From cc275561c03df5a506178d3f24d6c5294756a0b7 Mon Sep 17 00:00:00 2001
From: Evgeny Gryaznov <inspirer@users.sourceforge.net>
Date: Fri, 5 Jun 2009 11:38:24 +0000
Subject: [PATCH] ability to remove operators, confirmations when removing
 groups/operators, capability checks

git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@525 c66351dc-e62f-0410-b875-e3a5c0b9693f
---
 src/messenger/webim/install/whatsnew.txt      |  1 +
 src/messenger/webim/libs/common.php           | 11 ++++++
 src/messenger/webim/locales/en/properties     |  2 ++
 src/messenger/webim/operator/blocked.php      |  3 +-
 src/messenger/webim/operator/groups.php       | 29 +++++++++------
 src/messenger/webim/operator/operators.php    | 36 +++++++++++++++++++
 src/messenger/webim/view/agents.php           | 32 +++++++++++++++--
 src/messenger/webim/view/blocked_visitors.php |  7 ++--
 src/messenger/webim/view/groups.php           | 28 ++++++++++++---
 9 files changed, 129 insertions(+), 20 deletions(-)

diff --git a/src/messenger/webim/install/whatsnew.txt b/src/messenger/webim/install/whatsnew.txt
index 79b1f863..08138596 100644
--- a/src/messenger/webim/install/whatsnew.txt
+++ b/src/messenger/webim/install/whatsnew.txt
@@ -5,6 +5,7 @@
   [+] new project name: Mibew Messenger
   [!] fixed localization of dates for all languages
   [!] fixed online/offline image for groups
+  [+] ability to delete operators, confirmation dialog when deleting group/operator/blocked address
 
   1.6.0
   -----
diff --git a/src/messenger/webim/libs/common.php b/src/messenger/webim/libs/common.php
index 0ea6e1a6..4ec0094c 100644
--- a/src/messenger/webim/libs/common.php
+++ b/src/messenger/webim/libs/common.php
@@ -234,6 +234,17 @@ function getlocal2($text,$params) {
 	return $string;
 }
 
+/* prepares for Javascript string */
+function getlocalforJS($text,$params) {
+	global $current_locale, $webim_encoding;
+	$string = myiconv($webim_encoding,getoutputenc(), getstring_($text,$current_locale));
+	$string = str_replace("\"", "\\\"", str_replace("\n", "\\n", $string)); 
+	for( $i = 0; $i < count($params); $i++ ) {
+		$string = str_replace("{".$i."}", $params[$i], $string);
+	}
+	return $string;
+}
+
 /* ajax server actions use utf-8 */
 function getrawparam( $name ) {
 	global $webim_encoding;
diff --git a/src/messenger/webim/locales/en/properties b/src/messenger/webim/locales/en/properties
index 84688c9b..8c9ba8c6 100644
--- a/src/messenger/webim/locales/en/properties
+++ b/src/messenger/webim/locales/en/properties
@@ -249,6 +249,7 @@ page.group.no_such=No such group
 page.group.title=Group details
 page.groupmembers.intro=View and edit the member list.
 page.groupmembers.title=Members
+page.groups.confirm=Are you sure that you want to delete group "{0}"?
 page.groups.intro=This page displays a list of groups in your company. Each group can have separate button and canned responses.
 page.groups.new=Create new group...
 page.groups.title=Groups
@@ -288,6 +289,7 @@ page_agent.title=Operator details
 page_agents.agent_commonname=International name
 page_agents.agent_name=Name
 page_agents.agents=Full list of operators:
+page_agents.confirm=Are you sure that you want to delete operator "{0}"?
 page_agents.intro=This page displays a list of company operators.
 page_agents.login=Login
 page_agents.new_agent=Add operator...
diff --git a/src/messenger/webim/operator/blocked.php b/src/messenger/webim/operator/blocked.php
index 86d3eacf..713a6589 100644
--- a/src/messenger/webim/operator/blocked.php
+++ b/src/messenger/webim/operator/blocked.php
@@ -29,7 +29,7 @@ if( isset($_GET['act']) && $_GET['act'] == 'del' ) {
 	$banId = isset($_GET['id']) ? $_GET['id'] : "";
 
 	if( !preg_match( "/^\d+$/", $banId )) {
-		$errors[] = "Wrong argument";
+		$errors[] = "Cannot delete: wrong argument";
 	}
 
 	if( count($errors) == 0 ) {
@@ -54,6 +54,7 @@ setup_pagination($blockedList);
 
 prepare_menu($operator);
 start_html_output();
+
 require('../view/blocked_visitors.php');
 exit;
 ?>
\ No newline at end of file
diff --git a/src/messenger/webim/operator/groups.php b/src/messenger/webim/operator/groups.php
index 0e218e1a..e433c1f1 100644
--- a/src/messenger/webim/operator/groups.php
+++ b/src/messenger/webim/operator/groups.php
@@ -19,21 +19,30 @@ $operator = check_login();
 
 if( isset($_GET['act']) && $_GET['act'] == 'del' ) {
 	
-	// TODO check permissions
-	
-	$groupid = verifyparam( "gid", "/^(\d{1,9})?$/");
+	$groupid = isset($_GET['gid']) ? $_GET['gid'] : "";
 
-	$link = connect();
-	perform_query("delete from chatgroup where groupid = $groupid",$link);
-	perform_query("delete from chatgroupoperator where groupid = $groupid",$link);
-	perform_query("update chatthread set groupid = 0 where groupid = $groupid",$link);
-	mysql_close($link);
-	header("Location: $webimroot/operator/groups.php");
-	exit;
+	if( !preg_match( "/^\d+$/", $groupid )) {
+		$errors[] = "Cannot delete: wrong argument";
+	}
+	
+	if( !is_capable($can_administrate, $operator)) {
+		$errors[] = "You are not allowed to remove groups";
+	}
+	
+	if( count($errors) == 0 ) {
+		$link = connect();
+		perform_query("delete from chatgroup where groupid = $groupid",$link);
+		perform_query("delete from chatgroupoperator where groupid = $groupid",$link);
+		perform_query("update chatthread set groupid = 0 where groupid = $groupid",$link);
+		mysql_close($link);
+		header("Location: $webimroot/operator/groups.php");
+		exit;
+	}
 }
 
 $page = array();
 $page['groups'] = get_groups(true);
+$page['canmodify'] = is_capable($can_administrate, $operator);
 
 prepare_menu($operator);
 start_html_output();
diff --git a/src/messenger/webim/operator/operators.php b/src/messenger/webim/operator/operators.php
index fae7dfa7..6df45c9e 100644
--- a/src/messenger/webim/operator/operators.php
+++ b/src/messenger/webim/operator/operators.php
@@ -17,8 +17,44 @@ require_once('../libs/operator.php');
 
 $operator = check_login();
 
+if( isset($_GET['act']) && $_GET['act'] == 'del' ) {
+	$operatorid = isset($_GET['id']) ? $_GET['id'] : "";
+
+	if( !preg_match( "/^\d+$/", $operatorid )) {
+		$errors[] = "Cannot delete: wrong argument";
+	}
+
+	if( !is_capable($can_administrate, $operator)) {
+		$errors[] = "You are not allowed to remove operators";
+	}
+	
+	if( $operatorid == $operator['operatorid']) {
+		$errors[] = "Cannot remove self";
+	}
+
+	if(count($errors) == 0) {
+		$op = operator_by_id($operatorid);
+		if( !$op ) {
+			$errors[] = getlocal("no_such_operator");
+		} else if($op['vclogin'] == 'admin') {
+			$errors[] = 'Cannot remove operator "admin"';			
+		}		
+	}
+	
+	if( count($errors) == 0 ) {
+		$link = connect();
+		perform_query("delete from chatgroupoperator where operatorid = $operatorid",$link);
+		perform_query("delete from chatoperator where operatorid = $operatorid",$link);
+		mysql_close($link);
+		
+		header("Location: $webimroot/operator/operators.php");
+		exit;
+	}
+}
+
 $page = array();
 $page['allowedAgents'] = get_operators();
+$page['canmodify'] = is_capable($can_administrate, $operator);
 
 prepare_menu($operator);
 start_html_output();
diff --git a/src/messenger/webim/view/agents.php b/src/messenger/webim/view/agents.php
index f2745738..a007e293 100644
--- a/src/messenger/webim/view/agents.php
+++ b/src/messenger/webim/view/agents.php
@@ -16,13 +16,23 @@ require_once("inc_menu.php");
 $page['title'] = getlocal("page_agents.title");
 $page['menuid'] = "operators";
 
-function tpl_content() { global $page, $webimroot;
+function tpl_header() { global $page, $webimroot;
+?>	
+<script type="text/javascript" language="javascript" src="<?php echo $webimroot ?>/js/jquery-1.3.2.min.js"></script>
+<?php
+}
+
+function tpl_content() { global $page, $webimroot, $errors;
 ?>
 
 <?php echo getlocal("page_agents.intro") ?>
 <br />
 <br />
+<?php 
+require_once('inc_errors.php');
+?>
 
+<?php if($page['canmodify']) { ?>
 <div class="tabletool">
 	<img src='<?php echo $webimroot ?>/images/buttons/createagent.gif' border="0" alt="" />
 	<a href='<?php echo $webimroot ?>/operator/operator.php' title="<?php echo getlocal("page_agents.new_agent") ?>">
@@ -30,7 +40,7 @@ function tpl_content() { global $page, $webimroot;
 	</a>
 </div>
 <br clear="all"/>
-
+<?php } ?>
 
 <table class="list">
 <thead>
@@ -41,6 +51,9 @@ function tpl_content() { global $page, $webimroot;
 	<?php echo getlocal("page_agents.agent_name") ?>
 </th><th>
 	<?php echo getlocal("page_agents.agent_commonname") ?>
+<?php if($page['canmodify']) { ?>
+</th><th>
+<?php } ?>
 </th>
 </tr>
 </thead>
@@ -48,7 +61,7 @@ function tpl_content() { global $page, $webimroot;
 <?php foreach( $page['allowedAgents'] as $a ) { ?>
 <tr>
 	<td class="notlast">
-   		<a href="<?php echo $webimroot ?>/operator/operator.php?op=<?php echo $a['operatorid'] ?>" class="man">
+   		<a id="ti<?php echo $a['operatorid'] ?>" href="<?php echo $webimroot ?>/operator/operator.php?op=<?php echo $a['operatorid'] ?>" class="man">
    			<?php echo htmlspecialchars(topage($a['vclogin'])) ?>
    		</a>
 	</td>
@@ -58,10 +71,23 @@ function tpl_content() { global $page, $webimroot;
 	<td>
    		<?php echo htmlspecialchars(topage($a['vccommonname'])) ?>
 	</td>
+<?php if($page['canmodify']) { ?>
+	<td>
+		<a class="removelink" id="i<?php echo $a['operatorid'] ?>" href="<?php echo $webimroot ?>/operator/operators.php?act=del&amp;id=<?php echo $a['operatorid'] ?>">
+			remove
+		</a>
+	</td>
+<?php } ?>	
 </tr>
 <?php } ?>
 </tbody>
 </table>
+<script type="text/javascript" language="javascript"><!--
+$('a.removelink').click(function(){
+	var login = $("#t"+this.id).text();
+	return confirm("<?php echo getlocalforJS("page_agents.confirm", array('"+$.trim(login)+"')) ?>");
+});
+//--></script>
 
 <?php 
 } /* content */
diff --git a/src/messenger/webim/view/blocked_visitors.php b/src/messenger/webim/view/blocked_visitors.php
index 37cd2e33..8880f159 100644
--- a/src/messenger/webim/view/blocked_visitors.php
+++ b/src/messenger/webim/view/blocked_visitors.php
@@ -22,12 +22,15 @@ function tpl_header() { global $page, $webimroot;
 <?php
 }
 
-function tpl_content() { global $page, $webimroot;
+function tpl_content() { global $page, $webimroot, $errors;
 ?>
 
 <?php echo getlocal("page_ban.intro") ?>
 <br />
 <br />
+<?php 
+require_once('inc_errors.php');
+?>
 
 <div class="tabletool">
 	<img src="<?php echo $webimroot ?>/images/buttons/createban.gif" border="0" alt=""/>
@@ -104,7 +107,7 @@ if( $page['pagination.items'] ) {
 <script type="text/javascript" language="javascript"><!--
 $('a.removelink').click(function(){
 	var addr = $("#t"+this.id).text();
-	return confirm("<?php echo str_replace("\n", "\\n", getlocal2("page_bans.confirm", array('"+$.trim(addr)+"'))) ?>");
+	return confirm("<?php echo getlocalforJS("page_bans.confirm", array('"+$.trim(addr)+"')) ?>");
 });
 //--></script>
 
diff --git a/src/messenger/webim/view/groups.php b/src/messenger/webim/view/groups.php
index 9d9ac27d..9f40368c 100644
--- a/src/messenger/webim/view/groups.php
+++ b/src/messenger/webim/view/groups.php
@@ -16,13 +16,23 @@ require_once("inc_menu.php");
 $page['title'] = getlocal("page.groups.title");
 $page['menuid'] = "groups";
 
-function tpl_content() { global $page, $webimroot;
+function tpl_header() { global $page, $webimroot;
+?>	
+<script type="text/javascript" language="javascript" src="<?php echo $webimroot ?>/js/jquery-1.3.2.min.js"></script>
+<?php
+}
+
+function tpl_content() { global $page, $webimroot, $errors;
 ?>
 
 <?php echo getlocal("page.groups.intro") ?>
 <br />
 <br />
+<?php 
+require_once('inc_errors.php');
+?>
 
+<?php if($page['canmodify']) { ?>
 <div class="tabletool">
 	<img src='<?php echo $webimroot ?>/images/buttons/createdep.gif' border="0" alt="" />
 	<a href='<?php echo $webimroot ?>/operator/group.php' title="<?php echo getlocal("page.groups.new") ?>">
@@ -30,7 +40,7 @@ function tpl_content() { global $page, $webimroot;
 	</a>
 </div>
 <br clear="all"/>
-
+<?php } ?>
 
 <table class="list">
 <thead>
@@ -41,7 +51,9 @@ function tpl_content() { global $page, $webimroot;
 	<?php echo getlocal("form.field.groupdesc") ?>
 </th><th>
 	<?php echo getlocal("page.group.membersnum") ?>
+<?php if($page['canmodify']) { ?>
 </th><th>
+<?php } ?>
 </th>
 </tr>
 </thead>
@@ -51,7 +63,7 @@ if(count($page['groups']) > 0) {
 	foreach( $page['groups'] as $grp ) { ?>
 <tr>
 	<td class="notlast">
-   		<a href="<?php echo $webimroot ?>/operator/group.php?gid=<?php echo $grp['groupid'] ?>" class="man">
+   		<a href="<?php echo $webimroot ?>/operator/group.php?gid=<?php echo $grp['groupid'] ?>" id="ti<?php echo $grp['groupid'] ?>" class="man">
    			<?php echo htmlspecialchars(topage($grp['vclocalname'])) ?>
    		</a>
 	</td>
@@ -63,11 +75,13 @@ if(count($page['groups']) > 0) {
 	   		<?php echo htmlspecialchars(topage($grp['inumofagents'])) ?>
    		</a>
 	</td>
+<?php if($page['canmodify']) { ?>
 	<td>
-		<a href="<?php echo $webimroot ?>/operator/groups.php?act=del&amp;gid=<?php echo $grp['groupid'] ?>">
+		<a href="<?php echo $webimroot ?>/operator/groups.php?act=del&amp;gid=<?php echo $grp['groupid'] ?>" id="i<?php echo $grp['groupid'] ?>" class="removelink">
 			remove
 		</a>
 	</td>
+<?php } ?>
 </tr>
 <?php 
 	}
@@ -83,6 +97,12 @@ if(count($page['groups']) > 0) {
 ?>
 </tbody>
 </table>
+<script type="text/javascript" language="javascript"><!--
+$('a.removelink').click(function(){
+	var groupname = $("#t"+this.id).text();
+	return confirm("<?php echo getlocalforJS("page.groups.confirm", array('"+$.trim(groupname)+"')) ?>");
+});
+//--></script>
 
 <?php 
 } /* content */