noalyss Version-9
param_sec.inc.php
Go to the documentation of this file.
1<?php
2/*
3 * This file is part of NOALYSS.
4 *
5 * NOALYSS is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * NOALYSS is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with NOALYSS; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18*/
19// Copyright Author Dany De Bontridder danydb@aevalys.eu
20
21
22/*! \file
23 * \brief Set the security for an user
24 */
25if ( ! defined ('ALLOWED') ) die('Appel direct ne sont pas permis');
26require_once NOALYSS_INCLUDE.'/lib/ac_common.php';
27
29
31$str_dossier=dossier::get();
32
33/* Admin. Dossier */
35global $g_user;
36$g_user->Check();
37$g_user->check_dossier($gDossier);
38
39require_once NOALYSS_INCLUDE.'/lib/user_menu.php';
40
41/////////////////////////////////////////////////////////////////////////
42// List users
43/////////////////////////////////////////////////////////////////////////
44if ( ! isset($_REQUEST['action']))
45{
46 $base_url=NOALYSS_URL."/do.php?".http_build_query(array("ac"=>$http->request("ac"),"gDossier"=>dossier::id()));
47
48 echo '<DIV class="content" >';
49 $header=new Sort_Table();
50 $header->add(_('Login'),$base_url,"order by use_login asc","order by use_login desc",'la','ld');
51 $header->add(_('Nom'),$base_url,"order by use_name asc,use_first_name asc","order by use_name desc,use_first_name desc",'na','nd');
52 $header->add(_("Type d'utilisateur"),$base_url,"order by use_admin asc,use_login asc","order by use_admin desc,use_login desc",'ta','td');
53
54
55 $order=$http->request("ord","string","la");
56
57 $ord_sql=$header->get_sql_order($order);
58
59
60 $repo=new Database();
61 /* Show all the active users, including admin */
62 $user_sql = $repo->exec_sql("select use_id,
63 use_first_name,
64 use_name,
65 use_login,
66 use_admin
67 from ac_users left join jnt_use_dos using (use_id)
68 where use_login != $2 and use_active=1
69 and (dos_id=$1 or (dos_id is null and use_admin=1))" . $ord_sql,
71
72 $MaxUser = Database::num_row($user_sql);
73
74
75 echo '<TABLE class="result" >';
76 echo "<tr>";
77 echo '<th>'.$header->get_header(0).'</th>';
78 echo '<th>'.$header->get_header(1).'</th>';
79 echo th(_('prénom'));
80 echo th(_('profil'));
81 echo th(_('Séc. Journaux actif'));
82 echo th(_('Séc. Action actif'));
83 echo '<th>'.$header->get_header(2).'</th>';
84 for ($i = 0;$i < $MaxUser;$i++)
85 {
86 echo '<tr>';
87 $l_line=Database::fetch_array($user_sql,$i);
88
89
90 $str="";
91 $str=_('Utilisateur Normal');
92 if ( $l_line['use_admin'] == 1 )
93 $str=_('Administrateur');
94
95 // get profile
96 $profile=$cn->get_value("select p_name from profile
97 join profile_user using(p_id) where user_name=$1",array($l_line['use_login']));
98
99 $url=$base_url."&action=view&user_id=".$l_line['use_id'];
100 echo "<td>";
101 echo HtmlInput::anchor($l_line['use_login'], $url);
102 echo "</td>";
103 echo td($l_line['use_name']);
104 echo td($l_line['use_first_name']);
105 echo td($profile);
106 // status of security on ledger and action
107 $a_sec=$cn->get_row("select us_ledger,us_action from user_active_security where us_login =$1",
108 [$l_line['use_login']]);
109 if ( ! empty($a_sec ) ) {
110 echo td($a_sec['us_ledger']);
111 echo td($a_sec['us_action']);
112 } else {
113 echo td(_("Erreur sécurité"));
114 echo td("");
115 }
116 echo td($str);
117 echo "</TR>";
118 }
119 echo '</TABLE>';
120}
122
123if ( isset ($_GET["action"] ))
124{
125 $action=$http->get("action");
126
127}
128
129
130
131
132
133//--------------------------------------------------------------------------------
134// Action == View detail for users
135//--------------------------------------------------------------------------------
136
137if ( $action == "view" )
138{
139 $l_Db=sprintf("dossier%d",$gDossier);
140 $return= HtmlInput::button_anchor(_('Retour à la liste'),'?&ac='.$http->request('ac').'&'.dossier::get(),_('retour'),"",'button');
141
142 $repo=new Database();
143 $user_id=$http->get('user_id',"number");
144 $User=new Noalyss_user($repo,$user_id);
145 $admin=0;
146 $access=$User->get_folder_access($gDossier);
147
148 $str=_("Aucun accès");
149
150 if ($access=='R')
151 {
152 $str=_('Utilisateur normal');
153 }
154
155 if ( $User->admin==1 )
156 {
157 $str=_('Administrateur');
158 $admin=1;
159 }
160 $str=" ".$str;
161 echo '<h2>'.h($User->first_name).' '.h($User->name).' '.hi($User->login)."($str)</h2>";
162
163
164 if ( $user_id == 1 )
165 {
166 echo '<h2 class="notice"> '.
167 _("Cet utilisateur est administrateur, il a tous les droits").
168 '</h2>';
169 echo "<p>".
170 _("Impossible de modifier cet utilisateur dans cet écran, il faut passer par
171 l'écran administration -> utilisateur.").
172 "</p>";
173 echo $return;
174 return;
175 }
176 //
177 // Check if the user can access that folder
178 if ( $access == 'X' )
179 {
180 echo "<H2 class=\"error\">"
181 ._("L'utilisateur n'a pas accès à ce dossier")."</H2>";
182 echo "<p> ".
183 _("Impossible de modifier cet utilisateur dans cet écran, il faut passer par
184 l'écran administration -> utilisateur.").
185 "</p>";
186 echo $return;
187 $action="";
188 return;
189 }
190
191
192 //--------------------------------------------------------------------------------
193 // Show access for journal
194 //--------------------------------------------------------------------------------
195
196 $Res=$cn->exec_sql("select jrn_def_id,jrn_def_name from jrn_def ".
197 " order by jrn_def_name");
198 $sec_User=new Noalyss_user($cn,$user_id);
200 $sHref=http_build_query(["act"=>"PDF:sec","user_id"=>$user_id,"gDossier"=>$n_dossier_id]);
201
202 echo dossier::hidden();
203 echo HtmlInput::hidden('action','sec');
204 echo HtmlInput::hidden('user_id',$user_id);
205 $i_profile=new ISelect ('profile');
206 $i_profile->id=uniqid("profile");
207 $i_profile->value=$cn->make_array("select p_id,p_name from profile where p_id > 0
208 order by p_name");
209
210 $i_profile->selected=$sec_User->get_profile();
211 $ie_profile=new Inplace_Edit($i_profile);
212
213 $ie_profile->set_callback("ajax_misc.php");
214 $ie_profile->add_json_param("op", "profile");
215 $ie_profile->add_json_param("gDossier", $n_dossier_id);
216 $ie_profile->add_json_param("user_id", $user_id);
217 $ie_profile->add_json_param("profile_id", $i_profile->selected);
218
219 echo "<p>";
220 echo _("Profil")." ".$ie_profile->input();
221 echo "</p>";
222 echo '<Fieldset><legend>'._('Journaux').'</legend>';
223
224 //-------------------------------------------------------------------------
225 // Enable or not the security on ledger
226 //-------------------------------------------------------------------------
227 echo "<p>";
228 echo _("Sécurité sur les journaux")." ";
229 $status_sec_ledger=$sec_User->get_status_security_ledger();
230 //--
231 // Administrator can always access all the ledgers
232 if ( $sec_User->admin==1) {
233 echo '<p>';
234 echo _("Les administrateurs NOALYSS ont toujours accès à tout");
235 $status_sec_ledger=0;
236 $sec_User->set_status_security_ledger(0);
237 } else {
238
239 $sec_ledger=new Inplace_Switch("sec_ledger", $status_sec_ledger);
240 $sec_ledger->set_callback("ajax_misc.php");
241 $sec_ledger->add_json_param("gDossier", $n_dossier_id);
242 $sec_ledger->add_json_param("user_id", $user_id);
243 $sec_ledger->add_json_param("op", "user_sec_ledger");
244 $sec_ledger->set_jscript(" if ( $('security_ledger_tbl').visible() || {$sec_User->Admin()}==1) { $('security_ledger_tbl').hide();} else { $('security_ledger_tbl').show();}");
245 echo $sec_ledger->input();
246 echo "<p class='info'>";
247 echo _("La sécurité sur les journaux, permet de limiter l'accès de l'utilisateur aux journaux, si cette ".
248 " sécurité n'est pas activée , l'utilisateur a accès à tous les journaux en lecture et écriture");
249 echo "</p>";
250 }
251 echo "</p>";
252 //------------------------------------------------------------------------
253 // Access by ledgers, needed if the security on ledger is enable
254 //------------------------------------------------------------------------
255 echo '<div id="security_ledger_tbl">';
256 echo HtmlInput::button("grant_all", _("Accès à tout"), " onclick=\" grant_ledgers ('W') \"");
257 echo HtmlInput::button("grant_readonly", _("Uniquement Lecture"), " onclick=\" grant_ledgers ('R') \"");
258 echo HtmlInput::button("revoke_all", _("Aucun accès"), " onclick=\" grant_ledgers ('X') \"");
259 echo '<table>';
260 $MaxJrn=Database::num_row($Res);
261 $jrn_priv=new ISelect("iledger");
262 $array=array(
263 array ('value'=>'R','label'=>_('Uniquement lecture')),
264 array ('value'=>'W','label'=>_('Lecture et écriture')),
265 array ('value'=>'X','label'=>_('Aucun accès'))
266 );
267 for ( $i =0 ; $i < $MaxJrn; $i++ )
268 {
269 /* set the widget */
271 $jrn_priv->value=$array;
272 $jrn_priv->id="ledas".uniqid();
273 $ie_input=new Inplace_Edit($jrn_priv);
274 $ie_input->set_callback("ajax_misc.php");
275 $ie_input->add_json_param("jrn_def_id", $l_line['jrn_def_id']);
276 $ie_input->add_json_param("op", "ledger_access");
277 $ie_input->add_json_param("gDossier", $n_dossier_id);
278 $ie_input->add_json_param("user_id", $user_id);
279 $ie_input->set_value($sec_User->get_ledger_access($l_line['jrn_def_id']));
280 echo '<TR> ';
281 if ( $i == 0 ) echo '<TD class="num"> <B> Journal </B> </TD>';
282 else echo "<TD></TD>";
283 echo "<TD class=\"num\"> $l_line[jrn_def_name] </TD>";
284 echo '<td>';
285 echo $ie_input->input();
286 echo '</td>';
287 echo '</tr>';
288 }
289 echo '</table>';
290 echo '</div>';
291 echo '</fieldset>';
292
293 echo '<hr>';
294 //**********************************************************************
295 // Show Priv. for actions
296 //**********************************************************************
297 echo '<fieldset> <legend>'._('Actions').'</legend>';
298
299 //-------------------------------------------------------------------------
300 // Enable or not the security on ledger
301 //-------------------------------------------------------------------------
302 echo "<p>";
303 echo _("Sécurité sur les actions")." ";
304 // Administrator always have all action
305 if ( $sec_User->admin==1) {
306 echo '<p>';
307 echo _("Les administrateurs NOALYSS ont toujours accès à tout");
308 $status_sec_action=0;
309 $sec_User->set_status_security_action(0);
310 } else {
311
312 $status_sec_action=$sec_User->get_status_security_action();
313 $sec_action=new Inplace_Switch("sec_action", $status_sec_action);
314 $sec_action->set_callback("ajax_misc.php");
315 $sec_action->add_json_param("gDossier", $n_dossier_id);
316 $sec_action->add_json_param("user_id", $user_id);
317 $sec_action->add_json_param("op", "user_sec_action");
318 $sec_action->set_jscript(" if ( $('security_action_tbl').visible() ) { $('security_action_tbl').hide();} else { $('security_action_tbl').show();}");
319 echo $sec_action->input();
320 echo "<p class='info'>";
321 echo _("La sécurité sur les actions permet de limiter ce que l'utilisateur peut faire, si "
322 . " elle n'est pas active l'utilisateur a donc accès à toutes ces actions");
323 echo "</p>";
324 }
325 echo "</p>";
326
327
328 include(NOALYSS_TEMPLATE.'/security_list_action.php');
329 echo '</fieldset>';
330 echo HtmlInput::button('Imprime',_('imprime'),"onclick=\"window.open('export.php?".$sHref."');\"");
331 echo $return;
332
333 ?>
334 <script>
335 function grant_ledgers(p_access) {
336 waiting_box();
337 var a_select=document.getElementsByTagName('span');
338 var i=0;
339 var str_id="";
340 for (i = 0;i < a_select.length;i++) {
341 str_id = new String( a_select[i].id);
342 if ( str_id.search(/ledas/) > -1 ) {
343 if ( p_access==="W") {
344 a_select[i].innerHTML="<?php echo _("Lecture et écriture");?>";
345 } else if (p_access === "R") {
346 a_select[i].innerHTML="<?php echo _("Uniquement lecture");?>";
347 } else if (p_access === "X") {
348 a_select[i].innerHTML="<?php echo _("Aucun accès");?>";
349 }
350
351 }
352 }
353
354 new Ajax.Request("ajax_misc.php",{method:"post",
355 parameters:{
356 op:"ledger_access_all",
357 gDossier:<?php echo $n_dossier_id?>,
358 method:"get",
359 user_id:<?php echo $user_id;?>,
360 access:p_access
361 }
362 });
363 remove_waiting_box();
364 }
365 function grant_action(p_value) {
366 var a_select=document.getElementsByTagName('span');
367 var i=0;
368 var str_id="";
369 for (i = 0;i < a_select.length;i++) {
370
371 str_id = new String( a_select[i].id);
372 if ( str_id == 'sec_action') {
373 continue;
374 }
375 if ( str_id.search(/action/) > -1 ) {
376 if ( p_value == 0 ) {
377 a_select[i].setStyle("color:red");
378 a_select[i].innerHTML='&#xf204';
379 } else {
380 a_select[i].setStyle("color:green");
381 a_select[i].innerHTML='&#xf205';
382 }
383 }
384 } // loop
385 new Ajax.Request("ajax_misc.php",{method:"get",
386 parameters:{
387 op:"action_access_all",
388 gDossier:<?php echo $n_dossier_id?>,
389 method:"get",
390 user_id:<?php echo $user_id;?>,
391 access:p_value
392 }
393 });
394 }
395 function display_security_ledger(p_value) {
396 if ( p_value == 1) {
397 $('security_ledger_tbl').show();}
398 else {
399 $('security_ledger_tbl').hide();}
400 }
401 display_security_ledger(<?=$status_sec_ledger?>);
402 function display_security_action(p_value) {
403 if ( p_value == 1) {
404 $('security_action_tbl').show();}
405 else {
406 $('security_action_tbl').hide();}
407 }
408 display_security_action(<?=$status_sec_action?>);
409 </script>
410<?php
411} // end of the form
412echo "</DIV>";
414?>
th($p_string, $p_extra='', $raw='')
Definition: ac_common.php:58
hi($p_string)
Definition: ac_common.php:48
html_page_stop()
end tag
Definition: ac_common.php:468
td($p_string='', $p_extra='')
surround the string with td
Definition: ac_common.php:83
h( $row[ 'oa_description'])
$url
if($ledger=="") $access
if(isset($_REQUEST['gDossier']) && $http->request("gDossier","number", 0) !=0) $repo
$_REQUEST['ac']
$input_from id
Definition: balance.inc.php:63
$_GET['qcode']
static fetch_array($ret, $p_indice=0, $p_mode=PGSQL_ASSOC)
wrapper for the function pg_fetch_array
static num_row($ret)
wrapper for the function pg_num_rows
contains the class for connecting to Noalyss
static id()
return the 'gDossier' value after a check
static connect()
static button($p_name, $p_value, $p_javascript="", $p_class="smallbutton")
static anchor($p_text, $p_url="", $p_js="", $p_style=' class="line" ', $p_title="click", array $p_attribute=[])
Return a simple anchor with a url or a javascript if $p_js is not null then p_url will be javascript:...
static hidden($p_name, $p_value, $p_id="")
static button_anchor($p_label, $p_value, $p_name="", $p_javascript="", $p_class="smallbutton")
create a button with a ref
manage the http input (get , post, request) and extract from an array
Html Input , create a tag <SELECT> ... </SELECT> if readonly == true then display the label correspon...
Inplace_edit class for ajax update of HtmlInput object.
A switch let you switch between 2 values : 0 and 1, it is used to replace the check.
Description of class_syn_sort_table.
$jrn_priv
$Res
if(count($a_accounting)==0) $header
$str
Definition: fiche.inc.php:91
NOALYSS_ADMINISTRATOR
Definition: install.php:735
$gDossier
$str_dossier
global $g_user
$http
if(! isset($_REQUEST['action'])) $action