From 471cbad391e8901284980ae90476c338c4cb60f9 Mon Sep 17 00:00:00 2001
From: Philip Häusler <msquare@notrademark.de>
Date: Wed, 9 Nov 2011 08:47:58 +0100
Subject: #37 schichten von fremen usern einsehen können, für dispatcher
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 includes/pages/admin_user.php    | 45 +++++++++++++++++++++-------------------
 includes/pages/user_myshifts.php | 32 ++++++++++++++++++----------
 includes/pages/user_shifts.php   |  2 +-
 3 files changed, 46 insertions(+), 33 deletions(-)

(limited to 'includes')
diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php
index 7b3ab86e..611b6dcb 100644
--- a/includes/pages/admin_user.php
+++ b/includes/pages/admin_user.php
@@ -1,6 +1,6 @@
 <?php
 function admin_user() {
-	global $user;
+	global $user, $privileges;
 
 	$html = "";
 
@@ -119,8 +119,8 @@ function admin_user() {
 
 			$my_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`=" . sql_escape($user['UID']) . " ORDER BY `uid` LIMIT 1");
 			if (count($my_highest_group) > 0)
-				$my_highest_group = $my_highest_group[0]['group_id'];			
-			
+				$my_highest_group = $my_highest_group[0]['group_id'];
+
 			$his_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`=" . sql_escape($id) . " ORDER BY `uid` LIMIT 1");
 			if (count($his_highest_group) > 0)
 				$his_highest_group = $his_highest_group[0]['group_id'];
@@ -232,23 +232,23 @@ function admin_user() {
 
 		$html .= "Anzahl Engel: $Zeilen<br /><br />\n";
 		$html .= '
-					<table width="100%" class="border" cellpadding="2" cellspacing="1"> <thead>
-					  <tr class="contenttopic">
-					    <th>
-					      <a href="' . page_link_to("admin_user") . '&OrderBy=Nick">Nick</a>
-					    </th>
-					    <th><a href="' . page_link_to("admin_user") . '&OrderBy=Vorname">Vorname</a> <a href="' . page_link_to("admin_user") . '&OrderBy=Name">Name</a></th>
-					    <th><a href="' . page_link_to("admin_user") . '&OrderBy=Alter">Alter</a></th>
-					    <th>
-					      <a href="' . page_link_to("admin_user") . '&OrderBy=email">E-Mail</a>
-					    </th>
-					    <th><a href="' . page_link_to("admin_user") . '&OrderBy=Size">Gr&ouml;&szlig;e</a></th>
-					    <th><a href="' . page_link_to("admin_user") . '&OrderBy=Gekommen">Gekommen</a></th>
-					    <th><a href="' . page_link_to("admin_user") . '&OrderBy=Aktiv">Aktiv</a></th>
-					    <th><a href="' . page_link_to("admin_user") . '&OrderBy=Tshirt">T-Shirt</a></th>
-					    <th><a href="' . page_link_to("admin_user") . '&OrderBy=CreateDate">Registriert</a></th>
-					    <th>&Auml;nd.</th>
-					  </tr></thead>';
+										<table width="100%" class="border" cellpadding="2" cellspacing="1"> <thead>
+										  <tr class="contenttopic">
+										    <th>
+										      <a href="' . page_link_to("admin_user") . '&OrderBy=Nick">Nick</a>
+										    </th>
+										    <th><a href="' . page_link_to("admin_user") . '&OrderBy=Vorname">Vorname</a> <a href="' . page_link_to("admin_user") . '&OrderBy=Name">Name</a></th>
+										    <th><a href="' . page_link_to("admin_user") . '&OrderBy=Alter">Alter</a></th>
+										    <th>
+										      <a href="' . page_link_to("admin_user") . '&OrderBy=email">E-Mail</a>
+										    </th>
+										    <th><a href="' . page_link_to("admin_user") . '&OrderBy=Size">Gr&ouml;&szlig;e</a></th>
+										    <th><a href="' . page_link_to("admin_user") . '&OrderBy=Gekommen">Gekommen</a></th>
+										    <th><a href="' . page_link_to("admin_user") . '&OrderBy=Aktiv">Aktiv</a></th>
+										    <th><a href="' . page_link_to("admin_user") . '&OrderBy=Tshirt">T-Shirt</a></th>
+										    <th><a href="' . page_link_to("admin_user") . '&OrderBy=CreateDate">Registriert</a></th>
+										    <th>&Auml;nd.</th>
+										  </tr></thead>';
 		$Gekommen = 0;
 		$Active = 0;
 		$Tshirt = 0;
@@ -280,7 +280,10 @@ function admin_user() {
 				$title .= "jabber: " . mysql_result($Erg, $n, "jabber") . "<br />";
 
 			$html .= "<tr class=\"content\">\n";
-			$html .= "\t<td>" . mysql_result($Erg, $n, "Nick") . "</td>\n";
+			if (in_array("user_shifts_admin", $privileges))
+				$html .= "\t<td><a href=\"" . page_link_to("user_myshifts") . "&id=" . mysql_result($Erg, $n, "UID") . "\">" . mysql_result($Erg, $n, "Nick") . "</a></td>\n";
+			else
+				$html .= "\t<td>" . mysql_result($Erg, $n, "Nick") . "</td>\n";
 			$html .= "\t<td>" . mysql_result($Erg, $n, "Vorname") . " " . mysql_result($Erg, $n, "Name") . "</td>\n";
 			$html .= "\t<td>" . mysql_result($Erg, $n, "Alter") . "</td>\n";
 			$html .= "\t<td>";
diff --git a/includes/pages/user_myshifts.php b/includes/pages/user_myshifts.php
index 5a667974..dd53d134 100644
--- a/includes/pages/user_myshifts.php
+++ b/includes/pages/user_myshifts.php
@@ -7,6 +7,17 @@ function user_myshifts() {
 	global $user, $privileges;
 	$msg = "";
 
+	if (isset ($_REQUEST['id']) && in_array("user_shifts_admin", $privileges) && preg_match("/^[0-9]{1,}$/", $_REQUEST['id']) && sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($_REQUEST['id'])) > 0) {
+		$id = $_REQUEST['id'];
+	} else {
+		$id = $user['UID'];
+	}
+
+	list ($shifts_user) = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
+
+	if ($id != $user['UID'])
+		$msg .= error("Du betrachtest die Schichten von " . $shifts_user['Nick'] . ".");
+
 	if (isset ($_REQUEST['reset'])) {
 		if ($_REQUEST['reset'] == "ack") {
 			user_reset_ical_key();
@@ -16,7 +27,7 @@ function user_myshifts() {
 	}
 	elseif (isset ($_REQUEST['edit']) && preg_match("/^[0-9]*$/", $_REQUEST['edit'])) {
 		$id = $_REQUEST['edit'];
-		$shift = sql_select("SELECT `ShiftEntry`.`Comment`, `Shifts`.*, `Room`.`Name`, `AngelTypes`.`Name` as `angel_type` FROM `ShiftEntry` JOIN `AngelTypes` ON (`ShiftEntry`.`TID` = `AngelTypes`.`TID`) JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `id`=" . sql_escape($id) . " AND `UID`=" . sql_escape($user['UID']) . " LIMIT 1");
+		$shift = sql_select("SELECT `ShiftEntry`.`Comment`, `Shifts`.*, `Room`.`Name`, `AngelTypes`.`Name` as `angel_type` FROM `ShiftEntry` JOIN `AngelTypes` ON (`ShiftEntry`.`TID` = `AngelTypes`.`TID`) JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `id`=" . sql_escape($id) . " AND `UID`=" . sql_escape($shifts_user['UID']) . " LIMIT 1");
 		if (count($shift) > 0) {
 			$shift = $shift[0];
 
@@ -27,7 +38,7 @@ function user_myshifts() {
 			}
 
 			return template_render('../templates/user_shifts_add.html', array (
-				'angel' => $user['Nick'],
+				'angel' => $shifts_user['Nick'],
 				'date' => date("Y-m-d H:i", $shift['start']) . ', ' . shift_length($shift),
 				'location' => $shift['Name'],
 				'title' => $shift['name'],
@@ -39,18 +50,18 @@ function user_myshifts() {
 	}
 	elseif (isset ($_REQUEST['cancel']) && preg_match("/^[0-9]*$/", $_REQUEST['cancel'])) {
 		$id = $_REQUEST['cancel'];
-		$shift = sql_select("SELECT * FROM `ShiftEntry` WHERE `id`=" . sql_escape($id) . " AND `UID`=" . sql_escape($user['UID']) . " LIMIT 1");
+		$shift = sql_select("SELECT * FROM `ShiftEntry` WHERE `id`=" . sql_escape($id) . " AND `UID`=" . sql_escape($shifts_user['UID']) . " LIMIT 1");
 		if (count($shift) > 0) {
 			$shift = $shift[0];
 			if (($shift['start'] - time() < $LETZTES_AUSTRAGEN * 60) || in_array('user_shifts_admin', $privileges)) {
 				sql_query("DELETE FROM `ShiftEntry` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
-				$msg = success("Du wurdest aus der Schicht ausgetragen.");
+				$msg .= success("Du wurdest aus der Schicht ausgetragen.");
 			} else
-				$msg = error("Es ist zu spät um sich aus der Schicht auszutragen. Frage ggf. einen Orga.'");
+				$msg .= error("Es ist zu spät um sich aus der Schicht auszutragen. Frage ggf. einen Orga.'");
 		} else
 			header("Location: " . page_link_to('user_myshifts'));
 	}
-	$shifts = sql_select("SELECT * FROM `ShiftEntry` JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `UID`=" . sql_escape($user['UID']) . " ORDER BY `start`");
+	$shifts = sql_select("SELECT * FROM `ShiftEntry` JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `UID`=" . sql_escape($shifts_user['UID']) . " ORDER BY `start`");
 
 	$html = "";
 	foreach ($shifts as $shift) {
@@ -73,20 +84,19 @@ function user_myshifts() {
 	if ($html == "")
 		$html = '<tr><td>Keine...</td><td></td><td></td><td></td><td></td><td>Gehe zum <a href="' . page_link_to('user_shifts') . '">Schichtplan</a> um Dich für Schichten einzutragen.</td></tr>';
 
-	if ($user['ical_key'] == "")
-		user_reset_ical_key();
+	if ($shifts_user['ical_key'] == "")
+		user_reset_ical_key($shifts_user);
 
 	return template_render('../templates/user_myshifts.html', array (
 		'h' => $LETZTES_AUSTRAGEN,
 		'shifts' => $html,
 		'msg' => $msg,
-		'ical_link' => page_link_to_absolute('ical') . '&key=' . $user['ical_key'],
+		'ical_link' => page_link_to_absolute('ical') . '&key=' . $shifts_user['ical_key'],
 		'reset_link' => page_link_to('user_myshifts') . '&reset'
 	));
 }
 
-function user_reset_ical_key() {
-	global $user;
+function user_reset_ical_key($user) {
 	$user['ical_key'] = md5($user['Nick'] . time() . rand());
 	sql_query("UPDATE `User` SET `ical_key`='" . sql_escape($user['ical_key']) . "' WHERE `UID`='" . sql_escape($user['UID']) . "' LIMIT 1");
 }
diff --git a/includes/pages/user_shifts.php b/includes/pages/user_shifts.php
index 09a4e0ab..668fe8b7 100644
--- a/includes/pages/user_shifts.php
+++ b/includes/pages/user_shifts.php
@@ -251,7 +251,7 @@ function user_shifts() {
 						$entry_list = array ();
 						foreach ($entries as $entry) {
 							if (in_array('user_shifts_admin', $privileges))
-								$entry_list[] = $entry['Nick'] . ' <a href="' . page_link_to('user_shifts') . '&entry_id=' . $entry['id'] . '">[x]</a>';
+								$entry_list[] = '<a href="' . page_link_to('user_myshifts') . '&id=' . $entry['UID'] . '">' . $entry['Nick'] . '</a> <a href="' . page_link_to('user_shifts') . '&entry_id=' . $entry['id'] . '">[x]</a>';
 							else
 								$entry_list[] = $entry['Nick'];
 						}
-- 
cgit v1.2.3-54-g00ecf


+ Nick +	Vorname Name	Alter	+ E-Mail +	Größe	Gekommen	Aktiv	T-Shirt	Registriert	Änd.
" . mysql_result($Erg, $n, "Nick") . "	" . mysql_result($Erg, $n, "Nick") . "	" . mysql_result($Erg, $n, "Nick") . "	" . mysql_result($Erg, $n, "Vorname") . " " . mysql_result($Erg, $n, "Name") . "	" . mysql_result($Erg, $n, "Alter") . "	"; diff --git a/includes/pages/user_myshifts.php b/includes/pages/user_myshifts.php index 5a667974..dd53d134 100644 --- a/includes/pages/user_myshifts.php +++ b/includes/pages/user_myshifts.php @@ -7,6 +7,17 @@ function user_myshifts() { global $user, $privileges; $msg = ""; + if (isset ($_REQUEST['id']) && in_array("user_shifts_admin", $privileges) && preg_match("/^[0-9]{1,}$/", $_REQUEST['id']) && sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($_REQUEST['id'])) > 0) { + $id = $_REQUEST['id']; + } else { + $id = $user['UID']; + } + + list ($shifts_user) = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); + + if ($id != $user['UID']) + $msg .= error("Du betrachtest die Schichten von " . $shifts_user['Nick'] . "."); + if (isset ($_REQUEST['reset'])) { if ($_REQUEST['reset'] == "ack") { user_reset_ical_key(); @@ -16,7 +27,7 @@ function user_myshifts() { } elseif (isset ($_REQUEST['edit']) && preg_match("/^[0-9]$/", $_REQUEST['edit'])) { $id = $_REQUEST['edit']; - $shift = sql_select("SELECT `ShiftEntry`.`Comment`, `Shifts`., `Room`.`Name`, `AngelTypes`.`Name` as `angel_type` FROM `ShiftEntry` JOIN `AngelTypes` ON (`ShiftEntry`.`TID` = `AngelTypes`.`TID`) JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `id`=" . sql_escape($id) . " AND `UID`=" . sql_escape($user['UID']) . " LIMIT 1"); + $shift = sql_select("SELECT `ShiftEntry`.`Comment`, `Shifts`., `Room`.`Name`, `AngelTypes`.`Name` as `angel_type` FROM `ShiftEntry` JOIN `AngelTypes` ON (`ShiftEntry`.`TID` = `AngelTypes`.`TID`) JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `id`=" . sql_escape($id) . " AND `UID`=" . sql_escape($shifts_user['UID']) . " LIMIT 1"); if (count($shift) > 0) { $shift = $shift[0]; @@ -27,7 +38,7 @@ function user_myshifts() { } return template_render('../templates/user_shifts_add.html', array ( - 'angel' => $user['Nick'], + 'angel' => $shifts_user['Nick'], 'date' => date("Y-m-d H:i", $shift['start']) . ', ' . shift_length($shift), 'location' => $shift['Name'], 'title' => $shift['name'], @@ -39,18 +50,18 @@ function user_myshifts() { } elseif (isset ($_REQUEST['cancel']) && preg_match("/^[0-9]$/", $_REQUEST['cancel'])) { $id = $_REQUEST['cancel']; - $shift = sql_select("SELECT * FROM `ShiftEntry` WHERE `id`=" . sql_escape($id) . " AND `UID`=" . sql_escape($user['UID']) . " LIMIT 1"); + $shift = sql_select("SELECT * FROM `ShiftEntry` WHERE `id`=" . sql_escape($id) . " AND `UID`=" . sql_escape($shifts_user['UID']) . " LIMIT 1"); if (count($shift) > 0) { $shift = $shift[0]; if (($shift['start'] - time() < $LETZTES_AUSTRAGEN * 60) \|\| in_array('user_shifts_admin', $privileges)) { sql_query("DELETE FROM `ShiftEntry` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); - $msg = success("Du wurdest aus der Schicht ausgetragen."); + $msg .= success("Du wurdest aus der Schicht ausgetragen."); } else - $msg = error("Es ist zu spät um sich aus der Schicht auszutragen. Frage ggf. einen Orga.'"); + $msg .= error("Es ist zu spät um sich aus der Schicht auszutragen. Frage ggf. einen Orga.'"); } else header("Location: " . page_link_to('user_myshifts')); } - $shifts = sql_select("SELECT * FROM `ShiftEntry` JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `UID`=" . sql_escape($user['UID']) . " ORDER BY `start`"); + $shifts = sql_select("SELECT * FROM `ShiftEntry` JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `UID`=" . sql_escape($shifts_user['UID']) . " ORDER BY `start`"); $html = ""; foreach ($shifts as $shift) { @@ -73,20 +84,19 @@ function user_myshifts() { if ($html == "") $html = '
Keine...					Gehe zum Schichtplan um Dich für Schichten einzutragen.