X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=admin%2Fsecurity_roles.php;h=4b438091f237794d6cfce657ea247aed74b7f2a1;hb=7226477a2624571ba8460f773092f6e38bbc46f3;hp=e0aaab9a15504b3da19d5028f93d99a72930f899;hpb=3e2f1b46bb33c1720b4373f324f6126ca26d2ac7;p=fa-stable.git diff --git a/admin/security_roles.php b/admin/security_roles.php index e0aaab9a..4b438091 100644 --- a/admin/security_roles.php +++ b/admin/security_roles.php @@ -9,11 +9,13 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 20; -$path_to_root=".."; +$page_security = 'SA_SECROLES'; +$path_to_root = ".."; include_once($path_to_root . "/includes/session.inc"); -page(_("Access setup")); +add_access_extensions(); + +page(_($help_context = "Access setup")); include_once($path_to_root . "/includes/ui.inc"); include_once($path_to_root . "/includes/access_levels.inc"); @@ -21,6 +23,27 @@ include_once($path_to_root . "/admin/db/security_db.inc"); $new_role = get_post('role')=='' || get_post('cancel') || get_post('clone'); //-------------------------------------------------------------------------------------------------- +// Following compare function is used for sorting areas +// in such a way that security areas defined by module/plugin +// is properly placed under related section regardless of +// unique extension number, with order inside sections preserved. +// +function comp_areas($area1, $area2) +{ + $sec_comp = ($area1[0]&0xff00)-($area2[0]&0xff00); + return $sec_comp == 0 ? ($area1[2]-$area2[2]) : $sec_comp; +} + +function sort_areas($areas) +{ + $old_order = 0; + foreach($areas as $key => $area) { + $areas[$key][] = $old_order++; + } + uasort($areas,'comp_areas'); + return $areas; +} +//-------------------------------------------------------------------------------------------------- if (list_updated('role')) { $Ajax->activate('details'); $Ajax->activate('controls'); @@ -46,27 +69,44 @@ if (get_post('addupdate')) display_error( _("Role name cannot be empty.")); set_focus('name'); } - + // prevent accidental editor lockup by removing SA_SECROLES + if (get_post('role') == $_SESSION['wa_current_user']->access) { + if (!isset($_POST['Area'.$security_areas['SA_SECROLES'][0]]) + || !isset($_POST['Section'.SS_SETUP])) { + display_error(_("Access level edition in Company setup section have to be enabled for your account.")); + $input_error = 1; + set_focus(!isset($_POST['Section'.SS_SETUP]) + ? 'Section'.SS_SETUP : 'Area'.$security_areas['SA_SECROLES'][0]); + } + } + if ($input_error == 0) { - $modules = array(); + $sections = array(); $areas = array(); foreach($_POST as $p =>$val) { - if (substr($p,0,4) == 'Area') - $areas[] = substr($p, 4); - if (substr($p,0,6) == 'Module') - $modules[] = substr($p, 6); + if (substr($p,0,4) == 'Area' && $val == 1) { + $a = substr($p, 4); + if (($a&~0xffff) && (($a&0xff00)<(99<<8))) { + $sections[] = $a&~0xff; // add extended section for plugins + } + $areas[] = (int)$a; + } + if (substr($p,0,7) == 'Section' && $val == 1) + $sections[] = (int)substr($p, 7); } - sort($areas); - sort($modules); +// $areas = sort_areas($areas); + + $sections = array_values($sections); + if ($new_role) { - add_security_role($_POST['name'], $_POST['description'], $modules, $areas); + add_security_role($_POST['name'], $_POST['description'], $sections, $areas); display_notification(_("New security role has been added.")); } else { update_security_role($_POST['role'], $_POST['name'], $_POST['description'], - $modules, $areas); + $sections, $areas); update_record_status($_POST['role'], get_post('inactive'), 'security_roles', 'id'); @@ -101,25 +141,23 @@ if (get_post('cancel')) if (!isset($_POST['role']) || get_post('clone') || list_updated('role')) { $id = get_post('role'); $clone = get_post('clone'); - clear_data(); + + unset($_POST); if ($id) { $row = get_security_role($id); $_POST['description'] = $row['description']; $_POST['name'] = $row['role']; -// if ($row['inactive'] -// $_POST['inactive'] = 1; - $_POST['inactive'] = $row['inactive']; $access = $row['areas']; - $modules = $row['modules']; + $sections = $row['sections']; } else { $_POST['description'] = $_POST['name'] = ''; unset($_POST['inactive']); - $access = $modules = array(); + $access = $sections = array(); } foreach($access as $a) $_POST['Area'.$a] = 1; - foreach($modules as $m) $_POST['Module'.$m] = 1; + foreach($sections as $s) $_POST['Section'.$s] = 1; if($clone) { set_focus('name'); @@ -132,10 +170,10 @@ if (!isset($_POST['role']) || get_post('clone') || list_updated('role')) { start_form(); -start_table("class='tablestyle_noborder'"); +start_table(TABLESTYLE_NOBORDER); start_row(); security_roles_list_cells(_("Role:"). " ", 'role', null, true, true, check_value('show_inactive')); -//$new_role = get_post('role')==''; +$new_role = get_post('role')==''; check_cells(_("Show inactive:"), 'show_inactive', null, true); end_row(); end_table(); @@ -145,51 +183,62 @@ if (get_post('_show_inactive_update')) { $Ajax->activate('role'); set_focus('role'); } -if (find_submit('_Module')) { +if (find_submit('_Section')) { $Ajax->activate('details'); -// set_focus(''); } //----------------------------------------------------------------------------------------------- div_start('details'); -start_table($table_style2); +start_table(TABLESTYLE2); text_row(_("Role name:"), 'name', null, 20, 22); text_row(_("Role description:"), 'description', null, 50, 52); record_status_list_row(_("Current status:"), 'inactive'); end_table(1); - start_table("$table_style width=50%"); + start_table(TABLESTYLE, "width='40%'"); $k = $j = 0; //row colour counter - $m = 0; - foreach($security_areas as $area =>$descr ) { - if (($area&~0xff) != $m) - { // features set selection - $m = $area & ~0xff; - label_row(sprintf(_("%s features:"), $security_modules[$m]), - checkbox( null, 'Module'.$m, null, true, - _("Set access to security features area")), - "class='tableheader2'", "class='tableheader'"); - } - if (check_value('Module'.$m)) { + $ext = $sec = $m = -1; + + foreach(sort_areas($security_areas) as $area =>$parms ) { + // system setup areas are accessable only for site admins i.e. + // admins of first registered company + if (user_company() && (($parms[0]&0xff00) == SS_SADMIN)) continue; + + $newsec = ($parms[0]>>8)&0xff; + $newext = $parms[0]>>16; + if ($newsec != $sec || (($newext != $ext) && ($newsec>99))) + { // features set selection + $ext = $newext; + $sec = $newsec; + $m = $parms[0] & ~0xff; + label_row($security_sections[$m].':', + checkbox( null, 'Section'.$m, null, true, + _("On/off set of features")), + "class='tableheader2'", "class='tableheader'"); + } + if (check_value('Section'.$m)) { alt_table_row_color($k); - check_cells($descr, 'Area'.$area, null, + check_cells($parms[1], 'Area'.$parms[0], null, false, '', "align='center'"); - end_row(); - } else { - hidden('Area'.$area); - } - } + end_row(); + } else { + hidden('Area'.$parms[0]); + } + } end_table(1); div_end(); div_start('controls'); + if ($new_role) { - submit_center('addupdate', _("Insert New Role"), true, '', 'default'); + submit_center_first('Update', _("Update view"), '', null); + submit_center_last('addupdate', _("Insert New Role"), '', 'default'); } else { - submit_center_first('addupdate', _("Update Role"), '', 'default'); + submit_center_first('addupdate', _("Save Role"), '', 'default'); + submit('Update', _("Update view"), true, '', null); submit('clone', _("Clone This Role"), true, '', true); submit('delete', _("Delete This Role"), true, '', true); submit_center_last('cancel', _("Cancel"), _("Cancel Edition"), 'cancel'); @@ -200,4 +249,3 @@ div_end(); end_form(); end_page(); -?>