Context Navigation

class.uisectors.inc.php @ 1685

Revision 1685, 12.1 KB checked in by niltonneto, 14 years ago (diff)
Ticket #773 - Correção de problema crítico no acesso indevido aos links do Admin.
Property svn:eol-style set to `native` Property svn:executable set to ``*

Line
1	<?php
2	/************************************************************************************\
3	* Expresso Administração *
4	* by Joao Alfredo Knopik Junior (joao.alfredo@gmail.com, jakjr@celepar.pr.gov.br) *
5	* -----------------------------------------------------------------------------------*
6	* This program is free software; you can redistribute it and/or modify it *
7	* under the terms of the GNU General Public License as published by the *
8	* Free Software Foundation; either version 2 of the License, or (at your *
9	* option) any later version. *
10	\************************************************************************************/
11
12	class uisectors
13	{
14	var $public_functions = array
15	(
16	'list_sectors' => True,
17	'add_sector' => True,
18	'validate_data_sectors_add' => True,
19	'edit_sector' => True,
20	'validate_data_sectors_edit' => True,
21	'delete_sector' => True,
22	'css' => True
23	);
24
25	var $bo;
26	var $nextmatchs;
27	var $functions;
28
29	function uisectors()
30	{
31	$this->bo = CreateObject('expressoAdmin1_2.bosectors');
32	$this->so = $this->bo->so;
33	$this->functions = $this->bo->functions;
34	$this->nextmatchs = createobject('phpgwapi.nextmatchs');
35	}
36
37	function list_sectors()
38	{
39	$manager_lid = $GLOBALS['phpgw']->accounts->data['account_lid'];
40	$acl = $this->functions->read_acl($manager_lid);
41	$contexts = $acl['contexts'];
42	foreach ($acl['contexts_display'] as $index=>$tmp_context)
43	{
44	$context_display .= '<br>'.$tmp_context;
45	}
46
47	// Verifica se o administrador tem acesso.
48	if (!$this->functions->check_acl($manager_lid,'list_sectors'))
49	{
50	$GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/expressoAdmin1_2/inc/access_denied.php'));
51	}
52
53	unset($GLOBALS['phpgw_info']['flags']['noheader']);
54	unset($GLOBALS['phpgw_info']['flags']['nonavbar']);
55
56	$GLOBALS['phpgw_info']['flags']['app_header'] = $GLOBALS['phpgw_info']['apps']['expressoAdmin1_2']['title'].' - '.lang('Sectors');
57	$GLOBALS['phpgw']->common->phpgw_header();
58
59	$p = CreateObject('phpgwapi.Template',PHPGW_APP_TPL);
60	$p->set_file(array('sectors' => 'sectors.tpl'));
61	$p->set_block('sectors','list','list');
62	$p->set_block('sectors','row','row');
63	$p->set_block('sectors','row_empty','row_empty');
64
65	$sectors_info = $this->functions->get_sectors_list($contexts);
66
67	$var = Array(
68	'th_bg' => $GLOBALS['phpgw_info']['theme']['th_bg'],
69	'back_url' => $GLOBALS['phpgw']->link('/expressoAdmin1_2/index.php'),
70	'context_display' => $context_display,
71	'lang_inactives' => lang('list inactives')
72	);
73	$p->set_var($var);
74	$p->set_var($this->functions->make_dinamic_lang($p, 'list'));
75
76	if (!count($sectors_info))
77	{
78	$p->set_var('message',lang('No matches found'));
79	$p->parse('rows','row_empty',True);
80	}
81	else
82	{
83	if ($this->functions->check_acl($manager_lid,'edit_sectors'))
84	{
85	$can_edit = True;
86	}
87
88	if ($this->functions->check_acl($manager_lid,'delete_sectors'))
89	{
90	$can_delete = True;
91	}
92
93	foreach($sectors_info as $context=>$sector)
94	{
95	$tr_color = $this->nextmatchs->alternate_row_color($tr_color);
96
97	$var = Array(
98	'tr_color' => $tr_color,
99	'sector_name' => $sector,
100	'add_link' => $this->row_action('add','sector',$context)
101	);
102	if(isset($GLOBALS['phpgw_info']['server']['time_to_account_expires']))
103	$var['inactives_link'] = $this->row_action('list_inactive','users',$context,'uiaccounts');
104	else
105	$var['inactives_link'] = lang('disabled');
106
107	$p->set_var($var);
108
109	if ($can_edit)
110	{
111	$p->set_var('edit_link',$this->row_action('edit','sector',$context));
112	}
113	else
114	{
115	$p->set_var('edit_link',' ');
116	}
117
118	if ($can_delete)
119	{
120	$p->set_var('delete_link',$this->row_action('delete','sector',$context));
121	}
122	else
123	{
124	$p->set_var('delete_link',' ');
125	}
126
127	$p->fp('rows','row',True);
128	}
129	}
130	$var = Array(
131	'action' => $GLOBALS['phpgw']->link('/index.php','menuaction=expressoAdmin1_2.uisectors.add_sector')
132	);
133	$p->set_var($var);
134
135	$p->set_var('input_add','<input type="submit" value="' . lang('Add Sectors') . '">');
136
137	$p->parse('rows','row_empty',True);
138	$p->pfp('out','list');
139	}
140
141
142	function add_sector($context='')
143	{
144	$manager_lid = $GLOBALS['phpgw']->accounts->data['account_lid'];
145	$acl = $this->functions->read_acl($manager_lid);
146
147	$manager_contexts = $acl['contexts'];
148	$combo_manager_org = '';
149
150	if ( array_key_exists( 'context', $_GET ) )
151	{
152	$context = $_GET['context'];
153	$combo_manager_org = $this->functions->get_organizations( $context, '', true, true, true );
154	}
155	else
156	{
157	foreach ($manager_contexts as $index=>$context)
158	$combo_manager_org .= $this->functions->get_organizations( $context );
159	}
160
161	// Verifica se tem acesso a este modulo
162	if (!$this->functions->check_acl($manager_lid,'create_sectors'))
163	{
164	$GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/expressoAdmin1_2/inc/access_denied.php'));
165	}
166
167	unset($GLOBALS['phpgw_info']['flags']['noheader']);
168	unset($GLOBALS['phpgw_info']['flags']['nonavbar']);
169	$GLOBALS['phpgw_info']['flags']['app_header'] = $GLOBALS['phpgw_info']['apps']['expressoAdmin1_2']['title'].' - '.lang('Create Sector');
170	$GLOBALS['phpgw']->common->phpgw_header();
171
172	// Set o template
173	$p = CreateObject('phpgwapi.Template',PHPGW_APP_TPL);
174	$p->set_file(Array('create_sector' => 'sectors_form.tpl'));
175	$p->set_block('create_sector','list','list');
176
177	// Seta variaveis utilizadas pelo tpl.
178	$var = Array(
179	'action' => $GLOBALS['phpgw']->link('/index.php','menuaction=expressoAdmin1_2.uisectors.validate_data_sectors_add'),
180	'back_url' => $GLOBALS['phpgw']->link('/index.php','menuaction=expressoAdmin1_2.uisectors.list_sectors'),
181	'th_bg' => $GLOBALS['phpgw_info']['theme']['th_bg'],
182	'context' => $context == '' ? $GLOBALS['phpgw_info']['server']['ldap_context'] : $context,
183	'sector' => $_POST['sector'],
184	'manager_org' => $combo_manager_org,
185	'sector_visible_checked'=> $_POST['sector_visible'] ? 'checked' : '',
186	'error_messages' => $_POST['error_messages'] == '' ? '' : "<script type='text/javascript'>alert('".$_POST['error_messages']."')</script>",
187	);
188	$p->set_var($var);
189	$p->set_var($this->functions->make_dinamic_lang($p, 'list'));
190
191	$p->pfp('out','create_sector');
192	}
193
194	function edit_sector()
195	{
196	$account_lid = $GLOBALS['phpgw']->accounts->data['account_lid'];
197	$acl = $this->functions->read_acl($account_lid);
198	$manager_context = $acl[0]['context'];
199
200	$context = $_GET['context'];
201
202	$combo_manager_org = $this->functions->get_organizations($_GET['context'], '', true, true, true);
203	$combo_manager_org = substr( $combo_manager_org, 0, ( strpos($combo_manager_org, '</option>') + 9 ) );
204
205	$a_tmp = explode(",", ldap_dn2ufn($context));
206	$sector_name = $a_tmp[0];
207
208	// Verifica se tem acesso a este modulo
209	if (!$this->functions->check_acl($account_lid,'edit_sectors'))
210	{
211	$GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/expressoAdmin1_2/inc/access_denied.php'));
212	}
213
214	unset($GLOBALS['phpgw_info']['flags']['noheader']);
215	unset($GLOBALS['phpgw_info']['flags']['nonavbar']);
216	$GLOBALS['phpgw_info']['flags']['app_header'] = $GLOBALS['phpgw_info']['apps']['expressoAdmin1_2']['title'].' - '.lang('Edit Sector');
217	$GLOBALS['phpgw']->common->phpgw_header();
218
219	// Set o template
220	$p = CreateObject('phpgwapi.Template',PHPGW_APP_TPL);
221	$p->set_file(Array('edit_sector' => 'sectors_form.tpl'));
222	$p->set_block('edit_sector','list','list');
223
224	if (!$_POST)
225	{
226	$sector_info = $this->so->get_info($context);
227	$_POST['sector_visible'] = $sector_info[0]['phpgwaccountvisible'][0];
228	}
229
230	// Seta variaveis utilizadas pelo tpl.
231	$var = Array(
232	'action' => $GLOBALS['phpgw']->link('/index.php','menuaction=expressoAdmin1_2.bosectors.save_sector'),
233	'back_url' => $GLOBALS['phpgw']->link('/index.php','menuaction=expressoAdmin1_2.uisectors.list_sectors'),
234	'th_bg' => $GLOBALS['phpgw_info']['theme']['th_bg'],
235	'context' => $context == '' ? $manager_context : $context,
236	'sector' => $_POST['sector'] == '' ? $sector_name : $_POST['sector'],
237	'manager_org' => $combo_manager_org,
238	'sector_visible_checked'=> $_POST['sector_visible'] ? 'checked' : '',
239
240	'lang_add' => lang('Add'),
241	'disable' => 'disabled',
242	'error_messages' => $_POST['error_messages'] == '' ? '' : "<script type='text/javascript'>alert('".$_POST['error_messages']."')</script>",
243	);
244	$p->set_var($var);
245	$p->set_var($this->functions->make_dinamic_lang($p, 'list'));
246
247	$p->pfp('out','edit_sector');
248	}
249
250	function validate_data_sectors_add()
251	{
252	$sector_name = $_POST['sector'];
253	$context = $_POST['context'];
254
255	// Verifica se o nome do sector nao esta vazio.
256	if ($sector_name == '')
257	{
258	$_POST['error_messages'] = lang('Sector name is empty.');
259	ExecMethod('expressoAdmin1_2.uisectors.add_sector');
260	return;
261	}
262
263	// Verifica se o nome do setor existe no contexto atual.
264	if ($this->so->exist_sector_name($sector_name, $context))
265	{
266	$_POST['error_messages'] = lang('Sector name already exist.');
267	ExecMethod('expressoAdmin1_2.uisectors.add_sector');
268	return;
269	}
270
271	ExecMethod('expressoAdmin1_2.bosectors.create_sector');
272	}
273
274	function delete_sector()
275	{
276	$account_lid = $GLOBALS['phpgw']->accounts->data['account_lid'];
277	$acl = $this->functions->read_acl($account_lid);
278	$manager_context = $acl[0]['context'];
279
280	// Verifica se tem acesso a este modulo
281	if (!$this->functions->check_acl($account_lid,'delete_sectors'))
282	{
283	$GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/expressoAdmin1_2/inc/access_denied.php'));
284	}
285
286	unset($GLOBALS['phpgw_info']['flags']['noheader']);
287	unset($GLOBALS['phpgw_info']['flags']['nonavbar']);
288	$GLOBALS['phpgw_info']['flags']['app_header'] = $GLOBALS['phpgw_info']['apps']['expressoAdmin1_2']['title'].' - '.lang('Delete Sectors');
289	$GLOBALS['phpgw']->common->phpgw_header();
290
291	// Set o template
292	$p = CreateObject('phpgwapi.Template',PHPGW_APP_TPL);
293	$p->set_file(Array('delete_sector' => 'sectors_delete.tpl'));
294	$p->set_block('delete_sector','list','list');
295
296	$tmp_sector_name = $_GET['context'];
297	$tmp_sector_name = explode(",",$tmp_sector_name);
298	$tmp_sector_name = $tmp_sector_name[0];
299	$tmp_sector_name = explode("=", $tmp_sector_name);
300	$sector_name = $tmp_sector_name[1];
301
302	// Get users of sector
303	$sector_users = $this->so->get_sector_users($_GET['context']);
304	$sector_groups = $this->so->get_sector_groups($_GET['context']);
305	$sector_subsectors = $this->so->get_sector_subsectors($_GET['context']);
306
307	$users_list = '';
308	foreach ($sector_users as $user)
309	{
310	$users_list .= $user['cn'][0] . '<br>';
311	}
312
313	$groups_list = '';
314	foreach ($sector_groups as $group)
315	{
316	$groups_list .= $group['cn'][0] . '<br>';
317	}
318
319	$subsectors_list = '';
320	foreach ($sector_subsectors as $subsector)
321	{
322	if ($subsector['dn'] != $_GET['context'])
323	$subsectors_list .= $subsector['ou'][0] . '<br>';
324	}
325
326	// Seta variaveis utilizadas pelo tpl.
327	$var = Array(
328	'color_bg1' => "#E8F0F0",
329	'manager_context' => $manager_context,
330	'dn' => $_GET['context'],
331	'back_url' => $GLOBALS['phpgw']->link('/index.php','menuaction=expressoAdmin1_2.uisectors.list_sectors'),
332	'action' => $GLOBALS['phpgw']->link('/index.php','menuaction=expressoAdmin1_2.bosectors.delete_sector'),
333
334	'sector_name' => $sector_name,
335	'users_list' => $users_list,
336	'groups_list' => $groups_list,
337	'sectors_list' => $subsectors_list
338	);
339	$p->set_var($var);
340	$p->set_var($this->functions->make_dinamic_lang($p, 'list'));
341	$p->pfp('out','delete_sector');
342	}
343
344	function row_action($action,$type,$context,$class='uisectors')
345	{
346	return '<a href="'.$GLOBALS['phpgw']->link('/index.php',Array(
347	'menuaction' => 'expressoAdmin1_2.'.$class.'.'.$action.'_'.$type,
348	'context' => $context
349	)).'"> '.lang($action).' </a>';
350	}
351
352	function css()
353	{
354	$appCSS = '';
355	return $appCSS;
356	}
357
358	}
359	?>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: branches/2.0/expressoAdmin1_2/inc/class.uisectors.inc.php @ 1685

Download in other formats: