fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'release/security-3.2' of bitbucket.org:colosa/processmaker into bugfix/HOR-3286

Browse Source
This commit is contained in:
Paula Quispe
2017-05-30 09:35:19 -04:00
parent a445056fbf 2311342f6c
commit 1c34eb29f4
5 changed files with 328 additions and 257 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
gulliver/system/class.rbac.php
View File

@@ -70,9 +70,33 @@ class RBAC
public $singleSignOn = false;
private static $instance = null;
public $authorizedActions = array();
public function __construct ()
{
$this->authorizedActions = array(
'users_Ajax.php' => array(
'availableUsers' => array('PM_FACTORY'),
'assign' => array('PM_FACTORY'),
'changeView' => array(),
'ofToAssign' => array('PM_FACTORY'),
'usersGroup' => array('PM_FACTORY'),
'canDeleteUser' => array('PM_USERS'),
'deleteUser' => array('PM_USERS'),
'changeUserStatus' => array('PM_USERS'),
'availableGroups' => array('PM_USERS'),
'assignedGroups' => array('PM_USERS'),
'assignGroupsToUserMultiple' => array('PM_USERS'),
'deleteGroupsToUserMultiple' => array('PM_USERS'),
'authSources' => array('PM_USERS'),
'loadAuthSourceByUID' => array('PM_USERS'),
'updateAuthServices' => array('PM_USERS'),
'usersList' => array('PM_USERS'),
'updatePageSize' => array(),
'summaryUserData' => array('PM_USERS'),
'verifyIfUserAssignedAsSupervisor' => array('PM_USERS'),
)
);
}
/**
@@ -1443,5 +1467,36 @@ class RBAC
}
}
}
/**
* This function verify if the user allows to the file with a specific action
* If the action is not defined in the authorizedActions we give the allow
* @param string $file
* @param string $action
*
* @return void
*/
public function allows($file, $action)
{
$access = false;
if (isset($this->authorizedActions[$file][$action])) {
$permissions = $this->authorizedActions[$file][$action];
$totalPermissions = count($permissions);
$countAccess = 0;
foreach ($permissions as $key => $value) {
if ($this->userCanAccess($value) == 1) {
$countAccess++;
}
}
//Check if the user has all permissions that needed
if ($countAccess == $totalPermissions) {
$access = true;
}
}
if (!$access) {
G::header('Location: /errors/error403.php');
die();
}
}
}

34
workflow/engine/classes/model/ObjectPermission.php
View File

@@ -409,5 +409,39 @@ class ObjectPermission extends BaseObjectPermission
}
return $result;
}
/**
* Verify if the user has a objectPermission for some process
*
* @param string $usrUid the uid of the user
* @param int $typeRelation
*
* @return array
*/
public function objectPermissionPerUser($usrUid, $typeRelation = 1)
{
$criteria = new Criteria("workflow");
$criteria->addSelectColumn(ObjectPermissionPeer::USR_UID);
$criteria->addSelectColumn(ObjectPermissionPeer::PRO_UID);
$criteria->add(ObjectPermissionPeer::OP_USER_RELATION, $typeRelation, Criteria::EQUAL);
$criteria->add(ObjectPermissionPeer::USR_UID, $usrUid, Criteria::EQUAL);
$doSelectRS = ObjectPermissionPeer::doSelectRS($criteria);
$doSelectRS->setFetchmode(ResultSet::FETCHMODE_ASSOC);
$doSelectRS->next();
$objectPermision = $doSelectRS->getRow();
$data = array();
if (isset($objectPermision["USR_UID"])) {
$criteria = new Criteria("workflow");
$criteria->addSelectColumn(ProcessPeer::PRO_TITLE);
$criteria->add(ProcessPeer::PRO_UID, $objectPermision["PRO_UID"], Criteria::EQUAL);
$doSelectRS = ProcessPeer::doSelectRS($criteria);
$doSelectRS->setFetchmode(ResultSet::FETCHMODE_ASSOC);
$doSelectRS->next();
$content = $doSelectRS->getRow();
$data['PRO_TITLE'] = $content["PRO_TITLE"];
$data['PRO_UID'] = $objectPermision["PRO_UID"];
}
return $data;
}
}

305
workflow/engine/methods/users/users_Ajax.php
View File

@@ -1,34 +1,6 @@
<?php
/**
* users_Ajax.php
*
* ProcessMaker Open Source Edition
* Copyright (C) 2004 - 2008 Colosa Inc.23
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
* Coral Gables, FL, 33134, USA, or email info@colosa.com.
*/
try {
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$_GET = $filter->xssFilterHard($_GET);
$_POST = $filter->xssFilterHard($_POST);
$_REQUEST = $filter->xssFilterHard($_REQUEST);
global $RBAC;
switch ($RBAC->userCanAccess('PM_LOGIN')) {
case - 2:
@@ -47,38 +19,15 @@ try {
$_POST = $_POST['form'];
}
if (isset($_REQUEST['function'])) {
//$value= $_POST['function'];
$value = get_ajax_value('function');
} else {
//$value= $_POST['functions'];
$value = get_ajax_value('functions');
}
$RBAC->allows(basename(__FILE__), $value);
switch ($value) {
case 'verifyUsername':
//print_r($_POST); die;
$_POST['sOriginalUsername'] = get_ajax_value('sOriginalUsername');
$_POST['sUsername'] = get_ajax_value('sUsername');
if ($_POST['sOriginalUsername'] == $_POST['sUsername']) {
echo '0';
} else {
require_once 'classes/model/Users.php';
G::LoadClass('Users');
$oUser = new Users();
$oCriteria = $oUser->loadByUsername($_POST['sUsername']);
$oDataset = UsersPeer::doSelectRs($oCriteria, Propel::getDbConnection('workflow_ro'));
$oDataset->setFetchmode(ResultSet::FETCHMODE_ASSOC);
$oDataset->next();
$aRow = $oDataset->getRow();
//print_r($aRow); die;
//if (!$aRow)
if (!is_array($aRow)) {
echo '0';
} else {
echo '1';
}
}
break;
case 'availableUsers':
//Classic process: list of users to assign in the task
G::LoadClass('processMap');
$oProcessMap = new ProcessMap();
global $G_PUBLISH;
@@ -87,6 +36,7 @@ try {
G::RenderPage('publish', 'raw');
break;
case 'assign':
//Classic process: assign users and groups in the task
G::LoadClass('tasks');
$oTasks = new Tasks();
switch ((int) $_POST['TU_RELATION']) {
@@ -103,6 +53,7 @@ try {
}
break;
case 'ofToAssign':
//Classic process: remove users and groups related a task
G::LoadClass('tasks');
$oTasks = new Tasks();
switch ((int) $_POST['TU_RELATION']) {
@@ -117,36 +68,11 @@ try {
}
break;
case 'changeView':
//Classic process: set variable for users and groups Ad hoc
$_SESSION['iType'] = $_POST['TU_TYPE'];
break;
case 'deleteGroup':
G::LoadClass('groups');
$oGroup = new Groups();
$oGroup->removeUserOfGroup($_POST['GRP_UID'], $_POST['USR_UID']);
$_GET['sUserUID'] = $_POST['USR_UID'];
$G_PUBLISH = new Publisher();
$G_PUBLISH->AddContent('view', 'users/users_Tree');
G::RenderPage('publish', 'raw');
break;
case 'showUserGroupInterface':
$_GET['sUserUID'] = $_POST['sUserUID'];
$G_PUBLISH = new Publisher();
$G_PUBLISH->AddContent('view', 'users/users_AssignGroup');
G::RenderPage('publish', 'raw');
break;
case 'showUserGroups':
$_GET['sUserUID'] = $_POST['sUserUID'];
$G_PUBLISH = new Publisher();
$G_PUBLISH->AddContent('view', 'users/users_Tree');
G::RenderPage('publish', 'raw');
break;
case 'assignUserToGroup':
G::LoadClass('groups');
$oGroup = new Groups();
$oGroup->addUserToGroup($_POST['GRP_UID'], $_POST['USR_UID']);
echo '<div align="center"><h2><font color="blue">' . G::LoadTranslation('ID_MSG_ASSIGN_DONE') . '</font></h2></div>';
break;
case 'usersGroup':
//Classic process: list of users in a group related a task
G::LoadClass('groups');
$oGroup = new Groups();
$aGroup = $oGroup->getUsersOfGroup($_POST['GRP_UID']);
@@ -154,29 +80,8 @@ try {
echo $aValues['USR_FIRSTNAME'] . ' ' . $aValues['USR_LASTNAME'] . '<br>';
}
break;
//This case is used to check if any of the user group has as role 'PROCESSMAKER_ADMIN',
case 'usersAdminGroupExtJS':
G::LoadClass('groups');
$oGroup = new Groups();
$aGroup = $oGroup->getUsersOfGroup($_POST['GRP_UID']);
$responseUser = 'false';
$usersAdmin = '';
foreach ($aGroup as $iIndex => $aValues) {
if ($aValues['USR_ROLE'] == 'PROCESSMAKER_ADMIN') {
$responseUser = 'true';
$usersAdmin .= $aValues['USR_FIRSTNAME'] . ' ' . $aValues['USR_LASTNAME'] . ', ';
}
}
$usersAdmin = substr($usersAdmin, 0, - 2);
$result = new stdClass();
$result->reponse = $responseUser;
$result->users = $usersAdmin;
echo G::json_encode($result);
break;
case 'canDeleteUser':
//Check before delete a user
G::LoadClass('case');
$oProcessMap = new Cases();
$USR_UID = $_POST['uUID'];
@@ -198,44 +103,31 @@ try {
echo $response;
break;
case 'deleteUser':
$UID = $_POST['USR_UID'];
//process permissions
$criteria = new Criteria("workflow");
$criteria->addSelectColumn(ObjectPermissionPeer::USR_UID);
$criteria->addSelectColumn(ObjectPermissionPeer::PRO_UID);
$criteria->add(ObjectPermissionPeer::OP_USER_RELATION, 1, Criteria::EQUAL);
$criteria->add(ObjectPermissionPeer::USR_UID, $UID, Criteria::EQUAL);
$doSelectRS = DynaformPeer::doSelectRS($criteria);
$doSelectRS->setFetchmode(ResultSet::FETCHMODE_ASSOC);
$doSelectRS->next();
$objectPermision = $doSelectRS->getRow();
if (isset($objectPermision["USR_UID"])) {
$criteria = new Criteria("workflow");
$criteria->addSelectColumn(ProcessPeer::PRO_TITLE);
$criteria->add(ProcessPeer::PRO_UID, $objectPermision["PRO_UID"], Criteria::EQUAL);
$doSelectRS = ProcessPeer::doSelectRS($criteria);
$doSelectRS->setFetchmode(ResultSet::FETCHMODE_ASSOC);
$doSelectRS->next();
$content = $doSelectRS->getRow();
//Check if the user was defined in a process permissions
$oObjectPermission = new ObjectPermission();
$aProcess = $oObjectPermission->objectPermissionPerUser($_POST['USR_UID'], 1);
if (count($aProcess) > 0) {
echo G::json_encode(array(
"status" => 'ERROR',
"message" => G::LoadTranslation('ID_USER_CANT_BE_DELETED_FOR_THE_PROCESS', array('processTitle' => isset($content["PRO_TITLE"]) ? $content["PRO_TITLE"] : $objectPermision['PRO_UID']))
"message" => G::LoadTranslation('ID_USER_CANT_BE_DELETED_FOR_THE_PROCESS', array('processTitle' => isset($aProcess["PRO_TITLE"]) ? $aProcess["PRO_TITLE"] : $aProcess['PRO_UID']))
));
break;
}
//Remove from tasks
G::LoadClass('tasks');
$oTasks = new Tasks();
$oTasks->ofToAssignUserOfAllTasks($UID);
//Remove from groups
G::LoadClass('groups');
$oGroups = new Groups();
$oGroups->removeUserOfAllGroups($UID);
$RBAC->changeUserStatus($UID, 'CLOSED');
$_GET['USR_USERNAME'] = '';
$RBAC->updateUser(array('USR_UID' => $UID, 'USR_USERNAME' => $_GET['USR_USERNAME']
), '');
//Update the table Users
require_once 'classes/model/Users.php';
$RBAC->changeUserStatus($UID, 'CLOSED');
$RBAC->updateUser(array('USR_UID' => $UID,'USR_USERNAME' => ''), '');
$oUser = new Users();
$aFields = $oUser->load($UID);
$aFields['USR_STATUS'] = 'CLOSED';
@@ -252,13 +144,13 @@ try {
//Delete users as supervisor
$criteria = new Criteria("workflow");
$criteria->add(ProcessUserPeer::USR_UID, $UID, Criteria::EQUAL);
$criteria->add(ProcessUserPeer::PU_TYPE, "SUPERVISOR", Criteria::EQUAL);
ProcessUserPeer::doDelete($criteria);
G::auditLog("DeleteUser", "User Name: ". $userName." User ID: (".$UID.") ");
break;
case 'changeUserStatus':
//When the user change the status: ACTIVE, INACTIVE, VACATION
$response = new stdclass();
if (isset($_REQUEST['USR_UID']) && isset($_REQUEST['NEW_USR_STATUS'])) {
$RBAC->changeUserStatus($_REQUEST['USR_UID'], ($_REQUEST['NEW_USR_STATUS'] == 'ACTIVE' ? 1 : 0));
@@ -278,6 +170,7 @@ try {
die(G::json_encode($response));
break;
case 'availableGroups':
//Get the available groups for assign to user
G::LoadClass('groups');
$filter = (isset($_POST['textFilter'])) ? $_POST['textFilter'] : '';
$groups = new Groups();
@@ -291,6 +184,7 @@ try {
echo '{groups: ' . G::json_encode($arr) . '}';
break;
case 'assignedGroups':
//Get the groups related to user
G::LoadClass('groups');
$filter = (isset($_POST['textFilter'])) ? $_POST['textFilter'] : '';
$groups = new Groups();
@@ -304,6 +198,7 @@ try {
echo '{groups: ' . G::json_encode($arr) . '}';
break;
case 'assignGroupsToUserMultiple':
//Assign user in a group
$USR_UID = $_POST['USR_UID'];
$gUIDs = explode(',', $_POST['GRP_UID']);
G::LoadClass('groups');
@@ -313,6 +208,7 @@ try {
}
break;
case 'deleteGroupsToUserMultiple':
//Remove a user from a group
$USR_UID = $_POST['USR_UID'];
$gUIDs = explode(',', $_POST['GRP_UID']);
G::LoadClass('groups');
@@ -322,6 +218,7 @@ try {
}
break;
case 'authSources':
//Get the authentication information
$criteria = $RBAC->getAllAuthSources();
$objects = AuthenticationSourcePeer::doSelectRS($criteria);
$objects->setFetchmode(ResultSet::FETCHMODE_ASSOC);
@@ -336,22 +233,19 @@ try {
}
$started = Array();
$started['AUTH_SOURCE_UID'] = '00000000000000000000000000000000';
//$started['AUTH_SOURCE_NAME'] = 'ProcessMaker';
//$started['AUTH_SOURCE_TYPE'] = 'MYSQL';
$started['AUTH_SOURCE_SHOW'] = 'ProcessMaker (MYSQL)';
$arr[] = $started;
while ($objects->next()) {
$row = $objects->getRow();
$aux = Array();
$aux['AUTH_SOURCE_UID'] = $row['AUTH_SOURCE_UID'];
//$aux['AUTH_SOURCE_NAME'] = $row['AUTH_SOURCE_NAME'];
//$aux['AUTH_SOURCE_TYPE'] = $row['AUTH_SOURCE_TYPE'];
$aux['AUTH_SOURCE_SHOW'] = $row['AUTH_SOURCE_NAME'] . ' (' . $row['AUTH_SOURCE_PROVIDER'] . ')';
$arr[] = $aux;
}
echo '{sources: ' . G::json_encode($arr) . '}';
break;
case 'loadAuthSourceByUID':
//Get the authentication source assignment
require_once 'classes/model/Users.php';
$oCriteria = $RBAC->load($_POST['uUID']);
$UID_AUTH = $oCriteria['UID_AUTH_SOURCE'];
@@ -373,6 +267,7 @@ try {
echo G::json_encode($res);
break;
case 'updateAuthServices':
//Update the information related to user's autentication
$aData = $RBAC->load($_POST['usr_uid']);
unset($aData['USR_ROLE']);
$auth_uid = $_POST['auth_source'];
@@ -393,127 +288,31 @@ try {
$aData['USR_AUTH_USER_DN'] = $auth_dn;
}
$RBAC->updateUser($aData);
G::auditLog("AssignAuthenticationSource", "User Name: ".$aData['USR_USERNAME'].' User ID: ('.$aData['USR_UID'].') assign to '.$aData['USR_AUTH_TYPE']);
G::auditLog(
"AssignAuthenticationSource",
"User Name: ".$aData['USR_USERNAME'].' User ID: ('.$aData['USR_UID'].') assign to '.$aData['USR_AUTH_TYPE']
);
echo '{success: true}';
break;
case 'usersList':
require_once 'classes/model/Users.php';
require_once 'classes/model/LoginLog.php';
require_once 'classes/model/Department.php';
require_once 'classes/model/AppCacheView.php';
require_once PATH_RBAC . 'model/Roles.php';
global $RBAC;
//Get the list of users
//Read the configurations related to enviroments
G::LoadClass('configuration');
$co = new Configurations();
$config = $co->getConfiguration('usersList', 'pageSize', '', $_SESSION['USER_LOGGED']);
$limit_size = isset($config['pageSize']) ? $config['pageSize'] : 20;
$start = isset($_REQUEST['start']) ? $_REQUEST['start'] : 0;
$limit = isset($_REQUEST['limit']) ? $_REQUEST['limit'] : $limit_size;
$start = isset($_REQUEST['start']) ? $_REQUEST['start'] : 0;
$filter = isset($_REQUEST['textFilter']) ? $_REQUEST['textFilter'] : '';
$auths = isset($_REQUEST['auths']) ? $_REQUEST['auths'] : '';
$authSource = isset($_REQUEST['auths']) ? $_REQUEST['auths'] : '';
$sort = isset($_REQUEST['sort']) ? $_REQUEST['sort'] : '';
$dir = isset($_REQUEST['dir']) ? $_REQUEST['dir'] : 'ASC';
$aUsers = Array();
if ($auths != '') {
$aUsers = $RBAC->getListUsersByAuthSource($auths);
}
$oCriteria = new Criteria('workflow');
$oCriteria->addSelectColumn('COUNT(*) AS CNT');
if ($filter != '') {
$cc = $oCriteria->getNewCriterion(UsersPeer::USR_USERNAME, '%' . $filter . '%', Criteria::LIKE)->addOr($oCriteria->getNewCriterion(UsersPeer::USR_FIRSTNAME, '%' . $filter . '%', Criteria::LIKE)->addOr($oCriteria->getNewCriterion(UsersPeer::USR_LASTNAME, '%' . $filter . '%', Criteria::LIKE)->addOr($oCriteria->getNewCriterion(UsersPeer::USR_EMAIL, '%' . $filter . '%', Criteria::LIKE))));
$oCriteria->add($cc);
}
$oCriteria->add(UsersPeer::USR_STATUS, array('CLOSED'), Criteria::NOT_IN);
if ($auths != '') {
$totalRows = sizeof($aUsers);
} else {
$oDataset = UsersPeer::DoSelectRs($oCriteria);
$oDataset->setFetchmode(ResultSet::FETCHMODE_ASSOC);
$oDataset->next();
$row = $oDataset->getRow();
$totalRows = $row['CNT'];
}
$oCriteria->clearSelectColumns();
$oCriteria->addSelectColumn(UsersPeer::USR_UID);
$oCriteria->addSelectColumn(UsersPeer::USR_USERNAME);
$oCriteria->addSelectColumn(UsersPeer::USR_FIRSTNAME);
$oCriteria->addSelectColumn(UsersPeer::USR_LASTNAME);
$oCriteria->addSelectColumn(UsersPeer::USR_EMAIL);
$oCriteria->addSelectColumn(UsersPeer::USR_ROLE);
$oCriteria->addSelectColumn(UsersPeer::USR_DUE_DATE);
$oCriteria->addSelectColumn(UsersPeer::USR_STATUS);
$oCriteria->addSelectColumn(UsersPeer::USR_UX);
$oCriteria->addSelectColumn(UsersPeer::DEP_UID);
$oCriteria->addSelectColumn(UsersPeer::USR_LAST_LOGIN);
$oCriteria->addAsColumn('LAST_LOGIN', 0);
$oCriteria->addAsColumn('DEP_TITLE', 0);
$oCriteria->addAsColumn('TOTAL_CASES', 0);
$oCriteria->addAsColumn('DUE_DATE_OK', 1);
$sep = "'";
$oCriteria->add(UsersPeer::USR_STATUS, array('CLOSED'), Criteria::NOT_IN);
if ($filter != '') {
$cc = $oCriteria->getNewCriterion(UsersPeer::USR_USERNAME, '%' . $filter . '%', Criteria::LIKE)->addOr($oCriteria->getNewCriterion(UsersPeer::USR_FIRSTNAME, '%' . $filter . '%', Criteria::LIKE)->addOr($oCriteria->getNewCriterion(UsersPeer::USR_LASTNAME, '%' . $filter . '%', Criteria::LIKE)->addOr($oCriteria->getNewCriterion(UsersPeer::USR_EMAIL, '%' . $filter . '%', Criteria::LIKE))));
$oCriteria->add($cc);
}
if (sizeof($aUsers) > 0) {
$oCriteria->add(UsersPeer::USR_UID, $aUsers, Criteria::IN);
} elseif ($totalRows == 0 && $auths != '') {
$oCriteria->add(UsersPeer::USR_UID, '', Criteria::IN);
}
if ($sort != '') {
if ($dir == 'ASC') {
$oCriteria->addAscendingOrderByColumn($sort);
} else {
$oCriteria->addDescendingOrderByColumn($sort);
}
}
$oCriteria->setOffset($start);
$oCriteria->setLimit($limit);
$oDataset = UsersPeer::DoSelectRs($oCriteria);
$oDataset->setFetchmode(ResultSet::FETCHMODE_ASSOC);
$Department = new Department();
$aDepart = $Department->getAllDepartmentsByUser();
$aAuthSources = $RBAC->getAllAuthSourcesByUser();
require_once PATH_CONTROLLERS . 'adminProxy.php';
$uxList = adminProxy::getUxTypesList();
$oRoles = new Roles();
$oParticipated = new ListParticipatedLast();
$oAppCache = new AppCacheView();
$rows = Array();
$uRole = Array();
while ($oDataset->next()) {
$row = $oDataset->getRow();
try {
$uRole = $oRoles->loadByCode($row['USR_ROLE']);
} catch (exception $oError) {
$uRole['ROL_NAME'] = G::loadTranslation('ID_DELETED');
}
/*----------------------------------********---------------------------------*/
if (true) {
$total = $oParticipated->getCountList($row['USR_UID']);
} else {
/*----------------------------------********---------------------------------*/
$total = $oAppCache->getListCounters('sent', $row['USR_UID'], false);
/*----------------------------------********---------------------------------*/
}
/*----------------------------------********---------------------------------*/
$row['USR_ROLE_ID'] = $row['USR_ROLE'];
$row['USR_ROLE'] = isset($uRole['ROL_NAME']) ? ($uRole['ROL_NAME'] != '' ? $uRole['ROL_NAME'] : $uRole['ROL_CODE']) : $uRole['ROL_CODE'];
$row['DUE_DATE_OK'] = (date('Y-m-d') > date('Y-m-d', strtotime($row['USR_DUE_DATE']))) ? 0 : 1;
$row['LAST_LOGIN'] = isset($row['USR_LAST_LOGIN']) ? \ProcessMaker\Util\DateTime::convertUtcToTimeZone($row['USR_LAST_LOGIN']) : '';
$row['TOTAL_CASES'] = $total;
$row['DEP_TITLE'] = isset($aDepart[$row['USR_UID']]) ? $aDepart[$row['USR_UID']] : '';
$row['USR_UX'] = isset($uxList[$row['USR_UX']]) ? $uxList[$row['USR_UX']] : $uxList['NORMAL'];
$row['USR_AUTH_SOURCE'] = isset($aAuthSources[$row['USR_UID']]) ? $aAuthSources[$row['USR_UID']] : 'ProcessMaker (MYSQL)';
$rows[] = $row;
}
echo '{users: ' . G::json_encode($rows) . ', total_users: ' . $totalRows . '}';
//Get all list of users with the additional information related to department, role, authentication, cases
$oUser = new \ProcessMaker\BusinessModel\User();
$oDatasetUsers = $oUser->getAllUsersWithAuthSource($authSource, $filter, $sort, $start, $limit, $dir);
$rows = $oUser->getAdditionalInfoFromUsers($oDatasetUsers);
echo '{users: ' . G::json_encode($rows['data']) . ', total_users: ' . $rows['totalCount'] . '}';
break;
case 'updatePageSize':
G::LoadClass('configuration');
@@ -527,6 +326,7 @@ try {
echo '{success: true}';
break;
case 'summaryUserData':
//Get all information for the summary
require_once 'classes/model/Users.php';
require_once 'classes/model/Department.php';
require_once 'classes/model/AppCacheView.php';
@@ -568,25 +368,16 @@ try {
break;
case "verifyIfUserAssignedAsSupervisor":
//Before delete we check if is supervisor
$supervisor = new \ProcessMaker\BusinessModel\ProcessSupervisor();
$isSupervisor = $supervisor->isUserSupervisor($_POST["supervisorUserUid"]);
$supervisorUserUid = $_POST["supervisorUserUid"];
$message = "OK";
$criteria = new Criteria("workflow");
$criteria->addSelectColumn(ProcessUserPeer::PU_UID);
$criteria->add(ProcessUserPeer::USR_UID, $supervisorUserUid, Criteria::EQUAL);
$criteria->add(ProcessUserPeer::PU_TYPE, "SUPERVISOR", Criteria::EQUAL);
$rsCriteria = ProcessUserPeer::doSelectRS($criteria);
$rsCriteria->setFetchmode(ResultSet::FETCHMODE_ASSOC);
if ($rsCriteria->next()) {
$message = "ERROR";
$message = 'OK';
if ($isSupervisor) {
$message = 'ERROR';
}
$response = array();
$response["result"] = $message;
echo G::json_encode($response);
break;
}

33
workflow/engine/src/ProcessMaker/BusinessModel/ProcessSupervisor.php
View File

@@ -1461,4 +1461,37 @@ class ProcessSupervisor
throw $e;
}
}
/**
* Check if the user is supervisor for some process
*
* @param string $userUid Unique id of User
*
* @return bool Return
*/
public function isUserSupervisor($userUid)
{
//Check if the user is defined as supervisor
$criteria = new \Criteria('workflow');
$criteria->add(\ProcessUserPeer::USR_UID, $userUid, \Criteria::EQUAL);
$criteria->add(\ProcessUserPeer::PU_TYPE, 'SUPERVISOR', \Criteria::EQUAL);
$rsCriteria = \ProcessUserPeer::doSelectRS($criteria);
$rsCriteria->setFetchmode(\ResultSet::FETCHMODE_ASSOC);
if ($rsCriteria->next()) {
return true;
}
//Check if the user is in a group defined as supervisor
$criteria = new \Criteria('workflow');
$criteria->addSelectColumn(\ProcessUserPeer::USR_UID);
$criteria->addJoin(\ProcessUserPeer::USR_UID, \GroupUserPeer::GRP_UID, \Criteria::LEFT_JOIN);
$criteria->add(\ProcessUserPeer::PU_TYPE, 'GROUP_SUPERVISOR', \Criteria::EQUAL);
$criteria->add(\GroupUserPeer::USR_UID, $userUid, \Criteria::EQUAL);
$rsCriteria = \ProcessUserPeer::doSelectRS($criteria);
$rsCriteria->setFetchmode(\ResultSet::FETCHMODE_ASSOC);
if ($rsCriteria->next()) {
return true;
}
return false;
}
}

158
workflow/engine/src/ProcessMaker/BusinessModel/User.php
View File

@@ -1540,5 +1540,163 @@ class User
throw $e;
}
}
/**
* This function get the list of users
*
* @param string $authSource, authentication source
* @param string $filter
* @param string $sort
* @param integer $start
* @param integer $limit
* @param string $dir related to order the column
*
* @return void
*/
public function getAllUsersWithAuthSource(
$authSource = '',
$filter = '',
$sort = '',
$start = 0,
$limit = 20,
$dir = 'ASC'
)
{
global $RBAC;
$aUsers = array();
if ($authSource != '') {
$aUsers = $RBAC->getListUsersByAuthSource($authSource);
}
$oCriteria = new \Criteria('workflow');
$oCriteria->addSelectColumn('COUNT(*) AS CNT');
if ($filter != '') {
$cc = $oCriteria->getNewCriterion(\UsersPeer::USR_USERNAME, '%' . $filter . '%', \Criteria::LIKE)
->addOr($oCriteria->getNewCriterion(\UsersPeer::USR_FIRSTNAME, '%' . $filter . '%', \Criteria::LIKE)
->addOr($oCriteria->getNewCriterion(\UsersPeer::USR_LASTNAME, '%' . $filter . '%', \Criteria::LIKE)
->addOr($oCriteria->getNewCriterion(\UsersPeer::USR_EMAIL, '%' . $filter . '%', \Criteria::LIKE))));
$oCriteria->add($cc);
}
$oCriteria->add(\UsersPeer::USR_STATUS, array('CLOSED'), \Criteria::NOT_IN);
if ($authSource != '') {
$totalRows = sizeof($aUsers);
} else {
$oDataset = \UsersPeer::DoSelectRs($oCriteria);
$oDataset->setFetchmode(\ResultSet::FETCHMODE_ASSOC);
$oDataset->next();
$row = $oDataset->getRow();
$totalRows = $row['CNT'];
}
$oCriteria->clearSelectColumns();
$oCriteria->addSelectColumn(\UsersPeer::USR_UID);
$oCriteria->addSelectColumn(\UsersPeer::USR_USERNAME);
$oCriteria->addSelectColumn(\UsersPeer::USR_FIRSTNAME);
$oCriteria->addSelectColumn(\UsersPeer::USR_LASTNAME);
$oCriteria->addSelectColumn(\UsersPeer::USR_EMAIL);
$oCriteria->addSelectColumn(\UsersPeer::USR_ROLE);
$oCriteria->addSelectColumn(\UsersPeer::USR_DUE_DATE);
$oCriteria->addSelectColumn(\UsersPeer::USR_STATUS);
$oCriteria->addSelectColumn(\UsersPeer::USR_UX);
$oCriteria->addSelectColumn(\UsersPeer::DEP_UID);
$oCriteria->addSelectColumn(\UsersPeer::USR_LAST_LOGIN);
$oCriteria->addAsColumn('LAST_LOGIN', 0);
$oCriteria->addAsColumn('DEP_TITLE', 0);
$oCriteria->addAsColumn('TOTAL_CASES', 0);
$oCriteria->addAsColumn('DUE_DATE_OK', 1);
$sep = "'";
$oCriteria->add(\UsersPeer::USR_STATUS, array('CLOSED'), \Criteria::NOT_IN);
if ($filter != '') {
$cc = $oCriteria->getNewCriterion(\UsersPeer::USR_USERNAME, '%' . $filter . '%', \Criteria::LIKE)
->addOr($oCriteria->getNewCriterion(\UsersPeer::USR_FIRSTNAME, '%' . $filter . '%', \Criteria::LIKE)
->addOr($oCriteria->getNewCriterion(\UsersPeer::USR_LASTNAME, '%' . $filter . '%', \Criteria::LIKE)
->addOr($oCriteria->getNewCriterion(\UsersPeer::USR_EMAIL, '%' . $filter . '%', \Criteria::LIKE))));
$oCriteria->add($cc);
}
if (sizeof($aUsers) > 0) {
$oCriteria->add(\UsersPeer::USR_UID, $aUsers, \Criteria::IN);
} elseif ($totalRows == 0 && $authSource != '') {
$oCriteria->add(\UsersPeer::USR_UID, '', \Criteria::IN);
}
if ($sort != '') {
if ($dir == 'ASC') {
$oCriteria->addAscendingOrderByColumn($sort);
} else {
$oCriteria->addDescendingOrderByColumn($sort);
}
}
$oCriteria->setOffset($start);
$oCriteria->setLimit($limit);
$oDataset = \UsersPeer::DoSelectRs($oCriteria);
$oDataset->setFetchmode(\ResultSet::FETCHMODE_ASSOC);
return $oDataset;
}
/**
* This function get additional information related to the user
* Information about the department, rol, cases, authentication
*
* @param criteria $oDatasetUsers, criteria for search users
*
* @return array $dataUsers array of users with the additional information
*/
public function getAdditionalInfoFromUsers($oDatasetUsers)
{
global $RBAC;
//Get the information about the department
$Department = new \Department();
$aDepart = $Department->getAllDepartmentsByUser();
//Get the authentication sources
$aAuthSources = $RBAC->getAllAuthSourcesByUser();
//Get roles
$oRoles = new \Roles();
//Get cases
$oParticipated = new \ListParticipatedLast();
$oAppCache = new \AppCacheView();
$rows = array();
$uRole = array();
$totalRows = 0;
$dataUsers = array();
while ($oDatasetUsers->next()) {
$totalRows++;
$row = $oDatasetUsers->getRow();
//Add the role information related to the user
try {
$uRole = $oRoles->loadByCode($row['USR_ROLE']);
} catch (\exception $oError) {
$uRole['ROL_NAME'] = G::loadTranslation('ID_DELETED');
}
$row['USR_ROLE_ID'] = $row['USR_ROLE'];
$row['USR_ROLE'] = isset($uRole['ROL_NAME']) ? ($uRole['ROL_NAME'] != '' ? $uRole['ROL_NAME'] : $uRole['ROL_CODE']) : $uRole['ROL_CODE'];
/*----------------------------------********---------------------------------*/
if (true) {
$total = $oParticipated->getCountList($row['USR_UID']);
} else {
/*----------------------------------********---------------------------------*/
$total = $oAppCache->getListCounters('sent', $row['USR_UID'], false);
/*----------------------------------********---------------------------------*/
}
/*----------------------------------********---------------------------------*/
$row['TOTAL_CASES'] = $total;
$row['DUE_DATE_OK'] = (date('Y-m-d') > date('Y-m-d', strtotime($row['USR_DUE_DATE']))) ? 0 : 1;
$row['LAST_LOGIN'] = isset($row['USR_LAST_LOGIN']) ? \ProcessMaker\Util\DateTime::convertUtcToTimeZone($row['USR_LAST_LOGIN']) : '';
//Add the department information related to the user
$row['DEP_TITLE'] = isset($aDepart[$row['USR_UID']]) ? $aDepart[$row['USR_UID']] : '';
//Add the authentication information related to the user
$row['USR_AUTH_SOURCE'] = isset($aAuthSources[$row['USR_UID']]) ? $aAuthSources[$row['USR_UID']] : 'ProcessMaker (MYSQL)';
$rows[] = $row;
}
$dataUsers['data'] = $rows;
$dataUsers['totalCount'] = $totalRows;
return $dataUsers;
}
}