diff --git a/gulliver/system/class.g.php b/gulliver/system/class.g.php index ebe424741..abe71db68 100644 --- a/gulliver/system/class.g.php +++ b/gulliver/system/class.g.php @@ -1989,7 +1989,7 @@ class G * * @return void */ - public function SendTemporalMessage ($msgID, $strType, $sType = 'LABEL', $time = null, $width = null, $customLabels = null) + public static function SendTemporalMessage ($msgID, $strType, $sType = 'LABEL', $time = null, $width = null, $customLabels = null) { if (isset( $width )) { $_SESSION['G_MESSAGE_WIDTH'] = $width; diff --git a/gulliver/system/class.rbac.php b/gulliver/system/class.rbac.php index f5da6a354..9ca940d9d 100644 --- a/gulliver/system/class.rbac.php +++ b/gulliver/system/class.rbac.php @@ -25,6 +25,9 @@ * Coral Gables, FL, 33134, USA, or email info@colosa.com. * */ + +use ProcessMaker\Exception\RBACException; + /** * File: $Id$ * @@ -148,8 +151,11 @@ class RBAC ), 'newSite.php' => array( 'newSite.php' => array('PM_SETUP_ADVANCE') + ), + 'emailsAjax.php' => array( + 'MessageList' => array('PM_SETUP', 'PM_SETUP_LOGS'), + 'updateStatusMessage' => array('PM_SETUP', 'PM_SETUP_LOGS'), ) - ); } @@ -1546,8 +1552,7 @@ class RBAC } if (!$access) { - G::header('Location: /errors/error403.php'); - die(); + throw new RBACException('ID_ACCESS_DENIED', 403); } } } diff --git a/workflow/engine/classes/model/ListParticipatedLast.php b/workflow/engine/classes/model/ListParticipatedLast.php index ce7321e43..487ade2ad 100644 --- a/workflow/engine/classes/model/ListParticipatedLast.php +++ b/workflow/engine/classes/model/ListParticipatedLast.php @@ -49,19 +49,24 @@ class ListParticipatedLast extends BaseListParticipatedLast $data['DEL_CURRENT_USR_FIRSTNAME'] = $aRow['USR_FIRSTNAME']; $data['DEL_CURRENT_USR_LASTNAME'] = $aRow['USR_LASTNAME']; $data['DEL_CURRENT_TAS_TITLE'] = $data['APP_TAS_TITLE']; + $currentInformation = array( + 'DEL_CURRENT_USR_USERNAME' => $data['DEL_CURRENT_USR_USERNAME'], + 'DEL_CURRENT_USR_FIRSTNAME' => $data['DEL_CURRENT_USR_FIRSTNAME'], + 'DEL_CURRENT_USR_LASTNAME' => $data['DEL_CURRENT_USR_LASTNAME'], + 'DEL_CURRENT_TAS_TITLE' => $data['APP_TAS_TITLE'] + ); } } else { $getData['USR_UID'] = $data['USR_UID_CURRENT']; $getData['APP_UID'] = $data['APP_UID']; $row = $this->getRowFromList($getData); if (is_array($row) && sizeof($row)) { - $set = array( + $currentInformation = array( 'DEL_CURRENT_USR_USERNAME' => '', 'DEL_CURRENT_USR_FIRSTNAME' => '', 'DEL_CURRENT_USR_LASTNAME' => '', - 'APP_TAS_TITLE' => $data['APP_TAS_TITLE'], - 'DEL_CURRENT_TAS_TITLE' => $data['APP_TAS_TITLE'], ); - $this->updateCurrentUser($row, $set); + 'DEL_CURRENT_TAS_TITLE' => $data['APP_TAS_TITLE'] + ); } } @@ -84,6 +89,9 @@ class ListParticipatedLast extends BaseListParticipatedLast if (!empty($data['APP_STATUS'])) { $data['APP_STATUS_ID'] = Application::$app_status_values[$data['APP_STATUS']]; } + //We will update the current information + $this->updateCurrentInfoByAppUid($data['APP_UID'], $currentInformation); + $con = Propel::getConnection(ListParticipatedLastPeer::DATABASE_NAME); try { $this->fromArray($data, BasePeer::TYPE_FIELDNAME); @@ -103,6 +111,27 @@ class ListParticipatedLast extends BaseListParticipatedLast } } + /** + * This function update the row related to the appUid with the current information + * @param string $appUid + * @param array $currentInformation + * @return void + */ + private function updateCurrentInfoByAppUid($appUid, $currentInformation) + { + //Update - WHERE + $criteriaWhere = new Criteria('workflow'); + $criteriaWhere->add(ListParticipatedLastPeer::APP_UID, $appUid, Criteria::EQUAL); + //Update - SET + $criteriaSet = new Criteria('workflow'); + $criteriaSet->add(ListParticipatedLastPeer::DEL_CURRENT_USR_USERNAME, $currentInformation['DEL_CURRENT_USR_USERNAME']); + $criteriaSet->add(ListParticipatedLastPeer::DEL_CURRENT_USR_FIRSTNAME, $currentInformation['DEL_CURRENT_USR_FIRSTNAME']); + $criteriaSet->add(ListParticipatedLastPeer::DEL_CURRENT_USR_LASTNAME, $currentInformation['DEL_CURRENT_USR_LASTNAME']); + $criteriaSet->add(ListParticipatedLastPeer::DEL_CURRENT_TAS_TITLE, $currentInformation['DEL_CURRENT_TAS_TITLE']); + + BasePeer::doUpdate($criteriaWhere, $criteriaSet, Propel::getConnection('workflow')); + } + /** * Update List Participated History Table. * @@ -448,22 +477,6 @@ class ListParticipatedLast extends BaseListParticipatedLast return false; } - public function updateCurrentUser($where, $set) - { - $con = Propel::getConnection('workflow'); - //Update - WHERE - $criteriaWhere = new Criteria('workflow'); - $criteriaWhere->add(ListParticipatedLastPeer::APP_UID, $where['APP_UID'], Criteria::EQUAL); - $criteriaWhere->add(ListParticipatedLastPeer::USR_UID, $where['USR_UID'], Criteria::EQUAL); - $criteriaWhere->add(ListParticipatedLastPeer::DEL_INDEX, $where['DEL_INDEX'], Criteria::EQUAL); - //Update - SET - $criteriaSet = new Criteria('workflow'); - foreach ($set as $k => $v) { - eval('$criteriaSet->add( ListParticipatedLastPeer::'.$k.',$v, Criteria::EQUAL);'); - } - BasePeer::doUpdate($criteriaWhere, $criteriaSet, $con); - } - /** * Returns the number of cases of a user. * diff --git a/workflow/engine/controllers/pmTables.php b/workflow/engine/controllers/pmTables.php index 4d1099d80..5ed01b43d 100644 --- a/workflow/engine/controllers/pmTables.php +++ b/workflow/engine/controllers/pmTables.php @@ -152,6 +152,11 @@ class pmTables extends Controller $sFileName = $httpData->f; $realPath = $PUBLIC_ROOT_PATH . $sFileName; + + if ($this->isValidFileToBeStreamed($sFileName) === false) { + throw new Exception("You are trying to access an unauthorized resource."); + } + G::streamFile( $realPath, true ); unlink( $realPath ); } @@ -206,5 +211,32 @@ class pmTables extends Controller $tableSize = $tableSize - 8; // Prefix PMT_ return $tableSize; } + + /** + * Validates if the file with the $fileName is a valid one, + * that is, it must be a file without relative references that + * can open a door to get some unauthorized system file and + * must have one of the valid file extensions. + * + * @param $fileName, emporal file name that will be streamed + * @return bool + */ + private function isValidFileToBeStreamed($fileName) + { + $result = true; + $validExtensionsForExporting = ['csv', 'pmt']; + + $pathInfo = pathinfo($fileName); + + if ($pathInfo['dirname'] !== '.') { + $result = false; + } + + if (!in_array($pathInfo['extension'], $validExtensionsForExporting)) { + $result = false; + } + + return $result; + } } diff --git a/workflow/engine/methods/login/login.php b/workflow/engine/methods/login/login.php index 7ed996d21..ab16993d0 100644 --- a/workflow/engine/methods/login/login.php +++ b/workflow/engine/methods/login/login.php @@ -36,10 +36,23 @@ if ($browserSupported==false){ /*----------------------------------********---------------------------------*/ $aFields = array(); -if (!isset($_GET['u'])) { - $aFields['URL'] = ''; -} else { - $aFields['URL'] = htmlspecialchars(addslashes(stripslashes(strip_tags(trim(urldecode($_GET['u'])))))); +//Validated redirect url +$aFields['URL'] = ''; +if (!empty($_GET['u'])) { + //clean url with protocols + $flagUrl = true; + //Most used protocols + $protocols = ['https://', 'http://', 'ftp://', 'sftp://','smb://', 'file:', 'mailto:']; + foreach ($protocols as $protocol) { + if (strpos($_GET['u'], $protocol) !== false) { + $_GET['u'] = ''; + $flagUrl = false; + break; + } + } + if ($flagUrl) { + $aFields['URL'] = htmlspecialchars(addslashes(stripslashes(strip_tags(trim(urldecode($_GET['u'])))))); + } } if (!isset($_SESSION['G_MESSAGE'])) { diff --git a/workflow/engine/methods/mails/emailsAjax.php b/workflow/engine/methods/mails/emailsAjax.php index 567dad158..62bdcd467 100644 --- a/workflow/engine/methods/mails/emailsAjax.php +++ b/workflow/engine/methods/mails/emailsAjax.php @@ -1,26 +1,34 @@ userCanAccess('PM_LOGIN')) { + case -2: + throw new RBACException('ID_USER_HAVENT_RIGHTS_SYSTEM', -2); + break; + case -1: + throw new RBACException('ID_USER_HAVENT_RIGHTS_PAGE', -1); + break; +} +$RBAC->allows(basename(__FILE__), $req); -switch($req){ +switch ($req) { case 'MessageList': - $start = (isset($_REQUEST['start']))? $_REQUEST['start'] : '0'; - $limit = (isset($_REQUEST['limit']))? $_REQUEST['limit'] : '25'; - $proUid = (isset($_REQUEST['process']))? $_REQUEST['process'] : ''; - $eventype = (isset($_REQUEST['type']))? $_REQUEST['type'] : ''; - $emailStatus = (isset($_REQUEST['status']))? $_REQUEST['status'] : ''; - $sort = isset($_REQUEST['sort']) ? $_REQUEST['sort'] : ''; - $dir = isset($_REQUEST['dir']) ? $_REQUEST['dir'] : 'ASC'; - $dateFrom = isset( $_POST["dateFrom"] ) ? substr( $_POST["dateFrom"], 0, 10 ) : ""; - $dateTo = isset( $_POST["dateTo"] ) ? substr( $_POST["dateTo"], 0, 10 ) : ""; - $filterBy = (isset($_REQUEST['filterBy']))? $_REQUEST['filterBy'] : 'ALL'; + $start = (isset($_REQUEST['start'])) ? $_REQUEST['start'] : '0'; + $limit = (isset($_REQUEST['limit'])) ? $_REQUEST['limit'] : '25'; + $proUid = (isset($_REQUEST['process'])) ? $_REQUEST['process'] : ''; + $eventype = (isset($_REQUEST['type'])) ? $_REQUEST['type'] : ''; + $emailStatus = (isset($_REQUEST['status'])) ? $_REQUEST['status'] : ''; + $sort = isset($_REQUEST['sort']) ? $_REQUEST['sort'] : ''; + $dir = isset($_REQUEST['dir']) ? $_REQUEST['dir'] : 'ASC'; + $dateFrom = isset($_POST["dateFrom"]) ? substr($_POST["dateFrom"], 0, 10) : ""; + $dateTo = isset($_POST["dateTo"]) ? substr($_POST["dateTo"], 0, 10) : ""; + $filterBy = (isset($_REQUEST['filterBy'])) ? $_REQUEST['filterBy'] : 'ALL'; $response = new stdclass(); $response->status = 'OK'; @@ -31,10 +39,10 @@ switch($req){ $criteria->addJoin(AppMessagePeer::APP_UID, ApplicationPeer::APP_UID, Criteria::LEFT_JOIN); if ($emailStatus != '') { - $criteria->add( AppMessagePeer::APP_MSG_STATUS, $emailStatus); + $criteria->add(AppMessagePeer::APP_MSG_STATUS, $emailStatus); } if ($proUid != '') { - $criteria->add( ApplicationPeer::PRO_UID, $proUid); + $criteria->add(ApplicationPeer::PRO_UID, $proUid); } $arrayType = []; @@ -74,14 +82,14 @@ switch($req){ $dateTo = $dateTo . " 23:59:59"; } - $criteria->add( $criteria->getNewCriterion( AppMessagePeer::APP_MSG_DATE, $dateFrom, Criteria::GREATER_EQUAL )->addAnd( $criteria->getNewCriterion( AppMessagePeer::APP_MSG_DATE, $dateTo, Criteria::LESS_EQUAL ) ) ); + $criteria->add($criteria->getNewCriterion(AppMessagePeer::APP_MSG_DATE, $dateFrom, Criteria::GREATER_EQUAL)->addAnd($criteria->getNewCriterion(AppMessagePeer::APP_MSG_DATE, $dateTo, Criteria::LESS_EQUAL))); } else { $dateFrom = $dateFrom . " 00:00:00"; - $criteria->add( AppMessagePeer::APP_MSG_DATE, $dateFrom, Criteria::GREATER_EQUAL ); + $criteria->add(AppMessagePeer::APP_MSG_DATE, $dateFrom, Criteria::GREATER_EQUAL); } } elseif ($dateTo != "") { $dateTo = $dateTo . " 23:59:59"; - $criteria->add( AppMessagePeer::APP_MSG_DATE, $dateTo, Criteria::LESS_EQUAL ); + $criteria->add(AppMessagePeer::APP_MSG_DATE, $dateTo, Criteria::LESS_EQUAL); } //Number records total @@ -119,10 +127,10 @@ switch($req){ $criteria->addSelectColumn(ProcessPeer::PRO_TITLE); if ($emailStatus != '') { - $criteria->add( AppMessagePeer::APP_MSG_STATUS, $emailStatus); + $criteria->add(AppMessagePeer::APP_MSG_STATUS, $emailStatus); } if ($proUid != '') { - $criteria->add( ApplicationPeer::PRO_UID, $proUid); + $criteria->add(ApplicationPeer::PRO_UID, $proUid); } switch ($filterBy) { @@ -153,24 +161,27 @@ switch($req){ $dateTo = $dateTo . " 23:59:59"; } - $criteria->add( $criteria->getNewCriterion( AppMessagePeer::APP_MSG_DATE, $dateFrom, Criteria::GREATER_EQUAL )->addAnd( $criteria->getNewCriterion( AppMessagePeer::APP_MSG_DATE, $dateTo, Criteria::LESS_EQUAL ) ) ); + $criteria->add($criteria->getNewCriterion(AppMessagePeer::APP_MSG_DATE, $dateFrom, Criteria::GREATER_EQUAL)->addAnd($criteria->getNewCriterion(AppMessagePeer::APP_MSG_DATE, $dateTo, Criteria::LESS_EQUAL))); } else { $dateFrom = $dateFrom . " 00:00:00"; - $criteria->add( AppMessagePeer::APP_MSG_DATE, $dateFrom, Criteria::GREATER_EQUAL ); + $criteria->add(AppMessagePeer::APP_MSG_DATE, $dateFrom, Criteria::GREATER_EQUAL); } } elseif ($dateTo != "") { $dateTo = $dateTo . " 23:59:59"; - $criteria->add( AppMessagePeer::APP_MSG_DATE, $dateTo, Criteria::LESS_EQUAL ); + $criteria->add(AppMessagePeer::APP_MSG_DATE, $dateTo, Criteria::LESS_EQUAL); } if ($sort != '') { + if (!in_array($sort, AppMessagePeer::getFieldNames(BasePeer::TYPE_FIELDNAME))) { + throw new Exception(G::LoadTranslation('ID_INVALID_VALUE_FOR', array('$sort'))); + } if ($dir == 'ASC') { $criteria->addAscendingOrderByColumn($sort); } else { $criteria->addDescendingOrderByColumn($sort); } } else { - $oCriteria->addDescendingOrderByColumn(AppMessagePeer::APP_MSG_SEND_DATE ); + $oCriteria->addDescendingOrderByColumn(AppMessagePeer::APP_MSG_SEND_DATE); } if ($limit != '') { $criteria->setLimit($limit); @@ -188,60 +199,60 @@ switch($req){ $index = 1; $content = new Content(); $tasTitleDefault = G::LoadTranslation('ID_TASK_NOT_RELATED'); - while ( $result->next() ) { + while ($result->next()) { $row = $result->getRow(); - $row['APP_MSG_FROM'] =htmlentities($row['APP_MSG_FROM'], ENT_QUOTES, "UTF-8"); - $row['APP_MSG_STATUS'] = ucfirst ( $row['APP_MSG_STATUS']); + $row['APP_MSG_FROM'] = htmlentities($row['APP_MSG_FROM'], ENT_QUOTES, "UTF-8"); + $row['APP_MSG_STATUS'] = ucfirst($row['APP_MSG_STATUS']); switch ($filterBy) { - case 'CASES': - if ($row['DEL_INDEX'] != 0) { - $index = $row['DEL_INDEX']; - } + case 'CASES': + if ($row['DEL_INDEX'] != 0) { + $index = $row['DEL_INDEX']; + } - $criteria = new Criteria(); + $criteria = new Criteria(); - $criteria->addSelectColumn(AppCacheViewPeer::APP_TITLE); - $criteria->addSelectColumn(AppCacheViewPeer::APP_TAS_TITLE); - $criteria->add(AppCacheViewPeer::APP_UID, $row['APP_UID'], Criteria::EQUAL); - $criteria->add(AppCacheViewPeer::DEL_INDEX, $index, Criteria::EQUAL); + $criteria->addSelectColumn(AppCacheViewPeer::APP_TITLE); + $criteria->addSelectColumn(AppCacheViewPeer::APP_TAS_TITLE); + $criteria->add(AppCacheViewPeer::APP_UID, $row['APP_UID'], Criteria::EQUAL); + $criteria->add(AppCacheViewPeer::DEL_INDEX, $index, Criteria::EQUAL); - $resultCacheView = AppCacheViewPeer::doSelectRS($criteria); - $resultCacheView->setFetchmode(ResultSet::FETCHMODE_ASSOC); + $resultCacheView = AppCacheViewPeer::doSelectRS($criteria); + $resultCacheView->setFetchmode(ResultSet::FETCHMODE_ASSOC); - $row['APP_TITLE'] = '-'; + $row['APP_TITLE'] = '-'; - while ($resultCacheView->next()) { - $rowCacheView = $resultCacheView->getRow(); - $row['APP_TITLE'] = $rowCacheView['APP_TITLE']; - $row['TAS_TITLE'] = $rowCacheView['APP_TAS_TITLE']; - } + while ($resultCacheView->next()) { + $rowCacheView = $resultCacheView->getRow(); + $row['APP_TITLE'] = $rowCacheView['APP_TITLE']; + $row['TAS_TITLE'] = $rowCacheView['APP_TAS_TITLE']; + } - if ($row['DEL_INDEX'] == 0) { - $row['TAS_TITLE'] = $tasTitleDefault; - } - break; - case 'TEST': - $row['PRO_UID'] = ''; - $row['APP_NUMBER'] = ''; - $row['PRO_TITLE'] = ''; - $row['APP_TITLE'] = ''; - $row['TAS_TITLE'] = ''; - break; - case 'EXTERNAL-REGISTRATION': - $row['PRO_UID'] = ''; - $row['APP_NUMBER'] = ''; - $row['PRO_TITLE'] = ''; - $row['APP_TITLE'] = ''; - $row['TAS_TITLE'] = ''; - break; + if ($row['DEL_INDEX'] == 0) { + $row['TAS_TITLE'] = $tasTitleDefault; + } + break; + case 'TEST': + $row['PRO_UID'] = ''; + $row['APP_NUMBER'] = ''; + $row['PRO_TITLE'] = ''; + $row['APP_TITLE'] = ''; + $row['TAS_TITLE'] = ''; + break; + case 'EXTERNAL-REGISTRATION': + $row['PRO_UID'] = ''; + $row['APP_NUMBER'] = ''; + $row['PRO_TITLE'] = ''; + $row['APP_TITLE'] = ''; + $row['TAS_TITLE'] = ''; + break; } $data[] = $row; } $response = array(); $response['totalCount'] = $totalCount; - $response['data'] = $data; + $response['data'] = $data; die(G::json_encode($response)); break; case 'updateStatusMessage': diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/User.php b/workflow/engine/src/ProcessMaker/BusinessModel/User.php index 3bf5d1759..2da9eb6a3 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/User.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/User.php @@ -1,49 +1,86 @@ array("type" => "string", "required" => false, "empty" => false, "defaultValues" => array(), "fieldNameAux" => "usrUid"), - "USR_FIRSTNAME" => array("type" => "string", "required" => true, "empty" => false, "defaultValues" => array(), "fieldNameAux" => "usrFirstname"), - "USR_LASTNAME" => array("type" => "string", "required" => true, "empty" => false, "defaultValues" => array(), "fieldNameAux" => "usrLastname"), - "USR_USERNAME" => array("type" => "string", "required" => true, "empty" => false, "defaultValues" => array(), "fieldNameAux" => "usrUsername"), - "USR_EMAIL" => array("type" => "string", "required" => true, "empty" => false, "defaultValues" => array(), "fieldNameAux" => "usrEmail"), - "USR_ADDRESS" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrAddress"), - "USR_ZIP_CODE" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrZipCode"), - "USR_COUNTRY" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrCountry"), - "USR_CITY" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrCity"), - "USR_LOCATION" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrLocation"), - "USR_PHONE" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrPhone"), - "USR_POSITION" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrPosition"), - "USR_REPLACED_BY" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrReplacedBy"), - "USR_DUE_DATE" => array("type" => "date", "required" => true, "empty" => false, "defaultValues" => array(), "fieldNameAux" => "usrDueDate"), - "USR_CALENDAR" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrCalendar"), - "USR_STATUS" => array("type" => "string", "required" => true, "empty" => false, "defaultValues" => array("ACTIVE", "INACTIVE", "VACATION"), "fieldNameAux" => "usrStatus"), - "USR_ROLE" => array("type" => "string", "required" => true, "empty" => false, "defaultValues" => array(), "fieldNameAux" => "usrRole"), - "USR_NEW_PASS" => array("type" => "string", "required" => true, "empty" => false, "defaultValues" => array(), "fieldNameAux" => "usrNewPass"), - "USR_UX" => array("type" => "string", "required" => false, "empty" => false, "defaultValues" => array("NORMAL", "SIMPLIFIED", "SWITCHABLE", "SINGLE"), "fieldNameAux" => "usrUx"), - "DEP_UID" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "depUid"), - "USR_BIRTHDAY" => array("type" => "date", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrBirthday"), - "USR_FAX" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrFax"), - "USR_CELLULAR" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrCellular"), + "USR_UID" => array("type" => "string", "required" => false, "empty" => false, "defaultValues" => array(), "fieldNameAux" => "usrUid"), + "USR_FIRSTNAME" => array("type" => "string", "required" => true, "empty" => false, "defaultValues" => array(), "fieldNameAux" => "usrFirstname"), + "USR_LASTNAME" => array("type" => "string", "required" => true, "empty" => false, "defaultValues" => array(), "fieldNameAux" => "usrLastname"), + "USR_USERNAME" => array("type" => "string", "required" => true, "empty" => false, "defaultValues" => array(), "fieldNameAux" => "usrUsername"), + "USR_EMAIL" => array("type" => "string", "required" => true, "empty" => false, "defaultValues" => array(), "fieldNameAux" => "usrEmail"), + "USR_ADDRESS" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrAddress"), + "USR_ZIP_CODE" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrZipCode"), + "USR_COUNTRY" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrCountry"), + "USR_CITY" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrCity"), + "USR_LOCATION" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrLocation"), + "USR_PHONE" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrPhone"), + "USR_POSITION" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrPosition"), + "USR_REPLACED_BY" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrReplacedBy"), + "USR_DUE_DATE" => array("type" => "date", "required" => true, "empty" => false, "defaultValues" => array(), "fieldNameAux" => "usrDueDate"), + "USR_CALENDAR" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrCalendar"), + "USR_STATUS" => array("type" => "string", "required" => true, "empty" => false, "defaultValues" => array("ACTIVE", "INACTIVE", "VACATION"), "fieldNameAux" => "usrStatus"), + "USR_ROLE" => array("type" => "string", "required" => true, "empty" => false, "defaultValues" => array(), "fieldNameAux" => "usrRole"), + "USR_NEW_PASS" => array("type" => "string", "required" => true, "empty" => false, "defaultValues" => array(), "fieldNameAux" => "usrNewPass"), + "USR_UX" => array("type" => "string", "required" => false, "empty" => false, "defaultValues" => array("NORMAL", "SIMPLIFIED", "SWITCHABLE", "SINGLE"), "fieldNameAux" => "usrUx"), + "DEP_UID" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "depUid"), + "USR_BIRTHDAY" => array("type" => "date", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrBirthday"), + "USR_FAX" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrFax"), + "USR_CELLULAR" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrCellular"), /*----------------------------------********---------------------------------*/ - "USR_COST_BY_HOUR" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrCostByHour"), - "USR_UNIT_COST" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrUnitCost"), + "USR_COST_BY_HOUR" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrCostByHour"), + "USR_UNIT_COST" => array("type" => "string", "required" => false, "empty" => true, "defaultValues" => array(), "fieldNameAux" => "usrUnitCost"), /*----------------------------------********---------------------------------*/ - 'USR_LOGGED_NEXT_TIME' => ['type' => 'int', 'required' => false, 'empty' => false, 'defaultValues' => [0, 1], 'fieldNameAux' => 'usrLoggedNextTime'], - 'USR_TIME_ZONE' => ['type' => 'string', 'required' => false, 'empty' => true, 'defaultValues' => [], 'fieldNameAux' => 'usrTimeZone'] + 'USR_LOGGED_NEXT_TIME' => ['type' => 'int', 'required' => false, 'empty' => false, 'defaultValues' => [0, 1], 'fieldNameAux' => 'usrLoggedNextTime'], + 'USR_TIME_ZONE' => ['type' => 'string', 'required' => false, 'empty' => true, 'defaultValues' => [], 'fieldNameAux' => 'usrTimeZone'] ); private $formatFieldNameInUppercase = true; private $arrayFieldNameForException = array( - "usrPhoto" => "USR_PHOTO" + "usrPhoto" => "USR_PHOTO" ); - private $arrayPermissionsForEditUser = array ( + private $arrayPermissionsForEditUser = array( 'USR_FIRSTNAME' => 'PM_EDIT_USER_PROFILE_FIRST_NAME', 'USR_LASTNAME' => 'PM_EDIT_USER_PROFILE_LAST_NAME', 'USR_USERNAME' => 'PM_EDIT_USER_PROFILE_USERNAME', @@ -75,8 +112,6 @@ class User /** * Constructor of the class - * - * return void */ public function __construct() { @@ -84,7 +119,7 @@ class User foreach ($this->arrayFieldDefinition as $key => $value) { $this->arrayFieldNameForException[$value["fieldNameAux"]] = $key; } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -92,16 +127,15 @@ class User /** * @return array */ - public function getPermissionsForEdit(){ + public function getPermissionsForEdit() + { return $this->arrayPermissionsForEditUser; } /** * Set the format of the fields name (uppercase, lowercase) - * * @param bool $flag Value that set the format - * - * return void + * @throws Exception */ public function setFormatFieldNameInUppercase($flag) { @@ -109,17 +143,15 @@ class User $this->formatFieldNameInUppercase = $flag; $this->setArrayFieldNameForException($this->arrayFieldNameForException); - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } /** * Set exception users for fields - * * @param array $arrayData Data with the fields - * - * return void + * @throws Exception */ public function setArrayFieldNameForException(array $arrayData) { @@ -127,82 +159,77 @@ class User foreach ($arrayData as $key => $value) { $this->arrayFieldNameForException[$key] = $this->getFieldNameByFormatFieldName($value); } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } /** * Get the name of the field according to the format - * * @param string $fieldName Field name - * - * return string Return the field name according the format + * @return string Return the field name according the format + * @throws Exception */ public function getFieldNameByFormatFieldName($fieldName) { try { - return ($this->formatFieldNameInUppercase)? strtoupper($fieldName) : strtolower($fieldName); - } catch (\Exception $e) { + return ($this->formatFieldNameInUppercase) ? strtoupper($fieldName) : strtolower($fieldName); + } catch (Exception $e) { throw $e; } } /** * Verify if exists the Name of a User - * - * @param string $userName Name + * @param string $userName Name * @param string $userUidToExclude Unique id of User to exclude - * - * return bool Return true if exists the Name of a User, false otherwise + * @return bool Return true if exists the Name of a User, false otherwise + * @throws Exception */ public function existsName($userName, $userUidToExclude = "") { try { + /** @var Criteria $criteria */ $criteria = $this->getUserCriteria(); if ($userUidToExclude != "") { - $criteria->add(\UsersPeer::USR_UID, $userUidToExclude, \Criteria::NOT_EQUAL); + $criteria->add(UsersPeer::USR_UID, $userUidToExclude, Criteria::NOT_EQUAL); } - $criteria->add(\UsersPeer::USR_USERNAME, $userName, \Criteria::EQUAL); + $criteria->add(UsersPeer::USR_USERNAME, $userName, Criteria::EQUAL); //QUERY - $rsCriteria = \UsersPeer::doSelectRS($criteria); + $rsCriteria = UsersPeer::doSelectRS($criteria); - return ($rsCriteria->next())? true : false; - } catch (\Exception $e) { + return ($rsCriteria->next()) ? true : false; + } catch (Exception $e) { throw $e; } } /** * Verify if exists the Name of a User - * - * @param string $userName Name + * @param string $userName Name * @param string $fieldNameForException Field name for the exception - * @param string $userUidToExclude Unique id of User to exclude - * - * return void Throw exception if exists the title of a User + * @param string $userUidToExclude Unique id of User to exclude + * @throws Exception if exists the title of a User */ public function throwExceptionIfExistsName($userName, $fieldNameForException, $userUidToExclude = "") { try { if ($this->existsName($userName, $userUidToExclude)) { - throw new \Exception(\G::LoadTranslation("ID_USER_NAME_ALREADY_EXISTS", array($fieldNameForException, $userName))); + throw new Exception(G::LoadTranslation("ID_USER_NAME_ALREADY_EXISTS", array($fieldNameForException, $userName))); } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } /** * Verify password - * - * @param string $userPassword Password + * @param string $userPassword Password * @param string $fieldNameForException Field name for the exception - * - * return void Throw exception if password is invalid + * @throws Exception if password is invalid */ public function throwExceptionIfPasswordIsInvalid($userPassword, $fieldNameForException) { @@ -210,32 +237,30 @@ class User $result = $this->testPassword($userPassword); if (!$result["STATUS"]) { - throw new \Exception($fieldNameForException . ": " . $result["DESCRIPTION"]); + throw new Exception($fieldNameForException . ": " . $result["DESCRIPTION"]); } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } /** * Validate the data if they are invalid (INSERT and UPDATE) - * - * @param string $userUid Unique id of User - * @param array $arrayData Data - * - * return void Throw exception if data has an invalid value + * @param string $userUid Unique id of User + * @param array $arrayData Data + * @throws Exception if data has an invalid value */ public function throwExceptionIfDataIsInvalid($userUid, array $arrayData) { try { //Set variables - $arrayUserData = ($userUid == "")? array() : $this->getUser($userUid, true); - $flagInsert = ($userUid == "")? true : false; + $arrayUserData = ($userUid == "") ? array() : $this->getUser($userUid, true); + $flagInsert = ($userUid == "") ? true : false; $arrayFinalData = array_merge($arrayUserData, $arrayData); //Verify data - Field definition. - $process = new \ProcessMaker\BusinessModel\Process(); + $process = new Process(); $process->throwExceptionIfDataNotMetFieldDefinition($arrayData, $this->arrayFieldDefinition, $this->arrayFieldNameForException, $flagInsert); @@ -246,7 +271,7 @@ class User if (isset($arrayData["USR_EMAIL"])) { if (!filter_var($arrayData["USR_EMAIL"], FILTER_VALIDATE_EMAIL)) { - throw new \Exception($this->arrayFieldNameForException["usrEmail"] . ": " . \G::LoadTranslation("ID_INCORRECT_EMAIL")); + throw new Exception($this->arrayFieldNameForException["usrEmail"] . ": " . G::LoadTranslation("ID_INCORRECT_EMAIL")); } } @@ -255,10 +280,10 @@ class User } if (isset($arrayData["USR_REPLACED_BY"]) && $arrayData["USR_REPLACED_BY"] != "") { - $obj = \UsersPeer::retrieveByPK($arrayData["USR_REPLACED_BY"]); + $obj = UsersPeer::retrieveByPK($arrayData["USR_REPLACED_BY"]); if (is_null($obj)) { - throw new \Exception(\G::LoadTranslation("ID_USER_DOES_NOT_EXIST", array($this->arrayFieldNameForException["usrReplacedBy"], $arrayData["USR_REPLACED_BY"]))); + throw new Exception(G::LoadTranslation("ID_USER_DOES_NOT_EXIST", array($this->arrayFieldNameForException["usrReplacedBy"], $arrayData["USR_REPLACED_BY"]))); } } @@ -267,124 +292,122 @@ class User if (ctype_digit($arrayUserDueDate[0])) { if (!checkdate($arrayUserDueDate[1], $arrayUserDueDate[2], $arrayUserDueDate[0])) { - throw new \Exception($this->arrayFieldNameForException["usrDueDate"] . ": " . \G::LoadTranslation("ID_MSG_ERROR_DUE_DATE")); + throw new Exception($this->arrayFieldNameForException["usrDueDate"] . ": " . G::LoadTranslation("ID_MSG_ERROR_DUE_DATE")); } } else { - throw new \Exception($this->arrayFieldNameForException["usrDueDate"] . ": " . \G::LoadTranslation("ID_MSG_ERROR_DUE_DATE")); + throw new Exception($this->arrayFieldNameForException["usrDueDate"] . ": " . G::LoadTranslation("ID_MSG_ERROR_DUE_DATE")); } } if (isset($arrayData["USR_ROLE"])) { - require_once (PATH_RBAC_HOME . "engine" . PATH_SEP . "classes" . PATH_SEP . "model" . PATH_SEP . "Roles.php"); + require_once(PATH_RBAC_HOME . "engine" . PATH_SEP . "classes" . PATH_SEP . "model" . PATH_SEP . "Roles.php"); - $criteria = new \Criteria("rbac"); + $criteria = new Criteria("rbac"); - $criteria->add(\RolesPeer::ROL_CODE, $arrayData["USR_ROLE"]); - $rsCriteria = \RolesPeer::doSelectRS($criteria); + $criteria->add(RolesPeer::ROL_CODE, $arrayData["USR_ROLE"]); + $rsCriteria = RolesPeer::doSelectRS($criteria); if (!$rsCriteria->next()) { - throw new \Exception(\G::LoadTranslation("ID_INVALID_VALUE_FOR", array($this->arrayFieldNameForException["usrRole"]))); + throw new Exception(G::LoadTranslation("ID_INVALID_VALUE_FOR", array($this->arrayFieldNameForException["usrRole"]))); } } if (isset($arrayData["USR_COUNTRY"]) && $arrayData["USR_COUNTRY"] != "") { - $obj = \IsoCountryPeer::retrieveByPK($arrayData["USR_COUNTRY"]); + $obj = IsoCountryPeer::retrieveByPK($arrayData["USR_COUNTRY"]); if (is_null($obj)) { - throw new \Exception(\G::LoadTranslation("ID_INVALID_VALUE_FOR", array($this->arrayFieldNameForException["usrCountry"]))); + throw new Exception(G::LoadTranslation("ID_INVALID_VALUE_FOR", array($this->arrayFieldNameForException["usrCountry"]))); } } if (isset($arrayData["USR_CITY"]) && $arrayData["USR_CITY"] != "") { if (!isset($arrayFinalData["USR_COUNTRY"]) || $arrayFinalData["USR_COUNTRY"] == "") { - throw new \Exception(\G::LoadTranslation("ID_INVALID_VALUE_FOR", array($this->arrayFieldNameForException["usrCountry"]))); + throw new Exception(G::LoadTranslation("ID_INVALID_VALUE_FOR", array($this->arrayFieldNameForException["usrCountry"]))); } - $obj = \IsoSubdivisionPeer::retrieveByPK($arrayFinalData["USR_COUNTRY"], $arrayData["USR_CITY"]); + $obj = IsoSubdivisionPeer::retrieveByPK($arrayFinalData["USR_COUNTRY"], $arrayData["USR_CITY"]); if (is_null($obj)) { - throw new \Exception(\G::LoadTranslation("ID_INVALID_VALUE_FOR", array($this->arrayFieldNameForException["usrCity"]))); + throw new Exception(G::LoadTranslation("ID_INVALID_VALUE_FOR", array($this->arrayFieldNameForException["usrCity"]))); } } if (isset($arrayData["USR_LOCATION"]) && $arrayData["USR_LOCATION"] != "") { if (!isset($arrayFinalData["USR_COUNTRY"]) || $arrayFinalData["USR_COUNTRY"] == "") { - throw new \Exception(\G::LoadTranslation("ID_INVALID_VALUE_FOR", array($this->arrayFieldNameForException["usrCountry"]))); + throw new Exception(G::LoadTranslation("ID_INVALID_VALUE_FOR", array($this->arrayFieldNameForException["usrCountry"]))); } - $obj = \IsoLocationPeer::retrieveByPK($arrayFinalData["USR_COUNTRY"], $arrayData["USR_LOCATION"]); + $obj = IsoLocationPeer::retrieveByPK($arrayFinalData["USR_COUNTRY"], $arrayData["USR_LOCATION"]); if (is_null($obj)) { - throw new \Exception(\G::LoadTranslation("ID_INVALID_VALUE_FOR", array($this->arrayFieldNameForException["usrLocation"]))); + throw new Exception(G::LoadTranslation("ID_INVALID_VALUE_FOR", array($this->arrayFieldNameForException["usrLocation"]))); } } if (isset($arrayData["USR_CALENDAR"]) && $arrayData["USR_CALENDAR"] != "") { - $obj = \CalendarDefinitionPeer::retrieveByPK($arrayData["USR_CALENDAR"]); + $obj = CalendarDefinitionPeer::retrieveByPK($arrayData["USR_CALENDAR"]); if (is_null($obj)) { - throw new \Exception(\G::LoadTranslation("ID_CALENDAR_DOES_NOT_EXIST", array($this->arrayFieldNameForException["usrCalendar"], $arrayData["USR_CALENDAR"]))); + throw new Exception(G::LoadTranslation("ID_CALENDAR_DOES_NOT_EXIST", array($this->arrayFieldNameForException["usrCalendar"], $arrayData["USR_CALENDAR"]))); } } if (isset($arrayData["DEP_UID"]) && $arrayData["DEP_UID"] != "") { - $department = new \Department(); + $department = new Department(); if (!$department->existsDepartment($arrayData["DEP_UID"])) { - throw new \Exception(\G::LoadTranslation("ID_DEPARTMENT_NOT_EXIST", array($this->arrayFieldNameForException["depUid"], $arrayData["DEP_UID"]))); + throw new Exception(G::LoadTranslation("ID_DEPARTMENT_NOT_EXIST", array($this->arrayFieldNameForException["depUid"], $arrayData["DEP_UID"]))); } } if (isset($arrayData['USR_TIME_ZONE']) && $arrayData['USR_TIME_ZONE'] != '') { - if (!in_array($arrayData['USR_TIME_ZONE'], \DateTimeZone::listIdentifiers())) { - throw new \Exception(\G::LoadTranslation('ID_TIME_ZONE_DOES_NOT_EXIST', [$this->arrayFieldNameForException['usrTimeZone'], $arrayData['USR_TIME_ZONE']])); + if (!in_array($arrayData['USR_TIME_ZONE'], DateTimeZone::listIdentifiers())) { + throw new Exception(G::LoadTranslation('ID_TIME_ZONE_DOES_NOT_EXIST', [$this->arrayFieldNameForException['usrTimeZone'], $arrayData['USR_TIME_ZONE']])); } } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } /** * Verify if does not exist the User in table USERS - * - * @param string $userUid Unique id of Email Server + * @param string $userUid Unique id of Email Server * @param string $fieldNameForException Field name for the exception - * - * return void Throw exception if does not exist the User in table USERS + * @throws Exception if does not exist the User in table USERS */ public function throwExceptionIfNotExistsUser($userUid, $fieldNameForException) { try { - $obj = \UsersPeer::retrieveByPK($userUid); + $obj = UsersPeer::retrieveByPK($userUid); if (is_null($obj) || $obj->getUsrUsername() == "") { - throw new \Exception(\G::LoadTranslation("ID_USER_DOES_NOT_EXIST", array($fieldNameForException, $userUid))); + throw new Exception(G::LoadTranslation("ID_USER_DOES_NOT_EXIST", array($fieldNameForException, $userUid))); } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } /** * Get User record - * - * @param string $userUid Unique id of User - * @param array $arrayVariableNameForException Variable name for exception - * @param bool $throwException Flag to throw the exception if the main parameters are invalid or do not exist + * @param string $userUid Unique id of User + * @param array $arrayVariableNameForException Variable name for exception + * @param bool $throwException Flag to throw the exception if the main parameters are invalid or do not exist * (TRUE: throw the exception; FALSE: returns FALSE) - * - * @return array Returns an array with User record, ThrowTheException/FALSE otherwise + * @return array|bool Returns an array with User record, ThrowTheException/FALSE otherwise + * @throws Exception */ public function getUserRecordByPk($userUid, array $arrayVariableNameForException, $throwException = true) { try { - $obj = \UsersPeer::retrieveByPK($userUid); + $obj = UsersPeer::retrieveByPK($userUid); if (is_null($obj)) { if ($throwException) { - throw new \Exception(\G::LoadTranslation( - 'ID_USER_DOES_NOT_EXIST', [$arrayVariableNameForException['$userUid'], $userUid] + throw new Exception(G::LoadTranslation( + 'ID_USER_DOES_NOT_EXIST', + [$arrayVariableNameForException['$userUid'], $userUid] )); } else { return false; @@ -392,135 +415,133 @@ class User } //Return - return $obj->toArray(\BasePeer::TYPE_FIELDNAME); - } catch (\Exception $e) { + return $obj->toArray(BasePeer::TYPE_FIELDNAME); + } catch (Exception $e) { throw $e; } } /** * Get custom record - * * @param array $record Record - * * @return array Return an array with custom record + * @throws Exception */ private function __getUserCustomRecordFromRecord(array $record) { try { //Get Calendar - $calendar = new \Calendar(); - $calendarInfo = $calendar->getCalendarFor( $record["USR_UID"], "", "" ); + $calendar = new Calendar(); + $calendarInfo = $calendar->getCalendarFor($record["USR_UID"], "", ""); $aFields["USR_CALENDAR_UID"] = ($calendarInfo["CALENDAR_APPLIED"] != "DEFAULT") ? $calendarInfo["CALENDAR_UID"] : ""; - $aFields["USR_CALENDAR"] = ($aFields["USR_CALENDAR_UID"] != "") ? $calendar->calendarName( $aFields["USR_CALENDAR_UID"] ) : $aFields["USR_CALENDAR_UID"]; + $aFields["USR_CALENDAR"] = ($aFields["USR_CALENDAR_UID"] != "") ? $calendar->calendarName($aFields["USR_CALENDAR_UID"]) : $aFields["USR_CALENDAR_UID"]; //Get photo $pathPhotoUser = PATH_IMAGES_ENVIRONMENT_USERS . $record["USR_UID"] . ".gif"; - if (! file_exists( $pathPhotoUser )) { + if (!file_exists($pathPhotoUser)) { $pathPhotoUser = PATH_HOME . "public_html" . PATH_SEP . "images" . PATH_SEP . "user.gif"; } $arrayResult = []; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_UID')] = $record['USR_UID']; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_USERNAME')] = $record['USR_USERNAME']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_UID')] = $record['USR_UID']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_USERNAME')] = $record['USR_USERNAME']; //$arrayResult[$this->getFieldNameByFormatFieldName('USR_PASSWORD')] = $record['USR_PASSWORD']; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_FIRSTNAME')] = $record['USR_FIRSTNAME']; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_LASTNAME')] = $record['USR_LASTNAME']; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_EMAIL')] = $record['USR_EMAIL']; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_DUE_DATE')] = $record['USR_DUE_DATE']; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_CREATE_DATE')] = $record['USR_CREATE_DATE']; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_UPDATE_DATE')] = $record['USR_UPDATE_DATE']; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_STATUS')] = $record['USR_STATUS']; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_COUNTRY')] = $record['USR_COUNTRY']; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_CITY')] = $record['USR_CITY']; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_LOCATION')] = $record['USR_LOCATION']; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_ADDRESS')] = $record['USR_ADDRESS']; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_PHONE')] = $record['USR_PHONE']; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_FAX')] = $record['USR_FAX']; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_CELLULAR')] = $record['USR_CELLULAR']; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_ZIP_CODE')] = $record['USR_ZIP_CODE']; - $arrayResult[$this->getFieldNameByFormatFieldName('DEP_UID')] = $record['DEP_UID']; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_POSITION')] = $record['USR_POSITION']; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_RESUME')] = $record['USR_RESUME']; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_BIRTHDAY')] = $record['USR_BIRTHDAY']; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_ROLE')] = $record['USR_ROLE']; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_REPORTS_TO')] = $record['USR_REPORTS_TO']; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_REPLACED_BY')] = $record['USR_REPLACED_BY']; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_CALENDAR_UID')] = $aFields['USR_CALENDAR_UID']; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_CALENDAR_NAME')] = $aFields['USR_CALENDAR']; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_UX')] = $record['USR_UX']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_FIRSTNAME')] = $record['USR_FIRSTNAME']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_LASTNAME')] = $record['USR_LASTNAME']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_EMAIL')] = $record['USR_EMAIL']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_DUE_DATE')] = $record['USR_DUE_DATE']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_CREATE_DATE')] = $record['USR_CREATE_DATE']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_UPDATE_DATE')] = $record['USR_UPDATE_DATE']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_STATUS')] = $record['USR_STATUS']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_COUNTRY')] = $record['USR_COUNTRY']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_CITY')] = $record['USR_CITY']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_LOCATION')] = $record['USR_LOCATION']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_ADDRESS')] = $record['USR_ADDRESS']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_PHONE')] = $record['USR_PHONE']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_FAX')] = $record['USR_FAX']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_CELLULAR')] = $record['USR_CELLULAR']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_ZIP_CODE')] = $record['USR_ZIP_CODE']; + $arrayResult[$this->getFieldNameByFormatFieldName('DEP_UID')] = $record['DEP_UID']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_POSITION')] = $record['USR_POSITION']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_RESUME')] = $record['USR_RESUME']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_BIRTHDAY')] = $record['USR_BIRTHDAY']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_ROLE')] = $record['USR_ROLE']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_REPORTS_TO')] = $record['USR_REPORTS_TO']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_REPLACED_BY')] = $record['USR_REPLACED_BY']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_CALENDAR_UID')] = $aFields['USR_CALENDAR_UID']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_CALENDAR_NAME')] = $aFields['USR_CALENDAR']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_UX')] = $record['USR_UX']; /*----------------------------------********---------------------------------*/ - $arrayResult[$this->getFieldNameByFormatFieldName('USR_COST_BY_HOUR')] = $record['USR_COST_BY_HOUR']; - $arrayResult[$this->getFieldNameByFormatFieldName('USR_UNIT_COST')] = $record['USR_UNIT_COST']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_COST_BY_HOUR')] = $record['USR_COST_BY_HOUR']; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_UNIT_COST')] = $record['USR_UNIT_COST']; /*----------------------------------********---------------------------------*/ - $arrayResult[$this->getFieldNameByFormatFieldName('USR_PHOTO_PATH')] = $pathPhotoUser; + $arrayResult[$this->getFieldNameByFormatFieldName('USR_PHOTO_PATH')] = $pathPhotoUser; if (isset($_SESSION['__SYSTEM_UTC_TIME_ZONE__']) && $_SESSION['__SYSTEM_UTC_TIME_ZONE__']) { - $arrayResult[$this->getFieldNameByFormatFieldName('USR_TIME_ZONE')] = (trim($record['USR_TIME_ZONE']) != '')? trim($record['USR_TIME_ZONE']) : \ProcessMaker\Util\System::getTimeZone(); + $arrayResult[$this->getFieldNameByFormatFieldName('USR_TIME_ZONE')] = (trim($record['USR_TIME_ZONE']) != '') ? trim($record['USR_TIME_ZONE']) : System::getTimeZone(); } //Return return $arrayResult; - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } /** * Get criteria for User - * - * return object + * @return object + * @throws Exception */ public function getUserCriteria() { try { - $criteria = new \Criteria("workflow"); + $criteria = new Criteria("workflow"); - $criteria->addSelectColumn(\UsersPeer::USR_UID); - $criteria->addSelectColumn(\UsersPeer::USR_USERNAME); - $criteria->addSelectColumn(\UsersPeer::USR_PASSWORD); - $criteria->addSelectColumn(\UsersPeer::USR_FIRSTNAME); - $criteria->addSelectColumn(\UsersPeer::USR_LASTNAME); - $criteria->addSelectColumn(\UsersPeer::USR_EMAIL); - $criteria->addSelectColumn(\UsersPeer::USR_DUE_DATE); - $criteria->addSelectColumn(\UsersPeer::USR_CREATE_DATE); - $criteria->addSelectColumn(\UsersPeer::USR_UPDATE_DATE); - $criteria->addSelectColumn(\UsersPeer::USR_STATUS); - $criteria->addSelectColumn(\UsersPeer::USR_COUNTRY); - $criteria->addSelectColumn(\UsersPeer::USR_CITY); - $criteria->addSelectColumn(\UsersPeer::USR_LOCATION); - $criteria->addSelectColumn(\UsersPeer::USR_ADDRESS); - $criteria->addSelectColumn(\UsersPeer::USR_PHONE); - $criteria->addSelectColumn(\UsersPeer::USR_FAX); - $criteria->addSelectColumn(\UsersPeer::USR_CELLULAR); - $criteria->addSelectColumn(\UsersPeer::USR_ZIP_CODE); - $criteria->addSelectColumn(\UsersPeer::DEP_UID); - $criteria->addSelectColumn(\UsersPeer::USR_POSITION); - $criteria->addSelectColumn(\UsersPeer::USR_RESUME); - $criteria->addSelectColumn(\UsersPeer::USR_BIRTHDAY); - $criteria->addSelectColumn(\UsersPeer::USR_ROLE); - $criteria->addSelectColumn(\UsersPeer::USR_REPORTS_TO); - $criteria->addSelectColumn(\UsersPeer::USR_REPLACED_BY); - $criteria->addSelectColumn(\UsersPeer::USR_UX); + $criteria->addSelectColumn(UsersPeer::USR_UID); + $criteria->addSelectColumn(UsersPeer::USR_USERNAME); + $criteria->addSelectColumn(UsersPeer::USR_PASSWORD); + $criteria->addSelectColumn(UsersPeer::USR_FIRSTNAME); + $criteria->addSelectColumn(UsersPeer::USR_LASTNAME); + $criteria->addSelectColumn(UsersPeer::USR_EMAIL); + $criteria->addSelectColumn(UsersPeer::USR_DUE_DATE); + $criteria->addSelectColumn(UsersPeer::USR_CREATE_DATE); + $criteria->addSelectColumn(UsersPeer::USR_UPDATE_DATE); + $criteria->addSelectColumn(UsersPeer::USR_STATUS); + $criteria->addSelectColumn(UsersPeer::USR_COUNTRY); + $criteria->addSelectColumn(UsersPeer::USR_CITY); + $criteria->addSelectColumn(UsersPeer::USR_LOCATION); + $criteria->addSelectColumn(UsersPeer::USR_ADDRESS); + $criteria->addSelectColumn(UsersPeer::USR_PHONE); + $criteria->addSelectColumn(UsersPeer::USR_FAX); + $criteria->addSelectColumn(UsersPeer::USR_CELLULAR); + $criteria->addSelectColumn(UsersPeer::USR_ZIP_CODE); + $criteria->addSelectColumn(UsersPeer::DEP_UID); + $criteria->addSelectColumn(UsersPeer::USR_POSITION); + $criteria->addSelectColumn(UsersPeer::USR_RESUME); + $criteria->addSelectColumn(UsersPeer::USR_BIRTHDAY); + $criteria->addSelectColumn(UsersPeer::USR_ROLE); + $criteria->addSelectColumn(UsersPeer::USR_REPORTS_TO); + $criteria->addSelectColumn(UsersPeer::USR_REPLACED_BY); + $criteria->addSelectColumn(UsersPeer::USR_UX); /*----------------------------------********---------------------------------*/ - $criteria->addSelectColumn(\UsersPeer::USR_COST_BY_HOUR); - $criteria->addSelectColumn(\UsersPeer::USR_UNIT_COST); + $criteria->addSelectColumn(UsersPeer::USR_COST_BY_HOUR); + $criteria->addSelectColumn(UsersPeer::USR_UNIT_COST); /*----------------------------------********---------------------------------*/ - $criteria->addSelectColumn(\UsersPeer::USR_TIME_ZONE); + $criteria->addSelectColumn(UsersPeer::USR_TIME_ZONE); //Return return $criteria; - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } /** * Create User - * * @param array $arrayData Data - * - * return array Return data of the new User created + * @return array Return data of the new User created + * @throws Exception */ public function create(array $arrayData) { @@ -528,7 +549,7 @@ class User //Verify data - $validator = new \ProcessMaker\BusinessModel\Validator(); + $validator = new Validator(); $validator->throwExceptionIfDataIsNotArray($arrayData, "\$arrayData"); $validator->throwExceptionIfDataIsEmpty($arrayData, "\$arrayData"); @@ -556,39 +577,20 @@ class User $this->throwExceptionIfDataIsInvalid("", $arrayData); //Create - $cnn = \Propel::getConnection("workflow"); + $cnn = Propel::getConnection("workflow"); try { - $rbac = new \RBAC(); - $user = new \Users(); + $rbac = new RBAC(); + $user = new Users(); $rbac->initRBAC(); - $arrayData["USR_PASSWORD"] = \Bootstrap::hashPassword($arrayData["USR_NEW_PASS"]); + $arrayData["USR_PASSWORD"] = Bootstrap::hashPassword($arrayData["USR_NEW_PASS"]); - $arrayData["USR_BIRTHDAY"] = (isset($arrayData["USR_BIRTHDAY"]))? $arrayData["USR_BIRTHDAY"] : date("Y-m-d"); - $arrayData["USR_LOGGED_NEXT_TIME"] = (isset($arrayData["USR_LOGGED_NEXT_TIME"]))? $arrayData["USR_LOGGED_NEXT_TIME"] : 0; - $arrayData["USR_CREATE_DATE"] = date("Y-m-d H:i:s"); - $arrayData["USR_UPDATE_DATE"] = date("Y-m-d H:i:s"); - - //Create in rbac - //$userStatus = $arrayData["USR_STATUS"]; - // - //if ($arrayData["USR_STATUS"] == "ACTIVE") { - // $arrayData["USR_STATUS"] = 1; - //} - // - //if ($arrayData["USR_STATUS"] == "INACTIVE") { - // $arrayData["USR_STATUS"] = 0; - //} - // - //$userUid = $this->createUser($arrayData); - // - //if ($arrayData["USR_ROLE"] != "") { - // $this->assignRoleToUser($userUid, $arrayData["USR_ROLE"]); - //} - // - //$arrayData["USR_STATUS"] = $userStatus; + $arrayData["USR_BIRTHDAY"] = (isset($arrayData["USR_BIRTHDAY"])) ? $arrayData["USR_BIRTHDAY"] : date("Y-m-d"); + $arrayData["USR_LOGGED_NEXT_TIME"] = (isset($arrayData["USR_LOGGED_NEXT_TIME"])) ? $arrayData["USR_LOGGED_NEXT_TIME"] : 0; + $arrayData["USR_CREATE_DATE"] = date("Y-m-d H:i:s"); + $arrayData["USR_UPDATE_DATE"] = date("Y-m-d H:i:s"); $userUid = $rbac->createUser($arrayData, $arrayData["USR_ROLE"]); @@ -599,9 +601,9 @@ class User $result = $user->create($arrayData); //User Properties - $userProperty = new \UsersProperties(); + $userProperty = new UsersProperties(); - $aUserProperty = $userProperty->loadOrCreateIfNotExists($arrayData["USR_UID"], array("USR_PASSWORD_HISTORY" => serialize(array(\Bootstrap::hashPassword($arrayData["USR_PASSWORD"]))))); + $aUserProperty = $userProperty->loadOrCreateIfNotExists($arrayData["USR_UID"], array("USR_PASSWORD_HISTORY" => serialize(array(Bootstrap::hashPassword($arrayData["USR_PASSWORD"]))))); $aUserProperty["USR_LOGGED_NEXT_TIME"] = $arrayData["USR_LOGGED_NEXT_TIME"]; $userProperty->update($aUserProperty); @@ -610,30 +612,29 @@ class User if (isset($arrayData["USR_CALENDAR"])) { //Save Calendar ID for this user - $calendar = new \Calendar(); + $calendar = new Calendar(); $calendar->assignCalendarTo($arrayData["USR_UID"], $arrayData["USR_CALENDAR"], "USER"); } //Return return $this->getUser($userUid); - } catch (\Exception $e) { + } catch (Exception $e) { $cnn->rollback(); throw $e; } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } /** * Update User - * - * @param string $userUid Unique id of User - * @param array $arrayData Data + * @param string $userUid Unique id of User + * @param array $arrayData Data * @param string $userUidLogged Unique id of User logged - * - * return array Return data of the User updated + * @return array data of the User updated + * @throws Exception */ public function update($userUid, array $arrayData, $userUidLogged) { @@ -641,7 +642,7 @@ class User //Verify data - $validator = new \ProcessMaker\BusinessModel\Validator(); + $validator = new Validator(); $validator->throwExceptionIfDataIsNotArray($arrayData, "\$arrayData"); $validator->throwExceptionIfDataIsEmpty($arrayData, "\$arrayData"); @@ -684,29 +685,29 @@ class User } if ($countPermission == 0) { - throw new \Exception(\G::LoadTranslation("ID_USER_CAN_NOT_UPDATE", array($userUidLogged))); + throw new Exception(G::LoadTranslation("ID_USER_CAN_NOT_UPDATE", array($userUidLogged))); } //Update - $cnn = \Propel::getConnection("workflow"); + $cnn = Propel::getConnection("workflow"); try { - $rbac = new \RBAC(); - $user = new \Users(); + $rbac = new RBAC(); + $user = new Users(); $rbac->initRBAC(); if (isset($arrayData['USR_PASSWORD'])) { - $arrayData['USR_PASSWORD'] = \Bootstrap::hashPassword($arrayData['USR_PASSWORD']); + $arrayData['USR_PASSWORD'] = Bootstrap::hashPassword($arrayData['USR_PASSWORD']); } else { if (isset($arrayData['USR_NEW_PASS'])) { - $arrayData['USR_PASSWORD'] = \Bootstrap::hashPassword($arrayData['USR_NEW_PASS']); + $arrayData['USR_PASSWORD'] = Bootstrap::hashPassword($arrayData['USR_NEW_PASS']); } } - $arrayData["USR_UID"] = $userUid; - $arrayData["USR_LOGGED_NEXT_TIME"] = (isset($arrayData["USR_LOGGED_NEXT_TIME"]))? $arrayData["USR_LOGGED_NEXT_TIME"] : 0; - $arrayData["USR_UPDATE_DATE"] = date("Y-m-d H:i:s"); + $arrayData["USR_UID"] = $userUid; + $arrayData["USR_LOGGED_NEXT_TIME"] = (isset($arrayData["USR_LOGGED_NEXT_TIME"])) ? $arrayData["USR_LOGGED_NEXT_TIME"] : 0; + $arrayData["USR_UPDATE_DATE"] = date("Y-m-d H:i:s"); $flagUserLoggedNextTime = false; @@ -714,15 +715,15 @@ class User if ($arrayData["USR_PASSWORD"] != "") { //require_once 'classes/model/UsersProperties.php'; - $userProperty = new \UsersProperties(); - $aUserProperty = $userProperty->loadOrCreateIfNotExists($userUid, array("USR_PASSWORD_HISTORY" => serialize(array(\Bootstrap::hashPassword($arrayData["USR_PASSWORD"]))))); + $userProperty = new UsersProperties(); + $aUserProperty = $userProperty->loadOrCreateIfNotExists($userUid, array("USR_PASSWORD_HISTORY" => serialize(array(Bootstrap::hashPassword($arrayData["USR_PASSWORD"]))))); $memKey = "rbacSession" . session_id(); - $memcache = & \PMmemcached::getSingleton(defined("SYS_SYS")? SYS_SYS : ""); + $memcache = &PMmemcached::getSingleton(defined("SYS_SYS") ? SYS_SYS : ""); if (($rbac->aUserInfo = $memcache->get($memKey)) == false) { $rbac->loadUserRolePermission("PROCESSMAKER", $userUidLogged); - $memcache->set($memKey, $rbac->aUserInfo, \PMmemcached::EIGHT_HOURS); + $memcache->set($memKey, $rbac->aUserInfo, PMmemcached::EIGHT_HOURS); } if ($rbac->aUserInfo["PROCESSMAKER"]["ROLE"]["ROL_CODE"] == "PROCESSMAKER_ADMIN") { @@ -759,7 +760,7 @@ class User $sDescription = $sDescription . " - " . G::LoadTranslation("PASSWORD_HISTORY") . ": " . PPP_PASSWORD_HISTORY . "\n"; $sDescription = $sDescription . "\n" . G::LoadTranslation("ID_PLEASE_CHANGE_PASSWORD_POLICY") . ""; - throw new \Exception($this->arrayFieldNameForException["usrNewPass"] . ": " . $sDescription); + throw new Exception($this->arrayFieldNameForException["usrNewPass"] . ": " . $sDescription); } if (count($aHistory) >= PPP_PASSWORD_HISTORY) { @@ -781,11 +782,9 @@ class User } if ($flagUserLoggedNextTime) { - //require_once "classes/model/Users.php"; - $oUser = new \Users(); + $oUser = new Users(); $aUser = $oUser->load($userUid); - //require_once "classes/model/UsersProperties.php"; - $oUserProperty = new \UsersProperties(); + $oUserProperty = new UsersProperties(); $aUserProperty = $oUserProperty->loadOrCreateIfNotExists($userUid, array("USR_PASSWORD_HISTORY" => serialize(array($aUser["USR_PASSWORD"])))); $aUserProperty["USR_LOGGED_NEXT_TIME"] = $arrayData["USR_LOGGED_NEXT_TIME"]; $oUserProperty->update($aUserProperty); @@ -805,7 +804,7 @@ class User if (isset($arrayData["USR_CALENDAR"])) { //Save Calendar ID for this user - $calendar = new \Calendar(); + $calendar = new Calendar(); $calendar->assignCalendarTo($userUid, $arrayData["USR_CALENDAR"], "USER"); } @@ -817,23 +816,22 @@ class User } return $arrayData; - } catch (\Exception $e) { + } catch (Exception $e) { $cnn->rollback(); throw $e; } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } /** * Get data of a User - * - * @param string $userUid Unique id of User - * @param bool $flagGetRecord Value that set the getting - * - * return array Return an array with data of a User + * @param string $userUid Unique id of User + * @param bool $flagGetRecord Value that set the getting + * @return array Return an array with data of a User + * @throws Exception */ public function getUser($userUid, $flagGetRecord = false) { @@ -843,35 +841,34 @@ class User //Get data //SQL + /** @var Criteria $criteria */ $criteria = $this->getUserCriteria(); - $criteria->add(\UsersPeer::USR_UID, $userUid, \Criteria::EQUAL); + $criteria->add(UsersPeer::USR_UID, $userUid, Criteria::EQUAL); - $rsCriteria = \UsersPeer::doSelectRS($criteria); - $rsCriteria->setFetchmode(\ResultSet::FETCHMODE_ASSOC); + $rsCriteria = UsersPeer::doSelectRS($criteria); + $rsCriteria->setFetchmode(ResultSet::FETCHMODE_ASSOC); $result = $rsCriteria->next(); $row = $rsCriteria->getRow(); //Return - return (!$flagGetRecord)? $this->__getUserCustomRecordFromRecord($row) : $row; - } catch (\Exception $e) { + return (!$flagGetRecord) ? $this->__getUserCustomRecordFromRecord($row) : $row; + } catch (Exception $e) { throw $e; } } /** * Create User Uid - * - * @param array $arrayUserData Data - * - * return id + * @param array $userData Data + * @return int + * @throws Exception */ public function createUser($userData) { - require_once (PATH_RBAC_HOME . "engine" . PATH_SEP . "classes" . PATH_SEP . "model" . PATH_SEP . "RbacUsers.php"); - $this->userObj = new \RbacUsers(); + $this->userObj = new RbacUsers(); if (class_exists('PMPluginRegistry')) { $pluginRegistry = PluginRegistry::loadSingleton(); if ($pluginRegistry->existsTrigger(PM_BEFORE_CREATE_USER)) { @@ -882,13 +879,13 @@ class User } } } - $oConnection = \Propel::getConnection(\RbacUsersPeer::DATABASE_NAME); + $oConnection = Propel::getConnection(RbacUsersPeer::DATABASE_NAME); try { - $oRBACUsers = new \RbacUsers(); + $oRBACUsers = new RbacUsers(); do { - $userData['USR_UID'] = \G::generateUniqueID(); + $userData['USR_UID'] = G::generateUniqueID(); } while ($oRBACUsers->load($userData['USR_UID'])); - $oRBACUsers->fromArray($userData, \BasePeer::TYPE_FIELDNAME); + $oRBACUsers->fromArray($userData, BasePeer::TYPE_FIELDNAME); $iResult = $oRBACUsers->save(); return $userData['USR_UID']; } catch (Exception $oError) { @@ -905,14 +902,12 @@ class User * @param string $sRolCode * @return void */ - public function assignRoleToUser ($sUserUID = '', $sRolCode = '') + public function assignRoleToUser($sUserUID = '', $sRolCode = '') { - require_once (PATH_RBAC_HOME . "engine" . PATH_SEP . "classes" . PATH_SEP . "model" . PATH_SEP . "Roles.php"); - require_once (PATH_RBAC_HOME . "engine" . PATH_SEP . "classes" . PATH_SEP . "model" . PATH_SEP . "UsersRoles.php"); - $this->usersRolesObj = new \UsersRoles(); - $this->rolesObj = new \Roles(); - $aRol = $this->rolesObj->loadByCode( $sRolCode ); - $this->usersRolesObj->create( $sUserUID, $aRol['ROL_UID'] ); + $this->usersRolesObj = new UsersRoles(); + $this->rolesObj = new Roles(); + $aRol = $this->rolesObj->loadByCode($sRolCode); + $this->usersRolesObj->create($sUserUID, $aRol['ROL_UID']); } /** @@ -922,10 +917,9 @@ class User * @param string $sPassword * @return array */ - public function testPassword ($sPassword = '') + public function testPassword($sPassword = '') { - require_once (PATH_TRUNK . "workflow" . PATH_SEP . "engine" . PATH_SEP . "classes" . PATH_SEP . "model" . PATH_SEP . "UsersProperties.php"); - $oUserProperty = new \UsersProperties(); + $oUserProperty = new UsersProperties(); $aFields = array(); $dateNow = date('Y-m-d H:i:s'); $aErrors = $oUserProperty->validatePassword($sPassword, $dateNow, 0); @@ -934,31 +928,31 @@ class User define('NO_DISPLAY_USERNAME', 1); } $aFields = array(); - $aFields['DESCRIPTION'] = \G::LoadTranslation('ID_POLICY_ALERT'); + $aFields['DESCRIPTION'] = G::LoadTranslation('ID_POLICY_ALERT'); foreach ($aErrors as $sError) { switch ($sError) { case 'ID_PPP_MINIMUM_LENGTH': - $aFields['DESCRIPTION'] .= ' - ' . \G::LoadTranslation($sError) . ': ' . PPP_MINIMUM_LENGTH .'. '; + $aFields['DESCRIPTION'] .= ' - ' . G::LoadTranslation($sError) . ': ' . PPP_MINIMUM_LENGTH . '. '; $aFields[substr($sError, 3)] = PPP_MINIMUM_LENGTH; break; case 'ID_PPP_MAXIMUM_LENGTH': - $aFields['DESCRIPTION'] .= ' - ' . \G::LoadTranslation($sError) . ': ' . PPP_MAXIMUM_LENGTH .'. '; + $aFields['DESCRIPTION'] .= ' - ' . G::LoadTranslation($sError) . ': ' . PPP_MAXIMUM_LENGTH . '. '; $aFields[substr($sError, 3)] = PPP_MAXIMUM_LENGTH; break; case 'ID_PPP_EXPIRATION_IN': - $aFields['DESCRIPTION'] .= ' - ' . \G::LoadTranslation($sError) . ' ' . PPP_EXPIRATION_IN . ' ' . \G::LoadTranslation('ID_DAYS') .'. '; + $aFields['DESCRIPTION'] .= ' - ' . G::LoadTranslation($sError) . ' ' . PPP_EXPIRATION_IN . ' ' . G::LoadTranslation('ID_DAYS') . '. '; $aFields[substr($sError, 3)] = PPP_EXPIRATION_IN; break; default: - $aFields['DESCRIPTION'] .= ' - ' . \G::LoadTranslation($sError); + $aFields['DESCRIPTION'] .= ' - ' . G::LoadTranslation($sError); $aFields[substr($sError, 3)] = 1; break; } } - $aFields['DESCRIPTION'] .= \G::LoadTranslation('ID_PLEASE_CHANGE_PASSWORD_POLICY'); + $aFields['DESCRIPTION'] .= G::LoadTranslation('ID_PLEASE_CHANGE_PASSWORD_POLICY'); $aFields['STATUS'] = false; } else { - $aFields['DESCRIPTION'] = \G::LoadTranslation('ID_PASSWORD_COMPLIES_POLICIES'); + $aFields['DESCRIPTION'] = G::LoadTranslation('ID_PASSWORD_COMPLIES_POLICIES'); $aFields['STATUS'] = true; } return $aFields; @@ -966,35 +960,33 @@ class User /** * change status of an user - * * @access public - * @param array $sUserUID - * @return void + * @param string $sUserUID + * @param string $sStatus */ - public function changeUserStatus ($sUserUID = '', $sStatus = 'ACTIVE') + public function changeUserStatus($sUserUID = '', $sStatus = 'ACTIVE') { - require_once (PATH_RBAC_HOME . "engine" . PATH_SEP . "classes" . PATH_SEP . "model" . PATH_SEP . "RbacUsers.php"); - $this->userObj = new \RbacUsers(); + $this->userObj = new RbacUsers(); if ($sStatus === 'ACTIVE') { $sStatus = 1; } - $aFields = $this->userObj->load( $sUserUID ); + $aFields = $this->userObj->load($sUserUID); $aFields['USR_STATUS'] = $sStatus; - $this->userObj->update( $aFields ); + $this->userObj->update($aFields); } /** * remove a role from an user * * @access public - * @param array $sUserUID + * @param string $sUserUID * @return void */ - public function removeRolesFromUser ($sUserUID = '') + public function removeRolesFromUser($sUserUID = '') { - $oCriteria = new \Criteria( 'rbac' ); - $oCriteria->add( \UsersRolesPeer::USR_UID, $sUserUID ); - \UsersRolesPeer::doDelete( $oCriteria ); + $oCriteria = new Criteria('rbac'); + $oCriteria->add(UsersRolesPeer::USR_UID, $sUserUID); + UsersRolesPeer::doDelete($oCriteria); } /** @@ -1005,19 +997,18 @@ class User * @param string $sRolCode * @return void */ - public function updateUser ($userData = array(), $sRolCode = '') + public function updateUser($userData = array(), $sRolCode = '') { - require_once (PATH_RBAC_HOME . "engine" . PATH_SEP . "classes" . PATH_SEP . "model" . PATH_SEP . "RbacUsers.php"); - $this->userObj = new \RbacUsers(); - if (isset( $userData['USR_STATUS'] )) { + $this->userObj = new RbacUsers(); + if (isset($userData['USR_STATUS'])) { if ($userData['USR_STATUS'] == 'ACTIVE') { $userData['USR_STATUS'] = 1; } } - $this->userObj->update( $userData ); + $this->userObj->update($userData); if ($sRolCode != '') { - $this->removeRolesFromUser( $userData['USR_UID'] ); - $this->assignRoleToUser( $userData['USR_UID'], $sRolCode ); + $this->removeRolesFromUser($userData['USR_UID']); + $this->assignRoleToUser($userData['USR_UID'], $sRolCode); } } @@ -1033,22 +1024,18 @@ class User * @param string $sUser the user * @return $this->aUserInfo[ $sSystem ] */ - public function loadUserRolePermission ($sSystem, $sUser) + public function loadUserRolePermission($sSystem, $sUser) { //in previous versions we provided a path data and session we will cache the session Info for this user //now this is deprecated, and all the aUserInfo is in the memcache - require_once (PATH_RBAC_HOME . "engine" . PATH_SEP . "classes" . PATH_SEP . "model" . PATH_SEP . "UsersRoles.php"); - require_once (PATH_RBAC_HOME . "engine" . PATH_SEP . "classes" . PATH_SEP . "model" . PATH_SEP . "Systems.php"); - require_once (PATH_RBAC_HOME . "engine" . PATH_SEP . "classes" . PATH_SEP . "model" . PATH_SEP . "RbacUsers.php"); - require_once (PATH_RBAC_HOME . "engine" . PATH_SEP . "classes" . PATH_SEP . "model" . PATH_SEP . "RolesPeer.php"); $this->sSystem = $sSystem; - $this->usersRolesObj = new \UsersRoles(); - $this->systemObj = new \Systems(); - $fieldsSystem = $this->systemObj->loadByCode( $sSystem ); - $fieldsRoles = $this->usersRolesObj->getRolesBySystem( $fieldsSystem['SYS_UID'], $sUser ); - $fieldsPermissions = $this->usersRolesObj->getAllPermissions( $fieldsRoles['ROL_UID'], $sUser ); - $this->userObj = new \RbacUsers(); - $this->aUserInfo['USER_INFO'] = $this->userObj->load( $sUser ); + $this->usersRolesObj = new UsersRoles(); + $this->systemObj = new Systems(); + $fieldsSystem = $this->systemObj->loadByCode($sSystem); + $fieldsRoles = $this->usersRolesObj->getRolesBySystem($fieldsSystem['SYS_UID'], $sUser); + $fieldsPermissions = $this->usersRolesObj->getAllPermissions($fieldsRoles['ROL_UID'], $sUser); + $this->userObj = new RbacUsers(); + $this->aUserInfo['USER_INFO'] = $this->userObj->load($sUser); $this->aUserInfo[$sSystem]['SYS_UID'] = $fieldsSystem['SYS_UID']; $this->aUserInfo[$sSystem]['ROLE'] = $fieldsRoles; $this->aUserInfo[$sSystem]['PERMISSIONS'] = $fieldsPermissions; @@ -1057,26 +1044,21 @@ class User /** * Authenticate User - * - * @param array $arrayUserData Data - * - * return array Return data of the User updated + * @param array $arrayUserData Data + * @throws Exception */ public function authenticate($arrayUserData) { try { - - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } /** * Delete User - * * @param string $usrUid Unique id of User - * - * return void + * @throws Exception */ public function delete($usrUid) { @@ -1084,61 +1066,60 @@ class User //Verify data $this->throwExceptionIfNotExistsUser($usrUid, $this->arrayFieldNameForException["usrUid"]); - $oProcessMap = new \Cases(); + $oProcessMap = new Cases(); $USR_UID = $usrUid; $total = 0; $history = 0; $c = $oProcessMap->getCriteriaUsersCases('TO_DO', $USR_UID); - $total += \ApplicationPeer::doCount($c); + $total += ApplicationPeer::doCount($c); $c = $oProcessMap->getCriteriaUsersCases('DRAFT', $USR_UID); - $total += \ApplicationPeer::doCount($c); + $total += ApplicationPeer::doCount($c); $c = $oProcessMap->getCriteriaUsersCases('COMPLETED', $USR_UID); - $history += \ApplicationPeer::doCount($c); + $history += ApplicationPeer::doCount($c); $c = $oProcessMap->getCriteriaUsersCases('CANCELLED', $USR_UID); - $history += \ApplicationPeer::doCount($c); + $history += ApplicationPeer::doCount($c); if ($total > 0) { - throw new \Exception(\G::LoadTranslation("ID_USER_CAN_NOT_BE_DELETED", array($USR_UID))); + throw new Exception(G::LoadTranslation("ID_USER_CAN_NOT_BE_DELETED", array($USR_UID))); } else { $UID = $usrUid; - $oTasks = new \Tasks(); + $oTasks = new Tasks(); $oTasks->ofToAssignUserOfAllTasks($UID); - $oGroups = new \Groups(); + $oGroups = new Groups(); $oGroups->removeUserOfAllGroups($UID); $this->changeUserStatus($UID, 'CLOSED'); $_GET['USR_USERNAME'] = ''; $this->updateUser(array('USR_UID' => $UID, 'USR_USERNAME' => $_GET['USR_USERNAME']), ''); - require_once (PATH_TRUNK . "workflow" . PATH_SEP . "engine" . PATH_SEP . "classes" . PATH_SEP . "model" . PATH_SEP . "Users.php"); - $oUser = new \Users(); + require_once(PATH_TRUNK . "workflow" . PATH_SEP . "engine" . PATH_SEP . "classes" . PATH_SEP . "model" . PATH_SEP . "Users.php"); + $oUser = new Users(); $aFields = $oUser->load($UID); $aFields['USR_STATUS'] = 'CLOSED'; $aFields['USR_USERNAME'] = ''; $oUser->update($aFields); //Delete Dashboard - require_once (PATH_TRUNK . "workflow" . PATH_SEP . "engine" . PATH_SEP . "classes" . PATH_SEP . "model" . PATH_SEP . "DashletInstance.php"); - $criteria = new \Criteria( 'workflow' ); - $criteria->add( \DashletInstancePeer::DAS_INS_OWNER_UID, $UID ); - $criteria->add( \DashletInstancePeer::DAS_INS_OWNER_TYPE , 'USER'); - \DashletInstancePeer::doDelete( $criteria ); + require_once(PATH_TRUNK . "workflow" . PATH_SEP . "engine" . PATH_SEP . "classes" . PATH_SEP . "model" . PATH_SEP . "DashletInstance.php"); + $criteria = new Criteria('workflow'); + $criteria->add(DashletInstancePeer::DAS_INS_OWNER_UID, $UID); + $criteria->add(DashletInstancePeer::DAS_INS_OWNER_TYPE, 'USER'); + DashletInstancePeer::doDelete($criteria); } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } /** * Get all Users - * - * @param array $arrayWhere Where (Condition and filters) - * @param string $sortField Field name to sort - * @param string $sortDir Direction of sorting (ASC, DESC) - * @param int $start Start - * @param int $limit Limit - * @param bool $flagRecord Flag that set the "getting" of record - * @param bool $throwException Flag to throw the exception (This only if the parameters are invalid) + * @param array $arrayWhere Where (Condition and filters) + * @param string $sortField Field name to sort + * @param string $sortDir Direction of sorting (ASC, DESC) + * @param int $start Start + * @param int $limit Limit + * @param bool $flagRecord Flag that set the "getting" of record + * @param bool $throwException Flag to throw the exception (This only if the parameters are invalid) * (TRUE: throw the exception; FALSE: returns FALSE) - * @param string $status The user's status, which can be "ACTIVE", "INACTIVE" or "VACATION" - * + * @param string $status The user's status, which can be "ACTIVE", "INACTIVE" or "VACATION" * @return array Return an array with all Users, ThrowTheException/FALSE otherwise + * @throws Exception */ public function getUsers( array $arrayWhere = null, @@ -1158,16 +1139,16 @@ class User //Verify data and Set variables $flag = !is_null($arrayWhere) && is_array($arrayWhere); $flagCondition = $flag && isset($arrayWhere['condition']); - $flagFilter = $flag && isset($arrayWhere['filter']); + $flagFilter = $flag && isset($arrayWhere['filter']); - $result = \ProcessMaker\BusinessModel\Validator::validatePagerDataByPagerDefinition( + $result = Validator::validatePagerDataByPagerDefinition( ['$start' => $start, '$limit' => $limit], ['$start' => '$start', '$limit' => '$limit'] ); if ($result !== true) { if ($throwException) { - throw new \Exception($result); + throw new Exception($result); } else { return false; } @@ -1178,25 +1159,23 @@ class User if ($flagFilter) { $arrayAux = array( - "" => "filter", - "LEFT" => "lfilter", + "" => "filter", + "LEFT" => "lfilter", "RIGHT" => "rfilter" ); - $filterName = $arrayAux[ - (isset($arrayWhere['filterOption']))? $arrayWhere['filterOption'] : '' - ]; + $filterName = $arrayAux[(isset($arrayWhere['filterOption'])) ? $arrayWhere['filterOption'] : '']; } //Get data if (!is_null($limit) && (string)($limit) == '0') { //Return return array( - "total" => $numRecTotal, - "start" => (int)((!is_null($start))? $start : 0), - "limit" => (int)((!is_null($limit))? $limit : 0), - $filterName => ($flagFilter)? $arrayWhere['filter'] : '', - "data" => $arrayUser + "total" => $numRecTotal, + "start" => (int)((!is_null($start)) ? $start : 0), + "limit" => (int)((!is_null($limit)) ? $limit : 0), + $filterName => ($flagFilter) ? $arrayWhere['filter'] : '', + "data" => $arrayUser ); } @@ -1209,40 +1188,44 @@ class User } } else { if (!is_null($status)) { - $criteria->add(\UsersPeer::USR_STATUS, strtoupper($status), \Criteria::EQUAL); + $criteria->add(UsersPeer::USR_STATUS, strtoupper($status), Criteria::EQUAL); } } if ($flagFilter && trim($arrayWhere['filter']) != '') { $arraySearch = [ - '' => '%' . $arrayWhere['filter'] . '%', - 'LEFT' => $arrayWhere['filter'] . '%', + '' => '%' . $arrayWhere['filter'] . '%', + 'LEFT' => $arrayWhere['filter'] . '%', 'RIGHT' => '%' . $arrayWhere['filter'] ]; - $search = $arraySearch[ - (isset($arrayWhere['filterOption']))? $arrayWhere['filterOption'] : '' - ]; + $search = $arraySearch[(isset($arrayWhere['filterOption'])) ? $arrayWhere['filterOption'] : '']; $criteria->add( - $criteria->getNewCriterion(\UsersPeer::USR_USERNAME, $search, \Criteria::LIKE)->addOr( - $criteria->getNewCriterion(\UsersPeer::USR_FIRSTNAME, $search, \Criteria::LIKE))->addOr( - $criteria->getNewCriterion(\UsersPeer::USR_LASTNAME, $search, \Criteria::LIKE)) + $criteria->getNewCriterion(UsersPeer::USR_USERNAME, $search, Criteria::LIKE)->addOr( + $criteria->getNewCriterion(UsersPeer::USR_FIRSTNAME, $search, Criteria::LIKE) + )->addOr( + $criteria->getNewCriterion(UsersPeer::USR_LASTNAME, $search, Criteria::LIKE) + ) ); } //Number records total - $numRecTotal = \UsersPeer::doCount($criteria); + $numRecTotal = UsersPeer::doCount($criteria); //Query - $conf = new \Configurations(); - $sortFieldDefault = \UsersPeer::TABLE_NAME . '.' . $conf->userNameFormatGetFirstFieldByUsersTable(); + $conf = new Configurations(); + $sortFieldDefault = UsersPeer::TABLE_NAME . '.' . $conf->userNameFormatGetFirstFieldByUsersTable(); if (!is_null($sortField) && trim($sortField) != "") { + //SQL Injection via 'sortField' parameter + if (!in_array($sortField, UsersPeer::getFieldNames(BasePeer::TYPE_FIELDNAME))) { + throw new Exception(G::LoadTranslation('ID_INVALID_VALUE_FOR', array('$sortField'))); + } $sortField = strtoupper($sortField); - if (in_array(\UsersPeer::TABLE_NAME . "." . $sortField, $criteria->getSelectColumns())) { - $sortField = \UsersPeer::TABLE_NAME . "." . $sortField; + if (in_array(UsersPeer::TABLE_NAME . "." . $sortField, $criteria->getSelectColumns())) { + $sortField = UsersPeer::TABLE_NAME . "." . $sortField; } else { $sortField = $sortFieldDefault; } @@ -1264,33 +1247,32 @@ class User $criteria->setLimit((int)($limit)); } - $rsCriteria = \UsersPeer::doSelectRS($criteria); - $rsCriteria->setFetchmode(\ResultSet::FETCHMODE_ASSOC); + $rsCriteria = UsersPeer::doSelectRS($criteria); + $rsCriteria->setFetchmode(ResultSet::FETCHMODE_ASSOC); while ($rsCriteria->next()) { $record = $rsCriteria->getRow(); - $arrayUser[] = ($flagRecord)? $record : $this->__getUserCustomRecordFromRecord($record); + $arrayUser[] = ($flagRecord) ? $record : $this->__getUserCustomRecordFromRecord($record); } //Return return array( - "total" => $numRecTotal, - "start" => (int)((!is_null($start))? $start : 0), - "limit" => (int)((!is_null($limit))? $limit : 0), - $filterName => ($flagFilter)? $arrayWhere['filter'] : '', - "data" => $arrayUser + "total" => $numRecTotal, + "start" => (int)((!is_null($start)) ? $start : 0), + "limit" => (int)((!is_null($limit)) ? $limit : 0), + $filterName => ($flagFilter) ? $arrayWhere['filter'] : '', + "data" => $arrayUser ); - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } /** * Upload image User - * * @param string $userUid Unique id of User - * + * @throws Exception */ public function uploadImage($userUid) { @@ -1299,23 +1281,23 @@ class User $this->throwExceptionIfNotExistsUser($userUid, $this->arrayFieldNameForException["usrUid"]); if (!$_FILES) { - throw new \Exception(\G::LoadTranslation("ID_UPLOAD_ERR_NO_FILE")); + throw new Exception(G::LoadTranslation("ID_UPLOAD_ERR_NO_FILE")); } if (!isset($_FILES["USR_PHOTO"])) { - throw new \Exception(\G::LoadTranslation("ID_UNDEFINED_VALUE_IS_REQUIRED", array($this->arrayFieldNameForException["usrPhoto"]))); + throw new Exception(G::LoadTranslation("ID_UNDEFINED_VALUE_IS_REQUIRED", array($this->arrayFieldNameForException["usrPhoto"]))); } if ($_FILES['USR_PHOTO']['error'] != 1) { if ($_FILES['USR_PHOTO']['tmp_name'] != '') { $aAux = explode('.', $_FILES['USR_PHOTO']['name']); - \G::uploadFile($_FILES['USR_PHOTO']['tmp_name'], PATH_IMAGES_ENVIRONMENT_USERS, $userUid . '.' . $aAux[1]); - \G::resizeImage(PATH_IMAGES_ENVIRONMENT_USERS . $userUid . '.' . $aAux[1], 96, 96, PATH_IMAGES_ENVIRONMENT_USERS . $userUid . '.gif'); + G::uploadFile($_FILES['USR_PHOTO']['tmp_name'], PATH_IMAGES_ENVIRONMENT_USERS, $userUid . '.' . $aAux[1]); + G::resizeImage(PATH_IMAGES_ENVIRONMENT_USERS . $userUid . '.' . $aAux[1], 96, 96, PATH_IMAGES_ENVIRONMENT_USERS . $userUid . '.gif'); } } else { - throw new \Exception(\G::LoadTranslation('ID_ERROR') . ' ' . $_FILES['USR_PHOTO']['error']); + throw new Exception(G::LoadTranslation('ID_ERROR') . ' ' . $_FILES['USR_PHOTO']['error']); } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -1331,7 +1313,7 @@ class User */ public function updateBookmark($userUID, $tasUid, $type) { - $this->userObj = new \Users(); + $this->userObj = new Users(); $fields = $this->userObj->load($userUID); $bookmark = empty($fields['USR_BOOKMARK_START_CASES']) ? array() : unserialize($fields['USR_BOOKMARK_START_CASES']); $position = array_search($tasUid, $bookmark); @@ -1349,19 +1331,19 @@ class User * @param $userUid * @param array $arrayPermission * @return User - * @throws \Exception + * @throws Exception */ public function checkPermissionForEdit($userUid, $arrayPermission = array(), $form) { try { foreach ($arrayPermission as $key => $value) { $flagPermission = $this->checkPermission($userUid, $value); - if (!$flagPermission){ + if (!$flagPermission) { unset($form[$key]); } } return $form; - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -1369,7 +1351,7 @@ class User /** * @param $aFields * @return array - * @throws \Exception + * @throws Exception */ public function loadDetailedPermissions($aFields) { @@ -1385,20 +1367,19 @@ class User return $resultPermissionsForUser; } else { $lang = defined('SYS_LANG') ? SYS_LANG : 'en'; - throw (new \Exception(G::LoadTranslation("ID_USER_UID_DOESNT_EXIST", $lang, array("USR_UID" => $aFields['USR_UID'])))); + throw (new Exception(G::LoadTranslation("ID_USER_UID_DOESNT_EXIST", $lang, array("USR_UID" => $aFields['USR_UID'])))); } - } catch (\Exception $oError) { + } catch (Exception $oError) { throw ($oError); } } /** * Check permission - * - * @param string $userUid Unique uid of User + * @param string $userUid Unique uid of User * @param string $permissionCode Permission code - * - * return bool + * @return bool + * @throws Exception */ public function checkPermission($userUid, $permissionCode) { @@ -1416,15 +1397,15 @@ class User //Return return $flagPermission; - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } /** * Get User-Logged Time Zone - * * @return string Return the User-Logged Time Zone; Time Zone system settings otherwise + * @throws Exception */ public static function getUserLoggedTimeZone() { @@ -1434,24 +1415,23 @@ class User if (isset($_SESSION['USR_TIME_ZONE'])) { $tz = trim($_SESSION['USR_TIME_ZONE']); - $timeZone = ($tz != '')? $tz : $timeZone; + $timeZone = ($tz != '') ? $tz : $timeZone; } //Return return $timeZone; - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } /** * Get the User's Manager - * - * @param string $userUid Unique id of User - * @param bool $throwException Flag to throw the exception if the main parameters are invalid or do not exist + * @param string $userUid Unique id of User + * @param bool $throwException Flag to throw the exception if the main parameters are invalid or do not exist * (TRUE: throw the exception; FALSE: returns FALSE) - * * @return string Returns an string with Unique id of User (Manager), ThrowTheException/FALSE otherwise + * @throws Exception */ public function getUsersManager($userUid, $throwException = true) { @@ -1477,7 +1457,9 @@ class User $flagd = false; $arrayDepartmentData = $department->getDepartmentRecordByPk( - $departmentUid, ['$departmentUid' => '$departmentUid'], $throwException + $departmentUid, + ['$departmentUid' => '$departmentUid'], + $throwException ); if ($arrayDepartmentData === false) { @@ -1503,54 +1485,52 @@ class User } else { return $arrayUserData['USR_REPORTS_TO']; } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } /** * AuditLog - * - * @param string $option Option - * @param array $arrayData Data - * - * @return void + * @param string $option Option + * @param array $arrayData Data + * @throws Exception */ public function auditLog($option, array $arrayData) { try { - $firstName = (array_key_exists('USR_FIRSTNAME', $arrayData))? ' - First Name: ' . $arrayData['USR_FIRSTNAME'] : ''; - $lastName = (array_key_exists('USR_LASTNAME', $arrayData))? ' - Last Name: ' . $arrayData['USR_LASTNAME'] : ''; - $email = (array_key_exists('USR_EMAIL', $arrayData))? ' - Email: ' . $arrayData['USR_EMAIL'] : ''; - $dueDate = (array_key_exists('USR_DUE_DATE', $arrayData))? ' - Due Date: ' . $arrayData['USR_DUE_DATE'] : ''; - $status = (array_key_exists('USR_STATUS', $arrayData))? ' - Status: ' . $arrayData['USR_STATUS'] : ''; - $address = (array_key_exists('USR_ADDRESS', $arrayData))? ' - Address: ' . $arrayData['USR_ADDRESS'] : ''; - $phone = (array_key_exists('USR_PHONE', $arrayData))? ' - Phone: ' . $arrayData['USR_PHONE'] : ''; - $zipCode = (array_key_exists('USR_ZIP_CODE', $arrayData))? ' - Zip Code: ' . $arrayData['USR_ZIP_CODE'] : ''; - $position = (array_key_exists('USR_POSITION', $arrayData))? ' - Position: ' . $arrayData['USR_POSITION'] : ''; - $role = (array_key_exists('USR_ROLE', $arrayData))? ' - Role: ' . $arrayData['USR_ROLE'] : ''; - $languageDef = (array_key_exists('USR_DEFAULT_LANG', $arrayData))? ' - Default Language: ' . $arrayData['USR_DEFAULT_LANG'] : ''; - $timeZone = (array_key_exists('USR_TIME_ZONE', $arrayData))? ' - Time Zone: ' . $arrayData['USR_TIME_ZONE'] : ''; + $firstName = (array_key_exists('USR_FIRSTNAME', $arrayData)) ? ' - First Name: ' . $arrayData['USR_FIRSTNAME'] : ''; + $lastName = (array_key_exists('USR_LASTNAME', $arrayData)) ? ' - Last Name: ' . $arrayData['USR_LASTNAME'] : ''; + $email = (array_key_exists('USR_EMAIL', $arrayData)) ? ' - Email: ' . $arrayData['USR_EMAIL'] : ''; + $dueDate = (array_key_exists('USR_DUE_DATE', $arrayData)) ? ' - Due Date: ' . $arrayData['USR_DUE_DATE'] : ''; + $status = (array_key_exists('USR_STATUS', $arrayData)) ? ' - Status: ' . $arrayData['USR_STATUS'] : ''; + $address = (array_key_exists('USR_ADDRESS', $arrayData)) ? ' - Address: ' . $arrayData['USR_ADDRESS'] : ''; + $phone = (array_key_exists('USR_PHONE', $arrayData)) ? ' - Phone: ' . $arrayData['USR_PHONE'] : ''; + $zipCode = (array_key_exists('USR_ZIP_CODE', $arrayData)) ? ' - Zip Code: ' . $arrayData['USR_ZIP_CODE'] : ''; + $position = (array_key_exists('USR_POSITION', $arrayData)) ? ' - Position: ' . $arrayData['USR_POSITION'] : ''; + $role = (array_key_exists('USR_ROLE', $arrayData)) ? ' - Role: ' . $arrayData['USR_ROLE'] : ''; + $languageDef = (array_key_exists('USR_DEFAULT_LANG', $arrayData)) ? ' - Default Language: ' . $arrayData['USR_DEFAULT_LANG'] : ''; + $timeZone = (array_key_exists('USR_TIME_ZONE', $arrayData)) ? ' - Time Zone: ' . $arrayData['USR_TIME_ZONE'] : ''; $str = 'User Name: ' . $arrayData['USR_USERNAME'] . ' - User ID: (' . $arrayData['USR_UID'] . ')' . $firstName . $lastName . $email . $dueDate . $status . $address . $phone . $zipCode . $position . $role . $timeZone . $languageDef; - \G::auditLog(($option == 'INS')? 'CreateUser' : 'UpdateUser', $str); - } catch (\Exception $e) { + G::auditLog(($option == 'INS') ? 'CreateUser' : 'UpdateUser', $str); + } catch (Exception $e) { throw $e; } } + /** * This function get the list of users - * - * @param string $authSource, authentication source + * @param string $authSource , authentication source * @param string $filter * @param string $sort - * @param integer $start - * @param integer $limit + * @param int $start + * @param int $limit * @param string $dir related to order the column - * - * @return void + * @return array + * @throws Exception */ public function getAllUsersWithAuthSource( $authSource = '', @@ -1559,64 +1539,67 @@ class User $start = 0, $limit = 20, $dir = 'ASC' - ) - { + ) { global $RBAC; $aUsers = array(); if ($authSource != '') { $aUsers = $RBAC->getListUsersByAuthSource($authSource); } - $oCriteria = new \Criteria('workflow'); + $oCriteria = new Criteria('workflow'); $oCriteria->addSelectColumn('COUNT(*) AS CNT'); if ($filter != '') { - $cc = $oCriteria->getNewCriterion(\UsersPeer::USR_USERNAME, '%' . $filter . '%', \Criteria::LIKE) - ->addOr($oCriteria->getNewCriterion(\UsersPeer::USR_FIRSTNAME, '%' . $filter . '%', \Criteria::LIKE) - ->addOr($oCriteria->getNewCriterion(\UsersPeer::USR_LASTNAME, '%' . $filter . '%', \Criteria::LIKE) - ->addOr($oCriteria->getNewCriterion(\UsersPeer::USR_EMAIL, '%' . $filter . '%', \Criteria::LIKE)))); + $cc = $oCriteria->getNewCriterion(UsersPeer::USR_USERNAME, '%' . $filter . '%', Criteria::LIKE) + ->addOr($oCriteria->getNewCriterion(UsersPeer::USR_FIRSTNAME, '%' . $filter . '%', Criteria::LIKE) + ->addOr($oCriteria->getNewCriterion(UsersPeer::USR_LASTNAME, '%' . $filter . '%', Criteria::LIKE) + ->addOr($oCriteria->getNewCriterion(UsersPeer::USR_EMAIL, '%' . $filter . '%', Criteria::LIKE)))); $oCriteria->add($cc); } - $oCriteria->add(\UsersPeer::USR_STATUS, array('CLOSED'), \Criteria::NOT_IN); + $oCriteria->add(UsersPeer::USR_STATUS, array('CLOSED'), Criteria::NOT_IN); if ($authSource != '') { $totalRows = sizeof($aUsers); } else { - $oDataset = \UsersPeer::DoSelectRs($oCriteria); - $oDataset->setFetchmode(\ResultSet::FETCHMODE_ASSOC); + $oDataset = UsersPeer::DoSelectRs($oCriteria); + $oDataset->setFetchmode(ResultSet::FETCHMODE_ASSOC); $oDataset->next(); $row = $oDataset->getRow(); $totalRows = $row['CNT']; } $oCriteria->clearSelectColumns(); - $oCriteria->addSelectColumn(\UsersPeer::USR_UID); - $oCriteria->addSelectColumn(\UsersPeer::USR_USERNAME); - $oCriteria->addSelectColumn(\UsersPeer::USR_FIRSTNAME); - $oCriteria->addSelectColumn(\UsersPeer::USR_LASTNAME); - $oCriteria->addSelectColumn(\UsersPeer::USR_EMAIL); - $oCriteria->addSelectColumn(\UsersPeer::USR_ROLE); - $oCriteria->addSelectColumn(\UsersPeer::USR_DUE_DATE); - $oCriteria->addSelectColumn(\UsersPeer::USR_STATUS); - $oCriteria->addSelectColumn(\UsersPeer::USR_UX); - $oCriteria->addSelectColumn(\UsersPeer::DEP_UID); - $oCriteria->addSelectColumn(\UsersPeer::USR_LAST_LOGIN); + $oCriteria->addSelectColumn(UsersPeer::USR_UID); + $oCriteria->addSelectColumn(UsersPeer::USR_USERNAME); + $oCriteria->addSelectColumn(UsersPeer::USR_FIRSTNAME); + $oCriteria->addSelectColumn(UsersPeer::USR_LASTNAME); + $oCriteria->addSelectColumn(UsersPeer::USR_EMAIL); + $oCriteria->addSelectColumn(UsersPeer::USR_ROLE); + $oCriteria->addSelectColumn(UsersPeer::USR_DUE_DATE); + $oCriteria->addSelectColumn(UsersPeer::USR_STATUS); + $oCriteria->addSelectColumn(UsersPeer::USR_UX); + $oCriteria->addSelectColumn(UsersPeer::DEP_UID); + $oCriteria->addSelectColumn(UsersPeer::USR_LAST_LOGIN); $oCriteria->addAsColumn('LAST_LOGIN', 0); $oCriteria->addAsColumn('DEP_TITLE', 0); $oCriteria->addAsColumn('TOTAL_CASES', 0); $oCriteria->addAsColumn('DUE_DATE_OK', 1); $sep = "'"; - $oCriteria->add(\UsersPeer::USR_STATUS, array('CLOSED'), \Criteria::NOT_IN); + $oCriteria->add(UsersPeer::USR_STATUS, array('CLOSED'), Criteria::NOT_IN); if ($filter != '') { - $cc = $oCriteria->getNewCriterion(\UsersPeer::USR_USERNAME, '%' . $filter . '%', \Criteria::LIKE) - ->addOr($oCriteria->getNewCriterion(\UsersPeer::USR_FIRSTNAME, '%' . $filter . '%', \Criteria::LIKE) - ->addOr($oCriteria->getNewCriterion(\UsersPeer::USR_LASTNAME, '%' . $filter . '%', \Criteria::LIKE) - ->addOr($oCriteria->getNewCriterion(\UsersPeer::USR_EMAIL, '%' . $filter . '%', \Criteria::LIKE)))); + $cc = $oCriteria->getNewCriterion(UsersPeer::USR_USERNAME, '%' . $filter . '%', Criteria::LIKE) + ->addOr($oCriteria->getNewCriterion(UsersPeer::USR_FIRSTNAME, '%' . $filter . '%', Criteria::LIKE) + ->addOr($oCriteria->getNewCriterion(UsersPeer::USR_LASTNAME, '%' . $filter . '%', Criteria::LIKE) + ->addOr($oCriteria->getNewCriterion(UsersPeer::USR_EMAIL, '%' . $filter . '%', Criteria::LIKE)))); $oCriteria->add($cc); } if (sizeof($aUsers) > 0) { - $oCriteria->add(\UsersPeer::USR_UID, $aUsers, \Criteria::IN); + $oCriteria->add(UsersPeer::USR_UID, $aUsers, Criteria::IN); } elseif ($totalRows == 0 && $authSource != '') { - $oCriteria->add(\UsersPeer::USR_UID, '', \Criteria::IN); + $oCriteria->add(UsersPeer::USR_UID, '', Criteria::IN); } if ($sort != '') { + //SQL Injection via 'sort' parameter + if (!in_array($sort, UsersPeer::getFieldNames(BasePeer::TYPE_FIELDNAME))) { + throw new Exception(G::LoadTranslation('ID_INVALID_VALUE_FOR', array('$sort'))); + } if ($dir == 'ASC') { $oCriteria->addAscendingOrderByColumn($sort); } else { @@ -1625,15 +1608,16 @@ class User } $oCriteria->setOffset($start); $oCriteria->setLimit($limit); - $oDataset = \UsersPeer::DoSelectRs($oCriteria); - $oDataset->setFetchmode(\ResultSet::FETCHMODE_ASSOC); + $oDataset = UsersPeer::DoSelectRs($oCriteria); + $oDataset->setFetchmode(ResultSet::FETCHMODE_ASSOC); return array("data" => $oDataset, "totalRows" => $totalRows); } + /** * This function get additional information related to the user * Information about the department, rol, cases, authentication * - * @param criteria $oDatasetUsers, criteria for search users + * @param criteria $oDatasetUsers , criteria for search users * * @return array $dataUsers array of users with the additional information */ @@ -1641,18 +1625,18 @@ class User { global $RBAC; //Get the information about the department - $Department = new \Department(); + $Department = new Department(); $aDepart = $Department->getAllDepartmentsByUser(); //Get the authentication sources $aAuthSources = $RBAC->getAllAuthSourcesByUser(); //Get roles - $oRoles = new \Roles(); + $oRoles = new Roles(); //Get cases - $oParticipated = new \ListParticipatedLast(); - $oAppCache = new \AppCacheView(); + $oParticipated = new ListParticipatedLast(); + $oAppCache = new AppCacheView(); $rows = array(); $uRole = array(); @@ -1665,7 +1649,7 @@ class User //Add the role information related to the user try { $uRole = $oRoles->loadByCode($row['USR_ROLE']); - } catch (\exception $oError) { + } catch (exception $oError) { $uRole['ROL_NAME'] = G::loadTranslation('ID_DELETED'); } $row['USR_ROLE_ID'] = $row['USR_ROLE']; @@ -1675,15 +1659,15 @@ class User if (true) { $total = $oParticipated->getCountList($row['USR_UID']); } else { - /*----------------------------------********---------------------------------*/ + /*----------------------------------********---------------------------------*/ $total = $oAppCache->getListCounters('sent', $row['USR_UID'], false); - /*----------------------------------********---------------------------------*/ + /*----------------------------------********---------------------------------*/ } /*----------------------------------********---------------------------------*/ $row['TOTAL_CASES'] = $total; $row['DUE_DATE_OK'] = (date('Y-m-d') > date('Y-m-d', strtotime($row['USR_DUE_DATE']))) ? 0 : 1; - $row['LAST_LOGIN'] = isset($row['USR_LAST_LOGIN']) ? \ProcessMaker\Util\DateTime::convertUtcToTimeZone($row['USR_LAST_LOGIN']) : ''; + $row['LAST_LOGIN'] = isset($row['USR_LAST_LOGIN']) ? DateTime::convertUtcToTimeZone($row['USR_LAST_LOGIN']) : ''; //Add the department information related to the user $row['DEP_TITLE'] = isset($aDepart[$row['USR_UID']]) ? $aDepart[$row['USR_UID']] : ''; //Add the authentication information related to the user @@ -1696,6 +1680,4 @@ class User return $dataUsers; } - } - diff --git a/workflow/engine/src/ProcessMaker/Exception/RBACException.php b/workflow/engine/src/ProcessMaker/Exception/RBACException.php new file mode 100644 index 000000000..f10e881e4 --- /dev/null +++ b/workflow/engine/src/ProcessMaker/Exception/RBACException.php @@ -0,0 +1,59 @@ +getCode()) { + case -1: + G::SendTemporalMessage($this->getMessage(), 'error', 'labels'); + $message = self::PM_LOGIN; + break; + case -2: + G::SendTemporalMessage($this->getMessage(), 'error', 'labels'); + $message = self::PM_LOGIN; + break; + case 403: + $message = self::PM_403; + break; + default: + $message = self::PM_LOGIN; + break; + } + return $message; + } + + /** + * Returns the path to which to redirect + * @return $this + */ + public function getPath() + { + return $this; + } +} diff --git a/workflow/public_html/app.php b/workflow/public_html/app.php index 7fe4195d1..0c8506882 100644 --- a/workflow/public_html/app.php +++ b/workflow/public_html/app.php @@ -53,6 +53,8 @@ try { break; } +} catch (ProcessMaker\Exception\RBACException $e) { + G::header('location: ' . $e->getPath()); } catch (Exception $e) { $view = new Maveriks\Pattern\Mvc\PhtmlView($rootDir . "framework/src/templates/Exception.phtml"); $view->set("message", $e->getMessage());