diff --git a/gulliver/system/class.rbac.php b/gulliver/system/class.rbac.php
index e0e9cc34e..383d4af2a 100644
--- a/gulliver/system/class.rbac.php
+++ b/gulliver/system/class.rbac.php
@@ -211,6 +211,24 @@ class RBAC
'showDynaformListHistory' => ['PM_CASES'],
'dynaformChangeLogViewHistory' => ['PM_CASES'],
'historyDynaformGridPreview' => ['PM_CASES'],
+ ],
+ 'usersAjax.php' => [
+ 'countryList' => ['PM_LOGIN'],
+ 'stateList' => ['PM_LOGIN'],
+ 'locationList' => ['PM_LOGIN'],
+ 'usersList' => ['PM_USERS,PM_EDIT_USER_PROFILE_REPLACED_BY'],
+ 'availableCalendars' => ['PM_LOGIN'],
+ 'rolesList' => ['PM_LOGIN'],
+ 'getUserLogedRole' => ['PM_USERS,PM_EDIT_USER_PROFILE_PASSWORD'],
+ 'languagesList' => ['PM_LOGIN'],
+ 'saveUser' => [], // This action is validated with custom logic in the same page
+ 'savePersonalInfo' => [], // This action is validated with custom logic in the same page
+ 'userData' => [], // This action is validated with custom logic in the same page
+ 'defaultMainMenuOptionList' => ['PM_LOGIN'],
+ 'defaultCasesMenuOptionList' => ['PM_LOGIN'],
+ 'testPassword' => ['PM_USERS,PM_EDIT_USER_PROFILE_PASSWORD'],
+ 'testUsername' => ['PM_USERS,PM_EDIT_USER_PROFILE_USERNAME'],
+ 'passwordValidate' => ['PM_USERS,PM_EDIT_USER_PROFILE_PASSWORD'],
]
];
$this->aliasPermissions['PM_CASES'] = [self::PM_GUEST_CASE];
diff --git a/workflow/engine/methods/users/usersAjax.php b/workflow/engine/methods/users/usersAjax.php
index e2d6737c5..b7f657939 100644
--- a/workflow/engine/methods/users/usersAjax.php
+++ b/workflow/engine/methods/users/usersAjax.php
@@ -1,5 +1,8 @@
xssFilterHard($_POST);
if (isset($_SESSION['USER_LOGGED'])) {
@@ -9,456 +12,482 @@ if (isset($_SESSION['USR_USERNAME'])) {
$_SESSION['USR_USERNAME'] = $filter->xssFilterHard($_SESSION['USR_USERNAME']);
}
-global $RBAC;
+// Initializing variables
+$action = $_POST['action'];
$result = new StdClass();
-switch ($_POST['action']) {
- case 'countryList':
- require_once("classes/model/IsoCountry.php");
- $c = new Criteria();
- $c->add(IsoCountryPeer::IC_UID, null, Criteria::ISNOTNULL);
- $c->addAscendingOrderByColumn(IsoCountryPeer::IC_NAME);
+// Try to execute the requested action
+try {
+ // Checking access permissions for the current action
+ global $RBAC;
+ $RBAC->allows(basename(__FILE__), $action);
- $countries = IsoCountryPeer::doSelect($c);
- foreach ($countries as $rowid => $row) {
- $oData[] = array('IC_UID' => $row->getICUid(), 'IC_NAME' => $row->getICName());
- }
- print(G::json_encode($oData));
- break;
- case 'stateList':
- require_once("classes/model/IsoSubdivision.php");
- $c = new Criteria();
- $country = $_POST['IC_UID'];
- $c->add(IsoSubdivisionPeer::IC_UID, $country, Criteria::EQUAL);
- $c->addAscendingOrderByColumn(IsoSubdivisionPeer::IS_NAME);
- $locations = IsoSubdivisionPeer::doSelect($c);
+ // Executing the action
+ switch ($action) {
+ case 'countryList':
+ $c = new Criteria();
+ $c->add(IsoCountryPeer::IC_UID, null, Criteria::ISNOTNULL);
+ $c->addAscendingOrderByColumn(IsoCountryPeer::IC_NAME);
+ $countries = IsoCountryPeer::doSelect($c);
- $oData = array();
- foreach ($locations as $rowid => $row) {
- if (($row->getISUid() != '') && ($row->getISName() != '')) {
- $oData[] = array('IS_UID' => $row->getISUid(), 'IS_NAME' => $row->getISName());
+ $data = [];
+ foreach ($countries as $row) {
+ $data[] = ['IC_UID' => $row->getICUid(), 'IC_NAME' => $row->getICName()];
}
- }
- print(G::json_encode($oData));
- break;
- case 'locationList':
- require_once("classes/model/IsoLocation.php");
- $c = new Criteria();
- $country = $_POST['IC_UID'];
- $state = $_POST['IS_UID'];
- $c->add(IsoLocationPeer::IC_UID, $country, Criteria::EQUAL);
- $c->add(IsoLocationPeer::IS_UID, $state, Criteria::EQUAL);
- $c->addAscendingOrderByColumn(IsoLocationPeer::IL_NAME);
- $locations = IsoLocationPeer::doSelect($c);
+ print(G::json_encode($data));
+ break;
+ case 'stateList':
+ $c = new Criteria();
+ $country = $_POST['IC_UID'];
+ $c->add(IsoSubdivisionPeer::IC_UID, $country, Criteria::EQUAL);
+ $c->addAscendingOrderByColumn(IsoSubdivisionPeer::IS_NAME);
+ $locations = IsoSubdivisionPeer::doSelect($c);
- $oData = array();
- foreach ($locations as $rowid => $row) {
- if (($row->getILUid() != '') && ($row->getILName() != '')) {
- $oData[] = array('IL_UID' => $row->getILUid(), 'IL_NAME' => $row->getILName());
- }
- }
- print(G::json_encode($oData));
- break;
- case 'usersList':
- $filter = (isset($_POST['filter']))? $_POST['filter'] : '';
-
- $arrayUser = [];
-
- $user = new \ProcessMaker\BusinessModel\User();
- $conf = new Configurations();
-
- $arrayConfFormat = $conf->getFormats();
-
- $arrayCondition = [[UsersPeer::USR_STATUS, ['ACTIVE', 'VACATION'], Criteria::IN]];
-
- if (isset($_POST['USR_UID'])) {
- $arrayCondition[] = [UsersPeer::USR_UID, $_POST['USR_UID'], Criteria::NOT_EQUAL];
- }
-
- $result = $user->getUsers(['condition' => $arrayCondition, 'filter' => $filter], null, null, null, 25);
-
- foreach ($result['data'] as $record) {
- $arrayUser[] = [
- 'USR_UID' => $record['USR_UID'],
- 'USER_FULLNAME' => G::getFormatUserList($arrayConfFormat['format'], $record)
- ];
- }
-
- echo G::json_encode($arrayUser);
- break;
- case 'availableCalendars':
- $calendar = new Calendar();
- $calendarObj = $calendar->getCalendarList(true, true);
- $oData[] = array('CALENDAR_UID' => '', 'CALENDAR_NAME' => '- ' . G::LoadTranslation('ID_NONE') . ' -');
- foreach ($calendarObj['array'] as $rowid => $row) {
- if ($rowid > 0) {
- $oData[] = array('CALENDAR_UID' => $row['CALENDAR_UID'], 'CALENDAR_NAME' => $row['CALENDAR_NAME']);
- }
- }
- print(G::json_encode($oData));
- break;
- case 'rolesList':
- require_once PATH_RBAC . "model/Roles.php";
- $roles = new Roles();
- $rolesData = $roles->getAllRoles();
- foreach ($rolesData as $rowid => $row) {
- $oData[] = array('ROL_UID' => $row['ROL_CODE'], 'ROL_CODE' => $row['ROL_NAME']);
- }
- print(G::json_encode($oData));
- break;
- case 'getUserLogedRole':
- require_once 'classes/model/Users.php';
- $oUser = new Users();
- $aUserLog = $oUser->loadDetailed($_SESSION['USER_LOGGED']);
- print(G::json_encode(array(
- 'USR_UID' => $aUserLog['USR_UID'],
- 'USR_USERNAME' => $aUserLog['USR_USERNAME'],
- 'USR_ROLE' => $aUserLog['USR_ROLE']
- )));
- break;
- case 'languagesList':
- $Translations = new Translation();
- $langs = $Translations->getTranslationEnvironments();
- $oData[] = array('LAN_ID' => '', 'LAN_NAME' => '- ' . G::LoadTranslation('ID_NONE') . ' -');
- foreach ($langs as $lang) {
- $oData[] = array('LAN_ID' => $lang['LOCALE'],'LAN_NAME' => $lang['LANGUAGE']
- );
- }
- print(G::json_encode($oData));
- break;
- case 'saveUser':
- case 'savePersonalInfo':
- try {
- verifyCsrfToken($_POST);
- $user = new \ProcessMaker\BusinessModel\User();
- $form = $_POST;
- $permissionsToSaveData = $user->getPermissionsForEdit();
- $form = $user->checkPermissionForEdit($_SESSION['USER_LOGGED'], $permissionsToSaveData, $form);
-
- switch ($_POST['action']) {
- case 'saveUser':
- if (!$user->checkPermission($_SESSION['USER_LOGGED'], 'PM_USERS')) {
- throw new Exception(G::LoadTranslation('ID_USER_NOT_HAVE_PERMISSION', [$_SESSION['USER_LOGGED']]));
- }
- break;
- case 'savePersonalInfo':
- if (!$user->checkPermission($_SESSION['USER_LOGGED'], 'PM_USERS') &&
- !$user->checkPermission($_SESSION['USER_LOGGED'], 'PM_EDITPERSONALINFO')
- ) {
- throw new Exception(G::LoadTranslation('ID_USER_NOT_HAVE_PERMISSION', [$_SESSION['USER_LOGGED']]));
- }
- break;
- default:
- throw new Exception(G::LoadTranslation('ID_INVALID_DATA'));
- break;
- }
-
- if (array_key_exists('USR_LOGGED_NEXT_TIME', $form)) {
- $form['USR_LOGGED_NEXT_TIME'] = ($form['USR_LOGGED_NEXT_TIME']) ? 1 : 0;
- }
-
- $userUid = '';
- $auditLogType = '';
- if ($form['USR_UID'] == '') {
- $arrayUserData = $user->create($form);
- $userUid = $arrayUserData['USR_UID'];
- $auditLogType = 'INS';
- } else {
- if (array_key_exists('USR_NEW_PASS', $form) && $form['USR_NEW_PASS'] == '') {
- unset($form['USR_NEW_PASS']);
- }
-
- $result = $user->update($form['USR_UID'], $form, $_SESSION['USER_LOGGED']);
- $userUid = $form['USR_UID'];
- $arrayUserData = $user->getUserRecordByPk($userUid, [], false);
- $auditLogType = 'UPD';
- }
-
- $user->auditLog($auditLogType, array_merge(['USR_UID' => $userUid, 'USR_USERNAME' => $arrayUserData['USR_USERNAME']], $form));
- /* Saving preferences */
- $def_lang = isset($form['PREF_DEFAULT_LANG']) ? $form['PREF_DEFAULT_LANG'] : '';
- $def_menu = isset($form['PREF_DEFAULT_MENUSELECTED']) ? $form['PREF_DEFAULT_MENUSELECTED'] : '';
- $def_cases_menu = isset($form['PREF_DEFAULT_CASES_MENUSELECTED']) ? $form['PREF_DEFAULT_CASES_MENUSELECTED'] : '';
- $oConf = new Configurations();
- $aConf = array('DEFAULT_LANG' => $def_lang, 'DEFAULT_MENU' => $def_menu, 'DEFAULT_CASES_MENU' => $def_cases_menu);
- $oConf->aConfig = $aConf;
- $oConf->saveConfig('USER_PREFERENCES', '', '', $userUid);
-
- if ($user->checkPermission($userUid, 'PM_EDIT_USER_PROFILE_PHOTO')) {
- try {
- $user->uploadImage($userUid);
- } catch (Exception $e) {
- $result = new stdClass();
- $result->success = false;
- $result->fileError = true;
-
- echo G::json_encode($result);
- exit(0);
+ $data = [];
+ foreach ($locations as $row) {
+ if (($row->getISUid() != '') && ($row->getISName() != '')) {
+ $data[] = ['IS_UID' => $row->getISUid(), 'IS_NAME' => $row->getISName()];
}
}
+ print(G::json_encode($data));
+ break;
+ case 'locationList':
+ $c = new Criteria();
+ $country = $_POST['IC_UID'];
+ $state = $_POST['IS_UID'];
+ $c->add(IsoLocationPeer::IC_UID, $country, Criteria::EQUAL);
+ $c->add(IsoLocationPeer::IS_UID, $state, Criteria::EQUAL);
+ $c->addAscendingOrderByColumn(IsoLocationPeer::IL_NAME);
+ $locations = IsoLocationPeer::doSelect($c);
- if ($_SESSION['USER_LOGGED'] == $form['USR_UID']) {
- /* UPDATING SESSION VARIABLES */
- $aUser = $RBAC->userObj->load($_SESSION['USER_LOGGED']);
- $_SESSION['USR_FULLNAME'] = $aUser['USR_FIRSTNAME'] . ' ' . $aUser['USR_LASTNAME'];
+ $data = [];
+ foreach ($locations as $row) {
+ if (($row->getILUid() != '') && ($row->getILName() != '')) {
+ $data[] = ['IL_UID' => $row->getILUid(), 'IL_NAME' => $row->getILName()];
+ }
+ }
+ print(G::json_encode($data));
+ break;
+ case 'usersList':
+ $filter = (isset($_POST['filter'])) ? $_POST['filter'] : '';
+
+ $arrayUser = [];
+
+ $user = new BmUser();
+ $conf = new Configurations();
+
+ $arrayConfFormat = $conf->getFormats();
+
+ $arrayCondition = [[UsersPeer::USR_STATUS, ['ACTIVE', 'VACATION'], Criteria::IN]];
+
+ if (isset($_POST['USR_UID'])) {
+ $arrayCondition[] = [UsersPeer::USR_UID, $_POST['USR_UID'], Criteria::NOT_EQUAL];
}
- $result = new stdClass();
- $result->success = true;
- print(G::json_encode($result));
- } catch (Exception $e) {
- $result = new stdClass();
- $result->success = false;
- $result->error = $e->getMessage();
- print(G::json_encode($result));
- }
- break;
- case 'userData':
- require_once 'classes/model/Users.php';
- $_SESSION['CURRENT_USER'] = $_POST['USR_UID'];
- $oUser = new Users();
- $aFields = $oUser->loadDetailed($_POST['USR_UID']);
+ $results = $user->getUsers(['condition' => $arrayCondition, 'filter' => $filter], null, null, null, 25);
- //Load Calendar options and falue for this user
- $calendar = new Calendar();
- $calendarInfo = $calendar->getCalendarFor($_POST['USR_UID'], $_POST['USR_UID'], $_POST['USR_UID']);
- //If the function returns a DEFAULT calendar it means that this object doesn't have assigned any calendar
- $aFields['USR_CALENDAR'] = $calendarInfo['CALENDAR_APPLIED'] != 'DEFAULT' ? $calendarInfo['CALENDAR_UID'] : "";
- $aFields['CALENDAR_NAME'] = $calendarInfo['CALENDAR_NAME'];
-
- #verifying if it has any preferences on the configurations table
- $oConf = new Configurations();
- $oConf->loadConfig($x, 'USER_PREFERENCES', '', '', $aFields['USR_UID'], '');
-
- $aFields['PREF_DEFAULT_MENUSELECTED'] = '';
- $aFields['PREF_DEFAULT_CASES_MENUSELECTED'] = '';
- $aFields['PREF_DEFAULT_LANG'] = isset($oConf->aConfig['DEFAULT_LANG']) ? $oConf->aConfig['DEFAULT_LANG'] : SYS_LANG;
-
- if (isset($oConf->aConfig['DEFAULT_MENU'])) {
- $aFields['PREF_DEFAULT_MENUSELECTED'] = $oConf->aConfig['DEFAULT_MENU'];
- } else {
- switch ($RBAC->aUserInfo['PROCESSMAKER']['ROLE']['ROL_CODE']) {
- case 'PROCESSMAKER_ADMIN':
- $aFields['PREF_DEFAULT_MENUSELECTED'] = 'PM_SETUP';
- break;
- case 'PROCESSMAKER_OPERATOR':
- $aFields['PREF_DEFAULT_MENUSELECTED'] = 'PM_CASES';
- break;
+ foreach ($results['data'] as $record) {
+ $arrayUser[] = [
+ 'USR_UID' => $record['USR_UID'],
+ 'USER_FULLNAME' => G::getFormatUserList($arrayConfFormat['format'], $record)
+ ];
}
- }
- $aFields['PREF_DEFAULT_CASES_MENUSELECTED'] = isset($oConf->aConfig['DEFAULT_CASES_MENU']) ? $oConf->aConfig['DEFAULT_CASES_MENU'] : '';
-
- if ($aFields['USR_REPLACED_BY'] != '') {
+ echo G::json_encode($arrayUser);
+ break;
+ case 'availableCalendars':
+ $calendar = new Calendar();
+ $calendarObj = $calendar->getCalendarList(true, true);
+ $data = [['CALENDAR_UID' => '', 'CALENDAR_NAME' => '- ' . G::LoadTranslation('ID_NONE') . ' -']];
+ foreach ($calendarObj['array'] as $rowId => $row) {
+ if ($rowId > 0) {
+ $data[] = ['CALENDAR_UID' => $row['CALENDAR_UID'], 'CALENDAR_NAME' => $row['CALENDAR_NAME']];
+ }
+ }
+ print(G::json_encode($data));
+ break;
+ case 'rolesList':
+ $roles = new Roles();
+ $rolesData = $roles->getAllRoles();
+ $data = [];
+ foreach ($rolesData as $rowId => $row) {
+ $data[] = ['ROL_UID' => $row['ROL_CODE'], 'ROL_CODE' => $row['ROL_NAME']];
+ }
+ print(G::json_encode($data));
+ break;
+ case 'getUserLogedRole':
$user = new Users();
- $u = $user->load($aFields['USR_REPLACED_BY']);
- if ($u['USR_STATUS'] == 'CLOSED') {
- $replaced_by = '';
- $aFields['USR_REPLACED_BY'] = '';
- } else {
- $c = new Configurations();
- $arrayConfFormat = $c->getFormats();
-
- $replaced_by = G::getFormatUserList($arrayConfFormat['format'], $u);
+ $userLog = $user->loadDetailed($_SESSION['USER_LOGGED']);
+ print(G::json_encode([
+ 'USR_UID' => $userLog['USR_UID'],
+ 'USR_USERNAME' => $userLog['USR_USERNAME'],
+ 'USR_ROLE' => $userLog['USR_ROLE']
+ ]));
+ break;
+ case 'languagesList':
+ $translations = new Translation();
+ $languages = $translations->getTranslationEnvironments();
+ $data = [['LAN_ID' => '', 'LAN_NAME' => '- ' . G::LoadTranslation('ID_NONE') . ' -']];
+ foreach ($languages as $lang) {
+ $data[] = [
+ 'LAN_ID' => $lang['LOCALE'],
+ 'LAN_NAME' => $lang['LANGUAGE']
+ ];
}
- } else {
- $replaced_by = '';
- }
+ print(G::json_encode($data));
+ break;
+ case 'saveUser':
+ case 'savePersonalInfo':
+ try {
+ verifyCsrfToken($_POST);
+ $user = new BmUser();
+ $form = $_POST;
+ $permissionsToSaveData = $user->getPermissionsForEdit();
+ $form = $user->checkPermissionForEdit($_SESSION['USER_LOGGED'], $permissionsToSaveData, $form);
- $aFields['REPLACED_NAME'] = $replaced_by;
+ switch ($_POST['action']) {
+ case 'saveUser':
+ if (!$user->checkPermission($_SESSION['USER_LOGGED'], 'PM_USERS')) {
+ throw new Exception(G::LoadTranslation('ID_USER_NOT_HAVE_PERMISSION',
+ [$_SESSION['USER_LOGGED']]));
+ }
+ break;
+ case 'savePersonalInfo':
+ if (!$user->checkPermission($_SESSION['USER_LOGGED'], 'PM_USERS') &&
+ !$user->checkPermission($_SESSION['USER_LOGGED'], 'PM_EDITPERSONALINFO')
+ ) {
+ throw new Exception(G::LoadTranslation('ID_USER_NOT_HAVE_PERMISSION',
+ [$_SESSION['USER_LOGGED']]));
+ }
+ break;
+ default:
+ throw new Exception(G::LoadTranslation('ID_INVALID_DATA'));
+ break;
+ }
- $menuSelected = '';
+ if (array_key_exists('USR_LOGGED_NEXT_TIME', $form)) {
+ $form['USR_LOGGED_NEXT_TIME'] = ($form['USR_LOGGED_NEXT_TIME']) ? 1 : 0;
+ }
- if ($aFields['PREF_DEFAULT_MENUSELECTED'] != '') {
- foreach ($RBAC->aUserInfo['PROCESSMAKER']['PERMISSIONS'] as $permission) {
- if ($aFields['PREF_DEFAULT_MENUSELECTED'] == $permission['PER_CODE']) {
- switch ($permission['PER_CODE']) {
- case 'PM_USERS':
- case 'PM_SETUP':
- $menuSelected = strtoupper(G::LoadTranslation('ID_SETUP'));
- break;
- case 'PM_CASES':
- $menuSelected = strtoupper(G::LoadTranslation('ID_CASES'));
- break;
- case 'PM_FACTORY':
- $menuSelected = strtoupper(G::LoadTranslation('ID_APPLICATIONS'));
- break;
- case 'PM_DASHBOARD':
- $menuSelected = strtoupper(G::LoadTranslation('ID_DASHBOARD'));
- break;
- }
+ $userUid = '';
+ $auditLogType = '';
+ if (empty($form['USR_UID'])) {
+ $arrayUserData = $user->create($form);
+ $userUid = $arrayUserData['USR_UID'];
+ $auditLogType = 'INS';
} else {
- if ($aFields['PREF_DEFAULT_MENUSELECTED'] == 'PM_STRATEGIC_DASHBOARD') {
- $menuSelected = strtoupper(G::LoadTranslation('ID_STRATEGIC_DASHBOARD'));
+ if (array_key_exists('USR_NEW_PASS', $form) && $form['USR_NEW_PASS'] == '') {
+ unset($form['USR_NEW_PASS']);
+ }
+
+ $results = $user->update($form['USR_UID'], $form, $_SESSION['USER_LOGGED']);
+ $userUid = $form['USR_UID'];
+ $arrayUserData = $user->getUserRecordByPk($userUid, [], false);
+ $auditLogType = 'UPD';
+ }
+
+ $user->auditLog($auditLogType,
+ array_merge(['USR_UID' => $userUid, 'USR_USERNAME' => $arrayUserData['USR_USERNAME']], $form));
+ /* Saving preferences */
+ $def_lang = isset($form['PREF_DEFAULT_LANG']) ? $form['PREF_DEFAULT_LANG'] : '';
+ $def_menu = isset($form['PREF_DEFAULT_MENUSELECTED']) ? $form['PREF_DEFAULT_MENUSELECTED'] : '';
+ $def_cases_menu = isset($form['PREF_DEFAULT_CASES_MENUSELECTED']) ? $form['PREF_DEFAULT_CASES_MENUSELECTED'] : '';
+ $configuration = new Configurations();
+ $configuration->aConfig = [
+ 'DEFAULT_LANG' => $def_lang,
+ 'DEFAULT_MENU' => $def_menu,
+ 'DEFAULT_CASES_MENU' => $def_cases_menu
+ ];
+ $configuration->saveConfig('USER_PREFERENCES', '', '', $userUid);
+
+ if ($user->checkPermission($userUid, 'PM_EDIT_USER_PROFILE_PHOTO')) {
+ try {
+ $user->uploadImage($userUid);
+ } catch (Exception $e) {
+ $result->success = false;
+ $result->fileError = true;
+
+ echo G::json_encode($result);
+ exit(0);
+ }
+ }
+
+ if ($_SESSION['USER_LOGGED'] == $form['USR_UID']) {
+ /* UPDATING SESSION VARIABLES */
+ $userInfo = $RBAC->userObj->load($_SESSION['USER_LOGGED']);
+ $_SESSION['USR_FULLNAME'] = $userInfo['USR_FIRSTNAME'] . ' ' . $userInfo['USR_LASTNAME'];
+ }
+
+ $result->success = true;
+ print(G::json_encode($result));
+ } catch (Exception $e) {
+ $result->success = false;
+ $result->error = $e->getMessage();
+ print(G::json_encode($result));
+ }
+ break;
+ case 'userData':
+ // Check if the user logged has the correct permission
+ if (($_POST['USR_UID'] !== $_SESSION['USER_LOGGED']) && ($RBAC->userCanAccess('PM_USERS') !== 1)) {
+ throw new Exception(G::LoadTranslation('ID_USER_NOT_HAVE_PERMISSION', [$_SESSION['USER_LOGGED']]));
+ }
+
+ $_SESSION['CURRENT_USER'] = $_POST['USR_UID'];
+ $user = new Users();
+ $fields = $user->loadDetailed($_POST['USR_UID']);
+
+ //Load Calendar options and falue for this user
+ $calendar = new Calendar();
+ $calendarInfo = $calendar->getCalendarFor($_POST['USR_UID'], $_POST['USR_UID'], $_POST['USR_UID']);
+ //If the function returns a DEFAULT calendar it means that this object doesn't have assigned any calendar
+ $fields['USR_CALENDAR'] = $calendarInfo['CALENDAR_APPLIED'] != 'DEFAULT' ? $calendarInfo['CALENDAR_UID'] : "";
+ $fields['CALENDAR_NAME'] = $calendarInfo['CALENDAR_NAME'];
+
+ //verifying if it has any preferences on the configurations table
+ $configuration = new Configurations();
+ $configuration->loadConfig($x, 'USER_PREFERENCES', '', '', $fields['USR_UID'], '');
+
+ $fields['PREF_DEFAULT_MENUSELECTED'] = '';
+ $fields['PREF_DEFAULT_CASES_MENUSELECTED'] = '';
+ $fields['PREF_DEFAULT_LANG'] = isset($configuration->aConfig['DEFAULT_LANG']) ? $configuration->aConfig['DEFAULT_LANG'] : SYS_LANG;
+
+ if (isset($configuration->aConfig['DEFAULT_MENU'])) {
+ $fields['PREF_DEFAULT_MENUSELECTED'] = $configuration->aConfig['DEFAULT_MENU'];
+ } else {
+ switch ($RBAC->aUserInfo['PROCESSMAKER']['ROLE']['ROL_CODE']) {
+ case 'PROCESSMAKER_ADMIN':
+ $fields['PREF_DEFAULT_MENUSELECTED'] = 'PM_SETUP';
+ break;
+ case 'PROCESSMAKER_OPERATOR':
+ $fields['PREF_DEFAULT_MENUSELECTED'] = 'PM_CASES';
+ break;
+ }
+ }
+
+ $fields['PREF_DEFAULT_CASES_MENUSELECTED'] = isset($configuration->aConfig['DEFAULT_CASES_MENU']) ? $configuration->aConfig['DEFAULT_CASES_MENU'] : '';
+
+ if ($fields['USR_REPLACED_BY'] != '') {
+ $user = new Users();
+ $u = $user->load($fields['USR_REPLACED_BY']);
+ if ($u['USR_STATUS'] == 'CLOSED') {
+ $replaced_by = '';
+ $fields['USR_REPLACED_BY'] = '';
+ } else {
+ $c = new Configurations();
+ $arrayConfFormat = $c->getFormats();
+
+ $replaced_by = G::getFormatUserList($arrayConfFormat['format'], $u);
+ }
+ } else {
+ $replaced_by = '';
+ }
+
+ $fields['REPLACED_NAME'] = $replaced_by;
+
+ $menuSelected = '';
+
+ if ($fields['PREF_DEFAULT_MENUSELECTED'] != '') {
+ foreach ($RBAC->aUserInfo['PROCESSMAKER']['PERMISSIONS'] as $permission) {
+ if ($fields['PREF_DEFAULT_MENUSELECTED'] == $permission['PER_CODE']) {
+ switch ($permission['PER_CODE']) {
+ case 'PM_USERS':
+ case 'PM_SETUP':
+ $menuSelected = strtoupper(G::LoadTranslation('ID_SETUP'));
+ break;
+ case 'PM_CASES':
+ $menuSelected = strtoupper(G::LoadTranslation('ID_CASES'));
+ break;
+ case 'PM_FACTORY':
+ $menuSelected = strtoupper(G::LoadTranslation('ID_APPLICATIONS'));
+ break;
+ case 'PM_DASHBOARD':
+ $menuSelected = strtoupper(G::LoadTranslation('ID_DASHBOARD'));
+ break;
+ }
+ } else {
+ if ($fields['PREF_DEFAULT_MENUSELECTED'] == 'PM_STRATEGIC_DASHBOARD') {
+ $menuSelected = strtoupper(G::LoadTranslation('ID_STRATEGIC_DASHBOARD'));
+ }
}
}
}
- }
- $aFields['MENUSELECTED_NAME'] = $menuSelected;
+ $fields['MENUSELECTED_NAME'] = $menuSelected;
- $oMenu = new Menu();
- $oMenu->load('cases');
- $casesMenuSelected = '';
+ $menu = new Menu();
+ $menu->load('cases');
+ $casesMenuSelected = '';
- if ($aFields['PREF_DEFAULT_CASES_MENUSELECTED'] != '') {
- foreach ($oMenu->Id as $i => $item) {
- if ($aFields['PREF_DEFAULT_CASES_MENUSELECTED'] == $item) {
- $casesMenuSelected = $oMenu->Labels[$i];
+ if ($fields['PREF_DEFAULT_CASES_MENUSELECTED'] != '') {
+ foreach ($menu->Id as $i => $item) {
+ if ($fields['PREF_DEFAULT_CASES_MENUSELECTED'] == $item) {
+ $casesMenuSelected = $menu->Labels[$i];
+ }
}
}
- }
- require_once 'classes/model/Users.php';
- $oUser = new Users();
- $aUserLog = $oUser->loadDetailed($_SESSION['USER_LOGGED']);
- $aFields['USER_LOGGED_NAME'] = $aUserLog['USR_USERNAME'];
- $aFields['USER_LOGGED_ROLE'] = $aUserLog['USR_ROLE'];
+ $user = new Users();
+ $userLog = $user->loadDetailed($_SESSION['USER_LOGGED']);
+ $fields['USER_LOGGED_NAME'] = $userLog['USR_USERNAME'];
+ $fields['USER_LOGGED_ROLE'] = $userLog['USR_ROLE'];
- $aFields['CASES_MENUSELECTED_NAME'] = $casesMenuSelected;
+ $fields['CASES_MENUSELECTED_NAME'] = $casesMenuSelected;
- require_once 'classes/model/UsersProperties.php';
- $oUserProperty = new UsersProperties();
- $aUserProperty = $oUserProperty->loadOrCreateIfNotExists($aFields['USR_UID'], array('USR_PASSWORD_HISTORY' => serialize(array($oUser->getUsrPassword()))));
- $aFields['USR_LOGGED_NEXT_TIME'] = $aUserProperty['USR_LOGGED_NEXT_TIME'];
+ $userProperties = new UsersProperties();
+ $properties = $userProperties->loadOrCreateIfNotExists($fields['USR_UID'],
+ ['USR_PASSWORD_HISTORY' => serialize([$user->getUsrPassword()])]);
+ $fields['USR_LOGGED_NEXT_TIME'] = $properties['USR_LOGGED_NEXT_TIME'];
- if (array_key_exists('USR_PASSWORD', $aFields)) {
- unset($aFields['USR_PASSWORD']);
- }
-
- $userPermissions = new \ProcessMaker\BusinessModel\User();
- $permissions = $userPermissions->loadDetailedPermissions($aFields);
-
- $result->success = true;
- $result->user = $aFields;
- $result->permission = $permissions;
-
- print(G::json_encode($result));
- break;
- case 'defaultMainMenuOptionList':
- foreach ($RBAC->aUserInfo['PROCESSMAKER']['PERMISSIONS'] as $permission) {
- switch ($permission['PER_CODE']) {
- case 'PM_USERS':
- case 'PM_SETUP':
- $rows[] = array('id' => 'PM_SETUP', 'name' => strtoupper(G::LoadTranslation('ID_SETUP'))
- );
- break;
- case 'PM_CASES':
- $rows[] = array('id' => 'PM_CASES', 'name' => strtoupper(G::LoadTranslation('ID_CASES'))
- );
- break;
- case 'PM_FACTORY':
- $rows[] = array('id' => 'PM_FACTORY', 'name' => strtoupper(G::LoadTranslation('ID_APPLICATIONS'))
- );
- break;
- case 'PM_DASHBOARD':
- $rows[] = array('id' => 'PM_DASHBOARD', 'name' => strtoupper(G::LoadTranslation('ID_DASHBOARD'))
- );
- /*----------------------------------********---------------------------------*/
- // NEW DASHBOARD MODULE
- $licensedFeatures = PMLicensedFeatures::getSingleton();
- if ($licensedFeatures->verifyfeature('r19Vm5DK1UrT09MenlLYjZxejlhNUZ1b1NhV0JHWjBsZEJ6dnpJa3dTeWVLVT0=')) {
- $rows[] = array('id' => 'PM_STRATEGIC_DASHBOARD', 'name' => strtoupper(G::LoadTranslation('ID_STRATEGIC_DASHBOARD'))
- );
- }
- /*----------------------------------********---------------------------------*/
- break;
+ if (array_key_exists('USR_PASSWORD', $fields)) {
+ unset($fields['USR_PASSWORD']);
}
- }
- print(G::json_encode($rows));
- break;
- case 'defaultCasesMenuOptionList':
- $oMenu = new Menu();
- $oMenu->load('cases');
+ $userPermissions = new BmUser();
+ $permissions = $userPermissions->loadDetailedPermissions($fields);
- foreach ($oMenu->Id as $i => $item) {
- if ($oMenu->Types[$i] != 'blockHeader') {
- $rowsCasesMenu[] = array('id' => $item, 'name' => $oMenu->Labels[$i]);
+ $result->success = true;
+ $result->user = $fields;
+ $result->permission = $permissions;
+
+ print(G::json_encode($result));
+ break;
+ case 'defaultMainMenuOptionList':
+ $rows = [];
+ foreach ($RBAC->aUserInfo['PROCESSMAKER']['PERMISSIONS'] as $permission) {
+ switch ($permission['PER_CODE']) {
+ case 'PM_USERS':
+ case 'PM_SETUP':
+ $rows[] = [
+ 'id' => 'PM_SETUP',
+ 'name' => strtoupper(G::LoadTranslation('ID_SETUP'))
+ ];
+ break;
+ case 'PM_CASES':
+ $rows[] = [
+ 'id' => 'PM_CASES',
+ 'name' => strtoupper(G::LoadTranslation('ID_CASES'))
+ ];
+ break;
+ case 'PM_FACTORY':
+ $rows[] = [
+ 'id' => 'PM_FACTORY',
+ 'name' => strtoupper(G::LoadTranslation('ID_APPLICATIONS'))
+ ];
+ break;
+ case 'PM_DASHBOARD':
+ $rows[] = [
+ 'id' => 'PM_DASHBOARD',
+ 'name' => strtoupper(G::LoadTranslation('ID_DASHBOARD'))
+ ];
+ /*----------------------------------********---------------------------------*/
+ // NEW DASHBOARD MODULE
+ $licensedFeatures = PMLicensedFeatures::getSingleton();
+ if ($licensedFeatures->verifyfeature('r19Vm5DK1UrT09MenlLYjZxejlhNUZ1b1NhV0JHWjBsZEJ6dnpJa3dTeWVLVT0=')) {
+ $rows[] = [
+ 'id' => 'PM_STRATEGIC_DASHBOARD',
+ 'name' => strtoupper(G::LoadTranslation('ID_STRATEGIC_DASHBOARD'))
+ ];
+ }
+ /*----------------------------------********---------------------------------*/
+ break;
+ }
}
- }
- print(G::json_encode($rowsCasesMenu));
- break;
- case 'testPassword':
- require_once 'classes/model/UsersProperties.php';
- $userProperty = new UsersProperties();
+ print(G::json_encode($rows));
+ break;
+ case 'defaultCasesMenuOptionList':
+ $menu = new Menu();
+ $menu->load('cases');
- $fields = [];
- $color = '';
- $img = '';
- $dateNow = date('Y-m-d H:i:s');
- $errorInPassword = $userProperty->validatePassword($_POST['PASSWORD_TEXT'], $dateNow, 0);
-
- if (!empty($errorInPassword)) {
- $img = '/images/delete.png';
- $color = 'red';
- if (!defined('NO_DISPLAY_USERNAME')) {
- define('NO_DISPLAY_USERNAME', 1);
+ foreach ($menu->Id as $i => $item) {
+ if ($menu->Types[$i] != 'blockHeader') {
+ $rowsCasesMenu[] = ['id' => $item, 'name' => $menu->Labels[$i]];
+ }
}
- $fields = $userProperty->getMessageValidatePassword($errorInPassword);
- $fields['STATUS'] = false;
- } else {
- $color = 'green';
- $img = '/images/dialog-ok-apply.png';
- $fields['DESCRIPTION'] = G::LoadTranslation('ID_PASSWORD_COMPLIES_POLICIES') . '';
- $fields['STATUS'] = true;
- }
- $span = '';
- $gif = '
';
- $fields['DESCRIPTION'] = $span . $gif . $fields['DESCRIPTION'];
- print(G::json_encode($fields));
- break;
- case 'testUsername':
- require_once 'classes/model/Users.php';
- $_POST['NEW_USERNAME'] = trim($_POST['NEW_USERNAME']);
- $USR_UID = isset($_POST['USR_UID']) ? $_POST['USR_UID'] : '';
+ print(G::json_encode($rowsCasesMenu));
+ break;
+ case 'testPassword':
+ $userProperty = new UsersProperties();
- $response = array("success" => true);
+ $fields = [];
+ $color = '';
+ $img = '';
+ $dateNow = date('Y-m-d H:i:s');
+ $errorInPassword = $userProperty->validatePassword($_POST['PASSWORD_TEXT'], $dateNow, 0);
- $oCriteria = new Criteria();
- $oCriteria->addSelectColumn(UsersPeer::USR_USERNAME);
+ if (!empty($errorInPassword)) {
+ $img = '/images/delete.png';
+ $color = 'red';
+ if (!defined('NO_DISPLAY_USERNAME')) {
+ define('NO_DISPLAY_USERNAME', 1);
+ }
+ $fields = $userProperty->getMessageValidatePassword($errorInPassword);
+ $fields['STATUS'] = false;
+ } else {
+ $color = 'green';
+ $img = '/images/dialog-ok-apply.png';
+ $fields['DESCRIPTION'] = G::LoadTranslation('ID_PASSWORD_COMPLIES_POLICIES') . '';
+ $fields['STATUS'] = true;
+ }
+ $span = '';
+ $gif = '';
+ $fields['DESCRIPTION'] = $span . $gif . $fields['DESCRIPTION'];
+ print(G::json_encode($fields));
+ break;
+ case 'testUsername':
+ $_POST['NEW_USERNAME'] = trim($_POST['NEW_USERNAME']);
+ $usrUid = isset($_POST['USR_UID']) ? $_POST['USR_UID'] : '';
- $oCriteria->add(UsersPeer::USR_USERNAME, utf8_encode($_POST['NEW_USERNAME']));
- if ($USR_UID != '') {
- $oCriteria->add(UsersPeer::USR_UID, array($_POST['USR_UID']), Criteria::NOT_IN);
- }
- $oDataset = UsersPeer::doSelectRS($oCriteria);
- $oDataset->setFetchmode(ResultSet::FETCHMODE_ASSOC);
- $oDataset->next();
- $aRow = $oDataset->getRow();
+ $response = ["success" => true];
- if (is_array($aRow) || $_POST['NEW_USERNAME'] == '') {
- $color = 'red';
- $img = '/images/delete.png';
- $dataVar['USER_ID'] = $_POST['NEW_USERNAME'];
- $text = G::LoadTranslation('ID_USERNAME_ALREADY_EXISTS', $dataVar);
- $text = ($_POST['NEW_USERNAME'] == '') ? G::LoadTranslation('ID_MSG_ERROR_USR_USERNAME') : $text;
- $response['exists'] = true;
- } else {
- $color = 'green';
- $img = '/images/dialog-ok-apply.png';
- $text = G::LoadTranslation('ID_USERNAME_CORRECT');
- $response['exists'] = false;
- }
+ $criteria = new Criteria();
+ $criteria->addSelectColumn(UsersPeer::USR_USERNAME);
- $span = '';
- $gif = '';
- $response['descriptionText'] = $span . $gif . $text . '';
- echo G::json_encode($response);
- break;
- case "passwordValidate":
- $messageResultLogin = "";
- $password = $_POST["password"];
- $resultLogin = $RBAC->VerifyLogin($_SESSION["USR_USERNAME"], $password);
+ $criteria->add(UsersPeer::USR_USERNAME, utf8_encode($_POST['NEW_USERNAME']));
+ if ($usrUid != '') {
+ $criteria->add(UsersPeer::USR_UID, [$_POST['USR_UID']], Criteria::NOT_IN);
+ }
+ $dataSet = UsersPeer::doSelectRS($criteria);
+ $dataSet->setFetchmode(ResultSet::FETCHMODE_ASSOC);
+ $dataSet->next();
+ $row = $dataSet->getRow();
- if ($resultLogin == $_SESSION["USER_LOGGED"]) {
- $messageResultLogin = "OK";
- } else {
- $messageResultLogin = "ERROR";
- }
+ if (is_array($row) || $_POST['NEW_USERNAME'] == '') {
+ $color = 'red';
+ $img = '/images/delete.png';
+ $dataVar = ['USER_ID' => $_POST['NEW_USERNAME']];
+ $text = G::LoadTranslation('ID_USERNAME_ALREADY_EXISTS', $dataVar);
+ $text = ($_POST['NEW_USERNAME'] == '') ? G::LoadTranslation('ID_MSG_ERROR_USR_USERNAME') : $text;
+ $response['exists'] = true;
+ } else {
+ $color = 'green';
+ $img = '/images/dialog-ok-apply.png';
+ $text = G::LoadTranslation('ID_USERNAME_CORRECT');
+ $response['exists'] = false;
+ }
- $response = array();
- $response["result"] = $messageResultLogin;
- echo G::json_encode($response);
- break;
+ $span = '';
+ $gif = '';
+ $response['descriptionText'] = $span . $gif . $text . '';
+ echo G::json_encode($response);
+ break;
+ case "passwordValidate":
+ $messageResultLogin = "";
+ $password = $_POST["password"];
+ $resultLogin = $RBAC->VerifyLogin($_SESSION["USR_USERNAME"], $password);
+
+ if ($resultLogin == $_SESSION["USER_LOGGED"]) {
+ $messageResultLogin = "OK";
+ } else {
+ $messageResultLogin = "ERROR";
+ }
+
+ $response = [];
+ $response["result"] = $messageResultLogin;
+ echo G::json_encode($response);
+ break;
+ }
+} catch (Exception $e) {
+ $result->success = false;
+ $result->error = $e->getMessage();
+ echo G::json_encode($result);
}