public function execute()
{
// Only show categories available to current user
$crm = new contactsRightsModel();
$cm = new waContactCategoryModel();
// List of categories user is allowed to add contacts to
$categories = $cm->getAll('id');
$allowed = $crm->getAllowedCategories();
if ($allowed === true) {
$allowed = $categories;
}
foreach ($categories as $id => &$cat) {
if (!isset($allowed[$id]) || $cat['system_id']) {
unset($categories[$id]);
}
$cat = $cat['name'];
}
unset($cat);
// Set of catorories that are always checked and disabled in list
$d = waRequest::get('disabled');
if (!is_array($d)) {
$d = array($d);
}
$this->view->assign('categories', $categories);
$this->view->assign('disabled', array_fill_keys($d, true));
}
function getOptions($id = null)
{
if (!$this->model) {
$this->model = new waContactCategoryModel();
}
if (!$this->categories) {
$this->categories = $this->model->getALl('id');
}
// Checklist options, category_id => name
$options = array();
foreach ($this->categories as $id => $row) {
$options[$id] = $row['name'];
}
// Admins are allowed to see everything, and person outside of contacts app can see a list of categories too
if (wa()->getApp() != 'contacts' || wa()->getUser()->getRights('contacts', 'category.all')) {
return $options;
}
// Only load categories available for current user
$crm = new contactsRightsModel();
$allowed = $crm->getAllowedCategories();
foreach ($options as $id => $row) {
if (!isset($allowed[$id])) {
unset($options[$id]);
}
}
return $options;
}
public function save(waContact $contact, $fields)
{
if (!isset($fields['categories'])) {
return TRUE;
}
if (empty($fields['categories'][0])) {
$fields['categories'] = array();
}
if (wa()->getApp() == 'contacts' && !wa()->getUser()->getRights('contacts', 'category.all')) {
// only save categories available for current user to see, and do not change others
$crm = new contactsRightsModel();
$cats = $this->getModel()->getContactCategories($contact->getId());
$allowed = $crm->getAllowedCategories();
$set = $fields['categories'] ? array_flip($fields['categories']) : array();
foreach ($allowed as $id => $cat) {
if (isset($set[$id])) {
$cats[$id] = true;
} else {
unset($cats[$id]);
}
}
$fields['categories'] = array_keys($cats);
}
$this->getModel()->setContactCategories($contact->getId(), $fields['categories']);
return TRUE;
}
public function execute()
{
$ids = waRequest::post('id', array(), 'array_int');
if (!$ids) {
$ids = (int) waRequest::get('id');
if (!$ids) {
throw new Exception('No ids specified.');
}
$ids = array($ids);
}
// do not try to delete self
if (in_array($this->getUser()->getId(), $ids)) {
die('<p>' . _w('You can not delete yourself.') . '</p><p>' . _w('Please eliminate yourself from deletion list.') . '</p>');
}
// Only allow actions with contacts available for current user
if (!$this->getRights('category.all')) {
$crm = new contactsRightsModel();
$ccm = new waContactCategoriesModel();
$allowed = array_keys($crm->getAllowedCategories());
foreach ($ccm->getContactsCategories($ids) as $id => $cats) {
if (!array_intersect($allowed, $cats)) {
throw new waRightsException('Access denied');
}
}
}
$superadmin = wa()->getUser()->getRights('webasyst', 'backend');
$result = wa()->event('links', $ids);
$this->view->assign('apps', wa()->getApps());
$links = array();
foreach ($result as $app_id => $app_links) {
foreach ($app_links as $contact_id => $contact_links) {
if ($contact_links) {
$links[$contact_id][$app_id] = $contact_links;
}
}
}
// Do not allow non-superadmin to remove users
if (!$superadmin) {
$um = new waUserModel();
$users = array_keys($um->getByField(array('id' => $ids, 'is_user' => 1), 'id'));
foreach ($users as $user_id) {
if (!isset($links[$user_id]['contacts'])) {
$links[$user_id]['contacts'] = array();
}
$links[$user_id]['contacts'][] = array('user', 1);
}
}
$contact_model = new waContactModel();
$this->view->assign('ids', $superadmin ? $ids : array_diff($ids, array_keys($links)));
$this->view->assign('contacts', $contact_model->getName(array_keys($links)));
$this->view->assign('superadmin', $superadmin);
$this->view->assign('all', count($ids));
$this->view->assign('links', $links);
}
public function execute()
{
$superadmin = $this->getUser()->getRights('webasyst', 'backend');
$contacts = waRequest::post('id', array(), 'array_int');
// do not try to delete self
if (in_array($this->getUser()->getId(), $contacts)) {
throw new waRightsException('Access denied: attempt to delete own account.');
}
// Only allow actions with contacts available for current user
if (!$this->getRights('category.all')) {
$crm = new contactsRightsModel();
$ccm = new waContactCategoriesModel();
$allowed = array_keys($crm->getAllowedCategories());
foreach ($ccm->getContactsCategories($contacts) as $id => $cats) {
if (!array_intersect($allowed, $cats)) {
throw new waRightsException('Access denied: no access to contact ' . $id);
}
}
}
// Deletion of contacts with links to other applications is only allowed to superadmins
if (!$superadmin && ($links = wa()->event('links', $contacts))) {
foreach ($links as $app_id => $l) {
foreach ($l as $contact_id => $contact_links) {
if ($contact_links) {
throw new waRightsException('Access denied: only superadmin is allowed to delete contacts with links to other applications.');
}
}
}
}
// Are there users among $contacts?
$um = new waUserModel();
$users = array_keys($um->getByField(array('id' => $contacts, 'is_user' => 1), 'id'));
// deletion of users is only allowed to superadmins
if (!$superadmin && $users) {
throw new waRightsException('Access denied: only superadmin is allowed to delete users.');
}
// Revoke user access before deletion
foreach ($users as $user_id) {
waUser::revokeUser($user_id);
}
// Bye bye...
$contact_model = new waContactModel();
$contact_model->delete($contacts);
// also throws a contacts.delete event
$this->response['deleted'] = count($contacts);
$this->response['message'] = sprintf(_w("%d contact has been deleted", "%d contacts have been deleted", $this->response['deleted']), $this->response['deleted']);
$this->log('contact_delete', count($contacts));
}
public function execute()
{
$this->view->assign('views', null);
$this->view->assign('settings', $this->getUser()->getSettings('contacts'));
$historyModel = new contactsHistoryModel();
$this->view->assign('history', $historyModel->get());
$cc = new contactsCollection();
$this->view->assign('totalContacts', $cc->count());
// only show categories available to current user
$crm = new contactsRightsModel();
$wcrm = new waContactRightsModel();
$ccm = new waContactCategoryModel();
$allowed = $crm->getAllowedCategories();
$categories = array();
if ($allowed === true) {
$categories = $ccm->getAll();
} else {
if ($allowed) {
foreach ($ccm->getAll() as $cat) {
if (isset($allowed[$cat['id']])) {
$categories[] = $cat;
}
}
}
}
$this->view->assign('categories', $categories);
// User views are only available to global admin
$r = new waContactRightsModel();
$this->view->assign('superadmin', FALSE);
$this->view->assign('admin', FALSE);
if (wa()->getUser()->getRights('webasyst', 'backend')) {
$this->view->assign('superadmin', TRUE);
$this->view->assign('admin', TRUE);
$group_model = new waGroupModel();
$this->view->assign('groups', $group_model->getAll());
$cc = new contactsCollection('/users/all/');
$this->view->assign('totalUsers', $cc->count());
} else {
if (wa()->getUser()->getRights('contacts', 'backend') >= 2) {
$this->view->assign('admin', TRUE);
}
}
// is user allowed to add contacts?
$this->view->assign('show_create', $wcrm->get(null, null, 'create'));
}
protected function checkAccess()
{
if ($this->getRights('category.all')) {
return;
}
// Only allow actions with categories available for current user
$crm = new contactsRightsModel();
$allowed = $crm->getAllowedCategories();
foreach (waRequest::post('categories', array(), 'array_int') as $id) {
if (!isset($allowed[$id])) {
throw new waRightsException('Access denied');
}
}
// Only allow actions with contacts available for current user
$allowed = array_keys($allowed);
$ccm = new waContactCategoriesModel();
foreach ($ccm->getContactsCategories(waRequest::post('contacts', array(), 'array_int')) as $id => $cats) {
if (!array_intersect($allowed, $cats)) {
throw new waRightsException('Access denied');
}
}
}