diff --git a/db/update.sql b/db/update.sql index f5955f32..9a665566 100644 --- a/db/update.sql +++ b/db/update.sql @@ -16,3 +16,6 @@ ALTER TABLE `AngelTypes` ADD INDEX (`contact_user_id`); ALTER TABLE `AngelTypes` ADD FOREIGN KEY (`contact_user_id`) REFERENCES `User`(`UID`) ON DELETE SET NULL ON UPDATE CASCADE; + + +INSERT INTO `Privileges` (`id`, `name`, `desc`) VALUES (NULL, 'shiftentry_edit_angeltype_supporter', 'If user with this privilege is angeltype supporter, he can put users in shifts for their angeltype'); diff --git a/includes/controller/shift_entries_controller.php b/includes/controller/shift_entries_controller.php index adb40c58..41756b7a 100644 --- a/includes/controller/shift_entries_controller.php +++ b/includes/controller/shift_entries_controller.php @@ -31,25 +31,23 @@ function shift_entry_add_controller() { redirect(page_link_to('user_shifts')); } - if (in_array('user_shifts_admin', $privileges)) { - $type = sql_select("SELECT * FROM `AngelTypes` WHERE `id`='" . sql_escape($type_id) . "' LIMIT 1"); + if (in_array('user_shifts_admin', $privileges) || in_array('shiftentry_edit_angeltype_supporter', $privileges)) { + $type = AngelType($type_id); } else { $type = sql_select("SELECT * FROM `UserAngelTypes` JOIN `AngelTypes` ON (`UserAngelTypes`.`angeltype_id` = `AngelTypes`.`id`) WHERE `AngelTypes`.`id` = '" . sql_escape($type_id) . "' AND (`AngelTypes`.`restricted` = 0 OR (`UserAngelTypes`.`user_id` = '" . sql_escape($user['UID']) . "' AND NOT `UserAngelTypes`.`confirm_user_id` IS NULL)) LIMIT 1"); + $type = $type[0]; } - - - if (count($type) == 0) { + + if ($type == null) { redirect(page_link_to('user_shifts')); } - $type = $type[0]; - - if (isset($_REQUEST['user_id']) && preg_match("/^[0-9]*$/", $_REQUEST['user_id']) && - in_array('user_shifts_admin', $privileges)) { + + if (isset($_REQUEST['user_id']) && preg_match("/^[0-9]*$/", $_REQUEST['user_id']) && (in_array('user_shifts_admin', $privileges) || in_array('shiftentry_edit_angeltype_supporter', $privileges))) { $user_id = $_REQUEST['user_id']; } else { $user_id = $user['UID']; } - + $shift_signup_allowed = Shift_signup_allowed(User($user_id), $shift, $type); if (! $shift_signup_allowed->isSignupAllowed()) { error(_("You are not allowed to sign up for this shift. Maybe shift is full or already running.")); @@ -58,8 +56,8 @@ function shift_entry_add_controller() { if (isset($_REQUEST['submit'])) { $selected_type_id = $type_id; - if (in_array('user_shifts_admin', $privileges)) { - + if (in_array('user_shifts_admin', $privileges) || in_array('shiftentry_edit_angeltype_supporter', $privileges)) { + if (sql_num_query("SELECT * FROM `User` WHERE `UID`='" . sql_escape($user_id) . "' LIMIT 1") == 0) { redirect(page_link_to('user_shifts')); } @@ -106,7 +104,6 @@ function shift_entry_add_controller() { if (in_array('user_shifts_admin', $privileges)) { $users = sql_select("SELECT *, (SELECT count(*) FROM `ShiftEntry` WHERE `freeloaded`=1 AND `ShiftEntry`.`UID`=`User`.`UID`) AS `freeloaded` FROM `User` ORDER BY `Nick`"); $users_select = []; - foreach ($users as $usr) { $users_select[$usr['UID']] = $usr['Nick'] . ($usr['freeloaded'] == 0 ? "" : " (" . _("Freeloader") . ")"); } @@ -118,12 +115,30 @@ function shift_entry_add_controller() { $angeltypes[$angeltype['id']] = $angeltype['name']; } $angeltype_select = html_select_key('angeltype_id', 'angeltype_id', $angeltypes, $type['id']); + } elseif (in_array('shiftentry_edit_angeltype_supporter', $privileges)) { + $users = Users_by_angeltype($type); + $users_select = []; + foreach ($users as $usr) { + if (! $type['restricted'] || $usr['confirm_user_id'] != null) { + $users_select[$usr['UID']] = $usr['Nick']; + } + } + $user_text = html_select_key('user_id', 'user_id', $users_select, $user['UID']); + + $angeltypes_source = User_angeltypes($user); + $angeltypes = []; + foreach ($angeltypes_source as $angeltype) { + if ($angeltype['supporter']) { + $angeltypes[$angeltype['id']] = $angeltype['name']; + } + $angeltype_select = html_select_key('angeltype_id', 'angeltype_id', $angeltypes, $type['id']); + } } else { $user_text = User_Nick_render($user); $angeltype_select = $type['name']; } - return ShiftEntry_edit_view($user_text, date("Y-m-d H:i", $shift['start']) . ' – ' . date('Y-m-d H:i', $shift['end']) . ' (' . shift_length($shift) . ')', $shift['Name'], $shift['name'], $angeltype_select, "", false, null, in_array('user_shifts_admin', $privileges)); + return ShiftEntry_edit_view($user_text, date("Y-m-d H:i", $shift['start']) . ' – ' . date('Y-m-d H:i', $shift['end']) . ' (' . shift_length($shift) . ')', $shift['Name'], $shift['name'], $angeltype_select, "", false, null, in_array('user_shifts_admin', $privileges) || in_array('shiftentry_edit_angeltype_supporter', $privileges)); } /** diff --git a/includes/model/Shifts_model.php b/includes/model/Shifts_model.php index 1e1bd97d..8107f707 100644 --- a/includes/model/Shifts_model.php +++ b/includes/model/Shifts_model.php @@ -111,7 +111,7 @@ function Shift_free_entries($shift_id, $angeltype_id) { } /** - * Check if an angel can sign up for given shift. + * Check if shift signup is allowed from the end users point of view (no admin like privileges) * * @param Shift $shift * The shift @@ -119,21 +119,12 @@ function Shift_free_entries($shift_id, $angeltype_id) { * The angeltype to which the user wants to sign up * @param array $user_shifts * List of the users shifts + * @param boolean $angeltype_supporter + * True, if the user has angeltype supporter rights for the angeltype, which enables him to sign somebody up for the shift. */ -function Shift_signup_allowed($user, $shift, $angeltype, $user_angeltype = null, $user_shifts = null) { - global $privileges; - +function Shift_signup_allowed_angel($user, $shift, $angeltype, $user_angeltype, $user_shifts, $angeltype_supporter = false) { $free_entries = Shift_free_entries($shift['SID'], $angeltype['id']); - if (in_array('user_shifts_admin', $privileges)) { - if ($free_entries == 0) { - // User shift admins may join anybody in every shift - return new ShiftSignupState(ShiftSignupState::ADMIN, $free_entries); - } - - return new ShiftSignupState(ShiftSignupState::FREE, $free_entries); - } - if ($user_shifts == null) { $user_shifts = Shifts_by_user($user); } @@ -159,16 +150,16 @@ function Shift_signup_allowed($user, $shift, $angeltype, $user_angeltype = null, // you cannot join if shift is full return new ShiftSignupState(ShiftSignupState::OCCUPIED, $free_entries); } - + if ($user_angeltype == null) { $user_angeltype = UserAngelType_by_User_and_AngelType($user, $angeltype); } - if ($user_angeltype == null || ($angeltype['no_self_signup'] == 1 && $user_angeltype != null) || - ($angeltype['restricted'] == 1 && $user_angeltype != null && ! isset($user_angeltype['confirm_user_id']))) { + if ($user_angeltype == null || ($angeltype['no_self_signup'] == 1 && $user_angeltype != null && $angeltype_supporter === false) || ($angeltype['restricted'] == 1 && $user_angeltype != null && ! isset($user_angeltype['confirm_user_id']))) { // you cannot join if user is not of this angel type // you cannot join if you are not confirmed - + // you cannot join if angeltype has no self signup + return new ShiftSignupState(ShiftSignupState::ANGELTYPE, $free_entries); } @@ -181,6 +172,48 @@ function Shift_signup_allowed($user, $shift, $angeltype, $user_angeltype = null, return new ShiftSignupState(ShiftSignupState::FREE, $free_entries); } +/** + * Check if an admin can sign up a user to a shift. + * + * @param Shift $shift + * The shift + * @param AngelType $angeltype + * The angeltype to which the user wants to sign up + */ +function Shift_signup_allowed_admin($shift, $angeltype) { + $free_entries = Shift_free_entries($shift['SID'], $angeltype['id']); + if ($free_entries == 0) { + // User shift admins may join anybody in every shift + return new ShiftSignupState(ShiftSignupState::ADMIN, $free_entries); + } + + return new ShiftSignupState(ShiftSignupState::FREE, $free_entries); +} + +/** + * Check if an angel can sign up for given shift. + * + * @param Shift $shift + * The shift + * @param AngelType $angeltype + * The angeltype to which the user wants to sign up + * @param array $user_shifts + * List of the users shifts + */ +function Shift_signup_allowed($signup_user, $shift, $angeltype, $user_angeltype = null, $user_shifts = null) { + global $user, $privileges; + + if (in_array('user_shifts_admin', $privileges)) { + return Shift_signup_allowed_admin($shift, $angeltype); + } + + if (in_array('shiftentry_edit_angeltype_supporter', $privileges) && User_is_AngelType_supporter($user, $angeltype)) { + return Shift_signup_allowed_angel($signup_user, $shift, $angeltype, $user_angeltype, $user_shifts, true); + } + + return Shift_signup_allowed_angel($signup_user, $shift, $angeltype, $user_angeltype, $user_shifts, false); +} + /** * Delete a shift by its external id. */