* @copyright 2007-2011 PrestaShop SA * @version Release: $Revision: 6844 $ * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0) * International Registered Trademark & Property of PrestaShop SA */ include_once(PS_ADMIN_DIR.'/../classes/AdminTab.php'); class AdminAccess extends AdminTab { public function postProcess() { if (Tools::isSubmit('submitAddaccess') AND $action = Tools::getValue('action') AND $id_tab = (int)(Tools::getValue('id_tab')) AND $id_profile = (int)(Tools::getValue('id_profile')) AND $this->tabAccess['edit'] == 1) { if ($id_tab == -1 AND $action == 'all' AND (int)(Tools::getValue('perm')) == 0) Db::getInstance()->Execute('UPDATE `'._DB_PREFIX_.'access` SET `view` = '.(int)(Tools::getValue('perm')).', `add` = '.(int)(Tools::getValue('perm')).', `edit` = '.(int)(Tools::getValue('perm')).', `delete` = '.(int)(Tools::getValue('perm')).' WHERE `id_profile` = '.(int)($id_profile).' AND `id_tab` != 31'); elseif ($id_tab == -1 AND $action == 'all') Db::getInstance()->Execute('UPDATE `'._DB_PREFIX_.'access` SET `view` = '.(int)(Tools::getValue('perm')).', `add` = '.(int)(Tools::getValue('perm')).', `edit` = '.(int)(Tools::getValue('perm')).', `delete` = '.(int)(Tools::getValue('perm')).' WHERE `id_profile` = '.(int)($id_profile)); elseif ($id_tab == -1) Db::getInstance()->Execute('UPDATE `'._DB_PREFIX_.'access` SET `'.pSQL($action).'` = '.(int)(Tools::getValue('perm')).' WHERE `id_profile` = '.(int)($id_profile)); elseif ($action == 'all') Db::getInstance()->Execute('UPDATE `'._DB_PREFIX_.'access` SET `view` = '.(int)(Tools::getValue('perm')).', `add` = '.(int)(Tools::getValue('perm')).', `edit` = '.(int)(Tools::getValue('perm')).', `delete` = '.(int)(Tools::getValue('perm')).' WHERE `id_tab` = '.(int)($id_tab).' AND `id_profile` = '.(int)($id_profile)); else Db::getInstance()->Execute('UPDATE `'._DB_PREFIX_.'access` SET `'.pSQL($action).'` = '.(int)(Tools::getValue('perm')).' WHERE `id_tab` = '.(int)($id_tab).' AND `id_profile` = '.(int)($id_profile)); } } public function display() { $this->displayForm(); } /** * Get the current profile id * * @return the $_GET['profile'] if valid, else 1 (the first profile id) */ function getCurrentProfileId() { return (isset($_GET['profile']) AND !empty($_GET['profile']) AND is_numeric($_GET['profile'])) ? (int)($_GET['profile']) : 1; } public function displayForm($isMainTab = true) { parent::displayForm(); $currentProfile = (int)($this->getCurrentProfileId()); $tabs = Tab::getTabs($this->context->language->id); $profiles = Profile::getProfiles($this->context->language->id); $accesses = Profile::getProfileAccesses($this->context->employee->id_profile); echo '

'; if ($currentProfile != (int)(_PS_ADMIN_PROFILE_)) echo ' '; if (!sizeof($tabs)) echo ''; elseif ($currentProfile == (int)(_PS_ADMIN_PROFILE_)) echo ''; else foreach ($tabs AS $tab) if (!$tab['id_parent'] OR (int)($tab['id_parent']) == -1) { $this->printTabAccess((int)($currentProfile), $tab, $accesses[$tab['id_tab']], false, $tabsize, sizeof($tabs)); foreach ($tabs AS $child) if ($child['id_parent'] === $tab['id_tab']) if (isset($accesses[$child['id_tab']])) $this->printTabAccess($currentProfile, $child, $accesses[$child['id_tab']], true, $tabsize, sizeof($tabs)); } echo '

	tabAccess['edit'] == 1 ? 'onclick="ajax_power(this, \'view\', -1, '.$currentProfile.', \''.$this->token.'\', \''.$tabsize.'\', \''.sizeof($tabs).'\')"' : 'disabled="disabled"').' /> '.$this->l('View').'	tabAccess['edit'] == 1 ? 'onclick="ajax_power(this, \'add\', -1, '.$currentProfile.', \''.$this->token.'\', \''.$tabsize.'\', \''.sizeof($tabs).'\')"' : 'disabled="disabled"').' /> '.$this->l('Add').'	tabAccess['edit'] == 1 ? 'onclick="ajax_power(this, \'edit\', -1, '.$currentProfile.', \''.$this->token.'\', \''.$tabsize.'\', \''.sizeof($tabs).'\')"' : 'disabled="disabled"').' /> '.$this->l('Edit').'	tabAccess['edit'] == 1 ? 'onclick="ajax_power(this, \'delete\', -1, '.$currentProfile.', \''.$this->token.'\', \''.$tabsize.'\', \''.sizeof($tabs).'\')"' : 'disabled="disabled"').' /> '.$this->l('Delete').'	tabAccess['edit'] == 1 ? 'onclick="ajax_power(this, \'all\', -1, '.$currentProfile.', \''.$this->token.'\', \''.$tabsize.'\', \''.sizeof($tabs).'\')"' : 'disabled="disabled"').' /> '.$this->l('All').'
'.$this->l('No tab').'
'.$this->l('Administrator permissions can\'t be modified.').'

'; if ($currentProfile != (int)(_PS_ADMIN_PROFILE_)) $this->displayModuleAccesses($currentProfile); echo '

'; } private function printTabAccess($currentProfile, $tab, $access, $is_child, $tabsize, $tabnumber) { $result_accesses = 0; $perms = array('view', 'add', 'edit', 'delete'); echo ''.($is_child ? ' » ' : '').$tab['name'].''; foreach ($perms as $perm) { if ($this->tabAccess['edit'] == 1) echo ''; else echo ''; $result_accesses += $access[$perm]; } echo ' tabAccess['edit'] == 1 ? 'onclick="ajax_power(this, \'all\', '.(int)($access['id_tab']).', '.(int)($access['id_profile']).', \''.$this->token.'\', \''.$tabsize.'\', \''.$tabnumber.'\')"' : 'disabled="disabled"').' '.($result_accesses == 4 ? 'checked="checked"' : '').' /> '; } public function ajaxProcess() { if (Tools::isSubmit('changeModuleAccess')) { if ($action = Tools::getValue('action') AND $variable = Tools::getValue('variable') AND $id_module = (int)Tools::getValue('id_module') AND $id_profile = (int)Tools::getValue('id_profile') AND $this->tabAccess['edit'] == 1) { if (!in_array($variable, array('view', 'configure'))) die (Tools::displayErrors('unknown variable')); $action = ($action == 'true' ? 1 : 0); if ($id_module == -1) Db::getInstance()->Execute('UPDATE `'._DB_PREFIX_.'module_access` SET `'.pSQL($variable).'` = '.(int)$action.' WHERE `id_profile` = '.(int)$id_profile); else Db::getInstance()->Execute('UPDATE `'._DB_PREFIX_.'module_access` SET `'.pSQL($variable).'` = '.(int)$action.' WHERE `id_module` = '.(int)$id_module.' AND `id_profile` = '.(int)$id_profile); die ('ok'); } die ('inconsistent data'); } } private function displayModuleAccesses($currentProfile) { echo ' '; $modules = Db::getInstance(_PS_USE_SQL_SLAVE_)->ExecuteS(' SELECT ma.id_module, m.name, ma.`view`, ma.`configure` FROM '._DB_PREFIX_.'module_access ma LEFT JOIN '._DB_PREFIX_.'module m ON ma.id_module = m.id_module WHERE id_profile = '.(int)$currentProfile.' ORDER BY m.name'); if (!sizeof($modules)) echo ''; else foreach ($modules AS $module) echo ''; echo '

'.$this->l('Modules').'	tabAccess['edit'] == 1 ? 'onclick="changeModuleAccess(this, -1, \'view\');"' : 'disabled="disabled"').' /> '.$this->l('View').'	tabAccess['edit'] == 1 ? 'onclick="changeModuleAccess(this, -1, \'configure\');"' : 'disabled="disabled"').' /> '.$this->l('Configure').'
'.$this->l('No modules installed').'
» '.$module['name'].'	tabAccess['edit'] == 1 ? 'onclick="changeModuleAccess(this, '.(int)$module['id_module'].', \'view\');"' : 'disabled="disabled"').' />	tabAccess['edit'] == 1 ? 'onclick="changeModuleAccess(this, '.(int)$module['id_module'].', \'configure\');"' : 'disabled="disabled"').' />

'; } }