/**
* Apply rules to determine dynamic rights of the user
*
* @return boolean : true if we play the Rule Engine
**/
function applyRightRules()
{
global $DB;
$return = false;
if ((isset($this->fields['_ruleright_process']) || isset($this->input['_ruleright_process'])) && isset($this->fields["authtype"]) && ($this->fields["authtype"] == Auth::LDAP || $this->fields["authtype"] == Auth::MAIL || Auth::isAlternateAuth($this->fields["authtype"]))) {
$dynamic_profiles = Profile_User::getForUser($this->fields["id"], true);
if (isset($this->fields["id"]) && $this->fields["id"] > 0 && isset($this->input["_ldap_rules"]) && count($this->input["_ldap_rules"])) {
//and add/update/delete only if it's necessary !
if (isset($this->input["_ldap_rules"]["rules_entities_rights"])) {
$entities_rules = $this->input["_ldap_rules"]["rules_entities_rights"];
} else {
$entities_rules = array();
}
if (isset($this->input["_ldap_rules"]["rules_entities"])) {
$entities = $this->input["_ldap_rules"]["rules_entities"];
} else {
$entities = array();
}
if (isset($this->input["_ldap_rules"]["rules_rights"])) {
$rights = $this->input["_ldap_rules"]["rules_rights"];
} else {
$rights = array();
}
$retrieved_dynamic_profiles = array();
//For each affectation -> write it in DB
foreach ($entities_rules as $entity) {
//Multiple entities assignation
if (is_array($entity[0])) {
foreach ($entity[0] as $tmp => $ent) {
$affectation['entities_id'] = $ent;
$affectation['profiles_id'] = $entity[1];
$affectation['is_recursive'] = $entity[2];
$affectation['users_id'] = $this->fields['id'];
$affectation['is_dynamic'] = 1;
$retrieved_dynamic_profiles[] = $affectation;
}
} else {
$affectation['entities_id'] = $entity[0];
$affectation['profiles_id'] = $entity[1];
$affectation['is_recursive'] = $entity[2];
$affectation['users_id'] = $this->fields['id'];
$affectation['is_dynamic'] = 1;
$retrieved_dynamic_profiles[] = $affectation;
}
}
if (count($entities) > 0 && count($rights) == 0) {
if ($def_prof = Profile::getDefault()) {
$rights[] = $def_prof;
}
}
if (count($rights) > 0 && count($entities) > 0) {
foreach ($rights as $right) {
foreach ($entities as $entity) {
$affectation['entities_id'] = $entity[0];
$affectation['profiles_id'] = $right;
$affectation['users_id'] = $this->fields['id'];
$affectation['is_recursive'] = $entity[1];
$affectation['is_dynamic'] = 1;
$retrieved_dynamic_profiles[] = $affectation;
}
}
}
// Compare retrived profiles to existing ones : clean arrays to do purge and add
if (count($retrieved_dynamic_profiles)) {
foreach ($retrieved_dynamic_profiles as $keyretr => $retr_profile) {
$found = false;
foreach ($dynamic_profiles as $keydb => $db_profile) {
// Found existing profile : unset values in array
if (!$found && $db_profile['entities_id'] == $retr_profile['entities_id'] && $db_profile['profiles_id'] == $retr_profile['profiles_id'] && $db_profile['is_recursive'] == $retr_profile['is_recursive']) {
unset($retrieved_dynamic_profiles[$keyretr]);
unset($dynamic_profiles[$keydb]);
}
}
}
}
// Add new dynamic profiles
if (count($retrieved_dynamic_profiles)) {
$right = new Profile_User();
foreach ($retrieved_dynamic_profiles as $keyretr => $retr_profile) {
$right->add($retr_profile);
}
}
//Unset all the temporary tables
unset($this->input["_ldap_rules"]);
$return = true;
}
// Delete old dynamic profiles
if (count($dynamic_profiles)) {
$right = new Profile_User();
foreach ($dynamic_profiles as $keydb => $db_profile) {
$right->delete($db_profile);
}
}
}
return $return;
}
$profile = new Profile();
$right = new Profile_User();
$user = new User();
if (isset($_POST["add"])) {
$right->check(-1, 'w', $_POST);
if ($right->add($_POST)) {
Event::log($_POST["users_id"], "users", 4, "setup", $_SESSION["glpiname"] . " " . $LANG['log'][61]);
}
glpi_header($_SERVER['HTTP_REFERER']);
} else {
if (isset($_POST["delete"])) {
if (isset($_POST["item"]) && count($_POST["item"])) {
foreach ($_POST["item"] as $key => $val) {
if ($val == 1) {
if ($right->can($key, 'w')) {
$right->delete(array('id' => $key));
}
}
}
if (isset($_POST["entities_id"])) {
// From entity tab
Event::log($_POST["entities_id"], "entity", 4, "setup", $_SESSION["glpiname"] . " " . $LANG['log'][62]);
} else {
if (isset($_POST["users_id"])) {
Event::log($_POST["users_id"], "users", 4, "setup", $_SESSION["glpiname"] . " " . $LANG['log'][62]);
}
}
}
glpi_header($_SERVER['HTTP_REFERER']);
} else {
if (isset($_POST["moveentity"])) {