Skip to content

Commit

Permalink
DEV: SQL -> AR; add UserGroup->hasUser() (#830)
Browse files Browse the repository at this point in the history 
Dev: SQL params
Dev: SQL params 2
Dev: implement UserGroup->hasUser($uid)
Dev: fix criteria
  • Loading branch information
@TonisOrmisson @LouisGac
TonisOrmisson authored and LouisGac committed Oct 9, 2017
1 parent ad92d8e commit 9897b1f
Show file tree
Hide file tree
Showing 5 changed files with 51 additions and 40 deletions.
33 changes: 8 additions & 25 deletions application/core/Survey_Common_Action.php
View file
Expand Up @@ -1282,40 +1282,23 @@ public function _browsemenubar(array $aData)
public function _userGroupBar(array $aData)
{
$ugid = (isset($aData['ugid'])) ? $aData['ugid'] : 0 ;
if (!empty($aData['display']['menu_bars']['user_group']))
{
if (!empty($aData['display']['menu_bars']['user_group'])) {
$data = $aData;
Yii::app()->loadHelper('database');

if (!empty($ugid)) {
$sQuery = "SELECT gp.* FROM {{user_groups}} AS gp, {{user_in_groups}} AS gu WHERE gp.ugid=gu.ugid AND gp.ugid = {$ugid}";
if (!Permission::model()->hasGlobalPermission('superadmin','read'))
{
$sQuery .=" AND gu.uid = ".Yii::app()->session['loginID'];
}

$grpresult = Yii::app()->db->createCommand($sQuery)->queryRow(); //Checked

if ($grpresult) {
$grpresultcount=1;
$grow = array_map('htmlspecialchars', $grpresult);
$userGroup = UserGroup::model()->findByPk($ugid);
$uid = Yii::app()->session['loginID'];
if($userGroup && $userGroup->hasUser($uid)){
$data['userGroup'] = $userGroup;
}else{
$data['userGroup'] = null;
}
else
{
$grpresultcount=0;
$grow = false;
}

$data['grow'] = $grow;
$data['grpresultcount'] = $grpresultcount;

}

$data['ugid'] = $ugid;
$data['imageurl'] = Yii::app()->getConfig("adminimageurl");

if(isset($aData['usergroupbar']['closebutton']['url']))
{
if(isset($aData['usergroupbar']['closebutton']['url'])) {
$sAlternativeUrl = $aData['usergroupbar']['closebutton']['url'];
$aData['usergroupbar']['closebutton']['url'] = Yii::app()->request->getUrlReferrer( Yii::app()->createUrl($sAlternativeUrl) );
}
Expand Down
14 changes: 10 additions & 4 deletions application/helpers/expressions/em_manager_helper.php
View file
Expand Up @@ -5525,11 +5525,17 @@ private function _UpdateValuesInDatabase($updatedValues, $finished=false)
$cSave->set_answer_time();
}

if ($finished)
{
if ($finished) {
// Delete the save control record if successfully finalize the submission
$query = "DELETE FROM {{saved_control}} where srid=".$_SESSION[$this->sessid]['srid'].' and sid='.$this->sid;
Yii::app()->db->createCommand($query)->execute();
$criteria = new CDbCriteria;
$criteria->addCondition('srid=:srid');
$criteria->addCondition('sid=:sid');
$criteria->params = [':srid'=>$_SESSION[$this->sessid]['srid'],':sid'=>$this->sid];
$savedControl = SavedControl::model()->findAll($criteria);

if($savedControl){
$savedControl->delete();
}

if (($this->debugLevel & LEM_DEBUG_VALIDATION_SUMMARY) == LEM_DEBUG_VALIDATION_SUMMARY) {
$message .= ';<br />'.$query;
Expand Down
8 changes: 4 additions & 4 deletions application/models/Condition.php
View file
Expand Up @@ -156,10 +156,10 @@ public function insertRecords($data, $update=FALSE, $condition=FALSE)
*/
public function getScenarios($qid)
{

$scenarioquery = "SELECT DISTINCT scenario FROM ".$this->tableName()." WHERE qid=".$qid." ORDER BY scenario";

return Yii::app()->db->createCommand($scenarioquery)->query();
$query = "SELECT DISTINCT scenario FROM ".$this->tableName()." WHERE qid=:qid ORDER BY scenario";
$command =Yii::app()->db->createCommand($query);
$command->params = [':qid'=>$qid];
return $command->query();
}

/**
Expand Down
22 changes: 20 additions & 2 deletions application/models/UserGroup.php
View file
Expand Up @@ -129,6 +129,7 @@ public function join($fields, $from, $condition=false, $join=false, $order=false
* @param string $group_name
* @param string $group_description
* @return int|mixed|string
* @todo should use save() and afterSave() methods!!
*/
public function addGroup($group_name, $group_description) {
$iLoginID=intval(Yii::app()->session['loginID']);
Expand Down Expand Up @@ -242,8 +243,7 @@ public function deleteGroup($ugId, $ownerId)
*/
public function getCountUsers()
{
// TODO get count without getting all user rows?
return count($this->users);
return (int) UserInGroup::model()->countByAttributes(['ugid'=>$this->ugid]);
}

/**
Expand Down Expand Up @@ -347,5 +347,23 @@ public function searchMine($isMine)

return $dataProvider;
}


/**
* Checks whether the specified UID is part of that group
* @param integer $uid
* @return bool
*/
public function hasUser($uid){
// superadmin is part of all groups
if (!Permission::model()->hasGlobalPermission('superadmin','read')) {
return true;
}
$userInGroup = UserInGroup::model()->findByAttributes(['ugid'=>$this->ugid],'uid=:uid',[':uid'=>$uid]);
if($userInGroup){
return true;
}
return false;
}

}
14 changes: 9 additions & 5 deletions application/views/admin/usergroup/usergroupbar_view.php
View file
@@ -1,3 +1,7 @@
<?php
/** @var AdminController $this */
/** @var UserGroup $userGroup */
?>
<div class='menubar' id="usergroupbar">
<div class='row container-fluid'>
<div class="col-lg-6 col-sm-8">
Expand All @@ -12,23 +16,23 @@

<!-- Mail to all Members -->
<?php if(isset($usergroupbar['edit'])): ?>
<a class="btn btn-default" href="<?php echo $this->createUrl("admin/usergroups/sa/mail/ugid/".$ugid); ?>" role="button">
<a class="btn btn-default" href="<?php echo $this->createUrl("admin/usergroups/sa/mail/ugid/".$userGroup->ugid); ?>" role="button">
<span class="icon-invite text-success"></span>
<?php eT("Mail to all Members"); ?>
</a>
<?php endif;?>

<!-- Edit current user group -->
<?php if(isset($usergroupbar['edit']) && (Yii::app()->session['loginID'] == $grow['owner_id'] || Permission::model()->hasGlobalPermission('superadmin','read')) ):?>
<a class="btn btn-default" href="<?php echo $this->createUrl("admin/usergroups/sa/edit/ugid/".$ugid); ?>" role="button">
<?php if(isset($usergroupbar['edit']) && (Yii::app()->session['loginID'] == $userGroup->owner_id || Permission::model()->hasGlobalPermission('superadmin','read')) ):?>
<a class="btn btn-default" href="<?php echo $this->createUrl("admin/usergroups/sa/edit/ugid/".$userGroup->ugid); ?>" role="button">
<span class="fa fa-pencil text-success"></span>
<?php eT("Edit current user group"); ?>
</a>
<?php endif;?>

<!-- Delete current user group -->
<?php if(isset($usergroupbar['edit']) && (Yii::app()->session['loginID'] == $grow['owner_id'] || Permission::model()->hasGlobalPermission('superadmin','read')) ):?>
<a class="btn btn-default" href='#' onclick="if (confirm('<?php eT("Are you sure you want to delete this entry?","js"); ?>')) { <?php echo convertGETtoPOST($this->createUrl('admin/usergroups/sa/delete/ugid/'.$ugid)); ?>}">
<?php if(isset($usergroupbar['edit']) && (Yii::app()->session['loginID'] == $userGroup->owner_id || Permission::model()->hasGlobalPermission('superadmin','read')) ):?>
<a class="btn btn-default" href='#' onclick="if (confirm('<?php eT("Are you sure you want to delete this entry?","js"); ?>')) { <?php echo convertGETtoPOST($this->createUrl('admin/usergroups/sa/delete/ugid/'.$userGroup->ugid)); ?>}">
<span class="fa fa-trash text-success"></span>
<?php eT("Delete current user group"); ?>
</a>
Expand Down

0 comments on commit 9897b1f

Please sign in to comment.