2 // +----------------------------------------------------------------------+
3 // | Anuko Time Tracker
4 // +----------------------------------------------------------------------+
5 // | Copyright (c) Anuko International Ltd. (https://www.anuko.com)
6 // +----------------------------------------------------------------------+
7 // | LIBERAL FREEWARE LICENSE: This source code document may be used
8 // | by anyone for any purpose, and freely redistributed alone or in
9 // | combination with other software, provided that the license is obeyed.
11 // | There are only two ways to violate the license:
13 // | 1. To redistribute this code in source form, with the copyright
14 // | notice or license removed or altered. (Distributing in compiled
15 // | forms without embedded copyright notices is permitted).
17 // | 2. To redistribute modified versions of this code in *any* form
18 // | that bears insufficient indications that the modifications are
19 // | not the work of the original author(s).
21 // | This license applies to this document only, not any other software
22 // | that it may be combined with.
24 // +----------------------------------------------------------------------+
26 // | https://www.anuko.com/time_tracker/credits.htm
27 // +----------------------------------------------------------------------+
29 import('ttRoleHelper');
31 // Class ttGroupHelper - contains helper functions that operate with groups.
32 // This is a planned replacement for ttTeamHelper as we move forward with subgroups.
35 // The getGroupName function returns group name.
36 static function getGroupName($group_id) {
37 $mdb2 = getConnection();
39 $sql = "select name from tt_groups where id = $group_id and (status = 1 or status = 0)";
40 $res = $mdb2->query($sql);
42 if (!is_a($res, 'PEAR_Error')) {
43 $val = $res->fetchRow();
49 // The getParentGroup determines a parent group for a given group.
50 static function getParentGroup($group_id) {
53 $mdb2 = getConnection();
55 $sql = "select parent_id from tt_groups where id = $group_id and org_id = $user->org_id and status = 1";
56 $res = $mdb2->query($sql);
58 if (!is_a($res, 'PEAR_Error')) {
59 $val = $res->fetchRow();
60 return $val['parent_id'];
65 // The getSubgroupByName obtain an immediate subgroup by name if one exists.
66 static function getSubgroupByName($name) {
69 $mdb2 = getConnection();
70 $parent_id = $user->getGroup();
71 $org_id = $user->org_id;
73 $sql = "select id from tt_groups where parent_id = $parent_id and org_id = $org_id".
74 " and name = ".$mdb2->quote($name)." and status is not null";
75 $res = $mdb2->query($sql);
76 if (!is_a($res, 'PEAR_Error')) {
77 $val = $res->fetchRow();
78 if ($val && $val['id'])
84 // The insertSubgroup inserts a new subgroup in database.
85 static function insertSubgroup($fields) {
88 $mdb2 = getConnection();
89 $parent_id = $user->getGroup();
90 $org_id = $user->org_id;
91 $group_key = ttRandomString();
92 $name = $fields['name'];
93 $description = $fields['description'];
95 // We need to inherit attributes from the parent group.
96 $attrs = ttGroupHelper::getGroupAttrs($parent_id);
98 $columns = '(parent_id, org_id, group_key, name, description, currency, decimal_mark, lang, date_format,'.
99 ' time_format, week_start, tracking_mode, project_required, task_required, record_type, bcc_email,'.
100 ' allow_ip, password_complexity, plugins, lock_spec,'.
101 ' workday_minutes, config, created, created_ip, created_by)';
103 $values = " values ($parent_id, $org_id";
104 $values .= ', '.$mdb2->quote($group_key);
105 $values .= ', '.$mdb2->quote($name);
106 $values .= ', '.$mdb2->quote($description);
107 $values .= ', '.$mdb2->quote($attrs['currency']);
108 $values .= ', '.$mdb2->quote($attrs['decimal_mark']);
109 $values .= ', '.$mdb2->quote($attrs['lang']);
110 $values .= ', '.$mdb2->quote($attrs['date_format']);
111 $values .= ', '.$mdb2->quote($attrs['time_format']);
112 $values .= ', '.(int)$attrs['week_start'];
113 $values .= ', '.(int)$attrs['tracking_mode'];
114 $values .= ', '.(int)$attrs['project_required'];
115 $values .= ', '.(int)$attrs['task_required'];
116 $values .= ', '.(int)$attrs['record_type'];
117 $values .= ', '.$mdb2->quote($attrs['bcc_email']);
118 $values .= ', '.$mdb2->quote($attrs['allow_ip']);
119 $values .= ', '.$mdb2->quote($attrs['password_complexity']);
120 $values .= ', '.$mdb2->quote($attrs['plugins']);
121 $values .= ', '.$mdb2->quote($attrs['lock_spec']);
122 $values .= ', '.(int)$attrs['workday_minutes'];
123 $values .= ', '.$mdb2->quote($attrs['config']);
124 $values .= ', now(), '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', '.$user->id;
127 $sql = 'insert into tt_groups '.$columns.$values;
128 $affected = $mdb2->exec($sql);
129 if (is_a($affected, 'PEAR_Error')) return false;
131 $subgroup_id = $mdb2->lastInsertID('tt_groups', 'id');
133 // Copy roles from the parent group to child group.
134 if (!ttRoleHelper::copyRolesToGroup($subgroup_id))
140 // markGroupDeleted marks a group and everything in it as deleted.
141 // This function is called in context of a logged on user (global $user object).
142 // It uses current user attributes for access checks and in sql queries.
143 // Compare this with admin:
144 // admin can delete any group.
145 // user can delete only relevant groups and only if allowed.
146 static function markGroupDeleted($group_id) {
149 $mdb2 = getConnection();
150 $org_id = $user->org_id;
153 if (!$user->isGroupValid($group_id))
156 // Keep the logic simple by returning false on first error.
158 // Obtain subgroups and call self recursively on them.
159 $subgroups = $user->getSubgroups($group_id);
160 foreach($subgroups as $subgroup) {
161 if (!ttGroupHelper::markGroupDeleted($subgroup['id']))
165 // Now do actual work with all entities.
167 // Some things cannot be marked deleted as we don't have the status field for them.
168 // Just delete such things (until we have a better way to deal with them).
169 $tables_to_delete_from = array(
171 'tt_predefined_expenses',
172 'tt_client_project_binds',
173 'tt_project_task_binds'
175 foreach($tables_to_delete_from as $table) {
176 if (!ttGroupHelper::deleteGroupEntriesFromTable($group_id, $table))
180 // Now mark status deleted where we can.
181 // Note: we don't mark tt_log, tt_custom_field_lod, or tt_expense_items deleted here.
184 // 1) Users may mark some of them deleted during their work.
185 // If we mark all of them deleted here, we can't recover nicely
186 // as we'll lose track of what was accidentally deleted by user.
188 // 2) DB maintenance script (Clean up DB from inactive groups) should
189 // get rid of these items permanently eventually.
190 $tables_to_mark_deleted_in = array(
193 // 'tt_expense_items',
194 // 'tt_custom_field_log',
195 'tt_custom_field_options',
199 'tt_user_project_binds',
206 foreach($tables_to_mark_deleted_in as $table) {
207 if (!ttGroupHelper::markGroupDeletedInTable($group_id, $table))
211 // Mark group deleted.
212 $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$user->id;
213 $sql = "update tt_groups set status = null $modified_part where id = $group_id and org_id = $org_id";
214 $affected = $mdb2->exec($sql);
215 if (is_a($affected, 'PEAR_Error')) return false;
220 // markGroupDeletedInTable is a generic helper function for markGroupDeleted.
221 // It updates ONE table by setting status to NULL for all records belonging to a group.
222 static function markGroupDeletedInTable($group_id, $table_name) {
224 $mdb2 = getConnection();
226 // Add modified info to sql for some tables, depending on table name.
227 if ($table_name == 'tt_users') {
228 $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$user->id;
231 $org_id = $user->org_id; // The only security measure we use here for match.
232 $sql = "update $table_name set status = null $modified_part where group_id = $group_id and org_id = $org_id";
233 $affected = $mdb2->exec($sql);
234 return (!is_a($affected, 'PEAR_Error'));
237 // deleteGroupEntriesFromTable is a generic helper function for markGroupDeleted.
238 // It deletes entries in ONE table belonging to a given group.
239 static function deleteGroupEntriesFromTable($group_id, $table_name) {
241 $mdb2 = getConnection();
243 $org_id = $user->org_id; // The only security measure we use here for match.
244 $sql = "delete from $table_name where group_id = $group_id and org_id = $org_id";
245 $affected = $mdb2->exec($sql);
246 return (!is_a($affected, 'PEAR_Error'));
249 // getGroupAttrs obtains all group attributes.
250 static function getGroupAttrs($group_id) {
252 $mdb2 = getConnection();
254 $sql = "select * from tt_groups".
255 " where status = 1 and id = $group_id and org_id = $user->org_id";
256 $res = $mdb2->query($sql);
257 if (!is_a($res, 'PEAR_Error')) {
258 $val = $res->fetchRow();
263 // getRoles obtains all active and inactive roles in current group.
264 static function getRoles() {
266 $mdb2 = getConnection();
268 $group_id = $user->getGroup();
269 $org_id = $user->org_id;
270 $sql = "select * from tt_roles".
271 " where group_id = $group_id and org_id = $org_id and status is not null";
272 $res = $mdb2->query($sql);
273 if (is_a($res, 'PEAR_Error')) return false;
274 while ($val = $res->fetchRow()) {
280 // The getActiveClients returns an array of active clients for a group.
281 static function getActiveClients($all_fields = false)
284 $mdb2 = getConnection();
286 $group_id = $user->getGroup();
287 $org_id = $user->org_id;
289 $sql = "select * from tt_clients where group_id = $group_id and org_id = $org_id and status = 1 order by upper(name)";
291 $sql = "select id, name from tt_clients where group_id = $group_id and org_id = $org_id and status = 1 order by upper(name)";
293 $res = $mdb2->query($sql);
295 if (!is_a($res, 'PEAR_Error')) {
296 while ($val = $res->fetchRow()) {
303 // The getInactiveClients returns an array of inactive clients for a group.
304 static function getInactiveClients($all_fields = false)
307 $mdb2 = getConnection();
309 $group_id = $user->getGroup();
310 $org_id = $user->org_id;
312 $sql = "select * from tt_clients where group_id = $group_id and org_id = $org_id and status = 0 order by upper(name)";
314 $sql = "select id, name from tt_clients where group_id = $group_id and org_id = $org_id and status = 0 order by upper(name)";
316 $res = $mdb2->query($sql);
318 if (!is_a($res, 'PEAR_Error')) {
319 while ($val = $res->fetchRow()) {
326 // getActiveProjects - returns an array of active projects for a group.
327 static function getActiveProjects()
330 $mdb2 = getConnection();
332 $group_id = $user->getGroup();
333 $org_id = $user->org_id;
335 $sql = "select id, name, description, tasks from tt_projects".
336 " where group_id = $group_id and org_id = $org_id and status = 1 order by upper(name)";
337 $res = $mdb2->query($sql);
339 if (!is_a($res, 'PEAR_Error')) {
340 while ($val = $res->fetchRow()) {
347 // getInactiveProjects - returns an array of inactive projects for a group.
348 static function getInactiveProjects()
351 $mdb2 = getConnection();
353 $group_id = $user->getGroup();
354 $org_id = $user->org_id;
356 $sql = "select id, name, description, tasks from tt_projects".
357 " where group_id = $group_id and org_id = $org_id and status = 0 order by upper(name)";
358 $res = $mdb2->query($sql);
360 if (!is_a($res, 'PEAR_Error')) {
361 while ($val = $res->fetchRow()) {
368 // getPredefinedExpenses - obtains predefined expenses for a group.
369 static function getPredefinedExpenses() {
371 $mdb2 = getConnection();
373 $group_id = $user->getGroup();
374 $org_id = $user->org_id;
377 $sql = "select id, name, cost from tt_predefined_expenses".
378 " where group_id = $group_id and org_id = $org_id";
379 $res = $mdb2->query($sql);
381 if (!is_a($res, 'PEAR_Error')) {
382 $decimal_mark = $user->getDecimalMark();
383 $replaceDecimalMark = ('.' != $decimal_mark);
385 while ($val = $res->fetchRow()) {
386 if ($replaceDecimalMark)
387 $val['cost'] = str_replace('.', $decimal_mark, $val['cost']);
395 // The getActiveInvoices returns an array of active invoices for a group.
396 static function getActiveInvoices()
399 $mdb2 = getConnection();
401 $group_id = $user->getGroup();
402 $org_id = $user->org_id;
404 $addPaidStatus = $user->isPluginEnabled('ps');
407 if ($user->isClient())
408 $client_part = "and i.client_id = $user->client_id";
410 $sql = "select i.id, i.name, i.date, i.client_id, i.status, c.name as client_name from tt_invoices i".
411 " left join tt_clients c on (c.id = i.client_id)".
412 " where i.status = 1 and i.group_id = $group_id and i.org_id = $org_id $client_part order by i.name";
413 $res = $mdb2->query($sql);
415 if (!is_a($res, 'PEAR_Error')) {
416 $dt = new DateAndTime(DB_DATEFORMAT);
417 while ($val = $res->fetchRow()) {
419 $dt->parseVal($val['date']);
420 $val['date'] = $dt->toString($user->getDateFormat());
422 $val['paid'] = ttInvoiceHelper::isPaid($val['id']);
429 // getNotifications - obtains notification descriptions for a group.
430 static function getNotifications() {
432 $mdb2 = getConnection();
434 $group_id = $user->getGroup();
435 $org_id = $user->org_id;
438 $sql = "select c.id, c.cron_spec, c.email, c.report_condition, fr.name from tt_cron c".
439 " left join tt_fav_reports fr on (fr.id = c.report_id)".
440 " where c.group_id = $group_id and c.org_id = $org_id and c.status = 1 and fr.status = 1";
441 $res = $mdb2->query($sql);
443 if (!is_a($res, 'PEAR_Error')) {
444 while ($val = $res->fetchRow()) {
452 // The getActiveUsers obtains all active users excluding clients in a given group.
453 static function getActiveUsers($options = null) {
456 $mdb2 = getConnection();
458 $group_id = $user->getGroup();
459 $org_id = $user->org_id;
461 $client_part = " and u.client_id is null";
463 if (isset($options['getAllFields']))
464 $sql = "select u.*, r.name as role_name, r.rank from tt_users u left join tt_roles r on (u.role_id = r.id) where u.group_id = $group_id and u.org_id = $org_id and u.status = 1 $client_part order by upper(u.name)";
466 $sql = "select u.id, u.name from tt_users u where u.group_id = $group_id and u.org_id = $org_id and u.status = 1 $client_part order by upper(u.name)";
467 $res = $mdb2->query($sql);
468 $user_list = array();
469 if (is_a($res, 'PEAR_Error'))
471 while ($val = $res->fetchRow()) {
472 // Localize top manager role name, as it is not localized in db.
473 if ($val['rank'] == 512)
474 $val['role_name'] = $i18n->get('role.top_manager.label');
481 // getActiveTasks - returns an array of active tasks for a group.
482 static function getActiveTasks()
485 $mdb2 = getConnection();
487 $group_id = $user->getGroup();
488 $org_id = $user->org_id;
490 $sql = "select id, name, description from tt_tasks".
491 " where group_id = $group_id and org_id = $org_id and status = 1 order by upper(name)";
492 $res = $mdb2->query($sql);
494 if (!is_a($res, 'PEAR_Error')) {
495 while ($val = $res->fetchRow()) {
502 // getInactiveTasks - returns an array of inactive tasks for a group.
503 static function getInactiveTasks()
506 $mdb2 = getConnection();
508 $group_id = $user->getGroup();
509 $org_id = $user->org_id;
511 $sql = "select id, name, description from tt_tasks".
512 " where group_id = $group_id and org_id = $org_id and status = 0 order by upper(name)";
513 $res = $mdb2->query($sql);
515 if (!is_a($res, 'PEAR_Error')) {
516 while ($val = $res->fetchRow()) {
523 // getActiveTemplates - returns an array of active templates for a group.
524 static function getActiveTemplates()
527 $mdb2 = getConnection();
529 $group_id = $user->getGroup();
530 $org_id = $user->org_id;
532 $sql = "select id, name, description, content from tt_templates".
533 " where group_id = $group_id and org_id = $org_id and status = 1 order by upper(name)";
534 $res = $mdb2->query($sql);
536 if (!is_a($res, 'PEAR_Error')) {
537 while ($val = $res->fetchRow()) {
544 // getInactiveTemplates - returns an array of active templates for a group.
545 static function getInactiveTemplates()
548 $mdb2 = getConnection();
550 $group_id = $user->getGroup();
551 $org_id = $user->org_id;
553 $sql = "select id, name, description from tt_templates".
554 " where group_id = $group_id and org_id = $org_id and status = 0 order by upper(name)";
555 $res = $mdb2->query($sql);
557 if (!is_a($res, 'PEAR_Error')) {
558 while ($val = $res->fetchRow()) {
565 // validateCheckboxGroupInput - validates user input in a group of checkboxes
566 // in context of a specific database table.
568 // We need to make sure that input is a set of unique positive integers, and is
569 // "relevant" to the current group (entities exists in table).
571 // It is a safeguard against manipulation of data in posts.
572 static function validateCheckboxGroupInput($input, $table) {
573 // Empty input is valid.
574 if (!$input) return true;
576 // Input containing duplicates is invalid.
577 if (count($input) !== count(array_unique($input))) return false;
579 // Input containing anything but positive integers is invalid.
580 foreach ($input as $single_selection) {
581 if (!is_numeric($single_selection) || $single_selection <= 0) return false;
585 $mdb2 = getConnection();
587 $group_id = $user->getGroup();
588 $org_id = $user->org_id;
590 // Now check the table. It must contain all entities associated with current group and org.
591 $comma_separated = implode(',', $input);
592 $sql = "select count(*) as item_count from $table".
593 " where id in ($comma_separated) and group_id = $group_id and org_id = $org_id and status = 1";
594 $res = $mdb2->query($sql);
595 if (is_a($res, 'PEAR_Error')) return false;
596 $val = $res->fetchRow();
597 if (count($input) != $val['item_count'])
598 return false; // Number of entities in table is different.
600 return true; // All is good.
603 // The getUsers obtains all active and inactive (but not deleted) users in a group.
604 static function getUsers() {
606 $mdb2 = getConnection();
608 $group_id = $user->getGroup();
609 $org_id = $user->org_id;
611 $sql = "select id, name from tt_users where group_id = $group_id and org_id = $org_id and (status = 1 or status = 0) order by upper(name)";
612 $res = $mdb2->query($sql);
613 $user_list = array();
614 if (is_a($res, 'PEAR_Error'))
616 while ($val = $res->fetchRow()) {
622 // The getUsersForClient obtains all active and inactive users in a group that are relevant to a client.
623 static function getUsersForClient() {
625 $mdb2 = getConnection();
627 $group_id = $user->getGroup();
628 $org_id = $user->org_id;
630 $sql = "select u.id, u.name from tt_user_project_binds upb".
631 " inner join tt_client_project_binds cpb on (upb.project_id = cpb.project_id and cpb.client_id = $user->client_id)".
632 " inner join tt_users u on (u.id = upb.user_id and u.group_id = $group_id and u.org_id = $org_id)".
633 " where (u.status = 1 or u.status = 0)".
635 " order by upper(u.name)";
636 $res = $mdb2->query($sql);
637 $user_list = array();
638 if (is_a($res, 'PEAR_Error'))
640 while ($val = $res->fetchRow()) {
646 // The getRecentInvoices returns an array of recent invoices (max 3) for a client.
647 static function getRecentInvoices($client_id) {
649 $mdb2 = getConnection();
651 $group_id = $user->getGroup();
652 $org_id = $user->org_id;
654 $sql = "select i.id, i.name from tt_invoices i".
655 " left join tt_clients c on (c.id = i.client_id)".
656 " where i.group_id = $group_id and i.org_id = $org_id and i.status = 1 and c.id = $client_id".
657 " order by i.id desc limit 3";
658 $res = $mdb2->query($sql);
660 if (!is_a($res, 'PEAR_Error')) {
661 $dt = new DateAndTime(DB_DATEFORMAT);
662 while ($val = $res->fetchRow()) {