/** * * @param Contact $user * @param array $permissions * @param ContactPermissionGroup $group */ function afterUserPermissionChanged($user, $permissions, $group = null) { //get members ids $membersIds = array(); if (is_null($group)) { //get all members affected from $permission foreach ($permissions as $permission) { $memberId = $permission->m; if (!in_array($memberId, $membersIds)) { $membersIds[] = $memberId; } } } else { // dimension $dimensions = Dimensions::findAll(); $contact_pg_ids = $group->getId(); //get all allowed members for the group $allowed_members = array(); foreach ($dimensions as $dimension) { $member_list = array(); if ($dimension->getDefinesPermissions()) { $member_list = DB::executeAll("SELECT * FROM " . TABLE_PREFIX . "members WHERE dimension_id = " . $dimension->getId() . " ORDER BY id"); } foreach ($member_list as $dim_member) { if (ContactMemberPermissions::instance()->contactCanAccessMemberAll($contact_pg_ids, $dim_member['id'], $user, ACCESS_LEVEL_READ, false)) { $allowed_members[] = $dim_member['id']; } } } $membersIds = $allowed_members; } foreach ($membersIds as $member_id) { ContactMemberCaches::updateContactMemberCache($user, $member_id); } }
/** * @return Dimension */ static function findByCode($code) { if (count(self::$dimensions_by_code) == 0) { $dims = Dimensions::findAll(); foreach ($dims as $dim) self::$dimensions_by_code[$dim->getCode()] = $dim; } return array_var(self::$dimensions_by_code, $code); }
function workspaces_custom_reports_additional_columns($args, &$ret) { $dimensions = Dimensions::findAll(array("conditions" => "code IN ('workspaces','tags')")); foreach ($dimensions as $dimension) { $doptions = $dimension->getOptions(true); if ($doptions && isset($doptions->useLangs) && $doptions->useLangs) { $name = lang($dimension->getCode()); } else { $name = $dimension->getName(); } $ret[] = array('id' => 'dim_' . $dimension->getId(), 'name' => $name, 'type' => DATA_TYPE_STRING); } }
function workspaces_custom_reports_additional_columns($args, &$ret) { $ot = array_var($args, 'object_type'); if ($ot instanceof ObjectType && in_array($ot->getType(), array('dimension_object', 'dimension_group'))) { return; } $dimensions = Dimensions::findAll(array("conditions" => "code IN ('workspaces','tags')")); foreach ($dimensions as $dimension) { if (in_array($dimension->getId(), config_option('enabled_dimensions'))) { $name = $dimension->getName(); $ret[] = array('id' => 'dim_' . $dimension->getId(), 'name' => $name, 'type' => DATA_TYPE_STRING); } } }
function linked_object_filters() { $genid = gen_id(); $html = "<div class='linked-objects-member-filters'>"; $context = active_context(); $dimensions = Dimensions::findAll(array('conditions' => 'is_manageable = 1')); foreach ($dimensions as $dimension) { $dimension_id = $dimension->getId(); $sel_name = ""; $sel_id = 0; foreach ($context as $selection) { if ($selection instanceof Member && $selection->getDimensionId() == $dimension_id) { $sel_name = clean($selection->getName()); $sel_id = $selection->getId(); } } $html .= '<div class="lo-member-selector"><div class="selector-label">'.lang('filter by '.$dimension->getCode()).'</div>'; $autocomplete_options = array(); $dim_controller = new DimensionController(); $members = $dim_controller->initial_list_dimension_members($dimension_id, null, null, false, "", null, false, null, true, array()); foreach ($members as $m) { $autocomplete_options[] = array($m['id'], $m['name'], $m['path'], $m['to_show'], $m['ico'], $m['dim']); } $combo_listeners = array( "select" => "function (combo, record, index) { Ext.getCmp('dimFilter').fireEvent('memberselected', record.data); }", ); $html .= autocomplete_member_combo("member_autocomplete-dim".$dimension_id, $dimension_id, $autocomplete_options, lang($dimension->getCode()), array('class' => 'member-name-input', 'selected_name' => $sel_name), false, $genid .'add-member-input-dim'. $dimension_id, $combo_listeners); $html .= "</div>"; if ($sel_id > 0) { $html .= "<script>Ext.getCmp('obj_picker_grid').member_filter[$dimension_id] = $sel_id;</script>"; } } $html .= '<div class="buttons"><button onclick="Ext.getCmp(\'dimFilter\').fireEvent(\'clearfilters\', \''.$genid.'\');">'.lang('remove all filters').'</button></div>'; $html .= '</div>'; die($html); }
<?php $dimensions_info = array(); $dimensions = Dimensions::findAll(); foreach ($dimensions as $dimension) { if (in_array($dimension->getCode(), array('feng_users', 'feng_persons'))) { continue; } if (!isset($dimensions_info[$dimension->getName()])) { $dimensions_info[$dimension->getName()] = array('id' => $dimension->getId(), 'members' => array()); } } $members = $object->getMembers(); foreach ($members as $member) { /* @var $member Member */ $dimension = $member->getDimension(); if (in_array($dimension->getCode(), array('feng_users', 'feng_persons'))) { continue; } if (!can_read(logged_user(), array($member), $object->getObjectTypeId())) { continue; } if (!isset($dimensions_info[$dimension->getName()])) { $dimensions_info[$dimension->getName()] = array('members' => array(), 'icon' => $member->getIconClass()); } if (!isset($dimensions_info[$dimension->getName()]['icon'])) { $dimensions_info[$dimension->getName()]['icon'] = $member->getIconClass(); } $parents = array_reverse($member->getAllParentMembersInHierarchy(true)); foreach ($parents as $p) { $dimensions_info[$dimension->getName()]['members'][$p->getId()] = array('p' => $p->getParentMemberId(), 'name' => $p->getName(), 'ot' => $p->getObjectTypeId(), 'color' => $p->getMemberColor());
function load_dimensions_info() { ajx_current("empty"); $dimensions = Dimensions::findAll(); $dim_names = array(); foreach ($dimensions as $dim) { $dim_name = clean($dim->getName()); $dim_names[$dim->getId()] = array("name" => $dim_name); } ajx_extra_data(array("dim_names" => $dim_names)); }
function dimension_options() { if (!can_manage_dimensions(logged_user())) { flash_error(lang('no access permissions')); ajx_current("empty"); return; } $enabled_dimensions = config_option('enabled_dimensions'); // custom dimension name $dimensions = Dimensions::findAll(array('conditions' => 'id IN (' . implode(',', $enabled_dimensions) . ')')); $custom_dimension_names = array(); foreach ($dimensions as $dim) { $cdim_name = $dim->getOptionValue('custom_dimension_name'); if (is_null($cdim_name)) { $cdim_name = ""; } $custom_dimension_names[$dim->getId()] = $cdim_name; } // enabled dimension object types $dots = DimensionObjectTypes::findAll(array('conditions' => 'dimension_id IN (' . implode(',', $enabled_dimensions) . ')')); tpl_assign('custom_dimension_names', $custom_dimension_names); tpl_assign('dimension_ots', $dots); }
/** * Add/edit Dimension Members * * @access public * @param void * @return null */ function edit_members() { if (!can_manage_dimension_members(logged_user())) { flash_error(lang('no access permissions')); ajx_current("empty"); return; } // if $dimensions = Dimensions::findAll(array('conditions' => '`is_manageable` = 1')); $members = array(); foreach ($dimensions as $dim) { $dimensions = Dimensions::findAll(array('conditions' => '`is_manageable` = 1')); $members = array(); foreach ($dimensions as $dim) { $root_members = Members::findAll(array('conditions' => array('`dimension_id`=? AND `parent_member_id`=0', $dim->getId()), 'order' => '`name` ASC')); foreach ($root_members as $mem) { $members[$dim->getId()][] = $mem; $members[$dim->getId()] = array_merge($members[$dim->getId()], $mem->getAllChildrenSorted()); } } } tpl_assign('members', $members); tpl_assign('dimensions', $dimensions); }
function add_to_members($object, $member_ids, $user = null, $check_allowed_members = true) { if (!$user instanceof Contact) { $user = logged_user(); } // clean member_ids $tmp_mids = array(); foreach ($member_ids as $mid) { if (!is_null($mid) && trim($mid) != "") { $tmp_mids[] = $mid; } } $member_ids = $tmp_mids; if ($user->isGuest()) { flash_error(lang('no access permissions')); ajx_current("empty"); return; } if (isset($_POST['trees_not_loaded']) && $_POST['trees_not_loaded'] > 0) { return; } $required_dimension_ids = array(); $dimension_object_types = $object->getDimensionObjectTypes(); foreach ($dimension_object_types as $dot) { if ($dot->getIsRequired()) { $required_dimension_ids[] = $dot->getDimensionId(); } } $required_dimensions = Dimensions::findAll(array("conditions" => "id IN (" . implode(",", $required_dimension_ids) . ") OR is_required=1")); // If not entered members /*if (count($member_ids) <= 0){ $throw_error = true; if (Plugins::instance()->isActivePlugin('core_dimensions')) { $personal_member = Members::findById($user->getPersonalMemberId()); if ($personal_member instanceof Member) { $member_ids[] = $user->getPersonalMemberId(); } } }*/ if (count($member_ids) > 0) { $enteredMembers = Members::findAll(array('conditions' => 'id IN (' . implode(",", $member_ids) . ')')); } else { $enteredMembers = array(); } $manageable_members = array(); foreach ($enteredMembers as $ent_mem) { if ($ent_mem->getDimension()->getIsManageable() && $ent_mem->getDimension()->getDefinesPermissions()) { $manageable_members[] = $ent_mem; } } if (!can_add($user, $check_allowed_members ? $object->getAllowedMembersToAdd($user, $manageable_members) : $manageable_members, $object->getObjectTypeId()) && !($object instanceof TemplateTask || $object instanceof TemplateMilestone || $object instanceof Contact && $object->isUser())) { $dinfos = DB::executeAll("SELECT name, code, options FROM " . TABLE_PREFIX . "dimensions WHERE is_manageable = 1"); $dimension_names = array(); foreach ($dinfos as $dinfo) { $dimension_names[] = json_decode($dinfo['options'])->useLangs ? lang($dinfo['code']) : $dinfo['name']; } throw new Exception(lang('must choose at least one member of', implode(', ', $dimension_names))); ajx_current("empty"); return; } $removedMemebersIds = $object->removeFromMembers($user, $enteredMembers); /* @var $object ContentDataObject */ $validMembers = $check_allowed_members ? $object->getAllowedMembersToAdd($user, $enteredMembers) : $enteredMembers; foreach ($required_dimensions as $rdim) { $exists = false; foreach ($validMembers as $m) { if ($m->getDimensionId() == $rdim->getId()) { $exists = true; break; } } if (!$exists) { throw new Exception(lang('must choose at least one member of', $rdim->getName())); } } $object->addToMembers($validMembers, true); Hook::fire('after_add_to_members', $object, $validMembers); Hook::fire('after_remove_members_from_object', $object, $removedMemebersIds); $object->addToSharingTable(); //add to the object instance the members only if members value of the object is not null //because in that case when we ask for the members of the object we load them from db if (!is_null($object->members)) { $object->members = $validMembers; } return $validMembers; }
if (config_option('let_users_create_objects_in_root') && ($user->isAdminGroup() || $user->isExecutive() || $user->isManager())) { $all_object_types = ObjectTypes::instance()->findAll(array('conditions' => "type IN ('content_object', 'located') AND type NOT IN ('comment') AND name <> 'file revision' AND name <> 'template_task' AND name <> 'template_milestone' AND `name` <> 'template' AND\r\n\t\t\t\t\t(plugin_id IS NULL OR plugin_id = 0 OR plugin_id IN (SELECT id FROM " . TABLE_PREFIX . "plugins WHERE is_activated > 0 AND is_installed > 0))")); foreach ($all_object_types as $ot) { $root_permissions[$ot->getId()] = array('w' => 1, 'd' => 1, 'r' => 1); } } // Set role permissions for active members $sel_members = array(); $member_permissions = array(); $allowed_user_type_ids = config_option('give_member_permissions_to_new_users'); $role_ot_permissions = RoleObjectTypePermissions::findAll(array('conditions' => "role_id = '{$user_type}' AND object_type_id NOT IN (SELECT id FROM " . TABLE_PREFIX . "object_types WHERE name IN ('template','comment'))")); $members_with_permissions = array(); if (in_array($user_type, $allowed_user_type_ids)) { $enabled_dimension_ids = config_option('enabled_dimensions'); if (count($enabled_dimension_ids) > 0) { $dimension_ids = Dimensions::findAll(array('id' => true, 'conditions' => "id in (" . implode(',', $enabled_dimension_ids) . ") AND defines_permissions=1 AND is_manageable=1")); if (count($dimension_ids) > 0) { $members_with_permissions = Members::findAll(array('id' => true, 'conditions' => "dimension_id IN (" . implode(',', $dimension_ids) . ")")); } } } $active_context = active_context(); if (is_array($active_context) && count($active_context) > 0) { foreach ($active_context as $selection) { if ($selection instanceof Member) { $members_with_permissions[] = $selection->getId(); } } } foreach ($members_with_permissions as $member_id) { foreach ($role_ot_permissions as $p) {
function save_permissions($pg_id, $is_guest = false, $permissions_data = null, $save_cmps = true, $update_sharing_table = true, $fire_hook = true, $update_contact_member_cache = true, $users_ids_to_check = array(), $only_member_permissions = false) { if (is_null($permissions_data)) { // system permissions $sys_permissions_data = array_var($_POST, 'sys_perm'); // module permissions $mod_permissions_data = array_var($_POST, 'mod_perm'); // root permissions if ($rp_genid = array_var($_POST, 'root_perm_genid')) { $rp_permissions_data = array(); foreach ($_POST as $name => $value) { if (str_starts_with($name, $rp_genid . 'rg_root_')) { $rp_permissions_data[$name] = $value; } } } // member permissions $permissionsString = array_var($_POST, 'permissions'); } else { // system permissions $sys_permissions_data = array_var($permissions_data, 'sys_perm'); // module permissions $mod_permissions_data = array_var($permissions_data, 'mod_perm'); // root permissions $rp_genid = array_var($permissions_data, 'root_perm_genid'); $rp_permissions_data = array_var($permissions_data, 'root_perm'); // member permissions $permissionsString = array_var($permissions_data, 'permissions'); } try { DB::beginWork(); $changed_members = array(); // save module permissions if (!$only_member_permissions) { try { TabPanelPermissions::clearByPermissionGroup($pg_id, true); if (!is_null($mod_permissions_data) && is_array($mod_permissions_data)) { foreach ($mod_permissions_data as $tab_id => $val) { DB::execute("INSERT INTO " . TABLE_PREFIX . "tab_panel_permissions (permission_group_id,tab_panel_id) VALUES ('{$pg_id}','{$tab_id}') ON DUPLICATE KEY UPDATE permission_group_id=permission_group_id"); } } } catch (Exception $e) { Logger::log("Error saving module permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString()); throw $e; } } $root_permissions_sharing_table_delete = array(); $root_permissions_sharing_table_add = array(); if (logged_user() instanceof Contact && can_manage_security(logged_user())) { try { if (!$only_member_permissions) { // save system permissions $system_permissions = SystemPermissions::findById($pg_id); if (!$system_permissions instanceof SystemPermission) { $system_permissions = new SystemPermission(); $system_permissions->setPermissionGroupId($pg_id); } $system_permissions->setAllPermissions(false); $other_permissions = array(); Hook::fire('add_user_permissions', $pg_id, $other_permissions); foreach ($other_permissions as $k => $v) { $system_permissions->setColumnValue($k, false); } // check max permissions for role, in case of modifying user's permissions $role_id = "-1"; $tmp_contact = Contacts::findOne(array('conditions' => 'permission_group_id = ' . $pg_id)); if ($tmp_contact instanceof Contact) { $role_id = $tmp_contact->getUserType(); } $max_role_system_permissions = MaxSystemPermissions::findOne(array('conditions' => 'permission_group_id = ' . $role_id)); if ($max_role_system_permissions instanceof MaxSystemPermission) { foreach ($sys_permissions_data as $col => &$val) { $max_val = $max_role_system_permissions->getColumnValue($col); if (!$max_val) { unset($sys_permissions_data[$col]); } } } // don't allow to write emails for collaborators and guests if ($tmp_contact instanceof Contact) { $user_type_name = $tmp_contact->getUserTypeName(); if (!in_array($user_type_name, array('Super Administrator', 'Administrator', 'Manager', 'Executive'))) { $mail_ot = ObjectTypes::findByName('mail'); if ($mail_ot instanceof ObjectType) { DB::executeAll("UPDATE " . TABLE_PREFIX . "contact_member_permissions SET can_write=0, can_delete=0 WHERE object_type_id=" . $mail_ot->getId() . " AND permission_group_id={$pg_id}"); } } } $sys_permissions_data['can_task_assignee'] = !$is_guest; $system_permissions->setFromAttributes($sys_permissions_data); $system_permissions->setUseOnDuplicateKeyWhenInsert(true); $system_permissions->save(); //object type root permissions $can_have_root_permissions = config_option('let_users_create_objects_in_root') && in_array($user_type_name, array('Super Administrator', 'Administrator', 'Manager', 'Executive')); if ($rp_genid && $can_have_root_permissions) { ContactMemberPermissions::delete("permission_group_id = {$pg_id} AND member_id = 0"); foreach ($rp_permissions_data as $name => $value) { if (str_starts_with($name, $rp_genid . 'rg_root_')) { $rp_ot = substr($name, strrpos($name, '_') + 1); if (is_numeric($rp_ot) && $rp_ot > 0 && $value == 0) { $root_permissions_sharing_table_delete[] = $rp_ot; } if (!is_numeric($rp_ot) || $rp_ot <= 0 || $value < 1) { continue; } $root_permissions_sharing_table_add[] = $rp_ot; // save with member_id = 0 $root_perm_cmp = new ContactMemberPermission(); $root_perm_cmp->setPermissionGroupId($pg_id); $root_perm_cmp->setMemberId('0'); $root_perm_cmp->setObjectTypeId($rp_ot); $root_perm_cmp->setCanWrite($value >= 2); $root_perm_cmp->setCanDelete($value >= 3); $root_perm_cmp->save(); } } } if (!$can_have_root_permissions) { ContactMemberPermissions::delete("permission_group_id = {$pg_id} AND member_id = 0"); $sh_controller = new SharingTableController(); $all_object_type_ids = ObjectTypes::findAll(array('id' => true)); $sh_controller->adjust_root_permissions($pg_id, array('root_permissions_sharing_table_delete' => $all_object_type_ids)); } } } catch (Exception $e) { Logger::log("Error saving system and root permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString()); throw $e; } } // set all permissions to read_only if user is guest if ($is_guest) { try { $all_saved_permissions = ContactMemberPermissions::findAll(array("conditions" => "`permission_group_id` = {$pg_id}")); foreach ($all_saved_permissions as $sp) { /* @var $sp ContactMemberPermission */ if ($sp->getCanDelete() || $sp->getCanWrite()) { $sp->setCanDelete(false); $sp->setCanWrite(false); $sp->save(); } } $cdps = ContactDimensionPermissions::findAll(array("conditions" => "`permission_type` = 'allow all'")); foreach ($cdps as $cdp) { $cdp->setPermissionType('check'); $cdp->save(); } } catch (Exception $e) { Logger::log("Error setting guest user permissions to read_only for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString()); throw $e; } } // check the status of the changed dimensions to set 'allow_all', 'deny_all' or 'check' try { $dimensions = Dimensions::findAll(array("conditions" => array("`id` IN (SELECT DISTINCT `dimension_id` FROM " . Members::instance()->getTableName(true) . " WHERE `id` IN (?))", $changed_members))); foreach ($dimensions as $dimension) { $dimension->setContactDimensionPermission($pg_id, 'check'); } } catch (Exception $e) { Logger::log("Error setting dimension permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString()); throw $e; } //member permissions if ($permissionsString && $permissionsString != '') { $permissions = json_decode($permissionsString); } if (isset($permissions) && !is_null($permissions) && is_array($permissions)) { try { $tmp_contact = Contacts::findOne(array('conditions' => 'permission_group_id = ' . $pg_id)); if ($tmp_contact instanceof Contact) { $user_type_name = $tmp_contact->getUserTypeName(); $role_id = $tmp_contact->getUserType(); $max_role_ot_perms = MaxRoleObjectTypePermissions::instance()->findAll(array('conditions' => "role_id = '{$role_id}'")); } $mail_ot = ObjectTypes::findByName('mail'); $sql_insert_values = ""; $member_object_types_to_delete = array(); $allowed_members_ids = array(); foreach ($permissions as &$perm) { if (!isset($all_perm_deleted[$perm->m])) { $all_perm_deleted[$perm->m] = true; } $allowed_members_ids[$perm->m] = array(); $allowed_members_ids[$perm->m]['pg'] = $pg_id; if ($perm->r) { if (isset($allowed_members_ids[$perm->m]['w'])) { if ($allowed_members_ids[$perm->m]['w'] != 1) { $allowed_members_ids[$perm->m]['w'] = $is_guest ? false : $perm->w; } } else { $allowed_members_ids[$perm->m]['w'] = $is_guest ? false : $perm->w; } if (isset($allowed_members_ids[$perm->m]['d'])) { if ($allowed_members_ids[$perm->m]['d'] != 1) { $allowed_members_ids[$perm->m]['d'] = $is_guest ? false : $perm->d; } } else { $allowed_members_ids[$perm->m]['d'] = $is_guest ? false : $perm->d; } // check max permissions for user type if ($tmp_contact instanceof Contact) { $max_perm = null; foreach ($max_role_ot_perms as $max_role_ot_perm) { if ($max_role_ot_perm->getObjectTypeId() == $perm->o) { $max_perm = $max_role_ot_perm; } } if ($max_perm) { if (!$max_perm->getCanDelete()) { $perm->d = 0; } if (!$max_perm->getCanWrite()) { $perm->w = 0; } } else { $perm->d = 0; $perm->w = 0; $perm->r = 0; } } if ($save_cmps) { // don't allow to write emails for collaborators and guests if ($tmp_contact instanceof Contact && !in_array($user_type_name, array('Super Administrator', 'Administrator', 'Manager', 'Executive'))) { if ($mail_ot instanceof ObjectType && $perm->o == $mail_ot->getId()) { $perm->d = 0; $perm->w = 0; } } $sql_insert_values .= ($sql_insert_values == "" ? "" : ",") . "('" . $pg_id . "','" . $perm->m . "','" . $perm->o . "','" . $perm->d . "','" . $perm->w . "')"; if (!isset($member_object_types_to_delete[$perm->m])) { $member_object_types_to_delete[$perm->m] = array(); } $member_object_types_to_delete[$perm->m][] = $perm->o; } $all_perm_deleted[$perm->m] = false; } else { if (is_numeric($perm->m) && is_numeric($perm->o)) { DB::execute("DELETE FROM " . TABLE_PREFIX . "contact_member_permissions WHERE member_id='" . $perm->m . "' AND object_type_id='" . $perm->o . "' AND permission_group_id={$pg_id}"); } } $changed_members[] = $perm->m; } if ($save_cmps) { if (count($all_perm_deleted) > 0) { $member_ids_to_delete = array(); foreach ($all_perm_deleted as $mid => $del) { // also check in contact_member_permissions $cmps = ContactMemberPermissions::findAll(array('conditions' => 'permission_group_id=' . $pg_id . " AND member_id={$mid}")); if ($del && (!is_array($cmps) || count($cmps) == 0)) { $member_ids_to_delete[] = $mid; } } if (count($member_ids_to_delete) > 0) { DB::execute("DELETE FROM " . TABLE_PREFIX . "contact_member_permissions WHERE member_id IN (" . implode(',', $member_ids_to_delete) . ") AND permission_group_id={$pg_id}"); } } foreach ($member_object_types_to_delete as $mid => $obj_type_ids) { if (count($obj_type_ids) > 0) { DB::execute("DELETE FROM " . TABLE_PREFIX . "contact_member_permissions WHERE member_id={$mid} AND object_type_id IN (" . implode(',', $obj_type_ids) . ") AND permission_group_id={$pg_id}"); } } if ($sql_insert_values != "") { DB::execute("INSERT INTO " . TABLE_PREFIX . "contact_member_permissions (permission_group_id, member_id, object_type_id, can_delete, can_write) VALUES {$sql_insert_values} ON DUPLICATE KEY UPDATE member_id=member_id"); } } } catch (Exception $e) { Logger::log("Error saving member permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString()); throw $e; } } DB::commit(); } catch (Exception $e) { Logger::log("Error saving permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString()); DB::rollback(); } try { if (isset($permissions) && !is_null($permissions) && is_array($permissions)) { if ($update_sharing_table) { try { $sharingTablecontroller = new SharingTableController(); $rp_info = array('root_permissions_sharing_table_delete' => $root_permissions_sharing_table_delete, 'root_permissions_sharing_table_add' => $root_permissions_sharing_table_add); $sharingTablecontroller->afterPermissionChanged($pg_id, $permissions, $rp_info); } catch (Exception $e) { Logger::log("Error saving permissions to sharing table for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString()); throw $e; } } if ($update_contact_member_cache) { try { $contactMemberCacheController = new ContactMemberCacheController(); $group = PermissionGroups::findById($pg_id); $real_group = null; if ($group->getType() == 'user_groups') { $real_group = $group; } $users = $group->getUsers(); $users_ids_checked = array(); foreach ($users as $us) { $users_ids_checked[] = $us->getId(); $contactMemberCacheController->afterUserPermissionChanged($us, $permissions, $real_group); } //check all users related to the group foreach ($users_ids_to_check as $us_id) { if (!in_array($us_id, $users_ids_checked)) { $users_ids_checked[] = $us_id; $us = Contacts::findById($us_id); if ($us instanceof Contact) { $contactMemberCacheController->afterUserPermissionChanged($us, $permissions, $real_group); } } } } catch (Exception $e) { Logger::log("Error saving permissions to contact member cache for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString()); throw $e; } } } } catch (Exception $e) { Logger::log("Error saving module permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString()); } if ($fire_hook) { Hook::fire('after_save_contact_permissions', $pg_id, $pg_id); } // remove contact object from members where permissions were deleted $user = Contacts::findOne(array('conditions' => 'permission_group_id=' . $pg_id)); if ($user instanceof Contact) { $to_remove = array(); if (isset($all_perm_deleted) && is_array($all_perm_deleted)) { foreach ($all_perm_deleted as $m_id => $must_remove) { if ($must_remove) { $to_remove[] = $m_id; } } ObjectMembers::removeObjectFromMembers($user, logged_user(), null, $to_remove); } } }
function dimensions_js() { session_write_close(); header("Content-Type: text/javascript"); $dimensions = Dimensions::findAll(); echo "og.dimensions = [];\n"; foreach ($dimensions as $dim) { $members = $dim->getAllMembers(); echo "var members = [];\n"; foreach ($members as $member) { echo "members[" . $member->getId() . "] = {\n"; echo " id: " . $member->getId() . ",\n"; echo " name:'" . str_replace(array("'", "\\"), array("", "\\\\"), clean($member->getName())) . "',\n"; echo " ot:" . $member->getObjectTypeId() . ",\n"; echo " ico:'" . $member->getIconClass() . "'\n"; echo "};\n"; } echo "og.dimensions[" . $dim->getId() . "] = members;\n\n"; } exit; }
/** * * */ function addToSharingTable() { $oid = $this->getId(); $tid = $this->getObjectTypeId() ; $gids = array(); $table_prefix = defined('FORCED_TABLE_PREFIX') && FORCED_TABLE_PREFIX ? FORCED_TABLE_PREFIX : TABLE_PREFIX; //1. clear sharing table for this object SharingTables::delete("object_id=$oid"); //2. get dimensions of this object's members that defines permissions $res = DB::execute("SELECT d.id as did FROM ".$table_prefix."dimensions d INNER JOIN ".$table_prefix."members m on m.dimension_id=d.id WHERE m.id IN ( SELECT member_id FROM ".$table_prefix."object_members WHERE object_id = $oid AND is_optimization = 0 ) AND d.defines_permissions = 1"); $dids_tmp = array(); while ($row = $res->fetchRow() ) { $dids_tmp[$row['did']] = $row['did'] ; } $res->free(); $dids = array_values($dids_tmp); $dids_tmp = null; $sql_from = "".$table_prefix."contact_member_permissions cmp INNER JOIN ".$table_prefix."members m ON m.id = cmp.member_id INNER JOIN ".$table_prefix."dimensions d ON d.id = m.dimension_id"; $sql_where = "member_id IN ( SELECT member_id FROM ".$table_prefix."object_members WHERE object_id = $oid AND is_optimization = 0) AND cmp.object_type_id = $tid"; //3. If there are dimensions that defines permissions containing any of the object members if ( count($dids) ){ // 3.1 get permission groups with permissions over the object. $sql_fields = "permission_group_id AS group_id"; $sql = " SELECT $sql_fields FROM $sql_from WHERE $sql_where AND d.id IN (". implode(',',$dids).")"; $res = DB::execute($sql); $gids_tmp = array(); while ( $row = $res->fetchRow() ) { $gids_tmp[$row['group_id']] = $row['group_id']; } $res->free(); // allow all permission groups $allow_all_rows = DB::executeAll("SELECT DISTINCT permission_group_id FROM ".$table_prefix."contact_dimension_permissions cdp INNER JOIN ".$table_prefix."members m on m.dimension_id=cdp.dimension_id WHERE cdp.permission_type='allow all' AND cdp.dimension_id IN (". implode(',',$dids).");"); if (is_array($allow_all_rows)) { foreach ($allow_all_rows as $row) { $gids_tmp[$row['permission_group_id']] = $row['permission_group_id']; } } $gids = array_values($gids_tmp); $gids_tmp = null; // check for mandatory dimensions $mandatory_dim_ids = Dimensions::findAll(array('id' => true, 'conditions' => "`defines_permissions`=1 AND `permission_query_method`='".DIMENSION_PERMISSION_QUERY_METHOD_MANDATORY."'")); if (count($gids) > 0 && count($mandatory_dim_ids) > 0) { $sql = "SELECT om.member_id, m.dimension_id FROM ".$table_prefix."object_members om INNER JOIN ".$table_prefix."members m ON m.id=om.member_id INNER JOIN ".$table_prefix."dimensions d ON d.id=m.dimension_id WHERE om.object_id = $oid AND om.is_optimization = 0 AND d.id IN (".implode(",", $mandatory_dim_ids).")"; // Object members in mandatory dimensions $object_member_ids_res = DB::executeAll($sql); $mandatory_dim_members = array(); if (!is_null($object_member_ids_res)) { foreach ($object_member_ids_res as $row) { if (!isset($mandatory_dim_members[$row['dimension_id']])) $mandatory_dim_members[$row['dimension_id']] = array(); $mandatory_dim_members[$row['dimension_id']][] = $row['member_id']; } $mandatory_dim_allowed_pgs = array(); // Check foreach group that it has permissions over at least one member of each mandatory dimension foreach ($mandatory_dim_members as $mdim_id => $mmember_ids) { $sql = "SELECT pg.id FROM ".$table_prefix."permission_groups pg INNER JOIN ".$table_prefix."contact_dimension_permissions cdp ON cdp.permission_group_id=pg.id INNER JOIN ".$table_prefix."contact_member_permissions cmp ON cmp.permission_group_id=pg.id WHERE cdp.dimension_id = '$mdim_id' AND ( cdp.permission_type='allow all' OR cdp.permission_type='check' AND cmp.permission_group_id IN (".implode(',', $gids).") AND cmp.member_id IN (".implode(',', $mmember_ids).") )"; $permission_groups_res = DB::executeAll($sql); $mandatory_dim_allowed_pgs[$mdim_id] = array(); if (!is_null($permission_groups_res)) { foreach ($permission_groups_res as $row) { if (!in_array($row['id'], $mandatory_dim_allowed_pgs[$mdim_id])) $mandatory_dim_allowed_pgs[$mdim_id][] = $row['id']; } } } if (isset($mandatory_dim_allowed_pgs) && count($mandatory_dim_allowed_pgs) > 0) { $original_mandatory_dim_allowed_pgs = $mandatory_dim_allowed_pgs; $allowed_gids = array_pop($mandatory_dim_allowed_pgs); foreach ($mandatory_dim_allowed_pgs as $pg_array) { $allowed_gids = array_intersect($allowed_gids, $pg_array); } // If an user has permissions in one dim using a group and in other dim using his personal permissions then add to sharing table its personal permission group $pg_ids = array_unique(array_flat($original_mandatory_dim_allowed_pgs)); $pgs_data = DB::executeAll("SELECT * FROM ".TABLE_PREFIX."permission_groups WHERE id IN (".implode(',',$pg_ids).")"); $contact_pgs = array(); $contact_pg_rows = DB::executeAll("SELECT * FROM ".TABLE_PREFIX."contact_permission_groups WHERE permission_group_id IN (".implode(',',$pg_ids).") ORDER BY permission_group_id"); foreach ($contact_pg_rows as $cpgr) { if (!isset($contact_pgs[$cpgr['contact_id']])) $contact_pgs[$cpgr['contact_id']] = array(); $contact_pgs[$cpgr['contact_id']][] = $cpgr['permission_group_id']; } // each user must have at least one pg for every dimension foreach ($contact_pgs as $contact_id => $permission_groups) { $has_one = array_flip(array_keys($original_mandatory_dim_allowed_pgs)); foreach ($has_one as $k => &$v) $v = false; foreach ($permission_groups as $pg_id) { foreach ($original_mandatory_dim_allowed_pgs as $dim_id => $allowedpgs) { if (in_array($pg_id, $allowedpgs)) { $has_one[$dim_id] = true; break; } } } // all dims must be true in this array to allow permissions $has_permission = !in_array(false, $has_one); if ($has_permission) { $contact_row = DB::executeOne("SELECT permission_group_id FROM ".TABLE_PREFIX."contacts where object_id = $contact_id"); if (is_array($contact_row) && $contact_row['permission_group_id'] > 0) { $allowed_gids[] = $contact_row['permission_group_id']; } } } $gids = array_unique($allowed_gids, SORT_NUMERIC); } else { $gids = array(); } } } }else { if ( count($this->getMemberIds()) > 0 ) { // 3.2 No memeber dimensions defines permissions. // No esta en ninguna dimension que defina permisos, El objecto esta en algun lado // => En todas las dimensiones en la que está no definen permisos => Busco todos los grupos $gids = PermissionGroups::instance()->findAll(array('id' => true)); } } if(count($gids)) { $stManager = SharingTables::instance(); $stManager->populateGroups($gids, $oid); $gids = null; } }
function system_modules() { if (!can_manage_configuration(logged_user())) { flash_error(lang('no access permissions')); ajx_current("empty"); return; } ajx_set_no_toolbar(); $modules = array(); $other_modules = array(); $disabled_modules = array(); // mail $mail_info = null; if (!Plugins::instance()->isActivePlugin('mail')) { $mail_info = array('id' => 'mails-panel', 'name' => lang('email tab'), 'link' => 'http://www.fengoffice.com/web/email.php', 'ico' => 'ico-large-mail'); $disabled_modules[] = $mail_info; } /* $lo_info = array( 'id' => 'liquid-office', 'name' => lang('liquid office'), 'link' => 'https://www.liquid-office.eu/', 'ico' => 'ico-large-liquid-office', ); $disabled_modules[] = $lo_info;*/ $tab_panels = TabPanels::findAll(array('conditions' => "id<>'more-panel' AND (plugin_id is NULL OR plugin_id = 0 OR plugin_id IN (SELECT id FROM " . TABLE_PREFIX . "plugins WHERE is_installed > 0))", 'order' => 'ordering')); foreach ($tab_panels as $panel) { if ($panel->getId() == 'mails-panel' && $mail_info != null) { continue; } $enabled = $panel->getEnabled(); if ($enabled && $panel->getPluginId() > 0) { $plugin = Plugins::findById($panel->getPluginId()); $enabled = $enabled && $plugin instanceof Plugin && $plugin->isActive(); } $modules[] = array('id' => $panel->getId(), 'name' => lang($panel->getTitle()), 'enabled' => $enabled, 'ico' => str_replace('ico-', 'ico-large-', $panel->getIconCls()), 'hint' => escape_character(lang('system module ' . $panel->getId() . ' hint'))); } // gantt $gantt_plugin = Plugins::instance()->findOne(array('conditions' => "name='gantt'")); if ($gantt_plugin instanceof Plugin) { $gantt_info = array('id' => 'gantt', 'name' => lang('gantt chart'), 'enabled' => $gantt_plugin->isActive(), 'ico' => 'ico-large-gantt-module', 'hint' => escape_character(lang('system module gantt hint'))); $other_modules[] = $gantt_info; } /* // member_custom_properties $member_custom_properties_plugin = Plugins::instance()->findOne(array('conditions' => "name='member_custom_properties'")); if ($member_custom_properties_plugin instanceof Plugin) { $member_custom_properties_plugin = array( 'id' => 'member_custom_properties', 'name' => lang('member_custom_properties'), 'enabled' => $member_custom_properties_plugin->isActive(), 'ico' => 'ico-large-custom-properties', 'hint' => str_replace("'", "\'", ""), ); $other_modules[] = $member_custom_properties_plugin; } */ /* // gantt $gantt_info = array( 'id' => 'gantt', 'name' => lang('gantt chart'), 'ico' => 'ico-large-gantt-module', 'hint' => str_replace("'", "\'", lang('system module gantt hint')), ); if (!Plugins::instance()->isActivePlugin('gantt')) { if (Plugins::instance()->isActivePlugin('crpm')) { $disabled_modules[] = $gantt_info; } } else { $other_modules[] = $gantt_info; } // expenses $expenses_info = array( 'id' => 'expenses', 'name' => lang('expenses'), 'ico' => 'ico-large-expenses-module', 'hint' => str_replace("'", "\'", lang('system module expenses-panel hint')), ); if (!Plugins::instance()->isActivePlugin('expenses')) { if (Plugins::instance()->isActivePlugin('crpm')) { $disabled_modules[] = $expenses_info; } } // objectives $expenses_info = array( 'id' => 'objectives', 'name' => lang('objectives'), 'ico' => 'ico-large-objectives-module', 'hint' => str_replace("'", "\'", lang('system module objectives-panel hint')), ); if (!Plugins::instance()->isActivePlugin('objectives')) { if (Plugins::instance()->isActivePlugin('crpm')) { $disabled_modules[] = $expenses_info; } } */ $active_dimensions_tmp = Dimensions::findAll(array('order' => 'default_order')); $active_dimensions = array(); foreach ($active_dimensions_tmp as $dim) { if ($dim->getCode() == 'feng_persons') { continue; } $dname = $dim->getName(); $active_dimensions[$dim->getCode()] = array('id' => $dim->getId(), 'name' => $dname, 'code' => $dim->getCode(), 'ico' => 'ico-large-' . $dim->getCode(), 'hint' => lang('system dimension ' . $dim->getCode() . ' hint')); } $dimensions_set = array_keys($active_dimensions); $other_dimensions = array(); if (!isset($active_dimensions['workspaces'])) { $other_dimensions[] = array('name' => lang('workspaces'), 'ico' => 'ico-large-workspaces', 'hint' => lang('system dimension workspaces hint')); } if (!isset($active_dimensions['tags'])) { $other_dimensions[] = array('name' => lang('tags'), 'ico' => 'ico-large-tags', 'hint' => lang('system dimension tags hint')); } if (!isset($active_dimensions['customer_project'])) { if (Plugins::instance()->isActivePlugin('crpm')) { $other_dimensions[] = array('name' => lang('customer_project'), 'ico' => 'ico-large-customer_project', 'hint' => lang('system dimension customer_project hint')); } } $user_dimension_ids = config_option('enabled_dimensions'); tpl_assign("modules", $modules); tpl_assign("other_modules", $other_modules); tpl_assign("disabled_modules", $disabled_modules); tpl_assign('active_dimensions', $active_dimensions); tpl_assign('other_dimensions', $other_dimensions); tpl_assign('user_dimension_ids', $user_dimension_ids); }
static function prepareAssociationConditions($redefined_context, $dimensions, $properties, $pg_ids, $selection_members) { $is_property = array(); foreach ($properties as $p => $value) { //obtener miembros de la dimension asociada que tienen como propiedad los miembros seleccionados de esta dimension foreach ($value as $v) { $associations = DimensionMemberAssociations::getAllAssociations($v, $p); if (!is_null($associations)) { foreach ($associations as $association) { $is_property[$v] = true; $v_ids_csv = is_array($dimensions[$v]['allowed_members']) && count($dimensions[$v]['allowed_members']) > 0 ? implode(",", $dimensions[$v]['allowed_members']) : '0'; $p_ids_csv = is_array($dimensions[$p]['allowed_members']) && count($dimensions[$p]['allowed_members']) > 0 ? implode(",", $dimensions[$p]['allowed_members']) : '0'; $prop_members = MemberPropertyMembers::getAssociatedMembers($association->getId(), $v_ids_csv, $p_ids_csv); if (count($prop_members) > 0) { $property_members[] = $prop_members; } } } } } // intersect the allowed members for each property $member_intersection = array_var($property_members, 0, array()); if (count($property_members) > 1) { $k = 1; while ($k < count($property_members)) { $member_intersection = array_intersect($member_intersection, $property_members[$k++]); } } $association_conditions = ""; foreach ($redefined_context as $key => $value) { $dimension = Dimensions::getDimensionById($value); $object_types = $dimensions[$value]['object_types']; if (!isset($is_property[$value])) { $member_ids = $dimensions[$value]['allowed_members']; } else { $member_ids = $member_intersection; } $association_conditions .= self::prepareQuery($association_conditions, $dimension, $member_ids, $object_types, $pg_ids, 'AND', $selection_members); } $dims = Dimensions::findAll(); foreach ($dims as $dim) { if (!in_array($dim->getId(), $redefined_context) && !isset($properties[$dim->getId()]) && $dim->canContainObjects()) { $member_ids = array(); $all_members = $dim->getAllMembers(); foreach ($all_members as $member) { $member_ids[] = $member->getId(); } $object_types = DimensionObjectTypeContents::getContentObjectTypeIds($dimension->getId()); $association_conditions .= self::prepareQuery($association_conditions, $dim, $member_ids, $object_types, $pg_ids, 'OR', $selection_members, true); } } return $association_conditions; }
function after_permission_changed($group = null, $permissions = null, $root_perm_info = null) { @set_time_limit(0); $die = false; if ($group == null || $permissions == null) { $die = true; if ($group == null) { $group = array_var($_REQUEST, 'group'); } if ($permissions == null) { $permissions = json_decode(array_var($_REQUEST, 'permissions')); } } // CHECK PARAMETERS if (!count($permissions)) { return false; } if (!is_numeric($group) || !$group) { throw new Error("Error filling sharing table. Invalid Paramenters for afterPermissionChanged method"); } // INIT LOCAL VARS $stManager = SharingTables::instance(); $affectedObjects = array(); $members = array(); $general_condition = ''; $read_condition = ''; $read_conditions = array(); $delete_condition = ''; $delete_conditions = array(); $all_read_conditions = array(); $read_count = 0; $all_del_conditions = array(); $del_count = 0; // BUILD OBJECT_IDs SUB-QUERIES $from = "FROM " . TABLE_PREFIX . "object_members om INNER JOIN " . TABLE_PREFIX . "objects o ON o.id = om.object_id"; foreach ($permissions as $permission) { $memberId = $permission->m; $objectTypeId = $permission->o; if (!$memberId || !$objectTypeId) { continue; } $delete_conditions[] = " ( object_type_id = '{$objectTypeId}' AND om.member_id = '{$memberId}' AND om.is_optimization = 0 ) "; $del_count++; if ($del_count >= 20) { $all_del_conditions[] = $delete_conditions; $delete_conditions = array(); $del_count = 0; } if ($permission->r) { if (!isset($read_conditions[$objectTypeId . "_" . $memberId])) { $read_conditions[$objectTypeId . "_" . $memberId] = " ( object_type_id = '{$objectTypeId}' AND om.member_id = '{$memberId}' ) "; $read_count++; if ($read_count >= 500) { $all_read_conditions[] = $read_conditions; $read_count = 0; $read_conditions = array(); } } } } $all_read_conditions[] = $read_conditions; $all_del_conditions[] = $delete_conditions; // DELETE THE AFFECTED OBJECTS FROM SHARING TABLE foreach ($all_del_conditions as $delete_conditions) { if (!is_array($delete_conditions) || count($delete_conditions) == 0) { continue; } /* // check if the permission group still can view any of the affected objects (if they are classified in another dimension member) $del_objs = DB::executeAll("SELECT object_id, o.object_type_id $from WHERE ".implode(' OR ' , $delete_conditions )); $del_objs_can_read = array(); foreach ($del_objs as $do_row) { $do = $do_row['object_id']; $ot_id = $do_row['object_type_id']; $mems = ObjectMembers::instance()->getMembersByObject($object_id); if (can_access_pgids(array($group), $mems, $ot_id, ACCESS_LEVEL_READ)) { $del_objs_can_read[] = $do; } } // objects that were included to be deleted but still can be read $not_to_del_objs_cond = ""; if (count($del_objs_can_read) > 0) { $not_to_del_objs_cond = " AND object_id NOT IN (".implode(',',$del_objs_can_read).")"; }*/ // delete registers only for objects that cannot be read anymore for this permission group $oids = DB::executeAll("SELECT object_id {$from} WHERE " . implode(' OR ', $delete_conditions) . ""); if (is_array($oids) && count($oids) > 0) { $oids = array_flat($oids); $stManager->delete("object_id IN (" . implode(',', $oids) . ") AND group_id = '{$group}'"); } } // 2.0 POPULATE THE SHARING TABLE AGAIN WITH THE READ-PERMISSIONS (If there are) // 2.1 Check mandatory dimensions, if an objects belongs to a member in a mandatory dimension then the permission group must have permissions in the member, // if user doesn't have permissions ther, then the user cannot read the object, no matter what other permissions are active $enabled_dimensions_sql = ""; $enabled_dimensions_ids = implode(',', config_option('enabled_dimensions')); if ($enabled_dimensions_ids != "") { $enabled_dimensions_sql = "AND id IN ({$enabled_dimensions_ids})"; } $mandatory_dim_ids = Dimensions::findAll(array('id' => true, 'conditions' => "`defines_permissions`=1 {$enabled_dimensions_sql} AND `permission_query_method`='" . DIMENSION_PERMISSION_QUERY_METHOD_MANDATORY . "'")); $mdim_conds = ""; if (count($mandatory_dim_ids) > 0) { foreach ($mandatory_dim_ids as $md_id) { $mdim_conds .= "\r\n\t\t\t\tAND IF (\r\n\t\t\t\t\t(SELECT count(om1.object_id) FROM " . TABLE_PREFIX . "object_members om1 INNER JOIN " . TABLE_PREFIX . "members m1 ON m1.id=om1.member_id \r\n\t\t\t\t\tWHERE om1.object_id=o.id AND om1.is_optimization=0 AND m1.dimension_id={$md_id})=0, \r\n\t\t\t\t\t\ttrue, \r\n\t\t\t\t\t\tEXISTS (SELECT cmp.permission_group_id FROM " . TABLE_PREFIX . "contact_member_permissions cmp WHERE cmp.permission_group_id={$group} AND cmp.object_type_id=o.object_type_id\r\n\t\t\t\t\t\t\tAND cmp.member_id IN (\r\n\t\t\t\t\t\t\t\tSELECT om2.member_id FROM " . TABLE_PREFIX . "object_members om2 WHERE om2.object_id=o.id AND om2.is_optimization=0 AND om2.member_id IN (\r\n\t\t\t\t\t\t\t\t\tSELECT m2.id FROM " . TABLE_PREFIX . "members m2 WHERE m2.dimension_id={$md_id}\r\n\t\t\t\t\t\t\t\t)\r\n\t\t\t\t\t\t\t)\r\n\t\t\t\t\t\t)\r\n\t\t\t\t)"; } } // 2.2 Select objects that have read permissions for this permission group foreach ($all_read_conditions as $read_conditions) { if (isset($read_conditions) && count($read_conditions)) { $st_new_rows = "\r\n\t\t\t\t\tSELECT {$group} AS group_id, object_id {$from}\r\n\t\t\t\t\tWHERE om.is_optimization=0 AND (" . implode(' OR ', $read_conditions) . ") {$mdim_conds}"; $st_insert_sql = "INSERT INTO " . TABLE_PREFIX . "sharing_table(group_id, object_id) {$st_new_rows} ON DUPLICATE KEY UPDATE " . TABLE_PREFIX . "sharing_table.group_id=" . TABLE_PREFIX . "sharing_table.group_id;"; DB::execute($st_insert_sql); } } if ($die) { die; } }
/** * Finish the installation - create owner company and administrator * * @param void * @return null */ function complete_installation() { if (Contacts::getOwnerCompany() instanceof Contact) { die('Owner company already exists'); // Somebody is trying to access this method even if the user already exists } // if $form_data = array_var($_POST, 'form'); tpl_assign('form_data', $form_data); if (array_var($form_data, 'submited') == 'submited') { try { $admin_password = trim(array_var($form_data, 'admin_password')); $admin_password_a = trim(array_var($form_data, 'admin_password_a')); if (trim($admin_password) == '') { throw new Error(lang('password value required')); } // if if ($admin_password != $admin_password_a) { throw new Error(lang('passwords dont match')); } // if DB::beginWork(); Contacts::delete(); // clear users table // Create a company $company = new Contact(); $company->setFirstName(array_var($form_data, 'company_name')); $company->setObjectName(); $company->setIsCompany(true); $company->save(); // Init default colors set_config_option('brand_colors_head_back', "424242"); set_config_option('brand_colors_tabs_back', "e7e7e7"); set_config_option('brand_colors_head_font', "FFFFFF"); set_config_option('brand_colors_tabs_font', "333333"); // Create the administrator user $administrator = new Contact(); $pergroup = PermissionGroups::findOne(array('conditions' => "`name`='Super Administrator'")); $administrator->setUserType($pergroup->getId()); $administrator->setCompanyId($company->getId()); $administrator->setUsername(array_var($form_data, 'admin_username')); $administrator->setPassword($admin_password); $administrator->setFirstname(array_var($form_data, 'admin_username')); $administrator->setObjectName(); $administrator->save(); $user_password = new ContactPassword(); $user_password->setContactId($administrator->getId()); $user_password->password_temp = $admin_password; $user_password->setPasswordDate(DateTimeValueLib::now()); $user_password->setPassword(cp_encrypt($admin_password, $user_password->getPasswordDate()->getTimestamp())); $user_password->save(); //Add email after save because is needed. $administrator->addEmail(array_var($form_data, 'admin_email'), 'personal', true); //permissions $permission_group = new PermissionGroup(); $permission_group->setName('Account Owner'); $permission_group->setContactId($administrator->getId()); $permission_group->setIsContext(false); $permission_group->setType("permission_groups"); $permission_group->save(); $administrator->setPermissionGroupId($permission_group->getId()); $administrator->save(); $company->setCreatedById($administrator->getId()); $company->setUpdatedById($administrator->getId()); $company->save(); $contact_pg = new ContactPermissionGroup(); $contact_pg->setContactId($administrator->getId()); $contact_pg->setPermissionGroupId($permission_group->getId()); $contact_pg->save(); // tab panel permissions $panels = TabPanels::getEnabled(); foreach ($panels as $panel) { $tpp = new TabPanelPermission(); $tpp->setPermissionGroupId($administrator->getPermissionGroupId()); $tpp->setTabPanelId($panel->getId()); $tpp->save(); } // dimension permissions $dimensions = Dimensions::findAll(); foreach ($dimensions as $dimension) { if ($dimension->getDefinesPermissions()) { $cdp = ContactDimensionPermissions::findOne(array("conditions" => "`permission_group_id` = " . $administrator->getPermissionGroupId() . " AND `dimension_id` = " . $dimension->getId())); if (!$cdp instanceof ContactDimensionPermission) { $cdp = new ContactDimensionPermission(); $cdp->setPermissionGroupId($administrator->getPermissionGroupId()); $cdp->setContactDimensionId($dimension->getId()); } $cdp->setPermissionType('allow all'); $cdp->save(); // contact member permisssion entries $members = $dimension->getAllMembers(); foreach ($members as $member) { $ots = DimensionObjectTypeContents::getContentObjectTypeIds($dimension->getId(), $member->getObjectTypeId()); $ots[] = $member->getObjectId(); foreach ($ots as $ot) { $cmp = ContactMemberPermissions::findOne(); if (!$cmp instanceof ContactMemberPermission) { $cmp = new ContactMemberPermission(array("conditions" => "`permission_group_id` = " . $administrator->getPermissionGroupId() . " AND `member_id` = " . $member->getId() . " AND `object_type_id` = {$ot}")); $cmp->setPermissionGroupId($administrator->getPermissionGroupId()); $cmp->setMemberId($member->getId()); $cmp->setObjectTypeId($ot); } $cmp->setCanWrite(1); $cmp->setCanDelete(1); $cmp->save(); } } } } // system permissions $sp = new SystemPermission(); $sp->setPermissionGroupId($administrator->getPermissionGroupId()); $sp->setAllPermissions(true); $sp->save(); // root permissions DB::executeAll("\r\n\t\t\t\tINSERT INTO " . TABLE_PREFIX . "contact_member_permissions (permission_group_id, member_id, object_type_id, can_delete, can_write)\r\n\t\t\t\t SELECT " . $administrator->getPermissionGroupId() . ", 0, rtp.object_type_id, rtp.can_delete, rtp.can_write FROM " . TABLE_PREFIX . "role_object_type_permissions rtp \r\n\t\t\t\t WHERE rtp.object_type_id NOT IN (SELECT id FROM " . TABLE_PREFIX . "object_types WHERE name IN ('mail','template','file_revision')) AND rtp.role_id in (\r\n\t\t\t\t SELECT pg.id FROM " . TABLE_PREFIX . "permission_groups pg WHERE pg.type='roles' AND pg.name IN ('Super Administrator','Administrator','Manager','Executive')\r\n\t\t\t\t )\r\n\t\t\t\tON DUPLICATE KEY UPDATE member_id=0;"); Hook::fire('after_user_add', $administrator, $null); DB::commit(); $this->redirectTo('access', 'login'); } catch (Exception $e) { tpl_assign('error', $e); DB::rollback(); } // try } // if }
function save_permissions($pg_id, $is_guest = false) { $sys_permissions_data = array_var($_POST, 'sys_perm'); $changed_members = array(); //module permissions $mod_permissions_data = array_var($_POST, 'mod_perm'); TabPanelPermissions::clearByPermissionGroup($pg_id); if (!is_null($mod_permissions_data) && is_array($mod_permissions_data)) { foreach ($mod_permissions_data as $tab_id => $val) { $tpp = new TabPanelPermission(); $tpp->setPermissionGroupId($pg_id); $tpp->setTabPanelId($tab_id); $tpp->save(); } } //system permissions $system_permissions = SystemPermissions::findById($pg_id); if (!$system_permissions instanceof SystemPermission) { $system_permissions = new SystemPermission(); $system_permissions->setPermissionGroupId($pg_id); } $system_permissions->setAllPermissions(false); $other_permissions = array(); Hook::fire('add_user_permissions', $pg_id, $other_permissions); foreach ($other_permissions as $k => $v) { $system_permissions->setColumnValue($k, false); } $sys_permissions_data['can_task_assignee'] = !$is_guest; $system_permissions->setFromAttributes($sys_permissions_data); $system_permissions->save(); //member permissions $permissionsString = array_var($_POST, 'permissions'); if ($permissionsString && $permissionsString != '') { $permissions = json_decode($permissionsString); } if (isset($permissions) && !is_null($permissions) && is_array($permissions)) { $allowed_members_ids = array(); foreach ($permissions as $perm) { if (!isset($all_perm_deleted[$perm->m])) { $all_perm_deleted[$perm->m] = true; } $allowed_members_ids[$perm->m] = array(); $allowed_members_ids[$perm->m]['pg'] = $pg_id; $cmp = ContactMemberPermissions::findById(array('permission_group_id' => $pg_id, 'member_id' => $perm->m, 'object_type_id' => $perm->o)); if (!$cmp instanceof ContactMemberPermission) { $cmp = new ContactMemberPermission(); $cmp->setPermissionGroupId($pg_id); $cmp->setMemberId($perm->m); $cmp->setObjectTypeId($perm->o); } $cmp->setCanWrite($is_guest ? false : $perm->w); $cmp->setCanDelete($is_guest ? false : $perm->d); if ($perm->r) { if (isset($allowed_members_ids[$perm->m]['w'])) { if ($allowed_members_ids[$perm->m]['w'] != 1) { $allowed_members_ids[$perm->m]['w'] = $is_guest ? false : $perm->w; } } else { $allowed_members_ids[$perm->m]['w'] = $is_guest ? false : $perm->w; } if (isset($allowed_members_ids[$perm->m]['d'])) { if ($allowed_members_ids[$perm->m]['d'] != 1) { $allowed_members_ids[$perm->m]['d'] = $is_guest ? false : $perm->d; } } else { $allowed_members_ids[$perm->m]['d'] = $is_guest ? false : $perm->d; } $cmp->save(); $all_perm_deleted[$perm->m] = false; } else { $cmp->delete(); } $changed_members[] = $perm->m; } $sharingTablecontroller = new SharingTableController(); $sharingTablecontroller->afterPermissionChanged($pg_id, $permissions); foreach ($allowed_members_ids as $key => $mids) { $mbm = Members::findById($key); $root_cmp = ContactMemberPermissions::findById(array('permission_group_id' => $mids['pg'], 'member_id' => $key, 'object_type_id' => $mbm->getObjectTypeId())); if (!$root_cmp instanceof ContactMemberPermission) { $root_cmp = new ContactMemberPermission(); $root_cmp->setPermissionGroupId($mids['pg']); $root_cmp->setMemberId($key); $root_cmp->setObjectTypeId($mbm->getObjectTypeId()); } $root_cmp->setCanWrite($mids['w']); $root_cmp->setCanDelete($mids['d']); $root_cmp->save(); } foreach ($all_perm_deleted as $mid => $pd) { if ($pd) { ContactMemberPermissions::instance()->delete("`permission_group_id` = {$pg_id} AND `member_id` = {$mid}"); } } } // set all permissiions to read_only if ($is_guest) { $all_saved_permissions = ContactMemberPermissions::findAll(array("conditions" => "`permission_group_id` = {$pg_id}")); foreach ($all_saved_permissions as $sp) { /* @var $sp ContactMemberPermission */ if ($sp->getCanDelete() || $sp->getCanWrite()) { $sp->setCanDelete(false); $sp->setCanWrite(false); $sp->save(); } } $cdps = ContactDimensionPermissions::findAll(array("conditions" => "`permission_type` = 'allow all'")); foreach ($cdps as $cdp) { $cdp->setPermissionType('check'); $cdp->save(); } } // check the status of the changed dimensions to set 'allow_all', 'deny_all' or 'check' $dimensions = Dimensions::findAll(array("conditions" => array("`id` IN (SELECT DISTINCT `dimension_id` FROM " . Members::instance()->getTableName(true) . " WHERE `id` IN (?))", $changed_members))); foreach ($dimensions as $dimension) { $mem_ids = $dimension->getAllMembers(true); if (count($mem_ids) == 0) { $mem_ids[] = 0; } $count = ContactMemberPermissions::count(array('conditions' => "`permission_group_id`={$pg_id} AND `member_id` IN (" . implode(",", $mem_ids) . ") AND `can_delete` = 0")); if ($count > 0) { $dimension->setContactDimensionPermission($pg_id, 'check'); } else { $count = ContactMemberPermissions::count(array('conditions' => "`permission_group_id`={$pg_id} AND `member_id` IN (" . implode(",", $mem_ids) . ")")); if ($count == 0) { $dimension->setContactDimensionPermission($pg_id, 'deny all'); } else { $allow_all = true; $dim_obj_types = $dimension->getAllowedObjectTypeContents(); $members = Members::findAll("`id` IN (" . implode(",", $mem_ids) . ")"); foreach ($dim_obj_types as $dim_obj_type) { $mem_ids_for_ot = array(); foreach ($members as $member) { if ($dim_obj_type->getDimensionObjectTypeId() == $member->getObjectTypeId()) { $mem_ids_for_ot[] = $member->getId(); } } if (count($mem_ids_for_ot) == 0) { $mem_ids_for_ot[] = 0; } $count = ContactMemberPermissions::count(array('conditions' => "`permission_group_id`={$pg_id} AND \n\t\t\t\t\t\t`object_type_id` = " . $dim_obj_type->getContentObjectTypeId() . " AND `can_delete` = 1 AND `member_id` IN (" . implode(",", $mem_ids_for_ot) . ")")); if ($count != count($mem_ids_for_ot)) { $allow_all = false; break; } } if ($allow_all) { $dimension->setContactDimensionPermission($pg_id, 'allow all'); } else { $dimension->setContactDimensionPermission($pg_id, 'check'); } } } } }
function add_to_members($object, $member_ids, $user = null, $check_allowed_members = true) { if (!$user instanceof Contact) { $user = logged_user(); } if ($user->isGuest()) { flash_error(lang('no access permissions')); ajx_current("empty"); return; } if (isset($_POST['trees_not_loaded']) && $_POST['trees_not_loaded'] > 0) { return; } $required_dimension_ids = array(); $dimension_object_types = $object->getDimensionObjectTypes(); foreach ($dimension_object_types as $dot) { if ($dot->getIsRequired()) { $required_dimension_ids[] = $dot->getDimensionId(); } } $required_dimensions = Dimensions::findAll(array("conditions" => "id IN (" . implode(",", $required_dimension_ids) . ")")); // If not entered members if (!count($member_ids) > 0) { $throw_error = true; if (Plugins::instance()->isActivePlugin('core_dimensions')) { $personal_member = Members::findById($user->getPersonalMemberId()); if ($personal_member instanceof Member) { $member_ids[] = $user->getPersonalMemberId(); } } } if (count($member_ids) > 0) { $enteredMembers = Members::findAll(array('conditions' => 'id IN (' . implode(",", $member_ids) . ')')); } else { $enteredMembers = array(); } $object->removeFromMembers($user, $enteredMembers); /* @var $object ContentDataObject */ $validMembers = $check_allowed_members ? $object->getAllowedMembersToAdd($user, $enteredMembers) : $enteredMembers; foreach ($required_dimensions as $rdim) { $exists = false; foreach ($validMembers as $m) { if ($m->getDimensionId() == $rdim->getId()) { $exists = true; break; } } if (!$exists) { throw new Exception(lang('must choose at least one member of', $rdim->getName())); } } $object->addToMembers($validMembers); Hook::fire('after_add_to_members', $object, $null); $object->addToSharingTable(); return $validMembers; }
/** * Finish the installation - create owner company and administrator * * @param void * @return null */ function complete_installation() { if(Contacts::getOwnerCompany() instanceof Contact) { die('Owner company already exists'); // Somebody is trying to access this method even if the user already exists } // if $form_data = array_var($_POST, 'form'); tpl_assign('form_data', $form_data); if(array_var($form_data, 'submited') == 'submited') { try { $admin_password = trim(array_var($form_data, 'admin_password')); $admin_password_a = trim(array_var($form_data, 'admin_password_a')); if(trim($admin_password) == '') { throw new Error(lang('password value required')); } // if if($admin_password <> $admin_password_a) { throw new Error(lang('passwords dont match')); } // if DB::beginWork(); Contacts::delete(); // clear users table // Create a company $company = new Contact(); $company->setFirstName(array_var($form_data, 'company_name')); $company->setObjectName(); $company->setIsCompany(true); $company->save(); // Init default colors set_config_option('brand_colors_head_back', "000000"); set_config_option('brand_colors_tabs_back', "14780e"); set_config_option('brand_colors_head_font', "ffffff"); set_config_option('brand_colors_tabs_font', "ffffff"); // Create the administrator user $administrator = new Contact(); $pergroup = PermissionGroups::findOne(array('conditions'=>"`name`='Super Administrator'")); $administrator->setUserType($pergroup->getId()); $administrator->setCompanyId($company->getId()); $administrator->setUsername(array_var($form_data, 'admin_username')); $administrator->setPassword($admin_password); $administrator->setFirstname(array_var($form_data, 'admin_username')); $administrator->setObjectName(); $administrator->save(); $user_password = new ContactPassword(); $user_password->setContactId($administrator->getId()); $user_password->password_temp = $admin_password; $user_password->setPasswordDate(DateTimeValueLib::now()); $user_password->setPassword(cp_encrypt($admin_password, $user_password->getPasswordDate()->getTimestamp())); $user_password->save(); //Add email after save because is needed. $administrator->addEmail(array_var($form_data, 'admin_email'), 'personal', true); //permissions $permission_group = new PermissionGroup(); $permission_group->setName('Account Owner'); $permission_group->setContactId($administrator->getId()); $permission_group->setIsContext(false); $permission_group->setType("permission_groups"); $permission_group->save(); $administrator->setPermissionGroupId($permission_group->getId()); $administrator->save(); $company->setCreatedById($administrator->getId()); $company->setUpdatedById($administrator->getId()); $company->save(); $contact_pg = new ContactPermissionGroup(); $contact_pg->setContactId($administrator->getId()); $contact_pg->setPermissionGroupId($permission_group->getId()); $contact_pg->save(); // tab panel permissions $panels = TabPanels::getEnabled(); foreach ($panels as $panel) { $tpp = new TabPanelPermission(); $tpp->setPermissionGroupId($administrator->getPermissionGroupId()); $tpp->setTabPanelId($panel->getId()); $tpp->save(); } // dimension permissions $dimensions = Dimensions::findAll(); foreach ($dimensions as $dimension) { if ($dimension->getDefinesPermissions()) { $cdp = ContactDimensionPermissions::findOne(array("conditions" => "`permission_group_id` = ".$administrator->getPermissionGroupId()." AND `dimension_id` = ".$dimension->getId())); if (!$cdp instanceof ContactDimensionPermission) { $cdp = new ContactDimensionPermission(); $cdp->setPermissionGroupId($administrator->getPermissionGroupId()); $cdp->setContactDimensionId($dimension->getId()); } $cdp->setPermissionType('allow all'); $cdp->save(); // contact member permisssion entries $members = $dimension->getAllMembers(); foreach ($members as $member) { $ots = DimensionObjectTypeContents::getContentObjectTypeIds($dimension->getId(), $member->getObjectTypeId()); $ots[]=$member->getObjectId(); foreach ($ots as $ot) { $cmp = ContactMemberPermissions::findOne(); if (!$cmp instanceof ContactMemberPermission) { $cmp = new ContactMemberPermission(array("conditions" => "`permission_group_id` = ".$administrator->getPermissionGroupId()." AND `member_id` = ".$member->getId()." AND `object_type_id` = $ot")); $cmp->setPermissionGroupId($administrator->getPermissionGroupId()); $cmp->setMemberId($member->getId()); $cmp->setObjectTypeId($ot); } $cmp->setCanWrite(1); $cmp->setCanDelete(1); $cmp->save(); } } } } // system permissions $sp = new SystemPermission(); $sp->setPermissionGroupId($administrator->getPermissionGroupId()); $sp->setAllPermissions(true); $sp->save(); Hook::fire('after_user_add', $administrator, $null); DB::commit(); $this->redirectTo('access', 'login'); } catch(Exception $e) { tpl_assign('error', $e); DB::rollback(); } // try } // if } // complete_installation
function core_dimensions_update_11_12() { // normaize dimension options $dimensions = Dimensions::findAll(); foreach ($dimensions as $dimension) { /* @var $dimension Dimension */ $options_json = $dimension->getOptions(); $options = json_decode($options_json, true); foreach ($options as $key => $value) { if (in_array($key, array('defaultAjax', 'quickAdd'))) { // skip defaultAjax and quickAdd continue; } $sql = "INSERT INTO " . TABLE_PREFIX . "dimension_options (`dimension_id`, `name`, `value`) \r\n\t\t\t\t\tVALUES (" . $dimension->getId() . ",'{$key}','{$value}') \r\n\t\t\t\t\tON DUPLICATE KEY UPDATE `value`='{$value}'"; DB::execute($sql); } } }
function get_user_dimensions_ids(){ //All dimensions $all_dimensions = Dimensions::findAll(); $dimensions_to_show = array(); foreach ($all_dimensions as $dim){ if (!$dim->getDefinesPermissions()){ $dimensions_to_show [$dim->getId()] = $dim->getId(); } else{ $contact_pg_ids = ContactPermissionGroups::getPermissionGroupIdsByContactCSV(logged_user()->getId(),false); /*if dimension does not deny everything for each contact's PG, show it*/ if (!$dim->deniesAllForContact($contact_pg_ids)){ $dimensions_to_show [$dim->getId()] = $dim->getId(); } } } return $dimensions_to_show; }
static function addObjToSharingTable($oid, $tid, $obj_mem_ids) { $gids = array(); $table_prefix = defined('FORCED_TABLE_PREFIX') && FORCED_TABLE_PREFIX ? FORCED_TABLE_PREFIX : TABLE_PREFIX; //1. clear sharing table for this object SharingTables::delete("object_id={$oid}"); //2. get dimensions of this object's members that defines permissions $res = DB::execute("SELECT d.id as did FROM " . $table_prefix . "dimensions d INNER JOIN " . $table_prefix . "members m on m.dimension_id=d.id\r\n\t\t\t\tWHERE m.id IN ( SELECT member_id FROM " . $table_prefix . "object_members WHERE object_id = {$oid} AND is_optimization = 0 ) AND d.defines_permissions = 1"); $dids_tmp = array(); while ($row = $res->fetchRow()) { $dids_tmp[$row['did']] = $row['did']; } $res->free(); $dids = array_values($dids_tmp); $dids_tmp = null; $sql_from = "" . $table_prefix . "contact_member_permissions cmp\r\n\t\tLEFT JOIN " . $table_prefix . "members m ON m.id = cmp.member_id\r\n\t\tLEFT JOIN " . $table_prefix . "dimensions d ON d.id = m.dimension_id"; $member_where_conditions = ""; $dim_where_conditions = ""; // if users can add objects without classifying then check for permissions with member_id=0 if (config_option('let_users_create_objects_in_root')) { $member_where_conditions = "member_id=0 OR "; $dim_where_conditions = " OR d.id IS NULL"; } $sql_where = "({$member_where_conditions} member_id IN ( SELECT member_id FROM " . $table_prefix . "object_members WHERE object_id = {$oid} AND is_optimization = 0)) AND cmp.object_type_id = {$tid}"; //3. If there are dimensions that defines permissions containing any of the object members if (count($dids)) { // 3.1 get permission groups with permissions over the object. $sql_fields = "permission_group_id AS group_id"; $sql = "\r\n\t\t\t\tSELECT\r\n\t\t\t\t{$sql_fields}\r\n\t\t\t\tFROM\r\n\t\t\t\t{$sql_from}\r\n\t\t\t\tWHERE\r\n\t\t\t\t{$sql_where} AND (d.id IN (" . implode(',', $dids) . ") {$dim_where_conditions})\r\n\t\t\t"; $res = DB::execute($sql); $gids_tmp = array(); while ($row = $res->fetchRow()) { $gids_tmp[$row['group_id']] = $row['group_id']; } $res->free(); // allow all permission groups $allow_all_rows = DB::executeAll("SELECT DISTINCT permission_group_id FROM " . $table_prefix . "contact_dimension_permissions cdp\r\n\t\t\t\t\tINNER JOIN " . $table_prefix . "members m on m.dimension_id=cdp.dimension_id\r\n\t\t\t\t\tWHERE cdp.permission_type='allow all' AND cdp.dimension_id IN (" . implode(',', $dids) . ");"); if (is_array($allow_all_rows)) { foreach ($allow_all_rows as $row) { $gids_tmp[$row['permission_group_id']] = $row['permission_group_id']; } } $gids = array_values($gids_tmp); $gids_tmp = null; // check for mandatory dimensions $enabled_dimensions_sql = ""; $enabled_dimensions_ids = implode(',', config_option('enabled_dimensions')); if ($enabled_dimensions_ids != "") { $enabled_dimensions_sql = "AND id IN ({$enabled_dimensions_ids})"; } $mandatory_dim_ids = Dimensions::findAll(array('id' => true, 'conditions' => "`defines_permissions`=1 {$enabled_dimensions_sql} AND `permission_query_method`='" . DIMENSION_PERMISSION_QUERY_METHOD_MANDATORY . "'")); if (count($gids) > 0 && count($mandatory_dim_ids) > 0) { $sql = "SELECT om.member_id, m.dimension_id FROM " . $table_prefix . "object_members om\r\n\t\t\t\t\tINNER JOIN " . $table_prefix . "members m ON m.id=om.member_id INNER JOIN " . $table_prefix . "dimensions d ON d.id=m.dimension_id\r\n\t\t\t\t\tWHERE om.object_id = {$oid} AND om.is_optimization = 0 AND d.id IN (" . implode(",", $mandatory_dim_ids) . ")"; // Object members in mandatory dimensions $object_member_ids_res = DB::executeAll($sql); $mandatory_dim_members = array(); if (!is_null($object_member_ids_res)) { foreach ($object_member_ids_res as $row) { if (!isset($mandatory_dim_members[$row['dimension_id']])) { $mandatory_dim_members[$row['dimension_id']] = array(); } $mandatory_dim_members[$row['dimension_id']][] = $row['member_id']; } $mandatory_dim_allowed_pgs = array(); // Check foreach group that it has permissions over at least one member of each mandatory dimension foreach ($mandatory_dim_members as $mdim_id => $mmember_ids) { $sql = "SELECT pg.id FROM " . $table_prefix . "permission_groups pg\r\n\t\t\t\t\t\t\tINNER JOIN " . $table_prefix . "contact_dimension_permissions cdp ON cdp.permission_group_id=pg.id\r\n\t\t\t\t\t\t\tINNER JOIN " . $table_prefix . "contact_member_permissions cmp ON cmp.permission_group_id=pg.id\r\n\t\t\t\t\t\t\tWHERE cdp.dimension_id = '{$mdim_id}' AND (\r\n\t\t\t\t\t\t\tcdp.permission_type='allow all' OR cdp.permission_type='check' AND cmp.permission_group_id IN (" . implode(',', $gids) . ")\r\n\t\t\t\t\t\t\tAND cmp.member_id IN (" . implode(',', $mmember_ids) . ")\r\n\t\t\t\t\t\t)"; $permission_groups_res = DB::executeAll($sql); $mandatory_dim_allowed_pgs[$mdim_id] = array(); if (!is_null($permission_groups_res)) { foreach ($permission_groups_res as $row) { if (!in_array($row['id'], $mandatory_dim_allowed_pgs[$mdim_id])) { $mandatory_dim_allowed_pgs[$mdim_id][] = $row['id']; } } } } if (isset($mandatory_dim_allowed_pgs) && count($mandatory_dim_allowed_pgs) > 0) { $original_mandatory_dim_allowed_pgs = $mandatory_dim_allowed_pgs; $allowed_gids = array_pop($mandatory_dim_allowed_pgs); foreach ($mandatory_dim_allowed_pgs as $pg_array) { $allowed_gids = array_intersect($allowed_gids, $pg_array); } // If an user has permissions in one dim using a group and in other dim using his personal permissions then add to sharing table its personal permission group $pg_ids = array_unique(array_flat($original_mandatory_dim_allowed_pgs)); if (count($pg_ids) == 0) { $pg_ids[0] = 0; } $contact_pgs = array(); $contact_pg_rows = DB::executeAll("SELECT * FROM " . TABLE_PREFIX . "contact_permission_groups WHERE permission_group_id IN (" . implode(',', $pg_ids) . ") ORDER BY permission_group_id"); if (is_array($contact_pg_rows)) { foreach ($contact_pg_rows as $cpgr) { if (!isset($contact_pgs[$cpgr['contact_id']])) { $contact_pgs[$cpgr['contact_id']] = array(); } $contact_pgs[$cpgr['contact_id']][] = $cpgr['permission_group_id']; } } // each user must have at least one pg for every dimension foreach ($contact_pgs as $contact_id => $permission_groups) { $has_one = array_flip(array_keys($original_mandatory_dim_allowed_pgs)); foreach ($has_one as $k => &$v) { $v = false; } foreach ($permission_groups as $pg_id) { foreach ($original_mandatory_dim_allowed_pgs as $dim_id => $allowedpgs) { if (in_array($pg_id, $allowedpgs)) { $has_one[$dim_id] = true; break; } } } // all dims must be true in this array to allow permissions $has_permission = !in_array(false, $has_one); if ($has_permission) { $contact_row = DB::executeOne("SELECT permission_group_id FROM " . TABLE_PREFIX . "contacts where object_id = {$contact_id}"); if (is_array($contact_row) && $contact_row['permission_group_id'] > 0) { $allowed_gids[] = $contact_row['permission_group_id']; } } } $gids = array_unique($allowed_gids, SORT_NUMERIC); } else { $gids = array(); } } } } else { if ($obj_mem_ids) { // 3.2 No memeber dimensions defines permissions. // No esta en ninguna dimension que defina permisos, El objecto esta en algun lado // => En todas las dimensiones en la que está no definen permisos => Busco todos los grupos $gids = PermissionGroups::instance()->findAll(array('id' => true, 'conditions' => "type != 'roles'")); } else { // if this object is an email and it is unclassified => add to sharing table the permission groups of the users that have permissions in the email's account if (Plugins::instance()->isActivePlugin('mail')) { $mail_ot = ObjectTypes::instance()->findByName('mail'); if ($mail_ot instanceof ObjectType && $tid == $mail_ot->getId()) { $gids = array_flat(DB::executeAll("\r\n\t\t\t\t\t\t\tSELECT cpg.permission_group_id\r\n\t\t\t\t\t\t\tFROM " . TABLE_PREFIX . "contact_permission_groups cpg\r\n\t\t\t\t\t\t\tINNER JOIN " . TABLE_PREFIX . "contacts c ON c.permission_group_id=cpg.permission_group_id\r\n\t\t\t\t\t\t\tWHERE cpg.contact_id IN (\r\n\t\t\t\t\t\t\t SELECT mac.contact_id FROM " . TABLE_PREFIX . "mail_account_contacts mac WHERE mac.account_id = (SELECT mc.account_id FROM " . TABLE_PREFIX . "mail_contents mc WHERE mc.object_id={$oid})\r\n\t\t\t\t\t\t\t);\r\n\t\t\t\t\t\t")); } } } } if (count($gids)) { $stManager = SharingTables::instance(); $stManager->populateGroups($gids, $oid); $gids = null; } }
<div class="clear"></div> </div> <?php //} ?> <?php if (!$renderContext) { ?> <div id="<?php echo $genid; ?> add_contact_select_context_div" class="dataBlock"><?php $skipped_dimensions = array(); $dims_with_perm = Dimensions::findAll(array('conditions' => 'defines_permissions=1')); foreach ($dims_with_perm as $dim_with_perm) { $skipped_dimensions[] = $dim_with_perm->getId(); } $listeners = array('on_selection_change' => ''); $contact_obj = isset($object) && $object instanceof Contact ? $object : $contact; if ($contact->isNew()) { render_member_selectors($contact_obj->manager()->getObjectTypeId(), $genid, null, array('select_current_context' => true, 'listeners' => $listeners, 'hidden_field_name' => 'no_perm_members'), $skipped_dimensions, null, false); } else { render_member_selectors($contact_obj->manager()->getObjectTypeId(), $genid, $contact_obj->getMemberIds(), array('listeners' => $listeners, 'hidden_field_name' => 'no_perm_members'), $skipped_dimensions, null, false); } ?> </div> <?php } ?>
function get_dimensions_for_restrictions() { if (!can_manage_dimension_members(logged_user())) { flash_error(lang('no access permissions')); ajx_current("empty"); return; } $dim_id = get_id(); $obj_type = get_id('otype'); $restricted_dim_defs = DimensionMemberRestrictionDefinitions::findAll(array("conditions" => array("`dimension_id` = ? AND `object_type_id` = ?", $dim_id, $obj_type))); $restricted_ids_csv = ""; $orderable_dimensions_otypes = array(); foreach ($restricted_dim_defs as $def) { $restricted_ids_csv .= ($restricted_ids_csv == "" ? "" : ",") . $def->getRestrictedDimensionId(); if ($def->getIsOrderable()) { $orderable_dimensions_otypes[] = $def->getRestrictedDimensionId() . "_" . $def->getRestrictedObjectTypeId(); } } if ($restricted_ids_csv == "") { $restricted_ids_csv = "0"; } $dimensions = Dimensions::findAll(array("conditions" => array("`id` <> ? AND `id` IN ({$restricted_ids_csv})", $dim_id))); $childs_info = array(); $members = array(); foreach ($dimensions as $dim) { $root_members = Members::findAll(array('conditions' => array('`dimension_id`=? AND `parent_member_id`=0', $dim->getId()), 'order' => '`name` ASC')); foreach ($root_members as $mem) { $members[$dim->getId()][] = $mem; $members[$dim->getId()] = array_merge($members[$dim->getId()], $mem->getAllChildrenSorted()); } //generate child array info foreach ($members[$dim->getId()] as $pmember) { $childs_info[] = array("p" => $pmember->getID(), "ch" => $pmember->getAllChildrenIds(), "d" => $pmember->getDimensionId()); } } ajx_extra_data(array('childs' => $childs_info)); $orderable_members = array(); foreach ($members as $d => $dim_members) { foreach ($dim_members as $mem) { if (in_array($d . "_" . $mem->getObjectTypeId(), $orderable_dimensions_otypes)) { $orderable_members[] = $mem->getId(); } } } $member_id = get_id('mem_id'); if ($member_id > 0) { // actual restrictions $restrictions_info = array(); $restrictions = MemberRestrictions::findAll(array("conditions" => array("`member_id` = ?", $member_id))); foreach ($restrictions as $rest) { $restrictions_info[$rest->getRestrictedMemberId()] = $rest->getOrder(); } tpl_assign('restrictions', $restrictions_info); $actual_order_info = array(); $actual_order = array_keys($restrictions_info); foreach ($actual_order as $mem_id) { $break = false; foreach ($members as $d => $dim_members) { foreach ($dim_members as $member) { if ($member->getId() == $mem_id) { $actual_order_info[] = array('dim' => $d, 'mem' => $mem_id, 'parent' => $member->getParentMemberId()); $break = true; break; } } if ($break) { break; } } } ajx_extra_data(array('actual_order' => $actual_order_info)); } tpl_assign('genid', array_var($_GET, 'genid')); tpl_assign('members', $members); tpl_assign('dimensions', $dimensions); tpl_assign('orderable_dimensions_otypes', $orderable_dimensions_otypes); ajx_extra_data(array('ord_members' => $orderable_members)); $this->setTemplate('dim_restrictions'); }
/** * Add/edit Dimension Members * * @access public * @param void * @return null */ function edit_members() { if(!can_manage_dimension_members(logged_user())) { flash_error(lang('no access permissions')); ajx_current("empty"); return; } // if $dimensions = Dimensions::findAll(array('conditions' => '`is_manageable` = 1')); $members = array(); $logged_user_pgs = implode(',', logged_user()->getPermissionGroupIds()); foreach($dimensions as $dim) { $dimensions = Dimensions::findAll(array('conditions' => '`is_manageable` = 1')); $members = array(); foreach($dimensions as $dim) { //if ($dim->deniesAllForContact($logged_user_pgs)) continue; $allows_all = $dim->hasAllowAllForContact($logged_user_pgs); $root_members = Members::findAll(array('conditions' => array('`dimension_id`=? AND `parent_member_id`=0', $dim->getId()), 'order' => '`name` ASC')); foreach ($root_members as $mem) { if (!$allows_all) { if (!$mem->canBeReadByContact($logged_user_pgs, logged_user())) continue; } $members[$dim->getId()][] = $mem; $members[$dim->getId()] = array_merge($members[$dim->getId()], $mem->getAllChildrenSorted()); } } } tpl_assign('members', $members); tpl_assign('dimensions', $dimensions); }