noalyss Version-9
NOALYSS : serveur de comptabilité et ERP (2002)
Loading...
Searching...
No Matches
ajax_user_security.php
Go to the documentation of this file.
1<?php
2
3/*
4 * This file is part of NOALYSS.
5 *
6 * PhpCompta is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * NOALYSS is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with PhpCompta; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 */
20// Copyright (2016) Author Dany De Bontridder <dany@alchimerys.be>
21
22if (!defined('ALLOWED'))
23 die('Appel direct ne sont pas permis');
24
25
26
27/**
28 * @file
29 * @brief Manage the security of a ledger , from C0SEC module
30 *
31 */
32 global $g_user;
33 if ($g_user->check_module("C0SEC") == 0) {
34 record_log("UNAUTHORIZED ACCESS");
35 return;
36}
37
38$n_dossier_id=Dossier::id();
39//-----------------------------------------------------------------------------
40// Manage the user's access to ledgers
41//-----------------------------------------------------------------------------
42if ($op=="ledger_access")
43{
44 $input=$http->request("input");
45 $action=$http->request("ieaction", "string", "display");
46 $user_id=$http->post("user_id", "number");
47 $jrn_def_id=$http->post("jrn_def_id", "number");
48 if ($action=="display")
49 {
50 $ie_input=Inplace_Edit::build($input);
51 $ie_input->set_callback("ajax_misc.php");
52 $ie_input->add_json_param("jrn_def_id", $jrn_def_id);
53 $ie_input->add_json_param("op", "ledger_access");
54 $ie_input->add_json_param("gDossier", $n_dossier_id);
55 $ie_input->add_json_param("user_id", $user_id);
56 echo $ie_input->ajax_input();
57 return;
58 }
59 if ($action=="ok")
60 {
61 $value=$http->post("value");
62 $ie_input=Inplace_Edit::build($input);
63 $ie_input->set_callback("ajax_misc.php");
64 $ie_input->add_json_param("jrn_def_id", $jrn_def_id);
65 $ie_input->add_json_param("op", "ledger_access");
66 $ie_input->add_json_param("gDossier", $n_dossier_id);
67 $ie_input->add_json_param("user_id", $user_id);
68 $ie_input->set_value($value);
69 $sec_User=new Noalyss_User($cn, $user_id);
70 $count=$cn->get_value('select count(*) from user_sec_jrn where uj_login=$1 '.
71 ' and uj_jrn_id=$2', array($sec_User->login, $jrn_def_id));
72 if ($count==0)
73 {
74 $cn->exec_sql('insert into user_sec_jrn (uj_login,uj_jrn_id,uj_priv)'.
75 ' values ($1,$2,$3)',
76 array($sec_User->login, $jrn_def_id, $value));
77 }
78 else
79 {
80 $cn->exec_sql('update user_sec_jrn set uj_priv=$1 where uj_login=$2 and uj_jrn_id=$3',
81 array($value, $sec_User->login, $jrn_def_id));
82 }
83 echo $ie_input->value();
84 return;
85 }
86 if ($action=="cancel")
87 {
88 $ie_input=Inplace_Edit::build($input);
89 $ie_input->set_callback("ajax_misc.php");
90 $ie_input->add_json_param("jrn_def_id", $jrn_def_id);
91 $ie_input->add_json_param("op", "ledger_access");
92 $ie_input->add_json_param("gDossier", $n_dossier_id);
93 $ie_input->add_json_param("user_id", $user_id);
94 echo $ie_input->value();
95 return;
96 }
97}
98//-----------------------------------------------------------------------------
99// Set the user's profile
100//-----------------------------------------------------------------------------
101if ($op=="profile")
102{
103 $input=$http->request("input");
104 $action=$http->request("ieaction", "string", "display");
105 $user_id=$http->post("user_id", "number");
106 $profile_id=$http->post("profile_id");
107 if ($action=="display")
108 {
109 $ie_input=Inplace_Edit::build($input);
110 $ie_input->set_callback("ajax_misc.php");
111 $ie_input->add_json_param("profile_id", $profile_id);
112 $ie_input->add_json_param("op", "profile");
113 $ie_input->add_json_param("gDossier", $n_dossier_id);
114 $ie_input->add_json_param("user_id", $user_id);
115 echo $ie_input->ajax_input();
116 return;
117 }
118 if ($action=="ok")
119 {
120 $value=$http->post("value");
121 // save profile
122 $sec_User=new Noalyss_User($cn, $user_id);
123 if ( $value > 0) {
124 $sec_User->save_profile($value);
125 }
126 $ie_input=Inplace_Edit::build($input);
127 $ie_input->set_callback("ajax_misc.php");
128 $ie_input->add_json_param("op", "profile");
129 $ie_input->add_json_param("profile_id", $profile_id);
130 $ie_input->add_json_param("gDossier", $n_dossier_id);
131 $ie_input->add_json_param("user_id", $user_id);
132 $ie_input->set_value($value);
133
134 echo $ie_input->value();
135 return;
136 }
137 if ($action=="cancel")
138 {
139 $ie_input=Inplace_Edit::build($input);
140 $ie_input->set_callback("ajax_misc.php");
141 $ie_input->add_json_param("op", "profile");
142 $ie_input->add_json_param("gDossier", $n_dossier_id);
143 $ie_input->add_json_param("profile_id", $profile_id);
144 $ie_input->add_json_param("user_id", $user_id);
145 echo $ie_input->value();
146 return;
147 }
148}
149//------------------------------------------------------------------------------
150// Update in once all the ledger access for an user
151//------------------------------------------------------------------------------
152if ($op=='ledger_access_all')
153{
154 // Find the login
155 $user_id=$http->post("user_id", "number");
156 $access=$http->post("access");
157 if ($access!="W"&&$access!="X"&&$access!="R")
158 die("Invalid access");
159 $sec_User=new Noalyss_User($cn, $user_id);
160 // Insert all the existing ledgers to user_sec_jrn
161 $sql="insert into user_sec_jrn(
162 uj_jrn_id,
163 uj_login,
164 uj_priv
165 ) select jrn_def_id,$1,'X'
166 from
167 jrn_def
168 where
169 not exists(select 1
170 from
171 user_sec_jrn
172 where
173 uj_jrn_id = jrn_def_id
174 and uj_login = $1
175 )";
176 $cn->exec_sql($sql, array($sec_User->login));
177 $cn->exec_sql('update user_sec_jrn set uj_priv=$1 where uj_login=$2',
178 array($access, $sec_User->login));
179 return;
180}
181//------------------------------------------------------------------------------
182// Set on or off the action
183//------------------------------------------------------------------------------
184if ($op=="action_access")
185{
186 $action_id=$http->get("ac_id", "number");
187 $user_id=$http->get("user_id","number");
188 $sec_User=new Noalyss_User($cn, $user_id);
189
190 $right=$sec_User->check_action($action_id);
191 $is_switch=new Inplace_Switch("action".$action_id,0);
192 if ($right==1)
193 {
194 $cn->exec_sql("delete from user_sec_act where ua_act_id=$1 and ua_login=$2",
195 array($action_id, $sec_User->login));
196 echo $is_switch->get_iconoff();
197 } else {
198 $cn->exec_sql('insert into user_sec_act (ua_login,ua_act_id)'.
199 ' values ($1,$2)',
200 array($sec_User->login,$action_id));
201 echo $is_switch->get_iconon();
202 }
203
204
205
206}
207//----------------------------------------------------------------------------
208// Set all the actions
209//----------------------------------------------------------------------------
210if ($op=="action_access_all")
211{
212 $user_id=$http->get("user_id","number");
213 $access=$http->get("access","number");
214 $sec_User=new Noalyss_User($cn, $user_id);
215 if ( $access==0) {
216 $cn->exec_sql("delete from user_sec_act where ua_login=$1",array($sec_User->login));
217 }
218 if ( $access==1) {
219 $cn->exec_sql("
220 insert into user_sec_act(ua_login,ua_act_id) select $1,ac_id from action where not exists(select 1 from user_sec_act where ua_login=$1 and ua_act_id=ac_id)",
221 array($sec_User->login));
222 }
223
224}
225//----------------------------------------------------------------------------
226// Enable or disable security on ledger
227//----------------------------------------------------------------------------
228if ($op=="user_sec_ledger")
229{
230 $user_id=$http->get("user_id", "number");
231 $value=$http->get("value", "number");
232 $sec_user=new Noalyss_User($cn, $user_id);
233 $status_sec_ledger=$sec_user->get_status_security_ledger();
234 $sec_ledger=new Inplace_Switch("sec_ledger", $status_sec_ledger);
235 $sec_ledger->set_callback("ajax_misc.php");
236 $sec_ledger->add_json_param("gDossier", $n_dossier_id);
237 $sec_ledger->add_json_param("user_id", $user_id);
238 $sec_ledger->add_json_param("op", "user_sec_ledger");
239 if ($sec_user->get_status_security_ledger()==1||$sec_user->Admin()==1)
240 {
241 $sec_user->set_status_security_ledger(0);
242 echo $sec_ledger->get_iconoff();
243 }else {
244 $sec_user->set_status_security_ledger(1);
245 echo $sec_ledger->get_iconon();
246
247 }
248}
249//----------------------------------------------------------------------------
250// Enable or disable security on action
251//----------------------------------------------------------------------------
252if ($op=="user_sec_action")
253{
254 $user_id=$http->get("user_id", "number");
255 $value=$http->get("value", "number");
256 $sec_user=new Noalyss_User($cn, $user_id);
257 $status_sec_action=$sec_user->get_status_security_action();
258 $sec_action=new Inplace_Switch("sec_action", $status_sec_action);
259 $sec_action->set_callback("ajax_misc.php");
260 $sec_action->add_json_param("gDossier", $n_dossier_id);
261 $sec_action->add_json_param("user_id", $user_id);
262 $sec_action->add_json_param("op", "user_sec_action");
263 if ($sec_user->get_status_security_action()==1||$sec_user->Admin()==1)
264 {
265 $sec_user->set_status_security_action(0);
266 echo $sec_action->get_iconoff();
267 }else {
268 $sec_user->set_status_security_action(1);
269 echo $sec_action->get_iconon();
270
271 }
272}
record_log($p_message)
Record an error message into the log file of the server or in the log folder of NOALYSS Record also t...
global $g_user
if no group available , then stop
$op
if($ledger=="") $access
if($g_user->check_module("C0SEC")==0) $n_dossier_id
static build($p_serialize)
build a Inplace_Edit object from a serialized string (ajax json parameter = input)
A switch let you switch between 2 values : 0 and 1, it is used to replace the check.
Data & function about connected users.
$count