Subversion Repositories PEEPS

Rev

Rev 35 | Blame | Compare with Previous | Last modification | View Log | RSS feed 

#!/usr/bin/perl

# Redirect error messages to a log of my choosing. (it's annoying to filter for errors in the shared env)
#my $error_log_path = $ENV{SERVER_NAME} eq "volunteers.rollercon.com" ? "/home3/rollerco/logs/" : "/tmp/";
#close STDERR;
#open STDERR, '>>', $error_log_path.'vorc_error.log' or warn "Failed to open redirected logfile ($0): $!";
#warn "Redirecting errors to ${error_log_path}vorc_error.log";

use strict;
use PEEPS;
use CGI qw/param header start_html url/;
use CGI::Cookie;
our $h = HTML::Tiny->new( mode => 'html' );
my $dbh = getRCDBH ();

my $cookie_string = authenticate (1) || die;
my ($EML, $PWD, $LVL) = split /&/, $cookie_string;
my $user = $ORCUSER;
#my $activated = $ORCUSER->{access};

my %FIELDS = (
  id          => 5,
  policy_name => 10,
  fee         => 15,
  person_id   => 20,
  created     => 25,
  start       => 30,
  end         => 35,
  active      => 40,
  terminated  => 45,
  policy_id   => 50,
  square_id   => 55
);
sub byfield { $FIELDS{$a} <=> $FIELDS{$b}; }


#foreach (sort keys %ENV) {
#       warn "$_: $ENV{$_}";
#}

use DateTime;
my $dt = DateTime->today;
$dt =~ s/T00\:00\:00$//;

my $coverage_id = WebDB::trim scalar param ("id") // ERROR ("Missing PolicyID", "Can't view a policy without an ID to look for.", "No PolicyID provided to View Policy");
my $userid = WebDB::trim scalar param ("userid") // $user->{id};
my $terminate = WebDB::trim scalar param ("terminate") // undef;
my $reinstate = WebDB::trim scalar param ("reinstate") // undef;

my $coverage = getCoverageByID ($coverage_id, $userid) // ERROR ("PolicyID Not Found", "Can't find a policy (that belongs to this user) with that ID.", "PolicyID provided to View Policy not found");

if ($terminate) {
  ERROR ("Unauthorized", "Only System Admins can terminate a policy", "SECURITY: Attempt to terminate policy $coverage->{id} for $coverage->{person_id}") unless $user->{SYSADMIN};
  ERROR ("Invalid Policy", "You attempted to terminate a policy that isn't valid", "Attempted to terminate invalid policy $coverage->{id} for $coverage->{person_id}") unless isPersonCovered ($coverage->{person_id}) eq $coverage->{id};
  
  # We've checked that they're a SysAdmin and that this is the current valid policy.  Go ahead and terminate it.
  use WebDB;
  my $dbh = WebDB::connect;
  
  $dbh->do ("update coverage set coverage.terminated = date(now()), active = null where id = ? and person_id = ?", undef, $coverage->{id}, $coverage->{person_id});
  logit ($user->{id}, "Terminated policy $coverage->{id} for person $coverage->{person_id}");
  logit ($coverage->{person_id}, "Policy $coverage->{id} was terminated by a System Admin");
  
  $coverage = getCoverageByID ($coverage_id, $userid);
}

if ($reinstate) {
  ERROR ("Unauthorized", "Only System Admins can reinstate a policy", "SECURITY: Attempt to reinstate policy $coverage->{id} for $coverage->{person_id}") unless $user->{SYSADMIN};
  ERROR ("Invalid Policy", "You attempted to reinstate a policy that isn't valid", "Attempted to reinstate invalid policy $coverage->{id} for $coverage->{person_id}") unless $coverage->{terminated} =~ /^\d{4}-\d{2}-\d{2}$/;
  
  # We've checked that they're a SysAdmin and that this is the current valid policy.  Go ahead and terminate it.
  use WebDB;
  my $dbh = WebDB::connect;
  
  ($coverage->{still_valid}) = $dbh->selectrow_array ("select if(datediff(?, date(now())) >= 0, 1, 0)", undef, $coverage->{end});
  ERROR ("Invalid Policy", "You attempted to reinstate a policy that ended before today", "Attempted to reinstate already ended policy $coverage->{id} for $coverage->{person_id}") unless $coverage->{still_valid};
  
  $dbh->do ("update coverage set coverage.terminated = null, active = 1 where id = ? and person_id = ?", undef, $coverage->{id}, $coverage->{person_id});
  logit ($user->{id}, "Reinstated policy $coverage->{id} for person $coverage->{person_id}");
  logit ($coverage->{person_id}, "Policy $coverage->{id} was reinstated by a System Admin");
  
  $coverage = getCoverageByID ($coverage_id, $userid);
}

if ($coverage->{terminated}) {
  use WebDB;
  my $dbh = WebDB::connect;
  
  ($coverage->{still_valid}) = $dbh->selectrow_array ("select if(datediff(?, date(now())) >= 0, 1, 0)", undef, $coverage->{end});
}

#$coverage->{active} = $coverage->{active} ? "True" : "False";
$coverage->{active} = isPersonCovered ($coverage->{person_id}) eq $coverage->{id} ? "True" : "False";
$coverage->{terminated} = "False" unless $coverage->{terminated};
$coverage->{created} .= " UTC";
$coverage->{terminated} .= ($user->{SYSADMIN} and isPersonCovered ($coverage->{person_id}) eq $coverage->{id}) ? "&nbsp;&nbsp;".$h->button ({onClick=>"if (confirm('Are you sure you want to terminate this policy?')) { window.location.href='view_policy?terminate=true&id=$coverage->{id}&userid=$coverage->{person_id}'; } else { return false; }"}, "Terminate") : "";
$coverage->{terminated} .= ($user->{SYSADMIN} and $coverage->{terminated} =~ /^\d{4}-\d{2}-\d{2}$/ and $coverage->{still_valid}) ? "&nbsp;&nbsp;".$h->button ({onClick=>"if (confirm('Are you sure you want to reinstate this policy?')) { window.location.href='view_policy?reinstate=true&id=$coverage->{id}&userid=$coverage->{person_id}'; } else { return false; }"}, "Reinstate") : "";

$coverage->{person_id} = $coverage->{person_id} ? $h->a ({ href=>"view_user?person_id=$coverage->{person_id}" }, $coverage->{person_id}." [".getUser ($coverage->{person_id})->{derby_name}."]") : "";

print header (-cookie=>CGI::Cookie->new(-name=>'PEEPSAUTH',-value=>"$cookie_string"));
printRCHeader("View Policy: ".$coverage_id);


print $h->div ({ class=>"index" }, [$h->p ({ class=>"heading" }, "Policy Details:"),
        $h->div ({ class=>"rTable", style=>"min-width: 0%;" }, [
          $h->div ({ class=>"rTableRow" }, map { [$h->div ({ class=>"rTableCellr", style=>"font-size: unset;" }, ucfirst ($_).": ", $coverage->{$_})] } sort byfield grep { exists $FIELDS{$_} } keys %{$coverage})]),
          $h->p ($h->input ({ type=>"button", onClick=>"window.location.href='$ENV{HTTP_REFERER}'", value=>"Back"}))]);


print $h->close ("body"), $h->close ("html");








sub ERROR {
  my $header = shift // "Unknown Error";
  my $text   = shift // "Something unexpectedly bad happened.";
  my $logmsg = shift // "Unknown Error happened while viewing the Attestation page";
  
  print header (-cookie=>CGI::Cookie->new(-name=>'PEEPSAUTH',-value=>"$cookie_string"));
  printRCHeader("Atttestation");
  print $h->close ("table");
  print $h->h2 ($header);
  print $h->div ({ style=>"max-width:450px;" }, $text, "&nbsp;");
  print $h->button ({onclick => "window.location.href='/';"}, "Home");
  print $h->close ("BODY", "HTML");
  logit ($user->{id}, $logmsg);
  exit; 
}