/**
* Echo out a series of inputs for a role editor page.
*
* This method is called via AJAX from the "Edit Role" portion of the "Manage Roles"
* page. Upon selection of a role in the dropdown on that page, this method
* finds all relevant information about the role and echoes it back as a form
* to allow for editing of the role.
*/
public function actionGetRole()
{
$output = "";
$roleInput = FilterUtil::filterArrayInput($_POST, 'Roles');
if (!empty($roleInput)) {
$roleName = isset($roleInput['name']) ? filter_var($roleInput['name'], FILTER_SANITIZE_STRING) : '';
$role = Roles::model()->findByAttributes(array('name' => $roleName));
if (isset($role)) {
$usernames = Yii::app()->db->createCommand()->select('a.username')->from('x2_users a')->join('x2_role_to_user b', 'a.id=b.userId')->where('b.roleId=:roleId AND b.type="user"', array(':roleId' => $role->id))->queryColumn();
$groupIds = Yii::app()->db->createCommand()->select('a.id')->from('x2_groups a')->join('x2_role_to_user b', 'a.id=b.userId')->where('b.roleId=:roleId AND b.type="group"', array(':roleId' => $role->id))->queryColumn();
$selected = array_merge($usernames, $groupIds);
$allUsers = X2Model::getAssignmentOptions(false, true, false);
unset($allUsers['admin']);
$sliderId = 'editTimeoutSlider';
$textfieldId = 'editTimeout';
if (isset($_GET['mode']) && in_array($_GET['mode'], array('edit', 'exception'))) {
// Handle whether this was called from editRole or roleException, they
// need different IDs to work on the same page.
$sliderId .= "-" . $_GET['mode'];
$textfieldId .= "-" . $_GET['mode'];
}
$timeoutSet = $role->timeout !== null;
$output .= "\n <div class='row' id='set-session-timeout-row'>\n <input id='set-session-timeout' type='checkbox' class='left' " . ($timeoutSet ? 'checked="checked"' : '') . ">\n <label>" . Yii::t('admin', 'Enable Session Timeout') . "</label>\n </div>\n ";
$output .= "<div id='timeout-row' class='row' " . ($timeoutSet ? '' : "style='display: none;'") . ">";
$output .= Yii::t('admin', 'Set role session expiration time (in minutes).');
$output .= "<br />";
$output .= $this->widget('zii.widgets.jui.CJuiSlider', array('value' => $role->timeout / 60, 'options' => array('min' => 5, 'max' => 1440, 'step' => 5, 'change' => "js:function(event,ui) {\n \$('#" . $textfieldId . "').val(ui.value);\n \$('#save-button').addClass('highlight');\n }", 'slide' => "js:function(event,ui) {\n \$('#" . $textfieldId . "').val(ui.value);\n }"), 'htmlOptions' => array('style' => 'width:340px;margin:10px 9px;', 'id' => $sliderId)), true);
$output .= CHtml::activeTextField($role, 'timeout', array('id' => $textfieldId, 'disabled' => $role->timeout !== null ? '' : 'disabled'));
$output .= "</div>";
Yii::app()->clientScript->registerScript('timeoutScript', "\n \$('#set-session-timeout').change (function () {\n if (\$(this).is (':checked')) {\n \$('#timeout-row').slideDown ();\n \$('#" . $textfieldId . "').removeAttr ('disabled');\n } else {\n \$('#timeout-row').slideUp ();\n \$('#" . $textfieldId . "').attr ('disabled', 'disabled');\n }\n });\n \$('#" . $textfieldId . "').val( \$('#" . $sliderId . "').slider('value') );\n ", CClientScript::POS_READY);
$output .= "<script>";
$output .= Yii::app()->clientScript->echoScripts(true);
$output .= "</script>";
$output .= "<div id='users'><label>Users</label>";
$output .= CHtml::dropDownList('users[]', $selected, $allUsers, array('class' => 'multiselect', 'multiple' => 'multiple', 'size' => 8));
$output .= "</div>";
$fields = Fields::getFieldsOfModelsWithFieldLevelPermissions();
$fieldIds = array_flip(array_map(function ($field) {
return $field->id;
}, $fields));
$viewSelected = array();
$editSelected = array();
$fieldUnselected = array();
$fieldPerms = RoleToPermission::model()->findAllByAttributes(array('roleId' => $role->id));
foreach ($fieldPerms as $perm) {
if (!isset($fieldIds[$perm->fieldId])) {
continue;
}
if ($perm->permission == 2) {
$viewSelected[] = $perm->fieldId;
$editSelected[] = $perm->fieldId;
} else {
if ($perm->permission == 1) {
$viewSelected[] = $perm->fieldId;
}
}
}
foreach ($fields as $field) {
$fieldUnselected[$field->id] = X2Model::getModelTitle($field->modelName) . " - " . $field->attributeLabel;
}
assert(count($fieldUnselected) === count(array_unique(array_keys($fieldUnselected))));
$output .= "<br /><label>View Permissions</label>";
$output .= CHtml::dropDownList('viewPermissions[]', $viewSelected, $fieldUnselected, array('class' => 'multiselect', 'multiple' => 'multiple', 'size' => 8, 'id' => 'edit-role-field-view-permissions'));
$output .= "<br /><label>Edit Permissions</label>";
$output .= CHtml::dropDownList('editPermissions[]', $editSelected, $fieldUnselected, array('class' => 'multiselect', 'multiple' => 'multiple', 'size' => 8, 'id' => 'edit-role-field-edit-permissions'));
}
}
echo $output;
}
/**
* Getter for {@link fieldPermissions}
* @return type
*/
public function getFieldPermissions()
{
$class = get_class($this);
if (!isset(self::$_fieldPermissions[$class])) {
$roles = Roles::getUserRoles(Yii::app()->getSuId());
if (!$this->isExemptFromFieldLevelPermissions) {
$permRecords = Yii::app()->db->createCommand()->select("f.fieldName,MAX(rtp.permission),f.readOnly")->from(RoleToPermission::model()->tableName() . ' rtp')->join(Fields::model()->tableName() . ' f', 'rtp.fieldId=f.id ' . 'AND rtp.roleId IN ' . AuxLib::arrToStrList($roles) . ' ' . 'AND f.modelName=:class', array(':class' => $class))->group('f.fieldName')->queryAll(false);
} else {
$permRecords = Yii::app()->db->createCommand()->select("fieldName,CAST(2 AS UNSIGNED INTEGER),readOnly")->from(Fields::model()->tableName() . ' f')->where('modelName=:class', array(':class' => $class))->queryAll(false);
}
$fieldPerms = array();
foreach ($permRecords as $record) {
// If the permissions of the user on the field are "2" (write),
// subtract the readOnly field
$fieldPerms[$record[0]] = $record[1] - (int) ((int) $record[1] === 2 ? $record[2] : 0);
}
self::$_fieldPermissions[$class] = $fieldPerms;
}
return self::$_fieldPermissions[$class];
}
echo $top;
?>
px;" id="<?php
echo $field->fieldName;
?>
">
<div class="label"><label for="Contacts_<?php
echo $field->fieldName;
?>
"><?php
echo Yii::t('contacts', $field->attributeLabel);
?>
</label></div>
<?php
$fieldPerms = RoleToPermission::model()->findAllByAttributes(array('fieldId' => $field->id));
$perms = array();
foreach ($fieldPerms as $permission) {
$perms[$permission->roleId] = $permission->permission;
}
$tempPerm = 2;
foreach ($roles as $role) {
if (array_search($role, array_keys($perms)) !== false) {
if ($perms[$role] < $tempPerm) {
$tempPerm = $perms[$role];
}
}
}
$fieldName = $field->fieldName;
isset($editor) && $editor ? $disabled = 'disabled' : ($disabled = "");
$tempPerm == 1 ? $disabled = 'disabled' : ($disabled = $disabled);
/**
* Perform the creation of a new database column.
*
* The extra work in this method is skipped over in the "newModule" scenario
* because the database schema altering commands to set up columns are
* performed separately in that case.
*
* @return type
*/
public function afterSave()
{
// Does the column already exist?
$table = Yii::app()->db->schema->tables[$this->myTableName];
$existing = array_key_exists($this->fieldName, $table->columns) && $table->columns[$this->fieldName] instanceof CDbColumnSchema;
if (!$existing) {
// Going to create the column.
$this->createColumn();
}
if ($this->keyType != 'PRI' && $this->keyType != 'FIX') {
// The key for this column is not primary/hard-coded (managed by
// X2Engine developers, and cannot be user-modified), so it can
// be allowed to change.
if ($this->keyType != null) {
$this->dropIndex();
$this->createIndex($this->keyType === 'UNI');
} else {
$this->dropIndex();
}
}
if ($this->isNewRecord) {
// A new fields permissions default to read/write for all roles
$dataProvider = new CActiveDataProvider('Roles');
foreach ($dataProvider->getData() as $role) {
$permission = new RoleToPermission();
$permission->roleId = $role->id;
$permission->fieldId = $this->id;
$permission->permission = 2;
$permission->save();
}
}
return parent::afterSave();
}
/**
* A catch all page for roles.
*
* This action renders a page with forms for the creation, editing, and deletion
* of roles. It also displays a grid with all user created roles (default
* roles are not included and cannot be edited this way).
*/
public function actionManageRoles()
{
$dataProvider = new CActiveDataProvider('Roles');
$roles = $dataProvider->getData();
$arr = array();
foreach ($roles as $role) {
$arr[$role->name] = $role->name;
}
$temp = Workflow::model()->findAll();
$workflows = array();
foreach ($temp as $workflow) {
$workflows[$workflow->id] = $workflow->name;
}
$model = new Roles();
$model->timeout = 60;
if (isset($_POST['Roles'])) {
$model->attributes = $_POST['Roles'];
if (!isset($_POST['viewPermissions'])) {
$viewPermissions = array();
} else {
$viewPermissions = $_POST['viewPermissions'];
}
if (!isset($_POST['editPermissions'])) {
$editPermissions = array();
} else {
$editPermissions = $_POST['editPermissions'];
}
if (isset($_POST['Roles']['users'])) {
$users = $model->users;
} else {
$users = array();
}
$model->users = "";
$model->timeout *= 60;
if ($model->save()) {
foreach ($users as $user) {
$role = new RoleToUser();
$role->roleId = $model->id;
if (!is_numeric($user)) {
$userRecord = User::model()->findByAttributes(array('username' => $user));
$role->userId = $userRecord->id;
$role->type = 'user';
} else {
$role->userId = $user;
$role->type = 'group';
}
/* end x2temp */
$role->save();
}
$fields = Fields::model()->findAll();
$temp = array();
foreach ($fields as $field) {
$temp[] = $field->id;
}
$both = array_intersect($viewPermissions, $editPermissions);
$view = array_diff($viewPermissions, $editPermissions);
$neither = array_diff($temp, $viewPermissions);
foreach ($both as $field) {
$rolePerm = new RoleToPermission();
$rolePerm->roleId = $model->id;
$rolePerm->fieldId = $field;
$rolePerm->permission = 2;
$rolePerm->save();
}
foreach ($view as $field) {
$rolePerm = new RoleToPermission();
$rolePerm->roleId = $model->id;
$rolePerm->fieldId = $field;
$rolePerm->permission = 1;
$rolePerm->save();
}
foreach ($neither as $field) {
$rolePerm = new RoleToPermission();
$rolePerm->roleId = $model->id;
$rolePerm->fieldId = $field;
$rolePerm->permission = 0;
$rolePerm->save();
}
} else {
foreach ($model->getErrors() as $err) {
$errors = $err;
}
$errors = implode(',', $errors);
Yii::app()->user->setFlash('error', Yii::t('admin', "Unable to save role: {errors}", array('{errors}' => $errors)));
}
$this->redirect('manageRoles');
}
$this->render('manageRoles', array('dataProvider' => $dataProvider, 'model' => $model, 'roles' => $arr, 'workflows' => $workflows));
}
public function actionGetRole()
{
if (isset($_POST['Roles'])) {
$id = $_POST['Roles']['name'];
if (is_null($id)) {
echo "";
exit;
}
$role = Roles::model()->findByAttributes(array('name' => $id));
$id = $role->id;
$roles = RoleToUser::model()->findAllByAttributes(array('roleId' => $id));
$users = array();
foreach ($roles as $link) {
if ($link->type == 'user') {
$users[] = User::model()->findByPk($link->userId)->username;
} else {
$users[] = Groups::model()->findByPk($link->userId)->id;
}
/* end x2temp */
}
$allUsers = User::model()->findAll();
$selected = array();
$unselected = array();
foreach ($users as $user) {
$selected[] = $user;
}
foreach ($allUsers as $user) {
$unselected[$user->username] = $user->firstName . " " . $user->lastName;
}
/* x2temp */
$groups = Groups::model()->findAll();
foreach ($groups as $group) {
$unselected[$group->id] = $group->name;
}
/* end x2temp */
unset($unselected['admin']);
echo "<div id='users'><label>Users</label>";
echo CHtml::dropDownList('users[]', $selected, $unselected, array('class' => 'multiselect', 'multiple' => 'multiple', 'size' => 8));
echo "</div>";
$fields = Fields::model()->findAllBySql("SELECT * FROM x2_fields ORDER BY modelName ASC");
$viewSelected = array();
$editSelected = array();
$fieldUnselected = array();
$fieldPerms = RoleToPermission::model()->findAllByAttributes(array('roleId' => $role->id));
foreach ($fieldPerms as $perm) {
if ($perm->permission == 2) {
$viewSelected[] = $perm->fieldId;
$editSelected[] = $perm->fieldId;
} else {
if ($perm->permission == 1) {
$viewSelected[] = $perm->fieldId;
}
}
}
foreach ($fields as $field) {
$fieldUnselected[$field->id] = $field->modelName . " - " . $field->attributeLabel;
}
echo "<br /><label>View Permissions</label>";
echo CHtml::dropDownList('viewPermissions[]', $viewSelected, $fieldUnselected, array('class' => 'multiselect', 'multiple' => 'multiple', 'size' => 8));
echo "<br /><label>Edit Permissions</label>";
echo CHtml::dropDownList('editPermissions[]', $editSelected, $fieldUnselected, array('class' => 'multiselect', 'multiple' => 'multiple', 'size' => 8));
}
}
