Location: PHPKode > scripts > WebCalendar > WebCalendar-1.2.5/access.php
<?php
/* $Id: access.php,v 1.53.2.7 2012/02/28 02:07:45 cknudsen Exp $
 *
 * This page is used to manage user access rights.
 *
 * It has three different modes:
 * - list users to manage (no parameters)
 * - manage a single user's rights (just "user" parameter)
 *   this will include which functions the user can access and
 *   (if $ALLOW_VIEW_OTHER is 'Y') which calendars thay can view/edit/approve
 * - update the database (form handler)
 *
 * Input Parameters:
 *  user - specifies which user to manage, a form will be presented
 *         that allows editing rights of this user
 *
 *  access_N - where N is 0 to ACCESS_NUMBER_FUNCTIONS as defined in
 *             includes/access.php. Each should be either 'Y' or 'N'.
 */
include_once 'includes/init.php';
require_valide_referring_url ();

$allow_view_other =
( ! empty ( $ALLOW_VIEW_OTHER ) && $ALLOW_VIEW_OTHER == 'Y' );

if ( ! access_is_enabled () ) {
  echo print_not_auth (1);
  exit;
}
// translate ( 'Database error' )
$dbErrStr = translate ( 'Database error XXX.' );
$defConfigStr = translate ( 'DEFAULT CONFIGURATION' );
$goStr = '
      </select>
      <input type="submit" value="' . translate ( 'Go' ) . '" />
    </form>';
$saveStr = translate ( 'Save' );
$undoStr = translate ( 'Undo' );

$saved = '';

// Are we handling the access form?
// If so, do that, then redirect.
// Handle function access first.
if ( getPostValue ( 'auser' ) != '' &&
    getPostValue ( 'submit' ) == $saveStr ) {
  $auser = getPostValue ( 'auser' );
  $perm = '';
  for ( $i = 0; $i < ACCESS_NUMBER_FUNCTIONS; $i++ ) {
    $perm .= ( getPostValue ( 'access_' . $i ) == 'Y' ? 'Y' : 'N' );
  }

  dbi_execute ( 'DELETE FROM webcal_access_function WHERE cal_login = ?',
    array ( $auser ) );

  if ( ! dbi_execute ( 'INSERT INTO webcal_access_function ( cal_login,
      cal_permissions ) VALUES ( ?, ? )', array ( $auser, $perm ) ) )
    die_miserable_death ( str_replace ( 'XXX', dbi_error (), $dbErrStr ) );
  $saved = true;
}

// Are we handling the other user form?  If so, do that, then redirect.
if ( getPostValue ( 'otheruser' ) != '' &&
    getPostValue ( 'submit' ) == $saveStr ) {
  $puser = getPostValue ( 'guser' );
  $pouser = getPostValue ( 'otheruser' );

  if ( $allow_view_other ) {
    // Handle access to other users' calendars.
    // If user is not admin,
    // reverse values so they are granting access to their own calendar.
    if ( ! $is_admin )
      list ( $puser, $pouser ) = array ( $pouser, $puser );

    dbi_execute ( 'DELETE FROM webcal_access_user WHERE cal_login = ?
      AND cal_other_user = ?', array ( $puser, $pouser ) );

    if ( empty ( $pouser ) )
      break;
    $approve_total = $edit_total = $view_total = 0;
    for ( $i = 1; $i <= 256; ) {
      $approve_total += getPostValue ( 'a_' . $i );
      $edit_total += getPostValue ( 'e_' . $i );
      $view_total += getPostValue ( 'v_' . $i );
      $i += $i;
    }

    $email = getPostValue ( 'email' );
    $invite = getPostValue ( 'invite' );
    $time = getPostValue ( 'time' );

    if ( ! dbi_execute ( 'INSERT INTO webcal_access_user ( cal_login,
      cal_other_user, cal_can_view, cal_can_edit, cal_can_approve,
      cal_can_invite, cal_can_email, cal_see_time_only )
      VALUES ( ?, ?, ?, ?, ?, ?, ?, ? )',
        array (
          $puser,
          $pouser,
          ( $view_total > 0 ? $view_total : 0 ),
          ( $edit_total > 0 && $puser != '__public__' ? $edit_total : 0 ),
          ( $approve_total > 0 && $puser != '__public__' ? $approve_total : 0 ),
          ( strlen ( $invite ) ? $invite : 'N' ),
          ( strlen ( $email ) ? $email : 'N' ),
          ( strlen ( $time ) ? $time : 'N' ) ) ) ) {
      die_miserable_death ( str_replace ( 'XXX', dbi_error (), $dbErrStr ) );
    }
    $saved = true;
  }
}
$checked = ' checked="checked"';
$guser = getPostValue ( 'guser' );
$selected = ' selected="selected"';

//if ( $guser == '__default__' ) {
//  $otheruser = $guser;
//  $user_fullname = $defConfigStr;
//} else
  $otheruser = getPostValue ( 'otheruser' );

if ( $otheruser == '__default__' ) {
  $otheruser_fullname = $defConfigStr;
  $otheruser_login = '__default__';
} elseif ( $otheruser == '__public__' ) {
  $otheruser_fullname = translate ( 'Public Access' );
  $otheruser_login = '__public__';
}
if ( ! empty ( $otheruser ) ) {
  if ( $allow_view_other ) {
    user_load_variables ( $otheruser, 'otheruser_' );
    // Turn off admin override so we see the users own settings.
    $ADMIN_OVERRIDE_UAC = 'N';
    // Now load all the data from webcal_access_user.
    $allPermissions = access_load_user_permissions ( false );
    // Load default-default values if exist.
    if ( ! empty ( $allPermissions['__default__.__default__'] ) )
      $op = $allPermissions['__default__.__default__'];

    if ( $is_admin ) {
      // Load user-default values if exist.
      if ( ! empty ( $allPermissions[ $guser . '.__default__' ] ) )
        $op = $allPermissions[ $guser . '.__default__' ];
      // Load user-otheruser values if exist.
      if ( ! empty ( $allPermissions[ $guser . '.' . $otheruser ] ) )
        $op = $allPermissions[ $guser . '.' . $otheruser ];
    } else {
      // Load defualt-user values if exist.
      if ( ! empty ( $allPermissions['__default__.' . $guser] ) )
        $op = $allPermissions['__default__.' . $guser ];
      // Load otheruser-user values if exist.
      if ( ! empty ( $allPermissions[$otheruser . '.' . $guser] ) )
        $op = $allPermissions[$otheruser . '.' . $guser];
    }
  }
}
print_header ( '', '',
  ( ! empty ( $op['time'] ) && $op['time'] == 'Y'
    ? 'onload="enableAll( true );"' : '' ) );

echo print_success ( $saved );

if ( ! empty ( $guser ) && $is_admin )
  user_load_variables ( $guser, 'user_' );

ob_start ();

if ( $is_admin ) {
  $adminStr = translate ( 'Admin' );
  $userlist = get_my_users ();
  $nonuserlist = get_nonuser_cals ();

  // If we are here... we must need to print out a list of users.
  echo '
    <h2>' . translate ( 'User Access Control' )
   . ( ! empty ( $user_fullname ) ? ': ' . $user_fullname : '' ) . '</h2>
    ' . display_admin_link ( false ) . '
    <form action="access.php" method="post" name="SelectUser">
      <select name="guser" onchange="document.SelectUser.submit()">'
  // Add a DEFAULT CONFIGURATION to be used as a mask.
  . '
        <option value="__default__"'
   . ( $guser == '__default__' ? $selected : '' )
   . '>' . $defConfigStr . '</option>';
  for ( $i = 0, $cnt = count ( $userlist ); $i < $cnt; $i++ ) {
    echo '
        <option value="' . $userlist[$i]['cal_login'] . '"'
     . ( $guser == $userlist[$i]['cal_login'] ? $selected : '' )
     . '>' . $userlist[$i]['cal_fullname'] . '</option>';
  }
  for ( $i = 0, $cnt = count ( $nonuserlist ); $i < $cnt; $i++ ) {
    echo '
        <option value="' . $nonuserlist[$i]['cal_login'] . '"'
     . ( $guser == $nonuserlist[$i]['cal_login'] ? $selected : '' )
     . '>' . $nonuserlist[$i]['cal_fullname'] . ' '
     . ( $nonuserlist[$i]['cal_is_public'] == 'Y' ? '*' : '' ) . '</option>';
  }

  echo $goStr;
} //end admin $guser != default test

if ( ! empty ( $guser ) || ! $is_admin ) {
  if ( $is_admin ) {
    // Present a page to allow editing a user's rights.
    $access = access_load_user_functions ( $guser );
    $div = ceil ( ACCESS_NUMBER_FUNCTIONS / 4 );

    // We can reorder the display of user rights here.
    $order = array (
      1, 0, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 27,
      15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27 );
    // Make sure that we have defined all the types of
    // access defined in access.php
    assert ( count($order) == ACCESS_NUMBER_FUNCTIONS +1 );

    echo '
    <div class="boxall" style="margin-top: 5px; padding: 5px;">
      <form action="access.php" method="post" name="accessform">
        <input type="hidden" name="auser" value="' . $guser . '" />
        <input type="hidden" name="guser" value="' . $guser . '" />
        <table border="0" cellspacing="10">
          <tbody>
            <tr>
              <td valign="top">';

    for ( $i = 0; $i < ACCESS_NUMBER_FUNCTIONS; $i++ ) {
      // Public access and NUCs can never use some of these functions.
      $show = true;
      if ( $guser == '__public__' ||
        substr ( $guser, 0, 5 ) == $NONUSER_PREFIX ) {
        switch ( $order[$i] ) {
          case ACCESS_ACCESS_MANAGEMENT:
          case ACCESS_ACCOUNT_INFO:
          case ACCESS_ACTIVITY_LOG:
          case ACCESS_ADMIN_HOME:
          case ACCESS_ASSISTANTS:
          case ACCESS_CATEGORY_MANAGEMENT:
          case ACCESS_IMPORT:
          case ACCESS_PREFERENCES:
          case ACCESS_SYSTEM_SETTINGS:
          case ACCESS_USER_MANAGEMENT:
          case ACCESS_VIEW_MANAGEMENT:
          case ACCESS_SECURITY_AUDIT:
            // Skip these...
            $show = false;
            break;
        }
      }
      if ( $show )
        echo print_checkbox ( array ( 'access_' . $order[$i], 'Y',
            access_get_function_description ( $order[$i] ),
            substr ( $access, $order[$i], 1 ) ), 'dito' ) . '<br />';

      if ( ( $i + 1 ) % $div == 0 )
        echo '
              </td>
              <td valign="top">';
    }

    echo '
              </td>
            </tr>
          </tbody>
        </table>
        <input type="submit" value="' . $undoStr . '" />
        <input type="submit" name="submit" value="' . $saveStr . '" />
      </form>
    </div>';

    $pagetitle = translate ( 'Allow Access to Other Users Calendar' );
  } else {
    // Get list of users that this user can see (may depend on group settings)
    // along with all nonuser calendars.
    // if ( $guser != '__default__' ) {
    $guser = $login;
    $pagetitle = translate ( 'Grant This User Access to My Calendar' );
  }

//  if ( $guser == '__default__' ) {
//    $userlist = array ( '__default__' );
//    $otheruser = $otheruser_login = '__default__';
 //   $otheruser_fullname = $defConfigStr;
//  } else
  if ( $allow_view_other ) {
    $userlist = get_list_of_users ( $guser );
    echo '
    <h2 style="margin-bottom: 2px;">' . $pagetitle . '</h2>
    <form action="access.php" method="post" name="SelectOther">
      <input type="hidden" name="guser" value="' . $guser . '" />
      <select name="otheruser" onchange="document.SelectOther.submit()">'
    // Add a DEFAULT CONFIGURATION to be used as a mask.
    . '
        <option value="__default__"'
     . ( $otheruser == '__default__' ? $selected : '' )
     . '>' . $defConfigStr . '</option>';

    for ( $i = 0, $cnt = count ( $userlist ); $i < $cnt; $i++ ) {
      if ( $userlist[$i]['cal_login'] != $guser )
        echo '
        <option value="' . $userlist[$i]['cal_login'] . '"'
         . ( ! empty ( $otheruser ) && $otheruser == $userlist[$i]['cal_login']
          ? $selected : '' )
         . '>' . $userlist[$i]['cal_fullname'] . '</option>';
    }
    echo $goStr;
  }
}

if ( ! empty ( $otheruser ) ) {
  if ( $allow_view_other ) {
    $typeStr = translate ( 'Type' );
    echo '
    <form action="access.php" method="post" name="EditOther">
      <input type="hidden" name="guser" value="' . $guser . '" />
      <input type="hidden" name="otheruser" value="' . $otheruser . '" /><br />
      <table cellpadding="5" cellspacing="0">
        <tbody>
          <tr>
            <th class="boxleft boxtop boxbottom" width='
     . ( $guser == '__public__'
      ? '"60%" align="center">' . translate ( 'Calendar' ) . '</th>
            <th class="boxtop boxbottom" width="20%">' . $typeStr . '</th>
            <th class="boxtop boxbottom boxright" colspan="3" width="20%">'
       . translate ( 'View Event' )
      : '"25%">' . $otheruser_fullname . '</th>
            <th class="boxtop boxbottom" width="15%">' . $typeStr . '</th>
            <th width="15%" colspan="3" class="boxtop boxbottom">'
       . translate ( 'View' ) . '</th>
            <th width="15%" colspan="3" class="boxtop boxbottom">'
       . translate ( 'Edit' ) . '</th>
            <th width="15%" colspan="3" class="boxtop boxright boxbottom">'
       . translate ( 'Approve/Reject' ) ) . '</th>
          </tr>';

    $access_type = array (
      '',
      translate ( 'Events' ),
      translate ( 'Tasks' ),
      '',
      translate ( 'Journals' )
      );

    for ( $j = 1; $j < 5; $j++ ) {
      $bottomedge = '';
      if ( $j == 3 )
        continue;
      echo '
          <tr>
            <td class="boxleft leftpadded' . ( $j > 3 ? ' boxbottom' : '' )
       . '"><input type="checkbox" value="Y" name=';
      if ( $j == 1 )
        echo '"invite"'
         . ( ! empty ( $op['invite'] ) && $op['invite'] == 'N' ? '' : $checked )
         . ' />' . translate ( 'Can Invite' );
      elseif ( $j == 2 )
        echo '"email"'
         . ( ! empty ( $op['email'] ) && $op['email'] == 'N' ? '' : $checked )
         . ' />' . translate ( 'Can Email' );
      else {
        echo '"time"'
         . ( ! empty ( $op['time'] ) && $op['time'] == 'Y' ? $checked : '' )
         . ' onclick="enableAll( this.checked );" />'
         . translate ( 'Can See Time Only' );
        $bottomedge = 'boxbottom';
      }
      echo '</td>
            <td align="center" class="boxleft ' . $bottomedge . '">'
       . $access_type[$j] . '</td>
            <td align="center" class="boxleft pub ' . $bottomedge . '">'
       . '<input type="checkbox" value="' . $j . '" name="v_' . $j . '"'
       . ( ! empty ( $op['view'] ) && ( $op['view'] & $j ) ? $checked : '' )
       . ' /></td>
            <td class="conf ' . $bottomedge . '"><input type="checkbox" value="'
       . $j * 8 . '" name="v_' . $j * 8 . '"'
       . ( ! empty ( $op['view'] ) && ( $op['view'] & ( $j * 8 ) )
        ? $checked : '' ) . ' /></td>
            <td class="priv ' . $bottomedge . '"><input type="checkbox" value="'
       . $j * 64 . '" name="v_' . $j * 64 . '"'
       . ( ! empty ( $op['view'] ) && ( $op['view'] & ( $j * 64 ) )
        ? $checked : '' ) . ' /></td>'
       . ( $guser != '__public__' ? '
            <td align="center" class="boxleft pub ' . $bottomedge . '"><input '
         . 'type="checkbox" value="' . $j . '" name="e_' . $j . '"'
         . ( ! empty ( $op['edit'] ) && ( $op['edit'] & $j ) ? $checked : '' )
         . ' /></td>
            <td class="conf ' . $bottomedge . '"><input type="checkbox" value="'
         . $j * 8 . '" name="e_' . $j * 8 . '"'
         . ( ! empty ( $op['edit'] ) && ( $op['edit'] & ( $j * 8 ) )
          ? $checked : '' ) . ' /></td>
            <td class="priv ' . $bottomedge . '"><input type="checkbox" value="'
         . $j * 64 . '" name="e_' . $j * 64 . '"'
         . ( ! empty ( $op['edit'] ) && ( $op['edit'] & ( $j * 64 ) )
          ? $checked : '' ) . ' /></td>
            <td align="center" class="boxleft pub ' . $bottomedge . '"><input '
         . 'type="checkbox" value="' . $j . '" name="a_' . $j . '"'
         . ( ! empty ( $op['approve'] ) && ( $op['approve'] & $j )
          ? $checked : '' ) . ' /></td>
            <td class="conf ' . $bottomedge . '"><input type="checkbox" value="'
         . $j * 8 . '" name="a_' . $j * 8 . '"'
         . ( ! empty ( $op['approve'] ) && ( $op['approve'] & ( $j * 8 ) )
          ? $checked : '' ) . ' /></td>
            <td class="boxright priv ' . $bottomedge
         . '"><input type="checkbox" value="' . $j * 64 . '" name="a_' . $j * 64
         . '"' . ( ! empty ( $op['approve'] ) && ( $op['approve'] & ( $j * 64 ) )
          ? $checked : '' ) . ' /></td>'
        : '' ) . '
          </tr>';
    }
    echo '
          <tr>
            <td colspan="2" class="boxleft alignright">'
     . ( $otheruser != '__default__' && $otheruser != '__public__' ? '
              <input type="button" value="' . translate ( 'Assistant' )
       . '" onclick="selectAll(63);" />&nbsp;&nbsp;' : '' ) . '
              <input type="button" value="' . translate ( 'Select All' )
     . '" onclick="selectAll(256);" />&nbsp;&nbsp;
              <input type="button" value="' . translate ( 'Clear All' )
     . '" onclick="selectAll(0);" />
            </td>
            <td colspan="9" class="boxright">
              <table border="0" align="center" cellpadding="5" cellspacing="2">
                <tr>
                  <td class="pub">' . translate ( 'Public' ) . '</td>
                  <td class="conf">' . translate ( 'Confidential' ) . '</td>
                  <td class="priv">' . translate ( 'Private' ) . '</td>
                </tr>
              </table>
            </td>
          </tr>';
  }

  echo '
          <tr>
            <td colspan="11" class="boxleft boxbottom boxright">
              <input type="submit" value="' . $undoStr . '" />
              <input type="submit" name="submit" value="' . $saveStr . '" />
            </td>
          </tr>
        </tbody>
      </table>
    </form>';

  ob_end_flush ();

  ?>
    <script language="javascript" type="text/javascript">
<!-- <![CDATA[
      function selectAll ( limit ) {
        if ( limit == 0 )
          document.EditOther.time.checked = false;

        document.EditOther.email.checked =
        document.EditOther.invite.checked = ( limit != 0 )

        for ( i = 1; i <= 256; ) {
          var
            aname = 'a_' + i,
            ename = 'e_' + i,
            vname = 'v_' + i;

          document.forms['EditOther'].elements[vname].checked = (i <= limit);

          if (document.forms['EditOther'].elements[ename])
            document.forms['EditOther'].elements[ename].checked = (i <= limit);

          if (document.forms['EditOther'].elements[aname])
            document.forms['EditOther'].elements[aname].checked = (i <= limit);

          i = parseInt(i+i);
        }
      }
      function enableAll ( on ) {
        for ( i = 1; i <= 256; ) {
          var
            aname = 'a_' + i,
            ename = 'e_' + i,
            vname = 'v_' + i;

          document.forms['EditOther'].elements[vname].disabled = on;

          if (document.forms['EditOther'].elements[ename])
            document.forms['EditOther'].elements[ename].disabled = on;

          if (document.forms['EditOther'].elements[aname])
            document.forms['EditOther'].elements[aname].disabled = on;

          i = parseInt(i+i);
        }
      }
//]]> -->
    </script>
<?php
}

echo print_trailer ();
// Get the list of users that the specified user can see.
function get_list_of_users ( $user ) {
  global $is_admin, $is_nonuser_admin;
  //Let Admins userlist be returnd
  if ( $user == '__default__' )
    $user = '';
  $u = get_my_users ( $user, 'view' );
  if ( $is_admin || $is_nonuser_admin ) {
    // Get public NUCs also.
    $nonusers = get_my_nonusers ( $user, true );
    $u = array_merge ( $nonusers, $u );
  }
  return $u;
}

?>
Return current item: WebCalendar