[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Noalyss-commit] [noalyss] 66/219: CFGSEC : action and ledger are set th
From: |
Dany De Bontridder |
Subject: |
[Noalyss-commit] [noalyss] 66/219: CFGSEC : action and ledger are set thanks ajax Inplace_Switch : new class for ajax with a swith button |
Date: |
Mon, 18 Dec 2017 13:22:39 -0500 (EST) |
sparkyx pushed a commit to branch master
in repository noalyss.
commit 08b86a9742e2f0116a8805a1a3cd52790aac3ad8
Author: Dany De Bontridder <address@hidden>
Date: Wed Oct 4 20:32:01 2017 +0200
CFGSEC : action and ledger are set thanks ajax
Inplace_Switch : new class for ajax with a swith button
---
html/ajax_misc.php | 10 +-
html/image/icon-off.png | Bin 0 -> 308 bytes
html/image/icon-on.png | Bin 0 -> 274 bytes
..._ledger_security.php => ajax_user_security.php} | 71 ++++++++--
include/lib/inplace_edit.class.php | 3 +
include/lib/inplace_switch.class.php | 144 +++++++++++++++++++++
include/param_sec.inc.php | 79 +++--------
include/template/security_list_action.php | 26 ++--
8 files changed, 242 insertions(+), 91 deletions(-)
diff --git a/html/ajax_misc.php b/html/ajax_misc.php
index f3b4dd0..beea218 100644
--- a/html/ajax_misc.php
+++ b/html/ajax_misc.php
@@ -110,11 +110,15 @@ $path = array(
"card"=>"ajax_card",
"ledger"=>"ajax_ledger",
// Manage ledger access
- "ledger_access"=>"ajax_ledger_security",
+ "ledger_access"=>"ajax_user_security",
// Manage user profile
- "profile"=>"ajax_ledger_security",
+ "profile"=>"ajax_user_security",
// Update in once all the ledgers
- "ledger_access_all"=>"ajax_ledger_security",
+ "ledger_access_all"=>"ajax_user_security",
+ // From the page CFGSEC,set the actions
+ "action_access"=>"ajax_user_security",
+ // From the page CFGSEC,set all the actions
+ "action_access_all"=>"ajax_user_security",
"todo_list"=>"ajax_todo_list",
"history"=>"ajax_history",
"pcmn_update"=>"ajax_pcmn_update",
diff --git a/html/image/icon-off.png b/html/image/icon-off.png
new file mode 100644
index 0000000..8f8c56a
Binary files /dev/null and b/html/image/icon-off.png differ
diff --git a/html/image/icon-on.png b/html/image/icon-on.png
new file mode 100644
index 0000000..cc3344a
Binary files /dev/null and b/html/image/icon-on.png differ
diff --git a/include/ajax/ajax_ledger_security.php
b/include/ajax/ajax_user_security.php
similarity index 73%
rename from include/ajax/ajax_ledger_security.php
rename to include/ajax/ajax_user_security.php
index 1423962..2c515b1 100644
--- a/include/ajax/ajax_ledger_security.php
+++ b/include/ajax/ajax_user_security.php
@@ -27,13 +27,13 @@ require_once NOALYSS_INCLUDE.'/lib/itext.class.php';
require_once NOALYSS_INCLUDE.'/lib/iselect.class.php';
require_once NOALYSS_INCLUDE.'/lib/inum.class.php';
require_once NOALYSS_INCLUDE.'/lib/inplace_edit.class.php';
+require_once NOALYSS_INCLUDE.'/lib/inplace_switch.class.php';
/**
* @file
* @brief Manage the security of a ledger , from CFGSEC module
*
*/
-
$n_dossier_id=Dossier::id();
//-----------------------------------------------------------------------------
// Manage the user's access to ledgers
@@ -97,12 +97,12 @@ if ($op=="ledger_access")
//-----------------------------------------------------------------------------
// Set the user's profile
//-----------------------------------------------------------------------------
-if ( $op == "profile")
+if ($op=="profile")
{
$input=$http->request("input");
$action=$http->request("ieaction", "string", "display");
$user_id=$http->post("user_id", "numeric");
- $profile_id=$http->post("profile_id","numeric");
+ $profile_id=$http->post("profile_id", "numeric");
if ($action=="display")
{
$ie_input=Inplace_Edit::build($input);
@@ -117,16 +117,16 @@ if ( $op == "profile")
if ($action=="ok")
{
$value=$http->post("value");
- // save profile
- $sec_User=new User($cn,$user_id);
- $sec_User->save_profile($value);
+ // save profile
+ $sec_User=new User($cn, $user_id);
+ $sec_User->save_profile($value);
$ie_input=Inplace_Edit::build($input);
$ie_input->set_callback("ajax_misc.php");
$ie_input->add_json_param("op", "profile");
$ie_input->add_json_param("gDossier", $n_dossier_id);
$ie_input->add_json_param("user_id", $user_id);
$ie_input->set_value($value);
-
+
echo $ie_input->value();
return;
}
@@ -145,11 +145,13 @@ if ( $op == "profile")
//------------------------------------------------------------------------------
// Update in once all the ledger access for an user
//------------------------------------------------------------------------------
-if ( $op == 'ledger_access_all') {
+if ($op=='ledger_access_all')
+{
// Find the login
- $user_id=$http->post("user_id","numeric");
+ $user_id=$http->post("user_id", "numeric");
$access=$http->post("access");
- if ( $access != "W" && $access != "X" && $access !="R") die("Invalid
access");
+ if ($access!="W"&&$access!="X"&&$access!="R")
+ die("Invalid access");
$sec_User=new User($cn, $user_id);
// Insert all the existing ledgers to user_sec_jrn
$sql="insert into user_sec_jrn(
@@ -167,7 +169,52 @@ if ( $op == 'ledger_access_all') {
uj_jrn_id = jrn_def_id
and uj_login = $1
)";
- $cn->exec_sql($sql,array($sec_User->login));
- $cn->exec_sql('update user_sec_jrn set uj_priv=$1 where
uj_login=$2',array($access,$sec_User->login));
+ $cn->exec_sql($sql, array($sec_User->login));
+ $cn->exec_sql('update user_sec_jrn set uj_priv=$1 where uj_login=$2',
+ array($access, $sec_User->login));
return;
+}
+//------------------------------------------------------------------------------
+// Set on or off the action
+//------------------------------------------------------------------------------
+if ($op=="action_access")
+{
+ $action_id=$http->get("ac_id", "numeric");
+ $user_id=$http->get("user_id","numeric");
+ $sec_User=new User($cn, $user_id);
+
+ $right=$sec_User->check_action($action_id);
+ $is_switch=new Inplace_Switch("action".$action_id,0);
+ if ($right==1)
+ {
+ $cn->exec_sql("delete from user_sec_act where ua_act_id=$1 and
ua_login=$2",
+ array($action_id, $sec_User->login));
+ echo $is_switch->get_iconoff();
+ } else {
+ $cn->exec_sql('insert into user_sec_act (ua_login,ua_act_id)'.
+ ' values ($1,$2)',
+ array($sec_User->login,$action_id));
+ echo $is_switch->get_iconon();
+ }
+
+
+
+}
+//----------------------------------------------------------------------------
+// Set all the actions
+//----------------------------------------------------------------------------
+if ($op=="action_access_all")
+{
+ $user_id=$http->get("user_id","numeric");
+ $access=$http->get("access","numeric");
+ $sec_User=new User($cn, $user_id);
+ if ( $access==0) {
+ $cn->exec_sql("delete from user_sec_act where
ua_login=$1",array($sec_User->login));
+ }
+ if ( $access==1) {
+ $cn->exec_sql("
+ insert into user_sec_act(ua_login,ua_act_id) select $1,ac_id from
action where not exists(select 1 from user_sec_act where ua_login=$1 and
ua_act_id=ac_id)",
+ array($sec_User->login));
+ }
+
}
\ No newline at end of file
diff --git a/include/lib/inplace_edit.class.php
b/include/lib/inplace_edit.class.php
index 522a599..bbe9999 100644
--- a/include/lib/inplace_edit.class.php
+++ b/include/lib/inplace_edit.class.php
@@ -111,6 +111,7 @@ EOF;
$v=$this->input->get_value();
$v=(trim($v)=="")?$this->message:$v;
echo $v,
+ "<img src=\"image/button-edit.png\"/>",
"
<script>
$('{$this->input->id}edit').removeClassName('inplace_edit_input');
@@ -132,8 +133,10 @@ EOF;
$v=$this->input->get_value();
$v=(trim($v)=="")?$this->message:$v;
echo $v;
+ echo "<img src=\"image/button-edit.png\"/>";
echo "</span>";
echo "
+
<script>
{$this->input->id}edit.onclick=function() {
new Ajax.Updater('{$this->input->id}edit'
diff --git a/include/lib/inplace_switch.class.php
b/include/lib/inplace_switch.class.php
new file mode 100644
index 0000000..ab3401f
--- /dev/null
+++ b/include/lib/inplace_switch.class.php
@@ -0,0 +1,144 @@
+<?php
+
+/*
+ * This file is part of NOALYSS.
+ *
+ * PhpCompta is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * PhpCompta is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with PhpCompta; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+// Copyright (2016) Author Dany De Bontridder <address@hidden>
+
+/**
+ * @file
+ * @brief A switch let you switch between 2 values : 0 and 1, it is used to
+ * replace the check
+ */
+class Inplace_Switch
+{
+
+ /// The icon on
+ private $iconon;
+ /// The icon off
+ private $iconoff;
+ /// name of the widget, javascript id must be unique
+ private $name;
+ /// value
+ private $value;
+ /// Json object
+ private $json;
+ /// callback
+ private $callback;
+
+ function __construct($p_name, $p_value)
+ {
+ $this->name=$p_name;
+ $this->value=$p_value;
+ $this->iconon='<img src="image/icon-on.png"/>';
+ $this->iconoff='<img src="image/icon-off.png"/>';
+ $this->json=json_encode(['name'=>$p_name,"value"=>$p_value],
JSON_UNESCAPED_UNICODE|JSON_UNESCAPED_SLASHES|JSON_NUMERIC_CHECK);
+ $this->callback="ajax.php";
+ }
+
+ function input()
+ {
+ printf('<span class="inplace_edit" id="%s">', $this->name);
+ if ($this->value==1)
+ {
+ echo $this->iconon;
+ }
+ elseif ($this->value==0)
+ {
+ echo $this->iconoff;
+ }
+ else
+ {
+ throw new Exception(_("Invalide value"));
+ }
+ echo '</span>';
+ echo <<<EOF
+ <script>
+{$this->name}.onclick=function() {new
Ajax.Updater({$this->name},'{$this->callback}',{method:"get",parameters:{$this->json},evalScripts:true}
);}
+</script>
+EOF;
+ }
+
+ public function get_json()
+ {
+ return $this->json;
+ }
+
+ public function get_callback()
+ {
+ return $this->callback;
+ }
+
+ public function set_json($json)
+ {
+ $this->json=$json;
+ }
+
+ public function set_callback($callback)
+ {
+ $this->callback=$callback;
+ }
+
+ public function get_iconon()
+ {
+ return $this->iconon;
+ }
+
+ public function get_iconoff()
+ {
+ return $this->iconoff;
+ }
+
+ public function get_name()
+ {
+ return $this->name;
+ }
+
+ public function get_value()
+ {
+ return $this->value;
+ }
+
+ public function set_iconon($iconon)
+ {
+ $this->iconon=$iconon;
+ }
+
+ public function set_iconoff($iconoff)
+ {
+ $this->iconoff=$iconoff;
+ }
+
+ public function set_name($name)
+ {
+ $this->name=$name;
+ }
+
+ public function set_value($value)
+ {
+ $this->value=$value;
+ }
+ /**
+ * Add json parameter to the current one, if there attribute already exists
+ * it will be overwritten
+ */
+ function add_json_param($p_attribute,$p_value) {
+ $x=json_decode($this->json,TRUE);
+ $x[$p_attribute]=$p_value;
+ $this->json=json_encode($x,
JSON_UNESCAPED_UNICODE|JSON_UNESCAPED_SLASHES|JSON_NUMERIC_CHECK);
+ }
+}
diff --git a/include/param_sec.inc.php b/include/param_sec.inc.php
index 08b81c9..00ddcd7 100644
--- a/include/param_sec.inc.php
+++ b/include/param_sec.inc.php
@@ -30,6 +30,7 @@ require_once NOALYSS_INCLUDE.'/class/user.class.php';
require_once NOALYSS_INCLUDE.'/lib/database.class.php';
require_once NOALYSS_INCLUDE.'/lib/sort_table.class.php';
require_once NOALYSS_INCLUDE.'/lib/inplace_edit.class.php';
+require_once NOALYSS_INCLUDE.'/lib/inplace_switch.class.php';
$http=new HttpInput();
@@ -119,57 +120,7 @@ if ( isset ($_GET["action"] ))
$action=$http->get("action");
}
-//----------------------------------------------------------------------
-// Action = save
-//----------------------------------------------------------------------
-if ( isset($_POST['ok']))
-{
- try
- {
- $cn->start();
- $user_id=$http->post('user_id',"numeric");
- $sec_User=new User($cn,$user_id);
-
-
- /* now save all the actions */
- $a=$cn->get_array('select ac_id from action');
- /*
- * @todo must be replaced by ajax
- */
- foreach ($a as $key)
- {
- $id=$key['ac_id'];
- $priv=sprintf("action%d",$id);
- if ( ! isset ($_POST[$priv]))
- {
- $cn->exec_sql("delete from user_sec_act where
ua_act_id=$1",array($id));
- continue;
- }
- $count=$cn->get_value('select count(*) from user_sec_act where
ua_login=$1 '.
- ' and
ua_act_id=$2',array($sec_User->login,$id));
- if ( $_POST[$priv] == 1 && $count == 0)
- {
- $cn->exec_sql('insert into user_sec_act (ua_login,ua_act_id)'.
- ' values ($1,$2)',
- array($sec_User->login,$id));
- }
- if ($_POST[$priv] == 0 )
- {
- $cn->exec_sql('delete from user_sec_act where ua_login=$1 and
ua_act_id=$2',
- array($sec_User->login,$id));
- }
- }
- $cn->commit();
- } // end try
- catch (Exception $e)
- {
- echo_warning ($e->getMessage());
- record_log($e->getTraceAsString());
- $cn->rollback();
- }
-
-}
@@ -241,7 +192,6 @@ if ( $action == "view" )
$sec_User=new User($cn,$user_id);
$n_dossier_id=Dossier::id();
- echo '<form method="post">';
$sHref=sprintf ('export.php?act=PDF:sec&user_id=%s&'.$str_dossier ,
$user_id
);
@@ -312,10 +262,8 @@ if ( $action == "view" )
include(NOALYSS_TEMPLATE.'/security_list_action.php');
echo '</fieldset>';
echo
HtmlInput::button('Imprime',_('imprime'),"onclick=\"window.open('".$sHref."');\"");
- echo HtmlInput::submit('ok',_('Sauve'));
- echo HtmlInput::reset(_('Annule'));
echo $return;
- echo '</form>';
+
?>
<script>
function grant_ledgers(p_access) {
@@ -349,19 +297,28 @@ if ( $action == "view" )
remove_waiting_box();
}
function grant_action(p_value) {
- var a_select=document.getElementsByTagName('select');
+ var a_select=document.getElementsByTagName('span');
var i=0;
var str_id="";
for (i = 0;i < a_select.length;i++) {
str_id = new String( a_select[i].id);
if ( str_id.search(/action/) > -1 ) {
- a_select[i].value=p_value;
- if (p_value == 0 ) {
a_select[i].parentNode.style.borderColor="red";}
- else { a_select[i].parentNode.style.borderColor="green";}
- a_select[i].parentNode.style.borderSize="2px";
- }
+ if ( p_value == 1 ) {
+ a_select[i].innerHTML='<img src="image/icon-on.png"/>';
+ } else {
+ a_select[i].innerHTML='<img src="image/icon-off.png"/>';
+ }
}
-
+ } // loop
+ new Ajax.Request("ajax_misc.php",{method:"get",
+ parameters:{
+ op:"action_access_all",
+ gDossier:<?php echo $n_dossier_id?>,
+ method:"get",
+ user_id:<?php echo $user_id;?>,
+ access:p_value
+ }
+ });
}
</script>
<?php
diff --git a/include/template/security_list_action.php
b/include/template/security_list_action.php
index 7d3e81a..aadc54d 100644
--- a/include/template/security_list_action.php
+++ b/include/template/security_list_action.php
@@ -4,9 +4,6 @@
?><?php
function display_security_fieldset($p_legend,$p_array,$sec_User) {
- $array=array(array('value'=>0,'label'=>_("Pas d'accès")),
- array('value'=>1,'label'=>_('Accès')),
- );
$gDossier=dossier::id();
?>
@@ -23,19 +20,18 @@
<?php
$right=$sec_User->check_action($l_line['ac_id']);
+ $is_switch=new
Inplace_Switch(sprintf('action%d',$l_line['ac_id']),$right);
+ $is_switch->set_callback("ajax_misc.php");
+ $is_switch->add_json_param("op",
"action_access");
+
$is_switch->add_json_param("gDossier",$gDossier);
+
$is_switch->add_json_param("ac_id",$l_line['ac_id']);
+
$is_switch->add_json_param("user_id",$sec_User->id);
+ ?>
+ <td >
+
- $a=new ISelect();
- $a->name=sprintf('action%d',$l_line['ac_id']);
- $a->value=$array;
- $a->selected=$right;
- if ( $right==1) {
- ?>
- <td style="border:lightgreen 2px solid; ">
- <?php } else { ?>
- <td style="border:red 2px solid; " align="right">
- <?php }?>
-
- <?php echo $a->input(); ?>
+ <?php echo $is_switch->input(); ?>
+
</td>
</tr>
<?php
- [Noalyss-commit] [noalyss] 41/219: SQL : protection injection, (continued)
- [Noalyss-commit] [noalyss] 41/219: SQL : protection injection, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 23/219: improve doc, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 48/219: Rewriting for PLANANC ajax add, delete and update analytic accounting, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 84/219: Improve appearance, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 65/219: CFGSEC : the ledgers are now updated thanks an inplace class, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 105/219: CSS : change menu, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 06/219: Fix bug and esthetic : the var. dep can be empty, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 09/219: profil : CFGPRO , correct, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 72/219: Warning : use new icon, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 36/219: Task #0001411: Faire des boutons du menu des... boutons. uniquement classic & light, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 66/219: CFGSEC : action and ledger are set thanks ajax Inplace_Switch : new class for ajax with a swith button,
Dany De Bontridder <=
- [Noalyss-commit] [noalyss] 96/219: esthetic style-r692 : size icon, arrow ..., Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 04/219: Translation, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 01/219: new coding convention , Change File name : class_ becomes file.class.php, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 37/219: Task #0001411: Faire des boutons du menu des... boutons Ajout nouveau style-r692, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 57/219: New : inplace_edit permit the developer to create easily a "inplace" edit field, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 93/219: Change background title inner_box, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 118/219: Task #0001297: Perfectionnement menu COMPTA/ADV/OPEN Improve operation message, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 74/219: Security : SQL use directly $_SESSION, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 103/219: Réécriture de CFGPCMN pour utiliser ManageTable Ajout bouton ajout dans menu, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 120/219: Task #0001328: Problème affichage totaux achat, Dany De Bontridder, 2017/12/18