Example #1
0
/** gives the profile list info array 
 * @param $profileListResult -- profile list database result:: Type array
 * @param $noofrows -- no of rows in the $profileListResult:: Type integer 
 * @param $mod_strings -- i18n mod_strings array:: Type array 
 * @returns $return_date -- profile list info array:: Type array
 *
 */
function getStdOutput($profileListResult, $noofrows, $mod_strings)
{
    global $adb;
    $return_data = array();
    for ($i = 0; $i < $noofrows; $i++) {
        $standCustFld = array();
        $profile_name = $adb->query_result($profileListResult, $i, "profilename");
        $profile_id = $adb->query_result($profileListResult, $i, "profileid");
        $description = $adb->query_result($profileListResult, $i, "description");
        global $current_user;
        $current_profile = fetchUserProfileId($current_user->id);
        if ($profile_id != 1 && $profile_id != $current_profile) {
            $standCustFld['del_permission'] = 'yes';
        } else {
            $standCustFld['del_permission'] = 'no';
        }
        $standCustFld['profileid'] = $profile_id;
        $standCustFld['profilename'] = $profile_name;
        $standCustFld['description'] = $description;
        $return_data[] = $standCustFld;
    }
    return $return_data;
}
Example #2
0
/** Function to get permitted fields of current user of a particular module to find duplicate records --Pavani*/
function getMergeFields($module, $str)
{
    global $adb, $current_user;
    $tabid = getTabid($module);
    if ($str == "available_fields") {
        $result = getFieldsResultForMerge($tabid);
    } else {
        //if($str == fileds_to_merge)
        $sql = "select * from vtiger_user2mergefields where tabid=? and userid=? and visible=1";
        $result = $adb->pquery($sql, array($tabid, $current_user->id));
    }
    $num_rows = $adb->num_rows($result);
    $user_profileid = fetchUserProfileId($current_user->id);
    $permitted_list = getProfile2FieldPermissionList($module, $user_profileid);
    $sql_def_org = "select fieldid from vtiger_def_org_field where tabid=? and visible=0";
    $result_def_org = $adb->pquery($sql_def_org, array($tabid));
    $num_rows_org = $adb->num_rows($result_def_org);
    $permitted_org_list = array();
    for ($i = 0; $i < $num_rows_org; $i++) {
        $permitted_org_list[$i] = $adb->query_result($result_def_org, $i, "fieldid");
    }
    require 'user_privileges/user_privileges_' . $current_user->id . '.php';
    for ($i = 0; $i < $num_rows; $i++) {
        $field_id = $adb->query_result($result, $i, "fieldid");
        foreach ($permitted_list as $field => $data) {
            if ($data[4] == $field_id and $data[1] == 0) {
                if ($is_admin == 'true' || in_array($field_id, $permitted_org_list)) {
                    $field = "<option value=\"" . $field_id . "\">" . getTranslatedString($data[0], $module) . "</option>";
                    $fields .= $field;
                    break;
                }
            }
        }
    }
    return $fields;
}
Example #3
0
/** Function to check if the outlook user is permitted to perform the specified action
 * @param $module -- Module Name:: Type varchar
 * @param $actionname -- Action Name:: Type varchar
 * @param $recordid -- Record Id:: Type integer
 * @returns yes or no. If Yes means this action is allowed for the currently logged in user. If no means this action is not allowed for the currently logged in user
 *
 */
function isAllowed_Outlook($module, $action, $user_id, $record_id)
{
    global $log;
    $log->debug("Entering isAllowed_Outlook(" . $module . "," . $action . "," . $user_id . "," . $record_id . ") method ...");
    $permission = "no";
    if ($module == 'Users' || $module == 'Home' || $module == 'Administration' || $module == 'uploads' || $module == 'Settings' || $module == 'Calendar') {
        //These modules done have security
        $permission = "yes";
    } else {
        global $adb;
        global $current_user;
        $tabid = getTabid($module);
        $actionid = getActionid($action);
        $profile_id = fetchUserProfileId($user_id);
        $tab_per_Data = getAllTabsPermission($profile_id);
        $permissionData = getTabsActionPermission($profile_id);
        $defSharingPermissionData = getDefaultSharingAction();
        $others_permission_id = $defSharingPermissionData[$tabid];
        //Checking whether this vtiger_tab is allowed
        if ($tab_per_Data[$tabid] == 0) {
            $permission = 'yes';
            //Checking whether this action is allowed
            if ($permissionData[$tabid][$actionid] == 0) {
                $permission = 'yes';
                $rec_owner_id = '';
                if ($record_id != '' && $module != 'Faq') {
                    $rec_owner_id = getUserId($record_id);
                }
                if ($record_id != '' && $others_permission_id != '' && $module != 'Faq' && $rec_owner_id != 0) {
                    if ($rec_owner_id != $current_user->id) {
                        if ($others_permission_id == 0) {
                            if ($action == 'EditView' || $action == 'Delete') {
                                $permission = "no";
                            } else {
                                $permission = "yes";
                            }
                        } elseif ($others_permission_id == 1) {
                            if ($action == 'Delete') {
                                $permission = "no";
                            } else {
                                $permission = "yes";
                            }
                        } elseif ($others_permission_id == 2) {
                            $permission = "yes";
                        } elseif ($others_permission_id == 3) {
                            if ($action == 'DetailView' || $action == 'EditView' || $action == 'Delete') {
                                $permission = "no";
                            } else {
                                $permission = "yes";
                            }
                        }
                    } else {
                        $permission = "yes";
                    }
                }
            } else {
                $permission = "no";
            }
        } else {
            $permission = "no";
        }
    }
    $log->debug("Exiting isAllowed_Outlook method ...");
    return $permission;
}
Example #4
0
/** Function to get related list entries in detailed array format
 * @param $parentmodule -- parentmodulename:: Type string
 * @param $query -- query:: Type string
 * @param $id -- id:: Type string
 * @returns $entries_list -- entries list:: Type string array
 */
function getAttachmentsAndNotes($parentmodule, $query, $id, $sid = '')
{
    global $log, $theme;
    $log->debug("Entering getAttachmentsAndNotes(" . $parentmodule . "," . $query . "," . $id . "," . $sid . ") method ...");
    $list = '<script>
		function confirmdelete(url)
		{
			if(confirm("' . $app_strings['ARE_YOU_SURE'] . '"))
			{
				document.location.href=url;
			}
		}
	</script>';
    $theme_path = "themes/" . $theme . "/";
    $image_path = $theme_path . "images/";
    global $adb, $current_user;
    global $mod_strings;
    global $app_strings, $listview_max_textlength;
    $result = $adb->query($query);
    $noofrows = $adb->num_rows($result);
    $_SESSION['Documents_listquery'] = $query;
    $header[] = $app_strings['LBL_TITLE'];
    $header[] = $app_strings['LBL_DESCRIPTION'];
    $header[] = $app_strings['LBL_ATTACHMENTS'];
    $header[] = $app_strings['LBL_ASSIGNED_TO'];
    $header[] = $app_strings['LBL_ACTION'];
    if ($result) {
        while ($row = $adb->fetch_array($result)) {
            if ($row['activitytype'] == 'Attachments') {
                $query1 = "select setype,createdtime from vtiger_crmentity where crmid=?";
                $params1 = array($row['attachmentsid']);
            } else {
                $query1 = "select setype,createdtime from vtiger_crmentity where crmid=?";
                $params1 = array($row['crmid']);
            }
            $query1 .= " order by createdtime desc";
            $res = $adb->pquery($query1, $params1);
            $num_rows = $adb->num_rows($res);
            for ($i = 0; $i < $num_rows; $i++) {
                $setype = $adb->query_result($res, $i, 'setype');
                $createdtime = $adb->query_result($res, $i, 'createdtime');
            }
            if ($setype != "Products Image" && $setype != "Contacts Image") {
                $entries = array();
                if (trim($row['activitytype']) == 'Documents') {
                    $module = 'Documents';
                    $editaction = 'EditView';
                    $deleteaction = 'Delete';
                } elseif ($row['activitytype'] == 'Attachments') {
                    $module = 'uploads';
                    $editaction = 'upload';
                    $deleteaction = 'deleteattachments';
                }
                if ($module == 'Documents') {
                    $entries[] = '<a href="index.php?module=' . $module . '&action=DetailView&return_module=' . $parentmodule . '&return_action=' . $return_action . '&record=' . $row["crmid"] . '&filename=' . $row['filename'] . '&fileid=' . $row['attachmentsid'] . '&return_id=' . vtlib_purify($_REQUEST["record"]) . '&parenttab=' . vtlib_purify($_REQUEST["parenttab"]) . '">' . textlength_check($row['title']) . '</a>';
                } elseif ($module == 'uploads') {
                    $entries[] = $row['title'];
                }
                if (getFieldVisibilityPermission('Documents', $current_user->id, 'notecontent') == '0' || $row['activitytype'] == 'Documents') {
                    $row['description'] = preg_replace("/(<\\/?)(\\w+)([^>]*>)/i", "", $row['description']);
                    if ($listview_max_textlength && strlen($row['description']) > $listview_max_textlength) {
                        $row['description'] = substr($row['description'], 0, $listview_max_textlength) . '...';
                    }
                    $entries[] = nl2br($row['description']);
                } else {
                    $entries[] = " <font color ='red' >" . $app_strings['LBL_NOT_ACCESSIBLE'] . "</font>";
                }
                $attachmentname = $row['filename'];
                //explode('_',$row['filename'],2);
                if (getFieldVisibilityPermission('Documents', $current_user->id, 'filename') == 0) {
                    global $adb;
                    $prof_id = fetchUserProfileId($current_user->id);
                    $modulepermissionQuery = "select permissions from vtiger_profile2tab where tabid=8 and profileid= ?";
                    $modulepermissionresult = $adb->pquery($modulepermissionQuery, array($prof_id));
                    $moduleviewpermission = $adb->query_result($modulepermissionresult, 0, 'permissions');
                    $folderQuery = 'select folderid,filelocationtype,filestatus,filename from vtiger_notes where notesid = ?';
                    $folderresult = $adb->pquery($folderQuery, array($row["crmid"]));
                    $folder_id = $adb->query_result($folderresult, 0, 'folderid');
                    $download_type = $adb->query_result($folderresult, 0, 'filelocationtype');
                    $filestatus = $adb->query_result($folderresult, 0, 'filestatus');
                    $filename = $adb->query_result($folderresult, 0, 'filename');
                    $fileQuery = $adb->pquery("select attachmentsid from vtiger_seattachmentsrel where crmid = ?", array($row['crmid']));
                    $fileid = $adb->query_result($fileQuery, 0, 'attachmentsid');
                    if ($moduleviewpermission == 0) {
                        if ($download_type == 'I') {
                            if ($filestatus == 1) {
                                $entries[] = '<a href="index.php?module=Documents&action=DownloadFile&fileid=' . $fileid . '&folderid=' . $folder_id . '">' . textlength_check($attachmentname) . '</a>';
                            } elseif (isset($attachmentname) && $attachmentname != '') {
                                $entries[] = textlength_check($attachmentname);
                            } else {
                                $entries[] = ' --';
                            }
                        } elseif ($download_type == 'E') {
                            if ($filestatus == 1) {
                                $entries[] = '<a target="_blank" href="' . $filename . '" onClick="javascript:dldCntIncrease(' . $row['crmid'] . ');">' . textlength_check($attachmentname) . '</a>';
                            } elseif (isset($attachmentname) && $attachmentname != '') {
                                $entries[] = textlength_check($attachmentname);
                            } else {
                                $entries[] = ' --';
                            }
                        } else {
                            $entries[] = ' --';
                        }
                    } else {
                        if (isset($attachmentname)) {
                            $entries[] = textlength_check($attachmentname);
                        } else {
                            $entries[] = ' --';
                        }
                    }
                } else {
                    $entries[] = '';
                }
                $assignedToQuery = $adb->pquery('SELECT smownerid FROM vtiger_crmentity WHERE crmid = ?', array($row['crmid']));
                $assignedTo = $adb->query_result($assignedToQuery, 0, 'smownerid');
                if ($assignedTo != '') {
                    $entries[] = $assignedTo;
                }
                $del_param = 'index.php?module=' . $module . '&action=' . $deleteaction . '&return_module=' . $parentmodule . '&return_action=' . vtlib_purify($_REQUEST['action']) . '&record=' . $row["crmid"] . '&return_id=' . vtlib_purify($_REQUEST["record"]) . '&parenttab=' . vtlib_purify($_REQUEST["parenttab"]);
                if ($module == 'Documents') {
                    $edit_param = 'index.php?module=' . $module . '&action=' . $editaction . '&return_module=' . $parentmodule . '&return_action=' . vtlib_purify($_REQUEST['action']) . '&record=' . $row["crmid"] . '&filename=' . $row['filename'] . '&fileid=' . $row['attachmentsid'] . '&return_id=' . vtlib_purify($_REQUEST["record"]) . '&parenttab=' . vtlib_purify($_REQUEST["parenttab"]);
                    $entries[] .= '<a href="' . $edit_param . '">' . $app_strings['LNK_EDIT'] . '</a> | <a href=\'javascript:confirmdelete("' . $del_param . '")\'>' . $app_strings['LNK_DELETE'] . '</a>';
                } else {
                    $entries[] = '<a href=\'javascript:confirmdelete("' . $del_param . '")\'>' . $app_strings['LNK_DELETE'] . '</a>';
                }
                $entries_list[] = $entries;
            }
        }
    }
    if ($entries_list != '') {
        $return_data = array('header' => $header, 'entries' => $entries_list);
    }
    $log->debug("Exiting getAttachmentsAndNotes method ...");
    return $return_data;
}
Example #5
0
 public function CheckPermissions($actionKey, $record_id = '')
 {
     global $current_user;
     if (empty($this->view_all)) {
         $this->GetDefPermission($current_user->id);
     }
     if ($this->is_admin) {
         return true;
     }
     if ($this->profile_Global_Permission[1] == "0" && $actionKey == "DETAIL") {
         return true;
     } elseif ($this->profile_Global_Permission[2] == "0" && $actionKey == "EDIT") {
         return true;
     } else {
         $profileid = fetchUserProfileId($current_user->id);
         if (isset($this->profilesActions[$actionKey])) {
             $actionid = getActionid($this->profilesActions[$actionKey]);
             $permissions = $this->GetProfilesPermissions();
             if (isset($permissions[$profileid][$actionid]) && $permissions[$profileid][$actionid] == "0") {
                 if ($this->edit_all && ($actionKey == "DETAIL" || $actionKey == "EDIT") || $this->delete_all && $actionKey == "DELETE") {
                     return true;
                 } elseif ($record_id != "") {
                     $recOwnType = '';
                     $recOwnId = '';
                     $recordOwnerArr = getRecordOwnerId($record_id);
                     foreach ($recordOwnerArr as $type => $id) {
                         $recOwnType = $type;
                         $recOwnId = $id;
                     }
                     if ($recOwnType == 'Users') {
                         if ($current_user->id == $recOwnId) {
                             return true;
                         }
                         //Checking if the Record Owner is the Subordinate User
                         foreach ($this->subordinate_roles_users as $roleid => $userids) {
                             if (in_array($recOwnId, $userids)) {
                                 return true;
                             }
                         }
                         $permission = isCalendarPermittedBySharing($record_id);
                         if ($permission == "yes" && $actionKey == "DETAIL") {
                             return true;
                         }
                     } elseif ($recOwnType == 'Groups') {
                         //Checking if the record owner is the current user's group
                         if (in_array($recOwnId, $this->current_user_groups)) {
                             return true;
                         }
                     }
                     if ($actionKey == "DETAIL") {
                         $ui = $this->isUserCalendarPermittedByInviti($record_id);
                         if ($ui) {
                             return true;
                         }
                     }
                 } else {
                     return true;
                 }
             }
         }
     }
     return false;
 }
Example #6
0
 public function CheckPermissions($actionKey)
 {
     $profileid = fetchUserProfileId($this->current_user->id);
     $result = false;
     if (isset($this->profilesActions[$actionKey])) {
         $actionid = getActionid($this->profilesActions[$actionKey]);
         $permissions = $this->GetProfilesPermissions();
         if (isset($permissions[$profileid][$actionid]) && $permissions[$profileid][$actionid] == "0") {
             $result = true;
         }
     }
     return $result;
 }