25if ( ! defined (
'ALLOWED') ) die(
'Appel direct ne sont pas permis');
26require_once NOALYSS_INCLUDE.
'/lib/ac_common.php';
39require_once NOALYSS_INCLUDE.
'/lib/user_menu.php';
46 $base_url=NOALYSS_URL.
"/do.php?".http_build_query(array(
"ac"=>
$http->request(
"ac"),
"gDossier"=>
dossier::id()));
48 echo
'<DIV class="content" >';
50 $header->add(_(
'Login'),$base_url,
"order by use_login asc",
"order by use_login desc",
'la',
'ld');
51 $header->add(_(
'Nom'),$base_url,
"order by use_name asc,use_first_name asc",
"order by use_name desc,use_first_name desc",
'na',
'nd');
52 $header->add(_(
"Type d'utilisateur"),$base_url,
"order by use_admin asc,use_login asc",
"order by use_admin desc,use_login desc",
'ta',
'td');
62 $user_sql =
$repo->exec_sql(
"select use_id,
67 from ac_users left join jnt_use_dos using (use_id)
68 where use_login != $2 and use_active=1
69 and (dos_id=$1 or (dos_id is null and use_admin=1))" . $ord_sql,
75 echo
'<TABLE class="result" >';
77 echo
'<th>'.$header->get_header(0).
'</th>';
78 echo
'<th>'.$header->get_header(1).
'</th>';
81 echo
th(_(
'Séc. Journaux actif'));
82 echo
th(_(
'Séc. Action actif'));
83 echo
'<th>'.$header->get_header(2).
'</th>';
84 for (
$i = 0;
$i < $MaxUser;
$i++)
91 $str=_(
'Utilisateur Normal');
92 if ( $l_line[
'use_admin'] == 1 )
93 $str=_(
'Administrateur');
97 join profile_user using(p_id) where user_name=$1",array($l_line[
'use_login']));
99 $url=$base_url.
"&action=view&user_id=".$l_line[
'use_id'];
103 echo
td($l_line[
'use_name']);
104 echo
td($l_line[
'use_first_name']);
107 $a_sec=
$cn->get_row(
"select us_ledger,us_action from user_active_security where us_login =$1",
108 [$l_line[
'use_login']]);
109 if ( ! empty($a_sec ) ) {
110 echo
td($a_sec[
'us_ledger']);
111 echo
td($a_sec[
'us_action']);
113 echo
td(_(
"Erreur sécurité"));
123if ( isset (
$_GET[
"action"] ))
143 $user_id=
$http->get(
'user_id',
"number");
148 $str=_(
"Aucun accès");
152 $str=_(
'Utilisateur normal');
155 if (
$User->admin==1 )
157 $str=_(
'Administrateur');
161 echo
'<h2>'.h(
$User->first_name).
' '.
h(
$User->name).
' '.
hi(
$User->login).
"($str)</h2>";
166 echo
'<h2 class="notice"> '.
167 _(
"Cet utilisateur est administrateur, il a tous les droits").
170 _(
"Impossible de modifier cet utilisateur dans cet écran, il faut passer par
171 l'écran administration -> utilisateur.").
180 echo
"<H2 class=\"error\">"
181 ._(
"L'utilisateur n'a pas accès à ce dossier").
"</H2>";
183 _(
"Impossible de modifier cet utilisateur dans cet écran, il faut passer par
184 l'écran administration -> utilisateur.").
196 $Res=
$cn->exec_sql(
"select jrn_def_id,jrn_def_name from jrn_def ".
197 " order by jrn_def_name");
198 $sec_User=
new Noalyss_user(
$cn,$user_id);
200 $sHref=http_build_query([
"act"=>
"PDF:sec",
"user_id"=>$user_id,
"gDossier"=>
$n_dossier_id]);
202 echo dossier::hidden();
205 $i_profile=
new ISelect (
'profile');
206 $i_profile->id=uniqid(
"profile");
207 $i_profile->value=
$cn->make_array(
"select p_id,p_name from profile where p_id > 0
210 $i_profile->selected=$sec_User->get_profile();
213 $ie_profile->set_callback(
"ajax_misc.php");
214 $ie_profile->add_json_param(
"op",
"profile");
216 $ie_profile->add_json_param(
"user_id", $user_id);
217 $ie_profile->add_json_param(
"profile_id", $i_profile->selected);
220 echo _(
"Profil").
" ".$ie_profile->input();
222 echo
'<Fieldset><legend>'._(
'Journaux').
'</legend>';
228 echo _(
"Sécurité sur les journaux").
" ";
229 $status_sec_ledger=$sec_User->get_status_security_ledger();
232 if ( $sec_User->admin==1) {
234 echo _(
"Les administrateurs NOALYSS ont toujours accès à tout");
235 $status_sec_ledger=0;
236 $sec_User->set_status_security_ledger(0);
240 $sec_ledger->set_callback(
"ajax_misc.php");
242 $sec_ledger->add_json_param(
"user_id", $user_id);
243 $sec_ledger->add_json_param(
"op",
"user_sec_ledger");
244 $sec_ledger->set_jscript(
" if ( $('security_ledger_tbl').visible() || {$sec_User->Admin()}==1) { $('security_ledger_tbl').hide();} else { $('security_ledger_tbl').show();}");
245 echo $sec_ledger->input();
246 echo
"<p class='info'>";
247 echo _(
"La sécurité sur les journaux, permet de limiter l'accès de l'utilisateur aux journaux, si cette ".
248 " sécurité n'est pas activée , l'utilisateur a accès à tous les journaux en lecture et écriture");
255 echo
'<div id="security_ledger_tbl">';
256 echo
HtmlInput::button(
"grant_all", _(
"Accès à tout"),
" onclick=\" grant_ledgers ('W') \"");
257 echo
HtmlInput::button(
"grant_readonly", _(
"Uniquement Lecture"),
" onclick=\" grant_ledgers ('R') \"");
258 echo
HtmlInput::button(
"revoke_all", _(
"Aucun accès"),
" onclick=\" grant_ledgers ('X') \"");
263 array (
'value'=>
'R',
'label'=>_(
'Uniquement lecture')),
264 array (
'value'=>
'W',
'label'=>_(
'Lecture et écriture')),
265 array (
'value'=>
'X',
'label'=>_(
'Aucun accès'))
267 for (
$i =0 ;
$i < $MaxJrn;
$i++ )
274 $ie_input->set_callback(
"ajax_misc.php");
275 $ie_input->add_json_param(
"jrn_def_id", $l_line[
'jrn_def_id']);
276 $ie_input->add_json_param(
"op",
"ledger_access");
278 $ie_input->add_json_param(
"user_id", $user_id);
279 $ie_input->set_value($sec_User->get_ledger_access($l_line[
'jrn_def_id']));
281 if (
$i == 0 ) echo
'<TD class="num"> <B> Journal </B> </TD>';
282 else echo
"<TD></TD>";
283 echo
"<TD class=\"num\"> $l_line[jrn_def_name] </TD>";
285 echo $ie_input->input();
297 echo
'<fieldset> <legend>'._(
'Actions').
'</legend>';
303 echo _(
"Sécurité sur les actions").
" ";
305 if ( $sec_User->admin==1) {
307 echo _(
"Les administrateurs NOALYSS ont toujours accès à tout");
308 $status_sec_action=0;
309 $sec_User->set_status_security_action(0);
312 $status_sec_action=$sec_User->get_status_security_action();
314 $sec_action->set_callback(
"ajax_misc.php");
316 $sec_action->add_json_param(
"user_id", $user_id);
317 $sec_action->add_json_param(
"op",
"user_sec_action");
318 $sec_action->set_jscript(
" if ( $('security_action_tbl').visible() ) { $('security_action_tbl').hide();} else { $('security_action_tbl').show();}");
319 echo $sec_action->input();
320 echo
"<p class='info'>";
321 echo _(
"La sécurité sur les actions permet de limiter ce que l'utilisateur peut faire, si "
322 .
" elle n'est pas active l'utilisateur a donc accès à toutes ces actions");
328 include(NOALYSS_TEMPLATE.
'/security_list_action.php');
330 echo
HtmlInput::button(
'Imprime',_(
'imprime'),
"onclick=\"window.open('export.php?".$sHref.
"');\"");
335 function grant_ledgers(p_access) {
337 var a_select=document.getElementsByTagName(
'span');
340 for (i = 0;i < a_select.length;i++) {
341 str_id =
new String( a_select[i].
id);
342 if ( str_id.search(/ledas/) > -1 ) {
343 if ( p_access===
"W") {
344 a_select[i].innerHTML=
"<?php echo _("Lecture et écriture
");?>";
345 }
else if (p_access ===
"R") {
346 a_select[i].innerHTML=
"<?php echo _("Uniquement lecture
");?>";
347 }
else if (p_access ===
"X") {
348 a_select[i].innerHTML=
"<?php echo _("Aucun accès
");?>";
354 new Ajax.Request(
"ajax_misc.php",{method:
"post",
356 op:
"ledger_access_all",
359 user_id:<?php echo $user_id;?>,
363 remove_waiting_box();
365 function grant_action(p_value) {
366 var a_select=document.getElementsByTagName(
'span');
369 for (i = 0;i < a_select.length;i++) {
371 str_id =
new String( a_select[i].
id);
372 if ( str_id ==
'sec_action') {
375 if ( str_id.search(/action/) > -1 ) {
376 if ( p_value == 0 ) {
377 a_select[i].setStyle(
"color:red");
378 a_select[i].innerHTML=
'';
380 a_select[i].setStyle(
"color:green");
381 a_select[i].innerHTML=
'';
385 new Ajax.Request(
"ajax_misc.php",{method:
"get",
387 op:
"action_access_all",
390 user_id:<?php echo $user_id;?>,
395 function display_security_ledger(p_value) {
397 $(
'security_ledger_tbl').show();}
399 $(
'security_ledger_tbl').hide();}
401 display_security_ledger(<?=$status_sec_ledger?>);
402 function display_security_action(p_value) {
404 $(
'security_action_tbl').show();}
406 $(
'security_action_tbl').hide();}
408 display_security_action(<?=$status_sec_action?>);
th($p_string, $p_extra='', $raw='')
td($p_string='', $p_extra='')
surround the string with td
h( $row[ 'oa_description'])
if(isset($_REQUEST['gDossier']) && $http->request("gDossier","number", 0) !=0) $repo
static fetch_array($ret, $p_indice=0, $p_mode=PGSQL_ASSOC)
wrapper for the function pg_fetch_array
static num_row($ret)
wrapper for the function pg_num_rows
contains the class for connecting to Noalyss
static id()
return the 'gDossier' value after a check
Html Input , create a tag <SELECT> ... </SELECT> if readonly == true then display the label correspon...
Inplace_edit class for ajax update of HtmlInput object.
A switch let you switch between 2 values : 0 and 1, it is used to replace the check.
Description of class_syn_sort_table.
if(count($a_accounting)==0) $header
if(! isset($_REQUEST['action'])) $action