Every security section can contain up to 256 different areas.
External modules can extend security roles system by adding rows to
$security_sections and $security_areas using section codes >=100.
+ Security areas and sections created by extension modules/plugins
+ have dynamically assigned 3-byte integer codes. The highest byte is zero
+ for sections/areas defined in this file, and extid+1 for those defined
+ by extensions
*/
define('SS_SADMIN', 1<<8); // site admin
define('SS_SETUP', 2<<8); // company level setup
SS_ITEMS => _("Inventory operations"),
SS_ITEMS_A => _("Inventory analytics"),
SS_MANUF_C => _("Manufacturing configuration"),
- SS_MANUF => _("Manufacturing transations"),
+ SS_MANUF => _("Manufacturing transactions"),
SS_MANUF_A => _("Manufacturing analytics"),
+ SS_DIM_C => _("Dimensions configuration"),
SS_DIM => _("Dimensions"),
SS_GL_C => _("Banking & GL configuration"),
SS_GL => _("Banking & GL transactions"),
'SA_INVENTORYMOVETYPE' => array(SS_SETUP|11, _("Inventory movement types")),
'SA_WORKCENTRES' => array(SS_SETUP|12, _("Manufacture work centres")),
'SA_FORMSETUP' => array(SS_SETUP|13, _("Forms setup")),
+ 'SA_CRMCATEGORY' => array(SS_SETUP|14, _("Contact categories")),
//
// Special and common functions
//
'SA_BACKUP' => array(SS_SPEC|2, _("Database backup/restore")),
'SA_VIEWPRINTTRANSACTION' => array(SS_SPEC|3, _("Common view/print transactions interface")),
'SA_ATTACHDOCUMENT' => array(SS_SPEC|4, _("Attaching documents")),
- 'SA_SETUPDISPLAY' => array(SS_SPEC|5, _("Display preferences")), //???
- 'SA_CHGPASSWD' => array(SS_SPEC|6, _("Password changes")), //???
-
+ 'SA_SETUPDISPLAY' => array(SS_SPEC|5, _("Display preferences")),
+ 'SA_CHGPASSWD' => array(SS_SPEC|6, _("Password changes")),
+ 'SA_EDITOTHERSTRANS' => array(SS_SPEC|7, _("Edit other users transactions")),
//
// Sales related functionality
//
'SA_SALESTRANSVIEW' => array(SS_SALES|1, _("Sales transactions view")),
'SA_CUSTOMER' => array(SS_SALES|2, _("Sales customer and branches changes")),
+ 'SA_SALESQUOTE' => array(SS_SALES|10, _("Sales quotations")),
'SA_SALESORDER' => array(SS_SALES|3, _("Sales orders edition")),
'SA_SALESDELIVERY' => array(SS_SALES|4, _("Sales deliveries edition")),
'SA_SALESINVOICE' => array(SS_SALES|5, _("Sales invoices edition")),
'SA_SUPPLIERALLOC' => array(SS_PURCH|8, _("Supplier payments allocations")),
'SA_SUPPLIERANALYTIC' => array(SS_PURCH_A|1, _("Supplier analytical reports")),
- 'SA_SUPPBULKREP' => array(SS_SALES_A|2, _("Supplier document bulk reports")),
+ 'SA_SUPPBULKREP' => array(SS_PURCH_A|2, _("Supplier document bulk reports")),
'SA_SUPPPAYMREP' => array(SS_PURCH_A|3, _("Supplier payments report")),
//
// Inventory
'SA_WORKORDERANALYTIC' => array(SS_MANUF_A|1, _("Work order analytical reports and inquiries")),
'SA_WORKORDERCOST' => array(SS_MANUF_A|2, _("Manufacturing cost inquiry")),
- 'SA_MANUFBULKREP' => array(SS_SALES_A|3, _("Work order bulk reports")),
+ 'SA_MANUFBULKREP' => array(SS_MANUF_A|3, _("Work order bulk reports")),
'SA_BOMREP' => array(SS_MANUF_A|4, _("Bill of materials reports")),
//
// Dimensions
//
+ 'SA_DIMTAGS' => array(SS_DIM_C|1, _("Dimension tags")),
+
'SA_DIMTRANSVIEW' => array(SS_DIM|1, _("Dimension view")),
'SA_DIMENSION' => array(SS_DIM|2, _("Dimension entry")),
'SA_CURRENCY' => array(SS_GL_C|6, _("Currencies")),
'SA_BANKACCOUNT' => array(SS_GL_C|7, _("Bank accounts")),
'SA_TAXRATES' => array(SS_GL_C|8, _("Tax rates")),
- 'SA_TAXGROUPS' => array(SS_GL_C|8, _("Tax groups")),
+ 'SA_TAXGROUPS' => array(SS_GL_C|12, _("Tax groups")),
'SA_FISCALYEARS' => array(SS_GL_C|9, _("Fiscal years maintenance")),
'SA_GLSETUP' => array(SS_GL_C|10, _("Company GL setup")),
+ 'SA_GLACCOUNTTAGS' => array(SS_GL_C|11, _("GL Account tags")),
+ 'SA_GLCLOSE' => array(SS_GL_C|14, _("Closing GL transactions")),
+ 'SA_GLREOPEN' => array(SS_GL_C|15, _("Reopening GL transactions")), // see below
+ 'SA_MULTIFISCALYEARS' => array(SS_GL_C|13, _("Allow entry on non closed Fiscal years")),
'SA_BANKTRANSVIEW' => array(SS_GL|1, _("Bank transactions view")),
'SA_GLTRANSVIEW' => array(SS_GL|2, _("GL postings view")),
'SA_BANKJOURNAL' => array(SS_GL|11, _("Journal entries to bank related accounts")),
'SA_BUDGETENTRY' => array(SS_GL|9, _("Budget edition")),
'SA_STANDARDCOST' => array(SS_GL|10, _("Item standard costs")),
+ 'SA_ACCRUALS' => array(SS_GL|12, _("Revenue / Cost Accruals")),
'SA_GLANALYTIC' => array(SS_GL_A|1, _("GL analytical reports and inquiries")),
'SA_TAXREP' => array(SS_GL_A|2, _("Tax reports and inquiries")),
'SA_BANKREP' => array(SS_GL_A|3, _("Bank reports and inquiries")),
'SA_GLREP' => array(SS_GL_A|4, _("GL reports and inquiries")),
);
+
+if (!@$allow_gl_reopen)
+ unset($security_areas['SA_GLREOPEN']);
/*
This function should be called whenever we want to extend core access level system
with new security areas and/or sections i.e.:
. on any page with non-standard security areas
. in security roles editor
+ The call should be placed between session.inc inclusion and page() call.
+ Up to 155 security sections and 155 security areas for any extension can be installed.
*/
function add_access_extensions()
{
- global $path_to_root, $security_areas, $security_sections;
-
- // Add extension private access levels
- include($path_to_root.'/company/'.user_company().'/installed_extensions.php');
- foreach($installed_extensions as $ext) {
- if (@$ext['active'] && isset($ext['acc_file']))
- include($path_to_root.($ext['type'] == 'plugin' ? '/modules/':'/').$ext['path'].'/'.$ext['acc_file']);
+ global $security_areas, $security_sections, $installed_extensions;
+
+ foreach($installed_extensions as $extid => $ext) {
+ $accext = hook_invoke($ext['package'], 'install_access', $dummy);
+ if ($accext == null) continue;
+
+ $scode = 100;
+ $acode = 100;
+ $extsections = $accext[1];
+ $extareas = $accext[0];
+ $extcode = $extid<<16;
+
+ $trans = array();
+ foreach($extsections as $code =>$name) {
+ $trans[$code] = $scode<<8;
+ // reassign section codes
+ $security_sections[$trans[$code]|$extcode] = $name;
+ $scode++;
+ }
+ foreach($extareas as $code => $area) {
+ $section = $area[0]&0xff00;
+ // extension modules:
+ // if area belongs to nonstandard section
+ // use translated section codes and
+ // preserve lower part of area code
+ if (isset($trans[$section])) {
+ $section = $trans[$section];
+ }
+ // otherwise assign next available
+ // area code >99
+ $area[0] = $extcode | $section | ($acode++);
+ $security_areas[$code] = $area;
+ }
}
}
+/*
+ Helper function to retrieve extension access definitions in isolated environment.
+*/
+/*
+function get_access_extensions($id) {
+ global $path_to_root, $installed_extensions;
+
+ $ext = $installed_extensions[$id];
+
+ $security_sections = $security_areas = array();
+
+ if (isset($ext['acc_file']))
+ include_once($path_to_root.'/'.$ext['path'].'/'.$ext['acc_file']);
+
+ return array($security_areas, $security_sections);
+}
+*/
?>
\ No newline at end of file