|
<?php defined('SYSPATH') or die('No direct script access.');
|
|
/*
|
|
* This file is part of open source system FreeNetIS
|
|
* and it is release under GPLv3 licence.
|
|
*
|
|
* More info about licence can be found:
|
|
* http://www.gnu.org/licenses/gpl-3.0.html
|
|
*
|
|
* More info about project can be found:
|
|
* http://www.freenetis.org/
|
|
*
|
|
*/
|
|
|
|
/**
|
|
* Access rights controller.
|
|
* Show and edit rights of user's to system.
|
|
*
|
|
* @package Controller
|
|
*/
|
|
class Access_rights_Controller extends Controller
|
|
{
|
|
/**
|
|
* Redirects to show groups
|
|
*/
|
|
public function index()
|
|
{
|
|
url::redirect(url_lang::base() . 'access_rights/show_groups');
|
|
}
|
|
|
|
/**
|
|
* Shows access groups
|
|
*/
|
|
public function show_groups()
|
|
{
|
|
// check access
|
|
if (!$this->acl_check_view('Settings_Controller', 'access_rights'))
|
|
{
|
|
Controller::Error(ACCESS);
|
|
}
|
|
|
|
$rows = array();
|
|
|
|
$aro_group_model = new Aro_group_Model();
|
|
$groups = $aro_group_model->get_traverz_tree();
|
|
|
|
$model_groups_aro_map = new Groups_Aro_Map_Model();
|
|
|
|
// vykresleni skupin
|
|
for ($i = 0; $i < $groups->count(); $i++)
|
|
{
|
|
$group = $groups->current();
|
|
$ret = '';
|
|
$rows[0] = '<tr><th colspan="3" style="width:300px">'
|
|
. __('Edit groups') . '</th></tr>';
|
|
//vypocet posunuti podskupiny
|
|
$parents_count = Aro_group_Model::count_parent($group->id);
|
|
|
|
for ($j = 0; $j < $parents_count - 1; $j++)
|
|
{
|
|
$ret .= ' ';
|
|
}
|
|
|
|
$count = $model_groups_aro_map->count_rows_by_group_id($group->id);
|
|
|
|
if ($group->id == 21)
|
|
{
|
|
$rows[$i + 1] = '<tr><td style="width:400px">'
|
|
. $ret . __('' . $group->name)
|
|
. '</td><td style="width:30px; text-align: center" >'
|
|
. $count . '</td><td>' . __('Edit')
|
|
. '</td></tr>';
|
|
}
|
|
else
|
|
{
|
|
$rows[$i + 1] = '<tr><td style="width:400px">'
|
|
. $ret . __('' . $group->name)
|
|
. '</td><td style="width:30px; text-align: center" >'
|
|
. $count . '</td><td>' . html::anchor(url_lang::base()
|
|
. 'access_rights/edit_group/' . $group->id, __('Edit'))
|
|
. '</td></tr>';
|
|
}
|
|
|
|
$groups->next();
|
|
}
|
|
|
|
$links[] = html::anchor(
|
|
url_lang::base() . 'access_rights/show_groups',
|
|
__('Groups of users')
|
|
);
|
|
$links[] = html::anchor(
|
|
url_lang::base() . 'access_rights/show_acl',
|
|
__('Access control list items')
|
|
);
|
|
|
|
//vykresleni
|
|
$view = new View('main');
|
|
$view->title = __('Access Rights');
|
|
$view->content = new View('access_rights/show_groups');
|
|
$view->content->links = implode(' | ', $links);
|
|
$view->content->rows = $rows;
|
|
$view->content->headline = __('Access Rights');
|
|
$view->render(TRUE);
|
|
}
|
|
|
|
/**
|
|
* Edit access group
|
|
*
|
|
* @param integer $group_id
|
|
*/
|
|
public function edit_group($group_id = NULL)
|
|
{
|
|
// check access
|
|
if (!$this->acl_check_edit('Settings_Controller', 'access_rights'))
|
|
{
|
|
Controller::Error(ACCESS);
|
|
}
|
|
|
|
if (!isset($group_id) || !is_numeric($group_id))
|
|
{
|
|
Controller::warning(PARAMETER);
|
|
}
|
|
else if ($group_id == 21)
|
|
{ // group "all people" cannot be edited
|
|
url::redirect(url_lang::base() . 'access_rights/show_groups');
|
|
}
|
|
|
|
// load model
|
|
$aro_group_model = new Aro_group_Model();
|
|
$group = $aro_group_model->get_by_id($group_id);
|
|
|
|
// exist?
|
|
if (!$group->count())
|
|
{
|
|
Controller::error(RECORD);
|
|
}
|
|
|
|
$user_model = new User_Model();
|
|
|
|
//po zmacknuti tlacitka X se nastavi filtr na NULL
|
|
if ($this->input->post('search_system_clear'))
|
|
{
|
|
$search_system_input = NULL;
|
|
}
|
|
else
|
|
{
|
|
$search_system_input = $this->input->post('search_system_input');
|
|
}
|
|
|
|
//po zmacknuti tlacitka X se nastavi filtr na NULL
|
|
if ($this->input->post('search_group_clear'))
|
|
{
|
|
$search_group_input = NULL;
|
|
}
|
|
else
|
|
{
|
|
$search_group_input = $this->input->post('search_group_input');
|
|
}
|
|
|
|
//pridani uzivatele do skupiny
|
|
if ($this->input->post('add') != NULL && $this->input->post('system_users') != NULL)
|
|
{
|
|
$aro_id = implode("", $this->input->post('system_users'));
|
|
|
|
$model_groups_aro_map = new Groups_Aro_Map_Model();
|
|
|
|
if (!$model_groups_aro_map->exist_row($group_id, $aro_id))
|
|
{
|
|
$model_groups_aro_map->aro_id = $aro_id;
|
|
$model_groups_aro_map->group_id = $group_id;
|
|
$model_groups_aro_map->save();
|
|
}
|
|
}
|
|
|
|
//pridani uzivatele do skupiny
|
|
if ($this->input->post('remove') != NULL &&
|
|
$this->input->post('group_users') != NULL)
|
|
{
|
|
$aro_id = implode("", $this->input->post('group_users'));
|
|
|
|
$model_groups_aro_map = new Groups_Aro_Map_Model();
|
|
|
|
if ($model_groups_aro_map->exist_row($group_id, $aro_id))
|
|
{
|
|
$model_groups_aro_map->detete_row($group_id, $aro_id);
|
|
}
|
|
}
|
|
|
|
//nacteni dat z databaze a filtrem nebo bez
|
|
if ($search_system_input != NULL)
|
|
{
|
|
$users1 = $user_model->get_all_not_in_by_aro_group_id(
|
|
$group_id, $search_system_input
|
|
);
|
|
}
|
|
else
|
|
{
|
|
$users1 = $user_model->get_all_not_in_by_aro_group_id($group_id);
|
|
}
|
|
|
|
//nacteni dat z databaze a filtrem nebo bez
|
|
if ($search_group_input != NULL)
|
|
{
|
|
$users2 = $user_model->get_all_by_aro_group_id(
|
|
$group_id, $search_group_input
|
|
);
|
|
}
|
|
else
|
|
{
|
|
$users2 = $user_model->get_all_by_aro_group_id($group_id);
|
|
}
|
|
|
|
//osetruje stav kdy v zadne skupine neni zadny uzivatel. Teoreticky nikdy nenastane
|
|
if (!$users1->count() && !$users2->count())
|
|
{
|
|
Controller::error(RECORD);
|
|
}
|
|
|
|
//generovani system dropboxu
|
|
if ($users1->count() == 0)
|
|
{
|
|
$system_users_select = form::dropdown(array
|
|
(
|
|
'name' => 'system_users[]',
|
|
'size' => 20,
|
|
'style' => 'width:250px'
|
|
));
|
|
}
|
|
else
|
|
{
|
|
$system_users_select = form::dropdown(array
|
|
(
|
|
'name' => 'system_users[]',
|
|
'size' => 20,
|
|
'style' => 'width:250px'
|
|
), arr::from_objects($users1));
|
|
}
|
|
|
|
//generovani system searchboxu
|
|
$system_users_search_box = '<table><tr><td>'
|
|
. form::input('search_system_input', $search_system_input, 'style="width:175px;"')
|
|
. '</td><td>' . form::submit('search_system_submit', __('Search'), 'style="width:50px;"')
|
|
. '</td><td>' . (
|
|
($search_system_input == NULL ) ?
|
|
'' : form::submit('search_system_clear', 'X', 'style="width:18px;"')
|
|
) . '</td></tr></table>';
|
|
|
|
//generovani group dropboxu
|
|
if ($users2->count() == 0)
|
|
{
|
|
$group_users_select = form::dropdown(array
|
|
(
|
|
'name' => 'group_users[]',
|
|
'size' => 20,
|
|
'style' => 'width:250px'
|
|
));
|
|
}
|
|
else
|
|
{
|
|
$group_users_select = form::dropdown(array
|
|
(
|
|
'name' => 'group_users[]',
|
|
'size' => 20,
|
|
'style' => 'width:250px'
|
|
), arr::from_objects($users2));
|
|
}
|
|
|
|
//generovani group searchboxu
|
|
$group_users_search_box = '<table><tr><td>'
|
|
. form::input('search_group_input', $search_group_input, 'style="width:175px;"')
|
|
. '</td><td>' . form::submit('search_group_submit', __('Search'), 'style="width:50px;"')
|
|
. '</td><td>' . (
|
|
($search_group_input == NULL ) ?
|
|
'' : form::submit('search_group_clear', 'X', 'style="width:18px;"')
|
|
) . '</td></tr></table>';
|
|
|
|
//tlacitka pro manipulaci
|
|
$add_button = form::submit('add', __('Add') . ' ►', 'style="width:80px;"');
|
|
|
|
$remove_button = form::submit('remove', '◄ ' . __('Remove'), 'style="width:80px;"');
|
|
|
|
$aro_group_model = new Aro_group_Model();
|
|
$name = $aro_group_model->get_by_id($group_id);
|
|
|
|
$headline = __('Edit group') . ': '
|
|
. __('' . $name->current()->name);
|
|
|
|
// bread crumbs
|
|
$breadcrumbs = breadcrumbs::add()
|
|
->link('access_rights/show_groups', 'Access Rights',
|
|
$this->acl_check_view('Settings_Controller', 'access_rights'))
|
|
->disable_translation()
|
|
->text($name->current()->name . ' (' . $name->current()->id . ')')
|
|
->html();
|
|
|
|
// view
|
|
$view = new View('main');
|
|
$view->title = $headline;
|
|
$view->breadcrumbs = $breadcrumbs;
|
|
$view->content = new View('access_rights/edit_group');
|
|
$view->content->headline = $headline;
|
|
$view->content->system_users_select = $system_users_select;
|
|
$view->content->system_users_search_box = $system_users_search_box;
|
|
$view->content->group_users_select = $group_users_select;
|
|
$view->content->group_users_search_box = $group_users_search_box;
|
|
$view->content->add_button = $add_button;
|
|
$view->content->remove_button = $remove_button;
|
|
$view->render(TRUE);
|
|
}
|
|
|
|
/**
|
|
* Shows access control list. Each ACL item has shown its access control objects (ACO) and
|
|
* access extension objects (AXO).
|
|
* @TODO Some items in database are in english, some in czech. It would be good to adhere convention.
|
|
* So all names in database should be in english and translations to other languages should be done
|
|
* in i18n/texts.php file using url_lang::lang method.
|
|
* @author Jiri Svitak
|
|
* @return unknown_type
|
|
*/
|
|
public function show_acl()
|
|
{
|
|
// access check
|
|
if (!$this->acl_check_view('Settings_Controller', 'access_rights'))
|
|
{
|
|
Controller::Error(ACCESS);
|
|
}
|
|
|
|
// models
|
|
$acl_model = new Acl_Model();
|
|
$axo_model = new Axo_Model();
|
|
$aco_model = new Aco_Model();
|
|
$acls = $acl_model->find_all();
|
|
|
|
// ouput
|
|
foreach ($acls as $key => $acl)
|
|
{
|
|
$allow = __('Allow');
|
|
$acl_line = "<tr><th>$acl->id</th><th>$acl->note</th><th>" . $allow . "</th></tr>\n";
|
|
$acos = $aco_model->get_aco_by_acl($acl->id);
|
|
$aco_line = '';
|
|
foreach ($acos as $aco)
|
|
{
|
|
$aco_line .= "<tr><th></th><th>" . __('' . $aco->name)
|
|
. "</th><th></th></tr>\n";
|
|
}
|
|
$axos = $axo_model->get_axo_by_acl($acl->id);
|
|
$axo_line = '';
|
|
foreach ($axos as $axo)
|
|
{
|
|
$axo_line .= "<tr><td>$axo->id</td><td>" . __('' . $axo->name)
|
|
. "</td><td>$axo->section_value</td></tr>\n";
|
|
}
|
|
$empty_line = "<tr></tr>\n";
|
|
$rows[$key] = $acl_line . $aco_line . $axo_line . $empty_line;
|
|
}
|
|
|
|
$links[] = html::anchor(
|
|
url_lang::base() . 'access_rights/show_groups',
|
|
__('Groups of users')
|
|
);
|
|
$links[] = html::anchor(
|
|
url_lang::base() . 'access_rights/show_acl',
|
|
__('Access control list items')
|
|
);
|
|
|
|
// view
|
|
$view = new View('main');
|
|
$view->title = __('Access Rights');
|
|
$view->content = new View('access_rights/show_groups');
|
|
$view->content->links = implode(' | ', $links);
|
|
$view->content->rows = $rows;
|
|
$view->content->headline = __('Access Rights');
|
|
$view->render(TRUE);
|
|
}
|
|
|
|
}
|