Beispiel #1
0
function applyGroupPermission($smarty, $module_name, $local_templates_dir, &$pDB, $arrConf, $credentials)
{
    global $arrLang;
    $pACL = new paloACL($pDB);
    $pORGZ = new paloSantoOrganization($pDB);
    $filter_resource = getParameter("resource_apply");
    $limit = getParameter("limit_apply");
    $offset = getParameter("offset_apply");
    $idGroup = getParameter("filter_group");
    if ($credentials['userlevel'] == "superadmin") {
        $idOrgFil = getParameter("idOrganization");
        if (empty($idOrgFil)) {
            $smarty->assign("mb_title", _tr("ERROR"));
            $smarty->assign("mb_message", _tr("Invalid Organization"));
            return reportGroupPermission($smarty, $module_name, $local_templates_dir, $pDB, $arrConf, $credentials);
        }
    } else {
        $idOrgFil = $credentials['id_organization'];
    }
    if (empty($idGroup)) {
        $smarty->assign("mb_title", _tr("ERROR"));
        $smarty->assign("mb_message", _tr("Invalid Group"));
        return reportGroupPermission($smarty, $module_name, $local_templates_dir, $pDB, $arrConf, $credentials);
    }
    //valido exista una organizacion con dicho id y que no sea la organizacion 1
    $orgTmp = $pORGZ->getOrganizationById($idOrgFil);
    if ($orgTmp === false) {
        $smarty->assign("mb_title", _tr("ERROR"));
        $smarty->assign("mb_message", _tr($pORGZ->errMsg));
        return reportGroupPermission($smarty, $module_name, $local_templates_dir, $pDB, $arrConf, $credentials);
    } elseif (count($orgTmp) == 0) {
        $smarty->assign("mb_title", _tr("ERROR"));
        $smarty->assign("mb_message", _tr("Organization doesn't exist"));
        return reportGroupPermission($smarty, $module_name, $local_templates_dir, $pDB, $arrConf, $credentials);
    }
    if ($idOrgFil == 1) {
        $error = true;
        $msg_error = _tr("Invalid Organization");
    }
    //valido que el grupo pertenezca a la organizacion
    if ($pACL->getGroups($idGroup, $idOrgFil) == false) {
        $smarty->assign("mb_title", _tr("ERROR"));
        $smarty->assign("mb_message", _tr("Invalid Group"));
        return reportGroupPermission($smarty, $module_name, $local_templates_dir, $pDB, $arrConf, $credentials);
    }
    $lang = get_language();
    if ($lang != "en") {
        if (isset($filter_resource)) {
            if (trim($filter_resource) != "") {
                global $arrLang;
                $filter_value = strtolower(trim($filter_resource));
                $parameter_to_find[] = $filter_value;
                //parametro de busqueda sin traduccion
                foreach ($arrLang as $key => $value) {
                    $langValue = strtolower(trim($value));
                    if (preg_match("/^[[:alnum:]| ]*\$/", $filter_value)) {
                        if (strpos($langValue, $filter_value) !== FALSE) {
                            $parameter_to_find[] = $key;
                        }
                    }
                }
            }
        }
    }
    if (isset($filter_resource)) {
        $parameter_to_find[] = $filter_resource;
    } else {
        $parameter_to_find = null;
    }
    //obtenemos los recursos a los que la organizacion tiene acceso
    $arrResourcesOrg = $pACL->getResourcesByOrg($idOrgFil, $parameter_to_find);
    if ($arrResourcesOrg === false) {
        $smarty->assign("mb_title", _tr("ERROR"));
        $smarty->assign("mb_message", _tr($pACL->errMsg));
        return reportGroupPermission($smarty, $module_name, $local_templates_dir, $pDB, $arrConf, $credentials);
    }
    $arrResources = array_slice($arrResourcesOrg, $offset, $limit);
    foreach ($arrResources as $resource) {
        $listResource[] = $resource['id'];
        //lista de id de los recursos que queremos consultar
    }
    //el grupo administrator de cada organizacion tiene ciertos recursos siempre activos
    $isAdministrator = $pACL->getGroupNameByid($idGroup) == _tr("administrator") ? true : false;
    if ($isAdministrator) {
        $listResource[] = "grouplist";
        $listResource[] = "userlist";
        $listResource[] = "group_permission";
    }
    //las acciones que tiene cada drecurso
    $arrResourceActions = $pACL->getResourcesActions($listResource);
    if ($arrResourceActions === false) {
        $smarty->assign("mb_title", _tr("ERROR"));
        $smarty->assign("mb_message", _tr("An error has ocurred to retrieved Resources Actions"));
        return reportGroupPermission($smarty, $module_name, $local_templates_dir, $pDB, $arrConf, $credentials);
    }
    //para el casos de los recursos organization, dashboard, cdrreport ahi acciones que no se les puede otorgar a los usuarios
    if (isset($arrResourceActions['organization'])) {
        $arrResourceActions['organization'] = array_diff($arrResourceActions['organization'], array('change_org_status', 'create_org', 'delete_org', 'edit_DID'));
    }
    if (isset($arrResourceActions['dashboard'])) {
        $arrResourceActions['dashboard'] = array('access');
    }
    if (isset($arrResourceActions['cdrreport'])) {
        $arrResourceActions['cdrreport'] = array('access', _tr('export'));
    }
    //los premisos que tiene el grupo
    $arrPermisos = $pACL->loadGroupPermissions($idGroup, $listResource);
    if ($arrPermisos === false) {
        $smarty->assign("mb_title", _tr("ERROR"));
        $smarty->assign("mb_message", _tr("An error has ocurred to retrieved Group Permissions"));
        return reportGroupPermission($smarty, $module_name, $local_templates_dir, $pDB, $arrConf, $credentials);
    }
    $arrNewPermissions = array();
    $arrDelPermissions = array();
    $arrSelectdPermissions = array();
    if (isset($_POST['groupPermission'])) {
        foreach ($_POST['groupPermission'] as $resource => $actions) {
            if (isset($arrResourceActions[$resource])) {
                $res_actions = array_intersect(array_keys($actions), $arrResourceActions[$resource]);
                if (in_array('access', $res_actions)) {
                    $arrSelectdPermissions[$resource] = $res_actions;
                }
            }
        }
    }
    if ($isAdministrator) {
        if (isset($arrResourceActions['grouplist'])) {
            $arrSelectdPermissions["grouplist"] = $arrResourceActions['grouplist'];
        }
        if (isset($arrResourceActions['userlist'])) {
            $arrSelectdPermissions["userlist"] = $arrResourceActions['userlist'];
        }
        if (isset($arrResourceActions['group_permission'])) {
            $arrSelectdPermissions["group_permission"] = $arrResourceActions['group_permission'];
        }
    }
    //sacamos la lista de los permisos nuevos
    foreach ($arrSelectdPermissions as $resource => $actions) {
        if (isset($arrPermisos[$resource])) {
            $new_actions = array_diff($actions, $arrPermisos[$resource]);
            if (count($new_actions) > 0) {
                $arrNewPermissions[$resource] = $new_actions;
            }
        } else {
            //no se hallaba antes lo agregamos a la lista de recursos nuevos
            $arrNewPermissions[$resource] = $actions;
        }
    }
    //sacamos la lista de los recursos ausentes
    foreach ($arrPermisos as $resource => $actions) {
        if (isset($arrSelectdPermissions[$resource])) {
            $del_actions = array_diff($actions, $arrSelectdPermissions[$resource]);
            if (count($del_actions) > 0) {
                $arrDelPermissions[$resource] = $del_actions;
            }
        } else {
            //no se halla entre los recursos seleccionados lo agregamos a la lista de recursos ausentes
            $arrDelPermissions[$resource] = $actions;
        }
    }
    $pACL->_DB->beginTransaction();
    if (count($arrDelPermissions) > 0) {
        if (!$pACL->deleteGroupPermission($idGroup, $arrDelPermissions)) {
            $smarty->assign("mb_title", "ERROR");
            $smarty->assign("mb_message", _tr("A error has been ocurred. ") . $pACL->errMsg);
            return reportGroupPermission($smarty, $module_name, $local_templates_dir, $pDB, $arrConf, $credentials);
        }
    }
    if (count($arrNewPermissions) > 0) {
        if (!$pACL->saveGroupPermission($idGroup, $arrNewPermissions)) {
            $smarty->assign("mb_title", "ERROR");
            $smarty->assign("mb_message", _tr("A error has been ocurred. ") . $pACL->errMsg);
            return reportGroupPermission($smarty, $module_name, $local_templates_dir, $pDB, $arrConf, $credentials);
        }
    }
    $smarty->assign("mb_title", _tr("MESSAGE"));
    $smarty->assign("mb_message", _tr("Changes was applied successfully"));
    $pACL->_DB->commit();
    //borra los menus q tiene de permisos que estan guardados en la session, el index.php principal (html) volvera a generar esta arreglo de permisos.
    unset($_SESSION['elastix_user_permission']);
    return reportGroupPermission($smarty, $module_name, $local_templates_dir, $pDB, $arrConf, $credentials);
}