/** * Display rights choice matrix * * @since version 0.85 * * @param $rights array possible: * 'itemtype' => the type of the item to check (as passed to self::getRightsFor()) * 'rights' => when use of self::getRightsFor() is impossible * 'label' => the label for the right * 'field' => the name of the field inside the DB and HTML form (prefixed by '_') * 'html_field' => when $html_field != '_'.$field * @param $options array possible: * 'title' the title of the matrix * 'canedit' * 'default_class' the default CSS class used for the row * * @return random value used to generate the ids **/ function displayRightsChoiceMatrix(array $rights, array $options = array()) { $param = array(); $param['title'] = ''; $param['canedit'] = true; $param['default_class'] = ''; if (is_array($options) && count($options)) { foreach ($options as $key => $val) { $param[$key] = $val; } } // To be completed before display to avoid non available rights in DB $availablerights = ProfileRight::getAllPossibleRights(); $column_labels = array(); $columns = array(); $rows = array(); foreach ($rights as $info) { if (is_string($info)) { $rows[] = $info; continue; } if (is_array($info) && (!empty($info['itemtype']) || !empty($info['rights'])) && !empty($info['label']) && !empty($info['field'])) { // Add right if it does not exists : security for update if (!isset($availablerights[$info['field']])) { ProfileRight::addProfileRights(array($info['field'])); } $row = array('label' => $info['label'], 'columns' => array()); if (!empty($info['row_class'])) { $row['class'] = $info['row_class']; } else { $row['class'] = $param['default_class']; } if (isset($this->fields[$info['field']])) { $profile_right = $this->fields[$info['field']]; } else { $profile_right = 0; } if (isset($info['rights'])) { $rights = $info['rights']; } else { $rights = self::getRightsFor($info['itemtype']); } foreach ($rights as $right => $label) { if (!isset($column_labels[$right])) { $column_labels[$right] = array(); } if (is_array($label)) { $long_label = $label['long']; } else { $long_label = $label; } if (!isset($column_labels[$right][$long_label])) { $column_labels[$right][$long_label] = count($column_labels[$right]); } $right_value = $right . '_' . $column_labels[$right][$long_label]; $columns[$right_value] = $label; $checked = ($profile_right & $right) == $right ? 1 : 0; $row['columns'][$right_value] = array('checked' => $checked); if (!$param['canedit']) { $row['columns'][$right_value]['readonly'] = true; } } if (!empty($info['html_field'])) { $rows[$info['html_field']] = $row; } else { $rows['_' . $info['field']] = $row; } } } uksort($columns, function ($a, $b) { $a = explode('_', $a); $b = explode('_', $b); // For standard rights sort by right if ($a[0] < 1024 || $b[0] < 1024) { if ($a[0] > $b[0]) { return true; } if ($a[0] < $b[0]) { return false; } return $a[1] > $b[1]; // For extra right sort by type } return $a[1] > $b[1]; }); return Html::showCheckboxMatrix($columns, $rows, array('title' => $param['title'], 'row_check_all' => count($columns) > 1, 'col_check_all' => count($rows) > 1, 'rotate_column_titles' => false)); }
public static function installRights($first = false) { $missing_rights = array(); $installed_rights = ProfileRight::getAllPossibleRights(); $right_names = array(); // Add common plugin's rights $right_names[] = self::getProfileNameForItemtype('PluginGenericobjectType'); // Add types' rights $types = PluginGenericobjectType::getTypes(true); foreach ($types as $_ => $type) { $itemtype = $type['itemtype']; $right_names[] = self::getProfileNameForItemtype($itemtype); } // Check for already defined rights foreach ($right_names as $right_name) { _log($right_name, isset($installed_rights[$right_name])); if (!isset($installed_rights[$right_name])) { $missing_rights[] = $right_name; } } //Install missing rights in profile and update the object if (count($missing_rights) > 0) { ProfileRight::addProfileRights($missing_rights); self::changeProfile(); } }
/** * Summary of setReadOnlyProfile * Switches current profile with read-only profile * Registers a shutdown function to be sure that even in case of die() calls, * the switch back will be done: to ensure correct reset of normal profile **/ static function setReadOnlyProfile() { global $CFG_GLPI, $_SESSION; // to prevent double set ReadOnlyProfile if (!isset($_SESSION['glpilocksavedprofile'])) { if (isset($CFG_GLPI['lock_lockprofile'])) { if (!self::$shutdownregistered) { // this is a security in case of a die that can prevent correct revert of profile register_shutdown_function(array(__CLASS__, 'revertProfile')); self::$shutdownregistered = true; } $_SESSION['glpilocksavedprofile'] = $_SESSION['glpiactiveprofile']; $_SESSION['glpiactiveprofile'] = $CFG_GLPI['lock_lockprofile']; // this mask is mandatory to prevent read of information // that are not permitted to view by active profile ProfileRight::getAllPossibleRights(); foreach ($_SESSION['glpi_all_possible_rights'] as $key => $val) { if (isset($_SESSION['glpilocksavedprofile'][$key])) { $_SESSION['glpiactiveprofile'][$key] = intval($_SESSION['glpilocksavedprofile'][$key]) & (isset($CFG_GLPI['lock_lockprofile'][$key]) ? intval($CFG_GLPI['lock_lockprofile'][$key]) : 0); } } // don't forget entities $_SESSION['glpiactiveprofile']['entities'] = $_SESSION['glpilocksavedprofile']['entities']; } } }