From 284ada20223c87b9502ab7fd4f7663a1533f8ba2 Mon Sep 17 00:00:00 2001 From: markjcrane Date: Sun, 8 Dec 2019 07:37:04 +0000 Subject: [PATCH] Add group manager changes --- core/groups/classes/groups.php | 411 ++++++++++++++++++++++++++ core/groups/groupadd.php | 183 ------------ core/groups/groupdelete.php | 138 --------- core/groups/groupedit.php | 417 -------------------------- core/groups/groups.php | 525 +++++++++++++++++---------------- 5 files changed, 677 insertions(+), 997 deletions(-) create mode 100644 core/groups/classes/groups.php delete mode 100644 core/groups/groupadd.php delete mode 100644 core/groups/groupdelete.php delete mode 100644 core/groups/groupedit.php diff --git a/core/groups/classes/groups.php b/core/groups/classes/groups.php new file mode 100644 index 0000000000..5ae31d826d --- /dev/null +++ b/core/groups/classes/groups.php @@ -0,0 +1,411 @@ + + Portions created by the Initial Developer are Copyright (C) 2019 + the Initial Developer. All Rights Reserved. + + Contributor(s): + Mark J Crane +*/ + +/** + * groups class + * + * @method null delete + * @method null toggle + * @method null copy + */ +if (!class_exists('groups')) { + class groups { + + /** + * declare the variables + */ + private $app_name; + private $app_uuid; + private $name; + private $table; + private $toggle_field; + private $toggle_values; + private $location; + + /** + * called when the object is created + */ + public function __construct() { + //assign the variables + $this->app_name = 'groups'; + $this->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84'; + $this->name = 'group'; + $this->table = 'groups'; + $this->toggle_field = 'group_protected'; + $this->toggle_values = ['true','false']; + $this->location = 'groups.php'; + } + + /** + * called when there are no references to a particular object + * unset the variables used in the class + */ + public function __destruct() { + foreach ($this as $key => $value) { + unset($this->$key); + } + } + + /** + * delete rows from the database + */ + public function delete($records) { + if (permission_exists($this->name.'_delete')) { + + //add multi-lingual support + $language = new text; + $text = $language->get(); + + //validate the token + $token = new token; + if (!$token->validate($_SERVER['PHP_SELF'])) { + message::add($text['message-invalid_token'],'negative'); + header('Location: '.$this->location); + exit; + } + + //delete multiple records + if (is_array($records) && @sizeof($records) != 0) { + //build the delete array + $x = 0; + foreach ($records as $record) { + //add to the array + if ($record['checked'] == 'true' && is_uuid($record['uuid'])) { + $array[$this->table][$x][$this->name.'_uuid'] = $record['uuid']; + } + + //get the group permissions + $sql = "select group_permission_uuid "; + $sql .= "from v_group_permissions "; + $sql .= "where group_uuid = :group_uuid "; + $parameters['group_uuid'] = $record['uuid']; + $database = new database; + $result = $database->select($sql, $parameters, 'all'); + if (is_array($result) && sizeof($result) != 0) { + foreach ($result as $index => $row) { + //build array + $array['group_permissions'][$index]['group_permission_uuid'] = $row['group_permission_uuid']; + $array['group_permissions'][$index]['group_uuid'] = $record['uuid']; + } + if (is_array($array) && sizeof($array) != 0) { + //delete the group permissions + $p = new permissions; + $p->add('group_permission_delete', 'temp'); + + $database = new database; + $database->app_name = 'groups'; + $database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84'; + $database->delete($array); + unset($array); + + $p->delete('group_permission_delete', 'temp'); + } + } + unset($sql, $parameters, $result, $row); + + //delete the group + $array['groups'][0]['group_uuid'] = $group_uuid; + $database = new database; + $database->app_name = 'groups'; + $database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84'; + $database->delete($array); + unset($array); + + //increment the id + $x++; + } + + //delete the checked rows + if (is_array($array) && @sizeof($array) != 0) { + //execute delete + $database = new database; + $database->app_name = $this->app_name; + $database->app_uuid = $this->app_uuid; + $database->delete($array); + unset($array); + + //set message + message::add($text['message-delete']); + } + unset($records); + } + } + } + + /** + * toggle a field between two values + */ + public function toggle($records) { + if (permission_exists($this->name.'_edit')) { + + //add multi-lingual support + $language = new text; + $text = $language->get(); + + //validate the token + $token = new token; + if (!$token->validate($_SERVER['PHP_SELF'])) { + message::add($text['message-invalid_token'],'negative'); + header('Location: '.$this->location); + exit; + } + + //toggle the checked records + if (is_array($records) && @sizeof($records) != 0) { + //get current toggle state + foreach($records as $record) { + if ($record['checked'] == 'true' && is_uuid($record['uuid'])) { + $uuids[] = "'".$record['uuid']."'"; + } + } + if (is_array($uuids) && @sizeof($uuids) != 0) { + $sql = "select ".$this->name."_uuid as uuid, ".$this->toggle_field." as toggle from v_".$this->table." "; + $sql .= "where (domain_uuid = :domain_uuid or domain_uuid is null) "; + $sql .= "and ".$this->name."_uuid in (".implode(', ', $uuids).") "; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $database = new database; + $rows = $database->select($sql, $parameters, 'all'); + if (is_array($rows) && @sizeof($rows) != 0) { + foreach ($rows as $row) { + $states[$row['uuid']] = $row['toggle']; + } + } + unset($sql, $parameters, $rows, $row); + } + + //build update array + $x = 0; + foreach($states as $uuid => $state) { + //create the array + $array[$this->table][$x][$this->name.'_uuid'] = $uuid; + $array[$this->table][$x][$this->toggle_field] = $state == $this->toggle_values[0] ? $this->toggle_values[1] : $this->toggle_values[0]; + + //increment the id + $x++; + } + + //save the changes + if (is_array($array) && @sizeof($array) != 0) { + //save the array + $database = new database; + $database->app_name = $this->app_name; + $database->app_uuid = $this->app_uuid; + $database->save($array); + unset($array); + + //set message + message::add($text['message-toggle']); + } + unset($records, $states); + } + } + } + + /** + * copy rows from the database + */ + public function copy($records) { + if (permission_exists($this->name.'_add')) { + + //add multi-lingual support + $language = new text; + $text = $language->get(); + + //validate the token + $token = new token; + if (!$token->validate($_SERVER['PHP_SELF'])) { + message::add($text['message-invalid_token'],'negative'); + header('Location: '.$this->location); + exit; + } + + //copy the checked records + if (is_array($records) && @sizeof($records) != 0) { + + //get checked records + foreach($records as $record) { + if ($record['checked'] == 'true' && is_uuid($record['uuid'])) { + $uuids[] = "'".$record['uuid']."'"; + } + } + + //create the array from existing data + if (is_array($uuids) && @sizeof($uuids) != 0) { + $sql = "select * from v_".$this->table." "; + $sql .= "where (domain_uuid = :domain_uuid or domain_uuid is null) "; + $sql .= "and ".$this->name."_uuid in (".implode(', ', $uuids).") "; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $database = new database; + $rows = $database->select($sql, $parameters, 'all'); + if (is_array($rows) && @sizeof($rows) != 0) { + $x = 0; + foreach ($rows as $row) { + //copy data + $array[$this->table][$x] = $row; + + //add copy to the description + $array[$this->table][$x][$this->name.'_uuid'] = uuid(); + $array[$this->table][$x][$this->name.'_description'] = trim($row[$this->name.'_description']).' ('.$text['label-copy'].')'; + + //increment the id + $x++; + } + } + unset($sql, $parameters, $rows, $row); + } + + //save the changes and set the message + if (is_array($array) && @sizeof($array) != 0) { + //save the array + $database = new database; + $database->app_name = $this->app_name; + $database->app_uuid = $this->app_uuid; + $database->save($array); + unset($array); + + //set message + message::add($text['message-copy']); + } + unset($records); + } + } + } + + + /** + * add defaults groups + */ + public function defaults() { + + //if the are no groups add the default groups + $sql = "select * from v_groups "; + $sql .= "where domain_uuid is null "; + $database = new database; + $result = $database->select($sql, null, 'all'); + if (count($result) == 0) { + $x = 0; + $array['groups'][$x]['group_uuid'] = uuid(); + $array['groups'][$x]['domain_uuid'] = null; + $array['groups'][$x]['group_name'] = 'superadmin'; + $array['groups'][$x]['group_level'] = '80'; + $array['groups'][$x]['group_description'] = 'Super Administrator Group'; + $array['groups'][$x]['group_protected'] = 'false'; + $x++; + $array['groups'][$x]['group_uuid'] = uuid(); + $array['groups'][$x]['domain_uuid'] = null; + $array['groups'][$x]['group_name'] = 'admin'; + $array['groups'][$x]['group_level'] = '50'; + $array['groups'][$x]['group_description'] = 'Administrator Group'; + $array['groups'][$x]['group_protected'] = 'false'; + $x++; + $array['groups'][$x]['group_uuid'] = uuid(); + $array['groups'][$x]['domain_uuid'] = null; + $array['groups'][$x]['group_name'] = 'user'; + $array['groups'][$x]['group_level'] = '30'; + $array['groups'][$x]['group_description'] = 'User Group'; + $array['groups'][$x]['group_protected'] = 'false'; + $x++; + $array['groups'][$x]['group_uuid'] = uuid(); + $array['groups'][$x]['domain_uuid'] = null; + $array['groups'][$x]['group_name'] = 'agent'; + $array['groups'][$x]['group_level'] = '20'; + $array['groups'][$x]['group_description'] = 'Call Center Agent Group'; + $array['groups'][$x]['group_protected'] = 'false'; + $x++; + $array['groups'][$x]['group_uuid'] = uuid(); + $array['groups'][$x]['domain_uuid'] = null; + $array['groups'][$x]['group_name'] = 'public'; + $array['groups'][$x]['group_level'] = '10'; + $array['groups'][$x]['group_description'] = 'Public Group'; + $array['groups'][$x]['group_protected'] = 'false'; + + //add the temporary permissions + $p = new permissions; + $p->add("group_add", "temp"); + $p->add("group_edit", "temp"); + + //save the data to the database + $database = new database; + $database->app_name = 'groups'; + $database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84'; + $database->save($array); + unset($array); + + //remove the temporary permission + $p->delete("group_add", "temp"); + $p->delete("group_edit", "temp"); + } + unset($result); + + //if there are no permissions listed in v_group_permissions then set the default permissions + $sql = "select count(*) from v_group_permissions "; + $sql .= "where domain_uuid is null "; + $database = new database; + $num_rows = $database->select($sql, null, 'column'); + if ($num_rows == 0) { + //build the apps array + $config_list = glob($_SERVER["DOCUMENT_ROOT"] . PROJECT_PATH . "/*/*/app_config.php"); + $x = 0; + foreach ($config_list as &$config_path) { + include($config_path); + $x++; + } + + //no permissions found add the defaults + foreach($apps as $app) { + if (is_array($app['permissions'])) foreach ($app['permissions'] as $row) { + if (is_array($row['groups'])) foreach ($row['groups'] as $group) { + $x++; + $array['group_permissions'][$x]['group_permission_uuid'] = uuid(); + $array['group_permissions'][$x]['domain_uuid'] = null; + $array['group_permissions'][$x]['permission_name'] = $row['name']; + $array['group_permissions'][$x]['group_name'] = $group; + } + } + } + + //add the temporary permissions + $p = new permissions; + $p->add("group_permission_add", "temp"); + $p->add("group_permission_edit", "temp"); + + //save the data to the database + $database = new database; + $database->app_name = 'groups'; + $database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84'; + $database->save($array); + unset($array); + + //remove the temporary permission + $p->delete("group_permission_add", "temp"); + $p->delete("group_permission_edit", "temp"); + } + } + + } +} + +?> \ No newline at end of file diff --git a/core/groups/groupadd.php b/core/groups/groupadd.php deleted file mode 100644 index 4212e73870..0000000000 --- a/core/groups/groupadd.php +++ /dev/null @@ -1,183 +0,0 @@ - - Portions created by the Initial Developer are Copyright (C) 2008-2014 - the Initial Developer. All Rights Reserved. - - Contributor(s): - Mark J Crane -*/ - -//includes - include "root.php"; - require_once "resources/require.php"; - require_once "resources/check_auth.php"; - -//check permissions - if (permission_exists('group_add')) { - //access allowed - } - else { - echo "access denied"; - return; - } - -//add multi-lingual support - $language = new text; - $text = $language->get(); - -//get the http values and set them as variables - if (count($_POST) > 0) { - //set the variables - $group_name = $_POST["group_name"]; - if (permission_exists('group_domain')) { - $domain_uuid = $_POST["domain_uuid"]; - } - else { - $domain_uuid = $_SESSION['domain_uuid']; - } - $group_description = $_POST["group_description"]; - - //validate the token - $token = new token; - if (!$token->validate($_SERVER['PHP_SELF'])) { - message::add($text['message-invalid_token'],'negative'); - header('Location: groups.php'); - exit; - } - - //check for global/domain duplicates - $sql = "select count(*) from v_groups where "; - $sql .= "group_name = :group_name "; - if (is_uuid($domain_uuid)) { - $sql .= "and domain_uuid = :domain_uuid "; - $parameters['domain_uuid'] = $domain_uuid; - } - else { - $sql .= "and domain_uuid is null "; - } - $parameters['group_name'] = $group_name; - $database = new database; - $num_rows = $database->select($sql, $parameters, 'column'); - $group_exists = ($num_rows > 0) ? true : false; - unset($sql, $parameters, $num_rows); - - //insert group - if (!$group_exists) { - $array['groups'][0]['group_uuid'] = uuid(); - $array['groups'][0]['domain_uuid'] = is_uuid($domain_uuid) ? $domain_uuid : null; - $array['groups'][0]['group_name'] = $group_name; - $array['groups'][0]['group_description'] = $group_description; - $database = new database; - $database->app_name = 'groups'; - $database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84'; - $database->save($array); - unset($array); - - message::add($text['message-add']); - header("Location: groups.php"); - } - else { - message::add($text['message-group_exists'], 'negative'); - header("Location: groupadd.php"); - } - - //redirect the user - return; - } - -//create token - $object = new token; - $token = $object->create($_SERVER['PHP_SELF']); - -//include the header - include "resources/header.php"; - $document['title'] = $text['title-group_add']; - -//show the content - echo "
\n"; - - echo "\n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo "
\n"; - echo " ".$text['header-group_add']."\n"; - echo "

\n"; - echo " ".$text['description-group_add']."\n"; - echo " 		\n"; - echo " "; - echo " \n"; - echo "
\n"; - echo "
"; - - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - - if (permission_exists('group_domain')) { - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - } - - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - - echo "\n"; - echo "\n"; - echo "\n"; - - echo "
\n"; - echo $text['label-group_name']."\n"; - echo "\n"; - echo " \n"; - echo "
\n"; - echo " ".$text['label-domain']."\n"; - echo "\n"; - echo " \n"; - echo "
\n"; - echo $text['description-domain_name']."\n"; - echo "
\n"; - echo $text['label-group_description']."\n"; - echo "\n"; - echo "\n"; - echo "
\n"; - echo " \n"; - echo "
"; - echo " \n"; - echo "
\n"; - echo "

"; - echo "
"; - -//include the footer - include "resources/footer.php"; - -?> \ No newline at end of file diff --git a/core/groups/groupdelete.php b/core/groups/groupdelete.php deleted file mode 100644 index c1a7e9e8cd..0000000000 --- a/core/groups/groupdelete.php +++ /dev/null @@ -1,138 +0,0 @@ - - Portions created by the Initial Developer are Copyright (C) 2008-2015 - the Initial Developer. All Rights Reserved. - - Contributor(s): - Mark J Crane -*/ - -//includes - include "root.php"; - require_once "resources/require.php"; - require_once "resources/check_auth.php"; - -//check permissions - if (permission_exists('group_delete') || if_group("superadmin")) { - //access allowed - } - else { - echo "access denied"; - return; - } - -//add multi-lingual support - $language = new text; - $text = $language->get(); - -//validate the uuid - if (is_uuid($_GET["id"])) { - $group_uuid = $_GET["id"]; - - //get the group from v_groups - $sql = "select domain_uuid, group_name from v_groups "; - $sql .= "where group_uuid = :group_uuid "; - if (!permission_exists('group_domain')) { - $sql .= "and (domain_uuid = :domain_uuid or domain_uuid is null) "; - $parameters['domain_uuid'] = $_SESSION['domain_uuid']; - } - $parameters['group_uuid'] = $group_uuid; - $database = new database; - $row = $database->select($sql, $parameters, 'row'); - unset($sql, $parameters); - - if (is_array($row) && sizeof($row) != 0) { - - $domain_uuid = $row["domain_uuid"]; - $group_name = $row["group_name"]; - - //delete the user groups - $array['user_groups'][0]['group_uuid'] = $group_uuid; - - $p = new permissions; - $p->add('user_group_delete', 'temp'); - - $database = new database; - $database->app_name = 'groups'; - $database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84'; - $database->delete($array); - unset($array); - - $p->delete('user_group_delete', 'temp'); - - //get the group permissions - $sql = "select group_permission_uuid "; - $sql .= "from v_group_permissions "; - $sql .= "where group_name = :group_name "; - if (is_uuid($domain_uuid)) { - $sql .= "and domain_uuid = :domain_uuid "; - $parameters['domain_uuid'] = $domain_uuid; - } - else { - $sql .= "and domain_uuid is null "; - } - $parameters['group_name'] = $group_name; - $database = new database; - $result = $database->select($sql, $parameters, 'all'); - if (is_array($result) && sizeof($result) != 0) { - foreach ($result as $index => $row) { - //build array - $array['group_permissions'][$index]['group_permission_uuid'] = $row['group_permission_uuid']; - $array['group_permissions'][$index]['group_name'] = $group_name; - } - if (is_array($array) && sizeof($array) != 0) { - //delete the group permissions - $p = new permissions; - $p->add('group_permission_delete', 'temp'); - - $database = new database; - $database->app_name = 'groups'; - $database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84'; - $database->delete($array); - unset($array); - - $p->delete('group_permission_delete', 'temp'); - } - } - unset($sql, $parameters, $result, $row); - - //delete the group - $array['groups'][0]['group_uuid'] = $group_uuid; - if (is_uuid($domain_uuid)) { - $array['groups'][0]['domain_uuid'] = $domain_uuid; - } - - $database = new database; - $database->app_name = 'groups'; - $database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84'; - $database->delete($array); - unset($array); - - //set message - message::add($text['message-delete']); - - } - unset($sql, $parameters, $row); - } - -//redirect the user - header("Location: groups.php"); - -?> diff --git a/core/groups/groupedit.php b/core/groups/groupedit.php deleted file mode 100644 index 5a347f7074..0000000000 --- a/core/groups/groupedit.php +++ /dev/null @@ -1,417 +0,0 @@ - - Portions created by the Initial Developer are Copyright (C) 2008-2019 - the Initial Developer. All Rights Reserved. - - Contributor(s): - Mark J Crane -*/ - -//includes - include "root.php"; - require_once "resources/require.php"; - require_once "resources/check_auth.php"; - -//check permissions - if (permission_exists('group_edit')) { - //access allowed - } - else { - echo "access denied"; - return; - } - -//add multi-lingual support - $language = new text; - $text = $language->get(); - -//process update - if (count($_POST) > 0) { - //set the variables - $group_uuid = $_POST['group_uuid']; - $group_name = $_POST['group_name']; - $group_name_previous = $_POST['group_name_previous']; - $domain_uuid = $_POST["domain_uuid"]; - $domain_uuid_previous = $_POST["domain_uuid_previous"]; - $group_level = $_POST["group_level"]; - $group_description = $_POST["group_description"]; - - //validate the token - $token = new token; - if (!$token->validate($_SERVER['PHP_SELF'])) { - message::add($text['message-invalid_token'],'negative'); - header('Location: groups.php'); - exit; - } - - //check for global/domain duplicates - $sql = "select count(*) from v_groups "; - $sql .= "where group_name = :group_name "; - $sql .= "and group_uuid <> :group_uuid "; - if (is_uuid($domain_uuid)) { - $sql .= "and domain_uuid = :domain_uuid "; - $parameters['domain_uuid'] = $domain_uuid; - } - else { - $sql .= "and domain_uuid is null "; - } - $parameters['group_name'] = $group_name; - $parameters['group_uuid'] = $group_uuid; - $database = new database; - $num_rows = $database->select($sql, $parameters, 'column'); - $group_exists = ($num_rows > 0) ? true : false; - unset($sql, $parameters, $num_rows); - - //update group - if (!$group_exists) { - $array['groups'][0]['group_uuid'] = $group_uuid; - $array['groups'][0]['domain_uuid'] = is_uuid($domain_uuid) ? $domain_uuid : null; - $array['groups'][0]['group_name'] = $group_name; - $array['groups'][0]['group_level'] = $group_level; - $array['groups'][0]['group_description'] = $group_description; - $database = new database; - $database->app_name = 'groups'; - $database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84'; - $database->save($array); - unset($array); - - //group changed from global to domain-specific - if (!is_uuid($domain_uuid_previous) && is_uuid($domain_uuid)) { - //remove any users assigned to the group from the old domain - $sql = "delete from v_user_groups where group_uuid = :group_uuid and domain_uuid <> :domain_uuid "; - $parameters['group_uuid'] = $group_uuid; - $parameters['domain_uuid'] = $domain_uuid; - $database = new database; - $database->app_name = 'groups'; - $database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84'; - $database->execute($sql, $parameters); - unset($sql, $parameters); - - //update permissions to use new domain uuid - $sql = "update v_group_permissions set domain_uuid = :domain_uuid where group_name = :group_name and domain_uuid is null "; - $parameters['domain_uuid'] = $domain_uuid; - $parameters['group_name'] = $group_name_previous; - $database = new database; - $database->app_name = 'groups'; - $database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84'; - $database->execute($sql, $parameters); - unset($sql, $parameters); - - //change group name - if ($group_name != $group_name_previous && $group_name != '') { - //change group name in group users - $sql = "update v_user_groups set group_name = :group_name_new where group_uuid = :group_uuid and group_name = :group_name_old "; - $parameters['group_name_new'] = $group_name; - $parameters['group_uuid'] = $group_uuid; - $parameters['group_name_old'] = $group_name_previous; - $database = new database; - $database->app_name = 'groups'; - $database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84'; - $database->execute($sql, $parameters); - unset($sql, $parameters); - - //change group name in permissions - $sql = "update v_group_permissions set group_name = :group_name_new where domain_uuid = :domain_uuid and group_name = :group_name_old "; - $parameters['group_name_new'] = $group_name; - $parameters['domain_uuid'] = $domain_uuid; - $parameters['group_name_old'] = $group_name_previous; - $database = new database; - $database->app_name = 'groups'; - $database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84'; - $database->execute($sql, $parameters); - unset($sql, $parameters); - } - } - //group changed from one domain to another - else if (is_uuid($domain_uuid_previous) && is_uuid($domain_uuid) && $domain_uuid_previous != $domain_uuid) { - //remove any users assigned to the group from the old domain - $array['user_groups'][0]['group_uuid'] = $group_uuid; - $array['user_groups'][0]['domain_uuid'] = $domain_uuid_previous; - - $p = new permissions; - $p->add('user_group_delete', 'temp'); - - $database = new database; - $database->app_name = 'groups'; - $database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84'; - $database->delete($array); - unset($array); - - $p->delete('user_group_delete', 'temp'); - //update permissions to use new domain uuid - $sql = "update v_group_permissions set domain_uuid = :domain_uuid_new where group_name = :group_name and domain_uuid = :domain_uuid_old "; - $parameters['domain_uuid_new'] = $domain_uuid; - $parameters['group_name'] = $group_name_previous; - $parameters['domain_uuid_old'] = $domain_uuid_previous; - $database = new database; - $database->app_name = 'groups'; - $database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84'; - $database->execute($sql, $parameters); - unset($sql, $parameters); - //change group name - if ($group_name != $group_name_previous && $group_name != '') { - //change group name in group users - $sql = "update v_user_groups set group_name = :group_name_new where group_uuid = :group_uuid and group_name = :group_name_old "; - $parameters['group_name_new'] = $group_name; - $parameters['group_uuid'] = $group_uuid; - $parameters['group_name_old'] = $group_name_previous; - $database = new database; - $database->app_name = 'groups'; - $database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84'; - $database->execute($sql, $parameters); - unset($sql, $parameters); - //change group name in permissions - $sql = "update v_group_permissions set group_name = :group_name_new where domain_uuid = :domain_uuid and group_name = :group_name_old "; - $parameters['group_name_new'] = $group_name; - $parameters['domain_uuid'] = $domain_uuid; - $parameters['group_name_old'] = $group_name_previous; - $database = new database; - $database->app_name = 'groups'; - $database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84'; - $database->execute($sql, $parameters); - unset($sql, $parameters); - } - } - - //group changed from domain-specific to global - else if (is_uuid($domain_uuid_previous) && !is_uuid($domain_uuid)) { - //change group name - if ($group_name != $group_name_previous && $group_name != '') { - //change group name in group users - $sql = "update v_user_groups set group_name = :group_name_new where group_uuid = :group_uuid and group_name = :group_name_old "; - $parameters['group_name_new'] = $group_name; - $parameters['group_uuid'] = $group_uuid; - $parameters['group_name_old'] = $group_name_previous; - $database = new database; - $database->app_name = 'groups'; - $database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84'; - $database->execute($sql, $parameters); - unset($sql, $parameters); - //change group name in permissions - $sql = "update v_group_permissions set group_name = :group_name_new where domain_uuid = :domain_uuid and group_name = :group_name_old "; - $parameters['group_name_new'] = $group_name; - $parameters['domain_uuid'] = $domain_uuid_previous; - $parameters['group_name_old'] = $group_name_previous; - $database = new database; - $database->app_name = 'groups'; - $database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84'; - $database->execute($sql, $parameters); - unset($sql, $parameters); - } - //update permissions to not use a domain uuid - $sql = "update v_group_permissions set domain_uuid = null where group_name = :group_name and domain_uuid = :domain_uuid "; - $parameters['group_name'] = $group_name; - $parameters['domain_uuid'] = $domain_uuid_previous; - $database = new database; - $database->app_name = 'groups'; - $database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84'; - $database->execute($sql, $parameters); - unset($sql, $parameters); - } - - //domain didn't change, but name may still - else { - //change group name - if ($group_name != $group_name_previous && $group_name != '') { - //change group name in group users - $sql = "update v_user_groups set group_name = :group_name_new where group_uuid = :group_uuid and group_name = :group_name_old "; - $parameters['group_name_new'] = $group_name; - $parameters['group_uuid'] = $group_uuid; - $parameters['group_name_old'] = $group_name_previous; - $database = new database; - $database->app_name = 'groups'; - $database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84'; - $database->execute($sql, $parameters); - unset($sql, $parameters); - //change group name in permissions - $sql = "update v_group_permissions set group_name = :group_name_new "; - if (is_uuid($domain_uuid)) { - $sql .= "where domain_uuid = :domain_uuid "; - $parameters['domain_uuid'] = $domain_uuid; - } - else { - $sql .= "where domain_uuid is null "; - } - $sql .= "and group_name = :group_name_old "; - $parameters['group_name_new'] = $group_name; - $parameters['group_name_old'] = $group_name_previous; - $database = new database; - $database->app_name = 'groups'; - $database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84'; - $database->execute($sql, $parameters); - unset($sql, $parameters); - } - } - - message::add($text['message-update']); - header("Location: groups.php"); - } - else { - message::add($text['message-group_exists'], 'negative'); - header("Location: groupedit.php?id=".$group_uuid); - } - - //redirect the user - return; - } - -//pre-populate the form - $group_uuid = $_REQUEST['id']; - if (is_uuid($group_uuid)) { - $sql = "select * from v_groups where "; - $sql .= "group_uuid = :group_uuid "; - $parameters['group_uuid'] = $group_uuid; - $database = new database; - $row = $database->select($sql, $parameters, 'row'); - if (is_array($row) && sizeof($row) != 0) { - $group_name = $row['group_name']; - $domain_uuid = $row['domain_uuid']; - $group_level = $row['group_level']; - $group_description = $row['group_description']; - } - unset($sql, $parameters, $row); - } - -//create token - $object = new token; - $token = $object->create($_SERVER['PHP_SELF']); - -//include the header - include "resources/header.php"; - $document['title'] = $text['title-group_edit']; - -//copy group javascript - echo "\n"; - -//show the content - echo "
\n"; - - echo "\n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo "
\n"; - echo " ".$text['header-group_edit']."\n"; - echo "

\n"; - echo " ".$text['description-group_edit']."\n"; - echo " 		\n"; - echo " "; - echo " "; - echo " \n"; - echo "
\n"; - echo "
"; - - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - - if (permission_exists('group_domain')) { - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - } - else { - echo ""; - } - - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - - echo "\n"; - echo "\n"; - echo "\n"; - - echo "
\n"; - echo $text['label-group_name']."\n"; - echo "\n"; - echo " \n"; - echo " \n"; - echo "
\n"; - echo " ".$text['label-domain']."\n"; - echo "\n"; - echo " \n"; - echo " \n"; - echo "
\n"; - echo $text['description-domain_name']."\n"; - echo "
\n"; - echo " ".$text['label-level']."\n"; - echo "\n"; - echo " \n"; - echo "
\n"; - echo "
\n"; - echo $text['label-group_description']."\n"; - echo "\n"; - echo " \n"; - echo "
\n"; - echo " \n"; - echo " \n"; - echo "
"; - echo " \n"; - echo "
\n"; - echo "

"; - echo "
"; - -//include the footer - include "resources/footer.php"; - -?> \ No newline at end of file diff --git a/core/groups/groups.php b/core/groups/groups.php index c86ad684b6..d364a41bd2 100644 --- a/core/groups/groups.php +++ b/core/groups/groups.php @@ -1,259 +1,266 @@ - - Portions created by the Initial Developer are Copyright (C) 2008-2017 - the Initial Developer. All Rights Reserved. - - Contributor(s): - Mark J Crane -*/ - -//includes - include "root.php"; - require_once "resources/require.php"; - require_once "resources/check_auth.php"; - -//check permissions - if (permission_exists('group_all')) { - //access allowed - } - else { - echo "access denied"; - return; - } - -//add multi-lingual support - $language = new text; - $text = $language->get(); - -//show the header - require_once "resources/header.php"; - $document['title'] = $text['title-group_manager']; - if (isset($_REQUEST["change"])) { - //get the values from the HTTP POST and save them as PHP variables - $change = $_REQUEST["change"]; - $group_uuid = $_REQUEST["group_uuid"]; - $group_name = $_REQUEST["group_name"]; - - $sql = "update v_groups set group_protected = :group_protected "; - $sql .= "where group_uuid = :group_uuid "; - if (!permission_exists('group_domain')) { - $sql .= "and ("; - $sql .= " domain_uuid = :domain_uuid "; - $sql .= " or domain_uuid is null "; - $sql .= ") "; - $parameters['domain_uuid'] = $domain_uuid; - } - $parameters['group_protected'] = $change; - $parameters['group_uuid'] = $group_uuid; - $database = new database; - $database->execute($sql, $parameters); - unset($sql, $parameters); - - message::add($text['message-update']); - } - -//get the groups - $sql = "select * from v_groups "; - if (!(permission_exists('group_all') && $_GET['show'] == 'all')) { - $sql .= "where domain_uuid = :domain_uuid "; - $sql .= "or domain_uuid is null "; - $parameters['domain_uuid'] = $domain_uuid; - } - $sql .= "order by domain_uuid desc, group_name asc "; - $database = new database; - $groups = $database->select($sql, $parameters, 'all'); - unset($sql, $parameters); - //$system_groups = array('superadmin','admin','user','public','agent'); - $system_groups = array(); - -//get group counts - $sql = "select group_uuid, count(user_uuid) as group_count from v_user_groups "; - if (!permission_exists('user_all')) { - $sql .= "where domain_uuid = :domain_uuid "; - $parameters['domain_uuid'] = $_SESSION['domain_uuid']; - } - $sql .= "group by group_uuid "; - $database = new database; - $result = $database->select($sql, $parameters, 'all'); - if (is_array($result) && sizeof($result) != 0) { - foreach ($result as $row) { - $group_counts[$row['group_uuid']] = $row['group_count']; - } - } - unset($sql, $parameters, $result, $row); - -//show the content - echo ""; - echo ""; - echo ""; - echo "\n"; - echo ""; - echo "
"; - echo " ".$text['header-group_manager'].""; - echo "

"; - echo "		"; - if (permission_exists('group_all')) { - if ($_GET['show'] != 'all') { - echo "\n"; - } - } - if (permission_exists('user_view')) { - echo " "; - } - if (permission_exists('group_edit')) { - echo " "; - } - echo "
"; - echo "
"; - -//set the row styles - $c = 0; - $row_style["0"] = "row_style0"; - $row_style["1"] = "row_style1"; - -//set the columns - $column_count = 5; - -//build the html - $html = "\n"; - $html .= "\n"; - if (permission_exists('group_all') && $_GET['show'] == 'all') { - $column_count++; - $html .= " \n"; - } - $html .= " \n"; - $html .= " \n"; - $html .= " \n"; - $html .= " \n"; - $html .= " \n"; - $html .= " \n"; - $html .= "\n"; - - $count = 0; - foreach ($groups as &$row) { - $domain_uuid = $row['domain_uuid']; - $group_uuid = $row["group_uuid"]; - $group_name = $row["group_name"]; - $group_level = $row["group_level"]; - $group_protected = $row["group_protected"]; - $group_description = $row["group_description"]; - if (strlen($group_name) == 0) { $group_name = " "; } - if (strlen($group_description) == 0) { $group_description = " "; } - $group_description = wordwrap($group_description, 50, "
\n"); - - if (!if_group("superadmin") && $group_name == "superadmin") { - //hide the superadmin group from non superadmin's - } - else { - if (permission_exists('group_edit') && !($domain_uuid == '' && in_array($group_name, $system_groups))) { - $tr_link = (permission_exists('group_edit')) ? "href='groupedit.php?id=".$group_uuid."'" : null; - } - else { - unset($tr_link); - } - $html .= "\n"; - if (permission_exists('group_all') && $_GET['show'] == 'all') { - $html .= ""; - if (strlen($_SESSION['domains'][$domain_uuid]['domain_name']) > 0) { - $domain = $_SESSION['domains'][$domain_uuid]['domain_name']; - } - else { - $domain = $text['label-global']; - } - $html .= "\n"; - } - $html .= "\n"; - - $html .= "\n"; - - $html .= "\n"; - - $html .= "\n"; - - $html .= "\n"; - $html .= "\n"; - $html .= "\n"; - } - $c = ($c) ? 0 : 1; - $count++; - } - - $html .= "\n"; - $html .= ""; - $html .= "\n"; - $html .= "\n"; - - $html .= "
".$text['label-domain']."".$text['label-group_name']."".$text['label-group_tools']."".$text['label-level']."".$text['label-group_protected']."".$text['label-group_description'].""; - if (permission_exists('group_add')) { - $html .= "".$v_link_label_add.""; - } - $html .= "
$domain"; - if (permission_exists('group_edit') && !($domain_uuid == '' && in_array($group_name, $system_groups))) { - $html .= "".(($domain_uuid == '' && $_GET['show'] != 'all') ? "".$group_name."" : $group_name).""; - } - else { - $html .= ($domain_uuid == '' && $_GET['show'] != 'all') ? "".$group_name."" : $group_name; - } - $html .= "\n"; - if (permission_exists('group_add') || if_group("superadmin")) { - $html .= "".$text['label-group_permissions']."   "; - } - if (permission_exists('group_member_view') || if_group("superadmin")) { - $html .= "".$text['label-group_members'].""; - if (sizeof($group_counts) > 0 && $group_counts[$group_uuid] > 0) { - $html .= " (".$group_counts[$group_uuid].")"; - } - } - $html .= ""; - $html .= " ".$group_level; - $html .= "\n"; - $html .= " \n"; - $html .= "".$group_description.""; - if (permission_exists('group_edit')) { - if (!($domain_uuid == '' && in_array($group_name, $system_groups))) { - $html .= "".$v_link_label_edit.""; - } - else { - $html .= "".str_replace("list_control_icon", "list_control_icon_disabled", $v_link_label_edit).""; - } - } - if (permission_exists('group_delete')) { - if (!($domain_uuid == '' && in_array($group_name, $system_groups))) { - $html .= "".$v_link_label_delete.""; - } - else { - $html .= "".str_replace("list_control_icon", "list_control_icon_disabled", $v_link_label_delete).""; - } - } - $html .= "
 "; - if (permission_exists('group_add')) { - $html .= "".$v_link_label_add.""; - } - $html .= "
\n"; - $html .= "
"; - - if ($count > 0) { - echo $html; - } - -//show the footer - require_once "resources/footer.php"; - -?> + + Portions created by the Initial Developer are Copyright (C) 2018 - 2019 + the Initial Developer. All Rights Reserved. + + Contributor(s): + Mark J Crane +*/ + +//includes + require_once "root.php"; + require_once "resources/require.php"; + require_once "resources/check_auth.php"; + require_once "resources/paging.php"; + +//check permissions + if (permission_exists('group_view')) { + //access granted + } + else { + echo "access denied"; + exit; + } + +//add multi-lingual support + $language = new text; + $text = $language->get(); + +//get the http post data + if (is_array($_POST['groups'])) { + $action = $_POST['action']; + $search = $_POST['search']; + $groups = $_POST['groups']; + } + +//process the http post data by action + if ($action != '' && is_array($groups) && @sizeof($groups) != 0) { + switch ($action) { + case 'copy': + if (permission_exists('group_add')) { + $obj = new groups; + $obj->copy($groups); + } + break; + case 'toggle': + if (permission_exists('group_edit')) { + $obj = new groups; + $obj->toggle($groups); + } + break; + case 'delete': + if (permission_exists('group_delete')) { + $obj = new groups; + $obj->delete($groups); + } + break; + } + + header('Location: groups.php'.($search != '' ? '?search='.urlencode($search) : null)); + exit; + } + +//get order and order by + $order_by = $_GET["order_by"]; + $order = $_GET["order"]; + +//add the search string + if (isset($_GET["search"])) { + $search = strtolower($_GET["search"]); + $sql_search = " ("; + $sql_search .= " lower(group_name) like :search "; + $sql_search .= " or lower(group_description) like :search "; + $sql_search .= ") "; + $parameters['search'] = '%'.$search.'%'; + } + +//get the count + $sql = "select count(*) from view_groups "; + if ($_GET['show'] == "all" && permission_exists('group_all')) { + if (isset($sql_search)) { + $sql .= "where ".$sql_search; + } + } + else { + $sql .= "where (domain_uuid = :domain_uuid or domain_uuid is null) "; + if (isset($sql_search)) { + $sql .= "and ".$sql_search; + } + $parameters['domain_uuid'] = $domain_uuid; + } + $database = new database; + $num_rows = $database->select($sql, $parameters, 'column'); + +//prepare to page the results + $rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50; + $param = $search ? "&search=".$search : null; + $param = ($_GET['show'] == 'all' && permission_exists('group_all')) ? "&show=all" : null; + $page = is_numeric($_GET['page']) ? $_GET['page'] : 0; + list($paging_controls, $rows_per_page) = paging($num_rows, $param, $rows_per_page); + list($paging_controls_mini, $rows_per_page) = paging($num_rows, $param, $rows_per_page, true); + $offset = $rows_per_page * $page; + +//get the list + $sql = str_replace('count(*)', '*', $sql); + $sql .= order_by($order_by, $order, 'group_name', 'asc'); + $sql .= limit_offset($rows_per_page, $offset); + $database = new database; + $groups = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); + +//create token + $object = new token; + $token = $object->create($_SERVER['PHP_SELF']); + +//include the header + require_once "resources/header.php"; + +//show the content + echo "
\n"; + echo "
".$text['title-groups']." (".$num_rows.")
\n"; + echo "
\n"; + if (permission_exists('group_add')) { + echo button::create(['type'=>'button','label'=>$text['button-add'],'icon'=>$_SESSION['theme']['button_icon_add'],'link'=>'group_edit.php']); + } + if (permission_exists('group_add') && $groups) { + echo button::create(['type'=>'button','label'=>$text['button-copy'],'icon'=>$_SESSION['theme']['button_icon_copy'],'onclick'=>"if (confirm('".$text['confirm-copy']."')) { list_action_set('copy'); list_form_submit('form_list'); } else { this.blur(); return false; }"]); + } + if (permission_exists('group_edit') && $groups) { + echo button::create(['type'=>'button','label'=>$text['button-toggle'],'icon'=>$_SESSION['theme']['button_icon_toggle'],'onclick'=>"if (confirm('".$text['confirm-toggle']."')) { list_action_set('toggle'); list_form_submit('form_list'); } else { this.blur(); return false; }"]); + } + if (permission_exists('group_delete') && $groups) { + echo button::create(['type'=>'button','label'=>$text['button-delete'],'icon'=>$_SESSION['theme']['button_icon_delete'],'onclick'=>"if (confirm('".$text['confirm-delete']."')) { list_action_set('delete'); list_form_submit('form_list'); } else { this.blur(); return false; }"]); + } + echo "\n"; + echo "
\n"; + echo "
\n"; + echo "
\n"; + + echo $text['description-groups']."\n"; + echo "

\n"; + + echo "
\n"; + echo "\n"; + echo "\n"; + + echo "\n"; + echo "\n"; + if (permission_exists('group_add') || permission_exists('group_edit') || permission_exists('group_delete')) { + echo " \n"; + } + if ($_GET['show'] == 'all' && permission_exists('group_all')) { + echo th_order_by('domain_name', $text['label-domain'], $order_by, $order); + } + echo th_order_by('group_name', $text['label-group_name'], $order_by, $order); + //echo "\n"; + //echo "\n"; + echo "\n"; + echo th_order_by('group_level', $text['label-group_level'], $order_by, $order); + echo th_order_by('group_protected', $text['label-group_protected'], $order_by, $order, null, "class='center'"); + echo " \n"; + if (permission_exists('group_edit') && $_SESSION['theme']['list_row_edit_button']['boolean'] == 'true') { + echo " \n"; + } + echo "\n"; + + if (is_array($groups) && @sizeof($groups) != 0) { + $x = 0; + foreach ($groups as $row) { + if (permission_exists('group_edit')) { + $list_row_url = "group_edit.php?id=".urlencode($row['group_uuid']); + } + echo "\n"; + if (permission_exists('group_add') || permission_exists('group_edit') || permission_exists('group_delete')) { + echo " \n"; + } + if ($_GET['show'] == 'all' && permission_exists('group_all')) { + echo " \n"; + } + echo " \n"; + echo " \n"; + //echo " \n"; + echo " \n"; + if (permission_exists('group_edit')) { + echo " \n"; + echo " \n"; + if (permission_exists('group_edit') && $_SESSION['theme']['list_row_edit_button']['boolean'] == 'true') { + echo " \n"; + } + echo "\n"; + $x++; + } + unset($groups); + } + + echo "
\n"; + echo " \n"; + echo " ".$text['label-group_permissions']."".$text['label-group_members']."".$text['label-tools']."".$text['label-group_description']." 
\n"; + echo " \n"; + echo " \n"; + echo " ".escape($_SESSION['domains'][$row['domain_uuid']]['domain_name'])."\n"; + if (permission_exists('group_edit')) { + echo " ".escape($row['group_name'])."\n"; + } + else { + echo " ".escape($row['group_name']); + } + echo " \n"; + echo " ".$text['label-group_permissions']."\n"; + //echo " \n"; + echo "   \n"; + echo " ".$text['label-group_members']." (".$row['group_members'].")\n"; + echo " ".escape($row['group_level'])."\n"; + echo button::create(['type'=>'submit','class'=>'link','label'=>$text['label-'.$row['group_protected']],'title'=>$text['button-toggle'],'onclick'=>"list_self_check('checkbox_".$x."'); list_action_set('toggle'); list_form_submit('form_list')"]); + } + else { + echo " \n"; + echo $text['label-'.$row['group_protected']]; + } + echo " ".escape($row['group_description'])."\n"; + echo button::create(['type'=>'button','title'=>$text['button-edit'],'icon'=>$_SESSION['theme']['button_icon_edit'],'link'=>$list_row_url]); + echo "
\n"; + echo "
\n"; + echo "
".$paging_controls."
\n"; + echo "\n"; + echo "
\n"; + +//include the footer + require_once "resources/footer.php"; + +?> \ No newline at end of file