29 if (!defined(
'CSRFCHECK_WITH_TOKEN')) {
30 define(
'CSRFCHECK_WITH_TOKEN',
'1');
33 require
'../main.inc.php';
34 require_once DOL_DOCUMENT_ROOT.
'/core/lib/usergroups.lib.php';
35 require_once DOL_DOCUMENT_ROOT.
'/core/lib/functions2.lib.php';
36 require_once DOL_DOCUMENT_ROOT.
'/core/lib/admin.lib.php';
39 $langs->loadLangs(array(
'users',
'admin'));
42 $action =
GETPOST(
'action',
'aZ09');
43 $confirm =
GETPOST(
'confirm',
'alpha');
44 $module =
GETPOST(
'module',
'alpha');
45 $rights =
GETPOST(
'rights',
'int');
46 $contextpage =
GETPOST(
'contextpage',
'aZ') ?
GETPOST(
'contextpage',
'aZ') :
'userperms';
48 if (!isset($id) || empty($id)) {
53 $canreaduser = ($user->admin || $user->rights->user->user->lire);
55 $caneditperms = ($user->admin || $user->rights->user->user->creer);
57 if (!empty($conf->global->MAIN_USE_ADVANCED_PERMS)) {
58 $canreaduser = ($user->admin || ($user->rights->user->user->lire && $user->rights->user->user_advance->readperms));
59 $caneditselfperms = ($user->id == $id && $user->rights->user->self_advance->writeperms);
60 $caneditperms = (($caneditperms || $caneditselfperms) ? 1 : 0);
65 if (isset($user->socid) && $user->socid > 0) {
66 $socid = $user->socid;
68 $feature2 = (($socid && $user->rights->user->self->creer) ?
'' :
'user');
70 if ($user->id == $id && (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && empty($user->rights->user->self_advance->readperms) && empty($user->admin))) {
74 $result =
restrictedArea($user,
'user', $id,
'user&user', $feature2);
75 if ($user->id <> $id && !$canreaduser) {
79 $object =
new User($db);
80 $object->fetch($id,
'',
'', 1);
83 $entity = $conf->entity;
86 $hookmanager->initHooks(array(
'usercard',
'userperms',
'globalcard'));
94 $reshook = $hookmanager->executeHooks(
'doActions',
$parameters, $object, $action);
99 if (empty($reshook)) {
100 if ($action ==
'addrights' && $caneditperms && $confirm ==
'yes') {
101 $edituser =
new User($db);
102 $edituser->fetch($object->id);
103 $result = $edituser->addrights($rights, $module,
'', $entity);
109 if ($object->id == $user->id) {
110 $user->clearrights();
112 $menumanager->loadMenu();
115 $object->clearrights();
116 $object->getrights();
119 if ($action ==
'delrights' && $caneditperms && $confirm ==
'yes') {
120 $edituser =
new User($db);
121 $edituser->fetch($object->id);
122 $result = $edituser->delrights($rights, $module,
'', $entity);
128 if ($object->id == $user->id) {
129 $user->clearrights();
131 $menumanager->loadMenu();
134 $object->clearrights();
135 $object->getrights();
146 llxHeader(
'', $langs->trans(
"Permissions"));
150 $title = $langs->trans(
"User");
160 foreach ($modulesdir as $dir) {
162 if (is_resource($handle)) {
163 while (($file = readdir($handle)) !==
false) {
164 if (is_readable($dir.$file) && substr($file, 0, 3) ==
'mod' && substr($file,
dol_strlen($file) - 10) ==
'.class.php') {
165 $modName = substr($file, 0,
dol_strlen($file) - 10);
168 include_once $dir.$file;
169 $objMod =
new $modName($db);
172 if (isset($objMod->langfiles) && is_array($objMod->langfiles)) {
173 foreach ($objMod->langfiles as $domain) {
174 $langs->load($domain);
178 if ($objMod->rights_class) {
179 $ret = $objMod->insert_permissions(0, $entity);
180 $modules[$objMod->rights_class] = $objMod;
192 $permsuser = array();
194 $sql =
"SELECT DISTINCT ur.fk_id";
195 $sql .=
" FROM ".MAIN_DB_PREFIX.
"user_rights as ur";
196 $sql .=
" WHERE ur.entity = ".((int) $entity);
197 $sql .=
" AND ur.fk_user = ".((int) $object->id);
200 $result = $db->query($sql);
202 $num = $db->num_rows($result);
205 $obj = $db->fetch_object($result);
206 array_push($permsuser, $obj->fk_id);
215 $permsgroupbyentity = array();
217 $sql =
"SELECT DISTINCT gr.fk_id, gu.entity";
218 $sql .=
" FROM ".MAIN_DB_PREFIX.
"usergroup_rights as gr,";
219 $sql .=
" ".MAIN_DB_PREFIX.
"usergroup_user as gu";
220 $sql .=
" WHERE gr.entity = ".((int) $entity);
221 $sql .=
" AND gr.fk_usergroup = gu.fk_usergroup";
222 $sql .=
" AND gu.fk_user = ".((int) $object->id);
225 $result = $db->query($sql);
227 $num = $db->num_rows($result);
230 $obj = $db->fetch_object($result);
231 if (!isset($permsgroupbyentity[$obj->entity])) {
232 $permsgroupbyentity[$obj->entity] = array();
234 array_push($permsgroupbyentity[$obj->entity], $obj->fk_id);
249 if ($user->rights->user->user->lire || $user->admin) {
250 $linkback =
'<a href="'.DOL_URL_ROOT.
'/user/list.php?restore_lastsearch_values=1">'.$langs->trans(
"BackToList").
'</a>';
253 $morehtmlref =
'<a href="'.DOL_URL_ROOT.
'/user/vcard.php?id='.$object->id.
'" class="refid">';
254 $morehtmlref .=
img_picto($langs->trans(
"Download").
' '.$langs->trans(
"VCard"),
'vcard.png',
'class="valignmiddle marginleftonly paddingrightonly"');
255 $morehtmlref .=
'</a>';
257 dol_banner_tab($object,
'id', $linkback, $user->rights->user->user->lire || $user->admin,
'rowid',
'ref', $morehtmlref);
260 print
'<div class="fichecenter">';
262 print
'<div class="underbanner clearboth"></div>';
263 print
'<table class="border centpercent tableforfield">';
266 print
'<tr><td class="titlefield">'.$langs->trans(
"Login").
'</td>';
267 if (!empty($object->ldap_sid) && $object->statut == 0) {
268 print
'<td class="error">';
269 print $langs->trans(
"LoginAccountDisableInDolibarr");
274 if (property_exists($object,
'admin')) {
275 if (!empty($conf->multicompany->enabled) && !empty($object->admin) && empty($object->entity)) {
276 $addadmin .=
img_picto($langs->trans(
"SuperAdministratorDesc"),
"redstar",
'class="paddingleft"');
277 } elseif (!empty($object->admin)) {
278 $addadmin .=
img_picto($langs->trans(
"AdministratorDesc"),
"star",
'class="paddingleft"');
292 print
info_admin($langs->trans(
"WarningOnlyPermissionOfActivatedModules"));
295 if (! empty($object->socid)) {
299 $parameters = array(
'permsgroupbyentity'=>$permsgroupbyentity);
300 $reshook = $hookmanager->executeHooks(
'insertExtraHeader',
$parameters, $object, $action);
307 print
'<div class="div-table-responsive-no-min">';
308 print
'<table class="noborder centpercent">';
310 print
'<tr class="liste_titre">';
311 print
'<td>'.$langs->trans(
"Module").
'</td>';
313 print
'<td class="center nowrap">';
314 print
'<a class="reposition commonlink" title="'.dol_escape_htmltag($langs->trans(
"All")).
'" alt="'.
dol_escape_htmltag($langs->trans(
"All")).
'" href="'.$_SERVER[
"PHP_SELF"].
'?id='.$object->id.
'&action=addrights&token='.
newToken().
'&entity='.$entity.
'&module=allmodules&confirm=yes">'.$langs->trans(
"All").
"</a>";
316 print
'<a class="reposition commonlink" title="'.dol_escape_htmltag($langs->trans(
"None")).
'" alt="'.
dol_escape_htmltag($langs->trans(
"None")).
'" href="'.$_SERVER[
"PHP_SELF"].
'?id='.$object->id.
'&action=delrights&token='.
newToken().
'&entity='.$entity.
'&module=allmodules&confirm=yes">'.$langs->trans(
"None").
"</a>";
319 print
'<td class="center" width="24"> </td>';
320 print
'<td>'.$langs->trans(
"Permissions").
'</td>';
322 print
'<td class="right"></td>';
329 $sql =
"SELECT r.id, r.libelle as label, r.module, r.perms, r.subperms, r.module_position, r.bydefault";
330 $sql .=
" FROM ".MAIN_DB_PREFIX.
"rights_def as r";
331 $sql .=
" WHERE r.libelle NOT LIKE 'tou%'";
332 $sql .=
" AND r.entity = ".((int) $entity);
333 $sql .=
" ORDER BY r.family_position, r.module_position, r.module, r.id";
335 $result = $db->query($sql);
337 $num = $db->num_rows($result);
342 $obj = $db->fetch_object($result);
345 if (!isset($obj->module) || empty($modules[$obj->module])) {
351 if (!empty($conf->reception->enabled)) {
353 if ($obj->module ==
'fournisseur' && $obj->perms ==
'commande' && $obj->subperms ==
'receptionner') {
357 if ($obj->module ==
'fournisseur' && $obj->perms ==
'commande_advance' && $obj->subperms ==
'check') {
363 $objMod = $modules[$obj->module];
366 if (empty($obj->module_position) || (is_object($objMod) && $objMod->isCoreOrExternalModule() ==
'external' && $obj->module_position < 100000)) {
367 if (is_object($modules[$obj->module]) && ($modules[$obj->module]->module_position > 0)) {
372 $newmoduleposition = $modules[$obj->module]->module_position;
375 $objMod = $modules[$obj->module];
376 if (is_object($objMod) && $objMod->isCoreOrExternalModule() ==
'external' && $newmoduleposition < 100000) {
377 $newmoduleposition += 100000;
380 $sqlupdate =
'UPDATE '.MAIN_DB_PREFIX.
"rights_def SET module_position = ".((int) $newmoduleposition).
",";
381 $sqlupdate .=
" family_position = ".((int) $familyposition);
382 $sqlupdate .=
" WHERE module_position = ".((int) $obj->module_position).
" AND module = '".$db->escape($obj->module).
"'";
384 $db->query($sqlupdate);
393 $sql =
"SELECT r.id, r.libelle as label, r.module, r.perms, r.subperms, r.module_position, r.bydefault";
394 $sql .=
" FROM ".MAIN_DB_PREFIX.
"rights_def as r";
395 $sql .=
" WHERE r.libelle NOT LIKE 'tou%'";
396 $sql .=
" AND r.entity = ".((int) $entity);
397 if (empty($conf->global->MAIN_USE_ADVANCED_PERMS)) {
398 $sql .=
" AND r.perms NOT LIKE '%_advance'";
400 $sql .=
" ORDER BY r.family_position, r.module_position, r.module, r.id";
402 $result = $db->query($sql);
404 $num = $db->num_rows($result);
409 $obj = $db->fetch_object($result);
412 if (empty($modules[$obj->module])) {
418 if (!empty($conf->reception->enabled)) {
420 if ($obj->module ==
'fournisseur' && $obj->perms ==
'commande' && $obj->subperms ==
'receptionner') {
424 if ($obj->module ==
'fournisseur' && $obj->perms ==
'commande_advance' && $obj->subperms ==
'check') {
430 $objMod = $modules[$obj->module];
458 if (isset($obj->module) && ($oldmod <> $obj->module)) {
459 $oldmod = $obj->module;
462 $objMod = $modules[$obj->module];
463 $picto = ($objMod->picto ? $objMod->picto :
'generic');
466 print
'<tr class="oddeven trforbreak">';
467 print
'<td class="maxwidthonsmartphone tdoverflowonsmartphone">';
468 print
img_object(
'', $picto,
'class="pictoobjectwidth paddingright"').
' '.$objMod->getName();
469 print
'<a name="'.$objMod->getName().
'"></a>';
471 if (($caneditperms && empty($objMod->rights_admin_allowed)) || empty($object->admin)) {
473 print
'<td class="center nowrap">';
474 print
'<a class="reposition" title="'.dol_escape_htmltag($langs->trans(
"All")).
'" alt="'.
dol_escape_htmltag($langs->trans(
"All")).
'" href="'.$_SERVER[
"PHP_SELF"].
'?id='.$object->id.
'&action=addrights&token='.
newToken().
'&entity='.$entity.
'&module='.$obj->module.
'&confirm=yes">'.$langs->trans(
"All").
"</a>";
476 print
'<a class="reposition" title="'.dol_escape_htmltag($langs->trans(
"None")).
'" alt="'.
dol_escape_htmltag($langs->trans(
"None")).
'" href="'.$_SERVER[
"PHP_SELF"].
'?id='.$object->id.
'&action=delrights&token='.
newToken().
'&entity='.$entity.
'&module='.$obj->module.
'&confirm=yes">'.$langs->trans(
"None").
"</a>";
479 print
'<td> </td>';
482 print
'<td> </td>';
484 print
'<td> </td>';
486 print
'<td> </td>';
490 print
'<td class="right"></td>';
496 print
'<!-- '.$obj->module.
'->'.$obj->perms.($obj->subperms ?
'->'.$obj->subperms :
'').
' -->'.
"\n";
497 print
'<tr class="oddeven">';
500 print
'<td class="maxwidthonsmartphone tdoverflowonsmartphone">';
505 if (!empty($object->admin) && !empty($objMod->rights_admin_allowed)) {
507 print
'<td class="center">'.img_picto($langs->trans(
"Administrator"),
'star').
'</td>';
509 print
'<td class="center nowrap">';
510 print
img_picto($langs->trans(
"Active"),
'tick');
512 } elseif (in_array($obj->id, $permsuser)) {
514 print
'<td class="center"><a class="reposition" href="'.$_SERVER[
"PHP_SELF"].
'?id='.$object->id.
'&action=delrights&token='.
newToken().
'&entity='.$entity.
'&rights='.$obj->id.
'&confirm=yes">';
516 print
img_picto($langs->trans(
"Remove"),
'switch_on');
519 print
'<td class="center nowrap">';
520 print
img_picto($langs->trans(
"Active"),
'tick');
522 } elseif (isset($permsgroupbyentity[$entity]) && is_array($permsgroupbyentity[$entity])) {
523 if (in_array($obj->id, $permsgroupbyentity[$entity])) {
525 print
'<td class="center">';
526 print
$form->textwithtooltip($langs->trans(
"Inherited"), $langs->trans(
"PermissionInheritedFromAGroup"));
529 print
'<td class="center nowrap">';
530 print
img_picto($langs->trans(
"Active"),
'tick');
535 print
'<td class="center"><a class="reposition" href="'.$_SERVER[
"PHP_SELF"].
'?id='.$object->id.
'&action=addrights&entity='.$entity.
'&rights='.$obj->id.
'&confirm=yes&token='.
newToken().
'">';
537 print
img_picto($langs->trans(
"Add"),
'switch_off');
540 print
'<td> </td>';
545 print
'<td class="center"><a class="reposition" href="'.$_SERVER[
"PHP_SELF"].
'?id='.$object->id.
'&action=addrights&entity='.$entity.
'&rights='.$obj->id.
'&confirm=yes&token='.
newToken().
'">';
547 print
img_picto($langs->trans(
"Add"),
'switch_off');
550 print
'<td> </td>';
554 $permlabel = (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && ($langs->trans(
"PermissionAdvanced".$obj->id) != (
"PermissionAdvanced".$obj->id)) ? $langs->trans(
"PermissionAdvanced".$obj->id) : (($langs->trans(
"Permission".$obj->id) != (
"Permission".$obj->id)) ? $langs->trans(
"Permission".$obj->id) : $langs->trans($obj->label)));
557 if (!empty($conf->global->MAIN_USE_ADVANCED_PERMS)) {
558 if (preg_match(
'/_advance$/', $obj->perms)) {
559 print
' <span class="opacitymedium">('.$langs->trans(
"AdvancedModeOnly").
')</span>';
566 print
'<td class="right">';
567 $htmltext = $langs->trans(
"ID").
': '.$obj->id;
568 $htmltext .=
'<br>'.$langs->trans(
"Permission").
': user->rights->'.$obj->module.
'->'.$obj->perms.($obj->subperms ?
'->'.$obj->subperms :
'');
569 print
$form->textwithpicto(
'', $htmltext);
585 $reshook = $hookmanager->executeHooks(
'insertExtraFooter',
$parameters, $object, $action);