public static function canExportData($usr_id) { $prj_id = Auth::getCurrentProject(); if (User::isPartner($usr_id)) { $partner = Partner::canUserAccessFeature($usr_id, 'reports'); if (is_bool($partner)) { return $partner; } } return true; }
/** * Checks whether the given email address is allowed to send emails in the * issue ID. * * @param integer $issue_id The issue ID * @param string $sender_email The email address * @return boolean */ public static function isAllowedToEmail($issue_id, $sender_email) { $prj_id = Issue::getProjectID($issue_id); // check the workflow $workflow_can_email = Workflow::canEmailIssue($prj_id, $issue_id, $sender_email); if ($workflow_can_email != null) { return $workflow_can_email; } $is_allowed = true; $sender_usr_id = User::getUserIDByEmail($sender_email, true); if (empty($sender_usr_id)) { if (CRM::hasCustomerIntegration($prj_id)) { // check for a customer contact with several email addresses $crm = CRM::getInstance($prj_id); try { $contract = $crm->getContract(Issue::getContractID($issue_id)); $contact_emails = array_keys($contract->getContactEmailAssocList()); $contact_emails = array_map(function ($s) { return strtolower($s); }, $contact_emails); } catch (CRMException $e) { $contact_emails = array(); } if (!in_array(strtolower($sender_email), $contact_emails) && !Authorized_Replier::isAuthorizedReplier($issue_id, $sender_email)) { $is_allowed = false; } } else { if (!Authorized_Replier::isAuthorizedReplier($issue_id, $sender_email)) { $is_allowed = false; } } } else { // check if this user is not a customer and // also not in the assignment list for the current issue and // also not in the authorized repliers list // also not the reporter $details = Issue::getDetails($issue_id); if ($sender_usr_id == $details['iss_usr_id']) { $is_allowed = true; } elseif (User::isPartner($sender_usr_id) && in_array(User::getPartnerID($sender_usr_id), Partner::getPartnerCodesByIssue($issue_id))) { $is_allowed = true; } elseif (!Issue::canAccess($issue_id, $sender_usr_id) && !Authorized_Replier::isAuthorizedReplier($issue_id, $sender_email)) { $is_allowed = false; } elseif (!Authorized_Replier::isAuthorizedReplier($issue_id, $sender_email) && !Issue::isAssignedToUser($issue_id, $sender_usr_id) && User::getRoleByUser($sender_usr_id, Issue::getProjectID($issue_id)) != User::getRoleID('Customer')) { $is_allowed = false; } } return $is_allowed; }
/** * Method used to send email notifications for a given issue. * * @param integer $issue_id The issue ID * @param string $type The notification type * @param int $entry_id The entries id that was changed * @param bool $internal_only Whether the notification should only be sent to internal users or not * @param array $extra_recipients * @return bool */ public static function notify($issue_id, $type, $entry_id = null, $internal_only = false, $extra_recipients = null) { $prj_id = Issue::getProjectID($issue_id); $extra = array(); if ($extra_recipients) { foreach ($extra_recipients as $user) { $extra[] = array('sub_usr_id' => $user, 'sub_email' => ''); } } $emails = array(); $users = self::getUsersByIssue($issue_id, $type); if ($extra_recipients && count($extra) > 0) { $users = array_merge($users, $extra); } $user_emails = Project::getUserEmailAssocList(Issue::getProjectID($issue_id), 'active', User::ROLE_CUSTOMER); $user_emails = Misc::lowercase($user_emails); foreach ($users as $user) { if (empty($user['sub_usr_id'])) { if ($internal_only == false || in_array(strtolower($user['sub_email']), array_values($user_emails))) { $email = $user['sub_email']; } } else { $prefs = Prefs::get($user['sub_usr_id']); if (Auth::getUserID() == $user['sub_usr_id'] && (empty($prefs['receive_copy_of_own_action'][$prj_id]) || $prefs['receive_copy_of_own_action'][$prj_id] == false)) { continue; } // if we are only supposed to send email to internal users, check if the role is lower than standard user if ($internal_only == true && User::getRoleByUser($user['sub_usr_id'], Issue::getProjectID($issue_id)) < User::ROLE_USER) { continue; } if ($type == 'notes' && User::isPartner($user['sub_usr_id']) && !Partner::canUserAccessIssueSection($user['sub_usr_id'], 'notes')) { continue; } $email = User::getFromHeader($user['sub_usr_id']); } // now add it to the list of emails if (!empty($email) && !in_array($email, $emails)) { $emails[] = $email; } } // prevent the primary customer contact from receiving two emails about the issue being closed if ($type == 'closed') { if (CRM::hasCustomerIntegration($prj_id)) { $crm = CRM::getInstance($prj_id); $stmt = 'SELECT iss_customer_contact_id FROM {{%issue}} WHERE iss_id=?'; $customer_contact_id = DB_Helper::getInstance()->getOne($stmt, array($issue_id)); if (!empty($customer_contact_id)) { try { $contact = $crm->getContact($customer_contact_id); $contact_email = $contact->getEmail(); } catch (CRMException $e) { $contact_email = ''; } foreach ($emails as $i => $email) { $email = Mail_Helper::getEmailAddress($email); if ($email == $contact_email) { unset($emails[$i]); $emails = array_values($emails); break; } } } } } if (!$emails) { return null; } $headers = false; switch ($type) { case 'closed': $data = Issue::getDetails($issue_id); $data['closer_name'] = User::getFullName(History::getIssueCloser($issue_id)); $subject = ev_gettext('Closed'); if ($entry_id) { $data['reason'] = Support::getEmail($entry_id); } break; case 'updated': // this should not be used anymore return false; case 'notes': $data = self::getNote($issue_id, $entry_id); $headers = array('Message-ID' => $data['note']['not_message_id']); if (@$data['note']['reference_msg_id'] != false) { $headers['In-Reply-To'] = $data['note']['reference_msg_id']; } else { $headers['In-Reply-To'] = Issue::getRootMessageID($issue_id); } $headers['References'] = Mail_Helper::fold(implode(' ', Mail_Helper::getReferences($issue_id, @$data['note']['reference_msg_id'], 'note'))); $subject = 'Note'; break; case 'emails': // this should not be used anymore return false; case 'files': $data = self::getAttachment($issue_id, $entry_id); $subject = 'File Attached'; break; } // FIXME: $data and $subject might be used uninitialized self::notifySubscribers($issue_id, $emails, $type, $data, $subject, $internal_only, $entry_id, $headers); }
// | | // | Free Software Foundation, Inc. | // | 51 Franklin Street, Suite 330 | // | Boston, MA 02110-1301, USA. | // +----------------------------------------------------------------------+ // | Authors: João Prado Maia <*****@*****.**> | // +----------------------------------------------------------------------+ require_once dirname(__FILE__) . '/../init.php'; $tpl = new Template_Helper(); $tpl->setTemplate('main.tpl.html'); Auth::checkAuthentication(APP_COOKIE); $prj_id = Auth::getCurrentProject(); $role_id = Auth::getCurrentRole(); $usr_id = Auth::getUserID(); // redirect partners to list.php instead of sanitizing this page if (User::isPartner($usr_id)) { Auth::redirect('list.php'); } if (isset($_REQUEST['hide_closed'])) { Auth::setCookie(APP_HIDE_CLOSED_STATS_COOKIE, $_REQUEST['hide_closed'], time() + Date_Helper::YEAR); $_COOKIE[APP_HIDE_CLOSED_STATS_COOKIE] = $_REQUEST['hide_closed']; } if (isset($_COOKIE[APP_HIDE_CLOSED_STATS_COOKIE])) { $hide_closed = $_COOKIE[APP_HIDE_CLOSED_STATS_COOKIE]; } else { $hide_closed = 0; } $tpl->assign('hide_closed', $hide_closed); if ($role_id == User::getRoleID('customer')) { $crm = CRM::getInstance($prj_id); // need the activity dashboard here
/** * Routes a note to the correct issue * * @param string $full_message The full note * @return mixed true or array(ERROR_CODE, ERROR_STRING) in case of failure */ public static function route_notes($full_message) { // save the full message for logging purposes Note::saveRoutedNote($full_message); // join the Content-Type line (for easier parsing?) if (preg_match('/^boundary=/m', $full_message)) { $pattern = "#(Content-Type: multipart/.+); ?\r?\n(boundary=.*)\$#im"; $replacement = '$1; $2'; $full_message = preg_replace($pattern, $replacement, $full_message); } list($headers) = Mime_Helper::splitHeaderBody($full_message); // need some validation here if (empty($full_message)) { return array(self::EX_NOINPUT, ev_gettext('Error: The email message was empty.') . "\n"); } // remove the reply-to: header if (preg_match('/^reply-to:.*/im', $full_message)) { $full_message = preg_replace("/^(reply-to:).*\n/im", '', $full_message, 1); } // check if the email routing interface is even supposed to be enabled $setup = Setup::get(); if ($setup['note_routing']['status'] != 'enabled') { return array(self::EX_CONFIG, ev_gettext('Error: The internal note routing interface is disabled.') . "\n"); } if (empty($setup['note_routing']['address_prefix'])) { return array(self::EX_CONFIG, ev_gettext('Error: Please configure the email address prefix.') . "\n"); } if (empty($setup['note_routing']['address_host'])) { return array(self::EX_CONFIG, ev_gettext('Error: Please configure the email address domain.') . "\n"); } $structure = Mime_Helper::decode($full_message, true, true); // find which issue ID this email refers to if (isset($structure->headers['to'])) { $issue_id = self::getMatchingIssueIDs($structure->headers['to'], 'note'); } // validation is always a good idea if (empty($issue_id) and isset($structure->headers['cc'])) { // we need to try the Cc header as well $issue_id = self::getMatchingIssueIDs($structure->headers['cc'], 'note'); } if (empty($issue_id)) { return array(self::EX_DATAERR, ev_gettext('Error: The routed note had no associated Eventum issue ID or had an invalid recipient address.') . "\n"); } $prj_id = Issue::getProjectID($issue_id); // check if the sender is allowed in this issue' project and if it is an internal user $sender_email = strtolower(Mail_Helper::getEmailAddress($structure->headers['from'])); $sender_usr_id = User::getUserIDByEmail($sender_email, true); if ((empty($sender_usr_id) || User::getRoleByUser($sender_usr_id, $prj_id) < User::ROLE_USER || User::isPartner($sender_usr_id) && !Access::canViewInternalNotes($issue_id, $sender_usr_id)) && !Workflow::canSendNote($prj_id, $issue_id, $sender_email, $structure)) { return array(self::EX_NOPERM, ev_gettext("Error: The sender of this email is not allowed in the project associated with issue #{$issue_id}.") . "\n"); } if (empty($sender_usr_id)) { $sender_usr_id = APP_SYSTEM_USER_ID; $unknown_user = $structure->headers['from']; } else { $unknown_user = false; } AuthCookie::setAuthCookie($sender_usr_id); AuthCookie::setProjectCookie($prj_id); // parse the Cc: list, if any, and add these internal users to the issue notification list $addresses = array(); $to_addresses = Mail_Helper::getEmailAddresses(@$structure->headers['to']); if (count($to_addresses)) { $addresses = $to_addresses; } $cc_addresses = Mail_Helper::getEmailAddresses(@$structure->headers['cc']); if (count($cc_addresses)) { $addresses = array_merge($addresses, $cc_addresses); } $cc_users = array(); foreach ($addresses as $email) { $cc_usr_id = User::getUserIDByEmail(strtolower($email), true); if (!empty($cc_usr_id) && User::getRoleByUser($cc_usr_id, $prj_id) >= User::ROLE_USER) { $cc_users[] = $cc_usr_id; } } $body = $structure->body; $reference_msg_id = Mail_Helper::getReferenceMessageID($headers); if (!empty($reference_msg_id)) { $parent_id = Note::getIDByMessageID($reference_msg_id); } else { $parent_id = false; } // insert the new note and send notification about it $_POST = array('title' => @$structure->headers['subject'], 'note' => $body, 'note_cc' => $cc_users, 'add_extra_recipients' => 'yes', 'message_id' => @$structure->headers['message-id'], 'parent_id' => $parent_id); // add the full email to the note if there are any attachments // this is needed because the front end code will display attachment links if (Mime_Helper::hasAttachments($structure)) { $_POST['full_message'] = $full_message; } $usr_id = Auth::getUserID(); $res = Note::insertFromPost($usr_id, $issue_id, $unknown_user, false); // need to handle attachments coming from notes as well if ($res != -1) { Support::extractAttachments($issue_id, $structure, true, $res); } // FIXME! $res == -2 is not handled History::add($issue_id, $usr_id, 'note_routed', 'Note routed from {user}', array('user' => $structure->headers['from'])); return true; }