コード例 #1
0
ファイル: user.class.php プロジェクト: geldarr/hack-space
 /**
  * Apply rules to determine dynamic rights of the user
  *
  * @return boolean : true if we play the Rule Engine
  **/
 function applyRightRules()
 {
     global $DB;
     $return = false;
     if ((isset($this->fields['_ruleright_process']) || isset($this->input['_ruleright_process'])) && isset($this->fields["authtype"]) && ($this->fields["authtype"] == Auth::LDAP || $this->fields["authtype"] == Auth::MAIL || Auth::isAlternateAuth($this->fields["authtype"]))) {
         $dynamic_profiles = Profile_User::getForUser($this->fields["id"], true);
         if (isset($this->fields["id"]) && $this->fields["id"] > 0 && isset($this->input["_ldap_rules"]) && count($this->input["_ldap_rules"])) {
             //and add/update/delete only if it's necessary !
             if (isset($this->input["_ldap_rules"]["rules_entities_rights"])) {
                 $entities_rules = $this->input["_ldap_rules"]["rules_entities_rights"];
             } else {
                 $entities_rules = array();
             }
             if (isset($this->input["_ldap_rules"]["rules_entities"])) {
                 $entities = $this->input["_ldap_rules"]["rules_entities"];
             } else {
                 $entities = array();
             }
             if (isset($this->input["_ldap_rules"]["rules_rights"])) {
                 $rights = $this->input["_ldap_rules"]["rules_rights"];
             } else {
                 $rights = array();
             }
             $retrieved_dynamic_profiles = array();
             //For each affectation -> write it in DB
             foreach ($entities_rules as $entity) {
                 //Multiple entities assignation
                 if (is_array($entity[0])) {
                     foreach ($entity[0] as $tmp => $ent) {
                         $affectation['entities_id'] = $ent;
                         $affectation['profiles_id'] = $entity[1];
                         $affectation['is_recursive'] = $entity[2];
                         $affectation['users_id'] = $this->fields['id'];
                         $affectation['is_dynamic'] = 1;
                         $retrieved_dynamic_profiles[] = $affectation;
                     }
                 } else {
                     $affectation['entities_id'] = $entity[0];
                     $affectation['profiles_id'] = $entity[1];
                     $affectation['is_recursive'] = $entity[2];
                     $affectation['users_id'] = $this->fields['id'];
                     $affectation['is_dynamic'] = 1;
                     $retrieved_dynamic_profiles[] = $affectation;
                 }
             }
             if (count($entities) > 0 && count($rights) == 0) {
                 if ($def_prof = Profile::getDefault()) {
                     $rights[] = $def_prof;
                 }
             }
             if (count($rights) > 0 && count($entities) > 0) {
                 foreach ($rights as $right) {
                     foreach ($entities as $entity) {
                         $affectation['entities_id'] = $entity[0];
                         $affectation['profiles_id'] = $right;
                         $affectation['users_id'] = $this->fields['id'];
                         $affectation['is_recursive'] = $entity[1];
                         $affectation['is_dynamic'] = 1;
                         $retrieved_dynamic_profiles[] = $affectation;
                     }
                 }
             }
             // Compare retrived profiles to existing ones : clean arrays to do purge and add
             if (count($retrieved_dynamic_profiles)) {
                 foreach ($retrieved_dynamic_profiles as $keyretr => $retr_profile) {
                     $found = false;
                     foreach ($dynamic_profiles as $keydb => $db_profile) {
                         // Found existing profile : unset values in array
                         if (!$found && $db_profile['entities_id'] == $retr_profile['entities_id'] && $db_profile['profiles_id'] == $retr_profile['profiles_id'] && $db_profile['is_recursive'] == $retr_profile['is_recursive']) {
                             unset($retrieved_dynamic_profiles[$keyretr]);
                             unset($dynamic_profiles[$keydb]);
                         }
                     }
                 }
             }
             // Add new dynamic profiles
             if (count($retrieved_dynamic_profiles)) {
                 $right = new Profile_User();
                 foreach ($retrieved_dynamic_profiles as $keyretr => $retr_profile) {
                     $right->add($retr_profile);
                 }
             }
             //Unset all the temporary tables
             unset($this->input["_ldap_rules"]);
             $return = true;
         }
         // Delete old dynamic profiles
         if (count($dynamic_profiles)) {
             $right = new Profile_User();
             foreach ($dynamic_profiles as $keydb => $db_profile) {
                 $right->delete($db_profile);
             }
         }
     }
     return $return;
 }
コード例 #2
0
$profile = new Profile();
$right = new Profile_User();
$user = new User();
if (isset($_POST["add"])) {
    $right->check(-1, 'w', $_POST);
    if ($right->add($_POST)) {
        Event::log($_POST["users_id"], "users", 4, "setup", $_SESSION["glpiname"] . " " . $LANG['log'][61]);
    }
    glpi_header($_SERVER['HTTP_REFERER']);
} else {
    if (isset($_POST["delete"])) {
        if (isset($_POST["item"]) && count($_POST["item"])) {
            foreach ($_POST["item"] as $key => $val) {
                if ($val == 1) {
                    if ($right->can($key, 'w')) {
                        $right->delete(array('id' => $key));
                    }
                }
            }
            if (isset($_POST["entities_id"])) {
                // From entity tab
                Event::log($_POST["entities_id"], "entity", 4, "setup", $_SESSION["glpiname"] . " " . $LANG['log'][62]);
            } else {
                if (isset($_POST["users_id"])) {
                    Event::log($_POST["users_id"], "users", 4, "setup", $_SESSION["glpiname"] . " " . $LANG['log'][62]);
                }
            }
        }
        glpi_header($_SERVER['HTTP_REFERER']);
    } else {
        if (isset($_POST["moveentity"])) {