Acl update; Przypomnij: update acl usage

SE/se-lib/Data_Source.php

@@ -21,6 +21,9 @@ class Data_Source {
 	var $_sql_left_join;// TODO: left join in table
 	var $_isAccessFltrAllowed = null;
 	private $_geomFields = array();
+	private $_fieldOwner = null;
+	private $_fieldGroupWrite = null;
+	private $_fieldGroupRead = null;
 
 	function __construct($db = null) {
 		if ($db) {
@@ -136,6 +139,25 @@ class Data_Source {
 		}
 	}
 
+	public function setFieldOwner($fieldName, $fieldExists = false) {
+		if ($fieldExists) {
+			$this->_fieldOwner = $fieldName;
+			$this->_cols[$fieldName] = $fieldName;
+		}
+	}
+
+	public function getFieldGroupWrite() {
+		return $this->_fieldGroupWrite;
+	}
+
+	public function getFieldGroupRead() {
+		return $this->_fieldGroupRead;
+	}
+
+	public function getFieldOwner() {
+		return $this->_fieldOwner;
+	}
+
 	function _get_sql_cols() {
 		$sql_cols = "t.*";
 		if (!empty($this->_cols)) {
@@ -162,13 +184,21 @@ if(V::get('DBG_DS', 0, $_GET) > 0){echo'<pre style="max-height:200px;overflow:au
 		if (false === $this->_isAccessFltrAllowed) {
 			return false;
 		}
-		else if ( !empty($this->_fieldGroupWrite)
+		else if ($this->hasAclGroupFields()) {
+			return true;
+		}
+		return false;
+	}
+
+	public function hasAclGroupFields() {
+		if ( !empty($this->_fieldGroupWrite)
 			&& !empty($this->_fieldGroupRead)
 			&& array_key_exists('A_ADM_COMPANY', $this->_cols)
 			&& array_key_exists('A_CLASSIFIED', $this->_cols)
 		) {
 			return true;
 		}
+		return false;
 	}
 
 	function getSpecialFilters() {
@@ -274,13 +304,22 @@ if(V::get('DBG_DS', 0, $_GET) > 0){echo'<pre style="max-height:200px;overflow:au
 				break;
 			case 'Access':
 				if ('SHOW' != $value && $this->isAccessFltrAllowed()) {
+					$userLogin = User::getLogin();
 					$usrAclGroups = User::getLdapGroupsNames();
-					$usrAclGroups[] = '';
+					$usrAclGroups[] = '';// TODO: allow empty for everyone?
 					$sqlUsrAclGroups = "'" . implode("','", $usrAclGroups) . "'";
 					$sqlFltr = "
 						t.`{$this->_fieldGroupWrite}` in({$sqlUsrAclGroups})
 						and t.`{$this->_fieldGroupRead}` in({$sqlUsrAclGroups})
 					";
+					if (array_key_exists('L_APPOITMENT_USER', $this->_cols)) {
+						$sqlFltr = "
+							(
+								({$sqlFltr})
+								or t.`L_APPOITMENT_USER`='{$userLogin}'
+							)
+						";
+					}
 				}
 				break;
 			default:

SE/se-lib/Przypomnij.php

@@ -132,8 +132,8 @@ class Przypomnij {
 				, p.`L_APPOITMENT_USER`
 				, p.`L_APPOITMENT_INFO`
 			from `CRM_PROCES` as p
-			where p.`TYPE`='PROCES_INIT'
-				and p.`A_STATUS` in('NORMAL', 'WAITING')
+			where p.`A_STATUS` in('NORMAL', 'WAITING')
+				and p.`TYPE`='PROCES_INIT'
 				and p.`L_APPOITMENT_DATE`!=''
 				and p.`L_APPOITMENT_USER`!=''
 				{$sqlAclFltrProces}
@@ -333,50 +333,95 @@ if(V::get('DBG_P', '', $_GET) > 2){echo'<pre style="max-height:200px;overflow:au
 	public function getAllowedUsersList() {
 		$allowedUsers = array();
 		$db = DB::getDB();
-				
-		
+
+		$userLogin = User::getLogin();
+		$usrAclGroups = User::getLdapGroupsNames();
+		//$usrAclGroups[] = '';// TODO: allow empty for everyone?
+		$sqlUsrAclGroups = "'" . implode("','", $usrAclGroups) . "'";
+		if(V::get('DBG_P', '', $_GET) > 2){echo'<pre style="max-height:200px;overflow:auto;border:1px solid red;text-align:left;">sqlUsrAclGroups (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): ';print_r($sqlUsrAclGroups);echo'</pre>';}
+
+		$tblsToSearch = array();
+		$tblsToSearch[] = 'IN7_MK_BAZA_DYSTRYBUCJI';
+		$tblsToSearch[] = 'IN7_DZIENNIK_KORESP';
+		$tblsToSearch[] = 'CRM_PROCES';
+		$tblsToSearch[] = 'CRM_LISTA_ZASOBOW';
+
 		$userAcl = User::getAcl();
-		$tblAcl = $userAcl->getTableAcl(ProcesHelper::getZasobTableID('IN7_MK_BAZA_DYSTRYBUCJI'));
-		if($tblAcl)
-		if($tblAcl->hasFieldPerm($tblAcl->getFieldIdByName('ID'),'R')) {
-			$sql = "select distinct `L_APPOITMENT_USER` from `IN7_MK_BAZA_DYSTRYBUCJI` where `L_APPOITMENT_USER`!='' and `A_STATUS` not in ('OFF_HARD','DELETED') ";
-			// TODO: $zap_sql = "SELECT DISTINCT  `L_APPOITMENT_USER` FROM  `IN7_MK_BAZA_DYSTRYBUCJI` WHERE  `L_APPOITMENT_USER` !=  '' and (  A_CLASSIFIED in  ('".implode( "','" , $_SESSION['AUTH_LDAP_CLIENT__LDAP_USERS'][$_SESSION['ADM_ACCOUNT']])."') or A_CLASSIFIED=''   ) ";
-			$res = $db->query($sql) or die("blad zapytania do bazy {$sql}");
-			while ($r = $db->fetch($res)) {
-				$allowedUsers[$r->L_APPOITMENT_USER] = true;
+		foreach ($tblsToSearch as $tblName) {
+			$tblZasobId = ProcesHelper::getZasobTableID($tblName);
+			if ($userAcl->hasTableAcl($tblZasobId)) {
+				$tblAcl = $userAcl->getTableAcl($tblZasobId);
+				if ($tblAcl->hasFieldPerm($tblAcl->getFieldIdByName('ID'), 'R')) {
+					$ds = $tblAcl->getDataSource();
+					$sqlAclFltr = '';
+					if ($ds->hasAclGroupFields()) {
+						$fldGroupWrite = $ds->getFieldGroupWrite();
+						$fldGroupRead = $ds->getFieldGroupRead();
+						$fldOwner = $ds->getFieldOwner();
+						$sqlFltr = "
+							t.`{$fldGroupWrite}` in({$sqlUsrAclGroups})
+							and t.`{$fldGroupRead}` in({$sqlUsrAclGroups})
+						";
+						if ($fldOwner) {
+							$sqlFltr = "( ({$sqlFltr}) or t.`{$fldOwner}`='{$userLogin}' )";
+						}
+						$sqlAclFltr = " and {$sqlFltr}";
+					}
+					$sql = "select distinct t.`L_APPOITMENT_USER`
+						from `{$tblName}` t
+						where t.`L_APPOITMENT_USER`!=''
+							and t.`A_STATUS` not in ('OFF_HARD','DELETED')
+							{$sqlAclFltr}
+					";
+					$res = $db->query($sql) or die("blad zapytania do bazy {$sql}");
+					while ($r = $db->fetch($res)) {
+						$allowedUsers[$r->L_APPOITMENT_USER] = true;
+					}
+					if(V::get('DBG_P', '', $_GET) > 2){echo'<pre style="max-height:200px;overflow:auto;border:1px solid red;text-align:left;">allowedUsers after '.$tblName.' (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): '.implode(',', array_keys($allowedUsers)).'</pre>';}
+				}
 			}
 		}
 
-		$tblAcl = $userAcl->getTableAcl(ProcesHelper::getZasobTableID('IN7_DZIENNIK_KORESP'));
-		if($tblAcl)
-		if($tblAcl->hasFieldPerm($tblAcl->getFieldIdByName('ID'),'R')) {
-			$sql = "select distinct `L_APPOITMENT_USER` from `IN7_DZIENNIK_KORESP` where `L_APPOITMENT_USER`!='' and `A_STATUS` not in ('OFF_HARD','DELETED') ";
-			//TODO: $zap_sql = "SELECT DISTINCT  `L_APPOITMENT_USER` FROM  `IN7_DZIENNIK_KORESP` WHERE  `L_APPOITMENT_USER` !=  '' and (  A_CLASSIFIED in  ('".implode( "','" , $_SESSION['AUTH_LDAP_CLIENT__LDAP_USERS'][$_SESSION['ADM_ACCOUNT']])."') or A_CLASSIFIED=''   )  ; ";
-			$res = $db->query($sql) or die("blad zapytania do bazy {$sql}");
-			while ($r = $db->fetch($res)) {
-				$allowedUsers[$r->L_APPOITMENT_USER] = true;
+		if (!empty($allowedUsers)) {
+			$allowedUsersFiltered = array();
+			$tblName = 'ADMIN_USERS';
+			$tblZasobId = ProcesHelper::getZasobTableID($tblName);
+			if (!$userAcl->hasTableAcl($tblZasobId)) {
+				return null;
 			}
-		}
-		$tblAcl = $userAcl->getTableAcl(ProcesHelper::getZasobTableID('CRM_PROCES'));
-		if($tblAcl)
-		if($tblAcl->hasFieldPerm($tblAcl->getFieldIdByName('ID'),'R')) {
-			$sql = "select distinct `L_APPOITMENT_USER` from `CRM_PROCES` where `L_APPOITMENT_USER`!='' and `A_STATUS` not in ('OFF_HARD','DELETED') ";
-			//TODO: $zap_sql = "SELECT DISTINCT  `L_APPOITMENT_USER` FROM  `IN7_DZIENNIK_KORESP` WHERE  `L_APPOITMENT_USER` !=  '' and (  A_CLASSIFIED in  ('".implode( "','" , $_SESSION['AUTH_LDAP_CLIENT__LDAP_USERS'][$_SESSION['ADM_ACCOUNT']])."') or A_CLASSIFIED=''   )  ; ";
-			$res = $db->query($sql) or die("blad zapytania do bazy {$sql}");
-			while ($r = $db->fetch($res)) {
-				$allowedUsers[$r->L_APPOITMENT_USER] = true;
+			$tblAcl = $userAcl->getTableAcl($tblZasobId);
+			if (!$tblAcl->hasFieldPerm($tblAcl->getFieldIdByName('ID'), 'R')) {
+				return null;
 			}
-		}
-		$tblAcl = $userAcl->getTableAcl(ProcesHelper::getZasobTableID('CRM_LISTA_ZASOBOW'));
-		if($tblAcl)
-		if($tblAcl->hasFieldPerm($tblAcl->getFieldIdByName('ID'),'R')) {
-			$sql = "select distinct `L_APPOITMENT_USER` from `CRM_LISTA_ZASOBOW` where `L_APPOITMENT_USER`!='' and `A_STATUS` not in ('OFF_HARD','DELETED') ";
-			//TODO: $zap_sql = "SELECT DISTINCT  `L_APPOITMENT_USER` FROM  `IN7_DZIENNIK_KORESP` WHERE  `L_APPOITMENT_USER` !=  '' and (  A_CLASSIFIED in  ('".implode( "','" , $_SESSION['AUTH_LDAP_CLIENT__LDAP_USERS'][$_SESSION['ADM_ACCOUNT']])."') or A_CLASSIFIED=''   )  ; ";
+			$ds = $tblAcl->getDataSource();
+			$sqlAclFltr = '';
+			if ($ds->hasAclGroupFields()) {
+				$fldGroupWrite = $ds->getFieldGroupWrite();
+				$fldGroupRead = $ds->getFieldGroupRead();
+				$sqlFltr = "
+					t.`{$fldGroupWrite}` in({$sqlUsrAclGroups})
+					and t.`{$fldGroupRead}` in({$sqlUsrAclGroups})
+				";
+				$sqlAclFltr = " and {$sqlFltr}";
+			}
+			else {
+				if(V::get('DBG_P', '', $_GET) > 2){echo'<pre style="max-height:200px;overflow:auto;border:1px solid red;text-align:left;">!hasAclGroupFields tblAcl (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): ';print_r($tblAcl);echo'</pre>';}
+			}
+			$sqlFoundUsers = array_keys($allowedUsers);
+			$sqlFoundUsers = "'" . implode("','", $sqlFoundUsers) . "'";
+			$sql = "select t.`ADM_ACCOUNT`
+				from `{$tblName}` t
+				where t.`ADM_ACCOUNT` in({$sqlFoundUsers})
+					{$sqlAclFltr}
+			";
+			if(V::get('DBG_P', '', $_GET) > 2){echo'<pre style="max-height:200px;overflow:auto;border:1px solid red;text-align:left;">sql (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): ';print_r($sql);echo'</pre>';}
 			$res = $db->query($sql) or die("blad zapytania do bazy {$sql}");
 			while ($r = $db->fetch($res)) {
-				$allowedUsers[$r->L_APPOITMENT_USER] = true;
+				$allowedUsersFiltered[$r->ADM_ACCOUNT] = true;
 			}
+			$allowedUsers = $allowedUsersFiltered;
 		}
+		if(V::get('DBG_P', '', $_GET) > 2){echo'<pre style="max-height:200px;overflow:auto;border:1px solid red;text-align:left;">allowedUsersFiltered (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): ';print_r($allowedUsersFiltered);echo'</pre>';}
 
 		ksort($allowedUsers);
 

SE/se-lib/TableAcl.php

@@ -1144,6 +1144,7 @@ class TableAcl {
 
 		$dataSource->setFieldGroupWrite('A_ADM_COMPANY', $this->hasFieldType('A_ADM_COMPANY'));
 		$dataSource->setFieldGroupRead('A_CLASSIFIED', $this->hasFieldType('A_CLASSIFIED'));
+		$dataSource->setFieldOwner('L_APPOITMENT_USER', $this->hasFieldType('L_APPOITMENT_USER'));
 
 		$adminFields = array('A_RECORD_CREATE_DATE', 'A_RECORD_CREATE_AUTHOR', 'A_RECORD_UPDATE_DATE', 'A_RECORD_UPDATE_AUTHOR');
 		foreach ($adminFields as $vAdmFld) {

SE/superedit-PRZYPOMNIJ.php

@@ -103,19 +103,18 @@ function PRZYPOMNIJ() {
 
 	SE_Layout::menu();
 
-$sqlAllowedUsersList = $przypomnij->getAllowedUsersList();
-
-
-$selected_user = isset($_GET['KTO'])? $_GET['KTO'] : '';//$_SERVER['argv'][1];
-$selected_user_err = '';
-if (!empty($selected_user)) {
-	if (!array_key_exists($selected_user, $sqlAllowedUsersList)) {
-		$selected_user = '';
-		$selected_user_err = 'Brak danych - wybierz innego użytkownika';
+	$allowedUsers = $przypomnij->getAllowedUsersList();
+
+	$selected_user = isset($_GET['KTO'])? $_GET['KTO'] : '';//$_SERVER['argv'][1];
+	$selected_user_err = '';
+	if (!empty($selected_user)) {
+		if (!array_key_exists($selected_user, $allowedUsers)) {
+			$selected_user = '';
+			$selected_user_err = 'Brak danych - wybierz innego użytkownika';
+		}
 	}
-}
 
-$hideFltrs = $przypomnij->getDateHideFltrTypes();
+	$hideFltrs = $przypomnij->getDateHideFltrTypes();
 
 ?>
 <style type="text/css">
@@ -257,16 +256,16 @@ jQuery(document).ready(function(){
 	 | 
 	<a href="index.php?MENU_INIT=<?php echo __FUNCTION__; ?>&KTO=<?php echo $_SESSION['AUTHORIZE_USER']; ?>" >Twoje (<?php echo $_SESSION['AUTHORIZE_USER']; ?>)</a>
 	 | 
-	<?php if (!empty($sqlAllowedUsersList)) : ?>
+	<?php if (!empty($allowedUsers)) : ?>
 		<select name="KTO">
 		<option value=""> Wszyscy </option>
-		<?php foreach ($sqlAllowedUsersList as $k => $v) : ?>
-			<?php $sel = ($k == $selected_user)? ' selected="selected"' : ''; ?>
-			<option value="<?php echo $k; ?>" <?php echo $sel; ?>><?php echo $k; ?></option>
+		<?php foreach ($allowedUsers as $kUserName => $vBool) : ?>
+			<?php $sel = ($kUserName == $selected_user)? ' selected="selected"' : ''; ?>
+			<option value="<?php echo $kUserName; ?>" <?php echo $sel; ?>><?php echo $kUserName; ?></option>
 		<?php endforeach; ?>
 		</select>
 	<?php endif; ?>
-	<input type="submit" value="Pokaż">
+	<input type="submit" value="Pokaż" class="btn btn-xs btn-default">
 
 	<span style="padding:0 0 0 30px;">
 		<label><strong>Pokaż: </strong></label>
@@ -347,8 +346,7 @@ $ILOSC_PROCES = 0;
  */
 
 $dateFltrTypes = $przypomnij->getDateFltrTypes();
-$getLdapGroupsNames=User::getLdapGroupsNames();
-//DEBUG_S(-3,'$getLdapGroupsNames',array($getLdapGroupsNames,$tasks,$sqlAllowedUsersList),__FILE__,__FUNCTION__,__LINE__);
+$usrGroupNames = User::getLdapGroupsNames();
 ?>
 <table class="tbl-przypomnij table table-bordered table-hover fltr-hide_PO_7_DNIACH fltr-hide_BRAK">
 	<thead>
@@ -364,12 +362,16 @@ $getLdapGroupsNames=User::getLdapGroupsNames();
 		<?php foreach ($tasks as $id => $task) : ?>
 			<?php
 				//@2015-05-17 - ograniczenie widzenia listy przypomnij dla obcych uzystkownikow, 
-				//
-				if(
-				 !(in_array($task->A_CLASSIFIED, $getLdapGroupsNames)) and $task->A_CLASSIFIED!='' and 
-				 !(in_array($task->A_ADM_COMPANY, $getLdapGroupsNames)) and $task->A_ADM_COMPANY!=''  
-				 // !($sqlAllowedUsersList[$task->_l_app]) - to jest bez sensu - wystarczy widocznosc sprawy?
-				  ) continue;
+				if (
+					$task->A_CLASSIFIED != ''
+					and !(in_array($task->A_CLASSIFIED, $usrGroupNames))
+					and $task->A_ADM_COMPANY != ''
+					and !(in_array($task->A_ADM_COMPANY, $usrGroupNames))
+					// !($allowedUsers[$task->_l_app]) - to jest bez sensu - wystarczy widocznosc sprawy?
+				) {
+					echo'<tr style="display:none"><td colspan="5">' . "Pominięty task '{$task->_task_type}'/{$task->ID} user({$task->_l_app})" . '</td></tr>';
+					continue;
+				}
 				
 				if (!$task->_show) continue;