diff --git a/src/messenger/webim/libs/classes/users_processor.php b/src/messenger/webim/libs/classes/users_processor.php index 56e6c95d..56740a9d 100644 --- a/src/messenger/webim/libs/classes/users_processor.php +++ b/src/messenger/webim/libs/classes/users_processor.php @@ -156,8 +156,6 @@ class UsersProcessor extends ClientSideProcessor { * Return updated threads list. API function * * @global string $session_prefix Session vars prefix - * @global int $can_viewthreads View threads permission code - * @global int $can_takeover Take threads over permission code * @param array $args Associative array of arguments. It must contains * following keys: * - 'agentId': Id of the agent related to users window @@ -166,7 +164,7 @@ class UsersProcessor extends ClientSideProcessor { * - 'threads': array of threads changes */ protected function apiUpdateThreads($args) { - global $session_prefix, $can_viewthreads, $can_takeover; + global $session_prefix; $operator = self::checkOperator($args['agentId']); @@ -221,11 +219,11 @@ class UsersProcessor extends ClientSideProcessor { // Calculate agent permissions $can_open = !($thread->state == Thread::STATE_CHATTING && $thread->agentId != $operator['operatorid'] - && !is_capable($can_takeover, $operator)); + && !is_capable(CAN_TAKEOVER, $operator)); $can_view = ($thread->agentId != $operator['operatorid'] && $thread->nextAgent != $operator['operatorid'] - && is_capable($can_viewthreads, $operator)); + && is_capable(CAN_VIEWTHREADS, $operator)); $can_ban = (Settings::get('enableban') == "1"); diff --git a/src/messenger/webim/libs/operator.php b/src/messenger/webim/libs/operator.php index ead8dabc..f41d0ecb 100644 --- a/src/messenger/webim/libs/operator.php +++ b/src/messenger/webim/libs/operator.php @@ -15,19 +15,43 @@ * limitations under the License. */ -$can_administrate = 0; -$can_takeover = 1; -$can_viewthreads = 2; -$can_modifyprofile = 3; +/** Permissions constants */ -$can_count = 4; +/** + * Operator can administer Mibew instalation + */ +define('CAN_ADMINISTRATE', 0); -$permission_ids = array( - $can_administrate => "admin", - $can_takeover => "takeover", - $can_viewthreads => "viewthreads", - $can_modifyprofile => "modifyprofile" -); +/** + * Operator can take over threads + */ +define('CAN_TAKEOVER', 1); + +/** + * Operator can view threads of other operators + */ +define('CAN_VIEWTHREADS', 2); + +/** + * Operator can modify own profile + */ +define('CAN_MODIFYPROFILE', 3); + +/** End of permissions constants */ + +/** + * Map numerical permissions ids onto string names. + * @return array Associativa array whose keys are numerical permission ids and + * values are string permission names. + */ +function permission_ids() { + return array( + CAN_ADMINISTRATE => "admin", + CAN_TAKEOVER => "takeover", + CAN_VIEWTHREADS => "viewthreads", + CAN_MODIFYPROFILE => "modifyprofile" + ); +} function operator_by_login($login) { @@ -555,13 +579,11 @@ function setup_redirect_links($threadid, $operator, $token) $page['redirectToGroup'] = $group_list; } -$permission_list = array(); - function get_permission_list() { - global $permission_list, $permission_ids; + static $permission_list = array(); if (count($permission_list) == 0) { - foreach ($permission_ids as $permid) { + foreach (permission_ids() as $permid) { $permission_list[] = array( 'id' => $permid, 'descr' => getlocal("permission.$permid") @@ -579,18 +601,17 @@ function is_capable($perm, $operator) function in_isolation($operator) { - global $can_administrate; - return (!is_capable($can_administrate, $operator) && Settings::get('enablegroups') && Settings::get('enablegroupsisolation')); + return (!is_capable(CAN_ADMINISTRATE, $operator) && Settings::get('enablegroups') && Settings::get('enablegroupsisolation')); } function prepare_menu($operator, $hasright = true) { - global $page, $can_administrate; + global $page; $page['operator'] = topage(get_operator_name($operator)); if ($hasright) { $page['showban'] = Settings::get('enableban') == "1"; $page['showstat'] = Settings::get('enablestatistics') == "1"; - $page['showadmin'] = is_capable($can_administrate, $operator); + $page['showadmin'] = is_capable(CAN_ADMINISTRATE, $operator); $page['currentopid'] = $operator['operatorid']; } } diff --git a/src/messenger/webim/operator/agent.php b/src/messenger/webim/operator/agent.php index 20cabe6d..31b6f283 100644 --- a/src/messenger/webim/operator/agent.php +++ b/src/messenger/webim/operator/agent.php @@ -64,7 +64,7 @@ if (!isset($_GET['token'])) { $forcetake = verifyparam("force", "/^true$/", false); if (!$viewonly && $thread->state == Thread::STATE_CHATTING && $operator['operatorid'] != $thread->agentId) { - if (!is_capable($can_takeover, $operator)) { + if (!is_capable(CAN_TAKEOVER, $operator)) { $errors = array(getlocal("thread.error.cannot_take_over")); start_html_output(); expand("../styles/dialogs", getchatstyle(), "error.tpl"); @@ -90,7 +90,7 @@ if (!isset($_GET['token'])) { expand("../styles/dialogs", getchatstyle(), "error.tpl"); exit; } - } else if (!is_capable($can_viewthreads, $operator)) { + } else if (!is_capable(CAN_VIEWTHREADS, $operator)) { $errors = array(getlocal("thread.error.cannot_view")); start_html_output(); expand("../styles/dialogs", getchatstyle(), "error.tpl"); @@ -109,7 +109,7 @@ if (!$thread) { die("wrong thread"); } -if ($thread->agentId != $operator['operatorid'] && !is_capable($can_viewthreads, $operator)) { +if ($thread->agentId != $operator['operatorid'] && !is_capable(CAN_VIEWTHREADS, $operator)) { $errors = array("Cannot view threads"); start_html_output(); expand("../styles/dialogs", getchatstyle(), "error.tpl"); diff --git a/src/messenger/webim/operator/avatar.php b/src/messenger/webim/operator/avatar.php index 13f69d7c..7c1c2197 100644 --- a/src/messenger/webim/operator/avatar.php +++ b/src/messenger/webim/operator/avatar.php @@ -26,8 +26,8 @@ $opId = verifyparam("op", "/^\d{1,9}$/"); $page = array('opid' => $opId, 'avatar' => ''); $errors = array(); -$canmodify = ($opId == $operator['operatorid'] && is_capable($can_modifyprofile, $operator)) - || is_capable($can_administrate, $operator); +$canmodify = ($opId == $operator['operatorid'] && is_capable(CAN_MODIFYPROFILE, $operator)) + || is_capable(CAN_ADMINISTRATE, $operator); $op = operator_by_id($opId); diff --git a/src/messenger/webim/operator/features.php b/src/messenger/webim/operator/features.php index 05615d3a..058ca988 100644 --- a/src/messenger/webim/operator/features.php +++ b/src/messenger/webim/operator/features.php @@ -44,7 +44,7 @@ foreach ($options as $opt) { } if (isset($_POST['sent'])) { - if (is_capable($can_administrate, $operator)) { + if (is_capable(CAN_ADMINISTRATE, $operator)) { foreach ($options as $opt) { Settings::set($opt,(verifyparam($opt, "/^on$/", "") == "on" ? "1" : "0")); } @@ -56,7 +56,7 @@ if (isset($_POST['sent'])) { } } -$page['canmodify'] = is_capable($can_administrate, $operator); +$page['canmodify'] = is_capable(CAN_ADMINISTRATE, $operator); $page['stored'] = isset($_GET['stored']); foreach ($options as $opt) { $page["form$opt"] = $params[$opt] == "1"; diff --git a/src/messenger/webim/operator/groups.php b/src/messenger/webim/operator/groups.php index f458e872..b658cdae 100644 --- a/src/messenger/webim/operator/groups.php +++ b/src/messenger/webim/operator/groups.php @@ -28,7 +28,7 @@ if (isset($_GET['act']) && $_GET['act'] == 'del') { $errors[] = getlocal("page.groups.error.cannot_delete"); } - if (!is_capable($can_administrate, $operator)) { + if (!is_capable(CAN_ADMINISTRATE, $operator)) { $errors[] = getlocal("page.groups.error.forbidden_remove"); } @@ -59,7 +59,7 @@ $sort['desc'] = (verifyparam("sortdirection", "/^(desc|asc)$/", "desc") == "desc $page['groups'] = get_sorted_groups($sort); $page['formsortby'] = $sort['by']; $page['formsortdirection'] = $sort['desc']?'desc':'asc'; -$page['canmodify'] = is_capable($can_administrate, $operator); +$page['canmodify'] = is_capable(CAN_ADMINISTRATE, $operator); $page['availableOrders'] = array( array('id' => 'name', 'name' => getlocal('form.field.groupname')), array('id' => 'lastseen', 'name' => getlocal('page_agents.status')), diff --git a/src/messenger/webim/operator/operator.php b/src/messenger/webim/operator/operator.php index b48ad04a..4e4204be 100644 --- a/src/messenger/webim/operator/operator.php +++ b/src/messenger/webim/operator/operator.php @@ -26,9 +26,9 @@ $page = array('opid' => ''); $errors = array(); $opId = ''; -if ((isset($_POST['login']) || !is_capable($can_administrate, $operator)) && isset($_POST['password'])) { +if ((isset($_POST['login']) || !is_capable(CAN_ADMINISTRATE, $operator)) && isset($_POST['password'])) { $opId = verifyparam("opid", "/^(\d{1,9})?$/", ""); - if (is_capable($can_administrate, $operator)) { + if (is_capable(CAN_ADMINISTRATE, $operator)) { $login = getparam('login'); } else { $login = $operator['vclogin']; @@ -65,8 +65,8 @@ if ((isset($_POST['login']) || !is_capable($can_administrate, $operator)) && iss ($opId && $existing_operator && $opId != $existing_operator['operatorid'])) $errors[] = getlocal("page_agent.error.duplicate_login"); - $canmodify = ($opId == $operator['operatorid'] && is_capable($can_modifyprofile, $operator)) - || is_capable($can_administrate, $operator); + $canmodify = ($opId == $operator['operatorid'] && is_capable(CAN_MODIFYPROFILE, $operator)) + || is_capable(CAN_ADMINISTRATE, $operator); if (!$canmodify) { $errors[] = getlocal('page_agent.cannot_modify'); } @@ -120,16 +120,16 @@ if ((isset($_POST['login']) || !is_capable($can_administrate, $operator)) && iss } } -if (!$opId && !is_capable($can_administrate, $operator)) { +if (!$opId && !is_capable(CAN_ADMINISTRATE, $operator)) { $errors[] = getlocal("page_agent.error.forbidden_create"); } -$canmodify = ($opId == $operator['operatorid'] && is_capable($can_modifyprofile, $operator)) - || is_capable($can_administrate, $operator); +$canmodify = ($opId == $operator['operatorid'] && is_capable(CAN_MODIFYPROFILE, $operator)) + || is_capable(CAN_ADMINISTRATE, $operator); $page['stored'] = isset($_GET['stored']); $page['canmodify'] = $canmodify ? "1" : ""; -$page['canchangelogin'] = is_capable($can_administrate, $operator); +$page['canchangelogin'] = is_capable(CAN_ADMINISTRATE, $operator); $page['needChangePassword'] = $operator['vcpassword'] == md5(''); prepare_menu($operator); diff --git a/src/messenger/webim/operator/operators.php b/src/messenger/webim/operator/operators.php index 546c0e6c..b916aed8 100644 --- a/src/messenger/webim/operator/operators.php +++ b/src/messenger/webim/operator/operators.php @@ -30,7 +30,7 @@ if (isset($_GET['act'])) { } if ($_GET['act'] == 'del') { - if (!is_capable($can_administrate, $operator)) { + if (!is_capable(CAN_ADMINISTRATE, $operator)) { $errors[] = getlocal("page_agents.error.forbidden_remove"); } @@ -55,7 +55,7 @@ if (isset($_GET['act'])) { } if ($_GET['act'] == 'disable' || $_GET['act'] == 'enable') { $act_disable = ($_GET['act'] == 'disable'); - if (!is_capable($can_administrate, $operator)) { + if (!is_capable(CAN_ADMINISTRATE, $operator)) { $errors[] = $act_disable?getlocal('page_agents.disable.not.allowed'):getlocal('page_agents.enable.not.allowed'); } @@ -95,7 +95,7 @@ if (in_isolation($operator)) { $list_options['isolated_operator_id'] = $operator['operatorid']; } $page['allowedAgents'] = get_operators_list($list_options); -$page['canmodify'] = is_capable($can_administrate, $operator); +$page['canmodify'] = is_capable(CAN_ADMINISTRATE, $operator); $page['availableOrders'] = array( array('id' => 'login', 'name' => getlocal('page_agents.login')), array('id' => 'localename', 'name' => getlocal('page_agents.agent_name')), diff --git a/src/messenger/webim/operator/opgroups.php b/src/messenger/webim/operator/opgroups.php index ec6d00b2..f6314140 100644 --- a/src/messenger/webim/operator/opgroups.php +++ b/src/messenger/webim/operator/opgroups.php @@ -44,7 +44,7 @@ $page = array('opid' => $opId); $page['groups'] = $operator_in_isolation?get_all_groups_for_operator($operator):get_all_groups(); $errors = array(); -$canmodify = is_capable($can_administrate, $operator); +$canmodify = is_capable(CAN_ADMINISTRATE, $operator); $op = operator_by_id($opId); diff --git a/src/messenger/webim/operator/permissions.php b/src/messenger/webim/operator/permissions.php index 0ce89dca..8d307066 100644 --- a/src/messenger/webim/operator/permissions.php +++ b/src/messenger/webim/operator/permissions.php @@ -32,7 +32,7 @@ function update_operator_permissions($operatorid, $newvalue) } $opId = verifyparam("op", "/^\d{1,9}$/"); -$page = array('opid' => $opId, 'canmodify' => is_capable($can_administrate, $operator) ? "1" : ""); +$page = array('opid' => $opId, 'canmodify' => is_capable(CAN_ADMINISTRATE, $operator) ? "1" : ""); $errors = array(); $op = operator_by_id($opId); @@ -42,13 +42,13 @@ if (!$op) { } else if (isset($_POST['op'])) { - if (!is_capable($can_administrate, $operator)) { + if (!is_capable(CAN_ADMINISTRATE, $operator)) { $errors[] = getlocal('page_agent.cannot_modify'); } $new_permissions = isset($op['iperm']) ? $op['iperm'] : 0; - foreach ($permission_ids as $perm => $id) { + foreach (permission_ids() as $perm => $id) { if (verifyparam("permissions$id", "/^on$/", "") == "on") { $new_permissions |= (1 << $perm); } else { @@ -73,7 +73,7 @@ $page['formpermissions'] = array(""); $page['currentop'] = $op ? topage(get_operator_name($op)) . " (" . $op['vclogin'] . ")" : "-not found-"; if ($op) { - foreach ($permission_ids as $perm => $id) { + foreach (permission_ids() as $perm => $id) { if (is_capable($perm, $op)) { $page['formpermissions'][] = $id; }