Checkpoint - have replaced all of the references to the User class wi…

…th the People class. Still have to do the Contacts class. Also have OAuth authentication working with the Oauth2 PHP API library from PHP Classes. Will have to add some documentation before closing out the ticket, though. Works fine with Google.

#517 and #424

assets.inc.php

@@ -397,7 +397,7 @@ function GetCabinetSelectList(){
 		$selectList="<select name=\"cabinetid\" id=\"cabinetid\"><option value=\"-1\">Storage Room</option>";
 
 		foreach($dbh->query($sql) as $selectRow){
-			if($selectRow["CabinetID"]==$this->CabinetID || User::Current()->canWrite($selectRow["AssignedTo"])){
+			if($selectRow["CabinetID"]==$this->CabinetID || People::Current()->canWrite($selectRow["AssignedTo"])){
 				$selected=($selectRow["CabinetID"]==$this->CabinetID)?' selected':'';
 				$selectList.="<option value=\"{$selectRow["CabinetID"]}\"$selected>{$selectRow["Name"]} / {$selectRow["Location"]}</option>";
 			}
@@ -1213,18 +1213,18 @@ private function FilterRights(){
 		$cab->CabinetID=$this->Cabinet;
 
 		$this->Rights='None';
-		$user=User::Current();
-		if($user->canRead($this->Owner)){$this->Rights="Read";}
-		if($user->canWrite($this->Owner)){$this->Rights="Write";} // write by device
+		$person=People::Current();
+		if($person->canRead($this->Owner)){$this->Rights="Read";}
+		if($person->canWrite($this->Owner)){$this->Rights="Write";} // write by device
 		if($this->ParentDevice>0){ // this is a child device of a chassis
 			$par=new Device();
 			$par->DeviceID=$this->ParentDevice;
 			$par->GetDevice();
 			$this->Rights=($par->Rights=="Write")?"Write":$this->Rights;
 		}elseif($cab->GetCabinet()){
-			if($cab->AssignedTo!=0 && $user->canWrite($cab->AssignedTo)){$this->Rights="Write";} // write because the cabinet is assigned
+			if($cab->AssignedTo!=0 && $person->canWrite($cab->AssignedTo)){$this->Rights="Write";} // write because the cabinet is assigned
 		}
-		if($user->SiteAdmin && $this->DeviceType=='Patch Panel'){$this->Rights="Write";} // admin override of rights for patch panels
+		if($person->SiteAdmin && $this->DeviceType=='Patch Panel'){$this->Rights="Write";} // admin override of rights for patch panels
 
 		// Remove information that this user isn't allowed to see
 		if($this->Rights=='None'){
@@ -1468,7 +1468,7 @@ function UpdateDevice() {
 			$cab->CabinetID=$this->Cabinet;
 			$cab->GetCabinet();
 			// Make sure the user has rights to save a device into the new cabinet
-			if(!User::Current()->canWrite($cab->AssignedTo)){
+			if(!People::Current()->canWrite($cab->AssignedTo)){
 				return false;
 			}
 			$powercon=new PowerConnection();
@@ -3207,9 +3207,9 @@ static function getPatchCandidates($DeviceID,$PortNum=null,$listports=null,$patc
 		$candidates=array();
 
 		if(is_null($listports)){
-			$currentuser=User::Current();
-			if(!$currentuser->WriteAccess){
-				$groups=$currentuser->isMemberOf();  // list of groups the current user is member of
+			$currentperson=People::Current();
+			if(!$currentperson->WriteAccess){
+				$groups=$currentperson->isMemberOf();  // list of groups the current user is member of
 				$rights=null;
 				foreach($groups as $index => $DeptID){
 					if(is_null($rights)){

cabinets.php

@@ -25,17 +25,17 @@
 
 	// END - AJAX Requests
 
-	$write=($user->WriteAccess)?true:false;
+	$write=($person->WriteAccess)?true:false;
 
 	if(isset($_REQUEST['cabinetid'])){
 		$cab->CabinetID=(isset($_POST['cabinetid'])?$_POST['cabinetid']:$_GET['cabinetid']);
 		$cab->GetCabinet();
-		$write=($user->canWrite($cab->AssignedTo))?true:$write;
+		$write=($person->canWrite($cab->AssignedTo))?true:$write;
 	}
 
 	// If you're deleting the cabinet, no need to pull in the rest of the information, so get it out of the way
 	// Only a site administrator can create or delete a cabinet
-	if(isset($_POST["delete"]) && $_POST["delete"]=="yes" && $user->SiteAdmin ) {
+	if(isset($_POST["delete"]) && $_POST["delete"]=="yes" && $person->SiteAdmin ) {
 		$cab->DeleteCabinet();
 		$status['code']=200;
 		$status['msg']=redirect("dc_stats.php?dc=$cab->DataCenterID");

cabnavigator.php

@@ -129,15 +129,15 @@ function renderUnassignedTemplateOwnership($noTemplFlag, $noOwnerFlag, $device)
 	$cab->GetCabinet();
 
 	// Check to see if this user is allowed to see anything in ihere
-	if(! $user->SiteAdmin && ! $user->ReadAccess && $cab->AssignedTo >0 && !array_intersect($user->isMemberOf(),Cabinet::GetOccupants($cab->CabinetID))){
+	if(! $person->SiteAdmin && ! $person->ReadAccess && $cab->AssignedTo >0 && !array_intersect($person->isMemberOf(),Cabinet::GetOccupants($cab->CabinetID))){
 		// This cabinet belongs to a department you don't have affiliation with, so no viewing at all
 		header('Location: '.redirect());
 		exit;
 	}
 
 	// If you're deleting the cabinet, no need to pull in the rest of the information, so get it out of the way
 	// Only a site administrator can create or delete a cabinet
-	if(isset($_POST["delete"]) && $_POST["delete"]=="yes" && $user->SiteAdmin ) {
+	if(isset($_POST["delete"]) && $_POST["delete"]=="yes" && $person->SiteAdmin ) {
 		$cab->DeleteCabinet();
 		$url=redirect("dc_stats.php?dc=$dcID");
 		header("Location: $url");
@@ -161,15 +161,15 @@ function renderUnassignedTemplateOwnership($noTemplFlag, $noOwnerFlag, $device)
 	$audit->CabinetID=$cab->CabinetID;
 
 	// You just have WriteAccess in order to perform/certify a rack audit
-	if(isset($_REQUEST["audit"]) && $_REQUEST["audit"]=="yes" && $user->CanWrite($cab->AssignedTo)){
+	if(isset($_REQUEST["audit"]) && $_REQUEST["audit"]=="yes" && $person->CanWrite($cab->AssignedTo)){
 		$audit->Comments=sanitize($_REQUEST["comment"]);
 		$audit->CertifyAudit();
 	}
 
 	$audit->AuditStamp=__("Never");
 	$audit->GetLastAudit();
 	if($audit->UserID!=""){
-		$tmpUser=new User();
+		$tmpUser=new People();
 		$tmpUser->UserID=$audit->UserID;
 		$tmpUser->GetUserRights();
 		$AuditorName=$tmpUser->Name;
@@ -499,26 +499,26 @@ function BuildCabinet($rear=false){
 		}
 	}
 
-	if($user->CanWrite($cab->AssignedTo)){
+	if($person->CanWrite($cab->AssignedTo)){
 		$body.="\n\t\t<ul class=\"nav\"><a href=\"power_pdu.php?pduid=0&cabinetid=$cab->CabinetID\"><li>".__("Add CDU")."</li></a></ul>\n";
 	}
 
 	$body.="\t</fieldset>\n";
-	if ($user->CanWrite($cab->AssignedTo) || $user->SiteAdmin) {
+	if ($person->CanWrite($cab->AssignedTo) || $person->SiteAdmin) {
 	    $body.="\t<fieldset>\n";
-        if ($user->CanWrite($cab->AssignedTo) ) {
+        if ($person->CanWrite($cab->AssignedTo) ) {
             $body .= renderCabinetProps($cab, $audit, $AuditorName);
         }
 	    $body.="\t\t<ul class=\"nav\">";
-        if($user->CanWrite($cab->AssignedTo)){
+        if($person->CanWrite($cab->AssignedTo)){
             $body.="
 			<a href=\"#\" onclick=\"javascript:verifyAudit(this.form)\"><li>".__("Certify Audit")."</li></a>
 			<a href=\"devices.php?action=new&cabinet=$cab->CabinetID\"><li>".__("Add Device")."</li></a>
 			<a href=\"cabaudit.php?cabinetid=$cab->CabinetID\"><li>".__("Audit Report")."</li></a>
 			<a href=\"mapmaker.php?cabinetid=$cab->CabinetID\"><li>".__("Map Coordinates")."</li></a>
 			<a href=\"cabinets.php?cabinetid=$cab->CabinetID\"><li>".__("Edit Cabinet")."</li></a>\n";
         }
-		if($user->SiteAdmin){
+		if($person->SiteAdmin){
 		    $body.="\t\t\t<a href=\"#\" onclick=\"javascript:verifyDelete(this.form)\"><li>".__("Delete Cabinet")."</li></a>";
 		}
 	    $body.="\n\t\t</ul>\n    </fieldset>";

cabrow.php

@@ -4,7 +4,7 @@
 
 	$subheader=__("Rows of Cabinets");
 
-	if(!$user->SiteAdmin){
+	if(!$person->SiteAdmin){
 		// No soup for you.
 		header('Location: '.redirect());
 		exit;

cdu_templates.php

@@ -4,7 +4,7 @@
 
 	$subheader=__("Data Center Cabinet Distribution Unit Templates");
 
-	if(!$user->SiteAdmin){
+	if(!$person->SiteAdmin){
 		// No soup for you.
 		header('Location: '.redirect());
 		exit;

configuration.php

@@ -6,7 +6,7 @@
 
 	$subheader=__("Data Center Configuration");
 
-	if(!$user->SiteAdmin){
+	if(!$person->SiteAdmin){
 		// No soup for you.
 		header('Location: '.redirect());
 		exit;

conflicts.php

@@ -4,7 +4,7 @@
 	require_once('db.inc.php');
 	require_once('facilities.inc.php');
 
-	if(!$user->SiteAdmin){
+	if(!$person->SiteAdmin){
 		// No soup for you.
 		header('Location: '.redirect());
 		exit;

container.php

@@ -4,7 +4,7 @@
 
 	$subheader=__("Container Detail");
 
-	if(!$user->SiteAdmin){
+	if(!$person->SiteAdmin){
 		// No soup for you.
 		header('Location: '.redirect());
 		exit;

customers.inc.php

@@ -78,7 +78,6 @@ function MakeDisplay(){
 		$this->Phone2=stripslashes($this->Phone2);
 		$this->Phone3=stripslashes($this->Phone3);
 		$this->Email=stripslashes($this->Email);
-		$this->Name=sanitize($this->Name);
 		$this->AdminOwnDevices=intval($this->AdminOwnDevices);
 		$this->ReadAccess=intval($this->ReadAccess);
 		$this->WriteAccess=intval($this->WriteAccess);
@@ -129,7 +128,33 @@ function lastID($sql) {
 		global $dbh;
 		return $dbh->lastInsertID();
 	}
+
+	function canRead( $Owner ) {
+		// If the user has Global rights, don't waste compute cycles on more granular checks
+		if ( $this->ReadAccess ) {
+			return true;
+		}
+
+		if ( in_array( $Owner, $this->isMemberOf() ) ) {
+			return true;
+		} else {
+			return false;
+		}
+	}
 
+	function canWrite( $Owner ) {
+		// If the user has Global rights, don't wast compute cycles on more granular checks
+		if ( $this->WriteAccess ) {
+			return true;
+		}
+
+		if ( in_array( $Owner, $this->isMemberOf() ) && $this->AdminOwnDevices ) {
+			return true;
+		} else {
+			return false;
+		}
+	}
+
 	function CreatePerson() {
 		$this->MakeSafe();
 
@@ -164,18 +189,12 @@ static function Current(){
 			} else {
 				return false;
 			}
-		} elseif ( AUTHENTICATION == "Google" ) {
-			if ( ! isset( $_SESSION['access_token'] ) ) {
-				error_log( "Enable to retrieve Google OAuth Access Token." );
+		} elseif ( AUTHENTICATION == "Oauth" ) {
+			if ( ! isset( $_SESSION['userid'] ) ) {
 				return false;
 			}
 
-			$client= new Google_Client();
-			$client->setAccessToken($_SESSION['access_token']);
-			$plus = new Google_Service_Plus( $client );
-			$me = $plus->people->get('me');
-
-			$cperson->UserID = $me[emails][0][value];
+			$cperson->UserID = $_SESSION['userid'];
 			$cperson->GetUserRights();
 		}
 
@@ -220,6 +239,17 @@ function GetUserID() {
 		}
 	}
 
+	function GetUserList(){
+		$sql="SELECT * FROM fac_People ORDER BY LastName ASC, FirstName ASC";
+
+		$userList=array();
+		foreach($this->query($sql) as $row){
+			$userList[]=People::RowToObject($row);
+		}
+
+		return $userList;
+	}
+
 	function GetUserRights() {
 		$this->MakeSafe();
 
@@ -243,14 +273,31 @@ function GetUserRights() {
 		return;
 	}
 
+	function isMemberOf(){
+		$this->GetUserRights();
+
+		$sql="SELECT DeptID FROM fac_DeptContacts WHERE ContactID IN 
+			(SELECT ContactID FROM fac_Contact WHERE UserID=\"$this->UserID\");";
+
+		$deptList=array();
+		$deptList[]=0; // This is allowing anyone to use an unassigned rack / device
+		if($query=$this->query($sql)){
+			foreach($query as $row){
+				$deptList[]=$row["DeptID"];
+			}
+		}
+
+		return $deptList;
+	}
+
 	function UpdatePerson() {
 		$this->MakeSafe();
 
 		$sql = "update fac_People set UserID=\"" . $this->UserID . "\", LastName=\"" . $this->LastName . "\", FirstName=\"" . $this->FirstName . "\",
 			Phone1=\"" . $this->Phone1 . "\", Phone2=\"" . $this->Phone2 . "\", Phone3=\"" . $this->Phone3 . "\", Email=\"" . $this->Email . "\",
 			AdminOwnDevices=" . $this->AdminOwnDevices . ", ReadAccess=" . $this->ReadAccess . ", WriteAccess=" . $this->WriteAccess . ",
 			DeleteAccess=" . $this->DeleteAccess . ", ContactAdmin=" . $this->ContactAdmin . ", RackRequest=" . $this->RackRequest . ", RackAdmin=" . $this->RackAdmin . ",
-			SiteAdmin=" . $this->SiteAdmin . ", Disabled=" . $this->Disabled . ", where PersonID=" . $this->PersonID;
+			SiteAdmin=" . $this->SiteAdmin . ", Disabled=" . $this->Disabled . " where PersonID=" . $this->PersonID;
 
 		if ( $this->query( $sql ) ) {
 			(class_exists('LogActions'))?LogActions::LogThis($this):'';

datacenter.php

@@ -4,7 +4,7 @@
 
 	$subheader=__("Data Center Detail");
 
-	if(!$user->SiteAdmin){
+	if(!$person->SiteAdmin){
 		// No soup for you.
 		header('Location: '.redirect());
 		exit;
@@ -314,7 +314,7 @@ function cambio_container(){
 		echo '   <button type="submit" name="action" value="Create">',__("Create"),'</button>';
 	}
 
-	if ( $user->SiteAdmin && $dc->DataCenterID > 0 ) {
+	if ( $person->SiteAdmin && $dc->DataCenterID > 0 ) {
 		echo '    <button type="button" id="delete-btn" name="action" value="Delete">',__("Delete"),'</button>';
 	}
 ?>

db.inc.php-dist

@@ -16,10 +16,10 @@
 			die();
 	}
 
-	$Authentication = "Apache";
-	/* If you want to use Google Plus API authentication, uncomment the next line
-	   and follow the instructions in loginGooglePlus.php to enable. */
-	// $Authentication = "Google";
+	define( "AUTHENTICATION", "Apache" );
+	/* If you want to use Oauth authentication, uncomment the next line
+	   and place your authentication handler in login.php (create symbolic link). */
+	// define( "AUTHENTICATION", "OAuth" );
 
 	require_once( 'config.inc.php');
 	$config=new Config();

dc_stats.php

@@ -9,7 +9,7 @@
 	$dev=new Device();
 
 	//setting airflow
-	if(isset($_POST["cabinetid"]) && isset($_POST["airflow"]) && $user->SiteAdmin){
+	if(isset($_POST["cabinetid"]) && isset($_POST["airflow"]) && $person->SiteAdmin){
 		$cab->CabinetID=$_POST["cabinetid"];
 		if ($cab->GetCabinet()){
 			if ($cab->CabRowID>0 && isset($_POST["row"]) && $_POST["row"]=="true"){
@@ -273,7 +273,7 @@ function opentree(){
 			}
 		}
 <?php
-	if ( $user->SiteAdmin ) {
+	if ( $person->SiteAdmin ) {
 		// Only Site Administrators should even have the option to change the air flow
 ?>
 		// Bind context menu to the cabinets

departments.php

@@ -4,7 +4,7 @@
 
 	$subheader=__("Data Center Department Detail");
 
-	if(!$user->ContactAdmin){
+	if(!$person->ContactAdmin){
 		// No soup for you.
 		header('Location: '.redirect());
 		exit;

dept_groups.php

@@ -2,7 +2,7 @@
 	require_once( "db.inc.php" );
 	require_once( "facilities.inc.php" );
 
-	if(!$user->ContactAdmin){
+	if(!$person->ContactAdmin){
 		// No soup for you.
 		header('Location: '.redirect());
 		exit;

device_manufacturers.php

@@ -4,7 +4,7 @@
 
 	$subheader=__("Data Center Manufacturer Listing");
 
-	if(!$user->SiteAdmin){
+	if(!$person->SiteAdmin){
 		// No soup for you.
 		header('Location: '.redirect());
 		exit;

device_templates.php

@@ -31,7 +31,7 @@
 		exit;
 	}
 
-	if(!$user->WriteAccess){
+	if(!$person->WriteAccess){
 		// No soup for you.
 		header('Location: '.redirect());
 		exit;