// watcher list
// who is currently watching
+ if (!$this->authUser) {
+ $this->jerr("not authenticated");
+ return ''; // no subscriptin data available to public..
+ }
-
- $this->objname = empty($_REQUEST['objname']) ? '' : $_REQUEST['objname'];
+ $this->objname = empty($_REQUEST['objname']) ? '' : $_REQUEST['objname'];
$this->objid = empty($_REQUEST['objid']) ? '' : $_REQUEST['objid'];
+ $this->objname = preg_replace('/[^a-z_]+/i', '', $this->objname );
+ $obj = DB_DataObject::factory($this->objname );
+
+ // if it's a project watch.. do not do this..
+ if (!$obj->get($this->objid)) {
+ $this->jerr("invalid object");
+ }
+ if ($this->objname == 'Projects') {
+ if ($this->objid != $this->currentProject()) {
+ $this->jerr("invalid project id");
+ }
+ } else {
+ if ($obj->project_id != $this->currentProject()) {
+ $this->jerr("invalid project id on object");
+ }
+ }
+
+
+ // DB_DataObject::debugLevel(1);
$w = DB_DataObjecT::Factory('core_watch');
$w->ontable = $this->objname;
$w->onid = $this->objid;
- $w->autoJoin();
+ $w->autoJoin();
+ // $w->orderBy('Person.name ASC');
$existing = $w->fetchAll();
-
-
-
-
-
-
-
-
-
- // rights..
-
- MTrackACL::requireAllRights( $this->objname.':'.$this->objid, 'read');
-
- // list..
- $this->watchers = MTrackWatch::objectWatchersNameId( $this->objname, $this->objid);
-
-
- $users = MTrack_DataObjects_Userinfo::selectList(array(''=>'-- Select to add --'));
$this->selfsubscribe = true;
- foreach($this->watchers as $w) {
- if (isset($users[$w->userid])) {
- unset($users[$w->userid]);
- }
- if ($this->authUser->userid == $w->userid) {
+ foreach($existing as $w) {
+ if ($this->authUser->id == $w->person_id) {
$this->selfsubscribe = false;
}
}
+ $this->subscribers = $existing;
+
+ if ($this->objname != 'Projects') {
+ $w = DB_DataObjecT::Factory('core_watch');
+ $w->ontable = 'Projects';
+ $w->onid = $this->currentProject();
+ $w->autoJoin();
+ $existing = $w->fetchAll();
+
+ $this->selfsubscribe = true;
+ foreach($existing as $w) {
+ if ($this->authUser->id == $w->person_id) {
+ $this->selfsubscribe = false;
+ }
+ }
+ $this->project_subscribers = $existing;
+
+ }
+ //print_r($existing);
+ /*
require_once 'HTML/Template/Flexy/Element.php';
$this->elements['subscribe-add'] = new HTML_Template_Flexy_Element('select');
$this->elements['subscribe-add']->setOptions($users);
}
// never inherit..
$this->elements['subscribe-add']->setValue('');
-
+ */
+
//$this->renderEvents();
}
function post()
{
- $this->objname = empty($_REQUEST['objname']) ? '' : $_REQUEST['objname'];
- $this->objid = empty($_REQUEST['objid']) ? '' : $_REQUEST['objid'];
+ if (!$this->authUser) {
+ $this->jerr("not authenticated");
+ return ''; // no subscriptin data available to public..
+ }
+
+ $table = empty($_REQUEST['objname']) ? '' : $_REQUEST['objname'];
+ $id = empty($_REQUEST['objid']) ? '' : $_REQUEST['objid'];
+
+ if (empty($table) || empty($id)) {
+ die("invalid");
+ }
if (empty($_REQUEST['userid'])) {
die("INVALID USER ID");
}
- require_once 'DataObjects/Userinfo.php';
+ if ($this->authUser->company()->comptype != 'OWNER') {
+ if ($_REQUEST['userid'] != $this->authUser->id) {
+ die("INVALID REQUEST.");
+ }
+ }
+ $table = preg_replace('/[^a-z_]+/i', '', $table);
- // throws exception if fails..
- MTrack_DataObjects_Userinfo::get($_REQUEST['userid']);
- // echo "Trying to add...";
- MTrackWatch::watch_object( $this->objname, $this->objid, $_REQUEST['userid']);
+ // question ... who do we allow to watch what..
+ $o = DB_DataObject::factory($table);
+ if (!is_a($o, 'DB_DataObject')) {
+ die('invalid table');
+ }
+ $o->get((int)$id);
+ if ($table != 'Projects') {
+ if (empty($o->project_id) || $o->project_id != $this->currentProject()) {
+ die("invalid - project id does not match");
+ // unless it's a project..
+ }
+ } else {
+ if ($id != $this->currentProject()) {
+ die("invalid - project id does not match");
+ }
+ }
+
+
+
+ $w = DB_DataObjecT::Factory('core_watch');
+ $w->ontable = $table;
+ $w->onid = $id;
+ $w->person_id = $_REQUEST['userid'];
+ $w->medium = 'email';
+ if (!$w->count()) {
+ $w->insert();
+ }
return $this->get();
// carry on and show get(..