/**
* function to set the different privileges for the CRM
* the privileges are all defined on the profile so loading all the different privileges
* sets the data in the form of an arrray in the persistent user object so that the data is
* available across the CRM in the current session.
* NOTE : any change in the profile permissions would require the user to logout so that on next
* login the new privileges are loaded again and become available for the current session.
* This idea is to ignore same set of queries again and again for each time the privileges are checked
* @see User::eventLogin()
*/
protected function set_user_crm_privileges()
{
$do_roles = new Roles();
//Get the role details of the user
$role_id = $this->idrole;
$this->set_user_role_info($do_roles->get_role_detail($role_id));
// Set the groups to which the user is associated
$do_group_user_rel = new GroupUserRelation();
$this->set_user_associated_to_groups($do_group_user_rel->get_groups_by_user($_SESSION["do_user"]->iduser, array(), true));
// Now lets find the profile and actual permissions set in the profile
$do_profile = new Profile();
$do_role_profile_rel = new RoleProfileRelation();
$do_module_standard_permission = new ModuleStandardPermission();
$do_role_profile_rel->get_pofiles_related_to_role($role_id);
$module_permissions = array();
$module_standard_permissions_per_profile_array = array();
if ($do_role_profile_rel->getNumRows() > 0) {
$associated_profiles = array();
while ($do_role_profile_rel->next()) {
$associated_profiles[] = $do_role_profile_rel->idprofile;
}
// Loading the active modules for the CRM available. The object "do_module" is persistent and is instantiated in module.php
if (!is_object($_SESSION["do_module"])) {
$do_module = new Module();
$do_module->sessionPersistent("do_module", "logout.php", TTL);
$_SESSION["do_module"]->load_active_modules();
}
$active_modules = $_SESSION["do_module"]->get_active_modules_for_crm();
// variables to hold the permissions when user is associated with multiple roles
$profile_standard_permission_rel_previous = array();
$profile_module_rel_previous = array();
foreach ($associated_profiles as $idprofile) {
// Getting all the module standard permissions vailable to the profile
$profile_standard_permission_rel = $do_profile->get_all_module_standard_permissions($idprofile);
// Getting if the module is permitted for the profile
$profile_module_rel = $do_profile->get_all_module_permissions($idprofile);
foreach ($active_modules as $module => $idmodule) {
if (array_key_exists($profile_module_rel[$idmodule], $profile_module_rel)) {
if (count($profile_module_rel_previous) > 0 && array_key_exists($profile_module_rel_previous[$idmodule], $profile_module_rel_previous)) {
if ($profile_module_rel_previous[$idmodule] > $module_permissions[$idmodule]["module_permission"]) {
$module_permissions[$idmodule]["module_permission"] = $profile_module_rel_previous[$idmodule];
} else {
$module_permissions[$idmodule]["module_permission"] = $profile_module_rel[$idmodule];
}
} else {
$module_permissions[$idmodule]["module_permission"] = $profile_module_rel[$idmodule];
}
$profile_module_rel_previous[$idmodule] = $profile_module_rel[$idmodule];
}
// Loading the module standard permissions
$do_module_standard_permission->get_module_standard_permissions($idmodule);
if ($do_module_standard_permission->getNumRows() > 0) {
while ($do_module_standard_permission->next()) {
if (array_key_exists($profile_standard_permission_rel[$idmodule][$do_module_standard_permission->idstandard_permission], $profile_standard_permission_rel)) {
if (count($profile_standard_permission_rel_previous) > 0 && array_key_exists($profile_standard_permission_rel_previous[$idmodule][$do_module_standard_permission->idstandard_permission], $profile_standard_permission_rel_previous)) {
if ($profile_standard_permission_rel_previous[$idmodule][$do_module_standard_permission->idstandard_permission] > $profile_standard_permission_rel[$idmodule][$do_module_standard_permission->idstandard_permission]) {
$module_standard_permissions_per_profile_array[$idmodule][$do_module_standard_permission->idstandard_permission] = $profile_standard_permission_rel_previous[$idmodule][$do_module_standard_permission->idstandard_permission];
} else {
$module_standard_permissions_per_profile_array[$idmodule][$do_module_standard_permission->idstandard_permission] = $profile_standard_permission_rel[$idmodule][$do_module_standard_permission->idstandard_permission];
}
} else {
$module_standard_permissions_per_profile_array[$idmodule][$do_module_standard_permission->idstandard_permission] = $profile_standard_permission_rel[$idmodule][$do_module_standard_permission->idstandard_permission];
}
$profile_standard_permission_rel_previous[$idmodule][$do_module_standard_permission->idstandard_permission] = $profile_standard_permission_rel[$idmodule][$do_module_standard_permission->idstandard_permission];
}
}
} else {
$module_standard_permissions_per_profile_array[$idmodule][2] = 1;
}
}
}
foreach ($module_standard_permissions_per_profile_array as $idmodule => $standard_permissions) {
$module_permissions[$idmodule]["standard_permissions"] = $standard_permissions;
}
}
$this->set_user_module_privileges($module_permissions);
}
<?php
// Copyright SQCRM. For licensing, reuse, modification and distribution see license.txt
/**
* Profile delete page
* @author Abhik Chakraborty
*/
$do_profile = new Profile();
$idprofile = (int) $_GET["idprofile"];
$do_role = new Roles();
$do_role_profile_rel = new RoleProfileRelation();
$allow_role_delete = false;
?>
<div class="container-fluid">
<div class="row-fluid">
<?php
include_once "modules/Settings/settings_leftmenu.php";
?>
<div class="span9" style="margin-left:3px;">
<div class="box_content">
<h3><?php
echo _('Settings');
?>
> <a href="<?php
echo NavigationControl::getNavigationLink($module, "profile_list");
?>
"><?php
echo _('Profile');
?>
</a></h3>
<p><?php
/**
* Event method to update a role and associated profiles
* @param object $evctl
*/
public function eventEditRole(EventControler $evctl)
{
$permission = $_SESSION["do_user"]->is_admin == 1 ? true : false;
if (true === $permission) {
if ($evctl->idrole != '' && $evctl->rolename != '') {
$qry = "\n\t\t\t\tupdate " . $this->getTable() . " \n\t\t\t\tset rolename = ? \n\t\t\t\twhere idrole = ?\n\t\t\t\tlimit 1";
$this->getDbConnection()->executeQuery($qry, array($evctl->rolename, $evctl->idrole));
if (is_array($evctl->select_to) && count($evctl->select_to) > 0) {
$do_role_prof_rel = new RoleProfileRelation();
$do_role_prof_rel->update_profile_related_to_role($evctl->select_to, $evctl->idrole);
}
}
} else {
$_SESSION["do_crm_messages"]->set_message('error', _('You do not have permission to edit record !'));
$next_page = NavigationControl::getNavigationLink("Settings", "index");
$dis = new Display($next_page);
$evctl->setDisplayNext($dis);
}
}
<?php
// Copyright SQCRM. For licensing, reuse, modification and distribution see license.txt
/**
* Profile listing page
* @author Abhik Chakraborty
*/
$do_profile = new Profile();
$do_profile->getAll();
$idrole = $_GET["idrole"];
$do_role = new Roles();
$role_detail = $do_role->get_role_detail($idrole);
$do_role_profile_rel = new RoleProfileRelation();
$do_role_profile_rel->get_pofiles_related_to_role($idrole);
$roles_to_profile = array();
while ($do_role_profile_rel->next()) {
$roles_to_profile[$do_role_profile_rel->idprofile] = $do_role_profile_rel->profilename;
}
?>
<div class="container-fluid">
<div class="row">
<?php
include_once "modules/Settings/settings_leftmenu.php";
?>
<div class="col-md-9">
<div class="box_content">
<ol class="breadcrumb">
<li class="active"><?php
echo _('Settings');
?>
</li>
