X-Git-Url: http://git.dj3c1t.com/?a=blobdiff_plain;f=mw%2Fapp%2Fdata%2Fmodules%2Fsql%2Fmw_data_users.php;h=0a1cf541521cbfa6a84e0494b6cee84f1919cc19;hb=3c17f81e1d2fb68f69cfa620ca00ad63e83cc17c;hp=4288db73c64a552be343f6998561b4d3518571f4;hpb=44c1abaa9a140edaeee8e30dcc557214b9f00903;p=mtweb diff --git a/mw/app/data/modules/sql/mw_data_users.php b/mw/app/data/modules/sql/mw_data_users.php index 4288db7..0a1cf54 100644 --- a/mw/app/data/modules/sql/mw_data_users.php +++ b/mw/app/data/modules/sql/mw_data_users.php @@ -16,11 +16,19 @@ $env = $this->env(); $users = array("list" => array(), "total" => 0); try{ - $SELECT = "SELECT *"; + $SELECT = "SELECT #--users.*"; $FROM = " FROM #--users"; $WHERE = ""; $WHERE .= (isset($alpha) ? ($WHERE ? " AND" : " WHERE")." LEFT(login, 1)=".$this->eq($alpha) : ""); - $WHERE .= (isset($status) ? ($WHERE ? " AND" : " WHERE")." status=".$this->eq($status) : ""); + if(isset($status)){ + $SELECT .= ", #--users_roles.id_role as status"; + $FROM .= + " LEFT JOIN #--users_roles ON (" + ." #--users_roles.id_user=#--users.id" + ." AND #--users_roles.id_role=".$this->eq($status) + .")"; + $WHERE .= ($WHERE ? " AND" : " WHERE")." mw_users_roles.id_role IS NOT NULL"; + } $LIMIT = ($env->config("max_list") ? " LIMIT ".$env->config("max_list")." OFFSET ".$start : ""); $sql = "SELECT count(*) as n FROM(".$SELECT.$FROM.$WHERE.") res"; $rst = $sgbd->query($sql); @@ -31,12 +39,33 @@ $rst = $sgbd->query($sql); while($v_rst = $sgbd->fetch_assoc($rst)) $users["list"][$v_rst["id"]] = $v_rst; $sgbd->free_result($rst); + foreach($users["list"] as $id_user => $user){ + if(($status = $this->list_user_status($id_user)) !== false){ + $users["list"][$id_user]["status"] = $status; + } + else{ + $users = false; + break; + } + } } } catch(Exception $e) { $users = false; } return $users; } + function list_user_status($id_user){ + $sgbd = $this->sgbd(); + $status = array(); + try{ + $rst = $sgbd->query("SELECT id_role FROM #--users_roles WHERE id_user=".$this->eq($id_user)); + while($v_rst = $sgbd->fetch_assoc($rst)) $status[] = $v_rst["id_role"]; + $sgbd->free_result($rst); + } + catch(Exception $e) { $status = false; } + return $status; + } + function user_by_id($id){ $sgbd = $this->sgbd(); $user = array(); @@ -45,6 +74,8 @@ $rst = $sgbd->query($sql); if($v_rst = $sgbd->fetch_assoc($rst)) $user = $v_rst; $sgbd->free_result($rst); + if(($status = $this->list_user_status($user["id"])) !== false) $user["status"] = $status; + else $user = false; } catch(Exception $e) { $user = false; } return $user; @@ -58,6 +89,10 @@ $rst = $sgbd->query($sql); if($v_rst = $sgbd->fetch_assoc($rst)) $user = $v_rst; $sgbd->free_result($rst); + if($user){ + if(($status = $this->list_user_status($user["id"])) !== false) $user["status"] = $status; + else $user = false; + } } catch(Exception $e) { $user = false; } return $user; @@ -81,14 +116,21 @@ $user_id = false; try{ $sql = - "INSERT INTO #--users(login, password, email, status) VALUES" + "INSERT INTO #--users(login, password, email) VALUES" ."( ".$this->eq($login) .", ".$this->eq($password) .", ".$this->eq($email) - .", ".$status .")"; $sgbd->query($sql); $user_id = $sgbd->insert_id(); + foreach($status as $id_role){ + $sql = + "INSERT INTO #--users_roles(id_user, id_role) VALUES" + ."( ".$user_id + .", ".$this->eq($id_role) + .")"; + $sgbd->query($sql); + } } catch(Exception $e) { $user_id = false; } return $user_id; @@ -102,21 +144,35 @@ ." login=".$this->eq($login) .", password=".$this->eq($password) .", email=".$this->eq($email) - .", status=".$status - ." WHERE id=".$id; + ." WHERE id=".$this->eq($id); + $sgbd->query($sql); + $sql = "DELETE FROM #--users_roles WHERE id_user=".$this->eq($id); $sgbd->query($sql); + foreach($status as $id_role){ + $sql = + "INSERT INTO #--users_roles(id_user, id_role) VALUES" + ."( ".$this->eq($id) + .", ".$this->eq($id_role) + .")"; + $sgbd->query($sql); + } } catch(Exception $e) { return false; } return true; } function del_user($login){ - $sgbd = $this->sgbd(); - try{ - $sql = "DELETE FROM #--users WHERE login=".$this->eq($login); - $sgbd->query($sql); + if(($user = $this->user($login)) !== false){ + $sgbd = $this->sgbd(); + try{ + $sql = "DELETE FROM #--users WHERE login=".$this->eq($login)." AND id=".$user["id"]; + $sgbd->query($sql); + $sql = "DELETE FROM #--users_roles WHERE id_user=".$user["id"]; + $sgbd->query($sql); + } + catch(Exception $e) { return false; } } - catch(Exception $e) { return false; } + else return false; return true; } @@ -124,16 +180,11 @@ # status # - function status(){ - if(!isset($this->user_status)) return false; - return $this->user_status; - } - function init_user_status($status = array()){ $sgbd = $this->sgbd(); $this->user_status = array(); try{ - $sql = "SELECT * FROM #--user_status"; + $sql = "SELECT * FROM #--roles"; $rst = $sgbd->query($sql); while($v_rst = $sgbd->fetch_assoc($rst)) $this->user_status[$v_rst["id"]] = $v_rst; $sgbd->free_result($rst); @@ -142,24 +193,141 @@ return $this->user_status; } - function init_action_status($status = array()){ - if(!isset($this->user_status)) return false; + function add_role($nom, $intitule){ $sgbd = $this->sgbd(); - $this->action_status = array(); try{ - $sql = "SELECT * FROM #--action_status"; + $sql = + "INSERT INTO #--roles(nom, intitule) VALUES(" + ." ".$this->eq($nom) + .", ".$this->eq($intitule) + .")"; $rst = $sgbd->query($sql); - while($v_rst = $sgbd->fetch_assoc($rst)) $this->action_status[$v_rst["id"]] = $v_rst; + $id_role = $sgbd->insert_id(); + } + catch(Exception $e) { $id_role = false; } + return $id_role; + } + + function get_role($id){ + if($id === "0") return array( + "id" => 0, + "nom" => "", + "intitule" => "" + ); + $sgbd = $this->sgbd(); + $role = array(); + try{ + $sql = "SELECT * FROM #--roles WHERE id=".$this->eq($id); + $rst = $sgbd->query($sql); + if($v_rst = $sgbd->fetch_assoc($rst)) $role = $v_rst; $sgbd->free_result($rst); } - catch(Exception $e) { $this->action_status = false; } - return $this->action_status; + catch(Exception $e) { $role = false; } + return $role; + } + + function set_role($id, $nom, $intitule){ + $sgbd = $this->sgbd(); + try{ + $sql = + "UPDATE #--roles SET" + ." nom=".$this->eq($nom) + .", intitule=".$this->eq($intitule) + ." WHERE id=".$this->eq($id); + $rst = $sgbd->query($sql); + } + catch(Exception $e) { return false; } + return true; + } + + function clear_role_actions($id_role){ + $sgbd = $this->sgbd(); + try{ + $sql = "DELETE FROM #--action_status WHERE id_status=".$this->eq($id_role); + $sgbd->query($sql); + } + catch(Exception $e) { return false; } + return true; + } + + function clear_role_users($id_role){ + $sgbd = $this->sgbd(); + try{ + $sql = "DELETE FROM #--users_roles WHERE id_role=".$this->eq($id_role); + $sgbd->query($sql); + } + catch(Exception $e) { return false; } + return true; + } + + function add_role_action($id_role, $action){ + $sgbd = $this->sgbd(); + try{ + $sql = "INSERT INTO #--action_status(action, id_status) VALUES(".$this->eq($action).", ".$this->eq($id_role).")"; + $sgbd->query($sql); + $id_action_status = $sgbd->insert_id(); + } + catch(Exception $e) { $id_action_status = false; } + return $id_action_status; + } + + function del_role($id_role){ + $sgbd = $this->sgbd(); + try{ + $sql = "DELETE FROM #--roles WHERE id=".$this->eq($id_role); + $sgbd->query($sql); + } + catch(Exception $e) { return false; } + return true; + } + + function status(){ + if(!isset($this->user_status)) return false; + return $this->user_status; } function get_user_status(){ + $user_status = array(); $user = $this->get_session_user(); - if($user && isset($user["status"])) return $user["status"]; - return 0; + if($user && isset($user["id"])){ + $sgbd = $this->sgbd(); + try{ + $sql = "SELECT id_role FROM #--users_roles WHERE id_user=".$this->eq($user["id"]); + $rst = $sgbd->query($sql); + while($v_rst = $sgbd->fetch_assoc($rst)) $user_status[] = $v_rst["id_role"]; + $sgbd->free_result($rst); + } + catch(Exception $_e){ return false; } + } + else $user_status[] = 0; + if(!$user_status) $user_status[] = 0; + return $user_status; + } + + function init_action_status($status = array()){ + if(!isset($this->user_status)) return false; + $this->action_status = $this->read_action_status(); + return $this->action_status; + } + + function read_action_status($params = array()){ + $group_by_action = isset($params["group_by_action"]) ? $params["group_by_action"] : false; + $sgbd = $this->sgbd(); + $action_status = array(); + try{ + $sql = "SELECT * FROM #--action_status"; + $rst = $sgbd->query($sql); + while($v_rst = $sgbd->fetch_assoc($rst)){ + if($group_by_action){ + if(!isset($action_status[$v_rst["action"]])) $action_status[$v_rst["action"]] = array(); + $action_status[$v_rst["action"]][] = $v_rst["id_status"]; + } + else $action_status[$v_rst["id"]] = $v_rst; + } + $sgbd->free_result($rst); + } + catch(Exception $e) { $action_status = false; } + return $action_status; } function get_action_status($mod, $controller = "index", $action = "index", $set_status = array()){ @@ -183,17 +351,62 @@ return $status; } - function creation_default_status(){ - $sgbd = $this->sgbd(); - $default_status = 0; - try{ - $sql = "SELECT id FROM #--user_status WHERE creation_default=1 LIMIT 0,1"; - $rst = $sgbd->query($sql); - if($v_rst = $sgbd->fetch_assoc($rst)) $default_status = $v_rst["id"]; - $sgbd->free_result($rst); + function get_actions($id_role = null){ + $env = $this->env(); + if($actions = $env->get_actions()){ + if(($action_status = $this->read_action_status(array("group_by_action" => true))) !== false){ + foreach($actions as $module_name => $module){ + if(isset($id_role)) $actions[$module_name]["module_allowed"] = + isset($action_status[$module_name]) + && in_array($id_role, $action_status[$module_name]); + $actions[$module_name]["is_public"] = + isset($action_status[$module_name]) + && in_array(0, $action_status[$module_name]); + foreach($module["controleurs"] as $controleur_name => $controleur){ + if(isset($id_role)) $actions[$module_name]["controleurs"][$controleur_name]["controleur_allowed"] = + isset($action_status[$module_name."/".$controleur_name]) + && in_array($id_role, $action_status[$module_name."/".$controleur_name]); + $actions[$module_name]["controleurs"][$controleur_name]["is_public"] = + isset($action_status[$module_name."/".$controleur_name]) + && in_array(0, $action_status[$module_name."/".$controleur_name]); + foreach($controleur["als"] as $index_als => $al){ + if($al["actions"]){ + if(isset($id_role)){ + $HAS_ACTION_NOT_ALLOWED = false; + foreach($al["actions"] as $action_name){ + if( + !isset($action_status[$module_name."/".$controleur_name."/".$action_name]) + || !in_array($id_role, $action_status[$module_name."/".$controleur_name."/".$action_name]) + ){ + $HAS_ACTION_NOT_ALLOWED = true; + break; + } + } + if(!$HAS_ACTION_NOT_ALLOWED){ + $actions[$module_name]["controleurs"][$controleur_name]["als"][$index_als]["action_allowed"] = true; + } + } + $HAS_ACTION_NOT_ALLOWED = false; + foreach($al["actions"] as $action_name){ + if( + !isset($action_status[$module_name."/".$controleur_name."/".$action_name]) + || !in_array(0, $action_status[$module_name."/".$controleur_name."/".$action_name]) + ){ + $HAS_ACTION_NOT_ALLOWED = true; + break; + } + } + if(!$HAS_ACTION_NOT_ALLOWED){ + $actions[$module_name]["controleurs"][$controleur_name]["als"][$index_als]["is_public"] = true; + } + } + } + } + } + return $actions; + } } - catch(Exception $e) { $default_status = false; } - return $default_status; + return array(); } # ----------------------------------------------------------------------------------------