noalyss Version-9
ajax_user_security.php
Go to the documentation of this file.
1<?php
2
3/*
4 * This file is part of NOALYSS.
5 *
6 * PhpCompta is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * NOALYSS is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with PhpCompta; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 */
20// Copyright (2016) Author Dany De Bontridder <dany@alchimerys.be>
21
22if (!defined('ALLOWED'))
23 die('Appel direct ne sont pas permis');
24
25
26
27/**
28 * @file
29 * @brief Manage the security of a ledger , from CFGSEC module
30 *
31 */
32 global $g_user;
33if ( $g_user->check_module("CFGSEC") == 0)
34 throw new Exception(_("Non autorisé"));
35
36$n_dossier_id=Dossier::id();
37//-----------------------------------------------------------------------------
38// Manage the user's access to ledgers
39//-----------------------------------------------------------------------------
40if ($op=="ledger_access")
41{
42 $input=$http->request("input");
43 $action=$http->request("ieaction", "string", "display");
44 $user_id=$http->post("user_id", "number");
45 $jrn_def_id=$http->post("jrn_def_id", "number");
46 if ($action=="display")
47 {
48 $ie_input=Inplace_Edit::build($input);
49 $ie_input->set_callback("ajax_misc.php");
50 $ie_input->add_json_param("jrn_def_id", $jrn_def_id);
51 $ie_input->add_json_param("op", "ledger_access");
52 $ie_input->add_json_param("gDossier", $n_dossier_id);
53 $ie_input->add_json_param("user_id", $user_id);
54 echo $ie_input->ajax_input();
55 return;
56 }
57 if ($action=="ok")
58 {
59 $value=$http->post("value");
60 $ie_input=Inplace_Edit::build($input);
61 $ie_input->set_callback("ajax_misc.php");
62 $ie_input->add_json_param("jrn_def_id", $jrn_def_id);
63 $ie_input->add_json_param("op", "ledger_access");
64 $ie_input->add_json_param("gDossier", $n_dossier_id);
65 $ie_input->add_json_param("user_id", $user_id);
66 $ie_input->set_value($value);
67 $sec_User=new Noalyss_User($cn, $user_id);
68 $count=$cn->get_value('select count(*) from user_sec_jrn where uj_login=$1 '.
69 ' and uj_jrn_id=$2', array($sec_User->login, $jrn_def_id));
70 if ($count==0)
71 {
72 $cn->exec_sql('insert into user_sec_jrn (uj_login,uj_jrn_id,uj_priv)'.
73 ' values ($1,$2,$3)',
74 array($sec_User->login, $jrn_def_id, $value));
75 }
76 else
77 {
78 $cn->exec_sql('update user_sec_jrn set uj_priv=$1 where uj_login=$2 and uj_jrn_id=$3',
79 array($value, $sec_User->login, $jrn_def_id));
80 }
81 echo $ie_input->value();
82 return;
83 }
84 if ($action=="cancel")
85 {
86 $ie_input=Inplace_Edit::build($input);
87 $ie_input->set_callback("ajax_misc.php");
88 $ie_input->add_json_param("jrn_def_id", $jrn_def_id);
89 $ie_input->add_json_param("op", "ledger_access");
90 $ie_input->add_json_param("gDossier", $n_dossier_id);
91 $ie_input->add_json_param("user_id", $user_id);
92 echo $ie_input->value();
93 return;
94 }
95}
96//-----------------------------------------------------------------------------
97// Set the user's profile
98//-----------------------------------------------------------------------------
99if ($op=="profile")
100{
101 $input=$http->request("input");
102 $action=$http->request("ieaction", "string", "display");
103 $user_id=$http->post("user_id", "number");
104 $profile_id=$http->post("profile_id");
105 if ($action=="display")
106 {
107 $ie_input=Inplace_Edit::build($input);
108 $ie_input->set_callback("ajax_misc.php");
109 $ie_input->add_json_param("profile_id", $profile_id);
110 $ie_input->add_json_param("op", "profile");
111 $ie_input->add_json_param("gDossier", $n_dossier_id);
112 $ie_input->add_json_param("user_id", $user_id);
113 echo $ie_input->ajax_input();
114 return;
115 }
116 if ($action=="ok")
117 {
118 $value=$http->post("value");
119 // save profile
120 $sec_User=new Noalyss_User($cn, $user_id);
121 if ( $value > 0) {
122 $sec_User->save_profile($value);
123 }
124 $ie_input=Inplace_Edit::build($input);
125 $ie_input->set_callback("ajax_misc.php");
126 $ie_input->add_json_param("op", "profile");
127 $ie_input->add_json_param("profile_id", $profile_id);
128 $ie_input->add_json_param("gDossier", $n_dossier_id);
129 $ie_input->add_json_param("user_id", $user_id);
130 $ie_input->set_value($value);
131
132 echo $ie_input->value();
133 return;
134 }
135 if ($action=="cancel")
136 {
137 $ie_input=Inplace_Edit::build($input);
138 $ie_input->set_callback("ajax_misc.php");
139 $ie_input->add_json_param("op", "profile");
140 $ie_input->add_json_param("gDossier", $n_dossier_id);
141 $ie_input->add_json_param("profile_id", $profile_id);
142 $ie_input->add_json_param("user_id", $user_id);
143 echo $ie_input->value();
144 return;
145 }
146}
147//------------------------------------------------------------------------------
148// Update in once all the ledger access for an user
149//------------------------------------------------------------------------------
150if ($op=='ledger_access_all')
151{
152 // Find the login
153 $user_id=$http->post("user_id", "number");
154 $access=$http->post("access");
155 if ($access!="W"&&$access!="X"&&$access!="R")
156 die("Invalid access");
157 $sec_User=new Noalyss_User($cn, $user_id);
158 // Insert all the existing ledgers to user_sec_jrn
159 $sql="insert into user_sec_jrn(
160 uj_jrn_id,
161 uj_login,
162 uj_priv
163 ) select jrn_def_id,$1,'X'
164 from
165 jrn_def
166 where
167 not exists(select 1
168 from
169 user_sec_jrn
170 where
171 uj_jrn_id = jrn_def_id
172 and uj_login = $1
173 )";
174 $cn->exec_sql($sql, array($sec_User->login));
175 $cn->exec_sql('update user_sec_jrn set uj_priv=$1 where uj_login=$2',
176 array($access, $sec_User->login));
177 return;
178}
179//------------------------------------------------------------------------------
180// Set on or off the action
181//------------------------------------------------------------------------------
182if ($op=="action_access")
183{
184 $action_id=$http->get("ac_id", "number");
185 $user_id=$http->get("user_id","number");
186 $sec_User=new Noalyss_User($cn, $user_id);
187
188 $right=$sec_User->check_action($action_id);
189 $is_switch=new Inplace_Switch("action".$action_id,0);
190 if ($right==1)
191 {
192 $cn->exec_sql("delete from user_sec_act where ua_act_id=$1 and ua_login=$2",
193 array($action_id, $sec_User->login));
194 echo $is_switch->get_iconoff();
195 } else {
196 $cn->exec_sql('insert into user_sec_act (ua_login,ua_act_id)'.
197 ' values ($1,$2)',
198 array($sec_User->login,$action_id));
199 echo $is_switch->get_iconon();
200 }
201
202
203
204}
205//----------------------------------------------------------------------------
206// Set all the actions
207//----------------------------------------------------------------------------
208if ($op=="action_access_all")
209{
210 $user_id=$http->get("user_id","number");
211 $access=$http->get("access","number");
212 $sec_User=new Noalyss_User($cn, $user_id);
213 if ( $access==0) {
214 $cn->exec_sql("delete from user_sec_act where ua_login=$1",array($sec_User->login));
215 }
216 if ( $access==1) {
217 $cn->exec_sql("
218 insert into user_sec_act(ua_login,ua_act_id) select $1,ac_id from action where not exists(select 1 from user_sec_act where ua_login=$1 and ua_act_id=ac_id)",
219 array($sec_User->login));
220 }
221
222}
223//----------------------------------------------------------------------------
224// Enable or disable security on ledger
225//----------------------------------------------------------------------------
226if ($op=="user_sec_ledger")
227{
228 $user_id=$http->get("user_id", "number");
229 $value=$http->get("value", "number");
230 $sec_user=new Noalyss_User($cn, $user_id);
231 $status_sec_ledger=$sec_user->get_status_security_ledger();
232 $sec_ledger=new Inplace_Switch("sec_ledger", $status_sec_ledger);
233 $sec_ledger->set_callback("ajax_misc.php");
234 $sec_ledger->add_json_param("gDossier", $n_dossier_id);
235 $sec_ledger->add_json_param("user_id", $user_id);
236 $sec_ledger->add_json_param("op", "user_sec_ledger");
237 if ($sec_user->get_status_security_ledger()==1||$sec_user->Admin()==1)
238 {
239 $sec_user->set_status_security_ledger(0);
240 echo $sec_ledger->get_iconoff();
241 }else {
242 $sec_user->set_status_security_ledger(1);
243 echo $sec_ledger->get_iconon();
244
245 }
246}
247//----------------------------------------------------------------------------
248// Enable or disable security on action
249//----------------------------------------------------------------------------
250if ($op=="user_sec_action")
251{
252 $user_id=$http->get("user_id", "number");
253 $value=$http->get("value", "number");
254 $sec_user=new Noalyss_User($cn, $user_id);
255 $status_sec_action=$sec_user->get_status_security_action();
256 $sec_action=new Inplace_Switch("sec_action", $status_sec_action);
257 $sec_action->set_callback("ajax_misc.php");
258 $sec_action->add_json_param("gDossier", $n_dossier_id);
259 $sec_action->add_json_param("user_id", $user_id);
260 $sec_action->add_json_param("op", "user_sec_action");
261 if ($sec_user->get_status_security_action()==1||$sec_user->Admin()==1)
262 {
263 $sec_user->set_status_security_action(0);
264 echo $sec_action->get_iconoff();
265 }else {
266 $sec_user->set_status_security_action(1);
267 echo $sec_action->get_iconon();
268
269 }
270}
$action
$action
Definition: admin_repo.inc.php:33
$sql
$sql
Definition: ajax_add_concerned_card.php:100
$op
$op
Definition: ajax_admin.php:38
$cn
$cn
Definition: ajax_anc_accounting.php:30
$input
$input
Definition: ajax_anc_plan.php:32
$access
if($ledger=="") $access
Definition: ajax_ledger.php:110
$profile_id
$profile_id
Definition: ajax_mobile_device_menu.php:37
$g_user
global $g_user
Definition: ajax_user_security.php:32
$n_dossier_id
$n_dossier_id
Definition: ajax_user_security.php:36
Dossier\id
static id()
return the 'gDossier' value after a check
Definition: dossier.class.php:61
Inplace_Edit\build
static build($p_serialize)
build a Inplace_Edit object from a serialized string (ajax json parameter = input)
Definition: inplace_edit.class.php:66
Inplace_Switch
A switch let you switch between 2 values : 0 and 1, it is used to replace the check.
Definition: inplace_switch.class.php:34
Noalyss_User
Data & function about connected users.
Definition: noalyss_user.class.php:34
$action_id
$action_id
Definition: compta_ven.inc.php:277
$count
$count
Definition: dossier.inc.php:319
$value
$value
Definition: export_document.php:41