From b6524547cd8c7a1232b587b08e5fffa285bb0d7e Mon Sep 17 00:00:00 2001 From: Erik Amaru Ortiz Date: Tue, 9 Aug 2011 16:40:32 -0400 Subject: [PATCH] BUG 6505 "Users with the "PM_USERS" permission in their role..." Solved! - ADMIN->Users now enabled for PM_USERS permission --- gulliver/system/class.rbac.php | 6 +- workflow/engine/menus/processmaker.php | 3 +- workflow/engine/menus/setup.php | 65 ++++++++++++--------- workflow/engine/methods/setup/main.php | 2 +- workflow/engine/methods/setup/main_init.php | 2 +- 5 files changed, 45 insertions(+), 33 deletions(-) diff --git a/gulliver/system/class.rbac.php b/gulliver/system/class.rbac.php index a75a0951f..7f397264a 100644 --- a/gulliver/system/class.rbac.php +++ b/gulliver/system/class.rbac.php @@ -996,13 +996,15 @@ class RBAC $numPerms = func_num_args(); $permissions = func_get_args(); + $access = -1; + if ( $numPerms == 1 ){ $access = $this->userCanAccess($permissions[0]); } else if ( $numPerms > 0 ){ foreach ($permissions as $perm) { $access = $this->userCanAccess($perm); - if( $access != 1 ) { - $access = -1; + if( $access == 1 ) { + $access = 1; break; } } diff --git a/workflow/engine/menus/processmaker.php b/workflow/engine/menus/processmaker.php index 0170d86b4..2c2a52e33 100644 --- a/workflow/engine/menus/processmaker.php +++ b/workflow/engine/menus/processmaker.php @@ -50,11 +50,10 @@ if ($RBAC->userCanAccess('PM_FACTORY') == 1 ) { $G_TMP_MENU->AddIdRawOption('REPORTS', 'reports/reportsList'); }*/ -if ($RBAC->userCanAccess('PM_SETUP') == 1 ) { +if ($RBAC->userCanAccess('PM_SETUP') == 1 || $RBAC->userCanAccess('PM_USERS') == 1) { $G_TMP_MENU->AddIdRawOption('SETUP', 'setup/main', G::LoadTranslation('ID_SETUP')); } - if( file_exists(PATH_CORE . 'menus/plugin.php') ) { require_once(PATH_CORE . 'menus/plugin.php'); } \ No newline at end of file diff --git a/workflow/engine/menus/setup.php b/workflow/engine/menus/setup.php index 9ef65b321..cff1df15b 100644 --- a/workflow/engine/menus/setup.php +++ b/workflow/engine/menus/setup.php @@ -24,42 +24,53 @@ */ global $G_TMP_MENU; global $RBAC; - -//settings options -$G_TMP_MENU->AddIdRawOption('LOGO', 'uplogo', G::LoadTranslation('ID_LOGO'), 'icon-pmlogo.png', '', 'settings'); -$G_TMP_MENU->AddIdRawOption('EMAILS','emails', G::LoadTranslation('ID_EMAIL'), 'icon-email-settings.png', '', 'settings'); -$G_TMP_MENU->AddIdRawOption('CALENDAR', 'calendarList', G::LoadTranslation('ID_CALENDAR'), 'icon-calendar.png', '', 'settings' ); -//if ($RBAC->userCanAccess('PM_SETUP_ADVANCE') == 1) -// $G_TMP_MENU->AddIdRawOption('CASES_LIST_SETUP', '../cases/casesListSetup', G::LoadTranslation('ID_CASES_LIST_SETUP'), "",'', 'settings'); -$G_TMP_MENU->AddIdRawOption('PROCESS_CATEGORY', '../processCategory/processCategoryList', G::LoadTranslation('ID_PROCESS_CATEGORY'), "rules.png",'', 'settings'); -if ($RBAC->userCanAccess('PM_SETUP_ADVANCE') == 1) + +if ($RBAC->userCanAccess('PM_SETUP') == 1 ) { + //settings options + $G_TMP_MENU->AddIdRawOption('LOGO', 'uplogo', G::LoadTranslation('ID_LOGO'), 'icon-pmlogo.png', '', 'settings'); + $G_TMP_MENU->AddIdRawOption('EMAILS','emails', G::LoadTranslation('ID_EMAIL'), 'icon-email-settings.png', '', 'settings'); + $G_TMP_MENU->AddIdRawOption('CALENDAR', 'calendarList', G::LoadTranslation('ID_CALENDAR'), 'icon-calendar.png', '', 'settings' ); + //if ($RBAC->userCanAccess('PM_SETUP_ADVANCE') == 1) + // $G_TMP_MENU->AddIdRawOption('CASES_LIST_SETUP', '../cases/casesListSetup', G::LoadTranslation('ID_CASES_LIST_SETUP'), "",'', 'settings'); + $G_TMP_MENU->AddIdRawOption('PROCESS_CATEGORY', '../processCategory/processCategoryList', G::LoadTranslation('ID_PROCESS_CATEGORY'), "rules.png",'', 'settings'); +} + +if ($RBAC->userCanAccess('PM_SETUP_ADVANCE') == 1) { $G_TMP_MENU->AddIdRawOption('LANGUAGES', 'languages', G::LoadTranslation('ID_LANGUAGES'), 'icon-language.png', '', 'settings'); -$G_TMP_MENU->AddIdRawOption('SKINS', 'skinsList', G::LoadTranslation('ID_SKINS'), 'icon-skins.png', '', 'settings'); -$G_TMP_MENU->AddIdRawOption('HEARTBEAT', 'processHeartBeatConfig', G::LoadTranslation('ID_HEARTBEAT_CONFIG'), "heartBeat.jpg",'', 'settings'); -$G_TMP_MENU->AddIdRawOption('ENVIRONMENT_SETTINGS', 'environmentSettings', G::LoadTranslation('ID_ENVIRONMENT_SETTINGS'), "",'', 'settings'); -if ($RBAC->userCanAccess('PM_SETUP_ADVANCE') == 1) +} + +if ($RBAC->userCanAccess('PM_SETUP') == 1 ) { + $G_TMP_MENU->AddIdRawOption('SKINS', 'skinsList', G::LoadTranslation('ID_SKINS'), 'icon-skins.png', '', 'settings'); + $G_TMP_MENU->AddIdRawOption('HEARTBEAT', 'processHeartBeatConfig', G::LoadTranslation('ID_HEARTBEAT_CONFIG'), "heartBeat.jpg",'', 'settings'); + $G_TMP_MENU->AddIdRawOption('ENVIRONMENT_SETTINGS', 'environmentSettings', G::LoadTranslation('ID_ENVIRONMENT_SETTINGS'), "",'', 'settings'); +} + +if ($RBAC->userCanAccess('PM_SETUP_ADVANCE') == 1) { $G_TMP_MENU->AddIdRawOption('APPCACHEVIEW_SETUP', '../setup/appCacheViewConf', G::LoadTranslation('ID_APPCACHE_SETUP'), "",'', 'settings'); -$G_TMP_MENU->AddIdRawOption('CLEAR_CACHE', 'clearCompiled', G::LoadTranslation('ID_CLEAR_CACHE'), 'icon-rebuild-clean.png', "", 'settings' ); +} if ($RBAC->userCanAccess('PM_SETUP') == 1) { + $G_TMP_MENU->AddIdRawOption('CLEAR_CACHE', 'clearCompiled', G::LoadTranslation('ID_CLEAR_CACHE'), 'icon-rebuild-clean.png', "", 'settings' ); //$G_TMP_MENU->AddIdRawOption('ADDITIONAL_TABLES', '../additionalTables/additionalTablesList', G::LoadTranslation('ID_ADDITIONAL_TABLES'), 'icon-tables.png','', 'settings'); //$G_TMP_MENU->AddIdRawOption('REPORT_TABLES', '../reportTables/main', 'Report Tables', 'icon-tables.png','', 'settings'); $G_TMP_MENU->AddIdRawOption('PM_TABLES', '../pmTables', G::LoadTranslation('ID_ADDITIONAL_TABLES'), 'icon-tables.png','', 'settings'); + + $G_TMP_MENU->AddIdRawOption('WEBSERVICES', 'webServices', G::LoadTranslation('ID_WEB_SERVICES'), 'icon-webservices.png', '', 'settings'); + $G_TMP_MENU->AddIdRawOption('LOG_CASE_SCHEDULER', '../cases/cases_Scheduler_Log', G::LoadTranslation('ID_LOG_CASE_SCHEDULER'), "icon-logs-list.png",'', 'settings'); + $G_TMP_MENU->AddIdRawOption('LOGIN', 'loginSettings', G::LoadTranslation('LOGIN'), "",'', 'settings'); +} +//tools options +if ($RBAC->userCanAccess('PM_SETUP_ADVANCE') == 1) { + $G_TMP_MENU->AddIdRawOption('PLUGINS', 'pluginsMain', 'Plugins Manager', 'icon-plugins.png', '', 'plugins'); } -$G_TMP_MENU->AddIdRawOption('WEBSERVICES', 'webServices', G::LoadTranslation('ID_WEB_SERVICES'), 'icon-webservices.png', '', 'settings'); -$G_TMP_MENU->AddIdRawOption('LOG_CASE_SCHEDULER', '../cases/cases_Scheduler_Log', G::LoadTranslation('ID_LOG_CASE_SCHEDULER'), "icon-logs-list.png",'', 'settings'); -$G_TMP_MENU->AddIdRawOption('LOGIN', 'loginSettings', G::LoadTranslation('LOGIN'), "",'', 'settings'); - -//tools options -if ($RBAC->userCanAccess('PM_SETUP_ADVANCE') == 1) - $G_TMP_MENU->AddIdRawOption('PLUGINS', 'pluginsMain', 'Plugins Manager', 'icon-plugins.png', '', 'plugins'); - //users options -$G_TMP_MENU->AddIdRawOption('USERS', '../users/users_List', G::LoadTranslation('ID_USERS_LIST'), 'icon-webservices.png', '', 'users'); -$G_TMP_MENU->AddIdRawOption('GROUPS', '../groups/groups', G::LoadTranslation('ID_GROUP_USERS'), '', '', 'users'); -$G_TMP_MENU->AddIdRawOption('DEPARTAMENTS', '../departments/departments', G::LoadTranslation('ID_DEPARTMENTS_USERS'), '', '', 'users'); -$G_TMP_MENU->AddIdRawOption('ROLES', '../roles/roles_List', G::LoadTranslation('ID_ROLES'), '', '', 'users'); -$G_TMP_MENU->AddIdRawOption('AUTHSOURCES', '../authSources/authSources_List', G::LoadTranslation('ID_AUTH_SOURCES'), '', '', 'users'); +if ($RBAC->userCanAccess('PM_SETUP') == 1 || $RBAC->userCanAccess('PM_USERS') == 1) { + $G_TMP_MENU->AddIdRawOption('USERS', '../users/users_List', G::LoadTranslation('ID_USERS_LIST'), 'icon-webservices.png', '', 'users'); + $G_TMP_MENU->AddIdRawOption('GROUPS', '../groups/groups', G::LoadTranslation('ID_GROUP_USERS'), '', '', 'users'); + $G_TMP_MENU->AddIdRawOption('DEPARTAMENTS', '../departments/departments', G::LoadTranslation('ID_DEPARTMENTS_USERS'), '', '', 'users'); + $G_TMP_MENU->AddIdRawOption('ROLES', '../roles/roles_List', G::LoadTranslation('ID_ROLES'), '', '', 'users'); + $G_TMP_MENU->AddIdRawOption('AUTHSOURCES', '../authSources/authSources_List', G::LoadTranslation('ID_AUTH_SOURCES'), '', '', 'users'); +} diff --git a/workflow/engine/methods/setup/main.php b/workflow/engine/methods/setup/main.php index b0b213874..265c0304c 100755 --- a/workflow/engine/methods/setup/main.php +++ b/workflow/engine/methods/setup/main.php @@ -23,7 +23,7 @@ * */ -$RBAC->requirePermissions('PM_SETUP'); +$RBAC->requirePermissions('PM_SETUP', 'PM_USERS'); $G_MAIN_MENU = 'processmaker'; $G_ID_MENU_SELECTED = 'SETUP'; diff --git a/workflow/engine/methods/setup/main_init.php b/workflow/engine/methods/setup/main_init.php index 2ee37636e..fcf87df27 100755 --- a/workflow/engine/methods/setup/main_init.php +++ b/workflow/engine/methods/setup/main_init.php @@ -23,7 +23,7 @@ * */ - $RBAC->requirePermissions('PM_SETUP'); + $RBAC->requirePermissions('PM_SETUP', 'PM_USERS'); $oHeadPublisher =& headPublisher::getSingleton();