HOR-3956
+ Enable access to guest user to use the PM_CASES.
+ Add PM_DASHBOARD permission to KPIs.
+ Add internal permission alias:
RBAC->userCanAccess()
* Verify if the user has a right over the permission. Ex.
* $rbac->userCanAccess("PM_CASES");
*
* Alias of permissions:
* PM_CASES has alias: PM_GUES_CASE
* This means that a role with PM_GUES_CASE could access like one with PM_CASES
* unless the permission is required as strict, like this:
* $rbac->userCanAccess("PM_CASES/strict");
This commit is contained in:
davidcallizaya
@@ -82,6 +82,8 @@ class RBAC
|
||||
private static $instance = null;
|
||||
public $authorizedActions = array();
|
||||
|
||||
private $aliasPermissions = [];
|
||||
|
||||
/**
|
||||
* To enable compatibility with soap login.
|
||||
* @var bool
|
||||
@@ -146,13 +148,13 @@ class RBAC
|
||||
),
|
||||
'home.php' => array(
|
||||
'login' => array('PM_LOGIN'),
|
||||
'index' => array('PM_CASES'),
|
||||
'indexSingle' => array('PM_CASES'),
|
||||
'appList' => array('PM_CASES'),
|
||||
'index' => array('PM_CASES/strict'),
|
||||
'indexSingle' => array('PM_CASES/strict'),
|
||||
'appList' => array('PM_CASES/strict'),
|
||||
'appAdvancedSearch' => array('PM_ALLCASES'),
|
||||
'getApps' => array('PM_ALLCASES'),
|
||||
'getAppsData' => array('PM_ALLCASES'),
|
||||
'startCase' => array('PM_CASES'),
|
||||
'startCase' => array('PM_CASES/strict'),
|
||||
'error' => array(),
|
||||
'getUserArray' => array('PM_ALLCASES'),
|
||||
'getCategoryArray' => array('PM_ALLCASES'),
|
||||
@@ -187,6 +189,8 @@ class RBAC
|
||||
'TEST' => array('PM_SETUP')
|
||||
)
|
||||
);
|
||||
$this->aliasPermissions['PM_CASES'] = [self::PM_GUEST_CASE];
|
||||
$this->aliasPermissions['PM_LOGIN'] = [self::PM_GUEST_CASE];
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -760,28 +764,44 @@ class RBAC
|
||||
}
|
||||
|
||||
/**
|
||||
* Verify if the user has a right over the permission
|
||||
* Verify if the user has a right over the permission. Ex.
|
||||
* $rbac->userCanAccess("PM_CASES");
|
||||
*
|
||||
* Alias of permissions:
|
||||
* PM_CASES has alias: PM_GUES_CASE
|
||||
* This means that a role with PM_GUES_CASE could access like one with PM_CASES
|
||||
* unless the permission is required as strict, like this:
|
||||
* $rbac->userCanAccess("PM_CASES/strict");
|
||||
*
|
||||
* @author Fernando Ontiveros
|
||||
* @access public
|
||||
*
|
||||
* @param string $uid id of user
|
||||
* @param string $system Code of System
|
||||
* @param string $perm id of Permissions
|
||||
* @param string $permBase id of Permissions
|
||||
* @return int 1: If it is ok
|
||||
* -1: System doesn't exists
|
||||
* -2: The User has not a Role
|
||||
* -3: The User has not this Permission.
|
||||
*/
|
||||
public function userCanAccess ($perm)
|
||||
public function userCanAccess($permBase)
|
||||
{
|
||||
if (isset( $this->aUserInfo[$this->sSystem]['PERMISSIONS'] )) {
|
||||
$strict = substr($permBase, -7, 7) === '/strict';
|
||||
$perm = $strict ? substr($permBase, 0, -7) : $permBase;
|
||||
if (isset($this->aUserInfo[$this->sSystem]['PERMISSIONS'])) {
|
||||
$res = - 3;
|
||||
//if ( !isset ( $this->aUserInfo[ $this->sSystem ]['ROLE'. 'x'] ) ) $res = -2;
|
||||
foreach ($this->aUserInfo[$this->sSystem]['PERMISSIONS'] as $key => $val) {
|
||||
if ($perm == $val['PER_CODE']) {
|
||||
$res = 1;
|
||||
}
|
||||
$hasAliasPermission = !$strict
|
||||
&& isset($this->aliasPermissions[$perm])
|
||||
&& array_search(
|
||||
$val['PER_CODE'],
|
||||
$this->aliasPermissions[$perm]
|
||||
) !== false;
|
||||
if ($hasAliasPermission) {
|
||||
$res = 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
$res = - 1;
|
||||
|
||||
@@ -87,7 +87,7 @@ class RbacUsers extends BaseRbacUsers
|
||||
if ($aFields['USR_DUE_DATE'] < date('Y-m-d')) {
|
||||
return -4;
|
||||
}
|
||||
if ($aFields['USR_STATUS'] != 1) {
|
||||
if ($aFields['USR_STATUS'] != 1 && $aFields['USR_UID']!== RBAC::GUEST_USER_UID) {
|
||||
return -3;
|
||||
}
|
||||
$role = $this->getUserRole($aFields['USR_UID']);
|
||||
|
||||
@@ -72,7 +72,7 @@ class WsBase
|
||||
$RBAC->loadUserRolePermission($RBAC->sSystem, $uid);
|
||||
$res = $RBAC->userCanAccess("PM_LOGIN");
|
||||
|
||||
if ($res != 1) {
|
||||
if ($res != 1 && $uid!== RBAC::GUEST_USER_UID) {
|
||||
$wsResponse = new WsResponse(2, G::loadTranslation('ID_USER_HAVENT_RIGHTS_SYSTEM'));
|
||||
throw (new Exception(serialize($wsResponse)));
|
||||
}
|
||||
|
||||
@@ -22,7 +22,7 @@
|
||||
* Coral Gables, FL, 33134, USA, or email info@colosa.com.
|
||||
*/
|
||||
|
||||
$RBAC->requirePermissions( 'PM_CASES' );
|
||||
$RBAC->requirePermissions( 'PM_CASES/strict' );
|
||||
|
||||
$G_MAIN_MENU = 'processmaker';
|
||||
$G_ID_MENU_SELECTED = 'CASES';
|
||||
|
||||
@@ -293,7 +293,7 @@ try {
|
||||
|
||||
// Assign the uid of user to userloggedobj
|
||||
$RBAC->loadUserRolePermission($RBAC->sSystem, $uid);
|
||||
$res = $RBAC->userCanAccess('PM_LOGIN');
|
||||
$res = $RBAC->userCanAccess('PM_LOGIN/strict');
|
||||
if ($res != 1 ) {
|
||||
if ($res == -2) {
|
||||
G::SendTemporalMessage ('ID_USER_HAVENT_RIGHTS_SYSTEM', "error");
|
||||
|
||||
@@ -981,14 +981,7 @@ function ifPermission($sessionId, $permission)
|
||||
|
||||
$oRBAC = RBAC::getSingleton();
|
||||
$oRBAC->loadUserRolePermission($oRBAC->sSystem, $user['USR_UID']);
|
||||
$aPermissions = $oRBAC->aUserInfo[$oRBAC->sSystem]['PERMISSIONS'];
|
||||
$sw = 0;
|
||||
|
||||
foreach ($aPermissions as $aPermission) {
|
||||
if ($aPermission['PER_CODE'] == $permission) {
|
||||
$sw = 1;
|
||||
}
|
||||
}
|
||||
$sw = $oRBAC->userCanAccess($permission) === 1 ? 1 : 0;
|
||||
|
||||
return $sw;
|
||||
}
|
||||
|
||||
@@ -22,6 +22,7 @@
|
||||
* Coral Gables, FL, 33134, USA, or email info@colosa.com.
|
||||
*/
|
||||
|
||||
$RBAC->requirePermissions( 'PM_DASHBOARD' );
|
||||
$licensedFeatures = & PMLicensedFeatures::getSingleton();
|
||||
if (!$licensedFeatures->verifyfeature('r19Vm5DK1UrT09MenlLYjZxejlhNUZ1b1NhV0JHWjBsZEJ6dnpJa3dTeWVLVT0=')) {
|
||||
G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_PAGE', 'error', 'labels' );
|
||||
|
||||
Reference in New Issue
Block a user