Area admins approve or reject entries only in their areas

[jberanek]

Hello,

Is there a way to have area admins approve the entries submitted in their area. We have several admins managing several areas and it gets very confusing for them to see a long list of pending requests o approve or reject if they are all given admin permissions. Thanks

Mona

Reported by: mabdelhady

Original Ticket: mrbs/support-requests/1418

[jberanek]

Which authentication scheme arre you using? In other words, what is $auth['type'] set to?

Original comment by: campbell-m

[jberanek]

Sorry, I meant $auth['type']. I'll edit the post above.

Original comment by: campbell-m

[jberanek]

Hello,

Thanks for the quick reply. I'm using:

$auth["type"] = "ldap";

Mona

Original comment by: mabdelhady

[jberanek]

Hi,

I'm using:

$auth["type"] = "ldap";

Mona

Original comment by: mabdelhady

[jberanek]

Would you be happy for the room_admin and area_admin fields to be used to define the booking admins? In other words the email addresses in those fields would define who can approve bookings.

Original comment by: campbell-m

[jberanek]

But they can only see pending booking in their area/ room if they go to the pending list, right?

Original comment by: mabdelhady

[jberanek]

That would work.

Thanks!

Original comment by: mabdelhady

[jberanek]

Hello,

Will it be possible? Thanks again and sorry for the multiple requests.

Original comment by: mabdelhady

[jberanek]

Sorry, I don't think it's going to be possible without a lot of work.

It's relatively easy to change MRBS so that the room_admin and area_admin email addresses are the approval authorities for those rooms and areas.

The difficulty comes with the pending requests. If the room and area admins are not also admins then they won't see any pending requests (apart from those that they have initiated themselves for rooms where they are not admins). If they are also admins then they will see all the pending requests, not just those for their rooms/areas. Changing pending.php would be quite a bit of work, though it would be generally useful.

One thing that may help you in the short term is that that the table of pending requests is sortable by room and area, so that may make it easier for your admins to see their outstanding requests.

Original comment by: campbell-m

[jberanek]

Thanks Campbell. How can I make the room_admin and area_admin email addresses are the approval authorities for those rooms and areas? I hope that pending page changes can be added as a future request.

Thanks,

Mona

Original comment by: mabdelhady

[jberanek]

I can tell you the changes you need to make, but if you do that your room and area admins won't see the bookings that they need to approve in the pending list. Are you sure you want to make these changes?

Original comment by: campbell-m

[jberanek]

How would they approve it then? our prfered way is that admins recive a notifcation on entry submission and they simple click on a link I added in the body of the email to take them to pending page to approve as per the screenshot below:

Original comment by: mabdelhady

Attachments: https://sourceforge.net/p/mrbs/support-requests/_discuss/thread/dec4bbcf/f325/attachment/Screen%20Shot%202018-01-17%20at%2012.19.22%20PM.jpg

[jberanek]

Yes, they'd have to approve via the link in the email notification. They just wouldn't be able to see a complete list of outstanding approval requests on the pending page.

Original comment by: campbell-m

[jberanek]

This is even better! Thanks. How can I do it?

Original comment by: mabdelhady

[jberanek]

OK, I'll have a look at it and get back to you.

Original comment by: campbell-m

[jberanek]

Edit mrbs_auth.inc and replace the function auth_book_admin() with the following:

function auth_book_admin($user, $room)
{
  if (authGetUserLevel($user) >= 2)
  {
    return true;
  }

  $room_details = get_room_details($room);
  $area_details = get_area_details(get_area($room));

  $booking_admin_list = '';

  if (isset($room_details['room_admin_email']))
  {
    $booking_admin_list .= $room_details['room_admin_email'];
  }

  if (isset($area_details['area_admin_email']))
  {
    $booking_admin_list .= $area_details['area_admin_email'];
  }

  $user_email = authGetUserEmail($user);

  return (!empty($user_email) && (strpos($booking_admin_list, $user_email) !== false));
}

I haven't tested this fully, so you may want to try it on a test sytem first.

Original comment by: campbell-m

[jberanek]

Thank you Campbell but it didn't work. When clicking on the link in the body of the email the pending.php page was blank.

Original comment by: mabdelhady

[jberanek]

But there isn't a link to pending.php in the body of the email (unless you've modified it?). The link should be to view_entry.php.

To see what the error is have a look in your PHP error log. If you don't know where that is then, temporarily, add the following lines to the bottom of internalconfig.inc.php:

error_reporting(-1);
ini_set('display_errors', '1');

Original comment by: campbell-m

[jberanek]

Yes, I have modified the body of the email to take them directly to the approval page (very important to our administartors) I can change the link in the email to view_entry.php but there's no approve/reject buttons there.

Original comment by: mabdelhady

[jberanek]

Very sorry! There is!

Original comment by: mabdelhady

[jberanek]

I didn't need to add any code. Only changing the body of the email back to link it to: view_entry.php worked. Thanks.

Original comment by: mabdelhady

[jberanek]

OK, good. Glad it works.

Original comment by: campbell-m

[jberanek]

Actually I'm testing with a top admin not a room_admin so I will give it a try now and let you know.

Original comment by: mabdelhady

[jberanek]

If I'm logged in ad admin the page works but if I'm logged in as room admin the page is blank after adding the code to mrbs_auth.inc

Original comment by: mabdelhady

[jberanek]

Could you look in the error log please (or add those two lines above) to see what the error is?

Original comment by: campbell-m

[jberanek]

This is what I get when I added the two lines:

Deprecated: mysql_pconnect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in /srv/www/cac-eg/misc/htdocs/campusaccess/web/mysql.inc on line 457

Fatal error: Call to undefined function get_room_details() in /srv/www/cac-eg/misc/htdocs/campusaccess/web/mrbs_auth.inc on line 226

Original comment by: mabdelhady

[jberanek]

Could you add the following line to mrbs_auth.inc please at line 6 (just after the other require statement):

require_once 'mrbs_sql.inc';

That should get rid of the fatal error. The deprecated error won't stop MRBS working, but will mean that your code won't work on PHP7. I don't think it comes from MRBS as all calls to mysql_pconnect() have been rewritten. I think it maybe comes from some custom code that you have?

Original comment by: campbell-m

[jberanek]

Sorry for the late reply. Samething, a blank page if logged in as room admin to view entry after adding the code and require_once 'mrbs_sql.inc';

Original comment by: mabdelhady

[jberanek]

What is the error you get when you add those two lines?

Original comment by: campbell-m

[jberanek]

Same error:

Deprecated: mysql_pconnect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in /srv/www/cac-eg/misc/htdocs/campusaccess/web/mysql.inc on line 457

Fatal error: Call to undefined function get_room_details() in /srv/www/cac-eg/misc/htdocs/campusaccess/web/mrbs_auth.inc on line 227

Original comment by: mabdelhady

[jberanek]

Which version of MRBS are you using?

Original comment by: campbell-m

[jberanek]

How can I tell?

Original comment by: mabdelhady

[jberanek]

The information is on the Help page.

Original comment by: campbell-m

[jberanek]

MRBS 1.4.8

Original comment by: mabdelhady

[jberanek]

Ah! That explains both of the errors.

I think the best thing to do is to upgrade to the latest version of MRBS which is 1.7.0. This will involve an upgrade of the database which will happen automatically. Before you upgrade you should (a) take a back-up of your database and (b) take a back-up of your web folder, in case anything goes wrong.

After you have upgraded you will need to reapply all the custom changes that you have made.

Full instructions are in the UPGRADE document which you will find in the 1.7.0 distribution.

Original comment by: campbell-m

[jberanek]

Can this be done without the upgrade? I have made some changes to fit our needs in the system and I'm afraid I will lose it. I can do the upgrade over the summer when no one is around not right after we lanched the system this week.

Original comment by: mabdelhady

[jberanek]

Yes, I will let you know what to do later.

Original comment by: campbell-m

[jberanek]

Can you add the following code to the bottom of mrbs_auth.inc, just before the '?>' line:

// Get all the room details for $room_id.
// Returns FALSE on error, NULL if $room_id does not exist.
function get_room_details($room_id)
{
  global $tbl_room;

  $res = sql_query("SELECT * FROM $tbl_room WHERE id=$room_id LIMIT 1");

  if (!$res)
  {
    return null;
  }

  return sql_row_keyed($res, 0);
}

// Get all the area details for $area_id.
// Returns NULL if $area_id does not exist.
function get_area_details($area_id)
{
  global $tbl_area;

  $res = sql_query("SELECT * FROM $tbl_area WHERE id=$area_id LIMIT 1");

  if (!$res)
  {
    return null;
  }

  return sql_row_keyed($res, 0);
}

function authGetUserEmail($user)
{
  return authLdapGetEmail($user);
}

Original comment by: campbell-m

[jberanek]

Plus the other code or just this?

Original comment by: mabdelhady

[jberanek]

Plus the other code.

Original comment by: campbell-m

[jberanek]

You are a star! Thank you sooooooo much! this solution worked.

Original comment by: mabdelhady

[jberanek]

Good - glad it's working. Make sure you upgrade to the latest release in the summer though - there are lots of bug fixes, enhancements and security fixes.

Original comment by: campbell-m

[jberanek]

Will do. Thanks again!

Original comment by: mabdelhady

[jberanek]

One last question regarding this request, since multiple people will be approving entries is there a way to tell who approved any entry? Thanks.

Original comment by: mabdelhady

[jberanek]

The name of the approver isn't recorded in the database. However one thing you could do is add a special email address to the list of (general) admin email addresses so that you get a record of all transactions in that email account. Then if there's a query about who approved, or even deleted, an entry, you could search that email account.

Original comment by: campbell-m