/**
* Write the roles associated with the user
* @return Success.
*/
function WriteRoles()
{
global $c, $session;
if (isset($_POST['roles']) && is_array($_POST['roles'])) {
$roles = "";
$params = array();
foreach ($_POST['roles'] as $k => $v) {
if ($v && $v != "off") {
$roles .= $roles == '' ? '' : ', ';
$roles .= AwlQuery::quote($k);
}
}
$qry = new AwlQuery();
if ($roles == '') {
$succeeded = $qry->QDo('DELETE FROM role_member WHERE user_no = ' . $this->user_no);
} else {
$succeeded = $qry->Begin();
$sql = 'DELETE FROM role_member WHERE user_no = ' . $this->user_no;
$sql .= ' AND role_no NOT IN (SELECT role_no FROM roles WHERE role_name IN (' . $roles . ') )';
if ($succeeded) {
$succeeded = $qry->QDo($sql);
}
$sql = 'INSERT INTO role_member (role_no, user_no)';
$sql .= ' SELECT role_no, ' . $this->user_no . ' FROM roles WHERE role_name IN (' . $roles . ')';
$sql .= ' EXCEPT SELECT role_no, user_no FROM role_member';
if ($succeeded) {
$succeeded = $qry->QDo($sql);
}
if ($succeeded) {
$qry->Commit();
} else {
$qry->Rollback();
}
}
if (!$succeeded) {
$c->messages[] = i18n('ERROR: There was a database error writing the roles information!');
$c->messages[] = i18n('Please note the time and advise the administrator of your system.');
return false;
}
}
return true;
}
function ticket_row_editor()
{
global $c, $id, $editor, $can_write_principal, $privilege_names;
$ticketrow = new Editor("Tickets", "access_ticket");
$ticketrow->SetSubmitName('ticketrow');
if ($can_write_principal && $ticketrow->IsSubmit()) {
$username = $editor->Value('username');
$ugly_path = $_POST['target'];
if ($ugly_path == '/' . $username || $ugly_path == '/' . $username . '/') {
$target_collection = $id;
} else {
$username_len = strlen($username) + 2;
$sql = "SELECT collection_id FROM collection WHERE dav_name = :exact_name";
$sql .= " AND substring(dav_name FROM 1 FOR {$username_len}) = '/{$username}/'";
$params = array(':exact_name' => $ugly_path);
if (!preg_match('#/$#', $ugly_path)) {
$sql .= " OR dav_name = :truncated_name OR dav_name = :trailing_slash_name";
$params[':truncated_name'] = preg_replace('#[^/]*$#', '', $ugly_path);
$params[':trailing_slash_name'] = $ugly_path . "/";
}
$sql .= " ORDER BY LENGTH(dav_name) DESC LIMIT 1";
$qry = new AwlQuery($sql, $params);
if ($qry->Exec() && $qry->rows() > 0) {
$row = $qry->Fetch();
$target_collection = $row->collection_id;
} else {
$c->messages[] = translate('Can only add tickets for existing collection paths which you own');
return $ticketrow;
}
}
$_POST['dav_owner_id'] = $id;
$_POST['target_collection_id'] = $target_collection;
$ticket_id = check_by_regex($_POST['ticket_id'], '/[A-Za-z0-9]+/');
$ticketrow->SetWhere('dav_owner_id=' . $id . ' AND ticket_id=' . AwlQuery::quote($ticket_id));
if (isset($_POST['ticket_privileges'])) {
$privilege_bitpos = array_flip($privilege_names);
$priv_names = array_keys($_POST['ticket_privileges']);
$privs_dec = privilege_to_bits($priv_names);
$_POST['privileges'] = sprintf('%024s', decbin($privs_dec));
$ticketrow->Assign('privileges', $privs_dec);
}
$c->messages[] = translate('Creating new ticket granting privileges to this Principal');
$ticketrow->Write();
}
return $ticketrow;
}
/**
* Builds a where clause to match the supplied keys
* @param boolean $overwrite_values Controls whether the data values for the key fields will be forced to match the key values
* @return string A simple SQL where clause, including the initial "WHERE", for each key / value.
*/
function _BuildWhereClause($overwrite_values = false)
{
$where = "";
foreach ($this->Keys as $k => $v) {
// At least assign the key fields...
if ($overwrite_values) {
$this->Values->{$k} = $v;
}
// And build the WHERE clause
$where .= $where == '' ? 'WHERE ' : ' AND ';
$where .= $k . '=' . AwlQuery::quote($v);
}
if (isset($this->OtherWhere) && is_array($this->OtherWhere)) {
foreach ($this->OtherWhere as $t => $and_where) {
if (!preg_match('/^\\s*$/', $and_where)) {
$where .= ($where == '' ? 'WHERE ' : ' AND (') . $and_where . ')';
}
}
}
return $where;
}
