Spaces:

kenken999
/

processmaker-community

Sleeping

App Files Files Community

processmaker-community / processmaker-files /workflow /engine /methods /tools /methodsPermissions_Ajax.php

kenken999

Upload folder using huggingface_hub

07c3cdd verified 24 days ago

Raw

History Blame Contribute Delete

10.5 kB

	<?php
	/**
	* methodsPermissions_Ajax.php
	*
	* ProcessMaker Open Source Edition
	* Copyright (C) 2004 - 2008 Colosa Inc.23
	*
	* This program is free software: you can redistribute it and/or modify
	* it under the terms of the GNU Affero General Public License as
	* published by the Free Software Foundation, either version 3 of the
	* License, or (at your option) any later version.
	*
	* This program is distributed in the hope that it will be useful,
	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	* GNU Affero General Public License for more details.
	*
	* You should have received a copy of the GNU Affero General Public License
	* along with this program. If not, see <http://www.gnu.org/licenses/>.
	*
	* For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
	* Coral Gables, FL, 33134, USA, or email info@colosa.com.
	*/

	define( 'GET_PERMISSION_REG_EXP', '/(G::\\sgenericForceLogin\\s\$\\s[\'"])(\\w+)([\'"]\\s,\\s[\'"].+[\'"],.+\$\\s)\|(\\$RBAC->userCanAccess\\s\$\\s[\'"])(\\w+)([\'"]\\s*\$)/i' );
	define( 'GET_PERMISSION_REG_EXP2', '/\\sif\\s\$\\s\\(\\s\\$RBAC_Response\\s=\\s\\$RBAC->userCanAccess\\s\\(\\s[\'"]\\w+[\'"]\\s\$\\s\\)\\s!=1\\s\\)\\sreturn(?:.)?;\\s*/i' );

	class phpFile extends webResource
	{

	function _get_permissions ($filename)
	{
	$aSource = file( $filename );
	$aOutSource = array ();
	$source = implode( '', $aSource );
	$regExp = GET_PERMISSION_REG_EXP;
	$permissions = array ();
	$lines = array ();
	$len = preg_match_all( $regExp, $source, $matches, PREG_OFFSET_CAPTURE );
	for ($r = 0; $r < $len; $r ++) {
	$match = $matches[0][$r][0];
	$permission = ($matches[2][$r][0] != '') ? $matches[2][$r][0] : $matches[5][$r][0];
	$toPrint = ($matches[2][$r][0] != '') ? (htmlentities( $matches[1][$r][0], ENT_QUOTES, 'utf-8' ) . '<b>' . htmlentities( $matches[2][$r][0], ENT_QUOTES, 'utf-8' ) . '</b>' . htmlentities( $matches[3][$r][0], ENT_QUOTES, 'utf-8' )) : (htmlentities( $matches[4][$r][0], ENT_QUOTES, 'utf-8' ) . '<b>' . htmlentities( $matches[5][$r][0], ENT_QUOTES, 'utf-8' ) . '</b>' . htmlentities( $matches[6][$r][0], ENT_QUOTES, 'utf-8' ));
	$row = $this->_getLine( $aSource, $matches[0][$r][1] );
	if (array_search( $permission, $permissions ) === false) {
	$permissions[] = $permission;
	$lines[] = $row;
	}
	//TODO: Need to htmlencode the rest of the line that is not in match. Ex. < ? php
	if ($row > 0)
	$aOutSource[$row - 1] = str_replace( $match, $toPrint, isset( $aOutSource[$row - 1] ) ? $aOutSource[$row - 1] : $aSource[$row - 1] );
	$aOutSource[$row] = str_replace( $match, $toPrint, isset( $aOutSource[$row] ) ? $aOutSource[$row] : $aSource[$row] );
	if ($row < (sizeof( $aSource ) - 1))
	$aOutSource[$row + 1] = str_replace( $match, $toPrint, isset( $aOutSource[$row + 1] ) ? $aOutSource[$row + 1] : $aSource[$row + 1] );
	}
	ksort( $aOutSource );
	$row0 = 0;
	$html = '';
	foreach ($aOutSource as $row => $line) {
	if (($row - 1) > $row0)
	$html .= $this->_printLine( $row, '...' );
	$html .= $this->_printLine( $row + 1, $line, true, $aSource[$row], $filename . '?' . $row );
	$row0 = $row;
	}
	return array (($html === '') ? 'Dont have RBAC validation!' : ('<table>' . $html . '</table>'),$permissions,$lines
	);
	}

	function get_permissions ($filename)
	{
	$res = $this->_get_permissions( $filename );
	return $res[0];
	}

	function modify_line ($filename, $row, $value)
	{
	$aSource = file( $filename );
	$line = $aSource[$row];
	$nl = (strlen( $line ) >= 2) && (substr( $line, - 2, 2 ) == "\r\n") ? "\r\n" : ((strlen( $line ) >= 1) && (substr( $line, - 1, 1 ) == "\n") ? "\n" : "");
	$aSource[$row] = $value . $nl;
	/Save change/
	$fp = fopen( $filename, 'w' );
	fwrite( $fp, implode( '', $aSource ) );
	fclose( $fp );
	/Format line/
	$regExp = GET_PERMISSION_REG_EXP;
	$line = $aSource[$row];
	$len = preg_match_all( $regExp, $line, $matches, PREG_OFFSET_CAPTURE );
	for ($r = 0; $r < $len; $r ++) {
	$match = $matches[0][$r][0];
	$toPrint = ($matches[2][$r][0] != '') ? (htmlentities( $matches[1][$r][0], ENT_QUOTES, 'utf-8' ) . '<b>' . htmlentities( $matches[2][$r][0], ENT_QUOTES, 'utf-8' ) . '</b>' . htmlentities( $matches[3][$r][0], ENT_QUOTES, 'utf-8' )) : (htmlentities( $matches[4][$r][0], ENT_QUOTES, 'utf-8' ) . '<b>' . htmlentities( $matches[5][$r][0], ENT_QUOTES, 'utf-8' ) . '</b>' . htmlentities( $matches[6][$r][0], ENT_QUOTES, 'utf-8' ));
	$line = str_replace( $match, $toPrint, $line );
	}
	return array ($line,$aSource[$row]
	);
	}

	function set_header ($filename, $value)
	{
	$aFields = array ("_FILENAME_" => basename( $filename )
	);
	$value = G::replaceDataField( $value, $aFields );
	$aOrigin = file( $filename );
	//It suposse that allway start with <?. or <?php
	$line = $aOrigin[0];
	$nl = (strlen( $line ) >= 2) && (substr( $line, - 2, 2 ) == "\r\n") ? "\r\n" : ((strlen( $line ) >= 1) && (substr( $line, - 1, 1 ) == "\n") ? "\n" : "");

	$codigo = implode( '', $aOrigin );
	$pattern = '/\/\[\w\W]+\ ' . 'ProcessMaker Open Source' . '[\w\W]+?\*\//i';
	if (preg_match( $pattern, $codigo )) {
	$codigo = preg_replace( $pattern, $value, $codigo );
	} else {
	$aSource = array ();
	$aSource[0] = $aOrigin[0];
	$aSource[1] = $value . $nl;
	for ($r = 1; $r < sizeof( $aOrigin ); $r ++) {
	$aSource[] = $aOrigin[$r];
	}
	$codigo = implode( '', $aSource );
	}
	/Save change/
	$fp = fopen( $filename, 'w' );
	fwrite( $fp, $codigo );
	fclose( $fp );
	return $this->get_permissions( $filename );
	}

	function add_permission ($filename, $value)
	{
	$aOrigin = file( $filename );
	//It suposse that allway start with <?. or <?php
	$aSource[0] = $aOrigin[0];
	$line = $aOrigin[0];
	$nl = (strlen( $line ) >= 2) && (substr( $line, - 2, 2 ) == "\r\n") ? "\r\n" : ((strlen( $line ) >= 1) && (substr( $line, - 1, 1 ) == "\n") ? "\n" : "");
	$aSource[1] = $value . $nl;
	for ($r = 1; $r < sizeof( $aOrigin ); $r ++) {
	$aSource[] = $aOrigin[$r];
	}
	/Save change/
	$fp = fopen( $filename, 'w' );
	fwrite( $fp, implode( '', $aSource ) );
	fclose( $fp );
	return $this->get_permissions( $filename );
	}

	function _getLine (&$aSource, $pos)
	{
	$i = 1;
	while ($pos > sizeof( $aSource[$i] )) {
	$pos -= strlen( $aSource[$i] );
	$i ++;
	}
	return $i - 1;
	}

	function _printLine ($row, $txt, $editable = false, $editValue = '', $name = '')
	{
	if ($editable) {
	return '<tr><td><input value="X" type="button" style="width:100%;" ' . ' name="' . htmlentities( $name, ENT_QUOTES, 'utf-8' ) . '"' . ' onclick="removeLine(this);"/></td>' . '<td class="treeContent" align="right">' . $row . '</td>
	<td class="treeNode"><span onclick="switchViewEdit(this,this.nextSibling);">' . $txt . '</span>' . '<input class="treeNode"' . ' name="' . htmlentities( $name, ENT_QUOTES, 'utf-8' ) . '"' . ' style="border:none;width:100%;display:none;"' . ' onblur="switchEditView(this.previousSibling,this);"' . ' value="' . htmlentities( $editValue, ENT_QUOTES, 'utf-8' ) . '"/></td></tr>';
	} else {
	return '<tr><td></td>' . '<td class="treeContent" align="right">' . $row . '</td>' . '<td class="treeNode">' . $txt . '</td></tr>';
	}
	}

	function set_permission ($filename, $permission)
	{
	list ($html, $permissions) = $this->_get_permissions( $filename );
	if (array_search( $permission, $permissions ) === false) {
	$this->add_permission( $filename, 'if (($RBAC_Response=$RBAC->userCanAccess("' . $permission . '"))!=1) return $RBAC_Response;' );
	}
	return $this->get_permissions( $filename );
	}

	function set_path_permission ($path, $permission)
	{
	$files = glob( $path . '*.php' );
	foreach ($files as $file) {
	$this->set_permission( $file, $permission );
	}
	}

	function set_path_header ($path, $header)
	{
	$files = glob( $path . '*.php' );
	$filesMod = array ();
	foreach ($files as $file) {
	$filesMod[] = $file;
	$this->set_header( $file, $header );
	}
	$dirs = glob( $path . '*', GLOB_MARK );
	foreach ($dirs as $dir) {
	if (substr( $dir, - 1, 1 ) == '/')
	$this->set_path_header( $dir, $header );
	}
	return $filesMod;
	}

	function remove_path_permission ($path, $permission)
	{
	$files = glob( $path . '*.php' );
	foreach ($files as $file) {
	$this->remove_permission( $file, $permission );
	}
	}

	function remove_line ($filename, $line)
	{
	$aSource = file( $filename );
	unset( $aSource[$line] );
	/Save change/
	$fp = fopen( $filename, 'w' );
	fwrite( $fp, implode( '', $aSource ) );
	fclose( $fp );
	return $this->get_permissions( $filename );
	}

	function remove_permission ($filename, $permission)
	{
	$aSource = file( $filename );
	list ($html, $permissions, $lines) = $this->_get_permissions( $filename );
	if (($row = array_search( $permission, $permissions )) !== false) {
	$line = $lines[$row];
	if (preg_match( GET_PERMISSION_REG_EXP2, $aSource[$line] )) {
	unset( $aSource[$line] );
	$msg = "Removed.";
	} else {
	$msg = "Can not be removed!";
	}
	}
	/Save change/
	$fp = fopen( $filename, 'w' );
	fwrite( $fp, implode( '', $aSource ) );
	fclose( $fp );
	return $this->get_permissions( $filename );
	}
	}
	$phpFile = new phpFile( 'methodsPermissions_Ajax', $_POST );