PMC-124
This commit is contained in:
Ronald Quenta
committed by
Paula Quispe
Paula Quispe
parent
da0ee7d3bf
commit
94d4ce1f85
@@ -55,7 +55,7 @@ class RBAC
|
||||
/**
|
||||
*
|
||||
* @access private
|
||||
* @var $userObj
|
||||
* @var RbacUsers $userObj
|
||||
*/
|
||||
public $userObj;
|
||||
public $usersPermissionsObj;
|
||||
@@ -803,6 +803,77 @@ class RBAC
|
||||
$this->aUserInfo[$sSystem]['PERMISSIONS'] = $fieldsPermissions;
|
||||
}
|
||||
|
||||
/**
|
||||
* Verification of a user through the class RBAC_user
|
||||
* verify if the user has permissions to stay in the application
|
||||
* -4: expired user
|
||||
* @access public
|
||||
* @throws Exception
|
||||
*/
|
||||
public function verifyDueDateUserLogged()
|
||||
{
|
||||
if (empty($this->userObj)) {
|
||||
return;
|
||||
}
|
||||
$uid = !empty($this->userObj) ? $this->userObj->getUsrUid() : null;
|
||||
//if the expired user
|
||||
if ($this->userObj->getUsrDueDate() < date('Y-m-d')) {
|
||||
$uid = -4;
|
||||
$errLabel = 'ID_USER_INACTIVE_BY_DATE';
|
||||
}
|
||||
|
||||
if (!isset($uid) || $uid < 0) {
|
||||
if (!defined('PPP_FAILED_LOGINS')) {
|
||||
define('PPP_FAILED_LOGINS', 0);
|
||||
}
|
||||
//start new session
|
||||
@session_destroy();
|
||||
session_start();
|
||||
session_regenerate_id();
|
||||
|
||||
throw new RBACException($errLabel);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Destroy all active sessions of a user (browser, soap, oauth)
|
||||
* @param string $usrUid User uid
|
||||
*/
|
||||
public static function destroySessionUser($usrUid)
|
||||
{
|
||||
$loginLog = new LoginLog();
|
||||
$sessionId = $loginLog->getSessionsIdByUser($usrUid);
|
||||
if ($sessionId) {
|
||||
//remove all login log row's of LOGIN_LOG table
|
||||
$loginLog->removeByUser($usrUid);
|
||||
//remove all register of tables
|
||||
(new OauthAccessTokens())->removeByUser($usrUid);
|
||||
(new OauthRefreshTokens())->removeByUser($usrUid);
|
||||
(new OauthAuthorizationCodes())->removeByUser($usrUid);
|
||||
(new Session())->removeByUser($usrUid);
|
||||
|
||||
// 1. commit session if it's started.
|
||||
if (session_id()) {
|
||||
session_commit();
|
||||
}
|
||||
// 2. store current session id
|
||||
session_start();
|
||||
$currentSessionId = session_id();
|
||||
session_commit();
|
||||
// 3. then destroy session specified.
|
||||
foreach ($sessionId as $sid) {
|
||||
session_id($sid['LOG_SID']);
|
||||
session_start();
|
||||
session_destroy();
|
||||
session_commit();
|
||||
}
|
||||
// 4. restore current session id. If don't restore it, your current session will refer to the session you just destroyed!
|
||||
session_id($currentSessionId);
|
||||
session_start();
|
||||
session_commit();
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* verification the register automatic
|
||||
*
|
||||
|
||||
@@ -1333,6 +1333,8 @@ class WsBase
|
||||
$result = new WsResponse(-1, G::LoadTranslation("ID_INVALID_DATA") . " $status");
|
||||
|
||||
return $result;
|
||||
} else {
|
||||
$status == 'INACTIVE' ? $RBAC->destroySessionUser($userUid) : null;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -130,5 +130,43 @@ class LoginLog extends BaseLoginLog
|
||||
}
|
||||
return $aRows;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the last session id of a user
|
||||
* @param string $userUid User uid
|
||||
* @return array All session id of php
|
||||
* @throws PropelException
|
||||
* @throws SQLException
|
||||
*/
|
||||
public function getSessionsIdByUser($userUid)
|
||||
{
|
||||
$criteria = new Criteria();
|
||||
$criteria->addSelectColumn('LOG_SID');
|
||||
$criteria->add(LoginLogPeer::USR_UID, $userUid);
|
||||
$criteria->add(LoginLogPeer::LOG_STATUS, 'ACTIVE');
|
||||
$criteria->setDistinct();
|
||||
$criteria->addDescendingOrderByColumn(LoginLogPeer::LOG_INIT_DATE);
|
||||
$resultSet = LoginLogPeer::doSelectRS($criteria);
|
||||
$resultSet->setFetchmode(ResultSet::FETCHMODE_ASSOC);
|
||||
$row = [];
|
||||
while($resultSet->next()) {
|
||||
$row[] = $resultSet->getRow();
|
||||
}
|
||||
return $row;
|
||||
}
|
||||
|
||||
/**
|
||||
* Delete all records related to a user uid
|
||||
* @param string $userUid User uid
|
||||
* @return int
|
||||
* @throws PropelException
|
||||
*/
|
||||
public function removeByUser($userUid)
|
||||
{
|
||||
$criteria = new Criteria();
|
||||
$criteria->add(LoginLogPeer::USR_UID, $userUid);
|
||||
$resultSet = LoginLogPeer::doDelete($criteria);
|
||||
return $resultSet;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -173,6 +173,20 @@ class OauthAccessTokens extends BaseOauthAccessTokens
|
||||
|
||||
return array("numRecTotal" => $numRecTotal, "data" => $arrayData);
|
||||
}
|
||||
|
||||
/**
|
||||
* Delete all records related to a user uid
|
||||
* @param string $userUid User uid
|
||||
* @return int
|
||||
* @throws PropelException
|
||||
*/
|
||||
public function removeByUser($userUid)
|
||||
{
|
||||
$criteria = new Criteria();
|
||||
$criteria->add(OauthAccessTokensPeer::USER_ID, $userUid);
|
||||
$resultSet = OauthAccessTokensPeer::doDelete($criteria);
|
||||
return $resultSet;
|
||||
}
|
||||
}
|
||||
|
||||
// OauthAccessTokens
|
||||
|
||||
@@ -14,6 +14,19 @@ require_once 'classes/model/om/BaseOauthAuthorizationCodes.php';
|
||||
*
|
||||
* @package classes.model
|
||||
*/
|
||||
class OauthAuthorizationCodes extends BaseOauthAuthorizationCodes {
|
||||
|
||||
class OauthAuthorizationCodes extends BaseOauthAuthorizationCodes
|
||||
{
|
||||
/**
|
||||
* Delete all records related to a user uid
|
||||
* @param string $userUid User uid
|
||||
* @return int
|
||||
* @throws PropelException
|
||||
*/
|
||||
public function removeByUser($userUid)
|
||||
{
|
||||
$criteria = new Criteria();
|
||||
$criteria->add(OauthAuthorizationCodesPeer::USER_ID, $userUid);
|
||||
$resultSet = OauthAuthorizationCodesPeer::doDelete($criteria);
|
||||
return $resultSet;
|
||||
}
|
||||
} // OauthAuthorizationCodes
|
||||
|
||||
@@ -209,6 +209,19 @@ class OauthClients extends BaseOauthClients
|
||||
return array("numRecTotal" => $numRecTotal, "data" => $arrayData);
|
||||
}
|
||||
|
||||
/**
|
||||
* Delete all records related to a user uid
|
||||
* @param string $userUid User uid
|
||||
* @return int
|
||||
* @throws PropelException
|
||||
*/
|
||||
public function removeByUser($userUid)
|
||||
{
|
||||
$criteria = new Criteria();
|
||||
$criteria->add(OauthClientsPeer::USR_UID, $userUid);
|
||||
$resultSet = OauthClientsPeer::doDelete($criteria);
|
||||
return $resultSet;
|
||||
}
|
||||
}
|
||||
|
||||
// OauthClients
|
||||
|
||||
@@ -14,6 +14,19 @@ require_once 'classes/model/om/BaseOauthRefreshTokens.php';
|
||||
*
|
||||
* @package classes.model
|
||||
*/
|
||||
class OauthRefreshTokens extends BaseOauthRefreshTokens {
|
||||
|
||||
class OauthRefreshTokens extends BaseOauthRefreshTokens
|
||||
{
|
||||
/**
|
||||
* Delete all records related to a user uid
|
||||
* @param string $userUid User uid
|
||||
* @return int
|
||||
* @throws PropelException
|
||||
*/
|
||||
public function removeByUser($userUid)
|
||||
{
|
||||
$criteria = new Criteria();
|
||||
$criteria->add(OauthRefreshTokensPeer::USER_ID, $userUid);
|
||||
$resultSet = OauthRefreshTokensPeer::doDelete($criteria);
|
||||
return $resultSet;
|
||||
}
|
||||
} // OauthRefreshTokens
|
||||
|
||||
@@ -20,5 +20,18 @@ require_once 'classes/model/om/BaseSession.php';
|
||||
*/
|
||||
class Session extends BaseSession
|
||||
{
|
||||
/**
|
||||
* Delete all records related to a user uid
|
||||
* @param string $userUid User uid
|
||||
* @return int
|
||||
* @throws PropelException
|
||||
*/
|
||||
public function removeByUser($userUid)
|
||||
{
|
||||
$criteria = new Criteria();
|
||||
$criteria->add(SessionPeer::USR_UID, $userUid);
|
||||
$resultSet = SessionPeer::doDelete($criteria);
|
||||
return $resultSet;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -149,6 +149,10 @@ try {
|
||||
$criteria->add(ProcessUserPeer::USR_UID, $usrUid, Criteria::EQUAL);
|
||||
$criteria->add(ProcessUserPeer::PU_TYPE, "SUPERVISOR", Criteria::EQUAL);
|
||||
ProcessUserPeer::doDelete($criteria);
|
||||
//Destroy session after delete user
|
||||
$RBAC->destroySessionUser($usrUid);
|
||||
(new OauthClients())->removeByUser($usrUid);
|
||||
|
||||
G::auditLog("DeleteUser", "User Name: ". $userName." User ID: (".$usrUid.") ");
|
||||
break;
|
||||
case 'changeUserStatus':
|
||||
@@ -160,6 +164,8 @@ try {
|
||||
$userData = $userInstance->load($_REQUEST['USR_UID']);
|
||||
$userData['USR_STATUS'] = $_REQUEST['NEW_USR_STATUS'];
|
||||
$userInstance->update($userData);
|
||||
//Destroy session after inactive user
|
||||
$_REQUEST['NEW_USR_STATUS'] == 'INACTIVE' ? $RBAC->destroySessionUser($_REQUEST['USR_UID']) : null;
|
||||
|
||||
$msg = $_REQUEST['NEW_USR_STATUS'] == 'ACTIVE'? "EnableUser" : "DisableUser";
|
||||
G::auditLog($msg, "User Name: ".$userData['USR_USERNAME']." User ID: (".$userData['USR_UID'].") ");
|
||||
|
||||
@@ -21,6 +21,7 @@ use IsoCountryPeer;
|
||||
use IsoLocationPeer;
|
||||
use IsoSubdivisionPeer;
|
||||
use ListParticipatedLast;
|
||||
use OauthClients;
|
||||
use PMmemcached;
|
||||
use ProcessMaker\BusinessModel\ProcessSupervisor as BmProcessSupervisor;
|
||||
use ProcessMaker\Plugins\PluginRegistry;
|
||||
@@ -1023,6 +1024,9 @@ class User
|
||||
|
||||
//Update in workflow
|
||||
$result = $user->update($arrayData);
|
||||
if (isset($arrayData['USR_STATUS'])) {
|
||||
$arrayData['USR_STATUS'] == 'INACTIVE' ? RBAC::destroySessionUser($userUid) : null;
|
||||
}
|
||||
|
||||
//Save Calendar assigment
|
||||
if (isset($arrayData["USR_CALENDAR"])) {
|
||||
@@ -1330,6 +1334,9 @@ class User
|
||||
$criteria->add(DashletInstancePeer::DAS_INS_OWNER_UID, $UID);
|
||||
$criteria->add(DashletInstancePeer::DAS_INS_OWNER_TYPE, 'USER');
|
||||
DashletInstancePeer::doDelete($criteria);
|
||||
//Destroy session after delete user
|
||||
RBAC::destroySessionUser($usrUid);
|
||||
(new OauthClients())->removeByUser($usrUid);
|
||||
}
|
||||
} catch (Exception $e) {
|
||||
throw $e;
|
||||
|
||||
@@ -937,6 +937,7 @@ if (!defined('EXECUTE_BY_CRON')) {
|
||||
$memKey = 'rbacSession' . session_id();
|
||||
if (($RBAC->aUserInfo = $memcache->get($memKey)) === false) {
|
||||
$RBAC->loadUserRolePermission($RBAC->sSystem, $_SESSION['USER_LOGGED']);
|
||||
$RBAC->verifyDueDateUserLogged();
|
||||
$memcache->set($memKey, $RBAC->aUserInfo, PMmemcached::EIGHT_HOURS);
|
||||
}
|
||||
} else {
|
||||
|
||||
Reference in New Issue
Block a user