Newer
Older
<?php
/*********************************************************************
class.staff.php
Everything about staff.
Peter Rotich <peter@osticket.com>
http://www.osticket.com
Released under the GNU General Public License WITHOUT ANY WARRANTY.
See LICENSE.TXT for details.
vim: expandtab sw=4 ts=4 sts=4:
**********************************************************************/
Peter Rotich
committed
include_once(INCLUDE_DIR.'class.ticket.php');
include_once(INCLUDE_DIR.'class.error.php');
include_once(INCLUDE_DIR.'class.user.php');
implements AuthenticatedUser, EmailContact, TemplateVariable {
static $meta = array(
'table' => STAFF_TABLE,
'pk' => array('staff_id'),
'joins' => array(
'dept' => array(
'constraint' => array('dept_id' => 'Dept.id'),
'role' => array(
'constraint' => array('role_id' => 'Role.id'),
),
'dept_access' => array(
'reverse' => 'StaffDeptAccess.staff',
// WE have to patch info here to support upgrading from old versions.
$time = null;
if (isset($this->passwdreset) && $this->passwdreset)
$time=strtotime($this->passwdreset);
elseif (isset($this->added) && $this->added)
$time=strtotime($this->added);
if ($time)
$this->passwd_change = time()-$time; //XXX: check timezone issues.
function get($field, $default=false) {
// Autoload config if not loaded already
if (!isset($this->_config))
$this->getConfig();
if (isset($this->_config[$field]))
return $this->_config[$field];
return parent::get($field, $default);
}
function getConfig() {
if (!isset($this->_config) && $this->getId()) {
$_config = new Config('staff.'.$this->getId(),
// Defaults
array(
'default_from_name' => '',
'datetime_format' => '',
'thread_view_order' => '',
));
$this->_config = $_config->getInfo();
}
return $this->_config;
}
function __toString() {
return (string) $this->getName();
}
static function getVarScope() {
return array(
'dept' => array('class' => 'Dept', 'desc' => __('Department')),
'email' => __('Email Address'),
'class' => 'PersonsName', 'desc' => __('Agent name'),
'mobile' => __('Mobile Number'),
'phone' => __('Phone Number'),
'signature' => __('Signature'),
'timezone' => "Agent's configured timezone",
'username' => 'Access username',
function getVar($tag) {
switch ($tag) {
case 'mobile':
return Format::phone($this->ht['mobile']);
case 'phone':
return Format::phone($this->ht['phone']);
}
}
unset($base['teams']);
if ($this->getConfig())
$base += $this->getConfig();
// AuthenticatedUser implementation...
// TODO: Move to an abstract class that extends Staff
return 'staff';
}
function getAuthBackend() {
list($bk, ) = explode(':', $this->getAuthKey());
// If administering a user other than yourself, fallback to the
// agent's declared backend, if any
if (!$bk && $this->backend)
$bk = $this->backend;
return StaffAuthenticationBackend::getBackend($bk);
function setAuthKey($key) {
$this->authkey = $key;
}
function getAuthKey() {
return $this->authkey;
}
// logOut the user
function logOut() {
if ($bk = $this->getAuthBackend())
return $bk->signOut($this);
return false;
}
function check_passwd($password, $autoupdate=true) {
if(Passwd::cmp($password, $this->getPasswd()))
//Fall back to MD5
if(!$password || strcmp($this->getPasswd(), MD5($password)))
return false;
//Password is a MD5 hash: rehash it (if enabled) otherwise force passwd change.
function cmp_passwd($password) {
return $this->check_passwd($password, false);
function hasPassword() {
return ($cfg && $cfg->getPasswdResetPeriod()
&& $this->passwd_change>($cfg->getPasswdResetPeriod()*30*24*60*60));
function setPassword($new, $current=false) {
// Allow the backend to update the password. This is the preferred
// method as it allows for integration with password policies and
// also allows for remotely updating the password where possible and
// supported.
if (!($bk = $this->getAuthBackend())
|| !$bk instanceof AuthBackend
) {
// Fallback to osTicket authentication token udpates
$bk = new osTicketAuthentication();
}
// And now for the magic
if (!$bk->supportsPasswordChange()) {
throw new PasswordUpdateFailed(
__('Authentication backend does not support password updates'));
}
// Backend should throw PasswordUpdateFailed directly
$rv = $bk->setPassword($this, $new, $current);
// Successfully updated authentication tokens
$this->change_passwd = 0;
$this->cancelResetTokens();
$this->passwdreset = SqlFunction::NOW();
function canAccess($something) {
if ($something instanceof RestrictedAccess)
return $something->checkStaffPerm($this);
return true;
}
function isPasswdChangeDue() {
return $this->isPasswdResetDue();
}
function getUserId() {
return $this->getId();
}
function getAvatar($size=null) {
global $cfg;
$source = $cfg->getStaffAvatarSource();
$avatar = $source->getAvatar($this);
if (isset($size))
$avatar->setSize($size);
return $avatar;
return new AgentsName(array('first' => $this->ht['firstname'], 'last' => $this->ht['lastname']));
function getAvatarAndName() {
return $this->getAvatar().Format::htmlchars((string) $this->getName());
}
}
function getDefaultSignatureType() {
function getReplyFromNameType() {
return $this->default_from_name;
}
// TODO: Cache this in the agent's session as it is unlikely to
// change while logged in
if (!isset($this->departments)) {
// Departments the staff is "allowed" to access...
// based on the group they belong to + user's primary dept + user's managed depts.
$sql='SELECT DISTINCT d.id FROM '.STAFF_TABLE.' s '
.' LEFT JOIN '.STAFF_DEPT_TABLE.' g ON (s.staff_id=g.staff_id) '
.' INNER JOIN '.DEPT_TABLE.' d ON (LOCATE(CONCAT("/", s.dept_id, "/"), d.path) OR d.manager_id=s.staff_id OR LOCATE(CONCAT("/", g.dept_id, "/"), d.path)) '
.' WHERE s.staff_id='.db_input($this->getId());
$depts = array();
if (($res=db_query($sql)) && db_num_rows($res)) {
while(list($id)=db_fetch_row($res))
$depts[] = $id;
}
/* ORM method — about 2.0ms slower
$q = Q::any(array(
'path__contains' => '/'.$this->dept_id.'/',
'manager_id' => $this->getId(),
));
// Add in extended access
foreach ($this->dept_access->depts->values_flat('dept_id') as $row) {
// Skip primary dept
if ($row[0] == $this->dept_id)
continue;
$q->add(new Q(array('path__contains'=>'/'.$row[0].'/')));
}
$dept_ids = Dept::objects()
->filter($q)
->distinct('id')
foreach ($dept_ids as $row)
$depts[] = $row[0];
*/
function getManagedDepartments() {
return ($depts=Dept::getDepartments(
array('manager' => $this->getId())
))?array_keys($depts):array();
}
function setDepartmentId($dept_id, $eavesdrop=false) {
// Grant access to the current department
$old = $this->dept_id;
if ($eavesdrop) {
$da = StaffDeptAccess::create(array(
'dept_id' => $old,
'role_id' => $this->role_id,
));
$da->setAlerts(true);
$this->dept_access->add($da);
}
// Drop extended access to new department
$this->dept_id = $dept_id;
if ($da = $this->dept_access->findFirst(array(
'dept_id' => $dept_id))
) {
$this->dept_access->remove($da);
}
}
function usePrimaryRoleOnAssignment() {
return $this->getExtraAttr('def_assn_role', true);
}
return (isset($this->lang)) ? $this->lang : false;
if (isset($this->timezone))
return $this->timezone;
}
function getLocale() {
//XXX: isset is required here to avoid possible crash when upgrading
// installation where locale column doesn't exist yet.
return isset($this->locale) ? $this->locale : 0;
function getRole($dept=null) {
$deptId = is_object($dept) ? $dept->getId() : $dept;
if ($deptId && $deptId != $this->dept_id) {
if (isset($this->_roles[$deptId]))
return $this->_roles[$deptId];
if ($access = $this->dept_access->findFirst(array('dept_id' => $deptId)))
return $this->_roles[$deptId] = $access->role;
if (!$this->usePrimaryRoleOnAssignment())
// View only access
return new Role(array());
// Fall through to primary role
// For the primary department, use the primary role
return $this->role;
function hasPerm($perm, $global=true) {
if ($global)
return $this->getPermission()->has($perm);
if ($this->getRole()->hasPerm($perm))
return true;
foreach ($this->dept_access as $da)
if ($da->role->hasPerm($perm))
return true;
return false;
}
function canManageTickets() {
return $this->hasPerm(TicketModel::PERM_DELETE, false)
|| $this->hasPerm(TicketModel::PERM_TRANSFER, false)
|| $this->hasPerm(TicketModel::PERM_ASSIGN, false)
|| $this->hasPerm(TicketModel::PERM_CLOSE, false);
return (($dept=$this->getDept()) && $dept->getManagerId()==$this->getId());
}
function isAccessLimited() {
return $this->showAssignedOnly();
}
return ($teamId && in_array($teamId, $this->getTeams()));
return ($deptId && in_array($deptId, $this->getDepts()) && !$this->isAccessLimited());
function showAssignedTickets() {
return $this->show_assigned_tickets;
}
if (!isset($this->_teams)) {
$this->_teams = array();
foreach ($this->teams as $team)
$this->_teams[] = $team->team_id;
}
/* stats */
function resetStats() {
$this->stats = array();
}
/* returns staff's quick stats - used on nav menu...etc && warnings */
function getTicketsStats() {
if(!$this->stats['tickets'])
$this->stats['tickets'] = Ticket::getStaffStats($this);
return $this->stats['tickets'];
}
function getNumAssignedTickets() {
return ($stats=$this->getTicketsStats())?$stats['assigned']:0;
}
function getNumClosedTickets() {
return ($stats=$this->getTicketsStats())?$stats['closed']:0;
}
function getTasksStats() {
if (!$this->stats['tasks'])
$this->stats['tasks'] = Task::getStaffStats($this);
return $this->stats['tasks'];
}
function getNumAssignedTasks() {
return ($stats=$this->getTasksStats()) ? $stats['assigned'] : 0;
}
function getNumClosedTasks() {
return ($stats=$this->getTasksStats()) ? $stats['closed'] : 0;
}
function getExtraAttr($attr=false, $default=null) {
if (!isset($this->_extra) && isset($this->extra))
$this->_extra = JsonDataParser::decode($this->extra);
return $attr
? (isset($this->_extra[$attr]) ? $this->_extra[$attr] : $default)
: $this->_extra;
}
function setExtraAttr($attr, $value, $commit=true) {
$this->getExtraAttr();
$this->extra = JsonDataEncoder::encode($this->_extra);
function getPermission() {
if (!isset($this->_perm)) {
$this->_perm = new RolePermission($this->permissions);
}
return $this->_perm;
}
function getPermissionInfo() {
return $this->getPermission()->getInfo();
}
function onLogin($bk) {
// Update last apparent language preference
$this->setExtraAttr('browser_lang',
Internationalization::getCurrentLanguage(),
false);
$this->lastlogin = SqlFunction::NOW();
$this->save();
//Staff profile update...unfortunately we have to separate it from admin update to avoid potential issues
function updateProfile($vars, &$errors) {
$vars['firstname']=Format::striptags($vars['firstname']);
$vars['lastname']=Format::striptags($vars['lastname']);
if (isset($this->staff_id) && $this->getId() != $vars['id'])
$errors['err']=__('Internal error occurred');
$errors['firstname']=__('First name is required');
$errors['lastname']=__('Last name is required');
if(!$vars['email'] || !Validator::is_valid_email($vars['email']))
$errors['email']=__('Valid email is required');
$errors['email']=__('Already in-use as system email');
elseif (($uid=static::getIdByEmail($vars['email']))
&& (!isset($this->staff_id) || $uid!=$this->getId()))
$errors['email']=__('Email already in-use by another agent');
if($vars['phone'] && !Validator::is_phone($vars['phone']))
$errors['phone']=__('Valid phone number is required');
if($vars['mobile'] && !Validator::is_phone($vars['mobile']))
$errors['mobile']=__('Valid phone number is required');
if($vars['default_signature_type']=='mine' && !$vars['signature'])
$errors['default_signature_type'] = __("You don't have a signature");
// Update the user's password if requested
if ($vars['passwd1']) {
try {
$this->setPassword($vars['passwd1'], $vars['cpasswd']);
}
catch (BadPassword $ex) {
$errors['passwd1'] = $ex->getMessage();
}
catch (PasswordUpdateFailed $ex) {
// TODO: Add a warning banner or crash the update
}
}
$this->firstname = $vars['firstname'];
$this->lastname = $vars['lastname'];
$this->email = $vars['email'];
$this->phone = Format::phone($vars['phone']);
$this->phone_ext = $vars['phone_ext'];
$this->mobile = Format::phone($vars['mobile']);
$this->signature = Format::sanitize($vars['signature']);
$this->timezone = $vars['timezone'];
$this->locale = $vars['locale'];
if (!$cfg->showAssignedTickets())
// Allow local unsetting if unset globally
$this->show_assigned_tickets = isset($vars['show_assigned_tickets']) ? 1 : 0;
$this->max_page_size = $vars['max_page_size'];
$this->auto_refresh_rate = $vars['auto_refresh_rate'];
$this->default_signature_type = $vars['default_signature_type'];
$this->default_paper_size = $vars['default_paper_size'];
$this->lang = $vars['lang'];
$this->onvacation = isset($vars['onvacation']) ? 1 : 0;
if (isset($vars['avatar_code']))
$this->setExtraAttr('avatar', $vars['avatar_code']);
if ($errors)
return false;
$_SESSION['::lang'] = null;
TextDomain::configureForUser($this);
// Update the config information
$_config = new Config('staff.'.$this->getId());
$_config->updateAll(array(
'datetime_format' => $vars['datetime_format'],
'default_from_name' => $vars['default_from_name'],
'thread_view_order' => $vars['thread_view_order'],
)
);
$this->_config = $_config->getInfo();
function updateTeams($membership, &$errors) {
$dropped = array();
foreach ($this->teams as $TM)
$dropped[$TM->team_id] = 1;
reset($membership);
while(list(, list($team_id, $alerts)) = each($membership)) {
$member = $this->teams->findFirst(array('team_id' => $team_id));
if (!$member) {
$this->teams->add($member = TeamMember::create(array(
'team_id' => $team_id,
)));
$member->setAlerts($alerts);
if (!$errors)
$member->save();
unset($dropped[$member->team_id]);
}
if (!$errors && $dropped) {
$member = $this->teams
->filter(array('team_id__in' => array_keys($dropped)))
$this->teams->reset();
if (!$thisstaff || $this->getId() == $thisstaff->getId())
// DO SOME HOUSE CLEANING
//Move remove any ticket assignments...TODO: send alert to Dept. manager?
Ticket::objects()
->filter(array('staff_id' => $this->getId()))
->update(array('staff_id' => 0));
//Update the poster and clear staff_id on ticket thread table.
ThreadEntry::objects()
->filter(array('staff_id' => $this->getId()))
->update(array(
'staff_id' => 0,
'poster' => $this->getName()->getOriginal(),
));
TeamMember::objects()
->filter(array('staff_id'=>$this->getId()))
->delete();
// Cleanup staff dept access
StaffDeptAccess::objects()
->filter(array('staff_id'=>$this->getId()))
->delete();
static function lookup($var) {
if (is_array($var))
return parent::lookup($var);
elseif (is_numeric($var))
return parent::lookup(array('staff_id'=>$var));
elseif (Validator::is_email($var))
return parent::lookup(array('email'=>$var));
elseif (is_string($var))
return parent::lookup(array('username'=>$var));
else
return null;
}
$members = static::objects();
$members = $members->filter(array(
'onvacation' => 0,
'isactive' => 1,
));
switch ($cfg->getAgentNameFormat()) {
case 'last':
case 'lastfirst':
case 'legal':
$members->order_by('lastname', 'firstname');
break;
default:
$members->order_by('firstname', 'lastname');
static function getAvailableStaffMembers() {
static function getIdByUsername($username) {
$row = static::objects()->filter(array('username' => $username))
->values_flat('staff_id')->first();
return $row ? $row[0] : 0;
static function getIdByEmail($email) {
$row = static::objects()->filter(array('email' => $email))
->values_flat('staff_id')->first();
return $row ? $row[0] : 0;
static function create($vars=false) {
$staff = parent::create($vars);
$staff->created = SqlFunction::NOW();
return $staff;
function cancelResetTokens() {
// TODO: Drop password-reset tokens from the config table for
// this user id
$sql = 'DELETE FROM '.CONFIG_TABLE.' WHERE `namespace`="pwreset"
AND `value`='.db_input($this->getId());
unset($_SESSION['_staff']['reset-token']);
}
function sendResetEmail($template='pwreset-staff', $log=true) {
$content = Page::lookupByType($template);
$token = Misc::randCode(48); // 290-bits
return new BaseError(/* @trans */ 'Unable to retrieve password reset email template');
'url' => $ost->getConfig()->getBaseUrl(),
'token' => $token,
'reset_link' => sprintf(
"%s/scp/pwreset.php?token=%s",
$ost->getConfig()->getBaseUrl(),
$token),
$vars['link'] = &$vars['reset_link'];
if (!($email = $cfg->getAlertEmail()))
$email = $cfg->getDefaultEmail();
$info = array('email' => $email, 'vars' => &$vars, 'log'=>$log);
Signal::send('auth.pwreset.email', $this, $info);
$ost->logWarning(_S('Agent Password Reset'), sprintf(
_S('Password reset was attempted for agent: %1$s<br><br>
Requested-User-Id: %2$s<br>
Source-Ip: %3$s<br>
Email-Sent-To: %4$s<br>
Email-Sent-Via: %5$s'),
$this->getName(),
$_POST['userid'],
$_SERVER['REMOTE_ADDR'],
$this->getEmail(),
$email->getEmail()
), false);
$lang = $this->lang ?: $this->getExtraAttr('browser_lang');
$msg = $ost->replaceTemplateVariables(array(
'subj' => $content->getLocalName($lang),
'body' => $content->getLocalBody($lang),
$_config = new Config('pwreset');
$_config->set($vars['token'], $this->getId());
$email->send($this->getEmail(), Format::striptags($msg['subj']),
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
static function importCsv($stream, $defaults=array(), $callback=false) {
require_once INCLUDE_DIR . 'class.import.php';
$importer = new CsvImporter($stream);
$imported = 0;
$fields = array(
'firstname' => new TextboxField(array(
'label' => __('First name'),
)),
'lastname' => new TextboxField(array(
'label' => __('Last name'),
)),
'email' => new TextboxField(array(
'label' => __('Email Address'),
'configuration' => array(
'validator' => 'email',
),
)),
'username' => new TextboxField(array(
'label' => __('Username'),
'validators' => function($self, $value) {
if (!Validator::is_username($value))
$self->addError('Not a valid username');
},
)),
);
$form = new SimpleForm($fields);
try {
db_autocommit(false);
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
$records = $importer->importCsv($form->getFields(), $defaults);
foreach ($records as $data) {
if (!isset($data['email']) || !isset($data['username']))
throw new ImportError('Both `username` and `email` fields are required');
if ($agent = self::lookup(array('username' => $data['username']))) {
// TODO: Update the user
}
elseif ($agent = self::create($data, $errors)) {
if ($callback)
$callback($agent, $data);
$agent->save();
}
else {
throw new ImportError(sprintf(__('Unable to import (%s): %s'),
$data['username'],
print_r($errors, true)
));
}
$imported++;
}
db_autocommit(true);
}
catch (Exception $ex) {
db_rollback();
return $ex->getMessage();
}
return $imported;
}
function save($refetch=false) {
if ($this->dirty)
$this->updated = SqlFunction::NOW();
return parent::save($refetch || $this->dirty);
}
function update($vars, &$errors) {
$vars['username']=Format::striptags($vars['username']);
$vars['firstname']=Format::striptags($vars['firstname']);
$vars['lastname']=Format::striptags($vars['lastname']);
if (isset($this->staff_id) && $this->getId() != $vars['id'])
$errors['err']=__('Internal Error');
$errors['firstname']=__('First name required');
$errors['lastname']=__('Last name required');
$error = '';
if(!$vars['username'] || !Validator::is_username($vars['username'], $error))
$errors['username']=($error) ? $error : __('Username is required');
elseif (($uid=static::getIdByUsername($vars['username']))
&& (!isset($this->staff_id) || $uid!=$this->getId()))
$errors['username']=__('Username already in use');
if(!$vars['email'] || !Validator::is_valid_email($vars['email']))
$errors['email']=__('Valid email is required');
$errors['email']=__('Already in use system email');
elseif (($uid=static::getIdByEmail($vars['email']))
&& (!isset($this->staff_id) || $uid!=$this->getId()))
$errors['email']=__('Email already in use by another agent');
if($vars['phone'] && !Validator::is_phone($vars['phone']))
$errors['phone']=__('Valid phone number is required');
if($vars['mobile'] && !Validator::is_phone($vars['mobile']))
$errors['mobile']=__('Valid phone number is required');
$errors['dept_id']=__('Department is required');
if(!$vars['role_id'])
$errors['role_id']=__('Role for primary department is required');
// Ensure we will still have an administrator with access
if ($vars['isadmin'] !== '1' || $vars['islocked'] === '1') {
$sql = 'select count(*), max(staff_id) from '.STAFF_TABLE
.' WHERE isadmin=1 and isactive=1';
if (($res = db_query($sql))
&& (list($count, $sid) = db_fetch_row($res))) {
if ($count == 1 && $sid == $uid) {
$errors['isadmin'] = __(
'Cowardly refusing to remove or lock out the only active administrator'
);
}
}
}
// Format access update as [array(dept_id, role_id, alerts?)]
$access = array();
if (isset($vars['dept_access'])) {
foreach (@$vars['dept_access'] as $dept_id) {
$access[] = array($dept_id, $vars['dept_access_role'][$dept_id],
@$vars['dept_access_alerts'][$dept_id]);
}
}
$this->updateAccess($access, $errors);
$this->setExtraAttr('def_assn_role',
isset($vars['assign_use_pri_role']), false);
// Format team membership as [array(team_id, alerts?)]
$teams = array();
if (isset($vars['teams'])) {
foreach (@$vars['teams'] as $team_id) {
$teams[] = array($team_id, @$vars['team_alerts'][$team_id]);
}
}
$this->updateTeams($teams, $errors);
// Update the local permissions
$this->updatePerms($vars['perms'], $errors);
$this->isvisible = isset($vars['isvisible'])?1:0;
$this->onvacation = isset($vars['onvacation'])?1:0;
$this->assigned_only = isset($vars['assigned_only'])?1:0;
$this->role_id = $vars['role_id'];
$this->username = $vars['username'];
$this->firstname = $vars['firstname'];
$this->lastname = $vars['lastname'];
$this->email = $vars['email'];
$this->backend = $vars['backend'];
$this->phone = Format::phone($vars['phone']);
$this->phone_ext = $vars['phone_ext'];
$this->mobile = Format::phone($vars['mobile']);
$this->notes = Format::sanitize($vars['notes']);
$this->sendResetEmail('registration-staff', false);
$errors['err']=sprintf(__('Unable to update %s.'), __('this agent'))
.' '.__('Internal error occurred');
$errors['err']=sprintf(__('Unable to create %s.'), __('this agent'))
.' '.__('Internal error occurred');
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
/**
* Parameters:
* $access - (<array($dept_id, $role_id, $alerts)>) a list of the complete,
* extended access for this agent. Any the agent currently has, which
* is not listed will be removed.
* $errors - (<array>) list of error messages from the process, which will
* be indexed by the dept_id number.
*/
function updateAccess($access, &$errors) {
reset($access);
$dropped = array();
foreach ($this->dept_access as $DA)
$dropped[$DA->dept_id] = 1;
while (list(, list($dept_id, $role_id, $alerts)) = each($access)) {
unset($dropped[$dept_id]);
if (!$role_id || !Role::lookup($role_id))
$errors['dept_access'][$dept_id] = __('Select a valid role');
if (!$dept_id || !Dept::lookup($dept_id))
$errors['dept_access'][$dept_id] = __('Select a valid departent');
if ($dept_id == $this->getDeptId())
$errors['dept_access'][$dept_id] = __('Agent already has access to this department');
$da = $this->dept_access->findFirst(array('dept_id' => $dept_id));
if (!isset($da)) {
$da = StaffDeptAccess::create(array(
'dept_id' => $dept_id, 'role_id' => $role_id
));
$this->dept_access->add($da);
}
else {
$da->role_id = $role_id;
}
$da->setAlerts($alerts);
if (!$errors)
$da->save();
}
if (!$errors && $dropped) {
$this->dept_access
->filter(array('dept_id__in' => array_keys($dropped)))
->delete();
$this->dept_access->reset();
}
if (!$vars) {
$this->permissions = '';
return;
}
foreach (RolePermission::allPermissions() as $g => $perms) {
foreach ($perms as $k => $v) {
$permissions->set($k, in_array($k, $vars) ? 1 : 0);
}
}
$this->permissions = $permissions->toJson();
interface RestrictedAccess {
function checkStaffPerm($staff);
}
class StaffDeptAccess extends VerySimpleModel {
static $meta = array(
'table' => STAFF_DEPT_TABLE,
'pk' => array('staff_id', 'dept_id'),
'select_related' => array('dept', 'role'),
'joins' => array(
'dept' => array(
'constraint' => array('dept_id' => 'Dept.id'),
// FIXME: The ORM needs a way to support
// staff__dept_access__dept performing a LEFT join b/c
// staff__dept_access is LEFT
'null' => true,
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
),
'staff' => array(
'constraint' => array('staff_id' => 'Staff.staff_id'),
),
'role' => array(
'constraint' => array('role_id' => 'Role.id'),
),
),
);
const FLAG_ALERTS = 0x0001;
function isAlertsEnabled() {
return $this->flags & self::FLAG_ALERTS != 0;
}
function setFlag($flag, $value) {
if ($value)
$this->flags |= $flag;
else
$this->flags &= ~$flag;
}
function setAlerts($value) {
$this->setFlag(self::FLAG_ALERTS, $value);
}
}
/**
* This form is used to administratively change the password. The
* ChangePasswordForm is used for an agent to change their own password.
*/
class PasswordResetForm
extends AbstractForm {
function buildFields() {
return array(
'welcome_email' => new BooleanField(array(
'default' => true,
'configuration' => array(
'desc' => __('Send the agent a password reset email'),
),
)),
'passwd1' => new PasswordField(array(
'placeholder' => __('New Password'),
'required' => true,
'configuration' => array(
'classes' => 'span12',
),
'visibility' => new VisibilityConstraint(
new Q(array('welcome_email' => false)),
VisibilityConstraint::HIDDEN
),
)),
'passwd2' => new PasswordField(array(
'placeholder' => __('Confirm Password'),
'required' => true,
'configuration' => array(
'classes' => 'span12',
),
'visibility' => new VisibilityConstraint(
new Q(array('welcome_email' => false)),
VisibilityConstraint::HIDDEN
),
)),
'change_passwd' => new BooleanField(array(
'configuration' => array(
'desc' => __('Require password change at next login'),
'classes' => 'form footer',
),
'visibility' => new VisibilityConstraint(
new Q(array('welcome_email' => false)),
VisibilityConstraint::HIDDEN
),
)),
);
}
function validate($clean) {
if ($clean['passwd1'] != $clean['passwd2'])
$this->getField('passwd1')->addError(__('Passwords do not match'));
}
class PasswordChangeForm
extends AbstractForm {
function buildFields() {
'current' => new PasswordField(array(
'placeholder' => __('Current Password'),
'required' => true,
'configuration' => array(
'autofocus' => true,
),
)),
'passwd1' => new PasswordField(array(
'label' => __('Enter a new password'),
'placeholder' => __('New Password'),
'required' => true,
)),
'passwd2' => new PasswordField(array(
'placeholder' => __('Confirm Password'),
'required' => true,
)),
);
// When using the password reset system, the current password is not
// required for agents.
if (isset($_SESSION['_staff']['reset-token'])) {
unset($fields['current']);
$fields['passwd1']->set('configuration', array('autofocus' => true));
}
else {
$fields['passwd1']->set('layout',
new GridFluidCell(12, array('style' => 'padding-top: 20px'))
);
}
return $fields;
}
function getInstructions() {
return __('Confirm your current password and enter a new password to continue');
}
function validate($clean) {
if ($clean['passwd1'] != $clean['passwd2'])
$this->getField('passwd1')->addError(__('Passwords do not match'));
class ResetAgentPermissionsForm
extends AbstractForm {
function buildFields() {
$permissions = array();
foreach (RolePermission::allPermissions() as $g => $perms) {
foreach ($perms as $k => $v) {
if (!$v['primary'])
continue;
$permissions[$g][$k] = "{$v['title']} — {$v['desc']}";
}
}
return array(
'clone' => new ChoiceField(array(
'default' => 0,
'choices' =>
array(0 => '— '.__('Clone an existing agent').' —')
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
+ Staff::getStaffMembers(),
'configuration' => array(
'classes' => 'span12',
),
)),
'perms' => new ChoiceField(array(
'choices' => $permissions,
'widget' => 'TabbedBoxChoicesWidget',
'configuration' => array(
'multiple' => true,
),
)),
);
}
function getClean() {
$clean = parent::getClean();
// Index permissions as ['ticket.edit' => 1]
$clean['perms'] = array_keys($clean['perms']);
return $clean;
}
function render($staff=true, $title=false, $options=array()) {
return parent::render($staff, $title, $options + array('template' => 'dynamic-form-simple.tmpl.php'));
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
}
}
class ChangeDepartmentForm
extends AbstractForm {
function buildFields() {
return array(
'dept_id' => new ChoiceField(array(
'default' => 0,
'required' => true,
'label' => __('Primary Department'),
'choices' =>
array(0 => '— '.__('Primary Department').' —')
+ Dept::getDepartments(),
'configuration' => array(
'classes' => 'span12',
),
)),
'role_id' => new ChoiceField(array(
'default' => 0,
'required' => true,
'label' => __('Primary Role'),
'choices' =>
array(0 => '— '.__('Corresponding Role').' —')
+ Role::getRoles(),
'configuration' => array(
'classes' => 'span12',
),
)),
'eavesdrop' => new BooleanField(array(
'configuration' => array(
'desc' => __('Maintain access to current primary department'),
'classes' => 'form footer',
),
)),
// alerts?
);
}
function getInstructions() {
return __('Change the primary department and primary role of the selected agents');
}
function getClean() {
$clean = parent::getClean();
$clean['eavesdrop'] = $clean['eavesdrop'] ? 1 : 0;
return $clean;
}
function render($staff=true, $title=false, $options=array()) {
return parent::render($staff, $title, $options + array('template' => 'dynamic-form-simple.tmpl.php'));
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
class StaffQuickAddForm
extends AbstractForm {
static $layout = 'GridFormLayout';
function buildFields() {
global $cfg;
return array(
'firstname' => new TextboxField(array(
'required' => true,
'configuration' => array(
'placeholder' => __("First Name"),
'autofocus' => true,
),
'layout' => new GridFluidCell(6),
)),
'lastname' => new TextboxField(array(
'required' => true,
'configuration' => array(
'placeholder' => __("Last Name"),
),
'layout' => new GridFluidCell(6),
)),
'email' => new TextboxField(array(
'required' => true,
'configuration' => array(
'validator' => 'email',
'placeholder' => __('Email Address — e.g. me@mycompany.com'),
'length' => 128,
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
),
)),
'dept_id' => new ChoiceField(array(
'label' => __('Department'),
'required' => true,
'choices' => Dept::getDepartments(),
'default' => $cfg->getDefaultDeptId(),
'layout' => new GridFluidCell(6),
)),
'role_id' => new ChoiceField(array(
'label' => __('Primary Role'),
'required' => true,
'choices' =>
array(0 => __('Select Role'))
+ Role::getRoles(),
'layout' => new GridFluidCell(6),
)),
'isadmin' => new BooleanField(array(
'label' => __('Account Type'),
'configuration' => array(
'desc' => __('Agent has access to the admin panel'),
),
'layout' => new GridFluidCell(6),
)),
'welcome_email' => new BooleanField(array(
'configuration' => array(
'desc' => __('Send a welcome email with login information'),
),
'default' => true,
'layout' => new GridFluidCell(12, array('style' => 'padding-top: 50px')),
)),
'passwd1' => new PasswordField(array(
'required' => true,
'configuration' => array(
'placeholder' => __("Temporary Password"),
),
'visibility' => new VisibilityConstraint(
new Q(array('welcome_email' => false))
),
'layout' => new GridFluidCell(6),
)),
'passwd2' => new PasswordField(array(
'required' => true,
'configuration' => array(
'placeholder' => __("Confirm Password"),
),
'visibility' => new VisibilityConstraint(
new Q(array('welcome_email' => false))
),
'layout' => new GridFluidCell(6),
)),
// TODO: Add role_id drop-down
);
}
function getClean() {
$clean = parent::getClean();
list($clean['username'],) = preg_split('/[^\w.-]/u', $clean['email'], 2);
if (mb_strlen($clean['username']) < 3 || Staff::lookup($clean['username']))
$clean['username'] = mb_strtolower($clean['firstname']);
$clean['perms'] = array(
User::PERM_CREATE,
User::PERM_EDIT,
User::PERM_DELETE,
User::PERM_MANAGE,
User::PERM_DIRECTORY,
Organization::PERM_CREATE,
Organization::PERM_EDIT,
Organization::PERM_DELETE,
FAQ::PERM_MANAGE,
);