dolibarr  7.0.0-beta
perms.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (C) 2002-2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
3  * Copyright (C) 2002-2003 Jean-Louis Bergamo <jlb@j1b.org>
4  * Copyright (C) 2004-2010 Laurent Destailleur <eldy@users.sourceforge.net>
5  * Copyright (C) 2004 Eric Seigne <eric.seigne@ryxeo.com>
6  * Copyright (C) 2005-2017 Regis Houssin <regis.houssin@capnetworks.com>
7  *
8  * This program is free software; you can redistribute it and/or modify
9  * it under the terms of the GNU General Public License as published by
10  * the Free Software Foundation; either version 3 of the License, or
11  * (at your option) any later version.
12  *
13  * This program is distributed in the hope that it will be useful,
14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16  * GNU General Public License for more details.
17  *
18  * You should have received a copy of the GNU General Public License
19  * along with this program. If not, see <http://www.gnu.org/licenses/>.
20  */
21 
27 require '../../main.inc.php';
28 require_once DOL_DOCUMENT_ROOT.'/user/class/usergroup.class.php';
29 require_once DOL_DOCUMENT_ROOT.'/core/lib/usergroups.lib.php';
30 require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
31 
32 $langs->load("users");
33 $langs->load("admin");
34 
35 $id=GETPOST('id','int');
36 $action=GETPOST('action', 'alpha');
37 $confirm=GETPOST('confirm', 'alpha');
38 $module=GETPOST('module', 'alpha');
39 $rights=GETPOST('rights', 'int');
40 
41 
42 // Defini si peux lire les permissions
43 $canreadperms=($user->admin || $user->rights->user->user->lire);
44 // Defini si peux modifier les permissions
45 $caneditperms=($user->admin || $user->rights->user->user->creer);
46 // Advanced permissions
47 $advancedpermsactive=false;
48 if (! empty($conf->global->MAIN_USE_ADVANCED_PERMS))
49 {
50  $advancedpermsactive=true;
51  $canreadperms=($user->admin || ($user->rights->user->group_advance->read && $user->rights->user->group_advance->readperms));
52  $caneditperms=($user->admin || $user->rights->user->group_advance->write);
53 }
54 
55 if (! $canreadperms) accessforbidden();
56 
57 $object = new Usergroup($db);
58 $object->fetch($id);
59 
60 $entity=$conf->entity;
61 
62 // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
63 $contextpage=array('groupcard','globalcard');
64 $hookmanager->initHooks($contextpage);
65 
66 
71 $parameters=array();
72 $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks
73 if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'errors');
74 
75 if (empty($reshook))
76 {
77  if ($action == 'addrights' && $caneditperms)
78  {
79  $editgroup = new Usergroup($db);
80  $result=$editgroup->fetch($id);
81  if ($result > 0)
82  {
83  $editgroup->addrights($rights, $module, '', $entity);
84  }
85  }
86 
87  if ($action == 'delrights' && $caneditperms)
88  {
89  $editgroup = new Usergroup($db);
90  $result=$editgroup->fetch($id);
91  if ($result > 0)
92  {
93  $editgroup->delrights($rights, $module, '', $entity);
94  }
95  }
96 }
97 
98 
103 $form = new Form($db);
104 
105 llxHeader('',$langs->trans("Permissions"));
106 
107 if ($object->id > 0)
108 {
109  /*
110  * Affichage onglets
111  */
112  $object->getrights(); // Reload permission
113 
114  $head = group_prepare_head($object);
115  $title = $langs->trans("Group");
116  dol_fiche_head($head, 'rights', $title, -1, 'group');
117 
118  // Charge les modules soumis a permissions
119  $modules = array();
120  $modulesdir = dolGetModulesDirs();
121 
122  $db->begin();
123 
124  foreach ($modulesdir as $dir)
125  {
126  // Load modules attributes in arrays (name, numero, orders) from dir directory
127  //print $dir."\n<br>";
128  $handle=@opendir(dol_osencode($dir));
129  if (is_resource($handle))
130  {
131  while (($file = readdir($handle))!==false)
132  {
133  if (is_readable($dir.$file) && substr($file, 0, 3) == 'mod' && substr($file, dol_strlen($file) - 10) == '.class.php')
134  {
135  $modName = substr($file, 0, dol_strlen($file) - 10);
136 
137  if ($modName)
138  {
139  include_once $dir."/".$file;
140  $objMod = new $modName($db);
141  // Load all lang files of module
142  if (isset($objMod->langfiles) && is_array($objMod->langfiles))
143  {
144  foreach($objMod->langfiles as $domain)
145  {
146  $langs->load($domain);
147  }
148  }
149  // Load all permissions
150  if ($objMod->rights_class)
151  {
152  $ret=$objMod->insert_permissions(0, $entity);
153  $modules[$objMod->rights_class]=$objMod;
154  }
155  }
156  }
157  }
158  }
159  }
160 
161  $db->commit();
162 
163  // Lecture des droits groupes
164  $permsgroupbyentity = array();
165 
166  $sql = "SELECT DISTINCT r.id, r.libelle, r.module, gr.entity";
167  $sql.= " FROM ".MAIN_DB_PREFIX."rights_def as r,";
168  $sql.= " ".MAIN_DB_PREFIX."usergroup_rights as gr";
169  $sql.= " WHERE gr.fk_id = r.id";
170  $sql.= " AND gr.entity = ".$entity;
171  $sql.= " AND gr.fk_usergroup = ".$object->id;
172 
173  dol_syslog("get user perms", LOG_DEBUG);
174  $result=$db->query($sql);
175  if ($result)
176  {
177  $num = $db->num_rows($result);
178  $i = 0;
179  while ($i < $num)
180  {
181  $obj = $db->fetch_object($result);
182  if (! isset($permsgroupbyentity[$obj->entity]))
183  $permsgroupbyentity[$obj->entity] = array();
184  array_push($permsgroupbyentity[$obj->entity], $obj->id);
185  $i++;
186  }
187  $db->free($result);
188  }
189  else
190  {
191  dol_print_error($db);
192  }
193 
194 
195  dol_banner_tab($object,'id','',$user->rights->user->user->lire || $user->admin);
196 
197  print '<div class="fichecenter">';
198  print '<div class="underbanner clearboth"></div>';
199 
200  /*
201  * Ecran ajout/suppression permission
202  */
203 
204  print '<table class="border" width="100%">';
205 
206  // Name (already in dol_banner, we keep it to have the GlobalGroup picto, but we should move it in dol_banner)
207  if (! empty($conf->mutlicompany->enabled))
208  {
209  print '<tr><td class="titlefield">'.$langs->trans("Name").'</td>';
210  print '<td colspan="2">'.$object->name.'';
211  if (! $object->entity)
212  {
213  print img_picto($langs->trans("GlobalGroup"),'redstar');
214  }
215  print "</td></tr>\n";
216  }
217 
218  // Note
219  print '<tr><td class="titlefield tdtop">'.$langs->trans("Description").'</td>';
220  print '<td class="valeur">'.dol_htmlentitiesbr($object->note).'</td>';
221  print "</tr>\n";
222 
223  print '</table><br>';
224 
225  if ($user->admin) print info_admin($langs->trans("WarningOnlyPermissionOfActivatedModules"));
226 
227  $parameters=array();
228  $reshook=$hookmanager->executeHooks('insertExtraHeader',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks
229  if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'errors');
230 
231  print '<table width="100%" class="noborder">';
232  print '<tr class="liste_titre">';
233  print '<td>'.$langs->trans("Module").'</td>';
234  if ($caneditperms) print '<td width="24">&nbsp</td>';
235  print '<td align="center" width="24">&nbsp;</td>';
236  print '<td>'.$langs->trans("Permissions").'</td>';
237  print '</tr>';
238 
239  $sql = "SELECT r.id, r.libelle, r.module";
240  $sql.= " FROM ".MAIN_DB_PREFIX."rights_def as r";
241  $sql.= " WHERE r.libelle NOT LIKE 'tou%'"; // On ignore droits "tous"
242  $sql.= " AND r.entity = " . $entity;
243  if (empty($conf->global->MAIN_USE_ADVANCED_PERMS)) $sql.= " AND r.perms NOT LIKE '%_advance'"; // Hide advanced perms if option is disable
244  $sql.= " ORDER BY r.module, r.id";
245 
246  $result=$db->query($sql);
247  if ($result)
248  {
249  $i = 0;
250  $oldmod = '';
251 
252  $num = $db->num_rows($result);
253 
254  while ($i < $num)
255  {
256  $obj = $db->fetch_object($result);
257 
258  // Si la ligne correspond a un module qui n'existe plus (absent de includes/module), on l'ignore
259  if (empty($modules[$obj->module]))
260  {
261  $i++;
262  continue;
263  }
264 
265  if ($oldmod <> $obj->module)
266  {
267  $oldmod = $obj->module;
268 
269  // Rupture detectee, on recupere objMod
270  $objMod = $modules[$obj->module];
271  $picto=($objMod->picto?$objMod->picto:'generic');
272 
273  print '<tr class="oddeven trforbreak">';
274  print '<td class="nowrap">'.img_object('', $picto, 'class="inline-block pictoobjectwidth"').' '.$objMod->getName();
275  print '<a name="'.$objMod->getName().'">&nbsp;</a></td>';
276  print '<td align="center" class="nowrap">';
277  if ($caneditperms)
278  {
279  print '<a title='.$langs->trans("All").' alt='.$langs->trans("All").' href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=addrights&amp;entity='.$entity.'&amp;module='.$obj->module.'#'.$objMod->getName().'">'.$langs->trans("All")."</a>";
280  print '/';
281  print '<a title='.$langs->trans("None").' alt='.$langs->trans("None").' href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=delrights&amp;entity='.$entity.'&amp;module='.$obj->module.'#'.$objMod->getName().'">'.$langs->trans("None")."</a>";
282  }
283  print '</td>';
284  print '<td colspan="2">&nbsp;</td>';
285  print '</tr>';
286  }
287 
288  print '<tr class="oddeven">';
289 
290  // Module
291  print '<td class="nowrap">'.img_object('', $picto, 'class="inline-block pictoobjectwidth"').' '.$objMod->getName().'</td>';
292 
293  if (is_array($permsgroupbyentity[$entity]))
294  {
295  if (in_array($obj->id, $permsgroupbyentity[$entity]))
296  {
297  // Own permission by group
298  if ($caneditperms)
299  {
300  print '<td align="center"><a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=delrights&amp;entity='.$entity.'&amp;rights='.$obj->id.'">'.img_edit_remove($langs->trans("Remove")).'</a></td>';
301  }
302  print '<td align="center">';
303  print img_picto($langs->trans("Active"),'tick');
304  print '</td>';
305  }
306  else
307  {
308  // Do not own permission
309  if ($caneditperms)
310  {
311  print '<td align="center"><a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=addrights&amp;entity='.$entity.'&amp;rights='.$obj->id.'">'.img_edit_add($langs->trans("Add")).'</a></td>';
312  }
313  print '<td>&nbsp</td>';
314  }
315  }
316  else
317  {
318  // Do not own permission
319  if ($caneditperms)
320  {
321  print '<td align="center"><a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=addrights&amp;entity='.$entity.'&amp;rights='.$obj->id.'">'.img_edit_add($langs->trans("Add")).'</a></td>';
322  }
323  print '<td>&nbsp</td>';
324  }
325 
326  $perm_libelle=($conf->global->MAIN_USE_ADVANCED_PERMS && ($langs->trans("PermissionAdvanced".$obj->id)!=("PermissionAdvanced".$obj->id))?$langs->trans("PermissionAdvanced".$obj->id):(($langs->trans("Permission".$obj->id)!=("Permission".$obj->id))?$langs->trans("Permission".$obj->id):$langs->trans($obj->libelle)));
327  print '<td>'.$perm_libelle. '</td>';
328 
329  print '</tr>';
330 
331  $i++;
332  }
333  }
334  print '</table>';
335 
336  print '</div>';
337 
338  $parameters=array();
339  $reshook=$hookmanager->executeHooks('insertExtraFooter',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks
340  if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'errors');
341 
342  dol_fiche_end();
343 }
344 
345 llxFooter();
346 $db->close();
dol_osencode($str)
Return a string encoded into OS filesystem encoding.
llxFooter()
Empty footer.
Definition: wrapper.php:58
img_picto($titlealt, $picto, $moreatt= '', $pictoisfullpath=false, $srconly=0, $notitle=0, $alt='', $morecss='')
Show picto whatever it's its name (generic function)
setEventMessages($mesg, $mesgs, $style='mesgs')
Set event messages in dol_events session object.
dol_fiche_head($links=array(), $active='0', $title='', $notab=0, $picto='', $pictoisfullpath=0, $morehtmlright='')
Show tab header of a card.
dol_banner_tab($object, $paramid, $morehtml='', $shownav=1, $fieldid='rowid', $fieldref='ref', $morehtmlref='', $moreparam='', $nodbprefix=0, $morehtmlleft='', $morehtmlstatus='', $onlybanner=0, $morehtmlright='')
Show tab footer of a card.
dolGetModulesDirs($subdir='')
Return list of modules directories.
$parameters
Actions.
Definition: perms.php:71
dol_print_error($db='', $error='', $errors=null)
Affiche message erreur system avec toutes les informations pour faciliter le diagnostic et la remonte...
if(empty($reshook)) $form
View.
Definition: perms.php:103
GETPOST($paramname, $check='none', $method=0, $filter=NULL, $options=NULL, $noreplace=0)
Return value of a param into GET or POST supervariable.
accessforbidden($message='', $printheader=1, $printfooter=1, $showonlymessage=0)
Show a message to say access is forbidden and stop program Calling this function terminate execution ...
Class to manage generation of HTML components Only common components must be here.
info_admin($text, $infoonimgalt=0, $nodiv=0, $admin='1')
Show information for admin users or standard users.
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='')
Write log message into outputs.
if($_POST["cancel"]==$langs->trans("Cancel")&&!$id) if($action== 'setdatev'&&$user->rights->tax->charges->creer) if($action== 'add'&&$_POST["cancel"]<> $langs->trans("Cancel")) if($action== 'delete') $title
Actions.
Definition: card.php:183
dol_fiche_end($notab=0)
Show tab footer of a card.
llxHeader()
Empty header.
Definition: wrapper.php:46
group_prepare_head($object)
Prepare array with list of tabs.
img_edit_add($titlealt= 'default', $other= '')
Show logo +.
print
Draft customers invoices.
Definition: index.php:91
dol_strlen($string, $stringencoding='UTF-8')
Make a strlen call.
img_edit_remove($titlealt= 'default', $other='')
Show logo -.