From 2b2d27ff0a892fa4c9af4b8cefaaf07005d820e7 Mon Sep 17 00:00:00 2001 From: Paula Quispe Date: Fri, 19 May 2017 16:31:27 -0400 Subject: [PATCH] HOR-3276 --- gulliver/system/class.rbac.php | 51 +++ .../engine/classes/model/ObjectPermission.php | 34 ++ workflow/engine/methods/users/users_Ajax.php | 305 +++--------------- .../BusinessModel/ProcessSupervisor.php | 33 ++ .../src/ProcessMaker/BusinessModel/User.php | 158 +++++++++ 5 files changed, 324 insertions(+), 257 deletions(-) diff --git a/gulliver/system/class.rbac.php b/gulliver/system/class.rbac.php index 257539841..a9f5719a4 100644 --- a/gulliver/system/class.rbac.php +++ b/gulliver/system/class.rbac.php @@ -70,9 +70,31 @@ class RBAC public $singleSignOn = false; private static $instance = null; + public $authorizedActions = array(); public function __construct () { + $this->authorizedActions = array( + 'users_Ajax.php' => array( + 'availableUsers' => array('PM_FACTORY'), + 'assign' => array('PM_FACTORY'), + 'ofToAssign' => array('PM_FACTORY'), + 'usersGroup' => array('PM_FACTORY'), + 'canDeleteUser' => array('PM_USERS'), + 'deleteUser' => array('PM_USERS'), + 'changeUserStatus' => array('PM_USERS'), + 'availableGroups' => array('PM_USERS'), + 'assignedGroups' => array('PM_USERS'), + 'assignGroupsToUserMultiple' => array('PM_USERS'), + 'deleteGroupsToUserMultiple' => array('PM_USERS'), + 'authSources' => array('PM_USERS'), + 'loadAuthSourceByUID' => array('PM_USERS'), + 'updateAuthServices' => array('PM_USERS'), + 'usersList' => array('PM_USERS'), + 'summaryUserData' => array('PM_USERS'), + 'verifyIfUserAssignedAsSupervisor' => array('PM_USERS'), + ) + ); } /** @@ -1443,5 +1465,34 @@ class RBAC } } } + /** + * This function verify if the user allows to the file with a specific action + * If the action is not defined in the authorizedActions we give the allow + * @param string $file + * @param string $action + * + * @return void + */ + public function allows($file, $action) + { + $access = true; + $permissions = isset($this->authorizedActions[$file][$action]) ? $this->authorizedActions[$file][$action] : array(); + $totalPermissions = count($permissions); + $countAccess = 0; + foreach ($permissions as $key => $value) { + if ($this->userCanAccess($value) == 1) { + $countAccess++; + } + } + //Check if the user has all permissions that needed + if ($countAccess !== $totalPermissions) { + $access = false; + } + + if (!$access) { + G::header('Location: /errors/error403.php'); + die(); + } + } } diff --git a/workflow/engine/classes/model/ObjectPermission.php b/workflow/engine/classes/model/ObjectPermission.php index 1319e6456..b483918db 100644 --- a/workflow/engine/classes/model/ObjectPermission.php +++ b/workflow/engine/classes/model/ObjectPermission.php @@ -409,5 +409,39 @@ class ObjectPermission extends BaseObjectPermission } return $result; } + + /** + * Verify if the user has a objectPermission for some process + * + * @param string $usrUid the uid of the user + * @param int $typeRelation + * + * @return array + */ + public function objectPermissionPerUser($usrUid, $typeRelation = 1) + { + $criteria = new Criteria("workflow"); + $criteria->addSelectColumn(ObjectPermissionPeer::USR_UID); + $criteria->addSelectColumn(ObjectPermissionPeer::PRO_UID); + $criteria->add(ObjectPermissionPeer::OP_USER_RELATION, $typeRelation, Criteria::EQUAL); + $criteria->add(ObjectPermissionPeer::USR_UID, $usrUid, Criteria::EQUAL); + $doSelectRS = ObjectPermissionPeer::doSelectRS($criteria); + $doSelectRS->setFetchmode(ResultSet::FETCHMODE_ASSOC); + $doSelectRS->next(); + $objectPermision = $doSelectRS->getRow(); + $data = array(); + if (isset($objectPermision["USR_UID"])) { + $criteria = new Criteria("workflow"); + $criteria->addSelectColumn(ProcessPeer::PRO_TITLE); + $criteria->add(ProcessPeer::PRO_UID, $objectPermision["PRO_UID"], Criteria::EQUAL); + $doSelectRS = ProcessPeer::doSelectRS($criteria); + $doSelectRS->setFetchmode(ResultSet::FETCHMODE_ASSOC); + $doSelectRS->next(); + $content = $doSelectRS->getRow(); + $data['PRO_TITLE'] = $content["PRO_TITLE"]; + $data['PRO_UID'] = $objectPermision["PRO_UID"]; + } + return $data; + } } diff --git a/workflow/engine/methods/users/users_Ajax.php b/workflow/engine/methods/users/users_Ajax.php index 5052db1cb..cad63cff6 100644 --- a/workflow/engine/methods/users/users_Ajax.php +++ b/workflow/engine/methods/users/users_Ajax.php @@ -1,34 +1,6 @@ . - * - * For more information, contact Colosa Inc, 2566 Le Jeune Rd., - * Coral Gables, FL, 33134, USA, or email info@colosa.com. - */ try { - G::LoadSystem('inputfilter'); - $filter = new InputFilter(); - $_GET = $filter->xssFilterHard($_GET); - $_POST = $filter->xssFilterHard($_POST); - $_REQUEST = $filter->xssFilterHard($_REQUEST); - global $RBAC; switch ($RBAC->userCanAccess('PM_LOGIN')) { case - 2: @@ -47,38 +19,15 @@ try { $_POST = $_POST['form']; } if (isset($_REQUEST['function'])) { - //$value= $_POST['function']; $value = get_ajax_value('function'); } else { - //$value= $_POST['functions']; $value = get_ajax_value('functions'); } + + $RBAC->allows(basename(__FILE__), $value); switch ($value) { - case 'verifyUsername': - //print_r($_POST); die; - $_POST['sOriginalUsername'] = get_ajax_value('sOriginalUsername'); - $_POST['sUsername'] = get_ajax_value('sUsername'); - if ($_POST['sOriginalUsername'] == $_POST['sUsername']) { - echo '0'; - } else { - require_once 'classes/model/Users.php'; - G::LoadClass('Users'); - $oUser = new Users(); - $oCriteria = $oUser->loadByUsername($_POST['sUsername']); - $oDataset = UsersPeer::doSelectRs($oCriteria, Propel::getDbConnection('workflow_ro')); - $oDataset->setFetchmode(ResultSet::FETCHMODE_ASSOC); - $oDataset->next(); - $aRow = $oDataset->getRow(); - //print_r($aRow); die; - //if (!$aRow) - if (!is_array($aRow)) { - echo '0'; - } else { - echo '1'; - } - } - break; case 'availableUsers': + //Classic process: list of users to assign in the task G::LoadClass('processMap'); $oProcessMap = new ProcessMap(); global $G_PUBLISH; @@ -87,6 +36,7 @@ try { G::RenderPage('publish', 'raw'); break; case 'assign': + //Classic process: assign users and groups in the task G::LoadClass('tasks'); $oTasks = new Tasks(); switch ((int) $_POST['TU_RELATION']) { @@ -103,6 +53,7 @@ try { } break; case 'ofToAssign': + //Classic process: remove users and groups related a task G::LoadClass('tasks'); $oTasks = new Tasks(); switch ((int) $_POST['TU_RELATION']) { @@ -117,36 +68,11 @@ try { } break; case 'changeView': + //Classic process: set variable for users and groups Ad hoc $_SESSION['iType'] = $_POST['TU_TYPE']; break; - case 'deleteGroup': - G::LoadClass('groups'); - $oGroup = new Groups(); - $oGroup->removeUserOfGroup($_POST['GRP_UID'], $_POST['USR_UID']); - $_GET['sUserUID'] = $_POST['USR_UID']; - $G_PUBLISH = new Publisher(); - $G_PUBLISH->AddContent('view', 'users/users_Tree'); - G::RenderPage('publish', 'raw'); - break; - case 'showUserGroupInterface': - $_GET['sUserUID'] = $_POST['sUserUID']; - $G_PUBLISH = new Publisher(); - $G_PUBLISH->AddContent('view', 'users/users_AssignGroup'); - G::RenderPage('publish', 'raw'); - break; - case 'showUserGroups': - $_GET['sUserUID'] = $_POST['sUserUID']; - $G_PUBLISH = new Publisher(); - $G_PUBLISH->AddContent('view', 'users/users_Tree'); - G::RenderPage('publish', 'raw'); - break; - case 'assignUserToGroup': - G::LoadClass('groups'); - $oGroup = new Groups(); - $oGroup->addUserToGroup($_POST['GRP_UID'], $_POST['USR_UID']); - echo '

' . G::LoadTranslation('ID_MSG_ASSIGN_DONE') . '

'; - break; case 'usersGroup': + //Classic process: list of users in a group related a task G::LoadClass('groups'); $oGroup = new Groups(); $aGroup = $oGroup->getUsersOfGroup($_POST['GRP_UID']); @@ -154,29 +80,8 @@ try { echo $aValues['USR_FIRSTNAME'] . ' ' . $aValues['USR_LASTNAME'] . '
'; } break; - - //This case is used to check if any of the user group has as role 'PROCESSMAKER_ADMIN', - case 'usersAdminGroupExtJS': - G::LoadClass('groups'); - $oGroup = new Groups(); - $aGroup = $oGroup->getUsersOfGroup($_POST['GRP_UID']); - $responseUser = 'false'; - $usersAdmin = ''; - foreach ($aGroup as $iIndex => $aValues) { - if ($aValues['USR_ROLE'] == 'PROCESSMAKER_ADMIN') { - $responseUser = 'true'; - $usersAdmin .= $aValues['USR_FIRSTNAME'] . ' ' . $aValues['USR_LASTNAME'] . ', '; - } - } - $usersAdmin = substr($usersAdmin, 0, - 2); - - $result = new stdClass(); - $result->reponse = $responseUser; - $result->users = $usersAdmin; - - echo G::json_encode($result); - break; case 'canDeleteUser': + //Check before delete a user G::LoadClass('case'); $oProcessMap = new Cases(); $USR_UID = $_POST['uUID']; @@ -198,44 +103,31 @@ try { echo $response; break; case 'deleteUser': - $UID = $_POST['USR_UID']; - - //process permissions - $criteria = new Criteria("workflow"); - $criteria->addSelectColumn(ObjectPermissionPeer::USR_UID); - $criteria->addSelectColumn(ObjectPermissionPeer::PRO_UID); - $criteria->add(ObjectPermissionPeer::OP_USER_RELATION, 1, Criteria::EQUAL); - $criteria->add(ObjectPermissionPeer::USR_UID, $UID, Criteria::EQUAL); - $doSelectRS = DynaformPeer::doSelectRS($criteria); - $doSelectRS->setFetchmode(ResultSet::FETCHMODE_ASSOC); - $doSelectRS->next(); - $objectPermision = $doSelectRS->getRow(); - if (isset($objectPermision["USR_UID"])) { - $criteria = new Criteria("workflow"); - $criteria->addSelectColumn(ProcessPeer::PRO_TITLE); - $criteria->add(ProcessPeer::PRO_UID, $objectPermision["PRO_UID"], Criteria::EQUAL); - $doSelectRS = ProcessPeer::doSelectRS($criteria); - $doSelectRS->setFetchmode(ResultSet::FETCHMODE_ASSOC); - $doSelectRS->next(); - $content = $doSelectRS->getRow(); + //Check if the user was defined in a process permissions + $oObjectPermission = new ObjectPermission(); + $aProcess = $oObjectPermission->objectPermissionPerUser($_POST['USR_UID'], 1); + if (count($aProcess) > 0) { echo G::json_encode(array( "status" => 'ERROR', - "message" => G::LoadTranslation('ID_USER_CANT_BE_DELETED_FOR_THE_PROCESS', array('processTitle' => isset($content["PRO_TITLE"]) ? $content["PRO_TITLE"] : $objectPermision['PRO_UID'])) + "message" => G::LoadTranslation('ID_USER_CANT_BE_DELETED_FOR_THE_PROCESS', array('processTitle' => isset($aProcess["PRO_TITLE"]) ? $aProcess["PRO_TITLE"] : $aProcess['PRO_UID'])) )); break; } + //Remove from tasks G::LoadClass('tasks'); $oTasks = new Tasks(); $oTasks->ofToAssignUserOfAllTasks($UID); + + //Remove from groups G::LoadClass('groups'); $oGroups = new Groups(); $oGroups->removeUserOfAllGroups($UID); - $RBAC->changeUserStatus($UID, 'CLOSED'); - $_GET['USR_USERNAME'] = ''; - $RBAC->updateUser(array('USR_UID' => $UID, 'USR_USERNAME' => $_GET['USR_USERNAME'] - ), ''); + + //Update the table Users require_once 'classes/model/Users.php'; + $RBAC->changeUserStatus($UID, 'CLOSED'); + $RBAC->updateUser(array('USR_UID' => $UID,'USR_USERNAME' => ''), ''); $oUser = new Users(); $aFields = $oUser->load($UID); $aFields['USR_STATUS'] = 'CLOSED'; @@ -252,13 +144,13 @@ try { //Delete users as supervisor $criteria = new Criteria("workflow"); - $criteria->add(ProcessUserPeer::USR_UID, $UID, Criteria::EQUAL); $criteria->add(ProcessUserPeer::PU_TYPE, "SUPERVISOR", Criteria::EQUAL); ProcessUserPeer::doDelete($criteria); G::auditLog("DeleteUser", "User Name: ". $userName." User ID: (".$UID.") "); break; case 'changeUserStatus': + //When the user change the status: ACTIVE, INACTIVE, VACATION $response = new stdclass(); if (isset($_REQUEST['USR_UID']) && isset($_REQUEST['NEW_USR_STATUS'])) { $RBAC->changeUserStatus($_REQUEST['USR_UID'], ($_REQUEST['NEW_USR_STATUS'] == 'ACTIVE' ? 1 : 0)); @@ -278,6 +170,7 @@ try { die(G::json_encode($response)); break; case 'availableGroups': + //Get the available groups for assign to user G::LoadClass('groups'); $filter = (isset($_POST['textFilter'])) ? $_POST['textFilter'] : ''; $groups = new Groups(); @@ -291,6 +184,7 @@ try { echo '{groups: ' . G::json_encode($arr) . '}'; break; case 'assignedGroups': + //Get the groups related to user G::LoadClass('groups'); $filter = (isset($_POST['textFilter'])) ? $_POST['textFilter'] : ''; $groups = new Groups(); @@ -304,6 +198,7 @@ try { echo '{groups: ' . G::json_encode($arr) . '}'; break; case 'assignGroupsToUserMultiple': + //Assign user in a group $USR_UID = $_POST['USR_UID']; $gUIDs = explode(',', $_POST['GRP_UID']); G::LoadClass('groups'); @@ -313,6 +208,7 @@ try { } break; case 'deleteGroupsToUserMultiple': + //Remove a user from a group $USR_UID = $_POST['USR_UID']; $gUIDs = explode(',', $_POST['GRP_UID']); G::LoadClass('groups'); @@ -322,6 +218,7 @@ try { } break; case 'authSources': + //Get the authentication information $criteria = $RBAC->getAllAuthSources(); $objects = AuthenticationSourcePeer::doSelectRS($criteria); $objects->setFetchmode(ResultSet::FETCHMODE_ASSOC); @@ -336,22 +233,19 @@ try { } $started = Array(); $started['AUTH_SOURCE_UID'] = '00000000000000000000000000000000'; - //$started['AUTH_SOURCE_NAME'] = 'ProcessMaker'; - //$started['AUTH_SOURCE_TYPE'] = 'MYSQL'; $started['AUTH_SOURCE_SHOW'] = 'ProcessMaker (MYSQL)'; $arr[] = $started; while ($objects->next()) { $row = $objects->getRow(); $aux = Array(); $aux['AUTH_SOURCE_UID'] = $row['AUTH_SOURCE_UID']; - //$aux['AUTH_SOURCE_NAME'] = $row['AUTH_SOURCE_NAME']; - //$aux['AUTH_SOURCE_TYPE'] = $row['AUTH_SOURCE_TYPE']; $aux['AUTH_SOURCE_SHOW'] = $row['AUTH_SOURCE_NAME'] . ' (' . $row['AUTH_SOURCE_PROVIDER'] . ')'; $arr[] = $aux; } echo '{sources: ' . G::json_encode($arr) . '}'; break; case 'loadAuthSourceByUID': + //Get the authentication source assignment require_once 'classes/model/Users.php'; $oCriteria = $RBAC->load($_POST['uUID']); $UID_AUTH = $oCriteria['UID_AUTH_SOURCE']; @@ -373,6 +267,7 @@ try { echo G::json_encode($res); break; case 'updateAuthServices': + //Update the information related to user's autentication $aData = $RBAC->load($_POST['usr_uid']); unset($aData['USR_ROLE']); $auth_uid = $_POST['auth_source']; @@ -393,127 +288,31 @@ try { $aData['USR_AUTH_USER_DN'] = $auth_dn; } $RBAC->updateUser($aData); - G::auditLog("AssignAuthenticationSource", "User Name: ".$aData['USR_USERNAME'].' User ID: ('.$aData['USR_UID'].') assign to '.$aData['USR_AUTH_TYPE']); + G::auditLog( + "AssignAuthenticationSource", + "User Name: ".$aData['USR_USERNAME'].' User ID: ('.$aData['USR_UID'].') assign to '.$aData['USR_AUTH_TYPE'] + ); echo '{success: true}'; break; case 'usersList': - require_once 'classes/model/Users.php'; - require_once 'classes/model/LoginLog.php'; - require_once 'classes/model/Department.php'; - require_once 'classes/model/AppCacheView.php'; - require_once PATH_RBAC . 'model/Roles.php'; - global $RBAC; + //Get the list of users + //Read the configurations related to enviroments G::LoadClass('configuration'); $co = new Configurations(); $config = $co->getConfiguration('usersList', 'pageSize', '', $_SESSION['USER_LOGGED']); $limit_size = isset($config['pageSize']) ? $config['pageSize'] : 20; - $start = isset($_REQUEST['start']) ? $_REQUEST['start'] : 0; $limit = isset($_REQUEST['limit']) ? $_REQUEST['limit'] : $limit_size; + $start = isset($_REQUEST['start']) ? $_REQUEST['start'] : 0; $filter = isset($_REQUEST['textFilter']) ? $_REQUEST['textFilter'] : ''; - $auths = isset($_REQUEST['auths']) ? $_REQUEST['auths'] : ''; + $authSource = isset($_REQUEST['auths']) ? $_REQUEST['auths'] : ''; $sort = isset($_REQUEST['sort']) ? $_REQUEST['sort'] : ''; $dir = isset($_REQUEST['dir']) ? $_REQUEST['dir'] : 'ASC'; - $aUsers = Array(); - if ($auths != '') { - $aUsers = $RBAC->getListUsersByAuthSource($auths); - } - $oCriteria = new Criteria('workflow'); - $oCriteria->addSelectColumn('COUNT(*) AS CNT'); - if ($filter != '') { - $cc = $oCriteria->getNewCriterion(UsersPeer::USR_USERNAME, '%' . $filter . '%', Criteria::LIKE)->addOr($oCriteria->getNewCriterion(UsersPeer::USR_FIRSTNAME, '%' . $filter . '%', Criteria::LIKE)->addOr($oCriteria->getNewCriterion(UsersPeer::USR_LASTNAME, '%' . $filter . '%', Criteria::LIKE)->addOr($oCriteria->getNewCriterion(UsersPeer::USR_EMAIL, '%' . $filter . '%', Criteria::LIKE)))); - $oCriteria->add($cc); - } - $oCriteria->add(UsersPeer::USR_STATUS, array('CLOSED'), Criteria::NOT_IN); - if ($auths != '') { - $totalRows = sizeof($aUsers); - } else { - $oDataset = UsersPeer::DoSelectRs($oCriteria); - $oDataset->setFetchmode(ResultSet::FETCHMODE_ASSOC); - $oDataset->next(); - $row = $oDataset->getRow(); - $totalRows = $row['CNT']; - } - $oCriteria->clearSelectColumns(); - $oCriteria->addSelectColumn(UsersPeer::USR_UID); - $oCriteria->addSelectColumn(UsersPeer::USR_USERNAME); - $oCriteria->addSelectColumn(UsersPeer::USR_FIRSTNAME); - $oCriteria->addSelectColumn(UsersPeer::USR_LASTNAME); - $oCriteria->addSelectColumn(UsersPeer::USR_EMAIL); - $oCriteria->addSelectColumn(UsersPeer::USR_ROLE); - $oCriteria->addSelectColumn(UsersPeer::USR_DUE_DATE); - $oCriteria->addSelectColumn(UsersPeer::USR_STATUS); - $oCriteria->addSelectColumn(UsersPeer::USR_UX); - $oCriteria->addSelectColumn(UsersPeer::DEP_UID); - $oCriteria->addSelectColumn(UsersPeer::USR_LAST_LOGIN); - $oCriteria->addAsColumn('LAST_LOGIN', 0); - $oCriteria->addAsColumn('DEP_TITLE', 0); - $oCriteria->addAsColumn('TOTAL_CASES', 0); - $oCriteria->addAsColumn('DUE_DATE_OK', 1); - $sep = "'"; - $oCriteria->add(UsersPeer::USR_STATUS, array('CLOSED'), Criteria::NOT_IN); - if ($filter != '') { - $cc = $oCriteria->getNewCriterion(UsersPeer::USR_USERNAME, '%' . $filter . '%', Criteria::LIKE)->addOr($oCriteria->getNewCriterion(UsersPeer::USR_FIRSTNAME, '%' . $filter . '%', Criteria::LIKE)->addOr($oCriteria->getNewCriterion(UsersPeer::USR_LASTNAME, '%' . $filter . '%', Criteria::LIKE)->addOr($oCriteria->getNewCriterion(UsersPeer::USR_EMAIL, '%' . $filter . '%', Criteria::LIKE)))); - $oCriteria->add($cc); - } - if (sizeof($aUsers) > 0) { - $oCriteria->add(UsersPeer::USR_UID, $aUsers, Criteria::IN); - } elseif ($totalRows == 0 && $auths != '') { - $oCriteria->add(UsersPeer::USR_UID, '', Criteria::IN); - } - if ($sort != '') { - if ($dir == 'ASC') { - $oCriteria->addAscendingOrderByColumn($sort); - } else { - $oCriteria->addDescendingOrderByColumn($sort); - } - } - $oCriteria->setOffset($start); - $oCriteria->setLimit($limit); - $oDataset = UsersPeer::DoSelectRs($oCriteria); - $oDataset->setFetchmode(ResultSet::FETCHMODE_ASSOC); - $Department = new Department(); - $aDepart = $Department->getAllDepartmentsByUser(); - $aAuthSources = $RBAC->getAllAuthSourcesByUser(); - require_once PATH_CONTROLLERS . 'adminProxy.php'; - $uxList = adminProxy::getUxTypesList(); - - $oRoles = new Roles(); - $oParticipated = new ListParticipatedLast(); - $oAppCache = new AppCacheView(); - $rows = Array(); - $uRole = Array(); - while ($oDataset->next()) { - $row = $oDataset->getRow(); - - try { - $uRole = $oRoles->loadByCode($row['USR_ROLE']); - } catch (exception $oError) { - $uRole['ROL_NAME'] = G::loadTranslation('ID_DELETED'); - } - /*----------------------------------********---------------------------------*/ - if (true) { - $total = $oParticipated->getCountList($row['USR_UID']); - } else { - /*----------------------------------********---------------------------------*/ - $total = $oAppCache->getListCounters('sent', $row['USR_UID'], false); - /*----------------------------------********---------------------------------*/ - } - /*----------------------------------********---------------------------------*/ - $row['USR_ROLE_ID'] = $row['USR_ROLE']; - $row['USR_ROLE'] = isset($uRole['ROL_NAME']) ? ($uRole['ROL_NAME'] != '' ? $uRole['ROL_NAME'] : $uRole['ROL_CODE']) : $uRole['ROL_CODE']; - - $row['DUE_DATE_OK'] = (date('Y-m-d') > date('Y-m-d', strtotime($row['USR_DUE_DATE']))) ? 0 : 1; - $row['LAST_LOGIN'] = isset($row['USR_LAST_LOGIN']) ? \ProcessMaker\Util\DateTime::convertUtcToTimeZone($row['USR_LAST_LOGIN']) : ''; - $row['TOTAL_CASES'] = $total; - $row['DEP_TITLE'] = isset($aDepart[$row['USR_UID']]) ? $aDepart[$row['USR_UID']] : ''; - $row['USR_UX'] = isset($uxList[$row['USR_UX']]) ? $uxList[$row['USR_UX']] : $uxList['NORMAL']; - $row['USR_AUTH_SOURCE'] = isset($aAuthSources[$row['USR_UID']]) ? $aAuthSources[$row['USR_UID']] : 'ProcessMaker (MYSQL)'; - - $rows[] = $row; - } - - echo '{users: ' . G::json_encode($rows) . ', total_users: ' . $totalRows . '}'; + //Get all list of users with the additional information related to department, role, authentication, cases + $oUser = new \ProcessMaker\BusinessModel\User(); + $oDatasetUsers = $oUser->getAllUsersWithAuthSource($authSource, $filter, $sort, $start, $limit, $dir); + $rows = $oUser->getAdditionalInfoFromUsers($oDatasetUsers); + echo '{users: ' . G::json_encode($rows['data']) . ', total_users: ' . $rows['totalCount'] . '}'; break; case 'updatePageSize': G::LoadClass('configuration'); @@ -527,6 +326,7 @@ try { echo '{success: true}'; break; case 'summaryUserData': + //Get all information for the summary require_once 'classes/model/Users.php'; require_once 'classes/model/Department.php'; require_once 'classes/model/AppCacheView.php'; @@ -568,25 +368,16 @@ try { break; case "verifyIfUserAssignedAsSupervisor": + //Before delete we check if is supervisor + $supervisor = new \ProcessMaker\BusinessModel\ProcessSupervisor(); + $isSupervisor = $supervisor->isUserSupervisor($_POST["supervisorUserUid"]); $supervisorUserUid = $_POST["supervisorUserUid"]; - $message = "OK"; - - $criteria = new Criteria("workflow"); - - $criteria->addSelectColumn(ProcessUserPeer::PU_UID); - $criteria->add(ProcessUserPeer::USR_UID, $supervisorUserUid, Criteria::EQUAL); - $criteria->add(ProcessUserPeer::PU_TYPE, "SUPERVISOR", Criteria::EQUAL); - - $rsCriteria = ProcessUserPeer::doSelectRS($criteria); - $rsCriteria->setFetchmode(ResultSet::FETCHMODE_ASSOC); - - if ($rsCriteria->next()) { - $message = "ERROR"; + $message = 'OK'; + if ($isSupervisor) { + $message = 'ERROR'; } - $response = array(); $response["result"] = $message; - echo G::json_encode($response); break; } diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/ProcessSupervisor.php b/workflow/engine/src/ProcessMaker/BusinessModel/ProcessSupervisor.php index 2ed4d6d34..9d1ac7ece 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/ProcessSupervisor.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/ProcessSupervisor.php @@ -1461,4 +1461,37 @@ class ProcessSupervisor throw $e; } } + /** + * Check if the user is supervisor for some process + * + * @param string $userUid Unique id of User + * + * @return bool Return + */ + public function isUserSupervisor($userUid) + { + //Check if the user is defined as supervisor + $criteria = new \Criteria('workflow'); + $criteria->add(\ProcessUserPeer::USR_UID, $userUid, \Criteria::EQUAL); + $criteria->add(\ProcessUserPeer::PU_TYPE, 'SUPERVISOR', \Criteria::EQUAL); + $rsCriteria = \ProcessUserPeer::doSelectRS($criteria); + $rsCriteria->setFetchmode(\ResultSet::FETCHMODE_ASSOC); + + if ($rsCriteria->next()) { + return true; + } + //Check if the user is in a group defined as supervisor + $criteria = new \Criteria('workflow'); + $criteria->addSelectColumn(\ProcessUserPeer::USR_UID); + $criteria->addJoin(\ProcessUserPeer::USR_UID, \GroupUserPeer::GRP_UID, \Criteria::LEFT_JOIN); + $criteria->add(\ProcessUserPeer::PU_TYPE, 'GROUP_SUPERVISOR', \Criteria::EQUAL); + $criteria->add(\GroupUserPeer::USR_UID, $userUid, \Criteria::EQUAL); + $rsCriteria = \ProcessUserPeer::doSelectRS($criteria); + $rsCriteria->setFetchmode(\ResultSet::FETCHMODE_ASSOC); + + if ($rsCriteria->next()) { + return true; + } + return false; + } } diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/User.php b/workflow/engine/src/ProcessMaker/BusinessModel/User.php index 6fdb70486..4122751af 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/User.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/User.php @@ -1540,5 +1540,163 @@ class User throw $e; } } + /** + * This function get the list of users + * + * @param string $authSource, authentication source + * @param string $filter + * @param string $sort + * @param integer $start + * @param integer $limit + * @param string $dir related to order the column + * + * @return void + */ + public function getAllUsersWithAuthSource( + $authSource = '', + $filter = '', + $sort = '', + $start = 0, + $limit = 20, + $dir = 'ASC' + ) + { + global $RBAC; + $aUsers = array(); + if ($authSource != '') { + $aUsers = $RBAC->getListUsersByAuthSource($authSource); + } + $oCriteria = new \Criteria('workflow'); + $oCriteria->addSelectColumn('COUNT(*) AS CNT'); + if ($filter != '') { + $cc = $oCriteria->getNewCriterion(\UsersPeer::USR_USERNAME, '%' . $filter . '%', \Criteria::LIKE) + ->addOr($oCriteria->getNewCriterion(\UsersPeer::USR_FIRSTNAME, '%' . $filter . '%', \Criteria::LIKE) + ->addOr($oCriteria->getNewCriterion(\UsersPeer::USR_LASTNAME, '%' . $filter . '%', \Criteria::LIKE) + ->addOr($oCriteria->getNewCriterion(\UsersPeer::USR_EMAIL, '%' . $filter . '%', \Criteria::LIKE)))); + $oCriteria->add($cc); + } + $oCriteria->add(\UsersPeer::USR_STATUS, array('CLOSED'), \Criteria::NOT_IN); + + if ($authSource != '') { + $totalRows = sizeof($aUsers); + } else { + $oDataset = \UsersPeer::DoSelectRs($oCriteria); + $oDataset->setFetchmode(\ResultSet::FETCHMODE_ASSOC); + $oDataset->next(); + $row = $oDataset->getRow(); + $totalRows = $row['CNT']; + } + $oCriteria->clearSelectColumns(); + $oCriteria->addSelectColumn(\UsersPeer::USR_UID); + $oCriteria->addSelectColumn(\UsersPeer::USR_USERNAME); + $oCriteria->addSelectColumn(\UsersPeer::USR_FIRSTNAME); + $oCriteria->addSelectColumn(\UsersPeer::USR_LASTNAME); + $oCriteria->addSelectColumn(\UsersPeer::USR_EMAIL); + $oCriteria->addSelectColumn(\UsersPeer::USR_ROLE); + $oCriteria->addSelectColumn(\UsersPeer::USR_DUE_DATE); + $oCriteria->addSelectColumn(\UsersPeer::USR_STATUS); + $oCriteria->addSelectColumn(\UsersPeer::USR_UX); + $oCriteria->addSelectColumn(\UsersPeer::DEP_UID); + $oCriteria->addSelectColumn(\UsersPeer::USR_LAST_LOGIN); + $oCriteria->addAsColumn('LAST_LOGIN', 0); + $oCriteria->addAsColumn('DEP_TITLE', 0); + $oCriteria->addAsColumn('TOTAL_CASES', 0); + $oCriteria->addAsColumn('DUE_DATE_OK', 1); + $sep = "'"; + $oCriteria->add(\UsersPeer::USR_STATUS, array('CLOSED'), \Criteria::NOT_IN); + if ($filter != '') { + $cc = $oCriteria->getNewCriterion(\UsersPeer::USR_USERNAME, '%' . $filter . '%', \Criteria::LIKE) + ->addOr($oCriteria->getNewCriterion(\UsersPeer::USR_FIRSTNAME, '%' . $filter . '%', \Criteria::LIKE) + ->addOr($oCriteria->getNewCriterion(\UsersPeer::USR_LASTNAME, '%' . $filter . '%', \Criteria::LIKE) + ->addOr($oCriteria->getNewCriterion(\UsersPeer::USR_EMAIL, '%' . $filter . '%', \Criteria::LIKE)))); + $oCriteria->add($cc); + } + if (sizeof($aUsers) > 0) { + $oCriteria->add(\UsersPeer::USR_UID, $aUsers, \Criteria::IN); + } elseif ($totalRows == 0 && $authSource != '') { + $oCriteria->add(\UsersPeer::USR_UID, '', \Criteria::IN); + } + if ($sort != '') { + if ($dir == 'ASC') { + $oCriteria->addAscendingOrderByColumn($sort); + } else { + $oCriteria->addDescendingOrderByColumn($sort); + } + } + $oCriteria->setOffset($start); + $oCriteria->setLimit($limit); + $oDataset = \UsersPeer::DoSelectRs($oCriteria); + $oDataset->setFetchmode(\ResultSet::FETCHMODE_ASSOC); + + return $oDataset; + } + /** + * This function get additional information related to the user + * Information about the department, rol, cases, authentication + * + * @param criteria $oDatasetUsers, criteria for search users + * + * @return array $dataUsers array of users with the additional information + */ + public function getAdditionalInfoFromUsers($oDatasetUsers) + { + global $RBAC; + //Get the information about the department + $Department = new \Department(); + $aDepart = $Department->getAllDepartmentsByUser(); + + //Get the authentication sources + $aAuthSources = $RBAC->getAllAuthSourcesByUser(); + + //Get roles + $oRoles = new \Roles(); + + //Get cases + $oParticipated = new \ListParticipatedLast(); + $oAppCache = new \AppCacheView(); + + $rows = array(); + $uRole = array(); + $totalRows = 0; + $dataUsers = array(); + while ($oDatasetUsers->next()) { + $totalRows++; + $row = $oDatasetUsers->getRow(); + + //Add the role information related to the user + try { + $uRole = $oRoles->loadByCode($row['USR_ROLE']); + } catch (\exception $oError) { + $uRole['ROL_NAME'] = G::loadTranslation('ID_DELETED'); + } + $row['USR_ROLE_ID'] = $row['USR_ROLE']; + $row['USR_ROLE'] = isset($uRole['ROL_NAME']) ? ($uRole['ROL_NAME'] != '' ? $uRole['ROL_NAME'] : $uRole['ROL_CODE']) : $uRole['ROL_CODE']; + + /*----------------------------------********---------------------------------*/ + if (true) { + $total = $oParticipated->getCountList($row['USR_UID']); + } else { + /*----------------------------------********---------------------------------*/ + $total = $oAppCache->getListCounters('sent', $row['USR_UID'], false); + /*----------------------------------********---------------------------------*/ + } + /*----------------------------------********---------------------------------*/ + $row['TOTAL_CASES'] = $total; + + $row['DUE_DATE_OK'] = (date('Y-m-d') > date('Y-m-d', strtotime($row['USR_DUE_DATE']))) ? 0 : 1; + $row['LAST_LOGIN'] = isset($row['USR_LAST_LOGIN']) ? \ProcessMaker\Util\DateTime::convertUtcToTimeZone($row['USR_LAST_LOGIN']) : ''; + //Add the department information related to the user + $row['DEP_TITLE'] = isset($aDepart[$row['USR_UID']]) ? $aDepart[$row['USR_UID']] : ''; + //Add the authentication information related to the user + $row['USR_AUTH_SOURCE'] = isset($aAuthSources[$row['USR_UID']]) ? $aAuthSources[$row['USR_UID']] : 'ProcessMaker (MYSQL)'; + + $rows[] = $row; + } + $dataUsers['data'] = $rows; + $dataUsers['totalCount'] = $totalRows; + + return $dataUsers; + } + }