123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633 |
- <?php
- /**
- * Define an application user.
- * @author valentin carruesco
- * @category Core
- * @license MIT
- */
- class User extends Entity {
- public $id,$login,$password,$function,$name,$firstname,$mail,$state,$rights,$firms,$superadmin,$token,$preferences,$phone,$mobile,$groups,$ranks,$manager,$service,$origin,$meta;
- public $entityLabel = 'Utilisateur';
- public $fields = array(
- 'id' => 'key',
- 'login' => array('label'=>'Identifiant','type'=>'string'),
- 'password' => array('label'=>'Mot de passe','type'=>'password'),
- 'name' => array('label'=>'Nom','type'=>'string'),
- 'function' => array('label'=>'Fonction','type'=>'string'),
- 'firstname' => array('label'=>'Prénom','type'=>'text'),
- 'token' => array('label'=>'Token','type'=>'string'),
- 'mail' => array('label'=>'E-mail','type'=>'mail'),
- 'state' => array('label'=>'Etat','type'=>'string'),
- 'phone' => array('label'=>'Téléphone','type'=>'phone'),
- 'mobile' => array('label'=>'Téléphone portable','type'=>'phone'),
- 'manager' => array('label'=>'Manager','type'=>'user'),
- 'origin' => array('label'=>'Origine','type'=>'text'),
- 'service' => array('label'=>'Service','type'=>'text'),
- 'meta' => array('label'=>'Meta informations','type'=>'text')
- );
- function __construct(){
- global $myUser, $myFirm, $conf;
- parent::__construct();
- $this->token = self::generateToken();
- $this->meta = array();
- $this->ranks = array();
- $this->firms = array();
- }
- public static function getAll($options = array()){
- $users = array();
- $options = array_merge(array(
- 'right' => true,
- 'manager' => true,
- 'force' =>false
- ),$options);
- if(isset($_SESSION['users_'.($options['right']?'rights':'norights')]))
- $users = unserialize($_SESSION['users_'.($options['right']?'rights':'norights')]);
- if(empty($users) || $options['force']){
- $users = array();
- //récuperation des users non db (plugin ad ...)
- Plugin::callHook('user_get_all',array(&$users,$options));
- $logins = array();
- //Récuperation des users db
- foreach (self::loadAll(array('state'=>User::ACTIVE), array(' name ASC ')) as $baseUser)
- $users[$baseUser->login] = $baseUser;
- //récuperation des logins concernés pour requettage
- foreach($users as $key=>$user){
- //chargement des managers pour les origines db
- if($options['manager'] && empty($user->origin) && !empty($user->manager) && isset($users[$user->manager])){
- $users[$key]->manager = $users[$user->manager];
- }
- $logins[] = $user->login;
- }
- if($options['right']){
- $ranksId = array();
- //Ajout des rangs depuis les liens user/firm/rank
- foreach (UserFirmRank::loadAll(array('user:IN'=>$logins ), null, null, array('*'), 1) as $firmRank) {
- $rank = $firmRank->join('rank');
- $firm = $firmRank->join('firm');
- $ranksId[] = $rank->id;
- $users[$firmRank->user]->firms[$firm->id] = $firm;
- if(!isset($users[$firmRank->user]->ranks[$firmRank->firm])) $users[$firmRank->user]->ranks[$firmRank->firm] = array();
- $users[$firmRank->user]->ranks[$firmRank->firm][$rank->id] = $rank;
- if(empty($users[$firmRank->user]->superadmin) && $rank->superadmin) $users[$firmRank->user]->superadmin = boolval($rank->superadmin);
- }
- //récuperation des droits ciblés sur user et rangs pour les user et rang user concernés
- $rights = Right::staticQuery('SELECT * FROM {{table}} WHERE
- (targetScope="user" AND targetUid IN ('.implode(',',array_fill(0,count($logins),'?')).')) OR (targetScope="rank" AND targetUid IN('.implode(',',array_fill(0,count($ranksId),'?')).')) ',array_merge($logins,$ranksId),true);
- $rightsForRank = array();
- foreach($rights as $right):
- //pour les rangs on remplis un tableau de mapping qu'on redistribuera plus tard
- if($right->targetScope =='rank'){
- if(!isset($rightsForRank[$right->targetUid])) $rightsForRank[$right->targetUid] = array();
- $rightsForRank[$right->targetUid][]= $right;
- //pour les users
- }else{
- //Pour le premier rang qui aborde cette scope on met tous les droits à false
- if(!isset($users[$right->targetUid]->rights[$right->scope][$right->firm][$right->uid])){
- $users[$right->targetUid]->rights[$right->scope][$right->firm][$right->uid] = array(
- 'read' => false,
- 'edit' => false,
- 'delete' => false,
- 'recursive' => false,
- 'configure' => false
- );
- }
- //Puis on complete uniquement les droits à true sur la scope pour chaques rangs additionnels
- if($right->read) $users[$right->targetUid]->rights[$right->scope][$right->firm][$right->uid]['read'] = true;
- if($right->edit) $users[$right->targetUid]->rights[$right->scope][$right->firm][$right->uid]['edit'] = true;
- if($right->delete) $users[$right->targetUid]->rights[$right->scope][$right->firm][$right->uid]['delete'] = true;
- if($right->configure) $users[$right->targetUid]->rights[$right->scope][$right->firm][$right->uid]['configure'] = true;
- }
- endforeach;
- //pour chaque user
- foreach($users as $key=>$user){
- //onrecupere les firms
- foreach($user->ranks as $firmrank){
- //on liste les rangs du user pour cette firm
- foreach($firmrank as $rank){
- //si un de ces rangs possede des droits liés
- if(!isset($rightsForRank[$rank->id])) continue;
- //pour chaque droit liées on les applique au user
- foreach($rightsForRank[$rank->id] as $right){
- //Pour le premier rang qui aborde cette scope on met tous les droits à false
- if(!isset($users[$key]->rights[$right->scope][$right->firm][$right->uid])){
- $users[$key]->rights[$right->scope][$right->firm][$right->uid] = array(
- 'read' => false,
- 'edit' => false,
- 'delete' => false,
- 'recursive' => false,
- 'configure' => false
- );
- }
- //Puis on complete uniquement les droits à true sur la scope pour chaques rangs additionnels
- if($right->read) $users[$key]->rights[$right->scope][$right->firm][$right->uid]['read'] = true;
- if($right->edit) $users[$key]->rights[$right->scope][$right->firm][$right->uid]['edit'] = true;
- if($right->delete) $users[$key]->rights[$right->scope][$right->firm][$right->uid]['delete'] = true;
- if($right->configure) $users[$key]->rights[$right->scope][$right->firm][$right->uid]['configure'] = true;
- }
- }
- }
- }
- }
- //sort des users par noms
- uasort($users, function($a, $b){ return strcmp($a->name, $b->name); });
- $_SESSION['users_'.($options['right']?'rights':'norights')] = serialize($users);
- }
- return $users;
- }
- public function __sleep(){
- $fields = $this->toArray();
- unset($fields['fullName'], $fields['initials']);
- return array_merge(array('superadmin','rights','groups','ranks','firms','preferences'),array_keys($fields));
- }
- //Surchage de toArray pour prendre en compte le fullName et les initials régulierement utilisé en toArray
- public function toArray($decoded=false) {
- $fields = parent::toArray($decoded);
- $fields['fullName'] = $this->fullName();
- $fields['initials'] = $this->initials();
- unset($fields['password']);
- unset($fields['token']);
- if(isset($fields['manager']) && is_object($fields['manager'])) $fields['manager'] = $fields['manager']->toArray();
- if($decoded){
- $fields['fullName'] = html_entity_decode($fields['fullName']);
- $fields['initials'] = html_entity_decode($fields['initials']);
- }
- return $fields;
- }
- // $this->rights[$right->scope][$right->uid][$right->firm]
- public function can($scope,$right,$uid=0,$options = array()){
- if($this->superadmin == 1) return true;
- global $myFirm;
- $firm = is_object($myFirm) && $myFirm->id !=0 ? $myFirm->id : 0;
- // Recherche dans les droits ciblé sur la firm courante
- if(isset($this->rights[$scope][$firm][$uid][$right]))
- return $this->rights[$scope][$firm][$uid][$right]==1;
- // Recherche dans les droits non ciblés sur une firm
- if(isset($this->rights[$scope][0][$uid][$right]))
- return $this->rights[$scope][0][$uid][$right]==1;
- if(isset($options['contains']) && $options['contains'] == true){
- if(isset($this->rights[$scope])) {
- $rightArray = array();
- if(isset($this->rights[$scope][0]))
- $rightArray =$this->rights[$scope][0];
- if(isset($this->rights[$scope][$myFirm->id]))
- $rightArray = $this->rights[$scope][$myFirm->id];
- foreach($rightArray as $uid=>$rights){
- if(!isset($rights[$right]) || !$rights[$right]) continue;
- return true;
- }
- }
- }
- return false;
- }
- //Lance les exception appropriées en fonction du droit ou des droits spécifiés
- // ex : User::check_access('document','configure');
- public static function check_access($scope,$right,$uid=0){
- global $myUser;
- if(!isset($myUser) || !is_object($myUser) || !$myUser->connected()) throw new Exception("Contrôle d'accès - Vous devez être connecté",401);
- if(!$myUser->can($scope,$right,$uid)) throw new Exception("Contrôle d'accès - Permissions insuffisantes ('".$scope.".".$right."')",403);
- }
- //Vérifie que l'utilisateur courant est lié a l'id du rang spécifié
- public function hasRank($rankId){
- if($this->superadmin) return true;
- $rankIds = array();
- global $myFirm;
- if(empty($this->ranks) || !isset($this->ranks[$myFirm->id])) return false;
- foreach ($this->ranks[$myFirm->id] as $rank)
- $rankIds[$rank->id] = true;
- return isset($rankIds[$rankId]);
- }
- public function preference($key=null, $value=null){
- global $myUser;
- if(!isset($key) && !isset($value)) return $this->preferences;
- if(isset($key) && !isset($value)) return isset($this->preferences[$key])?$this->preferences[$key]:'';
- if(isset($key) && isset($value)){
- $this->preferences[$key] = $value;
- $preference = UserPreference::load(array('key'=>$key,'user'=>$this->login));
- if(!$preference) $preference = new UserPreference();
- $preference->key = $key;
- $preference->value = $value;
- $preference->user = $this->login;
- $preference->save();
- if($myUser->login == $this->login) $_SESSION['currentUser'] = serialize($this);
- }
- }
- public function loadRanks(){
- //Ajout des rangs depuis les liens user/firm/rank
- foreach (UserFirmRank::loadAll(array('user'=>$this->login), null, null, array('*'), 1) as $firmRank) {
- $rank = $firmRank->join('rank');
- $firm = $firmRank->join('firm');
- $this->firms[$firm->id] = $firm;
- if(!isset($this->
|