tray/src/messenger/webim/operator/permissions.php

<?php
/*
 * This file is part of Mibew Messenger project.
 * 
 * Copyright (c) 2005-2011 Mibew Messenger Community
 * All rights reserved. The contents of this file are subject to the terms of
 * the Eclipse Public License v1.0 which accompanies this distribution, and
 * is available at http://www.eclipse.org/legal/epl-v10.html
 * 
 * Alternatively, the contents of this file may be used under the terms of
 * the GNU General Public License Version 2 or later (the "GPL"), in which case
 * the provisions of the GPL are applicable instead of those above. If you wish
 * to allow use of your version of this file only under the terms of the GPL, and
 * not to allow others to use your version of this file under the terms of the
 * EPL, indicate your decision by deleting the provisions above and replace them
 * with the notice and other provisions required by the GPL.
 * 
 * Contributors:
 *    Evgeny Gryaznov - initial API and implementation
 */

require_once('../libs/common.php');
require_once('../libs/operator.php');
require_once('../libs/operator_settings.php');

$operator = check_login();
csrfchecktoken();

function update_operator_permissions($operatorid, $newvalue)
{
	global $mysqlprefix;
	$link = connect();
	$query = "update ${mysqlprefix}chatoperator set iperm = $newvalue where operatorid = $operatorid";

	perform_query($query, $link);
	mysql_close($link);
}

$opId = verifyparam("op", "/^\d{1,9}$/");
$page = array('opid' => $opId, 'canmodify' => is_capable($can_administrate, $operator) ? "1" : "");
$errors = array();

$op = operator_by_id($opId);

if (!$op) {
	$errors[] = getlocal("no_such_operator");

} else if (isset($_POST['op'])) {

	if (!is_capable($can_administrate, $operator)) {
		$errors[] = getlocal('page_agent.cannot_modify');
	}

	$new_permissions = isset($op['iperm']) ? $op['iperm'] : 0;

	foreach ($permission_ids as $perm => $id) {
		if (verifyparam("permissions$id", "/^on$/", "") == "on") {
			$new_permissions |= (1 << $perm);
		} else {
			$new_permissions &= ~(1 << $perm);
		}
	}

	if (count($errors) == 0) {
		update_operator_permissions($op['operatorid'], $new_permissions);

		if ($opId && $_SESSION["${mysqlprefix}operator"] && $operator['operatorid'] == $opId) {
			$_SESSION["${mysqlprefix}operator"]['iperm'] = $new_permissions;
		}
		header("Location: $webimroot/operator/permissions.php?op=$opId&stored");
		exit;
	}

}

$page['permissionsList'] = get_permission_list();
$page['formpermissions'] = array("");
$page['currentop'] = $op ? topage(get_operator_name($op)) . " (" . $op['vclogin'] . ")" : "-not found-";

if ($op) {
	foreach ($permission_ids as $perm => $id) {
		if (is_capable($perm, $op)) {
			$page['formpermissions'][] = $id;
		}
	}
}

$page['stored'] = isset($_GET['stored']);
prepare_menu($operator);
setup_operator_settings_tabs($opId, 3);
start_html_output();
require('../view/permissions.php');
?>
permissions git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@218 c66351dc-e62f-0410-b875-e3a5c0b9693f 2008-12-08 03:34:28 +03:00			`<?php`
			`/*`
rename product: headers git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@519 c66351dc-e62f-0410-b875-e3a5c0b9693f 2009-06-04 02:44:32 +04:00			`* This file is part of Mibew Messenger project.`
remove odd white spaces, unify headers git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@604 c66351dc-e62f-0410-b875-e3a5c0b9693f 2009-08-04 20:30:39 +04:00			`*`
2011 copyrights 2011-02-16 03:22:22 +03:00			`* Copyright (c) 2005-2011 Mibew Messenger Community`
update copyright header git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@602 c66351dc-e62f-0410-b875-e3a5c0b9693f 2009-08-04 19:03:27 +04:00			`* All rights reserved. The contents of this file are subject to the terms of`
			`* the Eclipse Public License v1.0 which accompanies this distribution, and`
			`* is available at http://www.eclipse.org/legal/epl-v10.html`
remove odd white spaces, unify headers git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@604 c66351dc-e62f-0410-b875-e3a5c0b9693f 2009-08-04 20:30:39 +04:00			`*`
add GPL clause git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@599 c66351dc-e62f-0410-b875-e3a5c0b9693f 2009-08-04 17:38:37 +04:00			`* Alternatively, the contents of this file may be used under the terms of`
			`* the GNU General Public License Version 2 or later (the "GPL"), in which case`
			`* the provisions of the GPL are applicable instead of those above. If you wish`
			`* to allow use of your version of this file only under the terms of the GPL, and`
			`* not to allow others to use your version of this file under the terms of the`
			`* EPL, indicate your decision by deleting the provisions above and replace them`
			`* with the notice and other provisions required by the GPL.`
remove odd white spaces, unify headers git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@604 c66351dc-e62f-0410-b875-e3a5c0b9693f 2009-08-04 20:30:39 +04:00			`*`
permissions git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@218 c66351dc-e62f-0410-b875-e3a5c0b9693f 2008-12-08 03:34:28 +03:00			`* Contributors:`
			`* Evgeny Gryaznov - initial API and implementation`
			`*/`

			`require_once('../libs/common.php');`
			`require_once('../libs/operator.php');`
department -> group, manages groups of agent git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@431 c66351dc-e62f-0410-b875-e3a5c0b9693f 2009-03-23 00:22:51 +03:00			`require_once('../libs/operator_settings.php');`
permissions git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@218 c66351dc-e62f-0410-b875-e3a5c0b9693f 2008-12-08 03:34:28 +03:00
			`$operator = check_login();`
format the code; remove comments in the client code; move csrfchecktoken() right after check_login() 2012-06-27 11:51:16 +04:00			`csrfchecktoken();`
permissions git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@218 c66351dc-e62f-0410-b875-e3a5c0b9693f 2008-12-08 03:34:28 +03:00
use mysqlprefix in names of session vars 2011-02-26 16:43:30 +03:00			`function update_operator_permissions($operatorid, $newvalue)`
			`{`
			`global $mysqlprefix;`
permissions git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@218 c66351dc-e62f-0410-b875-e3a5c0b9693f 2008-12-08 03:34:28 +03:00			`$link = connect();`
$mysqlprefix variable added 2011-02-26 16:13:16 +03:00			`$query = "update ${mysqlprefix}chatoperator set iperm = $newvalue where operatorid = $operatorid";`
permissions git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@218 c66351dc-e62f-0410-b875-e3a5c0b9693f 2008-12-08 03:34:28 +03:00
use mysqlprefix in names of session vars 2011-02-26 16:43:30 +03:00			`perform_query($query, $link);`
permissions git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@218 c66351dc-e62f-0410-b875-e3a5c0b9693f 2008-12-08 03:34:28 +03:00			`mysql_close($link);`
			`}`

use mysqlprefix in names of session vars 2011-02-26 16:43:30 +03:00			`$opId = verifyparam("op", "/^\d{1,9}$/");`
fix date_diff, profile git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@467 c66351dc-e62f-0410-b875-e3a5c0b9693f 2009-04-10 18:12:57 +04:00			`$page = array('opid' => $opId, 'canmodify' => is_capable($can_administrate, $operator) ? "1" : "");`
permissions git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@218 c66351dc-e62f-0410-b875-e3a5c0b9693f 2008-12-08 03:34:28 +03:00			`$errors = array();`

			`$op = operator_by_id($opId);`

use mysqlprefix in names of session vars 2011-02-26 16:43:30 +03:00			`if (!$op) {`
permissions git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@218 c66351dc-e62f-0410-b875-e3a5c0b9693f 2008-12-08 03:34:28 +03:00			`$errors[] = getlocal("no_such_operator");`

use mysqlprefix in names of session vars 2011-02-26 16:43:30 +03:00			`} else if (isset($_POST['op'])) {`
permissions git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@218 c66351dc-e62f-0410-b875-e3a5c0b9693f 2008-12-08 03:34:28 +03:00
use mysqlprefix in names of session vars 2011-02-26 16:43:30 +03:00			`if (!is_capable($can_administrate, $operator)) {`
fix date_diff, profile git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@467 c66351dc-e62f-0410-b875-e3a5c0b9693f 2009-04-10 18:12:57 +04:00			`$errors[] = getlocal('page_agent.cannot_modify');`
			`}`

permissions git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@218 c66351dc-e62f-0410-b875-e3a5c0b9693f 2008-12-08 03:34:28 +03:00			`$new_permissions = isset($op['iperm']) ? $op['iperm'] : 0;`

use mysqlprefix in names of session vars 2011-02-26 16:43:30 +03:00			`foreach ($permission_ids as $perm => $id) {`
			`if (verifyparam("permissions$id", "/^on$/", "") == "on") {`
permissions git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@218 c66351dc-e62f-0410-b875-e3a5c0b9693f 2008-12-08 03:34:28 +03:00			`$new_permissions \|= (1 << $perm);`
			`} else {`
use mysqlprefix in names of session vars 2011-02-26 16:43:30 +03:00			`$new_permissions &= ~(1 << $perm);`
permissions git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@218 c66351dc-e62f-0410-b875-e3a5c0b9693f 2008-12-08 03:34:28 +03:00			`}`
			`}`

use mysqlprefix in names of session vars 2011-02-26 16:43:30 +03:00			`if (count($errors) == 0) {`
			`update_operator_permissions($op['operatorid'], $new_permissions);`
permissions git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@218 c66351dc-e62f-0410-b875-e3a5c0b9693f 2008-12-08 03:34:28 +03:00
use mysqlprefix in names of session vars 2011-02-26 16:43:30 +03:00			`if ($opId && $_SESSION["${mysqlprefix}operator"] && $operator['operatorid'] == $opId) {`
			`$_SESSION["${mysqlprefix}operator"]['iperm'] = $new_permissions;`
permissions git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@221 c66351dc-e62f-0410-b875-e3a5c0b9693f 2008-12-09 02:47:40 +03:00			`}`
group members, generate button for group git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@435 c66351dc-e62f-0410-b875-e3a5c0b9693f 2009-03-25 02:34:57 +03:00			`header("Location: $webimroot/operator/permissions.php?op=$opId&stored");`
permissions git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@218 c66351dc-e62f-0410-b875-e3a5c0b9693f 2008-12-08 03:34:28 +03:00			`exit;`
			`}`

			`}`

			`$page['permissionsList'] = get_permission_list();`
			`$page['formpermissions'] = array("");`
use mysqlprefix in names of session vars 2011-02-26 16:43:30 +03:00			`$page['currentop'] = $op ? topage(get_operator_name($op)) . " (" . $op['vclogin'] . ")" : "-not found-";`
permissions git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@218 c66351dc-e62f-0410-b875-e3a5c0b9693f 2008-12-08 03:34:28 +03:00
use mysqlprefix in names of session vars 2011-02-26 16:43:30 +03:00			`if ($op) {`
			`foreach ($permission_ids as $perm => $id) {`
			`if (is_capable($perm, $op)) {`
fix date_diff, profile git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@467 c66351dc-e62f-0410-b875-e3a5c0b9693f 2009-04-10 18:12:57 +04:00			`$page['formpermissions'][] = $id;`
			`}`
permissions git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@218 c66351dc-e62f-0410-b875-e3a5c0b9693f 2008-12-08 03:34:28 +03:00			`}`
			`}`

group members, generate button for group git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@435 c66351dc-e62f-0410-b875-e3a5c0b9693f 2009-03-25 02:34:57 +03:00			`$page['stored'] = isset($_GET['stored']);`
right menu depends on agent rights and features git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@411 c66351dc-e62f-0410-b875-e3a5c0b9693f 2009-03-16 04:20:04 +03:00			`prepare_menu($operator);`
use mysqlprefix in names of session vars 2011-02-26 16:43:30 +03:00			`setup_operator_settings_tabs($opId, 3);`
permissions git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@218 c66351dc-e62f-0410-b875-e3a5c0b9693f 2008-12-08 03:34:28 +03:00			`start_html_output();`
			`require('../view/permissions.php');`
update comment for avatar csrf, and add csrf token check to permission page 2012-05-01 16:02:34 +04:00			`?>`