%PDF- %PDF-
Direktori : /var/www/projetos/suporte.iigd.com.br/src/ |
Current File : /var/www/projetos/suporte.iigd.com.br/src/Profile_User.php |
<?php /** * --------------------------------------------------------------------- * * GLPI - Gestionnaire Libre de Parc Informatique * * http://glpi-project.org * * @copyright 2015-2024 Teclib' and contributors. * @copyright 2003-2014 by the INDEPNET Development Team. * @licence https://www.gnu.org/licenses/gpl-3.0.html * * --------------------------------------------------------------------- * * LICENSE * * This file is part of GLPI. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see <https://www.gnu.org/licenses/>. * * --------------------------------------------------------------------- */ use Glpi\Toolbox\Sanitizer; /** * Profile_User Class **/ class Profile_User extends CommonDBRelation { // From CommonDBTM public $auto_message_on_action = false; // From CommonDBRelation public static $itemtype_1 = 'User'; public static $items_id_1 = 'users_id'; public static $itemtype_2 = 'Profile'; public static $items_id_2 = 'profiles_id'; public static $checkItem_2_Rights = self::DONT_CHECK_ITEM_RIGHTS; // Manage Entity properties forwarding public static $disableAutoEntityForwarding = true; /** * @since 0.84 * * @see CommonDBTM::getForbiddenStandardMassiveAction() **/ public function getForbiddenStandardMassiveAction() { $forbidden = parent::getForbiddenStandardMassiveAction(); $forbidden[] = 'update'; return $forbidden; } public function maybeRecursive() { // Store is_recursive fields but not really recursive object return false; } // TODO CommonDBConnexity : check in details if we can replace canCreateItem by canRelationItem ... public function canCreateItem() { $user = new User(); return $user->can($this->fields['users_id'], READ) && Profile::currentUserHaveMoreRightThan([$this->fields['profiles_id'] => $this->fields['profiles_id'] ]) && Session::haveAccessToEntity($this->fields['entities_id']); } public function canPurgeItem() { // We can't delete the last super admin profile authorization if ($this->isLastSuperAdminAuthorization()) { return false; } return true; } public function prepareInputForAdd($input) { // TODO: check if the entities should not be inherited from the profile or the user $valid_entity = isset($input['entities_id']) && $input['entities_id'] >= 0; $valid_profile = isset($input['profiles_id']) && $input['profiles_id'] > 0; $valid_user = isset($input['users_id']) && $input['users_id'] > 0; if (!$valid_entity || !$valid_user || !$valid_profile) { Session::addMessageAfterRedirect( __('One or more required fields are missing'), false, ERROR ); return false; } return parent::prepareInputForAdd($input); } /** * Show rights of a user * * @param $user User object **/ public static function showForUser(User $user) { $ID = $user->getField('id'); if (!$user->can($ID, READ)) { return false; } $canedit = $user->canEdit($ID); $strict_entities = self::getUserEntities($ID, false); if ( !Session::haveAccessToOneOfEntities($strict_entities) && !Session::canViewAllEntities() ) { $canedit = false; } $canshowentity = Entity::canView(); $rand = mt_rand(); if ($canedit) { echo "<div class='firstbloc'>"; echo "<form name='entityuser_form$rand' id='entityuser_form$rand' method='post' action='"; echo Toolbox::getItemTypeFormURL(__CLASS__) . "'>"; echo "<table class='tab_cadre_fixe'>"; echo "<tr class='tab_bg_1'><th colspan='6'>" . __('Add an authorization to a user') . "</tr>"; echo "<tr class='tab_bg_2'><td class='center'>"; echo "<input type='hidden' name='users_id' value='$ID'>"; Entity::dropdown(['entity' => $_SESSION['glpiactiveentities']]); echo "</td><td class='center'>" . self::getTypeName(1) . "</td><td>"; Profile::dropdownUnder(['value' => Profile::getDefault()]); echo "</td><td>" . __('Recursive') . "</td><td>"; Dropdown::showYesNo("is_recursive", 0); echo "</td><td class='center'>"; echo "<input type='submit' name='add' value=\"" . _sx('button', 'Add') . "\" class='btn btn-primary'>"; echo "</td></tr>"; echo "</table>"; Html::closeForm(); echo "</div>"; } $iterator = self::getListForItem($user); $num = count($iterator); echo "<div class='spaced'>"; Html::openMassiveActionsForm('mass' . __CLASS__ . $rand); if ($canedit && $num) { $massiveactionparams = ['num_displayed' => min($_SESSION['glpilist_limit'], $num), 'container' => 'mass' . __CLASS__ . $rand ]; Html::showMassiveActions($massiveactionparams); } if ($num > 0) { echo "<table class='tab_cadre_fixehov'>"; $header_begin = "<tr>"; $header_top = ''; $header_bottom = ''; $header_end = ''; if ($canedit) { $header_begin .= "<th>"; $header_top .= Html::getCheckAllAsCheckbox('mass' . __CLASS__ . $rand); $header_bottom .= Html::getCheckAllAsCheckbox('mass' . __CLASS__ . $rand); $header_end .= "</th>"; } $header_end .= "<th>" . Entity::getTypeName(Session::getPluralNumber()) . "</th>"; $header_end .= "<th>" . sprintf( __('%1$s (%2$s)'), self::getTypeName(Session::getPluralNumber()), __('D=Dynamic, R=Recursive') ); $header_end .= "</th></tr>"; echo $header_begin . $header_top . $header_end; foreach ($iterator as $data) { echo "<tr class='tab_bg_1'>"; if ($canedit) { echo "<td width='10'>"; if (in_array($data["entities_id"], $_SESSION['glpiactiveentities'])) { Html::showMassiveActionCheckBox(__CLASS__, $data["linkid"]); } else { echo " "; } echo "</td>"; } echo "<td>"; $link = $data["completename"]; if ($_SESSION["glpiis_ids_visible"]) { $link = sprintf(__('%1$s (%2$s)'), $link, $data["entities_id"]); } if ($canshowentity) { echo "<a href='" . Toolbox::getItemTypeFormURL('Entity') . "?id=" . $data["entities_id"] . "'>"; } echo $link . ($canshowentity ? "</a>" : ''); echo "</td>"; if (Profile::canView()) { $entname = "<a href='" . Toolbox::getItemTypeFormURL('Profile') . "?id=" . $data["id"] . "'>" . $data["name"] . "</a>"; } else { $entname = $data["name"]; } if ($data["is_dynamic"] || $data["is_recursive"]) { $entname = sprintf(__('%1$s %2$s'), $entname, "<span class='b'>("); if ($data["is_dynamic"]) { //TRANS: letter 'D' for Dynamic $entname = sprintf(__('%1$s%2$s'), $entname, __('D')); } if ($data["is_dynamic"] && $data["is_recursive"]) { $entname = sprintf(__('%1$s%2$s'), $entname, ", "); } if ($data["is_recursive"]) { //TRANS: letter 'R' for Recursive $entname = sprintf(__('%1$s%2$s'), $entname, __('R')); } $entname = sprintf(__('%1$s%2$s'), $entname, ")</span>"); } echo "<td>" . $entname . "</td>"; echo "</tr>"; } echo $header_begin . $header_bottom . $header_end; echo "</table>"; } else { echo "<table class='tab_cadre_fixe'>"; echo "<tr><th>" . __('No item found') . "</th></tr>"; echo "</table>\n"; } if ($canedit && $num) { $massiveactionparams['ontop'] = false; Html::showMassiveActions($massiveactionparams); } Html::closeForm(); echo "</div>"; } /** * Show users of an entity * * @param $entity Entity object **/ public static function showForEntity(Entity $entity) { /** @var \DBmysql $DB */ global $DB; $ID = $entity->getField('id'); if (!$entity->can($ID, READ)) { return false; } $canedit = $entity->canEdit($ID); $canshowuser = User::canView(); $nb_per_line = 3; $rand = mt_rand(); if ($canedit) { $headerspan = $nb_per_line * 2; } else { $headerspan = $nb_per_line; } if ($canedit) { echo "<div class='firstbloc'>"; echo "<form name='entityuser_form$rand' id='entityuser_form$rand' method='post' action='"; echo Toolbox::getItemTypeFormURL(__CLASS__) . "'>"; echo "<table class='tab_cadre_fixe'>"; echo "<tr class='tab_bg_1'><th colspan='6'>" . __('Add an authorization to a user') . "</tr>"; echo "<tr class='tab_bg_1'><td class='tab_bg_2 center'>" . User::getTypeName(1) . " "; echo "<input type='hidden' name='entities_id' value='$ID'>"; User::dropdown(['right' => 'all']); echo "</td><td class='tab_bg_2 center'>" . self::getTypeName(1) . "</td><td>"; Profile::dropdownUnder(['value' => Profile::getDefault()]); echo "</td><td class='tab_bg_2 center'>" . __('Recursive') . "</td><td>"; Dropdown::showYesNo("is_recursive", 0); echo "</td><td class='tab_bg_2 center'>"; echo "<input type='submit' name='add' value=\"" . _sx('button', 'Add') . "\" class='btn btn-primary'>"; echo "</td></tr>"; echo "</table>"; Html::closeForm(); echo "</div>"; } $putable = Profile_User::getTable(); $ptable = Profile::getTable(); $utable = User::getTable(); $iterator = $DB->request([ 'SELECT' => [ "glpi_users.*", "$putable.id AS linkid", "$putable.is_recursive", "$putable.is_dynamic", "$ptable.id AS pid", "$ptable.name AS pname" ], 'FROM' => $putable, 'INNER JOIN' => [ $utable => [ 'ON' => [ $putable => 'users_id', $utable => 'id' ] ], $ptable => [ 'ON' => [ $putable => 'profiles_id', $ptable => 'id' ] ] ], 'WHERE' => [ "$utable.is_deleted" => 0, "$putable.entities_id" => $ID ], 'ORDERBY' => [ "$putable.profiles_id", "$utable.name", "$utable.realname", "$utable.firstname" ] ]); $nb = count($iterator); echo "<div class='spaced'>"; if ($canedit && $nb) { Html::openMassiveActionsForm('mass' . __CLASS__ . $rand); $massiveactionparams = ['container' => 'mass' . __CLASS__ . $rand, 'specific_actions' => ['purge' => _x('button', 'Delete permanently')] ]; Html::showMassiveActions($massiveactionparams); } echo "<table class='tab_cadre_fixehov'>"; echo "<thead><tr>"; echo "<th class='noHover' colspan='$headerspan'>"; printf(__('%1$s (%2$s)'), User::getTypeName(Session::getPluralNumber()), __('D=Dynamic, R=Recursive')); echo "</th></tr></thead>"; if ($nb) { Session::initNavigateListItems( 'User', //TRANS : %1$s is the itemtype name, %2$s is the name of the item (used for headings of a list) sprintf( __('%1$s = %2$s'), Entity::getTypeName(1), $entity->getName() ) ); $current_pid = null; $i = 0; foreach ($iterator as $data) { if ($data['pid'] != $current_pid) { echo "<tbody><tr class='noHover'>"; $reduce_header = 0; if ($canedit && $nb) { echo "<th width='10'>"; echo Html::getCheckAllAsCheckbox("profile" . $data['pid'] . "_$rand"); echo "</th>"; $reduce_header++; } echo "<th colspan='" . ($headerspan - $reduce_header) . "'>"; printf(__('%1$s: %2$s'), Profile::getTypeName(1), $data["pname"]); echo "</th></tr></tbody>"; echo "<tbody id='profile" . $data['pid'] . "_$rand'>"; $i = 0; } Session::addToNavigateListItems('User', $data["id"]); if (($i % $nb_per_line) == 0) { if ($i != 0) { echo "</tr>"; } echo "<tr class='tab_bg_1'>"; } if ($canedit) { echo "<td width='10'>"; Html::showMassiveActionCheckBox(__CLASS__, $data["linkid"]); echo "</td>"; } $username = formatUserName( $data["id"], $data["name"], $data["realname"], $data["firstname"], $canshowuser ); if ($data["is_dynamic"] || $data["is_recursive"]) { $username = sprintf(__('%1$s %2$s'), $username, "<span class='b'>("); if ($data["is_dynamic"]) { $username = sprintf(__('%1$s%2$s'), $username, __('D')); } if ($data["is_dynamic"] && $data["is_recursive"]) { $username = sprintf(__('%1$s%2$s'), $username, ", "); } if ($data["is_recursive"]) { $username = sprintf(__('%1$s%2$s'), $username, __('R')); } $username = sprintf(__('%1$s%2$s'), $username, ")</span>"); } echo "<td>" . $username . "</td>"; $i++; $current_pid = $data['pid']; if ($data['pid'] != $current_pid) { echo "</tr>"; echo "</tbody>"; } } } echo "</table>"; if ($canedit && $nb) { $massiveactionparams['ontop'] = false; Html::showMassiveActions($massiveactionparams); Html::closeForm(); } echo "</div>"; } /** * Show the User having a profile, in allowed Entity * * @param $prof Profile object **/ public static function showForProfile(Profile $prof) { /** @var \DBmysql $DB */ global $DB; $ID = $prof->fields['id']; $canedit = Session::haveRightsOr("user", [CREATE, UPDATE, DELETE, PURGE]); $rand = mt_rand(); if (!$prof->can($ID, READ)) { return false; } $utable = User::getTable(); $putable = Profile_User::getTable(); $etable = Entity::getTable(); $iterator = $DB->request([ 'SELECT' => [ "$utable.*", "$putable.entities_id AS entity", "$putable.id AS linkid", "$putable.is_dynamic", "$putable.is_recursive" ], 'DISTINCT' => true, 'FROM' => $putable, 'LEFT JOIN' => [ $etable => [ 'ON' => [ $putable => 'entities_id', $etable => 'id' ] ], $utable => [ 'ON' => [ $putable => 'users_id', $utable => 'id' ] ] ], 'WHERE' => [ "$putable.profiles_id" => $ID, "$utable.is_deleted" => 0 ] + getEntitiesRestrictCriteria($putable, 'entities_id', $_SESSION['glpiactiveentities'], true), 'ORDERBY' => "$etable.completename" ]); $nb = count($iterator); echo "<div class='spaced'>"; if ($canedit && $nb) { Html::openMassiveActionsForm('mass' . __CLASS__ . $rand); $massiveactionparams = ['num_displayed' => min($_SESSION['glpilist_limit'], $nb), 'container' => 'mass' . __CLASS__ . $rand ]; Html::showMassiveActions($massiveactionparams); } echo "<table class='tab_cadre_fixe'><tr>"; echo "<th>" . sprintf(__('%1$s: %2$s'), Profile::getTypeName(1), $prof->fields["name"]) . "</th></tr>\n"; echo "<tr><th colspan='2'>" . sprintf( __('%1$s (%2$s)'), User::getTypeName(Session::getPluralNumber()), __('D=Dynamic, R=Recursive') ) . "</th></tr>"; echo "</table>\n"; echo "<table class='tab_cadre_fixe'>"; $i = 0; $nb_per_line = 3; $rand = mt_rand(); // Just to avoid IDE warning $canedit_entity = false; if ($nb) { $temp = -1; foreach ($iterator as $data) { if ($data["entity"] != $temp) { while (($i % $nb_per_line) != 0) { if ($canedit_entity) { echo "<td width='10'> </td>"; } echo "<td class='tab_bg_1'> </td>\n"; $i++; } if ($i != 0) { echo "</table>"; echo "</div>"; echo "</td></tr>\n"; } // New entity $i = 0; $temp = $data["entity"]; $canedit_entity = $canedit && in_array($temp, $_SESSION['glpiactiveentities']); $rand = mt_rand(); echo "<tr class='tab_bg_2'>"; echo "<td>"; echo "<a href=\"javascript:showHideDiv('entity$temp$rand','imgcat$temp', '" . "fa-folder','fa-folder-open');\">"; echo "<i id='imgcat$temp' class='fa fa-folder'></i> "; echo "<span class='b'>" . Dropdown::getDropdownName('glpi_entities', $data["entity"]) . "</span>"; echo "</a>"; echo "</td></tr>\n"; echo "<tr class='tab_bg_2'><td>"; echo "<div class='center' id='entity$temp$rand' style='display:none;'>\n"; echo Html::getCheckAllAsCheckbox("entity$temp$rand") . __('All'); echo "<table class='tab_cadre_fixe'>\n"; } if (($i % $nb_per_line) == 0) { if ($i != 0) { echo "</tr>\n"; } echo "<tr class='tab_bg_1'>\n"; $i = 0; } if ($canedit_entity) { echo "<td width='10'>"; Html::showMassiveActionCheckBox(__CLASS__, $data["linkid"]); echo "</td>"; } $username = formatUserName( $data["id"], $data["name"], $data["realname"], $data["firstname"], 1 ); if ($data["is_dynamic"] || $data["is_recursive"]) { $username = sprintf(__('%1$s %2$s'), $username, "<span class='b'>("); if ($data["is_dynamic"]) { $username = sprintf(__('%1$s%2$s'), $username, __('D')); } if ($data["is_dynamic"] && $data["is_recursive"]) { $username = sprintf(__('%1$s%2$s'), $username, ", "); } if ($data["is_recursive"]) { $username = sprintf(__('%1$s%2$s'), $username, __('R')); } $username = sprintf(__('%1$s%2$s'), $username, ")</span>"); } echo "<td class='tab_bg_1'>" . $username . "</td>\n"; $i++; } if (($i % $nb_per_line) != 0) { while (($i % $nb_per_line) != 0) { if ($canedit_entity) { echo "<td width='10'> </td>"; } echo "<td class='tab_bg_1'> </td>"; $i++; } } if ($i != 0) { echo "</table>"; echo "</div>"; echo "</td></tr>\n"; } } else { echo "<tr class='tab_bg_2'><td class='tab_bg_1 center'>" . __('No user found') . "</td></tr>\n"; } echo "</table>"; if ($canedit && $nb) { $massiveactionparams['ontop'] = false; Html::showMassiveActions($massiveactionparams); Html::closeForm(); } echo "</div>\n"; } /** * Get entities for which a user have a right * * @param $user_ID user ID * @param $is_recursive check also using recursive rights (true by default) * @param $default_first user default entity first (false by default) * * @return array of entities ID **/ public static function getUserEntities($user_ID, $is_recursive = true, $default_first = false) { /** @var \DBmysql $DB */ global $DB; $iterator = $DB->request([ 'SELECT' => [ 'entities_id', 'is_recursive' ], 'DISTINCT' => true, 'FROM' => 'glpi_profiles_users', 'WHERE' => ['users_id' => (int)$user_ID] ]); $entities = []; foreach ($iterator as $data) { if ($data['is_recursive'] && $is_recursive) { $tab = getSonsOf('glpi_entities', $data['entities_id']); $entities = array_merge($tab, $entities); } else { $entities[] = $data['entities_id']; } } // Set default user entity at the beginning if ($default_first) { $user = new User(); if ($user->getFromDB((int)$user_ID)) { $ent = $user->getField('entities_id'); if (in_array($ent, $entities)) { array_unshift($entities, $ent); } } } return array_unique($entities); } /** * Get entities for which a user have a right * * @since 0.84 * @since 9.2 Add $rightname parameter * * @param integer $user_ID user ID * @param string $rightname name of the rights to check (CommonDBTM::$rightname) * @param integer $rights rights to check (may be a OR combinaison of several rights) * (exp: CommonDBTM::READ | CommonDBTM::UPDATE ...) * @param boolean $is_recursive check also using recursive rights (true by default) * * @return array of entities ID **/ public static function getUserEntitiesForRight($user_ID, $rightname, $rights, $is_recursive = true) { /** @var \DBmysql $DB */ global $DB; $putable = Profile_User::getTable(); $ptable = Profile::getTable(); $prtable = ProfileRight::getTable(); $iterator = $DB->request([ 'SELECT' => [ "$putable.entities_id", "$putable.is_recursive" ], 'DISTINCT' => true, 'FROM' => $putable, 'INNER JOIN' => [ $ptable => [ 'ON' => [ $putable => 'profiles_id', $ptable => 'id' ] ], $prtable => [ 'ON' => [ $prtable => 'profiles_id', $ptable => 'id' ] ] ], 'WHERE' => [ "$putable.users_id" => (int)$user_ID, "$prtable.name" => $rightname, "$prtable.rights" => ['&', $rights] ] ]); if (count($iterator) > 0) { $entities = []; foreach ($iterator as $data) { if ($data['is_recursive'] && $is_recursive) { $tab = getSonsOf('glpi_entities', $data['entities_id']); $entities = array_merge($tab, $entities); } else { $entities[] = $data['entities_id']; } } return array_unique($entities); } return []; } /** * Get user profiles (no entity association, use sqlfilter if needed) * * @since 9.3 can pass sqlfilter as a parameter * * @param $user_ID user ID * @param $sqlfilter string additional filter (default []) * * @return array of the IDs of the profiles **/ public static function getUserProfiles($user_ID, $sqlfilter = []) { /** @var \DBmysql $DB */ global $DB; $profiles = []; $where = ['users_id' => (int)$user_ID]; if (count($sqlfilter) > 0) { $where = $where + $sqlfilter; } $iterator = $DB->request([ 'SELECT' => 'profiles_id', 'DISTINCT' => true, 'FROM' => 'glpi_profiles_users', 'WHERE' => $where ]); foreach ($iterator as $data) { $profiles[$data['profiles_id']] = $data['profiles_id']; } return $profiles; } /** * retrieve the entities allowed to a user for a profile * * @param $users_id Integer ID of the user * @param $profiles_id Integer ID of the profile * @param $child Boolean when true, include child entity when recursive right * (false by default) * * @return Array of entity ID **/ public static function getEntitiesForProfileByUser($users_id, $profiles_id, $child = false) { /** @var \DBmysql $DB */ global $DB; $iterator = $DB->request([ 'SELECT' => ['entities_id', 'is_recursive'], 'FROM' => self::getTable(), 'WHERE' => [ 'users_id' => (int)$users_id, 'profiles_id' => (int)$profiles_id ] ]); $entities = []; foreach ($iterator as $data) { if ( $child && $data['is_recursive'] ) { foreach (getSonsOf('glpi_entities', $data['entities_id']) as $id) { $entities[$id] = $id; } } else { $entities[$data['entities_id']] = $data['entities_id']; } } return $entities; } /** * retrieve the entities associated to a user * * @param $users_id Integer ID of the user * @param $child Boolean when true, include child entity when recursive right * (false by default) * * @since 0.85 * * @return Array of entity ID **/ public static function getEntitiesForUser($users_id, $child = false) { /** @var \DBmysql $DB */ global $DB; $iterator = $DB->request([ 'SELECT' => ['entities_id', 'is_recursive'], 'FROM' => 'glpi_profiles_users', 'WHERE' => ['users_id' => (int)$users_id] ]); $entities = []; foreach ($iterator as $data) { if ( $child && $data['is_recursive'] ) { foreach (getSonsOf('glpi_entities', $data['entities_id']) as $id) { $entities[$id] = $id; } } else { $entities[$data['entities_id']] = $data['entities_id']; } } return $entities; } /** * Get entities for which a user have a right * * @param $user_ID user ID * @param $only_dynamic get only recursive rights (false by default) * * @return array of entities ID **/ public static function getForUser($user_ID, $only_dynamic = false) { $condition = ['users_id' => (int)$user_ID]; if ($only_dynamic) { $condition['is_dynamic'] = 1; } return getAllDataFromTable('glpi_profiles_users', $condition); } /** * @param $user_ID * @param $profile_id **/ public static function haveUniqueRight($user_ID, $profile_id) { /** @var \DBmysql $DB */ global $DB; $result = $DB->request([ 'COUNT' => 'cpt', 'FROM' => self::getTable(), 'WHERE' => [ 'users_id' => (int)$user_ID, 'profiles_id' => (int)$profile_id ] ])->current(); return $result['cpt']; } /** * @param $user_ID * @param $only_dynamic (false by default) **/ public static function deleteRights($user_ID, $only_dynamic = false) { $crit = [ 'users_id' => (int)$user_ID, ]; if ($only_dynamic) { $crit['is_dynamic'] = '1'; } $obj = new self(); $obj->deleteByCriteria($crit); } public function rawSearchOptions() { $tab = []; $tab[] = [ 'id' => 'common', 'name' => __('Characteristics') ]; $tab[] = [ 'id' => '2', 'table' => $this->getTable(), 'field' => 'id', 'name' => __('ID'), 'massiveaction' => false, 'datatype' => 'number' ]; $tab[] = [ 'id' => '3', 'table' => $this->getTable(), 'field' => 'is_dynamic', 'name' => __('Dynamic'), 'datatype' => 'bool', 'massiveaction' => false ]; $tab[] = [ 'id' => '4', 'table' => 'glpi_profiles', 'field' => 'name', 'name' => self::getTypeName(1), 'datatype' => 'dropdown', 'massiveaction' => false ]; $tab[] = [ 'id' => '5', 'table' => 'glpi_users', 'field' => 'name', 'name' => User::getTypeName(1), 'massiveaction' => false, 'datatype' => 'dropdown', 'right' => 'all' ]; $tab[] = [ 'id' => '80', 'table' => 'glpi_entities', 'field' => 'completename', 'name' => Entity::getTypeName(1), 'massiveaction' => true, 'datatype' => 'dropdown' ]; $tab[] = [ 'id' => '86', 'table' => $this->getTable(), 'field' => 'is_recursive', 'name' => __('Child entities'), 'datatype' => 'bool', 'massiveaction' => false ]; return $tab; } public static function getTypeName($nb = 0) { return _n('Profile', 'Profiles', $nb); } protected function computeFriendlyName() { $name = sprintf( __('%1$s, %2$s'), Dropdown::getDropdownName('glpi_profiles', $this->fields['profiles_id']), Dropdown::getDropdownName('glpi_entities', $this->fields['entities_id']) ); if (isset($this->fields['is_dynamic']) && $this->fields['is_dynamic']) { //TRANS: D for Dynamic $dyn = __('D'); $name = sprintf(__('%1$s, %2$s'), $name, $dyn); } if (isset($this->fields['is_recursive']) && $this->fields['is_recursive']) { //TRANS: R for Recursive $rec = __('R'); $name = sprintf(__('%1$s, %2$s'), $name, $rec); } return $name; } public function getTabNameForItem(CommonGLPI $item, $withtemplate = 0) { /** @var \DBmysql $DB */ global $DB; if (!$withtemplate) { $nb = 0; switch ($item->getType()) { case 'Entity': if (Session::haveRight('user', READ)) { if ($_SESSION['glpishow_count_on_tabs']) { $count = $DB->request([ 'COUNT' => 'cpt', 'FROM' => $this->getTable(), 'LEFT JOIN' => [ User::getTable() => [ 'FKEY' => [ $this->getTable() => 'users_id', User::getTable() => 'id' ] ] ], 'WHERE' => [ User::getTable() . '.is_deleted' => 0, $this->getTable() . '.entities_id' => $item->getID() ] ])->current(); $nb = $count['cpt']; } return self::createTabEntry(User::getTypeName(Session::getPluralNumber()), $nb); } break; case 'Profile': if (Session::haveRight('user', READ)) { if ($_SESSION['glpishow_count_on_tabs']) { $nb = self::countForItem($item); } return self::createTabEntry(User::getTypeName(Session::getPluralNumber()), $nb); } break; case 'User': if ($_SESSION['glpishow_count_on_tabs']) { $nb = self::countForItem($item); } return self::createTabEntry(_n( 'Authorization', 'Authorizations', Session::getPluralNumber() ), $nb); } } return ''; } public static function displayTabContentForItem(CommonGLPI $item, $tabnum = 1, $withtemplate = 0) { switch ($item->getType()) { case 'Entity': self::showForEntity($item); break; case 'Profile': self::showForProfile($item); break; case 'User': self::showForUser($item); break; } return true; } /** * @since 0.85 * * @see CommonDBRelation::getRelationMassiveActionsSpecificities() **/ public static function getRelationMassiveActionsSpecificities() { $specificities = parent::getRelationMassiveActionsSpecificities(); $specificities['dropdown_method_2'] = 'dropdownUnder'; $specificities['can_remove_all_at_once'] = false; return $specificities; } /** * @since 0.85 * * @see CommonDBRelation::showRelationMassiveActionsSubForm() **/ public static function showRelationMassiveActionsSubForm(MassiveAction $ma, $peer_number) { if ( ($ma->getAction() == 'add') && ($peer_number == 2) ) { echo "<br><br>" . sprintf(__('%1$s: %2$s'), Entity::getTypeName(1), ''); Entity::dropdown(['entity' => $_SESSION['glpiactiveentities']]); echo "<br><br>" . sprintf(__('%1$s: %2$s'), __('Recursive'), ''); Html::showCheckbox(['name' => 'is_recursive']); } } /** * @since 0.85 * * @see CommonDBRelation::getRelationInputForProcessingOfMassiveActions() **/ public static function getRelationInputForProcessingOfMassiveActions( $action, CommonDBTM $item, array $ids, array $input ) { $result = []; if (isset($input['entities_id'])) { $result['entities_id'] = $input['entities_id']; } if (isset($input['is_recursive'])) { $result['is_recursive'] = $input['is_recursive']; } return $result; } /** * Get linked items list for specified item * * @since 9.3.1 * * @param CommonDBTM $item Item instance * @param boolean $noent Flag to not compute entity information (see Document_Item::getListForItemParams) * * @return array */ protected static function getListForItemParams(CommonDBTM $item, $noent = false) { $params = parent::getListForItemParams($item, $noent); $params['SELECT'][] = self::getTable() . '.entities_id'; $params['SELECT'][] = self::getTable() . '.is_recursive'; $params['SELECT'][] = 'glpi_entities.completename AS completename'; $params['LEFT JOIN']['glpi_entities'] = [ 'FKEY' => [ self::getTable() => 'entities_id', 'glpi_entities' => 'id' ] ]; return $params; } /** * Check if this Profile_User is the last authorization of the last super-admin * profile (a "super-admin profile" is a profile that can edit other profiles) * * @return bool */ protected function isLastSuperAdminAuthorization(): bool { $profile = Profile::getById($this->fields["profiles_id"]); if (!$profile->isLastSuperAdminProfile()) { // Can't be the last super admin auth if not targeting the last // super admin profile return false; } // Find all active authorizations for the current profile (which is the last super admin profile) $super_admin_authorizations = $this->find([ 'profiles_id' => $this->fields['profiles_id'], 'users_id' => new QuerySubQuery([ 'SELECT' => 'id', 'FROM' => 'glpi_users', 'WHERE' => ['is_active' => 1, 'is_deleted' => 0], ]) ]); $authorizations_ids = array_column($super_admin_authorizations, 'id'); return count($authorizations_ids) == 1 // Only one super admin auth && $authorizations_ids[0] == $this->fields['id'] // Id match this auth ; } public function post_addItem() { $this->logOperation('add'); } public function post_deleteFromDB() { $this->logOperation('delete'); } /** * Log add/delete operation. * @param string $type */ private function logOperation(string $type): void { if ((isset($this->input['_no_history']) && $this->input['_no_history'])) { return; } $profile_flags = []; if ((bool)$this->fields['is_dynamic']) { //TRANS: letter 'D' for Dynamic $profile_flags[] = __('D'); } if ((bool)$this->fields['is_recursive']) { //TRANS: letter 'D' for Dynamic $profile_flags[] = __('R'); } $user = User::getById($this->fields['users_id']); $profile = Profile::getById($this->fields['profiles_id']); $entity = Entity::getById($this->fields['entities_id']); $username = $user->getNameID(['forceid' => true, 'complete' => 1]); $profilename = $profile->getNameID(['forceid' => true, 'complete' => 1]); $entityname = $entity->getNameID(['forceid' => true, 'complete' => 1]); // Log on user if ($user->dohistory) { $log_entry = sprintf(__('%1$s, %2$s'), $entityname, $profilename); if (count($profile_flags) > 0) { $log_entry = sprintf(__('%s (%s)'), $log_entry, implode(', ', $profile_flags)); } $log_entry = Sanitizer::dbEscape($log_entry); $changes = [ '0', $type === 'delete' ? $log_entry : '', $type === 'add' ? $log_entry : '', ]; Log::history( $user->getID(), $user->getType(), $changes, $profile->getType(), constant(sprintf('Log::HISTORY_%s_SUBITEM', strtoupper($type))) ); } // Log on profile if ($profile->dohistory) { $log_entry = sprintf(__('%1$s, %2$s'), $username, $entityname); if (count($profile_flags) > 0) { $log_entry = sprintf(__('%s (%s)'), $log_entry, implode(', ', $profile_flags)); } $changes = [ '0', $type === 'delete' ? $log_entry : '', $type === 'add' ? $log_entry : '', ]; Log::history( $profile->getID(), $profile->getType(), $changes, $user->getType(), constant(sprintf('Log::HISTORY_%s_SUBITEM', strtoupper($type))) ); } // Log on entity if ($entity->dohistory) { $log_entry = sprintf(__('%1$s, %2$s'), $username, $profilename); if (count($profile_flags) > 0) { $log_entry = sprintf(__('%s (%s)'), $log_entry, implode(', ', $profile_flags)); } $changes = [ '0', $type === 'delete' ? $log_entry : '', $type === 'add' ? $log_entry : '', ]; Log::history( $entity->getID(), $entity->getType(), $changes, $user->getType(), constant(sprintf('Log::HISTORY_%s_SUBITEM', strtoupper($type))) ); } } }