noalyss  Version-6.7.2
 All Data Structures Namespaces Files Functions Variables Enumerations
param_sec.inc.php
Go to the documentation of this file.
00001 <?php
00002 /*
00003  *   This file is part of NOALYSS.
00004  *
00005  *   NOALYSS is free software; you can redistribute it and/or modify
00006  *   it under the terms of the GNU General Public License as published by
00007  *   the Free Software Foundation; either version 2 of the License, or
00008  *   (at your option) any later version.
00009  *
00010  *   NOALYSS is distributed in the hope that it will be useful,
00011  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
00012  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00013  *   GNU General Public License for more details.
00014  *
00015  *   You should have received a copy of the GNU General Public License
00016  *   along with NOALYSS; if not, write to the Free Software
00017  *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
00018 */
00019 // Copyright Author Dany De Bontridder danydb@aevalys.eu
00020 
00021 
00022 /*! \file
00023  * \brief Set the security for an user
00024  */
00025 if ( ! defined ('ALLOWED') ) die('Appel direct ne sont pas permis');
00026 include_once ("ac_common.php");
00027 require_once("class_iselect.php");
00028 require_once('class_dossier.php');
00029 include_once ("class_user.php");
00030 require_once('class_database.php');
00031 require_once 'class_sort_table.php';
00032 
00033 $gDossier=dossier::id();
00034 $str_dossier=dossier::get();
00035 
00036 /* Admin. Dossier */
00037 $cn=new Database($gDossier);
00038 global $g_user;
00039 $g_user->Check();
00040 $g_user->check_dossier($gDossier);
00041 
00042 include_once ("user_menu.php");
00043 
00044 /////////////////////////////////////////////////////////////////////////
00045 // List users
00046 /////////////////////////////////////////////////////////////////////////
00047 if ( ! isset($_REQUEST['action']))
00048 {
00049         $base_url=$_SERVER['PHP_SELF']."?ac=".$_REQUEST['ac']."&".dossier::get();
00050 
00051     echo '<DIV class="content" >';
00052         $header=new Sort_Table();
00053         $header->add('Login',$base_url,"order by use_login asc","order by use_login desc",'la','ld');
00054         $header->add('Nom',$base_url,"order by use_name asc,use_first_name asc","order by use_name desc,use_first_name desc",'na','nd');
00055         $header->add('Type d\'utilisateur',$base_url,"order by use_admin asc,use_login asc","order by use_admin desc,use_login desc",'ta','td');
00056 
00057 
00058         $order=(isset($_REQUEST['ord']))?$_REQUEST['ord']:'la';
00059 
00060         $ord_sql=$header->get_sql_order($order);
00061 
00062 
00063         $repo=new Database();
00064         /*  Show all the users, included local admin */
00065         $user_sql = $repo->exec_sql("select use_id,
00066                                             use_first_name,
00067                                             use_name,
00068                                             use_login,
00069                                             use_admin,
00070                                             priv_priv
00071                                                 from ac_users natural join jnt_use_dos " .
00072                                                " join priv_user on (jnt_id=priv_jnt)
00073                                         where use_login != 'phpcompta' and priv_priv <> 'X' and use_active=1
00074                                         and dos_id=$1  " . $ord_sql, array($gDossier));
00075 
00076     $MaxUser = Database::num_row($user_sql);
00077 
00078 
00079     echo '<TABLE class="result" style="width:80%;margin-left:10%">';
00080         echo "<tr>";
00081         echo '<th>'.$header->get_header(0).'</th>';
00082         echo '<th>'.$header->get_header(1).'</th>';
00083         echo th('prénom');
00084         echo th('profil');
00085         echo '<th>'.$header->get_header(2).'</th>';
00086     for ($i = 0;$i < $MaxUser;$i++)
00087     {
00088                 echo '<tr>';
00089         $l_line=Database::fetch_array($user_sql,$i);
00090 
00091 
00092                 $str="";
00093         $str=($l_line['priv_priv'] == 'R')?'Utilisateur Normal':$str;
00094         if ( $l_line['use_admin'] == 1 )
00095             $str=' Administrateur global';
00096 
00097                 // get profile
00098                 $profile=$cn->get_value("select p_name from profile
00099                                 join profile_user using(p_id) where user_name=$1",array($l_line['use_login']));
00100 
00101                 $url=$base_url."&action=view&user_id=".$l_line['use_id'];
00102                 echo "<td>";
00103                 echo HtmlInput::anchor($l_line['use_login'], $url);
00104                 echo "</td>";
00105                 echo td($l_line['use_name']);
00106                 echo td($l_line['use_first_name']);
00107                 echo td($profile);
00108                 echo td($str);
00109 
00110                 echo "</TR>";
00111     }
00112     echo '</TABLE>';
00113 }
00114 $action="";
00115 
00116 if ( isset ($_GET["action"] ))
00117 {
00118     $action=$_GET["action"];
00119 
00120 }
00121 //----------------------------------------------------------------------
00122 // Action = save
00123 //----------------------------------------------------------------------
00124 if ( isset($_POST['ok']))
00125 {
00126         try
00127         {
00128         $cn->start();
00129     $sec_User=new User($cn,$_POST['user_id']);
00130 
00131         // save profile
00132         $sec_User->save_profile($_POST['profile']);
00133 
00134         /* Save first the ledger */
00135     $a=$cn->get_array('select jrn_def_id from jrn_def');
00136 
00137         foreach ($a as $key)
00138     {
00139         $id=$key['jrn_def_id'];
00140         $priv=sprintf("jrn_act%d",$id);
00141         $count=$cn->get_value('select count(*) from user_sec_jrn where uj_login=$1 '.
00142                                       ' and uj_jrn_id=$2',array($sec_User->login,$id));
00143         if ( $count == 0 )
00144         {
00145             $cn->exec_sql('insert into user_sec_jrn (uj_login,uj_jrn_id,uj_priv)'.
00146                                   ' values ($1,$2,$3)',
00147                                   array($sec_User->login,$id,$_POST[$priv]));
00148 
00149         }
00150         else
00151         {
00152             $cn->exec_sql('update user_sec_jrn set uj_priv=$1 where uj_login=$2 and uj_jrn_id=$3',
00153                                   array($_POST[$priv],$sec_User->login,$id));
00154         }
00155     }
00156     /* now save all the actions */
00157     $a=$cn->get_array('select ac_id from action');
00158 
00159     foreach ($a as $key)
00160     {
00161         $id=$key['ac_id'];
00162         $priv=sprintf("action%d",$id);
00163                 if ( ! isset ($_POST[$priv]))
00164                 {
00165                         $cn->exec_sql("delete from user_sec_act where ua_act_id=$1",array($id));
00166                         continue;
00167                 }
00168         $count=$cn->get_value('select count(*) from user_sec_act where ua_login=$1 '.
00169                                       ' and ua_act_id=$2',array($sec_User->login,$id));
00170         if ( $_POST[$priv] == 1 && $count == 0)
00171         {
00172             $cn->exec_sql('insert into user_sec_act (ua_login,ua_act_id)'.
00173                                   ' values ($1,$2)',
00174                                   array($sec_User->login,$id));
00175 
00176         }
00177         if ($_POST[$priv] == 0 )
00178         {
00179             $cn->exec_sql('delete from user_sec_act  where ua_login=$1 and ua_act_id=$2',
00180                                   array($sec_User->login,$id));
00181         }
00182          }
00183          $cn->commit();
00184         } // end try
00185         catch (Exception $e)
00186         {
00187                 echo_warning ($e->getTraceAsString());
00188                 $cn->rollback();
00189         }
00190 
00191 }
00192 
00193 
00194 
00195 
00196 //--------------------------------------------------------------------------------
00197 // Action == View detail for users
00198 //--------------------------------------------------------------------------------
00199 
00200 if ( $action == "view" )
00201 {
00202     $l_Db=sprintf("dossier%d",$gDossier);
00203     $return= HtmlInput::button_anchor('Retour à la liste','?&ac='.$_REQUEST['ac'].'&'.dossier::get(),'retour');
00204 
00205     $repo=new Database();
00206     $User=new User($repo,$_GET['user_id']);
00207     $admin=0;
00208     $access=$User->get_folder_access($gDossier);
00209 
00210     $str="Aucun accès";
00211 
00212         if ($access=='R')
00213     {
00214         $str=' Utilisateur normal';
00215     }
00216 
00217     if ( $User->admin==1 )
00218     {
00219         $str=' Administrateur';
00220         $admin=1;
00221     }
00222 
00223     echo '<h2>'.h($User->first_name).' '.h($User->name).' '.hi($User->login)."($str)</h2>";
00224 
00225 
00226     if ( $_GET['user_id'] == 1 )
00227     {
00228         echo '<h2 class="notice"> Cet utilisateur est administrateur, il a tous les droits</h2>';
00229                 echo "<p> Impossible de modifier cet utilisateur dans cet écran, il faut passer par
00230                         l'écran administration -> utilisateur.
00231                         </p>";
00232                 echo $return;
00233                 exit();
00234     }
00235     //
00236     // Check if the user can access that folder
00237     if ( $access == 'X' )
00238     {
00239         echo "<H2 class=\"error\">L'utilisateur n'a pas accès à ce dossier</H2>";
00240                         echo "<p> Impossible de modifier cet utilisateur dans cet écran, il faut passer par
00241                         l'écran administration -> utilisateur.
00242                         </p>";
00243                 echo $return;
00244         $action="";
00245         return;
00246     }
00247 
00248     //--------------------------------------------------------------------------------
00249     // Show access for journal
00250     //--------------------------------------------------------------------------------
00251 
00252     $Res=$cn->exec_sql("select jrn_def_id,jrn_def_name  from jrn_def ".
00253                                " order by jrn_def_name");
00254     $sec_User=new User($cn,$_GET['user_id']);
00255 
00256     echo '<form method="post">';
00257     $sHref=sprintf ('export.php?act=PDF:sec&user_id=%s&'.$str_dossier ,
00258                     $_GET ['user_id']
00259                    );
00260 
00261     echo dossier::hidden();
00262     echo HtmlInput::hidden('action','sec');
00263     echo HtmlInput::hidden('user_id',$_GET['user_id']);
00264         $i_profile=new ISelect ('profile');
00265         $i_profile->value=$cn->make_array("select p_id,p_name from profile
00266                         order by p_name");
00267 
00268         $i_profile->selected=$sec_User->get_profile();
00269 
00270         echo "<p>";
00271         echo _("Profil")." ".$i_profile->input();
00272         echo "</p>";
00273     echo '<Fieldset><legend>Journaux </legend>';
00274     echo '<table>';
00275     $MaxJrn=Database::num_row($Res);
00276     $jrn_priv=new ISelect();
00277     $array=array(
00278                array ('value'=>'R','label'=>'Uniquement lecture'),
00279                array ('value'=>'W','label'=>'Lecture et écriture'),
00280                array ('value'=>'X','label'=>'Aucun accès')
00281            );
00282 
00283     for ( $i =0 ; $i < $MaxJrn; $i++ )
00284     {
00285         /* set the widget */
00286         $l_line=Database::fetch_array($Res,$i);
00287 
00288         echo '<TR> ';
00289         if ( $i == 0 ) echo '<TD class="num"> <B> Journal </B> </TD>';
00290         else echo "<TD></TD>";
00291         echo "<TD class=\"num\"> $l_line[jrn_def_name] </TD>";
00292 
00293         $jrn_priv->name='jrn_act'.$l_line['jrn_def_id'];
00294         $jrn_priv->value=$array;
00295         if ($admin != 1)
00296             $jrn_priv->selected=$sec_User->get_ledger_access($l_line['jrn_def_id']);
00297         else
00298             $jrn_priv->selected='W';
00299 
00300 
00301         echo '<td>';
00302         echo $jrn_priv->input();
00303         echo '</td>';
00304         echo '</tr>';
00305     }
00306     echo '</table>';
00307     echo '</fieldset>';
00308 
00309     //**********************************************************************
00310     // Show Priv. for actions
00311     //**********************************************************************
00312     echo '<fieldset> <legend>Actions </legend>';
00313     include('template/security_list_action.php');
00314     echo '</fieldset>';
00315     echo HtmlInput::button('Imprime','imprime',"onclick=\"window.open('".$sHref."');\"");
00316     echo HtmlInput::submit('ok','Sauve');
00317     echo HtmlInput::reset('Annule');
00318         echo $return;
00319     echo '</form>';
00320 } // end of the form
00321 echo "</DIV>";
00322 html_page_stop();
00323 ?>
 All Data Structures Namespaces Files Functions Variables Enumerations