modify profile permission

git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@517 c66351dc-e62f-0410-b875-e3a5c0b9693f
This commit is contained in:
Evgeny Gryaznov 2009-05-31 16:13:22 +00:00
parent 3ab00d8111
commit 4b790f7fcf
8 changed files with 54 additions and 20 deletions

View File

@ -15,13 +15,15 @@
$can_administrate = 0; $can_administrate = 0;
$can_takeover = 1; $can_takeover = 1;
$can_viewthreads = 2; $can_viewthreads = 2;
$can_modifyprofile = 3;
$can_count = 3; $can_count = 4;
$permission_ids = array( $permission_ids = array(
$can_administrate => "admin", $can_administrate => "admin",
$can_takeover => "takeover", $can_takeover => "takeover",
$can_viewthreads => "viewthreads" $can_viewthreads => "viewthreads",
$can_modifyprofile => "modifyprofile"
); );
function operator_by_login($login) { function operator_by_login($login) {

View File

@ -332,6 +332,7 @@ pending.table.head.waittime=Waiting time
pending.table.speak=Click to chat with the visitor pending.table.speak=Click to chat with the visitor
pending.table.view=Watch the chat pending.table.view=Watch the chat
permission.admin=System administration: settings, operators management, button generation permission.admin=System administration: settings, operators management, button generation
permission.modifyprofile=Ability to modify profile
permission.takeover=Take over chat thread permission.takeover=Take over chat thread
permission.viewthreads=View another operator's chat thread permission.viewthreads=View another operator's chat thread
permissions.intro=Change restrictions and available features for this operator. permissions.intro=Change restrictions and available features for this operator.

View File

@ -22,6 +22,9 @@ $opId = verifyparam( "op","/^\d{1,9}$/");
$page = array('opid' => $opId, 'avatar' => ''); $page = array('opid' => $opId, 'avatar' => '');
$errors = array(); $errors = array();
$canmodify = ($opId == $operator['operatorid'] && is_capable($can_modifyprofile, $operator))
|| is_capable($can_administrate, $operator);
$op = operator_by_id($opId); $op = operator_by_id($opId);
if( !$op ) { if( !$op ) {
@ -30,7 +33,7 @@ if( !$op ) {
} else if( isset($_POST['op']) ) { } else if( isset($_POST['op']) ) {
$avatar = $op['vcavatar']; $avatar = $op['vcavatar'];
if($opId != $operator['operatorid'] && !is_capable($can_administrate, $operator)) { if(!$canmodify) {
$errors[] = getlocal('page_agent.cannot_modify'); $errors[] = getlocal('page_agent.cannot_modify');
} else if( isset($_FILES['avatarFile']) && $_FILES['avatarFile']['name']) { } else if( isset($_FILES['avatarFile']) && $_FILES['avatarFile']['name']) {
@ -77,7 +80,7 @@ if( !$op ) {
} }
} else { } else {
if (isset($_GET['delete']) && $_GET['delete'] == "true") { if (isset($_GET['delete']) && $_GET['delete'] == "true" && $canmodify) {
update_operator_avatar($op['operatorid'],''); update_operator_avatar($op['operatorid'],'');
header("Location: $webimroot/operator/avatar.php?op=$opId"); header("Location: $webimroot/operator/avatar.php?op=$opId");
exit; exit;
@ -86,6 +89,7 @@ if( !$op ) {
} }
$page['currentop'] = $op ? topage(get_operator_name($op))." (".$op['vclogin'].")" : "-not found-"; $page['currentop'] = $op ? topage(get_operator_name($op))." (".$op['vclogin'].")" : "-not found-";
$page['canmodify'] = $canmodify ? "1" : "";
prepare_menu($operator); prepare_menu($operator);
setup_operator_settings_tabs($opId,1); setup_operator_settings_tabs($opId,1);

View File

@ -53,8 +53,9 @@ if( isset($_POST['login']) && isset($_POST['password']) ) {
( $opId && $existing_operator && $opId != $existing_operator['operatorid']) ) ( $opId && $existing_operator && $opId != $existing_operator['operatorid']) )
$errors[] = getlocal("page_agent.error.duplicate_login"); $errors[] = getlocal("page_agent.error.duplicate_login");
$canmodify = ($opId == $operator['operatorid'] && is_capable($can_modifyprofile, $operator))
if($opId != $operator['operatorid'] && !is_capable($can_administrate, $operator)) { || is_capable($can_administrate, $operator);
if(!$canmodify) {
$errors[] = getlocal('page_agent.cannot_modify'); $errors[] = getlocal('page_agent.cannot_modify');
} }
@ -90,7 +91,16 @@ if( isset($_POST['login']) && isset($_POST['password']) ) {
} }
} }
if(!$opId && !is_capable($can_administrate, $operator)) {
$errors[] = "You are not allowed to create operators";
}
$canmodify = ($opId == $operator['operatorid'] && is_capable($can_modifyprofile, $operator))
|| is_capable($can_administrate, $operator);
$page['stored'] = isset($_GET['stored']); $page['stored'] = isset($_GET['stored']);
$page['canmodify'] = $canmodify ? "1" : "";
prepare_menu($operator); prepare_menu($operator);
setup_operator_settings_tabs($opId,0); setup_operator_settings_tabs($opId,0);
start_html_output(); start_html_output();

View File

@ -32,6 +32,9 @@ $page = array('opid' => $opId);
$page['groups'] = get_groups(false); $page['groups'] = get_groups(false);
$errors = array(); $errors = array();
$canmodify = ($opId == $operator['operatorid'] && is_capable($can_modifyprofile, $operator))
|| is_capable($can_administrate, $operator);
$op = operator_by_id($opId); $op = operator_by_id($opId);
if( !$op ) { if( !$op ) {
@ -39,7 +42,7 @@ if( !$op ) {
} else if( isset($_POST['op']) ) { } else if( isset($_POST['op']) ) {
if($opId != $operator['operatorid'] && !is_capable($can_administrate, $operator)) { if(!$canmodify) {
$errors[] = getlocal('page_agent.cannot_modify'); $errors[] = getlocal('page_agent.cannot_modify');
} }
@ -59,6 +62,7 @@ if( !$op ) {
$page['formgroup'] = array(); $page['formgroup'] = array();
$page['currentop'] = $op ? topage(get_operator_name($op))." (".$op['vclogin'].")" : "-not found-"; $page['currentop'] = $op ? topage(get_operator_name($op))." (".$op['vclogin'].")" : "-not found-";
$page['canmodify'] = $canmodify ? "1" : "";
if($op) { if($op) {
foreach(get_operator_groupids($opId) as $rel) { foreach(get_operator_groupids($opId) as $rel) {

View File

@ -19,7 +19,7 @@ $page['menuid'] = $page['opid'] == $page['currentopid'] ? "profile" : "operators
function tpl_content() { global $page, $webimroot, $errors; function tpl_content() { global $page, $webimroot, $errors;
?> ?>
<?php if( $page['opid'] ) { ?> <?php if( $page['opid'] ) { ?>
<?php echo getlocal("page_agent.intro") ?> <?php echo getlocal("page_agent.intro") ?>
<?php } ?> <?php } ?>
<?php if( !$page['opid'] ) { ?> <?php if( !$page['opid'] ) { ?>
@ -34,6 +34,7 @@ require_once('inc_errors.php');
<div id="formmessage"><?php echo getlocal("data.saved") ?></div> <div id="formmessage"><?php echo getlocal("data.saved") ?></div>
<?php } ?> <?php } ?>
<?php if( $page['opid'] || $page['canmodify'] ) { ?>
<form name="agentForm" method="post" action="<?php echo $webimroot ?>/operator/operator.php"> <form name="agentForm" method="post" action="<?php echo $webimroot ?>/operator/operator.php">
<input type="hidden" name="opid" value="<?php echo $page['opid'] ?>"/> <input type="hidden" name="opid" value="<?php echo $page['opid'] ?>"/>
<div> <div>
@ -52,7 +53,7 @@ require_once('inc_errors.php');
<div class="field"> <div class="field">
<div class="flabel"><?php echo getlocal('form.field.login') ?><span class="required">*</span></div> <div class="flabel"><?php echo getlocal('form.field.login') ?><span class="required">*</span></div>
<div class="fvalue"> <div class="fvalue">
<input type="text" name="login" size="40" value="<?php echo form_value('login') ?>" class="formauth"/> <input type="text" name="login" size="40" value="<?php echo form_value('login') ?>" class="formauth"<?php echo $page['canmodify'] ? "" : " disabled=\"disabled\"" ?>/>
</div> </div>
<div class="fdescr"> &mdash; <?php echo getlocal('form.field.login.description') ?></div> <div class="fdescr"> &mdash; <?php echo getlocal('form.field.login.description') ?></div>
<br clear="all"/> <br clear="all"/>
@ -61,7 +62,7 @@ require_once('inc_errors.php');
<div class="field"> <div class="field">
<div class="flabel"><?php echo getlocal('form.field.password') ?><?php if( !$page['opid'] ) { ?><span class="required">*</span><?php } ?></div> <div class="flabel"><?php echo getlocal('form.field.password') ?><?php if( !$page['opid'] ) { ?><span class="required">*</span><?php } ?></div>
<div class="fvalue"> <div class="fvalue">
<input type="password" name="password" size="40" value="" class="formauth"/> <input type="password" name="password" size="40" value="" class="formauth"<?php echo $page['canmodify'] ? "" : " disabled=\"disabled\"" ?>/>
</div> </div>
<div class="fdescr"> &mdash; <?php echo getlocal('form.field.password.description') ?></div> <div class="fdescr"> &mdash; <?php echo getlocal('form.field.password.description') ?></div>
<br clear="all"/> <br clear="all"/>
@ -70,7 +71,7 @@ require_once('inc_errors.php');
<div class="field"> <div class="field">
<div class="flabel"><?php echo getlocal('form.field.password_confirm') ?><?php if( !$page['opid'] ) { ?><span class="required">*</span><?php } ?></div> <div class="flabel"><?php echo getlocal('form.field.password_confirm') ?><?php if( !$page['opid'] ) { ?><span class="required">*</span><?php } ?></div>
<div class="fvalue"> <div class="fvalue">
<input type="password" name="passwordConfirm" size="40" value="" class="formauth"/> <input type="password" name="passwordConfirm" size="40" value="" class="formauth"<?php echo $page['canmodify'] ? "" : " disabled=\"disabled\"" ?>/>
</div> </div>
<div class="fdescr"> &mdash; <?php echo getlocal('form.field.password_confirm.description') ?></div> <div class="fdescr"> &mdash; <?php echo getlocal('form.field.password_confirm.description') ?></div>
<br clear="all"/> <br clear="all"/>
@ -79,7 +80,7 @@ require_once('inc_errors.php');
<div class="field"> <div class="field">
<div class="flabel"><?php echo getlocal('form.field.agent_name') ?><span class="required">*</span></div> <div class="flabel"><?php echo getlocal('form.field.agent_name') ?><span class="required">*</span></div>
<div class="fvalue"> <div class="fvalue">
<input type="text" name="name" size="40" value="<?php echo form_value('name') ?>" class="formauth"/> <input type="text" name="name" size="40" value="<?php echo form_value('name') ?>" class="formauth"<?php echo $page['canmodify'] ? "" : " disabled=\"disabled\"" ?>/>
</div> </div>
<div class="fdescr"> &mdash; <?php echo getlocal('form.field.agent_name.description') ?></div> <div class="fdescr"> &mdash; <?php echo getlocal('form.field.agent_name.description') ?></div>
<br clear="all"/> <br clear="all"/>
@ -88,16 +89,17 @@ require_once('inc_errors.php');
<div class="field"> <div class="field">
<div class="flabel"><?php echo getlocal('form.field.agent_commonname') ?><span class="required">*</span></div> <div class="flabel"><?php echo getlocal('form.field.agent_commonname') ?><span class="required">*</span></div>
<div class="fvalue"> <div class="fvalue">
<input type="text" name="commonname" size="40" value="<?php echo form_value('commonname') ?>" class="formauth"/> <input type="text" name="commonname" size="40" value="<?php echo form_value('commonname') ?>" class="formauth"<?php echo $page['canmodify'] ? "" : " disabled=\"disabled\"" ?>/>
</div> </div>
<div class="fdescr"> &mdash; <?php echo getlocal('form.field.agent_commonname.description') ?></div> <div class="fdescr"> &mdash; <?php echo getlocal('form.field.agent_commonname.description') ?></div>
<br clear="all"/> <br clear="all"/>
</div> </div>
<?php if($page['canmodify']) { ?>
<div class="fbutton"> <div class="fbutton">
<input type="image" name="save" value="" src='<?php echo $webimroot.getlocal("image.button.save") ?>' alt='<?php echo getlocal("button.save") ?>'/> <input type="image" name="save" value="" src='<?php echo $webimroot.getlocal("image.button.save") ?>' alt='<?php echo getlocal("button.save") ?>'/>
</div> </div>
<?php } ?>
</div> </div>
</div><div class="formbottom"><div class="formbottomi"></div></div></div> </div><div class="formbottom"><div class="formbottomi"></div></div></div>
@ -108,7 +110,7 @@ require_once('inc_errors.php');
</div> </div>
</form> </form>
<?php } ?>
<?php <?php
} /* content */ } /* content */

View File

@ -51,15 +51,24 @@ require_once('inc_errors.php');
<div class="flabel"><?php echo getlocal('form.field.avatar.current') ?></div> <div class="flabel"><?php echo getlocal('form.field.avatar.current') ?></div>
<div class="fvalue"> <div class="fvalue">
<img src="<?php echo $page['avatar'] ?>" alt="cannot load avatar"/><br/> <img src="<?php echo $page['avatar'] ?>" alt="cannot load avatar"/><br/>
<?php if($page['canmodify']) { ?>
<a class="formauth" href='<?php echo $webimroot ?>/operator/avatar.php?op=<?php echo $page['opid'] ?>&amp;delete=true'> <a class="formauth" href='<?php echo $webimroot ?>/operator/avatar.php?op=<?php echo $page['opid'] ?>&amp;delete=true'>
<?php echo getlocal("page_agent.clear_avatar") ?> <?php echo getlocal("page_agent.clear_avatar") ?>
</a> </a>
<?php } ?>
</div> </div>
<div class="fdescr"> &mdash; <?php echo getlocal('form.field.avatar.current.description') ?></div> <div class="fdescr"> &mdash; <?php echo getlocal('form.field.avatar.current.description') ?></div>
<br clear="all"/> <br clear="all"/>
</div> </div>
<?php } else if(!$page['canmodify']) { ?>
<div class="field">
<div class="fvaluenodesc">
No avatar
</div>
</div>
<?php } ?> <?php } ?>
<?php if($page['canmodify']) { ?>
<div class="field"> <div class="field">
<div class="flabel"><?php echo getlocal('form.field.avatar.upload') ?><span class="required">*</span></div> <div class="flabel"><?php echo getlocal('form.field.avatar.upload') ?><span class="required">*</span></div>
<div class="fvalue"> <div class="fvalue">
@ -72,6 +81,7 @@ require_once('inc_errors.php');
<div class="fbutton"> <div class="fbutton">
<input type="image" name="save" value="" src='<?php echo $webimroot.getlocal("image.button.save") ?>' alt='<?php echo getlocal("button.save") ?>'/> <input type="image" name="save" value="" src='<?php echo $webimroot.getlocal("image.button.save") ?>' alt='<?php echo getlocal("button.save") ?>'/>
</div> </div>
<?php } ?>
</div> </div>
</div><div class="formbottom"><div class="formbottomi"></div></div></div> </div><div class="formbottom"><div class="formbottomi"></div></div></div>

View File

@ -50,17 +50,18 @@ require_once('inc_errors.php');
<div class="field"> <div class="field">
<div class="flabel"><?php echo htmlspecialchars(topage($pm['vclocalname'])) ?></div> <div class="flabel"><?php echo htmlspecialchars(topage($pm['vclocalname'])) ?></div>
<div class="fvalue"> <div class="fvalue">
<input type="checkbox" name="group<?php echo $pm['groupid'] ?>" value="on"<?php echo form_value_mb('group',$pm['groupid']) ? " checked=\"checked\"" : "" ?>/> <input type="checkbox" name="group<?php echo $pm['groupid'] ?>" value="on"<?php echo form_value_mb('group',$pm['groupid']) ? " checked=\"checked\"" : "" ?><?php echo $page['canmodify'] ? "" : " disabled=\"disabled\"" ?>/>
</div> </div>
<div class="fdescr"> &mdash; <?php echo $pm['vclocaldescription'] ? htmlspecialchars(topage($pm['vclocaldescription'])) : getlocal("operator.group.no_description") ?></div> <div class="fdescr"> &mdash; <?php echo $pm['vclocaldescription'] ? htmlspecialchars(topage($pm['vclocaldescription'])) : getlocal("operator.group.no_description") ?></div>
<br clear="all"/> <br clear="all"/>
</div> </div>
<?php } ?> <?php } ?>
<?php if($page['canmodify']) { ?>
<div class="fbutton"> <div class="fbutton">
<input type="image" name="save" value="" src='<?php echo $webimroot.getlocal("image.button.save") ?>' alt='<?php echo getlocal("button.save") ?>'/> <input type="image" name="save" value="" src='<?php echo $webimroot.getlocal("image.button.save") ?>' alt='<?php echo getlocal("button.save") ?>'/>
</div> </div>
<?php } ?>
</div><div class="formbottom"><div class="formbottomi"></div></div></div> </div><div class="formbottom"><div class="formbottomi"></div></div></div>
</div> </div>
</form> </form>