1<?php 2/* Copyright (C) 2002-2005 Rodolphe Quiedeville <rodolphe@quiedeville.org> 3 * Copyright (C) 2002-2003 Jean-Louis Bergamo <jlb@j1b.org> 4 * Copyright (C) 2004-2020 Laurent Destailleur <eldy@users.sourceforge.net> 5 * Copyright (C) 2004 Eric Seigne <eric.seigne@ryxeo.com> 6 * Copyright (C) 2005-2017 Regis Houssin <regis.houssin@inodbox.com> 7 * Copyright (C) 2020 Tobias Sekan <tobias.sekan@startmail.com> 8 * 9 * This program is free software; you can redistribute it and/or modify 10 * it under the terms of the GNU General Public License as published by 11 * the Free Software Foundation; either version 3 of the License, or 12 * (at your option) any later version. 13 * 14 * This program is distributed in the hope that it will be useful, 15 * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 * GNU General Public License for more details. 18 * 19 * You should have received a copy of the GNU General Public License 20 * along with this program. If not, see <https://www.gnu.org/licenses/>. 21 */ 22 23/** 24 * \file htdocs/user/group/perms.php 25 * \brief Onglet user et permissions de la fiche utilisateur 26 */ 27 28require '../../main.inc.php'; 29require_once DOL_DOCUMENT_ROOT.'/user/class/usergroup.class.php'; 30require_once DOL_DOCUMENT_ROOT.'/core/lib/usergroups.lib.php'; 31require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; 32require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php'; 33 34// Load translation files required by page 35$langs->loadLangs(array('users', 'admin')); 36 37$id = GETPOST('id', 'int'); 38$action = GETPOST('action', 'aZ09'); 39$confirm = GETPOST('confirm', 'alpha'); 40$module = GETPOST('module', 'alpha'); 41$rights = GETPOST('rights', 'int'); 42$contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'groupperms'; // To manage different context of search 43 44// Define if user can read permissions 45$canreadperms = ($user->admin || $user->rights->user->user->lire); 46// Define if user can modify group permissions 47$caneditperms = ($user->admin || $user->rights->user->user->creer); 48// Advanced permissions 49$advancedpermsactive = false; 50if (!empty($conf->global->MAIN_USE_ADVANCED_PERMS)) 51{ 52 $advancedpermsactive = true; 53 $canreadperms = ($user->admin || ($user->rights->user->group_advance->read && $user->rights->user->group_advance->readperms)); 54 $caneditperms = ($user->admin || $user->rights->user->group_advance->write); 55} 56 57if (!$canreadperms) accessforbidden(); 58 59$object = new Usergroup($db); 60$object->fetch($id); 61 62$entity = $conf->entity; 63 64// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context 65$hookmanager->initHooks(array('groupperms', 'globalcard')); 66 67 68/** 69 * Actions 70 */ 71 72$parameters = array(); 73$reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks 74if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'errors'); 75 76if (empty($reshook)) { 77 if ($action == 'addrights' && $caneditperms) { 78 $editgroup = new Usergroup($db); 79 $result = $editgroup->fetch($id); 80 if ($result > 0) { 81 $result = $editgroup->addrights($rights, $module, '', $entity); 82 if ($result < 0) { 83 setEventMessages($editgroup->error, $editgroup->errors, 'errors'); 84 } 85 } else { 86 dol_print_error($db); 87 } 88 } 89 90 if ($action == 'delrights' && $caneditperms) { 91 $editgroup = new Usergroup($db); 92 $result = $editgroup->fetch($id); 93 if ($result > 0) { 94 $result = $editgroup->delrights($rights, $module, '', $entity); 95 if ($result < 0) { 96 setEventMessages($editgroup->error, $editgroup->errors, 'errors'); 97 } 98 } else { 99 dol_print_error($db); 100 } 101 } 102} 103 104 105/** 106 * View 107 */ 108 109$form = new Form($db); 110 111llxHeader('', $langs->trans("Permissions")); 112 113if ($object->id > 0) 114{ 115 /* 116 * Affichage onglets 117 */ 118 $object->getrights(); // Reload permission 119 120 $head = group_prepare_head($object); 121 $title = $langs->trans("Group"); 122 print dol_get_fiche_head($head, 'rights', $title, -1, 'group'); 123 124 // Charge les modules soumis a permissions 125 $modules = array(); 126 $modulesdir = dolGetModulesDirs(); 127 128 $db->begin(); 129 130 foreach ($modulesdir as $dir) 131 { 132 $handle = @opendir(dol_osencode($dir)); 133 if (is_resource($handle)) 134 { 135 while (($file = readdir($handle)) !== false) 136 { 137 if (is_readable($dir.$file) && substr($file, 0, 3) == 'mod' && substr($file, dol_strlen($file) - 10) == '.class.php') 138 { 139 $modName = substr($file, 0, dol_strlen($file) - 10); 140 141 if ($modName) 142 { 143 include_once $dir.$file; 144 $objMod = new $modName($db); 145 // Load all lang files of module 146 if (isset($objMod->langfiles) && is_array($objMod->langfiles)) 147 { 148 foreach ($objMod->langfiles as $domain) 149 { 150 $langs->load($domain); 151 } 152 } 153 // Load all permissions 154 if ($objMod->rights_class) 155 { 156 $ret = $objMod->insert_permissions(0, $entity); 157 $modules[$objMod->rights_class] = $objMod; 158 } 159 } 160 } 161 } 162 } 163 } 164 165 $db->commit(); 166 167 // Read permissions of group 168 $permsgroupbyentity = array(); 169 170 $sql = "SELECT DISTINCT r.id, r.libelle, r.module, gr.entity"; 171 $sql .= " FROM ".MAIN_DB_PREFIX."rights_def as r,"; 172 $sql .= " ".MAIN_DB_PREFIX."usergroup_rights as gr"; 173 $sql .= " WHERE gr.fk_id = r.id"; 174 $sql .= " AND gr.entity = ".$entity; 175 $sql .= " AND gr.fk_usergroup = ".$object->id; 176 177 dol_syslog("get user perms", LOG_DEBUG); 178 $result = $db->query($sql); 179 if ($result) 180 { 181 $num = $db->num_rows($result); 182 $i = 0; 183 while ($i < $num) 184 { 185 $obj = $db->fetch_object($result); 186 if (!isset($permsgroupbyentity[$obj->entity])) 187 $permsgroupbyentity[$obj->entity] = array(); 188 array_push($permsgroupbyentity[$obj->entity], $obj->id); 189 $i++; 190 } 191 $db->free($result); 192 } else { 193 dol_print_error($db); 194 } 195 196 $linkback = '<a href="'.DOL_URL_ROOT.'/user/group/list.php?restore_lastsearch_values=1">'.$langs->trans("BackToList").'</a>'; 197 198 dol_banner_tab($object, 'id', $linkback, $user->rights->user->user->lire || $user->admin); 199 200 print '<div class="fichecenter">'; 201 print '<div class="underbanner clearboth"></div>'; 202 203 /* 204 * Ecran ajout/suppression permission 205 */ 206 207 print '<table class="border centpercent tableforfield">'; 208 209 // Name (already in dol_banner, we keep it to have the GlobalGroup picto, but we should move it in dol_banner) 210 if (!empty($conf->mutlicompany->enabled)) 211 { 212 print '<tr><td class="titlefield">'.$langs->trans("Name").'</td>'; 213 print '<td colspan="2">'.$object->name.''; 214 if (!$object->entity) 215 { 216 print img_picto($langs->trans("GlobalGroup"), 'redstar'); 217 } 218 print "</td></tr>\n"; 219 } 220 221 // Note 222 print '<tr><td class="titlefield tdtop">'.$langs->trans("Description").'</td>'; 223 print '<td class="valeur sensiblehtmlcontent">'; 224 print dol_string_onlythesehtmltags(dol_htmlentitiesbr($object->note)); 225 print '</td>'; 226 print "</tr>\n"; 227 228 print '</table><br>'; 229 230 if ($user->admin) print info_admin($langs->trans("WarningOnlyPermissionOfActivatedModules")); 231 232 $parameters = array(); 233 $reshook = $hookmanager->executeHooks('insertExtraHeader', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks 234 if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'errors'); 235 236 print "\n"; 237 print '<div class="div-table-responsive-no-min">'; 238 print '<table class="noborder centpercent">'; 239 print '<tr class="liste_titre">'; 240 print '<td>'.$langs->trans("Module").'</td>'; 241 if ($caneditperms) 242 { 243 print '<td class="center nowrap">'; 244 print '<a class="reposition commonlink" title="'.dol_escape_htmltag($langs->trans("All")).'" alt="'.dol_escape_htmltag($langs->trans("All")).'" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=addrights&entity='.$entity.'&module=allmodules">'.$langs->trans("All")."</a>"; 245 print '/'; 246 print '<a class="reposition commonlink" title="'.dol_escape_htmltag($langs->trans("None")).'" alt="'.dol_escape_htmltag($langs->trans("None")).'" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=delrights&entity='.$entity.'&module=allmodules">'.$langs->trans("None")."</a>"; 247 print '</td>'; 248 } 249 print '<td class="center" width="24"> </td>'; 250 print '<td>'.$langs->trans("Permissions").'</td>'; 251 if ($user->admin) print '<td class="right">'.$langs->trans("ID").'</td>'; 252 print '</tr>'."\n"; 253 254 $sql = "SELECT r.id, r.libelle as label, r.module"; 255 $sql .= " FROM ".MAIN_DB_PREFIX."rights_def as r"; 256 $sql .= " WHERE r.libelle NOT LIKE 'tou%'"; // On ignore droits "tous" 257 $sql .= " AND r.entity = ".$entity; 258 if (empty($conf->global->MAIN_USE_ADVANCED_PERMS)) $sql .= " AND r.perms NOT LIKE '%_advance'"; // Hide advanced perms if option is disable 259 $sql .= " ORDER BY r.module, r.id"; 260 261 $result = $db->query($sql); 262 if ($result) 263 { 264 $num = $db->num_rows($result); 265 $i = 0; 266 $oldmod = ''; 267 268 while ($i < $num) 269 { 270 $obj = $db->fetch_object($result); 271 272 // If line is for a module that doe snot existe anymore (absent of includes/module), we ignore it 273 if (empty($modules[$obj->module])) 274 { 275 $i++; 276 continue; 277 } 278 279 if ($oldmod <> $obj->module) 280 { 281 $oldmod = $obj->module; 282 283 // Break detected, we get objMod 284 $objMod = $modules[$obj->module]; 285 $picto = ($objMod->picto ? $objMod->picto : 'generic'); 286 287 // Show break line 288 print '<tr class="oddeven trforbreak">'; 289 print '<td class="maxwidthonsmartphone tdoverflowonsmartphone">'; 290 print img_object('', $picto, 'class="pictoobjectwidth paddingright"').' '.$objMod->getName(); 291 print '<a name="'.$objMod->getName().'"></a>'; 292 print '</td>'; 293 if ($caneditperms) 294 { 295 print '<td class="center nowrap">'; 296 print '<a class="reposition" title='.$langs->trans("All").' alt='.$langs->trans("All").' href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=addrights&entity='.$entity.'&module='.$obj->module.'">'.$langs->trans("All")."</a>"; 297 print '/'; 298 print '<a class="reposition" title='.$langs->trans("None").' alt='.$langs->trans("None").' href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=delrights&entity='.$entity.'&module='.$obj->module.'">'.$langs->trans("None")."</a>"; 299 print '</td>'; 300 } else { 301 print '<td> </td>'; 302 } 303 print '<td colspan="2"> </td>'; 304 305 // Permission id 306 if ($user->admin) print '<td class="right"></td>'; 307 308 print '</tr>'; 309 } 310 311 print '<!-- '.$obj->module.'->'.$obj->perms.($obj->subperms ? '->'.$obj->subperms : '').' -->'."\n"; 312 print '<tr class="oddeven">'; 313 314 // Picto and label of module 315 print '<td class="maxwidthonsmartphone tdoverflowonsmartphone">'; 316 //print img_object('', $picto, 'class="inline-block pictoobjectwidth"').' '.$objMod->getName(); 317 print '</td>'; 318 319 if (is_array($permsgroupbyentity[$entity])) 320 { 321 if (in_array($obj->id, $permsgroupbyentity[$entity])) 322 { 323 // Own permission by group 324 if ($caneditperms) 325 { 326 print '<td class="center"><a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=delrights&entity='.$entity.'&rights='.$obj->id.'">'; 327 //print img_edit_remove($langs->trans("Remove")); 328 print img_picto($langs->trans("Remove"), 'switch_on'); 329 print '</a></td>'; 330 } 331 print '<td class="center nowrap">'; 332 print img_picto($langs->trans("Active"), 'tick'); 333 print '</td>'; 334 } else { 335 // Do not own permission 336 if ($caneditperms) 337 { 338 print '<td class="center"><a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=addrights&entity='.$entity.'&rights='.$obj->id.'">'; 339 //print img_edit_add($langs->trans("Add")); 340 print img_picto($langs->trans("Add"), 'switch_off'); 341 print '</a></td>'; 342 } 343 print '<td> </td>'; 344 } 345 } else { 346 // Do not own permission 347 if ($caneditperms) 348 { 349 print '<td class="center"><a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=addrights&entity='.$entity.'&rights='.$obj->id.'">'; 350 //print img_edit_add($langs->trans("Add")); 351 print img_picto($langs->trans("Add"), 'switch_off'); 352 print '</a></td>'; 353 } 354 print '<td> </td>'; 355 } 356 357 $permlabel = ($conf->global->MAIN_USE_ADVANCED_PERMS && ($langs->trans("PermissionAdvanced".$obj->id) != ("PermissionAdvanced".$obj->id)) ? $langs->trans("PermissionAdvanced".$obj->id) : (($langs->trans("Permission".$obj->id) != ("Permission".$obj->id)) ? $langs->trans("Permission".$obj->id) : $langs->trans($obj->label))); 358 print '<td class="maxwidthonsmartphone">'.$permlabel.'</td>'; 359 360 // Permission id 361 if ($user->admin) print '<td class="right"><span class="opacitymedium">'.$obj->id.'</span></td>'; 362 363 print '</tr>'."\n"; 364 365 $i++; 366 } 367 } 368 print '</table>'; 369 print '</div>'; 370 371 print '</div>'; 372 373 $parameters = array(); 374 $reshook = $hookmanager->executeHooks('insertExtraFooter', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks 375 if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'errors'); 376 377 print dol_get_fiche_end(); 378} 379 380// End of page 381llxFooter(); 382$db->close(); 383