/**
  * See if the current user can edit an event.
  *
  * @param int $eventId
  *   The event ID.
  *
  * @return bool
  *   Whether permission is granted.
  */
 public static function checkPerms($eventId)
 {
     // Admins or users with "edit all events" can edit all events.
     if (CRM_Core_Permission::check('edit all events') || CRM_Core_Permission::check('administer CiviCRM')) {
         return TRUE;
     }
     if (!$eventId) {
         return NULL;
     }
     $contactId = CRM_Core_Session::singleton()->get('userID');
     // Creators of events can edit their events.
     try {
         $result = civicrm_api3('Event', 'getcount', array('id' => $eventId, 'created_id' => $contactId));
         if (!empty($result)) {
             return TRUE;
         }
     } catch (CiviCRM_API3_Exception $e) {
         $error = $e->getMessage();
         CRM_Core_Error::debug_log_message(ts('API Error finding event owner: %1', array('domain' => 'com.aghstrategies.eventpermissions', 1 => $error)));
     }
     // Hosts of events can edit their events.
     try {
         // TODO: fix role_id depending upon site-specific naming.
         $result = civicrm_api3('Participant', 'getcount', array('contact_id' => $contactId, 'event_id' => $eventId, 'role_id' => "Host"));
         if (!empty($result)) {
             return TRUE;
         }
     } catch (CiviCRM_API3_Exception $e) {
         $error = $e->getMessage();
         CRM_Core_Error::debug_log_message(ts('API Error finding event owner: %1', array('domain' => 'com.aghstrategies.eventpermissions', 1 => $error)));
     }
     return FALSE;
 }
Ejemplo n.º 2
0
 /**
  * Get the permissioned where clause for the user
  *
  * @param int $type the type of permission needed
  * @param  array $tables (reference ) add the tables that are needed for the select clause
  * @param  array $whereTables (reference ) add the tables that are needed for the where clause
  * @param int    $contactID the contactID for whom the check is made
  * @param bool   $onlyDeleted  whether to include only deleted contacts
  * @param bool   $skipDeleteClause don't add delete clause if this is true, 
  *               this means it is handled by generating query
  *
  * @return string the group where clause for this user
  * @access public
  */
 public static function whereClause($type, &$tables, &$whereTables, $contactID = null, $onlyDeleted = false, $skipDeleteClause = false)
 {
     // first see if the contact has edit / view all contacts
     if (CRM_Core_Permission::check('edit all contacts') || $type == self::VIEW && CRM_Core_Permission::check('view all contacts')) {
         $deleteClause = ' ( 1 ) ';
         if (!$skipDeleteClause) {
             if (CRM_Core_Permission::check('access deleted contacts') and $onlyDeleted) {
                 $deleteClause = '(contact_a.is_deleted)';
             } else {
                 // CRM-6181
                 $deleteClause = '(contact_a.is_deleted = 0)';
             }
         }
         return $deleteClause;
     }
     if ($contactID == null) {
         $session = CRM_Core_Session::singleton();
         $contactID = $session->get('userID');
     }
     if (!$contactID) {
         $contactID = 0;
         // anonymous user
     }
     require_once 'CRM/ACL/BAO/ACL.php';
     return CRM_ACL_BAO_ACL::whereClause($type, $tables, $whereTables, $contactID);
 }
Ejemplo n.º 3
0
 public function preProcess()
 {
     $this->_contactID = CRM_Utils_Request::retrieve('cid', 'Positive', $this, FALSE);
     $this->_system = CRM_Utils_Request::retrieve('system', 'Boolean', $this, FALSE, TRUE);
     $this->_action = CRM_Utils_Request::retrieve('action', 'String', $this, FALSE, 'update');
     if (isset($action)) {
         $this->assign('action', $action);
     }
     $session = CRM_Core_Session::singleton();
     $this->_config = new CRM_Core_DAO();
     if ($this->_system) {
         if (CRM_Core_Permission::check('administer CiviCRM')) {
             $this->_contactID = NULL;
         } else {
             CRM_Utils_System::fatal('You do not have permission to edit preferences');
         }
         $this->_config->contact_id = NULL;
     } else {
         if (!$this->_contactID) {
             $this->_contactID = $session->get('userID');
             if (!$this->_contactID) {
                 CRM_Utils_System::fatal('Could not retrieve contact id');
             }
             $this->set('cid', $this->_contactID);
         }
         $this->_config->contact_id = $this->_contactID;
     }
     $settings = Civi::settings();
     foreach ($this->_varNames as $groupName => $settingNames) {
         foreach ($settingNames as $settingName => $options) {
             $this->_config->{$settingName} = $settings->get($settingName);
         }
     }
     $session->pushUserContext(CRM_Utils_System::url('civicrm/admin', 'reset=1'));
 }
Ejemplo n.º 4
0
 /**
  * Set variables up before form is built.
  */
 public function preProcess()
 {
     if (CRM_Mailing_Info::workflowEnabled()) {
         if (!CRM_Core_Permission::check('approve mailings') && !CRM_Core_Permission::check('access CiviMail')) {
             $this->redirectToListing();
         }
     } else {
         $this->redirectToListing();
     }
     // when user come from search context.
     $this->_searchBasedMailing = CRM_Contact_Form_Search::isSearchContext($this->get('context'));
     //retrieve mid from different wizard and url contexts
     $this->_mailingID = $this->get('mailing_id');
     $this->_approveFormOnly = FALSE;
     if (!$this->_mailingID) {
         $this->_mailingID = CRM_Utils_Request::retrieve('mid', 'Integer', $this, TRUE);
         $this->_approveFormOnly = TRUE;
     }
     $session = CRM_Core_Session::singleton();
     $this->_contactID = $session->get('userID');
     $this->_mailing = new CRM_Mailing_BAO_Mailing();
     $this->_mailing->id = $this->_mailingID;
     if (!$this->_mailing->find(TRUE)) {
         $this->redirectToListing();
     }
 }
Ejemplo n.º 5
0
 function preProcess()
 {
     $this->_mailingID = $this->get('mailing_id');
     if (CRM_Core_Permission::check('administer CiviCRM')) {
         $this->assign('isAdmin', 1);
     }
 }
Ejemplo n.º 6
0
 /**
  * Run dashboard
  *
  * @return void
  * @access public
  */
 function run()
 {
     CRM_Utils_System::setTitle(ts('Dashlets'));
     $this->assign('admin', CRM_Core_Permission::check('administer CiviCRM'));
     // get all dashlets
     $allDashlets = CRM_Core_BAO_Dashboard::getDashlets(FALSE);
     // get dashlets for logged in contact
     $currentDashlets = CRM_Core_BAO_Dashboard::getContactDashlets();
     $contactDashlets = $availableDashlets = array();
     foreach ($currentDashlets as $columnNo => $values) {
         foreach ($values as $val => $isMinimized) {
             list($weight, $dashletID) = explode('-', $val);
             $key = "{$dashletID}-{$isMinimized}";
             $contactDashlets[$columnNo][$key] = array('label' => $allDashlets[$dashletID]['label'], 'is_reserved' => $allDashlets[$dashletID]['is_reserved']);
             unset($allDashlets[$dashletID]);
         }
     }
     foreach ($allDashlets as $dashletID => $values) {
         $key = "{$dashletID}-0";
         $availableDashlets[$key] = array('label' => $values['label'], 'is_reserved' => $values['is_reserved']);
     }
     $this->assign('contactDashlets', $contactDashlets);
     $this->assign('availableDashlets', $availableDashlets);
     return parent::run();
 }
Ejemplo n.º 7
0
 /** 
  * Function to set variables up before form is built 
  *                                                           
  * @return void 
  * @access public
  */
 public function preProcess()
 {
     $this->_contactID = CRM_Utils_Request::retrieve('cid', 'Positive', $this);
     $this->_id = CRM_Utils_Request::retrieve('id', 'Positive', $this);
     $this->_context = CRM_Utils_Request::retrieve('context', 'String', $this);
     $this->assign('action', $this->_action);
     $this->assign('context', $this->_context);
     //check permission for action.
     if (!CRM_Core_Permission::checkActionPermission('CiviGrant', $this->_action)) {
         CRM_Core_Error::fatal(ts('You do not have permission to access this page'));
     }
     if ($this->_action & CRM_Core_Action::DELETE) {
         return;
     }
     $this->_noteId = null;
     if ($this->_id) {
         require_once 'CRM/Core/BAO/Note.php';
         $noteDAO = new CRM_Core_BAO_Note();
         $noteDAO->entity_table = 'civicrm_grant';
         $noteDAO->entity_id = $this->_id;
         if ($noteDAO->find(true)) {
             $this->_noteId = $noteDAO->id;
         }
     }
     //build custom data
     CRM_Custom_Form_Customdata::preProcess($this, null, null, 1, 'Grant', $this->_id);
 }
Ejemplo n.º 8
0
 /**
  * Lets do permission checking here
  * First check for valid mailing, if false return fatal
  * Second check for visibility
  * Call a hook to see if hook wants to override visibility setting
  */
 function checkPermission()
 {
     if (!$this->_mailing) {
         return false;
     }
     // check for visibility, if visibility is user pages
     // return true
     if ($this->_mailing->visibility == 'Public Pages') {
         return true;
     }
     // if user is an admin, return true
     require_once 'CRM/Core/Permission.php';
     if (CRM_Core_Permission::check('administer CiviCRM') || CRM_Core_Permission::check('access CiviMail')) {
         return true;
     }
     // if anon user return false
     if (empty($this->_contactID)) {
         return false;
     }
     // if user has recd this mailing return true, else return false
     // check in mailing event table for this contact
     $sql = "\nSELECT     id\nFROM       civicrm_mailing_event_queue q\nINNER JOIN civicrm_mailing_job j ON q.job_id = j.id\nWHERE      j.mailing_id = %1\nAND        q.contact_id = %2\n";
     $params = array(1 => array($this->_mailingID, 'Integer'), 2 => array($this->_contactID, 'Integer'));
     return CRM_Core_DAO::singleValueQuery($sql, $params) ? true : false;
 }
Ejemplo n.º 9
0
 /**
  * Browse all options.
  */
 public function browse()
 {
     $permission = FALSE;
     $this->assign('editClass', FALSE);
     if (CRM_Core_Permission::check('access CiviCRM')) {
         $this->assign('editClass', TRUE);
         $permission = TRUE;
     }
     $daoResult = new CRM_Core_DAO_Persistent();
     $daoResult->find();
     $schoolValues = array();
     while ($daoResult->fetch()) {
         $values[$daoResult->id] = array();
         CRM_Core_DAO::storeValues($daoResult, $values[$daoResult->id]);
         if ($daoResult->is_config == 1) {
             $values[$daoResult->id]['action'] = CRM_Core_Action::formLink(self::customizeActionLinks(), NULL, array('id' => $daoResult->id), ts('more'), FALSE, 'persistent.config.actions', 'Persistent', $daoResult->id);
             $values[$daoResult->id]['data'] = implode(',', unserialize($daoResult->data));
             $configCustomization[$daoResult->id] = $values[$daoResult->id];
         }
         if ($daoResult->is_config == 0) {
             $values[$daoResult->id]['action'] = CRM_Core_Action::formLink(self::stringActionLinks(), NULL, array('id' => $daoResult->id), ts('more'), FALSE, 'persistent.row.actions', 'Persistent', $daoResult->id);
             $configStrings[$daoResult->id] = $values[$daoResult->id];
         }
     }
     $rows = array('configTemplates' => $configStrings, 'customizeTemplates' => $configCustomization);
     $this->assign('rows', $rows);
 }
Ejemplo n.º 10
0
 public function creatNewShortcut(&$shortCuts)
 {
     require_once 'CRM/Core/Permission.php';
     if (CRM_Core_Permission::check('manage campaign') || CRM_Core_Permission::check('administer CiviCampaign')) {
         $shortCuts = array_merge($shortCuts, array(array('path' => 'civicrm/campaign/add', 'query' => "reset=1&action=add", 'ref' => 'new-campaign', 'title' => ts('Campaign')), array('path' => 'civicrm/survey/add', 'query' => "reset=1&action=add", 'ref' => 'new-survey', 'title' => ts('Survey'))));
     }
 }
Ejemplo n.º 11
0
 /**
  * Set variables up before form is built.
  *
  * @return void
  */
 public function preProcess()
 {
     $this->_addProfileBottom = CRM_Utils_Array::value('addProfileBottom', $_GET, FALSE);
     $this->_profileBottomNum = CRM_Utils_Array::value('addProfileNum', $_GET, 0);
     $this->_addProfileBottomAdd = CRM_Utils_Array::value('addProfileBottomAdd', $_GET, FALSE);
     $this->_profileBottomNumAdd = CRM_Utils_Array::value('addProfileNumAdd', $_GET, 0);
     parent::preProcess();
     $this->assign('addProfileBottom', $this->_addProfileBottom);
     $this->assign('profileBottomNum', $this->_profileBottomNum);
     $urlParams = "id={$this->_id}&addProfileBottom=1&qfKey={$this->controller->_key}";
     $this->assign('addProfileParams', $urlParams);
     if ($addProfileBottom = CRM_Utils_Array::value('custom_post_id_multiple', $_POST)) {
         foreach (array_keys($addProfileBottom) as $profileNum) {
             self::buildMultipleProfileBottom($this, $profileNum);
         }
     }
     $this->assign('perm', 0);
     $ufGroups = CRM_Core_PseudoConstant::get('CRM_Core_DAO_UFField', 'uf_group_id');
     $ufCreate = CRM_ACL_API::group(CRM_Core_Permission::CREATE, NULL, 'civicrm_uf_group', $ufGroups);
     $ufEdit = CRM_ACL_API::group(CRM_Core_Permission::EDIT, NULL, 'civicrm_uf_group', $ufGroups);
     $checkPermission = array(array('administer CiviCRM', 'manage event profiles'));
     if (CRM_Core_Permission::check($checkPermission) || !empty($ufCreate) || !empty($ufEdit)) {
         $this->assign('perm', 1);
     }
     $this->assign('addProfileBottomAdd', $this->_addProfileBottomAdd);
     $this->assign('profileBottomNumAdd', $this->_profileBottomNumAdd);
     $urlParamsAdd = "id={$this->_id}&addProfileBottomAdd=1&qfKey={$this->controller->_key}";
     $this->assign('addProfileParamsAdd', $urlParamsAdd);
     if ($addProfileBottomAdd = CRM_Utils_Array::value('additional_custom_post_id_multiple', $_POST)) {
         foreach (array_keys($addProfileBottomAdd) as $profileNum) {
             self::buildMultipleProfileBottom($this, $profileNum, 'additional_', ts('Profile for Additional Participants'));
         }
     }
 }
Ejemplo n.º 12
0
 /**
  * Function to build the form
  *
  * @return None
  * @access public
  */
 public function buildQuickForm()
 {
     parent::buildQuickForm();
     if ($this->_action & CRM_Core_Action::DELETE) {
         return;
     }
     if (isset($this->_id)) {
         $params = array('id' => $this->_id);
         CRM_Core_BAO_Navigation::retrieve($params, $this->_defaults);
     }
     $this->applyFilter('__ALL__', 'trim');
     $this->add('text', 'label', ts('Title'), CRM_Core_DAO::getAttribute('CRM_Core_DAO_Navigation', 'label'), true);
     $this->add('text', 'url', ts('Url'), CRM_Core_DAO::getAttribute('CRM_Core_DAO_Navigation', 'url'));
     require_once 'CRM/Core/Permission.php';
     $permissions = CRM_Core_Permission::basicPermissions(true);
     $include =& $this->addElement('advmultiselect', 'permission', ts('Permission') . ' ', $permissions, array('size' => 5, 'style' => 'width:150px', 'class' => 'advmultiselect'));
     $include->setButtonAttributes('add', array('value' => ts('Add >>')));
     $include->setButtonAttributes('remove', array('value' => ts('<< Remove')));
     $operators = array('AND' => 'AND', 'OR' => 'OR');
     $this->add('select', 'permission_operator', ts('Operator'), $operators);
     $this->add('checkbox', 'has_separator', ts('Separator?'));
     $active = $this->add('checkbox', 'is_active', ts('Enabled?'));
     if ($this->_defaults['name'] == 'Home') {
         $active->freeze();
     } else {
         $parentMenu = CRM_Core_BAO_Navigation::getNavigationList();
         if (isset($this->_id)) {
             unset($parentMenu[$this->_id]);
         }
         // also unset home.
         $homeMenuId = CRM_Core_DAO::getFieldValue('CRM_Core_DAO_Navigation', 'Home', 'id', 'name');
         unset($parentMenu[$homeMenuId]);
         $parent = $this->add('select', 'parent_id', ts('Parent'), array('' => ts('-- select --')) + $parentMenu);
     }
 }
Ejemplo n.º 13
0
 function preProcess()
 {
     $this->_contactID = CRM_Utils_Request::retrieve('cid', 'Positive', $this, false);
     $this->_system = CRM_Utils_Request::retrieve('system', 'Boolean', $this, false, true);
     $this->_action = CRM_Utils_Request::retrieve('action', 'String', $this, false, 'update');
     if (isset($action)) {
         $this->assign('action', $action);
     }
     $session = CRM_Core_Session::singleton();
     require_once 'CRM/Core/DAO/Preferences.php';
     $this->_config = new CRM_Core_DAO_Preferences();
     $this->_config->domain_id = CRM_Core_Config::domainID();
     if ($this->_system) {
         if (CRM_Core_Permission::check('administer CiviCRM')) {
             $this->_contactID = null;
         } else {
             CRM_Utils_System::fatal('You do not have permission to edit preferences');
         }
         $this->_config->is_domain = 1;
         $this->_config->contact_id = null;
     } else {
         if (!$this->_contactID) {
             $this->_contactID = $session->get('userID');
             if (!$this->_contactID) {
                 CRM_Utils_System::fatal('Could not retrieve contact id');
             }
             $this->set('cid', $this->_contactID);
         }
         $this->_config->is_domain = 0;
         $this->_config->contact_id = $this->_contactID;
     }
     $this->_config->find(true);
     $session->pushUserContext(CRM_Utils_System::url('civicrm/admin/setting', 'reset=1'));
 }
Ejemplo n.º 14
0
 /**
  * Pre processing work done here.
  *
  * gets session variables for group or field id
  *
  * @param
  *
  * @return void
  */
 public function preProcess()
 {
     if ($_SERVER['REQUEST_METHOD'] != 'POST') {
         // CRM_Core_Controller validates qfKey for POST requests, but not necessarily
         // for GET requests. Allowing GET would therefore be CSRF vulnerability.
         CRM_Core_Error::fatal(ts('Preview only supports HTTP POST'));
     }
     // Inline forms don't get menu-level permission checks
     $checkPermission = array(array('administer CiviCRM', 'manage event profiles'));
     if (!CRM_Core_Permission::check($checkPermission)) {
         CRM_Core_Error::fatal(ts('Permission Denied'));
     }
     $content = json_decode($_REQUEST['ufData'], TRUE);
     foreach (array('ufGroup', 'ufFieldCollection') as $key) {
         if (!is_array($content[$key])) {
             CRM_Core_Error::fatal("Missing JSON parameter, {$key}");
         }
     }
     //echo '<pre>'.htmlentities(var_export($content, TRUE)) .'</pre>';
     //CRM_Utils_System::civiExit();
     $fields = CRM_Core_BAO_UFGroup::formatUFFields($content['ufGroup'], $content['ufFieldCollection']);
     //$fields = CRM_Core_BAO_UFGroup::getFields(1);
     $this->setProfile($fields);
     //echo '<pre>'.htmlentities(var_export($fields, TRUE)) .'</pre>';CRM_Utils_System::civiExit();
 }
Ejemplo n.º 15
0
 /**
  * Heart of the viewing process. The runner gets all the meta data for
  * the contact and calls the appropriate type of page to view.
  *
  * @return void
  * @access public
  *
  */
 function preProcess()
 {
     $admin = CRM_Core_Permission::check('administer CiviCRM');
     $grantSummary = CRM_Grant_BAO_Grant::getGrantSummary($admin);
     $this->assign('grantAdmin', $admin);
     $this->assign('grantSummary', $grantSummary);
 }
Ejemplo n.º 16
0
 /**
  * Execute "checkAll".
  *
  * @param array|NULL $messages
  *   List of CRM_Utils_Check_Message; or NULL if the default list should be fetched.
  * @param array|string|callable $filter
  *   Restrict messages using a callback filter.
  *   By default, only show warnings and errors.
  *   Set TRUE to show all messages.
  */
 public function showPeriodicAlerts($messages = NULL, $filter = array(__CLASS__, 'severityMap'))
 {
     if (CRM_Core_Permission::check('administer CiviCRM') && CRM_Core_BAO_Setting::getItem(CRM_Core_BAO_Setting::SYSTEM_PREFERENCES_NAME, 'securityAlert', NULL, TRUE)) {
         $session = CRM_Core_Session::singleton();
         if ($session->timer('check_' . __CLASS__, self::CHECK_TIMER)) {
             // Best attempt at re-securing folders
             $config = CRM_Core_Config::singleton();
             $config->cleanup(0, FALSE);
             if ($messages === NULL) {
                 $messages = $this->checkAll();
             }
             $statusMessages = array();
             $statusType = 'alert';
             foreach ($messages as $message) {
                 if ($filter === TRUE || $message->getSeverity() >= 3) {
                     $statusType = $message->getSeverity() >= 4 ? 'error' : $statusType;
                     $statusMessage = $message->getMessage();
                     $statusMessages[] = $statusTitle = $message->getTitle();
                 }
             }
             if (count($statusMessages)) {
                 if (count($statusMessages) > 1) {
                     $statusTitle = ts('Multiple Alerts');
                     $statusMessage = '<ul><li>' . implode('</li><li>', $statusMessages) . '</li></ul>';
                 }
                 // TODO: add link to status page
                 CRM_Core_Session::setStatus($statusMessage, $statusTitle, $statusType);
             }
         }
     }
 }
Ejemplo n.º 17
0
 /**
  * Get AngularJS modules and their dependencies
  *
  * @return array
  *   list of modules; same format as CRM_Utils_Hook::angularModules(&$angularModules)
  * @see CRM_Utils_Hook::angularModules
  */
 public function getAngularModules()
 {
     // load angular files only if valid permissions are granted to the user
     if (!CRM_Core_Permission::check('access CiviMail') && !CRM_Core_Permission::check('create mailings') && !CRM_Core_Permission::check('schedule mailings') && !CRM_Core_Permission::check('approve mailings')) {
         return array();
     }
     $result = array();
     $result['crmMailing'] = array('ext' => 'civicrm', 'js' => array('ang/crmMailing.js', 'ang/crmMailing/*.js'), 'css' => array('ang/crmMailing.css'), 'partials' => array('ang/crmMailing'));
     $result['crmMailingAB'] = array('ext' => 'civicrm', 'js' => array('ang/crmMailingAB.js', 'ang/crmMailingAB/*.js', 'ang/crmMailingAB/*/*.js'), 'css' => array('ang/crmMailingAB.css'), 'partials' => array('ang/crmMailingAB'));
     $result['crmD3'] = array('ext' => 'civicrm', 'js' => array('ang/crmD3.js', 'bower_components/d3/d3.min.js'));
     $config = CRM_Core_Config::singleton();
     $session = CRM_Core_Session::singleton();
     $contactID = $session->get('userID');
     // Get past mailings
     // CRM-16155 - Limit to a reasonable number
     $civiMails = civicrm_api3('Mailing', 'get', array('is_completed' => 1, 'mailing_type' => array('IN' => array('standalone', 'winner')), 'return' => array('id', 'name', 'scheduled_date'), 'sequential' => 1, 'options' => array('limit' => 500, 'sort' => 'is_archived asc, scheduled_date desc')));
     // Generic params
     $params = array('options' => array('limit' => 0), 'sequential' => 1);
     $groupNames = civicrm_api3('Group', 'get', $params + array('is_active' => 1, 'check_permissions' => TRUE, 'return' => array('title', 'visibility', 'group_type', 'is_hidden')));
     $headerfooterList = civicrm_api3('MailingComponent', 'get', $params + array('is_active' => 1, 'return' => array('name', 'component_type', 'is_default', 'body_html', 'body_text')));
     $emailAdd = civicrm_api3('Email', 'get', array('sequential' => 1, 'return' => "email", 'contact_id' => $contactID));
     $mesTemplate = civicrm_api3('MessageTemplate', 'get', $params + array('sequential' => 1, 'is_active' => 1, 'return' => array("id", "msg_title"), 'workflow_id' => array('IS NULL' => "")));
     $mailTokens = civicrm_api3('Mailing', 'gettokens', array('entity' => array('contact', 'mailing'), 'sequential' => 1));
     $fromAddress = civicrm_api3('OptionValue', 'get', $params + array('option_group_id' => "from_email_address", 'domain_id' => CRM_Core_Config::domainID()));
     CRM_Core_Resources::singleton()->addSetting(array('crmMailing' => array('civiMails' => $civiMails['values'], 'campaignEnabled' => in_array('CiviCampaign', $config->enableComponents), 'groupNames' => $groupNames['values'], 'headerfooterList' => $headerfooterList['values'], 'mesTemplate' => $mesTemplate['values'], 'emailAdd' => $emailAdd['values'], 'mailTokens' => $mailTokens['values'], 'contactid' => $contactID, 'requiredTokens' => CRM_Utils_Token::getRequiredTokens(), 'enableReplyTo' => (int) CRM_Core_BAO_Setting::getItem(CRM_Core_BAO_Setting::MAILING_PREFERENCES_NAME, 'replyTo'), 'disableMandatoryTokensCheck' => (int) CRM_Core_BAO_Setting::getItem(CRM_Core_BAO_Setting::MAILING_PREFERENCES_NAME, 'disable_mandatory_tokens_check'), 'fromAddress' => $fromAddress['values'], 'defaultTestEmail' => civicrm_api3('Contact', 'getvalue', array('id' => 'user_contact_id', 'return' => 'email')), 'visibility' => CRM_Utils_Array::makeNonAssociative(CRM_Core_SelectValues::groupVisibility()), 'workflowEnabled' => CRM_Mailing_Info::workflowEnabled())))->addPermissions(array('view all contacts', 'access CiviMail', 'create mailings', 'schedule mailings', 'approve mailings', 'delete in CiviMail', 'edit message templates'));
     return $result;
 }
Ejemplo n.º 18
0
 /**
  * This function is the main function that is called when the page loads, it decides the which action has to be taken for the page.
  *
  * return null
  * @access public
  */
 function run()
 {
     $this->_action = CRM_Utils_Request::retrieve('action', 'String', $this, FALSE, 'browse');
     $this->_context = CRM_Utils_Request::retrieve('context', 'String', $this);
     $this->assign('action', $this->_action);
     $this->assign('context', $this->_context);
     $this->_contactId = CRM_Utils_Request::retrieve('cid', 'Positive', $this);
     CRM_Pledge_Page_Tab::setContext($this);
     if ($this->_action & CRM_Core_Action::UPDATE) {
         $this->edit();
     } else {
         $pledgeId = CRM_Utils_Request::retrieve('pledgeId', 'Positive', $this);
         $paymentDetails = CRM_Pledge_BAO_PledgePayment::getPledgePayments($pledgeId);
         $this->assign('rows', $paymentDetails);
         $this->assign('pledgeId', $pledgeId);
         $this->assign('contactId', $this->_contactId);
         // check if we can process credit card contribs
         $this->assign('newCredit', CRM_Core_Config::isEnabledBackOfficeCreditCardPayments());
         // check is the user has view/edit signer permission
         $permission = 'view';
         if (CRM_Core_Permission::check('edit pledges')) {
             $permission = 'edit';
         }
         $this->assign('permission', $permission);
     }
     return parent::run();
 }
Ejemplo n.º 19
0
 /**
  * Get tab  Links for events.
  *
  * @param $enableCart
  *
  * @return array
  *   (reference) of tab links
  */
 public static function &tabs($enableCart)
 {
     $cacheKey = $enableCart ? 1 : 0;
     if (!self::$_tabLinks) {
         self::$_tabLinks = array();
     }
     if (!isset(self::$_tabLinks[$cacheKey])) {
         self::$_tabLinks[$cacheKey]['settings'] = array('title' => ts('Info and Settings'), 'url' => 'civicrm/event/manage/settings', 'field' => 'id');
         self::$_tabLinks[$cacheKey]['location'] = array('title' => ts('Location'), 'url' => 'civicrm/event/manage/location', 'field' => 'loc_block_id');
         self::$_tabLinks[$cacheKey]['fee'] = array('title' => ts('Fees'), 'url' => 'civicrm/event/manage/fee', 'field' => 'is_monetary');
         self::$_tabLinks[$cacheKey]['registration'] = array('title' => ts('Online Registration'), 'url' => 'civicrm/event/manage/registration', 'field' => 'is_online_registration');
         if (CRM_Core_Permission::check('administer CiviCRM') || CRM_Event_BAO_Event::checkPermission(NULL, CRM_Core_Permission::EDIT)) {
             self::$_tabLinks[$cacheKey]['reminder'] = array('title' => ts('Schedule Reminders'), 'url' => 'civicrm/event/manage/reminder', 'field' => 'reminder');
         }
         self::$_tabLinks[$cacheKey]['conference'] = array('title' => ts('Conference Slots'), 'url' => 'civicrm/event/manage/conference', 'field' => 'slot_label_id');
         self::$_tabLinks[$cacheKey]['friend'] = array('title' => ts('Tell a Friend'), 'url' => 'civicrm/event/manage/friend', 'field' => 'friend');
         self::$_tabLinks[$cacheKey]['pcp'] = array('title' => ts('Personal Campaign Pages'), 'url' => 'civicrm/event/manage/pcp', 'field' => 'is_pcp_enabled');
         self::$_tabLinks[$cacheKey]['repeat'] = array('title' => ts('Repeat'), 'url' => 'civicrm/event/manage/repeat', 'field' => 'is_repeating_event');
     }
     if (!$enableCart) {
         unset(self::$_tabLinks[$cacheKey]['conference']);
     }
     CRM_Utils_Hook::tabset('civicrm/event/manage', self::$_tabLinks[$cacheKey], array());
     return self::$_tabLinks[$cacheKey];
 }
Ejemplo n.º 20
0
 /**
  * run this page (figure out the action needed and perform it).
  *
  * @return void
  */
 function run()
 {
     $instanceId = CRM_Report_Utils_Report::getInstanceID();
     $action = CRM_Utils_Request::retrieve('action', 'String', $this);
     $optionVal = CRM_Report_Utils_Report::getValueFromUrl($instanceId);
     $reportUrl = CRM_Utils_System::url('civicrm/report/list', "reset=1");
     if ($action & CRM_Core_Action::DELETE) {
         if (!CRM_Core_Permission::check('administer Reports')) {
             $statusMessage = ts('Your do not have permission to Delete Report.');
             CRM_Core_Error::statusBounce($statusMessage, $reportUrl);
         }
         CRM_Report_BAO_Instance::delete($instanceId);
         CRM_Core_Session::setStatus(ts('Selected Instance has been deleted.'));
     } else {
         require_once 'CRM/Core/OptionGroup.php';
         $templateInfo = CRM_Core_OptionGroup::getRowValues('report_template', "{$optionVal}", 'value');
         if (strstr($templateInfo['name'], '_Form')) {
             $instanceInfo = array();
             CRM_Report_BAO_Instance::retrieve(array('id' => $instanceId), $instanceInfo);
             if (!empty($instanceInfo['title'])) {
                 CRM_Utils_System::setTitle($instanceInfo['title']);
                 $this->assign('reportTitle', $instanceInfo['title']);
             } else {
                 CRM_Utils_System::setTitle($templateInfo['label']);
                 $this->assign('reportTitle', $templateInfo['label']);
             }
             $wrapper =& new CRM_Utils_Wrapper();
             return $wrapper->run($templateInfo['name'], null, null);
         }
         CRM_Core_Session::setStatus(ts('Could not find template for the instance.'));
     }
     return CRM_Utils_System::redirect($reportUrl);
 }
Ejemplo n.º 21
0
 /**
  * Given a note id, decide if the note should be displayed based on privacy setting
  *
  * @param object $note
  *   Either the id of the note to retrieve, or the CRM_Core_DAO_Note object itself.
  *
  * @return bool
  *   TRUE if the note should be displayed, otherwise FALSE
  *
  */
 public static function getNotePrivacyHidden($note)
 {
     if (CRM_Core_Permission::check('view all notes')) {
         return FALSE;
     }
     $noteValues = array();
     if (is_object($note) && get_class($note) == 'CRM_Core_DAO_Note') {
         CRM_Core_DAO::storeValues($note, $noteValues);
     } else {
         $noteDAO = new CRM_Core_DAO_Note();
         $noteDAO->id = $note;
         $noteDAO->find();
         if ($noteDAO->fetch()) {
             CRM_Core_DAO::storeValues($noteDAO, $noteValues);
         }
     }
     CRM_Utils_Hook::notePrivacy($noteValues);
     if (!$noteValues['privacy']) {
         return FALSE;
     } elseif (isset($noteValues['notePrivacy_hidden'])) {
         // If the hook has set visibility, use that setting.
         return $noteValues['notePrivacy_hidden'];
     } else {
         // Default behavior (if hook has not set visibility)
         // is to hide privacy notes unless the note creator is the current user.
         if ($noteValues['privacy']) {
             $session = CRM_Core_Session::singleton();
             $userID = $session->get('userID');
             return $noteValues['contact_id'] != $userID;
         } else {
             return FALSE;
         }
     }
 }
/**
 * Output navigation script tag
 *
 * @param array $params
 *   - is_default: bool, true if this is normal/default instance of the menu (which may be subject to CIVICRM_DISABLE_DEFAULT_MENU)
 * @param CRM_Core_Smarty $smarty
 *   The Smarty object.
 *
 * @return string
 *   HTML
 */
function smarty_function_crmNavigationMenu($params, &$smarty)
{
    $config = CRM_Core_Config::singleton();
    //check if logged in user has access CiviCRM permission and build menu
    $buildNavigation = !CRM_Core_Config::isUpgradeMode() && CRM_Core_Permission::check('access CiviCRM');
    if (defined('CIVICRM_DISABLE_DEFAULT_MENU') && CRM_Utils_Array::value('is_default', $params, FALSE)) {
        $buildNavigation = FALSE;
    }
    if ($config->userFrameworkFrontend) {
        $buildNavigation = FALSE;
    }
    if ($buildNavigation) {
        $session = CRM_Core_Session::singleton();
        $contactID = $session->get('userID');
        if ($contactID) {
            // These params force the browser to refresh the js file when switching user, domain, or language
            // We don't put them as a query string because some browsers will refuse to cache a page with a ? in the url
            // @see CRM_Admin_Page_AJAX::getNavigationMenu
            $lang = $config->lcMessages;
            $domain = CRM_Core_Config::domainID();
            $key = CRM_Core_BAO_Navigation::getCacheKey($contactID);
            $src = CRM_Utils_System::url("civicrm/ajax/menujs/{$contactID}/{$lang}/{$domain}/{$key}");
            // CRM-15493 QFkey needed for quicksearch bar - must be unique on each page refresh so adding it directly to markup
            $qfKey = CRM_Core_Key::get('CRM_Contact_Controller_Search', TRUE);
            return '<script id="civicrm-navigation-menu" type="text/javascript" src="' . $src . '" data-qfkey=' . json_encode($qfKey) . '></script>';
        }
    }
    return '';
}
Ejemplo n.º 23
0
 /**
  * run this page (figure out the action needed and perform it).
  *
  * @return void
  */
 function run()
 {
     if (!CRM_Core_Permission::check('administer Reports')) {
         return CRM_Utils_System::redirect(CRM_Utils_System::url('civicrm/report/list', 'reset=1'));
     }
     $optionVal = CRM_Report_Utils_Report::getValueFromUrl();
     $templateInfo = CRM_Core_OptionGroup::getRowValues('report_template', "{$optionVal}", 'value', 'String', FALSE);
     $extKey = strpos(CRM_Utils_Array::value('name', $templateInfo), '.');
     $reportClass = NULL;
     if ($extKey !== FALSE) {
         $ext = CRM_Extension_System::singleton()->getMapper();
         $reportClass = $ext->keyToClass($templateInfo['name'], 'report');
         $templateInfo['name'] = $reportClass;
     }
     if (strstr(CRM_Utils_Array::value('name', $templateInfo), '_Form') || !is_null($reportClass)) {
         CRM_Utils_System::setTitle($templateInfo['label'] . ' - Template');
         $this->assign('reportTitle', $templateInfo['label']);
         $session = CRM_Core_Session::singleton();
         $session->set('reportDescription', $templateInfo['description']);
         $wrapper = new CRM_Utils_Wrapper();
         return $wrapper->run($templateInfo['name'], NULL, NULL);
     }
     if ($optionVal) {
         CRM_Core_Session::setStatus(ts('Could not find the report template. Make sure the report template is registered and / or url is correct.'), ts('Template Not Found'), 'error');
     }
     return CRM_Utils_System::redirect(CRM_Utils_System::url('civicrm/report/list', 'reset=1'));
 }
Ejemplo n.º 24
0
 /**
  * @param \Civi\API\Event\AuthorizeEvent $event
  *   API authorization event.
  *
  * @throws \Civi\API\Exception\UnauthorizedException
  */
 public function onApiAuthorize(\Civi\API\Event\AuthorizeEvent $event)
 {
     $apiRequest = $event->getApiRequest();
     if ($apiRequest['version'] < 4) {
         // return early unless we’re told explicitly to do the permission check
         if (empty($apiRequest['params']['check_permissions']) or $apiRequest['params']['check_permissions'] == FALSE) {
             $event->authorize();
             $event->stopPropagation();
             return;
         }
         require_once 'CRM/Core/DAO/permissions.php';
         $permissions = _civicrm_api3_permissions($apiRequest['entity'], $apiRequest['action'], $apiRequest['params']);
         // $params might’ve been reset by the alterAPIPermissions() hook
         if (isset($apiRequest['params']['check_permissions']) and $apiRequest['params']['check_permissions'] == FALSE) {
             $event->authorize();
             $event->stopPropagation();
             return;
         }
         if (!\CRM_Core_Permission::check($permissions) and !self::checkACLPermission($apiRequest)) {
             if (is_array($permissions)) {
                 foreach ($permissions as &$permission) {
                     if (is_array($permission)) {
                         $permission = '( ' . implode(' or ', $permission) . ' )';
                     }
                 }
                 $permissions = implode(' and ', $permissions);
             }
             // FIXME: Generating the exception ourselves allows for detailed error
             // but doesn't play well with multiple authz subscribers.
             throw new \Civi\API\Exception\UnauthorizedException("API permission check failed for {$apiRequest['entity']}/{$apiRequest['action']} call; insufficient permission: require {$permissions}");
         }
         $event->authorize();
         $event->stopPropagation();
     }
 }
Ejemplo n.º 25
0
 /**
  * List activities as dashlet
  *
  * @return none
  *
  * @access public
  */
 function run()
 {
     $session = CRM_Core_Session::singleton();
     $contactID = $session->get('userID');
     // a user can always view their own activity
     // if they have access CiviCRM permission
     $permission = CRM_Core_Permission::VIEW;
     // make the permission edit if the user has edit permission on the contact
     require_once 'CRM/Contact/BAO/Contact/Permission.php';
     if (CRM_Contact_BAO_Contact_Permission::allow($contactID, CRM_Core_Permission::EDIT)) {
         $permission = CRM_Core_Permission::EDIT;
     }
     $admin = CRM_Core_Permission::check('view all activities') || CRM_Core_Permission::check('administer CiviCRM');
     require_once 'CRM/Core/Selector/Controller.php';
     $output = CRM_Core_Selector_Controller::SESSION;
     require_once 'CRM/Activity/Selector/Activity.php';
     $selector = new CRM_Activity_Selector_Activity($contactID, $permission, $admin, 'home');
     $sortID = null;
     if ($this->get(CRM_Utils_Sort::SORT_ID)) {
         $sortID = CRM_Utils_Sort::sortIDValue($this->get(CRM_Utils_Sort::SORT_ID), $this->get(CRM_Utils_Sort::SORT_DIRECTION));
     }
     $controller = new CRM_Core_Selector_Controller($selector, $this->get(CRM_Utils_Pager::PAGE_ID), $sortID, CRM_Core_Action::VIEW, $this, $output);
     $controller->setEmbedded(true);
     $controller->run();
     $controller->moveFromSessionToTemplate();
     return parent::run();
 }
Ejemplo n.º 26
0
 /**
  * This function is the main function that is called when the page loads, it decides the which action has to be taken for the page.
  *
  * return null
  * @access public
  */
 function run()
 {
     $this->_action = CRM_Utils_Request::retrieve('action', 'String', $this, FALSE, 'browse');
     $this->_context = CRM_Utils_Request::retrieve('context', 'String', $this);
     $this->assign('action', $this->_action);
     $this->assign('context', $this->_context);
     $this->_contactId = CRM_Utils_Request::retrieve('cid', 'Positive', $this);
     CRM_Pledge_Page_Tab::setContext();
     if ($this->_action & CRM_Core_Action::UPDATE) {
         $this->edit();
         // set page title
         CRM_Contact_Page_View::setTitle($this->_contactId);
     } else {
         $pledgeId = CRM_Utils_Request::retrieve('pledgeId', 'Positive', $this);
         $paymentDetails = CRM_Pledge_BAO_PledgePayment::getPledgePayments($pledgeId);
         $this->assign('rows', $paymentDetails);
         $this->assign('pledgeId', $pledgeId);
         $this->assign('contactId', $this->_contactId);
         // check if we can process credit card contribs
         $processors = CRM_Core_PseudoConstant::paymentProcessor(FALSE, FALSE, "billing_mode IN ( 1, 3 )");
         if (count($processors) > 0) {
             $this->assign('newCredit', TRUE);
         } else {
             $this->assign('newCredit', FALSE);
         }
         // check is the user has view/edit signer permission
         $permission = 'view';
         if (CRM_Core_Permission::check('edit pledges')) {
             $permission = 'edit';
         }
         $this->assign('permission', $permission);
     }
     return parent::run();
 }
Ejemplo n.º 27
0
 /** 
  * Heart of the viewing process. The runner gets all the meta data for 
  * the contact and calls the appropriate type of page to view. 
  * 
  * @return void 
  * @access public 
  * 
  */
 function preProcess()
 {
     // Make sure case types have been configured for the component
     require_once 'CRM/Core/OptionGroup.php';
     $caseType = CRM_Core_OptionGroup::values('case_type');
     if (empty($caseType)) {
         $this->assign('notConfigured', 1);
         return;
     }
     $session =& CRM_Core_Session::singleton();
     $allCases = CRM_Utils_Request::retrieve('all', 'Positive', $session);
     CRM_Utils_System::setTitle(ts('CiviCase Dashboard'));
     $userID = $session->get('userID');
     if (!$allCases) {
         $this->assign('myCases', true);
     } else {
         $this->assign('myCases', false);
     }
     $this->assign('newClient', false);
     if (CRM_Core_Permission::check('add contacts')) {
         $this->assign('newClient', true);
     }
     require_once 'CRM/Case/BAO/Case.php';
     $summary = CRM_Case_BAO_Case::getCasesSummary($allCases, $userID);
     $upcoming = CRM_Case_BAO_Case::getCases($allCases, $userID, 'upcoming');
     $recent = CRM_Case_BAO_Case::getCases($allCases, $userID, 'recent');
     $this->assign('casesSummary', $summary);
     if (!empty($upcoming)) {
         $this->assign('upcomingCases', $upcoming);
     }
     if (!empty($recent)) {
         $this->assign('recentCases', $recent);
     }
 }
 /**
  * Build price options.
  *
  * @param CRM_Event_BAO_Event $event
  *
  * @return array
  */
 public function build_price_options($event)
 {
     $price_fields_for_event = array();
     $base_field_name = "event_{$event->id}_amount";
     $price_set_id = CRM_Price_BAO_PriceSet::getFor('civicrm_event', $event->id);
     //CRM-14492 display admin fields only if user is admin
     $adminFieldVisible = FALSE;
     if (CRM_Core_Permission::check('administer CiviCRM')) {
         $adminFieldVisible = TRUE;
     }
     if ($price_set_id) {
         $price_sets = CRM_Price_BAO_PriceSet::getSetDetail($price_set_id, TRUE, TRUE);
         $price_set = $price_sets[$price_set_id];
         $index = -1;
         foreach ($price_set['fields'] as $field) {
             $index++;
             if (CRM_Utils_Array::value('visibility', $field) == 'public' || CRM_Utils_Array::value('visibility', $field) == 'admin' && $adminFieldVisible == TRUE) {
                 $field_name = "event_{$event->id}_price_{$field['id']}";
                 CRM_Price_BAO_PriceField::addQuickFormElement($this, $field_name, $field['id'], FALSE);
                 $price_fields_for_event[] = $field_name;
             }
         }
     }
     return $price_fields_for_event;
 }
Ejemplo n.º 29
0
 /**
  * Display daily system status alerts (admin only).
  */
 public function showPeriodicAlerts()
 {
     if (CRM_Core_Permission::check('administer CiviCRM')) {
         $session = CRM_Core_Session::singleton();
         if ($session->timer('check_' . __CLASS__, self::CHECK_TIMER)) {
             // Best attempt at re-securing folders
             $config = CRM_Core_Config::singleton();
             $config->cleanup(0, FALSE);
             $statusMessages = array();
             $maxSeverity = 0;
             foreach ($this->checkAll() as $message) {
                 if (!$message->isVisible()) {
                     continue;
                 }
                 if ($message->getLevel() >= 3) {
                     $maxSeverity = max($maxSeverity, $message->getLevel());
                     $statusMessage = $message->getMessage();
                     $statusMessages[] = $statusTitle = $message->getTitle();
                 }
             }
             if ($statusMessages) {
                 if (count($statusMessages) > 1) {
                     $statusTitle = self::toStatusLabel($maxSeverity);
                     $statusMessage = '<ul><li>' . implode('</li><li>', $statusMessages) . '</li></ul>';
                 }
                 $statusMessage .= '<p><a href="' . CRM_Utils_System::url('civicrm/a/#/status') . '">' . ts('View details and manage alerts') . '</a></p>';
                 $statusType = $maxSeverity >= 4 ? 'error' : 'alert';
                 CRM_Core_Session::setStatus($statusMessage, $statusTitle, $statusType);
             }
         }
     }
 }
/**
 * Output navigation script tag
 *
 * @param array $params
 *   - is_default: bool, true if this is normal/default instance of the menu (which may be subject to CIVICRM_DISABLE_DEFAULT_MENU)
 * @param object $smarty the Smarty object
 *
 * @return string HTML
 */
function smarty_function_crmNavigationMenu($params, &$smarty)
{
    $config = CRM_Core_Config::singleton();
    //check if logged in user has access CiviCRM permission and build menu
    $buildNavigation = !CRM_Core_Config::isUpgradeMode() && CRM_Core_Permission::check('access CiviCRM');
    if (defined('CIVICRM_DISABLE_DEFAULT_MENU') && CRM_Utils_Array::value('is_default', $params, FALSE)) {
        $buildNavigation = FALSE;
    }
    if ($config->userFrameworkFrontend) {
        $buildNavigation = FALSE;
    }
    if ($buildNavigation) {
        $session = CRM_Core_Session::singleton();
        $contactID = $session->get('userID');
        if ($contactID) {
            // These params force the browser to refresh the js file when switching user, domain, or language
            // We don't put them as a query string because some browsers will refuse to cache a page with a ? in the url
            // We end the string with .js to trick apache mods into sending pro-caching headers
            // @see CRM_Admin_Page_AJAX::getNavigationMenu
            $lang = $config->lcMessages;
            $domain = CRM_Core_Config::domainID();
            $key = CRM_Core_BAO_Navigation::getCacheKey($contactID);
            $src = CRM_Utils_System::url("civicrm/ajax/menujs/{$contactID}/{$lang}/{$domain}/{$key}.js");
            return '<script type="text/javascript" src="' . $src . '"></script>';
        }
    }
    return '';
}