Location: PHPKode > projects > HelpCORE > helpcore/module_helpcore_secure/users.php
<?php

/*
 * HelpCORE source file 
 * ====================
 * 
 * CVS:
 * ----
 * $header$
 * 
 * Purpose:
 * --------
 * Manages users
 * 
 * Copyright:
 * ----------
 * Copyright (C) 2002-2003 Dennis Fleurbaaij <hide@address.com>
 * Copyright (C) 2002-2005 IO Software <hide@address.com>
 * 
 * This program is free software; you can redistribute it and/or modify it under the
 * terms of the GNU General Public License as published by the Free Software Foundation;
 * either version 2 of the License, or (at your option) any later version.
 * 
 * This program is distributed in the hope that it will be useful, but WITHOUT ANY 
 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A 
 * PARTICULAR PURPOSE. See the GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License along with this
 * program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, 
 * Cambridge, MA 02139, USA.
 * 
 * Please note that this software is dual licensed. For the commercial use of this 
 * software you will need a Commercial License. Please see http://www.io-software.nl
 * for the terms and conditions.
 * 
 * For more information you can contact IO Software at http://www.io-software.nl
 */ 

if ( ! include( '../coreapm/coreapm.php' ) ) {
	die( 'Cannot include CORE APM' );
} 

if( ! include( 'users_callbacks.php' ) ) {
	__FATAL__( __FILE__, __LINE__, __CLASS__, __FUNCTION__, 'Cannot load callbacks' );	
}

$GLOBALS['security']->secure();
$coreapm->start();

$title = text( 'normal_users' );
//$limits = OBLIGATORY_WHERE( array( 'is_admin', '=', database_boolean( false ) . ' AND may_log_in=' . database_boolean( false ) ) );
$limits = OBLIGATORY_WHERE( array( 'is_admin', '=', database_boolean( false )  ) );

include_once( 'uls_rights_functions.php' );

// ULS
$uls_users_limiter = null;
$uls_organisations_limiter = null;
$uls_buildings_limiter = null;
$uls_rooms_limiter = null;
$uls_departments_limiter = null;
$uls_groups_limiter = null;
$uls_hardware_limiter = null;
$uls_manage_limiter = null;

if( O_RIGHTS_USERLEVELSECURITY && (! $GLOBALS['security']->is_admin) && (! $GLOBALS['security']->global_view) )
{
	// if( O_RIGHTS_USERLEVELSECURITY  ) {
	$has_access = false; 
	
	// Edit/add
	if( isset( $_GET['usersaction'] ) && ( $_GET['usersaction'] == 'edit' ) )
	{
		$has_access = uls_secure_modify( 'users', 'write_ok', $_GET['userseditid'], $uls_users_limiter, $uls_organisations_limiter, $uls_buildings_limiter, $uls_rooms_limiter, $uls_departments_limiter, $uls_groups_limiter, $uls_hardware_limiter );
	} 
	elseif( isset( $_GET['usersaction'] ) && ( $_GET['usersaction'] == 'add' ) )
	{
		$has_access = uls_secure_modify( 'users', 'write_ok', null, $uls_users_limiter, $uls_organisations_limiter, $uls_buildings_limiter, $uls_rooms_limiter, $uls_departments_limiter, $uls_groups_limiter, $uls_hardware_limiter );
	} 
	elseif( isset( $_POST['usersaction'] ) && $_POST['usersaction'] == 'insert' )
	{
		$has_access = uls_secure_modify( 'users', 'write_ok', null, $uls_users_limiter, $uls_organisations_limiter, $uls_buildings_limiter, $uls_rooms_limiter, $uls_departments_limiter, $uls_groups_limiter, $uls_hardware_limiter );
		uls_secure_show( 'users', $uls_manage_limiter );
	} 
	elseif( isset( $_POST['usersaction'] ) && $_POST['usersaction'] == 'update' )
	{
		$has_access = uls_secure_modify( 'users', 'write_ok', $_POST['usersupdateid'], $uls_users_limiter, $uls_organisations_limiter, $uls_buildings_limiter, $uls_rooms_limiter, $uls_departments_limiter, $uls_groups_limiter, $uls_hardware_limiter );
		uls_secure_show( 'users', $uls_manage_limiter );
	}
	elseif( isset( $_GET['usersaction'] ) && ( $_GET['usersaction'] == 'delete' ) )
	{
		$has_access = uls_secure_modify( 'users', 'add_ok', $_GET['usersdeleteid'], $uls_users_limiter, $uls_organisations_limiter, $uls_buildings_limiter, $uls_rooms_limiter, $uls_departments_limiter, $uls_groups_limiter, $uls_hardware_limiter );
		uls_secure_show( 'users', $uls_manage_limiter );
	} 
	elseif( isset( $_GET['usersparentaction'] ) )
	{ 
		// Pretty insecure !
		$has_access = true;

		if( $_GET['usersparentaction'] == 'edit' )
		{
			uls_secure_modify( 'users', 'write_ok', null, $uls_users_limiter, $uls_organisations_limiter, $uls_buildings_limiter, $uls_rooms_limiter, $uls_departments_limiter, $uls_groups_limiter, $uls_hardware_limiter );
		} 
		elseif( $_GET['usersparentaction'] == 'add' )
		{
			uls_secure_modify( 'users', 'write_ok', null, $uls_users_limiter, $uls_organisations_limiter, $uls_buildings_limiter, $uls_rooms_limiter, $uls_departments_limiter, $uls_groups_limiter, $uls_hardware_limiter );
		} 
		else {
			uls_secure_modify( 'users', 'read_ok', null, $uls_users_limiter, $uls_organisations_limiter, $uls_buildings_limiter, $uls_rooms_limiter, $uls_departments_limiter, $uls_groups_limiter, $uls_hardware_limiter );	
		}		
	} 
	// List or index action
	else
	{
		if( ! uls_secure_modify( 'users', 'read_ok', null, $uls_users_limiter, $uls_organisations_limiter, $uls_buildings_limiter, $uls_rooms_limiter, $uls_departments_limiter, $uls_groups_limiter, $uls_hardware_limiter ) ) {
			$limits = $limits | NO_ADD | NO_EDIT | NO_DELETE;
		}
		
		uls_secure_show( 'users', $uls_manage_limiter );
		$has_access = true;
	} 
	// User has no common rights-points with this object
	if( ! $has_access )
	{
		$GLOBALS['box']->add( text( 'uls' ), text( 'uls_in_violation' ) );
		$coreapm->finish();
		die;
	} 
} 
else {
	if( ! $GLOBALS['security']->is_admin )
	{ 
		$limits = $limits | NO_EDIT | NO_DELETE;
	} 
}


if ( $GLOBALS['security']->is_admin )
{ 
	// admin
	$title = text( 'all_users' );
	$limits = null;
} 
else
{ 
	// user
	$title = text( 'normal_users' );
//	$GLOBALS['relational']->auto_insert_array[ 'may_log_in'] = database_boolean( false );
//	$GLOBALS['relational']->auto_insert_array[ 'is_admin'] = database_boolean( false );
} 

if ( ( isset( $_GET['usersaction'] ) &&
			( ( $_GET['usersaction'] == 'edit' ) ||
				( $_GET['usersaction'] == 'add' ) ) 
			) ||
		( isset( $_POST['usersaction'] ) ) )
{
	if( isset( $_GET['usersaction'] ) ) $action = $_GET['usersaction'];
	if( isset( $_POST['usersaction'] ) ) $action = $_POST['usersaction'];

	?>
<script type="text/javascript" >

  //
  // Selected an organisation in a selectbox
  //
  function selected_organisation( id ) {

	// Show buildings from that organisation
	doSimpleRPCQuery( 'usersbuilding_id', '<?php echo $_SERVER['PHP_SELF'];
	?>?selectType=simple&usersaction=datarequest&usersparentaction=<?php echo $action;
	?>&usersdatarequestname=building_id&freeLimiter=organisation_id__eq__' + id  , '' );
  }

  //
  // Selected a building in a selectbox
  //
  function selected_building( id ) { 
  
    // Get the id
	var selectBox = document.getElementById( 'usersbuilding_id' );
  	var id = selectBox.options[ selectBox.selectedIndex ].value;

	// Set organisation
	callToUrl( 'location_functions.php?action=selected_building&id=' + id + '&page=users' );
	
	// Show rooms in that building
	doRpcQuery( 'usersrooms_id', '<?php echo $_SERVER['PHP_SELF'];
	?>?usersaction=datarequest&usersparentaction=<?php echo $action;
	?>&usersdatarequestname=rooms_id&freeLimiter=buildings_id__eq__' + id  , '' );
  }

  //
  // Selected a room in a selectbox
  //
  function selected_room() {

  	// Get the id
	var selectBox = document.getElementById( 'usersrooms_id_select' );
  	var id = selectBox.options[ selectBox.selectedIndex ].value;
  
  	// Set building and org
	callToUrl( 'location_functions.php?action=selected_room&id=' + id + '&page=users' );
  
  }
  
  //
  // This erases all the location selectboxes and sets the current viewable items
  //
  function newlocationsearch(){

	doSimpleRPCQuery( 'usersorganisation_id', '<?php echo $_SERVER['PHP_SELF'];
	?>?selectType=simple&usersaction=datarequest&usersparentaction=<?php echo$action;
	?>&usersdatarequestname=organisation_id' , '' );
  	doSimpleRPCQuery( 'usersbuilding_id', '<?php echo $_SERVER['PHP_SELF'];
	?>?selectType=simple&usersaction=datarequest&usersparentaction=<?php echo $action;
	?>&usersdatarequestname=building_id'  , '' );
	newSelectSearch( 'usersrooms_id' );
  	doSimpleRPCQuery( 'usersdepartment_id', '<?php echo $_SERVER['PHP_SELF'];
	?>?selectType=simple&usersaction=datarequest&usersparentaction=<?php echo $action;
	?>&usersdatarequestname=department_id'  , '' );
  }

</script>
<?php
} 

if( USE_SOFTWARE && ( ( ! O_MENU_ONLYADMINSSEESOFTWARE ) || ( O_MENU_ONLYADMINSSEESOFTWARE && $GLOBALS['security']->is_admin ) ) )
{
	/**
	 * We want to have an n-m relation with users
	 */
	function nm_users_software( $id, $editable = false )
	{
		$ok = true;
		$content = '';

		$table = new class_table;
		$table->table_columns = 2;

		if( $editable ) {
			$table->table_columns = 4;
			$table->add_header_row( array( text('allowed'), text( 'name' ), text( 'version' ), text( 'action' ) ) ); 
		}
		else {
			$table->table_columns = 3;
			$table->add_header_row( array( text('allowed'), text( 'name' ), text( 'version' ) ) ); 		
		}
	
		// Manipulate database
		if ( isset( $_GET['usersoftwarerights'] ) &&
		 	 isset( $_GET['usersoftwareid'] ) &&
			 is_numeric( $_GET['usersoftwareid'] ) && 
			 $editable ) {
				
			switch ( $_GET['usersoftwarerights'] )
			{
				case 'allow':
					$GLOBALS['db']->query( 'DELETE FROM users_software WHERE user_id=' . $id . ' AND software_id=' . $_GET['usersoftwareid'] . ';' );
					$GLOBALS['db']->query( 'INSERT INTO users_software(user_id, software_id) values( ' . $id . ', ' . $_GET['usersoftwareid'] . ' );' );
					break;

				case 'deny':
					$GLOBALS['db']->query( 'DELETE FROM users_software WHERE user_id=' . $id . ' AND software_id=' . $_GET['usersoftwareid'] . ';' );
					break;
	
				default:
					echo 'nm_users_software(): "'.$_GET['usersoftwarerights'].'" is not a valid action';
					die;
			} 
		} 
		
		if( $editable ) {
	
			$option_array=array();
			$GLOBALS['db']->query( 'SELECT id,
										   name,
										   version
									  FROM software 
								  ORDER BY name,version' );
			while ( ( $row = $GLOBALS['db']->fetch_array() ) )
			{
				array_push( $option_array, array( $row['id'], $row['name'].' ( '.$row['version'].' )') );
			}
		
			$content .= form_get_start( 'device_select', $_SERVER['PHP_SELF'] ). 
						form_select( 'usersoftwareid', $option_array, find_value( 'usersoftwareid' ) ).
						form_hiddenfield( 'usersaction', 'edit' ).
						form_hiddenfield( 'userseditid', $id ).
						form_hiddenfield( 'usersoftwarerights', 'allow' ).
						form_hiddenfield( 'selectedtab', text('software_by_user') );
					
			if( isset($_GET['filter']) ) {
				$content .= form_hiddenfield( 'filter', $_GET['filter'] );
			}
					
			$content .= form_submit_button( 'submitForm', text('add')).
						form_finish();
		}
	
		/* Works for MySQL but not for PostgreSQL
		$GLOBALS['db']->query( 'SELECT software.name AS name,
									   software.version AS version,
									   software.id AS id,
									   count( asu.software_id ) AS amountu,
									   count( aso.software_id ) AS amounto,
									   count( asb.software_id ) AS amountb,
									   count( asr.software_id ) AS amountr,
									   count( asd.software_id ) AS amountd,
									   count( asg.software_id ) AS amountg
					              FROM users_software,
				 			           software,
									   users
					  		 LEFT JOIN allowed_software_users AS asu 		ON ( asu.software_id=users_software.software_id AND asu.user_id=users.id )
					  		 LEFT JOIN allowed_software_organisation AS aso ON ( aso.software_id=users_software.software_id AND aso.organisation_id=users.organisation_id )
					  		 LEFT JOIN allowed_software_buildings AS asb 	ON ( asb.software_id=users_software.software_id AND asb.building_id=users.building_id )
					  		 LEFT JOIN allowed_software_rooms AS asr 		ON ( asr.software_id=users_software.software_id AND asr.room_id=users.rooms_id )
					  		 LEFT JOIN allowed_software_departments AS asd 	ON ( asd.software_id=users_software.software_id AND asd.department_id=users.department_id )
					  		 LEFT JOIN allowed_software_groups AS asg 		ON ( asg.software_id=users_software.software_id AND asg.group_id=users.group_id )
								 WHERE users_software.user_id=' . $id . '
								   AND users_software.user_id=users.id
								   AND software.id = users_software.software_id
							  GROUP BY users_software.software_id
						      ORDER BY software.name' );
		*/
		
		// Seems to work for PostgreSQL
		$GLOBALS['db']->query( 'SELECT software.name AS name,
									   software.version AS version,
									   software.id AS id,
									   count( asu.software_id ) AS amountu,
									   count( aso.software_id ) AS amounto,
									   count( asb.software_id ) AS amountb,
									   count( asr.software_id ) AS amountr,
									   count( asd.software_id ) AS amountd,
									   count( asg.software_id ) AS amountg
					              FROM software,
									   users
						    INNER JOIN users_software ON ( users_software.user_id=users.id )
					  		 LEFT JOIN allowed_software_users AS asu 	ON ( asu.software_id=users_software.software_id AND asu.user_id=users.id )
					  	     LEFT JOIN allowed_software_organisation AS aso ON ( aso.software_id=users_software.software_id AND aso.organisation_id=users.organisation_id )
					  		 LEFT JOIN allowed_software_buildings AS asb 	ON ( asb.software_id=users_software.software_id AND asb.building_id=users.building_id )
					  		 LEFT JOIN allowed_software_rooms AS asr 	ON ( asr.software_id=users_software.software_id AND asr.room_id=users.rooms_id )
					  		 LEFT JOIN allowed_software_departments AS asd 	ON ( asd.software_id=users_software.software_id AND asd.department_id=users.department_id )
					  		 LEFT JOIN allowed_software_groups AS asg 	ON ( asg.software_id=users_software.software_id AND asg.group_id=users.group_id )
							     WHERE users_software.user_id=' . $id . '
								   AND software.id = users_software.software_id
							  GROUP BY users_software.software_id, software.name, software.version, software.id
						      ORDER BY software.name;' );
		
		while ( ( $row = $GLOBALS['db']->fetch_array() ) )
		{
		
			if( ( $row['amountu'] +  $row['amounto'] + $row['amountb'] + $row['amountr'] + $row['amountd'] + $row['amountg'] )  == 0 ) {
				$dot = '<img src="'.BASE_URL.'images/dot_red.gif" border="0" alt="'.text('no').'" title="'.text('no').'" />';
				$ok = false;
			}
	
			// Allowed
			else {
		
				$explination = '';	
				if( $row['amountu'] > 0 ) $explination .= text('user').': '.text('yes').' ';
				if( $row['amounto'] > 0 ) $explination .= text('organisation').': '.text('yes').' ';
				if( $row['amountb'] > 0 ) $explination .= text('building').': '.text('yes').' ';
				if( $row['amountr'] > 0 ) $explination .= text('room').': '.text('yes').' ';
				if( $row['amountg'] > 0 ) $explination .= text('group').': '.text('yes').' ';
				if( $row['amountd'] > 0 ) $explination .= text('department').': '.text('yes').' ';
			
				$dot = '<img src="'.BASE_URL.'images/dot_green.gif" border="0" alt="'.$explination.'" title="'.$explination.'" />';		
			}
			
			$array = array( $dot, '<a href="software.php?softwareaction=show&softwareshowid=' . $row['id'] . '">' . $row['name'] . '</a>', $row['version'] );
		
			if( $editable ) {
				array_push( $array, '<a href="'.$_SERVER['PHP_SELF'].'?usersaction=edit'.
																     '&userseditid='.$id.
																	 '&selectedtab='. text('software_by_user') .
																	 '&usersoftwarerights=deny&usersoftwareid='.$row['id'].'">'.
																	 '<img src="'.BASE_URL.'images/delete_small.gif" border="0" alt="'.text('delete').'" /></a>' );
			}
			
		
			$table->add_row( $array );
		} 
	
		if( $ok ) {
			$dot = '<img src="'.BASE_URL.'images/dot_green.gif" border="0" alt="'.text('yes').'" title="'.text('yes').'" />';
		}	
		else {
			$dot = '<img src="'.BASE_URL.'images/dot_red.gif" border="0" alt="'.text('no').'" title="'.text('no').'" />';	
		}
		
		
		$GLOBALS['tabs']->addDataPanel( $dot . ' ' . text( 'software_by_user' ).' ('.$GLOBALS['db']->num_rows().')', $GLOBALS['box']->data( text( 'software_by_user' ),$content. $table->finish() ) );
		return;
	}
} 



$GLOBALS['relational']->add_table_column( 'title', text( 'title' ), TYPE_STRING( 100 ) | VIS_NO_INDEX | VIS_NO_SEARCH );
$GLOBALS['relational']->add_table_column( 'first_letters', text( 'first_letters' ), TYPE_STRING( 100 ) | VIS_NO_INDEX | VIS_NO_SEARCH );
$GLOBALS['relational']->add_table_column( 'firstname', text( 'firstname' ), TYPE_STRING( 100 ) );
$GLOBALS['relational']->add_table_column( 'middlename', text( 'middlename' ), TYPE_STRING( 100 ) );
$GLOBALS['relational']->add_table_column( 'surname', text( 'surname' ), TYPE_STRING( 100 ) | REL_OBLIGATORY );
$GLOBALS['relational']->add_table_column( 'telnr', text( 'tel_nr' ), TYPE_STRING( 100 ) );

if( USE_SLA )
{
	$GLOBALS['relational']->add_table_column( 'sla_level_id', text( 'sla_levels' ), TYPE_JOIN( 'sla_levels', 'name' ) | VIS_NO_INDEX | VIS_NO_SEARCH );
} 

$GLOBALS['relational']->add_line( text( 'user_login' ) );
$GLOBALS['relational']->add_table_column( 'loginname', text( 'loginname' ), TYPE_STRING( 255 ) | REL_UNIQUE );
$GLOBALS['relational']->add_table_column( 'password', text( 'password' ), TYPE_SECURE( 100 ) | VIS_NO_INDEX | VIS_NO_SEARCH );
$GLOBALS['relational']->add_table_column( 'email', text( 'email_address' ), TYPE_STRING( 200 ) | VIS_NO_INDEX | VIS_NO_SEARCH );

$GLOBALS['relational']->add_line( text( 'user_groups' ) );
$GLOBALS['relational']->add_table_column( 'group_id', text( 'group' ), TYPE_JOIN( 'groups', 'name', $uls_groups_limiter ) );
$GLOBALS['relational']->add_table_column( 'department_id', text( 'department' ), TYPE_JOIN( 'departments', 'name', $uls_departments_limiter ) );

// Show new location search button
if( isset( $_GET['usersaction'] ) && ( ( $_GET['usersaction']=='edit' ) || ( $_GET['usersaction']=='add' ) ) ) {
	$GLOBALS['relational']->add_line( text( 'user_location' ) . '<input type="button" name="newlocationsearchbutton" onclick="javascript:newlocationsearch();" value="' . text( 'new' ) . '">' );
}
else {
	$GLOBALS['relational']->add_line( text( 'user_location' ) );
}


$GLOBALS['relational']->add_table_column( 'organisation_id', text( 'organisation' ), TYPE_JOIN( 'organisation', 'name', $uls_organisations_limiter ) | EVENT( 'onchange="selected_organisation( this.value );"' ) );
$GLOBALS['relational']->add_table_column( 'building_id', text( 'building' ), TYPE_JOIN( 'buildings', 'name', $uls_buildings_limiter ) | EVENT( 'onchange="selected_building( this.value );"' ) );
$GLOBALS['relational']->add_table_column( 'rooms_id', text( 'room' ), TYPE_SEARCH_JOIN( 'rooms', 'name', $uls_rooms_limiter ) | EVENT( 'selected_room(this.value)' ) );
$GLOBALS['relational']->add_table_column( 'loc_telnr', text( 'loc_tel_nr' ), TYPE_STRING( 100 ) | VIS_NO_INDEX | VIS_NO_SEARCH );

$GLOBALS['relational']->add_table_column( 'notes', text( 'notes' ), TYPE_TEXT() | VIS_NO_INDEX | VIS_NO_SEARCH );


if ( $GLOBALS['security']->is_admin )
{
	$GLOBALS['relational']->add_line( text( 'user_admin_only' ) );
	$GLOBALS['relational']->add_table_column( 'may_log_in', text( 'may_log_in' ), TYPE_BOOLEAN );
	$GLOBALS['relational']->add_table_column( 'is_admin', text( 'is_admin' ), TYPE_BOOLEAN );
	$GLOBALS['relational']->add_table_column( 'global_view', text( 'global_view' ), TYPE_BOOLEAN | VIS_NO_INDEX | VIS_NO_SEARCH );
} 

$GLOBALS['relational']->manage( 'users', $title, ORDER_BY( 'surname' ) | $limits | $uls_manage_limiter );
$coreapm->finish();

?>
Return current item: HelpCORE