From a3eb3cd074e8b579c9948a6b12587f033ecb3c7e Mon Sep 17 00:00:00 2001 From: Nik Okuntseff Date: Sun, 9 Dec 2018 14:05:19 +0000 Subject: [PATCH] Refactored profile_edit.php for subgroups. --- WEB-INF/lib/ttUserHelper.class.php | 27 ++++++++++++++++++------- WEB-INF/templates/footer.tpl | 2 +- WEB-INF/templates/header.tpl | 2 +- predefined_expense_add.php | 1 + profile_edit.php | 32 ++++++++++++++++++++---------- 5 files changed, 44 insertions(+), 20 deletions(-) diff --git a/WEB-INF/lib/ttUserHelper.class.php b/WEB-INF/lib/ttUserHelper.class.php index 0d628f6d..f91128e7 100644 --- a/WEB-INF/lib/ttUserHelper.class.php +++ b/WEB-INF/lib/ttUserHelper.class.php @@ -146,16 +146,27 @@ class ttUserHelper { $mdb2 = getConnection(); // Check parameters. - if (!$user_id || !isset($fields['login'])) + if (!$user_id) return false; + $group_id = $user->getGroup(); + $org_id = $user->org_id; + // Prepare query parts. + if (isset($fields['login'])) { + $login_part = ", login = ".$mdb2->quote($fields['login']); + } + if (isset($fields['password'])) $pass_part = ', password = md5('.$mdb2->quote($fields['password']).')'; - if (in_array('manage_users', $user->rights)) { + + if (isset($fields['name'])) + $name_part = ', name = '.$mdb2->quote($fields['name']); + + if ($user->can('manage_users')) { if (isset($fields['role_id'])) { $role_id = (int) $fields['role_id']; - $role_id_part = ", role_id = $role_id"; + $role_part = ", role_id = $role_id"; } if (array_key_exists('client_id', $fields)) // Could be NULL. $client_part = ", client_id = ".$mdb2->quote($fields['client_id']); @@ -167,17 +178,19 @@ class ttUserHelper { $rate_part = ", rate = ".$mdb2->quote($rate); } + if (isset($fields['email'])) + $email_part = ', email = '.$mdb2->quote($fields['email']); + if (isset($fields['status'])) { $status = (int) $fields['status']; $status_part = ", status = $status"; } $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$user->id; + $parts = ltrim($login_part.$pass_part.$name_part.$role_part.$client_part.$rate_part.$email_part.$modified_part.$status_part, ','); - $sql = "update tt_users set login = ".$mdb2->quote($fields['login']). - "$pass_part, name = ".$mdb2->quote($fields['name']). - "$role_id_part $client_part $rate_part $modified_part $status_part, email = ".$mdb2->quote($fields['email']). - " where id = $user_id"; + $sql = "update tt_users set $parts". + " where id = $user_id and group_id = $group_id and org_id = $org_id"; $affected = $mdb2->exec($sql); if (is_a($affected, 'PEAR_Error')) return false; diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl index ed2a2f05..d703090c 100644 --- a/WEB-INF/templates/footer.tpl +++ b/WEB-INF/templates/footer.tpl @@ -12,7 +12,7 @@
-
 Anuko Time Tracker 1.18.29.4617 | Copyright © Anuko | +  Anuko Time Tracker 1.18.29.4618 | Copyright © Anuko | {$i18n.footer.credits} | {$i18n.footer.license} | {$i18n.footer.improve} diff --git a/WEB-INF/templates/header.tpl b/WEB-INF/templates/header.tpl index 05270297..546fffaa 100644 --- a/WEB-INF/templates/header.tpl +++ b/WEB-INF/templates/header.tpl @@ -83,7 +83,7 @@
  {$i18n.menu.logout} · - {if $user->can('manage_own_settings')} + {if $user->exists() && $user->can('manage_own_settings')} {$i18n.menu.profile} · {/if} {if $user->can('manage_basic_settings')} diff --git a/predefined_expense_add.php b/predefined_expense_add.php index 0bff7e05..2a0ab6be 100644 --- a/predefined_expense_add.php +++ b/predefined_expense_add.php @@ -39,6 +39,7 @@ if (!$user->isPluginEnabled('ex')) { header('Location: feature_disabled.php'); exit(); } +// End of access checks. if ($request->isPost()) { $cl_name = trim($request->getParameter('name')); diff --git a/profile_edit.php b/profile_edit.php index 9de1820e..d0d3de5f 100644 --- a/profile_edit.php +++ b/profile_edit.php @@ -36,9 +36,15 @@ if (!ttAccessAllowed('manage_own_settings')) { header('Location: access_denied.php'); exit(); } +if (!$user->exists()) { + header('Location: access_denied.php'); // No users in subgroup. + exit(); +} // End of access checks. -$can_manage_account = $user->can('manage_own_account'); +$can_manage_account = $user->behalfGroup ? $user->can('manage_subgroups') : $user->can('manage_own_account'); +if ($user->behalf_id) $user_details = $user->getUserDetails($user->behalf_id); +$current_login = $user->behalf_id ? $user_details['login'] : $user->login; if ($request->isPost()) { $cl_name = trim($request->getParameter('name')); @@ -49,9 +55,15 @@ if ($request->isPost()) { } $cl_email = trim($request->getParameter('email')); } else { - $cl_name = $user->name; - $cl_login = $user->login; - $cl_email = $user->email; + if ($user->behalf_id) { + $cl_name = $user_details['name']; + $cl_login = $user_details['login']; + $cl_email = $user_details['email']; + } else { + $cl_name = $user->name; + $cl_login = $user->login; + $cl_email = $user->email; + } } $form = new Form('profileForm'); @@ -70,7 +82,7 @@ if ($request->isPost()) { if (!ttValidString($cl_login)) $err->add($i18n->get('error.field'), $i18n->get('label.login')); // New login must be unique. - if ($cl_login != $user->login && ttUserHelper::getUserByLogin($cl_login)) + if ($cl_login != $current_login && ttUserHelper::getUserByLogin($cl_login)) $err->add($i18n->get('error.user_exists')); if (!$auth->isPasswordExternal() && ($cl_password1 || $cl_password2)) { @@ -83,12 +95,10 @@ if ($request->isPost()) { // Finished validating user input. if ($err->no()) { - $update_result = ttUserHelper::update($user->id, array( - 'name' => $cl_name, - 'login' => $cl_login, - 'password' => $cl_password1, - 'email' => $cl_email, - 'status' => ACTIVE)); + $fields = $can_manage_account ? + array('name'=>$cl_name,'login'=>$cl_login,'password'=>$cl_password1,'email'=>$cl_email) : + array('password'=>$cl_password1); + $update_result = ttUserHelper::update($user->getUser(), $fields); if ($update_result) { header('Location: time.php'); exit(); -- 2.20.1