begin #298 add privilege and add users to shifts by angeltype supporter

This commit is contained in:
msquare 2016-12-24 17:00:03 +01:00
parent 11bea2a3ce
commit e86d75b4d9
3 changed files with 82 additions and 31 deletions

View File

@ -16,3 +16,6 @@ ALTER TABLE `AngelTypes`
ADD INDEX (`contact_user_id`); ADD INDEX (`contact_user_id`);
ALTER TABLE `AngelTypes` ALTER TABLE `AngelTypes`
ADD FOREIGN KEY (`contact_user_id`) REFERENCES `User`(`UID`) ON DELETE SET NULL ON UPDATE CASCADE; ADD FOREIGN KEY (`contact_user_id`) REFERENCES `User`(`UID`) ON DELETE SET NULL ON UPDATE CASCADE;
INSERT INTO `Privileges` (`id`, `name`, `desc`) VALUES (NULL, 'shiftentry_edit_angeltype_supporter', 'If user with this privilege is angeltype supporter, he can put users in shifts for their angeltype');

View File

@ -31,25 +31,23 @@ function shift_entry_add_controller() {
redirect(page_link_to('user_shifts')); redirect(page_link_to('user_shifts'));
} }
if (in_array('user_shifts_admin', $privileges)) { if (in_array('user_shifts_admin', $privileges) || in_array('shiftentry_edit_angeltype_supporter', $privileges)) {
$type = sql_select("SELECT * FROM `AngelTypes` WHERE `id`='" . sql_escape($type_id) . "' LIMIT 1"); $type = AngelType($type_id);
} else { } else {
$type = sql_select("SELECT * FROM `UserAngelTypes` JOIN `AngelTypes` ON (`UserAngelTypes`.`angeltype_id` = `AngelTypes`.`id`) WHERE `AngelTypes`.`id` = '" . sql_escape($type_id) . "' AND (`AngelTypes`.`restricted` = 0 OR (`UserAngelTypes`.`user_id` = '" . sql_escape($user['UID']) . "' AND NOT `UserAngelTypes`.`confirm_user_id` IS NULL)) LIMIT 1"); $type = sql_select("SELECT * FROM `UserAngelTypes` JOIN `AngelTypes` ON (`UserAngelTypes`.`angeltype_id` = `AngelTypes`.`id`) WHERE `AngelTypes`.`id` = '" . sql_escape($type_id) . "' AND (`AngelTypes`.`restricted` = 0 OR (`UserAngelTypes`.`user_id` = '" . sql_escape($user['UID']) . "' AND NOT `UserAngelTypes`.`confirm_user_id` IS NULL)) LIMIT 1");
$type = $type[0];
} }
if ($type == null) {
if (count($type) == 0) {
redirect(page_link_to('user_shifts')); redirect(page_link_to('user_shifts'));
} }
$type = $type[0];
if (isset($_REQUEST['user_id']) && preg_match("/^[0-9]*$/", $_REQUEST['user_id']) && (in_array('user_shifts_admin', $privileges) || in_array('shiftentry_edit_angeltype_supporter', $privileges))) {
if (isset($_REQUEST['user_id']) && preg_match("/^[0-9]*$/", $_REQUEST['user_id']) &&
in_array('user_shifts_admin', $privileges)) {
$user_id = $_REQUEST['user_id']; $user_id = $_REQUEST['user_id'];
} else { } else {
$user_id = $user['UID']; $user_id = $user['UID'];
} }
$shift_signup_allowed = Shift_signup_allowed(User($user_id), $shift, $type); $shift_signup_allowed = Shift_signup_allowed(User($user_id), $shift, $type);
if (! $shift_signup_allowed->isSignupAllowed()) { if (! $shift_signup_allowed->isSignupAllowed()) {
error(_("You are not allowed to sign up for this shift. Maybe shift is full or already running.")); error(_("You are not allowed to sign up for this shift. Maybe shift is full or already running."));
@ -58,8 +56,8 @@ function shift_entry_add_controller() {
if (isset($_REQUEST['submit'])) { if (isset($_REQUEST['submit'])) {
$selected_type_id = $type_id; $selected_type_id = $type_id;
if (in_array('user_shifts_admin', $privileges)) { if (in_array('user_shifts_admin', $privileges) || in_array('shiftentry_edit_angeltype_supporter', $privileges)) {
if (sql_num_query("SELECT * FROM `User` WHERE `UID`='" . sql_escape($user_id) . "' LIMIT 1") == 0) { if (sql_num_query("SELECT * FROM `User` WHERE `UID`='" . sql_escape($user_id) . "' LIMIT 1") == 0) {
redirect(page_link_to('user_shifts')); redirect(page_link_to('user_shifts'));
} }
@ -106,7 +104,6 @@ function shift_entry_add_controller() {
if (in_array('user_shifts_admin', $privileges)) { if (in_array('user_shifts_admin', $privileges)) {
$users = sql_select("SELECT *, (SELECT count(*) FROM `ShiftEntry` WHERE `freeloaded`=1 AND `ShiftEntry`.`UID`=`User`.`UID`) AS `freeloaded` FROM `User` ORDER BY `Nick`"); $users = sql_select("SELECT *, (SELECT count(*) FROM `ShiftEntry` WHERE `freeloaded`=1 AND `ShiftEntry`.`UID`=`User`.`UID`) AS `freeloaded` FROM `User` ORDER BY `Nick`");
$users_select = []; $users_select = [];
foreach ($users as $usr) { foreach ($users as $usr) {
$users_select[$usr['UID']] = $usr['Nick'] . ($usr['freeloaded'] == 0 ? "" : " (" . _("Freeloader") . ")"); $users_select[$usr['UID']] = $usr['Nick'] . ($usr['freeloaded'] == 0 ? "" : " (" . _("Freeloader") . ")");
} }
@ -118,12 +115,30 @@ function shift_entry_add_controller() {
$angeltypes[$angeltype['id']] = $angeltype['name']; $angeltypes[$angeltype['id']] = $angeltype['name'];
} }
$angeltype_select = html_select_key('angeltype_id', 'angeltype_id', $angeltypes, $type['id']); $angeltype_select = html_select_key('angeltype_id', 'angeltype_id', $angeltypes, $type['id']);
} elseif (in_array('shiftentry_edit_angeltype_supporter', $privileges)) {
$users = Users_by_angeltype($type);
$users_select = [];
foreach ($users as $usr) {
if (! $type['restricted'] || $usr['confirm_user_id'] != null) {
$users_select[$usr['UID']] = $usr['Nick'];
}
}
$user_text = html_select_key('user_id', 'user_id', $users_select, $user['UID']);
$angeltypes_source = User_angeltypes($user);
$angeltypes = [];
foreach ($angeltypes_source as $angeltype) {
if ($angeltype['supporter']) {
$angeltypes[$angeltype['id']] = $angeltype['name'];
}
$angeltype_select = html_select_key('angeltype_id', 'angeltype_id', $angeltypes, $type['id']);
}
} else { } else {
$user_text = User_Nick_render($user); $user_text = User_Nick_render($user);
$angeltype_select = $type['name']; $angeltype_select = $type['name'];
} }
return ShiftEntry_edit_view($user_text, date("Y-m-d H:i", $shift['start']) . ' – ' . date('Y-m-d H:i', $shift['end']) . ' (' . shift_length($shift) . ')', $shift['Name'], $shift['name'], $angeltype_select, "", false, null, in_array('user_shifts_admin', $privileges)); return ShiftEntry_edit_view($user_text, date("Y-m-d H:i", $shift['start']) . ' – ' . date('Y-m-d H:i', $shift['end']) . ' (' . shift_length($shift) . ')', $shift['Name'], $shift['name'], $angeltype_select, "", false, null, in_array('user_shifts_admin', $privileges) || in_array('shiftentry_edit_angeltype_supporter', $privileges));
} }
/** /**

View File

@ -111,7 +111,7 @@ function Shift_free_entries($shift_id, $angeltype_id) {
} }
/** /**
* Check if an angel can sign up for given shift. * Check if shift signup is allowed from the end users point of view (no admin like privileges)
* *
* @param Shift $shift * @param Shift $shift
* The shift * The shift
@ -119,21 +119,12 @@ function Shift_free_entries($shift_id, $angeltype_id) {
* The angeltype to which the user wants to sign up * The angeltype to which the user wants to sign up
* @param array<Shift> $user_shifts * @param array<Shift> $user_shifts
* List of the users shifts * List of the users shifts
* @param boolean $angeltype_supporter
* True, if the user has angeltype supporter rights for the angeltype, which enables him to sign somebody up for the shift.
*/ */
function Shift_signup_allowed($user, $shift, $angeltype, $user_angeltype = null, $user_shifts = null) { function Shift_signup_allowed_angel($user, $shift, $angeltype, $user_angeltype, $user_shifts, $angeltype_supporter = false) {
global $privileges;
$free_entries = Shift_free_entries($shift['SID'], $angeltype['id']); $free_entries = Shift_free_entries($shift['SID'], $angeltype['id']);
if (in_array('user_shifts_admin', $privileges)) {
if ($free_entries == 0) {
// User shift admins may join anybody in every shift
return new ShiftSignupState(ShiftSignupState::ADMIN, $free_entries);
}
return new ShiftSignupState(ShiftSignupState::FREE, $free_entries);
}
if ($user_shifts == null) { if ($user_shifts == null) {
$user_shifts = Shifts_by_user($user); $user_shifts = Shifts_by_user($user);
} }
@ -159,16 +150,16 @@ function Shift_signup_allowed($user, $shift, $angeltype, $user_angeltype = null,
// you cannot join if shift is full // you cannot join if shift is full
return new ShiftSignupState(ShiftSignupState::OCCUPIED, $free_entries); return new ShiftSignupState(ShiftSignupState::OCCUPIED, $free_entries);
} }
if ($user_angeltype == null) { if ($user_angeltype == null) {
$user_angeltype = UserAngelType_by_User_and_AngelType($user, $angeltype); $user_angeltype = UserAngelType_by_User_and_AngelType($user, $angeltype);
} }
if ($user_angeltype == null || ($angeltype['no_self_signup'] == 1 && $user_angeltype != null) || if ($user_angeltype == null || ($angeltype['no_self_signup'] == 1 && $user_angeltype != null && $angeltype_supporter === false) || ($angeltype['restricted'] == 1 && $user_angeltype != null && ! isset($user_angeltype['confirm_user_id']))) {
($angeltype['restricted'] == 1 && $user_angeltype != null && ! isset($user_angeltype['confirm_user_id']))) {
// you cannot join if user is not of this angel type // you cannot join if user is not of this angel type
// you cannot join if you are not confirmed // you cannot join if you are not confirmed
// you cannot join if angeltype has no self signup
return new ShiftSignupState(ShiftSignupState::ANGELTYPE, $free_entries); return new ShiftSignupState(ShiftSignupState::ANGELTYPE, $free_entries);
} }
@ -181,6 +172,48 @@ function Shift_signup_allowed($user, $shift, $angeltype, $user_angeltype = null,
return new ShiftSignupState(ShiftSignupState::FREE, $free_entries); return new ShiftSignupState(ShiftSignupState::FREE, $free_entries);
} }
/**
* Check if an admin can sign up a user to a shift.
*
* @param Shift $shift
* The shift
* @param AngelType $angeltype
* The angeltype to which the user wants to sign up
*/
function Shift_signup_allowed_admin($shift, $angeltype) {
$free_entries = Shift_free_entries($shift['SID'], $angeltype['id']);
if ($free_entries == 0) {
// User shift admins may join anybody in every shift
return new ShiftSignupState(ShiftSignupState::ADMIN, $free_entries);
}
return new ShiftSignupState(ShiftSignupState::FREE, $free_entries);
}
/**
* Check if an angel can sign up for given shift.
*
* @param Shift $shift
* The shift
* @param AngelType $angeltype
* The angeltype to which the user wants to sign up
* @param array<Shift> $user_shifts
* List of the users shifts
*/
function Shift_signup_allowed($signup_user, $shift, $angeltype, $user_angeltype = null, $user_shifts = null) {
global $user, $privileges;
if (in_array('user_shifts_admin', $privileges)) {
return Shift_signup_allowed_admin($shift, $angeltype);
}
if (in_array('shiftentry_edit_angeltype_supporter', $privileges) && User_is_AngelType_supporter($user, $angeltype)) {
return Shift_signup_allowed_angel($signup_user, $shift, $angeltype, $user_angeltype, $user_shifts, true);
}
return Shift_signup_allowed_angel($signup_user, $shift, $angeltype, $user_angeltype, $user_shifts, false);
}
/** /**
* Delete a shift by its external id. * Delete a shift by its external id.
*/ */