diff --git a/Rakefile b/Rakefile index 412773015..8ffc4d77f 100644 --- a/Rakefile +++ b/Rakefile @@ -1,5 +1,5 @@ require 'rubygems' - +require 'json' desc "Default Task - Build Library" task :default => [:required] do Rake::Task['build'].execute @@ -53,6 +53,7 @@ task :build => [:required] do mafeDir = targetDir + "/mafe" pmdynaformDir = targetDir + "/pmdynaform" + generateEnviromentVariables prepareDirs([targetDir, pmUIDir, mafeDir, pmdynaformDir, jsTargetDir, cssTargetDir, cssImagesTargetDir, imgTargetDir, pmUIFontsDir]) buildPmUi(Dir.pwd + "/vendor/colosa/pmUI", targetDir, mode) @@ -134,6 +135,20 @@ task :build => [:required] do #task argv1.to_sym do ; end end +def generateEnviromentVariables() + puts "Creating System Constants..." + content = "var __env = __env || {};" + file = File.read('./config/enviromentvariables.json') + dataUser = JSON.parse(file) + content = content + "__env.USER_GUEST = " + JSON.generate(dataUser['constants']['userguest']) + dir = "vendor/colosa/MichelangeloFE/src/enviroment/" + # create a directory enviroment + FileUtils.mkdir_p(dir) + File.open(dir +'constants.js', 'w') { |fileWrite| + fileWrite.write content + ';' + } +end + def buildPmUi(homeDir, targetDir, mode) puts "\nBuilding PMUI library".green.bold diff --git a/config/enviromentvariables.json b/config/enviromentvariables.json new file mode 100644 index 000000000..57d9fc8da --- /dev/null +++ b/config/enviromentvariables.json @@ -0,0 +1,12 @@ +{ + "name": "Environment variables", + "description": "Definition of system constants", + "constants": { + "userguest": { + "uid": "00000000000000000000000000000002", + "firstname": "Guest", + "lastname": "Guest", + "username": "guest" + } + } +} \ No newline at end of file diff --git a/gulliver/system/class.rbac.php b/gulliver/system/class.rbac.php index 38faf54f6..f4639e2c3 100644 --- a/gulliver/system/class.rbac.php +++ b/gulliver/system/class.rbac.php @@ -34,22 +34,23 @@ use ProcessMaker\Exception\RBACException; * RBAC class definition * * @package gulliver.system - * @copyright (C) 2002 by Colosa Development Team. - * @link http://www.colosa.com - * @link http://manuals.colosa.com/gulliver/rbac.html - * @author Fernando Ontiveros */ /** * Clase Wrapper * * @package gulliver.system - * @author Fernando Ontiveros */ - class RBAC { - const SETUPERMISSIONUID= '00000000000000000000000000000002'; + const SETUPERMISSIONUID = '00000000000000000000000000000002'; + const PER_SYSTEM = '00000000000000000000000000000002'; + const PM_GUEST_CASE = 'PM_GUEST_CASE'; + const PM_GUEST_CASE_UID = '00000000000000000000000000000066'; + const PROCESSMAKER_GUEST = 'PROCESSMAKER_GUEST'; + const PROCESSMAKER_GUEST_UID = '00000000000000000000000000000005'; + const GUEST_USER_UID = '00000000000000000000000000000002'; + /** * * @access private @@ -66,14 +67,16 @@ class RBAC public $rolesPermissionsObj; public $authSourcesObj; - public $aUserInfo = array (); - public $aRbacPlugins = array (); + public $aUserInfo = []; + public $aRbacPlugins = []; public $sSystem = ''; public $singleSignOn = false; private static $instance = null; - public $authorizedActions = array(); + public $authorizedActions = []; + + private $aliasPermissions = []; /** * To enable compatibility with soap login. @@ -81,105 +84,107 @@ class RBAC */ private $enableLoginHash = false; - public function __construct () + public function __construct() { - $this->authorizedActions = array( - 'users_Ajax.php' => array( - 'availableUsers' => array('PM_FACTORY'), - 'assign' => array('PM_FACTORY'), - 'changeView' => array(), - 'ofToAssign' => array('PM_FACTORY'), - 'usersGroup' => array('PM_FACTORY'), - 'canDeleteUser' => array('PM_USERS'), - 'deleteUser' => array('PM_USERS'), - 'changeUserStatus' => array('PM_USERS'), - 'availableGroups' => array('PM_USERS'), - 'assignedGroups' => array('PM_USERS'), - 'assignGroupsToUserMultiple' => array('PM_USERS'), - 'deleteGroupsToUserMultiple' => array('PM_USERS'), - 'authSources' => array('PM_USERS'), - 'loadAuthSourceByUID' => array('PM_USERS'), - 'updateAuthServices' => array('PM_USERS'), - 'usersList' => array('PM_USERS'), - 'updatePageSize' => array(), - 'summaryUserData' => array('PM_USERS'), - 'verifyIfUserAssignedAsSupervisor' => array('PM_USERS') - ), - 'skin_Ajax.php' => array( - 'updatePageSize' => array(), - 'skinList' => array('PM_SETUP_SKIN'), - 'newSkin' => array('PM_SETUP_SKIN'), - 'importSkin' => array('PM_SETUP_SKIN'), - 'exportSkin' => array('PM_SETUP_SKIN'), - 'deleteSkin' => array('PM_SETUP_SKIN'), - 'streamSkin' => array('PM_SETUP_SKIN'), - 'addTarFolder' => array('PM_SETUP_SKIN'), - 'copy_skin_folder' => array('PM_SETUP_SKIN') - ), - 'processes_DownloadFile.php' => array( - 'downloadFileHash' => array('PM_FACTORY') - ), - 'processProxy.php' => array( - 'categoriesList' => array('PM_SETUP_PROCESS_CATEGORIES'), - 'getCategoriesList' => array('PM_FACTORY'), - 'saveProcess' => array('PM_FACTORY'), - 'changeStatus' => array('PM_FACTORY'), - 'changeDebugMode' => array('PM_FACTORY'), - 'getUsers' => array(), - 'getGroups' => array(), - 'assignActorsTask' => array(), - 'removeActorsTask' => array(), - 'getActorsTask' => array(), - 'getProcessDetail' => array(), - 'getProperties' => array(), - 'saveProperties' => array(), - 'getCaledarList' => array(), - 'getPMVariables' => array(), - 'generateBpmn' => array('PM_FACTORY') - ), - 'home.php' => array( - 'login' => array('PM_LOGIN'), - 'index' => array('PM_CASES'), - 'indexSingle' => array('PM_CASES'), - 'appList' => array('PM_CASES'), - 'appAdvancedSearch' => array('PM_ALLCASES'), - 'getApps' => array('PM_ALLCASES'), - 'getAppsData' => array('PM_ALLCASES'), - 'startCase' => array('PM_CASES'), - 'error' => array(), - 'getUserArray' => array('PM_ALLCASES'), - 'getCategoryArray' => array('PM_ALLCASES'), - 'getAllUsersArray' => array('PM_ALLCASES'), - 'getStatusArray' => array('PM_ALLCASES'), - 'getProcessArray' => array('PM_ALLCASES'), - 'getProcesses' => array('PM_ALLCASES'), - 'getUsers' => array('PM_ALLCASES') - ), - 'newSite.php' => array( - 'newSite.php' => array('PM_SETUP_ADVANCE') - ), - 'emailsAjax.php' => array( - 'MessageList' => array('PM_SETUP', 'PM_SETUP_LOGS'), - 'updateStatusMessage' => array('PM_SETUP', 'PM_SETUP_LOGS'), - ), - 'processCategory_Ajax.php' => array( - 'processCategoryList' => array('PM_SETUP', 'PM_SETUP_PROCESS_CATEGORIES'), - 'updatePageSize' => array('PM_SETUP', 'PM_SETUP_PROCESS_CATEGORIES'), - 'checkCategoryName' => array('PM_SETUP', 'PM_SETUP_PROCESS_CATEGORIES'), - 'saveNewCategory' => array('PM_SETUP', 'PM_SETUP_PROCESS_CATEGORIES'), - 'checkEditCategoryName' => array('PM_SETUP', 'PM_SETUP_PROCESS_CATEGORIES'), - 'updateCategory' => array('PM_SETUP', 'PM_SETUP_PROCESS_CATEGORIES'), - 'canDeleteCategory' => array('PM_SETUP', 'PM_SETUP_PROCESS_CATEGORIES'), - 'deleteCategory' => array('PM_SETUP', 'PM_SETUP_PROCESS_CATEGORIES') - ), - 'emailServerAjax.php' => array( - 'INS' => array('PM_SETUP'), - 'UPD' => array('PM_SETUP'), - 'DEL' => array('PM_SETUP'), - 'LST' => array('PM_SETUP'), - 'TEST' => array('PM_SETUP') - ) - ); + $this->authorizedActions = [ + 'users_Ajax.php' => [ + 'availableUsers' => ['PM_FACTORY'], + 'assign' => ['PM_FACTORY'], + 'changeView' => [], + 'ofToAssign' => ['PM_FACTORY'], + 'usersGroup' => ['PM_FACTORY'], + 'canDeleteUser' => ['PM_USERS'], + 'deleteUser' => ['PM_USERS'], + 'changeUserStatus' => ['PM_USERS'], + 'availableGroups' => ['PM_USERS'], + 'assignedGroups' => ['PM_USERS'], + 'assignGroupsToUserMultiple' => ['PM_USERS'], + 'deleteGroupsToUserMultiple' => ['PM_USERS'], + 'authSources' => ['PM_USERS'], + 'loadAuthSourceByUID' => ['PM_USERS'], + 'updateAuthServices' => ['PM_USERS'], + 'usersList' => ['PM_USERS'], + 'updatePageSize' => [], + 'summaryUserData' => ['PM_USERS'], + 'verifyIfUserAssignedAsSupervisor' => ['PM_USERS'] + ], + 'skin_Ajax.php' => [ + 'updatePageSize' => [], + 'skinList' => ['PM_SETUP_SKIN'], + 'newSkin' => ['PM_SETUP_SKIN'], + 'importSkin' => ['PM_SETUP_SKIN'], + 'exportSkin' => ['PM_SETUP_SKIN'], + 'deleteSkin' => ['PM_SETUP_SKIN'], + 'streamSkin' => ['PM_SETUP_SKIN'], + 'addTarFolder' => ['PM_SETUP_SKIN'], + 'copy_skin_folder' => ['PM_SETUP_SKIN'] + ], + 'processes_DownloadFile.php' => [ + 'downloadFileHash' => ['PM_FACTORY'] + ], + 'processProxy.php' => [ + 'categoriesList' => ['PM_SETUP_PROCESS_CATEGORIES'], + 'getCategoriesList' => ['PM_FACTORY'], + 'saveProcess' => ['PM_FACTORY'], + 'changeStatus' => ['PM_FACTORY'], + 'changeDebugMode' => ['PM_FACTORY'], + 'getUsers' => [], + 'getGroups' => [], + 'assignActorsTask' => [], + 'removeActorsTask' => [], + 'getActorsTask' => [], + 'getProcessDetail' => [], + 'getProperties' => [], + 'saveProperties' => [], + 'getCaledarList' => [], + 'getPMVariables' => [], + 'generateBpmn' => ['PM_FACTORY'] + ], + 'home.php' => [ + 'login' => ['PM_LOGIN'], + 'index' => ['PM_CASES/strict'], + 'indexSingle' => ['PM_CASES/strict'], + 'appList' => ['PM_CASES/strict'], + 'appAdvancedSearch' => ['PM_ALLCASES'], + 'getApps' => ['PM_ALLCASES'], + 'getAppsData' => ['PM_ALLCASES'], + 'startCase' => ['PM_CASES/strict'], + 'error' => [], + 'getUserArray' => ['PM_ALLCASES'], + 'getCategoryArray' => ['PM_ALLCASES'], + 'getAllUsersArray' => ['PM_ALLCASES'], + 'getStatusArray' => ['PM_ALLCASES'], + 'getProcessArray' => ['PM_ALLCASES'], + 'getProcesses' => ['PM_ALLCASES'], + 'getUsers' => ['PM_ALLCASES'] + ], + 'newSite.php' => [ + 'newSite.php' => ['PM_SETUP_ADVANCE'] + ], + 'emailsAjax.php' => [ + 'MessageList' => ['PM_SETUP', 'PM_SETUP_LOGS'], + 'updateStatusMessage' => ['PM_SETUP', 'PM_SETUP_LOGS'], + ], + 'processCategory_Ajax.php' => [ + 'processCategoryList' => ['PM_SETUP', 'PM_SETUP_PROCESS_CATEGORIES'], + 'updatePageSize' => ['PM_SETUP', 'PM_SETUP_PROCESS_CATEGORIES'], + 'checkCategoryName' => ['PM_SETUP', 'PM_SETUP_PROCESS_CATEGORIES'], + 'saveNewCategory' => ['PM_SETUP', 'PM_SETUP_PROCESS_CATEGORIES'], + 'checkEditCategoryName' => ['PM_SETUP', 'PM_SETUP_PROCESS_CATEGORIES'], + 'updateCategory' => ['PM_SETUP', 'PM_SETUP_PROCESS_CATEGORIES'], + 'canDeleteCategory' => ['PM_SETUP', 'PM_SETUP_PROCESS_CATEGORIES'], + 'deleteCategory' => ['PM_SETUP', 'PM_SETUP_PROCESS_CATEGORIES'] + ], + 'emailServerAjax.php' => [ + 'INS' => ['PM_SETUP'], + 'UPD' => ['PM_SETUP'], + 'DEL' => ['PM_SETUP'], + 'LST' => ['PM_SETUP'], + 'TEST' => ['PM_SETUP'] + ] + ]; + $this->aliasPermissions['PM_CASES'] = [self::PM_GUEST_CASE]; + $this->aliasPermissions['PM_LOGIN'] = [self::PM_GUEST_CASE]; } /** @@ -188,66 +193,68 @@ class RBAC * @access public * @return object */ - public function &getSingleton () + public function &getSingleton() { if (self::$instance == null) { self::$instance = new RBAC(); } + return self::$instance; } /** - * to get start with some classess + * to get start with some classes * * @access public * @return object */ - public function initRBAC () + public function initRBAC() { - if (is_null( $this->userObj )) { + if (is_null($this->userObj)) { $this->userObj = new RbacUsers(); } - if (is_null( $this->systemObj )) { + if (is_null($this->systemObj)) { $this->systemObj = new Systems(); } - if (is_null( $this->usersRolesObj )) { + if (is_null($this->usersRolesObj)) { $this->usersRolesObj = new UsersRoles(); } - if (is_null( $this->rolesObj )) { + if (is_null($this->rolesObj)) { $this->rolesObj = new Roles(); } - if (is_null( $this->permissionsObj )) { + if (is_null($this->permissionsObj)) { $this->permissionsObj = new Permissions(); } - if (is_null( $this->rolesPermissionsObj )) { + if (is_null($this->rolesPermissionsObj)) { $this->rolesPermissionsObj = new RolesPermissions(); } - if (is_null( $this->authSourcesObj )) { + if (is_null($this->authSourcesObj)) { $this->authSourcesObj = new AuthenticationSource(); } //hook for RBAC plugins $pathPlugins = PATH_RBAC . 'plugins'; - if (is_dir( $pathPlugins )) { - if ($handle = opendir( $pathPlugins )) { - while (false !== ($file = readdir( $handle ))) { - if (strpos( $file, '.php', 1 ) && is_file( $pathPlugins . PATH_SEP . $file ) && substr( $file, 0, 6 ) == 'class.' && substr( $file, - 4 ) == '.php') { + if (is_dir($pathPlugins)) { + if ($handle = opendir($pathPlugins)) { + while (false !== ($file = readdir($handle))) { + if (strpos($file, '.php', 1) && is_file($pathPlugins . PATH_SEP . $file) && substr($file, 0, + 6) == 'class.' && substr($file, -4) == '.php') { - $sClassName = substr( $file, 6, strlen( $file ) - 10 ); - require_once ($pathPlugins . PATH_SEP . $file); - $this->aRbacPlugins[] = $sClassName; + $className = substr($file, 6, strlen($file) - 10); + require_once($pathPlugins . PATH_SEP . $file); + $this->aRbacPlugins[] = $className; } } @@ -268,155 +275,512 @@ class RBAC */ public function loadPermissionAdmin() { - $permissionsAdmin = array(array("PER_UID" => "00000000000000000000000000000001", "PER_CODE" => "PM_LOGIN", - "PER_NAME" => "Login" - ), array("PER_UID" => "00000000000000000000000000000002", "PER_CODE" => "PM_SETUP", "PER_NAME" => "Setup" - ), array("PER_UID" => "00000000000000000000000000000003", "PER_CODE" => "PM_USERS", "PER_NAME" => "Users" - ), array("PER_UID" => "00000000000000000000000000000004", "PER_CODE" => "PM_FACTORY", "PER_NAME" => "Design - Process" - ), array("PER_UID" => "00000000000000000000000000000005", "PER_CODE" => "PM_CASES", "PER_NAME" => "Create Users" - ), array("PER_UID" => "00000000000000000000000000000006", "PER_CODE" => "PM_ALLCASES", "PER_NAME" => "All Cases" - ), array("PER_UID" => "00000000000000000000000000000007", "PER_CODE" => "PM_REASSIGNCASE", "PER_NAME" => - "Reassign case" - ), array("PER_UID" => "00000000000000000000000000000008", "PER_CODE" => "PM_REPORTS", "PER_NAME" => "PM reports" - ), array("PER_UID" => "00000000000000000000000000000009", "PER_CODE" => "PM_SUPERVISOR", "PER_NAME" => - "Supervisor" - ), array("PER_UID" => "00000000000000000000000000000010", "PER_CODE" => "PM_SETUP_ADVANCE", "PER_NAME" => - "Setup Advanced" - ), array("PER_UID" => "00000000000000000000000000000011", "PER_CODE" => "PM_DASHBOARD", "PER_NAME" => "Dashboard" - ), array("PER_UID" => "00000000000000000000000000000012", "PER_CODE" => "PM_WEBDAV", "PER_NAME" => "WebDav" - ), array("PER_UID" => "00000000000000000000000000000013", "PER_CODE" => "PM_DELETECASE", "PER_NAME" => "Cancel - cases" - ), array("PER_UID" => "00000000000000000000000000000014", "PER_CODE" => "PM_EDITPERSONALINFO", "PER_NAME" => - "Edit Personal Info" - ), array("PER_UID" => "00000000000000000000000000000015", "PER_CODE" => "PM_FOLDERS_VIEW", "PER_NAME" => "View - Folders" - ), array("PER_UID" => "00000000000000000000000000000016", "PER_CODE" => "PM_FOLDERS_ADD_FOLDER", "PER_NAME" => - "Delete folders" - ), array("PER_UID" => "00000000000000000000000000000017", "PER_CODE" => "PM_FOLDERS_ADD_FILE", "PER_NAME" => - "Delete folders" - ), array("PER_UID" => "00000000000000000000000000000018", "PER_CODE" => "PM_CANCELCASE", "PER_NAME" => "Cancel - cases" - ), array("PER_UID" => "00000000000000000000000000000019", "PER_CODE" => "PM_FOLDER_DELETE", "PER_NAME" => - "Cancel cases" - ), array("PER_UID" => "00000000000000000000000000000020", "PER_CODE" => "PM_SETUP_LOGO", "PER_NAME" => "Setup - Logo" - ), array("PER_UID" => "00000000000000000000000000000021", "PER_CODE" => "PM_SETUP_EMAIL", "PER_NAME" => "Setup - Email" - ), array("PER_UID" => "00000000000000000000000000000022", "PER_CODE" => "PM_SETUP_CALENDAR", "PER_NAME" => - "Setup Calendar" - ), array("PER_UID" => "00000000000000000000000000000023", "PER_CODE" => "PM_SETUP_PROCESS_CATEGORIES", - "PER_NAME" => "Setup Process Categories" - ), array("PER_UID" => "00000000000000000000000000000024", "PER_CODE" => "PM_SETUP_CLEAR_CACHE", "PER_NAME" => - "Setup Clear Cache" - ), array("PER_UID" => "00000000000000000000000000000025", "PER_CODE" => "PM_SETUP_HEART_BEAT", "PER_NAME" => - "Setup Heart Beat" - ), array("PER_UID" => "00000000000000000000000000000026", "PER_CODE" => "PM_SETUP_ENVIRONMENT", "PER_NAME" => - "Setup Environment" - ), array("PER_UID" => "00000000000000000000000000000027", "PER_CODE" => "PM_SETUP_PM_TABLES", "PER_NAME" => - "Setup PM Tables" - ), array("PER_UID" => "00000000000000000000000000000028", "PER_CODE" => "PM_SETUP_LOGIN", "PER_NAME" => "Setup - Login" - ), array("PER_UID" => "00000000000000000000000000000029", "PER_CODE" => "PM_SETUP_DASHBOARDS", "PER_NAME" => - "Setup Dashboards" - ), array("PER_UID" => "00000000000000000000000000000030", "PER_CODE" => "PM_SETUP_LANGUAGE", "PER_NAME" => - "Setup Language" - ), array("PER_UID" => "00000000000000000000000000000031", "PER_CODE" => "PM_SETUP_SKIN", "PER_NAME" => "Setup - Skin" - ), array("PER_UID" => "00000000000000000000000000000032", "PER_CODE" => "PM_SETUP_CASES_LIST_CACHE_BUILDER", - "PER_NAME" => "Setup Case List Cache Builder" - ), array("PER_UID" => "00000000000000000000000000000033", "PER_CODE" => "PM_SETUP_PLUGINS", "PER_NAME" => - "Setup Plugins" - ), array("PER_UID" => "00000000000000000000000000000034", "PER_CODE" => - "PM_SETUP_USERS_AUTHENTICATION_SOURCES", "PER_NAME" => "Setup User Authentication Sources" - ), array("PER_UID" => "00000000000000000000000000000035", "PER_CODE" => "PM_SETUP_LOGS", "PER_NAME" => "Setup - Logs" - ), array("PER_UID" => "00000000000000000000000000000036", "PER_CODE" => "PM_DELETE_PROCESS_CASES", "PER_NAME" => - "Delete process cases" - ), array("PER_UID" => "00000000000000000000000000000037", "PER_CODE" => "PM_EDITPERSONALINFO_CALENDAR", - "PER_NAME" => "Edit personal info Calendar" - ), array("PER_UID" => "00000000000000000000000000000038", "PER_CODE" => "PM_UNCANCELCASE", - "PER_NAME" => "Undo cancel case" - ), array("PER_UID" => "00000000000000000000000000000039", "PER_CODE" => "PM_REST_API_APPLICATIONS", - "PER_NAME" => "Create rest API Aplications" - ), array("PER_UID" => "00000000000000000000000000000040", "PER_CODE" => "PM_EDIT_USER_PROFILE_FIRST_NAME", - "PER_NAME" => "Edit User profile First Name" - ), array("PER_UID" => "00000000000000000000000000000041", "PER_CODE" => "PM_EDIT_USER_PROFILE_LAST_NAME", - "PER_NAME" => "Edit User profile Last Name" - ), array("PER_UID" => "00000000000000000000000000000042", "PER_CODE" => "PM_EDIT_USER_PROFILE_USERNAME", - "PER_NAME" => "Edit User profile Username" - ), array("PER_UID" => "00000000000000000000000000000043", "PER_CODE" => "PM_EDIT_USER_PROFILE_EMAIL", - "PER_NAME" => "Edit User profile Email" - ), array("PER_UID" => "00000000000000000000000000000044", "PER_CODE" => "PM_EDIT_USER_PROFILE_ADDRESS", - "PER_NAME" => "Edit User profile Address" - ), array("PER_UID" => "00000000000000000000000000000045", "PER_CODE" => "PM_EDIT_USER_PROFILE_ZIP_CODE", - "PER_NAME" => "Edit User profile Zip Code" - ), array("PER_UID" => "00000000000000000000000000000046", "PER_CODE" => "PM_EDIT_USER_PROFILE_COUNTRY", - "PER_NAME" => "Edit User profile Country" - ), array("PER_UID" => "00000000000000000000000000000047", "PER_CODE" => "PM_EDIT_USER_PROFILE_STATE_OR_REGION", - "PER_NAME" => "Edit User profile State or Region" - ), array("PER_UID" => "00000000000000000000000000000048", "PER_CODE" => "PM_EDIT_USER_PROFILE_LOCATION", - "PER_NAME" => "Edit User profile Location" - ), array("PER_UID" => "00000000000000000000000000000049", "PER_CODE" => "PM_EDIT_USER_PROFILE_PHONE", - "PER_NAME" => "Edit User profile Phone" - ), array("PER_UID" => "00000000000000000000000000000050", "PER_CODE" => "PM_EDIT_USER_PROFILE_POSITION", - "PER_NAME" => "Edit User profile Position" - ), array("PER_UID" => "00000000000000000000000000000051", "PER_CODE" => "PM_EDIT_USER_PROFILE_REPLACED_BY", - "PER_NAME" => "Edit User profile Replaced By" - ), array("PER_UID" => "00000000000000000000000000000052", "PER_CODE" => "PM_EDIT_USER_PROFILE_EXPIRATION_DATE", - "PER_NAME" => "Edit User profile Expiration Date" - ), array("PER_UID" => "00000000000000000000000000000053", "PER_CODE" => "PM_EDIT_USER_PROFILE_CALENDAR", - "PER_NAME" => "Edit User profile Calendar" - ), array("PER_UID" => "00000000000000000000000000000054", "PER_CODE" => "PM_EDIT_USER_PROFILE_STATUS", - "PER_NAME" => "Edit User profile Status" - ), array("PER_UID" => "00000000000000000000000000000055", "PER_CODE" => "PM_EDIT_USER_PROFILE_ROLE", - "PER_NAME" => "Edit User profile Role" - ), array("PER_UID" => "00000000000000000000000000000056", "PER_CODE" => "PM_EDIT_USER_PROFILE_TIME_ZONE", - "PER_NAME" => "Edit User profile Time Zone" - ), array("PER_UID" => "00000000000000000000000000000057", "PER_CODE" => "PM_EDIT_USER_PROFILE_DEFAULT_LANGUAGE", - "PER_NAME" => "Edit User profile Default Language" - ), array("PER_UID" => "00000000000000000000000000000058", "PER_CODE" => "PM_EDIT_USER_PROFILE_COSTS", - "PER_NAME" => "Edit User profile Costs" - ), array("PER_UID" => "00000000000000000000000000000059", "PER_CODE" => "PM_EDIT_USER_PROFILE_PASSWORD", - "PER_NAME" => "Edit User profile Password" - ), array("PER_UID" => "00000000000000000000000000000060", "PER_CODE" => "PM_EDIT_USER_PROFILE_USER_MUST_CHANGE_PASSWORD_AT_NEXT_LOGON", - "PER_NAME" => "Edit User profile Must Change Password at next Logon" - ), array("PER_UID" => "00000000000000000000000000000061", "PER_CODE" => "PM_EDIT_USER_PROFILE_PHOTO", - "PER_NAME" => "Edit User profile Photo" - ), array("PER_UID" => "00000000000000000000000000000062", "PER_CODE" => "PM_EDIT_USER_PROFILE_DEFAULT_MAIN_MENU_OPTIONS", - "PER_NAME" => "Edit User profile Default Main Menu Options" - ), array("PER_UID" => "00000000000000000000000000000063", "PER_CODE" => "PM_EDIT_USER_PROFILE_DEFAULT_CASES_MENU_OPTIONS", - "PER_NAME" => "Edit User profile Default Cases Menu Options" - ), array("PER_UID" => "00000000000000000000000000000064", "PER_CODE" => "PM_REASSIGNCASE_SUPERVISOR", - "PER_NAME" => "Reassign case supervisor" - ), array("PER_UID" => "00000000000000000000000000000065", "PER_CODE" => "PM_SETUP_CUSTOM_CASES_LIST", - "PER_NAME" => "Setup Custom Cases List" - ) - ); + $permissionsAdmin = [ + [ + "PER_UID" => "00000000000000000000000000000001", + "PER_CODE" => "PM_LOGIN", + "PER_NAME" => "Login" + ], + [ + "PER_UID" => "00000000000000000000000000000002", + "PER_CODE" => "PM_SETUP", + "PER_NAME" => "Setup" + ], + [ + "PER_UID" => "00000000000000000000000000000003", + "PER_CODE" => "PM_USERS", + "PER_NAME" => "Users" + ], + [ + "PER_UID" => "00000000000000000000000000000004", + "PER_CODE" => "PM_FACTORY", + "PER_NAME" => "Design Process" + ], + [ + "PER_UID" => "00000000000000000000000000000005", + "PER_CODE" => "PM_CASES", + "PER_NAME" => "Create Users" + ], + [ + "PER_UID" => "00000000000000000000000000000006", + "PER_CODE" => "PM_ALLCASES", + "PER_NAME" => "All Cases" + ], + [ + "PER_UID" => "00000000000000000000000000000007", + "PER_CODE" => "PM_REASSIGNCASE", + "PER_NAME" => "Reassign case" + ], + [ + "PER_UID" => "00000000000000000000000000000008", + "PER_CODE" => "PM_REPORTS", + "PER_NAME" => "PM reports" + ], + [ + "PER_UID" => "00000000000000000000000000000009", + "PER_CODE" => "PM_SUPERVISOR", + "PER_NAME" => "Supervisor" + ], + [ + "PER_UID" => "00000000000000000000000000000010", + "PER_CODE" => "PM_SETUP_ADVANCE", + "PER_NAME" => "Setup Advanced" + ], + [ + "PER_UID" => "00000000000000000000000000000011", + "PER_CODE" => "PM_DASHBOARD", + "PER_NAME" => "Dashboard" + ], + [ + "PER_UID" => "00000000000000000000000000000012", + "PER_CODE" => "PM_WEBDAV", + "PER_NAME" => "WebDav" + ], + [ + "PER_UID" => "00000000000000000000000000000013", + "PER_CODE" => "PM_DELETECASE", + "PER_NAME" => "Cancel cases" + ], + [ + "PER_UID" => "00000000000000000000000000000014", + "PER_CODE" => "PM_EDITPERSONALINFO", + "PER_NAME" => "Edit Personal Info" + ], + [ + "PER_UID" => "00000000000000000000000000000015", + "PER_CODE" => "PM_FOLDERS_VIEW", + "PER_NAME" => "View Folders" + ], + [ + "PER_UID" => "00000000000000000000000000000016", + "PER_CODE" => "PM_FOLDERS_ADD_FOLDER", + "PER_NAME" => "Delete folders" + ], + [ + "PER_UID" => "00000000000000000000000000000017", + "PER_CODE" => "PM_FOLDERS_ADD_FILE", + "PER_NAME" => + "Delete folders" + ], + [ + "PER_UID" => "00000000000000000000000000000018", + "PER_CODE" => "PM_CANCELCASE", + "PER_NAME" => "Cancel cases" + ], + [ + "PER_UID" => "00000000000000000000000000000019", + "PER_CODE" => "PM_FOLDER_DELETE", + "PER_NAME" => "Cancel cases" + ], + [ + "PER_UID" => "00000000000000000000000000000020", + "PER_CODE" => "PM_SETUP_LOGO", + "PER_NAME" => "Setup Logo" + ], + [ + "PER_UID" => "00000000000000000000000000000021", + "PER_CODE" => "PM_SETUP_EMAIL", + "PER_NAME" => "Setup Email" + ], + [ + "PER_UID" => "00000000000000000000000000000022", + "PER_CODE" => "PM_SETUP_CALENDAR", + "PER_NAME" => "Setup Calendar" + ], + [ + "PER_UID" => "00000000000000000000000000000023", + "PER_CODE" => "PM_SETUP_PROCESS_CATEGORIES", + "PER_NAME" => "Setup Process Categories" + ], + [ + "PER_UID" => "00000000000000000000000000000024", + "PER_CODE" => "PM_SETUP_CLEAR_CACHE", + "PER_NAME" => "Setup Clear Cache" + ], + [ + "PER_UID" => "00000000000000000000000000000025", + "PER_CODE" => "PM_SETUP_HEART_BEAT", + "PER_NAME" => "Setup Heart Beat" + ], + [ + "PER_UID" => "00000000000000000000000000000026", + "PER_CODE" => "PM_SETUP_ENVIRONMENT", + "PER_NAME" => "Setup Environment" + ], + [ + "PER_UID" => "00000000000000000000000000000027", + "PER_CODE" => "PM_SETUP_PM_TABLES", + "PER_NAME" => "Setup PM Tables" + ], + [ + "PER_UID" => "00000000000000000000000000000028", + "PER_CODE" => "PM_SETUP_LOGIN", + "PER_NAME" => "Setup Login" + ], + [ + "PER_UID" => "00000000000000000000000000000029", + "PER_CODE" => "PM_SETUP_DASHBOARDS", + "PER_NAME" => "Setup Dashboards" + ], + [ + "PER_UID" => "00000000000000000000000000000030", + "PER_CODE" => "PM_SETUP_LANGUAGE", + "PER_NAME" => "Setup Language" + ], + [ + "PER_UID" => "00000000000000000000000000000031", + "PER_CODE" => "PM_SETUP_SKIN", + "PER_NAME" => "Setup Skin" + ], + [ + "PER_UID" => "00000000000000000000000000000032", + "PER_CODE" => "PM_SETUP_CASES_LIST_CACHE_BUILDER", + "PER_NAME" => "Setup Case List Cache Builder" + ], + [ + "PER_UID" => "00000000000000000000000000000033", + "PER_CODE" => "PM_SETUP_PLUGINS", + "PER_NAME" => "Setup Plugins" + ], + [ + "PER_UID" => "00000000000000000000000000000034", + "PER_CODE" => "PM_SETUP_USERS_AUTHENTICATION_SOURCES", + "PER_NAME" => "Setup User Authentication Sources" + ], + [ + "PER_UID" => "00000000000000000000000000000035", + "PER_CODE" => "PM_SETUP_LOGS", + "PER_NAME" => "Setup Logs" + ], + [ + "PER_UID" => "00000000000000000000000000000036", + "PER_CODE" => "PM_DELETE_PROCESS_CASES", + "PER_NAME" => "Delete process cases" + ], + [ + "PER_UID" => "00000000000000000000000000000037", + "PER_CODE" => "PM_EDITPERSONALINFO_CALENDAR", + "PER_NAME" => "Edit personal info Calendar" + ], + [ + "PER_UID" => "00000000000000000000000000000038", + "PER_CODE" => "PM_UNCANCELCASE", + "PER_NAME" => "Undo cancel case" + ], + [ + "PER_UID" => "00000000000000000000000000000039", + "PER_CODE" => "PM_REST_API_APPLICATIONS", + "PER_NAME" => "Create rest API Aplications" + ], + [ + "PER_UID" => "00000000000000000000000000000040", + "PER_CODE" => "PM_EDIT_USER_PROFILE_FIRST_NAME", + "PER_NAME" => "Edit User profile First Name" + ], + [ + "PER_UID" => "00000000000000000000000000000041", + "PER_CODE" => "PM_EDIT_USER_PROFILE_LAST_NAME", + "PER_NAME" => "Edit User profile Last Name" + ], + [ + "PER_UID" => "00000000000000000000000000000042", + "PER_CODE" => "PM_EDIT_USER_PROFILE_USERNAME", + "PER_NAME" => "Edit User profile Username" + ], + [ + "PER_UID" => "00000000000000000000000000000043", + "PER_CODE" => "PM_EDIT_USER_PROFILE_EMAIL", + "PER_NAME" => "Edit User profile Email" + ], + [ + "PER_UID" => "00000000000000000000000000000044", + "PER_CODE" => "PM_EDIT_USER_PROFILE_ADDRESS", + "PER_NAME" => "Edit User profile Address" + ], + [ + "PER_UID" => "00000000000000000000000000000045", + "PER_CODE" => "PM_EDIT_USER_PROFILE_ZIP_CODE", + "PER_NAME" => "Edit User profile Zip Code" + ], + [ + "PER_UID" => "00000000000000000000000000000046", + "PER_CODE" => "PM_EDIT_USER_PROFILE_COUNTRY", + "PER_NAME" => "Edit User profile Country" + ], + [ + "PER_UID" => "00000000000000000000000000000047", + "PER_CODE" => "PM_EDIT_USER_PROFILE_STATE_OR_REGION", + "PER_NAME" => "Edit User profile State or Region" + ], + [ + "PER_UID" => "00000000000000000000000000000048", + "PER_CODE" => "PM_EDIT_USER_PROFILE_LOCATION", + "PER_NAME" => "Edit User profile Location" + ], + [ + "PER_UID" => "00000000000000000000000000000049", + "PER_CODE" => "PM_EDIT_USER_PROFILE_PHONE", + "PER_NAME" => "Edit User profile Phone" + ], + [ + "PER_UID" => "00000000000000000000000000000050", + "PER_CODE" => "PM_EDIT_USER_PROFILE_POSITION", + "PER_NAME" => "Edit User profile Position" + ], + [ + "PER_UID" => "00000000000000000000000000000051", + "PER_CODE" => "PM_EDIT_USER_PROFILE_REPLACED_BY", + "PER_NAME" => "Edit User profile Replaced By" + ], + [ + "PER_UID" => "00000000000000000000000000000052", + "PER_CODE" => "PM_EDIT_USER_PROFILE_EXPIRATION_DATE", + "PER_NAME" => "Edit User profile Expiration Date" + ], + [ + "PER_UID" => "00000000000000000000000000000053", + "PER_CODE" => "PM_EDIT_USER_PROFILE_CALENDAR", + "PER_NAME" => "Edit User profile Calendar" + ], + [ + "PER_UID" => "00000000000000000000000000000054", + "PER_CODE" => "PM_EDIT_USER_PROFILE_STATUS", + "PER_NAME" => "Edit User profile Status" + ], + [ + "PER_UID" => "00000000000000000000000000000055", + "PER_CODE" => "PM_EDIT_USER_PROFILE_ROLE", + "PER_NAME" => "Edit User profile Role" + ], + [ + "PER_UID" => "00000000000000000000000000000056", + "PER_CODE" => "PM_EDIT_USER_PROFILE_TIME_ZONE", + "PER_NAME" => "Edit User profile Time Zone" + ], + [ + "PER_UID" => "00000000000000000000000000000057", + "PER_CODE" => "PM_EDIT_USER_PROFILE_DEFAULT_LANGUAGE", + "PER_NAME" => "Edit User profile Default Language" + ], + [ + "PER_UID" => "00000000000000000000000000000058", + "PER_CODE" => "PM_EDIT_USER_PROFILE_COSTS", + "PER_NAME" => "Edit User profile Costs" + ], + [ + "PER_UID" => "00000000000000000000000000000059", + "PER_CODE" => "PM_EDIT_USER_PROFILE_PASSWORD", + "PER_NAME" => "Edit User profile Password" + ], + [ + "PER_UID" => "00000000000000000000000000000060", + "PER_CODE" => "PM_EDIT_USER_PROFILE_USER_MUST_CHANGE_PASSWORD_AT_NEXT_LOGON", + "PER_NAME" => "Edit User profile Must Change Password at next Logon" + ], + [ + "PER_UID" => "00000000000000000000000000000061", + "PER_CODE" => "PM_EDIT_USER_PROFILE_PHOTO", + "PER_NAME" => "Edit User profile Photo" + ], + [ + "PER_UID" => "00000000000000000000000000000062", + "PER_CODE" => "PM_EDIT_USER_PROFILE_DEFAULT_MAIN_MENU_OPTIONS", + "PER_NAME" => "Edit User profile Default Main Menu Options" + ], + [ + "PER_UID" => "00000000000000000000000000000063", + "PER_CODE" => "PM_EDIT_USER_PROFILE_DEFAULT_CASES_MENU_OPTIONS", + "PER_NAME" => "Edit User profile Default Cases Menu Options" + ], + [ + "PER_UID" => "00000000000000000000000000000064", + "PER_CODE" => "PM_REASSIGNCASE_SUPERVISOR", + "PER_NAME" => "Reassign case supervisor" + ], + [ + "PER_UID" => "00000000000000000000000000000065", + "PER_CODE" => "PM_SETUP_CUSTOM_CASES_LIST", + "PER_NAME" => "Setup Custom Cases List" + ] + ]; + return $permissionsAdmin; } + /** + * Create if not exists GUEST user. + * + * @param Roles $role + * @throws Exception + */ + private function verifyGuestUser(Roles $role) + { + try { + $strRole = $role->getRolCode(); + + $arrayData = []; + $arrayData["USR_UID"] = self::GUEST_USER_UID; + $arrayData["USR_USERNAME"] = 'guest'; + $arrayData["USR_PASSWORD"] = '674ba9750749d735ec9787d606170d78'; + $arrayData["USR_FIRSTNAME"] = 'Guest'; + $arrayData["USR_LASTNAME"] = ''; + $arrayData["USR_EMAIL"] = 'guest@processmaker.com'; + $arrayData["USR_DUE_DATE"] = '2200-01-01'; + $arrayData["USR_CREATE_DATE"] = date("Y-m-d H:i:s"); + $arrayData["USR_UPDATE_DATE"] = date("Y-m-d H:i:s"); + $arrayData["USR_BIRTHDAY"] = '2009-02-01'; + $arrayData["USR_AUTH_USER_DN"] = ""; + $arrayData["USR_STATUS"] = 0; + + $rbacUserExists = RbacUsersPeer::retrieveByPK(self::GUEST_USER_UID); + $isNotRbacUserGuest = !empty($rbacUserExists) + && $rbacUserExists instanceof RbacUsers + && $rbacUserExists->getUserRole($rbacUserExists->getUsrUid())['ROL_CODE'] + !== self::PROCESSMAKER_GUEST; + if (empty($rbacUserExists)) { + $rbacUser = new RbacUsers(); + $rbacUser->fromArray($arrayData, BasePeer::TYPE_FIELDNAME); + $rbacUser->save(); + + $arrayData["USR_UID"] = $rbacUser->getUsrUid(); + $arrayData["USR_STATUS"] = 'INACTIVE'; + $arrayData["USR_COUNTRY"] = ""; + $arrayData["USR_CITY"] = ""; + $arrayData["USR_LOCATION"] = ""; + $arrayData["USR_ADDRESS"] = ""; + $arrayData["USR_PHONE"] = ""; + $arrayData["USR_ZIP_CODE"] = ""; + $arrayData["USR_POSITION"] = ""; + $arrayData["USR_ROLE"] = $strRole; + + $user = new Users(); + $user->create($arrayData); + $this->assignRoleToUser($user->getUsrUid(), $strRole); + } elseif ($isNotRbacUserGuest) { + $this->assignRoleToUser($rbacUserExists->getUsrUid(), $strRole); + } + } catch (Exception $exception) { + throw new Exception( + "Can not create guest user: " . $exception->getMessage(), + 0, + $exception + ); + } + } + + /** + * Create if not exists GUEST role. + * + * @param type $permissions + * @return type + * @throws Exception + */ + private function verifyGuestRole($permissions) + { + try { + $criteria = new Criteria; + $criteria->add(RolesPeer::ROL_CODE, self::PROCESSMAKER_GUEST); + $roleExists = RolesPeer::doSelectOne($criteria); + if (!empty($roleExists)) { + return $roleExists; + } + $dataCase = [ + 'ROL_UID' => self::PROCESSMAKER_GUEST_UID, + 'ROL_CODE' => self::PROCESSMAKER_GUEST, + 'ROL_SYSTEM' => self::PER_SYSTEM, + 'ROL_STATUS' => 1, + 'ROL_NAME' => self::PROCESSMAKER_GUEST, + 'ROL_CREATE_DATE' => date('Y-m-d H:i:s'), + 'ROL_UPDATE_DATE' => date('Y-m-d H:i:s'), + ]; + $this->createRole($dataCase); + $role = RolesPeer::doSelectOne($criteria); + foreach ($permissions as $permission) { + $o = new RolesPermissions(); + $o->setPerUid($permission->getPerUid()); + $o->setPermissionName('Guest case'); + $o->setRolUid($role->getRolUid()); + $o->save(); + } + + return $role; + } catch (Exception $exception) { + throw new Exception( + "Can not create guest role: " . $exception->getMessage(), + 0, + $exception + ); + } + } + + /** + * Create if not exists GUEST permissions. + * + * @return type + * @throws Exception + */ + private function verifyGuestPermissions() + { + try { + $criteria = new Criteria(); + $criteria->add(PermissionsPeer::PER_CODE, self::PM_GUEST_CASE); + $perm = PermissionsPeer::doSelectOne($criteria); + if (!empty($perm)) { + return [$perm]; + } + $permission = new Permissions(); + $permission->setPerUid(self::PM_GUEST_CASE_UID); + $permission->setPerCode(self::PM_GUEST_CASE); + $permission->setPerCreateDate(date('Y-m-d H:i:s')); + $permission->setPerUpdateDate(date('Y-m-d H:i:s')); + $permission->setPerStatus(1); + $permission->setPerSystem(self::PER_SYSTEM); + $permission->save(); + + return [$permission]; + } catch (Exception $exception) { + throw new Exception( + "Can not set guest permissions: " . $exception->getMessage(), + 0, + $exception + ); + } + } + + /** + * Create if not exists GUEST user. + * Create if not exists GUEST role. + * Create if not exists GUEST permissions. + * + * @throws Exception + */ + private function verifyGuestUserRolePermission() + { + $permissions = $this->verifyGuestPermissions(); + $role = $this->verifyGuestRole($permissions); + $this->verifyGuestUser($role); + } + /** * Gets the roles and permission for one RBAC_user * * gets the Role and their permissions for one User * - * @author Fernando Ontiveros Lira * @access public * * @param string $sSystem the system * @param string $sUser the user * @return $this->aUserInfo[ $sSystem ] */ - public function loadUserRolePermission ($sSystem, $sUser) + public function loadUserRolePermission($sSystem, $sUser) { //in previous versions we provided a path data and session we will cache the session Info for this user //now this is deprecated, and all the aUserInfo is in the memcache $this->sSystem = $sSystem; - $fieldsSystem = $this->systemObj->loadByCode( $sSystem ); - $fieldsRoles = $this->usersRolesObj->getRolesBySystem( $fieldsSystem['SYS_UID'], $sUser ); - $fieldsPermissions = $this->usersRolesObj->getAllPermissions( $fieldsRoles['ROL_UID'], $sUser ); - $this->aUserInfo['USER_INFO'] = $this->userObj->load( $sUser ); + $fieldsSystem = $this->systemObj->loadByCode($sSystem); + $fieldsRoles = $this->usersRolesObj->getRolesBySystem($fieldsSystem['SYS_UID'], $sUser); + $fieldsPermissions = $this->usersRolesObj->getAllPermissions($fieldsRoles['ROL_UID'], $sUser); + $this->aUserInfo['USER_INFO'] = $this->userObj->load($sUser); $this->aUserInfo[$sSystem]['SYS_UID'] = $fieldsSystem['SYS_UID']; $this->aUserInfo[$sSystem]['ROLE'] = $fieldsRoles; $this->aUserInfo[$sSystem]['PERMISSIONS'] = $fieldsPermissions; @@ -431,35 +795,35 @@ class RBAC * @param string $strPass the password * @return $res */ - public function checkAutomaticRegister ($strUser, $strPass) + public function checkAutomaticRegister($strUser, $strPass) { - $result = - 1; //default return value, + $result = -1; //default return value, - foreach ($this->aRbacPlugins as $sClassName) { - $plugin = new $sClassName(); - if (method_exists( $plugin, 'automaticRegister' )) { - $oCriteria = new Criteria( 'rbac' ); - $oCriteria->add( AuthenticationSourcePeer::AUTH_SOURCE_PROVIDER, $sClassName ); - $oCriteria->addAscendingOrderByColumn( AuthenticationSourcePeer::AUTH_SOURCE_NAME ); - $oDataset = AuthenticationSourcePeer::doSelectRS( $oCriteria, Propel::getDbConnection('rbac_ro') ); - $oDataset->setFetchmode( ResultSet::FETCHMODE_ASSOC ); - $oDataset->next(); - $aRow = $oDataset->getRow(); - while (is_array( $aRow )) { - $aRow = array_merge( $aRow, unserialize( $aRow['AUTH_SOURCE_DATA'] ) ); + foreach ($this->aRbacPlugins as $className) { + $plugin = new $className(); + if (method_exists($plugin, 'automaticRegister')) { + $criteria = new Criteria('rbac'); + $criteria->add(AuthenticationSourcePeer::AUTH_SOURCE_PROVIDER, $className); + $criteria->addAscendingOrderByColumn(AuthenticationSourcePeer::AUTH_SOURCE_NAME); + $dataset = AuthenticationSourcePeer::doSelectRS($criteria, Propel::getDbConnection('rbac_ro')); + $dataset->setFetchmode(ResultSet::FETCHMODE_ASSOC); + $dataset->next(); + $row = $dataset->getRow(); + while (is_array($row)) { + $row = array_merge($row, unserialize($row['AUTH_SOURCE_DATA'])); //Check if this authsource is enabled for AutoRegister, if not skip this - if ($aRow['AUTH_SOURCE_AUTO_REGISTER'] == 1) { - $plugin->sAuthSource = $aRow['AUTH_SOURCE_UID']; + if ($row['AUTH_SOURCE_AUTO_REGISTER'] == 1) { + $plugin->sAuthSource = $row['AUTH_SOURCE_UID']; $plugin->sSystem = $this->sSystem; //search the usersRolesObj //create the users in ProcessMaker - $res = $plugin->automaticRegister( $aRow, $strUser, $strPass ); + $res = $plugin->automaticRegister($row, $strUser, $strPass); if ($res == 1) { return $res; } } - $oDataset->next(); - $aRow = $oDataset->getRow(); + $dataset->next(); + $row = $dataset->getRow(); } } } @@ -471,54 +835,52 @@ class RBAC * * * @access public - * @param string $sAuthType - * @param string $sAuthSource - * @param string $aUserFields - * @param string $sAuthUserDn + * @param string $authType + * @param string $userFields * @param string $strPass * @return number -2: wrong password * -3: inactive user * -4: due date * -5: invalid authentication source */ - public function VerifyWithOtherAuthenticationSource ($sAuthType, $aUserFields, $strPass) + public function VerifyWithOtherAuthenticationSource($authType, $userFields, $strPass) { - if ($sAuthType == '' || $sAuthType == 'MYSQL') { + if ($authType == '' || $authType == 'MYSQL') { //check if the user is active - if ($aUserFields['USR_STATUS'] != 1) { - return - 3; //inactive user + if ($userFields['USR_STATUS'] != 1) { + return -3; //inactive user } //check if the user's due date is valid - if ($aUserFields['USR_DUE_DATE'] < date( 'Y-m-d' )) { - return - 4; //due date + if ($userFields['USR_DUE_DATE'] < date('Y-m-d')) { + return -4; //due date } } - foreach ($this->aRbacPlugins as $sClassName) { - if (strtolower( $sClassName ) == strtolower( $sAuthType )) { - $plugin = new $sClassName(); - $plugin->sAuthSource = $aUserFields["UID_AUTH_SOURCE"]; + foreach ($this->aRbacPlugins as $className) { + if (strtolower($className) == strtolower($authType)) { + $plugin = new $className(); + $plugin->sAuthSource = $userFields["UID_AUTH_SOURCE"]; $plugin->sSystem = $this->sSystem; $bValidUser = false; - $bValidUser = $plugin->VerifyLogin( $aUserFields["USR_AUTH_USER_DN"], $strPass ); + $bValidUser = $plugin->VerifyLogin($userFields["USR_AUTH_USER_DN"], $strPass); if ($bValidUser === true) { - return ($aUserFields['USR_UID']); + return ($userFields['USR_UID']); } else { - return - 2; //wrong password + return -2; //wrong password } } } - return - 5; //invalid authentication source + + return -5; //invalid authentication source } /** * authentication of an user through of class RBAC_user * - * checking that an user has right to start an applicaton + * checking that an user has right to start an application * - * @author Fernando Ontiveros Lira * @access public * * @param string $strUser UserId (login) an user @@ -530,44 +892,47 @@ class RBAC * -5: invalid authentication source ( **new ) * n : uid of user */ - public function VerifyLogin ($strUser, $strPass) + public function VerifyLogin($strUser, $strPass) { /*----------------------------------********---------------------------------*/ $licenseManager =& PmLicenseManager::getSingleton(); - if (in_array(G::encryptOld($licenseManager->result), array('38afd7ae34bd5e3e6fc170d8b09178a3', 'ba2b45bdc11e2a4a6e86aab2ac693cbb'))) { + if (in_array(G::encryptOld($licenseManager->result), + array('38afd7ae34bd5e3e6fc170d8b09178a3', 'ba2b45bdc11e2a4a6e86aab2ac693cbb'))) { return -7; } /*----------------------------------********---------------------------------*/ - if (strlen( $strPass ) == 0) { - return - 2; + if (strlen($strPass) == 0) { + return -2; } //check if the user exists in the table RB_WORKFLOW.USERS $this->initRBAC(); //if the user exists, the VerifyUser function will return the user properties - if ($this->userObj->verifyUser( $strUser ) == 0) { + if ($this->userObj->verifyUser($strUser) == 0) { //here we are checking if the automatic user Register is enabled, ioc return -1 - $res = $this->checkAutomaticRegister( $strUser, $strPass ); + $res = $this->checkAutomaticRegister($strUser, $strPass); if ($res == 1) { - $this->userObj->verifyUser( $strUser ); + $this->userObj->verifyUser($strUser); } else { return $res; } } //default values - $sAuthType = 'mysql'; - if (isset( $this->userObj->fields['USR_AUTH_TYPE'] )) { - $sAuthType = strtolower( $this->userObj->fields['USR_AUTH_TYPE'] ); + $authType = 'mysql'; + if (isset($this->userObj->fields['USR_AUTH_TYPE'])) { + $authType = strtolower($this->userObj->fields['USR_AUTH_TYPE']); } //Hook for RBAC plugins - if ($sAuthType != "mysql" && $sAuthType != "") { - $res = $this->VerifyWithOtherAuthenticationSource( $sAuthType, $this->userObj->fields, $strPass ); + if ($authType != "mysql" && $authType != "") { + $res = $this->VerifyWithOtherAuthenticationSource($authType, $this->userObj->fields, $strPass); + return $res; } else { $this->userObj->reuseUserFields = true; - $res = $this->userObj->VerifyLogin( $strUser, $strPass ); + $res = $this->userObj->VerifyLogin($strUser, $strPass); + return $res; } } @@ -580,52 +945,69 @@ class RBAC * @param string $strUser * @return $res */ - public function verifyUser ($strUser) + public function verifyUser($strUser) { - $res = $this->userObj->verifyUser( $strUser ); + $res = $this->userObj->verifyUser($strUser); + return $res; } /** * Verify if the user exist or not exists, the argument is the UserUID * - * @author Everth S. Berrios * @access public * @param string $strUserId * @return $res */ - public function verifyUserId ($strUserId) + public function verifyUserId($strUserId) { - $res = $this->userObj->verifyUserId( $strUserId ); + $res = $this->userObj->verifyUserId($strUserId); + return $res; } /** - * Verify if the user has a right over the permission + * Verify if the user has a right over the permission. Ex. + * $rbac->userCanAccess("PM_CASES"); + * + * Alias of permissions: + * PM_CASES has alias: PM_GUEST_CASE + * This means that a role with PM_GUEST_CASE could access like one with PM_CASES + * unless the permission is required as strict, like this: + * $rbac->userCanAccess("PM_CASES/strict"); * - * @author Fernando Ontiveros * @access public - * * @param string $uid id of user * @param string $system Code of System - * @param string $perm id of Permissions + * @param string $permBase id of Permissions * @return int 1: If it is ok * -1: System doesn't exists * -2: The User has not a Role * -3: The User has not this Permission. */ - public function userCanAccess ($perm) + public function userCanAccess($permBase) { - if (isset( $this->aUserInfo[$this->sSystem]['PERMISSIONS'] )) { - $res = - 3; - //if ( !isset ( $this->aUserInfo[ $this->sSystem ]['ROLE'. 'x'] ) ) $res = -2; + $strict = substr($permBase, -7, 7) === '/strict'; + $perm = $strict ? substr($permBase, 0, -7) : $permBase; + if (isset($this->aUserInfo[$this->sSystem]['PERMISSIONS'])) { + $res = -3; foreach ($this->aUserInfo[$this->sSystem]['PERMISSIONS'] as $key => $val) { if ($perm == $val['PER_CODE']) { $res = 1; } + $hasAliasPermission = !$strict + && isset($this->aliasPermissions[$perm]) + && array_search( + $val['PER_CODE'], + $this->aliasPermissions[$perm] + ) !== false; + if ($hasAliasPermission) { + $res = 1; + break; + } } } else { - $res = - 1; + $res = -1; } return $res; @@ -635,114 +1017,118 @@ class RBAC * to create an user * * @access public - * @param array $aData - * @param string $sRolCode - * @return $sUserUID + * @param array $dataCase + * @param string $rolCode + * @return $userUid */ - public function createUser ($aData = array(), $sRolCode = '') + public function createUser($dataCase = [], $rolCode = '') { - if ($aData["USR_STATUS"] . "" == "1") { - $aData["USR_STATUS"] = "ACTIVE"; + if ($dataCase["USR_STATUS"] . "" == "1") { + $dataCase["USR_STATUS"] = "ACTIVE"; } - if ($aData["USR_STATUS"] . "" == "0") { - $aData["USR_STATUS"] = "INACTIVE"; + if ($dataCase["USR_STATUS"] . "" == "0") { + $dataCase["USR_STATUS"] = "INACTIVE"; } - if ($aData['USR_STATUS'] == 'ACTIVE') { - $aData['USR_STATUS'] = 1; + if ($dataCase['USR_STATUS'] == 'ACTIVE') { + $dataCase['USR_STATUS'] = 1; } - if ($aData['USR_STATUS'] == 'INACTIVE') { - $aData['USR_STATUS'] = 0; + if ($dataCase['USR_STATUS'] == 'INACTIVE') { + $dataCase['USR_STATUS'] = 0; } - $sUserUID = $this->userObj->create( $aData ); + $userUid = $this->userObj->create($dataCase); - if ($sRolCode != '') { - $this->assignRoleToUser( $sUserUID, $sRolCode ); + if ($rolCode != '') { + $this->assignRoleToUser($userUid, $rolCode); } - return $sUserUID; + + return $userUid; } /** - * updated an user + * Update an user * * @access public - * @param array $aData - * @param string $sRolCode + * @param array $dataCase + * @param string $rolCode * @return void */ - public function updateUser ($aData = array(), $sRolCode = '') + public function updateUser($dataCase = [], $rolCode = '') { - if (isset( $aData['USR_STATUS'] )) { - if ($aData['USR_STATUS'] == 'ACTIVE') { - $aData['USR_STATUS'] = 1; + if (isset($dataCase['USR_STATUS'])) { + if ($dataCase['USR_STATUS'] == 'ACTIVE') { + $dataCase['USR_STATUS'] = 1; } } - $this->userObj->update( $aData ); - if ($sRolCode != '') { - $this->removeRolesFromUser( $aData['USR_UID'] ); - $this->assignRoleToUser( $aData['USR_UID'], $sRolCode ); + + $this->userObj->update($dataCase); + if ($rolCode != '') { + $this->removeRolesFromUser($dataCase['USR_UID']); + $this->assignRoleToUser($dataCase['USR_UID'], $rolCode); } } /** - * to put role an user + * To put role an user * * @access public - * @param string $sUserUID - * @param string $sRolCode + * @param string $userUid + * @param string $rolCode * @return void */ - public function assignRoleToUser ($sUserUID = '', $sRolCode = '') + public function assignRoleToUser($userUid = '', $rolCode = '') { - $aRol = $this->rolesObj->loadByCode( $sRolCode ); - $this->usersRolesObj->create( $sUserUID, $aRol['ROL_UID'] ); + $aRol = $this->rolesObj->loadByCode($rolCode); + $this->usersRolesObj->create($userUid, $aRol['ROL_UID']); } /** - * remove a role from an user + * Remove a role from an user * * @access public - * @param array $sUserUID + * @param string $userUid * @return void */ - public function removeRolesFromUser ($sUserUID = '') + public function removeRolesFromUser($userUid = '') { - $oCriteria = new Criteria( 'rbac' ); - $oCriteria->add( UsersRolesPeer::USR_UID, $sUserUID ); - UsersRolesPeer::doDelete( $oCriteria ); + $criteria = new Criteria('rbac'); + $criteria->add(UsersRolesPeer::USR_UID, $userUid); + $criteria->add(UsersRolesPeer::ROL_UID, [RBAC::PROCESSMAKER_GUEST_UID], Criteria::NOT_IN); + UsersRolesPeer::doDelete($criteria); } /** * change status of an user * * @access public - * @param array $sUserUID + * @param string $userUid + * @param string $userStatus * @return void */ - public function changeUserStatus ($sUserUID = '', $sStatus = 'ACTIVE') + public function changeUserStatus($userUid = '', $userStatus = 'ACTIVE') { - if ($sStatus === 'ACTIVE') { - $sStatus = 1; + if ($userStatus === 'ACTIVE') { + $userStatus = 1; } - $aFields = $this->userObj->load( $sUserUID ); - $aFields['USR_STATUS'] = $sStatus; - $this->userObj->update( $aFields ); + $aFields = $this->userObj->load($userUid); + $aFields['USR_STATUS'] = $userStatus; + $this->userObj->update($aFields); } /** * remove an user * * @access public - * @param array $sUserUID + * @param string $userUid * @return void */ - public function removeUser ($sUserUID = '') + public function removeUser($userUid = '') { - $this->userObj->remove( $sUserUID ); - $this->removeRolesFromUser( $sUserUID ); + $this->userObj->remove($userUid); + $this->removeRolesFromUser($userUid); } // @@ -752,65 +1138,37 @@ class RBAC * * getting datas that is saved in rbac * - * @author Fernando Ontiveros Lira * @access public * * @param string $uid id user * @return array with info of an user */ - public function load ($uid) + public function load($uid) { $this->initRBAC(); - $this->userObj->Fields = $this->userObj->load( $uid ); + $this->userObj->Fields = $this->userObj->load($uid); - $fieldsSystem = $this->systemObj->loadByCode( $this->sSystem ); - $fieldsRoles = $this->usersRolesObj->getRolesBySystem( $fieldsSystem['SYS_UID'], $uid ); + $fieldsSystem = $this->systemObj->loadByCode($this->sSystem); + $fieldsRoles = $this->usersRolesObj->getRolesBySystem($fieldsSystem['SYS_UID'], $uid); $this->userObj->Fields['USR_ROLE'] = $fieldsRoles['ROL_CODE']; + return $this->userObj->Fields; } - /** - * loading permission by code - * - * - * @access public - * - * @param string $sCode - * @return void - */ - // function loadPermissionByCode($sCode) { - // return $this->permissionsObj->loadByCode($sCode); - // } - - /** * create permission * * * @access public * - * @param string $sCode + * @param string $code * @return void */ - public function createPermision ($sCode) + public function createPermision($code) { - return $this->permissionsObj->create( array ('PER_CODE' => $sCode) ); + return $this->permissionsObj->create(array('PER_CODE' => $code)); } - /** - * loading role by code - * - * - * @access public - * - * @param string $sCode - * @return void - */ - // function loadRoleByCode($sCode) { - // return $this->rolesObj->loadByCode($sCode); - // } - - /** * list all roles * @@ -821,9 +1179,9 @@ class RBAC * @return $this->rolesObj */ - public function listAllRoles ($systemCode = 'PROCESSMAKER') + public function listAllRoles($systemCode = 'PROCESSMAKER') { - return $this->rolesObj->listAllRoles( $systemCode ); + return $this->rolesObj->listAllRoles($systemCode); } /** @@ -835,9 +1193,9 @@ class RBAC * @param string $systemCode * @return $this->rolesObj->getAllRoles */ - public function getAllRoles ($systemCode = 'PROCESSMAKER') + public function getAllRoles($systemCode = 'PROCESSMAKER') { - return $this->rolesObj->getAllRoles( $systemCode ); + return $this->rolesObj->getAllRoles($systemCode); } /** @@ -848,9 +1206,9 @@ class RBAC * @param string $filter * @return $this->rolesObj->getAllRolesFilter */ - public function getAllRolesFilter ($start, $limit, $filter) + public function getAllRolesFilter($start, $limit, $filter) { - return $this->rolesObj->getAllRolesFilter( $start, $limit, $filter ); + return $this->rolesObj->getAllRolesFilter($start, $limit, $filter); } /** @@ -862,9 +1220,9 @@ class RBAC * @param string $systemCode * @return $this->rolesObj->listAllPermissions */ - public function listAllPermissions ($systemCode = 'PROCESSMAKER') + public function listAllPermissions($systemCode = 'PROCESSMAKER') { - return $this->rolesObj->listAllPermissions( $systemCode ); + return $this->rolesObj->listAllPermissions($systemCode); } /** @@ -873,12 +1231,12 @@ class RBAC * * @access public * - * @param array $aData + * @param array $dataCase * @return $this->rolesObj->createRole */ - public function createRole ($aData) + public function createRole($dataCase) { - return $this->rolesObj->createRole( $aData ); + return $this->rolesObj->createRole($dataCase); } /** @@ -887,12 +1245,12 @@ class RBAC * * @access public * - * @param string $ROL_UID + * @param string $rolUid * $@return $this->rolesObj->removeRole */ - public function removeRole ($ROL_UID) + public function removeRole($rolUid) { - return $this->rolesObj->removeRole( $ROL_UID ); + return $this->rolesObj->removeRole($rolUid); } /** @@ -904,9 +1262,9 @@ class RBAC * @param string $code * @return $this->rolesObj->verifyNewRole */ - public function verifyNewRole ($code) + public function verifyNewRole($code) { - return $this->rolesObj->verifyNewRole( $code ); + return $this->rolesObj->verifyNewRole($code); } /** @@ -918,9 +1276,9 @@ class RBAC * @param string $fields * @return $this->rolesObj->updateRole */ - public function updateRole ($fields) + public function updateRole($fields) { - return $this->rolesObj->updateRole( $fields ); + return $this->rolesObj->updateRole($fields); } /** @@ -929,12 +1287,12 @@ class RBAC * * @access public * - * @param string $ROL_UID + * @param string $rolUid * @return $this->rolesObj->loadById */ - public function loadById ($ROL_UID) + public function loadById($rolUid) { - return $this->rolesObj->loadById( $ROL_UID ); + return $this->rolesObj->loadById($rolUid); } /** @@ -943,10 +1301,10 @@ class RBAC * * @access public * - * @param string $ROL_UID + * @param string $rolUid * @return $this->rolesObj->getRoleUsers */ - public function getRoleUsers ($ROL_UID, $filter = '') + public function getRoleUsers($rolUid, $filter = '') { throw new Exception(__METHOD__ . ': The method is deprecated'); } @@ -956,11 +1314,10 @@ class RBAC * * * @access public - * @author : Enrique Ponce de Leon * * @return $this->rolesObj->getAllUsersByRole */ - public function getAllUsersByRole () + public function getAllUsersByRole() { return $this->rolesObj->getAllUsersByRole(); } @@ -970,11 +1327,10 @@ class RBAC * * * @access public - * @author : Enrique Ponce de Leon * * @return $this->rolesObj->getAllUsersByRole */ - public function getAllUsersByDepartment () + public function getAllUsersByDepartment() { return $this->rolesObj->getAllUsersByDepartment(); } @@ -985,12 +1341,12 @@ class RBAC * * @access public * - * @param string $ROL_UID + * @param string $rolUid * @return $this->rolesObj->getRoleCode */ - public function getRoleCode ($ROL_UID) + public function getRoleCode($rolUid) { - return $this->rolesObj->getRoleCode( $ROL_UID ); + return $this->rolesObj->getRoleCode($rolUid); } /** @@ -999,13 +1355,13 @@ class RBAC * * @access public * - * @param string $ROL_UID + * @param string $rolUid * @param string $USR_UID * @return $this->rolesObj->deleteUserRole */ - public function deleteUserRole ($ROL_UID, $USR_UID) + public function deleteUserRole($rolUid, $USR_UID) { - return $this->rolesObj->deleteUserRole( $ROL_UID, $USR_UID ); + return $this->rolesObj->deleteUserRole($rolUid, $USR_UID); } /** @@ -1014,10 +1370,10 @@ class RBAC * * @access public * - * @param string $ROL_UID + * @param string $rolUid * @return $this->rolesObj->getAllUsers */ - public function getAllUsers ($ROL_UID, $filter = '') + public function getAllUsers($rolUid, $filter = '') { throw new Exception(__METHOD__ . ': The method is deprecated'); } @@ -1028,12 +1384,12 @@ class RBAC * * @access public * - * @param array $aData + * @param array $dataCase * @return $this->rolesObj->assignUserToRole */ - public function assignUserToRole ($aData) + public function assignUserToRole($dataCase) { - return $this->rolesObj->assignUserToRole( $aData ); + return $this->rolesObj->assignUserToRole($dataCase); } /** @@ -1042,26 +1398,26 @@ class RBAC * * @access public * - * @param string $ROL_UID + * @param string $rolUid * @return $this->rolesObj->getRolePermissionsByPerUid */ - public function getRolePermissionsByPerUid($ROL_UID) + public function getRolePermissionsByPerUid($rolUid) { - return $this->rolesObj->getRolePermissionsByPerUid($ROL_UID); + return $this->rolesObj->getRolePermissionsByPerUid($rolUid); } /** - * this function is Assigne role permission + * this function is Assignee role permission * * * @access public * - * @param string $ROL_UID + * @param string $rolUid * @return $this->rolesObj->isAssigneRolePermission */ - public function getPermissionAssignedRole($ROL_UID, $PER_UID) + public function getPermissionAssignedRole($rolUid, $perUid) { - return $this->rolesObj->getPermissionAssignedRole($ROL_UID, $PER_UID); + return $this->rolesObj->getPermissionAssignedRole($rolUid, $perUid); } /** @@ -1070,12 +1426,14 @@ class RBAC * * @access public * - * @param string $ROL_UID + * @param string $rolUid + * @param string $filter + * @param string $status * @return $this->rolesObj->getRolePermissions */ - public function getRolePermissions ($ROL_UID, $filter = '', $status = null) + public function getRolePermissions($rolUid, $filter = '', $status = null) { - return $this->rolesObj->getRolePermissions( $ROL_UID, $filter, $status ); + return $this->rolesObj->getRolePermissions($rolUid, $filter, $status); } /** @@ -1084,13 +1442,15 @@ class RBAC * * @access public * - * @param string $ROL_UID - * @param string $PER_SYSTEM + * @param string $rolUid + * @param string $perSystem + * @param string $filter + * @param string $status * @return $this->rolesObj->getAllPermissions */ - public function getAllPermissions ($ROL_UID, $PER_SYSTEM = "", $filter = '', $status = null) + public function getAllPermissions($rolUid, $perSystem = "", $filter = '', $status = null) { - return $this->rolesObj->getAllPermissions( $ROL_UID, $PER_SYSTEM, $filter, $status ); + return $this->rolesObj->getAllPermissions($rolUid, $perSystem, $filter, $status); } /** @@ -1099,12 +1459,12 @@ class RBAC * * @access public * - * @param array $aData + * @param array $dataCase * @return $this->rolesObj->assignPermissionRole */ - public function assignPermissionRole ($sData) + public function assignPermissionRole($dataCase) { - return $this->rolesObj->assignPermissionRole( $sData ); + return $this->rolesObj->assignPermissionRole($dataCase); } /** @@ -1113,13 +1473,13 @@ class RBAC * * @access public * - * @param string $sRoleUID - * @param string $sPermissionUID + * @param string $roleUid + * @param string $permissionUid * @return $this->rolesPermissionsObj->create */ - public function assignPermissionToRole ($sRoleUID, $sPermissionUID) + public function assignPermissionToRole($roleUid, $permissionUid) { - return $this->rolesPermissionsObj->create( array ('ROL_UID' => $sRoleUID,'PER_UID' => $sPermissionUID ) ); + return $this->rolesPermissionsObj->create(array('ROL_UID' => $roleUid, 'PER_UID' => $permissionUid)); } /** @@ -1128,13 +1488,13 @@ class RBAC * * @access public * - * @param string $ROL_UID - * @param string $PER_UID + * @param string $rolUid + * @param string $perUid * @return $this->rolesObj->deletePermissionRole */ - public function deletePermissionRole ($ROL_UID, $PER_UID) + public function deletePermissionRole($rolUid, $perUid) { - return $this->rolesObj->deletePermissionRole( $ROL_UID, $PER_UID ); + return $this->rolesObj->deletePermissionRole($rolUid, $perUid); } /** @@ -1143,12 +1503,12 @@ class RBAC * * @access public * - * @param string $ROL_UID + * @param string $rolUid * @return $this->rolesObj->numUsersWithRole */ - public function numUsersWithRole ($ROL_UID) + public function numUsersWithRole($rolUid) { - return $this->rolesObj->numUsersWithRole( $ROL_UID ); + return $this->rolesObj->numUsersWithRole($rolUid); } /** @@ -1157,13 +1517,14 @@ class RBAC * * @access public * - * @param string $sCode + * @param string $code * @return $this->systemObj->create */ - public function createSystem ($sCode) + public function createSystem($code) { - return $this->systemObj->create( array ('SYS_CODE' => $sCode - ) ); + return $this->systemObj->create(array( + 'SYS_CODE' => $code + )); } /** @@ -1172,12 +1533,12 @@ class RBAC * * @access public * - * @param string $sCode + * @param string $code * @return $this->rolesObj->verifyByCode */ - public function verifyByCode ($sCode) + public function verifyByCode($code) { - return $this->rolesObj->verifyByCode( $sCode ); + return $this->rolesObj->verifyByCode($code); } /** @@ -1190,7 +1551,7 @@ class RBAC * @return $this->authSourcesObj->getAllAuthSources() */ - public function getAllAuthSources () + public function getAllAuthSources() { return $this->authSourcesObj->getAllAuthSources(); } @@ -1205,7 +1566,7 @@ class RBAC * @return $this->authSourcesObj->getAllAuthSources() */ - public function getAllAuthSourcesByUser () + public function getAllAuthSourcesByUser() { return $this->authSourcesObj->getAllAuthSourcesByUser(); } @@ -1222,9 +1583,9 @@ class RBAC * @return $this->authSourcesObj->getAuthenticationSources() */ - public function getAuthenticationSources ($start, $limit, $filter = '') + public function getAuthenticationSources($start, $limit, $filter = '') { - return $this->authSourcesObj->getAuthenticationSources( $start, $limit, $filter ); + return $this->authSourcesObj->getAuthenticationSources($start, $limit, $filter); } /** @@ -1233,19 +1594,20 @@ class RBAC * * @access public * - * @param string $sUID + * @param string $uid * @return $this->authSourcesObj->load */ - public function getAuthSource ($sUID) + public function getAuthSource($uid) { - $data = $this->authSourcesObj->load( $sUID ); - $pass = explode( "_", $data['AUTH_SOURCE_PASSWORD'] ); + $data = $this->authSourcesObj->load($uid); + $pass = explode("_", $data['AUTH_SOURCE_PASSWORD']); foreach ($pass as $index => $value) { if ($value == '2NnV3ujj3w') { - $data['AUTH_SOURCE_PASSWORD'] = G::decrypt( $pass[0], $data['AUTH_SOURCE_SERVER_NAME'] ); + $data['AUTH_SOURCE_PASSWORD'] = G::decrypt($pass[0], $data['AUTH_SOURCE_SERVER_NAME']); } } $this->authSourcesObj->Fields = $data; + return $this->authSourcesObj->Fields; } @@ -1255,13 +1617,14 @@ class RBAC * * @access public * - * @param array $aData + * @param array $dataCase * @return $this->authSourcesObj->create */ - public function createAuthSource ($aData) + public function createAuthSource($dataCase) { - $aData['AUTH_SOURCE_PASSWORD'] = G::encrypt( $aData['AUTH_SOURCE_PASSWORD'], $aData['AUTH_SOURCE_SERVER_NAME'] ) . "_2NnV3ujj3w"; - $this->authSourcesObj->create( $aData ); + $dataCase['AUTH_SOURCE_PASSWORD'] = G::encrypt($dataCase['AUTH_SOURCE_PASSWORD'], + $dataCase['AUTH_SOURCE_SERVER_NAME']) . "_2NnV3ujj3w"; + $this->authSourcesObj->create($dataCase); } /** @@ -1270,13 +1633,14 @@ class RBAC * * @access public * - * @param array $aData + * @param array $dataCase * @return $this->authSourcesObj->create */ - public function updateAuthSource ($aData) + public function updateAuthSource($dataCase) { - $aData['AUTH_SOURCE_PASSWORD'] = G::encrypt( $aData['AUTH_SOURCE_PASSWORD'], $aData['AUTH_SOURCE_SERVER_NAME'] ) . "_2NnV3ujj3w"; - $this->authSourcesObj->update( $aData ); + $dataCase['AUTH_SOURCE_PASSWORD'] = G::encrypt($dataCase['AUTH_SOURCE_PASSWORD'], + $dataCase['AUTH_SOURCE_SERVER_NAME']) . "_2NnV3ujj3w"; + $this->authSourcesObj->update($dataCase); } /** @@ -1285,12 +1649,12 @@ class RBAC * * @access public * - * @param string $sUID + * @param string $uid * @return $this->authSourcesObj->remove */ - public function removeAuthSource ($sUID) + public function removeAuthSource($uid) { - $this->authSourcesObj->remove( $sUID ); + $this->authSourcesObj->remove($uid); } /** @@ -1302,7 +1666,7 @@ class RBAC * @return $this->userObj->getAllUsersByAuthSource() */ - public function getAllUsersByAuthSource () + public function getAllUsersByAuthSource() { return $this->userObj->getAllUsersByAuthSource(); } @@ -1316,9 +1680,9 @@ class RBAC * @return $this->userObj->getAllUsersByAuthSource() */ - public function getListUsersByAuthSource ($aSource) + public function getListUsersByAuthSource($source) { - return $this->userObj->getListUsersByAuthSource( $aSource ); + return $this->userObj->getListUsersByAuthSource($source); } /** @@ -1327,123 +1691,129 @@ class RBAC * * @access public * - * @param string $sUID - * @param string $sKeyword + * @param string $uid + * @param string $keyword * @return array */ - public function searchUsers ($sUID, $sKeyword) + public function searchUsers($uid, $keyword) { - $aAuthSource = $this->getAuthSource( $sUID ); - $sAuthType = strtolower( $aAuthSource['AUTH_SOURCE_PROVIDER'] ); - foreach ($this->aRbacPlugins as $sClassName) { - if (strtolower( $sClassName ) == $sAuthType) { - $plugin = new $sClassName(); - $plugin->sAuthSource = $sUID; + $aAuthSource = $this->getAuthSource($uid); + $authType = strtolower($aAuthSource['AUTH_SOURCE_PROVIDER']); + foreach ($this->aRbacPlugins as $className) { + if (strtolower($className) == $authType) { + $plugin = new $className(); + $plugin->sAuthSource = $uid; $plugin->sSystem = $this->sSystem; - return $plugin->searchUsers( $sKeyword ); + + return $plugin->searchUsers($keyword); } } - return array (); + + return []; } - public function requirePermissions ($permissions) + public function requirePermissions($permissions) { $numPerms = func_num_args(); $permissions = func_get_args(); - $access = - 1; + $access = -1; if ($numPerms == 1) { - $access = $this->userCanAccess( $permissions[0] ); + $access = $this->userCanAccess($permissions[0]); } elseif ($numPerms > 0) { foreach ($permissions as $perm) { - $access = $this->userCanAccess( $perm ); + $access = $this->userCanAccess($perm); if ($access == 1) { $access = 1; break; } } } else { - throw new Exception( 'function requirePermissions() ->ERROR: Parameters missing!' ); + throw new Exception('function requirePermissions() ->ERROR: Parameters missing!'); } if ($access == 1) { return true; } else { switch ($access) { - case - 2: - G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_SYSTEM', 'error', 'labels' ); - G::header( 'location: ../login/login' ); + case -2: + G::SendTemporalMessage('ID_USER_HAVENT_RIGHTS_SYSTEM', 'error', 'labels'); + G::header('location: ../login/login'); break; - case - 1: + case -1: default: - G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_PAGE', 'error', 'labels' ); - G::header( 'location: ../login/login' ); + G::SendTemporalMessage('ID_USER_HAVENT_RIGHTS_PAGE', 'error', 'labels'); + G::header('location: ../login/login'); break; } - exit( 0 ); + exit(0); } } - private function getAllFiles ($directory, $recursive = true) + private function getAllFiles($directory, $recursive = true) { - $result = array (); - if (is_dir( $directory )) { - $handle = opendir( $directory ); - while ($datei = readdir( $handle )) { + $result = []; + if (is_dir($directory)) { + $handle = opendir($directory); + while ($datei = readdir($handle)) { if (($datei != '.') && ($datei != '..')) { $file = $directory . $datei; - if (is_dir( $file )) { + if (is_dir($file)) { if ($recursive) { - $result = array_merge( $result, getAllFiles( $file . '/' ) ); + $result = array_merge($result, getAllFiles($file . '/')); } } else { $result[] = $file; } } } - closedir( $handle ); + closedir($handle); } + return $result; } - private function getFilesTimestamp ($directory, $recursive = true) + private function getFilesTimestamp($directory, $recursive = true) { - $allFiles = self::getAllFiles( $directory, $recursive ); - $fileArray = array (); + $allFiles = self::getAllFiles($directory, $recursive); + $fileArray = []; foreach ($allFiles as $val) { $timeResult['file'] = $val; - $timeResult['timestamp'] = filemtime( $val ); + $timeResult['timestamp'] = filemtime($val); $fileArray[] = $timeResult; } + return $fileArray; } - public function cleanSessionFiles ($hours = 72) + public function cleanSessionFiles($hours = 72) { - $currentTime = strtotime( "now" ); + $currentTime = strtotime("now"); $timeDifference = $hours * 60 * 60; $limitTime = $currentTime - $timeDifference; $sessionsPath = PATH_DATA . 'session' . PATH_SEP; - $filesResult = self::getFilesTimestamp( $sessionsPath ); + $filesResult = self::getFilesTimestamp($sessionsPath); $count = 0; foreach ($filesResult as $file) { if ($file['timestamp'] < $limitTime) { - unlink( $file['file'] ); - $count ++; + unlink($file['file']); + $count++; } } } + /** - * this function permissions - * + * This function verify the permissions * * @access public * + * @return array */ public function verifyPermissions() { - $message = array(); + $message = []; + $this->verifyGuestUserRolePermission(); $listPermissions = $this->loadPermissionAdmin(); $criteria = new Criteria('rbac'); $dataset = PermissionsPeer::doSelectRS($criteria); @@ -1462,7 +1832,7 @@ class RBAC } foreach ($listPermissions as $key => $item) { //Adding new permissions - $data = array(); + $data = []; $data['PER_UID'] = $item['PER_UID']; $data['PER_CODE'] = $item['PER_CODE']; $data['PER_CREATE_DATE'] = date('Y-m-d H:i:s'); @@ -1480,6 +1850,7 @@ class RBAC $this->assigningNewPermissionsPmSetup($item); $this->assigningNewPermissionsPmEditProfile($item); } + return $message; } @@ -1487,7 +1858,7 @@ class RBAC * Permissions for tab ADMIN * @param array $item */ - public function assigningNewPermissionsPmSetup($item = array()) + public function assigningNewPermissionsPmSetup($item = []) { if (strpos($item['PER_CODE'], 'PM_SETUP_') !== false) { $rolesWithPermissionSetup = $this->getRolePermissionsByPerUid(self::SETUPERMISSIONUID); @@ -1495,7 +1866,7 @@ class RBAC while ($aRow = $rolesWithPermissionSetup->getRow()) { $isAssignedNewpermissions = $this->getPermissionAssignedRole($aRow['ROL_UID'], $item['PER_UID']); if (!$isAssignedNewpermissions) { - $dataPermissions = array(); + $dataPermissions = []; $dataPermissions['ROL_UID'] = $aRow['ROL_UID']; $dataPermissions['PER_UID'] = $item['PER_UID']; $this->assignPermissionRole($dataPermissions); @@ -1509,7 +1880,7 @@ class RBAC * Permissions for Edit Profile User * @param array $item */ - public function assigningNewPermissionsPmEditProfile($item = array()) + public function assigningNewPermissionsPmEditProfile($item = []) { if (strpos($item['PER_CODE'], 'PM_EDIT_USER_PROFILE_') !== false) { $allRolesRolUid = $this->getAllRoles('PROCESSMAKER'); @@ -1529,18 +1900,20 @@ class RBAC $isAssignedNewpermissions = $this->getPermissionAssignedRole($aRow['ROL_UID'], $item['PER_UID']); $assignPermissions = true; if (!$isAssignedNewpermissions) { - if ($aRow['ROL_CODE'] == 'PROCESSMAKER_OPERATOR' && in_array($item['PER_CODE'], $permissionsForOperator)) { + if ($aRow['ROL_CODE'] == 'PROCESSMAKER_OPERATOR' && in_array($item['PER_CODE'], + $permissionsForOperator)) { $assignPermissions = false; } if (!in_array($aRow['ROL_CODE'], $perCodePM)) { $assignPermissions = false; - $checkPermisionEdit = $this->getPermissionAssignedRole($aRow['ROL_UID'], '00000000000000000000000000000014'); + $checkPermisionEdit = $this->getPermissionAssignedRole($aRow['ROL_UID'], + '00000000000000000000000000000014'); if ($checkPermisionEdit && !in_array($item['PER_CODE'], $permissionsForOperator)) { $assignPermissions = true; } } if ($assignPermissions) { - $dataPermissions = array(); + $dataPermissions = []; $dataPermissions['ROL_UID'] = $aRow['ROL_UID']; $dataPermissions['PER_UID'] = $item['PER_UID']; $this->assignPermissionRole($dataPermissions); @@ -1557,6 +1930,7 @@ class RBAC * @param string $action * * @return void + * @throws RBACException */ public function allows($file, $action) { @@ -1606,5 +1980,17 @@ class RBAC { return $this->enableLoginHash; } + + /** + * Returns true in case the parameter corresponds to the invited user, + * otherwise it returns false. + * + * @param string $usrUid + * @return boolean + */ + public static function isGuestUserUid($usrUid) + { + return self::GUEST_USER_UID === $usrUid; + } } diff --git a/gulpfile.js b/gulpfile.js index 85dcb13b8..2ecbb281b 100644 --- a/gulpfile.js +++ b/gulpfile.js @@ -471,7 +471,26 @@ gulp.task('clean', function () { cleanDirectory('workflow/public_html/lib'); }); -gulp.task('default', ['clean'], function (cb) { +/** + * This scheduled task is to be able to create the guest user constants + */ +gulp.task('__env', function (cb) { + var data = require('./config/enviromentvariables.json'), + pathEnviroment = 'vendor/colosa/MichelangeloFE/src/enviroment/', + content = 'var __env = __env || {};'; + + gutil.log(gutil.colors.green('Creating System Constants...')); + if (!fs.existsSync(pathEnviroment)){ + fs.mkdirSync(pathEnviroment); + } + fs.writeFile( + pathEnviroment + 'constants.js', + content + '__env.USER_GUEST = ' + JSON.stringify(data.constants.userguest) + ';', + cb + ); +}); + +gulp.task('default', ['clean', '__env'], function (cb) { var i, tasks = []; gutil.log(gutil.colors.green('Initializing ProcessMaker building...')); diff --git a/rbac/engine/classes/model/RbacUsers.php b/rbac/engine/classes/model/RbacUsers.php index 9e76fd516..a6da34c66 100644 --- a/rbac/engine/classes/model/RbacUsers.php +++ b/rbac/engine/classes/model/RbacUsers.php @@ -24,6 +24,7 @@ * Coral Gables, FL, 33134, USA, or email info@colosa.com. * */ + /** * @access public */ @@ -44,57 +45,60 @@ use ProcessMaker\Plugins\PluginRegistry; class RbacUsers extends BaseRbacUsers { + private $userUidReserved = [RBAC::GUEST_USER_UID]; + /** - * Autentificacion de un usuario a traves de la clase RBAC_user + * Authentication of a user through the class RBAC_user * - * verifica que un usuario tiene derechos de iniciar una aplicacion + * verifies that a user has permission to start an application * - * @author Fernando Ontiveros Lira - * access public + * @access public * Function verifyLogin * - * @param string $strUser UserId (login) de usuario - * @param string $strPass Password - * @return - * -1: no existe usuario - * -2: password errado - * -3: usuario inactivo - * -4: usuario vencido - * -6: role inactivo - * n : uid de usuario + * @param string $userName UserId (login) de usuario + * @param string $password Password + * @return type + * -1: no user exists + * -2: wrong password + * -3: inactive user + * -4: expired user + * -6: role inactive + * n : string user uid + * @throws Exception */ - public function verifyLogin($sUsername, $sPassword) + public function verifyLogin($userName, $password) { //invalid user - if ($sUsername == '') { + if ($userName == '') { return -1; } //invalid password - if ($sPassword == '') { + if ($password == '') { return -2; } $con = Propel::getConnection(RbacUsersPeer::DATABASE_NAME); try { $c = new Criteria('rbac'); - $c->add(RbacUsersPeer::USR_USERNAME, $sUsername); + $c->add(RbacUsersPeer::USR_USERNAME, $userName); /* @var $rs RbacUsers[] */ $rs = RbacUsersPeer::doSelect($c, Propel::getDbConnection('rbac_ro')); if (is_array($rs) && isset($rs[0]) && is_object($rs[0]) && get_class($rs[0]) == 'RbacUsers') { - $aFields = $rs[0]->toArray(BasePeer::TYPE_FIELDNAME); + $dataFields = $rs[0]->toArray(BasePeer::TYPE_FIELDNAME); //verify password with md5, and md5 format - if (mb_strtoupper($sUsername, 'utf-8') === mb_strtoupper($aFields['USR_USERNAME'], 'utf-8')) { - if( Bootstrap::verifyHashPassword($sPassword, $rs[0]->getUsrPassword()) ) { - if ($aFields['USR_DUE_DATE'] < date('Y-m-d')) { + if (mb_strtoupper($userName, 'utf-8') === mb_strtoupper($dataFields['USR_USERNAME'], 'utf-8')) { + if (Bootstrap::verifyHashPassword($password, $rs[0]->getUsrPassword())) { + if ($dataFields['USR_DUE_DATE'] < date('Y-m-d')) { return -4; } - if ($aFields['USR_STATUS'] != 1) { + if ($dataFields['USR_STATUS'] != 1 && $dataFields['USR_UID'] !== RBAC::GUEST_USER_UID) { return -3; } - $role = $this->getUserRole($aFields['USR_UID']); + $role = $this->getUserRole($dataFields['USR_UID']); if ($role['ROL_STATUS'] == 0) { return -6; } - return $aFields['USR_UID']; + + return $dataFields['USR_UID']; } else { return -2; } @@ -104,100 +108,134 @@ class RbacUsers extends BaseRbacUsers } else { return -1; } - } catch (Exception $oError) { - throw($oError); + } catch (Exception $error) { + throw($error); } + return -1; } - public function verifyUser($sUsername) + /** + * Verify if the userName exists + * @param string $userName + * @return integer + * @throws Exception + */ + public function verifyUser($userName) { //invalid user - if ($sUsername == '') { + if ($userName == '') { return 0; } $con = Propel::getConnection(RbacUsersPeer::DATABASE_NAME); try { $c = new Criteria('rbac'); - $c->add(RbacUsersPeer::USR_USERNAME, $sUsername); + $c->add(RbacUsersPeer::USR_USERNAME, $userName); $rs = RbacUsersPeer::doSelect($c, Propel::getDbConnection('rbac_ro')); if (is_array($rs) && isset($rs[0]) && is_object($rs[0]) && get_class($rs[0]) == 'RbacUsers') { //return the row for futher check of which Autentificacion method belongs this user $this->fields = $rs[0]->toArray(BasePeer::TYPE_FIELDNAME); - ; + return 1; } else { return 0; } - } catch (Exception $oError) { - throw($oError); + } catch (Exception $error) { + throw($error); } } - public function getByUsername($sUsername) + /** + * Get user info by userName + * @param string $userName + * @return array $dataFields if exist + * false if does not exist + * @throws Exception + */ + public function getByUsername($userName) { //invalid user - if ($sUsername == '') { + if ($userName == '') { return 0; } $con = Propel::getConnection(RbacUsersPeer::DATABASE_NAME); try { $c = new Criteria('rbac'); - $c->add(RbacUsersPeer::USR_USERNAME, $sUsername); + $c->add(RbacUsersPeer::USR_USERNAME, $userName); $rs = RbacUsersPeer::doSelect($c, Propel::getDbConnection('rbac_ro')); if (is_array($rs) && isset($rs[0]) && is_object($rs[0]) && get_class($rs[0]) == 'RbacUsers') { - $aFields = $rs[0]->toArray(BasePeer::TYPE_FIELDNAME); - return $aFields; + $dataFields = $rs[0]->toArray(BasePeer::TYPE_FIELDNAME); + + return $dataFields; } else { return false; } - } catch (Exception $oError) { - throw($oError); + } catch (Exception $error) { + throw($error); } } - public function verifyUserId($sUserId) + /** + * Verify user by Uid + * @param string $userUid + * @return integer + * @throws Exception + */ + public function verifyUserId($userUid) { //invalid user - if ($sUserId == '') { + if ($userUid == '') { return 0; } $con = Propel::getConnection(RbacUsersPeer::DATABASE_NAME); try { $c = new Criteria('rbac'); - $c->add(RbacUsersPeer::USR_UID, $sUserId); + $c->add(RbacUsersPeer::USR_UID, $userUid); $rs = RbacUsersPeer::doSelect($c, Propel::getDbConnection('rbac_ro')); if (is_array($rs) && isset($rs[0]) && is_object($rs[0]) && get_class($rs[0]) == 'RbacUsers') { return 1; } else { return 0; } - } catch (Exception $oError) { - throw($oError); + } catch (Exception $error) { + throw($error); } } - public function load($sUsrUid) + /** + * Load user information by Uid + * @param string $userUid + * @return array $dataFields + * @throws Exception + */ + public function load($userUid) { $con = Propel::getConnection(RbacUsersPeer::DATABASE_NAME); try { $c = new Criteria('rbac'); - $c->add(RbacUsersPeer::USR_UID, $sUsrUid); + $c->add(RbacUsersPeer::USR_UID, $userUid); $resultSet = RbacUsersPeer::doSelectRS($c, Propel::getDbConnection('rbac_ro')); if ($resultSet->next()) { $this->hydrate($resultSet); - $aFields = $this->toArray(BasePeer::TYPE_FIELDNAME); - return $aFields; + $dataFields = $this->toArray(BasePeer::TYPE_FIELDNAME); + + return $dataFields; } + return false; - } catch (Exception $oError) { - throw($oError); + } catch (Exception $error) { + throw($error); } - return $res; } - public function create($aData) + /** + * Create an user + * @param string $infoData + * @return array + * @throws Exception + */ + public function create($infoData) { if (class_exists('ProcessMaker\Plugins\PluginRegistry')) { $pluginRegistry = PluginRegistry::loadSingleton(); @@ -209,116 +247,134 @@ class RbacUsers extends BaseRbacUsers } } } - $oConnection = Propel::getConnection(RbacUsersPeer::DATABASE_NAME); + $connection = Propel::getConnection(RbacUsersPeer::DATABASE_NAME); try { - $oRBACUsers = new RbacUsers(); + $rbacUsers = new RbacUsers(); do { - $aData['USR_UID'] = G::generateUniqueID(); - } while ($oRBACUsers->load($aData['USR_UID'])); - $oRBACUsers->fromArray($aData, BasePeer::TYPE_FIELDNAME); - //if ($oRBACUsers->validate()) { - //$oConnection->begin(); - $iResult = $oRBACUsers->save(); - //$oConnection->commit(); - return $aData['USR_UID']; - /* } - else { - $sMessage = ''; - $aValidationFailures = $oRBACUsers->getValidationFailures(); - foreach($aValidationFailures as $oValidationFailure) { - $sMessage .= $oValidationFailure->getMessage() . '
'; - } - throw(new Exception('The registry cannot be created!
' . $sMessage)); - } */ - } catch (Exception $oError) { - $oConnection->rollback(); - throw($oError); + $infoData['USR_UID'] = G::generateUniqueID(); + } while ($rbacUsers->load($infoData['USR_UID'])); + $rbacUsers->fromArray($infoData, BasePeer::TYPE_FIELDNAME); + $result = $rbacUsers->save(); + + return $infoData['USR_UID']; + } catch (Exception $error) { + $connection->rollback(); + throw($error); } } - public function update($aData) + /** + * Update an user + * @param string $infoData + * @return boolean + * @throws Exception + */ + public function update($infoData) { + if (in_array($infoData['USR_UID'], $this->userUidReserved)) { + throw new Exception(G::LoadTranslation("ID_USER_CAN_NOT_UPDATE", array($infoData['USR_UID']))); + return false; + } $oConnection = Propel::getConnection(RbacUsersPeer::DATABASE_NAME); try { - $this->fromArray($aData, BasePeer::TYPE_FIELDNAME); + $this->fromArray($infoData, BasePeer::TYPE_FIELDNAME); $this->setNew(false); - $iResult = $this->save(); - } catch (Exception $oError) { + $result = $this->save(); + } catch (Exception $error) { $oConnection->rollback(); - throw($oError); + throw($error); } } - public function remove($sUserUID = '') + /** + * Remove an user + * @param string $userUid + * @return void + */ + public function remove($userUid = '') { - $this->setUsrUid($sUserUID); + $this->setUsrUid($userUid); $this->delete(); } - //Added by Qennix at Feb 14th, 2011 - //Gets an associative array with total users by authentication sources + /** + * Gets an associative array with total users by authentication sources + * @return array $listAuth + */ public function getAllUsersByAuthSource() { - $oCriteria = new Criteria('rbac'); - $oCriteria->addSelectColumn(RbacUsersPeer::UID_AUTH_SOURCE); - $oCriteria->addSelectColumn('COUNT(*) AS CNT'); - $oCriteria->add(RbacUsersPeer::USR_STATUS, 'CLOSED', Criteria::NOT_EQUAL); - $oCriteria->addGroupByColumn(RbacUsersPeer::UID_AUTH_SOURCE); - $oDataset = RbacUsersPeer::doSelectRS($oCriteria, Propel::getDbConnection('rbac_ro')); - $oDataset->setFetchmode(ResultSet::FETCHMODE_ASSOC); + $criteria = new Criteria('rbac'); + $criteria->addSelectColumn(RbacUsersPeer::UID_AUTH_SOURCE); + $criteria->addSelectColumn('COUNT(*) AS CNT'); + $criteria->add(RbacUsersPeer::USR_STATUS, 'CLOSED', Criteria::NOT_EQUAL); + $criteria->addGroupByColumn(RbacUsersPeer::UID_AUTH_SOURCE); + $dataset = RbacUsersPeer::doSelectRS($criteria, Propel::getDbConnection('rbac_ro')); + $dataset->setFetchmode(ResultSet::FETCHMODE_ASSOC); - $aAuth = Array(); - while ($oDataset->next()) { - $row = $oDataset->getRow(); - $aAuth[$row['UID_AUTH_SOURCE']] = $row['CNT']; + $listAuth = []; + while ($dataset->next()) { + $row = $dataset->getRow(); + $listAuth[$row['UID_AUTH_SOURCE']] = $row['CNT']; } - return $aAuth; + + return $listAuth; } - //Returns all users with auth_source - public function getListUsersByAuthSource($auth_source) + /** + * Get users list related to an authentication source + * @param string $authSource + * @return array $listUsers, all users with auth_source + */ + public function getListUsersByAuthSource($authSource) { - $oCriteria = new Criteria('rbac'); - $oCriteria->addSelectColumn(RbacUsersPeer::USR_UID); + $criteria = new Criteria('rbac'); + $criteria->addSelectColumn(RbacUsersPeer::USR_UID); - if ($auth_source == '00000000000000000000000000000000') { - $oCriteria->add( - $oCriteria->getNewCriterion(RbacUsersPeer::UID_AUTH_SOURCE, $auth_source, Criteria::EQUAL)->addOr( - $oCriteria->getNewCriterion(RbacUsersPeer::UID_AUTH_SOURCE, '', Criteria::EQUAL) - )); + if ($authSource == '00000000000000000000000000000000') { + $criteria->add( + $criteria->getNewCriterion(RbacUsersPeer::UID_AUTH_SOURCE, $authSource, Criteria::EQUAL)->addOr( + $criteria->getNewCriterion(RbacUsersPeer::UID_AUTH_SOURCE, '', Criteria::EQUAL) + )); } else { - $oCriteria->add(RbacUsersPeer::UID_AUTH_SOURCE, $auth_source, Criteria::EQUAL); + $criteria->add(RbacUsersPeer::UID_AUTH_SOURCE, $authSource, Criteria::EQUAL); } - $oCriteria->add(RbacUsersPeer::USR_STATUS, 0, Criteria::NOT_EQUAL); - $oDataset = RbacUsersPeer::doSelectRS($oCriteria, Propel::getDbConnection('rbac_ro')); - $oDataset->setFetchmode(ResultSet::FETCHMODE_ASSOC); - $aUsers = array(); - while ($oDataset->next()) { - $row = $oDataset->getRow(); - $aUsers[] = $row['USR_UID']; + $criteria->add(RbacUsersPeer::USR_STATUS, 0, Criteria::NOT_EQUAL); + $dataset = RbacUsersPeer::doSelectRS($criteria, Propel::getDbConnection('rbac_ro')); + $dataset->setFetchmode(ResultSet::FETCHMODE_ASSOC); + $listUsers = []; + while ($dataset->next()) { + $row = $dataset->getRow(); + $listUsers[] = $row['USR_UID']; } - return $aUsers; + + return $listUsers; } - public function getUserRole($UsrUid) + /** + * Get the user's role + * @param string $userUid + * @return array $row + * @throws Exception + */ + public function getUserRole($userUid) { $con = Propel::getConnection(UsersRolesPeer::DATABASE_NAME); try { - $c = new Criteria( 'rbac' ); + $c = new Criteria('rbac'); $c->clearSelectColumns(); - $c->addSelectColumn ( RolesPeer::ROL_UID ); - $c->addSelectColumn ( RolesPeer::ROL_CODE ); - $c->addSelectColumn ( RolesPeer::ROL_STATUS ); - $c->addJoin ( UsersRolesPeer::ROL_UID, RolesPeer::ROL_UID ); - $c->add ( UsersRolesPeer::USR_UID, $UsrUid ); - $rs = UsersRolesPeer::doSelectRs( $c , Propel::getDbConnection('rbac_ro')); - $rs->setFetchmode (ResultSet::FETCHMODE_ASSOC); + $c->addSelectColumn(RolesPeer::ROL_UID); + $c->addSelectColumn(RolesPeer::ROL_CODE); + $c->addSelectColumn(RolesPeer::ROL_STATUS); + $c->addJoin(UsersRolesPeer::ROL_UID, RolesPeer::ROL_UID); + $c->add(UsersRolesPeer::USR_UID, $userUid); + $rs = UsersRolesPeer::doSelectRs($c, Propel::getDbConnection('rbac_ro')); + $rs->setFetchmode(ResultSet::FETCHMODE_ASSOC); $rs->next(); $row = $rs->getRow(); + return $row; - } - catch (Exception $oError) { - throw($oError); + } catch (Exception $error) { + throw($error); } } @@ -342,6 +398,7 @@ class RbacUsers extends BaseRbacUsers ); $array = parent::toArray($keyType); unset($array[$key]); + return $array; } } diff --git a/rbac/engine/classes/model/Roles.php b/rbac/engine/classes/model/Roles.php index cc8f0cd33..a05e301ea 100644 --- a/rbac/engine/classes/model/Roles.php +++ b/rbac/engine/classes/model/Roles.php @@ -115,6 +115,7 @@ class Roles extends BaseRoles { $oCriteria->addSelectColumn(RolesPeer::ROL_UPDATE_DATE); $oCriteria->addSelectColumn(RolesPeer::ROL_STATUS); $oCriteria->add(RolesPeer::ROL_UID, '', Criteria::NOT_EQUAL); + $oCriteria->add(RolesPeer::ROL_CODE, RBAC::PROCESSMAKER_GUEST, Criteria::NOT_EQUAL); $oCriteria->add(SystemsPeer::SYS_CODE, $systemCode); $oCriteria->add(RolesPeer::ROL_CREATE_DATE, '', Criteria::NOT_EQUAL); $oCriteria->add(RolesPeer::ROL_UPDATE_DATE, '', Criteria::NOT_EQUAL); @@ -158,7 +159,7 @@ class Roles extends BaseRoles { $oCriteria->addSelectColumn(RolesPeer::ROL_CREATE_DATE); $oCriteria->addSelectColumn(RolesPeer::ROL_UPDATE_DATE); $oCriteria->addSelectColumn(RolesPeer::ROL_STATUS); - $oCriteria->add(RolesPeer::ROL_UID, '', Criteria::NOT_EQUAL); + $oCriteria->add(RolesPeer::ROL_UID, ['', RBAC::PROCESSMAKER_GUEST_UID], Criteria::NOT_IN); $oCriteria->add(SystemsPeer::SYS_CODE, $systemCode); $oCriteria->add(RolesPeer::ROL_CREATE_DATE, '', Criteria::NOT_EQUAL); $oCriteria->add(RolesPeer::ROL_UPDATE_DATE, '', Criteria::NOT_EQUAL); @@ -572,7 +573,7 @@ class Roles extends BaseRoles { $result->setFetchmode(ResultSet::FETCHMODE_ASSOC); $result->next(); - $a = Array(); + $a = [RBAC::PM_GUEST_CASE_UID]; while( $row = $result->getRow() ) { $a[] = $row['PER_UID']; $result->next(); diff --git a/rbac/engine/data/mysql/insert.sql b/rbac/engine/data/mysql/insert.sql index 87f76ab87..a4e23d6dc 100644 --- a/rbac/engine/data/mysql/insert.sql +++ b/rbac/engine/data/mysql/insert.sql @@ -63,13 +63,15 @@ INSERT INTO `RBAC_PERMISSIONS` VALUES ('00000000000000000000000000000062','PM_EDIT_USER_PROFILE_DEFAULT_MAIN_MENU_OPTIONS','2016-07-18 00:00:00','2016-07-18 00:00:00',1,'00000000000000000000000000000002'), ('00000000000000000000000000000063','PM_EDIT_USER_PROFILE_DEFAULT_CASES_MENU_OPTIONS','2016-07-18 00:00:00','2016-07-18 00:00:00',1,'00000000000000000000000000000002'), ('00000000000000000000000000000064','PM_REASSIGNCASE_SUPERVISOR','2016-09-01 00:00:00','2016-09-01 00:00:00',1,'00000000000000000000000000000002'), -('00000000000000000000000000000065','PM_SETUP_CUSTOM_CASES_LIST','2017-03-27 00:00:00','2017-03-27 00:00:00',1,'00000000000000000000000000000002'); +('00000000000000000000000000000065','PM_SETUP_CUSTOM_CASES_LIST','2017-03-27 00:00:00','2017-03-27 00:00:00',1,'00000000000000000000000000000002'), +('00000000000000000000000000000066','PM_GUEST_CASE','2017-03-27 00:00:00','2017-03-27 00:00:00',1,'00000000000000000000000000000002'); INSERT INTO `RBAC_ROLES` VALUES ('00000000000000000000000000000001','','00000000000000000000000000000001','RBAC_ADMIN','2007-07-31 19:10:22','2007-08-03 12:24:36',1), ('00000000000000000000000000000002','','00000000000000000000000000000002','PROCESSMAKER_ADMIN','2007-07-31 19:10:22','2007-08-03 12:24:36',1), ('00000000000000000000000000000003','','00000000000000000000000000000002','PROCESSMAKER_OPERATOR','2007-07-31 19:10:22','2007-08-03 12:24:36',1), -('00000000000000000000000000000004', '', '00000000000000000000000000000002', 'PROCESSMAKER_MANAGER', '2010-03-29 09:14:15', '2010-03-29 09:19:53', 1); +('00000000000000000000000000000004', '', '00000000000000000000000000000002', 'PROCESSMAKER_MANAGER', '2010-03-29 09:14:15', '2010-03-29 09:19:53', 1), +('00000000000000000000000000000005', '', '00000000000000000000000000000002', 'PROCESSMAKER_GUEST', '2009-02-01 12:24:36', '2009-02-01 12:24:36', 1); INSERT INTO `RBAC_ROLES_PERMISSIONS` VALUES @@ -213,8 +215,11 @@ INSERT INTO `RBAC_ROLES_PERMISSIONS` VALUES ('00000000000000000000000000000004','00000000000000000000000000000060'), ('00000000000000000000000000000004','00000000000000000000000000000061'), ('00000000000000000000000000000004','00000000000000000000000000000062'), -('00000000000000000000000000000004','00000000000000000000000000000063'); +('00000000000000000000000000000004','00000000000000000000000000000063'), +('00000000000000000000000000000005','00000000000000000000000000000066'); INSERT INTO `RBAC_SYSTEMS` VALUES ('00000000000000000000000000000001','RBAC','2007-07-31 19:10:22','2007-08-03 12:24:36',1),('00000000000000000000000000000002','PROCESSMAKER','2007-07-31 19:10:22','2007-08-03 12:24:36',1); -INSERT INTO `RBAC_USERS` VALUES ('00000000000000000000000000000001','admin','21232f297a57a5a743894a0e4a801fc3','Administrator','','admin@processmaker.com','2020-01-01','2007-08-03 12:24:36','2008-02-13 07:24:07',1,'MYSQL','00000000000000000000000000000000','',''); -INSERT INTO `RBAC_USERS_ROLES` VALUES ('00000000000000000000000000000001','00000000000000000000000000000002'); +INSERT INTO `RBAC_USERS` VALUES ('00000000000000000000000000000001','admin','21232f297a57a5a743894a0e4a801fc3','Administrator','','admin@processmaker.com','2020-01-01','2007-08-03 12:24:36','2008-02-13 07:24:07',1,'MYSQL','00000000000000000000000000000000','',''), +('00000000000000000000000000000002','guest','674ba9750749d735ec9787d606170d78','Guest','','guest@processmaker.com','2200-01-01','2009-02-01 12:24:36','2009-02-01 12:24:36',0,'MYSQL','00000000000000000000000000000000','',''); +INSERT INTO `RBAC_USERS_ROLES` VALUES ('00000000000000000000000000000001','00000000000000000000000000000002'), +('00000000000000000000000000000002','00000000000000000000000000000005'); diff --git a/workflow/engine/classes/Groups.php b/workflow/engine/classes/Groups.php index 8e721890e..ed257661a 100644 --- a/workflow/engine/classes/Groups.php +++ b/workflow/engine/classes/Groups.php @@ -77,28 +77,38 @@ class Groups /** * Set a user to group * - * @param string $GrpUid, $UsrUid - * @return array + * @param string $grpUid + * @param string $usrUid + * @return boolean + * @throws exception */ - public function addUserToGroup($GrpUid, $UsrUid) + public function addUserToGroup($grpUid, $usrUid) { try { - $oGrp = GroupUserPeer::retrieveByPk($GrpUid, $UsrUid); - if (is_object($oGrp) && get_class($oGrp) == 'GroupUser') { + //Check the usrUid value + if (RBAC::isGuestUserUid($usrUid)) { + throw new Exception(G::LoadTranslation("ID_USER_CAN_NOT_UPDATE", array($usrUid))); + return false; + } + + $groupUser = GroupUserPeer::retrieveByPk($grpUid, $usrUid); + if (is_object($groupUser) && get_class($groupUser) == 'GroupUser') { return true; } else { - $oGrp = new GroupUser(); - $oGrp->setGrpUid($GrpUid); - $oGrp->setUsrUid($UsrUid); - $oGrp->Save(); + $groupUser = new GroupUser(); + $groupUser->setGrpUid($grpUid); + $groupUser->setUsrUid($usrUid); + $groupUser->Save(); - $oGrpwf = new Groupwf(); - $grpName = $oGrpwf->loadByGroupUid($GrpUid); + $groupWf = new Groupwf(); + $grpName = $groupWf->loadByGroupUid($grpUid); - $oUsr = new Users(); - $usrName = $oUsr->load($UsrUid); + $users = new Users(); + $usrName = $users->load($usrUid); - G::auditLog("AssignUserToGroup", "Assign user ". $usrName['USR_USERNAME'] ." (".$UsrUid.") to group ".$grpName['CON_VALUE']." (".$GrpUid.") "); + G::auditLog("AssignUserToGroup", "Assign user ". $usrName['USR_USERNAME'] ." (".$usrUid.") to group ".$grpName['CON_VALUE']." (".$grpUid.") "); + + return true; } } catch (exception $oError) { throw ($oError); @@ -107,13 +117,14 @@ class Groups /** * Remove a user from group - * @param string $GrpUid, $UsrUid + * @param string $grpUid + * @param string $usrUid * @return array */ - public function removeUserOfGroup($GrpUid, $UsrUid) + public function removeUserOfGroup($grpUid, $usrUid) { $gu = new GroupUser(); - $gu->remove($GrpUid, $UsrUid); + $gu->remove($grpUid, $usrUid); } /** diff --git a/workflow/engine/classes/WsBase.php b/workflow/engine/classes/WsBase.php index 6455e8f68..cb5e81af6 100644 --- a/workflow/engine/classes/WsBase.php +++ b/workflow/engine/classes/WsBase.php @@ -72,7 +72,7 @@ class WsBase $RBAC->loadUserRolePermission($RBAC->sSystem, $uid); $res = $RBAC->userCanAccess("PM_LOGIN"); - if ($res != 1) { + if ($res != 1 && $uid !== RBAC::GUEST_USER_UID) { $wsResponse = new WsResponse(2, G::loadTranslation('ID_USER_HAVENT_RIGHTS_SYSTEM')); throw (new Exception(serialize($wsResponse))); } @@ -109,7 +109,7 @@ class WsBase public function processList() { try { - $result = array(); + $result = []; $oCriteria = new Criteria('workflow'); $oCriteria->add(ProcessPeer::PRO_STATUS, 'DISABLED', Criteria::NOT_EQUAL); $oDataset = ProcessPeer::doSelectRS($oCriteria); @@ -142,7 +142,7 @@ class WsBase public function roleList() { try { - $result = array(); + $result = []; $RBAC = & RBAC::getSingleton(); $RBAC->initRBAC(); @@ -195,7 +195,7 @@ class WsBase } $rs = GroupwfPeer::doSelectRS($criteria); $rs->setFetchmode(ResultSet::FETCHMODE_ASSOC); - $result = array(); + $result = []; while ($rs->next()) { $rows = $rs->getRow(); $result[] = array('guid' => $rows['GRP_UID'], 'name' => $rows['GRP_TITLE']); @@ -216,7 +216,7 @@ class WsBase public function departmentList() { try { - $result = array(); + $result = []; $oCriteria = new Criteria('workflow'); $oCriteria->add(DepartmentPeer::DEP_STATUS, 'ACTIVE'); $oDataset = DepartmentPeer::doSelectRS($oCriteria); @@ -283,9 +283,9 @@ class WsBase if ($solrEnabled == 1) { try { - $arrayData = array(); + $arrayData = []; - $delegationIndexes = array(); + $delegationIndexes = []; $columsToInclude = array("APP_UID"); $solrSearchText = null; @@ -323,7 +323,7 @@ class WsBase $solrQueryResult = $searchIndex->getDataTablePaginatedList($solrRequestData); //Get the missing data from database - $arrayApplicationUid = array(); + $arrayApplicationUid = []; foreach ($solrQueryResult->aaData as $i => $data) { $arrayApplicationUid[] = $data["APP_UID"]; @@ -333,7 +333,7 @@ class WsBase foreach ($solrQueryResult->aaData as $i => $data) { //Initialize array - $delIndexes = array(); //Store all the delegation indexes + $delIndexes = []; //Store all the delegation indexes //Complete empty values $applicationUid = $data["APP_UID"]; //APP_UID //Get all the indexes returned by Solr as columns @@ -357,7 +357,7 @@ class WsBase //Get records foreach ($delIndexes as $delIndex) { - $aRow = array(); + $aRow = []; //Copy result values to new row from Solr server $aRow["APP_UID"] = $data["APP_UID"]; @@ -394,7 +394,7 @@ class WsBase return $arrayData; } catch (InvalidIndexSearchTextException $e) { - $arrayData = array(); + $arrayData = []; $arrayData[] = array( "guid" => $e->getMessage(), @@ -407,7 +407,7 @@ class WsBase return $arrayData; } } else { - $arrayData = array(); + $arrayData = []; $criteria = new Criteria("workflow"); @@ -452,7 +452,7 @@ class WsBase return $arrayData; } } catch (Exception $e) { - $arrayData = array(); + $arrayData = []; $arrayData[] = array( "guid" => $e->getMessage(), @@ -475,7 +475,7 @@ class WsBase public function unassignedCaseList($userId) { try { - $result = array(); + $result = []; $oAppCache = new AppCacheView(); $Criteria = $oAppCache->getUnassignedListCriteria($userId); $oDataset = AppCacheViewPeer::doSelectRS($Criteria); @@ -504,30 +504,34 @@ class WsBase } /** - * get all groups + * Get all users * * @param none - * @return $result will return an object + * @return array $result, will return an array + * @throws Exception */ public function userList() { try { - $result = array(); - $oCriteria = new Criteria('workflow'); - $oCriteria->add(UsersPeer::USR_STATUS, 'ACTIVE'); - $oDataset = UsersPeer::doSelectRS($oCriteria); - $oDataset->setFetchmode(ResultSet::FETCHMODE_ASSOC); - $oDataset->next(); + $result = []; + $criteria = new Criteria('workflow'); + $criteria->add(UsersPeer::USR_STATUS, 'ACTIVE'); + $criteria->add(UsersPeer::USR_UID, [RBAC::GUEST_USER_UID], Criteria::NOT_IN); + $dataset = UsersPeer::doSelectRS($criteria); + $dataset->setFetchmode(ResultSet::FETCHMODE_ASSOC); + $dataset->next(); - while ($aRow = $oDataset->getRow()) { - $result[] = array('guid' => $aRow['USR_UID'], 'name' => $aRow['USR_USERNAME']); - $oDataset->next(); + while ($row = $dataset->getRow()) { + $result[] = ['guid' => $row['USR_UID'], 'name' => $row['USR_USERNAME']]; + $dataset->next(); } return $result; } catch (Exception $e) { - $result[] = array('guid' => $e->getMessage(), 'name' => $e->getMessage() - ); + $result[] = [ + 'guid' => $e->getMessage(), + 'name' => $e->getMessage() + ]; return $result; } @@ -542,7 +546,7 @@ class WsBase public function triggerList() { try { - $result = array(); + $result = []; $oCriteria = new Criteria('workflow'); $oCriteria->addSelectColumn(TriggersPeer::TRI_UID); $oCriteria->addSelectColumn(TriggersPeer::PRO_UID); @@ -583,12 +587,12 @@ class WsBase $sTaskUID = ''; $oCriteria = $oCase->getAllUploadedDocumentsCriteria($sProcessUID, $sApplicationUID, $sTaskUID, $sUserUID); - $result = array(); + $result = []; global $_DBArray; foreach ($_DBArray['inputDocuments'] as $key => $row) { if (isset($row['DOC_VERSION'])) { - $docrow = array(); + $docrow = []; $docrow['guid'] = $row['APP_DOC_UID']; $docrow['filename'] = $row['APP_DOC_FILENAME']; $docrow['docId'] = $row['DOC_UID']; @@ -630,7 +634,7 @@ class WsBase $oDataset->setFetchmode(ResultSet::FETCHMODE_ASSOC); $oDataset->next(); - $result = array(); + $result = []; while ($aRow = $oDataset->getRow()) { if ($aRow['INP_DOC_TITLE'] == null) { @@ -641,7 +645,7 @@ class WsBase $aRow['INP_DOC_DESCRIPTION'] = $inputDocumentObj['INP_DOC_DESCRIPTION']; } - $docrow = array(); + $docrow = []; $docrow['guid'] = $aRow['INP_DOC_UID']; $docrow['name'] = $aRow['INP_DOC_TITLE']; $docrow['description'] = $aRow['INP_DOC_DESCRIPTION']; @@ -674,12 +678,12 @@ class WsBase $sTaskUID = ''; $oCriteria = $oCase->getAllGeneratedDocumentsCriteria($sProcessUID, $sApplicationUID, $sTaskUID, $sUserUID); - $result = array(); + $result = []; global $_DBArray; foreach ($_DBArray['outputDocuments'] as $key => $row) { if (isset($row['DOC_VERSION'])) { - $docrow = array(); + $docrow = []; $docrow['guid'] = $row['APP_DOC_UID']; $docrow['filename'] = $row['DOWNLOAD_FILE']; @@ -736,7 +740,7 @@ class WsBase $oGroup = new Groups(); $aGroups = $oGroup->getActiveGroupsForAnUser($userId); - $result = array(); + $result = []; $oCriteria = new Criteria('workflow'); $del = DBAdapter::getStringDelimiter(); $oCriteria->addSelectColumn(TaskPeer::PRO_UID); @@ -787,13 +791,13 @@ class WsBase * @return $result will return an object */ public function sendMessage( - $caseId, $sFrom, $sTo, $sCc, $sBcc, $sSubject, $sTemplate, $appFields = null, $aAttachment = null, $showMessage = true, $delIndex = 0, $config = array(), $gmail = 0 + $caseId, $sFrom, $sTo, $sCc, $sBcc, $sSubject, $sTemplate, $appFields = null, $aAttachment = null, $showMessage = true, $delIndex = 0, $config = [], $gmail = 0 ) { try { /*----------------------------------********---------------------------------*/ if (!empty($config)) { - $arrayConfigAux = array(); + $arrayConfigAux = []; if (is_array($config)) { if (PMLicensedFeatures::getSingleton()->verifyfeature("nKaNTNuT1MzK0RsMEtXTnYzR09ucHF2WGNuS0hRdDBBak42WXJhNVVOOG1INEVoaU1EaTllbjBBeEJNeG9wRVJ6NmxQelhyVTBvdThzPQ==")) { @@ -962,7 +966,7 @@ class WsBase $oDataset = AppDelayPeer::doSelectRS($oCriteria); $oDataset->setFetchmode(ResultSet::FETCHMODE_ASSOC); - $aIndexsPaused = array(); + $aIndexsPaused = []; while ($oDataset->next()) { $data = $oDataset->getRow(); $aIndexsPaused[] = $data['APP_DEL_INDEX']; @@ -993,7 +997,7 @@ class WsBase $oDataset = AppDelegationPeer::doSelectRS($oCriteria); $oDataset->setFetchmode(ResultSet::FETCHMODE_ASSOC); - $aCurrentUsers = array(); + $aCurrentUsers = []; while ($oDataset->next()) { $aAppDel = $oDataset->getRow(); @@ -1114,7 +1118,7 @@ class WsBase $strRole = $role; if ($RBAC->verifyByCode($role) == 0) { - $data = array(); + $data = []; $data["ROLE"] = $role; $result = new WsCreateUserResponse(6, G::loadTranslation("ID_INVALID_ROLE", SYS_LANG, $data), null); @@ -1130,7 +1134,7 @@ class WsBase } if ($RBAC->verifyUser($userName) == 1) { - $data = array(); + $data = []; $data["USER_ID"] = $userName; $result = new WsCreateUserResponse(7, G::loadTranslation("ID_USERNAME_ALREADY_EXISTS", SYS_LANG, $data), null); @@ -1139,7 +1143,7 @@ class WsBase } //Set fields - $arrayData = array(); + $arrayData = []; $arrayData["USR_USERNAME"] = $userName; $arrayData["USR_PASSWORD"] = Bootstrap::hashPassword($password); @@ -1175,7 +1179,7 @@ class WsBase $user->create($arrayData); //Response - $data = array(); + $data = []; $data["FIRSTNAME"] = $firstName; $data["LASTNAME"] = $lastName; $data["USER_ID"] = $userName; @@ -1265,7 +1269,7 @@ class WsBase $strRole = $role; if ($RBAC->verifyByCode($role) == 0) { - $data = array(); + $data = []; $data["ROLE"] = $role; $result = new WsResponse(6, G::LoadTranslation("ID_INVALID_ROLE", SYS_LANG, $data)); @@ -1288,7 +1292,7 @@ class WsBase $rs = UsersPeer::doSelectRS($criteria); if ($rs->next()) { - $data = array(); + $data = []; $data["USER_ID"] = $userName; $result = new WsResponse(7, G::LoadTranslation("ID_USERNAME_ALREADY_EXISTS", SYS_LANG, $data)); @@ -1297,7 +1301,7 @@ class WsBase } //Set fields - $arrayData = array(); + $arrayData = []; $arrayData["USR_UID"] = $userUid; $arrayData["USR_USERNAME"] = $userName; @@ -1695,7 +1699,7 @@ class WsBase $caseFields = $oCase->loadCase($caseId); $oldFields = $caseFields['APP_DATA']; - $resFields = array(); + $resFields = []; foreach ($variables as $key => $val) { $a .= $val->name . ', '; @@ -1763,7 +1767,7 @@ class WsBase $caseFields = $oCase->loadCase($caseId); $oldFields = $caseFields['APP_DATA']; - $resFields = array(); + $resFields = []; foreach ($oldFields as $key => $val) { $node = new stdClass(); @@ -1805,7 +1809,7 @@ class WsBase $_SESSION["TASK"] = $taskId; $_SESSION["USER_LOGGED"] = $userId; - $Fields = array(); + $Fields = []; if (is_array($variables) && count($variables) > 0) { $Fields = $variables; @@ -2105,7 +2109,7 @@ class WsBase * @param bool $bExecuteTriggersBeforeAssignment * @return $result will return an object */ - public function derivateCase($userId, $caseId, $delIndex, $bExecuteTriggersBeforeAssignment = false, $tasks = array()) + public function derivateCase($userId, $caseId, $delIndex, $bExecuteTriggersBeforeAssignment = false, $tasks = []) { $g = new G(); @@ -2119,7 +2123,7 @@ class WsBase //Define variables $sStatus = 'TO_DO'; $varResponse = ''; - $previousAppData = array(); + $previousAppData = []; if ($delIndex == '') { $oCriteria = new Criteria('workflow'); @@ -2165,7 +2169,7 @@ class WsBase } } - $aData = array(); + $aData = []; $aData['APP_UID'] = $caseId; $aData['DEL_INDEX'] = $delIndex; $aData['USER_UID'] = $userId; @@ -2221,7 +2225,7 @@ class WsBase foreach ($derive as $key => $val) { //Routed to the next task, if end process then not exist user - $nodeNext = array(); + $nodeNext = []; $usrasgdUid = null; $usrasgdUserName = null; @@ -2332,7 +2336,7 @@ class WsBase $oDataset = AppDelegationPeer::doSelectRS($oCriteria); $oDataset->setFetchmode(ResultSet::FETCHMODE_ASSOC); - $aCurrentUsers = array(); + $aCurrentUsers = []; while ($oDataset->next()) { $aAppDel = $oDataset->getRow(); @@ -2469,7 +2473,7 @@ class WsBase } //executeTrigger - $aTriggers = array(); + $aTriggers = []; $c = new Criteria(); $c->add(TriggersPeer::TRI_UID, $triggerIndex); $rs = TriggersPeer::doSelectRS($c); @@ -2531,7 +2535,7 @@ class WsBase */ public function taskCase($caseId) { - $result = array(); + $result = []; try { $oCriteria = new Criteria('workflow'); $oCriteria->addSelectColumn(AppDelegationPeer::DEL_INDEX); @@ -2574,7 +2578,7 @@ class WsBase try { $oCase = new Cases(); $rows = $oCase->getStartCases($userId); - $result = array(); + $result = []; foreach ($rows as $key => $val) { if ($key != 0) { @@ -2659,7 +2663,7 @@ class WsBase * ****************( 3 )***************** */ $oCriteria = new Criteria('workflow'); - $aConditions = array(); + $aConditions = []; $oCriteria->add(AppDelegationPeer::APP_UID, $caseId); $oCriteria->add(AppDelegationPeer::USR_UID, $userIdSource); $oCriteria->add(AppDelegationPeer::DEL_INDEX, $delIndex); @@ -2790,10 +2794,10 @@ class WsBase try { $result = new wsGetCaseNotesResponse(0, G::loadTranslation('ID_SUCCESS'), Cases::getCaseNotes($applicationID, 'array', $userUid)); - $var = array(); + $var = []; foreach ($result->notes as $key => $value) { - $var2 = array(); + $var2 = []; foreach ($value as $keys => $values) { $field = strtolower($keys); diff --git a/workflow/engine/classes/model/TaskUser.php b/workflow/engine/classes/model/TaskUser.php index f6fd80923..ccc48d581 100644 --- a/workflow/engine/classes/model/TaskUser.php +++ b/workflow/engine/classes/model/TaskUser.php @@ -1,33 +1,4 @@ . - * - * For more information, contact Colosa Inc, 2566 Le Jeune Rd., - * Coral Gables, FL, 33134, USA, or email info@colosa.com. - * - */ - -//require_once 'classes/model/om/BaseTaskUser.php'; -//require_once 'classes/model/Content.php'; - /** * Skeleton subclass for representing a row from the 'GROUP_USER' table. * @@ -39,42 +10,59 @@ * * @package workflow.engine.classes.model */ + +use ProcessMaker\BusinessModel\WebEntry; class TaskUser extends BaseTaskUser { /** - * Create the application document registry + * Create the new record in the table TaskUser * - * @param array $aData + * @param array $requestData * @return string + * @throws Exception * */ - public function create ($aData) + public function create ($requestData) { - $oConnection = Propel::getConnection( TaskUserPeer::DATABASE_NAME ); + $connection = Propel::getConnection(TaskUserPeer::DATABASE_NAME); try { - $taskUser = TaskUserPeer::retrieveByPK( $aData['TAS_UID'], $aData['USR_UID'], $aData['TU_TYPE'], $aData['TU_RELATION'] ); - - if (is_object( $taskUser )) { - return - 1; + $bmWebEntry = new WebEntry; + //Check the usrUid value + if (RBAC::isGuestUserUid($requestData['USR_UID']) && !$bmWebEntry->isTaskAWebEntry($requestData['TAS_UID'])) { + throw new Exception(G::LoadTranslation("ID_USER_CAN_NOT_UPDATE", array($requestData['USR_UID']))); + return false; } - $oTaskUser = new TaskUser(); - $oTaskUser->fromArray( $aData, BasePeer::TYPE_FIELDNAME ); - if ($oTaskUser->validate()) { - $oConnection->begin(); - $iResult = $oTaskUser->save(); - $oConnection->commit(); - return $iResult; + + $taskUser = TaskUserPeer::retrieveByPK( + $requestData['TAS_UID'], + $requestData['USR_UID'], + $requestData['TU_TYPE'], + $requestData['TU_RELATION'] + ); + + if (is_object($taskUser)) { + return -1; + } + + $taskUser = new TaskUser(); + $taskUser->fromArray($requestData, BasePeer::TYPE_FIELDNAME); + if ($taskUser->validate()) { + $connection->begin(); + $result = $taskUser->save(); + $connection->commit(); + + return $result; } else { - $sMessage = ''; - $aValidationFailures = $oTaskUser->getValidationFailures(); + $message = ''; + $aValidationFailures = $taskUser->getValidationFailures(); foreach ($aValidationFailures as $oValidationFailure) { - $sMessage .= $oValidationFailure->getMessage() . '
'; + $message .= $oValidationFailure->getMessage() . '
'; } - throw (new Exception( 'The registry cannot be created!
' . $sMessage )); + throw (new Exception('The registry cannot be created!
' . $message)); } } catch (Exception $oError) { - $oConnection->rollback(); + $connection->rollback(); throw ($oError); } } diff --git a/workflow/engine/classes/model/Users.php b/workflow/engine/classes/model/Users.php index 5cd394bb6..6cd8ae1cd 100644 --- a/workflow/engine/classes/model/Users.php +++ b/workflow/engine/classes/model/Users.php @@ -281,10 +281,20 @@ class Users extends BaseUsers return $row; } + /** + * Get all information about the user + * @param string $userUid + * @return array $arrayData + * @throws Exception + */ public function getAllInformation ($userUid) { - if (! isset( $userUid ) || $userUid == "") { - throw (new Exception( "$userUid is empty." )); + if (!isset($userUid) || empty($userUid)) { + throw (new Exception('$userUid is empty.')); + } + if (RBAC::isGuestUserUid($userUid)) { + throw new Exception(G::LoadTranslation("ID_USER_CAN_NOT_UPDATE", array($userUid))); + return false; } try { diff --git a/workflow/engine/data/mysql/insert.sql b/workflow/engine/data/mysql/insert.sql index 524d1777b..e51d19fd4 100644 --- a/workflow/engine/data/mysql/insert.sql +++ b/workflow/engine/data/mysql/insert.sql @@ -1,5 +1,6 @@ INSERT INTO USERS (USR_UID,USR_USERNAME,USR_PASSWORD,USR_FIRSTNAME,USR_LASTNAME,USR_EMAIL,USR_DUE_DATE,USR_CREATE_DATE,USR_UPDATE_DATE,USR_STATUS,USR_COUNTRY,USR_CITY,USR_LOCATION,USR_ADDRESS,USR_PHONE,USR_FAX,USR_CELLULAR,USR_ZIP_CODE,DEP_UID,USR_POSITION,USR_RESUME,USR_BIRTHDAY,USR_ROLE,USR_REPORTS_TO,USR_REPLACED_BY ) VALUES -('00000000000000000000000000000001','admin','21232f297a57a5a743894a0e4a801fc3','Administrator',' ', 'admin@processmaker.com','2020-01-01','1999-11-30 00:00:00','2008-05-23 18:36:19','ACTIVE', 'US','FL','MMK','','', '1-305-402-0282','1-305-675-1400','','','Administrator', '','1999-02-25','PROCESSMAKER_ADMIN','',''); +('00000000000000000000000000000001','admin','21232f297a57a5a743894a0e4a801fc3','Administrator',' ', 'admin@processmaker.com','2020-01-01','1999-11-30 00:00:00','2008-05-23 18:36:19','ACTIVE', 'US','FL','MMK','','', '1-305-402-0282','1-305-675-1400','','','Administrator', '','1999-02-25','PROCESSMAKER_ADMIN','',''), +('00000000000000000000000000000002','guest','674ba9750749d735ec9787d606170d78','Guest',' ', 'guest@processmaker.com','2200-01-01','2009-02-01 12:24:36','2009-02-01 12:24:36','INACTIVE', 'US','FL','MMK','','', '1-305-402-0282','1-305-675-1400','','','Guest', '','2009-02-01','PROCESSMAKER_GUEST','',''); INSERT INTO CONTENT (CON_CATEGORY,CON_PARENT,CON_ID,CON_LANG,CON_VALUE) VALUES ('ROL_NAME','','00000000000000000000000000000002','en','System Administrator'), diff --git a/workflow/engine/methods/cases/casesList_Ajax.php b/workflow/engine/methods/cases/casesList_Ajax.php index 303d521a4..1eb7234fb 100644 --- a/workflow/engine/methods/cases/casesList_Ajax.php +++ b/workflow/engine/methods/cases/casesList_Ajax.php @@ -64,6 +64,7 @@ if ($actionAjax == "userValues") { $cUsers->addSelectColumn(UsersPeer::USR_ID); break; } + $cUsers->add(UsersPeer::USR_UID, [RBAC::GUEST_USER_UID], Criteria::NOT_IN); $cUsers->add(UsersPeer::USR_STATUS, 'CLOSED', Criteria::NOT_EQUAL); if (!is_null($query)) { $filters = $cUsers->getNewCriterion(UsersPeer::USR_FIRSTNAME, '%' . $query . '%', Criteria::LIKE)->addOr( diff --git a/workflow/engine/methods/cases/main.php b/workflow/engine/methods/cases/main.php index 6ba9c640f..1df695d55 100644 --- a/workflow/engine/methods/cases/main.php +++ b/workflow/engine/methods/cases/main.php @@ -1,38 +1,16 @@ . - * - * For more information, contact Colosa Inc, 2566 Le Jeune Rd., - * Coral Gables, FL, 33134, USA, or email info@colosa.com. - */ - -$RBAC->requirePermissions( 'PM_CASES' ); +$RBAC->requirePermissions('PM_CASES/strict'); $G_MAIN_MENU = 'processmaker'; $G_ID_MENU_SELECTED = 'CASES'; -$_POST['qs'] = isset( $_SERVER['QUERY_STRING'] ) && $_SERVER['QUERY_STRING'] != '' ? '?' . $_SERVER['QUERY_STRING'] : ''; +$_POST['qs'] = isset($_SERVER['QUERY_STRING']) + && $_SERVER['QUERY_STRING'] != '' ? '?' . $_SERVER['QUERY_STRING'] : ''; $G_PUBLISH = new Publisher(); -$G_PUBLISH->AddContent( 'view', 'cases/cases_Load' ); +$G_PUBLISH->AddContent('view', 'cases/cases_Load'); $oHeadPublisher = & headPublisher::getSingleton(); $oHeadPublisher->addScriptFile('/jscore/src/PM.js'); $oHeadPublisher->addScriptFile('/jscore/src/Sessions.js'); -G::RenderPage( 'publish' ); +G::RenderPage('publish'); diff --git a/workflow/engine/methods/groups/groups_Ajax.php b/workflow/engine/methods/groups/groups_Ajax.php index 4721bd8e9..0ed7df35b 100644 --- a/workflow/engine/methods/groups/groups_Ajax.php +++ b/workflow/engine/methods/groups/groups_Ajax.php @@ -252,7 +252,8 @@ switch ($_POST['action']) { $subQuery = "SELECT " . GroupUserPeer::USR_UID . " FROM " . GroupUserPeer::TABLE_NAME . " WHERE " . GroupUserPeer::GRP_UID . " = '" . - $inputFilter->quoteSmart($_REQUEST['gUID'], Propel::getConnection("workflow")) . "'"; + $inputFilter->quoteSmart($_REQUEST['gUID'], Propel::getConnection("workflow")) . "'\n" . + "UNION SELECT '" . RBAC::GUEST_USER_UID . "'"; $aUsers = Array (); $oCriteria = new Criteria( 'workflow' ); diff --git a/workflow/engine/methods/login/authentication.php b/workflow/engine/methods/login/authentication.php index d6abdd619..906825422 100644 --- a/workflow/engine/methods/login/authentication.php +++ b/workflow/engine/methods/login/authentication.php @@ -293,7 +293,7 @@ try { // Assign the uid of user to userloggedobj $RBAC->loadUserRolePermission($RBAC->sSystem, $uid); - $res = $RBAC->userCanAccess('PM_LOGIN'); + $res = $RBAC->userCanAccess('PM_LOGIN/strict'); if ($res != 1 ) { if ($res == -2) { G::SendTemporalMessage ('ID_USER_HAVENT_RIGHTS_SYSTEM', "error"); diff --git a/workflow/engine/methods/services/soap2.php b/workflow/engine/methods/services/soap2.php index 45520398d..80c645310 100644 --- a/workflow/engine/methods/services/soap2.php +++ b/workflow/engine/methods/services/soap2.php @@ -981,14 +981,7 @@ function ifPermission($sessionId, $permission) $oRBAC = RBAC::getSingleton(); $oRBAC->loadUserRolePermission($oRBAC->sSystem, $user['USR_UID']); - $aPermissions = $oRBAC->aUserInfo[$oRBAC->sSystem]['PERMISSIONS']; - $sw = 0; - - foreach ($aPermissions as $aPermission) { - if ($aPermission['PER_CODE'] == $permission) { - $sw = 1; - } - } + $sw = $oRBAC->userCanAccess($permission) === 1 ? 1 : 0; return $sw; } diff --git a/workflow/engine/methods/services/webentry/anonymousLogin.php b/workflow/engine/methods/services/webentry/anonymousLogin.php index 208cee429..0b228c7a7 100644 --- a/workflow/engine/methods/services/webentry/anonymousLogin.php +++ b/workflow/engine/methods/services/webentry/anonymousLogin.php @@ -8,33 +8,33 @@ global $RBAC; G::LoadClass('pmFunctions'); try { if (empty($_REQUEST['we_uid'])) { - throw new \Exception('Missing required field "we_uid"'); + throw new Exception('Missing required field "we_uid"'); } $weUid = $_REQUEST['we_uid']; - $webEntry = \WebEntryPeer::retrieveByPK($weUid); + $webEntry = WebEntryPeer::retrieveByPK($weUid); if (empty($webEntry)) { - throw new \Exception('Undefined WebEntry'); + throw new Exception('Undefined WebEntry'); } $userUid = $webEntry->getUsrUid(); - $userInfo = PMFInformationUser($userUid); + $userInfo = UsersPeer::retrieveByPK($userUid); if (empty($userInfo)) { - throw new \Exception('WebEntry User not found'); + throw new Exception('WebEntry User not found'); } - initUserSession($userUid, $userInfo['username']); + initUserSession($userUid, $userInfo->getUsrUsername()); $result = [ - 'user_logged' => $userUid, - 'userName' => $userInfo['username'], - 'firstName' => $userInfo['firstname'], - 'lastName' => $userInfo['lastname'], - 'mail' => $userInfo['mail'], + 'user_logged' => $userUid, + 'userName' => $userInfo->getUsrUsername(), + 'firstName' => $userInfo->getUsrFirstName(), + 'lastName' => $userInfo->getUsrLastName(), + 'mail' => $userInfo->getUsrEmail(), 'image' => '../users/users_ViewPhoto?t='.microtime(true), ]; -} catch (\Exception $e) { +} catch (Exception $e) { $result = [ 'error' => $e->getMessage(), ]; diff --git a/workflow/engine/methods/strategicDashboard/main.php b/workflow/engine/methods/strategicDashboard/main.php index e239d2420..9608e48be 100644 --- a/workflow/engine/methods/strategicDashboard/main.php +++ b/workflow/engine/methods/strategicDashboard/main.php @@ -1,31 +1,9 @@ . - * - * For more information, contact Colosa Inc, 2566 Le Jeune Rd., - * Coral Gables, FL, 33134, USA, or email info@colosa.com. - */ - +$RBAC->requirePermissions('PM_DASHBOARD'); $licensedFeatures = & PMLicensedFeatures::getSingleton(); if (!$licensedFeatures->verifyfeature('r19Vm5DK1UrT09MenlLYjZxejlhNUZ1b1NhV0JHWjBsZEJ6dnpJa3dTeWVLVT0=')) { - G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_PAGE', 'error', 'labels' ); - G::header( 'location: ../login/login' ); + G::SendTemporalMessage('ID_USER_HAVENT_RIGHTS_PAGE', 'error', 'labels'); + G::header('location: ../login/login'); die; } @@ -33,10 +11,10 @@ $G_MAIN_MENU = 'processmaker'; $G_ID_MENU_SELECTED = 'DASHBOARD+'; $G_PUBLISH = new Publisher(); -$G_PUBLISH->AddContent( 'view', 'strategicDashboard/load' ); +$G_PUBLISH->AddContent('view', 'strategicDashboard/load'); $oHeadPublisher = & headPublisher::getSingleton(); $oHeadPublisher->addScriptFile('/jscore/src/PM.js'); $oHeadPublisher->addScriptFile('/jscore/src/Sessions.js'); -G::RenderPage( 'publish' ); +G::RenderPage('publish'); diff --git a/workflow/engine/methods/users/usersEdit.php b/workflow/engine/methods/users/usersEdit.php index 4148507e2..badb3fa5e 100644 --- a/workflow/engine/methods/users/usersEdit.php +++ b/workflow/engine/methods/users/usersEdit.php @@ -1,4 +1,11 @@ getWebEntryRelatedToUser($userUid); } + //check user guest + if (RBAC::isGuestUserUid($userUid)) { + $total++; + } + $response = '{success: true, candelete: '; $response .= ($total > 0) ? 'false' : 'true'; $response .= ', hashistory: '; diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Department.php b/workflow/engine/src/ProcessMaker/BusinessModel/Department.php index 080de4542..bdff87b7a 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Department.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Department.php @@ -1,14 +1,20 @@ - * @copyright Colosa - Bolivia - */ class Department { /** @@ -16,27 +22,26 @@ class Department * * @param string $departmentTitle Title * @param string $departmentUidExclude Unique id of Department to exclude - * - * return bool Return true if exists the title of a Department, false otherwise + * @return bool Return true if exists the title of a Department, false otherwise */ public function existsTitle($departmentTitle, $departmentUidExclude = "") { try { - $criteria = new \Criteria("workflow"); + $criteria = new Criteria("workflow"); - $criteria->addSelectColumn(\DepartmentPeer::DEP_UID); - $criteria->addSelectColumn(\DepartmentPeer::DEP_TITLE); + $criteria->addSelectColumn(DepartmentPeer::DEP_UID); + $criteria->addSelectColumn(DepartmentPeer::DEP_TITLE); if ($departmentUidExclude != "") { - $criteria->add(\DepartmentPeer::DEP_UID, $departmentUidExclude, \Criteria::NOT_EQUAL); + $criteria->add(DepartmentPeer::DEP_UID, $departmentUidExclude, Criteria::NOT_EQUAL); } - $criteria->add(\DepartmentPeer::DEP_TITLE, $departmentTitle, \Criteria::EQUAL); + $criteria->add(DepartmentPeer::DEP_TITLE, $departmentTitle, Criteria::EQUAL); - $rsCriteria = \DepartmentPeer::doSelectRS($criteria); + $rsCriteria = DepartmentPeer::doSelectRS($criteria); return ($rsCriteria->next())? true : false; - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -46,18 +51,17 @@ class Department * * @param string $departmentUid * @param string $userUid - * - * return void Throw exception user not exists + * @return void Throw exception user not exists */ private function throwExceptionUserNotExistsInDepartment($departmentUid, $userUid) { try { - $user = \UsersPeer::retrieveByPK($userUid); + $user = UsersPeer::retrieveByPK($userUid); if (is_null($user) || $user->getDepUid() != $departmentUid) { - throw new \Exception(\G::LoadTranslation('ID_USER_NOT_EXIST_DEPARTMENT', [$userUid])); + throw new Exception(G::LoadTranslation('ID_USER_NOT_EXIST_DEPARTMENT', [$userUid])); } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -68,16 +72,15 @@ class Department * @param string $departmentTitle Title * @param string $fieldNameForException Field name for the exception * @param string $departmentUidExclude Unique id of Department to exclude - * - * return void Throw exception if exists the title of a Department + * @return void Throw exception if exists the title of a Department */ public function throwExceptionIfExistsTitle($departmentTitle, $fieldNameForException, $departmentUidExclude = "") { try { if ($this->existsTitle($departmentTitle, $departmentUidExclude)) { - throw new \Exception(\G::LoadTranslation("ID_DEPARTMENT_TITLE_ALREADY_EXISTS", array($fieldNameForException, $departmentTitle))); + throw new Exception(G::LoadTranslation("ID_DEPARTMENT_TITLE_ALREADY_EXISTS", array($fieldNameForException, $departmentTitle))); } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -89,7 +92,6 @@ class Department * @param array $arrayVariableNameForException Variable name for exception * @param bool $throwException Flag to throw the exception if the main parameters are invalid or do not exist * (TRUE: throw the exception; FALSE: returns FALSE) - * * @return array Returns an array with Department record, ThrowTheException/FALSE otherwise */ public function getDepartmentRecordByPk( @@ -98,11 +100,11 @@ class Department $throwException = true ) { try { - $obj = \DepartmentPeer::retrieveByPK($departmentUid); + $obj = DepartmentPeer::retrieveByPK($departmentUid); if (is_null($obj)) { if ($throwException) { - throw new \Exception(\G::LoadTranslation( + throw new Exception(G::LoadTranslation( 'ID_DEPARTMENT_NOT_EXIST', [$arrayVariableNameForException['$departmentUid'], $departmentUid] )); } else { @@ -111,8 +113,8 @@ class Department } //Return - return $obj->toArray(\BasePeer::TYPE_FIELDNAME); - } catch (\Exception $e) { + return $obj->toArray(BasePeer::TYPE_FIELDNAME); + } catch (Exception $e) { throw $e; } } @@ -121,14 +123,11 @@ class Department * Get list for Departments * * @access public - * @author Brayan Pereyra (Cochalo) - * @copyright Colosa - Bolivia - * * @return array */ public function getDepartments() { - $oDepartment = new \Department(); + $oDepartment = new DepartmentModel(); $aDepts = $oDepartment->getDepartments(''); foreach ($aDepts as &$depData) { $depData['DEP_CHILDREN'] = $this->getChildren($depData); @@ -142,15 +141,14 @@ class Department * * @param string $departmentUid Unique id of Department * @param array $arrayData Data - * * return array Return data of the User assigned to Department */ public function assignUser($departmentUid, array $arrayData) { try { //Verify data - $process = new \ProcessMaker\BusinessModel\Process(); - $validator = new \ProcessMaker\BusinessModel\Validator(); + $process = new Process(); + $validator = new Validator(); $validator->throwExceptionIfDataIsNotArray($arrayData, "\$arrayData"); $validator->throwExceptionIfDataIsEmpty($arrayData, "\$arrayData"); @@ -172,14 +170,14 @@ class Department ); //Verify data - $departmentUid = \ProcessMaker\BusinessModel\Validator::depUid($departmentUid); + $departmentUid = Validator::depUid($departmentUid); $process->throwExceptionIfDataNotMetFieldDefinition($arrayData, $arrayUserFieldDefinition, $arrayUserFieldNameForException, true); $process->throwExceptionIfNotExistsUser($arrayData["USR_UID"], $arrayUserFieldNameForException["userUid"]); //Assign User - $department = new \Department(); + $department = new DepartmentModel(); $department->load($departmentUid); @@ -192,7 +190,7 @@ class Department $arrayData = array_change_key_case($arrayData, CASE_LOWER); return $arrayData; - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -201,9 +199,6 @@ class Department * Post Unassign User * * @access public - * @author Brayan Pereyra (Cochalo) - * @copyright Colosa - Bolivia - * * @return void */ public function unassignUser($dep_uid, $usr_uid) @@ -213,7 +208,7 @@ class Department $this->throwExceptionUserNotExistsInDepartment($dep_uid, $usr_uid); - $dep = new \Department(); + $dep = new DepartmentModel(); $dep->load( $dep_uid ); $manager = $dep->getDepManager(); $dep->removeUserFromDepartment( $dep_uid, $usr_uid ); @@ -229,7 +224,6 @@ class Department * Get custom record * * @param array $record Record - * * @return array Return an array with custom record */ private function __getUserCustomRecordFromRecord(array $record) @@ -248,7 +242,7 @@ class Department } return $recordc; - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -266,7 +260,6 @@ class Department * @param bool $flagRecord Flag that set the "getting" of record * @param bool $throwException Flag to throw the exception (This only if the parameters are invalid) * (TRUE: throw the exception; FALSE: returns FALSE) - * * @return array Return an array with all Users of a Department, ThrowTheException/FALSE otherwise */ public function getUsers( @@ -288,14 +281,14 @@ class Department //Verify data and Set variables $flagFilter = !is_null($arrayFilterData) && is_array($arrayFilterData) && isset($arrayFilterData['filter']); - $result = \ProcessMaker\BusinessModel\Validator::validatePagerDataByPagerDefinition( + $result = Validator::validatePagerDataByPagerDefinition( ['$start' => $start, '$limit' => $limit], ['$start' => '$start', '$limit' => '$limit'] ); if ($result !== true) { if ($throwException) { - throw new \Exception($result); + throw new Exception($result); } else { return false; } @@ -336,22 +329,23 @@ class Department } //Query - $criteria = new \Criteria('workflow'); + $criteria = new Criteria('workflow'); - $criteria->addSelectColumn(\UsersPeer::USR_UID); - $criteria->addSelectColumn(\UsersPeer::USR_USERNAME); - $criteria->addSelectColumn(\UsersPeer::USR_FIRSTNAME); - $criteria->addSelectColumn(\UsersPeer::USR_LASTNAME); - $criteria->addSelectColumn(\UsersPeer::USR_STATUS); + $criteria->addSelectColumn(UsersPeer::USR_UID); + $criteria->addSelectColumn(UsersPeer::USR_USERNAME); + $criteria->addSelectColumn(UsersPeer::USR_FIRSTNAME); + $criteria->addSelectColumn(UsersPeer::USR_LASTNAME); + $criteria->addSelectColumn(UsersPeer::USR_STATUS); - $criteria->add(\UsersPeer::USR_STATUS, 'CLOSED', \Criteria::NOT_EQUAL); + $criteria->add(UsersPeer::USR_STATUS, 'CLOSED', Criteria::NOT_EQUAL); switch ($option) { case 'ASSIGNED': - $criteria->add(\UsersPeer::DEP_UID, $departmentUid, \Criteria::EQUAL); + $criteria->add(UsersPeer::DEP_UID, $departmentUid, Criteria::EQUAL); break; case 'AVAILABLE': - $criteria->add(\UsersPeer::DEP_UID, '', \Criteria::EQUAL); + $criteria->add(UsersPeer::DEP_UID, '', Criteria::EQUAL); + $criteria->add(UsersPeer::USR_UID, RBAC::GUEST_USER_UID, Criteria::NOT_EQUAL); break; } @@ -367,24 +361,24 @@ class Department ]; $criteria->add( - $criteria->getNewCriterion(\UsersPeer::USR_USERNAME, $search, \Criteria::LIKE)->addOr( - $criteria->getNewCriterion(\UsersPeer::USR_FIRSTNAME, $search, \Criteria::LIKE)->addOr( - $criteria->getNewCriterion(\UsersPeer::USR_LASTNAME, $search, \Criteria::LIKE))) + $criteria->getNewCriterion(UsersPeer::USR_USERNAME, $search, Criteria::LIKE)->addOr( + $criteria->getNewCriterion(UsersPeer::USR_FIRSTNAME, $search, Criteria::LIKE)->addOr( + $criteria->getNewCriterion(UsersPeer::USR_LASTNAME, $search, Criteria::LIKE))) ); } //Number records total - $numRecTotal = \UsersPeer::doCount($criteria); + $numRecTotal = UsersPeer::doCount($criteria); //Query - $conf = new \Configurations(); - $sortFieldDefault = \UsersPeer::TABLE_NAME . '.' . $conf->userNameFormatGetFirstFieldByUsersTable(); + $conf = new Configurations(); + $sortFieldDefault = UsersPeer::TABLE_NAME . '.' . $conf->userNameFormatGetFirstFieldByUsersTable(); if (!is_null($sortField) && trim($sortField) != '') { $sortField = strtoupper($sortField); - if (in_array(\UsersPeer::TABLE_NAME . '.' . $sortField, $criteria->getSelectColumns())) { - $sortField = \UsersPeer::TABLE_NAME . '.' . $sortField; + if (in_array(UsersPeer::TABLE_NAME . '.' . $sortField, $criteria->getSelectColumns())) { + $sortField = UsersPeer::TABLE_NAME . '.' . $sortField; } else { $sortField = $sortFieldDefault; } @@ -406,8 +400,8 @@ class Department $criteria->setLimit((int)($limit)); } - $rsCriteria = \UsersPeer::doSelectRS($criteria); - $rsCriteria->setFetchmode(\ResultSet::FETCHMODE_ASSOC); + $rsCriteria = UsersPeer::doSelectRS($criteria); + $rsCriteria->setFetchmode(ResultSet::FETCHMODE_ASSOC); while ($rsCriteria->next()) { $record = $rsCriteria->getRow(); @@ -431,7 +425,7 @@ class Department $filterName => ($flagFilter)? $arrayFilterData['filter'] : '', 'data' => $arrayUser ]; - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -440,9 +434,6 @@ class Department * Put Set Manager User * * @access public - * @author Brayan Pereyra (Cochalo) - * @copyright Colosa - Bolivia - * * @return void */ public function setManagerUser($dep_uid, $usr_uid) @@ -450,23 +441,23 @@ class Department $dep_uid = Validator::depUid($dep_uid); $usr_uid = Validator::usrUid($usr_uid); - $oCriteria = new \Criteria( 'workflow' ); + $oCriteria = new Criteria( 'workflow' ); $oCriteria->addSelectColumn( DepartmentPeer::DEP_UID ); - $oCriteria->add( DepartmentPeer::DEP_MANAGER, $usr_uid, \Criteria::EQUAL ); + $oCriteria->add( DepartmentPeer::DEP_MANAGER, $usr_uid, Criteria::EQUAL ); $oDataset = DepartmentPeer::doSelectRS( $oCriteria ); - $oDataset->setFetchmode( \ResultSet::FETCHMODE_ASSOC ); + $oDataset->setFetchmode( ResultSet::FETCHMODE_ASSOC ); if ($oDataset->next()) { - throw (new \Exception(\G::LoadTranslation("ID_DEPARTMENT_MANAGER_EXIST", array('usr_uid',$usr_uid)))); + throw (new Exception(G::LoadTranslation("ID_DEPARTMENT_MANAGER_EXIST", array('usr_uid',$usr_uid)))); } $editDepartment['DEP_UID'] = $dep_uid; $editDepartment['DEP_MANAGER'] = $usr_uid; - $oDept = new \Department(); + $oDept = new DepartmentModel(); $oDept->update( $editDepartment ); $oDept->updateDepartmentManager( $dep_uid ); - $oDept = new \Department(); + $oDept = new DepartmentModel(); $oDept->Load($dep_uid); $oDept->addUserToDepartment($dep_uid, $usr_uid, ($oDept->getDepManager() == "")? true : false, false); $oDept->updateDepartmentManager($dep_uid); @@ -474,22 +465,19 @@ class Department /** * Get list for Departments + * * @var string $dep_uid. Uid for Department - * * @access public - * @author Brayan Pereyra (Cochalo) - * @copyright Colosa - Bolivia - * * @return array */ public function getDepartment($dep_uid) { $dep_uid = Validator::depUid($dep_uid); - $criteria = new \Criteria( 'workflow' ); - $criteria->add( DepartmentPeer::DEP_UID, $dep_uid, \Criteria::EQUAL ); - $con = \Propel::getConnection( DepartmentPeer::DATABASE_NAME ); + $criteria = new Criteria( 'workflow' ); + $criteria->add( DepartmentPeer::DEP_UID, $dep_uid, Criteria::EQUAL ); + $con = Propel::getConnection( DepartmentPeer::DATABASE_NAME ); $objects = DepartmentPeer::doSelect( $criteria, $con ); - $oUsers = new \Users(); + $oUsers = new Users(); $node = array (); foreach ($objects as $oDepartment) { @@ -513,14 +501,14 @@ class Department $node['DEP_MANAGER_LASTNAME'] = ''; } - $criteria = new \Criteria(); - $criteria->add(UsersPeer::DEP_UID, $dep_uid, \Criteria::EQUAL ); + $criteria = new Criteria(); + $criteria->add(UsersPeer::DEP_UID, $dep_uid, Criteria::EQUAL ); $node['DEP_MEMBERS'] = UsersPeer::doCount($criteria); - $criteriaCount = new \Criteria( 'workflow' ); + $criteriaCount = new Criteria( 'workflow' ); $criteriaCount->clearSelectColumns(); $criteriaCount->addSelectColumn( 'COUNT(*)' ); - $criteriaCount->add( DepartmentPeer::DEP_PARENT, $oDepartment->getDepUid(), \Criteria::EQUAL ); + $criteriaCount->add( DepartmentPeer::DEP_PARENT, $oDepartment->getDepUid(), Criteria::EQUAL ); $rs = DepartmentPeer::doSelectRS( $criteriaCount ); $rs->next(); $row = $rs->getRow(); @@ -532,13 +520,10 @@ class Department /** * Save Department + * * @var string $dep_data. Data for Process * @var string $create. Flag for create or update - * * @access public - * @author Brayan Pereyra (Cochalo) - * @copyright Colosa - Bolivia - * * @return array */ public function saveDepartment($dep_data, $create = true) @@ -553,7 +538,7 @@ class Department unset($dep_data["DEP_UID"]); } - $oDepartment = new \Department(); + $oDepartment = new DepartmentModel(); if (isset($dep_data['DEP_UID']) && $dep_data['DEP_UID'] != '') { Validator::depUid($dep_data['DEP_UID']); } @@ -580,7 +565,7 @@ class Department if (isset($dep_data['DEP_TITLE'])) { $this->throwExceptionIfExistsTitle($dep_data["DEP_TITLE"], strtolower("DEP_TITLE")); } else { - throw (new \Exception(\G::LoadTranslation("ID_FIELD_REQUIRED", array('dep_title')))); + throw (new Exception(G::LoadTranslation("ID_FIELD_REQUIRED", array('dep_title')))); } $dep_uid = $oDepartment->create($dep_data); @@ -594,41 +579,35 @@ class Department * @var string $dep_uid. Uid for department * * @access public - * @author Brayan Pereyra (Cochalo) - * @copyright Colosa - Bolivia - * * @return array */ public function deleteDepartment($dep_uid) { $dep_uid = Validator::depUid($dep_uid); - $oDepartment = new \Department(); + $oDepartment = new DepartmentModel(); $countUsers = $oDepartment->cantUsersInDepartment($dep_uid); if ($countUsers != 0) { - throw (new \Exception(\G::LoadTranslation("ID_CANT_DELETE_DEPARTMENT_HAS_USERS"))); + throw (new Exception(G::LoadTranslation("ID_CANT_DELETE_DEPARTMENT_HAS_USERS"))); } $dep_data = $this->getDepartment($dep_uid); if ($dep_data['has_children'] != 0) { - throw (new \Exception(\G::LoadTranslation("ID_CANT_DELETE_DEPARTMENT_HAS_CHILDREN"))); + throw (new Exception(G::LoadTranslation("ID_CANT_DELETE_DEPARTMENT_HAS_CHILDREN"))); } $oDepartment->remove($dep_uid); } /** * Look for Children for department + * * @var array $dataDep. Data for child department - * * @access public - * @author Brayan Pereyra (Cochalo) - * @copyright Colosa - Bolivia - * * @return array */ protected function getChildren ($dataDep) { $children = array(); if ((int)$dataDep['HAS_CHILDREN'] > 0) { - $oDepartment = new \Department(); + $oDepartment = new DepartmentModel(); $aDepts = $oDepartment->getDepartments($dataDep['DEP_UID']); foreach ($aDepts as &$depData) { $depData['DEP_CHILDREN'] = $this->getChildren($depData); @@ -639,4 +618,3 @@ class Department return $children; } } - diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Role/User.php b/workflow/engine/src/ProcessMaker/BusinessModel/Role/User.php index 0825c16f5..e15d4289a 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Role/User.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Role/User.php @@ -1,6 +1,19 @@ arrayFieldDefinition as $key => $value) { $this->arrayFieldNameForException[$value["fieldNameAux"]] = $key; } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -36,8 +49,7 @@ class User * Set the format of the fields name (uppercase, lowercase) * * @param bool $flag Value that set the format - * - * return void + * @return void */ public function setFormatFieldNameInUppercase($flag) { @@ -45,7 +57,7 @@ class User $this->formatFieldNameInUppercase = $flag; $this->setArrayFieldNameForException($this->arrayFieldNameForException); - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -54,8 +66,7 @@ class User * Set exception messages for fields * * @param array $arrayData Data with the fields - * - * return void + * @return void */ public function setArrayFieldNameForException(array $arrayData) { @@ -63,7 +74,7 @@ class User foreach ($arrayData as $key => $value) { $this->arrayFieldNameForException[$key] = $this->getFieldNameByFormatFieldName($value); } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -72,14 +83,13 @@ class User * Get the name of the field according to the format * * @param string $fieldName Field name - * - * return string Return the field name according the format + * @return string Return the field name according the format */ public function getFieldNameByFormatFieldName($fieldName) { try { return ($this->formatFieldNameInUppercase)? strtoupper($fieldName) : strtolower($fieldName); - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -90,18 +100,17 @@ class User * @param string $roleUid Unique id of Role * @param string $userUid Unique id of User * @param string $fieldNameForException Field name for the exception - * - * return void Throw exception if it's assigned the User to Role + * @return void Throw exception if it's assigned the User to Role */ public function throwExceptionIfItsAssignedUserToRole($roleUid, $userUid, $fieldNameForException) { try { - $obj = \UsersRolesPeer::retrieveByPK($userUid, $roleUid); + $obj = UsersRolesPeer::retrieveByPK($userUid, $roleUid); if (!is_null($obj)) { - throw new \Exception(\G::LoadTranslation("ID_ROLE_USER_IS_ALREADY_ASSIGNED", array($fieldNameForException, $userUid))); + throw new Exception(G::LoadTranslation("ID_ROLE_USER_IS_ALREADY_ASSIGNED", array($fieldNameForException, $userUid))); } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -112,18 +121,17 @@ class User * @param string $roleUid Unique id of Role * @param string $userUid Unique id of User * @param string $fieldNameForException Field name for the exception - * - * return void Throw exception if not it's assigned the User to Role + * @return void Throw exception if not it's assigned the User to Role */ public function throwExceptionIfNotItsAssignedUserToRole($roleUid, $userUid, $fieldNameForException) { try { - $obj = \UsersRolesPeer::retrieveByPK($userUid, $roleUid); + $obj = UsersRolesPeer::retrieveByPK($userUid, $roleUid); if (is_null($obj)) { - throw new \Exception(\G::LoadTranslation("ID_ROLE_USER_IS_NOT_ASSIGNED", array($fieldNameForException, $userUid))); + throw new Exception(G::LoadTranslation("ID_ROLE_USER_IS_NOT_ASSIGNED", array($fieldNameForException, $userUid))); } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -133,15 +141,14 @@ class User * * @param string $roleUid Unique id of Role * @param array $arrayData Data - * - * return array Return data of the User assigned to Role + * @return array Return data of the User assigned to Role */ public function create($roleUid, array $arrayData) { try { //Verify data - $process = new \ProcessMaker\BusinessModel\Process(); - $validator = new \ProcessMaker\BusinessModel\Validator(); + $process = new Process(); + $validator = new Validator(); $validator->throwExceptionIfDataIsEmpty($arrayData, "\$arrayData"); @@ -151,7 +158,7 @@ class User unset($arrayData["ROL_UID"]); //Verify data - $role = new \ProcessMaker\BusinessModel\Role(); + $role = new Role(); $role->throwExceptionIfNotExistsRole($roleUid, $this->arrayFieldNameForException["roleUid"]); @@ -162,11 +169,11 @@ class User $this->throwExceptionIfItsAssignedUserToRole($roleUid, $arrayData["USR_UID"], $this->arrayFieldNameForException["userUid"]); if ($arrayData["USR_UID"] == "00000000000000000000000000000001") { - throw new \Exception(\G::LoadTranslation("ID_ADMINISTRATOR_ROLE_CANT_CHANGED")); + throw new Exception(G::LoadTranslation("ID_ADMINISTRATOR_ROLE_CANT_CHANGED")); } //Create - $role = new \Roles(); + $role = new Roles(); $arrayData = array_merge(array("ROL_UID" => $roleUid), $arrayData); @@ -178,7 +185,7 @@ class User } return $arrayData; - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -188,15 +195,14 @@ class User * * @param string $roleUid Unique id of Role * @param string $userUid Unique id of User - * - * return void + * @return void */ public function delete($roleUid, $userUid) { try { //Verify data - $process = new \ProcessMaker\BusinessModel\Process(); - $role = new \ProcessMaker\BusinessModel\Role(); + $process = new Process(); + $role = new Role(); $role->throwExceptionIfNotExistsRole($roleUid, $this->arrayFieldNameForException["roleUid"]); @@ -205,14 +211,14 @@ class User $this->throwExceptionIfNotItsAssignedUserToRole($roleUid, $userUid, $this->arrayFieldNameForException["userUid"]); if ($userUid == "00000000000000000000000000000001") { - throw new \Exception(\G::LoadTranslation("ID_ADMINISTRATOR_ROLE_CANT_CHANGED")); + throw new Exception(G::LoadTranslation("ID_ADMINISTRATOR_ROLE_CANT_CHANGED")); } //Delete - $role = new \Roles(); + $role = new Roles(); $role->deleteUserRole($roleUid, $userUid); - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -221,8 +227,7 @@ class User * Get data of a User from a record * * @param array $record Record - * - * return array Return an array with data User + * @return array Return an array with data User */ public function getUserDataFromRecord(array $record) { @@ -234,7 +239,7 @@ class User $this->getFieldNameByFormatFieldName("USR_LASTNAME") => $record["USR_LASTNAME"] . "", $this->getFieldNameByFormatFieldName("USR_STATUS") => ($record["USR_STATUS"] . "" == "1")? "ACTIVE" : "INACTIVE" ); - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -249,8 +254,7 @@ class User * @param string $sortDir Direction of sorting (ASC, DESC) * @param int $start Start * @param int $limit Limit - * - * return array Return an array with all Users of a Role + * @return array Return an array with all Users of a Role */ public function getUsers($roleUid, $option, array $arrayFilterData = null, $sortField = null, $sortDir = null, $start = null, $limit = null) { @@ -262,8 +266,8 @@ class User //Verify data and Set variables $flagFilter = !is_null($arrayFilterData) && is_array($arrayFilterData) && isset($arrayFilterData['filter']); - $process = new \ProcessMaker\BusinessModel\Process(); - $role = new \ProcessMaker\BusinessModel\Role(); + $process = new Process(); + $role = new Role(); $role->throwExceptionIfNotExistsRole($roleUid, $this->arrayFieldNameForException["roleUid"]); @@ -303,24 +307,25 @@ class User } //Query - $criteria = new \Criteria('rbac'); + $criteria = new Criteria('rbac'); - $criteria->addSelectColumn(\RbacUsersPeer::USR_UID); - $criteria->addSelectColumn(\RbacUsersPeer::USR_USERNAME); - $criteria->addSelectColumn(\RbacUsersPeer::USR_FIRSTNAME); - $criteria->addSelectColumn(\RbacUsersPeer::USR_LASTNAME); - $criteria->addSelectColumn(\RbacUsersPeer::USR_STATUS); + $criteria->addSelectColumn(RbacUsersPeer::USR_UID); + $criteria->addSelectColumn(RbacUsersPeer::USR_USERNAME); + $criteria->addSelectColumn(RbacUsersPeer::USR_FIRSTNAME); + $criteria->addSelectColumn(RbacUsersPeer::USR_LASTNAME); + $criteria->addSelectColumn(RbacUsersPeer::USR_STATUS); - $criteria->addJoin(\RbacUsersPeer::USR_UID, \UsersRolesPeer::USR_UID, \Criteria::LEFT_JOIN); + $criteria->addJoin(RbacUsersPeer::USR_UID, UsersRolesPeer::USR_UID, Criteria::LEFT_JOIN); - $criteria->add(\RbacUsersPeer::USR_USERNAME, '', \Criteria::NOT_EQUAL); + $criteria->add(RbacUsersPeer::USR_USERNAME, '', Criteria::NOT_EQUAL); switch ($option) { case "USERS": - $criteria->add(\UsersRolesPeer::ROL_UID, $roleUid, \Criteria::EQUAL); + $criteria->add(UsersRolesPeer::ROL_UID, $roleUid, Criteria::EQUAL); break; case "AVAILABLE-USERS": - $criteria->add(\UsersRolesPeer::ROL_UID, $roleUid, \Criteria::NOT_EQUAL); + $criteria->add(UsersRolesPeer::ROL_UID, $roleUid, Criteria::NOT_EQUAL); + $criteria->add(RbacUsersPeer::USR_UID, [RBAC::GUEST_USER_UID], Criteria::NOT_IN); break; } @@ -336,24 +341,24 @@ class User ]; $criteria->add( - $criteria->getNewCriterion(\RbacUsersPeer::USR_USERNAME, $search, \Criteria::LIKE)->addOr( - $criteria->getNewCriterion(\RbacUsersPeer::USR_FIRSTNAME, $search, \Criteria::LIKE)->addOr( - $criteria->getNewCriterion(\RbacUsersPeer::USR_LASTNAME, $search, \Criteria::LIKE))) + $criteria->getNewCriterion(RbacUsersPeer::USR_USERNAME, $search, Criteria::LIKE)->addOr( + $criteria->getNewCriterion(RbacUsersPeer::USR_FIRSTNAME, $search, Criteria::LIKE)->addOr( + $criteria->getNewCriterion(RbacUsersPeer::USR_LASTNAME, $search, Criteria::LIKE))) ); } //Number records total - $numRecTotal = \RbacUsersPeer::doCount($criteria); + $numRecTotal = RbacUsersPeer::doCount($criteria); //Query - $conf = new \Configurations(); - $sortFieldDefault = \RbacUsersPeer::TABLE_NAME . '.' . $conf->userNameFormatGetFirstFieldByUsersTable(); + $conf = new Configurations(); + $sortFieldDefault = RbacUsersPeer::TABLE_NAME . '.' . $conf->userNameFormatGetFirstFieldByUsersTable(); if (!is_null($sortField) && trim($sortField) != '') { $sortField = strtoupper($sortField); - if (in_array(\RbacUsersPeer::TABLE_NAME . '.' . $sortField, $criteria->getSelectColumns())) { - $sortField = \RbacUsersPeer::TABLE_NAME . '.' . $sortField; + if (in_array(RbacUsersPeer::TABLE_NAME . '.' . $sortField, $criteria->getSelectColumns())) { + $sortField = RbacUsersPeer::TABLE_NAME . '.' . $sortField; } else { $sortField = $sortFieldDefault; } @@ -375,8 +380,8 @@ class User $criteria->setLimit((int)($limit)); } - $rsCriteria = \RbacUsersPeer::doSelectRS($criteria); - $rsCriteria->setFetchmode(\ResultSet::FETCHMODE_ASSOC); + $rsCriteria = RbacUsersPeer::doSelectRS($criteria); + $rsCriteria->setFetchmode(ResultSet::FETCHMODE_ASSOC); while ($rsCriteria->next()) { $row = $rsCriteria->getRow(); @@ -392,7 +397,7 @@ class User $filterName => ($flagFilter)? $arrayFilterData['filter'] : '', 'data' => $arrayUser ]; - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/User.php b/workflow/engine/src/ProcessMaker/BusinessModel/User.php index 8a9860917..1d9d4fe47 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/User.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/User.php @@ -110,6 +110,8 @@ class User 'PREF_DEFAULT_CASES_MENUSELECTED' => 'PM_EDIT_USER_PROFILE_DEFAULT_CASES_MENU_OPTIONS' ); + private $guestUser = RBAC::GUEST_USER_UID; + /** * Constructor of the class */ @@ -124,6 +126,16 @@ class User } } + /** + * This function get the guest user defined + * + * @return string guestUser, uid related to this user + */ + public function getGuestUser() + { + return $this->guestUser; + } + /** * @return array */ @@ -640,6 +652,10 @@ class User { try { + //check user guest + if (RBAC::isGuestUserUid($userUid)) { + throw new Exception(G::LoadTranslation("ID_USER_CAN_NOT_UPDATE", array($userUid))); + } //Verify data $validator = new Validator(); @@ -1078,6 +1094,12 @@ class User $history += ApplicationPeer::doCount($c); $c = $oProcessMap->getCriteriaUsersCases('CANCELLED', $USR_UID); $history += ApplicationPeer::doCount($c); + + //check user guest + if (RBAC::isGuestUserUid($usrUid)) { + throw new Exception(G::LoadTranslation("ID_MSG_CANNOT_DELETE_USER", array($USR_UID))); + } + if ($total > 0) { throw new Exception(G::LoadTranslation("ID_USER_CAN_NOT_BE_DELETED", array($USR_UID))); } else { @@ -1182,6 +1204,9 @@ class User //Query $criteria = $this->getUserCriteria(); + //Remove the guest user + $criteria->add(UsersPeer::USR_UID, RBAC::GUEST_USER_UID, Criteria::NOT_EQUAL); + if ($flagCondition && !empty($arrayWhere['condition'])) { foreach ($arrayWhere['condition'] as $value) { $criteria->add($value[0], $value[1], $value[2]); @@ -1556,6 +1581,9 @@ class User } $oCriteria->add(UsersPeer::USR_STATUS, array('CLOSED'), Criteria::NOT_IN); + //Remove the guest user + $oCriteria->add(UsersPeer::USR_UID, RBAC::GUEST_USER_UID, Criteria::NOT_EQUAL); + if ($authSource != '') { $totalRows = sizeof($aUsers); } else { @@ -1583,6 +1611,10 @@ class User $oCriteria->addAsColumn('DUE_DATE_OK', 1); $sep = "'"; $oCriteria->add(UsersPeer::USR_STATUS, array('CLOSED'), Criteria::NOT_IN); + + //Remove the guest user + $oCriteria->add(UsersPeer::USR_UID, RBAC::GUEST_USER_UID, Criteria::NOT_EQUAL); + if ($filter != '') { $cc = $oCriteria->getNewCriterion(UsersPeer::USR_USERNAME, '%' . $filter . '%', Criteria::LIKE) ->addOr($oCriteria->getNewCriterion(UsersPeer::USR_FIRSTNAME, '%' . $filter . '%', Criteria::LIKE) diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/WebEntryEvent.php b/workflow/engine/src/ProcessMaker/BusinessModel/WebEntryEvent.php index 62ef10aba..e14d84124 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/WebEntryEvent.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/WebEntryEvent.php @@ -9,6 +9,23 @@ use WebEntryPeer; use Exception; use G; use BpmnFlowPeer; +use ProcessMaker\BusinessModel\Process as BusinessModelProcess; +use ProcessMaker\BusinessModel\Validator as BusinessModelValidator; +use ProcessMaker\Project\Workflow; +use WebEntryEvent as ModelWebEntryEvent; +use ProcessMaker\Util\Common; +use Task as ModelTask; +use Propel; +use BasePeer; +use Content; +use Tasks; +use Step; +use TaskPeer; +use StepPeer; +use ResultSet; +use TaskUser; +use TaskUserPeer; + class WebEntryEvent { @@ -358,13 +375,7 @@ class WebEntryEvent $arrayFinalData = array_merge($arrayWebEntryEventData, $arrayData); - //Verify data - Field definition - $process = new \ProcessMaker\BusinessModel\Process(); - //Dependent fields: - if (!isset($arrayData['WE_AUTHENTICATION']) || $arrayData['WE_AUTHENTICATION'] - == 'ANONYMOUS') { - $this->arrayFieldDefinition['USR_UID']['required'] = true; - } + //Define the required dependent fields: if (!isset($arrayData['WE_TYPE']) || $arrayData['WE_TYPE'] == 'SINGLE') { $this->arrayFieldDefinition['DYN_UID']['required'] = true; @@ -391,6 +402,7 @@ class WebEntryEvent $this->arrayFieldDefinition['WE_LINK_LANGUAGE']['defaultValues'] = $languages; } + $process = new BusinessModelProcess(); $process->throwExceptionIfDataNotMetFieldDefinition($arrayData, $this->arrayFieldDefinition, $this->arrayFieldNameForException, $flagInsert); @@ -513,11 +525,11 @@ class WebEntryEvent $arrayEventData = $bpmn->getEvent($eventUid); //Task - $task = new \Task(); + $task = new ModelTask(); $tasUid = static::getTaskUidFromEvnUid($eventUid); - if (\TaskPeer::retrieveByPK($tasUid)) { + if (TaskPeer::retrieveByPK($tasUid)) { $this->webEntryEventWebEntryTaskUid = $tasUid; } else { $this->webEntryEventWebEntryTaskUid = $task->create( @@ -535,7 +547,7 @@ class WebEntryEvent if (!isset($arrayData['WE_TYPE']) || $arrayData['WE_TYPE'] === 'SINGLE') { //Task - Step - $step = new \Step(); + $step = new Step(); $stepUid = $step->create(array( "PRO_UID" => $projectUid, @@ -553,13 +565,13 @@ class WebEntryEvent } //Task - User - $task = new \Tasks(); + $task = new Tasks(); if (!(isset($arrayData['WE_AUTHENTICATION']) && $arrayData['WE_AUTHENTICATION'] === 'LOGIN_REQUIRED')) { $task->assignUser($this->webEntryEventWebEntryTaskUid, $userUid, 1); } //Route - $workflow = \ProcessMaker\Project\Workflow::load($projectUid); + $workflow = Workflow::load($projectUid); $result = $workflow->addRoute($this->webEntryEventWebEntryTaskUid, $activityUid, "SEQUENTIAL"); @@ -622,10 +634,10 @@ class WebEntryEvent { try { if ($webEntryTaskUid != "") { - $obj = \TaskPeer::retrieveByPK($webEntryTaskUid); + $obj = TaskPeer::retrieveByPK($webEntryTaskUid); if (!is_null($obj)) { - $task = new \Tasks(); + $task = new Tasks(); $task->deleteTask($webEntryTaskUid); } @@ -657,8 +669,8 @@ class WebEntryEvent { try { //Verify data - $process = new \ProcessMaker\BusinessModel\Process(); - $validator = new \ProcessMaker\BusinessModel\Validator(); + $process = new BusinessModelProcess(); + $validator = new BusinessModelValidator(); $validator->throwExceptionIfDataIsNotArray($arrayData, "\$arrayData"); $validator->throwExceptionIfDataIsEmpty($arrayData, "\$arrayData"); @@ -693,17 +705,19 @@ class WebEntryEvent $arrayData["WEE_TITLE"] = null; } - //Verify data + //Verify data related to the process $process->throwExceptionIfNotExistsProcess($projectUid, $this->arrayFieldNameForException["projectUid"]); - + //Define if the webEntry need to use the guest user + $weUserUid = isset($arrayData["USR_UID"]) ? $arrayData["USR_UID"] : ''; + $weAuthentication = isset($arrayData["WE_AUTHENTICATION"]) ? $arrayData["WE_AUTHENTICATION"] : ''; + $arrayData["USR_UID"] = $this->getWebEntryUser($weAuthentication, $weUserUid); + //Verify data with the required fields $this->throwExceptionIfDataIsInvalid("", $projectUid, $arrayData); - //Create - $cnn = \Propel::getConnection("workflow"); - $this->webEntryEventWebEntryUid = ""; $this->webEntryEventWebEntryTaskUid = ""; - + //Create the connection + $cnn = Propel::getConnection("workflow"); try { //WebEntry $this->createWebEntry( @@ -719,11 +733,11 @@ class WebEntryEvent ); //WebEntry-Event - $webEntryEvent = new \WebEntryEvent(); + $webEntryEvent = new ModelWebEntryEvent(); - $webEntryEvent->fromArray($arrayData, \BasePeer::TYPE_FIELDNAME); + $webEntryEvent->fromArray($arrayData, BasePeer::TYPE_FIELDNAME); - $webEntryEventUid = \ProcessMaker\Util\Common::generateUID(); + $webEntryEventUid = Common::generateUID(); $webEntryEvent->setWeeUid($webEntryEventUid); $webEntryEvent->setPrjUid($projectUid); @@ -739,13 +753,13 @@ class WebEntryEvent //Set WEE_TITLE if (isset($arrayData["WEE_TITLE"])) { - $result = \Content::addContent("WEE_TITLE", "", $webEntryEventUid, SYS_LANG, + $result = Content::addContent("WEE_TITLE", "", $webEntryEventUid, SYS_LANG, $arrayData["WEE_TITLE"]); } //Set WEE_DESCRIPTION if (isset($arrayData["WEE_DESCRIPTION"])) { - $result = \Content::addContent("WEE_DESCRIPTION", "", $webEntryEventUid, SYS_LANG, + $result = Content::addContent("WEE_DESCRIPTION", "", $webEntryEventUid, SYS_LANG, $arrayData["WEE_DESCRIPTION"]); } @@ -782,12 +796,12 @@ class WebEntryEvent * @return array Return data of the WebEntry-Event updated * @throws Exception */ - public function update($webEntryEventUid, $userUidUpdater, array $arrayData) + public function update($webEntryEventUid, $userUidUpdater, array $arrayData, $updateUser = true) { try { //Verify data - $process = new \ProcessMaker\BusinessModel\Process(); - $validator = new \ProcessMaker\BusinessModel\Validator(); + $process = new BusinessModelProcess(); + $validator = new BusinessModelValidator(); $validator->throwExceptionIfDataIsNotArray($arrayData, "\$arrayData"); $validator->throwExceptionIfDataIsEmpty($arrayData, "\$arrayData"); @@ -806,14 +820,20 @@ class WebEntryEvent $arrayFinalData = array_merge($arrayWebEntryEventData, $arrayData); - //Verify data + //Verify data related to the process $this->throwExceptionIfNotExistsWebEntryEvent($webEntryEventUid, $this->arrayFieldNameForException["webEntryEventUid"]); - + //Define if the webEntry need to use the guest user + $weUserUid = isset($arrayData["USR_UID"]) ? $arrayData["USR_UID"] : ''; + $weAuthentication = isset($arrayData["WE_AUTHENTICATION"]) ? $arrayData["WE_AUTHENTICATION"] : ''; + if ($updateUser) { + $arrayData["USR_UID"] = $this->getWebEntryUser($weAuthentication, $weUserUid); + } + //Verify data with the required fields $this->throwExceptionIfDataIsInvalid($webEntryEventUid, $arrayWebEntryEventData["PRJ_UID"], $arrayData); //Update - $cnn = \Propel::getConnection("workflow"); + $cnn = Propel::getConnection("workflow"); $this->webEntryEventWebEntryUid = ""; $this->webEntryEventWebEntryTaskUid = ""; @@ -821,20 +841,20 @@ class WebEntryEvent try { //WebEntry if ($arrayWebEntryEventData["WEE_WE_UID"] != "") { - $task = new \Tasks(); + $task = new Tasks(); //Task - Step for WE_TYPE=SINGLE $weType = !empty($arrayData["WE_TYPE"]) ? $arrayData["WE_TYPE"] : $arrayWebEntryEventData["WE_TYPE"]; if (isset($arrayData["DYN_UID"]) && $arrayData["DYN_UID"] !== $arrayWebEntryEventData["DYN_UID"] && $weType === 'SINGLE') { //Delete - $step = new \Step(); + $step = new Step(); $criteria = new Criteria("workflow"); - $criteria->add(\StepPeer::TAS_UID, $arrayWebEntryEventData["WEE_WE_TAS_UID"]); + $criteria->add(StepPeer::TAS_UID, $arrayWebEntryEventData["WEE_WE_TAS_UID"]); - $rsCriteria = \StepPeer::doSelectRS($criteria); - $rsCriteria->setFetchmode(\ResultSet::FETCHMODE_ASSOC); + $rsCriteria = StepPeer::doSelectRS($criteria); + $rsCriteria->setFetchmode(ResultSet::FETCHMODE_ASSOC); while ($rsCriteria->next()) { $row = $rsCriteria->getRow(); @@ -843,7 +863,7 @@ class WebEntryEvent } //Add - $step = new \Step(); + $step = new Step(); $stepUid = $step->create(array( "PRO_UID" => $arrayWebEntryEventData["PRJ_UID"], @@ -859,16 +879,21 @@ class WebEntryEvent } //Task - User - if (!empty($arrayData["USR_UID"]) && $arrayData["USR_UID"] != $arrayWebEntryEventData["USR_UID"]) { + $proUser = new ProjectUser(); + $newUser = !empty($arrayData["USR_UID"]) ? $arrayData["USR_UID"] : ""; + $oldUser = $arrayWebEntryEventData["USR_UID"]; + $isAssigned = $proUser->userIsAssignedToTask($newUser, $arrayWebEntryEventData["WEE_WE_TAS_UID"]); + $shouldUpdate = !empty($newUser) && ($newUser !== $oldUser || !$isAssigned); + if ($shouldUpdate) { //Unassign - $taskUser = new \TaskUser(); + $taskUser = new TaskUser(); $criteria = new Criteria("workflow"); - $criteria->add(\TaskUserPeer::TAS_UID, $arrayWebEntryEventData["WEE_WE_TAS_UID"]); + $criteria->add(TaskUserPeer::TAS_UID, $arrayWebEntryEventData["WEE_WE_TAS_UID"]); - $rsCriteria = \TaskUserPeer::doSelectRS($criteria); - $rsCriteria->setFetchmode(\ResultSet::FETCHMODE_ASSOC); + $rsCriteria = TaskUserPeer::doSelectRS($criteria); + $rsCriteria->setFetchmode(ResultSet::FETCHMODE_ASSOC); while ($rsCriteria->next()) { $row = $rsCriteria->getRow(); @@ -878,8 +903,11 @@ class WebEntryEvent } //Assign - $result = $task->assignUser($arrayWebEntryEventData["WEE_WE_TAS_UID"], $arrayData["USR_UID"], - 1); + $result = $task->assignUser( + $arrayWebEntryEventData["WEE_WE_TAS_UID"], + $arrayData["USR_UID"], + 1 + ); } //Route @@ -892,7 +920,7 @@ class WebEntryEvent } //Add - $workflow = \ProcessMaker\Project\Workflow::load($arrayWebEntryEventData["PRJ_UID"]); + $workflow = Workflow::load($arrayWebEntryEventData["PRJ_UID"]); $result = $workflow->addRoute($arrayWebEntryEventData["WEE_WE_TAS_UID"], $arrayData["ACT_UID"], "SEQUENTIAL"); @@ -925,15 +953,18 @@ class WebEntryEvent } if (count($arrayDataAux) > 0) { - $arrayDataAux = $this->webEntry->update($arrayWebEntryEventData["WEE_WE_UID"], $userUidUpdater, - $arrayDataAux); + $arrayDataAux = $this->webEntry->update( + $arrayWebEntryEventData["WEE_WE_UID"], + $userUidUpdater, + $arrayDataAux + ); } } //WebEntry-Event $webEntryEvent = WebEntryEventPeer::retrieveByPK($webEntryEventUid); - $webEntryEvent->fromArray($arrayData, \BasePeer::TYPE_FIELDNAME); + $webEntryEvent->fromArray($arrayData, BasePeer::TYPE_FIELDNAME); if ($webEntryEvent->validate()) { $cnn->begin(); @@ -944,13 +975,13 @@ class WebEntryEvent //Set WEE_TITLE if (isset($arrayData["WEE_TITLE"])) { - $result = \Content::addContent("WEE_TITLE", "", $webEntryEventUid, SYS_LANG, + $result = Content::addContent("WEE_TITLE", "", $webEntryEventUid, SYS_LANG, $arrayData["WEE_TITLE"]); } //Set WEE_DESCRIPTION if (isset($arrayData["WEE_DESCRIPTION"])) { - $result = \Content::addContent("WEE_DESCRIPTION", "", $webEntryEventUid, SYS_LANG, + $result = Content::addContent("WEE_DESCRIPTION", "", $webEntryEventUid, SYS_LANG, $arrayData["WEE_DESCRIPTION"]); } @@ -1123,7 +1154,7 @@ class WebEntryEvent $arrayWebEntryEvent = array(); //Verify data - $process = new \ProcessMaker\BusinessModel\Process(); + $process = new BusinessModelProcess(); $process->throwExceptionIfNotExistsProcess($projectUid, $this->arrayFieldNameForException["projectUid"]); @@ -1133,7 +1164,7 @@ class WebEntryEvent $criteria->add(WebEntryEventPeer::PRJ_UID, $projectUid, Criteria::EQUAL); $rsCriteria = WebEntryEventPeer::doSelectRS($criteria); - $rsCriteria->setFetchmode(\ResultSet::FETCHMODE_ASSOC); + $rsCriteria->setFetchmode(ResultSet::FETCHMODE_ASSOC); while ($rsCriteria->next()) { $row = $rsCriteria->getRow(); @@ -1174,7 +1205,7 @@ class WebEntryEvent } $criteria->add(ProcessPeer::PRO_STATUS, 'ACTIVE', Criteria::EQUAL); $rsCriteria = WebEntryEventPeer::doSelectRS($criteria); - $rsCriteria->setFetchmode(\ResultSet::FETCHMODE_ASSOC); + $rsCriteria->setFetchmode(ResultSet::FETCHMODE_ASSOC); while ($rsCriteria->next()) { $row = $rsCriteria->getRow(); $result[] = $this->getWebEntryEventDataFromRecord($row); @@ -1208,7 +1239,7 @@ class WebEntryEvent $criteria->add(WebEntryEventPeer::WEE_UID, $webEntryEventUid, Criteria::EQUAL); $rsCriteria = WebEntryEventPeer::doSelectRS($criteria); - $rsCriteria->setFetchmode(\ResultSet::FETCHMODE_ASSOC); + $rsCriteria->setFetchmode(ResultSet::FETCHMODE_ASSOC); $rsCriteria->next(); @@ -1235,7 +1266,7 @@ class WebEntryEvent { try { //Verify data - $process = new \ProcessMaker\BusinessModel\Process(); + $process = new BusinessModelProcess(); $process->throwExceptionIfNotExistsProcess($projectUid, $this->arrayFieldNameForException["projectUid"]); @@ -1251,7 +1282,7 @@ class WebEntryEvent $criteria->add(WebEntryEventPeer::EVN_UID, $eventUid, Criteria::EQUAL); $rsCriteria = WebEntryEventPeer::doSelectRS($criteria); - $rsCriteria->setFetchmode(\ResultSet::FETCHMODE_ASSOC); + $rsCriteria->setFetchmode(ResultSet::FETCHMODE_ASSOC); $rsCriteria->next(); @@ -1361,4 +1392,22 @@ class WebEntryEvent return $url . "/" . $weData; } } + + /** + * This function return the uid of user related to the webEntry + * @param string $authentication, can be ANONYMOUS, LOGIN_REQUIRED + * @param string $usrUid + * @return string + */ + public function getWebEntryUser($authentication = 'ANONYMOUS', $usrUid = '') + { + //The webEntry old does not have type of authentication defined + //The webEntry2.0 can be has values ANONYMOUS or LOGIN_REQUIRED + if ($authentication === 'ANONYMOUS' || empty($authentication)) { + $user = new User(); + return $user->getGuestUser(); + } else { + return $usrUid; + } + } } diff --git a/workflow/engine/src/ProcessMaker/Project/Adapter/BpmnWorkflow.php b/workflow/engine/src/ProcessMaker/Project/Adapter/BpmnWorkflow.php index fb79e87eb..6083ac8ad 100644 --- a/workflow/engine/src/ProcessMaker/Project/Adapter/BpmnWorkflow.php +++ b/workflow/engine/src/ProcessMaker/Project/Adapter/BpmnWorkflow.php @@ -2086,7 +2086,8 @@ class BpmnWorkflow extends Project\Bpmn $arrayResult = $webEntryEvent->update( $arrayWebEntryEventData['WEE_UID'], $bpmnProject->getPrjAuthor(), - (!is_null($arrayData))? $arrayData : $arrayWebEntryEventData + (!is_null($arrayData))? $arrayData : $arrayWebEntryEventData, + false ); } }