1060 lines
47 KiB
PHP
1060 lines
47 KiB
PHP
<?php
|
|
/*********************************************************************************
|
|
*
|
|
* TimeTrex is a Workforce Management program developed by
|
|
* TimeTrex Software Inc. Copyright (C) 2003 - 2021 TimeTrex Software Inc.
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify it under
|
|
* the terms of the GNU Affero General Public License version 3 as published by
|
|
* the Free Software Foundation with the addition of the following permission
|
|
* added to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED
|
|
* WORK IN WHICH THE COPYRIGHT IS OWNED BY TIMETREX, TIMETREX DISCLAIMS THE
|
|
* WARRANTY OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
|
|
*
|
|
* This program is distributed in the hope that it will be useful, but WITHOUT
|
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
|
* FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
|
* details.
|
|
*
|
|
*
|
|
* You should have received a copy of the GNU Affero General Public License along
|
|
* with this program; if not, see http://www.gnu.org/licenses or write to the Free
|
|
* Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
|
* 02110-1301 USA.
|
|
*
|
|
*
|
|
* You can contact TimeTrex headquarters at Unit 22 - 2475 Dobbin Rd. Suite
|
|
* #292 West Kelowna, BC V4T 2E9, Canada or at email address info@timetrex.com.
|
|
*
|
|
*
|
|
* The interactive user interfaces in modified source and object code versions
|
|
* of this program must display Appropriate Legal Notices, as required under
|
|
* Section 5 of the GNU Affero General Public License version 3.
|
|
*
|
|
*
|
|
* In accordance with Section 7(b) of the GNU Affero General Public License
|
|
* version 3, these Appropriate Legal Notices must retain the display of the
|
|
* "Powered by TimeTrex" logo. If the display of the logo is not reasonably
|
|
* feasible for technical reasons, the Appropriate Legal Notices must display
|
|
* the words "Powered by TimeTrex".
|
|
*
|
|
********************************************************************************/
|
|
|
|
|
|
/**
|
|
* @package API\Users
|
|
*/
|
|
class APIUser extends APIFactory {
|
|
protected $main_class = 'UserFactory';
|
|
|
|
/**
|
|
* APIUser constructor.
|
|
*/
|
|
public function __construct() {
|
|
parent::__construct(); //Make sure parent constructor is always called.
|
|
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* Get default user data for creating new users.
|
|
* @param string $tmp_company_id UUID
|
|
* @return array
|
|
*/
|
|
function getUserDefaultData( $tmp_company_id = null, $default_id = null ) {
|
|
//Allow getting default data from other companies, so it makes it easier to create the first employee of a company.
|
|
if ( $tmp_company_id != '' && TTUUID::isUUID( $tmp_company_id ) && $tmp_company_id != TTUUID::getZeroID() && $tmp_company_id != TTUUID::getNotExistID() && $this->getPermissionObject()->Check( 'company', 'enabled' ) && $this->getPermissionObject()->Check( 'company', 'view' ) ) {
|
|
$company_id = $tmp_company_id;
|
|
} else {
|
|
$company_id = $this->getCurrentCompanyObject()->getId();
|
|
}
|
|
Debug::Text( 'Getting user default data for Company ID: ' . $company_id . ' TMP Company ID: ' . $tmp_company_id, __FILE__, __LINE__, __METHOD__, 10 );
|
|
|
|
$uf = TTnew( 'UserFactory' ); /** @var UserFactory $uf */
|
|
|
|
//Get New Hire Defaults.
|
|
$udlf = TTnew( 'UserDefaultListFactory' ); /** @var UserDefaultListFactory $udlf */
|
|
if ( $default_id == '' ) {
|
|
$udlf->getByCompanyId( $company_id );
|
|
} else {
|
|
if ( TTUUID::isUUID( $default_id ) ) {
|
|
$udlf->getByIdAndCompanyId( $default_id, $company_id );
|
|
} else {
|
|
$udlf->getByCompanyIdAndName( $company_id, $default_id );
|
|
}
|
|
}
|
|
if ( $udlf->getRecordCount() > 0 ) {
|
|
Debug::Text( 'Using User Defaults, as they exist...', __FILE__, __LINE__, __METHOD__, 10 );
|
|
$udf_obj = $udlf->getCurrent(); /** @var UserDefaultFactory $udf_obj */
|
|
|
|
$data = [
|
|
'company_id' => $company_id,
|
|
'legal_entity_id' => $udf_obj->getLegalEntity(),
|
|
'enable_login' => true,
|
|
'status_id' => 10, //Active.
|
|
'title_id' => $udf_obj->getTitle(),
|
|
'employee_number' => $uf->getNextAvailableEmployeeNumber( $company_id ),
|
|
'city' => $udf_obj->getCity(),
|
|
'country' => $udf_obj->getCountry(),
|
|
'province' => $udf_obj->getProvince(),
|
|
'work_phone' => $udf_obj->getWorkPhone(),
|
|
'work_phone_ext' => $udf_obj->getWorkPhoneExt(),
|
|
'work_email' => $udf_obj->getWorkEmail(),
|
|
'hire_date' => TTDate::getAPIDate( 'DATE', time() ),
|
|
'sex_id' => 5, //Unspecified.
|
|
'default_branch_id' => $udf_obj->getDefaultBranch(),
|
|
'default_department_id' => $udf_obj->getDefaultDepartment(),
|
|
'permission_control_id' => $udf_obj->getPermissionControl(),
|
|
'terminated_permission_control_id' => $udf_obj->getTerminatedPermissionControl(),
|
|
'pay_period_schedule_id' => $udf_obj->getPayPeriodSchedule(),
|
|
'policy_group_id' => $udf_obj->getPolicyGroup(),
|
|
'currency_id' => $udf_obj->getCurrency(),
|
|
'hierarchy_control' => $udf_obj->getHierarchyControl(),
|
|
'recurring_schedule_id' => $udf_obj->getRecurringSchedule(),
|
|
'user_default_id' => $udf_obj->getId(),
|
|
];
|
|
} else {
|
|
Debug::Text( ' User Default data does not exists for Company ID: ' . $company_id .' Trying to determine them automatically...', __FILE__, __LINE__, __METHOD__, 10 );
|
|
|
|
$data = [
|
|
'company_id' => $company_id,
|
|
'enable_login' => true,
|
|
'status_id' => 10, //Active.
|
|
'employee_number' => $uf->getNextAvailableEmployeeNumber( $company_id ),
|
|
'hire_date' => TTDate::getAPIDate( 'DATE', time() ),
|
|
'sex_id' => 5, //Unspecified.
|
|
];
|
|
|
|
$lelf = TTnew( 'LegalEntityListFactory' );
|
|
$lelf->getByCompanyId( $company_id );
|
|
if ( $lelf->getRecordCount() > 0 ) {
|
|
$data['legal_entity_id'] = $lelf->getCurrent()->getId();
|
|
}
|
|
unset( $lelf );
|
|
|
|
$clf = TTnew( 'CurrencyListFactory' );
|
|
$clf->getByCompanyIdAndDefault( $company_id, true );
|
|
if ( $clf->getRecordCount() > 0 ) {
|
|
$data['currency_id'] = $clf->getCurrent()->getId();
|
|
}
|
|
unset( $clf );
|
|
|
|
$pclf = TTnew( 'PermissionControlListFactory' );
|
|
$pclf->getByCompanyId( $company_id );
|
|
if ( $pclf->getRecordCount() > 0 ) {
|
|
$data['permission_control_id'] = $pclf->getCurrent()->getId();
|
|
}
|
|
unset( $pclf );
|
|
}
|
|
|
|
if ( !isset( $data['company_id'] ) ) {
|
|
$data['company_id'] = $company_id;
|
|
}
|
|
|
|
if ( !isset( $data['status_id'] ) ) {
|
|
$data['status_id'] = 10; //Active
|
|
}
|
|
|
|
if ( !isset( $data['currency_id'] ) ) {
|
|
$data['currency_id'] = TTUUID::getZeroID();
|
|
}
|
|
|
|
if ( !isset( $data['country'] ) ) {
|
|
$data['country'] = 'US';
|
|
}
|
|
|
|
if ( !isset( $data['user_default_id'] ) ) {
|
|
$data['user_default_id'] = TTUUID::getZeroID();
|
|
}
|
|
|
|
$ulf = TTnew( 'UserListFactory' ); /** @var UserListFactory $ulf */
|
|
$ulf->getHighestEmployeeNumberByCompanyId( $company_id );
|
|
if ( $ulf->getRecordCount() > 0 ) {
|
|
Debug::Text( 'Highest Employee Number: ' . $ulf->getCurrent()->getEmployeeNumber(), __FILE__, __LINE__, __METHOD__, 10 );
|
|
if ( is_numeric( $ulf->getCurrent()->getEmployeeNumber() ) == true ) {
|
|
$data['next_available_employee_number'] = ( $ulf->getCurrent()->getEmployeeNumber() + 1 );
|
|
} else {
|
|
Debug::Text( 'Highest Employee Number is not an integer.', __FILE__, __LINE__, __METHOD__, 10 );
|
|
$data['next_available_employee_number'] = null;
|
|
}
|
|
} else {
|
|
$data['next_available_employee_number'] = 1;
|
|
}
|
|
|
|
if ( !isset( $data['hire_date'] ) || $data['hire_date'] == '' ) {
|
|
$data['hire_date'] = TTDate::getAPIDate( 'DATE', time() );
|
|
}
|
|
|
|
//Try to default the hierarchy as best we can if its a supervisor (subordinates only) creating the employee record.
|
|
if ( $this->getPermissionObject()->Check( 'user', 'view' ) == false && $this->getPermissionObject()->Check( 'user', 'view_child' ) == true ) {
|
|
$api_hc = new APIHierarchyControl;
|
|
$hierarchy_control_options = $this->stripReturnHandler( $api_hc->getHierarchyControlOptions( false ) ); //Don't include blank.
|
|
if ( is_array( $hierarchy_control_options ) ) {
|
|
foreach ( $hierarchy_control_options as $hierarchy_object_type => $hierarchy_control_ids ) {
|
|
if ( count( $hierarchy_control_ids ) == 1 ) {
|
|
$data['hierarchy_control'][$hierarchy_object_type] = Misc::trimSortPrefix( key( $hierarchy_control_ids ) );
|
|
}
|
|
}
|
|
}
|
|
unset( $api_hc );
|
|
}
|
|
|
|
$data = $uf->getCustomFieldsDefaultData( $company_id, $data );
|
|
|
|
return $this->returnHandler( $data );
|
|
}
|
|
|
|
/**
|
|
* @param string $format
|
|
* @param array $data
|
|
* @param bool $disable_paging
|
|
* @return array|bool
|
|
*/
|
|
function exportUser( $format = 'csv', $data = null, $disable_paging = true ) {
|
|
$result = $this->stripReturnHandler( $this->getUser( $data, $disable_paging ) );
|
|
|
|
return $this->exportRecords( $format, 'export_employee', $result, ( ( isset( $data['filter_columns'] ) ) ? $data['filter_columns'] : null ) );
|
|
}
|
|
|
|
/**
|
|
* Get user data for one or more users.
|
|
* @param array $data filter data, see reference for details.
|
|
* @param boolean $disable_paging disables paging and returns all records.
|
|
* @return array|bool
|
|
* @see UserListFactory::getAPISearchByCompanyIdAndArrayCriteria() To see a description of the ListFactory that is used.
|
|
*/
|
|
function getUser( $data = null, $disable_paging = false ) {
|
|
$data = $this->initializeFilterAndPager( $data, $disable_paging );
|
|
|
|
if ( $this->getPermissionObject()->checkAuthenticationType( 700 ) == false ) { //700=HTTP Auth with username/password
|
|
return $this->getPermissionObject()->AuthenticationTypeDenied();
|
|
}
|
|
|
|
if ( !$this->getPermissionObject()->Check( 'user', 'enabled' )
|
|
|| !( $this->getPermissionObject()->Check( 'user', 'view' ) || $this->getPermissionObject()->Check( 'user', 'view_own' ) || $this->getPermissionObject()->Check( 'user', 'view_child' ) ) ) {
|
|
return $this->getPermissionObject()->PermissionDenied();
|
|
}
|
|
|
|
//We need to take into account different permissions, ie: punch->view, view_child, view_own when displaying the dropdown
|
|
//box in the TimeSheet view and other views as well. Allow the caller of this function to pass a "permission_section"
|
|
//that can be used to determine this.
|
|
$permission_section = 'user';
|
|
$valid_permission_sections = [ 'user', 'wage', 'user_contact', 'accrual', 'roe', 'punch', 'schedule', 'recurring_schedule', 'message', 'user_expense', 'pay_stub_amendment', 'policy_group', 'user_membership', 'user_skill', 'user_education', 'user_license', 'user_language', 'user_review', 'job_application' ]; //#2242 - Make sure we limit the sections to a specific list to avoid security bypasses.
|
|
if ( isset( $data['permission_section'] ) && $data['permission_section'] != '' ) {
|
|
if ( in_array( trim( strtolower( $data['permission_section'] ) ), $valid_permission_sections ) ) {
|
|
$permission_section = trim( strtolower( $data['permission_section'] ) );
|
|
} else {
|
|
Debug::Text( 'ERROR: NOT ALLOWED: permission_section: ' . $data['permission_section'], __FILE__, __LINE__, __METHOD__, 10 );
|
|
}
|
|
}
|
|
Debug::Text( 'Permission Section: ' . $permission_section, __FILE__, __LINE__, __METHOD__, 10 );
|
|
|
|
//Get Permission Hierarchy Children first, as this can be used for viewing, or editing.
|
|
//$data['filter_data']['permission_children_ids'] = $this->getPermissionObject()->getPermissionChildren( $permission_section, 'view' );
|
|
$data['filter_data'] = array_merge( (array)$data['filter_data'], $this->getPermissionObject()->getPermissionFilterData( $permission_section, 'view' ) );
|
|
//Debug::Arr($data['filter_data']['permission_children_ids'], 'Permission Section: '. $permission_section .' Child IDs: ', __FILE__, __LINE__, __METHOD__, 10);
|
|
|
|
//Allow getting users from other companies, so we can change admin contacts when using the master company.
|
|
//Need to allow -1 to be accepted for Edit Company view to not show any employees in Contact dropdowns when creating a new company.
|
|
//But show the proper employees (for that company) in Contact dropdowns when editing an existing company.
|
|
if ( isset( $data['filter_data']['company_id'] )
|
|
&& !empty( $data['filter_data']['company_id'] )
|
|
&& ( $this->getPermissionObject()->Check( 'company', 'enabled' ) && $this->getPermissionObject()->Check( 'company', 'view' ) ) ) {
|
|
$company_id = $data['filter_data']['company_id'];
|
|
} else {
|
|
$company_id = $this->getCurrentCompanyObject()->getId();
|
|
}
|
|
|
|
$include_last_punch_time = ( isset( $data['filter_columns']['max_punch_time_stamp'] ) ) ? true : false;
|
|
|
|
$ulf = TTnew( 'UserListFactory' ); /** @var UserListFactory $ulf */
|
|
$ulf->getAPISearchByCompanyIdAndArrayCriteria( $company_id, $data['filter_data'], $data['filter_items_per_page'], $data['filter_page'], null, $data['filter_sort'], $include_last_punch_time );
|
|
Debug::Text( 'Record Count: ' . $ulf->getRecordCount(), __FILE__, __LINE__, __METHOD__, 10 );
|
|
if ( $ulf->getRecordCount() > 0 ) {
|
|
$this->getProgressBarObject()->start( $this->getAPIMessageID(), $ulf->getRecordCount() );
|
|
|
|
$this->setPagerObject( $ulf );
|
|
|
|
$retarr = [];
|
|
foreach ( $ulf as $u_obj ) {
|
|
$retarr[] = $u_obj->getObjectAsArray( $data['filter_columns'] );
|
|
|
|
$this->getProgressBarObject()->set( $this->getAPIMessageID(), $ulf->getCurrentRow() );
|
|
}
|
|
|
|
$this->getProgressBarObject()->stop( $this->getAPIMessageID() );
|
|
|
|
//Debug::Arr($retarr, 'User Data: ', __FILE__, __LINE__, __METHOD__, 10);
|
|
|
|
return $this->returnHandler( $retarr );
|
|
}
|
|
|
|
return $this->returnHandler( true ); //No records returned.
|
|
}
|
|
|
|
/**
|
|
* Get only the fields that are common across all records in the search criteria. Used for Mass Editing of records.
|
|
* @param array $data filter data
|
|
* @return array
|
|
*/
|
|
function getCommonUserData( $data ) {
|
|
return Misc::arrayIntersectByRow( $this->stripReturnHandler( $this->getUser( $data, true ) ) );
|
|
}
|
|
|
|
/**
|
|
* Validate user data for one or more users.
|
|
* @param array $data user data
|
|
* @return array
|
|
*/
|
|
function validateUser( $data ) {
|
|
return $this->setUser( $data, true );
|
|
}
|
|
|
|
/**
|
|
* Set user data for one or more users.
|
|
* @param array $data user data
|
|
* @param bool $validate_only
|
|
* @param bool $ignore_warning
|
|
* @return array|bool
|
|
*/
|
|
function setUser( $data, $validate_only = false, $ignore_warning = true ) {
|
|
global $authentication;
|
|
|
|
$validate_only = (bool)$validate_only;
|
|
$ignore_warning = (bool)$ignore_warning;
|
|
|
|
if ( !is_array( $data ) ) {
|
|
return $this->returnHandler( false );
|
|
}
|
|
|
|
if ( $this->getPermissionObject()->checkAuthenticationType( 700 ) == false ) { //700=HTTP Auth with username/password
|
|
return $this->getPermissionObject()->AuthenticationTypeDenied();
|
|
}
|
|
|
|
//If they have permissions to edit user records other than their own, make sure their status is Active.
|
|
if ( $this->getCurrentUserObject()->getStatus() != 10 && ( $this->getPermissionObject()->Check( 'user', 'edit' ) || $this->getPermissionObject()->Check( 'user', 'edit_child' ) ) ) { //10=Active -- Make sure user record is active as well.
|
|
return $this->getPermissionObject()->PermissionDenied( false, TTi18n::getText( 'Employee status must be Active to modify employees' ) );
|
|
}
|
|
|
|
if ( !$this->getPermissionObject()->Check( 'user', 'enabled' )
|
|
|| !( $this->getPermissionObject()->Check( 'user', 'edit' ) || $this->getPermissionObject()->Check( 'user', 'edit_own' ) || $this->getPermissionObject()->Check( 'user', 'edit_child' ) || $this->getPermissionObject()->Check( 'user', 'add' ) ) ) {
|
|
return $this->getPermissionObject()->PermissionDenied();
|
|
}
|
|
if ( $validate_only == true ) {
|
|
Debug::Text( 'Validating Only!', __FILE__, __LINE__, __METHOD__, 10 );
|
|
$permission_children_ids = false;
|
|
} else {
|
|
//Get Permission Hierarchy Children first, as this can be used for viewing, or editing.
|
|
$permission_children_ids = $this->getPermissionChildren();
|
|
}
|
|
|
|
[ $data, $total_records ] = $this->convertToMultipleRecords( $data );
|
|
Debug::Text( 'Received data for: ' . $total_records . ' Users', __FILE__, __LINE__, __METHOD__, 10 );
|
|
//Debug::Arr($data, 'Data: ', __FILE__, __LINE__, __METHOD__, 10);
|
|
|
|
$validator_stats = [ 'total_records' => $total_records, 'valid_records' => 0 ];
|
|
$validator = $save_result = []; $key = false;
|
|
if ( is_array( $data ) && $total_records > 0 ) {
|
|
$this->getProgressBarObject()->start( $this->getAPIMessageID(), $total_records );
|
|
|
|
foreach ( $data as $key => $row ) {
|
|
$transaction_function = function () use ( $row, $validate_only, $ignore_warning, $validator_stats, $validator, $save_result, $key, $total_records, $permission_children_ids ) {
|
|
$primary_validator = new Validator();
|
|
|
|
$lf = TTnew( 'UserListFactory' ); /** @var UserListFactory $lf */
|
|
if ( $validate_only == false ) { //Only switch into serializable mode when actually saving the record.
|
|
$lf->setTransactionMode( 'REPEATABLE READ' ); //Required to help prevent duplicate simulataneous HTTP requests from causing duplicate user records or duplicate employee number/user_names.
|
|
}
|
|
$lf->StartTransaction();
|
|
|
|
//Force Company ID to current company.
|
|
if ( !isset( $row['company_id'] ) || ( isset( $row['company_id'] ) && $row['company_id'] == '' ) || !$this->getPermissionObject()->Check( 'company', 'view' ) ) {
|
|
$row['company_id'] = $this->getCurrentCompanyObject()->getId();
|
|
}
|
|
|
|
if ( isset( $row['id'] ) && $row['id'] != '' ) {
|
|
//Modifying existing object.
|
|
//Get user object, so we can only modify just changed data for specific records if needed.
|
|
$lf->getByIdAndCompanyId( $row['id'], $row['company_id'] );
|
|
if ( $lf->getRecordCount() == 1 ) {
|
|
//Object exists, check edit permissions
|
|
//Debug::Text('User ID: '. $row['id'] .' Created By: '. $lf->getCurrent()->getCreatedBy() .' Is Owner: '. (int)$this->getPermissionObject()->isOwner( $lf->getCurrent()->getCreatedBy(), $lf->getCurrent()->getID() ) .' Is Child: '. (int)$this->getPermissionObject()->isChild( $lf->getCurrent()->getId(), $permission_children_ids ), __FILE__, __LINE__, __METHOD__, 10);
|
|
if (
|
|
$validate_only == true
|
|
||
|
|
(
|
|
$this->getPermissionObject()->Check( 'user', 'edit' )
|
|
|| ( $this->getPermissionObject()->Check( 'user', 'edit_own' ) && $this->getPermissionObject()->isOwner( $lf->getCurrent()->getCreatedBy(), $lf->getCurrent()->getID() ) === true )
|
|
|| ( $this->getPermissionObject()->Check( 'user', 'edit_child' ) && $this->getPermissionObject()->isChild( $lf->getCurrent()->getId(), $permission_children_ids ) === true )
|
|
) ) {
|
|
|
|
Debug::Text( 'Row Exists, getting current data for ID: ' . $row['id'], __FILE__, __LINE__, __METHOD__, 10 );
|
|
//$row = array_merge( $lf->getCurrent()->getObjectAsArray(), $row );
|
|
$lf = $lf->getCurrent(); //Make the current $lf variable the current object, so we can ignore some fields if needed.
|
|
$row = array_merge( $lf->getObjectAsArray(), $row );
|
|
} else {
|
|
$primary_validator->isTrue( 'permission', false, TTi18n::gettext( 'Edit permission denied' ) );
|
|
}
|
|
} else {
|
|
//Object doesn't exist.
|
|
$primary_validator->isTrue( 'id', false, TTi18n::gettext( 'Edit permission denied, record does not exist' ) );
|
|
}
|
|
} else {
|
|
//Adding new object, check ADD permissions.
|
|
$primary_validator->isTrue( 'permission', $this->getPermissionObject()->Check( 'user', 'add' ), TTi18n::gettext( 'Add permission denied' ) );
|
|
|
|
//Because password encryption requires the user_id, we need to get it first when creating a new employee.
|
|
$row['id'] = $lf->getNextInsertId();
|
|
}
|
|
|
|
//When doing a mass edit of employees, user name is never specified, so we need to avoid this validation issue.
|
|
//Generate random user name if its validate only and not otherwise specified.
|
|
if ( $validate_only == true && ( !isset( $row['user_name'] ) || $row['user_name'] == '' ) ) {
|
|
$row['user_name'] = 'random' . rand( 10000000, 99999999 );
|
|
}
|
|
//Debug::Arr($row, 'Data: ', __FILE__, __LINE__, __METHOD__, 10);
|
|
|
|
$is_valid = $primary_validator->isValid();
|
|
if ( $is_valid == true ) { //Check to see if all permission checks passed before trying to save data.
|
|
Debug::Text( 'Attempting to save data... API Message ID: ' . $this->getAPIMessageID(), __FILE__, __LINE__, __METHOD__, 10 );
|
|
|
|
if ( DEMO_MODE == true && $lf->isNew() == false ) { //Allow changing these if DEMO is enabled, but they are adding new records.
|
|
Debug::Text( 'DEMO Mode ENABLED, disable modifying some data...', __FILE__, __LINE__, __METHOD__, 10 );
|
|
unset( $row['permission_control_id'], $row['status_id'], $row['phone_id'], $row['user_name'], $row['password'] );
|
|
}
|
|
|
|
if ( $this->getPermissionObject()->Check( 'user', 'edit_advanced' ) == false ) {
|
|
Debug::Text( 'NOT allowing advanced edit...', __FILE__, __LINE__, __METHOD__, 10 );
|
|
//Unset all advanced fields.
|
|
unset(
|
|
$row['user_name'],
|
|
$row['currency_id'],
|
|
$row['employee_number'], //This must always be set
|
|
$row['default_branch_id'],
|
|
$row['default_department_id'],
|
|
$row['group_id'],
|
|
$row['title_id'],
|
|
$row['first_name'],
|
|
$row['middle_name'],
|
|
$row['last_name'],
|
|
$row['city'],
|
|
$row['country'],
|
|
$row['province'],
|
|
$row['hire_date'],
|
|
$row['birth_date'],
|
|
$row['termination_date'],
|
|
$row['sin'],
|
|
$row['note'],
|
|
$row['tags']
|
|
);
|
|
}
|
|
|
|
unset( $row['mfa_type_id'] ); //Do not allow changing multifactor settings
|
|
|
|
//If the user doesn't have permissions to change the hierarchy_control, unset that data.
|
|
if ( isset( $row['hierarchy_control'] ) && ( $this->getPermissionObject()->Check( 'hierarchy', 'edit' ) || $this->getPermissionObject()->Check( 'user', 'edit_hierarchy' ) ) ) {
|
|
Debug::Text( 'Allowing change of hierarchy...', __FILE__, __LINE__, __METHOD__, 10 );
|
|
} else {
|
|
Debug::Text( 'NOT allowing change of hierarchy...', __FILE__, __LINE__, __METHOD__, 10 );
|
|
unset( $row['hierarchy_control'] );
|
|
}
|
|
|
|
//Handle additional permission checks for setPermissionControl().
|
|
if ( isset( $row['permission_control_id'] )
|
|
&& ( $lf->getPermissionLevel() <= $this->getPermissionObject()->getLevel() && ( $this->getPermissionObject()->Check( 'permission', 'edit' ) || $this->getPermissionObject()->Check( 'permission', 'edit_own' ) || $this->getPermissionObject()->Check( 'user', 'edit_permission_group' ) ) ) ) {
|
|
Debug::Text( 'Allowing change of permissions...', __FILE__, __LINE__, __METHOD__, 10 );
|
|
} else {
|
|
Debug::Text( 'NOT allowing change of permissions...', __FILE__, __LINE__, __METHOD__, 10 );
|
|
unset( $row['permission_control_id'] );
|
|
}
|
|
|
|
if ( isset( $row['pay_period_schedule_id'] ) && ( $this->getPermissionObject()->Check( 'pay_period_schedule', 'edit' ) || $this->getPermissionObject()->Check( 'user', 'edit_pay_period_schedule' ) ) ) {
|
|
Debug::Text( 'Allowing change of pay period schedule...', __FILE__, __LINE__, __METHOD__, 10 );
|
|
} else {
|
|
Debug::Text( 'NOT allowing change of pay period schedule...', __FILE__, __LINE__, __METHOD__, 10 );
|
|
unset( $row['pay_period_schedule_id'] );
|
|
}
|
|
|
|
if ( isset( $row['policy_group_id'] ) && ( $this->getPermissionObject()->Check( 'policy_group', 'edit' ) || $this->getPermissionObject()->Check( 'user', 'edit_policy_group' ) ) ) {
|
|
Debug::Text( 'Allowing change of policy group...', __FILE__, __LINE__, __METHOD__, 10 );
|
|
} else {
|
|
Debug::Text( 'NOT allowing change of policy group...', __FILE__, __LINE__, __METHOD__, 10 );
|
|
unset( $row['policy_group_id'] );
|
|
}
|
|
|
|
$lf->setObjectFromArray( $row );
|
|
|
|
$lf->Validator->setValidateOnly( $validate_only );
|
|
|
|
$is_valid = $lf->isValid( $ignore_warning );
|
|
|
|
if ( $validate_only == false && $lf->getIsRequiredCurrentPassword() == true ) {
|
|
$lf->FailTransaction();
|
|
$lf->CommitTransaction();
|
|
$lf->setTransactionMode(); //Back to default isolation level.
|
|
|
|
return [ $validator, $validator_stats, $key, false, true ];
|
|
}
|
|
|
|
if ( $is_valid == true ) {
|
|
Debug::Text( 'Saving data...', __FILE__, __LINE__, __METHOD__, 10 );
|
|
if ( $validate_only == true ) {
|
|
$save_result[$key] = true;
|
|
} else {
|
|
$save_result[$key] = $lf->Save( true, true );
|
|
}
|
|
$validator_stats['valid_records']++;
|
|
}
|
|
}
|
|
|
|
if ( $is_valid == false ) {
|
|
Debug::Text( 'Data is Invalid...', __FILE__, __LINE__, __METHOD__, 10 );
|
|
|
|
$lf->FailTransaction(); //Just rollback this single record, continue on to the rest.
|
|
|
|
$validator[$key] = $this->setValidationArray( [ $primary_validator, $lf ], ( ( $total_records > 1 && is_object( $lf ) ) ? $lf->getFullName() : null ) );
|
|
} else if ( $validate_only == true ) {
|
|
//Always fail transaction when valididate only is used, as is saved to different tables immediately.
|
|
$lf->FailTransaction();
|
|
}
|
|
|
|
$lf->CommitTransaction();
|
|
$lf->setTransactionMode(); //Back to default isolation level.
|
|
|
|
return [ $validator, $validator_stats, $key, $save_result, false ];
|
|
};
|
|
|
|
[ $validator, $validator_stats, $key, $save_result, $is_reauthentication_required ] = $this->getMainClassObject()->RetryTransaction( $transaction_function );
|
|
|
|
if ( $is_reauthentication_required == true ) {
|
|
return $this->getPermissionObject()->ReauthenticationRequired( $this->getCurrentUserObject() );
|
|
}
|
|
|
|
$this->getProgressBarObject()->set( $this->getAPIMessageID(), $key );
|
|
}
|
|
|
|
$this->getProgressBarObject()->stop( $this->getAPIMessageID() );
|
|
|
|
//One time auth is used to verify single actions that require re-authentication and needs to be removed after used.
|
|
$authentication->reauthenticationActionCompleted();
|
|
|
|
return $this->handleRecordValidationResults( $validator, $validator_stats, $key, $save_result ); //Don't Enable System Job Queue status update, as it will trigger the spinner quite often when we rarely run background jobs currently.
|
|
}
|
|
|
|
return $this->returnHandler( false );
|
|
}
|
|
|
|
/**
|
|
* Delete one or more users.
|
|
* @param array $data user data
|
|
* @return array|bool
|
|
*/
|
|
function deleteUser( $data ) {
|
|
if ( !is_array( $data ) ) {
|
|
$data = [ $data ];
|
|
}
|
|
|
|
if ( DEMO_MODE == true ) {
|
|
return $this->returnHandler( true );
|
|
}
|
|
|
|
if ( !is_array( $data ) ) {
|
|
return $this->returnHandler( false );
|
|
}
|
|
|
|
if ( $this->getPermissionObject()->checkAuthenticationType( 700 ) == false ) { //700=HTTP Auth with username/password
|
|
return $this->getPermissionObject()->AuthenticationTypeDenied();
|
|
}
|
|
|
|
if ( !$this->getPermissionObject()->Check( 'user', 'enabled' )
|
|
|| !( $this->getPermissionObject()->Check( 'user', 'delete' ) || $this->getPermissionObject()->Check( 'user', 'delete_own' ) || $this->getPermissionObject()->Check( 'user', 'delete_child' ) ) ) {
|
|
return $this->getPermissionObject()->PermissionDenied();
|
|
}
|
|
|
|
//Get Permission Hierarchy Children first, as this can be used for viewing, or editing.
|
|
$permission_children_ids = $this->getPermissionChildren();
|
|
|
|
Debug::Text( 'Received data for: ' . count( $data ) . ' Users', __FILE__, __LINE__, __METHOD__, 10 );
|
|
Debug::Arr( $data, 'Data: ', __FILE__, __LINE__, __METHOD__, 10 );
|
|
|
|
$total_records = count( $data );
|
|
$validator = $save_result = []; $key = false;
|
|
$validator_stats = [ 'total_records' => $total_records, 'valid_records' => 0 ];
|
|
if ( is_array( $data ) && $total_records > 0 ) {
|
|
$this->getProgressBarObject()->start( $this->getAPIMessageID(), $total_records );
|
|
|
|
foreach ( $data as $key => $id ) {
|
|
$primary_validator = new Validator();
|
|
$lf = TTnew( 'UserListFactory' ); /** @var UserListFactory $lf */
|
|
$lf->StartTransaction();
|
|
if ( $id != '' ) {
|
|
if ( $this->getPermissionObject()->Check( 'company', 'view' ) == true ) {
|
|
$lf->getById( $id );//Allow deleting employees in other companies.
|
|
} else {
|
|
$lf->getByIdAndCompanyId( $id, $this->getCurrentCompanyObject()->getId() );
|
|
}
|
|
if ( $lf->getRecordCount() == 1 ) {
|
|
//Object exists, check edit permissions
|
|
//Debug::Text('User ID: '. $user['id'] .' Created By: '. $lf->getCurrent()->getCreatedBy() .' Is Owner: '. (int)$this->getPermissionObject()->isOwner( $lf->getCurrent()->getCreatedBy(), $lf->getCurrent()->getID() ) .' Is Child: '. (int)$this->getPermissionObject()->isChild( $lf->getCurrent()->getId(), $permission_children_ids ), __FILE__, __LINE__, __METHOD__, 10);
|
|
if ( $this->getPermissionObject()->Check( 'user', 'delete' )
|
|
|| ( $this->getPermissionObject()->Check( 'user', 'delete_own' ) && $this->getPermissionObject()->isOwner( $lf->getCurrent()->getCreatedBy(), $lf->getCurrent()->getID() ) === true )
|
|
|| ( $this->getPermissionObject()->Check( 'user', 'delete_child' ) && $this->getPermissionObject()->isChild( $lf->getCurrent()->getId(), $permission_children_ids ) === true ) ) {
|
|
|
|
Debug::Text( 'Record Exists, deleting record ID: ' . $id, __FILE__, __LINE__, __METHOD__, 10 );
|
|
$lf = $lf->getCurrent();
|
|
} else {
|
|
$primary_validator->isTrue( 'permission', false, TTi18n::gettext( 'Delete permission denied' ) );
|
|
}
|
|
} else {
|
|
//Object doesn't exist.
|
|
$primary_validator->isTrue( 'id', false, TTi18n::gettext( 'Delete permission denied, record does not exist' ) );
|
|
}
|
|
} else {
|
|
$primary_validator->isTrue( 'id', false, TTi18n::gettext( 'Delete permission denied, record does not exist' ) );
|
|
}
|
|
|
|
//Debug::Arr($lf, 'AData: ', __FILE__, __LINE__, __METHOD__, 10);
|
|
|
|
$is_valid = $primary_validator->isValid();
|
|
if ( $is_valid == true ) { //Check to see if all permission checks passed before trying to save data.
|
|
Debug::Text( 'Attempting to delete record...', __FILE__, __LINE__, __METHOD__, 10 );
|
|
$lf->setDeleted( true );
|
|
|
|
$is_valid = $lf->isValid();
|
|
if ( $is_valid == true ) {
|
|
Debug::Text( 'Record Deleted...', __FILE__, __LINE__, __METHOD__, 10 );
|
|
$save_result[$key] = $lf->Save();
|
|
$validator_stats['valid_records']++;
|
|
}
|
|
}
|
|
|
|
if ( $is_valid == false ) {
|
|
Debug::Text( 'Data is Invalid...', __FILE__, __LINE__, __METHOD__, 10 );
|
|
|
|
$lf->FailTransaction(); //Just rollback this single record, continue on to the rest.
|
|
|
|
$validator[$key] = $this->setValidationArray( [ $primary_validator, $lf ], ( ( $total_records > 1 && is_object( $lf ) ) ? $lf->getFullName() : null ) );
|
|
}
|
|
|
|
$lf->CommitTransaction();
|
|
|
|
$this->getProgressBarObject()->set( $this->getAPIMessageID(), $key );
|
|
}
|
|
|
|
$this->getProgressBarObject()->stop( $this->getAPIMessageID() );
|
|
|
|
return $this->handleRecordValidationResults( $validator, $validator_stats, $key, $save_result );
|
|
}
|
|
|
|
return $this->returnHandler( false );
|
|
}
|
|
|
|
/**
|
|
* Copy one or more users.
|
|
* @param array $data user data
|
|
* @return array
|
|
*/
|
|
function copyUser( $data ) {
|
|
//Can only Copy as New, not just a regular copy, as too much data needs to be changed,
|
|
//such as username, password, employee_number, SIN, first/last name address...
|
|
return $this->returnHandler( false );
|
|
}
|
|
|
|
/**
|
|
* Check if username is unique or not.
|
|
* @param string $user_name user name
|
|
* @return array|bool
|
|
*/
|
|
function isUniqueUserName( $user_name ) {
|
|
Debug::Text( 'Checking for unique user name: ' . $user_name, __FILE__, __LINE__, __METHOD__, 10 );
|
|
|
|
$uf = TTNew( 'UserFactory' ); /** @var UserFactory $uf */
|
|
$retval = $uf->isUniqueUserName( $user_name );
|
|
|
|
return $this->returnHandler( $retval );
|
|
}
|
|
|
|
/**
|
|
* Allows currently logged in user to change their password.
|
|
* @param string $new_password
|
|
* @param string $new_password2
|
|
* @param string $type
|
|
* @return array|bool
|
|
*/
|
|
function changePassword( $new_password, $new_password2, $type = 'user_name' ) {
|
|
$ulf = TTnew( 'UserListFactory' ); /** @var UserListFactory $ulf */
|
|
$ulf->getByIdAndCompanyId( $this->getCurrentUserObject()->getId(), $this->getCurrentCompanyObject()->getId() );
|
|
if ( $ulf->getRecordCount() == 1 ) {
|
|
$uf = $ulf->getCurrent();
|
|
|
|
global $authentication;
|
|
|
|
if ( $authentication->isSessionReauthenticated() === false ) {
|
|
return $this->getPermissionObject()->ReauthenticationRequired( $this->getCurrentUserObject() );
|
|
}
|
|
|
|
if ( $authentication->getRateLimitObject()->check() == false ) {
|
|
Debug::Text( 'Excessive failed password attempts... Preventing password change from: ' . Misc::getRemoteIPAddress() . ' for up to 15 minutes...', __FILE__, __LINE__, __METHOD__, 10 );
|
|
sleep( 5 ); //Excessive password attempts, sleep longer.
|
|
|
|
$uf->Validator->isTrue( 'current_password',
|
|
false,
|
|
TTi18n::gettext( 'Current password is incorrect' ) . ' (z)' );
|
|
} else {
|
|
$uf->setIsRequiredCurrentPassword( false );
|
|
|
|
switch ( strtolower( $type ) ) {
|
|
case 'quick_punch':
|
|
case 'quick_punch_id':
|
|
case 'phone_id':
|
|
case 'phone':
|
|
if ( $this->getPermissionObject()->Check( 'user', 'edit_own_phone_password' ) == false ) {
|
|
return $this->getPermissionObject()->PermissionDenied();
|
|
}
|
|
|
|
$log_description = TTi18n::getText( 'Password - Quick Punch' );
|
|
|
|
if ( $new_password != '' || $new_password2 != '' ) {
|
|
if ( $new_password === $new_password2 ) {
|
|
$uf->setPhonePassword( $new_password );
|
|
} else {
|
|
$uf->Validator->isTrue( 'password',
|
|
false,
|
|
TTi18n::gettext( 'Passwords don\'t match' ) );
|
|
}
|
|
}
|
|
break;
|
|
case 'user_name':
|
|
case 'web':
|
|
if ( $this->getPermissionObject()->Check( 'user', 'edit_own_password' ) == false ) {
|
|
return $this->getPermissionObject()->PermissionDenied();
|
|
}
|
|
|
|
if ( $uf->getCompanyObject()->getLDAPAuthenticationType() == 0 ) {
|
|
$log_description = TTi18n::getText( 'Password - Web' );
|
|
|
|
if ( $new_password != '' || $new_password2 != '' ) {
|
|
if ( $new_password === $new_password2 ) {
|
|
$uf->setPassword( $new_password );
|
|
} else {
|
|
$uf->Validator->isTrue( 'password',
|
|
false,
|
|
TTi18n::gettext( 'Passwords don\'t match' ) );
|
|
}
|
|
}
|
|
} else {
|
|
Debug::Text( 'LDAP Authentication is enabled, password changing is disabled! ', __FILE__, __LINE__, __METHOD__, 10 );
|
|
$uf->Validator->isTrue( 'current_password',
|
|
false,
|
|
TTi18n::getText( 'Please contact your administrator for instructions on changing your password.' ) . ' (LDAP)' );
|
|
}
|
|
break;
|
|
}
|
|
}
|
|
|
|
if ( $uf->isValid() ) {
|
|
//One time auth is used to verify single actions that require re-authentication and needs to be removed after used.
|
|
$authentication->reauthenticationActionCompleted();
|
|
|
|
if ( DEMO_MODE == true ) {
|
|
//Return TRUE even in demo mode, but nothing happens.
|
|
return $this->returnHandler( true );
|
|
} else {
|
|
TTLog::addEntry( $this->getCurrentUserObject()->getId(), 20, $log_description, null, $uf->getTable() );
|
|
|
|
$authentication->getRateLimitObject()->delete(); //Clear failed password rate limit upon successful login.
|
|
|
|
$retval = $uf->Save( false ); //UserID is needed below.
|
|
|
|
//Logout all other sessions for this user.
|
|
$authentication = TTNew( 'Authentication' ); /** @var Authentication $authentication */
|
|
$authentication->logoutUser( $uf->getID() );
|
|
|
|
return $this->returnHandler( $retval ); //Single valid record
|
|
}
|
|
} else {
|
|
//One time auth is used to verify single actions that require re-authentication and needs to be removed after used.
|
|
$authentication->reauthenticationActionCompleted();
|
|
return $this->returnHandler( false, 'VALIDATION', TTi18n::getText( 'INVALID DATA' ), $uf->Validator->getErrorsArray(), [ 'total_records' => 1, 'valid_records' => 0 ] );
|
|
}
|
|
}
|
|
|
|
return $this->returnHandler( false );
|
|
}
|
|
|
|
|
|
/**
|
|
* Returns a list of unique provinces that employees are assigned to.
|
|
* @return array
|
|
*/
|
|
function getUniqueUserProvinces() {
|
|
//Get a unique list of states each employee belongs to
|
|
$ulf = TTnew( 'UserListFactory' ); /** @var UserListFactory $ulf */
|
|
$ulf->getByCompanyId( $this->getCurrentCompanyObject()->getId() );
|
|
$retarr = [];
|
|
if ( $ulf->getRecordCount() > 0 ) {
|
|
foreach ( $ulf as $u_obj ) {
|
|
$retarr[$u_obj->getProvince()] = $u_obj->getProvince();
|
|
}
|
|
} else {
|
|
$retarr = false;
|
|
}
|
|
|
|
return $retarr;
|
|
}
|
|
|
|
/**
|
|
* @param $email
|
|
* @return bool
|
|
*/
|
|
function UnsubscribeEmail( $email ) {
|
|
if ( $email != '' && $this->getPermissionObject()->Check( 'company', 'edit' ) ) {
|
|
return UserFactory::UnsubscribeEmail( $email );
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* @param string $user_ids UUID
|
|
* @return bool
|
|
*/
|
|
function sendValidationEmail( $user_ids ) {
|
|
if ( !$this->getPermissionObject()->Check( 'user', 'enabled' )
|
|
|| !( $this->getPermissionObject()->Check( 'user', 'edit' ) || $this->getPermissionObject()->Check( 'user', 'edit_child' ) || $this->getPermissionObject()->Check( 'user', 'add' ) ) ) {
|
|
return $this->getPermissionObject()->PermissionDenied();
|
|
}
|
|
|
|
$ulf = TTnew( 'UserListFactory' ); /** @var UserListFactory $ulf */
|
|
$ulf->getByIdAndCompanyId( $user_ids, $this->getCurrentCompanyObject()->getId() );
|
|
if ( $ulf->getRecordCount() == 1 ) {
|
|
$emails_sent = 0;
|
|
foreach ( $ulf as $u_obj ) {
|
|
if ( $u_obj->getWorkEmailIsValid() == false ) {
|
|
$u_obj->sendValidateEmail( 'work' );
|
|
$emails_sent++;
|
|
}
|
|
|
|
if ( $u_obj->getHomeEmailIsValid() == false ) {
|
|
$u_obj->sendValidateEmail( 'home' );
|
|
$emails_sent++;
|
|
}
|
|
}
|
|
|
|
Debug::Text( 'Users Found: ' . $ulf->getRecordCount() . ' Validation Emails Sent: ' . $emails_sent, __FILE__, __LINE__, __METHOD__, 10 );
|
|
if ( $emails_sent > 0 ) {
|
|
return true;
|
|
}
|
|
}
|
|
|
|
Debug::Text( 'ERROR: No users to send validation emails to.', __FILE__, __LINE__, __METHOD__, 10 );
|
|
|
|
return false;
|
|
}
|
|
|
|
|
|
/**
|
|
* Get user data for one or more users. This is an alias for getUser() that can be overridden by a plugin for getting data on remote servers.
|
|
* @param array $data filter data, see reference for details.
|
|
* @param boolean $disable_paging disables paging and returns all records.
|
|
* @return array
|
|
* @see UserListFactory::getAPISearchByCompanyIdAndArrayCriteria() To see a description of the ListFactory that is used.
|
|
*/
|
|
function getCompanyUser( $data = null, $disable_paging = false ) {
|
|
return $this->getUser( $data, $disable_paging );
|
|
}
|
|
|
|
/**
|
|
* @param int $rating Accepted values are -1, 0, 1.
|
|
* @param bool $message
|
|
* @return array|bool
|
|
*/
|
|
function setUserFeedbackRating( $rating, $message = false ) {
|
|
$ulf = TTnew( 'UserListFactory' ); /** @var UserListFactory $ulf */
|
|
$ulf->getByIdAndCompanyId( $this->getCurrentUserObject()->getId(), $this->getCurrentCompanyObject()->getId() );
|
|
if ( $ulf->getRecordCount() == 1 ) {
|
|
$u_obj = $ulf->getCurrent();
|
|
|
|
if ( $rating != $u_obj->getFeedbackRating() ) {
|
|
$u_obj->setFeedbackRating( $rating );
|
|
if ( $u_obj->isValid() ) {
|
|
$retval = $u_obj->Save( false );
|
|
if ( $retval == true ) {
|
|
//Save in user_setting table as well, so we have other information such as created date.
|
|
UserSettingFactory::setUserSetting( $this->getCurrentUserObject()->getId(), 'feedback_rating', $rating, 20 ); //20=Private
|
|
|
|
$ttsc = new TimeTrexSoapClient();
|
|
$ttsc->sendUserFeedback( $rating, $message, $u_obj );
|
|
|
|
//Since we are updating the user record, the audit log will contain the rating change.
|
|
//TTLog::addEntry( $u_obj->getId(), 500, TTi18n::getText('Feedback Rating').': '. $rating .' '. TTi18n::getText('Message') .': '. $message, $u_obj->getId(), $u_obj->getTable() );
|
|
}
|
|
}
|
|
} else if ( $message != '' ) {
|
|
$ttsc = new TimeTrexSoapClient();
|
|
$ttsc->sendUserFeedback( $rating, $message, $u_obj );
|
|
}
|
|
|
|
return $this->returnHandler( true );
|
|
}
|
|
|
|
return $this->returnHandler( false );
|
|
}
|
|
|
|
/**
|
|
* @param $submitted_review Accepted values are 0 or 1.
|
|
* @return array|bool
|
|
*/
|
|
function setUserFeedbackReview( $submitted_review ) {
|
|
$submitted_review = (int)$submitted_review;
|
|
|
|
return $this->returnHandler( UserSettingFactory::setUserSetting( $this->getCurrentUserObject()->getId(), 'feedback_rating_review', $submitted_review, 20 ) ); //20=Private
|
|
}
|
|
|
|
/**
|
|
* @param $employee_id
|
|
* @return array|bool
|
|
*/
|
|
function deleteImage( $employee_id ) {
|
|
//permissions match setUser()
|
|
if ( !$this->getPermissionObject()->Check( 'user', 'enabled' )
|
|
|| !( $this->getPermissionObject()->Check( 'user', 'edit' ) || $this->getPermissionObject()->Check( 'user', 'edit_own' ) || $this->getPermissionObject()->Check( 'user', 'edit_child' ) || $this->getPermissionObject()->Check( 'user', 'add' ) ) ) {
|
|
return $this->getPermissionObject()->PermissionDenied();
|
|
}
|
|
|
|
$result = $this->stripReturnHandler( $this->getUser( [ 'filter_data' => [ 'id' => $employee_id ] ] ) );
|
|
if ( isset( $result[0] ) && count( $result[0] ) > 0 ) {
|
|
$uf = TTnew( 'UserFactory' ); /** @var UserFactory $uf */
|
|
$file_name = $uf->getPhotoFileName( $this->current_company->getId(), $employee_id, false ); //Do not include default image.
|
|
|
|
if ( file_exists( $file_name ) ) {
|
|
unlink( $file_name );
|
|
TTLog::addEntry( $employee_id, 30, TTi18n::getText( 'Photo' ), null, $uf->getTable() );
|
|
}
|
|
}
|
|
|
|
return $this->returnHandler( true );
|
|
}
|
|
|
|
/**
|
|
* Get the number of pending authorizations, notifications and messages for the current user.
|
|
* @param array $object_types
|
|
* @return array
|
|
*/
|
|
function getUserPendingTotals( $object_types = [] ) {
|
|
$totals = [];
|
|
|
|
if ( empty( $object_types ) ) {
|
|
$object_types = [ 'notification', 'request', 'message', 'request_authorization', 'timesheet_authorization', 'expense_authorization' ];
|
|
}
|
|
|
|
//No permissions required to view own notifications.
|
|
//Unread notifications.
|
|
if ( in_array( 'notification', $object_types ) ) {
|
|
$ndtlf = TTnew( 'NotificationListFactory' );
|
|
$totals['notification'] = (int)$ndtlf->getUnreadCountByUserIdAndCompanyId( $this->getCurrentUserObject()->getId(), $this->getCurrentUserObject()->getCompany() );
|
|
}
|
|
|
|
//Unread messages.
|
|
if ( in_array( 'message', $object_types ) && $this->getPermissionObject()->Check( 'message', 'enabled' ) && $this->getPermissionObject()->Check( 'message', 'view_own' ) ) {
|
|
$mclf = TTnew( 'MessageControlListFactory' );
|
|
$totals['message'] = (int)$mclf->getNewMessagesByCompanyIdAndUserId( $this->getCurrentCompanyObject()->getId(), $this->getCurrentUserObject()->getId() );
|
|
}
|
|
|
|
//Pending request authorizations.
|
|
if ( in_array( 'request_authorization', $object_types ) && $this->getPermissionObject()->Check( 'request', 'enabled' ) && $this->getPermissionObject()->Check( 'request', 'authorize' ) && ( $this->getPermissionObject()->Check( 'request', 'view_child' ) || $this->getPermissionObject()->Check( 'request', 'view' ) ) ) {
|
|
$rlf = TTnew( 'RequestListFactory' );
|
|
$hllf = TTnew( 'HierarchyLevelListFactory' );
|
|
$type_ids = array_keys( $rlf->getOptions( 'type' ) );
|
|
$hierarchy_level_arr = $hllf->getLevelsAndHierarchyControlIDsByUserIdAndObjectTypeID( $this->getCurrentUserObject()->getId(), $rlf->getHierarchyTypeId( $type_ids ) );
|
|
$totals['request_authorization'] = (int)$rlf->getTotalPendingByCompanyIdAndHierarchyLevelMap( $this->getCurrentCompanyObject()->getId(), [ 'hierarchy_level_map' => $hierarchy_level_arr[1] ?? false, 'authorized' => [ 0 ], 'status_id' => [ 30 ], 'type_id' => $type_ids, 'permission_children_ids' => $this->getPermissionObject()->getPermissionChildren( 'request', 'view' ) ] );
|
|
}
|
|
|
|
//Pending timesheet authorizations.
|
|
if ( in_array( 'timesheet_authorization', $object_types ) && $this->getPermissionObject()->Check( 'punch', 'enabled' ) && $this->getPermissionObject()->Check( 'punch', 'verify_time_sheet' ) && ( $this->getPermissionObject()->Check( 'punch', 'view_child' ) || $this->getPermissionObject()->Check( 'punch', 'view' ) ) ) {
|
|
$pptsvlf = TTnew( 'PayPeriodTimeSheetVerifyListFactory' );
|
|
$hllf = TTnew( 'HierarchyLevelListFactory' );
|
|
$hierarchy_level_arr = $hllf->getLevelsAndHierarchyControlIDsByUserIdAndObjectTypeID( $this->getCurrentUserObject()->getId(), 90 );
|
|
$totals['timesheet_authorization'] = (int)$pptsvlf->getTotalPendingByCompanyIdAndHierarchyLevelMap( $this->getCurrentCompanyObject()->getId(), [ 'hierarchy_level_map' => $hierarchy_level_arr[1] ?? false, 'authorized' => [ 0 ], 'permission_children_ids' => $this->getPermissionObject()->getPermissionChildren( 'punch', 'view' ) ] );
|
|
}
|
|
|
|
//Pending expense authorizations.
|
|
if ( in_array( 'expense_authorization', $object_types ) && $this->getCurrentCompanyObject()->getProductEdition() >= 25 && $this->getPermissionObject()->Check( 'user_expense', 'enabled' ) && $this->getPermissionObject()->Check( 'user_expense', 'authorize' ) && ( $this->getPermissionObject()->Check( 'user_expense', 'view_child' ) || $this->getPermissionObject()->Check( 'user_expense', 'view' ) ) ) {
|
|
$uelf = TTnew( 'UserExpenseListFactory' );
|
|
$hllf = TTnew( 'HierarchyLevelListFactory' );
|
|
$hierarchy_level_arr = $hllf->getLevelsAndHierarchyControlIDsByUserIdAndObjectTypeID( $this->getCurrentUserObject()->getId(), 200 );
|
|
$totals['expense_authorization'] = (int)$uelf->getTotalPendingByCompanyIdAndHierarchyLevelMap( $this->getCurrentCompanyObject()->getId(), [ 'hierarchy_level_map' => $hierarchy_level_arr[1] ?? false, 'authorized' => [ 0 ], 'status_id' => [ 20 ], 'permission_children_ids' => $this->getPermissionObject()->getPermissionChildren( 'user_expense', 'view' ) ] );
|
|
}
|
|
|
|
Debug::Arr( $totals, ' Pending Totals: ', __FILE__, __LINE__, __METHOD__, 10 );
|
|
return $this->returnHandler( $totals );
|
|
}
|
|
|
|
/**
|
|
* Check if MFA is enabled for the current user.
|
|
* @return array|bool
|
|
*/
|
|
function isMFAEnabled() {
|
|
if ( is_object( $this->getCurrentUserObject() ) === true && $this->getCurrentUserObject()->getMultiFactorType() > 0 ) { //0 = Disabled
|
|
return true;
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* @param $mfa_type_id
|
|
* @return array|bool
|
|
*/
|
|
function setMultiFactorSettings( $mfa_type_id ) {
|
|
global $authentication;
|
|
|
|
if ( is_object( $this->getCurrentUserObject() ) === false ) {
|
|
return $this->returnHandler( false );
|
|
}
|
|
|
|
//When disabling MFA ($mfa_type_id = 0), we need to make sure to use the users current $mfa_type_id and not the one passed in.
|
|
//This means to disable MFA the user has to verify by using the current MFA type.
|
|
if ( $mfa_type_id == 0 ) {
|
|
//Passing null for $force_mfa_type_id will default to the users current MFA type.
|
|
$force_mfa_type_id = null;
|
|
} else {
|
|
$force_mfa_type_id = $mfa_type_id;
|
|
}
|
|
|
|
if ( $authentication->isSessionReauthenticated() === false ) {
|
|
return $this->getPermissionObject()->ReauthenticationRequired( $this->getCurrentUserObject(), $force_mfa_type_id );
|
|
}
|
|
|
|
$ulf = TTnew( 'UserListFactory' );
|
|
$ulf->getById( $this->getCurrentUserObject()->getId() );
|
|
if ( $ulf->getRecordCount() == 1 ) {
|
|
$u_obj = $ulf->getCurrent(); /** @var UserFactory $u_obj */
|
|
$u_obj->setMultiFactorType( $mfa_type_id );
|
|
if ( $u_obj->isValid() ) {
|
|
$u_obj->Save();
|
|
|
|
if ( $mfa_type_id > 0 ) {
|
|
//Multifactor enabled, change user to 'user_name_multi_factor' authentication.
|
|
$new_session_type_id = 810;
|
|
} else {
|
|
//Multifactor disabled, change user to 'user_name' authentication.
|
|
$new_session_type_id = 800;
|
|
}
|
|
|
|
$authentication->setType( $new_session_type_id );
|
|
//One time auth is used to verify single actions that require re-authentication and needs to be removed after used.
|
|
$authentication->reauthenticationActionCompleted();
|
|
|
|
return $this->returnHandler( true );
|
|
}
|
|
}
|
|
|
|
//One time auth is used to verify single actions that require re-authentication and needs to be removed after used.
|
|
$authentication->reauthenticationActionCompleted();
|
|
return $this->returnHandler( false );
|
|
}
|
|
}
|
|
|
|
?>
|