fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

HOR-788

Browse Source 
La información personal de un usuario Administrador se ve en modo view.

HOR-788
La información personal de un usuario Administrador se ve en modo view.

HOR-788
La información personal de un usuario Administrador se ve en modo view.

HOR-788
La información personal de un usuario Administrador se ve en modo view.

HOR-788
La información personal de un usuario Administrador se ve en modo view.
This commit is contained in:
dheeyi william
2016-07-18 10:42:38 -04:00
parent 7592f29485
commit bc200f1a08
8 changed files with 437 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
workflow/engine/data/mssql/insert.sql
View File

@@ -30,6 +30,31 @@ SELECT 'PER_NAME','','00000000000000000000000000000035','en','Setup Logs' UNION
SELECT 'PER_NAME','','00000000000000000000000000000036','en','Delete process cases' UNION ALL
SELECT 'PER_NAME','','00000000000000000000000000000037','en','Edit personal info Calendar' UNION ALL
SELECT 'PER_NAME','','00000000000000000000000000000038','en','Undo cancel case' UNION ALL
SELECT 'PER_NAME','','00000000000000000000000000000039','en','Create rest API Aplications' UNION ALL
SELECT 'PER_NAME','','00000000000000000000000000000040','en','Edit User profile First Name' UNION ALL
SELECT 'PER_NAME','','00000000000000000000000000000041','en','Edit User profile Last Name' UNION ALL
SELECT 'PER_NAME','','00000000000000000000000000000042','en','Edit User profile Username' UNION ALL
SELECT 'PER_NAME','','00000000000000000000000000000043','en','Edit User profile Email' UNION ALL
SELECT 'PER_NAME','','00000000000000000000000000000044','en','Edit User profile Address' UNION ALL
SELECT 'PER_NAME','','00000000000000000000000000000045','en','Edit User profile Zip Code' UNION ALL
SELECT 'PER_NAME','','00000000000000000000000000000046','en','Edit User profile Country' UNION ALL
SELECT 'PER_NAME','','00000000000000000000000000000047','en','Edit User profile State or Region' UNION ALL
SELECT 'PER_NAME','','00000000000000000000000000000048','en','Edit User profile Location' UNION ALL
SELECT 'PER_NAME','','00000000000000000000000000000049','en','Edit User profile Phone' UNION ALL
SELECT 'PER_NAME','','00000000000000000000000000000050','en','Edit User profile Position' UNION ALL
SELECT 'PER_NAME','','00000000000000000000000000000051','en','Edit User profile Replaced By' UNION ALL
SELECT 'PER_NAME','','00000000000000000000000000000052','en','Edit User profile Expiration Date' UNION ALL
SELECT 'PER_NAME','','00000000000000000000000000000053','en','Edit User profile Calendar' UNION ALL
SELECT 'PER_NAME','','00000000000000000000000000000054','en','Edit User profile Status' UNION ALL
SELECT 'PER_NAME','','00000000000000000000000000000055','en','Edit User profile Role' UNION ALL
SELECT 'PER_NAME','','00000000000000000000000000000056','en','Edit User profile Time Zone' UNION ALL
SELECT 'PER_NAME','','00000000000000000000000000000057','en','Edit User profile Default Language' UNION ALL
SELECT 'PER_NAME','','00000000000000000000000000000058','en','Edit User profile Costs' UNION ALL
SELECT 'PER_NAME','','00000000000000000000000000000059','en','Edit User profile Password' UNION ALL
SELECT 'PER_NAME','','00000000000000000000000000000060','en','Edit User profile Must Change Password at next Logon' UNION ALL
SELECT 'PER_NAME','','00000000000000000000000000000061','en','Edit User profile Photo' UNION ALL
SELECT 'PER_NAME','','00000000000000000000000000000062','en','Edit User profile Default Main Menu Options' UNION ALL
SELECT 'PER_NAME','','00000000000000000000000000000063','en','Edit User profile Default Cases Menu Options' UNION ALL
SELECT 'PER_NAME','','00000000000000000000000000000013','en','Delete cases' UNION ALL
SELECT 'PER_NAME','','00000000000000000000000000000012','en','WebDav' UNION ALL
SELECT 'PER_NAME','','00000000000000000000000000000011','en','Dashboard' UNION ALL

29
workflow/engine/data/mysql/insert.sql
View File

@@ -44,7 +44,32 @@ INSERT INTO CONTENT (CON_CATEGORY,CON_PARENT,CON_ID,CON_LANG,CON_VALUE) VALUES
('PER_NAME','','00000000000000000000000000000035','en','Setup Logs'),
('PER_NAME','','00000000000000000000000000000036','en','Delete process cases'),
('PER_NAME','','00000000000000000000000000000037','en','Edit personal info Calendar'),
('PER_NAME','','00000000000000000000000000000038','en','Undo cancel case');
('PER_NAME','','00000000000000000000000000000038','en','Undo cancel case')
('PER_NAME','','00000000000000000000000000000039','en','Create rest API Aplications'),
('PER_NAME','','00000000000000000000000000000040','en','Edit User profile First Name'),
('PER_NAME','','00000000000000000000000000000041','en','Edit User profile Last Name'),
('PER_NAME','','00000000000000000000000000000042','en','Edit User profile Username'),
('PER_NAME','','00000000000000000000000000000043','en','Edit User profile Email'),
('PER_NAME','','00000000000000000000000000000044','en','Edit User profile Address'),
('PER_NAME','','00000000000000000000000000000045','en','Edit User profile Zip Code'),
('PER_NAME','','00000000000000000000000000000046','en','Edit User profile Country'),
('PER_NAME','','00000000000000000000000000000047','en','Edit User profile State or Region'),
('PER_NAME','','00000000000000000000000000000048','en','Edit User profile Location'),
('PER_NAME','','00000000000000000000000000000049','en','Edit User profile Phone'),
('PER_NAME','','00000000000000000000000000000050','en','Edit User profile Position'),
('PER_NAME','','00000000000000000000000000000051','en','Edit User profile Replaced By'),
('PER_NAME','','00000000000000000000000000000052','en','Edit User profile Expiration Date'),
('PER_NAME','','00000000000000000000000000000053','en','Edit User profile Calendar'),
('PER_NAME','','00000000000000000000000000000054','en','Edit User profile Status'),
('PER_NAME','','00000000000000000000000000000055','en','Edit User profile Role'),
('PER_NAME','','00000000000000000000000000000056','en','Edit User profile Time Zone'),
('PER_NAME','','00000000000000000000000000000057','en','Edit User profile Default Language'),
('PER_NAME','','00000000000000000000000000000058','en','Edit User profile Costs'),
('PER_NAME','','00000000000000000000000000000059','en','Edit User profile Password'),
('PER_NAME','','00000000000000000000000000000060','en','Edit User profile Must Change Password at next Logon'),
('PER_NAME','','00000000000000000000000000000061','en','Edit User profile Photo'),
('PER_NAME','','00000000000000000000000000000062','en','Edit User profile Default Main Menu Options'),
('PER_NAME','','00000000000000000000000000000063','en','Edit User profile Default Cases Menu Options');
INSERT INTO LANGUAGE (LAN_ID,LAN_LOCATION,LAN_NAME,LAN_NATIVE_NAME,LAN_DIRECTION,LAN_WEIGHT,LAN_ENABLED,LAN_CALENDAR) VALUES
('aa','','Afar','','L','0','0','GREGORIAN'),
@@ -61483,4 +61508,4 @@ INSERT INTO ADDONS_MANAGER (ADDON_DESCRIPTION,ADDON_ID,ADDON_NAME,ADDON_NICK,ADD
('User-based Language Management.','userBasedLanguage','userBasedLanguage','userBasedLanguage','Colosa','localRegistry','ready','00000000000000000000000000010013','features','','','0'),
('User-based Time Zone Management.','userBasedTimeZone','userBasedTimeZone','userBasedTimeZone','Colosa','localRegistry','ready','00000000000000000000000000010014','features','','','0'),
('This Feature will allow to store all input, output and attached documents generated in your processes in Google Drive.','pmGoogleDrive','pmGoogleDrive','pmGoogleDrive','Colosa','localRegistry','ready','00000000000000000000000000010015','features','','','0'),
('Promotion Manager','selectiveImportExport','selectiveImportExport','selectiveImportExport','Colosa','localRegistry','ready','00000000000000000000000000010016','features','','','0');
('Promotion Manager','selectiveImportExport','selectiveImportExport','selectiveImportExport','Colosa','localRegistry','ready','00000000000000000000000000010016','features','','','0');

27
workflow/engine/methods/users/usersAjax.php
View File

@@ -132,6 +132,8 @@ switch ($_POST['action']) {
try {
$user = new \ProcessMaker\BusinessModel\User();
$form = $_POST;
$permissionsToSaveData = $user->getPermissionsForEdit();
$form = $user->checkPermissionForEdit($_SESSION['USER_LOGGED'], $permissionsToSaveData, $form);
switch ($_POST['action']) {
case 'saveUser';
@@ -145,13 +147,6 @@ switch ($_POST['action']) {
) {
throw new Exception(G::LoadTranslation('ID_USER_NOT_HAVE_PERMISSION', [$_SESSION['USER_LOGGED']]));
}
unset(
$form['USR_REPLACED_BY'],
$form['USR_DUE_DATE'],
$form['USR_STATUS'],
$form['USR_ROLE']
);
break;
default:
throw new Exception(G::LoadTranslation('ID_INVALID_DATA'));
@@ -159,7 +154,7 @@ switch ($_POST['action']) {
}
if (array_key_exists('USR_LOGGED_NEXT_TIME', $form)) {
$form['USR_LOGGED_NEXT_TIME'] = ($form['USR_LOGGED_NEXT_TIME'])? 1 : 0;
$form['USR_LOGGED_NEXT_TIME'] = ($form['USR_LOGGED_NEXT_TIME']) ? 1 : 0;
}
$userUid = '';
@@ -168,7 +163,7 @@ switch ($_POST['action']) {
$arrayUserData = $user->create($form);
$userUid = $arrayUserData['USR_UID'];
$user->auditLog('INS', array_merge(['USR_UID' => $userUid, 'USR_USERNAME' => $arrayUserData['USR_USERNAME']], $form));
$user->auditLog('INS', array_merge(['USR_UID' => $userUid, 'USR_USERNAME' => $arrayUserData['USR_USERNAME']], $form));
} else {
if (array_key_exists('USR_NEW_PASS', $form) && $form['USR_NEW_PASS'] == '') {
unset($form['USR_NEW_PASS']);
@@ -179,7 +174,7 @@ switch ($_POST['action']) {
$arrayUserData = $user->getUserRecordByPk($userUid, [], false);
$user->auditLog('UPD', array_merge(['USR_UID' => $userUid, 'USR_USERNAME' => $arrayUserData['USR_USERNAME']], $form));
$user->auditLog('UPD', array_merge(['USR_UID' => $userUid, 'USR_USERNAME' => $arrayUserData['USR_USERNAME']], $form));
/* Saving preferences */
$def_lang = $form['PREF_DEFAULT_LANG'];
@@ -298,9 +293,9 @@ switch ($_POST['action']) {
break;
}
} else {
if($aFields['PREF_DEFAULT_MENUSELECTED'] == 'PM_STRATEGIC_DASHBOARD'){
$menuSelected = strtoupper(G::LoadTranslation('ID_STRATEGIC_DASHBOARD'));
}
if ($aFields['PREF_DEFAULT_MENUSELECTED'] == 'PM_STRATEGIC_DASHBOARD') {
$menuSelected = strtoupper(G::LoadTranslation('ID_STRATEGIC_DASHBOARD'));
}
}
}
}
@@ -333,12 +328,16 @@ switch ($_POST['action']) {
$aUserProperty = $oUserProperty->loadOrCreateIfNotExists($aFields['USR_UID'], array('USR_PASSWORD_HISTORY' => serialize(array($aFields['USR_PASSWORD']))));
$aFields['USR_LOGGED_NEXT_TIME'] = $aUserProperty['USR_LOGGED_NEXT_TIME'];
if(array_key_exists('USR_PASSWORD', $aFields)) {
if (array_key_exists('USR_PASSWORD', $aFields)) {
unset($aFields['USR_PASSWORD']);
}
$userPermissions = new \ProcessMaker\BusinessModel\User();
$permissions = $userPermissions->loadDetailedPermissions($aFields);
$result->success = true;
$result->user = $aFields;
$result->permission = $permissions;
print (G::json_encode($result));
break;

84
workflow/engine/src/ProcessMaker/BusinessModel/User.php
View File

@@ -42,6 +42,36 @@ class User
"usrPhoto" => "USR_PHOTO"
);
private $arrayPermissionsForEditUser = array (
'USR_FIRSTNAME' => 'PM_EDIT_USER_PROFILE_FIRST_NAME',
'USR_LASTNAME' => 'PM_EDIT_USER_PROFILE_LAST_NAME',
'USR_USERNAME' => 'PM_EDIT_USER_PROFILE_USERNAME',
'USR_EMAIL' => 'PM_EDIT_USER_PROFILE_EMAIL',
'USR_ADDRESS' => 'PM_EDIT_USER_PROFILE_ADDRESS',
'USR_ZIP_CODE' => 'PM_EDIT_USER_PROFILE_ZIP_CODE',
'USR_COUNTRY' => 'PM_EDIT_USER_PROFILE_COUNTRY',
'USR_REGION' => 'PM_EDIT_USER_PROFILE_STATE_OR_REGION',
'USR_LOCATION' => 'PM_EDIT_USER_PROFILE_LOCATION',
'USR_PHONE' => 'PM_EDIT_USER_PROFILE_PHONE',
'USR_POSITION' => 'PM_EDIT_USER_PROFILE_POSITION',
'USR_REPLACED_BY' => 'PM_EDIT_USER_PROFILE_REPLACED_BY',
'USR_DUE_DATE' => 'PM_EDIT_USER_PROFILE_EXPIRATION_DATE',
'USR_CALENDAR' => 'PM_EDIT_USER_PROFILE_CALENDAR',
'USR_STATUS' => 'PM_EDIT_USER_PROFILE_STATUS',
'USR_ROLE' => 'PM_EDIT_USER_PROFILE_ROLE',
'USR_TIME_ZONE' => 'PM_EDIT_USER_PROFILE_TIME_ZONE',
'USR_DEFAULT_LANG' => 'PM_EDIT_USER_PROFILE_DEFAULT_LANGUAGE',
'USR_COST_BY_HOUR' => 'PM_EDIT_USER_PROFILE_COSTS',
'USR_UNIT_COST' => 'PM_EDIT_USER_PROFILE_COSTS',
'USR_CUR_PASS' => 'PM_EDIT_USER_PROFILE_PASSWORD',
'USR_NEW_PASS' => 'PM_EDIT_USER_PROFILE_PASSWORD',
'USR_CNF_PASS' => 'PM_EDIT_USER_PROFILE_PASSWORD',
'USR_LOGGED_NEXT_TIME' => 'PM_EDIT_USER_PROFILE_USER_MUST_CHANGE_PASSWORD_AT_NEXT_LOGON',
'USR_PHOTO' => 'PM_EDIT_USER_PROFILE_PHOTO',
'PREF_DEFAULT_MENUSELECTED' => 'PM_EDIT_USER_PROFILE_DEFAULT_MAIN_MENU_OPTIONS',
'PREF_DEFAULT_CASESELECTED' => 'PM_EDIT_USER_PROFILE_DEFAULT_CASES_MENU_OPTIONS'
);
/**
* Constructor of the class
*
@@ -58,6 +88,13 @@ class User
}
}
/**
* @return array
*/
public function getPermissionsForEdit(){
return $this->arrayPermissionsForEditUser;
}
/**
* Set the format of the fields name (uppercase, lowercase)
*
@@ -1322,6 +1359,53 @@ class User
$this->userObj->update($fields);
}
/**
* @param $userUid
* @param array $arrayPermission
* @return User
* @throws \Exception
*/
public function checkPermissionForEdit($userUid, $arrayPermission = array(), $form)
{
try {
foreach ($arrayPermission as $key => $value) {
$flagPermission = $this->checkPermission($userUid, $value);
if (!$flagPermission){
unset($form[$key]);
}
}
return $form;
} catch (\Exception $e) {
throw $e;
}
}
/**
* @param $aFields
* @return array
* @throws \Exception
*/
public function loadDetailedPermissions($aFields)
{
try {
global $RBAC;
$resultPermissionsForUser = array();
if ($aFields['USR_UID'] != '') {
foreach ($this->arrayPermissionsForEditUser as $index => $item) {
if ($RBAC->userCanAccess($item) !== 1) {
$resultPermissionsForUser[$index] = $item;
}
}
return $resultPermissionsForUser;
} else {
$lang = defined('SYS_LANG') ? SYS_LANG : 'en';
throw (new \Exception(G::LoadTranslation("ID_USER_UID_DOESNT_EXIST", $lang, array("USR_UID" => $aFields['USR_UID']))));
}
} catch (\Exception $oError) {
throw ($oError);
}
}
/**
* Check permission
*

45
workflow/engine/templates/users/users.js
View File

@@ -29,7 +29,6 @@ var displayPreferences;
var box;
var infoMode;
var global = {};
var readMode;
var usernameText;
var previousUsername = '';
var canEdit = true;
@@ -63,6 +62,8 @@ Ext.onReady(function () {
});
displayPreferences = "display: block;";
if (MODE == "edit" || MODE == "") {
flagPoliciesPassword = true;
}
@@ -78,12 +79,7 @@ Ext.onReady(function () {
//Mode info
box.setVisible(false);
box.disable();
displayPreferences = "display: block;";
readMode = true;
} else {
displayPreferences = "display: none;";
readMode = false;
canEdit = false;
}
} else {
@@ -93,8 +89,6 @@ Ext.onReady(function () {
box.setVisible(false);
box.disable();
displayPreferences = "display: none;";
readMode = false;
canEdit = false;
}
@@ -305,7 +299,6 @@ Ext.onReady(function () {
fieldLabel: _("ID_REPLACED_BY"),
emptyText: "- " + _("ID_NONE") + " -",
readOnly: readMode,
minChars: 1,
hideTrigger: true,
@@ -317,8 +310,7 @@ Ext.onReady(function () {
id : "USR_DUE_DATE",
fieldLabel : _("ID_EXPIRATION_DATE"),
format : "Y-m-d",
editable : false,
readOnly : readMode,
editable : true,
width : 120,
value : (new Date().add(Date.YEAR, EXPIRATION_DATE)).format("Y-m-d")
});
@@ -343,7 +335,6 @@ Ext.onReady(function () {
fieldLabel : _('ID_CALENDAR'),
hiddenName : 'USR_CALENDAR',
id : 'USR_CALENDAR',
readOnly : readMode,
store : storeCalendar,
valueField : 'CALENDAR_UID',
displayField : 'CALENDAR_NAME',
@@ -375,8 +366,7 @@ Ext.onReady(function () {
typeAhead : true,
triggerAction : 'all',
editable : false,
value : 'ACTIVE',
readOnly : readMode
value : 'ACTIVE'
});
storeRole = new Ext.data.Store({
@@ -399,7 +389,6 @@ Ext.onReady(function () {
fieldLabel : _('ID_ROLE'),
hiddenName : 'USR_ROLE',
id : 'USR_ROLE',
readOnly : readMode,
store : storeRole,
valueField : 'ROL_UID',
displayField : 'ROL_CODE',
@@ -548,6 +537,7 @@ Ext.onReady(function () {
allowBlank : false
},
{
id : 'USR_ADDRESS',
xtype : 'textarea',
name : 'USR_ADDRESS',
fieldLabel : _('ID_ADDRESS'),
@@ -804,7 +794,7 @@ Ext.onReady(function () {
emptyText : TRANSLATIONS.ID_SELECT,
width : 260,
selectOnFocus : true,
editable : false,
editable : true,
triggerAction : "all",
mode : "local"
});
@@ -877,7 +867,6 @@ Ext.onReady(function () {
}
//location.href = 'users_List';
}
//hidden:readMode
}
]
});
@@ -1222,7 +1211,6 @@ function userFrmEditSubmit()
frmDetails.getForm().findField("USR_REPLACED_BY").setRawValue(usertmp.REPLACED_NAME);
}
Ext.getCmp("USR_STATUS").setDisabled(readMode);
Ext.getCmp("frmDetails").getForm().submit({
url : "usersAjax",
params : {
@@ -1469,6 +1457,8 @@ function loadUserData()
USR_LOGGED_NEXT_TIME : data.user.USR_LOGGED_NEXT_TIME
});
setReadOnlyItems(data.permission);
if (infoMode) {
Ext.getCmp("USR_FIRSTNAME2").setText(data.user.USR_FIRSTNAME);
Ext.getCmp("USR_LASTNAME2").setText(data.user.USR_LASTNAME);
@@ -1613,3 +1603,22 @@ function userExecuteEvent(element, event)
return !element.dispatchEvent(evt);
}
}
function setReadOnlyItems(permissions) {
for (var key in permissions) {
disableAndReadOnly(key)
}
}
function disableAndReadOnly(idElement) {
if(idElement == 'USR_TIME_ZONE'){
idElement = 'cboTimeZone';
}
if(idElement == 'USR_CUR_PASS'){
idElement = 'currentPassword';
}
var myBoxCmp = Ext.getCmp(idElement);
if (myBoxCmp) {
Ext.getCmp(idElement).setReadOnly(true);
Ext.getCmp(idElement).disable();
}
}