2017-08-04 16:28:16 +02:00
< ? php
2020-09-07 15:04:06 +02:00
/*
* OpenSTAManager : il software gestionale open source per l ' assistenza tecnica e la fatturazione
2021-01-20 15:08:51 +01:00
* Copyright ( C ) DevCode s . r . l .
2020-09-07 15:04:06 +02:00
*
* This program is free software : you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation , either version 3 of the License , or
* ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
* along with this program . If not , see < https :// www . gnu . org / licenses />.
*/
2017-08-04 16:28:16 +02:00
include_once __DIR__ . '/../../core.php' ;
2024-03-12 16:39:34 +01:00
use Models\Group ;
2024-03-22 15:52:24 +01:00
use Models\Module ;
use Models\User ;
2019-07-18 18:33:56 +02:00
2017-09-01 18:13:25 +02:00
$id_utente = filter ( 'id_utente' );
2017-08-04 16:28:16 +02:00
switch ( filter ( 'op' )) {
2019-07-18 18:33:56 +02:00
// Aggiunta nuovo gruppo
case 'add' :
2024-01-18 22:39:15 +01:00
$nome = filter ( 'nome' );
$id_module_start = filter ( 'id_module_start' ) ? : null ;
$theme = filter ( 'theme' ) ? : null ;
2024-01-31 14:23:46 +01:00
2019-12-09 18:20:12 +01:00
// Verifico che questo nome gruppo non sia già stato usato
2024-03-20 11:13:28 +01:00
if (( new Group ()) -> getByField ( 'name' , $nome ) == null ) {
2024-03-12 16:39:34 +01:00
$group = Group :: build ( $nome , $theme , $id_module_start );
2019-07-18 18:33:56 +02:00
$id_record = $dbo -> lastInsertedID ();
2024-03-12 16:39:34 +01:00
$group -> editable = 1 ;
2024-03-20 11:13:28 +01:00
$group -> setTranslation ( 'name' , $nome );
2024-03-12 16:39:34 +01:00
$group -> save ();
2019-12-13 16:32:53 +01:00
2024-01-31 14:23:46 +01:00
if ( $id_module_start ) {
2024-01-18 22:39:15 +01:00
$dbo -> insert ( 'zz_permissions' , [
'idgruppo' => $id_record ,
'idmodule' => $id_module_start ,
'permessi' => 'r' ,
]);
}
2019-12-13 16:32:53 +01:00
flash () -> info ( tr ( 'Gruppo aggiunto!' ));
2019-07-18 18:33:56 +02:00
} else {
flash () -> error ( tr ( 'Gruppo già esistente!' ));
}
break ;
2024-01-15 15:30:45 +01:00
// Abilita utente
2020-10-28 16:39:44 +01:00
case 'enable_user' :
2024-03-12 16:39:34 +01:00
if ( $dbo -> query ( 'UPDATE `zz_users` SET `enabled`=1 WHERE `id`=' . prepare ( $id_utente ))) {
2018-07-19 17:29:21 +02:00
flash () -> info ( tr ( 'Utente abilitato!' ));
2017-08-04 16:28:16 +02:00
}
break ;
2024-01-15 15:30:45 +01:00
// Disabilita utente
2020-10-28 16:39:44 +01:00
case 'disable_user' :
2024-03-12 16:39:34 +01:00
if ( $dbo -> query ( 'UPDATE `zz_users` SET `enabled`=0 WHERE `id`=' . prepare ( $id_utente ))) {
2018-07-19 17:29:21 +02:00
flash () -> info ( tr ( 'Utente disabilitato!' ));
2017-08-04 16:28:16 +02:00
}
break ;
2024-01-15 15:30:45 +01:00
// Cambio di password e username dell'utente
2019-07-18 18:33:56 +02:00
case 'update_user' :
$username = filter ( 'username' );
2018-11-20 22:39:06 +01:00
$email = filter ( 'email' );
2023-11-17 16:41:52 +01:00
$password = $_POST [ 'password' ];
2017-08-04 16:28:16 +02:00
2019-07-18 18:33:56 +02:00
$id_utente = filter ( 'id_utente' );
2024-03-12 16:39:34 +01:00
if ( $dbo -> fetchNum ( 'SELECT `username` FROM `zz_users` WHERE `id` != ' . prepare ( $id_utente ) . ' AND `username`=' . prepare ( $username )) == 0 ) {
2024-01-15 15:30:45 +01:00
// Aggiunta/modifica utente
2019-12-09 18:20:12 +01:00
if ( ! empty ( $id_utente )) {
$utente = User :: find ( $id_utente );
$utente -> username = $username ;
$utente -> email = $email ;
$cambia_password = filter ( 'change_password' );
if ( ! empty ( $cambia_password )) {
$utente -> password = $password ;
}
} else {
2024-03-22 15:52:24 +01:00
$gruppo = Group :: find ( $id_record );
2019-12-09 18:20:12 +01:00
$utente = User :: build ( $gruppo , $username , $email , $password );
2019-07-25 18:05:47 +02:00
}
2017-08-04 16:28:16 +02:00
2019-12-09 18:20:12 +01:00
// Foto
if ( ! empty ( $_FILES [ 'photo' ][ 'tmp_name' ])) {
$utente -> photo = $_FILES [ 'photo' ];
}
2017-08-04 16:28:16 +02:00
2019-12-09 18:20:12 +01:00
// Anagrafica
$id_anagrafica = filter ( 'idanag' );
$utente -> id_anagrafica = $id_anagrafica ;
2017-08-04 16:28:16 +02:00
2023-03-07 19:15:02 +01:00
// Gruppo
$id_gruppo = filter ( 'idgruppo' );
$utente -> idgruppo = $id_gruppo ;
2019-12-09 18:20:12 +01:00
$utente -> save ();
2017-08-04 16:28:16 +02:00
2019-12-09 18:20:12 +01:00
$dbo -> query ( 'DELETE FROM zz_user_sedi WHERE id_user = ' . prepare ( $id_utente ));
$sedi = post ( 'idsede' );
if ( empty ( $sedi )) {
$sedi = [ 0 ];
}
foreach ( $sedi as $id_sede ) {
$dbo -> query ( 'INSERT INTO `zz_user_sedi` (`id_user`,`idsede`) VALUES (' . prepare ( $id_utente ) . ', ' . prepare ( $id_sede ) . ')' );
}
2023-03-07 19:22:37 +01:00
flash () -> info ( tr ( " Informazioni per l'utente _USERNAME_ salvate correttamente! " , [
'_USERNAME_' => $utente -> username ,
]));
2019-12-13 10:08:17 +01:00
} else {
2023-08-04 14:54:28 +02:00
flash () -> error ( tr ( 'Utente _USERNAME_ già esistente!' , [
2023-03-07 19:22:37 +01:00
'_USERNAME_' => $username ,
]));
2018-02-20 14:23:00 +01:00
}
2017-08-04 16:28:16 +02:00
break ;
2024-01-15 15:30:45 +01:00
// Aggiunta di un nuovo utente
2019-07-18 18:33:56 +02:00
case 'self_update' :
2023-11-17 16:41:52 +01:00
$password = filter ( 'password' , null , true );
2017-08-04 16:28:16 +02:00
2019-07-18 18:33:56 +02:00
$utente = Auth :: user ();
2017-08-04 16:28:16 +02:00
2019-07-18 18:33:56 +02:00
if ( ! empty ( $password )) {
$utente -> password = $password ;
} elseif ( ! empty ( $_FILES [ 'photo' ][ 'tmp_name' ])) {
$utente -> photo = $_FILES [ 'photo' ];
2017-08-04 16:28:16 +02:00
}
2019-07-18 18:33:56 +02:00
$utente -> save ();
2020-09-23 17:53:19 +02:00
redirect ( base_path () . '/modules/utenti/info.php' );
2017-08-04 16:28:16 +02:00
break ;
2024-01-15 15:30:45 +01:00
// Elimina utente + disattivazione token
2019-07-18 18:33:56 +02:00
case 'delete_user' :
2024-03-05 16:01:45 +01:00
$utente = User :: find ( $id_utente );
/* Controlla che non posso auto eliminarmi */
if ( Auth :: user () -> id != $utente -> id ) {
/* Controlla che l'utente che voglio eliminare non presenti logs associati */
2024-03-22 15:52:24 +01:00
if ( count ( $utente -> logs ) > 0 ) {
2024-03-05 16:01:45 +01:00
if ( $dbo -> query ( 'DELETE FROM zz_users WHERE id=' . prepare ( $id_utente ))) {
flash () -> info ( tr ( 'Utente eliminato!' ));
2020-02-20 19:25:35 +01:00
2024-03-05 16:01:45 +01:00
if ( $dbo -> query ( 'DELETE FROM zz_tokens WHERE id_utente=' . prepare ( $id_utente ))) {
flash () -> info ( tr ( 'Token eliminato!' ));
}
}
2024-03-22 15:52:24 +01:00
} else {
2024-03-05 16:01:45 +01:00
flash () -> error ( tr ( 'L\'utente _USER_ presenta dei log attivi. Impossibile eliminare utente.' , [ '_USER_' => $utente -> username ]));
$dbo -> update ( 'zz_users' , [
'enabled' => 0 ,
], [ 'id' => $id_utente ]);
flash () -> info ( tr ( 'Utente disabilitato!' ));
if ( $dbo -> query ( 'DELETE FROM zz_tokens WHERE id_utente=' . prepare ( $id_utente ))) {
flash () -> info ( tr ( 'Token eliminato!' ));
} flash () -> info ( tr ( 'Token eliminato!' ));
}
2024-03-22 15:52:24 +01:00
} else {
flash () -> error ( tr ( 'L\'utente _USER_ è l\'utente attuale. Impossibile eliminare utente.' , [ '_USER_' => $utente -> username ]));
2017-08-04 16:28:16 +02:00
}
2024-03-05 16:01:45 +01:00
2017-08-04 16:28:16 +02:00
break ;
2024-01-15 15:30:45 +01:00
// Abilita API utente
2018-09-03 16:49:43 +02:00
case 'token_enable' :
2020-02-23 14:21:49 +01:00
$utente = User :: find ( $id_utente );
2020-10-28 16:39:44 +01:00
$already_token = $dbo -> fetchOne ( 'SELECT `id` FROM `zz_tokens` WHERE `id_utente` = ' . prepare ( $id_utente ))[ 'id' ];
2020-11-06 10:46:42 +01:00
if ( empty ( $already_token )) {
2024-01-15 15:30:45 +01:00
// Quando richiamo getApiTokens, non trovando nessun token abilitato ne crea uno nuovo
2020-10-28 16:39:44 +01:00
$tokens = $utente -> getApiTokens ();
foreach ( $tokens as $token ) {
$dbo -> query ( 'UPDATE zz_tokens SET enabled = 1 WHERE id = ' . prepare ( $token [ 'id' ]));
flash () -> info ( tr ( 'Token creato!' ));
}
2020-11-06 10:46:42 +01:00
} elseif ( $dbo -> query ( 'UPDATE zz_tokens SET enabled = 1 WHERE id_utente = ' . prepare ( $id_utente ))) {
2020-10-28 16:39:44 +01:00
flash () -> info ( tr ( 'Token abilitato!' ));
2020-02-23 14:21:49 +01:00
}
2018-08-28 17:10:23 +02:00
break ;
2018-07-02 09:55:16 +02:00
2024-01-15 15:30:45 +01:00
// Disabilita API utente
2018-09-03 16:49:43 +02:00
case 'token_disable' :
2020-02-23 14:21:49 +01:00
$utente = User :: find ( $id_utente );
$tokens = $utente -> getApiTokens ();
2020-02-24 12:21:47 +01:00
foreach ( $tokens as $token ) {
2020-02-23 14:21:49 +01:00
$dbo -> query ( 'UPDATE zz_tokens SET enabled = 0 WHERE id = ' . prepare ( $token [ 'id' ]));
2018-07-02 09:55:16 +02:00
}
2020-02-23 14:21:49 +01:00
2020-10-28 16:39:44 +01:00
flash () -> info ( tr ( 'Token disabilitato!' ));
2018-07-02 09:55:16 +02:00
break ;
2024-01-15 15:30:45 +01:00
// Elimina gruppo
2017-08-04 16:28:16 +02:00
case 'deletegroup' :
// Verifico se questo gruppo si può eliminare
2024-03-12 16:39:34 +01:00
$query = 'SELECT `editable` FROM `zz_groups` WHERE `id`=' . prepare ( $id_record );
2017-08-04 16:28:16 +02:00
$rs = $dbo -> fetchArray ( $query );
if ( $rs [ 0 ][ 'editable' ] == 1 ) {
2024-03-12 16:39:34 +01:00
if ( $dbo -> query ( 'DELETE FROM `zz_groups` WHERE `id`=' . prepare ( $id_record ))) {
$dbo -> query ( 'DELETE FROM `zz_users` WHERE `idgruppo`=' . prepare ( $id_record ));
$dbo -> query ( 'DELETE FROM `zz_tokens` WHERE `id_utente` IN (SELECT `id` FROM `zz_users` WHERE `idgruppo`=' . prepare ( $id_record ) . ')' );
$dbo -> query ( 'DELETE FROM `zz_permissions` WHERE `idgruppo`=' . prepare ( $id_record ));
2020-10-28 16:45:58 +01:00
flash () -> info ( tr ( 'Gruppo e relativi utenti eliminati!' ));
2017-08-04 16:28:16 +02:00
}
} else {
2018-07-19 17:29:21 +02:00
flash () -> error ( tr ( 'Questo gruppo non si può eliminare!' ));
2017-08-04 16:28:16 +02:00
}
break ;
2024-01-15 15:30:45 +01:00
// Impostazione/reimpostazione dei permessi di accesso di default
2018-09-03 16:49:43 +02:00
case 'restore_permission' :
2024-01-15 15:30:45 +01:00
// Gruppo Tecnici
2018-09-03 16:49:43 +02:00
if ( $dbo -> fetchArray ( 'SELECT `nome` FROM `zz_groups` WHERE `id` = ' . prepare ( $id_record ))[ 0 ][ 'nome' ] == 'Tecnici' ) {
$permessi = [];
$permessi [ 'Dashboard' ] = 'rw' ;
$permessi [ 'Anagrafiche' ] = 'rw' ;
$permessi [ 'Interventi' ] = 'rw' ;
$permessi [ 'Magazzino' ] = 'rw' ;
$permessi [ 'Articoli' ] = 'rw' ;
2018-08-29 18:15:12 +02:00
2018-09-03 16:49:43 +02:00
$dbo -> query ( 'DELETE FROM zz_permissions WHERE idgruppo=' . prepare ( $id_record ));
2018-08-29 18:15:12 +02:00
2018-09-03 16:49:43 +02:00
foreach ( $permessi as $module_name => $permesso ) {
2024-03-20 11:13:28 +01:00
$module_id = ( new Module ()) -> getByField ( 'name' , $module_name );
2018-08-29 18:15:12 +02:00
2018-09-03 16:49:43 +02:00
$dbo -> insert ( 'zz_permissions' , [
'idgruppo' => $id_record ,
'idmodule' => $module_id ,
'permessi' => $permesso ,
]);
}
2018-08-29 18:15:12 +02:00
2018-09-26 15:37:46 +02:00
flash () -> info ( tr ( 'Permessi reimpostati' ));
2018-09-03 16:49:43 +02:00
}
2018-08-29 18:15:12 +02:00
2024-01-15 15:30:45 +01:00
break ;
2017-08-04 16:28:16 +02:00
2024-01-15 15:30:45 +01:00
// Aggiornamento dei permessi di accesso
2017-08-04 16:28:16 +02:00
case 'update_permission' :
$permessi = filter ( 'permesso' );
$idmodulo = filter ( 'idmodulo' );
// Verifico che ci sia il permesso per questo gruppo
2018-08-10 17:14:09 +02:00
if ( $permessi != '-' ) {
$rs = $dbo -> fetchArray ( 'SELECT * FROM zz_permissions WHERE idgruppo=' . prepare ( $id_record ) . ' AND idmodule=' . prepare ( $idmodulo ));
if ( empty ( $rs )) {
$query = 'INSERT INTO zz_permissions(idgruppo, idmodule, permessi) VALUES(' . prepare ( $id_record ) . ', ' . prepare ( $idmodulo ) . ', ' . prepare ( $permessi ) . ')' ;
} else {
$query = 'UPDATE zz_permissions SET permessi=' . prepare ( $permessi ) . ' WHERE id=' . prepare ( $rs [ 0 ][ 'id' ]);
}
2017-08-04 16:28:16 +02:00
2018-08-10 17:14:09 +02:00
// Aggiunta dei permessi relativi alle viste
$count = $dbo -> fetchNum ( 'SELECT * FROM `zz_group_view` WHERE `id_gruppo` = ' . prepare ( $id_record ) . ' AND `id_vista` IN (SELECT `id` FROM `zz_views` WHERE `id_module`=' . prepare ( $idmodulo ) . ')' );
if ( empty ( $count )) {
$results = $dbo -> fetchArray ( 'SELECT `id_vista` FROM `zz_group_view` WHERE `id_vista` IN (SELECT `id` FROM `zz_views` WHERE `id_module`=' . prepare ( $idmodulo ) . ')' );
foreach ( $results as $result ) {
$dbo -> attach ( 'zz_group_view' , [ 'id_vista' => $result [ 'id_vista' ]], [ 'id_gruppo' => $id_record ]);
}
2017-08-24 10:39:32 +02:00
}
2018-08-10 17:14:09 +02:00
} else {
$query = 'DELETE FROM zz_permissions WHERE idgruppo=' . prepare ( $id_record ) . ' AND idmodule=' . prepare ( $idmodulo );
2017-08-24 10:39:32 +02:00
}
2017-08-04 16:28:16 +02:00
$dbo -> query ( $query );
ob_end_clean ();
echo 'ok' ;
2022-08-29 17:48:19 +02:00
break ;
2024-01-18 22:39:15 +01:00
case 'update_id_module_start' :
2024-03-12 17:27:26 +01:00
try {
$group -> id_module_start = filter ( 'id_module_start' );
$group -> save ();
echo 'ok' ;
} catch ( Exception $e ) {
echo $e -> getMessage ();
}
2022-08-29 17:48:19 +02:00
2024-01-18 22:39:15 +01:00
break ;
2024-03-12 17:27:26 +01:00
2024-01-18 22:39:15 +01:00
case 'update_theme' :
2024-03-12 17:27:26 +01:00
try {
$group -> theme = filter ( 'theme' );
$group -> save ();
echo 'ok' ;
} catch ( Exception $e ) {
echo $e -> getMessage ();
}
2024-01-18 22:39:15 +01:00
2017-08-04 16:28:16 +02:00
break ;
}