File: 0.01.0a/api.php (View as HTML)

  1: <?php 
  2: /* -------------------------------------------------------------
  3: This file is part of FreeDESK
  4: 
  5: FreeDESK is (C) Copyright 2012 David Cutting
  6: 
  7: FreeDESK is free software: you can redistribute it and/or modify
  8: it under the terms of the GNU General Public License as published by
  9: the Free Software Foundation, either version 3 of the License, or
 10: (at your option) any later version.
 11: 
 12: FreeDESK is distributed in the hope that it will be useful,
 13: but WITHOUT ANY WARRANTY; without even the implied warranty of
 14: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 15: GNU General Public License for more details.
 16: 
 17: You should have received a copy of the GNU General Public License
 18: along with FreeDESK.  If not, see www.gnu.org/licenses
 19: 
 20: For more information see www.purplepixie.org/freedesk/
 21: -------------------------------------------------------------- */
 22: 
 23: ob_start();
 24: include("core/FreeDESK.php");
 25: $DESK = new FreeDESK("./");
 26: $DESK->Start();
 27: ob_end_clean();
 28: 
 29: header("Content-type: text/xml");
 30: header("Expires: Tue, 27 Jul 1997 01:00:00 GMT");
 31: header("Cache-Control: no-store, no-cache, must-revalidate");
 32: header("Cache-Control: post-check=0, pre-check=0", false);
 33: header("Pragma: no-cache");
 34: 
 35: if (!isset($_REQUEST['mode']))
 36: {
 37: 	$error = new FreeDESK_Error(ErrorCode::UnknownMode, "Unknown Mode");
 38: 	echo $error->XML(true);
 39: 	exit();
 40: }
 41: 
 42: if ($_REQUEST['mode']=="login")
 43: {
 44: 	//echo $_REQUEST['username'].$_REQUEST['password'];
 45: 	// TODO: Other Login Modes
 46: 	if ($DESK->ContextManager->Open(ContextType::User, "", $_REQUEST['username'], $_REQUEST['password']))
 47: 	{
 48: 		echo $DESK->ContextManager->Session->XML(true);
 49: 		exit();
 50: 	}
 51: 	else // Login failed
 52: 	{
 53: 		$error = new FreeDESK_Error(ErrorCode::FailedLogin, "Login Failed");
 54: 		echo $error->XML(true);
 55: 		exit();
 56: 	}
 57: }
 58: else if ($_REQUEST['mode']=="logout")
 59: {
 60: 	if ($DESK->ContextManager->Open(ContextType::User, $_REQUEST['sid']))
 61: 		$DESK->ContextManager->Destroy();
 62: 	$xml = new xmlCreate();
 63: 	$xml->charElement("logout","1");
 64: 	echo $xml->getXML(true);
 65: 	exit();
 66: }
 67: 
 68: if (!$DESK->ContextManager->Open(ContextType::User, $_REQUEST['sid']))
 69: {
 70: 	$error = new FreeDESK_Error(ErrorCode::SessionExpired, "Session Expired");
 71: 	echo $error->XML(true);
 72: 	exit();
 73: }
 74: 
 75: if ($_REQUEST['mode']=="requests_assigned")
 76: {
 77: 	$team = isset($_REQUEST['teamid']) ? $_REQUEST['teamid'] : 0;
 78: 	$user = isset($_REQUEST['username']) ? $_REQUEST['username'] : "";
 79: 	$sort = isset($_REQUEST['sort']) ? $_REQUEST['sort'] : "";
 80: 	$order = isset($_REQUEST['order']) && $_REQUEST['order']=="D" ? "DESC" : "ASC";
 81: 	$list = $DESK->RequestManager->FetchAssigned($team, $user, $sort, $order);
 82: 	echo xmlCreate::getHeader()."\n";
 83: 	echo "<request-list>\n";
 84: 	foreach($list as $item)
 85: 	{
 86: 		echo $item->XML(false)."\n";
 87: 	}
 88: 	echo "</request-list>\n";
 89: 	exit();
 90: }
 91: 
 92: if ($_REQUEST['mode']=="entity_search")
 93: {
 94: 	$entity = $DESK->DataDictionary->GetTable($_REQUEST['entity']);
 95: 	
 96: 	if ($entity === false || !$entity->editable)
 97: 	{
 98: 		$err = new FreeDESK_Error(ErrorCode::EntityError, "Entity Error");
 99: 		echo $err->XML(true);
100: 		exit();
101: 	}
102: 	
103: 	if (!$DESK->ContextManager->Permission("entity_view.".$_REQUEST['entity']))
104: 	{
105: 		$err = new FreeDESK_error(ErrorCode::PermissionDenied, "Permission Denied to Entity");
106: 		echo $err->XML(true);
107: 		exit();
108: 	}
109: 
110: 	// ENTITY MANAGER
111: 	$q="SELECT * FROM ".$DESK->Database->Table($entity->entity);
112: 	
113: 	
114: 	$qb = new QueryBuilder();
115: 	$fieldcount = 0;
116: 	foreach($entity->fields as $key => $field)
117: 	{
118: 		if ($field->searchable && isset($_REQUEST[$key]) && ($_REQUEST[$key]!=""))
119: 		{
120: 			if ($fieldcount++ > 0)
121: 				$qb->AddOperation(QueryType::opAND);
122: 			
123: 			if ( ($field->type==DD_FieldType::Char || $field->type==DD_FieldType::Text)  &&
124: 					strpos($_REQUEST[$key], "%") !== true )
125: 				$qb->Add($key, QueryType::Like, $DESK->Database->SafeQuote($_REQUEST[$key]));
126: 			else
127: 				$qb->Add($key, QueryType::Equal, $DESK->Database->SafeQuote($_REQUEST[$key]));
128: 		}
129: 	}
130: 	
131: 
132: 	
133: 	if (isset($_REQUEST['start']))
134: 		$start=$_REQUEST['start'];
135: 	else
136: 		$start = 0;
137: 	
138: 	if (isset($_REQUEST['limit']))
139: 		$limit=$_REQUEST['limit'];
140: 	else
141: 		$limit = 30;
142: 
143: 
144: 	$wc = $DESK->Database->Clause($qb);
145: 	
146: 	if ($wc != "")
147: 		$q.=" WHERE ".$wc;
148: 	
149: 	$meta = array(
150: 		"start" => $start,
151: 		"limit" => $limit );
152: 	
153: 	$r=$DESK->Database->Query($q);
154: 	
155: 	$meta["count"]=$DESK->Database->NumRows($r);
156: 	
157: 	if ($meta["count"]>$limit)
158: 	{
159: 		$q.=" LIMIT ".$DESK->Database->Safe($start).",".$DESK->Database->Safe($limit);
160: 		$DESK->Database->Free($r);
161: 		$r=$DESK->Database->Query($q);
162: 	}
163: 	
164: 	$xml = new xmlCreate();
165: 	$xml->startElement("search-results");
166: 	$xml->startElement("meta");
167: 	foreach($meta as $key => $val)
168: 		$xml->charElement($key, $val);
169: 	$keyfield="";
170: 	foreach($entity->fields as $key => $field)
171: 	{
172: 		if ($field->keyfield)
173: 			$keyfield=$field->field;
174: 		$xml->startElement("field-data");
175: 		$xml->charElement("id",$field->field);
176: 		$xml->charElement("name",$field->name, 0, false, true);
177: 		$xml->endElement("field-data");
178: 	}
179: 	$xml->charElement("keyfield",$keyfield);
180: 	$xml->endElement("meta");
181: 	
182: 	while($row=$DESK->Database->FetchAssoc($r))
183: 	{
184: 		$xml->startElement("entity");
185: 		foreach($row as $key => $val)
186: 		{
187: 			$xml->charElement("field", $val, array("id"=>$key), false, true);
188: 		}
189: 		$xml->endElement("entity");
190: 	}
191: 	$DESK->Database->Free($r);
192: 	
193: 	$xml->endElement("search-results");
194: 	
195: 	echo $xml->getXML(true);
196: 	exit();
197: }
198: 	
199: else if ($_REQUEST['mode'] == "entity_save")
200: {
201: 	$entity = $_REQUEST['entity'];
202: 	$table = $DESK->DataDictionary->GetTable($entity);
203: 	
204: 	if ($entity === false)
205: 	{
206: 		$err = new FreeDESK_Error(ErrorCode::EntityError, "Entity Error (Not Found)");
207: 		echo $err->XML(true);
208: 		exit();
209: 	}
210: 	
211: 	$keyfield = $table->keyfield;
212: 	
213: 	$data = $DESK->EntityManager->Load($entity, $_REQUEST[$keyfield]);
214: 	
215: 	
216: 	if ($data === false)
217: 	{
218: 		$err = new FreeDESK_Error(ErrorCode::EntityError, "Entity Error (Not Loaded)");
219: 		echo $err->XML(true);
220: 		exit();
221: 	}
222: 	
223: 	foreach($table->fields as $id => $field)
224: 	{
225: 		if ($id != $keyfield)
226: 			if (isset($_REQUEST[$id]))
227: 				$data->Set($id, $_REQUEST[$id]);
228: 	}
229: 	
230: 	$result = $DESK->EntityManager->Save($data);
231: 	
232: 	if ($result)
233: 	{
234: 		$xml = new xmlCreate();
235: 		$xml->charElement("operation","1");
236: 		echo $xml->getXML(true);
237: 		exit();
238: 	}
239: 	else
240: 	{
241: 		$err = new FreeDESK_Error(ErrorCode::EntityError, "Entity Error (Not Saved)");
242: 		echo $err->XML(true);
243: 		exit();
244: 	}
245: }
246: 
247: else if ($_REQUEST['mode'] == "entity_create")
248: {
249: 	$entity = $_REQUEST['entity'];
250: 	$table = $DESK->DataDictionary->GetTable($entity);
251: 	
252: 	if ($entity === false)
253: 	{
254: 		$err = new FreeDESK_Error(ErrorCode::EntityError, "Entity Error (Not Found)");
255: 		echo $err->XML(true);
256: 		exit();
257: 	}
258: 	
259: 	$data = $DESK->EntityManager->Create($entity);
260: 	
261: 	foreach($table->fields as $id => $field)
262: 	{
263: 		if ($id != $keyfield)
264: 			if (isset($_REQUEST[$id]))
265: 				$data->Set($id, $_REQUEST[$id]);
266: 	}
267: 	
268: 	$result = $DESK->EntityManager->Insert($data);
269: 	
270: 	if ($result)
271: 	{
272: 		$xml = new xmlCreate();
273: 		$xml->charElement("operation","1");
274: 		echo $xml->getXML(true);
275: 		exit();
276: 	}
277: 	else
278: 	{
279: 		$err = new FreeDESK_Error(ErrorCode::EntityError, "Entity Error (Not Saved)");
280: 		echo $err->XML(true);
281: 		exit();
282: 	}
283: }
284: 
285: else if ($_REQUEST['mode'] == "user_edit")
286: {
287: 	if (!$DESK->ContextManager->Permission("user_admin"))
288: 	{
289: 		$error = new FreeDESK_Error(ErrorCode::Forbidden, "Permission Denied");
290: 		echo $error->XML(true);
291: 		exit();
292: 	}
293: 	
294: 	$q = "UPDATE ".$DESK->Database->Table("user")." SET ";
295: 	
296: 	$q.=$DESK->Database->Field("username")."=".$DESK->Database->SafeQuote($_REQUEST['username']).",";
297: 	$q.=$DESK->Database->Field("realname")."=".$DESK->Database->SafeQuote($_REQUEST['realname']).",";
298: 	$q.=$DESK->Database->Field("email")."=".$DESK->Database->SafeQuote($_REQUEST['email']).",";
299: 	$q.=$DESK->Database->Field("permgroup")."=".$DESK->Database->SafeQuote($_REQUEST['permgroup']);
300: 	
301: 	$q.=" WHERE ".$DESK->Database->Field("username")."=".$DESK->Database->SafeQuote($_REQUEST['original_username']);
302: 	
303: 	$DESK->Database->Query($q);
304: 	
305: 	if (isset($_REQUEST['password']) && $_REQUEST['password']!="")
306: 	{
307: 		$amb = new AuthMethodStandard($DESK);
308: 		$amb->SetPassword($_REQUEST['username'], $_REQUEST['password']);
309: 	}
310: 	
311: 	$q="DELETE FROM ".$DESK->Database->Table("teamuserlink")." WHERE ".$DESK->Database->Field("username")."="
312: 		.$DESK->Database->SafeQuote($_REQUEST['original_username']);
313: 	$DESK->Database->Query($q);
314: 	
315: 	if (isset($_REQUEST['team']))
316: 	{
317: 		foreach($_REQUEST['team'] as $team)
318: 		{
319: 			$q="INSERT INTO ".$DESK->Database->Table("teamuserlink")."(".$DESK->Database->Field("username").","
320: 				.$DESK->Database->Field("teamid").") VALUES(".$DESK->Database->SafeQuote($_REQUEST['username']).","
321: 				.$DESK->Database->Safe($team).")";
322: 			$DESK->Database->Query($q);
323: 		}
324: 	}
325: 	
326: 	$xml = new xmlCreate();
327: 	$xml->charElement("operation","1");
328: 	echo $xml->getXML(true);
329: 	exit();
330: }
331: 
332: else if ($_REQUEST['mode'] == "request_update")
333: {
334: 	// TODO: PERMISSIONS + PUBLIC
335: 	
336: 	$public=false;
337: 	if (isset($_REQUEST['public']) && $_REQUEST['public']==1)
338: 		$public=true;
339: 	
340: 	$req = $DESK->RequestManager->Fetch($_REQUEST['requestid']);
341: 	if ($req === false)
342: 	{
343: 		$error = new FreeDESK_Error(ErrorCode::UnknownRequest, "Unknown Request");
344: 		echo $error->XML(true);
345: 		exit();
346: 	}
347: 	
348: 	if (isset($_REQUEST['update']) && $_REQUEST['update']!="")
349: 		$req->Update($_REQUEST['update'], $public);
350: 	
351: 	if (isset($_REQUEST['status']) && $_REQUEST['status']!="" && $_REQUEST['status']!=" " && is_numeric($_REQUEST['status']))
352: 		$req->Status($_REQUEST['status'], $public);
353: 	
354: 	// TODO: ASSIGNMENT PERMISSION
355: 	if (isset($_REQUEST['assign']) && $_REQUEST['assign'] != "" && $_REQUEST['assign'] != " ") // Composite assignment
356: 	{
357: 		$team = 0;
358: 		$user = "";
359: 		
360: 		$assign = $_REQUEST['assign'];
361: 		
362: 		if (is_numeric($assign)) // just a team
363: 			$team = $assign;
364: 		else
365: 		{
366: 			$parts = explode("/",$assign);
367: 			$team = $parts[0];
368: 			if (isset($parts[1]))
369: 				$user=$parts[1];
370: 		}
371: 		
372: 		$req->Assign($team, $user, $public);
373: 	}
374: 	
375: 	
376: 	$xml = new xmlCreate();
377: 	$xml->charElement("operation","1");
378: 	echo $xml->getXML(true);
379: 	exit();
380: }
381: 
382: else if ($_REQUEST['mode'] == 'request_create')
383: {
384: 	if (isset($_REQUEST['class']))
385: 		$class = $_REQUEST['class'];
386: 	else
387: 		$class = "";
388: 	
389: 	// Request of required class
390: 	$req = $DESK->RequestManager->CreateById($class);
391: 	
392: 	// Assignment of request: TODO permissions for this!
393: 	$team=0;
394: 	$user="";
395: 	
396: 	if (isset($_REQUEST['assign']))
397: 	{
398: 		if (is_numeric($assign)) // just a team
399: 			$team = $assign;
400: 		else
401: 		{
402: 			$parts = explode("/",$assign);
403: 			$team = $parts[0];
404: 			if (isset($parts[1]))
405: 				$user=$parts[1];
406: 		}
407: 	}
408: 	
409: 	$id = $req->Create($_REQUEST['customer'], $_REQUEST['update'], $class, $_REQUEST['status'], $_REQUEST['priority'], 
410: 		$team, $user);
411: 	
412: 	$xml = new xmlCreate();
413: 	$xml->charElement("request", $id);
414: 	echo $xml->getXML(true);
415: 	exit();
416: }
417: 
418: else if ($_REQUEST['mode'] == 'permission_save')
419: {
420: 	if (!$DESK->ContextManager->Permission("user_admin"))
421: 	{
422: 		$error = new FreeDESK_Error(ErrorCode::Forbidden, "Permission Denied");
423: 		echo $error->XML(true);
424: 		exit();
425: 	}
426: 	
427: 	if ($_REQUEST['type'] == "user")
428: 	{
429: 		$type="user";
430: 		$usergroupid=$_REQUEST['username'];
431: 	}
432: 	else if ($_REQUEST['type'] == "group")
433: 	{
434: 		$type="group";
435: 		$usergroupid=$_REQUEST['groupid'];
436: 	}
437: 	else
438: 	{
439: 		$error = new FreeDESK_Error(ErrorCode::UnknownMode, "Unknown Mode ".$_REQUEST['mode']);
440: 		echo $error->XML(true);
441: 		exit();
442: 	}
443: 	
444: 	$q="DELETE FROM ".$DESK->Database->Table("permissions")." WHERE ";
445: 	$q.=$DESK->Database->Field("permissiontype")."=".$DESK->Database->SafeQuote($type)." AND ";
446: 	$q.=$DESK->Database->Field("usergroupid")."=".$DESK->Database->SafeQuote($usergroupid);
447: 	
448: 	$DESK->Database->Query($q);
449: 	
450: 	$perms = $DESK->PermissionManager->PermissionList();
451: 	
452: 	foreach($perms as $perm => $def)
453: 	{
454: 		$htmlperm = str_replace(".","#",$perm);
455: 		if (isset($_REQUEST[$htmlperm]))
456: 		{
457: 			$DESK->LoggingEngine->Log($perm,$_REQUEST[$htmlperm],"hi");
458: 			$val=-1;
459: 			if ($_REQUEST[$htmlperm] == "1")
460: 				$val=1;
461: 			else if ($_REQUEST[$htmlperm] == "0")
462: 				$val=0;
463: 			
464: 			if ($val==1 || $val==0)
465: 			{
466: 				$q="INSERT INTO ".$DESK->Database->Table("permissions")."(";
467: 				$q.=$DESK->Database->Field("permissiontype").",".$DESK->Database->Field("permission").",";
468: 				$q.=$DESK->Database->Field("usergroupid").",".$DESK->Database->Field("allowed").") VALUES(";
469: 				$q.=$DESK->Database->SafeQuote($type).",".$DESK->Database->SafeQuote($perm).",";
470: 				$q.=$DESK->Database->SafeQuote($usergroupid).",".$DESK->Database->Safe($val).")";
471: 				
472: 				$DESK->Database->Query($q);
473: 			}
474: 		}
475: 	}
476: 	
477: 	
478: 	$xml = new xmlCreate();
479: 	$xml->charElement("operation","1");
480: 	echo $xml->getXML(true);
481: 	exit();
482: }
483: 
484: else if ($_REQUEST['mode'] == "create_user")
485: {
486: 	if (!$DESK->ContextManager->Permission("user_admin"))
487: 	{
488: 		$error = new FreeDESK_Error(ErrorCode::Forbidden, "Permission Denied");
489: 		echo $error->XML(true);
490: 		exit();
491: 	}
492: 
493: 	if ($_REQUEST['username'] != "")
494: 	{
495: 		$q="INSERT INTO ".$DESK->Database->Table("user")."(".$DESK->Database->Field("username").") VALUES(";
496: 		$q.=$DESK->Database->SafeQuote($_REQUEST['username']).")";
497: 		$DESK->Database->Query($q);
498: 	}
499: 	$xml = new xmlCreate();
500: 	$xml->charElement("operation","1");
501: 	echo $xml->getXML(true);
502: 	exit();	
503: }
504: 
505: else if ($_REQUEST['mode'] == "delete_user")
506: {
507: 	// TODO: Delete related data e.g. perms, links and reassign requests
508: 	if (!$DESK->ContextManager->Permission("user_admin"))
509: 	{
510: 		$error = new FreeDESK_Error(ErrorCode::Forbidden, "Permission Denied");
511: 		echo $error->XML(true);
512: 		exit();
513: 	}
514: 
515: 	if ($_REQUEST['username'] != "")
516: 	{
517: 		$q="DELETE FROM ".$DESK->Database->Table("user")." WHERE ";
518: 		$q.=$DESK->Database->Field("username")."=".$DESK->Database->SafeQuote($_REQUEST['username']);
519: 		$DESK->Database->Query($q);
520: 	}
521: 	$xml = new xmlCreate();
522: 	$xml->charElement("operation","1");
523: 	echo $xml->getXML(true);
524: 	exit();	
525: }
526: 
527: else if ($_REQUEST['mode'] == "permgroup_delete")
528: {
529: 	$id=$_REQUEST['permgroupid'];
530: 	if (!$DESK->ContextManager->Permission("user_admin"))
531: 	{
532: 		$error = new FreeDESK_Error(ErrorCode::Forbidden, "Permission Denied");
533: 		echo $error->XML(true);
534: 		exit();
535: 	}
536: 	
537: 	$DESK->PermissionManager->DeleteGroup($id);
538: 	
539: 	$xml = new xmlCreate();
540: 	$xml->charElement("operation","1");
541: 	echo $xml->getXML(true);
542: 	exit();	
543: }
544: 
545: else if ($_REQUEST['mode'] == "permgroup_create")
546: {
547: 	$name=$_REQUEST['groupname'];
548: 	if (!$DESK->ContextManager->Permission("user_admin"))
549: 	{
550: 		$error = new FreeDESK_Error(ErrorCode::Forbidden, "Permission Denied");
551: 		echo $error->XML(true);
552: 		exit();
553: 	}
554: 	
555: 	$DESK->PermissionManager->CreateGroup($name);
556: 	
557: 	$xml = new xmlCreate();
558: 	$xml->charElement("operation","1");
559: 	echo $xml->getXML(true);
560: 	exit();	
561: }
562: 
563: else if ($_REQUEST['mode'] == "team_create")
564: {
565: 	$name=$_REQUEST['teamname'];
566: 	if (!$DESK->ContextManager->Permission("user_admin"))
567: 	{
568: 		$error = new FreeDESK_Error(ErrorCode::Forbidden, "Permission Denied");
569: 		echo $error->XML(true);
570: 		exit();
571: 	}
572: 	
573: 	$DESK->RequestManager->CreateTeam($name);
574: 	
575: 	$xml = new xmlCreate();
576: 	$xml->charElement("operation","1");
577: 	echo $xml->getXML(true);
578: 	exit();	
579: }
580: 
581: else if ($_REQUEST['mode'] == "team_update")
582: {
583: 	$name=$_REQUEST['teamname'];
584: 	$id=$_REQUEST['id'];
585: 	if (!$DESK->ContextManager->Permission("user_admin"))
586: 	{
587: 		$error = new FreeDESK_Error(ErrorCode::Forbidden, "Permission Denied");
588: 		echo $error->XML(true);
589: 		exit();
590: 	}
591: 	
592: 	$DESK->RequestManager->UpdateTeam($id,$name);
593: 	
594: 	$xml = new xmlCreate();
595: 	$xml->charElement("operation","1");
596: 	echo $xml->getXML(true);
597: 	exit();	
598: }
599: 
600: else if ($_REQUEST['mode'] == "team_delete")
601: {
602: 	$id=$_REQUEST['id'];
603: 	if (!$DESK->ContextManager->Permission("user_admin"))
604: 	{
605: 		$error = new FreeDESK_Error(ErrorCode::Forbidden, "Permission Denied");
606: 		echo $error->XML(true);
607: 		exit();
608: 	}
609: 	
610: 	$DESK->RequestManager->DeleteTeam($id);
611: 	
612: 	$xml = new xmlCreate();
613: 	$xml->charElement("operation","1");
614: 	echo $xml->getXML(true);
615: 	exit();	
616: }
617: 
618: else if ($_REQUEST['mode'] == "status_create")
619: {
620: 	$name=$_REQUEST['name'];
621: 	if (!$DESK->ContextManager->Permission("user_admin"))
622: 	{
623: 		$error = new FreeDESK_Error(ErrorCode::Forbidden, "Permission Denied");
624: 		echo $error->XML(true);
625: 		exit();
626: 	}
627: 	
628: 	$DESK->RequestManager->CreateStatus($name);
629: 	
630: 	$xml = new xmlCreate();
631: 	$xml->charElement("operation","1");
632: 	echo $xml->getXML(true);
633: 	exit();	
634: }
635: 
636: else if ($_REQUEST['mode'] == "status_delete")
637: {
638: 	$id=$_REQUEST['id'];
639: 	if (!$DESK->ContextManager->Permission("user_admin"))
640: 	{
641: 		$error = new FreeDESK_Error(ErrorCode::Forbidden, "Permission Denied");
642: 		echo $error->XML(true);
643: 		exit();
644: 	}
645: 	
646: 	$DESK->RequestManager->DeleteStatus($id);
647: 	
648: 	$xml = new xmlCreate();
649: 	$xml->charElement("operation","1");
650: 	echo $xml->getXML(true);
651: 	exit();	
652: }
653: 
654: else if ($_REQUEST['mode'] == "status_update")
655: {
656: 	$id=$_REQUEST['id'];
657: 	$name=$_REQUEST['name'];
658: 	if (!$DESK->ContextManager->Permission("user_admin"))
659: 	{
660: 		$error = new FreeDESK_Error(ErrorCode::Forbidden, "Permission Denied");
661: 		echo $error->XML(true);
662: 		exit();
663: 	}
664: 	
665: 	$DESK->RequestManager->UpdateStatus($id,$name);
666: 	
667: 	$xml = new xmlCreate();
668: 	$xml->charElement("operation","1");
669: 	echo $xml->getXML(true);
670: 	exit();	
671: }
672: 
673: else if ($_REQUEST['mode'] == "plugin_install")
674: {
675: 	if (!$DESK->ContextManager->Permission("sysadmin_plugins"))
676: 	{
677: 		$error = new FreeDESK_Error(ErrorCode::Forbidden, "Permission Denied");
678: 		echo $error->XML(true);
679: 		exit();
680: 	}
681: 	
682: 	$plugin=$_REQUEST['plugin'];
683: 	
684: 	$DESK->PluginManager->InstallPIM($plugin);
685: 	
686: 	$xml = new xmlCreate();
687: 	$xml->charElement("operation","1");
688: 	echo $xml->getXML(true);
689: 	exit();
690: }
691: 
692: else if ($_REQUEST['mode'] == "plugin_activate")
693: {
694: 	if (!$DESK->ContextManager->Permission("sysadmin_plugins"))
695: 	{
696: 		$error = new FreeDESK_Error(ErrorCode::Forbidden, "Permission Denied");
697: 		echo $error->XML(true);
698: 		exit();
699: 	}
700: 	
701: 	$id=$_REQUEST['id'];
702: 	
703: 	$DESK->PluginManager->ActivatePIM($id, true);
704: 	
705: 	$xml = new xmlCreate();
706: 	$xml->charElement("operation","1");
707: 	echo $xml->getXML(true);
708: 	exit();
709: }
710: 
711: else if ($_REQUEST['mode'] == "plugin_deactivate")
712: {
713: 	if (!$DESK->ContextManager->Permission("sysadmin_plugins"))
714: 	{
715: 		$error = new FreeDESK_Error(ErrorCode::Forbidden, "Permission Denied");
716: 		echo $error->XML(true);
717: 		exit();
718: 	}
719: 	
720: 	$id=$_REQUEST['id'];
721: 	
722: 	$DESK->PluginManager->ActivatePIM($id, false);
723: 	
724: 	$xml = new xmlCreate();
725: 	$xml->charElement("operation","1");
726: 	echo $xml->getXML(true);
727: 	exit();
728: }
729: 
730: else if ($_REQUEST['mode'] == "plugin_uninstall")
731: {
732: 	if (!$DESK->ContextManager->Permission("sysadmin_plugins"))
733: 	{
734: 		$error = new FreeDESK_Error(ErrorCode::Forbidden, "Permission Denied");
735: 		echo $error->XML(true);
736: 		exit();
737: 	}
738: 	
739: 	$id=$_REQUEST['id'];
740: 	
741: 	$DESK->PluginManager->UninstallPIM($id);
742: 	
743: 	$xml = new xmlCreate();
744: 	$xml->charElement("operation","1");
745: 	echo $xml->getXML(true);
746: 	exit();
747: }
748: 
749: else if ($_REQUEST['mode'] == "sysvar_save")
750: {
751: 	if (!$DESK->ContextManager->Permission("sysadmin_advanced"))
752: 	{
753: 		$error = new FreeDESK_Error(ErrorCode::Forbidden, "Permission Denied");
754: 		echo $error->XML(true);
755: 		exit();
756: 	}
757: 	
758: 	$id = $_REQUEST['id'];
759: 	$value = $_REQUEST['value'];
760: 	
761: 	$DESK->Configuration->Set($id, $value, true);
762: 	
763: 	$xml = new xmlCreate();
764: 	$xml->charElement("operation","1");
765: 	echo $xml->getXML(true);
766: 	exit();
767: }
768: 
769: else if ($_REQUEST['mode'] == "sysvar_create")
770: {
771: 	if (!$DESK->ContextManager->Permission("sysadmin_advanced"))
772: 	{
773: 		$error = new FreeDESK_Error(ErrorCode::Forbidden, "Permission Denied");
774: 		echo $error->XML(true);
775: 		exit();
776: 	}
777: 	
778: 	$id = $_REQUEST['id'];
779: 	$value = $_REQUEST['value'];
780: 	
781: 	$DESK->Configuration->Set($id, $value, true);
782: 	
783: 	$xml = new xmlCreate();
784: 	$xml->charElement("operation","1");
785: 	echo $xml->getXML(true);
786: 	exit();
787: }
788: 
789: else if ($_REQUEST['mode'] == "sysvar_delete")
790: {
791: 	if (!$DESK->ContextManager->Permission("sysadmin_advanced"))
792: 	{
793: 		$error = new FreeDESK_Error(ErrorCode::Forbidden, "Permission Denied");
794: 		echo $error->XML(true);
795: 		exit();
796: 	}
797: 	
798: 	$id = $_REQUEST['id'];
799: 	$value = $_REQUEST['value'];
800: 	
801: 	$DESK->Configuration->Delete($id);
802: 	
803: 	$xml = new xmlCreate();
804: 	$xml->charElement("operation","1");
805: 	echo $xml->getXML(true);
806: 	exit();
807: }
808: 
809: else if ($_REQUEST['mode'] == "reqclass_save")
810: {
811: 	if (!$DESK->ContextManager->Permission("sysadmin_advanced"))
812: 	{
813: 		$error = new FreeDESK_Error(ErrorCode::Forbidden, "Permission Denied");
814: 		echo $error->XML(true);
815: 		exit();
816: 	}
817: 	
818: 	$id = $_REQUEST['id'];
819: 	$classname = isset($_REQUEST['classname']) ? $_REQUEST['classname'] : "";
820: 	$classclass = isset($_REQUEST['classclass']) ? $_REQUEST['classclass'] : "";
821: 	
822: 	$DESK->RequestManager->SaveRequestClass($classname, $classclass, $id);
823: 	
824: 	$xml = new xmlCreate();
825: 	$xml->charElement("operation","1");
826: 	echo $xml->getXML(true);
827: 	exit();
828: }
829: 
830: else if ($_REQUEST['mode'] == "reqclass_create")
831: {
832: 	if (!$DESK->ContextManager->Permission("sysadmin_advanced"))
833: 	{
834: 		$error = new FreeDESK_Error(ErrorCode::Forbidden, "Permission Denied");
835: 		echo $error->XML(true);
836: 		exit();
837: 	}
838: 	
839: 	$classname = isset($_REQUEST['classname']) ? $_REQUEST['classname'] : "";
840: 	$classclass = isset($_REQUEST['classclass']) ? $_REQUEST['classclass'] : "";
841: 	
842: 	$DESK->RequestManager->SaveRequestClass($classname, $classclass);
843: 	
844: 	$xml = new xmlCreate();
845: 	$xml->charElement("operation","1");
846: 	echo $xml->getXML(true);
847: 	exit();
848: }
849: 
850: else if ($_REQUEST['mode'] == "reqclass_delete")
851: {
852: 	if (!$DESK->ContextManager->Permission("sysadmin_advanced"))
853: 	{
854: 		$error = new FreeDESK_Error(ErrorCode::Forbidden, "Permission Denied");
855: 		echo $error->XML(true);
856: 		exit();
857: 	}
858: 	
859: 	$id = isset($_REQUEST['id']) ? $_REQUEST['id'] : 0;
860: 	
861: 	$DESK->RequestManager->DeleteRequestClass($id);
862: 	
863: 	$xml = new xmlCreate();
864: 	$xml->charElement("operation","1");
865: 	echo $xml->getXML(true);
866: 	exit();
867: }
868: 
869: else if ($_REQUEST['mode'] == "priority_save" || $_REQUEST['mode'] == "priority_create")
870: {
871: 	if (!$DESK->ContextManager->Permission("sysadmin_advanced"))
872: 	{
873: 		$error = new FreeDESK_Error(ErrorCode::Forbidden, "Permission Denied");
874: 		echo $error->XML(true);
875: 		exit();
876: 	}
877: 	
878: 	// name SLA schedule [id]
879: 	$id = isset($_REQUEST['id']) ? $_REQUEST['id'] : 0;
880: 	$name = isset($_REQUEST['name']) ? $_REQUEST['name'] : "";
881: 	$sla = isset($_REQUEST['sla']) ? $_REQUEST['sla'] : 0;
882: 	$schedule = isset($_REQUEST['schedule']) ? $_REQUEST['schedule'] : 0;
883: 	
884: 	$DESK->RequestManager->SavePriority($name, $sla, $schedule, $id);
885: 	
886: 	$xml = new xmlCreate();
887: 	$xml->charElement("operation","1");
888: 	echo $xml->getXML(true);
889: 	exit();
890: }
891: 
892: else if ($_REQUEST['mode'] == "priority_delete")
893: {
894: 	if (!$DESK->ContextManager->Permission("sysadmin_advanced"))
895: 	{
896: 		$error = new FreeDESK_Error(ErrorCode::Forbidden, "Permission Denied");
897: 		echo $error->XML(true);
898: 		exit();
899: 	}
900: 	
901: 	
902: 	$id = isset($_REQUEST['id']) ? $_REQUEST['id'] : 0;
903: 	
904: 	$DESK->RequestManager->DeletePriority($id);
905: 	
906: 	$xml = new xmlCreate();
907: 	$xml->charElement("operation","1");
908: 	echo $xml->getXML(true);
909: 	exit();
910: }
911: 
912: else if ($_REQUEST['mode'] == "email_create")
913: {
914: 	if (!$DESK->ContextManager->Permission("email_accounts"))
915: 	{
916: 		$error = new FreeDESK_Error(ErrorCode::Forbidden, "Permission Denied");
917: 		echo $error->XML(true);
918: 		exit();
919: 	}
920: 	
921: 	
922: 	$name = isset($_REQUEST['name']) ? $_REQUEST['name'] : "";
923: 	
924: 	$DESK->Email->SaveAccount($name, "", "", "", 50, 0, "", "", "");
925: 	
926: 	$xml = new xmlCreate();
927: 	$xml->charElement("operation","1");
928: 	echo $xml->getXML(true);
929: 	exit();
930: }
931: 
932: else if ($_REQUEST['mode'] == "email_delete")
933: {
934: 	if (!$DESK->ContextManager->Permission("email_accounts"))
935: 	{
936: 		$error = new FreeDESK_Error(ErrorCode::Forbidden, "Permission Denied");
937: 		echo $error->XML(true);
938: 		exit();
939: 	}
940: 	
941: 	
942: 	$id = isset($_REQUEST['id']) ? $_REQUEST['id'] : 0;
943: 	
944: 	$DESK->Email->DeleteAccount($id);
945: 	
946: 	$xml = new xmlCreate();
947: 	$xml->charElement("operation","1");
948: 	echo $xml->getXML(true);
949: 	exit();
950: }
951: 
952: else if ($_REQUEST['mode'] == "email_save")
953: {
954: 	if (!$DESK->ContextManager->Permission("email_accounts"))
955: 	{
956: 		$error = new FreeDESK_Error(ErrorCode::Forbidden, "Permission Denied");
957: 		echo $error->XML(true);
958: 		exit();
959: 	}
960: 	
961: 	
962: 	$id = isset($_REQUEST['id']) ? $_REQUEST['id'] : 0;
963: 	$name = isset($_REQUEST['name']) ? $_REQUEST['name'] : "";
964: 	$host = isset($_REQUEST['host']) ? $_REQUEST['host'] : "";
965: 	$from = isset($_REQUEST['from']) ? $_REQUEST['from'] : "";
966: 	$fromname = isset($_REQUEST['fromname']) ? $_REQUEST['fromname'] : "";
967: 	$wordwrap = isset($_REQUEST['wordwrap']) ? $_REQUEST['wordwrap'] : 0;
968: 	$auth = isset($_REQUEST['auth']) ? $_REQUEST['auth'] : 0;
969: 	$username = isset($_REQUEST['username']) ? $_REQUEST['username'] : "";
970: 	$password = isset($_REQUEST['password']) ? $_REQUEST['password'] : "";
971: 	$smtpsec = isset($_REQUEST['smtpsec']) ? $_REQUEST['smtpsec'] : "";
972: 	
973: 	$DESK->Email->SaveAccount($name, $host, $from, $fromname, $wordwrap, $auth, $username, $password, $smtpsec, $id);
974: 	
975: 	$xml = new xmlCreate();
976: 	$xml->charElement("operation","1");
977: 	echo $xml->getXML(true);
978: 	exit();
979: }
980: 
981: else if ($_REQUEST['mode'] == "email_test")
982: {
983: 	if (!$DESK->ContextManager->Permission("email_accounts"))
984: 	{
985: 		$error = new FreeDESK_Error(ErrorCode::Forbidden, "Permission Denied");
986: 		echo $error->XML(true);
987: 		exit();
988: 	}
989: 	
990: 	
991: 	$id = isset($_REQUEST['id']) ? $_REQUEST['id'] : 0;
992: 	$to = isset($_REQUEST['to']) ? $_REQUEST['to'] : "";
993: 	
994: 	$res = $DESK->Email->Send($id, $to, "FreeDESK Test", "FreeDESK Test Mail");
995: 	
996: 	if ($res)
997: 	{
998: 		$xml = new xmlCreate();
999: 		$xml->charElement("operation","1");
1000: 		echo $xml->getXML(true);
1001: 		exit();
1002: 	}
1003: 	else
1004: 	{
1005: 		$error = new FreeDESK_Error(ErrorCode::OperationFailed, "Operation Failed");
1006: 		echo $error->XML(true);
1007: 		exit();
1008: 	}
1009: }
1010: 
1011: else if ($_REQUEST['mode'] == "email_send")
1012: {
1013: 	// Just standard auth required
1014: 	
1015: 	
1016: 	$id = isset($_REQUEST['id']) ? $_REQUEST['id'] : 0;
1017: 	$to = isset($_REQUEST['to']) ? $_REQUEST['to'] : "";
1018: 	$subject = isset($_REQUEST['subject']) ? $_REQUEST['subject'] : "";
1019: 	$body = isset($_REQUEST['body']) ? $_REQUEST['body'] : "";
1020: 	
1021: 	$res = $DESK->Email->Send($id, $to, $subject, $body);
1022: 	
1023: 	if ($res)
1024: 	{
1025: 		$xml = new xmlCreate();
1026: 		$xml->charElement("operation","1");
1027: 		echo $xml->getXML(true);
1028: 		exit();
1029: 	}
1030: 	else
1031: 	{
1032: 		$error = new FreeDESK_Error(ErrorCode::OperationFailed, "Operation Failed");
1033: 		echo $error->XML(true);
1034: 		exit();
1035: 	}
1036: }
1037: 
1038: else if ($_REQUEST['mode'] == "template_save")
1039: {
1040: 	if (!$DESK->ContextManager->Permission("email_templates"))
1041: 	{
1042: 		$error = new FreeDESK_Error(ErrorCode::Forbidden, "Permission Denied");
1043: 		echo $error->XML(true);
1044: 		exit();
1045: 	}
1046: 	
1047: 	
1048: 	$id = isset($_REQUEST['id']) ? $_REQUEST['id'] : "";
1049: 	$subject = isset($_REQUEST['subject']) ? $_REQUEST['subject'] : "";
1050: 	$body = isset($_REQUEST['body']) ? $_REQUEST['body'] : "";
1051: 	
1052: 	$DESK->Email->SaveTemplate($id, $subject, $body);
1053: 	
1054: 	$xml = new xmlCreate();
1055: 	$xml->charElement("operation","1");
1056: 	echo $xml->getXML(true);
1057: 	exit();
1058: 	
1059: }
1060: 
1061: if ($DESK->PluginManager->API($_REQUEST['mode']))
1062: 	exit();
1063: 
1064: $error = new FreeDESK_Error(ErrorCode::UnknownMode, "Unknown Mode ".$_REQUEST['mode']);
1065: echo $error->XML(true);
1066: exit();
1067: 
1068: ?>
1069: