X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=WEB-INF%2Flib%2FttAdmin.class.php;h=23d8480d746e9691d22f10a8d08b2cadd9341646;hb=56f1fd19f2c9c72878395b3275f03f192ccca082;hp=b6b081e97eb1cf480fa3754694aa3ba32025cb05;hpb=73bd55c5aaa9459806ef9fa899cc5a24513727bc;p=timetracker.git diff --git a/WEB-INF/lib/ttAdmin.class.php b/WEB-INF/lib/ttAdmin.class.php index b6b081e9..23d8480d 100644 --- a/WEB-INF/lib/ttAdmin.class.php +++ b/WEB-INF/lib/ttAdmin.class.php @@ -26,22 +26,38 @@ // | https://www.anuko.com/time_tracker/credits.htm // +----------------------------------------------------------------------+ +import('ttUser'); + // ttAdmin class is used to perform admin tasks. class ttAdmin { + var $err = null; // Error object, passed to us as reference. + // We use it to communicate errors to caller. + // Constructor. - function __construct() { + function __construct(&$err = null) { + $this->err = $err; } // getSubgroups rerurns an array of subgroups for a group. function getSubgroups($group_id) { - return array(); // TODO: not yet implemented. + $mdb2 = getConnection(); + + $subgroups = array(); + $sql = "select id from tt_groups where parent_id = $group_id"; + $res = $mdb2->query($sql); + if (!is_a($res, 'PEAR_Error')) { + while ($val = $res->fetchRow()) { + $subgroups[] = $val; + } + } + return $subgroups; } // getUsers obtains user ids in a group. function getUsers($group_id) { $mdb2 = getConnection(); - $sql = "select id from tt_users where team_id = $group_id"; + $sql = "select id from tt_users where group_id = $group_id"; $res = $mdb2->query($sql); $users = array(); if (!is_a($res, 'PEAR_Error')) { @@ -59,22 +75,19 @@ class ttAdmin { // Mark user binds as deleted. $sql = "update tt_user_project_binds set status = NULL where user_id = $user_id"; $affected = $mdb2->exec($sql); - if (is_a($affected, 'PEAR_Error')) - return false; + if (is_a($affected, 'PEAR_Error')) return false; // Mark favorite reports as deleted. $sql = "update tt_fav_reports set status = NULL where user_id = $user_id"; $affected = $mdb2->exec($sql); - if (is_a($affected, 'PEAR_Error')) - return false; + if (is_a($affected, 'PEAR_Error')) return false; // Mark user as deleted. global $user; $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$mdb2->quote($user->id); $sql = "update tt_users set status = NULL $modified_part where id = $user_id"; $affected = $mdb2->exec($sql); - if (is_a($affected, 'PEAR_Error')) - return false; + if (is_a($affected, 'PEAR_Error')) return false; return true; } @@ -82,7 +95,7 @@ class ttAdmin { // The markTasksDeleted deletes task binds and marks the tasks as deleted for a group. function markTasksDeleted($group_id) { $mdb2 = getConnection(); - $sql = "select id from tt_tasks where team_id = $group_id"; + $sql = "select id from tt_tasks where group_id = $group_id"; $res = $mdb2->query($sql); if (is_a($res, 'PEAR_Error')) return false; @@ -98,6 +111,7 @@ class ttAdmin { $affected = $mdb2->exec($sql); if (is_a($affected, 'PEAR_Error')) return false; } + return true; } @@ -107,7 +121,7 @@ class ttAdmin { // Keep the logic simple by returning false on first error. // Obtain subgroups and call self recursively on them. - $subgroups = $this->getSubgroups(); + $subgroups = $this->getSubgroups($group_id); foreach($subgroups as $subgroup) { if (!$this->markGroupDeleted($subgroup['id'])) return false; @@ -116,7 +130,7 @@ class ttAdmin { // Now that we are done with subgroups, handle this group. $users = $this->getUsers($group_id); - // Iterate through team users and mark them as deleted. + // Iterate through group users and mark them as deleted. foreach ($users as $one_user) { if (!$this->markUserDeleted($one_user['id'])) return false; @@ -128,32 +142,32 @@ class ttAdmin { $mdb2 = getConnection(); // Mark roles deleted. - $sql = "update tt_roles set status = NULL where team_id = $group_id"; + $sql = "update tt_roles set status = NULL where group_id = $group_id"; $affected = $mdb2->exec($sql); if (is_a($affected, 'PEAR_Error')) return false; // Mark projects deleted. - $sql = "update tt_projects set status = NULL where team_id = $group_id"; + $sql = "update tt_projects set status = NULL where group_id = $group_id"; $affected = $mdb2->exec($sql); if (is_a($affected, 'PEAR_Error')) return false; // Mark clients deleted. - $sql = "update tt_clients set status = NULL where team_id = $group_id"; + $sql = "update tt_clients set status = NULL where group_id = $group_id"; $affected = $mdb2->exec($sql); if (is_a($affected, 'PEAR_Error')) return false; // Mark invoices deleted. - $sql = "update tt_invoices set status = NULL where team_id = $group_id"; + $sql = "update tt_invoices set status = NULL where group_id = $group_id"; $affected = $mdb2->exec($sql); if (is_a($affected, 'PEAR_Error')) return false; // Mark custom fields deleted. - $sql = "update tt_custom_fields set status = NULL where team_id = $group_id"; + $sql = "update tt_custom_fields set status = NULL where group_id = $group_id"; $affected = $mdb2->exec($sql); if (is_a($affected, 'PEAR_Error')) return false; // Mark notifications deleted. - $sql = "update tt_cron set status = NULL where team_id = $group_id"; + $sql = "update tt_cron set status = NULL where group_id = $group_id"; $affected = $mdb2->exec($sql); if (is_a($affected, 'PEAR_Error')) return false; @@ -164,16 +178,188 @@ class ttAdmin { // If we mark all of them deleted here, we can't recover nicely // as we'll lose track of what was deleted by user. // - // 2) DB maintenance script (Clean up DB from inactive teams) should + // 2) DB maintenance script (Clean up DB from inactive groups) should // get rid of these items permanently eventually. // Mark group deleted. global $user; $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$mdb2->quote($user->id); - $sql = "update tt_teams set status = NULL $modified_part where id = $group_id"; + $sql = "update tt_groups set status = NULL $modified_part where id = $group_id"; + $affected = $mdb2->exec($sql); + if (is_a($affected, 'PEAR_Error')) return false; + + return true; + } + + // validateGroupInfo validates group information entered by user. + function validateGroupInfo($fields) { + global $i18n; + global $auth; + + $result = true; + + if (!ttValidString($fields['group_name'], true)) { + $this->err->add($i18n->get('error.field'), $i18n->get('label.group_name')); + $result = false; + } + if (!ttValidString($fields['user_name'])) { + $this->err->add($i18n->get('error.field'), $i18n->get('label.manager_name')); + $result = false; + } + if (!ttValidString($fields['new_login'])) { + $this->err->add($i18n->get('error.field'), $i18n->get('label.manager_login')); + $result = false; + } + + // If we change login, it must be unique. + if ($fields['new_login'] != $fields['old_login']) { + if (ttUserHelper::getUserByLogin($fields['new_login'])) { + $this->err->add($i18n->get('error.user_exists')); + $result = false; + } + } + + if (!$auth->isPasswordExternal() && ($fields['password1'] || $fields['password2'])) { + if (!ttValidString($fields['password1'])) { + $this->err->add($i18n->get('error.field'), $i18n->get('label.password')); + $result = false; + } + if (!ttValidString($fields['password2'])) { + $this->err->add($i18n->get('error.field'), $i18n->get('label.confirm_password')); + $result = false; + } + if ($fields['password1'] !== $fields['password2']) { + $this->err->add($i18n->get('error.not_equal'), $i18n->get('label.password'), $i18n->get('label.confirm_password')); + $result = false; + } + } + if (!ttValidEmail($fields['email'], true)) { + $this->err->add($i18n->get('error.field'), $i18n->get('label.email')); + $result = false; + } + + return $result; + } + + // updateGroup validates user input and updates the group with new information. + function updateGroup($group_id, $fields) { + if (!$this->validateGroupInfo($fields)) return false; // Can't continue as user input is invalid. + + global $user; + $mdb2 = getConnection(); + + // Update group name if it changed. + if ($fields['old_group_name'] != $fields['new_group_name']) { + $name_part = 'name = '.$mdb2->quote($fields['new_group_name']); + $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$mdb2->quote($user->id); + $sql = 'update tt_groups set '.$name_part.$modified_part.' where id = '.$group_id; + $affected = $mdb2->exec($sql); + if (is_a($affected, 'PEAR_Error')) return false; + } + + // Update group manager. + $user_id = $fields['user_id']; + $login_part = 'login = '.$mdb2->quote($fields['new_login']); + if ($fields['password1']) + $password_part = ', password = md5('.$mdb2->quote($fields['password1']).')'; + $name_part = ', name = '.$mdb2->quote($fields['user_name']); + $email_part = ', email = '.$mdb2->quote($fields['email']); + $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$mdb2->quote($user->id); + $sql = 'update tt_users set '.$login_part.$password_part.$name_part.$email_part.$modified_part.'where id = '.$user_id; $affected = $mdb2->exec($sql); if (is_a($affected, 'PEAR_Error')) return false; return true; } + + // validateUserInfo validates account information entered by user. + function validateUserInfo($fields) { + global $i18n; + global $user; + global $auth; + + $result = true; + + if (!ttValidString($fields['name'])) { + $this->err->add($i18n->get('error.field'), $i18n->get('label.person_name')); + $result = false; + } + if (!ttValidString($fields['login'])) { + $this->err->add($i18n->get('error.field'), $i18n->get('label.login')); + $result = false; + } + // If we change login, it must be unique. + if ($fields['login'] != $user->login) { + if (ttUserHelper::getUserByLogin($fields['login'])) { + $this->err->add($i18n->get('error.user_exists')); + $result = false; + } + } + if (!$auth->isPasswordExternal() && ($fields['password1'] || $fields['password2'])) { + if (!ttValidString($fields['password1'])) { + $this->err->add($i18n->get('error.field'), $i18n->get('label.password')); + $result = false; + } + if (!ttValidString($fields['password2'])) { + $this->err->add($i18n->get('error.field'), $i18n->get('label.confirm_password')); + $result = false; + } + if ($fields['password1'] !== $fields['password2']) { + $this->err->add($i18n->get('error.not_equal'), $i18n->get('label.password'), $i18n->get('label.confirm_password')); + $result = false; + } + } + if (!ttValidEmail($fields['email'], true)) { + $this->err->add($i18n->get('error.field'), $i18n->get('label.email')); + $result = false; + } + + return $result; + } + + // updateSelf validates user input and updates admin account with new information. + function updateSelf($fields) { + if (!$this->validateUserInfo($fields)) return false; // Can't continue as user input is invalid. + + global $user; + global $i18n; + $mdb2 = getConnection(); + + // Update self. + $user_id = $user->id; + $login_part = 'login = '.$mdb2->quote($fields['login']); + if ($fields['password1']) + $password_part = ', password = md5('.$mdb2->quote($fields['password1']).')'; + $name_part = ', name = '.$mdb2->quote($fields['name']); + $email_part = ', email = '.$mdb2->quote($fields['email']); + $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$mdb2->quote($user->id); + $sql = 'update tt_users set '.$login_part.$password_part.$name_part.$email_part.$modified_part.'where id = '.$user_id; + $affected = $mdb2->exec($sql); + if (is_a($affected, 'PEAR_Error')) { + $this->err->add($i18n->get('error.db')); + return false; + } + + return true; + } + + // getGroupDetails obtains group name and its top manager details. + function getGroupDetails($group_id) { + $result = array(); + $mdb2 = getConnection(); + + $sql = "select g.name as group_name, u.id as manager_id, u.name as manager_name, u.login as manager_login, u.email as manager_email". + " from tt_groups g". + " inner join tt_users u on (u.group_id = g.id)". + " inner join tt_roles r on (r.id = u.role_id and r.rank = 512)". + " where g.id = $group_id"; + + $res = $mdb2->query($sql); + if (!is_a($res, 'PEAR_Error')) { + $val = $res->fetchRow(); + return $val; + } + + return false; + } }