X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=WEB-INF%2Flib%2FttGroupHelper.class.php;h=e5288a096ed63ed331a374dafe63369263750e3a;hb=f8292d356ef3ac53b2bb1183dd462f7c453c20e5;hp=41c03114e371425629e41f8f02cc8bc80b55c6c5;hpb=ee3957cfc30d8ba3ed92ac99f3e5b784df1a9c58;p=timetracker.git diff --git a/WEB-INF/lib/ttGroupHelper.class.php b/WEB-INF/lib/ttGroupHelper.class.php index 41c03114..e5288a09 100644 --- a/WEB-INF/lib/ttGroupHelper.class.php +++ b/WEB-INF/lib/ttGroupHelper.class.php @@ -26,6 +26,8 @@ // | https://www.anuko.com/time_tracker/credits.htm // +----------------------------------------------------------------------+ +import('ttRoleHelper'); + // Class ttGroupHelper - contains helper functions that operate with groups. // This is a planned replacement for ttTeamHelper as we move forward with subgroups. class ttGroupHelper { @@ -65,7 +67,7 @@ class ttGroupHelper { global $user; $mdb2 = getConnection(); - $parent_id = $user->getActiveGroup(); + $parent_id = $user->getGroup(); $org_id = $user->org_id; $sql = "select id from tt_groups where parent_id = $parent_id and org_id = $org_id". @@ -84,20 +86,307 @@ class ttGroupHelper { global $user; $mdb2 = getConnection(); - $parent_id = $user->getActiveGroup(); + $parent_id = $user->getGroup(); $org_id = $user->org_id; - - // TODO: inherit all attributes from the parent group, if not supplied. $name = $fields['name']; $description = $fields['description']; - $created = 'now()'; - $created_ip = $mdb2->quote($_SERVER['REMOTE_ADDR']); + // We need to inherit other attributes from the parent group. + $attrs = ttGroupHelper::getGroupAttrs($parent_id); + + $columns = '(parent_id, org_id, name, description, currency, decimal_mark, lang, date_format, time_format'. + ', week_start, tracking_mode, project_required, task_required, record_type, bcc_email'. + ', allow_ip, password_complexity, plugins, lock_spec'. + ', workday_minutes, config, created, created_ip, created_by)'; + + $values = " values ($parent_id, $org_id"; + $values .= ', '.$mdb2->quote($name); + $values .= ', '.$mdb2->quote($description); + $values .= ', '.$mdb2->quote($attrs['currency']); + $values .= ', '.$mdb2->quote($attrs['decimal_mark']); + $values .= ', '.$mdb2->quote($attrs['lang']); + $values .= ', '.$mdb2->quote($attrs['date_format']); + $values .= ', '.$mdb2->quote($attrs['time_format']); + $values .= ', '.(int)$attrs['week_start']; + $values .= ', '.(int)$attrs['tracking_mode']; + $values .= ', '.(int)$attrs['project_required']; + $values .= ', '.(int)$attrs['task_required']; + $values .= ', '.(int)$attrs['record_type']; + $values .= ', '.$mdb2->quote($attrs['bcc_email']); + $values .= ', '.$mdb2->quote($attrs['allow_ip']); + $values .= ', '.$mdb2->quote($attrs['password_complexity']); + $values .= ', '.$mdb2->quote($attrs['plugins']); + $values .= ', '.$mdb2->quote($attrs['lock_spec']); + $values .= ', '.(int)$attrs['workday_minutes']; + $values .= ', '.$mdb2->quote($attrs['config']); + $values .= ', now(), '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', '.$user->id; + $values .= ')'; + + $sql = 'insert into tt_groups '.$columns.$values; + $affected = $mdb2->exec($sql); + if (is_a($affected, 'PEAR_Error')) return false; + + $subgroup_id = $mdb2->lastInsertID('tt_groups', 'id'); + + // Copy roles from the parent group to child group. + if (!ttRoleHelper::copyRolesToGroup($subgroup_id)) + return false; + + return $subgroup_id; + } + + // markGroupDeleted marks a group and everything in it as deleted. + // This function is called in context of a logged on user (global $user object). + // It uses current user attributes for access checks and in sql queries. + // Compare this with admin: + // admin can delete any group. + // user can delete only relevant groups and only if allowed. + static function markGroupDeleted($group_id) { + global $user; + + $mdb2 = getConnection(); + $org_id = $user->org_id; + + // Security check. + if (!$user->isGroupValid($group_id)) + return false; + + // Keep the logic simple by returning false on first error. + + // Obtain subgroups and call self recursively on them. + $subgroups = $user->getSubgroups($group_id); + foreach($subgroups as $subgroup) { + if (!ttGroupHelper::markGroupDeleted($subgroup['id'])) + return false; + } + + // Now do actual work with all entities. + + // Some things cannot be marked deleted as we don't have the status field for them. + // Just delete such things (until we have a better way to deal with them). + $tables_to_delete_from = array( + 'tt_config', + 'tt_predefined_expenses', + 'tt_client_project_binds', + 'tt_project_task_binds' + ); + foreach($tables_to_delete_from as $table) { + if (!ttGroupHelper::deleteGroupEntriesFromTable($group_id, $table)) + return false; + } + + // Now mark status deleted where we can. + // Note: we don't mark tt_log, tt_custom_field_lod, or tt_expense_items deleted here. + // Reasoning is: + // + // 1) Users may mark some of them deleted during their work. + // If we mark all of them deleted here, we can't recover nicely + // as we'll lose track of what was accidentally deleted by user. + // + // 2) DB maintenance script (Clean up DB from inactive groups) should + // get rid of these items permanently eventually. + $tables_to_mark_deleted_in = array( + 'tt_cron', + 'tt_fav_reports', + // 'tt_expense_items', + // 'tt_custom_field_log', + 'tt_custom_field_options', + 'tt_custom_fields', + // 'tt_log', + 'tt_invoices', + 'tt_user_project_binds', + 'tt_users', + 'tt_clients', + 'tt_projects', + 'tt_tasks', + 'tt_roles' + ); + foreach($tables_to_mark_deleted_in as $table) { + if (!ttGroupHelper::markGroupDeletedInTable($group_id, $table)) + return false; + } + + // Mark group deleted. + $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$user->id; + $sql = "update tt_groups set status = null $modified_part where id = $group_id and org_id = $org_id"; + $affected = $mdb2->exec($sql); + if (is_a($affected, 'PEAR_Error')) return false; + + return true; + } + + // markGroupDeletedInTable is a generic helper function for markGroupDeleted. + // It updates ONE table by setting status to NULL for all records belonging to a group. + static function markGroupDeletedInTable($group_id, $table_name) { + global $user; + $mdb2 = getConnection(); + + // Add modified info to sql for some tables, depending on table name. + if ($table_name == 'tt_users') { + $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$user->id; + } + + $org_id = $user->org_id; // The only security measure we use here for match. + $sql = "update $table_name set status = null $modified_part where group_id = $group_id and org_id = $org_id"; + $affected = $mdb2->exec($sql); + return (!is_a($affected, 'PEAR_Error')); + } + + // deleteGroupEntriesFromTable is a generic helper function for markGroupDeleted. + // It deletes entries in ONE table belonging to a given group. + static function deleteGroupEntriesFromTable($group_id, $table_name) { + global $user; + $mdb2 = getConnection(); - $sql = "insert into tt_groups (parent_id, org_id, name, description, created, created_ip)". - " values($parent_id, $org_id, ".$mdb2->quote($name).", ".$mdb2->quote($description).", $created, $created_ip)"; + $org_id = $user->org_id; // The only security measure we use here for match. + $sql = "delete from $table_name where group_id = $group_id and org_id = $org_id"; $affected = $mdb2->exec($sql); return (!is_a($affected, 'PEAR_Error')); - // TODO: design subgroup roles carefully. Perhaps roles are not to be touched in subgroups at all. + } + + // getGroupAttrs obtains all group attributes. + static function getGroupAttrs($group_id) { + global $user; + $mdb2 = getConnection(); + + $sql = "select * from tt_groups". + " where status = 1 and id = $group_id and org_id = $user->org_id"; + $res = $mdb2->query($sql); + if (!is_a($res, 'PEAR_Error')) { + $val = $res->fetchRow(); + } + return $val; + } + + // getRoles obtains all active and inactive roles in current group. + static function getRoles() { + global $user; + $mdb2 = getConnection(); + + $group_id = $user->getGroup(); + $org_id = $user->org_id; + $sql = "select * from tt_roles". + " where group_id = $group_id and org_id = $org_id and status is not null"; + $res = $mdb2->query($sql); + if (is_a($res, 'PEAR_Error')) return false; + while ($val = $res->fetchRow()) { + $roles[] = $val; + } + return $roles; + } + + // The getActiveClients returns an array of active clients for a group. + static function getActiveClients($all_fields = false) + { + global $user; + $mdb2 = getConnection(); + + $group_id = $user->getGroup(); + $org_id = $user->org_id; + if ($all_fields) + $sql = "select * from tt_clients where group_id = $group_id and org_id = $org_id and status = 1 order by upper(name)"; + else + $sql = "select id, name from tt_clients where group_id = $group_id and org_id = $org_id and status = 1 order by upper(name)"; + + $res = $mdb2->query($sql); + $result = array(); + if (!is_a($res, 'PEAR_Error')) { + while ($val = $res->fetchRow()) { + $result[] = $val; + } + } + return $result; + } + + // The getInactiveClients returns an array of inactive clients for a group. + static function getInactiveClients($all_fields = false) + { + global $user; + $mdb2 = getConnection(); + + $group_id = $user->getGroup(); + $org_id = $user->org_id; + if ($all_fields) + $sql = "select * from tt_clients where group_id = $group_id and org_id = $org_id and status = 0 order by upper(name)"; + else + $sql = "select id, name from tt_clients where group_id = $group_id and org_id = $org_id and status = 0 order by upper(name)"; + + $res = $mdb2->query($sql); + $result = array(); + if (!is_a($res, 'PEAR_Error')) { + while ($val = $res->fetchRow()) { + $result[] = $val; + } + } + return $result; + } + + // getActiveProjects - returns an array of active projects for a group. + static function getActiveProjects() + { + global $user; + $mdb2 = getConnection(); + + $group_id = $user->getGroup(); + $org_id = $user->org_id; + + $sql = "select id, name, description, tasks from tt_projects". + " where group_id = $group_id and org_id = $org_id and status = 1 order by upper(name)"; + $res = $mdb2->query($sql); + $result = array(); + if (!is_a($res, 'PEAR_Error')) { + while ($val = $res->fetchRow()) { + $result[] = $val; + } + } + return $result; + } + + // getInactiveProjects - returns an array of inactive projects for a group. + static function getInactiveProjects() + { + global $user; + $mdb2 = getConnection(); + + $group_id = $user->getGroup(); + $org_id = $user->org_id; + + $sql = "select id, name, description, tasks from tt_projects". + " where group_id = $group_id and org_id = $org_id and status = 0 order by upper(name)"; + $res = $mdb2->query($sql); + $result = array(); + if (!is_a($res, 'PEAR_Error')) { + while ($val = $res->fetchRow()) { + $result[] = $val; + } + } + return $result; + } + + // getPredefinedExpenses - obtains predefined expenses for a group. + static function getPredefinedExpenses() { + global $user; + $mdb2 = getConnection(); + + $group_id = $user->getGroup(); + $org_id = $user->org_id; + + $result = array(); + $sql = "select id, name, cost from tt_predefined_expenses". + " where group_id = $group_id and org_id = $org_id"; + $res = $mdb2->query($sql); + $result = array(); + if (!is_a($res, 'PEAR_Error')) { + $decimal_mark = $user->getDecimalMark(); + $replaceDecimalMark = ('.' != $decimal_mark); + + while ($val = $res->fetchRow()) { + if ($replaceDecimalMark) + $val['cost'] = str_replace('.', $decimal_mark, $val['cost']); + $result[] = $val; + } + return $result; + } + return false; } }