b2evolution PHP Cross Reference Blogging Systems

Source: /inc/users/groups.ctrl.php - 282 lines - 8244 bytes - Text - Print

Description: This file is part of the evoCore framework - {@link http://evocore.net/} See also {@link http://sourceforge.net/projects/evocms/}.

   1  <?php
   2  /**
   3   * This file is part of the evoCore framework - {@link http://evocore.net/}
   4   * See also {@link http://sourceforge.net/projects/evocms/}.
   5   *
   6   * @copyright (c)2009-2014 by Francois PLANQUE - {@link http://fplanque.net/}
   7   * Parts of this file are copyright (c)2009 by The Evo Factory - {@link http://www.evofactory.com/}.
   8   *
   9   * {@internal License choice
  10   * - If you have received this file as part of a package, please find the license.txt file in
  11   *   the same folder or the closest folder above for complete license terms.
  12   * - If you have received this file individually (e-g: from http://evocms.cvs.sourceforge.net/)
  13   *   then you must choose one of the following licenses before using the file:
  14   *   - GNU General Public License 2 (GPL) - http://www.opensource.org/licenses/gpl-license.php
  15   *   - Mozilla Public License 1.1 (MPL) - http://www.opensource.org/licenses/mozilla1.1.php
  16   * }}
  17   *
  18   * {@internal Open Source relicensing agreement:
  19   * The Evo Factory grants Francois PLANQUE the right to license
  20   * The Evo Factory's contributions to this file and the b2evolution project
  21   * under any OSI approved OSS license (http://www.opensource.org/licenses/).
  22   * }}
  23   *
  24   * @package evocore
  25   *
  26   * {@internal Below is a list of authors who have contributed to design/coding of this file: }}
  27   * @author efy-bogdan: Evo Factory / Bogdan.
  28   * @author fplanque: Francois PLANQUE
  29   *
  30   * @version $Id: groups.ctrl.php 6136 2014-03-08 07:59:48Z manuel $
  31   */
  32  if( !defined('EVO_MAIN_INIT') ) die( 'Please, do not access this page directly.' );
  33  
  34  /**
  35   * @var AdminUI_general
  36   */
  37  global $AdminUI;
  38  
  39  $AdminUI->set_path( 'users', 'groups' );
  40  
  41  param_action('list');
  42  
  43  param( 'grp_ID', 'integer', NULL );        // Note: should NOT be memorized:    -- " --
  44  
  45  /**
  46   * @global boolean true, if user is only allowed to view group
  47   */
  48  $user_view_group_only = ! $current_User->check_perm( 'users', 'edit' );
  49  
  50  if( $user_view_group_only )
  51  { // User has no permissions to view: he can only edit his profile
  52  
  53      if( isset($grp_ID) )
  54      { // User is trying to edit something he should not: add error message (Should be prevented by UI)
  55          $Messages->add( T_('You have no permission to edit groups!'), 'warning' );
  56      }
  57  
  58      // Make sure the user only edits himself:
  59  
  60      //$grp_ID = NULL;
  61      if( ! in_array( $action, array( 'new', 'view') ) )
  62      {
  63          $action = 'view';
  64      }
  65  }
  66  
  67  /*
  68   * Load editable objects and set $action (while checking permissions)
  69   */
  70  
  71  $UserCache  = & get_UserCache();
  72  $GroupCache = & get_GroupCache();
  73  
  74  if( $grp_ID !== NULL )
  75  { // Group selected
  76      if( $action == 'update' && $grp_ID == 0 )
  77      { // New Group:
  78          $edited_Group = new Group();
  79      }
  80      elseif( ($edited_Group = & $GroupCache->get_by_ID( $grp_ID, false )) === false )
  81      { // We could not find the Group to edit:
  82          unset( $edited_Group );
  83          forget_param( 'grp_ID' );
  84          $Messages->add( sprintf( T_('Requested &laquo;%s&raquo; object does not exist any longer.'), T_('Group') ), 'error' );
  85          $action = 'list';
  86      }
  87      elseif( $action == 'list' )
  88      { // 'list' is default, $grp_ID given
  89          if( $current_User->check_perm( 'users', 'edit' ) )
  90          {
  91              $action = 'edit';
  92          }
  93          else
  94          {
  95              $action = 'view';
  96          }
  97      }
  98  
  99      if( $action != 'view' && $action != 'list' )
 100      { // check edit permissions
 101          if( !$current_User->check_perm( 'users', 'edit' ) )
 102          {
 103              $Messages->add( T_('You have no permission to edit groups!'), 'error' );
 104              $action = 'view';
 105          }
 106          elseif( $demo_mode && ( $edited_Group->ID <= 4 ) && ( $edited_Group->ID > 0 ) )
 107          { // Demo mode restrictions: groups created by install process cannot be edited
 108              $Messages->add( T_('You cannot edit the default groups in demo mode!'), 'error' );
 109              $action = 'view';
 110          }
 111      }
 112  }
 113  
 114  switch ( $action )
 115  {
 116      case 'new':
 117          // We want to create a new group:
 118          if( isset( $edited_Group ) )
 119          { // We want to use a template
 120              $new_Group = $edited_Group; // Copy !
 121              $new_Group->set( 'ID', 0 );
 122              $edited_Group = & $new_Group;
 123          }
 124          else
 125          { // We use an empty group:
 126              $edited_Group = new Group();
 127          }
 128  
 129          break;
 130  
 131  
 132      case 'update':
 133          // Check that this action request is not a CSRF hacked request:
 134          $Session->assert_received_crumb( 'group' );
 135  
 136          if( empty($edited_Group) || !is_object($edited_Group) )
 137          {
 138              $Messages->add( 'No group set!' ); // Needs no translation, should be prevented by UI.
 139              $action = 'list';
 140              break;
 141          }
 142  
 143          if( $edited_Group->load_from_Request() )
 144          {
 145  
 146              // check if the group name already exists for another group
 147              $query = 'SELECT grp_ID FROM T_groups
 148                         WHERE grp_name = '.$DB->quote($edited_grp_name).'
 149                           AND grp_ID != '.$edited_Group->ID;
 150              if( $q = $DB->get_var( $query ) )
 151              {
 152                  param_error( 'edited_grp_name',
 153                      sprintf( T_('This group name already exists! Do you want to <a %s>edit the existing group</a>?'),
 154                          'href="?ctrl=groups&amp;action=edit&amp;grp_ID='.$q.'"' ) );
 155              }
 156          }
 157  
 158          if( $Messages->has_errors() )
 159          {    // We have found validation errors:
 160              $action = 'edit';
 161              break;
 162          }
 163  
 164          if( $edited_Group->ID == 0 )
 165          { // Insert into the DB:
 166              $edited_Group->dbinsert();
 167              $Messages->add( T_('New group created.'), 'success' );
 168          }
 169          else
 170          { // Commit update to the DB:
 171              $edited_Group->dbupdate();
 172              $Messages->add( T_('Group updated.'), 'success' );
 173          }
 174  
 175          // Commit changes in cache:
 176          $GroupCache->add( $edited_Group );
 177  
 178          // Redirect so that a reload doesn't write to the DB twice:
 179          header_redirect( '?ctrl=groups', 303 ); // Will EXIT
 180          // We have EXITed already at this point!!
 181          break;
 182  
 183  
 184      case 'delete':
 185          /*
 186           * Delete group
 187           */
 188          // Check that this action request is not a CSRF hacked request:
 189          $Session->assert_received_crumb( 'group' );
 190  
 191          if( !isset($edited_Group) )
 192          {
 193              debug_die( 'no Group set' );
 194          }
 195  
 196          if( $edited_Group->ID == 1 )
 197          {
 198              $Messages->add( T_('You can\'t delete Group #1!'), 'error' );
 199              $action = 'view';
 200              break;
 201          }
 202          if( $edited_Group->ID == $Settings->get('newusers_grp_ID' ) )
 203          {
 204              $Messages->add( T_('You can\'t delete the default group for new users!'), 'error' );
 205              $action = 'view';
 206              break;
 207          }
 208  
 209          if( param( 'confirm', 'integer', 0 ) )
 210          { // confirmed, Delete from DB:
 211              $msg = sprintf( T_('Group &laquo;%s&raquo; deleted.'), $edited_Group->dget( 'name' ) );
 212              $edited_Group->dbdelete( $Messages );
 213              unset($edited_Group);
 214              forget_param('grp_ID');
 215              $Messages->add( $msg, 'success' );
 216  
 217              // Redirect so that a reload doesn't write to the DB twice:
 218              header_redirect( '?ctrl=groups', 303 ); // Will EXIT
 219              // We have EXITed already at this point!!
 220          }
 221          else
 222          {    // not confirmed, Check for restrictions:
 223              memorize_param( 'grp_ID', 'integer', true );
 224              if( ! $edited_Group->check_delete( sprintf( T_('Cannot delete Group &laquo;%s&raquo;'), $edited_Group->dget( 'name' ) ) ) )
 225              {    // There are restrictions:
 226                  $action = 'view';
 227              }
 228          }
 229          break;
 230  }
 231  
 232  
 233  $AdminUI->breadcrumbpath_init( false );  // fp> I'm playing with the idea of keeping the current blog in the path here...
 234  $AdminUI->breadcrumbpath_add( T_('Users'), '?ctrl=users' );
 235  $AdminUI->breadcrumbpath_add( T_('User groups'), '?ctrl=groups' );
 236  if( !empty( $edited_Group ) )
 237  {
 238      if( $edited_Group->ID > 0 )
 239      {    // Edit group
 240          $AdminUI->breadcrumbpath_add( $edited_Group->dget('name'), '?ctrl=groups&amp;action=edit&amp;grp_ID='.$edited_Group->ID );
 241      }
 242      else
 243      {    // New group
 244          $AdminUI->breadcrumbpath_add( $edited_Group->dget('name'), '?ctrl=groups&amp;action=new' );
 245      }
 246  }
 247  
 248  // Display <html><head>...</head> section! (Note: should be done early if actions do not redirect)
 249  $AdminUI->disp_html_head();
 250  
 251  // Display title, menu, messages, etc. (Note: messages MUST be displayed AFTER the actions)
 252  $AdminUI->disp_body_top();
 253  
 254  // Begin payload block:
 255  $AdminUI->disp_payload_begin();
 256  
 257  // Display VIEW:
 258  switch( $action )
 259  {
 260      case 'new':
 261      case 'edit':
 262          $AdminUI->disp_view( 'users/views/_group.form.php' );
 263          break;
 264      case 'nil':
 265          // Do nothing
 266          break;
 267      case 'delete':
 268              // We need to ask for confirmation:
 269              $edited_Group->confirm_delete(
 270                      sprintf( T_('Delete group &laquo;%s&raquo;?'), $edited_Group->dget( 'name' ) ),
 271                      'group', $action, get_memorized( 'action' ) );
 272      default:
 273          $AdminUI->disp_view( 'users/views/_group.view.php' );
 274  }
 275  
 276  // End payload block:
 277  $AdminUI->disp_payload_end();
 278  
 279  // Display body bottom, debug info and close </html>:
 280  $AdminUI->disp_global_footer();
 281  
 282  ?>

title

Description

title

Description

title

Description

title

title

Body