se/SE/se-lib/Route/Users.php

<?php

Lib::loadClass('RouteBase');
Lib::loadClass('UserStorageFactory');
Lib::loadClass('ProcesHelper');
Lib::loadClass('SyncUsers');
Lib::loadClass('UsersHelper');
Lib::loadClass('UsersLdapHelper');
Lib::loadClass('TypespecialVariable');
Lib::loadClass('TableAjax');
Lib::loadClass('UserActivity');

class Route_Users extends RouteBase {

	public function handleAuth() {
		if (!User::logged()) {
			throw new HttpException('Unauthorized', 401);
		}
	}

	public function defaultAction() {
		SE_Layout::gora();
		SE_Layout::menu();
		$this->menu();
		SE_Layout::dol();
	}

	public function menu() {
		$usrLogin = User::getLogin();
		?>
<ul>
	<li><a href="index.php?_route=Users&_task=syncUser&usrLogin=<?php echo $usrLogin; ?>">Sync user <?php echo $usrLogin; ?></a></li>
	<li><a href="index.php?_route=Users&_task=userGroups&usrLogin=<?php echo $usrLogin; ?>">Add group <?php echo $usrLogin; ?></a></li>
</ul>
<?php
	}

	public function userGroupsAction() {
		SE_Layout::gora();
		SE_Layout::menu();
		$usrLogin = V::get('usrLogin', '', $_GET);
		echo '<div class="container">';
		try {
			if (empty($usrLogin)) throw new Exception("Empty user login");
			$subTask = V::get('_subTask', '', $_POST);
			if ('removeUserGroup' == $subTask) {
				$idProfileToRemove = V::get('idProfileToRemove', 0, $_POST, 'int');
				$this->removeUserGroup($usrLogin, $idProfileToRemove);
				?><div class="alert alert-info">Użytkownik został usunięty z danej grupy</div><?php
			} else if ('addUserGroup' == $subTask) {
				$idGroup = V::get('idGroup', 0, $_POST, 'int');
				$idTelboxes = V::get('addTelboxesID', 0, $_POST, 'int');
				$this->addUserGroup($usrLogin, $idGroup, $idTelboxes);
				?><div class="alert alert-info">Dodano grupę [<?php echo $idGroup; ?>] do użytkownika [<?php echo $usrLogin; ?>]</div><?php
			}
			$this->printFormUserGroup($usrLogin);
		} catch (Exception $e) {
			?><div class="alert alert-danger"><?php echo $e->getMessage(); ?>
	<br><a href="index.php?_route=Users&_task=userGroups&usrLogin=<?php echo $usrLogin; ?>">wróć</a>
</div><?php
			echo UserActivity::showListInContainer();
		}
		echo '</div>';// .container
		SE_Layout::dol();
	}

	public function printFormUserGroup($usrLogin) {
		if (empty($usrLogin)) throw new Exception("Empty user login");
		$usrStorageDB = UserStorageFactory::getStorage('DB');
		if (!$usrStorageDB) throw new Exception("Storage DB not exists!");
		$usr = $usrStorageDB->getUser($usrLogin);
		if (!$usr) throw new Exception("Użytkownik '{$usrLogin}' nie istnieje.");
		$stanowiska = array();
		$stanowiska = $usrStorageDB->getUserProfiles($usrLogin, $fetchNested = false);
		uasort($stanowiska, array($this, 'sortStanowiskaByType'));

		$groups = UsersHelper::getGroupByUser($usr->primaryKey);
		DBG::_('DBG_SU', '>1', 'groups', $groups, __CLASS__, __FUNCTION__, __LINE__);

		$groupsNetwork = UsersLdapHelper::getUserGroups($usrLogin, 3);
		DBG::_('DBG_SU', '>1', 'groupsNetwork', $groupsNetwork, __CLASS__, __FUNCTION__, __LINE__);

		$typeSpecialUserGroups = TypespecialVariable::getInstance(-1, '__USER_GROUPS');
		$typeSpecialTelboxes   = TypespecialVariable::getInstance(-1, '__TELBOXES');
		$idZasobUsersTbl = ProcesHelper::getZasobTableID('ADMIN_USERS');
?>
<style type="text/css">
.frm-groups .selectize-control { float:left; }
.conn_groups {}
 .conn_groups .conn_groups-list {}
  .conn_groups .conn_groups-list .conn_groups-list_item { line-height:22px; }
  .conn_groups .conn_groups-list .conn_groups-list_item form { display:inline; margin:0; }
  .conn_groups .conn_groups-list_item-rmBtn { /*display:none;*/ opacity:0.4; margin:0; padding:0 10px; border:none; }
  .conn_groups .conn_groups-list_item:hover .conn_groups-list_item-rmBtn { /*display:inline;*/ opacity:1; }
</style>
<div class="conn_groups">
	<h4>Ustalanie stanowiska</h4>
	<blockquote>
		Użytkownik [<?php echo $usr->primaryKey; ?>] <b><?php echo $usr->name; ?></b> <code><?php echo $usr->login; ?></code>
		<?php if ($idZasobUsersTbl > 0) : ?>
			<a href="index.php?MENU_INIT=VIEWTABLE_AJAX&ZASOB_ID=<?php echo $idZasobUsersTbl; ?>#EDIT/<?php echo $usr->primaryKey; ?>"
				 class="btn btn-xs btn-link"><span class="glyphicon glyphicon-pencil"></span> edytuj</a>
		<?php endif; ?>
		<a href="index.php?_route=Users&_task=syncUser&usrLogin=<?php echo $usr->login; ?>"
			  class="btn btn-xs btn-link"><span class="glyphicon glyphicon-random"></span> synchronizuj do LDAP</a>
	</blockquote>
	<?php if (!empty($taskErrors)) : ?>
		<div class="alert alert-danger">
			<button type="button" class="close" data-dismiss="alert">×</button>
			<?php echo implode('<br>', $taskErrors); ?>
		</div>
	<?php endif; ?>
	<?php if (!empty($taskMsgs)) : ?>
		<div class="alert alert-success">
			<button type="button" class="close" data-dismiss="alert">×</button>
			<?php echo implode('<br>', $taskMsgs); ?>
		</div>
	<?php endif; ?>

	<h4>Przypisane grupy (<?php echo (!empty($stanowiska))? count($stanowiska) : 0; ?>):</h4>
	<?php if (!empty($stanowiska)) : ?>
		<ul class="conn_groups-list">
			<?php foreach ($stanowiska as $vProfile) : ?>
				<li class="conn_groups-list_item">
					<?php echo $vProfile->group->realName; ?>
					<?php if ($vProfile->localisationId > 0) : ?>
						(lokalizacja [<?php echo $vProfile->localisationId; ?>])
					<?php endif; ?>
					<form class="form-inline frm-groups" action="" method="POST">
						<input type="hidden" name="_subTask" value="removeUserGroup">
						<button name="idProfileToRemove" value="<?php echo $vProfile->profileId; ?>" class="btn-link btn-sm conn_groups-list_item-rmBtn" title="usuń grupę" onclick="return confirm('Czy jesteś pewien że chcesz usunąć przypisanie do grupy <?php echo $vProfile->group->realName; ?>?');"><i class="glyphicon glyphicon-remove"></i></button>
					</form>
				</li>
			<?php endforeach; ?>
		</ul>
	<?php endif; ?>

	<?php if ($typeSpecialUserGroups && $typeSpecialTelboxes) : ?>
		<h4>Dodaj grupę:</h4>
		<form class="form-horizontal" action="" method="POST">
			<input type="hidden" name="_subTask" value="addUserGroup">
			<div class="form-group">
				<label class="col-sm-3 control-label" for="idGroup">Grupa</label>
				<div class="col-sm-9">
					<?php
						$fName = 'idGroup';
						$fldParams = array();
						$fldParams['allowCreate'] = false;
						$fldParams['ajaxDataUrlBase'] = "index.php?_route=Users&_task=typeSpecialIdGroup";
						//$fldParams['ajaxDataUrlBase'] .= "&DBG_TS=3";
						echo $typeSpecialUserGroups->showFormItem($tblID = -1, $fName, $selValue = '', $fldParams);
					?>
				</div>
			</div>
			<div class="form-group">
				<label class="col-sm-3 control-label" for="addTelboxesID">Lokalizacja</label>
				<div class="col-sm-9">
					<?php
						$fName = 'addTelboxesID';
						$fldParams = array();
						$fldParams['allowCreate'] = false;
						$fldParams['ajaxDataUrlBase'] = "index.php?_route=Users&_task=typeSpecialIdTelboxes";
						//$fldParams['ajaxDataUrlBase'] .= "&DBG_TS=3";
						echo $typeSpecialTelboxes->showFormItem($tblID = -1, $fName, $selValue = '', $fldParams);
					?>
				</div>
			</div>
			<div class="form-group">
				<div class="col-sm-9 col-sm-offset-3">
					<button type="submit" class="btn btn-xs btn-primary">dodaj grupę</button>
				</div>
			</div>
		</form>
	<?php endif; ?>
</div>
<?php
		{// show table crm_auth_profile
			$idZasobCrmAuthProfile = ProcesHelper::getZasobTableID('CRM_AUTH_PROFILE');
			if ($idZasobCrmAuthProfile <= 0) throw new Exception("Can not find id zasob 'CRM_AUTH_PROFILE'");
			$zasobObj = ProcesHelper::getZasobTableInfo($idZasobCrmAuthProfile);
			if (!$zasobObj) throw new Exception("Zasob TABELA ID={$idZasobCrmAuthProfile} nie istnieje");
			UserActivity::add($idZasobCrmAuthProfile);
			$userAcl = User::getAcl();
			if (!$userAcl->hasTableAcl($zasobObj->ID)) throw new Exception("Brak uprawnień do tabeli ID={$zasobObj->ID}");
			$tblAcl = $userAcl->getTableAcl($zasobObj->ID);
			$forceTblAclInit = ('1' == V::get('_force', '', $_GET));
			$tblAcl->init($forceTblAclInit);

			$forceFilterInit = array();
			$filterInit = new stdClass();
			$filterInit->currSortCol = 'ID';
			$filterInit->currSortFlip = 'desc';
			foreach ($_GET as $k => $v) {
				if (strlen($k) > 3 && substr($k, 0, 2) == 'f_' && !empty($v)) {// filter prefix
					$filterInit->$k = $v;
				}
				else if (strlen($k) > 4 && substr($k, 0, 3) == 'sf_' && !empty($v)) {// special filter prefix
					$filterInit->$k = $v;
				}
				else if (strlen($k) > 4 && substr($k, 0, 3) == 'ff_' && !empty($v)) {// force filter prefix
					$fldName = substr($k, 3);
					$forceFilterInit[$fldName] = $v;
				}
			}

			$forceFilterInit['REMOTE_ID'] = $usr->primaryKey;
			$forceFilterInit['REMOTE_TABLE'] = 'ADMIN_USERS';

			$tbl = new TableAjax($tblAcl);
			$tbl->setLabel($zasobObj->OPIS);
			$tbl->setFilterInit($filterInit);
			if (!empty($forceFilterInit)) $tbl->setForceFilterInit($forceFilterInit);
			$tbl->addRowFunction('edit');
			$tbl->addRowFunction('hist');
			$tbl->addRowFunction('files');
			$tbl->addRowFunction('cp');
			$tbl->showProcesInit(false);// hide Proces filter field
			echo $tbl->render();
		}
	}

	public function sortStanowiskaByType($a, $b) {
		if ($a->group->type != $a->group->type) {
			if ($a->group->type == 'network') {
				return 1;
			}
			else if ($a->group->type == 'local') {
				return -1;
			}
		}
		return 0;
	}

	public function removeUserGroup($usrLogin, $idProfileToRemove) {
		if (!$usrLogin) throw new Exception("Wrong param user login!");
		if (!$idProfileToRemove) throw new Exception("Wrong param id profile to remove!");
		$usrStorageDB = UserStorageFactory::getStorage('DB');
		if (!$usrStorageDB) throw new Exception("Error storage not exists!");
		$profile = $usrStorageDB->getProfileById($idProfileToRemove);
		if (!$profile) throw new Exception("Error profile not exists!");

		$usrStorageDB->removeUserGroupByProfileId($usrLogin, $profile->group, $idProfileToRemove);
	}

	public function addUserGroup($usrLogin, $idGroup, $idTelboxes) {
		DBG::_('DBG_NG', '>0', 'post', $_POST, __CLASS__, __FUNCTION__, __LINE__);
		if (!$usrLogin) throw new Exception("Wrong param user login!");
		$usrStorageDB = UserStorageFactory::getStorage('DB');
		if (!$usrStorageDB) throw new Exception("Error storage not exists!");
		$usr = $usrStorageDB->getUser($usrLogin);
		if (!$usr) throw new Exception("Użytkownik {$usrLogin} nie istnieje.");

		if ($idGroup > 0) {
			$groupToAdd = $usrStorageDB->getGroupWithoutNested($idGroup);
			if (!$groupToAdd) throw new Exception("Grupa [{$idGroup}] nie istnieje");
			$added = $usrStorageDB->addUserGroup($usrLogin, $groupToAdd, $idTelboxes);
		}
	}

	public function typeSpecialIdGroupAction() {
		header("Content-type: application/json");
		Lib::loadClass('TypespecialVariable');
		$typeSpecialUserGroups = TypespecialVariable::getInstance(-1, '__USER_GROUPS');

		$query = V::get('q', '', $_REQUEST);
		$rawRows = null;
		$rows = $typeSpecialUserGroups->getValuesWithExports($query);
		DBG::_('DBG', '>0', "rows(q={$query})", $rows, __CLASS__, __FUNCTION__, __LINE__);
		foreach ($rows as $kID => $vItem) {
			$itemJson = new stdClass();
			$itemJson->id = $vItem->id;
			$itemJson->name = $vItem->param_out;
			if (!empty($vItem->exports)) {
				$itemJson->exports = $vItem->exports;
			}
			$jsonData[] = $itemJson;
		}
		echo json_encode($jsonData);
	}

	public function typeSpecialIdTelboxesAction() {
		header("Content-type: application/json");

		Lib::loadClass('TypespecialVariable');
		$typeSpecialTelboxes = TypespecialVariable::getInstance(-1, '__TELBOXES');

		$query = V::get('q', '', $_REQUEST);
		$rawRows = null;
		$rows = $typeSpecialTelboxes->getValuesWithExports($query);
		DBG::_('DBG', '>0', "rows(q={$query})", $rows, __CLASS__, __FUNCTION__, __LINE__);
		foreach ($rows as $kID => $vItem) {
			$itemJson = new stdClass();
			$itemJson->id = $vItem->id;
			$itemJson->name = $vItem->param_out;
			if (!empty($vItem->exports)) {
				$itemJson->exports = $vItem->exports;
			}
			$jsonData[] = $itemJson;
		}
		echo json_encode($jsonData);
	}

	public function syncGroupAction() {
		$idGroup = V::get('idGroup', 0, $_GET, 'int');

		SE_Layout::gora();
		SE_Layout::menu();
		echo '<div class="container">';
		try {
			if (!$idGroup) throw new Exception("Brak numeru grupy!");
			?>
			<h4>Synchronizacja grupy do bazy LDAP</h4>
<blockquote>
	Grupa [<?php echo $idGroup; ?>]
	<a class="btn btn-link" href="index.php?MENU_INIT=GROUP_ADD_NESTEDGROUPS&groupID=<?php echo $idGroup; ?>">ustal powiązania między grupami uprawnień</a></p>
</blockquote>
<?php
			$this->syncGroup($idGroup);
		} catch (Exception $e) {
			?><div class="alert alert-danger"><?php echo $e->getMessage(); ?></div><?php
		}
		echo '</div>';// .container
		SE_Layout::dol();
	}

	public function syncGroup($idGroup) {
		$usrStorageDB = UserStorageFactory::getStorage('DB');
		$usrStorageLdap = UserStorageFactory::getStorage('MacOSX');
		if (!$usrStorageDB) throw new Exception("Error storage DB not exists");
		if (!$usrStorageLdap) throw new Exception("Error storage Ldap not exists");

		$groupFrom = $usrStorageDB->getGroup($idGroup);
		if (!$groupFrom) {
			$db = DB::getDB();
			$zasob = $db->get_by_id('CRM_LISTA_ZASOBOW', $idGroup);
			if (!$zasob) {
				throw new Exception("Zasób {$idGroup} nie istnieje");
			} else {
				throw new Exception("Zasób {$idGroup} nie jest grupą tylko {$zasob->TYPE}");
			}
		}
		else {
			$synUsers = new SyncUsers($usrStorageDB, $usrStorageLdap);
			$syncTodoList = $synUsers->getSyncGroupTodoList($idGroup, $syncNestedGroups = true);
?>
			<?php if (empty($syncTodoList)) : ?>
				<div class="alert alert-info">Brak zadań do wykonania - grupa zsynchronizowana</div>
			<?php else : ?>
				<div class="well">
					<p>Lista zadań do wykonania:</p>
					<ul>
						<?php foreach ($syncTodoList as $vTask) : ?>
							<li><?php echo $vTask; ?></li>
						<?php endforeach; ?>
					</ul>
				</div>
			<?php endif; ?>
<?php
			if ('1' == V::get('_runSync', '', $_POST)) {
				$synced = $synUsers->syncGroup($idGroup, $syncNestedGroups = true);
				if (!$synced) {
					?>
					<div class="alert alert-danger">
						Nie udało się zsynchronizować grupy [<?php echo $idGroup; ?>].
					</div>
					<?php
					echo'<pre style="max-height:200px;overflow:auto;border:1px solid red;text-align:left;display:none;">errors: (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): ';print_r($synUsers->getErrorsMsgListWithDbg());echo'</pre>';
				}
				else {
					?>
					<div class="alert alert-success">
						Synchronizacja grupy [<?php echo $idGroup; ?>] zakończona powodzeniem.
					</div>
					<?php
				}
			}
			else {
				?>
				<form action="" method="POST">
					<input type="hidden" name="_runSync" value="1">
					<input type="submit" value="Synchronizuj" class="btn btn-primary btn-big">
				</form>
				<?php
			}
		}
	}

	public function syncUserAction() {
		SE_Layout::gora();
		SE_Layout::menu();
		$usrLogin = V::get('usrLogin', '', $_GET);
		echo '<div class="container">';
		try {
			if (empty($usrLogin)) throw new Exception("Empty user login");

			$usrStorageDB = UserStorageFactory::getStorage('DB');
			$usrStorageLdap = UserStorageFactory::getStorage('MacOSX');
			if (!$usrStorageDB) throw new Exception("Error storage DB not exists");
			if (!$usrStorageLdap) throw new Exception("Error storage Ldap not exists");

			echo '<h4>' . "Synchronizacja do LDAP" . '</h4>';
			$usrFrom = $usrStorageDB->getUser($usrLogin);
			DBG::_('DBG_SU', '>1', 'User from:', $usrFrom, __CLASS__, __FUNCTION__, __LINE__);
			if ($usrFrom) {
				$idZasobUsersTbl = ProcesHelper::getZasobTableID('ADMIN_USERS');
				$idZasobPermsTbl = ProcesHelper::getZasobTableID('CRM_AUTH_PROFILE');
?>
	<blockquote>
		Użytkownik [<?php echo $usrFrom->primaryKey; ?>] <b><?php echo $usrFrom->name; ?></b> <code><?php echo $usrFrom->login; ?></code>
		<?php if ($idZasobUsersTbl > 0) : ?>
			<a href="index.php?MENU_INIT=VIEWTABLE_AJAX&ZASOB_ID=<?php echo $idZasobUsersTbl; ?>#EDIT/<?php echo $usrFrom->primaryKey; ?>"
				 class="btn btn-xs btn-link"><span class="glyphicon glyphicon-pencil"></span> edytuj</a>
		<?php endif; ?>
		<?php if ($idZasobPermsTbl > 0) : ?>
			<a href="index.php?_route=Users&_task=userGroups&usrLogin=<?php echo $usrFrom->login; ?>"
				 class="btn btn-xs btn-link"><span class="glyphicon glyphicon-user"></span> ustal stanowisko</a>
		<?php endif; ?>
	</blockquote>
<?php
			}

			$this->syncUser($usrLogin, $usrStorageDB, $usrStorageLdap);
		} catch (Exception $e) {
			?><div class="alert alert-danger"><?php echo $e->getMessage(); ?></div><?php
		}
		echo '</div>';// .container
		SE_Layout::dol();
	}

	public function syncUser($userName, $usrStorageDB, $usrStorageLdap) {
		if (empty($userName)) throw new Exception("Empty user login");
		if (!$usrStorageDB) throw new Exception("Error storage DB not exists");
		if (!$usrStorageLdap) throw new Exception("Error storage Ldap not exists");

		$synUsers = new SyncUsers($usrStorageDB, $usrStorageLdap);

		$syncTodoList = $synUsers->getSyncUserTodoList($userName);
		?>
		<?php if (empty($syncTodoList)) : ?>
			<div class="alert alert-info">Brak zadań do wykonania - użytkownik zsynchronizowany</div>
		<?php else : ?>
			<div class="well">
				<p>Lista zadań do wykonania:</p>
				<ul>
					<?php foreach ($syncTodoList as $vTask) : ?>
						<li><?php echo $vTask; ?></li>
					<?php endforeach; ?>
				</ul>
			</div>
		<?php endif; ?>
		<?php

		if ('1' == V::get('_runSync', '', $_POST)) {
			$synced = $synUsers->syncUser($userName, $syncGroups = true, $syncDisabled = true);
			if (!$synced) {
				?>
				<div class="alert alert-danger">
					Nie udało się zsynchronizować uprawnień użytkownika <?php echo $userName; ?>.
				</div>
				<?php
				$errorsList = $synUsers->getErrorsMsgListWithDbg();
				if (!empty($errorsList)) {
					echo'<pre style="max-height:200px;overflow:auto;border:1px solid red;text-align:left;">';
						echo "Błędy:\n" . implode("\n", $errorsList);
					echo '</pre>';
				}
			}
			else {
				?>
				<div class="alert alert-success">
					Synchronizacja uprawnień użytkownika <?php echo $userName; ?> zakończona powodzeniem.
				</div>
				<?php
			}
		}
		else {
			?>
			<form action="" method="POST">
				<input type="hidden" name="_runSync" value="1">
				<input type="submit" value="Synchronizuj" class="btn btn-primary btn-big">
			</form>
			<?php
		}
	}

}