function getByUserAndProject($project, $user)
 {
     return ProjectUsers::findOne(array('conditions' => array('`user_id` = ? AND `project_id` = ? ', $user->getId(), $project->getId())));
 }
Beispiel #2
0
/**
 * Return true is $user has $access_level (R/W) over $object
 *
 * @param User $user
 * @param ApplicationDataObject $object
 * @param int $access_level // 1 = read ; 2 = write
 * @return unknown
 */
function can_access(User $user, ApplicationDataObject $object, $access_level)
{
    try {
        if (!$object instanceof ApplicationDataObject) {
            throw new Exception(lang('object dnx'));
        }
        $hookargs = array("user" => $user, "object" => $object, "access_level" => $access_level);
        $ret = null;
        Hook::fire('can_access', $hookargs, $ret);
        if (is_bool($ret)) {
            return $ret;
        }
        if ($object instanceof Comment) {
            return can_access($user, $object->getObject(), $access_level);
        }
        if ($user->isGuest() && $access_level == ACCESS_LEVEL_WRITE) {
            return false;
        }
        if ($object instanceof ProjectFileRevision) {
            return can_access($user, $object->getFile(), $access_level);
        }
        if ($object->columnExists('project_id')) {
            $user_id = $user->getId();
            if (!$object instanceof ProjectContact && $object->getCreatedById() == $user_id) {
                return true;
            }
            // the user is the creator of the object
            if ($object instanceof ProjectDataObject && $object->getProject() instanceof Project && $object->getProject()->getId() == $user->getPersonalProjectId()) {
                return true;
            }
            // The object belongs to the user's personal project
            $perms = ObjectUserPermissions::getAllPermissionsByObject($object, $user->getId());
            if ($perms && is_array($perms)) {
                //if the permissions for the user in the object are specially set
                return has_access_level($perms[0], $access_level);
            }
            $group_ids = GroupUsers::getGroupsCSVsByUser($user_id);
            if ($group_ids && $group_ids != '') {
                //user belongs to at least one group
                $perms = ObjectUserPermissions::getAllPermissionsByObject($object, $group_ids);
                if ($perms) {
                    foreach ($perms as $perm) {
                        if (has_access_level($perm, $access_level)) {
                            return true;
                        }
                        //there is one group permission that allows the user to access
                    }
                }
            }
            if ($object instanceof ProjectDataObject && $object->getProject()) {
                //if the object has a project assigned to it
                $proj_perm = ProjectUsers::findOne(array('conditions' => array('user_id = ? AND project_id = ? ', $user_id, $object->getProject()->getId())));
                if ($proj_perm && can_manage_type(get_class($object->manager()), $proj_perm, $access_level)) {
                    return true;
                    // if user has permissions over type of object in the project
                }
                if ($group_ids && $group_ids != '') {
                    //user belongs to at least one group
                    $proj_perms = ProjectUsers::findAll(array('conditions' => array('project_id = ' . $object->getProject()->getId() . ' AND user_id in (' . $group_ids . ')')));
                    if ($proj_perms) {
                        foreach ($proj_perms as $perm) {
                            if (can_manage_type(get_class($object->manager()), $perm, $access_level)) {
                                return true;
                            }
                            // if any group has permissions over type of object in the project
                        }
                    }
                }
            }
        } else {
            // handle object in multiple workspaces
            $user_id = $user->getId();
            if ($object->getCreatedById() == $user_id) {
                return true;
                // the user is the creator of the object
            }
            if ($object instanceof MailContent) {
                $acc = MailAccounts::findById($object->getAccountId());
                if (!$acc instanceof MailAccount) {
                    return false;
                    // it's an email with no account and not created by the user
                } else {
                    if ($access_level == ACCESS_LEVEL_READ && $acc->canView($user) || $access_level == ACCESS_LEVEL_WRITE && $acc->canDelete($user)) {
                        return true;
                    }
                }
            }
            $perms = ObjectUserPermissions::getAllPermissionsByObject($object, $user->getId());
            if ($perms && is_array($perms)) {
                //if the permissions for the user in the object are specially set
                return has_access_level($perms[0], $access_level);
            }
            $group_ids = GroupUsers::getGroupsCSVsByUser($user_id);
            if ($group_ids && $group_ids != '') {
                //user belongs to at least one group
                $perms = ObjectUserPermissions::getAllPermissionsByObject($object, $group_ids);
                if ($perms) {
                    foreach ($perms as $perm) {
                        if (has_access_level($perm, $access_level)) {
                            return true;
                            //there is one group permission that allows the user to access
                        }
                    }
                }
            }
            if ($object instanceof ProjectDataObject) {
                $ws = $object->getWorkspaces();
                foreach ($ws as $w) {
                    // if the object has a project assigned to it
                    $proj_perm = ProjectUsers::findOne(array('conditions' => array('user_id = ? AND project_id = ? ', $user_id, $w->getId())));
                    if ($proj_perm && can_manage_type(get_class($object->manager()), $proj_perm, $access_level)) {
                        return true;
                        // if user has permissions over type of object in the project
                    }
                    if ($group_ids && $group_ids != '') {
                        //user belongs to at least one group
                        $proj_perms = ProjectUsers::findAll(array('conditions' => array('project_id = ' . $w->getId() . ' AND user_id in (' . $group_ids . ')')));
                        if ($proj_perms) {
                            foreach ($proj_perms as $perm) {
                                if (can_manage_type(get_class($object->manager()), $perm, $access_level)) {
                                    return true;
                                }
                                // if any group has permissions over type of object in the project
                            }
                        }
                    }
                }
            }
        }
    } catch (Exception $e) {
        tpl_assign('error', $e);
        return false;
    }
    return false;
}
Beispiel #3
0
 /**
  * Check if this user is part of specific project
  *
  * @param Project $project
  * @return boolean
  */
 function isProjectUser(Project $project)
 {
     if (!isset($this->is_project_user_cache[$project->getId()])) {
         $user_ids = $this->getId();
         $group_ids = GroupUsers::getGroupsCSVsByUser($user_ids);
         if ($group_ids && $group_ids != '') {
             $user_ids = $user_ids . ',' . $group_ids;
         }
         $project_user = ProjectUsers::findOne(array('conditions' => '`user_id` in (' . $user_ids . ') AND ' . 'project_id =' . $project->getId()));
         // findById
         $this->is_project_user_cache[$project->getId()] = $project_user instanceof ProjectUser;
     }
     // if
     return $this->is_project_user_cache[$project->getId()];
 }