Evol : nettoyage de class_security et deploiement des fonctionnalités...

Evol : nettoyage de class_security et deploiement des fonctionnalités spécifiques dans les controleurs attitrés

core/trunk/core/class/SecurityControler.php

@@ -40,7 +40,7 @@ define("_CODE_INCREMENT",1);
 // Loads the required class
 try {
 	require_once("core/class/class_db.php");
-	require_once("core".DIRECTORY_SEPARATOR."class".DIRECTORY_SEPARATOR."class_request.php");
+	require_once("core/class/UserControler.php");
 	require_once("core/class/Security.php");
 } catch (Exception $e){
 	echo $e->getMessage().' // ';
@@ -189,7 +189,7 @@ class SecurityControler
 	/**
 	* Inserts in the database (security table) a Security object
 	*
-	* @param  $security Security object
+	* @param  $security Security objectgetAccessForGroup($group_id)
 	* @return bool true if the insertion is complete, false otherwise
 	*/
 	private function insert($security)
@@ -342,8 +342,9 @@ class SecurityControler
 		return array('COLUMNS' => implode(",",$columns), 'VALUES' => implode(",",$values));
 	}
 	
+
 	// TO DO : USE TO CHECK WHERE CLAUSE
-	public function check_where_clause($coll_id, $target, $where_clause, $user_id)
+	public function check_where_clause($coll_id, $target, $where_clause, $view, $user_id)
 	{
 		$res = array('RESULT' => false, 'TXT' => '');
 		
@@ -355,62 +356,31 @@ class SecurityControler
 		
 		$where = " ".$where_clause;
 		$where = str_replace("\\", "", $where);
-		$where = Security::process_security_where_clause($where, $user_id);
-		
-		$this->connect();
+		$where = self::process_security_where_clause($where, $user_id);
+		if(str_replace(" ", "", $where) == "")
+		{
+			$where = "";
+		}
+		$where = str_replace("where", " ", $where);
+		self::connect();
 		
 		if($target == 'ALL' || $target == 'DOC')
+			$query = "select res_id from ".$view." where  ".$where;
+		if($target == 'ALL' || $target == 'CLASS')
+			$query = "select mr_aggregation_id from ".$view." where  ".$where;
+
+		$ok = self::$db->query($query, true);
+		if(!$ok )
 		{
-			$selectWhereTest = array();
-			$selectWhereTest[$_SESSION['collections'][$coll_id]['view']]= array();
-			array_push($selectWhereTest[$_SESSION['collections'][$coll_id]['view']],"res_id");
-			$tabResult = array();
-			
-			$request = new request();
-			if(str_replace(" ", "", $where) == "")
-			{
-				$where = "";
-			}
-			$where = str_replace("where", " ", $where);
-			$tabResult = $request->select($selectWhereTest, $where, "", $_SESSION['config']['databasetype'], 10, false, "", "", "", true, true);
-					
-			if(!$tabResult )
-			{
-				$res['TXT'] = _SYNTAX_ERROR_WHERE_CLAUSE;
-				return $res;
-			}
-			else
-			{
-				$res['TXT'] = _SYNTAX_OK;
-				$res['RESULT'] = true;
-			}
+			$res['TXT'] = _SYNTAX_ERROR_WHERE_CLAUSE;
+			return $res;
 		}
-		/// TO DO : définir le nom de la vue
-		if($target == 'ALL' || $target == 'CLASS')
+		else
 		{
-			$selectWhereTest = array();
-			$selectWhereTest[_CLASSIFICATION_VIEW]= array();
-			array_push($selectWhereTest[_CLASSIFICATION_VIEW],"agregation_id");
-			$tabResult = array();
-			$request = new request();
-			if(str_replace(" ", "", $where) == "")
-			{
-				$where = "";
-			}
-			$where = str_replace("where", " ", $where);
-			$tabResult = $request->select($selectWhereTest, $where, "", $_SESSION['config']['databasetype'], 10, false, "", "", "", true, true);
-					
-			if(!$tabResult )
-			{
-				$res['TXT'] = _SYNTAX_ERROR_WHERE_CLAUSE;
-				return $res;
-			}
-			else
-			{
-				$res['TXT'] = _SYNTAX_OK;
-				$res['RESULT'] = true;
-			}
+			$res['TXT'] = _SYNTAX_OK;
+			$res['RESULT'] = true;
 		}
+		self::disconnect();
 		return $res;
 	}
 	
@@ -428,8 +398,8 @@ class SecurityControler
 			$where = ' where '.$where_clause;
 
 			// Process with the core vars
-			$where = $this->process_where_clause($where, $user_id);
-
+			$where = self::process_where_clause($where, $user_id);
+	
 			// Process with the modules vars
 			foreach(array_keys($_SESSION['modules_loaded']) as $key)
 			{
@@ -476,5 +446,121 @@ class SecurityControler
 		}
 		return $where;
 	}
+	
+	/**
+	* Loads into session, the security parameters corresponding to the user groups.
+	*
+	* @param  $user_id string User Identifier
+	*/
+	public function load_security($user_id)
+	{
+		$tab['collections'] = array();
+		$tab['security'] = array();
+
+		self::connect();
+
+		if($user_id == "superadmin")
+		{
+			for($i=0; $i<count($_SESSION['collections']);$i++)
+			{
+				$tab['security'][ $_SESSION['collections'][$i]['id']] = array();
+				foreach(array_keys($_ENV['targets']) as $key)
+				{
+					$tab['security'][ $_SESSION['collections'][$i]['id']][$key] = array('table'  => $_SESSION['collections'][$i]['table'], 'label_coll'  => $_SESSION['collections'][$i]['label'],'view'  => $_SESSION['collections'][$i]['view'], 'where' =>" (1=1) ");			
+				}
+				array_push($tab['collections'], $_SESSION['collections'][$i]['id']);
+			}
+		}
+		else
+		{
+			$groups = UserControler::getGroups($user_id);
+
+			$access = array();
+			for($i=0; $i<count($groups); $i++)
+			{
+				$tmp = self::getAccessForGroup($groups[$i]['GROUP_ID']);
+				for($j=0; $j<count($tmp);$j++)
+				{
+					array_push($access, $tmp[$j]);
+				}
+			}
+			for($i=0; $i<count($access); $i++)
+			{
+				// TO DO : vérifier les dates
+				$start_date = $access[$i]->__get('mr_start_date');
+				$stop_date = $access[$i]->__get('mr_stop_date');
+				
+				$target = $access[$i]->__get('where_target');
+				$coll_id = $access[$i]->__get('coll_id');
+				$where_clause = $access[$i]->__get('where_clause');
+				$where_clause = self::process_security_where_clause($where_clause, $user_id);
+				$where_clause = str_replace('where', '', $where_clause);
+				
+				$ind = self::get_ind_collection($coll_id);
+				
+				if(trim($where_clause) == "")
+					$where = "-1";
+				else
+					$where =  "( ".$this->show_string($where_clause)." )";
+					
+				if( ! in_array($coll_id, $tab['collections'] ) )
+				{
+					$tab['security'][$coll_id] = array();
+					
+					if($target == 'ALL')
+					{
+						foreach(array_keys($_ENV['targets']) as $key)
+						{
+							$tab['security'][$coll_id][$key] = array('table'  => $_SESSION['collections'][$ind]['table'], 'label_coll'  => $_SESSION['collections'][$ind]['label'],'view'  => $_SESSION['collections'][$ind]['view'], 'where'  => $where);	
+						}
+					}
+					else
+					{
+						$tab['security'][$coll_id][$target] = array('table'  => $_SESSION['collections'][$ind]['table'], 'label_coll'  => $_SESSION['collections'][$ind]['label'],'view'  => $_SESSION['collections'][$ind]['view'], 'where'  => $where);	
+					}
+					array_push($tab['collections'] ,$coll_id);	
+				}
+				else
+				{
+					if(isset($tab['security'][$coll_id][$target]) && count($tab['security'][$coll_id][$target]) > 0)
+						$tab['security'][ $coll_id][$target]['where'] .= " or ".$where;
+					elseif($target == 'ALL')
+					{
+						foreach(array_keys($_ENV['targets']) as $key)
+						{
+							if(isset($tab['security'][$coll_id][$key]) && count($tab['security'][$coll_id][$key]) > 0)
+								$tab['security'][$coll_id][$key]['where'] .= " or ".$where;
+							else
+								$tab['security'][$coll_id][$key] = array('table'  => $_SESSION['collections'][$ind]['table'], 'label_coll'  => $_SESSION['collections'][$ind]['label'],'view'  => $_SESSION['collections'][$ind]['view'], 'where'  => $where);
+						}
+					}
+					else
+					{
+						$tab['security'][$coll_id][$target] = array('table'  => $_SESSION['collections'][$ind]['table'], 'label_coll'  => $_SESSION['collections'][$ind]['label'],'view'  => $_SESSION['collections'][$ind]['view'], 'where'  => $where);	
+					}
+				}
+			}
+		}
+		return $tab;
+	}
+
+	/**
+	* Gets the indice of the collection in the  $_SESSION['collections'] array
+	*
+	* @param  $coll_id string  Collection identifier
+	* @return integer Indice of the collection in the $_SESSION['collections'] or -1 if not found
+	*/
+	public function get_ind_collection($coll_id)
+	{
+		for($i=0;$i< count($_SESSION['collections']); $i++)
+		{
+			if(trim($_SESSION['collections'][$i]['id']) == trim($coll_id))
+			{
+				return $i;
+			}
+		}
+		return -1;
+	}
+
 }
 ?>

core/trunk/core/class/ServiceControler.php

@@ -40,6 +40,7 @@ define("_CODE_INCREMENT",1);
 // Loads the required class
 try {
 	require_once("core/class/Service.php");
+	require_once("core".DIRECTORY_SEPARATOR."class".DIRECTORY_SEPARATOR."UsergroupControler.php");
 } catch (Exception $e){
 	echo $e->getMessage().' // ';
 }
@@ -51,6 +52,120 @@ try {
 */
 class ServiceControler
 {
-
+	/**
+	* Dbquery object used to connnect to the database
+    */
+	private static $db;
+	
+	/**
+	* usergroups_services table
+    */
+	private static $usergroups_services_table;
+	
+	
+	/**
+	* Opens a database connexion and values the tables variables
+	*/
+	public function connect()
+	{
+		$db = new dbquery();
+		$db->connect();
+		
+		self::$usergroups_services_table = $_SESSION['tablename']['usergroup_services'];
+		self::$db=$db;
+	}	
+	
+	
+	/**
+	* Close the database connexion
+	*/
+	public function disconnect()
+	{
+		self::$db->disconnect();
+	}	
+	
+	public function loadEnabledServices()
+	{
+		$_SESSION['enabled_services'] = array();
+		for($i=0; $i<count($_SESSION['app_services']);$i++)
+		{
+			if($_SESSION['app_services'][$i]['enabled'] == "true")
+			{
+				array_push($_SESSION['enabled_services'], array('id' => $_SESSION['app_services'][$i]['id'], 'label' => $_SESSION['app_services'][$i]['name'], 'comment' =>$_SESSION['app_services'][$i]['comment'], 'type' => $_SESSION['app_services'][$i]['servicetype'],'parent' => 'application', 'system' => $_SESSION['app_services'][$i]['system_service']));
+			}
+		}
+		foreach(array_keys($_SESSION['modules_services']) as $value)
+		{
+			for($i=0; $i < count($_SESSION['modules_services'][$value]); $i++)
+			{
+				if($_SESSION['modules_services'][$value][$i]['enabled'] == "true")
+				{
+					array_push($_SESSION['enabled_services'], array('id' => $_SESSION['modules_services'][$value][$i]['id'], 'label' => $_SESSION['modules_services'][$value][$i]['name'], 'comment' => $_SESSION['modules_services'][$value][$i]['comment'], 'type' => $_SESSION['modules_services'][$value][$i]['servicetype'],'parent' => $value, 'system' =>$_SESSION['modules_services'][$value][$i]['system_service'] ));
+				}
+			}
+		}
+	}
+	
+	/**
+	* Loads into session all the services for a user
+	*
+	* @param  $user_id  string User identifier
+	* @param  $include_system  bool If true include the system services, false otherwise (true by default)
+	*/
+	public function loadUserServices($user_id)
+	{
+		$services = array();
+		if($user_id == "superadmin")
+		{
+			$services = self::getAllServices();
+		}
+		else
+		{
+			for($i=0; $i< count($_SESSION['enabled_services']);$i++)
+			{
+				if($_SESSION['enabled_services'][$i]['system'] == true )
+				{
+					$services[$_SESSION['enabled_services'][$i]['id']] = true;
+				}
+				else
+				{
+					self::connect();
+					self::$db->query("select group_id from ".self::$usergroups_services_table." where service_id = '".$_SESSION['enabled_services'][$i]['id']."'");
+					$find = false;
+					while($res = self::$db->fetch_object())
+					{
+						if(UsergroupControler::inGroup($user_id, $res->group_id) == true)
+						{
+							$find = true;
+							break;
+						}
+					}
+					if($find == true)
+					{
+						$services[$_SESSION['enabled_services'][$i]['id']] = true;
+					}
+					else
+					{
+						$services[$_SESSION['enabled_services'][$i]['id']] = false;
+					}
+				}
+			}
+		}
+		return $services;
+	}
+	
+		/**
+	* Loads into session all the services for the superadmin
+	*
+	*/
+	private function getAllServices()
+	{
+		$services = array();
+		for($i=0; $i< count($_SESSION['enabled_services']);$i++)
+		{
+				$services[$_SESSION['enabled_services'][$i]['id']] = true;
+		}
+		return $services;
+	}
 }
 ?>

core/trunk/core/class/UserControler.php

@@ -96,10 +96,11 @@ class UserControler
 	* Returns an User Object based on a user identifier
 	*
 	* @param  $user_id string  User identifier
+	* @param  $comp_where string  where clause arguments (must begin with and or or)
 	* @param  $can_be_disabled bool  if true gets the user even if it is disabled in the database (false by default)
 	* @return User object with properties from the database or null
 	*/
-	public function get($user_id, $can_be_disabled = false)
+	public function get($user_id, $comp_where = '', $can_be_disabled = false)
 	{
 		if(empty($user_id))
 			return null;
@@ -108,6 +109,7 @@ class UserControler
 		$query = "select * from ".self::$users_table." where user_id = '".functions::protect_string_db($user_id)."'";
 		if(!$can_be_disabled)
 			$query .= " and enabled = 'Y'";
+		$query .= $comp_where;
 		
 		try{
 			if($_ENV['DEBUG']){echo $query.' // ';}

core/trunk/core/class/UsergroupControler.php

@@ -215,6 +215,34 @@ class UsergroupControler
 		return $users;
 	}
 	
+	/**
+	* Returns the id of the primary group for a given user_id
+	*
+	* @param  $user_id string  User identifier
+	* @return String  group_id or null
+	*/
+	public function getPrimaryGroup($user_id)
+	{		
+		if(empty($user_id))
+			return null;
+
+		$users = array();
+		self::connect();
+		$query = "select group_id from ".self::$usergroup_content_table." where user_id = '".$user_id."' and primary_group = 'Y'";
+
+		try{
+			if($_ENV['DEBUG']){echo $query.' // ';}
+					self::$db->query($query);
+		} catch (Exception $e){
+					echo _NO_USER_WITH_ID.' '.$user_id.' // ';
+		}
+		
+		$res = self::$db->fetch_object();
+		$group_id = $res->group_id;
+		self::disconnect();
+		return $group_id;
+	}
+	
 	/**
 	* Returns in an array all the baskets associated with a usergroup (basket_id only) 
 	*

core/trunk/core/class/class_db.php

@@ -300,16 +300,24 @@ class dbquery extends functions
 		elseif($this->databasetype == "MYSQL"){
 			return true;
 		}
-		elseif($this->databasetype == "POSTGRESQL"){
+		elseif($this->databasetype == "POSTGRESQL")
+		{
+			$this->connect();
 			$this->query("select column_name from information_schema.columns where table_name = '".$table."' and column_name = '".$field."'");
-			if ($this->nb_result() > 0)
+			$res = $this->nb_result();
+			$this->disconnect();
+			if ($res > 0)
 				return true;
 			else
 				return false;
 		}
-		elseif($this->databasetype == "ORACLE"){
+		elseif($this->databasetype == "ORACLE")
+		{
+			$this->connect();
 			$this->query("SELECT * from USER_TAB_COLUMNS where TABLE_NAME = '".$table."' AND COLUMN_NAME = '".$field."'");
-			if ($this->nb_result() > 0)
+			$res = $this->nb_result();
+			$this->disconnect();
+			if ($res > 0)
 				return true;
 			else
 				return false;