Merge branch 'fix-acl' of biuro.biall-net.pl:plabudda/se into fix-acl

SE/se-lib/TableAcl.php

@@ -609,25 +609,101 @@ class TableAcl {
 	 * 
 	 * static
 	 */
-	public static function getInstance($tableID) {
+	public static function getInstance($idTable) {
 		static $_cache;
 		if (!$_cache) $_cache = array();
-		if (array_key_exists($tableID, $_cache)) {
-			return $_cache[$tableID];
+		if (array_key_exists($idTable, $_cache)) {
+			return $_cache[$idTable];
 		}
-		if (!empty($_SESSION['TableAcl_cache'][$tableID])) {
-			$obj = new TableAcl($tableID);
-			$obj->fromArray($_SESSION['TableAcl_cache'][$tableID]);
-			$_cache[$tableID] = $obj;
-			return $_cache[$tableID];
+		if (!empty($_SESSION['TableAcl_cache'][$idTable])) {
+			$tableAcl = new TableAcl($idTable);
+			$tableAcl->fromArray($_SESSION['TableAcl_cache'][$idTable]);
+			$_cache[$idTable] = $tableAcl;
+			return $_cache[$idTable];
 		}
 		return null;
 	}
 
+	public static function buildInstance($idTable, $tableConfig) {
+		static $_cache;
+		if (!$_cache) $_cache = array();
+		if (array_key_exists($idTable, $_cache)) {
+			return $_cache[$idTable];
+		}
+
+		if (empty($tableConfig)) {
+			throw new Exception("Brak danych konfiguracyjnych do tabeli nr {$idTable} #TACL" . __LINE__);
+
+			Lib::loadClass('ProcesHelper');
+			$zasobObj = ProcesHelper::getZasobTableInfo($idTable);
+			if (!$zasobObj) {
+				return null;// TODO: throw new Exception("Zasob TABELA ID={$idTable} nie istnieje");
+			}
+			$tableConfig['db'] = $zasobObj->P__ID;
+			$tableConfig['name'] = $zasobObj->DESC;
+			$tableConfig['label'] = $zasobObj->DESC_PL;
+			$tableConfig['opis'] = $zasobObj->OPIS;
+
+			$userAcl = User::getAcl();
+			$userPermsForTable = $userAcl->getPermsForTable($idTable);
+			if (!$userPermsForTable) {
+				return null;// TODO: throw new Exception("Brak uprawnień do pól Tabeli nr {$idTable} '{$zasobObj->DESC}'");
+			}
+			echo'<pre>$userPermsForTable('.$idTable.') ';print_r($userPermsForTable);echo'</pre>';
+			if(0){// TODO: from UserAcl big query
+				$foundTbls[$r->ZASOB_PARENT_ID]->addField($r->ID_ZASOB, $r->ZASOB_DESC, $r->ZASOB_OPIS, $r->z__SORT_PRIO, $r->ZASOB_DESC_PL);
+				$foundTbls[$r->ZASOB_PARENT_ID]->setFieldPerms($r->ID_ZASOB, $r->FORM_TREAT);
+				$tableConfig['fields'];// $this->_fields
+				$tableConfig['virtualFieldsIdList'];// $this->_virtualFieldsIdList
+				//$tableConfig['types'];// $this->_types
+			}
+		}
+		if (empty($tableConfig)) {
+			throw new Exception("Brak danych konfiguracyjnych do tabeli nr {$idTable} #TACL" . __LINE__);
+		}
+		$obj = new TableAcl($idTable);
+		$obj->fromArray($tableConfig);
+		$obj->save();
+		$_cache[$idTable] = $obj;
+		return $_cache[$idTable];
+	}
+
 	public function init($force = false) {
+		if (empty($this->_fields)) {
+			$this->_types = array();// clear _types @see $this->isInitialized
+			$userAcl = User::getAcl();
+			$permFields = $userAcl->getPermsForTable($this->_zasobID);
+			//echo'<pre>INIT::$permFields('.$this->_zasobID.') fields('.count($this->_fields).') ';print_r($permFields);echo'</pre>';
+			foreach ($permFields as $idField => $fld) {
+				//echo'<pre>INIT::$permField('.$fld->ID_CELL.') hasFld('.$this->hasField($fld->ID_CELL).') ';echo'</pre>';
+				if (!$this->hasField($fld->ID_CELL)) {
+					//echo'<pre>INIT::$permField('.$fld->ID_CELL.') addFld('.$fld->ID_CELL . ', ' . $fld->CELL_NAME . ', ' . $fld->CELL_DESC . ', ' . $fld->SORT_PRIO . ', ' . $fld->CELL_LABEL.') ';echo'</pre>';
+					$this->addField($fld->ID_CELL, $fld->CELL_NAME, $fld->CELL_DESC, $fld->SORT_PRIO, $fld->CELL_LABEL);
+				}
+				//echo'<pre>INIT::$permField('.$fld->ID_CELL.') hasFld('.$this->hasField($fld->ID_CELL).') ';echo'</pre>';
+				{// TODO: convert to legacy perms
+					$fld->FORM_TREAT = '';
+					if ($fld->PERM_R > 0) $fld->FORM_TREAT .= 'R';
+					if ($fld->PERM_W > 0) $fld->FORM_TREAT .= 'W';
+					if ($fld->PERM_X > 0) $fld->FORM_TREAT .= 'X';
+					if ($fld->PERM_C > 0) $fld->FORM_TREAT .= 'C';
+					if ($fld->PERM_S > 0) $fld->FORM_TREAT .= 'S';
+					if ($fld->PERM_O > 0) $fld->FORM_TREAT .= 'O';
+					if ($fld->PERM_V > 0) $fld->FORM_TREAT .= 'V';
+					if ($fld->PERM_E > 0) $fld->FORM_TREAT .= 'E';
+				}
+				//echo'<pre>INIT::$permField('.$fld->ID_CELL.') ';print_r($fld);echo'</pre>';
+				if (!empty($fld->FORM_TREAT)) {
+					$this->setFieldPerms($fld->ID_CELL, $fld->FORM_TREAT);
+				}
+			}
+			//echo'<pre>INIT::$this('.$this->_zasobID.') fields('.count($this->_fields).') ';print_r($this);echo'</pre>';
+		}
+
 		if ($this->isInitialized() && $force == false) {
 			return;
 		}
+
 		$ds = $this->getDataSource();
 		$this->_types = $ds->getFieldTypes();
 
@@ -915,9 +991,9 @@ class TableAcl {
 		$this->_name = $arr['name'];
 		$this->_label = $arr['label'];
 		$this->_opis = $arr['opis'];
-		$this->_fields = $arr['fields'];
-		$this->_virtualFieldsIdList = $arr['virtualFieldsIdList'];
-		$this->_types = $arr['types'];
+		$this->_fields = V::get('fields', array(), $arr);
+		$this->_virtualFieldsIdList = V::get('virtualFieldsIdList', array(), $arr);
+		$this->_types = V::get('types', array(), $arr);
 	}
 
 	public function toArray() {

SE/se-lib/UserAcl.php

@@ -703,9 +703,9 @@ echo'<pre style="max-height:200px;overflow:auto;border:1px solid red;text-align:
 
 		if ($key == 'foundTables') {
 			$tblIds = array();
-			foreach ($value as $kID => $vTableAcl) {
-				$tblIds[] = $kID;
-				$vTableAcl->save();
+			foreach ($value as $idTable => $tableConfig) {
+				$tblIds[] = $idTable;
+				$vTableAcl = TableAcl::buildInstance($idTable, $tableConfig);
 			}
 			$value = $tblIds;
 		}
@@ -733,7 +733,7 @@ echo'<pre style="max-height:200px;overflow:auto;border:1px solid red;text-align:
 		return false;
 	}
 
-	public function getTablesAcl() {
+	public function getTablesAcl() {// TODO: read from `CRM_PROCES_idx_TABLE_TO_USER_VIEW`
 		$tbls = array();
 		$tblIds = $this->_cache_read('foundTables');
 		foreach ($tblIds as $vTableID) {
@@ -742,7 +742,7 @@ echo'<pre style="max-height:200px;overflow:auto;border:1px solid red;text-align:
 		return $tbls;
 	}
 
-	public function hasTableAcl($tableID) {
+	public function hasTableAcl($tableID) {// TODO: read from `CRM_PROCES_idx_TABLE_TO_USER_VIEW`
 		$tbls = $this->_cache_read('foundTables');
 		return (is_array($tbls) && in_array($tableID, $tbls));
 	}
@@ -813,6 +813,7 @@ echo'<pre style="max-height:200px;overflow:auto;border:1px solid red;text-align:
 			return;
 		}
 
+		IF('123'==V::get('DBG_ACL','',$_GET)){echo'<pre style="max-height:200px;overflow:auto;border:1px solid red;text-align:left;">$usedProcesListIds (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): [';echo implode(',', $usedProcesListIds);echo']</pre>';}
 		{// fetch from schema files
 		if ($schemaReader->hasProcessConfigs()) {
 			foreach ($schemaReader->getProcessConfigs() as $process) {
@@ -939,10 +940,91 @@ echo'<pre style="max-height:200px;overflow:auto;border:1px solid red;text-align:
 			}
 		}
 
+		if (1) {
+			$sqlIdProcesListSql = $this->getUsedUserProcesIdsSql();
+			$userAccessForTables = array();
+			$sql = <<<SQL
+			select tpvg.`ID_TABLE`
+				, tpvg.`ID_DATABASE` as `db`
+				, tpvg.`TABLE_NAME` as `name`
+				, tpvg.`TABLE_LABEL` as `label`
+				, tpvg.`TABLE_DESCRIPTION` as `opis`
+			from `CRM_PROCES_idx_TABLE_TO_PROCES_GROUPED_VIEW` as tpvg
+			where tpvg.`ID_PROCES` in({$sqlIdProcesListSql})
+			group by tpvg.`ID_TABLE`
+SQL;
+			//echo'<pre>$userAccessForTables - $sql ';print_r($sql);echo'</pre>';
+			$db = DB::getDB();
+			$res = $db->query($sql);
+			while ($h = $db->fetch_assoc($res)) {
+				$userAccessForTables[$h['ID_TABLE']] = $h;
+			}
+			//echo'<pre>$userAccessForTables ';print_r($userAccessForTables);echo'</pre>';
+			$foundTbls = $userAccessForTables;
+		}
+
 		$this->_cache_save('foundUrls', $foundUrls);
 		$this->_cache_save('foundTables', $foundTbls);
 		$this->_cache_save('permsByProcesID', $procesID);
 		$this->_cache_save('foundMap', $foundMap);
 	}
 
+	public function getPermsForTable($idTable) {
+		$sqlIdProcesListSql = $this->getUsedUserProcesIdsSql();
+		$tableCellToProcesSql = <<<SQL
+			select z.`ID` as `ID_CELL`
+					, z.`DESC` as `CELL_NAME`
+					, z.`DESC_PL` as `CELL_LABEL`
+					, z.`OPIS` as `CELL_DESC`
+					, z.`SORT_PRIO` as `SORT_PRIO`
+					, zp.`ID` as `ID_TABLE`
+		--			, zp.`DESC` as `TABLE_NAME`
+		--			, wsk.`ID_PROCES` as `ID_PROCES`
+					, sum(IF(przyp.`FORM_TREAT` & 2,   1, 0)) as PERM_R
+					, sum(IF(przyp.`FORM_TREAT` & 4,   1, 0)) as PERM_W
+					, sum(IF(przyp.`FORM_TREAT` & 8,   1, 0)) as PERM_X
+					, sum(IF(przyp.`FORM_TREAT` & 16,  1, 0)) as PERM_C
+					, sum(IF(przyp.`FORM_TREAT` & 32,  1, 0)) as PERM_S
+					, sum(IF(przyp.`FORM_TREAT` & 64,  1, 0)) as PERM_O
+					, sum(IF(przyp.`FORM_TREAT` & 128, 1, 0)) as PERM_V
+					, sum(IF(przyp.`FORM_TREAT` & 256, 1, 0)) as PERM_E
+				from `CRM_LISTA_ZASOBOW` z
+					join `CRM_LISTA_ZASOBOW` zp on(zp.`ID`=z.`PARENT_ID` and zp.`TYPE`='TABELA' and zp.`A_STATUS` in('WAITING','NORMAL'))
+					join `CRM_WSKAZNIK` wsk on(wsk.`ID_ZASOB`=z.`ID` and wsk.`A_STATUS` in('WAITING','NORMAL'))
+					join `CRM_PROCES` p on(p.`ID`=wsk.`ID_PROCES` and p.`A_STATUS` in('WAITING','NORMAL'))
+					join `CRM_PRZYPADEK` as przyp on (przyp.`ID`=wsk.`ID_PRZYPADEK`)
+				where z.`TYPE`='KOMORKA'
+					and z.`A_STATUS` in('WAITING','NORMAL')
+					and zp.`ID`='{$idTable}'
+					and wsk.`ID_PROCES` in({$sqlIdProcesListSql})
+				-- group by z.`ID`, wsk.`ID_PROCES`
+				group by z.`ID`
+				order by z.`SORT_PRIO`
+SQL;
+		//echo'<pre>UserAcl::getPermsForTable('.$idTable.')::$tableCellToProcesSql ';print_r($tableCellToProcesSql);echo'</pre>';
+		$userPermsForTable = array();
+		$db = DB::getDB();
+		$res = $db->query($tableCellToProcesSql);
+		while ($r = $db->fetch($res)) {
+			$userPermsForTable[$r->ID_CELL] = $r;
+		}
+		return $userPermsForTable;
+	}
+
+	public function getUsedUserGroupIds() {
+		$idUserGroupList = User::getGroupsIds();
+		// TODO: acl filtr by group ids
+		return $idUserGroupList;
+	}
+
+	public function getUsedUserProcesIdsSql() {
+		$idUserGroupList = $this->getUsedUserGroupIds();
+		$sqlIdUserGroupList = implode(",", $idUserGroupList);
+		// TODO: acl filtr by proces id
+		return <<<SQL
+			select gi.`ID_PROCES`
+				from `CRM_PROCES_idx_GROUP_to_PROCES` gi
+				where gi.`ID_GROUP` in({$sqlIdUserGroupList})
+SQL;
+	}
 }