public function execute()
{
$action = 'browse';
if (isset($_GET['action'])) {
$action = $_GET['action'];
}
if (strcmp($action, 'browse') == 0) {
$this->groups = DbGroup::GetAll();
$this->view = GroupsAdministrationAction::$BrowseGroups;
} else {
if (strcmp($action, 'new_group') == 0) {
$this->view = GroupsAdministrationAction::$NewGroupForm;
} else {
if (strcmp($action, 'add_group') == 0) {
if (isset($_POST['group_name'])) {
$group_name = $_POST['group_name'];
//only contains the ID of the permissions
$group_perms = array();
$permissions = $this->permissions->getPermissions();
foreach ($permissions as $perm) {
if (isset($_POST[$perm->name])) {
$value = $_POST[$perm->name];
if (strcmp($value, 'on') == 0) {
$group_perms[] = $perm->id;
}
}
}
$group = DbGroup::Add($group_name);
$g_id = $group->id;
foreach ($group_perms as $p_id) {
DbGroup::AddPermission($g_id, $p_id);
}
$this->addAlert(Alert::CreateSuccess('Success', 'Group added.'));
}
$this->reexecute(array('action' => 'browse'));
} else {
if (strcmp($action, 'permissions') == 0) {
$this->mustHavePermission('manage_permissions');
$this->view = GroupsAdministrationAction::$BrowsePermissions;
} else {
if (strcmp($action, 'edit_permission') == 0) {
$this->mustHavePermission('manage_permissions');
if (isset($_GET['perm_id'])) {
$this->permission = DbPermission::GetById($_GET['perm_id']);
$this->view = GroupsAdministrationAction::$EditPermissionForm;
if ($this->permission->isNull()) {
$this->addAlert(Alert::CreateDanger('Error', 'Invalid Permission.'));
$this->reexecute(array('action' => 'permissions'));
}
} else {
$this->reexecute(array('action' => 'permissions'));
}
} else {
if (strcmp($action, 'save_permission') == 0) {
$this->mustHavePermission('manage_permissions');
if (isset($_POST['perm_id']) && isset($_POST['perm_name']) && isset($_POST['perm_value']) && isset($_POST['perm_desc'])) {
$perm_id = $_POST['perm_id'];
$perm = DbPermission::GetById($perm_id);
if (!$perm->isNull()) {
$perm->name = $_POST['perm_name'];
$perm->value = $_POST['perm_value'];
$perm->description = $_POST['perm_desc'];
DbPermission::Update($perm);
$this->addAlert(Alert::CreateSuccess('Success', 'Permission saved.'));
$this->reloadPermissions();
} else {
$this->addAlert(Alert::CreateDanger('Error', 'Invalid Permission.'));
}
}
$this->reexecute(array('action' => 'permissions'));
} else {
if (strcmp($action, 'new_permission') == 0) {
$this->mustHavePermission('manage_permissions');
$this->view = GroupsAdministrationAction::$NewPermissionForm;
} else {
if (strcmp($action, 'add_permission') == 0) {
$this->mustHavePermission('manage_permissions');
if (isset($_POST['perm_name']) && isset($_POST['perm_value']) && isset($_POST['perm_desc'])) {
$perm = new Permission();
$perm->name = $_POST['perm_name'];
$perm->value = $_POST['perm_value'];
$perm->description = $_POST['perm_desc'];
DbPermission::Add($perm);
$this->addAlert(Alert::CreateSuccess('Success', 'Permission added.'));
$this->reloadPermissions();
}
$this->reexecute(array('action' => 'permissions'));
} else {
if (strcmp($action, 'edit_group') == 0) {
if (isset($_GET['group_id'])) {
$this->group = DbGroup::GetById($_GET['group_id']);
$this->view = GroupsAdministrationAction::$EditGroupForm;
} else {
$this->reexecute(array('action' => 'browse'));
}
} else {
if (strcmp($action, 'save_group') == 0) {
if (isset($_POST['group_id']) && isset($_POST['group_name'])) {
$group_id = $_POST['group_id'];
$group_name = $_POST['group_name'];
$perm_id = array();
$permissions = $this->permissions->getPermissions();
foreach ($permissions as $perm) {
if (isset($_POST[$perm->name])) {
$value = $_POST[$perm->name];
if (strcmp($value, 'on') == 0) {
$perm_id[] = $perm->id;
}
}
}
$group = DbGroup::GetById($group_id);
if (!$group->isNull()) {
$group->name = $group_name;
DbGroup::Update($group);
DbGroup::RemovePermissions($group->id);
foreach ($perm_id as $p_id) {
DbGroup::AddPermission($group->id, $p_id);
}
$this->addAlert(Alert::CreateSuccess('Success', 'Group modified.'));
} else {
$this->addAlert(Alert::CreateDanger('Error', 'Invalid Group'));
}
}
$this->reexecute(array('action' => 'browse'));
} else {
if (strcmp($action, 'delete_group') == 0) {
if (isset($_GET['group_id'])) {
$group_id = $_GET['group_id'];
DbGroup::Delete($group_id);
$this->addAlert(Alert::CreateSuccess('Success', 'Group deleted.'));
}
$this->reexecute(array('action' => 'browse'));
} else {
if (strcmp($action, 'delete_permission') == 0) {
if (isset($_GET['permission_id'])) {
$perm_id = $_GET['permission_id'];
DbPermission::Delete($perm_id);
$this->reloadPermissions();
$this->addAlert(Alert::CreateSuccess('Success', 'Permission deleted.'));
}
$this->reexecute(array('action' => 'permissions'));
}
}
}
}
}
}
}
}
}
}
}
}
}
public function __construct($constraints = array())
{
$this->alerts = array();
$this->alertRenderer = new AlertRenderer();
if (isset($_SESSION['alerts'])) {
//fetching alerts
//clearing them when they are show
$this->alerts = $_SESSION['alerts'];
}
$this->constraints = $constraints;
$this->user = new User();
//todo
//do some methhods for getBoolConstraint, and other data type
$no_redirect = $this->getConstraint('no_redirect');
if (is_int($no_redirect)) {
$no_redirect = false;
} else {
$no_redirect = $no_redirect->value;
}
//loading settings
$settings = DbSetting::GetAll();
$this->settings = new SettingContainer($settings);
if ($this->settings->size() == 0) {
$this->initSettings();
}
if (isset($_SESSION['user_id'])) {
$user_id = $_SESSION['user_id'];
$this->user->id = $user_id;
$user = DbUser::GetById($user_id);
$perms = DbPermission::GetAll();
$this->permissions = new PermissionContainer($perms);
if (!$user->isNull()) {
$this->user = $user;
//loading permissions
$userPermissions = DbGroup::GetUserPermissions($this->user->id);
$this->userPermissions = $userPermissions->getPermissionsInt();
if ($this->user->isClearPassword()) {
//force a password change
//todo
$no_change = $this->getConstraint("no_change_password");
if (!is_int($no_change)) {
if (!$no_change->value) {
header('location: change_password.php');
}
} else {
header('location: change_password.php');
}
}
} else {
//sending the user directly to the login
if (!$no_redirect) {
header('location: login.php');
}
}
} else {
//sending the user directly to the login
if (!$no_redirect) {
header('location: login.php');
}
}
}
public static function Delete($p_id)
{
DbPermission::RemoveFromAllGroup($p_id);
$con = new DbConnection();
$query = "DELETE FROM permissions WHERE permission_id = ?";
$st = $con->prepare($query);
$st->bind_param("i", $p_id);
$st->execute();
$con->close();
}
