/**
* Display rights choice matrix
*
* @since version 0.85
*
* @param $rights array possible:
* 'itemtype' => the type of the item to check (as passed to self::getRightsFor())
* 'rights' => when use of self::getRightsFor() is impossible
* 'label' => the label for the right
* 'field' => the name of the field inside the DB and HTML form (prefixed by '_')
* 'html_field' => when $html_field != '_'.$field
* @param $options array possible:
* 'title' the title of the matrix
* 'canedit'
* 'default_class' the default CSS class used for the row
*
* @return random value used to generate the ids
**/
function displayRightsChoiceMatrix(array $rights, array $options = array())
{
$param = array();
$param['title'] = '';
$param['canedit'] = true;
$param['default_class'] = '';
if (is_array($options) && count($options)) {
foreach ($options as $key => $val) {
$param[$key] = $val;
}
}
// To be completed before display to avoid non available rights in DB
$availablerights = ProfileRight::getAllPossibleRights();
$column_labels = array();
$columns = array();
$rows = array();
foreach ($rights as $info) {
if (is_string($info)) {
$rows[] = $info;
continue;
}
if (is_array($info) && (!empty($info['itemtype']) || !empty($info['rights'])) && !empty($info['label']) && !empty($info['field'])) {
// Add right if it does not exists : security for update
if (!isset($availablerights[$info['field']])) {
ProfileRight::addProfileRights(array($info['field']));
}
$row = array('label' => $info['label'], 'columns' => array());
if (!empty($info['row_class'])) {
$row['class'] = $info['row_class'];
} else {
$row['class'] = $param['default_class'];
}
if (isset($this->fields[$info['field']])) {
$profile_right = $this->fields[$info['field']];
} else {
$profile_right = 0;
}
if (isset($info['rights'])) {
$rights = $info['rights'];
} else {
$rights = self::getRightsFor($info['itemtype']);
}
foreach ($rights as $right => $label) {
if (!isset($column_labels[$right])) {
$column_labels[$right] = array();
}
if (is_array($label)) {
$long_label = $label['long'];
} else {
$long_label = $label;
}
if (!isset($column_labels[$right][$long_label])) {
$column_labels[$right][$long_label] = count($column_labels[$right]);
}
$right_value = $right . '_' . $column_labels[$right][$long_label];
$columns[$right_value] = $label;
$checked = ($profile_right & $right) == $right ? 1 : 0;
$row['columns'][$right_value] = array('checked' => $checked);
if (!$param['canedit']) {
$row['columns'][$right_value]['readonly'] = true;
}
}
if (!empty($info['html_field'])) {
$rows[$info['html_field']] = $row;
} else {
$rows['_' . $info['field']] = $row;
}
}
}
uksort($columns, function ($a, $b) {
$a = explode('_', $a);
$b = explode('_', $b);
// For standard rights sort by right
if ($a[0] < 1024 || $b[0] < 1024) {
if ($a[0] > $b[0]) {
return true;
}
if ($a[0] < $b[0]) {
return false;
}
return $a[1] > $b[1];
// For extra right sort by type
}
return $a[1] > $b[1];
});
return Html::showCheckboxMatrix($columns, $rows, array('title' => $param['title'], 'row_check_all' => count($columns) > 1, 'col_check_all' => count($rows) > 1, 'rotate_column_titles' => false));
}
public static function installRights($first = false)
{
$missing_rights = array();
$installed_rights = ProfileRight::getAllPossibleRights();
$right_names = array();
// Add common plugin's rights
$right_names[] = self::getProfileNameForItemtype('PluginGenericobjectType');
// Add types' rights
$types = PluginGenericobjectType::getTypes(true);
foreach ($types as $_ => $type) {
$itemtype = $type['itemtype'];
$right_names[] = self::getProfileNameForItemtype($itemtype);
}
// Check for already defined rights
foreach ($right_names as $right_name) {
_log($right_name, isset($installed_rights[$right_name]));
if (!isset($installed_rights[$right_name])) {
$missing_rights[] = $right_name;
}
}
//Install missing rights in profile and update the object
if (count($missing_rights) > 0) {
ProfileRight::addProfileRights($missing_rights);
self::changeProfile();
}
}
/**
* Summary of setReadOnlyProfile
* Switches current profile with read-only profile
* Registers a shutdown function to be sure that even in case of die() calls,
* the switch back will be done: to ensure correct reset of normal profile
**/
static function setReadOnlyProfile()
{
global $CFG_GLPI, $_SESSION;
// to prevent double set ReadOnlyProfile
if (!isset($_SESSION['glpilocksavedprofile'])) {
if (isset($CFG_GLPI['lock_lockprofile'])) {
if (!self::$shutdownregistered) {
// this is a security in case of a die that can prevent correct revert of profile
register_shutdown_function(array(__CLASS__, 'revertProfile'));
self::$shutdownregistered = true;
}
$_SESSION['glpilocksavedprofile'] = $_SESSION['glpiactiveprofile'];
$_SESSION['glpiactiveprofile'] = $CFG_GLPI['lock_lockprofile'];
// this mask is mandatory to prevent read of information
// that are not permitted to view by active profile
ProfileRight::getAllPossibleRights();
foreach ($_SESSION['glpi_all_possible_rights'] as $key => $val) {
if (isset($_SESSION['glpilocksavedprofile'][$key])) {
$_SESSION['glpiactiveprofile'][$key] = intval($_SESSION['glpilocksavedprofile'][$key]) & (isset($CFG_GLPI['lock_lockprofile'][$key]) ? intval($CFG_GLPI['lock_lockprofile'][$key]) : 0);
}
}
// don't forget entities
$_SESSION['glpiactiveprofile']['entities'] = $_SESSION['glpilocksavedprofile']['entities'];
}
}
}
