/** * Delete Company * * @param void * @return null */ function delete() { if ($this->active_company->isNew()) { $this->httpError(HTTP_ERR_NOT_FOUND); } // if if (!$this->active_company->canDelete($this->logged_user)) { $this->httpError(HTTP_ERR_FORBIDDEN, null, true, $this->request->isApiCall()); } // if if ($this->active_company->isNew() || $this->active_company->isOwner()) { $this->httpError(HTTP_ERR_NOT_FOUND, null, true, $this->request->isApiCall()); } // if if ($this->request->isSubmitted()) { $old_name = $this->active_company->getName(); $delete = $this->active_company->delete(); if ($delete && !is_error($delete)) { if ($this->request->isApiCall()) { $this->httpOk(); } else { flash_success("Company ':name' has been deleted", array('name' => $old_name)); $this->redirectTo('people'); } // if } else { if ($this->request->isApiCall()) { $this->httpError(HTTP_ERR_OPERATION_FAILED, null, true, $this->request->isApiCall()); } else { flash_error("Failed to delete :name", array('name' => $old_name)); $this->redirectTo('people'); } // if } // if } else { $this->httpError(HTTP_ERR_BAD_REQUEST, null, true, $this->request->isApiCall()); } // if }
/** * Return all projects that this company is member of * * @access public * @param Company $company * @param string $additional_conditions Additional SQL conditions * @return array */ static function getProjectsByCompany(Company $company, $additional_conditions = null) { if ($company->isOwner()) { return Projects::getAll(); } $projects_table = Projects::instance()->getTableName(true); $project_companies_table = ProjectCompanies::instance()->getTableName(true); $projects = array(); $sql = "SELECT {$projects_table}.* FROM {$projects_table}, {$project_companies_table} WHERE ({$projects_table}.`id` = {$project_companies_table}.`project_id` AND {$project_companies_table}.`company_id` = " . DB::escape($company->getId()) . ')'; if (trim($additional_conditions) != '') { $sql .= " AND ({$additional_conditions})"; } $rows = DB::executeAll($sql); if (is_array($rows)) { foreach ($rows as $row) { $projects[] = Projects::instance()->loadFromRow($row); } // foreach } // if return count($projects) ? $projects : null; }
/** * Returns true if this user can see $company. Members of owener company and * coworkers are visible without project check! Also, members of owner company * can see all clients without any prior check! * * @param Company $company * @return boolean */ function canSeeCompany(Company $company) { if ($this->isMemberOfOwnerCompany()) { return true; } // if if ($company->isOwner()) { $this->visible_companies[$company->getId()] = true; return true; } // if if (isset($this->visible_companies[$company->getId()])) { return $this->visible_companies[$company->getId()]; } // if if ($this->getCompanyId() == $company->getId()) { $this->visible_companies[$company->getId()] = true; return true; } // if // Lets company projects for company of this user and for $company and // compare if we have projects where both companies work together $projects_1 = DB::executeAll("SELECT `project_id` FROM " . ProjectCompanies::instance()->getTableName(true) . " WHERE `company_id` = ?", $this->getCompanyId()); $projects_2 = DB::executeAll("SELECT `project_id` FROM " . ProjectCompanies::instance()->getTableName(true) . " WHERE `company_id` = ?", $company->getId()); if (!is_array($projects_1) || !is_array($projects_2)) { $this->visible_companies[$company->getId()] = false; return false; } // if foreach ($projects_1 as $project_id) { if (in_array($project_id, $projects_2)) { $this->visible_companies[$company->getId()] = true; return true; } // if } // foreach $this->visible_companies[$company->getId()] = false; return false; } // canSeeCompany
/** * Check if specific user can remove company from project * * @access public * @param User $user * @param Company $remove_company Remove this company * @return boolean */ function canRemoveCompanyFromProject(User $user, Company $remove_company) { if ($remove_company->isOwner()) { return false; } return $user->isAccountOwner() || $user->isAdministrator(); }
/** * Check if specific user can remove company from project * * @access public * @param User $user * @param Company $remove_company Remove this company * @return boolean */ function canRemoveCompanyFromProject(User $user, Company $remove_company) { if ($remove_company->isOwner()) { return false; } return ($this->getCreatedById() == $user->getId()) || $user->isAccountOwner() || $user->isAdministrator(); } // canRemoveCompanyFromProject
/** * Check if specific user can remove company from project * * @access public * @param User $user * @param Company $remove_company Remove this company * @return boolean */ function canRemoveCompanyFromProject(User $user, Company $remove_company) { if ($remove_company->isOwner()) { return false; } return $user->isAccountOwner() || can_manage_workspaces(logged_user()) || can_manage_security(logged_user()); }
/** * Returns true if this user can see $company. Members of owener company and * coworkers are visible without project check! Also, members of owner company * can see all clients without any prior check! * * @param Company $company * @return boolean */ function canSeeCompany(Company $company) { if ($this->isMemberOfOwnerCompany()) { return true; } // if if (isset($this->visible_companies[$company->getId()])) { return $this->visible_companies[$company->getId()]; } // if if ($company->isOwner()) { $this->visible_companies[$company->getId()] = true; return true; } // if if ($this->getCompanyId() == $company->getId()) { $this->visible_companies[$company->getId()] = true; return true; } // if if ($company->canView($this)) { $this->visible_companies[$company->getId()] = true; return true; } $this->visible_companies[$company->getId()] = false; return false; }
function import_from_csv_file() { if (logged_user()->isGuest()) { flash_error(lang('no access permissions')); ajx_current("empty"); return; } @set_time_limit(0); ini_set('auto_detect_line_endings', '1'); if (isset($_GET['from_menu']) && $_GET['from_menu'] == 1) { unset($_SESSION['history_back']); } if (isset($_SESSION['history_back'])) { unset($_SESSION['history_back']); ajx_current("start"); } else { if (!Contact::canAdd(logged_user(), active_or_personal_project())) { flash_error(lang('no access permissions')); ajx_current("empty"); return; } // if $this->setTemplate('csv_import'); $type = array_var($_GET, 'type', array_var($_SESSION, 'import_type', 'contact')); //type of import (contact - company) if (!isset($_SESSION['import_type']) || $type != $_SESSION['import_type'] && $type != '') { $_SESSION['import_type'] = $type; } tpl_assign('import_type', $type); $filedata = array_var($_FILES, 'csv_file'); if (is_array($filedata) && !is_array(array_var($_POST, 'select_contact'))) { $filename = $filedata['tmp_name'] . '.csv'; copy($filedata['tmp_name'], $filename); $first_record_has_names = array_var($_POST, 'first_record_has_names', false); $delimiter = array_var($_POST, 'delimiter', ''); if ($delimiter == '') { $delimiter = $this->searchForDelimiter($filename); } $_SESSION['delimiter'] = $delimiter; $_SESSION['csv_import_filename'] = $filename; $_SESSION['first_record_has_names'] = $first_record_has_names; $titles = $this->read_csv_file($filename, $delimiter, true); tpl_assign('titles', $titles); } if (array_var($_GET, 'calling_back', false)) { $filename = $_SESSION['csv_import_filename']; $delimiter = $_SESSION['delimiter']; $first_record_has_names = $_SESSION['first_record_has_names']; $titles = $this->read_csv_file($filename, $delimiter, true); unset($_GET['calling_back']); tpl_assign('titles', $titles); } if (is_array(array_var($_POST, 'select_contact')) || is_array(array_var($_POST, 'select_company'))) { $type = $_SESSION['import_type']; $filename = $_SESSION['csv_import_filename']; $delimiter = $_SESSION['delimiter']; $first_record_has_names = $_SESSION['first_record_has_names']; $registers = $this->read_csv_file($filename, $delimiter); $import_result = array('import_ok' => array(), 'import_fail' => array()); $i = $first_record_has_names ? 1 : 0; while ($i < count($registers)) { try { DB::beginWork(); if ($type == 'contact') { $contact_data = $this->buildContactData(array_var($_POST, 'select_contact'), array_var($_POST, 'check_contact'), $registers[$i]); $contact_data['import_status'] = '(' . lang('updated') . ')'; $fname = mysql_real_escape_string(array_var($contact_data, "firstname")); $lname = mysql_real_escape_string(array_var($contact_data, "lastname")); $email_cond = array_var($contact_data, "email") != '' ? " OR email = '" . array_var($contact_data, "email") . "'" : ""; $contact = Contacts::findOne(array("conditions" => "firstname = '" . $fname . "' AND lastname = '" . $lname . "' {$email_cond}")); $log_action = ApplicationLogs::ACTION_EDIT; if (!$contact) { $contact = new Contact(); $contact_data['import_status'] = '(' . lang('new') . ')'; $log_action = ApplicationLogs::ACTION_ADD; $can_import = active_project() != null ? $contact->canAdd(logged_user(), active_project()) : can_manage_contacts(logged_user()); } else { $can_import = $contact->canEdit(logged_user()); } if ($can_import) { $comp_name = mysql_real_escape_string(array_var($contact_data, "company_id")); if ($comp_name != '') { $company = Companies::findOne(array("conditions" => "name = '{$comp_name}'")); if ($company) { $contact_data['company_id'] = $company->getId(); } else { $company_data = self::getCompanyDataFromContactData($contact_data); $company = new Company(); $company->setFromAttributes($company_data); if ($company->isOwner()) { $company->setClientOfId(0); } else { $company->setClientOfId(owner_company()->getId()); } $company->save(); ApplicationLogs::createLog($company, null, ApplicationLogs::ACTION_ADD); $company->setTagsFromCSV(array_var($_POST, 'tags')); if (active_project() instanceof Project) { $company->addToWorkspace(active_project()); } $contact_data['company_id'] = $company->getId(); } $contact_data['import_status'] .= " " . lang("company") . " {$comp_name}"; } else { $contact_data['company_id'] = 0; } $contact->setFromAttributes($contact_data); $contact->save(); ApplicationLogs::createLog($contact, null, $log_action); $contact->setTagsFromCSV(array_var($_POST, 'tags')); if (active_project() instanceof Project) { $pc = ProjectContacts::findOne(array("conditions" => "contact_id = " . $contact->getId() . " AND project_id = " . active_project()->getId())); if (!$pc) { $pc = new ProjectContact(); $pc->setContactId($contact->getId()); $pc->setProjectId(active_project()->getId()); $pc->setRole(array_var($contact_data, 'role')); $pc->save(); } $contact->addToWorkspace(active_project()); } $import_result['import_ok'][] = $contact_data; } else { throw new Exception(lang('no access permissions')); } } else { if ($type == 'company') { $contact_data = $this->buildCompanyData(array_var($_POST, 'select_company'), array_var($_POST, 'check_company'), $registers[$i]); $contact_data['import_status'] = '(' . lang('updated') . ')'; $comp_name = mysql_real_escape_string(array_var($contact_data, "name")); $company = Companies::findOne(array("conditions" => "name = '{$comp_name}'")); $log_action = ApplicationLogs::ACTION_EDIT; if (!$company) { $company = new Company(); $contact_data['import_status'] = '(' . lang('new') . ')'; $log_action = ApplicationLogs::ACTION_ADD; $can_import = active_project() != null ? $company->canAdd(logged_user(), active_project()) : can_manage_contacts(logged_user()) || logged_user()->isAccountOwner() || logged_user()->isAdministrator(); } else { $can_import = $company->canEdit(logged_user()); } if ($can_import) { $company->setFromAttributes($contact_data); if ($company->isOwner()) { $company->setClientOfId(0); } else { $company->setClientOfId(owner_company()->getId()); } $company->save(); ApplicationLogs::createLog($company, null, $log_action); $company->setTagsFromCSV(array_var($_POST, 'tags')); if (active_project() instanceof Project) { $company->addToWorkspace(active_project()); } $import_result['import_ok'][] = $contact_data; } else { throw new Exception(lang('no access permissions')); } } } DB::commit(); } catch (Exception $e) { DB::rollback(); $contact_data['fail_message'] = substr_utf($e->getMessage(), strpos_utf($e->getMessage(), "\r\n")); $import_result['import_fail'][] = $contact_data; } $i++; } unlink($_SESSION['csv_import_filename']); unset($_SESSION['csv_import_filename']); unset($_SESSION['delimiter']); unset($_SESSION['first_record_has_names']); unset($_SESSION['import_type']); $_SESSION['history_back'] = true; tpl_assign('import_result', $import_result); } } }