dolibarr  9.0.0
perms.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (C) 2002-2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
3  * Copyright (C) 2002-2003 Jean-Louis Bergamo <jlb@j1b.org>
4  * Copyright (C) 2004-2010 Laurent Destailleur <eldy@users.sourceforge.net>
5  * Copyright (C) 2004 Eric Seigne <eric.seigne@ryxeo.com>
6  * Copyright (C) 2005-2017 Regis Houssin <regis.houssin@inodbox.com>
7  *
8  * This program is free software; you can redistribute it and/or modify
9  * it under the terms of the GNU General Public License as published by
10  * the Free Software Foundation; either version 3 of the License, or
11  * (at your option) any later version.
12  *
13  * This program is distributed in the hope that it will be useful,
14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16  * GNU General Public License for more details.
17  *
18  * You should have received a copy of the GNU General Public License
19  * along with this program. If not, see <http://www.gnu.org/licenses/>.
20  */
21 
27 require '../../main.inc.php';
28 require_once DOL_DOCUMENT_ROOT.'/user/class/usergroup.class.php';
29 require_once DOL_DOCUMENT_ROOT.'/core/lib/usergroups.lib.php';
30 require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
31 
32 // Load translation files required by page
33 $langs->loadLangs(array('users', 'admin'));
34 
35 $id=GETPOST('id','int');
36 $action=GETPOST('action', 'alpha');
37 $confirm=GETPOST('confirm', 'alpha');
38 $module=GETPOST('module', 'alpha');
39 $rights=GETPOST('rights', 'int');
40 $contextpage= GETPOST('contextpage','aZ')?GETPOST('contextpage','aZ'):'groupperms'; // To manage different context of search
41 
42 // Defini si peux lire les permissions
43 $canreadperms=($user->admin || $user->rights->user->user->lire);
44 // Defini si peux modifier les permissions
45 $caneditperms=($user->admin || $user->rights->user->user->creer);
46 // Advanced permissions
47 $advancedpermsactive=false;
48 if (! empty($conf->global->MAIN_USE_ADVANCED_PERMS))
49 {
50  $advancedpermsactive=true;
51  $canreadperms=($user->admin || ($user->rights->user->group_advance->read && $user->rights->user->group_advance->readperms));
52  $caneditperms=($user->admin || $user->rights->user->group_advance->write);
53 }
54 
55 if (! $canreadperms) accessforbidden();
56 
57 $object = new Usergroup($db);
58 $object->fetch($id);
59 
60 $entity=$conf->entity;
61 
62 // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
63 $hookmanager->initHooks(array('groupperms','globalcard'));
64 
65 
70 $parameters=array();
71 $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks
72 if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'errors');
73 
74 if (empty($reshook))
75 {
76  if ($action == 'addrights' && $caneditperms)
77  {
78  $editgroup = new Usergroup($db);
79  $result=$editgroup->fetch($id);
80  if ($result > 0)
81  {
82  $editgroup->addrights($rights, $module, '', $entity);
83  }
84  }
85 
86  if ($action == 'delrights' && $caneditperms)
87  {
88  $editgroup = new Usergroup($db);
89  $result=$editgroup->fetch($id);
90  if ($result > 0)
91  {
92  $editgroup->delrights($rights, $module, '', $entity);
93  }
94  }
95 }
96 
97 
102 $form = new Form($db);
103 
104 llxHeader('',$langs->trans("Permissions"));
105 
106 if ($object->id > 0)
107 {
108  /*
109  * Affichage onglets
110  */
111  $object->getrights(); // Reload permission
112 
113  $head = group_prepare_head($object);
114  $title = $langs->trans("Group");
115  dol_fiche_head($head, 'rights', $title, -1, 'group');
116 
117  // Charge les modules soumis a permissions
118  $modules = array();
119  $modulesdir = dolGetModulesDirs();
120 
121  $db->begin();
122 
123  foreach ($modulesdir as $dir)
124  {
125  // Load modules attributes in arrays (name, numero, orders) from dir directory
126  //print $dir."\n<br>";
127  $handle=@opendir(dol_osencode($dir));
128  if (is_resource($handle))
129  {
130  while (($file = readdir($handle))!==false)
131  {
132  if (is_readable($dir.$file) && substr($file, 0, 3) == 'mod' && substr($file, dol_strlen($file) - 10) == '.class.php')
133  {
134  $modName = substr($file, 0, dol_strlen($file) - 10);
135 
136  if ($modName)
137  {
138  include_once $dir."/".$file;
139  $objMod = new $modName($db);
140  // Load all lang files of module
141  if (isset($objMod->langfiles) && is_array($objMod->langfiles))
142  {
143  foreach($objMod->langfiles as $domain)
144  {
145  $langs->load($domain);
146  }
147  }
148  // Load all permissions
149  if ($objMod->rights_class)
150  {
151  $ret=$objMod->insert_permissions(0, $entity);
152  $modules[$objMod->rights_class]=$objMod;
153  }
154  }
155  }
156  }
157  }
158  }
159 
160  $db->commit();
161 
162  // Lecture des droits groupes
163  $permsgroupbyentity = array();
164 
165  $sql = "SELECT DISTINCT r.id, r.libelle, r.module, gr.entity";
166  $sql.= " FROM ".MAIN_DB_PREFIX."rights_def as r,";
167  $sql.= " ".MAIN_DB_PREFIX."usergroup_rights as gr";
168  $sql.= " WHERE gr.fk_id = r.id";
169  $sql.= " AND gr.entity = ".$entity;
170  $sql.= " AND gr.fk_usergroup = ".$object->id;
171 
172  dol_syslog("get user perms", LOG_DEBUG);
173  $result=$db->query($sql);
174  if ($result)
175  {
176  $num = $db->num_rows($result);
177  $i = 0;
178  while ($i < $num)
179  {
180  $obj = $db->fetch_object($result);
181  if (! isset($permsgroupbyentity[$obj->entity]))
182  $permsgroupbyentity[$obj->entity] = array();
183  array_push($permsgroupbyentity[$obj->entity], $obj->id);
184  $i++;
185  }
186  $db->free($result);
187  }
188  else
189  {
190  dol_print_error($db);
191  }
192 
193  $linkback = '<a href="'.DOL_URL_ROOT.'/user/group/list.php?restore_lastsearch_values=1">'.$langs->trans("BackToList").'</a>';
194 
195  dol_banner_tab($object,'id',$linkback,$user->rights->user->user->lire || $user->admin);
196 
197  print '<div class="fichecenter">';
198  print '<div class="underbanner clearboth"></div>';
199 
200  /*
201  * Ecran ajout/suppression permission
202  */
203 
204  print '<table class="border" width="100%">';
205 
206  // Name (already in dol_banner, we keep it to have the GlobalGroup picto, but we should move it in dol_banner)
207  if (! empty($conf->mutlicompany->enabled))
208  {
209  print '<tr><td class="titlefield">'.$langs->trans("Name").'</td>';
210  print '<td colspan="2">'.$object->name.'';
211  if (! $object->entity)
212  {
213  print img_picto($langs->trans("GlobalGroup"),'redstar');
214  }
215  print "</td></tr>\n";
216  }
217 
218  // Note
219  print '<tr><td class="titlefield tdtop">'.$langs->trans("Description").'</td>';
220  print '<td class="valeur">'.dol_htmlentitiesbr($object->note).'</td>';
221  print "</tr>\n";
222 
223  print '</table><br>';
224 
225  if ($user->admin) print info_admin($langs->trans("WarningOnlyPermissionOfActivatedModules"));
226 
227  $parameters=array();
228  $reshook=$hookmanager->executeHooks('insertExtraHeader',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks
229  if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'errors');
230 
231  print '<table width="100%" class="noborder">';
232  print '<tr class="liste_titre">';
233  print '<td>'.$langs->trans("Module").'</td>';
234  if ($caneditperms)
235  {
236  print '<td align="center" class="nowrap">';
237  print '<a class="reposition" title="'.dol_escape_htmltag($langs->trans("All")).'" alt="'.dol_escape_htmltag($langs->trans("All")).'" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=addrights&amp;entity='.$entity.'&amp;module=allmodules">'.$langs->trans("All")."</a>";
238  print '/';
239  print '<a class="reposition" title="'.dol_escape_htmltag($langs->trans("None")).'" alt="'.dol_escape_htmltag($langs->trans("None")).'" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=delrights&amp;entity='.$entity.'&amp;module=allmodules">'.$langs->trans("None")."</a>";
240  print '</td>';
241  }
242  print '<td align="center" width="24">&nbsp;</td>';
243  print '<td>'.$langs->trans("Permissions").'</td>';
244  print '</tr>';
245 
246  $sql = "SELECT r.id, r.libelle, r.module";
247  $sql.= " FROM ".MAIN_DB_PREFIX."rights_def as r";
248  $sql.= " WHERE r.libelle NOT LIKE 'tou%'"; // On ignore droits "tous"
249  $sql.= " AND r.entity = " . $entity;
250  if (empty($conf->global->MAIN_USE_ADVANCED_PERMS)) $sql.= " AND r.perms NOT LIKE '%_advance'"; // Hide advanced perms if option is disable
251  $sql.= " ORDER BY r.module, r.id";
252 
253  $result=$db->query($sql);
254  if ($result)
255  {
256  $i = 0;
257  $oldmod = '';
258 
259  $num = $db->num_rows($result);
260 
261  while ($i < $num)
262  {
263  $obj = $db->fetch_object($result);
264 
265  // Si la ligne correspond a un module qui n'existe plus (absent de includes/module), on l'ignore
266  if (empty($modules[$obj->module]))
267  {
268  $i++;
269  continue;
270  }
271 
272  if ($oldmod <> $obj->module)
273  {
274  $oldmod = $obj->module;
275 
276  // Rupture detectee, on recupere objMod
277  $objMod = $modules[$obj->module];
278  $picto=($objMod->picto?$objMod->picto:'generic');
279 
280  print '<tr class="oddeven trforbreak">';
281  print '<td class="nowrap">'.img_object('', $picto, 'class="inline-block pictoobjectwidth"').' '.$objMod->getName();
282  print '<a name="'.$objMod->getName().'">&nbsp;</a></td>';
283  print '<td align="center" class="nowrap">';
284  if ($caneditperms)
285  {
286  print '<a title='.$langs->trans("All").' alt='.$langs->trans("All").' href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=addrights&amp;entity='.$entity.'&amp;module='.$obj->module.'#'.$objMod->getName().'">'.$langs->trans("All")."</a>";
287  print '/';
288  print '<a title='.$langs->trans("None").' alt='.$langs->trans("None").' href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=delrights&amp;entity='.$entity.'&amp;module='.$obj->module.'#'.$objMod->getName().'">'.$langs->trans("None")."</a>";
289  }
290  print '</td>';
291  print '<td colspan="2">&nbsp;</td>';
292  print '</tr>';
293  }
294 
295  print '<tr class="oddeven">';
296 
297  // Module
298  print '<td class="nowrap">'.img_object('', $picto, 'class="inline-block pictoobjectwidth"').' '.$objMod->getName().'</td>';
299 
300  if (is_array($permsgroupbyentity[$entity]))
301  {
302  if (in_array($obj->id, $permsgroupbyentity[$entity]))
303  {
304  // Own permission by group
305  if ($caneditperms)
306  {
307  print '<td align="center"><a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=delrights&amp;entity='.$entity.'&amp;rights='.$obj->id.'">'.img_edit_remove($langs->trans("Remove")).'</a></td>';
308  }
309  print '<td align="center">';
310  print img_picto($langs->trans("Active"),'tick');
311  print '</td>';
312  }
313  else
314  {
315  // Do not own permission
316  if ($caneditperms)
317  {
318  print '<td align="center"><a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=addrights&amp;entity='.$entity.'&amp;rights='.$obj->id.'">'.img_edit_add($langs->trans("Add")).'</a></td>';
319  }
320  print '<td>&nbsp</td>';
321  }
322  }
323  else
324  {
325  // Do not own permission
326  if ($caneditperms)
327  {
328  print '<td align="center"><a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=addrights&amp;entity='.$entity.'&amp;rights='.$obj->id.'">'.img_edit_add($langs->trans("Add")).'</a></td>';
329  }
330  print '<td>&nbsp</td>';
331  }
332 
333  $perm_libelle=($conf->global->MAIN_USE_ADVANCED_PERMS && ($langs->trans("PermissionAdvanced".$obj->id)!=("PermissionAdvanced".$obj->id))?$langs->trans("PermissionAdvanced".$obj->id):(($langs->trans("Permission".$obj->id)!=("Permission".$obj->id))?$langs->trans("Permission".$obj->id):$langs->trans($obj->libelle)));
334  print '<td>'.$perm_libelle. '</td>';
335 
336  print '</tr>';
337 
338  $i++;
339  }
340  }
341  print '</table>';
342 
343  print '</div>';
344 
345  $parameters=array();
346  $reshook=$hookmanager->executeHooks('insertExtraFooter',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks
347  if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'errors');
348 
349  dol_fiche_end();
350 }
351 
352 // End of page
353 llxFooter();
354 $db->close();
dol_osencode($str)
Return a string encoded into OS filesystem encoding.
llxFooter()
Empty footer.
Definition: wrapper.php:56
GETPOST($paramname, $check='none', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
print
Draft customers invoices.
Definition: index.php:91
setEventMessages($mesg, $mesgs, $style='mesgs')
Set event messages in dol_events session object.
dol_banner_tab($object, $paramid, $morehtml='', $shownav=1, $fieldid='rowid', $fieldref='ref', $morehtmlref='', $moreparam='', $nodbprefix=0, $morehtmlleft='', $morehtmlstatus='', $onlybanner=0, $morehtmlright='')
Show tab footer of a card.
dolGetModulesDirs($subdir='')
Return list of modules directories.
$parameters
Actions.
Definition: perms.php:70
if(empty($reshook)) $form
View.
Definition: perms.php:102
dol_print_error($db='', $error='', $errors=null)
Affiche message erreur system avec toutes les informations pour faciliter le diagnostic et la remonte...
dol_escape_htmltag($stringtoescape, $keepb=0, $keepn=0)
Returns text escaped for inclusion in HTML alt or title tags, or into values of HTML input fields...
accessforbidden($message='', $printheader=1, $printfooter=1, $showonlymessage=0)
Show a message to say access is forbidden and stop program Calling this function terminate execution ...
Class to manage generation of HTML components Only common components must be here.
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='')
Write log message into outputs.
info_admin($text, $infoonimgalt=0, $nodiv=0, $admin='1', $morecss='')
Show information for admin users or standard users.
dol_fiche_end($notab=0)
Show tab footer of a card.
llxHeader()
Empty header.
Definition: wrapper.php:44
group_prepare_head($object)
Prepare array with list of tabs.
img_edit_add($titlealt='default', $other='')
Show logo +.
img_picto($titlealt, $picto, $moreatt='', $pictoisfullpath=false, $srconly=0, $notitle=0, $alt='', $morecss='')
Show picto whatever it&#39;s its name (generic function)
dol_strlen($string, $stringencoding='UTF-8')
Make a strlen call.
dol_fiche_head($links=array(), $active='0', $title='', $notab=0, $picto='', $pictoisfullpath=0, $morehtmlright='', $morecss='')
Show tab header of a card.
img_edit_remove($titlealt='default', $other='')
Show logo -.