mirror of
https://github.com/YunoHost-Apps/noalyss_ynh.git
synced 2024-09-03 19:46:20 +02:00
321 lines
10 KiB
PHP
321 lines
10 KiB
PHP
<?php
|
|
/*
|
|
* This file is part of NOALYSS.
|
|
*
|
|
* NOALYSS is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* NOALYSS is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with NOALYSS; if not, write to the Free Software
|
|
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
*/
|
|
// Copyright Author Dany De Bontridder danydb@aevalys.eu
|
|
|
|
|
|
/*! \file
|
|
* \brief Set the security for an user
|
|
*/
|
|
if ( ! defined ('ALLOWED') ) die('Appel direct ne sont pas permis');
|
|
require_once NOALYSS_INCLUDE.'/ac_common.php';
|
|
require_once NOALYSS_INCLUDE.'/class_iselect.php';
|
|
require_once NOALYSS_INCLUDE.'/class_dossier.php';
|
|
require_once NOALYSS_INCLUDE.'/class_user.php';
|
|
require_once NOALYSS_INCLUDE.'/class_database.php';
|
|
require_once NOALYSS_INCLUDE.'/class_sort_table.php';
|
|
|
|
$gDossier=dossier::id();
|
|
$str_dossier=dossier::get();
|
|
|
|
/* Admin. Dossier */
|
|
$cn=new Database($gDossier);
|
|
global $g_user;
|
|
$g_user->Check();
|
|
$g_user->check_dossier($gDossier);
|
|
|
|
require_once NOALYSS_INCLUDE.'/user_menu.php';
|
|
|
|
/////////////////////////////////////////////////////////////////////////
|
|
// List users
|
|
/////////////////////////////////////////////////////////////////////////
|
|
if ( ! isset($_REQUEST['action']))
|
|
{
|
|
$base_url=$_SERVER['PHP_SELF']."?ac=".$_REQUEST['ac']."&".dossier::get();
|
|
|
|
echo '<DIV class="content" >';
|
|
$header=new Sort_Table();
|
|
$header->add('Login',$base_url,"order by use_login asc","order by use_login desc",'la','ld');
|
|
$header->add('Nom',$base_url,"order by use_name asc,use_first_name asc","order by use_name desc,use_first_name desc",'na','nd');
|
|
$header->add('Type d\'utilisateur',$base_url,"order by use_admin asc,use_login asc","order by use_admin desc,use_login desc",'ta','td');
|
|
|
|
|
|
$order=(isset($_REQUEST['ord']))?$_REQUEST['ord']:'la';
|
|
|
|
$ord_sql=$header->get_sql_order($order);
|
|
|
|
|
|
$repo=new Database();
|
|
/* Show all the active users, including admin */
|
|
$user_sql = $repo->exec_sql("select use_id,
|
|
use_first_name,
|
|
use_name,
|
|
use_login,
|
|
use_admin
|
|
from ac_users left join jnt_use_dos using (use_id)
|
|
where use_login != 'phpcompta' and use_active=1
|
|
and (dos_id=$1 or (dos_id is null and use_admin=1))" . $ord_sql, array($gDossier));
|
|
|
|
$MaxUser = Database::num_row($user_sql);
|
|
|
|
|
|
echo '<TABLE class="result" style="width:80%;margin-left:10%">';
|
|
echo "<tr>";
|
|
echo '<th>'.$header->get_header(0).'</th>';
|
|
echo '<th>'.$header->get_header(1).'</th>';
|
|
echo th('prénom');
|
|
echo th('profil');
|
|
echo '<th>'.$header->get_header(2).'</th>';
|
|
for ($i = 0;$i < $MaxUser;$i++)
|
|
{
|
|
echo '<tr>';
|
|
$l_line=Database::fetch_array($user_sql,$i);
|
|
|
|
|
|
$str="";
|
|
$str=_('Utilisateur Normal');
|
|
if ( $l_line['use_admin'] == 1 )
|
|
$str=_('Administrateur');
|
|
|
|
// get profile
|
|
$profile=$cn->get_value("select p_name from profile
|
|
join profile_user using(p_id) where user_name=$1",array($l_line['use_login']));
|
|
|
|
$url=$base_url."&action=view&user_id=".$l_line['use_id'];
|
|
echo "<td>";
|
|
echo HtmlInput::anchor($l_line['use_login'], $url);
|
|
echo "</td>";
|
|
echo td($l_line['use_name']);
|
|
echo td($l_line['use_first_name']);
|
|
echo td($profile);
|
|
echo td($str);
|
|
|
|
echo "</TR>";
|
|
}
|
|
echo '</TABLE>';
|
|
}
|
|
$action="";
|
|
|
|
if ( isset ($_GET["action"] ))
|
|
{
|
|
$action=$_GET["action"];
|
|
|
|
}
|
|
//----------------------------------------------------------------------
|
|
// Action = save
|
|
//----------------------------------------------------------------------
|
|
if ( isset($_POST['ok']))
|
|
{
|
|
try
|
|
{
|
|
$cn->start();
|
|
$sec_User=new User($cn,$_POST['user_id']);
|
|
|
|
// save profile
|
|
$sec_User->save_profile($_POST['profile']);
|
|
|
|
/* Save first the ledger */
|
|
$a=$cn->get_array('select jrn_def_id from jrn_def');
|
|
|
|
foreach ($a as $key)
|
|
{
|
|
$id=$key['jrn_def_id'];
|
|
$priv=sprintf("jrn_act%d",$id);
|
|
$count=$cn->get_value('select count(*) from user_sec_jrn where uj_login=$1 '.
|
|
' and uj_jrn_id=$2',array($sec_User->login,$id));
|
|
if ( $count == 0 )
|
|
{
|
|
$cn->exec_sql('insert into user_sec_jrn (uj_login,uj_jrn_id,uj_priv)'.
|
|
' values ($1,$2,$3)',
|
|
array($sec_User->login,$id,$_POST[$priv]));
|
|
|
|
}
|
|
else
|
|
{
|
|
$cn->exec_sql('update user_sec_jrn set uj_priv=$1 where uj_login=$2 and uj_jrn_id=$3',
|
|
array($_POST[$priv],$sec_User->login,$id));
|
|
}
|
|
}
|
|
/* now save all the actions */
|
|
$a=$cn->get_array('select ac_id from action');
|
|
|
|
foreach ($a as $key)
|
|
{
|
|
$id=$key['ac_id'];
|
|
$priv=sprintf("action%d",$id);
|
|
if ( ! isset ($_POST[$priv]))
|
|
{
|
|
$cn->exec_sql("delete from user_sec_act where ua_act_id=$1",array($id));
|
|
continue;
|
|
}
|
|
$count=$cn->get_value('select count(*) from user_sec_act where ua_login=$1 '.
|
|
' and ua_act_id=$2',array($sec_User->login,$id));
|
|
if ( $_POST[$priv] == 1 && $count == 0)
|
|
{
|
|
$cn->exec_sql('insert into user_sec_act (ua_login,ua_act_id)'.
|
|
' values ($1,$2)',
|
|
array($sec_User->login,$id));
|
|
|
|
}
|
|
if ($_POST[$priv] == 0 )
|
|
{
|
|
$cn->exec_sql('delete from user_sec_act where ua_login=$1 and ua_act_id=$2',
|
|
array($sec_User->login,$id));
|
|
}
|
|
}
|
|
$cn->commit();
|
|
} // end try
|
|
catch (Exception $e)
|
|
{
|
|
echo_warning ($e->getTraceAsString());
|
|
$cn->rollback();
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//--------------------------------------------------------------------------------
|
|
// Action == View detail for users
|
|
//--------------------------------------------------------------------------------
|
|
|
|
if ( $action == "view" )
|
|
{
|
|
$l_Db=sprintf("dossier%d",$gDossier);
|
|
$return= HtmlInput::button_anchor('Retour à la liste','?&ac='.$_REQUEST['ac'].'&'.dossier::get(),'retour');
|
|
|
|
$repo=new Database();
|
|
$User=new User($repo,$_GET['user_id']);
|
|
$admin=0;
|
|
$access=$User->get_folder_access($gDossier);
|
|
|
|
$str="Aucun accès";
|
|
|
|
if ($access=='R')
|
|
{
|
|
$str=' Utilisateur normal';
|
|
}
|
|
|
|
if ( $User->admin==1 )
|
|
{
|
|
$str=' Administrateur';
|
|
$admin=1;
|
|
}
|
|
|
|
echo '<h2>'.h($User->first_name).' '.h($User->name).' '.hi($User->login)."($str)</h2>";
|
|
|
|
|
|
if ( $_GET['user_id'] == 1 )
|
|
{
|
|
echo '<h2 class="notice"> Cet utilisateur est administrateur, il a tous les droits</h2>';
|
|
echo "<p> Impossible de modifier cet utilisateur dans cet écran, il faut passer par
|
|
l'écran administration -> utilisateur.
|
|
</p>";
|
|
echo $return;
|
|
return;
|
|
}
|
|
//
|
|
// Check if the user can access that folder
|
|
if ( $access == 'X' )
|
|
{
|
|
echo "<H2 class=\"error\">L'utilisateur n'a pas accès à ce dossier</H2>";
|
|
echo "<p> Impossible de modifier cet utilisateur dans cet écran, il faut passer par
|
|
l'écran administration -> utilisateur.
|
|
</p>";
|
|
echo $return;
|
|
$action="";
|
|
return;
|
|
}
|
|
|
|
//--------------------------------------------------------------------------------
|
|
// Show access for journal
|
|
//--------------------------------------------------------------------------------
|
|
|
|
$Res=$cn->exec_sql("select jrn_def_id,jrn_def_name from jrn_def ".
|
|
" order by jrn_def_name");
|
|
$sec_User=new User($cn,$_GET['user_id']);
|
|
|
|
echo '<form method="post">';
|
|
$sHref=sprintf ('export.php?act=PDF:sec&user_id=%s&'.$str_dossier ,
|
|
$_GET ['user_id']
|
|
);
|
|
|
|
echo dossier::hidden();
|
|
echo HtmlInput::hidden('action','sec');
|
|
echo HtmlInput::hidden('user_id',$_GET['user_id']);
|
|
$i_profile=new ISelect ('profile');
|
|
$i_profile->value=$cn->make_array("select p_id,p_name from profile
|
|
order by p_name");
|
|
|
|
$i_profile->selected=$sec_User->get_profile();
|
|
|
|
echo "<p>";
|
|
echo _("Profil")." ".$i_profile->input();
|
|
echo "</p>";
|
|
echo '<Fieldset><legend>Journaux </legend>';
|
|
echo '<table>';
|
|
$MaxJrn=Database::num_row($Res);
|
|
$jrn_priv=new ISelect();
|
|
$array=array(
|
|
array ('value'=>'R','label'=>'Uniquement lecture'),
|
|
array ('value'=>'W','label'=>'Lecture et écriture'),
|
|
array ('value'=>'X','label'=>'Aucun accès')
|
|
);
|
|
|
|
for ( $i =0 ; $i < $MaxJrn; $i++ )
|
|
{
|
|
/* set the widget */
|
|
$l_line=Database::fetch_array($Res,$i);
|
|
|
|
echo '<TR> ';
|
|
if ( $i == 0 ) echo '<TD class="num"> <B> Journal </B> </TD>';
|
|
else echo "<TD></TD>";
|
|
echo "<TD class=\"num\"> $l_line[jrn_def_name] </TD>";
|
|
|
|
$jrn_priv->name='jrn_act'.$l_line['jrn_def_id'];
|
|
$jrn_priv->value=$array;
|
|
if ($admin != 1)
|
|
$jrn_priv->selected=$sec_User->get_ledger_access($l_line['jrn_def_id']);
|
|
else
|
|
$jrn_priv->selected='W';
|
|
|
|
|
|
echo '<td>';
|
|
echo $jrn_priv->input();
|
|
echo '</td>';
|
|
echo '</tr>';
|
|
}
|
|
echo '</table>';
|
|
echo '</fieldset>';
|
|
|
|
//**********************************************************************
|
|
// Show Priv. for actions
|
|
//**********************************************************************
|
|
echo '<fieldset> <legend>Actions </legend>';
|
|
include('template/security_list_action.php');
|
|
echo '</fieldset>';
|
|
echo HtmlInput::button('Imprime','imprime',"onclick=\"window.open('".$sHref."');\"");
|
|
echo HtmlInput::submit('ok','Sauve');
|
|
echo HtmlInput::reset('Annule');
|
|
echo $return;
|
|
echo '</form>';
|
|
} // end of the form
|
|
echo "</DIV>";
|
|
html_page_stop();
|
|
?>
|