\n playing_times = " . $this->SqlHtmlString($team->GetPlayingTimes(), $allowed_html) . ", \r\n cost = " . $this->SqlHtmlString($team->GetCost(), $allowed_html) . ", " . "contact = " . $this->SqlHtmlString($team->GetContact(), $allowed_html) . ", " . "contact_nsa = " . $this->SqlHtmlString($team->GetPrivateContact(), $allowed_html) . ", " . "short_url = " . $this->SqlString($team->GetShortUrl()) . ", \r\n update_search = " . ($is_once_only ? "0" : "1") . ", \r\n date_added = " . gmdate('U') . ', ' . 'date_changed = ' . gmdate('U') . ", " . "modified_by_id = " . Sql::ProtectNumeric($user->GetId()); # run query $this->LoggedQuery($sql); # get autonumber $team->SetId($this->GetDataConnection()->insertID()); # Create default extras players require_once "player-manager.class.php"; $player_manager = new PlayerManager($this->GetSettings(), $this->GetDataConnection()); $player_manager->CreateExtrasPlayersForTeam($team->GetId()); unset($player_manager); # Create owner role require_once "authentication/authentication-manager.class.php"; require_once "authentication/role.class.php"; $authentication_manager = new AuthenticationManager($this->GetSettings(), $this->GetDataConnection(), null); $role = new Role(); $role->setRoleName("Team owner: " . $team->GetName()); $role->Permissions()->AddPermission(PermissionType::MANAGE_TEAMS, $team->GetLinkedDataUri()); $authentication_manager->SaveRole($role); $sql = "UPDATE nsa_team SET owner_role_id = " . Sql::ProtectNumeric($role->getRoleId(), false, false) . ' WHERE team_id = ' . Sql::ProtectNumeric($team->GetId()); $this->LoggedQuery($sql); # If creating a once-only team, make the current user an owner if ($is_once_only and !$is_admin) { $authentication_manager->AddUserToRole($user->GetId(), $role->getRoleId()); $authentication_manager->LoadUserPermissions(); } unset($authentication_manager); } else { # Now update the team, depending on permissions $sql = 'UPDATE nsa_team SET ' . "website = " . $this->SqlString($team->GetWebsiteUrl()) . ", " . "intro = " . $this->SqlHtmlString($team->GetIntro(), $allowed_html) . ", " . "cost = " . $this->SqlHtmlString($team->GetCost(), $allowed_html) . ", " . "contact = " . $this->SqlHtmlString($team->GetContact(), $allowed_html) . ", " . "contact_nsa = " . $this->SqlHtmlString($team->GetPrivateContact(), $allowed_html) . ", \r\n update_search = " . ($is_once_only ? "0" : "1") . ", \r\n date_changed = " . gmdate('U') . ", \r\n modified_by_id = " . Sql::ProtectNumeric($user->GetId()) . ' '; if (!$is_once_only) { $sql .= ", \r\n active = " . Sql::ProtectBool($team->GetIsActive()) . ", \r\n team_type = " . Sql::ProtectNumeric($team->GetTeamType()) . ",\r\n {$school_years_sql}\r\n ground_id = " . Sql::ProtectNumeric($team->GetGround()->GetId(), true) . ", \r\n playing_times = " . $this->SqlHtmlString($team->GetPlayingTimes(), $allowed_html); } if ($is_admin or $is_once_only) { $sql .= ",\r\n team_name = " . $this->SqlString($team->GetName()); } if ($is_admin) { $sql .= ",\r\n club_id = " . Sql::ProtectNumeric($i_club_id, true) . ", \r\n player_type_id = " . Sql::ProtectNumeric($team->GetPlayerType()) . ", \r\n comparable_name = " . Sql::ProtectString($this->GetDataConnection(), $team->GetComparableName(), false) . ",\r\n short_url = " . $this->SqlString($team->GetShortUrl()) . " "; } $sql .= "WHERE team_id = " . Sql::ProtectNumeric($team->GetId()); $this->LoggedQuery($sql); # In case team name changed, update stats table if ($is_admin or $is_once_only) { $sql = "UPDATE nsa_player_match SET team_name = " . $this->SqlString($team->GetName()) . " WHERE team_id = " . Sql::ProtectNumeric($team->GetId()); $this->LoggedQuery($sql); $sql = "UPDATE nsa_player_match SET opposition_name = " . $this->SqlString($team->GetName()) . " WHERE opposition_id = " . Sql::ProtectNumeric($team->GetId()); $this->LoggedQuery($sql); } } if ($adding or $is_admin) { # Regenerate short URLs if (is_object($new_short_url)) { $new_short_url->SetParameterValuesFromObject($team); $o_url_manager->Save($new_short_url); if (!$adding) { $o_url_manager->ReplacePrefixForChildUrls(Player::GetShortUrlFormatForType($this->GetSettings()), $old_team->GetShortUrl(), $team->GetShortUrl()); $old_prefix = $this->SqlString($old_team->GetShortUrl() . "/%"); $new_prefix = $this->SqlString($team->GetShortUrl()); $sql = "UPDATE nsa_player_match SET\r\n player_url = CONCAT({$new_prefix}, RIGHT(player_url,CHAR_LENGTH(player_url)-LOCATE('/',player_url)+1))\r\n WHERE player_url LIKE {$old_prefix}"; $this->LoggedQuery($sql); } } unset($o_url_manager); # Owner permission is based on the resource URI, which in turn is based on short URL, # so if it's changed update the permissions if ($old_team instanceof Team) { $old_resource_uri = $old_team->GetLinkedDataUri(); $new_resource_uri = $team->GetLinkedDataUri(); if ($old_resource_uri != $new_resource_uri) { $permissions_table = $this->GetSettings()->GetTable("PermissionRoleLink"); $sql = "UPDATE {$permissions_table} SET resource_uri = " . $this->SqlString($new_resource_uri) . " WHERE resource_uri = " . $this->SqlString($old_resource_uri); $this->LoggedQuery($sql); } } } if (!$is_once_only) { # Request search update for affected competitions $sql = "UPDATE nsa_competition SET update_search = 1 WHERE competition_id IN \r\n (\r\n SELECT competition_id FROM nsa_season WHERE season_id IN\r\n (\r\n SELECT season_id FROM nsa_team_season WHERE team_id = " . SQL::ProtectNumeric($team->GetId(), false) . " \r\n )\r\n )"; $this->LoggedQuery($sql); # Request searched update for effects of changing the team name $sql = "UPDATE nsa_player SET update_search = 1 WHERE team_id = " . SQL::ProtectNumeric($team->GetId(), false); $this->LoggedQuery($sql); $sql = "UPDATE nsa_match SET update_search = 1 WHERE match_id IN ( SELECT match_id FROM nsa_match_team WHERE team_id = " . SQL::ProtectNumeric($team->GetId(), false) . ")"; $this->LoggedQuery($sql); # Request search update for changing the team home ground $sql = "UPDATE nsa_ground SET update_search = 1 WHERE ground_id = " . Sql::ProtectNumeric($team->GetGround()->GetId(), false); $this->LoggedQuery($sql); } return $team->GetId(); }