public function execute()
{
// only allowed to global admin
if (!wa()->getUser()->getRights('webasyst', 'backend')) {
throw new waRightsException('Access denied.');
}
$app_id = waRequest::post('app_id');
$name = waRequest::post('name');
$value = (int) waRequest::post('value');
$contact_id = waRequest::get('id');
$has_backend_access_old = $this->hasBackendAccess($contact_id);
if (!$name && !$value) {
$values = waRequest::post('app');
if (!is_array($values)) {
throw new waException('Bad values for access rights.');
}
} else {
$values = array($name => $value);
}
$right_model = new waContactRightsModel();
$is_admin = $right_model->get($contact_id, 'webasyst', 'backend', false);
if ($is_admin && $app_id != 'webasyst') {
throw new waException('Cannot change application rights for global admin.');
}
// If $contact_id used to have limited access and we're changing global admin privileges,
// then need to notify all applications to remove their custom access records.
if (!$is_admin && $app_id == 'webasyst' && $name == 'backend') {
foreach (wa()->getApps() as $aid => $app) {
try {
if (isset($app['rights']) && $app['rights']) {
$app_config = SystemConfig::getAppConfig($aid);
$class_name = $app_config->getPrefix() . "RightConfig";
$file_path = $app_config->getAppPath('lib/config/' . $class_name . ".class.php");
$right_config = null;
if (!file_exists($file_path)) {
continue;
}
waSystem::getInstance($aid, $app_config);
include_once $file_path;
/**
* @var waRightConfig
*/
$right_config = new $class_name();
$right_config->clearRights($contact_id);
}
} catch (Exception $e) {
// silently ignore other applications errors
}
}
}
// Update $app_id access records
$app_config = SystemConfig::getAppConfig($app_id);
$class_name = $app_config->getPrefix() . "RightConfig";
$file_path = $app_config->getAppPath('lib/config/' . $class_name . ".class.php");
$right_config = null;
if (file_exists($file_path)) {
// Init app
waSystem::getInstance($app_id, $app_config);
include_once $file_path;
/**
* @var waRightConfig
*/
$right_config = new $class_name();
}
foreach ($values as $name => $value) {
if ($right_config && $right_config->setRights($contact_id, $name, $value)) {
// If we've got response from custom rights config, then no need to update main rights table
continue;
}
// Set default limited rights
if ($right_config && $name == 'backend' && $value == 1) {
/**
* @var $right_config waRightConfig
*/
foreach ($right_config->setDefaultRights($contact_id) as $n => $v) {
$right_model->save($contact_id, $app_id, $n, $v);
}
}
$right_model->save($contact_id, $app_id, $name, $value);
}
waSystem::setActive('contacts');
if ($contact_id) {
// TODO: use waContact method for disabling
$is_user = waRequest::post('is_user', null, 'int');
if ($is_user === -1 || $is_user === 0 || $is_user === 1) {
$contact = new waContact($contact_id);
$contact->save(array('is_user' => $is_user));
$this->response['access_disable_msg'] = contactsHelper::getAccessDisableMsg($contact);
}
}
$has_backend_access_new = $this->hasBackendAccess($contact_id);
if ($has_backend_access_new !== $has_backend_access_old) {
if ($has_backend_access_new) {
$this->logAction("grant_backend_access", null, $contact_id);
} else {
$this->logAction("revoke_backend_access", null, $contact_id);
}
}
}
/** Save list using POST data from list settings form */
public function ListsaveAction()
{
$list = array('name' => waRequest::post('name', ''), 'color_class' => waRequest::post('color_class', 'c-yellow'), 'icon' => waRequest::post('icon', 'notebook'));
if (strlen($list['name']) <= 0) {
throw new waException('No name specified.');
}
$id = waRequest::post('id', 0, 'int');
$lm = new checklistsListModel();
if ($id) {
if ($this->getRights('list.' . $id) <= 1) {
throw new waRightsException('Access denied.');
}
$lm->updateById($id, $list);
} else {
if (!$this->getRights('add_list')) {
throw new waRightsException('Access denied.');
}
$lm->moveApart(0);
$id = $lm->insert($list);
// if user is not an admin then grant him full access on newly created list
$admin = wa()->getUser()->getRights('checklists', 'backend') > 1;
$rm = new waContactRightsModel();
if (!$admin) {
$rm->save(wa()->getUser()->getId(), 'checklists', 'list.' . $id, 2);
}
$this->log('list_create', 1);
}
$this->response = $id;
}
/**
* Sets access rights for a user.
* If a user has administrative access rights for the specified app, then an attempt to change his access rights
* configuration using this method is ignored.
*
* @param string $app_id Id of the app for which contact's access rights must be set
* @param string $name Access rights element id supported by specified app
* @param int $value Access rights value
* @return bool Whether access rights have been set successfully
*/
public function setRight($app_id, $name, $value)
{
if (!$this->isAdmin($app_id)) {
$right_model = new waContactRightsModel();
return $right_model->save($this->id, $app_id, $name, $value);
}
return true;
}
