/** * @see SugarView::preDisplay() */ public function preDisplay() { global $current_user, $mod_strings; if (!is_admin($current_user) && !is_admin_for_module($GLOBALS['current_user'], 'Campaigns')) { sugar_die($mod_strings['LBL_UNAUTH_ACCESS']); } }
function display() { global $current_user, $app_strings, $mod_strings; $admin = is_admin($current_user) || is_admin_for_module($current_user, 'Reports'); foreach ($this->data['data'] as $i => $rowData) { if (isset($this->data['data'][$i]['IS_PUBLISHED'])) { $this->data['data'][$i]['IS_PUBLISHED'] = "<input type='checkbox' "; if ($rowData['IS_PUBLISHED'] == 'yes') { $this->data['data'][$i]['IS_PUBLISHED'] .= ' checked '; } if ($admin) { $this->data['data'][$i]['IS_PUBLISHED'] .= " onclick='location.href=\"index.php?module=Reports&action=index&publish=no&publish_report_id={$rowData['ID']}\";'>"; } else { $this->data['data'][$i]['IS_PUBLISHED'] .= ' disabled=true>'; } } if (isset($this->data['data'][$i]['IS_SCHEDULED'])) { $this->data['data'][$i]['IS_SCHEDULED'] = "<a href='#' onclick=\"schedulePOPUP('{$rowData['ID']}'); return false\" class='listViewTdToolsS1'>{$rowData['IS_SCHEDULED_IMG']} {$rowData['IS_SCHEDULED']}</a>"; } if (!isset($this->data['data'][$i]['IS_EDIT'])) { if ($this->data['data'][$i]['ASSIGNED_USER_ID'] != $current_user->id || !ACLController::checkAccess('Reports', 'edit', $this->data['data'][$i]['ASSIGNED_USER_ID'])) { $this->data['data'][$i]['IS_EDIT'] = " "; } else { $this->data['data'][$i]['IS_EDIT'] = "<a title=\"{$app_strings['LBL_EDIT_BUTTON']}\" href=\"index.php?action=ReportsWizard&module=Reports&page=report&record={$rowData['ID']}\">" . SugarThemeRegistry::current()->getImage("edit_inline", '', null, null, ".gif", $mod_strings['LBL_EDIT']) . "</a>"; } } } $this->ss->assign('act', 'ReportsWizard'); return parent::display(); }
public function process() { if (!is_admin($GLOBALS['current_user']) && !is_admin_for_module($GLOBALS['current_user'], 'Contracts')) { $this->hasAccess = false; } parent::process(); }
/** * @see SugarView::preDisplay() */ public function preDisplay() { global $current_user; if (!is_admin($current_user) && !is_admin_for_module($GLOBALS['current_user'], 'Emails') && !is_admin_for_module($GLOBALS['current_user'], 'Campaigns')) { sugar_die("Unauthorized access to administration."); } }
public function preDisplay() { if (!is_admin($GLOBALS['current_user']) && !is_admin_for_module($GLOBALS['current_user'], 'Users')) { sugar_die("Unauthorized access to administration."); } $this->lv = new ListViewSmarty(); $this->lv->delete = false; }
public function preDisplay() { global $current_user; if (!is_admin($current_user) && !is_admin_for_module($current_user, 'Forecasts')) { sugar_die("Unauthorized access to administration."); } $this->lv = new ListViewSmarty(); $this->lv->showMassupdateFields = false; }
public function preDisplay() { if (!is_admin($GLOBALS['current_user']) && !is_admin_for_module($GLOBALS['current_user'], 'Users')) { sugar_die('No Access'); } $this->lv = new ListViewSmarty(); $this->lv->export = false; $this->lv->showMassupdateFields = false; }
/** * @see SugarView::preDisplay() */ public function preDisplay() { global $current_user; if (!is_admin($current_user) && !is_admin_for_module($current_user, 'Campaigns')) { sugar_die($GLOBALS['app_strings']['ERR_NOT_ADMIN']); } $this->lv = new ListViewSmarty(); $this->lv->export = false; $this->lv->quickViewLinks = false; }
public function preDisplay() { if (!is_admin($GLOBALS['current_user']) && !is_admin_for_module($GLOBALS['current_user'], 'Users')) { //instead of just dying here with unauthorized access will send the user back to his/her settings SugarApplication::redirect('index.php?module=Users&action=DetailView&record=' . $GLOBALS['current_user']->id); } $this->lv = new ListViewSmarty(); $this->lv->delete = false; $this->lv->email = false; }
protected function action_delete() { if ($_REQUEST['record'] != $GLOBALS['current_user']->id && (is_admin($GLOBALS['current_user']) || is_admin_for_module($GLOBALS['current_user'], 'Users'))) { $u = new User(); $u->retrieve($_REQUEST['record']); $u->deleted = 1; $u->status = 'Inactive'; $u->employee_status = 'Terminated'; $u->save(); $GLOBALS['log']->info("User id: {$GLOBALS['current_user']->id} deleted user record: {$_REQUEST['record']}"); SugarApplication::redirect("index.php?module=Employees&action=index"); } else { sugar_die("Unauthorized access to administration."); } }
function listViewProcess() { $this->processSearchForm(); $this->lv->searchColumns = $this->searchForm->searchColumns; if (!$this->headers) { return; } if (empty($_REQUEST['search_form_only']) || $_REQUEST['search_form_only'] == false) { $this->lv->ss->assign("SEARCH", true); $tplFile = 'include/ListView/ListViewGeneric.tpl'; if (!is_admin($GLOBALS['current_user']) && !is_admin_for_module($GLOBALS['current_user'], 'Users')) { $tplFile = 'include/ListView/ListViewNoMassUpdate.tpl'; } $this->lv->setup($this->seed, $tplFile, $this->where, $this->params); $savedSearchName = empty($_REQUEST['saved_search_select_name']) ? '' : ' - ' . $_REQUEST['saved_search_select_name']; echo $this->lv->display(); } }
/** * Returns the bean object of the given module * * @param string $module * @return object */ function loadImportBean($module) { $focus = loadBean($module); if ($focus) { if (!$focus->importable) { return false; } if ($module == 'Users' && !is_admin($GLOBALS['current_user']) && !is_admin_for_module($GLOBALS['current_user'], 'Users')) { return false; } if ($focus->bean_implements('ACL')) { if (!ACLController::checkAccess($focus->module_dir, 'import', true)) { ACLController::displayNoAccess(); sugar_die(''); } } } else { return false; } return $focus; }
function display() { if (is_admin($GLOBALS['current_user']) || $_REQUEST['record'] == $GLOBALS['current_user']->id) { $this->ss->assign('DISPLAY_EDIT', true); } if (is_admin($GLOBALS['current_user'])) { $this->ss->assign('DISPLAY_DUPLICATE', true); } $showDeleteButton = FALSE; if ($_REQUEST['record'] != $GLOBALS['current_user']->id && (is_admin($GLOBALS['current_user']) || is_admin_for_module($GLOBALS['current_user'], 'Users'))) { $showDeleteButton = TRUE; if (empty($this->bean->user_name)) { //Indicates just employee $deleteWarning = $GLOBALS['mod_strings']['LBL_DELETE_EMPLOYEE_CONFIRM']; } else { $deleteWarning = $GLOBALS['mod_strings']['LBL_DELETE_USER_CONFIRM']; } $this->ss->assign('DELETE_WARNING', $deleteWarning); } $this->ss->assign('DISPLAY_DELETE', $showDeleteButton); parent::display(); }
/** * Return the "breadcrumbs" to display at the top of the page * * @param bool $show_help optional, true if we show the help links * @return HTML string containing breadcrumb title */ public function getModuleTitle($show_help = true) { global $sugar_version, $sugar_flavor, $server_unique_key, $current_language, $action, $current_user; $theTitle = "<div class='moduleTitle'>\n"; $module = preg_replace("/ /", "", $this->module); $params = $this->_getModuleTitleParams(); $count = count($params); $index = 0; if (SugarThemeRegistry::current()->directionality == "rtl") { $params = array_reverse($params); } $paramString = ''; foreach ($params as $parm) { $index++; $paramString .= $parm; if ($index < $count) { $paramString .= $this->getBreadCrumbSymbol(); } } if (!empty($paramString)) { $theTitle .= "<h2> {$paramString} </h2>\n"; } if ($show_help) { $theTitle .= "<span class='utils'>"; if (is_admin($current_user) || is_admin_for_module($current_user, $this->module)) { $createImageURL = SugarThemeRegistry::current()->getImageURL('create-record.gif'); $theTitle .= <<<EOHTML <a href="index.php?module={$module}&action=EditView&return_module={$module}&return_action=DetailView" class="utilsLink"> <img src='{$createImageURL}' alt='{$GLOBALS['app_strings']['LNK_CREATE']}'></a> <a href="index.php?module={$module}&action=EditView&return_module={$module}&return_action=DetailView" class="utilsLink"> {$GLOBALS['app_strings']['LNK_CREATE']} </a> EOHTML; } } $theTitle .= "</span></div>\n"; return $theTitle; }
sugar_die("Unauthorized access to user administration."); } $focus = new User(); $focus->retrieve($_POST['record']); // Flag to determine whether to save a new password or not. if (empty($focus->id)) { $newUser = true; } else { $newUser = false; } if (!$current_user->is_admin && !is_admin_for_module($GLOBALS['current_user'], 'Users') && $current_user->id != $focus->id) { $GLOBALS['log']->fatal("SECURITY:Non-Admin " . $current_user->id . " attempted to change settings for user:"******"Location: index.php?module=Users&action=Logout"); exit; } if (!$current_user->is_admin && !is_admin_for_module($GLOBALS['current_user'], 'Users') && !empty($_POST['is_admin'])) { $GLOBALS['log']->fatal("SECURITY:Non-Admin " . $current_user->id . " attempted to change is_admin settings for user:"******"Location: index.php?module=Users&action=Logout"); exit; } $portal = array("sugar_user_name", "last_name", "status", "portal_only"); $group = array("sugar_user_name", "last_name", "status", "is_group"); if (isset($_POST['portal_only']) && ($_POST['portal_only'] == '1' || $focus->portal_only)) { foreach ($portal as $field) { if (isset($_POST[$field])) { $value = $_POST[$field]; $focus->{$field} = $value; } } } if (isset($_POST['is_group']) && ($_POST['is_group'] == '1' || $focus->is_group)) {
/** * Verify that the current password is correct and write the new password to the DB. * * @param string $user name - Must be non null and at least 1 character. * @param string $user_password - Must be non null and at least 1 character. * @param string $new_password - Must be non null and at least 1 character. * @return boolean - If passwords pass verification and query succeeds, return true, else return false. */ function change_password($user_password, $new_password, $system_generated = '0') { global $mod_strings; global $current_user; $GLOBALS['log']->debug("Starting password change for {$this->user_name}"); if (!isset($new_password) || $new_password == "") { $this->error_string = $mod_strings['ERR_PASSWORD_CHANGE_FAILED_1'] . $current_user['user_name'] . $mod_strings['ERR_PASSWORD_CHANGE_FAILED_2']; return false; } $old_user_hash = strtolower(md5($user_password)); if (!is_admin($current_user) && !is_admin_for_module($current_user, 'Users')) { //check old password first $query = "SELECT user_name FROM {$this->table_name} WHERE user_hash='{$old_user_hash}' AND id='{$this->id}'"; $result = $this->db->query($query, true); $row = $this->db->fetchByAssoc($result); $GLOBALS['log']->debug("select old password query: {$query}"); $GLOBALS['log']->debug("return result of {$row}"); if ($row == null) { $GLOBALS['log']->warn("Incorrect old password for " . $this->user_name . ""); $this->error_string = $mod_strings['ERR_PASSWORD_INCORRECT_OLD_1'] . $this->user_name . $mod_strings['ERR_PASSWORD_INCORRECT_OLD_2']; return false; } } $user_hash = strtolower(md5($new_password)); $this->setPreference('loginexpiration', '0'); //set new password $now = date("Y-m-d H:i:s"); $query = "UPDATE {$this->table_name} SET user_hash='{$user_hash}', system_generated_password='******', pwd_last_changed='{$now}' where id='{$this->id}'"; $this->db->query($query, true, "Error setting new password for {$this->user_name}: "); $_SESSION['hasExpiredPassword'] = '******'; return true; }
/** * static function userHasAccess($user_id, $category, $action, $is_owner = false) * * @param GUID $user_id the user id who you want to check access for * @param STRING $category the category you would like to check access for * @param STRING $action the action of that category you would like to check access for * @param BOOLEAN OPTIONAL $is_owner if the object is owned by the user you are checking access for */ function userHasAccess($user_id, $category, $action, $type = 'module', $is_owner = false) { global $current_user; if (is_admin_for_module($current_user, $category) && !isset($_SESSION['ACL'][$user_id][$category][$type][$action]['aclaccess'])) { return true; } //check if we don't have it set in the cache if not lets reload the cache if (ACLAction::getUserAccessLevel($user_id, $category, 'access', $type) < ACL_ALLOW_ENABLED) { return false; } if (empty($_SESSION['ACL'][$user_id][$category][$type][$action])) { ACLAction::getUserActions($user_id, false); } if (!empty($_SESSION['ACL'][$user_id][$category][$type][$action])) { return ACLAction::hasAccess($is_owner, $_SESSION['ACL'][$user_id][$category][$type][$action]['aclaccess']); } return false; }
* All Rights Reserved. * Contributor(s): ______________________________________.. ********************************************************************************/ global $mod_strings, $app_strings; if (ACLController::checkAccess('Campaigns', 'edit', true)) { $module_menu[] = array("index.php?module=Campaigns&action=WizardHome&return_module=Campaigns&return_action=index", $mod_strings['LNL_NEW_CAMPAIGN_WIZARD'], "CampaignsWizard"); } if (ACLController::checkAccess('Campaigns', 'edit', true)) { $module_menu[] = array("index.php?module=Campaigns&action=EditView&return_module=Campaigns&return_action=index", $mod_strings['LNK_NEW_CAMPAIGN'], "CreateCampaigns"); } if (ACLController::checkAccess('Campaigns', 'list', true)) { $module_menu[] = array("index.php?module=Campaigns&action=index&return_module=Campaigns&return_action=index", $mod_strings['LNK_CAMPAIGN_LIST'], "Campaigns"); } if (ACLController::checkAccess('Campaigns', 'list', true)) { $module_menu[] = array("index.php?module=Campaigns&action=newsletterlist&return_module=Campaigns&return_action=index", $mod_strings['LBL_NEWSLETTERS'], "Newsletters"); } if (ACLController::checkAccess('EmailTemplates', 'edit', true)) { $module_menu[] = array("index.php?module=EmailTemplates&action=EditView&return_module=EmailTemplates&return_action=DetailView", $mod_strings['LNK_NEW_EMAIL_TEMPLATE'], "CreateEmails", "Emails"); } if (ACLController::checkAccess('EmailTemplates', 'list', true)) { $module_menu[] = array("index.php?module=EmailTemplates&action=index", $mod_strings['LNK_EMAIL_TEMPLATE_LIST'], "EmailFolder", 'Emails'); } if (is_admin($GLOBALS['current_user']) || is_admin_for_module($GLOBALS['current_user'], 'Campaigns')) { $module_menu[] = array("index.php?module=Campaigns&action=WizardEmailSetup&return_module=Campaigns&return_action=index", $mod_strings['LBL_EMAIL_SETUP_WIZARD'], "EmailSetupWizard"); } if (ACLController::checkAccess('Campaigns', 'edit', true)) { $module_menu[] = array("index.php?module=Campaigns&action=CampaignDiagnostic&return_module=Campaigns&return_action=index", $mod_strings['LBL_DIAGNOSTIC_WIZARD'], "EmailDiagnostic"); } if (ACLController::checkAccess('Campaigns', 'edit', true)) { $module_menu[] = array("index.php?module=Campaigns&action=WebToLeadCreation&return_module=Campaigns&return_action=index", $mod_strings['LBL_WEB_TO_LEAD'], "CreateWebToLeadForm"); }
function action_Save() { require_once 'include/OutboundEmail/OutboundEmail.php'; require_once 'modules/Configurator/Configurator.php'; $configurator = new Configurator(); global $sugar_config; global $current_user; if (!is_admin($current_user) && !is_admin_for_module($GLOBALS['current_user'], 'Emails') && !is_admin_for_module($GLOBALS['current_user'], 'Campaigns')) { sugar_die("Unauthorized access to administration."); } //Do not allow users to spoof for sendmail if the config flag is not set. if (!isset($sugar_config['allow_sendmail_outbound']) || !$sugar_config['allow_sendmail_outbound']) { $_REQUEST['mail_sendtype'] = "SMTP"; } // save Outbound settings #Bug 20033 Ensure data for Outbound email exists before trying to update the system mailer. if (isset($_REQUEST['mail_sendtype']) && empty($_REQUEST['campaignConfig'])) { $oe = new OutboundEmail(); $oe->populateFromPost(); $oe->saveSystem(); } $focus = new Administration(); if (isset($_POST['tracking_entities_location_type'])) { if ($_POST['tracking_entities_location_type'] != '2') { unset($_POST['tracking_entities_location']); unset($_POST['tracking_entities_location_type']); } } // cn: handle mail_smtpauth_req checkbox on/off (removing double reference in the form itself if (!isset($_POST['mail_smtpauth_req'])) { $_POST['mail_smtpauth_req'] = 0; if (empty($_POST['campaignConfig'])) { $_POST['notify_allow_default_outbound'] = 0; // If smtp auth is disabled ensure outbound is disabled. } } if (!empty($_POST['notify_allow_default_outbound'])) { $oe = new OutboundEmail(); if (!$oe->isAllowUserAccessToSystemDefaultOutbound()) { $oe->removeUserOverrideAccounts(); } } $focus->saveConfig(); // save User defaults for emails $configurator->config['email_default_delete_attachments'] = isset($_REQUEST['email_default_delete_attachments']) ? true : false; /////////////////////////////////////////////////////////////////////////////// //// SECURITY $security = array(); if (isset($_REQUEST['applet'])) { $security['applet'] = 'applet'; } if (isset($_REQUEST['base'])) { $security['base'] = 'base'; } if (isset($_REQUEST['embed'])) { $security['embed'] = 'embed'; } if (isset($_REQUEST['form'])) { $security['form'] = 'form'; } if (isset($_REQUEST['frame'])) { $security['frame'] = 'frame'; } if (isset($_REQUEST['frameset'])) { $security['frameset'] = 'frameset'; } if (isset($_REQUEST['iframe'])) { $security['iframe'] = 'iframe'; } if (isset($_REQUEST['import'])) { $security['import'] = '\\?import'; } if (isset($_REQUEST['layer'])) { $security['layer'] = 'layer'; } if (isset($_REQUEST['link'])) { $security['link'] = 'link'; } if (isset($_REQUEST['object'])) { $security['object'] = 'object'; } if (isset($_REQUEST['style'])) { $security['style'] = 'style'; } if (isset($_REQUEST['xmp'])) { $security['xmp'] = 'xmp'; } $security['script'] = 'script'; $configurator->config['email_xss'] = base64_encode(serialize($security)); //// SECURITY /////////////////////////////////////////////////////////////////////////////// ksort($sugar_config); $configurator->handleOverride(); }
$meetingBean = loadBean('Meetings'); $meetingBean->retrieve($_REQUEST['meeting_id']); if ($_REQUEST['host_meeting'] == '1') { if ($meetingBean->assigned_user_id == $GLOBALS['current_user']->id || is_admin($GLOBALS['current_user']) || is_admin_for_module($GLOBALS['current_user'], 'Meetings')) { SugarApplication::redirect($meetingBean->host_url); } else { //since they are now the owner of the meeting nor an Admin they cannot start the meeting. $tplFile = 'modules/Meetings/tpls/extMeetingNoStart.tpl'; if (file_exists('custom/' . $tplFile)) { $tplFile = 'custom/' . $tplFile; } $ss = new Sugar_Smarty(); $ss->assign('current_user', $current_user); $ss->assign('bean', $meetingBean->toArray()); $ss->display($tplFile); } } else { if (isset($row['id']) || $meetingBean->assigned_user_id == $GLOBALS['current_user']->id || is_admin($GLOBALS['current_user']) || is_admin_for_module($GLOBALS['current_user'], 'Meetings')) { SugarApplication::redirect($meetingBean->join_url); } else { //if the user is not invited or the owner of the meeting or an admin then they cannot join the meeting. $tplFile = 'modules/Meetings/tpls/extMeetingNotInvited.tpl'; if (file_exists('custom/' . $tplFile)) { $tplFile = 'custom/' . $tplFile; } $ss = new Sugar_Smarty(); $ss->assign('current_user', $current_user); $ss->assign('bean', $meetingBean->toArray()); $ss->display($tplFile); } }
} else { $reset_pref_warning = $mod_strings['LBL_RESET_PREFERENCES_WARNING_USER']; $reset_home_warning = $mod_strings['LBL_RESET_HOMEPAGE_WARNING_USER']; } $buttons .= "<input type='button' class='button' onclick='if(confirm(\"{$reset_pref_warning}\"))window.location=\"" . $_SERVER['PHP_SELF'] . '?' . $the_query_string . "&reset_preferences=true\";' value='" . $mod_strings['LBL_RESET_PREFERENCES'] . "' />"; $buttons .= " <input type='button' class='button' onclick='if(confirm(\"{$reset_home_warning}\"))window.location=\"" . $_SERVER['PHP_SELF'] . '?' . $the_query_string . "&reset_homepage=true\";' value='" . $mod_strings['LBL_RESET_HOMEPAGE'] . "' />"; } if (isset($buttons)) { $sugar_smarty->assign("BUTTONS", $buttons); } require_once "include/templates/TemplateGroupChooser.php"; require_once "modules/MySettings/TabController.php"; $chooser = new TemplateGroupChooser(); $controller = new TabController(); //if(is_admin($current_user) || $controller->get_users_can_edit()) if (is_admin($current_user) || is_admin_for_module($GLOBALS['current_user'], 'Users')) { $chooser->display_third_tabs = true; $chooser->args['third_name'] = 'remove_tabs'; $chooser->args['third_label'] = $mod_strings['LBL_REMOVED_TABS']; } elseif (!$controller->get_users_can_edit()) { $chooser->display_hide_tabs = false; } else { $chooser->display_hide_tabs = true; } $chooser->args['id'] = 'edit_tabs'; $chooser->args['values_array'] = $controller->get_tabs($focus); $chooser->args['left_name'] = 'display_tabs'; $chooser->args['right_name'] = 'hide_tabs'; $chooser->args['left_label'] = $mod_strings['LBL_DISPLAY_TABS']; $chooser->args['right_label'] = $mod_strings['LBL_HIDE_TABS']; $chooser->args['title'] = $mod_strings['LBL_EDIT_TABS'];
function action_Save() { require_once 'include/OutboundEmail/OutboundEmail.php'; require_once 'modules/Configurator/Configurator.php'; $configurator = new Configurator(); global $sugar_config; global $current_user, $mod_strings; if (!is_admin($current_user) && !is_admin_for_module($GLOBALS['current_user'], 'Emails') && !is_admin_for_module($GLOBALS['current_user'], 'Campaigns')) { sugar_die($mod_strings['LBL_UNAUTH_ACCESS']); } //Do not allow users to spoof for sendmail if the config flag is not set. if (!isset($sugar_config['allow_sendmail_outbound']) || !$sugar_config['allow_sendmail_outbound']) { $_REQUEST['mail_sendtype'] = "SMTP"; } // save Outbound settings #Bug 20033 Ensure data for Outbound email exists before trying to update the system mailer. if (isset($_REQUEST['mail_sendtype']) && empty($_REQUEST['campaignConfig'])) { $oe = new OutboundEmail(); $oe->populateFromPost(); $oe->saveSystem(); } $focus = BeanFactory::getBean('Administration'); if (isset($_POST['tracking_entities_location_type'])) { if ($_POST['tracking_entities_location_type'] != '2') { unset($_POST['tracking_entities_location']); unset($_POST['tracking_entities_location_type']); } } // cn: handle mail_smtpauth_req checkbox on/off (removing double reference in the form itself if (!isset($_POST['mail_smtpauth_req'])) { $_POST['mail_smtpauth_req'] = 0; if (empty($_POST['campaignConfig'])) { $_POST['notify_allow_default_outbound'] = 0; // If smtp auth is disabled ensure outbound is disabled. } } $focus->saveConfig(); // mark user metadata changed so the user preferences get refreshed // (user preferences contain email client preference) $mm = MetadataManager::getManager(); $mm->setUserMetadataHasChanged($current_user); // save User defaults for emails $configurator->config['email_default_delete_attachments'] = isset($_REQUEST['email_default_delete_attachments']) ? true : false; /////////////////////////////////////////////////////////////////////////////// //// SECURITY $security = array(); if (isset($_REQUEST['applet'])) { $security['applet'] = 'applet'; } if (isset($_REQUEST['base'])) { $security['base'] = 'base'; } if (isset($_REQUEST['embed'])) { $security['embed'] = 'embed'; } if (isset($_REQUEST['form'])) { $security['form'] = 'form'; } if (isset($_REQUEST['frame'])) { $security['frame'] = 'frame'; } if (isset($_REQUEST['frameset'])) { $security['frameset'] = 'frameset'; } if (isset($_REQUEST['iframe'])) { $security['iframe'] = 'iframe'; } if (isset($_REQUEST['import'])) { $security['import'] = '\\?import'; } if (isset($_REQUEST['layer'])) { $security['layer'] = 'layer'; } if (isset($_REQUEST['link'])) { $security['link'] = 'link'; } if (isset($_REQUEST['object'])) { $security['object'] = 'object'; } if (isset($_REQUEST['style'])) { $security['style'] = 'style'; } if (isset($_REQUEST['xmp'])) { $security['xmp'] = 'xmp'; } $security['script'] = 'script'; $configurator->config['email_xss'] = base64_encode(serialize($security)); //// SECURITY /////////////////////////////////////////////////////////////////////////////// ksort($sugar_config); $configurator->handleOverride(); }
* * Copyright (C) SugarCRM Inc. All rights reserved. */ /********************************************************************************* * Description: TODO: To be written. * Portions created by SugarCRM are Copyright (C) SugarCRM, Inc. * All Rights Reserved. * Contributor(s): ______________________________________.. ********************************************************************************/ require_once 'modules/TimePeriods/Forms.php'; global $mod_strings; global $app_strings; global $app_list_strings; global $current_user; //exit if the logged in user does not have admin rights. if (!is_admin($current_user) && !is_admin_for_module($current_user, 'Forecasts')) { sugar_die("Unauthorized access to administration."); } global $focus; $focus = BeanFactory::getBean('TimePeriods'); $GLOBALS['log']->info("in detail view"); if (!empty($_REQUEST['record'])) { $GLOBALS['log']->info("record to be fetched" . $_REQUEST['record']); $result = $focus->retrieve($_REQUEST['record']); if ($result == null) { sugar_die($app_strings['ERROR_NO_RECORD']); } } else { header("Location: index.php?module=TimePeriods&action=ListView"); } echo getClassicModuleTitle($mod_strings['LBL_MODULE_NAME'], array($mod_strings['LBL_MODULE_NAME'], $focus->get_summary_text()), true);
$ListView->show_select_menu = false; $ListView->setQuery("", "", "list_order", "RELEASE"); $ListView->processListView($focus, "main", "RELEASE"); if ($is_edit) { $edit_button = "<form name='EditView' method='POST' action='index.php'>\n"; $edit_button .= "<input type='hidden' name='module' value='Releases'>\n"; $edit_button .= "<input type='hidden' name='record' value='{$focus->id}'>\n"; $edit_button .= "<input type='hidden' name='action'>\n"; $edit_button .= "<input type='hidden' name='edit'>\n"; $edit_button .= "<input type='hidden' name='isDuplicate'>\n"; $edit_button .= "<input type='hidden' name='return_module' value='Releases'>\n"; $edit_button .= "<input type='hidden' name='return_action' value='index'>\n"; $edit_button .= "<input type='hidden' name='return_id' value=''>\n"; $edit_button .= '<input title="' . $app_strings['LBL_SAVE_BUTTON_TITLE'] . '" accessKey="' . $app_strings['LBL_SAVE_BUTTON_KEY'] . '" class="button" onclick="this.form.action.value=\'Save\'; return check_form(\'EditView\');" type="submit" name="button" value=" ' . $app_strings['LBL_SAVE_BUTTON_LABEL'] . ' " >'; $edit_button .= ' <input title="' . $app_strings['LBL_SAVE_NEW_BUTTON_TITLE'] . '" accessKey="' . $app_strings['LBL_SAVE_NEW_BUTTON_KEY'] . '" class="button" onclick="this.form.action.value=\'Save\'; this.form.isDuplicate.value=\'true\'; this.form.edit.value=\'true\'; this.form.return_action.value=\'EditView\'; return check_form(\'EditView\')" type="submit" name="button" value=" ' . $app_strings['LBL_SAVE_NEW_BUTTON_LABEL'] . ' " >'; if ((is_admin($current_user) || is_admin_for_module($GLOBALS['current_user'], 'Bugs')) && $_REQUEST['module'] != 'DynamicLayout' && !empty($_SESSION['editinplace'])) { $header_text = " <a href='index.php?action=index&module=DynamicLayout&edit=true&from_action=EditView&from_module=" . $_REQUEST['module'] . "'>" . SugarThemeRegistry::current()->getImage("EditLayout", "border='0' alt='Edit Layout' align='bottom'") . "</a>"; } echo get_form_header($mod_strings['LBL_RELEASE'] . " " . $focus->name . ' ' . $header_text, $edit_button, false); $GLOBALS['log']->info("Releases edit view"); $xtpl = new XTemplate('modules/Releases/EditView.html'); $xtpl->assign("MOD", $mod_strings); $xtpl->assign("APP", $app_strings); if (isset($_REQUEST['return_module'])) { $xtpl->assign("RETURN_MODULE", $_REQUEST['return_module']); } if (isset($_REQUEST['return_action'])) { $xtpl->assign("RETURN_ACTION", $_REQUEST['return_action']); } if (isset($_REQUEST['return_id'])) { $xtpl->assign("RETURN_ID", $_REQUEST['return_id']);
/** * Processes the request. Calls ListViewData process. Also assigns all lang strings, export links, * This is called from ListViewDisplay * * @param file file Template file to use * @param data array from ListViewData * @param html_var string the corresponding html var in xtpl per row * */ function process($file, $data, $htmlVar) { if (!$this->should_process) { return; } global $odd_bg, $even_bg, $hilite_bg, $click_bg, $app_strings; parent::process($file, $data, $htmlVar); $this->tpl = $file; $this->data = $data; $totalWidth = 0; foreach ($this->displayColumns as $name => $params) { $totalWidth += $params['width']; } $adjustment = $totalWidth / 100; $contextMenuObjectsTypes = array(); foreach ($this->displayColumns as $name => $params) { $this->displayColumns[$name]['width'] = floor($this->displayColumns[$name]['width'] / $adjustment); // figure out which contextMenu objectsTypes are required if (!empty($params['contextMenu']['objectType'])) { $contextMenuObjectsTypes[$params['contextMenu']['objectType']] = true; } } $this->ss->assign('displayColumns', $this->displayColumns); $this->ss->assign('bgHilite', $hilite_bg); $this->ss->assign('colCount', count($this->displayColumns) + 1); $this->ss->assign('htmlVar', strtoupper($htmlVar)); $this->ss->assign('moduleString', $this->moduleString); $this->ss->assign('editLinkString', $app_strings['LBL_EDIT_BUTTON']); $this->ss->assign('viewLinkString', $app_strings['LBL_VIEW_BUTTON']); $this->ss->assign('allLinkString', $app_strings['LBL_LINK_ALL']); $this->ss->assign('noneLinkString', $app_strings['LBL_LINK_NONE']); $this->ss->assign('recordsLinkString', $app_strings['LBL_LINK_RECORDS']); $this->ss->assign('selectLinkString', $app_strings['LBL_LINK_SELECT']); if ($this->overlib) { $this->ss->assign('overlib', true); } if ($this->select) { $this->ss->assign('selectLink', $this->buildSelectLink('select_link', $this->data['pageData']['offsets']['total'], $this->data['pageData']['offsets']['next'] - $this->data['pageData']['offsets']['current'])); } //jchi 09/02/2008 17918 if (ACLController::checkAccess($this->seed->module_dir, 'delete', true)) { if ($this->delete) { $this->ss->assign('deleteLink', $this->buildDeleteLink()); } } if (ACLController::checkAccess($this->seed->module_dir, 'export', true)) { if ($this->export) { $this->ss->assign('exportLink', $this->buildExportLink()); } } $this->ss->assign('quickViewLinks', $this->quickViewLinks); if ($this->mailMerge) { $this->ss->assign('mergeLink', $this->buildMergeLink()); } // still check for mailmerge access if ($this->mergeduplicates) { $this->ss->assign('mergedupLink', $this->buildMergeDuplicatesLink()); } if (isset($_REQUEST['module']) && $_REQUEST['module'] == 'Reports' && (isset($_REQUEST['favorite']) && $_REQUEST['favorite'] == 1)) { $this->ss->assign('favoritesLink', $this->buildRemoveFavoritesLink()); } else { if (isset($_REQUEST['module']) && $_REQUEST['module'] == 'Reports') { $this->ss->assign('favoritesLink', $this->buildFavoritesLink()); } } if (isset($_REQUEST['module']) && ($_REQUEST['module'] == 'Contacts' || $_REQUEST['module'] == 'Accounts' || $_REQUEST['module'] == 'Leads')) { $this->ss->assign('composeEmailLink', $this->buildComposeEmailLink($this->data['pageData']['offsets']['total'])); } // if // handle save checks and stuff if ($this->multiSelect) { if ($this->data['pageData']['bean']['moduleDir'] == 'KBDocuments') { $this->ss->assign('selectedObjectsSpan', $this->buildSelectedObjectsSpan(true, $this->data['pageData']['offsets']['current'])); } else { $this->ss->assign('selectedObjectsSpan', $this->buildSelectedObjectsSpan(true, $this->data['pageData']['offsets']['total'])); } $this->ss->assign('multiSelectData', $this->getMultiSelectData()); } // include button for Adding to Target List if in one of four applicable modules if (isset($_REQUEST['module']) && in_array($_REQUEST['module'], array('Contacts', 'Prospects', 'Leads', 'Accounts'))) { $this->ss->assign('targetLink', $this->buildTargetList()); } $this->processArrows($data['pageData']['ordering']); $this->ss->assign('prerow', $this->multiSelect); $this->ss->assign('clearAll', $app_strings['LBL_CLEARALL']); $this->ss->assign('rowColor', array('oddListRow', 'evenListRow')); $this->ss->assign('bgColor', array($odd_bg, $even_bg)); $this->ss->assign('contextMenus', $this->contextMenus); $this->ss->assign('is_admin_for_user', is_admin_for_module($GLOBALS['current_user'], 'Users')); $this->ss->assign('is_admin', is_admin($GLOBALS['current_user'])); if ($this->contextMenus && !empty($contextMenuObjectsTypes)) { $script = ''; $cm = new contextMenu(); foreach ($contextMenuObjectsTypes as $type => $value) { $cm->loadFromFile($type); $script .= $cm->getScript(); $cm->menuItems = array(); // clear menuItems out } $this->ss->assign('contextMenuScript', $script); } }
protected function saveImportBean($focus, $newRecord) { global $timedate, $current_user; // Populate in any default values to the bean $focus->populateDefaultValues(); if (!isset($focus->assigned_user_id) || $focus->assigned_user_id == '' && $newRecord) { $focus->assigned_user_id = $current_user->id; } /* * Bug 34854: Added all conditions besides the empty check on date modified. */ if (!empty($focus->new_with_id) && !empty($focus->date_modified) || empty($focus->new_with_id) && $timedate->to_db($focus->date_modified) != $timedate->to_db($timedate->to_display_date_time($focus->fetched_row['date_modified']))) { $focus->update_date_modified = false; } // Bug 53636 - Allow update of "Date Created" if (!empty($focus->date_entered)) { $focus->update_date_entered = true; } $focus->optimistic_lock = false; if ($focus->object_name == "Contact" && isset($focus->sync_contact)) { //copy the potential sync list to another varible $list_of_users = $focus->sync_contact; //and set it to false for the save $focus->sync_contact = false; } else { if ($focus->object_name == "User" && !empty($current_user) && $focus->is_admin && !is_admin($current_user) && is_admin_for_module($current_user, 'Users')) { sugar_die($GLOBALS['mod_strings']['ERR_IMPORT_SYSTEM_ADMININSTRATOR']); } } //bug# 46411 importing Calls will not populate Leads or Contacts Subpanel if (!empty($focus->parent_type) && !empty($focus->parent_id)) { foreach ($focus->relationship_fields as $key => $val) { if ($val == strtolower($focus->parent_type)) { $focus->{$key} = $focus->parent_id; } } } //bug# 40260 setting it true as the module in focus is involved in an import $focus->in_import = true; // call any logic needed for the module preSave $focus->beforeImportSave(); // Bug51192: check if there are any changes in the imported data $hasDataChanges = false; $dataChanges = $focus->db->getAuditDataChanges($focus); if (!empty($dataChanges)) { foreach ($dataChanges as $field => $fieldData) { if ($fieldData['data_type'] != 'date' || strtotime($fieldData['before']) != strtotime($fieldData['after'])) { $hasDataChanges = true; break; } } } // if modified_user_id is set, set the flag to false so SugarBEan will not reset it if (isset($focus->modified_user_id) && $focus->modified_user_id && !$hasDataChanges) { $focus->update_modified_by = false; } // if created_by is set, set the flag to false so SugarBEan will not reset it if (isset($focus->created_by) && $focus->created_by) { $focus->set_created_by = false; } if ($focus->object_name == "Contact" && isset($list_of_users)) { $focus->process_sync_to_outlook($list_of_users); } $focus->save(false); //now that save is done, let's make sure that parent and related id's were saved as relationships //this takes place before the afterImportSave() $this->checkRelatedIDsAfterSave($focus); // call any logic needed for the module postSave $focus->afterImportSave(); // Add ID to User's Last Import records if ($newRecord) { $this->importSource->writeRowToLastImport($_REQUEST['import_module'], $focus->object_name == 'Case' ? 'aCase' : $focus->object_name, $focus->id); } }
* This program is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS * FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more * details. * * You should have received a copy of the GNU Affero General Public License along with * this program; if not, see http://www.gnu.org/licenses or write to the Free * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA * 02110-1301 USA. * * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road, * SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com. * * The interactive user interfaces in modified source and object code versions * of this program must display Appropriate Legal Notices, as required under * Section 5 of the GNU Affero General Public License version 3. * * In accordance with Section 7(b) of the GNU Affero General Public License version 3, * these Appropriate Legal Notices must retain the display of the "Powered by * SugarCRM" logo. If the display of the logo is not reasonably feasible for * technical reasons, the Appropriate Legal Notices must display the words * "Powered by SugarCRM". ********************************************************************************/ $layout_defs['Users'] = array('subpanel_setup' => array(), 'default_subpanel_define' => array('subpanel_title' => 'LBL_DEFAULT_SUBPANEL_TITLE', 'sort_by' => 'name', 'sort_order' => 'asc', 'top_buttons' => array(array('widget_class' => 'SubPanelTopCreateButton'), array('widget_class' => 'SubPanelTopSelectButton', 'popup_module' => 'Users', 'mode' => 'MultiSelect')), 'list_fields' => array('Users' => array('columns' => array(array('name' => 'first_name', 'usage' => 'query_only'), array('name' => 'last_name', 'usage' => 'query_only'), array('name' => 'name', 'vname' => 'LBL_LIST_NAME', 'widget_class' => 'SubPanelDetailViewLink', 'module' => 'Users', 'width' => '25%'), array('name' => 'user_name', 'vname' => 'LBL_LIST_USER_NAME', 'width' => '25%'), array('name' => 'email1', 'vname' => 'LBL_LIST_EMAIL', 'width' => '25%'), array('name' => 'phone_work', 'vname' => 'LBL_LIST_PHONE', 'width' => '21%'), array('name' => 'nothing', 'widget_class' => 'SubPanelRemoveButton', 'module' => 'Users', 'width' => '4%', 'linked_field' => 'users')))))); $layout_defs['UserRoles'] = array('subpanel_setup' => array('aclroles' => array('top_buttons' => array(array('widget_class' => 'SubPanelTopSelectButton', 'popup_module' => 'ACLRoles', 'mode' => 'MultiSelect')), 'order' => 20, 'sort_by' => 'name', 'sort_order' => 'asc', 'module' => 'ACLRoles', 'refresh_page' => 1, 'subpanel_name' => 'default', 'get_subpanel_data' => 'aclroles', 'add_subpanel_data' => 'role_id', 'title_key' => 'LBL_ROLES_SUBPANEL_TITLE'))); global $current_user; if (is_admin($current_user) || is_admin_for_module($current_user, 'Users')) { $layout_defs['UserRoles']['subpanel_setup']['aclroles']['subpanel_name'] = 'admin'; } else { $layout_defs['UserRoles']['subpanel_setup']['aclroles']['top_buttons'] = array(); }
} $GLOBALS['log']->info("Here is the where clause for the list view: {$where}"); } // start display // which tab of search form to display if (!isset($_REQUEST['search_form']) || $_REQUEST['search_form'] != 'false') { $searchForm->setup(); if (isset($_REQUEST['searchFormTab']) && $_REQUEST['searchFormTab'] == 'advanced_search') { $searchForm->displayAdvanced(true, false, $listViewDefs, $lv); } else { $searchForm->displayBasic(); } } $lv->setup($seedUser, 'include/ListView/ListViewGeneric.tpl', $where, $params); $savedSearchName = empty($_REQUEST['saved_search_select_name']) ? '' : ' - ' . $_REQUEST['saved_search_select_name']; echo get_form_header($current_module_strings['LBL_LIST_FORM_TITLE'] . $savedSearchName, '', false); //Module administrators with user management can't update any user to "system administrator" with massupdate if (!is_admin($GLOBALS['current_user']) && is_admin_for_module($GLOBALS['current_user'], 'Users')) { $lv->lvd->seed->field_defs['is_admin']['massupdate'] = ''; } echo $lv->display(); $savedSearch = new SavedSearch(); $json = getJSONobj(); // fills in saved views select box on shortcut menu $savedSearchSelects = $json->encode(array($GLOBALS['app_strings']['LBL_SAVED_SEARCH_SHORTCUT'] . '<br>' . $savedSearch->getSelect('Users'))); $str = "<script>\nYAHOO.util.Event.addListener(window, 'load', SUGAR.util.fillShortcuts, {$savedSearchSelects});\n"; if (!empty($current_user) && is_admin($current_user)) { $str .= "var current_admin_id = '" . $current_user->id . "';"; } $str .= "</script>"; echo $str;
$sugar_smarty->assign('IS_SUPER_ADMIN', '1'); } else { $sugar_smarty->assign('IS_SUPER_ADMIN', '0'); } //jc:12293 - modifying to use the accessor method which will translate the //available character sets using the translation files $sugar_smarty->assign('EXPORT_CHARSET', get_select_options_with_id($locale->getCharsetSelect(), $locale->getExportCharset('', $focus))); //end:12293 if ($focus->getPreference('use_real_names') == 'on') { $sugar_smarty->assign('USE_REAL_NAMES', 'CHECKED'); } if ($focus->getPreference('no_opps') == 'on') { $sugar_smarty->assign('NO_OPPS', 'CHECKED'); } // check if the user has access to the User Management $sugar_smarty->assign('USER_ADMIN', is_admin_for_module($current_user, 'Users') && !is_admin($current_user)); /////////////////////////////////////////////////////////////////////////////// //// NEW USER CREATION ONLY if (empty($focus->id)) { $sugar_smarty->assign('SHOW_ADMIN_CHECKBOX', 'height="30"'); $sugar_smarty->assign('NEW_USER', '1'); } else { $sugar_smarty->assign('NEW_USER', '0'); $sugar_smarty->assign('NEW_USER_TYPE', 'DISABLED'); } //// END NEW USER CREATION ONLY /////////////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////////////// //// REDIRECTS FROM COMPOSE EMAIL SCREEN if (isset($_REQUEST['type']) && (isset($_REQUEST['return_module']) && $_REQUEST['return_module'] == 'Emails')) { $sugar_smarty->assign('REDIRECT_EMAILS_TYPE', $_REQUEST['type']);
* * In accordance with Section 7(b) of the GNU General Public License version 3, * these Appropriate Legal Notices must retain the display of the "Powered by * SugarCRM" logo. If the display of the logo is not reasonably feasible for * technical reasons, the Appropriate Legal Notices must display the words * "Powered by SugarCRM". ********************************************************************************/ /********************************************************************************* * Description: TODO: To be written. * Portions created by SugarCRM are Copyright (C) SugarCRM, Inc. * All Rights Reserved. * Contributor(s): ______________________________________.. ********************************************************************************/ /*************** general UI Stuff ****************/ global $mod_strings, $app_list_strings, $app_strings, $current_user; if (!is_admin($current_user) && !is_admin_for_module($GLOBALS['current_user'], 'Campaigns')) { sugar_die("Unauthorized access to administration."); } echo "<h2>" . get_module_title($mod_strings['LBL_MODULE_NAME'], $mod_strings['LBL_EMAIL_SETUP_WIZARD_TITLE'], true) . "</h2>"; global $theme; global $currentModule; //get administration bean for email setup $focus = new Administration(); $focus->retrieveSettings(); //retrieve all admin settings. $GLOBALS['log']->info("Mass Emailer(EmailMan) ConfigureSettings view"); $email = new Email(); $ss = new Sugar_Smarty(); $ss->assign("MOD", $mod_strings); $ss->assign("APP", $app_strings); if (isset($_REQUEST['return_module'])) {