Newer
Older
<?php
/*********************************************************************
class.staff.php
Everything about staff.
Peter Rotich <peter@osticket.com>
http://www.osticket.com
Released under the GNU General Public License WITHOUT ANY WARRANTY.
See LICENSE.TXT for details.
vim: expandtab sw=4 ts=4 sts=4:
**********************************************************************/
Peter Rotich
committed
include_once(INCLUDE_DIR.'class.ticket.php');
include_once(INCLUDE_DIR.'class.error.php');
include_once(INCLUDE_DIR.'class.user.php');
implements AuthenticatedUser, EmailContact, TemplateVariable {
static $meta = array(
'table' => STAFF_TABLE,
'pk' => array('staff_id'),
'joins' => array(
'dept' => array(
'constraint' => array('dept_id' => 'Dept.id'),
'role' => array(
'constraint' => array('role_id' => 'Role.id'),
),
'dept_access' => array(
'reverse' => 'StaffDeptAccess.staff',
// WE have to patch info here to support upgrading from old versions.
$time = null;
if (isset($this->passwdreset) && $this->passwdreset)
$time=strtotime($this->passwdreset);
elseif (isset($this->added) && $this->added)
$time=strtotime($this->added);
if ($time)
$this->passwd_change = time()-$time; //XXX: check timezone issues.
function __toString() {
return (string) $this->getName();
}
static function getVarScope() {
return array(
'dept' => array('class' => 'Dept', 'desc' => __('Department')),
'email' => __('Email Address'),
'class' => 'PersonsName', 'desc' => __('Agent name'),
'mobile' => __('Mobile Number'),
'phone' => __('Phone Number'),
'signature' => __('Signature'),
'timezone' => "Agent's configured timezone",
'username' => 'Access username',
function getVar($tag) {
switch ($tag) {
case 'mobile':
return Format::phone($this->ht['mobile']);
case 'phone':
return Format::phone($this->ht['phone']);
}
}
unset($base['teams']);
// AuthenticatedUser implementation...
// TODO: Move to an abstract class that extends Staff
return 'staff';
}
function getAuthBackend() {
list($bk, ) = explode(':', $this->getAuthKey());
// If administering a user other than yourself, fallback to the
// agent's declared backend, if any
if (!$bk && $this->backend)
$bk = $this->backend;
return StaffAuthenticationBackend::getBackend($bk);
function setAuthKey($key) {
$this->authkey = $key;
}
function getAuthKey() {
return $this->authkey;
}
// logOut the user
function logOut() {
if ($bk = $this->getAuthBackend())
return $bk->signOut($this);
return false;
}
function check_passwd($password, $autoupdate=true) {
if(Passwd::cmp($password, $this->getPasswd()))
//Fall back to MD5
if(!$password || strcmp($this->getPasswd(), MD5($password)))
return false;
//Password is a MD5 hash: rehash it (if enabled) otherwise force passwd change.
function cmp_passwd($password) {
return $this->check_passwd($password, false);
function hasPassword() {
return ($cfg && $cfg->getPasswdResetPeriod()
&& $this->passwd_change>($cfg->getPasswdResetPeriod()*30*24*60*60));
function setPassword($new, $current=false) {
// Allow the backend to update the password. This is the preferred
// method as it allows for integration with password policies and
// also allows for remotely updating the password where possible and
// supported.
if (!($bk = $this->getAuthBackend())
|| !$bk instanceof AuthBackend
) {
// Fallback to osTicket authentication token udpates
$bk = new osTicketAuthentication();
}
// And now for the magic
if (!$bk->supportsPasswordChange()) {
throw new PasswordUpdateFailed(
__('Authentication backend does not support password updates'));
}
// Backend should throw PasswordUpdateFailed directly
$rv = $bk->setPassword($this, $new, $current);
// Successfully updated authentication tokens
$this->change_passwd = 0;
$this->cancelResetTokens();
$this->passwdreset = SqlFunction::NOW();
function canAccess($something) {
if ($something instanceof RestrictedAccess)
return $something->checkStaffPerm($this);
return true;
}
function isPasswdChangeDue() {
return $this->isPasswdResetDue();
}
function getUserId() {
return $this->getId();
}
function getAvatar($size=null) {
global $cfg;
$source = $cfg->getStaffAvatarSource();
$avatar = $source->getAvatar($this);
if (isset($size))
$avatar->setSize($size);
return $avatar;
return new AgentsName(array('first' => $this->ht['firstname'], 'last' => $this->ht['lastname']));
function getAvatarAndName() {
return $this->getAvatar().Format::htmlchars((string) $this->getName());
}
}
function getDefaultSignatureType() {
// TODO: Cache this in the agent's session as it is unlikely to
// change while logged in
if (!isset($this->departments)) {
// Departments the staff is "allowed" to access...
// based on the group they belong to + user's primary dept + user's managed depts.
$sql='SELECT DISTINCT d.id FROM '.STAFF_TABLE.' s '
.' LEFT JOIN '.STAFF_DEPT_TABLE.' g ON (s.staff_id=g.staff_id) '
.' INNER JOIN '.DEPT_TABLE.' d ON (LOCATE(CONCAT("/", s.dept_id, "/"), d.path) OR d.manager_id=s.staff_id OR LOCATE(CONCAT("/", g.dept_id, "/"), d.path)) '
.' WHERE s.staff_id='.db_input($this->getId());
$depts = array();
if (($res=db_query($sql)) && db_num_rows($res)) {
while(list($id)=db_fetch_row($res))
$depts[] = $id;
}
/* ORM method — about 2.0ms slower
$q = Q::any(array(
'path__contains' => '/'.$this->dept_id.'/',
'manager_id' => $this->getId(),
));
// Add in extended access
foreach ($this->dept_access->depts->values_flat('dept_id') as $row) {
// Skip primary dept
if ($row[0] == $this->dept_id)
continue;
$q->add(new Q(array('path__contains'=>'/'.$row[0].'/')));
}
$dept_ids = Dept::objects()
->filter($q)
->distinct('id')
foreach ($dept_ids as $row)
$depts[] = $row[0];
*/
function getManagedDepartments() {
return ($depts=Dept::getDepartments(
array('manager' => $this->getId())
))?array_keys($depts):array();
}
function setDepartmentId($dept_id, $eavesdrop=false) {
// Grant access to the current department
$old = $this->dept_id;
if ($eavesdrop) {
$da = StaffDeptAccess::create(array(
'dept_id' => $old,
'role_id' => $this->role_id,
));
$da->setAlerts(true);
$this->dept_access->add($da);
}
// Drop extended access to new department
$this->dept_id = $dept_id;
if ($da = $this->dept_access->findFirst(array(
'dept_id' => $dept_id))
) {
$this->dept_access->remove($da);
}
}
return (isset($this->lang)) ? $this->lang : false;
if (isset($this->timezone))
return $this->timezone;
}
function getLocale() {
//XXX: isset is required here to avoid possible crash when upgrading
// installation where locale column doesn't exist yet.
return isset($this->locale) ? $this->locale : 0;
function getRole($dept=null) {
$deptId = is_object($dept) ? $dept->getId() : $dept;
if ($deptId && $deptId != $this->dept_id) {
if (isset($this->_roles[$deptId]))
return $this->_roles[$deptId];
if ($access = $this->dept_access->findFirst(array('dept_id' => $deptId)))
return $this->_roles[$deptId] = $access->role;
// View only access
return new Role(array());
// For the primary department, use the primary role
return $this->role;
function hasPerm($perm, $global=true) {
if ($global)
return $this->getPermission()->has($perm);
if ($this->getRole()->hasPerm($perm))
return true;
foreach ($this->dept_access as $da)
if ($da->role->hasPerm($perm))
return true;
return false;
}
function canManageTickets() {
return $this->hasPerm(TicketModel::PERM_DELETE, false)
|| $this->hasPerm(TicketModel::PERM_TRANSFER, false)
|| $this->hasPerm(TicketModel::PERM_ASSIGN, false)
|| $this->hasPerm(TicketModel::PERM_CLOSE, false);
return (($dept=$this->getDept()) && $dept->getManagerId()==$this->getId());
}
function isAccessLimited() {
return $this->showAssignedOnly();
}
return ($teamId && in_array($teamId, $this->getTeams()));
return ($deptId && in_array($deptId, $this->getDepts()) && !$this->isAccessLimited());
function showAssignedTickets() {
return $this->show_assigned_tickets;
}
if (!isset($this->_teams)) {
$this->_teams = array();
foreach ($this->teams as $team)
$this->_teams[] = $team->team_id;
}
/* stats */
function resetStats() {
$this->stats = array();
}
/* returns staff's quick stats - used on nav menu...etc && warnings */
function getTicketsStats() {
if(!$this->stats['tickets'])
$this->stats['tickets'] = Ticket::getStaffStats($this);
return $this->stats['tickets'];
}
function getNumAssignedTickets() {
return ($stats=$this->getTicketsStats())?$stats['assigned']:0;
}
function getNumClosedTickets() {
return ($stats=$this->getTicketsStats())?$stats['closed']:0;
}
function getTasksStats() {
if (!$this->stats['tasks'])
$this->stats['tasks'] = Task::getStaffStats($this);
return $this->stats['tasks'];
}
function getNumAssignedTasks() {
return ($stats=$this->getTasksStats()) ? $stats['assigned'] : 0;
}
function getNumClosedTasks() {
return ($stats=$this->getTasksStats()) ? $stats['closed'] : 0;
}
function getExtraAttr($attr=false, $default=null) {
if (!isset($this->_extra) && isset($this->extra))
$this->_extra = JsonDataParser::decode($this->extra);
return $attr ? (@$this->_extra[$attr] ?: $default) : $this->_extra;
}
function setExtraAttr($attr, $value, $commit=true) {
$this->getExtraAttr();
$this->extra = JsonDataEncoder::encode($this->_extra);
$this->save();
function getPermission() {
if (!isset($this->_perm)) {
$this->_perm = new RolePermission($this->permissions);
}
return $this->_perm;
}
function getPermissionInfo() {
return $this->getPermission()->getInfo();
}
function onLogin($bk) {
// Update last apparent language preference
$this->setExtraAttr('browser_lang',
Internationalization::getCurrentLanguage(),
false);
$this->lastlogin = SqlFunction::NOW();
$this->save();
//Staff profile update...unfortunately we have to separate it from admin update to avoid potential issues
function updateProfile($vars, &$errors) {
$vars['firstname']=Format::striptags($vars['firstname']);
$vars['lastname']=Format::striptags($vars['lastname']);
if (isset($this->staff_id) && $this->getId() != $vars['id'])
$errors['err']=__('Internal error occurred');
$errors['firstname']=__('First name is required');
$errors['lastname']=__('Last name is required');
if(!$vars['email'] || !Validator::is_valid_email($vars['email']))
$errors['email']=__('Valid email is required');
$errors['email']=__('Already in-use as system email');
elseif (($uid=static::getIdByEmail($vars['email']))
&& (!isset($this->staff_id) || $uid!=$this->getId()))
$errors['email']=__('Email already in-use by another agent');
if($vars['phone'] && !Validator::is_phone($vars['phone']))
$errors['phone']=__('Valid phone number is required');
if($vars['mobile'] && !Validator::is_phone($vars['mobile']))
$errors['mobile']=__('Valid phone number is required');
if($vars['default_signature_type']=='mine' && !$vars['signature'])
$errors['default_signature_type'] = __("You don't have a signature");
// Update the user's password if requested
if ($vars['passwd1']) {
try {
$this->setPassword($vars['passwd1'], $vars['cpasswd']);
}
catch (BadPassword $ex) {
$errors['passwd1'] = $ex->getMessage();
}
catch (PasswordUpdateFailed $ex) {
// TODO: Add a warning banner or crash the update
}
}
$this->firstname = $vars['firstname'];
$this->lastname = $vars['lastname'];
$this->email = $vars['email'];
$this->phone = Format::phone($vars['phone']);
$this->phone_ext = $vars['phone_ext'];
$this->mobile = Format::phone($vars['mobile']);
$this->signature = Format::sanitize($vars['signature']);
$this->timezone = $vars['timezone'];
$this->locale = $vars['locale'];
if (!$cfg->showAssignedTickets())
// Allow local unsetting if unset globally
$this->show_assigned_tickets = isset($vars['show_assigned_tickets']) ? 1 : 0;
$this->max_page_size = $vars['max_page_size'];
$this->auto_refresh_rate = $vars['auto_refresh_rate'];
$this->default_signature_type = $vars['default_signature_type'];
$this->default_paper_size = $vars['default_paper_size'];
$this->lang = $vars['lang'];
$this->onvacation = isset($vars['onvacation'])?1:0;
if (isset($vars['avatar_code']))
$this->setExtraAttr('avatar', $vars['avatar_code']);
if ($errors)
return false;
$_SESSION['::lang'] = null;
TextDomain::configureForUser($this);
function updateTeams($membership, &$errors) {
$dropped = array();
foreach ($this->teams as $TM)
$dropped[$TM->team_id] = 1;
reset($membership);
while(list(, list($team_id, $alerts)) = each($membership)) {
$member = $this->teams->findFirst(array('team_id' => $team_id));
if (!$member) {
$this->teams->add($member = TeamMember::create(array(
'team_id' => $team_id,
)));
$member->setAlerts($alerts);
if (!$errors)
$member->save();
unset($dropped[$member->team_id]);
}
if (!$errors && $dropped) {
$member = $this->teams
->filter(array('team_id__in' => array_keys($dropped)))
$this->teams->reset();
if (!$thisstaff || $this->getId() == $thisstaff->getId())
// DO SOME HOUSE CLEANING
//Move remove any ticket assignments...TODO: send alert to Dept. manager?
Ticket::objects()
->filter(array('staff_id' => $this->getId()))
->update(array('staff_id' => 0));
//Update the poster and clear staff_id on ticket thread table.
ThreadEntry::objects()
->filter(array('staff_id' => $this->getId()))
->update(array(
'staff_id' => 0,
'poster' => $this->getName()->getOriginal(),
));
TeamMember::objects()
->filter(array('staff_id'=>$this->getId()))
->delete();
// Cleanup staff dept access
StaffDeptAccess::objects()
->filter(array('staff_id'=>$this->getId()))
->delete();
static function lookup($var) {
if (is_array($var))
return parent::lookup($var);
elseif (is_numeric($var))
return parent::lookup(array('staff_id'=>$var));
elseif (Validator::is_email($var))
return parent::lookup(array('email'=>$var));
elseif (is_string($var))
return parent::lookup(array('username'=>$var));
else
return null;
}
$members = static::objects();
$members = $members->filter(array(
'onvacation' => 0,
'isactive' => 1,
));
switch ($cfg->getAgentNameFormat()) {
case 'last':
case 'lastfirst':
case 'legal':
$members->order_by('lastname', 'firstname');
break;
default:
$members->order_by('firstname', 'lastname');
static function getAvailableStaffMembers() {
static function getIdByUsername($username) {
$row = static::objects()->filter(array('username' => $username))
->values_flat('staff_id')->first();
return $row ? $row[0] : 0;
static function getIdByEmail($email) {
$row = static::objects()->filter(array('email' => $email))
->values_flat('staff_id')->first();
return $row ? $row[0] : 0;
static function create($vars=false) {
$staff = parent::create($vars);
$staff->created = SqlFunction::NOW();
return $staff;
function cancelResetTokens() {
// TODO: Drop password-reset tokens from the config table for
// this user id
$sql = 'DELETE FROM '.CONFIG_TABLE.' WHERE `namespace`="pwreset"
AND `value`='.db_input($this->getId());
unset($_SESSION['_staff']['reset-token']);
}
function sendResetEmail($template='pwreset-staff', $log=true) {
$content = Page::lookupByType($template);
$token = Misc::randCode(48); // 290-bits
return new Error(/* @trans */ 'Unable to retrieve password reset email template');
'url' => $ost->getConfig()->getBaseUrl(),
'token' => $token,
'reset_link' => sprintf(
"%s/scp/pwreset.php?token=%s",
$ost->getConfig()->getBaseUrl(),
$token),
$vars['link'] = &$vars['reset_link'];
if (!($email = $cfg->getAlertEmail()))
$email = $cfg->getDefaultEmail();
$info = array('email' => $email, 'vars' => &$vars, 'log'=>$log);
Signal::send('auth.pwreset.email', $this, $info);
$ost->logWarning(_S('Agent Password Reset'), sprintf(
_S('Password reset was attempted for agent: %1$s<br><br>
Requested-User-Id: %2$s<br>
Source-Ip: %3$s<br>
Email-Sent-To: %4$s<br>
Email-Sent-Via: %5$s'),
$this->getName(),
$_POST['userid'],
$_SERVER['REMOTE_ADDR'],
$this->getEmail(),
$email->getEmail()
), false);
$lang = $this->lang ?: $this->getExtraAttr('browser_lang');
$msg = $ost->replaceTemplateVariables(array(
'subj' => $content->getLocalName($lang),
'body' => $content->getLocalBody($lang),
$_config = new Config('pwreset');
$_config->set($vars['token'], $this->getId());
$email->send($this->getEmail(), Format::striptags($msg['subj']),
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
static function importCsv($stream, $defaults=array(), $callback=false) {
require_once INCLUDE_DIR . 'class.import.php';
$importer = new CsvImporter($stream);
$imported = 0;
$fields = array(
'firstname' => new TextboxField(array(
'label' => __('First name'),
)),
'lastname' => new TextboxField(array(
'label' => __('Last name'),
)),
'email' => new TextboxField(array(
'label' => __('Email Address'),
'configuration' => array(
'validator' => 'email',
),
)),
'username' => new TextboxField(array(
'label' => __('Username'),
'validators' => function($self, $value) {
if (!Validator::is_username($value))
$self->addError('Not a valid username');
},
)),
);
$form = new SimpleForm($fields);
try {
db_autocommit(false);
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
$records = $importer->importCsv($form->getFields(), $defaults);
foreach ($records as $data) {
if (!isset($data['email']) || !isset($data['username']))
throw new ImportError('Both `username` and `email` fields are required');
if ($agent = self::lookup(array('username' => $data['username']))) {
// TODO: Update the user
}
elseif ($agent = self::create($data, $errors)) {
if ($callback)
$callback($agent, $data);
$agent->save();
}
else {
throw new ImportError(sprintf(__('Unable to import (%s): %s'),
$data['username'],
print_r($errors, true)
));
}
$imported++;
}
db_autocommit(true);
}
catch (Exception $ex) {
db_rollback();
return $ex->getMessage();
}
return $imported;
}
function save($refetch=false) {
if ($this->dirty)
$this->updated = SqlFunction::NOW();
return parent::save($refetch || $this->dirty);
}
function update($vars, &$errors) {
$vars['username']=Format::striptags($vars['username']);
$vars['firstname']=Format::striptags($vars['firstname']);
$vars['lastname']=Format::striptags($vars['lastname']);
if (isset($this->staff_id) && $this->getId() != $vars['id'])
$errors['err']=__('Internal Error');
$errors['firstname']=__('First name required');
$errors['lastname']=__('Last name required');
$error = '';
if(!$vars['username'] || !Validator::is_username($vars['username'], $error))
$errors['username']=($error) ? $error : __('Username is required');
elseif (($uid=static::getIdByUsername($vars['username']))
&& (!isset($this->staff_id) || $uid!=$this->getId()))
$errors['username']=__('Username already in use');
if(!$vars['email'] || !Validator::is_valid_email($vars['email']))
$errors['email']=__('Valid email is required');
$errors['email']=__('Already in use system email');
elseif (($uid=static::getIdByEmail($vars['email']))
&& (!isset($this->staff_id) || $uid!=$this->getId()))
$errors['email']=__('Email already in use by another agent');
if($vars['phone'] && !Validator::is_phone($vars['phone']))
$errors['phone']=__('Valid phone number is required');
if($vars['mobile'] && !Validator::is_phone($vars['mobile']))
$errors['mobile']=__('Valid phone number is required');
$errors['dept_id']=__('Department is required');
if(!$vars['role_id'])
$errors['role_id']=__('Role for primary department is required');
// Ensure we will still have an administrator with access
if ($vars['isadmin'] !== '1' || $vars['islocked'] === '1') {
$sql = 'select count(*), max(staff_id) from '.STAFF_TABLE
.' WHERE isadmin=1 and isactive=1';
if (($res = db_query($sql))
&& (list($count, $sid) = db_fetch_row($res))) {
if ($count == 1 && $sid == $uid) {
$errors['isadmin'] = __(
'Cowardly refusing to remove or lock out the only active administrator'
);
}
}
}
// Format access update as [array(dept_id, role_id, alerts?)]
$access = array();
if (isset($vars['dept_access'])) {
foreach (@$vars['dept_access'] as $dept_id) {
$access[] = array($dept_id, $vars['dept_access_role'][$dept_id],
@$vars['dept_access_alerts'][$dept_id]);
}
}
$this->updateAccess($access, $errors);
// Format team membership as [array(team_id, alerts?)]
$teams = array();
if (isset($vars['teams'])) {
foreach (@$vars['teams'] as $team_id) {
$teams[] = array($team_id, @$vars['team_alerts'][$team_id]);
}
}
$this->updateTeams($teams, $errors);
// Update the local permissions
$this->updatePerms($vars['perms'], $errors);
$this->isvisible = isset($vars['isvisible'])?1:0;
$this->onvacation = isset($vars['onvacation'])?1:0;
$this->assigned_only = isset($vars['assigned_only'])?1:0;
$this->role_id = $vars['role_id'];
$this->timezone = $vars['timezone'];
$this->username = $vars['username'];
$this->firstname = $vars['firstname'];
$this->lastname = $vars['lastname'];
$this->email = $vars['email'];
$this->backend = $vars['backend'];
$this->phone = Format::phone($vars['phone']);
$this->phone_ext = $vars['phone_ext'];
$this->mobile = Format::phone($vars['mobile']);
$this->signature = Format::sanitize($vars['signature']);
$this->notes = Format::sanitize($vars['notes']);