/**
* Adds access rights
*
* @param int $reinitadminperms If 1, we also grant them to all admin users
* @param int $force_entity Force current entity
*
* @return int Error count (0 if OK)
*/
function insert_permissions($reinitadminperms = 0, $force_entity = null)
{
global $conf, $user;
$err = 0;
$entity = !empty($force_entity) ? $force_entity : $conf->entity;
// Test if module is activated
$sql_del = "SELECT " . $this->db->decrypt('value') . " as value";
$sql_del .= " FROM " . MAIN_DB_PREFIX . "const";
$sql_del .= " WHERE " . $this->db->decrypt('name') . " = '" . $this->const_name . "'";
$sql_del .= " AND entity IN (0," . $entity . ")";
dol_syslog(get_class($this) . "::insert_permissions", LOG_DEBUG);
$resql = $this->db->query($sql_del);
if ($resql) {
$obj = $this->db->fetch_object($resql);
if ($obj !== null && !empty($obj->value) && !empty($this->rights)) {
// If the module is active
foreach ($this->rights as $key => $value) {
$r_id = $this->rights[$key][0];
$r_desc = $this->rights[$key][1];
$r_type = isset($this->rights[$key][2]) ? $this->rights[$key][2] : '';
$r_def = $this->rights[$key][3];
$r_perms = $this->rights[$key][4];
$r_subperms = isset($this->rights[$key][5]) ? $this->rights[$key][5] : '';
$r_modul = $this->rights_class;
if (empty($r_type)) {
$r_type = 'w';
}
// Search if perm already present
$sql = "SELECT count(*) as nb FROM " . MAIN_DB_PREFIX . "rights_def";
$sql .= " WHERE id = " . $r_id . " AND entity = " . $entity;
$resqlselect = $this->db->query($sql);
$obj = $this->db->fetch_object($resqlselect);
if ($obj->nb == 0) {
if (dol_strlen($r_perms)) {
if (dol_strlen($r_subperms)) {
$sql = "INSERT INTO " . MAIN_DB_PREFIX . "rights_def";
$sql .= " (id, entity, libelle, module, type, bydefault, perms, subperms)";
$sql .= " VALUES ";
$sql .= "(" . $r_id . "," . $entity . ",'" . $this->db->escape($r_desc) . "','" . $r_modul . "','" . $r_type . "'," . $r_def . ",'" . $r_perms . "','" . $r_subperms . "')";
} else {
$sql = "INSERT INTO " . MAIN_DB_PREFIX . "rights_def";
$sql .= " (id, entity, libelle, module, type, bydefault, perms)";
$sql .= " VALUES ";
$sql .= "(" . $r_id . "," . $entity . ",'" . $this->db->escape($r_desc) . "','" . $r_modul . "','" . $r_type . "'," . $r_def . ",'" . $r_perms . "')";
}
} else {
$sql = "INSERT INTO " . MAIN_DB_PREFIX . "rights_def ";
$sql .= " (id, entity, libelle, module, type, bydefault)";
$sql .= " VALUES ";
$sql .= "(" . $r_id . "," . $entity . ",'" . $this->db->escape($r_desc) . "','" . $r_modul . "','" . $r_type . "'," . $r_def . ")";
}
$resqlinsert = $this->db->query($sql, 1);
if (!$resqlinsert) {
if ($this->db->errno() != "DB_ERROR_RECORD_ALREADY_EXISTS") {
$this->error = $this->db->lasterror();
$err++;
break;
} else {
dol_syslog(get_class($this) . "::insert_permissions record already exists", LOG_INFO);
}
}
$this->db->free($resqlinsert);
}
$this->db->free($resqlselect);
// If we want to init permissions on admin users
if ($reinitadminperms) {
if (!class_exists('User')) {
require DOL_DOCUMENT_ROOT . '/user/class/user.class.php';
}
$sql = "SELECT rowid FROM " . MAIN_DB_PREFIX . "user WHERE admin = 1";
dol_syslog(get_class($this) . "::insert_permissions Search all admin users", LOG_DEBUG);
$resqlseladmin = $this->db->query($sql, 1);
if ($resqlseladmin) {
$num = $this->db->num_rows($resqlseladmin);
$i = 0;
while ($i < $num) {
$obj2 = $this->db->fetch_object($resqlseladmin);
dol_syslog(get_class($this) . "::insert_permissions Add permission to user id=" . $obj2->rowid);
$tmpuser = new User($this->db);
$tmpuser->fetch($obj2->rowid);
if (!empty($tmpuser->id)) {
$tmpuser->addrights($r_id);
}
$i++;
}
if (!empty($user->admin)) {
// We reload permissions
$user->clearrights();
$user->getrights();
}
} else {
dol_print_error($this->db);
}
}
}
}
$this->db->free($resql);
} else {
$this->error = $this->db->lasterror();
$err++;
}
return $err;
}
{
$feature2='';
$canreaduser=1;
}
$result = restrictedArea($user, 'user', $_GET["id"], '', $feature2);
if ($user->id <> $_REQUEST["id"] && ! $canreaduser) accessforbidden();
/**
* Actions
*/
if ($_GET["action"] == 'addrights' && $caneditperms)
{
$edituser = new User($db);
$edituser->fetch($_GET["id"]);
$edituser->addrights($_GET["rights"],$module);
// Si on a touche a ses propres droits, on recharge
if ($_GET["id"] == $user->id)
{
$user->clearrights();
$user->getrights();
}
}
if ($_GET["action"] == 'delrights' && $caneditperms)
{
$edituser = new User($db);
$edituser->fetch($_GET["id"]);
$edituser->delrights($_GET["rights"],$module);
/**
* Insert permissions definitions related to the module into llx_rights_def
* @param $reinitadminperms If 1, we also grant them to all admin users
* @return int Number of error (0 if OK)
*/
function insert_permissions($reinitadminperms=0)
{
global $conf,$user;
$err=0;
//print $this->rights_class." ".sizeof($this->rights)."<br>";
// Test if module is activated
$sql_del = "SELECT ".$this->db->decrypt('value')." as value";
$sql_del.= " FROM ".MAIN_DB_PREFIX."const";
$sql_del.= " WHERE ".$this->db->decrypt('name')." = '".$this->const_name."'";
$sql_del.= " AND entity IN (0,".$conf->entity.")";
dol_syslog(get_class($this)."::insert_permissions sql=".$sql_del);
$resql=$this->db->query($sql_del);
if ($resql)
{
$obj=$this->db->fetch_object($resql);
if ($obj->value)
{
// Si module actif
foreach ($this->rights as $key => $value)
{
$r_id = $this->rights[$key][0];
$r_desc = $this->rights[$key][1];
$r_type = isset($this->rights[$key][2])?$this->rights[$key][2]:'';
$r_def = $this->rights[$key][3];
$r_perms = $this->rights[$key][4];
$r_subperms = isset($this->rights[$key][5])?$this->rights[$key][5]:'';
$r_modul = $this->rights_class;
if (empty($r_type)) $r_type='w';
if (dol_strlen($r_perms) )
{
if (dol_strlen($r_subperms) )
{
$sql = "INSERT INTO ".MAIN_DB_PREFIX."rights_def";
$sql.= " (id, entity, libelle, module, type, bydefault, perms, subperms)";
$sql.= " VALUES ";
$sql.= "(".$r_id.",".$conf->entity.",'".$this->db->escape($r_desc)."','".$r_modul."','".$r_type."',".$r_def.",'".$r_perms."','".$r_subperms."')";
}
else
{
$sql = "INSERT INTO ".MAIN_DB_PREFIX."rights_def";
$sql.= " (id, entity, libelle, module, type, bydefault, perms)";
$sql.= " VALUES ";
$sql.= "(".$r_id.",".$conf->entity.",'".$this->db->escape($r_desc)."','".$r_modul."','".$r_type."',".$r_def.",'".$r_perms."')";
}
}
else
{
$sql = "INSERT INTO ".MAIN_DB_PREFIX."rights_def ";
$sql .= " (id, entity, libelle, module, type, bydefault)";
$sql .= " VALUES ";
$sql .= "(".$r_id.",".$conf->entity.",'".$this->db->escape($r_desc)."','".$r_modul."','".$r_type."',".$r_def.")";
}
dol_syslog(get_class($this)."::insert_permissions sql=".$sql, LOG_DEBUG);
$resqlinsert=$this->db->query($sql,1);
if (! $resqlinsert)
{
if ($this->db->errno() != "DB_ERROR_RECORD_ALREADY_EXISTS")
{
$this->error=$this->db->lasterror();
dol_syslog(get_class($this)."::insert_permissions error ".$this->error, LOG_ERR);
$err++;
break;
}
else dol_syslog(get_class($this)."::insert_permissions record already exists", LOG_INFO);
}
$this->db->free($resqlinsert);
// If we want to init permissions on admin users
if ($reinitadminperms)
{
include_once(DOL_DOCUMENT_ROOT.'/user/class/user.class.php');
$sql="SELECT rowid from ".MAIN_DB_PREFIX."user where admin = 1";
dol_syslog(get_class($this)."::insert_permissions Search all admin users sql=".$sql);
$resqlseladmin=$this->db->query($sql,1);
if ($resqlseladmin)
{
$num=$this->db->num_rows($resqlseladmin);
$i=0;
while ($i < $num)
{
$obj2=$this->db->fetch_object($resqlseladmin);
dol_syslog(get_class($this)."::insert_permissions Add permission to user id=".$obj2->rowid);
$tmpuser=new User($this->db);
$tmpuser->fetch($obj2->rowid);
$tmpuser->addrights($r_id);
$i++;
}
if (! empty($user->admin)) // Reload permission for current user if defined
{
// We reload permissions
$user->clearrights();
$user->getrights();
}
}
else dol_print_error($this->db);
}
}
}
$this->db->free($resql);
}
else
{
$this->error=$this->db->lasterror();
dol_syslog(get_class($this)."::insert_permissions ".$this->error, LOG_ERR);
$err++;
}
return $err;
}
// A user can always read its own card
$result = restrictedArea($user, 'user', $id, '', $feature2);
if ($user->id != $id && !$canreaduser) {
accessforbidden();
}
$langs->load("users");
$langs->load("companies");
$langs->load("ldap");
$form = new Form($db);
/**
* Actions
*/
if ($_GET["subaction"] == 'addrights' && $canedituser) {
$edituser = new User($db);
$edituser->fetch($id);
$edituser->addrights($_GET["rights"]);
}
if ($_GET["subaction"] == 'delrights' && $canedituser) {
$edituser = new User($db);
$edituser->fetch($id);
$edituser->delrights($_GET["rights"]);
}
if ($action == 'confirm_disable' && $confirm == "yes" && $candisableuser) {
if ($id != $user->id) {
$edituser = new User($db);
$edituser->fetch($id);
$edituser->setstatus(0);
Header("Location: " . DOL_URL_ROOT . '/user/fiche.php?id=' . $id);
exit;
}
}
$hookmanager->initHooks(array('usercard', 'globalcard'));
/**
* Actions
*/
$parameters = array('id' => $socid);
$reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action);
// Note that $action and $object may have been modified by some hooks
if ($reshook < 0) {
setEventMessages($hookmanager->error, $hookmanager->errors, 'errors');
}
if (empty($reshook)) {
if ($action == 'addrights' && $caneditperms) {
$edituser = new User($db);
$edituser->fetch($id);
//$edituser->addrights($rights, $module, '', $entity); // TODO unused for the moment
$edituser->addrights($rights, $module);
// Si on a touche a ses propres droits, on recharge
if ($id == $user->id) {
$user->clearrights();
$user->getrights();
$menumanager->loadMenu();
}
}
if ($action == 'delrights' && $caneditperms) {
$edituser = new User($db);
$edituser->fetch($id);
//$edituser->delrights($rights, $module, '', $entity); // TODO unused for the moment
$edituser->delrights($rights, $module);
// Si on a touche a ses propres droits, on recharge
if ($id == $user->id) {
$user->clearrights();
