1<?php 2 3/* 4 ------------------------------------------------------------------------ 5 FusionInventory 6 Copyright (C) 2010-2016 by the FusionInventory Development Team. 7 8 http://www.fusioninventory.org/ http://forge.fusioninventory.org/ 9 ------------------------------------------------------------------------ 10 11 LICENSE 12 13 This file is part of FusionInventory project. 14 15 FusionInventory is free software: you can redistribute it and/or modify 16 it under the terms of the GNU Affero General Public License as published by 17 the Free Software Foundation, either version 3 of the License, or 18 (at your option) any later version. 19 20 FusionInventory is distributed in the hope that it will be useful, 21 but WITHOUT ANY WARRANTY; without even the implied warranty of 22 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 23 GNU Affero General Public License for more details. 24 25 You should have received a copy of the GNU Affero General Public License 26 along with FusionInventory. If not, see <http://www.gnu.org/licenses/>. 27 28 ------------------------------------------------------------------------ 29 30 @package FusionInventory 31 @author David Durieux 32 @co-author 33 @copyright Copyright (c) 2010-2016 FusionInventory team 34 @license AGPL License 3.0 or (at your option) any later version 35 http://www.gnu.org/licenses/agpl-3.0-standalone.html 36 @link http://www.fusioninventory.org/ 37 @link http://forge.fusioninventory.org/projects/fusioninventory-for-glpi/ 38 @since 2010 39 40 ------------------------------------------------------------------------ 41 */ 42 43if (!defined('GLPI_ROOT')) { 44 die("Sorry. You can't access directly to this file"); 45} 46 47class PluginFusioninventoryProfile extends Profile { 48 49 static $rightname = "config"; 50 51 /* 52 * Old profile names: 53 * 54 * agent 55 * remotecontrol 56 * configuration 57 * wol 58 * unmanaged 59 * task 60 * iprange 61 * credential 62 * credentialip 63 * existantrule 64 * importxml 65 * blacklist 66 * ESX 67 * configsecurity 68 * networkequipment 69 * printer 70 * model 71 * reportprinter 72 * reportnetworkequipment 73 * packages 74 * status 75 */ 76 77 static function getOldRightsMappings() { 78 $types = array ('agent' => 'plugin_fusioninventory_agent', 79 'remotecontrol' => 'plugin_fusioninventory_remotecontrol', 80 'configuration' => 'plugin_fusioninventory_configuration', 81 'wol' => 'plugin_fusioninventory_wol', 82 'unmanaged' => 'plugin_fusioninventory_unmanaged', 83 'task' => 'plugin_fusioninventory_task', 84 'credential' => 'plugin_fusioninventory_credential', 85 'credentialip' => 'plugin_fusioninventory_credentialip', 86 'existantrule' => array('plugin_fusioninventory_ruleimport', 87 'plugin_fusioninventory_ruleentity', 88 'plugin_fusioninventory_rulelocation'), 89 'importxml' => 'plugin_fusioninventory_importxml', 90 'blacklist' => 'plugin_fusioninventory_blacklist', 91 'ESX' => 'plugin_fusioninventory_esx', 92 'configsecurity' => 'plugin_fusioninventory_configsecurity', 93 'networkequipment' => 'plugin_fusioninventory_networkequipment', 94 'printer' => 'plugin_fusioninventory_printer', 95 'reportprinter' => 'plugin_fusioninventory_reportprinter', 96 'reportnetworkequipment' => 'plugin_fusioninventory_reportnetworkequipment', 97 'packages' => 'plugin_fusioninventory_package', 98 'status' => 'plugin_fusioninventory_status', 99 'collect' => array('plugin_fusioninventory_collect', 100 'plugin_fusioninventory_rulecollect')); 101 102 return $types; 103 } 104 105 function getTabNameForItem(CommonGLPI $item, $withtemplate=0) { 106 if ($item->fields['interface'] == 'central') { 107 return self::createTabEntry('FusionInventory'); 108 } 109 } 110 111 112 113 static function displayTabContentForItem(CommonGLPI $item, $tabnum=1, $withtemplate=0) { 114 $pfProfile = new self(); 115 $pfProfile->showForm($item->getID()); 116 return TRUE; 117 } 118 119 120 121 /** 122 * Show profile form 123 * 124 * @param $items_id integer id of the profile 125 * @param $target value url of target 126 * 127 * @return nothing 128 **/ 129 function showForm($profiles_id=0, $openform=TRUE, $closeform=TRUE) { 130 131 echo "<div class='firstbloc'>"; 132 if (($canedit = Session::haveRightsOr(self::$rightname, array(CREATE, UPDATE, PURGE))) 133 && $openform) { 134 $profile = new Profile(); 135 echo "<form method='post' action='".$profile->getFormURL()."'>"; 136 } 137 138 $profile = new Profile(); 139 $profile->getFromDB($profiles_id); 140 141 $rights = $this->getRightsGeneral(); 142 $profile->displayRightsChoiceMatrix($rights, array('canedit' => $canedit, 143 'default_class' => 'tab_bg_2', 144 'title' => __('General', 'fusioninventory'))); 145 146 $rights = $this->getRightsRules(); 147 $profile->displayRightsChoiceMatrix($rights, array('canedit' => $canedit, 148 'default_class' => 'tab_bg_2', 149 'title' => _n('Rule', 'Rules', 2))); 150 151 $rights = $this->getRightsInventory(); 152 $profile->displayRightsChoiceMatrix($rights, array('canedit' => $canedit, 153 'default_class' => 'tab_bg_2', 154 'title' => __('Inventory', 'fusioninventory'))); 155 156 $rights = $this->getRightsDeploy(); 157 $profile->displayRightsChoiceMatrix($rights, array('canedit' => $canedit, 158 'default_class' => 'tab_bg_2', 159 'title' => __('Software deployment', 'fusioninventory'))); 160 if ($canedit 161 && $closeform) { 162 echo "<div class='center'>"; 163 echo Html::hidden('id', array('value' => $profiles_id)); 164 echo Html::submit(_sx('button', 'Save'), array('name' => 'update')); 165 echo "</div>\n"; 166 Html::closeForm(); 167 } 168 echo "</div>"; 169 170 $this->showLegend(); 171 } 172 173 static function uninstallProfile() { 174 $pfProfile = new self(); 175 $a_rights = $pfProfile->getAllRights(); 176 foreach ($a_rights as $data) { 177 ProfileRight::deleteProfileRights(array($data['field'])); 178 } 179 } 180 181 182 183 function getAllRights() { 184 $a_rights = array(); 185 $a_rights = array_merge($a_rights, $this->getRightsGeneral()); 186 $a_rights = array_merge($a_rights, $this->getRightsInventory()); 187 $a_rights = array_merge($a_rights, $this->getRightsRules()); 188 $a_rights = array_merge($a_rights, $this->getRightsDeploy()); 189 return $a_rights; 190 } 191 192 193 194 function getRightsRules() { 195 $rights = array( 196 array('itemtype' => 'PluginFusioninventoryInventoryRuleImport', 197 'label' => __('Rules for import and link computers'), 198 'field' => 'plugin_fusioninventory_ruleimport' 199 ), 200 array('itemtype' => 'PluginFusioninventoryInventoryRuleEntity', 201 'label' => __('Entity rules', 'fusioninventory'), 202 'field' => 'plugin_fusioninventory_ruleentity' 203 ), 204 array('itemtype' => 'PluginFusioninventoryInventoryRuleImport', 205 'label' => __('Rules for import and link computers'), 206 'field' => 'plugin_fusioninventory_rulelocation' 207 ), 208 array('itemtype' => 'PluginFusioninventoryInventoryComputerBlacklist', 209 'label' => __('Fields blacklist', 'fusioninventory'), 210 'field' => 'plugin_fusioninventory_blacklist' 211 ), 212 array('itemtype' => 'PluginFusioninventoryCollectRule', 213 'label' => __('Additional computer information rules', 'fusioninventory'), 214 'field' => 'plugin_fusioninventory_rulecollect' 215 ), 216 array('itemtype' => 'PluginFusioninventoryIgnoredimportdevice', 217 'label' => __('Equipment ignored on import', 'fusioninventory'), 218 'field' => 'plugin_fusioninventory_ignoredimportdevice' 219 ), 220 ); 221 return $rights; 222 } 223 224 225 226 function getRightsDeploy() { 227 $rights = array( 228 array('itemtype' => 'PluginFusioninventoryDeployPackage', 229 'label' => __('Manage packages'), 230 'field' => 'plugin_fusioninventory_package'), 231 array('itemtype' => 'PluginFusioninventoryDeployMirror', 232 'label' => __('Mirror servers', 'fusioninventory'), 233 'field' => 'plugin_fusioninventory_deploymirror'), 234 ); 235 return $rights; 236 } 237 238 239 240 function getRightsInventory() { 241 $rights = array( 242 array('itemtype' => 'PluginFusioninventoryIprange', 243 'label' => __('IP range configuration', 'fusioninventory'), 244 'field' => 'plugin_fusioninventory_iprange'), 245 array('itemtype' => 'PluginFusioninventoryCredential', 246 'label' => __('Authentication for remote devices (VMware)', 'fusioninventory'), 247 'field' => 'plugin_fusioninventory_credential'), 248 array('itemtype' => 'PluginFusioninventoryCredentialip', 249 'label' => __('Remote devices to inventory (VMware)', 'fusioninventory'), 250 'field' => 'plugin_fusioninventory_credentialip'), 251 array('itemtype' => 'PluginFusioninventoryCredential', 252 'label' => __('VMware host', 'fusioninventory'), 253 'field' => 'plugin_fusioninventory_esx'), 254 array('itemtype' => 'PluginFusioninventoryConfigSecurity', 255 'label' => __('SNMP authentication', 'fusioninventory'), 256 'field' => 'plugin_fusioninventory_configsecurity'), 257 array('itemtype' => 'PluginFusioninventoryNetworkEquipment', 258 'label' => __('Network equipment SNMP', 'fusioninventory'), 259 'field' => 'plugin_fusioninventory_networkequipment'), 260 array('itemtype' => 'PluginFusioninventoryPrinter', 261 'label' => __('Printer SNMP', 'fusioninventory'), 262 'field' => 'plugin_fusioninventory_printer'), 263 array('itemtype' => 'PluginFusioninventoryUnmanaged', 264 'label' => __('Unmanaged devices', 'fusioninventory'), 265 'field' => 'plugin_fusioninventory_unmanaged'), 266 array('itemtype' => 'PluginFusioninventoryInventoryComputerImportXML', 267 'label' => __('computer XML manual import', 'fusioninventory'), 268 'field' => 'plugin_fusioninventory_importxml'), 269 array('rights' => array(READ => __('Read')), 270 'label' => __('Printers report', 'fusioninventory'), 271 'field' => 'plugin_fusioninventory_reportprinter'), 272 array('rights' => array(READ => __('Read')), 273 'label' => __('Network report'), 274 'field' => 'plugin_fusioninventory_reportnetworkequipment'), 275 array('itemtype' => 'PluginFusioninventoryLock', 276 'label' => __('Lock', 'fusioninventory'), 277 'field' => 'plugin_fusioninventory_lock') 278 ); 279 return $rights; 280 } 281 282 283 284 function getRightsGeneral() { 285 $rights = array( 286 array('rights' => array(READ => __('Read')), 287 'label' => __('Menu', 'fusioninventory'), 288 'field' => 'plugin_fusioninventory_menu'), 289 array('itemtype' => 'PluginFusioninventoryAgent', 290 'label' => __('Agents', 'fusioninventory'), 291 'field' => 'plugin_fusioninventory_agent'), 292 array('rights' => array(READ => __('Read')), 293 'label' => __('Agent remote control', 'fusioninventory'), 294 'field' => 'plugin_fusioninventory_remotecontrol'), 295 array('rights' => array(READ => __('Read'), UPDATE => __('Update')), 296 'itemtype' => 'PluginFusioninventoryConfig', 297 'label' => __('Configuration', 'fusioninventory'), 298 'field' => 'plugin_fusioninventory_configuration'), 299 array('itemtype' => 'PluginFusioninventoryTask', 300 'label' => _n('Task', 'Tasks', 2, 'fusioninventory'), 301 'field' => 'plugin_fusioninventory_task'), 302 array('rights' => array(READ => __('Read')), 303 'label' => __('Wake On LAN', 'fusioninventory'), 304 'field' => 'plugin_fusioninventory_wol'), 305 array('itemtype' => 'PluginFusioninventoryDeployGroup', 306 'label' => __('Groups of computers', 'fusioninventory'), 307 'field' => 'plugin_fusioninventory_group'), 308 array('itemtype' => 'PluginFusioninventoryCollect', 309 'label' => __('Additional computer information', 'fusioninventory'), 310 'field' => 'plugin_fusioninventory_collect') 311 ); 312 313 return $rights; 314 } 315 316 static function addDefaultProfileInfos($profiles_id, $rights) { 317 $profileRight = new ProfileRight(); 318 foreach ($rights as $right => $value) { 319 if (!countElementsInTable('glpi_profilerights', 320 "`profiles_id`='$profiles_id' AND `name`='$right'")) { 321 $myright['profiles_id'] = $profiles_id; 322 $myright['name'] = $right; 323 $myright['rights'] = $value; 324 $profileRight->add($myright); 325 326 //Add right to the current session 327 $_SESSION['glpiactiveprofile'][$right] = $value; 328 } 329 } 330 } 331 332 /** 333 * @param $ID integer 334 */ 335 static function createFirstAccess($profiles_id) { 336 include_once(GLPI_ROOT."/plugins/fusioninventory/inc/profile.class.php"); 337 $profile = new self(); 338 foreach ($profile->getAllRights() as $right) { 339 self::addDefaultProfileInfos($profiles_id, 340 array($right['field'] => ALLSTANDARDRIGHT)); 341 } 342 } 343 344 static function removeRightsFromSession() { 345 $profile = new self(); 346 foreach ($profile->getAllRights() as $right) { 347 if (isset($_SESSION['glpiactiveprofile'][$right['field']])) { 348 unset($_SESSION['glpiactiveprofile'][$right['field']]); 349 } 350 } 351 ProfileRight::deleteProfileRights(array($right['field'])); 352 353 if (isset($_SESSION['glpimenu']['plugins']['types']['PluginFusioninventoryMenu'])) { 354 unset ($_SESSION['glpimenu']['plugins']['types']['PluginFusioninventoryMenu']); 355 } 356 if (isset($_SESSION['glpimenu']['plugins']['content']['pluginfusioninventorymenu'])) { 357 unset ($_SESSION['glpimenu']['plugins']['content']['pluginfusioninventorymenu']); 358 } 359 if (isset($_SESSION['glpimenu']['assets']['types']['PluginFusioninventoryUnmanaged'])) { 360 unset ($_SESSION['glpimenu']['plugins']['types']['PluginFusioninventoryUnmanaged']); 361 } 362 if (isset($_SESSION['glpimenu']['assets']['content']['pluginfusioninventoryunmanaged'])) { 363 unset ($_SESSION['glpimenu']['assets']['content']['pluginfusioninventoryunmanaged']); 364 } 365 } 366 367 static function migrateProfiles() { 368 global $DB; 369 //Get all rights from the old table 370 $profiles = getAllDatasFromTable(getTableForItemType(__CLASS__)); 371 372 //Load mapping of old rights to their new equivalent 373 $oldrights = self::getOldRightsMappings(); 374 375 //For each old profile : translate old right the new one 376 foreach ($profiles as $id => $profile) { 377 switch ($profile['right']) { 378 case 'r' : 379 $value = READ; 380 break; 381 case 'w': 382 $value = ALLSTANDARDRIGHT; 383 break; 384 case 0: 385 default: 386 $value = 0; 387 break; 388 } 389 //Write in glpi_profilerights the new fusioninventory right 390 if (isset($oldrights[$profile['type']])) { 391 //There's one new right corresponding to the old one 392 if (!is_array($oldrights[$profile['type']])) { 393 self::addDefaultProfileInfos($profile['profiles_id'], 394 array($oldrights[$profile['type']] => $value)); 395 } else { 396 //One old right has been splitted into serveral new ones 397 foreach ($oldrights[$profile['type']] as $newtype) { 398 self::addDefaultProfileInfos($profile['profiles_id'], 399 array($newtype => $value)); 400 } 401 } 402 } 403 } 404 } 405 406 /** 407 * Init profiles during installation : 408 * - add rights in profile table for the current user's profile 409 * - current profile has all rights on the plugin 410 */ 411 static function initProfile() { 412 $pfProfile = new self(); 413 $profile = new Profile(); 414 $a_rights = $pfProfile->getAllRights(); 415 416 foreach ($a_rights as $data) { 417 if (countElementsInTable("glpi_profilerights", "`name` = '".$data['field']."'") == 0) { 418 ProfileRight::addProfileRights(array($data['field'])); 419 $_SESSION['glpiactiveprofile'][$data['field']] = 0; 420 } 421 } 422 423 // Add all rights to current profile of the user 424 if (isset($_SESSION['glpiactiveprofile'])) { 425 $dataprofile = array(); 426 $dataprofile['id'] = $_SESSION['glpiactiveprofile']['id']; 427 $profile->getFromDB($_SESSION['glpiactiveprofile']['id']); 428 foreach ($a_rights as $info) { 429 if (is_array($info) 430 && ((!empty($info['itemtype'])) || (!empty($info['rights']))) 431 && (!empty($info['label'])) && (!empty($info['field']))) { 432 433 if (isset($info['rights'])) { 434 $rights = $info['rights']; 435 } else { 436 $rights = $profile->getRightsFor($info['itemtype']); 437 } 438 foreach ($rights as $right => $label) { 439 $dataprofile['_'.$info['field']][$right] = 1; 440 $_SESSION['glpiactiveprofile'][$data['field']] = $right; 441 } 442 } 443 } 444 $profile->update($dataprofile); 445 } 446 } 447} 448 449?> 450