Newer
Older
<?php
/*********************************************************************
class.staff.php
Everything about staff.
Peter Rotich <peter@osticket.com>
http://www.osticket.com
Released under the GNU General Public License WITHOUT ANY WARRANTY.
See LICENSE.TXT for details.
vim: expandtab sw=4 ts=4 sts=4:
**********************************************************************/
Peter Rotich
committed
include_once(INCLUDE_DIR.'class.ticket.php');
include_once(INCLUDE_DIR.'class.error.php');
include_once(INCLUDE_DIR.'class.user.php');
implements AuthenticatedUser, EmailContact, TemplateVariable, Searchable {
static $meta = array(
'table' => STAFF_TABLE,
'pk' => array('staff_id'),
'joins' => array(
'dept' => array(
'constraint' => array('dept_id' => 'Dept.id'),
'role' => array(
'constraint' => array('role_id' => 'Role.id'),
),
'dept_access' => array(
'reverse' => 'StaffDeptAccess.staff',
// WE have to patch info here to support upgrading from old versions.
$time = null;
if (isset($this->passwdreset) && $this->passwdreset)
$time=strtotime($this->passwdreset);
elseif (isset($this->added) && $this->added)
$time=strtotime($this->added);
if ($time)
$this->passwd_change = time()-$time; //XXX: check timezone issues.
function get($field, $default=false) {
// Autoload config if not loaded already
if (!isset($this->_config))
$this->getConfig();
if (isset($this->_config[$field]))
return $this->_config[$field];
try {
return parent::get($field, $default);
} catch (Exception $e) {}
}
function getConfig() {
if (!isset($this->_config) && $this->getId()) {
$_config = new Config('staff.'.$this->getId(),
// Defaults
array(
'default_from_name' => '',
'datetime_format' => '',
'thread_view_order' => '',
));
$this->_config = $_config->getInfo();
}
return $this->_config;
}
function __toString() {
return (string) $this->getName();
}
static function getVarScope() {
return array(
'dept' => array('class' => 'Dept', 'desc' => __('Department')),
'email' => __('Email Address'),
'class' => 'PersonsName', 'desc' => __('Agent name'),
'mobile' => __('Mobile Number'),
'phone' => __('Phone Number'),
'signature' => __('Signature'),
'timezone' => "Agent's configured timezone",
'username' => 'Access username',
function getVar($tag) {
switch ($tag) {
case 'mobile':
return Format::phone($this->ht['mobile']);
case 'phone':
return Format::phone($this->ht['phone']);
}
}
static function getSearchableFields() {
return array(
'email' => new TextboxField(array(
'label' => __('Email Address'),
)),
);
}
static function supportsCustomData() {
return false;
}
unset($base['teams']);
if ($this->getConfig())
$base += $this->getConfig();
// AuthenticatedUser implementation...
// TODO: Move to an abstract class that extends Staff
return 'staff';
}
function getAuthBackend() {
list($bk, ) = explode(':', $this->getAuthKey());
// If administering a user other than yourself, fallback to the
// agent's declared backend, if any
if (!$bk && $this->backend)
$bk = $this->backend;
return StaffAuthenticationBackend::getBackend($bk);
function setAuthKey($key) {
$this->authkey = $key;
}
function getAuthKey() {
return $this->authkey;
}
// logOut the user
function logOut() {
if ($bk = $this->getAuthBackend())
return $bk->signOut($this);
return false;
}
function check_passwd($password, $autoupdate=true) {
if(Passwd::cmp($password, $this->getPasswd()))
//Fall back to MD5
if(!$password || strcmp($this->getPasswd(), MD5($password)))
return false;
//Password is a MD5 hash: rehash it (if enabled) otherwise force passwd change.
function cmp_passwd($password) {
return $this->check_passwd($password, false);
function hasPassword() {
return ($cfg && $cfg->getPasswdResetPeriod()
&& $this->passwd_change>($cfg->getPasswdResetPeriod()*30*24*60*60));
function setPassword($new, $current=false) {
// Allow the backend to update the password. This is the preferred
// method as it allows for integration with password policies and
// also allows for remotely updating the password where possible and
// supported.
if (!($bk = $this->getAuthBackend())
|| !$bk instanceof AuthBackend
) {
// Fallback to osTicket authentication token udpates
$bk = new osTicketAuthentication();
}
// And now for the magic
if (!$bk->supportsPasswordChange()) {
throw new PasswordUpdateFailed(
__('Authentication backend does not support password updates'));
}
// Backend should throw PasswordUpdateFailed directly
$rv = $bk->setPassword($this, $new, $current);
// Successfully updated authentication tokens
$this->change_passwd = 0;
$this->cancelResetTokens();
$this->passwdreset = SqlFunction::NOW();
function canAccess($something) {
if ($something instanceof RestrictedAccess)
return $something->checkStaffPerm($this);
return true;
}
function isPasswdChangeDue() {
return $this->isPasswdResetDue();
}
function getUserId() {
return $this->getId();
}
function getAvatar($size=null) {
global $cfg;
$source = $cfg->getStaffAvatarSource();
$avatar = $source->getAvatar($this);
if (isset($size))
$avatar->setSize($size);
return $avatar;
return new AgentsName(array('first' => $this->ht['firstname'], 'last' => $this->ht['lastname']));
function getAvatarAndName() {
return $this->getAvatar().Format::htmlchars((string) $this->getName());
}
function getDefaultTicketQueueId() {
return $this->default_ticket_queue_id;
}
function getReplyFromNameType() {
return $this->default_from_name;
}
// TODO: Cache this in the agent's session as it is unlikely to
// change while logged in
if (!isset($this->departments)) {
// Departments the staff is "allowed" to access...
// based on the group they belong to + user's primary dept + user's managed depts.
$sql='SELECT DISTINCT d.id FROM '.STAFF_TABLE.' s '
.' LEFT JOIN '.STAFF_DEPT_TABLE.' g ON (s.staff_id=g.staff_id) '
.' INNER JOIN '.DEPT_TABLE.' d ON (LOCATE(CONCAT("/", s.dept_id, "/"), d.path) OR d.manager_id=s.staff_id OR LOCATE(CONCAT("/", g.dept_id, "/"), d.path)) '
.' WHERE s.staff_id='.db_input($this->getId());
$depts = array();
if (($res=db_query($sql)) && db_num_rows($res)) {
while(list($id)=db_fetch_row($res))
}
/* ORM method — about 2.0ms slower
$q = Q::any(array(
'path__contains' => '/'.$this->dept_id.'/',
'manager_id' => $this->getId(),
));
// Add in extended access
foreach ($this->dept_access->depts->values_flat('dept_id') as $row) {
// Skip primary dept
if ($row[0] == $this->dept_id)
continue;
$q->add(new Q(array('path__contains'=>'/'.$row[0].'/')));
}
$dept_ids = Dept::objects()
->filter($q)
->distinct('id')
foreach ($dept_ids as $row)
$depts[] = $row[0];
*/
function getManagedDepartments() {
return ($depts=Dept::getDepartments(
array('manager' => $this->getId())
))?array_keys($depts):array();
}
function setDepartmentId($dept_id, $eavesdrop=false) {
// Grant access to the current department
$old = $this->dept_id;
if ($eavesdrop) {
$da = StaffDeptAccess::create(array(
'dept_id' => $old,
'role_id' => $this->role_id,
));
$da->setAlerts(true);
$this->dept_access->add($da);
}
// Drop extended access to new department
$this->dept_id = $dept_id;
if ($da = $this->dept_access->findFirst(array(
'dept_id' => $dept_id))
) {
$this->dept_access->remove($da);
}
}
function usePrimaryRoleOnAssignment() {
return $this->getExtraAttr('def_assn_role', true);
}
return (isset($this->lang)) ? $this->lang : false;
if (isset($this->timezone))
return $this->timezone;
}
function getLocale() {
//XXX: isset is required here to avoid possible crash when upgrading
// installation where locale column doesn't exist yet.
return isset($this->locale) ? $this->locale : 0;
function getRoles() {
if (!isset($this->_roles)) {
$this->_roles = array($this->dept_id => $this->role);
foreach($this->dept_access as $da)
$this->_roles[$da->dept_id] = $da->role;
}
return $this->_roles;
}
function getRole($dept=null, $assigned=false) {
if (is_null($dept))
return $this->role;
if ((!$dept instanceof Dept) && !($dept=Dept::lookup($dept)))
return null;
$deptId = $dept->getId();
$roles = $this->getRoles();
if (isset($roles[$deptId]))
return $roles[$deptId];
// Default to primary role.
if ($assigned && $this->usePrimaryRoleOnAssignment())
// Ticket Create & View only access
$perms = JSONDataEncoder::encode(array(
Ticket::PERM_CREATE => 1));
return new Role(array('permissions' => $perms));
function hasPerm($perm, $global=true) {
if ($global)
return $this->getPermission()->has($perm);
if ($this->getRole()->hasPerm($perm))
return true;
foreach ($this->dept_access as $da)
if ($da->role->hasPerm($perm))
return true;
return false;
function canSearchEverything() {
return $this->hasPerm(SearchBackend::PERM_EVERYTHING);
}
function canManageTickets() {
return $this->hasPerm(Ticket::PERM_DELETE, false)
|| $this->hasPerm(Ticket::PERM_TRANSFER, false)
|| $this->hasPerm(Ticket::PERM_ASSIGN, false)
|| $this->hasPerm(Ticket::PERM_CLOSE, false);
return (($dept=$this->getDept()) && $dept->getManagerId()==$this->getId());
}
function getStatus() {
return $this->isActive() ? __('Active') : __('Locked');
}
function isAccessLimited() {
return $this->showAssignedOnly();
}
return ($teamId && in_array($teamId, $this->getTeams()));
function canAccessDept($dept) {
if (!$dept instanceof Dept)
return false;
return (!$this->isAccessLimited()
&& in_array($dept->getId(), $this->getDepts()));
if (!isset($this->_teams)) {
$this->_teams = array();
foreach ($this->teams as $team)
$this->_teams[] = (int) $team->team_id;
function getTicketsVisibility() {
// -- Open and assigned to me
$assigned = Q::any(array(
'staff_id' => $this->getId(),
));
$assigned->add(array('thread__referrals__agent__staff_id' => $this->getId()));
// -- Open and assigned to a team of mine
$assigned->add(array('team_id__in' => $teams));
$assigned->add(array('thread__referrals__team__team_id__in' => $teams));
}
$visibility = Q::any(new Q(array('status__state'=>'open', $assigned)));
// -- Routed to a department of mine
if (!$this->showAssignedOnly() && ($depts=$this->getDepts())) {
$visibility->add(array('dept_id__in' => $depts));
$visibility->add(array('thread__referrals__dept__id__in' => $depts));
}
return $visibility;
}
function applyVisibility($query) {
return $query->filter($this->getTicketsVisibility());
}
function resetStats() {
$this->stats = array();
}
function getTasksStats() {
if (!$this->stats['tasks'])
$this->stats['tasks'] = Task::getStaffStats($this);
return $this->stats['tasks'];
}
function getNumAssignedTasks() {
return ($stats=$this->getTasksStats()) ? $stats['assigned'] : 0;
}
function getNumClosedTasks() {
return ($stats=$this->getTasksStats()) ? $stats['closed'] : 0;
}
function getExtraAttr($attr=false, $default=null) {
if (!isset($this->_extra) && isset($this->extra))
$this->_extra = JsonDataParser::decode($this->extra);
return $attr
? (isset($this->_extra[$attr]) ? $this->_extra[$attr] : $default)
: $this->_extra;
}
function setExtraAttr($attr, $value, $commit=true) {
$this->getExtraAttr();
$this->extra = JsonDataEncoder::encode($this->_extra);
function getPermission() {
if (!isset($this->_perm)) {
$this->_perm = new RolePermission($this->permissions);
}
return $this->_perm;
}
function getPermissionInfo() {
return $this->getPermission()->getInfo();
}
function onLogin($bk) {
// Update last apparent language preference
$this->setExtraAttr('browser_lang',
Internationalization::getCurrentLanguage(),
false);
$this->lastlogin = SqlFunction::NOW();
$this->save();
//Staff profile update...unfortunately we have to separate it from admin update to avoid potential issues
function updateProfile($vars, &$errors) {
$vars['firstname']=Format::striptags($vars['firstname']);
$vars['lastname']=Format::striptags($vars['lastname']);
if (isset($this->staff_id) && $this->getId() != $vars['id'])
$errors['err']=__('Internal error occurred');
$errors['firstname']=__('First name is required');
$errors['lastname']=__('Last name is required');
if(!$vars['email'] || !Validator::is_valid_email($vars['email']))
$errors['email']=__('Valid email is required');
$errors['email']=__('Already in-use as system email');
elseif (($uid=static::getIdByEmail($vars['email']))
&& (!isset($this->staff_id) || $uid!=$this->getId()))
$errors['email']=__('Email already in use by another agent');
if($vars['phone'] && !Validator::is_phone($vars['phone']))
$errors['phone']=__('Valid phone number is required');
if($vars['mobile'] && !Validator::is_phone($vars['mobile']))
$errors['mobile']=__('Valid phone number is required');
if($vars['default_signature_type']=='mine' && !$vars['signature'])
$errors['default_signature_type'] = __("You don't have a signature");
// Update the user's password if requested
if ($vars['passwd1']) {
try {
$this->setPassword($vars['passwd1'], $vars['cpasswd']);
}
catch (BadPassword $ex) {
$errors['passwd1'] = $ex->getMessage();
}
catch (PasswordUpdateFailed $ex) {
// TODO: Add a warning banner or crash the update
}
}
$this->firstname = $vars['firstname'];
$this->lastname = $vars['lastname'];
$this->email = $vars['email'];
$this->phone = Format::phone($vars['phone']);
$this->phone_ext = $vars['phone_ext'];
$this->mobile = Format::phone($vars['mobile']);
$this->signature = Format::sanitize($vars['signature']);
$this->timezone = $vars['timezone'];
$this->locale = $vars['locale'];
$this->max_page_size = $vars['max_page_size'];
$this->auto_refresh_rate = $vars['auto_refresh_rate'];
$this->default_signature_type = $vars['default_signature_type'];
$this->default_paper_size = $vars['default_paper_size'];
$this->lang = $vars['lang'];
$this->onvacation = isset($vars['onvacation']) ? 1 : 0;
if (isset($vars['avatar_code']))
$this->setExtraAttr('avatar', $vars['avatar_code']);
if ($errors)
return false;
$_SESSION['::lang'] = null;
TextDomain::configureForUser($this);
// Update the config information
$_config = new Config('staff.'.$this->getId());
$_config->updateAll(array(
'datetime_format' => $vars['datetime_format'],
'default_from_name' => $vars['default_from_name'],
'thread_view_order' => $vars['thread_view_order'],
'default_ticket_queue_id' => $vars['default_ticket_queue_id'],
)
);
$this->_config = $_config->getInfo();
function updateTeams($membership, &$errors) {
$dropped = array();
foreach ($this->teams as $TM)
$dropped[$TM->team_id] = 1;
reset($membership);
while(list(, list($team_id, $alerts)) = each($membership)) {
$member = $this->teams->findFirst(array('team_id' => $team_id));
if (!$member) {
$this->teams->add($member = new TeamMember(array(
$member->setAlerts($alerts);
if (!$errors)
$member->save();
unset($dropped[$member->team_id]);
}
if (!$errors && $dropped) {
$member = $this->teams
->filter(array('team_id__in' => array_keys($dropped)))
$this->teams->reset();
if (!$thisstaff || $this->getId() == $thisstaff->getId())
// DO SOME HOUSE CLEANING
//Move remove any ticket assignments...TODO: send alert to Dept. manager?
Ticket::objects()
->filter(array('staff_id' => $this->getId()))
->update(array('staff_id' => 0));
//Update the poster and clear staff_id on ticket thread table.
ThreadEntry::objects()
->filter(array('staff_id' => $this->getId()))
->update(array(
'staff_id' => 0,
'poster' => $this->getName()->getOriginal(),
));
TeamMember::objects()
->filter(array('staff_id'=>$this->getId()))
->delete();
// Cleanup staff dept access
StaffDeptAccess::objects()
->filter(array('staff_id'=>$this->getId()))
->delete();
static function lookup($var) {
if (is_array($var))
return parent::lookup($var);
elseif (is_numeric($var))
return parent::lookup(array('staff_id'=>$var));
elseif (Validator::is_email($var))
return parent::lookup(array('email'=>$var));
elseif (is_string($var))
return parent::lookup(array('username'=>$var));
else
return null;
}
$members = static::objects();
$members = $members->filter(array(
'onvacation' => 0,
'isactive' => 1,
));
static function getAvailableStaffMembers() {
static function getsortby($path='', $format=null) {
global $cfg;
$format = $format ?: $cfg->getAgentNameFormat();
switch ($format) {
case 'last':
case 'lastfirst':
case 'legal':
$fields = array("{$path}lastname", "{$path}firstname");
$fields = array("${path}firstname", "${path}lastname");
return $fields;
}
static function nsort(QuerySet $qs, $path='', $format=null) {
$fields = self::getsortby($path, $format);
$qs->order_by($fields);
static function getIdByUsername($username) {
$row = static::objects()->filter(array('username' => $username))
->values_flat('staff_id')->first();
return $row ? $row[0] : 0;
static function getIdByEmail($email) {
$row = static::objects()->filter(array('email' => $email))
->values_flat('staff_id')->first();
return $row ? $row[0] : 0;
$staff = new static($vars);
$staff->created = SqlFunction::NOW();
return $staff;
function cancelResetTokens() {
// TODO: Drop password-reset tokens from the config table for
// this user id
$sql = 'DELETE FROM '.CONFIG_TABLE.' WHERE `namespace`="pwreset"
AND `value`='.db_input($this->getId());
unset($_SESSION['_staff']['reset-token']);
}
function sendResetEmail($template='pwreset-staff', $log=true) {
$content = Page::lookupByType($template);
$token = Misc::randCode(48); // 290-bits
return new BaseError(/* @trans */ 'Unable to retrieve password reset email template');
'url' => $ost->getConfig()->getBaseUrl(),
'token' => $token,
'reset_link' => sprintf(
"%s/scp/pwreset.php?token=%s",
$ost->getConfig()->getBaseUrl(),
$token),
$vars['link'] = &$vars['reset_link'];
if (!($email = $cfg->getAlertEmail()))
$email = $cfg->getDefaultEmail();
$info = array('email' => $email, 'vars' => &$vars, 'log'=>$log);
Signal::send('auth.pwreset.email', $this, $info);
$ost->logWarning(_S('Agent Password Reset'), sprintf(
_S('Password reset was attempted for agent: %1$s<br><br>
Requested-User-Id: %2$s<br>
Source-Ip: %3$s<br>
Email-Sent-To: %4$s<br>
Email-Sent-Via: %5$s'),
$this->getName(),
$_POST['userid'],
$_SERVER['REMOTE_ADDR'],
$this->getEmail(),
$email->getEmail()
), false);
$lang = $this->lang ?: $this->getExtraAttr('browser_lang');
$msg = $ost->replaceTemplateVariables(array(
'subj' => $content->getLocalName($lang),
'body' => $content->getLocalBody($lang),
$_config = new Config('pwreset');
$_config->set($vars['token'], $this->getId());
$email->send($this->getEmail(), Format::striptags($msg['subj']),
static function importCsv($stream, $defaults=array(), $callback=false) {
require_once INCLUDE_DIR . 'class.import.php';
$importer = new CsvImporter($stream);
$imported = 0;
$fields = array(
'firstname' => new TextboxField(array(
'label' => __('First Name'),
)),
'lastname' => new TextboxField(array(
'label' => __('Last Name'),
)),
'email' => new TextboxField(array(
'label' => __('Email Address'),
'configuration' => array(
'validator' => 'email',
),
)),
'username' => new TextboxField(array(
'label' => __('Username'),
'validators' => function($self, $value) {
if (!Validator::is_username($value))
$self->addError('Not a valid username');
},
)),
);
$form = new SimpleForm($fields);
try {
db_autocommit(false);
$records = $importer->importCsv($form->getFields(), $defaults);
foreach ($records as $data) {
if (!isset($data['email']) || !isset($data['username']))
throw new ImportError('Both `username` and `email` fields are required');
if ($agent = self::lookup(array('username' => $data['username']))) {
// TODO: Update the user
}
elseif ($agent = self::create($data, $errors)) {
if ($callback)
$callback($agent, $data);
$agent->save();
}