diff --git a/gulliver/system/class.rbac.php b/gulliver/system/class.rbac.php index 38faf54f6..8bddbc112 100644 --- a/gulliver/system/class.rbac.php +++ b/gulliver/system/class.rbac.php @@ -50,6 +50,13 @@ use ProcessMaker\Exception\RBACException; class RBAC { const SETUPERMISSIONUID= '00000000000000000000000000000002'; + const PER_SYSTEM = '00000000000000000000000000000002'; + const PM_GUEST_CASE = 'PM_GUEST_CASE'; + const PM_GUEST_CASE_UID = '00000000000000000000000000000066'; + const PROCESSMAKER_GUEST = 'PROCESSMAKER_GUEST'; + const PROCESSMAKER_GUEST_UID = '00000000000000000000000000000005'; + const GUEST_USER_UID = '00000000000000000000000000000002'; + /** * * @access private @@ -396,6 +403,149 @@ class RBAC return $permissionsAdmin; } + /** + * Create if not exists GUEST user. + * + */ + private function verifyGuestUser(Roles $role) + { + try { + $strRole = $role->getRolCode(); + + $arrayData = array(); + $arrayData["USR_UID"] = self::GUEST_USER_UID; + $arrayData["USR_USERNAME"] = 'Guest'; + $arrayData["USR_PASSWORD"] = '674ba9750749d735ec9787d606170d78'; + $arrayData["USR_FIRSTNAME"] = 'Guest'; + $arrayData["USR_LASTNAME"] = ''; + $arrayData["USR_EMAIL"] = 'guest@processmaker.com'; + $arrayData["USR_DUE_DATE"] = '2200-01-01'; + $arrayData["USR_CREATE_DATE"] = date("Y-m-d H:i:s"); + $arrayData["USR_UPDATE_DATE"] = date("Y-m-d H:i:s"); + $arrayData["USR_BIRTHDAY"] = '2009-02-01'; + $arrayData["USR_AUTH_USER_DN"] = ""; + $arrayData["USR_STATUS"] = 0; + + $rbacUserExists = RbacUsersPeer::retrieveByPK(self::GUEST_USER_UID); + if (!$rbacUserExists) { + $rbacUser = new RbacUsers(); + $rbacUser->fromArray($arrayData, BasePeer::TYPE_FIELDNAME); + $rbacUser->save(); + + $arrayData["USR_UID"] = $rbacUser->getUsrUid(); + $arrayData["USR_STATUS"] = 'INACTIVE'; + $arrayData["USR_COUNTRY"] = ""; + $arrayData["USR_CITY"] = ""; + $arrayData["USR_LOCATION"] = ""; + $arrayData["USR_ADDRESS"] = ""; + $arrayData["USR_PHONE"] = ""; + $arrayData["USR_ZIP_CODE"] = ""; + $arrayData["USR_POSITION"] = ""; + $arrayData["USR_ROLE"] = $strRole; + + $user = new Users(); + $user->create($arrayData); + $this->assignRoleToUser($user->getUsrUid(), $strRole); + } elseif( + $rbacUserExists + && $rbacUserExists->getUserRole($rbacUserExists->getUsrUid())['ROL_CODE']!==self::PROCESSMAKER_GUEST + ) { + $this->assignRoleToUser($rbacUserExists->getUsrUid(), $strRole); + } + } catch (Exception $exception) { + throw new Exception( + "Can not create guest user: ".$exception->getMessage(), + 0, + $exception + ); + } + } + + /** + * Create if not exists GUEST role. + * + */ + private function verifyGuestRole($permissions) + { + try { + $criteria = new Criteria; + $criteria->add(RolesPeer::ROL_CODE, self::PROCESSMAKER_GUEST); + $roleExists = RolesPeer::doSelectOne($criteria); + if ($roleExists) { + return $roleExists; + } + $aData = [ + 'ROL_UID' => self::PROCESSMAKER_GUEST_UID, + 'ROL_CODE' => self::PROCESSMAKER_GUEST, + 'ROL_SYSTEM' => self::PER_SYSTEM, + 'ROL_STATUS' => 1, + 'ROL_NAME' => self::PROCESSMAKER_GUEST, + 'ROL_CREATE_DATE' => date('Y-m-d H:i:s'), + 'ROL_UPDATE_DATE' => date('Y-m-d H:i:s'), + ]; + $this->createRole($aData); + $role = RolesPeer::doSelectOne($criteria); + foreach($permissions as $permission) { + $o = new RolesPermissions(); + $o->setPerUid($permission->getPerUid()); + $o->setPermissionName('Guest case'); + $o->setRolUid($role->getRolUid()); + $o->save(); + } + return $role; + } catch (Exception $exception) { + throw new Exception( + "Can not create guest role: " . $exception->getMessage(), + 0, + $exception + ); + } + } + + /** + * Create if not exists GUEST permissions. + * + */ + private function verifyGuestPermissions() + { + try { + $criteria = new Criteria(); + $criteria->add(PermissionsPeer::PER_CODE, self::PM_GUEST_CASE); + $perm = PermissionsPeer::doSelectOne($criteria); + if ($perm) { + return [$perm]; + } + $permission = new Permissions(); + $permission->setPerUid(self::PM_GUEST_CASE_UID); + $permission->setPerCode(self::PM_GUEST_CASE); + $permission->setPerCreateDate(date('Y-m-d H:i:s')); + $permission->setPerUpdateDate(date('Y-m-d H:i:s')); + $permission->setPerStatus(1); + $permission->setPerSystem(self::PER_SYSTEM); + $permission->save(); + return [$permission]; + } catch (Exception $exception) { + throw new Exception( + "Can not set guest permissions: " . $exception->getMessage(), + 0, + $exception + ); + } + } + + /** + * Create if not exists GUEST user. + * Create if not exists GUEST role. + * Create if not exists GUEST permissions. + * + */ + private function verifyGuestUserRolePermission() + { + $permissions = $this->verifyGuestPermissions(); + $role = $this->verifyGuestRole($permissions); + $this->verifyGuestUser($role); + } + /** * Gets the roles and permission for one RBAC_user * @@ -1444,6 +1594,7 @@ class RBAC public function verifyPermissions() { $message = array(); + $this->verifyGuestUserRolePermission(); $listPermissions = $this->loadPermissionAdmin(); $criteria = new Criteria('rbac'); $dataset = PermissionsPeer::doSelectRS($criteria); diff --git a/rbac/engine/data/mysql/insert.sql b/rbac/engine/data/mysql/insert.sql index 87f76ab87..a4e23d6dc 100644 --- a/rbac/engine/data/mysql/insert.sql +++ b/rbac/engine/data/mysql/insert.sql @@ -63,13 +63,15 @@ INSERT INTO `RBAC_PERMISSIONS` VALUES ('00000000000000000000000000000062','PM_EDIT_USER_PROFILE_DEFAULT_MAIN_MENU_OPTIONS','2016-07-18 00:00:00','2016-07-18 00:00:00',1,'00000000000000000000000000000002'), ('00000000000000000000000000000063','PM_EDIT_USER_PROFILE_DEFAULT_CASES_MENU_OPTIONS','2016-07-18 00:00:00','2016-07-18 00:00:00',1,'00000000000000000000000000000002'), ('00000000000000000000000000000064','PM_REASSIGNCASE_SUPERVISOR','2016-09-01 00:00:00','2016-09-01 00:00:00',1,'00000000000000000000000000000002'), -('00000000000000000000000000000065','PM_SETUP_CUSTOM_CASES_LIST','2017-03-27 00:00:00','2017-03-27 00:00:00',1,'00000000000000000000000000000002'); +('00000000000000000000000000000065','PM_SETUP_CUSTOM_CASES_LIST','2017-03-27 00:00:00','2017-03-27 00:00:00',1,'00000000000000000000000000000002'), +('00000000000000000000000000000066','PM_GUEST_CASE','2017-03-27 00:00:00','2017-03-27 00:00:00',1,'00000000000000000000000000000002'); INSERT INTO `RBAC_ROLES` VALUES ('00000000000000000000000000000001','','00000000000000000000000000000001','RBAC_ADMIN','2007-07-31 19:10:22','2007-08-03 12:24:36',1), ('00000000000000000000000000000002','','00000000000000000000000000000002','PROCESSMAKER_ADMIN','2007-07-31 19:10:22','2007-08-03 12:24:36',1), ('00000000000000000000000000000003','','00000000000000000000000000000002','PROCESSMAKER_OPERATOR','2007-07-31 19:10:22','2007-08-03 12:24:36',1), -('00000000000000000000000000000004', '', '00000000000000000000000000000002', 'PROCESSMAKER_MANAGER', '2010-03-29 09:14:15', '2010-03-29 09:19:53', 1); +('00000000000000000000000000000004', '', '00000000000000000000000000000002', 'PROCESSMAKER_MANAGER', '2010-03-29 09:14:15', '2010-03-29 09:19:53', 1), +('00000000000000000000000000000005', '', '00000000000000000000000000000002', 'PROCESSMAKER_GUEST', '2009-02-01 12:24:36', '2009-02-01 12:24:36', 1); INSERT INTO `RBAC_ROLES_PERMISSIONS` VALUES @@ -213,8 +215,11 @@ INSERT INTO `RBAC_ROLES_PERMISSIONS` VALUES ('00000000000000000000000000000004','00000000000000000000000000000060'), ('00000000000000000000000000000004','00000000000000000000000000000061'), ('00000000000000000000000000000004','00000000000000000000000000000062'), -('00000000000000000000000000000004','00000000000000000000000000000063'); +('00000000000000000000000000000004','00000000000000000000000000000063'), +('00000000000000000000000000000005','00000000000000000000000000000066'); INSERT INTO `RBAC_SYSTEMS` VALUES ('00000000000000000000000000000001','RBAC','2007-07-31 19:10:22','2007-08-03 12:24:36',1),('00000000000000000000000000000002','PROCESSMAKER','2007-07-31 19:10:22','2007-08-03 12:24:36',1); -INSERT INTO `RBAC_USERS` VALUES ('00000000000000000000000000000001','admin','21232f297a57a5a743894a0e4a801fc3','Administrator','','admin@processmaker.com','2020-01-01','2007-08-03 12:24:36','2008-02-13 07:24:07',1,'MYSQL','00000000000000000000000000000000','',''); -INSERT INTO `RBAC_USERS_ROLES` VALUES ('00000000000000000000000000000001','00000000000000000000000000000002'); +INSERT INTO `RBAC_USERS` VALUES ('00000000000000000000000000000001','admin','21232f297a57a5a743894a0e4a801fc3','Administrator','','admin@processmaker.com','2020-01-01','2007-08-03 12:24:36','2008-02-13 07:24:07',1,'MYSQL','00000000000000000000000000000000','',''), +('00000000000000000000000000000002','guest','674ba9750749d735ec9787d606170d78','Guest','','guest@processmaker.com','2200-01-01','2009-02-01 12:24:36','2009-02-01 12:24:36',0,'MYSQL','00000000000000000000000000000000','',''); +INSERT INTO `RBAC_USERS_ROLES` VALUES ('00000000000000000000000000000001','00000000000000000000000000000002'), +('00000000000000000000000000000002','00000000000000000000000000000005'); diff --git a/workflow/engine/data/mysql/insert.sql b/workflow/engine/data/mysql/insert.sql index 524d1777b..eda4d65bc 100644 --- a/workflow/engine/data/mysql/insert.sql +++ b/workflow/engine/data/mysql/insert.sql @@ -1,5 +1,6 @@ INSERT INTO USERS (USR_UID,USR_USERNAME,USR_PASSWORD,USR_FIRSTNAME,USR_LASTNAME,USR_EMAIL,USR_DUE_DATE,USR_CREATE_DATE,USR_UPDATE_DATE,USR_STATUS,USR_COUNTRY,USR_CITY,USR_LOCATION,USR_ADDRESS,USR_PHONE,USR_FAX,USR_CELLULAR,USR_ZIP_CODE,DEP_UID,USR_POSITION,USR_RESUME,USR_BIRTHDAY,USR_ROLE,USR_REPORTS_TO,USR_REPLACED_BY ) VALUES -('00000000000000000000000000000001','admin','21232f297a57a5a743894a0e4a801fc3','Administrator',' ', 'admin@processmaker.com','2020-01-01','1999-11-30 00:00:00','2008-05-23 18:36:19','ACTIVE', 'US','FL','MMK','','', '1-305-402-0282','1-305-675-1400','','','Administrator', '','1999-02-25','PROCESSMAKER_ADMIN','',''); +('00000000000000000000000000000001','admin','21232f297a57a5a743894a0e4a801fc3','Administrator',' ', 'admin@processmaker.com','2020-01-01','1999-11-30 00:00:00','2008-05-23 18:36:19','ACTIVE', 'US','FL','MMK','','', '1-305-402-0282','1-305-675-1400','','','Administrator', '','1999-02-25','PROCESSMAKER_ADMIN','',''), +('00000000000000000000000000000002','admin','674ba9750749d735ec9787d606170d78','Guest',' ', 'admin@processmaker.com','2200-01-01','2009-02-01 12:24:36','2009-02-01 12:24:36','INACTIVE', 'US','FL','MMK','','', '1-305-402-0282','1-305-675-1400','','','Guest', '','2009-02-01','PROCESSMAKER_GUEST','',''); INSERT INTO CONTENT (CON_CATEGORY,CON_PARENT,CON_ID,CON_LANG,CON_VALUE) VALUES ('ROL_NAME','','00000000000000000000000000000002','en','System Administrator'),