[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Noalyss-commit] [noalyss] 11/30: Remove table priv_user, the local admi
From: |
Dany De Bontridder |
Subject: |
[Noalyss-commit] [noalyss] 11/30: Remove table priv_user, the local admin and plugin user are obsolete |
Date: |
Tue, 02 Jun 2015 22:29:07 +0000 |
sparkyx pushed a commit to branch master
in repository noalyss.
commit 2f023ade2492941f82976944f5e213f29b046bc9
Author: Dany De Bontridder <address@hidden>
Date: Sun May 31 13:21:45 2015 +0200
Remove table priv_user, the local admin and plugin user are obsolete
---
html/do.php | 5 ---
html/js/scripts.js | 6 +++
include/class_dossier.php | 16 ++++-----
include/class_user.php | 78 ++++++++++++++++++++----------------------
include/dossier.inc.php | 2 -
include/extension.inc.php | 55 ------------------------------
include/param_sec.inc.php | 14 +++----
include/user_detail.inc.php | 1 -
8 files changed, 56 insertions(+), 121 deletions(-)
diff --git a/html/do.php b/html/do.php
index c97061c..b61b689 100644
--- a/html/do.php
+++ b/html/do.php
@@ -57,11 +57,6 @@ global $g_user, $cn,$g_parameter;
$cn = new Database(Dossier::id());
$g_user = new User($cn);
-if ($g_user->check_dossier(dossier::id()) == 'P')
-{
- redirect("extension.php?" . dossier::get(), 0);
- exit();
-}
$g_parameter=new Own($cn);
load_all_script();
diff --git a/html/js/scripts.js b/html/js/scripts.js
index e3f1826..3b78e5f 100644
--- a/html/js/scripts.js
+++ b/html/js/scripts.js
@@ -1471,6 +1471,12 @@ function add_menu(obj)
}
);
}
+/**
+ * @brief Display a box to enter data for adding a new plugin from
+ * the CFGMENU
+ * @param {type} p_dossier
+ * @returns {undefined}
+ */
function add_plugin(p_dossier)
{
waiting_box();
diff --git a/include/class_dossier.php b/include/class_dossier.php
index 4cf4ab1..7229fcf 100644
--- a/include/class_dossier.php
+++ b/include/class_dossier.php
@@ -53,12 +53,13 @@ class Dossier
return $_REQUEST['gDossier'];
}
- /*!
- * \param p_type string : all for all dossiers lim for only the
+ /**!
+ * @brief Show the folder where user have access.
+ * @param p_type string : all for all dossiers lim for only the
* dossier where we've got rights
+ * @return nothing
*
- * Show the folder where user have access. Return : nothing
- ++*/
+ */
function show_dossier($p_type,$p_first=0,$p_max=0,$p_Num=0)
{
$l_user=$_SESSION['g_user'];
@@ -81,8 +82,8 @@ class Dossier
$l_sql="select * from jnt_use_dos
natural join ac_dossier
natural join ac_users
- inner join priv_user on priv_jnt=jnt_id where
- use_login='".$l_user."' and priv_priv !='NO'
+ where
+ use_login='".sql_string($l_user)."'
order by dos_name ";
$p_Num=$this->cn->count_sql($l_sql);
}
@@ -120,9 +121,6 @@ class Dossier
left join (select array_to_string(array_agg(dos_name),',') as
ag_dossier,jt.use_id as jt_use_id
from ac_dossier as ds
join jnt_use_dos as jt on (jt.dos_id=ds.dos_id)
- join priv_user as pu on (pu.priv_jnt=jt.jnt_id)
- where
- pu.priv_priv != 'X'
group by jt.use_id) as dossier_name on
(jt_use_id=ac.use_id)
where
use_login!='phpcompta'
diff --git a/include/class_user.php b/include/class_user.php
index b0336e9..87343b7 100644
--- a/include/class_user.php
+++ b/include/class_user.php
@@ -208,12 +208,11 @@ class User
return 'L';
$cn = new Database();
- $sql = "select priv_priv from priv_user join jnt_use_dos on
(jnt_id=priv_jnt) join ac_users using (use_id)
- where use_id=$1 and dos_id=$2";
+ $sql = "select 1 from jnt_use_dos where use_id=$1 and
dos_id=$2";
$res = $cn->get_value($sql, array($this->id, $p_dossier));
- if ($res == '')
- return 'X';
+
+ if ($cn->get_affected()== 0) return 'X';
return $res;
}
@@ -234,11 +233,8 @@ class User
$Res = $cn->exec_sql("insert into
jnt_use_dos(dos_id,use_id) values($1,$2)", array($db_id, $this->id));
$jnt = $cn->get_value("select jnt_id from jnt_use_dos
where dos_id=$1 and use_id=$2", array($db_id, $this->id));
- $Res = $cn->exec_sql("insert into priv_user
(priv_priv,priv_jnt) values($1,$2)", array($priv, $jnt));
}
- $Res = $cn->exec_sql("update priv_user set priv_priv=$1 where
priv_jnt=$2", array($priv, $jnt));
- }
-
+ }
/**
* \brief check that a user is valid and the access to the folder
* \param $p_ledger the ledger to check
@@ -763,6 +759,7 @@ class User
/**
* \brief Check if an user is an local administrator
+ * @deprecated since version 6.7
*
*
* \param $p_dossier : dossier_id
@@ -775,24 +772,20 @@ class User
function is_local_admin($p_dossier = -1)
{
- if ($p_dossier == -1)
- {
- $p_dossier = dossier::id();
- }
-
- if ($this->login == 'admin')
- return 1;
- $sql = 'select priv_priv from ac_users join jnt_use_dos using
(use_id) join priv_user ' .
- ' on ( jnt_use_dos.jnt_id = priv_user.priv_jnt)
' .
- " where priv_priv='L' and use_login='" .
$this->login . "' and dos_id=$p_dossier";
-
- $cn = new Database();
-
- $isAdmin = $cn->count_sql($sql);
-
-
- return $isAdmin;
- }
+ if ($p_dossier==-1)
+ {
+ $p_dossier=dossier::id();
+ }
+
+ if ($this->login=='admin')
+ {
+ return 1;
+ }
+ else
+ {
+ return 0;
+ }
+ }
/**
address@hidden return array of available repository
*
@@ -828,8 +821,9 @@ class User
return $r;
}
/**
- * \brief return an array with all the users who can access $p_dossier
including the global admin. The user
- * must be activated
+ * \brief return an array with all the active users who can access
+ * $p_dossier including the global admin.
+ * The user must be activated
*
* \param $p_dossier dossier
* \return an array of user's object
@@ -846,9 +840,9 @@ class User
{
$sql = "select distinct
use_id,use_login,use_first_name,use_name from ac_users
left outer join jnt_use_dos using (use_id)
- left join priv_user on (priv_jnt=jnt_id)
- where
- (dos_id=$1 or use_admin=1) and use_active=1 and (use_admin=1
or priv_priv <> 'X') order by use_login,use_name";
+ where
+ (dos_id=$1 and use_active=1) or (use_active=1 and use_admin=1)
+ order by use_login,use_name";
$repo = new Database();
@@ -875,7 +869,8 @@ class User
return $this->get_ledger_access($p_jrn);
}
- /**\brief check if an user can access a folder, if he cannot display a
dialog box
+ /**
+ * \brief check if an user can access a folder, if he cannot display a
dialog box
* and exit
* \param the folder if
* \param $silent false, echo an error message and exit, true : exit
without warning
@@ -893,7 +888,7 @@ class User
return 'L';
$cn = new Database();
- $dossier = $cn->get_value("select priv_priv from jnt_use_dos
join priv_user on (priv_jnt=jnt_id) where dos_id=$1 and use_id=$2",
array($p_dossier_id, $this->id));
+ $dossier = $cn->get_value("select 'L' from jnt_use_dos join
where dos_id=$1 and use_id=$2", array($p_dossier_id, $this->id));
$dossier = ($dossier == '') ? 'X' : $dossier;
if ($dossier == 'X')
{
@@ -999,14 +994,15 @@ class User
{
// show only available folders
// if user is not an admin
- $Res = $cn->exec_sql("select distinct
dos_id,dos_name,dos_description from ac_users
- natural join jnt_use_dos
- natural join ac_dossier
- join priv_user on ( priv_jnt=jnt_id)
- where use_active=1
- and use_login= $1
- and priv_priv != 'X' and ( dos_name ~* $2 or dos_description ~*
$2 )
- order by dos_name", array($this->login, $p_filter));
+ $Res = $cn->exec_sql("select distinct
dos_id,dos_name,dos_description
+ from ac_users
+ natural join jnt_use_dos
+ natural join ac_dossier
+ where
+ use_login= $1
+ and use_active = 1
+ and ( dos_name ~* $2 or dos_description ~* $2 )
+ order by dos_name", array($this->login,
$p_filter));
}
else
{
diff --git a/include/dossier.inc.php b/include/dossier.inc.php
index ec7c663..2108dfb 100644
--- a/include/dossier.inc.php
+++ b/include/dossier.inc.php
@@ -367,8 +367,6 @@ if ( $sa == 'remove' )
exit;
}
ob_flush();
- $sql="delete from priv_user where priv_id in (select jnt_id from
jnt_use_dos where dos_id=$1)";
- $cn->exec_sql($sql,array($_REQUEST['d']));
$sql="delete from jnt_use_dos where dos_id=$1";
$cn->exec_sql($sql,array($_REQUEST['d']));
$sql="delete from ac_dossier where dos_id=$1";
diff --git a/include/extension.inc.php b/include/extension.inc.php
deleted file mode 100644
index 97999a4..0000000
--- a/include/extension.inc.php
+++ /dev/null
@@ -1,55 +0,0 @@
-<?php
-/*
- * This file is part of NOALYSS.
- *
- * NOALYSS is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * NOALYSS is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with NOALYSS; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-*/
-
-// Copyright Author Dany De Bontridder address@hidden
-
-/*!\file
- * \brief this file is included from parameters and its purpose is to
- * enable, disable and manage security for the extensions
- *
- * variable :
- * - p_action is ext
- * - sb is nothing vw (view) or save
- * - $cn database connection
- */
-
-if ( ! defined ('ALLOWED') ) die('Appel direct ne sont pas permis');
-require_once('class_extension.php');
-require_once('class_html_input.php');
-require_once('class_ibutton.php');
-require_once('class_ipopup.php');
-
-
-$ipopup=new IPopup('dtext');
-$ipopup->value='';
-$ipopup->title=_('Détail extension');
-echo HtmlInput::hidden('popup','dtext').dossier::hidden();
-echo $ipopup->input();
-
-echo '<div class="content">';
-
-$ext=Extension::listing($cn);
-$new=new IButton('new');
-$new->label=_('Nouvelle extension');
-$new->javascript="new_extension()";
-$str_new=$new->input();
-require_once('template/extension.php');
-
-
-echo '</div>';
diff --git a/include/param_sec.inc.php b/include/param_sec.inc.php
index 9ee99b3..8363c80 100644
--- a/include/param_sec.inc.php
+++ b/include/param_sec.inc.php
@@ -61,16 +61,14 @@ if ( ! isset($_REQUEST['action']))
$repo=new Database();
- /* Show all the users, included local admin */
+ /* Show all the active users, including admin */
$user_sql = $repo->exec_sql("select use_id,
use_first_name,
use_name,
use_login,
- use_admin,
- priv_priv
- from ac_users natural join
jnt_use_dos " .
- " join priv_user on
(jnt_id=priv_jnt)
- where use_login != 'phpcompta' and
priv_priv <> 'X' and use_active=1
+ use_admin
+ from ac_users natural join
jnt_use_dos
+ where use_login != 'phpcompta' and
use_active=1
and dos_id=$1 " . $ord_sql,
array($gDossier));
$MaxUser = Database::num_row($user_sql);
@@ -89,8 +87,8 @@ if ( ! isset($_REQUEST['action']))
$l_line=Database::fetch_array($user_sql,$i);
- $str="";
- $str=($l_line['priv_priv'] == 'R')?'Utilisateur Normal':$str;
+ $str="";
+ $str='Utilisateur Normal';
if ( $l_line['use_admin'] == 1 )
$str=' Administrateur global';
diff --git a/include/user_detail.inc.php b/include/user_detail.inc.php
index 9905dec..93a29b8 100644
--- a/include/user_detail.inc.php
+++ b/include/user_detail.inc.php
@@ -100,7 +100,6 @@ else
if (isset($_POST["DELETE"]))
{
$cn = new Database();
- $Res = $cn->exec_sql("delete from priv_user where priv_jnt in ( select
jnt_id from jnt_use_dos where use_id=$1)", array($uid));
$Res = $cn->exec_sql("delete from jnt_use_dos where use_id=$1",
array($uid));
$Res = $cn->exec_sql("delete from ac_users where use_id=$1",
array($uid));
- [Noalyss-commit] [noalyss] 03/30: Merge tag 'rel6803', (continued)
- [Noalyss-commit] [noalyss] 03/30: Merge tag 'rel6803', Dany De Bontridder, 2015/06/02
- [Noalyss-commit] [noalyss] 02/30: Task #1123 - Visualisation/présentation de la balance: SOLDE #1123 : PRINTBAL ajout du solde quand on utilise les sous-niveaux, Dany De Bontridder, 2015/06/02
- [Noalyss-commit] [noalyss] 05/30: Icon in the menu, Dany De Bontridder, 2015/06/02
- [Noalyss-commit] [noalyss] 06/30: #1118 : partage de note Esthétique Zoom des notes partagées, Dany De Bontridder, 2015/06/02
- [Noalyss-commit] [noalyss] 04/30: Icon in the menu, Dany De Bontridder, 2015/06/02
- [Noalyss-commit] [noalyss] 07/30: Improve method HtmlInput::title_box, Dany De Bontridder, 2015/06/02
- [Noalyss-commit] [noalyss] 08/30: #1118 : partage de note Ne peut partager note non sauvée, Dany De Bontridder, 2015/06/02
- [Noalyss-commit] [noalyss] 09/30: #1118 : partage de note Esthétique zoom, Dany De Bontridder, 2015/06/02
- [Noalyss-commit] [noalyss] 10/30: Database improve : new function get_affected returns the number of rows affected by the last query, Dany De Bontridder, 2015/06/02
- [Noalyss-commit] [noalyss] 13/30: Administration user : add condition if no folder exists + esthetic, Dany De Bontridder, 2015/06/02
- [Noalyss-commit] [noalyss] 11/30: Remove table priv_user, the local admin and plugin user are obsolete,
Dany De Bontridder <=
- [Noalyss-commit] [noalyss] 16/30: Administration user : esthetic, Dany De Bontridder, 2015/06/02
- [Noalyss-commit] [noalyss] 14/30: Administration user : add condition if no folder exists + esthetic, Dany De Bontridder, 2015/06/02
- [Noalyss-commit] [noalyss] 15/30: Administration user : esthetic + rewrite add user Correct bug : ajax_admin.js, Dany De Bontridder, 2015/06/02
- [Noalyss-commit] [noalyss] 17/30: Administration user : esthetic, Dany De Bontridder, 2015/06/02
- [Noalyss-commit] [noalyss] 18/30: HtmlInput : add a new function to create an empty anchor, Dany De Bontridder, 2015/06/02
- [Noalyss-commit] [noalyss] 12/30: Administration user : Add / remove right on folder in ajax, Dany De Bontridder, 2015/06/02
- [Noalyss-commit] [noalyss] 19/30: HtmlInput :: anchor_empty add a title, Dany De Bontridder, 2015/06/02
- [Noalyss-commit] [noalyss] 20/30: Message when no financial ledger are found, Dany De Bontridder, 2015/06/02
- [Noalyss-commit] [noalyss] 21/30: Message when no financial ledger are found, Dany De Bontridder, 2015/06/02
- [Noalyss-commit] [noalyss] 22/30: Fix bug in authentication for normal user, Dany De Bontridder, 2015/06/02