Fix #6889 - allow managing groups inside of dms

[Pman.Core] / DataObjects / Core_person.php

diff --git a/DataObjects/Core_person.php b/DataObjects/Core_person.php
index f9ca026..2a3ac07 100644 (file)
--- a/DataObjects/Core_person.php
+++ b/DataObjects/Core_person.php
@@ -56,7 +56,8 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
  
     function owner()
     {
-        $p = DB_DataObject::Factory($this->tableName());
+        // this might be a Person in some old code? 
+        $p = DB_DataObject::Factory('core_person');
         $p->get($this->owner_id);
         return $p;
     }
@@ -250,7 +251,10 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
     //   ---------------- authentication / passwords and keys stuff  ----------------
     function isAuth()
     {
-        @session_start();
+        // do not start a session if we are using http auth...
+        if (empty($_SERVER['PHP_AUTH_USER']) && php_sapi_name() != "cli") {
+            @session_start();
+        }
        
         $ff= HTML_FlexyFramework::get();
        
@@ -330,7 +334,7 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
         if (empty($_SERVER['PATH_INFO']) ||  $_SERVER['PATH_INFO'] == '/Login') {
             $auto_auth_allow  = false;
         }
-        //var_dump($auto_auth_allow);
+         //var_dump($auto_auth_allow);
         // local auth - 
         $default_admin = false;
         if ($auto_auth_allow) {
@@ -380,6 +384,9 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
         $u = DB_DataObject::factory($this->tableName());
         $u->whereAdd(' LENGTH(passwd) > 0');
         $n = $u->count();
+        if (empty($_SESSION[get_class($this)]) || !is_array($_SESSION[get_class($this)])) { 
+            $_SESSION[get_class($this)] = array();
+        }
         $_SESSION[get_class($this)][$sesPrefix .'-empty']  = $n;
         if (class_exists('PEAR')) {
             $error =  PEAR::getStaticProperty('DB_DataObject','lastError');
@@ -516,11 +523,8 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
         $this->isAuth(); // force session start..
         
         $sesPrefix = $this->sesPrefix();
-        
         $_SESSION[get_class($this)][$sesPrefix .'-auth-timeout'] = -1;
-        
         $_SESSION[get_class($this)][$sesPrefix .'-auth'] = "";
-        
         self::$authUser = false;
         
     }    
@@ -533,7 +537,58 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
         $month = $m > -1 ? date('Y-m') : date('Y-m', strtotime('LAST MONTH'));
         
         return md5(implode(',' ,  array($month, $this->email , $this->passwd, $this->id)));
-    } 
+    }
+    /**
+     * When we generate autologin urls:
+     * eg. /Somesite/Test/12
+     * it will generate:
+     * /Somesite/Test/12/{datetime}/{sha256(url + expires_datetime + password)}
+     *
+     * eg. genAutoLoginURL($sub, $expires)
+     */
+    function genAutoLoginURL($url, $expires = false)  
+    {
+        $expires = $expires  === false ? strtotime("NOW + 1 WEEK") : $expires;
+        //echo serialize(array($url, $expires, $this->email, $this->passwd));
+        //echo hash('sha256', serialize(array($url, $expires, $this->email, $this->passwd)));
+        
+        return $url.'/'.$this->id .'/'.$expires.'/'.
+            hash('sha256',
+                serialize(
+                    array($url, $expires, $this->email,$this->passwd)
+                )
+            );
+        
+    }
+    
+    function validateAutoLogin($called)
+    {
+        $bits = explode("/",$called);
+        if (count($bits) < 4) {
+            return false; // unrelated.
+        }
+        $hash = array_pop($bits);
+        $time = array_pop($bits);
+        
+        $id = array_pop($bits);
+        if (!is_numeric($time) || !is_numeric($id)) {
+            return false; // wrong format.
+        }
+        $u = DB_DataObject::Factory($this->tableName());
+        $u->get($id);
+        $url = implode("/", $bits);
+        if ($time < time()) {
+            return "Expired";
+        }
+        //echo serialize(array('/'.$url, $time, $u->email, $u->passwd));
+        //echo hash('sha256', serialize(array('/'.$url, $time, $u->email, $u->passwd)));
+        if ($hash == hash('sha256', serialize(array('/'.$url, $time*1, $u->email, $u->passwd)))) {
+            $u->login();
+            return $u;
+        }
+        return false;
+    }
+    
     
     function checkTwoFactorAuthentication($val)
     {
@@ -601,6 +656,9 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
     
     function company()
     {
+        if (empty($this->company_id)) {
+            return false;
+        }
         $x = DB_DataObject::factory('core_company');
         $x->autoJoin();
         $x->get($this->company_id);
@@ -640,14 +698,12 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
     
     function authUserArray()
     {
-        
         $aur = $this->toArray();
         
         if ($this->id < 1) {
             return $aur;
         }
         
-        
         //DB_DataObject::debugLevel(1);
         $c = DB_Dataobject::factory('core_company');
         $im = DB_Dataobject::factory('Images');
@@ -697,6 +753,15 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
         $oath_require = $s->lookup('core', 'two_factor_auth_required');
         $aur['require_oath'] = $oath_require ?  $oath_require->val : 0;
         
+        $aur['core_person_settings'] = array();
+                
+        $core_person_settings = DB_DataObject::factory('core_person_settings');
+        $core_person_settings->setFrom(array(
+            'person_id' => $this->id
+        ));
+        
+        $aur['core_person_settings'] = $core_person_settings->fetchAll('scope', 'data');
+        
         return $aur;
     }
     
@@ -815,7 +880,7 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
             $roo->jdata(array(
                 'secret' => $hash,
                 'image' => $qrcode,
-                'issuer' => $person->issuer
+                'issuer' => $person->qrCodeIssuer()
             ));
         }
         
@@ -939,6 +1004,25 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
                 )"
             );
         }
+        if(!empty($q['in_group_starts'])){
+            
+            $v = $this->escape($q['in_group_starts']);
+            
+            $this->whereAdd("
+                $tn_p.id IN (
+                    SELECT 
+                        DISTINCT(user_id) FROM $tn_gm
+                    LEFT JOIN
+                        $tn_g
+                    ON
+                        $tn_g.id = $tn_gm.group_id
+                    WHERE 
+                        $tn_g.name LIKE '{$v}%'
+                )"
+            );
+        }
+        
+        
         
         // #2307 Search Country!!
         if (!empty($q['query']['in_country'])) {
@@ -1088,7 +1172,7 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
             
             if (!$roo->hasPerm('Core.Projects_All', 'S')) {
                 $peps = $p->people($pids);
-                $this->whereAddIn("{$tn}.id", $peps, 'int');
+                $this->whereAddIn("{$this->tableName()}.id", $peps, 'int');
             }
         }    
         
@@ -1126,13 +1210,35 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
                 LENGTH({$this->tableName()}.oath_key) AS length_oath_key
             ");
         }
-        
+        if (isset($q['_with_group_membership'])) {
+            $this->selectAddGroupMemberships();
+        }
         
     }
     
+    function selectAddGroupMemberships()
+    {
+        $this->selectAdd("
+            
+            COALESCE((
+                SELECT
+                    GROUP_CONCAT(  CASE WHEN core_group.display_name = '' THEN core_group.name ELSE core_group.display_name  END  separator  '\n')
+                FROM
+                    core_group_member
+                LEFT JOIN
+                    core_group
+                ON
+                    core_group.id = core_group_member.group_id
+                WHERE
+                    core_group_member.user_id = core_person.id
+                ORDER BY
+                    core_group.display_name ASC
+            ), '')  as member_of");
+    }
+    
     function setFromRoo($ar, $roo)
     {
-        $this->setFrom($ar);
+        $this->setFrom($ar); 
         
         if(!empty($ar['_enable_oath_key'])){
             $oath_key = $this->generateOathKey();
@@ -1153,7 +1259,7 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
         }
         // this only applies to our owner company..
         $c = $this->company();
-        if (empty($c->comptype_name) || $c->comptype_name != 'OWNER') {
+        if (empty($c) || empty($c->comptype_name) || $c->comptype_name != 'OWNER') {
             return true;
         }
         
@@ -1474,11 +1580,8 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
         ){
             return false;
         }
-        $pg= HTML_FlexyFramework::get()->page;
         
-        $this->issuer = (empty($pg->company->name)) ?  'COBA KYC' : "{$pg->company->name} COBA KYC";
-        
-        $issuer = rawurlencode($this->issuer);
+        $issuer = rawurlencode($this->qrCodeIssuer());
         
         $uri = "otpauth://totp/{$issuer}:{$this->email}?secret={$hash}&issuer={$issuer}&algorithm=SHA1&digits=6&period=30";
         
@@ -1498,6 +1601,15 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
         return "data:image/png;base64,{$base64}";
     }
     
+    function qrCodeIssuer()
+    {
+        $pg= HTML_FlexyFramework::get()->page;
+        
+        $issuer = (empty($pg->company->name)) ?  'ROOJS' : "{$pg->company->name}";
+        
+        return $issuer;
+    }
+    
     static function test_ADMIN_PASSWORD_RESET($pg, $to)
     {
         $ff = HTML_FlexyFramework::get();