boinc/html/user/team_admins.php

<?php
// This file is part of BOINC.
// http://boinc.berkeley.edu
// Copyright (C) 2014 University of California
//
// BOINC is free software; you can redistribute it and/or modify it
// under the terms of the GNU Lesser General Public License
// as published by the Free Software Foundation,
// either version 3 of the License, or (at your option) any later version.
//
// BOINC is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
// See the GNU Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public License
// along with BOINC.  If not, see <http://www.gnu.org/licenses/>.

require_once("../inc/boinc_db.inc");
require_once("../inc/util.inc");
require_once("../inc/team.inc");

if (DISABLE_TEAMS) error_page("Teams are disabled");

check_get_args(array("tnow", "ttok", "userid", "email_addr", "teamid", "action"));

function show_admin($user, $admin) {
    $admin_user = BoincUser::lookup_id($admin->userid);
    $tokens = url_tokens($user->authenticator);
    $date = date_str($admin->create_time);
    echo "<tr>
        <td>".user_links($admin_user, BADGE_HEIGHT_MEDIUM)."</td>
        <td>$date</td>
        <td>
    ";
    show_button("team_admins.php?teamid=$admin->teamid&action=remove&userid=$admin_user->id".$tokens, tra("Remove"), tra("Remove Team Admin status from this member"));
    echo "</td></tr>
    ";
}

function show_admins($user, $teamid) {
    page_head(tra("Add or remove Team Admins"));
    echo tra("You can select team members as 'Team Admins'. Team Admins can:")."
        <ul>
        <li>".tra("Edit team information (name, URL, description, country)")."
        <li>".tra("View the team's join/quit history")."
        <li>".tra("Moderate the team forum, if any (admins get email notification of moderation events and red X reports)")."
        </ul>
        ".tra("Team Admins cannot:")."
        <ul>
        <li>".tra("Change the team founder")."
        <li>".tra("Remove members")."
        <li>".tra("Add or remove Team Admins")."
        </ul>
        ".tra("If a Team Admin quits the team, they cease to be a Team Admin.")."
        <br /><br />".tra("We recommend that you select only people you know and trust very well as Team Admins.")
    ;
    $admins = BoincTeamAdmin::enum("teamid=$teamid");
    start_table();
    if (count($admins)==0) {
        row1(tra("There are currently no Team Admins"));
    } else {
        row1(tra("Current Team Admins"), 3);
        table_header(tra("Name"), tra("Became Team Admin on"), "");
        foreach ($admins as $admin) {
            show_admin($user, $admin);
        }
    }
    end_table();

    echo "
        <p>
        <form action=team_admins.php>
        <input type=hidden name=action value=add>
        <input type=hidden name=teamid value=$teamid>
    ";
    echo form_tokens($user->authenticator);
    start_table();
    row1(tra("Add Team Admin"));
    row2(tra("Email address of team member:"), "<input name=email_addr>");
    row2("", "<input class=\"btn btn-default\" type=submit action value=\"".tra("Add")."\">");
    end_table();
    echo "</form>";

    page_tail();
}

function remove_admin($team) {
    $userid = get_int('userid');
    $ret = BoincTeamAdmin::delete("teamid=$team->id and userid=$userid");
    if (!$ret) {
        error_page(tra("failed to remove admin"));
    }
}

function add_admin($team) {
    $email_addr = get_str('email_addr');
    $email_addr =  BoincDb::escape_string($email_addr);
    $user = BoincUser::lookup("email_addr='$email_addr'");
    if (!$user) error_page(tra("no such user"));
    if ($user->teamid != $team->id) error_page(tra("User is not member of team"));
    if (is_team_admin($user, $team)) {
        error_page(tra("%1 is already an admin of %2", $email_addr, $team->name));
    }
    $now = time();
    $ret = BoincTeamAdmin::insert("(teamid, userid, create_time) values ($team->id, $user->id, $now)");
    if (!$ret) error_page(tra("Couldn't add admin"));
}

$user = get_logged_in_user();
$teamid = get_int('teamid');
$team = BoincTeam::lookup_id($teamid);
if (!$team) error_page(tra("No such team"));
require_founder_login($user, $team);

$action = get_str('action', true);
switch($action) {
case 'remove':
    check_tokens($user->authenticator);
    remove_admin($team);
    Header("Location: team_admins.php?teamid=$teamid");
    exit();
case 'add':
    check_tokens($user->authenticator);
    add_admin($team);
    Header("Location: team_admins.php?teamid=$teamid");
    exit();
}
show_admins($user, $teamid);

?>
svn path=/trunk/boinc/; revision=14109 2007-11-07 17:32:04 +00:00			`<?php`
- web: added copyright and license info to PHP files svn path=/trunk/boinc/; revision=15758 2008-08-05 22:43:14 +00:00			`// This file is part of BOINC.`
			`// http://boinc.berkeley.edu`
web: 2014-04-18 06:31:51 +00:00			`// Copyright (C) 2014 University of California`
- web: added copyright and license info to PHP files svn path=/trunk/boinc/; revision=15758 2008-08-05 22:43:14 +00:00			`//`
			`// BOINC is free software; you can redistribute it and/or modify it`
			`// under the terms of the GNU Lesser General Public License`
			`// as published by the Free Software Foundation,`
			`// either version 3 of the License, or (at your option) any later version.`
			`//`
			`// BOINC is distributed in the hope that it will be useful,`
			`// but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.`
			`// See the GNU Lesser General Public License for more details.`
			`//`
			`// You should have received a copy of the GNU Lesser General Public License`
			`// along with BOINC. If not, see <http://www.gnu.org/licenses/>.`
svn path=/trunk/boinc/; revision=14109 2007-11-07 17:32:04 +00:00
			`require_once("../inc/boinc_db.inc");`
			`require_once("../inc/util.inc");`
			`require_once("../inc/team.inc");`

web: 2014-04-18 06:31:51 +00:00			`if (DISABLE_TEAMS) error_page("Teams are disabled");`

- user web: finish dealing with get args spam svn path=/trunk/boinc/; revision=23010 2011-02-09 22:11:34 +00:00			`check_get_args(array("tnow", "ttok", "userid", "email_addr", "teamid", "action"));`

svn path=/trunk/boinc/; revision=14109 2007-11-07 17:32:04 +00:00			`function show_admin($user, $admin) {`
- user web: protect Team Admin ops from cross-project link attacks svn path=/trunk/boinc/; revision=14110 2007-11-07 17:54:27 +00:00			`$admin_user = BoincUser::lookup_id($admin->userid);`
- user web: enhancements to the "foundership request" feature: - If a request is pending, notify the current founder in red on their Account page. (previously there was no notification on the web; if the founder didn't get the notification email, they'd never find out; and if they read but lost the email, they'd lose the URL they needed to visit to decline). - Also notify current founder on the Admin Functions page - On the team page requesting user: show that request is pending, and the deadline. founder: show that request is pending, link to respond other users: show Deferred if can't make a request yet - Say 90 days instead of 60 days where appropriate; other text cleanup - user web: team_change_founder_action.php was generating a different name for each element of a radio button group. That makes it not a radio button. svn path=/trunk/boinc/; revision=14117 2007-11-07 23:59:08 +00:00			`$tokens = url_tokens($user->authenticator);`
svn path=/trunk/boinc/; revision=14109 2007-11-07 17:32:04 +00:00			`$date = date_str($admin->create_time);`
			`echo "<tr>`
web: make badge display configurable See http://boinc.berkeley.edu/trac/wiki/BadgeDoc 2014-09-18 17:08:45 +00:00			`<td>".user_links($admin_user, BADGE_HEIGHT_MEDIUM)."</td>`
svn path=/trunk/boinc/; revision=14109 2007-11-07 17:32:04 +00:00			`<td>$date</td>`
			`<td>`
			`";`
- web: more translations, from Christian. fixes #982 svn path=/trunk/boinc/; revision=20582 2010-02-16 01:06:03 +00:00			`show_button("team_admins.php?teamid=$admin->teamid&action=remove&userid=$admin_user->id".$tokens, tra("Remove"), tra("Remove Team Admin status from this member"));`
svn path=/trunk/boinc/; revision=14109 2007-11-07 17:32:04 +00:00			`echo "</td></tr>`
			`";`
			`}`

- user web: protect Team Admin ops from cross-project link attacks svn path=/trunk/boinc/; revision=14110 2007-11-07 17:54:27 +00:00			`function show_admins($user, $teamid) {`
- web: more translations, from Christian. fixes #982 svn path=/trunk/boinc/; revision=20582 2010-02-16 01:06:03 +00:00			`page_head(tra("Add or remove Team Admins"));`
			`echo tra("You can select team members as 'Team Admins'. Team Admins can:")."`
svn path=/trunk/boinc/; revision=14109 2007-11-07 17:32:04 +00:00			`<ul>`
- web: more translations, from Christian. fixes #982 svn path=/trunk/boinc/; revision=20582 2010-02-16 01:06:03 +00:00			`<li>".tra("Edit team information (name, URL, description, country)")."`
			`<li>".tra("View the team's join/quit history")."`
			`<li>".tra("Moderate the team forum, if any (admins get email notification of moderation events and red X reports)")."`
svn path=/trunk/boinc/; revision=14109 2007-11-07 17:32:04 +00:00			`</ul>`
- web: more translations, from Christian. fixes #982 svn path=/trunk/boinc/; revision=20582 2010-02-16 01:06:03 +00:00			`".tra("Team Admins cannot:")."`
svn path=/trunk/boinc/; revision=14109 2007-11-07 17:32:04 +00:00			`<ul>`
- web: more translations, from Christian. fixes #982 svn path=/trunk/boinc/; revision=20582 2010-02-16 01:06:03 +00:00			`<li>".tra("Change the team founder")."`
			`<li>".tra("Remove members")."`
			`<li>".tra("Add or remove Team Admins")."`
svn path=/trunk/boinc/; revision=14109 2007-11-07 17:32:04 +00:00			`</ul>`
- web: more translations, from Christian. fixes #982 svn path=/trunk/boinc/; revision=20582 2010-02-16 01:06:03 +00:00			`".tra("If a Team Admin quits the team, they cease to be a Team Admin.")."`
			`<br /><br />".tra("We recommend that you select only people you know and trust very well as Team Admins.")`
			`;`
svn path=/trunk/boinc/; revision=14109 2007-11-07 17:32:04 +00:00			`$admins = BoincTeamAdmin::enum("teamid=$teamid");`
			`start_table();`
			`if (count($admins)==0) {`
- web: more translations, from Christian. fixes #982 svn path=/trunk/boinc/; revision=20582 2010-02-16 01:06:03 +00:00			`row1(tra("There are currently no Team Admins"));`
svn path=/trunk/boinc/; revision=14109 2007-11-07 17:32:04 +00:00			`} else {`
- web: more translations, from Christian. fixes #982 svn path=/trunk/boinc/; revision=20582 2010-02-16 01:06:03 +00:00			`row1(tra("Current Team Admins"), 3);`
			`table_header(tra("Name"), tra("Became Team Admin on"), "");`
svn path=/trunk/boinc/; revision=14109 2007-11-07 17:32:04 +00:00			`foreach ($admins as $admin) {`
			`show_admin($user, $admin);`
			`}`
			`}`
			`end_table();`

			`echo "`
			`<p>`
			`<form action=team_admins.php>`
			`<input type=hidden name=action value=add>`
			`<input type=hidden name=teamid value=$teamid>`
			`";`
- user web: enhancements to the "foundership request" feature: - If a request is pending, notify the current founder in red on their Account page. (previously there was no notification on the web; if the founder didn't get the notification email, they'd never find out; and if they read but lost the email, they'd lose the URL they needed to visit to decline). - Also notify current founder on the Admin Functions page - On the team page requesting user: show that request is pending, and the deadline. founder: show that request is pending, link to respond other users: show Deferred if can't make a request yet - Say 90 days instead of 60 days where appropriate; other text cleanup - user web: team_change_founder_action.php was generating a different name for each element of a radio button group. That makes it not a radio button. svn path=/trunk/boinc/; revision=14117 2007-11-07 23:59:08 +00:00			`echo form_tokens($user->authenticator);`
svn path=/trunk/boinc/; revision=14109 2007-11-07 17:32:04 +00:00			`start_table();`
- web: more translations, from Christian. fixes #982 svn path=/trunk/boinc/; revision=20582 2010-02-16 01:06:03 +00:00			`row1(tra("Add Team Admin"));`
			`row2(tra("Email address of team member:"), "<input name=email_addr>");`
web: change CSS usage to partly match Twitter Bootstrap. From Christian Beer. 2014-10-02 19:15:54 +00:00			`row2("", "<input class=\"btn btn-default\" type=submit action value=\"".tra("Add")."\">");`
svn path=/trunk/boinc/; revision=14109 2007-11-07 17:32:04 +00:00			`end_table();`
			`echo "</form>";`

			`page_tail();`
			`}`

			`function remove_admin($team) {`
			`$userid = get_int('userid');`
			`$ret = BoincTeamAdmin::delete("teamid=$team->id and userid=$userid");`
			`if (!$ret) {`
- web: more translations, from Christian. fixes #982 svn path=/trunk/boinc/; revision=20582 2010-02-16 01:06:03 +00:00			`error_page(tra("failed to remove admin"));`
svn path=/trunk/boinc/; revision=14109 2007-11-07 17:32:04 +00:00			`}`
			`}`

			`function add_admin($team) {`
			`$email_addr = get_str('email_addr');`
- user web: fix security vulnerabilities - client: show available disk space correctly on startup 2013-01-08 03:40:20 +00:00			`$email_addr = BoincDb::escape_string($email_addr);`
svn path=/trunk/boinc/; revision=14109 2007-11-07 17:32:04 +00:00			`$user = BoincUser::lookup("email_addr='$email_addr'");`
- web: more translations, from Christian. fixes #982 svn path=/trunk/boinc/; revision=20582 2010-02-16 01:06:03 +00:00			`if (!$user) error_page(tra("no such user"));`
			`if ($user->teamid != $team->id) error_page(tra("User is not member of team"));`
- user web: allow teams to create their own "team message board". Team founder and admins have moderator power. Anyone can view a team message board, but only team members can write to it. Users cannot be banished from team message boards (due to database limitations). svn path=/trunk/boinc/; revision=14218 2007-11-15 22:51:05 +00:00			`if (is_team_admin($user, $team)) {`
- web: more translations, from Christian. fixes #982 svn path=/trunk/boinc/; revision=20582 2010-02-16 01:06:03 +00:00			`error_page(tra("%1 is already an admin of %2", $email_addr, $team->name));`
svn path=/trunk/boinc/; revision=14109 2007-11-07 17:32:04 +00:00			`}`
			`$now = time();`
			`$ret = BoincTeamAdmin::insert("(teamid, userid, create_time) values ($team->id, $user->id, $now)");`
- web: more translations, from Christian. fixes #982 svn path=/trunk/boinc/; revision=20582 2010-02-16 01:06:03 +00:00			`if (!$ret) error_page(tra("Couldn't add admin"));`
svn path=/trunk/boinc/; revision=14109 2007-11-07 17:32:04 +00:00			`}`

			`$user = get_logged_in_user();`
			`$teamid = get_int('teamid');`
			`$team = BoincTeam::lookup_id($teamid);`
- web: more translations, from Christian. fixes #982 svn path=/trunk/boinc/; revision=20582 2010-02-16 01:06:03 +00:00			`if (!$team) error_page(tra("No such team"));`
svn path=/trunk/boinc/; revision=14109 2007-11-07 17:32:04 +00:00			`require_founder_login($user, $team);`

			`$action = get_str('action', true);`
			`switch($action) {`
			`case 'remove':`
- user web: enhancements to the "foundership request" feature: - If a request is pending, notify the current founder in red on their Account page. (previously there was no notification on the web; if the founder didn't get the notification email, they'd never find out; and if they read but lost the email, they'd lose the URL they needed to visit to decline). - Also notify current founder on the Admin Functions page - On the team page requesting user: show that request is pending, and the deadline. founder: show that request is pending, link to respond other users: show Deferred if can't make a request yet - Say 90 days instead of 60 days where appropriate; other text cleanup - user web: team_change_founder_action.php was generating a different name for each element of a radio button group. That makes it not a radio button. svn path=/trunk/boinc/; revision=14117 2007-11-07 23:59:08 +00:00			`check_tokens($user->authenticator);`
svn path=/trunk/boinc/; revision=14109 2007-11-07 17:32:04 +00:00			`remove_admin($team);`
			`Header("Location: team_admins.php?teamid=$teamid");`
			`exit();`
			`case 'add':`
- user web: enhancements to the "foundership request" feature: - If a request is pending, notify the current founder in red on their Account page. (previously there was no notification on the web; if the founder didn't get the notification email, they'd never find out; and if they read but lost the email, they'd lose the URL they needed to visit to decline). - Also notify current founder on the Admin Functions page - On the team page requesting user: show that request is pending, and the deadline. founder: show that request is pending, link to respond other users: show Deferred if can't make a request yet - Say 90 days instead of 60 days where appropriate; other text cleanup - user web: team_change_founder_action.php was generating a different name for each element of a radio button group. That makes it not a radio button. svn path=/trunk/boinc/; revision=14117 2007-11-07 23:59:08 +00:00			`check_tokens($user->authenticator);`
svn path=/trunk/boinc/; revision=14109 2007-11-07 17:32:04 +00:00			`add_admin($team);`
			`Header("Location: team_admins.php?teamid=$teamid");`
			`exit();`
			`}`
- user web: protect Team Admin ops from cross-project link attacks svn path=/trunk/boinc/; revision=14110 2007-11-07 17:54:27 +00:00			`show_admins($user, $teamid);`
svn path=/trunk/boinc/; revision=14109 2007-11-07 17:32:04 +00:00
			`?>`