2 /**********************************************************************
3 Copyright (C) FrontAccounting, LLC.
4 Released under the terms of the GNU General Public License, GPL,
5 as published by the Free Software Foundation, either version 3
6 of the License, or (at your option) any later version.
7 This program is distributed in the hope that it will be useful,
8 but WITHOUT ANY WARRANTY; without even the implied warranty of
9 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
10 See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
11 ***********************************************************************/
13 Security sections groups various areas on both functionality and privilege levels.
14 Often analytic inquires are available only for management, and configuration
15 for administration or management staff. This is why we have those three
16 section type inside near every FA module.
18 Section codes 0-99 are reserved for core FA functionalities.
19 Every security section can contain up to 256 different areas.
20 External modules can extend security roles system by adding rows to
21 $security_sections and $security_areas using section codes >=100.
23 define('SS_SADMIN', 1<<8); // site admin
24 define('SS_SETUP', 2<<8); // company level setup
25 define('SS_SPEC', 3<<8); // special administration
27 define('SS_SALES_C',11<<8); // configuration
28 define('SS_SALES', 12<<8); // transactions
29 define('SS_SALES_A',13<<8); // analytic functions/reports/inquires
31 define('SS_PURCH_C',21<<8);
32 define('SS_PURCH', 22<<8);
33 define('SS_PURCH_A',23<<8);
35 define('SS_ITEMS_C',31<<8);
36 define('SS_ITEMS', 32<<8);
37 define('SS_ITEMS_A',33<<8);
39 define('SS_MANUF_C',41<<8);
40 define('SS_MANUF', 42<<8);
41 define('SS_MANUF_A',43<<8);
43 define('SS_DIM_C', 51<<8);
44 define('SS_DIM', 52<<8);
45 define('SS_DIM_A', 53<<8);
47 define('SS_GL_C', 61<<8);
48 define('SS_GL', 62<<8);
49 define('SS_GL_A', 63<<8);
51 $security_sections = array(
52 SS_SADMIN => _("System administration"),
53 SS_SETUP => _("Company setup"),
54 SS_SPEC => _("Special maintenance"),
55 SS_SALES_C => _("Sales configuration"),
56 SS_SALES => _("Sales transactions"),
57 SS_SALES_A => _("Sales related reports"),
58 SS_PURCH_C => _("Purchase configuration"),
59 SS_PURCH => _("Purchase transactions"),
60 SS_PURCH_A => _("Purchase analytics"),
61 SS_ITEMS_C => _("Inventory configuration"),
62 SS_ITEMS => _("Inventory operations"),
63 SS_ITEMS_A => _("Inventory analytics"),
64 SS_MANUF_C => _("Manufacturing configuration"),
65 SS_MANUF => _("Manufacturing transations"),
66 SS_MANUF_A => _("Manufacturing analytics"),
67 SS_DIM_C => _("Dimensions configuration"),
68 SS_DIM => _("Dimensions"),
69 SS_GL_C => _("Banking & GL configuration"),
70 SS_GL => _("Banking & GL transactions"),
71 SS_GL_A => _("Banking & GL analytics")
75 This table stores security areas available in FA.
76 Key is area identifier used to check user rights, values are
77 codes stored for each role in security_roles table and description used
80 Set of allowed access areas codes is retrieved during user login from
81 security_roles table, and cached in user profile.
83 Special value 'SA_OPEN' is used for publicly available pages like login/logout.
85 $security_areas =array(
87 // Site administration
89 'SA_CREATECOMPANY' =>array(SS_SADMIN|1, _("Install/update companies")),
90 'SA_CREATELANGUAGE' => array(SS_SADMIN|2, _("Install/update languages")),
91 'SA_CREATEMODULES' => array(SS_SADMIN|3, _("Install/upgrade modules")),
92 'SA_SOFTWAREUPGRADE' => array(SS_SADMIN|4, _("Software upgrades")),
96 'SA_SETUPCOMPANY' => array(SS_SETUP|1, _("Company parameters")),
97 'SA_SECROLES' => array(SS_SETUP|2, _("Access levels edition")),
98 'SA_USERS' => array(SS_SETUP|3, _("Users setup")),
99 'SA_POSSETUP' => array(SS_SETUP|4, _("Point of sales definitions")),
100 'SA_PRINTERS' => array(SS_SETUP|5, _("Printers configuration")),
101 'SA_PRINTPROFILE' => array(SS_SETUP|6, _("Print profiles")),
102 'SA_PAYTERMS' => array(SS_SETUP|7, _("Payment terms")),
103 'SA_SHIPPING' => array(SS_SETUP|8, _("Shipping ways")),
104 'SA_CRSTATUS' => array(SS_SETUP|9, _("Credit status definitions changes")),
105 'SA_INVENTORYLOCATION' => array(SS_SETUP|10, _("Inventory locations changes")),
106 'SA_INVENTORYMOVETYPE' => array(SS_SETUP|11, _("Inventory movement types")),
107 'SA_WORKCENTRES' => array(SS_SETUP|12, _("Manufacture work centres")),
108 'SA_FORMSETUP' => array(SS_SETUP|13, _("Forms setup")),
110 // Special and common functions
112 'SA_VOIDTRANSACTION' => array(SS_SPEC|1, _("Voiding transactions")),
113 'SA_BACKUP' => array(SS_SPEC|2, _("Database backup/restore")),
114 'SA_VIEWPRINTTRANSACTION' => array(SS_SPEC|3, _("Common view/print transactions interface")),
115 'SA_ATTACHDOCUMENT' => array(SS_SPEC|4, _("Attaching documents")),
116 'SA_SETUPDISPLAY' => array(SS_SPEC|5, _("Display preferences")), //???
117 'SA_CHGPASSWD' => array(SS_SPEC|6, _("Password changes")), //???
120 // Sales related functionality
122 'SA_SALESTYPES' => array(SS_SALES_C|1, _("Sales types")),
123 'SA_SALESPRICE' => array(SS_SALES_C|2, _("Sales prices edition")),
124 'SA_SALESMAN' => array(SS_SALES_C|3, _("Sales staff maintenance")),
125 'SA_SALESAREA' => array(SS_SALES_C|4, _("Sales areas maintenance")),
126 'SA_SALESGROUP' => array(SS_SALES_C|5, _("Sales groups changes")),
127 'SA_STEMPLATE' => array(SS_SALES_C|6, _("Sales templates")),
128 'SA_SRECURRENT' => array(SS_SALES_C|7, _("Recurrent invoices definitions")),
130 'SA_SALESTRANSVIEW' => array(SS_SALES|1, _("Sales transactions view")),
131 'SA_CUSTOMER' => array(SS_SALES|2, _("Sales customer and branches changes")),
132 'SA_SALESORDER' => array(SS_SALES|3, _("Sales orders edition")),
133 'SA_SALESDELIVERY' => array(SS_SALES|4, _("Sales deliveries edition")),
134 'SA_SALESINVOICE' => array(SS_SALES|5, _("Sales invoices edition")),
135 'SA_SALESCREDITINV' => array(SS_SALES|6, _("Sales credit notes against invoice")),
136 'SA_SALESCREDIT' => array(SS_SALES|7, _("Sales freehand credit notes")),
137 'SA_SALESPAYMNT' => array(SS_SALES|8, _("Customer payments entry")),
138 'SA_SALESALLOC' => array(SS_SALES|9, _("Customer payments allocation")),
140 'SA_SALESANALYTIC' => array(SS_SALES_A|1, _("Sales analytical reports")),
141 'SA_SALESBULKREP' => array(SS_SALES_A|2, _("Sales document bulk reports")),
142 'SA_PRICEREP' => array(SS_SALES_A|3, _("Sales prices listing")),
143 'SA_SALESMANREP' => array(SS_SALES_A|4, _("Sales staff listing")),
144 'SA_CUSTBULKREP' => array(SS_SALES_A|5, _("Customer bulk listing")),
145 'SA_CUSTSTATREP' => array(SS_SALES_A|6, _("Customer status report")),
146 'SA_CUSTPAYMREP' => array(SS_SALES_A|7, _("Customer payments report")),
149 // Purchase related functions
151 'SA_PURCHASEPRICING' => array(SS_PURCH_C|1, _("Purchase price changes")),
153 'SA_SUPPTRANSVIEW' => array(SS_PURCH|1, _("Supplier transactions view")),
154 'SA_SUPPLIER' => array(SS_PURCH|2, _("Suppliers changes")),
155 'SA_PURCHASEORDER' => array(SS_PURCH|3, _("Purchase order entry")),
156 'SA_GRN' => array(SS_PURCH|4, _("Purchase receive")),
157 'SA_SUPPLIERINVOICE' => array(SS_PURCH|5, _("Supplier invoices")),
158 'SA_GRNDELETE' => array(SS_PURCH|9, _("Deleting GRN items during invoice entry")),
159 'SA_SUPPLIERCREDIT' => array(SS_PURCH|6, _("Supplier credit notes")),
160 'SA_SUPPLIERPAYMNT' => array(SS_PURCH|7, _("Supplier payments")),
161 'SA_SUPPLIERALLOC' => array(SS_PURCH|8, _("Supplier payments allocations")),
163 'SA_SUPPLIERANALYTIC' => array(SS_PURCH_A|1, _("Supplier analytical reports")),
164 'SA_SUPPBULKREP' => array(SS_SALES_A|2, _("Supplier document bulk reports")),
165 'SA_SUPPPAYMREP' => array(SS_PURCH_A|3, _("Supplier payments report")),
169 'SA_ITEM' => array(SS_ITEMS_C|1, _("Stock items add/edit")),
170 'SA_SALESKIT' => array(SS_ITEMS_C|2, _("Sales kits")),
171 'SA_ITEMCATEGORY' => array(SS_ITEMS_C|3, _("Item categories")),
172 'SA_UOM' => array(SS_ITEMS_C|4, _("Units of measure")),
174 'SA_ITEMSSTATVIEW' => array(SS_ITEMS|1, _("Stock status view")),
175 'SA_ITEMSTRANSVIEW' => array(SS_ITEMS|2, _("Stock transactions view")),
176 'SA_FORITEMCODE' => array(SS_ITEMS|3, _("Foreign item codes entry")),
177 'SA_LOCATIONTRANSFER' => array(SS_ITEMS|4, _("Inventory location transfers")),
178 'SA_INVENTORYADJUSTMENT' => array(SS_ITEMS|5, _("Inventory adjustments")),
180 'SA_REORDER' => array(SS_ITEMS_A|1, _("Reorder levels")),
181 'SA_ITEMSANALYTIC' => array(SS_ITEMS_A|2, _("Items analytical reports and inquiries")),
182 'SA_ITEMSVALREP' => array(SS_ITEMS_A|3, _("Inventory valuation report")),
185 // Manufacturing module
187 'SA_BOM' => array(SS_MANUF_C|1, _("Bill of Materials")),
189 'SA_MANUFTRANSVIEW' => array(SS_MANUF|1, _("Manufacturing operations view")),
190 'SA_WORKORDERENTRY' => array(SS_MANUF|2, _("Work order entry")),
191 'SA_MANUFISSUE' => array(SS_MANUF|3, _("Material issues entry")),
192 'SA_MANUFRECEIVE' => array(SS_MANUF|4, _("Final product receive")),
193 'SA_MANUFRELEASE' => array(SS_MANUF|5, _("Work order releases")),
195 'SA_WORKORDERANALYTIC' => array(SS_MANUF_A|1, _("Work order analytical reports and inquiries")),
196 'SA_WORKORDERCOST' => array(SS_MANUF_A|2, _("Manufacturing cost inquiry")),
197 'SA_MANUFBULKREP' => array(SS_SALES_A|3, _("Work order bulk reports")),
198 'SA_BOMREP' => array(SS_MANUF_A|4, _("Bill of materials reports")),
202 'SA_DIMTAGS' => array(SS_DIM_C|1, _("Dimension tags")),
204 'SA_DIMTRANSVIEW' => array(SS_DIM|1, _("Dimension view")),
206 'SA_DIMENSION' => array(SS_DIM|2, _("Dimension entry")),
208 'SA_DIMENSIONREP' => array(SS_DIM|3, _("Dimension reports")),
210 // Banking and General Ledger
212 'SA_ITEMTAXTYPE' => array(SS_GL_C|1, _("Item tax type definitions")),
213 'SA_GLACCOUNT' => array(SS_GL_C|2, _("GL accounts edition")),
214 'SA_GLACCOUNTGROUP' => array(SS_GL_C|3, _("GL account groups")),
215 'SA_GLACCOUNTCLASS' => array(SS_GL_C|4, _("GL account classes")),
216 'SA_QUICKENTRY' => array(SS_GL_C|5, _("Quick GL entry definitions")),
217 'SA_CURRENCY' => array(SS_GL_C|6, _("Currencies")),
218 'SA_BANKACCOUNT' => array(SS_GL_C|7, _("Bank accounts")),
219 'SA_TAXRATES' => array(SS_GL_C|8, _("Tax rates")),
220 'SA_TAXGROUPS' => array(SS_GL_C|8, _("Tax groups")),
221 'SA_FISCALYEARS' => array(SS_GL_C|9, _("Fiscal years maintenance")),
222 'SA_GLSETUP' => array(SS_GL_C|10, _("Company GL setup")),
223 'SA_GLACCOUNTTAGS' => array(SS_GL_C|11, _("GL Account tags")),
225 'SA_BANKTRANSVIEW' => array(SS_GL|1, _("Bank transactions view")),
226 'SA_GLTRANSVIEW' => array(SS_GL|2, _("GL postings view")),
227 'SA_EXCHANGERATE' => array(SS_GL|3, _("Exchange rate table changes")),
228 'SA_PAYMENT' => array(SS_GL|4, _("Bank payments")),
229 'SA_DEPOSIT' => array(SS_GL|5, _("Bank deposits")),
230 'SA_BANKTRANSFER' => array(SS_GL|6, _("Bank account transfers")),
231 'SA_RECONCILE' => array(SS_GL|7, _("Bank reconciliation")),
232 'SA_JOURNALENTRY' => array(SS_GL|8, _("Manual journal entries")),
233 'SA_BANKJOURNAL' => array(SS_GL|11, _("Journal entries to bank related accounts")),
234 'SA_BUDGETENTRY' => array(SS_GL|9, _("Budget edition")),
235 'SA_STANDARDCOST' => array(SS_GL|10, _("Item standard costs")),
237 'SA_GLANALYTIC' => array(SS_GL_A|1, _("GL analytical reports and inquiries")),
238 'SA_TAXREP' => array(SS_GL_A|2, _("Tax reports and inquiries")),
239 'SA_BANKREP' => array(SS_GL_A|3, _("Bank reports and inquiries")),
240 'SA_GLREP' => array(SS_GL_A|4, _("GL reports and inquiries")),
243 This function should be called whenever we want to extend core access level system
244 with new security areas and/or sections i.e.:
245 . on any page with non-standard security areas
246 . in security roles editor
247 The call should be placed between session.inc inclusion and page() call.
249 function add_access_extensions()
251 global $path_to_root, $security_areas, $security_sections, $installed_extensions;
253 foreach($installed_extensions as $ext) {
254 if (@$ext['active'] && isset($ext['acc_file']))
255 include($path_to_root.($ext['type'] == 'plugin' ? '/modules/':'/').$ext['path'].'/'.$ext['acc_file']);
projects / fa-stable.git / blob