function applyGroupPermission($smarty, $module_name, $local_templates_dir, &$pDB, $arrConf, $credentials) { global $arrLang; $pACL = new paloACL($pDB); $pORGZ = new paloSantoOrganization($pDB); $filter_resource = getParameter("resource_apply"); $limit = getParameter("limit_apply"); $offset = getParameter("offset_apply"); $idGroup = getParameter("filter_group"); if ($credentials['userlevel'] == "superadmin") { $idOrgFil = getParameter("idOrganization"); if (empty($idOrgFil)) { $smarty->assign("mb_title", _tr("ERROR")); $smarty->assign("mb_message", _tr("Invalid Organization")); return reportGroupPermission($smarty, $module_name, $local_templates_dir, $pDB, $arrConf, $credentials); } } else { $idOrgFil = $credentials['id_organization']; } if (empty($idGroup)) { $smarty->assign("mb_title", _tr("ERROR")); $smarty->assign("mb_message", _tr("Invalid Group")); return reportGroupPermission($smarty, $module_name, $local_templates_dir, $pDB, $arrConf, $credentials); } //valido exista una organizacion con dicho id y que no sea la organizacion 1 $orgTmp = $pORGZ->getOrganizationById($idOrgFil); if ($orgTmp === false) { $smarty->assign("mb_title", _tr("ERROR")); $smarty->assign("mb_message", _tr($pORGZ->errMsg)); return reportGroupPermission($smarty, $module_name, $local_templates_dir, $pDB, $arrConf, $credentials); } elseif (count($orgTmp) == 0) { $smarty->assign("mb_title", _tr("ERROR")); $smarty->assign("mb_message", _tr("Organization doesn't exist")); return reportGroupPermission($smarty, $module_name, $local_templates_dir, $pDB, $arrConf, $credentials); } if ($idOrgFil == 1) { $error = true; $msg_error = _tr("Invalid Organization"); } //valido que el grupo pertenezca a la organizacion if ($pACL->getGroups($idGroup, $idOrgFil) == false) { $smarty->assign("mb_title", _tr("ERROR")); $smarty->assign("mb_message", _tr("Invalid Group")); return reportGroupPermission($smarty, $module_name, $local_templates_dir, $pDB, $arrConf, $credentials); } $lang = get_language(); if ($lang != "en") { if (isset($filter_resource)) { if (trim($filter_resource) != "") { global $arrLang; $filter_value = strtolower(trim($filter_resource)); $parameter_to_find[] = $filter_value; //parametro de busqueda sin traduccion foreach ($arrLang as $key => $value) { $langValue = strtolower(trim($value)); if (preg_match("/^[[:alnum:]| ]*\$/", $filter_value)) { if (strpos($langValue, $filter_value) !== FALSE) { $parameter_to_find[] = $key; } } } } } } if (isset($filter_resource)) { $parameter_to_find[] = $filter_resource; } else { $parameter_to_find = null; } //obtenemos los recursos a los que la organizacion tiene acceso $arrResourcesOrg = $pACL->getResourcesByOrg($idOrgFil, $parameter_to_find); if ($arrResourcesOrg === false) { $smarty->assign("mb_title", _tr("ERROR")); $smarty->assign("mb_message", _tr($pACL->errMsg)); return reportGroupPermission($smarty, $module_name, $local_templates_dir, $pDB, $arrConf, $credentials); } $arrResources = array_slice($arrResourcesOrg, $offset, $limit); foreach ($arrResources as $resource) { $listResource[] = $resource['id']; //lista de id de los recursos que queremos consultar } //el grupo administrator de cada organizacion tiene ciertos recursos siempre activos $isAdministrator = $pACL->getGroupNameByid($idGroup) == _tr("administrator") ? true : false; if ($isAdministrator) { $listResource[] = "grouplist"; $listResource[] = "userlist"; $listResource[] = "group_permission"; } //las acciones que tiene cada drecurso $arrResourceActions = $pACL->getResourcesActions($listResource); if ($arrResourceActions === false) { $smarty->assign("mb_title", _tr("ERROR")); $smarty->assign("mb_message", _tr("An error has ocurred to retrieved Resources Actions")); return reportGroupPermission($smarty, $module_name, $local_templates_dir, $pDB, $arrConf, $credentials); } //para el casos de los recursos organization, dashboard, cdrreport ahi acciones que no se les puede otorgar a los usuarios if (isset($arrResourceActions['organization'])) { $arrResourceActions['organization'] = array_diff($arrResourceActions['organization'], array('change_org_status', 'create_org', 'delete_org', 'edit_DID')); } if (isset($arrResourceActions['dashboard'])) { $arrResourceActions['dashboard'] = array('access'); } if (isset($arrResourceActions['cdrreport'])) { $arrResourceActions['cdrreport'] = array('access', _tr('export')); } //los premisos que tiene el grupo $arrPermisos = $pACL->loadGroupPermissions($idGroup, $listResource); if ($arrPermisos === false) { $smarty->assign("mb_title", _tr("ERROR")); $smarty->assign("mb_message", _tr("An error has ocurred to retrieved Group Permissions")); return reportGroupPermission($smarty, $module_name, $local_templates_dir, $pDB, $arrConf, $credentials); } $arrNewPermissions = array(); $arrDelPermissions = array(); $arrSelectdPermissions = array(); if (isset($_POST['groupPermission'])) { foreach ($_POST['groupPermission'] as $resource => $actions) { if (isset($arrResourceActions[$resource])) { $res_actions = array_intersect(array_keys($actions), $arrResourceActions[$resource]); if (in_array('access', $res_actions)) { $arrSelectdPermissions[$resource] = $res_actions; } } } } if ($isAdministrator) { if (isset($arrResourceActions['grouplist'])) { $arrSelectdPermissions["grouplist"] = $arrResourceActions['grouplist']; } if (isset($arrResourceActions['userlist'])) { $arrSelectdPermissions["userlist"] = $arrResourceActions['userlist']; } if (isset($arrResourceActions['group_permission'])) { $arrSelectdPermissions["group_permission"] = $arrResourceActions['group_permission']; } } //sacamos la lista de los permisos nuevos foreach ($arrSelectdPermissions as $resource => $actions) { if (isset($arrPermisos[$resource])) { $new_actions = array_diff($actions, $arrPermisos[$resource]); if (count($new_actions) > 0) { $arrNewPermissions[$resource] = $new_actions; } } else { //no se hallaba antes lo agregamos a la lista de recursos nuevos $arrNewPermissions[$resource] = $actions; } } //sacamos la lista de los recursos ausentes foreach ($arrPermisos as $resource => $actions) { if (isset($arrSelectdPermissions[$resource])) { $del_actions = array_diff($actions, $arrSelectdPermissions[$resource]); if (count($del_actions) > 0) { $arrDelPermissions[$resource] = $del_actions; } } else { //no se halla entre los recursos seleccionados lo agregamos a la lista de recursos ausentes $arrDelPermissions[$resource] = $actions; } } $pACL->_DB->beginTransaction(); if (count($arrDelPermissions) > 0) { if (!$pACL->deleteGroupPermission($idGroup, $arrDelPermissions)) { $smarty->assign("mb_title", "ERROR"); $smarty->assign("mb_message", _tr("A error has been ocurred. ") . $pACL->errMsg); return reportGroupPermission($smarty, $module_name, $local_templates_dir, $pDB, $arrConf, $credentials); } } if (count($arrNewPermissions) > 0) { if (!$pACL->saveGroupPermission($idGroup, $arrNewPermissions)) { $smarty->assign("mb_title", "ERROR"); $smarty->assign("mb_message", _tr("A error has been ocurred. ") . $pACL->errMsg); return reportGroupPermission($smarty, $module_name, $local_templates_dir, $pDB, $arrConf, $credentials); } } $smarty->assign("mb_title", _tr("MESSAGE")); $smarty->assign("mb_message", _tr("Changes was applied successfully")); $pACL->_DB->commit(); //borra los menus q tiene de permisos que estan guardados en la session, el index.php principal (html) volvera a generar esta arreglo de permisos. unset($_SESSION['elastix_user_permission']); return reportGroupPermission($smarty, $module_name, $local_templates_dir, $pDB, $arrConf, $credentials); }
function applyGroupPermission($smarty, $module_name, $local_templates_dir, &$pDB, $arrConf) { $pGroupPermission = new paloSantoGroupPermission(); $filter_resource = getParameter("resource_apply"); $limit = getParameter("limit_apply"); $offset = getParameter("offset_apply"); $action_apply = getParameter("action_apply"); $start_apply = getParameter("start_apply"); $arrResources = $pGroupPermission->ObtainResources($limit, $offset, $filter_resource); //**************************************************************************************************** // ACTION -> access //**************************************************************************************************** //permisos recursos seleccionados en el grid // Array ( [0] => build_module [1] => delete_module [2] => language_admin ... $selectedAccess = isset($_POST['groupPermission']) ? array_keys($_POST['groupPermission']) : array(); $idGroup = getParameter("filter_group"); $isAdministrator = $idGroup == 1 ? true : false; if ($isAdministrator) { $selectedAccess[] = "usermgr"; $selectedAccess[] = "grouplist"; $selectedAccess[] = "userlist"; $selectedAccess[] = "group_permission"; } $listaPermisos = OrderResourceGroupPermissions($pGroupPermission->loadResourceGroupPermissions("access", $idGroup)); $listaPermisosNuevos = array_diff($selectedAccess, $listaPermisos); $listaPermisosAusentes = array_diff($listaPermisos, $selectedAccess); $listaPermisosNuevosGrupo = array(); $listaPermisosAusentesGrupo = array(); foreach ($arrResources as $resource) { if (in_array($resource["name"], $listaPermisosNuevos)) { $listaPermisosNuevosGrupo[] = $resource["id"]; } if (in_array($resource["name"], $listaPermisosAusentes)) { $listaPermisosAusentesGrupo[] = $resource["id"]; } } if (count($listaPermisosAusentesGrupo) > 0) { $bExito = $pGroupPermission->deleteGroupPermissions("access", $idGroup, $listaPermisosAusentesGrupo); if (!$bExito) { $msgError = "ERROR"; } } if (count($listaPermisosNuevosGrupo) > 0) { $bExito = $pGroupPermission->saveGroupPermissions("access", $idGroup, $listaPermisosNuevosGrupo); if (!$bExito) { $msgError = "ERROR"; } } if (!empty($msgError)) { $smarty->assign("mb_message", $msgError); } //TODO: Las acciones de view, delete, create y update no existen en la base de datos en la tabla acl_action (sólo está la acción access), por lo tanto se generaba un error al no existir dichas acciones. Queda para un futuro la implementación de estas acciones. //**************************************************************************************************** // ACTION -> view //**************************************************************************************************** /* //permisos recursos seleccionados en el grid // Array ( [0] => build_module [1] => delete_module [2] => language_admin ... $selectedViews = isset($_POST['viewPermission']) ? array_keys($_POST['viewPermission']) : array(); if( $isAdministrator ){ $selectedViews[] = "usermgr"; $selectedViews[] = "grouplist"; $selectedViews[] = "userlist"; $selectedViews[] = "group_permission"; } $listaPermisos = OrderResourceGroupPermissions( $pGroupPermission->loadResourceGroupPermissions("view", $idGroup) ); $listaPermisosNuevos = array_diff( $selectedViews, $listaPermisos); $listaPermisosAusentes = array_diff( $listaPermisos, $selectedViews); $listaPermisosNuevosGrupo = array(); $listaPermisosAusentesGrupo = array(); foreach($arrResources as $resource) { print_r("<br/>".$resource["name"]); if( in_array( $resource["name"], $listaPermisosNuevos) ) $listaPermisosNuevosGrupo[] = $resource["id"]; if( in_array( $resource["name"], $listaPermisosAusentes) ) $listaPermisosAusentesGrupo[] = $resource["id"]; } if( count($listaPermisosAusentesGrupo) > 0 ){ $bExito = $pGroupPermission->deleteGroupPermissions("view", $idGroup, $listaPermisosAusentesGrupo); if (!$bExito) $msgError = "ERROR"; } print_r($listaPermisosNuevosGrupo); if( count($listaPermisosNuevosGrupo) > 0 ){ $bExito = $pGroupPermission->saveGroupPermissions("view", $idGroup, $listaPermisosNuevosGrupo); if (!$bExito) $msgError = "ERROR"; } if (!empty($msgError)) $smarty->assign("mb_message", $msgError); //**************************************************************************************************** // ACTION -> create //**************************************************************************************************** //permisos recursos seleccionados en el grid // Array ( [0] => build_module [1] => delete_module [2] => language_admin ... $selectedCreates = isset($_POST['createPermission']) ? array_keys($_POST['createPermission']) : array(); if( $isAdministrator ){ $selectedCreates[] = "usermgr"; $selectedCreates[] = "grouplist"; $selectedCreates[] = "userlist"; $selectedCreates[] = "group_permission"; } $listaPermisos = OrderResourceGroupPermissions( $pGroupPermission->loadResourceGroupPermissions("create", $idGroup) ); $listaPermisosNuevos = array_diff( $selectedCreates, $listaPermisos); $listaPermisosAusentes = array_diff( $listaPermisos, $selectedCreates); $listaPermisosNuevosGrupo = array(); $listaPermisosAusentesGrupo = array(); foreach($arrResources as $resource) { if( in_array( $resource["name"], $listaPermisosNuevos) ) $listaPermisosNuevosGrupo[] = $resource["id"]; if( in_array( $resource["name"], $listaPermisosAusentes) ) $listaPermisosAusentesGrupo[] = $resource["id"]; } if( count($listaPermisosAusentesGrupo) > 0 ){ $bExito = $pGroupPermission->deleteGroupPermissions("create", $idGroup, $listaPermisosAusentesGrupo); if (!$bExito) $msgError = "ERROR"; } if( count($listaPermisosNuevosGrupo) > 0 ){ $bExito = $pGroupPermission->saveGroupPermissions("create", $idGroup, $listaPermisosNuevosGrupo); if (!$bExito) $msgError = "ERROR"; } if (!empty($msgError)) $smarty->assign("mb_message", $msgError); //**************************************************************************************************** // ACTION -> delete //**************************************************************************************************** $selectedDeletes = isset($_POST['deletePermission']) ? array_keys($_POST['deletePermission']) : array(); if( $isAdministrator ){ $selectedDeletes[] = "usermgr"; $selectedDeletes[] = "grouplist"; $selectedDeletes[] = "userlist"; $selectedDeletes[] = "group_permission"; } $listaPermisos = OrderResourceGroupPermissions( $pGroupPermission->loadResourceGroupPermissions("delete", $idGroup) ); $listaPermisosNuevos = array_diff( $selectedDeletes, $listaPermisos); $listaPermisosAusentes = array_diff( $listaPermisos, $selectedDeletes); $listaPermisosNuevosGrupo = array(); $listaPermisosAusentesGrupo = array(); foreach($arrResources as $resource) { if( in_array( $resource["name"], $listaPermisosNuevos) ) $listaPermisosNuevosGrupo[] = $resource["id"]; if( in_array( $resource["name"], $listaPermisosAusentes) ) $listaPermisosAusentesGrupo[] = $resource["id"]; } if( count($listaPermisosAusentesGrupo) > 0 ){ $bExito = $pGroupPermission->deleteGroupPermissions("delete", $idGroup, $listaPermisosAusentesGrupo); if (!$bExito) $msgError = "ERROR"; } if( count($listaPermisosNuevosGrupo) > 0 ){ $bExito = $pGroupPermission->saveGroupPermissions("delete", $idGroup, $listaPermisosNuevosGrupo); if (!$bExito) $msgError = "ERROR"; } if (!empty($msgError)) $smarty->assign("mb_message", $msgError); //**************************************************************************************************** // ACTION -> update //**************************************************************************************************** $selectedUpdates = isset($_POST['updatePermission']) ? array_keys($_POST['updatePermission']) : array(); if( $isAdministrator ){ $selectedUpdates[] = "usermgr"; $selectedUpdates[] = "grouplist"; $selectedUpdates[] = "userlist"; $selectedUpdates[] = "group_permission"; } $listaPermisos = OrderResourceGroupPermissions( $pGroupPermission->loadResourceGroupPermissions("update", $idGroup) ); $listaPermisosNuevos = array_diff( $selectedUpdates, $listaPermisos); $listaPermisosAusentes = array_diff( $listaPermisos, $selectedUpdates); $listaPermisosNuevosGrupo = array(); $listaPermisosAusentesGrupo = array(); foreach($arrResources as $resource) { if( in_array( $resource["name"], $listaPermisosNuevos) ) $listaPermisosNuevosGrupo[] = $resource["id"]; if( in_array( $resource["name"], $listaPermisosAusentes) ) $listaPermisosAusentesGrupo[] = $resource["id"]; } if( count($listaPermisosAusentesGrupo) > 0 ){ $bExito = $pGroupPermission->deleteGroupPermissions("update", $idGroup, $listaPermisosAusentesGrupo); if (!$bExito) $msgError = "ERROR"; } if( count($listaPermisosNuevosGrupo) > 0 ){ $bExito = $pGroupPermission->saveGroupPermissions("update", $idGroup, $listaPermisosNuevosGrupo); if (!$bExito) $msgError = "ERROR"; } if (!empty($msgError)) $smarty->assign("mb_message", $msgError);*/ //borra los menus q tiene de permisos que estan guardados en la session, el index.php principal (html) volvera a generar esta arreglo de permisos. unset($_SESSION['elastix_user_permission']); return reportGroupPermission($smarty, $module_name, $local_templates_dir, $pDB, $arrConf, true, $action_apply, $start_apply); }