Fixed the acl tags with groups without tags. Ticket: #1611

(cherry picked from commit 668d029047)
This commit is contained in:
mdtrooper 2014-12-04 13:03:37 +01:00
parent 452693e9df
commit bd9edbd3b7
1 changed files with 31 additions and 14 deletions

View File

@ -636,8 +636,11 @@ function tags_get_tags_formatted ($tags_array, $get_url = true) {
* @return mixed/string Tag ids * @return mixed/string Tag ids
*/ */
function tags_get_acl_tags($id_user, $id_group, $access = 'AR', $return_mode = 'module_condition', $query_prefix = '', $query_table = '', $meta = false, $childrens_ids = array(), $force_group_and_tag = false) { function tags_get_acl_tags($id_user, $id_group, $access = 'AR',
$return_mode = 'module_condition', $query_prefix = '',
$query_table = '', $meta = false, $childrens_ids = array(),
$force_group_and_tag = false) {
global $config; global $config;
if ($id_user == false) { if ($id_user == false) {
@ -673,13 +676,13 @@ function tags_get_acl_tags($id_user, $id_group, $access = 'AR', $return_mode = '
if ($id_group[0] != 0) { if ($id_group[0] != 0) {
$id_group = groups_get_all_hierarchy_group ($id_group[0]); $id_group = groups_get_all_hierarchy_group ($id_group[0]);
} }
$acl_column = get_acl_column($access); $acl_column = get_acl_column($access);
if (empty($acl_column)) { if (empty($acl_column)) {
return ERR_WRONG_PARAMETERS; return ERR_WRONG_PARAMETERS;
} }
$query = sprintf("SELECT tags, id_grupo $query = sprintf("SELECT tags, id_grupo
FROM tusuario_perfil, tperfil FROM tusuario_perfil, tperfil
WHERE tperfil.id_perfil = tusuario_perfil.id_perfil AND WHERE tperfil.id_perfil = tusuario_perfil.id_perfil AND
@ -688,7 +691,7 @@ function tags_get_acl_tags($id_user, $id_group, $access = 'AR', $return_mode = '
(tusuario_perfil.id_grupo IN (%s) OR tusuario_perfil.id_grupo = 0) (tusuario_perfil.id_grupo IN (%s) OR tusuario_perfil.id_grupo = 0)
ORDER BY id_grupo", $id_user, $acl_column, implode(',',$id_group)); ORDER BY id_grupo", $id_user, $acl_column, implode(',',$id_group));
$tags = db_get_all_rows_sql($query); $tags = db_get_all_rows_sql($query);
// If not profiles returned, the user havent acl permissions // If not profiles returned, the user havent acl permissions
if (empty($tags)) { if (empty($tags)) {
return ERR_ACL; return ERR_ACL;
@ -755,14 +758,14 @@ function tags_get_acl_tags($id_user, $id_group, $access = 'AR', $return_mode = '
// Return the condition of the tags for tagente_modulo table // Return the condition of the tags for tagente_modulo table
$condition = tags_get_acl_tags_module_condition($acltags, $query_table); $condition = tags_get_acl_tags_module_condition($acltags, $query_table);
if (!empty($condition)) { if (!empty($condition)) {
return " $query_prefix ".$condition; return " $query_prefix " . $condition;
} }
break; break;
case 'event_condition': case 'event_condition':
// Return the condition of the tags for tevento table // Return the condition of the tags for tevento table
$condition = tags_get_acl_tags_event_condition($acltags, $meta, $force_group_and_tag); $condition = tags_get_acl_tags_event_condition($acltags, $meta, $force_group_and_tag);
if(!empty($condition)) { if (!empty($condition)) {
return " $query_prefix "."(".$condition.")"; return " $query_prefix " . "(" . $condition . ")";
} }
break; break;
} }
@ -784,7 +787,7 @@ function tags_get_acl_tags_module_condition($acltags, $modules_table = '') {
} }
$condition = ''; $condition = '';
// Fix: Wrap SQL expression with "()" to avoid bad SQL sintax that makes Pandora retrieve all modules without taking care of id_agent => id_agent = X AND (sql_tag_expression) // Fix: Wrap SQL expression with "()" to avoid bad SQL sintax that makes Pandora retrieve all modules without taking care of id_agent => id_agent = X AND (sql_tag_expression)
$i = 0; $i = 0;
foreach ($acltags as $group_id => $group_tags) { foreach ($acltags as $group_id => $group_tags) {
@ -796,8 +799,12 @@ function tags_get_acl_tags_module_condition($acltags, $modules_table = '') {
if ($i == 0) if ($i == 0)
$condition .= ' ( '; $condition .= ' ( ';
// Group condition (The module belongs to an agent of the group X) // Group condition (The module belongs to an agent of the group X)
// Juanma (08/05/2014) Fix: Now group and tag is checked at the same time, before only tag was checked due to a bad condition // Juanma (08/05/2014) Fix: Now group and tag is checked at the same time, before only tag was checked due to a bad condition
if (!array_key_exists(0, $acltags)) { if (!array_key_exists(0, $acltags)) {
// Juanma (08/05/2014) Fix: get all groups recursively (Acl proc func!) // Juanma (08/05/2014) Fix: get all groups recursively (Acl proc func!)
$group_condition = sprintf('%sid_agente IN (SELECT id_agente FROM tagente WHERE id_grupo IN (%s))', $modules_table, implode(',', array_values(groups_get_id_recursive($group_id)))); $group_condition = sprintf('%sid_agente IN (SELECT id_agente FROM tagente WHERE id_grupo IN (%s))', $modules_table, implode(',', array_values(groups_get_id_recursive($group_id))));
@ -806,10 +813,20 @@ function tags_get_acl_tags_module_condition($acltags, $modules_table = '') {
//Avoid the user profiles with all group access. //Avoid the user profiles with all group access.
$group_condition = " 1 = 1 "; $group_condition = " 1 = 1 ";
} }
// Tags condition (The module has at least one of the restricted tags)
$tags_condition = sprintf('%sid_agente_modulo IN (SELECT id_agente_modulo FROM ttag_module WHERE id_tag IN (%s))', $modules_table, implode(',',$group_tags));
$condition .= "($group_condition AND \n$tags_condition)\n";
//When the acl is only group without tags
if (empty($group_tags)) {
$condition .= "($group_condition)\n";
}
else {
// Tags condition (The module has at least one of the restricted tags)
$tags_condition = sprintf('%sid_agente_modulo IN (SELECT id_agente_modulo FROM ttag_module WHERE id_tag IN (%s))', $modules_table, implode(',',$group_tags));
$condition .= "($group_condition AND \n$tags_condition)\n";
}
$i++; $i++;
} }
@ -817,7 +834,7 @@ function tags_get_acl_tags_module_condition($acltags, $modules_table = '') {
// Fix: Wrap SQL expression with "()" to avoid bad SQL sintax that makes Pandora retrieve all modules without taking care of id_agent => id_agent = X AND (sql_tag_expression) // Fix: Wrap SQL expression with "()" to avoid bad SQL sintax that makes Pandora retrieve all modules without taking care of id_agent => id_agent = X AND (sql_tag_expression)
if (!empty($acltags)) if (!empty($acltags))
$condition .= ' ) '; $condition .= ' ) ';
//Avoid the user profiles with all group access. //Avoid the user profiles with all group access.
//if (!empty($condition)) { //if (!empty($condition)) {
if (!empty($condition) && if (!empty($condition) &&