New feature: RemoteControl 'Modify survey settings' function

LimeSurvey · Jul 11, 2012 · bd8a51d · bd8a51d
1 parent 03c4b3d
commit bd8a51d
Show file tree

Hide file tree

Showing 5 changed files with 114 additions and 44 deletions.
diff --git a/application/controllers/admin/remotecontrol.php b/application/controllers/admin/remotecontrol.php
@@ -83,7 +83,12 @@ public function test()
         {
             echo 'Tokens for Survey ID '.$iSurveyID.' successfully activated.<br>';
         }
-            die();
+        $aResult=$myJSONRPCClient->modify_survey_settings($sSessionKey, $iSurveyID,array('faxto'=>'0800-LIMESURVEY'));
+        if ($aResult['status']=='OK')
+        {
+            echo 'Modified survey settings for survey '.$iSurveyID;
+        }
+        die();
         $aResult=$myJSONRPCClient->delete_survey($sSessionKey, $iSurveyID);
         echo 'Deleted survey SID:'.$iSurveyID.'-'.$aResult['status'].'<br>';
 
@@ -204,7 +209,7 @@ public function activate_survey($sSessionKey, $iSurveyID)
     {
         if ($this->_checkSessionKey($sSessionKey))
         {
-            if (hasGlobalPermission('USER_RIGHT_CREATE_SURVEY'))
+            if (hasSurveyPermission($iSurveyID, 'surveyactivation', 'update'))
             {
                 Yii::app()->loadHelper('admin/activate');
                 $aImportResults = activateSurvey($iSurveyID);
@@ -220,6 +225,57 @@ public function activate_survey($sSessionKey, $iSurveyID)
         }
     }
 
+    /**
+    * RPC routine to modify survey settings
+    *
+    * @access public
+    * @param string $sSessionKey
+    * @param integer $iSurveyID  - ID of the survey
+    * @param array $aSurveyData - An array with the particular fieldnames as keys and their values to set on that partuclar survey
+    * @return array OK, when save successful otherwise error text.
+    */
+    public function modify_survey_settings($sSessionKey, $iSurveyID, $aSurveyData)
+    {
+        if ($this->_checkSessionKey($sSessionKey))
+        {
+            if (hasSurveyPermission($iSurveyID, 'surveysettings', 'update'))
+            {
+                // Remove fields that may not be modified
+                unset($aSurveyData['active']);
+                unset($aSurveyData['language']);
+                unset($aSurveyData['additional_languages']);
+                // Remove invalid fields
+                $aDestinationFields=array_flip(Survey::model()->tableSchema->columnNames);
+                $aSurveyData=array_intersect_key($aSurveyData,$aDestinationFields);
+                $oSurvey=Survey::model()->findByPk($iSurveyID);
+                if ($oSurvey->active=='Y')
+                {
+                    // remove all fields that may not be changed when a survey is active
+                    unset($aSurveyData['anonymized']);
+                    unset($aSurveyData['datestamp']);
+                    unset($aSurveyData['savetimings']);
+                    unset($aSurveyData['ipaddr']);
+                    unset($aSurveyData['refurl']);
+                }
+                foreach($aSurveyData as $sFieldName=>$sValue)
+                {
+                    $oSurvey->$sFieldName=$sValue;
+                }
+                try
+                {
+                    $oSurvey->save(); // save the change to database
+                    return array('status' => 'OK');
+                }
+                catch(Exception $e)
+                {
+                    return array('status' => 'Error');
+                }
+            }
+            else
+                return array('status' => 'No permission');
+        }
+    }
+
 
     /**
     * RPC routine to activate tokens

diff --git a/application/controllers/admin/surveyadmin.php b/application/controllers/admin/surveyadmin.php
@@ -355,8 +355,9 @@ public function deactivate($iSurveyID = null)
     */
     public function activate($iSurveyID)
     {
+        if (!hasSurveyPermission($iSurveyID, 'surveyactivation', 'update')) die();
         $clang = Yii::app()->lang;
-    
+
         $iSurveyID = (int) $iSurveyID;
 
         $aData = array();
@@ -1584,17 +1585,13 @@ function insert($iSurveyId=null)
             'tokenlength' => $_POST['tokenlength']
             );
 
-            if(Yii::app()->getConfig('filterxsshtml') && Yii::app()->session['USER_RIGHT_SUPERADMIN'] != 1)
-                $xssfilter = true;
-            else
-                $xssfilter = false;
 
             if (!is_null($iSurveyId))
             {
                 $aInsertData['wishSID'] = $iSurveyId;
             }
 
-            $iNewSurveyid = Survey::model()->insertNewSurvey($aInsertData, $xssfilter);
+            $iNewSurveyid = Survey::model()->insertNewSurvey($aInsertData);
             if (!$iNewSurveyid)
                 die('Survey could not be created.');
 

diff --git a/application/helpers/admin/import_helper.php b/application/helpers/admin/import_helper.php
@@ -2666,7 +2666,7 @@ function CSVImportSurvey($sFullFilepath,$iDesiredSurveyId=NULL,$bTranslateLinks=
     $surveyrowdata['bounce_email']=$surveyrowdata['adminemail'];
     if (empty($surveyrowdata['datecreated'])) {$surveyrowdata['datecreated'] = new CDbExpression('NOW()'); }
 
-    $iNewSID = Survey::insertNewSurvey($surveyrowdata, $xssfilter) or safeDie ("<br />".$clang->gT("Import of this survey file failed")."<br />{$surveyarray[0]}<br /><br />\n" );
+    $iNewSID = Survey::insertNewSurvey($surveyrowdata) or safeDie ("<br />".$clang->gT("Import of this survey file failed")."<br />{$surveyarray[0]}<br /><br />\n" );
 
     // Now import the survey language settings
     $fieldorders=convertCSVRowToArray($surveylsarray[0],',','"');
@@ -3415,7 +3415,7 @@ function XMLImportSurvey($sFullFilepath,$sXMLdata=NULL,$sNewSurveyName=NULL,$iDe
             $insertdata['showxquestions']=$insertdata['showXquestions'];
             unset($insertdata['showXquestions']);
         }
-        $iNewSID = $results['newsid'] = Survey::model()->insertNewSurvey($insertdata,$xssfilter) or safeDie($clang->gT("Error").": Failed to insert data<br />");
+        $iNewSID = $results['newsid'] = Survey::model()->insertNewSurvey($insertdata) or safeDie($clang->gT("Error").": Failed to insert data<br />");
 
         $results['surveys']++;
     }

diff --git a/application/models/Survey.php b/application/models/Survey.php
@@ -62,8 +62,8 @@ public static function model($class = __CLASS__)
     public function relations()
     {
         return array(
-            'languagesettings' => array(self::HAS_MANY, 'Surveys_languagesettings', 'surveyls_survey_id'),
-            'owner' => array(self::BELONGS_TO, 'User', '', 'on' => 't.owner_id = owner.uid'),
+        'languagesettings' => array(self::HAS_MANY, 'Surveys_languagesettings', 'surveyls_survey_id'),
+        'owner' => array(self::BELONGS_TO, 'User', '', 'on' => 't.owner_id = owner.uid'),
         );
     }
 
@@ -76,12 +76,53 @@ public function relations()
     public function scopes()
     {
         return array(
-            'active' => array(
-                'condition' => "active = 'Y'",
-            ),
+        'active' => array(
+        'condition' => "active = 'Y'",
+        ),
         );
     }
 
+    /**
+    * Returns this model's validation rules
+    *
+    */
+    public function rules()
+    {
+        return array(
+        array('datecreated', 'default','value'=>date("Y-m-d")),
+        array('startdate', 'default','value'=>NULL),
+        array('expires', 'default','value'=>NULL),
+        array('admin', 'xssfilter'),
+        array('adminemail', 'xssfilter'),
+        array('bounce_email', 'xssfilter'),
+        array('faxto', 'xssfilter')
+        );
+    }
+
+
+
+
+
+    /**
+    * Defines the customs validation rule xssfilter
+    *
+    * @param mixed $attribute
+    * @param mixed $params
+    */
+    public function xssfilter($attribute,$params)
+    {
+        if(Yii::app()->getConfig('filterxsshtml') && Yii::app()->session['USER_RIGHT_SUPERADMIN'] != 1)
+        {
+            $filter = new CHtmlPurifier();
+            $filter->options = array('URI.AllowedSchemes'=>array(
+            'http' => true,
+            'https' => true,
+            ));
+            $this->$attribute = $filter->purify($this->$attribute);
+        }
+    }
+
+
     /**
     * permission scope for this model
     *
@@ -94,7 +135,7 @@ public function permission($loginID)
         $loginID = (int) $loginID;
         $criteria = $this->getDBCriteria();
         $criteria->mergeWith(array(
-            'condition' => 'sid IN (SELECT sid FROM {{survey_permissions}} WHERE uid = :uid AND permission = :permission AND read_p = 1)',
+        'condition' => 'sid IN (SELECT sid FROM {{survey_permissions}} WHERE uid = :uid AND permission = :permission AND read_p = 1)',
         ));
         $criteria->params[':uid'] = $loginID;
         $criteria->params[':permission'] = 'survey';
@@ -152,17 +193,16 @@ public function getTokenAttributes()
         return $attdescriptiondata;
     }
 
+
     /**
-    * !!! Shouldn't this be moved to beforeSave?
     * Creates a new survey - does some basic checks of the suppplied data
     *
     * @param array $aData Array with fieldname=>fieldcontents data
     * @param boolean $xssfiltering Sets if the data for the new survey should be filtered for XSS
     * @return integer The new survey id
     */
-    public function insertNewSurvey($aData, $xssfiltering = false)
+    public function insertNewSurvey($aData)
     {
-
         do
         {
             if (isset($aData['wishSID'])) // if wishSID is set check if it is not taken already
@@ -177,31 +217,6 @@ public function insertNewSurvey($aData, $xssfiltering = false)
         }
         while (!is_null($isresult));
 
-     //   $aData['datecreated'] = date("Y-m-d");
-        if (isset($aData['startdate']) && trim($aData['startdate']) == '')
-            unset($aData['startdate']);
-
-        if (isset($aData['expires']) && trim($aData['expires']) == '')
-            unset($aData['expires']);
-
-        if (!isset($aData['datecreated']))
-        {
-            $aData['datecreated'] = date("Y-m-d");
-        }
-
-        if($xssfiltering)
-        {
-            $filter = new CHtmlPurifier();
-            $filter->options = array('URI.AllowedSchemes'=>array(
-            'http' => true,
-            'https' => true,
-            ));
-            $aData["admin"] = $filter->purify($aData["admin"]);
-            $aData["adminemail"] = $filter->purify($aData["adminemail"]);
-            $aData["bounce_email"] = $filter->purify($aData["bounce_email"]);
-            $aData["faxto"] = $filter->purify($aData["faxto"]);
-        }
-
         $survey = new self;
         foreach ($aData as $k => $v)
             $survey->$k = $v;

diff --git a/application/models/Surveys_languagesettings.php b/application/models/Surveys_languagesettings.php
@@ -135,6 +135,8 @@ function insertNewSurvey($data, $xssfiltering = false)
 
 		return $this->insertSomeRecords($data);
     }
+
+
     function getSurveyNames($surveyid)
     {
         $lang = Yii::app()->session['adminlang'];