lang; $imageurl = Yii::app()->getConfig('adminimageurl'); if(Permission::model()->hasSurveyPermission($surveyid,'surveysecurity','read')) { $aBaseSurveyPermissions=Permission::model()->getSurveyBasePermissions(); $userList=getUserList('onlyuidarray'); // Limit the user list for the samegrouppolicy App()->getClientScript()->registerPackage('jquery-tablesorter'); App()->getClientScript()->registerScriptFile(Yii::app()->getConfig('adminscripts') . "surveypermissions.js"); $surveysecurity ="
".$clang->gT("Survey permissions")."
\n"; $result2 = Permission::model()->getUserDetails($surveyid); if(count($result2) > 0) { $surveysecurity = "" . "" . "\n" . "\n" . "\n" . "\n" . "\n"; foreach ($aBaseSurveyPermissions as $sPermission=>$aSubPermissions ) { $surveysecurity.="\n"; } $surveysecurity .= "\n"; // Foot first if (Yii::app()->getConfig('usercontrolSameGroupPolicy') == true) { $authorizedGroupsList = getUserGroupList(NULL,'simplegidarray'); } $surveysecurity .= "\n"; $row = 0; foreach ($result2 as $PermissionRow) { if(in_array($PermissionRow['uid'],$userList)) { $result3 = UserInGroup::model()->with('users')->findAll('users.uid = :uid',array(':uid' => $PermissionRow['uid'])); foreach ($result3 as $resul3row) { if (Yii::app()->getConfig('usercontrolSameGroupPolicy') == false || in_array($resul3row->ugid,$authorizedGroupsList)) { $group_ids[] = $resul3row->ugid; } } if(isset($group_ids) && $group_ids[0] != NULL) { $group_ids_query = implode(",", $group_ids); unset($group_ids); $result4 = UserGroup::model()->findAll("ugid IN ($group_ids_query)"); foreach ($result4 as $resul4row) { $group_names[] = $resul4row->name; } if(count($group_names) > 0) $group_names_query = implode(", ", $group_names); } // else {break;} //TODO Commented by lemeur $surveysecurity .= "\n"; $surveysecurity .= "\n"; $surveysecurity .= "\n" . "\n" . "\n"; //Now show the permissions foreach ($aBaseSurveyPermissions as $sPKey=>$aPDetails) { unset($aPDetails['img']); unset($aPDetails['description']); unset($aPDetails['title']); $iCount=0; $iPermissionCount=0; foreach ($aPDetails as $sPDetailKey=>$sPDetailValue) { if ($sPDetailValue && Permission::model()->hasSurveyPermission($surveyid,$sPKey,$sPDetailKey,$PermissionRow['uid']) && !($sPKey=='survey' && $sPDetailKey=='read')) $iCount++; if ($sPDetailValue) $iPermissionCount++; } if ($sPKey=='survey') $iPermissionCount--; if ($iCount==$iPermissionCount) { $insert = "
 
"; } elseif ($iCount>0){ $insert = "
 
"; } else { $insert = "
 
"; } $surveysecurity .= "\n"; } $surveysecurity .= "\n"; $row++; } } $surveysecurity .= "\n" . "
".$clang->gT("Action")."".$clang->gT("Username")."".$clang->gT("User group")."".$clang->gT("Full name")."\"<span".$aSubPermissions['title']."
".$aSubPermissions['description']."\" />
\n"; if(Permission::model()->hasSurveyPermission($surveyid,'surveysecurity','update')) { if($PermissionRow['uid']!=Yii::app()->user->getId() || Permission::model()->hasGlobalPermission('superadmin','read')) // Can not update own security { $surveysecurity .= CHtml::form(array("admin/surveypermission/sa/set/surveyid/{$surveyid}"), 'post', array('style'=>"display:inline;")) ."" ."" ."" ."" ."\n"; } } if(Permission::model()->hasSurveyPermission($surveyid,'surveysecurity','delete')) { $surveysecurity .= CHtml::form(array("admin/surveypermission/sa/delete/surveyid/{$surveyid}"), 'post', array('style'=>"display:inline;")) ."" ."" ."" ."" .""; } $surveysecurity .= "{$PermissionRow['users_name']}"; if(isset($group_names) > 0) { $surveysecurity .= $group_names_query; } else { $surveysecurity .= "---"; } unset($group_names); $surveysecurity .= "\n{$PermissionRow['full_name']}\n$insert\n
\n"; } else { } if(Permission::model()->hasSurveyPermission($surveyid,'surveysecurity','create')) { $surveysecurity .= CHtml::form(array("admin/surveypermission/sa/adduser/surveyid/{$surveyid}"), 'post', array('class'=>"form44"))."\n"; $surveysecurity .= CHtml::form(array("admin/surveypermission/sa/addusergroup/surveyid/{$surveyid}"), 'post', array('class'=>"form44")).""; } $aViewUrls['output'] = $surveysecurity; } else { $this->getController()->error('Access denied'); } $this->_renderWrappedTemplate('authentication', $aViewUrls, $aData); } /** * surveypermission::addusergroup() * Function responsible to add usergroup. * @param mixed $surveyid * @return void */ function addusergroup($surveyid) { $aData['surveyid'] = $surveyid = sanitize_int($surveyid); $aViewUrls = array(); $action = $_POST['action']; $clang = Yii::app()->lang; $imageurl = Yii::app()->getConfig('imageurl'); $postusergroupid = !empty($_POST['ugid']) ? $_POST['ugid'] : false; if($action == "addusergroupsurveysecurity") { $addsummary = "
".$clang->gT("Add user group")."
\n"; $addsummary .= "
\n"; $result = Survey::model()->findAll('sid = :surveyid AND owner_id = :owner_id',array(':surveyid' => $surveyid, ':owner_id' => Yii::app()->session['loginID'])); if( Permission::model()->hasSurveyPermission($surveyid, 'surveysecurity', 'create') && in_array($postusergroupid,getSurveyUserGroupList('simpleugidarray',$surveyid)) ) { if($postusergroupid > 0){ $result2 = User::model()->getCommonUID($surveyid, $postusergroupid); //Checked $result2 = $result2->readAll(); if(count($result2) > 0) { foreach ($result2 as $row2 ) { $uid_arr[] = $row2['uid']; $isrresult = Permission::model()->insertSomeRecords(array('entity_id' => $surveyid, 'entity'=>'survey', 'uid' => $row2['uid'], 'permission' => 'survey', 'read_p' => 1)); if (!$isrresult) break; } if($isrresult) { $addsummary .= "
".$clang->gT("User group added.")."
\n"; Yii::app()->session['uids'] = $uid_arr; $addsummary .= "
" .CHtml::form(array("admin/surveypermission/sa/set/surveyid/{$surveyid}"), 'post') ."" ."" ."" ."\n"; } else { // Error while adding user to the database $addsummary .= "
".$clang->gT("Failed to add user group.")."
\n"; $addsummary .= "
getController()->createUrl('admin/surveypermission/sa/view/surveyid/'.$surveyid)."', '_top')\" value=\"".$clang->gT("Continue")."\"/>\n"; } } else { // no user to add $addsummary .= "
".$clang->gT("Failed to add user group.")."
\n"; $addsummary .= "
getController()->createUrl('admin/surveypermission/sa/view/surveyid/'.$surveyid)."', '_top')\" value=\"".$clang->gT("Continue")."\"/>\n"; } } else { $addsummary .= "
".$clang->gT("Failed to add user.")."
\n" . "
" . $clang->gT("No Username selected.")."
\n"; $addsummary .= "
getController()->createUrl('admin/surveypermission/sa/view/surveyid/'.$surveyid)."', '_top')\" value=\"".$clang->gT("Continue")."\"/>\n"; } } else { $this->getController()->error('Access denied'); } $addsummary .= "
\n"; $aViewUrls['output'] = $addsummary; } $this->_renderWrappedTemplate('authentication', $aViewUrls, $aData); } /** * surveypermission::adduser() * Function responsible to add user. * @param mixed $surveyid * @return void */ function adduser($surveyid) { $aData['surveyid'] = $surveyid = sanitize_int($surveyid); $aViewUrls = array(); $action = $_POST['action']; $clang = Yii::app()->lang; $imageurl = Yii::app()->getConfig('imageurl'); $postuserid = $_POST['uid']; if($action == "addsurveysecurity") { $addsummary = "
".$clang->gT("Add user")."
\n"; $addsummary .= "
\n"; $result = Survey::model()->findAll('sid = :sid AND owner_id = :owner_id AND owner_id != :postuserid',array(':sid' => $surveyid, ':owner_id' => Yii::app()->session['loginID'], ':postuserid' => $postuserid)); if( Permission::model()->hasSurveyPermission($surveyid, 'surveysecurity', 'create') && in_array($postuserid,getUserList('onlyuidarray')) ) { if($postuserid > 0){ $isrresult = Permission::model()->insertSomeRecords(array('entity_id' => $surveyid, 'entity'=>'survey', 'uid' => $postuserid, 'permission' => 'survey', 'read_p' => 1)); if($isrresult) { $addsummary .= "
".$clang->gT("User added.")."
\n"; $addsummary .= "
" .CHtml::form(array("admin/surveypermission/sa/set/surveyid/{$surveyid}"), 'post') ."" ."" ."" ."\n"; } else { // Username already exists. $addsummary .= "
".$clang->gT("Failed to add user.")."
\n" . "
" . $clang->gT("Username already exists.")."
\n"; $addsummary .= "
getController()->createUrl('admin/surveypermission/sa/view/surveyid/'.$surveyid)."', '_top')\" value=\"".$clang->gT("Continue")."\"/>\n"; } } else { $addsummary .= "
".$clang->gT("Failed to add user.")."
\n" . "
" . $clang->gT("No Username selected.")."
\n"; $addsummary .= "
getController()->createUrl('admin/surveypermission/sa/view/surveyid/'.$surveyid)."', '_top')\" value=\"".$clang->gT("Continue")."\"/>\n"; } } else { $this->getController()->error('Access denied'); } $addsummary .= "
\n"; $aViewUrls['output'] = $addsummary; } $this->_renderWrappedTemplate('authentication', $aViewUrls, $aData); } /** * surveypermission::set() * Function responsible to set permissions to a user/usergroup. * @param mixed $surveyid * @return void */ function set($surveyid) { $aData['surveyid'] = $surveyid = sanitize_int($surveyid); $aViewUrls = array(); $action = $_POST['action']; $clang = Yii::app()->lang; $imageurl = Yii::app()->getConfig('adminimageurl'); $postuserid = !empty($_POST['uid']) ? $_POST['uid'] : null; $postusergroupid = !empty($_POST['ugid']) ? $_POST['ugid'] : null; if($action == "setsurveysecurity") { if ( (!Permission::model()->hasGlobalPermission('superadmin','read') && Yii::app()->user->getId()==$postuserid) // User can not change own security (except superadmin) || !in_array($postuserid,getUserList('onlyuidarray')) // User can not set user security if it can not see it ) { $this->getController()->error('Access denied'); } } elseif( $action == "setusergroupsurveysecurity" ) { if ( !Permission::model()->hasGlobalPermission('superadmin','read') && !in_array($postusergroupid,getUserList('onlyuidarray')) ) // User can not change own security (except for superadmin ?) { $this->getController()->error('Access denied'); } } else { Yii::app()->request->redirect(Yii::app()->getController()->createUrl('admin/surveypermission/sa/view', array('surveyid'=>$surveyid))); //$this->getController()->error('Unknow action'); } if( Permission::model()->hasSurveyPermission($surveyid, 'surveysecurity', 'update') ) { App()->getClientScript()->registerPackage('jquery-tablesorter'); App()->getClientScript()->registerScriptFile(Yii::app()->getConfig('adminscripts') . "surveypermissions.js"); if ($action == "setsurveysecurity") { $query = "select users_name from {{users}} where uid=:uid"; $resrow = Yii::app()->db->createCommand($query)->bindParam(":uid", $postuserid, PDO::PARAM_INT)->queryRow(); $sUsername=$resrow['users_name']; $usersummary = "
".sprintf($clang->gT("Edit survey permissions for user %s"),"".$sUsername."")."
"; } else { $resrow = UserGroup::model()->find('ugid = :ugid',array(':ugid' => $postusergroupid)); $sUsergroupName=$resrow['name']; $usersummary = "
".sprintf($clang->gT("Edit survey permissions for group %s"),"".$sUsergroupName."")."
"; } $usersummary .= "
" .CHtml::form(array("admin/surveypermission/sa/surveyright/surveyid/{$surveyid}"), 'post') . "\n"; $usersummary .= "" . "\n" . "\n" . "\n" . "\n" . "\n" . "\n" . "\n" . "\n" . "\n"; //content $aBasePermissions=Permission::model()->getSurveyBasePermissions(); $oddcolumn=false; foreach($aBasePermissions as $sPermissionKey=>$aCRUDPermissions) { $oddcolumn=!$oddcolumn; $usersummary .= ""; $usersummary .= ""; $usersummary .= ""; foreach ($aCRUDPermissions as $sCRUDKey=>$CRUDValue) { if (!in_array($sCRUDKey,array('create','read','update','delete','import','export'))) continue; $usersummary .= ""; } $usersummary .= ""; } $usersummary .= "\n
".$clang->gT("Permission")."".$clang->gT("Create")."".$clang->gT("View/read")."".$clang->gT("Update")."".$clang->gT("Delete")."".$clang->gT("Import")."".$clang->gT("Export")."
{$aCRUDPermissions[{$aCRUDPermissions['title']}"; if ($CRUDValue) { if (!($sPermissionKey=='survey' && $sCRUDKey=='read')) { $usersummary .= "hasSurveyPermission( $surveyid,$sPermissionKey,$sCRUDKey,$postuserid)) { $usersummary .= ' checked="checked" '; } $usersummary .=" />"; } } $usersummary .= "
" ."

" ."" .""; if ($action=='setsurveysecurity') { $usersummary .=""; } else { $usersummary .=""; } $usersummary .= "\n"; $aViewUrls['output'] = $usersummary; } else { $this->getController()->error('Access denied'); } $this->_renderWrappedTemplate('authentication', $aViewUrls, $aData); } /** * surveypermission::delete() * Function responsible to delete a user/usergroup. * @param mixed $surveyid * @return void */ function delete($surveyid) { $aData['surveyid'] = $surveyid = sanitize_int($surveyid); $aViewUrls = array(); $action = $_POST['action']; $clang = Yii::app()->lang; $imageurl = Yii::app()->getConfig('imageurl'); $postuserid = !empty($_POST['uid']) ? $_POST['uid'] : false; $postusergroupid = !empty($_POST['gid']) ? $_POST['gid'] : false;// Not used if($postuserid && !in_array($postuserid,getUserList('onlyuidarray'))) { $this->getController()->error('Access denied'); } elseif( $postusergroupid && !in_array($postusergroupid,getUserList('onlyuidarray'))) { $this->getController()->error('Access denied'); } if($action == "delsurveysecurity") { $addsummary = "

".$clang->gT("Deleting User")."
\n"; $addsummary .= "
\n"; if( Permission::model()->hasSurveyPermission($surveyid, 'surveysecurity', 'delete') ) { if (isset($postuserid)) { $dbresult = Permission::model()->deleteAll('uid = :uid AND entity_id = :sid AND entity = :entity',array(':uid' => $postuserid, ':sid' => $surveyid, ':entity' => 'survey')); $addsummary .= "
".$clang->gT("Username").": ".sanitize_xss_string($_POST['user'])."

\n"; $addsummary .= "
".$clang->gT("Success!")."
\n"; } else { $addsummary .= "
".$clang->gT("Could not delete user. User was not supplied.")."
\n"; } $addsummary .= "
getController()->createUrl('admin/surveypermission/sa/view/surveyid/'.$surveyid)."', '_top')\" value=\"".$clang->gT("Continue")."\"/>\n"; } else { $this->getController()->error('Access denied'); } $addsummary .= "
\n"; $aViewUrls['output'] = $addsummary; } $this->_renderWrappedTemplate('authentication', $aViewUrls, $aData); } /** * surveypermission::surveyright() * Function responsible to process setting of permission of a user/usergroup. * @param mixed $surveyid * @return void */ function surveyright($surveyid) { $aData['surveyid'] = $surveyid = sanitize_int($surveyid); $aViewUrls = array(); $action = $_POST['action']; $clang = Yii::app()->lang; $imageurl = Yii::app()->getConfig('imageurl'); $postuserid = !empty($_POST['uid']) ? $_POST['uid'] : false; $postusergroupid = !empty($_POST['ugid']) ? $_POST['ugid'] : false; if($postuserid && !in_array($postuserid,getUserList('onlyuidarray'))) { $this->getController()->error('Access denied'); } elseif( $postusergroupid && !in_array($postusergroupid,getUserGroupList(null, 'simplegidarray'))) { $this->getController()->error('Access denied'); } if ($action == "surveyrights" && Permission::model()->hasSurveyPermission($surveyid, 'surveysecurity', 'update')) { $addsummary = "
".$clang->gT("Edit survey permissions")."
\n"; $addsummary .= "
\n"; $where = ' '; if($postuserid){ if (!Permission::model()->hasGlobalPermission('superadmin','read')) { $where .= "sid = :surveyid AND owner_id != :postuserid AND owner_id = :owner_id"; $resrow = Survey::model()->find($where,array(':surveyid' => $surveyid, ':owner_id' => Yii::app()->session['loginID'], ':postuserid' => $postuserid)); } } else{ $where .= "sid = :sid"; $resrow = Survey::model()->find($where,array(':sid' => $surveyid)); $iOwnerID=$resrow['owner_id']; } $aBaseSurveyPermissions = Permission::model()->getSurveyBasePermissions(); $aPermissions=array(); foreach ($aBaseSurveyPermissions as $sPermissionKey=>$aCRUDPermissions) { foreach ($aCRUDPermissions as $sCRUDKey=>$CRUDValue) { if (!in_array($sCRUDKey,array('create','read','update','delete','import','export'))) continue; if ($CRUDValue) { if(isset($_POST["perm_{$sPermissionKey}_{$sCRUDKey}"])){ $aPermissions[$sPermissionKey][$sCRUDKey]=1; } else { $aPermissions[$sPermissionKey][$sCRUDKey]=0; } } } } if (isset($postusergroupid) && $postusergroupid>0) { $oResult = UserInGroup::model()->findAll('ugid = :ugid AND uid <> :uid AND uid <> :iOwnerID',array(':ugid' => $postusergroupid, ':uid' => Yii::app()->session['loginID'], ':iOwnerID' => $iOwnerID)); if(count($oResult) > 0) { foreach ($oResult as $aRow) { Permission::model()->setPermissions($aRow->uid, $surveyid, 'survey', $aPermissions); } $addsummary .= "
".$clang->gT("Survey permissions for all users in this group were successfully updated.")."
\n"; } } else { if (Permission::model()->setPermissions($postuserid, $surveyid, 'survey', $aPermissions)) { $addsummary .= "
".$clang->gT("Survey permissions were successfully updated.")."
\n"; } else { $addsummary .= "
".$clang->gT("Failed to update survey permissions!")."
\n"; } } $addsummary .= "
getController()->createUrl('admin/surveypermission/sa/view/surveyid/'.$surveyid)."', '_top')\" value=\"".$clang->gT("Continue")."\"/>\n"; $addsummary .= "
\n"; $aViewUrls['output'] = $addsummary; } else { $this->getController()->error('Access denied'); } $this->_renderWrappedTemplate('authentication', $aViewUrls, $aData); } /** * Renders template(s) wrapped in header and footer * * @param string $sAction Current action, the folder to fetch views from * @param string|array $aViewUrls View url(s) * @param array $aData Data to be passed on. Optional. */ protected function _renderWrappedTemplate($sAction = 'authentication', $aViewUrls = array(), $aData = array()) { App()->getClientScript()->registerPackage('jquery-superfish'); parent::_renderWrappedTemplate($sAction, $aViewUrls, $aData); } }