Newer
Older
<?php
require_once(INCLUDE_DIR . 'class.staff.php');
class StaffAjaxAPI extends AjaxController {
/**
* Ajax: GET /staff/<id>/set-password
*
* Uses a dialog to add a new department
*
* Returns:
* 200 - HTML form for addition
* 201 - {id: <id>, name: <name>}
*
* Throws:
* 403 - Not logged in
* 403 - Not an administrator
* 404 - No such agent exists
*/
function setPassword($id) {
global $ost, $thisstaff;
if (!$thisstaff)
Http::response(403, 'Agent login required');
if (!$thisstaff->isAdmin())
Http::response(403, 'Access denied');
if ($id && !($staff = Staff::lookup($id)))
Http::response(404, 'No such agent');
$form = new PasswordResetForm($_POST);
$errors = array();
if (!$_POST && isset($_SESSION['new-agent-passwd']))
$form->data($_SESSION['new-agent-passwd']);
if ($_POST && $form->isValid()) {
$clean = $form->getClean();
if ($id == 0) {
// Stash in the session later when creating the user
$_SESSION['new-agent-passwd'] = $clean;
Http::response(201, 'Carry on');
}
$staff->sendResetEmail();
}
else {
$staff->setPassword($clean['passwd1'], null);
$staff->change_passwd = 1;
}
if ($staff->save())
Http::response(201, 'Successfully updated');
}
catch (BadPassword $ex) {
$passwd1 = $form->getField('passwd1');
$passwd1->addError($ex->getMessage());
}
catch (PasswordUpdateFailed $ex) {
$errors['err'] = __('Password update failed:').' '.$ex->getMessage();
}
}
$title = __("Set Agent Password");
$verb = $id == 0 ? __('Set') : __('Update');
$path = ltrim($ost->get_path_info(), '/');
include STAFFINC_DIR . 'templates/quick-add.tmpl.php';
global $cfg, $ost, $thisstaff;
if (!$thisstaff)
Http::response(403, 'Agent login required');
if (!$id || $thisstaff->getId() != $id)
Http::response(404, 'No such agent');
$form = new PasswordChangeForm($_POST);
$errors = array();
if ($_POST && $form->isValid()) {
$clean = $form->getClean();
if (($rtoken = $_SESSION['_staff']['reset-token'])) {
$_config = new Config('pwreset');
if ($_config->get($rtoken) != $thisstaff->getId())
$errors['err'] =
__('Invalid reset token. Logout and try again');
elseif (!($ts = $_config->lastModified($rtoken))
&& ($cfg->getPwResetWindow() < (time() - strtotime($ts))))
$errors['err'] =
__('Invalid reset token. Logout and try again');
if (!$errors) {
try {
$thisstaff->setPassword($clean['passwd1'], @$clean['current']);
if ($thisstaff->save()) {
if ($rtoken) {
$thisstaff->cancelResetTokens();
Http::response(200, $this->encode(array(
'redirect' => 'index.php'
)));
}
Http::response(201, 'Successfully updated');
}
}
catch (BadPassword $ex) {
$passwd1 = $form->getField('passwd1');
$passwd1->addError($ex->getMessage());
}
catch (PasswordUpdateFailed $ex) {
$errors['err'] = __('Password update failed:').' '.$ex->getMessage();
}
}
}
$title = __("Change Password");
$verb = __('Update');
$path = ltrim($ost->get_path_info(), '/');
include STAFFINC_DIR . 'templates/quick-add.tmpl.php';
}
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
function getAgentPerms($id) {
global $thisstaff;
if (!$thisstaff)
Http::response(403, 'Agent login required');
if (!$thisstaff->isAdmin())
Http::response(403, 'Access denied');
if (!($staff = Staff::lookup($id)))
Http::response(404, 'No such agent');
return $this->encode($staff->getPermissionInfo());
}
function resetPermissions() {
global $ost, $thisstaff;
if (!$thisstaff)
Http::response(403, 'Agent login required');
if (!$thisstaff->isAdmin())
Http::response(403, 'Access denied');
$form = new ResetAgentPermissionsForm($_POST);
if (@is_array($_GET['ids'])) {
$perms = new RolePermission();
$selected = Staff::objects()->filter(array('staff_id__in' => $_GET['ids']));
foreach ($selected as $staff)
// XXX: This maybe should be intersection rather than union
$perms->merge($staff->getPermission());
$form->getField('perms')->setValue($perms->getInfo());
}
if ($_POST && $form->isValid()) {
$clean = $form->getClean();
Http::response(201, $this->encode(array('perms' => $clean['perms'])));
}
$title = __("Reset Agent Permissions");
$verb = __("Continue");
$path = ltrim($ost->get_path_info(), '/');
include STAFFINC_DIR . 'templates/reset-agent-permissions.tmpl.php';
}
function changeDepartment() {
global $ost, $thisstaff;
if (!$thisstaff)
Http::response(403, 'Agent login required');
if (!$thisstaff->isAdmin())
Http::response(403, 'Access denied');
$form = new ChangeDepartmentForm($_POST);
// Preselect reasonable dept and role based on the current settings
// of the received staff ids
if (@is_array($_GET['ids'])) {
$dept_id = null;
$role_id = null;
$selected = Staff::objects()->filter(array('staff_id__in' => $_GET['ids']));
foreach ($selected as $staff) {
if (!isset($dept_id)) {
$dept_id = $staff->dept_id;
$role_id = $staff->role_id;
}
elseif ($dept_id != $staff->dept_id)
$dept_id = 0;
elseif ($role_id != $staff->role_id)
$role_id = 0;
}
$form->getField('dept_id')->setValue($dept_id);
$form->getField('role_id')->setValue($role_id);
}
if ($_POST && $form->isValid()) {
$clean = $form->getClean();
Http::response(201, $this->encode($clean));
}
$title = __("Change Primary Department");
$verb = __("Continue");
$path = ltrim($ost->get_path_info(), '/');
include STAFFINC_DIR . 'templates/quick-add.tmpl.php';
}
function setAvatar($id) {
global $thisstaff;
if (!$thisstaff)
Http::response(403, 'Agent login required');
if ($id != $thisstaff->getId() && !$thisstaff->isAdmin())
Http::response(403, 'Access denied');
if ($id == $thisstaff->getId())
$staff = $thisstaff;
else
$staff = Staff::lookup((int) $id);
if (!($avatar = $staff->getAvatar()))
Http::response(404, 'User does not have an avatar');
if ($code = $avatar->toggle())
return $this->encode(array(
'img' => (string) $avatar,
// XXX: This is very inflexible
'code' => $code,
));