Remove permission related global vars

src/messenger/webim/libs/classes/users_processor.php

@@ -156,8 +156,6 @@ class UsersProcessor extends ClientSideProcessor {
 	 * Return updated threads list. API function
 	 *
 	 * @global string $session_prefix Session vars prefix
-	 * @global int $can_viewthreads View threads permission code
-	 * @global int $can_takeover Take threads over permission code
 	 * @param array $args Associative array of arguments. It must contains
 	 * following keys:
 	 *  - 'agentId': Id of the agent related to users window
@@ -166,7 +164,7 @@ class UsersProcessor extends ClientSideProcessor {
 	 *  - 'threads': array of threads changes
 	 */
 	protected function apiUpdateThreads($args) {
-		global $session_prefix, $can_viewthreads, $can_takeover;
+		global $session_prefix;
 
 		$operator = self::checkOperator($args['agentId']);
 
@@ -221,11 +219,11 @@ class UsersProcessor extends ClientSideProcessor {
 			// Calculate agent permissions
 			$can_open = !($thread->state == Thread::STATE_CHATTING
 				&& $thread->agentId != $operator['operatorid']
-				&& !is_capable($can_takeover, $operator));
+				&& !is_capable(CAN_TAKEOVER, $operator));
 
 			$can_view = ($thread->agentId != $operator['operatorid']
 				&& $thread->nextAgent != $operator['operatorid']
-				&& is_capable($can_viewthreads, $operator));
+				&& is_capable(CAN_VIEWTHREADS, $operator));
 
 			$can_ban = (Settings::get('enableban') == "1");
 

src/messenger/webim/libs/operator.php

@@ -15,19 +15,43 @@
  * limitations under the License.
  */
 
-$can_administrate = 0;
+/** Permissions constants */
-$can_takeover = 1;
-$can_viewthreads = 2;
-$can_modifyprofile = 3;
 
-$can_count = 4;
+/**
+ * Operator can administer Mibew instalation
+ */
+define('CAN_ADMINISTRATE', 0);
 
-$permission_ids = array(
+/**
-	$can_administrate => "admin",
+ * Operator can take over threads
-	$can_takeover => "takeover",
+ */
-	$can_viewthreads => "viewthreads",
+define('CAN_TAKEOVER', 1);
-	$can_modifyprofile => "modifyprofile"
+
-);
+/**
+ * Operator can view threads of other operators
+ */
+define('CAN_VIEWTHREADS', 2);
+
+/**
+ * Operator can modify own profile
+ */
+define('CAN_MODIFYPROFILE', 3);
+
+/** End of permissions constants */
+
+/**
+ * Map numerical permissions ids onto string names.
+ * @return array Associativa array whose keys are numerical permission ids and
+ * values are string permission names.
+ */
+function permission_ids() {
+	return array(
+		CAN_ADMINISTRATE => "admin",
+		CAN_TAKEOVER => "takeover",
+		CAN_VIEWTHREADS => "viewthreads",
+		CAN_MODIFYPROFILE => "modifyprofile"
+	);
+}
 
 function operator_by_login($login)
 {
@@ -555,13 +579,11 @@ function setup_redirect_links($threadid, $operator, $token)
 	$page['redirectToGroup'] = $group_list;
 }
 
-$permission_list = array();
-
 function get_permission_list()
 {
-	global $permission_list, $permission_ids;
+	static $permission_list = array();
 	if (count($permission_list) == 0) {
-		foreach ($permission_ids as $permid) {
+		foreach (permission_ids() as $permid) {
 			$permission_list[] = array(
 				'id' => $permid,
 				'descr' => getlocal("permission.$permid")
@@ -579,18 +601,17 @@ function is_capable($perm, $operator)
 
 function in_isolation($operator)
 {
-	global $can_administrate;
+	return (!is_capable(CAN_ADMINISTRATE, $operator) && Settings::get('enablegroups') && Settings::get('enablegroupsisolation'));
-	return (!is_capable($can_administrate, $operator) && Settings::get('enablegroups') && Settings::get('enablegroupsisolation'));
 }
 
 function prepare_menu($operator, $hasright = true)
 {
-	global $page, $can_administrate;
+	global $page;
 	$page['operator'] = topage(get_operator_name($operator));
 	if ($hasright) {
 		$page['showban'] = Settings::get('enableban') == "1";
 		$page['showstat'] = Settings::get('enablestatistics') == "1";
-		$page['showadmin'] = is_capable($can_administrate, $operator);
+		$page['showadmin'] = is_capable(CAN_ADMINISTRATE, $operator);
 		$page['currentopid'] = $operator['operatorid'];
 	}
 }

src/messenger/webim/operator/agent.php

@@ -64,7 +64,7 @@ if (!isset($_GET['token'])) {
 	$forcetake = verifyparam("force", "/^true$/", false);
 	if (!$viewonly && $thread->state == Thread::STATE_CHATTING && $operator['operatorid'] != $thread->agentId) {
 
-		if (!is_capable($can_takeover, $operator)) {
+		if (!is_capable(CAN_TAKEOVER, $operator)) {
 			$errors = array(getlocal("thread.error.cannot_take_over"));
 			start_html_output();
 			expand("../styles/dialogs", getchatstyle(), "error.tpl");
@@ -90,7 +90,7 @@ if (!isset($_GET['token'])) {
 			expand("../styles/dialogs", getchatstyle(), "error.tpl");
 			exit;
 		}
-	} else if (!is_capable($can_viewthreads, $operator)) {
+	} else if (!is_capable(CAN_VIEWTHREADS, $operator)) {
 		$errors = array(getlocal("thread.error.cannot_view"));
 		start_html_output();
 		expand("../styles/dialogs", getchatstyle(), "error.tpl");
@@ -109,7 +109,7 @@ if (!$thread) {
 	die("wrong thread");
 }
 
-if ($thread->agentId != $operator['operatorid'] && !is_capable($can_viewthreads, $operator)) {
+if ($thread->agentId != $operator['operatorid'] && !is_capable(CAN_VIEWTHREADS, $operator)) {
 	$errors = array("Cannot view threads");
 	start_html_output();
 	expand("../styles/dialogs", getchatstyle(), "error.tpl");

src/messenger/webim/operator/avatar.php

@@ -26,8 +26,8 @@ $opId = verifyparam("op", "/^\d{1,9}$/");
 $page = array('opid' => $opId, 'avatar' => '');
 $errors = array();
 
-$canmodify = ($opId == $operator['operatorid'] && is_capable($can_modifyprofile, $operator))
+$canmodify = ($opId == $operator['operatorid'] && is_capable(CAN_MODIFYPROFILE, $operator))
-			 || is_capable($can_administrate, $operator);
+			 || is_capable(CAN_ADMINISTRATE, $operator);
 
 $op = operator_by_id($opId);
 

src/messenger/webim/operator/features.php

@@ -44,7 +44,7 @@ foreach ($options as $opt) {
 }
 
 if (isset($_POST['sent'])) {
-	if (is_capable($can_administrate, $operator)) {
+	if (is_capable(CAN_ADMINISTRATE, $operator)) {
 		foreach ($options as $opt) {
 			Settings::set($opt,(verifyparam($opt, "/^on$/", "") == "on" ? "1" : "0"));
 		}
@@ -56,7 +56,7 @@ if (isset($_POST['sent'])) {
 	}
 }
 
-$page['canmodify'] = is_capable($can_administrate, $operator);
+$page['canmodify'] = is_capable(CAN_ADMINISTRATE, $operator);
 $page['stored'] = isset($_GET['stored']);
 foreach ($options as $opt) {
 	$page["form$opt"] = $params[$opt] == "1";

src/messenger/webim/operator/groups.php

@@ -28,7 +28,7 @@ if (isset($_GET['act']) && $_GET['act'] == 'del') {
 		$errors[] = getlocal("page.groups.error.cannot_delete");
 	}
 
-	if (!is_capable($can_administrate, $operator)) {
+	if (!is_capable(CAN_ADMINISTRATE, $operator)) {
 		$errors[] = getlocal("page.groups.error.forbidden_remove");
 	}
 
@@ -59,7 +59,7 @@ $sort['desc'] = (verifyparam("sortdirection", "/^(desc|asc)$/", "desc") == "desc
 $page['groups'] = get_sorted_groups($sort);
 $page['formsortby'] = $sort['by'];
 $page['formsortdirection'] = $sort['desc']?'desc':'asc';
-$page['canmodify'] = is_capable($can_administrate, $operator);
+$page['canmodify'] = is_capable(CAN_ADMINISTRATE, $operator);
 $page['availableOrders'] = array(
 	array('id' => 'name', 'name' => getlocal('form.field.groupname')),
 	array('id' => 'lastseen', 'name' => getlocal('page_agents.status')),

src/messenger/webim/operator/operator.php

@@ -26,9 +26,9 @@ $page = array('opid' => '');
 $errors = array();
 $opId = '';
 
-if ((isset($_POST['login']) || !is_capable($can_administrate, $operator)) && isset($_POST['password'])) {
+if ((isset($_POST['login']) || !is_capable(CAN_ADMINISTRATE, $operator)) && isset($_POST['password'])) {
 	$opId = verifyparam("opid", "/^(\d{1,9})?$/", "");
-	if (is_capable($can_administrate, $operator)) {
+	if (is_capable(CAN_ADMINISTRATE, $operator)) {
 		$login = getparam('login');
 	} else {
 		$login = $operator['vclogin'];
@@ -65,8 +65,8 @@ if ((isset($_POST['login']) || !is_capable($can_administrate, $operator)) && iss
 		($opId && $existing_operator && $opId != $existing_operator['operatorid']))
 		$errors[] = getlocal("page_agent.error.duplicate_login");
 
-	$canmodify = ($opId == $operator['operatorid'] && is_capable($can_modifyprofile, $operator))
+	$canmodify = ($opId == $operator['operatorid'] && is_capable(CAN_MODIFYPROFILE, $operator))
-				 || is_capable($can_administrate, $operator);
+				 || is_capable(CAN_ADMINISTRATE, $operator);
 	if (!$canmodify) {
 		$errors[] = getlocal('page_agent.cannot_modify');
 	}
@@ -120,16 +120,16 @@ if ((isset($_POST['login']) || !is_capable($can_administrate, $operator)) && iss
 	}
 }
 
-if (!$opId && !is_capable($can_administrate, $operator)) {
+if (!$opId && !is_capable(CAN_ADMINISTRATE, $operator)) {
 	$errors[] = getlocal("page_agent.error.forbidden_create");
 }
 
-$canmodify = ($opId == $operator['operatorid'] && is_capable($can_modifyprofile, $operator))
+$canmodify = ($opId == $operator['operatorid'] && is_capable(CAN_MODIFYPROFILE, $operator))
-			 || is_capable($can_administrate, $operator);
+			 || is_capable(CAN_ADMINISTRATE, $operator);
 
 $page['stored'] = isset($_GET['stored']);
 $page['canmodify'] = $canmodify ? "1" : "";
-$page['canchangelogin'] = is_capable($can_administrate, $operator);
+$page['canchangelogin'] = is_capable(CAN_ADMINISTRATE, $operator);
 $page['needChangePassword'] = $operator['vcpassword'] == md5('');
 
 prepare_menu($operator);

src/messenger/webim/operator/operators.php

@@ -30,7 +30,7 @@ if (isset($_GET['act'])) {
 	}
 
 	if ($_GET['act'] == 'del') {
-		if (!is_capable($can_administrate, $operator)) {
+		if (!is_capable(CAN_ADMINISTRATE, $operator)) {
 			$errors[] = getlocal("page_agents.error.forbidden_remove");
 		}
 
@@ -55,7 +55,7 @@ if (isset($_GET['act'])) {
 	}
 	if ($_GET['act'] == 'disable' || $_GET['act'] == 'enable') {
 		$act_disable = ($_GET['act'] == 'disable');
-		if (!is_capable($can_administrate, $operator)) {
+		if (!is_capable(CAN_ADMINISTRATE, $operator)) {
 			$errors[] = $act_disable?getlocal('page_agents.disable.not.allowed'):getlocal('page_agents.enable.not.allowed');
 		}
 
@@ -95,7 +95,7 @@ if (in_isolation($operator)) {
 	$list_options['isolated_operator_id'] = $operator['operatorid'];
 }
 $page['allowedAgents'] = get_operators_list($list_options);
-$page['canmodify'] = is_capable($can_administrate, $operator);
+$page['canmodify'] = is_capable(CAN_ADMINISTRATE, $operator);
 $page['availableOrders'] = array(
 	array('id' => 'login', 'name' => getlocal('page_agents.login')),
 	array('id' => 'localename', 'name' => getlocal('page_agents.agent_name')),

src/messenger/webim/operator/opgroups.php

@@ -44,7 +44,7 @@ $page = array('opid' => $opId);
 $page['groups'] = $operator_in_isolation?get_all_groups_for_operator($operator):get_all_groups();
 $errors = array();
 
-$canmodify = is_capable($can_administrate, $operator);
+$canmodify = is_capable(CAN_ADMINISTRATE, $operator);
 
 $op = operator_by_id($opId);
 

src/messenger/webim/operator/permissions.php

@@ -32,7 +32,7 @@ function update_operator_permissions($operatorid, $newvalue)
 }
 
 $opId = verifyparam("op", "/^\d{1,9}$/");
-$page = array('opid' => $opId, 'canmodify' => is_capable($can_administrate, $operator) ? "1" : "");
+$page = array('opid' => $opId, 'canmodify' => is_capable(CAN_ADMINISTRATE, $operator) ? "1" : "");
 $errors = array();
 
 $op = operator_by_id($opId);
@@ -42,13 +42,13 @@ if (!$op) {
 
 } else if (isset($_POST['op'])) {
 
-	if (!is_capable($can_administrate, $operator)) {
+	if (!is_capable(CAN_ADMINISTRATE, $operator)) {
 		$errors[] = getlocal('page_agent.cannot_modify');
 	}
 
 	$new_permissions = isset($op['iperm']) ? $op['iperm'] : 0;
 
-	foreach ($permission_ids as $perm => $id) {
+	foreach (permission_ids() as $perm => $id) {
 		if (verifyparam("permissions$id", "/^on$/", "") == "on") {
 			$new_permissions |= (1 << $perm);
 		} else {
@@ -73,7 +73,7 @@ $page['formpermissions'] = array("");
 $page['currentop'] = $op ? topage(get_operator_name($op)) . " (" . $op['vclogin'] . ")" : "-not found-";
 
 if ($op) {
-	foreach ($permission_ids as $perm => $id) {
+	foreach (permission_ids() as $perm => $id) {
 		if (is_capable($perm, $op)) {
 			$page['formpermissions'][] = $id;
 		}