1 | <?php |
---|
2 | require_once(GALAXIA_LIBRARY.SEP.'src'.SEP.'ProcessManager'.SEP.'BaseManager.php'); |
---|
3 | |
---|
4 | /** |
---|
5 | * Adds, removes, modifies and lists roles used in the Workflow engine. |
---|
6 | * Roles are managed in a per-process level, each role belongs to some process |
---|
7 | * |
---|
8 | * @package Galaxia |
---|
9 | * @license http://www.gnu.org/copyleft/gpl.html GPL |
---|
10 | * @todo Add a method to check if a role name exists in a process to prevent duplicate names |
---|
11 | */ |
---|
12 | class RoleManager extends BaseManager { |
---|
13 | |
---|
14 | /** |
---|
15 | * Constructor |
---|
16 | * |
---|
17 | * @param object &$db ADOdb |
---|
18 | * @return object RoleManager |
---|
19 | * @access public |
---|
20 | */ |
---|
21 | function RoleManager() |
---|
22 | { |
---|
23 | parent::Base(); |
---|
24 | $this->child_name = 'RoleManager'; |
---|
25 | } |
---|
26 | |
---|
27 | /** |
---|
28 | * Gets role id |
---|
29 | * |
---|
30 | * @param int $pid Process id |
---|
31 | * @param string $name Role name |
---|
32 | * @access public |
---|
33 | * @return string |
---|
34 | */ |
---|
35 | function get_role_id($pid,$name) |
---|
36 | { |
---|
37 | $name = addslashes($name); |
---|
38 | return ($this->getOne('select wf_role_id from '.GALAXIA_TABLE_PREFIX.'roles where wf_name=? and wf_p_id=?', array($name, $pid))); |
---|
39 | } |
---|
40 | |
---|
41 | /** |
---|
42 | * Gets a role |
---|
43 | * |
---|
44 | * @param int $pId Process Id |
---|
45 | * @param int $roleId Role Id |
---|
46 | * @return array |
---|
47 | * @access public |
---|
48 | */ |
---|
49 | function get_role($pId, $roleId) |
---|
50 | { |
---|
51 | $query = 'select * from `'.GALAXIA_TABLE_PREFIX.'roles` where `wf_p_id`=? and `wf_role_id`=?'; |
---|
52 | $result = $this->query($query,array($pId, $roleId)); |
---|
53 | $res = $result->fetchRow(); |
---|
54 | return $res; |
---|
55 | } |
---|
56 | |
---|
57 | /** |
---|
58 | * Indicates if a role exists |
---|
59 | * |
---|
60 | * @param int $pid Process Id |
---|
61 | * @param string $name Role name |
---|
62 | * @return int Number of roles with this name on this process |
---|
63 | * @access public |
---|
64 | */ |
---|
65 | function role_name_exists($pid,$name) |
---|
66 | { |
---|
67 | $name = addslashes($name); |
---|
68 | return ($this->getOne('select count(*) from '.GALAXIA_TABLE_PREFIX.'roles where wf_p_id=? and wf_name=?', array($pid, $name))); |
---|
69 | } |
---|
70 | |
---|
71 | /** |
---|
72 | * Maps a user to a role |
---|
73 | * |
---|
74 | * @param int $pId Process id |
---|
75 | * @param int $user User id |
---|
76 | * @param int $roleId Role id |
---|
77 | * @param string $account_type User account type |
---|
78 | * @return void |
---|
79 | * @access public |
---|
80 | */ |
---|
81 | function map_user_to_role($pId,$user,$roleId,$account_type='u') |
---|
82 | { |
---|
83 | $query = 'delete from `'.GALAXIA_TABLE_PREFIX.'user_roles` where wf_p_id=? AND wf_account_type=? and `wf_role_id`=? and `wf_user`=?'; |
---|
84 | $this->query($query,array($pId, $account_type,$roleId, $user)); |
---|
85 | $query = 'insert into '.GALAXIA_TABLE_PREFIX.'user_roles (wf_p_id, wf_user, wf_role_id ,wf_account_type) |
---|
86 | values(?,?,?,?)'; |
---|
87 | $this->query($query,array($pId,$user,$roleId,$account_type)); |
---|
88 | } |
---|
89 | |
---|
90 | /** |
---|
91 | * Removes a mapping |
---|
92 | * |
---|
93 | * @param int $user User id |
---|
94 | * @param int $roleId Role id |
---|
95 | * @return void |
---|
96 | * @access public |
---|
97 | */ |
---|
98 | function remove_mapping($user,$roleId) |
---|
99 | { |
---|
100 | $query = 'delete from `'.GALAXIA_TABLE_PREFIX.'user_roles` where `wf_user`=? and `wf_role_id`=?'; |
---|
101 | $this->query($query,array($user, $roleId)); |
---|
102 | } |
---|
103 | |
---|
104 | /** |
---|
105 | * Deletes all existing mappings concerning one user |
---|
106 | * |
---|
107 | * @param int $user User id |
---|
108 | * @return void |
---|
109 | * @access public |
---|
110 | */ |
---|
111 | function remove_user($user) |
---|
112 | { |
---|
113 | $query = 'delete from '.GALAXIA_TABLE_PREFIX.'user_roles where wf_user=?'; |
---|
114 | $this->query($query,array($user)); |
---|
115 | } |
---|
116 | |
---|
117 | /** |
---|
118 | * Transfers all existing mappings concerning one user to another user |
---|
119 | * |
---|
120 | * @param array $user_array Associative, keys are: 'old_user': current user id and 'new_user', the new user id |
---|
121 | * @return void |
---|
122 | * @access public |
---|
123 | */ |
---|
124 | function transfer_user($user_array) |
---|
125 | { |
---|
126 | $query = 'update '.GALAXIA_TABLE_PREFIX.'user_roles set wf_user=? where wf_user=?'; |
---|
127 | $this->query($query,array($user_array['new_user'], $user_array['old_user'])); |
---|
128 | } |
---|
129 | |
---|
130 | /** |
---|
131 | * Gets list of roles/users mappings for a given process |
---|
132 | * |
---|
133 | * @param int $pId Process id, mappings are returned for a complete process |
---|
134 | * @param int $offset Starting record of the returned array |
---|
135 | * @param int $maxRecords Maximum number of records for the returned array |
---|
136 | * @param string $sort_mode Sort order for the query, like 'wf_name__ASC' |
---|
137 | * @param string $find Searched in role name, role description or user/group name |
---|
138 | * @return array Having for each row [wf_name] (role name),[wf_role_id],[wf_user] and [wf_account_type] ('u' user or 'g' group), |
---|
139 | * Be aware 'cause you may have the same user or group several times if mapped to several roles |
---|
140 | * @access public |
---|
141 | */ |
---|
142 | function list_mappings($pId,$offset,$maxRecords,$sort_mode,$find) { |
---|
143 | $sort_mode = $this->convert_sortmode($sort_mode); |
---|
144 | $whereand = ' and gur.wf_p_id=? '; |
---|
145 | $bindvars = Array($pId); |
---|
146 | if($find) |
---|
147 | { |
---|
148 | // no more quoting here - this is done in bind vars already |
---|
149 | $findesc = '%'.$find.'%'; |
---|
150 | $whereand .= ' and ((wf_name like ?) or (wf_user like ?) or (wf_description like ?)) '; |
---|
151 | $bindvars[] = $findesc; |
---|
152 | $bindvars[] = $findesc; |
---|
153 | $bindvars[] = $findesc; |
---|
154 | } |
---|
155 | |
---|
156 | $query = "select wf_name,gr.wf_role_id,wf_user,wf_account_type from |
---|
157 | ".GALAXIA_TABLE_PREFIX."roles gr, |
---|
158 | ".GALAXIA_TABLE_PREFIX."user_roles gur |
---|
159 | where gr.wf_role_id=gur.wf_role_id |
---|
160 | $whereand"; |
---|
161 | $result = $this->query($query,$bindvars, $maxRecords, $offset, true, $sort_mode); |
---|
162 | $query_cant = "select count(*) from |
---|
163 | ".GALAXIA_TABLE_PREFIX."roles gr, |
---|
164 | ".GALAXIA_TABLE_PREFIX."user_roles gur |
---|
165 | where gr.wf_role_id=gur.wf_role_id |
---|
166 | $whereand"; |
---|
167 | $cant = $this->getOne($query_cant,$bindvars); |
---|
168 | |
---|
169 | $ret = Array(); |
---|
170 | while($res = $result->fetchRow()) { |
---|
171 | $ret[] = $res; |
---|
172 | } |
---|
173 | $retval = Array(); |
---|
174 | $retval["data"] = $ret; |
---|
175 | $retval["cant"] = $cant; |
---|
176 | return $retval; |
---|
177 | } |
---|
178 | |
---|
179 | /** |
---|
180 | * Gets a list of users/groups mapped for a given process. Can expand groups to real users in the result and can restrict mappings to a given subset of roles and or activities |
---|
181 | * |
---|
182 | * @param int $pId Process id, mappings are returned for a complete process by default (see param roles_subset or activities_subset) |
---|
183 | * @param bool $expand_groups If true (false by default) we are not giving the group mappings but instead expand these groups to real users while avoiding repeating users twice |
---|
184 | * @param array $subset Associative containing a list of roles and/or activities for which we want to restrict the list empty by default. |
---|
185 | * This array needs to contains the [wf_role_name] key with role names values to restrict roles. |
---|
186 | * This array needs to contains the [wf_activity_name] key with activity names values to restrict activities |
---|
187 | * @return array Associative, having for each row the user or group id and an associated name |
---|
188 | * @access public |
---|
189 | */ |
---|
190 | |
---|
191 | function &list_mapped_users($pId,$expand_groups=false, $subset=Array()) |
---|
192 | { |
---|
193 | $whereand = ' where gur.wf_p_id=? '; |
---|
194 | $bindvars = Array($pId); |
---|
195 | |
---|
196 | if (!(count($subset)==0)) |
---|
197 | { |
---|
198 | $roles_subset = Array(); |
---|
199 | $activities_subset =Array(); |
---|
200 | $activities_id_subset = Array(); |
---|
201 | foreach($subset as $key => $value ) |
---|
202 | { |
---|
203 | if ($key=='wf_role_name') |
---|
204 | { |
---|
205 | $roles_subset = $value; |
---|
206 | } |
---|
207 | if ($key=='wf_activity_name') |
---|
208 | { |
---|
209 | $activities_subset = $value; |
---|
210 | } |
---|
211 | if ($key == 'wf_activity_id') |
---|
212 | { |
---|
213 | $activities_id_subset = $value; |
---|
214 | } |
---|
215 | } |
---|
216 | if (count($roles_subset)>0) |
---|
217 | { |
---|
218 | if (!(is_array($roles_subset))) |
---|
219 | { |
---|
220 | $roles_subset = explode(',',$roles_subset); |
---|
221 | } |
---|
222 | $whereand .= " and ((gr.wf_name) in ('".implode("','",$roles_subset)."'))"; |
---|
223 | } |
---|
224 | if (count($activities_subset)>0) |
---|
225 | { |
---|
226 | if (!(is_array($activities_subset))) |
---|
227 | { |
---|
228 | $activities_subset = explode(',',$activities_subset); |
---|
229 | } |
---|
230 | $whereand .= " and ((ga.wf_name) in ('".implode("','",$activities_subset)."'))"; |
---|
231 | } |
---|
232 | if (count($activities_id_subset) > 0) |
---|
233 | { |
---|
234 | if (!(is_array($activities_id_subset))) |
---|
235 | { |
---|
236 | $activities_id_subset = explode(',',$activities_id_subset); |
---|
237 | } |
---|
238 | $whereand .= " and ((ga.wf_activity_id) in ('".implode("','",$activities_id_subset)."'))"; |
---|
239 | } |
---|
240 | } |
---|
241 | $query = "select distinct(wf_user),wf_account_type from |
---|
242 | ".GALAXIA_TABLE_PREFIX."roles gr |
---|
243 | INNER JOIN ".GALAXIA_TABLE_PREFIX."user_roles gur ON gr.wf_role_id=gur.wf_role_id |
---|
244 | LEFT JOIN ".GALAXIA_TABLE_PREFIX."activity_roles gar ON gar.wf_role_id=gr.wf_role_id |
---|
245 | LEFT JOIN ".GALAXIA_TABLE_PREFIX."activities ga ON ga.wf_activity_id=gar.wf_activity_id |
---|
246 | $whereand "; |
---|
247 | $result = $this->query($query,$bindvars); |
---|
248 | $ret = Array(); |
---|
249 | $ldap = &Factory::getInstance('WorkflowLDAP'); |
---|
250 | if (!(empty($result))) |
---|
251 | { |
---|
252 | while($res = $result->fetchRow()) |
---|
253 | { |
---|
254 | if (($expand_groups) && ($res['wf_account_type']=='g')) |
---|
255 | { |
---|
256 | //we have a group instead of a simple user and we want real users |
---|
257 | $real_users = galaxia_retrieve_group_users($res['wf_user'], true); |
---|
258 | if (!empty($real_users)) { |
---|
259 | foreach ($real_users as $key => $value) |
---|
260 | { |
---|
261 | $ret[$key]=$value; |
---|
262 | } |
---|
263 | } |
---|
264 | } |
---|
265 | else |
---|
266 | { |
---|
267 | $ret[$res['wf_user']] = $ldap->getName($res['wf_user']); |
---|
268 | } |
---|
269 | } |
---|
270 | } |
---|
271 | return $ret; |
---|
272 | } |
---|
273 | |
---|
274 | /** |
---|
275 | * Lists roles at process level |
---|
276 | * |
---|
277 | * @param int $pId Process id |
---|
278 | * @param int $offset Starting resultset row |
---|
279 | * @param int $maxRecords Maximum number of records |
---|
280 | * @param string $sort_mode Query sorting mode |
---|
281 | * @param string $find Search query string |
---|
282 | * @param string $where Condition query string |
---|
283 | * @return array Roles list |
---|
284 | * @access public |
---|
285 | */ |
---|
286 | function list_roles($pId,$offset,$maxRecords,$sort_mode,$find,$where='') |
---|
287 | { |
---|
288 | $sort_mode = $this->convert_sortmode($sort_mode); |
---|
289 | if($find) { |
---|
290 | // no more quoting here - this is done in bind vars already |
---|
291 | $findesc = '%'.$find.'%'; |
---|
292 | $mid=' where wf_p_id=? and ((wf_name like ?) or (wf_description like ?))'; |
---|
293 | $bindvars = array($pId,$findesc,$findesc); |
---|
294 | } else { |
---|
295 | $mid=' where wf_p_id=? '; |
---|
296 | $bindvars = array($pId); |
---|
297 | } |
---|
298 | if($where) { |
---|
299 | $mid.= " and ($where) "; |
---|
300 | } |
---|
301 | $query = 'select * from '.GALAXIA_TABLE_PREFIX."roles $mid"; |
---|
302 | $query_cant = 'select count(*) from '.GALAXIA_TABLE_PREFIX."roles $mid"; |
---|
303 | $result = $this->query($query,$bindvars,$maxRecords,$offset, 1, $sort_mode); |
---|
304 | $cant = $this->getOne($query_cant,$bindvars); |
---|
305 | $ret = Array(); |
---|
306 | while($res = $result->fetchRow()) { |
---|
307 | $ret[] = $res; |
---|
308 | } |
---|
309 | $retval = Array(); |
---|
310 | $retval['data'] = $ret; |
---|
311 | $retval['cant'] = $cant; |
---|
312 | return $retval; |
---|
313 | } |
---|
314 | |
---|
315 | /** |
---|
316 | * Removes a role |
---|
317 | * |
---|
318 | * @param int $pId Process Id |
---|
319 | * @param int $roleId Role Id |
---|
320 | * @return bool |
---|
321 | * @access public |
---|
322 | */ |
---|
323 | function remove_role($pId, $roleId) |
---|
324 | { |
---|
325 | // start a transaction |
---|
326 | $this->db->StartTrans(); |
---|
327 | $query = 'delete from `'.GALAXIA_TABLE_PREFIX.'roles` where `wf_p_id`=? and `wf_role_id`=?'; |
---|
328 | $this->query($query,array($pId, $roleId)); |
---|
329 | $query = 'delete from `'.GALAXIA_TABLE_PREFIX.'activity_roles` where `wf_role_id`=?'; |
---|
330 | $this->query($query,array($roleId)); |
---|
331 | $query = 'delete from `'.GALAXIA_TABLE_PREFIX.'user_roles` where `wf_role_id`=?'; |
---|
332 | $this->query($query,array($roleId)); |
---|
333 | // perform commit (return true) or Rollback (return false) |
---|
334 | return $this->db->CompleteTrans(); |
---|
335 | } |
---|
336 | |
---|
337 | /** |
---|
338 | * Updates or inserts a new role in the database |
---|
339 | * |
---|
340 | * @param array $vars Associative, having the fields to update or to insert as needed |
---|
341 | * @param int $pId Process id |
---|
342 | * @param int $roleId Role id, 0 in insert mode |
---|
343 | * @return mixed Role id (the new one if in insert mode) if everything was ok, false in the other case |
---|
344 | */ |
---|
345 | function replace_role($pId, $roleId, $vars) |
---|
346 | { |
---|
347 | // start a transaction |
---|
348 | $this->db->StartTrans(); |
---|
349 | $TABLE_NAME = GALAXIA_TABLE_PREFIX.'roles'; |
---|
350 | $now = date("U"); |
---|
351 | if (!(isset($vars['wf_last_modif']))) $vars['wf_last_modif']=$now; |
---|
352 | $vars['wf_p_id']=$pId; |
---|
353 | |
---|
354 | foreach($vars as $key=>$value) |
---|
355 | { |
---|
356 | $vars[$key]=addslashes($value); |
---|
357 | } |
---|
358 | |
---|
359 | if($roleId) { |
---|
360 | // update mode |
---|
361 | $first = true; |
---|
362 | $query ="update $TABLE_NAME set"; |
---|
363 | $bindvars = Array(); |
---|
364 | foreach($vars as $key=>$value) |
---|
365 | { |
---|
366 | if(!$first) $query.= ','; |
---|
367 | //if(!is_numeric($value)) $value="'".$value."'"; |
---|
368 | $query.= " $key=? "; |
---|
369 | $bindvars[] = $value; |
---|
370 | $first = false; |
---|
371 | } |
---|
372 | $query .= ' where wf_p_id=? and wf_role_id=? '; |
---|
373 | $bindvars[] = $pId; |
---|
374 | $bindvars[] = $roleId; |
---|
375 | $this->query($query, $bindvars); |
---|
376 | } |
---|
377 | else |
---|
378 | { |
---|
379 | //check unicity |
---|
380 | $name = $vars['wf_name']; |
---|
381 | if ($this->getOne('select count(*) from '.$TABLE_NAME.' where wf_p_id=? and wf_name=?', array($pId,$name))) |
---|
382 | { |
---|
383 | return false; |
---|
384 | } |
---|
385 | unset($vars['wf_role_id']); |
---|
386 | // insert mode |
---|
387 | $bindvars = Array(); |
---|
388 | $first = true; |
---|
389 | $query = "insert into $TABLE_NAME("; |
---|
390 | foreach(array_keys($vars) as $key) |
---|
391 | { |
---|
392 | if(!$first) $query.= ','; |
---|
393 | $query.= "$key"; |
---|
394 | $first = false; |
---|
395 | } |
---|
396 | $query .=') values('; |
---|
397 | $first = true; |
---|
398 | foreach(array_values($vars) as $value) |
---|
399 | { |
---|
400 | if(!$first) $query.= ','; |
---|
401 | //if(!is_numeric($value)) $value="'".$value."'"; |
---|
402 | $query.= '?'; |
---|
403 | $bindvars[] = $value; |
---|
404 | $first = false; |
---|
405 | } |
---|
406 | $query .=')'; |
---|
407 | $this->query($query, $bindvars); |
---|
408 | //get the last inserted row |
---|
409 | $roleId = $this->getOne('select max(wf_role_id) from '.$TABLE_NAME.' where wf_p_id=?', array($pId)); |
---|
410 | } |
---|
411 | // perform commit (return true) or Rollback (return false) |
---|
412 | if ($this->db->CompleteTrans()) |
---|
413 | { |
---|
414 | // Get the id |
---|
415 | return $roleId; |
---|
416 | } |
---|
417 | else |
---|
418 | { |
---|
419 | return false; |
---|
420 | } |
---|
421 | } |
---|
422 | |
---|
423 | /** |
---|
424 | * Lists all users and groups recorded in the mappings with their status (user or group) |
---|
425 | * |
---|
426 | * @return array Associative, containing a row for each user, where each row is an array containing 'wf_user' and 'wf_account_type' keys |
---|
427 | * @access public |
---|
428 | */ |
---|
429 | function get_all_users() |
---|
430 | { |
---|
431 | $final = Array(); |
---|
432 | //query for user mappings affected to groups & vice-versa |
---|
433 | $query ='select distinct(gur.wf_user), gur.wf_account_type |
---|
434 | from '.GALAXIA_TABLE_PREFIX.'user_roles gur'; |
---|
435 | $result = $this->query($query); |
---|
436 | if (!(empty($result))) |
---|
437 | { |
---|
438 | while ($res = $result->fetchRow()) |
---|
439 | { |
---|
440 | $final[] = $res; |
---|
441 | } |
---|
442 | } |
---|
443 | return $final; |
---|
444 | } |
---|
445 | |
---|
446 | /** |
---|
447 | * Get roles for a given user |
---|
448 | * |
---|
449 | * @param int $user The given user |
---|
450 | * @return array Roles for the given user |
---|
451 | * @access public |
---|
452 | */ |
---|
453 | function getUserRoles($user, $pid = null) |
---|
454 | { |
---|
455 | /* retrieve user_groups information in an array containing all groups for this user */ |
---|
456 | $userGroups = galaxia_retrieve_user_groups($user); |
---|
457 | $values = array($user); |
---|
458 | $query = 'SELECT wf_role_id FROM ' . GALAXIA_TABLE_PREFIX . 'user_roles |
---|
459 | WHERE ( |
---|
460 | (wf_user = ? AND wf_account_type = \'u\')'; |
---|
461 | if (is_array($userGroups)) |
---|
462 | { |
---|
463 | foreach ($userGroups as &$group) |
---|
464 | $group = "'{$group}'"; |
---|
465 | $query .= ' OR (wf_user IN (' . implode(',', $userGroups) . ') AND wf_account_type = \'g\')'; |
---|
466 | } |
---|
467 | $query .= ')'; |
---|
468 | if (!is_null($pid)) |
---|
469 | { |
---|
470 | $query .= ' AND (wf_p_id = ?)'; |
---|
471 | $values[] = $pid; |
---|
472 | } |
---|
473 | |
---|
474 | $result = $this->query($query, $values); |
---|
475 | $output = Array(); |
---|
476 | while($res = $result->fetchRow()) |
---|
477 | $output[] = $res['wf_role_id']; |
---|
478 | |
---|
479 | return $output; |
---|
480 | } |
---|
481 | |
---|
482 | } |
---|
483 | ?> |
---|