dinislage/PrestaShop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d8a1dca660b91b9dffede9255abc85721f315668
PrestaShop/controllers/admin/AdminEmployeesController.php
rGaillard d8a1dca660 // demo mode
2013-11-29 17:00:50 +01:00

502 lines
16 KiB
PHP
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<?php
/*
* 2007-2013 PrestaShop
*
* NOTICE OF LICENSE
*
* This source file is subject to the Open Software License (OSL 3.0)
* that is bundled with this package in the file LICENSE.txt.
* It is also available through the world-wide-web at this URL:
* http://opensource.org/licenses/osl-3.0.php
* If you did not receive a copy of the license and are unable to
* obtain it through the world-wide-web, please send an email
* to license@prestashop.com so we can send you a copy immediately.
*
* DISCLAIMER
*
* Do not edit or add to this file if you wish to upgrade PrestaShop to newer
* versions in the future. If you wish to customize PrestaShop for your
* needs please refer to http://www.prestashop.com for more information.
*
* @author PrestaShop SA <contact@prestashop.com>
* @copyright 2007-2013 PrestaShop SA
* @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
* International Registered Trademark & Property of PrestaShop SA
*/
class AdminEmployeesControllerCore extends AdminController
{
/** @var array profiles list */
protected $profiles_array = array();
/** @var array themes list*/
protected $themes = array();
/** @var array tabs list*/
protected $tabs_list = array();
protected $restrict_edition = false;
public function __construct()
{
$this->table = 'employee';
$this->className = 'Employee';
$this->lang = false;
$this->addRowAction('edit');
$this->addRowAction('delete');
$this->context = Context::getContext();
$this->bulk_actions = array('delete' => array('text' => $this->l('Delete selected'), 'confirm' => $this->l('Delete selected items?')));
/*
check if there are more than one superAdmin
if it's the case then we can delete a superAdmin
*/
$super_admin = Employee::countProfile(_PS_ADMIN_PROFILE_, true);
if ($super_admin == 1)
{
$super_admin_array = Employee::getEmployeesByProfile(_PS_ADMIN_PROFILE_, true);
$super_admin_id = array();
foreach ($super_admin_array as $key => $val)
$super_admin_id[] = $val['id_employee'];
$this->addRowActionSkipList('delete', $super_admin_id);
}
$profiles = Profile::getProfiles($this->context->language->id);
if (!$profiles)
$this->errors[] = Tools::displayError('No profile.');
else
foreach ($profiles as $profile)
$this->profiles_array[$profile['name']] = $profile['name'];
$this->fields_list = array(
'id_employee' => array('title' => $this->l('ID'), 'align' => 'center', 'width' => 25),
'lastname' => array('title' => $this->l('Last Name'), 'width' => 'auto'),
'firstname' => array('title' => $this->l('First Name'), 'width' => 130),
'email' => array('title' => $this->l('Email address'), 'width' => 180),
'profile' => array('title' => $this->l('Profile'), 'width' => 90, 'type' => 'select', 'list' => $this->profiles_array, 'filter_key' => 'pl!name'),
'active' => array('title' => $this->l('Can log in'), 'align' => 'center', 'active' => 'status', 'type' => 'bool', 'width' => 30),
);
$this->fields_options = array(
'general' => array(
'title' => $this->l('Employee options'),
'fields' => array(
'PS_PASSWD_TIME_BACK' => array(
'title' => $this->l('Password regeneration'),
'desc' => $this->l('Security: Minimum time to wait between two password changes.'),
'cast' => 'intval',
'size' => 5,
'type' => 'text',
'suffix' => ' '.$this->l('minutes'),
'visibility' => Shop::CONTEXT_ALL
),
'PS_BO_ALLOW_EMPLOYEE_FORM_LANG' => array(
'title' => $this->l('Memorize the language used in Admin panel forms'),
'desc' => $this->l('Allow employees to select a specific language for the Admin panel form.'),
'cast' => 'intval',
'type' => 'select',
'identifier' => 'value',
'list' => array(
'0' => array('value' => 0, 'name' => $this->l('No')),
'1' => array('value' => 1, 'name' => $this->l('Yes')
)
), 'visibility' => Shop::CONTEXT_ALL)
),
'submit' => array()
)
);
$path = _PS_ADMIN_DIR_.'/themes/';
foreach (scandir($path) as $theme)
if ($theme[0] != '.' && is_dir($path.$theme) && file_exists($path.$theme.'/css/admin.css'))
$this->themes[] = $theme;
$home_tab = Tab::getInstanceFromClassName('adminHome');
$this->tabs_list[$home_tab->id] = array(
'name' => $home_tab->name[$this->context->language->id],
'id_tab' => $home_tab->id,
'children' => array(array('id_tab' =>$home_tab->id, 'name' => $home_tab->name[$this->context->language->id])));
foreach (Tab::getTabs($this->context->language->id, 0) as $tab)
{
if (Tab::checkTabRights($tab['id_tab']))
{
$this->tabs_list[$tab['id_tab']] = $tab;
foreach (Tab::getTabs($this->context->language->id, $tab['id_tab']) as $children)
if (Tab::checkTabRights($children['id_tab']))
$this->tabs_list[$tab['id_tab']]['children'][] = $children;
}
}
parent::__construct();
// An employee can edit its own profile
if ($this->context->employee->id == Tools::getValue('id_employee'))
{
$this->tabAccess['view'] = '1';
if (!$this->tabAccess['edit'])
$this->restrict_edition = true;
$this->tabAccess['edit'] = '1';
}
}
public function renderList()
{
$this->_select = 'pl.`name` AS profile';
$this->_join = 'LEFT JOIN `'._DB_PREFIX_.'profile` p ON a.`id_profile` = p.`id_profile`
LEFT JOIN `'._DB_PREFIX_.'profile_lang` pl ON (pl.`id_profile` = p.`id_profile` AND pl.`id_lang` = '.(int)$this->context->language->id.')';
return parent::renderList();
}
public function renderForm()
{
if (!($obj = $this->loadObject(true)))
return;
$available_profiles = Profile::getProfiles($this->context->language->id);
if ($obj->id_profile == _PS_ADMIN_PROFILE_ && $this->context->employee->id_profile != _PS_ADMIN_PROFILE_)
{
$this->errors[] = Tools::displayError('You cannot edit the SuperAdmin profile.');
return parent::renderForm();
}
$this->fields_form = array(
'legend' => array(
'title' => $this->l('Employees'),
'image' => '../img/admin/nav-user.gif'
),
'input' => array(
array(
'type' => 'text',
'label' => $this->l('First Name:'),
'name' => 'firstname',
'size' => 33,
'required' => true
),
array(
'type' => 'text',
'label' => $this->l('Last Name:'),
'name' => 'lastname',
'size' => 33,
'required' => true
),
array(
'type' => 'password',
'label' => $this->l('Password:'),
'name' => 'passwd',
'required' => true,
'size' => 33,
'desc' => ($obj->id ?
$this->l('Leave this field blank if you do not want to change your password.') :
$this->l('Minimum of eight characters'))
),
array(
'type' => 'text',
'label' => $this->l('Email address:'),
'name' => 'email',
'size' => 33,
'required' => true
),
array(
'type' => 'color',
'label' => $this->l('Admin panel color:'),
'name' => 'bo_color',
'class' => 'color mColorPickerInput',
'size' => 20,
'desc' => $this->l('Admin panel background will be displayed in this color (HTML colors only).').' "lightblue", "#CC6600")'
),
array(
'type' => 'default_tab',
'label' => $this->l('Default page:'),
'name' => 'default_tab',
'desc' => $this->l('This page will be displayed just after login'),
'options' => $this->tabs_list
),
array(
'type' => 'text',
'label' => $this->l('Back Office width'),
'name' => 'bo_width',
'size' => 10,
'desc' => $this->l('Back Office width, in pixels. The value "0" means that the Back Office width will be flexible.')
),
array(
'type' => 'select',
'label' => $this->l('Language:'),
'name' => 'id_lang',
'required' => true,
'options' => array(
'query' => Language::getLanguages(false),
'id' => 'id_lang',
'name' => 'name'
)
),
array(
'type' => 'select_theme',
'label' => $this->l('Theme:'),
'name' => 'bo_theme',
'options' => array('query' => $this->themes),
'desc' => $this->l('Back Office theme')
),
array(
'type' => 'radio',
'label' => $this->l('Show screencast at login:'),
'name' => 'bo_show_screencast',
'desc' => $this->l('Display the welcome video in the Admin panel dashboard at log in.'),
'required' => false,
'class' => 't',
'is_bool' => true,
'values' => array(
array(
'id' => 'bo_show_screencast_on',
'value' => 1,
'label' => $this->l('Enabled')
),
array(
'id' => 'bo_show_screencast_off',
'value' => 0,
'label' => $this->l('Disabled')
)
)
)
)
);
if ((int)$this->tabAccess['edit'] && !$this->restrict_edition)
{
$this->fields_form['input'][] = array(
'type' => 'radio',
'label' => $this->l('Status:'),
'name' => 'active',
'required' => false,
'class' => 't',
'is_bool' => true,
'values' => array(
array(
'id' => 'active_on',
'value' => 1,
'label' => $this->l('Enabled')
),
array(
'id' => 'active_off',
'value' => 0,
'label' => $this->l('Disabled')
)
),
'desc' => $this->l('Allow or disallow this employee to log into the Admin panel.')
);
// if employee is not SuperAdmin (id_profile = 1), don't make it possible to select the admin profile
if ($this->context->employee->id_profile != _PS_ADMIN_PROFILE_)
foreach ($available_profiles as $i => $profile)
if ($available_profiles[$i]['id_profile'] == _PS_ADMIN_PROFILE_)
{
unset($available_profiles[$i]);
break;
}
$this->fields_form['input'][] = array(
'type' => 'select',
'label' => $this->l('Profile Permission:'),
'name' => 'id_profile',
'required' => true,
'options' => array(
'query' => $available_profiles,
'id' => 'id_profile',
'name' => 'name',
'default' => array(
'value' => '',
'label' => $this->l('-- Choose --')
)
)
);
if (Shop::isFeatureActive())
{
$this->context->smarty->assign('_PS_ADMIN_PROFILE_', (int)_PS_ADMIN_PROFILE_);
$this->fields_form['input'][] = array(
'type' => 'shop',
'label' => $this->l('Shop association:'),
'desc' => $this->l('Select the shops the employee is allowed to access'),
'name' => 'checkBoxShopAsso',
);
}
}
$this->fields_form['submit'] = array(
'title' => $this->l('Save '),
'class' => 'button'
);
$this->fields_value['passwd'] = false;
if (empty($obj->id))
$this->fields_value['id_lang'] = $this->context->language->id;
return parent::renderForm();
}
protected function _childValidation()
{
if (!($obj = $this->loadObject(true)))
return false;
$email = $this->getFieldValue($obj, 'email');
if (Validate::isEmail($email) && Employee::employeeExists($email) && (!Tools::getValue('id_employee') || ($employee = new Employee((int)Tools::getValue('id_employee'))) && $employee->email != $email))
$this->errors[] = Tools::displayError('An account already exists for this email address:').' '.$email;
}
public function postProcess()
{
/* PrestaShop demo mode */
if ((Tools::isSubmit('deleteemployee') || Tools::isSubmit('status') || Tools::isSubmit('statusemployee') || Tools::isSubmit('submitAddemployee')) && _PS_MODE_DEMO_)
{
$this->errors[] = Tools::displayError('This functionality has been disabled.');
return;
}
if (Tools::isSubmit('deleteemployee') || Tools::isSubmit('status') || Tools::isSubmit('statusemployee'))
{
if ($this->context->employee->id == Tools::getValue('id_employee'))
{
$this->errors[] = Tools::displayError('You cannot disable or delete your own account.');
return false;
}
$employee = new Employee(Tools::getValue('id_employee'));
if ($employee->isLastAdmin())
{
$this->errors[] = Tools::displayError('You cannot disable or delete the administrator account.');
return false;
}
// It is not possible to delete an employee if he manages warehouses
$warehouses = Warehouse::getWarehousesByEmployee((int)Tools::getValue('id_employee'));
if (Tools::isSubmit('deleteemployee') && count($warehouses) > 0)
{
$this->errors[] = Tools::displayError('You cannot delete this account because it manages warehouses. Check your warehouses first.');
return false;
}
}
elseif (Tools::isSubmit('submitAddemployee'))
{
$employee = new Employee((int)Tools::getValue('id_employee'));
// If the employee is editing its own account
if ($this->restrict_edition)
{
$_POST['id_profile'] = $_GET['id_profile'] = $employee->id_profile;
$_POST['active'] = $_GET['active'] = $employee->active;
// Unset set shops
foreach ($_POST as $postkey => $postvalue)
if (strstr($postkey, 'checkBoxShopAsso_'.$this->table) !== false)
unset($_POST[$postkey]);
foreach ($_GET as $postkey => $postvalue)
if (strstr($postkey, 'checkBoxShopAsso_'.$this->table) !== false)
unset($_GET[$postkey]);
// Add current shops associated to the employee
$result = Shop::getShopById((int)$employee->id, $this->identifier, $this->table);
foreach ($result as $row)
{
$key = 'checkBoxShopAsso_'.$this->table;
if (!isset($_POST[$key]))
$_POST[$key] = array();
if (!isset($_GET[$key]))
$_GET[$key] = array();
$_POST[$key][$row['id_shop']] = 1;
$_GET[$key][$row['id_shop']] = 1;
}
}
//if profile is super admin, manually fill checkBoxShopAsso_employee because in the form they are disabled.
if ($_POST['id_profile'] == _PS_ADMIN_PROFILE_)
{
$result = Db::getInstance()->executeS('SELECT id_shop FROM '._DB_PREFIX_.'shop');
foreach ($result as $row)
{
$key = 'checkBoxShopAsso_'.$this->table;
if (!isset($_POST[$key]))
$_POST[$key] = array();
if (!isset($_GET[$key]))
$_GET[$key] = array();
$_POST[$key][$row['id_shop']] = 1;
$_GET[$key][$row['id_shop']] = 1;
}
}
if ($employee->isLastAdmin())
{
if (Tools::getValue('id_profile') != (int)_PS_ADMIN_PROFILE_)
{
$this->errors[] = Tools::displayError('You should have at least one employee in the administrator group.');
return false;
}
if (Tools::getvalue('active') == 0)
{
$this->errors[] = Tools::displayError('You cannot disable or delete the administrator account.');
return false;
}
}
if (!in_array(Tools::getValue('bo_theme'), $this->themes))
{
$this->errors[] = Tools::displayError('Invalid theme');
return false;
}
$assos = $this->getSelectedAssoShop($this->table);
if (!$assos && $this->table = 'employee')
if (Shop::isFeatureActive() && _PS_ADMIN_PROFILE_ != $_POST['id_profile'])
$this->errors[] = Tools::displayError('The employee must be associated with at least one shop.');
}
return parent::postProcess();
}
public function initContent()
{
if ($this->context->employee->id == Tools::getValue('id_employee'))
$this->display = 'edit';
return parent::initContent();
}
protected function afterUpdate($object)
{
$res = parent::afterUpdate($object);
// Update cookie if needed
if (Tools::getValue('id_employee') == $this->context->employee->id && Tools::getValue('passwd') && $object->passwd != $this->context->employee->passwd)
$this->context->cookie->passwd = $this->context->employee->passwd = $object->passwd;
return $res;
}
protected function ajaxProcessFormLanguage()
{
$this->context->cookie->employee_form_lang = (int)Tools::getValue('form_language_id');
if (!$this->context->cookie->write())
die ('Error while updating cookie.');
die ('Form language updated.');
}
public function ajaxProcessGetTabByIdProfile()
{
$id_profile = Tools::getValue('id_profile');
$tabs = Tab::getTabByIdProfile(0, $id_profile);
$this->tabs_list = array();
foreach ($tabs as $tab)
{
if (Tab::checkTabRights($tab['id_tab']))
{
$this->tabs_list[$tab['id_tab']] = $tab;
foreach (Tab::getTabByIdProfile($tab['id_tab'], $id_profile) as $children)
if (Tab::checkTabRights($children['id_tab']))
$this->tabs_list[$tab['id_tab']]['children'][] = $children;
}
}
die(Tools::jsonEncode($this->tabs_list));
}
}
Reference in New Issue View Git Blame Copy Permalink