fernando/luos
1
0
Fork 0
Code Releases Activity

Resolve conflict with Rbac and remove loads

Browse Source
This commit is contained in:
Paula Quispe
2017-08-04 07:19:26 -04:00
parent cba358b98b
commit f9d33e6451
2 changed files with 106 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

106
gulliver/system/class.rbac.php
View File

@@ -73,6 +73,80 @@ class RBAC
public function __construct ()
{
$this->authorizedActions = array(
'users_Ajax.php' => array(
'availableUsers' => array('PM_FACTORY'),
'assign' => array('PM_FACTORY'),
'changeView' => array(),
'ofToAssign' => array('PM_FACTORY'),
'usersGroup' => array('PM_FACTORY'),
'canDeleteUser' => array('PM_USERS'),
'deleteUser' => array('PM_USERS'),
'changeUserStatus' => array('PM_USERS'),
'availableGroups' => array('PM_USERS'),
'assignedGroups' => array('PM_USERS'),
'assignGroupsToUserMultiple' => array('PM_USERS'),
'deleteGroupsToUserMultiple' => array('PM_USERS'),
'authSources' => array('PM_USERS'),
'loadAuthSourceByUID' => array('PM_USERS'),
'updateAuthServices' => array('PM_USERS'),
'usersList' => array('PM_USERS'),
'updatePageSize' => array(),
'summaryUserData' => array('PM_USERS'),
'verifyIfUserAssignedAsSupervisor' => array('PM_USERS')
),
'skin_Ajax.php' => array(
'updatePageSize' => array(),
'skinList' => array('PM_SETUP_SKIN'),
'newSkin' => array('PM_SETUP_SKIN'),
'importSkin' => array('PM_SETUP_SKIN'),
'exportSkin' => array('PM_SETUP_SKIN'),
'deleteSkin' => array('PM_SETUP_SKIN'),
'streamSkin' => array('PM_SETUP_SKIN'),
'addTarFolder' => array('PM_SETUP_SKIN'),
'copy_skin_folder' => array('PM_SETUP_SKIN')
),
'processes_DownloadFile.php' => array(
'downloadFileHash' => array('PM_FACTORY')
),
'processProxy.php' => array(
'categoriesList' => array(),
'getCategoriesList' => array(),
'saveProcess' => array('PM_FACTORY'),
'changeStatus' => array(),
'changeDebugMode' => array(),
'getUsers' => array(),
'getGroups' => array(),
'assignActorsTask' => array(),
'removeActorsTask' => array(),
'getActorsTask' => array(),
'getProcessDetail' => array(),
'getProperties' => array(),
'saveProperties' => array(),
'getCaledarList' => array(),
'getPMVariables' => array(),
'generateBpmn' => array()
),
'home.php' => array(
'login' => array('PM_LOGIN'),
'index' => array('PM_CASES'),
'indexSingle' => array('PM_CASES'),
'appList' => array('PM_CASES'),
'appAdvancedSearch' => array('PM_ALLCASES'),
'getApps' => array('PM_ALLCASES'),
'getAppsData' => array('PM_ALLCASES'),
'startCase' => array('PM_CASES'),
'error' => array(),
'getUserArray' => array('PM_ALLCASES'),
'getCategoryArray' => array('PM_ALLCASES'),
'getAllUsersArray' => array('PM_ALLCASES'),
'getStatusArray' => array('PM_ALLCASES'),
'getProcessArray' => array('PM_ALLCASES'),
'getProcesses' => array('PM_ALLCASES'),
'getUsers' => array('PM_ALLCASES')
)
);
}
/**
@@ -1440,5 +1514,37 @@ class RBAC
}
}
}
/**
* This function verify if the user allows to the file with a specific action
* If the action is not defined in the authorizedActions we give the allow
* @param string $file
* @param string $action
*
* @return void
*/
public function allows($file, $action)
{
$access = false;
if (isset($this->authorizedActions[$file][$action])) {
$permissions = $this->authorizedActions[$file][$action];
$totalPermissions = count($permissions);
$countAccess = 0;
foreach ($permissions as $key => $value) {
if ($this->userCanAccess($value) == 1) {
$countAccess++;
}
}
//Check if the user has all permissions that needed
if ($countAccess == $totalPermissions) {
$access = true;
}
}
if (!$access) {
G::header('Location: /errors/error403.php');
die();
}
}
}

19
workflow/engine/methods/users/users_Ajax.php
View File

@@ -14,7 +14,6 @@ try {
die();
break;
}
G::LoadInclude('ajax');
if (isset($_POST['form'])) {
$_POST = $_POST['form'];
}
@@ -28,7 +27,6 @@ try {
switch ($value) {
case 'availableUsers':
//Classic process: list of users to assign in the task
G::LoadClass('processMap');
$oProcessMap = new ProcessMap();
global $G_PUBLISH;
$G_PUBLISH = new Publisher();
@@ -37,7 +35,6 @@ try {
break;
case 'assign':
//Classic process: assign users and groups in the task
G::LoadClass('tasks');
$oTasks = new Tasks();
switch ((int) $_POST['TU_RELATION']) {
case 1:
@@ -54,7 +51,6 @@ try {
break;
case 'ofToAssign':
//Classic process: remove users and groups related a task
G::LoadClass('tasks');
$oTasks = new Tasks();
switch ((int) $_POST['TU_RELATION']) {
case 1:
@@ -73,7 +69,6 @@ try {
break;
case 'usersGroup':
//Classic process: list of users in a group related a task
G::LoadClass('groups');
$oGroup = new Groups();
$aGroup = $oGroup->getUsersOfGroup($_POST['GRP_UID']);
foreach ($aGroup as $iIndex => $aValues) {
@@ -82,7 +77,6 @@ try {
break;
case 'canDeleteUser':
//Check before delete a user
G::LoadClass('case');
$oProcessMap = new Cases();
$userUid = $_POST['uUID'];
$total = 0;
@@ -122,17 +116,14 @@ try {
}
//Remove from tasks
G::LoadClass('tasks');
$oTasks = new Tasks();
$oTasks->ofToAssignUserOfAllTasks($usrUid);
//Remove from groups
G::LoadClass('groups');
$oGroups = new Groups();
$oGroups->removeUserOfAllGroups($usrUid);
//Update the table Users
require_once 'classes/model/Users.php';
$RBAC->changeUserStatus($usrUid, 'CLOSED');
$RBAC->updateUser(array('USR_UID' => $usrUid,'USR_USERNAME' => ''), '');
$oUser = new Users();
@@ -143,7 +134,6 @@ try {
$oUser->update($aFields);
//Delete Dashboard
require_once 'classes/model/DashletInstance.php';
$criteria = new Criteria( 'workflow' );
$criteria->add( DashletInstancePeer::DAS_INS_OWNER_UID, $usrUid );
$criteria->add( DashletInstancePeer::DAS_INS_OWNER_TYPE , 'USER');
@@ -161,7 +151,6 @@ try {
$response = new stdclass();
if (isset($_REQUEST['USR_UID']) && isset($_REQUEST['NEW_USR_STATUS'])) {
$RBAC->changeUserStatus($_REQUEST['USR_UID'], ($_REQUEST['NEW_USR_STATUS'] == 'ACTIVE' ? 1 : 0));
require_once 'classes/model/Users.php';
$userInstance = new Users();
$userData = $userInstance->load($_REQUEST['USR_UID']);
$userData['USR_STATUS'] = $_REQUEST['NEW_USR_STATUS'];
@@ -178,7 +167,6 @@ try {
break;
case 'availableGroups':
//Get the available groups for assign to user
G::LoadClass('groups');
$filter = (isset($_POST['textFilter'])) ? $_POST['textFilter'] : '';
$groups = new Groups();
$criteria = $groups->getAvailableGroupsCriteria($_REQUEST['uUID'], $filter);
@@ -192,7 +180,6 @@ try {
break;
case 'assignedGroups':
//Get the groups related to user
G::LoadClass('groups');
$filter = (isset($_POST['textFilter'])) ? $_POST['textFilter'] : '';
$groups = new Groups();
$criteria = $groups->getAssignedGroupsCriteria($_REQUEST['uUID'], $filter);
@@ -251,7 +238,6 @@ try {
break;
case 'loadAuthSourceByUID':
//Get the authentication source assignment
require_once 'classes/model/Users.php';
$oCriteria = $RBAC->load($_POST['uUID']);
$UID_AUTH = $oCriteria['UID_AUTH_SOURCE'];
if (($UID_AUTH != '00000000000000000000000000000000') && ($UID_AUTH != '')) {
@@ -302,7 +288,6 @@ try {
case 'usersList':
//Get the list of users
//Read the configurations related to enviroments
G::LoadClass('configuration');
$co = new Configurations();
$config = $co->getConfiguration('usersList', 'pageSize', '', $_SESSION['USER_LOGGED']);
$limit_size = isset($config['pageSize']) ? $config['pageSize'] : 20;
@@ -331,10 +316,6 @@ try {
break;
case 'summaryUserData':
//Get all information for the summary
require_once 'classes/model/Users.php';
require_once 'classes/model/Department.php';
require_once 'classes/model/AppCacheView.php';
G::LoadClass('configuration');
$oUser = new Users();
$data = $oUser->loadDetailed($_REQUEST['USR_UID']);
$data['USR_STATUS'] = G::LoadTranslation('ID_' . $data['USR_STATUS']);