<?php /* * This file is part of NOALYSS. * * NOALYSS is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * NOALYSS is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with NOALYSS; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ // Copyright Author Dany De Bontridder danydb@aevalys.eu /*! \file * \brief Set the security for an user */ if ( ! defined ('ALLOWED') ) die('Appel direct ne sont pas permis'); require_once NOALYSS_INCLUDE.'/ac_common.php'; require_once NOALYSS_INCLUDE.'/class_iselect.php'; require_once NOALYSS_INCLUDE.'/class_dossier.php'; require_once NOALYSS_INCLUDE.'/class_user.php'; require_once NOALYSS_INCLUDE.'/class_database.php'; require_once NOALYSS_INCLUDE.'/class_sort_table.php'; $gDossier=dossier::id(); $str_dossier=dossier::get(); /* Admin. Dossier */ $cn=new Database($gDossier); global $g_user; $g_user->Check(); $g_user->check_dossier($gDossier); require_once NOALYSS_INCLUDE.'/user_menu.php'; ///////////////////////////////////////////////////////////////////////// // List users ///////////////////////////////////////////////////////////////////////// if ( ! isset($_REQUEST['action'])) { $base_url=$_SERVER['PHP_SELF']."?ac=".$_REQUEST['ac']."&".dossier::get(); echo '<DIV class="content" >'; $header=new Sort_Table(); $header->add('Login',$base_url,"order by use_login asc","order by use_login desc",'la','ld'); $header->add('Nom',$base_url,"order by use_name asc,use_first_name asc","order by use_name desc,use_first_name desc",'na','nd'); $header->add('Type d\'utilisateur',$base_url,"order by use_admin asc,use_login asc","order by use_admin desc,use_login desc",'ta','td'); $order=(isset($_REQUEST['ord']))?$_REQUEST['ord']:'la'; $ord_sql=$header->get_sql_order($order); $repo=new Database(); /* Show all the active users, including admin */ $user_sql = $repo->exec_sql("select use_id, use_first_name, use_name, use_login, use_admin from ac_users left join jnt_use_dos using (use_id) where use_login != 'phpcompta' and use_active=1 and (dos_id=$1 or (dos_id is null and use_admin=1))" . $ord_sql, array($gDossier)); $MaxUser = Database::num_row($user_sql); echo '<TABLE class="result" style="width:80%;margin-left:10%">'; echo "<tr>"; echo '<th>'.$header->get_header(0).'</th>'; echo '<th>'.$header->get_header(1).'</th>'; echo th('prénom'); echo th('profil'); echo '<th>'.$header->get_header(2).'</th>'; for ($i = 0;$i < $MaxUser;$i++) { echo '<tr>'; $l_line=Database::fetch_array($user_sql,$i); $str=""; $str=_('Utilisateur Normal'); if ( $l_line['use_admin'] == 1 ) $str=_('Administrateur'); // get profile $profile=$cn->get_value("select p_name from profile join profile_user using(p_id) where user_name=$1",array($l_line['use_login'])); $url=$base_url."&action=view&user_id=".$l_line['use_id']; echo "<td>"; echo HtmlInput::anchor($l_line['use_login'], $url); echo "</td>"; echo td($l_line['use_name']); echo td($l_line['use_first_name']); echo td($profile); echo td($str); echo "</TR>"; } echo '</TABLE>'; } $action=""; if ( isset ($_GET["action"] )) { $action=$_GET["action"]; } //---------------------------------------------------------------------- // Action = save //---------------------------------------------------------------------- if ( isset($_POST['ok'])) { try { $cn->start(); $sec_User=new User($cn,$_POST['user_id']); // save profile $sec_User->save_profile($_POST['profile']); /* Save first the ledger */ $a=$cn->get_array('select jrn_def_id from jrn_def'); foreach ($a as $key) { $id=$key['jrn_def_id']; $priv=sprintf("jrn_act%d",$id); $count=$cn->get_value('select count(*) from user_sec_jrn where uj_login=$1 '. ' and uj_jrn_id=$2',array($sec_User->login,$id)); if ( $count == 0 ) { $cn->exec_sql('insert into user_sec_jrn (uj_login,uj_jrn_id,uj_priv)'. ' values ($1,$2,$3)', array($sec_User->login,$id,$_POST[$priv])); } else { $cn->exec_sql('update user_sec_jrn set uj_priv=$1 where uj_login=$2 and uj_jrn_id=$3', array($_POST[$priv],$sec_User->login,$id)); } } /* now save all the actions */ $a=$cn->get_array('select ac_id from action'); foreach ($a as $key) { $id=$key['ac_id']; $priv=sprintf("action%d",$id); if ( ! isset ($_POST[$priv])) { $cn->exec_sql("delete from user_sec_act where ua_act_id=$1",array($id)); continue; } $count=$cn->get_value('select count(*) from user_sec_act where ua_login=$1 '. ' and ua_act_id=$2',array($sec_User->login,$id)); if ( $_POST[$priv] == 1 && $count == 0) { $cn->exec_sql('insert into user_sec_act (ua_login,ua_act_id)'. ' values ($1,$2)', array($sec_User->login,$id)); } if ($_POST[$priv] == 0 ) { $cn->exec_sql('delete from user_sec_act where ua_login=$1 and ua_act_id=$2', array($sec_User->login,$id)); } } $cn->commit(); } // end try catch (Exception $e) { echo_warning ($e->getTraceAsString()); $cn->rollback(); } } //-------------------------------------------------------------------------------- // Action == View detail for users //-------------------------------------------------------------------------------- if ( $action == "view" ) { $l_Db=sprintf("dossier%d",$gDossier); $return= HtmlInput::button_anchor('Retour à la liste','?&ac='.$_REQUEST['ac'].'&'.dossier::get(),'retour'); $repo=new Database(); $User=new User($repo,$_GET['user_id']); $admin=0; $access=$User->get_folder_access($gDossier); $str="Aucun accès"; if ($access=='R') { $str=' Utilisateur normal'; } if ( $User->admin==1 ) { $str=' Administrateur'; $admin=1; } echo '<h2>'.h($User->first_name).' '.h($User->name).' '.hi($User->login)."($str)</h2>"; if ( $_GET['user_id'] == 1 ) { echo '<h2 class="notice"> Cet utilisateur est administrateur, il a tous les droits</h2>'; echo "<p> Impossible de modifier cet utilisateur dans cet écran, il faut passer par l'écran administration -> utilisateur. </p>"; echo $return; return; } // // Check if the user can access that folder if ( $access == 'X' ) { echo "<H2 class=\"error\">L'utilisateur n'a pas accès à ce dossier</H2>"; echo "<p> Impossible de modifier cet utilisateur dans cet écran, il faut passer par l'écran administration -> utilisateur. </p>"; echo $return; $action=""; return; } //-------------------------------------------------------------------------------- // Show access for journal //-------------------------------------------------------------------------------- $Res=$cn->exec_sql("select jrn_def_id,jrn_def_name from jrn_def ". " order by jrn_def_name"); $sec_User=new User($cn,$_GET['user_id']); echo '<form method="post">'; $sHref=sprintf ('export.php?act=PDF:sec&user_id=%s&'.$str_dossier , $_GET ['user_id'] ); echo dossier::hidden(); echo HtmlInput::hidden('action','sec'); echo HtmlInput::hidden('user_id',$_GET['user_id']); $i_profile=new ISelect ('profile'); $i_profile->value=$cn->make_array("select p_id,p_name from profile order by p_name"); $i_profile->selected=$sec_User->get_profile(); echo "<p>"; echo _("Profil")." ".$i_profile->input(); echo "</p>"; echo '<Fieldset><legend>Journaux </legend>'; echo '<table>'; $MaxJrn=Database::num_row($Res); $jrn_priv=new ISelect(); $array=array( array ('value'=>'R','label'=>'Uniquement lecture'), array ('value'=>'W','label'=>'Lecture et écriture'), array ('value'=>'X','label'=>'Aucun accès') ); for ( $i =0 ; $i < $MaxJrn; $i++ ) { /* set the widget */ $l_line=Database::fetch_array($Res,$i); echo '<TR> '; if ( $i == 0 ) echo '<TD class="num"> <B> Journal </B> </TD>'; else echo "<TD></TD>"; echo "<TD class=\"num\"> $l_line[jrn_def_name] </TD>"; $jrn_priv->name='jrn_act'.$l_line['jrn_def_id']; $jrn_priv->value=$array; if ($admin != 1) $jrn_priv->selected=$sec_User->get_ledger_access($l_line['jrn_def_id']); else $jrn_priv->selected='W'; echo '<td>'; echo $jrn_priv->input(); echo '</td>'; echo '</tr>'; } echo '</table>'; echo '</fieldset>'; //********************************************************************** // Show Priv. for actions //********************************************************************** echo '<fieldset> <legend>Actions </legend>'; include('template/security_list_action.php'); echo '</fieldset>'; echo HtmlInput::button('Imprime','imprime',"onclick=\"window.open('".$sHref."');\""); echo HtmlInput::submit('ok','Sauve'); echo HtmlInput::reset('Annule'); echo $return; echo '</form>'; } // end of the form echo "</DIV>"; html_page_stop(); ?>