/** * @param int $issue_id * @param int $project_id * @param string $new_replier * @return string * @access protected */ public function addAuthorizedReplier($issue_id, $project_id, $new_replier) { $usr_id = Auth::getUserID(); $replier_usr_id = User::getUserIDByEmail($new_replier); // if this is an actual user, not just an email address check permissions if (!empty($replier_usr_id)) { // check if the assignee is even allowed to be in the given project $projects = Project::getRemoteAssocListByUser($replier_usr_id); if (!in_array($project_id, array_keys($projects))) { throw new RemoteApiException("The given user is not permitted in the project associated with issue #{$issue_id}"); } } // check if user is already authorized if (Authorized_Replier::isAuthorizedReplier($issue_id, $new_replier)) { throw new RemoteApiException("The given user is already an authorized replier on issue #{$issue_id}"); } $res = Authorized_Replier::remoteAddAuthorizedReplier($issue_id, $usr_id, $new_replier); if ($res == -1) { throw new RemoteApiException("Could not add '{$new_replier}' as an authorized replier to issue #{$issue_id}"); } return 'OK'; }
/** * Checks whether the given email address is allowed to send emails in the * issue ID. * * @param integer $issue_id The issue ID * @param string $sender_email The email address * @return boolean */ public static function isAllowedToEmail($issue_id, $sender_email) { $prj_id = Issue::getProjectID($issue_id); // check the workflow $workflow_can_email = Workflow::canEmailIssue($prj_id, $issue_id, $sender_email); if ($workflow_can_email != null) { return $workflow_can_email; } $is_allowed = true; $sender_usr_id = User::getUserIDByEmail($sender_email, true); if (empty($sender_usr_id)) { if (CRM::hasCustomerIntegration($prj_id)) { // check for a customer contact with several email addresses $crm = CRM::getInstance($prj_id); try { $contract = $crm->getContract(Issue::getContractID($issue_id)); $contact_emails = array_keys($contract->getContactEmailAssocList()); $contact_emails = array_map(function ($s) { return strtolower($s); }, $contact_emails); } catch (CRMException $e) { $contact_emails = array(); } if (!in_array(strtolower($sender_email), $contact_emails) && !Authorized_Replier::isAuthorizedReplier($issue_id, $sender_email)) { $is_allowed = false; } } else { if (!Authorized_Replier::isAuthorizedReplier($issue_id, $sender_email)) { $is_allowed = false; } } } else { // check if this user is not a customer and // also not in the assignment list for the current issue and // also not in the authorized repliers list // also not the reporter $details = Issue::getDetails($issue_id); if ($sender_usr_id == $details['iss_usr_id']) { $is_allowed = true; } elseif (User::isPartner($sender_usr_id) && in_array(User::getPartnerID($sender_usr_id), Partner::getPartnerCodesByIssue($issue_id))) { $is_allowed = true; } elseif (!Issue::canAccess($issue_id, $sender_usr_id) && !Authorized_Replier::isAuthorizedReplier($issue_id, $sender_email)) { $is_allowed = false; } elseif (!Authorized_Replier::isAuthorizedReplier($issue_id, $sender_email) && !Issue::isAssignedToUser($issue_id, $sender_usr_id) && User::getRoleByUser($sender_usr_id, Issue::getProjectID($issue_id)) != User::getRoleID('Customer')) { $is_allowed = false; } } return $is_allowed; }
/** * Checks whether the given email address is allowed to send emails in the * issue ID. * * @access public * @param integer $issue_id The issue ID * @param string $sender_email The email address * @return boolean */ function isAllowedToEmail($issue_id, $sender_email) { $prj_id = Issue::getProjectID($issue_id); // check the workflow $workflow_can_email = Workflow::canEmailIssue($prj_id, $issue_id, $sender_email); if ($workflow_can_email != null) { return $workflow_can_email; } $is_allowed = true; $sender_usr_id = User::getUserIDByEmail($sender_email); if (empty($sender_usr_id)) { if (Customer::hasCustomerIntegration($prj_id)) { // check for a customer contact with several email addresses $customer_id = Issue::getCustomerID($issue_id); $contact_emails = array_keys(Customer::getContactEmailAssocList($prj_id, $customer_id, Issue::getContractID($issue_id))); $contact_emails = array_map('strtolower', $contact_emails); if (!in_array(strtolower($sender_email), $contact_emails) && !Authorized_Replier::isAuthorizedReplier($issue_id, $sender_email)) { $is_allowed = false; } } else { if (!Authorized_Replier::isAuthorizedReplier($issue_id, $sender_email)) { $is_allowed = false; } } } else { // check if this user is not a customer and // also not in the assignment list for the current issue and // also not in the authorized repliers list // also not the reporter $details = Issue::getDetails($issue_id); if (!Issue::canAccess($issue_id, $sender_usr_id)) { $is_allowed = false; } if ($sender_usr_id != $details['iss_usr_id'] && !Authorized_Replier::isUserAuthorizedReplier($issue_id, $sender_usr_id) && !Issue::isAssignedToUser($issue_id, $sender_usr_id) && User::getRoleByUser($sender_usr_id, Issue::getProjectID($issue_id)) != User::getRoleID('Customer')) { $is_allowed = false; } elseif (User::getRoleByUser($sender_usr_id, Issue::getProjectID($issue_id)) == User::getRoleID('Customer') && User::getCustomerID($sender_usr_id) != Issue::getCustomerID($issue_id)) { $is_allowed = false; } } return $is_allowed; }
function addAuthorizedReplier($p) { $email = XML_RPC_decode($p->getParam(0)); $password = XML_RPC_decode($p->getParam(1)); $auth = authenticate($email, $password); if (is_object($auth)) { return $auth; } $issue_id = XML_RPC_decode($p->getParam(2)); $project_id = XML_RPC_decode($p->getParam(3)); $new_replier = XML_RPC_decode($p->getParam(4)); $usr_id = User::getUserIDByEmail($email); $replier_usr_id = User::getUserIDByEmail($new_replier); // if this is an actual user, not just an email address check permissions if (!empty($replier_usr_id)) { // check if the assignee is even allowed to be in the given project $projects = Project::getRemoteAssocListByUser($replier_usr_id); if (!in_array($project_id, array_keys($projects))) { return new XML_RPC_Response(0, $XML_RPC_erruser + 1, "The given user is not permitted in the project associated with issue #{$issue_id}"); } } // check if user is already authorized if (Authorized_Replier::isAuthorizedReplier($issue_id, $new_replier)) { return new XML_RPC_Response(0, $XML_RPC_erruser + 1, "The given user is already an authorized replier on issue #{$issue_id}"); } $res = Authorized_Replier::remoteAddAuthorizedReplier($issue_id, $usr_id, $new_replier); if ($res == -1) { return new XML_RPC_Response(0, $XML_RPC_erruser + 1, "Could not add '{$new_replier}' as an authorized replier to issue #{$issue_id}"); } else { return new XML_RPC_Response(XML_RPC_Encode('OK')); } }
/** * Adds the specified email address to the list of authorized users. * * @access public * @param integer $issue_id The id of the issue. * @param string $email The email of the user. * @param boolean $add_history If this should be logged. */ function manualInsert($issue_id, $email, $add_history = true) { if (Authorized_Replier::isAuthorizedReplier($issue_id, $email)) { return -1; } else { $email = strtolower(Mail_API::getEmailAddress($email)); $workflow = Workflow::handleAuthorizedReplierAdded(Issue::getProjectID($issue_id), $issue_id, $email); if ($workflow === false) { // cancel subscribing the user return -1; } // first check if this is an actual user or just an email address $user_emails = User::getAssocEmailList(); $user_emails = array_map('strtolower', $user_emails); if (in_array($email, array_keys($user_emails))) { return Authorized_Replier::addUser($issue_id, $user_emails[$email], $add_history); } $stmt = "INSERT INTO\n " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "issue_user_replier\n (\n iur_iss_id,\n iur_usr_id,\n iur_email\n ) VALUES (\n " . Misc::escapeInteger($issue_id) . ",\n " . APP_SYSTEM_USER_ID . ",\n '" . Misc::escapeString($email) . "'\n )"; $res = $GLOBALS["db_api"]->dbh->query($stmt); if (PEAR::isError($res)) { Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__); return -1; } else { if ($add_history) { // add the change to the history of the issue $summary = $email . ' added to the authorized repliers list by ' . User::getFullName(Auth::getUserID()); History::add($issue_id, Auth::getUserID(), History::getTypeID('replier_other_added'), $summary); } } return 1; } }