function applyGroupPermission($smarty, $module_name, $local_templates_dir, &$pDB, $arrConf, $credentials)
{
global $arrLang;
$pACL = new paloACL($pDB);
$pORGZ = new paloSantoOrganization($pDB);
$filter_resource = getParameter("resource_apply");
$limit = getParameter("limit_apply");
$offset = getParameter("offset_apply");
$idGroup = getParameter("filter_group");
if ($credentials['userlevel'] == "superadmin") {
$idOrgFil = getParameter("idOrganization");
if (empty($idOrgFil)) {
$smarty->assign("mb_title", _tr("ERROR"));
$smarty->assign("mb_message", _tr("Invalid Organization"));
return reportGroupPermission($smarty, $module_name, $local_templates_dir, $pDB, $arrConf, $credentials);
}
} else {
$idOrgFil = $credentials['id_organization'];
}
if (empty($idGroup)) {
$smarty->assign("mb_title", _tr("ERROR"));
$smarty->assign("mb_message", _tr("Invalid Group"));
return reportGroupPermission($smarty, $module_name, $local_templates_dir, $pDB, $arrConf, $credentials);
}
//valido exista una organizacion con dicho id y que no sea la organizacion 1
$orgTmp = $pORGZ->getOrganizationById($idOrgFil);
if ($orgTmp === false) {
$smarty->assign("mb_title", _tr("ERROR"));
$smarty->assign("mb_message", _tr($pORGZ->errMsg));
return reportGroupPermission($smarty, $module_name, $local_templates_dir, $pDB, $arrConf, $credentials);
} elseif (count($orgTmp) == 0) {
$smarty->assign("mb_title", _tr("ERROR"));
$smarty->assign("mb_message", _tr("Organization doesn't exist"));
return reportGroupPermission($smarty, $module_name, $local_templates_dir, $pDB, $arrConf, $credentials);
}
if ($idOrgFil == 1) {
$error = true;
$msg_error = _tr("Invalid Organization");
}
//valido que el grupo pertenezca a la organizacion
if ($pACL->getGroups($idGroup, $idOrgFil) == false) {
$smarty->assign("mb_title", _tr("ERROR"));
$smarty->assign("mb_message", _tr("Invalid Group"));
return reportGroupPermission($smarty, $module_name, $local_templates_dir, $pDB, $arrConf, $credentials);
}
$lang = get_language();
if ($lang != "en") {
if (isset($filter_resource)) {
if (trim($filter_resource) != "") {
global $arrLang;
$filter_value = strtolower(trim($filter_resource));
$parameter_to_find[] = $filter_value;
//parametro de busqueda sin traduccion
foreach ($arrLang as $key => $value) {
$langValue = strtolower(trim($value));
if (preg_match("/^[[:alnum:]| ]*\$/", $filter_value)) {
if (strpos($langValue, $filter_value) !== FALSE) {
$parameter_to_find[] = $key;
}
}
}
}
}
}
if (isset($filter_resource)) {
$parameter_to_find[] = $filter_resource;
} else {
$parameter_to_find = null;
}
//obtenemos los recursos a los que la organizacion tiene acceso
$arrResourcesOrg = $pACL->getResourcesByOrg($idOrgFil, $parameter_to_find);
if ($arrResourcesOrg === false) {
$smarty->assign("mb_title", _tr("ERROR"));
$smarty->assign("mb_message", _tr($pACL->errMsg));
return reportGroupPermission($smarty, $module_name, $local_templates_dir, $pDB, $arrConf, $credentials);
}
$arrResources = array_slice($arrResourcesOrg, $offset, $limit);
foreach ($arrResources as $resource) {
$listResource[] = $resource['id'];
//lista de id de los recursos que queremos consultar
}
//el grupo administrator de cada organizacion tiene ciertos recursos siempre activos
$isAdministrator = $pACL->getGroupNameByid($idGroup) == _tr("administrator") ? true : false;
if ($isAdministrator) {
$listResource[] = "grouplist";
$listResource[] = "userlist";
$listResource[] = "group_permission";
}
//las acciones que tiene cada drecurso
$arrResourceActions = $pACL->getResourcesActions($listResource);
if ($arrResourceActions === false) {
$smarty->assign("mb_title", _tr("ERROR"));
$smarty->assign("mb_message", _tr("An error has ocurred to retrieved Resources Actions"));
return reportGroupPermission($smarty, $module_name, $local_templates_dir, $pDB, $arrConf, $credentials);
}
//para el casos de los recursos organization, dashboard, cdrreport ahi acciones que no se les puede otorgar a los usuarios
if (isset($arrResourceActions['organization'])) {
$arrResourceActions['organization'] = array_diff($arrResourceActions['organization'], array('change_org_status', 'create_org', 'delete_org', 'edit_DID'));
}
if (isset($arrResourceActions['dashboard'])) {
$arrResourceActions['dashboard'] = array('access');
}
if (isset($arrResourceActions['cdrreport'])) {
$arrResourceActions['cdrreport'] = array('access', _tr('export'));
}
//los premisos que tiene el grupo
$arrPermisos = $pACL->loadGroupPermissions($idGroup, $listResource);
if ($arrPermisos === false) {
$smarty->assign("mb_title", _tr("ERROR"));
$smarty->assign("mb_message", _tr("An error has ocurred to retrieved Group Permissions"));
return reportGroupPermission($smarty, $module_name, $local_templates_dir, $pDB, $arrConf, $credentials);
}
$arrNewPermissions = array();
$arrDelPermissions = array();
$arrSelectdPermissions = array();
if (isset($_POST['groupPermission'])) {
foreach ($_POST['groupPermission'] as $resource => $actions) {
if (isset($arrResourceActions[$resource])) {
$res_actions = array_intersect(array_keys($actions), $arrResourceActions[$resource]);
if (in_array('access', $res_actions)) {
$arrSelectdPermissions[$resource] = $res_actions;
}
}
}
}
if ($isAdministrator) {
if (isset($arrResourceActions['grouplist'])) {
$arrSelectdPermissions["grouplist"] = $arrResourceActions['grouplist'];
}
if (isset($arrResourceActions['userlist'])) {
$arrSelectdPermissions["userlist"] = $arrResourceActions['userlist'];
}
if (isset($arrResourceActions['group_permission'])) {
$arrSelectdPermissions["group_permission"] = $arrResourceActions['group_permission'];
}
}
//sacamos la lista de los permisos nuevos
foreach ($arrSelectdPermissions as $resource => $actions) {
if (isset($arrPermisos[$resource])) {
$new_actions = array_diff($actions, $arrPermisos[$resource]);
if (count($new_actions) > 0) {
$arrNewPermissions[$resource] = $new_actions;
}
} else {
//no se hallaba antes lo agregamos a la lista de recursos nuevos
$arrNewPermissions[$resource] = $actions;
}
}
//sacamos la lista de los recursos ausentes
foreach ($arrPermisos as $resource => $actions) {
if (isset($arrSelectdPermissions[$resource])) {
$del_actions = array_diff($actions, $arrSelectdPermissions[$resource]);
if (count($del_actions) > 0) {
$arrDelPermissions[$resource] = $del_actions;
}
} else {
//no se halla entre los recursos seleccionados lo agregamos a la lista de recursos ausentes
$arrDelPermissions[$resource] = $actions;
}
}
$pACL->_DB->beginTransaction();
if (count($arrDelPermissions) > 0) {
if (!$pACL->deleteGroupPermission($idGroup, $arrDelPermissions)) {
$smarty->assign("mb_title", "ERROR");
$smarty->assign("mb_message", _tr("A error has been ocurred. ") . $pACL->errMsg);
return reportGroupPermission($smarty, $module_name, $local_templates_dir, $pDB, $arrConf, $credentials);
}
}
if (count($arrNewPermissions) > 0) {
if (!$pACL->saveGroupPermission($idGroup, $arrNewPermissions)) {
$smarty->assign("mb_title", "ERROR");
$smarty->assign("mb_message", _tr("A error has been ocurred. ") . $pACL->errMsg);
return reportGroupPermission($smarty, $module_name, $local_templates_dir, $pDB, $arrConf, $credentials);
}
}
$smarty->assign("mb_title", _tr("MESSAGE"));
$smarty->assign("mb_message", _tr("Changes was applied successfully"));
$pACL->_DB->commit();
//borra los menus q tiene de permisos que estan guardados en la session, el index.php principal (html) volvera a generar esta arreglo de permisos.
unset($_SESSION['elastix_user_permission']);
return reportGroupPermission($smarty, $module_name, $local_templates_dir, $pDB, $arrConf, $credentials);
}
