se/SE/se-lib/Route/Users.php

<?php

Lib::loadClass('RouteBase');
Lib::loadClass('UserStorageFactory');
Lib::loadClass('ProcesHelper');
Lib::loadClass('SyncUsers');
Lib::loadClass('UsersHelper');
Lib::loadClass('UsersLdapHelper');
Lib::loadClass('TypespecialVariable');
Lib::loadClass('TableAjax');
Lib::loadClass('UserActivity');
Lib::loadClass('UI');
Lib::loadClass('Response');

class Route_Users extends RouteBase {

	public function handleAuth() {
		if (!User::logged()) {
			throw new HttpException('Unauthorized', 401);
		}
	}

	public function defaultAction() {
		UI::gora();
		UI::menu();
		$this->menu();
		UI::dol();
	}

	public function menu() {
		$usrLogin = User::getLogin();
		?>
<div class="container">
	<h3>Użytkownicy i grupy</h3>
	<ul>
		<li>
			<form class="form-inline" action="index.php" method="GET">
				<input type="hidden" name="_route" value="Users">
				<input type="hidden" name="_task" value="syncUser">
				<label for="usrLogin">login: </label>
				<input type="text" name="usrLogin" value="<?php echo $usrLogin; ?>">
				<input type="submit" value="Synchronizuj do bazy LDAP" class="btn btn-xs btn-default">
			</form>
		</li>
		<li>
			<form class="form-inline" action="index.php" method="GET">
				<input type="hidden" name="_route" value="Users">
				<input type="hidden" name="_task" value="userGroups">
				<label for="usrLogin">login: </label>
				<input type="text" name="usrLogin" value="<?php echo $usrLogin; ?>">
				<input type="submit" value="Dodaj grupy" class="btn btn-xs btn-default">
			</form>
		</li>
		<li>
			<form class="form-inline" action="index.php" method="GET">
				<input type="hidden" name="_route" value="Users">
				<input type="hidden" name="_task" value="nestedGroups">
				<label for="idGroup">id grupy: </label>
				<input type="text" name="idGroup" value="">
				<input type="submit" value="Grupy uprawnień" class="btn btn-xs btn-default">
			</form>
		</li>
	</ul>
</div>
<?php
	}

	public function reloadPermsAction() {
		try {
			$dbgExecTime = new DebugExecutionTime();
			$dbgExecTime->activate();
			$dbgExecTime->log('start');

			$routeFixCrmProcesInitIdx = Router::getRoute('FixCrmProcesInitIdx');
			if ($routeFixCrmProcesInitIdx) {
				$routeFixCrmProcesInitIdx->runMethod('callProcedure');
			}

			$dbgExecTime->log('FixCrmProcesInitIdx::callProcedure');
			$fixAllPermsExecTime = $dbgExecTime->getLastExecTime();

			User::reloadAcl();

			$dbgExecTime->log('User::reloadAcl');
			$fixUserPermsExecTime = $dbgExecTime->getLastExecTime();

		} catch (Exception $e) {
			$data['errors'][] = $e->getMessage();
		}

		UI::gora();
		UI::menu();
		echo UI::h('div', [ 'class' => "container"], [
			UI::h('div', [
				'class' => "alert alert-success",
				'title' => number_format($fixAllPermsExecTime, 4) . " s / " . number_format($fixUserPermsExecTime, 4) . " s"
			], "Zaktualizowano uprawnienia"),
		]);
		UI::loadTemplate('defaultPage', $data);
		echo UI::h('script', [], "
			(function (global) {
				if (global.p5UI__MenuStore) global.p5UI__MenuStore.remoteUpdate()
			})(window)
		");
		UI::dol();
	}

	public function nestedGroupsAction() {
		UI::gora();
		UI::menu();
		echo '<div class="container">';
		try {
			$idGroup = V::get('idGroup', 0, $_GET, 'int');
			if (empty($idGroup)) throw new Exception("Empty group id");
			$subTask = V::get('_subTask', '', $_POST);
			$successMsg = null;
			if ('removeParentGroup' == $subTask) {
				$idParentGroupToRemove = V::get('idParentGroupToRemove', 0, $_POST, 'int');
				$this->nestedGroupsRemoveParentGroup($idGroup, $idParentGroupToRemove);
				$successMsg = "Usunięto grupę nadrzędną [{$idParentGroupToRemove}] do grupy [{$idGroup}]";
			} else if ('removeNestedGroup' == $subTask) {
				$idNestedGroupToRemove = V::get('idNestedGroupToRemove', 0, $_POST, 'int');
				$this->nestedGroupsRemoveNestedGroup($idGroup, $idNestedGroupToRemove);
				$successMsg = "Usunięto grupę zagnieżdżoną [{$idNestedGroupToRemove}] do grupy [{$idGroup}]";
			} else if ('addParentGroup' == $subTask) {
				$idParentGroupToAdd = V::get('idParentGroupToAdd', 0, $_POST, 'int');
				$this->nestedGroupsAddParentGroup($idGroup, $idParentGroupToAdd);
				$successMsg = "Dodano grupę nadrzędną [{$idParentGroupToAdd}] do grupy [{$idGroup}]";
			} else if ('addNestedGroup' == $subTask) {
				$idNestedGroupToAdd = V::get('idNestedGroupToAdd', 0, $_POST, 'int');
				$this->nestedGroupsAddNestedGroup($idGroup, $idNestedGroupToAdd);
				$successMsg = "Dodano grupę zagnieżdżoną [{$idNestedGroupToAdd}] do grupy [{$idGroup}]";
			}
			if (!empty($successMsg)) {
				?><div class="alert alert-success"><?php echo $successMsg; ?></div><?php
			}
			$this->printFormNestedGroups($idGroup);
		} catch (Exception $e) {
			?><div class="alert alert-danger"><?php echo $e->getMessage(); ?>
	<br><a href="index.php?_route=Users">wróć</a>
</div><?php
			echo UserActivity::showListInContainer();
		}
		echo '</div>';// .container
		UI::dol();
	}

	public function nestedGroupsRemoveParentGroup($idGroup, $idParentGroupToRemove) {
		if (!$idGroup) throw new Exception("Wrong param id group!");
		if (!$idParentGroupToRemove) throw new Exception("Wrong param id parent group to remove!");
		$usrStorageDB = UserStorageFactory::getStorage('DB');
		if (!$usrStorageDB) throw new Exception("Error: storage db not exists!");
		$group = $usrStorageDB->getGroupWithoutNested($idGroup);
		if (!$group) throw new Exception("Error: group not exists!");
		$parentGroup = $usrStorageDB->getGroupWithoutNested($idParentGroupToRemove);
		if (!$parentGroup) throw new Exception("Error: parent group not exists!");
		$usrStorageDB->removeParentGroup($idGroup, $idParentGroupToRemove);
	}

	public function nestedGroupsRemoveNestedGroup($idGroup, $idNestedGroupToRemove) {
		if (!$idGroup) throw new Exception("Wrong param id group!");
		if (!$idNestedGroupToRemove) throw new Exception("Wrong param id parent group to remove!");
		$usrStorageDB = UserStorageFactory::getStorage('DB');
		if (!$usrStorageDB) throw new Exception("Error: storage db not exists!");
		$group = $usrStorageDB->getGroupWithoutNested($idGroup);
		if (!$group) throw new Exception("Error: group not exists!");
		$nestedGroup = $usrStorageDB->getGroupWithoutNested($idNestedGroupToRemove);
		if (!$nestedGroup) throw new Exception("Error: nested group not exists!");
		$usrStorageDB->removeNestedGroup($idGroup, $idNestedGroupToRemove);
	}

	public function nestedGroupsAddParentGroup($idGroup, $idParentGroupToAdd) {
		if ($idGroup <= 0) throw new Exception("Wrong param id group");
		if ($idParentGroupToAdd <= 0) throw new Exception("Wrong param id parent group to add");
		$usrStorageDB = UserStorageFactory::getStorage('DB');
		if (!$usrStorageDB) throw new Exception("Error: storage db not exists!");
		$group = $usrStorageDB->getGroupWithoutNested($idGroup);
		if (!$group) throw new Exception("Error: group [{$idGroup}] not exists!");
		$parentGroup = $usrStorageDB->getGroupWithoutNested($idParentGroupToAdd);
		if (!$parentGroup) throw new Exception("Error: parent group [{$idParentGroupToAdd}] not exists!");
		$usrStorageDB->addParentGroup($idGroup, $idParentGroupToAdd);
	}

	public function nestedGroupsAddNestedGroup($idGroup, $idNestedGroupToAdd) {
		if ($idGroup <= 0) throw new Exception("Wrong param id group");
		if ($idNestedGroupToAdd <= 0) throw new Exception("Wrong param id parent group to add");
		$usrStorageDB = UserStorageFactory::getStorage('DB');
		if (!$usrStorageDB) throw new Exception("Error: storage db not exists!");
		$group = $usrStorageDB->getGroupWithoutNested($idGroup);
		if (!$group) throw new Exception("Error: group not exists!");
		$nestedGroup = $usrStorageDB->getGroupWithoutNested($idNestedGroupToAdd);
		if (!$nestedGroup) throw new Exception("Error: nested group [{$idNestedGroupToAdd}] not exists!");
		$usrStorageDB->addNestedGroup($idGroup, $idNestedGroupToAdd);
	}

	public function printFormNestedGroups($idGroup) {
		$linkTypeIdNestedGroups = 5;

		if (!$idGroup) throw new Exception("Wrong param group id!");
		$usrStorageDB = UserStorageFactory::getStorage('DB');
		if (!$usrStorageDB) throw new Exception("Error storage not exists!");
		$group = $usrStorageDB->getGroup($idGroup);
		if (!$group) throw new Exception("Grupa {$idGroup} nie istnieje.");
		DBG::_('DBG_SU', '>1', 'group', $group, __CLASS__, __FUNCTION__, __LINE__);

		{
			$idZasob = ProcesHelper::getZasobTableID('ITEM_LINKS');
			if ($idZasob <= 0) throw new Exception("Brak zasobu dla tabeli 'ITEM_LINKS'");
			$zasobObj = ProcesHelper::getZasobTableInfo($idZasob);
			if (!$zasobObj) throw new Exception("Zasob TABELA ID={$idZasob} nie istnieje");
			UserActivity::add($idZasob);
			$userAcl = User::getAcl();
			$userAcl->fetchGroups();
			if (!$userAcl->hasTableAcl($zasobObj->ID)) throw new Exception("Brak uprawnień do tabeli ID={$zasobObj->ID}");
		}

		if (V::get('_testUsrGroupsLdapLvl0', '', $_GET)) {
			$usrLogin = User::getLogin();
			$groups = array(); $groupsLvl3 = array();
			$groupsNetwork = UsersLdapHelper::getUserGroups($usrLogin, 0);
			foreach ($groupsNetwork as $vGroup) {
				$groups[$vGroup->cn] = $vGroup->appleUID;
			}
			DBG::_(true, true, "groups ldap lvl 0", $groups, __CLASS__, __FUNCTION__, __LINE__);
			$groupsNetwork = UsersLdapHelper::getUserGroups($usrLogin, 3);
			foreach ($groupsNetwork as $vGroup) {
				$groupsLvl3[$vGroup->cn] = $vGroup->appleUID;
			}
			DBG::_(true, true, "groups ldap lvl 3", $groupsLvl3, __CLASS__, __FUNCTION__, __LINE__);
		}

		$group->getParentGroups();
		DBG::_('DBG_NG', '>1', "group with nested", $group, __CLASS__, __FUNCTION__, __LINE__);

		$typeSpecialNestedGroups = TypespecialVariable::getInstance(-1, '__NESTED_GROUPS');

		$groupUsers = array();
		$groupNestedUsers = array();
		$idZasobTableUsers = ProcesHelper::getZasobTableID('ADMIN_USERS');
		if ($group->zasobID > 0) {
			$groupUsers = UsersHelper::getUsersByGroupId($idGroup);
			$groupNestedUsers = UsersHelper::getUsersByGroupsIds(array_keys($group->nestedGroups), array_keys($groupUsers));
		}

		$idZasobTableZasoby = ProcesHelper::getZasobTableID('CRM_LISTA_ZASOBOW');
?>
<style type="text/css">
.frm-groups .selectize-control { float:left; }
.conn_groups {}
 .conn_groups .conn_groups-list {}
  .conn_groups .conn_groups-list .conn_groups-list_item { line-height:22px; }
  .conn_groups .conn_groups-list .conn_groups-list_item form { display:inline; margin:0; }
  .conn_groups .conn_groups-list_item-rmBtn {  display:inline; margin:0; padding:0 6px; border:none; opacity:0.4; }
  .conn_groups .conn_groups-list_item-editBtn {  margin:0 6px; padding:0; border:none; opacity:0.4; }
  .conn_groups .conn_groups-list_item:hover .conn_groups-list_item-rmBtn { display:inline; opacity:1; }
  .conn_groups .conn_groups-list_item:hover .conn_groups-list_item-editBtn { opacity:1; }
.users-with-perms {}
 .users-with-perms address { padding:0 6px; border:1px solid #eee; }
 .users-with-perms address:hover { border-color:#333; }
</style>
<div class="container conn_groups">
	<h4>Grupy uprawnień
		<!-- <em style="color:#ccc;">(Nested Groups)</em> -->
	</h4>
	<blockquote>
		Grupa [<?php echo $idGroup; ?>]: <code><?php echo $group->type; ?></code> <?php echo $group->zasobDESC; ?>
		<a class="btn btn-xs btn-link" href="index.php?MENU_INIT=VIEWTABLE_AJAX&ZASOB_ID=<?php echo $idZasobTableZasoby; ?>#EDIT/<?php echo $idGroup; ?>" title="Edytuj rekord"><i class="glyphicon glyphicon-pencil"></i> edytuj</a>
		<a class="btn btn-xs btn-link" href="index.php?_route=Users&_task=syncGroup&idGroup=<?php echo $idGroup; ?>"><i class="glyphicon glyphicon-retweet"></i> synchronizuj do LDAP</a>
	</blockquote>

	<br>

	<div class="row">
		<div class="col-md-6">
<!--			<p><b>Grupy posiadające dostęp do rekordów grupy [<?php echo $group->zasobID; ?>] <?php echo $group->zasobDESC; ?></b> <em>(<?php echo (!empty($group->parentGroups))? count($group->parentGroups) : 0; ?>)</em>:
				</p> -->
			<blockquote>
<!--				<h5>Ustal grupy, które będą miały uprawnienia do rekordów dostępnych dla
					[<?php echo $group->zasobID; ?>] <?php echo $group->zasobDESC; ?>
				</h5>
				<small>np. grupy podrzędnych pracowników.</small> -->
				<h5>Udostępnij rekordy innym grupom</h5>
				<small>np. przełożonemu.</small>
			</blockquote>
			<ul class="conn_groups-list">
				<?php if (!empty($group->nestedGroups)) : ?>
					<?php foreach ($group->nestedGroups as $vNestedGroup) : ?>
						<li class="conn_groups-list_item">
							[<?php echo $vNestedGroup->zasobID; ?>]
							<?php echo $vNestedGroup->type; ?>
							<?php echo $vNestedGroup->zasobDESC; ?>
							<a href="index.php?_route=Users&_task=nestedGroups&idGroup=<?php echo $vNestedGroup->zasobID; ?>" class="glyphicon glyphicon-pencil conn_groups-list_item-editBtn" title="Edytuj grupę"> </a>
							<form action="" method="POST" class="form-inline frm-groups">
								<input type="hidden" name="_subTask" value="removeNestedGroup">
								<button name="idNestedGroupToRemove" value="<?php echo $vNestedGroup->zasobID; ?>" class="btn-link btn-sm conn_groups-list_item-rmBtn" title="usuń grupę"><i class="glyphicon glyphicon-remove"></i></button>
							</form>
						</li>
					<?php endforeach; ?>
				<?php endif; ?>
				<?php if ($typeSpecialNestedGroups) : ?>
					<li>
						<form action="" method="POST" class="form-inline frm-groups">
							<input type="hidden" name="_subTask" value="addNestedGroup">
							<?php
								$fName = 'idNestedGroupToAdd';
								$fldParams = array();
								$fldParams['allowCreate'] = false;
								$fldParams['ajaxDataUrlBase'] = "index.php?_route=Users&_task=typeSpecialIdNestedGroup";
								//$fldParams['ajaxDataUrlBase'] .= "&DBG_TS=3";
								echo $typeSpecialNestedGroups->showFormItem($tblID = -1, $fName, $selValue = '', $fldParams);
							?>
							<button class="btn">dodaj</button>
						</form>
					</li>
				<?php endif; ?>
			</ul>

<!--			<p><b>Grupy do rekordów, których posiada dostęp grupa [<?php echo $group->zasobID; ?>] <?php echo $group->zasobDESC; ?></b> <em>(<?php echo (!empty($group->parentGroups))? count($group->parentGroups) : 0; ?>)</em>:
			</p> -->
			<blockquote>
				<h5>Grupy, które udostępniają rekordy</h5>
				<small>np. grupy podrzędnych pracowników lub dział, podmiot.</small>
			</blockquote>
			<ul class="conn_groups-list">
				<?php if (!empty($group->parentGroups)) : ?>
					<?php foreach ($group->parentGroups as $vParentGroup) : ?>
						<li class="conn_groups-list_item">
							[<?php echo $vParentGroup->zasobID; ?>]
							<?php // if ('DZIAL' == $vParentGroup->type) : ?>
								<?php echo $vParentGroup->type; ?>
							<?php // endif; ?>
							<?php echo $vParentGroup->zasobDESC; ?>
							<a href="index.php?_route=Users&_task=nestedGroups&idGroup=<?php echo $vParentGroup->zasobID; ?>" class="glyphicon glyphicon-pencil conn_groups-list_item-editBtn" title="Edytuj grupę"> </a>
							<form action="" method="POST" class="form-inline frm-groups">
								<input type="hidden" name="_subTask" value="removeParentGroup">
								<button name="idParentGroupToRemove" value="<?php echo $vParentGroup->zasobID; ?>" class="btn-link btn-sm conn_groups-list_item-rmBtn" title="usuń grupę"><i class="glyphicon glyphicon-remove"></i></button>
							</form>
						</li>
					<?php endforeach; ?>
				<?php endif; ?>

				<?php if ($typeSpecialNestedGroups) : ?>
					<li>
						<form action="" method="POST" class="form-inline frm-groups">
							<input type="hidden" name="_subTask" value="addParentGroup">
							<?php
								$fName = 'idParentGroupToAdd';
								$fldParams = array();
								$fldParams['allowCreate'] = false;
								$fldParams['ajaxDataUrlBase'] = "index.php?_route=Users&_task=typeSpecialIdNestedGroup";
								//$fldParams['ajaxDataUrlBase'] .= "&DBG_TS=3";
								echo $typeSpecialNestedGroups->showFormItem($tblID = -1, $fName, $selValue = '', $fldParams);
							?>
							<button class="btn">dodaj</button>
						</form>
					</li>
				<?php endif; ?>
			</ul>

		</div>
		<div class="col-md-6 users-with-perms">

			<h5>Użytkownicy:</h5>
			<?php if (empty($groupUsers)) : ?>
				<div class="alert">Brak użytkowników przypisanych bezpośrednio do grupy</div>
			<?php else : ?>
				<div class="row">
				<?php foreach ($groupUsers as $usr) : ?>
					<div class="col-md-6">
						<address>
							<strong><?php echo $usr->ADM_NAME; ?></strong>
							<a href="index.php?MENU_INIT=VIEWTABLE_AJAX&ZASOB_ID=<?php echo $idZasobTableUsers; ?>#EDIT/<?php echo $usr->ID; ?>" class="glyphicon glyphicon-pencil" title="Edytuj rekord"> </a>

							<br><em><?php echo $usr->EMPLOYEE_TYPE; ?></em>

							<?php if (!empty($usr->ADM_PHONE)) : ?>
								<br><abbr title="Telefon">Tel.:</abbr> <?php echo $usr->ADM_PHONE; ?>
							<?php endif; ?>

							<?php if (!empty($usr->EMAIL)) : ?>
								<br><a href="mailto:<?php echo $usr->EMAIL; ?>"><?php echo $usr->EMAIL; ?></a>
							<?php endif; ?>
						</address>
					</div>
				<?php endforeach; ?>
				</div>
			<?php endif; ?>

			<h5>Użytkownicy z uprawnieniami do rekordów</h5>
			<?php if (empty($groupNestedUsers)) : ?>
				<div class="alert">Brak</div>
			<?php else : ?>
				<div class="row">
				<?php foreach ($groupNestedUsers as $usr) : ?>
					<div class="col-md-6">
						<address>
							<strong><?php echo $usr->ADM_NAME; ?></strong>
							<a href="index.php?MENU_INIT=VIEWTABLE_AJAX&ZASOB_ID=<?php echo $idZasobTableUsers; ?>#EDIT/<?php echo $usr->ID; ?>" class="glyphicon glyphicon-pencil" title="Edytuj rekord"> </a>

							<br><em><?php echo $usr->EMPLOYEE_TYPE; ?></em>

							<?php if (!empty($usr->ADM_PHONE)) : ?>
								<br><abbr title="Telefon">Tel.:</abbr> <?php echo $usr->ADM_PHONE; ?>
							<?php endif; ?>

							<?php if (!empty($usr->EMAIL)) : ?>
								<br><a href="mailto:<?php echo $usr->EMAIL; ?>"><?php echo $usr->EMAIL; ?></a>
							<?php endif; ?>
						</address>
					</div>
				<?php endforeach; ?>
				</div>
			<?php endif; ?>

		</div>
	</div>
</div>
<?php
		{// render table
			$tblAcl = $userAcl->getTableAcl($zasobObj->ID);
			$forceTblAclInit = ('1' == V::get('_force', '', $_GET));
			$tblAcl->init($forceTblAclInit);
			$forceFilterInit = array();
			$filterInit = new stdClass();
			$filterInit->currSortCol = 'ID';
			$filterInit->currSortFlip = 'desc';
			foreach ($_GET as $k => $v) {
				if (strlen($k) > 3 && substr($k, 0, 2) == 'f_' && !empty($v)) {// filter prefix
					$filterInit->$k = $v;
				}
				else if (strlen($k) > 4 && substr($k, 0, 3) == 'sf_' && !empty($v)) {// special filter prefix
					$filterInit->$k = $v;
				}
				else if (strlen($k) > 4 && substr($k, 0, 3) == 'ff_' && !empty($v)) {// force filter prefix
					$fldName = substr($k, 3);
					$forceFilterInit[$fldName] = $v;
				}
			}

			$tblZasobyID = ProcesHelper::getZasobTableID('CRM_LISTA_ZASOBOW');
			$forceFilterInit['TABLE_1_NAME'] = 'CRM_LISTA_ZASOBOW';
			$forceFilterInit['TABLE_1_ZASOB_ID'] = $tblZasobyID;
			$forceFilterInit['TABLE_1_ID'] = $group->zasobID;
			$forceFilterInit['TABLE_2_NAME'] = 'CRM_LISTA_ZASOBOW';
			$forceFilterInit['TABLE_2_ZASOB_ID'] = $tblZasobyID;
			$forceFilterInit['LINKS_TYPE_ID'] = $linkTypeIdNestedGroups;

			$tbl = new TableAjax($tblAcl);
			$tbl->setLabel($zasobObj->OPIS);
			$tbl->setFilterInit($filterInit);
			if (!empty($forceFilterInit)) $tbl->setForceFilterInit($forceFilterInit);
			$tbl->addRowFunction('edit');
			$tbl->addRowFunction('hist');
			$tbl->addRowFunction('files');
			$tbl->addRowFunction('cp');
			echo $tbl->render();
		}
	}

	public function typeSpecialIdNestedGroupAction() {
		header("Content-type: application/json");
		$typeSpecialNestedGroups = TypespecialVariable::getInstance(-1, '__NESTED_GROUPS');

		$query = V::get('q', '', $_REQUEST);
		$rawRows = null;
		$rows = $typeSpecialNestedGroups->getValuesWithExports($query);
		DBG::_('DBG', '>0', "rows(q={$query})", $rows, __CLASS__, __FUNCTION__, __LINE__);
		foreach ($rows as $kID => $vItem) {
			$itemJson = new stdClass();
			$itemJson->id = $vItem->id;
			$itemJson->name = $vItem->param_out;
			if (!empty($vItem->exports)) {
				$itemJson->exports = $vItem->exports;
			}
			$jsonData[] = $itemJson;
		}
		echo json_encode($jsonData);
	}

	public function userGroupsAction() {
		UI::gora();
		UI::menu();
		$usrLogin = V::get('usrLogin', '', $_GET);
		echo '<div class="container">';
		try {
			if (empty($usrLogin)) throw new Exception("Empty user login");
			$subTask = V::get('_subTask', '', $_POST);
			if ('removeUserGroup' == $subTask) {
				$idProfileToRemove = V::get('idProfileToRemove', 0, $_POST, 'int');
				$this->removeUserGroup($usrLogin, $idProfileToRemove);
				UI::alert('info', "Użytkownik został usunięty z danej grupy");
			} else if ('addUserGroup' == $subTask) {
				$idGroup = V::get('idGroup', 0, $_POST, 'int');
				$idTelboxes = V::get('addTelboxesID', 0, $_POST, 'int');
				$this->addUserGroup($usrLogin, $idGroup, $idTelboxes);
				UI::alert('info', "Dodano grupę [{$idGroup}] do użytkownika [{$usrLogin}]");
			}
			$this->printFormUserGroup($usrLogin);
		} catch (Exception $e) {
			DBG::log($e);
			echo UI::h('div', [ 'class' => "alert alert-danger" ], [
				$e->getMessage(),
				'<br>',
				UI::h('a', [
					'href' => $this->getLink('userGroups', [ 'usrLogin' => $usrLogin ]),
				], "wróć"),
			]);
			echo UserActivity::showListInContainer();
		}
		echo '</div>';// .container
		UI::dol();
	}

	public function printFormUserGroup($usrLogin) {
		if (empty($usrLogin)) throw new Exception("Empty user login");
		$usrStorageDB = UserStorageFactory::getStorage('DB');
		if (!$usrStorageDB) throw new Exception("Storage DB not exists!");
		$usr = $usrStorageDB->getUser($usrLogin);
		if (!$usr) throw new Exception("Użytkownik '{$usrLogin}' nie istnieje.");
		$stanowiska = array();
		$stanowiska = $usrStorageDB->getUserProfiles($usrLogin, $fetchNested = false);
		uasort($stanowiska, array($this, 'sortStanowiskaByType'));

		$groups = UsersHelper::getGroupByUser($usr->primaryKey);
		DBG::_('DBG_SU', '>1', 'groups', $groups, __CLASS__, __FUNCTION__, __LINE__);

		$groupsNetwork = UsersLdapHelper::getUserGroups($usrLogin, 3);
		DBG::_('DBG_SU', '>1', 'groupsNetwork', $groupsNetwork, __CLASS__, __FUNCTION__, __LINE__);

		$typeSpecialUserGroups = TypespecialVariable::getInstance(-1, '__USER_GROUPS');
		$typeSpecialTelboxes   = TypespecialVariable::getInstance(-1, '__TELBOXES');
		$idZasobUsersTbl = ProcesHelper::getZasobTableID('ADMIN_USERS');
		echo UI::h('style', [ 'type' => "text/css" ], "
			.frm-groups .selectize-control { float:left; }
			.conn_groups {}
			 .conn_groups .conn_groups-list {}
			  .conn_groups .conn_groups-list .conn_groups-list_item { line-height:22px; }
			  .conn_groups .conn_groups-list .conn_groups-list_item form { display:inline; margin:0; }
			  .conn_groups .conn_groups-list_item-rmBtn { /*display:none;*/ opacity:0.4; margin:0; padding:0 10px; border:none; }
			  .conn_groups .conn_groups-list_item:hover .conn_groups-list_item-rmBtn { /*display:inline;*/ opacity:1; }
		");
		echo '<div class="conn_groups">';
			echo UI::h('h4', [], "Ustalanie stanowiska");
			echo UI::h('blockquote', [], [
				"Użytkownik ",
				($usr->isDisabled)
				?	'<span class="label label-danger">zablokowany!</span>'
				:	'<span class="label label-info">aktywny</span>',
				" [{$usr->primaryKey}] <b>{$usr->name}</b> <code>{$usr->login}</code> ",
				UI::h('a', [
					'href' => "index.php?_route=ViewTableAjax&namespace=default_db/ADMIN_USERS#EDIT/{$usr->primaryKey}",
					'class' => "btn btn-xs btn-link",
				], '<span class="glyphicon glyphicon-pencil"></span> edytuj'),
				UI::h('a', [
					'href' => "index.php?_route=Users&_task=syncUser&usrLogin={$usr->login}",
					'class' => "btn btn-xs btn-link",
				], '<span class="glyphicon glyphicon-retweet"></span> synchronizuj do LDAP'),
			]);
			echo UI::h('h4', [], "Przypisane grupy (" . ( !empty($stanowiska) ? count($stanowiska) : 0 ) . "):");
			echo (!empty($stanowiska))
			?	UI::h('ul', [ 'class' => "conn_groups-list" ], array_map(function ($vProfile) {
					return UI::h('li', [ 'class' => "conn_groups-list_item" ], [
						"{$vProfile->group->realName} ",
						($vProfile->localisationId > 0)
						?	" (lokalizacja [{$vProfile->localisationId}])"
						:	'',
						UI::h('form', [ 'class' => "form-inline frm-groups", 'action' => "", 'method' => "POST"], [
							UI::h('input', [ 'type' => "hidden", 'name' => "_subTask", 'value' => "removeUserGroup" ]),
							UI::h('button', [
								'name' => "idProfileToRemove",
								'value' => $vProfile->profileId,
								'class' => "btn-link btn-sm conn_groups-list_item-rmBtn",
								'title' => "usuń grupę",
								'onclick' => "return confirm('Czy jesteś pewien że chcesz usunąć przypisanie do grupy {$vProfile->group->realName}?');",
							], '<i class="glyphicon glyphicon-remove"></i>'),
						]),
					]);
				}, $stanowiska))
			:	''
			;
			if ($typeSpecialUserGroups && $typeSpecialTelboxes) {
				echo '<h4>Dodaj grupę:</h4>';
				echo '<form class="form-horizontal" action="" method="POST">';
					echo '<input type="hidden" name="_subTask" value="addUserGroup">';
					echo '<div class="form-group">';
						echo '<label class="col-sm-3 control-label" for="idGroup">Grupa</label>';
						echo '<div class="col-sm-9">';
							$fName = 'idGroup';
							$fldParams = array();
							$fldParams['allowCreate'] = false;
							$fldParams['ajaxDataUrlBase'] = "index.php?_route=Users&_task=typeSpecialIdGroup";
							//$fldParams['ajaxDataUrlBase'] .= "&DBG_TS=3";
							echo $typeSpecialUserGroups->showFormItem($tblID = -1, $fName, $selValue = '', $fldParams);
						echo '</div>';
					echo '</div>';
					echo '<div class="form-group">';
						echo '<label class="col-sm-3 control-label" for="addTelboxesID">Lokalizacja</label>';
						echo '<div class="col-sm-9">';
							$fName = 'addTelboxesID';
							$fldParams = array();
							$fldParams['allowCreate'] = false;
							$fldParams['ajaxDataUrlBase'] = "index.php?_route=Users&_task=typeSpecialIdTelboxes";
							//$fldParams['ajaxDataUrlBase'] .= "&DBG_TS=3";
							echo $typeSpecialTelboxes->showFormItem($tblID = -1, $fName, $selValue = '', $fldParams);
						echo '</div>';
					echo '</div>';
					echo '<div class="form-group">';
						echo '<div class="col-sm-9 col-sm-offset-3">';
							echo '<button type="submit" class="btn btn-xs btn-primary">dodaj grupę</button>';
						echo '</div>';
					echo '</div>';
				echo '</form>';
			}
		echo '</div>'; // .conn_groups

		{// show table crm_auth_profile
			$idZasobCrmAuthProfile = ProcesHelper::getZasobTableID('CRM_AUTH_PROFILE');
			if ($idZasobCrmAuthProfile <= 0) throw new Exception("Can not find id zasob 'CRM_AUTH_PROFILE'");
			$zasobObj = ProcesHelper::getZasobTableInfo($idZasobCrmAuthProfile);
			if (!$zasobObj) throw new Exception("Zasob TABELA ID={$idZasobCrmAuthProfile} nie istnieje");
			UserActivity::add($idZasobCrmAuthProfile);
			$userAcl = User::getAcl();
			if (!$userAcl->hasTableAcl($zasobObj->ID)) throw new Exception("Brak uprawnień do tabeli ID={$zasobObj->ID}");
			$tblAcl = $userAcl->getTableAcl($zasobObj->ID);
			$forceTblAclInit = ('1' == V::get('_force', '', $_GET));
			$tblAcl->init($forceTblAclInit);

			$forceFilterInit = array();
			$filterInit = new stdClass();
			$filterInit->currSortCol = 'ID';
			$filterInit->currSortFlip = 'desc';
			foreach ($_GET as $k => $v) {
				if (strlen($k) > 3 && substr($k, 0, 2) == 'f_' && !empty($v)) {// filter prefix
					$filterInit->$k = $v;
				}
				else if (strlen($k) > 4 && substr($k, 0, 3) == 'sf_' && !empty($v)) {// special filter prefix
					$filterInit->$k = $v;
				}
				else if (strlen($k) > 4 && substr($k, 0, 3) == 'ff_' && !empty($v)) {// force filter prefix
					$fldName = substr($k, 3);
					$forceFilterInit[$fldName] = $v;
				}
			}

			$forceFilterInit['REMOTE_ID'] = $usr->primaryKey;
			$forceFilterInit['REMOTE_TABLE'] = 'ADMIN_USERS';

			$tbl = new TableAjax($tblAcl);
			$syncUrl = Router::getRoute('ViewTableAjax')->getLink('', [ 'namespace' => $tblAcl->getNamespace() ]);
			$tbl->setRootUrl( $syncUrl );
			$tbl->setSyncUrl( $syncUrl );
			$tbl->showProcesInitFiltr = Router::getRoute('ViewTableAjax')->getLink("procesInitFiltrAjax", [ 'namespace' => $tblAcl->getNamespace() ]);
			$tbl->showTableTools = Router::getRoute('ViewTableAjax')->getLink("tableToolsAjax", [ 'namespace' => $tblAcl->getNamespace() ]);
			$tbl->useUserTableFilter = Router::getRoute('ViewTableAjax')->getLink("getUserTableFilterAjax");
			$tbl->setLabel($zasobObj->OPIS);
			$tbl->setFilterInit($filterInit);
			if (!empty($forceFilterInit)) $tbl->setForceFilterInit($forceFilterInit);
			$tbl->addRowFunction('edit');
			$tbl->addRowFunction('hist');
			$tbl->addRowFunction('files');
			$tbl->addRowFunction('cp');
			echo $tbl->render();
		}
	}

	public function sortStanowiskaByType($a, $b) {
		if ($a->group->type != $a->group->type) {
			if ($a->group->type == 'network') {
				return 1;
			}
			else if ($a->group->type == 'local') {
				return -1;
			}
		}
		return 0;
	}

	public function removeUserGroup($usrLogin, $idProfileToRemove) {
		if (!$usrLogin) throw new Exception("Wrong param user login!");
		if (!$idProfileToRemove) throw new Exception("Wrong param id profile to remove!");
		$usrStorageDB = UserStorageFactory::getStorage('DB');
		if (!$usrStorageDB) throw new Exception("Error storage not exists!");
		$profile = $usrStorageDB->getProfileById($idProfileToRemove);
		if (!$profile) throw new Exception("Error profile not exists!");

		$usrStorageDB->removeUserGroupByProfileId($usrLogin, $profile->group, $idProfileToRemove);
	}

	public function addUserGroup($usrLogin, $idGroup, $idTelboxes) {
		DBG::_('DBG_NG', '>0', 'post', $_POST, __CLASS__, __FUNCTION__, __LINE__);
		if (!$usrLogin) throw new Exception("Wrong param user login!");
		$usrStorageDB = UserStorageFactory::getStorage('DB');
		if (!$usrStorageDB) throw new Exception("Error storage not exists!");
		$usr = $usrStorageDB->getUser($usrLogin);
		if (!$usr) throw new Exception("Użytkownik {$usrLogin} nie istnieje.");

		if ($idGroup > 0) {
			$groupToAdd = $usrStorageDB->getGroupWithoutNested($idGroup);
			if (!$groupToAdd) throw new Exception("Grupa [{$idGroup}] nie istnieje");
			$added = $usrStorageDB->addUserGroup($usrLogin, $groupToAdd, $idTelboxes);
		}
	}

	public function addUser($usrLogin, $idGroup, $idTelboxes, $ADM_ADMIN_LEVEL, $ADM_NAME, $ADM_ADMIN_DESC, $EMPLOYEE_TYPE, $ADM_PASSWD, $A_ADM_COMPANY, $A_CLASSIFIED, $DEFAULT_ACL_GROUP) {
		DBG::_('DBG_NG', '>0', 'post', $_POST, __CLASS__, __FUNCTION__, __LINE__);
		if (!$usrLogin) throw new Exception("Wrong param user login!");
		$usrStorageDB = UserStorageFactory::getStorage('DB');
		if (!$usrStorageDB) throw new Exception("Error storage not exists!");

		$usr = $usrStorageDB->getUser($usrLogin);
		if ($usr) throw new Exception("Użytkownik {$usrLogin} już istnieje.");
		if (!$usr) {
			$acl = ACL::getStorageByNamespace("default_db/ADMIN_USERS/ADMIN_USERS");
			$usr = $acl->addItem([
				'ADM_ACCOUNT' => $usrLogin,
				'ADM_ADMIN_LEVEL' => $ADM_ADMIN_LEVEL,
				'ADM_NAME' => $ADM_NAME,
				'ADM_ADMIN_DESC' => $ADM_ADMIN_DESC,
				'EMPLOYEE_TYPE' => $EMPLOYEE_TYPE,
				'ADM_PASSWD' => $ADM_PASSWD,
				'A_ADM_COMPANY' => $A_ADM_COMPANY,
				'A_CLASSIFIED' => $A_CLASSIFIED
			]);
			if (!$usr) throw new Exception("Nie udało się utworzyć wpisu użytkownika");

			if ($idGroup > 0) {
				$groupToAdd = $usrStorageDB->getGroupWithoutNested($idGroup);
				if (!$groupToAdd) throw new Exception("Grupa [{$idGroup}] nie istnieje");
				$added = $usrStorageDB->addUserGroup($usrLogin, $groupToAdd, $idTelboxes);
			}
		}
	}

	public function typeSpecialIdGroupAction() {
		header("Content-type: application/json");
		$typeSpecialUserGroups = TypespecialVariable::getInstance(-1, '__USER_GROUPS');

		$query = V::get('q', '', $_REQUEST);
		$rawRows = null;
		$rows = $typeSpecialUserGroups->getValuesWithExports($query);
		DBG::_('DBG', '>0', "rows(q={$query})", $rows, __CLASS__, __FUNCTION__, __LINE__);
		foreach ($rows as $kID => $vItem) {
			$itemJson = new stdClass();
			$itemJson->id = $vItem->id;
			$itemJson->name = $vItem->param_out;
			if (!empty($vItem->exports)) {
				$itemJson->exports = $vItem->exports;
			}
			$jsonData[] = $itemJson;
		}
		echo json_encode($jsonData);
	}

	public function typeSpecialIdTelboxesAction() {
		header("Content-type: application/json");

		$typeSpecialTelboxes = TypespecialVariable::getInstance(-1, '__TELBOXES');

		$query = V::get('q', '', $_REQUEST);
		$rawRows = null;
		$rows = $typeSpecialTelboxes->getValuesWithExports($query);
		DBG::_('DBG', '>0', "rows(q={$query})", $rows, __CLASS__, __FUNCTION__, __LINE__);
		foreach ($rows as $kID => $vItem) {
			$itemJson = new stdClass();
			$itemJson->id = $vItem->id;
			$itemJson->name = $vItem->param_out;
			if (!empty($vItem->exports)) {
				$itemJson->exports = $vItem->exports;
			}
			$jsonData[] = $itemJson;
		}
		echo json_encode($jsonData);
	}

	public function syncGroupAction() {
		$idGroup = V::get('idGroup', 0, $_GET, 'int');
		$group = null;

		UI::gora();
		UI::menu();
		echo '<div class="container">';
		try {
			if (!$idGroup) throw new Exception("Brak numeru grupy!");
			$usrStorageDB = UserStorageFactory::getStorage('DB');
			if ($usrStorageDB) $group = $usrStorageDB->getGroup($idGroup);
			echo UI::h('h4', [], "Synchronizacja grupy do bazy LDAP");
			echo UI::h('blockquote', [], [
				"Grupa [{$idGroup}]: ",
				($group)
				?	"<code>{$group->type}</code> {$group->zasobDESC} "
				:	"",
				UI::h('a', [
					'class' => "btn btn-xs btn-link",
					'href' => "index.php?_route=ViewTableAjax&namespace=default_db/CRM_LISTA_ZASOBOW#EDIT/{$idGroup}",
					'title' => "Edytuj rekord",
				], "<i class=\"glyphicon glyphicon-pencil\"></i> edytuj"),
				UI::h('a', [ 'class' => "btn btn-xs btn-link",
					'href' => $this->getLink('nestedGroups', [ 'idGroup' => $idGroup ]),
				], "<i class=\"glyphicon glyphicon-random\"></i> ustal powiązania między grupami uprawnień"),
			]);
			$this->syncGroup($idGroup);
		} catch (Exception $e) {
			DBG::log($e);
			UI::alert('danger', $e->getMessage());
		}
		echo '</div>'; // .container
		UI::dol();
	}

	public function syncGroup($idGroup) {
		$usrStorageDB = UserStorageFactory::getStorage('DB');
		$usrStorageLdap = UserStorageFactory::getStorage('MacOSX');
		if (!$usrStorageDB) throw new Exception("Error storage DB not exists");
		if (!$usrStorageLdap) throw new Exception("Error storage Ldap not exists");

		$groupFrom = $usrStorageDB->getGroup($idGroup);
		if (!$groupFrom) {
			$db = DB::getDB();
			$zasob = $db->get_by_id('CRM_LISTA_ZASOBOW', $idGroup);
			if (!$zasob) {
				throw new Exception("Zasób {$idGroup} nie istnieje");
			} else {
				throw new Exception("Zasób {$idGroup} nie jest grupą tylko {$zasob->TYPE}");
			}
		}
		else {
			$synUsers = new SyncUsers($usrStorageDB, $usrStorageLdap);
			$syncTodoList = $synUsers->getSyncGroupTodoList($idGroup, $syncNestedGroups = true);
			echo (empty($syncTodoList))
			?	UI::h('div', [ 'class' => "alert alert-info" ], "Brak zadań do wykonania - grupa zsynchronizowana")
			:	UI::h('div', [ 'class' => "well" ], [
					'<p>Lista zadań do wykonania:</p>',
					UI::h('ul', [], array_map(function ($vTask) {
						return UI::h('li', [], $vTask);
					}, $syncTodoList)),
				])
			;
			if ('1' == V::get('_runSync', '', $_POST)) {
				$synced = $synUsers->syncGroup($idGroup, $syncNestedGroups = true);
				if (!$synced) {
					UI::h('danger', "Nie udało się zsynchronizować grupy [{$idGroup}].");
					echo'<pre style="max-height:200px;overflow:auto;border:1px solid red;text-align:left;display:none;">errors: (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): ';print_r($synUsers->getErrorsMsgListWithDbg());echo'</pre>';
				}
				else {
					UI::h('success', "Synchronizacja grupy [{$idGroup}] zakończona powodzeniem.");
				}
			}
			else {
				echo UI::h('form', [ 'action' => "", 'method' => "POST" ], [
					UI::h('input', [ 'type' => "hidden", 'name' => "_runSync", 'value' => "1" ]),
					UI::h('input', [ 'type' => "submit", 'value' => "Synchronizuj", 'class' => "btn btn-primary btn-big" ]),
				]);
			}
		}
	}

	public function syncUserAction() {
		UI::gora();
		UI::menu();
		$usrLogin = V::get('usrLogin', '', $_GET);
		UI::startContainer();
		try {
			if (empty($usrLogin)) throw new Exception("Empty user login");

			$usrStorageDB = UserStorageFactory::getStorage('DB');
			$usrStorageLdap = UserStorageFactory::getStorage('MacOSX');
			if (!$usrStorageDB) throw new Exception("Error storage DB not exists");
			if (!$usrStorageLdap) throw new Exception("Error storage Ldap not exists");

			echo UI::h('h4', [], "Synchronizacja do LDAP");
			$usrFrom = $usrStorageDB->getUser($usrLogin);
			if ($usrFrom) {
				echo UI::h('blockquote', [], [
					"Użytkownik ",
					($usrFrom->isDisabled) ? '<span class="label label-danger">zablokowany!</span>' : '<span class="label label-info">aktywny</span>',
					" [{$usrFrom->primaryKey}] <b>{$usrFrom->name}</b> <code>{$usrFrom->login}</code> ",
					UI::h('a', [
						'href' => "index.php?_route=ViewTableAjax&namespace=default_db/ADMIN_USERS#EDIT/{$usrFrom->primaryKey}",
						'class' => "btn btn-xs btn-link",
					], '<span class="glyphicon glyphicon-pencil"></span> edytuj'),
					UI::h('a', [
						'href' => "index.php?_route=Users&_task=userGroups&usrLogin={$usrFrom->login}",
						'class' => "btn btn-xs btn-link",
					], '<span class="glyphicon glyphicon-user"></span> ustal stanowisko'),
				]);
			}

			$this->syncUser($usrLogin, $usrStorageDB, $usrStorageLdap);
		} catch (Exception $e) {
			DBG::log($e);
			UI::alert('danger', $e->getMessage());
		}
		UI::endContainer();
		UI::dol();
	}

	public function syncUser($userName, $usrStorageDB, $usrStorageLdap,$forceSync=null) {
		if (empty($userName)) throw new Exception("Empty user login");
		if (!$usrStorageDB) throw new Exception("Error storage DB not exists");
		if (!$usrStorageLdap) throw new Exception("Error storage Ldap not exists");

		$synUsers = new SyncUsers($usrStorageDB, $usrStorageLdap);

		if ('1' == V::get('_runSync', '', $_POST) or $forceSync) {
			$synced = $synUsers->syncUser($userName);
			if (!$synced) {
				UI::alert('danger', "Nie udało się zsynchronizować uprawnień użytkownika {$userName}.");
				$errorsList = $synUsers->getErrorsMsgListWithDbg();
				if (!empty($errorsList)) {
					echo'<pre style="max-height:200px;overflow:auto;border:1px solid red;text-align:left;">';
						echo "Błędy:\n" . implode("\n", $errorsList);
					echo '</pre>';
				}
			}
			else {
				UI::alert('success', "Synchronizacja uprawnień użytkownika {$userName} zakończona powodzeniem.");
			}
		}
		if ('1' == V::get('_forceSyncAliasList', '', $_POST)) {
			$synced = $synUsers->forceSyncUserAliasList($userName);
			if (!$synced) {
				UI::alert('danger', "Nie udało się poprawić aliasów {$userName}.");
				$errorsList = $synUsers->getErrorsMsgListWithDbg();
				if (!empty($errorsList)) {
					echo'<pre style="max-height:200px;overflow:auto;border:1px solid red;text-align:left;">';
						echo "Błędy:\n" . implode("\n", $errorsList);
					echo '</pre>';
				}
			}
			else {
				UI::alert('success', "Synchronizacja listy aliasów pocztowych użytkownika {$userName} zakończona powodzeniem.");
			}
		}

		$syncTodoList = $synUsers->getSyncUserTodoList($userName);
		echo (empty($syncTodoList))
		?	UI::h('div', [ 'class' => "alert alert-info" ], "Brak zadań do wykonania - użytkownik zsynchronizowany")
		:	UI::h('div', [ 'class' => "well" ], [
				'<p>Lista zadań do wykonania:</p>',
				UI::h('ul', [], array_map(function ($vTask) {
					return UI::h('li', [], $vTask);
				}, $syncTodoList)),
			])
		;
		echo UI::h('div', [ 'class' => "row" ], [
			'<div class="col-md-2">
				<form action="" method="POST">
					<input type="hidden" name="_runSync" value="1">
					<input type="submit" value="Synchronizuj" class="btn btn-primary btn-big">
				</form>
			</div>',
			'<div class="col-md-10" style="text-align: right;">
				<form action="" method="POST">
					<input type="hidden" name="_forceSyncAliasList" value="1">
					W razie problemów z aliasami pocztowymi:
					<input type="submit" value="Popraw aliasy" class="btn btn-xs btn-warning">
				</form>
			</div>',
		]);
	}

}