00001 <?php
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025 if ( ! defined ('ALLOWED') ) die('Appel direct ne sont pas permis');
00026 include_once ("ac_common.php");
00027 require_once("class_iselect.php");
00028 require_once('class_dossier.php');
00029 include_once ("class_user.php");
00030 require_once('class_database.php');
00031 require_once 'class_sort_table.php';
00032
00033 $gDossier=dossier::id();
00034 $str_dossier=dossier::get();
00035
00036
00037 $cn=new Database($gDossier);
00038 global $g_user;
00039 $g_user->Check();
00040 $g_user->check_dossier($gDossier);
00041
00042 include_once ("user_menu.php");
00043
00044
00045
00046
00047 if ( ! isset($_REQUEST['action']))
00048 {
00049 $base_url=$_SERVER['PHP_SELF']."?ac=".$_REQUEST['ac']."&".dossier::get();
00050
00051 echo '<DIV class="content" >';
00052 $header=new Sort_Table();
00053 $header->add('Login',$base_url,"order by use_login asc","order by use_login desc",'la','ld');
00054 $header->add('Nom',$base_url,"order by use_name asc,use_first_name asc","order by use_name desc,use_first_name desc",'na','nd');
00055 $header->add('Type d\'utilisateur',$base_url,"order by use_admin asc,use_login asc","order by use_admin desc,use_login desc",'ta','td');
00056
00057
00058 $order=(isset($_REQUEST['ord']))?$_REQUEST['ord']:'la';
00059
00060 $ord_sql=$header->get_sql_order($order);
00061
00062
00063 $repo=new Database();
00064
00065 $user_sql = $repo->exec_sql("select use_id,
00066 use_first_name,
00067 use_name,
00068 use_login,
00069 use_admin,
00070 priv_priv
00071 from ac_users natural join jnt_use_dos " .
00072 " join priv_user on (jnt_id=priv_jnt)
00073 where use_login != 'phpcompta' and priv_priv <> 'X' and use_active=1
00074 and dos_id=$1 " . $ord_sql, array($gDossier));
00075
00076 $MaxUser = Database::num_row($user_sql);
00077
00078
00079 echo '<TABLE class="result" style="width:80%;margin-left:10%">';
00080 echo "<tr>";
00081 echo '<th>'.$header->get_header(0).'</th>';
00082 echo '<th>'.$header->get_header(1).'</th>';
00083 echo th('prénom');
00084 echo th('profil');
00085 echo '<th>'.$header->get_header(2).'</th>';
00086 for ($i = 0;$i < $MaxUser;$i++)
00087 {
00088 echo '<tr>';
00089 $l_line=Database::fetch_array($user_sql,$i);
00090
00091
00092 $str="";
00093 $str=($l_line['priv_priv'] == 'R')?'Utilisateur Normal':$str;
00094 if ( $l_line['use_admin'] == 1 )
00095 $str=' Administrateur global';
00096
00097
00098 $profile=$cn->get_value("select p_name from profile
00099 join profile_user using(p_id) where user_name=$1",array($l_line['use_login']));
00100
00101 $url=$base_url."&action=view&user_id=".$l_line['use_id'];
00102 echo "<td>";
00103 echo HtmlInput::anchor($l_line['use_login'], $url);
00104 echo "</td>";
00105 echo td($l_line['use_name']);
00106 echo td($l_line['use_first_name']);
00107 echo td($profile);
00108 echo td($str);
00109
00110 echo "</TR>";
00111 }
00112 echo '</TABLE>';
00113 }
00114 $action="";
00115
00116 if ( isset ($_GET["action"] ))
00117 {
00118 $action=$_GET["action"];
00119
00120 }
00121
00122
00123
00124 if ( isset($_POST['ok']))
00125 {
00126 try
00127 {
00128 $cn->start();
00129 $sec_User=new User($cn,$_POST['user_id']);
00130
00131
00132 $sec_User->save_profile($_POST['profile']);
00133
00134
00135 $a=$cn->get_array('select jrn_def_id from jrn_def');
00136
00137 foreach ($a as $key)
00138 {
00139 $id=$key['jrn_def_id'];
00140 $priv=sprintf("jrn_act%d",$id);
00141 $count=$cn->get_value('select count(*) from user_sec_jrn where uj_login=$1 '.
00142 ' and uj_jrn_id=$2',array($sec_User->login,$id));
00143 if ( $count == 0 )
00144 {
00145 $cn->exec_sql('insert into user_sec_jrn (uj_login,uj_jrn_id,uj_priv)'.
00146 ' values ($1,$2,$3)',
00147 array($sec_User->login,$id,$_POST[$priv]));
00148
00149 }
00150 else
00151 {
00152 $cn->exec_sql('update user_sec_jrn set uj_priv=$1 where uj_login=$2 and uj_jrn_id=$3',
00153 array($_POST[$priv],$sec_User->login,$id));
00154 }
00155 }
00156
00157 $a=$cn->get_array('select ac_id from action');
00158
00159 foreach ($a as $key)
00160 {
00161 $id=$key['ac_id'];
00162 $priv=sprintf("action%d",$id);
00163 if ( ! isset ($_POST[$priv]))
00164 {
00165 $cn->exec_sql("delete from user_sec_act where ua_act_id=$1",array($id));
00166 continue;
00167 }
00168 $count=$cn->get_value('select count(*) from user_sec_act where ua_login=$1 '.
00169 ' and ua_act_id=$2',array($sec_User->login,$id));
00170 if ( $_POST[$priv] == 1 && $count == 0)
00171 {
00172 $cn->exec_sql('insert into user_sec_act (ua_login,ua_act_id)'.
00173 ' values ($1,$2)',
00174 array($sec_User->login,$id));
00175
00176 }
00177 if ($_POST[$priv] == 0 )
00178 {
00179 $cn->exec_sql('delete from user_sec_act where ua_login=$1 and ua_act_id=$2',
00180 array($sec_User->login,$id));
00181 }
00182 }
00183 $cn->commit();
00184 }
00185 catch (Exception $e)
00186 {
00187 echo_warning ($e->getTraceAsString());
00188 $cn->rollback();
00189 }
00190
00191 }
00192
00193
00194
00195
00196
00197
00198
00199
00200 if ( $action == "view" )
00201 {
00202 $l_Db=sprintf("dossier%d",$gDossier);
00203 $return= HtmlInput::button_anchor('Retour à la liste','?&ac='.$_REQUEST['ac'].'&'.dossier::get(),'retour');
00204
00205 $repo=new Database();
00206 $User=new User($repo,$_GET['user_id']);
00207 $admin=0;
00208 $access=$User->get_folder_access($gDossier);
00209
00210 $str="Aucun accès";
00211
00212 if ($access=='R')
00213 {
00214 $str=' Utilisateur normal';
00215 }
00216
00217 if ( $User->admin==1 )
00218 {
00219 $str=' Administrateur';
00220 $admin=1;
00221 }
00222
00223 echo '<h2>'.h($User->first_name).' '.h($User->name).' '.hi($User->login)."($str)</h2>";
00224
00225
00226 if ( $_GET['user_id'] == 1 )
00227 {
00228 echo '<h2 class="notice"> Cet utilisateur est administrateur, il a tous les droits</h2>';
00229 echo "<p> Impossible de modifier cet utilisateur dans cet écran, il faut passer par
00230 l'écran administration -> utilisateur.
00231 </p>";
00232 echo $return;
00233 exit();
00234 }
00235
00236
00237 if ( $access == 'X' )
00238 {
00239 echo "<H2 class=\"error\">L'utilisateur n'a pas accès à ce dossier</H2>";
00240 echo "<p> Impossible de modifier cet utilisateur dans cet écran, il faut passer par
00241 l'écran administration -> utilisateur.
00242 </p>";
00243 echo $return;
00244 $action="";
00245 return;
00246 }
00247
00248
00249
00250
00251
00252 $Res=$cn->exec_sql("select jrn_def_id,jrn_def_name from jrn_def ".
00253 " order by jrn_def_name");
00254 $sec_User=new User($cn,$_GET['user_id']);
00255
00256 echo '<form method="post">';
00257 $sHref=sprintf ('export.php?act=PDF:sec&user_id=%s&'.$str_dossier ,
00258 $_GET ['user_id']
00259 );
00260
00261 echo dossier::hidden();
00262 echo HtmlInput::hidden('action','sec');
00263 echo HtmlInput::hidden('user_id',$_GET['user_id']);
00264 $i_profile=new ISelect ('profile');
00265 $i_profile->value=$cn->make_array("select p_id,p_name from profile
00266 order by p_name");
00267
00268 $i_profile->selected=$sec_User->get_profile();
00269
00270 echo "<p>";
00271 echo _("Profil")." ".$i_profile->input();
00272 echo "</p>";
00273 echo '<Fieldset><legend>Journaux </legend>';
00274 echo '<table>';
00275 $MaxJrn=Database::num_row($Res);
00276 $jrn_priv=new ISelect();
00277 $array=array(
00278 array ('value'=>'R','label'=>'Uniquement lecture'),
00279 array ('value'=>'W','label'=>'Lecture et écriture'),
00280 array ('value'=>'X','label'=>'Aucun accès')
00281 );
00282
00283 for ( $i =0 ; $i < $MaxJrn; $i++ )
00284 {
00285
00286 $l_line=Database::fetch_array($Res,$i);
00287
00288 echo '<TR> ';
00289 if ( $i == 0 ) echo '<TD class="num"> <B> Journal </B> </TD>';
00290 else echo "<TD></TD>";
00291 echo "<TD class=\"num\"> $l_line[jrn_def_name] </TD>";
00292
00293 $jrn_priv->name='jrn_act'.$l_line['jrn_def_id'];
00294 $jrn_priv->value=$array;
00295 if ($admin != 1)
00296 $jrn_priv->selected=$sec_User->get_ledger_access($l_line['jrn_def_id']);
00297 else
00298 $jrn_priv->selected='W';
00299
00300
00301 echo '<td>';
00302 echo $jrn_priv->input();
00303 echo '</td>';
00304 echo '</tr>';
00305 }
00306 echo '</table>';
00307 echo '</fieldset>';
00308
00309
00310
00311
00312 echo '<fieldset> <legend>Actions </legend>';
00313 include('template/security_list_action.php');
00314 echo '</fieldset>';
00315 echo HtmlInput::button('Imprime','imprime',"onclick=\"window.open('".$sHref."');\"");
00316 echo HtmlInput::submit('ok','Sauve');
00317 echo HtmlInput::reset('Annule');
00318 echo $return;
00319 echo '</form>';
00320 }
00321 echo "</DIV>";
00322 html_page_stop();
00323 ?>