diff --git a/src/messenger/webim/install/whatsnew.txt b/src/messenger/webim/install/whatsnew.txt index 79b1f863..08138596 100644 --- a/src/messenger/webim/install/whatsnew.txt +++ b/src/messenger/webim/install/whatsnew.txt @@ -5,6 +5,7 @@ [+] new project name: Mibew Messenger [!] fixed localization of dates for all languages [!] fixed online/offline image for groups + [+] ability to delete operators, confirmation dialog when deleting group/operator/blocked address 1.6.0 ----- diff --git a/src/messenger/webim/libs/common.php b/src/messenger/webim/libs/common.php index 0ea6e1a6..4ec0094c 100644 --- a/src/messenger/webim/libs/common.php +++ b/src/messenger/webim/libs/common.php @@ -234,6 +234,17 @@ function getlocal2($text,$params) { return $string; } +/* prepares for Javascript string */ +function getlocalforJS($text,$params) { + global $current_locale, $webim_encoding; + $string = myiconv($webim_encoding,getoutputenc(), getstring_($text,$current_locale)); + $string = str_replace("\"", "\\\"", str_replace("\n", "\\n", $string)); + for( $i = 0; $i < count($params); $i++ ) { + $string = str_replace("{".$i."}", $params[$i], $string); + } + return $string; +} + /* ajax server actions use utf-8 */ function getrawparam( $name ) { global $webim_encoding; diff --git a/src/messenger/webim/locales/en/properties b/src/messenger/webim/locales/en/properties index 84688c9b..8c9ba8c6 100644 --- a/src/messenger/webim/locales/en/properties +++ b/src/messenger/webim/locales/en/properties @@ -249,6 +249,7 @@ page.group.no_such=No such group page.group.title=Group details page.groupmembers.intro=View and edit the member list. page.groupmembers.title=Members +page.groups.confirm=Are you sure that you want to delete group "{0}"? page.groups.intro=This page displays a list of groups in your company. Each group can have separate button and canned responses. page.groups.new=Create new group... page.groups.title=Groups @@ -288,6 +289,7 @@ page_agent.title=Operator details page_agents.agent_commonname=International name page_agents.agent_name=Name page_agents.agents=Full list of operators: +page_agents.confirm=Are you sure that you want to delete operator "{0}"? page_agents.intro=This page displays a list of company operators. page_agents.login=Login page_agents.new_agent=Add operator... diff --git a/src/messenger/webim/operator/blocked.php b/src/messenger/webim/operator/blocked.php index 86d3eacf..713a6589 100644 --- a/src/messenger/webim/operator/blocked.php +++ b/src/messenger/webim/operator/blocked.php @@ -29,7 +29,7 @@ if( isset($_GET['act']) && $_GET['act'] == 'del' ) { $banId = isset($_GET['id']) ? $_GET['id'] : ""; if( !preg_match( "/^\d+$/", $banId )) { - $errors[] = "Wrong argument"; + $errors[] = "Cannot delete: wrong argument"; } if( count($errors) == 0 ) { @@ -54,6 +54,7 @@ setup_pagination($blockedList); prepare_menu($operator); start_html_output(); + require('../view/blocked_visitors.php'); exit; ?> \ No newline at end of file diff --git a/src/messenger/webim/operator/groups.php b/src/messenger/webim/operator/groups.php index 0e218e1a..e433c1f1 100644 --- a/src/messenger/webim/operator/groups.php +++ b/src/messenger/webim/operator/groups.php @@ -19,21 +19,30 @@ $operator = check_login(); if( isset($_GET['act']) && $_GET['act'] == 'del' ) { - // TODO check permissions - - $groupid = verifyparam( "gid", "/^(\d{1,9})?$/"); + $groupid = isset($_GET['gid']) ? $_GET['gid'] : ""; - $link = connect(); - perform_query("delete from chatgroup where groupid = $groupid",$link); - perform_query("delete from chatgroupoperator where groupid = $groupid",$link); - perform_query("update chatthread set groupid = 0 where groupid = $groupid",$link); - mysql_close($link); - header("Location: $webimroot/operator/groups.php"); - exit; + if( !preg_match( "/^\d+$/", $groupid )) { + $errors[] = "Cannot delete: wrong argument"; + } + + if( !is_capable($can_administrate, $operator)) { + $errors[] = "You are not allowed to remove groups"; + } + + if( count($errors) == 0 ) { + $link = connect(); + perform_query("delete from chatgroup where groupid = $groupid",$link); + perform_query("delete from chatgroupoperator where groupid = $groupid",$link); + perform_query("update chatthread set groupid = 0 where groupid = $groupid",$link); + mysql_close($link); + header("Location: $webimroot/operator/groups.php"); + exit; + } } $page = array(); $page['groups'] = get_groups(true); +$page['canmodify'] = is_capable($can_administrate, $operator); prepare_menu($operator); start_html_output(); diff --git a/src/messenger/webim/operator/operators.php b/src/messenger/webim/operator/operators.php index fae7dfa7..6df45c9e 100644 --- a/src/messenger/webim/operator/operators.php +++ b/src/messenger/webim/operator/operators.php @@ -17,8 +17,44 @@ require_once('../libs/operator.php'); $operator = check_login(); +if( isset($_GET['act']) && $_GET['act'] == 'del' ) { + $operatorid = isset($_GET['id']) ? $_GET['id'] : ""; + + if( !preg_match( "/^\d+$/", $operatorid )) { + $errors[] = "Cannot delete: wrong argument"; + } + + if( !is_capable($can_administrate, $operator)) { + $errors[] = "You are not allowed to remove operators"; + } + + if( $operatorid == $operator['operatorid']) { + $errors[] = "Cannot remove self"; + } + + if(count($errors) == 0) { + $op = operator_by_id($operatorid); + if( !$op ) { + $errors[] = getlocal("no_such_operator"); + } else if($op['vclogin'] == 'admin') { + $errors[] = 'Cannot remove operator "admin"'; + } + } + + if( count($errors) == 0 ) { + $link = connect(); + perform_query("delete from chatgroupoperator where operatorid = $operatorid",$link); + perform_query("delete from chatoperator where operatorid = $operatorid",$link); + mysql_close($link); + + header("Location: $webimroot/operator/operators.php"); + exit; + } +} + $page = array(); $page['allowedAgents'] = get_operators(); +$page['canmodify'] = is_capable($can_administrate, $operator); prepare_menu($operator); start_html_output(); diff --git a/src/messenger/webim/view/agents.php b/src/messenger/webim/view/agents.php index f2745738..a007e293 100644 --- a/src/messenger/webim/view/agents.php +++ b/src/messenger/webim/view/agents.php @@ -16,13 +16,23 @@ require_once("inc_menu.php"); $page['title'] = getlocal("page_agents.title"); $page['menuid'] = "operators"; -function tpl_content() { global $page, $webimroot; +function tpl_header() { global $page, $webimroot; +?> + +

+ +
"> @@ -30,7 +40,7 @@ function tpl_content() { global $page, $webimroot;

- + @@ -41,6 +51,9 @@ function tpl_content() { global $page, $webimroot; @@ -48,7 +61,7 @@ function tpl_content() { global $page, $webimroot; @@ -58,10 +71,23 @@ function tpl_content() { global $page, $webimroot; + + +
+ + +
- + + + remove + +
+

+
@@ -104,7 +107,7 @@ if( $page['pagination.items'] ) { diff --git a/src/messenger/webim/view/groups.php b/src/messenger/webim/view/groups.php index 9d9ac27d..9f40368c 100644 --- a/src/messenger/webim/view/groups.php +++ b/src/messenger/webim/view/groups.php @@ -16,13 +16,23 @@ require_once("inc_menu.php"); $page['title'] = getlocal("page.groups.title"); $page['menuid'] = "groups"; -function tpl_content() { global $page, $webimroot; +function tpl_header() { global $page, $webimroot; +?> + +

+ +
"> @@ -30,7 +40,7 @@ function tpl_content() { global $page, $webimroot;

- + @@ -41,7 +51,9 @@ function tpl_content() { global $page, $webimroot; @@ -51,7 +63,7 @@ if(count($page['groups']) > 0) { foreach( $page['groups'] as $grp ) { ?> @@ -63,11 +75,13 @@ if(count($page['groups']) > 0) { + + 0) { ?>
+ +
- + - + remove
+