function principal_editor() { global $c, $id, $can_write_principal, $session; $editor = new Editor(translate('Principal'), 'dav_principal'); $editor->SetLookup('date_format_type', "SELECT 'E', 'European' UNION SELECT 'U', 'US Format' UNION SELECT 'I', 'ISO Format'"); $editor->SetLookup('type_id', 'SELECT principal_type_id, principal_type_desc FROM principal_type ORDER BY principal_type_id'); $editor->SetLookup('locale', 'SELECT \'\', \'' . translate("*** Default Locale ***") . '\' UNION SELECT locale, locale_name_locale FROM supported_locales ORDER BY 1 ASC'); $editor->AddAttribute('locale', 'title', translate("The preferred language for this person.")); $editor->AddAttribute('fullname', 'title', translate("The full name for this person, group or other type of principal.")); $editor->SetWhere('principal_id=' . $id); $editor->AddField('is_admin', 'EXISTS( SELECT 1 FROM role_member WHERE role_no = 1 AND role_member.user_no = dav_principal.user_no )'); $editor->AddAttribute('is_admin', 'title', translate('An "Administrator" user has full rights to the whole DAViCal System')); $post_values = false; if (isset($_POST['xxxxusername'])) { $_POST['xxxxusername'] = trim(str_replace('/', '', $_POST['xxxxusername'])); if ($_POST['xxxxusername'] == '') { $c->messages[] = i18n("The username must not be blank, and may not contain a slash"); $can_write_principal = false; } } if (isset($_POST['fullname']) && trim($_POST['fullname']) == '') { $c->messages[] = i18n("The full name must not be blank."); $can_write_principal = false; } if (isset($_POST['email']) && trim($_POST['email']) == '') { $c->messages[] = i18n("The email address really should not be blank."); } $pwstars = '@@@@@@@@@@'; if ($can_write_principal && $editor->IsSubmit()) { $editor->WhereNewRecord("principal_id=(SELECT CURRVAL('dav_id_seq'))"); if (!$session->AllowedTo('Admin')) { unset($_POST['admin_role']); unset($_POST['user_active']); } unset($_POST['password']); if ($_POST['newpass1'] != '' && $_POST['newpass1'] != $pwstars) { if ($_POST['newpass1'] == $_POST['newpass2']) { $_POST['password'] = $_POST['newpass1']; } else { $c->messages[] = "Password not updated. The supplied passwords do not match."; } } if (isset($_POST['fullname']) && !isset($_POST['displayname'])) { $_POST['displayname'] = $_POST['fullname']; } if (isset($_POST['default_privileges'])) { $privilege_bitpos = array_flip($privilege_names); $priv_names = array_keys($_POST['default_privileges']); $privs = privilege_to_bits($priv_names); $_POST['default_privileges'] = sprintf('%024s', decbin($privs)); $editor->Assign('default_privileges', $privs_dec); } if ($editor->IsCreate()) { $c->messages[] = i18n("Creating new Principal record."); } else { $c->messages[] = i18n("Updating Principal record."); } $editor->Write(); if ($_POST['type_id'] != 3 && $editor->IsCreate()) { /** We only add the default calendar if it isn't a group, and this is a create action */ require_once 'auth-functions.php'; CreateHomeCollections($editor->Value('username')); } if ($session->AllowedTo('Admin')) { if ($_POST['is_admin'] == 'on') { $sql = 'INSERT INTO role_member (role_no, user_no) SELECT 1, dav_principal.user_no FROM dav_principal WHERE user_no = :user_no AND NOT EXISTS(SELECT 1 FROM role_member rm WHERE rm.role_no = 1 AND rm.user_no = dav_principal.user_no )'; $editor->Assign('is_admin', 't'); } else { $sql = 'DELETE FROM role_member WHERE role_no = 1 AND user_no = :user_no'; $editor->Assign('is_admin', 'f'); } $params[':user_no'] = $editor->Value('user_no'); $qry = new AwlQuery($sql, $params); $qry->Exec('admin-principal-edit'); } } else { if (isset($id) && $id > 0) { $editor->GetRecord(); if ($editor->IsSubmit()) { $c->messages[] = i18n('You do not have permission to modify this record.'); } } } if ($editor->Available()) { $c->page_title = $editor->Title(translate('Principal') . ': ' . $editor->Value('fullname')); } else { $c->page_title = $editor->Title(translate('Create New Principal')); $privs = decbin(privilege_to_bits($c->default_privileges)); $editor->Assign('default_privileges', $privs); $editor->Assign('user_active', 't'); foreach ($c->template_usr as $k => $v) { $editor->Assign($k, $v); } } if ($post_values) { $editor->PostToValues(); if (isset($_POST['default_privileges'])) { $privilege_bitpos = array_flip($privilege_names); $priv_names = array_keys($_POST['default_privileges']); $privs = privilege_to_bits($priv_names); $_POST['default_privileges'] = sprintf('%024s', decbin($privs)); $editor->Assign('default_privileges', $_POST['default_privileges']); } } $prompt_principal_id = translate('Principal ID'); $value_id = $editor->Available() ? '##principal_id.hidden####principal_id.value##' : translate('New Principal'); $prompt_username = translate('Username'); $prompt_password_1 = translate('Change Password'); $prompt_password_2 = translate('Confirm Password'); $prompt_fullname = translate('Fullname'); $prompt_displayname = translate('Display Name'); $prompt_email = translate('Email Address'); $prompt_date_format = translate('Date Format Style'); $prompt_admin = translate('Administrator'); $prompt_active = translate('Active'); $prompt_locale = translate('Locale'); $prompt_type = translate('Principal Type'); $prompt_privileges = translate('Privileges granted to All Users'); $privs_html = build_privileges_html($editor, 'default_privileges'); $admin_row_entry = ''; $delete_principal_button = ''; if ($session->AllowedTo('Admin')) { $admin_row_entry = ' <tr> <th class="right">' . $prompt_admin . ':</th><td class="left">##is_admin.checkbox##</td> </tr>'; $admin_row_entry .= ' <tr> <th class="right">' . $prompt_active . ':</th><td class="left">##user_active.checkbox##</td> </tr>'; if (isset($id)) { $delete_principal_button = '<a href="' . $c->base_url . '/admin.php?action=edit&t=principal&subaction=delete_principal&id=' . $id . '" class="submit">' . translate("Delete Principal") . '</a>'; } } $id = $editor->Value('principal_id'); $template = <<<EOTEMPLATE ##form## <script language="javascript"> function toggle_privileges() { var argv = toggle_privileges.arguments; var argc = argv.length; if ( argc < 2 ) { return; } var match_me = argv[0]; var set_to = -1; if ( argv[1] == 'all' ) { var form = document.getElementById(argv[2]); var fieldcount = form.elements.length; var matching = '/^' + match_me + '/'; for (var i = 0; i < fieldcount; i++) { var fieldname = form.elements[i].name; if ( fieldname.match( match_me ) ) { if ( set_to == -1 ) { set_to = ( form.elements[i].checked ? 0 : 1 ); } form.elements[i].checked = set_to; } } } else { for (var i = 1; i < argc; i++) { var f = document.getElementById( match_me + '_' + argv[i]); if ( set_to == -1 ) { set_to = ( f.checked ? 0 : 1 ); } f.checked = set_to; } } } </script> <style> th.right, label.privilege { white-space:nowrap; } label.privilege { margin:0.2em 1em 0.2em 0.1em; padding:0 0.2em; line-height:1.6em; font-size:87%; } </style> <table> <tr> <th class="right">{$prompt_principal_id}:</th><td class="left"> <table width="100%" class="form_inner"><tr> <td>{$value_id}</td> <td align="right">{$delete_principal_button}</td> </tr></table> </td></tr> <tr> <th class="right">{$prompt_username}:</th> <td class="left">##xxxxusername.input.50##</td> </tr> <tr> <th class="right">{$prompt_password_1}:</th> <td class="left">##newpass1.password.{$pwstars}##</td> </tr> <tr> <th class="right">{$prompt_password_2}:</th> <td class="left">##newpass2.password.{$pwstars}##</td> </tr> <tr> <th class="right">{$prompt_fullname}:</th> <td class="left">##fullname.input.50##</td> </tr> <tr> <th class="right">{$prompt_email}:</th> <td class="left">##email.input.50##</td> </tr> <tr> <th class="right">{$prompt_locale}:</th> <td class="left">##locale.select##</td> </tr> <tr> <th class="right">{$prompt_date_format}:</th> <td class="left">##date_format_type.select##</td> </tr> <tr> <th class="right">{$prompt_type}:</th> <td class="left">##type_id.select##</td> </tr> {$admin_row_entry} <tr> <th class="right" style="white-space:normal;">{$prompt_privileges}:</th><td class="left">{$privs_html}</td> </tr> <tr> <th class="right"></th> <td class="left" colspan="2">##submit##</td> </tr> </table> </form> EOTEMPLATE; $editor->SetTemplate($template); return $editor; }
$editor->Assign('default_privileges', $privs_dec); } } $is_update = $_POST['_editor_action'][$editor->Id] == 'update'; if ($_POST['timezone'] == '') { unset($_POST['timezone']); } $resourcetypes = '<DAV::collection/>'; if (isset($_POST['is_calendar']) && $_POST['is_calendar'] == 'on') { $resourcetypes .= '<urn:ietf:params:xml:ns:caldav:calendar/>'; } if (isset($_POST['is_addressbook']) && $_POST['is_addressbook'] == 'on') { $resourcetypes .= '<urn:ietf:params:xml:ns:carddav:addressbook/>'; } $_POST['resourcetypes'] = $resourcetypes; if ($editor->IsCreate()) { $c->messages[] = i18n("Creating new Collection."); } else { $c->messages[] = i18n("Updating Collection record."); } if (!$editor->Write()) { $c->messages[] = i18n("Failed to write collection."); if ($id > 0) { $editor->GetRecord(); } } else { if (isset($_FILES['ics_file']['tmp_name']) && $_FILES['ics_file']['tmp_name'] != '') { /** * If the user has uploaded a .ics file as a calendar, we fake this out * as if it were a "PUT" request against a collection. This is something * of a hack. It works though :-)