fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

HOR-4760

Browse Source
This commit is contained in:
Paula Quispe
2018-07-25 14:37:42 -04:00
parent 571e717743 81c0262dbf
commit 61df766312
474 changed files with 36168 additions and 50155 deletions
Download Patch File Download Diff File Expand all files Collapse all files

96
gulliver/system/class.rbac.php
View File

@@ -204,7 +204,6 @@ class RBAC
];
$this->aliasPermissions['PM_CASES'] = [self::PM_GUEST_CASE];
$this->aliasPermissions['PM_LOGIN'] = [self::PM_GUEST_CASE];
}
/**
@@ -231,37 +230,30 @@ class RBAC
public function initRBAC()
{
if (is_null($this->userObj)) {
$this->userObj = new RbacUsers();
}
if (is_null($this->systemObj)) {
$this->systemObj = new Systems();
}
if (is_null($this->usersRolesObj)) {
$this->usersRolesObj = new UsersRoles();
}
if (is_null($this->rolesObj)) {
$this->rolesObj = new Roles();
}
if (is_null($this->permissionsObj)) {
$this->permissionsObj = new Permissions();
}
if (is_null($this->rolesPermissionsObj)) {
$this->rolesPermissionsObj = new RolesPermissions();
}
if (is_null($this->authSourcesObj)) {
$this->authSourcesObj = new AuthenticationSource();
}
//hook for RBAC plugins
@@ -269,13 +261,11 @@ class RBAC
if (is_dir($pathPlugins)) {
if ($handle = opendir($pathPlugins)) {
while (false !== ($file = readdir($handle))) {
if (strpos($file, '.php', 1) && is_file($pathPlugins . PATH_SEP . $file) && substr($file, 0,
6) == 'class.' && substr($file, -4) == '.php') {
if (strpos($file, '.php', 1) && is_file($pathPlugins . PATH_SEP . $file) &&
substr($file, 0, 6) === 'class.' && substr($file, -4) === '.php') {
$className = substr($file, 6, strlen($file) - 10);
require_once($pathPlugins . PATH_SEP . $file);
$this->aRbacPlugins[] = $className;
}
}
}
@@ -291,7 +281,7 @@ class RBAC
* gets the Role and their permissions for Administrator Processmaker
*
* @access public
* @return $this->permissionsAdmin[ $permissionsAdmin ]
* @return array $this->permissionsAdmin[ $permissionsAdmin ]
*/
public function loadPermissionAdmin()
{
@@ -621,7 +611,13 @@ class RBAC
"PER_UID" => "00000000000000000000000000000065",
"PER_CODE" => "PM_SETUP_CUSTOM_CASES_LIST",
"PER_NAME" => "Setup Custom Cases List"
],
[
'PER_UID' => '00000000000000000000000000000067',
'PER_CODE' => 'PM_SETUP_LOG_FILES',
'PER_NAME' => 'Log Files'
]
];
return $permissionsAdmin;
@@ -873,9 +869,9 @@ class RBAC
*/
public function VerifyWithOtherAuthenticationSource($authType, $userFields, $strPass)
{
if ($authType == '' || $authType == 'MYSQL') {
if ($authType === '' || $authType === 'MYSQL') {
//check if the user is active
if ($userFields['USR_STATUS'] != 1) {
if ($userFields['USR_STATUS'] !== 1) {
return -3; //inactive user
}
@@ -886,13 +882,12 @@ class RBAC
}
foreach ($this->aRbacPlugins as $className) {
if (strtolower($className) == strtolower($authType)) {
if (strtolower($className) === strtolower($authType)) {
$plugin = new $className();
$plugin->sAuthSource = $userFields["UID_AUTH_SOURCE"];
$plugin->sAuthSource = $userFields['UID_AUTH_SOURCE'];
$plugin->sSystem = $this->sSystem;
$bValidUser = false;
$bValidUser = $plugin->VerifyLogin($userFields["USR_AUTH_USER_DN"], $strPass);
$bValidUser = $plugin->VerifyLogin($userFields['USR_AUTH_USER_DN'], $strPass);
if ($bValidUser === true) {
return ($userFields['USR_UID']);
} else {
@@ -924,14 +919,16 @@ class RBAC
{
/*----------------------------------********---------------------------------*/
$licenseManager =& PmLicenseManager::getSingleton();
if (in_array(G::encryptOld($licenseManager->result),
array('38afd7ae34bd5e3e6fc170d8b09178a3', 'ba2b45bdc11e2a4a6e86aab2ac693cbb'))) {
$licenseManager = PmLicenseManager::getSingleton();
if (in_array(
G::encryptOld($licenseManager->result),
['38afd7ae34bd5e3e6fc170d8b09178a3', 'ba2b45bdc11e2a4a6e86aab2ac693cbb']
)) {
return -7;
}
/*----------------------------------********---------------------------------*/
if (strlen($strPass) == 0) {
if (strlen($strPass) === 0) {
return -2;
}
//check if the user exists in the table RB_WORKFLOW.USERS
@@ -955,12 +952,10 @@ class RBAC
//Hook for RBAC plugins
if ($authType != "mysql" && $authType != "") {
$res = $this->VerifyWithOtherAuthenticationSource($authType, $this->userObj->fields, $strPass);
return $res;
} else {
$this->userObj->reuseUserFields = true;
$res = $this->userObj->VerifyLogin($strUser, $strPass);
return $res;
}
}
@@ -976,7 +971,6 @@ class RBAC
public function verifyUser($strUser)
{
$res = $this->userObj->verifyUser($strUser);
return $res;
}
@@ -990,7 +984,6 @@ class RBAC
public function verifyUserId($strUserId)
{
$res = $this->userObj->verifyUserId($strUserId);
return $res;
}
@@ -1051,24 +1044,24 @@ class RBAC
*/
public function createUser($dataCase = [], $rolCode = '')
{
if ($dataCase["USR_STATUS"] . "" == "1") {
$dataCase["USR_STATUS"] = "ACTIVE";
if ($dataCase['USR_STATUS'] . '' === '1') {
$dataCase['USR_STATUS'] = 'ACTIVE';
}
if ($dataCase["USR_STATUS"] . "" == "0") {
$dataCase["USR_STATUS"] = "INACTIVE";
if ($dataCase['USR_STATUS'] . '' === '0') {
$dataCase['USR_STATUS'] = 'INACTIVE';
}
if ($dataCase['USR_STATUS'] == 'ACTIVE') {
if ($dataCase['USR_STATUS'] === 'ACTIVE') {
$dataCase['USR_STATUS'] = 1;
}
if ($dataCase['USR_STATUS'] == 'INACTIVE') {
if ($dataCase['USR_STATUS'] === 'INACTIVE') {
$dataCase['USR_STATUS'] = 0;
}
$userUid = $this->userObj->create($dataCase);
if ($rolCode != '') {
if ($rolCode !== '') {
$this->assignRoleToUser($userUid, $rolCode);
}
@@ -1086,7 +1079,7 @@ class RBAC
public function updateUser($dataCase = [], $rolCode = '')
{
if (isset($dataCase['USR_STATUS'])) {
if ($dataCase['USR_STATUS'] == 'ACTIVE') {
if ($dataCase['USR_STATUS'] === 'ACTIVE') {
$dataCase['USR_STATUS'] = 1;
}
}
@@ -1141,9 +1134,9 @@ class RBAC
$userStatus = 1;
}
$aFields = $this->userObj->load($userUid);
$aFields['USR_STATUS'] = $userStatus;
$this->userObj->update($aFields);
$fields = $this->userObj->load($userUid);
$fields['USR_STATUS'] = $userStatus;
$this->userObj->update($fields);
}
/**
@@ -1194,7 +1187,7 @@ class RBAC
*/
public function createPermision($code)
{
return $this->permissionsObj->create(array('PER_CODE' => $code));
return $this->permissionsObj->create(['PER_CODE' => $code]);
}
/**
@@ -1677,8 +1670,10 @@ class RBAC
*/
public function createAuthSource($dataCase)
{
$dataCase['AUTH_SOURCE_PASSWORD'] = G::encrypt($dataCase['AUTH_SOURCE_PASSWORD'],
$dataCase['AUTH_SOURCE_SERVER_NAME']) . "_2NnV3ujj3w";
$dataCase['AUTH_SOURCE_PASSWORD'] = G::encrypt(
$dataCase['AUTH_SOURCE_PASSWORD'],
$dataCase['AUTH_SOURCE_SERVER_NAME']
) . "_2NnV3ujj3w";
$this->authSourcesObj->create($dataCase);
}
@@ -1693,8 +1688,10 @@ class RBAC
*/
public function updateAuthSource($dataCase)
{
$dataCase['AUTH_SOURCE_PASSWORD'] = G::encrypt($dataCase['AUTH_SOURCE_PASSWORD'],
$dataCase['AUTH_SOURCE_SERVER_NAME']) . "_2NnV3ujj3w";
$dataCase['AUTH_SOURCE_PASSWORD'] = G::encrypt(
$dataCase['AUTH_SOURCE_PASSWORD'],
$dataCase['AUTH_SOURCE_SERVER_NAME']
) . "_2NnV3ujj3w";
$this->authSourcesObj->update($dataCase);
}
@@ -1955,14 +1952,18 @@ class RBAC
$isAssignedNewpermissions = $this->getPermissionAssignedRole($aRow['ROL_UID'], $item['PER_UID']);
$assignPermissions = true;
if (!$isAssignedNewpermissions) {
if ($aRow['ROL_CODE'] == 'PROCESSMAKER_OPERATOR' && in_array($item['PER_CODE'],
$permissionsForOperator)) {
if ($aRow['ROL_CODE'] == 'PROCESSMAKER_OPERATOR' && in_array(
$item['PER_CODE'],
$permissionsForOperator
)) {
$assignPermissions = false;
}
if (!in_array($aRow['ROL_CODE'], $perCodePM)) {
$assignPermissions = false;
$checkPermisionEdit = $this->getPermissionAssignedRole($aRow['ROL_UID'],
'00000000000000000000000000000014');
$checkPermisionEdit = $this->getPermissionAssignedRole(
$aRow['ROL_UID'],
'00000000000000000000000000000014'
);
if ($checkPermisionEdit && !in_array($item['PER_CODE'], $permissionsForOperator)) {
$assignPermissions = true;
}
@@ -2052,4 +2053,3 @@ class RBAC
return self::GUEST_USER_UID === $usrUid;
}
}