From f4b8ed12a0685fe27ba639cf7ba6448dac4cf61f Mon Sep 17 00:00:00 2001 From: Quitta Date: Thu, 18 Jul 2013 12:43:33 +0200 Subject: [PATCH] changed system to mod/admin permissions, though there's still a bug in show_ticket --- .../ryzom_ams/ams_lib/autoload/ticket_user.php | 14 ++++++++++++++ .../server/ryzom_ams/www/html/func/add_sgroup.php | 2 +- .../ryzom_ams/www/html/func/add_user_to_sgroup.php | 2 +- .../server/ryzom_ams/www/html/func/change_info.php | 2 +- .../server/ryzom_ams/www/html/func/change_mail.php | 6 +++--- .../ryzom_ams/www/html/func/change_password.php | 2 +- .../ryzom_ams/www/html/func/create_ticket.php | 2 +- .../ryzom_ams/www/html/func/reply_on_ticket.php | 4 ++-- .../server/ryzom_ams/www/html/inc/createticket.php | 2 +- .../server/ryzom_ams/www/html/inc/libuserlist.php | 2 +- .../server/ryzom_ams/www/html/inc/settings.php | 4 ++-- .../server/ryzom_ams/www/html/inc/sgroup_list.php | 2 +- .../server/ryzom_ams/www/html/inc/show_queue.php | 4 ++-- .../server/ryzom_ams/www/html/inc/show_reply.php | 4 ++-- .../server/ryzom_ams/www/html/inc/show_sgroup.php | 2 +- .../server/ryzom_ams/www/html/inc/show_ticket.php | 4 ++-- .../ryzom_ams/www/html/inc/show_ticket_log.php | 4 ++-- .../server/ryzom_ams/www/html/inc/show_user.php | 2 +- .../server/ryzom_ams/www/html/inc/userlist.php | 2 +- .../ryzom_ams/www/html/templates/show_ticket.tpl | 4 ++-- 20 files changed, 42 insertions(+), 28 deletions(-) diff --git a/code/ryzom/tools/server/ryzom_ams/ams_lib/autoload/ticket_user.php b/code/ryzom/tools/server/ryzom_ams/ams_lib/autoload/ticket_user.php index 726d98d1f..9c7c646a6 100644 --- a/code/ryzom/tools/server/ryzom_ams/ams_lib/autoload/ticket_user.php +++ b/code/ryzom/tools/server/ryzom_ams/ams_lib/autoload/ticket_user.php @@ -15,6 +15,20 @@ class Ticket_User{ $dbl->execute($query, $values); } + + public static function isMod($user){ + if(isset($user) && $user->getPermission() > 1){ + return true; + } + return false; + } + + public static function isAdmin($user){ + if(isset($user) && $user->getPermission() == 3){ + return true; + } + return false; + } //return constructed element based on TUserId diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/func/add_sgroup.php b/code/ryzom/tools/server/ryzom_ams/www/html/func/add_sgroup.php index 5f5544e6c..1b6297151 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/func/add_sgroup.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/func/add_sgroup.php @@ -4,7 +4,7 @@ function add_sgroup(){ if(WebUsers::isLoggedIn()){ - if( WebUsers::isAdmin()){ + if( Ticket_User::isAdmin($_SESSION['ticket_user'])){ $name = filter_var($_POST['Name'],FILTER_SANITIZE_STRING); $inner_tag = filter_var($_POST['Tag'], FILTER_SANITIZE_STRING); $tag = "[" . $inner_tag . "]"; diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/func/add_user_to_sgroup.php b/code/ryzom/tools/server/ryzom_ams/www/html/func/add_user_to_sgroup.php index 10da9db8a..830b67c57 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/func/add_user_to_sgroup.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/func/add_user_to_sgroup.php @@ -4,7 +4,7 @@ function add_user_to_sgroup(){ if(WebUsers::isLoggedIn()){ - if( WebUsers::isAdmin() && isset($_POST['target_id'])){ + if( Ticket_User::isAdmin($_SESSION['ticket_user']) && isset($_POST['target_id'])){ $name = filter_var($_POST['Name'],FILTER_SANITIZE_STRING); $id = filter_var($_POST['target_id'],FILTER_SANITIZE_NUMBER_INT); $user_id = WebUsers::getId($name); diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/func/change_info.php b/code/ryzom/tools/server/ryzom_ams/www/html/func/change_info.php index 9a93e6765..dab7efbbe 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/func/change_info.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/func/change_info.php @@ -9,7 +9,7 @@ function change_info(){ if(isset($_POST['target_id'])){ - if( ($_POST['target_id'] == $_SESSION['id']) || WebUsers::isAdmin() ){ + if( ($_POST['target_id'] == $_SESSION['id']) || Ticket_User::isMod($_SESSION['ticket_user'] ) ){ if($_POST['target_id'] == $_SESSION['id']){ $target_username = $_SESSION['user']; }else{ diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/func/change_mail.php b/code/ryzom/tools/server/ryzom_ams/www/html/func/change_mail.php index 6905febae..ff0427a2c 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/func/change_mail.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/func/change_mail.php @@ -9,7 +9,7 @@ function change_mail(){ if(isset($_POST['target_id'])){ - if( ($_POST['target_id'] == $_SESSION['id']) || WebUsers::isAdmin() ){ + if( ($_POST['target_id'] == $_SESSION['id']) || Ticket_User::isMod($_SESSION['ticket_user']) ){ if($_POST['target_id'] == $_SESSION['id']){ $target_username = $_SESSION['user']; }else{ @@ -42,7 +42,7 @@ function change_mail(){ $result['username'] = $_SESSION['user']; $result['target_id'] = $_POST['target_id']; if(isset($_GET['id'])){ - if(WebUsers::isAdmin() && ($_POST['target_id'] != $_SESSION['id'])){ + if(Ticket_User::isMod($_SESSION['ticket_user']) && ($_POST['target_id'] != $_SESSION['id'])){ $result['isAdmin'] = "TRUE"; } } @@ -56,7 +56,7 @@ function change_mail(){ $result['username'] = $_SESSION['user']; $result['target_id'] = $_POST['target_id']; if(isset($_GET['id'])){ - if(WebUsers::isAdmin() && ($_POST['target_id'] != $_SESSION['id'])){ + if(Ticket_User::isMod($_SESSION['ticket_user']) && ($_POST['target_id'] != $_SESSION['id'])){ $result['isAdmin'] = "TRUE"; } } diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/func/change_password.php b/code/ryzom/tools/server/ryzom_ams/www/html/func/change_password.php index 57e675123..071cbfd3c 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/func/change_password.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/func/change_password.php @@ -9,7 +9,7 @@ function change_password(){ if(isset($_POST['target_id'])){ $adminChangesOther = false; //if target_id is the same as session id or is admin - if( ($_POST['target_id'] == $_SESSION['id']) || WebUsers::isAdmin() ){ + if( ($_POST['target_id'] == $_SESSION['id']) || Ticket_User::isMod($_SESSION['ticket_user']) ){ if($_POST['target_id'] == $_SESSION['id']){ $target_username = $_SESSION['user']; }else{ diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/func/create_ticket.php b/code/ryzom/tools/server/ryzom_ams/www/html/func/create_ticket.php index 62e9e20fa..db7621493 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/func/create_ticket.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/func/create_ticket.php @@ -7,7 +7,7 @@ function create_ticket(){ if(isset($_POST['target_id'])){ //if target_id is the same as session id or is admin - if( ($_POST['target_id'] == $_SESSION['id']) || WebUsers::isAdmin() ){ + if( ($_POST['target_id'] == $_SESSION['id']) || Ticket_User::isMod($_SESSION['ticket_user']) ){ $category = filter_var($_POST['Category'], FILTER_SANITIZE_NUMBER_INT); $title = filter_var($_POST['Title'], FILTER_SANITIZE_STRING); diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/func/reply_on_ticket.php b/code/ryzom/tools/server/ryzom_ams/www/html/func/reply_on_ticket.php index 08188340f..c3010d01c 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/func/reply_on_ticket.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/func/reply_on_ticket.php @@ -9,14 +9,14 @@ function reply_on_ticket(){ $target_ticket = new Ticket(); $target_ticket->load_With_TId($ticket_id); - if(($target_ticket->getAuthor() == $_SESSION['ticket_user']->getTUserId()) || WebUsers::isAdmin() ){ + if(($target_ticket->getAuthor() == $_SESSION['ticket_user']->getTUserId()) || Ticket_User::isMod($_SESSION['ticket_user']) ){ try{ $author = $_SESSION['ticket_user']->getTUserId(); $content = filter_var($_POST['Content'], FILTER_SANITIZE_STRING); Ticket::createReply($content, $author, $ticket_id); - if(isset($_POST['ChangeStatus']) && isset($_POST['ChangePriority']) && WebUsers::isAdmin()){ + if(isset($_POST['ChangeStatus']) && isset($_POST['ChangePriority']) && Ticket_User::isMod($_SESSION['ticket_user'])){ $newStatus = filter_var($_POST['ChangeStatus'], FILTER_SANITIZE_NUMBER_INT); $newPriority = filter_var($_POST['ChangePriority'], FILTER_SANITIZE_NUMBER_INT); Ticket::updateTicketStatusAndPriority($ticket_id,$newStatus, $newPriority, $author); diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/inc/createticket.php b/code/ryzom/tools/server/ryzom_ams/www/html/inc/createticket.php index 34c1eddb6..4c3dce7b8 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/inc/createticket.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/inc/createticket.php @@ -7,7 +7,7 @@ function createticket(){ //in case user_id-GET param set it's value as target_id, if no user_id-param is given, use the session id. if(isset($_GET['user_id'])){ - if(($_GET['user_id'] != $_SESSION['id']) && (!WebUsers::isAdmin()) ){ + if(($_GET['user_id'] != $_SESSION['id']) && ( ! ticket_user::isMod($_SESSION['ticket_user'])) ){ //ERROR: No access! $_SESSION['error_code'] = "403"; diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/inc/libuserlist.php b/code/ryzom/tools/server/ryzom_ams/www/html/inc/libuserlist.php index e041942a8..b83b59f01 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/inc/libuserlist.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/inc/libuserlist.php @@ -2,7 +2,7 @@ function libuserlist(){ - if(WebUsers::isAdmin()){ + if(Ticket_User::isAdmin($_SESSION['ticket_user'])){ //This checks to see if there is a page number. If not, it will set it to page 1 if (!(isset($_GET['pagenum']))){ $pagenum = 1; diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/inc/settings.php b/code/ryzom/tools/server/ryzom_ams/www/html/inc/settings.php index 90bafbefc..a4db33b6b 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/inc/settings.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/inc/settings.php @@ -4,14 +4,14 @@ function settings(){ if(WebUsers::isLoggedIn()){ //in case id-GET param set it's value as target_id, if no id-param is given, ue the session id. if(isset($_GET['id'])){ - if(($_GET['id'] != $_SESSION['id']) && (!WebUsers::isAdmin()) ){ + if(($_GET['id'] != $_SESSION['id']) && (!Ticket_User::isMod($_SESSION['ticket_user'])) ){ //ERROR: No access! $_SESSION['error_code'] = "403"; header("Location: index.php?page=error"); exit; }else{ $result = WebUsers::getInfo($_GET['id']); - if(WebUsers::isAdmin() && ($_GET['id']!= $_SESSION['id'])){ + if(Ticket_User::isMod($_SESSION['ticket_user']) && ($_GET['id']!= $_SESSION['id'])){ $result['isAdmin'] = "TRUE"; } $result['target_id'] = $_GET['id']; diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/inc/sgroup_list.php b/code/ryzom/tools/server/ryzom_ams/www/html/inc/sgroup_list.php index 236d62b7c..01c2b16f2 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/inc/sgroup_list.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/inc/sgroup_list.php @@ -3,7 +3,7 @@ function sgroup_list(){ //if logged in if(WebUsers::isLoggedIn()){ - if( WebUsers::isAdmin()){ + if(Ticket_User::isAdmin($_SESSION['ticket_user'])){ if(isset($_GET['delete'])){ $delete_id = filter_var($_GET['delete'], FILTER_SANITIZE_NUMBER_INT); diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_queue.php b/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_queue.php index a60619c04..4af0a4b84 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_queue.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_queue.php @@ -4,7 +4,7 @@ function show_queue(){ //if logged in & queue id is given if(WebUsers::isLoggedIn() && isset($_GET['get'])){ - if( WebUsers::isAdmin()){ + if( Ticket_User::isMod($_SESSION['ticket_user'])){ $result['queue_action'] = filter_var($_GET['get'], FILTER_SANITIZE_STRING); $queueArray = Ticket_Queue_Handler::getTickets($result['queue_action'],2); @@ -16,7 +16,7 @@ function show_queue(){ $result['tickets'][$i]['author'] = WebUsers::getUsername($ticket['authorExtern']); $i++; } - if(WebUsers::isAdmin()){ + if(Ticket_User::isMod($_SESSION['ticket_user'])){ $result['isAdmin'] = "TRUE"; } return $result; diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_reply.php b/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_reply.php index f3de64594..fad5dad87 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_reply.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_reply.php @@ -11,7 +11,7 @@ function show_reply(){ $ticket = new Ticket(); $ticket->load_With_TId($reply->getTicket()); - if(($ticket->getAuthor() == $_SESSION['ticket_user']->getTUserId()) || WebUsers::isAdmin() ){ + if(($ticket->getAuthor() == $_SESSION['ticket_user']->getTUserId()) || Ticket_User::isMod($_SESSION['ticket_user'] )){ $content = new Ticket_Content(); $content->load_With_TContentId($reply->getContent()); @@ -25,7 +25,7 @@ function show_reply(){ $result['reply_content'] = $content->getContent(); $result['author'] = $author->getExternId(); $result['authorName'] = WebUsers::getUsername($author->getExternId()); - if(WebUsers::isAdmin()){ + if(Ticket_User::isMod($_SESSION['ticket_user'])){ $result['isAdmin'] = "TRUE"; } return $result; diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_sgroup.php b/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_sgroup.php index 6b414cbb3..c31c4d282 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_sgroup.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_sgroup.php @@ -3,7 +3,7 @@ function show_sgroup(){ //if logged in if(WebUsers::isLoggedIn()){ - if( WebUsers::isAdmin()){ + if(Ticket_User::isAdmin($_SESSION['ticket_user'])){ if( isset($_GET['id'])){ //['target_id'] holds the id of the group! diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_ticket.php b/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_ticket.php index c5e370849..2ac3c78cc 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_ticket.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_ticket.php @@ -8,7 +8,7 @@ function show_ticket(){ $target_ticket = new Ticket(); $target_ticket->load_With_TId($result['ticket_id']); - if(($target_ticket->getAuthor() == $_SESSION['ticket_user']->getTUserId()) || WebUsers::isAdmin() ){ + if(($target_ticket->getAuthor() == $_SESSION['ticket_user']->getTUserId()) || Ticket_User::isMod($_SESSION['ticket_user'] )){ $entire_ticket = Ticket::getEntireTicket( $result['ticket_id']); Ticket_Log::createLogEntry($result['ticket_id'],$_SESSION['ticket_user']->getTUserId(), 3); @@ -28,7 +28,7 @@ function show_ticket(){ $result['ticket_replies'][$i]['author'] = WebUsers::getUsername($reply['authorExtern']); $i++; } - if(WebUsers::isAdmin()){ + if(Ticket_User::isMod($_SESSION['ticket_user'])){ $result['isAdmin'] = "TRUE"; //$result['statusList'] = Ticket::getStatusArray(); } diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_ticket_log.php b/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_ticket_log.php index 06172482a..c5bacf030 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_ticket_log.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_ticket_log.php @@ -5,7 +5,7 @@ function show_ticket_log(){ //if logged in if(WebUsers::isLoggedIn() && isset($_GET['id'])){ //only allow admins to browse the log! - if(WebUsers::isAdmin() ){ + if(Ticket_User::isMod($_SESSION['ticket_user']) ){ $result['ticket_id'] = filter_var($_GET['id'], FILTER_SANITIZE_NUMBER_INT); $target_ticket = new Ticket(); $target_ticket->load_With_TId($result['ticket_id']); @@ -33,7 +33,7 @@ function show_ticket_log(){ $result['ticket_logs'][$i]['timestamp_elapsed'] = Gui_Elements::time_elapsed_string($log['timestamp']); $i++; } - if(WebUsers::isAdmin()){ + if(Ticket_User::isMod($_SESSION['ticket_user'])){ $result['isAdmin'] = "TRUE"; } return $result; diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_user.php b/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_user.php index fee3085c9..342529ead 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_user.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_user.php @@ -4,7 +4,7 @@ function show_user(){ //if logged in if(WebUsers::isLoggedIn()){ - if( !isset($_GET['id']) || WebUsers::isAdmin() || $_GET['id'] == $_SESSION['id'] ){ + if( !isset($_GET['id']) || Ticket_User::isMod($_SESSION['ticket_user']) || $_GET['id'] == $_SESSION['id'] ){ if(isset($_GET['id'])){ $result['target_id'] = filter_var($_GET['id'], FILTER_SANITIZE_NUMBER_INT); diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/inc/userlist.php b/code/ryzom/tools/server/ryzom_ams/www/html/inc/userlist.php index e2c2cbfcb..347be52dc 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/inc/userlist.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/inc/userlist.php @@ -1,7 +1,7 @@ {$reply.timestamp} {if $reply.permission eq '1'} - {else if $reply.permission eq '2'} + {else if $reply.permission gt '1'} [CSR] {/if} {if isset($isAdmin) and $isAdmin eq "TRUE"} {$reply.author}{else}{$reply.author} {/if}

-

{$reply.replyContent}

+

{$reply.replyContent}

{/foreach}