2017-08-04 16:28:16 +02:00
< ? php
2020-09-07 15:04:06 +02:00
/*
* OpenSTAManager : il software gestionale open source per l ' assistenza tecnica e la fatturazione
2021-01-20 15:08:51 +01:00
* Copyright ( C ) DevCode s . r . l .
2020-09-07 15:04:06 +02:00
*
* This program is free software : you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation , either version 3 of the License , or
* ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
* along with this program . If not , see < https :// www . gnu . org / licenses />.
*/
2017-08-04 16:28:16 +02:00
include_once __DIR__ . '/../../core.php' ;
2019-07-18 18:33:56 +02:00
use Models\User ;
2017-09-01 18:13:25 +02:00
$id_utente = filter ( 'id_utente' );
2017-08-04 16:28:16 +02:00
switch ( filter ( 'op' )) {
2019-07-18 18:33:56 +02:00
// Aggiunta nuovo gruppo
case 'add' :
$nome = filter ( 'nome' );
2019-12-09 18:20:12 +01:00
// Verifico che questo nome gruppo non sia già stato usato
2019-07-18 18:33:56 +02:00
if ( $dbo -> fetchNum ( 'SELECT nome FROM zz_groups WHERE nome=' . prepare ( $nome )) == 0 ) {
2019-12-13 16:32:53 +01:00
$dbo -> query ( 'INSERT INTO zz_groups(nome, editable) VALUES(' . prepare ( $nome ) . ', 1)' );
2019-07-18 18:33:56 +02:00
$id_record = $dbo -> lastInsertedID ();
2019-12-13 16:32:53 +01:00
flash () -> info ( tr ( 'Gruppo aggiunto!' ));
2019-07-18 18:33:56 +02:00
} else {
flash () -> error ( tr ( 'Gruppo già esistente!' ));
}
break ;
2017-08-04 16:28:16 +02:00
// Abilita utente
2020-10-28 16:39:44 +01:00
case 'enable_user' :
2017-09-04 10:24:44 +02:00
if ( $dbo -> query ( 'UPDATE zz_users SET enabled=1 WHERE id=' . prepare ( $id_utente ))) {
2018-07-19 17:29:21 +02:00
flash () -> info ( tr ( 'Utente abilitato!' ));
2017-08-04 16:28:16 +02:00
}
break ;
// Disabilita utente
2020-10-28 16:39:44 +01:00
case 'disable_user' :
2017-09-04 10:24:44 +02:00
if ( $dbo -> query ( 'UPDATE zz_users SET enabled=0 WHERE id=' . prepare ( $id_utente ))) {
2018-07-19 17:29:21 +02:00
flash () -> info ( tr ( 'Utente disabilitato!' ));
2017-08-04 16:28:16 +02:00
}
break ;
2019-06-20 16:44:45 +02:00
// Cambio di password e username dell'utente
2019-07-18 18:33:56 +02:00
case 'update_user' :
$username = filter ( 'username' );
2018-11-20 22:39:06 +01:00
$email = filter ( 'email' );
2019-07-18 18:33:56 +02:00
$password = filter ( 'password' );
2017-08-04 16:28:16 +02:00
2019-07-18 18:33:56 +02:00
$id_utente = filter ( 'id_utente' );
2019-12-09 18:20:12 +01:00
if ( $dbo -> fetchNum ( 'SELECT username FROM zz_users WHERE id != ' . prepare ( $id_utente ) . ' AND username=' . prepare ( $username )) == 0 ) {
//Aggiunta/modifica utente
if ( ! empty ( $id_utente )) {
$utente = User :: find ( $id_utente );
$utente -> username = $username ;
$utente -> email = $email ;
$cambia_password = filter ( 'change_password' );
if ( ! empty ( $cambia_password )) {
$utente -> password = $password ;
}
} else {
$gruppo = \Models\Group :: find ( $id_record );
$utente = User :: build ( $gruppo , $username , $email , $password );
2019-07-25 18:05:47 +02:00
}
2017-08-04 16:28:16 +02:00
2019-12-09 18:20:12 +01:00
// Foto
if ( ! empty ( $_FILES [ 'photo' ][ 'tmp_name' ])) {
$utente -> photo = $_FILES [ 'photo' ];
}
2017-08-04 16:28:16 +02:00
2019-12-09 18:20:12 +01:00
// Anagrafica
$id_anagrafica = filter ( 'idanag' );
$utente -> id_anagrafica = $id_anagrafica ;
2017-08-04 16:28:16 +02:00
2019-12-09 18:20:12 +01:00
$utente -> save ();
2017-08-04 16:28:16 +02:00
2019-12-09 18:20:12 +01:00
$dbo -> query ( 'DELETE FROM zz_user_sedi WHERE id_user = ' . prepare ( $id_utente ));
$sedi = post ( 'idsede' );
if ( empty ( $sedi )) {
$sedi = [ 0 ];
}
foreach ( $sedi as $id_sede ) {
$dbo -> query ( 'INSERT INTO `zz_user_sedi` (`id_user`,`idsede`) VALUES (' . prepare ( $id_utente ) . ', ' . prepare ( $id_sede ) . ')' );
}
2019-12-13 10:08:17 +01:00
} else {
2019-12-09 18:20:12 +01:00
flash () -> error ( tr ( 'Utente già esistente!' ));
2018-02-20 14:23:00 +01:00
}
2017-08-04 16:28:16 +02:00
break ;
// Aggiunta di un nuovo utente
2019-07-18 18:33:56 +02:00
case 'self_update' :
$password = filter ( 'password' );
2017-08-04 16:28:16 +02:00
2019-07-18 18:33:56 +02:00
$utente = Auth :: user ();
2017-08-04 16:28:16 +02:00
2019-07-18 18:33:56 +02:00
if ( ! empty ( $password )) {
$utente -> password = $password ;
} elseif ( ! empty ( $_FILES [ 'photo' ][ 'tmp_name' ])) {
$utente -> photo = $_FILES [ 'photo' ];
2017-08-04 16:28:16 +02:00
}
2019-07-18 18:33:56 +02:00
$utente -> save ();
2020-09-23 17:53:19 +02:00
redirect ( base_path () . '/modules/utenti/info.php' );
2017-08-04 16:28:16 +02:00
break ;
2020-02-20 19:25:35 +01:00
// Elimina utente + disattivazione token
2019-07-18 18:33:56 +02:00
case 'delete_user' :
2017-09-04 10:24:44 +02:00
if ( $dbo -> query ( 'DELETE FROM zz_users WHERE id=' . prepare ( $id_utente ))) {
2018-07-19 17:29:21 +02:00
flash () -> info ( tr ( 'Utente eliminato!' ));
2020-02-20 19:25:35 +01:00
2020-10-28 16:45:58 +01:00
if ( $dbo -> query ( 'DELETE FROM zz_tokens WHERE id_utente=' . prepare ( $id_utente ))) {
2020-10-28 16:39:44 +01:00
flash () -> info ( tr ( 'Token eliminato!' ));
2020-02-20 19:25:35 +01:00
}
2017-08-04 16:28:16 +02:00
}
break ;
2018-08-28 17:10:23 +02:00
// Abilita API utente
2018-09-03 16:49:43 +02:00
case 'token_enable' :
2020-02-23 14:21:49 +01:00
$utente = User :: find ( $id_utente );
2020-10-28 16:39:44 +01:00
$already_token = $dbo -> fetchOne ( 'SELECT `id` FROM `zz_tokens` WHERE `id_utente` = ' . prepare ( $id_utente ))[ 'id' ];
2020-11-06 10:46:42 +01:00
if ( empty ( $already_token )) {
2020-10-28 16:39:44 +01:00
//Quando richiamo getApiTokens, non trovando nessun token abilitato ne crea uno nuovo
$tokens = $utente -> getApiTokens ();
foreach ( $tokens as $token ) {
$dbo -> query ( 'UPDATE zz_tokens SET enabled = 1 WHERE id = ' . prepare ( $token [ 'id' ]));
flash () -> info ( tr ( 'Token creato!' ));
}
2020-11-06 10:46:42 +01:00
} elseif ( $dbo -> query ( 'UPDATE zz_tokens SET enabled = 1 WHERE id_utente = ' . prepare ( $id_utente ))) {
2020-10-28 16:39:44 +01:00
flash () -> info ( tr ( 'Token abilitato!' ));
2020-02-23 14:21:49 +01:00
}
2018-08-28 17:10:23 +02:00
break ;
2018-07-02 09:55:16 +02:00
2018-09-03 16:49:43 +02:00
// Disabilita API utente
case 'token_disable' :
2020-02-23 14:21:49 +01:00
$utente = User :: find ( $id_utente );
$tokens = $utente -> getApiTokens ();
2020-02-24 12:21:47 +01:00
foreach ( $tokens as $token ) {
2020-02-23 14:21:49 +01:00
$dbo -> query ( 'UPDATE zz_tokens SET enabled = 0 WHERE id = ' . prepare ( $token [ 'id' ]));
2018-07-02 09:55:16 +02:00
}
2020-02-23 14:21:49 +01:00
2020-10-28 16:39:44 +01:00
flash () -> info ( tr ( 'Token disabilitato!' ));
2018-07-02 09:55:16 +02:00
break ;
2017-08-04 16:28:16 +02:00
// Elimina gruppo
case 'deletegroup' :
// Verifico se questo gruppo si può eliminare
$query = 'SELECT editable FROM zz_groups WHERE id=' . prepare ( $id_record );
$rs = $dbo -> fetchArray ( $query );
if ( $rs [ 0 ][ 'editable' ] == 1 ) {
if ( $dbo -> query ( 'DELETE FROM zz_groups WHERE id=' . prepare ( $id_record ))) {
$dbo -> query ( 'DELETE FROM zz_users WHERE idgruppo=' . prepare ( $id_record ));
2020-10-28 16:45:58 +01:00
$dbo -> query ( 'DELETE FROM zz_tokens WHERE id_utente IN (SELECT id FROM zz_users WHERE idgruppo=' . prepare ( $id_record ) . ')' );
2017-08-04 16:28:16 +02:00
$dbo -> query ( 'DELETE FROM zz_permissions WHERE idgruppo=' . prepare ( $id_record ));
2020-10-28 16:45:58 +01:00
flash () -> info ( tr ( 'Gruppo e relativi utenti eliminati!' ));
2017-08-04 16:28:16 +02:00
}
} else {
2018-07-19 17:29:21 +02:00
flash () -> error ( tr ( 'Questo gruppo non si può eliminare!' ));
2017-08-04 16:28:16 +02:00
}
break ;
2018-09-03 16:49:43 +02:00
// Impostazione/reimpostazione dei permessi di accesso di default
case 'restore_permission' :
//Gruppo Tecnici
if ( $dbo -> fetchArray ( 'SELECT `nome` FROM `zz_groups` WHERE `id` = ' . prepare ( $id_record ))[ 0 ][ 'nome' ] == 'Tecnici' ) {
$permessi = [];
$permessi [ 'Dashboard' ] = 'rw' ;
$permessi [ 'Anagrafiche' ] = 'rw' ;
$permessi [ 'Interventi' ] = 'rw' ;
$permessi [ 'Magazzino' ] = 'rw' ;
$permessi [ 'Articoli' ] = 'rw' ;
2018-08-29 18:15:12 +02:00
2018-09-03 16:49:43 +02:00
$dbo -> query ( 'DELETE FROM zz_permissions WHERE idgruppo=' . prepare ( $id_record ));
2018-08-29 18:15:12 +02:00
2018-09-03 16:49:43 +02:00
foreach ( $permessi as $module_name => $permesso ) {
$module_id = $dbo -> fetchArray ( 'SELECT `id` FROM `zz_modules` WHERE `name` = "' . $module_name . '"' )[ 0 ][ 'id' ];
2018-08-29 18:15:12 +02:00
2018-09-03 16:49:43 +02:00
$dbo -> insert ( 'zz_permissions' , [
'idgruppo' => $id_record ,
'idmodule' => $module_id ,
'permessi' => $permesso ,
]);
}
2018-08-29 18:15:12 +02:00
2018-09-26 15:37:46 +02:00
flash () -> info ( tr ( 'Permessi reimpostati' ));
2018-09-03 16:49:43 +02:00
}
2018-08-29 18:15:12 +02:00
2018-09-03 16:49:43 +02:00
break ;
2017-08-04 16:28:16 +02:00
// Aggiornamento dei permessi di accesso
case 'update_permission' :
$permessi = filter ( 'permesso' );
$idmodulo = filter ( 'idmodulo' );
// Verifico che ci sia il permesso per questo gruppo
2018-08-10 17:14:09 +02:00
if ( $permessi != '-' ) {
$rs = $dbo -> fetchArray ( 'SELECT * FROM zz_permissions WHERE idgruppo=' . prepare ( $id_record ) . ' AND idmodule=' . prepare ( $idmodulo ));
if ( empty ( $rs )) {
$query = 'INSERT INTO zz_permissions(idgruppo, idmodule, permessi) VALUES(' . prepare ( $id_record ) . ', ' . prepare ( $idmodulo ) . ', ' . prepare ( $permessi ) . ')' ;
} else {
$query = 'UPDATE zz_permissions SET permessi=' . prepare ( $permessi ) . ' WHERE id=' . prepare ( $rs [ 0 ][ 'id' ]);
}
2017-08-04 16:28:16 +02:00
2018-08-10 17:14:09 +02:00
// Aggiunta dei permessi relativi alle viste
$count = $dbo -> fetchNum ( 'SELECT * FROM `zz_group_view` WHERE `id_gruppo` = ' . prepare ( $id_record ) . ' AND `id_vista` IN (SELECT `id` FROM `zz_views` WHERE `id_module`=' . prepare ( $idmodulo ) . ')' );
if ( empty ( $count )) {
$results = $dbo -> fetchArray ( 'SELECT `id_vista` FROM `zz_group_view` WHERE `id_vista` IN (SELECT `id` FROM `zz_views` WHERE `id_module`=' . prepare ( $idmodulo ) . ')' );
foreach ( $results as $result ) {
$dbo -> attach ( 'zz_group_view' , [ 'id_vista' => $result [ 'id_vista' ]], [ 'id_gruppo' => $id_record ]);
}
2017-08-24 10:39:32 +02:00
}
2018-08-10 17:14:09 +02:00
} else {
$query = 'DELETE FROM zz_permissions WHERE idgruppo=' . prepare ( $id_record ) . ' AND idmodule=' . prepare ( $idmodulo );
2017-08-24 10:39:32 +02:00
}
2017-08-04 16:28:16 +02:00
$dbo -> query ( $query );
ob_end_clean ();
echo 'ok' ;
break ;
}
