public $email; // string(128) not_null
public $company_id; // int(11)
public $role; // string(32) not_null
- public $active; // int(11)
+ public $active; // int(11) not_null
public $remarks; // blob(65535) not_null blob
public $passwd; // string(64) not_null
public $owner_id; // int(11) not_null
public $lang; // string(8)
public $no_reset_sent; // int(11)
- public $project_id; // int(11)
public $action_type; // string(32)
+ public $project_id; // int(11)
+ public $deleted_by; // int(11) not_null
+ public $deleted_dt; // datetime(19) binary
/* the code above is auto generated do not remove the tag below */
###END_AUTOCODE
-
+ /**
+ * send a template
+ * - user must be authenticate or args[no_auth] = true
+ * or template = password_[reset|welcome]
+ *
+ */
function sendTemplate($templateFile, $args)
{
$content->$k = $v;
}
- if (!in_array($templateFile, array(
+ if (empty($args['no_auth']) && !in_array($templateFile, array(
// templates that can be sent without authentication.
'password_reset' ,
'password_welcome'
{
return empty($this->name) ? $this->email : $this->name;
}
- function whereAddIn($key, $list, $type) {
- $ar = array();
- foreach($list as $k) {
- $ar[] = $type =='int' ? (int)$k : $this->escape($k);
- }
- if (!$ar) {
- return;
- }
- $this->whereAdd("$key IN (". implode(',', $ar). ')');
- }
- function fetchAll($k= false, $v = false)
- {
- // should it even do this!!!?!?
- if ($k !== false &&
- ( // only do this is we have not been explicit..
- empty($this->_query['data_select']) ||
- ($this->_query['data_select'] == '*')
- )
- ) {
- $this->selectAdd();
- $this->selectAdd($k);
- if ($v !== false) {
- $this->selectAdd($v);
- }
+ function verifyAuth()
+ {
+ $ff= HTML_FlexyFramework::get();
+ if (!empty($ff->Pman['auth_comptype']) && $ff->Pman['auth_comptype'] != $this->company()->comptype) {
+ $ff->page->jerr("Login not permited to outside companies");
}
+ return true;
- $this->find();
- $ret = array();
- while ($this->fetch()) {
- if ($v !== false) {
- $ret[$this->$k] = $this->$v;
- continue;
- }
- $ret[] = $k === false ? clone($this) : $this->$k;
- }
- return $ret;
-
- }
+ }
+
+
// ---------------- authentication / passwords and keys stuff ----------------
function isAuth()
{
$a = unserialize($_SESSION[__CLASS__][$sesPrefix .'-auth']);
$u = DB_DataObject::factory('Person');
if ($u->get($a->id)) { //&& strlen($u->passwd)) {
+ $u->verifyAuth();
+
return true;
}
+
$_SESSION[__CLASS__][$sesPrefix .'-auth'] = '';
}
+ // local auth -
+ $u = DB_DataObject::factory('Person');
+ $ff = HTML_FlexyFramework::get();
+ if (!empty($ff->Pman['local_autoauth']) &&
+ (!empty($_SERVER['SERVER_ADDR'])) &&
+ ($_SERVER['SERVER_ADDR'] == '127.0.0.1') &&
+ ($_SERVER['REMOTE_ADDR'] == '127.0.0.1') &&
+ $u->get('email', $ff->Pman['local_autoauth'])
+ ) {
+ $db = $this->getDatabaseConnection();
+ $sesPrefix = $db->dsn['database'];
+ $_SESSION[__CLASS__][$sesPrefix .'-auth'] = serialize($u);
+ return true;
+ }
+
+
// not in session or not matched...
$u = DB_DataObject::factory('Person');
$u->whereAdd(' LENGTH(passwd) > 0');
function login()
{
$this->isAuth(); // force session start..
+ $this->verifyAuth();
$db = $this->getDatabaseConnection();
$sesPrefix = $db->dsn['database'];
$_SESSION[__CLASS__][$sesPrefix .'-auth'] = serialize($this);
}
function checkPassword($val)
{
+
if (substr($this->passwd,0,1) == '$') {
return crypt($val,$this->passwd) == $this->passwd ;
}
{
return $this->active;
}
+ function authUserName($n) // set username prior to acheck user exists query.
+ {
+
+ $this->whereAdd('LENGTH(passwd) > 1');
+ $this->email = $n;
+ }
+ function lang($val)
+ {
+ if ($val == $this->lang) {
+ return;
+ }
+ $uu = clone($this);
+ $this->lang = $val;
+ $this->update($uu);
+
+ }
+
function authUserArray()
{
- $aur = $thisu->toArray();
+ $aur = $this->toArray();
+ if ($this->id < 1) {
+ return $aur;
+ }
//DB_DataObject::debugLevel(1);
}
}
}
-
-
- $lang = empty($this->lang) ? 'en' : $this->lang;
- if (empty($_SESSION['Pman_I18N'][$lang])) {
- require_once 'Pman/I18N.php';
- $x = new Pman_I18N();
- $x->setSession($au);
-
- }
-
- $aur['i18n'] =$_SESSION['Pman_I18N'][$lang];
-
+
// perms + groups.
$aur['perms'] = $this->getPerms();
$g = DB_DataObject::Factory('Group_Members');
{
//DB_DataObject::debugLevel(1);
// find out all the groups they are a member of.. + Default..
+
+ // ------ INIITIALIZE IF NO GROUPS ARE SET UP.
+
$g = DB_DataObject::Factory('Group_Rights');
if (!$g->count()) {
$g->genDefault();
}
+
if ($this->id < 0) {
- return $g->adminRights();
+ return $g->adminRights(); // system is not set up - so they get full rights.
+ }
+
+ $g = DB_DataObject::Factory('Group_Members');
+ if (!$g->count()) {
+ // add the current user to the admin group..
+ $g = DB_DataObject::Factory('Groups');
+ if ($g->get('name', 'Administrators')) {
+ $gm = DB_DataObject::Factory('Group_Members');
+ $gm->group_id = $g->id;
+ $gm->user_id = $this->id;
+ $gm->insert();
+ }
+
}
+ // ------ STANDARD PERMISSION HANDLING.
+
$g = DB_DataObject::Factory('Group_Members');
$grps = $g->listGroupMembership($this);
+ // print_r($grps);
$isAdmin = $g->inAdmin;
- // var_dump($grps);
+ //echo '<PRE>'; print_r($grps);var_dump($isAdmin);
// the load all the perms for those groups, and add them all together..
// then load all those
$g = DB_DataObject::Factory('Group_Rights');
$ret = $g->listPermsFromGroupIds($grps, $isAdmin);
- // echo '<PRE>';print_r($ret);
+ //echo '<PRE>';print_r($ret);
return $ret;
}
+ /**
+ *Basic group fetching - probably needs to filter by type eventually.
+ *
+ */
+
+ function groups()
+ {
+ $g = DB_DataObject::Factory('Group_Members');
+ $grps = $g->listGroupMembership($this);
+ $g = DB_DataObject::Factory('Groups');
+ $g->whereAddIn('id', $grps, 'int');
+ return $g->fetchAll();
+
+ }
+
function hasPerm($name, $lvl)
{
static $pcache = array();
}
if (!empty($q['query']['person_internal_only_all'])) {
// must be internal and not current user (need for distribution list)
- $this->whereAdd(" join_company_id_id.isOwner = 1");
+ $this->whereAdd(" join_company_id_id.comptype = 'OWNER'");
}
// -- for distribution
if (!empty($q['query']['person_internal_only'])) {
// must be internal and not current user (need for distribution list)
- $this->whereAdd(" join_company_id_id.isOwner = 1");
+ $this->whereAdd(" join_company_id_id.comptype = 'OWNER'");
//$this->whereAdd(($this->tableName() == 'Person' ? 'Person' : "join_person_id_id") .
// ".id != ".$au->id);
$this->whereAdd("Person.id != {$au->id}");
}
+
+ if (!empty($q['query']['comptype_or_company_id'])) {
+ // DB_DataObject::debugLevel(1);
+ $bits = explode(',', $q['query']['comptype_or_company_id']);
+ $id = (int) array_pop($bits);
+ $ct = $this->escape($bits[0]);
+
+ $this->whereAdd(" join_company_id_id.comptype = '$ct' OR Person.company_id = $id");
+
+ }
+
+
// staff list..
if (!empty($q['query']['person_inactive'])) {
// DB_Dataobject::debugLevel(1);
}
}
+
+ if (!empty($q['query']['project_member_of'])) {
+ // this is also a flag to return if they are a member..
+ //DB_DataObject::debugLevel(1);
+ $do = DB_DataObject::factory('ProjectDirectory');
+ $do->project_id = $q['query']['project_member_of'];
+
+ $this->joinAdd($do,array('joinType' => 'LEFT', 'useWhereAsOn' => true));
+ $this->selectAdd('IF(ProjectDirectory.id IS NULL, 0, ProjectDirectory.id ) as is_member');
+
+
+ if (!empty($q['query']['project_member_filter'])) {
+ $this->having('is_member !=0');
+
+ }
+
+ }
+
+
if (!empty($q['query']['search'])) {
$s = $this->escape($q['query']['search']);
$this->whereAdd("
) {
return true;
}
+ if (empty($this->email)) {
+ return true;
+ }
$xx = DB_Dataobject::factory('Person');
$xx->setFrom(array(
'email' => $this->email,
return "Duplicate Email found";
}
return true;
- }
+ }
+ /**
+ *
+ * before Delete - delete significant dependancies..
+ * this is called after checkPerm..
+ */
+
+ function beforeDelete()
+ {
+
+ $e = DB_DataObject::Factory('Events');
+ $e->whereAdd('person_id = ' . $this->id);
+ $e->delete(true);
+
+ // anything else?
+
+ }
+
+
+ /***
+ * Check if the a user has access to modify this item.
+ * @param String $lvl Level (eg. Core.Projects)
+ * @param Pman_Core_DataObjects_Person $au The authenticated user.
+ * @param boolean $changes alllow changes???
+ *
+ * @return false if no access..
+ */
function checkPerm($lvl, $au, $changes=false) //heck who is trying to access this. false == access denied..
{
- // determine if it's staff!!!
+ // do we have an empty system..
+ if ($au && $au->id == -1) {
+ return true;
+ }
+
+ // determine if it's staff!!!
if ($au->company()->comptype != 'OWNER') {