Skip to content

Commit

Permalink
[Statistics/Behavioural] Detailed View and Double Data Entry - Site p…
Browse files Browse the repository at this point in the history 
…ermission fix (aces#6861)

Code refactorization of the functions _hasAccess and _checkCriteria.
Adds per projects permissions restrictions.

A user with permission data_entry should be now able to access the 'breakdown per participant' only for the sites and projects it have access to.

    Resolves aces#6659
  • Loading branch information
@racostas @spell00
racostas authored and spell00 committed Aug 13, 2020
1 parent ff9cfba commit ce4a3f0
Show file tree
Hide file tree
Showing 2 changed files with 54 additions and 49 deletions.
20 changes: 0 additions & 20 deletions modules/statistics/php/statistics_dd_site.class.inc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,26 +29,6 @@ class Statistics_DD_Site extends statistics_site
var $query_criteria = '';
var $query_vars = [];

/**
* CheckCriteria function
*
* @param string $centerID the value of centerID
* @param string $projectID the value of projectID
*
* @return void
*/
function _checkCriteria($centerID, $projectID)
{
if (!empty($centerID)) {
$this->query_criteria .= " AND s.CenterID =:cid ";
$this->query_vars['cid'] = $centerID;
}
if (!empty($projectID)) {
$this->query_criteria .= " AND s.ProjectID =:pid ";
$this->query_vars['pid'] = $projectID;
}
}

/**
* Notexcluded function
*
Expand Down
83 changes: 54 additions & 29 deletions modules/statistics/php/statistics_site.class.inc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ class Statistics_Site extends \NDB_Menu
*/
function _hasAccess(\User $user) : bool
{
<<<<<<< ff9cfba5feee88a24470e463aef0117915aff1a4
//TODO: Create a permission specific to statistics
$hasAccessToAllProfiles = $user->hasAllPermissions(
[
Expand Down Expand Up @@ -87,6 +88,11 @@ class Statistics_Site extends \NDB_Menu

return $hasAccessToAllProfiles || $hasCenterPermission;

=======
//TODO: To create a permission specific to statistics
return( $user->hasPermission('access_all_profiles')
|| $user->hasPermission('data_entry'));
>>>>>>> [Statistics/Behavioural] Detailed View and Double Data Entry - Site permission fix (#6861)
}

/**
Expand All @@ -99,57 +105,76 @@ class Statistics_Site extends \NDB_Menu
*/
function _checkCriteria($centerID, $projectID)
{
// TODO: There are no means of set permissions per site
// for a given user right now: (e.g.) The user X can have
// the permission data_entry on site Y but not on site Z.
// Currently, hasCenterPermission() function is only checking
// if the user have a given center AND a given permission
// not if it have the permission for this specific center.
// This logic will be implemented in hasCenterPermission()
// in near versions when the permission framework allow it

// The filter _checkCriteria() takes care of restricting
// the user access only to the sites it belongs to.
// When logic reimplemented on hasCenterPermission(),
// _checkCriteria() will take care of retriving information
// only for those centers the user has the specific permission.
//SITES

if (!empty($centerID)) {
$factory = \NDB_Factory::singleton();
$user = $factory->user();

if (!empty($centerID) && $user->hasCenter($centerID)) {
$this->query_criteria .= " AND s.CenterID =:cid ";
$this->query_vars['cid'] = $centerID;
} else {
<<<<<<< ff9cfba5feee88a24470e463aef0117915aff1a4
$list_of_permitted_sites = (array) null;
$currentUser = \NDB_Factory::singleton()->user();
=======
$list_of_permitted_sites = array();
>>>>>>> [Statistics/Behavioural] Detailed View and Double Data Entry - Site permission fix (#6861)

if ($currentUser->hasPermission('access_all_profiles')) {
if ($user->hasPermission('access_all_profiles')) {
$list_of_permitted_sites = array_keys(\Utility::getSiteList());
} else {
foreach ($currentUser->getCenterIDs() as $centerID) {
if ($currentUser->hasCenterPermission(
'data_entry',
intval($centerID)
)
) {
array_push($list_of_permitted_sites, $centerID);
}
}
$list_of_permitted_sites = array_keys($user->getStudySites());
}

<<<<<<< ff9cfba5feee88a24470e463aef0117915aff1a4
$params = [];
$centerIDs = [];
foreach ($list_of_permitted_sites as $key => $siteID) {
$params[] = ":id$key";
$centerIDs["id$key"] = $siteID;
=======
if (!empty($list_of_permitted_sites)) {
$paramCenters = array();
$centerIDs = array();
foreach ($list_of_permitted_sites as $key => $siteID) {
$paramCenters[] = ":paramSiteID$key";
$centerIDs["paramSiteID$key"] = $siteID;
}
$this->query_criteria .= "AND (s.CenterID IS NULL
OR s.CenterID IN
(" . implode(',', $paramCenters) . ")
)";
$this->query_vars += $centerIDs;
} else {
$this->query_criteria .= "AND (s.CenterID IS NULL)";
>>>>>>> [Statistics/Behavioural] Detailed View and Double Data Entry - Site permission fix (#6861)
}

$this->query_criteria .=
" AND s.CenterID IN (" . implode(',', $params) . ")";
$this->query_vars += $centerIDs;
}

if (!empty($projectID)) {
// PROJECTS

if (!empty($projectID) && $user->hasProject($projectID)) {
$this->query_criteria .= " AND s.ProjectID =:pid ";
$this->query_vars['pid'] = $projectID;
} else {
$userProjectsIDs = $user->getData('ProjectIDs');
if (!empty($userProjectsIDs)) {
$paramProjects = array();
$projectsIDs = array();
foreach ($userProjectsIDs as $key => $projectID) {
$paramProjects[] = ":paramProjectID$key";
$projectsIDs["paramProjectID$key"] = $projectID;
}
$this->query_criteria .= "AND (s.ProjectID IS NULL
OR s.ProjectID IN
(" . implode(',', $paramProjects) . ")
)";
$this->query_vars += $projectsIDs;
} else {
$this->query_criteria .= "AND (s.ProjectID IS NULL)";
}
}
}

Expand Down

0 comments on commit ce4a3f0

Please sign in to comment.