# -*- coding: utf-8 -*- class AccessController < ApplicationController # Конструктор before_filter :construct def construct # класс UserAccessWork находится в controlles/aplications.rb # Темп usersInfo = ApplicationHelper::UsersDB.new # Получаем ID сотрудника, пришедшего с интранета @empl_id = UserAccessWork.getUserId(session[:user]) # Получаем права доступа empl_access = UserAccessWork.getUserAccess(@empl_id) # Проверяем админ или супер юзер @isAdmin = UserAccessWork.isAdmin(@empl_id) @isSuperUser = UserAccessWork.isSuperUser(@empl_id, @searchDepartment) if(empl_access) # Расшифровываем права доступа @isRead = UserAccessWork.isRead(empl_access) @isWrite = UserAccessWork.isWrite(empl_access) @isDelete = UserAccessWork.isDelete(empl_access) end # Checking .... # параметр d отвечает за название отдела, например 'private', если его нет выводить ошибку # if(params[:d]===nil) then @searchDepartment = '' else @searchDepartment = params[:d].gsub(/[^a-z]/, '') end if(@isAdmin) # if(params[:d]===nil) then @searchDepartment = '' else @searchDepartment = params[:d].gsub(/[^a-z]/, '') end if(params[:d]===nil) then @searchDepartment = '' else @searchDepartment = params[:d] end else # if(cookies[:sys_dep]===nil) then @searchDepartment = '' else @searchDepartment = cookies[:sys_dep].gsub(/[^a-z]/, '') end if(cookies[:sys_dep]===nil) then @searchDepartment = '' else @searchDepartment = cookies[:sys_dep] end end # Получаем группу в котрой состоит сотрудник @employeeDepartment = ApplicationHelper::UsersDB.getEmplDep(@empl_id) employeeDepartment_id = @employeeDepartment[0]['department_id'].to_s # Получаем сотрудников @employeesAll = usersInfo.getAllEmployees("*") @employeesGroup = usersInfo.getAllEmployees(employeeDepartment_id) end def index @error = "" if(!@isAdmin) if(@isSuperUser) if(@searchDepartment!='') checkDeparment = UserAccessWork.isSetDepAccess(@searchDepartment) if(checkDeparment == false) redirect_to :action => "error", :code=>2 else redirect_to :action => "edit", :d => @searchDepartment end else redirect_to :action => "error", :code=>1 end else redirect_to :action => "error", :code=>0 end end end def edit # темп массив для поиска повторений сотрудников getEmployees = '' # массив для результата @allEmployees=[] # Checking.... if(@isAdmin || @isSuperUser) if(@searchDepartment=='') redirect_to :action => "error", :code=>1 end else redirect_to :action => "error", :code=>0 end #### i=0 #for res in @employeesGroup # if(res['empl_id']!=nil) # empl_id = res['empl_id'].to_i # @allEmployees[i] = res # getEmployees += ""+empl_id.to_s+"," # else # empl_id=0 # end # # # Запрашивам права юзера # if(empl_id>0) # access = UserAccessWork.getDataUserAccess(empl_id) # @allEmployees[i]['access'] = access # # end # i+=1 #end #i+=1 # запрашиваем тех кто также имеет права, но не в отделе с суперюзером allOtherEmployeeAccess = UserAccessWork.getAllOtherUserAccess(@searchDepartment) if(allOtherEmployeeAccess != false) # @allEmployees[i]['empl_id'] = '-5' # @allEmployees[i]['login'] = 'Дополнительные сотрудники' i+=1 for res in allOtherEmployeeAccess empl_id = res['empl_id'].to_i if(empl_id>0 && getEmployees.scan(""+empl_id.to_s+"").size==0) @allEmployees[i] = ApplicationHelper::UsersDB.getEmployeeInfo(empl_id) access = UserAccessWork.getDataUserAccess(empl_id) @allEmployees[i]['access'] = access i+=1 end end end @allEmployees = @allEmployees.compact end def save employees = params[:employees].compact.uniq all_access = params[:access].compact.uniq if(employees!=nil && all_access!=nil) for empl_id in employees isEmployeeAdmin = UserAccessWork.isAdmin(empl_id) if(!isEmployeeAdmin) # Ищем права isSuperUser = all_access.include?(""+empl_id+"_s") isRead = all_access.include?(""+empl_id+"_r") isWrite = all_access.include?(""+empl_id+"_w") isDelete = all_access.include?(""+empl_id+"_x") # delete UserAccessWork.delEmployeeAccess(empl_id, @searchDepartment) # проверка / сохранение if(isSuperUser || isRead || isWrite || isDelete) # get user info employee_info = ApplicationHelper::UsersDB.getEmployeeInfo(empl_id) # save data to DB sv_access = UserAccessWork.new sv_access.empl_id = empl_id.to_s sv_access.empl_name = employee_info['login'].to_s sv_access.empl_department_id = employee_info['department_id'].to_s sv_access.department = @searchDepartment.to_s if(isSuperUser) then sv_access.access_superuser = '1' end if(isRead) then sv_access.access_read = '1' end if(isWrite) then sv_access.access_write = '1' end if(isDelete) then sv_access.access_delete = '1' end sv_access.who_set = empl_id.to_s sv_access.save end end end end # Новый сотрудник employee_new = params[:employee_new] access_new = params[:access_new] if(employee_new!=nil && access_new!=nil) if(employee_new.to_i>0) # Ищем права isSuperUser = access_new.include?("s") isRead = access_new.include?("r") isWrite = access_new.include?("w") isDelete = access_new.include?("x") # проверка / сохранение if(isSuperUser || isRead || isWrite || isDelete) empl_id = employee_new # get user info employee_info = ApplicationHelper::UsersDB.getEmployeeInfo(empl_id) # delete UserAccessWork.delEmployeeAccess(empl_id, @searchDepartment) # save data to DB sv_access = UserAccessWork.new sv_access.empl_id = empl_id.to_s sv_access.empl_name = employee_info['login'].to_s sv_access.empl_department_id = employee_info['department_id'].to_s sv_access.department = @searchDepartment.to_s if(isSuperUser) then sv_access.access_superuser = '1' end if(isRead) then sv_access.access_read = '1' end if(isWrite) then sv_access.access_write = '1' end if(isDelete) then sv_access.access_delete = '1' end sv_access.who_set = empl_id.to_s sv_access.save end end end redirect_to :action => "edit" end def error code = params[:code].gsub(/[^0-9]/, '') # Ошибки @error = 'Ошибка код: 111.' @error = "У вас недостаточно прав для просмотра этой страницы!" end end