sgbd(); $env = $this->env(); $users = array("list" => array(), "total" => 0); try{ $SELECT = "SELECT #--users.*"; $FROM = " FROM #--users"; $WHERE = ""; $WHERE .= (isset($alpha) ? ($WHERE ? " AND" : " WHERE")." LEFT(login, 1)=".$this->eq($alpha) : ""); if(isset($id_role)){ $SELECT .= ", #--users_roles.id_role"; $FROM .= " LEFT JOIN #--users_roles ON (" ." #--users_roles.id_user=#--users.id" ." AND #--users_roles.id_role=".$this->eq($id_role) .")"; $WHERE .= ($WHERE ? " AND" : " WHERE")." mw_users_roles.id_role IS NOT NULL"; } $LIMIT = ($env->config("max_list") ? " LIMIT ".$env->config("max_list")." OFFSET ".$start : ""); $sql = "SELECT count(*) as n FROM(".$SELECT.$FROM.$WHERE.") res"; $rst = $sgbd->query($sql); if($v_rst = $sgbd->fetch_assoc($rst)) $users["total"] = $v_rst["n"]; $sgbd->free_result($rst); if($users["total"] > 0){ $sql = "SELECT * FROM(".$SELECT.$FROM.$WHERE.$LIMIT.") res"; $rst = $sgbd->query($sql); while($v_rst = $sgbd->fetch_assoc($rst)) $users["list"][$v_rst["id"]] = $v_rst; $sgbd->free_result($rst); foreach($users["list"] as $id_user => $user){ if(($roles = $this->list_user_roles($id_user)) !== false){ $users["list"][$id_user]["roles"] = $roles; } else{ $users = false; break; } } } } catch(Exception $e) { $users = false; } return $users; } public function list_user_roles($id_user){ $sgbd = $this->sgbd(); $roles = array(); try{ $rst = $sgbd->query("SELECT id_role FROM #--users_roles WHERE id_user=".$this->eq($id_user)); while($v_rst = $sgbd->fetch_assoc($rst)) $roles[] = $v_rst["id_role"]; $sgbd->free_result($rst); } catch(Exception $e) { $roles = false; } return $roles; } public function user_by_id($id){ $env = $this->env(); $user = $env->get_model("users"); if($user->load("id", $id) === false) return false; return $user->get_values(); } public function user($login){ $env = $this->env(); $user = $env->get_model("users"); if($user->load("login", $login) === false) return false; return $user->get_values(); } public function user_exists($login){ $sgbd = $this->sgbd(); $EXISTS = 0; try{ $sql = "SELECT count(*) as n from #--users WHERE login=".$this->eq($login); $rst = $sgbd->query($sql); if($v_rst = $sgbd->fetch_assoc($rst)) $EXISTS = $v_rst["n"]; $sgbd->free_result($rst); } catch(Exception $e) { $EXISTS = false; } return $EXISTS; } public function add_user($login, $password, $email, $roles){ $sgbd = $this->sgbd(); $user_id = false; try{ $sql = "INSERT INTO #--users(login, password, email) VALUES" ."( ".$this->eq($login) .", ".$this->eq($password) .", ".$this->eq($email) .")"; $sgbd->query($sql); $user_id = $sgbd->insert_id(); foreach($roles as $id_role){ $sql = "INSERT INTO #--users_roles(id_user, id_role) VALUES" ."( ".$user_id .", ".$this->eq($id_role) .")"; $sgbd->query($sql); } } catch(Exception $e) { $user_id = false; } return $user_id; } public function set_user($id, $login, $password, $email, $roles){ $sgbd = $this->sgbd(); try{ $sql = "UPDATE #--users SET" ." login=".$this->eq($login) .", password=".$this->eq($password) .", email=".$this->eq($email) ." WHERE id=".$this->eq($id); $sgbd->query($sql); if(!$this->clear_user_roles($id)) return false; foreach($roles as $id_role){ if(!$this->add_user_role($id, $id_role)) return false; } } catch(Exception $e) { return false; } return true; } public function clear_user_roles($id_user){ $sgbd = $this->sgbd(); try{ $sql = "DELETE FROM #--users_roles WHERE id_user=".$this->eq($id_user); $sgbd->query($sql); } catch(Exception $e) { return false; } return true; } public function add_user_role($id_user, $id_role){ $sgbd = $this->sgbd(); try{ $sql = "INSERT INTO #--users_roles(id_user, id_role) VALUES" ."( ".$this->eq($id_user) .", ".$this->eq($id_role) .")"; $sgbd->query($sql); } catch(Exception $e) { return false; } return true; } public function del_user($login){ if(($user = $this->user($login)) !== false){ $sgbd = $this->sgbd(); try{ $sql = "DELETE FROM #--users_roles WHERE id_user=".$user["id"]; $sgbd->query($sql); $sql = "DELETE FROM #--users WHERE login=".$this->eq($login)." AND id=".$user["id"]; $sgbd->query($sql); } catch(Exception $e) { return false; } } else return false; return true; } # ---------------------------------------------------------------------------------------- # roles # public function init_roles(){ $sgbd = $this->sgbd(); $this->roles = array(); try{ $sql = "SELECT * FROM #--roles"; $rst = $sgbd->query($sql); while($v_rst = $sgbd->fetch_assoc($rst)) $this->roles[$v_rst["id"]] = $v_rst; $sgbd->free_result($rst); } catch(Exception $e) { $this->roles = false; } return $this->roles; } public function roles(){ if(!isset($this->roles)) return false; return $this->roles; } public function add_role($nom, $intitule){ $sgbd = $this->sgbd(); try{ $sql = "INSERT INTO #--roles(nom, intitule) VALUES(" ." ".$this->eq($nom) .", ".$this->eq($intitule) .")"; $rst = $sgbd->query($sql); $id_role = $sgbd->insert_id(); } catch(Exception $e) { $id_role = false; } return $id_role; } public function get_role($id){ if($id === "0") return array( "id" => 0, "nom" => "", "intitule" => "" ); $sgbd = $this->sgbd(); $role = array(); try{ $sql = "SELECT * FROM #--roles WHERE id=".$this->eq($id); $rst = $sgbd->query($sql); if($v_rst = $sgbd->fetch_assoc($rst)) $role = $v_rst; $sgbd->free_result($rst); } catch(Exception $e) { $role = false; } return $role; } public function set_role($id, $nom, $intitule){ $sgbd = $this->sgbd(); try{ $sql = "UPDATE #--roles SET" ." nom=".$this->eq($nom) .", intitule=".$this->eq($intitule) ." WHERE id=".$this->eq($id); $rst = $sgbd->query($sql); } catch(Exception $e) { return false; } return true; } public function clear_role_actions($id_role){ $sgbd = $this->sgbd(); try{ $sql = "DELETE FROM #--actions_roles WHERE id_role=".$this->eq($id_role); $sgbd->query($sql); } catch(Exception $e) { return false; } return true; } public function clear_role_users($id_role){ $sgbd = $this->sgbd(); try{ $sql = "DELETE FROM #--users_roles WHERE id_role=".$this->eq($id_role); $sgbd->query($sql); } catch(Exception $e) { return false; } return true; } public function add_role_action($id_role, $action){ $sgbd = $this->sgbd(); try{ $sql = "INSERT INTO #--actions_roles(action, id_role) VALUES(".$this->eq($action).", ".$this->eq($id_role).")"; $sgbd->query($sql); $id_action_role = $sgbd->insert_id(); } catch(Exception $e) { $id_action_role = false; } return $id_action_role; } public function del_role($id_role){ $sgbd = $this->sgbd(); try{ $sql = "DELETE FROM #--roles WHERE id=".$this->eq($id_role); $sgbd->query($sql); } catch(Exception $e) { return false; } return true; } public function get_user_roles(){ $user_roles = array(); $user = $this->get_session_user(); if($user && isset($user["id"])){ $sgbd = $this->sgbd(); try{ $sql = "SELECT id_role FROM #--users_roles WHERE id_user=".$this->eq($user["id"]); $rst = $sgbd->query($sql); while($v_rst = $sgbd->fetch_assoc($rst)) $user_roles[] = $v_rst["id_role"]; $sgbd->free_result($rst); } catch(Exception $_e){ return false; } } else $user_roles[] = 0; if(!$user_roles) $user_roles[] = 0; return $user_roles; } public function init_actions_roles(){ if(!isset($this->roles)) return false; $this->actions_roles = $this->read_actions_roles(); return $this->actions_roles; } public function read_actions_roles($params = array()){ $group_by_action = isset($params["group_by_action"]) ? $params["group_by_action"] : false; $sgbd = $this->sgbd(); $actions_roles = array(); try{ $sql = "SELECT * FROM #--actions_roles"; $rst = $sgbd->query($sql); while($v_rst = $sgbd->fetch_assoc($rst)){ if($group_by_action){ if(!isset($actions_roles[$v_rst["action"]])) $actions_roles[$v_rst["action"]] = array(); $actions_roles[$v_rst["action"]][] = $v_rst["id_role"]; } else $actions_roles[$v_rst["id"]] = $v_rst; } $sgbd->free_result($rst); } catch(Exception $e) { $actions_roles = false; } return $actions_roles; } public function get_action_roles($mod, $controller = "index", $action = "index"){ $sgbd = $this->sgbd(); $roles = array(); try{ $sql = "SELECT action, id_role" ." FROM #--actions_roles" ." WHERE action=".$this->eq($mod) ." OR action=".$this->eq($mod."/".$controller) ." OR action=".$this->eq($mod."/".$controller."/".$action); $rst = $sgbd->query($sql); while($v_rst = $sgbd->fetch_assoc($rst)){ if(!isset($roles[$v_rst["action"]])) $roles[$v_rst["action"]] = array(); $roles[$v_rst["action"]][$v_rst["id_role"]] = true; } $sgbd->free_result($rst); } catch(Exception $e) { $roles = false; } return $roles; } public function get_actions($id_role = null){ $env = $this->env(); if($actions = $env->get_actions()){ if(($actions_roles = $this->read_actions_roles(array("group_by_action" => true))) !== false){ foreach($actions as $module_name => $module){ if(isset($id_role)) $actions[$module_name]["module_allowed"] = isset($actions_roles[$module_name]) && in_array($id_role, $actions_roles[$module_name]); $actions[$module_name]["is_public"] = isset($actions_roles[$module_name]) && in_array(0, $actions_roles[$module_name]); foreach($module["controleurs"] as $controleur_name => $controleur){ if(isset($id_role)) $actions[$module_name]["controleurs"][$controleur_name]["controleur_allowed"] = isset($actions_roles[$module_name."/".$controleur_name]) && in_array($id_role, $actions_roles[$module_name."/".$controleur_name]); $actions[$module_name]["controleurs"][$controleur_name]["is_public"] = isset($actions_roles[$module_name."/".$controleur_name]) && in_array(0, $actions_roles[$module_name."/".$controleur_name]); foreach($controleur["als"] as $index_als => $al){ if($al["actions"]){ if(isset($id_role)){ $HAS_ACTION_NOT_ALLOWED = false; foreach($al["actions"] as $action_name){ if( !isset($actions_roles[$module_name."/".$controleur_name."/".$action_name]) || !in_array($id_role, $actions_roles[$module_name."/".$controleur_name."/".$action_name]) ){ $HAS_ACTION_NOT_ALLOWED = true; break; } } if(!$HAS_ACTION_NOT_ALLOWED){ $actions[$module_name]["controleurs"][$controleur_name]["als"][$index_als]["action_allowed"] = true; } } $HAS_ACTION_NOT_ALLOWED = false; foreach($al["actions"] as $action_name){ if( !isset($actions_roles[$module_name."/".$controleur_name."/".$action_name]) || !in_array(0, $actions_roles[$module_name."/".$controleur_name."/".$action_name]) ){ $HAS_ACTION_NOT_ALLOWED = true; break; } } if(!$HAS_ACTION_NOT_ALLOWED){ $actions[$module_name]["controleurs"][$controleur_name]["als"][$index_als]["is_public"] = true; } } } } } return $actions; } } return array(); } }