forked from science-ation/science-ation
Added code for inviting users, access to it through the api
This commit is contained in:
jacob
parent
8f255f4eb8
commit
e9f46edb0e
29
api.php
29
api.php
@ -599,6 +599,35 @@ switch($request[0]) {
|
||||
}
|
||||
|
||||
|
||||
break;
|
||||
/* APIDOC: user/invite
|
||||
description(invites a user to play a particular role in the conference, creating an account for them, and giving them the specifed role)
|
||||
post(username varchar(64), password varchar(64), email varchar(64), roles_id integer)
|
||||
return(user array)
|
||||
*/
|
||||
case 'invite':
|
||||
// let's make sure we have all of the data posted
|
||||
$ok = true;
|
||||
foreach(array('username' => 'varchar(64)', 'password' => 'varchar(64)', 'email' => 'varchar(64)', 'roles_id' => 'integer') as $field => $format){
|
||||
if(!array_key_exists($field, $_POST)){
|
||||
$ret['status'] == 'error';
|
||||
$ret['error'] = "$field ($format) is required";
|
||||
$ok = false;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if($ok){
|
||||
$newUser = user_invite($_POST['username'], $_POST['password'], $_POST['email'], $_POST['roles_id']);
|
||||
if(is_array($newUser)){
|
||||
$ret['status'] = 'ok';
|
||||
$ret['user'] = $newUser;
|
||||
}else{
|
||||
$ret['status'] = 'error';
|
||||
$ret['error'] = $newUser;
|
||||
}
|
||||
}
|
||||
|
||||
break;
|
||||
}
|
||||
|
||||
|
||||
6
db/db.update.224.sql
Normal file
6
db/db.update.224.sql
Normal file
@ -0,0 +1,6 @@
|
||||
INSERT INTO `rolestasks` (`id`, `pid`, `roles_id`, `level`, `task`, `ord`, `link`, `navident`, `conferencetype`) VALUES
|
||||
(128, 89, 10, 2, 'School Information', 1, '/schoolinfo.php', '', 'scienceolympics'),
|
||||
(129, 90, 10, 2, 'School Feedback', 1, '/schoolfeedback.php', '', 'scienceolympics');
|
||||
|
||||
ALTER TABLE `pagetext` DROP INDEX `textname` , ADD UNIQUE `textname` ( `textname` , `conferences_id` , `lang` );
|
||||
UPDATE roles SET `type` = 'participant', `name` = 'Participant' WHERE type = 'student';
|
||||
@ -273,7 +273,16 @@ function dropConference(cid){
|
||||
function openWizard(){
|
||||
wizard = $('<div></div>');
|
||||
$('#conferences').append(wizard);
|
||||
wizard.dialog({'modal':'true'});
|
||||
wizard.dialog({
|
||||
modal:true,
|
||||
width:500,
|
||||
height:200,
|
||||
resizable:false,
|
||||
draggable:false,
|
||||
closeOnEscape:false,
|
||||
open: function(event, ui) { $(".ui-dialog-titlebar-close").hide(); }
|
||||
|
||||
});
|
||||
wizard.load('conferences.php?action=new');
|
||||
}
|
||||
|
||||
@ -371,7 +380,7 @@ function wizard_draw_step($step, $message = null){
|
||||
}
|
||||
|
||||
// draw the actual content of this step
|
||||
echo "<div class=\"wizard_content\">";
|
||||
echo "<div style=\"margin:1em\">";
|
||||
if(function_exists($wizard_steps[$step]['builder'])){
|
||||
$wizard_steps[$step]['builder']();
|
||||
}
|
||||
@ -412,8 +421,10 @@ function build_start_step(){
|
||||
}else{
|
||||
}
|
||||
echo '<p>' . i18n("What would you like to do?") . '</p>';
|
||||
echo '<input type="radio" name="method" value="create" ' . $create_selected . '>' . i18n('Create a new conference') . '</input><br/>';
|
||||
echo '<input type="radio" name="method" value="copy" ' . $copy_selected . '>' . i18n('Copy an existing conference') . '</input><br/>';
|
||||
echo '<div style="margin:1em">';
|
||||
echo '<input type="radio" name="method" value="create" ' . $create_selected . '> ' . i18n('Create a new conference') . '</input><br/>';
|
||||
echo '<input type="radio" name="method" value="copy" ' . $copy_selected . '> ' . i18n('Copy an existing conference') . '</input><br/>';
|
||||
echo '</div>';
|
||||
}
|
||||
}
|
||||
|
||||
@ -439,13 +450,15 @@ function handle_start_step(){
|
||||
function build_select_nametype_step(){
|
||||
global $conference_types;
|
||||
echo "<p>" . i18n("Please enter the name and type of this conference.") . "</p>";
|
||||
|
||||
echo '<div style="margin:1em">';
|
||||
echo "<table><tr>";
|
||||
echo "<td>" . i18n("Conference Name") . "</td>";
|
||||
$val = '';
|
||||
if(array_key_exists('name', $_SESSION['conference_wizard'])){
|
||||
$val = ' VALUE="' . $_SESSION['conference_wizard']['name'] . '" ';
|
||||
}
|
||||
echo "<td><input type=\"text\" id=\"name\"$val></input></td>";
|
||||
echo "<td><input type=\"text\" size=\"40\" id=\"name\"$val></input></td>";
|
||||
echo "</tr><tr>";
|
||||
echo "<td>" . i18n("Conference Type") . "</td>";
|
||||
echo "<td><select id=\"type\">";
|
||||
@ -461,6 +474,7 @@ function build_select_nametype_step(){
|
||||
}
|
||||
echo "</select></td>";
|
||||
echo "</tr></table>";
|
||||
echo "</div>";
|
||||
}
|
||||
|
||||
function handle_select_nametype_step(){
|
||||
@ -500,7 +514,8 @@ function build_select_conference_step(){
|
||||
}
|
||||
|
||||
echo "<p>" . i18n("Please select the conference that you wish to copy.") . "</p>";
|
||||
echo "<table><tr><td>" . i18n("Conference to Copy:") . "</td><td>";
|
||||
echo '<div style="margin:1em">';
|
||||
echo "<table><tr><td colspan=\"2\">";
|
||||
echo "<select id=\"mastercopy\">";
|
||||
$query = mysql_query("SELECT * FROM conferences ORDER BY id DESC");
|
||||
while($row = mysql_fetch_assoc($query)){
|
||||
@ -511,15 +526,16 @@ function build_select_conference_step(){
|
||||
echo "<option $selected value=\"{$row['id']}\">{$row['name']}</option>";
|
||||
}
|
||||
echo "</select>";
|
||||
echo "</td></tr><tr><td>" . i18n("End this conference after copying it:") . "</td><td>";
|
||||
echo "</td></tr><tr><td>";
|
||||
echo "<input type=\"checkbox\" value=\"yes\" name=\"endExisting\" $endchecked ></input>";
|
||||
echo "</td></tr>";
|
||||
echo "</td><td>" . i18n("End this conference after copying it") . "</td></tr>";
|
||||
|
||||
echo "<tr><td>" . i18n("Increment dates by a year:") . "</td><td>";
|
||||
echo "<tr><td>";
|
||||
echo "<input type=\"checkbox\" value=\"yes\" name=\"rollDates\" $rollchecked ></input>";
|
||||
echo "</td></tr>";
|
||||
echo "</td><td>" . i18n("Increment dates by a year") . "</td></tr>";
|
||||
|
||||
echo "</table>";
|
||||
echo '</div>';
|
||||
}
|
||||
|
||||
function handle_select_conference_step(){
|
||||
@ -541,8 +557,6 @@ function handle_select_conference_step(){
|
||||
|
||||
function build_enter_name_step(){
|
||||
echo "<p>" . i18n("Please enter a name for this conference") . "</p>";
|
||||
echo "<table><tr>";
|
||||
echo "<td>" . i18n("Conference Name") . "</td>";
|
||||
$val = '';
|
||||
if(array_key_exists('name', $_SESSION['conference_wizard'])){
|
||||
// get the value previously answered
|
||||
@ -553,8 +567,7 @@ function build_enter_name_step(){
|
||||
$result = mysql_fetch_assoc(mysql_query($query));
|
||||
$val = ' VALUE="' . $result['name'] . '" ';
|
||||
}
|
||||
echo "<td><input type=\"text\" id=\"name\"$val></input></td>";
|
||||
echo "</tr></table>";
|
||||
echo "<div style=\"margin:1em\"><input type=\"text\" size=\"40\" id=\"name\"$val></input></div>";
|
||||
}
|
||||
|
||||
function handle_enter_name_step(){
|
||||
@ -800,10 +813,8 @@ function copy_conference($params){
|
||||
|
||||
$errorMessage .= roll($oldConfId, $newConfId, 'award_awards_projectcategories', "award_awards_id='{$r->id}'",
|
||||
array('award_awards_id' => $award_awards_id));
|
||||
|
||||
$errorMessage .= roll($oldConfId, $newConfId, 'award_awards_projectdivisions', "award_awards_id='{$r->id}'",
|
||||
array('award_awards_id' => $award_awards_id));
|
||||
echo i18n(" Rolling award prizes")."<br />";
|
||||
$errorMessage .= roll($oldConfId, $newConfId, 'award_prizes', "award_awards_id='{$r->id}'",
|
||||
array('award_awards_id' => $award_awards_id));
|
||||
}
|
||||
@ -939,7 +950,7 @@ function roll($oldConfId, $newConfId, $table, $where='', $replace=array()){
|
||||
/* Skip year field */
|
||||
if($k == 'year') continue;
|
||||
/* Skip conferences_id field */
|
||||
if($k == 'year') continue;
|
||||
if($k == 'conferences_id') continue;
|
||||
|
||||
$fields[] = $k;
|
||||
}
|
||||
|
||||
@ -119,6 +119,14 @@ Link username to email? <input type="radio" name="link_username_to_email" value=
|
||||
|
||||
<h2>User Stuff</h2>
|
||||
<a href="api/user/view/">View the user</a><br/>
|
||||
Invite a user:<br/>
|
||||
<form method="post" action="api/user/invite">
|
||||
username: <input type="text" name="username"></input><br/>
|
||||
password: <input type="text" name="password"></input><br/>
|
||||
email address: <input type="text" name="email"></input><br/>
|
||||
role id: <input type="text" name="roles_id"></input><br/>
|
||||
<input type="submit" value="Invite User"></input>
|
||||
</form>
|
||||
|
||||
<h2>Event Schedule</h2>
|
||||
<a href="api/schedule/list">Schedule Listing</a><br/>
|
||||
|
||||
@ -756,56 +756,3 @@ ul.conferencenav li a:hover {
|
||||
.scheduleevent_tour {
|
||||
background: #CCFFD5;
|
||||
}
|
||||
/*
|
||||
#wizardWrapper{
|
||||
display: none;
|
||||
position: absolute;
|
||||
top: 0;
|
||||
left: 0;
|
||||
width: 100%;
|
||||
height: 100%;
|
||||
}
|
||||
#wizardBackdrop{
|
||||
display: none;
|
||||
position: absolute;
|
||||
top: 0;
|
||||
left: 0;
|
||||
width: 100%;
|
||||
height: 100%;
|
||||
background-color: #383878;
|
||||
}
|
||||
|
||||
#wizard {
|
||||
background-color: #E0E0FF;
|
||||
border: 2px solid silver;
|
||||
width: 40em;
|
||||
margin-left:auto;
|
||||
margin-right:auto;
|
||||
top: 20%;
|
||||
}
|
||||
|
||||
#wizard h2{
|
||||
background-color: #1B86B7;
|
||||
color: #FFF;
|
||||
text-align:center;
|
||||
padding:0;
|
||||
margin:0;
|
||||
margin-left:auto;
|
||||
margin-right:auto;
|
||||
border-bottom: 1px solid silver;
|
||||
}
|
||||
|
||||
#wizard p{
|
||||
margin: 0.5em;
|
||||
}
|
||||
|
||||
.wizard_content{
|
||||
background-color: #E0E0FF;
|
||||
margin: 1em;
|
||||
}
|
||||
|
||||
.wizard_buttons{
|
||||
background-color: #1B86B7;
|
||||
padding: 0.25em;
|
||||
}
|
||||
*/
|
||||
|
||||
89
user.inc.php
89
user.inc.php
@ -1113,7 +1113,7 @@ function api_user_auth_required($all_required = array(), $one_required = array()
|
||||
|
||||
if(!isset($_SESSION['roles']) || !isset($_SESSION['accounts_id'])) {
|
||||
$ret['status']="error";
|
||||
$ret['error']="Not logged in";
|
||||
$returnval="Not logged in";
|
||||
return $ret;
|
||||
}
|
||||
|
||||
@ -1140,14 +1140,14 @@ function api_user_auth_required($all_required = array(), $one_required = array()
|
||||
|
||||
if(!$ok) {
|
||||
$ret['status']="error";
|
||||
$ret['error']="You do not have permission to access that information";
|
||||
$returnval="You do not have permission to access that information";
|
||||
return $ret;
|
||||
}
|
||||
|
||||
/* Forward to password expired, remember the target URI */
|
||||
if($_SESSION['password_expired'] == true) {
|
||||
$ret['status']="error";
|
||||
$ret['error']="Your password has expired";
|
||||
$returnval="Your password has expired";
|
||||
return $ret;
|
||||
}
|
||||
$ret['status']="ok";
|
||||
@ -1445,5 +1445,88 @@ function user_conference_load($accounts_id,$conferences_id) {
|
||||
//exit;
|
||||
}
|
||||
|
||||
// sends an invitation from the user currently logged in, to the new user info passed in the parameters
|
||||
// returns the created user object on success, error message otherwise
|
||||
function user_invite($username, $password, $email, $roles_id){
|
||||
global $roles, $conference;
|
||||
$u = user_load($_SESSION['users_id']);
|
||||
$ok = false;
|
||||
$returnval = null;
|
||||
$schoolId = null;
|
||||
|
||||
$roletype = null;
|
||||
foreach($roles as $t => $r){
|
||||
if($r['id'] == $roles_id){
|
||||
$roletype = $t;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if($roletype === null){
|
||||
$returnval = 'Invalid roles_id parameter';
|
||||
}
|
||||
|
||||
// find out if this user has the necessary permission to invite another one
|
||||
if(!is_array($u['roles'])){
|
||||
$returnval = 'You do not have a valid role for inviting users';
|
||||
}
|
||||
|
||||
if(array_key_exists('admin', $u['roles'])){
|
||||
// This is an administrative user; they can invite people to any role they want.
|
||||
$ok = true;
|
||||
}else if(array_key_exists('teacher', $u['roles'])){
|
||||
// This is a teacher; they can add students.
|
||||
|
||||
// make sure this teacher is tied to a school
|
||||
if(array_key_exists('schools_id', $u) && $u['schools_id'] > 0){
|
||||
if($roletype == 'participant'){
|
||||
$ok = true;
|
||||
$schoolId = $u['schools_id'];
|
||||
}else{
|
||||
$returnval = 'You do not have permission to invite this role';
|
||||
}
|
||||
}else{
|
||||
$returnval = 'You must be associated with a school to add participants';
|
||||
}
|
||||
}else{
|
||||
$returnval = 'You do not have a role with permission to invite users';
|
||||
}
|
||||
|
||||
if($returnval == null){
|
||||
// all fields have been passed in, let's go ahead and create the account/user/role
|
||||
$newAccount = account_create($username, $password);
|
||||
if(!is_array($newAccount)){
|
||||
switch($newAccount){
|
||||
case -1: $returnval = "Invalid username"; break;
|
||||
case -2: $returnval = "Username already in use"; break;
|
||||
case -3: $returnval = "Invalid password"; break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if($returnval == null){
|
||||
$newUser = user_create($newAccount['id'], $conference['id']);
|
||||
if(!is_array($newUser)){
|
||||
$returnval = 'Error creating user';
|
||||
}else if($schoolId !== null){
|
||||
// schoolId is only defined if this is a teacher inviting a student
|
||||
$newUser['schools_id'] = $schoolId;
|
||||
user_save($newUser);
|
||||
}
|
||||
}
|
||||
|
||||
if($returnval == null){
|
||||
$result = user_add_role($newUser, $roletype);
|
||||
if($result == 'ok'){
|
||||
// if we made it here, then it all worked nicely
|
||||
$returnval = user_load($newUser['id']);
|
||||
}else{
|
||||
$returnval = "Error adding '$roletype' role: $result";
|
||||
}
|
||||
}
|
||||
|
||||
return $returnval;
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
|
||||
Loading…
Reference in New Issue
Block a user