YunoHost-Apps/noalyss_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/noalyss_ynh.git synced 2024-09-03 19:46:20 +02:00
Code Issues Activity Actions
noalyss_ynh/sources/include/param_sec.inc.php

322 lines
10 KiB
PHP
Raw Normal View History

init
2015-09-27 00:35:53 +02:00
<?php
/*
* This file is part of NOALYSS.
*
* NOALYSS is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* NOALYSS is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with NOALYSS; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
// Copyright Author Dany De Bontridder danydb@aevalys.eu
/*! \file
* \brief Set the security for an user
*/
if ( ! defined ('ALLOWED') ) die('Appel direct ne sont pas permis');
require_once NOALYSS_INCLUDE.'/ac_common.php';
require_once NOALYSS_INCLUDE.'/class_iselect.php';
require_once NOALYSS_INCLUDE.'/class_dossier.php';
require_once NOALYSS_INCLUDE.'/class_user.php';
require_once NOALYSS_INCLUDE.'/class_database.php';
require_once NOALYSS_INCLUDE.'/class_sort_table.php';
$gDossier=dossier::id();
$str_dossier=dossier::get();
/* Admin. Dossier */
$cn=new Database($gDossier);
global $g_user;
$g_user->Check();
$g_user->check_dossier($gDossier);
require_once NOALYSS_INCLUDE.'/user_menu.php';
/////////////////////////////////////////////////////////////////////////
// List users
/////////////////////////////////////////////////////////////////////////
if ( ! isset($_REQUEST['action']))
{
$base_url=$_SERVER['PHP_SELF']."?ac=".$_REQUEST['ac']."&".dossier::get();
echo '<DIV class="content" >';
$header=new Sort_Table();
$header->add('Login',$base_url,"order by use_login asc","order by use_login desc",'la','ld');
$header->add('Nom',$base_url,"order by use_name asc,use_first_name asc","order by use_name desc,use_first_name desc",'na','nd');
$header->add('Type d\'utilisateur',$base_url,"order by use_admin asc,use_login asc","order by use_admin desc,use_login desc",'ta','td');
$order=(isset($_REQUEST['ord']))?$_REQUEST['ord']:'la';
$ord_sql=$header->get_sql_order($order);
$repo=new Database();
/* Show all the active users, including admin */
$user_sql = $repo->exec_sql("select use_id,
use_first_name,
use_name,
use_login,
use_admin
from ac_users left join jnt_use_dos using (use_id)
where use_login != 'phpcompta' and use_active=1
and (dos_id=$1 or (dos_id is null and use_admin=1))" . $ord_sql, array($gDossier));
$MaxUser = Database::num_row($user_sql);
echo '<TABLE class="result" style="width:80%;margin-left:10%">';
echo "<tr>";
echo '<th>'.$header->get_header(0).'</th>';
echo '<th>'.$header->get_header(1).'</th>';
echo th('prénom');
echo th('profil');
echo '<th>'.$header->get_header(2).'</th>';
for ($i = 0;$i < $MaxUser;$i++)
{
echo '<tr>';
$l_line=Database::fetch_array($user_sql,$i);
$str="";
$str=_('Utilisateur Normal');
if ( $l_line['use_admin'] == 1 )
$str=_('Administrateur');
// get profile
$profile=$cn->get_value("select p_name from profile
join profile_user using(p_id) where user_name=$1",array($l_line['use_login']));
$url=$base_url."&action=view&user_id=".$l_line['use_id'];
echo "<td>";
echo HtmlInput::anchor($l_line['use_login'], $url);
echo "</td>";
echo td($l_line['use_name']);
echo td($l_line['use_first_name']);
echo td($profile);
echo td($str);
echo "</TR>";
}
echo '</TABLE>';
}
$action="";
if ( isset ($_GET["action"] ))
{
$action=$_GET["action"];
}
//----------------------------------------------------------------------
// Action = save
//----------------------------------------------------------------------
if ( isset($_POST['ok']))
{
try
{
$cn->start();
$sec_User=new User($cn,$_POST['user_id']);
// save profile
$sec_User->save_profile($_POST['profile']);
/* Save first the ledger */
$a=$cn->get_array('select jrn_def_id from jrn_def');
foreach ($a as $key)
{
$id=$key['jrn_def_id'];
$priv=sprintf("jrn_act%d",$id);
$count=$cn->get_value('select count(*) from user_sec_jrn where uj_login=$1 '.
' and uj_jrn_id=$2',array($sec_User->login,$id));
if ( $count == 0 )
{
$cn->exec_sql('insert into user_sec_jrn (uj_login,uj_jrn_id,uj_priv)'.
' values ($1,$2,$3)',
array($sec_User->login,$id,$_POST[$priv]));
}
else
{
$cn->exec_sql('update user_sec_jrn set uj_priv=$1 where uj_login=$2 and uj_jrn_id=$3',
array($_POST[$priv],$sec_User->login,$id));
}
}
/* now save all the actions */
$a=$cn->get_array('select ac_id from action');
foreach ($a as $key)
{
$id=$key['ac_id'];
$priv=sprintf("action%d",$id);
if ( ! isset ($_POST[$priv]))
{
$cn->exec_sql("delete from user_sec_act where ua_act_id=$1",array($id));
continue;
}
$count=$cn->get_value('select count(*) from user_sec_act where ua_login=$1 '.
' and ua_act_id=$2',array($sec_User->login,$id));
if ( $_POST[$priv] == 1 && $count == 0)
{
$cn->exec_sql('insert into user_sec_act (ua_login,ua_act_id)'.
' values ($1,$2)',
array($sec_User->login,$id));
}
if ($_POST[$priv] == 0 )
{
$cn->exec_sql('delete from user_sec_act where ua_login=$1 and ua_act_id=$2',
array($sec_User->login,$id));
}
}
$cn->commit();
} // end try
catch (Exception $e)
{
echo_warning ($e->getTraceAsString());
$cn->rollback();
}
}
//--------------------------------------------------------------------------------
// Action == View detail for users
//--------------------------------------------------------------------------------
if ( $action == "view" )
{
$l_Db=sprintf("dossier%d",$gDossier);
$return= HtmlInput::button_anchor('Retour à la liste','?&ac='.$_REQUEST['ac'].'&'.dossier::get(),'retour');
$repo=new Database();
$User=new User($repo,$_GET['user_id']);
$admin=0;
$access=$User->get_folder_access($gDossier);
$str="Aucun accès";
if ($access=='R')
{
$str=' Utilisateur normal';
}
if ( $User->admin==1 )
{
$str=' Administrateur';
$admin=1;
}
echo '<h2>'.h($User->first_name).' '.h($User->name).' '.hi($User->login)."($str)</h2>";
if ( $_GET['user_id'] == 1 )
{
echo '<h2 class="notice"> Cet utilisateur est administrateur, il a tous les droits</h2>';
echo "<p> Impossible de modifier cet utilisateur dans cet écran, il faut passer par
l'écran administration -> utilisateur.
</p>";
echo $return;
return;
}
//
// Check if the user can access that folder
if ( $access == 'X' )
{
echo "<H2 class=\"error\">L'utilisateur n'a pas accès à ce dossier</H2>";
echo "<p> Impossible de modifier cet utilisateur dans cet écran, il faut passer par
l'écran administration -> utilisateur.
</p>";
echo $return;
$action="";
return;
}
//--------------------------------------------------------------------------------
// Show access for journal
//--------------------------------------------------------------------------------
$Res=$cn->exec_sql("select jrn_def_id,jrn_def_name from jrn_def ".
" order by jrn_def_name");
$sec_User=new User($cn,$_GET['user_id']);
echo '<form method="post">';
$sHref=sprintf ('export.php?act=PDF:sec&user_id=%s&'.$str_dossier ,
$_GET ['user_id']
);
echo dossier::hidden();
echo HtmlInput::hidden('action','sec');
echo HtmlInput::hidden('user_id',$_GET['user_id']);
$i_profile=new ISelect ('profile');
$i_profile->value=$cn->make_array("select p_id,p_name from profile
order by p_name");
$i_profile->selected=$sec_User->get_profile();
echo "<p>";
echo _("Profil")." ".$i_profile->input();
echo "</p>";
echo '<Fieldset><legend>Journaux </legend>';
echo '<table>';
$MaxJrn=Database::num_row($Res);
$jrn_priv=new ISelect();
$array=array(
array ('value'=>'R','label'=>'Uniquement lecture'),
array ('value'=>'W','label'=>'Lecture et écriture'),
array ('value'=>'X','label'=>'Aucun accès')
);
for ( $i =0 ; $i < $MaxJrn; $i++ )
{
/* set the widget */
$l_line=Database::fetch_array($Res,$i);
echo '<TR> ';
if ( $i == 0 ) echo '<TD class="num"> <B> Journal </B> </TD>';
else echo "<TD></TD>";
echo "<TD class=\"num\"> $l_line[jrn_def_name] </TD>";
$jrn_priv->name='jrn_act'.$l_line['jrn_def_id'];
$jrn_priv->value=$array;
if ($admin != 1)
$jrn_priv->selected=$sec_User->get_ledger_access($l_line['jrn_def_id']);
else
$jrn_priv->selected='W';
echo '<td>';
echo $jrn_priv->input();
echo '</td>';
echo '</tr>';
}
echo '</table>';
echo '</fieldset>';
//**********************************************************************
// Show Priv. for actions
//**********************************************************************
echo '<fieldset> <legend>Actions </legend>';
include('template/security_list_action.php');
echo '</fieldset>';
echo HtmlInput::button('Imprime','imprime',"onclick=\"window.open('".$sHref."');\"");
echo HtmlInput::submit('ok','Sauve');
echo HtmlInput::reset('Annule');
echo $return;
echo '</form>';
} // end of the form
echo "</DIV>";
html_page_stop();
?>
Reference in a new issue Copy permalink