X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=includes%2Faccess_levels.inc;fp=includes%2Faccess_levels.inc;h=4a43331af7f09de0cf253ffeddff98354890fcca;hb=e933b7e5bcdf8cddd62778abfb373564388c2485;hp=b35890bd7df3e1ffcea909e773036d680309a5f5;hpb=9b34080c323f3090fe20493a2374b5aa19d94385;p=fa-stable.git

diff --git a/includes/access_levels.inc b/includes/access_levels.inc
index b35890bd..4a43331a 100644
--- a/includes/access_levels.inc
+++ b/includes/access_levels.inc
@@ -19,6 +19,10 @@
 	Every security section can contain up to 256 different areas.
 	External modules can extend security roles system by adding rows to 
 	$security_sections and $security_areas using section codes >=100.
+	Security areas and sections created by extension modules/plugins
+	have dynamically assigned 3-byte integer codes. The highest byte is zero
+	for sections/areas defined in this file, and extid+1 for those defined 
+	by extensions 
 */
 define('SS_SADMIN',	1<<8);	// site admin
 define('SS_SETUP',	2<<8);	// company level setup
@@ -245,15 +249,57 @@ $security_areas =array(
 	. on any page with non-standard security areas
 	. in security roles editor
 	The call should be placed between session.inc inclusion and page() call.
+	Up to 155 security sections and 155 security areas for any extension can be installed.
 */
 function add_access_extensions()
 {
-	global $path_to_root, $security_areas, $security_sections, $installed_extensions;
+	global $security_areas, $security_sections, $installed_extensions;
 
-	foreach($installed_extensions as $ext) {
-		if (@$ext['active'] && isset($ext['acc_file']))
-			include($path_to_root.($ext['type'] == 'plugin' ? '/modules/':'/').$ext['path'].'/'.$ext['acc_file']);
+	foreach($installed_extensions as $extid => $ext) {
+		$scode = 100;
+		$acode = 100;
+		$accext = get_access_extensions($extid);
+		$extsections = $accext[1];
+		$extareas = $accext[0];
+		$extcode = $extid<<16;
+		
+		$trans = array();
+		foreach($extsections as $code =>$name) {
+			$trans[$code] = $scode<<8;
+			// reassign section codes
+			$security_sections[$trans[$code]|$extcode] = $name;
+			$scode++;
+		}
+		foreach($extareas as $code => $area) {
+			$section = $area[0]&0xff00;
+			// extension modules:
+			// if area belongs to nonstandard section
+			// use translated section codes and
+			// preserve lower part of area code
+			if (isset($trans[$section])) {
+				$section = $trans[$section];
+			} 
+				// otherwise assign next available
+				// area code >99
+			$area[0] = $extcode | $section | ($acode++);
+			$security_areas[$code] = $area;
+		}
 	}
 }
+/*
+	Helper function to retrieve extension access definitions in isolated environment.
+*/
+function get_access_extensions($id) {
+	global $path_to_root, $installed_extensions;
+	
+	$ext = $installed_extensions[$id];
+	
+	$security_sections = $security_areas = array();
+	
+	if (isset($ext['acc_file']))
+		include($path_to_root.($ext['type'] == 'plugin' ? '/modules/':'/').$ext['path'].'/'.$ext['acc_file']);
+
+	return array($security_areas, $security_sections);
+}
 
 ?>
\ No newline at end of file