fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

PMC-1409

Browse Source
This commit is contained in:
Julio Cesar Laura Avendaño
2019-12-12 15:41:18 -04:00
parent 9e8728499f
commit 0fe00e718a
2 changed files with 454 additions and 407 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
gulliver/system/class.rbac.php
View File

@@ -211,6 +211,24 @@ class RBAC
'showDynaformListHistory' => ['PM_CASES'], 'showDynaformListHistory' => ['PM_CASES'],
'dynaformChangeLogViewHistory' => ['PM_CASES'], 'dynaformChangeLogViewHistory' => ['PM_CASES'],
'historyDynaformGridPreview' => ['PM_CASES'], 'historyDynaformGridPreview' => ['PM_CASES'],
],
'usersAjax.php' => [
'countryList' => ['PM_LOGIN'],
'stateList' => ['PM_LOGIN'],
'locationList' => ['PM_LOGIN'],
'usersList' => ['PM_USERS,PM_EDIT_USER_PROFILE_REPLACED_BY'],
'availableCalendars' => ['PM_LOGIN'],
'rolesList' => ['PM_LOGIN'],
'getUserLogedRole' => ['PM_USERS,PM_EDIT_USER_PROFILE_PASSWORD'],
'languagesList' => ['PM_LOGIN'],
'saveUser' => [], // This action is validated with custom logic in the same page
'savePersonalInfo' => [], // This action is validated with custom logic in the same page
'userData' => [], // This action is validated with custom logic in the same page
'defaultMainMenuOptionList' => ['PM_LOGIN'],
'defaultCasesMenuOptionList' => ['PM_LOGIN'],
'testPassword' => ['PM_USERS,PM_EDIT_USER_PROFILE_PASSWORD'],
'testUsername' => ['PM_USERS,PM_EDIT_USER_PROFILE_USERNAME'],
'passwordValidate' => ['PM_USERS,PM_EDIT_USER_PROFILE_PASSWORD'],
] ]
]; ];
$this->aliasPermissions['PM_CASES'] = [self::PM_GUEST_CASE]; $this->aliasPermissions['PM_CASES'] = [self::PM_GUEST_CASE];

843
workflow/engine/methods/users/usersAjax.php
View File

@@ -1,5 +1,8 @@
<?php <?php
use ProcessMaker\BusinessModel\User as BmUser;
// Sanitizing the values sent in the global variables
$filter = new InputFilter(); $filter = new InputFilter();
$_POST = $filter->xssFilterHard($_POST); $_POST = $filter->xssFilterHard($_POST);
if (isset($_SESSION['USER_LOGGED'])) { if (isset($_SESSION['USER_LOGGED'])) {
@@ -9,456 +12,482 @@ if (isset($_SESSION['USR_USERNAME'])) {
$_SESSION['USR_USERNAME'] = $filter->xssFilterHard($_SESSION['USR_USERNAME']); $_SESSION['USR_USERNAME'] = $filter->xssFilterHard($_SESSION['USR_USERNAME']);
} }
global $RBAC; // Initializing variables
$action = $_POST['action'];
$result = new StdClass(); $result = new StdClass();
switch ($_POST['action']) { // Try to execute the requested action
case 'countryList': try {
require_once("classes/model/IsoCountry.php"); // Checking access permissions for the current action
$c = new Criteria(); global $RBAC;
$c->add(IsoCountryPeer::IC_UID, null, Criteria::ISNOTNULL); $RBAC->allows(basename(__FILE__), $action);
$c->addAscendingOrderByColumn(IsoCountryPeer::IC_NAME);
$countries = IsoCountryPeer::doSelect($c); // Executing the action
foreach ($countries as $rowid => $row) { switch ($action) {
$oData[] = array('IC_UID' => $row->getICUid(), 'IC_NAME' => $row->getICName()); case 'countryList':
} $c = new Criteria();
print(G::json_encode($oData)); $c->add(IsoCountryPeer::IC_UID, null, Criteria::ISNOTNULL);
break; $c->addAscendingOrderByColumn(IsoCountryPeer::IC_NAME);
case 'stateList': $countries = IsoCountryPeer::doSelect($c);
require_once("classes/model/IsoSubdivision.php");
$c = new Criteria();
$country = $_POST['IC_UID'];
$c->add(IsoSubdivisionPeer::IC_UID, $country, Criteria::EQUAL);
$c->addAscendingOrderByColumn(IsoSubdivisionPeer::IS_NAME);
$locations = IsoSubdivisionPeer::doSelect($c);
$oData = array(); $data = [];
foreach ($locations as $rowid => $row) { foreach ($countries as $row) {
if (($row->getISUid() != '') && ($row->getISName() != '')) { $data[] = ['IC_UID' => $row->getICUid(), 'IC_NAME' => $row->getICName()];
$oData[] = array('IS_UID' => $row->getISUid(), 'IS_NAME' => $row->getISName());
} }
} print(G::json_encode($data));
print(G::json_encode($oData)); break;
break; case 'stateList':
case 'locationList': $c = new Criteria();
require_once("classes/model/IsoLocation.php"); $country = $_POST['IC_UID'];
$c = new Criteria(); $c->add(IsoSubdivisionPeer::IC_UID, $country, Criteria::EQUAL);
$country = $_POST['IC_UID']; $c->addAscendingOrderByColumn(IsoSubdivisionPeer::IS_NAME);
$state = $_POST['IS_UID']; $locations = IsoSubdivisionPeer::doSelect($c);
$c->add(IsoLocationPeer::IC_UID, $country, Criteria::EQUAL);
$c->add(IsoLocationPeer::IS_UID, $state, Criteria::EQUAL);
$c->addAscendingOrderByColumn(IsoLocationPeer::IL_NAME);
$locations = IsoLocationPeer::doSelect($c);
$oData = array(); $data = [];
foreach ($locations as $rowid => $row) { foreach ($locations as $row) {
if (($row->getILUid() != '') && ($row->getILName() != '')) { if (($row->getISUid() != '') && ($row->getISName() != '')) {
$oData[] = array('IL_UID' => $row->getILUid(), 'IL_NAME' => $row->getILName()); $data[] = ['IS_UID' => $row->getISUid(), 'IS_NAME' => $row->getISName()];
}
}
print(G::json_encode($oData));
break;
case 'usersList':
$filter = (isset($_POST['filter']))? $_POST['filter'] : '';
$arrayUser = [];
$user = new \ProcessMaker\BusinessModel\User();
$conf = new Configurations();
$arrayConfFormat = $conf->getFormats();
$arrayCondition = [[UsersPeer::USR_STATUS, ['ACTIVE', 'VACATION'], Criteria::IN]];
if (isset($_POST['USR_UID'])) {
$arrayCondition[] = [UsersPeer::USR_UID, $_POST['USR_UID'], Criteria::NOT_EQUAL];
}
$result = $user->getUsers(['condition' => $arrayCondition, 'filter' => $filter], null, null, null, 25);
foreach ($result['data'] as $record) {
$arrayUser[] = [
'USR_UID' => $record['USR_UID'],
'USER_FULLNAME' => G::getFormatUserList($arrayConfFormat['format'], $record)
];
}
echo G::json_encode($arrayUser);
break;
case 'availableCalendars':
$calendar = new Calendar();
$calendarObj = $calendar->getCalendarList(true, true);
$oData[] = array('CALENDAR_UID' => '', 'CALENDAR_NAME' => '- ' . G::LoadTranslation('ID_NONE') . ' -');
foreach ($calendarObj['array'] as $rowid => $row) {
if ($rowid > 0) {
$oData[] = array('CALENDAR_UID' => $row['CALENDAR_UID'], 'CALENDAR_NAME' => $row['CALENDAR_NAME']);
}
}
print(G::json_encode($oData));
break;
case 'rolesList':
require_once PATH_RBAC . "model/Roles.php";
$roles = new Roles();
$rolesData = $roles->getAllRoles();
foreach ($rolesData as $rowid => $row) {
$oData[] = array('ROL_UID' => $row['ROL_CODE'], 'ROL_CODE' => $row['ROL_NAME']);
}
print(G::json_encode($oData));
break;
case 'getUserLogedRole':
require_once 'classes/model/Users.php';
$oUser = new Users();
$aUserLog = $oUser->loadDetailed($_SESSION['USER_LOGGED']);
print(G::json_encode(array(
'USR_UID' => $aUserLog['USR_UID'],
'USR_USERNAME' => $aUserLog['USR_USERNAME'],
'USR_ROLE' => $aUserLog['USR_ROLE']
)));
break;
case 'languagesList':
$Translations = new Translation();
$langs = $Translations->getTranslationEnvironments();
$oData[] = array('LAN_ID' => '', 'LAN_NAME' => '- ' . G::LoadTranslation('ID_NONE') . ' -');
foreach ($langs as $lang) {
$oData[] = array('LAN_ID' => $lang['LOCALE'],'LAN_NAME' => $lang['LANGUAGE']
);
}
print(G::json_encode($oData));
break;
case 'saveUser':
case 'savePersonalInfo':
try {
verifyCsrfToken($_POST);
$user = new \ProcessMaker\BusinessModel\User();
$form = $_POST;
$permissionsToSaveData = $user->getPermissionsForEdit();
$form = $user->checkPermissionForEdit($_SESSION['USER_LOGGED'], $permissionsToSaveData, $form);
switch ($_POST['action']) {
case 'saveUser':
if (!$user->checkPermission($_SESSION['USER_LOGGED'], 'PM_USERS')) {
throw new Exception(G::LoadTranslation('ID_USER_NOT_HAVE_PERMISSION', [$_SESSION['USER_LOGGED']]));
}
break;
case 'savePersonalInfo':
if (!$user->checkPermission($_SESSION['USER_LOGGED'], 'PM_USERS') &&
!$user->checkPermission($_SESSION['USER_LOGGED'], 'PM_EDITPERSONALINFO')
) {
throw new Exception(G::LoadTranslation('ID_USER_NOT_HAVE_PERMISSION', [$_SESSION['USER_LOGGED']]));
}
break;
default:
throw new Exception(G::LoadTranslation('ID_INVALID_DATA'));
break;
}
if (array_key_exists('USR_LOGGED_NEXT_TIME', $form)) {
$form['USR_LOGGED_NEXT_TIME'] = ($form['USR_LOGGED_NEXT_TIME']) ? 1 : 0;
}
$userUid = '';
$auditLogType = '';
if ($form['USR_UID'] == '') {
$arrayUserData = $user->create($form);
$userUid = $arrayUserData['USR_UID'];
$auditLogType = 'INS';
} else {
if (array_key_exists('USR_NEW_PASS', $form) && $form['USR_NEW_PASS'] == '') {
unset($form['USR_NEW_PASS']);
}
$result = $user->update($form['USR_UID'], $form, $_SESSION['USER_LOGGED']);
$userUid = $form['USR_UID'];
$arrayUserData = $user->getUserRecordByPk($userUid, [], false);
$auditLogType = 'UPD';
}
$user->auditLog($auditLogType, array_merge(['USR_UID' => $userUid, 'USR_USERNAME' => $arrayUserData['USR_USERNAME']], $form));
/* Saving preferences */
$def_lang = isset($form['PREF_DEFAULT_LANG']) ? $form['PREF_DEFAULT_LANG'] : '';
$def_menu = isset($form['PREF_DEFAULT_MENUSELECTED']) ? $form['PREF_DEFAULT_MENUSELECTED'] : '';
$def_cases_menu = isset($form['PREF_DEFAULT_CASES_MENUSELECTED']) ? $form['PREF_DEFAULT_CASES_MENUSELECTED'] : '';
$oConf = new Configurations();
$aConf = array('DEFAULT_LANG' => $def_lang, 'DEFAULT_MENU' => $def_menu, 'DEFAULT_CASES_MENU' => $def_cases_menu);
$oConf->aConfig = $aConf;
$oConf->saveConfig('USER_PREFERENCES', '', '', $userUid);
if ($user->checkPermission($userUid, 'PM_EDIT_USER_PROFILE_PHOTO')) {
try {
$user->uploadImage($userUid);
} catch (Exception $e) {
$result = new stdClass();
$result->success = false;
$result->fileError = true;
echo G::json_encode($result);
exit(0);
} }
} }
print(G::json_encode($data));
break;
case 'locationList':
$c = new Criteria();
$country = $_POST['IC_UID'];
$state = $_POST['IS_UID'];
$c->add(IsoLocationPeer::IC_UID, $country, Criteria::EQUAL);
$c->add(IsoLocationPeer::IS_UID, $state, Criteria::EQUAL);
$c->addAscendingOrderByColumn(IsoLocationPeer::IL_NAME);
$locations = IsoLocationPeer::doSelect($c);
if ($_SESSION['USER_LOGGED'] == $form['USR_UID']) { $data = [];
/* UPDATING SESSION VARIABLES */ foreach ($locations as $row) {
$aUser = $RBAC->userObj->load($_SESSION['USER_LOGGED']); if (($row->getILUid() != '') && ($row->getILName() != '')) {
$_SESSION['USR_FULLNAME'] = $aUser['USR_FIRSTNAME'] . ' ' . $aUser['USR_LASTNAME']; $data[] = ['IL_UID' => $row->getILUid(), 'IL_NAME' => $row->getILName()];
}
}
print(G::json_encode($data));
break;
case 'usersList':
$filter = (isset($_POST['filter'])) ? $_POST['filter'] : '';
$arrayUser = [];
$user = new BmUser();
$conf = new Configurations();
$arrayConfFormat = $conf->getFormats();
$arrayCondition = [[UsersPeer::USR_STATUS, ['ACTIVE', 'VACATION'], Criteria::IN]];
if (isset($_POST['USR_UID'])) {
$arrayCondition[] = [UsersPeer::USR_UID, $_POST['USR_UID'], Criteria::NOT_EQUAL];
} }
$result = new stdClass(); $results = $user->getUsers(['condition' => $arrayCondition, 'filter' => $filter], null, null, null, 25);
$result->success = true;
print(G::json_encode($result));
} catch (Exception $e) {
$result = new stdClass();
$result->success = false;
$result->error = $e->getMessage();
print(G::json_encode($result));
}
break;
case 'userData':
require_once 'classes/model/Users.php';
$_SESSION['CURRENT_USER'] = $_POST['USR_UID'];
$oUser = new Users();
$aFields = $oUser->loadDetailed($_POST['USR_UID']);
//Load Calendar options and falue for this user foreach ($results['data'] as $record) {
$calendar = new Calendar(); $arrayUser[] = [
$calendarInfo = $calendar->getCalendarFor($_POST['USR_UID'], $_POST['USR_UID'], $_POST['USR_UID']); 'USR_UID' => $record['USR_UID'],
//If the function returns a DEFAULT calendar it means that this object doesn't have assigned any calendar 'USER_FULLNAME' => G::getFormatUserList($arrayConfFormat['format'], $record)
$aFields['USR_CALENDAR'] = $calendarInfo['CALENDAR_APPLIED'] != 'DEFAULT' ? $calendarInfo['CALENDAR_UID'] : ""; ];
$aFields['CALENDAR_NAME'] = $calendarInfo['CALENDAR_NAME'];
#verifying if it has any preferences on the configurations table
$oConf = new Configurations();
$oConf->loadConfig($x, 'USER_PREFERENCES', '', '', $aFields['USR_UID'], '');
$aFields['PREF_DEFAULT_MENUSELECTED'] = '';
$aFields['PREF_DEFAULT_CASES_MENUSELECTED'] = '';
$aFields['PREF_DEFAULT_LANG'] = isset($oConf->aConfig['DEFAULT_LANG']) ? $oConf->aConfig['DEFAULT_LANG'] : SYS_LANG;
if (isset($oConf->aConfig['DEFAULT_MENU'])) {
$aFields['PREF_DEFAULT_MENUSELECTED'] = $oConf->aConfig['DEFAULT_MENU'];
} else {
switch ($RBAC->aUserInfo['PROCESSMAKER']['ROLE']['ROL_CODE']) {
case 'PROCESSMAKER_ADMIN':
$aFields['PREF_DEFAULT_MENUSELECTED'] = 'PM_SETUP';
break;
case 'PROCESSMAKER_OPERATOR':
$aFields['PREF_DEFAULT_MENUSELECTED'] = 'PM_CASES';
break;
} }
}
$aFields['PREF_DEFAULT_CASES_MENUSELECTED'] = isset($oConf->aConfig['DEFAULT_CASES_MENU']) ? $oConf->aConfig['DEFAULT_CASES_MENU'] : ''; echo G::json_encode($arrayUser);
break;
if ($aFields['USR_REPLACED_BY'] != '') { case 'availableCalendars':
$calendar = new Calendar();
$calendarObj = $calendar->getCalendarList(true, true);
$data = [['CALENDAR_UID' => '', 'CALENDAR_NAME' => '- ' . G::LoadTranslation('ID_NONE') . ' -']];
foreach ($calendarObj['array'] as $rowId => $row) {
if ($rowId > 0) {
$data[] = ['CALENDAR_UID' => $row['CALENDAR_UID'], 'CALENDAR_NAME' => $row['CALENDAR_NAME']];
}
}
print(G::json_encode($data));
break;
case 'rolesList':
$roles = new Roles();
$rolesData = $roles->getAllRoles();
$data = [];
foreach ($rolesData as $rowId => $row) {
$data[] = ['ROL_UID' => $row['ROL_CODE'], 'ROL_CODE' => $row['ROL_NAME']];
}
print(G::json_encode($data));
break;
case 'getUserLogedRole':
$user = new Users(); $user = new Users();
$u = $user->load($aFields['USR_REPLACED_BY']); $userLog = $user->loadDetailed($_SESSION['USER_LOGGED']);
if ($u['USR_STATUS'] == 'CLOSED') { print(G::json_encode([
$replaced_by = ''; 'USR_UID' => $userLog['USR_UID'],
$aFields['USR_REPLACED_BY'] = ''; 'USR_USERNAME' => $userLog['USR_USERNAME'],
} else { 'USR_ROLE' => $userLog['USR_ROLE']
$c = new Configurations(); ]));
$arrayConfFormat = $c->getFormats(); break;
case 'languagesList':
$replaced_by = G::getFormatUserList($arrayConfFormat['format'], $u); $translations = new Translation();
$languages = $translations->getTranslationEnvironments();
$data = [['LAN_ID' => '', 'LAN_NAME' => '- ' . G::LoadTranslation('ID_NONE') . ' -']];
foreach ($languages as $lang) {
$data[] = [
'LAN_ID' => $lang['LOCALE'],
'LAN_NAME' => $lang['LANGUAGE']
];
} }
} else { print(G::json_encode($data));
$replaced_by = ''; break;
} case 'saveUser':
case 'savePersonalInfo':
try {
verifyCsrfToken($_POST);
$user = new BmUser();
$form = $_POST;
$permissionsToSaveData = $user->getPermissionsForEdit();
$form = $user->checkPermissionForEdit($_SESSION['USER_LOGGED'], $permissionsToSaveData, $form);
$aFields['REPLACED_NAME'] = $replaced_by; switch ($_POST['action']) {
case 'saveUser':
if (!$user->checkPermission($_SESSION['USER_LOGGED'], 'PM_USERS')) {
throw new Exception(G::LoadTranslation('ID_USER_NOT_HAVE_PERMISSION',
[$_SESSION['USER_LOGGED']]));
}
break;
case 'savePersonalInfo':
if (!$user->checkPermission($_SESSION['USER_LOGGED'], 'PM_USERS') &&
!$user->checkPermission($_SESSION['USER_LOGGED'], 'PM_EDITPERSONALINFO')
) {
throw new Exception(G::LoadTranslation('ID_USER_NOT_HAVE_PERMISSION',
[$_SESSION['USER_LOGGED']]));
}
break;
default:
throw new Exception(G::LoadTranslation('ID_INVALID_DATA'));
break;
}
$menuSelected = ''; if (array_key_exists('USR_LOGGED_NEXT_TIME', $form)) {
$form['USR_LOGGED_NEXT_TIME'] = ($form['USR_LOGGED_NEXT_TIME']) ? 1 : 0;
}
if ($aFields['PREF_DEFAULT_MENUSELECTED'] != '') { $userUid = '';
foreach ($RBAC->aUserInfo['PROCESSMAKER']['PERMISSIONS'] as $permission) { $auditLogType = '';
if ($aFields['PREF_DEFAULT_MENUSELECTED'] == $permission['PER_CODE']) { if (empty($form['USR_UID'])) {
switch ($permission['PER_CODE']) { $arrayUserData = $user->create($form);
case 'PM_USERS': $userUid = $arrayUserData['USR_UID'];
case 'PM_SETUP': $auditLogType = 'INS';
$menuSelected = strtoupper(G::LoadTranslation('ID_SETUP'));
break;
case 'PM_CASES':
$menuSelected = strtoupper(G::LoadTranslation('ID_CASES'));
break;
case 'PM_FACTORY':
$menuSelected = strtoupper(G::LoadTranslation('ID_APPLICATIONS'));
break;
case 'PM_DASHBOARD':
$menuSelected = strtoupper(G::LoadTranslation('ID_DASHBOARD'));
break;
}
} else { } else {
if ($aFields['PREF_DEFAULT_MENUSELECTED'] == 'PM_STRATEGIC_DASHBOARD') { if (array_key_exists('USR_NEW_PASS', $form) && $form['USR_NEW_PASS'] == '') {
$menuSelected = strtoupper(G::LoadTranslation('ID_STRATEGIC_DASHBOARD')); unset($form['USR_NEW_PASS']);
}
$results = $user->update($form['USR_UID'], $form, $_SESSION['USER_LOGGED']);
$userUid = $form['USR_UID'];
$arrayUserData = $user->getUserRecordByPk($userUid, [], false);
$auditLogType = 'UPD';
}
$user->auditLog($auditLogType,
array_merge(['USR_UID' => $userUid, 'USR_USERNAME' => $arrayUserData['USR_USERNAME']], $form));
/* Saving preferences */
$def_lang = isset($form['PREF_DEFAULT_LANG']) ? $form['PREF_DEFAULT_LANG'] : '';
$def_menu = isset($form['PREF_DEFAULT_MENUSELECTED']) ? $form['PREF_DEFAULT_MENUSELECTED'] : '';
$def_cases_menu = isset($form['PREF_DEFAULT_CASES_MENUSELECTED']) ? $form['PREF_DEFAULT_CASES_MENUSELECTED'] : '';
$configuration = new Configurations();
$configuration->aConfig = [
'DEFAULT_LANG' => $def_lang,
'DEFAULT_MENU' => $def_menu,
'DEFAULT_CASES_MENU' => $def_cases_menu
];
$configuration->saveConfig('USER_PREFERENCES', '', '', $userUid);
if ($user->checkPermission($userUid, 'PM_EDIT_USER_PROFILE_PHOTO')) {
try {
$user->uploadImage($userUid);
} catch (Exception $e) {
$result->success = false;
$result->fileError = true;
echo G::json_encode($result);
exit(0);
}
}
if ($_SESSION['USER_LOGGED'] == $form['USR_UID']) {
/* UPDATING SESSION VARIABLES */
$userInfo = $RBAC->userObj->load($_SESSION['USER_LOGGED']);
$_SESSION['USR_FULLNAME'] = $userInfo['USR_FIRSTNAME'] . ' ' . $userInfo['USR_LASTNAME'];
}
$result->success = true;
print(G::json_encode($result));
} catch (Exception $e) {
$result->success = false;
$result->error = $e->getMessage();
print(G::json_encode($result));
}
break;
case 'userData':
// Check if the user logged has the correct permission
if (($_POST['USR_UID'] !== $_SESSION['USER_LOGGED']) && ($RBAC->userCanAccess('PM_USERS') !== 1)) {
throw new Exception(G::LoadTranslation('ID_USER_NOT_HAVE_PERMISSION', [$_SESSION['USER_LOGGED']]));
}
$_SESSION['CURRENT_USER'] = $_POST['USR_UID'];
$user = new Users();
$fields = $user->loadDetailed($_POST['USR_UID']);
//Load Calendar options and falue for this user
$calendar = new Calendar();
$calendarInfo = $calendar->getCalendarFor($_POST['USR_UID'], $_POST['USR_UID'], $_POST['USR_UID']);
//If the function returns a DEFAULT calendar it means that this object doesn't have assigned any calendar
$fields['USR_CALENDAR'] = $calendarInfo['CALENDAR_APPLIED'] != 'DEFAULT' ? $calendarInfo['CALENDAR_UID'] : "";
$fields['CALENDAR_NAME'] = $calendarInfo['CALENDAR_NAME'];
//verifying if it has any preferences on the configurations table
$configuration = new Configurations();
$configuration->loadConfig($x, 'USER_PREFERENCES', '', '', $fields['USR_UID'], '');
$fields['PREF_DEFAULT_MENUSELECTED'] = '';
$fields['PREF_DEFAULT_CASES_MENUSELECTED'] = '';
$fields['PREF_DEFAULT_LANG'] = isset($configuration->aConfig['DEFAULT_LANG']) ? $configuration->aConfig['DEFAULT_LANG'] : SYS_LANG;
if (isset($configuration->aConfig['DEFAULT_MENU'])) {
$fields['PREF_DEFAULT_MENUSELECTED'] = $configuration->aConfig['DEFAULT_MENU'];
} else {
switch ($RBAC->aUserInfo['PROCESSMAKER']['ROLE']['ROL_CODE']) {
case 'PROCESSMAKER_ADMIN':
$fields['PREF_DEFAULT_MENUSELECTED'] = 'PM_SETUP';
break;
case 'PROCESSMAKER_OPERATOR':
$fields['PREF_DEFAULT_MENUSELECTED'] = 'PM_CASES';
break;
}
}
$fields['PREF_DEFAULT_CASES_MENUSELECTED'] = isset($configuration->aConfig['DEFAULT_CASES_MENU']) ? $configuration->aConfig['DEFAULT_CASES_MENU'] : '';
if ($fields['USR_REPLACED_BY'] != '') {
$user = new Users();
$u = $user->load($fields['USR_REPLACED_BY']);
if ($u['USR_STATUS'] == 'CLOSED') {
$replaced_by = '';
$fields['USR_REPLACED_BY'] = '';
} else {
$c = new Configurations();
$arrayConfFormat = $c->getFormats();
$replaced_by = G::getFormatUserList($arrayConfFormat['format'], $u);
}
} else {
$replaced_by = '';
}
$fields['REPLACED_NAME'] = $replaced_by;
$menuSelected = '';
if ($fields['PREF_DEFAULT_MENUSELECTED'] != '') {
foreach ($RBAC->aUserInfo['PROCESSMAKER']['PERMISSIONS'] as $permission) {
if ($fields['PREF_DEFAULT_MENUSELECTED'] == $permission['PER_CODE']) {
switch ($permission['PER_CODE']) {
case 'PM_USERS':
case 'PM_SETUP':
$menuSelected = strtoupper(G::LoadTranslation('ID_SETUP'));
break;
case 'PM_CASES':
$menuSelected = strtoupper(G::LoadTranslation('ID_CASES'));
break;
case 'PM_FACTORY':
$menuSelected = strtoupper(G::LoadTranslation('ID_APPLICATIONS'));
break;
case 'PM_DASHBOARD':
$menuSelected = strtoupper(G::LoadTranslation('ID_DASHBOARD'));
break;
}
} else {
if ($fields['PREF_DEFAULT_MENUSELECTED'] == 'PM_STRATEGIC_DASHBOARD') {
$menuSelected = strtoupper(G::LoadTranslation('ID_STRATEGIC_DASHBOARD'));
}
} }
} }
} }
}
$aFields['MENUSELECTED_NAME'] = $menuSelected; $fields['MENUSELECTED_NAME'] = $menuSelected;
$oMenu = new Menu(); $menu = new Menu();
$oMenu->load('cases'); $menu->load('cases');
$casesMenuSelected = ''; $casesMenuSelected = '';
if ($aFields['PREF_DEFAULT_CASES_MENUSELECTED'] != '') { if ($fields['PREF_DEFAULT_CASES_MENUSELECTED'] != '') {
foreach ($oMenu->Id as $i => $item) { foreach ($menu->Id as $i => $item) {
if ($aFields['PREF_DEFAULT_CASES_MENUSELECTED'] == $item) { if ($fields['PREF_DEFAULT_CASES_MENUSELECTED'] == $item) {
$casesMenuSelected = $oMenu->Labels[$i]; $casesMenuSelected = $menu->Labels[$i];
}
} }
} }
}
require_once 'classes/model/Users.php'; $user = new Users();
$oUser = new Users(); $userLog = $user->loadDetailed($_SESSION['USER_LOGGED']);
$aUserLog = $oUser->loadDetailed($_SESSION['USER_LOGGED']); $fields['USER_LOGGED_NAME'] = $userLog['USR_USERNAME'];
$aFields['USER_LOGGED_NAME'] = $aUserLog['USR_USERNAME']; $fields['USER_LOGGED_ROLE'] = $userLog['USR_ROLE'];
$aFields['USER_LOGGED_ROLE'] = $aUserLog['USR_ROLE'];
$aFields['CASES_MENUSELECTED_NAME'] = $casesMenuSelected; $fields['CASES_MENUSELECTED_NAME'] = $casesMenuSelected;
require_once 'classes/model/UsersProperties.php'; $userProperties = new UsersProperties();
$oUserProperty = new UsersProperties(); $properties = $userProperties->loadOrCreateIfNotExists($fields['USR_UID'],
$aUserProperty = $oUserProperty->loadOrCreateIfNotExists($aFields['USR_UID'], array('USR_PASSWORD_HISTORY' => serialize(array($oUser->getUsrPassword())))); ['USR_PASSWORD_HISTORY' => serialize([$user->getUsrPassword()])]);
$aFields['USR_LOGGED_NEXT_TIME'] = $aUserProperty['USR_LOGGED_NEXT_TIME']; $fields['USR_LOGGED_NEXT_TIME'] = $properties['USR_LOGGED_NEXT_TIME'];
if (array_key_exists('USR_PASSWORD', $aFields)) { if (array_key_exists('USR_PASSWORD', $fields)) {
unset($aFields['USR_PASSWORD']); unset($fields['USR_PASSWORD']);
}
$userPermissions = new \ProcessMaker\BusinessModel\User();
$permissions = $userPermissions->loadDetailedPermissions($aFields);
$result->success = true;
$result->user = $aFields;
$result->permission = $permissions;
print(G::json_encode($result));
break;
case 'defaultMainMenuOptionList':
foreach ($RBAC->aUserInfo['PROCESSMAKER']['PERMISSIONS'] as $permission) {
switch ($permission['PER_CODE']) {
case 'PM_USERS':
case 'PM_SETUP':
$rows[] = array('id' => 'PM_SETUP', 'name' => strtoupper(G::LoadTranslation('ID_SETUP'))
);
break;
case 'PM_CASES':
$rows[] = array('id' => 'PM_CASES', 'name' => strtoupper(G::LoadTranslation('ID_CASES'))
);
break;
case 'PM_FACTORY':
$rows[] = array('id' => 'PM_FACTORY', 'name' => strtoupper(G::LoadTranslation('ID_APPLICATIONS'))
);
break;
case 'PM_DASHBOARD':
$rows[] = array('id' => 'PM_DASHBOARD', 'name' => strtoupper(G::LoadTranslation('ID_DASHBOARD'))
);
/*----------------------------------********---------------------------------*/
// NEW DASHBOARD MODULE
$licensedFeatures = PMLicensedFeatures::getSingleton();
if ($licensedFeatures->verifyfeature('r19Vm5DK1UrT09MenlLYjZxejlhNUZ1b1NhV0JHWjBsZEJ6dnpJa3dTeWVLVT0=')) {
$rows[] = array('id' => 'PM_STRATEGIC_DASHBOARD', 'name' => strtoupper(G::LoadTranslation('ID_STRATEGIC_DASHBOARD'))
);
}
/*----------------------------------********---------------------------------*/
break;
} }
}
print(G::json_encode($rows));
break;
case 'defaultCasesMenuOptionList':
$oMenu = new Menu(); $userPermissions = new BmUser();
$oMenu->load('cases'); $permissions = $userPermissions->loadDetailedPermissions($fields);
foreach ($oMenu->Id as $i => $item) { $result->success = true;
if ($oMenu->Types[$i] != 'blockHeader') { $result->user = $fields;
$rowsCasesMenu[] = array('id' => $item, 'name' => $oMenu->Labels[$i]); $result->permission = $permissions;
print(G::json_encode($result));
break;
case 'defaultMainMenuOptionList':
$rows = [];
foreach ($RBAC->aUserInfo['PROCESSMAKER']['PERMISSIONS'] as $permission) {
switch ($permission['PER_CODE']) {
case 'PM_USERS':
case 'PM_SETUP':
$rows[] = [
'id' => 'PM_SETUP',
'name' => strtoupper(G::LoadTranslation('ID_SETUP'))
];
break;
case 'PM_CASES':
$rows[] = [
'id' => 'PM_CASES',
'name' => strtoupper(G::LoadTranslation('ID_CASES'))
];
break;
case 'PM_FACTORY':
$rows[] = [
'id' => 'PM_FACTORY',
'name' => strtoupper(G::LoadTranslation('ID_APPLICATIONS'))
];
break;
case 'PM_DASHBOARD':
$rows[] = [
'id' => 'PM_DASHBOARD',
'name' => strtoupper(G::LoadTranslation('ID_DASHBOARD'))
];
/*----------------------------------********---------------------------------*/
// NEW DASHBOARD MODULE
$licensedFeatures = PMLicensedFeatures::getSingleton();
if ($licensedFeatures->verifyfeature('r19Vm5DK1UrT09MenlLYjZxejlhNUZ1b1NhV0JHWjBsZEJ6dnpJa3dTeWVLVT0=')) {
$rows[] = [
'id' => 'PM_STRATEGIC_DASHBOARD',
'name' => strtoupper(G::LoadTranslation('ID_STRATEGIC_DASHBOARD'))
];
}
/*----------------------------------********---------------------------------*/
break;
}
} }
} print(G::json_encode($rows));
print(G::json_encode($rowsCasesMenu)); break;
break; case 'defaultCasesMenuOptionList':
case 'testPassword': $menu = new Menu();
require_once 'classes/model/UsersProperties.php'; $menu->load('cases');
$userProperty = new UsersProperties();
$fields = []; foreach ($menu->Id as $i => $item) {
$color = ''; if ($menu->Types[$i] != 'blockHeader') {
$img = ''; $rowsCasesMenu[] = ['id' => $item, 'name' => $menu->Labels[$i]];
$dateNow = date('Y-m-d H:i:s'); }
$errorInPassword = $userProperty->validatePassword($_POST['PASSWORD_TEXT'], $dateNow, 0);
if (!empty($errorInPassword)) {
$img = '/images/delete.png';
$color = 'red';
if (!defined('NO_DISPLAY_USERNAME')) {
define('NO_DISPLAY_USERNAME', 1);
} }
$fields = $userProperty->getMessageValidatePassword($errorInPassword); print(G::json_encode($rowsCasesMenu));
$fields['STATUS'] = false; break;
} else { case 'testPassword':
$color = 'green'; $userProperty = new UsersProperties();
$img = '/images/dialog-ok-apply.png';
$fields['DESCRIPTION'] = G::LoadTranslation('ID_PASSWORD_COMPLIES_POLICIES') . '</span>';
$fields['STATUS'] = true;
}
$span = '<span style="color: ' . $color . '; font: 9px tahoma,arial,helvetica,sans-serif;">';
$gif = '<img width="13" height="13" border="0" src="' . $img . '">';
$fields['DESCRIPTION'] = $span . $gif . $fields['DESCRIPTION'];
print(G::json_encode($fields));
break;
case 'testUsername':
require_once 'classes/model/Users.php';
$_POST['NEW_USERNAME'] = trim($_POST['NEW_USERNAME']);
$USR_UID = isset($_POST['USR_UID']) ? $_POST['USR_UID'] : '';
$response = array("success" => true); $fields = [];
$color = '';
$img = '';
$dateNow = date('Y-m-d H:i:s');
$errorInPassword = $userProperty->validatePassword($_POST['PASSWORD_TEXT'], $dateNow, 0);
$oCriteria = new Criteria(); if (!empty($errorInPassword)) {
$oCriteria->addSelectColumn(UsersPeer::USR_USERNAME); $img = '/images/delete.png';
$color = 'red';
if (!defined('NO_DISPLAY_USERNAME')) {
define('NO_DISPLAY_USERNAME', 1);
}
$fields = $userProperty->getMessageValidatePassword($errorInPassword);
$fields['STATUS'] = false;
} else {
$color = 'green';
$img = '/images/dialog-ok-apply.png';
$fields['DESCRIPTION'] = G::LoadTranslation('ID_PASSWORD_COMPLIES_POLICIES') . '</span>';
$fields['STATUS'] = true;
}
$span = '<span style="color: ' . $color . '; font: 9px tahoma,arial,helvetica,sans-serif;">';
$gif = '<img width="13" height="13" border="0" src="' . $img . '">';
$fields['DESCRIPTION'] = $span . $gif . $fields['DESCRIPTION'];
print(G::json_encode($fields));
break;
case 'testUsername':
$_POST['NEW_USERNAME'] = trim($_POST['NEW_USERNAME']);
$usrUid = isset($_POST['USR_UID']) ? $_POST['USR_UID'] : '';
$oCriteria->add(UsersPeer::USR_USERNAME, utf8_encode($_POST['NEW_USERNAME'])); $response = ["success" => true];
if ($USR_UID != '') {
$oCriteria->add(UsersPeer::USR_UID, array($_POST['USR_UID']), Criteria::NOT_IN);
}
$oDataset = UsersPeer::doSelectRS($oCriteria);
$oDataset->setFetchmode(ResultSet::FETCHMODE_ASSOC);
$oDataset->next();
$aRow = $oDataset->getRow();
if (is_array($aRow) || $_POST['NEW_USERNAME'] == '') { $criteria = new Criteria();
$color = 'red'; $criteria->addSelectColumn(UsersPeer::USR_USERNAME);
$img = '/images/delete.png';
$dataVar['USER_ID'] = $_POST['NEW_USERNAME'];
$text = G::LoadTranslation('ID_USERNAME_ALREADY_EXISTS', $dataVar);
$text = ($_POST['NEW_USERNAME'] == '') ? G::LoadTranslation('ID_MSG_ERROR_USR_USERNAME') : $text;
$response['exists'] = true;
} else {
$color = 'green';
$img = '/images/dialog-ok-apply.png';
$text = G::LoadTranslation('ID_USERNAME_CORRECT');
$response['exists'] = false;
}
$span = '<span style="color: ' . $color . '; font: 9px tahoma,arial,helvetica,sans-serif;">'; $criteria->add(UsersPeer::USR_USERNAME, utf8_encode($_POST['NEW_USERNAME']));
$gif = '<img width="13" height="13" border="0" src="' . $img . '">'; if ($usrUid != '') {
$response['descriptionText'] = $span . $gif . $text . '</span>'; $criteria->add(UsersPeer::USR_UID, [$_POST['USR_UID']], Criteria::NOT_IN);
echo G::json_encode($response); }
break; $dataSet = UsersPeer::doSelectRS($criteria);
case "passwordValidate": $dataSet->setFetchmode(ResultSet::FETCHMODE_ASSOC);
$messageResultLogin = ""; $dataSet->next();
$password = $_POST["password"]; $row = $dataSet->getRow();
$resultLogin = $RBAC->VerifyLogin($_SESSION["USR_USERNAME"], $password);
if ($resultLogin == $_SESSION["USER_LOGGED"]) { if (is_array($row) || $_POST['NEW_USERNAME'] == '') {
$messageResultLogin = "OK"; $color = 'red';
} else { $img = '/images/delete.png';
$messageResultLogin = "ERROR"; $dataVar = ['USER_ID' => $_POST['NEW_USERNAME']];
} $text = G::LoadTranslation('ID_USERNAME_ALREADY_EXISTS', $dataVar);
$text = ($_POST['NEW_USERNAME'] == '') ? G::LoadTranslation('ID_MSG_ERROR_USR_USERNAME') : $text;
$response['exists'] = true;
} else {
$color = 'green';
$img = '/images/dialog-ok-apply.png';
$text = G::LoadTranslation('ID_USERNAME_CORRECT');
$response['exists'] = false;
}
$response = array(); $span = '<span style="color: ' . $color . '; font: 9px tahoma,arial,helvetica,sans-serif;">';
$response["result"] = $messageResultLogin; $gif = '<img width="13" height="13" border="0" src="' . $img . '">';
echo G::json_encode($response); $response['descriptionText'] = $span . $gif . $text . '</span>';
break; echo G::json_encode($response);
break;
case "passwordValidate":
$messageResultLogin = "";
$password = $_POST["password"];
$resultLogin = $RBAC->VerifyLogin($_SESSION["USR_USERNAME"], $password);
if ($resultLogin == $_SESSION["USER_LOGGED"]) {
$messageResultLogin = "OK";
} else {
$messageResultLogin = "ERROR";
}
$response = [];
$response["result"] = $messageResultLogin;
echo G::json_encode($response);
break;
}
} catch (Exception $e) {
$result->success = false;
$result->error = $e->getMessage();
echo G::json_encode($result);
} }