$env = $this->env();
$users = array("list" => array(), "total" => 0);
try{
- $SELECT = "SELECT *";
+ $SELECT = "SELECT #--users.*";
$FROM = " FROM #--users";
$WHERE = "";
$WHERE .= (isset($alpha) ? ($WHERE ? " AND" : " WHERE")." LEFT(login, 1)=".$this->eq($alpha) : "");
- $WHERE .= (isset($status) ? ($WHERE ? " AND" : " WHERE")." status=".$this->eq($status) : "");
+ if(isset($status)){
+ $SELECT .= ", #--users_roles.id_role as status";
+ $FROM .=
+ " LEFT JOIN #--users_roles ON ("
+ ." #--users_roles.id_user=#--users.id"
+ ." AND #--users_roles.id_role=".$this->eq($status)
+ .")";
+ $WHERE .= ($WHERE ? " AND" : " WHERE")." mw_users_roles.id_role IS NOT NULL";
+ }
$LIMIT = ($env->config("max_list") ? " LIMIT ".$env->config("max_list")." OFFSET ".$start : "");
$sql = "SELECT count(*) as n FROM(".$SELECT.$FROM.$WHERE.") res";
$rst = $sgbd->query($sql);
$rst = $sgbd->query($sql);
while($v_rst = $sgbd->fetch_assoc($rst)) $users["list"][$v_rst["id"]] = $v_rst;
$sgbd->free_result($rst);
+ foreach($users["list"] as $id_user => $user){
+ if(($status = $this->list_user_status($id_user)) !== false){
+ $users["list"][$id_user]["status"] = $status;
+ }
+ else{
+ $users = false;
+ break;
+ }
+ }
}
}
catch(Exception $e) { $users = false; }
return $users;
}
+ function list_user_status($id_user){
+ $sgbd = $this->sgbd();
+ $status = array();
+ try{
+ $rst = $sgbd->query("SELECT id_role FROM #--users_roles WHERE id_user=".$this->eq($id_user));
+ while($v_rst = $sgbd->fetch_assoc($rst)) $status[] = $v_rst["id_role"];
+ $sgbd->free_result($rst);
+ }
+ catch(Exception $e) { $status = false; }
+ return $status;
+ }
+
function user_by_id($id){
$sgbd = $this->sgbd();
$user = array();
$rst = $sgbd->query($sql);
if($v_rst = $sgbd->fetch_assoc($rst)) $user = $v_rst;
$sgbd->free_result($rst);
+ if(($status = $this->list_user_status($user["id"])) !== false) $user["status"] = $status;
+ else $user = false;
}
catch(Exception $e) { $user = false; }
return $user;
$rst = $sgbd->query($sql);
if($v_rst = $sgbd->fetch_assoc($rst)) $user = $v_rst;
$sgbd->free_result($rst);
+ if($user){
+ if(($status = $this->list_user_status($user["id"])) !== false) $user["status"] = $status;
+ else $user = false;
+ }
}
catch(Exception $e) { $user = false; }
return $user;
$user_id = false;
try{
$sql =
- "INSERT INTO #--users(login, password, email, status) VALUES"
+ "INSERT INTO #--users(login, password, email) VALUES"
."( ".$this->eq($login)
.", ".$this->eq($password)
.", ".$this->eq($email)
- .", ".$status
.")";
$sgbd->query($sql);
$user_id = $sgbd->insert_id();
+ foreach($status as $id_role){
+ $sql =
+ "INSERT INTO #--users_roles(id_user, id_role) VALUES"
+ ."( ".$user_id
+ .", ".$this->eq($id_role)
+ .")";
+ $sgbd->query($sql);
+ }
}
catch(Exception $e) { $user_id = false; }
return $user_id;
." login=".$this->eq($login)
.", password=".$this->eq($password)
.", email=".$this->eq($email)
- .", status=".$status
- ." WHERE id=".$id;
+ ." WHERE id=".$this->eq($id);
+ $sgbd->query($sql);
+ $sql = "DELETE FROM #--users_roles WHERE id_user=".$this->eq($id);
$sgbd->query($sql);
+ foreach($status as $id_role){
+ $sql =
+ "INSERT INTO #--users_roles(id_user, id_role) VALUES"
+ ."( ".$this->eq($id)
+ .", ".$this->eq($id_role)
+ .")";
+ $sgbd->query($sql);
+ }
}
catch(Exception $e) { return false; }
return true;
}
function del_user($login){
- $sgbd = $this->sgbd();
- try{
- $sql = "DELETE FROM #--users WHERE login=".$this->eq($login);
- $sgbd->query($sql);
+ if(($user = $this->user($login)) !== false){
+ $sgbd = $this->sgbd();
+ try{
+ $sql = "DELETE FROM #--users WHERE login=".$this->eq($login)." AND id=".$user["id"];
+ $sgbd->query($sql);
+ $sql = "DELETE FROM #--users_roles WHERE id_user=".$user["id"];
+ $sgbd->query($sql);
+ }
+ catch(Exception $e) { return false; }
}
- catch(Exception $e) { return false; }
+ else return false;
return true;
}
# status
#
- function status(){
- if(!isset($this->user_status)) return false;
- return $this->user_status;
- }
-
function init_user_status($status = array()){
$sgbd = $this->sgbd();
$this->user_status = array();
try{
- $sql = "SELECT * FROM #--user_status";
+ $sql = "SELECT * FROM #--roles";
$rst = $sgbd->query($sql);
while($v_rst = $sgbd->fetch_assoc($rst)) $this->user_status[$v_rst["id"]] = $v_rst;
$sgbd->free_result($rst);
return $this->user_status;
}
- function init_action_status($status = array()){
- if(!isset($this->user_status)) return false;
+ function add_role($nom, $intitule){
$sgbd = $this->sgbd();
- $this->action_status = array();
try{
- $sql = "SELECT * FROM #--action_status";
+ $sql =
+ "INSERT INTO #--roles(nom, intitule) VALUES("
+ ." ".$this->eq($nom)
+ .", ".$this->eq($intitule)
+ .")";
$rst = $sgbd->query($sql);
- while($v_rst = $sgbd->fetch_assoc($rst)) $this->action_status[$v_rst["id"]] = $v_rst;
+ $id_role = $sgbd->insert_id();
+ }
+ catch(Exception $e) { $id_role = false; }
+ return $id_role;
+ }
+
+ function get_role($id){
+ if($id === "0") return array(
+ "id" => 0,
+ "nom" => "",
+ "intitule" => ""
+ );
+ $sgbd = $this->sgbd();
+ $role = array();
+ try{
+ $sql = "SELECT * FROM #--roles WHERE id=".$this->eq($id);
+ $rst = $sgbd->query($sql);
+ if($v_rst = $sgbd->fetch_assoc($rst)) $role = $v_rst;
$sgbd->free_result($rst);
}
- catch(Exception $e) { $this->action_status = false; }
- return $this->action_status;
+ catch(Exception $e) { $role = false; }
+ return $role;
+ }
+
+ function set_role($id, $nom, $intitule){
+ $sgbd = $this->sgbd();
+ try{
+ $sql =
+ "UPDATE #--roles SET"
+ ." nom=".$this->eq($nom)
+ .", intitule=".$this->eq($intitule)
+ ." WHERE id=".$this->eq($id);
+ $rst = $sgbd->query($sql);
+ }
+ catch(Exception $e) { return false; }
+ return true;
+ }
+
+ function clear_role_actions($id_role){
+ $sgbd = $this->sgbd();
+ try{
+ $sql = "DELETE FROM #--action_status WHERE id_status=".$this->eq($id_role);
+ $sgbd->query($sql);
+ }
+ catch(Exception $e) { return false; }
+ return true;
+ }
+
+ function clear_role_users($id_role){
+ $sgbd = $this->sgbd();
+ try{
+ $sql = "DELETE FROM #--users_roles WHERE id_role=".$this->eq($id_role);
+ $sgbd->query($sql);
+ }
+ catch(Exception $e) { return false; }
+ return true;
+ }
+
+ function add_role_action($id_role, $action){
+ $sgbd = $this->sgbd();
+ try{
+ $sql = "INSERT INTO #--action_status(action, id_status) VALUES(".$this->eq($action).", ".$this->eq($id_role).")";
+ $sgbd->query($sql);
+ $id_action_status = $sgbd->insert_id();
+ }
+ catch(Exception $e) { $id_action_status = false; }
+ return $id_action_status;
+ }
+
+ function del_role($id_role){
+ $sgbd = $this->sgbd();
+ try{
+ $sql = "DELETE FROM #--roles WHERE id=".$this->eq($id_role);
+ $sgbd->query($sql);
+ }
+ catch(Exception $e) { return false; }
+ return true;
+ }
+
+ function status(){
+ if(!isset($this->user_status)) return false;
+ return $this->user_status;
}
function get_user_status(){
+ $user_status = array();
$user = $this->get_session_user();
- if($user && isset($user["status"])) return $user["status"];
- return 0;
+ if($user && isset($user["id"])){
+ $sgbd = $this->sgbd();
+ try{
+ $sql = "SELECT id_role FROM #--users_roles WHERE id_user=".$this->eq($user["id"]);
+ $rst = $sgbd->query($sql);
+ while($v_rst = $sgbd->fetch_assoc($rst)) $user_status[] = $v_rst["id_role"];
+ $sgbd->free_result($rst);
+ }
+ catch(Exception $_e){ return false; }
+ }
+ else $user_status[] = 0;
+ if(!$user_status) $user_status[] = 0;
+ return $user_status;
+ }
+
+ function init_action_status($status = array()){
+ if(!isset($this->user_status)) return false;
+ $this->action_status = $this->read_action_status();
+ return $this->action_status;
+ }
+
+ function read_action_status($params = array()){
+ $group_by_action = isset($params["group_by_action"]) ? $params["group_by_action"] : false;
+ $sgbd = $this->sgbd();
+ $action_status = array();
+ try{
+ $sql = "SELECT * FROM #--action_status";
+ $rst = $sgbd->query($sql);
+ while($v_rst = $sgbd->fetch_assoc($rst)){
+ if($group_by_action){
+ if(!isset($action_status[$v_rst["action"]])) $action_status[$v_rst["action"]] = array();
+ $action_status[$v_rst["action"]][] = $v_rst["id_status"];
+ }
+ else $action_status[$v_rst["id"]] = $v_rst;
+ }
+ $sgbd->free_result($rst);
+ }
+ catch(Exception $e) { $action_status = false; }
+ return $action_status;
}
function get_action_status($mod, $controller = "index", $action = "index", $set_status = array()){
return $status;
}
- function creation_default_status(){
- $sgbd = $this->sgbd();
- $default_status = 0;
- try{
- $sql = "SELECT id FROM #--user_status WHERE creation_default=1 LIMIT 0,1";
- $rst = $sgbd->query($sql);
- if($v_rst = $sgbd->fetch_assoc($rst)) $default_status = $v_rst["id"];
- $sgbd->free_result($rst);
+ function get_actions($id_role = null){
+ $env = $this->env();
+ if($actions = $env->get_actions()){
+ if(($action_status = $this->read_action_status(array("group_by_action" => true))) !== false){
+ foreach($actions as $module_name => $module){
+ if(isset($id_role)) $actions[$module_name]["module_allowed"] =
+ isset($action_status[$module_name])
+ && in_array($id_role, $action_status[$module_name]);
+ $actions[$module_name]["is_public"] =
+ isset($action_status[$module_name])
+ && in_array(0, $action_status[$module_name]);
+ foreach($module["controleurs"] as $controleur_name => $controleur){
+ if(isset($id_role)) $actions[$module_name]["controleurs"][$controleur_name]["controleur_allowed"] =
+ isset($action_status[$module_name."/".$controleur_name])
+ && in_array($id_role, $action_status[$module_name."/".$controleur_name]);
+ $actions[$module_name]["controleurs"][$controleur_name]["is_public"] =
+ isset($action_status[$module_name."/".$controleur_name])
+ && in_array(0, $action_status[$module_name."/".$controleur_name]);
+ foreach($controleur["als"] as $index_als => $al){
+ if($al["actions"]){
+ if(isset($id_role)){
+ $HAS_ACTION_NOT_ALLOWED = false;
+ foreach($al["actions"] as $action_name){
+ if(
+ !isset($action_status[$module_name."/".$controleur_name."/".$action_name])
+ || !in_array($id_role, $action_status[$module_name."/".$controleur_name."/".$action_name])
+ ){
+ $HAS_ACTION_NOT_ALLOWED = true;
+ break;
+ }
+ }
+ if(!$HAS_ACTION_NOT_ALLOWED){
+ $actions[$module_name]["controleurs"][$controleur_name]["als"][$index_als]["action_allowed"] = true;
+ }
+ }
+ $HAS_ACTION_NOT_ALLOWED = false;
+ foreach($al["actions"] as $action_name){
+ if(
+ !isset($action_status[$module_name."/".$controleur_name."/".$action_name])
+ || !in_array(0, $action_status[$module_name."/".$controleur_name."/".$action_name])
+ ){
+ $HAS_ACTION_NOT_ALLOWED = true;
+ break;
+ }
+ }
+ if(!$HAS_ACTION_NOT_ALLOWED){
+ $actions[$module_name]["controleurs"][$controleur_name]["als"][$index_als]["is_public"] = true;
+ }
+ }
+ }
+ }
+ }
+ return $actions;
+ }
}
- catch(Exception $e) { $default_status = false; }
- return $default_status;
+ return array();
}
# ----------------------------------------------------------------------------------------
projects / mtweb / blobdiff