diff --git a/gulliver/system/class.rbac.php b/gulliver/system/class.rbac.php index 483e2f7f8..617001d32 100755 --- a/gulliver/system/class.rbac.php +++ b/gulliver/system/class.rbac.php @@ -233,6 +233,54 @@ class RBAC "PER_NAME" => "Undo cancel case" ), array("PER_UID" => "00000000000000000000000000000039", "PER_CODE" => "PM_REST_API_APPLICATIONS", "PER_NAME" => "Create rest API Aplications" + ), array("PER_UID" => "00000000000000000000000000000040", "PER_CODE" => "PM_EDIT_USER_PROFILE_FIRST_NAME", + "PER_NAME" => "Edit User profile First Name" + ), array("PER_UID" => "00000000000000000000000000000041", "PER_CODE" => "PM_EDIT_USER_PROFILE_LAST_NAME", + "PER_NAME" => "Edit User profile Last Name" + ), array("PER_UID" => "00000000000000000000000000000042", "PER_CODE" => "PM_EDIT_USER_PROFILE_USERNAME", + "PER_NAME" => "Edit User profile Username" + ), array("PER_UID" => "00000000000000000000000000000043", "PER_CODE" => "PM_EDIT_USER_PROFILE_EMAIL", + "PER_NAME" => "Edit User profile Email" + ), array("PER_UID" => "00000000000000000000000000000044", "PER_CODE" => "PM_EDIT_USER_PROFILE_ADDRESS", + "PER_NAME" => "Edit User profile Address" + ), array("PER_UID" => "00000000000000000000000000000045", "PER_CODE" => "PM_EDIT_USER_PROFILE_ZIP_CODE", + "PER_NAME" => "Edit User profile Zip Code" + ), array("PER_UID" => "00000000000000000000000000000046", "PER_CODE" => "PM_EDIT_USER_PROFILE_COUNTRY", + "PER_NAME" => "Edit User profile Country" + ), array("PER_UID" => "00000000000000000000000000000047", "PER_CODE" => "PM_EDIT_USER_PROFILE_STATE_OR_REGION", + "PER_NAME" => "Edit User profile State or Region" + ), array("PER_UID" => "00000000000000000000000000000048", "PER_CODE" => "PM_EDIT_USER_PROFILE_LOCATION", + "PER_NAME" => "Edit User profile Location" + ), array("PER_UID" => "00000000000000000000000000000049", "PER_CODE" => "PM_EDIT_USER_PROFILE_PHONE", + "PER_NAME" => "Edit User profile Phone" + ), array("PER_UID" => "00000000000000000000000000000050", "PER_CODE" => "PM_EDIT_USER_PROFILE_POSITION", + "PER_NAME" => "Edit User profile Position" + ), array("PER_UID" => "00000000000000000000000000000051", "PER_CODE" => "PM_EDIT_USER_PROFILE_REPLACED_BY", + "PER_NAME" => "Edit User profile Replaced By" + ), array("PER_UID" => "00000000000000000000000000000052", "PER_CODE" => "PM_EDIT_USER_PROFILE_EXPIRATION_DATE", + "PER_NAME" => "Edit User profile Expiration Date" + ), array("PER_UID" => "00000000000000000000000000000053", "PER_CODE" => "PM_EDIT_USER_PROFILE_CALENDAR", + "PER_NAME" => "Edit User profile Calendar" + ), array("PER_UID" => "00000000000000000000000000000054", "PER_CODE" => "PM_EDIT_USER_PROFILE_STATUS", + "PER_NAME" => "Edit User profile Status" + ), array("PER_UID" => "00000000000000000000000000000055", "PER_CODE" => "PM_EDIT_USER_PROFILE_ROLE", + "PER_NAME" => "Edit User profile Role" + ), array("PER_UID" => "00000000000000000000000000000056", "PER_CODE" => "PM_EDIT_USER_PROFILE_TIME_ZONE", + "PER_NAME" => "Edit User profile Time Zone" + ), array("PER_UID" => "00000000000000000000000000000057", "PER_CODE" => "PM_EDIT_USER_PROFILE_DEFAULT_LANGUAGE", + "PER_NAME" => "Edit User profile Default Language" + ), array("PER_UID" => "00000000000000000000000000000058", "PER_CODE" => "PM_EDIT_USER_PROFILE_COSTS", + "PER_NAME" => "Edit User profile Costs" + ), array("PER_UID" => "00000000000000000000000000000059", "PER_CODE" => "PM_EDIT_USER_PROFILE_PASSWORD", + "PER_NAME" => "Edit User profile Password" + ), array("PER_UID" => "00000000000000000000000000000060", "PER_CODE" => "PM_EDIT_USER_PROFILE_USER_MUST_CHANGE_PASSWORD_AT_NEXT_LOGON", + "PER_NAME" => "Edit User profile Must Change Password at next Logon" + ), array("PER_UID" => "00000000000000000000000000000061", "PER_CODE" => "PM_EDIT_USER_PROFILE_PHOTO", + "PER_NAME" => "Edit User profile Photo" + ), array("PER_UID" => "00000000000000000000000000000062", "PER_CODE" => "PM_EDIT_USER_PROFILE_DEFAULT_MAIN_MENU_OPTIONS", + "PER_NAME" => "Edit User profile Default Main Menu Options" + ), array("PER_UID" => "00000000000000000000000000000063", "PER_CODE" => "PM_EDIT_USER_PROFILE_DEFAULT_CASES_MENU_OPTIONS", + "PER_NAME" => "Edit User profile Default Cases Menu Options" ) ); return $permissionsAdmin; @@ -889,9 +937,23 @@ class RBAC * @param string $ROL_UID * @return $this->rolesObj->getRolePermissionsByPerUid */ - public function getRolePermissionsByPerUid ($ROL_UID) + public function getRolePermissionsByPerUid($ROL_UID) { - return $this->rolesObj->getRolePermissionsByPerUid( $ROL_UID ); + return $this->rolesObj->getRolePermissionsByPerUid($ROL_UID); + } + + /** + * this function is Assigne role permission + * + * + * @access public + * + * @param string $ROL_UID + * @return $this->rolesObj->isAssigneRolePermission + */ + public function getPermissionAssignedRole($ROL_UID, $PER_UID) + { + return $this->rolesObj->getPermissionAssignedRole($ROL_UID, $PER_UID); } /** @@ -1271,18 +1333,18 @@ class RBAC * @access public * */ - public function verifyPermissions () + public function verifyPermissions() { $message = array(); $listPermissions = $this->loadPermissionAdmin(); - $criteria = new Criteria( 'rbac' ); - $dataset = PermissionsPeer::doSelectRS( $criteria ); - $dataset->setFetchmode( ResultSet::FETCHMODE_ASSOC ); + $criteria = new Criteria('rbac'); + $dataset = PermissionsPeer::doSelectRS($criteria); + $dataset->setFetchmode(ResultSet::FETCHMODE_ASSOC); $dataset->next(); $aRow = $dataset->getRow(); - while (is_array( $aRow )) { - foreach($listPermissions as $key => $item) { - if ($aRow['PER_UID'] == $item['PER_UID'] ) { + while (is_array($aRow)) { + foreach ($listPermissions as $key => $item) { + if ($aRow['PER_UID'] == $item['PER_UID']) { unset($listPermissions[$key]); break; } @@ -1290,39 +1352,42 @@ class RBAC $dataset->next(); $aRow = $dataset->getRow(); } - foreach($listPermissions as $key => $item) { + foreach ($listPermissions as $key => $item) { //Adding new permissions $data = array(); - $data['PER_UID'] = $item['PER_UID']; - $data['PER_CODE'] = $item['PER_CODE']; + $data['PER_UID'] = $item['PER_UID']; + $data['PER_CODE'] = $item['PER_CODE']; $data['PER_CREATE_DATE'] = date('Y-m-d H:i:s'); $data['PER_UPDATE_DATE'] = $data['PER_CREATE_DATE']; - $data['PER_STATUS'] = 1; - $permission = new Permissions(); + $data['PER_STATUS'] = 1; + $permission = new Permissions(); $permission->fromArray($data, BasePeer::TYPE_FIELDNAME); $permission->save(); $message[] = 'Add permission missing ' . $item['PER_CODE']; - //Adding new labels for new permissions $o = new RolesPermissions(); $o->setPerUid($item['PER_UID']); $o->setPermissionName($item['PER_NAME']); + //assigning new permissions + $this->assigningNewPermissionsPmSetup($item); + $this->assigningNewPermissionsPmEditProfile($item); + } + return $message; + } - //Assigning new permissions + /** + * Permissions for tab ADMIN + * @param array $item + */ + public function assigningNewPermissionsPmSetup($item = array()) + { + if (strpos($item['PER_CODE'], 'PM_SETUP_') !== false) { $rolesWithPermissionSetup = $this->getRolePermissionsByPerUid(self::SETUPERMISSIONUID); $rolesWithPermissionSetup->next(); while ($aRow = $rolesWithPermissionSetup->getRow()) { - $userRolePermission = $this->getRolePermissions($aRow['ROL_UID']); - $userRolePermission->next(); - $valueNewPermissions = false; - while ($aRowPermission = $userRolePermission->getRow()) { - if ($item['PER_CODE'] === $aRowPermission['PER_CODE']) { - $valueNewPermissions = true; - } - $userRolePermission->next(); - } - $dataPermissions = array(); - if (!$valueNewPermissions) { + $isAssignedNewpermissions = $this->getPermissionAssignedRole($aRow['ROL_UID'], $item['PER_UID']); + if (!$isAssignedNewpermissions) { + $dataPermissions = array(); $dataPermissions['ROL_UID'] = $aRow['ROL_UID']; $dataPermissions['PER_UID'] = $item['PER_UID']; $this->assignPermissionRole($dataPermissions); @@ -1330,7 +1395,51 @@ class RBAC $rolesWithPermissionSetup->next(); } } - return $message; + } + + /** + * Permissions for Edit Profile User + * @param array $item + */ + public function assigningNewPermissionsPmEditProfile($item = array()) + { + if (strpos($item['PER_CODE'], 'PM_EDIT_USER_PROFILE_') !== false) { + $allRolesRolUid = $this->getAllRoles('PROCESSMAKER'); + $perCodePM = array('PROCESSMAKER_ADMIN', 'PROCESSMAKER_OPERATOR', 'PROCESSMAKER_MANAGER'); + $permissionsForOperator = array( + 'PM_EDIT_USER_PROFILE_POSITION', + 'PM_EDIT_USER_PROFILE_REPLACED_BY', + 'PM_EDIT_USER_PROFILE_EXPIRATION_DATE', + 'PM_EDIT_USER_PROFILE_STATUS', + 'PM_EDIT_USER_PROFILE_ROLE', + 'PM_EDIT_USER_PROFILE_COSTS', + 'PM_EDIT_USER_PROFILE_USER_MUST_CHANGE_PASSWORD_AT_NEXT_LOGON', + 'PM_EDIT_USER_PROFILE_DEFAULT_MAIN_MENU_OPTIONS', + 'PM_EDIT_USER_PROFILE_DEFAULT_CASES_MENU_OPTIONS' + ); + foreach ($allRolesRolUid as $index => $aRow) { + $isAssignedNewpermissions = $this->getPermissionAssignedRole($aRow['ROL_UID'], $item['PER_UID']); + $assignPermissions = true; + if (!$isAssignedNewpermissions) { + if ($aRow['ROL_CODE'] == 'PROCESSMAKER_OPERATOR' && in_array($item['PER_CODE'], $permissionsForOperator)) { + $assignPermissions = false; + } + if (!in_array($aRow['ROL_CODE'], $perCodePM)) { + $assignPermissions = false; + $checkPermisionEdit = $this->getPermissionAssignedRole($aRow['ROL_UID'], '00000000000000000000000000000014'); + if ($checkPermisionEdit && !in_array($item['PER_CODE'], $permissionsForOperator)) { + $assignPermissions = true; + } + } + if ($assignPermissions) { + $dataPermissions = array(); + $dataPermissions['ROL_UID'] = $aRow['ROL_UID']; + $dataPermissions['PER_UID'] = $item['PER_UID']; + $this->assignPermissionRole($dataPermissions); + } + } + } + } } } diff --git a/rbac/engine/classes/model/Roles.php b/rbac/engine/classes/model/Roles.php index 282833d4f..56dd1e5c3 100755 --- a/rbac/engine/classes/model/Roles.php +++ b/rbac/engine/classes/model/Roles.php @@ -471,6 +471,11 @@ class Roles extends BaseRoles { G::auditLog("DeleteUserToRole", "Delete user ".$user['USR_USERNAME']." (".$USR_UID.") to Role ".$rol['ROL_NAME']." (".$ROL_UID.") "); } + /** + * @param $roleUid + * @return ResultSet + * @throws Exception + */ function getRolePermissionsByPerUid($roleUid){ try { $criteria = new Criteria(); @@ -487,6 +492,36 @@ class Roles extends BaseRoles { throw $e; } } + + /** + * Checks a permission is assigned to a Role + * @param $ROL_UID + * @param $PER_UID + * @return bool + * @throws Exception + */ + function getPermissionAssignedRole($ROL_UID, $PER_UID) + { + try { + $criteria = new Criteria(); + $criteria->addSelectColumn(RolesPermissionsPeer::ROL_UID); + $criteria->addSelectColumn(RolesPermissionsPeer::PER_UID); + $criteria->add(RolesPermissionsPeer::ROL_UID, $ROL_UID, Criteria::EQUAL); + $criteria->add(RolesPermissionsPeer::PER_UID, $PER_UID, Criteria::EQUAL); + + $oDataset = RolesPermissionsPeer::doSelectRS($criteria); + $oDataset->setFetchmode(ResultSet::FETCHMODE_ASSOC); + $oDataset->next(); + if($aRowRP = $oDataset->getRow()){ + return true; + } + return false; + + } catch (exception $e) { + throw $e; + } + } + function getRolePermissions($ROL_UID, $filter='', $status=null) { try { $criteria = new Criteria(); diff --git a/rbac/engine/data/mysql/insert.sql b/rbac/engine/data/mysql/insert.sql index ceef39208..4f4dbd973 100755 --- a/rbac/engine/data/mysql/insert.sql +++ b/rbac/engine/data/mysql/insert.sql @@ -37,7 +37,31 @@ INSERT INTO `RBAC_PERMISSIONS` VALUES ('00000000000000000000000000000036','PM_DELETE_PROCESS_CASES','2016-03-01 00:00:00','2016-03-01 00:00:00',1,'00000000000000000000000000000002'), ('00000000000000000000000000000037','PM_EDITPERSONALINFO_CALENDAR','2016-03-01 00:00:00','2016-03-01 00:00:00',1,'00000000000000000000000000000002'), ('00000000000000000000000000000038','PM_UNCANCELCASE','2016-06-14 00:00:00','2016-06-14 00:00:00',1,'00000000000000000000000000000002'), -('00000000000000000000000000000039','PM_REST_API_APPLICATIONS','2016-06-14 00:00:00','2016-06-14 00:00:00',1,'00000000000000000000000000000002'); +('00000000000000000000000000000039','PM_REST_API_APPLICATIONS','2016-06-14 00:00:00','2016-06-14 00:00:00',1,'00000000000000000000000000000002'), +('00000000000000000000000000000040','PM_EDIT_USER_PROFILE_FIRST_NAME','2016-07-18 00:00:00','2016-07-18 00:00:00',1,'00000000000000000000000000000002'), +('00000000000000000000000000000041','PM_EDIT_USER_PROFILE_LAST_NAME','2016-07-18 00:00:00','2016-07-18 00:00:00',1,'00000000000000000000000000000002'), +('00000000000000000000000000000042','PM_EDIT_USER_PROFILE_USERNAME','2016-07-18 00:00:00','2016-07-18 00:00:00',1,'00000000000000000000000000000002'), +('00000000000000000000000000000043','PM_EDIT_USER_PROFILE_EMAIL','2016-07-18 00:00:00','2016-07-18 00:00:00',1,'00000000000000000000000000000002'), +('00000000000000000000000000000044','PM_EDIT_USER_PROFILE_ADDRESS','2016-07-18 00:00:00','2016-07-18 00:00:00',1,'00000000000000000000000000000002'), +('00000000000000000000000000000045','PM_EDIT_USER_PROFILE_ZIP_CODE','2016-07-18 00:00:00','2016-07-18 00:00:00',1,'00000000000000000000000000000002'), +('00000000000000000000000000000046','PM_EDIT_USER_PROFILE_COUNTRY','2016-07-18 00:00:00','2016-07-18 00:00:00',1,'00000000000000000000000000000002'), +('00000000000000000000000000000047','PM_EDIT_USER_PROFILE_STATE_OR_REGION','2016-07-18 00:00:00','2016-07-18 00:00:00',1,'00000000000000000000000000000002'), +('00000000000000000000000000000048','PM_EDIT_USER_PROFILE_LOCATION','2016-07-18 00:00:00','2016-07-18 00:00:00',1,'00000000000000000000000000000002'), +('00000000000000000000000000000049','PM_EDIT_USER_PROFILE_PHONE','2016-07-18 00:00:00','2016-07-18 00:00:00',1,'00000000000000000000000000000002'), +('00000000000000000000000000000050','PM_EDIT_USER_PROFILE_POSITION','2016-07-18 00:00:00','2016-07-18 00:00:00',1,'00000000000000000000000000000002'), +('00000000000000000000000000000051','PM_EDIT_USER_PROFILE_REPLACED_BY','2016-07-18 00:00:00','2016-07-18 00:00:00',1,'00000000000000000000000000000002'), +('00000000000000000000000000000052','PM_EDIT_USER_PROFILE_EXPIRATION_DATE','2016-07-18 00:00:00','2016-07-18 00:00:00',1,'00000000000000000000000000000002'), +('00000000000000000000000000000053','PM_EDIT_USER_PROFILE_CALENDAR','2016-07-18 00:00:00','2016-07-18 00:00:00',1,'00000000000000000000000000000002'), +('00000000000000000000000000000054','PM_EDIT_USER_PROFILE_STATUS','2016-07-18 00:00:00','2016-07-18 00:00:00',1,'00000000000000000000000000000002'), +('00000000000000000000000000000055','PM_EDIT_USER_PROFILE_ROLE','2016-07-18 00:00:00','2016-07-18 00:00:00',1,'00000000000000000000000000000002'), +('00000000000000000000000000000056','PM_EDIT_USER_PROFILE_TIME_ZONE','2016-07-18 00:00:00','2016-07-18 00:00:00',1,'00000000000000000000000000000002'), +('00000000000000000000000000000057','PM_EDIT_USER_PROFILE_DEFAULT_LANGUAGE','2016-07-18 00:00:00','2016-07-18 00:00:00',1,'00000000000000000000000000000002'), +('00000000000000000000000000000058','PM_EDIT_USER_PROFILE_COSTS','2016-07-18 00:00:00','2016-07-18 00:00:00',1,'00000000000000000000000000000002'), +('00000000000000000000000000000059','PM_EDIT_USER_PROFILE_PASSWORD','2016-07-18 00:00:00','2016-07-18 00:00:00',1,'00000000000000000000000000000002'), +('00000000000000000000000000000060','PM_EDIT_USER_PROFILE_USER_MUST_CHANGE_PASSWORD_AT_NEXT_LOGON','2016-07-18 00:00:00','2016-07-18 00:00:00',1,'00000000000000000000000000000002'), +('00000000000000000000000000000061','PM_EDIT_USER_PROFILE_PHOTO','2016-07-18 00:00:00','2016-07-18 00:00:00',1,'00000000000000000000000000000002'), +('00000000000000000000000000000062','PM_EDIT_USER_PROFILE_DEFAULT_MAIN_MENU_OPTIONS','2016-07-18 00:00:00','2016-07-18 00:00:00',1,'00000000000000000000000000000002'), +('00000000000000000000000000000063','PM_EDIT_USER_PROFILE_DEFAULT_CASES_MENU_OPTIONS','2016-07-18 00:00:00','2016-07-18 00:00:00',1,'00000000000000000000000000000002'); INSERT INTO `RBAC_ROLES` VALUES ('00000000000000000000000000000001','','00000000000000000000000000000001','RBAC_ADMIN','2007-07-31 19:10:22','2007-08-03 12:24:36',1), @@ -86,8 +110,47 @@ INSERT INTO `RBAC_ROLES_PERMISSIONS` VALUES ('00000000000000000000000000000002','00000000000000000000000000000037'), ('00000000000000000000000000000002','00000000000000000000000000000038'), ('00000000000000000000000000000002','00000000000000000000000000000039'), +('00000000000000000000000000000002','00000000000000000000000000000040'), +('00000000000000000000000000000002','00000000000000000000000000000041'), +('00000000000000000000000000000002','00000000000000000000000000000042'), +('00000000000000000000000000000002','00000000000000000000000000000043'), +('00000000000000000000000000000002','00000000000000000000000000000044'), +('00000000000000000000000000000002','00000000000000000000000000000045'), +('00000000000000000000000000000002','00000000000000000000000000000046'), +('00000000000000000000000000000002','00000000000000000000000000000047'), +('00000000000000000000000000000002','00000000000000000000000000000048'), +('00000000000000000000000000000002','00000000000000000000000000000049'), +('00000000000000000000000000000002','00000000000000000000000000000050'), +('00000000000000000000000000000002','00000000000000000000000000000051'), +('00000000000000000000000000000002','00000000000000000000000000000052'), +('00000000000000000000000000000002','00000000000000000000000000000053'), +('00000000000000000000000000000002','00000000000000000000000000000054'), +('00000000000000000000000000000002','00000000000000000000000000000055'), +('00000000000000000000000000000002','00000000000000000000000000000056'), +('00000000000000000000000000000002','00000000000000000000000000000057'), +('00000000000000000000000000000002','00000000000000000000000000000058'), +('00000000000000000000000000000002','00000000000000000000000000000059'), +('00000000000000000000000000000002','00000000000000000000000000000060'), +('00000000000000000000000000000002','00000000000000000000000000000061'), +('00000000000000000000000000000002','00000000000000000000000000000062'), +('00000000000000000000000000000002','00000000000000000000000000000063'), ('00000000000000000000000000000003','00000000000000000000000000000001'), ('00000000000000000000000000000003','00000000000000000000000000000005'), +('00000000000000000000000000000003','00000000000000000000000000000040'), +('00000000000000000000000000000003','00000000000000000000000000000041'), +('00000000000000000000000000000003','00000000000000000000000000000042'), +('00000000000000000000000000000003','00000000000000000000000000000043'), +('00000000000000000000000000000003','00000000000000000000000000000044'), +('00000000000000000000000000000003','00000000000000000000000000000045'), +('00000000000000000000000000000003','00000000000000000000000000000046'), +('00000000000000000000000000000003','00000000000000000000000000000047'), +('00000000000000000000000000000003','00000000000000000000000000000048'), +('00000000000000000000000000000003','00000000000000000000000000000049'), +('00000000000000000000000000000003','00000000000000000000000000000053'), +('00000000000000000000000000000003','00000000000000000000000000000056'), +('00000000000000000000000000000003','00000000000000000000000000000057'), +('00000000000000000000000000000003','00000000000000000000000000000059'), +('00000000000000000000000000000003','00000000000000000000000000000061'), ('00000000000000000000000000000004','00000000000000000000000000000001'), ('00000000000000000000000000000004','00000000000000000000000000000003'), ('00000000000000000000000000000004','00000000000000000000000000000005'), @@ -122,7 +185,31 @@ INSERT INTO `RBAC_ROLES_PERMISSIONS` VALUES ('00000000000000000000000000000004','00000000000000000000000000000036'), ('00000000000000000000000000000004','00000000000000000000000000000037'), ('00000000000000000000000000000004','00000000000000000000000000000038'), -('00000000000000000000000000000004','00000000000000000000000000000039'); +('00000000000000000000000000000004','00000000000000000000000000000039'), +('00000000000000000000000000000004','00000000000000000000000000000040'), +('00000000000000000000000000000004','00000000000000000000000000000041'), +('00000000000000000000000000000004','00000000000000000000000000000042'), +('00000000000000000000000000000004','00000000000000000000000000000043'), +('00000000000000000000000000000004','00000000000000000000000000000044'), +('00000000000000000000000000000004','00000000000000000000000000000045'), +('00000000000000000000000000000004','00000000000000000000000000000046'), +('00000000000000000000000000000004','00000000000000000000000000000047'), +('00000000000000000000000000000004','00000000000000000000000000000048'), +('00000000000000000000000000000004','00000000000000000000000000000049'), +('00000000000000000000000000000004','00000000000000000000000000000050'), +('00000000000000000000000000000004','00000000000000000000000000000051'), +('00000000000000000000000000000004','00000000000000000000000000000052'), +('00000000000000000000000000000004','00000000000000000000000000000053'), +('00000000000000000000000000000004','00000000000000000000000000000054'), +('00000000000000000000000000000004','00000000000000000000000000000055'), +('00000000000000000000000000000004','00000000000000000000000000000056'), +('00000000000000000000000000000004','00000000000000000000000000000057'), +('00000000000000000000000000000004','00000000000000000000000000000058'), +('00000000000000000000000000000004','00000000000000000000000000000059'), +('00000000000000000000000000000004','00000000000000000000000000000060'), +('00000000000000000000000000000004','00000000000000000000000000000061'), +('00000000000000000000000000000004','00000000000000000000000000000062'), +('00000000000000000000000000000004','00000000000000000000000000000063'); INSERT INTO `RBAC_SYSTEMS` VALUES ('00000000000000000000000000000001','RBAC','2007-07-31 19:10:22','2007-08-03 12:24:36',1),('00000000000000000000000000000002','PROCESSMAKER','2007-07-31 19:10:22','2007-08-03 12:24:36',1); INSERT INTO `RBAC_USERS` VALUES ('00000000000000000000000000000001','admin','21232f297a57a5a743894a0e4a801fc3','Administrator','','admin@processmaker.com','2020-01-01','2007-08-03 12:24:36','2008-02-13 07:24:07',1,'MYSQL','00000000000000000000000000000000','',''); diff --git a/workflow/engine/data/mssql/insert.sql b/workflow/engine/data/mssql/insert.sql index c66414a22..5f2b409b0 100755 --- a/workflow/engine/data/mssql/insert.sql +++ b/workflow/engine/data/mssql/insert.sql @@ -30,6 +30,31 @@ SELECT 'PER_NAME','','00000000000000000000000000000035','en','Setup Logs' UNION SELECT 'PER_NAME','','00000000000000000000000000000036','en','Delete process cases' UNION ALL SELECT 'PER_NAME','','00000000000000000000000000000037','en','Edit personal info Calendar' UNION ALL SELECT 'PER_NAME','','00000000000000000000000000000038','en','Undo cancel case' UNION ALL +SELECT 'PER_NAME','','00000000000000000000000000000039','en','Create rest API Aplications' UNION ALL +SELECT 'PER_NAME','','00000000000000000000000000000040','en','Edit User profile First Name' UNION ALL +SELECT 'PER_NAME','','00000000000000000000000000000041','en','Edit User profile Last Name' UNION ALL +SELECT 'PER_NAME','','00000000000000000000000000000042','en','Edit User profile Username' UNION ALL +SELECT 'PER_NAME','','00000000000000000000000000000043','en','Edit User profile Email' UNION ALL +SELECT 'PER_NAME','','00000000000000000000000000000044','en','Edit User profile Address' UNION ALL +SELECT 'PER_NAME','','00000000000000000000000000000045','en','Edit User profile Zip Code' UNION ALL +SELECT 'PER_NAME','','00000000000000000000000000000046','en','Edit User profile Country' UNION ALL +SELECT 'PER_NAME','','00000000000000000000000000000047','en','Edit User profile State or Region' UNION ALL +SELECT 'PER_NAME','','00000000000000000000000000000048','en','Edit User profile Location' UNION ALL +SELECT 'PER_NAME','','00000000000000000000000000000049','en','Edit User profile Phone' UNION ALL +SELECT 'PER_NAME','','00000000000000000000000000000050','en','Edit User profile Position' UNION ALL +SELECT 'PER_NAME','','00000000000000000000000000000051','en','Edit User profile Replaced By' UNION ALL +SELECT 'PER_NAME','','00000000000000000000000000000052','en','Edit User profile Expiration Date' UNION ALL +SELECT 'PER_NAME','','00000000000000000000000000000053','en','Edit User profile Calendar' UNION ALL +SELECT 'PER_NAME','','00000000000000000000000000000054','en','Edit User profile Status' UNION ALL +SELECT 'PER_NAME','','00000000000000000000000000000055','en','Edit User profile Role' UNION ALL +SELECT 'PER_NAME','','00000000000000000000000000000056','en','Edit User profile Time Zone' UNION ALL +SELECT 'PER_NAME','','00000000000000000000000000000057','en','Edit User profile Default Language' UNION ALL +SELECT 'PER_NAME','','00000000000000000000000000000058','en','Edit User profile Costs' UNION ALL +SELECT 'PER_NAME','','00000000000000000000000000000059','en','Edit User profile Password' UNION ALL +SELECT 'PER_NAME','','00000000000000000000000000000060','en','Edit User profile Must Change Password at next Logon' UNION ALL +SELECT 'PER_NAME','','00000000000000000000000000000061','en','Edit User profile Photo' UNION ALL +SELECT 'PER_NAME','','00000000000000000000000000000062','en','Edit User profile Default Main Menu Options' UNION ALL +SELECT 'PER_NAME','','00000000000000000000000000000063','en','Edit User profile Default Cases Menu Options' UNION ALL SELECT 'PER_NAME','','00000000000000000000000000000013','en','Delete cases' UNION ALL SELECT 'PER_NAME','','00000000000000000000000000000012','en','WebDav' UNION ALL SELECT 'PER_NAME','','00000000000000000000000000000011','en','Dashboard' UNION ALL diff --git a/workflow/engine/data/mysql/insert.sql b/workflow/engine/data/mysql/insert.sql index 3a3ff6958..90cef4cff 100644 --- a/workflow/engine/data/mysql/insert.sql +++ b/workflow/engine/data/mysql/insert.sql @@ -44,7 +44,32 @@ INSERT INTO CONTENT (CON_CATEGORY,CON_PARENT,CON_ID,CON_LANG,CON_VALUE) VALUES ('PER_NAME','','00000000000000000000000000000035','en','Setup Logs'), ('PER_NAME','','00000000000000000000000000000036','en','Delete process cases'), ('PER_NAME','','00000000000000000000000000000037','en','Edit personal info Calendar'), -('PER_NAME','','00000000000000000000000000000038','en','Undo cancel case'); +('PER_NAME','','00000000000000000000000000000038','en','Undo cancel case') +('PER_NAME','','00000000000000000000000000000039','en','Create rest API Aplications'), +('PER_NAME','','00000000000000000000000000000040','en','Edit User profile First Name'), +('PER_NAME','','00000000000000000000000000000041','en','Edit User profile Last Name'), +('PER_NAME','','00000000000000000000000000000042','en','Edit User profile Username'), +('PER_NAME','','00000000000000000000000000000043','en','Edit User profile Email'), +('PER_NAME','','00000000000000000000000000000044','en','Edit User profile Address'), +('PER_NAME','','00000000000000000000000000000045','en','Edit User profile Zip Code'), +('PER_NAME','','00000000000000000000000000000046','en','Edit User profile Country'), +('PER_NAME','','00000000000000000000000000000047','en','Edit User profile State or Region'), +('PER_NAME','','00000000000000000000000000000048','en','Edit User profile Location'), +('PER_NAME','','00000000000000000000000000000049','en','Edit User profile Phone'), +('PER_NAME','','00000000000000000000000000000050','en','Edit User profile Position'), +('PER_NAME','','00000000000000000000000000000051','en','Edit User profile Replaced By'), +('PER_NAME','','00000000000000000000000000000052','en','Edit User profile Expiration Date'), +('PER_NAME','','00000000000000000000000000000053','en','Edit User profile Calendar'), +('PER_NAME','','00000000000000000000000000000054','en','Edit User profile Status'), +('PER_NAME','','00000000000000000000000000000055','en','Edit User profile Role'), +('PER_NAME','','00000000000000000000000000000056','en','Edit User profile Time Zone'), +('PER_NAME','','00000000000000000000000000000057','en','Edit User profile Default Language'), +('PER_NAME','','00000000000000000000000000000058','en','Edit User profile Costs'), +('PER_NAME','','00000000000000000000000000000059','en','Edit User profile Password'), +('PER_NAME','','00000000000000000000000000000060','en','Edit User profile Must Change Password at next Logon'), +('PER_NAME','','00000000000000000000000000000061','en','Edit User profile Photo'), +('PER_NAME','','00000000000000000000000000000062','en','Edit User profile Default Main Menu Options'), +('PER_NAME','','00000000000000000000000000000063','en','Edit User profile Default Cases Menu Options'); INSERT INTO LANGUAGE (LAN_ID,LAN_LOCATION,LAN_NAME,LAN_NATIVE_NAME,LAN_DIRECTION,LAN_WEIGHT,LAN_ENABLED,LAN_CALENDAR) VALUES ('aa','','Afar','','L','0','0','GREGORIAN'), @@ -61483,4 +61508,4 @@ INSERT INTO ADDONS_MANAGER (ADDON_DESCRIPTION,ADDON_ID,ADDON_NAME,ADDON_NICK,ADD ('User-based Language Management.','userBasedLanguage','userBasedLanguage','userBasedLanguage','Colosa','localRegistry','ready','00000000000000000000000000010013','features','','','0'), ('User-based Time Zone Management.','userBasedTimeZone','userBasedTimeZone','userBasedTimeZone','Colosa','localRegistry','ready','00000000000000000000000000010014','features','','','0'), ('This Feature will allow to store all input, output and attached documents generated in your processes in Google Drive.','pmGoogleDrive','pmGoogleDrive','pmGoogleDrive','Colosa','localRegistry','ready','00000000000000000000000000010015','features','','','0'), -('Promotion Manager','selectiveImportExport','selectiveImportExport','selectiveImportExport','Colosa','localRegistry','ready','00000000000000000000000000010016','features','','','0'); \ No newline at end of file +('Promotion Manager','selectiveImportExport','selectiveImportExport','selectiveImportExport','Colosa','localRegistry','ready','00000000000000000000000000010016','features','','','0'); diff --git a/workflow/engine/methods/users/usersAjax.php b/workflow/engine/methods/users/usersAjax.php index e37df59b6..7fee49d60 100755 --- a/workflow/engine/methods/users/usersAjax.php +++ b/workflow/engine/methods/users/usersAjax.php @@ -132,6 +132,8 @@ switch ($_POST['action']) { try { $user = new \ProcessMaker\BusinessModel\User(); $form = $_POST; + $permissionsToSaveData = $user->getPermissionsForEdit(); + $form = $user->checkPermissionForEdit($_SESSION['USER_LOGGED'], $permissionsToSaveData, $form); switch ($_POST['action']) { case 'saveUser'; @@ -145,13 +147,6 @@ switch ($_POST['action']) { ) { throw new Exception(G::LoadTranslation('ID_USER_NOT_HAVE_PERMISSION', [$_SESSION['USER_LOGGED']])); } - - unset( - $form['USR_REPLACED_BY'], - $form['USR_DUE_DATE'], - $form['USR_STATUS'], - $form['USR_ROLE'] - ); break; default: throw new Exception(G::LoadTranslation('ID_INVALID_DATA')); @@ -159,7 +154,7 @@ switch ($_POST['action']) { } if (array_key_exists('USR_LOGGED_NEXT_TIME', $form)) { - $form['USR_LOGGED_NEXT_TIME'] = ($form['USR_LOGGED_NEXT_TIME'])? 1 : 0; + $form['USR_LOGGED_NEXT_TIME'] = ($form['USR_LOGGED_NEXT_TIME']) ? 1 : 0; } $userUid = ''; @@ -168,7 +163,7 @@ switch ($_POST['action']) { $arrayUserData = $user->create($form); $userUid = $arrayUserData['USR_UID']; - $user->auditLog('INS', array_merge(['USR_UID' => $userUid, 'USR_USERNAME' => $arrayUserData['USR_USERNAME']], $form)); + $user->auditLog('INS', array_merge(['USR_UID' => $userUid, 'USR_USERNAME' => $arrayUserData['USR_USERNAME']], $form)); } else { if (array_key_exists('USR_NEW_PASS', $form) && $form['USR_NEW_PASS'] == '') { unset($form['USR_NEW_PASS']); @@ -179,7 +174,7 @@ switch ($_POST['action']) { $arrayUserData = $user->getUserRecordByPk($userUid, [], false); - $user->auditLog('UPD', array_merge(['USR_UID' => $userUid, 'USR_USERNAME' => $arrayUserData['USR_USERNAME']], $form)); + $user->auditLog('UPD', array_merge(['USR_UID' => $userUid, 'USR_USERNAME' => $arrayUserData['USR_USERNAME']], $form)); /* Saving preferences */ $def_lang = $form['PREF_DEFAULT_LANG']; @@ -298,9 +293,9 @@ switch ($_POST['action']) { break; } } else { - if($aFields['PREF_DEFAULT_MENUSELECTED'] == 'PM_STRATEGIC_DASHBOARD'){ - $menuSelected = strtoupper(G::LoadTranslation('ID_STRATEGIC_DASHBOARD')); - } + if ($aFields['PREF_DEFAULT_MENUSELECTED'] == 'PM_STRATEGIC_DASHBOARD') { + $menuSelected = strtoupper(G::LoadTranslation('ID_STRATEGIC_DASHBOARD')); + } } } } @@ -333,12 +328,16 @@ switch ($_POST['action']) { $aUserProperty = $oUserProperty->loadOrCreateIfNotExists($aFields['USR_UID'], array('USR_PASSWORD_HISTORY' => serialize(array($aFields['USR_PASSWORD'])))); $aFields['USR_LOGGED_NEXT_TIME'] = $aUserProperty['USR_LOGGED_NEXT_TIME']; - if(array_key_exists('USR_PASSWORD', $aFields)) { + if (array_key_exists('USR_PASSWORD', $aFields)) { unset($aFields['USR_PASSWORD']); } + $userPermissions = new \ProcessMaker\BusinessModel\User(); + $permissions = $userPermissions->loadDetailedPermissions($aFields); + $result->success = true; $result->user = $aFields; + $result->permission = $permissions; print (G::json_encode($result)); break; diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/User.php b/workflow/engine/src/ProcessMaker/BusinessModel/User.php index d1f8ac463..bd22db0e1 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/User.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/User.php @@ -42,6 +42,36 @@ class User "usrPhoto" => "USR_PHOTO" ); + private $arrayPermissionsForEditUser = array ( + 'USR_FIRSTNAME' => 'PM_EDIT_USER_PROFILE_FIRST_NAME', + 'USR_LASTNAME' => 'PM_EDIT_USER_PROFILE_LAST_NAME', + 'USR_USERNAME' => 'PM_EDIT_USER_PROFILE_USERNAME', + 'USR_EMAIL' => 'PM_EDIT_USER_PROFILE_EMAIL', + 'USR_ADDRESS' => 'PM_EDIT_USER_PROFILE_ADDRESS', + 'USR_ZIP_CODE' => 'PM_EDIT_USER_PROFILE_ZIP_CODE', + 'USR_COUNTRY' => 'PM_EDIT_USER_PROFILE_COUNTRY', + 'USR_REGION' => 'PM_EDIT_USER_PROFILE_STATE_OR_REGION', + 'USR_LOCATION' => 'PM_EDIT_USER_PROFILE_LOCATION', + 'USR_PHONE' => 'PM_EDIT_USER_PROFILE_PHONE', + 'USR_POSITION' => 'PM_EDIT_USER_PROFILE_POSITION', + 'USR_REPLACED_BY' => 'PM_EDIT_USER_PROFILE_REPLACED_BY', + 'USR_DUE_DATE' => 'PM_EDIT_USER_PROFILE_EXPIRATION_DATE', + 'USR_CALENDAR' => 'PM_EDIT_USER_PROFILE_CALENDAR', + 'USR_STATUS' => 'PM_EDIT_USER_PROFILE_STATUS', + 'USR_ROLE' => 'PM_EDIT_USER_PROFILE_ROLE', + 'USR_TIME_ZONE' => 'PM_EDIT_USER_PROFILE_TIME_ZONE', + 'USR_DEFAULT_LANG' => 'PM_EDIT_USER_PROFILE_DEFAULT_LANGUAGE', + 'USR_COST_BY_HOUR' => 'PM_EDIT_USER_PROFILE_COSTS', + 'USR_UNIT_COST' => 'PM_EDIT_USER_PROFILE_COSTS', + 'USR_CUR_PASS' => 'PM_EDIT_USER_PROFILE_PASSWORD', + 'USR_NEW_PASS' => 'PM_EDIT_USER_PROFILE_PASSWORD', + 'USR_CNF_PASS' => 'PM_EDIT_USER_PROFILE_PASSWORD', + 'USR_LOGGED_NEXT_TIME' => 'PM_EDIT_USER_PROFILE_USER_MUST_CHANGE_PASSWORD_AT_NEXT_LOGON', + 'USR_PHOTO' => 'PM_EDIT_USER_PROFILE_PHOTO', + 'PREF_DEFAULT_MENUSELECTED' => 'PM_EDIT_USER_PROFILE_DEFAULT_MAIN_MENU_OPTIONS', + 'PREF_DEFAULT_CASESELECTED' => 'PM_EDIT_USER_PROFILE_DEFAULT_CASES_MENU_OPTIONS' + ); + /** * Constructor of the class * @@ -58,6 +88,13 @@ class User } } + /** + * @return array + */ + public function getPermissionsForEdit(){ + return $this->arrayPermissionsForEditUser; + } + /** * Set the format of the fields name (uppercase, lowercase) * @@ -1322,6 +1359,53 @@ class User $this->userObj->update($fields); } + /** + * @param $userUid + * @param array $arrayPermission + * @return User + * @throws \Exception + */ + public function checkPermissionForEdit($userUid, $arrayPermission = array(), $form) + { + try { + foreach ($arrayPermission as $key => $value) { + $flagPermission = $this->checkPermission($userUid, $value); + if (!$flagPermission){ + unset($form[$key]); + } + } + return $form; + } catch (\Exception $e) { + throw $e; + } + } + + /** + * @param $aFields + * @return array + * @throws \Exception + */ + public function loadDetailedPermissions($aFields) + { + try { + global $RBAC; + $resultPermissionsForUser = array(); + if ($aFields['USR_UID'] != '') { + foreach ($this->arrayPermissionsForEditUser as $index => $item) { + if ($RBAC->userCanAccess($item) !== 1) { + $resultPermissionsForUser[$index] = $item; + } + } + return $resultPermissionsForUser; + } else { + $lang = defined('SYS_LANG') ? SYS_LANG : 'en'; + throw (new \Exception(G::LoadTranslation("ID_USER_UID_DOESNT_EXIST", $lang, array("USR_UID" => $aFields['USR_UID'])))); + } + } catch (\Exception $oError) { + throw ($oError); + } + } + /** * Check permission * diff --git a/workflow/engine/templates/users/users.js b/workflow/engine/templates/users/users.js index 2849f4d9a..991152653 100755 --- a/workflow/engine/templates/users/users.js +++ b/workflow/engine/templates/users/users.js @@ -29,7 +29,6 @@ var displayPreferences; var box; var infoMode; var global = {}; -var readMode; var usernameText; var previousUsername = ''; var canEdit = true; @@ -63,6 +62,8 @@ Ext.onReady(function () { }); + displayPreferences = "display: block;"; + if (MODE == "edit" || MODE == "") { flagPoliciesPassword = true; } @@ -78,12 +79,7 @@ Ext.onReady(function () { //Mode info box.setVisible(false); box.disable(); - - displayPreferences = "display: block;"; - readMode = true; } else { - displayPreferences = "display: none;"; - readMode = false; canEdit = false; } } else { @@ -93,8 +89,6 @@ Ext.onReady(function () { box.setVisible(false); box.disable(); - displayPreferences = "display: none;"; - readMode = false; canEdit = false; } @@ -305,7 +299,6 @@ Ext.onReady(function () { fieldLabel: _("ID_REPLACED_BY"), emptyText: "- " + _("ID_NONE") + " -", - readOnly: readMode, minChars: 1, hideTrigger: true, @@ -317,8 +310,7 @@ Ext.onReady(function () { id : "USR_DUE_DATE", fieldLabel : _("ID_EXPIRATION_DATE"), format : "Y-m-d", - editable : false, - readOnly : readMode, + editable : true, width : 120, value : (new Date().add(Date.YEAR, EXPIRATION_DATE)).format("Y-m-d") }); @@ -343,7 +335,6 @@ Ext.onReady(function () { fieldLabel : _('ID_CALENDAR'), hiddenName : 'USR_CALENDAR', id : 'USR_CALENDAR', - readOnly : readMode, store : storeCalendar, valueField : 'CALENDAR_UID', displayField : 'CALENDAR_NAME', @@ -375,8 +366,7 @@ Ext.onReady(function () { typeAhead : true, triggerAction : 'all', editable : false, - value : 'ACTIVE', - readOnly : readMode + value : 'ACTIVE' }); storeRole = new Ext.data.Store({ @@ -399,7 +389,6 @@ Ext.onReady(function () { fieldLabel : _('ID_ROLE'), hiddenName : 'USR_ROLE', id : 'USR_ROLE', - readOnly : readMode, store : storeRole, valueField : 'ROL_UID', displayField : 'ROL_CODE', @@ -548,6 +537,7 @@ Ext.onReady(function () { allowBlank : false }, { + id : 'USR_ADDRESS', xtype : 'textarea', name : 'USR_ADDRESS', fieldLabel : _('ID_ADDRESS'), @@ -804,7 +794,7 @@ Ext.onReady(function () { emptyText : TRANSLATIONS.ID_SELECT, width : 260, selectOnFocus : true, - editable : false, + editable : true, triggerAction : "all", mode : "local" }); @@ -877,7 +867,6 @@ Ext.onReady(function () { } //location.href = 'users_List'; } - //hidden:readMode } ] }); @@ -1222,7 +1211,6 @@ function userFrmEditSubmit() frmDetails.getForm().findField("USR_REPLACED_BY").setRawValue(usertmp.REPLACED_NAME); } - Ext.getCmp("USR_STATUS").setDisabled(readMode); Ext.getCmp("frmDetails").getForm().submit({ url : "usersAjax", params : { @@ -1469,6 +1457,8 @@ function loadUserData() USR_LOGGED_NEXT_TIME : data.user.USR_LOGGED_NEXT_TIME }); + setReadOnlyItems(data.permission); + if (infoMode) { Ext.getCmp("USR_FIRSTNAME2").setText(data.user.USR_FIRSTNAME); Ext.getCmp("USR_LASTNAME2").setText(data.user.USR_LASTNAME); @@ -1613,3 +1603,22 @@ function userExecuteEvent(element, event) return !element.dispatchEvent(evt); } } + +function setReadOnlyItems(permissions) { + for (var key in permissions) { + disableAndReadOnly(key) + } +} +function disableAndReadOnly(idElement) { + if(idElement == 'USR_TIME_ZONE'){ + idElement = 'cboTimeZone'; + } + if(idElement == 'USR_CUR_PASS'){ + idElement = 'currentPassword'; + } + var myBoxCmp = Ext.getCmp(idElement); + if (myBoxCmp) { + Ext.getCmp(idElement).setReadOnly(true); + Ext.getCmp(idElement).disable(); + } +}