Back to index

awl  0.53
User.php
Go to the documentation of this file.
00001 <?php
00011 require_once("AWLUtilities.php");
00012 
00016 require_once("Session.php");
00017 
00021 require_once("DataEntry.php");
00022 
00026 require_once("DataUpdate.php");
00027 
00034 class User extends DBRecord {
00042   var $user_no;
00043 
00048   var $prefix;
00049 
00057   function User( $id , $prefix = "") {
00058     global $session;
00059 
00060     // Call the parent constructor
00061     $this->DBRecord();
00062 
00063     $this->prefix = $prefix;
00064 
00065     $this->user_no = 0;
00066     $keys = array();
00067 
00068     $id = intval("$id");
00069     if ( $id > 0 ) {
00070       // Initialise
00071       $keys['user_no'] = $id;
00072       $this->user_no = $id;
00073     }
00074 
00075     // Initialise the record, possibly from the file.
00076     $this->Initialise('usr',$keys);
00077     $this->Read();
00078     $this->GetRoles();
00079 
00080     $this->EditMode = ( (isset($_GET['edit']) && $_GET['edit'] && $this->AllowedTo($this->WriteType))
00081                     || (0 == $this->user_no && $this->AllowedTo("insert") ) );
00082 
00083     if ( $this->user_no == 0 ) {
00084       dbg_error_log("User", "Initialising new user values");
00085 
00086       // Initialise to standard default values
00087       $this->active = true;
00088 
00089     }
00090   }
00091 
00092 
00098   function AllowedTo ( $whatever )
00099   {
00100     global $session;
00101 
00102     $rc = false;
00103 
00107     if ( $session->AllowedTo("Admin") ) {
00108       $rc = true;
00109       dbg_error_log("User",":AllowedTo: Admin is always allowed to %s", $whatever );
00110       return $rc;
00111     }
00112 
00113     switch( strtolower($whatever) ) {
00114 
00115       case 'view':
00116         $rc = ( $this->user_no > 0 && $session->user_no == $this->user_no );
00117         break;
00118 
00119       case 'update':
00120         $rc = ( $this->user_no > 0 && $session->user_no == $this->user_no );
00121         break;
00122 
00123       case 'changepassword':
00124         $rc = ( ($this->user_no > 0 && $session->user_no == $this->user_no)
00125                 || ("insert" == $this->WriteType) );
00126         break;
00127 
00128       case 'changeusername':  // Administrator only
00129       case 'changeactive':    // Administrator only
00130       case 'admin':
00131 
00132       case 'create':
00133 
00134       case 'insert':
00135         $rc = false;
00136         break;
00137 
00138       default:
00139         $rc = ( isset($session->roles[$whatever]) && $session->roles[$whatever] );
00140     }
00141     dbg_error_log("User",":AllowedTo: %s is%s allowed to %s", (isset($this->username)?$this->username:null), ($rc?"":" not"), $whatever );
00142     return $rc;
00143   }
00144 
00145 
00149   function GetRoles () {
00150     $this->roles = array();
00151     $qry = new AwlQuery( 'SELECT role_name FROM role_member JOIN roles USING (role_no) WHERE user_no = ? ', $this->user_no );
00152     if ( $qry->Exec("User") && $qry->rows() > 0 ) {
00153       while( $role = $qry->Fetch() ) {
00154         $this->roles[$role->role_name] = 't';
00155       }
00156     }
00157   }
00158 
00159 
00164   function Render( ) {
00165     $html = "";
00166     dbg_error_log("User", ":Render: type=$this->WriteType, edit_mode=$this->EditMode" );
00167 
00168     $ef = new EntryForm( $REQUEST_URI, $this->Values, $this->EditMode );
00169     $ef->NoHelp();  // Prefer this style, for the moment
00170 
00171     if ( $ef->EditMode ) {
00172       $html .= $ef->StartForm( array("autocomplete" => "off" ) );
00173       if ( $this->user_no > 0 ) $html .= $ef->HiddenField( "user_no", $this->user_no );
00174     }
00175 
00176     $html .= "<table width=\"100%\" class=\"data\" cellspacing=\"0\" cellpadding=\"0\">\n";
00177 
00178     $html .= $this->RenderFields($ef);
00179     $html .= $this->RenderRoles($ef);
00180 
00181     $html .= "</table>\n";
00182     if ( $ef->EditMode ) {
00183       $html .= '<div id="footer">';
00184       $html .= $ef->SubmitButton( "submit", (("insert" == $this->WriteType) ? translate("Create") : translate("Update")) );
00185       $html .= '</div>';
00186       $html .= $ef->EndForm();
00187     }
00188 
00189     return $html;
00190   }
00191 
00198   function RenderFields($ef , $title = null ) {
00199     global $session, $c;
00200 
00201     if ( $title == null ) $title = i18n("User Details");
00202     $html = ( $title == "" ? "" : $ef->BreakLine(translate($title)) );
00203 
00204     if ( $this->AllowedTo('ChangeUsername') ) {
00205       $html .= $ef->DataEntryLine( translate("User Name"), "%s", "text", "username",
00206               array( "size" => 20, "title" => translate("The name this user can log into the system with.")), $this->prefix );
00207     }
00208     else {
00209       $html .= $ef->DataEntryLine( translate("User Name"), $this->Get('username') );
00210     }
00211     if ( $ef->EditMode && $this->AllowedTo('ChangePassword') ) {
00212       $this->Set('new_password','******');
00213       unset($_POST['new_password']);
00214       $html .= $ef->DataEntryLine( translate("New Password"), "%s", "password", "new_password",
00215                 array( "size" => 20, "title" => translate("The user's password for logging in.")), $this->prefix );
00216       $this->Set('confirm_password', '******');
00217       unset($_POST['confirm_password']);
00218       $html .= $ef->DataEntryLine( translate("Confirm"), "%s", "password", "confirm_password",
00219                 array( "size" => 20, "title" => translate("Confirm the new password.")), $this->prefix );
00220     }
00221 
00222     $html .= $ef->DataEntryLine( translate("Full Name"), "%s", "text", "fullname",
00223               array( "size" => 50, "title" => translate("The user's full name.")), $this->prefix );
00224 
00225     $html .= $ef->DataEntryLine( translate("EMail"), "%s", "text", "email",
00226               array( "size" => 50, "title" => translate("The user's e-mail address.")), $this->prefix );
00227 
00228     if ( $this->AllowedTo('ChangeActive') ) {
00229       $html .= $ef->DataEntryLine( translate("Active"), ($this->Get('active') == 't'? translate('Yes') : translate('No')), "checkbox", "active",
00230                 array( "_label" => translate("User is active"),
00231                       "title" => translate("Is this user active?")), $this->prefix );
00232     }
00233     else {
00234       $html .= $ef->DataEntryLine( translate("Active"), ($this->Get('active') == 't'? translate('Yes') : translate('No')) );
00235     }
00236 
00237     $html .= $ef->DataEntryLine( translate("Date Style"), ($this->Get('date_format_type') == 'E' ? 'European' : ($this->Get('date_format_type') == 'U' ? 'US of A' : 'ISO 8861')),
00238                      "select", "date_format_type",
00239                      array( "title" => translate("The style of dates used for this person."),
00240                        "_E" => translate("European (d/m/y)"), "_U" => translate("United States of America (m/d/y)"), "_I" => translate("ISO Format (YYYY-MM-DD)") ),
00241                      $this->prefix );
00242 
00243     if ( isset($c->default_locale) ) {
00244       if ( $this->Get('locale') == '' ) {
00245         $this->Set('locale',$c->default_locale);
00246       }
00247       $html .= $ef->DataEntryLine( translate("Language"), "%s", "lookup", "locale",
00248                       array( "title" => translate("The preferred language for this person."),
00249                         "_sql" => "SELECT locale, locale_name_locale FROM supported_locales ORDER BY locale ASC;" ),
00250                       $this->prefix );
00251     }
00252 
00253     $html .= $ef->DataEntryLine( translate("EMail OK"), $session->FormattedDate($this->Get('email_ok'),'timestamp'), "timestamp", "email_ok",
00254               array( "title" => translate("When the user's e-mail account was validated.")), $this->prefix );
00255 
00256     $html .= $ef->DataEntryLine( translate("Joined"), $session->FormattedDate($this->Get('joined'),'timestamp') );
00257     $html .= $ef->DataEntryLine( translate("Updated"), $session->FormattedDate($this->Get('updated'),'timestamp') );
00258     $html .= $ef->DataEntryLine( translate("Last used"), $session->FormattedDate($this->Get('last_used'),'timestamp') );
00259 
00260     return $html;
00261   }
00262 
00263 
00269   function RenderRoles( $ef, $title = null ) {
00270     global $session;
00271     $html = "";
00272 
00273     if ( $title == null ) $title = i18n("User Roles");
00274     $html = ( $title == "" ? "" : $ef->BreakLine(translate($title)) );
00275 
00276     $html .= '<tr><th class="prompt">'.translate("User Roles").'</th><td class="entry">';
00277     if ( $ef->EditMode ) {
00278       $sql = "SELECT role_name FROM roles ";
00279       if ( ! ($session->AllowedTo('Admin') ) ) {
00280         $sql .= "NATURAL JOIN role_member WHERE user_no=$session->user_no ";
00281       }
00282       $sql .= "ORDER BY roles.role_no";
00283 
00284       $ef->record->roles = array();
00285 
00286       // Select the records
00287       $q = new AwlQuery($sql);
00288       if ( $q && $q->Exec("User") && $q->rows() ) {
00289         $i=0;
00290         while( $row = $q->Fetch() ) {
00291           @dbg_error_log("User", ":RenderRoles: Is a member of '%s': %s", $row->role_name, $this->roles[$row->role_name] );
00292           $ef->record->roles[$row->role_name] = ( isset($this->roles[$row->role_name]) ? $this->roles[$row->role_name] : 'f');
00293           $html .= $ef->DataEntryField( "", "checkbox", "roles[$row->role_name]",
00294                           array("title" => translate("Does the user have the right to perform this role?"),
00295                                     "_label" => translate($row->role_name) ) );
00296         }
00297       }
00298     }
00299     else {
00300       $i = 0;
00301       foreach( $this->roles AS $k => $v ) {
00302         if ( $i++ > 0 ) $html .= ", ";
00303         $html .= $k;
00304       }
00305     }
00306     $html .= '</td></tr>'."\n";
00307 
00308     return $html;
00309   }
00310 
00315   function Validate( ) {
00316     global $session, $c;
00317     dbg_error_log("User", ":Validate: Validating user");
00318 
00319     $valid = true;
00320 
00321     if ( $this->Get('fullname') == "" ) {
00322       $c->messages[] = i18n('ERROR: The full name may not be blank.');
00323       $valid = false;
00324     }
00325 
00326     // Password changing is a little special...
00327     unset($_POST['password']);
00328     if ( $_POST['new_password'] != "******" && $_POST['new_password'] != ""  ) {
00329       if ( $_POST['new_password'] == $_POST['confirm_password'] ) {
00330         $this->Set('password',$_POST['new_password']);
00331       }
00332       else {
00333         $c->messages[] = i18n('ERROR: The new password must match the confirmed password.');
00334         $valid = false;
00335       }
00336     }
00337     else {
00338       $this->Undefine('password');
00339     }
00340 
00341     dbg_error_log("User", ":Validate: User %s validation", ($valid ? "passed" : "failed"));
00342     return $valid;
00343   }
00344 
00349   function Write() {
00350     global $c, $session;
00351     if ( parent::Write() ) {
00352       $c->messages[] = i18n('User record written.');
00353       if ( $this->WriteType == 'insert' ) {
00354         $qry = new AwlQuery( "SELECT currval('usr_user_no_seq');" );
00355         $qry->Exec("User::Write");
00356         $sequence_value = $qry->Fetch(true);  // Fetch as an array
00357         $this->user_no = $sequence_value[0];
00358       }
00359       else {
00360         if ( $this->user_no == $session->user_no && $this->Get("date_format_type") != $session->date_format_type ) {
00361           // Ensure we match the date style setting
00362           $session->date_format_type = $this->Get("date_format_type");
00363           unset($_POST['email_ok']);
00364           $qry = new AwlQuery( "SET DATESTYLE TO ?;", ($this->Get("date_format_type") == 'E' ? 'European,ISO' : ($this->Get("date_format_type") == 'U' ? 'US,ISO' : 'ISO')) );
00365           $qry->Exec();
00366         }
00367       }
00368       return $this->WriteRoles();
00369     }
00370     return false;
00371   }
00372 
00377   function WriteRoles() {
00378     global $c, $session;
00379 
00380     if ( isset($_POST['roles']) && is_array($_POST['roles']) ) {
00381       $roles = "";
00382       $params = array();
00383       foreach( $_POST['roles'] AS $k => $v ) {
00384         if ( $v && $v != "off" ) {
00385           $roles .= ( $roles == '' ? '' : ', ' );
00386           $roles .= AwlQuery::quote($k);
00387         }
00388       }
00389       $qry = new AwlQuery();
00390       if ( $roles == '' )
00391         $succeeded = $qry->QDo('DELETE FROM role_member WHERE user_no = '.$this->user_no);
00392       else {
00393         $succeeded = $qry->Begin();
00394         $sql = 'DELETE FROM role_member WHERE user_no = '.$this->user_no;
00395         $sql .= ' AND role_no NOT IN (SELECT role_no FROM roles WHERE role_name IN ('.$roles.') )';
00396         if ( $succeeded ) $succeeded = $qry->QDo($sql);
00397         $sql = 'INSERT INTO role_member (role_no, user_no)';
00398         $sql .= ' SELECT role_no, '.$this->user_no.' FROM roles WHERE role_name IN ('.$roles.')';
00399         $sql .= ' EXCEPT SELECT role_no, user_no FROM role_member';
00400         if ( $succeeded ) $succeeded = $qry->QDo($sql);
00401         if ( $succeeded )
00402           $qry->Commit();
00403         else
00404           $qry->Rollback();
00405       }
00406       if ( ! $succeeded ) {
00407         $c->messages[] = i18n('ERROR: There was a database error writing the roles information!');
00408         $c->messages[] = i18n('Please note the time and advise the administrator of your system.');
00409         return false;
00410       }
00411     }
00412     return true;
00413   }
00414 }