/** * Adds access rights * * @param int $reinitadminperms If 1, we also grant them to all admin users * @param int $force_entity Force current entity * * @return int Error count (0 if OK) */ function insert_permissions($reinitadminperms = 0, $force_entity = null) { global $conf, $user; $err = 0; $entity = !empty($force_entity) ? $force_entity : $conf->entity; // Test if module is activated $sql_del = "SELECT " . $this->db->decrypt('value') . " as value"; $sql_del .= " FROM " . MAIN_DB_PREFIX . "const"; $sql_del .= " WHERE " . $this->db->decrypt('name') . " = '" . $this->const_name . "'"; $sql_del .= " AND entity IN (0," . $entity . ")"; dol_syslog(get_class($this) . "::insert_permissions", LOG_DEBUG); $resql = $this->db->query($sql_del); if ($resql) { $obj = $this->db->fetch_object($resql); if ($obj !== null && !empty($obj->value) && !empty($this->rights)) { // If the module is active foreach ($this->rights as $key => $value) { $r_id = $this->rights[$key][0]; $r_desc = $this->rights[$key][1]; $r_type = isset($this->rights[$key][2]) ? $this->rights[$key][2] : ''; $r_def = $this->rights[$key][3]; $r_perms = $this->rights[$key][4]; $r_subperms = isset($this->rights[$key][5]) ? $this->rights[$key][5] : ''; $r_modul = $this->rights_class; if (empty($r_type)) { $r_type = 'w'; } // Search if perm already present $sql = "SELECT count(*) as nb FROM " . MAIN_DB_PREFIX . "rights_def"; $sql .= " WHERE id = " . $r_id . " AND entity = " . $entity; $resqlselect = $this->db->query($sql); $obj = $this->db->fetch_object($resqlselect); if ($obj->nb == 0) { if (dol_strlen($r_perms)) { if (dol_strlen($r_subperms)) { $sql = "INSERT INTO " . MAIN_DB_PREFIX . "rights_def"; $sql .= " (id, entity, libelle, module, type, bydefault, perms, subperms)"; $sql .= " VALUES "; $sql .= "(" . $r_id . "," . $entity . ",'" . $this->db->escape($r_desc) . "','" . $r_modul . "','" . $r_type . "'," . $r_def . ",'" . $r_perms . "','" . $r_subperms . "')"; } else { $sql = "INSERT INTO " . MAIN_DB_PREFIX . "rights_def"; $sql .= " (id, entity, libelle, module, type, bydefault, perms)"; $sql .= " VALUES "; $sql .= "(" . $r_id . "," . $entity . ",'" . $this->db->escape($r_desc) . "','" . $r_modul . "','" . $r_type . "'," . $r_def . ",'" . $r_perms . "')"; } } else { $sql = "INSERT INTO " . MAIN_DB_PREFIX . "rights_def "; $sql .= " (id, entity, libelle, module, type, bydefault)"; $sql .= " VALUES "; $sql .= "(" . $r_id . "," . $entity . ",'" . $this->db->escape($r_desc) . "','" . $r_modul . "','" . $r_type . "'," . $r_def . ")"; } $resqlinsert = $this->db->query($sql, 1); if (!$resqlinsert) { if ($this->db->errno() != "DB_ERROR_RECORD_ALREADY_EXISTS") { $this->error = $this->db->lasterror(); $err++; break; } else { dol_syslog(get_class($this) . "::insert_permissions record already exists", LOG_INFO); } } $this->db->free($resqlinsert); } $this->db->free($resqlselect); // If we want to init permissions on admin users if ($reinitadminperms) { if (!class_exists('User')) { require DOL_DOCUMENT_ROOT . '/user/class/user.class.php'; } $sql = "SELECT rowid FROM " . MAIN_DB_PREFIX . "user WHERE admin = 1"; dol_syslog(get_class($this) . "::insert_permissions Search all admin users", LOG_DEBUG); $resqlseladmin = $this->db->query($sql, 1); if ($resqlseladmin) { $num = $this->db->num_rows($resqlseladmin); $i = 0; while ($i < $num) { $obj2 = $this->db->fetch_object($resqlseladmin); dol_syslog(get_class($this) . "::insert_permissions Add permission to user id=" . $obj2->rowid); $tmpuser = new User($this->db); $tmpuser->fetch($obj2->rowid); if (!empty($tmpuser->id)) { $tmpuser->addrights($r_id); } $i++; } if (!empty($user->admin)) { // We reload permissions $user->clearrights(); $user->getrights(); } } else { dol_print_error($this->db); } } } } $this->db->free($resql); } else { $this->error = $this->db->lasterror(); $err++; } return $err; }
{ $feature2=''; $canreaduser=1; } $result = restrictedArea($user, 'user', $_GET["id"], '', $feature2); if ($user->id <> $_REQUEST["id"] && ! $canreaduser) accessforbidden(); /** * Actions */ if ($_GET["action"] == 'addrights' && $caneditperms) { $edituser = new User($db); $edituser->fetch($_GET["id"]); $edituser->addrights($_GET["rights"],$module); // Si on a touche a ses propres droits, on recharge if ($_GET["id"] == $user->id) { $user->clearrights(); $user->getrights(); } } if ($_GET["action"] == 'delrights' && $caneditperms) { $edituser = new User($db); $edituser->fetch($_GET["id"]); $edituser->delrights($_GET["rights"],$module);
/** * Insert permissions definitions related to the module into llx_rights_def * @param $reinitadminperms If 1, we also grant them to all admin users * @return int Number of error (0 if OK) */ function insert_permissions($reinitadminperms=0) { global $conf,$user; $err=0; //print $this->rights_class." ".sizeof($this->rights)."<br>"; // Test if module is activated $sql_del = "SELECT ".$this->db->decrypt('value')." as value"; $sql_del.= " FROM ".MAIN_DB_PREFIX."const"; $sql_del.= " WHERE ".$this->db->decrypt('name')." = '".$this->const_name."'"; $sql_del.= " AND entity IN (0,".$conf->entity.")"; dol_syslog(get_class($this)."::insert_permissions sql=".$sql_del); $resql=$this->db->query($sql_del); if ($resql) { $obj=$this->db->fetch_object($resql); if ($obj->value) { // Si module actif foreach ($this->rights as $key => $value) { $r_id = $this->rights[$key][0]; $r_desc = $this->rights[$key][1]; $r_type = isset($this->rights[$key][2])?$this->rights[$key][2]:''; $r_def = $this->rights[$key][3]; $r_perms = $this->rights[$key][4]; $r_subperms = isset($this->rights[$key][5])?$this->rights[$key][5]:''; $r_modul = $this->rights_class; if (empty($r_type)) $r_type='w'; if (dol_strlen($r_perms) ) { if (dol_strlen($r_subperms) ) { $sql = "INSERT INTO ".MAIN_DB_PREFIX."rights_def"; $sql.= " (id, entity, libelle, module, type, bydefault, perms, subperms)"; $sql.= " VALUES "; $sql.= "(".$r_id.",".$conf->entity.",'".$this->db->escape($r_desc)."','".$r_modul."','".$r_type."',".$r_def.",'".$r_perms."','".$r_subperms."')"; } else { $sql = "INSERT INTO ".MAIN_DB_PREFIX."rights_def"; $sql.= " (id, entity, libelle, module, type, bydefault, perms)"; $sql.= " VALUES "; $sql.= "(".$r_id.",".$conf->entity.",'".$this->db->escape($r_desc)."','".$r_modul."','".$r_type."',".$r_def.",'".$r_perms."')"; } } else { $sql = "INSERT INTO ".MAIN_DB_PREFIX."rights_def "; $sql .= " (id, entity, libelle, module, type, bydefault)"; $sql .= " VALUES "; $sql .= "(".$r_id.",".$conf->entity.",'".$this->db->escape($r_desc)."','".$r_modul."','".$r_type."',".$r_def.")"; } dol_syslog(get_class($this)."::insert_permissions sql=".$sql, LOG_DEBUG); $resqlinsert=$this->db->query($sql,1); if (! $resqlinsert) { if ($this->db->errno() != "DB_ERROR_RECORD_ALREADY_EXISTS") { $this->error=$this->db->lasterror(); dol_syslog(get_class($this)."::insert_permissions error ".$this->error, LOG_ERR); $err++; break; } else dol_syslog(get_class($this)."::insert_permissions record already exists", LOG_INFO); } $this->db->free($resqlinsert); // If we want to init permissions on admin users if ($reinitadminperms) { include_once(DOL_DOCUMENT_ROOT.'/user/class/user.class.php'); $sql="SELECT rowid from ".MAIN_DB_PREFIX."user where admin = 1"; dol_syslog(get_class($this)."::insert_permissions Search all admin users sql=".$sql); $resqlseladmin=$this->db->query($sql,1); if ($resqlseladmin) { $num=$this->db->num_rows($resqlseladmin); $i=0; while ($i < $num) { $obj2=$this->db->fetch_object($resqlseladmin); dol_syslog(get_class($this)."::insert_permissions Add permission to user id=".$obj2->rowid); $tmpuser=new User($this->db); $tmpuser->fetch($obj2->rowid); $tmpuser->addrights($r_id); $i++; } if (! empty($user->admin)) // Reload permission for current user if defined { // We reload permissions $user->clearrights(); $user->getrights(); } } else dol_print_error($this->db); } } } $this->db->free($resql); } else { $this->error=$this->db->lasterror(); dol_syslog(get_class($this)."::insert_permissions ".$this->error, LOG_ERR); $err++; } return $err; }
// A user can always read its own card $result = restrictedArea($user, 'user', $id, '', $feature2); if ($user->id != $id && !$canreaduser) { accessforbidden(); } $langs->load("users"); $langs->load("companies"); $langs->load("ldap"); $form = new Form($db); /** * Actions */ if ($_GET["subaction"] == 'addrights' && $canedituser) { $edituser = new User($db); $edituser->fetch($id); $edituser->addrights($_GET["rights"]); } if ($_GET["subaction"] == 'delrights' && $canedituser) { $edituser = new User($db); $edituser->fetch($id); $edituser->delrights($_GET["rights"]); } if ($action == 'confirm_disable' && $confirm == "yes" && $candisableuser) { if ($id != $user->id) { $edituser = new User($db); $edituser->fetch($id); $edituser->setstatus(0); Header("Location: " . DOL_URL_ROOT . '/user/fiche.php?id=' . $id); exit; } }
$hookmanager->initHooks(array('usercard', 'globalcard')); /** * Actions */ $parameters = array('id' => $socid); $reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks if ($reshook < 0) { setEventMessages($hookmanager->error, $hookmanager->errors, 'errors'); } if (empty($reshook)) { if ($action == 'addrights' && $caneditperms) { $edituser = new User($db); $edituser->fetch($id); //$edituser->addrights($rights, $module, '', $entity); // TODO unused for the moment $edituser->addrights($rights, $module); // Si on a touche a ses propres droits, on recharge if ($id == $user->id) { $user->clearrights(); $user->getrights(); $menumanager->loadMenu(); } } if ($action == 'delrights' && $caneditperms) { $edituser = new User($db); $edituser->fetch($id); //$edituser->delrights($rights, $module, '', $entity); // TODO unused for the moment $edituser->delrights($rights, $module); // Si on a touche a ses propres droits, on recharge if ($id == $user->id) { $user->clearrights();