From 2d3de45e7035c94e64bf54d6e610ac613724b912 Mon Sep 17 00:00:00 2001 From: Nik Okuntseff Date: Thu, 29 Nov 2018 14:04:05 +0000 Subject: [PATCH] Refactoring in ttAdmin class and its use. --- WEB-INF/lib/ttAdmin.class.php | 210 ++++++++++++++++------------------ WEB-INF/templates/footer.tpl | 2 +- admin_group_add.php | 55 +++++---- admin_group_delete.php | 6 +- admin_group_edit.php | 23 ++-- 5 files changed, 143 insertions(+), 153 deletions(-) diff --git a/WEB-INF/lib/ttAdmin.class.php b/WEB-INF/lib/ttAdmin.class.php index 6a16034e..d0a1b8dc 100644 --- a/WEB-INF/lib/ttAdmin.class.php +++ b/WEB-INF/lib/ttAdmin.class.php @@ -27,6 +27,7 @@ // +----------------------------------------------------------------------+ import('ttUser'); +import('ttRoleHelper'); // ttAdmin class is used to perform admin tasks. class ttAdmin { @@ -40,7 +41,7 @@ class ttAdmin { } // getSubgroups rerurns an array of subgroups for a group. - function getSubgroups($group_id) { + static function getSubgroups($group_id) { $mdb2 = getConnection(); $subgroups = array(); @@ -54,67 +55,6 @@ class ttAdmin { return $subgroups; } - // getUsers obtains user ids in a group. - function getUsers($group_id) { - $mdb2 = getConnection(); - $sql = "select id from tt_users where group_id = $group_id"; - $res = $mdb2->query($sql); - $users = array(); - if (!is_a($res, 'PEAR_Error')) { - while ($val = $res->fetchRow()) { - $users[] = $val; - } - } - return $users; - } - - // markUserDeleted marks a user and all things associated with user as deleted. - function markUserDeleted($user_id) { - $mdb2 = getConnection(); - - // Mark user binds as deleted. - $sql = "update tt_user_project_binds set status = NULL where user_id = $user_id"; - $affected = $mdb2->exec($sql); - if (is_a($affected, 'PEAR_Error')) return false; - - // Mark favorite reports as deleted. - $sql = "update tt_fav_reports set status = NULL where user_id = $user_id"; - $affected = $mdb2->exec($sql); - if (is_a($affected, 'PEAR_Error')) return false; - - // Mark user as deleted. - global $user; - $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$mdb2->quote($user->id); - $sql = "update tt_users set status = NULL $modified_part where id = $user_id"; - $affected = $mdb2->exec($sql); - if (is_a($affected, 'PEAR_Error')) return false; - - return true; - } - - // The markTasksDeleted deletes task binds and marks the tasks as deleted for a group. - function markTasksDeleted($group_id) { - $mdb2 = getConnection(); - $sql = "select id from tt_tasks where group_id = $group_id"; - $res = $mdb2->query($sql); - if (is_a($res, 'PEAR_Error')) return false; - - while ($val = $res->fetchRow()) { - // Delete task binds. - $task_id = $val['id']; - $sql = "delete from tt_project_task_binds where task_id = $task_id"; - $affected = $mdb2->exec($sql); - if (is_a($affected, 'PEAR_Error')) return false; - - // Mark task as deleted. - $sql = "update tt_tasks set status = NULL where id = $task_id"; - $affected = $mdb2->exec($sql); - if (is_a($affected, 'PEAR_Error')) return false; - } - - return true; - } - // markGroupDeleted marks a group and everything in it as deleted. // This function is called in context of a logged on admin who may // operate on any group. @@ -186,56 +126,6 @@ class ttAdmin { return true; } - // validateGroupInfo validates group information entered by user. - function validateGroupInfo($fields) { - global $i18n; - global $auth; - - $result = true; - - if (!ttValidString($fields['new_group_name'])) { - $this->err->add($i18n->get('error.field'), $i18n->get('label.group_name')); - $result = false; - } - if (!ttValidString($fields['user_name'])) { - $this->err->add($i18n->get('error.field'), $i18n->get('label.manager_name')); - $result = false; - } - if (!ttValidString($fields['new_login'])) { - $this->err->add($i18n->get('error.field'), $i18n->get('label.manager_login')); - $result = false; - } - - // If we change login, it must be unique. - if ($fields['new_login'] != $fields['old_login']) { - if (ttUserHelper::getUserByLogin($fields['new_login'])) { - $this->err->add($i18n->get('error.user_exists')); - $result = false; - } - } - - if (!$auth->isPasswordExternal() && ($fields['password1'] || $fields['password2'])) { - if (!ttValidString($fields['password1'])) { - $this->err->add($i18n->get('error.field'), $i18n->get('label.password')); - $result = false; - } - if (!ttValidString($fields['password2'])) { - $this->err->add($i18n->get('error.field'), $i18n->get('label.confirm_password')); - $result = false; - } - if ($fields['password1'] !== $fields['password2']) { - $this->err->add($i18n->get('error.not_equal'), $i18n->get('label.password'), $i18n->get('label.confirm_password')); - $result = false; - } - } - if (!ttValidEmail($fields['email'], true)) { - $this->err->add($i18n->get('error.field'), $i18n->get('label.email')); - $result = false; - } - - return $result; - } - // updateGroup updates a (top) group with new information. static function updateGroup($fields) { $group_id = (int)$fields['group_id']; @@ -338,8 +228,24 @@ class ttAdmin { return true; } - // getGroupDetails obtains group name and its top manager details. - static function getGroupDetails($group_id) { + // getGroupName obtains group name. + static function getGroupName($group_id) { + $result = array(); + $mdb2 = getConnection(); + + $sql = "select name from tt_groups where id = $group_id"; + + $res = $mdb2->query($sql); + if (!is_a($res, 'PEAR_Error')) { + $val = $res->fetchRow(); + return $val['name']; + } + + return false; + } + + // getOrgDetails obtains group name and its top manager details. + static function getOrgDetails($group_id) { $result = array(); $mdb2 = getConnection(); @@ -383,4 +289,80 @@ class ttAdmin { $affected = $mdb2->exec($sql); return (!is_a($affected, 'PEAR_Error')); } + + // createGroup creates a new top group and returns its id. + // It is a helper function for createOrg. + static function createGroup($fields) { + global $user; + $mdb2 = getConnection(); + + $name = $mdb2->quote($fields['group_name']); + $currency = $mdb2->quote($fields['currency']); + $lang = $mdb2->quote($fields['lang']); + $created = 'now()'; + $created_ip = $mdb2->quote($_SERVER['REMOTE_ADDR']); + $created_by = $user->id; + + $sql = "insert into tt_groups (name, currency, lang, created, created_ip, created_by)". + " values($name, $currency, $lang, $created, $created_ip, $created_by)"; + $affected = $mdb2->exec($sql); + if (is_a($affected, 'PEAR_Error')) return false; + + $group_id = $mdb2->lastInsertID('tt_groups', 'id'); + + // Update org_id with group_id. + $sql = "update tt_groups set org_id = $group_id where org_id is NULL and id = $group_id"; + $affected = $mdb2->exec($sql); + if (is_a($affected, 'PEAR_Error')) return false; + + return $group_id; + } + + // createOrgManager creates a new user (top manager role) in a group. + // It is a helper function for createOrg. + static function createOrgManager($fields) { + global $user; + $mdb2 = getConnection(); + + $role_id = ttRoleHelper::getTopManagerRoleID(); + $login = $mdb2->quote($fields['login']); + $password = 'md5('.$mdb2->quote($fields['password']).')'; + $name = $mdb2->quote($fields['user_name']); + $group_id = (int) $fields['group_id']; + $org_id = $group_id; + $email = $mdb2->quote($fields['email']); + $created = 'now()'; + $created_ip = $mdb2->quote($_SERVER['REMOTE_ADDR']); + $created_by = $user->id; + + $columns = '(login, password, name, group_id, org_id, role_id, email, created, created_ip, created_by)'; + $values = "values($login, $password, $name, $group_id, $org_id, $role_id, $email, $created, $created_ip, $created_by)"; + + $sql = "insert into tt_users $columns $values"; + $affected = $mdb2->exec($sql); + return (!is_a($affected, 'PEAR_Error')); + } + + // The createOrg function creates an organization in Time Tracker. + static function createOrg($fields) { + // There are 3 steps that we need to 2 when creating a new organization. + // 1. Create a new group with null parent_id. + // 2. Create pre-defined roles in it. + // 3. Create a top manager account for new group. + + // Create a new group. + $group_id = ttAdmin::createGroup($fields); + if (!$group_id) return false; + + // Create predefined roles. + if (!ttRoleHelper::createPredefinedRoles($group_id, $fields['lang'])) + return false; + + // Create user. + $fields['group_id'] = $group_id; + if (!ttAdmin::createOrgManager($fields)) + return false; + + return true; + } } diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl index 587079ff..321397a8 100644 --- a/WEB-INF/templates/footer.tpl +++ b/WEB-INF/templates/footer.tpl @@ -12,7 +12,7 @@
-
 Anuko Time Tracker 1.18.28.4537 | Copyright © Anuko | +  Anuko Time Tracker 1.18.28.4538 | Copyright © Anuko | {$i18n.footer.credits} | {$i18n.footer.license} | {$i18n.footer.improve} diff --git a/admin_group_add.php b/admin_group_add.php index 40d7a874..52b4134f 100644 --- a/admin_group_add.php +++ b/admin_group_add.php @@ -29,7 +29,7 @@ require_once('initialize.php'); import('form.Form'); import('ttUserHelper'); -import('ttRoleHelper'); +import('ttAdmin'); // Access checks. if (!ttAccessAllowed('administer_site')) { @@ -82,34 +82,39 @@ $form->addInput(array('type'=>'text','maxlength'=>'100','name'=>'manager_email', $form->addInput(array('type'=>'submit','name'=>'btn_submit','value'=>$i18n->get('button.submit'))); if ($request->isPost()) { + // Validate user input. + if (!ttValidString($cl_group_name)) + $err->add($i18n->get('error.field'), $i18n->get('label.group_name')); + if (!ttValidString($cl_manager_name)) + $err->add($i18n->get('error.field'), $i18n->get('label.manager_name')); + if (!ttValidString($cl_manager_login)) + $err->add($i18n->get('error.field'), $i18n->get('label.manager_login')); + if (ttUserHelper::getUserByLogin($cl_manager_login)) + $err->add($i18n->get('error.user_exists')); + if (!ttValidString($cl_password1)) + $err->add($i18n->get('error.field'), $i18n->get('label.password')); + if (!ttValidString($cl_password2)) + $err->add($i18n->get('error.field'), $i18n->get('label.confirm_password')); + if ($cl_password1 !== $cl_password2) + $err->add($i18n->get('error.not_equal'), $i18n->get('label.password'), $i18n->get('label.confirm_password')); + if (!ttValidEmail($cl_manager_email, true)) + $err->add($i18n->get('error.field'), $i18n->get('label.email')); - /* - * Note: creating a group by admin is pretty much the same as self-registration, - * except that created_by fields for group and user must be set to admin account. - * Therefore, we'll reuse ttRegistrator instance to create a group here - * and override created_by fields using ttRegistrator::setCreatedBy() function. - */ - - // Create fields array for ttRegistrator instance. if (!defined('CURRENCY_DEFAULT')) define('CURRENCY_DEFAULT', '$'); - $fields = array( - 'user_name' => $cl_manager_name, - 'login' => $cl_manager_login, - 'password1' => $cl_password1, - 'password2' => $cl_password2, - 'email' => $cl_manager_email, - 'group_name' => $cl_group_name, - 'currency' => CURRENCY_DEFAULT, - 'lang' => $cl_lang, - 'created_by_id' => $user->id); - // Create an instance of ttRegistrator class. - import('ttRegistrator'); - $registrator = new ttRegistrator($fields, $err); - $registrator->register(); if ($err->no()) { - header('Location: admin_groups.php'); - exit(); + if (ttAdmin::createOrg(array('group_name' => $cl_group_name, + 'currency' => CURRENCY_DEFAULT, + 'lang' => $cl_lang, + 'user_name' => $cl_manager_name, + 'login' => $cl_manager_login, + 'password' => $cl_password1, + 'email' => $cl_manager_email))) { + header('Location: admin_groups.php'); + exit(); + } else { + $err->add($i18n->get('error.db')); + } } } // isPost diff --git a/admin_group_delete.php b/admin_group_delete.php index fea57365..94450019 100644 --- a/admin_group_delete.php +++ b/admin_group_delete.php @@ -36,8 +36,8 @@ if (!ttAccessAllowed('administer_site')) { exit(); } $group_id = (int)$request->getParameter('id'); -$group_details = ttAdmin::getGroupDetails($group_id); -if (!($group_id && $group_details)) { +$group_name = ttAdmin::getGroupName($group_id); +if (!($group_id && $group_name)) { header('Location: access_denied.php'); exit(); } @@ -63,7 +63,7 @@ if ($request->isPost()) { } } // isPost -$smarty->assign('group_to_delete', $group_details['group_name']); +$smarty->assign('group_to_delete', $group_name); $smarty->assign('forms', array($form->getName()=>$form->toArray())); $smarty->assign('title', $i18n->get('title.delete_group')); $smarty->assign('content_page_name', 'admin_group_delete.tpl'); diff --git a/admin_group_edit.php b/admin_group_edit.php index 5e34e807..ee639d04 100644 --- a/admin_group_edit.php +++ b/admin_group_edit.php @@ -37,13 +37,16 @@ if (!ttAccessAllowed('administer_site')) { exit(); } $group_id = (int)$request->getParameter('id'); -$group_details = ttAdmin::getGroupDetails($group_id); -if (!($group_id && $group_details)) { +$group_name = ttAdmin::getGroupName($group_id); +if (!($group_id && $group_name)) { header('Location: access_denied.php'); exit(); } // End of access checks. +$org_details = ttAdmin::getOrgDetails($group_id); +if (!$org_details) $err->add($i18n->get('error.db')); + if ($request->isPost()) { $cl_group_name = trim($request->getParameter('group_name')); $cl_manager_name = trim($request->getParameter('manager_name')); @@ -54,13 +57,13 @@ if ($request->isPost()) { } $cl_manager_email = trim($request->getParameter('manager_email')); } else { - $cl_group_name = $group_details['group_name']; - $cl_manager_name = $group_details['manager_name']; - $cl_manager_login = $group_details['manager_login']; + $cl_group_name = $org_details['group_name']; + $cl_manager_name = $org_details['manager_name']; + $cl_manager_login = $org_details['manager_login']; if (!$auth->isPasswordExternal()) { $cl_password1 = $cl_password2 = ''; } - $cl_manager_email = $group_details['manager_email']; + $cl_manager_email = $org_details['manager_email']; } $form = new Form('groupForm'); @@ -87,7 +90,7 @@ if ($request->isPost()) { if (!ttValidString($cl_manager_login)) $err->add($i18n->get('error.field'), $i18n->get('label.manager_login')); // If we change login, it must be unique. - if ($cl_manager_login != $group_details['manager_login']) { + if ($cl_manager_login != $org_details['manager_login']) { if (ttUserHelper::getUserByLogin($cl_manager_login)) { $err->add($i18n->get('error.user_exists')); } @@ -105,11 +108,11 @@ if ($request->isPost()) { if ($err->no()) { if (ttAdmin::updateGroup(array('group_id' => $group_id, - 'old_group_name' => $group_details['group_name'], + 'old_group_name' => $org_details['group_name'], 'new_group_name' => $cl_group_name, - 'user_id' => $group_details['manager_id'], + 'user_id' => $org_details['manager_id'], 'user_name' => $cl_manager_name, - 'old_login' => $group_details['manager_login'], + 'old_login' => $org_details['manager_login'], 'new_login' => $cl_manager_login, 'password1' => $cl_password1, 'password2' => $cl_password2, -- 2.20.1