From a8a11c0ece45646c5fd4edf561c3ead17ee3bc38 Mon Sep 17 00:00:00 2001
From: lLefevre <loic.lefevre@prestashop.com>
Date: Mon, 10 Oct 2011 16:10:57 +0000
Subject: [PATCH] [*] BO : Rights verification for multi-shop

git-svn-id: http://dev.prestashop.com/svn/v1/branches/1.5.x@9198 b9a71923-0436-4b27-9f14-aed3839534dd
---
 admin-dev/functions.php           |  10 ++-
 admin-dev/tabs/AdminEmployees.php |  23 +++---
 classes/AdminController.php       |  17 ++++-
 classes/AdminTab.php              |   5 +-
 classes/Employee.php              | 112 ++++++++++++++++++++++--------
 classes/Profile.php               |   2 +-
 classes/shop/Shop.php             |  30 +++++++-
 translations/fr/admin.php         |   7 +-
 8 files changed, 155 insertions(+), 51 deletions(-)

diff --git a/admin-dev/functions.php b/admin-dev/functions.php
index 0cc909d21..d8c30f7cb 100644
--- a/admin-dev/functions.php
+++ b/admin-dev/functions.php
@@ -397,6 +397,7 @@ function simpleXMLToArray ($xml, $flattenValues = true, $flattenAttributes = tru
 function generateShopList()
 {
 	$tree = Shop::getTree();
+	$context = Context::getContext();
 
 	// Get default value
 	list($shopID, $shopGroupID) = Shop::getContext();
@@ -410,14 +411,18 @@ function generateShopList()
 	// Generate HTML
 	$url = $_SERVER['REQUEST_URI'].(($_SERVER['QUERY_STRING']) ? '&' : '?').'setShopContext=';
 	$html = '<select class="shopList" onchange="location.href = \''.$url.'\'+$(this).val();">';
-	$html .= (Context::getContext()->employee->id_profile == _PS_ADMIN_PROFILE_) ? '<option value="" class="first">'.translate('All shops').'</option>' : '';
+
+	if ($context->employee->id_profile == _PS_ADMIN_PROFILE_ ||
+					$context->shop->getTotalShopsWhoExists() == Employee::getTotalEmployeeShopById($context->employee->id))
+		$html .= '<option value="" class="first">'.translate('All shops').'</option>';
+	/*$html .= (Context::getContext()->employee->id_profile == _PS_ADMIN_PROFILE_) ? '<option value="" class="first">'.translate('All shops').'</option>' : '';*/
 	foreach ($tree as $gID => $group_data)
 	{
 		$disabled = ($group_data['totalShops'] != count($group_data['shops'])) ? 'disabled="disabled"' : '';
 		$html .= '<option class="group" value="g-'.$gID.'" '.(($value == 'g-'.$gID) ? 'selected="selected"' : '').' '.$disabled.'>'.htmlspecialchars($group_data['name']).'</option>';
 		foreach ($group_data['shops'] as $sID => $shopData)
 			if ($shopData['active'])
-				$html .= '<option value="s-'.$sID.'" class="shop" '.(($value == 's-'.$sID) ? 'selected="selected"' : '').'>&raquo; '.$shopData['name'].'</option>';
+				$html .= '<option value="s-'.$sID.'" class="shop" '.(($value == 's-'.$sID || $context->shop->id == $sID) ? 'selected="selected"' : '').'>&raquo; '.$shopData['name'].'</option>';
 	}
 	$html .= '</select>';
 
@@ -496,7 +501,6 @@ function runAdminTab($ajaxMode = false)
 				<a href="?token='.Tools::getAdminToken($tab.intval(Tab::getIdFromClassName($tab)).(int)Context::getContext()->employee->id).'">'.translate('Back Office').'</a>
 				'.$bread.'</div>';
 
-
 			if (!$ajaxMode && Shop::isMultiShopActivated() && Context::shop() != Shop::CONTEXT_ALL)
 			{
 				echo '<div class="multishop_info">';
diff --git a/admin-dev/tabs/AdminEmployees.php b/admin-dev/tabs/AdminEmployees.php
index a6629e7c1..7b8681435 100644
--- a/admin-dev/tabs/AdminEmployees.php
+++ b/admin-dev/tabs/AdminEmployees.php
@@ -182,16 +182,23 @@ class AdminEmployees extends AdminTab
 					<script type="text/javascript">
 						$(document).ready(function(){
 							$(\'select[name=id_profile]\').change(function(){
-								var val = $(this).val();
-								if(val == '._PS_ADMIN_PROFILE_.')
-								{
-									$(\'.assoShop input[type=checkbox]\').attr(\'disabled\', \'disabled\');
-									$(\'.assoShop input[type=checkbox]\').attr(\'checked\', \'checked\');
-								}
-								else
-									$(\'.assoShop input[type=checkbox]\').attr(\'disabled\', \'\');
+								ifSuperAdmin($(this));
 							});
+							
+							ifSuperAdmin($(\'select[name=id_profile]\'));
 						});
+
+						function ifSuperAdmin(el)
+						{
+							var val = $(el).val();
+							if(val == '._PS_ADMIN_PROFILE_.')
+							{
+								$(\'.assoShop input[type=checkbox]\').attr(\'disabled\', \'disabled\');
+								$(\'.assoShop input[type=checkbox]\').attr(\'checked\', \'checked\');
+							}
+							else
+								$(\'.assoShop input[type=checkbox]\').attr(\'disabled\', \'\');
+						}
 					</script>
 					';
 					echo '<label>'.$this->l('Shop association:').'</label><div class="margin-form">';
diff --git a/classes/AdminController.php b/classes/AdminController.php
index e1f5974a1..270bfe71e 100644
--- a/classes/AdminController.php
+++ b/classes/AdminController.php
@@ -222,6 +222,7 @@ class AdminControllerCore extends Controller
 	{
 		if ($disable)
 			return true;
+
 		$this->tabAccess = Profile::getProfileAccess($this->context->employee->id_profile, $this->id);
 
 		if ($this->tabAccess['view'] === '1')
@@ -1050,14 +1051,24 @@ class AdminControllerCore extends Controller
 			Tools::redirectAdmin($url['path'].'?'.http_build_query($parseQuery));
 		}
 
-		$shopID = '';
+		$shop_id = '';
 		if ($this->context->cookie->shopContext)
 		{
 			$split = explode('-', $this->context->cookie->shopContext);
 			if (count($split) == 2 && $split[0] == 's')
-				$shopID = (int)$split[1];
+				$shop_id = (int)$split[1];
 		}
-		$this->context->shop = new Shop($shopID);
+		else if ($this->context->employee->id_profile == _PS_ADMIN_PROFILE_)
+			$shop_id = '';
+		else if ($this->context->shop->getTotalShopsWhoExists() != Employee::getTotalEmployeeShopById((int)$this->context->employee->id))
+		{
+			$shops = Employee::getEmployeeShopById((int)$this->context->employee->id);
+			$shop_id = (int)$shops[0];
+		}
+		else
+			Employee::getEmployeeShopAccess((int)$this->context->employee->id);
+
+		$this->context->shop = new Shop($shop_id);
 
 		/* Filter memorization */
 		if (isset($_POST) && !empty($_POST) && isset($this->table))
diff --git a/classes/AdminTab.php b/classes/AdminTab.php
index f3d28ba39..d045018df 100644
--- a/classes/AdminTab.php
+++ b/classes/AdminTab.php
@@ -898,7 +898,8 @@ abstract class AdminTabCore
 		if (!Shop::isMultiShopActivated())
 			return ;
 
-		$assos = self::getAssoShop($this->table, $id_object);
+		if(!$assos = self::getAssoShop($this->table, $id_object))
+			return;
 
 		Db::getInstance()->execute('DELETE FROM '._DB_PREFIX_.$this->table.'_'.$assos[1].($id_object ? ' WHERE `'.$this->identifier.'`='.(int)$id_object : ''));
 		foreach ($assos[0] as $asso)
@@ -915,7 +916,7 @@ abstract class AdminTabCore
 		else if (isset($groupShopAsso[$table]) && $groupShopAsso[$table]['type'] == 'group_shop')
 			$type = 'group_shop';
 		else
-			return ;
+			return;
 
 		$assos = array();
 		foreach ($_POST as $k => $row)
diff --git a/classes/Employee.php b/classes/Employee.php
index 96f69b9cb..9c49e59c4 100644
--- a/classes/Employee.php
+++ b/classes/Employee.php
@@ -27,60 +27,60 @@
 
 class EmployeeCore extends ObjectModel
 {
-	public 		$id;
+	public $id;
 
 	/** @var string Determine employee profile */
-	public 		$id_profile;
+	public $id_profile;
 
 	/** @var string employee language */
-	public 		$id_lang;
+	public $id_lang;
 
 	/** @var string Lastname */
-	public 		$lastname;
+	public $lastname;
 
 	/** @var string Firstname */
-	public 		$firstname;
+	public $firstname;
 
 	/** @var string e-mail */
-	public 		$email;
+	public $email;
 
 	/** @var string Password */
-	public 		$passwd;
+	public $passwd;
 
 	/** @var datetime Password */
-	public 		$last_passwd_gen;
+	public $last_passwd_gen;
 
 	public $stats_date_from;
 	public $stats_date_to;
 
 	/** @var string Display back office background in the specified color */
-	public		$bo_color;
+	public $bo_color;
 
 	/** @var string employee's chosen theme */
-	public		$bo_theme;
+	public $bo_theme;
 
 	/** @var string / enum hover or click mode */
-	public		$bo_uimode;
+	public $bo_uimode;
 
 	/** @var bool, true */
-	public		$bo_show_screencast;
+	public $bo_show_screencast;
 
 	/** @var boolean Status */
-	public 		$active = 1;
+	public $active = 1;
 
 	/** @var boolean show screencast */
-	public 		$show_screencast = 1;
+	public $show_screencast = 1;
 
-	public 		$remote_addr;
+	public $remote_addr;
 
- 	protected 	$fieldsRequired = array('lastname', 'firstname', 'email', 'passwd', 'id_profile', 'id_lang');
- 	protected 	$fieldsSize = array('lastname' => 32, 'firstname' => 32, 'email' => 128, 'passwd' => 32, 'bo_color' => 32, 'bo_theme' => 32);
- 	protected 	$fieldsValidate = array('lastname' => 'isName', 'firstname' => 'isName', 'email' => 'isEmail', 'id_lang' => 'isUnsignedInt',
+ 	protected $fieldsRequired = array('lastname', 'firstname', 'email', 'passwd', 'id_profile', 'id_lang');
+ 	protected $fieldsSize = array('lastname' => 32, 'firstname' => 32, 'email' => 128, 'passwd' => 32, 'bo_color' => 32, 'bo_theme' => 32);
+ 	protected $fieldsValidate = array('lastname' => 'isName', 'firstname' => 'isName', 'email' => 'isEmail', 'id_lang' => 'isUnsignedInt',
 		'passwd' => 'isPasswdAdmin', 'active' => 'isBool', 'id_profile' => 'isInt', 'bo_color' => 'isColor', 'bo_theme' => 'isGenericName',
 		'bo_uimode' => 'isGenericName', 'show_screencast' => 'isBool', 'bo_show_screencast' => 'isBool');
 
-	protected 	$table = 'employee';
-	protected 	$identifier = 'id_employee';
+	protected $table = 'employee';
+	protected $identifier = 'id_employee';
 
 	protected	$webserviceParameters = array(
 		'fields' => array(
@@ -123,10 +123,10 @@ class EmployeeCore extends ObjectModel
 		return $fields;
 	}
 
-	public function add($autodate = true, $nullValues = true)
+	public function add($autodate = true, $null_values = true)
 	{
 		$this->last_passwd_gen = date('Y-m-d H:i:s', strtotime('-'.Configuration::get('PS_PASSWD_TIME_BACK').'minutes'));
-	 	return parent::add($autodate, $nullValues);
+	 	return parent::add($autodate, $null_values);
 	}
 
 	/**
@@ -136,9 +136,9 @@ class EmployeeCore extends ObjectModel
 	  * @param string $passwd Password is also checked if specified
 	  * @return Employee instance
 	  */
-	public function getByEmail($email, $passwd = NULL)
+	public function getByEmail($email, $passwd = null)
 	{
-	 	if (!Validate::isEmail($email) OR ($passwd != NULL AND !Validate::isPasswd($passwd)))
+	 	if (!Validate::isEmail($email) || ($passwd != null && !Validate::isPasswd($passwd)))
 	 		die(Tools::displayError());
 
 		$result = Db::getInstance()->getRow('
@@ -151,7 +151,7 @@ class EmployeeCore extends ObjectModel
 			return false;
 		$this->id = $result['id_employee'];
 		$this->id_profile = $result['id_profile'];
-		foreach ($result AS $key => $value)
+		foreach ($result as $key => $value)
 			if (key_exists($key, $this))
 				$this->{$key} = $value;
 		return $this;
@@ -176,7 +176,7 @@ class EmployeeCore extends ObjectModel
 	  */
 	public static function checkPassword($id_employee, $passwd)
 	{
-	 	if (!Validate::isUnsignedId($id_employee) OR !Validate::isPasswd($passwd, 8))
+	 	if (!Validate::isUnsignedId($id_employee) || !Validate::isPasswd($passwd, 8))
 	 		die (Tools::displayError());
 
 		return Db::getInstance()->getValue('
@@ -187,13 +187,13 @@ class EmployeeCore extends ObjectModel
 		AND active = 1');
 	}
 
-	public static function countProfile($id_profile, $activeOnly = false)
+	public static function countProfile($id_profile, $active_only = false)
 	{
 		return Db::getInstance()->getValue('
 		SELECT COUNT(*)
 		FROM `'._DB_PREFIX_.'employee`
 		WHERE `id_profile` = '.(int)$id_profile.'
-		'.($activeOnly ? ' AND `active` = 1' : ''));
+		'.($active_only ? ' AND `active` = 1' : ''));
 	}
 
 	public function isLastAdmin()
@@ -240,4 +240,60 @@ class EmployeeCore extends ObjectModel
 			Context::getContext()->cookie->logout();
 		$this->id = null;
 	}
+
+	public static function getEmployeeShopAccess($id_employee)
+	{
+		$context = Context::getContext();
+
+		switch ($type = $context->shop->getContextType())
+		{
+			case 1:
+				info('context shop');
+				if ($context->shop->checkIfShopExist($context->shop->id))
+				{
+					if (!in_array($context->shop->id, self::getEmployeeShopById($id_employee)))
+						return false;
+				}
+				else
+					return false;
+			break;
+
+			case 2:
+				info('context group');
+				if ($context->shop->checkIfGroupShopExist($context->shop->getGroupID()))
+				{
+					$shops = $context->shop->getIdShopsByIdGroupShop($context->shop->getGroupID());
+					foreach ($shops as $shop)
+						if (!in_array($shop, self::getEmployeeShopById($id_employee)))
+							return false;
+				}
+				else
+					return false;
+			break;
+
+			case 3:
+				info('context all');
+				if ($context->employee->id_profile == _PS_ADMIN_PROFILE_ ||
+					$context->shop->getTotalShopsWhoExists() == self::getTotalEmployeeShopById($id_employee))
+					return true;
+				else
+					return false;
+			break;
+		}
+		return true;
+	}
+
+	public static function getTotalEmployeeShopById($id)
+	{
+		return (int)Db::getInstance()->getValue(sprintf('SELECT COUNT(*) FROM`'._DB_PREFIX_.'employee_shop` WHERE `id_employee` = %d', (int)$id));
+	}
+
+	public static function getEmployeeShopById($id)
+	{
+		$result = Db::getInstance()->executeS(sprintf('SELECT * FROM`'._DB_PREFIX_.'employee_shop` WHERE `id_employee` = %d', (int)$id));
+		$data = array();
+		foreach ($result as $group_data)
+			$data[] = (int)$group_data['id_shop'];
+		return $data;
+	}
 }
\ No newline at end of file
diff --git a/classes/Profile.php b/classes/Profile.php
index 90fdcb834..716230012 100644
--- a/classes/Profile.php
+++ b/classes/Profile.php
@@ -64,7 +64,7 @@ class ProfileCore extends ObjectModel
 		SELECT p.`id_profile`, `name`
 		FROM `'._DB_PREFIX_.'profile` p
 		LEFT JOIN `'._DB_PREFIX_.'profile_lang` pl ON (p.`id_profile` = pl.`id_profile` AND `id_lang` = '.(int)($id_lang).')
-		ORDER BY `name` ASC');
+		ORDER BY `id_profile` ASC');
 	}
 
 	/**
diff --git a/classes/shop/Shop.php b/classes/shop/Shop.php
index 9d64a029d..fa17bb48d 100644
--- a/classes/shop/Shop.php
+++ b/classes/shop/Shop.php
@@ -440,6 +440,7 @@ class ShopCore extends ObjectModel
 	public static function getShops($active = true, $id_group_shop = null, $get_as_list_id = false)
 	{
 		Shop::cacheShops();
+
 		$results = array();
 		foreach (self::$shops as $group_id => $group_data)
 			foreach ($group_data['shops'] as $id => $shop_data)
@@ -492,12 +493,29 @@ class ShopCore extends ObjectModel
 		return count(Shop::getShops($active));
 	}
 
+	/**
+	 * @return int Total of shops
+	 */
+	public static function getTotalShopsWhoExists()
+	{
+		return (int)Db::getInstance()->getValue('SELECT COUNT(*) FROM `'._DB_PREFIX_.'shop`');
+	}
+
 	/**
 	 * @return int Total of shops
 	 */
 	public static function getTotalShopsByIdGroupShop($id)
 	{
-		return (int)Db::getInstance()->getValue(sprintf('SELECT COUNT(*) FROM '._DB_PREFIX_.'shop WHERE id_group_shop = %d', (int)$id));
+		return (int)Db::getInstance()->getValue(sprintf('SELECT COUNT(*) FROM `'._DB_PREFIX_.'shop` WHERE `id_group_shop` = %d', (int)$id));
+	}
+
+	public static function getIdShopsByIdGroupShop($id)
+	{
+		$result = Db::getInstance()->executeS(sprintf('SELECT `id_shop`, `id_group_shop` FROM `'._DB_PREFIX_.'shop` WHERE `id_group_shop` = %d', (int)$id));
+		$data = array();
+		foreach ($result as $group_data)
+			$data[] = (int)$group_data['id_shop'];
+		return $data;
 	}
 
 	/**
@@ -762,4 +780,14 @@ class ShopCore extends ObjectModel
 			}*/
 		}
 	}
+
+	public function checkIfShopExist($id)
+	{
+		return (int)Db::getInstance()->getValue(sprintf('SELECT COUNT(*) FROM`'._DB_PREFIX_.'shop` WHERE `id_shop` = %d', (int)$id));
+	}
+
+	public function checkIfGroupShopExist($id)
+	{
+		return (int)Db::getInstance()->getValue(sprintf('SELECT COUNT(*) FROM`'._DB_PREFIX_.'group_shop` WHERE `id_group_shop` = %d', (int)$id));
+	}
 }
\ No newline at end of file
diff --git a/translations/fr/admin.php b/translations/fr/admin.php
index f9872d6bf..366faa71f 100644
--- a/translations/fr/admin.php
+++ b/translations/fr/admin.php
@@ -315,12 +315,8 @@ $_LANGADM['AdminCarts2fb3b950fd7711136f7f251ae5fbdbdc'] = 'Texte #';
 $_LANGADM['AdminCarts853ae90f0351324bd73ea615e6487517'] = ':';
 $_LANGADM['AdminCartsf2a6c498fb90ee345d997f888fce3b18'] = 'Supprimer';
 $_LANGADM['AdminCarts0071aa279bd1583754a544277740f047'] = 'Supprimer objet #';
-$_LANGADM['AdminCatalog630f6dc397fe74e52d5189e2c80f282b'] = 'Retour à la liste';
-$_LANGADM['AdminCatalog6110e3692a789bcff0870b04b13a06bb'] = 'Retour à l\'accueil';
-$_LANGADM['AdminCatalogc61cd01963c2a9f399c2906e02c7a52a'] = 'Retour au catalogue';
 $_LANGADM['AdminCatalog62381fc27e62649a16182a616de3f7ea'] = 'Catégorie actuelle';
 $_LANGADM['AdminCatalogaf1b98adf7f686b84cd0b443e022b7a0'] = 'Catégories';
-$_LANGADM['AdminCatalog4afecbe4d149447b74b9ab54434c42e4'] = 'Produits dans cette catégorie';
 $_LANGADM['AdminCategoriesb718adec73e04ce3ec720dd11a06a308'] = 'ID';
 $_LANGADM['AdminCategories49ee3087348e8d44e1feda1917443987'] = 'Nom';
 $_LANGADM['AdminCategoriesb5a7adde1af5c87d7fd797b6245c2a39'] = 'Informations complémentaires';
@@ -867,7 +863,7 @@ $_LANGADM['AdminEmployeesa9e4402481bd9b8e36752bf731f67eb6'] = 'Thème :';
 $_LANGADM['AdminEmployeese4b41fb20213ac1461a81cb0c310bd97'] = 'Mode d\'interface';
 $_LANGADM['AdminEmployeesf177aa999000021a3901ac78a2728b59'] = 'Affichage au survol';
 $_LANGADM['AdminEmployeesd4e0f6342c209912053fec10be72c94b'] = 'Affichage au clic';
-$_LANGADM['AdminEmployees79f79257476673a2aea1b2a41adf3384'] = 'Afficher le screencast:';
+$_LANGADM['AdminEmployees79f79257476673a2aea1b2a41adf3384'] = 'Afficher le screencast :';
 $_LANGADM['AdminEmployees00d23a76e43b46dae9ec7aa9dcbebb32'] = 'Activé';
 $_LANGADM['AdminEmployeesb9f5c797ebbf55adccdd8539a65a0241'] = 'Désactivé';
 $_LANGADM['AdminEmployees4d1f8c97363b784de6d8924bc655cab6'] = 'Afficher la vidéo de présentation sur le tableau de bord du panneau d\'administration';
@@ -875,6 +871,7 @@ $_LANGADM['AdminEmployees24a23d787190f2c4812ff9ab11847a72'] = 'Statut :';
 $_LANGADM['AdminEmployees41bc9496fbde8565bd5fc699e513fbd9'] = 'Autoriser cet employé à se connecter au Back Office';
 $_LANGADM['AdminEmployees9fbf3617c6172a75648e9ac0a864bb56'] = 'Profil :';
 $_LANGADM['AdminEmployees7bc873cba11f035df692c3549366c722'] = '-- Choisissez --';
+$_LANGADM['AdminEmployeesf16b5952df8d25ea30b25ff95ee8fedf'] = 'Boutique associée :';
 $_LANGADM['AdminEmployees38fb7d24e0d60a048f540ecb18e13376'] = 'Enregistrer';
 $_LANGADM['AdminEmployees19f823c6453c2b1ffd09cb715214813d'] = 'Champs requis';
 $_LANGADM['AdminFeatures49ee3087348e8d44e1feda1917443987'] = 'Nom';