tray/src/messenger/webim/operator/permissions.php

<?php
/*
 * Copyright 2005-2013 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

require_once('../libs/common.php');
require_once('../libs/operator.php');
require_once('../libs/operator_settings.php');

$operator = check_login();
csrfchecktoken();

function update_operator_permissions($operatorid, $newvalue)
{
	$db = Database::getInstance();
	$db->query(
		"update {chatoperator} set iperm = ? where operatorid = ?",
		array($newvalue, $operatorid)
	);
}

$opId = verifyparam("op", "/^\d{1,9}$/");
$page = array('opid' => $opId, 'canmodify' => is_capable($can_administrate, $operator) ? "1" : "");
$errors = array();

$op = operator_by_id($opId);

if (!$op) {
	$errors[] = getlocal("no_such_operator");

} else if (isset($_POST['op'])) {

	if (!is_capable($can_administrate, $operator)) {
		$errors[] = getlocal('page_agent.cannot_modify');
	}

	$new_permissions = isset($op['iperm']) ? $op['iperm'] : 0;

	foreach ($permission_ids as $perm => $id) {
		if (verifyparam("permissions$id", "/^on$/", "") == "on") {
			$new_permissions |= (1 << $perm);
		} else {
			$new_permissions &= ~(1 << $perm);
		}
	}

	if (count($errors) == 0) {
		update_operator_permissions($op['operatorid'], $new_permissions);

		if ($opId && $_SESSION["${mysqlprefix}operator"] && $operator['operatorid'] == $opId) {
			$_SESSION["${mysqlprefix}operator"]['iperm'] = $new_permissions;
		}
		header("Location: $webimroot/operator/permissions.php?op=$opId&stored");
		exit;
	}

}

$page['permissionsList'] = get_permission_list();
$page['formpermissions'] = array("");
$page['currentop'] = $op ? topage(get_operator_name($op)) . " (" . $op['vclogin'] . ")" : "-not found-";

if ($op) {
	foreach ($permission_ids as $perm => $id) {
		if (is_capable($perm, $op)) {
			$page['formpermissions'][] = $id;
		}
	}
}

$page['stored'] = isset($_GET['stored']);
prepare_menu($operator);
setup_operator_settings_tabs($opId, 3);
start_html_output();
require('../view/permissions.php');
?>
permissions git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@218 c66351dc-e62f-0410-b875-e3a5c0b9693f 2008-12-08 03:34:28 +03:00			`<?php`
			`/*`
apache 2 license in php headers 2013-03-07 01:22:53 +04:00			`* Copyright 2005-2013 the original author or authors.`
			`*`
			`* Licensed under the Apache License, Version 2.0 (the "License");`
			`* you may not use this file except in compliance with the License.`
			`* You may obtain a copy of the License at`
			`*`
			`* http://www.apache.org/licenses/LICENSE-2.0`
			`*`
			`* Unless required by applicable law or agreed to in writing, software`
			`* distributed under the License is distributed on an "AS IS" BASIS,`
			`* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`* See the License for the specific language governing permissions and`
			`* limitations under the License.`
permissions git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@218 c66351dc-e62f-0410-b875-e3a5c0b9693f 2008-12-08 03:34:28 +03:00			`*/`

			`require_once('../libs/common.php');`
			`require_once('../libs/operator.php');`
department -> group, manages groups of agent git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@431 c66351dc-e62f-0410-b875-e3a5c0b9693f 2009-03-23 00:22:51 +03:00			`require_once('../libs/operator_settings.php');`
permissions git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@218 c66351dc-e62f-0410-b875-e3a5c0b9693f 2008-12-08 03:34:28 +03:00
			`$operator = check_login();`
format the code; remove comments in the client code; move csrfchecktoken() right after check_login() Conflicts: src/messenger/webim/libs/common.php src/messenger/webim/operator/canned.php src/messenger/webim/operator/cannededit.php src/messenger/webim/operator/operators.php src/messenger/webim/operator/settings.php src/messenger/webim/operator/translate.php 2012-06-27 11:51:16 +04:00			`csrfchecktoken();`
permissions git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@218 c66351dc-e62f-0410-b875-e3a5c0b9693f 2008-12-08 03:34:28 +03:00
use mysqlprefix in names of session vars 2011-02-26 16:43:30 +03:00			`function update_operator_permissions($operatorid, $newvalue)`
			`{`
Replace database functions with Database class methods 2012-07-13 16:56:50 +04:00			`$db = Database::getInstance();`
			`$db->query(`
			`"update {chatoperator} set iperm = ? where operatorid = ?",`
			`array($newvalue, $operatorid)`
			`);`
permissions git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@218 c66351dc-e62f-0410-b875-e3a5c0b9693f 2008-12-08 03:34:28 +03:00			`}`

use mysqlprefix in names of session vars 2011-02-26 16:43:30 +03:00			`$opId = verifyparam("op", "/^\d{1,9}$/");`
fix date_diff, profile git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@467 c66351dc-e62f-0410-b875-e3a5c0b9693f 2009-04-10 18:12:57 +04:00			`$page = array('opid' => $opId, 'canmodify' => is_capable($can_administrate, $operator) ? "1" : "");`
permissions git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@218 c66351dc-e62f-0410-b875-e3a5c0b9693f 2008-12-08 03:34:28 +03:00			`$errors = array();`

			`$op = operator_by_id($opId);`

use mysqlprefix in names of session vars 2011-02-26 16:43:30 +03:00			`if (!$op) {`
permissions git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@218 c66351dc-e62f-0410-b875-e3a5c0b9693f 2008-12-08 03:34:28 +03:00			`$errors[] = getlocal("no_such_operator");`

use mysqlprefix in names of session vars 2011-02-26 16:43:30 +03:00			`} else if (isset($_POST['op'])) {`
permissions git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@218 c66351dc-e62f-0410-b875-e3a5c0b9693f 2008-12-08 03:34:28 +03:00
use mysqlprefix in names of session vars 2011-02-26 16:43:30 +03:00			`if (!is_capable($can_administrate, $operator)) {`
fix date_diff, profile git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@467 c66351dc-e62f-0410-b875-e3a5c0b9693f 2009-04-10 18:12:57 +04:00			`$errors[] = getlocal('page_agent.cannot_modify');`
			`}`

permissions git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@218 c66351dc-e62f-0410-b875-e3a5c0b9693f 2008-12-08 03:34:28 +03:00			`$new_permissions = isset($op['iperm']) ? $op['iperm'] : 0;`

use mysqlprefix in names of session vars 2011-02-26 16:43:30 +03:00			`foreach ($permission_ids as $perm => $id) {`
			`if (verifyparam("permissions$id", "/^on$/", "") == "on") {`
permissions git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@218 c66351dc-e62f-0410-b875-e3a5c0b9693f 2008-12-08 03:34:28 +03:00			`$new_permissions \|= (1 << $perm);`
			`} else {`
use mysqlprefix in names of session vars 2011-02-26 16:43:30 +03:00			`$new_permissions &= ~(1 << $perm);`
permissions git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@218 c66351dc-e62f-0410-b875-e3a5c0b9693f 2008-12-08 03:34:28 +03:00			`}`
			`}`

use mysqlprefix in names of session vars 2011-02-26 16:43:30 +03:00			`if (count($errors) == 0) {`
			`update_operator_permissions($op['operatorid'], $new_permissions);`
permissions git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@218 c66351dc-e62f-0410-b875-e3a5c0b9693f 2008-12-08 03:34:28 +03:00
use mysqlprefix in names of session vars 2011-02-26 16:43:30 +03:00			`if ($opId && $_SESSION["${mysqlprefix}operator"] && $operator['operatorid'] == $opId) {`
			`$_SESSION["${mysqlprefix}operator"]['iperm'] = $new_permissions;`
permissions git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@221 c66351dc-e62f-0410-b875-e3a5c0b9693f 2008-12-09 02:47:40 +03:00			`}`
group members, generate button for group git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@435 c66351dc-e62f-0410-b875-e3a5c0b9693f 2009-03-25 02:34:57 +03:00			`header("Location: $webimroot/operator/permissions.php?op=$opId&stored");`
permissions git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@218 c66351dc-e62f-0410-b875-e3a5c0b9693f 2008-12-08 03:34:28 +03:00			`exit;`
			`}`

			`}`

			`$page['permissionsList'] = get_permission_list();`
			`$page['formpermissions'] = array("");`
use mysqlprefix in names of session vars 2011-02-26 16:43:30 +03:00			`$page['currentop'] = $op ? topage(get_operator_name($op)) . " (" . $op['vclogin'] . ")" : "-not found-";`
permissions git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@218 c66351dc-e62f-0410-b875-e3a5c0b9693f 2008-12-08 03:34:28 +03:00
use mysqlprefix in names of session vars 2011-02-26 16:43:30 +03:00			`if ($op) {`
			`foreach ($permission_ids as $perm => $id) {`
			`if (is_capable($perm, $op)) {`
fix date_diff, profile git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@467 c66351dc-e62f-0410-b875-e3a5c0b9693f 2009-04-10 18:12:57 +04:00			`$page['formpermissions'][] = $id;`
			`}`
permissions git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@218 c66351dc-e62f-0410-b875-e3a5c0b9693f 2008-12-08 03:34:28 +03:00			`}`
			`}`

group members, generate button for group git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@435 c66351dc-e62f-0410-b875-e3a5c0b9693f 2009-03-25 02:34:57 +03:00			`$page['stored'] = isset($_GET['stored']);`
right menu depends on agent rights and features git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@411 c66351dc-e62f-0410-b875-e3a5c0b9693f 2009-03-16 04:20:04 +03:00			`prepare_menu($operator);`
use mysqlprefix in names of session vars 2011-02-26 16:43:30 +03:00			`setup_operator_settings_tabs($opId, 3);`
permissions git-svn-id: https://webim.svn.sourceforge.net/svnroot/webim/trunk@218 c66351dc-e62f-0410-b875-e3a5c0b9693f 2008-12-08 03:34:28 +03:00			`start_html_output();`
			`require('../view/permissions.php');`
Update headers 2013-03-13 01:03:50 +04:00			`?>`