<?php
include_once "/Common/Logging.php";
include_once "/Account/User.php";
include_once "/db/DBOper.php";
include_once "/language/lang.php";

/**可否编辑管理该账号，主要检查权限方面 */
function CanEdit($userData)
{
    global $user;
    if ($user->IsAdminSuper()) {
        return true;
    }

    // 只能管理自己组织内的账号
    if ($user->GetAttr("Organization") != $userData["Organization"]) {
        \Logging\LogError("Organization is different. userAccount:" . $user->GetAttr("UserAccount") . " editUserAccount:" . $userData["UserAccount"]);
        return false;
    }

    // 只能管理账号等级不超过自己的
    if ($user->GetAttr("UserLV") < $userData["UserLV"]) {
        \Logging\LogError("UserLV is less. userAccount:" . $user->GetAttr("UserAccount") . " editUserAccount:" . $userData["UserAccount"]);
        return false;
    }

    return true;
}

function UserEdit($opType)
{
    global $alertMsg, $user, $PGroups;

    \Logging\LogInfo("_POST:" . print_r($_POST, true));

    $UserAccount = $_POST["UserAccount"];

    $find = array(
        "UserAccount" => $UserAccount
    );

    DBOper\FindOne("GMTUser", $find, $findUser);

    // 添加
    if ($opType == "add") {
        if (count($findUser) > 0) {
            $alertMsg = \Lang\gettext("该账号已存在");
            return false;
        }
    } else {
        if (!isset($findUser) || count($findUser) == 0) {
            $alertMsg = \Lang\gettext("该账号不存在");
            return false;
        }
    }

    if ($opType == "del") {
        if ($user->GetAttr("UserAccount") == $findUser["UserAccount"]) {
            $alertMsg = \Lang\gettext("无法执行该操作");
            \Logging\LogError("无法执行该操作" . print_r($find, true));
            return false;
        }
        if (!CanEdit($findUser)) {
            $alertMsg = \Lang\gettext("您没有该权限");
            return false;
        }
        if (!DBOper\Remove("GMTUser", $find)) {
            $alertMsg = \Lang\gettext("删除失败");
            \Logging\LogError("删除失败" . print_r($find, true));
            return false;
        }
        $alertMsg = \Lang\gettext("删除成功");
        \Logging\LogInfo("删除成功" . print_r($find, true));
        return true;
    }

    $PswAdmin = \Commfunc\GetEncodePsw($_POST["PswAdmin"]);
    if (!$PswAdmin || $PswAdmin != $user->GetAttr("Psw")) {
        $alertMsg = \Lang\gettext("您的账号密码错误");
        return false;
    }

    $UserAccount = $_POST["UserAccount"];
    $UserLV = intval($_POST["UserLV"]);
    $Organization = $_POST["Organization"];

    $OrganizationList = \CommFunc\GetAllOrganization();
    if (!in_array($Organization, $OrganizationList)) {
        return false;
    }

    $editArray = array(
        "UserAccount" => $UserAccount,
        "UserLV" => $UserLV,
        "Organization" => $Organization,
    );

    if ($opType == "add" || $_POST["Psw"] != "") {
        $Psw = $_POST["Psw"];
        $PswConfirm = $_POST["PswConfirm"];
        if (!$Psw || $Psw != $PswConfirm) {
            $alertMsg = \Lang\gettext("密码不一致");
            return false;
        }
        $editArray["Psw"] = \Commfunc\GetEncodePsw($Psw);
    }

    // 渠道仅限自己的渠道权限内
    $SPList = array();
    foreach ($user->GetSPIDAll() as $value) {
        if ($_POST["SPID_" . $value] == "on") {
            array_push($SPList, $value);
        }
    }
    $editArray["SPList"] = $SPList;

    $PermissionGroups = array();
    foreach ($PGroups as $GroupName) {
        $checkBoxName = "PGroup_" . urlencode($GroupName);
        if ($_POST[$checkBoxName] == "on") {
            array_push($PermissionGroups, $GroupName);
        }
    }
    $editArray["PermissionGroups"] = $PermissionGroups;

    if (!CanEdit($editArray)) {
        $alertMsg = \Lang\gettext("您没有该权限");
        return false;
    }

    // 添加
    if ($opType == "add") {
        $editArray["CreateTime"] = date("Y-m-d H:i:s");
        if (!DBOper\Insert("GMTUser", $editArray, $find)) {
            $alertMsg = \Lang\gettext("添加失败");
            \Logging\LogError("添加失败" . print_r($editArray, true));
            return false;
        }
        $alertMsg = \Lang\gettext("添加成功");
        \Logging\LogInfo("添加成功" . print_r($editArray, true));
    }
    // 更新
    elseif ($opType == "upd") {
        if (!DBOper\Update("GMTUser", $find, $editArray, true)) {
            $alertMsg = \Lang\gettext("更新失败");
            \Logging\LogError("更新失败" . print_r($editArray, true));
            return false;
        }
        $alertMsg = \Lang\gettext("更新成功");
        \Logging\LogInfo("更新成功" . print_r($editArray, true));
    }
    return true;
}

\Logging\CreateLogging("account.userlist.php");
$Permission = \User\Permission::P_UserMgr;

$alertMsg = "";
$channel = $_SESSION['spid'];
$UserAccount = $_SESSION['UserAccount'];
$user = new \User\User($UserAccount);
if (!$user->HavePermission($Permission)) {
    exit;
}

// echo print_r($_POST, true), "<br/>";
$Organization = array_key_exists("Organization", $_POST) ? $_POST["Organization"] : $user->GetAttr("Organization");

\DBOper\Find("GMTPermissionGroup", array("Organization" => $Organization), $OrganizationPGroups);
$PGroups = array();
foreach ($OrganizationPGroups as $value) {
    array_push($PGroups, $value["GroupName"]);
}

if ($_POST["opType"]) {
    UserEdit($_POST["opType"]);
}

\DBOper\Find("GMTUser", array("Organization" => $Organization), $userArray, null, array("UserLV" => -1));

//显示表格字段配置 key-参数名，value-说明
$tableArray = array(
    "UserAccount" => array(\Lang\gettext("账号"), "10%", "center"),
    "UserLV" => array(\Lang\gettext("账号等级"), "8%", "center"),
    "SPList" => array(\Lang\gettext("可管理AppID列表"), "20%", "center"),
    "PermissionGroups" => array(\Lang\gettext("拥有权限"), "35%", "center"),
    // "CreateTime" => array(\Lang\gettext("创建时间"), "11%", "center"),
    "LoginTime" => array(\Lang\gettext("最近登录"), "11%", "center"),
    "IP" => array("IP", "9%", "center"),
    "" => array(\Lang\gettext("操作"), "", "center"),
);

if ($alertMsg) {
    echo "<script>alert('" . $alertMsg . "')</script>";
}

?>

<html>

<head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
    <title><?php echo \Lang\gettext("账号管理"); ?></title>
    <link rel="stylesheet" type="text/css" href="/css/table.css">
</head>

<body>
    <center>
        <p><b><?php echo \Lang\gettext("账号管理"); ?></b></P>
    </center>

    <?php
    // 超级管理员可管理所有组织
    if ($user->IsAdminSuper()) {
        echo "切换组织: ";
        echo "<select name=\"Organization\" onchange=\"changeOrganization(this.value)\">";
        foreach (\CommFunc\GetAllOrganization() as $value) {
            echo "<option value=\"" . $value . "\"";
            if ($Organization == $value) {
                echo " selected";
            }
            echo ">" . $value . "</option>";
        }
        echo "</select>";
    }
    ?>
    <input type="button" value="<?php echo \Lang\gettext("添加用户"); ?>" onclick="window.location.href='useredit.php?opType=add&Organization=<?php echo $Organization; ?>'" />
    <hr />
    <table width="100%">
        <?php
        if ($userArray) {
            echo "<thead><tr>";
            foreach ($tableArray as $value) {
                echo "<th width=\"" . $value[1] . "\">" . $value[0] . "</td>";
            }
            echo "</tr></thead>";
            $UserLVNameInfo = \User\UserLV::LVNameInfo();
            foreach ($userArray as $userData) {
                echo "<tr class='trc'>";
                $UserAccount = $userData["UserAccount"];
                $UserLV = $userData["UserLV"];
                if ($UserLV == \User\UserLV::ADMIN_SUPER && !$user->IsAdminSuper()) {
                    continue;
                }
                foreach ($tableArray as $key => $value) {
                    if (!$key) {
                        echo "<td align='center'>";
                        echo "&nbsp;<input type=\"button\" value=\"" . \Lang\gettext("改") . "\" onclick=\"window.location.href='useredit.php?opType=upd&UserAccount=$UserAccount'\" />";
                        echo " <input type=\"button\" value=\"" . \Lang\gettext("删") . "\" onclick=\"return suredel('$Organization','$UserAccount')\"/>&nbsp;";
                        echo "</td>";
                        continue;
                    }
                    $tdContent = $userData[$key];
                    if ($key == "UserLV") {
                        $tdContent = $UserLVNameInfo[$tdContent];
                    } else if ($key == "SPList") {
                        if ($UserLV == \User\UserLV::ADMIN_SUPER) {
                            $tdContent = "全部";
                        } else {
                            if ($UserLV == \User\UserLV::ADMIN_ORG) {
                                $tdContent = \CommFunc\GetOrganizationChannel($Organization);
                            }
                            $tdc = "";
                            foreach ($tdContent as $value) {
                                if ($tdc != "") {
                                    $tdc .= "、";
                                }
                                $tdc .= $value;
                            }
                            $tdContent = $tdc;
                        }
                    } else if ($key == "PermissionGroups") {
                        if ($UserLV == \User\UserLV::ADMIN_SUPER) {
                            $tdContent = "全部";
                        } else if ($UserLV == \User\UserLV::ADMIN_ORG) {
                            $tdContent = \Lang\gettext("组织全部权限");
                        } else {
                            $tdc = "";
                            foreach ($tdContent as $value) {
                                if (!in_array($value, $PGroups)) {
                                    continue;
                                }
                                if ($tdc != "") {
                                    $tdc .= "&nbsp;&nbsp;";
                                }
                                $tdc .= $value;
                            }
                            $tdContent = $tdc;
                        }
                    }
                    echo "<td align='" . $value[2] . "'>" . $tdContent . "</td>";
                }
                echo "</tr>";
            }
        } else {
            echo "无账号，请添加!<br/>";
        }
        ?>
    </table>

    <script type="text/javascript">
        function doPost(to, p) { // to:提交动作（action）,p:参数 
            var myForm = document.createElement("form");
            myForm.method = "post";
            myForm.action = to;
            for (var i in p) {
                var myInput = document.createElement("input");
                myInput.setAttribute("name", i); // 为input对象设置name 
                myInput.setAttribute("value", p[i]); // 为input对象设置value 
                myForm.appendChild(myInput);
            }
            document.body.appendChild(myForm);
            myForm.submit();
            document.body.removeChild(myForm); // 提交后移除创建的form 
        }

        function changeOrganization(Organization) {
            doPost("userlist.php", {
                "Organization": Organization
            });
        }

        function suredel(Organization, UserAccount) {
            var confirmstr = "<?php echo \Lang\gettext("确定删除账号？ 目标账号："); ?>";
            if (!window.confirm(confirmstr + UserAccount)) {
                return false;
            }
            doPost("userlist.php", {
                "opType": "del",
                "Organization": Organization,
                "UserAccount": UserAccount,
            });
            return true;
        }
    </script>
</body>

</html>