begin #298 add privilege and add users to shifts by angeltype supporter

3 files changed, 82 insertions, 31 deletions

diff --git a/db/update.sql b/db/update.sql
index f5955f32..9a665566 100644
--- a/db/update.sql
+++ b/db/update.sql
@@ -16,3 +16,6 @@ ALTER TABLE `AngelTypes`
   ADD INDEX  (`contact_user_id`);
 ALTER TABLE `AngelTypes` 
   ADD  FOREIGN KEY (`contact_user_id`) REFERENCES `User`(`UID`) ON DELETE SET NULL ON UPDATE CASCADE;
+
+  
+INSERT INTO `Privileges` (`id`, `name`, `desc`) VALUES (NULL, 'shiftentry_edit_angeltype_supporter', 'If user with this privilege is angeltype supporter, he can put users in shifts for their angeltype');
diff --git a/includes/controller/shift_entries_controller.php b/includes/controller/shift_entries_controller.php
index adb40c58..41756b7a 100644
--- a/includes/controller/shift_entries_controller.php
+++ b/includes/controller/shift_entries_controller.php
@@ -31,25 +31,23 @@ function shift_entry_add_controller() {
     redirect(page_link_to('user_shifts'));
   }
   
-  if (in_array('user_shifts_admin', $privileges)) {
-    $type = sql_select("SELECT * FROM `AngelTypes` WHERE `id`='" . sql_escape($type_id) . "' LIMIT 1");
+  if (in_array('user_shifts_admin', $privileges) || in_array('shiftentry_edit_angeltype_supporter', $privileges)) {
+    $type = AngelType($type_id);
   } else {
     $type = sql_select("SELECT * FROM `UserAngelTypes` JOIN `AngelTypes` ON (`UserAngelTypes`.`angeltype_id` = `AngelTypes`.`id`) WHERE `AngelTypes`.`id` = '" . sql_escape($type_id) . "' AND (`AngelTypes`.`restricted` = 0 OR (`UserAngelTypes`.`user_id` = '" . sql_escape($user['UID']) . "' AND NOT `UserAngelTypes`.`confirm_user_id` IS NULL)) LIMIT 1");
+    $type = $type[0];
   }
-
-
-  if (count($type) == 0) {
+  
+  if ($type == null) {
     redirect(page_link_to('user_shifts'));
   }
-  $type = $type[0];
-
-  if (isset($_REQUEST['user_id']) && preg_match("/^[0-9]*$/", $_REQUEST['user_id']) &&
-      in_array('user_shifts_admin', $privileges)) {
+  
+  if (isset($_REQUEST['user_id']) && preg_match("/^[0-9]*$/", $_REQUEST['user_id']) && (in_array('user_shifts_admin', $privileges) || in_array('shiftentry_edit_angeltype_supporter', $privileges))) {
     $user_id = $_REQUEST['user_id'];
   } else {
     $user_id = $user['UID'];
   }
-
+  
   $shift_signup_allowed = Shift_signup_allowed(User($user_id), $shift, $type);
   if (! $shift_signup_allowed->isSignupAllowed()) {
     error(_("You are not allowed to sign up for this shift. Maybe shift is full or already running."));
@@ -58,8 +56,8 @@ function shift_entry_add_controller() {
   
   if (isset($_REQUEST['submit'])) {
     $selected_type_id = $type_id;
-    if (in_array('user_shifts_admin', $privileges)) {
-
+    if (in_array('user_shifts_admin', $privileges) || in_array('shiftentry_edit_angeltype_supporter', $privileges)) {
+      
       if (sql_num_query("SELECT * FROM `User` WHERE `UID`='" . sql_escape($user_id) . "' LIMIT 1") == 0) {
         redirect(page_link_to('user_shifts'));
       }
@@ -106,7 +104,6 @@ function shift_entry_add_controller() {
   if (in_array('user_shifts_admin', $privileges)) {
     $users = sql_select("SELECT *, (SELECT count(*) FROM `ShiftEntry` WHERE `freeloaded`=1 AND `ShiftEntry`.`UID`=`User`.`UID`) AS `freeloaded` FROM `User` ORDER BY `Nick`");
     $users_select = [];
-    
     foreach ($users as $usr) {
       $users_select[$usr['UID']] = $usr['Nick'] . ($usr['freeloaded'] == 0 ? "" : " (" . _("Freeloader") . ")");
     }
@@ -118,12 +115,30 @@ function shift_entry_add_controller() {
       $angeltypes[$angeltype['id']] = $angeltype['name'];
     }
     $angeltype_select = html_select_key('angeltype_id', 'angeltype_id', $angeltypes, $type['id']);
+  } elseif (in_array('shiftentry_edit_angeltype_supporter', $privileges)) {
+    $users = Users_by_angeltype($type);
+    $users_select = [];
+    foreach ($users as $usr) {
+      if (! $type['restricted'] || $usr['confirm_user_id'] != null) {
+        $users_select[$usr['UID']] = $usr['Nick'];
+      }
+    }
+    $user_text = html_select_key('user_id', 'user_id', $users_select, $user['UID']);
+    
+    $angeltypes_source = User_angeltypes($user);
+    $angeltypes = [];
+    foreach ($angeltypes_source as $angeltype) {
+      if ($angeltype['supporter']) {
+        $angeltypes[$angeltype['id']] = $angeltype['name'];
+      }
+      $angeltype_select = html_select_key('angeltype_id', 'angeltype_id', $angeltypes, $type['id']);
+    }
   } else {
     $user_text = User_Nick_render($user);
     $angeltype_select = $type['name'];
   }
   
-  return ShiftEntry_edit_view($user_text, date("Y-m-d H:i", $shift['start']) . ' – ' . date('Y-m-d H:i', $shift['end']) . ' (' . shift_length($shift) . ')', $shift['Name'], $shift['name'], $angeltype_select, "", false, null, in_array('user_shifts_admin', $privileges));
+  return ShiftEntry_edit_view($user_text, date("Y-m-d H:i", $shift['start']) . ' – ' . date('Y-m-d H:i', $shift['end']) . ' (' . shift_length($shift) . ')', $shift['Name'], $shift['name'], $angeltype_select, "", false, null, in_array('user_shifts_admin', $privileges) || in_array('shiftentry_edit_angeltype_supporter', $privileges));
 }
 
 /**
diff --git a/includes/model/Shifts_model.php b/includes/model/Shifts_model.php
index 1e1bd97d..8107f707 100644
--- a/includes/model/Shifts_model.php
+++ b/includes/model/Shifts_model.php
@@ -111,7 +111,7 @@ function Shift_free_entries($shift_id, $angeltype_id) {
 }
 
 /**
- * Check if an angel can sign up for given shift.
+ * Check if shift signup is allowed from the end users point of view (no admin like privileges)
  *
  * @param Shift $shift
  *          The shift
@@ -119,21 +119,12 @@ function Shift_free_entries($shift_id, $angeltype_id) {
  *          The angeltype to which the user wants to sign up
  * @param array<Shift> $user_shifts
  *          List of the users shifts
+ * @param boolean $angeltype_supporter
+ *          True, if the user has angeltype supporter rights for the angeltype, which enables him to sign somebody up for the shift.
  */
-function Shift_signup_allowed($user, $shift, $angeltype, $user_angeltype = null, $user_shifts = null) {
-  global $privileges;
-  
+function Shift_signup_allowed_angel($user, $shift, $angeltype, $user_angeltype, $user_shifts, $angeltype_supporter = false) {
   $free_entries = Shift_free_entries($shift['SID'], $angeltype['id']);
   
-  if (in_array('user_shifts_admin', $privileges)) {
-    if ($free_entries == 0) {
-      // User shift admins may join anybody in every shift
-      return new ShiftSignupState(ShiftSignupState::ADMIN, $free_entries);
-    }
-    
-    return new ShiftSignupState(ShiftSignupState::FREE, $free_entries);
-  }
-  
   if ($user_shifts == null) {
     $user_shifts = Shifts_by_user($user);
   }
@@ -159,16 +150,16 @@ function Shift_signup_allowed($user, $shift, $angeltype, $user_angeltype = null,
     // you cannot join if shift is full
     return new ShiftSignupState(ShiftSignupState::OCCUPIED, $free_entries);
   }
-
+  
   if ($user_angeltype == null) {
     $user_angeltype = UserAngelType_by_User_and_AngelType($user, $angeltype);
   }
   
-  if ($user_angeltype == null || ($angeltype['no_self_signup'] == 1 && $user_angeltype != null) ||
-      ($angeltype['restricted'] == 1 && $user_angeltype != null && ! isset($user_angeltype['confirm_user_id']))) {
+  if ($user_angeltype == null || ($angeltype['no_self_signup'] == 1 && $user_angeltype != null && $angeltype_supporter === false) || ($angeltype['restricted'] == 1 && $user_angeltype != null && ! isset($user_angeltype['confirm_user_id']))) {
     // you cannot join if user is not of this angel type
     // you cannot join if you are not confirmed
-
+    // you cannot join if angeltype has no self signup
+    
     return new ShiftSignupState(ShiftSignupState::ANGELTYPE, $free_entries);
   }
   
@@ -182,6 +173,48 @@ function Shift_signup_allowed($user, $shift, $angeltype, $user_angeltype = null,
 }
 
 /**
+ * Check if an admin can sign up a user to a shift.
+ *
+ * @param Shift $shift
+ *          The shift
+ * @param AngelType $angeltype
+ *          The angeltype to which the user wants to sign up
+ */
+function Shift_signup_allowed_admin($shift, $angeltype) {
+  $free_entries = Shift_free_entries($shift['SID'], $angeltype['id']);
+  if ($free_entries == 0) {
+    // User shift admins may join anybody in every shift
+    return new ShiftSignupState(ShiftSignupState::ADMIN, $free_entries);
+  }
+  
+  return new ShiftSignupState(ShiftSignupState::FREE, $free_entries);
+}
+
+/**
+ * Check if an angel can sign up for given shift.
+ *
+ * @param Shift $shift
+ *          The shift
+ * @param AngelType $angeltype
+ *          The angeltype to which the user wants to sign up
+ * @param array<Shift> $user_shifts
+ *          List of the users shifts
+ */
+function Shift_signup_allowed($signup_user, $shift, $angeltype, $user_angeltype = null, $user_shifts = null) {
+  global $user, $privileges;
+  
+  if (in_array('user_shifts_admin', $privileges)) {
+    return Shift_signup_allowed_admin($shift, $angeltype);
+  }
+  
+  if (in_array('shiftentry_edit_angeltype_supporter', $privileges) && User_is_AngelType_supporter($user, $angeltype)) {
+    return Shift_signup_allowed_angel($signup_user, $shift, $angeltype, $user_angeltype, $user_shifts, true);
+  }
+  
+  return Shift_signup_allowed_angel($signup_user, $shift, $angeltype, $user_angeltype, $user_shifts, false);
+}
+
+/**
  * Delete a shift by its external id.
  */
 function Shift_delete_by_psid($shift_psid) {