noalyss-commit
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Noalyss-commit] [noalyss] 12/30: Administration user : Add / remove rig


From: Dany De Bontridder
Subject: [Noalyss-commit] [noalyss] 12/30: Administration user : Add / remove right on folder in ajax
Date: Tue, 02 Jun 2015 22:29:07 +0000

sparkyx pushed a commit to branch master
in repository noalyss.

commit 7075058c7bccbe2162f39765bece1cce28093ba1
Author: Dany De Bontridder <address@hidden>
Date:   Mon Jun 1 20:47:16 2015 +0200

    Administration user  : Add  / remove right on folder in ajax
---
 html/admin_repo.php                 |    1 +
 html/ajax_misc.php                  |   35 ++++++++-
 html/js/admin.js                    |  131 +++++++++++++++++++++++++++++++++++
 include/class_dossier.php           |   69 ++++++++++--------
 include/class_user.php              |   51 ++++++++------
 include/template/folder_display.php |   67 ++++++++++++++++++
 include/user_detail.inc.php         |  106 +++++++++++++++-------------
 7 files changed, 355 insertions(+), 105 deletions(-)

diff --git a/html/admin_repo.php b/html/admin_repo.php
index 2141a5e..e2fa577 100644
--- a/html/admin_repo.php
+++ b/html/admin_repo.php
@@ -52,6 +52,7 @@ define('ALLOWED',true);
 <?php
 if ( isset ($_REQUEST["action"]) )
 {
+    echo js_include("admin.js");
     if ( $_REQUEST["action"]=="user_mgt" )
     {
         
//----------------------------------------------------------------------
diff --git a/html/ajax_misc.php b/html/ajax_misc.php
index bde0db1..0136470 100644
--- a/html/ajax_misc.php
+++ b/html/ajax_misc.php
@@ -61,12 +61,23 @@ if ($cont != 0)
 extract($_REQUEST);
 set_language();
 global $g_user, $cn, $g_parameter;
-$cn = new Database($gDossier);
-$g_user = new User($cn);
-$g_user->check(true);
-$g_user->check_dossier($gDossier, true);
+//
+// If database id == 0 then we are not connected to a folder 
+// but to the administration
+// 
 if ($gDossier<>0) {
+    $cn = new Database($gDossier);
     $g_parameter=new Own($cn);
+    $g_user = new User($cn);
+    $g_user->check(true);
+    $g_user->check_dossier($gDossier, true);
+}
+else
+{
+    // connect to repository
+    $cn=new Database(); 
+    $g_user = new User($cn);
+    $g_user->check(true);
 }
 $html = var_export($_REQUEST, true);
 
@@ -673,6 +684,22 @@ EOF;
              */
             require_once 'ajax_account_update.php';
             break;
+        // From admin, revoke the access to a folder from an
+        // user
+        case 'folder_remove':
+            require_once 'ajax_admin.php';
+            break;
+        // From admin, display a list of folder to which the user has 
+        // no access
+        case 'folder_display':
+            require_once 'ajax_admin.php';
+            break;
+        // From admin, grant the access to a folder to an
+        // user
+        case 'folder_add':
+            require_once 'ajax_admin.php';
+            break;
+            
        default:
                var_dump($_GET);
 }
diff --git a/html/js/admin.js b/html/js/admin.js
new file mode 100644
index 0000000..80b01e5
--- /dev/null
+++ b/html/js/admin.js
@@ -0,0 +1,131 @@
+/* 
+ * Copyright (C) 2015 Dany De Bontridder <address@hidden>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+/**
+ * Display the forbidden folders if the request comes from a form
+ * with an input text (id:database_filter_input) then this text is 
+ * used as a filter
+ * @param {type} p_user : the user id
+ * @returns nothing
+ */
+function folder_display(p_user)
+{
+    /**
+     * If form exist and there is something
+     * 
+     */
+    var p_filter = "";
+    if ($('database_filter_input')) {
+        console.log($('database_filter_input').value);
+        p_filter = $('database_filter_input').value;
+    }
+    /*
+     * Ajax request to display the folder
+     */
+    new Ajax.Request('ajax_misc.php', {
+        method: "get",
+        parameters: {"p_user": p_user, "op": "folder_display", "p_filter": 
p_filter, 'gDossier': 0},
+        onSuccess: function (p_xml) {
+            // table id = database_list
+            var folder = {};
+            var create = false;
+            if (!$('folder_list_div')) {
+                folder = create_div({'id': 'folder_list_div', 'cssclass': 
"inner_box", 'style': 'width:90%,right:5%;top:100px;display:block'});
+                create = true;
+            }
+            folder = $('folder_list_div');
+            // Analyze XML answer 
+            var answer = p_xml.responseXML;
+            var a = answer.getElementsByTagName('status');
+            var html = answer.getElementsByTagName('content');
+            if (a.length == 0) {
+                var rec = req.responseText;
+                alert('erreur :' + rec);
+            }
+
+            var content = getNodeText(html[0]);
+            // fill up the div
+            folder.innerHTML = unescape_xml(content);
+
+            // show it
+            folder.show();
+            $('database_filter_input').focus();
+        }
+    });
+}
+/**
+ * Remove the grant for an user to the given database id
+ * @param {integer} p_user use_id  id of the user
+ * @param {integer} p_dossier id of the database
+ * @returns nothing
+ */
+function folder_remove(p_user,p_dossier )
+{
+    if ( ! confirm('Confirmer')) return;
+    waiting_box();
+    new Ajax.Request('ajax_misc.php', {
+        method: "get",
+        parameters: {"p_user": p_user, 'p_dossier': p_dossier, "op": 
"folder_remove", 'gDossier': 0},
+        onSuccess: function (p_xml) {
+            // table id = database_list
+            $('row'+p_dossier).hide();
+            remove_waiting_box();
+        }
+    });
+}
+
+/**
+ * Grant the access to a folder for a given user and add a row in the table 
+ * (id : database_list)
+ * @param {integer} p_user use_id  id of the user
+ * @param {integer} p_dossier id of the database
+ * @returns {undefined}
+ */
+function folder_add(p_user, p_dossier)
+{
+    waiting_box();
+    new Ajax.Request('ajax_misc.php', {
+        method: "get",
+        parameters: {"p_user": p_user, 'p_dossier': p_dossier, "op": 
"folder_add", 'gDossier': 0},
+        onSuccess: function (p_xml) {
+            // table id = database_list
+            // Analyze XML answer 
+            var answer = p_xml.responseXML;
+            var a = answer.getElementsByTagName('status');
+            var html = answer.getElementsByTagName('content');
+            if (a.length == 0) {
+                var rec = req.responseText;
+                alert('erreur :' + rec);
+            }
+
+            var content = getNodeText(html[0]);
+            var nb = $('database_list').rows.length + 1;
+            var row = new Element('tr', {'id': 'row' + p_dossier});
+            if (nb % 2 == 0) {
+                row.addClassName('odd');
+            } else {
+                row.addClassName('even');
+            }
+            row.innerHTML = unescape_xml(content);
+            $('database_list').appendChild(row);
+            $('row_db_'+p_dossier).hide();
+            remove_waiting_box();
+        }
+    });
+
+}
\ No newline at end of file
diff --git a/include/class_dossier.php b/include/class_dossier.php
index 7229fcf..81559a1 100644
--- a/include/class_dossier.php
+++ b/include/class_dossier.php
@@ -53,51 +53,60 @@ class Dossier
         return $_REQUEST['gDossier'];
     }
 
-    /**!
+    /**
      * @brief Show the folder where user have access. 
-     * @param  p_type string : all for all dossiers lim for only the
-     *             dossier where we've got rights
+     * @param  p_type string   
+       - A for all dossiers 
+       - R for accessible folders
+       - X forbidden folders
+     * @param p_login is the user name
+     * @param p_text is a part of the name where are looking for
      * @return     nothing
      *
      */
-    function show_dossier($p_type,$p_first=0,$p_max=0,$p_Num=0)
+    static function show_dossier($p_type,$p_login="",$p_text="",$limit=0)
     {
-        $l_user=$_SESSION['g_user'];
-        if ( $p_max == 0 )
-        {
-            $l_step="";
-        }
-        else
-        {
-            $l_step="LIMIT $p_max OFFSET $p_first";
-        }
-
-        if ( $p_type == "all")
+        $cn=new Database();
+        $str_limit=($limit==0)?'':' limit '.$limit;
+        if ( $p_type == "A")
         {
-            $l_sql="select *, 'W' as priv_priv from ac_dossier ORDER BY 
dos_name  ";
-            $p_Num=$this->cn->count_sql($l_sql);
+            $l_sql="select *, 'W' as priv_priv from ac_dossier where dos_name 
~* $2 or dos_description ~* $2 ORDER BY dos_name $str_limit  ";
+            $a_row=$cn->get_array($l_sql,$p_text);
+            return $a_row;
         }
-        else
+        else if ($p_type == "R")
         {
             $l_sql="select * from jnt_use_dos
                    natural join ac_dossier
                    natural join ac_users
                    where
-                   use_login='".sql_string($l_user)."'
-                   order by dos_name ";
-            $p_Num=$this->cn->count_sql($l_sql);
-        }
-        $l_sql=$l_sql.$l_step;
-        $p_res=$this->cn->exec_sql($l_sql);
-
-
-        $Max=$this->cn->size();
-        if ( $Max == 0 ) return null;
-        for ( $i=0;$i<$Max; $i++)
+                   use_login=$1
+                   and ( dos_name ~* $2 or dos_description ~* $2)
+                   
+                   order by dos_name 
+                   $str_limit
+                   ";
+            
+            $a_row=$cn->get_array($l_sql,array($p_login,$p_text));
+            return $a_row;
+
+        } 
+        else  if ($p_type == 'X')
         {
-         $row[]=$this->cn->fetch($i);
+            $l_sql=' select * from ac_dossier where dos_id not in 
+                  (select dos_id from jnt_use_dos where use_id=$1)
+                  and ( dos_name ~* $2 or dos_description ~* $2)
+                  order by dos_name '.$str_limit;
+            $a_row=$cn->get_array($l_sql,array($p_login,$p_text));
+            return $a_row;
+
         }
-        return $row;
+        else
+        {
+            throw new Exception (_("Erreur paramètre"));
+        } 
+        
+       
     }
 
     /*!
diff --git a/include/class_user.php b/include/class_user.php
index 87343b7..2e9f408 100644
--- a/include/class_user.php
+++ b/include/class_user.php
@@ -195,7 +195,7 @@ class User
         * \return the priv_priv
         *          - X no access
         *          - R has access (normal user)
-        *          - L Local Admin
+        
         *
         */
 
@@ -204,11 +204,10 @@ class User
 
                if ($p_dossier == 0)
                        $p_dossier = dossier::id();
-               if ($this->is_local_admin($p_dossier) == 1 || $this->admin == 1)
-                       return 'L';
+               if ($this->admin == 1)          return 'R';
                $cn = new Database();
 
-               $sql = "select 1 from jnt_use_dos where use_id=$1 and 
dos_id=$2";
+               $sql = "select 'R' from jnt_use_dos where use_id=$1 and 
dos_id=$2";
 
                $res = $cn->get_value($sql, array($this->id, $p_dossier));
                 
@@ -219,23 +218,32 @@ class User
        /**
          * \brief save the access of a folder
         * \param $db_id the dossier id
-        * \param $priv the priv. to set
+        * \param $priv boolean, true then it is granted, false it is removed
         */
 
        function set_folder_access($db_id, $priv)
-       {
+        {
 
-               $cn = new Database();
-               $jnt = $cn->get_value("select jnt_id from jnt_use_dos where 
dos_id=$1 and use_id=$2", array($db_id, $this->id));
+            $cn=new Database();
+            if ($priv)
+            {
+                // the access is granted
+                $jnt=$cn->get_value("select jnt_id from jnt_use_dos where 
dos_id=$1 and use_id=$2", array($db_id, $this->id));
 
-               if ($cn->size() == 0)
-               {
+                if ($cn->size()==0)
+                {
 
-                       $Res = $cn->exec_sql("insert into 
jnt_use_dos(dos_id,use_id) values($1,$2)", array($db_id, $this->id));
-                       $jnt = $cn->get_value("select jnt_id from jnt_use_dos 
where dos_id=$1 and use_id=$2", array($db_id, $this->id));
-               }
+                    $Res=$cn->exec_sql("insert into jnt_use_dos(dos_id,use_id) 
values($1,$2)", array($db_id, $this->id));
+                }
+            } 
+            else 
+            {
+                // Access is revoked
+                $cn->exec_sql('delete from jnt_use_dos where use_id  = $1 and 
dos_id = $2 ', array($this->id, $db_id));
+            }
         }
-       /**
+
+    /**
          * \brief check that a user is valid and the access to the folder
         * \param $p_ledger the ledger to check
         * \return the priv_priv
@@ -711,10 +719,10 @@ class User
        }
 
        /**
-        *  !\brief Check if the user can print (in menu_ref p_type_display=p)
+        address@hidden Check if the user can print (in menu_ref 
p_type_display=p)
         *      otherwise warn and exit
-        * \param $p_action requested action
-        * \return nothing the program exits automatically
+        * @param $p_action requested action
+        * @return nothing the program exits automatically
         */
        function check_print($p_action)
        {
@@ -722,8 +730,7 @@ class User
                $this->audit('AUDIT', $p_action);
                if ($this->Admin() == 1)
                        return 1;
-               if ($this->is_local_admin(dossier::id()) == 1)
-                       return 1;
+               
                $res = $cn->get_value("select count(*) from profile_menu
                        join profile_user using (p_id)
                        where user_name=$1 and me_code=$2 ", 
array($this->login, $p_action));
diff --git a/include/template/folder_display.php 
b/include/template/folder_display.php
new file mode 100644
index 0000000..fa52a85
--- /dev/null
+++ b/include/template/folder_display.php
@@ -0,0 +1,67 @@
+<?php
+/*
+ * * Copyright (C) 2015 Dany De Bontridder <address@hidden>
+*
+* This program is free software; you can redistribute it and/or
+* modify it under the terms of the GNU General Public License
+* as published by the Free Software Foundation; either version 2
+* of the License, or (at your option) any later version.
+*
+* This program is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with this program; if not, write to the Free Software
+* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+
+ * 
+ */
+
+
+/**
+ * @file
+ * @brief  display the folders the user has no access and permit to add them 
+ * thanks ajax call. 
+ * 
+ * The received parameter  are 
+ *  - $a_dossier, the result of   Dossier::show_dossier
+ *  - $user_id id of the user
+ * 
+ */
+echo js_include('admin.js');
+if ( count($a_dossier) == 0 ) 
+{
+    echo '<h1 class="notice">'._('Aucun dossier à afficher').'</h1>';
+    return;
+}
+?>
+<table class="result">
+<?php
+$nb_dossier=count($a_dossier);
+for ($i=0;$i<$nb_dossier;$i++):
+    $class=($i%2==0)?"even":"odd";
+?>
+    <tr id="row_db_<?php echo $a_dossier[$i]['dos_id'];?>" class="<?php echo 
$class?>">
+        <td>
+            <?php
+                echo HtmlInput::button('add_folder','+',  " 
onclick=\"folder_add({$user_id},{$a_dossier[$i]['dos_id']});\"", ' 
smallbutton');
+            ?>
+         
+        </td>
+        <td>
+            <?php
+                echo h($a_dossier[$i]['dos_name']);
+            ?>
+        </td>
+        <td>
+            <?php
+                echo h($a_dossier[$i]['dos_description']);
+            ?>
+        </td>
+    </tr>
+<?php
+endfor;
+?>
+</table>
\ No newline at end of file
diff --git a/include/user_detail.inc.php b/include/user_detail.inc.php
index 93a29b8..b3f3b564 100644
--- a/include/user_detail.inc.php
+++ b/include/user_detail.inc.php
@@ -69,8 +69,11 @@ if (isset($_POST['SAVE']))
                }
         $UserChange->save();
 
+ /**
+  * replace by ajax see ajax_admin.php
+  *        foreach ($_POST as $name => $elem)
         // Update Priv on Folder
-        foreach ($_POST as $name => $elem)
+  
         {
             if (substr_count($name, 'PRIV') != 0)
             {
@@ -93,6 +96,8 @@ if (isset($_POST['SAVE']))
                                }
                        }
         }
+  * 
+  */
     }
 }
 else
@@ -103,7 +108,7 @@ else
         $Res = $cn->exec_sql("delete from jnt_use_dos where use_id=$1", 
array($uid));
         $Res = $cn->exec_sql("delete from ac_users where use_id=$1", 
array($uid));
 
-        echo "<center><H2 class=\"info\"> User " . h($_POST['fname']) . " " . 
h($_POST['lname']) . " est effacé</H2></CENTER>";
+        echo "<center><H2 class=\"info\"> Utilisateur " . h($_POST['fname']) . 
" " . h($_POST['lname']) . " est effacé</H2></CENTER>";
         require_once("class_iselect.php");
         require_once("user.inc.php");
         return;
@@ -113,8 +118,6 @@ $UserChange->load();
 $it_pass=new IText('password');
 $it_pass->value="";
 ?>
-<h1 class="info">Modification</h1>
-<?php echo HtmlInput::button_anchor('Retour', 
'admin_repo.php?action=user_mgt'); ?>
 <FORM  METHOD="POST">
 
 <?php echo HtmlInput::hidden('UID',$uid)?>
@@ -185,18 +188,22 @@ printf('<INPUT type="RADIO" NAME="Admin" VALUE="0" %s> 
Pas administrateur global
 echo "</TD></TR>";
 ?>
     </TABLE>
-</TD>
-</TR>
-<TR>
-    <TD>
+        <input type="Submit" class="button" NAME="SAVE" VALUE="Sauver les 
changements" onclick="return confirm('Confirmer changement ?');">
+
+        <input type="Submit"  class="button" NAME="DELETE" VALUE="Effacer" 
onclick="return confirm('Confirmer effacement ?');" >
+
+</FORM>
+<?php
+if  ($UserChange->admin == 0 ) :
+?>
         <!-- Show all database and rights -->
-        <H2 class="info"> Droit sur les dossiers pour les utilisateurs normaux 
</H2>
+        <H2 class="info"> Accès aux dossiers</H2>
         <p class="notice">
             Les autres droits doivent être réglés dans les dossiers 
(paramètre->sécurité), le fait de changer un utilisateur d'administrateur à 
utilisateur
                        normal ne change pas le profil administrateur dans les 
dossiers.
                        Il faut aller dans CFGSECURITY pour diminuer ses 
privilèges.
         </p>
-        <TABLE>
+     
 <?php
 $array = array(
     array('value' => 'X', 'label' => 'Aucun Accès'),
@@ -204,7 +211,7 @@ $array = array(
 );
 $repo = new Dossier(0);
 
-$Dossier = $repo->show_dossier('all', 1, 0);
+$Dossier = $repo->show_dossier('R',$UserChange->login);
 if (empty($Dossier))
 {
     echo hb('* Aucun Dossier *');
@@ -213,49 +220,50 @@ if (empty($Dossier))
 }
 
 $mod_user = new User(new Database(), $uid);
-foreach ($Dossier as $rDossier)
-{
-       if (defined ("MULTI") && MULTI==0)
-       {
-                       $priv = $mod_user->get_folder_access(MONO_DATABASE);
-                       $priv=($priv=='L')?'R':$priv;
-       }
-               else
-                       $priv = 
$mod_user->get_folder_access($rDossier['dos_id']);
-    printf("<TR><TD> Dossier : %s </TD>", h($rDossier['dos_name']));
-
-    $select = new ISelect();
-    $select->table = 1;
-    $select->name = sprintf('PRIV%s', $rDossier['dos_id']);
-    $select->value = $array;
-    $select->selected = $priv;
-    echo $select->input();
-    echo "</TD></TR>";
-}
+?>
+           <TABLE id="database_list" class="result">
+<?php 
+//
+// Display all the granted folders
+//
+$i=0;
+foreach ($Dossier as $rDossier):
+    $i++;
+$class=($i%2==0)?' even ':'odd ';
+?>
+            <tr id="row<?php echo $rDossier['dos_id']?>" class="<?php echo 
$class;?>">
+                <td>
+                    <?php echo h($rDossier['dos_name']); ?>
+                </td>
+                <td>
+                    <?php echo h($rDossier['dos_description']); ?>
+                </td>
+                <td>
+                    <?php echo HtmlInput::anchor(_('Enleve'),"",
+                            " 
onclick=\"folder_remove({$mod_user->id},{$rDossier['dos_id']});\"");?>
+                </td>
+                
+            </tr>
+<?php  
+endforeach;
 ?>
         </TABLE>
-
-
-
-
-
-        <input type="Submit" class="button" NAME="SAVE" VALUE="Sauver les 
changements" onclick="return confirm('Confirmer changement ?');">
-
-        <input type="Submit"  class="button" NAME="DELETE" VALUE="Effacer" 
onclick="return confirm('Confirmer effacement ?');" >
-<?php echo HtmlInput::button_anchor('Retour', 
'admin_repo.php?action=user_mgt'); ?>
-</FORM>
+        <?php 
+               echo HtmlInput::button("database_add_button",_('Ajout'),
+                            " onclick=\"folder_display({$mod_user->id});\"");
+        ?>
+        <?php
+        // If UserChange->admin==1 it means he can access all databases
+        //
+        else :
+        ?>
+        
+<?php
+    endif;
+?>
 
 </DIV>
 
-
-
-
-
-
-
-
-
-
 <?php
 html_page_stop();
 ?>



reply via email to

[Prev in Thread] Current Thread [Next in Thread]