admin/security_roles.php

   1 <?php
   2 /**********************************************************************
   3     Copyright (C) FrontAccounting, LLC.
   4         Released under the terms of the GNU General Public License, GPL,
   5         as published by the Free Software Foundation, either version 3
   6         of the License, or (at your option) any later version.
   7     This program is distributed in the hope that it will be useful,
   8     but WITHOUT ANY WARRANTY; without even the implied warranty of
   9     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  10     See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
  11 ***********************************************************************/
  12 $page_security = 'SA_SECROLES';
  13 $path_to_root = "..";
  14 include_once($path_to_root . "/includes/session.inc");
  15
  16 add_access_extensions();
  17
  18 page(_($help_context = "Access setup"));
  19
  20 include_once($path_to_root . "/includes/ui.inc");
  21 include_once($path_to_root . "/includes/access_levels.inc");
  22 include_once($path_to_root . "/admin/db/security_db.inc");
  23
  24 $new_role = get_post('role')=='' || get_post('cancel') || get_post('clone');
  25 //--------------------------------------------------------------------------------------------------
  26 // Following compare function is used for sorting areas
  27 // in such a way that security areas defined by module/plugin
  28 // is properly placed under related section regardless of
  29 // unique extension number, with order inside sections preserved.
  30 //
  31 function comp_areas($area1, $area2)
  32 {
  33         $sec_comp = ($area1[0]&0xff00)-($area2[0]&0xff00);
  34         return $sec_comp == 0 ? ($area1[2]-$area2[2]) : $sec_comp;
  35 }
  36
  37 function sort_areas($areas)
  38 {
  39         $old_order = 0;
  40         foreach($areas as $key => $area) {
  41                 $areas[$key][] = $old_order++;
  42         }
  43         uasort($areas,'comp_areas');
  44         return $areas;
  45 }
  46 //--------------------------------------------------------------------------------------------------
  47 if (list_updated('role')) {
  48         $Ajax->activate('details');
  49         $Ajax->activate('controls');
  50 }
  51
  52 function clear_data()
  53 {
  54         unset($_POST);
  55 }
  56
  57 if (get_post('addupdate'))
  58 {
  59         $input_error = 0;
  60         if ($_POST['description'] == '')
  61         {
  62         $input_error = 1;
  63         display_error( _("Role description cannot be empty."));
  64                 set_focus('description');
  65         }
  66         elseif ($_POST['name'] == '')
  67         {
  68         $input_error = 1;
  69         display_error( _("Role name cannot be empty."));
  70                 set_focus('name');
  71         }
  72                 // prevent accidental editor lockup by removing SA_SECROLES
  73         if (get_post('role') == $_SESSION['wa_current_user']->access) {
  74                 if (!isset($_POST['Area'.$security_areas['SA_SECROLES'][0]])
  75                         || !isset($_POST['Section'.SS_SETUP])) {
  76                         display_error(_("Access level edition in Company setup section have to be enabled for your account."));
  77                 $input_error = 1;
  78                 set_focus(!isset($_POST['Section'.SS_SETUP])
  79                         ? 'Section'.SS_SETUP : 'Area'.$security_areas['SA_SECROLES'][0]);
  80                 }
  81         }
  82
  83         if ($input_error == 0)
  84         {
  85                 $sections = array();
  86                 $areas = array();
  87                 foreach($_POST as $p =>$val) {
  88                         if (substr($p,0,4) == 'Area' && $val == 1) {
  89                                 $a = substr($p, 4);
  90                                 if (($a&~0xffff) && (($a&0xff00)<(99<<8))) {
  91                                         $sections[] = $a&~0xff; // add extended section for plugins
  92                                 }
  93                                 $areas[] = (int)$a;
  94                         }
  95                         if (substr($p,0,7) == 'Section' && $val == 1)
  96                                 $sections[] = (int)substr($p, 7);
  97                 }
  98 //              $areas = sort_areas($areas);
  99
 100                 $sections = array_values($sections);
 101
 102         if ($new_role)
 103         {
 104                         add_security_role($_POST['name'], $_POST['description'], $sections, $areas);
 105                         display_notification(_("New security role has been added."));
 106         } else
 107         {
 108                         update_security_role($_POST['role'], $_POST['name'], $_POST['description'],
 109                                 $sections, $areas);
 110                         update_record_status($_POST['role'], get_post('inactive'),
 111                                 'security_roles', 'id');
 112
 113                         display_notification(_("Security role has been updated."));
 114         }
 115         $new_role = true;
 116         clear_data();
 117         $Ajax->activate('_page_body');
 118         }
 119 }
 120
 121 //--------------------------------------------------------------------------------------------------
 122
 123 if (get_post('delete'))
 124 {
 125         if (check_role_used(get_post('role'))) {
 126                 display_error(_("This role is currently assigned to some users and cannot be deleted"));
 127         } else {
 128                 delete_security_role(get_post('role'));
 129                 display_notification(_("Security role has been sucessfully deleted."));
 130                 unset($_POST['role']);
 131         }
 132         $Ajax->activate('_page_body');
 133 }
 134
 135 if (get_post('cancel'))
 136 {
 137         unset($_POST['role']);
 138         $Ajax->activate('_page_body');
 139 }
 140
 141 if (!isset($_POST['role']) || get_post('clone') || list_updated('role')) {
 142         $id = get_post('role');
 143         $clone = get_post('clone');
 144
 145         unset($_POST);
 146         if ($id) {
 147                 $row = get_security_role($id);
 148                 $_POST['description'] = $row['description'];
 149                 $_POST['name'] = $row['role'];
 150                 $_POST['inactive'] = $row['inactive'];
 151                 $access = $row['areas'];
 152                 $sections = $row['sections'];
 153         }
 154         else {
 155                 $_POST['description'] = $_POST['name'] = '';
 156                 unset($_POST['inactive']);
 157                 $access = $sections = array();
 158         }
 159         foreach($access as $a) $_POST['Area'.$a] = 1;
 160         foreach($sections as $s) $_POST['Section'.$s] = 1;
 161
 162         if($clone) {
 163                 set_focus('name');
 164                 $Ajax->activate('_page_body');
 165         } else
 166                 $_POST['role'] = $id;
 167 }
 168
 169 //--------------------------------------------------------------------------------------------------
 170
 171 start_form();
 172
 173 start_table(TABLESTYLE_NOBORDER);
 174 start_row();
 175 security_roles_list_cells(_("Role:"). "&nbsp;", 'role', null, true, true, check_value('show_inactive'));
 176 $new_role = get_post('role')=='';
 177 check_cells(_("Show inactive:"), 'show_inactive', null, true);
 178 end_row();
 179 end_table();
 180 echo "<hr>";
 181
 182 if (get_post('_show_inactive_update')) {
 183         $Ajax->activate('role');
 184         set_focus('role');
 185 }
 186 if (find_submit('_Section')) {
 187         $Ajax->activate('details');
 188 }
 189 //-----------------------------------------------------------------------------------------------
 190 div_start('details');
 191 start_table(TABLESTYLE2);
 192         text_row(_("Role name:"), 'name', null, 20, 22);
 193         text_row(_("Role description:"), 'description', null, 50, 52);
 194         record_status_list_row(_("Current status:"), 'inactive');
 195 end_table(1);
 196
 197         start_table(TABLESTYLE, "width='40%'");
 198
 199         $k = $j = 0; //row colour counter
 200         $ext = $sec = $m = -1;
 201
 202         foreach(sort_areas($security_areas) as $area =>$parms ) {
 203                 // system setup areas are accessable only for site admins i.e.
 204                 // admins of first registered company
 205                 if (user_company() && (($parms[0]&0xff00) == SS_SADMIN)) continue;
 206
 207                 $newsec = ($parms[0]>>8)&0xff;
 208                 $newext  = $parms[0]>>16;
 209                 if ($newsec != $sec || (($newext != $ext) && ($newsec>99)))
 210                 { // features set selection
 211                         $ext = $newext;
 212                         $sec = $newsec;
 213                         $m = $parms[0] & ~0xff;
 214                         label_row($security_sections[$m].':',
 215                                 checkbox( null, 'Section'.$m, null, true,
 216                                         _("On/off set of features")),
 217                         "class='tableheader2'", "class='tableheader'");
 218                 }
 219                 if (check_value('Section'.$m)) {
 220                                 alt_table_row_color($k);
 221                                 check_cells($parms[1], 'Area'.$parms[0], null,
 222                                         false, '', "align='center'");
 223                         end_row();
 224                 } else {
 225                         hidden('Area'.$parms[0]);
 226                 }
 227         }
 228         end_table(1);
 229 div_end();
 230
 231 div_start('controls');
 232
 233 if ($new_role)
 234 {
 235         submit_center_first('Update', _("Update view"), '', null);
 236         submit_center_last('addupdate', _("Insert New Role"), '', 'default');
 237 }
 238 else
 239 {
 240         submit_center_first('addupdate', _("Save Role"), '', 'default');
 241         submit('Update', _("Update view"), true, '', null);
 242         submit('clone', _("Clone This Role"), true, '', true);
 243         submit('delete', _("Delete This Role"), true, '', true);
 244         submit_center_last('cancel', _("Cancel"), _("Cancel Edition"), 'cancel');
 245 }
 246
 247 div_end();
 248
 249 end_form();
 250 end_page();
 251