X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=admin%2Fsecurity_roles.php;h=8ca8ce2d6dd67068c54df810b2cfea27de858b63;hb=476226e78351273b99c9d38a6324b93400c460c0;hp=a6792f863da9417508b390388a1879c5bc5a19c7;hpb=07a0b37ca7360c5dbb058f5a0ba4c5752671dda7;p=fa-stable.git diff --git a/admin/security_roles.php b/admin/security_roles.php index a6792f86..8ca8ce2d 100644 --- a/admin/security_roles.php +++ b/admin/security_roles.php @@ -23,6 +23,27 @@ include_once($path_to_root . "/admin/db/security_db.inc"); $new_role = get_post('role')=='' || get_post('cancel') || get_post('clone'); //-------------------------------------------------------------------------------------------------- +// Following compare function is used for sorting areas +// in such a way that security areas defined by module/plugin +// is properly placed under related section regardless of +// unique extension number, with order inside sections preserved. +// +function comp_areas($area1, $area2) +{ + $sec_comp = ($area1[0]&0xff00)-($area2[0]&0xff00); + return $sec_comp == 0 ? ($area1[2]-$area2[2]) : $sec_comp; +} + +function sort_areas($areas) +{ + $old_order = 0; + foreach($areas as $key => $area) { + $areas[$key][] = $old_order++; + } + uasort($areas,'comp_areas'); + return $areas; +} +//-------------------------------------------------------------------------------------------------- if (list_updated('role')) { $Ajax->activate('details'); $Ajax->activate('controls'); @@ -48,19 +69,36 @@ if (get_post('addupdate')) display_error( _("Role name cannot be empty.")); set_focus('name'); } - + // prevent accidental editor lockup by removing SA_SECROLES + if (get_post('role') == $_SESSION['wa_current_user']->access) { + if (!isset($_POST['Area'.$security_areas['SA_SECROLES'][0]]) + || !isset($_POST['Section'.SS_SETUP])) { + display_error(_("Access level edition in Company setup section have to be enabled for your account.")); + $input_error = 1; + set_focus(!isset($_POST['Section'.SS_SETUP]) + ? 'Section'.SS_SETUP : 'Area'.$security_areas['SA_SECROLES'][0]); + } + } + if ($input_error == 0) { $sections = array(); $areas = array(); foreach($_POST as $p =>$val) { - if (substr($p,0,4) == 'Area') - $areas[] = substr($p, 4); + if (substr($p,0,4) == 'Area') { + $a = substr($p, 4); + if (($a&~0xffff) && (($a&0xff00)<(99<<8))) { + $sections[] = $a&~0xff; // add extended section for plugins + } + $areas[] = $a; + } if (substr($p,0,7) == 'Section') $sections[] = substr($p, 7); } - sort($areas); - sort($sections); +// $areas = sort_areas($areas); + + $sections = array_values($sections); + if ($new_role) { add_security_role($_POST['name'], $_POST['description'], $sections, $areas); @@ -103,7 +141,7 @@ if (get_post('cancel')) if (!isset($_POST['role']) || get_post('clone') || list_updated('role')) { $id = get_post('role'); $clone = get_post('clone'); -// clear_data(); + unset($_POST); if ($id) { $row = get_security_role($id); @@ -150,7 +188,6 @@ if (get_post('_show_inactive_update')) { } if (find_submit('_Section')) { $Ajax->activate('details'); -// set_focus(''); } //----------------------------------------------------------------------------------------------- div_start('details'); @@ -163,12 +200,22 @@ end_table(1); start_table("$table_style width=40%"); $k = $j = 0; //row colour counter - $m = 0; - asort($security_areas); // in the case installed external modules has added some lines - foreach($security_areas as $area =>$parms ) { - if (($parms[0]&~0xff) != $m) + $ext = $sec = $m = -1; + + foreach(sort_areas($security_areas) as $area =>$parms ) { + // system setup areas are accessable only for site admins i.e. + // admins of first registered company + if (user_company() && (($parms[0]&0xff00) == SS_SADMIN)) continue; + + $newsec = ($parms[0]>>8)&0xff; + $newext = $parms[0]>>16; + if ($newsec != $sec || (($newext != $ext) && ($newsec>99))) { // features set selection + $ext = $newext; + $sec = $newsec; $m = $parms[0] & ~0xff; +// if(!isset($security_sections[$m])) +// display_error(sprintf("Bad section %X:", $m)); label_row($security_sections[$m].':', checkbox( null, 'Section'.$m, null, true, _("On/off set of features")),