diff --git a/gulliver/system/class.rbac.php b/gulliver/system/class.rbac.php
index 257539841..381698f5f 100644
--- a/gulliver/system/class.rbac.php
+++ b/gulliver/system/class.rbac.php
@@ -70,9 +70,33 @@ class RBAC
public $singleSignOn = false;
private static $instance = null;
+ public $authorizedActions = array();
public function __construct ()
{
+ $this->authorizedActions = array(
+ 'users_Ajax.php' => array(
+ 'availableUsers' => array('PM_FACTORY'),
+ 'assign' => array('PM_FACTORY'),
+ 'changeView' => array(),
+ 'ofToAssign' => array('PM_FACTORY'),
+ 'usersGroup' => array('PM_FACTORY'),
+ 'canDeleteUser' => array('PM_USERS'),
+ 'deleteUser' => array('PM_USERS'),
+ 'changeUserStatus' => array('PM_USERS'),
+ 'availableGroups' => array('PM_USERS'),
+ 'assignedGroups' => array('PM_USERS'),
+ 'assignGroupsToUserMultiple' => array('PM_USERS'),
+ 'deleteGroupsToUserMultiple' => array('PM_USERS'),
+ 'authSources' => array('PM_USERS'),
+ 'loadAuthSourceByUID' => array('PM_USERS'),
+ 'updateAuthServices' => array('PM_USERS'),
+ 'usersList' => array('PM_USERS'),
+ 'updatePageSize' => array(),
+ 'summaryUserData' => array('PM_USERS'),
+ 'verifyIfUserAssignedAsSupervisor' => array('PM_USERS'),
+ )
+ );
}
/**
@@ -1443,5 +1467,36 @@ class RBAC
}
}
}
+ /**
+ * This function verify if the user allows to the file with a specific action
+ * If the action is not defined in the authorizedActions we give the allow
+ * @param string $file
+ * @param string $action
+ *
+ * @return void
+ */
+ public function allows($file, $action)
+ {
+ $access = false;
+ if (isset($this->authorizedActions[$file][$action])) {
+ $permissions = $this->authorizedActions[$file][$action];
+ $totalPermissions = count($permissions);
+ $countAccess = 0;
+ foreach ($permissions as $key => $value) {
+ if ($this->userCanAccess($value) == 1) {
+ $countAccess++;
+ }
+ }
+ //Check if the user has all permissions that needed
+ if ($countAccess == $totalPermissions) {
+ $access = true;
+ }
+ }
+
+ if (!$access) {
+ G::header('Location: /errors/error403.php');
+ die();
+ }
+ }
}
diff --git a/workflow/engine/classes/model/ObjectPermission.php b/workflow/engine/classes/model/ObjectPermission.php
index 1319e6456..b483918db 100644
--- a/workflow/engine/classes/model/ObjectPermission.php
+++ b/workflow/engine/classes/model/ObjectPermission.php
@@ -409,5 +409,39 @@ class ObjectPermission extends BaseObjectPermission
}
return $result;
}
+
+ /**
+ * Verify if the user has a objectPermission for some process
+ *
+ * @param string $usrUid the uid of the user
+ * @param int $typeRelation
+ *
+ * @return array
+ */
+ public function objectPermissionPerUser($usrUid, $typeRelation = 1)
+ {
+ $criteria = new Criteria("workflow");
+ $criteria->addSelectColumn(ObjectPermissionPeer::USR_UID);
+ $criteria->addSelectColumn(ObjectPermissionPeer::PRO_UID);
+ $criteria->add(ObjectPermissionPeer::OP_USER_RELATION, $typeRelation, Criteria::EQUAL);
+ $criteria->add(ObjectPermissionPeer::USR_UID, $usrUid, Criteria::EQUAL);
+ $doSelectRS = ObjectPermissionPeer::doSelectRS($criteria);
+ $doSelectRS->setFetchmode(ResultSet::FETCHMODE_ASSOC);
+ $doSelectRS->next();
+ $objectPermision = $doSelectRS->getRow();
+ $data = array();
+ if (isset($objectPermision["USR_UID"])) {
+ $criteria = new Criteria("workflow");
+ $criteria->addSelectColumn(ProcessPeer::PRO_TITLE);
+ $criteria->add(ProcessPeer::PRO_UID, $objectPermision["PRO_UID"], Criteria::EQUAL);
+ $doSelectRS = ProcessPeer::doSelectRS($criteria);
+ $doSelectRS->setFetchmode(ResultSet::FETCHMODE_ASSOC);
+ $doSelectRS->next();
+ $content = $doSelectRS->getRow();
+ $data['PRO_TITLE'] = $content["PRO_TITLE"];
+ $data['PRO_UID'] = $objectPermision["PRO_UID"];
+ }
+ return $data;
+ }
}
diff --git a/workflow/engine/methods/users/users_Ajax.php b/workflow/engine/methods/users/users_Ajax.php
index 5052db1cb..cad63cff6 100644
--- a/workflow/engine/methods/users/users_Ajax.php
+++ b/workflow/engine/methods/users/users_Ajax.php
@@ -1,34 +1,6 @@
.
- *
- * For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
- * Coral Gables, FL, 33134, USA, or email info@colosa.com.
- */
try {
- G::LoadSystem('inputfilter');
- $filter = new InputFilter();
- $_GET = $filter->xssFilterHard($_GET);
- $_POST = $filter->xssFilterHard($_POST);
- $_REQUEST = $filter->xssFilterHard($_REQUEST);
-
global $RBAC;
switch ($RBAC->userCanAccess('PM_LOGIN')) {
case - 2:
@@ -47,38 +19,15 @@ try {
$_POST = $_POST['form'];
}
if (isset($_REQUEST['function'])) {
- //$value= $_POST['function'];
$value = get_ajax_value('function');
} else {
- //$value= $_POST['functions'];
$value = get_ajax_value('functions');
}
+
+ $RBAC->allows(basename(__FILE__), $value);
switch ($value) {
- case 'verifyUsername':
- //print_r($_POST); die;
- $_POST['sOriginalUsername'] = get_ajax_value('sOriginalUsername');
- $_POST['sUsername'] = get_ajax_value('sUsername');
- if ($_POST['sOriginalUsername'] == $_POST['sUsername']) {
- echo '0';
- } else {
- require_once 'classes/model/Users.php';
- G::LoadClass('Users');
- $oUser = new Users();
- $oCriteria = $oUser->loadByUsername($_POST['sUsername']);
- $oDataset = UsersPeer::doSelectRs($oCriteria, Propel::getDbConnection('workflow_ro'));
- $oDataset->setFetchmode(ResultSet::FETCHMODE_ASSOC);
- $oDataset->next();
- $aRow = $oDataset->getRow();
- //print_r($aRow); die;
- //if (!$aRow)
- if (!is_array($aRow)) {
- echo '0';
- } else {
- echo '1';
- }
- }
- break;
case 'availableUsers':
+ //Classic process: list of users to assign in the task
G::LoadClass('processMap');
$oProcessMap = new ProcessMap();
global $G_PUBLISH;
@@ -87,6 +36,7 @@ try {
G::RenderPage('publish', 'raw');
break;
case 'assign':
+ //Classic process: assign users and groups in the task
G::LoadClass('tasks');
$oTasks = new Tasks();
switch ((int) $_POST['TU_RELATION']) {
@@ -103,6 +53,7 @@ try {
}
break;
case 'ofToAssign':
+ //Classic process: remove users and groups related a task
G::LoadClass('tasks');
$oTasks = new Tasks();
switch ((int) $_POST['TU_RELATION']) {
@@ -117,36 +68,11 @@ try {
}
break;
case 'changeView':
+ //Classic process: set variable for users and groups Ad hoc
$_SESSION['iType'] = $_POST['TU_TYPE'];
break;
- case 'deleteGroup':
- G::LoadClass('groups');
- $oGroup = new Groups();
- $oGroup->removeUserOfGroup($_POST['GRP_UID'], $_POST['USR_UID']);
- $_GET['sUserUID'] = $_POST['USR_UID'];
- $G_PUBLISH = new Publisher();
- $G_PUBLISH->AddContent('view', 'users/users_Tree');
- G::RenderPage('publish', 'raw');
- break;
- case 'showUserGroupInterface':
- $_GET['sUserUID'] = $_POST['sUserUID'];
- $G_PUBLISH = new Publisher();
- $G_PUBLISH->AddContent('view', 'users/users_AssignGroup');
- G::RenderPage('publish', 'raw');
- break;
- case 'showUserGroups':
- $_GET['sUserUID'] = $_POST['sUserUID'];
- $G_PUBLISH = new Publisher();
- $G_PUBLISH->AddContent('view', 'users/users_Tree');
- G::RenderPage('publish', 'raw');
- break;
- case 'assignUserToGroup':
- G::LoadClass('groups');
- $oGroup = new Groups();
- $oGroup->addUserToGroup($_POST['GRP_UID'], $_POST['USR_UID']);
- echo '' . G::LoadTranslation('ID_MSG_ASSIGN_DONE') . '
';
- break;
case 'usersGroup':
+ //Classic process: list of users in a group related a task
G::LoadClass('groups');
$oGroup = new Groups();
$aGroup = $oGroup->getUsersOfGroup($_POST['GRP_UID']);
@@ -154,29 +80,8 @@ try {
echo $aValues['USR_FIRSTNAME'] . ' ' . $aValues['USR_LASTNAME'] . '
';
}
break;
-
- //This case is used to check if any of the user group has as role 'PROCESSMAKER_ADMIN',
- case 'usersAdminGroupExtJS':
- G::LoadClass('groups');
- $oGroup = new Groups();
- $aGroup = $oGroup->getUsersOfGroup($_POST['GRP_UID']);
- $responseUser = 'false';
- $usersAdmin = '';
- foreach ($aGroup as $iIndex => $aValues) {
- if ($aValues['USR_ROLE'] == 'PROCESSMAKER_ADMIN') {
- $responseUser = 'true';
- $usersAdmin .= $aValues['USR_FIRSTNAME'] . ' ' . $aValues['USR_LASTNAME'] . ', ';
- }
- }
- $usersAdmin = substr($usersAdmin, 0, - 2);
-
- $result = new stdClass();
- $result->reponse = $responseUser;
- $result->users = $usersAdmin;
-
- echo G::json_encode($result);
- break;
case 'canDeleteUser':
+ //Check before delete a user
G::LoadClass('case');
$oProcessMap = new Cases();
$USR_UID = $_POST['uUID'];
@@ -198,44 +103,31 @@ try {
echo $response;
break;
case 'deleteUser':
- $UID = $_POST['USR_UID'];
-
- //process permissions
- $criteria = new Criteria("workflow");
- $criteria->addSelectColumn(ObjectPermissionPeer::USR_UID);
- $criteria->addSelectColumn(ObjectPermissionPeer::PRO_UID);
- $criteria->add(ObjectPermissionPeer::OP_USER_RELATION, 1, Criteria::EQUAL);
- $criteria->add(ObjectPermissionPeer::USR_UID, $UID, Criteria::EQUAL);
- $doSelectRS = DynaformPeer::doSelectRS($criteria);
- $doSelectRS->setFetchmode(ResultSet::FETCHMODE_ASSOC);
- $doSelectRS->next();
- $objectPermision = $doSelectRS->getRow();
- if (isset($objectPermision["USR_UID"])) {
- $criteria = new Criteria("workflow");
- $criteria->addSelectColumn(ProcessPeer::PRO_TITLE);
- $criteria->add(ProcessPeer::PRO_UID, $objectPermision["PRO_UID"], Criteria::EQUAL);
- $doSelectRS = ProcessPeer::doSelectRS($criteria);
- $doSelectRS->setFetchmode(ResultSet::FETCHMODE_ASSOC);
- $doSelectRS->next();
- $content = $doSelectRS->getRow();
+ //Check if the user was defined in a process permissions
+ $oObjectPermission = new ObjectPermission();
+ $aProcess = $oObjectPermission->objectPermissionPerUser($_POST['USR_UID'], 1);
+ if (count($aProcess) > 0) {
echo G::json_encode(array(
"status" => 'ERROR',
- "message" => G::LoadTranslation('ID_USER_CANT_BE_DELETED_FOR_THE_PROCESS', array('processTitle' => isset($content["PRO_TITLE"]) ? $content["PRO_TITLE"] : $objectPermision['PRO_UID']))
+ "message" => G::LoadTranslation('ID_USER_CANT_BE_DELETED_FOR_THE_PROCESS', array('processTitle' => isset($aProcess["PRO_TITLE"]) ? $aProcess["PRO_TITLE"] : $aProcess['PRO_UID']))
));
break;
}
+ //Remove from tasks
G::LoadClass('tasks');
$oTasks = new Tasks();
$oTasks->ofToAssignUserOfAllTasks($UID);
+
+ //Remove from groups
G::LoadClass('groups');
$oGroups = new Groups();
$oGroups->removeUserOfAllGroups($UID);
- $RBAC->changeUserStatus($UID, 'CLOSED');
- $_GET['USR_USERNAME'] = '';
- $RBAC->updateUser(array('USR_UID' => $UID, 'USR_USERNAME' => $_GET['USR_USERNAME']
- ), '');
+
+ //Update the table Users
require_once 'classes/model/Users.php';
+ $RBAC->changeUserStatus($UID, 'CLOSED');
+ $RBAC->updateUser(array('USR_UID' => $UID,'USR_USERNAME' => ''), '');
$oUser = new Users();
$aFields = $oUser->load($UID);
$aFields['USR_STATUS'] = 'CLOSED';
@@ -252,13 +144,13 @@ try {
//Delete users as supervisor
$criteria = new Criteria("workflow");
-
$criteria->add(ProcessUserPeer::USR_UID, $UID, Criteria::EQUAL);
$criteria->add(ProcessUserPeer::PU_TYPE, "SUPERVISOR", Criteria::EQUAL);
ProcessUserPeer::doDelete($criteria);
G::auditLog("DeleteUser", "User Name: ". $userName." User ID: (".$UID.") ");
break;
case 'changeUserStatus':
+ //When the user change the status: ACTIVE, INACTIVE, VACATION
$response = new stdclass();
if (isset($_REQUEST['USR_UID']) && isset($_REQUEST['NEW_USR_STATUS'])) {
$RBAC->changeUserStatus($_REQUEST['USR_UID'], ($_REQUEST['NEW_USR_STATUS'] == 'ACTIVE' ? 1 : 0));
@@ -278,6 +170,7 @@ try {
die(G::json_encode($response));
break;
case 'availableGroups':
+ //Get the available groups for assign to user
G::LoadClass('groups');
$filter = (isset($_POST['textFilter'])) ? $_POST['textFilter'] : '';
$groups = new Groups();
@@ -291,6 +184,7 @@ try {
echo '{groups: ' . G::json_encode($arr) . '}';
break;
case 'assignedGroups':
+ //Get the groups related to user
G::LoadClass('groups');
$filter = (isset($_POST['textFilter'])) ? $_POST['textFilter'] : '';
$groups = new Groups();
@@ -304,6 +198,7 @@ try {
echo '{groups: ' . G::json_encode($arr) . '}';
break;
case 'assignGroupsToUserMultiple':
+ //Assign user in a group
$USR_UID = $_POST['USR_UID'];
$gUIDs = explode(',', $_POST['GRP_UID']);
G::LoadClass('groups');
@@ -313,6 +208,7 @@ try {
}
break;
case 'deleteGroupsToUserMultiple':
+ //Remove a user from a group
$USR_UID = $_POST['USR_UID'];
$gUIDs = explode(',', $_POST['GRP_UID']);
G::LoadClass('groups');
@@ -322,6 +218,7 @@ try {
}
break;
case 'authSources':
+ //Get the authentication information
$criteria = $RBAC->getAllAuthSources();
$objects = AuthenticationSourcePeer::doSelectRS($criteria);
$objects->setFetchmode(ResultSet::FETCHMODE_ASSOC);
@@ -336,22 +233,19 @@ try {
}
$started = Array();
$started['AUTH_SOURCE_UID'] = '00000000000000000000000000000000';
- //$started['AUTH_SOURCE_NAME'] = 'ProcessMaker';
- //$started['AUTH_SOURCE_TYPE'] = 'MYSQL';
$started['AUTH_SOURCE_SHOW'] = 'ProcessMaker (MYSQL)';
$arr[] = $started;
while ($objects->next()) {
$row = $objects->getRow();
$aux = Array();
$aux['AUTH_SOURCE_UID'] = $row['AUTH_SOURCE_UID'];
- //$aux['AUTH_SOURCE_NAME'] = $row['AUTH_SOURCE_NAME'];
- //$aux['AUTH_SOURCE_TYPE'] = $row['AUTH_SOURCE_TYPE'];
$aux['AUTH_SOURCE_SHOW'] = $row['AUTH_SOURCE_NAME'] . ' (' . $row['AUTH_SOURCE_PROVIDER'] . ')';
$arr[] = $aux;
}
echo '{sources: ' . G::json_encode($arr) . '}';
break;
case 'loadAuthSourceByUID':
+ //Get the authentication source assignment
require_once 'classes/model/Users.php';
$oCriteria = $RBAC->load($_POST['uUID']);
$UID_AUTH = $oCriteria['UID_AUTH_SOURCE'];
@@ -373,6 +267,7 @@ try {
echo G::json_encode($res);
break;
case 'updateAuthServices':
+ //Update the information related to user's autentication
$aData = $RBAC->load($_POST['usr_uid']);
unset($aData['USR_ROLE']);
$auth_uid = $_POST['auth_source'];
@@ -393,127 +288,31 @@ try {
$aData['USR_AUTH_USER_DN'] = $auth_dn;
}
$RBAC->updateUser($aData);
- G::auditLog("AssignAuthenticationSource", "User Name: ".$aData['USR_USERNAME'].' User ID: ('.$aData['USR_UID'].') assign to '.$aData['USR_AUTH_TYPE']);
+ G::auditLog(
+ "AssignAuthenticationSource",
+ "User Name: ".$aData['USR_USERNAME'].' User ID: ('.$aData['USR_UID'].') assign to '.$aData['USR_AUTH_TYPE']
+ );
echo '{success: true}';
break;
case 'usersList':
- require_once 'classes/model/Users.php';
- require_once 'classes/model/LoginLog.php';
- require_once 'classes/model/Department.php';
- require_once 'classes/model/AppCacheView.php';
- require_once PATH_RBAC . 'model/Roles.php';
- global $RBAC;
+ //Get the list of users
+ //Read the configurations related to enviroments
G::LoadClass('configuration');
$co = new Configurations();
$config = $co->getConfiguration('usersList', 'pageSize', '', $_SESSION['USER_LOGGED']);
$limit_size = isset($config['pageSize']) ? $config['pageSize'] : 20;
- $start = isset($_REQUEST['start']) ? $_REQUEST['start'] : 0;
$limit = isset($_REQUEST['limit']) ? $_REQUEST['limit'] : $limit_size;
+ $start = isset($_REQUEST['start']) ? $_REQUEST['start'] : 0;
$filter = isset($_REQUEST['textFilter']) ? $_REQUEST['textFilter'] : '';
- $auths = isset($_REQUEST['auths']) ? $_REQUEST['auths'] : '';
+ $authSource = isset($_REQUEST['auths']) ? $_REQUEST['auths'] : '';
$sort = isset($_REQUEST['sort']) ? $_REQUEST['sort'] : '';
$dir = isset($_REQUEST['dir']) ? $_REQUEST['dir'] : 'ASC';
- $aUsers = Array();
- if ($auths != '') {
- $aUsers = $RBAC->getListUsersByAuthSource($auths);
- }
- $oCriteria = new Criteria('workflow');
- $oCriteria->addSelectColumn('COUNT(*) AS CNT');
- if ($filter != '') {
- $cc = $oCriteria->getNewCriterion(UsersPeer::USR_USERNAME, '%' . $filter . '%', Criteria::LIKE)->addOr($oCriteria->getNewCriterion(UsersPeer::USR_FIRSTNAME, '%' . $filter . '%', Criteria::LIKE)->addOr($oCriteria->getNewCriterion(UsersPeer::USR_LASTNAME, '%' . $filter . '%', Criteria::LIKE)->addOr($oCriteria->getNewCriterion(UsersPeer::USR_EMAIL, '%' . $filter . '%', Criteria::LIKE))));
- $oCriteria->add($cc);
- }
- $oCriteria->add(UsersPeer::USR_STATUS, array('CLOSED'), Criteria::NOT_IN);
- if ($auths != '') {
- $totalRows = sizeof($aUsers);
- } else {
- $oDataset = UsersPeer::DoSelectRs($oCriteria);
- $oDataset->setFetchmode(ResultSet::FETCHMODE_ASSOC);
- $oDataset->next();
- $row = $oDataset->getRow();
- $totalRows = $row['CNT'];
- }
- $oCriteria->clearSelectColumns();
- $oCriteria->addSelectColumn(UsersPeer::USR_UID);
- $oCriteria->addSelectColumn(UsersPeer::USR_USERNAME);
- $oCriteria->addSelectColumn(UsersPeer::USR_FIRSTNAME);
- $oCriteria->addSelectColumn(UsersPeer::USR_LASTNAME);
- $oCriteria->addSelectColumn(UsersPeer::USR_EMAIL);
- $oCriteria->addSelectColumn(UsersPeer::USR_ROLE);
- $oCriteria->addSelectColumn(UsersPeer::USR_DUE_DATE);
- $oCriteria->addSelectColumn(UsersPeer::USR_STATUS);
- $oCriteria->addSelectColumn(UsersPeer::USR_UX);
- $oCriteria->addSelectColumn(UsersPeer::DEP_UID);
- $oCriteria->addSelectColumn(UsersPeer::USR_LAST_LOGIN);
- $oCriteria->addAsColumn('LAST_LOGIN', 0);
- $oCriteria->addAsColumn('DEP_TITLE', 0);
- $oCriteria->addAsColumn('TOTAL_CASES', 0);
- $oCriteria->addAsColumn('DUE_DATE_OK', 1);
- $sep = "'";
- $oCriteria->add(UsersPeer::USR_STATUS, array('CLOSED'), Criteria::NOT_IN);
- if ($filter != '') {
- $cc = $oCriteria->getNewCriterion(UsersPeer::USR_USERNAME, '%' . $filter . '%', Criteria::LIKE)->addOr($oCriteria->getNewCriterion(UsersPeer::USR_FIRSTNAME, '%' . $filter . '%', Criteria::LIKE)->addOr($oCriteria->getNewCriterion(UsersPeer::USR_LASTNAME, '%' . $filter . '%', Criteria::LIKE)->addOr($oCriteria->getNewCriterion(UsersPeer::USR_EMAIL, '%' . $filter . '%', Criteria::LIKE))));
- $oCriteria->add($cc);
- }
- if (sizeof($aUsers) > 0) {
- $oCriteria->add(UsersPeer::USR_UID, $aUsers, Criteria::IN);
- } elseif ($totalRows == 0 && $auths != '') {
- $oCriteria->add(UsersPeer::USR_UID, '', Criteria::IN);
- }
- if ($sort != '') {
- if ($dir == 'ASC') {
- $oCriteria->addAscendingOrderByColumn($sort);
- } else {
- $oCriteria->addDescendingOrderByColumn($sort);
- }
- }
- $oCriteria->setOffset($start);
- $oCriteria->setLimit($limit);
- $oDataset = UsersPeer::DoSelectRs($oCriteria);
- $oDataset->setFetchmode(ResultSet::FETCHMODE_ASSOC);
- $Department = new Department();
- $aDepart = $Department->getAllDepartmentsByUser();
- $aAuthSources = $RBAC->getAllAuthSourcesByUser();
- require_once PATH_CONTROLLERS . 'adminProxy.php';
- $uxList = adminProxy::getUxTypesList();
-
- $oRoles = new Roles();
- $oParticipated = new ListParticipatedLast();
- $oAppCache = new AppCacheView();
- $rows = Array();
- $uRole = Array();
- while ($oDataset->next()) {
- $row = $oDataset->getRow();
-
- try {
- $uRole = $oRoles->loadByCode($row['USR_ROLE']);
- } catch (exception $oError) {
- $uRole['ROL_NAME'] = G::loadTranslation('ID_DELETED');
- }
- /*----------------------------------********---------------------------------*/
- if (true) {
- $total = $oParticipated->getCountList($row['USR_UID']);
- } else {
- /*----------------------------------********---------------------------------*/
- $total = $oAppCache->getListCounters('sent', $row['USR_UID'], false);
- /*----------------------------------********---------------------------------*/
- }
- /*----------------------------------********---------------------------------*/
- $row['USR_ROLE_ID'] = $row['USR_ROLE'];
- $row['USR_ROLE'] = isset($uRole['ROL_NAME']) ? ($uRole['ROL_NAME'] != '' ? $uRole['ROL_NAME'] : $uRole['ROL_CODE']) : $uRole['ROL_CODE'];
-
- $row['DUE_DATE_OK'] = (date('Y-m-d') > date('Y-m-d', strtotime($row['USR_DUE_DATE']))) ? 0 : 1;
- $row['LAST_LOGIN'] = isset($row['USR_LAST_LOGIN']) ? \ProcessMaker\Util\DateTime::convertUtcToTimeZone($row['USR_LAST_LOGIN']) : '';
- $row['TOTAL_CASES'] = $total;
- $row['DEP_TITLE'] = isset($aDepart[$row['USR_UID']]) ? $aDepart[$row['USR_UID']] : '';
- $row['USR_UX'] = isset($uxList[$row['USR_UX']]) ? $uxList[$row['USR_UX']] : $uxList['NORMAL'];
- $row['USR_AUTH_SOURCE'] = isset($aAuthSources[$row['USR_UID']]) ? $aAuthSources[$row['USR_UID']] : 'ProcessMaker (MYSQL)';
-
- $rows[] = $row;
- }
-
- echo '{users: ' . G::json_encode($rows) . ', total_users: ' . $totalRows . '}';
+ //Get all list of users with the additional information related to department, role, authentication, cases
+ $oUser = new \ProcessMaker\BusinessModel\User();
+ $oDatasetUsers = $oUser->getAllUsersWithAuthSource($authSource, $filter, $sort, $start, $limit, $dir);
+ $rows = $oUser->getAdditionalInfoFromUsers($oDatasetUsers);
+ echo '{users: ' . G::json_encode($rows['data']) . ', total_users: ' . $rows['totalCount'] . '}';
break;
case 'updatePageSize':
G::LoadClass('configuration');
@@ -527,6 +326,7 @@ try {
echo '{success: true}';
break;
case 'summaryUserData':
+ //Get all information for the summary
require_once 'classes/model/Users.php';
require_once 'classes/model/Department.php';
require_once 'classes/model/AppCacheView.php';
@@ -568,25 +368,16 @@ try {
break;
case "verifyIfUserAssignedAsSupervisor":
+ //Before delete we check if is supervisor
+ $supervisor = new \ProcessMaker\BusinessModel\ProcessSupervisor();
+ $isSupervisor = $supervisor->isUserSupervisor($_POST["supervisorUserUid"]);
$supervisorUserUid = $_POST["supervisorUserUid"];
- $message = "OK";
-
- $criteria = new Criteria("workflow");
-
- $criteria->addSelectColumn(ProcessUserPeer::PU_UID);
- $criteria->add(ProcessUserPeer::USR_UID, $supervisorUserUid, Criteria::EQUAL);
- $criteria->add(ProcessUserPeer::PU_TYPE, "SUPERVISOR", Criteria::EQUAL);
-
- $rsCriteria = ProcessUserPeer::doSelectRS($criteria);
- $rsCriteria->setFetchmode(ResultSet::FETCHMODE_ASSOC);
-
- if ($rsCriteria->next()) {
- $message = "ERROR";
+ $message = 'OK';
+ if ($isSupervisor) {
+ $message = 'ERROR';
}
-
$response = array();
$response["result"] = $message;
-
echo G::json_encode($response);
break;
}
diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/ProcessSupervisor.php b/workflow/engine/src/ProcessMaker/BusinessModel/ProcessSupervisor.php
index 2ed4d6d34..87503f43d 100644
--- a/workflow/engine/src/ProcessMaker/BusinessModel/ProcessSupervisor.php
+++ b/workflow/engine/src/ProcessMaker/BusinessModel/ProcessSupervisor.php
@@ -1461,4 +1461,37 @@ class ProcessSupervisor
throw $e;
}
}
+ /**
+ * Check if the user is supervisor for some process
+ *
+ * @param string $userUid Unique id of User
+ *
+ * @return bool Return
+ */
+ public function isUserSupervisor($userUid)
+ {
+ //Check if the user is defined as supervisor
+ $criteria = new \Criteria('workflow');
+ $criteria->add(\ProcessUserPeer::USR_UID, $userUid, \Criteria::EQUAL);
+ $criteria->add(\ProcessUserPeer::PU_TYPE, 'SUPERVISOR', \Criteria::EQUAL);
+ $rsCriteria = \ProcessUserPeer::doSelectRS($criteria);
+ $rsCriteria->setFetchmode(\ResultSet::FETCHMODE_ASSOC);
+
+ if ($rsCriteria->next()) {
+ return true;
+ }
+ //Check if the user is in a group defined as supervisor
+ $criteria = new \Criteria('workflow');
+ $criteria->addSelectColumn(\ProcessUserPeer::USR_UID);
+ $criteria->addJoin(\ProcessUserPeer::USR_UID, \GroupUserPeer::GRP_UID, \Criteria::LEFT_JOIN);
+ $criteria->add(\ProcessUserPeer::PU_TYPE, 'GROUP_SUPERVISOR', \Criteria::EQUAL);
+ $criteria->add(\GroupUserPeer::USR_UID, $userUid, \Criteria::EQUAL);
+ $rsCriteria = \ProcessUserPeer::doSelectRS($criteria);
+ $rsCriteria->setFetchmode(\ResultSet::FETCHMODE_ASSOC);
+
+ if ($rsCriteria->next()) {
+ return true;
+ }
+ return false;
+ }
}
diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/User.php b/workflow/engine/src/ProcessMaker/BusinessModel/User.php
index 6fdb70486..4122751af 100644
--- a/workflow/engine/src/ProcessMaker/BusinessModel/User.php
+++ b/workflow/engine/src/ProcessMaker/BusinessModel/User.php
@@ -1540,5 +1540,163 @@ class User
throw $e;
}
}
+ /**
+ * This function get the list of users
+ *
+ * @param string $authSource, authentication source
+ * @param string $filter
+ * @param string $sort
+ * @param integer $start
+ * @param integer $limit
+ * @param string $dir related to order the column
+ *
+ * @return void
+ */
+ public function getAllUsersWithAuthSource(
+ $authSource = '',
+ $filter = '',
+ $sort = '',
+ $start = 0,
+ $limit = 20,
+ $dir = 'ASC'
+ )
+ {
+ global $RBAC;
+ $aUsers = array();
+ if ($authSource != '') {
+ $aUsers = $RBAC->getListUsersByAuthSource($authSource);
+ }
+ $oCriteria = new \Criteria('workflow');
+ $oCriteria->addSelectColumn('COUNT(*) AS CNT');
+ if ($filter != '') {
+ $cc = $oCriteria->getNewCriterion(\UsersPeer::USR_USERNAME, '%' . $filter . '%', \Criteria::LIKE)
+ ->addOr($oCriteria->getNewCriterion(\UsersPeer::USR_FIRSTNAME, '%' . $filter . '%', \Criteria::LIKE)
+ ->addOr($oCriteria->getNewCriterion(\UsersPeer::USR_LASTNAME, '%' . $filter . '%', \Criteria::LIKE)
+ ->addOr($oCriteria->getNewCriterion(\UsersPeer::USR_EMAIL, '%' . $filter . '%', \Criteria::LIKE))));
+ $oCriteria->add($cc);
+ }
+ $oCriteria->add(\UsersPeer::USR_STATUS, array('CLOSED'), \Criteria::NOT_IN);
+
+ if ($authSource != '') {
+ $totalRows = sizeof($aUsers);
+ } else {
+ $oDataset = \UsersPeer::DoSelectRs($oCriteria);
+ $oDataset->setFetchmode(\ResultSet::FETCHMODE_ASSOC);
+ $oDataset->next();
+ $row = $oDataset->getRow();
+ $totalRows = $row['CNT'];
+ }
+ $oCriteria->clearSelectColumns();
+ $oCriteria->addSelectColumn(\UsersPeer::USR_UID);
+ $oCriteria->addSelectColumn(\UsersPeer::USR_USERNAME);
+ $oCriteria->addSelectColumn(\UsersPeer::USR_FIRSTNAME);
+ $oCriteria->addSelectColumn(\UsersPeer::USR_LASTNAME);
+ $oCriteria->addSelectColumn(\UsersPeer::USR_EMAIL);
+ $oCriteria->addSelectColumn(\UsersPeer::USR_ROLE);
+ $oCriteria->addSelectColumn(\UsersPeer::USR_DUE_DATE);
+ $oCriteria->addSelectColumn(\UsersPeer::USR_STATUS);
+ $oCriteria->addSelectColumn(\UsersPeer::USR_UX);
+ $oCriteria->addSelectColumn(\UsersPeer::DEP_UID);
+ $oCriteria->addSelectColumn(\UsersPeer::USR_LAST_LOGIN);
+ $oCriteria->addAsColumn('LAST_LOGIN', 0);
+ $oCriteria->addAsColumn('DEP_TITLE', 0);
+ $oCriteria->addAsColumn('TOTAL_CASES', 0);
+ $oCriteria->addAsColumn('DUE_DATE_OK', 1);
+ $sep = "'";
+ $oCriteria->add(\UsersPeer::USR_STATUS, array('CLOSED'), \Criteria::NOT_IN);
+ if ($filter != '') {
+ $cc = $oCriteria->getNewCriterion(\UsersPeer::USR_USERNAME, '%' . $filter . '%', \Criteria::LIKE)
+ ->addOr($oCriteria->getNewCriterion(\UsersPeer::USR_FIRSTNAME, '%' . $filter . '%', \Criteria::LIKE)
+ ->addOr($oCriteria->getNewCriterion(\UsersPeer::USR_LASTNAME, '%' . $filter . '%', \Criteria::LIKE)
+ ->addOr($oCriteria->getNewCriterion(\UsersPeer::USR_EMAIL, '%' . $filter . '%', \Criteria::LIKE))));
+ $oCriteria->add($cc);
+ }
+ if (sizeof($aUsers) > 0) {
+ $oCriteria->add(\UsersPeer::USR_UID, $aUsers, \Criteria::IN);
+ } elseif ($totalRows == 0 && $authSource != '') {
+ $oCriteria->add(\UsersPeer::USR_UID, '', \Criteria::IN);
+ }
+ if ($sort != '') {
+ if ($dir == 'ASC') {
+ $oCriteria->addAscendingOrderByColumn($sort);
+ } else {
+ $oCriteria->addDescendingOrderByColumn($sort);
+ }
+ }
+ $oCriteria->setOffset($start);
+ $oCriteria->setLimit($limit);
+ $oDataset = \UsersPeer::DoSelectRs($oCriteria);
+ $oDataset->setFetchmode(\ResultSet::FETCHMODE_ASSOC);
+
+ return $oDataset;
+ }
+ /**
+ * This function get additional information related to the user
+ * Information about the department, rol, cases, authentication
+ *
+ * @param criteria $oDatasetUsers, criteria for search users
+ *
+ * @return array $dataUsers array of users with the additional information
+ */
+ public function getAdditionalInfoFromUsers($oDatasetUsers)
+ {
+ global $RBAC;
+ //Get the information about the department
+ $Department = new \Department();
+ $aDepart = $Department->getAllDepartmentsByUser();
+
+ //Get the authentication sources
+ $aAuthSources = $RBAC->getAllAuthSourcesByUser();
+
+ //Get roles
+ $oRoles = new \Roles();
+
+ //Get cases
+ $oParticipated = new \ListParticipatedLast();
+ $oAppCache = new \AppCacheView();
+
+ $rows = array();
+ $uRole = array();
+ $totalRows = 0;
+ $dataUsers = array();
+ while ($oDatasetUsers->next()) {
+ $totalRows++;
+ $row = $oDatasetUsers->getRow();
+
+ //Add the role information related to the user
+ try {
+ $uRole = $oRoles->loadByCode($row['USR_ROLE']);
+ } catch (\exception $oError) {
+ $uRole['ROL_NAME'] = G::loadTranslation('ID_DELETED');
+ }
+ $row['USR_ROLE_ID'] = $row['USR_ROLE'];
+ $row['USR_ROLE'] = isset($uRole['ROL_NAME']) ? ($uRole['ROL_NAME'] != '' ? $uRole['ROL_NAME'] : $uRole['ROL_CODE']) : $uRole['ROL_CODE'];
+
+ /*----------------------------------********---------------------------------*/
+ if (true) {
+ $total = $oParticipated->getCountList($row['USR_UID']);
+ } else {
+ /*----------------------------------********---------------------------------*/
+ $total = $oAppCache->getListCounters('sent', $row['USR_UID'], false);
+ /*----------------------------------********---------------------------------*/
+ }
+ /*----------------------------------********---------------------------------*/
+ $row['TOTAL_CASES'] = $total;
+
+ $row['DUE_DATE_OK'] = (date('Y-m-d') > date('Y-m-d', strtotime($row['USR_DUE_DATE']))) ? 0 : 1;
+ $row['LAST_LOGIN'] = isset($row['USR_LAST_LOGIN']) ? \ProcessMaker\Util\DateTime::convertUtcToTimeZone($row['USR_LAST_LOGIN']) : '';
+ //Add the department information related to the user
+ $row['DEP_TITLE'] = isset($aDepart[$row['USR_UID']]) ? $aDepart[$row['USR_UID']] : '';
+ //Add the authentication information related to the user
+ $row['USR_AUTH_SOURCE'] = isset($aAuthSources[$row['USR_UID']]) ? $aAuthSources[$row['USR_UID']] : 'ProcessMaker (MYSQL)';
+
+ $rows[] = $row;
+ }
+ $dataUsers['data'] = $rows;
+ $dataUsers['totalCount'] = $totalRows;
+
+ return $dataUsers;
+ }
+
}