Back to index

awl  0.53
Public Member Functions | Public Attributes
User Class Reference
Inheritance diagram for User:
Inheritance graph
[legend]
Collaboration diagram for User:
Collaboration graph
[legend]

List of all members.

Public Member Functions

 User ($id, $prefix="")
 

@-


 AllowedTo ($whatever)
 Can the user do this?
 GetRoles ()
 Get the group memberships for the user.
 Render ()
 Render the form / viewer as HTML to show the user.
 RenderFields ($ef, $title=null)
 Render the core details to show to the user.
 RenderRoles ($ef, $title=null)
 Render the user's administrative roles.
 Validate ()
 Validate the information the user submitted.
 Write ()
 Write the User record.
 WriteRoles ()
 Write the roles associated with the user.
 DBRecord ()
 

@-


 Initialise ($table, $keys=array())
 This will read the record from the database if it's available, and the $keys parameter is a non-empty array.
 AddTable ($table, $target_list, $join_clause, $and_where)
 This will join an additional table to the maintained set.
 PostToValues ($prefix="")
 This will assign $_POST values to the internal Values object for each field that exists in the Fields array.
 _BuildJoinClause ()
 Builds a table join clause.
 _BuildFieldList ()
 Builds a field target list.
 _BuildWhereClause ($overwrite_values=false)
 Builds a where clause to match the supplied keys.
 Set ($fname, $fval)
 Sets a single field in the record.
 Get ($fname)
 Returns a single field from the record.
 Undefine ($fname)
 Unsets a single field from the record.
 Read ()
 To read the record from the database.

Public Attributes

 $user_no
 $prefix
 $Table
 $Fields
 $Keys
 $Values
 $WriteType
 $OtherTable
 $OtherTargets
 $OtherJoin
 $OtherWhere
 $EditMode

Detailed Description

Definition at line 34 of file User.php.


Member Function Documentation

DBRecord::_BuildFieldList ( ) [inherited]

Builds a field target list.

Returns:
string A simple SQL target field list for each field, possibly including prefixes.

Definition at line 274 of file DataUpdate.php.

                             {
    $list = "";
    foreach( $this->Fields AS $fname => $ftype ) {
      $list .= ( $list == "" ? "" : ", " );
      $list .= "$fname" . ( $this->prefix == "" ? "" : " AS \"$this->prefix$fname\"" );
    }

    foreach( $this->OtherTargets AS $t => $targets ) {
      if ( ! preg_match( '/^\s*$/', $targets ) ) {
        $list .= ( $list == "" ? "" : ", " )  . $targets;
      }
    }

    return $list;
  }
DBRecord::_BuildJoinClause ( ) [inherited]

Builds a table join clause.

Returns:
string A simple SQL target join clause excluding the primary table.

Definition at line 259 of file DataUpdate.php.

                              {
    $clause = "";
    foreach( $this->OtherJoins AS $t => $join ) {
      if ( ! preg_match( '/^\s*$/', $join ) ) {
        $clause .= ( $clause == "" ? "" : " " )  . $join;
      }
    }

    return $clause;
  }
DBRecord::_BuildWhereClause ( overwrite_values = false) [inherited]

Builds a where clause to match the supplied keys.

Parameters:
boolean$overwrite_valuesControls whether the data values for the key fields will be forced to match the key values
Returns:
string A simple SQL where clause, including the initial "WHERE", for each key / value.

Definition at line 295 of file DataUpdate.php.

                                                      {
    $where = "";
    foreach( $this->Keys AS $k => $v ) {
      // At least assign the key fields...
      if ( $overwrite_values ) $this->Values->{$k} = $v;
      // And build the WHERE clause
      $where .= ( $where == '' ? 'WHERE ' : ' AND ' );
      $where .= $k . '=' . AwlQuery::quote($v);
    }

    if ( isset($this->OtherWhere) && is_array($this->OtherWhere) ) {
      foreach( $this->OtherWhere AS $t => $and_where ) {
        if ( ! preg_match( '/^\s*$/', $and_where ) ) {
          $where .= ($where == '' ? 'WHERE ' : ' AND (' )  . $and_where . ')';
        }
      }
    }

    return $where;
  }

Here is the call graph for this function:

DBRecord::AddTable ( table,
target_list,
join_clause,
and_where 
) [inherited]

This will join an additional table to the maintained set.

Parameters:
string$tableThe name of the database table
array$keysAn associative array containing fieldname => value pairs for the record key.
string$joinA PostgreSQL join clause.
string$prefixA field prefix to use for these fields to distinguish them from fields in other joined tables with the same name.

Definition at line 233 of file DataUpdate.php.

                                                                      {
    dbg_error_log( "DBRecord", ":AddTable: $table called" );
    $this->OtherTable[] = $table;
    $this->OtherTargets[$table] = $target_list;
    $this->OtherJoin[$table] = $join_clause;
    $this->OtherWhere[$table] = $and_where;
  }
User::AllowedTo ( whatever)

Can the user do this?

Parameters:
string$whateverWhat the user wants to do
Returns:
boolean Whether they are allowed to.

First we globally short-circuit the 'admin can do anything'

Definition at line 98 of file User.php.

  {
    global $session;

    $rc = false;

    if ( $session->AllowedTo("Admin") ) {
      $rc = true;
      dbg_error_log("User",":AllowedTo: Admin is always allowed to %s", $whatever );
      return $rc;
    }

    switch( strtolower($whatever) ) {

      case 'view':
        $rc = ( $this->user_no > 0 && $session->user_no == $this->user_no );
        break;

      case 'update':
        $rc = ( $this->user_no > 0 && $session->user_no == $this->user_no );
        break;

      case 'changepassword':
        $rc = ( ($this->user_no > 0 && $session->user_no == $this->user_no)
                || ("insert" == $this->WriteType) );
        break;

      case 'changeusername':  // Administrator only
      case 'changeactive':    // Administrator only
      case 'admin':

      case 'create':

      case 'insert':
        $rc = false;
        break;

      default:
        $rc = ( isset($session->roles[$whatever]) && $session->roles[$whatever] );
    }
    dbg_error_log("User",":AllowedTo: %s is%s allowed to %s", (isset($this->username)?$this->username:null), ($rc?"":" not"), $whatever );
    return $rc;
  }

Here is the caller graph for this function:

DBRecord::DBRecord ( ) [inherited]

@-

Really numbingly simple construction.

Definition at line 202 of file DataUpdate.php.

                       {
    dbg_error_log( "DBRecord", ":Constructor: called" );
    $this->WriteType = "insert";
    $this->EditMode = false;
    $this->prefix = "";
    $values = (object) array();
    $this->Values = &$values;
  }

Here is the caller graph for this function:

DBRecord::Get ( fname) [inherited]

Returns a single field from the record.

Parameters:
string$fnameThe name of the field to set the value for
Returns:
mixed The current value of the field.

Definition at line 333 of file DataUpdate.php.

                       {
    @dbg_error_log( "DBRecord", ":Get: %s => %s", $fname, $this->Values->{$fname} );
    return (isset($this->Values->{$fname}) ? $this->Values->{$fname} : null);
  }

Here is the caller graph for this function:

Get the group memberships for the user.

Definition at line 149 of file User.php.

                       {
    $this->roles = array();
    $qry = new AwlQuery( 'SELECT role_name FROM role_member JOIN roles USING (role_no) WHERE user_no = ? ', $this->user_no );
    if ( $qry->Exec("User") && $qry->rows() > 0 ) {
      while( $role = $qry->Fetch() ) {
        $this->roles[$role->role_name] = 't';
      }
    }
  }

Here is the caller graph for this function:

DBRecord::Initialise ( table,
keys = array() 
) [inherited]

This will read the record from the database if it's available, and the $keys parameter is a non-empty array.

Parameters:
string$tableThe name of the database table
array$keysAn associative array containing fieldname => value pairs for the record key.

Definition at line 217 of file DataUpdate.php.

                                                 {
    dbg_error_log( "DBRecord", ":Initialise: called" );
    $this->Table = $table;
    $this->Fields = get_fields($this->Table);
    $this->Keys = $keys;
    $this->WriteType = "insert";
  }

Here is the caller graph for this function:

DBRecord::PostToValues ( prefix = "") [inherited]

This will assign $_POST values to the internal Values object for each field that exists in the Fields array.

Definition at line 245 of file DataUpdate.php.

                                        {
    foreach ( $this->Fields AS $fname => $ftype ) {
      @dbg_error_log( "DBRecord", ":PostToValues: %s => %s", $fname, $_POST["$prefix$fname"] );
      if ( isset($_POST["$prefix$fname"]) ) {
        $this->Set($fname, $_POST["$prefix$fname"]);
        @dbg_error_log( "DBRecord", ":PostToValues: %s => %s", $fname, $_POST["$prefix$fname"] );
      }
    }
  }

Here is the call graph for this function:

DBRecord::Read ( ) [inherited]

To read the record from the database.

If we don't have any keys then the record will be blank.

Returns:
boolean Whether we actually read a record.

Definition at line 367 of file DataUpdate.php.

                  {
    $i_read_the_record = false;
    $values = (object) array();
    $this->EditMode = true;
    $where = $this->_BuildWhereClause(true);
    if ( "" != $where ) {
      // $fieldlist = $this->_BuildFieldList();
      $fieldlist = "*";
  //    $join = $this->_BuildJoinClause(true);
      $sql = "SELECT $fieldlist FROM $this->Table $where";
      $qry = new AwlQuery($sql);
      if ( $qry->Exec( "DBRecord", __LINE__, __FILE__ ) && $qry->rows() > 0 ) {
        $i_read_the_record = true;
        $values = $qry->Fetch();
        $this->EditMode = false;  // Default to not editing if we read the record.
        dbg_error_log( "DBRecord", ":Read: Read %s record from table.", $this->Table, $this->WriteType );
      }
    }
    $this->Values = &$values;
    $this->WriteType = ( $i_read_the_record ? "update" : "insert" );
    dbg_error_log( "DBRecord", ":Read: Record %s write type is %s.", $this->Table, $this->WriteType );
    return $i_read_the_record;
  }

Here is the caller graph for this function:

Render the form / viewer as HTML to show the user.

Returns:
string An HTML fragment to display in the page.

Definition at line 164 of file User.php.

                     {
    $html = "";
    dbg_error_log("User", ":Render: type=$this->WriteType, edit_mode=$this->EditMode" );

    $ef = new EntryForm( $REQUEST_URI, $this->Values, $this->EditMode );
    $ef->NoHelp();  // Prefer this style, for the moment

    if ( $ef->EditMode ) {
      $html .= $ef->StartForm( array("autocomplete" => "off" ) );
      if ( $this->user_no > 0 ) $html .= $ef->HiddenField( "user_no", $this->user_no );
    }

    $html .= "<table width=\"100%\" class=\"data\" cellspacing=\"0\" cellpadding=\"0\">\n";

    $html .= $this->RenderFields($ef);
    $html .= $this->RenderRoles($ef);

    $html .= "</table>\n";
    if ( $ef->EditMode ) {
      $html .= '<div id="footer">';
      $html .= $ef->SubmitButton( "submit", (("insert" == $this->WriteType) ? translate("Create") : translate("Update")) );
      $html .= '</div>';
      $html .= $ef->EndForm();
    }

    return $html;
  }

Here is the call graph for this function:

User::RenderFields ( ef,
title = null 
)

Render the core details to show to the user.

Parameters:
object$efThe entry form.
string$titleThe title to display above the entry fields.
Returns:
string An HTML fragment to display in the page.

Definition at line 198 of file User.php.

                                              {
    global $session, $c;

    if ( $title == null ) $title = i18n("User Details");
    $html = ( $title == "" ? "" : $ef->BreakLine(translate($title)) );

    if ( $this->AllowedTo('ChangeUsername') ) {
      $html .= $ef->DataEntryLine( translate("User Name"), "%s", "text", "username",
              array( "size" => 20, "title" => translate("The name this user can log into the system with.")), $this->prefix );
    }
    else {
      $html .= $ef->DataEntryLine( translate("User Name"), $this->Get('username') );
    }
    if ( $ef->EditMode && $this->AllowedTo('ChangePassword') ) {
      $this->Set('new_password','******');
      unset($_POST['new_password']);
      $html .= $ef->DataEntryLine( translate("New Password"), "%s", "password", "new_password",
                array( "size" => 20, "title" => translate("The user's password for logging in.")), $this->prefix );
      $this->Set('confirm_password', '******');
      unset($_POST['confirm_password']);
      $html .= $ef->DataEntryLine( translate("Confirm"), "%s", "password", "confirm_password",
                array( "size" => 20, "title" => translate("Confirm the new password.")), $this->prefix );
    }

    $html .= $ef->DataEntryLine( translate("Full Name"), "%s", "text", "fullname",
              array( "size" => 50, "title" => translate("The user's full name.")), $this->prefix );

    $html .= $ef->DataEntryLine( translate("EMail"), "%s", "text", "email",
              array( "size" => 50, "title" => translate("The user's e-mail address.")), $this->prefix );

    if ( $this->AllowedTo('ChangeActive') ) {
      $html .= $ef->DataEntryLine( translate("Active"), ($this->Get('active') == 't'? translate('Yes') : translate('No')), "checkbox", "active",
                array( "_label" => translate("User is active"),
                      "title" => translate("Is this user active?")), $this->prefix );
    }
    else {
      $html .= $ef->DataEntryLine( translate("Active"), ($this->Get('active') == 't'? translate('Yes') : translate('No')) );
    }

    $html .= $ef->DataEntryLine( translate("Date Style"), ($this->Get('date_format_type') == 'E' ? 'European' : ($this->Get('date_format_type') == 'U' ? 'US of A' : 'ISO 8861')),
                     "select", "date_format_type",
                     array( "title" => translate("The style of dates used for this person."),
                       "_E" => translate("European (d/m/y)"), "_U" => translate("United States of America (m/d/y)"), "_I" => translate("ISO Format (YYYY-MM-DD)") ),
                     $this->prefix );

    if ( isset($c->default_locale) ) {
      if ( $this->Get('locale') == '' ) {
        $this->Set('locale',$c->default_locale);
      }
      $html .= $ef->DataEntryLine( translate("Language"), "%s", "lookup", "locale",
                      array( "title" => translate("The preferred language for this person."),
                        "_sql" => "SELECT locale, locale_name_locale FROM supported_locales ORDER BY locale ASC;" ),
                      $this->prefix );
    }

    $html .= $ef->DataEntryLine( translate("EMail OK"), $session->FormattedDate($this->Get('email_ok'),'timestamp'), "timestamp", "email_ok",
              array( "title" => translate("When the user's e-mail account was validated.")), $this->prefix );

    $html .= $ef->DataEntryLine( translate("Joined"), $session->FormattedDate($this->Get('joined'),'timestamp') );
    $html .= $ef->DataEntryLine( translate("Updated"), $session->FormattedDate($this->Get('updated'),'timestamp') );
    $html .= $ef->DataEntryLine( translate("Last used"), $session->FormattedDate($this->Get('last_used'),'timestamp') );

    return $html;
  }

Here is the call graph for this function:

Here is the caller graph for this function:

User::RenderRoles ( ef,
title = null 
)

Render the user's administrative roles.

Returns:
string The string of html to be output

Definition at line 269 of file User.php.

                                             {
    global $session;
    $html = "";

    if ( $title == null ) $title = i18n("User Roles");
    $html = ( $title == "" ? "" : $ef->BreakLine(translate($title)) );

    $html .= '<tr><th class="prompt">'.translate("User Roles").'</th><td class="entry">';
    if ( $ef->EditMode ) {
      $sql = "SELECT role_name FROM roles ";
      if ( ! ($session->AllowedTo('Admin') ) ) {
        $sql .= "NATURAL JOIN role_member WHERE user_no=$session->user_no ";
      }
      $sql .= "ORDER BY roles.role_no";

      $ef->record->roles = array();

      // Select the records
      $q = new AwlQuery($sql);
      if ( $q && $q->Exec("User") && $q->rows() ) {
        $i=0;
        while( $row = $q->Fetch() ) {
          @dbg_error_log("User", ":RenderRoles: Is a member of '%s': %s", $row->role_name, $this->roles[$row->role_name] );
          $ef->record->roles[$row->role_name] = ( isset($this->roles[$row->role_name]) ? $this->roles[$row->role_name] : 'f');
          $html .= $ef->DataEntryField( "", "checkbox", "roles[$row->role_name]",
                          array("title" => translate("Does the user have the right to perform this role?"),
                                    "_label" => translate($row->role_name) ) );
        }
      }
    }
    else {
      $i = 0;
      foreach( $this->roles AS $k => $v ) {
        if ( $i++ > 0 ) $html .= ", ";
        $html .= $k;
      }
    }
    $html .= '</td></tr>'."\n";

    return $html;
  }

Here is the caller graph for this function:

DBRecord::Set ( fname,
fval 
) [inherited]

Sets a single field in the record.

Parameters:
string$fnameThe name of the field to set the value for
string$fvalThe value to set the field to
Returns:
mixed The new value of the field (i.e. $fval).

Definition at line 322 of file DataUpdate.php.

                              {
    dbg_error_log( "DBRecord", ":Set: %s => %s", $fname, $fval );
    $this->Values->{$fname} = $fval;
    return $fval;
  }

Here is the caller graph for this function:

DBRecord::Undefine ( fname) [inherited]

Unsets a single field from the record.

Parameters:
string$fnameThe name of the field to unset the value for
Returns:
mixed The current value of the field.

Definition at line 343 of file DataUpdate.php.

                            {
    if ( !isset($this->Values->{$fname}) ) return null;
    $current = $this->Values->{$fname};
    dbg_error_log( 'DBRecord', ': Unset: %s =was> %s', $fname, $current );
    unset($this->Values->{$fname});
    return $current;
  }

Here is the caller graph for this function:

User::User ( id,
prefix = "" 
)

@-

The constructor initialises a new record, potentially reading it from the database.

Parameters:
int$idThe user_no, or 0 if we are creating a new one
string$prefixThe prefix for entry fields

Definition at line 57 of file User.php.

                                     {
    global $session;

    // Call the parent constructor
    $this->DBRecord();

    $this->prefix = $prefix;

    $this->user_no = 0;
    $keys = array();

    $id = intval("$id");
    if ( $id > 0 ) {
      // Initialise
      $keys['user_no'] = $id;
      $this->user_no = $id;
    }

    // Initialise the record, possibly from the file.
    $this->Initialise('usr',$keys);
    $this->Read();
    $this->GetRoles();

    $this->EditMode = ( (isset($_GET['edit']) && $_GET['edit'] && $this->AllowedTo($this->WriteType))
                    || (0 == $this->user_no && $this->AllowedTo("insert") ) );

    if ( $this->user_no == 0 ) {
      dbg_error_log("User", "Initialising new user values");

      // Initialise to standard default values
      $this->active = true;

    }
  }

Here is the call graph for this function:

Validate the information the user submitted.

Returns:
boolean Whether the form data validated OK.

Definition at line 315 of file User.php.

                       {
    global $session, $c;
    dbg_error_log("User", ":Validate: Validating user");

    $valid = true;

    if ( $this->Get('fullname') == "" ) {
      $c->messages[] = i18n('ERROR: The full name may not be blank.');
      $valid = false;
    }

    // Password changing is a little special...
    unset($_POST['password']);
    if ( $_POST['new_password'] != "******" && $_POST['new_password'] != ""  ) {
      if ( $_POST['new_password'] == $_POST['confirm_password'] ) {
        $this->Set('password',$_POST['new_password']);
      }
      else {
        $c->messages[] = i18n('ERROR: The new password must match the confirmed password.');
        $valid = false;
      }
    }
    else {
      $this->Undefine('password');
    }

    dbg_error_log("User", ":Validate: User %s validation", ($valid ? "passed" : "failed"));
    return $valid;
  }

Here is the call graph for this function:

Write the User record.

Returns:
Success.

Reimplemented from DBRecord.

Definition at line 349 of file User.php.

                   {
    global $c, $session;
    if ( parent::Write() ) {
      $c->messages[] = i18n('User record written.');
      if ( $this->WriteType == 'insert' ) {
        $qry = new AwlQuery( "SELECT currval('usr_user_no_seq');" );
        $qry->Exec("User::Write");
        $sequence_value = $qry->Fetch(true);  // Fetch as an array
        $this->user_no = $sequence_value[0];
      }
      else {
        if ( $this->user_no == $session->user_no && $this->Get("date_format_type") != $session->date_format_type ) {
          // Ensure we match the date style setting
          $session->date_format_type = $this->Get("date_format_type");
          unset($_POST['email_ok']);
          $qry = new AwlQuery( "SET DATESTYLE TO ?;", ($this->Get("date_format_type") == 'E' ? 'European,ISO' : ($this->Get("date_format_type") == 'U' ? 'US,ISO' : 'ISO')) );
          $qry->Exec();
        }
      }
      return $this->WriteRoles();
    }
    return false;
  }

Here is the call graph for this function:

Write the roles associated with the user.

Returns:
Success.

Definition at line 377 of file User.php.

                        {
    global $c, $session;

    if ( isset($_POST['roles']) && is_array($_POST['roles']) ) {
      $roles = "";
      $params = array();
      foreach( $_POST['roles'] AS $k => $v ) {
        if ( $v && $v != "off" ) {
          $roles .= ( $roles == '' ? '' : ', ' );
          $roles .= AwlQuery::quote($k);
        }
      }
      $qry = new AwlQuery();
      if ( $roles == '' )
        $succeeded = $qry->QDo('DELETE FROM role_member WHERE user_no = '.$this->user_no);
      else {
        $succeeded = $qry->Begin();
        $sql = 'DELETE FROM role_member WHERE user_no = '.$this->user_no;
        $sql .= ' AND role_no NOT IN (SELECT role_no FROM roles WHERE role_name IN ('.$roles.') )';
        if ( $succeeded ) $succeeded = $qry->QDo($sql);
        $sql = 'INSERT INTO role_member (role_no, user_no)';
        $sql .= ' SELECT role_no, '.$this->user_no.' FROM roles WHERE role_name IN ('.$roles.')';
        $sql .= ' EXCEPT SELECT role_no, user_no FROM role_member';
        if ( $succeeded ) $succeeded = $qry->QDo($sql);
        if ( $succeeded )
          $qry->Commit();
        else
          $qry->Rollback();
      }
      if ( ! $succeeded ) {
        $c->messages[] = i18n('ERROR: There was a database error writing the roles information!');
        $c->messages[] = i18n('Please note the time and advise the administrator of your system.');
        return false;
      }
    }
    return true;
  }

Here is the call graph for this function:

Here is the caller graph for this function:


Member Data Documentation

DBRecord::$EditMode [inherited]

Definition at line 195 of file DataUpdate.php.

DBRecord::$Fields [inherited]

Definition at line 138 of file DataUpdate.php.

DBRecord::$Keys [inherited]

Definition at line 144 of file DataUpdate.php.

DBRecord::$OtherJoin [inherited]

Definition at line 177 of file DataUpdate.php.

DBRecord::$OtherTable [inherited]

Definition at line 162 of file DataUpdate.php.

Definition at line 170 of file DataUpdate.php.

DBRecord::$OtherWhere [inherited]

Definition at line 184 of file DataUpdate.php.

Definition at line 48 of file User.php.

DBRecord::$Table [inherited]

Definition at line 131 of file DataUpdate.php.

Definition at line 42 of file User.php.

DBRecord::$Values [inherited]

Definition at line 150 of file DataUpdate.php.

DBRecord::$WriteType [inherited]

Definition at line 156 of file DataUpdate.php.


The documentation for this class was generated from the following file: