dolibarr 19.0.3
perms.php
Go to the documentation of this file.
1<?php
2/* Copyright (C) 2002-2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
3 * Copyright (C) 2002-2003 Jean-Louis Bergamo <jlb@j1b.org>
4 * Copyright (C) 2004-2020 Laurent Destailleur <eldy@users.sourceforge.net>
5 * Copyright (C) 2004 Eric Seigne <eric.seigne@ryxeo.com>
6 * Copyright (C) 2005-2017 Regis Houssin <regis.houssin@inodbox.com>
7 * Copyright (C) 2012 Juanjo Menent <jmenent@2byte.es>
8 * Copyright (C) 2020 Tobias Sekan <tobias.sekan@startmail.com>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 3 of the License, or
13 * (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License
21 * along with this program. If not, see <https://www.gnu.org/licenses/>.
22 */
23
29if (!defined('CSRFCHECK_WITH_TOKEN')) {
30 define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET
31}
32
33// Load Dolibarr environment
34require '../main.inc.php';
35require_once DOL_DOCUMENT_ROOT.'/core/lib/usergroups.lib.php';
36require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
37require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
38
39// Load translation files required by page
40$langs->loadLangs(array('users', 'admin'));
41
42$id = GETPOST('id', 'int');
43$action = GETPOST('action', 'aZ09');
44$confirm = GETPOST('confirm', 'alpha');
45$module = GETPOST('module', 'alpha');
46$rights = GETPOST('rights', 'int');
47$updatedmodulename = GETPOST('updatedmodulename', 'alpha');
48$contextpage = GETPOST('contextpage', 'aZ') ? GETPOST('contextpage', 'aZ') : 'userperms'; // To manage different context of search
49
50if (!isset($id) || empty($id)) {
52}
53
54// Define if user can read permissions
55$canreaduser = ($user->admin || $user->hasRight("user", "user", "read"));
56// Define if user can modify other users and permissions
57$caneditperms = ($user->admin || $user->hasRight("user", "user", "write"));
58// Advanced permissions
59if (getDolGlobalString('MAIN_USE_ADVANCED_PERMS')) {
60 $canreaduser = ($user->admin || ($user->hasRight("user", "user", "read") && $user->hasRight("user", "user_advance", "readperms")));
61 $caneditselfperms = ($user->id == $id && $user->hasRight("user", "self_advance", "writeperms"));
62 $caneditperms = (($caneditperms || $caneditselfperms) ? 1 : 0);
63}
64
65// Security check
66$socid = 0;
67if (isset($user->socid) && $user->socid > 0) {
68 $socid = $user->socid;
69}
70$feature2 = (($socid && $user->hasRight("user", "self", "write")) ? '' : 'user');
71// A user can always read its own card if not advanced perms enabled, or if he has advanced perms, except for admin
72if ($user->id == $id && (getDolGlobalString('MAIN_USE_ADVANCED_PERMS') && !$user->hasRight("user", "self_advance", "readperms") && empty($user->admin))) {
74}
75
76$result = restrictedArea($user, 'user', $id, 'user&user', $feature2);
77if ($user->id != $id && !$canreaduser) {
79}
80
81$object = new User($db);
82$object->fetch($id, '', '', 1);
83$object->getrights();
84
85$entity = $conf->entity;
86
87// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
88$hookmanager->initHooks(array('usercard', 'userperms', 'globalcard'));
89
90
91/*
92 * Actions
93 */
94
95$parameters = array('socid'=>$socid);
96$reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks
97if ($reshook < 0) {
98 setEventMessages($hookmanager->error, $hookmanager->errors, 'errors');
99}
100
101if (empty($reshook)) {
102 if ($action == 'addrights' && $caneditperms && $confirm == 'yes') {
103 $edituser = new User($db);
104 $edituser->fetch($object->id);
105 $result = $edituser->addrights($rights, $module, '', $entity);
106 if ($result < 0) {
107 setEventMessages($edituser->error, $edituser->errors, 'errors');
108 }
109
110 // If we are changing our own permissions, we reload permissions and menu
111 if ($object->id == $user->id) {
112 $user->clearrights();
113 $user->getrights();
114 $menumanager->loadMenu();
115 }
116
117 $object->clearrights();
118 $object->getrights();
119 }
120
121 if ($action == 'delrights' && $caneditperms && $confirm == 'yes') {
122 $edituser = new User($db);
123 $edituser->fetch($object->id);
124 $result = $edituser->delrights($rights, $module, '', $entity);
125 if ($result < 0) {
126 setEventMessages($edituser->error, $edituser->errors, 'errors');
127 }
128
129 // If we are changing our own permissions, we reload permissions and menu
130 if ($object->id == $user->id) {
131 $user->clearrights();
132 $user->getrights();
133 $menumanager->loadMenu();
134 }
135
136 $object->clearrights();
137 $object->getrights();
138 }
139}
140
141
142/*
143 * View
144 */
145
146$form = new Form($db);
147
148$person_name = !empty($object->firstname) ? $object->lastname.", ".$object->firstname : $object->lastname;
149$title = $person_name." - ".$langs->trans('Permissions');
150$help_url = '';
151llxHeader('', $title, $help_url);
152
153$head = user_prepare_head($object);
154
155$title = $langs->trans("User");
156print dol_get_fiche_head($head, 'rights', $title, -1, 'user');
157
158
159$db->begin();
160
161// Search all modules with permission and reload permissions def.
162$modules = array();
163$modulesdir = dolGetModulesDirs();
164
165foreach ($modulesdir as $dir) {
166 $handle = @opendir(dol_osencode($dir));
167 if (is_resource($handle)) {
168 while (($file = readdir($handle)) !== false) {
169 if (is_readable($dir.$file) && substr($file, 0, 3) == 'mod' && substr($file, dol_strlen($file) - 10) == '.class.php') {
170 $modName = substr($file, 0, dol_strlen($file) - 10);
171
172 if ($modName) {
173 include_once $dir.$file;
174 $objMod = new $modName($db);
175
176 // Load all lang files of module
177 if (isset($objMod->langfiles) && is_array($objMod->langfiles)) {
178 foreach ($objMod->langfiles as $domain) {
179 $langs->load($domain);
180 }
181 }
182 // Load all permissions
183 if ($objMod->rights_class) {
184 $ret = $objMod->insert_permissions(0, $entity);
185 $modules[$objMod->rights_class] = $objMod;
186 //print "modules[".$objMod->rights_class."]=$objMod;";
187 }
188 }
189 }
190 }
191 }
192}
193
194$db->commit();
195
196// Read permissions of edited user
197$permsuser = array();
198
199$sql = "SELECT DISTINCT ur.fk_id";
200$sql .= " FROM ".MAIN_DB_PREFIX."user_rights as ur";
201$sql .= " WHERE ur.entity = ".((int) $entity);
202$sql .= " AND ur.fk_user = ".((int) $object->id);
203
204dol_syslog("get user perms", LOG_DEBUG);
205$result = $db->query($sql);
206if ($result) {
207 $num = $db->num_rows($result);
208 $i = 0;
209 while ($i < $num) {
210 $obj = $db->fetch_object($result);
211 array_push($permsuser, $obj->fk_id);
212 $i++;
213 }
214 $db->free($result);
215} else {
216 dol_print_error($db);
217}
218
219// Read the permissions of a user inherited by its groups
220$permsgroupbyentity = array();
221
222$sql = "SELECT DISTINCT gr.fk_id, gu.entity"; // fk_id are permission id and entity is entity of the group
223$sql .= " FROM ".MAIN_DB_PREFIX."usergroup_rights as gr,";
224$sql .= " ".MAIN_DB_PREFIX."usergroup_user as gu"; // all groups of a user
225$sql .= " WHERE gr.entity = ".((int) $entity);
226$sql .= " AND gu.entity =".((int) $entity);
227$sql .= " AND gr.fk_usergroup = gu.fk_usergroup";
228$sql .= " AND gu.fk_user = ".((int) $object->id);
229
230dol_syslog("get user perms", LOG_DEBUG);
231$result = $db->query($sql);
232if ($result) {
233 $num = $db->num_rows($result);
234 $i = 0;
235 while ($i < $num) {
236 $obj = $db->fetch_object($result);
237 if (!isset($permsgroupbyentity[$obj->entity])) {
238 $permsgroupbyentity[$obj->entity] = array();
239 }
240 array_push($permsgroupbyentity[$obj->entity], $obj->fk_id);
241 $i++;
242 }
243 $db->free($result);
244} else {
245 dol_print_error($db);
246}
247
248
249
250/*
251 * Part to add/remove permissions
252 */
253
254$linkback = '';
255
256if ($user->hasRight("user", "user", "read") || $user->admin) {
257 $linkback = '<a href="'.DOL_URL_ROOT.'/user/list.php?restore_lastsearch_values=1">'.$langs->trans("BackToList").'</a>';
258}
259
260$morehtmlref = '<a href="'.DOL_URL_ROOT.'/user/vcard.php?id='.$object->id.'&output=file&file='.urlencode(dol_sanitizeFileName($object->getFullName($langs).'.vcf')).'" class="refid" rel="noopener">';
261$morehtmlref .= img_picto($langs->trans("Download").' '.$langs->trans("VCard"), 'vcard.png', 'class="valignmiddle marginleftonly paddingrightonly"');
262$morehtmlref .= '</a>';
263
264$urltovirtualcard = '/user/virtualcard.php?id='.((int) $object->id);
265$morehtmlref .= dolButtonToOpenUrlInDialogPopup('publicvirtualcard', $langs->transnoentitiesnoconv("PublicVirtualCardUrl").' - '.$object->getFullName($langs), img_picto($langs->trans("PublicVirtualCardUrl"), 'card', 'class="valignmiddle marginleftonly paddingrightonly"'), $urltovirtualcard, '', 'nohover');
266
267dol_banner_tab($object, 'id', $linkback, $user->hasRight("user", "user", "read") || $user->admin, 'rowid', 'ref', $morehtmlref);
268
269
270print '<div class="fichecenter">';
271
272print '<div class="underbanner clearboth"></div>';
273print '<table class="border centpercent tableforfield">';
274
275// Login
276print '<tr><td id="anchorforperms" class="titlefield">'.$langs->trans("Login").'</td>';
277if (!empty($object->ldap_sid) && $object->statut == 0) {
278 print '<td class="error">';
279 print $langs->trans("LoginAccountDisableInDolibarr");
280 print '</td>';
281} else {
282 print '<td>';
283 $addadmin = '';
284 if (property_exists($object, 'admin')) {
285 if (isModEnabled('multicompany') && !empty($object->admin) && empty($object->entity)) {
286 $addadmin .= img_picto($langs->trans("SuperAdministratorDesc"), "redstar", 'class="paddingleft"');
287 } elseif (!empty($object->admin)) {
288 $addadmin .= img_picto($langs->trans("AdministratorDesc"), "star", 'class="paddingleft"');
289 }
290 }
291 print showValueWithClipboardCPButton($object->login).$addadmin;
292 print '</td>';
293}
294print '</tr>'."\n";
295
296// Type
297print '<tr><td>';
298$text = $langs->trans("Type");
299print $form->textwithpicto($text, $langs->trans("InternalExternalDesc"));
300print '</td><td>';
301$type = $langs->trans("Internal");
302if ($object->socid > 0) {
303 $type = $langs->trans("External");
304}
305print '<span class="badgeneutral">';
306print $type;
307if ($object->ldap_sid) {
308 print ' ('.$langs->trans("DomainUser").')';
309}
310print '</span>';
311print '</td></tr>'."\n";
312
313print '</table>';
314
315print '</div>';
316print '<br>';
317
318if ($user->admin) {
319 print info_admin($langs->trans("WarningOnlyPermissionOfActivatedModules"));
320}
321// If edited user is an extern user, we show warning for external users
322if (!empty($object->socid)) {
323 print info_admin(showModulesExludedForExternal($modules))."\n";
324}
325
326$parameters = array('permsgroupbyentity'=>$permsgroupbyentity);
327$reshook = $hookmanager->executeHooks('insertExtraHeader', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks
328if ($reshook < 0) {
329 setEventMessages($hookmanager->error, $hookmanager->errors, 'errors');
330}
331
332$listofexpandedmodules = array();
333
334
335print "\n";
336print '<div class="div-table-responsive-no-min">';
337print '<table class="noborder centpercent">';
338
339print '<tr class="liste_titre">';
340print '<td>'.$langs->trans("Module").'</td>';
341if ($caneditperms) {
342 print '<td class="center nowrap">';
343 print '<a class="reposition commonlink addexpandedmodulesinparamlist" title="'.dol_escape_htmltag($langs->trans("All")).'" alt="'.dol_escape_htmltag($langs->trans("All")).'" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=addrights&token='.newToken().'&entity='.$entity.'&module=allmodules&confirm=yes">'.$langs->trans("All")."</a>";
344 print ' / ';
345 print '<a class="reposition commonlink addexpandedmodulesinparamlist" title="'.dol_escape_htmltag($langs->trans("None")).'" alt="'.dol_escape_htmltag($langs->trans("None")).'" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=delrights&token='.newToken().'&entity='.$entity.'&module=allmodules&confirm=yes">'.$langs->trans("None")."</a>";
346 print '</td>';
347} else {
348 print '<td></td>';
349}
350print '<td></td>';
351//print '<td></td>';
352print '<td class="right nowrap" colspan="2">';
353print '<a class="showallperms" title="'.dol_escape_htmltag($langs->trans("ShowAllPerms")).'" alt="'.dol_escape_htmltag($langs->trans("ShowAllPerms")).'" href="#">'.img_picto('', 'folder-open', 'class="paddingright"').'<span class="hideonsmartphone">'.$langs->trans("ExpandAll").'</span></a>';
354print ' | ';
355print '<a class="hideallperms" title="'.dol_escape_htmltag($langs->trans("HideAllPerms")).'" alt="'.dol_escape_htmltag($langs->trans("HideAllPerms")).'" href="#">'.img_picto('', 'folder', 'class="paddingright"').'<span class="hideonsmartphone">'.$langs->trans("UndoExpandAll").'</span></a>';
356print '</td>';
357print '</tr>'."\n";
358
359
360// Fix bad value for module_position in table
361// ------------------------------------------
362$sql = "SELECT r.id, r.libelle as label, r.module, r.perms, r.subperms, r.module_position, r.bydefault";
363$sql .= " FROM ".MAIN_DB_PREFIX."rights_def as r";
364$sql .= " WHERE r.libelle NOT LIKE 'tou%'"; // On ignore droits "tous"
365$sql .= " AND r.entity = ".((int) $entity);
366$sql .= " ORDER BY r.family_position, r.module_position, r.module, r.id";
367
368$result = $db->query($sql);
369if ($result) {
370 $num = $db->num_rows($result);
371 $i = 0;
372 $oldmod = '';
373
374 while ($i < $num) {
375 $obj = $db->fetch_object($result);
376
377 // If line is for a module that does not exist anymore (absent of includes/module), we ignore it
378 if (!isset($obj->module) || empty($modules[$obj->module])) {
379 $i++;
380 continue;
381 }
382
383 // Special cases
384 if (isModEnabled("reception")) {
385 // The 2 permissions in fournisseur modules are replaced by permissions into reception module
386 if ($obj->module == 'fournisseur' && $obj->perms == 'commande' && $obj->subperms == 'receptionner') {
387 $i++;
388 continue;
389 }
390 if ($obj->module == 'fournisseur' && $obj->perms == 'commande_advance' && $obj->subperms == 'check') {
391 $i++;
392 continue;
393 }
394 }
395
396 $objMod = $modules[$obj->module];
397
398 // Save field module_position in database if value is wrong
399 if (empty($obj->module_position) || (is_object($objMod) && $objMod->isCoreOrExternalModule() == 'external' && $obj->module_position < 100000)) {
400 if (is_object($modules[$obj->module]) && ($modules[$obj->module]->module_position > 0)) {
401 // TODO Define familyposition
402 //$familyposition = $modules[$obj->module]->family_position;
403 $familyposition = 0;
404
405 $newmoduleposition = $modules[$obj->module]->module_position;
406
407 // Correct $newmoduleposition position for external modules
408 $objMod = $modules[$obj->module];
409 if (is_object($objMod) && $objMod->isCoreOrExternalModule() == 'external' && $newmoduleposition < 100000) {
410 $newmoduleposition += 100000;
411 }
412
413 $sqlupdate = 'UPDATE '.MAIN_DB_PREFIX."rights_def SET module_position = ".((int) $newmoduleposition).",";
414 $sqlupdate .= " family_position = ".((int) $familyposition);
415 $sqlupdate .= " WHERE module_position = ".((int) $obj->module_position)." AND module = '".$db->escape($obj->module)."'";
416
417 $db->query($sqlupdate);
418 }
419 }
420 }
421}
422
423
424
425//print "xx".$conf->global->MAIN_USE_ADVANCED_PERMS;
426$sql = "SELECT r.id, r.libelle as label, r.module, r.perms, r.subperms, r.module_position, r.bydefault";
427$sql .= " FROM ".MAIN_DB_PREFIX."rights_def as r";
428$sql .= " WHERE r.libelle NOT LIKE 'tou%'"; // On ignore droits "tous"
429$sql .= " AND r.entity = ".((int) $entity);
430if (!getDolGlobalString('MAIN_USE_ADVANCED_PERMS')) {
431 $sql .= " AND r.perms NOT LIKE '%_advance'"; // Hide advanced perms if option is not enabled
432}
433$sql .= " ORDER BY r.family_position, r.module_position, r.module, r.id";
434
435$result = $db->query($sql);
436if ($result) {
437 $num = $db->num_rows($result);
438 $i = 0;
439 $j = 0;
440 $oldmod = '';
441
442 $cookietohidegroup = (empty($_COOKIE["DOLUSER_PERMS_HIDE_GRP"]) ? '' : preg_replace('/^,/', '', $_COOKIE["DOLUSER_PERMS_HIDE_GRP"]));
443 $cookietohidegrouparray = explode(',', $cookietohidegroup);
444 //var_dump($cookietohidegrouparray);
445
446 while ($i < $num) {
447 $obj = $db->fetch_object($result);
448
449 // If line is for a module that does not exist anymore (absent of includes/module), we ignore it
450 if (empty($modules[$obj->module])) {
451 $i++;
452 continue;
453 }
454
455 // Special cases
456 if (isModEnabled("reception")) {
457 // The 2 permission in fournisseur modules has been replaced by permissions into reception module
458 if ($obj->module == 'fournisseur' && $obj->perms == 'commande' && $obj->subperms == 'receptionner') {
459 $i++;
460 continue;
461 }
462 if ($obj->module == 'fournisseur' && $obj->perms == 'commande_advance' && $obj->subperms == 'check') {
463 $i++;
464 continue;
465 }
466 }
467
468 $objMod = $modules[$obj->module];
469
470 // Save field module_position in database if value is wrong
471 /*
472 if (empty($obj->module_position) || (is_object($objMod) && $objMod->isCoreOrExternalModule() == 'external' && $obj->module_position < 100000)) {
473 if (is_object($modules[$obj->module]) && ($modules[$obj->module]->module_position > 0)) {
474 // TODO Define familyposition
475 //$familyposition = $modules[$obj->module]->family_position;
476 $familyposition = 0;
477
478 $newmoduleposition = $modules[$obj->module]->module_position;
479
480 // Correct $newmoduleposition position for external modules
481 $objMod = $modules[$obj->module];
482 if (is_object($objMod) && $objMod->isCoreOrExternalModule() == 'external' && $newmoduleposition < 100000) {
483 $newmoduleposition += 100000;
484 }
485
486 $sqlupdate = 'UPDATE '.MAIN_DB_PREFIX."rights_def SET module_position = ".((int) $newmoduleposition).",";
487 $sqlupdate .= " family_position = ".((int) $familyposition);
488 $sqlupdate .= " WHERE module_position = ".((int) $obj->module_position)." AND module = '".$db->escape($obj->module)."'";
489
490 $db->query($sqlupdate);
491 }
492 }
493 */
494
495 if (GETPOSTISSET('forbreakperms_'.$obj->module)) {
496 $ishidden = GETPOST('forbreakperms_'.$obj->module, 'int');
497 } elseif (in_array($j, $cookietohidegrouparray)) { // If j is among list of hidden group
498 $ishidden = 1;
499 } else {
500 $ishidden = 0;
501 }
502 $isexpanded = ! $ishidden;
503 //var_dump("isexpanded=".$isexpanded);
504
505 $permsgroupbyentitypluszero = array();
506 if (!empty($permsgroupbyentity[0])) {
507 $permsgroupbyentitypluszero = array_merge($permsgroupbyentitypluszero, $permsgroupbyentity[0]);
508 }
509 if (!empty($permsgroupbyentity[$entity])) {
510 $permsgroupbyentitypluszero = array_merge($permsgroupbyentitypluszero, $permsgroupbyentity[$entity]);
511 }
512 //var_dump($permsgroupbyentitypluszero);
513
514 // Break found, it's a new module to catch
515 if (isset($obj->module) && ($oldmod != $obj->module)) {
516 $oldmod = $obj->module;
517
518 $j++;
519 if (GETPOSTISSET('forbreakperms_'.$obj->module)) {
520 $ishidden = GETPOST('forbreakperms_'.$obj->module, 'int');
521 } elseif (in_array($j, $cookietohidegrouparray)) { // If j is among list of hidden group
522 $ishidden = 1;
523 } else {
524 $ishidden = 0;
525 }
526 $isexpanded = ! $ishidden;
527 //var_dump('$obj->module='.$obj->module.' isexpanded='.$isexpanded);
528
529 // Break detected, we get objMod
530 $objMod = $modules[$obj->module];
531 $picto = ($objMod->picto ? $objMod->picto : 'generic');
532
533 // Show break line
534 print '<tr class="oddeven trforbreakperms" data-hide-perms="'.$obj->module.'" data-j="'.$j.'">';
535 // Picto and label of module
536 print '<td class="maxwidthonsmartphone tdoverflowmax150 tdforbreakperms" data-hide-perms="'.dol_escape_htmltag($obj->module).'" title="'.dol_escape_htmltag($objMod->getName()).'">';
537 print '<input type="hidden" name="forbreakperms_'.$obj->module.'" id="idforbreakperms_'.$obj->module.'" css="cssforfieldishiden" data-j="'.$j.'" value="'.($isexpanded ? '0' : "1").'">';
538 print img_object('', $picto, 'class="pictoobjectwidth paddingright"').' '.$objMod->getName();
539 print '<a name="'.$objMod->getName().'"></a>';
540 print '</td>';
541 // Permission and tick (2 columns)
542 if (($caneditperms && empty($objMod->rights_admin_allowed)) || empty($object->admin)) {
543 if ($caneditperms) {
544 print '<td class="center wraponsmartphone">';
545 print '<span class="permtohide_'.$obj->module.'" '.(!$isexpanded ? ' style="display:none"' : '').'>';
546 print '<a class="reposition alink addexpandedmodulesinparamlist" title="'.dol_escape_htmltag($langs->trans("All")).'" alt="'.dol_escape_htmltag($langs->trans("All")).'" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=addrights&token='.newToken().'&entity='.$entity.'&module='.$obj->module.'&confirm=yes&updatedmodulename='.$obj->module.'">'.$langs->trans("All")."</a>";
547 print ' / ';
548 print '<a class="reposition alink addexpandedmodulesinparamlist" title="'.dol_escape_htmltag($langs->trans("None")).'" alt="'.dol_escape_htmltag($langs->trans("None")).'" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=delrights&token='.newToken().'&entity='.$entity.'&module='.$obj->module.'&confirm=yes&updatedmodulename='.$obj->module.'">'.$langs->trans("None")."</a>";
549 print '</span>';
550 print '</td>';
551 print '<td class="tdforbreakperms" data-hide-perms="'.dol_escape_htmltag($obj->module).'">';
552 print '</td>';
553 } else {
554 print '<td class="tdforbreakperms" data-hide-perms="'.dol_escape_htmltag($obj->module).'">&nbsp;</td>';
555 print '<td class="tdforbreakperms" data-hide-perms="'.dol_escape_htmltag($obj->module).'">&nbsp;</td>';
556 }
557 } else {
558 if ($caneditperms) {
559 print '<td class="center wraponsmartphone">';
560 /*print '<a class="reposition alink" title="'.dol_escape_htmltag($langs->trans("All")).'" alt="'.dol_escape_htmltag($langs->trans("All")).'" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=addrights&token='.newToken().'&entity='.$entity.'&module='.$obj->module.'&confirm=yes&updatedmodulename='.$obj->module.'">'.$langs->trans("All")."</a>";
561 print ' / ';
562 print '<a class="reposition alink" title="'.dol_escape_htmltag($langs->trans("None")).'" alt="'.dol_escape_htmltag($langs->trans("None")).'" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=delrights&token='.newToken().'&entity='.$entity.'&module='.$obj->module.'&confirm=yes&updatedmodulename='.$obj->module.'">'.$langs->trans("None")."</a>";
563 */
564 print '</td>';
565 print '<td class="tdforbreakperms" data-hide-perms="'.dol_escape_htmltag($obj->module).'">';
566 print '</td>';
567 } else {
568 print '<td class="right tdforbreakperms" data-hide-perms="'.dol_escape_htmltag($obj->module).'"></td>';
569 print '<td class="tdforbreakperms" data-hide-perms="'.dol_escape_htmltag($obj->module).'">&nbsp;</td>';
570 }
571 }
572 // Description of permission (2 columns)
573 print '<td class="tdforbreakperms" data-hide-perms="'.dol_escape_htmltag($obj->module).'">&nbsp;</td>';
574 print '<td class="maxwidthonsmartphone right tdforbreakperms" data-hide-perms="'.dol_escape_htmltag($obj->module).'">';
575 print '<div class="switchfolderperms folderperms_'.$obj->module.'"'.($isexpanded ? ' style="display:none;"' : '').'>';
576 print img_picto('', 'folder', 'class="marginright"');
577 print '</div>';
578 print '<div class="switchfolderperms folderopenperms_'.$obj->module.'"'.(!$isexpanded ? ' style="display:none;"' : '').'>';
579 print img_picto('', 'folder-open', 'class="marginright"');
580 print '</div>';
581 print '</td>'; //Add picto + / - when open en closed
582 print '</tr>'."\n";
583 }
584
585 print '<!-- '.$obj->module.'->'.$obj->perms.($obj->subperms ? '->'.$obj->subperms : '').' -->'."\n";
586 print '<tr class="oddeven trtohide_'.$obj->module.'"'.(!$isexpanded ? ' style="display:none"' : '').'>';
587
588 // Picto and label of module
589 print '<td class="maxwidthonsmartphone tdoverflowonsmartphone">';
590 print '</td>';
591
592 // Permission and tick (2 columns)
593 if (!empty($object->admin) && !empty($objMod->rights_admin_allowed)) { // Permission granted because admin
594 print '<!-- perm is a perm allowed to any admin -->';
595 if ($caneditperms) {
596 print '<td class="center">'.img_picto($langs->trans("AdministratorDesc"), 'star').'</td>';
597 } else {
598 print '<td class="center nowrap">';
599 print img_picto($langs->trans("Active"), 'switch_on', '', false, 0, 0, '', 'opacitymedium');
600 print '</td>';
601 }
602 print '<td>';
603 print '</td>';
604 } elseif (in_array($obj->id, $permsuser)) { // Permission granted by user
605 print '<!-- user has perm -->';
606 if ($caneditperms) {
607 print '<td class="center">';
608 print '<a class="reposition addexpandedmodulesinparamlist" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=delrights&token='.newToken().'&entity='.$entity.'&rights='.$obj->id.'&confirm=yes&updatedmodulename='.$obj->module.'">';
609 //print img_edit_remove($langs->trans("Remove"));
610 print img_picto($langs->trans("Remove"), 'switch_on');
611 print '</a></td>';
612 } else {
613 print '<td class="center nowrap">';
614 print img_picto($langs->trans("Active"), 'switch_on', '', false, 0, 0, '', 'opacitymedium');
615 print '</td>';
616 }
617 print '<td>';
618 print '</td>';
619 } elseif (isset($permsgroupbyentitypluszero) && is_array($permsgroupbyentitypluszero)) {
620 print '<!-- permsgroupbyentitypluszero -->';
621 if (in_array($obj->id, $permsgroupbyentitypluszero)) { // Permission granted by group
622 print '<td class="center nowrap">';
623 print img_picto($langs->trans("Active"), 'switch_on', '', false, 0, 0, '', 'opacitymedium');
624 //print img_picto($langs->trans("Active"), 'tick');
625 print '</td>';
626 print '<td>';
627 print $form->textwithtooltip($langs->trans("Inherited"), $langs->trans("PermissionInheritedFromAGroup"));
628 print '</td>';
629 } else {
630 // Do not own permission
631 if ($caneditperms) {
632 print '<td class="center nowrap">';
633 print '<a class="reposition addexpandedmodulesinparamlist" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=addrights&entity='.$entity.'&rights='.$obj->id.'&confirm=yes&token='.newToken().'&updatedmodulename='.$obj->module.'">';
634 //print img_edit_add($langs->trans("Add"));
635 print img_picto($langs->trans("Add"), 'switch_off');
636 print '</a></td>';
637 } else {
638 print '<td class="center nowrap">';
639 print img_picto($langs->trans("Disabled"), 'switch_off', '', false, 0, 0, '', 'opacitymedium');
640 print '</td>';
641 }
642 print '<td>';
643 print '</td>';
644 }
645 } else {
646 // Do not own permission
647 print '<!-- do not own permission -->';
648 if ($caneditperms) {
649 print '<td class="center">';
650 print '<a class="reposition addexpandedmodulesinparamlist" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=addrights&entity='.$entity.'&rights='.$obj->id.'&confirm=yes&token='.newToken().'&updatedmodulename='.$obj->module.'">';
651 //print img_edit_add($langs->trans("Add"));
652 print img_picto($langs->trans("Add"), 'switch_off');
653 print '</a></td>';
654 } else {
655 print '<td>';
656 print img_picto($langs->trans("Disabled"), 'switch_off', '', false, 0, 0, '', 'opacitymedium');
657 print '</td>';
658 }
659 print '<td class="center">';
660 print '</td>';
661 }
662
663 // Description of permission (2 columns)
664 $permlabel = (getDolGlobalString('MAIN_USE_ADVANCED_PERMS') && ($langs->trans("PermissionAdvanced".$obj->id) != "PermissionAdvanced".$obj->id) ? $langs->trans("PermissionAdvanced".$obj->id) : (($langs->trans("Permission".$obj->id) != "Permission".$obj->id) ? $langs->trans("Permission".$obj->id) : $langs->trans($obj->label)));
665 if (!$user->admin) {
666 print '<td colspan="2">';
667 } else {
668 print '<td>';
669 }
670 print $permlabel;
671 if (getDolGlobalString('MAIN_USE_ADVANCED_PERMS')) {
672 if (preg_match('/_advance$/', $obj->perms)) {
673 print ' <span class="opacitymedium">('.$langs->trans("AdvancedModeOnly").')</span>';
674 }
675 }
676 // Special warning case for the permission "Allow to modify other users password"
677 if ($obj->module == 'user' && $obj->perms == 'user' && $obj->subperms == 'password') {
678 if ((!empty($object->admin) && !empty($objMod->rights_admin_allowed)) ||
679 in_array($obj->id, $permsuser) /* if edited user owns this permissions */ ||
680 (isset($permsgroupbyentitypluszero) && is_array($permsgroupbyentitypluszero) && in_array($obj->id, $permsgroupbyentitypluszero))) {
681 print ' '.img_warning($langs->trans("AllowPasswordResetBySendingANewPassByEmail"));
682 }
683 }
684 // Special warning case for the permission "Create/modify other users, groups and permissions"
685 if ($obj->module == 'user' && $obj->perms == 'user' && ($obj->subperms == 'creer' || $obj->subperms == 'create')) {
686 if ((!empty($object->admin) && !empty($objMod->rights_admin_allowed)) ||
687 in_array($obj->id, $permsuser) /* if edited user owns this permissions */ ||
688 (isset($permsgroupbyentitypluszero) && is_array($permsgroupbyentitypluszero) && in_array($obj->id, $permsgroupbyentitypluszero))) {
689 print ' '.img_warning($langs->trans("AllowAnyPrivileges"));
690 }
691 }
692 print '</td>';
693
694 // Permission id
695 if ($user->admin) {
696 print '<td class="right">';
697 $htmltext = $langs->trans("ID").': '.$obj->id;
698 $htmltext .= '<br>'.$langs->trans("Permission").': user->rights->'.$obj->module.'->'.$obj->perms.($obj->subperms ? '->'.$obj->subperms : '');
699 print $form->textwithpicto('', $htmltext);
700 //print '<span class="opacitymedium">'.$obj->id.'</span>';
701 print '</td>';
702 }
703
704 print '</tr>'."\n";
705
706 $i++;
707 }
708} else {
709 dol_print_error($db);
710}
711print '</table>';
712print '</div>';
713
714print '<script>';
715print '$(".tdforbreakperms:not(.alink)").on("click", function(){
716 console.log("Click on tdforbreakperms");
717 moduletohide = $(this).data("hide-perms");
718 j = $(this).data("j");
719 if ($("#idforbreakperms_"+moduletohide).val() == 1) {
720 console.log("idforbreakperms_"+moduletohide+" has value hidden=1");
721 $(".trtohide_"+moduletohide).show();
722 $(".permtoshow_"+moduletohide).hide();
723 $(".permtohide_"+moduletohide).show();
724 $(".folderperms_"+moduletohide).hide();
725 $(".folderopenperms_"+moduletohide).show();
726 $("#idforbreakperms_"+moduletohide).val("0");
727 } else {
728 console.log("idforbreakperms_"+moduletohide+" has value hidden=0");
729 $(".trtohide_"+moduletohide).hide();
730 $(".folderopenperms_"+moduletohide).hide();
731 $(".folderperms_"+moduletohide).show();
732 $(".permtoshow_"+moduletohide).show();
733 $(".permtohide_"+moduletohide).hide();
734 $("#idforbreakperms_"+moduletohide).val("1");
735 }
736
737 // Now rebuild the value for cookie
738 var hideuserperm="";
739 $(".trforbreakperms").each(function(index) {
740 //console.log( index + ": " + $( this ).data("j") + " " + $( this ).data("hide-perms") + " " + $("input[data-j="+(index+1)+"]").val());
741 if ($("input[data-j="+(index+1)+"]").val() == 1) {
742 hideuserperm=hideuserperm+","+(index+1);
743 }
744 });
745 // set cookie by js
746 date = new Date(); date.setTime(date.getTime()+(30*86400000));
747 if (hideuserperm) {
748 console.log("set cookie DOLUSER_PERMS_HIDE_GRP="+hideuserperm);
749 document.cookie = "DOLUSER_PERMS_HIDE_GRP=" + hideuserperm + "; expires=" + date.toGMTString() + "; path=/ ";
750 } else {
751 console.log("delete cookie DOLUSER_PERMS_HIDE_GRP");
752 document.cookie = "DOLUSER_PERMS_HIDE_GRP=; expires=Thu, 01-Jan-70 00:00:01 GMT; path=/ ";
753 }
754});';
755print "\n";
756
757// Button expand / collapse all
758print '$(".showallperms").on("click", function(){
759 console.log("Click on showallperms");
760
761 console.log("delete cookie DOLUSER_PERMS_HIDE_GRP from showallperms click");
762 document.cookie = "DOLUSER_PERMS_HIDE_GRP=; expires=Thu, 01-Jan-70 00:00:01 GMT; path=/ ";
763 $(".tdforbreakperms").each( function(){
764 moduletohide = $(this).data("hide-perms");
765 //console.log(moduletohide);
766 if ($("#idforbreakperms_"+moduletohide).val() != 0) {
767 $(this).trigger("click"); // emulate the click, so the cooki will be resaved
768 }
769 })
770});
771
772$(".hideallperms").on("click", function(){
773 console.log("Click on hideallperms");
774
775 $(".tdforbreakperms").each( function(){
776 moduletohide = $(this).data("hide-perms");
777 //console.log(moduletohide);
778 if ($("#idforbreakperms_"+moduletohide).val() != 1) {
779 $(this).trigger("click"); // emulate the click, so the cooki will be resaved
780 }
781 })
782});';
783print "\n";
784print '</script>';
785
786print '<style>';
787print '.switchfolderperms{
788 cursor: pointer;
789}';
790print '</style>';
791
792$parameters = array();
793$reshook = $hookmanager->executeHooks('insertExtraFooter', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks
794if ($reshook < 0) {
795 setEventMessages($hookmanager->error, $hookmanager->errors, 'errors');
796}
797
798
799print dol_get_fiche_end();
800
801// End of page
802llxFooter();
803$db->close();
showModulesExludedForExternal($modules)
Show array with constants to edit.
if(!defined('NOREQUIRESOC')) if(!defined( 'NOREQUIRETRAN')) if(!defined('NOTOKENRENEWAL')) if(!defined( 'NOREQUIREMENU')) if(!defined('NOREQUIREHTML')) if(!defined( 'NOREQUIREAJAX')) llxHeader()
Empty header.
Definition wrapper.php:55
llxFooter()
Empty footer.
Definition wrapper.php:69
Class to manage generation of HTML components Only common components must be here.
Class to manage Dolibarr users.
dolGetModulesDirs($subdir='')
Return list of modules directories.
dol_banner_tab($object, $paramid, $morehtml='', $shownav=1, $fieldid='rowid', $fieldref='ref', $morehtmlref='', $moreparam='', $nodbprefix=0, $morehtmlleft='', $morehtmlstatus='', $onlybanner=0, $morehtmlright='')
Show tab footer of a card.
showValueWithClipboardCPButton($valuetocopy, $showonlyonhover=1, $texttoshow='')
Create a button to copy $valuetocopy in the clipboard (for copy and paste feature).
dol_get_fiche_head($links=array(), $active='', $title='', $notab=0, $picto='', $pictoisfullpath=0, $morehtmlright='', $morecss='', $limittoshow=0, $moretabssuffix='', $dragdropfile=0)
Show tabs of a record.
dol_osencode($str)
Return a string encoded into OS filesystem encoding.
dol_print_error($db='', $error='', $errors=null)
Displays error message system with all the information to facilitate the diagnosis and the escalation...
dolButtonToOpenUrlInDialogPopup($name, $label, $buttonstring, $url, $disabled='', $morecss='classlink button bordertransp', $jsonopen='', $backtopagejsfields='', $accesskey='')
Return HTML code to output a button to open a dialog popup box.
img_object($titlealt, $picto, $moreatt='', $pictoisfullpath=false, $srconly=0, $notitle=0)
Show a picto called object_picto (generic function)
dol_get_fiche_end($notab=0)
Return tab footer of a card.
dol_strlen($string, $stringencoding='UTF-8')
Make a strlen call.
img_picto($titlealt, $picto, $moreatt='', $pictoisfullpath=false, $srconly=0, $notitle=0, $alt='', $morecss='', $marginleftonlyshort=2)
Show picto whatever it's its name (generic function)
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
info_admin($text, $infoonimgalt=0, $nodiv=0, $admin='1', $morecss='hideonsmartphone', $textfordropdown='')
Show information for admin users or standard users.
setEventMessages($mesg, $mesgs, $style='mesgs', $messagekey='', $noduplicate=0)
Set event messages in dol_events session object.
dol_sanitizeFileName($str, $newstr='_', $unaccent=1)
Clean a string to use it as a file name.
getDolGlobalString($key, $default='')
Return dolibarr global constant string value.
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
dol_escape_htmltag($stringtoescape, $keepb=0, $keepn=0, $noescapetags='', $escapeonlyhtmltags=0, $cleanalsojavascript=0)
Returns text escaped for inclusion in HTML alt or title or value tags, or into values of HTML input f...
restrictedArea(User $user, $features, $object=0, $tableandshare='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid', $isdraft=0, $mode=0)
Check permissions of a user to show a page and an object.
accessforbidden($message='', $printheader=1, $printfooter=1, $showonlymessage=0, $params=null)
Show a message to say access is forbidden and stop program.
user_prepare_head(User $object)
Prepare array with list of tabs.