[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Noalyss-commit] [noalyss] 47/323: Task #0001519: Assouplissement de la
From: |
Dany De Bontridder |
Subject: |
[Noalyss-commit] [noalyss] 47/323: Task #0001519: Assouplissement de la sécurité : Administrateur accès à tout, ajout d'utilisateur par défaut securité désactivée |
Date: |
Wed, 14 Mar 2018 17:38:16 -0400 (EDT) |
sparkyx pushed a commit to branch master
in repository noalyss.
commit cbcb09cb79ab1a09e373bf9f292189bc14cbeade
Author: Dany De Bontridder <address@hidden>
Date: Wed Jan 10 16:22:02 2018 +0100
Task #0001519: Assouplissement de la sécurité : Administrateur accès à
tout, ajout d'utilisateur par défaut securité désactivée
---
include/ajax/ajax_admin.php | 7 +++++
include/ajax/ajax_user_security.php | 4 +--
include/class/user.class.php | 6 ++---
include/param_sec.inc.php | 52 +++++++++++++++++++++++++------------
4 files changed, 48 insertions(+), 21 deletions(-)
diff --git a/include/ajax/ajax_admin.php b/include/ajax/ajax_admin.php
index c9e488f..47ffdc0 100644
--- a/include/ajax/ajax_admin.php
+++ b/include/ajax/ajax_admin.php
@@ -47,6 +47,13 @@ if ($op=='folder_add') // operation
$dossier_id=$http->get("p_dossier", "number"); // get variable
$user=new User($cn, $user_id);
$user->set_folder_access($dossier_id, true);
+ $dossiercn=new Database($dossier_id);
+ // By default new user has the profile 1 (admin) and ledger's security
+ // + action's security are disabled
+ $user=new User($dossiercn,$user_id);
+ $user->set_status_security_action(0);
+ $user->set_status_security_ledger(0);
+ $user->save_profile(1);
$dossier=new Dossier($dossier_id);
$dossier->load();
$content="<td>".h($dossier->dos_name)."</td><td>".h($dossier->dos_description)."</td>".
diff --git a/include/ajax/ajax_user_security.php
b/include/ajax/ajax_user_security.php
index d1517c8..6deddf0 100644
--- a/include/ajax/ajax_user_security.php
+++ b/include/ajax/ajax_user_security.php
@@ -237,7 +237,7 @@ if ($op=="user_sec_ledger")
$sec_ledger->add_json_param("gDossier", $n_dossier_id);
$sec_ledger->add_json_param("user_id", $user_id);
$sec_ledger->add_json_param("op", "user_sec_ledger");
- if ($sec_user->get_status_security_ledger()==1)
+ if ($sec_user->get_status_security_ledger()==1||$sec_user->Admin()==1)
{
$sec_user->set_status_security_ledger(0);
echo $sec_ledger->get_iconoff();
@@ -261,7 +261,7 @@ if ($op=="user_sec_action")
$sec_action->add_json_param("gDossier", $n_dossier_id);
$sec_action->add_json_param("user_id", $user_id);
$sec_action->add_json_param("op", "user_sec_action");
- if ($sec_user->get_status_security_action()==1)
+ if ($sec_user->get_status_security_action()==1||$sec_user->Admin()==1)
{
$sec_user->set_status_security_action(0);
echo $sec_action->get_iconoff();
diff --git a/include/class/user.class.php b/include/class/user.class.php
index 79329e3..3d5e43b 100644
--- a/include/class/user.class.php
+++ b/include/class/user.class.php
@@ -124,7 +124,7 @@ class User
$this->last_name = $row['use_name'];
$this->name = $row['use_name'];
$this->active = $row['use_active'];
- $this->login = $row['use_login'];
+ $this->login =strtolower($row['use_login']);
$this->admin = $row['use_admin'];
$this->password = $row['use_pass'];
$this->email=$row['use_email'];
@@ -1359,7 +1359,7 @@ class User
[$this->login]);
$flag=($p_value==1)?"Y":"N";
if ( $exist == 0) {
- $this->db->exec_sql("insert into user_active_security
(us_login,us_ledger,us_action) values ($1,$2,$3",[$this->login,$flag,'Y']);
+ $this->db->exec_sql("insert into user_active_security
(us_login,us_ledger,us_action) values ($1,$2,$3)",[$this->login,$flag,'Y']);
} else {
$this->db->exec_sql("update user_active_security set us_ledger=$1
where us_login = $2",[$flag,$this->login]);
}
@@ -1388,7 +1388,7 @@ class User
[$this->login]);
$flag=($p_value==1)?"Y":"N";
if ( $exist == 0) {
- $this->db->exec_sql("insert into user_active_security
(us_login,us_action,us_ledger) values ($1,$2,$3",[$this->login,$flag,'Y']);
+ $this->db->exec_sql("insert into user_active_security
(us_login,us_action,us_ledger) values ($1,$2,$3)",[$this->login,$flag,'Y']);
} else {
$this->db->exec_sql("update user_active_security set us_action=$1
where us_login = $2",[$flag,$this->login]);
}
diff --git a/include/param_sec.inc.php b/include/param_sec.inc.php
index b41b73c..96264c2 100644
--- a/include/param_sec.inc.php
+++ b/include/param_sec.inc.php
@@ -207,7 +207,7 @@ if ( $action == "view" )
$i_profile->id=uniqid("profile");
$i_profile->value=$cn->make_array("select p_id,p_name from profile
order by p_name");
-
+
$i_profile->selected=$sec_User->get_profile();
$ie_profile=new Inplace_Edit($i_profile);
@@ -230,13 +230,22 @@ if ( $action == "view" )
echo "<p>";
echo _("Sécurité sur les journaux")." ";
$status_sec_ledger=$sec_User->get_status_security_ledger();
- $sec_ledger=new Inplace_Switch("sec_ledger", $status_sec_ledger);
- $sec_ledger->set_callback("ajax_misc.php");
- $sec_ledger->add_json_param("gDossier", $n_dossier_id);
- $sec_ledger->add_json_param("user_id", $user_id);
- $sec_ledger->add_json_param("op", "user_sec_ledger");
- $sec_ledger->set_jscript(" if ( $('security_ledger_tbl').visible() ) {
$('security_ledger_tbl').hide();} else { $('security_ledger_tbl').show();}");
- echo $sec_ledger->input();
+ //--
+ // Administrator can always access all the ledgers
+ if ( $sec_User->admin==1) {
+ echo '<p>';
+ echo _("Les administrateurs NOALYSS ont toujours accès à tout");
+ $status_sec_ledger=0;
+ $sec_User->set_status_security_ledger(0);
+ } else {
+ $sec_ledger=new Inplace_Switch("sec_ledger", $status_sec_ledger);
+ $sec_ledger->set_callback("ajax_misc.php");
+ $sec_ledger->add_json_param("gDossier", $n_dossier_id);
+ $sec_ledger->add_json_param("user_id", $user_id);
+ $sec_ledger->add_json_param("op", "user_sec_ledger");
+ $sec_ledger->set_jscript(" if ( $('security_ledger_tbl').visible() ||
{$sec_User->Admin()}==1) { $('security_ledger_tbl').hide();} else {
$('security_ledger_tbl').show();}");
+ echo $sec_ledger->input();
+ }
echo "</p>";
//------------------------------------------------------------------------
// Access by ledgers, needed if the security on ledger is enable
@@ -287,15 +296,26 @@ if ( $action == "view" )
//-------------------------------------------------------------------------
echo "<p>";
echo _("Sécurité sur les actions")." ";
- $status_sec_action=$sec_User->get_status_security_action();
- $sec_action=new Inplace_Switch("sec_action", $status_sec_action);
- $sec_action->set_callback("ajax_misc.php");
- $sec_action->add_json_param("gDossier", $n_dossier_id);
- $sec_action->add_json_param("user_id", $user_id);
- $sec_action->add_json_param("op", "user_sec_action");
- $sec_action->set_jscript(" if ( $('security_action_tbl').visible() ) {
$('security_action_tbl').hide();} else { $('security_action_tbl').show();}");
- echo $sec_action->input();
+ // Administrator always have all action
+ if ( $sec_User->admin==1) {
+ echo '<p>';
+ echo _("Les administrateurs NOALYSS ont toujours accès à tout");
+ $status_sec_action=0;
+ $sec_User->set_status_security_action(0);
+ } else {
+
+ $status_sec_action=$sec_User->get_status_security_action();
+ $sec_action=new Inplace_Switch("sec_action", $status_sec_action);
+ $sec_action->set_callback("ajax_misc.php");
+ $sec_action->add_json_param("gDossier", $n_dossier_id);
+ $sec_action->add_json_param("user_id", $user_id);
+ $sec_action->add_json_param("op", "user_sec_action");
+ $sec_action->set_jscript(" if ( $('security_action_tbl').visible() ) {
$('security_action_tbl').hide();} else { $('security_action_tbl').show();}");
+ echo $sec_action->input();
+ }
echo "</p>";
+
+
include(NOALYSS_TEMPLATE.'/security_list_action.php');
echo '</fieldset>';
echo
HtmlInput::button('Imprime',_('imprime'),"onclick=\"window.open('export.php?".$sHref."');\"");
- [Noalyss-commit] [noalyss] 40/323: Category of card : cannot be removed due to FK in attr_min, (continued)
- [Noalyss-commit] [noalyss] 40/323: Category of card : cannot be removed due to FK in attr_min, Dany De Bontridder, 2018/03/14
- [Noalyss-commit] [noalyss] 42/323: Manage_Table dialog box draggable, Dany De Bontridder, 2018/03/14
- [Noalyss-commit] [noalyss] 46/323: Mix between odd and even row, Dany De Bontridder, 2018/03/14
- [Noalyss-commit] [noalyss] 23/323: Task #1485 : by default the dialog box are fixed but can be moved, Dany De Bontridder, 2018/03/14
- [Noalyss-commit] [noalyss] 51/323: 0001523: Dans HISTO , Operation History (HISTO) , tiers is clickable, Dany De Bontridder, 2018/03/14
- [Noalyss-commit] [noalyss] 50/323: task #0001513: Détail fiche : ajout bouton effacer, Dany De Bontridder, 2018/03/14
- [Noalyss-commit] [noalyss] 49/323: Tak #1522 : Journaux peuvent être inactif, Dany De Bontridder, 2018/03/14
- [Noalyss-commit] [noalyss] 38/323: Task #1518 : ajout de modèle de catégorie de fiche Modification des attributs minimums, Dany De Bontridder, 2018/03/14
- [Noalyss-commit] [noalyss] 34/323: Rewriting Module Template Category of card, Dany De Bontridder, 2018/03/14
- [Noalyss-commit] [noalyss] 53/323: Bug : search cannot select ledger, Dany De Bontridder, 2018/03/14
- [Noalyss-commit] [noalyss] 47/323: Task #0001519: Assouplissement de la sécurité : Administrateur accès à tout, ajout d'utilisateur par défaut securité désactivée,
Dany De Bontridder <=
- [Noalyss-commit] [noalyss] 72/323: typo, Dany De Bontridder, 2018/03/14
- [Noalyss-commit] [noalyss] 64/323: th.num align right, Dany De Bontridder, 2018/03/14
- [Noalyss-commit] [noalyss] 55/323: Task #1457 & 1281 : export PDF with opening writing, Dany De Bontridder, 2018/03/14
- [Noalyss-commit] [noalyss] 54/323: Task #1326 & #1512 = ajout détail extourne, libellé directement après ajout opération, Dany De Bontridder, 2018/03/14
- [Noalyss-commit] [noalyss] 57/323: Task #0001527: Effacement du champ code fiche : bouton , indent, Dany De Bontridder, 2018/03/14
- [Noalyss-commit] [noalyss] 63/323: Task #0001529: Icon_Action missing, Dany De Bontridder, 2018/03/14
- [Noalyss-commit] [noalyss] 62/323: Merge branch 'master' of ssh://ns3/srv/git/noalyss, Dany De Bontridder, 2018/03/14
- [Noalyss-commit] [noalyss] 66/323: Database : add function is_prepare() to check if pg_prepare has already run, Dany De Bontridder, 2018/03/14
- [Noalyss-commit] [noalyss] 48/323: Task #1520 : Préférence : pouvoir changer les préférence pour les exports CSV, Dany De Bontridder, 2018/03/14
- [Noalyss-commit] [noalyss] 59/323: Task #0001529: Réécriture de code , placer les icones dans Icon_Action, Dany De Bontridder, 2018/03/14