se/SE/se-lib/Route/Users.php

<?php

Lib::loadClass('RouteBase');
Lib::loadClass('UserStorageFactory');
Lib::loadClass('ProcesHelper');
Lib::loadClass('SyncUsers');
Lib::loadClass('UsersHelper');
Lib::loadClass('UsersLdapHelper');
Lib::loadClass('TypespecialVariable');
Lib::loadClass('TableAjax');
Lib::loadClass('UserActivity');

class Route_Users extends RouteBase {

	public function handleAuth() {
		if (!User::logged()) {
			throw new HttpException('Unauthorized', 401);
		}
	}

	public function defaultAction() {
		SE_Layout::gora();
		SE_Layout::menu();
		$this->menu();
		SE_Layout::dol();
	}

	public function menu() {
		$usrLogin = User::getLogin();
		?>
<div class="container">
	<h3>Użytkownicy i grupy</h3>
	<ul>
		<li>
			<form class="form-inline" action="index.php" method="GET">
				<input type="hidden" name="_route" value="Users">
				<input type="hidden" name="_task" value="syncUser">
				<label for="usrLogin">login: </label>
				<input type="text" name="usrLogin" value="<?php echo $usrLogin; ?>">
				<input type="submit" value="Synchronizuj do bazy LDAP" class="btn btn-xs btn-default">
			</form>
		</li>
		<li>
			<form class="form-inline" action="index.php" method="GET">
				<input type="hidden" name="_route" value="Users">
				<input type="hidden" name="_task" value="userGroups">
				<label for="usrLogin">login: </label>
				<input type="text" name="usrLogin" value="<?php echo $usrLogin; ?>">
				<input type="submit" value="Dodaj grupy" class="btn btn-xs btn-default">
			</form>
		</li>
		<li>
			<form class="form-inline" action="index.php" method="GET">
				<input type="hidden" name="_route" value="Users">
				<input type="hidden" name="_task" value="nestedGroups">
				<label for="idGroup">id grupy: </label>
				<input type="text" name="idGroup" value="">
				<input type="submit" value="Grupy uprawnień" class="btn btn-xs btn-default">
			</form>
		</li>
	</ul>
</div>
<?php
	}

	public function reloadPermsAction() {
		try {
			$dbgExecTime = new DebugExecutionTime();
			$dbgExecTime->activate();
			$dbgExecTime->log('start');

			$routeFixCrmProcesInitIdx = Router::getRoute('FixCrmProcesInitIdx');
			if ($routeFixCrmProcesInitIdx) {
				$routeFixCrmProcesInitIdx->runMethod('callProcedure');
			}

			$dbgExecTime->log('FixCrmProcesInitIdx::callProcedure');
			$fixAllPermsExecTime = $dbgExecTime->getLastExecTime();

			User::reloadAcl();

			$dbgExecTime->log('User::reloadAcl');
			$fixUserPermsExecTime = $dbgExecTime->getLastExecTime();

		} catch (Exception $e) {
			$data['errors'][] = $e->getMessage();
		}

		SE_Layout::gora();
		SE_Layout::menu();
		?>
		<div class="container">
			<div class="alert alert-success" title="<?php echo number_format($fixAllPermsExecTime, 4); ?> s / <?php echo number_format($fixUserPermsExecTime, 4); ?> s">
				Zaktualizowano uprawnienia
			</div>
		</div>
		<?php
		SE_Layout::loadTemplate('defaultPage', $data);
		SE_Layout::dol();
	}

	public function nestedGroupsAction() {
		SE_Layout::gora();
		SE_Layout::menu();
		echo '<div class="container">';
		try {
			$idGroup = V::get('idGroup', 0, $_GET, 'int');
			if (empty($idGroup)) throw new Exception("Empty group id");
			$subTask = V::get('_subTask', '', $_POST);
			$successMsg = null;
			if ('removeParentGroup' == $subTask) {
				$idParentGroupToRemove = V::get('idParentGroupToRemove', 0, $_POST, 'int');
				$this->nestedGroupsRemoveParentGroup($idGroup, $idParentGroupToRemove);
				$successMsg = "Usunięto grupę nadrzędną [{$idParentGroupToRemove}] do grupy [{$idGroup}]";
			} else if ('removeNestedGroup' == $subTask) {
				$idNestedGroupToRemove = V::get('idNestedGroupToRemove', 0, $_POST, 'int');
				$this->nestedGroupsRemoveNestedGroup($idGroup, $idNestedGroupToRemove);
				$successMsg = "Usunięto grupę zagnieżdżoną [{$idNestedGroupToRemove}] do grupy [{$idGroup}]";
			} else if ('addParentGroup' == $subTask) {
				$idParentGroupToAdd = V::get('idParentGroupToAdd', 0, $_POST, 'int');
				$this->nestedGroupsAddParentGroup($idGroup, $idParentGroupToAdd);
				$successMsg = "Dodano grupę nadrzędną [{$idParentGroupToAdd}] do grupy [{$idGroup}]";
			} else if ('addNestedGroup' == $subTask) {
				$idNestedGroupToAdd = V::get('idNestedGroupToAdd', 0, $_POST, 'int');
				$this->nestedGroupsAddNestedGroup($idGroup, $idNestedGroupToAdd);
				$successMsg = "Dodano grupę zagnieżdżoną [{$idNestedGroupToAdd}] do grupy [{$idGroup}]";
			}
			if (!empty($successMsg)) {
				?><div class="alert alert-success"><?php echo $successMsg; ?></div><?php
			}
			$this->printFormNestedGroups($idGroup);
		} catch (Exception $e) {
			?><div class="alert alert-danger"><?php echo $e->getMessage(); ?>
	<br><a href="index.php?_route=Users">wróć</a>
</div><?php
			echo UserActivity::showListInContainer();
		}
		echo '</div>';// .container
		SE_Layout::dol();
	}

	public function nestedGroupsRemoveParentGroup($idGroup, $idParentGroupToRemove) {
		if (!$idGroup) throw new Exception("Wrong param id group!");
		if (!$idParentGroupToRemove) throw new Exception("Wrong param id parent group to remove!");
		$usrStorageDB = UserStorageFactory::getStorage('DB');
		if (!$usrStorageDB) throw new Exception("Error: storage db not exists!");
		$group = $usrStorageDB->getGroupWithoutNested($idGroup);
		if (!$group) throw new Exception("Error: group not exists!");
		$parentGroup = $usrStorageDB->getGroupWithoutNested($idParentGroupToRemove);
		if (!$parentGroup) throw new Exception("Error: parent group not exists!");
		$usrStorageDB->removeParentGroup($idGroup, $idParentGroupToRemove);
	}

	public function nestedGroupsRemoveNestedGroup($idGroup, $idNestedGroupToRemove) {
		if (!$idGroup) throw new Exception("Wrong param id group!");
		if (!$idNestedGroupToRemove) throw new Exception("Wrong param id parent group to remove!");
		$usrStorageDB = UserStorageFactory::getStorage('DB');
		if (!$usrStorageDB) throw new Exception("Error: storage db not exists!");
		$group = $usrStorageDB->getGroupWithoutNested($idGroup);
		if (!$group) throw new Exception("Error: group not exists!");
		$nestedGroup = $usrStorageDB->getGroupWithoutNested($idNestedGroupToRemove);
		if (!$nestedGroup) throw new Exception("Error: nested group not exists!");
		$usrStorageDB->removeNestedGroup($idGroup, $idNestedGroupToRemove);
	}

	public function nestedGroupsAddParentGroup($idGroup, $idParentGroupToAdd) {
		if ($idGroup <= 0) throw new Exception("Wrong param id group");
		if ($idParentGroupToAdd <= 0) throw new Exception("Wrong param id parent group to add");
		$usrStorageDB = UserStorageFactory::getStorage('DB');
		if (!$usrStorageDB) throw new Exception("Error: storage db not exists!");
		$group = $usrStorageDB->getGroupWithoutNested($idGroup);
		if (!$group) throw new Exception("Error: group [{$idGroup}] not exists!");
		$parentGroup = $usrStorageDB->getGroupWithoutNested($idParentGroupToAdd);
		if (!$parentGroup) throw new Exception("Error: parent group [{$idParentGroupToAdd}] not exists!");
		$usrStorageDB->addParentGroup($idGroup, $idParentGroupToAdd);
	}

	public function nestedGroupsAddNestedGroup($idGroup, $idNestedGroupToAdd) {
		if ($idGroup <= 0) throw new Exception("Wrong param id group");
		if ($idNestedGroupToAdd <= 0) throw new Exception("Wrong param id parent group to add");
		$usrStorageDB = UserStorageFactory::getStorage('DB');
		if (!$usrStorageDB) throw new Exception("Error: storage db not exists!");
		$group = $usrStorageDB->getGroupWithoutNested($idGroup);
		if (!$group) throw new Exception("Error: group not exists!");
		$nestedGroup = $usrStorageDB->getGroupWithoutNested($idNestedGroupToAdd);
		if (!$nestedGroup) throw new Exception("Error: nested group [{$idNestedGroupToAdd}] not exists!");
		$usrStorageDB->addNestedGroup($idGroup, $idNestedGroupToAdd);
	}

	public function printFormNestedGroups($idGroup) {
		$linkTypeIdNestedGroups = 5;

		if (!$idGroup) throw new Exception("Wrong param group id!");
		$usrStorageDB = UserStorageFactory::getStorage('DB');
		if (!$usrStorageDB) throw new Exception("Error storage not exists!");
		$group = $usrStorageDB->getGroup($idGroup);
		if (!$group) throw new Exception("Grupa {$idGroup} nie istnieje.");
		DBG::_('DBG_SU', '>1', 'group', $group, __CLASS__, __FUNCTION__, __LINE__);

		{
			$idZasob = ProcesHelper::getZasobTableID('ITEM_LINKS');
			if ($idZasob <= 0) throw new Exception("Brak zasobu dla tabeli 'ITEM_LINKS'");
			$zasobObj = ProcesHelper::getZasobTableInfo($idZasob);
			if (!$zasobObj) throw new Exception("Zasob TABELA ID={$idZasob} nie istnieje");
			UserActivity::add($idZasob);
			$userAcl = User::getAcl();
			$userAcl->fetchGroups();
			if (!$userAcl->hasTableAcl($zasobObj->ID)) throw new Exception("Brak uprawnień do tabeli ID={$zasobObj->ID}");
		}

		if (V::get('_testUsrGroupsLdapLvl0', '', $_GET)) {
			$usrLogin = User::getLogin();
			$groups = array(); $groupsLvl3 = array();
			$groupsNetwork = UsersLdapHelper::getUserGroups($usrLogin, 0);
			foreach ($groupsNetwork as $vGroup) {
				$groups[$vGroup->cn] = $vGroup->appleUID;
			}
			DBG::_(true, true, "groups ldap lvl 0", $groups, __CLASS__, __FUNCTION__, __LINE__);
			$groupsNetwork = UsersLdapHelper::getUserGroups($usrLogin, 3);
			foreach ($groupsNetwork as $vGroup) {
				$groupsLvl3[$vGroup->cn] = $vGroup->appleUID;
			}
			DBG::_(true, true, "groups ldap lvl 3", $groupsLvl3, __CLASS__, __FUNCTION__, __LINE__);
		}

		$group->getParentGroups();
		DBG::_('DBG_NG', '>1', "group with nested", $group, __CLASS__, __FUNCTION__, __LINE__);

		$typeSpecialNestedGroups = TypespecialVariable::getInstance(-1, '__NESTED_GROUPS');

		$groupUsers = array();
		$groupNestedUsers = array();
		$idZasobTableUsers = ProcesHelper::getZasobTableID('ADMIN_USERS');
		if ($group->zasobID > 0) {
			$groupUsers = UsersHelper::getUsersByGroupId($idGroup);
			$groupNestedUsers = UsersHelper::getUsersByGroupsIds(array_keys($group->nestedGroups), array_keys($groupUsers));
		}

		$idZasobTableZasoby = ProcesHelper::getZasobTableID('CRM_LISTA_ZASOBOW');
?>
<style type="text/css">
.frm-groups .selectize-control { float:left; }
.conn_groups {}
 .conn_groups .conn_groups-list {}
  .conn_groups .conn_groups-list .conn_groups-list_item { line-height:22px; }
  .conn_groups .conn_groups-list .conn_groups-list_item form { display:inline; margin:0; }
  .conn_groups .conn_groups-list_item-rmBtn {  display:inline; margin:0; padding:0 6px; border:none; opacity:0.4; }
  .conn_groups .conn_groups-list_item-editBtn {  margin:0 6px; padding:0; border:none; opacity:0.4; }
  .conn_groups .conn_groups-list_item:hover .conn_groups-list_item-rmBtn { display:inline; opacity:1; }
  .conn_groups .conn_groups-list_item:hover .conn_groups-list_item-editBtn { opacity:1; }
.users-with-perms {}
 .users-with-perms address { padding:0 6px; border:1px solid #eee; }
 .users-with-perms address:hover { border-color:#333; }
</style>
<div class="container conn_groups">
	<h4>Grupy uprawnień
		<!-- <em style="color:#ccc;">(Nested Groups)</em> -->
	</h4>
	<blockquote>
		Grupa [<?php echo $idGroup; ?>]: <code><?php echo $group->type; ?></code> <?php echo $group->zasobDESC; ?>
		<a class="btn btn-xs btn-link" href="index.php?MENU_INIT=VIEWTABLE_AJAX&ZASOB_ID=<?php echo $idZasobTableZasoby; ?>#EDIT/<?php echo $idGroup; ?>" title="Edytuj rekord"><i class="glyphicon glyphicon-pencil"></i> edytuj</a>
		<a class="btn btn-xs btn-link" href="index.php?_route=Users&_task=syncGroup&idGroup=<?php echo $idGroup; ?>"><i class="glyphicon glyphicon-retweet"></i> synchronizuj do LDAP</a>
	</blockquote>

	<br>

	<div class="row">
		<div class="col-md-6">
<!--			<p><b>Grupy posiadające dostęp do rekordów grupy [<?php echo $group->zasobID; ?>] <?php echo $group->zasobDESC; ?></b> <em>(<?php echo (!empty($group->parentGroups))? count($group->parentGroups) : 0; ?>)</em>:
				</p> -->
			<blockquote>
<!--				<h5>Ustal grupy, które będą miały uprawnienia do rekordów dostępnych dla
					[<?php echo $group->zasobID; ?>] <?php echo $group->zasobDESC; ?>
				</h5>
				<small>np. grupy podrzędnych pracowników.</small> -->
				<h5>Udostępnij rekordy innym grupom</h5>
				<small>np. przełożonemu.</small>
			</blockquote>
			<ul class="conn_groups-list">
				<?php if (!empty($group->nestedGroups)) : ?>
					<?php foreach ($group->nestedGroups as $vNestedGroup) : ?>
						<li class="conn_groups-list_item">
							[<?php echo $vNestedGroup->zasobID; ?>]
							<?php echo $vNestedGroup->type; ?>
							<?php echo $vNestedGroup->zasobDESC; ?>
							<a href="index.php?_route=Users&_task=nestedGroups&idGroup=<?php echo $vNestedGroup->zasobID; ?>" class="glyphicon glyphicon-pencil conn_groups-list_item-editBtn" title="Edytuj grupę"> </a>
							<form action="" method="POST" class="form-inline frm-groups">
								<input type="hidden" name="_subTask" value="removeNestedGroup">
								<button name="idNestedGroupToRemove" value="<?php echo $vNestedGroup->zasobID; ?>" class="btn-link btn-sm conn_groups-list_item-rmBtn" title="usuń grupę"><i class="glyphicon glyphicon-remove"></i></button>
							</form>
						</li>
					<?php endforeach; ?>
				<?php endif; ?>
				<?php if ($typeSpecialNestedGroups) : ?>
					<li>
						<form action="" method="POST" class="form-inline frm-groups">
							<input type="hidden" name="_subTask" value="addNestedGroup">
							<?php
								$fName = 'idNestedGroupToAdd';
								$fldParams = array();
								$fldParams['allowCreate'] = false;
								$fldParams['ajaxDataUrlBase'] = "index.php?_route=Users&_task=typeSpecialIdNestedGroup";
								//$fldParams['ajaxDataUrlBase'] .= "&DBG_TS=3";
								echo $typeSpecialNestedGroups->showFormItem($tblID = -1, $fName, $selValue = '', $fldParams);
							?>
							<button class="btn">dodaj</button>
						</form>
					</li>
				<?php endif; ?>
			</ul>

<!--			<p><b>Grupy do rekordów, których posiada dostęp grupa [<?php echo $group->zasobID; ?>] <?php echo $group->zasobDESC; ?></b> <em>(<?php echo (!empty($group->parentGroups))? count($group->parentGroups) : 0; ?>)</em>:
			</p> -->
			<blockquote>
				<h5>Grupy, które udostępniają rekordy</h5>
				<small>np. grupy podrzędnych pracowników lub dział, podmiot.</small>
			</blockquote>
			<ul class="conn_groups-list">
				<?php if (!empty($group->parentGroups)) : ?>
					<?php foreach ($group->parentGroups as $vParentGroup) : ?>
						<li class="conn_groups-list_item">
							[<?php echo $vParentGroup->zasobID; ?>]
							<?php // if ('DZIAL' == $vParentGroup->type) : ?>
								<?php echo $vParentGroup->type; ?>
							<?php // endif; ?>
							<?php echo $vParentGroup->zasobDESC; ?>
							<a href="index.php?_route=Users&_task=nestedGroups&idGroup=<?php echo $vParentGroup->zasobID; ?>" class="glyphicon glyphicon-pencil conn_groups-list_item-editBtn" title="Edytuj grupę"> </a>
							<form action="" method="POST" class="form-inline frm-groups">
								<input type="hidden" name="_subTask" value="removeParentGroup">
								<button name="idParentGroupToRemove" value="<?php echo $vParentGroup->zasobID; ?>" class="btn-link btn-sm conn_groups-list_item-rmBtn" title="usuń grupę"><i class="glyphicon glyphicon-remove"></i></button>
							</form>
						</li>
					<?php endforeach; ?>
				<?php endif; ?>

				<?php if ($typeSpecialNestedGroups) : ?>
					<li>
						<form action="" method="POST" class="form-inline frm-groups">
							<input type="hidden" name="_subTask" value="addParentGroup">
							<?php
								$fName = 'idParentGroupToAdd';
								$fldParams = array();
								$fldParams['allowCreate'] = false;
								$fldParams['ajaxDataUrlBase'] = "index.php?_route=Users&_task=typeSpecialIdNestedGroup";
								//$fldParams['ajaxDataUrlBase'] .= "&DBG_TS=3";
								echo $typeSpecialNestedGroups->showFormItem($tblID = -1, $fName, $selValue = '', $fldParams);
							?>
							<button class="btn">dodaj</button>
						</form>
					</li>
				<?php endif; ?>
			</ul>

		</div>
		<div class="col-md-6 users-with-perms">

			<h5>Użytkownicy:</h5>
			<?php if (empty($groupUsers)) : ?>
				<div class="alert">Brak użytkowników przypisanych bezpośrednio do grupy</div>
			<?php else : ?>
				<div class="row">
				<?php foreach ($groupUsers as $usr) : ?>
					<div class="col-md-6">
						<address>
							<strong><?php echo $usr->ADM_NAME; ?></strong>
							<a href="index.php?MENU_INIT=VIEWTABLE_AJAX&ZASOB_ID=<?php echo $idZasobTableUsers; ?>#EDIT/<?php echo $usr->ID; ?>" class="glyphicon glyphicon-pencil" title="Edytuj rekord"> </a>

							<br><em><?php echo $usr->EMPLOYEE_TYPE; ?></em>

							<?php if (!empty($usr->ADM_PHONE)) : ?>
								<br><abbr title="Telefon">Tel.:</abbr> <?php echo $usr->ADM_PHONE; ?>
							<?php endif; ?>

							<?php if (!empty($usr->EMAIL)) : ?>
								<br><a href="mailto:<?php echo $usr->EMAIL; ?>"><?php echo $usr->EMAIL; ?></a>
							<?php endif; ?>
						</address>
					</div>
				<?php endforeach; ?>
				</div>
			<?php endif; ?>

			<h5>Użytwkonicy z uprawnieniami do rekordów</h5>
			<?php if (empty($groupNestedUsers)) : ?>
				<div class="alert">Brak</div>
			<?php else : ?>
				<div class="row">
				<?php foreach ($groupNestedUsers as $usr) : ?>
					<div class="col-md-6">
						<address>
							<strong><?php echo $usr->ADM_NAME; ?></strong>
							<a href="index.php?MENU_INIT=VIEWTABLE_AJAX&ZASOB_ID=<?php echo $idZasobTableUsers; ?>#EDIT/<?php echo $usr->ID; ?>" class="glyphicon glyphicon-pencil" title="Edytuj rekord"> </a>

							<br><em><?php echo $usr->EMPLOYEE_TYPE; ?></em>

							<?php if (!empty($usr->ADM_PHONE)) : ?>
								<br><abbr title="Telefon">Tel.:</abbr> <?php echo $usr->ADM_PHONE; ?>
							<?php endif; ?>

							<?php if (!empty($usr->EMAIL)) : ?>
								<br><a href="mailto:<?php echo $usr->EMAIL; ?>"><?php echo $usr->EMAIL; ?></a>
							<?php endif; ?>
						</address>
					</div>
				<?php endforeach; ?>
				</div>
			<?php endif; ?>

		</div>
	</div>
</div>
<?php
		{// render table
			$tblAcl = $userAcl->getTableAcl($zasobObj->ID);
			$forceTblAclInit = ('1' == V::get('_force', '', $_GET));
			$tblAcl->init($forceTblAclInit);
			$forceFilterInit = array();
			$filterInit = new stdClass();
			$filterInit->currSortCol = 'ID';
			$filterInit->currSortFlip = 'desc';
			foreach ($_GET as $k => $v) {
				if (strlen($k) > 3 && substr($k, 0, 2) == 'f_' && !empty($v)) {// filter prefix
					$filterInit->$k = $v;
				}
				else if (strlen($k) > 4 && substr($k, 0, 3) == 'sf_' && !empty($v)) {// special filter prefix
					$filterInit->$k = $v;
				}
				else if (strlen($k) > 4 && substr($k, 0, 3) == 'ff_' && !empty($v)) {// force filter prefix
					$fldName = substr($k, 3);
					$forceFilterInit[$fldName] = $v;
				}
			}

			$tblZasobyID = ProcesHelper::getZasobTableID('CRM_LISTA_ZASOBOW');
			$forceFilterInit['TABLE_1_NAME'] = 'CRM_LISTA_ZASOBOW';
			$forceFilterInit['TABLE_1_ZASOB_ID'] = $tblZasobyID;
			$forceFilterInit['TABLE_1_ID'] = $group->zasobID;
			$forceFilterInit['TABLE_2_NAME'] = 'CRM_LISTA_ZASOBOW';
			$forceFilterInit['TABLE_2_ZASOB_ID'] = $tblZasobyID;
			$forceFilterInit['LINKS_TYPE_ID'] = $linkTypeIdNestedGroups;

			$tbl = new TableAjax($tblAcl);
			$tbl->setLabel($zasobObj->OPIS);
			$tbl->setFilterInit($filterInit);
			if (!empty($forceFilterInit)) $tbl->setForceFilterInit($forceFilterInit);
			$tbl->addRowFunction('edit');
			$tbl->addRowFunction('hist');
			$tbl->addRowFunction('files');
			$tbl->addRowFunction('cp');
			$tbl->showProcesInit(false);// hide Proces filter field
			echo $tbl->render();
		}
	}

	public function typeSpecialIdNestedGroupAction() {
		header("Content-type: application/json");
		$typeSpecialNestedGroups = TypespecialVariable::getInstance(-1, '__NESTED_GROUPS');

		$query = V::get('q', '', $_REQUEST);
		$rawRows = null;
		$rows = $typeSpecialNestedGroups->getValuesWithExports($query);
		DBG::_('DBG', '>0', "rows(q={$query})", $rows, __CLASS__, __FUNCTION__, __LINE__);
		foreach ($rows as $kID => $vItem) {
			$itemJson = new stdClass();
			$itemJson->id = $vItem->id;
			$itemJson->name = $vItem->param_out;
			if (!empty($vItem->exports)) {
				$itemJson->exports = $vItem->exports;
			}
			$jsonData[] = $itemJson;
		}
		echo json_encode($jsonData);
	}

	public function userGroupsAction() {
		SE_Layout::gora();
		SE_Layout::menu();
		$usrLogin = V::get('usrLogin', '', $_GET);
		echo '<div class="container">';
		try {
			if (empty($usrLogin)) throw new Exception("Empty user login");
			$subTask = V::get('_subTask', '', $_POST);
			if ('removeUserGroup' == $subTask) {
				$idProfileToRemove = V::get('idProfileToRemove', 0, $_POST, 'int');
				$this->removeUserGroup($usrLogin, $idProfileToRemove);
				?><div class="alert alert-info">Użytkownik został usunięty z danej grupy</div><?php
			} else if ('addUserGroup' == $subTask) {
				$idGroup = V::get('idGroup', 0, $_POST, 'int');
				$idTelboxes = V::get('addTelboxesID', 0, $_POST, 'int');
				$this->addUserGroup($usrLogin, $idGroup, $idTelboxes);
				?><div class="alert alert-info">Dodano grupę [<?php echo $idGroup; ?>] do użytkownika [<?php echo $usrLogin; ?>]</div><?php
			}
			$this->printFormUserGroup($usrLogin);
		} catch (Exception $e) {
			?><div class="alert alert-danger"><?php echo $e->getMessage(); ?>
	<br><a href="index.php?_route=Users&_task=userGroups&usrLogin=<?php echo $usrLogin; ?>">wróć</a>
</div><?php
			echo UserActivity::showListInContainer();
		}
		echo '</div>';// .container
		SE_Layout::dol();
	}

	public function printFormUserGroup($usrLogin) {
		if (empty($usrLogin)) throw new Exception("Empty user login");
		$usrStorageDB = UserStorageFactory::getStorage('DB');
		if (!$usrStorageDB) throw new Exception("Storage DB not exists!");
		$usr = $usrStorageDB->getUser($usrLogin);
		if (!$usr) throw new Exception("Użytkownik '{$usrLogin}' nie istnieje.");
		$stanowiska = array();
		$stanowiska = $usrStorageDB->getUserProfiles($usrLogin, $fetchNested = false);
		uasort($stanowiska, array($this, 'sortStanowiskaByType'));

		$groups = UsersHelper::getGroupByUser($usr->primaryKey);
		DBG::_('DBG_SU', '>1', 'groups', $groups, __CLASS__, __FUNCTION__, __LINE__);

		$groupsNetwork = UsersLdapHelper::getUserGroups($usrLogin, 3);
		DBG::_('DBG_SU', '>1', 'groupsNetwork', $groupsNetwork, __CLASS__, __FUNCTION__, __LINE__);

		$typeSpecialUserGroups = TypespecialVariable::getInstance(-1, '__USER_GROUPS');
		$typeSpecialTelboxes   = TypespecialVariable::getInstance(-1, '__TELBOXES');
		$idZasobUsersTbl = ProcesHelper::getZasobTableID('ADMIN_USERS');
?>
<style type="text/css">
.frm-groups .selectize-control { float:left; }
.conn_groups {}
 .conn_groups .conn_groups-list {}
  .conn_groups .conn_groups-list .conn_groups-list_item { line-height:22px; }
  .conn_groups .conn_groups-list .conn_groups-list_item form { display:inline; margin:0; }
  .conn_groups .conn_groups-list_item-rmBtn { /*display:none;*/ opacity:0.4; margin:0; padding:0 10px; border:none; }
  .conn_groups .conn_groups-list_item:hover .conn_groups-list_item-rmBtn { /*display:inline;*/ opacity:1; }
</style>
<div class="conn_groups">
	<h4>Ustalanie stanowiska</h4>
	<blockquote>
		Użytkownik
		<?php if ($usr->isDisabled) : ?>
			<span class="label label-danger">zablokowany!</span>
		<?php else : ?>
			<span class="label label-info">aktywny</span>
		<?php endif; ?>
		[<?php echo $usr->primaryKey; ?>] <b><?php echo $usr->name; ?></b> <code><?php echo $usr->login; ?></code>
		<?php if ($idZasobUsersTbl > 0) : ?>
			<a href="index.php?MENU_INIT=VIEWTABLE_AJAX&ZASOB_ID=<?php echo $idZasobUsersTbl; ?>#EDIT/<?php echo $usr->primaryKey; ?>"
				 class="btn btn-xs btn-link"><span class="glyphicon glyphicon-pencil"></span> edytuj</a>
		<?php endif; ?>
		<a href="index.php?_route=Users&_task=syncUser&usrLogin=<?php echo $usr->login; ?>"
			  class="btn btn-xs btn-link"><span class="glyphicon glyphicon-retweet"></span> synchronizuj do LDAP</a>
	</blockquote>

	<h4>Przypisane grupy (<?php echo (!empty($stanowiska))? count($stanowiska) : 0; ?>):</h4>
	<?php if (!empty($stanowiska)) : ?>
		<ul class="conn_groups-list">
			<?php foreach ($stanowiska as $vProfile) : ?>
				<li class="conn_groups-list_item">
					<?php echo $vProfile->group->realName; ?>
					<?php if ($vProfile->localisationId > 0) : ?>
						(lokalizacja [<?php echo $vProfile->localisationId; ?>])
					<?php endif; ?>
					<form class="form-inline frm-groups" action="" method="POST">
						<input type="hidden" name="_subTask" value="removeUserGroup">
						<button name="idProfileToRemove" value="<?php echo $vProfile->profileId; ?>" class="btn-link btn-sm conn_groups-list_item-rmBtn" title="usuń grupę" onclick="return confirm('Czy jesteś pewien że chcesz usunąć przypisanie do grupy <?php echo $vProfile->group->realName; ?>?');"><i class="glyphicon glyphicon-remove"></i></button>
					</form>
				</li>
			<?php endforeach; ?>
		</ul>
	<?php endif; ?>

	<?php if ($typeSpecialUserGroups && $typeSpecialTelboxes) : ?>
		<h4>Dodaj grupę:</h4>
		<form class="form-horizontal" action="" method="POST">
			<input type="hidden" name="_subTask" value="addUserGroup">
			<div class="form-group">
				<label class="col-sm-3 control-label" for="idGroup">Grupa</label>
				<div class="col-sm-9">
					<?php
						$fName = 'idGroup';
						$fldParams = array();
						$fldParams['allowCreate'] = false;
						$fldParams['ajaxDataUrlBase'] = "index.php?_route=Users&_task=typeSpecialIdGroup";
						//$fldParams['ajaxDataUrlBase'] .= "&DBG_TS=3";
						echo $typeSpecialUserGroups->showFormItem($tblID = -1, $fName, $selValue = '', $fldParams);
					?>
				</div>
			</div>
			<div class="form-group">
				<label class="col-sm-3 control-label" for="addTelboxesID">Lokalizacja</label>
				<div class="col-sm-9">
					<?php
						$fName = 'addTelboxesID';
						$fldParams = array();
						$fldParams['allowCreate'] = false;
						$fldParams['ajaxDataUrlBase'] = "index.php?_route=Users&_task=typeSpecialIdTelboxes";
						//$fldParams['ajaxDataUrlBase'] .= "&DBG_TS=3";
						echo $typeSpecialTelboxes->showFormItem($tblID = -1, $fName, $selValue = '', $fldParams);
					?>
				</div>
			</div>
			<div class="form-group">
				<div class="col-sm-9 col-sm-offset-3">
					<button type="submit" class="btn btn-xs btn-primary">dodaj grupę</button>
				</div>
			</div>
		</form>
	<?php endif; ?>
</div>
<?php
		{// show table crm_auth_profile
			$idZasobCrmAuthProfile = ProcesHelper::getZasobTableID('CRM_AUTH_PROFILE');
			if ($idZasobCrmAuthProfile <= 0) throw new Exception("Can not find id zasob 'CRM_AUTH_PROFILE'");
			$zasobObj = ProcesHelper::getZasobTableInfo($idZasobCrmAuthProfile);
			if (!$zasobObj) throw new Exception("Zasob TABELA ID={$idZasobCrmAuthProfile} nie istnieje");
			UserActivity::add($idZasobCrmAuthProfile);
			$userAcl = User::getAcl();
			if (!$userAcl->hasTableAcl($zasobObj->ID)) throw new Exception("Brak uprawnień do tabeli ID={$zasobObj->ID}");
			$tblAcl = $userAcl->getTableAcl($zasobObj->ID);
			$forceTblAclInit = ('1' == V::get('_force', '', $_GET));
			$tblAcl->init($forceTblAclInit);

			$forceFilterInit = array();
			$filterInit = new stdClass();
			$filterInit->currSortCol = 'ID';
			$filterInit->currSortFlip = 'desc';
			foreach ($_GET as $k => $v) {
				if (strlen($k) > 3 && substr($k, 0, 2) == 'f_' && !empty($v)) {// filter prefix
					$filterInit->$k = $v;
				}
				else if (strlen($k) > 4 && substr($k, 0, 3) == 'sf_' && !empty($v)) {// special filter prefix
					$filterInit->$k = $v;
				}
				else if (strlen($k) > 4 && substr($k, 0, 3) == 'ff_' && !empty($v)) {// force filter prefix
					$fldName = substr($k, 3);
					$forceFilterInit[$fldName] = $v;
				}
			}

			$forceFilterInit['REMOTE_ID'] = $usr->primaryKey;
			$forceFilterInit['REMOTE_TABLE'] = 'ADMIN_USERS';

			$tbl = new TableAjax($tblAcl);
			$tbl->setLabel($zasobObj->OPIS);
			$tbl->setFilterInit($filterInit);
			if (!empty($forceFilterInit)) $tbl->setForceFilterInit($forceFilterInit);
			$tbl->addRowFunction('edit');
			$tbl->addRowFunction('hist');
			$tbl->addRowFunction('files');
			$tbl->addRowFunction('cp');
			$tbl->showProcesInit(false);// hide Proces filter field
			echo $tbl->render();
		}
	}

	public function sortStanowiskaByType($a, $b) {
		if ($a->group->type != $a->group->type) {
			if ($a->group->type == 'network') {
				return 1;
			}
			else if ($a->group->type == 'local') {
				return -1;
			}
		}
		return 0;
	}

	public function removeUserGroup($usrLogin, $idProfileToRemove) {
		if (!$usrLogin) throw new Exception("Wrong param user login!");
		if (!$idProfileToRemove) throw new Exception("Wrong param id profile to remove!");
		$usrStorageDB = UserStorageFactory::getStorage('DB');
		if (!$usrStorageDB) throw new Exception("Error storage not exists!");
		$profile = $usrStorageDB->getProfileById($idProfileToRemove);
		if (!$profile) throw new Exception("Error profile not exists!");

		$usrStorageDB->removeUserGroupByProfileId($usrLogin, $profile->group, $idProfileToRemove);
	}

	public function addUserGroup($usrLogin, $idGroup, $idTelboxes) {
		DBG::_('DBG_NG', '>0', 'post', $_POST, __CLASS__, __FUNCTION__, __LINE__);
		if (!$usrLogin) throw new Exception("Wrong param user login!");
		$usrStorageDB = UserStorageFactory::getStorage('DB');
		if (!$usrStorageDB) throw new Exception("Error storage not exists!");
		$usr = $usrStorageDB->getUser($usrLogin);
		if (!$usr) throw new Exception("Użytkownik {$usrLogin} nie istnieje.");

		if ($idGroup > 0) {
			$groupToAdd = $usrStorageDB->getGroupWithoutNested($idGroup);
			if (!$groupToAdd) throw new Exception("Grupa [{$idGroup}] nie istnieje");
			$added = $usrStorageDB->addUserGroup($usrLogin, $groupToAdd, $idTelboxes);
		}
	}

	public function typeSpecialIdGroupAction() {
		header("Content-type: application/json");
		$typeSpecialUserGroups = TypespecialVariable::getInstance(-1, '__USER_GROUPS');

		$query = V::get('q', '', $_REQUEST);
		$rawRows = null;
		$rows = $typeSpecialUserGroups->getValuesWithExports($query);
		DBG::_('DBG', '>0', "rows(q={$query})", $rows, __CLASS__, __FUNCTION__, __LINE__);
		foreach ($rows as $kID => $vItem) {
			$itemJson = new stdClass();
			$itemJson->id = $vItem->id;
			$itemJson->name = $vItem->param_out;
			if (!empty($vItem->exports)) {
				$itemJson->exports = $vItem->exports;
			}
			$jsonData[] = $itemJson;
		}
		echo json_encode($jsonData);
	}

	public function typeSpecialIdTelboxesAction() {
		header("Content-type: application/json");

		$typeSpecialTelboxes = TypespecialVariable::getInstance(-1, '__TELBOXES');

		$query = V::get('q', '', $_REQUEST);
		$rawRows = null;
		$rows = $typeSpecialTelboxes->getValuesWithExports($query);
		DBG::_('DBG', '>0', "rows(q={$query})", $rows, __CLASS__, __FUNCTION__, __LINE__);
		foreach ($rows as $kID => $vItem) {
			$itemJson = new stdClass();
			$itemJson->id = $vItem->id;
			$itemJson->name = $vItem->param_out;
			if (!empty($vItem->exports)) {
				$itemJson->exports = $vItem->exports;
			}
			$jsonData[] = $itemJson;
		}
		echo json_encode($jsonData);
	}

	public function syncGroupAction() {
		$idGroup = V::get('idGroup', 0, $_GET, 'int');
		$group = null;

		SE_Layout::gora();
		SE_Layout::menu();
		echo '<div class="container">';
		try {
			if (!$idGroup) throw new Exception("Brak numeru grupy!");
			$idZasobTableZasoby = ProcesHelper::getZasobTableID('CRM_LISTA_ZASOBOW');
			$usrStorageDB = UserStorageFactory::getStorage('DB');
			if ($usrStorageDB) $group = $usrStorageDB->getGroup($idGroup);
			?>
			<h4>Synchronizacja grupy do bazy LDAP</h4>
<blockquote>
	Grupa [<?php echo $idGroup; ?>]:
	<?php if ($group) : ?>
		<code><?php echo $group->type; ?></code> <?php echo $group->zasobDESC; ?>
	<?php endif; ?>
	<a class="btn btn-xs btn-link" href="index.php?MENU_INIT=VIEWTABLE_AJAX&ZASOB_ID=<?php echo $idZasobTableZasoby; ?>#EDIT/<?php echo $idGroup; ?>" title="Edytuj rekord"><i class="glyphicon glyphicon-pencil"></i> edytuj</a>
	<a class="btn btn-xs btn-link" href="index.php?_route=Users&_task=nestedGroups&idGroup=<?php echo $idGroup; ?>"><i class="glyphicon glyphicon-random"></i> ustal powiązania między grupami uprawnień</a>
</blockquote>
<?php
			$this->syncGroup($idGroup);
		} catch (Exception $e) {
			?><div class="alert alert-danger"><?php echo $e->getMessage(); ?></div><?php
		}
		echo '</div>';// .container
		SE_Layout::dol();
	}

	public function syncGroup($idGroup) {
		$usrStorageDB = UserStorageFactory::getStorage('DB');
		$usrStorageLdap = UserStorageFactory::getStorage('MacOSX');
		if (!$usrStorageDB) throw new Exception("Error storage DB not exists");
		if (!$usrStorageLdap) throw new Exception("Error storage Ldap not exists");

		$groupFrom = $usrStorageDB->getGroup($idGroup);
		if (!$groupFrom) {
			$db = DB::getDB();
			$zasob = $db->get_by_id('CRM_LISTA_ZASOBOW', $idGroup);
			if (!$zasob) {
				throw new Exception("Zasób {$idGroup} nie istnieje");
			} else {
				throw new Exception("Zasób {$idGroup} nie jest grupą tylko {$zasob->TYPE}");
			}
		}
		else {
			$synUsers = new SyncUsers($usrStorageDB, $usrStorageLdap);
			$syncTodoList = $synUsers->getSyncGroupTodoList($idGroup, $syncNestedGroups = true);
?>
			<?php if (empty($syncTodoList)) : ?>
				<div class="alert alert-info">Brak zadań do wykonania - grupa zsynchronizowana</div>
			<?php else : ?>
				<div class="well">
					<p>Lista zadań do wykonania:</p>
					<ul>
						<?php foreach ($syncTodoList as $vTask) : ?>
							<li><?php echo $vTask; ?></li>
						<?php endforeach; ?>
					</ul>
				</div>
			<?php endif; ?>
<?php
			if ('1' == V::get('_runSync', '', $_POST)) {
				$synced = $synUsers->syncGroup($idGroup, $syncNestedGroups = true);
				if (!$synced) {
					?>
					<div class="alert alert-danger">
						Nie udało się zsynchronizować grupy [<?php echo $idGroup; ?>].
					</div>
					<?php
					echo'<pre style="max-height:200px;overflow:auto;border:1px solid red;text-align:left;display:none;">errors: (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): ';print_r($synUsers->getErrorsMsgListWithDbg());echo'</pre>';
				}
				else {
					?>
					<div class="alert alert-success">
						Synchronizacja grupy [<?php echo $idGroup; ?>] zakończona powodzeniem.
					</div>
					<?php
				}
			}
			else {
				?>
				<form action="" method="POST">
					<input type="hidden" name="_runSync" value="1">
					<input type="submit" value="Synchronizuj" class="btn btn-primary btn-big">
				</form>
				<?php
			}
		}
	}

	public function syncUserAction() {
		SE_Layout::gora();
		SE_Layout::menu();
		$usrLogin = V::get('usrLogin', '', $_GET);
		echo '<div class="container">';
		try {
			if (empty($usrLogin)) throw new Exception("Empty user login");

			$usrStorageDB = UserStorageFactory::getStorage('DB');
			$usrStorageLdap = UserStorageFactory::getStorage('MacOSX');
			if (!$usrStorageDB) throw new Exception("Error storage DB not exists");
			if (!$usrStorageLdap) throw new Exception("Error storage Ldap not exists");

			echo '<h4>' . "Synchronizacja do LDAP" . '</h4>';
			$usrFrom = $usrStorageDB->getUser($usrLogin);
			DBG::_('DBG_SU', '>1', 'User from:', $usrFrom, __CLASS__, __FUNCTION__, __LINE__);
			if ($usrFrom) {
				$idZasobUsersTbl = ProcesHelper::getZasobTableID('ADMIN_USERS');
				$idZasobPermsTbl = ProcesHelper::getZasobTableID('CRM_AUTH_PROFILE');
?>
	<blockquote>
		Użytkownik
		<?php if ($usrFrom->isDisabled) : ?>
			<span class="label label-danger">zablokowany!</span>
		<?php else : ?>
			<span class="label label-info">aktywny</span>
		<?php endif; ?>
		[<?php echo $usrFrom->primaryKey; ?>] <b><?php echo $usrFrom->name; ?></b> <code><?php echo $usrFrom->login; ?></code>
		<?php if ($idZasobUsersTbl > 0) : ?>
			<a href="index.php?MENU_INIT=VIEWTABLE_AJAX&ZASOB_ID=<?php echo $idZasobUsersTbl; ?>#EDIT/<?php echo $usrFrom->primaryKey; ?>"
				 class="btn btn-xs btn-link"><span class="glyphicon glyphicon-pencil"></span> edytuj</a>
		<?php endif; ?>
		<?php if ($idZasobPermsTbl > 0) : ?>
			<a href="index.php?_route=Users&_task=userGroups&usrLogin=<?php echo $usrFrom->login; ?>"
				 class="btn btn-xs btn-link"><span class="glyphicon glyphicon-user"></span> ustal stanowisko</a>
		<?php endif; ?>
	</blockquote>
<?php
			}

			$this->syncUser($usrLogin, $usrStorageDB, $usrStorageLdap);
		} catch (Exception $e) {
			?><div class="alert alert-danger"><?php echo $e->getMessage(); ?></div><?php
		}
		echo '</div>';// .container
		SE_Layout::dol();
	}

	public function syncUser($userName, $usrStorageDB, $usrStorageLdap) {
		if (empty($userName)) throw new Exception("Empty user login");
		if (!$usrStorageDB) throw new Exception("Error storage DB not exists");
		if (!$usrStorageLdap) throw new Exception("Error storage Ldap not exists");

		$synUsers = new SyncUsers($usrStorageDB, $usrStorageLdap);

		$syncTodoList = $synUsers->getSyncUserTodoList($userName);
		?>
		<?php if (empty($syncTodoList)) : ?>
			<div class="alert alert-info">Brak zadań do wykonania - użytkownik zsynchronizowany</div>
		<?php else : ?>
			<div class="well">
				<p>Lista zadań do wykonania:</p>
				<ul>
					<?php foreach ($syncTodoList as $vTask) : ?>
						<li><?php echo $vTask; ?></li>
					<?php endforeach; ?>
				</ul>
			</div>
		<?php endif; ?>
		<?php

		if ('1' == V::get('_runSync', '', $_POST)) {
			$synced = $synUsers->syncUser($userName, $syncGroups = true, $syncDisabled = true);
			if (!$synced) {
				?>
				<div class="alert alert-danger">
					Nie udało się zsynchronizować uprawnień użytkownika <?php echo $userName; ?>.
				</div>
				<?php
				$errorsList = $synUsers->getErrorsMsgListWithDbg();
				if (!empty($errorsList)) {
					echo'<pre style="max-height:200px;overflow:auto;border:1px solid red;text-align:left;">';
						echo "Błędy:\n" . implode("\n", $errorsList);
					echo '</pre>';
				}
			}
			else {
				?>
				<div class="alert alert-success">
					Synchronizacja uprawnień użytkownika <?php echo $userName; ?> zakończona powodzeniem.
				</div>
				<?php
			}
		}
		else {
			?>
			<form action="" method="POST">
				<input type="hidden" name="_runSync" value="1">
				<input type="submit" value="Synchronizuj" class="btn btn-primary btn-big">
			</form>
			<?php
		}
	}

}