From f4b8ed12a0685fe27ba639cf7ba6448dac4cf61f Mon Sep 17 00:00:00 2001
From: Quitta
Date: Thu, 18 Jul 2013 12:43:33 +0200
Subject: [PATCH] changed system to mod/admin permissions, though there's still
a bug in show_ticket
---
.../ryzom_ams/ams_lib/autoload/ticket_user.php | 14 ++++++++++++++
.../server/ryzom_ams/www/html/func/add_sgroup.php | 2 +-
.../ryzom_ams/www/html/func/add_user_to_sgroup.php | 2 +-
.../server/ryzom_ams/www/html/func/change_info.php | 2 +-
.../server/ryzom_ams/www/html/func/change_mail.php | 6 +++---
.../ryzom_ams/www/html/func/change_password.php | 2 +-
.../ryzom_ams/www/html/func/create_ticket.php | 2 +-
.../ryzom_ams/www/html/func/reply_on_ticket.php | 4 ++--
.../server/ryzom_ams/www/html/inc/createticket.php | 2 +-
.../server/ryzom_ams/www/html/inc/libuserlist.php | 2 +-
.../server/ryzom_ams/www/html/inc/settings.php | 4 ++--
.../server/ryzom_ams/www/html/inc/sgroup_list.php | 2 +-
.../server/ryzom_ams/www/html/inc/show_queue.php | 4 ++--
.../server/ryzom_ams/www/html/inc/show_reply.php | 4 ++--
.../server/ryzom_ams/www/html/inc/show_sgroup.php | 2 +-
.../server/ryzom_ams/www/html/inc/show_ticket.php | 4 ++--
.../ryzom_ams/www/html/inc/show_ticket_log.php | 4 ++--
.../server/ryzom_ams/www/html/inc/show_user.php | 2 +-
.../server/ryzom_ams/www/html/inc/userlist.php | 2 +-
.../ryzom_ams/www/html/templates/show_ticket.tpl | 4 ++--
20 files changed, 42 insertions(+), 28 deletions(-)
diff --git a/code/ryzom/tools/server/ryzom_ams/ams_lib/autoload/ticket_user.php b/code/ryzom/tools/server/ryzom_ams/ams_lib/autoload/ticket_user.php
index 726d98d1f..9c7c646a6 100644
--- a/code/ryzom/tools/server/ryzom_ams/ams_lib/autoload/ticket_user.php
+++ b/code/ryzom/tools/server/ryzom_ams/ams_lib/autoload/ticket_user.php
@@ -15,6 +15,20 @@ class Ticket_User{
$dbl->execute($query, $values);
}
+
+ public static function isMod($user){
+ if(isset($user) && $user->getPermission() > 1){
+ return true;
+ }
+ return false;
+ }
+
+ public static function isAdmin($user){
+ if(isset($user) && $user->getPermission() == 3){
+ return true;
+ }
+ return false;
+ }
//return constructed element based on TUserId
diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/func/add_sgroup.php b/code/ryzom/tools/server/ryzom_ams/www/html/func/add_sgroup.php
index 5f5544e6c..1b6297151 100644
--- a/code/ryzom/tools/server/ryzom_ams/www/html/func/add_sgroup.php
+++ b/code/ryzom/tools/server/ryzom_ams/www/html/func/add_sgroup.php
@@ -4,7 +4,7 @@ function add_sgroup(){
if(WebUsers::isLoggedIn()){
- if( WebUsers::isAdmin()){
+ if( Ticket_User::isAdmin($_SESSION['ticket_user'])){
$name = filter_var($_POST['Name'],FILTER_SANITIZE_STRING);
$inner_tag = filter_var($_POST['Tag'], FILTER_SANITIZE_STRING);
$tag = "[" . $inner_tag . "]";
diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/func/add_user_to_sgroup.php b/code/ryzom/tools/server/ryzom_ams/www/html/func/add_user_to_sgroup.php
index 10da9db8a..830b67c57 100644
--- a/code/ryzom/tools/server/ryzom_ams/www/html/func/add_user_to_sgroup.php
+++ b/code/ryzom/tools/server/ryzom_ams/www/html/func/add_user_to_sgroup.php
@@ -4,7 +4,7 @@ function add_user_to_sgroup(){
if(WebUsers::isLoggedIn()){
- if( WebUsers::isAdmin() && isset($_POST['target_id'])){
+ if( Ticket_User::isAdmin($_SESSION['ticket_user']) && isset($_POST['target_id'])){
$name = filter_var($_POST['Name'],FILTER_SANITIZE_STRING);
$id = filter_var($_POST['target_id'],FILTER_SANITIZE_NUMBER_INT);
$user_id = WebUsers::getId($name);
diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/func/change_info.php b/code/ryzom/tools/server/ryzom_ams/www/html/func/change_info.php
index 9a93e6765..dab7efbbe 100644
--- a/code/ryzom/tools/server/ryzom_ams/www/html/func/change_info.php
+++ b/code/ryzom/tools/server/ryzom_ams/www/html/func/change_info.php
@@ -9,7 +9,7 @@ function change_info(){
if(isset($_POST['target_id'])){
- if( ($_POST['target_id'] == $_SESSION['id']) || WebUsers::isAdmin() ){
+ if( ($_POST['target_id'] == $_SESSION['id']) || Ticket_User::isMod($_SESSION['ticket_user'] ) ){
if($_POST['target_id'] == $_SESSION['id']){
$target_username = $_SESSION['user'];
}else{
diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/func/change_mail.php b/code/ryzom/tools/server/ryzom_ams/www/html/func/change_mail.php
index 6905febae..ff0427a2c 100644
--- a/code/ryzom/tools/server/ryzom_ams/www/html/func/change_mail.php
+++ b/code/ryzom/tools/server/ryzom_ams/www/html/func/change_mail.php
@@ -9,7 +9,7 @@ function change_mail(){
if(isset($_POST['target_id'])){
- if( ($_POST['target_id'] == $_SESSION['id']) || WebUsers::isAdmin() ){
+ if( ($_POST['target_id'] == $_SESSION['id']) || Ticket_User::isMod($_SESSION['ticket_user']) ){
if($_POST['target_id'] == $_SESSION['id']){
$target_username = $_SESSION['user'];
}else{
@@ -42,7 +42,7 @@ function change_mail(){
$result['username'] = $_SESSION['user'];
$result['target_id'] = $_POST['target_id'];
if(isset($_GET['id'])){
- if(WebUsers::isAdmin() && ($_POST['target_id'] != $_SESSION['id'])){
+ if(Ticket_User::isMod($_SESSION['ticket_user']) && ($_POST['target_id'] != $_SESSION['id'])){
$result['isAdmin'] = "TRUE";
}
}
@@ -56,7 +56,7 @@ function change_mail(){
$result['username'] = $_SESSION['user'];
$result['target_id'] = $_POST['target_id'];
if(isset($_GET['id'])){
- if(WebUsers::isAdmin() && ($_POST['target_id'] != $_SESSION['id'])){
+ if(Ticket_User::isMod($_SESSION['ticket_user']) && ($_POST['target_id'] != $_SESSION['id'])){
$result['isAdmin'] = "TRUE";
}
}
diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/func/change_password.php b/code/ryzom/tools/server/ryzom_ams/www/html/func/change_password.php
index 57e675123..071cbfd3c 100644
--- a/code/ryzom/tools/server/ryzom_ams/www/html/func/change_password.php
+++ b/code/ryzom/tools/server/ryzom_ams/www/html/func/change_password.php
@@ -9,7 +9,7 @@ function change_password(){
if(isset($_POST['target_id'])){
$adminChangesOther = false;
//if target_id is the same as session id or is admin
- if( ($_POST['target_id'] == $_SESSION['id']) || WebUsers::isAdmin() ){
+ if( ($_POST['target_id'] == $_SESSION['id']) || Ticket_User::isMod($_SESSION['ticket_user']) ){
if($_POST['target_id'] == $_SESSION['id']){
$target_username = $_SESSION['user'];
}else{
diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/func/create_ticket.php b/code/ryzom/tools/server/ryzom_ams/www/html/func/create_ticket.php
index 62e9e20fa..db7621493 100644
--- a/code/ryzom/tools/server/ryzom_ams/www/html/func/create_ticket.php
+++ b/code/ryzom/tools/server/ryzom_ams/www/html/func/create_ticket.php
@@ -7,7 +7,7 @@ function create_ticket(){
if(isset($_POST['target_id'])){
//if target_id is the same as session id or is admin
- if( ($_POST['target_id'] == $_SESSION['id']) || WebUsers::isAdmin() ){
+ if( ($_POST['target_id'] == $_SESSION['id']) || Ticket_User::isMod($_SESSION['ticket_user']) ){
$category = filter_var($_POST['Category'], FILTER_SANITIZE_NUMBER_INT);
$title = filter_var($_POST['Title'], FILTER_SANITIZE_STRING);
diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/func/reply_on_ticket.php b/code/ryzom/tools/server/ryzom_ams/www/html/func/reply_on_ticket.php
index 08188340f..c3010d01c 100644
--- a/code/ryzom/tools/server/ryzom_ams/www/html/func/reply_on_ticket.php
+++ b/code/ryzom/tools/server/ryzom_ams/www/html/func/reply_on_ticket.php
@@ -9,14 +9,14 @@ function reply_on_ticket(){
$target_ticket = new Ticket();
$target_ticket->load_With_TId($ticket_id);
- if(($target_ticket->getAuthor() == $_SESSION['ticket_user']->getTUserId()) || WebUsers::isAdmin() ){
+ if(($target_ticket->getAuthor() == $_SESSION['ticket_user']->getTUserId()) || Ticket_User::isMod($_SESSION['ticket_user']) ){
try{
$author = $_SESSION['ticket_user']->getTUserId();
$content = filter_var($_POST['Content'], FILTER_SANITIZE_STRING);
Ticket::createReply($content, $author, $ticket_id);
- if(isset($_POST['ChangeStatus']) && isset($_POST['ChangePriority']) && WebUsers::isAdmin()){
+ if(isset($_POST['ChangeStatus']) && isset($_POST['ChangePriority']) && Ticket_User::isMod($_SESSION['ticket_user'])){
$newStatus = filter_var($_POST['ChangeStatus'], FILTER_SANITIZE_NUMBER_INT);
$newPriority = filter_var($_POST['ChangePriority'], FILTER_SANITIZE_NUMBER_INT);
Ticket::updateTicketStatusAndPriority($ticket_id,$newStatus, $newPriority, $author);
diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/inc/createticket.php b/code/ryzom/tools/server/ryzom_ams/www/html/inc/createticket.php
index 34c1eddb6..4c3dce7b8 100644
--- a/code/ryzom/tools/server/ryzom_ams/www/html/inc/createticket.php
+++ b/code/ryzom/tools/server/ryzom_ams/www/html/inc/createticket.php
@@ -7,7 +7,7 @@ function createticket(){
//in case user_id-GET param set it's value as target_id, if no user_id-param is given, use the session id.
if(isset($_GET['user_id'])){
- if(($_GET['user_id'] != $_SESSION['id']) && (!WebUsers::isAdmin()) ){
+ if(($_GET['user_id'] != $_SESSION['id']) && ( ! ticket_user::isMod($_SESSION['ticket_user'])) ){
//ERROR: No access!
$_SESSION['error_code'] = "403";
diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/inc/libuserlist.php b/code/ryzom/tools/server/ryzom_ams/www/html/inc/libuserlist.php
index e041942a8..b83b59f01 100644
--- a/code/ryzom/tools/server/ryzom_ams/www/html/inc/libuserlist.php
+++ b/code/ryzom/tools/server/ryzom_ams/www/html/inc/libuserlist.php
@@ -2,7 +2,7 @@
function libuserlist(){
- if(WebUsers::isAdmin()){
+ if(Ticket_User::isAdmin($_SESSION['ticket_user'])){
//This checks to see if there is a page number. If not, it will set it to page 1
if (!(isset($_GET['pagenum']))){
$pagenum = 1;
diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/inc/settings.php b/code/ryzom/tools/server/ryzom_ams/www/html/inc/settings.php
index 90bafbefc..a4db33b6b 100644
--- a/code/ryzom/tools/server/ryzom_ams/www/html/inc/settings.php
+++ b/code/ryzom/tools/server/ryzom_ams/www/html/inc/settings.php
@@ -4,14 +4,14 @@ function settings(){
if(WebUsers::isLoggedIn()){
//in case id-GET param set it's value as target_id, if no id-param is given, ue the session id.
if(isset($_GET['id'])){
- if(($_GET['id'] != $_SESSION['id']) && (!WebUsers::isAdmin()) ){
+ if(($_GET['id'] != $_SESSION['id']) && (!Ticket_User::isMod($_SESSION['ticket_user'])) ){
//ERROR: No access!
$_SESSION['error_code'] = "403";
header("Location: index.php?page=error");
exit;
}else{
$result = WebUsers::getInfo($_GET['id']);
- if(WebUsers::isAdmin() && ($_GET['id']!= $_SESSION['id'])){
+ if(Ticket_User::isMod($_SESSION['ticket_user']) && ($_GET['id']!= $_SESSION['id'])){
$result['isAdmin'] = "TRUE";
}
$result['target_id'] = $_GET['id'];
diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/inc/sgroup_list.php b/code/ryzom/tools/server/ryzom_ams/www/html/inc/sgroup_list.php
index 236d62b7c..01c2b16f2 100644
--- a/code/ryzom/tools/server/ryzom_ams/www/html/inc/sgroup_list.php
+++ b/code/ryzom/tools/server/ryzom_ams/www/html/inc/sgroup_list.php
@@ -3,7 +3,7 @@
function sgroup_list(){
//if logged in
if(WebUsers::isLoggedIn()){
- if( WebUsers::isAdmin()){
+ if(Ticket_User::isAdmin($_SESSION['ticket_user'])){
if(isset($_GET['delete'])){
$delete_id = filter_var($_GET['delete'], FILTER_SANITIZE_NUMBER_INT);
diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_queue.php b/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_queue.php
index a60619c04..4af0a4b84 100644
--- a/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_queue.php
+++ b/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_queue.php
@@ -4,7 +4,7 @@ function show_queue(){
//if logged in & queue id is given
if(WebUsers::isLoggedIn() && isset($_GET['get'])){
- if( WebUsers::isAdmin()){
+ if( Ticket_User::isMod($_SESSION['ticket_user'])){
$result['queue_action'] = filter_var($_GET['get'], FILTER_SANITIZE_STRING);
$queueArray = Ticket_Queue_Handler::getTickets($result['queue_action'],2);
@@ -16,7 +16,7 @@ function show_queue(){
$result['tickets'][$i]['author'] = WebUsers::getUsername($ticket['authorExtern']);
$i++;
}
- if(WebUsers::isAdmin()){
+ if(Ticket_User::isMod($_SESSION['ticket_user'])){
$result['isAdmin'] = "TRUE";
}
return $result;
diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_reply.php b/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_reply.php
index f3de64594..fad5dad87 100644
--- a/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_reply.php
+++ b/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_reply.php
@@ -11,7 +11,7 @@ function show_reply(){
$ticket = new Ticket();
$ticket->load_With_TId($reply->getTicket());
- if(($ticket->getAuthor() == $_SESSION['ticket_user']->getTUserId()) || WebUsers::isAdmin() ){
+ if(($ticket->getAuthor() == $_SESSION['ticket_user']->getTUserId()) || Ticket_User::isMod($_SESSION['ticket_user'] )){
$content = new Ticket_Content();
$content->load_With_TContentId($reply->getContent());
@@ -25,7 +25,7 @@ function show_reply(){
$result['reply_content'] = $content->getContent();
$result['author'] = $author->getExternId();
$result['authorName'] = WebUsers::getUsername($author->getExternId());
- if(WebUsers::isAdmin()){
+ if(Ticket_User::isMod($_SESSION['ticket_user'])){
$result['isAdmin'] = "TRUE";
}
return $result;
diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_sgroup.php b/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_sgroup.php
index 6b414cbb3..c31c4d282 100644
--- a/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_sgroup.php
+++ b/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_sgroup.php
@@ -3,7 +3,7 @@
function show_sgroup(){
//if logged in
if(WebUsers::isLoggedIn()){
- if( WebUsers::isAdmin()){
+ if(Ticket_User::isAdmin($_SESSION['ticket_user'])){
if( isset($_GET['id'])){
//['target_id'] holds the id of the group!
diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_ticket.php b/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_ticket.php
index c5e370849..2ac3c78cc 100644
--- a/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_ticket.php
+++ b/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_ticket.php
@@ -8,7 +8,7 @@ function show_ticket(){
$target_ticket = new Ticket();
$target_ticket->load_With_TId($result['ticket_id']);
- if(($target_ticket->getAuthor() == $_SESSION['ticket_user']->getTUserId()) || WebUsers::isAdmin() ){
+ if(($target_ticket->getAuthor() == $_SESSION['ticket_user']->getTUserId()) || Ticket_User::isMod($_SESSION['ticket_user'] )){
$entire_ticket = Ticket::getEntireTicket( $result['ticket_id']);
Ticket_Log::createLogEntry($result['ticket_id'],$_SESSION['ticket_user']->getTUserId(), 3);
@@ -28,7 +28,7 @@ function show_ticket(){
$result['ticket_replies'][$i]['author'] = WebUsers::getUsername($reply['authorExtern']);
$i++;
}
- if(WebUsers::isAdmin()){
+ if(Ticket_User::isMod($_SESSION['ticket_user'])){
$result['isAdmin'] = "TRUE";
//$result['statusList'] = Ticket::getStatusArray();
}
diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_ticket_log.php b/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_ticket_log.php
index 06172482a..c5bacf030 100644
--- a/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_ticket_log.php
+++ b/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_ticket_log.php
@@ -5,7 +5,7 @@ function show_ticket_log(){
//if logged in
if(WebUsers::isLoggedIn() && isset($_GET['id'])){
//only allow admins to browse the log!
- if(WebUsers::isAdmin() ){
+ if(Ticket_User::isMod($_SESSION['ticket_user']) ){
$result['ticket_id'] = filter_var($_GET['id'], FILTER_SANITIZE_NUMBER_INT);
$target_ticket = new Ticket();
$target_ticket->load_With_TId($result['ticket_id']);
@@ -33,7 +33,7 @@ function show_ticket_log(){
$result['ticket_logs'][$i]['timestamp_elapsed'] = Gui_Elements::time_elapsed_string($log['timestamp']);
$i++;
}
- if(WebUsers::isAdmin()){
+ if(Ticket_User::isMod($_SESSION['ticket_user'])){
$result['isAdmin'] = "TRUE";
}
return $result;
diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_user.php b/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_user.php
index fee3085c9..342529ead 100644
--- a/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_user.php
+++ b/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_user.php
@@ -4,7 +4,7 @@ function show_user(){
//if logged in
if(WebUsers::isLoggedIn()){
- if( !isset($_GET['id']) || WebUsers::isAdmin() || $_GET['id'] == $_SESSION['id'] ){
+ if( !isset($_GET['id']) || Ticket_User::isMod($_SESSION['ticket_user']) || $_GET['id'] == $_SESSION['id'] ){
if(isset($_GET['id'])){
$result['target_id'] = filter_var($_GET['id'], FILTER_SANITIZE_NUMBER_INT);
diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/inc/userlist.php b/code/ryzom/tools/server/ryzom_ams/www/html/inc/userlist.php
index e2c2cbfcb..347be52dc 100644
--- a/code/ryzom/tools/server/ryzom_ams/www/html/inc/userlist.php
+++ b/code/ryzom/tools/server/ryzom_ams/www/html/inc/userlist.php
@@ -1,7 +1,7 @@
{$reply.timestamp}
{if $reply.permission eq '1'}
- {else if $reply.permission eq '2'}
+ {else if $reply.permission gt '1'}
[CSR]
{/if}
{if isset($isAdmin) and $isAdmin eq "TRUE"} {$reply.author}{else}{$reply.author} {/if}
- {$reply.replyContent}
+ {$reply.replyContent}
{/foreach}