function validateView()
{
global $auth;
global $PH;
$prefix = confGet('DB_TABLE_PREFIX');
### all ###
if ($auth->cur_user->user_rights & RIGHT_VIEWALL) {
return true;
}
### all companies ###
if ($auth->cur_user->user_rights & RIGHT_COMPANY_VIEWALL) {
return true;
}
$str = "SELECT COUNT(*) from {$prefix}company c, {$prefix}project p, {$prefix}projectperson upp\r\n WHERE\r\n upp.person = {$auth->cur_user->id}\r\n AND upp.state = 1 /* upp all user projectpeople */\r\n\r\n AND p.id = upp.project /* all user projects */\r\n AND c.id = p.company /* all companies */\r\n AND c.id = {$this->id}\r\n AND c.state = 1\r\n ";
$dbh = new DB_Mysql();
$sth = $dbh->prepare($str);
$sth->execute("", 1);
$tmp = $sth->fetchall_assoc();
$count = $tmp[0]['COUNT(*)'];
if ($count == 1) {
return true;
} else {
if ($count > 1) {
$PH->abortWarning(__("not available"), ERROR_RIGHTS);
} else {
$PH->abortWarning(__("not available"), ERROR_RIGHTS);
}
}
}
static function getCreatedRecently($person_id = NULL)
{
if (!$person_id) {
global $auth;
$person_id = $auth->cur_user->id;
} else {
$person_id = intval($person_id);
}
$prefix = confGet('DB_TABLE_PREFIX');
require_once confGet('DIR_STREBER') . 'db/class_issue.inc.php';
$dbh = new DB_Mysql();
$sth = $dbh->prepare("SELECT i.*, iss.*\r\n from {$prefix}item i, {$prefix}issue iss\r\n WHERE i.created_by={$person_id}\r\n AND i.type = '" . ITEM_ISSUE . "'\r\n AND iss.id = i.id\r\n AND i.state = 1\r\n ORDER BY i.created DESC\r\n ")->execute();
$tmp = $sth->fetchall_assoc();
$issues = array();
foreach ($tmp as $n) {
$issue = new Issue($n);
$issues[] = $issue;
}
return $issues;
}
static function getItemChanges($args = NULL)
{
global $auth;
$prefix = confGet('DB_TABLE_PREFIX');
### default params ###
$item = NULL;
$date_min = NULL;
$date_max = NULL;
$person = NULL;
$field = NULL;
$project = NULL;
$order_by = 'modified';
### filter params ###
if ($args) {
foreach ($args as $key => $value) {
if (!isset(${$key}) && !is_null(${$key}) && !${$key} === "") {
trigger_error("unknown parameter", E_USER_NOTICE);
} else {
${$key} = $value;
}
}
}
$str_project = $project ? "AND c.project= " . intval($project) : '';
$str_item = $item ? "AND c.item=" . intval($item) : '';
$str_date_min = $date_min ? "AND c.modified >= '" . asCleanString($date_min) . "'" : '';
$str_date_max = $date_max ? "AND c.modified <= '" . asCleanString($date_max) . "'" : '';
$str_field = $field ? "AND c.field ='" . asCleanString($field) . "'" : '';
$str_person = $person ? "AND c.modified_by = " . intval($person) : '';
### show all ###
$str_query = "SELECT c.* from {$prefix}itemchange c\r\n WHERE 1\r\n {$str_project}\r\n {$str_item}\r\n {$str_person}\r\n {$str_field}\r\n {$str_date_max}\r\n {$str_date_min}\r\n " . getOrderByString($order_by);
$dbh = new DB_Mysql();
$sth = $dbh->prepare($str_query);
$sth->execute("", 1);
$tmp = $sth->fetchall_assoc();
$item_changes = array();
foreach ($tmp as $t) {
$c = new ItemChange($t);
$item_changes[] = $c;
}
return $item_changes;
}
/**
* getAssignedPeople
*/
function getAssignedPeople($visible_only = true)
{
global $auth;
$prefix = confGet('DB_TABLE_PREFIX');
$dbh = new DB_Mysql();
$order_by = "pers.name";
$query_str = "SELECT i.*, pers.* from {$prefix}item i, {$prefix}person pers, {$prefix}taskperson tp, {$prefix}item itp\r\n WHERE\r\n pers.state = 1\r\n\r\n AND pers.id = i.id\r\n AND pers.id = tp.person\r\n AND tp.task= {$this->id}\r\n AND tp.id = itp.id\r\n AND itp.state = 1\r\n\r\n ORDER BY {$order_by}";
$sth = $dbh->prepare($query_str);
$sth->execute("", 1);
$tmp = $sth->fetchall_assoc();
$people = array();
#--- return all ---
if (!$visible_only || $auth->cur_user->user_rights & RIGHT_PROJECT_ASSIGN) {
foreach ($tmp as $t) {
$people[] = new Person($t);
}
return $people;
} else {
$project = Project::getById($this->project);
foreach ($tmp as $t) {
$p = new Person($t);
if ($project->isPersonVisibleTeamMember($p)) {
$people[] = $p;
}
}
return $people;
}
}
/**
* return files attached to project
* @@@ todo:
* - refacture status_min/max evaluation only if !is_null
*
*/
static function getAll($args = NULL)
{
global $auth;
$prefix = confGet('DB_TABLE_PREFIX');
### default params ###
$project = NULL;
$latest_only = true;
$order_by = "name";
$status_min = STATUS_UNDEFINED;
$status_max = STATUS_CLOSED;
$visible_only = true;
# use project rights settings
$alive_only = true;
# ignore deleted
$parent_item = NULL;
#
$images_only = false;
$date_min = NULL;
$date_max = NULL;
$org_file = NULL;
$id = NULL;
$created_by = NULL;
### filter params ###
if ($args) {
foreach ($args as $key => $value) {
if (!isset(${$key}) && !is_null(${$key}) && !${$key} === "") {
trigger_error("unknown parameter", E_USER_NOTICE);
} else {
${$key} = $value;
}
}
}
$str_project = $project ? 'AND i.project=' . intval($project) : '';
$str_project2 = $project ? 'AND upp.project=' . intval($project) : '';
$str_is_alive = $alive_only ? 'AND i.state=' . ITEM_STATE_OK : '';
$str_date_min = $date_min ? "AND i.modified >= '" . asCleanString($date_min) . "'" : '';
$str_date_max = $date_max ? "AND i.modified <= ' " . asCleanString($date_max) . "'" : '';
$str_is_image = $images_only ? 'AND f.is_image!=0' : '';
$str_latest_only = $latest_only ? 'AND f.is_latest!=0' : '';
$str_created_by = $created_by ? 'AND i.modified_by =' . intval($created_by) : '';
$str_parent_item = !is_null($parent_item) ? 'AND f.parent_item=' . intval($parent_item) : '';
$str_org_file = $org_file ? "AND f.org_file = '" . intval($org_file) . "'" : "";
$str_id = $id ? "AND f.id = " . intval($id) : "";
if ($auth->cur_user->user_rights & RIGHT_VIEWALL) {
$str_projectperson = "";
} else {
$str_projectperson = "AND upp.person = {$auth->cur_user->id}";
}
if ($visible_only) {
$str_query = "SELECT DISTINCT i.*, f.* from {$prefix}item i, {$prefix}file f, {$prefix}projectperson upp\r\n WHERE\r\n i.type = '" . ITEM_FILE . "'\r\n {$str_project}\r\n {$str_projectperson}\r\n {$str_project2}\r\n\r\n {$str_is_alive}\r\n AND ( i.pub_level >= upp.level_view\r\n OR\r\n i.created_by = {$auth->cur_user->id}\r\n )\r\n\r\n AND i.id = f.id\r\n\t\t\t\t {$str_id}\r\n {$str_created_by}\r\n {$str_is_image}\r\n {$str_parent_item}\r\n {$str_org_file}\r\n {$str_latest_only}\r\n AND f.status >= {$status_min}\r\n AND f.status <= {$status_max}\r\n {$str_date_max}\r\n {$str_date_min}\r\n\r\n " . getOrderByString($order_by);
} else {
$str_query = "SELECT i.*, f.* from {$prefix}item i, {$prefix}file f\r\n WHERE\r\n i.type = '" . ITEM_FILE . "'\r\n {$str_project}\r\n {$str_is_alive}\r\n\r\n AND i.id = f.id\r\n\t\t\t {$str_id}\r\n {$str_created_by}\r\n {$str_parent_item}\r\n {$str_latest_only}\r\n AND f.status >= {$status_min}\r\n AND f.status <= {$status_max}\r\n {$str_org_file}\r\n {$str_date_max}\r\n {$str_date_min}\r\n\r\n " . getOrderByString($order_by);
}
$dbh = new DB_Mysql();
$sth = $dbh->prepare($str_query);
$sth->execute("", 1);
$tmp = $sth->fetchall_assoc();
$files = array();
require_once confGet('DIR_STREBER') . 'db/class_file.inc.php';
foreach ($tmp as $t) {
$file = new File($t);
$files[] = $file;
}
return $files;
}
/**
* get list of items from database
*
* This function is used for getting changed items for projects or by user, etc.
*/
static function getAll($args = array())
{
global $auth;
$prefix = confGet('DB_TABLE_PREFIX');
### default params ###
$project = NULL;
$order_by = "modified DESC";
$status_min = STATUS_UNDEFINED;
$status_max = STATUS_CLOSED;
$visible_only = NULL;
# use project rights settings
$alive_only = true;
# hide deleted
$date_min = NULL;
$date_max = NULL;
$modified_by = NULL;
$not_modified_by = NULL;
$show_issues = false;
$limit_rowcount = NULL;
$limit_offset = NULL;
$unviewed_only = NULL;
$type = NULL;
### filter params ###
if ($args) {
foreach ($args as $key => $value) {
if (!isset(${$key}) && !is_null(${$key}) && !${$key} === "") {
trigger_error("unknown parameter", E_USER_NOTICE);
} else {
${$key} = $value;
}
}
}
$str_show_issues = $show_issues ? '' : 'AND i.type != ' . ITEM_ISSUE;
$str_project = $project ? 'AND i.project=' . intval($project) : '';
$str_project2 = $project ? 'AND upp.project=' . intval($project) : '';
$str_state = $alive_only ? 'AND i.state=' . ITEM_STATE_OK : '';
$str_date_min = $date_min ? "AND i.modified >= '" . asCleanString($date_min) . "'" : '';
$str_date_max = $date_max ? "AND i.modified <= '" . asCleanString($date_max) . "'" : '';
$str_modified_by = $modified_by ? 'AND i.modified_by=' . intval($modified_by) : '';
$str_not_modified_by = $not_modified_by ? 'AND i.modified_by != ' . intval($not_modified_by) : '';
if (is_array($type)) {
$str_type = "AND i.type in ( " . implode(",", $type) . ")";
} else {
$str_type = $type ? "AND i.type = {$type}" : "";
}
if (!is_null($limit_offset) && !is_null($limit_rowcount)) {
$str_limit = " LIMIT " . intval($limit_offset) . "," . intval($limit_rowcount);
} else {
if ($limit_rowcount) {
$str_limit = " LIMIT " . intval($limit_rowcount);
} else {
$str_limit = '';
}
}
if (is_null($visible_only)) {
$visible_only = $auth->cur_user && $auth->cur_user->user_rights & RIGHT_VIEWALL ? false : true;
}
### only visibile for current user ###
if ($visible_only) {
$s_query = "SELECT i.* from {$prefix}item i, {$prefix}projectperson upp\r\n WHERE\r\n upp.person = {$auth->cur_user->id}\r\n AND upp.state = 1\r\n AND upp.project = i.project\r\n {$str_state}\r\n {$str_type}\r\n {$str_show_issues}\r\n {$str_project}\r\n {$str_project2}\r\n {$str_modified_by}\r\n {$str_not_modified_by}\r\n {$str_date_min}\r\n {$str_date_max}\r\n\r\n AND ( i.pub_level >= upp.level_view\r\n OR\r\n i.created_by = {$auth->cur_user->id}\r\n )\r\n\r\n " . getOrderByString($order_by) . $str_limit;
} else {
$s_query = "SELECT i.* from\r\n {$prefix}item i\r\n WHERE 1\r\n\r\n {$str_state}\r\n {$str_type}\r\n {$str_project}\r\n {$str_show_issues}\r\n {$str_modified_by}\r\n {$str_not_modified_by}\r\n {$str_date_min}\r\n {$str_date_max}\r\n\r\n " . getOrderByString($order_by) . $str_limit;
}
require_once confGet('DIR_STREBER') . 'db/class_projectperson.inc.php';
$dbh = new DB_Mysql();
$sth = $dbh->prepare($s_query);
$sth->execute("", 1);
$tmp = $sth->fetchall_assoc();
$items = array();
if ($unviewed_only) {
require_once confGet('DIR_STREBER') . "db/db_itemperson.inc.php";
$viewed_items = array();
foreach (ItemPerson::getAll(array('person' => $auth->cur_user->id)) as $vi) {
$viewed_items[$vi->item] = $vi;
}
foreach ($tmp as $n) {
$item = new DbProjectItem($n);
if ($item->modified > $auth->cur_user->date_highlight_changes && (!isset($viewed_items[$item->id]) || $item->modified > $viewed_items[$item->id]->viewed_last)) {
$items[] = $item;
}
}
} else {
foreach ($tmp as $n) {
$item = new DbProjectItem($n);
$items[] = $item;
}
}
return $items;
}
public static function getMinMaxTime($args = NULL)
{
global $auth;
$prefix = confGet('DB_TABLE_PREFIX');
$dbh = new DB_Mysql();
### default params ###
$e_ids = NULL;
### filter params ###
if ($args) {
foreach ($args as $key => $value) {
if (!isset(${$key}) && !is_null(${$key}) && !${$key} === "") {
trigger_error("unknown parameter", E_USER_NOTICE);
} else {
${$key} = $value;
}
}
}
$effort_ids = $e_ids;
if ($effort_ids) {
$str = "SELECT MIN(e.time_start), MAX(e.time_end) FROM {$prefix}effort e\r\n WHERE e.id = " . intval($effort_ids[0]);
$num = count($effort_ids);
if ($num > 1) {
for ($i = 1; $i < $num; $i++) {
$str .= " OR e.id = " . intval($effort_ids[$i]);
}
}
$str .= ";";
$sth = $dbh->prepare($str);
$sth->execute("", 1);
$tmp = $sth->fetch_row();
return $tmp;
} else {
return NULL;
}
}
public function getNextMilestone()
{
global $auth;
$prefix = confGet('DB_TABLE_PREFIX');
$dbh = new DB_Mysql();
$sth = $dbh->prepare("SELECT i.id\r\n from {$prefix}item i, {$prefix}task t\r\n WHERE\r\n t.category = " . TCATEGORY_MILESTONE . "\r\n AND t.id= i.id\r\n AND i.state = '" . ITEM_STATE_OK . "'\r\n AND i.project= {$this->id}\r\n AND t.status < " . STATUS_COMPLETED . "\r\n ORDER BY t.name, t.id\r\n ")->execute();
$tmp = $sth->fetchall_assoc();
if ($tmp) {
$tmp_values = array_values($tmp[0]);
$next_milestone = Task::getVisibleById($tmp_values[0]);
return $next_milestone;
} else {
return false;
}
}
### included database handler ###
$db_type = confGet('DB_TYPE');
if (file_exists("db/db_" . $db_type . "_class.php")) {
require_once confGet('DIR_STREBER') . "db/db_" . $db_type . "_class.php";
} else {
trigger_error("Datebase handler not found for db-type '{$db_type}'", E_USER_ERROR);
}
### include the core-classes (php5) ###
require_once confGet('DIR_STREBER') . 'db/db.inc.php';
require_once confGet('DIR_STREBER') . 'std/class_auth.inc.php';
require_once confGet('DIR_STREBER') . 'db/db_item.inc.php';
require_once confGet('DIR_STREBER') . 'std/class_pagehandler.inc.php';
### trigger db request to validate the Database is talking to us ###
$dbh = new DB_Mysql();
if (!is_null(confGet('SQL_MODE'))) {
$dbh->prepare('SET sql_mode = "' . confGet('SQL_MODE') . '"')->execute();
}
if ($result = $dbh->prepare('SELECT NOW()')) {
$result->execute();
}
measure_stop('core_includes');
if (!($requested_page_id = get('go'))) {
require_once confGet('DIR_STREBER') . "./std/check_version.inc.php";
validateEnvironment();
}
/**
* authenticate user by cookie / start translation
*/
measure_start('authorize');
if (!($user = $auth->setCurUserByCookie())) {
$user = $auth->setCurUserAsAnonymous();
static function getTaskPeople($args = NULL)
{
global $auth;
$prefix = confGet('DB_TABLE_PREFIX');
### default params ###
$date_min = NULL;
$date_max = NULL;
$created_by = NULL;
# who created assigment...
$person = NULL;
# who has was assigned...
$task = NULL;
$project = NULL;
$forward = NULL;
$state = NULL;
### filter params ###
if ($args) {
foreach ($args as $key => $value) {
if (!isset(${$key}) && !is_null(${$key}) && !${$key} === "") {
trigger_error("unknown parameter", E_USER_NOTICE);
} else {
${$key} = $value;
}
}
}
$str_project = $project ? 'AND i.project=' . intval($project) : '';
$str_created_by = $created_by ? 'AND i.created_by=' . intval($created_by) : '';
$str_date_min = $date_min ? "AND i.modified >= '" . asCleanString($date_min) . "'" : '';
$str_date_max = $date_max ? "AND i.modified <= '" . asCleanString($date_max) . "'" : '';
$str_task = $task ? 'AND tp.task =' . intval($task) : '';
$str_person = $person ? 'AND tp.person =' . intval($person) : '';
$str_forward = $forward ? 'AND tp.forward = 1' : '';
$str_state = $state ? 'AND i.state =' . intval($state) : '';
### show all ###
$str_query = "SELECT tp.*, i.* from {$prefix}taskperson tp, {$prefix}item i\r\n\t\t\t WHERE\r\n\t\t\ti.type = '" . ITEM_TASKPERSON . "'\r\n\t\t\t{$str_project}\r\n\t\t\t{$str_created_by}\r\n\t\t\t{$str_forward}\r\n\t\t\t{$str_state}\r\n\t\t\tAND tp.id = i.id\r\n\t\t\t\t{$str_person}\r\n\t\t\t\t{$str_task}\r\n\t\t\t{$str_date_max}\r\n\t\t\t{$str_date_min}\r\n\t\t\t";
$dbh = new DB_Mysql();
$sth = $dbh->prepare($str_query);
$sth->execute("", 1);
$tmp = $sth->fetchall_assoc();
$tps = array();
foreach ($tmp as $t) {
$c = new TaskPerson($t);
$tps[] = $c;
}
return $tps;
}
/**
* getComments($project=false)
*/
static function getAll($args = array())
{
global $auth;
$prefix = confGet('DB_TABLE_PREFIX');
require_once confGet('DIR_STREBER') . 'db/class_comment.inc.php';
### default params ###
$order_by = 'c.name';
$visible_only = true;
# use project rights settings
$alive_only = true;
# ignore deleted
$project = NULL;
$task = NULL;
$person = NULL;
$date_min = NULL;
$date_max = NULL;
$search = NULL;
$parent_comment = NULL;
### filter params ###
if ($args) {
foreach ($args as $key => $value) {
if (!isset(${$key}) && !is_null(${$key}) && !${$key} === "") {
trigger_error("unknown parameter", E_USER_NOTICE);
} else {
${$key} = $value;
}
}
}
$dbh = new DB_Mysql();
$str_is_alive = $alive_only ? 'AND i.state=1' : '';
$AND_person = $person ? 'AND i.created_by=' . intval($person) : '';
$AND_task = $task ? 'AND c.task=' . intval($task) : '';
$AND_match = $search ? "AND (MATCH (c.name,c.description) AGAINST ('" . asMatchString($search) . "*' IN BOOLEAN MODE))" : '';
$AND_project1 = $project ? "AND upp.project= {$project}" : "";
$AND_project2 = $project ? "AND i.project= {$project}" : "";
$AND_date_min = $date_min ? "AND i.modified >= '" . asCleanString($date_min) . "'" : '';
$AND_date_max = $date_max ? "AND i.modified <= '" . asCleanString($date_max) . "'" : '';
if (!is_null($parent_comment)) {
$AND_comment = 'AND c.comment = ' . intval($parent_comment);
} else {
$AND_comment = '';
}
if ($visible_only) {
$str_query = "SELECT i.*, c.* from {$prefix}item i, {$prefix}comment c, {$prefix}projectperson upp\r\n WHERE\r\n upp.person = {$auth->cur_user->id}\r\n {$AND_project1}\r\n AND upp.state = 1\r\n\r\n AND i.type = '" . ITEM_COMMENT . "'\r\n AND i.project = upp.project\r\n {$AND_project2}\r\n {$str_is_alive}\r\n {$AND_person}\r\n {$AND_date_min}\r\n {$AND_date_max}\r\n AND ( i.pub_level >= upp.level_view\r\n OR\r\n i.created_by = {$auth->cur_user->id}\r\n )\r\n\r\n AND c.id = i.id\r\n {$AND_task}\r\n {$AND_match}\r\n {$AND_comment}\r\n\r\n " . getOrderByString($order_by);
} else {
$str_query = "SELECT i.*, c.* from {$prefix}item i, {$prefix}comment c\r\n WHERE\r\n i.type = '" . ITEM_COMMENT . "'\r\n {$AND_project2}\r\n {$str_is_alive}\r\n {$AND_person}\r\n {$AND_date_min}\r\n {$AND_date_max}\r\n\r\n AND c.id = i.id\r\n {$AND_task}\r\n {$AND_comment}\r\n {$AND_match}\r\n\r\n " . getOrderByString($order_by);
}
$sth = $dbh->prepare($str_query);
$sth->execute("", 1);
$tmp = $sth->fetchall_assoc();
$comments = array();
foreach ($tmp as $n) {
$comment = new Comment($n);
$comments[] = $comment;
}
return $comments;
}
public function update($args = NULL, $update_modifier = true)
{
global $auth;
$dbh = new DB_Mysql();
$prefix = confGet('DB_TABLE_PREFIX');
$update_fields = NULL;
### build hash to fast access ##
if ($args) {
$update_fields = array();
foreach ($args as $a) {
$update_fields[$a] = true;
}
}
if (!$this->id) {
trigger_error("User object without id can't be updated", E_USER_WARNING);
}
if (!sizeof($this->field_states)) {
trigger_error("need members to update to database. e.g. 'firstname,lastname,data'", E_USER_WARNING);
}
$t_pairs = array();
# the 'id' field is skipped later, because it's defined as project-item-field. so we have to add it here
foreach ($this->fields as $f) {
$name = $f->name;
### selective updates ###
if ($update_fields && !isset($update_fields[$name])) {
continue;
}
### skip project-item fields ###
if (isset($this->fields[$name]) && isset($this->fields[$name]->in_db_object) || !isset($g_item_fields[$name])) {
if (!isset($this->{$name}) && $this->{$name} != NULL) {
trigger_error("{$name} is not a member of {$this} and can't be passed to db", E_USER_WARNING);
continue;
}
if (isset($this->_values_org[$name])) {
if ($this->_values_org[$name] == stripslashes($this->{$name})) {
continue;
} else {
if ($this->fields[$name]->log_changes) {
$log_changed_fields[] = $name;
}
}
}
global $sql_obj;
$t_pairs[] = $name . '=' . "'" . asSecureString($this->{$name}) . "'";
}
}
if (count($t_pairs)) {
$str_query = 'UPDATE ' . $prefix . $this->_type . ' SET ' . join(', ', $t_pairs) . ' WHERE id=' . $this->id;
$sth = $dbh->prepare($str_query);
$sth->execute("", 1);
}
}
function getTaskAssignment($task_id = NULL)
{
$dbh = new DB_Mysql();
$prefix = confGet('DB_TABLE_PREFIX');
$task_id = intval($task_id);
$sth = $dbh->prepare("\r\n SELECT itp.*, tp.* from {$prefix}taskperson tp, {$prefix}item itp\r\n WHERE tp.person = {$this->id}\r\n AND tp.task = {$task_id}\r\n AND tp.id = itp.id\r\n AND itp.state = 1\r\n ");
$sth->execute("", 1);
$tmp = $sth->fetch_row();
$taskperson = 0;
require_once confGet('DIR_STREBER') . 'db/class_taskperson.inc.php';
//foreach($tmp as $tp) {
if ($tmp) {
$taskperson = new TaskPerson($tmp[0]);
}
return $taskperson;
}
