From 18e4849ef89b32f8aad1d42f5284bf60d5dc853d Mon Sep 17 00:00:00 2001
From: Nik Okuntseff <support@anuko.com>
Date: Mon, 19 Mar 2018 19:17:55 +0000
Subject: [PATCH] Added swap roles feature.

---
 WEB-INF/lib/ttTeamHelper.class.php | 51 +++++++++++++++++++++++--
 WEB-INF/resources/en.lang.php      |  4 ++
 WEB-INF/templates/footer.tpl       |  2 +-
 WEB-INF/templates/swap_roles.tpl   | 13 +++++++
 mysql.sql                          |  2 +-
 swap_roles.php                     | 60 ++++++++++++++++++++++++++++++
 6 files changed, 127 insertions(+), 5 deletions(-)
 create mode 100644 WEB-INF/templates/swap_roles.tpl
 create mode 100644 swap_roles.php

diff --git a/WEB-INF/lib/ttTeamHelper.class.php b/WEB-INF/lib/ttTeamHelper.class.php
index 60be9b53..74ef5545 100644
--- a/WEB-INF/lib/ttTeamHelper.class.php
+++ b/WEB-INF/lib/ttTeamHelper.class.php
@@ -103,23 +103,68 @@ class ttTeamHelper {
     return $user_list;
   }
 
-  // The getUsers obtains all active and inactive (but not deleted) users in a given team.
-  static function getUsers() {
+  // The swapRolesWith swaps existing user role with that of another user.
+  static function swapRolesWith($user_id) {
     global $user;
     $mdb2 = getConnection();
 
-    $sql = "select id, name from tt_users where team_id = $user->team_id and (status = 1 or status = 0) order by upper(name)";
+    $sql = "select u.id, u.role_id from tt_users u left join tt_roles r on (u.role_id = r.id) where u.id = $user_id and u.team_id = $user->team_id and u.status = 1 and r.rank < $user->rank";
+    $res = $mdb2->query($sql);
+    if (is_a($res, 'PEAR_Error'))
+      return false;
+    $val = $res->fetchRow();
+    if (!$val['id'] || !$val['role_id'])
+      return false;
+
+    // Promote user.
+    $sql = "update tt_users set role_id = $user->role_id where id = $user_id and team_id = $user->team_id";
+    $affected = $mdb2->exec($sql);
+    if (is_a($affected, 'PEAR_Error')) return false;
+
+    // Demote self.
+    $role_id = $val['role_id'];
+    $sql = "update tt_users set role_id = $role_id where id = $user->id and team_id = $user->team_id";
+    $affected = $mdb2->exec($sql);
+    if (is_a($affected, 'PEAR_Error')) return false;
+
+    return true;
+  }
+
+  // The getUsersForSwap obtains all users a current user can swap roles with.
+  static function getUsersForSwap() {
+    global $user;
+    $mdb2 = getConnection();
+
+    $sql = "select u.id, u.name, r.rank, r.rights from tt_users u left join tt_roles r on (u.role_id = r.id) where u.team_id = $user->team_id and u.status = 1 and r.rank < $user->rank order by upper(u.name)";
     $res = $mdb2->query($sql);
     $user_list = array();
     if (is_a($res, 'PEAR_Error'))
       return false;
     while ($val = $res->fetchRow()) {
+      $isClient = in_array('track_own_time', explode(',', $val['rights'])) ? 0 : 1; // Clients do not have data entry right.
+      if ($isClient)
+        continue; // Skip adding clients.
       $user_list[] = $val;
     }
 
     return $user_list;
   }
 
+    // The getUsers obtains all active and inactive (but not deleted) users in a given team.
+  static function getUsers() {
+    global $user;
+    $mdb2 = getConnection();
+    $sql = "select id, name from tt_users where team_id = $user->team_id and (status = 1 or status = 0) order by upper(name)";
+    $res = $mdb2->query($sql);
+    $user_list = array();
+    if (is_a($res, 'PEAR_Error'))
+      return false;
+    while ($val = $res->fetchRow()) {
+      $user_list[] = $val;
+    }
+    return $user_list;
+  }
+
   // The getInactiveUsers obtains all inactive users in a given team.
   static function getInactiveUsers($team_id, $all_fields = false) {
     $mdb2 = getConnection();
diff --git a/WEB-INF/resources/en.lang.php b/WEB-INF/resources/en.lang.php
index 0123f02a..011f458a 100644
--- a/WEB-INF/resources/en.lang.php
+++ b/WEB-INF/resources/en.lang.php
@@ -279,6 +279,7 @@ $i18n_key_words = array(
 // It is also a name for the Locking plugin on the Team profile page.
 'title.locking' => 'Locking',
 'title.week_view' => 'Week View',
+'title.swap_roles' => 'Swapping Roles',
 
 // Section for common strings inside combo boxes on forms. Strings shared between forms shall be placed here.
 // Strings that are used in a single form must go to the specific form section.
@@ -458,6 +459,9 @@ $i18n_key_words = array(
 'form.quota.workday_hours' => 'Hours in work day',
 'form.quota.hint' => 'If values are empty, quotas are calculated automatically based on workday hours and holidays.',
 
+// Swap roles form.
+'form.swap.swap_with' => 'Swap roles with',
+
 // Roles and rights. These strings are used in multiple places. Grouped here to provide consistent translations.
 'role.user.label' => 'User',
 'role.user.low_case_label' => 'user',
diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl
index 8fcee948..8ef8f68a 100644
--- a/WEB-INF/templates/footer.tpl
+++ b/WEB-INF/templates/footer.tpl
@@ -12,7 +12,7 @@
       <br>
       <table cellspacing="0" cellpadding="4" width="100%" border="0">
         <tr>
-          <td align="center">&nbsp;Anuko Time Tracker 1.17.63.4119 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+          <td align="center">&nbsp;Anuko Time Tracker 1.17.64.4120 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
             <a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
             <a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
             <a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
diff --git a/WEB-INF/templates/swap_roles.tpl b/WEB-INF/templates/swap_roles.tpl
new file mode 100644
index 00000000..d2d99240
--- /dev/null
+++ b/WEB-INF/templates/swap_roles.tpl
@@ -0,0 +1,13 @@
+{$forms.swapForm.open}
+<table cellspacing="4" cellpadding="7" border="0">
+  <table cellspacing="1" cellpadding="2" border="0">
+    <tr>
+      <td align=""right">{$i18n.form.swap.swap_with}:</td>
+      <td>{$forms.swapForm.swap_with.control}</td>
+    </tr>
+    <tr>
+      <td colspan="2" align="center" height="50">{$forms.swapForm.btn_submit.control}</td>
+    </tr>
+  </table>
+</table>
+{$forms.swapForm.close}
diff --git a/mysql.sql b/mysql.sql
index 0a26f1fe..61b39098 100644
--- a/mysql.sql
+++ b/mysql.sql
@@ -446,4 +446,4 @@ CREATE TABLE `tt_site_config` (
   PRIMARY KEY  (`param_name`)
 );
 
-INSERT INTO `tt_site_config` (`param_name`, `param_value`, `created`) VALUES ('version_db', '1.17.59', now()); # TODO: change when structure changes.
+INSERT INTO `tt_site_config` (`param_name`, `param_value`, `created`) VALUES ('version_db', '1.17.64', now()); # TODO: change when structure changes.
diff --git a/swap_roles.php b/swap_roles.php
new file mode 100644
index 00000000..5ee47248
--- /dev/null
+++ b/swap_roles.php
@@ -0,0 +1,60 @@
+<?php
+// +----------------------------------------------------------------------+
+// | Anuko Time Tracker
+// +----------------------------------------------------------------------+
+// | Copyright (c) Anuko International Ltd. (https://www.anuko.com)
+// +----------------------------------------------------------------------+
+// | LIBERAL FREEWARE LICENSE: This source code document may be used
+// | by anyone for any purpose, and freely redistributed alone or in
+// | combination with other software, provided that the license is obeyed.
+// |
+// | There are only two ways to violate the license:
+// |
+// | 1. To redistribute this code in source form, with the copyright
+// |    notice or license removed or altered. (Distributing in compiled
+// |    forms without embedded copyright notices is permitted).
+// |
+// | 2. To redistribute modified versions of this code in *any* form
+// |    that bears insufficient indications that the modifications are
+// |    not the work of the original author(s).
+// |
+// | This license applies to this document only, not any other software
+// | that it may be combined with.
+// |
+// +----------------------------------------------------------------------+
+// | Contributors:
+// | https://www.anuko.com/time_tracker/credits.htm
+// +----------------------------------------------------------------------+
+
+require_once('initialize.php');
+import('form.Form');
+import('ttUserHelper');
+
+// Access check.
+if (!ttAccessAllowed('swap_roles')) {
+  header('Location: access_denied.php');
+  exit();
+}
+
+$users = ttTeamHelper::getUsersForSwap();
+
+if ($request->isPost()) {
+  $cl_id = $request->getParameter('swap_with');
+}
+
+$form = new Form('swapForm');
+$form->addInput(array('type'=>'combobox','name'=>'swap_with','style'=>'width: 250px;','data'=>$users,'datakeys'=>array('id','name')));
+$form->addInput(array('type'=>'submit','name'=>'btn_submit','value'=>$i18n->getKey('button.submit')));
+
+if ($request->isPost()) {
+  if (ttTeamHelper::swapRolesWith($cl_id)) {
+    header('Location: users.php');
+    exit();
+  } else
+    $err->add($i18n->getKey('error.db'));
+}
+
+$smarty->assign('forms', array($form->getName()=>$form->toArray()));
+$smarty->assign('title', $i18n->getKey('title.swap_roles'));
+$smarty->assign('content_page_name', 'swap_roles.tpl');
+$smarty->display('index.tpl');
-- 
2.20.1