/** * Render form control * * @param string $control_name * @return string */ function render($control_name) { $value = $this->getValue(); $dimensions = Dimensions::instance()->findAll(); $permission_group_ids = ContactPermissionGroups::getPermissionGroupIdsByContactCSV(logged_user()->getId(), false); $out = ''; foreach ($dimensions as $dim) { /* @var $dim Dimension */ if ($dim->getOptions(1) && isset($dim->getOptions(1)->hidden) && $dim->getOptions(1)->hidden) { continue; } if (!$dim->getDefinesPermissions() || !$dim->deniesAllForContact($permission_group_ids)) { if (array_search($dim->getId(), $value) !== false) { $checked = 1; } else { $checked = 0; } $out .= '<div class="dimension" >'; $out .= label_tag($dim->getName(), null, false, array('style' => 'display:inline;margin:10px;vertical-align:super;')); $out .= checkbox_field($control_name . '[' . $dim->getId() . ']', $checked); $out .= '</div >'; } } $out .= '<input type="hidden" name="' . $control_name . '[0]" value=" ">'; return $out; }
static function userHasSystemPermission(Contact $user, $system_permission) { if ($user->isAdministrator()) { return true; } if (array_var(self::$permission_cache, $user->getId())) { if (array_key_exists($system_permission, self::$permission_cache[$user->getId()])) { return array_var(self::$permission_cache[$user->getId()], $system_permission); } } if (array_var(self::$permission_group_ids_cache, $user->getId())) { $contact_pg_ids = self::$permission_group_ids_cache[$user->getId()]; } else { $contact_pg_ids = ContactPermissionGroups::getPermissionGroupIdsByContactCSV($user->getId(), false); self::$permission_group_ids_cache[$user->getId()] = $contact_pg_ids; } $permission = self::findOne(array('conditions' => "`{$system_permission}` = 1 AND `permission_group_id` IN ({$contact_pg_ids})")); if (!array_var(self::$permission_cache, $user->getId())) { self::$permission_cache[$user->getId()] = array(); } if (!array_key_exists($system_permission, self::$permission_cache[$user->getId()])) { self::$permission_cache[$user->getId()][$system_permission] = !is_null($permission); } if (!is_null($permission)) { return true; } return false; }
/** * * @param array $permissions with the member and the changed_pgs */ function afterMemberPermissionChanged($permissions) { $member = array_var($permissions, 'member'); //get all users in the set of permissions groups $permissionGroupIds = array(); foreach (array_var($permissions, 'changed_pgs') as $pg_id) { $permissionGroupId = $pg_id; if (!in_array($permissionGroupId, $permissionGroupIds)) { $permissionGroupIds[] = $permissionGroupId; } } if (count($permissionGroupIds) > 0) { $usersIds = ContactPermissionGroups::getAllContactsIdsByPermissionGroupIds($permissionGroupIds); foreach ($usersIds as $us_id) { $user = Contacts::findById($us_id); ContactMemberCaches::updateContactMemberCache($user, $member->getId()); } } else { //update this member for all user in cache $contacts = Contacts::getAllUsers(); foreach ($contacts as $contact) { ContactMemberCaches::updateContactMemberCache($contact, $member->getId()); } } }
private function loadPanels($options) { if (!$this->panels) { $contact_pg_ids = ContactPermissionGroups::getPermissionGroupIdsByContactCSV(logged_user()->getId(), false); $this->panels = array(); $sql = "\r\n\t\t\t\tSELECT * FROM " . TABLE_PREFIX . "tab_panels \r\n\t\t\t\tWHERE \r\n\t\t\t\t\tenabled = 1 AND\t\t\t\t\t\r\n\t\t\t\t\t( \t\r\n\t\t\t\t\t\tplugin_id IS NULL OR plugin_id=0 OR\r\n\t\t\t\t\t\tplugin_id IN (SELECT id FROM " . TABLE_PREFIX . "plugins WHERE is_installed = 1 AND is_activated = 1) \r\n\t\t\t\t\t)\r\n\t\t\t\t\tAND id IN (SELECT tab_panel_id FROM " . TABLE_PREFIX . "tab_panel_permissions WHERE permission_group_id IN ({$contact_pg_ids}))\r\n\t\t\t\tORDER BY ordering ASC "; $res = DB::execute($sql); while ($row = $res->fetchRow()) { $object = array("title" => lang($row['title']), "id" => $row['id'], "quickAddTitle" => lang($row['default_controller']), "refreshOnWorkspaceChange" => (bool) $row['refresh_on_context_change'], "defaultController" => $row['default_controller'], "defaultContent" => array("type" => "url", "data" => get_url($row['default_controller'], $row['default_action'])), "enabled" => $row['enabled'], "type" => $row['type'], "tabTip" => lang($row['title'])); if (config_option('show_tab_icons')) { $object["iconCls"] = $row['icon_cls']; } if ($row['initial_controller'] && $row['initial_action']) { $object["initialContent"] = array("type" => "url", "data" => get_url($row['initial_controller'], $row['initial_action'])); } if ($row['id'] == 'more-panel' && config_option('getting_started_step') >= 99) { $object['closable'] = true; if (!user_config_option('settings_closed')) { $this->panels[] = $object; } } else { $this->panels[] = $object; } } } return $this->panels; }
private function loadPanels($options) { if (! $this->panels) { $contact_pg_ids = ContactPermissionGroups::getPermissionGroupIdsByContactCSV(logged_user()->getId(),false); $this->panels = array(); $sql = " SELECT * FROM " . TABLE_PREFIX . "tab_panels WHERE enabled = 1 AND ( type = 'system' OR plugin_id IN (SELECT id FROM ".TABLE_PREFIX."plugins WHERE is_installed = 1 AND is_activated = 1) ) AND id IN (SELECT tab_panel_id FROM ".TABLE_PREFIX."tab_panel_permissions WHERE permission_group_id IN ($contact_pg_ids)) ORDER BY ordering ASC "; $res = DB::execute ( $sql ); while ( $row = $res->fetchRow () ) { $object = array ( "title" => lang($row ['title']), "id" => $row ['id'], "quickAddTitle" => lang ($row['default_controller']), "refreshOnWorkspaceChange" => (bool) $row ['refresh_on_context_change'] , "defaultController" => $row['default_controller'] , "defaultContent" => array ( "type" => "url", "data" => get_url ( $row ['default_controller'], $row ['default_action'] ) ), "enabled" => $row ['enabled'], "type" => $row ['type'], ); if (config_option('show_tab_icons')) { $object["iconCls"] = $row ['icon_cls']; } if ( $row ['initial_controller'] && $row['initial_action'] ) { $object["initialContent"] = array ( "type" => "url", "data" => get_url ( $row ['initial_controller'], $row ['initial_action'] ) ); } /* if ( $row['title'] == "overview" ) { $object["initialContent"] = array ( "type" => "url", "data" => ROOT_URL ); }*/ $this->panels [] = $object ; } } return $this->panels; }
function delete() { // delete system permissions SystemPermissions::delete("`permission_group_id` = ".$this->getId()); // delete member permissions ContactMemberPermissions::delete("`permission_group_id` = ".$this->getId()); // delte dimension permissions ContactDimensionPermissions::delete("`permission_group_id` = ".$this->getId()); // delete contact_permission_group entries ContactPermissionGroups::delete("`permission_group_id` = ".$this->getId()); // delete tab panel permissions TabPanelPermissions::delete("`permission_group_id` = ".$this->getId()); parent::delete(); }
function getActiveContextPermissions(Contact $contact, $object_type_id, $context, $dimension_members, $can_write = false, $can_delete = false) { if ($contact instanceof Contact && $contact->isAdministrator()) { return $dimension_members; } $allowed_members = array(); $permission_group_ids = ContactPermissionGroups::getContextPermissionGroupIdsByContactCSV($contact->getId()); $perm_ids_array = explode(",", $permission_group_ids); foreach ($perm_ids_array as $pid) { foreach ($dimension_members as $member_id) { //check if exists a context permission group for this object type id in this member $contact_member_permission = self::findById(array('permission_group_id' => $pid, 'member_id' => $member_id, 'object_type_id' => $object_type_id)); if ($contact_member_permission instanceof ContactMemberPermission && (!$can_write || $contact_member_permission->getCanWrite() && !$can_delete || $contact_member_permission->getCanDelete())) { $permission_contexts = PermissionContexts::findAll(array('`contact_id` = ' . $contact->getId(), 'permission_group_id' => $pid, 'member_id' => $member_id)); //check if the actual context applies to this permission group if (!is_null($permission_contexts)) { $dimensions = array(); $context_members = array(); foreach ($permission_contexts as $pc) { $member = $pc->getMember(); $dimension_id = $member->getDimensionId(); if (!in_array($dimension_id, $dimensions)) { $dimensions[] = $dimension_id; $context_members[$dimension_id] = array(); } $context_members[$dimension_id][] = $member; } $include = true; foreach ($dimensions as $dim_id) { $members_in_context = array(); foreach ($context_members[$dim_id] as $value) { if (in_array($value, $context)) { $members_in_context[] = $value; } } if (count($members_in_context) == 0) { $include = $include && false; } } if ($include && count($dimensions) != 0) { $allowed_members[] = $member_id; } } } } } return $allowed_members; }
/** * Render form control * * @param string $control_name * @return string */ function render($control_name) { $value = $this->getValue(); $dimensions = Dimensions::instance()->findAll(); $permission_group_ids = ContactPermissionGroups::getPermissionGroupIdsByContactCSV(logged_user()->getId(),false); $out = '' ; foreach ($dimensions as $dim) { /* @var $dim Dimension */ if ( $dim->getOptions(1) && isset($dim->getOptions(1)->hidden) && $dim->getOptions(1)->hidden ) { continue ; } if (!$dim->getDefinesPermissions() || !$dim->deniesAllForContact($permission_group_ids)) { if (array_search($dim->getId(), $value) !== false ){ $checked = 1 ; }else{ $checked = 0 ; } $out.='<div class="dimension" >'; $out.=label_tag($dim->getName()); $out.=checkbox_field($control_name.'['.$dim->getId().']',$checked ); $out.='</div >'; } } return $out ; }
static function userHasSystemPermission(Contact $user, $system_permission) { if ($user instanceof Contact && $user->isAdministrator()) { return true; } if (array_var(self::$permission_cache, $user->getId())) { if (array_key_exists($system_permission, self::$permission_cache[$user->getId()])) { return array_var(self::$permission_cache[$user->getId()], $system_permission); } } if (array_var(self::$permission_group_ids_cache, $user->getId())) { $contact_pg_ids = self::$permission_group_ids_cache[$user->getId()]; } else { $contact_pg_ids = ContactPermissionGroups::getPermissionGroupIdsByContactCSV($user->getId(), false); self::$permission_group_ids_cache[$user->getId()] = $contact_pg_ids; } $permission = self::findOne(array('conditions' => "`{$system_permission}` = 1 AND `permission_group_id` IN ({$contact_pg_ids})")); // check max system permission $max_role_system_permissions = MaxSystemPermissions::findOne(array('conditions' => 'permission_group_id = ' . $user->getUserType())); if ($max_role_system_permissions instanceof MaxSystemPermission) { $max_val = $max_role_system_permissions->getColumnValue($system_permission); if (!$max_val) { $permission = null; } } if (!array_var(self::$permission_cache, $user->getId())) { self::$permission_cache[$user->getId()] = array(); } if (!array_key_exists($system_permission, self::$permission_cache[$user->getId()])) { self::$permission_cache[$user->getId()][$system_permission] = !is_null($permission); } if (!is_null($permission)) { return true; } return false; }
/** * List groups * * @access public * @param void * @return null */ function groups() { if (!can_manage_security(logged_user())) { flash_error(lang('no access permissions')); ajx_current("empty"); return; } $groups = PermissionGroups::getNonRolePermissionGroups(); $gr_lengths = array(); foreach ($groups as $gr) { $count = ContactPermissionGroups::count("`permission_group_id` = " . $gr->getId()); $gr_lengths[$gr->getId()] = $count; } tpl_assign('gr_lengths', $gr_lengths); tpl_assign('permission_groups', $groups); }
function do_delete() { $id = $this->getId(); ContactAddresses::instance()->delete("`contact_id` = {$id}"); ContactImValues::instance()->delete("`contact_id` = {$id}"); ContactEmails::instance()->delete("`contact_id` = {$id}"); ContactTelephones::instance()->delete("`contact_id` = {$id}"); ContactWebpages::instance()->delete("`contact_id` = {$id}"); ContactConfigOptionValues::instance()->delete("`contact_id` = {$id}"); ContactPasswords::instance()->delete("`contact_id` = {$id}"); ObjectSubscriptions::instance()->delete("`contact_id` = {$id}"); ObjectReminders::instance()->delete("`contact_id` = {$id}"); ContactPermissionGroups::instance()->delete("`contact_id` = {$id}"); ContactMemberPermissions::instance()->delete("`permission_group_id` = " . $this->getPermissionGroupId()); ContactDimensionPermissions::instance()->delete("`permission_group_id` = " . $this->getPermissionGroupId()); SystemPermissions::instance()->delete("`permission_group_id` = " . $this->getPermissionGroupId()); TabPanelPermissions::instance()->delete("`permission_group_id` = " . $this->getPermissionGroupId()); $this->delete(); $ret = null; Hook::fire("after_user_deleted", $this, $ret); }
/** * @deprecated * @author Ignacio Vazquez - elpepe.uy@gmail.com */ static function _findAllowed() { //1. Find members where user can add tasks //$sqlMembers = " $sql = "\n\t\t\tSELECT distinct(id) AS id\n\t\t\tFROM " . TABLE_PREFIX . "object_members om\n\t\t\tINNER JOIN " . TABLE_PREFIX . "templates t ON t.object_id = om.object_id\n\t\t\tINNER JOIN " . TABLE_PREFIX . "objects o ON om.object_id = o.id\n\t\t\tWHERE\n\t\t\t member_id IN ( \n\t\t\t \tSELECT distinct(member_id) \n\t\t\t\t\tFROM " . TABLE_PREFIX . "contact_member_permissions o \n\t\t\t\t\tWHERE object_type_id = " . ProjectTasks::instance()->getObjectTypeId() . " \n\t\t\t\t\tAND permission_group_id IN ( " . ContactPermissionGroups::getPermissionGroupIdsByContactCSV(logged_user()->getId()) . " ) AND can_write= 1 \n\t\t\t\t)\n\t\t\t\tAND is_optimization = 0\n\t\t\tGROUP BY om.object_id\t\t\n\t\t"; $res = DB::execute($sql); $tpls = array(); // Iterate on the results and make som filtering while ($row = $res->fetchRow()) { $tpl = COTemplates::instance()->findById($row['id']); $tpls[] = $tpl; } return $tpls; }
/** * Return true is $user can access an $object. False otherwise. * * @param Contact $user * @param array $members * @param $object_type_id * @return boolean */ function can_access(Contact $user, $members, $object_type_id, $access_level){ if($user->isAdministrator()){ return true; } $write = $access_level == ACCESS_LEVEL_WRITE; $delete = $access_level == ACCESS_LEVEL_DELETE; if (($user->isGuest() && $access_level!= ACCESS_LEVEL_READ) || !count($members)>0) return false; try { $contact_pg_ids = ContactPermissionGroups::getPermissionGroupIdsByContactCSV($user->getId(),false); $allow_all_cache = array(); $dimension_query_methods = array(); $dimension_permissions = array(); foreach($members as $k => $m){ if (!$m instanceof Member) { unset($members[$k]); continue; } $dimension = $m->getDimension(); if(!$dimension->getDefinesPermissions()){ continue; } $dimension_id = $dimension->getId(); if (!isset($dimension_permissions[$dimension_id])) { $dimension_permissions[$dimension_id]=false; } if (!$dimension_permissions[$dimension_id]){ if ($m->canContainObject($object_type_id)){ if (!isset($dimension_query_methods[$dimension->getId()])) { $dimension_query_methods[$dimension->getId()] = $dimension->getPermissionQueryMethod(); } //dimension defines permissions and user has maximum level of permissions if (isset($allow_all_cache[$dimension_id])) { $allow_all = $allow_all_cache[$dimension_id]; } else { $allow_all = $dimension->hasAllowAllForContact($contact_pg_ids); $allow_all_cache[$dimension_id] = $allow_all; } if ($allow_all) { $dimension_permissions[$dimension_id]=true; } //check individual members if (!$dimension_permissions[$dimension_id] && ContactMemberPermissions::contactCanReadObjectTypeinMember($contact_pg_ids, $m->getId(), $object_type_id, $write, $delete, $user)){ $dimension_permissions[$dimension_id]=true; } } else { unset($dimension_permissions[$dimension_id]); } } } $allowed = true; // check that user has permissions in all mandatory query method dimensions $mandatory_count = 0; foreach ($dimension_query_methods as $dim_id => $qmethod) { if ($qmethod == DIMENSION_PERMISSION_QUERY_METHOD_MANDATORY) { $mandatory_count++; if (!array_var($dimension_permissions, $dim_id)) { // if one of the members belong to a mandatory dimension and user does not have permissions on it then return false return false; } } } // If no members in mandatory dimensions then check for not mandatory ones if ($allowed && $mandatory_count == 0) { foreach ($dimension_query_methods as $dim_id => $qmethod) { if ($qmethod == DIMENSION_PERMISSION_QUERY_METHOD_NOT_MANDATORY) { if (array_var($dimension_permissions, $dim_id)) { // if has permissions over any member of a non mandatory dimension then return true return true; } else { $allowed = false; } } } } if ($allowed && count($dimension_permissions)) { return true; } // Si hasta aca tienen perm en todas las dim, return true. Si hay alguna que no tiene perm sigo //Check Context Permissions $member_ids = array(); foreach ($members as $member_obj) $member_ids[] = $member_obj->getId(); $allowed_members = ContactMemberPermissions::getActiveContextPermissions($user, $object_type_id, $members, $member_ids, $write, $delete); $count=0; foreach($members as $m){ $count++; if (!in_array($m->getId(), $allowed_members)) return false; else if ($count==count($members)) return true; } } catch(Exception $e) { tpl_assign('error', $e); return false; } return false; }
static function prepareDimensionConditions($context, $object_type_id) { //get contact's permission groups ids $pg_ids = ContactPermissionGroups::getPermissionGroupIdsByContactCSV(logged_user()->getId(), false); $all_dim_in_all_conditions = ""; $dm_conditions = ""; $context_dimensions = array(); $selection_members = array(); // - stores the ids of all members selected in context $selected_dimensions = array(); // - stores the ids of all dimensions selected in context $properties = array(); //- stores associations between dimensions $redefined_context = array(); // - if there are dimensions that are associated to another dimension in the context, we may need to redefine the context foreach ($context as $selection) { if ($selection instanceof Member) { $selection_members[] = $selection; } } $member_count = 0; foreach ($context as $selection) { if ($selection instanceof Member) { // condiciones para filtrar por el miembro seleccionado $member_count++; $dimension = $selection->getDimension(); $dimension_id = $dimension->getId(); $selected_dimensions[] = $dimension; $context_dimensions[$dimension_id]['allowed_members'] = array(); // - stores the ids of the members where we must search for objects $context_dimensions[$dimension_id]['allowed_members'][] = $selection->getId(); $children = $selection->getAllChildrenInHierarchy(); foreach ($children as $child) { $context_dimensions[$dimension_id]['allowed_members'][] = $child->getId(); } if ($dimension->canContainObjects()) { $allowed_members = $context_dimensions[$dimension_id]['allowed_members']; $dm_conditions .= self::prepareQuery($dm_conditions, $dimension, $allowed_members, $object_type_id, $pg_ids, 'AND', $selection_members); $redefined_context[] = $dimension_id; } else { //let's check if this dimension is property of another $associated_dimensions_ids = $dimension->getAssociatedDimensions(); if (count($associated_dimensions_ids) > 0) { foreach ($associated_dimensions_ids as $aid) { $properties[$dimension_id][] = $aid; } } } } else { // condiciones para cuando se selecciona "all" en todas las dimensiones visibles $all_members = $selection->getAllMembers(); foreach ($all_members as $member) { $context_dimensions[$selection->getId()]['allowed_members'][] = $member->getId(); } //get all the content object type ids that can hang in the dimension if ($selection->canContainObjects()) { if (!isset($context_dimensions[$selection->getId()])) { $context_dimensions[$selection->getId()] = array(); } $allowed_members = array_var($context_dimensions[$selection->getId()], 'allowed_members', array()); $all_dim_in_all_conditions .= self::prepareQuery($all_dim_in_all_conditions, $selection, $allowed_members, $object_type_id, $pg_ids, 'OR', $selection_members, true); } } } // Si esta parado en 'all' de todas las dimensiones visibles aplico la condicion de que el objeto pertenezca a algun miembro de las dimensiones al cual yo tenga permisos if ($member_count == 0) { $dm_conditions .= $all_dim_in_all_conditions; } if (count($properties) > 0) { foreach ($properties as $property => $values) { foreach ($values as $dim_id) { if (!in_array($dim_id, $redefined_context)) { $redefined_context[] = $dim_id; } } } return self::prepareAssociationConditions($redefined_context, $context_dimensions, $properties, $object_type_id, $pg_ids, $selection_members); } $dimensions = Dimensions::findAll(); foreach ($dimensions as $dimension) { if ($dimension->canContainObjects() && !in_array($dimension, $context) && !in_array($dimension, $selected_dimensions)) { $member_ids = array(); $all_members = $dimension->getAllMembers(); foreach ($all_members as $member) { $member_ids[] = $member->getId(); } $dm_conditions .= self::prepareQuery($dm_conditions, $dimension, $member_ids, $object_type_id, $pg_ids, 'OR', $selection_members, true); } } return $dm_conditions; }
/** * This function will return paginated result. Result is an array where first element is * array of returned object and second populated pagination object that can be used for * obtaining and rendering pagination data using various helpers. * * Items and pagination array vars are indexed with 0 for items and 1 for pagination * because you can't use associative indexing with list() construct * * @access public * @param array $arguments Query argumens (@see find()) Limit and offset are ignored! * @param integer $items_per_page Number of items per page * @param integer $current_page Current page number * @return array */ function paginate($arguments = null, $items_per_page = 10, $current_page = 1) { if (isset($this) && instance_of($this, 'ContactPermissionGroups')) { return parent::paginate($arguments, $items_per_page, $current_page); } else { return ContactPermissionGroups::instance()->paginate($arguments, $items_per_page, $current_page); } // if }
/** * Edit specific contact * * @access public * @param void * @return null */ function edit() { if (logged_user()->isGuest()) { flash_error(lang('no access permissions')); ajx_current("empty"); return; } $this->setTemplate('edit_contact'); $contact = Contacts::findById(get_id()); if (!$contact instanceof Contact) { flash_error(lang('contact dnx')); ajx_current("empty"); return; } // if if (!$contact->canEdit(logged_user())) { flash_error(lang('no access permissions')); ajx_current("empty"); return; } // if $im_types = ImTypes::findAll(array('order' => '`id`')); // telephone types $all_telephone_types = TelephoneTypes::getAllTelephoneTypesInfo(); tpl_assign('all_telephone_types', $all_telephone_types); // address types $all_address_types = AddressTypes::getAllAddressTypesInfo(); tpl_assign('all_address_types', $all_address_types); // webpage types $all_webpage_types = WebpageTypes::getAllWebpageTypesInfo(); tpl_assign('all_webpage_types', $all_webpage_types); // email types $all_email_types = EmailTypes::getAllEmailTypesInfo(); tpl_assign('all_email_types', $all_email_types); $contact_data = array_var($_POST, 'contact'); // Populate form fields if (!is_array($contact_data)) { // set layout for modal form if (array_var($_REQUEST, 'modal')) { $this->setLayout("json"); tpl_assign('modal', true); } $contact_data = $this->get_contact_data_from_contact($contact); if ($contact->isUser()) { $_REQUEST['is_user'] = 1; tpl_assign('user_type', $contact->getUserType()); } if (is_array($im_types)) { foreach ($im_types as $im_type) { $contact_data['im_' . $im_type->getId()] = $contact->getImValue($im_type); } // foreach } // if $null = null; Hook::fire('before_edit_contact_form', array('object' => $contact), $null); } // if tpl_assign('isEdit', array_var($_GET, 'isEdit', false)); tpl_assign('contact', $contact); tpl_assign('contact_data', $contact_data); tpl_assign('im_types', $im_types); tpl_assign('active_tab', array_var($_REQUEST, 'active_tab')); //Contact Submit if (is_array(array_var($_POST, 'contact'))) { foreach ($contact_data as $k => &$v) { $v = remove_scripts($v); } try { DB::beginWork(); $contact_data['email'] = trim($contact_data['email']); $contact_data['contact_type'] = 'contact'; Contacts::validate($contact_data, get_id()); $newCompany = false; if (array_var($contact_data, 'isNewCompany') == 'true' && is_array(array_var($_POST, 'company'))) { $company_data = array_var($_POST, 'company'); $company_data['contact_type'] = 'company'; Contacts::validate($company_data); $company = new Contact(); $company->setFromAttributes($company_data); $company->setIsCompany(true); $company->setObjectName(); $company->save(); // save phones, addresses and webpages $this->save_phones_addresses_webpages($company_data, $company); if ($company_data['email'] != "") { $company->addEmail($company_data['email'], 'work', true); } $newCompany = true; } $contact_data['birthday'] = getDateValue($contact_data["birthday"]); if (isset($contact_data['specify_username'])) { if ($contact_data['user']['username'] != "") { $contact_data['name'] = $contact_data['user']['username']; } else { $contact_data['name'] = $contact_data['first_name'] . " " . $contact_data['surname']; } } else { $contact_data['name'] = $contact_data['first_name'] . " " . $contact_data['surname']; } $user_data = array_var($_POST, 'user'); if (is_array($user_data) && trim(array_var($user_data, 'username', '')) != "") { $contact_data['username'] = trim(array_var($user_data, 'username', '')); } $contact->setFromAttributes($contact_data); if ($newCompany) { $contact->setCompanyId($company->getId()); } $contact->setObjectName(); $contact->save(); // save phones, addresses and webpages $this->save_phones_addresses_webpages($contact_data, $contact); //Emails $personal_email_type_id = EmailTypes::getEmailTypeId('personal'); $main_emails = $contact->getMainEmails(); $more_main_emails = array(); $main_mail = null; foreach ($main_emails as $me) { if ($main_mail == null) { $main_mail = $me; } else { $more_main_emails[] = $me; } } if ($main_mail) { $main_mail->editEmailAddress($contact_data['email']); } else { if ($contact_data['email'] != "") { $contact->addEmail($contact_data['email'], 'personal', true); } } foreach ($more_main_emails as $mme) { $mme->setIsMain(false); $mme->save(); } // save additional emails $this->save_non_main_emails($contact_data, $contact); // autodetect timezone $autotimezone = array_var($contact_data, 'autodetect_time_zone', null); if ($autotimezone !== null) { set_user_config_option('autodetect_time_zone', $autotimezone, $contact->getId()); } // IM values $contact->clearImValues(); foreach ($im_types as $im_type) { $value = trim(array_var($contact_data, 'im_' . $im_type->getId())); if ($value != '') { $contact_im_value = new ContactImValue(); $contact_im_value->setContactId($contact->getId()); $contact_im_value->setImTypeId($im_type->getId()); $contact_im_value->setValue($value); $contact_im_value->setIsMain(array_var($contact_data, 'default_im') == $im_type->getId()); $contact_im_value->save(); } // if } // foreach $member_ids = json_decode(array_var($_POST, 'members')); $object_controller = new ObjectController(); if (!is_null($member_ids)) { $object_controller->add_to_members($contact, $member_ids); } $no_perm_members_ids = json_decode(array_var($_POST, 'no_perm_members')); if (count($no_perm_members_ids)) { $object_controller->add_to_members($contact, $no_perm_members_ids); } if ($newCompany) { $object_controller->add_to_members($company, $member_ids); } $object_controller->link_to_new_object($contact); $object_controller->add_subscribers($contact); $object_controller->add_custom_properties($contact); // User settings $user = array_var(array_var($_POST, 'contact'), 'user'); if ($user && $contact->canUpdatePermissions(logged_user())) { $user_type_changed = false; if (array_var($user, 'type')) { $user_type_changed = $contact->getUserType() != array_var($user, 'type'); $contact->setUserType(array_var($user, 'type')); $contact->save(); } if ($user_type_changed) { $this->cut_max_user_permissions($contact); } // update user groups if (isset($_REQUEST['user_groups'])) { $insert_values = ""; $group_ids = explode(',', $_REQUEST['user_groups']); foreach ($group_ids as $gid) { if (trim($gid) == "" || !is_numeric($gid)) { continue; } $insert_values .= ($insert_values == "" ? "" : ",") . "(" . $contact->getId() . ", {$gid})"; } ContactPermissionGroups::instance()->delete("contact_id=" . $contact->getId() . " AND permission_group_id <> " . $contact->getPermissionGroupId()); if ($insert_values != "") { DB::execute("INSERT INTO " . TABLE_PREFIX . "contact_permission_groups VALUES {$insert_values} ON DUPLICATE KEY UPDATE contact_id=contact_id;"); } ContactMemberCaches::updateContactMemberCacheAllMembers($contact); } } $null = null; Hook::fire('after_edit_contact', $contact, $null); DB::commit(); // save user permissions if ($user && $contact->canUpdatePermissions(logged_user())) { save_user_permissions_background(logged_user(), $contact->getPermissionGroupId(), $contact->isGuest()); } if (array_var($contact_data, 'isNewCompany') == 'true' && is_array(array_var($_POST, 'company'))) { ApplicationLogs::createLog($company, ApplicationLogs::ACTION_ADD); } ApplicationLogs::createLog($contact, ApplicationLogs::ACTION_EDIT); flash_success(lang('success edit contact', $contact->getObjectName())); ajx_current("back"); if (array_var($_REQUEST, 'modal')) { evt_add("reload current panel"); } } catch (Exception $e) { DB::rollback(); flash_error($e->getMessage()); ajx_current("empty"); } // try } // if }
/** * * */ function list_dimension_members($member_id, $context_dimension_id, $object_type_id, $allowed_member_type_ids) { if ($member_id != 0) { $contact_pg_ids = ContactPermissionGroups::getPermissionGroupIdsByContactCSV(logged_user()->getId(), false); $member = members::findById($member_id); $dimension = Dimensions::getDimensionById($context_dimension_id); if ($object_type_id != null) { $dimension_object_type_contents = $dimension->getObjectTypeContent($object_type_id); foreach ($dimension_object_type_contents as $dotc) { $dot_id = $dotc->getDimensionObjectTypeId(); if (is_null($allowed_member_type_ids) || in_array($dot_id, $allowed_member_type_ids)) { $allowed_object_type_ids[] = $dot_id; } } } if ($dimension instanceof Dimension && $member instanceof Member) { if (!$dimension->getDefinesPermissions() || $dimension->hasAllowAllForContact($contact_pg_ids)) { $dimension_members = $dimension->getAllMembers(false, "parent_member_id, name", true); } else { if ($dimension->hasCheckForContact($contact_pg_ids)) { $member_list = $dimension->getAllMembers(false, "parent_member_id, name", true); $allowed_members = array(); foreach ($member_list as $dim_member) { if (ContactMemberPermissions::instance()->contactCanReadMemberAll($contact_pg_ids, $dim_member->getId(), logged_user())) { $allowed_members[] = $dim_member; } } $dimension_members = $allowed_members; } } $members_to_retrieve = array(); $association_ids = DimensionMemberAssociations::getAllAssociationIds($member->getDimensionId(), $context_dimension_id); if (count($association_ids) > 0) { $associated_members_ids_csv = ''; foreach ($association_ids as $id) { $association = DimensionMemberAssociations::findById($id); $children = $member->getAllChildrenInHierarchy(); if ($association->getDimensionId() == $context_dimension_id) { $new_csv = MemberPropertyMembers::getAllMemberIds($id, $member_id); $associated_members_ids_csv .= $new_csv != '' ? $new_csv . "," : ''; foreach ($children as $child) { $new_csv = MemberPropertyMembers::getAllMemberIds($id, $child->getId()); $associated_members_ids_csv .= $new_csv != '' ? $new_csv . "," : ''; } } else { $new_csv = MemberPropertyMembers::getAllPropertyMemberIds($id, $member_id) . ","; $associated_members_ids_csv .= $new_csv != '' ? $new_csv . "," : ''; foreach ($children as $child) { $new_csv = MemberPropertyMembers::getAllPropertyMemberIds($id, $child->getId()); $associated_members_ids_csv .= $new_csv != '' ? $new_csv . "," : ''; } } } $associated_members_ids = explode(',', $associated_members_ids_csv); $associated_members_ids = array_unique($associated_members_ids); } if (isset($associated_members_ids) && count($associated_members_ids) > 0) { foreach ($associated_members_ids as $id) { $associated_member = Members::findById($id); if (in_array($associated_member, $dimension_members)) { $context_hierarchy_members = $associated_member->getAllParentMembersInHierarchy(true); foreach ($context_hierarchy_members as $context_member) { if (!in_array($context_member, $members_to_retrieve) && in_array($context_member, $dimension_members)) { $members_to_retrieve[$context_member->getName()] = $context_member; } } } } // alphabetical order $members_to_retrieve = array_ksort($members_to_retrieve); } else { $members_to_retrieve[] = $dimension_members; } $membersset = array(); foreach ($members_to_retrieve as $m) { $membersset[$m->getId()] = true; } $members = array(); // Todo adapt this code to call "buildMemberList" - (performance and code improvement) foreach ($members_to_retrieve as $m) { if ($m->getArchivedById() > 0) { continue; } if ($object_type_id != null) { $selectable = in_array($m->getObjectTypeId(), $allowed_object_type_ids) ? true : false; } $tempParent = $m->getParentMemberId(); $x = $m; while ($x instanceof Member && !isset($membersset[$tempParent])) { $tempParent = $x->getParentMemberId(); $x = $x->getParentMember(); } if (!$x instanceof Member) { $tempParent = 0; } if ($dot = DimensionObjectTypes::instance()->findOne(array("conditions" => "\n\t\t\t\t\t\tdimension_id = " . $dimension->getId() . " AND\n\t\t\t\t\t\tobject_type_id = " . $m->getObjectTypeId()))) { $memberOptions = $dot->getOptions(true); } else { $memberOptions = ''; } /* @var $m Member */ $member = array("id" => $m->getId(), "name" => clean($m->getName()), "parent" => $tempParent, "realParent" => $m->getParentMemberId(), "object_id" => $m->getObjectId(), "options" => $memberOptions, "depth" => $m->getDepth(), "iconCls" => $m->getIconClass(), "selectable" => isset($selectable) ? $selectable : false, "dimension_id" => $m->getDimensionId(), "object_type_id" => $m->getObjectTypeId(), "allow_childs" => $m->allowChilds()); if ($oid = $m->getObjectId()) { if ($obj = Objects::instance()->findObject($m->getObjectId())) { $editUrl = $obj->getEditUrl(); } } // Member Actions if (can_manage_dimension_members(logged_user())) { if ($oid = $m->getObjectId()) { if ($obj = Objects::instance()->findObject($m->getObjectId())) { $editUrl = $obj->getEditUrl(); } } else { $editUrl = get_url('member', 'edit', array('id' => $m->getId())); } $member['actions'] = array(array('url' => $editUrl, 'text' => '', 'iconCls' => 'ico-edit')); } $members[] = $member; } return $members; } return null; } else { $members = $this->initial_list_dimension_members($context_dimension_id, $object_type_id, $allowed_member_type_ids); return $members; } }
function get_user_dimensions_ids(){ //All dimensions $all_dimensions = Dimensions::findAll(); $dimensions_to_show = array(); foreach ($all_dimensions as $dim){ if (!$dim->getDefinesPermissions()){ $dimensions_to_show [$dim->getId()] = $dim->getId(); } else{ $contact_pg_ids = ContactPermissionGroups::getPermissionGroupIdsByContactCSV(logged_user()->getId(),false); /*if dimension does not deny everything for each contact's PG, show it*/ if (!$dim->deniesAllForContact($contact_pg_ids)){ $dimensions_to_show [$dim->getId()] = $dim->getId(); } } } return $dimensions_to_show; }
/** * Return true is $user can access an $object. False otherwise. * * @param Contact $user * @param array $members * @param $object_type_id * @return boolean */ function can_access(Contact $user, $members, $object_type_id, $access_level) { if ($user->isAdministrator()) { return true; } $write = $access_level == ACCESS_LEVEL_WRITE; $delete = $access_level == ACCESS_LEVEL_DELETE; if ($user->isGuest() && $access_level != ACCESS_LEVEL_READ || !count($members) > 0) { return false; } try { $contact_pg_ids = ContactPermissionGroups::getPermissionGroupIdsByContactCSV($user->getId(), false); $allow_all_cache = array(); $dimension_permissions = array(); foreach ($members as $k => $m) { if (!$m instanceof Member) { unset($members[$k]); continue; } $dimension = $m->getDimension(); if (!$dimension->getDefinesPermissions()) { continue; } $dimension_id = $dimension->getId(); if (!isset($dimension_permissions[$dimension_id])) { $dimension_permissions[$dimension_id] = false; } if (!$dimension_permissions[$dimension_id]) { if ($m->canContainObject($object_type_id)) { //dimension defines permissions and user has maximum level of permissions if (isset($allow_all_cache[$dimension_id])) { $allow_all = $allow_all_cache[$dimension_id]; } else { $allow_all = $dimension->hasAllowAllForContact($contact_pg_ids); $allow_all_cache[$dimension_id] = $allow_all; } if ($allow_all) { $dimension_permissions[$dimension_id] = true; } //check individual members if (!$dimension_permissions[$dimension_id] && ContactMemberPermissions::contactCanReadObjectTypeinMember($contact_pg_ids, $m->getId(), $object_type_id, $write, $delete, $user)) { $dimension_permissions[$dimension_id] = true; } } else { unset($dimension_permissions[$dimension_id]); } } } $allowed = true; foreach ($dimension_permissions as $perm) { if (!$perm) { $allowed = false; } else { return true; // if user has permission in one of the object's members then can access = true } } if ($allowed && count($dimension_permissions)) { return true; } // Si hasta aca tienen perm en todas las dim, return true. Si hay alguna que no tiene perm sigo //Check Context Permissions $member_ids = array(); foreach ($members as $member_obj) { $member_ids[] = $member_obj->getId(); } $allowed_members = ContactMemberPermissions::getActiveContextPermissions($user, $object_type_id, $members, $member_ids, $write, $delete); $count = 0; foreach ($members as $m) { $count++; if (!in_array($m->getId(), $allowed_members)) { return false; } else { if ($count == count($members)) { return true; } } } } catch (Exception $e) { tpl_assign('error', $e); return false; } return false; }
/** * Edit group * * @param void * @return null */ function edit() { $this->setTemplate('add'); if (!can_manage_security(logged_user())) { flash_error(lang('no access permissions')); ajx_current("empty"); return; } // if $group = PermissionGroups::findById(get_id()); if (!$group instanceof PermissionGroup) { flash_error(lang('group dnx')); $this->redirectTo('administration', 'groups'); } // if $group_data = array_var($_POST, 'group'); if (!is_array($group_data)) { $pg_id = $group->getId(); $parameters = permission_form_parameters($pg_id); // Module Permissions $module_permissions = TabPanelPermissions::findAll(array("conditions" => "`permission_group_id` = {$pg_id}")); $module_permissions_info = array(); foreach ($module_permissions as $mp) { $module_permissions_info[$mp->getTabPanelId()] = 1; } $all_modules = TabPanels::findAll(array("conditions" => "`enabled` = 1", "order" => "ordering")); $all_modules_info = array(); foreach ($all_modules as $module) { $all_modules_info[] = array('id' => $module->getId(), 'name' => lang($module->getTitle()), 'ot' => $module->getObjectTypeId()); } // System Permissions $system_permissions = SystemPermissions::findById($pg_id); tpl_assign('module_permissions_info', $module_permissions_info); tpl_assign('all_modules_info', $all_modules_info); tpl_assign('system_permissions', $system_permissions); tpl_assign('permission_parameters', $parameters); // users $group_users = array(); $cpgs = ContactPermissionGroups::findAll(array("conditions" => "`permission_group_id` = {$pg_id}")); foreach ($cpgs as $cpg) { $group_users[] = $cpg->getContactId(); } tpl_assign('groupUserIds', $group_users); tpl_assign('users', Contacts::getAllUsers()); tpl_assign('pg_id', $group->getId()); tpl_assign('group', $group); tpl_assign('group_data', array('name' => $group->getName())); add_page_action(lang('delete'), "javascript:if(confirm(lang('confirm delete group'))) og.openLink('" . $group->getDeleteUrl() . "');", 'ico-trash', null, null, true); } else { try { $group->setFromAttributes($group_data); DB::beginWork(); $group->save(); // set permissions $pg_id = $group->getId(); //save_permissions($pg_id); $gr_users = $group->getUsers(); $gr_users_ids = array(); if ($post_users = array_var($_POST, 'user')) { foreach ($post_users as $user_id => $val) { if ($val == '1' && is_numeric($user_id)) { $gr_users_ids[] = $user_id; } } } foreach ($gr_users as $us) { if (!in_array($us->getId(), $gr_users_ids)) { $gr_users_ids[] = $us->getId(); } } // save users ContactPermissionGroups::delete("`permission_group_id` = {$pg_id}"); if ($users = array_var($_POST, 'user')) { foreach ($users as $user_id => $val) { if ($val == '1' && is_numeric($user_id) && Contacts::findById($user_id) instanceof Contact) { $cpg = new ContactPermissionGroup(); $cpg->setPermissionGroupId($pg_id); $cpg->setContactId($user_id); $cpg->save(); } } } //ApplicationLogs::createLog($group, ApplicationLogs::ACTION_EDIT); DB::commit(); flash_success(lang('success edit group', $group->getName())); ajx_current("back"); } catch (Exception $e) { DB::rollback(); tpl_assign('error', $e); return; } try { save_user_permissions_background(logged_user(), $pg_id, false, $gr_users_ids); } catch (Exception $e) { tpl_assign('error', $e); } } }
?> </button> <div class="clear"></div> </div> </div> <?php } ?> <?php $groups = PermissionGroups::getNonRolePermissionGroups(); $gr_lengths = array(); foreach ($groups as $gr) { $count = ContactPermissionGroups::count("`permission_group_id` = " . $gr->getId()); $gr_lengths[$gr->getId()] = $count; } ?> <div class="user-groups-section"> <h1><?php echo lang('groups'); ?> </h1> <div class="section-description desc"><?php echo lang('groups desc', '<br />'); ?> </div> <div class="section-content section3"> <ul> <?php
/** * Return manager instance * * @access protected * @param void * @return ContactPermissionGroups */ function manager() { if(!($this->manager instanceof ContactPermissionGroups)) $this->manager = ContactPermissionGroups::instance(); return $this->manager; } // manager
/** * Returns all the members to be displayed in the panel that corresponds to the dimension for which the id is received by * parameter. * It is called when the application is first loaded. * @todo: return only the members that are going to be retrieved * @todo: add a function to retrieve the rest of the members - dimension_members - and make it more efficient * @todo: add a funciton to retrieve a specific set of members * @todo: check where this function is called * @todo: check (and fix) that the system doesn't use the left-panel navigation tree to get member's data * */ function initial_list_dimension_members($dimension_id, $object_type_id, $allowed_member_type_ids = null, $return_all_members = false, $extra_conditions = "", $limit = null, $return_member_objects = false, $order = null, $return_only_members_name = false, $filter_by_members = array(), $access_level = ACCESS_LEVEL_READ, $use_member_cache = false) { $allowed_member_types = array(); $item_object = null; if (logged_user()->isAdministrator()) { $return_all_members = true; } $contact_pg_ids = ContactPermissionGroups::getPermissionGroupIdsByContactCSV(logged_user()->getId(), false); $dimension = Dimensions::getDimensionById($dimension_id); if ($object_type_id != null) { $dimension_object_type_contents = $dimension->getObjectTypeContent($object_type_id); foreach ($dimension_object_type_contents as $dotc) { $dot_id = $dotc->getDimensionObjectTypeId(); if (is_null($allowed_member_type_ids) || in_array($dot_id, $allowed_member_type_ids)) { $allowed_member_types[] = $dot_id; } } $object_type = ObjectTypes::findById($object_type_id); if ($object_type instanceof ObjectType && $object_type->getType() == 'dimension_object') { eval('$ot_manager = ' . $object_type->getHandlerClass() . '::instance();'); if (isset($ot_manager)) { eval('$item_object = new ' . $ot_manager->getItemClass() . '();'); } } } $extra_conditions .= " AND archived_by_id=0"; if ($dimension instanceof Dimension) { if (count($allowed_member_types) > 0) { $extra_conditions = " AND object_type_id IN (" . implode(",", $allowed_member_types) . ")" . $extra_conditions; } $parent = 0; if (is_null($order)) { $order = "parent_member_id, name"; } if (!$dimension->getDefinesPermissions() || $dimension->hasAllowAllForContact($contact_pg_ids) || $return_all_members) { $all_members = $dimension->getAllMembers(false, $order, true, $extra_conditions, $limit); } else { if ($dimension->hasCheckForContact($contact_pg_ids)) { if ($use_member_cache) { //use the contact member cache $params = array("dimension" => $dimension, "contact_id" => logged_user()->getId(), "parent_member_id" => 0, "start" => $limit['offset'], "limit" => $limit['limit'], "extra_condition" => $extra_conditions, "order" => '`name`', "order_dir" => 'ASC'); $all_members = ContactMemberCaches::getAllMembersWithCachedParentId($params); } else { $member_list = $dimension->getAllMembers(false, $order, true, $extra_conditions, $limit); $allowed_members = array(); foreach ($member_list as $dim_member) { if (ContactMemberPermissions::instance()->contactCanAccessMemberAll($contact_pg_ids, $dim_member->getId(), logged_user(), $access_level)) { $allowed_members[] = $dim_member; } } $all_members = $allowed_members; } } } if (!isset($all_members)) { $all_members = array(); } $tmp_array = array(); foreach ($filter_by_members as $filter_id) { if ($filter_id) { $tmp_array[] = $filter_id; } } $filter_by_members = $tmp_array; $all_members = $this->apply_association_filters($dimension, $all_members, $filter_by_members); if ($return_member_objects) { return $all_members; } else { return $this->buildMemberList($all_members, $dimension, $allowed_member_type_ids, $allowed_member_types, $item_object, $object_type_id, $return_only_members_name); } } return null; }
static function prepareDimensionConditions($context) { //get contact's permission groups ids $pg_ids = ContactPermissionGroups::getPermissionGroupIdsByContactCSV(logged_user()->getId(), false); $dm_conditions = ""; $context_dimensions = array(); $selection_members = array(); // - stores the ids of all members selected in context $selected_dimensions = array(); // - stores the ids of all dimensions selected in context $properties = array(); //- stores associations between dimensions $redefined_context = array(); // - if there are dimensions that are associated to another dimension in the context, we may need to redefine the context foreach ($context as $selection) { if ($selection instanceof Member) { $selection_members[] = $selection; } } foreach ($context as $selection) { if ($selection instanceof Member) { $dimension = $selection->getDimension(); $dimension_id = $dimension->getId(); $selected_dimensions[] = $dimension; $context_dimensions[$dimension_id]['allowed_members'] = array(); // - stores the ids of the members where we must search for objects $context_dimensions[$dimension_id]['object_types'] = array(); // - stores the ids of those content object types that we must search for //first get all the object types of the member that is selected and its children $member_object_types = array(); $member_object_types[] = $selection->getObjectTypeId(); $context_dimensions[$dimension_id]['allowed_members'][] = $selection->getId(); $children = $selection->getAllChildrenInHierarchy(); foreach ($children as $child) { $context_dimensions[$dimension_id]['allowed_members'][] = $child->getId(); if (!in_array($child->getObjectTypeId(), $member_object_types)) { $member_object_types[] = $child->getObjectTypeId(); } } //now let's check which content object type ids can hang from the object types that correspond to these members in this dimension foreach ($member_object_types as $object_type) { $content_object_types = DimensionObjectTypeContents::getContentObjectTypeIds($dimension_id, $object_type); foreach ($content_object_types as $co_type) { if (!in_array($co_type, $context_dimensions[$dimension_id]['object_types'])) { $context_dimensions[$dimension_id]['object_types'][] = $co_type; } } } if ($dimension->canContainObjects()) { $allowed_members = $context_dimensions[$dimension_id]['allowed_members']; $object_types = $context_dimensions[$dimension_id]['object_types']; $dm_conditions .= self::prepareQuery($dm_conditions, $dimension, $allowed_members, $object_types, $pg_ids, 'AND', $selection_members); $redefined_context[] = $dimension_id; } else { //let's check if this dimension is property of another $associated_dimensions_ids = $dimension->getAssociatedDimensions(); if (count($associated_dimensions_ids) > 0) { foreach ($associated_dimensions_ids as $aid) { $properties[$dimension_id][] = $aid; } } } } else { $all_members = $selection->getAllMembers(); foreach ($all_members as $member) { if (!isset($context_dimensions[$selection->getId()]['allowed_members'])) { $context_dimensions[$selection->getId()]['allowed_members'] = array(); } $context_dimensions[$selection->getId()]['allowed_members'][] = $member->getId(); } //get all the content object type ids that can hang in the dimension $context_dimensions[$selection->getId()]['object_types'] = DimensionObjectTypeContents::getContentObjectTypeIds($selection->getId()); if ($selection->canContainObjects()) { $allowed_members = array_var($context_dimensions[$selection->getId()], 'allowed_members', array()); $object_types = array_var($context_dimensions[$selection->getId()], 'object_types', array()); $dm_conditions .= self::prepareQuery($dm_conditions, $selection, $allowed_members, $object_types, $pg_ids, 'OR', $selection_members, true); } } } if (count($properties) > 0) { foreach ($properties as $property => $values) { foreach ($values as $dim_id) { if (!in_array($dim_id, $redefined_context)) { $redefined_context[] = $dim_id; } } } return self::prepareAssociationConditions($redefined_context, $context_dimensions, $properties, $pg_ids, $selection_members); } $dimensions = Dimensions::findAll(); foreach ($dimensions as $dimension) { if ($dimension->canContainObjects() && !in_array($dimension, $context) && !in_array($dimension, $selected_dimensions)) { $member_ids = array(); $all_members = $dimension->getAllMembers(); foreach ($all_members as $member) { $member_ids[] = $member->getId(); } $object_types = DimensionObjectTypeContents::getContentObjectTypeIds($dimension->getId()); $dm_conditions .= self::prepareQuery($dm_conditions, $dimension, $member_ids, $object_types, $pg_ids, 'OR', $selection_members, true); } } return $dm_conditions; }
/** * Returns a list of emails according to the requested parameters * * @param string $tag * @param array $attributes * @param Project $project * @return array */ function getEmails($account_id = null, $state = null, $read_filter = "", $classif_filter = "", $context = null, $start = null, $limit = null, $order_by = 'received_date', $dir = 'ASC', $join_params = null, $archived = false) { $mailTablePrefix = "e"; if (!$limit) $limit = user_config_option('mails_per_page') ? user_config_option('mails_per_page') : config_option('files_per_page'); $accountConditions = ""; // Check for accounts $accountConditions = ''; if (isset($account_id) && $account_id > 0) { //Single account $accountConditions = " AND $mailTablePrefix.account_id = " . DB::escape($account_id); } else { // show emails from other accounts $macs = MailAccountContacts::instance()->getByContact(logged_user()); $acc_ids = array(0); foreach ($macs as $mac) $acc_ids[] = $mac->getAccountId(); // permission conditions $pgs = ContactPermissionGroups::getPermissionGroupIdsByContactCSV(logged_user()->getId()); if (trim($pgs == '')) $pgs = '0'; $perm_sql = "(SELECT count(*) FROM ".TABLE_PREFIX."sharing_table st WHERE st.object_id = $mailTablePrefix.object_id AND st.group_id IN ($pgs)) > 0"; // show mails for all visible accounts and classified mails where logged_user has permissions $accountConditions = " AND ($mailTablePrefix.account_id IN (" . implode(",", $acc_ids) . ") OR $perm_sql)"; } // Check for unclassified emails $classified = ''; if ($classif_filter != '' && $classif_filter != 'all') { $classified = "AND " . ($classif_filter == 'unclassified' ? "NOT " : ""); $classified .= "o.id IN (SELECT object_id FROM ".TABLE_PREFIX."object_members)"; } // Check for draft, junk, etc. emails if ($state == "draft") { $stateConditions = " $mailTablePrefix.state = '2'"; } else if ($state == "sent") { $stateConditions = " $mailTablePrefix.state IN ('1','3','5')"; } else if ($state == "received") { $stateConditions = " $mailTablePrefix.state IN ('0','5')"; } else if ($state == "junk") { $stateConditions = " $mailTablePrefix.state = '4'"; } else if ($state == "outbox") { $stateConditions = " $mailTablePrefix.state >= 200"; } else { $stateConditions = ""; } // Check read emails if ($read_filter != "" && $read_filter != "all") { if ($read_filter == "unread") { $read = "AND NOT "; $subread = "AND NOT mc."; } else { $read = "AND "; $subread = "AND mc."; } $read2 = "id IN (SELECT rel_object_id FROM " . TABLE_PREFIX . "read_objects t WHERE contact_id = " . logged_user()->getId() . " AND t.is_read = '1')"; $read .= $read2; $subread .= $read2; } else { $read = ""; $subread = ""; } // Conversations not allowed yet //if (user_config_option('show_emails_as_conversations')) { // $state_conv_cond_1 = $state != 'received' ? " $stateConditions AND " : " m.state <> '2' AND "; // $state_conv_cond_2 = $state != 'received' ? " AND (mc.state = '1' OR mc.state = '3' OR mc.state = '5') " : " AND mc.state <> '2' "; // $archived_by_id = $archived ? "AND o.archived_by_id != 0" : "AND o.archived_by_id = 0"; // $trashed_by_id = "AND o.trashed_by_id = 0"; // $conversation_cond = "AND IF(m.conversation_id = 0, $stateConditions, $state_conv_cond_1 NOT EXISTS (SELECT * FROM ".TABLE_PREFIX."mail_contents mc WHERE m.conversation_id = mc.conversation_id AND m.account_id = mc.account_id AND m.received_date < mc.received_date $archived_by_id AND mc.is_deleted = 0 $trashed_by_id $subread $state_conv_cond_2))"; // $box_cond = "AND IF(EXISTS(SELECT * FROM ".TABLE_PREFIX."mail_contents mc WHERE m.conversation_id = mc.conversation_id AND m.object_id <> o.id AND m.account_id = mc.account_id $archived_by_id AND mc.is_deleted = 0 $trashed_by_id AND $stateConditions), TRUE, $stateConditions)"; //} else { $conversation_cond = ""; $box_cond = "AND $stateConditions"; //} /*return self::findByContext(array('limit' => $limit, 'offset' => $start, 'order' => "$order_by $dir", 'extra_conditions' => "$accountConditions $classified $read $conversation_cond $box_cond")); */ return self::instance()->listing(array( 'limit' => $limit, 'start' => $start, 'order' => $order_by, 'order_dir' => $dir, 'extra_conditions' => "$accountConditions $classified $read $conversation_cond $box_cond", //'count_results' => false, 'join_params' => $join_params )); }
/** * Return true is $user can access an $object. False otherwise. * * @param Contact $user * @param array $members * @param $object_type_id * @return boolean */ function can_access(Contact $user, $members, $object_type_id, $access_level, $allow_super_admin = true) { if ($allow_super_admin && $user->isAdministrator()) { return true; } $write = $access_level == ACCESS_LEVEL_WRITE; $delete = $access_level == ACCESS_LEVEL_DELETE; if ($user->isGuest() && $access_level != ACCESS_LEVEL_READ) { return false; } try { $contact_pg_ids = ContactPermissionGroups::getPermissionGroupIdsByContactCSV($user->getId(), false); $allow_all_cache = array(); $dimension_query_methods = array(); // if no manageable member then check if user has permissions wihout classifying $manageable_members = array(); foreach ($members as $mem) { if ($mem instanceof Member && $mem->getDimension()->getIsManageable() && $mem->getDimension()->getDefinesPermissions()) { $manageable_members[] = $mem->getId(); } } if (count($manageable_members) == 0) { $return = false; if (config_option('let_users_create_objects_in_root') && $contact_pg_ids != "" && ($user->isAdminGroup() || $user->isExecutive() || $user->isManager())) { $cond = $delete ? 'AND can_delete = 1' : ($write ? 'AND can_write = 1' : ''); $cmp = ContactMemberPermissions::findOne(array('conditions' => "member_id=0 AND object_type_id={$object_type_id} AND permission_group_id IN ({$contact_pg_ids}) {$cond}")); $return = $cmp instanceof ContactMemberPermission; } return $return; } $max_role_ot_perm = MaxRoleObjectTypePermissions::instance()->findOne(array('conditions' => "object_type_id='{$object_type_id}' AND role_id = '" . $user->getUserType() . "'")); $enabled_dimensions = config_option('enabled_dimensions'); $dimension_permissions = array(); foreach ($members as $k => $m) { if (!$m instanceof Member) { unset($members[$k]); continue; } $dimension = $m->getDimension(); if (!$dimension->getDefinesPermissions() || !in_array($dimension->getId(), $enabled_dimensions)) { continue; } $dimension_id = $dimension->getId(); if (!isset($dimension_permissions[$dimension_id])) { $dimension_permissions[$dimension_id] = false; } if (!$dimension_permissions[$dimension_id]) { if ($m->canContainObject($object_type_id)) { if (!isset($dimension_query_methods[$dimension->getId()])) { $dimension_query_methods[$dimension->getId()] = $dimension->getPermissionQueryMethod(); } //dimension defines permissions and user has maximum level of permissions if (isset($allow_all_cache[$dimension_id])) { $allow_all = $allow_all_cache[$dimension_id]; } else { $allow_all = $dimension->hasAllowAllForContact($contact_pg_ids); $allow_all_cache[$dimension_id] = $allow_all; } if ($allow_all) { $dimension_permissions[$dimension_id] = true; } //check individual members if (!$dimension_permissions[$dimension_id] && ContactMemberPermissions::contactCanReadObjectTypeinMember($contact_pg_ids, $m->getId(), $object_type_id, $write, $delete, $user)) { if ($max_role_ot_perm) { if ($access_level == ACCESS_LEVEL_DELETE && $max_role_ot_perm->getCanDelete() || $access_level == ACCESS_LEVEL_WRITE && $max_role_ot_perm->getCanWrite() || $access_level == ACCESS_LEVEL_READ) { $dimension_permissions[$dimension_id] = true; } } } } else { unset($dimension_permissions[$dimension_id]); } } } $allowed = true; // check that user has permissions in all mandatory query method dimensions $mandatory_count = 0; foreach ($dimension_query_methods as $dim_id => $qmethod) { if (!in_array($dim_id, $enabled_dimensions)) { continue; } if ($qmethod == DIMENSION_PERMISSION_QUERY_METHOD_MANDATORY) { $mandatory_count++; if (!array_var($dimension_permissions, $dim_id)) { // if one of the members belong to a mandatory dimension and user does not have permissions on it then return false return false; } } } // If no members in mandatory dimensions then check for not mandatory ones if ($allowed && $mandatory_count == 0) { foreach ($dimension_query_methods as $dim_id => $qmethod) { if ($qmethod == DIMENSION_PERMISSION_QUERY_METHOD_NOT_MANDATORY) { if (array_var($dimension_permissions, $dim_id)) { // if has permissions over any member of a non mandatory dimension then return true return true; } else { $allowed = false; } } } } if ($allowed && count($dimension_permissions)) { return true; } // Si hasta aca tienen perm en todas las dim, return true. Si hay alguna que no tiene perm sigo //Check Context Permissions $member_ids = array(); foreach ($members as $member_obj) { $member_ids[] = $member_obj->getId(); } $allowed_members = ContactMemberPermissions::getActiveContextPermissions($user, $object_type_id, $members, $member_ids, $write, $delete); $count = 0; foreach ($members as $m) { $count++; if (!in_array($m->getId(), $allowed_members)) { return false; } else { if ($count == count($members)) { return true; } } } } catch (Exception $e) { tpl_assign('error', $e); return false; } return false; }