<?php
/* $Id: access.php,v 1.53.2.7 2012/02/28 02:07:45 cknudsen Exp $
*
* This page is used to manage user access rights.
*
* It has three different modes:
* - list users to manage (no parameters)
* - manage a single user's rights (just "user" parameter)
* this will include which functions the user can access and
* (if $ALLOW_VIEW_OTHER is 'Y') which calendars thay can view/edit/approve
* - update the database (form handler)
*
* Input Parameters:
* user - specifies which user to manage, a form will be presented
* that allows editing rights of this user
*
* access_N - where N is 0 to ACCESS_NUMBER_FUNCTIONS as defined in
* includes/access.php. Each should be either 'Y' or 'N'.
*/
include_once 'includes/init.php';
require_valide_referring_url ();
$allow_view_other =
( ! empty ( $ALLOW_VIEW_OTHER ) && $ALLOW_VIEW_OTHER == 'Y' );
if ( ! access_is_enabled () ) {
echo print_not_auth (1);
exit;
}
// translate ( 'Database error' )
$dbErrStr = translate ( 'Database error XXX.' );
$defConfigStr = translate ( 'DEFAULT CONFIGURATION' );
$goStr = '
</select>
<input type="submit" value="' . translate ( 'Go' ) . '" />
</form>';
$saveStr = translate ( 'Save' );
$undoStr = translate ( 'Undo' );
$saved = '';
// Are we handling the access form?
// If so, do that, then redirect.
// Handle function access first.
if ( getPostValue ( 'auser' ) != '' &&
getPostValue ( 'submit' ) == $saveStr ) {
$auser = getPostValue ( 'auser' );
$perm = '';
for ( $i = 0; $i < ACCESS_NUMBER_FUNCTIONS; $i++ ) {
$perm .= ( getPostValue ( 'access_' . $i ) == 'Y' ? 'Y' : 'N' );
}
dbi_execute ( 'DELETE FROM webcal_access_function WHERE cal_login = ?',
array ( $auser ) );
if ( ! dbi_execute ( 'INSERT INTO webcal_access_function ( cal_login,
cal_permissions ) VALUES ( ?, ? )', array ( $auser, $perm ) ) )
die_miserable_death ( str_replace ( 'XXX', dbi_error (), $dbErrStr ) );
$saved = true;
}
// Are we handling the other user form? If so, do that, then redirect.
if ( getPostValue ( 'otheruser' ) != '' &&
getPostValue ( 'submit' ) == $saveStr ) {
$puser = getPostValue ( 'guser' );
$pouser = getPostValue ( 'otheruser' );
if ( $allow_view_other ) {
// Handle access to other users' calendars.
// If user is not admin,
// reverse values so they are granting access to their own calendar.
if ( ! $is_admin )
list ( $puser, $pouser ) = array ( $pouser, $puser );
dbi_execute ( 'DELETE FROM webcal_access_user WHERE cal_login = ?
AND cal_other_user = ?', array ( $puser, $pouser ) );
if ( empty ( $pouser ) )
break;
$approve_total = $edit_total = $view_total = 0;
for ( $i = 1; $i <= 256; ) {
$approve_total += getPostValue ( 'a_' . $i );
$edit_total += getPostValue ( 'e_' . $i );
$view_total += getPostValue ( 'v_' . $i );
$i += $i;
}
$email = getPostValue ( 'email' );
$invite = getPostValue ( 'invite' );
$time = getPostValue ( 'time' );
if ( ! dbi_execute ( 'INSERT INTO webcal_access_user ( cal_login,
cal_other_user, cal_can_view, cal_can_edit, cal_can_approve,
cal_can_invite, cal_can_email, cal_see_time_only )
VALUES ( ?, ?, ?, ?, ?, ?, ?, ? )',
array (
$puser,
$pouser,
( $view_total > 0 ? $view_total : 0 ),
( $edit_total > 0 && $puser != '__public__' ? $edit_total : 0 ),
( $approve_total > 0 && $puser != '__public__' ? $approve_total : 0 ),
( strlen ( $invite ) ? $invite : 'N' ),
( strlen ( $email ) ? $email : 'N' ),
( strlen ( $time ) ? $time : 'N' ) ) ) ) {
die_miserable_death ( str_replace ( 'XXX', dbi_error (), $dbErrStr ) );
}
$saved = true;
}
}
$checked = ' checked="checked"';
$guser = getPostValue ( 'guser' );
$selected = ' selected="selected"';
//if ( $guser == '__default__' ) {
// $otheruser = $guser;
// $user_fullname = $defConfigStr;
//} else
$otheruser = getPostValue ( 'otheruser' );
if ( $otheruser == '__default__' ) {
$otheruser_fullname = $defConfigStr;
$otheruser_login = '__default__';
} elseif ( $otheruser == '__public__' ) {
$otheruser_fullname = translate ( 'Public Access' );
$otheruser_login = '__public__';
}
if ( ! empty ( $otheruser ) ) {
if ( $allow_view_other ) {
user_load_variables ( $otheruser, 'otheruser_' );
// Turn off admin override so we see the users own settings.
$ADMIN_OVERRIDE_UAC = 'N';
// Now load all the data from webcal_access_user.
$allPermissions = access_load_user_permissions ( false );
// Load default-default values if exist.
if ( ! empty ( $allPermissions['__default__.__default__'] ) )
$op = $allPermissions['__default__.__default__'];
if ( $is_admin ) {
// Load user-default values if exist.
if ( ! empty ( $allPermissions[ $guser . '.__default__' ] ) )
$op = $allPermissions[ $guser . '.__default__' ];
// Load user-otheruser values if exist.
if ( ! empty ( $allPermissions[ $guser . '.' . $otheruser ] ) )
$op = $allPermissions[ $guser . '.' . $otheruser ];
} else {
// Load defualt-user values if exist.
if ( ! empty ( $allPermissions['__default__.' . $guser] ) )
$op = $allPermissions['__default__.' . $guser ];
// Load otheruser-user values if exist.
if ( ! empty ( $allPermissions[$otheruser . '.' . $guser] ) )
$op = $allPermissions[$otheruser . '.' . $guser];
}
}
}
print_header ( '', '',
( ! empty ( $op['time'] ) && $op['time'] == 'Y'
? 'onload="enableAll( true );"' : '' ) );
echo print_success ( $saved );
if ( ! empty ( $guser ) && $is_admin )
user_load_variables ( $guser, 'user_' );
ob_start ();
if ( $is_admin ) {
$adminStr = translate ( 'Admin' );
$userlist = get_my_users ();
$nonuserlist = get_nonuser_cals ();
// If we are here... we must need to print out a list of users.
echo '
<h2>' . translate ( 'User Access Control' )
. ( ! empty ( $user_fullname ) ? ': ' . $user_fullname : '' ) . '</h2>
' . display_admin_link ( false ) . '
<form action="access.php" method="post" name="SelectUser">
<select name="guser" onchange="document.SelectUser.submit()">'
// Add a DEFAULT CONFIGURATION to be used as a mask.
. '
<option value="__default__"'
. ( $guser == '__default__' ? $selected : '' )
. '>' . $defConfigStr . '</option>';
for ( $i = 0, $cnt = count ( $userlist ); $i < $cnt; $i++ ) {
echo '
<option value="' . $userlist[$i]['cal_login'] . '"'
. ( $guser == $userlist[$i]['cal_login'] ? $selected : '' )
. '>' . $userlist[$i]['cal_fullname'] . '</option>';
}
for ( $i = 0, $cnt = count ( $nonuserlist ); $i < $cnt; $i++ ) {
echo '
<option value="' . $nonuserlist[$i]['cal_login'] . '"'
. ( $guser == $nonuserlist[$i]['cal_login'] ? $selected : '' )
. '>' . $nonuserlist[$i]['cal_fullname'] . ' '
. ( $nonuserlist[$i]['cal_is_public'] == 'Y' ? '*' : '' ) . '</option>';
}
echo $goStr;
} //end admin $guser != default test
if ( ! empty ( $guser ) || ! $is_admin ) {
if ( $is_admin ) {
// Present a page to allow editing a user's rights.
$access = access_load_user_functions ( $guser );
$div = ceil ( ACCESS_NUMBER_FUNCTIONS / 4 );
// We can reorder the display of user rights here.
$order = array (
1, 0, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 27,
15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27 );
// Make sure that we have defined all the types of
// access defined in access.php
assert ( count($order) == ACCESS_NUMBER_FUNCTIONS +1 );
echo '
<div class="boxall" style="margin-top: 5px; padding: 5px;">
<form action="access.php" method="post" name="accessform">
<input type="hidden" name="auser" value="' . $guser . '" />
<input type="hidden" name="guser" value="' . $guser . '" />
<table border="0" cellspacing="10">
<tbody>
<tr>
<td valign="top">';
for ( $i = 0; $i < ACCESS_NUMBER_FUNCTIONS; $i++ ) {
// Public access and NUCs can never use some of these functions.
$show = true;
if ( $guser == '__public__' ||
substr ( $guser, 0, 5 ) == $NONUSER_PREFIX ) {
switch ( $order[$i] ) {
case ACCESS_ACCESS_MANAGEMENT:
case ACCESS_ACCOUNT_INFO:
case ACCESS_ACTIVITY_LOG:
case ACCESS_ADMIN_HOME:
case ACCESS_ASSISTANTS:
case ACCESS_CATEGORY_MANAGEMENT:
case ACCESS_IMPORT:
case ACCESS_PREFERENCES:
case ACCESS_SYSTEM_SETTINGS:
case ACCESS_USER_MANAGEMENT:
case ACCESS_VIEW_MANAGEMENT:
case ACCESS_SECURITY_AUDIT:
// Skip these...
$show = false;
break;
}
}
if ( $show )
echo print_checkbox ( array ( 'access_' . $order[$i], 'Y',
access_get_function_description ( $order[$i] ),
substr ( $access, $order[$i], 1 ) ), 'dito' ) . '<br />';
if ( ( $i + 1 ) % $div == 0 )
echo '
</td>
<td valign="top">';
}
echo '
</td>
</tr>
</tbody>
</table>
<input type="submit" value="' . $undoStr . '" />
<input type="submit" name="submit" value="' . $saveStr . '" />
</form>
</div>';
$pagetitle = translate ( 'Allow Access to Other Users Calendar' );
} else {
// Get list of users that this user can see (may depend on group settings)
// along with all nonuser calendars.
// if ( $guser != '__default__' ) {
$guser = $login;
$pagetitle = translate ( 'Grant This User Access to My Calendar' );
}
// if ( $guser == '__default__' ) {
// $userlist = array ( '__default__' );
// $otheruser = $otheruser_login = '__default__';
// $otheruser_fullname = $defConfigStr;
// } else
if ( $allow_view_other ) {
$userlist = get_list_of_users ( $guser );
echo '
<h2 style="margin-bottom: 2px;">' . $pagetitle . '</h2>
<form action="access.php" method="post" name="SelectOther">
<input type="hidden" name="guser" value="' . $guser . '" />
<select name="otheruser" onchange="document.SelectOther.submit()">'
// Add a DEFAULT CONFIGURATION to be used as a mask.
. '
<option value="__default__"'
. ( $otheruser == '__default__' ? $selected : '' )
. '>' . $defConfigStr . '</option>';
for ( $i = 0, $cnt = count ( $userlist ); $i < $cnt; $i++ ) {
if ( $userlist[$i]['cal_login'] != $guser )
echo '
<option value="' . $userlist[$i]['cal_login'] . '"'
. ( ! empty ( $otheruser ) && $otheruser == $userlist[$i]['cal_login']
? $selected : '' )
. '>' . $userlist[$i]['cal_fullname'] . '</option>';
}
echo $goStr;
}
}
if ( ! empty ( $otheruser ) ) {
if ( $allow_view_other ) {
$typeStr = translate ( 'Type' );
echo '
<form action="access.php" method="post" name="EditOther">
<input type="hidden" name="guser" value="' . $guser . '" />
<input type="hidden" name="otheruser" value="' . $otheruser . '" /><br />
<table cellpadding="5" cellspacing="0">
<tbody>
<tr>
<th class="boxleft boxtop boxbottom" width='
. ( $guser == '__public__'
? '"60%" align="center">' . translate ( 'Calendar' ) . '</th>
<th class="boxtop boxbottom" width="20%">' . $typeStr . '</th>
<th class="boxtop boxbottom boxright" colspan="3" width="20%">'
. translate ( 'View Event' )
: '"25%">' . $otheruser_fullname . '</th>
<th class="boxtop boxbottom" width="15%">' . $typeStr . '</th>
<th width="15%" colspan="3" class="boxtop boxbottom">'
. translate ( 'View' ) . '</th>
<th width="15%" colspan="3" class="boxtop boxbottom">'
. translate ( 'Edit' ) . '</th>
<th width="15%" colspan="3" class="boxtop boxright boxbottom">'
. translate ( 'Approve/Reject' ) ) . '</th>
</tr>';
$access_type = array (
'',
translate ( 'Events' ),
translate ( 'Tasks' ),
'',
translate ( 'Journals' )
);
for ( $j = 1; $j < 5; $j++ ) {
$bottomedge = '';
if ( $j == 3 )
continue;
echo '
<tr>
<td class="boxleft leftpadded' . ( $j > 3 ? ' boxbottom' : '' )
. '"><input type="checkbox" value="Y" name=';
if ( $j == 1 )
echo '"invite"'
. ( ! empty ( $op['invite'] ) && $op['invite'] == 'N' ? '' : $checked )
. ' />' . translate ( 'Can Invite' );
elseif ( $j == 2 )
echo '"email"'
. ( ! empty ( $op['email'] ) && $op['email'] == 'N' ? '' : $checked )
. ' />' . translate ( 'Can Email' );
else {
echo '"time"'
. ( ! empty ( $op['time'] ) && $op['time'] == 'Y' ? $checked : '' )
. ' onclick="enableAll( this.checked );" />'
. translate ( 'Can See Time Only' );
$bottomedge = 'boxbottom';
}
echo '</td>
<td align="center" class="boxleft ' . $bottomedge . '">'
. $access_type[$j] . '</td>
<td align="center" class="boxleft pub ' . $bottomedge . '">'
. '<input type="checkbox" value="' . $j . '" name="v_' . $j . '"'
. ( ! empty ( $op['view'] ) && ( $op['view'] & $j ) ? $checked : '' )
. ' /></td>
<td class="conf ' . $bottomedge . '"><input type="checkbox" value="'
. $j * 8 . '" name="v_' . $j * 8 . '"'
. ( ! empty ( $op['view'] ) && ( $op['view'] & ( $j * 8 ) )
? $checked : '' ) . ' /></td>
<td class="priv ' . $bottomedge . '"><input type="checkbox" value="'
. $j * 64 . '" name="v_' . $j * 64 . '"'
. ( ! empty ( $op['view'] ) && ( $op['view'] & ( $j * 64 ) )
? $checked : '' ) . ' /></td>'
. ( $guser != '__public__' ? '
<td align="center" class="boxleft pub ' . $bottomedge . '"><input '
. 'type="checkbox" value="' . $j . '" name="e_' . $j . '"'
. ( ! empty ( $op['edit'] ) && ( $op['edit'] & $j ) ? $checked : '' )
. ' /></td>
<td class="conf ' . $bottomedge . '"><input type="checkbox" value="'
. $j * 8 . '" name="e_' . $j * 8 . '"'
. ( ! empty ( $op['edit'] ) && ( $op['edit'] & ( $j * 8 ) )
? $checked : '' ) . ' /></td>
<td class="priv ' . $bottomedge . '"><input type="checkbox" value="'
. $j * 64 . '" name="e_' . $j * 64 . '"'
. ( ! empty ( $op['edit'] ) && ( $op['edit'] & ( $j * 64 ) )
? $checked : '' ) . ' /></td>
<td align="center" class="boxleft pub ' . $bottomedge . '"><input '
. 'type="checkbox" value="' . $j . '" name="a_' . $j . '"'
. ( ! empty ( $op['approve'] ) && ( $op['approve'] & $j )
? $checked : '' ) . ' /></td>
<td class="conf ' . $bottomedge . '"><input type="checkbox" value="'
. $j * 8 . '" name="a_' . $j * 8 . '"'
. ( ! empty ( $op['approve'] ) && ( $op['approve'] & ( $j * 8 ) )
? $checked : '' ) . ' /></td>
<td class="boxright priv ' . $bottomedge
. '"><input type="checkbox" value="' . $j * 64 . '" name="a_' . $j * 64
. '"' . ( ! empty ( $op['approve'] ) && ( $op['approve'] & ( $j * 64 ) )
? $checked : '' ) . ' /></td>'
: '' ) . '
</tr>';
}
echo '
<tr>
<td colspan="2" class="boxleft alignright">'
. ( $otheruser != '__default__' && $otheruser != '__public__' ? '
<input type="button" value="' . translate ( 'Assistant' )
. '" onclick="selectAll(63);" /> ' : '' ) . '
<input type="button" value="' . translate ( 'Select All' )
. '" onclick="selectAll(256);" />
<input type="button" value="' . translate ( 'Clear All' )
. '" onclick="selectAll(0);" />
</td>
<td colspan="9" class="boxright">
<table border="0" align="center" cellpadding="5" cellspacing="2">
<tr>
<td class="pub">' . translate ( 'Public' ) . '</td>
<td class="conf">' . translate ( 'Confidential' ) . '</td>
<td class="priv">' . translate ( 'Private' ) . '</td>
</tr>
</table>
</td>
</tr>';
}
echo '
<tr>
<td colspan="11" class="boxleft boxbottom boxright">
<input type="submit" value="' . $undoStr . '" />
<input type="submit" name="submit" value="' . $saveStr . '" />
</td>
</tr>
</tbody>
</table>
</form>';
ob_end_flush ();
?>
<script language="javascript" type="text/javascript">
<!-- <![CDATA[
function selectAll ( limit ) {
if ( limit == 0 )
document.EditOther.time.checked = false;
document.EditOther.email.checked =
document.EditOther.invite.checked = ( limit != 0 )
for ( i = 1; i <= 256; ) {
var
aname = 'a_' + i,
ename = 'e_' + i,
vname = 'v_' + i;
document.forms['EditOther'].elements[vname].checked = (i <= limit);
if (document.forms['EditOther'].elements[ename])
document.forms['EditOther'].elements[ename].checked = (i <= limit);
if (document.forms['EditOther'].elements[aname])
document.forms['EditOther'].elements[aname].checked = (i <= limit);
i = parseInt(i+i);
}
}
function enableAll ( on ) {
for ( i = 1; i <= 256; ) {
var
aname = 'a_' + i,
ename = 'e_' + i,
vname = 'v_' + i;
document.forms['EditOther'].elements[vname].disabled = on;
if (document.forms['EditOther'].elements[ename])
document.forms['EditOther'].elements[ename].disabled = on;
if (document.forms['EditOther'].elements[aname])
document.forms['EditOther'].elements[aname].disabled = on;
i = parseInt(i+i);
}
}
//]]> -->
</script>
<?php
}
echo print_trailer ();
// Get the list of users that the specified user can see.
function get_list_of_users ( $user ) {
global $is_admin, $is_nonuser_admin;
//Let Admins userlist be returnd
if ( $user == '__default__' )
$user = '';
$u = get_my_users ( $user, 'view' );
if ( $is_admin || $is_nonuser_admin ) {
// Get public NUCs also.
$nonusers = get_my_nonusers ( $user, true );
$u = array_merge ( $nonusers, $u );
}
return $u;
}
?>