aGroupUsers.prg

<?php
/**
 *  @package GroupHub
 *  @author MGHandy
 *
 *  @uses use this script to interact with the Group Settings feature of the Group Hub.
 *  This script allows for printing of the needed html/javascript content, and
 *  manipulation of the group information data such as group profile, and group name.
 *
 *  @param operation string : determines what action to take with the script.
 *  operation = "" will print the needed html/javascript content.
 *  @param payload string : string containing the encrypted group data
 *  needed by each of the different actions.
 *  @param gSettings string : json encoded string of data to be updated. Updates to group name and *  profile happend all at one time.
 *
 *  @return json encoded data
 */

require_once("$admLibrary/aGroupSupport.i");

try {
  $admVars = array();
  $admOk = array(
    "operation" => array("filter" => FILTER_SANITIZE_STRING),
    "payload" => array("filter" => FILTER_SANITIZE_STRING),
    "gRefresh" => array("filter" => FILTER_SANITIZE_STRING),
    "gPrimary" => array("filter" => FILTER_SANITIZE_STRING),
  );
  HCU_ImportVars($admVars, "GROUP_USERS", $admOk);

  $uOperation = isset($admVars["GROUP_USERS"]["operation"]) ? $admVars["GROUP_USERS"]["operation"] : null;
  $uPayload = isset($admVars["GROUP_USERS"]["payload"]) ? $admVars["GROUP_USERS"]["payload"] : null;
  $uRefresh = isset($admVars["GROUP_USERS"]["gRefresh"]) ? $admVars["GROUP_USERS"]["gRefresh"] : null;
  $uPrimary = isset($admVars["GROUP_USERS"]["gPrimary"]) ? $admVars["GROUP_USERS"]["gPrimary"] : null;

  // decrypt payload only if there is one
  // payload won't exist if operation is empty
  // operation empty means just load card content
  $uGroup = $uPayload ?
    GroupDecrypt($SYSENV, $Cu, $uPayload) :
    null;

  // load context depending on payload existence.
  $uContext = $uPayload ?
    GroupContext($SYSENV, $Cu, $uGroup['group']) :
    GroupContext($SYSENV, $Cu);

  $aryResult = array();
  $aryReply = array();

  switch ($uOperation) {
    case "":
      PrintGroupUsers();
      break;
    case "groupReadUsers":
      header('Content-type: application/json');
      $gUsers = GroupReadUsers($SYSENV, $dbh, $uContext);

      $aryResult['data']['users'] = $gUsers['users'];
      GroupReply($aryResult, $aryReply, $uOperation);
      break;
    case "groupCleanUser":
      header('Content-type: application/json');
      $gValidate = GroupValidateUsers($SYSENV, $uRefresh);
      $gUser = GroupCleanUser($SYSENV, $dbh, $uContext, $gValidate['user']);
      $gUsers = GroupReadUsers($SYSENV, $dbh, $uContext);
      $aryResult['data']['users'] = $gUsers['users'];
      $aryResult['info'][] = $gUser['message'];
      GroupReply($aryResult, $aryReply, $uOperation);
      break;
    case "groupUpdatePrimary":
      header('Content-type: application/json');
      $gValidate = GroupValidateUsers($SYSENV, $uPrimary);

      if ($gValidate['primary']['mpl']) {
        // clean up multiple primary users
        $gPrimary = GroupCleanPrimary($SYSENV, $dbh, $uContext, $gValidate['primary']);
      } else {
        // set primary user
        $gPrimary = GroupUpdatePrimary($SYSENV, $dbh, $uContext, $gValidate['primary']);
      }

      // read users again to get correct sub account access readings
      // for new primary user.
      $gUsers = GroupReadUsers($SYSENV, $dbh, $uContext);
      $aryResult['data']['users'] = $gUsers['users'];
      $aryResult['info'][] = $gPrimary['message'];

      // reselect group for correct primary  user
      $uContext['g_name'] = $uGroup['group']['g_name'];
      $gGroup = GroupSelect($SYSENV, $dbh, $uContext);
      $gEncrypt = GroupEncrypt($SYSENV, $Cu, $uGroup);
      $aryResult['data']['group'] = $gGroup;
      $aryResult['data']['encrypt'] = $gEncrypt;

      GroupReply($aryResult, $aryReply, $uOperation);
      break;
    default:
      throw new Exception("Unknown server request: " . $uOperation);
      break;
  }

} catch (Exception $e) {
  $aryReply['errors'][] = $e->getMessage();
  $aryResult['data'] = array();
  $aryResult['info'] = array();

  GroupReply($aryResult, $aryReply, $uOperation);
  exit;
}

/**
 *  GroupValidateInfo:
 *  @uses validate the incoming data to be updated. this function will take the incoming
 *  old/new primary users and set them to valid values
 *  to be inserted or updated int the database.
 *
 *  @param $pEnv array : environment variable for debugging
 *  @param $pInfo string : json encoded data to be updated
 *
 *  @return $vInfo array : array of savable data seperated into individual update values.
 */
function GroupValidateUsers($pEnv, $pUsers) {
  $gUsers = html_entity_decode($pUsers, ENT_QUOTES);
  $gUsers = json_decode($gUsers, true);
  $vUsers = array();

  if (isset($gUsers['uId'])) {
    $vUsers['user'] = intval($gUsers['uId']);
  }

  if (isset($gUsers['uPrimary'])) {
    $vUsers['primary']['new'] = "";
    $vUsers['primary']['old'] = "";

    foreach ($gUsers['uPrimary']['uNew'] as $key => $value) {
      $vUsers['primary']['new'] .= $value;
      $vUsers['primary']['new'] .= ",";
    }

    foreach ($gUsers['uPrimary']['uOld'] as $key => $value) {
      $vUsers['primary']['old'] .= $value;
      $vUsers['primary']['old'] .= ",";
    }

    $vUsers['primary']['new'] = rtrim($vUsers['primary']['new'], ",");
    $vUsers['primary']['old'] = rtrim($vUsers['primary']['old'], ",");
    $vUsers['primary']['mpl'] = $gUsers['uPrimary']['uMpl'] ? true : false;
  }

  return $vUsers;
}

/**
 *  GroupCleanPrimary:
 *  @uses this function is used to clean up the primary users if there are multiple for this group.
 *  the only action taken is to set only a single primary user selected by the admin,
 *  and set the rest to false.
 *
 *  @param $pEnv array : environment variable for debugging
 *  @param $pDbh object : database access
 *  @param $pContext array : array containing decrypted group data and table identifiers.
 *  @param $pPrimary array : array of validated data containing new and old primary users.
 *
 *  @return $sqlReturn array : new primary user data
 */
function GroupCleanPrimary($pEnv, $pDbh, $pContext, $pPrimary) {
  if ($pPrimary == null || $pPrimary == "") { return array(); }

  $gId = $pContext['g_id'];
  $pId = $pContext['p_id'];
  $cuTable = $pContext['cu_table'];
  $cuCode = $pContext['cu_code'];

  $uOldId = $pPrimary['old'];
  $uNewId = $pPrimary['new'];

  // cleaning up only requires that we set a single primary user
  // and releive all others of their status of primary.
  $sqlReturn = array();
  $sqlUpdate = "
    UPDATE {$cuTable}user
    SET is_group_primary = 'TRUE'
    WHERE user_id IN ($uNewId);

    UPDATE {$cuTable}user
    SET is_group_primary = 'FALSE'
    WHERE user_id IN ($uOldId);";
  $sqlUpdateRs = db_query($sqlUpdate, $pDbh);
  if (!$sqlUpdateRs) {
    throw new Exception("Failed to correct the primary user status.");
  }

  $sqlReturn['message'] = "Primary owner status has been corrected successfully.";
  return $sqlReturn;
}

/**
 *  GroupUpdatePrimary:
 *  @uses this function allows for updating a group's primary user. The update will
 *  take all sub-accounts the current primary user has and copy them to the new primary.
 *  All group account rights from the current primary will also be copied and given to the
 *  new primary after the new primary has been relieved of their current group rights.
 *
 *  The primary flags for both users will then be swapped.
 *
 *  @param $pEnv array : environment variable for debugging
 *  @param $pDbh object : database access
 *  @param $pContext array : array containing decrypted group data and table identifiers.
 *  @param $pPrimary array : array of validated data containing new and old primary users.
 *
 *  @return $sqlReturn array : new primary user data
 */
function GroupUpdatePrimary($pEnv, $pDbh, $pContext, $pPrimary) {
  if ($pPrimary == null || $pPrimary == "") { return array(); }

  $gId = $pContext['g_id'];
  $pId = $pContext['p_id'];
  $cuTable = $pContext['cu_table'];
  $cuCode = $pContext['cu_code'];

  $uOldId = $pPrimary['old'];
  $uNewId = $pPrimary['new'];

  // get all rows from the old primary user,
  // label the rows that exist in the new as _update
  // label the rows that do not exists in new as _insert
  $sqlReturn = array();
  $sqlColumnsUnique = "
    accountnumber, accounttype, certnumber, recordtype";
  $sqlColumns = "
    display_name,display_order,display_qty,display_qty_type,
    int_deposit,int_withdraw,ext_deposit,ext_withdraw,
    view_balances,view_transactions";
  $sqlWhere = "
    SELECT $sqlColumnsUnique
    FROM {$cuTable}useraccounts
    WHERE user_id = $uNewId";
  $sqlSelect = "
    SELECT '_update' AS action, $sqlColumnsUnique, $sqlColumns
    FROM {$cuTable}useraccounts
    WHERE user_id = $uOldId
      AND ($sqlColumnsUnique) IN ($sqlWhere)

    UNION

    SELECT '_insert' AS action, $sqlColumnsUnique, $sqlColumns
    FROM {$cuTable}useraccounts
    WHERE user_id = $uOldId
      AND ($sqlColumnsUnique) NOT IN ($sqlWhere)";
  $sqlSelectRs = db_query($sqlSelect, $pDbh);
  if (!$sqlSelectRs) {
    $pEnv['logger']->error(db_last_error());
    throw new Exception("Failed to read user accounts.");
  }

  // build query to update/insert rows to not primary user
  // from old primary user.
  $sqlAcctInsert = "";
  $sqlAcctUpdate = "";
  if (db_fetch_all($sqlSelectRs)) {
    foreach (db_fetch_all($sqlSelectRs) as $key => $value) {

      $sqlAction = $value['action'];

      $sqlValuesUnique = "";
      $sqlValuesUnique .= "'". prep_save($value['accountnumber'], 12) ."',";
      $sqlValuesUnique .= "'". prep_save($value['accounttype'], 25) ."',";
      $sqlValuesUnique .= intval($value['certnumber']) .",";
      $sqlValuesUnique .= "'". prep_save($value['recordtype'], 1) ."'";

      $sqlValues = "";
      $sqlValues .= "'". prep_save($value['display_name'], 255) ."',";
      $sqlValues .= intval($value['display_order']) .",";
      $sqlValues .= intval($value['display_qty']) .",";
      $sqlValues .= "'". prep_save($value['display_qty_type'], 1) ."',";
      $sqlValues .= $value['int_deposit'] == "t" ? "TRUE," : "FALSE,";
      $sqlValues .= $value['int_withdraw'] == "t" ? "TRUE," : "FALSE,";
      $sqlValues .= $value['ext_deposit'] == "t" ? "TRUE," : "FALSE,";
      $sqlValues .= $value['ext_withdraw'] == "t" ? "TRUE," : "FALSE,";
      $sqlValues .= $value['view_balances'] == "t" ? "TRUE," : "FALSE,";
      $sqlValues .= $value['view_transactions'] == "t" ? "TRUE" : "FALSE";

      if ($sqlAction == "_insert") {
        $sqlAcctInsert .= "
          INSERT INTO {$cuTable}useraccounts (user_id, $sqlColumnsUnique, $sqlColumns)
          VALUES ($uNewId, $sqlValuesUnique, $sqlValues);";
      } else if ($sqlAction == "_update") {
        $sqlAcctUpdate .= "
          UPDATE {$cuTable}useraccounts
          SET ($sqlColumns) = ($sqlValues)
          WHERE (user_id, $sqlColumnsUnique) = ($uNewId, $sqlValuesUnique);";
      }
    }
  }

  // delete all member account rights for this user.
  $sqlMbrRightsDelete = "
    DELETE FROM {$cuTable}memberacctrights
    WHERE user_id = $uNewId";

  // set member account rights from old primary to new primary.
  $sqlMbrRightsUpdate = "
    UPDATE {$cuTable}memberacctrights
    SET (user_id) = ($uNewId)
    WHERE user_id = $uOldId";

  // set primary flag for new user to true.
  $sqlNewPrimaryUpdate = "
    UPDATE {$cuTable}user
    SET (is_group_primary) = ('TRUE')
    WHERE user_id = $uNewId";

  // set primary flag for old user to false.
  $sqlOldPrimaryUpdate = "
    UPDATE {$cuTable}user
    SET (is_group_primary) = ('FALSE')
    WHERE user_id = $uOldId";

  // begin transaction
  // on failure will reset all altered data.
  try {
    $sqlTrans = "BEGIN TRANSACTION";
    $sqlTransRs = db_query($sqlTrans, $pDbh);


    if (trim($sqlAcctInsert) != "") {
      $sqlAcctInsertRs = db_query($sqlAcctInsert, $pDbh);
      if (!$sqlAcctInsertRs) {
        $pEnv['logger']->error(db_last_error());
        throw new Exception("Failed to add sub-accounts for the selected user.");
      }
    }

    if (trim($sqlAcctUpdate) != "") {
      $sqlAcctUpdateRs = db_query($sqlAcctUpdate, $pDbh);
      if (!$sqlAcctUpdateRs) {
        $pEnv['logger']->error(db_last_error());
        throw new Exception("Failed to update sub-accounts for the selected user.");
      }
    }

    $sqlMbrRightsDelete = db_query($sqlMbrRightsDelete, $pDbh);
    if (!$sqlMbrRightsDelete) {
      $pEnv['logger']->error(db_last_error());
      throw new Exception("Failed to delete member account rights for the selected user.");
    }

    $sqlMbrRightsUpdate = db_query($sqlMbrRightsUpdate, $pDbh);
    if (!$sqlMbrRightsUpdate) {
      $pEnv['logger']->error(db_last_error());
      throw new Exception("Failed to update member account rights for the selected user.");
    }

    $sqlOldPrimaryUpdate = db_query($sqlOldPrimaryUpdate, $pDbh);
    if (!$sqlOldPrimaryUpdate) {
      $pEnv['logger']->error(db_last_error());
      throw new Exception("Failed to update current primary user status to non-primary user.");
    }

    $sqlNewPrimaryUpdate = db_query($sqlNewPrimaryUpdate, $pDbh);
    if (!$sqlNewPrimaryUpdate) {
      $pEnv['logger']->error(db_last_error());
      throw new Exception("Failed to update selected user status to primary user.");
    }



    $sqlTrans = "COMMIT TRANSACTION";
    $sqlTransRs = db_query($sqlTrans, $pDbh);
  } catch (Exception $e) {
    $pEnv['logger']->error(db_last_error());
    // transaction failed, rollback
    $sqlTrans = "ROLLBACK TRANSACTION";
    $sqlTransRs = db_query($sqlTrans, $pDbh);
    throw new Exception($e->getMessage());
  }

  $sqlReturn['message'] = "Primary user has been updated successfully.";
  return $sqlReturn;
}

/**
 *  GroupCleanUser:
 *  @uses this function is used to clean up a user with more account access
 *  than the current primary user. if the selected user has access to more sub-accounts
 *  than the current primary user, the accounts will be removed from this user leaving only
 *  those which the primary has access to.
 *
 *  @param $pEnv array : environment variable for debugging
 *  @param $pDbh object : database access
 *  @param $pContext array : array containing decrypted group data and table identifiers.
 *  @param $pUser array : the user to be cleaned.
 *
 *  @return $sqlReturn array : new primary user data
 */
function GroupCleanUser($pEnv, $pDbh, $pContext, $pUser) {
  if ($pUser == null || $pUser == "") { return array(); }

  $gId = $pContext['g_id'];
  $pId = $pContext['p_id'];
  $cuTable = $pContext['cu_table'];
  $cuCode = $pContext['cu_code'];
  $cuUser = $pUser;

  $sqlReturn = array();
  $sqlSub = "
    SELECT sa.accountnumber, sa.accounttype, sa.certnumber
    FROM ${cuCode}useraccounts sa
    INNER JOIN ${cuCode}user su
      ON su.user_id = sa.user_id
      AND su.group_id = $gId
      AND su.is_group_primary = 'TRUE'";
  $sqlDelete = "
    DELETE FROM ${cuCode}useraccounts a
    WHERE user_id = $cuUser
      AND (a.accountnumber, a.accounttype, a.certnumber) NOT IN ($sqlSub)";
  $sqlDeleteRs = db_query($sqlDelete, $pDbh);
  if (!$sqlDeleteRs) {
    throw new Exception("Failed to reset this user's account access.");
  }

  $sqlReturn['message'] = "User account access has been successfully cropped.";
  return $sqlReturn;
}

/**
 *  GroupReadUsers:
 *  @uses this function allows for reading list of users that belong to this group.
 *  this will also gather a list fo each users accounts to determine if one has more
 *  access than the current primary user.
 *
 *  @param $pEnv array : environment variable for debugging
 *  @param $pDbh object : database access
 *  @param $pContext array : array containing decrypted group data and table identifiers.
 *
 *  @return $sqlReturn array : list of users in this group
 */
function GroupReadUsers($pEnv, $pDbh, $pContext) {
  $gId = $pContext['g_id'];
  $pId = $pContext['p_id'];
  $cuTable = $pContext['cu_table'];
  $cuCode = $pContext['cu_code'];

  $sqlReturn = array();
  $sqlData = array();
  $sqlColumns = "
    u.user_id AS u_id,
    u.user_name AS u_name,
    u.is_group_primary AS u_primary";
  $sqlSelect = "SELECT $sqlColumns
    FROM {$cuTable}user u
    WHERE u.group_id = $gId
    ORDER BY u.user_name";
  $sqlSelectRs = db_query($sqlSelect, $pDbh);
  if (!$sqlSelectRs) {
    $pEnv['logger']->error(db_last_error());
    throw new Exception("Failed to read group users.");
  }
  $sqlData['users'] = db_fetch_all($sqlSelectRs);
  $sqlData['primary'] = array();
  if (count($sqlData['users']) > 0) {
    foreach ($sqlData['users'] as $keyU => $valueU) {
      if ($valueU['u_primary'] == "t") {
        $sqlData['primary'][] = $valueU['u_id'];
      }
      $sqlData['users'][$keyU]['a_count'] = 0;
      $uPayload = readUserSearch($pDbh, $cuCode, array(
        "a" => array ("username"=>$valueU['u_name'])
      ));
      $sqlData['users'][$keyU]['u_payload'] = urlencode($uPayload['encryption']);
    }

    $aCount = 0;
    $cCount = 0;
    foreach ($sqlData['users'] as $keyU => $valueU) {
      if ($valueU['u_primary'] == "t") {

      } else {
        foreach ($sqlData['primary'] as $keyP => $valueP) {
          $sqlColumns = "
            accountnumber,
            accounttype,
            recordtype";
          $sqlSub = "
            SELECT $sqlColumns
            FROM {$cuTable}useraccounts
            WHERE user_id = '$valueP'";
          $sqlSelect = "
            SELECT COUNT(*)
            FROM {$cuTable}useraccounts
            WHERE user_id = '{$valueU['u_id']}'
              AND ($sqlColumns) NOT IN ($sqlSub)";

          $sqlSelectRs = db_query($sqlSelect, $pDbh);
          if (!$sqlSelectRs) {
            $pEnv['logger']->error(db_last_error());
            throw new Exception("Failed to read account access between primary and non-primary users.");
          }
          $cCount += db_fetch_assoc($sqlSelectRs, 0)['count'];
          $aCount += $cCount;
          $sqlData['users'][$keyU]['a_count'] = $cCount;
        }
        $cCount = 0;
      }
    }

    foreach ($sqlData['users'] as $key => $value) {
      $sqlData['users'][$key]['o_count'] = $aCount;
    }
  }
  unset($sqlData['primary']);
  $sqlReturn['users'] = $sqlData['users'];
  return $sqlReturn;
}
?>
<?php
/**
 *  PrintGroupSettings:
 *  @uses this function allows for printing the html/javascript content needed to interact
 *  with the group settings feature.
 */
function PrintGroupUsers() { ?>
<div id="guUsers">
  <div id="status"></div>
  <div class="col-sm-12">&nbsp;</div>
  <div class="well well-sm col-sm-12">
    <div data-bind="visible: showPrimaryWarning">
      <p>
        <span class="fa fa-exclamation-triangle" style="color: #ff9800;"></span>
         This group has multiple primary users. Please correct this by selecting a single user below.
      </p>
    </div>
    <div data-bind="visible: showAccessWarning">
      <p>
        <span class="fa fa-exclamation-triangle" style="color: #ff9800;"></span>
         This group has users with access to sub-accounts which the primary owner does not have. Please correct this by clicking the crop button to the right of each row.
      </p>
    </div>
    <div id="guUserGrid"
      data-role="grid"
      data-selectable="row"
      data-no-records="No users were found for this group"
      data-bind="
        source: users,
        events: { change: change, dataBound: grid }"
      data-columns="[
        { field: 'u_name', title: 'User Name',
          template: '<a href=\'main.prg?ft=22&payload=#= u_payload #\'>#= u_name # <i class=\'fa fa-user\'></i></a>' },
        { field: 'u_primary', title: 'Primary User',
          template: '<input id=\'USER_#=u_id#\' type=\'checkbox\' style=\'margin-top: -2px;\'>'},
        { title: ' ',
          attributes: { class: 'text-right' },
          template: '#if(a_count > 0 && !u_primary){#<button class=\'k-button fa fa-crop\' style=\'min-width: 25px;\'></button>#}#' }
      ]">
    </div>
  </div>

  <div class="hcu-template">
    <div class="hcu-edit-buttons k-state-default">
      <span class="hcu-icon-delete"></span>
      <a href="##" id="lnkCancel">Cancel</a>
      &ensp;
      <a href="##" id="btnUpdate" class="k-button k-primary">
        <i class="fa fa-check fa-lg"></i>
        Update
      </a>
    </div>
  </div>
</div>

<div id="guDiscard"></div>
<div id="guNotifyPrimary"></div>
<div id="guNotifyRefreshFail"></div>
<div id="guNotifyRefresh"></div>
<?php
/**
 *  @package GroupUsers:
 *  @uses This object is used to display and interact with the group settings feature.
 *
 *  @var Init public:       public call to initialize data/view/action objects
 *  @var Data public:       public call to set/reset encrypted data
 *  @var Open public:       public call to open the group rights module/window
 *  @var Close public:      public call to close the group rights module/window
 *
 *  @var InitDataSources    private: initialize all needed data sources/objects
 *  @var InitDataViews      private: initialize all data views/html elements
 *  @var InitDataActions    private: initialize all user actions on html.
 *
 *  @var EventOpenDialog    private: open kendoDialog/kendoWindow objects
 *  @var EventClosedialog   private: close kendoDialog/kendoWindow objects
 *  @var EventPopDialog     private: remove the correct window from the window stack.
 *
 *  @var EventOpenInfo    private: send request to read/open group info
 *  @var EventCancelInfo  private: close group rights window, canceling changes
 *  @var EventUpdateInfo  private: send crud request for group info, profile and primary
 *    user updates.
 *  @var Event*             private: the other event functions not listed above are custom
 *    calls for kendo bjects and other helper functions that are explained by the
 *    function name.
 *
 *  @var Validate*          private: these functions facilitate validation of particular
 *    pieces of the interface. Uses explained by function name.
 *
 *  @var DataBuild*         private: these functions facilitate re-constructing data for
 *    proper use in the other js functions and html displays.
 *
 *  @var Action*            private: these functions are calls from kendoDialog actions
 *    uses explained by function name.
 *
 *  @var ClearGroupInfo     private: clear information displayed in the information bar.
 *  @var ShowGroupInfo      private: show any information return by the server.
 */
?>
<script type="text/javascript">
//# sourceURL=groupUsers.js

var GroupUsers = function() {
  var guCardContainer = null;
  var guCardWindows = null;

  var guPayload = null;
  var guGroup = null;
  var guCall = null;
  var guAction = null;
  var guDataSource = null;

  var guUsers = null;
  var guDiscard = null;
  var guNotifyPrimary = null;
  var guNotifyRefresh = null;
  var guNotifyRefreshFail = null;
  var guObserve = null;
  var guTooltip = null;

  var DataBuildUsers = function(data) {
    var list = [];
    var build = {
      o_primary: [],
      e_primary: []
    };
    for (var i = 0; i < data.length; i++) {
      var user = {
        u_id: parseInt(data[i].u_id),
        u_name: data[i].u_name ? data[i].u_name.trim() : "",
        u_payload: data[i].u_payload ? data[i].u_payload.trim() : "",
        u_primary: data[i].u_primary == "t" ? true : false,
        a_count: parseInt(data[i].a_count),
        o_count: parseInt(data[i].o_count)
      };

      if (user.u_primary) {
        build.o_primary.push(user.u_id);
        build.e_primary.push(user.u_id);
      }

      list.push(user);
    }

    guObserve.set("source", build);
    guObserve.set("users", list);
    guObserve.set("showPrimaryWarning", (build.o_primary.length > 1));
    if (list.length > 0) {
      guObserve.set("showAccessWarning", (list[0].o_count > 0));
    }
  }

  var ValidateUsers = function() {
    var source = guObserve.source;
    var user_e = source.e_primary;
    var user_o = source.o_primary;

    source.e_dirty = false;
    for (var i = 0; i < user_o.length; i++) {
      if ($.inArray(user_o[i], user_e) == -1) {
        source.e_dirty = true;
        break;
      }
    }

    return !source.e_dirty;
  }

  var EventShowTip = function(e) {
    var targetContent = "This user cannot be selected as a primary group owner.";

    return targetContent;
  }

  var EventCheckboxChange = function(e) {
    var box = $(e);
    var boxValue = $(box).prop("checked");
    var boxId = box.attr("id");
    var uId = boxId.substring(5, boxId.length);
    uId = parseInt(uId);

    if (boxValue || guObserve.source.e_primary.length > 1) {
      guObserve.source.e_primary = [];
      guObserve.source.e_primary.push(uId);

      $("#guUserGrid input[type=checkbox]").each(function() {
        $(this).prop("checked", false);
      });
    }

    if (guObserve.source.e_primary.length > 1) {
      $(box).prop("checked", true);
    } else if (boxValue) {
      $(box).prop("checked", boxValue);
    } else {
      $(box).prop("checked", !boxValue);
    }

    ValidateUsers();
    if (guObserve.source.e_dirty &&
        guObserve.source.e_primary.length == 1) {
      guNotifyPrimary.open();
    }
  }

  var EventUpdateUsers = function() {
    var groupData = {};
    var source = guObserve.source;

    if (!ValidateUsers()) {
      // change to primary user
      if (source.e_dirty) {
        groupData.uPrimary = {
          uMpl: source.o_primary.length > 1,
          uNew: source.e_primary,
          uOld: source.o_primary.filter(function(e) {
            return source.e_primary.indexOf(e) < 0;
          })
        };
      }

      var groupRequest = {
        operation: "groupUpdatePrimary",
        payload: guPayload,
        gPrimary: JSON.stringify(groupData)
      };

      guDataSource.transport.options.read.type = "POST";
      guDataSource.read(groupRequest);
    }
  }

  var EventOpenWindow = function(e) {
    var windowElement = this.element[0];
    var windowId = windowElement.id;

    switch (windowId) {

    }

    guCardWindows.push(this);
  }

  var EventCloseWindow = function(e) {
    var windowElement = this.element[0];
    var windowId = windowElement.id;

    switch (guAction) {
      case "discardConfirm":
        EventPopWindow(windowId);

        var sourceUsers = guObserve.source;

        // reset users
        sourceUsers.e_primary = sourceUsers.o_primary;

        guAction = null;
        guUsers.close();
        break;
      case "notifyRefresh":
        EventPopWindow(windowId);

        var groupRequest = {
          operation: "groupCleanUser",
          payload: guPayload,
          gRefresh: JSON.stringify({uId: guObserve.refreshUser.u_id})
        };

        guDataSource.transport.options.read.type = "POST";
        guDataSource.read(groupRequest);
        break;
      default:
        if (windowId == "guUsers") {
          if (!ValidateUsers()) {
            e.preventDefault();
            guDiscard.open();
          } else {
            EventPopWindow(windowId);
            // reset validator for hub script
            $.homecuValidator.setup({
              formStatusField: "formStatus",
              formValidate: "cardContainerDiv"
            });
          }
        } else {
          EventPopWindow(windowId);
        }
        break;
    }

    guAction = null;
  }

  var EventPopWindow = function(windowId) {
    var popIndex = -1;
    for (var i = 0; i < guCardWindows.length; i++) {
      var openWindow = guCardWindows[i].element[0];
      var openId = openWindow.id;

      if (openId == windowId) {
        popIndex = i;
        break;
      }
    }

    if (popIndex > -1) {
      guCardWindows.splice(popIndex, 1);
    }
  }

  var InitDataSources = function() {
    guDataSource = new kendo.data.DataSource({
      transport: {
        read: {
          url: "main.prg",
          dataType: "json",
          contentType: "application/x-www-form-urlencoded",
          type: "GET",
          data: {
            ft: "102105"
          },
          cache: false
        }
      },
      requestStart: function(request) {
        showWaitWindow();
      },
      requestEnd: function(response) {
        setTimeout(hideWaitWindow, 500);
        if (response.hasOwnProperty("response")) {
          if (response.response.hasOwnProperty("Results")) {
            var results = response.response.Results;

            if (results.hasOwnProperty("error")) {
              $.homecuValidator.homecuResetMessage = true;
              $.homecuValidator.displayMessage(results.error, $.homecuValidator.settings.statusError);
            } else if (results.hasOwnProperty("info")) {
              $.homecuValidator.homecuResetMessage = true;
              $.homecuValidator.displayMessage(results.info, $.homecuValidator.settings.statusSuccess);
            }
          } else {
            $.homecuValidator.displayMessage("Error Parsing Server", $.homecuValidator.settings.statusError);
          }
        } else {
          $.homecuValidator.displayMessage("Error Parsing Server", $.homecuValidator.settings.statusError);
        }
      },
      schema: {
        parse: function(response) {

          var results = null;
          var resultData = null;
          var resultOperation = null;

          if (response.hasOwnProperty("Results")) {
            results = response.Results;
            resultData = results.data;
            resultOperation = results.operation;
          }

          if (results.hasOwnProperty("errors")) {
            return [];
          }

          if (resultData == undefined || resultData == null) {
            return [];
          }

          setTimeout(function() {
            switch (resultOperation) {
              case "groupReadUsers":
                DataBuildUsers(resultData.users);
                var template= kendo.template($("#titleTemplate").html());
                guGroup.cardTitle= "Group Users";
                guUsers.title(template(guGroup)).center().open();
                break;
              case "groupCleanUser":
                DataBuildUsers(resultData.users);
                break;
              case "groupUpdatePrimary":
                DataBuildUsers(resultData.users);

                guPayload = resultData.encrypt;
                guGroup = resultData.group.group;
                guCall("updateGroupInfo", resultData.group);
                guCall("updateGroupEncrypt", resultData.encrypt);

                // reset primary user for validation
                guObserve.source.o_primary = guObserve.source.e_primary;
                ValidateUsers();
                break;
            }
          }, 500);

          return [];
        }
      }
    });
  }

  var InitDataViews = function() {
    guUsers = $("#guUsers").kendoWindow({
      title: "Group Users",
      width:"75%",
      minWidth: "300px",
      maxWidth: "750px",
      modal: true,
      visible: false,
      resizable: false,
      activate: EventOpenWindow,
      close: EventCloseWindow,
      open: function() {
        this.wrapper.css({ top: 100 });
      }
    }).data("kendoWindow");

    guObserve = new kendo.observable({
      refreshUser: null,
      showPrimaryWarning: false,
      showAccessWarning: false,
      source: null,
      users: [],
      grid: function() {
        $('#guUserGrid input[type=checkbox]').off();
        $('#guUserGrid input[type=checkbox]').css("cursor", "pointer");
        $('#guUserGrid input[type=checkbox]').change(function(e) {
          EventCheckboxChange(e.target);
        });

        $("#guUserGrid tr").each(function(i) {
          if (i > 0) {
            var row = $(this);
            var rowItem = $("#guUserGrid").data("kendoGrid").dataItem(row);

            // set primary to checked
            if (rowItem.u_primary) {
              row.find("input[type=checkbox]").prop("checked", true);
            }

            // set disabled if primary count is above 1 or
            // set disabled if account access is wack
            // set click event for refresh button
            if (!rowItem.u_primary) {
              if ((guObserve.source.o_primary.length > 1 || rowItem.o_count > 0)) {
                row.addClass("cleanup");
                row.find("td:eq(1)").css("cursor", "not-allowed"); <?php // Let's only prevent this on the column of the primary user. ?>
                row.find("input[type=checkbox]").prop("disabled", true);
                row.find("input[type=checkbox]").css("cursor", "not-allowed");
                row.find("button").on("click", function(e) {
                  // cannot reset user account access if multiple
                  // primary owners exist
                  if (guObserve.source.e_primary.length > 1) {
                    guNotifyRefreshFail.open();
                  } else {
                    guObserve.set("refreshUser", rowItem);
                    guNotifyRefresh.open();
                  }
                });
              }
            }
          }
        });
      },
      change: function() {
        var grid = $("#guUserGrid").data("kendoGrid");
        var row = grid.select();

        var box = row.find("input[type=checkbox]");
        $(box).trigger("click");

        row.removeClass("k-state-selected");
      }
    });

    kendo.bind("#guUsers", guObserve);

    guDiscard = $("#guDiscard").kendoDialog({
      title: "Discard Changes",
      content: "<div class='col-sm-12'>"
        + "<p>This group's information has been changed.</p>"
        + "<p>Do you wish to discard the changes?</p>"
        + "</div>",
      modal: true,
      minWidth: 300,
      maxWidth: 500,
      visible: false,
      resizable: false,
      show: EventOpenWindow,
      close: EventCloseWindow,
      actions: [
        { text: "No",
          action: function() { guAction = "discardDeny"; }
        },
        { text: "Yes", primary: true,
          action: function() { guAction = "discardConfirm"; }
        }
      ]
    }).data("kendoDialog");

    guNotifyPrimary = $("#guNotifyPrimary").kendoDialog({
      title: "Primary User",
      content: "<div class='col-sm-12'>"
        + "<p>By changing the primary user, the selected user will take on the rights and access of the current primary user.</p>"
        + "<p>This action cannot be undone except by changing the rights per sub-account.</p>"
        + "</div>",
      modal: true,
      minWidth: 300,
      maxWidth: 500,
      visible: false,
      resizable: false,
      show: EventOpenWindow,
      close: EventCloseWindow,
      actions: [
        { text: "Ok", primary: true,
          action: function() { guAction = "notifyPrimary"; }
        }
      ]
    }).data("kendoDialog");

    guNotifyRefreshFail = $("#guNotifyRefreshFail").kendoDialog({
      title: "Reset Account Access",
      content: "<div class='col-sm-12'>"
        + "<p>This user's sub-account access cannot be reset because there are multiple primary owners for this group.</p>"
        + "<p>Please update the group by selecting a single primary owner before trying to reset this user's sub-account access.</p>"
        + "</div>",
      modal: true,
      minWidth: 300,
      maxWidth: 500,
      visible: false,
      resizable: false,
      show: EventOpenWindow,
      close: EventCloseWindow,
      actions: [
        { text: "Ok", primary: true,
          action: function() { guAction = "notifyRefreshFail"; }
        }
      ]
    }).data("kendoDialog");

    guNotifyRefresh = $("#guNotifyRefresh").kendoDialog({
      title: "Reset Account Access",
      content: '<div class="col-sm-12">'
       + '<p>By cropping this user\'s sub-account access, you will be removing access to the sub-accounts which the current primary user does not access.</p>'
       + '<p>Other sub-accounts which the primary owner also has access to will remain for this user.</p>'
       + '</div>',
      modal: true,
      minWidth: 300,
      maxWidth: 500,
      visible: false,
      resizable: false,
      show: EventOpenWindow,
      close: EventCloseWindow,
      actions: [
        { text: "Ok", primary: true,
          action: function() { guAction = "notifyRefresh"; }
        }
      ]
    }).data("kendoDialog");

    guStatus = $("#guStatus");
    guStatus.hide();

    guTooltip = homecuTooltip.defaults;
    guTooltip.filter = ".cleanup td:eq(1)"; <?php // Let's just put this on the column of the primary user. ?>
    guTooltip.content = EventShowTip,
    $("#guUsers").kendoTooltip(guTooltip);
  }

  var InitDataActions = function() {
    $("#btnUpdate").on("click", function() {
      EventUpdateUsers();
    });
    $("#lnkCancel").on("click", function() {
      guUsers.close();
    });
  }

  this.Open = function(windowStack) {
    // setup validator
    $.homecuValidator.setup({
      formStatusField: "status",
      formValidate: "guUsers"
    });

    guCardWindows = windowStack;
    var groupRequest = {
      operation: "groupReadUsers",
      payload: guPayload
    };

    guDataSource.transport.options.read.type = "POST";
    guDataSource.read(groupRequest);
  }

  this.Close = function() {
    guUsers.destroy();
  }

  this.Data = function(payload, group) {
    guPayload = payload;
    guGroup = group;
  }

  this.Init = function(hubCall, cardContainer) {
    guCall = hubCall;
    guCardContainer = cardContainer;

    InitDataSources();
    InitDataViews();
    InitDataActions();

    guCall("GroupUsers", this);
  }
}
</script>
<?php }