X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=WEB-INF%2Flib%2FttUserHelper.class.php;h=9513a721a4adbe21923497a19079a96c3328d0e5;hb=5f64df1308fd641565631e6e38d282432f5e6250;hp=a8bfe6229834f6c4115257db761b151ce49955b4;hpb=fadb4320a14d2afac38ddd2ac66b1738a483eebd;p=timetracker.git diff --git a/WEB-INF/lib/ttUserHelper.class.php b/WEB-INF/lib/ttUserHelper.class.php index a8bfe622..9513a721 100644 --- a/WEB-INF/lib/ttUserHelper.class.php +++ b/WEB-INF/lib/ttUserHelper.class.php @@ -33,10 +33,10 @@ class ttUserHelper { // The getUserDetails function returns user details. static function getUserDetails($user_id) { - $result = array(); + global $user; $mdb2 = getConnection(); - $sql = "select * from tt_users where id = $user_id"; + $sql = "select u.*, r.rank from tt_users u left join tt_roles r on (u.role_id = r.id) where u.id = $user_id and u.team_id = $user->team_id"; $res = $mdb2->query($sql); if (!is_a($res, 'PEAR_Error')) { @@ -109,6 +109,7 @@ class ttUserHelper { // insert - inserts a user into database. static function insert($fields, $hash = true) { + global $user; $mdb2 = getConnection(); $password = $mdb2->quote($fields['password']); @@ -116,7 +117,6 @@ class ttUserHelper { $password = 'md5('.$password.')'; $email = isset($fields['email']) ? $fields['email'] : ''; $team_id = (int) $fields['team_id']; - $role = (int) $fields['role']; $rate = str_replace(',', '.', isset($fields['rate']) ? $fields['rate'] : 0); if($rate == '') $rate = 0; @@ -124,10 +124,12 @@ class ttUserHelper { $status_f = ', status'; $status_v = ', '.$mdb2->quote($fields['status']); } + $created_ip_v = ', '.$mdb2->quote($_SERVER['REMOTE_ADDR']); + $created_by_v = ', '.$mdb2->quote($user->id); - $sql = "insert into tt_users (name, login, password, team_id, role, client_id, rate, email $status_f) values (". + $sql = "insert into tt_users (name, login, password, team_id, role_id, client_id, rate, email, created, created_ip, created_by $status_f) values (". $mdb2->quote($fields['name']).", ".$mdb2->quote($fields['login']). - ", $password, $team_id, $role, ".$mdb2->quote($fields['client_id']).", $rate, ".$mdb2->quote($email)." $status_v)"; + ", $password, $team_id, ".$mdb2->quote($fields['role_id']).", ".$mdb2->quote($fields['client_id']).", $rate, ".$mdb2->quote($email).", now() $created_ip_v $created_by_v $status_v)"; $affected = $mdb2->exec($sql); // Now deal with project assignment. @@ -167,10 +169,10 @@ class ttUserHelper { // Prepare query parts. if (isset($fields['password'])) $pass_part = ', password = md5('.$mdb2->quote($fields['password']).')'; - if (right_assign_roles & $user->rights) { - if (isset($fields['role'])) { - $role = (int) $fields['role']; - $role_part = ", role = $role"; + if (in_array('manage_users', $user->rights)) { + if (isset($fields['role_id'])) { + $role_id = (int) $fields['role_id']; + $role_id_part = ", role_id = $role_id"; } if (array_key_exists('client_id', $fields)) // Could be NULL. $client_part = ", client_id = ".$mdb2->quote($fields['client_id']); @@ -187,9 +189,11 @@ class ttUserHelper { $status_part = ", status = $status"; } + $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$mdb2->quote($user->id); + $sql = "update tt_users set login = ".$mdb2->quote($fields['login']). "$pass_part, name = ".$mdb2->quote($fields['name']). - "$role_part $client_part $rate_part $status_part, email = ".$mdb2->quote($fields['email']). + "$role_id_part $client_part $rate_part $modified_part $status_part, email = ".$mdb2->quote($fields['email']). " where id = $user_id"; $affected = $mdb2->exec($sql); if (is_a($affected, 'PEAR_Error')) return false; @@ -247,8 +251,6 @@ class ttUserHelper { } // markDeleted - marks user and its associated things as deleted. - // TODO: address the problem when a deleted user has a scheduled notification configured, - // in which case all other notifications may stop working because of MySQL syntax error. static function markDeleted($user_id) { $mdb2 = getConnection(); global $user; @@ -269,6 +271,12 @@ class ttUserHelper { if (is_a($affected, 'PEAR_Error')) return false; + // Mark favorite reports as deleted. + $sql = "update tt_fav_reports set status = NULL where user_id = $user_id"; + $affected = $mdb2->exec($sql); + if (is_a($affected, 'PEAR_Error')) + return false; + // Mark user as deleted. $sql = "update tt_users set status = NULL where id = $user_id"; $affected = $mdb2->exec($sql); @@ -282,6 +290,12 @@ class ttUserHelper { if (is_a($affected, 'PEAR_Error')) return false; + // Mark favorite reports as deleted. + $sql = "update tt_fav_reports set status = NULL where user_id = $user_id"; + $affected = $mdb2->exec($sql); + if (is_a($affected, 'PEAR_Error')) + return false; + // Mark user as deleted. $sql = "update tt_users set status = NULL where id = $user_id and team_id = ".$user->team_id; $affected = $mdb2->exec($sql); @@ -331,6 +345,12 @@ class ttUserHelper { if (is_a($affected, 'PEAR_Error')) return false; + // Mark favorite reports as deleted. + $sql = "update tt_fav_reports set status = NULL where user_id = $user_id"; + $affected = $mdb2->exec($sql); + if (is_a($affected, 'PEAR_Error')) + return false; + // Mark user as deleted. $sql = "update tt_users set status = NULL where id = $user_id and team_id = ".$user->team_id; $affected = $mdb2->exec($sql); @@ -454,4 +474,13 @@ class ttUserHelper { } return true; } + + // updateLastAccess - updates last access info for user in db. + static function updateLastAccess() { + global $user; + $mdb2 = getConnection(); + $accessed_ip = $mdb2->quote($_SERVER['REMOTE_ADDR']); + $sql = "update tt_users set accessed = now(), accessed_ip = $accessed_ip where id = $user->id"; + $mdb2->exec($sql); + } }