X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=includes%2Faccess_levels.inc;h=62a71cb61d4f334cefe22364f91cc618b936331a;hb=ab24fcc549bb72e495fb85e5dcad41bc14d85b7d;hp=5e807ecda9d95b5c3f8ba9a27668c3ba5953a938;hpb=72135bb110cbcada805381e373c3e853ea888d55;p=fa-stable.git diff --git a/includes/access_levels.inc b/includes/access_levels.inc index 5e807ecd..62a71cb6 100644 --- a/includes/access_levels.inc +++ b/includes/access_levels.inc @@ -9,262 +9,348 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ +/* + Security sections groups various areas on both functionality and privilege levels. + Often analytic inquires are available only for management, and configuration + for administration or management staff. This is why we have those three + section type inside near every FA module. + + Section codes 0-99 are reserved for core FA functionalities. + Every security section can contain up to 256 different areas. + External modules can extend security roles system by adding rows to + $security_sections and $security_areas using section codes >=100. + Security areas and sections created by extension modules/plugins + have dynamically assigned 3-byte integer codes. The highest byte is zero + for sections/areas defined in this file, and extid+1 for those defined + by extensions +*/ +define('SS_SADMIN', 1<<8); // site admin +define('SS_SETUP', 2<<8); // company level setup +define('SS_SPEC', 3<<8); // special administration + +define('SS_SALES_C',11<<8); // configuration +define('SS_SALES', 12<<8); // transactions +define('SS_SALES_A',13<<8); // analytic functions/reports/inquires + +define('SS_PURCH_C',21<<8); +define('SS_PURCH', 22<<8); +define('SS_PURCH_A',23<<8); + +define('SS_ITEMS_C',31<<8); +define('SS_ITEMS', 32<<8); +define('SS_ITEMS_A',33<<8); + +define('SS_ASSETS_C',36<<8); +define('SS_ASSETS', 37<<8); +define('SS_ASSETS_A',38<<8); + +define('SS_MANUF_C',41<<8); +define('SS_MANUF', 42<<8); +define('SS_MANUF_A',43<<8); + +define('SS_DIM_C', 51<<8); +define('SS_DIM', 52<<8); +define('SS_DIM_A', 53<<8); + +define('SS_GL_C', 61<<8); +define('SS_GL', 62<<8); +define('SS_GL_A', 63<<8); + +$security_sections = array( + SS_SADMIN => _("System administration"), + SS_SETUP => _("Company setup"), + SS_SPEC => _("Special maintenance"), + SS_SALES_C => _("Sales configuration"), + SS_SALES => _("Sales transactions"), + SS_SALES_A => _("Sales related reports"), + SS_PURCH_C => _("Purchase configuration"), + SS_PURCH => _("Purchase transactions"), + SS_PURCH_A => _("Purchase analytics"), + SS_ITEMS_C => _("Inventory configuration"), + SS_ITEMS => _("Inventory operations"), + SS_ITEMS_A => _("Inventory analytics"), + SS_ASSETS_C => _("Fixed Assets configuration"), + SS_ASSETS => _("Fixed Assets operations"), + SS_ASSETS_A => _("Fixed Assets analytics"), + SS_MANUF_C => _("Manufacturing configuration"), + SS_MANUF => _("Manufacturing transactions"), + SS_MANUF_A => _("Manufacturing analytics"), + SS_DIM_C => _("Dimensions configuration"), + SS_DIM => _("Dimensions"), + SS_GL_C => _("Banking & GL configuration"), + SS_GL => _("Banking & GL transactions"), + SS_GL_A => _("Banking & GL analytics") +); + +/* + This table stores security areas available in FA. + Key is area identifier used to check user rights, values are + codes stored for each role in security_roles table and description used + in roles editor. + + Set of allowed access areas codes is retrieved during user login from + security_roles table, and cached in user profile. + + Special value 'SA_OPEN' is used for publicly available pages like login/logout. +*/ +$security_areas =array( // -// Access areas used in FrontAccounting. -// Constants defined below should be used wherever access rights for current -// user are checked. Set of allowed access areas is retrieved during login from -// security_roles table using role granted to user as a key, and stored -// in user profile for use during login session. -// -//---------------------------------------------------------------------------------- -// Sales module +// Site administration // -define('SA_CUSTOMER', 101); -define('SA_SALESGROUP', 102); -define('SA_PRICE', 103); -define('SA_SALESMAN', 104); -define('SA_SALESAREA', 105); -define('SA_STATUS', 106); -define('SA_STEMPLATE', 107); -define('SA_SRECCURENT', 108); - -define('SA_SALESORDER', 111); -define('SA_SALESDELIVERY', 112); -define('SA_SALESINVOICE', 113); -define('SA_SALESCREDITINV', 114); -define('SA_SALESCREDIT', 115); -define('SA_SALESPAYMNT', 116); - -define('SA_SALESALLOC', 121); -define('SA_SALESANALYTIC', 122); -define('SA_SALESMANREP', 123); -define('SA_SALESVARREP', 124); - + 'SA_CREATECOMPANY' =>array(SS_SADMIN|1, _("Install/update companies")), + 'SA_CREATELANGUAGE' => array(SS_SADMIN|2, _("Install/update languages")), + 'SA_CREATEMODULES' => array(SS_SADMIN|3, _("Install/upgrade modules")), + 'SA_SOFTWAREUPGRADE' => array(SS_SADMIN|4, _("Software upgrades")), // -// Purchasing module +// Company setup // -define('SA_SUPPLIER', 201); + 'SA_SETUPCOMPANY' => array(SS_SETUP|1, _("Company parameters")), + 'SA_SECROLES' => array(SS_SETUP|2, _("Access levels edition")), + 'SA_USERS' => array(SS_SETUP|3, _("Users setup")), + 'SA_POSSETUP' => array(SS_SETUP|4, _("Point of sales definitions")), + 'SA_PRINTERS' => array(SS_SETUP|5, _("Printers configuration")), + 'SA_PRINTPROFILE' => array(SS_SETUP|6, _("Print profiles")), + 'SA_PAYTERMS' => array(SS_SETUP|7, _("Payment terms")), + 'SA_SHIPPING' => array(SS_SETUP|8, _("Shipping ways")), + 'SA_CRSTATUS' => array(SS_SETUP|9, _("Credit status definitions changes")), + 'SA_INVENTORYLOCATION' => array(SS_SETUP|10, _("Inventory locations changes")), + 'SA_INVENTORYMOVETYPE' => array(SS_SETUP|11, _("Inventory movement types")), + 'SA_WORKCENTRES' => array(SS_SETUP|12, _("Manufacture work centres")), + 'SA_FORMSETUP' => array(SS_SETUP|13, _("Forms setup")), + 'SA_CRMCATEGORY' => array(SS_SETUP|14, _("Contact categories")), +// +// Special and common functions +// + 'SA_VOIDTRANSACTION' => array(SS_SPEC|1, _("Voiding transactions")), + 'SA_BACKUP' => array(SS_SPEC|2, _("Database backup/restore")), + 'SA_VIEWPRINTTRANSACTION' => array(SS_SPEC|3, _("Common view/print transactions interface")), + 'SA_ATTACHDOCUMENT' => array(SS_SPEC|4, _("Attaching documents")), + 'SA_SETUPDISPLAY' => array(SS_SPEC|5, _("Display preferences")), + 'SA_CHGPASSWD' => array(SS_SPEC|6, _("Password changes")), + 'SA_EDITOTHERSTRANS' => array(SS_SPEC|7, _("Edit other users transactions")), +// +// Sales related functionality +// + 'SA_SALESTYPES' => array(SS_SALES_C|1, _("Sales types")), + 'SA_SALESPRICE' => array(SS_SALES_C|2, _("Sales prices edition")), + 'SA_SALESMAN' => array(SS_SALES_C|3, _("Sales staff maintenance")), + 'SA_SALESAREA' => array(SS_SALES_C|4, _("Sales areas maintenance")), + 'SA_SALESGROUP' => array(SS_SALES_C|5, _("Sales groups changes")), + 'SA_STEMPLATE' => array(SS_SALES_C|6, _("Sales templates")), + 'SA_SRECURRENT' => array(SS_SALES_C|7, _("Recurrent invoices definitions")), -define('SA_PURCHASEORDER', 211); -define('SA_GRN', 212); -define('SA_SUPPLIERINVOICE', 213); -define('SA_SUPPLIERCREDIT', 214); -define('SA_SUPPLIERPAYMNT', 215); + 'SA_SALESTRANSVIEW' => array(SS_SALES|1, _("Sales transactions view")), + 'SA_CUSTOMER' => array(SS_SALES|2, _("Sales customer and branches changes")), + 'SA_SALESQUOTE' => array(SS_SALES|10, _("Sales quotations")), + 'SA_SALESORDER' => array(SS_SALES|3, _("Sales orders edition")), + 'SA_SALESDELIVERY' => array(SS_SALES|4, _("Sales deliveries edition")), + 'SA_SALESINVOICE' => array(SS_SALES|5, _("Sales invoices edition")), + 'SA_SALESCREDITINV' => array(SS_SALES|6, _("Sales credit notes against invoice")), + 'SA_SALESCREDIT' => array(SS_SALES|7, _("Sales freehand credit notes")), + 'SA_SALESPAYMNT' => array(SS_SALES|8, _("Customer payments entry")), + 'SA_SALESALLOC' => array(SS_SALES|9, _("Customer payments allocation")), -define('SA_SUPPLIERALLOC', 221); -define('SA_SUPPLIERANALYTIC', 222); -define('SA_SUPPLIERMANREP', 223); -define('SA_SUPPLIERVARREP', 224); + 'SA_SALESANALYTIC' => array(SS_SALES_A|1, _("Sales analytical reports")), + 'SA_SALESBULKREP' => array(SS_SALES_A|2, _("Sales document bulk reports")), + 'SA_PRICEREP' => array(SS_SALES_A|3, _("Sales prices listing")), + 'SA_SALESMANREP' => array(SS_SALES_A|4, _("Sales staff listing")), + 'SA_CUSTBULKREP' => array(SS_SALES_A|5, _("Customer bulk listing")), + 'SA_CUSTSTATREP' => array(SS_SALES_A|6, _("Customer status report")), + 'SA_CUSTPAYMREP' => array(SS_SALES_A|7, _("Customer payments report")), // -// Inventory module +// Purchase related functions // -define('SA_ITEM', 301); -define('SA_FORITEMCODE', 302); -define('SA_SALESKIT', 303); -define('SA_ITEMCATEGORY', 304); -define('SA_INVENTORYLOCATION', 305); -define('SA_INVENTORYMOVETYPE', 306); -define('SA_ITEMTAXTYPE', 307); -define('SA_UOM', 308); -define('SA_REORDER', 309); - -define('SA_LOCATIONTRANSFER', 311); -define('SA_INVENTORYADJUSTMENT', 312); - -define('SA_ITEMSANALYTIC', 321); -define('SA_ITEMSMANREP', 322); -define('SA_ITEMSVARREP', 323); - -define('SA_SALESPRICING', 331); -define('SA_PURCHASEPRICING', 332); -define('SA_STANDARDCOST', 333); + 'SA_PURCHASEPRICING' => array(SS_PURCH_C|1, _("Purchase price changes")), + + 'SA_SUPPTRANSVIEW' => array(SS_PURCH|1, _("Supplier transactions view")), + 'SA_SUPPLIER' => array(SS_PURCH|2, _("Suppliers changes")), + 'SA_PURCHASEORDER' => array(SS_PURCH|3, _("Purchase order entry")), + 'SA_GRN' => array(SS_PURCH|4, _("Purchase receive")), + 'SA_SUPPLIERINVOICE' => array(SS_PURCH|5, _("Supplier invoices")), + 'SA_GRNDELETE' => array(SS_PURCH|9, _("Deleting GRN items during invoice entry")), + 'SA_SUPPLIERCREDIT' => array(SS_PURCH|6, _("Supplier credit notes")), + 'SA_SUPPLIERPAYMNT' => array(SS_PURCH|7, _("Supplier payments")), + 'SA_SUPPLIERALLOC' => array(SS_PURCH|8, _("Supplier payments allocations")), + 'SA_SUPPLIERANALYTIC' => array(SS_PURCH_A|1, _("Supplier analytical reports")), + 'SA_SUPPBULKREP' => array(SS_PURCH_A|2, _("Supplier document bulk reports")), + 'SA_SUPPPAYMREP' => array(SS_PURCH_A|3, _("Supplier payments report")), // -// Manufacturing module +// Inventory // -define('SA_BOM', 401); -define('SA_WORKCENTRE', 402); + 'SA_ITEM' => array(SS_ITEMS_C|1, _("Stock items add/edit")), + 'SA_SALESKIT' => array(SS_ITEMS_C|2, _("Sales kits")), + 'SA_ITEMCATEGORY' => array(SS_ITEMS_C|3, _("Item categories")), + 'SA_UOM' => array(SS_ITEMS_C|4, _("Units of measure")), -define('SA_WORKORDERENTRY', 411); -define('SA_WORKORDEROPERATION', 412); + 'SA_ITEMSSTATVIEW' => array(SS_ITEMS|1, _("Stock status view")), + 'SA_ITEMSTRANSVIEW' => array(SS_ITEMS|2, _("Stock transactions view")), + 'SA_FORITEMCODE' => array(SS_ITEMS|3, _("Foreign item codes entry")), + 'SA_LOCATIONTRANSFER' => array(SS_ITEMS|4, _("Inventory location transfers")), + 'SA_INVENTORYADJUSTMENT' => array(SS_ITEMS|5, _("Inventory adjustments")), -define('SA_WORKORDERANALYTIC', 421); -define('SA_WORKORDERMANREP', 422); -define('SA_WORKORDERVARREP', 423); + 'SA_REORDER' => array(SS_ITEMS_A|1, _("Reorder levels")), + 'SA_ITEMSANALYTIC' => array(SS_ITEMS_A|2, _("Items analytical reports and inquiries")), + 'SA_ITEMSVALREP' => array(SS_ITEMS_A|3, _("Inventory valuation report")), // -// Dimension module +// Fixed Assets // -define('SA_DIMENSION', 501); + 'SA_ASSET' => array(SS_ASSETS_C|1, _("Fixed Asset items add/edit")), + 'SA_ASSETCATEGORY' => array(SS_ASSETS_C|2, _("Fixed Asset categories")), + 'SA_ASSETCLASS' => array(SS_ASSETS_C|4, _("Fixed Asset classes")), -define('SA_DIMENTIONOPERATION', 511); + 'SA_ASSETSTRANSVIEW' => array(SS_ASSETS|1, _("Fixed Asset transactions view")), + 'SA_ASSETTRANSFER' => array(SS_ASSETS|2, _("Fixed Asset location transfers")), + 'SA_ASSETDISPOSAL' => array(SS_ASSETS|3, _("Fixed Asset disposals")), + 'SA_DEPRECIATION' => array(SS_ASSETS|4, _("Depreciation")), -define('SA_DIMENSIONANALYTIC', 521); -define('SA_DIMENSIONMANREP', 522); -define('SA_DIMENSIONVARREP', 523); + 'SA_ASSETSANALYTIC' => array(SS_ASSETS_A|1, _("Fixed Asset analytical reports and inquiries")), // -// Banking and General Ledger module +// Manufacturing module +// + 'SA_BOM' => array(SS_MANUF_C|1, _("Bill of Materials")), + + 'SA_MANUFTRANSVIEW' => array(SS_MANUF|1, _("Manufacturing operations view")), + 'SA_WORKORDERENTRY' => array(SS_MANUF|2, _("Work order entry")), + 'SA_MANUFISSUE' => array(SS_MANUF|3, _("Material issues entry")), + 'SA_MANUFRECEIVE' => array(SS_MANUF|4, _("Final product receive")), + 'SA_MANUFRELEASE' => array(SS_MANUF|5, _("Work order releases")), + + 'SA_WORKORDERANALYTIC' => array(SS_MANUF_A|1, _("Work order analytical reports and inquiries")), + 'SA_WORKORDERCOST' => array(SS_MANUF_A|2, _("Manufacturing cost inquiry")), + 'SA_MANUFBULKREP' => array(SS_MANUF_A|3, _("Work order bulk reports")), + 'SA_BOMREP' => array(SS_MANUF_A|4, _("Bill of materials reports")), +// +// Dimensions // -define('SA_BANKACCOUNT', 601); -define('SA_QUICKENTRY', 602); -define('SA_CURRENCY', 603); -define('SA_EXCHANGERATE', 604); -define('SA_GLACCOUNT', 605); -define('SA_GLACCOUNTGROUP', 606); -define('SA_GLACCOUNTCLASS', 607); - -define('SA_PAYMENT', 611); -define('SA_DEPOSIT', 612); -define('SA_BANKACCOUNTTRANSFER', 613); -define('SA_JOURNALENTRY', 614); -define('SA_BUDGETENTRY', 615); -define('SA_RECONCILE', 616); - -define('SA_GLANALYTIC', 621); -define('SA_GLMANREP', 622); -define('SA_GLVARREP', 623); + 'SA_DIMTAGS' => array(SS_DIM_C|1, _("Dimension tags")), + + 'SA_DIMTRANSVIEW' => array(SS_DIM|1, _("Dimension view")), + 'SA_DIMENSION' => array(SS_DIM|2, _("Dimension entry")), + + 'SA_DIMENSIONREP' => array(SS_DIM|3, _("Dimension reports")), // -// Setup module +// Banking and General Ledger // -define('SA_SETUPCOMPANY', 701); -define('SA_SETUPUSER', 702); -define('SA_SETUPFORM', 703); -define('SA_SETUPTAX', 704); -define('SA_SETUPFISCALYEAR', 705); -define('SA_PRINTPROFILE', 706); -define('SA_PAYMENTTERM', 707); -define('SA_SHIPPING', 708); -define('SA_SETUPPOS', 709); -define('SA_SETUPPRINTER', 710); - -define('SA_VOIDTRANSACTION', 711); -define('SA_VIEWPRINTTRANSACTION', 712); -define('SA_ATTACHDOCUMENT', 713); -define('SA_BACKUP', 714); -define('SA_CREATECOMPANY', 715); -define('SA_CREATELANGUAGE', 716); -define('SA_CREATEMODULES', 717); -define('SA_SORTWAREUPGRADE', 718); + 'SA_ITEMTAXTYPE' => array(SS_GL_C|1, _("Item tax type definitions")), + 'SA_GLACCOUNT' => array(SS_GL_C|2, _("GL accounts edition")), + 'SA_GLACCOUNTGROUP' => array(SS_GL_C|3, _("GL account groups")), + 'SA_GLACCOUNTCLASS' => array(SS_GL_C|4, _("GL account classes")), + 'SA_QUICKENTRY' => array(SS_GL_C|5, _("Quick GL entry definitions")), + 'SA_CURRENCY' => array(SS_GL_C|6, _("Currencies")), + 'SA_BANKACCOUNT' => array(SS_GL_C|7, _("Bank accounts")), + 'SA_TAXRATES' => array(SS_GL_C|8, _("Tax rates")), + 'SA_TAXGROUPS' => array(SS_GL_C|12, _("Tax groups")), + 'SA_FISCALYEARS' => array(SS_GL_C|9, _("Fiscal years maintenance")), + 'SA_GLSETUP' => array(SS_GL_C|10, _("Company GL setup")), + 'SA_GLACCOUNTTAGS' => array(SS_GL_C|11, _("GL Account tags")), + 'SA_GLCLOSE' => array(SS_GL_C|14, _("Closing GL transactions")), + 'SA_GLREOPEN' => array(SS_GL_C|15, _("Reopening GL transactions")), // see below + 'SA_MULTIFISCALYEARS' => array(SS_GL_C|13, _("Allow entry on non closed Fiscal years")), + + 'SA_BANKTRANSVIEW' => array(SS_GL|1, _("Bank transactions view")), + 'SA_GLTRANSVIEW' => array(SS_GL|2, _("GL postings view")), + 'SA_EXCHANGERATE' => array(SS_GL|3, _("Exchange rate table changes")), + 'SA_PAYMENT' => array(SS_GL|4, _("Bank payments")), + 'SA_DEPOSIT' => array(SS_GL|5, _("Bank deposits")), + 'SA_BANKTRANSFER' => array(SS_GL|6, _("Bank account transfers")), + 'SA_RECONCILE' => array(SS_GL|7, _("Bank reconciliation")), + 'SA_JOURNALENTRY' => array(SS_GL|8, _("Manual journal entries")), + 'SA_BANKJOURNAL' => array(SS_GL|11, _("Journal entries to bank related accounts")), + 'SA_BUDGETENTRY' => array(SS_GL|9, _("Budget edition")), + 'SA_STANDARDCOST' => array(SS_GL|10, _("Item standard costs")), + 'SA_ACCRUALS' => array(SS_GL|12, _("Revenue / Cost Accruals")), + + 'SA_GLANALYTIC' => array(SS_GL_A|1, _("GL analytical reports and inquiries")), + 'SA_TAXREP' => array(SS_GL_A|2, _("Tax reports and inquiries")), + 'SA_BANKREP' => array(SS_GL_A|3, _("Bank reports and inquiries")), + 'SA_GLREP' => array(SS_GL_A|4, _("GL reports and inquiries")), +); +if (!@$SysPrefs->allow_gl_reopen) + unset($security_areas['SA_GLREOPEN']); /* - This table stores security area ranges. It is used by security_role - table administration interface. Every extension module can add their - own security areas set by adding new entries here. + This function should be called whenever we want to extend core access level system + with new security areas and/or sections i.e.: + . on any page with non-standard security areas + . in security roles editor + The call should be placed between session.inc inclusion and page() call. + Up to 155 security sections and 155 security areas for any extension can be installed. */ -$security_areas = array( - // database table crud operations and administrative areas - SA_CUSTOMER => _("Sales customer and branches"), - _("Sales groups"), - _("Sales prices"), - _("Sales staff"), - _("Sales areas"), - _("Credit status definitions"), - _("Sales templates"), - _("Recurrent invoices definitions"), - // documents, transactions entry - SA_SALESORDER => _("Sales order entry"), - _("Sales deliveries"), - _("Sales invoices"), - _("Sales credit notes against invoice"), - _("Sales freehand credit notes"), - _("Customer payments"), - // maintenance and analytics - SA_SALESALLOC => _("Customer allocations"), - _("Customer analytical reports and inquiries"), - _("Sales reports"), - _("Sales other reports and inquires"), - // database table crud operations and administrative areas - SA_SUPPLIER => _("Suppliers"), - // documents, transactions entry - SA_PURCHASEORDER => _("Purchase Order Entry"), - _("Outstanding Purchase Orders"), - _("Supplier Invoices"), - _("Supplier Credit Notes"), - _("Supplier Payments"), - // maintenance and analytics - SA_SUPPLIERALLOC => _("Supplier allocations"), - _("Supplier analytical reports and inquiries"), - _("Supplier reports"), - _("Supplier other reports and inquiries"), - // database table crud operations and administrative areas - SA_ITEM => _("Items"), - _("Foreign Item Codes"), - _("Sales Kits"), - _("Item Categories"), - _("Inventory Locations"), - _("Inventory Movement Types"), - _("Item Tax Types"), - _("Unit of Measures"), - _("Reorder Levels"), - // documents, transactions entry - SA_LOCATIONTRANSFER => _("Inventory Location Transfers"), - _("Inventory Adjustments"), - // maintenance and analytics - SA_ITEMSANALYTIC => _("Items analytical reports and inquiries"), - _("Inventory reports"), - _("Inventory other reports and inquiries"), - SA_SALESPRICING => _("Item Sales Pricing"), - _("Item Purchasing Pricing"), - _("Item Standard Costs"), - // database table crud operations and administrative areas - SA_BOM => _("Bill of Materials"), - _("Work Centres"), - // documents, transactions entry - SA_WORKORDERENTRY => _("Work Order Entries"), - _("Work Order Operations"), - // maintenance and analytics - SA_WORKORDERANALYTIC => _("Work Order analytical reports and inquiries"), - _("Work Order Reports"), - _("Work Order other reports and inquiries"), - // database table crud operations and administrative areas - SA_DIMENSION => _("Dimensions"), - // documents, transactions entry - SA_DIMENSiONOPERATION => _("Dimension Operations"), - // maintenance and analytics - SA_DIMENSIONANALYTIC => _("Dimension analytical reports and inquiries"), - _("Dimension Reports"), - _("Dimension other reports and inquiries"), - // database table crud operations and administrative areas - SA_BANKACCOUNT => _("Bank Accounts"), - _("Quick Entries"), - _("Currencies"), - _("Exchange Rates"), - _("GL Accounts"), - _("GL Account Groups"), - _("GL Account Classes"), - // documents, transactions entry - SA_PAYMENT => _("Bank Payments"), - _("Bank Deposits"), - _("Bank Account Transfers"), - _("Journal Entries"), - _("Budget Entries"), - _("Bank Reconcile"), - // maintenance and analytics - SA_GLANALYTIC => _("Bank and GL analytical reports and inquiries"), - _("Bank and GL Reports"), - _("Bank and GL other reports and inquiries"), - // database table crud operations and administrative areas - SA_SETUPCOMPANY => _("Company Setup"), - _("Users Setup"), - _("Forms Setup"), - _("Taxes"), - _("Fiscal Years"), - _("Print Profiles"), - _("Payment Terms"), - _("Shipping"), - _("Point of Sales"), - _("Printer Setup"), - // documents, transactions entry - SA_VOIDTRANSACTION => _("Voiding Transactions"), - _("Viev and Print Transactions"), - _("Attaching Documents"), - _("Backup and Restore"), - _("Install/Update Companies"), - _("Install/Update Languages"), - _("Install/Upgrade Modules"), - _("Software Upgrades"), -); -?> \ No newline at end of file +function add_access_extensions() +{ + global $security_areas, $security_sections, $installed_extensions; + + foreach($installed_extensions as $extid => $ext) { + $accext = hook_invoke($ext['package'], 'install_access', $dummy); + if ($accext == null) continue; + + $scode = 100; + $acode = 100; + $extsections = $accext[1]; + $extareas = $accext[0]; + $extcode = $extid<<16; + + $trans = array(); + foreach($extsections as $code =>$name) { + $trans[$code] = $scode<<8; + // reassign section codes + $security_sections[$trans[$code]|$extcode] = $name; + $scode++; + } + foreach($extareas as $code => $area) { + $section = $area[0]&0xff00; + // extension modules: + // if area belongs to nonstandard section + // use translated section codes and + // preserve lower part of area code + if (isset($trans[$section])) { + $section = $trans[$section]; + } + // otherwise assign next available + // area code >99 + $area[0] = $extcode | $section | ($acode++); + $security_areas[$code] = $area; + } + } +} + +function check_edit_access($name) +{ + global $input_security; + + $access = @$input_security[$name]; + + if (!$access) + $access = @$input_security['']; // default access level + + if (!$access) + return true; // if constraint is not defined edit access is allowed + + return user_check_access($access); +} +/* + Returns POST value or null if edit access to $name control is forbidden. +*/ +function access_post($name, $dflt=null) +{ + if (!check_edit_access($name)) + return $dflt; + else + return get_post($name, $dflt); +} + +/* + Returns numeric input value or null if edit access to $name control is forbidden. +*/ +function access_num($name, $dflt=null) +{ + if (!check_edit_access($name)) + return $dflt; + else + return input_num($name, $dflt); +}