engelsystem/includes/controller/users_controller.php

462 lines
12 KiB
PHP
Raw Normal View History

2013-12-26 13:34:48 +01:00
<?php
2016-12-28 14:53:35 +01:00
use Engelsystem\ShiftCalendarRenderer;
2017-01-02 15:43:36 +01:00
use Engelsystem\ShiftsFilter;
2013-12-26 13:34:48 +01:00
/**
2014-08-22 22:34:13 +02:00
* Route user actions.
2017-01-03 03:22:48 +01:00
*
* @return array
2014-08-22 22:34:13 +02:00
*/
2017-01-02 03:57:23 +01:00
function users_controller()
{
global $user;
2017-01-02 15:43:36 +01:00
if (!isset($user)) {
2017-01-02 03:57:23 +01:00
redirect(page_link_to(''));
}
2017-01-02 15:43:36 +01:00
if (!isset($_REQUEST['action'])) {
2017-01-02 03:57:23 +01:00
$_REQUEST['action'] = 'list';
}
2017-01-02 15:43:36 +01:00
2017-01-02 03:57:23 +01:00
switch ($_REQUEST['action']) {
2017-01-02 15:43:36 +01:00
case 'view':
return user_controller();
case 'delete':
return user_delete_controller();
case 'edit_vouchers':
return user_edit_vouchers_controller();
2017-01-03 03:22:48 +01:00
case 'list':
default:
return users_list_controller();
2017-01-02 15:43:36 +01:00
}
2014-08-22 22:34:13 +02:00
}
/**
* Delete a user, requires to enter own password for reasons.
2017-01-03 03:22:48 +01:00
*
* @return array
*/
2017-01-02 03:57:23 +01:00
function user_delete_controller()
{
global $privileges, $user;
2017-01-02 15:43:36 +01:00
2017-01-02 03:57:23 +01:00
if (isset($_REQUEST['user_id'])) {
$user_source = User($_REQUEST['user_id']);
} else {
$user_source = $user;
}
2017-01-02 15:43:36 +01:00
if (!in_array('admin_user', $privileges)) {
2017-01-02 03:57:23 +01:00
redirect(page_link_to(''));
}
2017-01-02 15:43:36 +01:00
// You cannot delete yourself
if ($user['UID'] == $user_source['UID']) {
2017-01-03 14:12:17 +01:00
error(_('You cannot delete yourself.'));
2017-01-02 15:43:36 +01:00
redirect(user_link($user));
}
2017-01-02 03:57:23 +01:00
if (isset($_REQUEST['submit'])) {
$valid = true;
2017-01-02 15:43:36 +01:00
if (!(isset($_REQUEST['password']) && verify_password($_REQUEST['password'], $user['Passwort'],
$user['UID']))
) {
2017-01-02 03:57:23 +01:00
$valid = false;
2017-01-03 14:12:17 +01:00
error(_('Your password is incorrect. Please try it again.'));
2017-01-02 03:57:23 +01:00
}
2017-01-02 15:43:36 +01:00
2017-01-02 03:57:23 +01:00
if ($valid) {
$result = User_delete($user_source['UID']);
if ($result === false) {
engelsystem_error('Unable to delete user.');
}
2017-01-02 15:43:36 +01:00
2017-01-02 03:57:23 +01:00
mail_user_delete($user_source);
2017-01-03 14:12:17 +01:00
success(_('User deleted.'));
engelsystem_log(sprintf('Deleted %s', User_Nick_render($user_source)));
2017-01-02 15:43:36 +01:00
2017-01-02 03:57:23 +01:00
redirect(users_link());
}
}
2017-01-02 15:43:36 +01:00
2017-01-02 03:57:23 +01:00
return [
2017-01-03 14:12:17 +01:00
sprintf(_('Delete %s'), $user_source['Nick']),
2017-01-02 15:43:36 +01:00
User_delete_view($user_source)
];
}
2017-01-03 03:22:48 +01:00
/**
* @return string
*/
2017-01-02 03:57:23 +01:00
function users_link()
{
return page_link_to('users');
2014-12-27 21:55:24 +01:00
}
2017-01-03 03:22:48 +01:00
/**
* @param array $user
* @return string
*/
2017-01-02 03:57:23 +01:00
function user_edit_link($user)
{
return page_link_to('admin_user') . '&user_id=' . $user['UID'];
}
2017-01-03 03:22:48 +01:00
/**
* @param array $user
* @return string
*/
2017-01-02 03:57:23 +01:00
function user_delete_link($user)
{
return page_link_to('users') . '&action=delete&user_id=' . $user['UID'];
}
2017-01-03 03:22:48 +01:00
/**
* @param array $user
* @return string
*/
2017-01-02 03:57:23 +01:00
function user_link($user)
{
return page_link_to('users') . '&action=view&user_id=' . $user['UID'];
2014-12-26 01:49:59 +01:00
}
2017-01-03 03:22:48 +01:00
/**
* @return array
*/
2017-01-02 03:57:23 +01:00
function user_edit_vouchers_controller()
{
global $privileges, $user;
2017-01-02 15:43:36 +01:00
2017-01-02 03:57:23 +01:00
if (isset($_REQUEST['user_id'])) {
$user_source = User($_REQUEST['user_id']);
} else {
$user_source = $user;
}
2017-01-02 15:43:36 +01:00
if (!in_array('admin_user', $privileges)) {
2017-01-02 03:57:23 +01:00
redirect(page_link_to(''));
}
2017-01-02 15:43:36 +01:00
2017-01-02 03:57:23 +01:00
if (isset($_REQUEST['submit'])) {
$valid = true;
2017-01-02 15:43:36 +01:00
2017-01-03 03:22:48 +01:00
$vouchers = '';
2017-01-02 03:57:23 +01:00
if (isset($_REQUEST['vouchers']) && test_request_int('vouchers') && trim($_REQUEST['vouchers']) >= 0) {
$vouchers = trim($_REQUEST['vouchers']);
} else {
$valid = false;
2017-01-03 14:12:17 +01:00
error(_('Please enter a valid number of vouchers.'));
2017-01-02 03:57:23 +01:00
}
2017-01-02 15:43:36 +01:00
2017-01-02 03:57:23 +01:00
if ($valid) {
$user_source['got_voucher'] = $vouchers;
2017-01-02 15:43:36 +01:00
2017-01-02 03:57:23 +01:00
$result = User_update($user_source);
if ($result === false) {
engelsystem_error('Unable to update user.');
}
2017-01-02 15:43:36 +01:00
2017-01-03 14:12:17 +01:00
success(_('Saved the number of vouchers.'));
engelsystem_log(User_Nick_render($user_source) . ': ' . sprintf('Got %s vouchers',
2017-01-02 15:43:36 +01:00
$user_source['got_voucher']));
2017-01-02 03:57:23 +01:00
redirect(user_link($user_source));
}
2015-08-12 23:44:39 +02:00
}
2017-01-02 15:43:36 +01:00
2017-01-02 03:57:23 +01:00
return [
2017-01-03 14:12:17 +01:00
sprintf(_('%s\'s vouchers'), $user_source['Nick']),
2017-01-02 15:43:36 +01:00
User_edit_vouchers_view($user_source)
];
2014-12-26 01:49:59 +01:00
}
2017-01-03 03:22:48 +01:00
/**
* @return array
*/
2017-01-02 03:57:23 +01:00
function user_controller()
{
global $privileges, $user;
2017-01-02 15:43:36 +01:00
2017-01-02 03:57:23 +01:00
$user_source = $user;
if (isset($_REQUEST['user_id'])) {
$user_source = User($_REQUEST['user_id']);
if ($user_source == null) {
2017-01-03 14:12:17 +01:00
error(_('User not found.'));
2017-01-02 03:57:23 +01:00
redirect('?');
}
}
2017-01-02 15:43:36 +01:00
2017-01-03 14:12:17 +01:00
$shifts = Shifts_by_user($user_source, in_array('user_shifts_admin', $privileges));
2017-01-02 03:57:23 +01:00
foreach ($shifts as &$shift) {
// TODO: Move queries to model
2017-01-03 03:22:48 +01:00
$shift['needed_angeltypes'] = sql_select("
SELECT DISTINCT `AngelTypes`.*
FROM `ShiftEntry`
JOIN `AngelTypes` ON `ShiftEntry`.`TID`=`AngelTypes`.`id`
WHERE `ShiftEntry`.`SID`='" . sql_escape($shift['SID']) . "'
ORDER BY `AngelTypes`.`name`
");
2017-01-02 03:57:23 +01:00
foreach ($shift['needed_angeltypes'] as &$needed_angeltype) {
$needed_angeltype['users'] = sql_select("
SELECT `ShiftEntry`.`freeloaded`, `User`.*
FROM `ShiftEntry`
JOIN `User` ON `ShiftEntry`.`UID`=`User`.`UID`
2014-12-28 13:44:56 +01:00
WHERE `ShiftEntry`.`SID`='" . sql_escape($shift['SID']) . "'
AND `ShiftEntry`.`TID`='" . sql_escape($needed_angeltype['id']) . "'");
2017-01-02 03:57:23 +01:00
}
2014-08-23 01:55:18 +02:00
}
2017-01-02 15:43:36 +01:00
2017-01-03 14:12:17 +01:00
if ($user_source['api_key'] == '') {
2017-01-02 03:57:23 +01:00
User_reset_api_key($user_source, false);
}
2017-01-02 15:43:36 +01:00
2017-01-02 03:57:23 +01:00
return [
2017-01-02 15:43:36 +01:00
$user_source['Nick'],
User_view(
$user_source,
in_array('admin_user', $privileges),
User_is_freeloader($user_source),
User_angeltypes($user_source),
User_groups($user_source),
$shifts,
$user['UID'] == $user_source['UID']
)
];
2014-08-22 22:34:13 +02:00
}
2014-09-28 15:01:02 +02:00
/**
* List all users.
2017-01-03 03:22:48 +01:00
*
* @return array
2014-09-28 15:01:02 +02:00
*/
2017-01-02 03:57:23 +01:00
function users_list_controller()
{
global $privileges;
2017-01-02 15:43:36 +01:00
if (!in_array('admin_user', $privileges)) {
2017-01-02 03:57:23 +01:00
redirect(page_link_to(''));
}
2017-01-02 15:43:36 +01:00
2017-01-02 03:57:23 +01:00
$order_by = 'Nick';
if (isset($_REQUEST['OrderBy']) && in_array($_REQUEST['OrderBy'], User_sortable_columns())) {
$order_by = $_REQUEST['OrderBy'];
}
2017-01-02 15:43:36 +01:00
2017-01-02 03:57:23 +01:00
$users = Users($order_by);
if ($users === false) {
engelsystem_error('Unable to load users.');
}
2017-01-02 15:43:36 +01:00
2017-01-02 03:57:23 +01:00
foreach ($users as &$user) {
$user['freeloads'] = count(ShiftEntries_freeloaded_by_user($user));
}
2017-01-02 15:43:36 +01:00
2017-01-02 03:57:23 +01:00
return [
2017-01-02 15:43:36 +01:00
_('All users'),
Users_view(
$users,
$order_by,
User_arrived_count(),
User_active_count(),
User_force_active_count(),
ShiftEntries_freeleaded_count(),
User_tshirts_count(),
User_got_voucher_count()
)
];
2014-08-22 22:34:13 +02:00
}
/**
* Second step of password recovery: set a new password using the token link from email
2017-01-03 03:22:48 +01:00
*
* @return string
2013-12-26 13:34:48 +01:00
*/
2017-01-02 03:57:23 +01:00
function user_password_recovery_set_new_controller()
{
global $min_password_length;
$user_source = User_by_password_recovery_token($_REQUEST['token']);
if ($user_source == null) {
2017-01-03 14:12:17 +01:00
error(_('Token is not correct.'));
2017-01-02 03:57:23 +01:00
redirect(page_link_to('login'));
}
2017-01-02 15:43:36 +01:00
2017-01-02 03:57:23 +01:00
if (isset($_REQUEST['submit'])) {
$valid = true;
2017-01-02 03:57:23 +01:00
if (isset($_REQUEST['password']) && strlen($_REQUEST['password']) >= $min_password_length) {
if ($_REQUEST['password'] != $_REQUEST['password2']) {
$valid = false;
2017-01-03 14:12:17 +01:00
error(_('Your passwords don\'t match.'));
2017-01-02 03:57:23 +01:00
}
} else {
$valid = false;
2017-01-03 14:12:17 +01:00
error(_('Your password is to short (please use at least 6 characters).'));
2017-01-02 03:57:23 +01:00
}
2017-01-02 15:43:36 +01:00
2017-01-02 03:57:23 +01:00
if ($valid) {
set_password($user_source['UID'], $_REQUEST['password']);
2017-01-03 14:12:17 +01:00
success(_('Password saved.'));
2017-01-02 03:57:23 +01:00
redirect(page_link_to('login'));
}
}
2017-01-02 15:43:36 +01:00
2017-01-02 03:57:23 +01:00
return User_password_set_view();
}
/**
* First step of password recovery: display a form that asks for your email and send email with recovery link
2017-01-03 03:22:48 +01:00
*
* @return string
*/
2017-01-02 03:57:23 +01:00
function user_password_recovery_start_controller()
{
if (isset($_REQUEST['submit'])) {
$valid = true;
2017-01-02 15:43:36 +01:00
2017-01-02 03:57:23 +01:00
if (isset($_REQUEST['email']) && strlen(strip_request_item('email')) > 0) {
$email = strip_request_item('email');
if (check_email($email)) {
$user_source = User_by_email($email);
if ($user_source == null) {
$valid = false;
2017-01-03 14:12:17 +01:00
error(_('E-mail address is not correct.'));
2017-01-02 03:57:23 +01:00
}
} else {
$valid = false;
2017-01-03 14:12:17 +01:00
error(_('E-mail address is not correct.'));
2017-01-02 03:57:23 +01:00
}
} else {
$valid = false;
2017-01-03 14:12:17 +01:00
error(_('Please enter your e-mail.'));
2013-12-26 13:34:48 +01:00
}
2017-01-02 15:43:36 +01:00
2017-01-02 03:57:23 +01:00
if ($valid) {
$token = User_generate_password_recovery_token($user_source);
2017-01-02 15:43:36 +01:00
engelsystem_email_to_user(
$user_source,
2017-01-03 14:12:17 +01:00
_('Password recovery'),
2017-01-02 15:43:36 +01:00
sprintf(
2017-01-03 14:12:17 +01:00
_('Please visit %s to recover your password.'),
2017-01-02 15:43:36 +01:00
page_link_to_absolute('user_password_recovery') . '&token=' . $token
)
);
2017-01-03 14:12:17 +01:00
success(_('We sent an email containing your password recovery link.'));
2017-01-02 03:57:23 +01:00
redirect(page_link_to('login'));
}
}
2017-01-02 15:43:36 +01:00
2017-01-02 03:57:23 +01:00
return User_password_recovery_view();
}
/**
* User password recovery in 2 steps.
* (By email)
2017-01-03 03:22:48 +01:00
*
* @return string
*/
2017-01-02 03:57:23 +01:00
function user_password_recovery_controller()
{
if (isset($_REQUEST['token'])) {
return user_password_recovery_set_new_controller();
}
2017-01-03 03:22:48 +01:00
return user_password_recovery_start_controller();
2013-12-26 13:34:48 +01:00
}
2014-01-07 16:19:35 +01:00
/**
* Menu title for password recovery.
2017-01-03 03:22:48 +01:00
*
* @return string
2014-01-07 16:19:35 +01:00
*/
2017-01-02 03:57:23 +01:00
function user_password_recovery_title()
{
2017-01-03 14:12:17 +01:00
return _('Password recovery');
2013-12-26 13:34:48 +01:00
}
2016-09-30 16:55:47 +02:00
/**
* Loads a user from param user_id.
2017-01-03 03:22:48 +01:00
*
* return array
2016-09-30 16:55:47 +02:00
*/
2017-01-02 03:57:23 +01:00
function load_user()
{
2017-01-02 15:43:36 +01:00
if (!isset($_REQUEST['user_id'])) {
2017-01-02 03:57:23 +01:00
redirect(page_link_to());
}
2017-01-02 15:43:36 +01:00
2017-01-02 03:57:23 +01:00
$user = User($_REQUEST['user_id']);
if ($user === false) {
2017-01-03 14:12:17 +01:00
engelsystem_error('Unable to load user.');
2017-01-02 03:57:23 +01:00
}
2017-01-02 15:43:36 +01:00
2017-01-02 03:57:23 +01:00
if ($user == null) {
2017-01-03 14:12:17 +01:00
error(_('User doesn\'t exist.'));
2017-01-02 03:57:23 +01:00
redirect(page_link_to());
}
2017-01-02 15:43:36 +01:00
2017-01-02 03:57:23 +01:00
return $user;
2016-09-30 16:55:47 +02:00
}
2017-01-03 03:22:48 +01:00
/**
* @param ShiftsFilter $shiftsFilter
* @return ShiftCalendarRenderer
*/
2017-01-02 03:57:23 +01:00
function shiftCalendarRendererByShiftFilter(ShiftsFilter $shiftsFilter)
{
$shifts = Shifts_by_ShiftsFilter($shiftsFilter);
$needed_angeltypes_source = NeededAngeltypes_by_ShiftsFilter($shiftsFilter);
$shift_entries_source = ShiftEntries_by_ShiftsFilter($shiftsFilter);
2017-01-02 15:43:36 +01:00
2017-01-02 03:57:23 +01:00
$needed_angeltypes = [];
$shift_entries = [];
foreach ($shifts as $shift) {
$needed_angeltypes[$shift['SID']] = [];
$shift_entries[$shift['SID']] = [];
2016-12-29 14:51:43 +01:00
}
2017-01-02 03:57:23 +01:00
foreach ($shift_entries_source as $shift_entry) {
if (isset($shift_entries[$shift_entry['SID']])) {
$shift_entries[$shift_entry['SID']][] = $shift_entry;
}
2016-12-29 14:51:43 +01:00
}
2017-01-02 03:57:23 +01:00
foreach ($needed_angeltypes_source as $needed_angeltype) {
if (isset($needed_angeltypes[$needed_angeltype['SID']])) {
$needed_angeltypes[$needed_angeltype['SID']][] = $needed_angeltype;
2016-12-29 15:33:21 +01:00
}
2016-12-29 14:51:43 +01:00
}
2017-01-02 03:57:23 +01:00
unset($needed_angeltypes_source);
unset($shift_entries_source);
2017-01-02 15:43:36 +01:00
if (
in_array(ShiftsFilter::FILLED_FREE, $shiftsFilter->getFilled())
&& in_array(ShiftsFilter::FILLED_FILLED, $shiftsFilter->getFilled())
) {
2017-01-02 03:57:23 +01:00
return new ShiftCalendarRenderer($shifts, $needed_angeltypes, $shift_entries, $shiftsFilter);
2016-12-29 14:51:43 +01:00
}
2017-01-02 15:43:36 +01:00
2017-01-02 03:57:23 +01:00
$filtered_shifts = [];
foreach ($shifts as $shift) {
$needed_angels_count = 0;
2017-01-03 03:22:48 +01:00
$taken = 0;
2017-01-02 03:57:23 +01:00
foreach ($needed_angeltypes[$shift['SID']] as $needed_angeltype) {
$taken = 0;
foreach ($shift_entries[$shift['SID']] as $shift_entry) {
if ($needed_angeltype['angel_type_id'] == $shift_entry['TID'] && $shift_entry['freeloaded'] == 0) {
2017-01-02 15:43:36 +01:00
$taken++;
2017-01-02 03:57:23 +01:00
}
}
2017-01-02 15:43:36 +01:00
2017-01-02 03:57:23 +01:00
$needed_angels_count += max(0, $needed_angeltype['count'] - $taken);
}
if (in_array(ShiftsFilter::FILLED_FREE, $shiftsFilter->getFilled()) && $taken < $needed_angels_count) {
$filtered_shifts[] = $shift;
}
if (in_array(ShiftsFilter::FILLED_FILLED, $shiftsFilter->getFilled()) && $taken >= $needed_angels_count) {
$filtered_shifts[] = $shift;
}
2016-12-29 14:51:43 +01:00
}
2017-01-02 15:43:36 +01:00
2017-01-02 03:57:23 +01:00
return new ShiftCalendarRenderer($filtered_shifts, $needed_angeltypes, $shift_entries, $shiftsFilter);
2016-12-28 14:53:35 +01:00
}