function applyGroupPermission($smarty, $module_name, $local_templates_dir, &$pDB, $arrConf, $credentials) { global $arrLang; $pACL = new paloACL($pDB); $pORGZ = new paloSantoOrganization($pDB); $filter_resource = getParameter("resource_apply"); $limit = getParameter("limit_apply"); $offset = getParameter("offset_apply"); $idGroup = getParameter("filter_group"); if ($credentials['userlevel'] == "superadmin") { $idOrgFil = getParameter("idOrganization"); if (empty($idOrgFil)) { $smarty->assign("mb_title", _tr("ERROR")); $smarty->assign("mb_message", _tr("Invalid Organization")); return reportGroupPermission($smarty, $module_name, $local_templates_dir, $pDB, $arrConf, $credentials); } } else { $idOrgFil = $credentials['id_organization']; } if (empty($idGroup)) { $smarty->assign("mb_title", _tr("ERROR")); $smarty->assign("mb_message", _tr("Invalid Group")); return reportGroupPermission($smarty, $module_name, $local_templates_dir, $pDB, $arrConf, $credentials); } //valido exista una organizacion con dicho id y que no sea la organizacion 1 $orgTmp = $pORGZ->getOrganizationById($idOrgFil); if ($orgTmp === false) { $smarty->assign("mb_title", _tr("ERROR")); $smarty->assign("mb_message", _tr($pORGZ->errMsg)); return reportGroupPermission($smarty, $module_name, $local_templates_dir, $pDB, $arrConf, $credentials); } elseif (count($orgTmp) == 0) { $smarty->assign("mb_title", _tr("ERROR")); $smarty->assign("mb_message", _tr("Organization doesn't exist")); return reportGroupPermission($smarty, $module_name, $local_templates_dir, $pDB, $arrConf, $credentials); } if ($idOrgFil == 1) { $error = true; $msg_error = _tr("Invalid Organization"); } //valido que el grupo pertenezca a la organizacion if ($pACL->getGroups($idGroup, $idOrgFil) == false) { $smarty->assign("mb_title", _tr("ERROR")); $smarty->assign("mb_message", _tr("Invalid Group")); return reportGroupPermission($smarty, $module_name, $local_templates_dir, $pDB, $arrConf, $credentials); } $lang = get_language(); if ($lang != "en") { if (isset($filter_resource)) { if (trim($filter_resource) != "") { global $arrLang; $filter_value = strtolower(trim($filter_resource)); $parameter_to_find[] = $filter_value; //parametro de busqueda sin traduccion foreach ($arrLang as $key => $value) { $langValue = strtolower(trim($value)); if (preg_match("/^[[:alnum:]| ]*\$/", $filter_value)) { if (strpos($langValue, $filter_value) !== FALSE) { $parameter_to_find[] = $key; } } } } } } if (isset($filter_resource)) { $parameter_to_find[] = $filter_resource; } else { $parameter_to_find = null; } //obtenemos los recursos a los que la organizacion tiene acceso $arrResourcesOrg = $pACL->getResourcesByOrg($idOrgFil, $parameter_to_find); if ($arrResourcesOrg === false) { $smarty->assign("mb_title", _tr("ERROR")); $smarty->assign("mb_message", _tr($pACL->errMsg)); return reportGroupPermission($smarty, $module_name, $local_templates_dir, $pDB, $arrConf, $credentials); } $arrResources = array_slice($arrResourcesOrg, $offset, $limit); foreach ($arrResources as $resource) { $listResource[] = $resource['id']; //lista de id de los recursos que queremos consultar } //el grupo administrator de cada organizacion tiene ciertos recursos siempre activos $isAdministrator = $pACL->getGroupNameByid($idGroup) == _tr("administrator") ? true : false; if ($isAdministrator) { $listResource[] = "grouplist"; $listResource[] = "userlist"; $listResource[] = "group_permission"; } //las acciones que tiene cada drecurso $arrResourceActions = $pACL->getResourcesActions($listResource); if ($arrResourceActions === false) { $smarty->assign("mb_title", _tr("ERROR")); $smarty->assign("mb_message", _tr("An error has ocurred to retrieved Resources Actions")); return reportGroupPermission($smarty, $module_name, $local_templates_dir, $pDB, $arrConf, $credentials); } //para el casos de los recursos organization, dashboard, cdrreport ahi acciones que no se les puede otorgar a los usuarios if (isset($arrResourceActions['organization'])) { $arrResourceActions['organization'] = array_diff($arrResourceActions['organization'], array('change_org_status', 'create_org', 'delete_org', 'edit_DID')); } if (isset($arrResourceActions['dashboard'])) { $arrResourceActions['dashboard'] = array('access'); } if (isset($arrResourceActions['cdrreport'])) { $arrResourceActions['cdrreport'] = array('access', _tr('export')); } //los premisos que tiene el grupo $arrPermisos = $pACL->loadGroupPermissions($idGroup, $listResource); if ($arrPermisos === false) { $smarty->assign("mb_title", _tr("ERROR")); $smarty->assign("mb_message", _tr("An error has ocurred to retrieved Group Permissions")); return reportGroupPermission($smarty, $module_name, $local_templates_dir, $pDB, $arrConf, $credentials); } $arrNewPermissions = array(); $arrDelPermissions = array(); $arrSelectdPermissions = array(); if (isset($_POST['groupPermission'])) { foreach ($_POST['groupPermission'] as $resource => $actions) { if (isset($arrResourceActions[$resource])) { $res_actions = array_intersect(array_keys($actions), $arrResourceActions[$resource]); if (in_array('access', $res_actions)) { $arrSelectdPermissions[$resource] = $res_actions; } } } } if ($isAdministrator) { if (isset($arrResourceActions['grouplist'])) { $arrSelectdPermissions["grouplist"] = $arrResourceActions['grouplist']; } if (isset($arrResourceActions['userlist'])) { $arrSelectdPermissions["userlist"] = $arrResourceActions['userlist']; } if (isset($arrResourceActions['group_permission'])) { $arrSelectdPermissions["group_permission"] = $arrResourceActions['group_permission']; } } //sacamos la lista de los permisos nuevos foreach ($arrSelectdPermissions as $resource => $actions) { if (isset($arrPermisos[$resource])) { $new_actions = array_diff($actions, $arrPermisos[$resource]); if (count($new_actions) > 0) { $arrNewPermissions[$resource] = $new_actions; } } else { //no se hallaba antes lo agregamos a la lista de recursos nuevos $arrNewPermissions[$resource] = $actions; } } //sacamos la lista de los recursos ausentes foreach ($arrPermisos as $resource => $actions) { if (isset($arrSelectdPermissions[$resource])) { $del_actions = array_diff($actions, $arrSelectdPermissions[$resource]); if (count($del_actions) > 0) { $arrDelPermissions[$resource] = $del_actions; } } else { //no se halla entre los recursos seleccionados lo agregamos a la lista de recursos ausentes $arrDelPermissions[$resource] = $actions; } } $pACL->_DB->beginTransaction(); if (count($arrDelPermissions) > 0) { if (!$pACL->deleteGroupPermission($idGroup, $arrDelPermissions)) { $smarty->assign("mb_title", "ERROR"); $smarty->assign("mb_message", _tr("A error has been ocurred. ") . $pACL->errMsg); return reportGroupPermission($smarty, $module_name, $local_templates_dir, $pDB, $arrConf, $credentials); } } if (count($arrNewPermissions) > 0) { if (!$pACL->saveGroupPermission($idGroup, $arrNewPermissions)) { $smarty->assign("mb_title", "ERROR"); $smarty->assign("mb_message", _tr("A error has been ocurred. ") . $pACL->errMsg); return reportGroupPermission($smarty, $module_name, $local_templates_dir, $pDB, $arrConf, $credentials); } } $smarty->assign("mb_title", _tr("MESSAGE")); $smarty->assign("mb_message", _tr("Changes was applied successfully")); $pACL->_DB->commit(); //borra los menus q tiene de permisos que estan guardados en la session, el index.php principal (html) volvera a generar esta arreglo de permisos. unset($_SESSION['elastix_user_permission']); return reportGroupPermission($smarty, $module_name, $local_templates_dir, $pDB, $arrConf, $credentials); }