function set_permission($values, $r_processed, $set_grant = false, $initials = '') { $this->acl->enable_inheritance = phpgw::get_var('enable_inheritance', 'bool', 'POST'); if ($initials) { $this->so->set_initials($initials); } $process = explode('_', $r_processed); if (!isset($values['right']) || !is_array($values['right'])) { $values['right'] = array(); } if (!isset($values['mask']) || !is_array($values['mask'])) { $values['mask'] = array(); } $grantor = -1; if ($set_grant) { if ($this->granting_group) { $grantor = $this->granting_group; } else { $grantor = $this->account_id; } } $this->set_permission2($values['right'], $process, $grantor, 0); $this->set_permission2($values['mask'], $process, $grantor, 1); $cleared = $this->bocommon->reset_fm_cache_userlist(); $receipt['message'][] = array('msg' => lang('permissions are updated!')); $receipt['message'][] = array('msg' => lang('%1 userlists cleared from cache', $cleared)); phpgwapi_cache::user_clear('phpgwapi', 'menu', -1); return $receipt; }
/** * Clear the user's menu so it can be regenerated cleanly * * @return void */ public function clear() { $account_id = $GLOBALS['phpgw_info']['user']['account_id']; phpgwapi_cache::user_clear('phpgwapi', 'menu', $account_id); }
/** * Delete ACL information from cache * * @param integer $account_id the account to delete data from the cache for * * @return null */ protected function _delete_cache($account_id, $location_id) { $accounts = array(); if ($GLOBALS['phpgw']->accounts->get_type($account_id) == phpgwapi_account::TYPE_GROUP) { $accounts = $GLOBALS['phpgw']->accounts->get_members($account_id); } $accounts[] = $account_id; $sql = "SELECT app_id FROM phpgw_locations WHERE location_id = {$location_id}"; $this->_db->query($sql, __LINE__, __FILE__); $this->_db->next_record(); $app_id = $this->_db->f('app_id'); foreach ($accounts as $id) { phpgwapi_cache::user_clear('phpgwapi', "acl_data_{$app_id}_{$location_id}", $id); } }
function set_permission($values, $r_processed, $set_grant = false) { $this->acl->enable_inheritance = phpgw::get_var('enable_inheritance', 'bool', 'POST'); $process = explode('_', $r_processed); if (!isset($values['right']) || !is_array($values['right'])) { $values['right'] = array(); } if (!isset($values['mask']) || !is_array($values['mask'])) { $values['mask'] = array(); } $grantor = -1; if ($set_grant) { if ($this->granting_group) { $grantor = $this->granting_group; } else { $grantor = $GLOBALS['phpgw_info']['user']['account_id']; } } $this->set_permission2($values['right'], $process, $grantor, 0); $this->set_permission2($values['mask'], $process, $grantor, 1); $receipt['message'][] = array('msg' => lang('permissions are updated!')); // this feature will probably move into the api as standard if ($this->acl_app == 'property') { $cleared = execMethod('property.bocommon.reset_fm_cache_userlist'); $receipt['message'][] = array('msg' => lang('%1 userlists cleared from cache', $cleared)); } phpgwapi_cache::user_clear('phpgwapi', 'menu', -1); return $receipt; }
/** * Saves a new user (account) or update an existing one * * @param array &$values Account details * * @return integer the account id - 0 = error */ function save_user(&$values) { if (!is_array($values)) { throw new Exception(lang('Invalid data')); } if (!(isset($values['id']) && $values['id']) && $GLOBALS['phpgw']->acl->check('account_access', phpgwapi_acl::ADD, 'admin')) { throw new Exception(lang('no permission to add users')); } if ($values['id']) { $user = $GLOBALS['phpgw']->accounts->get($values['id']); } else { $user = new phpgwapi_user(); } if (isset($values['expires_never']) && $values['expires_never']) { $values['expires'] = -1; $values['account_expires'] = $values['expires']; } else { $date_valid = checkdate($values['account_expires_month'], $values['account_expires_day'], $values['account_expires_year']); if (!$date_valid) { throw new Exception(lang('You have entered an invalid expiration date')); } $values['expires'] = mktime(2, 0, 0, $values['account_expires_month'], $values['account_expires_day'], $values['account_expires_year']); $values['account_expires'] = $values['expires']; } if (!$user->old_loginid && !$values['passwd']) { throw new Exception('You must enter a password'); } if (!$values['lid']) { throw new Exception(lang('You must enter a loginid')); } if ($user->old_loginid != $values['lid']) { if ($GLOBALS['phpgw']->accounts->exists($values['lid'])) { throw new Exception(lang('That loginid has already been taken')); } } if ($values['passwd'] || $values['passwd_2']) { if ($values['passwd'] != $values['passwd_2']) { throw new Exception(lang('The passwords don\'t match')); } } if (!count($values['account_permissions']) && !count($values['account_groups'])) { throw new Exception(lang('You must add at least 1 application or group to this account')); } $user_data = array('id' => (int) $values['id'], 'lid' => $values['lid'], 'firstname' => $values['firstname'], 'lastname' => $values['lastname'], 'enabled' => isset($values['enabled']) ? $values['enabled'] : '', 'expires' => $values['expires'], 'quota' => $values['quota']); if ($values['passwd']) { $user_data['passwd'] = $values['passwd']; } if (false) { $user_data['homedirectory'] = $values['homedirectory']; $user_data['loginshell'] = $values['loginshell']; } $groups = $values['account_groups']; $acls = array(); if (isset($values['changepassword']) && $values['changepassword']) { $acls[] = array('appname' => 'preferences', 'location' => 'changepassword', 'rights' => 1); } if (isset($values['anonymous']) && $values['anonymous']) { $acls[] = array('appname' => 'phpgwapi', 'location' => 'anonymous', 'rights' => 1); } $apps_admin = $values['account_permissions_admin'] ? array_keys($values['account_permissions_admin']) : array(); foreach ($apps_admin as $app_admin) { $acls[] = array('appname' => $app_admin, 'location' => 'admin', 'rights' => phpgwapi_acl::ADD); } $apps = $values['account_permissions'] ? array_keys($values['account_permissions']) : array(); unset($values['account_groups'], $values['account_permissions'], $values['account_permissions_admin']); try { foreach ($user_data as $key => $val) { $user->{$key} = $val; } } catch (Exception $e) { throw $e; } if ($user->id) { phpgwapi_cache::user_clear('phpgwapi', 'menu', $user->id); } if (!$user->is_dirty()) { return $user->id; } if ($user->id) { if ($GLOBALS['phpgw']->accounts->update_user($user, $groups, $acls, $apps)) { return $user->id; } } else { return $GLOBALS['phpgw']->accounts->create($user, $groups, $acls, $apps); return $user->id; } return 0; }
/** * process application add credential to admins at install * * @param $setup_info array of application info from setup.inc.php files, etc. */ function add_credential($appname) { $GLOBALS['phpgw']->accounts = createObject('phpgwapi.accounts'); $GLOBALS['phpgw']->acl = CreateObject('phpgwapi.acl'); $admins = array(); $accounts = $GLOBALS['phpgw']->acl->get_ids_for_location('run', phpgwapi_acl::READ, 'admin'); foreach ($accounts as $account_id) { $account = $GLOBALS['phpgw']->accounts->get($account_id); if ($account->type == phpgwapi_account::TYPE_GROUP) { $admins[] = $account_id; } } $members = array(); foreach ($admins as $admin) { if (!$GLOBALS['phpgw']->acl->check('run', phpgwapi_acl::READ, $appname)) { $locations = $GLOBALS['phpgw']->locations->get_locations(false, $appname); $aclobj =& $GLOBALS['phpgw']->acl; $aclobj->set_account_id($admin, true); // application permissions $aclobj->add($appname, 'run', phpgwapi_acl::READ); foreach ($locations as $location => $info) { $aclobj->add($appname, $location, 31); } $aclobj->save_repository(); $members = array_merge($members, $GLOBALS['phpgw']->accounts->get_members($admin)); } } $members = array_unique($members); //Clear the user's menu so it can be regenerated cleanly //FIXME - the cache is not cleared foreach ($members as $account_id) { phpgwapi_cache::user_clear('phpgwapi', 'menu', $account_id); } }