This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
1 | <?php declare(strict_types=1); |
||||
2 | |||||
3 | /* |
||||
4 | * You may not change or alter any portion of this comment or credits |
||||
5 | * of supporting developers from this source code or any supporting source code |
||||
6 | * which is considered copyrighted (c) material of the original comment or credit authors. |
||||
7 | * |
||||
8 | * This program is distributed in the hope that it will be useful, |
||||
9 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
10 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
||||
11 | */ |
||||
12 | |||||
13 | /** |
||||
14 | * @copyright {@link https://xoops.org/ XOOPS Project} |
||||
15 | * @license {@link https://www.gnu.org/licenses/gpl-2.0.html GNU GPL 2 or later} |
||||
16 | * @author Brian Wahoff <[email protected]> |
||||
17 | * @author Eric Juden <[email protected]> |
||||
18 | * @author XOOPS Development Team |
||||
19 | */ |
||||
20 | |||||
21 | use Xmf\Module\Admin; |
||||
22 | use Xmf\Request; |
||||
23 | use XoopsModules\Xhelp; |
||||
24 | |||||
25 | require_once __DIR__ . '/admin_header.php'; |
||||
26 | // require_once XHELP_CLASS_PATH . '/PageNav.php'; |
||||
27 | |||||
28 | global $xoopsModule; |
||||
29 | |||||
30 | $helper = Xhelp\Helper::getInstance(); |
||||
31 | |||||
32 | $xhelp_id = 0; |
||||
33 | $module_id = $xoopsModule->getVar('mid'); |
||||
34 | $displayName = $helper->getConfig('xhelp_displayName'); // Determines if username or real name is displayed |
||||
35 | |||||
36 | $aLimitByS = ['10' => 10, '15' => 15, '20' => 20, '25' => 25, '50' => 50, '100' => 100]; |
||||
37 | $aLimitByD = ['1' => 1, '2' => 2, '3' => 3, '4' => 4, '5' => 5, '10' => 10]; |
||||
38 | |||||
39 | if (isset($_REQUEST['op'])) { |
||||
40 | $op = Request::getString('op', 'default', 'REQUEST'); |
||||
41 | } |
||||
42 | |||||
43 | switch ($op) { |
||||
44 | case 'addRole': |
||||
45 | addRole(); |
||||
46 | break; |
||||
47 | case 'clearOrphanedStaff': |
||||
48 | clearOrphanedStaff(); |
||||
49 | break; |
||||
50 | case 'clearRoles': |
||||
51 | clearRoles(); |
||||
52 | break; |
||||
53 | case 'customDept': |
||||
54 | customDept(); |
||||
55 | break; |
||||
56 | case 'editRole': |
||||
57 | editRole(); |
||||
58 | break; |
||||
59 | case 'editStaff': |
||||
60 | editStaff(); |
||||
61 | break; |
||||
62 | case 'manageStaff': |
||||
63 | manageStaff(); |
||||
64 | break; |
||||
65 | default: |
||||
66 | $helper->redirect('admin/index.php'); |
||||
67 | break; |
||||
68 | } |
||||
69 | |||||
70 | function addRole() |
||||
71 | { |
||||
72 | // require_once XHELP_CLASS_PATH . '/session.php'; |
||||
73 | $session = Xhelp\Session::getInstance(); |
||||
74 | $helper = Xhelp\Helper::getInstance(); |
||||
75 | |||||
76 | if (isset($_POST['add'])) { |
||||
77 | /** @var \XoopsModules\Xhelp\RoleHandler $roleHandler */ |
||||
78 | $roleHandler = $helper->getHandler('Role'); |
||||
79 | |||||
80 | /** @var \XoopsModules\Xhelp\Role $role */ |
||||
81 | $role = $roleHandler->create(); |
||||
82 | $role->setVar('name', \Xmf\Request::getString('roleName', '', 'POST')); |
||||
83 | $role->setVar('description', \Xmf\Request::getString('roleDescription', '', 'POST')); |
||||
84 | if (Request::hasVar('tasks', 'POST')) { |
||||
85 | $tasksValue = array_sum($_POST['tasks']); |
||||
86 | } else { |
||||
87 | $tasksValue = 0; |
||||
88 | } |
||||
89 | $role->setVar('tasks', $tasksValue); |
||||
90 | |||||
91 | $lastPage = $session->get('xhelp_return_op'); |
||||
92 | |||||
93 | if ($roleHandler->insert($role)) { |
||||
94 | $message = _AM_XHELP_MESSAGE_ROLE_INSERT; |
||||
0 ignored issues
–
show
Unused Code
introduced
by
![]() |
|||||
95 | $helper->redirect("staff.php?op=$lastPage"); |
||||
96 | } else { |
||||
97 | $message = _AM_XHELP_MESSAGE_ROLE_INSERT_ERROR; |
||||
98 | $helper->redirect("staff.php?op=$lastPage", 3, $message); |
||||
99 | } |
||||
100 | } else { |
||||
101 | // Set array of security items |
||||
102 | $tasks = [ |
||||
103 | XHELP_SEC_TICKET_ADD => _AM_XHELP_SEC_TEXT_TICKET_ADD, |
||||
104 | XHELP_SEC_TICKET_EDIT => _AM_XHELP_SEC_TEXT_TICKET_EDIT, |
||||
105 | XHELP_SEC_TICKET_DELETE => _AM_XHELP_SEC_TEXT_TICKET_DELETE, |
||||
106 | XHELP_SEC_TICKET_MERGE => _AM_XHELP_SEC_TEXT_TICKET_MERGE, |
||||
107 | XHELP_SEC_TICKET_OWNERSHIP => _AM_XHELP_SEC_TEXT_TICKET_OWNERSHIP, |
||||
108 | XHELP_SEC_TICKET_STATUS => _AM_XHELP_SEC_TEXT_TICKET_STATUS, |
||||
109 | XHELP_SEC_TICKET_PRIORITY => _AM_XHELP_SEC_TEXT_TICKET_PRIORITY, |
||||
110 | XHELP_SEC_TICKET_LOGUSER => _AM_XHELP_SEC_TEXT_TICKET_LOGUSER, |
||||
111 | XHELP_SEC_RESPONSE_ADD => _AM_XHELP_SEC_TEXT_RESPONSE_ADD, |
||||
112 | XHELP_SEC_RESPONSE_EDIT => _AM_XHELP_SEC_TEXT_RESPONSE_EDIT, |
||||
113 | XHELP_SEC_FILE_DELETE => _AM_XHELP_SEC_TEXT_FILE_DELETE, |
||||
114 | XHELP_SEC_FAQ_ADD => _AM_XHELP_SEC_TEXT_FAQ_ADD, |
||||
115 | XHELP_SEC_TICKET_TAKE_OWNERSHIP => _AM_XHELP_SEC_TEXT_TICKET_TAKE_OWNERSHIP, |
||||
116 | ]; |
||||
117 | xoops_cp_header(); |
||||
118 | //echo $oAdminButton->renderButtons('manStaff'); |
||||
119 | $adminObject = Admin::getInstance(); |
||||
120 | $adminObject->displayNavigation('staff.php?op=addRole'); |
||||
121 | |||||
122 | echo '<script type="text/javascript" src="' . XOOPS_URL . '/modules/xhelp/include/functions.js"></script>'; |
||||
123 | echo "<form action='staff.php?op=addRole' method='post'>"; |
||||
124 | echo $GLOBALS['xoopsSecurity']->getTokenHTML(); |
||||
125 | echo "<table width='100%' cellspacing='1' class='outer'>"; |
||||
126 | echo "<tr><th colspan='2'>" . _AM_XHELP_TEXT_CREATE_ROLE . '</th></tr>'; |
||||
127 | echo "<tr><td class='head'>" . _AM_XHELP_TEXT_NAME . "</td> |
||||
128 | <td class='even'><input type='text' name='roleName' maxlength='35' value='' class='formButton'></td> |
||||
129 | </tr>"; |
||||
130 | echo "<tr><td class='head'>" . _AM_XHELP_TEXT_DESCRIPTION . "</td> |
||||
131 | <td class='even'><textarea name='roleDescription' class='formButton'></textarea></td> |
||||
132 | </tr>"; |
||||
133 | echo "<tr><td class='head'>" . _AM_XHELP_TEXT_PERMISSIONS . "</td> |
||||
134 | <td class='even'> |
||||
135 | <table border='0'> |
||||
136 | <tr><td>"; |
||||
137 | foreach ($tasks as $bit_value => $task) { |
||||
138 | echo "<tr><td><input type='checkbox' name='tasks[]' value='" . (2 ** $bit_value) . "'>" . $task . '</td></tr>'; |
||||
139 | } |
||||
140 | echo "<tr><td><input type='checkbox' name='allTasks' value='0' onclick='selectAll(this.form,\"tasks[]\",this.checked);'><b>" . _AM_XHELP_TEXT_SELECT_ALL . '</b></td></tr>'; |
||||
141 | echo '</table> |
||||
142 | </td> |
||||
143 | </tr>'; |
||||
144 | echo "<tr> |
||||
145 | <td colspan='2' class='foot'> |
||||
146 | <input type='submit' name='add' value='" . _AM_XHELP_BUTTON_CREATE_ROLE . "' class='formButton'> |
||||
147 | <input type='button' name='cancel' value='" . _AM_XHELP_BUTTON_CANCEL . "' onclick='history.go(-1)' class='formButton'> |
||||
148 | </td> |
||||
149 | </tr>"; |
||||
150 | echo '</table></form>'; |
||||
151 | require_once __DIR__ . '/admin_footer.php'; |
||||
152 | } |
||||
153 | } |
||||
154 | |||||
155 | function clearOrphanedStaff() |
||||
156 | { |
||||
157 | $helper = Xhelp\Helper::getInstance(); |
||||
158 | /** @var \XoopsMemberHandler $memberHandler */ |
||||
159 | $memberHandler = xoops_getHandler('member'); |
||||
160 | /** @var \XoopsModules\Xhelp\StaffHandler $staffHandler */ |
||||
161 | $staffHandler = $helper->getHandler('Staff'); |
||||
162 | $users = $memberHandler->getUserList(); |
||||
163 | $staff = $staffHandler->getObjects(); |
||||
164 | $helper = Xhelp\Helper::getInstance(); |
||||
165 | |||||
166 | $aUsers = []; |
||||
167 | foreach ($staff as $stf) { |
||||
168 | $staff_uid = $stf->getVar('uid'); |
||||
169 | if (!array_key_exists($staff_uid, $users)) { |
||||
170 | $aUsers[$staff_uid] = $staff_uid; |
||||
171 | } |
||||
172 | } |
||||
173 | |||||
174 | $criteria = new \Criteria('uid', '(' . implode(',', $aUsers) . ')', 'IN'); |
||||
175 | $ret = $staffHandler->deleteAll($criteria); |
||||
176 | |||||
177 | if ($ret) { |
||||
178 | $helper->redirect('admin/staff.php?op=manageStaff'); |
||||
179 | } else { |
||||
180 | $helper->redirect('admin/staff.php?op=manageStaff', 3, _AM_XHELP_MSG_CLEAR_ORPHANED_ERR); |
||||
181 | } |
||||
182 | } |
||||
183 | |||||
184 | function clearRoles() |
||||
185 | { |
||||
186 | // require_once XHELP_CLASS_PATH . '/session.php'; |
||||
187 | $session = Xhelp\Session::getInstance(); |
||||
188 | $helper = Xhelp\Helper::getInstance(); |
||||
189 | |||||
190 | /** @var \XoopsModules\Xhelp\DepartmentHandler $departmentHandler */ |
||||
191 | $departmentHandler = $helper->getHandler('Department'); |
||||
192 | $depts = $departmentHandler->getObjects(); |
||||
193 | |||||
194 | foreach ($depts as $dept) { |
||||
195 | $deptid = $dept->getVar('id'); |
||||
196 | $deptRoles = $session->get("xhelp_dept_$deptid"); |
||||
197 | if ($deptRoles) { |
||||
198 | $session->del("xhelp_dept_$deptid"); |
||||
199 | } |
||||
200 | } |
||||
201 | |||||
202 | if (!$returnPage = $session->get('xhelp_return_page')) { |
||||
203 | $returnPage = false; |
||||
204 | } |
||||
205 | |||||
206 | $session->del('xhelp_return_page'); |
||||
207 | $session->del('xhelp_mainRoles'); |
||||
208 | $session->del('xhelp_mainDepts'); |
||||
209 | $session->del('xhelp_return_op'); |
||||
210 | |||||
211 | if ($returnPage) { |
||||
212 | $helper->redirect((string)$returnPage); |
||||
213 | } else { |
||||
214 | $helper->redirect('admin/staff.php?op=manageStaff'); |
||||
215 | } |
||||
216 | } |
||||
217 | |||||
218 | function customDept() |
||||
219 | { |
||||
220 | // require_once XHELP_CLASS_PATH . '/session.php'; |
||||
221 | $session = Xhelp\Session::getInstance(); |
||||
222 | global $xoopsUser, $displayName; |
||||
223 | $helper = Xhelp\Helper::getInstance(); |
||||
224 | |||||
225 | $lastPage = $session->get('xhelp_return_op'); |
||||
226 | |||||
227 | $uid = Request::getInt('uid', 0, 'REQUEST'); |
||||
228 | $deptid = 0; |
||||
229 | if (0 == $uid) { |
||||
230 | $helper->redirect("admin/staff.php?op=$lastPage", 3, _AM_XHELP_MSG_NEED_UID); |
||||
231 | } |
||||
232 | if (Request::hasVar('deptid', 'REQUEST')) { |
||||
233 | $deptid = Request::getInt('deptid', 0, 'REQUEST'); |
||||
234 | } |
||||
235 | |||||
236 | if (isset($_POST['submit'])) { |
||||
237 | /** @var \XoopsModules\Xhelp\RoleHandler $roleHandler */ |
||||
238 | $roleHandler = $helper->getHandler('Role'); |
||||
239 | |||||
240 | if (Request::hasVar('roles', 'POST')) { |
||||
241 | foreach ($_POST['roles'] as $role) { |
||||
242 | $thisRole = $roleHandler->get($role); |
||||
243 | $aRoleNames[] = $thisRole->getVar('name'); |
||||
244 | } |
||||
245 | } |
||||
246 | |||||
247 | $session->set("xhelp_dept_$deptid", // Store roles for customized dept |
||||
248 | [ |
||||
249 | 'id' => $deptid, |
||||
250 | 'roles' => !empty($_POST['roles']) ? $_POST['roles'] : -1, |
||||
251 | 'roleNames' => !empty($aRoleNames) ? $aRoleNames : -1, |
||||
252 | ]); |
||||
253 | |||||
254 | $xhelp_has_deptRoles = false; |
||||
255 | $hasRoles = $session->get("xhelp_dept_$deptid"); |
||||
256 | if ($hasRoles) { |
||||
257 | $xhelp_has_deptRoles = true; |
||||
258 | if (-1 == $hasRoles['roles']) { // No perms for this dept |
||||
259 | //$session->del("xhelp_dept_$deptid"); // Delete custom roles for dept |
||||
260 | $xhelp_has_deptRoles = false; |
||||
261 | } |
||||
262 | } |
||||
263 | |||||
264 | [$mainDepts] = $session->get('xhelp_mainDepts'); |
||||
265 | if ($mainDepts) { |
||||
266 | if ($xhelp_has_deptRoles) { // If dept has roles |
||||
267 | if (!in_array($deptid, $mainDepts)) { // Does dept already exist in array? |
||||
268 | $mainDepts[] = $deptid; // Add dept to array |
||||
269 | $session->set('xhelp_mainDepts', $mainDepts); // Set session with new dept value |
||||
270 | } |
||||
271 | } else { |
||||
272 | // Unset element in array with current dept value |
||||
273 | foreach ($mainDepts as $dept) { |
||||
274 | if ($dept == $deptid) { |
||||
275 | unset($dept); |
||||
276 | } |
||||
277 | } |
||||
278 | $session->set('xhelp_mainDepts', $mainDepts); |
||||
279 | } |
||||
280 | // If mainDepts is not set |
||||
281 | } elseif ($xhelp_has_deptRoles) { // If dept has any roles |
||||
282 | $session->set('xhelp_mainDepts', [$deptid]); |
||||
283 | } |
||||
284 | |||||
285 | if (!$lastPage = $session->get('xhelp_return_op2')) { |
||||
286 | $lastPage = $session->get('xhelp_return_op'); |
||||
287 | } |
||||
288 | $helper->redirect("admin/staff.php?op=$lastPage&uid=$uid"); |
||||
289 | } else { |
||||
290 | if (Request::hasVar('addRole', 'POST')) { |
||||
291 | $session->set('xhelp_return_op2', $lastPage); |
||||
292 | $session->set('xhelp_return_op', mb_substr(mb_strstr($_SERVER['REQUEST_URI'], 'op='), 3)); |
||||
293 | $helper->redirect('admin/staff.php?op=addRole'); |
||||
294 | } |
||||
295 | |||||
296 | if (Request::hasVar('xhelp_role', 'GET')) { |
||||
297 | $aRoles = explode(',', $_GET['xhelp_role']); |
||||
298 | foreach ($aRoles as $role) { |
||||
299 | $role = (int)$role; |
||||
0 ignored issues
–
show
|
|||||
300 | } |
||||
301 | $session->set('xhelp_mainRoles', $aRoles); // Store roles from the manage staff page |
||||
302 | } |
||||
303 | |||||
304 | if (Request::hasVar('xhelp_depts', 'GET')) { |
||||
305 | $aDepts = explode(',', $_GET['xhelp_depts']); |
||||
306 | foreach ($aDepts as $dept) { |
||||
307 | $dept = (int)$dept; |
||||
0 ignored issues
–
show
|
|||||
308 | } |
||||
309 | $session->set('xhelp_mainDepts', $aDepts); // Store depts from the manage staff page |
||||
310 | } |
||||
311 | |||||
312 | /** @var \XoopsModules\Xhelp\DepartmentHandler $departmentHandler */ |
||||
313 | $departmentHandler = $helper->getHandler('Department'); |
||||
314 | /** @var \XoopsModules\Xhelp\RoleHandler $roleHandler */ |
||||
315 | $roleHandler = $helper->getHandler('Role'); |
||||
316 | |||||
317 | $dept = $departmentHandler->get($deptid); |
||||
318 | |||||
319 | $criteria = new \Criteria('', ''); |
||||
320 | $criteria->setOrder('ASC'); |
||||
321 | $criteria->setSort('name'); |
||||
322 | $roles = $roleHandler->getObjects($criteria); |
||||
323 | |||||
324 | $lastPage = $session->get('xhelp_return_op'); |
||||
325 | xoops_cp_header(); |
||||
326 | |||||
327 | echo '<script type="text/javascript" src="' . XOOPS_URL . '/modules/xhelp/include/functions.js"></script>'; |
||||
328 | echo "<form action='staff.php?op=customDept&deptid=" . $deptid . '&uid=' . $uid . "' method='post'>"; |
||||
329 | echo $GLOBALS['xoopsSecurity']->getTokenHTML(); |
||||
330 | echo "<table width='100%' cellspacing='1' class='outer'>"; |
||||
331 | echo "<tr><th colspan='2'>" . _AM_XHELP_TEXT_DEPT_PERMS . '</th></tr>'; |
||||
332 | echo "<tr><td class='head' width='20%'>" . _AM_XHELP_TEXT_USER . "</td> |
||||
333 | <td class='even'>" . Xhelp\Utility::getUsername($uid, $displayName) . '</td></tr>'; |
||||
334 | echo "<tr><td class='head'>" . _AM_XHELP_TEXT_DEPARTMENT . "</td> |
||||
335 | <td class='even'>" . $dept->getVar('department') . '</td></tr>'; |
||||
336 | echo "<tr><td class='head'>" . _AM_XHELP_TEXT_ROLES . "</td> |
||||
337 | <td class='even'><table width='75%'>"; |
||||
338 | |||||
339 | $bFound = false; |
||||
340 | $storedRoles = $session->get("xhelp_dept_$deptid"); |
||||
341 | if ($storedRoles) { // If editing previously customized dept |
||||
342 | foreach ($roles as $role) { |
||||
343 | if (-1 != $storedRoles['roles']) { |
||||
344 | foreach ($storedRoles['roles'] as $storedRole) { |
||||
345 | if ($role->getVar('id') == $storedRole) { |
||||
346 | $bFound = true; |
||||
347 | break; |
||||
348 | } |
||||
349 | |||||
350 | $bFound = false; |
||||
351 | } |
||||
352 | } |
||||
353 | if ($bFound) { |
||||
354 | echo "<tr><td><input type='checkbox' name='roles[]' checked value='" . $role->getVar('id') . "'><a href='staff.php?op=editRole&id=" . $role->getVar('id') . '&uid=' . $uid . "'>" . $role->getVar('name') . '</a> - ' . $role->getVar('description') . '</td></tr>'; |
||||
355 | } else { |
||||
356 | echo "<tr><td><input type='checkbox' name='roles[]' value='" . $role->getVar('id') . "'><a href='staff.php?op=editRole&id=" . $role->getVar('id') . '&uid=' . $uid . "'>" . $role->getVar('name') . '</a> - ' . $role->getVar('description') . '</td></tr>'; |
||||
357 | } |
||||
358 | } |
||||
359 | } elseif ($mainRoles = $session->get('xhelp_mainRoles')) { // If roles set on manage staff page |
||||
360 | foreach ($roles as $role) { |
||||
361 | if (in_array($role->getVar('id'), $mainRoles)) { |
||||
0 ignored issues
–
show
It seems like
$mainRoles can also be of type string and true ; however, parameter $haystack of in_array() does only seem to accept array , maybe add an additional type check?
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
![]() |
|||||
362 | echo "<tr><td><input type='checkbox' name='roles[]' value='" . $role->getVar('id') . "' checked><a href='staff.php?op=editRole&id=" . $role->getVar('id') . '&uid=' . $uid . "'>" . $role->getVar('name') . '</a> - ' . $role->getVar('description') . '</td></tr>'; |
||||
363 | } else { |
||||
364 | echo "<tr><td><input type='checkbox' name='roles[]' value='" . $role->getVar('id') . "'><a href='staff.php?op=editRole&id=" . $role->getVar('id') . '&uid=' . $uid . "'>" . $role->getVar('name') . '</a> - ' . $role->getVar('description') . '</td></tr>'; |
||||
365 | } |
||||
366 | } |
||||
367 | } elseif ('editStaff' === $lastPage && (!$storedRoles = $session->get("xhelp_dept_$deptid"))) { |
||||
0 ignored issues
–
show
|
|||||
368 | /** @var \XoopsModules\Xhelp\StaffHandler $staffHandler */ |
||||
369 | $staffHandler = $helper->getHandler('Staff'); |
||||
370 | $myRoles = $staffHandler->getRolesByDept($uid, $deptid); |
||||
371 | |||||
372 | $bFound = false; |
||||
373 | foreach ($roles as $role) { |
||||
374 | if (!empty($myRoles)) { |
||||
375 | foreach ($myRoles as $myRole) { |
||||
376 | if ($role->getVar('id') == $myRole->getVar('roleid')) { |
||||
377 | $bFound = true; |
||||
378 | break; |
||||
379 | } |
||||
380 | |||||
381 | $bFound = false; |
||||
382 | } |
||||
383 | } |
||||
384 | if ($bFound) { |
||||
385 | echo "<tr><td><input type='checkbox' name='roles[]' checked value='" . $role->getVar('id') . "'><a href='staff.php?op=editRole&id=" . $role->getVar('id') . '&uid=' . $uid . "'>" . $role->getVar('name') . '</a> - ' . $role->getVar('description') . '</td></tr>'; |
||||
386 | } else { |
||||
387 | echo "<tr><td><input type='checkbox' name='roles[]' value='" . $role->getVar('id') . "'><a href='staff.php?op=editRole&id=" . $role->getVar('id') . '&uid=' . $uid . "'>" . $role->getVar('name') . '</a> - ' . $role->getVar('description') . '</td></tr>'; |
||||
388 | } |
||||
389 | } |
||||
390 | } else { |
||||
391 | foreach ($roles as $role) { // If no roles set |
||||
392 | echo "<tr><td><input type='checkbox' name='roles[]' value='" . $role->getVar('id') . "'><a href='staff.php?op=editRole&id=" . $role->getVar('id') . '&uid=' . $uid . "'>" . $role->getVar('name') . '</a> - ' . $role->getVar('description') . '</td></tr>'; |
||||
393 | } |
||||
394 | } |
||||
395 | echo "<tr><td><input type='checkbox' name='checkallRoles' value='0' onclick='selectAll(this.form,\"roles[]\",this.checked);'><b>" . _AM_XHELP_TEXT_SELECT_ALL . '</b></td></tr>'; |
||||
396 | echo '</table></td></tr>'; |
||||
397 | echo "<tr><td colspan='2' class='foot'> |
||||
398 | <input type='submit' name='submit' value='" . _AM_XHELP_BUTTON_UPDATE . "' class='formButton'> |
||||
399 | <input type='submit' name='addRole' value='" . _AM_XHELP_BUTTON_CREATE_ROLE . "' class='formButton'> |
||||
400 | <input type='button' name='cancel' value='" . _AM_XHELP_BUTTON_CANCEL . "' onclick='history.go(-1)' class='formButton'> |
||||
401 | </td> |
||||
402 | </tr>"; |
||||
403 | echo '</table>'; |
||||
404 | require_once __DIR__ . '/admin_footer.php'; |
||||
405 | } |
||||
406 | } |
||||
407 | |||||
408 | /** |
||||
409 | * @param int|string $xhelp_id |
||||
410 | * @param string $return_op |
||||
411 | */ |
||||
412 | function deleteRole($xhelp_id, string $return_op) |
||||
413 | { |
||||
414 | $xhelp_id = (int)$xhelp_id; |
||||
415 | $helper = Xhelp\Helper::getInstance(); |
||||
416 | |||||
417 | /** @var \XoopsModules\Xhelp\RoleHandler $roleHandler */ |
||||
418 | $roleHandler = $helper->getHandler('Role'); |
||||
419 | $role = $roleHandler->get($xhelp_id); |
||||
420 | |||||
421 | if ($roleHandler->delete($role, true)) { |
||||
422 | $message = _AM_XHELP_MESSAGE_ROLE_DELETE; |
||||
0 ignored issues
–
show
|
|||||
423 | $helper->redirect("admin/staff.php?op=$return_op"); |
||||
424 | } else { |
||||
425 | $message = _AM_XHELP_MESSAGE_ROLE_DELETE_ERROR; |
||||
426 | $helper->redirect("admin/staff.php?op=$return_op", 3, $message); |
||||
427 | } |
||||
428 | } |
||||
429 | |||||
430 | function editRole() |
||||
431 | { |
||||
432 | // require_once XHELP_CLASS_PATH . '/session.php'; |
||||
433 | $session = Xhelp\Session::getInstance(); |
||||
434 | $helper = Xhelp\Helper::getInstance(); |
||||
435 | |||||
436 | $lastPage = $session->get('xhelp_return_op'); |
||||
437 | $xhelp_id = 0; |
||||
438 | |||||
439 | if (Request::hasVar('id', 'REQUEST')) { |
||||
440 | $xhelp_id = Request::getInt('id', 0, 'REQUEST'); |
||||
441 | } |
||||
442 | |||||
443 | $uid = Request::getInt('uid', 0, 'REQUEST'); |
||||
444 | |||||
445 | /** @var \XoopsModules\Xhelp\RoleHandler $roleHandler */ |
||||
446 | $roleHandler = $helper->getHandler('Role'); |
||||
447 | $role = $roleHandler->get($xhelp_id); |
||||
448 | |||||
449 | if (Request::hasVar('deleteRole', 'POST')) { |
||||
450 | deleteRole($xhelp_id, 'manageStaff'); |
||||
451 | exit(); |
||||
0 ignored issues
–
show
|
|||||
452 | } |
||||
453 | |||||
454 | if (isset($_POST['edit'])) { |
||||
455 | $role->setVar('name', \Xmf\Request::getString('roleName', '', 'POST')); |
||||
456 | $role->setVar('description', \Xmf\Request::getString('roleDescription', '', 'POST')); |
||||
457 | if (Request::hasVar('tasks', 'POST')) { |
||||
458 | $tasksValue = array_sum($_POST['tasks']); |
||||
459 | } else { |
||||
460 | $tasksValue = 0; |
||||
461 | } |
||||
462 | $role->setVar('tasks', $tasksValue); |
||||
463 | |||||
464 | if (!$lastPage = $session->get('xhelp_return_op2')) { |
||||
465 | $lastPage = $session->get('xhelp_return_op'); |
||||
466 | } |
||||
467 | |||||
468 | if ($roleHandler->insert($role)) { |
||||
469 | Xhelp\Utility::resetStaffUpdatedTime(); |
||||
470 | |||||
471 | $message = _AM_XHELP_MESSAGE_ROLE_UPDATE; |
||||
0 ignored issues
–
show
|
|||||
472 | $helper->redirect("admin/staff.php?op=$lastPage&uid=$uid"); |
||||
473 | } else { |
||||
474 | $message = _AM_XHELP_MESSAGE_ROLE_UPDATE_ERROR; |
||||
475 | $helper->redirect("admin/staff.php?op=$lastPage&uid=$uid", 3, $message); |
||||
476 | } |
||||
477 | } else { |
||||
478 | $session->set('xhelp_return_op2', $lastPage); |
||||
479 | $session->set('xhelp_return_op', mb_substr(mb_strstr($_SERVER['REQUEST_URI'], 'op='), 3)); |
||||
480 | |||||
481 | // Set array of security items |
||||
482 | $tasks = [ |
||||
483 | XHELP_SEC_TICKET_ADD => _AM_XHELP_SEC_TEXT_TICKET_ADD, |
||||
484 | XHELP_SEC_TICKET_EDIT => _AM_XHELP_SEC_TEXT_TICKET_EDIT, |
||||
485 | XHELP_SEC_TICKET_DELETE => _AM_XHELP_SEC_TEXT_TICKET_DELETE, |
||||
486 | XHELP_SEC_TICKET_OWNERSHIP => _AM_XHELP_SEC_TEXT_TICKET_OWNERSHIP, |
||||
487 | XHELP_SEC_TICKET_STATUS => _AM_XHELP_SEC_TEXT_TICKET_STATUS, |
||||
488 | XHELP_SEC_TICKET_PRIORITY => _AM_XHELP_SEC_TEXT_TICKET_PRIORITY, |
||||
489 | XHELP_SEC_TICKET_LOGUSER => _AM_XHELP_SEC_TEXT_TICKET_LOGUSER, |
||||
490 | XHELP_SEC_RESPONSE_ADD => _AM_XHELP_SEC_TEXT_RESPONSE_ADD, |
||||
491 | XHELP_SEC_RESPONSE_EDIT => _AM_XHELP_SEC_TEXT_RESPONSE_EDIT, |
||||
492 | XHELP_SEC_TICKET_MERGE => _AM_XHELP_SEC_TEXT_TICKET_MERGE, |
||||
493 | XHELP_SEC_FILE_DELETE => _AM_XHELP_SEC_TEXT_FILE_DELETE, |
||||
494 | XHELP_SEC_FAQ_ADD => _AM_XHELP_SEC_TEXT_FAQ_ADD, |
||||
495 | XHELP_SEC_TICKET_TAKE_OWNERSHIP => _AM_XHELP_SEC_TEXT_TICKET_TAKE_OWNERSHIP, |
||||
496 | ]; |
||||
497 | xoops_cp_header(); |
||||
498 | //echo $oAdminButton->renderButtons('manStaff'); |
||||
499 | $adminObject = Admin::getInstance(); |
||||
500 | $adminObject->displayNavigation('staff.php?op=editRole'); |
||||
501 | |||||
502 | echo '<script type="text/javascript" src="' . XOOPS_URL . '/modules/xhelp/include/functions.js"></script>'; |
||||
503 | echo "<form action='staff.php?op=editRole&id=" . $xhelp_id . '&uid=' . $uid . "' method='post'>"; |
||||
504 | echo $GLOBALS['xoopsSecurity']->getTokenHTML(); |
||||
505 | echo "<table width='100%' cellspacing='1' class='outer'>"; |
||||
506 | echo "<tr><th colspan='2'>" . _AM_XHELP_TEXT_EDIT_ROLE . '</th></tr>'; |
||||
507 | echo "<tr><td class='head'>" . _AM_XHELP_TEXT_NAME . "</td> |
||||
508 | <td class='even'><input type='text' name='roleName' maxlength='35' value='" . $role->getVar('name') . "' class='formButton'></td> |
||||
509 | </tr>"; |
||||
510 | echo "<tr><td class='head'>" . _AM_XHELP_TEXT_DESCRIPTION . "</td> |
||||
511 | <td class='even'><textarea name='roleDescription' class='formButton'>" . $role->getVar('description') . '</textarea></td> |
||||
512 | </tr>'; |
||||
513 | echo "<tr><td class='head'>" . _AM_XHELP_TEXT_PERMISSIONS . "</td> |
||||
514 | <td class='even'> |
||||
515 | <table border='0'> |
||||
516 | <tr><td>"; |
||||
517 | foreach ($tasks as $bit_value => $task) { |
||||
518 | if (($role->getVar('tasks') & (2 ** $bit_value)) > 0) { |
||||
519 | echo "<tr><td><input type='checkbox' name='tasks[]' value='" . (2 ** $bit_value) . "' checked>" . $task . '</td></tr>'; |
||||
520 | } else { |
||||
521 | echo "<tr><td><input type='checkbox' name='tasks[]' value='" . (2 ** $bit_value) . "'>" . $task . '</td></tr>'; |
||||
522 | } |
||||
523 | } |
||||
524 | echo "<tr><td><input type='checkbox' name='allTasks' value='0' onclick='selectAll(this.form,\"tasks[]\",this.checked);'><b>" . _AM_XHELP_TEXT_SELECT_ALL . '</b></td></tr>'; |
||||
525 | echo '</table> |
||||
526 | </td> |
||||
527 | </tr>'; |
||||
528 | echo "<tr> |
||||
529 | <td colspan='2' class='foot'> |
||||
530 | <input type='submit' name='edit' value='" . _AM_XHELP_BUTTON_UPDATE . "' class='formButton'> |
||||
531 | <input type='button' name='cancel' value='" . _AM_XHELP_BUTTON_CANCEL . "' onclick='history.go(-1)' class='formButton'> |
||||
532 | <input type='submit' name='deleteRole' value='" . _AM_XHELP_BUTTON_DELETE . "' class='formButton'> |
||||
533 | |||||
534 | </td> |
||||
535 | </tr>"; |
||||
536 | echo '</table></form>'; |
||||
537 | require_once __DIR__ . '/admin_footer.php'; |
||||
538 | } |
||||
539 | } |
||||
540 | |||||
541 | function editStaff() |
||||
542 | { |
||||
543 | global $_POST, $_GET, $xoopsModule, $xoopsUser, $displayName; |
||||
544 | // require_once XHELP_CLASS_PATH . '/session.php'; |
||||
545 | $session = Xhelp\Session::getInstance(); |
||||
546 | $helper = Xhelp\Helper::getInstance(); |
||||
547 | |||||
548 | if (Request::hasVar('uid', 'REQUEST')) { |
||||
549 | $uid = Request::getInt('uid', 0); |
||||
550 | } |
||||
551 | /* |
||||
552 | if (\Xmf\Request::hasVar('user', 'REQUEST')) { // Remove me |
||||
553 | $uid = $_REQUEST['user']; |
||||
554 | } |
||||
555 | */ |
||||
556 | if (Request::hasVar('clearRoles', 'POST')) { |
||||
557 | $helper->redirect('admin/staff.php?op=clearRoles'); |
||||
558 | } |
||||
559 | |||||
560 | $session->set('xhelp_return_op', 'editStaff'); |
||||
561 | |||||
562 | if (isset($_POST['updateStaff'])) { |
||||
563 | $uid = Request::getInt('uid', 0, 'POST'); |
||||
564 | $depts = $_POST['departments']; |
||||
565 | $roles = $_POST['roles']; |
||||
566 | $custroles = $_POST['custrole']; |
||||
567 | |||||
568 | /** @var \XoopsModules\Xhelp\StaffHandler $staffHandler */ |
||||
569 | $staffHandler = $helper->getHandler('Staff'); |
||||
570 | /** @var \XoopsModules\Xhelp\MembershipHandler $membershipHandler */ |
||||
571 | $membershipHandler = $helper->getHandler('Membership'); |
||||
572 | |||||
573 | //Remove existing dept membership |
||||
574 | if (!$membershipHandler->clearStaffMembership($uid)) { |
||||
575 | $message = _XHELP_MESSAGE_EDITSTAFF_NOCLEAR_ERROR; |
||||
576 | $helper->redirect('admin/staff.php?op=manageStaff', 3, $message); |
||||
577 | } |
||||
578 | |||||
579 | //Add staff member to selected depts |
||||
580 | if ($membershipHandler->addDeptToStaff($depts, $uid)) { |
||||
581 | $message = _XHELP_MESSAGE_EDITSTAFF; |
||||
582 | } else { |
||||
583 | $message = _XHELP_MESSAGE_EDITSTAFF_ERROR; |
||||
584 | } |
||||
585 | |||||
586 | //Clear Existing Staff Role Permissions |
||||
587 | $removedRoles = $staffHandler->removeStaffRoles($uid); |
||||
0 ignored issues
–
show
|
|||||
588 | |||||
589 | //Add Global Role Permissions |
||||
590 | foreach ($roles as $role) { |
||||
591 | $staffHandler->addStaffRole($uid, $role, 0); |
||||
592 | } |
||||
593 | |||||
594 | //Add Department Specific Roles |
||||
595 | foreach ($depts as $dept) { |
||||
596 | if ('' != $custroles[$dept]) { |
||||
597 | $dept_roles = explode(',', $custroles[$dept]); |
||||
598 | } else { |
||||
599 | $dept_roles = $roles; |
||||
600 | } |
||||
601 | |||||
602 | foreach ($dept_roles as $role) { |
||||
603 | $staffHandler->addStaffRole($uid, (int)$role, $dept); |
||||
604 | } |
||||
605 | } |
||||
606 | |||||
607 | $staff = $staffHandler->getByUid($uid); |
||||
608 | $staff->setVar('permTimestamp', time()); |
||||
609 | if (!$staffHandler->insert($staff)) { |
||||
0 ignored issues
–
show
It seems like
$staff can also be of type boolean ; however, parameter $object of XoopsPersistableObjectHandler::insert() does only seem to accept XoopsObject , maybe add an additional type check?
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
![]() |
|||||
610 | $message = _XHELP_MESSAGE_EDITSTAFF; |
||||
611 | } |
||||
612 | |||||
613 | $helper->redirect('admin/staff.php?op=clearRoles', 3, $message); |
||||
614 | } else { |
||||
615 | //xoops_cp_header(); |
||||
616 | /** @var \XoopsMemberHandler $memberHandler */ |
||||
617 | $memberHandler = xoops_getHandler('member'); // Get member handler |
||||
618 | $member = $memberHandler->getUser($uid); |
||||
0 ignored issues
–
show
Comprehensibility
Best Practice
introduced
by
|
|||||
619 | |||||
620 | /** @var \XoopsModules\Xhelp\RoleHandler $roleHandler */ |
||||
621 | $roleHandler = $helper->getHandler('Role'); |
||||
622 | $criteria = new \Criteria('', ''); |
||||
623 | $criteria->setOrder('ASC'); |
||||
624 | $criteria->setSort('name'); |
||||
625 | $roles = $roleHandler->getObjects($criteria, true); |
||||
626 | |||||
627 | /** @var \XoopsModules\Xhelp\DepartmentHandler $departmentHandler */ |
||||
628 | $departmentHandler = $helper->getHandler('Department'); // Get department handler |
||||
629 | $criteria = new \Criteria('', ''); |
||||
630 | $criteria->setSort('department'); |
||||
631 | $criteria->setOrder('ASC'); |
||||
632 | $total = $departmentHandler->getCount($criteria); |
||||
0 ignored issues
–
show
|
|||||
633 | $departmentInfo = $departmentHandler->getObjects($criteria); |
||||
634 | |||||
635 | /** @var \XoopsModules\Xhelp\StaffHandler $staffHandler */ |
||||
636 | $staffHandler = $helper->getHandler('Staff'); // Get staff handler |
||||
637 | $staff = $staffHandler->getByUid($uid); |
||||
638 | /** @var \XoopsModules\Xhelp\MembershipHandler $membershipHandler */ |
||||
639 | $membershipHandler = $helper->getHandler('Membership'); |
||||
640 | $staffDepts = $membershipHandler->membershipByStaff($uid); |
||||
641 | $staffRoles = $staff->getAllRoleRights(); |
||||
642 | $global_roles = (isset($staffRoles[0]['roles']) ? array_keys($staffRoles[0]['roles']) : []); //Get all Global Roles |
||||
643 | |||||
644 | $xhelp_depts = []; |
||||
645 | foreach ($staffDepts as $myDept) { |
||||
646 | $deptid = $myDept->getVar('id'); |
||||
647 | if (0 != $deptid) { |
||||
648 | $xhelp_depts[] = $deptid; |
||||
649 | } |
||||
650 | } |
||||
651 | $xhelp_depts = implode(',', $xhelp_depts); |
||||
652 | |||||
653 | //$myRoles =& $staffHandler->getRoles($staff->getVar('uid')); |
||||
654 | xoops_cp_header(); |
||||
655 | //echo $oAdminButton->renderButtons('manStaff'); |
||||
656 | $adminObject = Admin::getInstance(); |
||||
657 | $adminObject->displayNavigation('staff.php?op=editStaff'); |
||||
658 | |||||
659 | echo '<script type="text/javascript" src="' . XOOPS_URL . '/modules/xhelp/include/functions.js"></script>'; |
||||
660 | echo "<form name='frmEditStaff' method='post' action='staff.php?op=editStaff&uid=" . $uid . "'>"; |
||||
661 | echo "<table width='100%' border='0' cellspacing='1' class='outer'> |
||||
662 | <tr><th colspan='2'><label>" . _AM_XHELP_EDIT_STAFF . '</label></th></tr>'; |
||||
663 | echo "<tr><td class='head' width='20%'>" . _AM_XHELP_TEXT_USER . "</td> |
||||
664 | <td class='even'>" . Xhelp\Utility::getUsername($member, $displayName); |
||||
665 | echo '</td></tr>'; |
||||
666 | echo "<tr><td class='head'>" . _AM_XHELP_TEXT_ROLES . "</td> |
||||
667 | <td class='even'><table width='75%'>"; |
||||
668 | |||||
669 | foreach ($roles as $role) { |
||||
670 | $roleid = $role->getVar('id'); |
||||
671 | if (in_array($roleid, $global_roles)) { |
||||
672 | echo "<tr><td><input type='checkbox' name='roles[]' checked value='" |
||||
673 | . $role->getVar('id') |
||||
674 | . "' onclick=\"Xhelp\RoleCustOnClick('frmEditStaff', 'roles[]', 'xhelp_role', '&', 'xhelp_dept_cust');\"><a href='staff.php?op=editRole&id=" |
||||
675 | . $role->getVar('id') |
||||
676 | . '&uid=' |
||||
677 | . $uid |
||||
678 | . "'>" |
||||
679 | . $role->getVar('name') |
||||
680 | . '</a> - ' |
||||
681 | . $role->getVar('description') |
||||
682 | . '</td></tr>'; |
||||
683 | } else { |
||||
684 | $mainRoles = $session->get('xhelp_mainRoles'); |
||||
685 | if ($mainRoles) { |
||||
686 | if (in_array($roleid, $mainRoles)) { |
||||
0 ignored issues
–
show
It seems like
$mainRoles can also be of type string and true ; however, parameter $haystack of in_array() does only seem to accept array , maybe add an additional type check?
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
![]() |
|||||
687 | echo "<tr><td><input type='checkbox' name='roles[]' checked value='" |
||||
688 | . $role->getVar('id') |
||||
689 | . "' onclick=\"Xhelp\RoleCustOnClick('frmEditStaff', 'roles[]', 'xhelp_role', '&', 'xhelp_dept_cust');\"><a href='staff.php?op=editRole&id=" |
||||
690 | . $role->getVar('id') |
||||
691 | . '&uid=' |
||||
692 | . $uid |
||||
693 | . "'>" |
||||
694 | . $role->getVar('name') |
||||
695 | . '</a> - ' |
||||
696 | . $role->getVar('description') |
||||
697 | . '</td></tr>'; |
||||
698 | } else { |
||||
699 | echo "<tr><td><input type='checkbox' name='roles[]' value='" |
||||
700 | . $role->getVar('id') |
||||
701 | . "' onclick=\"Xhelp\RoleCustOnClick('frmEditStaff', 'roles[]', 'xhelp_role', '&', 'xhelp_dept_cust');\"><a href='staff.php?op=editRole&id=" |
||||
702 | . $role->getVar('id') |
||||
703 | . '&uid=' |
||||
704 | . $uid |
||||
705 | . "'>" |
||||
706 | . $role->getVar('name') |
||||
707 | . '</a> - ' |
||||
708 | . $role->getVar('description') |
||||
709 | . '</td></tr>'; |
||||
710 | } |
||||
711 | } else { |
||||
712 | echo "<tr><td><input type='checkbox' name='roles[]' value='" |
||||
713 | . $role->getVar('id') |
||||
714 | . "' onclick=\"Xhelp\RoleCustOnClick('frmEditStaff', 'roles[]', 'xhelp_role', '&', 'xhelp_dept_cust');\"><a href='staff.php?op=editRole&id=" |
||||
715 | . $role->getVar('id') |
||||
716 | . '&uid=' |
||||
717 | . $uid |
||||
718 | . "'>" |
||||
719 | . $role->getVar('name') |
||||
720 | . '</a> - ' |
||||
721 | . $role->getVar('description') |
||||
722 | . '</td></tr>'; |
||||
723 | } |
||||
724 | } |
||||
725 | } |
||||
726 | echo "<tr><td><input type='checkbox' name='checkallRoles' value='0' onclick='selectAll(this.form,\"roles[]\",this.checked); Xhelp\RoleCustOnClick(\"frmEditStaff\", \"roles[]\", \"xhelp_role\", \"&\", \"xhelp_dept_cust\");'><b>" . _AM_XHELP_TEXT_SELECT_ALL . '</b></td></tr>'; |
||||
727 | echo '</table></td></tr>'; |
||||
728 | echo "<tr><td class='head'>" . _AM_XHELP_TEXT_DEPARTMENTS . "</td> |
||||
729 | <td class='even'><table width='75%'>"; |
||||
730 | |||||
731 | // This block is used to append custom role names to each department |
||||
732 | foreach ($departmentInfo as $dept) { |
||||
733 | $deptid = $dept->getVar('id'); |
||||
734 | $deptname = $dept->getVar('department'); |
||||
735 | $inDept = false; //Is the user a member of the dept |
||||
736 | |||||
737 | $deptroleids = []; |
||||
738 | $deptrolenames = []; |
||||
739 | |||||
740 | $sess_roles = $session->get("xhelp_dept_$deptid"); |
||||
741 | if ($sess_roles) { //Customized roles stored in session? |
||||
742 | if (-1 != $sess_roles['roles']) { //Is the user assigned to any roles in the dept? |
||||
743 | $inDept = true; |
||||
744 | foreach ($sess_roles['roles'] as $roleid) { // Check if customized roles match global roles |
||||
745 | if (in_array($roleid, $global_roles)) { // If found role in global roles |
||||
746 | $deptroleids[] = $roleid; // Add role to array of checked roles |
||||
747 | } |
||||
748 | } |
||||
749 | $deptroleids = implode(',', $sess_roles['roles']); // Put all roles into 1 string separated by a ',' |
||||
750 | |||||
751 | //An empty string means dept roles match global roles |
||||
752 | if ('' !== $deptroleids) { //Customized Roles |
||||
753 | $deptrolenames = implode(', ', $sess_roles['roleNames']); |
||||
754 | } |
||||
755 | } else { //Not a member of the dept |
||||
756 | $inDept = false; |
||||
757 | } |
||||
758 | } elseif (isset($staffRoles[$deptid])) { //User has assigned dept roles |
||||
759 | $inDept = true; |
||||
760 | |||||
761 | if ($staffRoles[$deptid]['roles'] == $staffRoles[0]['roles']) { // If global roles same as dept roles |
||||
762 | // $deptrolenames = []; |
||||
763 | // $deptroleids = []; |
||||
764 | foreach ($staffRoles[$deptid]['roles'] as $roleid => $tasks) { |
||||
765 | if (isset($roles[$roleid])) { |
||||
766 | $deptroleids[] = $roleid; |
||||
767 | } |
||||
768 | } |
||||
769 | $deptroleids = implode(',', $deptroleids); |
||||
770 | $deptrolenames = ''; |
||||
771 | } else { |
||||
772 | // $deptrolenames = []; |
||||
773 | // $deptroleids = []; |
||||
774 | foreach ($staffRoles[$deptid]['roles'] as $roleid => $tasks) { |
||||
775 | if (isset($roles[$roleid])) { |
||||
776 | $deptroleids[] = $roleid; |
||||
777 | $deptrolenames[] = $roles[$roleid]->getVar('name'); |
||||
778 | } |
||||
779 | } |
||||
780 | $deptrolenames = implode(', ', $deptrolenames); |
||||
781 | $deptroleids = implode(',', $deptroleids); |
||||
782 | } |
||||
783 | } else { //Not a member of the dept |
||||
784 | $deptroleids = []; |
||||
785 | foreach ($staffRoles[0]['roles'] as $roleid => $tasks) { |
||||
786 | if (isset($roles[$roleid])) { |
||||
787 | $deptroleids[] = $roleid; |
||||
788 | } |
||||
789 | } |
||||
790 | $deptroleids = implode(',', $deptroleids); |
||||
791 | $deptrolenames = ''; |
||||
792 | |||||
793 | $inDept = false; |
||||
794 | } |
||||
795 | |||||
796 | //Should element be checked? |
||||
797 | $checked = ($inDept ? 'checked' : ''); |
||||
798 | |||||
799 | printf( |
||||
800 | "<tr><td><input type='checkbox' name='departments[]' value='%u' %s onclick=\"Xhelp\RoleCustOnClick('frmEditStaff', 'departments[]', 'xhelp_depts', '&', 'xhelp_dept_cust');\">%s [<a href='staff.php?op=customDept&deptid=%u&uid=%u&xhelp_role=%s&xhelp_depts=%s' class='xhelp_dept_cust'>Customize</a>] <i>%s</i><input type='hidden' name='custrole[%u]' value='%s'></td></tr>", |
||||
801 | $deptid, |
||||
802 | $checked, |
||||
803 | $deptname, |
||||
804 | $deptid, |
||||
805 | $uid, |
||||
806 | $deptroleids, |
||||
0 ignored issues
–
show
It seems like
$deptroleids can also be of type array ; however, parameter $values of printf() does only seem to accept double|integer|string , maybe add an additional type check?
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
![]() |
|||||
807 | $xhelp_depts, |
||||
808 | $deptrolenames, |
||||
809 | $deptid, |
||||
810 | $deptroleids |
||||
811 | ); |
||||
812 | } |
||||
813 | echo "<tr><td> |
||||
814 | <input type='checkbox' name='checkAll' value='0' onclick='selectAll(this.form,\"departments[]\", this.checked);Xhelp\RoleCustOnClick(\"frmEditStaff\", \"departments[]\", \"xhelp_depts\", \"&\", \"xhelp_dept_cust\");'><b>" . _AM_XHELP_TEXT_SELECT_ALL . '</b></td></tr>'; |
||||
815 | echo '<tr><td>'; |
||||
816 | echo '</td></tr>'; |
||||
817 | echo '</table>'; |
||||
818 | echo '</td></tr>'; |
||||
819 | echo "<tr><td colspan='2' class='foot'> |
||||
820 | <input type='hidden' name='uid' value='" . $uid . "'> |
||||
821 | <input type='submit' name='updateStaff' value='" . _AM_XHELP_BUTTON_UPDATESTAFF . "'> |
||||
822 | <input type='button' name='cancel' value='" . _AM_XHELP_BUTTON_CANCEL . "' onclick='history.go(-1)' class='formButton'> |
||||
823 | </td></tr>"; |
||||
824 | echo '</table></form>'; |
||||
825 | |||||
826 | require_once __DIR__ . '/admin_footer.php'; |
||||
827 | }//end if |
||||
828 | }//end function |
||||
829 | |||||
830 | function manageStaff() |
||||
831 | { |
||||
832 | global $xoopsModule, $xoopsUser, $displayName, $aLimitByS, $aLimitByD; |
||||
833 | // require_once XHELP_CLASS_PATH . '/session.php'; |
||||
834 | $session = Xhelp\Session::getInstance(); |
||||
835 | $session->del('xhelp_return_page'); |
||||
836 | $helper = Xhelp\Helper::getInstance(); |
||||
837 | |||||
838 | $start = $limit = 0; |
||||
839 | $dstart = $dlimit = 0; |
||||
840 | $staff_search = false; |
||||
841 | $dept_search = false; |
||||
842 | |||||
843 | if (Request::hasVar('addRole', 'POST')) { |
||||
844 | $helper->redirect('admin/staff.php?op=addRole'); |
||||
845 | } |
||||
846 | if (Request::hasVar('clearRoles', 'POST')) { |
||||
847 | $helper->redirect('admin/staff.php?op=clearRoles'); |
||||
848 | } |
||||
849 | |||||
850 | if (Request::hasVar('limit', 'REQUEST')) { |
||||
851 | $limit = Request::getInt('limit', 0, 'REQUEST'); |
||||
852 | } |
||||
853 | |||||
854 | if (Request::hasVar('start', 'REQUEST')) { |
||||
855 | $start = Request::getInt('start', 0, 'REQUEST'); |
||||
856 | } |
||||
857 | if (Request::hasVar('staff_search', 'REQUEST')) { |
||||
858 | $staff_search = $_REQUEST['staff_search']; |
||||
859 | } |
||||
860 | |||||
861 | if (Request::hasVar('dept_search', 'REQUEST')) { |
||||
862 | $dept_search = $_REQUEST['dept_search']; |
||||
863 | } |
||||
864 | |||||
865 | if (!$limit) { |
||||
866 | $limit = 20; |
||||
867 | } |
||||
868 | |||||
869 | if (Request::hasVar('dlimit', 'REQUEST')) { |
||||
870 | $dlimit = Request::getInt('dlimit', 0, 'REQUEST'); |
||||
871 | } |
||||
872 | |||||
873 | if (Request::hasVar('dstart', 'REQUEST')) { |
||||
874 | $dstart = Request::getInt('dstart', 0, 'REQUEST'); |
||||
875 | } |
||||
876 | |||||
877 | if (!$dlimit) { |
||||
878 | $dlimit = 10; |
||||
879 | } |
||||
880 | |||||
881 | $session->set('xhelp_return_op', 'manageStaff'); |
||||
882 | |||||
883 | if (isset($_POST['addStaff'])) { |
||||
884 | $uid = $_POST['user_id']; |
||||
885 | $depts = $_POST['departments']; |
||||
886 | $roles = $_POST['roles'] ?? null; |
||||
887 | //$selectAll = $_POST['selectall']; |
||||
888 | |||||
889 | /** @var \XoopsModules\Xhelp\StaffHandler $staffHandler */ |
||||
890 | $staffHandler = $helper->getHandler('Staff'); |
||||
891 | |||||
892 | if (null === $uid || '' == $uid) { |
||||
893 | $helper->redirect('admin/staff.php?op=manageStaff', 3, _AM_XHELP_STAFF_ERROR_USERS); |
||||
894 | } |
||||
895 | if (null === $depts) { |
||||
896 | $helper->redirect('admin/staff.php?op=manageStaff', 3, _AM_XHELP_STAFF_ERROR_DEPTARTMENTS); |
||||
897 | } |
||||
898 | if (null === $roles) { |
||||
899 | $helper->redirect('admin/staff.php?op=manageStaff', 3, _AM_XHELP_STAFF_ERROR_ROLES); |
||||
900 | } |
||||
901 | if ($staffHandler->isStaff($uid)) { |
||||
902 | $helper->redirect('admin/staff.php?op=manageStaff', 3, _AM_XHELP_STAFF_EXISTS); |
||||
903 | } |
||||
904 | |||||
905 | /** @var \XoopsMemberHandler $memberHandler */ |
||||
906 | $memberHandler = xoops_getHandler('member'); // Get member handler |
||||
907 | $newUser = $memberHandler->getUser($uid); |
||||
908 | |||||
909 | $email = $newUser->getVar('email'); |
||||
910 | if ($staffHandler->addStaff($uid, $email)) { // $selectAll |
||||
911 | $message = _XHELP_MESSAGE_ADDSTAFF; |
||||
0 ignored issues
–
show
|
|||||
912 | /** @var \XoopsModules\Xhelp\MembershipHandler $membershipHandler */ |
||||
913 | $membershipHandler = $helper->getHandler('Membership'); |
||||
914 | |||||
915 | //Set Department Membership |
||||
916 | if ($membershipHandler->addDeptToStaff($depts, $uid)) { |
||||
917 | $message = _XHELP_MESSAGE_ADDSTAFF; |
||||
918 | } else { |
||||
919 | $message = _XHELP_MESSAGE_ADDSTAFF_ERROR; |
||||
920 | } |
||||
921 | |||||
922 | //Set Global Roles |
||||
923 | foreach ($roles as $role) { |
||||
924 | $staffHandler->addStaffRole($uid, $role, 0); |
||||
925 | } |
||||
926 | |||||
927 | //Set Department Roles |
||||
928 | foreach ($depts as $dept) { |
||||
929 | $custRoles = $session->get("xhelp_dept_$dept"); |
||||
930 | if ($custRoles) { |
||||
931 | if (-1 != $custRoles['roles']) { |
||||
932 | foreach ($custRoles['roles'] as $role) { |
||||
933 | $staffHandler->addStaffRole($uid, $role, $dept); |
||||
934 | } |
||||
935 | } else { |
||||
936 | // If dept still checked, but no custom depts, give global roles to dept |
||||
937 | foreach ($roles as $role) { |
||||
938 | $staffHandler->addStaffRole($uid, $role, $dept); |
||||
939 | } |
||||
940 | } |
||||
941 | } else { |
||||
942 | foreach ($roles as $role) { |
||||
943 | $staffHandler->addStaffRole($uid, $role, $dept); |
||||
944 | } |
||||
945 | } |
||||
946 | } |
||||
947 | /** @var \XoopsModules\Xhelp\TicketListHandler $ticketListHandler */ |
||||
948 | $ticketListHandler = $helper->getHandler('TicketList'); |
||||
949 | $hasTicketLists = $ticketListHandler->createStaffGlobalLists($uid); |
||||
0 ignored issues
–
show
|
|||||
950 | |||||
951 | $helper->redirect('admin/staff.php?op=clearRoles'); |
||||
952 | } else { |
||||
953 | $message = _XHELP_MESSAGE_ADDSTAFF_ERROR; |
||||
954 | $helper->redirect('admin/staff.php?op=clearRoles', 3, $message); |
||||
955 | } |
||||
956 | } else { |
||||
957 | /** @var \XoopsMemberHandler $memberHandler */ |
||||
958 | $memberHandler = xoops_getHandler('member'); // Get member handler |
||||
959 | /** @var \XoopsModules\Xhelp\StaffHandler $staffHandler */ |
||||
960 | $staffHandler = $helper->getHandler('Staff'); // Get staff handler |
||||
961 | /** @var \XoopsModules\Xhelp\DepartmentHandler $departmentHandler */ |
||||
962 | $departmentHandler = $helper->getHandler('Department'); // Get department handler |
||||
963 | /** @var \XoopsModules\Xhelp\RoleHandler $roleHandler */ |
||||
964 | $roleHandler = $helper->getHandler('Role'); |
||||
965 | |||||
966 | //Get List of depts in system |
||||
967 | $criteria = new \Criteria('', ''); |
||||
968 | $criteria->setSort('department'); |
||||
969 | $criteria->setOrder('ASC'); |
||||
970 | |||||
971 | $dept_count = $departmentHandler->getCount($criteria); |
||||
972 | $dept_obj = $departmentHandler->getObjects($criteria); |
||||
973 | xoops_cp_header(); |
||||
974 | //echo $oAdminButton->renderButtons('manStaff'); |
||||
975 | $adminObject = Admin::getInstance(); |
||||
976 | $adminObject->displayNavigation('staff.php?op=manageStaff'); |
||||
977 | |||||
978 | if (Request::hasVar('uid', 'GET')) { |
||||
979 | $userid = Request::getInt('uid', 0, 'GET'); |
||||
980 | $uname = $xoopsUser::getUnameFromId($userid); |
||||
981 | } else { |
||||
982 | $userid = 0; |
||||
0 ignored issues
–
show
|
|||||
983 | $uname = ''; |
||||
984 | } |
||||
985 | |||||
986 | if ($dept_count > 0) { |
||||
987 | $userid = Request::getInt('uid', 0, 'GET'); |
||||
988 | |||||
989 | //Get List of staff members |
||||
990 | $criteria = new \Criteria('', ''); |
||||
991 | $criteria->setStart($start); |
||||
992 | $criteria->setLimit($limit); |
||||
993 | |||||
994 | $staff_obj = $staffHandler->getObjects($criteria); |
||||
995 | $staff_count = $staffHandler->getCount($criteria); |
||||
996 | $user_count = $memberHandler->getUserCount(); |
||||
0 ignored issues
–
show
|
|||||
997 | |||||
998 | $nav = new Xhelp\PageNav($staff_count, $limit, $start, 'start', "op=manageStaff&limit=$limit"); |
||||
999 | |||||
1000 | //Get List of Staff Roles |
||||
1001 | $criteria = new \Criteria('', ''); |
||||
1002 | $criteria->setOrder('ASC'); |
||||
1003 | $criteria->setSort('name'); |
||||
1004 | $roles = $roleHandler->getObjects($criteria); |
||||
1005 | |||||
1006 | echo '<script type="text/javascript" src="' . XOOPS_URL . '/modules/xhelp/include/functions.js"></script>'; |
||||
1007 | echo "<form method='post' id='manageStaff' name='manageStaff' action='staff.php?op=manageStaff'>"; |
||||
1008 | echo "<table width='100%' cellspacing='1' class='outer'> |
||||
1009 | <tr><th colspan='2'>" . _AM_XHELP_ADD_STAFF . '</th></tr>'; |
||||
1010 | |||||
1011 | echo "<tr><td class='head' width='20%'>" . _AM_XHELP_TEXT_USER . "</td> |
||||
1012 | <td class='even'> |
||||
1013 | <input type='text' id='fullname' name='fullname' class='formButton' value='" . $uname . "' disabled='disabled' style='background-color:#E1E1E1;' onchange=\"window.location='staff.php?op=manageStaff&uid='+user_id.value;\"> |
||||
1014 | <input type='hidden' id='user_id' name='user_id' class='formButton' value='" . $userid . "'>"; |
||||
1015 | echo " <a href=\"javascript:openWithSelfMain('" . XHELP_BASE_URL . "/lookup.php?admin=1', 'lookup',400, 300);\" title='" . _AM_XHELP_TEXT_FIND_USERS . "'>" . _AM_XHELP_TEXT_FIND_USERS . '</a> |
||||
1016 | </td> |
||||
1017 | </tr>'; |
||||
1018 | |||||
1019 | echo '</td></tr>'; |
||||
1020 | echo "<tr><td class='head' width='20%'>" . _AM_XHELP_TEXT_ROLES . "</td> |
||||
1021 | <td class='even'><table width='75%'>"; |
||||
1022 | $mainRoles = $session->get('xhelp_mainRoles'); |
||||
1023 | if ($mainRoles) { |
||||
1024 | foreach ($roles as $role) { |
||||
1025 | if (in_array($role->getVar('id'), $mainRoles)) { |
||||
0 ignored issues
–
show
It seems like
$mainRoles can also be of type string and true ; however, parameter $haystack of in_array() does only seem to accept array , maybe add an additional type check?
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
![]() |
|||||
1026 | echo "<tr><td><input type='checkbox' name='roles[]' value='" . $role->getVar('id') . "' checked onclick=\"Xhelp\RoleCustOnClick('manageStaff', 'roles[]', 'xhelp_role', '&', 'xhelp_dept_cust');\"> |
||||
1027 | <a href='staff.php?op=editRole&id=" . $role->getVar('id') . '&uid=' . $userid . "'>" . $role->getVar('name') . '</a> - ' . $role->getVar('description') . '</td></tr>'; |
||||
1028 | } else { |
||||
1029 | echo "<tr><td><input type='checkbox' name='roles[]' value='" . $role->getVar('id') . "' onclick=\"Xhelp\RoleCustOnClick('manageStaff', 'roles[]', 'xhelp_role', '&', 'xhelp_dept_cust');\"> |
||||
1030 | <a href='staff.php?op=editRole&id=" . $role->getVar('id') . '&uid=' . $userid . "'>" . $role->getVar('name') . '</a> - ' . $role->getVar('description') . '</td></tr>'; |
||||
1031 | } |
||||
1032 | } |
||||
1033 | } else { |
||||
1034 | foreach ($roles as $role) { |
||||
1035 | echo "<tr><td><input type='checkbox' name='roles[]' value='" . $role->getVar('id') . "' onclick=\"Xhelp\RoleCustOnClick('manageStaff', 'roles[]', 'xhelp_role', '&', 'xhelp_dept_cust');\"> |
||||
1036 | <a href='staff.php?op=editRole&id=" . $role->getVar('id') . '&uid=' . $userid . "'>" . $role->getVar('name') . '</a> - ' . $role->getVar('description') . '</td></tr>'; |
||||
1037 | } |
||||
1038 | } |
||||
1039 | echo "<tr><td><input type='checkbox' name='checkallRoles' value='0' onclick='selectAll(this.form,\"roles[]\",this.checked); Xhelp\RoleCustOnClick(\"manageStaff\", \"roles[]\", \"xhelp_role\", \"&\", \"xhelp_dept_cust\");'><b>" . _AM_XHELP_TEXT_SELECT_ALL . '</b></td></tr>'; |
||||
1040 | echo '</table></td></tr>'; |
||||
1041 | echo "<tr><td class='head' width='20%'>" . _AM_XHELP_TEXT_DEPARTMENTS . "</td> |
||||
1042 | <td class='even' width='50%'><table width='75%'>"; |
||||
1043 | $mainDepts = $session->get('xhelp_mainDepts'); |
||||
1044 | if ($mainDepts) { |
||||
1045 | foreach ($dept_obj as $dept) { |
||||
1046 | $deptid = $dept->getVar('id'); |
||||
1047 | $aDept = $session->get("xhelp_dept_$deptid"); |
||||
1048 | $aDeptRoles = $aDept['roleNames']; |
||||
1049 | if (!empty($aDeptRoles) && is_array($aDeptRoles)) { |
||||
1050 | $deptRoles = implode(', ', $aDeptRoles); |
||||
1051 | } else { |
||||
1052 | $deptRoles = ''; |
||||
1053 | } |
||||
1054 | if (in_array($dept->getVar('id'), $mainDepts)) { |
||||
1055 | echo "<tr><td> |
||||
1056 | <input type='checkbox' name='departments[]' checked value='" . $dept->getVar('id') . "' onclick=\"Xhelp\RoleCustOnClick('manageStaff', 'departments[]', 'xhelp_depts', '&', 'xhelp_dept_cust');\"> |
||||
1057 | " . $dept->getVar('department') . " [<a href='staff.php?op=customDept&deptid=" . $dept->getVar('id') . '&uid=' . $userid . "' class='xhelp_dept_cust'>" . _AM_XHELP_TEXT_CUSTOMIZE . '</a>] <i>' . $deptRoles . '</i> |
||||
1058 | </td></tr>'; |
||||
1059 | } else { |
||||
1060 | echo "<tr><td> |
||||
1061 | <input type='checkbox' name='departments[]' value='" . $dept->getVar('id') . "' onclick=\"Xhelp\RoleCustOnClick('manageStaff', 'departments[]', 'xhelp_depts', '&', 'xhelp_dept_cust');\"> |
||||
1062 | " . $dept->getVar('department') . " [<a href='staff.php?op=customDept&deptid=" . $dept->getVar('id') . '&uid=' . $userid . "' class='xhelp_dept_cust'>" . _AM_XHELP_TEXT_CUSTOMIZE . '</a>] <i>' . $deptRoles . '</i> |
||||
1063 | </td></tr>'; |
||||
1064 | } |
||||
1065 | } |
||||
1066 | } else { |
||||
1067 | foreach ($dept_obj as $dept) { |
||||
1068 | $deptid = $dept->getVar('id'); |
||||
1069 | $aDept = $session->get("xhelp_dept_$deptid"); |
||||
1070 | $aDeptRoles = $aDept['roleNames'] ?? ''; |
||||
1071 | if (!empty($aDeptRoles)) { |
||||
1072 | $deptRoles = implode(', ', $aDeptRoles); |
||||
0 ignored issues
–
show
It seems like
$aDeptRoles can also be of type string ; however, parameter $pieces of implode() does only seem to accept array , maybe add an additional type check?
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
![]() |
|||||
1073 | } else { |
||||
1074 | $deptRoles = ''; |
||||
1075 | } |
||||
1076 | echo "<tr><td> |
||||
1077 | <input type='checkbox' name='departments[]' value='" . $dept->getVar('id') . "' onclick=\"Xhelp\RoleCustOnClick('manageStaff', 'departments[]', 'xhelp_depts', '&', 'xhelp_dept_cust');\"> |
||||
1078 | " . $dept->getVar('department') . " [<a href='staff.php?op=customDept&deptid=" . $dept->getVar('id') . '&uid=' . $userid . "' class='xhelp_dept_cust'>" . _AM_XHELP_TEXT_CUSTOMIZE . '</a>] <i>' . $deptRoles . '</i> |
||||
1079 | </td></tr>'; |
||||
1080 | } |
||||
1081 | } |
||||
1082 | echo "<tr><td><input type='checkbox' name='checkallDepts' value='0' onclick='selectAll(this.form,\"departments[]\",this.checked);Xhelp\RoleCustOnClick(\"manageStaff\", \"departments[]\", \"xhelp_depts\", \"&\", \"xhelp_dept_cust\");'><b>" |
||||
1083 | . _AM_XHELP_TEXT_SELECT_ALL |
||||
1084 | . '</b></td></tr>'; |
||||
1085 | echo '</table></td></tr>'; |
||||
1086 | echo "<tr><td colspan='2' class='foot'> |
||||
1087 | <input type='submit' name='addStaff' value='" . _AM_XHELP_BUTTON_ADDSTAFF . "'> |
||||
1088 | <input type='submit' name='addRole' value='" . _AM_XHELP_BUTTON_CREATE_ROLE . "' class='formButton'> |
||||
1089 | <input type='submit' name='clearRoles' value='" . _AM_XHELP_BUTTON_CLEAR_PERMS . "' class='formButton'> |
||||
1090 | </td></tr>"; |
||||
1091 | echo '</table></form>'; |
||||
1092 | |||||
1093 | echo "<form method='post' id='cleanStaff' name='cleanStaff' action='staff.php?op=clearOrphanedStaff'>"; |
||||
1094 | echo "<table width='100%' cellspacing='1' class='outer'> |
||||
1095 | <tr><th colspan='2'>" . _AM_XHELP_TEXT_MAINTENANCE . '</th></tr>'; |
||||
1096 | echo "<tr><td class='head' width='40%'>" . _AM_XHELP_TEXT_ORPHANED . "</td> |
||||
1097 | <td class='even'><input type='submit' name='cleanStaff' value='" . _AM_XHELP_BUTTON_SUBMIT . "'></td> |
||||
1098 | </tr>"; |
||||
1099 | echo '</table></form>'; |
||||
1100 | |||||
1101 | if ($staff_count > 0) { |
||||
1102 | //Get User Information for each staff member |
||||
1103 | $staff_uids = []; |
||||
1104 | foreach ($staff_obj as $obj) { |
||||
1105 | $staff_uids[] = $obj->getVar('uid'); |
||||
1106 | } |
||||
1107 | if (false !== $staff_search) { |
||||
1108 | $criteria = new \CriteriaCompo(new \Criteria('uname', "%$staff_search%", 'LIKE'), 'OR'); |
||||
1109 | $criteria->add(new \Criteria('name', "%$staff_search%", 'LIKE'), 'OR'); |
||||
1110 | $criteria->add(new \Criteria('email', "%$staff_search%", 'LIKE'), 'OR'); |
||||
1111 | } else { |
||||
1112 | $criteria = new \Criteria('uid', '(' . implode(',', $staff_uids) . ')', 'IN'); |
||||
1113 | } |
||||
1114 | $staff_users = $memberHandler->getUsers($criteria); |
||||
1115 | |||||
1116 | if (false !== $dept_search) { |
||||
1117 | $criteria = new \Criteria('department', "%$dept_search%", 'LIKE'); |
||||
1118 | } else { |
||||
1119 | $criteria = new \Criteria('', ''); |
||||
1120 | } |
||||
1121 | $criteria->setStart($dstart); |
||||
1122 | $criteria->setLimit($dlimit); |
||||
1123 | |||||
1124 | $allDepts = $departmentHandler->getObjects($criteria, true); |
||||
1125 | $dnav = new Xhelp\PageNav($departmentHandler->getCount($criteria), $dlimit, $dstart, 'dstart', "op=manageStaff&start=$start&limit=$limit&dlimit=$dlimit", 'tblManageStaff'); |
||||
1126 | |||||
1127 | echo "<form action='" . XHELP_ADMIN_URL . "/staff.php?op=manageStaff' style='margin:0; padding:0;' method='post'>"; |
||||
0 ignored issues
–
show
|
|||||
1128 | echo $GLOBALS['xoopsSecurity']->getTokenHTML(); |
||||
1129 | echo "<table width='100%' cellspacing='1' class='outer'>"; |
||||
1130 | echo "<tr><td align='right'>" . _AM_XHELP_TEXT_STAFF . ': ' . _AM_XHELP_BUTTON_SEARCH . " <input type='text' name='staff_search' value='$staff_search'> |
||||
1131 | " . _AM_XHELP_TEXT_NUMBER_PER_PAGE . "<select name='limit'>"; |
||||
1132 | foreach ($aLimitByS as $value => $text) { |
||||
1133 | ($limit == $value) ? $selected = 'selected' : $selected = ''; |
||||
1134 | echo "<option value='$value' $selected>$text</option>"; |
||||
1135 | } |
||||
1136 | echo '</select> |
||||
1137 | |
||||
1138 | ' . _AM_XHELP_TEXT_DEPARTMENTS . ': ' . _AM_XHELP_BUTTON_SEARCH . " |
||||
1139 | <input type='text' name='dept_search' value='$dept_search'> |
||||
1140 | " . _AM_XHELP_TEXT_NUMBER_PER_PAGE . " |
||||
1141 | <select name='dlimit'>"; |
||||
1142 | foreach ($aLimitByD as $value => $text) { |
||||
1143 | ($dlimit == $value) ? $selected = 'selected' : $selected = ''; |
||||
1144 | echo "<option value='$value' $selected>$text</option>"; |
||||
1145 | } |
||||
1146 | echo "</select> |
||||
1147 | |
||||
1148 | <input type='submit' name='staff_select' id='staff_select' value='" . _AM_XHELP_BUTTON_SUBMIT . "'> |
||||
1149 | </td> |
||||
1150 | </tr>"; |
||||
1151 | echo '</table></form>'; |
||||
1152 | |||||
1153 | echo "<table width='100%' cellspacing='1' class='outer' id='tblManageStaff'> |
||||
1154 | <tr><th colspan='" . (3 + count($allDepts)) . "'><label>" . _AM_XHELP_MANAGE_STAFF . '</label></th></tr>'; |
||||
1155 | echo "<tr class='head'><td rowspan='2'>" . _AM_XHELP_TEXT_ID . "</td><td rowspan='2'>" . _AM_XHELP_TEXT_USER . "</td><td colspan='" . count($allDepts) . "'>" . _AM_XHELP_TEXT_DEPARTMENTS . ' ' . $dnav->renderNav() . "</td><td rowspan='2'>" . _AM_XHELP_TEXT_ACTIONS . '</td></tr>'; |
||||
1156 | echo "<tr class='head'>"; |
||||
1157 | foreach ($allDepts as $thisdept) { |
||||
1158 | echo '<td>' . $thisdept->getVar('department') . '</td>'; |
||||
1159 | } |
||||
1160 | echo '</tr>'; |
||||
1161 | /** @var \XoopsModules\Xhelp\MembershipHandler $membershipHandler */ |
||||
1162 | /** @var \XoopsModules\Xhelp\MembershipHandler $membershipHandler */ |
||||
1163 | $membershipHandler = $helper->getHandler('Membership'); |
||||
1164 | $staffRoleHandler = $helper->getHandler('StaffRole'); |
||||
0 ignored issues
–
show
|
|||||
1165 | foreach ($staff_users as $staff) { |
||||
1166 | $departments = $membershipHandler->membershipByStaff($staff->getVar('uid'), true); |
||||
1167 | echo "<tr class='even'><td>" . $staff->getVar('uid') . '</td><td>' . $staff->getVar('uname') . '</td>'; |
||||
1168 | foreach ($allDepts as $thisdept) { |
||||
1169 | echo "<td><img src='" . XOOPS_URL . '/modules/xhelp/assets/images/'; |
||||
1170 | echo array_key_exists($thisdept->getVar('id'), $departments) ? 'on' : 'off'; |
||||
1171 | echo ".png'></td>"; |
||||
1172 | } |
||||
1173 | echo "<td><a href='staff.php?op=editStaff&uid=" . $staff->getVar('uid') . "'><img src='" . XOOPS_URL . "/modules/xhelp/assets/images/button_edit.png' title='" . _AM_XHELP_TEXT_EDIT . "' name='editStaff'></a> |
||||
1174 | <a href='delete.php?deleteStaff=1&uid=" . $staff->getVar('uid') . "'><img src='" . XOOPS_URL . "/modules/xhelp/assets/images/button_delete.png' title='" . _AM_XHELP_TEXT_DELETE . "' name='deleteStaff'></a> |
||||
1175 | </td></tr>"; |
||||
1176 | } |
||||
1177 | echo '</table><br>'; |
||||
1178 | echo "<div id='staff_nav'>" . $nav->renderNav() . '</div>'; |
||||
1179 | } |
||||
1180 | } else { |
||||
1181 | echo "<div id='readOnly' class='errorMsg'>"; |
||||
1182 | echo _AM_XHELP_TEXT_MAKE_DEPTS; |
||||
1183 | echo '</div>'; |
||||
1184 | echo "<br><a href='department.php?op=manageDepartments'>" . _AM_XHELP_LINK_ADD_DEPT . '</a>'; |
||||
1185 | } |
||||
1186 | |||||
1187 | require_once __DIR__ . '/admin_footer.php'; |
||||
1188 | }//end if |
||||
1189 | } |
||||
1190 |