Check(); $g_user->check_dossier($gDossier); require_once NOALYSS_INCLUDE.'/user_menu.php'; ///////////////////////////////////////////////////////////////////////// // List users ///////////////////////////////////////////////////////////////////////// if ( ! isset($_REQUEST['action'])) { $base_url=$_SERVER['PHP_SELF']."?ac=".$_REQUEST['ac']."&".dossier::get(); echo '
'; $header=new Sort_Table(); $header->add('Login',$base_url,"order by use_login asc","order by use_login desc",'la','ld'); $header->add('Nom',$base_url,"order by use_name asc,use_first_name asc","order by use_name desc,use_first_name desc",'na','nd'); $header->add('Type d\'utilisateur',$base_url,"order by use_admin asc,use_login asc","order by use_admin desc,use_login desc",'ta','td'); $order=(isset($_REQUEST['ord']))?$_REQUEST['ord']:'la'; $ord_sql=$header->get_sql_order($order); $repo=new Database(); /* Show all the active users, including admin */ $user_sql = $repo->exec_sql("select use_id, use_first_name, use_name, use_login, use_admin from ac_users left join jnt_use_dos using (use_id) where use_login != 'phpcompta' and use_active=1 and (dos_id=$1 or (dos_id is null and use_admin=1))" . $ord_sql, array($gDossier)); $MaxUser = Database::num_row($user_sql); echo ''; echo ""; echo ''; echo ''; echo th('prénom'); echo th('profil'); echo ''; for ($i = 0;$i < $MaxUser;$i++) { echo ''; $l_line=Database::fetch_array($user_sql,$i); $str=""; $str=_('Utilisateur Normal'); if ( $l_line['use_admin'] == 1 ) $str=_('Administrateur'); // get profile $profile=$cn->get_value("select p_name from profile join profile_user using(p_id) where user_name=$1",array($l_line['use_login'])); $url=$base_url."&action=view&user_id=".$l_line['use_id']; echo ""; echo td($l_line['use_name']); echo td($l_line['use_first_name']); echo td($profile); echo td($str); echo ""; } echo '
'.$header->get_header(0).''.$header->get_header(1).''.$header->get_header(2).'
"; echo HtmlInput::anchor($l_line['use_login'], $url); echo "
'; } $action=""; if ( isset ($_GET["action"] )) { $action=$_GET["action"]; } //---------------------------------------------------------------------- // Action = save //---------------------------------------------------------------------- if ( isset($_POST['ok'])) { try { $cn->start(); $sec_User=new User($cn,$_POST['user_id']); // save profile $sec_User->save_profile($_POST['profile']); /* Save first the ledger */ $a=$cn->get_array('select jrn_def_id from jrn_def'); foreach ($a as $key) { $id=$key['jrn_def_id']; $priv=sprintf("jrn_act%d",$id); $count=$cn->get_value('select count(*) from user_sec_jrn where uj_login=$1 '. ' and uj_jrn_id=$2',array($sec_User->login,$id)); if ( $count == 0 ) { $cn->exec_sql('insert into user_sec_jrn (uj_login,uj_jrn_id,uj_priv)'. ' values ($1,$2,$3)', array($sec_User->login,$id,$_POST[$priv])); } else { $cn->exec_sql('update user_sec_jrn set uj_priv=$1 where uj_login=$2 and uj_jrn_id=$3', array($_POST[$priv],$sec_User->login,$id)); } } /* now save all the actions */ $a=$cn->get_array('select ac_id from action'); foreach ($a as $key) { $id=$key['ac_id']; $priv=sprintf("action%d",$id); if ( ! isset ($_POST[$priv])) { $cn->exec_sql("delete from user_sec_act where ua_act_id=$1",array($id)); continue; } $count=$cn->get_value('select count(*) from user_sec_act where ua_login=$1 '. ' and ua_act_id=$2',array($sec_User->login,$id)); if ( $_POST[$priv] == 1 && $count == 0) { $cn->exec_sql('insert into user_sec_act (ua_login,ua_act_id)'. ' values ($1,$2)', array($sec_User->login,$id)); } if ($_POST[$priv] == 0 ) { $cn->exec_sql('delete from user_sec_act where ua_login=$1 and ua_act_id=$2', array($sec_User->login,$id)); } } $cn->commit(); } // end try catch (Exception $e) { echo_warning ($e->getTraceAsString()); $cn->rollback(); } } //-------------------------------------------------------------------------------- // Action == View detail for users //-------------------------------------------------------------------------------- if ( $action == "view" ) { $l_Db=sprintf("dossier%d",$gDossier); $return= HtmlInput::button_anchor('Retour à la liste','?&ac='.$_REQUEST['ac'].'&'.dossier::get(),'retour'); $repo=new Database(); $User=new User($repo,$_GET['user_id']); $admin=0; $access=$User->get_folder_access($gDossier); $str="Aucun accès"; if ($access=='R') { $str=' Utilisateur normal'; } if ( $User->admin==1 ) { $str=' Administrateur'; $admin=1; } echo '

'.h($User->first_name).' '.h($User->name).' '.hi($User->login)."($str)

"; if ( $_GET['user_id'] == 1 ) { echo '

Cet utilisateur est administrateur, il a tous les droits

'; echo "

Impossible de modifier cet utilisateur dans cet écran, il faut passer par l'écran administration -> utilisateur.

"; echo $return; return; } // // Check if the user can access that folder if ( $access == 'X' ) { echo "

L'utilisateur n'a pas accès à ce dossier

"; echo "

Impossible de modifier cet utilisateur dans cet écran, il faut passer par l'écran administration -> utilisateur.

"; echo $return; $action=""; return; } //-------------------------------------------------------------------------------- // Show access for journal //-------------------------------------------------------------------------------- $Res=$cn->exec_sql("select jrn_def_id,jrn_def_name from jrn_def ". " order by jrn_def_name"); $sec_User=new User($cn,$_GET['user_id']); echo '
'; $sHref=sprintf ('export.php?act=PDF:sec&user_id=%s&'.$str_dossier , $_GET ['user_id'] ); echo dossier::hidden(); echo HtmlInput::hidden('action','sec'); echo HtmlInput::hidden('user_id',$_GET['user_id']); $i_profile=new ISelect ('profile'); $i_profile->value=$cn->make_array("select p_id,p_name from profile order by p_name"); $i_profile->selected=$sec_User->get_profile(); echo "

"; echo _("Profil")." ".$i_profile->input(); echo "

"; echo '
Journaux '; echo ''; $MaxJrn=Database::num_row($Res); $jrn_priv=new ISelect(); $array=array( array ('value'=>'R','label'=>'Uniquement lecture'), array ('value'=>'W','label'=>'Lecture et écriture'), array ('value'=>'X','label'=>'Aucun accès') ); for ( $i =0 ; $i < $MaxJrn; $i++ ) { /* set the widget */ $l_line=Database::fetch_array($Res,$i); echo ' '; if ( $i == 0 ) echo ''; else echo ""; echo ""; $jrn_priv->name='jrn_act'.$l_line['jrn_def_id']; $jrn_priv->value=$array; if ($admin != 1) $jrn_priv->selected=$sec_User->get_ledger_access($l_line['jrn_def_id']); else $jrn_priv->selected='W'; echo ''; echo ''; } echo '
Journal $l_line[jrn_def_name] '; echo $jrn_priv->input(); echo '
'; echo '
'; //********************************************************************** // Show Priv. for actions //********************************************************************** echo '
Actions '; include('template/security_list_action.php'); echo '
'; echo HtmlInput::button('Imprime','imprime',"onclick=\"window.open('".$sHref."');\""); echo HtmlInput::submit('ok','Sauve'); echo HtmlInput::reset('Annule'); echo $return; echo '
'; } // end of the form echo "
"; html_page_stop(); ?>