public function execute()
{
// only allowed to global admin
if (!wa()->getUser()->getRights('webasyst', 'backend')) {
throw new waRightsException(_w('Access denied'));
}
$contact_id = waRequest::get('id');
$group_ids = null;
if ($contact_id > 0) {
$user_groups_model = new waUserGroupsModel();
$group_ids = $user_groups_model->getGroupIds($contact_id);
$group_ids[] = 0;
}
$app_id = waRequest::get('app');
$right_model = new waContactRightsModel();
$rights = $right_model->get($contact_id, $app_id, null, false);
$group_rights = null;
if ($group_ids) {
$group_rights = $right_model->get(array_map(wa_lambda('$a', 'return -$a;'), $group_ids), $app_id, null, false);
}
// Check custom rights items
$app_config = SystemConfig::getAppConfig($app_id);
$class_name = $app_config->getPrefix() . "RightConfig";
$file_path = $app_config->getAppPath('lib/config/' . $class_name . ".class.php");
if (file_exists($file_path)) {
// Init app
waSystem::getInstance($app_id, $app_config, true);
include $file_path;
/**
* @var waRightConfig $right_config
*/
$right_config = new $class_name();
$rights += $right_config->getRights($contact_id);
if ($group_ids) {
$group_rights += $right_config->getRights(array_map(wa_lambda('$a', 'return -$a;'), $group_ids));
}
$this->view->assign('html', $right_config->getHTML($rights, $group_rights));
waSystem::setActive('contacts');
} else {
$this->view->assign('html', '');
}
if ($contact_id > 0) {
$this->view->assign('user', new waContact($contact_id));
} else {
$gm = new waGroupModel();
$this->view->assign('group', $gm->getById(-$contact_id));
}
$app = wa()->getAppInfo($app_id);
$app['id'] = $app_id;
$this->view->assign('app', $app);
$this->view->assign('rights', $rights);
$this->view->assign('group_rights', $group_rights);
}
/**
* Check blog rights for current or specified user
* @param int $blog_id null to check blog create
* @param bool|int $contact_id
* @param int $mode
* @throws waRightsException
* @internal param $blogRightConfig .RIGHT_READ_WRITE|int $mode
* @return int|null
*/
public static function checkRights($blog_id = null, $contact_id = true, $mode = blogRightConfig::RIGHT_READ_WRITE)
{
static $rights_model;
$rights = null;
if (!$rights_model) {
$rights_model = new waContactRightsModel();
}
if ($contact_id === true) {
$user = wa()->getUser();
if ($user->isAdmin('blog')) {
return blogRightConfig::RIGHT_FULL;
}
$contact_id = $user->getId();
} elseif ($contact_id) {
if ($rights_model->get($contact_id, 'blog', 'backend') > 2) {
return blogRightConfig::RIGHT_FULL;
}
}
if ($contact_id) {
//it's backend
if ($blog_id) {
if ($blog_id === true) {
$rights = $rights_model->get($contact_id, 'blog', blogRightConfig::RIGHT_ADD_BLOG);
if (!$rights) {
throw new waRightsException(_w('Access denied'), 403);
}
} else {
$rights = $rights_model->get($contact_id, 'blog', "blog.{$blog_id}");
if ($rights < $mode) {
throw new waRightsException(_w('Access denied'), 403);
}
}
} else {
$rights = max($rights_model->get($contact_id, 'blog'));
}
} else {
//it's frontend
if ($mode > blogRightConfig::RIGHT_READ) {
throw new waRightsException(_w('Access denied'), 403);
}
$blog_model = new blogBlogModel();
if (!$blog_id || !in_array($blog_id, array($blog_model->getAvailable(false, array(), $blog_id)))) {
throw new waRightsException(_w('Access denied'), 403);
}
return blogRightConfig::RIGHT_READ;
}
return $rights;
}
public function execute()
{
// only allowed to global admin
if (!wa()->getUser()->getRights('webasyst', 'backend')) {
throw new waRightsException('Access denied');
}
if (!($group_id = (int) waRequest::get('id'))) {
throw new waException('Group id not specified.');
}
$gm = new waGroupModel();
$group = $gm->getById($group_id);
$right_model = new waContactRightsModel();
$fullAccess = $right_model->get(-$group_id, 'webasyst', 'backend');
$apps = wa()->getApps();
if (!$fullAccess) {
$appAccess = $right_model->getApps($group_id, 'backend');
}
$noAccess = true;
foreach ($apps as $app_id => &$app) {
$app['id'] = $app_id;
$app['customizable'] = isset($app['rights']) ? (bool) $app['rights'] : false;
$app['access'] = $fullAccess ? 2 : 0;
if (!$app['access'] && isset($appAccess[$app_id])) {
$app['access'] = $appAccess[$app_id];
}
$noAccess = $noAccess && !$app['access'];
}
unset($app);
$this->view->assign('apps', $apps);
$this->view->assign('group', $group);
$this->view->assign('noAccess', $noAccess);
$this->view->assign('fullAccess', $fullAccess);
}
public function execute()
{
$this->view->assign('views', null);
$this->view->assign('settings', $this->getUser()->getSettings('contacts'));
$historyModel = new contactsHistoryModel();
$this->view->assign('history', $historyModel->get());
$cc = new contactsCollection();
$this->view->assign('totalContacts', $cc->count());
// only show categories available to current user
// $crm = new contactsRightsModel();
$wcrm = new waContactRightsModel();
$ccm = new waContactCategoryModel();
// $allowed = $crm->getAllowedCategories();
// $categories = array();
// if($allowed === true) {
// $categories = $ccm->getAll();
// } else if ($allowed) {
// foreach($ccm->getAll() as $cat) {
// if (isset($allowed[$cat['id']])) {
// $categories[] = $cat;
// }
// }
// }
$categories = $ccm->getAll();
$this->view->assign('categories', $categories);
// User views are only available to global admin
$r = new waContactRightsModel();
$this->view->assign('superadmin', FALSE);
$this->view->assign('admin', FALSE);
if (wa()->getUser()->getRights('webasyst', 'backend')) {
$this->view->assign('superadmin', TRUE);
$this->view->assign('admin', TRUE);
// $group_model = new waGroupModel();
// $this->view->assign('groups', $group_model->getAll());
$cc = new contactsCollection('/users/all/');
$this->view->assign('totalUsers', $cc->count());
} else {
if (wa()->getUser()->getRights('contacts', 'backend') >= 2) {
$this->view->assign('admin', TRUE);
}
}
// is user allowed to add contacts?
$this->view->assign('show_create', $wcrm->get(null, null, 'create'));
$event_params = array();
$this->view->assign('backend_sidebar', wa()->event('backend_sidebar', $event_params, array('top_li')));
}
public function execute()
{
// only allowed to global admin
if (!wa()->getUser()->getRights('webasyst', 'backend')) {
throw new waRightsException(_w('Access denied'));
}
$group = null;
$group_id = waRequest::get('id');
if ($group_id) {
$group_model = new waGroupModel();
$group = $group_model->getById($group_id);
}
// only allowed to global admin
$is_global_admin = wa()->getUser()->getRights('webasyst', 'backend');
$right_model = new waContactRightsModel();
$fullAccess = $right_model->get(-$group_id, 'webasyst', 'backend');
$apps = wa()->getApps();
if (!$fullAccess) {
$appAccess = $right_model->getApps($group_id, 'backend');
}
$noAccess = true;
foreach ($apps as $app_id => &$app) {
$app['id'] = $app_id;
$app['customizable'] = isset($app['rights']) ? (bool) $app['rights'] : false;
$app['access'] = $fullAccess ? 2 : 0;
if (!$app['access'] && isset($appAccess[$app_id])) {
$app['access'] = $appAccess[$app_id];
}
$noAccess = $noAccess && !$app['access'];
}
unset($app);
$user_groups = new waUserGroupsModel();
$users_count = $user_groups->countByField(array('group_id' => $group_id));
$this->view->assign('users_count', $users_count);
$this->view->assign('apps', $apps);
$this->view->assign('noAccess', $noAccess);
$this->view->assign('fullAccess', $fullAccess);
$this->view->assign('is_global_admin', $is_global_admin);
$this->view->assign('group', $group);
$this->view->assign('icons', waGroupModel::getIcons());
}
public function execute()
{
// only allowed to global admin
if (!wa()->getUser()->getRights('webasyst', 'backend')) {
throw new waRightsException('Access denied.');
}
$app_id = waRequest::post('app_id');
$name = waRequest::post('name');
$value = (int) waRequest::post('value');
$contact_id = waRequest::get('id');
$has_backend_access_old = $this->hasBackendAccess($contact_id);
if (!$name && !$value) {
$values = waRequest::post('app');
if (!is_array($values)) {
throw new waException('Bad values for access rights.');
}
} else {
$values = array($name => $value);
}
$right_model = new waContactRightsModel();
$is_admin = $right_model->get($contact_id, 'webasyst', 'backend', false);
if ($is_admin && $app_id != 'webasyst') {
throw new waException('Cannot change application rights for global admin.');
}
// If $contact_id used to have limited access and we're changing global admin privileges,
// then need to notify all applications to remove their custom access records.
if (!$is_admin && $app_id == 'webasyst' && $name == 'backend') {
foreach (wa()->getApps() as $aid => $app) {
try {
if (isset($app['rights']) && $app['rights']) {
$app_config = SystemConfig::getAppConfig($aid);
$class_name = $app_config->getPrefix() . "RightConfig";
$file_path = $app_config->getAppPath('lib/config/' . $class_name . ".class.php");
$right_config = null;
if (!file_exists($file_path)) {
continue;
}
waSystem::getInstance($aid, $app_config);
include_once $file_path;
/**
* @var waRightConfig
*/
$right_config = new $class_name();
$right_config->clearRights($contact_id);
}
} catch (Exception $e) {
// silently ignore other applications errors
}
}
}
// Update $app_id access records
$app_config = SystemConfig::getAppConfig($app_id);
$class_name = $app_config->getPrefix() . "RightConfig";
$file_path = $app_config->getAppPath('lib/config/' . $class_name . ".class.php");
$right_config = null;
if (file_exists($file_path)) {
// Init app
waSystem::getInstance($app_id, $app_config);
include_once $file_path;
/**
* @var waRightConfig
*/
$right_config = new $class_name();
}
foreach ($values as $name => $value) {
if ($right_config && $right_config->setRights($contact_id, $name, $value)) {
// If we've got response from custom rights config, then no need to update main rights table
continue;
}
// Set default limited rights
if ($right_config && $name == 'backend' && $value == 1) {
/**
* @var $right_config waRightConfig
*/
foreach ($right_config->setDefaultRights($contact_id) as $n => $v) {
$right_model->save($contact_id, $app_id, $n, $v);
}
}
$right_model->save($contact_id, $app_id, $name, $value);
}
waSystem::setActive('contacts');
if ($contact_id) {
// TODO: use waContact method for disabling
$is_user = waRequest::post('is_user', null, 'int');
if ($is_user === -1 || $is_user === 0 || $is_user === 1) {
$contact = new waContact($contact_id);
$contact->save(array('is_user' => $is_user));
$this->response['access_disable_msg'] = contactsHelper::getAccessDisableMsg($contact);
}
}
$has_backend_access_new = $this->hasBackendAccess($contact_id);
if ($has_backend_access_new !== $has_backend_access_old) {
if ($has_backend_access_new) {
$this->logAction("grant_backend_access", null, $contact_id);
} else {
$this->logAction("revoke_backend_access", null, $contact_id);
}
}
}
/**
* Returns information about a contact's access rights configuration.
*
* @param string $app_id Id of the app for which contact's access rights configuration must be returned.
* @param string $name String id of the access rights element available for the specified app. If not specified,
* all values of access rights for the current contact are returned. If % character is appended to the access
* rights element id, then the access rights values for that element are returned as an array. The array
* structure is defined by the value of the $assoc parameter.
* @param bool $assoc Flag defining the structure of the returned array:
* - true (default): multi-fields of access rights configuration elements are included in the returned array
* with access rights elements' ids as array keys and 1 as their values.
* - false: array keys are incremented starting from 0, array item values containing the ids of access
* rights configuration elements of access rights multi-fields enabled for a user.
* @return int|bool|array
*/
public function getRights($app_id, $name = null, $assoc = true)
{
if ($name !== null && substr($name, -1) === '%') {
if (!$this->id) {
return array();
}
$right_model = new waContactRightsModel();
$data = $right_model->get($this->id, $app_id);
$result = array();
$prefix = substr($name, 0, -1);
$n = strlen($prefix);
foreach ($data as $key => $value) {
if (substr($key, 0, $n) === $prefix) {
if ($assoc) {
$result[substr($key, $n)] = $value;
} else {
$result[] = substr($key, $n);
}
}
}
return $result;
} else {
if (!$this->id) {
return false;
}
$right_model = new waContactRightsModel();
$r = $right_model->get($this->id, $app_id, $name);
// check .all
if (!$r && strpos($name, '.') !== false) {
return $right_model->get($this->id, $app_id, substr($name, 0, strpos($name, '.')) . '.all');
}
return $r;
}
}
