function tabs_submit()
 {
     ajx_current("empty");
     evt_add("tabs changed", null);
     if (!can_manage_configuration(logged_user())) {
         flash_error(lang('no access permissions'));
         ajx_current("empty");
         return;
     }
     foreach ($_POST['tabs'] as $id => $tab) {
         $ordering = (int) $tab['ordering'];
         $title = mysql_real_escape_string($tab['title']);
         $enabled = array_var($tab, 'enabled') == "on" ? 1 : 0;
         if ($tp = TabPanels::instance()->findById($id)) {
             $tp->setOrdering($ordering);
             $tp->setTitle($title);
             $tp->setEnabled($enabled);
             if ($enabled) {
                 $pg_id = logged_user()->getPermissionGroupId();
                 if (!TabPanelPermissions::isModuleEnabled($tp->getId(), $pg_id)) {
                     $tpp = new TabPanelPermission();
                     $tpp->setPermissionGroupId($pg_id);
                     $tpp->setTabPanelId($tp->getId());
                     $tpp->save();
                 }
             }
             $tp->save();
         }
     }
 }
	/**
	 * Finish the installation - create owner company and administrator
	 *
	 * @param void
	 * @return null
	 */
	function complete_installation() {
		
		if(Contacts::getOwnerCompany() instanceof Contact) {
			die('Owner company already exists'); // Somebody is trying to access this method even if the user already exists
		} // if

		$form_data = array_var($_POST, 'form');
		tpl_assign('form_data', $form_data);

		if(array_var($form_data, 'submited') == 'submited') {
			try {
				$admin_password = trim(array_var($form_data, 'admin_password'));
				$admin_password_a = trim(array_var($form_data, 'admin_password_a'));

				if(trim($admin_password) == '') {
					throw new Error(lang('password value required'));
				} // if

				if($admin_password <> $admin_password_a) {
					throw new Error(lang('passwords dont match'));
				} // if

				DB::beginWork();

				Contacts::delete(); // clear users table

				// Create a company
				$company = new Contact();
				$company->setFirstName(array_var($form_data, 'company_name'));
				$company->setObjectName();
				$company->setIsCompany(true);
				$company->save();
				
				// Init default colors
				set_config_option('brand_colors_head_back', "000000");
				set_config_option('brand_colors_tabs_back', "14780e");
				set_config_option('brand_colors_head_font', "ffffff");
				set_config_option('brand_colors_tabs_font', "ffffff");

				// Create the administrator user
				$administrator = new Contact();
				$pergroup = PermissionGroups::findOne(array('conditions'=>"`name`='Super Administrator'"));
				$administrator->setUserType($pergroup->getId());
				$administrator->setCompanyId($company->getId());
				$administrator->setUsername(array_var($form_data, 'admin_username'));
				
				
				$administrator->setPassword($admin_password);
				$administrator->setFirstname(array_var($form_data, 'admin_username'));
				$administrator->setObjectName();
				$administrator->save();
				
				$user_password = new ContactPassword();
				$user_password->setContactId($administrator->getId());
				$user_password->password_temp = $admin_password;
				$user_password->setPasswordDate(DateTimeValueLib::now());
				$user_password->setPassword(cp_encrypt($admin_password, $user_password->getPasswordDate()->getTimestamp()));
				$user_password->save();
				
				//Add email after save because is needed. 
				$administrator->addEmail(array_var($form_data, 'admin_email'), 'personal', true);
				
				//permissions
				$permission_group = new PermissionGroup();
				$permission_group->setName('Account Owner');
				$permission_group->setContactId($administrator->getId());
				$permission_group->setIsContext(false);
				$permission_group->setType("permission_groups");
				$permission_group->save();
				
				$administrator->setPermissionGroupId($permission_group->getId());
				$administrator->save();
				
				$company->setCreatedById($administrator->getId());
				$company->setUpdatedById($administrator->getId());
				$company->save();
				
				$contact_pg = new ContactPermissionGroup();
				$contact_pg->setContactId($administrator->getId());
				$contact_pg->setPermissionGroupId($permission_group->getId());
				$contact_pg->save();
				
				// tab panel permissions
				$panels = TabPanels::getEnabled();
				foreach ($panels as $panel) {
					$tpp = new TabPanelPermission();
					$tpp->setPermissionGroupId($administrator->getPermissionGroupId());
					$tpp->setTabPanelId($panel->getId());
					$tpp->save();
				}
				
				// dimension permissions
				$dimensions = Dimensions::findAll();
				foreach ($dimensions as $dimension) {
					if ($dimension->getDefinesPermissions()) {
						$cdp = ContactDimensionPermissions::findOne(array("conditions" => "`permission_group_id` = ".$administrator->getPermissionGroupId()." AND `dimension_id` = ".$dimension->getId()));
						if (!$cdp instanceof ContactDimensionPermission) {
							$cdp = new ContactDimensionPermission();
							$cdp->setPermissionGroupId($administrator->getPermissionGroupId());
							$cdp->setContactDimensionId($dimension->getId());
						}
						$cdp->setPermissionType('allow all');
						$cdp->save();
						
						// contact member permisssion entries
						$members = $dimension->getAllMembers();
						foreach ($members as $member) {
							$ots = DimensionObjectTypeContents::getContentObjectTypeIds($dimension->getId(), $member->getObjectTypeId());
							$ots[]=$member->getObjectId();
							foreach ($ots as $ot) {
								$cmp = ContactMemberPermissions::findOne();
								if (!$cmp instanceof ContactMemberPermission) {
									$cmp = new ContactMemberPermission(array("conditions" => "`permission_group_id` = ".$administrator->getPermissionGroupId()." AND `member_id` = ".$member->getId()." AND `object_type_id` = $ot"));
									$cmp->setPermissionGroupId($administrator->getPermissionGroupId());
									$cmp->setMemberId($member->getId());
									$cmp->setObjectTypeId($ot);
								}
								$cmp->setCanWrite(1);
								$cmp->setCanDelete(1);
								$cmp->save();
							}
						}
					}
				}
				
				// system permissions
				$sp = new SystemPermission();
				$sp->setPermissionGroupId($administrator->getPermissionGroupId());
				$sp->setAllPermissions(true);
				$sp->save();
				
				Hook::fire('after_user_add', $administrator, $null);
				
				DB::commit();

				$this->redirectTo('access', 'login');
			} catch(Exception $e) {
				tpl_assign('error', $e);
				DB::rollback();
			} // try
		} // if
	} // complete_installation
 /**
  * Finish the installation - create owner company and administrator
  *
  * @param void
  * @return null
  */
 function complete_installation()
 {
     if (Contacts::getOwnerCompany() instanceof Contact) {
         die('Owner company already exists');
         // Somebody is trying to access this method even if the user already exists
     }
     // if
     $form_data = array_var($_POST, 'form');
     tpl_assign('form_data', $form_data);
     if (array_var($form_data, 'submited') == 'submited') {
         try {
             $admin_password = trim(array_var($form_data, 'admin_password'));
             $admin_password_a = trim(array_var($form_data, 'admin_password_a'));
             if (trim($admin_password) == '') {
                 throw new Error(lang('password value required'));
             }
             // if
             if ($admin_password != $admin_password_a) {
                 throw new Error(lang('passwords dont match'));
             }
             // if
             DB::beginWork();
             Contacts::delete();
             // clear users table
             // Create a company
             $company = new Contact();
             $company->setFirstName(array_var($form_data, 'company_name'));
             $company->setObjectName();
             $company->setIsCompany(true);
             $company->save();
             // Init default colors
             set_config_option('brand_colors_head_back', "424242");
             set_config_option('brand_colors_tabs_back', "e7e7e7");
             set_config_option('brand_colors_head_font', "FFFFFF");
             set_config_option('brand_colors_tabs_font', "333333");
             // Create the administrator user
             $administrator = new Contact();
             $pergroup = PermissionGroups::findOne(array('conditions' => "`name`='Super Administrator'"));
             $administrator->setUserType($pergroup->getId());
             $administrator->setCompanyId($company->getId());
             $administrator->setUsername(array_var($form_data, 'admin_username'));
             $administrator->setPassword($admin_password);
             $administrator->setFirstname(array_var($form_data, 'admin_username'));
             $administrator->setObjectName();
             $administrator->save();
             $user_password = new ContactPassword();
             $user_password->setContactId($administrator->getId());
             $user_password->password_temp = $admin_password;
             $user_password->setPasswordDate(DateTimeValueLib::now());
             $user_password->setPassword(cp_encrypt($admin_password, $user_password->getPasswordDate()->getTimestamp()));
             $user_password->save();
             //Add email after save because is needed.
             $administrator->addEmail(array_var($form_data, 'admin_email'), 'personal', true);
             //permissions
             $permission_group = new PermissionGroup();
             $permission_group->setName('Account Owner');
             $permission_group->setContactId($administrator->getId());
             $permission_group->setIsContext(false);
             $permission_group->setType("permission_groups");
             $permission_group->save();
             $administrator->setPermissionGroupId($permission_group->getId());
             $administrator->save();
             $company->setCreatedById($administrator->getId());
             $company->setUpdatedById($administrator->getId());
             $company->save();
             $contact_pg = new ContactPermissionGroup();
             $contact_pg->setContactId($administrator->getId());
             $contact_pg->setPermissionGroupId($permission_group->getId());
             $contact_pg->save();
             // tab panel permissions
             $panels = TabPanels::getEnabled();
             foreach ($panels as $panel) {
                 $tpp = new TabPanelPermission();
                 $tpp->setPermissionGroupId($administrator->getPermissionGroupId());
                 $tpp->setTabPanelId($panel->getId());
                 $tpp->save();
             }
             // dimension permissions
             $dimensions = Dimensions::findAll();
             foreach ($dimensions as $dimension) {
                 if ($dimension->getDefinesPermissions()) {
                     $cdp = ContactDimensionPermissions::findOne(array("conditions" => "`permission_group_id` = " . $administrator->getPermissionGroupId() . " AND `dimension_id` = " . $dimension->getId()));
                     if (!$cdp instanceof ContactDimensionPermission) {
                         $cdp = new ContactDimensionPermission();
                         $cdp->setPermissionGroupId($administrator->getPermissionGroupId());
                         $cdp->setContactDimensionId($dimension->getId());
                     }
                     $cdp->setPermissionType('allow all');
                     $cdp->save();
                     // contact member permisssion entries
                     $members = $dimension->getAllMembers();
                     foreach ($members as $member) {
                         $ots = DimensionObjectTypeContents::getContentObjectTypeIds($dimension->getId(), $member->getObjectTypeId());
                         $ots[] = $member->getObjectId();
                         foreach ($ots as $ot) {
                             $cmp = ContactMemberPermissions::findOne();
                             if (!$cmp instanceof ContactMemberPermission) {
                                 $cmp = new ContactMemberPermission(array("conditions" => "`permission_group_id` = " . $administrator->getPermissionGroupId() . " AND `member_id` = " . $member->getId() . " AND `object_type_id` = {$ot}"));
                                 $cmp->setPermissionGroupId($administrator->getPermissionGroupId());
                                 $cmp->setMemberId($member->getId());
                                 $cmp->setObjectTypeId($ot);
                             }
                             $cmp->setCanWrite(1);
                             $cmp->setCanDelete(1);
                             $cmp->save();
                         }
                     }
                 }
             }
             // system permissions
             $sp = new SystemPermission();
             $sp->setPermissionGroupId($administrator->getPermissionGroupId());
             $sp->setAllPermissions(true);
             $sp->save();
             // root permissions
             DB::executeAll("\r\n\t\t\t\tINSERT INTO " . TABLE_PREFIX . "contact_member_permissions (permission_group_id, member_id, object_type_id, can_delete, can_write)\r\n\t\t\t\t  SELECT " . $administrator->getPermissionGroupId() . ", 0, rtp.object_type_id, rtp.can_delete, rtp.can_write FROM " . TABLE_PREFIX . "role_object_type_permissions rtp \r\n\t\t\t\t  WHERE rtp.object_type_id NOT IN (SELECT id FROM " . TABLE_PREFIX . "object_types WHERE name IN ('mail','template','file_revision')) AND rtp.role_id in (\r\n\t\t\t\t    SELECT pg.id FROM " . TABLE_PREFIX . "permission_groups pg WHERE pg.type='roles' AND pg.name IN ('Super Administrator','Administrator','Manager','Executive')\r\n\t\t\t\t  )\r\n\t\t\t\tON DUPLICATE KEY UPDATE member_id=0;");
             Hook::fire('after_user_add', $administrator, $null);
             DB::commit();
             $this->redirectTo('access', 'login');
         } catch (Exception $e) {
             tpl_assign('error', $e);
             DB::rollback();
         }
         // try
     }
     // if
 }
Beispiel #4
0
function save_permissions($pg_id, $is_guest = false)
{
    $sys_permissions_data = array_var($_POST, 'sys_perm');
    $changed_members = array();
    //module permissions
    $mod_permissions_data = array_var($_POST, 'mod_perm');
    TabPanelPermissions::clearByPermissionGroup($pg_id);
    if (!is_null($mod_permissions_data) && is_array($mod_permissions_data)) {
        foreach ($mod_permissions_data as $tab_id => $val) {
            $tpp = new TabPanelPermission();
            $tpp->setPermissionGroupId($pg_id);
            $tpp->setTabPanelId($tab_id);
            $tpp->save();
        }
    }
    //system permissions
    $system_permissions = SystemPermissions::findById($pg_id);
    if (!$system_permissions instanceof SystemPermission) {
        $system_permissions = new SystemPermission();
        $system_permissions->setPermissionGroupId($pg_id);
    }
    $system_permissions->setAllPermissions(false);
    $other_permissions = array();
    Hook::fire('add_user_permissions', $pg_id, $other_permissions);
    foreach ($other_permissions as $k => $v) {
        $system_permissions->setColumnValue($k, false);
    }
    $sys_permissions_data['can_task_assignee'] = !$is_guest;
    $system_permissions->setFromAttributes($sys_permissions_data);
    $system_permissions->save();
    //member permissions
    $permissionsString = array_var($_POST, 'permissions');
    if ($permissionsString && $permissionsString != '') {
        $permissions = json_decode($permissionsString);
    }
    if (isset($permissions) && !is_null($permissions) && is_array($permissions)) {
        $allowed_members_ids = array();
        foreach ($permissions as $perm) {
            if (!isset($all_perm_deleted[$perm->m])) {
                $all_perm_deleted[$perm->m] = true;
            }
            $allowed_members_ids[$perm->m] = array();
            $allowed_members_ids[$perm->m]['pg'] = $pg_id;
            $cmp = ContactMemberPermissions::findById(array('permission_group_id' => $pg_id, 'member_id' => $perm->m, 'object_type_id' => $perm->o));
            if (!$cmp instanceof ContactMemberPermission) {
                $cmp = new ContactMemberPermission();
                $cmp->setPermissionGroupId($pg_id);
                $cmp->setMemberId($perm->m);
                $cmp->setObjectTypeId($perm->o);
            }
            $cmp->setCanWrite($is_guest ? false : $perm->w);
            $cmp->setCanDelete($is_guest ? false : $perm->d);
            if ($perm->r) {
                if (isset($allowed_members_ids[$perm->m]['w'])) {
                    if ($allowed_members_ids[$perm->m]['w'] != 1) {
                        $allowed_members_ids[$perm->m]['w'] = $is_guest ? false : $perm->w;
                    }
                } else {
                    $allowed_members_ids[$perm->m]['w'] = $is_guest ? false : $perm->w;
                }
                if (isset($allowed_members_ids[$perm->m]['d'])) {
                    if ($allowed_members_ids[$perm->m]['d'] != 1) {
                        $allowed_members_ids[$perm->m]['d'] = $is_guest ? false : $perm->d;
                    }
                } else {
                    $allowed_members_ids[$perm->m]['d'] = $is_guest ? false : $perm->d;
                }
                $cmp->save();
                $all_perm_deleted[$perm->m] = false;
            } else {
                $cmp->delete();
            }
            $changed_members[] = $perm->m;
        }
        $sharingTablecontroller = new SharingTableController();
        $sharingTablecontroller->afterPermissionChanged($pg_id, $permissions);
        foreach ($allowed_members_ids as $key => $mids) {
            $mbm = Members::findById($key);
            $root_cmp = ContactMemberPermissions::findById(array('permission_group_id' => $mids['pg'], 'member_id' => $key, 'object_type_id' => $mbm->getObjectTypeId()));
            if (!$root_cmp instanceof ContactMemberPermission) {
                $root_cmp = new ContactMemberPermission();
                $root_cmp->setPermissionGroupId($mids['pg']);
                $root_cmp->setMemberId($key);
                $root_cmp->setObjectTypeId($mbm->getObjectTypeId());
            }
            $root_cmp->setCanWrite($mids['w']);
            $root_cmp->setCanDelete($mids['d']);
            $root_cmp->save();
        }
        foreach ($all_perm_deleted as $mid => $pd) {
            if ($pd) {
                ContactMemberPermissions::instance()->delete("`permission_group_id` = {$pg_id} AND `member_id` = {$mid}");
            }
        }
    }
    // set all permissiions to read_only
    if ($is_guest) {
        $all_saved_permissions = ContactMemberPermissions::findAll(array("conditions" => "`permission_group_id` = {$pg_id}"));
        foreach ($all_saved_permissions as $sp) {
            /* @var $sp ContactMemberPermission */
            if ($sp->getCanDelete() || $sp->getCanWrite()) {
                $sp->setCanDelete(false);
                $sp->setCanWrite(false);
                $sp->save();
            }
        }
        $cdps = ContactDimensionPermissions::findAll(array("conditions" => "`permission_type` = 'allow all'"));
        foreach ($cdps as $cdp) {
            $cdp->setPermissionType('check');
            $cdp->save();
        }
    }
    // check the status of the changed dimensions to set 'allow_all', 'deny_all' or 'check'
    $dimensions = Dimensions::findAll(array("conditions" => array("`id` IN (SELECT DISTINCT `dimension_id` FROM " . Members::instance()->getTableName(true) . " WHERE `id` IN (?))", $changed_members)));
    foreach ($dimensions as $dimension) {
        $mem_ids = $dimension->getAllMembers(true);
        if (count($mem_ids) == 0) {
            $mem_ids[] = 0;
        }
        $count = ContactMemberPermissions::count(array('conditions' => "`permission_group_id`={$pg_id} AND `member_id` IN (" . implode(",", $mem_ids) . ") AND `can_delete` = 0"));
        if ($count > 0) {
            $dimension->setContactDimensionPermission($pg_id, 'check');
        } else {
            $count = ContactMemberPermissions::count(array('conditions' => "`permission_group_id`={$pg_id} AND `member_id` IN (" . implode(",", $mem_ids) . ")"));
            if ($count == 0) {
                $dimension->setContactDimensionPermission($pg_id, 'deny all');
            } else {
                $allow_all = true;
                $dim_obj_types = $dimension->getAllowedObjectTypeContents();
                $members = Members::findAll("`id` IN (" . implode(",", $mem_ids) . ")");
                foreach ($dim_obj_types as $dim_obj_type) {
                    $mem_ids_for_ot = array();
                    foreach ($members as $member) {
                        if ($dim_obj_type->getDimensionObjectTypeId() == $member->getObjectTypeId()) {
                            $mem_ids_for_ot[] = $member->getId();
                        }
                    }
                    if (count($mem_ids_for_ot) == 0) {
                        $mem_ids_for_ot[] = 0;
                    }
                    $count = ContactMemberPermissions::count(array('conditions' => "`permission_group_id`={$pg_id} AND \n\t\t\t\t\t\t`object_type_id` = " . $dim_obj_type->getContentObjectTypeId() . " AND `can_delete` = 1 AND `member_id` IN (" . implode(",", $mem_ids_for_ot) . ")"));
                    if ($count != count($mem_ids_for_ot)) {
                        $allow_all = false;
                        break;
                    }
                }
                if ($allow_all) {
                    $dimension->setContactDimensionPermission($pg_id, 'allow all');
                } else {
                    $dimension->setContactDimensionPermission($pg_id, 'check');
                }
            }
        }
    }
}