$site->debug->msg($sth->debug->get_msgs());
}
# if found profile data
####### write log
new Log(array('action' => 'update', 'component' => 'User groups', 'message' => "Group '" . $sql_field_values['name'] . "' updated"));
}
# op
} elseif ($site->fdat['tab'] == 'members') {
if ($op2 == 'remove_member' && $site->fdat['user_id']) {
print "remove member: " . $site->fdat['user_id'];
}
} elseif ($site->fdat['tab'] == 'permissions') {
$site->fdat['group_id'] = '';
####### save permissions to database
include_once $class_path . "permissions.inc.php";
save_permissions(array("type" => 'ACL'));
$site->fdat['group_id'] = $site->fdat['id'];
}
# / SAVE PERMISSIONS TAB
##############
############ DELETE
# -delete is allowed only the when no user is in the group
# -Everybody group can't be deleted
if ($op == 'delete') {
# do double-checks if allowed to delete
# 1. if subgroups exist, don't allow to delete
$group->subgroups_count = $group->get_subgroups_count();
# 2. if members exist, don't allow to delete
$group->members_count = $group->get_members_count();
if (!$group->subgroups_count && !$group->members_count) {
# delete if allowed and is not everybody (is_predefined)
/**
* Show update permissions page
*
* @param void
* @return null
*/
function update_permissions()
{
$user = Contacts::findById(get_id());
if (!($user instanceof Contact && $user->isUser()) || $user->getDisabled()) {
flash_error(lang('user dnx'));
ajx_current("empty");
return;
}
// if
if (!$user->canUpdatePermissions(logged_user())) {
flash_error(lang('no access permissions'));
ajx_current("empty");
return;
}
// if
$redirect_to = array_var($_GET, 'redirect_to');
if (trim($redirect_to) == '' || !is_valid_url($redirect_to)) {
$redirect_to = $user->getCardUserUrl();
}
// if
$sys_permissions_data = array_var($_POST, 'sys_perm');
if (!is_array($sys_permissions_data)) {
$pg_id = $user->getPermissionGroupId();
$parameters = permission_form_parameters($pg_id);
// Module Permissions
$module_permissions = TabPanelPermissions::findAll(array("conditions" => "`permission_group_id` = {$pg_id}"));
$module_permissions_info = array();
foreach ($module_permissions as $mp) {
$module_permissions_info[$mp->getTabPanelId()] = 1;
}
$all_modules = TabPanels::findAll(array("conditions" => "`enabled` = 1", "order" => "ordering"));
$all_modules_info = array();
foreach ($all_modules as $module) {
$all_modules_info[] = array('id' => $module->getId(), 'name' => lang($module->getTitle()), 'ot' => $module->getObjectTypeId());
}
// System Permissions
$system_permissions = SystemPermissions::findById($pg_id);
tpl_assign('module_permissions_info', $module_permissions_info);
tpl_assign('all_modules_info', $all_modules_info);
tpl_assign('system_permissions', $system_permissions);
tpl_assign('permission_parameters', $parameters);
$more_permissions = array();
Hook::fire('add_user_permissions', $pg_id, $more_permissions);
tpl_assign('more_permissions', $more_permissions);
// Permission Groups
$groups = PermissionGroups::getNonPersonalSameLevelPermissionsGroups('`parent_id`,`id` ASC');
tpl_assign('groups', $groups);
$roles = SystemPermissions::getAllRolesPermissions();
tpl_assign('roles', $roles);
$tabs = TabPanelPermissions::getAllRolesModules();
tpl_assign('tabs_allowed', $tabs);
tpl_assign('guest_groups', PermissionGroups::instance()->getGuestPermissionGroups());
}
tpl_assign('user', $user);
tpl_assign('redirect_to', $redirect_to);
if (array_var($_POST, 'submitted') == 'submitted') {
$user_data = array_var($_POST, 'user');
if (!is_array($user_data)) {
$user_data = array();
}
try {
DB::beginWork();
$pg_id = $user->getPermissionGroupId();
$user->setUserType(array_var($user_data, 'type'));
$user->save();
save_permissions($pg_id, $user->isGuest());
DB::commit();
flash_success(lang('success user permissions updated'));
ajx_current("back");
} catch (Exception $e) {
DB::rollback();
flash_error($e->getMessage());
ajx_current("empty");
}
}
// if
}
if ($site->fdat['tab'] == 'seo') {
include_once 'edit_object_metadata.php';
if ($site->fdat['op'] == 'edit') {
if ($site->fdat['op2'] == 'saveclose') {
salvesta_objekt_metadata();
}
}
}
# / SAVE SEO TAB
##############
##############
# SAVE PERMISSIONS TAB
if ($site->fdat['tab'] == 'permissions') {
####### save permissions to database
include_once $class_path . "permissions.inc.php";
save_permissions(array("type" => 'OBJ'));
############# if update then REDIRECT PAGE: to get correct GET URL again
if ($site->fdat['op2'] != 'saveclose') {
header("Location: " . $site->self . "?tab=" . $site->fdat['tab'] . "&id=" . $site->fdat['id'] . "&keel=" . $site->fdat['keel'] . '&callback=' . $site->fdat['callback']);
}
}
# / SAVE PERMISSIONS TAB
##############
##############
# SAVE OBJECT TAB
if ($site->fdat['tab'] == 'object') {
$is_new = $site->fdat['op'] == 'new' ? true : false;
if (function_exists('onBeforeObjectSave')) {
$site->globals['onBeforeObjectSave'] = onBeforeObjectSave($objekt);
}
include_once "edit_object.php";
/**
* Edit group
*
* @param void
* @return null
*/
function edit() {
$this->setTemplate('add');
if(!can_manage_security(logged_user())) {
flash_error(lang('no access permissions'));
ajx_current("empty");
return ;
} // if
$group = PermissionGroups::findById(get_id());
if(!($group instanceof PermissionGroup)) {
flash_error(lang('group dnx'));
$this->redirectTo('administration', 'groups');
} // if
$group_data = array_var($_POST, 'group');
if(!is_array($group_data)) {
$pg_id = $group->getId();
$parameters = permission_form_parameters($pg_id);
// Module Permissions
$module_permissions = TabPanelPermissions::findAll(array("conditions" => "`permission_group_id` = $pg_id"));
$module_permissions_info = array();
foreach ($module_permissions as $mp) {
$module_permissions_info[$mp->getTabPanelId()] = 1;
}
$all_modules = TabPanels::findAll(array("conditions" => "`enabled` = 1", "order" => "ordering"));
$all_modules_info = array();
foreach ($all_modules as $module) {
$all_modules_info[] = array('id' => $module->getId(), 'name' => lang($module->getTitle()), 'ot' => $module->getObjectTypeId());
}
// System Permissions
$system_permissions = SystemPermissions::findById($pg_id);
tpl_assign('module_permissions_info', $module_permissions_info);
tpl_assign('all_modules_info', $all_modules_info);
tpl_assign('system_permissions', $system_permissions);
tpl_assign('permission_parameters', $parameters);
// users
$group_users = array();
$cpgs = ContactPermissionGroups::findAll(array("conditions" => "`permission_group_id` = $pg_id"));
foreach($cpgs as $cpg) $group_users[] = $cpg->getContactId();
tpl_assign('groupUserIds', $group_users);
tpl_assign('users', Contacts::getAllUsers());
tpl_assign('group', $group);
tpl_assign('group_data', array('name' => $group->getName()));
} else {
try {
$group->setFromAttributes($group_data);
DB::beginWork();
$group->save();
// set permissions
$pg_id = $group->getId();
save_permissions($pg_id);
// save users
ContactPermissionGroups::delete("`permission_group_id` = $pg_id");
if ($users = array_var($_POST, 'user')) {
foreach ($users as $user_id => $val){
if ($val=='checked' && is_numeric($user_id) && (Contacts::findById($user_id) instanceof Contact)) {
$cpg = new ContactPermissionGroup();
$cpg->setPermissionGroupId($pg_id);
$cpg->setContactId($user_id);
$cpg->save();
}
}
}
//ApplicationLogs::createLog($group, ApplicationLogs::ACTION_EDIT);
DB::commit();
flash_success(lang('success edit group', $group->getName()));
ajx_current("back");
} catch(Exception $e) {
DB::rollback();
tpl_assign('error', $e);
}
}
} // edit
function create_user($user_data, $permissionsString) {
// try to find contact by some properties
$contact_id = array_var($user_data, "contact_id") ;
$contact = Contacts::instance()->findById($contact_id) ;
if (!is_valid_email(array_var($user_data, 'email'))) {
throw new Exception(lang("email value is required"));
}
if (!$contact instanceof Contact) {
// Create a new user
$contact = new Contact();
$contact->setUsername(array_var($user_data, 'username'));
$contact->setDisplayName(array_var($user_data, 'display_name'));
$contact->setCompanyId(array_var($user_data, 'company_id'));
$contact->setUserType(array_var($user_data, 'type'));
$contact->setTimezone(array_var($user_data, 'timezone'));
$contact->setFirstname($contact->getObjectName() != "" ? $contact->getObjectName() : $contact->getUsername());
$contact->setObjectName();
} else {
// Create user from contact
$contact->setUserType(array_var($user_data, 'type'));
if (array_var($user_data, 'company_id')) {
$contact->setCompanyId(array_var($user_data, 'company_id'));
}
$contact->setUsername(array_var($user_data, 'username'));
$contact->setTimezone(array_var($user_data, 'timezone'));
}
$contact->save();
if (is_valid_email(array_var($user_data, 'email'))) {
$contact->addEmail(array_var($user_data, 'email'), 'personal', true);
}
//permissions
$permission_group = new PermissionGroup();
$permission_group->setName('User '.$contact->getId().' Personal');
$permission_group->setContactId($contact->getId());
$permission_group->setIsContext(false);
$permission_group->setType("permission_groups");
$permission_group->save();
$contact->setPermissionGroupId($permission_group->getId());
$contact_pg = new ContactPermissionGroup();
$contact_pg->setContactId($contact->getId());
$contact_pg->setPermissionGroupId($permission_group->getId());
$contact_pg->save();
if ( can_manage_security(logged_user()) ) {
$sp = new SystemPermission();
$rol_permissions=SystemPermissions::getRolePermissions(array_var($user_data, 'type'));
foreach($rol_permissions as $pr){
$sp->setPermission($pr);
}
$sp->setPermissionGroupId($permission_group->getId());
$sp->setCanManageSecurity(array_var($user_data, 'can_manage_security'));
$sp->setCanManageConfiguration(array_var($user_data, 'can_manage_configuration'));
$sp->setCanManageTemplates(array_var($user_data, 'can_manage_templates'));
$sp->setCanManageTime(array_var($user_data, 'can_manage_time'));
$sp->setCanAddMailAccounts(array_var($user_data, 'can_add_mail_accounts'));
$sp->setCanManageDimensions(array_var($user_data, 'can_manage_dimensions'));
$sp->setCanManageDimensionMembers(array_var($user_data, 'can_manage_dimension_members'));
$sp->setCanManageTasks(array_var($user_data, 'can_manage_tasks'));
$sp->setCanTasksAssignee(array_var($user_data, 'can_task_assignee'));
$sp->setCanManageBilling(array_var($user_data, 'can_manage_billing'));
$sp->setCanViewBilling(array_var($user_data, 'can_view_billing'));
Hook::fire('add_user_permissions', $sp, $other_permissions);
if (!is_null($other_permissions) && is_array($other_permissions)) {
foreach ($other_permissions as $k => $v) {
$sp->setColumnValue($k, array_var($user_data, $k));
}
}
$sp->save();
if ($contact->isAdminGroup()) {
// allow all un all dimensions if new user is admin
$dimensions = Dimensions::findAll();
$permissions = array();
foreach ($dimensions as $dimension) {
if ($dimension->getDefinesPermissions()) {
$cdp = ContactDimensionPermissions::findOne(array("conditions" => "`permission_group_id` = ".$contact->getPermissionGroupId()." AND `dimension_id` = ".$dimension->getId()));
if (!$cdp instanceof ContactDimensionPermission) {
$cdp = new ContactDimensionPermission();
$cdp->setPermissionGroupId($contact->getPermissionGroupId());
$cdp->setContactDimensionId($dimension->getId());
}
$cdp->setPermissionType('allow all');
$cdp->save();
// contact member permisssion entries
$members = $dimension->getAllMembers();
foreach ($members as $member) {
$ots = DimensionObjectTypeContents::getContentObjectTypeIds($dimension->getId(), $member->getObjectTypeId());
$ots[]=$member->getObjectId();
foreach ($ots as $ot) {
$cmp = ContactMemberPermissions::findOne(array("conditions" => "`permission_group_id` = ".$contact->getPermissionGroupId()." AND `member_id` = ".$member->getId()." AND `object_type_id` = $ot"));
if (!$cmp instanceof ContactMemberPermission) {
$cmp = new ContactMemberPermission();
$cmp->setPermissionGroupId($contact->getPermissionGroupId());
$cmp->setMemberId($member->getId());
$cmp->setObjectTypeId($ot);
}
$cmp->setCanWrite(1);
$cmp->setCanDelete(1);
$cmp->save();
// Add persmissions to sharing table
$perm = new stdClass();
$perm->m = $member->getId();
$perm->r= 1;
$perm->w= 1;
$perm->d= 1;
$perm->o= $ot;
$permissions[] = $perm ;
}
}
}
}
if(count($permissions)){
$sharingTableController = new SharingTableController();
$sharingTableController->afterPermissionChanged($contact->getPermissionGroupId(), $permissions);
}
}
}
if(!isset($_POST['sys_perm'])){
$rol_permissions=SystemPermissions::getRolePermissions(array_var($user_data, 'type'));
$_POST['sys_perm']=array();
foreach($rol_permissions as $pr){
$_POST['sys_perm'][$pr]=1;
}
}
if(!isset($_POST['mod_perm'])){
$tabs_permissions=TabPanelPermissions::getRoleModules(array_var($user_data, 'type'));
$_POST['mod_perm']=array();
foreach($tabs_permissions as $pr){
$_POST['mod_perm'][$pr]=1;
}
}
$password = '';
if (array_var($user_data, 'password_generator') == 'specify') {
$perform_password_validation = true;
// Validate input
$password = array_var($user_data, 'password');
if (trim($password) == '') {
throw new Error(lang('password value required'));
} // if
if ($password <> array_var($user_data, 'password_a')) {
throw new Error(lang('passwords dont match'));
} // if
} else {
$user_data['password_generator'] = 'link';
$perform_password_validation = false;
}
$contact->setPassword($password);
$contact->save();
$user_password = new ContactPassword();
$user_password->setContactId($contact->getId());
$user_password->setPasswordDate(DateTimeValueLib::now());
$user_password->setPassword(cp_encrypt($password, $user_password->getPasswordDate()->getTimestamp()));
$user_password->password_temp = $password;
$user_password->perform_validation = $perform_password_validation;
$user_password->save();
if (array_var($user_data, 'autodetect_time_zone', 1) == 1) {
set_user_config_option('autodetect_time_zone', 1, $contact->getId());
}
/* create contact for this user*/
ApplicationLogs::createLog($contact, ApplicationLogs::ACTION_ADD);
// Set role permissions for active members
$active_context = active_context();
$sel_members = array();
foreach ($active_context as $selection) {
if ($selection instanceof Member) {
$sel_members[] = $selection;
$has_project_permissions = ContactMemberPermissions::instance()->count("permission_group_id = '".$contact->getPermissionGroupId()."' AND member_id = ".$selection->getId()) > 0;
if (!$has_project_permissions) {
RoleObjectTypePermissions::createDefaultUserPermissions($contact, $selection);
}
}
}
save_permissions($contact->getPermissionGroupId(), $contact->isGuest());
Hook::fire('after_user_add', $contact, $null);
// add user content object to associated members
if (count($sel_members) > 0) {
ObjectMembers::addObjectToMembers($contact->getId(), $sel_members);
$contact->addToSharingTable();
}
// Send notification
try {
if (array_var($user_data, 'send_email_notification') && $contact->getEmailAddress()) {
if (array_var($user_data, 'password_generator', 'link') == 'link') {
// Generate link password
$user = Contacts::getByEmail(array_var($user_data, 'email'));
$token = sha1(gen_id() . (defined('SEED') ? SEED : ''));
$timestamp = time() + 60*60*24;
set_user_config_option('reset_password', $token . ";" . $timestamp, $user->getId());
Notifier::newUserAccountLinkPassword($contact, $password, $token);
} else {
Notifier::newUserAccount($contact, $password);
}
}
} catch(Exception $e) {
Logger::log($e->getTraceAsString());
} // try
return $contact;
}
function save_user_permissions_background($user, $pg_id, $is_guest = false, $users_ids_to_check = array(), $only_member_permissions = false)
{
// system permissions
$sys_permissions_data = array_var($_POST, 'sys_perm');
// module permissions
$mod_permissions_data = array_var($_POST, 'mod_perm');
// root permissions
$rp_permissions_data = array();
$set_root_permissions = false;
$tmp_contact = Contacts::findOne(array('conditions' => "permission_group_id={$pg_id}"));
if ($tmp_contact instanceof Contact && $tmp_contact->getUserType() > 0) {
if (in_array($tmp_contact->getUserTypeName(), array('Super Administrator', 'Administrator', 'Manager', 'Executive'))) {
$set_root_permissions = true;
}
}
$rp_genid = array_var($_POST, 'root_perm_genid', '0');
if ($rp_genid && $set_root_permissions) {
foreach ($_POST as $name => $value) {
if (str_starts_with($name, $rp_genid . 'rg_root_')) {
$rp_permissions_data[$name] = $value;
}
}
}
// member permissions
$permissionsString = array_var($_POST, 'permissions');
if (substr(php_uname(), 0, 7) == "Windows" || !can_save_permissions_in_background()) {
//pclose(popen("start /B ". $command, "r"));
save_permissions($pg_id, $is_guest, null, true, true, true, true, $users_ids_to_check, $only_member_permissions);
} else {
// save permissions in background
$perm_filename = ROOT . "/tmp/uperm_" . gen_id();
file_put_contents($perm_filename, $permissionsString);
$sys_filename = ROOT . "/tmp/sys_" . gen_id();
file_put_contents($sys_filename, json_encode($sys_permissions_data));
$mod_filename = ROOT . "/tmp/mod_" . gen_id();
file_put_contents($mod_filename, json_encode($mod_permissions_data));
$rp_filename = ROOT . "/tmp/rp_" . gen_id();
file_put_contents($rp_filename, json_encode($rp_permissions_data));
$usrcheck_filename = ROOT . "/tmp/usrcheck_" . gen_id();
file_put_contents($usrcheck_filename, json_encode($users_ids_to_check));
$only_mem_perm_str = $only_member_permissions ? "1" : "0";
$is_guest_str = $is_guest ? "1" : "0";
$command = "nice -n19 " . PHP_PATH . " " . ROOT . "/application/helpers/save_user_permissions.php " . ROOT . " " . $user->getId() . " " . $user->getTwistedToken() . " {$pg_id} {$is_guest_str} {$perm_filename} {$sys_filename} {$mod_filename} {$rp_filename} {$usrcheck_filename} {$rp_genid} {$only_mem_perm_str}";
exec("{$command} > /dev/null &");
//Test php command
exec(PHP_PATH . " -r 'echo function_exists(\"foo\") ? \"yes\" : \"no\";' 2>&1", $output, $return_var);
if ($return_var != 0) {
Logger::log(print_r("Error executing php command", true));
Logger::log(print_r($output, true));
Logger::log(print_r("Error code: " . $return_var, true));
}
//END Test php command
}
}
$permissions_filename = array_var($argv, 6);
$sys_permissions_filename = array_var($argv, 7);
$mod_permissions_filename = array_var($argv, 8);
$root_permissions_filename = array_var($argv, 9);
$users_ids_to_check_filename = array_var($argv, 10);
$root_permissions_genid = array_var($argv, 11);
$only_member_permissions = array_var($argv, 12) == "1";
$permissions = file_get_contents($permissions_filename);
$sys_permissions = json_decode(file_get_contents($sys_permissions_filename), true);
$mod_permissions = json_decode(file_get_contents($mod_permissions_filename), true);
$root_permissions = json_decode(file_get_contents($root_permissions_filename), true);
$users_ids_to_check = json_decode(file_get_contents($users_ids_to_check_filename), true);
$perms = array('permissions' => $permissions, 'sys_perm' => $sys_permissions, 'mod_perm' => $mod_permissions, 'root_perm' => $root_permissions, 'root_perm_genid' => $root_permissions_genid);
// save permissions
try {
$result = save_permissions($pg_id, $is_guest, $perms, true, false, false, false, array(), $only_member_permissions);
} catch (Exception $e) {
Logger::log("Error saving permissions (1): " . $e->getMessage() . "\n" . $e->getTraceAsString());
}
// update sharing table
try {
// create flag for this $pg_id
DB::beginWork();
$flag = new SharingTableFlag();
$flag->setPermissionGroupId($pg_id);
$flag->setMemberId(0);
$flag->setPermissionString($permissions);
$flag->setExecutionDate(DateTimeValueLib::now());
$flag->setCreatedById(logged_user()->getId());
$flag->save();
DB::commit();
###########################
# GO ON with real work
#################
# STEP2: SAVE DATA : close popup or don't close and refresh
if($op2) {
##############
# SAVE PERMISSIONS TAB
if($site->fdat['tab'] == 'permissions') {
####### save permissions to database
include_once($class_path."permissions.inc.php");
save_permissions(array(
"type" => 'ADMIN'
));
############# if update then REDIRECT PAGE: to get correct url again
if($site->fdat['op2']!='saveclose') {
header("Location: ".$site->self."?tab=".$site->fdat['tab']."&id=".$site->fdat['id']);
}
}
# / SAVE PERMISSIONS TAB
##############
##############
# refresh opener and close popup
if($op2=='saveclose' || $op2=='deleteconfirmed') {
?>
