ability to remove operators, confirmations when removing groups/operators, capability checks

git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@525 c66351dc-e62f-0410-b875-e3a5c0b9693f
2025-10-31 10:31:07 +03:00 · 2009-06-05 11:38:24 +00:00 · 2009-06-05 11:38:24 +00:00 · cc275561c0
commit cc275561c0
parent bfe023c601
9 changed files with 129 additions and 20 deletions
--- a/src/messenger/webim/install/whatsnew.txt
+++ b/src/messenger/webim/install/whatsnew.txt
@ -5,6 +5,7 @@
  [+] new project name: Mibew Messenger
  [!] fixed localization of dates for all languages
  [!] fixed online/offline image for groups
+  [+] ability to delete operators, confirmation dialog when deleting group/operator/blocked address

  1.6.0
  -----
--- a/src/messenger/webim/libs/common.php
+++ b/src/messenger/webim/libs/common.php
@ -234,6 +234,17 @@ function getlocal2($text,$params) {
 	return $string;
 }

+/* prepares for Javascript string */
+function getlocalforJS($text,$params) {
+	global $current_locale, $webim_encoding;
+	$string = myiconv($webim_encoding,getoutputenc(), getstring_($text,$current_locale));
+	$string = str_replace("\"", "\\\"", str_replace("\n", "\\n", $string)); 
+	for( $i = 0; $i < count($params); $i++ ) {
+		$string = str_replace("{".$i."}", $params[$i], $string);
+	}
+	return $string;
+}
+
 /* ajax server actions use utf-8 */
 function getrawparam( $name ) {
 	global $webim_encoding;
--- a/src/messenger/webim/locales/en/properties
+++ b/src/messenger/webim/locales/en/properties
@ -249,6 +249,7 @@ page.group.no_such=No such group
 page.group.title=Group details
 page.groupmembers.intro=View and edit the member list.
 page.groupmembers.title=Members
+page.groups.confirm=Are you sure that you want to delete group "{0}"?
 page.groups.intro=This page displays a list of groups in your company. Each group can have separate button and canned responses.
 page.groups.new=Create new group...
 page.groups.title=Groups
@ -288,6 +289,7 @@ page_agent.title=Operator details
 page_agents.agent_commonname=International name
 page_agents.agent_name=Name
 page_agents.agents=Full list of operators:
+page_agents.confirm=Are you sure that you want to delete operator "{0}"?
 page_agents.intro=This page displays a list of company operators.
 page_agents.login=Login
 page_agents.new_agent=Add operator...
--- a/src/messenger/webim/operator/blocked.php
+++ b/src/messenger/webim/operator/blocked.php
@ -29,7 +29,7 @@ if( isset($_GET['act']) && $_GET['act'] == 'del' ) {
 	$banId = isset($_GET['id']) ? $_GET['id'] : "";

 	if( !preg_match( "/^\d+$/", $banId )) {
-		$errors[] = "Wrong argument";
+		$errors[] = "Cannot delete: wrong argument";
 	}

 	if( count($errors) == 0 ) {
@ -54,6 +54,7 @@ setup_pagination($blockedList);

 prepare_menu($operator);
 start_html_output();
+
 require('../view/blocked_visitors.php');
 exit;
 ?>
--- a/src/messenger/webim/operator/groups.php
+++ b/src/messenger/webim/operator/groups.php
@ -19,21 +19,30 @@ $operator = check_login();

 if( isset($_GET['act']) && $_GET['act'] == 'del' ) {
 	
-	// TODO check permissions
-	
-	$groupid = verifyparam( "gid", "/^(\d{1,9})?$/");
+	$groupid = isset($_GET['gid']) ? $_GET['gid'] : "";

-	$link = connect();
-	perform_query("delete from chatgroup where groupid = $groupid",$link);
-	perform_query("delete from chatgroupoperator where groupid = $groupid",$link);
-	perform_query("update chatthread set groupid = 0 where groupid = $groupid",$link);
-	mysql_close($link);
-	header("Location: $webimroot/operator/groups.php");
-	exit;
+	if( !preg_match( "/^\d+$/", $groupid )) {
+		$errors[] = "Cannot delete: wrong argument";
+	}
+	
+	if( !is_capable($can_administrate, $operator)) {
+		$errors[] = "You are not allowed to remove groups";
+	}
+	
+	if( count($errors) == 0 ) {
+		$link = connect();
+		perform_query("delete from chatgroup where groupid = $groupid",$link);
+		perform_query("delete from chatgroupoperator where groupid = $groupid",$link);
+		perform_query("update chatthread set groupid = 0 where groupid = $groupid",$link);
+		mysql_close($link);
+		header("Location: $webimroot/operator/groups.php");
+		exit;
+	}
 }

 $page = array();
 $page['groups'] = get_groups(true);
+$page['canmodify'] = is_capable($can_administrate, $operator);

 prepare_menu($operator);
 start_html_output();
--- a/src/messenger/webim/operator/operators.php
+++ b/src/messenger/webim/operator/operators.php
@ -17,8 +17,44 @@ require_once('../libs/operator.php');

 $operator = check_login();

+if( isset($_GET['act']) && $_GET['act'] == 'del' ) {
+	$operatorid = isset($_GET['id']) ? $_GET['id'] : "";
+
+	if( !preg_match( "/^\d+$/", $operatorid )) {
+		$errors[] = "Cannot delete: wrong argument";
+	}
+
+	if( !is_capable($can_administrate, $operator)) {
+		$errors[] = "You are not allowed to remove operators";
+	}
+	
+	if( $operatorid == $operator['operatorid']) {
+		$errors[] = "Cannot remove self";
+	}
+
+	if(count($errors) == 0) {
+		$op = operator_by_id($operatorid);
+		if( !$op ) {
+			$errors[] = getlocal("no_such_operator");
+		} else if($op['vclogin'] == 'admin') {
+			$errors[] = 'Cannot remove operator "admin"';			
+		}		
+	}
+	
+	if( count($errors) == 0 ) {
+		$link = connect();
+		perform_query("delete from chatgroupoperator where operatorid = $operatorid",$link);
+		perform_query("delete from chatoperator where operatorid = $operatorid",$link);
+		mysql_close($link);
+		
+		header("Location: $webimroot/operator/operators.php");
+		exit;
+	}
+}
+
 $page = array();
 $page['allowedAgents'] = get_operators();
+$page['canmodify'] = is_capable($can_administrate, $operator);

 prepare_menu($operator);
 start_html_output();
--- a/src/messenger/webim/view/agents.php
+++ b/src/messenger/webim/view/agents.php
@ -16,13 +16,23 @@ require_once("inc_menu.php");
 $page['title'] = getlocal("page_agents.title");
 $page['menuid'] = "operators";

-function tpl_content() { global $page, $webimroot;
+function tpl_header() { global $page, $webimroot;
+?>	
+<script type="text/javascript" language="javascript" src="<?php echo $webimroot ?>/js/jquery-1.3.2.min.js"></script>
+<?php
+}
+
+function tpl_content() { global $page, $webimroot, $errors;
 ?>

 <?php echo getlocal("page_agents.intro") ?>
 <br />
 <br />
+<?php 
+require_once('inc_errors.php');
+?>

+<?php if($page['canmodify']) { ?>
 <div class="tabletool">
 	<img src='<?php echo $webimroot ?>/images/buttons/createagent.gif' border="0" alt="" />
 	<a href='<?php echo $webimroot ?>/operator/operator.php' title="<?php echo getlocal("page_agents.new_agent") ?>">
@ -30,7 +40,7 @@ function tpl_content() { global $page, $webimroot;
 	</a>
 </div>
 <br clear="all"/>
-
+<?php } ?>

 <table class="list">
 <thead>
@ -41,6 +51,9 @@ function tpl_content() { global $page, $webimroot;
 	<?php echo getlocal("page_agents.agent_name") ?>
 </th><th>
 	<?php echo getlocal("page_agents.agent_commonname") ?>
+<?php if($page['canmodify']) { ?>
+</th><th>
+<?php } ?>
 </th>
 </tr>
 </thead>
@ -48,7 +61,7 @@ function tpl_content() { global $page, $webimroot;
 <?php foreach( $page['allowedAgents'] as $a ) { ?>
 <tr>
 	<td class="notlast">
-   		<a href="<?php echo $webimroot ?>/operator/operator.php?op=<?php echo $a['operatorid'] ?>" class="man">
+   		<a id="ti<?php echo $a['operatorid'] ?>" href="<?php echo $webimroot ?>/operator/operator.php?op=<?php echo $a['operatorid'] ?>" class="man">
   			<?php echo htmlspecialchars(topage($a['vclogin'])) ?>
   		</a>
 	</td>
@ -58,10 +71,23 @@ function tpl_content() { global $page, $webimroot;
 	<td>
   		<?php echo htmlspecialchars(topage($a['vccommonname'])) ?>
 	</td>
+<?php if($page['canmodify']) { ?>
+	<td>
+		<a class="removelink" id="i<?php echo $a['operatorid'] ?>" href="<?php echo $webimroot ?>/operator/operators.php?act=del&amp;id=<?php echo $a['operatorid'] ?>">
+			remove
+		</a>
+	</td>
+<?php } ?>	
 </tr>
 <?php } ?>
 </tbody>
 </table>
+<script type="text/javascript" language="javascript"><!--
+$('a.removelink').click(function(){
+	var login = $("#t"+this.id).text();
+	return confirm("<?php echo getlocalforJS("page_agents.confirm", array('"+$.trim(login)+"')) ?>");
+});
+//--></script>

 <?php 
 } /* content */
--- a/src/messenger/webim/view/blocked_visitors.php
+++ b/src/messenger/webim/view/blocked_visitors.php
@ -22,12 +22,15 @@ function tpl_header() { global $page, $webimroot;
 <?php
 }

-function tpl_content() { global $page, $webimroot;
+function tpl_content() { global $page, $webimroot, $errors;
 ?>

 <?php echo getlocal("page_ban.intro") ?>
 <br />
 <br />
+<?php 
+require_once('inc_errors.php');
+?>

 <div class="tabletool">
 	<img src="<?php echo $webimroot ?>/images/buttons/createban.gif" border="0" alt=""/>
@ -104,7 +107,7 @@ if( $page['pagination.items'] ) {
 <script type="text/javascript" language="javascript"><!--
 $('a.removelink').click(function(){
 	var addr = $("#t"+this.id).text();
-	return confirm("<?php echo str_replace("\n", "\\n", getlocal2("page_bans.confirm", array('"+$.trim(addr)+"'))) ?>");
+	return confirm("<?php echo getlocalforJS("page_bans.confirm", array('"+$.trim(addr)+"')) ?>");
 });
 //--></script>

--- a/src/messenger/webim/view/groups.php
+++ b/src/messenger/webim/view/groups.php
@ -16,13 +16,23 @@ require_once("inc_menu.php");
 $page['title'] = getlocal("page.groups.title");
 $page['menuid'] = "groups";

-function tpl_content() { global $page, $webimroot;
+function tpl_header() { global $page, $webimroot;
+?>	
+<script type="text/javascript" language="javascript" src="<?php echo $webimroot ?>/js/jquery-1.3.2.min.js"></script>
+<?php
+}
+
+function tpl_content() { global $page, $webimroot, $errors;
 ?>

 <?php echo getlocal("page.groups.intro") ?>
 <br />
 <br />
+<?php 
+require_once('inc_errors.php');
+?>

+<?php if($page['canmodify']) { ?>
 <div class="tabletool">
 	<img src='<?php echo $webimroot ?>/images/buttons/createdep.gif' border="0" alt="" />
 	<a href='<?php echo $webimroot ?>/operator/group.php' title="<?php echo getlocal("page.groups.new") ?>">
@ -30,7 +40,7 @@ function tpl_content() { global $page, $webimroot;
 	</a>
 </div>
 <br clear="all"/>
-
+<?php } ?>

 <table class="list">
 <thead>
@ -41,7 +51,9 @@ function tpl_content() { global $page, $webimroot;
 	<?php echo getlocal("form.field.groupdesc") ?>
 </th><th>
 	<?php echo getlocal("page.group.membersnum") ?>
+<?php if($page['canmodify']) { ?>
 </th><th>
+<?php } ?>
 </th>
 </tr>
 </thead>
@ -51,7 +63,7 @@ if(count($page['groups']) > 0) {
 	foreach( $page['groups'] as $grp ) { ?>
 <tr>
 	<td class="notlast">
-   		<a href="<?php echo $webimroot ?>/operator/group.php?gid=<?php echo $grp['groupid'] ?>" class="man">
+   		<a href="<?php echo $webimroot ?>/operator/group.php?gid=<?php echo $grp['groupid'] ?>" id="ti<?php echo $grp['groupid'] ?>" class="man">
   			<?php echo htmlspecialchars(topage($grp['vclocalname'])) ?>
   		</a>
 	</td>
@ -63,11 +75,13 @@ if(count($page['groups']) > 0) {
 	   		<?php echo htmlspecialchars(topage($grp['inumofagents'])) ?>
   		</a>
 	</td>
+<?php if($page['canmodify']) { ?>
 	<td>
-		<a href="<?php echo $webimroot ?>/operator/groups.php?act=del&amp;gid=<?php echo $grp['groupid'] ?>">
+		<a href="<?php echo $webimroot ?>/operator/groups.php?act=del&amp;gid=<?php echo $grp['groupid'] ?>" id="i<?php echo $grp['groupid'] ?>" class="removelink">
 			remove
 		</a>
 	</td>
+<?php } ?>
 </tr>
 <?php 
 	}
@ -83,6 +97,12 @@ if(count($page['groups']) > 0) {
 ?>
 </tbody>
 </table>
+<script type="text/javascript" language="javascript"><!--
+$('a.removelink').click(function(){
+	var groupname = $("#t"+this.id).text();
+	return confirm("<?php echo getlocalforJS("page.groups.confirm", array('"+$.trim(groupname)+"')) ?>");
+});
+//--></script>

 <?php 
 } /* content */