noalyss  Version-6.9.1.8
 All Data Structures Namespaces Files Functions Variables Pages
class_user.php
Go to the documentation of this file.
1 <?php
2 
3 /*
4  * This file is part of NOALYSS.
5  *
6  * NOALYSS is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published by
8  * the Free Software Foundation; either version 2 of the License, or
9  * (at your option) any later version.
10  *
11  * NOALYSS is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14  * GNU General Public License for more details.
15  *
16  * You should have received a copy of the GNU General Public License
17  * along with NOALYSS; if not, write to the Free Software
18  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19  */
20 // Copyright Author Dany De Bontridder danydb@aevalys.eu
21 /**
22  * @file
23  * @brief Data & function about connected users
24  */
25 
26 /**
27  * @brief Data & function about connected users
28  *
29  */
30 
31 require_once NOALYSS_INCLUDE.'/constant.php';
32 require_once NOALYSS_INCLUDE.'/lib/user_common.php';
33 require_once NOALYSS_INCLUDE.'/class/class_dossier.php';
34 require_once NOALYSS_INCLUDE.'/lib/ac_common.php';
35 
36 class User
37 {
38 
39  var $id;
40  var $pass;
41  var $db;
42  var $admin;
43  var $valid;
44  var $first_name;
45  var $name;
46  var $active ;
47  var $login ;
48  var $password ;
49  var $email ;
50 
51  function __construct(&$p_cn, $p_id = -1)
52  {
53  // if p_id is not set then check the connected user
54  if ($p_id == -1)
55  {
56  if (!isset($_SESSION['g_user']))
57  {
58  echo '<h2 class="error">' . _('Session expirée<br>Utilisateur déconnecté') . '</h2>';
59  redirect('index.php', 1);
60  exit();
61  }
62 
63  $this->login =strtolower($_SESSION['g_user']);
64  $this->pass = $_SESSION['g_pass'];
65  $this->lang = (isset($_SESSION['g_lang'])) ? $_SESSION['g_lang'] : 'fr_FR.utf8';
66  $this->valid = (isset($_SESSION['isValid'])) ? 1 : 0;
67  $this->db = $p_cn;
68  $this->id = -1;
69  if (isset($_SESSION['g_theme']))
70  $this->theme = $_SESSION['g_theme'];
71 
72  $this->admin = ( isset($_SESSION['use_admin']) ) ? $_SESSION['use_admin'] : 0;
73 
74  if (isset($_SESSION['use_name']))
75  $this->name = $_SESSION['use_name'];
76  if (isset($_SESSION['use_first_name']))
77  $this->first_name = $_SESSION['use_first_name'];
78  $this->load();
79  }
80  else // if p_id is set get data of another user
81  {
82  $this->id = $p_id;
83  $this->db = $p_cn;
84  $this->load();
85  }
86  }
87 
88  /**\brief load data from database.
89  * if this->id == -1, it is unknown so we have to retrieve it
90  from the database by the login
91  * return -1 if nothing is found
92  */
93 
94  function load()
95  {
96  /* if this->id == -1, it is unknown so we have to retrieve it from
97  the database thanks it login */
98  if ($this->id < 0)
99  {
100  $sql_cond = " where lower(use_login)=lower($1)";
101  $sql_array = array($this->login);
102  }
103  else
104  {
105  $sql_cond = " where use_id=$1";
106  $sql_array = array($this->id);
107  }
108  $sql = "select use_id,
109  use_first_name,
110  use_name,
111  use_login,
112  use_active,
113  use_admin,
114  use_pass,
115  use_email
116  from ac_users ";
117  $cn = new Database();
118  $Res = $cn->exec_sql($sql . $sql_cond, $sql_array);
119  if (($Max = Database::num_row($Res)) == 0)
120  return -1;
121  $row = Database::fetch_array($Res, 0);
122  $this->id = $row['use_id'];
123  $this->first_name = $row['use_first_name'];
124  $this->last_name = $row['use_name'];
125  $this->name = $row['use_name'];
126  $this->active = $row['use_active'];
127  $this->login = $row['use_login'];
128  $this->admin = $row['use_admin'];
129  $this->password = $row['use_pass'];
130  $this->email=$row['use_email'];
131  }
132 
133  function save()
134  {
135 
136  $Sql = "update ac_users set use_first_name=$1, use_name=$2
137  ,use_active=$3,use_admin=$4,use_pass=$5 ,use_email = $7 where use_id=$6";
138  $cn = new Database();
139  $Res = $cn->exec_sql($Sql, array($this->first_name, $this->last_name, $this->active, $this->admin, $this->pass, $this->id,$this->email));
140  }
141  function insert()
142  {
143 
144  $Sql = "INSERT INTO ac_users(
145  use_first_name, use_name, use_login, use_active,
146  use_admin, use_pass, use_email)
147  VALUES ($1, $2, $3, $4, $5, $6, $7) returning use_id";
148 
149  $cn = new Database();
150  $this->id= $cn->get_value($Sql, array($this->first_name, $this->last_name, $this->login,1,0, $this->pass,$this->email));
151  }
152 
153  /**
154  * \brief Check if user is active and exists in therepository
155  * Automatically redirect, it doesn't check if a user can access a folder
156  * \param $silent false, echo an error message and exit, true : exit without warning
157  * default is false
158  *
159  ++ */
160 
161  function Check($silent = false, $from = '')
162  {
163 
164  $res = 0;
165  $pass5 = md5($this->pass);
166 
167  $cn = new Database();
168  $sql = "select ac_users.use_login,ac_users.use_active, ac_users.use_pass,
169  use_admin,use_first_name,use_name
170  from ac_users
171  where ac_users.use_id='$this->id'
172  and ac_users.use_active=1
173  and ac_users.use_pass='$pass5'";
174  $ret = $cn->exec_sql($sql);
175  $res = Database::num_row($ret);
176  if ($res > 0)
177  {
178  $r = Database::fetch_array($ret, 0);
179  $_SESSION['use_admin'] = $r['use_admin'];
180  $_SESSION['use_name'] = $r['use_name'];
181  $_SESSION['use_first_name'] = $r['use_first_name'];
182  $_SESSION['isValid'] = 1;
183 
184  $this->admin = $_SESSION['use_admin'];
185  $this->name = $_SESSION['use_name'];
186  $this->first_name = $_SESSION['use_first_name'];
187  $this->load_global_pref();
188  }
189  $sql = "insert into audit_connect (ac_user,ac_ip,ac_module,ac_url,ac_state) values ($1,$2,$3,$4,$5)";
190 
191  if ($res == 0)
192  {
193  $cn->exec_sql($sql, array($_SESSION['g_user'], $_SERVER["REMOTE_ADDR"], $from, $_SERVER['REQUEST_URI'], 'FAIL'));
194  if (!$silent)
195  {
196  echo '<script> alert(\''._('Utilisateur ou mot de passe incorrect').'\')</script>';
197  redirect('index.html');
198  }
199  $this->valid = 0;
200  session_unset();
201  exit - 1;
202  }
203  else
204  {
205  if ($from == 'LOGIN')
206  $cn->exec_sql($sql, array($_SESSION['g_user'], $_SERVER["REMOTE_ADDR"], $from, $_SERVER['REQUEST_URI'], 'SUCCESS'));
207  $this->valid = 1;
208  }
209 
210  return $ret;
211  }
212 
213  /**
214  * \brief return the access to a folder,
215  * \param $p_dossier id if it is == 0 then we take the value from $_SESSION
216  * \return the priv_priv
217  * - X no access
218  * - R has access (normal user)
219 
220  *
221  */
222 
223  function get_folder_access($p_dossier = 0)
224  {
225 
226  if ($p_dossier == 0)
227  $p_dossier = dossier::id();
228  if ($this->admin == 1) return 'R';
229  $cn = new Database();
230 
231  $sql = "select 'R' from jnt_use_dos where use_id=$1 and dos_id=$2";
232 
233  $res = $cn->get_value($sql, array($this->id, $p_dossier));
234 
235  if ($cn->get_affected()== 0) return 'X';
236  return $res;
237  }
238 
239  /**
240  * \brief save the access of a folder
241  * \param $db_id the dossier id
242  * \param $priv boolean, true then it is granted, false it is removed
243  */
244 
245  function set_folder_access($db_id, $priv)
246  {
247 
248  $cn=new Database();
249  if ($priv)
250  {
251  // the access is granted
252  $jnt=$cn->get_value("select jnt_id from jnt_use_dos where dos_id=$1 and use_id=$2", array($db_id, $this->id));
253 
254  if ($cn->size()==0)
255  {
256 
257  $Res=$cn->exec_sql("insert into jnt_use_dos(dos_id,use_id) values($1,$2)", array($db_id, $this->id));
258  }
259  }
260  else
261  {
262  // Access is revoked
263  $cn->exec_sql('delete from jnt_use_dos where use_id = $1 and dos_id = $2 ', array($this->id, $db_id));
264  }
265  }
266 
267  /**
268  * \brief check that a user is valid and the access to the folder
269  * \param $p_ledger the ledger to check
270  * \return the priv_priv
271  * - O only predefined operation
272  * - W write
273  * - R read only
274  * - X no access
275  *
276 
277  *
278  */
279 
280  function get_ledger_access($p_ledger)
281  {
282  if ($this->admin == 1 ||
283  $this->is_local_admin(dossier::id()) == 1)
284  return 'W';
285 
286  $sql = "select uj_priv from user_sec_jrn where uj_login=$1 and uj_jrn_id=$2";
287  $res = $this->db->get_value($sql, array($this->login, $p_ledger));
288 
289  if ($res == '')
290  $res = 'X';
291  return $res;
292  }
293 
294  /**
295  * \brief get all the available ledgers for the current user
296  * \param $p_type = ALL or the type of the ledger (ACH,VEN,FIN,ODS)
297  * \param $p_access =3 for Read or WRITE, 2 write, 1 for readonly
298  * \return a double array of available ledgers
299  @verbatim
300  [0] => [jrn_def_id]
301  [jrn_def_type]
302  [jrn_def_name]
303  [jrn_def_class_deb]
304  [jrn_def_class_cred]
305  [jrn_type_id]
306  [jrn_desc]
307  [uj_priv]
308  @endverbatim
309  */
310 
311  function get_ledger($p_type = 'ALL', $p_access = 3)
312  {
313  if ($this->admin != 1 && $this->is_local_admin() != 1)
314  {
315  $sql_type = ($p_type == 'ALL') ? '' : "and jrn_def_type=upper('" . sql_string($p_type) . "')";
316  switch ($p_access)
317  {
318  case 3:
319  $sql_access = " and uj_priv!= 'X'";
320  break;
321  case 2:
322  $sql_access = " and uj_priv = 'W'";
323  break;
324 
325  case 1:
326  $sql_access = " and ( uj_priv = 'R' or uj_priv='W') ";
327  break;
328  }
329 
330  $sql = "select jrn_def_id,jrn_def_type,
331  jrn_def_name,jrn_def_class_deb,jrn_def_class_cred,jrn_type_id,jrn_desc,uj_priv,
332  jrn_deb_max_line,jrn_cred_max_line,jrn_def_description
333  from jrn_def join jrn_type on jrn_def_type=jrn_type_id
334  join user_sec_jrn on uj_jrn_id=jrn_def_id
335  where
336  uj_login='" . $this->login . "'" .
337  $sql_type . $sql_access .
338  " order by jrn_Def_name";
339  }
340  else
341  {
342  $sql_type = ($p_type == 'ALL') ? '' : "where jrn_def_type=upper('" . sql_string($p_type) . "')";
343  $sql = "select jrn_def_id,jrn_def_type,jrn_def_name,jrn_def_class_deb,jrn_def_class_cred,jrn_deb_max_line,jrn_cred_max_line,
344  jrn_type_id,jrn_desc,'W' as uj_priv,jrn_def_description
345  from jrn_def join jrn_type on jrn_def_type=jrn_type_id
346  $sql_type
347  order by jrn_Def_name";
348  }
349  $res = $this->db->exec_sql($sql);
350  if (Database::num_row($res) == 0)
351  return null;
352  $array = Database::fetch_all($res);
353  return $array;
354  }
355 
356  /**
357  * \brief return an sql condition for filtering the permitted ledger
358  * \param $p_type = ALL or the type of the ledger (ACH,VEN,FIN,ODS)
359  * \param $p_access =3 for READ or WRITE, 2 READ and write, 1 for readonly
360  *
361  * \return sql condition like = jrn_def_id in (...)
362  */
363 
364  function get_ledger_sql($p_type = 'ALL', $p_access = 3)
365  {
366  $aLedger = $this->get_ledger($p_type, $p_access);
367  if (empty($aLedger))
368  return ' jrn_def_id < 0 ';
369  $sql = " jrn_def_id in (";
370  foreach ($aLedger as $row)
371  {
372  $sql.=$row['jrn_def_id'] . ',';
373  }
374  $sql.='-1)';
375  return $sql;
376  }
377 
378  /**
379  * \brief Check if an user is an admin
380  *
381  * \return 1 for yes 0 for no
382  */
383 
384  function Admin()
385  {
386  $this->admin = 0;
387  if ($this->login != NOALYSS_ADMINISTRATOR )
388  {
389  $pass5 = md5($this->pass);
390  $sql = "select use_admin from ac_users where use_login=$1
391  and use_active=1 ";
392 
393  $cn = new Database();
394  $res = $cn->exec_sql($sql, array($this->login));
395  if (Database::num_row($res) == 0)
396  throw new Exception(__FILE__ . " " . __LINE__ . " aucun resultat");
397  $this->admin = Database::fetch_result($res, 0);
398  }
399  else
400  $this->admin = 1;
401 
402  return $this->admin;
403  }
404 
405  /**
406  * \brief Set the selected periode in the user's preferences
407  *
408  * \param $p_periode periode
409  * \param - $p_user
410  *
411  */
412 
413  function set_periode($p_periode)
414  {
415  $sql = "update user_local_pref set parameter_value='$p_periode' where user_id='$this->id' and parameter_type='PERIODE'";
416  $Res = $this->db->exec_sql($sql);
417  }
418 
419  private function set_default_periode()
420  {
421 
422  /* get the first periode */
423  $sql = 'select min(p_id) as pid from parm_periode where p_closed = false and p_start = (select min(p_start) from parm_periode)';
424  $Res = $this->db->exec_sql($sql);
425 
426  $pid = Database::fetch_result($Res, 0, 0);
427  /* if all the periode are closed, then we use the last closed period */
428  if ($pid == null)
429  {
430  $sql = 'select min(p_id) as pid from parm_periode where p_start = (select max(p_start) from parm_periode)';
431  $Res2 = $this->db->exec_sql($sql);
432  $pid = Database::fetch_result($Res2, 0, 0);
433  if ($pid == null)
434  {
435  throw new Exception( _("Aucune période trouvéee !!!"));
436  }
437 
438  $pid = Database::fetch_result($Res2, 0, 0);
439  }
440 
441  $sql = sprintf("insert into user_local_pref (user_id,parameter_value,parameter_type)
442  values ('%s','%d','PERIODE')", $this->id, $pid);
443  $Res = $this->db->exec_sql($sql);
444  }
445 
446  /**
447  * \brief Get the default periode from the user's preferences
448  *
449  * \return the default periode
450  *
451  *
452  */
453 
454  function get_periode()
455  {
456 
457  $array = $this->get_preference();
458  if (!isset($array['PERIODE']))
459  {
460  $this->set_default_periode();
461  $array = $this->get_preference();
462  }
463  return $array['PERIODE'];
464  }
465 
466  /**
467  *
468  * \brief return the mini rapport to display on the welcome page
469  * \return 0 if nothing if found or the report to display (formdef.fr_id)
470  */
471 
472  function get_mini_report()
473  {
474  $array = $this->get_preference();
475  $fr_id = (isset($array['MINIREPORT'])) ? $array['MINIREPORT'] : 0;
476  return $fr_id;
477  }
478 
479  /**\brief set the mini rapport to display on the welcome page
480  */
481 
482  function set_mini_report($p_id)
483  {
484  $count = $this->db->get_value("select count(*) from user_local_pref where user_id=$1 and parameter_type=$2", array($this->id, 'MINIREPORT'));
485  if ($count == 1)
486  {
487  $sql = "update user_local_pref set parameter_value=$1 where user_id=$2 and parameter_type='MINIREPORT'";
488  $Res = $this->db->exec_sql($sql, array($p_id, $this->id));
489  }
490  else
491  {
492  $sql = "insert into user_local_pref (user_id,parameter_type,parameter_value)" .
493  "values($1,'MINIREPORT',$2)";
494  $Res = $this->db->exec_sql($sql, array($this->id, $p_id));
495  }
496  }
497  /**
498  * Save the preference , the scope is global, the settings are saved
499  * into account_repository
500  * @param $key THEME, LANG , PAGESIZE
501  * @param $value value of the key
502  */
503 
504  function save_global_preference($key, $value)
505  {
506  $repo = new Database();
507  $count = $repo->get_value("select count(*)
508  from
509  user_global_pref
510  where
511  parameter_type=$1 and user_id=$2", array($key, $this->login));
512  if ($count == 1)
513  {
514  $repo->exec_sql("update user_global_pref set parameter_value=$1
515  where parameter_type=$2 and user_id=$3", array($value, $key, $this->login));
516  }
517  elseif ($count == 0)
518  {
519  $repo->exec_sql("insert into user_global_pref(user_id,parameter_type,parameter_value)
520  values($1,$2,$3)", array($this->login, $key, $value));
521  }
522  }
523 
524  /**
525  * \brief Get the default user's preferences
526  * \return array of (parameter_type => parameter_value)
527  */
528 
529  function get_preference()
530  {
531  $sql = "select parameter_type,parameter_value from user_local_pref where user_id=$1";
532  $Res = $this->db->exec_sql($sql, array($this->id));
533  $l_array = array();
534  for ($i = 0; $i < Database::num_row($Res); $i++)
535  {
536  $row = Database::fetch_array($Res, $i);
537  $type = $row['parameter_type'];
538  $l_array[$type] = $row['parameter_value'];
539  }
540 
541 
542  return $l_array;
543  }
544 
545  /**
546  * Check if an user can access a module, return 1 if yes, otherwise 0
547  * record in audit log
548  * This function works only if user is connected to a Folder
549  * @param string $p_module menu_ref.me_code
550  */
551  function check_module($p_module)
552  {
553  $acc = $this->db->get_value("select count(*) from v_all_menu where p_id = $1
554  and me_code=$2", array($this->get_profile(), $p_module));
555  if ($acc == 0)
556  {
557  $this->audit("FAIL", $p_module);
558  return 0;
559  }
560  $this->audit("SUCCESS", $p_module);
561  return 1;
562  }
563 
564  /**
565  * \brief Check if an user is allowed to do an action
566  * \param p_action_id
567  * \return
568  * - 0 no priv
569  * - 1 priv granted
570  * @see constant.security.php
571  */
572 
573  function check_action($p_action_id)
574  {
575  /* save it into the log */
576  global $audit;
577  if ($this->Admin() == 1)
578  return 1;
579  if ($this->is_local_admin(dossier::id()) == 1)
580  return 1;
581 
582  $Res = $this->db->exec_sql(
583  "select * from user_sec_act where ua_login=$1 and ua_act_id=$2", array($this->login, $p_action_id));
584  $Count = Database::num_row($Res);
585  if ($Count == 0)
586  {
587  if (isset($audit) && $audit == true)
588  {
589  $cn = new Database();
590  $sql = "insert into audit_connect (ac_user,ac_ip,ac_module,ac_url,ac_state) values ($1,$2,$3,$4,$5)";
591  $cn->exec_sql($sql, array($_SESSION['g_user'], $_SERVER["REMOTE_ADDR"], $p_action_id, $_SERVER['REQUEST_URI'], 'FAIL'));
592  }
593  return 0;
594  }
595  if ($Count == 1)
596  return 1;
597  echo "<H2 class=\"error\"> Action Invalide !!! $Count select * from user_sec_act where ua_login='$p_login' and ua_act_id=$p_action_id </H2>";
598  exit();
599  }
600 
601  /**
602  * \brief Get the global preferences from user_global_pref
603  * in the account_repository db
604  *
605  * \note set $SESSION[g_variable]
606  */
607 
608  function load_global_pref()
609  {
610  $cn = new Database();
611  // Load everything in an array
612  $Res = $cn->exec_sql("select parameter_type,parameter_value from
613  user_global_pref
614  where user_id='" . $this->login . "'");
615  $Max = Database::num_row($Res);
616  if ($Max == 0)
617  {
618  $this->insert_default_global_pref();
619  $this->load_global_pref();
620  return;
621  }
622  // Load value into array
623  $line = array();
624  for ($i = 0; $i < $Max; $i++)
625  {
626  $row = Database::fetch_array($Res, $i);
627  $type = $row['parameter_type'];
628  $line[$type] = $row['parameter_value'];
629  ;
630  }
631  // save array into g_ variable
632  $array_pref = array('g_theme' => 'THEME', 'g_pagesize' => 'PAGESIZE', 'g_topmenu' => 'TOPMENU', 'g_lang' => 'LANG');
633  foreach ($array_pref as $name => $parameter)
634  {
635  if (!isset($line[$parameter]))
636  {
637  $this->insert_default_global_pref($parameter);
638  $this->load_global_pref();
639  return;
640  }
641  $_SESSION[$name] = $line[$parameter];
642  }
643  }
644 
645  /**
646  * \brief insert default pref
647  * if no parameter are given insert all the existing
648  * parameter otherwise only the requested
649  * \param $p_type parameter's type or nothing
650  * \param $p_value parameter value
651  *
652  */
653 
654  function insert_default_global_pref($p_type = "", $p_value = "")
655  {
656 
657  $default_parameter = array("THEME" => "classic",
658  "PAGESIZE" => "50",
659  'TOPMENU' => 'TEXT',
660  'LANG' => 'fr_FR.utf8');
661  $cn = new Database();
662  $Sql = "insert into user_global_pref(user_id,parameter_type,parameter_value)
663  values ('%s','%s','%s')";
664  if ($p_type == "")
665  {
666  foreach ($default_parameter as $name => $value)
667  {
668  $Insert = sprintf($Sql, $this->login, $name, $value);
669  $cn->exec_sql($Insert);
670  }
671  }
672  else
673  {
674  $value = ($p_value == "") ? $default_parameter[$p_type] : $p_value;
675  $Insert = sprintf($Sql, $this->login, $p_type, $value);
676  $cn->exec_sql($Insert);
677  }
678  }
679 
680  /**
681  * \brief update default pref
682  * if value is not given then use the default value
683  *
684  * \param $p_type parameter's type
685  * \param $p_value parameter's value value of the type
686  */
687 
688  function update_global_pref($p_type, $p_value = "")
689  {
690  $default_parameter = array("THEME" => "classic",
691  "PAGESIZE" => "50",
692  "LANG" => 'fr_FR.utf8',
693  'TOPMENU' => 'SELECT');
694  $cn = new Database();
695  $Sql = "update user_global_pref set parameter_value=$1
696  where parameter_type=$2 and
697  user_id=$3";
698  $value = ($p_value == "") ? $default_parameter[$p_type] : $p_value;
699  $cn->exec_sql($Sql, array($value, $p_type, $this->login));
700  }
701 
702 //end function
703  /**\brief Return the year of current Periode
704  * it is the parm_periode.p_exercice col
705  * if an error occurs return 0
706  */
707 
708  function get_exercice()
709  {
710  $sql = "select p_exercice from parm_periode where p_id=" . $this->get_periode();
711  $Ret = $this->db->exec_sql($sql);
712  if (Database::num_row($Ret) == 1)
713  {
714  $r = Database::fetch_array($Ret, 0);
715  return $r['p_exercice'];
716  }
717  else
718  return 0;
719  }
720 
721  /**\brief Check if the user can access
722  * otherwise warn and exit
723  * \param $p_action requested action
724  * \param $p_js = 1 javascript, or 0 just a text
725  * \return nothing the program exits automatically
726  */
727 
728  function can_request($p_action, $p_js = 0)
729  {
730  if ($this->check_action($p_action) == 0)
731  {
732  $this->audit('FAIL');
733  if ($p_js == 1)
734  {
735  echo "<script>";
736  echo "alert ('Cette action ne vous est pas autorisée. Contactez votre responsable');";
737  echo "</script>";
738  }
739  else
740  {
741  echo '<div class="redcontent">';
742  echo '<h2 class="error"> Cette action ne vous est pas autorisée Contactez votre responsable</h2>';
743  echo '</div>';
744  }
745  exit(-1);
746  }
747  }
748 
749  /**
750  *@brief Check if the user can print (in menu_ref p_type_display=p)
751  * otherwise warn and exit
752  * @param $p_action requested action
753  * @return nothing the program exits automatically
754  */
755  function check_print($p_action)
756  {
757  global $audit, $cn;
758  $this->audit('AUDIT', $p_action);
759  if ($this->Admin() == 1)
760  return 1;
761 
762  $res = $cn->get_value("select count(*) from profile_menu
763  join profile_user using (p_id)
764  where user_name=$1 and me_code=$2 ", array($this->login, $p_action));
765  return $res;
766  }
767 
768  /**\brief Check if the user can print (in menu_ref p_type_display=p)
769  * otherwise warn and exit
770  * \param $p_action requested action
771  * \return nothing the program exits automatically
772  */
773 
774  function can_print($p_action, $p_js = 0)
775  {
776  if ($this->check_print($p_action) == 0)
777  {
778  $this->audit('FAIL');
779  if ($p_js == 1)
780  {
781  echo "<script>";
782  echo "alert ('Cette action ne vous est pas autorisée. Contactez votre responsable');";
783  echo "</script>";
784  }
785  else
786  {
787  echo '<div class="redcontent">';
788  echo '<h2 class="error"> Cette action ne vous est pas autorisée Contactez votre responsable</h2>';
789  echo '</div>';
790  }
791  exit(-1);
792  }
793  }
794 
795  /**
796  * \brief Check if an user is an local administrator
797  * @deprecated since version 6.7
798  *
799  *
800  * \param $p_dossier : dossier_id
801  *
802  * \return
803  * - 0 if no
804  * - 1 if yes
805  *
806  */
807 
808  function is_local_admin($p_dossier = -1)
809  {
810  return 0;
811  }
812  /**
813  *@brief return array of available repository
814  *
815  * @param $p_access R for read W for write
816  * @return an array
817  */
818  function get_available_repository($p_access='R')
819  {
820  $profile=$this->get_profile();
821  $r=array();
822  if ($p_access=='R')
823  {
824  $r=$this->db->get_array("select distinct u.r_id,r_name
825  from
826  profile_sec_repository as u
827  join stock_repository as s on(u.r_id=s.r_id)
828  where
829  p_id =$1
830  and ur_right='W'
831  order by 2
832  ",array($profile));
833  }
834  if ($p_access == 'W')
835  {
836  $r=$this->db->get_array("select distinct u.r_id,r_name
837  from
838  profile_sec_repository as u
839  join stock_repository as s on(u.r_id=s.r_id)
840  where
841  p_id =$1 order by 2
842  ",array($profile));
843  }
844  return $r;
845  }
846  /**
847  * \brief return an array with all the active users who can access
848  * $p_dossier including the global admin.
849  * The user must be activated
850  *
851  * \param $p_dossier dossier
852  * \return an array of user's object
853  * array indices
854  * - use_id (id )
855  * - use_login (login of the user)
856  * - use_name
857  * - use_first_name
858  *
859  * \exception throw an exception if nobody can access
860  */
861 
862  static function get_list($p_dossier)
863  {
864  $sql = "select distinct use_id,use_login,use_first_name,use_name from ac_users
865  left outer join jnt_use_dos using (use_id)
866  where
867  (dos_id=$1 and use_active=1) or (use_active=1 and use_admin=1)
868  order by use_login,use_name";
869 
870 
871  $repo = new Database();
872  $array = $repo->get_array($sql, array($p_dossier));
873  if ($repo->size() == 0)
874  throw new Exception('Error inaccessible folder');
875  return $array;
876  }
877 
878  /**
879  * \brief check the access of an user on a ledger
880  *
881  * \param $p_jrn the ledger id
882  * \return
883  * - O only predefined operation
884  * - W write
885  * - R read only
886  * - X no access
887  *
888  */
889 
890  function check_jrn($p_jrn)
891  {
892  return $this->get_ledger_access($p_jrn);
893  }
894 
895  /**
896  * \brief check if an user can access a folder, if he cannot display a dialog box
897  * and exit
898  * \param the folder if
899  * \param $silent false, echo an error message and exit, true : exit without warning
900  * default is false
901  * \return
902  * - L for administrator (local and global)
903  * - X no access
904  * - R regular user
905  */
906 
907  function check_dossier($p_dossier_id, $silent = false)
908  {
909  $this->Admin();
910  if ($this->admin == 1 || $this->is_local_admin($p_dossier_id) == 1)
911  return 'L';
912  $cn = new Database();
913 
914  $dossier = $cn->get_value("select 'R' from jnt_use_dos where dos_id=$1 and use_id=$2", array($p_dossier_id, $this->id));
915  $dossier = ($dossier == '') ? 'X' : $dossier;
916  if ($dossier == 'X')
917  {
918  $this->audit('FAIL', "Access folder ");
919  if (!$silent)
920  {
921  alert(_('Dossier non accessible'));
922  exit();
923  }
924  }
925  return $dossier;
926  }
927 
928  /**
929  * @brief return the first date and the last date of the current exercice for the current user
930  * @return and array ([0] => start_date,[1] => end_date)
931  */
932  function get_limit_current_exercice()
933  {
934  $current_exercice = $this->get_exercice();
935  $periode = new Periode($this->db);
936  list($per_start, $per_end) = $periode->get_limit($current_exercice);
937  $start = $per_start->first_day();
938  $end = $per_end->last_day();
939  return array($start, $end);
940  }
941 
942  /**
943  * \brief Show all the available folder for the users
944  * at the login page. For the special case 'E'
945  * go directly to extension and bypasse the dashboard
946  * \param $p_filtre user
947  *
948  * \return table in HTML
949  *
950  */
951 
952  function show_dossier($p_filtre = "")
953  {
954  $p_array = $this->get_available_folder($p_filtre);
955 
956  $result = "";
957 
958  $result.="<TABLE id=\"folder\" class=\"result\">";
959  $result.="<tr>";
960  $result.="<th>";
961  $result.=_("Id");
962  $result.="</th>";
963  $result.="<th>";
964  $result.=_("Nom");
965  $result.="</th>";
966  $result.="<th>";
967  $result.=_("Description");
968  $result.="</th>";
969  $result.="</tr>";
970  if ($p_array == 0) {
971  $result.="<tr>";
972  $result.='<td style="width:auto" colspan=3>';
973  $result.=_("Aucun dossier disponible");
974  $result.='</td>';
975  $result.="</tr>";
976  return $result;
977  }
978 
979  for ($i = 0; $i < sizeof($p_array); $i++)
980  {
981 
982  $id = $p_array[$i]['dos_id'];
983  $name = $p_array[$i]['dos_name'];
984  $desc = $p_array[$i]['dos_description'];
985  if ($i % 2 == 0)
986  $tr = "odd";
987  else
988  $tr = "even";
989  $target = "do.php?gDossier=$id";
990 
991  $result.="<TR class=\"$tr\">";
992 
993  $result.=td($id, ' class="num" ');
994  $result.="<TD class=\"$tr\">";
995  $result.="<A class=\"dossier\" HREF=\"$target\">";
996  $result.= " <B>" . h($name) . "</B>";
997  $result.="</A>";
998  $result.="</TD>";
999  $desc = ($desc == "") ? "<i>Aucune description</i>" : h($desc);
1000  $desc = "<A class=\"dossier\" HREF=\"$target\">$desc</A>";
1001  $result.="<TD class=\"$tr\" >" . $desc;
1002  $result.="</TD>";
1003  $result.="</TR>";
1004  }
1005  $result.="</TABLE>";
1006  return $result;
1007  }
1008 
1009  /**
1010  * \brief Get all the available folders
1011  * for the users, checked with the security
1012  *
1013  * \param $p_filter
1014  * \return array containing
1015  * - ac_dossier.dos_id
1016  * - ac_dossier.dos_name
1017  * - ac_dossier.dos_description
1018  *
1019  */
1020 
1021  function get_available_folder($p_filter = "")
1022  {
1023  $cn = new Database();
1024  $filter = "";
1025  if ($this->admin == 0)
1026  {
1027  // show only available folders
1028  // if user is not an admin
1029  $Res = $cn->exec_sql("select distinct dos_id,dos_name,dos_description
1030  from ac_users
1031  natural join jnt_use_dos
1032  natural join ac_dossier
1033  where
1034  use_login= $1
1035  and use_active = 1
1036  and ( dos_name ~* $2 or dos_description ~* $2 )
1037  order by dos_name", array($this->login, $p_filter));
1038  }
1039  else
1040  {
1041  $Res = $cn->exec_sql("select distinct dos_id,dos_name,dos_description from ac_dossier
1042  where dos_name ~* $1 or dos_description ~* $1 order by dos_name", array($p_filter));
1043  }
1044  require_once NOALYSS_INCLUDE.'/lib/class_database.php';
1045 
1046  $max = Database::num_row($Res);
1047  if ($max == 0)
1048  return 0;
1049 
1050  for ($i = 0; $i < $max; $i++)
1051  {
1052  $array[] = Database::fetch_array($Res, $i);
1053  }
1054  return $array;
1055  }
1056 
1057  function audit($action = 'AUDIT', $p_module = "")
1058  {
1059  global $audit;
1060  if ($audit)
1061  {
1062  if ($p_module == "" && isset($_REQUEST['ac']))
1063  {
1064  $p_module = $_REQUEST['ac'];
1065  }
1066  $cn = new Database();
1067  if (isset($_REQUEST['gDossier']))
1068  $p_module.= " dossier : " . $_REQUEST['gDossier'];
1069  $sql = "insert into audit_connect (ac_user,ac_ip,ac_module,ac_url,ac_state) values ($1,$2,$3,$4,$5)";
1070 
1071  $cn->exec_sql($sql, array(
1072  $_SESSION['g_user'],
1073  $_SERVER["REMOTE_ADDR"],
1074  $p_module,
1075  $_SERVER['REQUEST_URI'],
1076  $action));
1077  }
1078  }
1079 
1080  function save_profile($p_id)
1081  {
1082  $count = $this->db->get_value("select count(*) from profile_user where user_name=$1", array($this->login));
1083  if ($count == 0)
1084  {
1085  $this->db->exec_sql("insert into profile_user(p_id,user_name)
1086  values ($1,$2)", array($p_id, $this->login));
1087  }
1088  else
1089  {
1090  $this->db->exec_sql("update profile_user set p_id=$1 where user_name=$2", array($p_id, $this->login));
1091  }
1092  }
1093  /**
1094  *return the profile (p_id)
1095  * @return profile.p_id
1096  */
1097  function get_profile()
1098  {
1099  $profile = $this->db->get_value("select p_id from profile_user where
1100  lower(user_name)=lower($1)", array($this->login));
1101  return $profile;
1102  }
1103  /**
1104  * Compute the SQL string for the writable profile,
1105  * the subselect for p_id , example
1106  * p_id in $g_user->get_writable_profile.
1107  * The administrator can access all the profiles
1108  * @return SQL string with the subselect for p_id
1109  */
1110  function get_writable_profile()
1111  {
1112  if ( $this->admin != 1)
1113  {
1114  $sql = " (select p_granted "
1115  . " from user_sec_action_profile "
1116  . " where ua_right='W' and p_id=".$this->get_profile().") ";
1117  } else {
1118  $sql = "(select p_id from profile)";
1119  }
1120  return $sql;
1121  }
1122  /**
1123  * Compute the SQL string for the readable profile,
1124  * the subselect for p_id , example
1125  * p_id in $g_user->get_readable_profile.
1126  * The administrator can read all the profiles
1127  * @return SQL string with the subselect for p_id
1128  */
1129  function get_readable_profile()
1130  {
1131  if ( $this->admin != 1)
1132  {
1133  $sql = " (select p_granted "
1134  . " from user_sec_action_profile "
1135  . " where ua_right in ('W','R') and p_id=".$this->get_profile().") ";
1136  } else {
1137  $sql = "(select p_id from profile)";
1138  }
1139  return $sql;
1140  }
1141  /**
1142  * Check if the current user can add an action in the profile given
1143  * in parameter
1144  * @param type $p_profile profile.p_id = action_gestion.ag_dest
1145  * @return boolean
1146  */
1147  function can_add_action($p_profile)
1148  {
1149  $r=$this->db->get_value (' select count(*)
1150  from user_sec_action_profile
1151  where p_granted=$2
1152  and p_id=$1',
1153  array($this->get_profile(),$p_profile));
1154  if ($r == 0 )
1155  {
1156  return false;
1157  }
1158  return true;
1159  }
1160  /**
1161  *Check if the profile of the user can write for this profile
1162  * @param $dtoc action_gestion.ag_id
1163  * @return true if he can write otherwise false
1164  */
1165  function can_write_action($dtoc)
1166  {
1167  if ( $this->Admin() == 1 ) return true;
1168  $profile = $this->get_profile();
1169  $r = $this->db->get_value(" select count(*) from action_gestion where ag_id=$1 and ag_dest in
1170  (select p_granted from user_sec_action_profile where ua_right='W' and p_id=$2) ", array($dtoc, $profile));
1171  if ($r == 0)
1172  return false;
1173  return true;
1174  }
1175 
1176  /**
1177  *Check if the profile of the user can write for this profile
1178  * @param $dtoc action_gestion.ag_id
1179  * @return true if he can write otherwise false
1180  */
1181  function can_read_action($dtoc)
1182  {
1183  if ( $this->Admin() == 1 ) return true;
1184  $profile = $this->get_profile();
1185  $r = $this->db->get_value(" select count(*) from action_gestion where ag_id=$1 and (ag_dest in
1186  (select p_granted from user_sec_action_profile where p_id=$2) or ag_owner=$3)", array($dtoc, $profile, $this->login));
1187  if ($r == 0)
1188  return false;
1189  return true;
1190  }
1191  /**
1192  *Check if the profile of the user can write for this repository
1193  * @param $p_repo stock_repository.r_id
1194  * @return true if he can write otherwise false
1195  */
1196  function can_write_repo($p_repo)
1197  {
1198  if ( $this->Admin() == 1 ) return true;
1199  $profile=$this->get_profile();
1200  $r=$this->db->get_value("select count(*)
1201  from profile_sec_repository
1202  where
1203  r_id=$1
1204  and p_id =$2
1205  and ur_right='W'",array($p_repo,$profile));
1206  if ( $r==0)
1207  return false;
1208  return true;
1209  }
1210  /**
1211  *Check if the profile of the user can read for this repository
1212  * @param $p_repo stock_repository.r_id
1213  * @return true if he read write otherwise false
1214  */
1215  function can_read_repo($p_repo)
1216  {
1217  if ( $this->Admin() == 1 ) return true;
1218  $profile=$this->get_profile();
1219  $r=$this->db->get_value("select count(*)
1220  from profile_sec_repository
1221  where
1222  r_id=$1
1223  and p_id =$2
1224  ",array($p_repo,$profile));
1225  if ( $r==0)
1226  return false;
1227  return true;
1228  }
1229  function save_password($p_pass1, $p_pass2) {
1230  if ($p_pass1 == $p_pass2) {
1231  $repo = new Database();
1232  $l_pass = md5($_POST['pass_1']);
1233  $repo->exec_sql("update ac_users set use_pass=$1 where use_login=$2", array($l_pass, $_SESSION['g_user']));
1234  $_SESSION['g_pass'] = $_POST['pass_1'];
1235  } else {
1236  alert(_("Les mots de passe ne correspondent pas. Mot de passe inchangé"));
1237  }
1238  }
1239  /**
1240  * Save the password from PREFERENCE MODULE
1241  * @param type $p_email
1242  */
1243  function save_email($p_email)
1244  {
1245  $repo=new Database();
1246  $repo->exec_sql("update ac_users set use_email=$1 where use_login=$2", array($p_email, $_SESSION['g_user']));
1247  }
1248  /**
1249  * Remove a user and all his privileges
1250  * So it cannot connect anymore and all his privileges are removed from
1251  * the dossier
1252  *
1253  */
1254  static function revoke_access($p_login,$p_dossier) {
1255  // connect to the repository
1256  $repo_cnx=new Database();
1257 
1258  // Retrieve the user
1259  $user=$repo_cnx->get_array('select use_id,use_login from ac_users where use_login=$1',
1260  array($p_login));
1261  if ( ! $user ) return false;
1262 
1263  // remove him from jnt_use_dos
1264  $repo_cnx->exec_sql("delete from jnt_use_dos WHERE use_id=$1 and dos_id=$2",
1265  array($user[0]['use_id'],$p_dossier));
1266 
1267  // Remove user from user's dossier
1268  $cn_dossier=new Database($p_dossier);
1269  $cn_dossier->exec_sql("delete from profile_user where user_name=$1",array($p_login));
1270  $cn_dossier->exec_sql("delete from user_sec_act where ua_login=$1",array($p_login));
1271 
1272  }
1273 
1274  /**
1275  * Grant access to folder, grant administrator profile , all the ledgers and all the action
1276  *
1277  */
1278  static function grant_admin_access($p_login,$p_dossier)
1279  {
1280  $repo_cnx=new Database();
1281  $user=$repo_cnx->get_array("select use_id,use_login
1282  from ac_users
1283  where use_login=$1", array($p_login));
1284 
1285  if ( ! $user ) return false;
1286  $cn_dossier=new Database($p_dossier);
1287  // if not access to DB
1288  if (
1289  $repo_cnx->get_value("select count(*) from jnt_use_dos where use_id=$1 and dos_id=$2",
1290  array($user[0]['use_id'],$p_dossier)) == 0
1291  )
1292  {
1293  $repo_cnx->exec_sql("insert into jnt_use_dos(use_id,dos_id) values ($1,$2)",
1294  array($user[0]['use_id'], $p_dossier));
1295  }
1296  //------ Give him the admin menu
1297  if ( $cn_dossier->get_value("select count(*) from profile_user where user_name=$1",
1298  array($user[0]['use_login'])) == 0)
1299  {
1300  $cn_dossier->exec_sql('insert into profile_user(user_name,p_id) values($1,1)',
1301  array($user[0]['use_login']));
1302  }
1303  // Grant all action + ledger to him
1304  $cn_dossier->exec_sql("delete from user_sec_act where ua_login=$1",array($p_login));
1305 
1306  $cn_dossier->exec_sql("insert into user_sec_act (ua_login,ua_act_id)"
1307  ." select $1 ,ac_id from action ",array($p_login));
1308 
1309  $cn_dossier->exec_sql("delete from user_sec_jrn where uj_login=$1",array($p_login));
1310  $cn_dossier->exec_sql("insert into user_sec_jrn(uj_login,uj_jrn_id,uj_priv)"
1311  ." select $1,jrn_def_id,'W' from jrn_def",
1312  array($p_login));
1313 
1314 
1315  }
1316  static function remove_inexistant_user($p_dossier)
1317  {
1318  $cnx_repo=new Database();
1319  $cnx_dossier=new Database($p_dossier);
1320 
1321  $a_user=$cnx_dossier->get_array('select user_name from profile_user');
1322  if ( ! $a_user ) return;
1323  $nb=count($a_user);
1324  for ($i=0;$i < $nb;$i++) {
1325  if ( $cnx_repo->get_value('select count(*) from ac_users where use_login=$1',
1326  array($a_user[$i]['user_name'])) == 0) {
1327  $cnx_dossier->exec_sql("delete from user_sec_jrn where uj_login=$1",array($a_user[$i]['user_name']));
1328  $cnx_dossier->exec_sql("delete from profile_user where user_name=$1",array($a_user[$i]['user_name']));
1329  $cnx_dossier->exec_sql("delete from user_sec_act where ua_login=$1",array($a_user[$i]['user_name']));
1330  $cnx_dossier->exec_sql("delete from user_sec_jrn where uj_login=$1",array($a_user[$i]['user_name']));
1331  }
1332  }
1333  }
1334 }
1335 
1336 ?>
$r
$r
Definition: ajax_add_concerned_card.php:32
User\get_list
static get_list($p_dossier)
return an array with all the active users who can access $p_dossier including the global admin...
Definition: class_user.php:862
User\$first_name
$first_name
Definition: class_user.php:44
ALL
const ALL
Definition: constant.php:173
$audit
global $audit
Definition: constant.security.php:32
alert
alert($p_msg, $buffer=false)
alert in javascript
Definition: ac_common.php:666
$_POST
$_POST['ac']
Definition: do.php:279
User\grant_admin_access
static grant_admin_access($p_login, $p_dossier)
Grant access to folder, grant administrator profile , all the ledgers and all the action...
Definition: class_user.php:1278
User\save
save()
Definition: class_user.php:133
User\audit
audit($action= 'AUDIT', $p_module="")
Definition: class_user.php:1057
index
z index
Definition: action_search.php:30
$row
$row
Definition: ajax_anc_key_compute.php:47
User\save_email
save_email($p_email)
Save the password from PREFERENCE MODULE.
Definition: class_user.php:1243
User\$password
$password
Definition: class_user.php:48
User\set_mini_report
set_mini_report($p_id)
set the mini rapport to display on the welcome page
Definition: class_user.php:482
$action
$action
Definition: admin_repo.inc.php:31
$end
$end
Definition: ajax_display_letter.php:100
User\check_module
check_module($p_module)
Check if an user can access a module, return 1 if yes, otherwise 0 record in audit log This function ...
Definition: class_user.php:551
td
td($p_string='', $p_extra='')
surround the string with td
Definition: ac_common.php:83
User\get_available_folder
get_available_folder($p_filter="")
Get all the available folders for the users, checked with the security.
Definition: class_user.php:1021
User\load_global_pref
load_global_pref()
Get the global preferences from user_global_pref in the account_repository db.
Definition: class_user.php:608
User\get_limit_current_exercice
get_limit_current_exercice()
return the first date and the last date of the current exercice for the current user ...
Definition: class_user.php:932
$p_type
$p_type
Definition: export_balance_age_csv.php:44
$result
$result
Definition: anc_great_ledger.inc.php:23
$ret
$ret
Definition: ajax_display_letter.php:33
$res
$res
Definition: ajax_bank_saldo.php:66
$Ret
$Ret
Definition: param_pcmn.inc.php:56
User\get_ledger_access
get_ledger_access($p_ledger)
check that a user is valid and the access to the folder
Definition: class_user.php:280
Database\num_row
static num_row($ret)
wrapper for the function pg_NumRows
Definition: class_database.php:926
$max
$max
Definition: ajax_boxcard_search.php:40
User\can_read_repo
can_read_repo($p_repo)
Check if the profile of the user can read for this repository.
Definition: class_user.php:1215
User\check_print
check_print($p_action)
Check if the user can print (in menu_ref p_type_display=p) otherwise warn and exit.
Definition: class_user.php:755
$sql
$sql
Definition: ajax_add_concerned_card.php:51
$current_exercice
$current_exercice
Definition: export_fiche_detail_pdf.php:89
$Res
$Res
Definition: export_security_pdf.php:111
$sql_array
$sql_array['query']
Definition: ajax_add_concerned_card.php:46
User
Data & function about connected users.
Definition: class_user.php:36
User\can_request
can_request($p_action, $p_js=0)
Check if the user can access otherwise warn and exit.
Definition: class_user.php:728
User\get_mini_report
get_mini_report()
return the mini rapport to display on the welcome page
Definition: class_user.php:472
redirect
redirect($p_string, $p_time=0)
Definition: user_common.php:212
$tr
$tr
Definition: payment_middle.inc.php:28
User\show_dossier
show_dossier($p_filtre="")
Show all the available folder for the users at the login page.
Definition: class_user.php:952
User\can_write_action
can_write_action($dtoc)
Check if the profile of the user can write for this profile.
Definition: class_user.php:1165
$acc
if($id== '') $acc
Definition: ajax_bank_saldo.php:64
$value
$value
Definition: doc_state.inc.php:65
User\is_local_admin
is_local_admin($p_dossier=-1)
Check if an user is an local administrator.
Definition: class_user.php:808
$target
$target
Definition: ajax_anc_key_compute.php:36
$line
$line
Definition: ajax_display_letter.php:69
User\set_default_periode
set_default_periode()
Definition: class_user.php:419
$p_array
$p_array
Definition: ajax_view_mod_stock.php:34
User\__construct
__construct(&$p_cn, $p_id=-1)
Definition: class_user.php:51
$cn
$cn
Definition: ajax_auto_anc_card.php:8
User\save_profile
save_profile($p_id)
Definition: class_user.php:1080
$array
$array
Definition: ajax_boxcard_search.php:38
User\Admin
Admin()
Check if an user is an admin.
Definition: class_user.php:384
if
if(!defined('ALLOWED'))
Definition: admin_repo.inc.php:24
$nb
$nb
Definition: ajax_auto_anc_card.php:21
User\Check
Check($silent=false, $from= '')
Check if user is active and exists in therepository Automatically redirect, it doesn't check if a use...
Definition: class_user.php:161
User\get_exercice
get_exercice()
Return the year of current Periode it is the parm_periode.p_exercice col if an error occurs return 0...
Definition: class_user.php:708
User\can_add_action
can_add_action($p_profile)
Check if the current user can add an action in the profile given in parameter.
Definition: class_user.php:1147
User\check_action
check_action($p_action_id)
Check if an user is allowed to do an action.
Definition: class_user.php:573
User\get_readable_profile
get_readable_profile()
Compute the SQL string for the readable profile, the subselect for p_id , example p_id in $g_user->ge...
Definition: class_user.php:1129
$p_jrn
$p_jrn
Definition: history_operation.inc.php:68
Database\fetch_array
static fetch_array($ret, $p_indice=0)
wrapper for the function pg_fetch_array
Definition: class_database.php:937
Periode
For the periode tables parm_periode and jrn_periode.
Definition: class_periode.php:30
User\get_available_repository
get_available_repository($p_access='R')
return array of available repository
Definition: class_user.php:818
$start
$start
Definition: ajax_display_letter.php:85
name
$from_poste name
Definition: balance.inc.php:151
User\revoke_access
static revoke_access($p_login, $p_dossier)
Remove a user and all his privileges So it cannot connect anymore and all his privileges are removed ...
Definition: class_user.php:1254
$desc
$desc
Definition: ajax_get_profile.php:63
$dossier
$dossier
Definition: cfgfiche.inc.php:149
User\insert_default_global_pref
insert_default_global_pref($p_type="", $p_value="")
insert default pref if no parameter are given insert all the existing parameter otherwise only the re...
Definition: class_user.php:654
User\remove_inexistant_user
static remove_inexistant_user($p_dossier)
Definition: class_user.php:1316
User\load
load()
load data from database.
Definition: class_user.php:94
$_REQUEST
$_REQUEST['ac']
Definition: ajax_search_action.php:28
from
$bilan from
Definition: verif_bilan.inc.php:115
id
if(!isset($_REQUEST['p_jrn'])) else $Ledger id
Definition: compta_ach.inc.php:236
$p_id
$p_id
Definition: ajax_display_submenu.php:36
User\save_global_preference
save_global_preference($key, $value)
Save the preference , the scope is global, the settings are saved into account_repository.
Definition: class_user.php:504
h
h($p_string)
to protect again bad characters which can lead to a cross scripting attack the string to be diplayed ...
Definition: ac_common.php:38
User\update_global_pref
update_global_pref($p_type, $p_value="")
update default pref if value is not given then use the default value
Definition: class_user.php:688
$from
$from
Definition: balance.inc.php:67
Database
This class allow you to connect to the postgresql database, execute sql, retrieve data...
Definition: class_database.php:36
Database\fetch_result
static fetch_result($ret, $p_row=0, $p_col=0)
wrapper for the function pg_fetch_all
Definition: class_database.php:959
$count
$count
Definition: modele.inc.php:255
User\can_read_action
can_read_action($dtoc)
Check if the profile of the user can write for this profile.
Definition: class_user.php:1181
User\can_print
can_print($p_action, $p_js=0)
Check if the user can print (in menu_ref p_type_display=p) otherwise warn and exit.
Definition: class_user.php:774
User\get_profile
get_profile()
return the profile (p_id)
Definition: class_user.php:1097
User\can_write_repo
can_write_repo($p_repo)
Check if the profile of the user can write for this repository.
Definition: class_user.php:1196
$key
$key
Definition: ajax_anc_key_compute.php:34
p_id
$profile p_id
Definition: ajax_display_submenu.php:51
db
$SecUser db
Definition: export_security_pdf.php:112
$p_action
if(!isset($_GET['submit_query'])) $p_action
Definition: category_followup.inc.php:41
$Max
$Max
Definition: export_security_pdf.php:152
User\insert
insert()
Definition: class_user.php:141
User\get_preference
get_preference()
Get the default user's preferences.
Definition: class_user.php:529
User\save_password
save_password($p_pass1, $p_pass2)
Definition: class_user.php:1229
$profile
$profile
Definition: ajax_display_submenu.php:50
User\get_writable_profile
get_writable_profile()
Compute the SQL string for the writable profile, the subselect for p_id , example p_id in $g_user->ge...
Definition: class_user.php:1110
$periode
$periode
Definition: ajax_display_letter.php:30
$repo
if(isset($_REQUEST['gDossier'])&&$_REQUEST['gDossier']<>0) $repo
Definition: ajax_preference.php:55
User\check_jrn
check_jrn($p_jrn)
check the access of an user on a ledger
Definition: class_user.php:890
$type
$type
Definition: ajax_add_menu.php:43
User\get_periode
get_periode()
Get the default periode from the user's preferences.
Definition: class_user.php:454
exit
for($e=0;$e< count($afiche);$e++) exit
Definition: export_fiche_balance_csv.php:113
User\check_dossier
check_dossier($p_dossier_id, $silent=false)
check if an user can access a folder, if he cannot display a dialog box and exit
Definition: class_user.php:907