d0/d2d/user_2group_2perms_8php_source.html

 <?php

 /* Copyright (C) 2002-2005  Rodolphe Quiedeville  <rodolphe@quiedeville.org>

  * Copyright (C) 2002-2003  Jean-Louis Bergamo    <jlb@j1b.org>

  * Copyright (C) 2004-2020  Laurent Destailleur   <eldy@users.sourceforge.net>

  * Copyright (C) 2004   Eric Seigne       <eric.seigne@ryxeo.com>

  * Copyright (C) 2005-2017  Regis Houssin     <regis.houssin@inodbox.com>

  * Copyright (C) 2020   Tobias Sekan      <tobias.sekan@startmail.com>

  *

  * This program is free software; you can redistribute it and/or modify

  * it under the terms of the GNU General Public License as published by

  * the Free Software Foundation; either version 3 of the License, or

  * (at your option) any later version.

  *

  * This program is distributed in the hope that it will be useful,

  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  * GNU General Public License for more details.

  *

  * You should have received a copy of the GNU General Public License

  * along with this program. If not, see <https://www.gnu.org/licenses/>.

  */


 if (!defined('CSRFCHECK_WITH_TOKEN')) {

   define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET

 }


 require '../../main.inc.php';

 require_once DOL_DOCUMENT_ROOT.'/user/class/usergroup.class.php';

 require_once DOL_DOCUMENT_ROOT.'/core/lib/usergroups.lib.php';

 require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';

 require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';


 // Load translation files required by page

 $langs->loadLangs(array('users', 'admin'));


 $id = GETPOST('id', 'int');

 $action = GETPOST('action', 'aZ09');

 $confirm = GETPOST('confirm', 'alpha');

 $module = GETPOST('module', 'alpha');

 $rights = GETPOST('rights', 'int');

 $contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'groupperms'; // To manage different context of search


 if (!isset($id) || empty($id)) {

   accessforbidden();

 }


 // Define if user can read permissions

 $canreadperms = ($user->admin || $user->rights->user->user->lire);

 // Define if user can modify group permissions

 $caneditperms = ($user->admin || $user->rights->user->user->creer);

 // Advanced permissions

 $advancedpermsactive = false;

 if (!empty($conf->global->MAIN_USE_ADVANCED_PERMS)) {

   $advancedpermsactive = true;

   $canreadperms = ($user->admin || ($user->rights->user->group_advance->read && $user->rights->user->group_advance->readperms));

   $caneditperms = ($user->admin || $user->rights->user->group_advance->write);

 }


 // Security check

 //$result = restrictedArea($user, 'user', $id, 'usergroup', '');

 if (!$canreadperms) {

   accessforbidden();

 }


 $object = new Usergroup($db);

 $object->fetch($id);

 $object->getrights();


 $entity = $conf->entity;


 // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context

 $hookmanager->initHooks(array('groupperms', 'globalcard'));


 $parameters = array();

 $reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks

 if ($reshook < 0) {

   setEventMessages($hookmanager->error, $hookmanager->errors, 'errors');

 }


 if (empty($reshook)) {

   if ($action == 'addrights' && $caneditperms) {

     $editgroup = new Usergroup($db);

     $result = $editgroup->fetch($object->id);

     if ($result > 0) {

       $result = $editgroup->addrights($rights, $module, '', $entity);

       if ($result < 0) {

         setEventMessages($editgroup->error, $editgroup->errors, 'errors');

       }

     } else {

       dol_print_error($db);

     }


     $user->clearrights();

     $user->getrights();

   }


   if ($action == 'delrights' && $caneditperms) {

     $editgroup = new Usergroup($db);

     $result = $editgroup->fetch($id);

     if ($result > 0) {

       $result = $editgroup->delrights($rights, $module, '', $entity);

       if ($result < 0) {

         setEventMessages($editgroup->error, $editgroup->errors, 'errors');

       }

     } else {

       dol_print_error($db);

     }


     $user->clearrights();

     $user->getrights();

   }

 }


 /*

  * View

  */


 $form = new Form($db);


 llxHeader('', $langs->trans("Permissions"));


 if ($object->id > 0) {

   $head = group_prepare_head($object);

   $title = $langs->trans("Group");

   print dol_get_fiche_head($head, 'rights', $title, -1, 'group');


   // Charge les modules soumis a permissions

   $modules = array();

   $modulesdir = dolGetModulesDirs();


   $db->begin();


   foreach ($modulesdir as $dir) {

     $handle = @opendir(dol_osencode($dir));

     if (is_resource($handle)) {

       while (($file = readdir($handle)) !== false) {

         if (is_readable($dir.$file) && substr($file, 0, 3) == 'mod' && substr($file, dol_strlen($file) - 10) == '.class.php') {

           $modName = substr($file, 0, dol_strlen($file) - 10);


           if ($modName) {

             include_once $dir.$file;

             $objMod = new $modName($db);

             // Load all lang files of module

             if (isset($objMod->langfiles) && is_array($objMod->langfiles)) {

               foreach ($objMod->langfiles as $domain) {

                 $langs->load($domain);

               }

             }

             // Load all permissions

             if ($objMod->rights_class) {

               $ret = $objMod->insert_permissions(0, $entity);

               $modules[$objMod->rights_class] = $objMod;

             }

           }

         }

       }

     }

   }


   $db->commit();


   // Read permissions of group

   $permsgroupbyentity = array();


   $sql = "SELECT DISTINCT r.id, r.libelle, r.module, gr.entity";

   $sql .= " FROM ".MAIN_DB_PREFIX."rights_def as r,";

   $sql .= " ".MAIN_DB_PREFIX."usergroup_rights as gr";

   $sql .= " WHERE gr.fk_id = r.id";

   $sql .= " AND gr.entity = ".((int) $entity);

   $sql .= " AND gr.fk_usergroup = ".((int) $object->id);


   dol_syslog("get user perms", LOG_DEBUG);

   $result = $db->query($sql);

   if ($result) {

     $num = $db->num_rows($result);

     $i = 0;

     while ($i < $num) {

       $obj = $db->fetch_object($result);

       if (!isset($permsgroupbyentity[$obj->entity])) {

         $permsgroupbyentity[$obj->entity] = array();

       }

         array_push($permsgroupbyentity[$obj->entity], $obj->id);

         $i++;

     }

     $db->free($result);

   } else {

     dol_print_error($db);

   }


   /*

    * Part to add/remove permissions

    */


   $linkback = '<a href="'.DOL_URL_ROOT.'/user/group/list.php?restore_lastsearch_values=1">'.$langs->trans("BackToList").'</a>';


   dol_banner_tab($object, 'id', $linkback, $user->rights->user->user->lire || $user->admin);


   print '<div class="fichecenter">';

   print '<div class="underbanner clearboth"></div>';


   print '<table class="border centpercent tableforfield">';


   // Name (already in dol_banner, we keep it to have the GlobalGroup picto, but we should move it in dol_banner)

   if (!empty($conf->mutlicompany->enabled)) {

     print '<tr><td class="titlefield">'.$langs->trans("Name").'</td>';

     print '<td colspan="2">'.$object->name.'';

     if (!$object->entity) {

       print img_picto($langs->trans("GlobalGroup"), 'redstar');

     }

     print "</td></tr>\n";

   }


   // Note

   print '<tr><td class="titlefield tdtop">'.$langs->trans("Description").'</td>';

   print '<td class="valeur sensiblehtmlcontent">';

   print dol_string_onlythesehtmltags(dol_htmlentitiesbr($object->note));

   print '</td>';

   print "</tr>\n";


   print '</table><br>';


   if ($user->admin) {

     print info_admin($langs->trans("WarningOnlyPermissionOfActivatedModules"));

   }


   $parameters = array();

   $reshook = $hookmanager->executeHooks('insertExtraHeader', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks

   if ($reshook < 0) {

     setEventMessages($hookmanager->error, $hookmanager->errors, 'errors');

   }


   print "\n";

   print '<div class="div-table-responsive-no-min">';

   print '<table class="noborder centpercent">';

   print '<tr class="liste_titre">';

   print '<td>'.$langs->trans("Module").'</td>';

   if ($caneditperms) {

     print '<td class="center nowrap">';

     print '<a class="reposition commonlink" title="'.dol_escape_htmltag($langs->trans("All")).'" alt="'.dol_escape_htmltag($langs->trans("All")).'" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=addrights&token='.newToken().'&entity='.$entity.'&module=allmodules&confirm=yes">'.$langs->trans("All")."</a>";

     print '/';

     print '<a class="reposition commonlink" title="'.dol_escape_htmltag($langs->trans("None")).'" alt="'.dol_escape_htmltag($langs->trans("None")).'" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=delrights&&token='.newToken().'&entity='.$entity.'&module=allmodules&confirm=yes">'.$langs->trans("None")."</a>";

     print '</td>';

   }

   print '<td class="center" width="24">&nbsp;</td>';

   print '<td>'.$langs->trans("Permissions").'</td>';

   if ($user->admin) {

     print '<td class="right"></td>';

   }

   print '</tr>'."\n";


   $sql = "SELECT r.id, r.libelle as label, r.module, r.perms, r.subperms, r.module_position, r.bydefault";

   $sql .= " FROM ".MAIN_DB_PREFIX."rights_def as r";

   $sql .= " WHERE r.libelle NOT LIKE 'tou%'"; // On ignore droits "tous"

   $sql .= " AND r.entity = ".((int) $entity);

   if (empty($conf->global->MAIN_USE_ADVANCED_PERMS)) {

     $sql .= " AND r.perms NOT LIKE '%_advance'"; // Hide advanced perms if option is disable

   }

   $sql .= " ORDER BY r.family_position, r.module_position, r.module, r.id";


   $result = $db->query($sql);

   if ($result) {

     $num = $db->num_rows($result);

     $i = 0;

     $oldmod = '';


     while ($i < $num) {

       $obj = $db->fetch_object($result);


       // If line is for a module that does not exist anymore (absent of includes/module), we ignore it

       if (empty($modules[$obj->module])) {

         $i++;

         continue;

       }


       $objMod = $modules[$obj->module];


       // Break found, it's a new module to catch

       if (isset($obj->module) && ($oldmod <> $obj->module)) {

         $oldmod = $obj->module;


         // Break detected, we get objMod

         $objMod = $modules[$obj->module];

         $picto = ($objMod->picto ? $objMod->picto : 'generic');


         // Show break line

         print '<tr class="oddeven trforbreak">';

         print '<td class="maxwidthonsmartphone tdoverflowonsmartphone">';

         print img_object('', $picto, 'class="pictoobjectwidth paddingright"').' '.$objMod->getName();

         print '<a name="'.$objMod->getName().'"></a>';

         print '</td>';

         if ($caneditperms) {

           print '<td class="center nowrap">';

           print '<a class="reposition" title="'.dol_escape_htmltag($langs->trans("All")).'" alt="'.$langs->trans("All").'" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=addrights&entity='.$entity.'&module='.$obj->module.'&token='.newToken().'">'.$langs->trans("All")."</a>";

           print '/';

           print '<a class="reposition" title="'.dol_escape_htmltag($langs->trans("None")).'" alt="'.$langs->trans("None").'" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=delrights&entity='.$entity.'&module='.$obj->module.'&token='.newToken().'">'.$langs->trans("None")."</a>";

           print '</td>';

         } else {

           print '<td>&nbsp;</td>';

         }

         print '<td>&nbsp;</td>';

         print '<td>&nbsp;</td>';


         // Permission id

         if ($user->admin) {

           print '<td class="right"></td>';

         }


         print '</tr>'."\n";

       }


       print '<!-- '.$obj->module.'->'.$obj->perms.($obj->subperms ? '->'.$obj->subperms : '').' -->'."\n";

       print '<tr class="oddeven">';


       // Picto and label of module

       print '<td class="maxwidthonsmartphone tdoverflowonsmartphone">';

       //print img_object('', $picto, 'class="inline-block pictoobjectwidth"').' '.$objMod->getName();

       print '</td>';


       if (!empty($permsgroupbyentity[$entity]) && is_array($permsgroupbyentity[$entity])) {

         if (in_array($obj->id, $permsgroupbyentity[$entity])) {

           // Own permission by group

           if ($caneditperms) {

             print '<td class="center"><a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=delrights&token='.newToken().'&entity='.$entity.'&rights='.$obj->id.'&confirm=yes">';

             //print img_edit_remove($langs->trans("Remove"));

             print img_picto($langs->trans("Remove"), 'switch_on');

             print '</a></td>';

           }

           print '<td class="center nowrap">';

           print img_picto($langs->trans("Active"), 'tick');

           print '</td>';

         } else {

           // Do not own permission

           if ($caneditperms) {

             print '<td class="center"><a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=addrights&token='.newToken().'&entity='.$entity.'&rights='.$obj->id.'&confirm=yes">';

             //print img_edit_add($langs->trans("Add"));

             print img_picto($langs->trans("Add"), 'switch_off');

             print '</a></td>';

           }

           print '<td>&nbsp;</td>';

         }

       } else {

         // Do not own permission

         if ($caneditperms) {

           print '<td class="center"><a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=addrights&entity='.$entity.'&rights='.$obj->id.'&confirm=yes&token='.newToken().'">';

           //print img_edit_add($langs->trans("Add"));

           print img_picto($langs->trans("Add"), 'switch_off');

           print '</a></td>';

         }

         print '<td>&nbsp;</td>';

       }


       // Description of permission

       $permlabel = (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && ($langs->trans("PermissionAdvanced".$obj->id) != ("PermissionAdvanced".$obj->id)) ? $langs->trans("PermissionAdvanced".$obj->id) : (($langs->trans("Permission".$obj->id) != ("Permission".$obj->id)) ? $langs->trans("Permission".$obj->id) : $langs->trans($obj->label)));

       print '<td>';

       print $permlabel;

       if (!empty($conf->global->MAIN_USE_ADVANCED_PERMS)) {

         if (preg_match('/_advance$/', $obj->perms)) {

           print ' <span class="opacitymedium">('.$langs->trans("AdvancedModeOnly").')</span>';

         }

       }

       print '</td>';


       // Permission id

       if ($user->admin) {

         print '<td class="right">';

         $htmltext = $langs->trans("ID").': '.$obj->id;

         $htmltext .= '<br>'.$langs->trans("Permission").': user->rights->'.$obj->module.'->'.$obj->perms.($obj->subperms ? '->'.$obj->subperms : '');

         print $form->textwithpicto('', $htmltext);

         //print '<span class="opacitymedium">'.$obj->id.'</span>';

         print '</td>';

       }


       print '</tr>'."\n";


       $i++;

     }

   }

   print '</table>';

   print '</div>';


   print '</div>';


   $parameters = array();

   $reshook = $hookmanager->executeHooks('insertExtraFooter', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks

   if ($reshook < 0) {

     setEventMessages($hookmanager->error, $hookmanager->errors, 'errors');

   }


   print dol_get_fiche_end();

 }


 // End of page

 llxFooter();

 $db->close();

dol_osencode
dol_osencode($str)
Return a string encoded into OS filesystem encoding.
Definition: functions.lib.php:8476

GETPOST
GETPOST($paramname, $check= 'alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
Definition: functions.lib.php:483

$form
if($cancel &&!$id) if($action== 'add'&&!$cancel) if($action== 'delete') if($id) $form
Actions.
Definition: card.php:142

dolGetModulesDirs
dolGetModulesDirs($subdir= '')
Return list of modules directories.
Definition: functions2.lib.php:80

dol_string_onlythesehtmltags
dol_string_onlythesehtmltags($stringtoclean, $cleanalsosomestyles=1, $removeclassattribute=1, $cleanalsojavascript=0, $allowiframe=0)
Clean a string to keep only desirable HTML tags.
Definition: functions.lib.php:6744

llxHeader
if(!defined('NOREQUIRESOC')) if(!defined('NOREQUIRETRAN')) if(!defined('NOCSRFCHECK')) if(!defined('NOTOKENRENEWAL')) if(!defined('NOREQUIREMENU')) if(!defined('NOREQUIREHTML')) if(!defined('NOREQUIREAJAX')) llxHeader()
Empty header.
Definition: wrapper.php:59

dol_htmlentitiesbr
dol_htmlentitiesbr($stringtoencode, $nl2brmode=0, $pagecodefrom= 'UTF-8', $removelasteolbr=1)
This function is called to encode a string into a HTML string but differs from htmlentities because a...
Definition: functions.lib.php:6975

dol_escape_htmltag
dol_escape_htmltag($stringtoescape, $keepb=0, $keepn=0, $noescapetags= '', $escapeonlyhtmltags=0)
Returns text escaped for inclusion in HTML alt or title tags, or into values of HTML input fields...
Definition: functions.lib.php:1453

setEventMessages
setEventMessages($mesg, $mesgs, $style= 'mesgs', $messagekey= '')
Set event messages in dol_events session object.
Definition: functions.lib.php:8114

Form
Class to manage generation of HTML components Only common components must be here.
Definition: html.form.class.php:52

info_admin
info_admin($text, $infoonimgalt=0, $nodiv=0, $admin= '1', $morecss= 'hideonsmartphone', $textfordropdown= '')
Show information for admin users or standard users.
Definition: functions.lib.php:4784

dol_strlen
dol_strlen($string, $stringencoding= 'UTF-8')
Make a strlen call.
Definition: functions.lib.php:3732

img_picto
img_picto($titlealt, $picto, $moreatt= '', $pictoisfullpath=false, $srconly=0, $notitle=0, $alt= '', $morecss= '', $marginleftonlyshort=2)
Show picto whatever it&#39;s its name (generic function)
Definition: functions.lib.php:3865

dol_syslog
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename= '', $restricttologhandler= '', $logcontext=null)
Write log message into outputs.
Definition: functions.lib.php:1588

group_prepare_head
group_prepare_head($object)
Prepare array with list of tabs.
Definition: usergroups.lib.php:202

img_object
img_object($titlealt, $picto, $moreatt= '', $pictoisfullpath=false, $srconly=0, $notitle=0)
Show a picto called object_picto (generic function)
Definition: functions.lib.php:4195

accessforbidden
accessforbidden($message= '', $printheader=1, $printfooter=1, $showonlymessage=0, $params=null)
Show a message to say access is forbidden and stop program Calling this function terminate execution ...
Definition: security.lib.php:928

dol_get_fiche_head
dol_get_fiche_head($links=array(), $active= '', $title= '', $notab=0, $picto= '', $pictoisfullpath=0, $morehtmlright= '', $morecss= '', $limittoshow=0, $moretabssuffix= '')
Show tabs of a record.
Definition: functions.lib.php:1807

dol_print_error
dol_print_error($db= '', $error= '', $errors=null)
Displays error message system with all the information to facilitate the diagnosis and the escalation...
Definition: functions.lib.php:4828

newToken
newToken()
Return the value of token currently saved into session with name &#39;newtoken&#39;.
Definition: functions.lib.php:10849

dol_get_fiche_end
dol_get_fiche_end($notab=0)
Return tab footer of a card.
Definition: functions.lib.php:2003

dol_banner_tab
dol_banner_tab($object, $paramid, $morehtml= '', $shownav=1, $fieldid= 'rowid', $fieldref= 'ref', $morehtmlref= '', $moreparam= '', $nodbprefix=0, $morehtmlleft= '', $morehtmlstatus= '', $onlybanner=0, $morehtmlright= '')
Show tab footer of a card.
Definition: functions.lib.php:2031

llxFooter
llxFooter()
Empty footer.
Definition: wrapper.php:73