<?php
/*
* HelpCORE source file
* ====================
*
* CVS:
* ----
* $header$
*
* Purpose:
* --------
* Manages users
*
* Copyright:
* ----------
* Copyright (C) 2002-2003 Dennis Fleurbaaij <hide@address.com>
* Copyright (C) 2002-2005 IO Software <hide@address.com>
*
* This program is free software; you can redistribute it and/or modify it under the
* terms of the GNU General Public License as published by the Free Software Foundation;
* either version 2 of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY
* WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
* PARTICULAR PURPOSE. See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with this
* program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave,
* Cambridge, MA 02139, USA.
*
* Please note that this software is dual licensed. For the commercial use of this
* software you will need a Commercial License. Please see http://www.io-software.nl
* for the terms and conditions.
*
* For more information you can contact IO Software at http://www.io-software.nl
*/
if ( ! include( '../coreapm/coreapm.php' ) ) {
die( 'Cannot include CORE APM' );
}
if( ! include( 'users_callbacks.php' ) ) {
__FATAL__( __FILE__, __LINE__, __CLASS__, __FUNCTION__, 'Cannot load callbacks' );
}
$GLOBALS['security']->secure();
$coreapm->start();
$title = text( 'normal_users' );
//$limits = OBLIGATORY_WHERE( array( 'is_admin', '=', database_boolean( false ) . ' AND may_log_in=' . database_boolean( false ) ) );
$limits = OBLIGATORY_WHERE( array( 'is_admin', '=', database_boolean( false ) ) );
include_once( 'uls_rights_functions.php' );
// ULS
$uls_users_limiter = null;
$uls_organisations_limiter = null;
$uls_buildings_limiter = null;
$uls_rooms_limiter = null;
$uls_departments_limiter = null;
$uls_groups_limiter = null;
$uls_hardware_limiter = null;
$uls_manage_limiter = null;
if( O_RIGHTS_USERLEVELSECURITY && (! $GLOBALS['security']->is_admin) && (! $GLOBALS['security']->global_view) )
{
// if( O_RIGHTS_USERLEVELSECURITY ) {
$has_access = false;
// Edit/add
if( isset( $_GET['usersaction'] ) && ( $_GET['usersaction'] == 'edit' ) )
{
$has_access = uls_secure_modify( 'users', 'write_ok', $_GET['userseditid'], $uls_users_limiter, $uls_organisations_limiter, $uls_buildings_limiter, $uls_rooms_limiter, $uls_departments_limiter, $uls_groups_limiter, $uls_hardware_limiter );
}
elseif( isset( $_GET['usersaction'] ) && ( $_GET['usersaction'] == 'add' ) )
{
$has_access = uls_secure_modify( 'users', 'write_ok', null, $uls_users_limiter, $uls_organisations_limiter, $uls_buildings_limiter, $uls_rooms_limiter, $uls_departments_limiter, $uls_groups_limiter, $uls_hardware_limiter );
}
elseif( isset( $_POST['usersaction'] ) && $_POST['usersaction'] == 'insert' )
{
$has_access = uls_secure_modify( 'users', 'write_ok', null, $uls_users_limiter, $uls_organisations_limiter, $uls_buildings_limiter, $uls_rooms_limiter, $uls_departments_limiter, $uls_groups_limiter, $uls_hardware_limiter );
uls_secure_show( 'users', $uls_manage_limiter );
}
elseif( isset( $_POST['usersaction'] ) && $_POST['usersaction'] == 'update' )
{
$has_access = uls_secure_modify( 'users', 'write_ok', $_POST['usersupdateid'], $uls_users_limiter, $uls_organisations_limiter, $uls_buildings_limiter, $uls_rooms_limiter, $uls_departments_limiter, $uls_groups_limiter, $uls_hardware_limiter );
uls_secure_show( 'users', $uls_manage_limiter );
}
elseif( isset( $_GET['usersaction'] ) && ( $_GET['usersaction'] == 'delete' ) )
{
$has_access = uls_secure_modify( 'users', 'add_ok', $_GET['usersdeleteid'], $uls_users_limiter, $uls_organisations_limiter, $uls_buildings_limiter, $uls_rooms_limiter, $uls_departments_limiter, $uls_groups_limiter, $uls_hardware_limiter );
uls_secure_show( 'users', $uls_manage_limiter );
}
elseif( isset( $_GET['usersparentaction'] ) )
{
// Pretty insecure !
$has_access = true;
if( $_GET['usersparentaction'] == 'edit' )
{
uls_secure_modify( 'users', 'write_ok', null, $uls_users_limiter, $uls_organisations_limiter, $uls_buildings_limiter, $uls_rooms_limiter, $uls_departments_limiter, $uls_groups_limiter, $uls_hardware_limiter );
}
elseif( $_GET['usersparentaction'] == 'add' )
{
uls_secure_modify( 'users', 'write_ok', null, $uls_users_limiter, $uls_organisations_limiter, $uls_buildings_limiter, $uls_rooms_limiter, $uls_departments_limiter, $uls_groups_limiter, $uls_hardware_limiter );
}
else {
uls_secure_modify( 'users', 'read_ok', null, $uls_users_limiter, $uls_organisations_limiter, $uls_buildings_limiter, $uls_rooms_limiter, $uls_departments_limiter, $uls_groups_limiter, $uls_hardware_limiter );
}
}
// List or index action
else
{
if( ! uls_secure_modify( 'users', 'read_ok', null, $uls_users_limiter, $uls_organisations_limiter, $uls_buildings_limiter, $uls_rooms_limiter, $uls_departments_limiter, $uls_groups_limiter, $uls_hardware_limiter ) ) {
$limits = $limits | NO_ADD | NO_EDIT | NO_DELETE;
}
uls_secure_show( 'users', $uls_manage_limiter );
$has_access = true;
}
// User has no common rights-points with this object
if( ! $has_access )
{
$GLOBALS['box']->add( text( 'uls' ), text( 'uls_in_violation' ) );
$coreapm->finish();
die;
}
}
else {
if( ! $GLOBALS['security']->is_admin )
{
$limits = $limits | NO_EDIT | NO_DELETE;
}
}
if ( $GLOBALS['security']->is_admin )
{
// admin
$title = text( 'all_users' );
$limits = null;
}
else
{
// user
$title = text( 'normal_users' );
// $GLOBALS['relational']->auto_insert_array[ 'may_log_in'] = database_boolean( false );
// $GLOBALS['relational']->auto_insert_array[ 'is_admin'] = database_boolean( false );
}
if ( ( isset( $_GET['usersaction'] ) &&
( ( $_GET['usersaction'] == 'edit' ) ||
( $_GET['usersaction'] == 'add' ) )
) ||
( isset( $_POST['usersaction'] ) ) )
{
if( isset( $_GET['usersaction'] ) ) $action = $_GET['usersaction'];
if( isset( $_POST['usersaction'] ) ) $action = $_POST['usersaction'];
?>
<script type="text/javascript" >
//
// Selected an organisation in a selectbox
//
function selected_organisation( id ) {
// Show buildings from that organisation
doSimpleRPCQuery( 'usersbuilding_id', '<?php echo $_SERVER['PHP_SELF'];
?>?selectType=simple&usersaction=datarequest&usersparentaction=<?php echo $action;
?>&usersdatarequestname=building_id&freeLimiter=organisation_id__eq__' + id , '' );
}
//
// Selected a building in a selectbox
//
function selected_building( id ) {
// Get the id
var selectBox = document.getElementById( 'usersbuilding_id' );
var id = selectBox.options[ selectBox.selectedIndex ].value;
// Set organisation
callToUrl( 'location_functions.php?action=selected_building&id=' + id + '&page=users' );
// Show rooms in that building
doRpcQuery( 'usersrooms_id', '<?php echo $_SERVER['PHP_SELF'];
?>?usersaction=datarequest&usersparentaction=<?php echo $action;
?>&usersdatarequestname=rooms_id&freeLimiter=buildings_id__eq__' + id , '' );
}
//
// Selected a room in a selectbox
//
function selected_room() {
// Get the id
var selectBox = document.getElementById( 'usersrooms_id_select' );
var id = selectBox.options[ selectBox.selectedIndex ].value;
// Set building and org
callToUrl( 'location_functions.php?action=selected_room&id=' + id + '&page=users' );
}
//
// This erases all the location selectboxes and sets the current viewable items
//
function newlocationsearch(){
doSimpleRPCQuery( 'usersorganisation_id', '<?php echo $_SERVER['PHP_SELF'];
?>?selectType=simple&usersaction=datarequest&usersparentaction=<?php echo$action;
?>&usersdatarequestname=organisation_id' , '' );
doSimpleRPCQuery( 'usersbuilding_id', '<?php echo $_SERVER['PHP_SELF'];
?>?selectType=simple&usersaction=datarequest&usersparentaction=<?php echo $action;
?>&usersdatarequestname=building_id' , '' );
newSelectSearch( 'usersrooms_id' );
doSimpleRPCQuery( 'usersdepartment_id', '<?php echo $_SERVER['PHP_SELF'];
?>?selectType=simple&usersaction=datarequest&usersparentaction=<?php echo $action;
?>&usersdatarequestname=department_id' , '' );
}
</script>
<?php
}
if( USE_SOFTWARE && ( ( ! O_MENU_ONLYADMINSSEESOFTWARE ) || ( O_MENU_ONLYADMINSSEESOFTWARE && $GLOBALS['security']->is_admin ) ) )
{
/**
* We want to have an n-m relation with users
*/
function nm_users_software( $id, $editable = false )
{
$ok = true;
$content = '';
$table = new class_table;
$table->table_columns = 2;
if( $editable ) {
$table->table_columns = 4;
$table->add_header_row( array( text('allowed'), text( 'name' ), text( 'version' ), text( 'action' ) ) );
}
else {
$table->table_columns = 3;
$table->add_header_row( array( text('allowed'), text( 'name' ), text( 'version' ) ) );
}
// Manipulate database
if ( isset( $_GET['usersoftwarerights'] ) &&
isset( $_GET['usersoftwareid'] ) &&
is_numeric( $_GET['usersoftwareid'] ) &&
$editable ) {
switch ( $_GET['usersoftwarerights'] )
{
case 'allow':
$GLOBALS['db']->query( 'DELETE FROM users_software WHERE user_id=' . $id . ' AND software_id=' . $_GET['usersoftwareid'] . ';' );
$GLOBALS['db']->query( 'INSERT INTO users_software(user_id, software_id) values( ' . $id . ', ' . $_GET['usersoftwareid'] . ' );' );
break;
case 'deny':
$GLOBALS['db']->query( 'DELETE FROM users_software WHERE user_id=' . $id . ' AND software_id=' . $_GET['usersoftwareid'] . ';' );
break;
default:
echo 'nm_users_software(): "'.$_GET['usersoftwarerights'].'" is not a valid action';
die;
}
}
if( $editable ) {
$option_array=array();
$GLOBALS['db']->query( 'SELECT id,
name,
version
FROM software
ORDER BY name,version' );
while ( ( $row = $GLOBALS['db']->fetch_array() ) )
{
array_push( $option_array, array( $row['id'], $row['name'].' ( '.$row['version'].' )') );
}
$content .= form_get_start( 'device_select', $_SERVER['PHP_SELF'] ).
form_select( 'usersoftwareid', $option_array, find_value( 'usersoftwareid' ) ).
form_hiddenfield( 'usersaction', 'edit' ).
form_hiddenfield( 'userseditid', $id ).
form_hiddenfield( 'usersoftwarerights', 'allow' ).
form_hiddenfield( 'selectedtab', text('software_by_user') );
if( isset($_GET['filter']) ) {
$content .= form_hiddenfield( 'filter', $_GET['filter'] );
}
$content .= form_submit_button( 'submitForm', text('add')).
form_finish();
}
/* Works for MySQL but not for PostgreSQL
$GLOBALS['db']->query( 'SELECT software.name AS name,
software.version AS version,
software.id AS id,
count( asu.software_id ) AS amountu,
count( aso.software_id ) AS amounto,
count( asb.software_id ) AS amountb,
count( asr.software_id ) AS amountr,
count( asd.software_id ) AS amountd,
count( asg.software_id ) AS amountg
FROM users_software,
software,
users
LEFT JOIN allowed_software_users AS asu ON ( asu.software_id=users_software.software_id AND asu.user_id=users.id )
LEFT JOIN allowed_software_organisation AS aso ON ( aso.software_id=users_software.software_id AND aso.organisation_id=users.organisation_id )
LEFT JOIN allowed_software_buildings AS asb ON ( asb.software_id=users_software.software_id AND asb.building_id=users.building_id )
LEFT JOIN allowed_software_rooms AS asr ON ( asr.software_id=users_software.software_id AND asr.room_id=users.rooms_id )
LEFT JOIN allowed_software_departments AS asd ON ( asd.software_id=users_software.software_id AND asd.department_id=users.department_id )
LEFT JOIN allowed_software_groups AS asg ON ( asg.software_id=users_software.software_id AND asg.group_id=users.group_id )
WHERE users_software.user_id=' . $id . '
AND users_software.user_id=users.id
AND software.id = users_software.software_id
GROUP BY users_software.software_id
ORDER BY software.name' );
*/
// Seems to work for PostgreSQL
$GLOBALS['db']->query( 'SELECT software.name AS name,
software.version AS version,
software.id AS id,
count( asu.software_id ) AS amountu,
count( aso.software_id ) AS amounto,
count( asb.software_id ) AS amountb,
count( asr.software_id ) AS amountr,
count( asd.software_id ) AS amountd,
count( asg.software_id ) AS amountg
FROM software,
users
INNER JOIN users_software ON ( users_software.user_id=users.id )
LEFT JOIN allowed_software_users AS asu ON ( asu.software_id=users_software.software_id AND asu.user_id=users.id )
LEFT JOIN allowed_software_organisation AS aso ON ( aso.software_id=users_software.software_id AND aso.organisation_id=users.organisation_id )
LEFT JOIN allowed_software_buildings AS asb ON ( asb.software_id=users_software.software_id AND asb.building_id=users.building_id )
LEFT JOIN allowed_software_rooms AS asr ON ( asr.software_id=users_software.software_id AND asr.room_id=users.rooms_id )
LEFT JOIN allowed_software_departments AS asd ON ( asd.software_id=users_software.software_id AND asd.department_id=users.department_id )
LEFT JOIN allowed_software_groups AS asg ON ( asg.software_id=users_software.software_id AND asg.group_id=users.group_id )
WHERE users_software.user_id=' . $id . '
AND software.id = users_software.software_id
GROUP BY users_software.software_id, software.name, software.version, software.id
ORDER BY software.name;' );
while ( ( $row = $GLOBALS['db']->fetch_array() ) )
{
if( ( $row['amountu'] + $row['amounto'] + $row['amountb'] + $row['amountr'] + $row['amountd'] + $row['amountg'] ) == 0 ) {
$dot = '<img src="'.BASE_URL.'images/dot_red.gif" border="0" alt="'.text('no').'" title="'.text('no').'" />';
$ok = false;
}
// Allowed
else {
$explination = '';
if( $row['amountu'] > 0 ) $explination .= text('user').': '.text('yes').' ';
if( $row['amounto'] > 0 ) $explination .= text('organisation').': '.text('yes').' ';
if( $row['amountb'] > 0 ) $explination .= text('building').': '.text('yes').' ';
if( $row['amountr'] > 0 ) $explination .= text('room').': '.text('yes').' ';
if( $row['amountg'] > 0 ) $explination .= text('group').': '.text('yes').' ';
if( $row['amountd'] > 0 ) $explination .= text('department').': '.text('yes').' ';
$dot = '<img src="'.BASE_URL.'images/dot_green.gif" border="0" alt="'.$explination.'" title="'.$explination.'" />';
}
$array = array( $dot, '<a href="software.php?softwareaction=show&softwareshowid=' . $row['id'] . '">' . $row['name'] . '</a>', $row['version'] );
if( $editable ) {
array_push( $array, '<a href="'.$_SERVER['PHP_SELF'].'?usersaction=edit'.
'&userseditid='.$id.
'&selectedtab='. text('software_by_user') .
'&usersoftwarerights=deny&usersoftwareid='.$row['id'].'">'.
'<img src="'.BASE_URL.'images/delete_small.gif" border="0" alt="'.text('delete').'" /></a>' );
}
$table->add_row( $array );
}
if( $ok ) {
$dot = '<img src="'.BASE_URL.'images/dot_green.gif" border="0" alt="'.text('yes').'" title="'.text('yes').'" />';
}
else {
$dot = '<img src="'.BASE_URL.'images/dot_red.gif" border="0" alt="'.text('no').'" title="'.text('no').'" />';
}
$GLOBALS['tabs']->addDataPanel( $dot . ' ' . text( 'software_by_user' ).' ('.$GLOBALS['db']->num_rows().')', $GLOBALS['box']->data( text( 'software_by_user' ),$content. $table->finish() ) );
return;
}
}
$GLOBALS['relational']->add_table_column( 'title', text( 'title' ), TYPE_STRING( 100 ) | VIS_NO_INDEX | VIS_NO_SEARCH );
$GLOBALS['relational']->add_table_column( 'first_letters', text( 'first_letters' ), TYPE_STRING( 100 ) | VIS_NO_INDEX | VIS_NO_SEARCH );
$GLOBALS['relational']->add_table_column( 'firstname', text( 'firstname' ), TYPE_STRING( 100 ) );
$GLOBALS['relational']->add_table_column( 'middlename', text( 'middlename' ), TYPE_STRING( 100 ) );
$GLOBALS['relational']->add_table_column( 'surname', text( 'surname' ), TYPE_STRING( 100 ) | REL_OBLIGATORY );
$GLOBALS['relational']->add_table_column( 'telnr', text( 'tel_nr' ), TYPE_STRING( 100 ) );
if( USE_SLA )
{
$GLOBALS['relational']->add_table_column( 'sla_level_id', text( 'sla_levels' ), TYPE_JOIN( 'sla_levels', 'name' ) | VIS_NO_INDEX | VIS_NO_SEARCH );
}
$GLOBALS['relational']->add_line( text( 'user_login' ) );
$GLOBALS['relational']->add_table_column( 'loginname', text( 'loginname' ), TYPE_STRING( 255 ) | REL_UNIQUE );
$GLOBALS['relational']->add_table_column( 'password', text( 'password' ), TYPE_SECURE( 100 ) | VIS_NO_INDEX | VIS_NO_SEARCH );
$GLOBALS['relational']->add_table_column( 'email', text( 'email_address' ), TYPE_STRING( 200 ) | VIS_NO_INDEX | VIS_NO_SEARCH );
$GLOBALS['relational']->add_line( text( 'user_groups' ) );
$GLOBALS['relational']->add_table_column( 'group_id', text( 'group' ), TYPE_JOIN( 'groups', 'name', $uls_groups_limiter ) );
$GLOBALS['relational']->add_table_column( 'department_id', text( 'department' ), TYPE_JOIN( 'departments', 'name', $uls_departments_limiter ) );
// Show new location search button
if( isset( $_GET['usersaction'] ) && ( ( $_GET['usersaction']=='edit' ) || ( $_GET['usersaction']=='add' ) ) ) {
$GLOBALS['relational']->add_line( text( 'user_location' ) . '<input type="button" name="newlocationsearchbutton" onclick="javascript:newlocationsearch();" value="' . text( 'new' ) . '">' );
}
else {
$GLOBALS['relational']->add_line( text( 'user_location' ) );
}
$GLOBALS['relational']->add_table_column( 'organisation_id', text( 'organisation' ), TYPE_JOIN( 'organisation', 'name', $uls_organisations_limiter ) | EVENT( 'onchange="selected_organisation( this.value );"' ) );
$GLOBALS['relational']->add_table_column( 'building_id', text( 'building' ), TYPE_JOIN( 'buildings', 'name', $uls_buildings_limiter ) | EVENT( 'onchange="selected_building( this.value );"' ) );
$GLOBALS['relational']->add_table_column( 'rooms_id', text( 'room' ), TYPE_SEARCH_JOIN( 'rooms', 'name', $uls_rooms_limiter ) | EVENT( 'selected_room(this.value)' ) );
$GLOBALS['relational']->add_table_column( 'loc_telnr', text( 'loc_tel_nr' ), TYPE_STRING( 100 ) | VIS_NO_INDEX | VIS_NO_SEARCH );
$GLOBALS['relational']->add_table_column( 'notes', text( 'notes' ), TYPE_TEXT() | VIS_NO_INDEX | VIS_NO_SEARCH );
if ( $GLOBALS['security']->is_admin )
{
$GLOBALS['relational']->add_line( text( 'user_admin_only' ) );
$GLOBALS['relational']->add_table_column( 'may_log_in', text( 'may_log_in' ), TYPE_BOOLEAN );
$GLOBALS['relational']->add_table_column( 'is_admin', text( 'is_admin' ), TYPE_BOOLEAN );
$GLOBALS['relational']->add_table_column( 'global_view', text( 'global_view' ), TYPE_BOOLEAN | VIS_NO_INDEX | VIS_NO_SEARCH );
}
$GLOBALS['relational']->manage( 'users', $title, ORDER_BY( 'surname' ) | $limits | $uls_manage_limiter );
$coreapm->finish();
?>