1: <?php
  2: 
  3: /**
  4:  * User group management. You can create groups with common <i>rights</i> and assign users
  5:  * to the groups. Then you can alter these user's rights simply by changing the <i>group</i> rights.
  6:  *
  7:  * Templates can also be used. The difference between a <i>group</i> and a <i>template</i> is that the latter
  8:  * simply sets the user <i>rights</i> one time. Afterwards the user is independent from the <i>template</i>.
  9:  *
 10:  * @author Stephen Billard (sbillard)
 11:  * @package plugins
 12:  * @subpackage users
 13:  */
 14: // force UTF-8 Ø
 15: 
 16: $plugin_is_filter = 5 | ADMIN_PLUGIN;
 17: $plugin_description = gettext("Provides rudimentary user groups.");
 18: $plugin_author = "Stephen Billard (sbillard)";
 19: 
 20: 
 21: zp_register_filter('admin_tabs', 'user_groups::admin_tabs');
 22: zp_register_filter('admin_alterrights', 'user_groups::admin_alterrights');
 23: zp_register_filter('save_admin_custom_data', 'user_groups::save_admin');
 24: zp_register_filter('edit_admin_custom_data', 'user_groups::edit_admin');
 25: 
 26: class user_groups {
 27: 
 28:     /**
 29:      * Merges rights for multiple group memebership or templates
 30:      * @param object $userobj
 31:      * @param array $groups
 32:      */
 33:     static function merge_rights($userobj, $groups) {
 34:         global $_zp_authority;
 35:         $templates = false;
 36:         $custom = $objects = array();
 37:         $oldgroups = $userobj->getGroup();
 38:         $rights = 0;
 39:         foreach ($groups as $key => $groupname) {
 40:             if (empty($groupname)) {
 41:                 //  force the first template to happen
 42:                 $group = new Zenphoto_Administrator('', 0);
 43:                 $group->setName('template');
 44:             } else {
 45:                 $group = Zenphoto_Authority::newAdministrator($groupname, 0);
 46:             }
 47:             if ($group->getName() == 'template') {
 48:                 unset($groups[$key]);
 49:                 if ($userobj->getID() > 0 && !$templates) {
 50:                     //  fetch the existing rights and objects
 51:                     $templates = true; //   but only once!
 52:                     $rights = $userobj->getRights();
 53:                     $objects = $userobj->getObjects();
 54:                 }
 55:             }
 56:             $rights = $group->getRights() | $rights;
 57:             $objects = array_merge($group->getObjects(), $objects);
 58:             $custom[] = $group->getCustomData();
 59:         }
 60: 
 61:         $userobj->setCustomData(array_shift($custom)); //   for now it is first come, first served.
 62:         // unique objects
 63:         $newobjects = array();
 64:         foreach ($objects as $object) {
 65:             $key = serialize(array('type' => $object['type'], 'data' => $object['data']));
 66:             if (array_key_exists($key, $newobjects)) {
 67:                 if (array_key_exists('edit', $object)) {
 68:                     $newobjects[$key]['edit'] = @$newobjects[$key]['edit'] | $object['edit'];
 69:                 }
 70:             } else {
 71:                 $newobjects[$key] = $object;
 72:             }
 73:         }
 74:         $objects = array();
 75:         foreach ($newobjects as $object) {
 76:             $objects[] = $object;
 77:         }
 78:         $userobj->setGroup($newgroups = implode(',', $groups));
 79:         $userobj->setRights($rights);
 80:         $userobj->setObjects($objects);
 81:         return $newgroups != $oldgroups || $templates;
 82:     }
 83: 
 84:     /**
 85:      * Saves admin custom data
 86:      * Called when an admin is saved
 87:      *
 88:      * @param string $updated true if there has been an update to the user
 89:      * @param object $userobj admin user object
 90:      * @param string $i prefix for the admin
 91:      * @param bool $alter will be true if critical admin data may be altered
 92:      * @return bool
 93:      */
 94:     static function save_admin($updated, $userobj, $i, $alter) {
 95:         if ($alter && $userobj->getValid()) {
 96:             if (isset($_POST[$i . 'group'])) {
 97:                 $newgroups = sanitize($_POST[$i . 'group']);
 98:                 $updated = self::merge_rights($userobj, $newgroups) || $updated;
 99:             }
100:         }
101:         return $updated;
102:     }
103: 
104:     static function groupList($userobj, $i, $background, $current, $template) {
105:         global $_zp_authority, $_zp_zenpage, $_zp_gallery;
106:         $group = $userobj->getGroup();
107:         $admins = $_zp_authority->getAdministrators('groups');
108:         $groups = array();
109:         $hisgroups = explode(',', $userobj->getGroup());
110:         $admins = sortMultiArray($admins, 'user');
111:         foreach ($admins as $user) {
112:             if ($template || $user['name'] != 'template') {
113:                 $groups[] = $user;
114:             }
115:         }
116:         if (empty($groups))
117:             return gettext('no groups established'); // no groups setup yet
118:         $grouppart = '
119:         <script type="text/javascript">
120:             // <!-- <![CDATA[
121:             function groupchange' . $i . '(type) {
122:                 switch (type) {
123:                 case 0: //  none
124:                     $(\'.user-' . $i . '\').prop(\'disabled\',false);
125:                     $(\'.templatelist' . $i . '\').prop(\'checked\',false);
126:                     $(\'.grouplist' . $i . '\').prop(\'checked\',false);
127:                     break;
128:                 case 1: //  group
129:                     $(\'.user-' . $i . '\').prop(\'disabled\',true);
130:                     $(\'.user-' . $i . '\').prop(\'checked\',false);
131:                     $(\'#noGroup_' . $i . '\').prop(\'checked\',false);
132:                     $(\'.templatelist' . $i . '\').prop(\'checked\',false);
133:                     break;
134:                 case 2: //  template
135:                     $(\'.user-' . $i . '\').prop(\'disabled\',false);
136:                     $(\'#noGroup_' . $i . '\').prop(\'checked\',false);
137:                     $(\'.grouplist' . $i . '\').prop(\'checked\',false);
138:                     break;
139:             }
140:         }
141:         //]]> -->
142:     </script>' . "\n";
143: 
144:         $grouppart .= '<ul class="customchecklist">' . "\n";
145:         $grouppart .= '<label title="' . gettext('*no group affiliation') . '"><input type="checkbox" id="noGroup_' . $i . '" name="' . $i . 'group[]" value="" onclick="groupchange' . $i . '(0);" />' . gettext('*no group selected') . '</label>' . "\n";
146: 
147:         foreach ($groups as $key => $user) {
148:             if ($user['name'] == 'template') {
149:                 $type = gettext(' (Template)');
150:                 $highlight = ' class="grouphighlight"';
151:                 $class = 'templatelist' . $i;
152:                 $case = 2;
153:             } else {
154:                 $type = $highlight = '';
155:                 $class = 'grouplist' . $i;
156:                 $case = 1;
157:             }
158:             if (in_array($user['user'], $hisgroups)) {
159:                 $checked = ' checked="checked"';
160:             } else {
161:                 $checked = '';
162:             }
163:             $grouppart .= '<label title="' . html_encode($user['custom_data']) . $type . '"' . $highlight . '><input type="checkbox" class="' . $class . '" name="' . $i . 'group[]" value="' . $user['user'] . '" onclick="groupchange' . $i . '(' . $case . ');"' . $checked . ' />' . html_encode($user['user']) . '</label>' . "\n";
164:         }
165: 
166:         $grouppart .= "</ul>\n";
167: 
168:         return $grouppart;
169:     }
170: 
171:     /**
172:      * Returns table row(s) for edit of an admin user's custom data
173:      *
174:      * @param string $html
175:      * @param $userobj Admin object
176:      * @param string $i prefix for the admin
177:      * @param string $background background color for the admin row
178:      * @param bool $current true if this admin row is the logged in admin
179:      * @return string
180:      */
181:     static function edit_admin($html, $userobj, $i, $background, $current) {
182:         if (!$userobj->getValid())
183:             return $html;
184:         if (zp_loggedin(ADMIN_RIGHTS)) {
185:             if ($userobj->getID() >= 0) {
186:                 $notice = ' ' . gettext("Applying a template will merge the template with the current <em>rights</em> and <em>objects</em>.");
187:             } else {
188:                 $notice = '';
189:             }
190:             $grouppart = self::groupList($userobj, $i, $background, $current, true);
191:         } else {
192:             $notice = '';
193:             if ($group = $userobj->getGroup()) {
194:                 $grouppart = '<code>' . $group . '</code>';
195:             } else {
196:                 $grouppart = '<code>' . gettext('no group affiliation') . '</code>';
197:             }
198:         }
199:         $result = "\n" . '<tr' . ((!$current) ? ' style="display:none;"' : '') . ' class="userextrainfo">' . "\n" .
200:                         '<td width="20%"' . ((!empty($background)) ? ' style="' . $background . '"' : '') . ' valign="top">' . "\n" . sprintf(gettext('User group membership: %s'), $grouppart) . "\n" .
201:                         "</td>\n<td" . ((!empty($background)) ? ' style="' . $background . '"' : '') . ">" . '<div class="notebox"><p>' . gettext('Templates are highlighted.') . $notice . '</p><p>' . gettext('<strong>Note:</strong> When a group is assigned <em>rights</em> and <em>managed objects</em> are determined by the group!') . '</p></div></td>' . "\n" .
202:                         "</tr>\n";
203:         return $html . $result;
204:     }
205: 
206:     static function admin_tabs($tabs) {
207:         global $_zp_current_admin_obj;
208:         if ((zp_loggedin(ADMIN_RIGHTS) && $_zp_current_admin_obj->getID())) {
209:             if (isset($tabs['users']['subtabs'])) {
210:                 $subtabs = $tabs['users']['subtabs'];
211:             } else {
212:                 $subtabs = array();
213:             }
214:             $subtabs[gettext('users')] = 'admin-users.php?page=users&tab=users';
215:             $subtabs[gettext('assignments')] = PLUGIN_FOLDER . '/user_groups/user_groups-tab.php?page=users&tab=assignments';
216:             $subtabs[gettext('groups')] = PLUGIN_FOLDER . '/user_groups/user_groups-tab.php?page=users&tab=groups';
217:             $tabs['users'] = array('text'        => gettext("admin"),
218:                             'link'       => WEBPATH . "/" . ZENFOLDER . '/admin-users.php?page=users&tab=users',
219:                             'subtabs'    => $subtabs,
220:                             'default'    => 'users');
221:         }
222:         return $tabs;
223:     }
224: 
225:     static function admin_alterrights($alterrights, $userobj) {
226:         global $_zp_authority;
227:         $group = $userobj->getGroup();
228:         $admins = $_zp_authority->getAdministrators('groups');
229:         foreach ($admins as $admin) {
230:             if ($group == $admin['user']) {
231:                 return ' disabled="disabled"';
232:             }
233:         }
234:         return $alterrights;
235:     }
236: 
237: }
238: 
239: ?>