Newer
Older
if (($res = db_query($sql))
&& (list($count, $sid) = db_fetch_row($res))) {
if ($count == 1 && $sid == $uid) {
$errors['isadmin'] = __(
'Cowardly refusing to remove or lock out the only active administrator'
);
}
}
}
// Format access update as [array(dept_id, role_id, alerts?)]
$access = array();
if (isset($vars['dept_access'])) {
foreach (@$vars['dept_access'] as $dept_id) {
$access[] = array($dept_id, $vars['dept_access_role'][$dept_id],
@$vars['dept_access_alerts'][$dept_id]);
}
}
$this->updateAccess($access, $errors);
$this->setExtraAttr('def_assn_role',
isset($vars['assign_use_pri_role']), false);
// Format team membership as [array(team_id, alerts?)]
$teams = array();
if (isset($vars['teams'])) {
foreach (@$vars['teams'] as $team_id) {
$teams[] = array($team_id, @$vars['team_alerts'][$team_id]);
}
}
$this->updateTeams($teams, $errors);
// Update the local permissions
$this->updatePerms($vars['perms'], $errors);
$this->isvisible = isset($vars['isvisible'])?1:0;
$this->onvacation = isset($vars['onvacation'])?1:0;
$this->assigned_only = isset($vars['assigned_only'])?1:0;
$this->role_id = $vars['role_id'];
$this->username = $vars['username'];
$this->firstname = $vars['firstname'];
$this->lastname = $vars['lastname'];
$this->email = $vars['email'];
$this->backend = $vars['backend'];
$this->phone = Format::phone($vars['phone']);
$this->phone_ext = $vars['phone_ext'];
$this->mobile = Format::phone($vars['mobile']);
$this->notes = Format::sanitize($vars['notes']);
$this->sendResetEmail('registration-staff', false);
$errors['err']=sprintf(__('Unable to update %s.'), __('this agent'))
.' '.__('Internal error occurred');
$errors['err']=sprintf(__('Unable to create %s.'), __('this agent'))
.' '.__('Internal error occurred');
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
/**
* Parameters:
* $access - (<array($dept_id, $role_id, $alerts)>) a list of the complete,
* extended access for this agent. Any the agent currently has, which
* is not listed will be removed.
* $errors - (<array>) list of error messages from the process, which will
* be indexed by the dept_id number.
*/
function updateAccess($access, &$errors) {
reset($access);
$dropped = array();
foreach ($this->dept_access as $DA)
$dropped[$DA->dept_id] = 1;
while (list(, list($dept_id, $role_id, $alerts)) = each($access)) {
unset($dropped[$dept_id]);
if (!$role_id || !Role::lookup($role_id))
$errors['dept_access'][$dept_id] = __('Select a valid role');
if (!$dept_id || !Dept::lookup($dept_id))
$errors['dept_access'][$dept_id] = __('Select a valid departent');
if ($dept_id == $this->getDeptId())
$errors['dept_access'][$dept_id] = __('Agent already has access to this department');
$da = $this->dept_access->findFirst(array('dept_id' => $dept_id));
if (!isset($da)) {
$da = StaffDeptAccess::create(array(
'dept_id' => $dept_id, 'role_id' => $role_id
));
$this->dept_access->add($da);
}
else {
$da->role_id = $role_id;
}
$da->setAlerts($alerts);
if (!$errors)
$da->save();
}
if (!$errors && $dropped) {
$this->dept_access
->filter(array('dept_id__in' => array_keys($dropped)))
->delete();
$this->dept_access->reset();
}
if (!$vars) {
$this->permissions = '';
return;
}
foreach (RolePermission::allPermissions() as $g => $perms) {
foreach ($perms as $k => $v) {
$permissions->set($k, in_array($k, $vars) ? 1 : 0);
}
}
$this->permissions = $permissions->toJson();
interface RestrictedAccess {
function checkStaffPerm($staff);
}
class StaffDeptAccess extends VerySimpleModel {
static $meta = array(
'table' => STAFF_DEPT_TABLE,
'pk' => array('staff_id', 'dept_id'),
'select_related' => array('dept', 'role'),
'joins' => array(
'dept' => array(
'constraint' => array('dept_id' => 'Dept.id'),
// FIXME: The ORM needs a way to support
// staff__dept_access__dept performing a LEFT join b/c
// staff__dept_access is LEFT
'null' => true,
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
),
'staff' => array(
'constraint' => array('staff_id' => 'Staff.staff_id'),
),
'role' => array(
'constraint' => array('role_id' => 'Role.id'),
),
),
);
const FLAG_ALERTS = 0x0001;
function isAlertsEnabled() {
return $this->flags & self::FLAG_ALERTS != 0;
}
function setFlag($flag, $value) {
if ($value)
$this->flags |= $flag;
else
$this->flags &= ~$flag;
}
function setAlerts($value) {
$this->setFlag(self::FLAG_ALERTS, $value);
}
}
/**
* This form is used to administratively change the password. The
* ChangePasswordForm is used for an agent to change their own password.
*/
class PasswordResetForm
extends AbstractForm {
function buildFields() {
return array(
'welcome_email' => new BooleanField(array(
'default' => true,
'configuration' => array(
'desc' => __('Send the agent a password reset email'),
),
)),
'passwd1' => new PasswordField(array(
'placeholder' => __('New Password'),
'required' => true,
'configuration' => array(
'classes' => 'span12',
),
'visibility' => new VisibilityConstraint(
new Q(array('welcome_email' => false)),
VisibilityConstraint::HIDDEN
),
)),
'passwd2' => new PasswordField(array(
'placeholder' => __('Confirm Password'),
'required' => true,
'configuration' => array(
'classes' => 'span12',
),
'visibility' => new VisibilityConstraint(
new Q(array('welcome_email' => false)),
VisibilityConstraint::HIDDEN
),
)),
'change_passwd' => new BooleanField(array(
'configuration' => array(
'desc' => __('Require password change at next login'),
'classes' => 'form footer',
),
'visibility' => new VisibilityConstraint(
new Q(array('welcome_email' => false)),
VisibilityConstraint::HIDDEN
),
)),
);
}
function validate($clean) {
if ($clean['passwd1'] != $clean['passwd2'])
$this->getField('passwd1')->addError(__('Passwords do not match'));
}
class PasswordChangeForm
extends AbstractForm {
function buildFields() {
'current' => new PasswordField(array(
'placeholder' => __('Current Password'),
'required' => true,
'configuration' => array(
'autofocus' => true,
),
)),
'passwd1' => new PasswordField(array(
'label' => __('Enter a new password'),
'placeholder' => __('New Password'),
'required' => true,
)),
'passwd2' => new PasswordField(array(
'placeholder' => __('Confirm Password'),
'required' => true,
)),
);
// When using the password reset system, the current password is not
// required for agents.
if (isset($_SESSION['_staff']['reset-token'])) {
unset($fields['current']);
$fields['passwd1']->set('configuration', array('autofocus' => true));
}
else {
$fields['passwd1']->set('layout',
new GridFluidCell(12, array('style' => 'padding-top: 20px'))
);
}
return $fields;
}
function getInstructions() {
return __('Confirm your current password and enter a new password to continue');
}
function validate($clean) {
if ($clean['passwd1'] != $clean['passwd2'])
$this->getField('passwd1')->addError(__('Passwords do not match'));
class ResetAgentPermissionsForm
extends AbstractForm {
function buildFields() {
$permissions = array();
foreach (RolePermission::allPermissions() as $g => $perms) {
foreach ($perms as $k => $v) {
if (!$v['primary'])
continue;
$permissions[$g][$k] = "{$v['title']} — {$v['desc']}";
}
}
return array(
'clone' => new ChoiceField(array(
'default' => 0,
'choices' =>
array(0 => '— '.__('Clone an existing agent').' —')
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
+ Staff::getStaffMembers(),
'configuration' => array(
'classes' => 'span12',
),
)),
'perms' => new ChoiceField(array(
'choices' => $permissions,
'widget' => 'TabbedBoxChoicesWidget',
'configuration' => array(
'multiple' => true,
),
)),
);
}
function getClean() {
$clean = parent::getClean();
// Index permissions as ['ticket.edit' => 1]
$clean['perms'] = array_keys($clean['perms']);
return $clean;
}
function render($staff=true, $title=false, $options=array()) {
return parent::render($staff, $title, $options + array('template' => 'dynamic-form-simple.tmpl.php'));
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
}
}
class ChangeDepartmentForm
extends AbstractForm {
function buildFields() {
return array(
'dept_id' => new ChoiceField(array(
'default' => 0,
'required' => true,
'label' => __('Primary Department'),
'choices' =>
array(0 => '— '.__('Primary Department').' —')
+ Dept::getDepartments(),
'configuration' => array(
'classes' => 'span12',
),
)),
'role_id' => new ChoiceField(array(
'default' => 0,
'required' => true,
'label' => __('Primary Role'),
'choices' =>
array(0 => '— '.__('Corresponding Role').' —')
+ Role::getRoles(),
'configuration' => array(
'classes' => 'span12',
),
)),
'eavesdrop' => new BooleanField(array(
'configuration' => array(
'desc' => __('Maintain access to current primary department'),
'classes' => 'form footer',
),
)),
// alerts?
);
}
function getInstructions() {
return __('Change the primary department and primary role of the selected agents');
}
function getClean() {
$clean = parent::getClean();
$clean['eavesdrop'] = $clean['eavesdrop'] ? 1 : 0;
return $clean;
}
function render($staff=true, $title=false, $options=array()) {
return parent::render($staff, $title, $options + array('template' => 'dynamic-form-simple.tmpl.php'));
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
class StaffQuickAddForm
extends AbstractForm {
static $layout = 'GridFormLayout';
function buildFields() {
global $cfg;
return array(
'firstname' => new TextboxField(array(
'required' => true,
'configuration' => array(
'placeholder' => __("First Name"),
'autofocus' => true,
),
'layout' => new GridFluidCell(6),
)),
'lastname' => new TextboxField(array(
'required' => true,
'configuration' => array(
'placeholder' => __("Last Name"),
),
'layout' => new GridFluidCell(6),
)),
'email' => new TextboxField(array(
'required' => true,
'configuration' => array(
'validator' => 'email',
'placeholder' => __('Email Address — e.g. me@mycompany.com'),
'length' => 128,
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
),
)),
'dept_id' => new ChoiceField(array(
'label' => __('Department'),
'required' => true,
'choices' => Dept::getDepartments(),
'default' => $cfg->getDefaultDeptId(),
'layout' => new GridFluidCell(6),
)),
'role_id' => new ChoiceField(array(
'label' => __('Primary Role'),
'required' => true,
'choices' =>
array(0 => __('Select Role'))
+ Role::getRoles(),
'layout' => new GridFluidCell(6),
)),
'isadmin' => new BooleanField(array(
'label' => __('Account Type'),
'configuration' => array(
'desc' => __('Agent has access to the admin panel'),
),
'layout' => new GridFluidCell(6),
)),
'welcome_email' => new BooleanField(array(
'configuration' => array(
'desc' => __('Send a welcome email with login information'),
),
'default' => true,
'layout' => new GridFluidCell(12, array('style' => 'padding-top: 50px')),
)),
'passwd1' => new PasswordField(array(
'required' => true,
'configuration' => array(
'placeholder' => __("Temporary Password"),
),
'visibility' => new VisibilityConstraint(
new Q(array('welcome_email' => false))
),
'layout' => new GridFluidCell(6),
)),
'passwd2' => new PasswordField(array(
'required' => true,
'configuration' => array(
'placeholder' => __("Confirm Password"),
),
'visibility' => new VisibilityConstraint(
new Q(array('welcome_email' => false))
),
'layout' => new GridFluidCell(6),
)),
// TODO: Add role_id drop-down
);
}
function getClean() {
$clean = parent::getClean();
list($clean['username'],) = preg_split('/[^\w.-]/u', $clean['email'], 2);
if (mb_strlen($clean['username']) < 3 || Staff::lookup($clean['username']))
$clean['username'] = mb_strtolower($clean['firstname']);
$clean['perms'] = array(
User::PERM_CREATE,
User::PERM_EDIT,
User::PERM_DELETE,
User::PERM_MANAGE,
User::PERM_DIRECTORY,
Organization::PERM_CREATE,
Organization::PERM_EDIT,
Organization::PERM_DELETE,
FAQ::PERM_MANAGE,
);