[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Noalyss-commit] [noalyss] 12/30: Administration user : Add / remove rig
From: |
Dany De Bontridder |
Subject: |
[Noalyss-commit] [noalyss] 12/30: Administration user : Add / remove right on folder in ajax |
Date: |
Tue, 02 Jun 2015 22:29:07 +0000 |
sparkyx pushed a commit to branch master
in repository noalyss.
commit 7075058c7bccbe2162f39765bece1cce28093ba1
Author: Dany De Bontridder <address@hidden>
Date: Mon Jun 1 20:47:16 2015 +0200
Administration user : Add / remove right on folder in ajax
---
html/admin_repo.php | 1 +
html/ajax_misc.php | 35 ++++++++-
html/js/admin.js | 131 +++++++++++++++++++++++++++++++++++
include/class_dossier.php | 69 ++++++++++--------
include/class_user.php | 51 ++++++++------
include/template/folder_display.php | 67 ++++++++++++++++++
include/user_detail.inc.php | 106 +++++++++++++++-------------
7 files changed, 355 insertions(+), 105 deletions(-)
diff --git a/html/admin_repo.php b/html/admin_repo.php
index 2141a5e..e2fa577 100644
--- a/html/admin_repo.php
+++ b/html/admin_repo.php
@@ -52,6 +52,7 @@ define('ALLOWED',true);
<?php
if ( isset ($_REQUEST["action"]) )
{
+ echo js_include("admin.js");
if ( $_REQUEST["action"]=="user_mgt" )
{
//----------------------------------------------------------------------
diff --git a/html/ajax_misc.php b/html/ajax_misc.php
index bde0db1..0136470 100644
--- a/html/ajax_misc.php
+++ b/html/ajax_misc.php
@@ -61,12 +61,23 @@ if ($cont != 0)
extract($_REQUEST);
set_language();
global $g_user, $cn, $g_parameter;
-$cn = new Database($gDossier);
-$g_user = new User($cn);
-$g_user->check(true);
-$g_user->check_dossier($gDossier, true);
+//
+// If database id == 0 then we are not connected to a folder
+// but to the administration
+//
if ($gDossier<>0) {
+ $cn = new Database($gDossier);
$g_parameter=new Own($cn);
+ $g_user = new User($cn);
+ $g_user->check(true);
+ $g_user->check_dossier($gDossier, true);
+}
+else
+{
+ // connect to repository
+ $cn=new Database();
+ $g_user = new User($cn);
+ $g_user->check(true);
}
$html = var_export($_REQUEST, true);
@@ -673,6 +684,22 @@ EOF;
*/
require_once 'ajax_account_update.php';
break;
+ // From admin, revoke the access to a folder from an
+ // user
+ case 'folder_remove':
+ require_once 'ajax_admin.php';
+ break;
+ // From admin, display a list of folder to which the user has
+ // no access
+ case 'folder_display':
+ require_once 'ajax_admin.php';
+ break;
+ // From admin, grant the access to a folder to an
+ // user
+ case 'folder_add':
+ require_once 'ajax_admin.php';
+ break;
+
default:
var_dump($_GET);
}
diff --git a/html/js/admin.js b/html/js/admin.js
new file mode 100644
index 0000000..80b01e5
--- /dev/null
+++ b/html/js/admin.js
@@ -0,0 +1,131 @@
+/*
+ * Copyright (C) 2015 Dany De Bontridder <address@hidden>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ */
+
+/**
+ * Display the forbidden folders if the request comes from a form
+ * with an input text (id:database_filter_input) then this text is
+ * used as a filter
+ * @param {type} p_user : the user id
+ * @returns nothing
+ */
+function folder_display(p_user)
+{
+ /**
+ * If form exist and there is something
+ *
+ */
+ var p_filter = "";
+ if ($('database_filter_input')) {
+ console.log($('database_filter_input').value);
+ p_filter = $('database_filter_input').value;
+ }
+ /*
+ * Ajax request to display the folder
+ */
+ new Ajax.Request('ajax_misc.php', {
+ method: "get",
+ parameters: {"p_user": p_user, "op": "folder_display", "p_filter":
p_filter, 'gDossier': 0},
+ onSuccess: function (p_xml) {
+ // table id = database_list
+ var folder = {};
+ var create = false;
+ if (!$('folder_list_div')) {
+ folder = create_div({'id': 'folder_list_div', 'cssclass':
"inner_box", 'style': 'width:90%,right:5%;top:100px;display:block'});
+ create = true;
+ }
+ folder = $('folder_list_div');
+ // Analyze XML answer
+ var answer = p_xml.responseXML;
+ var a = answer.getElementsByTagName('status');
+ var html = answer.getElementsByTagName('content');
+ if (a.length == 0) {
+ var rec = req.responseText;
+ alert('erreur :' + rec);
+ }
+
+ var content = getNodeText(html[0]);
+ // fill up the div
+ folder.innerHTML = unescape_xml(content);
+
+ // show it
+ folder.show();
+ $('database_filter_input').focus();
+ }
+ });
+}
+/**
+ * Remove the grant for an user to the given database id
+ * @param {integer} p_user use_id id of the user
+ * @param {integer} p_dossier id of the database
+ * @returns nothing
+ */
+function folder_remove(p_user,p_dossier )
+{
+ if ( ! confirm('Confirmer')) return;
+ waiting_box();
+ new Ajax.Request('ajax_misc.php', {
+ method: "get",
+ parameters: {"p_user": p_user, 'p_dossier': p_dossier, "op":
"folder_remove", 'gDossier': 0},
+ onSuccess: function (p_xml) {
+ // table id = database_list
+ $('row'+p_dossier).hide();
+ remove_waiting_box();
+ }
+ });
+}
+
+/**
+ * Grant the access to a folder for a given user and add a row in the table
+ * (id : database_list)
+ * @param {integer} p_user use_id id of the user
+ * @param {integer} p_dossier id of the database
+ * @returns {undefined}
+ */
+function folder_add(p_user, p_dossier)
+{
+ waiting_box();
+ new Ajax.Request('ajax_misc.php', {
+ method: "get",
+ parameters: {"p_user": p_user, 'p_dossier': p_dossier, "op":
"folder_add", 'gDossier': 0},
+ onSuccess: function (p_xml) {
+ // table id = database_list
+ // Analyze XML answer
+ var answer = p_xml.responseXML;
+ var a = answer.getElementsByTagName('status');
+ var html = answer.getElementsByTagName('content');
+ if (a.length == 0) {
+ var rec = req.responseText;
+ alert('erreur :' + rec);
+ }
+
+ var content = getNodeText(html[0]);
+ var nb = $('database_list').rows.length + 1;
+ var row = new Element('tr', {'id': 'row' + p_dossier});
+ if (nb % 2 == 0) {
+ row.addClassName('odd');
+ } else {
+ row.addClassName('even');
+ }
+ row.innerHTML = unescape_xml(content);
+ $('database_list').appendChild(row);
+ $('row_db_'+p_dossier).hide();
+ remove_waiting_box();
+ }
+ });
+
+}
\ No newline at end of file
diff --git a/include/class_dossier.php b/include/class_dossier.php
index 7229fcf..81559a1 100644
--- a/include/class_dossier.php
+++ b/include/class_dossier.php
@@ -53,51 +53,60 @@ class Dossier
return $_REQUEST['gDossier'];
}
- /**!
+ /**
* @brief Show the folder where user have access.
- * @param p_type string : all for all dossiers lim for only the
- * dossier where we've got rights
+ * @param p_type string
+ - A for all dossiers
+ - R for accessible folders
+ - X forbidden folders
+ * @param p_login is the user name
+ * @param p_text is a part of the name where are looking for
* @return nothing
*
*/
- function show_dossier($p_type,$p_first=0,$p_max=0,$p_Num=0)
+ static function show_dossier($p_type,$p_login="",$p_text="",$limit=0)
{
- $l_user=$_SESSION['g_user'];
- if ( $p_max == 0 )
- {
- $l_step="";
- }
- else
- {
- $l_step="LIMIT $p_max OFFSET $p_first";
- }
-
- if ( $p_type == "all")
+ $cn=new Database();
+ $str_limit=($limit==0)?'':' limit '.$limit;
+ if ( $p_type == "A")
{
- $l_sql="select *, 'W' as priv_priv from ac_dossier ORDER BY
dos_name ";
- $p_Num=$this->cn->count_sql($l_sql);
+ $l_sql="select *, 'W' as priv_priv from ac_dossier where dos_name
~* $2 or dos_description ~* $2 ORDER BY dos_name $str_limit ";
+ $a_row=$cn->get_array($l_sql,$p_text);
+ return $a_row;
}
- else
+ else if ($p_type == "R")
{
$l_sql="select * from jnt_use_dos
natural join ac_dossier
natural join ac_users
where
- use_login='".sql_string($l_user)."'
- order by dos_name ";
- $p_Num=$this->cn->count_sql($l_sql);
- }
- $l_sql=$l_sql.$l_step;
- $p_res=$this->cn->exec_sql($l_sql);
-
-
- $Max=$this->cn->size();
- if ( $Max == 0 ) return null;
- for ( $i=0;$i<$Max; $i++)
+ use_login=$1
+ and ( dos_name ~* $2 or dos_description ~* $2)
+
+ order by dos_name
+ $str_limit
+ ";
+
+ $a_row=$cn->get_array($l_sql,array($p_login,$p_text));
+ return $a_row;
+
+ }
+ else if ($p_type == 'X')
{
- $row[]=$this->cn->fetch($i);
+ $l_sql=' select * from ac_dossier where dos_id not in
+ (select dos_id from jnt_use_dos where use_id=$1)
+ and ( dos_name ~* $2 or dos_description ~* $2)
+ order by dos_name '.$str_limit;
+ $a_row=$cn->get_array($l_sql,array($p_login,$p_text));
+ return $a_row;
+
}
- return $row;
+ else
+ {
+ throw new Exception (_("Erreur paramètre"));
+ }
+
+
}
/*!
diff --git a/include/class_user.php b/include/class_user.php
index 87343b7..2e9f408 100644
--- a/include/class_user.php
+++ b/include/class_user.php
@@ -195,7 +195,7 @@ class User
* \return the priv_priv
* - X no access
* - R has access (normal user)
- * - L Local Admin
+
*
*/
@@ -204,11 +204,10 @@ class User
if ($p_dossier == 0)
$p_dossier = dossier::id();
- if ($this->is_local_admin($p_dossier) == 1 || $this->admin == 1)
- return 'L';
+ if ($this->admin == 1) return 'R';
$cn = new Database();
- $sql = "select 1 from jnt_use_dos where use_id=$1 and
dos_id=$2";
+ $sql = "select 'R' from jnt_use_dos where use_id=$1 and
dos_id=$2";
$res = $cn->get_value($sql, array($this->id, $p_dossier));
@@ -219,23 +218,32 @@ class User
/**
* \brief save the access of a folder
* \param $db_id the dossier id
- * \param $priv the priv. to set
+ * \param $priv boolean, true then it is granted, false it is removed
*/
function set_folder_access($db_id, $priv)
- {
+ {
- $cn = new Database();
- $jnt = $cn->get_value("select jnt_id from jnt_use_dos where
dos_id=$1 and use_id=$2", array($db_id, $this->id));
+ $cn=new Database();
+ if ($priv)
+ {
+ // the access is granted
+ $jnt=$cn->get_value("select jnt_id from jnt_use_dos where
dos_id=$1 and use_id=$2", array($db_id, $this->id));
- if ($cn->size() == 0)
- {
+ if ($cn->size()==0)
+ {
- $Res = $cn->exec_sql("insert into
jnt_use_dos(dos_id,use_id) values($1,$2)", array($db_id, $this->id));
- $jnt = $cn->get_value("select jnt_id from jnt_use_dos
where dos_id=$1 and use_id=$2", array($db_id, $this->id));
- }
+ $Res=$cn->exec_sql("insert into jnt_use_dos(dos_id,use_id)
values($1,$2)", array($db_id, $this->id));
+ }
+ }
+ else
+ {
+ // Access is revoked
+ $cn->exec_sql('delete from jnt_use_dos where use_id = $1 and
dos_id = $2 ', array($this->id, $db_id));
+ }
}
- /**
+
+ /**
* \brief check that a user is valid and the access to the folder
* \param $p_ledger the ledger to check
* \return the priv_priv
@@ -711,10 +719,10 @@ class User
}
/**
- * !\brief Check if the user can print (in menu_ref p_type_display=p)
+ address@hidden Check if the user can print (in menu_ref
p_type_display=p)
* otherwise warn and exit
- * \param $p_action requested action
- * \return nothing the program exits automatically
+ * @param $p_action requested action
+ * @return nothing the program exits automatically
*/
function check_print($p_action)
{
@@ -722,8 +730,7 @@ class User
$this->audit('AUDIT', $p_action);
if ($this->Admin() == 1)
return 1;
- if ($this->is_local_admin(dossier::id()) == 1)
- return 1;
+
$res = $cn->get_value("select count(*) from profile_menu
join profile_user using (p_id)
where user_name=$1 and me_code=$2 ",
array($this->login, $p_action));
diff --git a/include/template/folder_display.php
b/include/template/folder_display.php
new file mode 100644
index 0000000..fa52a85
--- /dev/null
+++ b/include/template/folder_display.php
@@ -0,0 +1,67 @@
+<?php
+/*
+ * * Copyright (C) 2015 Dany De Bontridder <address@hidden>
+*
+* This program is free software; you can redistribute it and/or
+* modify it under the terms of the GNU General Public License
+* as published by the Free Software Foundation; either version 2
+* of the License, or (at your option) any later version.
+*
+* This program is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with this program; if not, write to the Free Software
+* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+ *
+ */
+
+
+/**
+ * @file
+ * @brief display the folders the user has no access and permit to add them
+ * thanks ajax call.
+ *
+ * The received parameter are
+ * - $a_dossier, the result of Dossier::show_dossier
+ * - $user_id id of the user
+ *
+ */
+echo js_include('admin.js');
+if ( count($a_dossier) == 0 )
+{
+ echo '<h1 class="notice">'._('Aucun dossier à afficher').'</h1>';
+ return;
+}
+?>
+<table class="result">
+<?php
+$nb_dossier=count($a_dossier);
+for ($i=0;$i<$nb_dossier;$i++):
+ $class=($i%2==0)?"even":"odd";
+?>
+ <tr id="row_db_<?php echo $a_dossier[$i]['dos_id'];?>" class="<?php echo
$class?>">
+ <td>
+ <?php
+ echo HtmlInput::button('add_folder','+', "
onclick=\"folder_add({$user_id},{$a_dossier[$i]['dos_id']});\"", '
smallbutton');
+ ?>
+
+ </td>
+ <td>
+ <?php
+ echo h($a_dossier[$i]['dos_name']);
+ ?>
+ </td>
+ <td>
+ <?php
+ echo h($a_dossier[$i]['dos_description']);
+ ?>
+ </td>
+ </tr>
+<?php
+endfor;
+?>
+</table>
\ No newline at end of file
diff --git a/include/user_detail.inc.php b/include/user_detail.inc.php
index 93a29b8..b3f3b564 100644
--- a/include/user_detail.inc.php
+++ b/include/user_detail.inc.php
@@ -69,8 +69,11 @@ if (isset($_POST['SAVE']))
}
$UserChange->save();
+ /**
+ * replace by ajax see ajax_admin.php
+ * foreach ($_POST as $name => $elem)
// Update Priv on Folder
- foreach ($_POST as $name => $elem)
+
{
if (substr_count($name, 'PRIV') != 0)
{
@@ -93,6 +96,8 @@ if (isset($_POST['SAVE']))
}
}
}
+ *
+ */
}
}
else
@@ -103,7 +108,7 @@ else
$Res = $cn->exec_sql("delete from jnt_use_dos where use_id=$1",
array($uid));
$Res = $cn->exec_sql("delete from ac_users where use_id=$1",
array($uid));
- echo "<center><H2 class=\"info\"> User " . h($_POST['fname']) . " " .
h($_POST['lname']) . " est effacé</H2></CENTER>";
+ echo "<center><H2 class=\"info\"> Utilisateur " . h($_POST['fname']) .
" " . h($_POST['lname']) . " est effacé</H2></CENTER>";
require_once("class_iselect.php");
require_once("user.inc.php");
return;
@@ -113,8 +118,6 @@ $UserChange->load();
$it_pass=new IText('password');
$it_pass->value="";
?>
-<h1 class="info">Modification</h1>
-<?php echo HtmlInput::button_anchor('Retour',
'admin_repo.php?action=user_mgt'); ?>
<FORM METHOD="POST">
<?php echo HtmlInput::hidden('UID',$uid)?>
@@ -185,18 +188,22 @@ printf('<INPUT type="RADIO" NAME="Admin" VALUE="0" %s>
Pas administrateur global
echo "</TD></TR>";
?>
</TABLE>
-</TD>
-</TR>
-<TR>
- <TD>
+ <input type="Submit" class="button" NAME="SAVE" VALUE="Sauver les
changements" onclick="return confirm('Confirmer changement ?');">
+
+ <input type="Submit" class="button" NAME="DELETE" VALUE="Effacer"
onclick="return confirm('Confirmer effacement ?');" >
+
+</FORM>
+<?php
+if ($UserChange->admin == 0 ) :
+?>
<!-- Show all database and rights -->
- <H2 class="info"> Droit sur les dossiers pour les utilisateurs normaux
</H2>
+ <H2 class="info"> Accès aux dossiers</H2>
<p class="notice">
Les autres droits doivent être réglés dans les dossiers
(paramètre->sécurité), le fait de changer un utilisateur d'administrateur à
utilisateur
normal ne change pas le profil administrateur dans les
dossiers.
Il faut aller dans CFGSECURITY pour diminuer ses
privilèges.
</p>
- <TABLE>
+
<?php
$array = array(
array('value' => 'X', 'label' => 'Aucun Accès'),
@@ -204,7 +211,7 @@ $array = array(
);
$repo = new Dossier(0);
-$Dossier = $repo->show_dossier('all', 1, 0);
+$Dossier = $repo->show_dossier('R',$UserChange->login);
if (empty($Dossier))
{
echo hb('* Aucun Dossier *');
@@ -213,49 +220,50 @@ if (empty($Dossier))
}
$mod_user = new User(new Database(), $uid);
-foreach ($Dossier as $rDossier)
-{
- if (defined ("MULTI") && MULTI==0)
- {
- $priv = $mod_user->get_folder_access(MONO_DATABASE);
- $priv=($priv=='L')?'R':$priv;
- }
- else
- $priv =
$mod_user->get_folder_access($rDossier['dos_id']);
- printf("<TR><TD> Dossier : %s </TD>", h($rDossier['dos_name']));
-
- $select = new ISelect();
- $select->table = 1;
- $select->name = sprintf('PRIV%s', $rDossier['dos_id']);
- $select->value = $array;
- $select->selected = $priv;
- echo $select->input();
- echo "</TD></TR>";
-}
+?>
+ <TABLE id="database_list" class="result">
+<?php
+//
+// Display all the granted folders
+//
+$i=0;
+foreach ($Dossier as $rDossier):
+ $i++;
+$class=($i%2==0)?' even ':'odd ';
+?>
+ <tr id="row<?php echo $rDossier['dos_id']?>" class="<?php echo
$class;?>">
+ <td>
+ <?php echo h($rDossier['dos_name']); ?>
+ </td>
+ <td>
+ <?php echo h($rDossier['dos_description']); ?>
+ </td>
+ <td>
+ <?php echo HtmlInput::anchor(_('Enleve'),"",
+ "
onclick=\"folder_remove({$mod_user->id},{$rDossier['dos_id']});\"");?>
+ </td>
+
+ </tr>
+<?php
+endforeach;
?>
</TABLE>
-
-
-
-
-
- <input type="Submit" class="button" NAME="SAVE" VALUE="Sauver les
changements" onclick="return confirm('Confirmer changement ?');">
-
- <input type="Submit" class="button" NAME="DELETE" VALUE="Effacer"
onclick="return confirm('Confirmer effacement ?');" >
-<?php echo HtmlInput::button_anchor('Retour',
'admin_repo.php?action=user_mgt'); ?>
-</FORM>
+ <?php
+ echo HtmlInput::button("database_add_button",_('Ajout'),
+ " onclick=\"folder_display({$mod_user->id});\"");
+ ?>
+ <?php
+ // If UserChange->admin==1 it means he can access all databases
+ //
+ else :
+ ?>
+
+<?php
+ endif;
+?>
</DIV>
-
-
-
-
-
-
-
-
-
<?php
html_page_stop();
?>
- [Noalyss-commit] [noalyss] 08/30: #1118 : partage de note Ne peut partager note non sauvée, (continued)
- [Noalyss-commit] [noalyss] 08/30: #1118 : partage de note Ne peut partager note non sauvée, Dany De Bontridder, 2015/06/02
- [Noalyss-commit] [noalyss] 09/30: #1118 : partage de note Esthétique zoom, Dany De Bontridder, 2015/06/02
- [Noalyss-commit] [noalyss] 10/30: Database improve : new function get_affected returns the number of rows affected by the last query, Dany De Bontridder, 2015/06/02
- [Noalyss-commit] [noalyss] 13/30: Administration user : add condition if no folder exists + esthetic, Dany De Bontridder, 2015/06/02
- [Noalyss-commit] [noalyss] 11/30: Remove table priv_user, the local admin and plugin user are obsolete, Dany De Bontridder, 2015/06/02
- [Noalyss-commit] [noalyss] 16/30: Administration user : esthetic, Dany De Bontridder, 2015/06/02
- [Noalyss-commit] [noalyss] 14/30: Administration user : add condition if no folder exists + esthetic, Dany De Bontridder, 2015/06/02
- [Noalyss-commit] [noalyss] 15/30: Administration user : esthetic + rewrite add user Correct bug : ajax_admin.js, Dany De Bontridder, 2015/06/02
- [Noalyss-commit] [noalyss] 17/30: Administration user : esthetic, Dany De Bontridder, 2015/06/02
- [Noalyss-commit] [noalyss] 18/30: HtmlInput : add a new function to create an empty anchor, Dany De Bontridder, 2015/06/02
- [Noalyss-commit] [noalyss] 12/30: Administration user : Add / remove right on folder in ajax,
Dany De Bontridder <=
- [Noalyss-commit] [noalyss] 19/30: HtmlInput :: anchor_empty add a title, Dany De Bontridder, 2015/06/02
- [Noalyss-commit] [noalyss] 20/30: Message when no financial ledger are found, Dany De Bontridder, 2015/06/02
- [Noalyss-commit] [noalyss] 21/30: Message when no financial ledger are found, Dany De Bontridder, 2015/06/02
- [Noalyss-commit] [noalyss] 22/30: Fix bug in authentication for normal user, Dany De Bontridder, 2015/06/02
- [Noalyss-commit] [noalyss] 24/30: Add email, change preference and administration for this, Dany De Bontridder, 2015/06/02
- [Noalyss-commit] [noalyss] 23/30: Add email, change preference and administration for this, Dany De Bontridder, 2015/06/02
- [Noalyss-commit] [noalyss] 26/30: fix bug with email user, Dany De Bontridder, 2015/06/02
- [Noalyss-commit] [noalyss] 25/30: Remove obsolete file, Dany De Bontridder, 2015/06/02
- [Noalyss-commit] [noalyss] 27/30: Documentation, Dany De Bontridder, 2015/06/02
- [Noalyss-commit] [noalyss] 28/30: Esthetique, Dany De Bontridder, 2015/06/02