[Mrbs-commits] SF.net SVN: mrbs:[1297] mrbs/trunk/web

cimorrison Wed, 17 Feb 2010 09:40:38 -0800

Revision: 1297
          http://mrbs.svn.sourceforge.net/mrbs/?rev=1297&view=rev
Author:   cimorrison
Date:     2010-02-17 17:40:29 +0000 (Wed, 17 Feb 2010)


Log Message:
-----------
- Added the ability to prevent ordinary users from making repeat bookings.  
Controlled by the configuration setting $auth['only_admin_can_book_repeat']
- Fixed some minor problems to do with editing repeat bookings
- Tidied up the code in edit_entry.php a little

Modified Paths:
--------------
    mrbs/trunk/web/edit_entry.php
    mrbs/trunk/web/edit_entry_handler.php
    mrbs/trunk/web/systemdefaults.inc.php
    mrbs/trunk/web/view_entry.php

Modified: mrbs/trunk/web/edit_entry.php
===================================================================
--- mrbs/trunk/web/edit_entry.php       2010-02-10 17:16:05 UTC (rev 1296)
+++ mrbs/trunk/web/edit_entry.php       2010-02-17 17:40:29 UTC (rev 1297)
@@ -50,6 +50,11 @@
   showAccessDenied($day, $month, $year, $area, isset($room) ? $room : "");
   exit;
 }
+$user = getUserName();
+$is_admin = (authGetUserLevel($user) >= 2);
+// You're only allowed to make repeat bookings if you're an admin
+// or else if $auth['only_admin_can_book_repeat'] is not set
+$repeats_allowed = $is_admin || empty($auth['only_admin_can_book_repeat']);
 
 // This page will either add or modify a booking
 
@@ -90,7 +95,7 @@
   $name        = $row['name'];
   // If we're copying an existing entry then we need to change the create_by 
(they could be
   // different if it's an admin doing the copying)
-  $create_by   = (isset($copy)) ? getUserName() : $row['create_by'];
+  $create_by   = (isset($copy)) ? $user : $row['create_by'];
   $description = $row['description'];
   $start_day   = strftime('%d', $row['start_time']);
   $start_month = strftime('%m', $row['start_time']);
@@ -113,7 +118,7 @@
   {
     // Entry being copied by different user
     // If they don't have rights to view details, clear them
-    $privatewriteable = getWritable($row['create_by'], getUserName(), 
$room_id);
+    $privatewriteable = getWritable($row['create_by'], $user, $room_id);
     if (is_private_event($private) && !$privatewriteable) 
     {
         $name = '';
@@ -142,7 +147,7 @@
    
     $rep_type = $row['rep_type'];
 
-    if ($edit_type == "series")
+    if (!empty($rep_type))
     {
       $start_day   = (int)strftime('%d', $row['start_time']);
       $start_month = (int)strftime('%m', $row['start_time']);
@@ -151,11 +156,15 @@
       $rep_end_day   = (int)strftime('%d', $row['end_date']);
       $rep_end_month = (int)strftime('%m', $row['end_date']);
       $rep_end_year  = (int)strftime('%Y', $row['end_date']);
+      // Get the end date in string format as well, for use when
+      // the input is disabled
+      $rep_end_date = utf8_strftime('%A %d %B %Y',$row['end_date']);
 
       switch ($rep_type)
       {
         case 2:
         case 6:
+          
           $rep_day[0] = $row['rep_opt'][0] != "0";
           $rep_day[1] = $row['rep_opt'][1] != "0";
           $rep_day[2] = $row['rep_opt'][2] != "0";
@@ -163,6 +172,9 @@
           $rep_day[4] = $row['rep_opt'][4] != "0";
           $rep_day[5] = $row['rep_opt'][5] != "0";
           $rep_day[6] = $row['rep_opt'][6] != "0";
+          // Get the repeat days as an array for use
+          // when the input is disabled
+          $rep_opt = $row['rep_opt'];
 
           if ($rep_type == 6)
           {
@@ -175,12 +187,6 @@
           $rep_day = array(0, 0, 0, 0, 0, 0, 0);
       }
     }
-    else
-    {
-      $rep_type     = $row['rep_type'];
-      $rep_end_date = utf8_strftime('%A %d %B %Y',$row['end_date']);
-      $rep_opt      = $row['rep_opt'];
-    }
   }
 }
 else
@@ -188,7 +194,7 @@
   // It is a new booking. The data comes from whichever button the user clicked
   $edit_type   = "series";
   $name        = "";
-  $create_by   = getUserName();
+  $create_by   = $user;
   $description = "";
   $start_day   = $day;
   $start_month = $month;
@@ -253,7 +259,7 @@
 
 //now that we know all the data to fill the form with we start drawing it
 
-if (!getWritable($create_by, getUserName(), $room_id))
+if (!getWritable($create_by, $user, $room_id))
 {
   showAccessDenied($day, $month, $year, $area, isset($room) ? $room : "");
   exit;
@@ -267,18 +273,19 @@
 //<![CDATA[
 
 // do a little form verifying
-function validate_and_submit ()
+function validate_and_submit()
 {
+  var form = document.forms["main"];
   // null strings and spaces only strings not allowed
-  if(/(^$)|(^\s+$)/.test(document.forms["main"].name.value))
+  if(/(^$)|(^\s+$)/.test(form.name.value))
   {
     alert ( "<?php echo get_vocab("you_have_not_entered") . '\n' . 
get_vocab("brief_description") ?>");
     return false;
   }
   <?php if( ! $enable_periods ) { ?>
 
-  h = parseInt(document.forms["main"].hour.value);
-  m = parseInt(document.forms["main"].minute.value);
+  h = parseInt(form.hour.value);
+  m = parseInt(form.minute.value);
 
   if(h > 23 || m > 59)
   {
@@ -288,21 +295,25 @@
   <?php } ?>
 
   // check form element exist before trying to access it
-  if ( document.forms["main"].id )
+  if (form.id )
   {
-    i1 = parseInt(document.forms["main"].id.value);
+    i1 = parseInt(form.id.value);
   }
   else
   {
     i1 = 0;
   }
 
-  i2 = parseInt(document.forms["main"].rep_id.value);
-  if ( document.forms["main"].rep_num_weeks)
+  i2 = parseInt(form.rep_id.value);
+  if (form.rep_num_weeks)
   {
-     n = parseInt(document.forms["main"].rep_num_weeks.value);
+     n = parseInt(form.rep_num_weeks.value);
   }
-  if ((!i1 || (i1 && i2)) && (document.forms["main"].rep_type.value != 0) && 
document.forms["main"].rep_type[6].checked && (!n || n < 2))
+  if ((!i1 || (i1 && i2)) &&
+      form.rep_type &&
+      (form.rep_type.value != 0) && 
+      form.rep_type[6].checked && 
+      (!n || n < 2))
   {
     alert("<?php echo get_vocab("you_have_not_entered") . '\n' . 
get_vocab("useful_n-weekly_value") ?>");
     return false;
@@ -312,7 +323,7 @@
   // check that a room(s) has been selected
   // this is needed as edit_entry_handler does not check that a room(s)
   // has been chosen
-  if ( document.forms["main"].elements['rooms'].selectedIndex == -1 )
+  if (form.elements['rooms'].selectedIndex == -1 )
   {
     alert("<?php echo get_vocab("you_have_not_selected") . '\n' . 
get_vocab("valid_room") ?>");
     return false;
@@ -322,10 +333,10 @@
   // there are more than one recipient. To avoid users doing weird things
   // like clicking more than one time on submit button, we hide it as soon
   // it is clicked.
-  document.forms["main"].save_button.disabled="true";
+  form.save_button.disabled="true";
 
   // would be nice to also check date to not allow Feb 31, etc...
-  document.forms["main"].submit();
+  form.submit();
 
   return true;
 }
@@ -718,9 +729,13 @@
 
 
     <?php
-    if ($edit_type == "series")
+    // REPEAT BOOKING INPUTS
+    if (($edit_type == "series") && $repeats_allowed)
     {
-    ?>
+      // If repeats are allowed and the edit_type is a series (which means
+      // that either you're editing an existing series or else you're making
+      // a new booking) then print the repeat inputs
+      ?>
       <div id="rep_type">
         <label><?php echo get_vocab("rep_type")?>:</label>
         <div class="group">
@@ -761,62 +776,62 @@
           ?>
         </div>
       </div>
+      <div>
+        <label for="rep_num_weeks"><?php echo 
get_vocab("rep_num_weeks")?>:<br><?php echo 
get_vocab("rep_for_nweekly")?></label>
+        <input type="text" id="rep_num_weeks" name="rep_num_weeks" 
value="<?php echo $rep_num_weeks?>">
+      </div>
       <?php
     }
-    else
+    elseif (isset($id))
     {
+      // otherwise, if it's an existing booking, show the repeat information
+      // and pass it through to the handler but do not let the user edit it
+      // (because they're either not allowed to, or else they've chosen to edit
+      // an individual entry rather than a series).
+      // (NOTE: when repeat bookings are restricted to admins, an ordinary user
+      // would not normally be able to get to the stage of trying to edit a 
series.
+      // But we have to cater for the possibility because it could happen if 
(a) the
+      // series was created before the policy was introduced or (b) the user 
has
+      // been demoted since the series was created).
       $key = "rep_type_" . (isset($rep_type) ? $rep_type : "0");
-      ?>
-      <fieldset id="rep_info">
-      <legend></legend>
-        <input type="hidden" name="rep_type" value="0">
-        <div>
-          <label><?php echo get_vocab("rep_type") ?>:</label>
-          <input type="text" value ="<?php echo get_vocab($key) ?>" 
disabled="disabled">
-        </div>
-        <?php
-        if(isset($rep_type) && ($rep_type != 0))
+      echo "<fieldset id=\"rep_info\">\n";
+      echo "<legend></legend>\n";
+      echo "<div>\n";
+      echo "<label>" . get_vocab("rep_type") . ":</label>\n";
+      echo "<input type=\"text\" value =\"" . get_vocab($key) . "\" 
disabled=\"disabled\">\n";
+      echo "<input type=\"hidden\" name=\"rep_type\" value=\"0\">\n";
+      echo "</div>\n";
+      if (isset($rep_type) && ($rep_type != 0))
+      {
+        $opt = "";
+        if (($rep_type == 2) || ($rep_type == 6))
         {
-          $opt = "";
-          if ($rep_type == 2)
+          // Display day names according to language and preferred weekday 
start.
+          for ($i = 0; $i < 7; $i++)
           {
-            // Display day names according to language and preferred weekday 
start.
-            for ($i = 0; $i < 7; $i++)
+            $wday = ($i + $weekstarts) % 7;
+            if ($rep_opt[$wday])
             {
-              $wday = ($i + $weekstarts) % 7;
-              if ($rep_opt[$wday])
-              {
-                $opt .= day_name($wday) . " ";
-              }
+              $opt .= day_name($wday) . " ";
             }
           }
-          if($opt)
-          {
-            echo "  <div><label>".get_vocab("rep_rep_day").":</label><input 
type=\"text\" value=\"$opt\" disabled=\"disabled\"></div>\n";
-          }
-
-          echo "  <div><label>".get_vocab("rep_end_date").":</label><input 
type=\"text\" value=\"$rep_end_date\" disabled=\"disabled\"></div>\n";
         }
-        ?>
-      </fieldset>
-      <?php
+        if($opt)
+        {
+          echo "  <div><label>".get_vocab("rep_rep_day").":</label><input 
type=\"text\" value=\"$opt\" disabled=\"disabled\"></div>\n";
+        }
+        echo "  <div><label>".get_vocab("rep_end_date").":</label><input 
type=\"text\" value=\"$rep_end_date\" disabled=\"disabled\"></div>\n";
+        if ($rep_type == 6)
+        {
+          echo "<div>\n";
+          echo "<label for=\"rep_num_weeks\">" . get_vocab("rep_num_weeks") . 
":<br>" . get_vocab("rep_for_nweekly") . "</label>\n";
+          echo "<input type=\"text\" id=\"rep_num_weeks\" 
name=\"rep_num_weeks\" value=\"$rep_num_weeks\" disabled=\"disabled\">\n";
+          echo "</div>\n";
+        }
+      }
+      echo "</fieldset>\n";
     }
-
-    /* We display the rep_num_weeks box only if:
-       - this is a new entry ($id is not set)
-       Xor
-       - we are editing an existing repeating entry ($rep_type is set and
-         $rep_type != 0 and $edit_type == "series" )
-    */
-    if ( ( !isset( $id ) ) Xor ( isset( $rep_type ) && ( $rep_type != 0 ) &&
-                             ( "series" == $edit_type ) ) )
-    {
-      ?>
-      <label for="rep_num_weeks"><?php echo 
get_vocab("rep_num_weeks")?>:<br><?php echo 
get_vocab("rep_for_nweekly")?></label>
-      <input type="text" id="rep_num_weeks" name="rep_num_weeks" value="<?php 
echo $rep_num_weeks?>">
-      <?php
-    }
-    
+ 
     // In the section below the <div> needs to be inside the <noscript> in 
order to pass validation
     ?>
     <script type="text/javascript">

Modified: mrbs/trunk/web/edit_entry_handler.php
===================================================================
--- mrbs/trunk/web/edit_entry_handler.php       2010-02-10 17:16:05 UTC (rev 
1296)
+++ mrbs/trunk/web/edit_entry_handler.php       2010-02-17 17:40:29 UTC (rev 
1297)
@@ -151,7 +151,20 @@
   exit;
 }
 $user = getUserName();
+$is_admin = (authGetUserLevel($user) >= 2);
 
+// Check to see whether this is a repeat booking and if so, whether the user
+// is allowed to make/edit repeat bookings.   (The edit_entry form should
+// prevent you ever getting here, but this check is here as a safeguard in 
+// case someone has spoofed the HTML)
+if (!empty($rep_type) &&
+    !$is_admin &&
+    !empty($auth['only_admin_can_book_repeat']))
+{
+  showAccessDenied($day, $month, $year, $area, isset($room) ? $room : "");
+  exit;
+}
+
 // Check that the user has permission to create/edit an entry for this room.
 // Get the id of the room that we are creating/editing
 if (isset($id))

Modified: mrbs/trunk/web/systemdefaults.inc.php
===================================================================
--- mrbs/trunk/web/systemdefaults.inc.php       2010-02-10 17:16:05 UTC (rev 
1296)
+++ mrbs/trunk/web/systemdefaults.inc.php       2010-02-17 17:40:29 UTC (rev 
1297)
@@ -608,6 +608,9 @@
 // If you want only administrators to be able to book slots, set this
 // variable to TRUE
 $auth['only_admin_can_book'] = FALSE;
+// If you want only administrators to be able to make repeat bookings,
+// set this variable to TRUE
+$auth['only_admin_can_book_repeat'] = FALSE;
 
 /**********************************************
  * Email settings

Modified: mrbs/trunk/web/view_entry.php
===================================================================
--- mrbs/trunk/web/view_entry.php       2010-02-10 17:16:05 UTC (rev 1296)
+++ mrbs/trunk/web/view_entry.php       2010-02-17 17:40:29 UTC (rev 1297)
@@ -85,6 +85,10 @@
     
 
 $user = getUserName();
+$is_admin = (authGetUserLevel($user) >= 2);
+// You're only allowed to make repeat bookings if you're an admin
+// or else if $auth['only_admin_can_book_repeat'] is not set
+$repeats_allowed = $is_admin || empty($auth['only_admin_can_book_repeat']);
 
 // Get form variables
 //
@@ -457,12 +461,12 @@
       echo "<a href=\"edit_entry.php?id=$id&amp;returl=$link_returl\">". 
get_vocab("editentry") ."</a>";
     }
     
-    if (!empty($repeat_id)  && !$series)
+    if (!empty($repeat_id)  && !$series && $repeats_allowed)
     {
       echo " - ";
     }
     
-    if (!empty($repeat_id) || $series)
+    if ((!empty($repeat_id) || $series) && $repeats_allowed)
     {
       echo "<a 
href=\"edit_entry.php?id=$id&amp;edit_type=series&amp;day=$day&amp;month=$month&amp;year=$year&amp;returl=$link_returl\">".get_vocab("editseries")."</a>";
     }
@@ -478,12 +482,12 @@
       echo "<a 
href=\"edit_entry.php?id=$id&amp;copy=1&amp;returl=$link_returl\">". 
get_vocab("copyentry") ."</a>";
     }
        
-    if (!empty($repeat_id) && !$series)
+    if (!empty($repeat_id) && !$series && $repeats_allowed)
     {
       echo " - ";
     }
        
-    if (!empty($repeat_id) || $series) 
+    if ((!empty($repeat_id) || $series) && $repeats_allowed) 
     {
       echo "<a 
href=\"edit_entry.php?id=$id&amp;edit_type=series&amp;day=$day&amp;month=$month&amp;year=$year&amp;copy=1&amp;returl=$link_returl\">".get_vocab("copyseries")."</a>";
     }
@@ -497,12 +501,12 @@
       echo "<a 
href=\"del_entry.php?id=$id&amp;series=0&amp;returl=$link_returl\" 
onclick=\"return 
confirm('".get_vocab("confirmdel")."');\">".get_vocab("deleteentry")."</a>";
     }
     
-    if (!empty($repeat_id) && !$series)
+    if (!empty($repeat_id) && !$series && $repeats_allowed)
     {
       echo " - ";
     }
     
-    if (!empty($repeat_id) || $series)
+    if ((!empty($repeat_id) || $series) && $repeats_allowed)
     {
       echo "<a 
href=\"del_entry.php?id=$id&amp;series=1&amp;day=$day&amp;month=$month&amp;year=$year&amp;returl=$link_returl\"
 onClick=\"return 
confirm('".get_vocab("confirmdel")."');\">".get_vocab("deleteseries")."</a>";
     }


This was sent by the SourceForge.net collaborative development platform, the 
world's largest Open Source development site.

------------------------------------------------------------------------------
SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
http://p.sf.net/sfu/solaris-dev2dev
_______________________________________________
Mrbs-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mrbs-commits

[Mrbs-commits] SF.net SVN: mrbs:[1297] mrbs/trunk/web

Reply via email to