/**
*
* @param Contact $user
* @param array $permissions
* @param ContactPermissionGroup $group
*/
function afterUserPermissionChanged($user, $permissions, $group = null)
{
//get members ids
$membersIds = array();
if (is_null($group)) {
//get all members affected from $permission
foreach ($permissions as $permission) {
$memberId = $permission->m;
if (!in_array($memberId, $membersIds)) {
$membersIds[] = $memberId;
}
}
} else {
// dimension
$dimensions = Dimensions::findAll();
$contact_pg_ids = $group->getId();
//get all allowed members for the group
$allowed_members = array();
foreach ($dimensions as $dimension) {
$member_list = array();
if ($dimension->getDefinesPermissions()) {
$member_list = DB::executeAll("SELECT * FROM " . TABLE_PREFIX . "members WHERE dimension_id = " . $dimension->getId() . " ORDER BY id");
}
foreach ($member_list as $dim_member) {
if (ContactMemberPermissions::instance()->contactCanAccessMemberAll($contact_pg_ids, $dim_member['id'], $user, ACCESS_LEVEL_READ, false)) {
$allowed_members[] = $dim_member['id'];
}
}
}
$membersIds = $allowed_members;
}
foreach ($membersIds as $member_id) {
ContactMemberCaches::updateContactMemberCache($user, $member_id);
}
}
/**
* @return Dimension
*/
static function findByCode($code) {
if (count(self::$dimensions_by_code) == 0) {
$dims = Dimensions::findAll();
foreach ($dims as $dim) self::$dimensions_by_code[$dim->getCode()] = $dim;
}
return array_var(self::$dimensions_by_code, $code);
}
function workspaces_custom_reports_additional_columns($args, &$ret)
{
$dimensions = Dimensions::findAll(array("conditions" => "code IN ('workspaces','tags')"));
foreach ($dimensions as $dimension) {
$doptions = $dimension->getOptions(true);
if ($doptions && isset($doptions->useLangs) && $doptions->useLangs) {
$name = lang($dimension->getCode());
} else {
$name = $dimension->getName();
}
$ret[] = array('id' => 'dim_' . $dimension->getId(), 'name' => $name, 'type' => DATA_TYPE_STRING);
}
}
function workspaces_custom_reports_additional_columns($args, &$ret)
{
$ot = array_var($args, 'object_type');
if ($ot instanceof ObjectType && in_array($ot->getType(), array('dimension_object', 'dimension_group'))) {
return;
}
$dimensions = Dimensions::findAll(array("conditions" => "code IN ('workspaces','tags')"));
foreach ($dimensions as $dimension) {
if (in_array($dimension->getId(), config_option('enabled_dimensions'))) {
$name = $dimension->getName();
$ret[] = array('id' => 'dim_' . $dimension->getId(), 'name' => $name, 'type' => DATA_TYPE_STRING);
}
}
}
function linked_object_filters() {
$genid = gen_id();
$html = "<div class='linked-objects-member-filters'>";
$context = active_context();
$dimensions = Dimensions::findAll(array('conditions' => 'is_manageable = 1'));
foreach ($dimensions as $dimension) {
$dimension_id = $dimension->getId();
$sel_name = "";
$sel_id = 0;
foreach ($context as $selection) {
if ($selection instanceof Member && $selection->getDimensionId() == $dimension_id) {
$sel_name = clean($selection->getName());
$sel_id = $selection->getId();
}
}
$html .= '<div class="lo-member-selector"><div class="selector-label">'.lang('filter by '.$dimension->getCode()).'</div>';
$autocomplete_options = array();
$dim_controller = new DimensionController();
$members = $dim_controller->initial_list_dimension_members($dimension_id, null, null, false, "", null, false, null, true, array());
foreach ($members as $m) {
$autocomplete_options[] = array($m['id'], $m['name'], $m['path'], $m['to_show'], $m['ico'], $m['dim']);
}
$combo_listeners = array(
"select" => "function (combo, record, index) { Ext.getCmp('dimFilter').fireEvent('memberselected', record.data); }",
);
$html .= autocomplete_member_combo("member_autocomplete-dim".$dimension_id, $dimension_id, $autocomplete_options,
lang($dimension->getCode()), array('class' => 'member-name-input', 'selected_name' => $sel_name), false, $genid .'add-member-input-dim'. $dimension_id, $combo_listeners);
$html .= "</div>";
if ($sel_id > 0) {
$html .= "<script>Ext.getCmp('obj_picker_grid').member_filter[$dimension_id] = $sel_id;</script>";
}
}
$html .= '<div class="buttons"><button onclick="Ext.getCmp(\'dimFilter\').fireEvent(\'clearfilters\', \''.$genid.'\');">'.lang('remove all filters').'</button></div>';
$html .= '</div>';
die($html);
}
<?php
$dimensions_info = array();
$dimensions = Dimensions::findAll();
foreach ($dimensions as $dimension) {
if (in_array($dimension->getCode(), array('feng_users', 'feng_persons'))) {
continue;
}
if (!isset($dimensions_info[$dimension->getName()])) {
$dimensions_info[$dimension->getName()] = array('id' => $dimension->getId(), 'members' => array());
}
}
$members = $object->getMembers();
foreach ($members as $member) {
/* @var $member Member */
$dimension = $member->getDimension();
if (in_array($dimension->getCode(), array('feng_users', 'feng_persons'))) {
continue;
}
if (!can_read(logged_user(), array($member), $object->getObjectTypeId())) {
continue;
}
if (!isset($dimensions_info[$dimension->getName()])) {
$dimensions_info[$dimension->getName()] = array('members' => array(), 'icon' => $member->getIconClass());
}
if (!isset($dimensions_info[$dimension->getName()]['icon'])) {
$dimensions_info[$dimension->getName()]['icon'] = $member->getIconClass();
}
$parents = array_reverse($member->getAllParentMembersInHierarchy(true));
foreach ($parents as $p) {
$dimensions_info[$dimension->getName()]['members'][$p->getId()] = array('p' => $p->getParentMemberId(), 'name' => $p->getName(), 'ot' => $p->getObjectTypeId(), 'color' => $p->getMemberColor());
function load_dimensions_info()
{
ajx_current("empty");
$dimensions = Dimensions::findAll();
$dim_names = array();
foreach ($dimensions as $dim) {
$dim_name = clean($dim->getName());
$dim_names[$dim->getId()] = array("name" => $dim_name);
}
ajx_extra_data(array("dim_names" => $dim_names));
}
function dimension_options()
{
if (!can_manage_dimensions(logged_user())) {
flash_error(lang('no access permissions'));
ajx_current("empty");
return;
}
$enabled_dimensions = config_option('enabled_dimensions');
// custom dimension name
$dimensions = Dimensions::findAll(array('conditions' => 'id IN (' . implode(',', $enabled_dimensions) . ')'));
$custom_dimension_names = array();
foreach ($dimensions as $dim) {
$cdim_name = $dim->getOptionValue('custom_dimension_name');
if (is_null($cdim_name)) {
$cdim_name = "";
}
$custom_dimension_names[$dim->getId()] = $cdim_name;
}
// enabled dimension object types
$dots = DimensionObjectTypes::findAll(array('conditions' => 'dimension_id IN (' . implode(',', $enabled_dimensions) . ')'));
tpl_assign('custom_dimension_names', $custom_dimension_names);
tpl_assign('dimension_ots', $dots);
}
/**
* Add/edit Dimension Members
*
* @access public
* @param void
* @return null
*/
function edit_members()
{
if (!can_manage_dimension_members(logged_user())) {
flash_error(lang('no access permissions'));
ajx_current("empty");
return;
}
// if
$dimensions = Dimensions::findAll(array('conditions' => '`is_manageable` = 1'));
$members = array();
foreach ($dimensions as $dim) {
$dimensions = Dimensions::findAll(array('conditions' => '`is_manageable` = 1'));
$members = array();
foreach ($dimensions as $dim) {
$root_members = Members::findAll(array('conditions' => array('`dimension_id`=? AND `parent_member_id`=0', $dim->getId()), 'order' => '`name` ASC'));
foreach ($root_members as $mem) {
$members[$dim->getId()][] = $mem;
$members[$dim->getId()] = array_merge($members[$dim->getId()], $mem->getAllChildrenSorted());
}
}
}
tpl_assign('members', $members);
tpl_assign('dimensions', $dimensions);
}
function add_to_members($object, $member_ids, $user = null, $check_allowed_members = true)
{
if (!$user instanceof Contact) {
$user = logged_user();
}
// clean member_ids
$tmp_mids = array();
foreach ($member_ids as $mid) {
if (!is_null($mid) && trim($mid) != "") {
$tmp_mids[] = $mid;
}
}
$member_ids = $tmp_mids;
if ($user->isGuest()) {
flash_error(lang('no access permissions'));
ajx_current("empty");
return;
}
if (isset($_POST['trees_not_loaded']) && $_POST['trees_not_loaded'] > 0) {
return;
}
$required_dimension_ids = array();
$dimension_object_types = $object->getDimensionObjectTypes();
foreach ($dimension_object_types as $dot) {
if ($dot->getIsRequired()) {
$required_dimension_ids[] = $dot->getDimensionId();
}
}
$required_dimensions = Dimensions::findAll(array("conditions" => "id IN (" . implode(",", $required_dimension_ids) . ") OR is_required=1"));
// If not entered members
/*if (count($member_ids) <= 0){
$throw_error = true;
if (Plugins::instance()->isActivePlugin('core_dimensions')) {
$personal_member = Members::findById($user->getPersonalMemberId());
if ($personal_member instanceof Member) {
$member_ids[] = $user->getPersonalMemberId();
}
}
}*/
if (count($member_ids) > 0) {
$enteredMembers = Members::findAll(array('conditions' => 'id IN (' . implode(",", $member_ids) . ')'));
} else {
$enteredMembers = array();
}
$manageable_members = array();
foreach ($enteredMembers as $ent_mem) {
if ($ent_mem->getDimension()->getIsManageable() && $ent_mem->getDimension()->getDefinesPermissions()) {
$manageable_members[] = $ent_mem;
}
}
if (!can_add($user, $check_allowed_members ? $object->getAllowedMembersToAdd($user, $manageable_members) : $manageable_members, $object->getObjectTypeId()) && !($object instanceof TemplateTask || $object instanceof TemplateMilestone || $object instanceof Contact && $object->isUser())) {
$dinfos = DB::executeAll("SELECT name, code, options FROM " . TABLE_PREFIX . "dimensions WHERE is_manageable = 1");
$dimension_names = array();
foreach ($dinfos as $dinfo) {
$dimension_names[] = json_decode($dinfo['options'])->useLangs ? lang($dinfo['code']) : $dinfo['name'];
}
throw new Exception(lang('must choose at least one member of', implode(', ', $dimension_names)));
ajx_current("empty");
return;
}
$removedMemebersIds = $object->removeFromMembers($user, $enteredMembers);
/* @var $object ContentDataObject */
$validMembers = $check_allowed_members ? $object->getAllowedMembersToAdd($user, $enteredMembers) : $enteredMembers;
foreach ($required_dimensions as $rdim) {
$exists = false;
foreach ($validMembers as $m) {
if ($m->getDimensionId() == $rdim->getId()) {
$exists = true;
break;
}
}
if (!$exists) {
throw new Exception(lang('must choose at least one member of', $rdim->getName()));
}
}
$object->addToMembers($validMembers, true);
Hook::fire('after_add_to_members', $object, $validMembers);
Hook::fire('after_remove_members_from_object', $object, $removedMemebersIds);
$object->addToSharingTable();
//add to the object instance the members only if members value of the object is not null
//because in that case when we ask for the members of the object we load them from db
if (!is_null($object->members)) {
$object->members = $validMembers;
}
return $validMembers;
}
if (config_option('let_users_create_objects_in_root') && ($user->isAdminGroup() || $user->isExecutive() || $user->isManager())) {
$all_object_types = ObjectTypes::instance()->findAll(array('conditions' => "type IN ('content_object', 'located') AND type NOT IN ('comment') AND name <> 'file revision' AND name <> 'template_task' AND name <> 'template_milestone' AND `name` <> 'template' AND\r\n\t\t\t\t\t(plugin_id IS NULL OR plugin_id = 0 OR plugin_id IN (SELECT id FROM " . TABLE_PREFIX . "plugins WHERE is_activated > 0 AND is_installed > 0))"));
foreach ($all_object_types as $ot) {
$root_permissions[$ot->getId()] = array('w' => 1, 'd' => 1, 'r' => 1);
}
}
// Set role permissions for active members
$sel_members = array();
$member_permissions = array();
$allowed_user_type_ids = config_option('give_member_permissions_to_new_users');
$role_ot_permissions = RoleObjectTypePermissions::findAll(array('conditions' => "role_id = '{$user_type}' AND object_type_id NOT IN (SELECT id FROM " . TABLE_PREFIX . "object_types WHERE name IN ('template','comment'))"));
$members_with_permissions = array();
if (in_array($user_type, $allowed_user_type_ids)) {
$enabled_dimension_ids = config_option('enabled_dimensions');
if (count($enabled_dimension_ids) > 0) {
$dimension_ids = Dimensions::findAll(array('id' => true, 'conditions' => "id in (" . implode(',', $enabled_dimension_ids) . ") AND defines_permissions=1 AND is_manageable=1"));
if (count($dimension_ids) > 0) {
$members_with_permissions = Members::findAll(array('id' => true, 'conditions' => "dimension_id IN (" . implode(',', $dimension_ids) . ")"));
}
}
}
$active_context = active_context();
if (is_array($active_context) && count($active_context) > 0) {
foreach ($active_context as $selection) {
if ($selection instanceof Member) {
$members_with_permissions[] = $selection->getId();
}
}
}
foreach ($members_with_permissions as $member_id) {
foreach ($role_ot_permissions as $p) {
function save_permissions($pg_id, $is_guest = false, $permissions_data = null, $save_cmps = true, $update_sharing_table = true, $fire_hook = true, $update_contact_member_cache = true, $users_ids_to_check = array(), $only_member_permissions = false)
{
if (is_null($permissions_data)) {
// system permissions
$sys_permissions_data = array_var($_POST, 'sys_perm');
// module permissions
$mod_permissions_data = array_var($_POST, 'mod_perm');
// root permissions
if ($rp_genid = array_var($_POST, 'root_perm_genid')) {
$rp_permissions_data = array();
foreach ($_POST as $name => $value) {
if (str_starts_with($name, $rp_genid . 'rg_root_')) {
$rp_permissions_data[$name] = $value;
}
}
}
// member permissions
$permissionsString = array_var($_POST, 'permissions');
} else {
// system permissions
$sys_permissions_data = array_var($permissions_data, 'sys_perm');
// module permissions
$mod_permissions_data = array_var($permissions_data, 'mod_perm');
// root permissions
$rp_genid = array_var($permissions_data, 'root_perm_genid');
$rp_permissions_data = array_var($permissions_data, 'root_perm');
// member permissions
$permissionsString = array_var($permissions_data, 'permissions');
}
try {
DB::beginWork();
$changed_members = array();
// save module permissions
if (!$only_member_permissions) {
try {
TabPanelPermissions::clearByPermissionGroup($pg_id, true);
if (!is_null($mod_permissions_data) && is_array($mod_permissions_data)) {
foreach ($mod_permissions_data as $tab_id => $val) {
DB::execute("INSERT INTO " . TABLE_PREFIX . "tab_panel_permissions (permission_group_id,tab_panel_id) VALUES ('{$pg_id}','{$tab_id}') ON DUPLICATE KEY UPDATE permission_group_id=permission_group_id");
}
}
} catch (Exception $e) {
Logger::log("Error saving module permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
throw $e;
}
}
$root_permissions_sharing_table_delete = array();
$root_permissions_sharing_table_add = array();
if (logged_user() instanceof Contact && can_manage_security(logged_user())) {
try {
if (!$only_member_permissions) {
// save system permissions
$system_permissions = SystemPermissions::findById($pg_id);
if (!$system_permissions instanceof SystemPermission) {
$system_permissions = new SystemPermission();
$system_permissions->setPermissionGroupId($pg_id);
}
$system_permissions->setAllPermissions(false);
$other_permissions = array();
Hook::fire('add_user_permissions', $pg_id, $other_permissions);
foreach ($other_permissions as $k => $v) {
$system_permissions->setColumnValue($k, false);
}
// check max permissions for role, in case of modifying user's permissions
$role_id = "-1";
$tmp_contact = Contacts::findOne(array('conditions' => 'permission_group_id = ' . $pg_id));
if ($tmp_contact instanceof Contact) {
$role_id = $tmp_contact->getUserType();
}
$max_role_system_permissions = MaxSystemPermissions::findOne(array('conditions' => 'permission_group_id = ' . $role_id));
if ($max_role_system_permissions instanceof MaxSystemPermission) {
foreach ($sys_permissions_data as $col => &$val) {
$max_val = $max_role_system_permissions->getColumnValue($col);
if (!$max_val) {
unset($sys_permissions_data[$col]);
}
}
}
// don't allow to write emails for collaborators and guests
if ($tmp_contact instanceof Contact) {
$user_type_name = $tmp_contact->getUserTypeName();
if (!in_array($user_type_name, array('Super Administrator', 'Administrator', 'Manager', 'Executive'))) {
$mail_ot = ObjectTypes::findByName('mail');
if ($mail_ot instanceof ObjectType) {
DB::executeAll("UPDATE " . TABLE_PREFIX . "contact_member_permissions SET can_write=0, can_delete=0 WHERE object_type_id=" . $mail_ot->getId() . " AND permission_group_id={$pg_id}");
}
}
}
$sys_permissions_data['can_task_assignee'] = !$is_guest;
$system_permissions->setFromAttributes($sys_permissions_data);
$system_permissions->setUseOnDuplicateKeyWhenInsert(true);
$system_permissions->save();
//object type root permissions
$can_have_root_permissions = config_option('let_users_create_objects_in_root') && in_array($user_type_name, array('Super Administrator', 'Administrator', 'Manager', 'Executive'));
if ($rp_genid && $can_have_root_permissions) {
ContactMemberPermissions::delete("permission_group_id = {$pg_id} AND member_id = 0");
foreach ($rp_permissions_data as $name => $value) {
if (str_starts_with($name, $rp_genid . 'rg_root_')) {
$rp_ot = substr($name, strrpos($name, '_') + 1);
if (is_numeric($rp_ot) && $rp_ot > 0 && $value == 0) {
$root_permissions_sharing_table_delete[] = $rp_ot;
}
if (!is_numeric($rp_ot) || $rp_ot <= 0 || $value < 1) {
continue;
}
$root_permissions_sharing_table_add[] = $rp_ot;
// save with member_id = 0
$root_perm_cmp = new ContactMemberPermission();
$root_perm_cmp->setPermissionGroupId($pg_id);
$root_perm_cmp->setMemberId('0');
$root_perm_cmp->setObjectTypeId($rp_ot);
$root_perm_cmp->setCanWrite($value >= 2);
$root_perm_cmp->setCanDelete($value >= 3);
$root_perm_cmp->save();
}
}
}
if (!$can_have_root_permissions) {
ContactMemberPermissions::delete("permission_group_id = {$pg_id} AND member_id = 0");
$sh_controller = new SharingTableController();
$all_object_type_ids = ObjectTypes::findAll(array('id' => true));
$sh_controller->adjust_root_permissions($pg_id, array('root_permissions_sharing_table_delete' => $all_object_type_ids));
}
}
} catch (Exception $e) {
Logger::log("Error saving system and root permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
throw $e;
}
}
// set all permissions to read_only if user is guest
if ($is_guest) {
try {
$all_saved_permissions = ContactMemberPermissions::findAll(array("conditions" => "`permission_group_id` = {$pg_id}"));
foreach ($all_saved_permissions as $sp) {
/* @var $sp ContactMemberPermission */
if ($sp->getCanDelete() || $sp->getCanWrite()) {
$sp->setCanDelete(false);
$sp->setCanWrite(false);
$sp->save();
}
}
$cdps = ContactDimensionPermissions::findAll(array("conditions" => "`permission_type` = 'allow all'"));
foreach ($cdps as $cdp) {
$cdp->setPermissionType('check');
$cdp->save();
}
} catch (Exception $e) {
Logger::log("Error setting guest user permissions to read_only for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
throw $e;
}
}
// check the status of the changed dimensions to set 'allow_all', 'deny_all' or 'check'
try {
$dimensions = Dimensions::findAll(array("conditions" => array("`id` IN (SELECT DISTINCT `dimension_id` FROM " . Members::instance()->getTableName(true) . " WHERE `id` IN (?))", $changed_members)));
foreach ($dimensions as $dimension) {
$dimension->setContactDimensionPermission($pg_id, 'check');
}
} catch (Exception $e) {
Logger::log("Error setting dimension permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
throw $e;
}
//member permissions
if ($permissionsString && $permissionsString != '') {
$permissions = json_decode($permissionsString);
}
if (isset($permissions) && !is_null($permissions) && is_array($permissions)) {
try {
$tmp_contact = Contacts::findOne(array('conditions' => 'permission_group_id = ' . $pg_id));
if ($tmp_contact instanceof Contact) {
$user_type_name = $tmp_contact->getUserTypeName();
$role_id = $tmp_contact->getUserType();
$max_role_ot_perms = MaxRoleObjectTypePermissions::instance()->findAll(array('conditions' => "role_id = '{$role_id}'"));
}
$mail_ot = ObjectTypes::findByName('mail');
$sql_insert_values = "";
$member_object_types_to_delete = array();
$allowed_members_ids = array();
foreach ($permissions as &$perm) {
if (!isset($all_perm_deleted[$perm->m])) {
$all_perm_deleted[$perm->m] = true;
}
$allowed_members_ids[$perm->m] = array();
$allowed_members_ids[$perm->m]['pg'] = $pg_id;
if ($perm->r) {
if (isset($allowed_members_ids[$perm->m]['w'])) {
if ($allowed_members_ids[$perm->m]['w'] != 1) {
$allowed_members_ids[$perm->m]['w'] = $is_guest ? false : $perm->w;
}
} else {
$allowed_members_ids[$perm->m]['w'] = $is_guest ? false : $perm->w;
}
if (isset($allowed_members_ids[$perm->m]['d'])) {
if ($allowed_members_ids[$perm->m]['d'] != 1) {
$allowed_members_ids[$perm->m]['d'] = $is_guest ? false : $perm->d;
}
} else {
$allowed_members_ids[$perm->m]['d'] = $is_guest ? false : $perm->d;
}
// check max permissions for user type
if ($tmp_contact instanceof Contact) {
$max_perm = null;
foreach ($max_role_ot_perms as $max_role_ot_perm) {
if ($max_role_ot_perm->getObjectTypeId() == $perm->o) {
$max_perm = $max_role_ot_perm;
}
}
if ($max_perm) {
if (!$max_perm->getCanDelete()) {
$perm->d = 0;
}
if (!$max_perm->getCanWrite()) {
$perm->w = 0;
}
} else {
$perm->d = 0;
$perm->w = 0;
$perm->r = 0;
}
}
if ($save_cmps) {
// don't allow to write emails for collaborators and guests
if ($tmp_contact instanceof Contact && !in_array($user_type_name, array('Super Administrator', 'Administrator', 'Manager', 'Executive'))) {
if ($mail_ot instanceof ObjectType && $perm->o == $mail_ot->getId()) {
$perm->d = 0;
$perm->w = 0;
}
}
$sql_insert_values .= ($sql_insert_values == "" ? "" : ",") . "('" . $pg_id . "','" . $perm->m . "','" . $perm->o . "','" . $perm->d . "','" . $perm->w . "')";
if (!isset($member_object_types_to_delete[$perm->m])) {
$member_object_types_to_delete[$perm->m] = array();
}
$member_object_types_to_delete[$perm->m][] = $perm->o;
}
$all_perm_deleted[$perm->m] = false;
} else {
if (is_numeric($perm->m) && is_numeric($perm->o)) {
DB::execute("DELETE FROM " . TABLE_PREFIX . "contact_member_permissions WHERE member_id='" . $perm->m . "' AND object_type_id='" . $perm->o . "' AND permission_group_id={$pg_id}");
}
}
$changed_members[] = $perm->m;
}
if ($save_cmps) {
if (count($all_perm_deleted) > 0) {
$member_ids_to_delete = array();
foreach ($all_perm_deleted as $mid => $del) {
// also check in contact_member_permissions
$cmps = ContactMemberPermissions::findAll(array('conditions' => 'permission_group_id=' . $pg_id . " AND member_id={$mid}"));
if ($del && (!is_array($cmps) || count($cmps) == 0)) {
$member_ids_to_delete[] = $mid;
}
}
if (count($member_ids_to_delete) > 0) {
DB::execute("DELETE FROM " . TABLE_PREFIX . "contact_member_permissions WHERE member_id IN (" . implode(',', $member_ids_to_delete) . ") AND permission_group_id={$pg_id}");
}
}
foreach ($member_object_types_to_delete as $mid => $obj_type_ids) {
if (count($obj_type_ids) > 0) {
DB::execute("DELETE FROM " . TABLE_PREFIX . "contact_member_permissions WHERE member_id={$mid} AND object_type_id IN (" . implode(',', $obj_type_ids) . ") AND permission_group_id={$pg_id}");
}
}
if ($sql_insert_values != "") {
DB::execute("INSERT INTO " . TABLE_PREFIX . "contact_member_permissions (permission_group_id, member_id, object_type_id, can_delete, can_write) VALUES {$sql_insert_values} ON DUPLICATE KEY UPDATE member_id=member_id");
}
}
} catch (Exception $e) {
Logger::log("Error saving member permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
throw $e;
}
}
DB::commit();
} catch (Exception $e) {
Logger::log("Error saving permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
DB::rollback();
}
try {
if (isset($permissions) && !is_null($permissions) && is_array($permissions)) {
if ($update_sharing_table) {
try {
$sharingTablecontroller = new SharingTableController();
$rp_info = array('root_permissions_sharing_table_delete' => $root_permissions_sharing_table_delete, 'root_permissions_sharing_table_add' => $root_permissions_sharing_table_add);
$sharingTablecontroller->afterPermissionChanged($pg_id, $permissions, $rp_info);
} catch (Exception $e) {
Logger::log("Error saving permissions to sharing table for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
throw $e;
}
}
if ($update_contact_member_cache) {
try {
$contactMemberCacheController = new ContactMemberCacheController();
$group = PermissionGroups::findById($pg_id);
$real_group = null;
if ($group->getType() == 'user_groups') {
$real_group = $group;
}
$users = $group->getUsers();
$users_ids_checked = array();
foreach ($users as $us) {
$users_ids_checked[] = $us->getId();
$contactMemberCacheController->afterUserPermissionChanged($us, $permissions, $real_group);
}
//check all users related to the group
foreach ($users_ids_to_check as $us_id) {
if (!in_array($us_id, $users_ids_checked)) {
$users_ids_checked[] = $us_id;
$us = Contacts::findById($us_id);
if ($us instanceof Contact) {
$contactMemberCacheController->afterUserPermissionChanged($us, $permissions, $real_group);
}
}
}
} catch (Exception $e) {
Logger::log("Error saving permissions to contact member cache for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
throw $e;
}
}
}
} catch (Exception $e) {
Logger::log("Error saving module permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
}
if ($fire_hook) {
Hook::fire('after_save_contact_permissions', $pg_id, $pg_id);
}
// remove contact object from members where permissions were deleted
$user = Contacts::findOne(array('conditions' => 'permission_group_id=' . $pg_id));
if ($user instanceof Contact) {
$to_remove = array();
if (isset($all_perm_deleted) && is_array($all_perm_deleted)) {
foreach ($all_perm_deleted as $m_id => $must_remove) {
if ($must_remove) {
$to_remove[] = $m_id;
}
}
ObjectMembers::removeObjectFromMembers($user, logged_user(), null, $to_remove);
}
}
}
function dimensions_js()
{
session_write_close();
header("Content-Type: text/javascript");
$dimensions = Dimensions::findAll();
echo "og.dimensions = [];\n";
foreach ($dimensions as $dim) {
$members = $dim->getAllMembers();
echo "var members = [];\n";
foreach ($members as $member) {
echo "members[" . $member->getId() . "] = {\n";
echo " id: " . $member->getId() . ",\n";
echo " name:'" . str_replace(array("'", "\\"), array("", "\\\\"), clean($member->getName())) . "',\n";
echo " ot:" . $member->getObjectTypeId() . ",\n";
echo " ico:'" . $member->getIconClass() . "'\n";
echo "};\n";
}
echo "og.dimensions[" . $dim->getId() . "] = members;\n\n";
}
exit;
}
/**
*
*
*/
function addToSharingTable() {
$oid = $this->getId();
$tid = $this->getObjectTypeId() ;
$gids = array();
$table_prefix = defined('FORCED_TABLE_PREFIX') && FORCED_TABLE_PREFIX ? FORCED_TABLE_PREFIX : TABLE_PREFIX;
//1. clear sharing table for this object
SharingTables::delete("object_id=$oid");
//2. get dimensions of this object's members that defines permissions
$res = DB::execute("SELECT d.id as did FROM ".$table_prefix."dimensions d INNER JOIN ".$table_prefix."members m on m.dimension_id=d.id
WHERE m.id IN ( SELECT member_id FROM ".$table_prefix."object_members WHERE object_id = $oid AND is_optimization = 0 ) AND d.defines_permissions = 1");
$dids_tmp = array();
while ($row = $res->fetchRow() ) {
$dids_tmp[$row['did']] = $row['did'] ;
}
$res->free();
$dids = array_values($dids_tmp);
$dids_tmp = null;
$sql_from = "".$table_prefix."contact_member_permissions cmp
INNER JOIN ".$table_prefix."members m ON m.id = cmp.member_id
INNER JOIN ".$table_prefix."dimensions d ON d.id = m.dimension_id";
$sql_where = "member_id IN ( SELECT member_id FROM ".$table_prefix."object_members WHERE object_id = $oid AND is_optimization = 0) AND cmp.object_type_id = $tid";
//3. If there are dimensions that defines permissions containing any of the object members
if ( count($dids) ){
// 3.1 get permission groups with permissions over the object.
$sql_fields = "permission_group_id AS group_id";
$sql = "
SELECT
$sql_fields
FROM
$sql_from
WHERE
$sql_where AND d.id IN (". implode(',',$dids).")";
$res = DB::execute($sql);
$gids_tmp = array();
while ( $row = $res->fetchRow() ) {
$gids_tmp[$row['group_id']] = $row['group_id'];
}
$res->free();
// allow all permission groups
$allow_all_rows = DB::executeAll("SELECT DISTINCT permission_group_id FROM ".$table_prefix."contact_dimension_permissions cdp
INNER JOIN ".$table_prefix."members m on m.dimension_id=cdp.dimension_id
WHERE cdp.permission_type='allow all' AND cdp.dimension_id IN (". implode(',',$dids).");");
if (is_array($allow_all_rows)) {
foreach ($allow_all_rows as $row) {
$gids_tmp[$row['permission_group_id']] = $row['permission_group_id'];
}
}
$gids = array_values($gids_tmp);
$gids_tmp = null;
// check for mandatory dimensions
$mandatory_dim_ids = Dimensions::findAll(array('id' => true, 'conditions' => "`defines_permissions`=1 AND `permission_query_method`='".DIMENSION_PERMISSION_QUERY_METHOD_MANDATORY."'"));
if (count($gids) > 0 && count($mandatory_dim_ids) > 0) {
$sql = "SELECT om.member_id, m.dimension_id FROM ".$table_prefix."object_members om
INNER JOIN ".$table_prefix."members m ON m.id=om.member_id INNER JOIN ".$table_prefix."dimensions d ON d.id=m.dimension_id
WHERE om.object_id = $oid AND om.is_optimization = 0 AND d.id IN (".implode(",", $mandatory_dim_ids).")";
// Object members in mandatory dimensions
$object_member_ids_res = DB::executeAll($sql);
$mandatory_dim_members = array();
if (!is_null($object_member_ids_res)) {
foreach ($object_member_ids_res as $row) {
if (!isset($mandatory_dim_members[$row['dimension_id']])) $mandatory_dim_members[$row['dimension_id']] = array();
$mandatory_dim_members[$row['dimension_id']][] = $row['member_id'];
}
$mandatory_dim_allowed_pgs = array();
// Check foreach group that it has permissions over at least one member of each mandatory dimension
foreach ($mandatory_dim_members as $mdim_id => $mmember_ids) {
$sql = "SELECT pg.id FROM ".$table_prefix."permission_groups pg
INNER JOIN ".$table_prefix."contact_dimension_permissions cdp ON cdp.permission_group_id=pg.id
INNER JOIN ".$table_prefix."contact_member_permissions cmp ON cmp.permission_group_id=pg.id
WHERE cdp.dimension_id = '$mdim_id' AND (
cdp.permission_type='allow all' OR cdp.permission_type='check' AND cmp.permission_group_id IN (".implode(',', $gids).")
AND cmp.member_id IN (".implode(',', $mmember_ids).")
)";
$permission_groups_res = DB::executeAll($sql);
$mandatory_dim_allowed_pgs[$mdim_id] = array();
if (!is_null($permission_groups_res)) {
foreach ($permission_groups_res as $row) {
if (!in_array($row['id'], $mandatory_dim_allowed_pgs[$mdim_id])) $mandatory_dim_allowed_pgs[$mdim_id][] = $row['id'];
}
}
}
if (isset($mandatory_dim_allowed_pgs) && count($mandatory_dim_allowed_pgs) > 0) {
$original_mandatory_dim_allowed_pgs = $mandatory_dim_allowed_pgs;
$allowed_gids = array_pop($mandatory_dim_allowed_pgs);
foreach ($mandatory_dim_allowed_pgs as $pg_array) {
$allowed_gids = array_intersect($allowed_gids, $pg_array);
}
// If an user has permissions in one dim using a group and in other dim using his personal permissions then add to sharing table its personal permission group
$pg_ids = array_unique(array_flat($original_mandatory_dim_allowed_pgs));
$pgs_data = DB::executeAll("SELECT * FROM ".TABLE_PREFIX."permission_groups WHERE id IN (".implode(',',$pg_ids).")");
$contact_pgs = array();
$contact_pg_rows = DB::executeAll("SELECT * FROM ".TABLE_PREFIX."contact_permission_groups WHERE permission_group_id IN (".implode(',',$pg_ids).") ORDER BY permission_group_id");
foreach ($contact_pg_rows as $cpgr) {
if (!isset($contact_pgs[$cpgr['contact_id']])) $contact_pgs[$cpgr['contact_id']] = array();
$contact_pgs[$cpgr['contact_id']][] = $cpgr['permission_group_id'];
}
// each user must have at least one pg for every dimension
foreach ($contact_pgs as $contact_id => $permission_groups) {
$has_one = array_flip(array_keys($original_mandatory_dim_allowed_pgs));
foreach ($has_one as $k => &$v) $v = false;
foreach ($permission_groups as $pg_id) {
foreach ($original_mandatory_dim_allowed_pgs as $dim_id => $allowedpgs) {
if (in_array($pg_id, $allowedpgs)) {
$has_one[$dim_id] = true;
break;
}
}
}
// all dims must be true in this array to allow permissions
$has_permission = !in_array(false, $has_one);
if ($has_permission) {
$contact_row = DB::executeOne("SELECT permission_group_id FROM ".TABLE_PREFIX."contacts where object_id = $contact_id");
if (is_array($contact_row) && $contact_row['permission_group_id'] > 0) {
$allowed_gids[] = $contact_row['permission_group_id'];
}
}
}
$gids = array_unique($allowed_gids, SORT_NUMERIC);
} else {
$gids = array();
}
}
}
}else {
if ( count($this->getMemberIds()) > 0 ) {
// 3.2 No memeber dimensions defines permissions.
// No esta en ninguna dimension que defina permisos, El objecto esta en algun lado
// => En todas las dimensiones en la que está no definen permisos => Busco todos los grupos
$gids = PermissionGroups::instance()->findAll(array('id' => true));
}
}
if(count($gids)) {
$stManager = SharingTables::instance();
$stManager->populateGroups($gids, $oid);
$gids = null;
}
}
function system_modules()
{
if (!can_manage_configuration(logged_user())) {
flash_error(lang('no access permissions'));
ajx_current("empty");
return;
}
ajx_set_no_toolbar();
$modules = array();
$other_modules = array();
$disabled_modules = array();
// mail
$mail_info = null;
if (!Plugins::instance()->isActivePlugin('mail')) {
$mail_info = array('id' => 'mails-panel', 'name' => lang('email tab'), 'link' => 'http://www.fengoffice.com/web/email.php', 'ico' => 'ico-large-mail');
$disabled_modules[] = $mail_info;
}
/* $lo_info = array(
'id' => 'liquid-office',
'name' => lang('liquid office'),
'link' => 'https://www.liquid-office.eu/',
'ico' => 'ico-large-liquid-office',
);
$disabled_modules[] = $lo_info;*/
$tab_panels = TabPanels::findAll(array('conditions' => "id<>'more-panel' AND (plugin_id is NULL OR plugin_id = 0 OR plugin_id IN (SELECT id FROM " . TABLE_PREFIX . "plugins WHERE is_installed > 0))", 'order' => 'ordering'));
foreach ($tab_panels as $panel) {
if ($panel->getId() == 'mails-panel' && $mail_info != null) {
continue;
}
$enabled = $panel->getEnabled();
if ($enabled && $panel->getPluginId() > 0) {
$plugin = Plugins::findById($panel->getPluginId());
$enabled = $enabled && $plugin instanceof Plugin && $plugin->isActive();
}
$modules[] = array('id' => $panel->getId(), 'name' => lang($panel->getTitle()), 'enabled' => $enabled, 'ico' => str_replace('ico-', 'ico-large-', $panel->getIconCls()), 'hint' => escape_character(lang('system module ' . $panel->getId() . ' hint')));
}
// gantt
$gantt_plugin = Plugins::instance()->findOne(array('conditions' => "name='gantt'"));
if ($gantt_plugin instanceof Plugin) {
$gantt_info = array('id' => 'gantt', 'name' => lang('gantt chart'), 'enabled' => $gantt_plugin->isActive(), 'ico' => 'ico-large-gantt-module', 'hint' => escape_character(lang('system module gantt hint')));
$other_modules[] = $gantt_info;
}
/*
// member_custom_properties
$member_custom_properties_plugin = Plugins::instance()->findOne(array('conditions' => "name='member_custom_properties'"));
if ($member_custom_properties_plugin instanceof Plugin) {
$member_custom_properties_plugin = array(
'id' => 'member_custom_properties',
'name' => lang('member_custom_properties'),
'enabled' => $member_custom_properties_plugin->isActive(),
'ico' => 'ico-large-custom-properties',
'hint' => str_replace("'", "\'", ""),
);
$other_modules[] = $member_custom_properties_plugin;
}
*/
/*
// gantt
$gantt_info = array(
'id' => 'gantt',
'name' => lang('gantt chart'),
'ico' => 'ico-large-gantt-module',
'hint' => str_replace("'", "\'", lang('system module gantt hint')),
);
if (!Plugins::instance()->isActivePlugin('gantt')) {
if (Plugins::instance()->isActivePlugin('crpm')) {
$disabled_modules[] = $gantt_info;
}
} else {
$other_modules[] = $gantt_info;
}
// expenses
$expenses_info = array(
'id' => 'expenses',
'name' => lang('expenses'),
'ico' => 'ico-large-expenses-module',
'hint' => str_replace("'", "\'", lang('system module expenses-panel hint')),
);
if (!Plugins::instance()->isActivePlugin('expenses')) {
if (Plugins::instance()->isActivePlugin('crpm')) {
$disabled_modules[] = $expenses_info;
}
}
// objectives
$expenses_info = array(
'id' => 'objectives',
'name' => lang('objectives'),
'ico' => 'ico-large-objectives-module',
'hint' => str_replace("'", "\'", lang('system module objectives-panel hint')),
);
if (!Plugins::instance()->isActivePlugin('objectives')) {
if (Plugins::instance()->isActivePlugin('crpm')) {
$disabled_modules[] = $expenses_info;
}
}
*/
$active_dimensions_tmp = Dimensions::findAll(array('order' => 'default_order'));
$active_dimensions = array();
foreach ($active_dimensions_tmp as $dim) {
if ($dim->getCode() == 'feng_persons') {
continue;
}
$dname = $dim->getName();
$active_dimensions[$dim->getCode()] = array('id' => $dim->getId(), 'name' => $dname, 'code' => $dim->getCode(), 'ico' => 'ico-large-' . $dim->getCode(), 'hint' => lang('system dimension ' . $dim->getCode() . ' hint'));
}
$dimensions_set = array_keys($active_dimensions);
$other_dimensions = array();
if (!isset($active_dimensions['workspaces'])) {
$other_dimensions[] = array('name' => lang('workspaces'), 'ico' => 'ico-large-workspaces', 'hint' => lang('system dimension workspaces hint'));
}
if (!isset($active_dimensions['tags'])) {
$other_dimensions[] = array('name' => lang('tags'), 'ico' => 'ico-large-tags', 'hint' => lang('system dimension tags hint'));
}
if (!isset($active_dimensions['customer_project'])) {
if (Plugins::instance()->isActivePlugin('crpm')) {
$other_dimensions[] = array('name' => lang('customer_project'), 'ico' => 'ico-large-customer_project', 'hint' => lang('system dimension customer_project hint'));
}
}
$user_dimension_ids = config_option('enabled_dimensions');
tpl_assign("modules", $modules);
tpl_assign("other_modules", $other_modules);
tpl_assign("disabled_modules", $disabled_modules);
tpl_assign('active_dimensions', $active_dimensions);
tpl_assign('other_dimensions', $other_dimensions);
tpl_assign('user_dimension_ids', $user_dimension_ids);
}
static function prepareAssociationConditions($redefined_context, $dimensions, $properties, $pg_ids, $selection_members)
{
$is_property = array();
foreach ($properties as $p => $value) {
//obtener miembros de la dimension asociada que tienen como propiedad los miembros seleccionados de esta dimension
foreach ($value as $v) {
$associations = DimensionMemberAssociations::getAllAssociations($v, $p);
if (!is_null($associations)) {
foreach ($associations as $association) {
$is_property[$v] = true;
$v_ids_csv = is_array($dimensions[$v]['allowed_members']) && count($dimensions[$v]['allowed_members']) > 0 ? implode(",", $dimensions[$v]['allowed_members']) : '0';
$p_ids_csv = is_array($dimensions[$p]['allowed_members']) && count($dimensions[$p]['allowed_members']) > 0 ? implode(",", $dimensions[$p]['allowed_members']) : '0';
$prop_members = MemberPropertyMembers::getAssociatedMembers($association->getId(), $v_ids_csv, $p_ids_csv);
if (count($prop_members) > 0) {
$property_members[] = $prop_members;
}
}
}
}
}
// intersect the allowed members for each property
$member_intersection = array_var($property_members, 0, array());
if (count($property_members) > 1) {
$k = 1;
while ($k < count($property_members)) {
$member_intersection = array_intersect($member_intersection, $property_members[$k++]);
}
}
$association_conditions = "";
foreach ($redefined_context as $key => $value) {
$dimension = Dimensions::getDimensionById($value);
$object_types = $dimensions[$value]['object_types'];
if (!isset($is_property[$value])) {
$member_ids = $dimensions[$value]['allowed_members'];
} else {
$member_ids = $member_intersection;
}
$association_conditions .= self::prepareQuery($association_conditions, $dimension, $member_ids, $object_types, $pg_ids, 'AND', $selection_members);
}
$dims = Dimensions::findAll();
foreach ($dims as $dim) {
if (!in_array($dim->getId(), $redefined_context) && !isset($properties[$dim->getId()]) && $dim->canContainObjects()) {
$member_ids = array();
$all_members = $dim->getAllMembers();
foreach ($all_members as $member) {
$member_ids[] = $member->getId();
}
$object_types = DimensionObjectTypeContents::getContentObjectTypeIds($dimension->getId());
$association_conditions .= self::prepareQuery($association_conditions, $dim, $member_ids, $object_types, $pg_ids, 'OR', $selection_members, true);
}
}
return $association_conditions;
}
function after_permission_changed($group = null, $permissions = null, $root_perm_info = null)
{
@set_time_limit(0);
$die = false;
if ($group == null || $permissions == null) {
$die = true;
if ($group == null) {
$group = array_var($_REQUEST, 'group');
}
if ($permissions == null) {
$permissions = json_decode(array_var($_REQUEST, 'permissions'));
}
}
// CHECK PARAMETERS
if (!count($permissions)) {
return false;
}
if (!is_numeric($group) || !$group) {
throw new Error("Error filling sharing table. Invalid Paramenters for afterPermissionChanged method");
}
// INIT LOCAL VARS
$stManager = SharingTables::instance();
$affectedObjects = array();
$members = array();
$general_condition = '';
$read_condition = '';
$read_conditions = array();
$delete_condition = '';
$delete_conditions = array();
$all_read_conditions = array();
$read_count = 0;
$all_del_conditions = array();
$del_count = 0;
// BUILD OBJECT_IDs SUB-QUERIES
$from = "FROM " . TABLE_PREFIX . "object_members om INNER JOIN " . TABLE_PREFIX . "objects o ON o.id = om.object_id";
foreach ($permissions as $permission) {
$memberId = $permission->m;
$objectTypeId = $permission->o;
if (!$memberId || !$objectTypeId) {
continue;
}
$delete_conditions[] = " ( object_type_id = '{$objectTypeId}' AND om.member_id = '{$memberId}' AND om.is_optimization = 0 ) ";
$del_count++;
if ($del_count >= 20) {
$all_del_conditions[] = $delete_conditions;
$delete_conditions = array();
$del_count = 0;
}
if ($permission->r) {
if (!isset($read_conditions[$objectTypeId . "_" . $memberId])) {
$read_conditions[$objectTypeId . "_" . $memberId] = " ( object_type_id = '{$objectTypeId}' AND om.member_id = '{$memberId}' ) ";
$read_count++;
if ($read_count >= 500) {
$all_read_conditions[] = $read_conditions;
$read_count = 0;
$read_conditions = array();
}
}
}
}
$all_read_conditions[] = $read_conditions;
$all_del_conditions[] = $delete_conditions;
// DELETE THE AFFECTED OBJECTS FROM SHARING TABLE
foreach ($all_del_conditions as $delete_conditions) {
if (!is_array($delete_conditions) || count($delete_conditions) == 0) {
continue;
}
/*
// check if the permission group still can view any of the affected objects (if they are classified in another dimension member)
$del_objs = DB::executeAll("SELECT object_id, o.object_type_id $from WHERE ".implode(' OR ' , $delete_conditions ));
$del_objs_can_read = array();
foreach ($del_objs as $do_row) {
$do = $do_row['object_id'];
$ot_id = $do_row['object_type_id'];
$mems = ObjectMembers::instance()->getMembersByObject($object_id);
if (can_access_pgids(array($group), $mems, $ot_id, ACCESS_LEVEL_READ)) {
$del_objs_can_read[] = $do;
}
}
// objects that were included to be deleted but still can be read
$not_to_del_objs_cond = "";
if (count($del_objs_can_read) > 0) {
$not_to_del_objs_cond = " AND object_id NOT IN (".implode(',',$del_objs_can_read).")";
}*/
// delete registers only for objects that cannot be read anymore for this permission group
$oids = DB::executeAll("SELECT object_id {$from} WHERE " . implode(' OR ', $delete_conditions) . "");
if (is_array($oids) && count($oids) > 0) {
$oids = array_flat($oids);
$stManager->delete("object_id IN (" . implode(',', $oids) . ") AND group_id = '{$group}'");
}
}
// 2.0 POPULATE THE SHARING TABLE AGAIN WITH THE READ-PERMISSIONS (If there are)
// 2.1 Check mandatory dimensions, if an objects belongs to a member in a mandatory dimension then the permission group must have permissions in the member,
// if user doesn't have permissions ther, then the user cannot read the object, no matter what other permissions are active
$enabled_dimensions_sql = "";
$enabled_dimensions_ids = implode(',', config_option('enabled_dimensions'));
if ($enabled_dimensions_ids != "") {
$enabled_dimensions_sql = "AND id IN ({$enabled_dimensions_ids})";
}
$mandatory_dim_ids = Dimensions::findAll(array('id' => true, 'conditions' => "`defines_permissions`=1 {$enabled_dimensions_sql} AND `permission_query_method`='" . DIMENSION_PERMISSION_QUERY_METHOD_MANDATORY . "'"));
$mdim_conds = "";
if (count($mandatory_dim_ids) > 0) {
foreach ($mandatory_dim_ids as $md_id) {
$mdim_conds .= "\r\n\t\t\t\tAND IF (\r\n\t\t\t\t\t(SELECT count(om1.object_id) FROM " . TABLE_PREFIX . "object_members om1 INNER JOIN " . TABLE_PREFIX . "members m1 ON m1.id=om1.member_id \r\n\t\t\t\t\tWHERE om1.object_id=o.id AND om1.is_optimization=0 AND m1.dimension_id={$md_id})=0, \r\n\t\t\t\t\t\ttrue, \r\n\t\t\t\t\t\tEXISTS (SELECT cmp.permission_group_id FROM " . TABLE_PREFIX . "contact_member_permissions cmp WHERE cmp.permission_group_id={$group} AND cmp.object_type_id=o.object_type_id\r\n\t\t\t\t\t\t\tAND cmp.member_id IN (\r\n\t\t\t\t\t\t\t\tSELECT om2.member_id FROM " . TABLE_PREFIX . "object_members om2 WHERE om2.object_id=o.id AND om2.is_optimization=0 AND om2.member_id IN (\r\n\t\t\t\t\t\t\t\t\tSELECT m2.id FROM " . TABLE_PREFIX . "members m2 WHERE m2.dimension_id={$md_id}\r\n\t\t\t\t\t\t\t\t)\r\n\t\t\t\t\t\t\t)\r\n\t\t\t\t\t\t)\r\n\t\t\t\t)";
}
}
// 2.2 Select objects that have read permissions for this permission group
foreach ($all_read_conditions as $read_conditions) {
if (isset($read_conditions) && count($read_conditions)) {
$st_new_rows = "\r\n\t\t\t\t\tSELECT {$group} AS group_id, object_id {$from}\r\n\t\t\t\t\tWHERE om.is_optimization=0 AND (" . implode(' OR ', $read_conditions) . ") {$mdim_conds}";
$st_insert_sql = "INSERT INTO " . TABLE_PREFIX . "sharing_table(group_id, object_id) {$st_new_rows} ON DUPLICATE KEY UPDATE " . TABLE_PREFIX . "sharing_table.group_id=" . TABLE_PREFIX . "sharing_table.group_id;";
DB::execute($st_insert_sql);
}
}
if ($die) {
die;
}
}
/**
* Finish the installation - create owner company and administrator
*
* @param void
* @return null
*/
function complete_installation()
{
if (Contacts::getOwnerCompany() instanceof Contact) {
die('Owner company already exists');
// Somebody is trying to access this method even if the user already exists
}
// if
$form_data = array_var($_POST, 'form');
tpl_assign('form_data', $form_data);
if (array_var($form_data, 'submited') == 'submited') {
try {
$admin_password = trim(array_var($form_data, 'admin_password'));
$admin_password_a = trim(array_var($form_data, 'admin_password_a'));
if (trim($admin_password) == '') {
throw new Error(lang('password value required'));
}
// if
if ($admin_password != $admin_password_a) {
throw new Error(lang('passwords dont match'));
}
// if
DB::beginWork();
Contacts::delete();
// clear users table
// Create a company
$company = new Contact();
$company->setFirstName(array_var($form_data, 'company_name'));
$company->setObjectName();
$company->setIsCompany(true);
$company->save();
// Init default colors
set_config_option('brand_colors_head_back', "424242");
set_config_option('brand_colors_tabs_back', "e7e7e7");
set_config_option('brand_colors_head_font', "FFFFFF");
set_config_option('brand_colors_tabs_font', "333333");
// Create the administrator user
$administrator = new Contact();
$pergroup = PermissionGroups::findOne(array('conditions' => "`name`='Super Administrator'"));
$administrator->setUserType($pergroup->getId());
$administrator->setCompanyId($company->getId());
$administrator->setUsername(array_var($form_data, 'admin_username'));
$administrator->setPassword($admin_password);
$administrator->setFirstname(array_var($form_data, 'admin_username'));
$administrator->setObjectName();
$administrator->save();
$user_password = new ContactPassword();
$user_password->setContactId($administrator->getId());
$user_password->password_temp = $admin_password;
$user_password->setPasswordDate(DateTimeValueLib::now());
$user_password->setPassword(cp_encrypt($admin_password, $user_password->getPasswordDate()->getTimestamp()));
$user_password->save();
//Add email after save because is needed.
$administrator->addEmail(array_var($form_data, 'admin_email'), 'personal', true);
//permissions
$permission_group = new PermissionGroup();
$permission_group->setName('Account Owner');
$permission_group->setContactId($administrator->getId());
$permission_group->setIsContext(false);
$permission_group->setType("permission_groups");
$permission_group->save();
$administrator->setPermissionGroupId($permission_group->getId());
$administrator->save();
$company->setCreatedById($administrator->getId());
$company->setUpdatedById($administrator->getId());
$company->save();
$contact_pg = new ContactPermissionGroup();
$contact_pg->setContactId($administrator->getId());
$contact_pg->setPermissionGroupId($permission_group->getId());
$contact_pg->save();
// tab panel permissions
$panels = TabPanels::getEnabled();
foreach ($panels as $panel) {
$tpp = new TabPanelPermission();
$tpp->setPermissionGroupId($administrator->getPermissionGroupId());
$tpp->setTabPanelId($panel->getId());
$tpp->save();
}
// dimension permissions
$dimensions = Dimensions::findAll();
foreach ($dimensions as $dimension) {
if ($dimension->getDefinesPermissions()) {
$cdp = ContactDimensionPermissions::findOne(array("conditions" => "`permission_group_id` = " . $administrator->getPermissionGroupId() . " AND `dimension_id` = " . $dimension->getId()));
if (!$cdp instanceof ContactDimensionPermission) {
$cdp = new ContactDimensionPermission();
$cdp->setPermissionGroupId($administrator->getPermissionGroupId());
$cdp->setContactDimensionId($dimension->getId());
}
$cdp->setPermissionType('allow all');
$cdp->save();
// contact member permisssion entries
$members = $dimension->getAllMembers();
foreach ($members as $member) {
$ots = DimensionObjectTypeContents::getContentObjectTypeIds($dimension->getId(), $member->getObjectTypeId());
$ots[] = $member->getObjectId();
foreach ($ots as $ot) {
$cmp = ContactMemberPermissions::findOne();
if (!$cmp instanceof ContactMemberPermission) {
$cmp = new ContactMemberPermission(array("conditions" => "`permission_group_id` = " . $administrator->getPermissionGroupId() . " AND `member_id` = " . $member->getId() . " AND `object_type_id` = {$ot}"));
$cmp->setPermissionGroupId($administrator->getPermissionGroupId());
$cmp->setMemberId($member->getId());
$cmp->setObjectTypeId($ot);
}
$cmp->setCanWrite(1);
$cmp->setCanDelete(1);
$cmp->save();
}
}
}
}
// system permissions
$sp = new SystemPermission();
$sp->setPermissionGroupId($administrator->getPermissionGroupId());
$sp->setAllPermissions(true);
$sp->save();
// root permissions
DB::executeAll("\r\n\t\t\t\tINSERT INTO " . TABLE_PREFIX . "contact_member_permissions (permission_group_id, member_id, object_type_id, can_delete, can_write)\r\n\t\t\t\t SELECT " . $administrator->getPermissionGroupId() . ", 0, rtp.object_type_id, rtp.can_delete, rtp.can_write FROM " . TABLE_PREFIX . "role_object_type_permissions rtp \r\n\t\t\t\t WHERE rtp.object_type_id NOT IN (SELECT id FROM " . TABLE_PREFIX . "object_types WHERE name IN ('mail','template','file_revision')) AND rtp.role_id in (\r\n\t\t\t\t SELECT pg.id FROM " . TABLE_PREFIX . "permission_groups pg WHERE pg.type='roles' AND pg.name IN ('Super Administrator','Administrator','Manager','Executive')\r\n\t\t\t\t )\r\n\t\t\t\tON DUPLICATE KEY UPDATE member_id=0;");
Hook::fire('after_user_add', $administrator, $null);
DB::commit();
$this->redirectTo('access', 'login');
} catch (Exception $e) {
tpl_assign('error', $e);
DB::rollback();
}
// try
}
// if
}
function save_permissions($pg_id, $is_guest = false)
{
$sys_permissions_data = array_var($_POST, 'sys_perm');
$changed_members = array();
//module permissions
$mod_permissions_data = array_var($_POST, 'mod_perm');
TabPanelPermissions::clearByPermissionGroup($pg_id);
if (!is_null($mod_permissions_data) && is_array($mod_permissions_data)) {
foreach ($mod_permissions_data as $tab_id => $val) {
$tpp = new TabPanelPermission();
$tpp->setPermissionGroupId($pg_id);
$tpp->setTabPanelId($tab_id);
$tpp->save();
}
}
//system permissions
$system_permissions = SystemPermissions::findById($pg_id);
if (!$system_permissions instanceof SystemPermission) {
$system_permissions = new SystemPermission();
$system_permissions->setPermissionGroupId($pg_id);
}
$system_permissions->setAllPermissions(false);
$other_permissions = array();
Hook::fire('add_user_permissions', $pg_id, $other_permissions);
foreach ($other_permissions as $k => $v) {
$system_permissions->setColumnValue($k, false);
}
$sys_permissions_data['can_task_assignee'] = !$is_guest;
$system_permissions->setFromAttributes($sys_permissions_data);
$system_permissions->save();
//member permissions
$permissionsString = array_var($_POST, 'permissions');
if ($permissionsString && $permissionsString != '') {
$permissions = json_decode($permissionsString);
}
if (isset($permissions) && !is_null($permissions) && is_array($permissions)) {
$allowed_members_ids = array();
foreach ($permissions as $perm) {
if (!isset($all_perm_deleted[$perm->m])) {
$all_perm_deleted[$perm->m] = true;
}
$allowed_members_ids[$perm->m] = array();
$allowed_members_ids[$perm->m]['pg'] = $pg_id;
$cmp = ContactMemberPermissions::findById(array('permission_group_id' => $pg_id, 'member_id' => $perm->m, 'object_type_id' => $perm->o));
if (!$cmp instanceof ContactMemberPermission) {
$cmp = new ContactMemberPermission();
$cmp->setPermissionGroupId($pg_id);
$cmp->setMemberId($perm->m);
$cmp->setObjectTypeId($perm->o);
}
$cmp->setCanWrite($is_guest ? false : $perm->w);
$cmp->setCanDelete($is_guest ? false : $perm->d);
if ($perm->r) {
if (isset($allowed_members_ids[$perm->m]['w'])) {
if ($allowed_members_ids[$perm->m]['w'] != 1) {
$allowed_members_ids[$perm->m]['w'] = $is_guest ? false : $perm->w;
}
} else {
$allowed_members_ids[$perm->m]['w'] = $is_guest ? false : $perm->w;
}
if (isset($allowed_members_ids[$perm->m]['d'])) {
if ($allowed_members_ids[$perm->m]['d'] != 1) {
$allowed_members_ids[$perm->m]['d'] = $is_guest ? false : $perm->d;
}
} else {
$allowed_members_ids[$perm->m]['d'] = $is_guest ? false : $perm->d;
}
$cmp->save();
$all_perm_deleted[$perm->m] = false;
} else {
$cmp->delete();
}
$changed_members[] = $perm->m;
}
$sharingTablecontroller = new SharingTableController();
$sharingTablecontroller->afterPermissionChanged($pg_id, $permissions);
foreach ($allowed_members_ids as $key => $mids) {
$mbm = Members::findById($key);
$root_cmp = ContactMemberPermissions::findById(array('permission_group_id' => $mids['pg'], 'member_id' => $key, 'object_type_id' => $mbm->getObjectTypeId()));
if (!$root_cmp instanceof ContactMemberPermission) {
$root_cmp = new ContactMemberPermission();
$root_cmp->setPermissionGroupId($mids['pg']);
$root_cmp->setMemberId($key);
$root_cmp->setObjectTypeId($mbm->getObjectTypeId());
}
$root_cmp->setCanWrite($mids['w']);
$root_cmp->setCanDelete($mids['d']);
$root_cmp->save();
}
foreach ($all_perm_deleted as $mid => $pd) {
if ($pd) {
ContactMemberPermissions::instance()->delete("`permission_group_id` = {$pg_id} AND `member_id` = {$mid}");
}
}
}
// set all permissiions to read_only
if ($is_guest) {
$all_saved_permissions = ContactMemberPermissions::findAll(array("conditions" => "`permission_group_id` = {$pg_id}"));
foreach ($all_saved_permissions as $sp) {
/* @var $sp ContactMemberPermission */
if ($sp->getCanDelete() || $sp->getCanWrite()) {
$sp->setCanDelete(false);
$sp->setCanWrite(false);
$sp->save();
}
}
$cdps = ContactDimensionPermissions::findAll(array("conditions" => "`permission_type` = 'allow all'"));
foreach ($cdps as $cdp) {
$cdp->setPermissionType('check');
$cdp->save();
}
}
// check the status of the changed dimensions to set 'allow_all', 'deny_all' or 'check'
$dimensions = Dimensions::findAll(array("conditions" => array("`id` IN (SELECT DISTINCT `dimension_id` FROM " . Members::instance()->getTableName(true) . " WHERE `id` IN (?))", $changed_members)));
foreach ($dimensions as $dimension) {
$mem_ids = $dimension->getAllMembers(true);
if (count($mem_ids) == 0) {
$mem_ids[] = 0;
}
$count = ContactMemberPermissions::count(array('conditions' => "`permission_group_id`={$pg_id} AND `member_id` IN (" . implode(",", $mem_ids) . ") AND `can_delete` = 0"));
if ($count > 0) {
$dimension->setContactDimensionPermission($pg_id, 'check');
} else {
$count = ContactMemberPermissions::count(array('conditions' => "`permission_group_id`={$pg_id} AND `member_id` IN (" . implode(",", $mem_ids) . ")"));
if ($count == 0) {
$dimension->setContactDimensionPermission($pg_id, 'deny all');
} else {
$allow_all = true;
$dim_obj_types = $dimension->getAllowedObjectTypeContents();
$members = Members::findAll("`id` IN (" . implode(",", $mem_ids) . ")");
foreach ($dim_obj_types as $dim_obj_type) {
$mem_ids_for_ot = array();
foreach ($members as $member) {
if ($dim_obj_type->getDimensionObjectTypeId() == $member->getObjectTypeId()) {
$mem_ids_for_ot[] = $member->getId();
}
}
if (count($mem_ids_for_ot) == 0) {
$mem_ids_for_ot[] = 0;
}
$count = ContactMemberPermissions::count(array('conditions' => "`permission_group_id`={$pg_id} AND \n\t\t\t\t\t\t`object_type_id` = " . $dim_obj_type->getContentObjectTypeId() . " AND `can_delete` = 1 AND `member_id` IN (" . implode(",", $mem_ids_for_ot) . ")"));
if ($count != count($mem_ids_for_ot)) {
$allow_all = false;
break;
}
}
if ($allow_all) {
$dimension->setContactDimensionPermission($pg_id, 'allow all');
} else {
$dimension->setContactDimensionPermission($pg_id, 'check');
}
}
}
}
}
function add_to_members($object, $member_ids, $user = null, $check_allowed_members = true)
{
if (!$user instanceof Contact) {
$user = logged_user();
}
if ($user->isGuest()) {
flash_error(lang('no access permissions'));
ajx_current("empty");
return;
}
if (isset($_POST['trees_not_loaded']) && $_POST['trees_not_loaded'] > 0) {
return;
}
$required_dimension_ids = array();
$dimension_object_types = $object->getDimensionObjectTypes();
foreach ($dimension_object_types as $dot) {
if ($dot->getIsRequired()) {
$required_dimension_ids[] = $dot->getDimensionId();
}
}
$required_dimensions = Dimensions::findAll(array("conditions" => "id IN (" . implode(",", $required_dimension_ids) . ")"));
// If not entered members
if (!count($member_ids) > 0) {
$throw_error = true;
if (Plugins::instance()->isActivePlugin('core_dimensions')) {
$personal_member = Members::findById($user->getPersonalMemberId());
if ($personal_member instanceof Member) {
$member_ids[] = $user->getPersonalMemberId();
}
}
}
if (count($member_ids) > 0) {
$enteredMembers = Members::findAll(array('conditions' => 'id IN (' . implode(",", $member_ids) . ')'));
} else {
$enteredMembers = array();
}
$object->removeFromMembers($user, $enteredMembers);
/* @var $object ContentDataObject */
$validMembers = $check_allowed_members ? $object->getAllowedMembersToAdd($user, $enteredMembers) : $enteredMembers;
foreach ($required_dimensions as $rdim) {
$exists = false;
foreach ($validMembers as $m) {
if ($m->getDimensionId() == $rdim->getId()) {
$exists = true;
break;
}
}
if (!$exists) {
throw new Exception(lang('must choose at least one member of', $rdim->getName()));
}
}
$object->addToMembers($validMembers);
Hook::fire('after_add_to_members', $object, $null);
$object->addToSharingTable();
return $validMembers;
}
/**
* Finish the installation - create owner company and administrator
*
* @param void
* @return null
*/
function complete_installation() {
if(Contacts::getOwnerCompany() instanceof Contact) {
die('Owner company already exists'); // Somebody is trying to access this method even if the user already exists
} // if
$form_data = array_var($_POST, 'form');
tpl_assign('form_data', $form_data);
if(array_var($form_data, 'submited') == 'submited') {
try {
$admin_password = trim(array_var($form_data, 'admin_password'));
$admin_password_a = trim(array_var($form_data, 'admin_password_a'));
if(trim($admin_password) == '') {
throw new Error(lang('password value required'));
} // if
if($admin_password <> $admin_password_a) {
throw new Error(lang('passwords dont match'));
} // if
DB::beginWork();
Contacts::delete(); // clear users table
// Create a company
$company = new Contact();
$company->setFirstName(array_var($form_data, 'company_name'));
$company->setObjectName();
$company->setIsCompany(true);
$company->save();
// Init default colors
set_config_option('brand_colors_head_back', "000000");
set_config_option('brand_colors_tabs_back', "14780e");
set_config_option('brand_colors_head_font', "ffffff");
set_config_option('brand_colors_tabs_font', "ffffff");
// Create the administrator user
$administrator = new Contact();
$pergroup = PermissionGroups::findOne(array('conditions'=>"`name`='Super Administrator'"));
$administrator->setUserType($pergroup->getId());
$administrator->setCompanyId($company->getId());
$administrator->setUsername(array_var($form_data, 'admin_username'));
$administrator->setPassword($admin_password);
$administrator->setFirstname(array_var($form_data, 'admin_username'));
$administrator->setObjectName();
$administrator->save();
$user_password = new ContactPassword();
$user_password->setContactId($administrator->getId());
$user_password->password_temp = $admin_password;
$user_password->setPasswordDate(DateTimeValueLib::now());
$user_password->setPassword(cp_encrypt($admin_password, $user_password->getPasswordDate()->getTimestamp()));
$user_password->save();
//Add email after save because is needed.
$administrator->addEmail(array_var($form_data, 'admin_email'), 'personal', true);
//permissions
$permission_group = new PermissionGroup();
$permission_group->setName('Account Owner');
$permission_group->setContactId($administrator->getId());
$permission_group->setIsContext(false);
$permission_group->setType("permission_groups");
$permission_group->save();
$administrator->setPermissionGroupId($permission_group->getId());
$administrator->save();
$company->setCreatedById($administrator->getId());
$company->setUpdatedById($administrator->getId());
$company->save();
$contact_pg = new ContactPermissionGroup();
$contact_pg->setContactId($administrator->getId());
$contact_pg->setPermissionGroupId($permission_group->getId());
$contact_pg->save();
// tab panel permissions
$panels = TabPanels::getEnabled();
foreach ($panels as $panel) {
$tpp = new TabPanelPermission();
$tpp->setPermissionGroupId($administrator->getPermissionGroupId());
$tpp->setTabPanelId($panel->getId());
$tpp->save();
}
// dimension permissions
$dimensions = Dimensions::findAll();
foreach ($dimensions as $dimension) {
if ($dimension->getDefinesPermissions()) {
$cdp = ContactDimensionPermissions::findOne(array("conditions" => "`permission_group_id` = ".$administrator->getPermissionGroupId()." AND `dimension_id` = ".$dimension->getId()));
if (!$cdp instanceof ContactDimensionPermission) {
$cdp = new ContactDimensionPermission();
$cdp->setPermissionGroupId($administrator->getPermissionGroupId());
$cdp->setContactDimensionId($dimension->getId());
}
$cdp->setPermissionType('allow all');
$cdp->save();
// contact member permisssion entries
$members = $dimension->getAllMembers();
foreach ($members as $member) {
$ots = DimensionObjectTypeContents::getContentObjectTypeIds($dimension->getId(), $member->getObjectTypeId());
$ots[]=$member->getObjectId();
foreach ($ots as $ot) {
$cmp = ContactMemberPermissions::findOne();
if (!$cmp instanceof ContactMemberPermission) {
$cmp = new ContactMemberPermission(array("conditions" => "`permission_group_id` = ".$administrator->getPermissionGroupId()." AND `member_id` = ".$member->getId()." AND `object_type_id` = $ot"));
$cmp->setPermissionGroupId($administrator->getPermissionGroupId());
$cmp->setMemberId($member->getId());
$cmp->setObjectTypeId($ot);
}
$cmp->setCanWrite(1);
$cmp->setCanDelete(1);
$cmp->save();
}
}
}
}
// system permissions
$sp = new SystemPermission();
$sp->setPermissionGroupId($administrator->getPermissionGroupId());
$sp->setAllPermissions(true);
$sp->save();
Hook::fire('after_user_add', $administrator, $null);
DB::commit();
$this->redirectTo('access', 'login');
} catch(Exception $e) {
tpl_assign('error', $e);
DB::rollback();
} // try
} // if
} // complete_installation
function core_dimensions_update_11_12()
{
// normaize dimension options
$dimensions = Dimensions::findAll();
foreach ($dimensions as $dimension) {
/* @var $dimension Dimension */
$options_json = $dimension->getOptions();
$options = json_decode($options_json, true);
foreach ($options as $key => $value) {
if (in_array($key, array('defaultAjax', 'quickAdd'))) {
// skip defaultAjax and quickAdd
continue;
}
$sql = "INSERT INTO " . TABLE_PREFIX . "dimension_options (`dimension_id`, `name`, `value`) \r\n\t\t\t\t\tVALUES (" . $dimension->getId() . ",'{$key}','{$value}') \r\n\t\t\t\t\tON DUPLICATE KEY UPDATE `value`='{$value}'";
DB::execute($sql);
}
}
}
function get_user_dimensions_ids(){
//All dimensions
$all_dimensions = Dimensions::findAll();
$dimensions_to_show = array();
foreach ($all_dimensions as $dim){
if (!$dim->getDefinesPermissions()){
$dimensions_to_show [$dim->getId()] = $dim->getId();
}
else{
$contact_pg_ids = ContactPermissionGroups::getPermissionGroupIdsByContactCSV(logged_user()->getId(),false);
/*if dimension does not deny everything for each contact's PG, show it*/
if (!$dim->deniesAllForContact($contact_pg_ids)){
$dimensions_to_show [$dim->getId()] = $dim->getId();
}
}
}
return $dimensions_to_show;
}
static function addObjToSharingTable($oid, $tid, $obj_mem_ids)
{
$gids = array();
$table_prefix = defined('FORCED_TABLE_PREFIX') && FORCED_TABLE_PREFIX ? FORCED_TABLE_PREFIX : TABLE_PREFIX;
//1. clear sharing table for this object
SharingTables::delete("object_id={$oid}");
//2. get dimensions of this object's members that defines permissions
$res = DB::execute("SELECT d.id as did FROM " . $table_prefix . "dimensions d INNER JOIN " . $table_prefix . "members m on m.dimension_id=d.id\r\n\t\t\t\tWHERE m.id IN ( SELECT member_id FROM " . $table_prefix . "object_members WHERE object_id = {$oid} AND is_optimization = 0 ) AND d.defines_permissions = 1");
$dids_tmp = array();
while ($row = $res->fetchRow()) {
$dids_tmp[$row['did']] = $row['did'];
}
$res->free();
$dids = array_values($dids_tmp);
$dids_tmp = null;
$sql_from = "" . $table_prefix . "contact_member_permissions cmp\r\n\t\tLEFT JOIN " . $table_prefix . "members m ON m.id = cmp.member_id\r\n\t\tLEFT JOIN " . $table_prefix . "dimensions d ON d.id = m.dimension_id";
$member_where_conditions = "";
$dim_where_conditions = "";
// if users can add objects without classifying then check for permissions with member_id=0
if (config_option('let_users_create_objects_in_root')) {
$member_where_conditions = "member_id=0 OR ";
$dim_where_conditions = " OR d.id IS NULL";
}
$sql_where = "({$member_where_conditions} member_id IN ( SELECT member_id FROM " . $table_prefix . "object_members WHERE object_id = {$oid} AND is_optimization = 0)) AND cmp.object_type_id = {$tid}";
//3. If there are dimensions that defines permissions containing any of the object members
if (count($dids)) {
// 3.1 get permission groups with permissions over the object.
$sql_fields = "permission_group_id AS group_id";
$sql = "\r\n\t\t\t\tSELECT\r\n\t\t\t\t{$sql_fields}\r\n\t\t\t\tFROM\r\n\t\t\t\t{$sql_from}\r\n\t\t\t\tWHERE\r\n\t\t\t\t{$sql_where} AND (d.id IN (" . implode(',', $dids) . ") {$dim_where_conditions})\r\n\t\t\t";
$res = DB::execute($sql);
$gids_tmp = array();
while ($row = $res->fetchRow()) {
$gids_tmp[$row['group_id']] = $row['group_id'];
}
$res->free();
// allow all permission groups
$allow_all_rows = DB::executeAll("SELECT DISTINCT permission_group_id FROM " . $table_prefix . "contact_dimension_permissions cdp\r\n\t\t\t\t\tINNER JOIN " . $table_prefix . "members m on m.dimension_id=cdp.dimension_id\r\n\t\t\t\t\tWHERE cdp.permission_type='allow all' AND cdp.dimension_id IN (" . implode(',', $dids) . ");");
if (is_array($allow_all_rows)) {
foreach ($allow_all_rows as $row) {
$gids_tmp[$row['permission_group_id']] = $row['permission_group_id'];
}
}
$gids = array_values($gids_tmp);
$gids_tmp = null;
// check for mandatory dimensions
$enabled_dimensions_sql = "";
$enabled_dimensions_ids = implode(',', config_option('enabled_dimensions'));
if ($enabled_dimensions_ids != "") {
$enabled_dimensions_sql = "AND id IN ({$enabled_dimensions_ids})";
}
$mandatory_dim_ids = Dimensions::findAll(array('id' => true, 'conditions' => "`defines_permissions`=1 {$enabled_dimensions_sql} AND `permission_query_method`='" . DIMENSION_PERMISSION_QUERY_METHOD_MANDATORY . "'"));
if (count($gids) > 0 && count($mandatory_dim_ids) > 0) {
$sql = "SELECT om.member_id, m.dimension_id FROM " . $table_prefix . "object_members om\r\n\t\t\t\t\tINNER JOIN " . $table_prefix . "members m ON m.id=om.member_id INNER JOIN " . $table_prefix . "dimensions d ON d.id=m.dimension_id\r\n\t\t\t\t\tWHERE om.object_id = {$oid} AND om.is_optimization = 0 AND d.id IN (" . implode(",", $mandatory_dim_ids) . ")";
// Object members in mandatory dimensions
$object_member_ids_res = DB::executeAll($sql);
$mandatory_dim_members = array();
if (!is_null($object_member_ids_res)) {
foreach ($object_member_ids_res as $row) {
if (!isset($mandatory_dim_members[$row['dimension_id']])) {
$mandatory_dim_members[$row['dimension_id']] = array();
}
$mandatory_dim_members[$row['dimension_id']][] = $row['member_id'];
}
$mandatory_dim_allowed_pgs = array();
// Check foreach group that it has permissions over at least one member of each mandatory dimension
foreach ($mandatory_dim_members as $mdim_id => $mmember_ids) {
$sql = "SELECT pg.id FROM " . $table_prefix . "permission_groups pg\r\n\t\t\t\t\t\t\tINNER JOIN " . $table_prefix . "contact_dimension_permissions cdp ON cdp.permission_group_id=pg.id\r\n\t\t\t\t\t\t\tINNER JOIN " . $table_prefix . "contact_member_permissions cmp ON cmp.permission_group_id=pg.id\r\n\t\t\t\t\t\t\tWHERE cdp.dimension_id = '{$mdim_id}' AND (\r\n\t\t\t\t\t\t\tcdp.permission_type='allow all' OR cdp.permission_type='check' AND cmp.permission_group_id IN (" . implode(',', $gids) . ")\r\n\t\t\t\t\t\t\tAND cmp.member_id IN (" . implode(',', $mmember_ids) . ")\r\n\t\t\t\t\t\t)";
$permission_groups_res = DB::executeAll($sql);
$mandatory_dim_allowed_pgs[$mdim_id] = array();
if (!is_null($permission_groups_res)) {
foreach ($permission_groups_res as $row) {
if (!in_array($row['id'], $mandatory_dim_allowed_pgs[$mdim_id])) {
$mandatory_dim_allowed_pgs[$mdim_id][] = $row['id'];
}
}
}
}
if (isset($mandatory_dim_allowed_pgs) && count($mandatory_dim_allowed_pgs) > 0) {
$original_mandatory_dim_allowed_pgs = $mandatory_dim_allowed_pgs;
$allowed_gids = array_pop($mandatory_dim_allowed_pgs);
foreach ($mandatory_dim_allowed_pgs as $pg_array) {
$allowed_gids = array_intersect($allowed_gids, $pg_array);
}
// If an user has permissions in one dim using a group and in other dim using his personal permissions then add to sharing table its personal permission group
$pg_ids = array_unique(array_flat($original_mandatory_dim_allowed_pgs));
if (count($pg_ids) == 0) {
$pg_ids[0] = 0;
}
$contact_pgs = array();
$contact_pg_rows = DB::executeAll("SELECT * FROM " . TABLE_PREFIX . "contact_permission_groups WHERE permission_group_id IN (" . implode(',', $pg_ids) . ") ORDER BY permission_group_id");
if (is_array($contact_pg_rows)) {
foreach ($contact_pg_rows as $cpgr) {
if (!isset($contact_pgs[$cpgr['contact_id']])) {
$contact_pgs[$cpgr['contact_id']] = array();
}
$contact_pgs[$cpgr['contact_id']][] = $cpgr['permission_group_id'];
}
}
// each user must have at least one pg for every dimension
foreach ($contact_pgs as $contact_id => $permission_groups) {
$has_one = array_flip(array_keys($original_mandatory_dim_allowed_pgs));
foreach ($has_one as $k => &$v) {
$v = false;
}
foreach ($permission_groups as $pg_id) {
foreach ($original_mandatory_dim_allowed_pgs as $dim_id => $allowedpgs) {
if (in_array($pg_id, $allowedpgs)) {
$has_one[$dim_id] = true;
break;
}
}
}
// all dims must be true in this array to allow permissions
$has_permission = !in_array(false, $has_one);
if ($has_permission) {
$contact_row = DB::executeOne("SELECT permission_group_id FROM " . TABLE_PREFIX . "contacts where object_id = {$contact_id}");
if (is_array($contact_row) && $contact_row['permission_group_id'] > 0) {
$allowed_gids[] = $contact_row['permission_group_id'];
}
}
}
$gids = array_unique($allowed_gids, SORT_NUMERIC);
} else {
$gids = array();
}
}
}
} else {
if ($obj_mem_ids) {
// 3.2 No memeber dimensions defines permissions.
// No esta en ninguna dimension que defina permisos, El objecto esta en algun lado
// => En todas las dimensiones en la que está no definen permisos => Busco todos los grupos
$gids = PermissionGroups::instance()->findAll(array('id' => true, 'conditions' => "type != 'roles'"));
} else {
// if this object is an email and it is unclassified => add to sharing table the permission groups of the users that have permissions in the email's account
if (Plugins::instance()->isActivePlugin('mail')) {
$mail_ot = ObjectTypes::instance()->findByName('mail');
if ($mail_ot instanceof ObjectType && $tid == $mail_ot->getId()) {
$gids = array_flat(DB::executeAll("\r\n\t\t\t\t\t\t\tSELECT cpg.permission_group_id\r\n\t\t\t\t\t\t\tFROM " . TABLE_PREFIX . "contact_permission_groups cpg\r\n\t\t\t\t\t\t\tINNER JOIN " . TABLE_PREFIX . "contacts c ON c.permission_group_id=cpg.permission_group_id\r\n\t\t\t\t\t\t\tWHERE cpg.contact_id IN (\r\n\t\t\t\t\t\t\t SELECT mac.contact_id FROM " . TABLE_PREFIX . "mail_account_contacts mac WHERE mac.account_id = (SELECT mc.account_id FROM " . TABLE_PREFIX . "mail_contents mc WHERE mc.object_id={$oid})\r\n\t\t\t\t\t\t\t);\r\n\t\t\t\t\t\t"));
}
}
}
}
if (count($gids)) {
$stManager = SharingTables::instance();
$stManager->populateGroups($gids, $oid);
$gids = null;
}
}
<div class="clear"></div>
</div>
<?php
//}
?>
<?php
if (!$renderContext) {
?>
<div id="<?php
echo $genid;
?>
add_contact_select_context_div" class="dataBlock"><?php
$skipped_dimensions = array();
$dims_with_perm = Dimensions::findAll(array('conditions' => 'defines_permissions=1'));
foreach ($dims_with_perm as $dim_with_perm) {
$skipped_dimensions[] = $dim_with_perm->getId();
}
$listeners = array('on_selection_change' => '');
$contact_obj = isset($object) && $object instanceof Contact ? $object : $contact;
if ($contact->isNew()) {
render_member_selectors($contact_obj->manager()->getObjectTypeId(), $genid, null, array('select_current_context' => true, 'listeners' => $listeners, 'hidden_field_name' => 'no_perm_members'), $skipped_dimensions, null, false);
} else {
render_member_selectors($contact_obj->manager()->getObjectTypeId(), $genid, $contact_obj->getMemberIds(), array('listeners' => $listeners, 'hidden_field_name' => 'no_perm_members'), $skipped_dimensions, null, false);
}
?>
</div>
<?php
}
?>
function get_dimensions_for_restrictions()
{
if (!can_manage_dimension_members(logged_user())) {
flash_error(lang('no access permissions'));
ajx_current("empty");
return;
}
$dim_id = get_id();
$obj_type = get_id('otype');
$restricted_dim_defs = DimensionMemberRestrictionDefinitions::findAll(array("conditions" => array("`dimension_id` = ? AND `object_type_id` = ?", $dim_id, $obj_type)));
$restricted_ids_csv = "";
$orderable_dimensions_otypes = array();
foreach ($restricted_dim_defs as $def) {
$restricted_ids_csv .= ($restricted_ids_csv == "" ? "" : ",") . $def->getRestrictedDimensionId();
if ($def->getIsOrderable()) {
$orderable_dimensions_otypes[] = $def->getRestrictedDimensionId() . "_" . $def->getRestrictedObjectTypeId();
}
}
if ($restricted_ids_csv == "") {
$restricted_ids_csv = "0";
}
$dimensions = Dimensions::findAll(array("conditions" => array("`id` <> ? AND `id` IN ({$restricted_ids_csv})", $dim_id)));
$childs_info = array();
$members = array();
foreach ($dimensions as $dim) {
$root_members = Members::findAll(array('conditions' => array('`dimension_id`=? AND `parent_member_id`=0', $dim->getId()), 'order' => '`name` ASC'));
foreach ($root_members as $mem) {
$members[$dim->getId()][] = $mem;
$members[$dim->getId()] = array_merge($members[$dim->getId()], $mem->getAllChildrenSorted());
}
//generate child array info
foreach ($members[$dim->getId()] as $pmember) {
$childs_info[] = array("p" => $pmember->getID(), "ch" => $pmember->getAllChildrenIds(), "d" => $pmember->getDimensionId());
}
}
ajx_extra_data(array('childs' => $childs_info));
$orderable_members = array();
foreach ($members as $d => $dim_members) {
foreach ($dim_members as $mem) {
if (in_array($d . "_" . $mem->getObjectTypeId(), $orderable_dimensions_otypes)) {
$orderable_members[] = $mem->getId();
}
}
}
$member_id = get_id('mem_id');
if ($member_id > 0) {
// actual restrictions
$restrictions_info = array();
$restrictions = MemberRestrictions::findAll(array("conditions" => array("`member_id` = ?", $member_id)));
foreach ($restrictions as $rest) {
$restrictions_info[$rest->getRestrictedMemberId()] = $rest->getOrder();
}
tpl_assign('restrictions', $restrictions_info);
$actual_order_info = array();
$actual_order = array_keys($restrictions_info);
foreach ($actual_order as $mem_id) {
$break = false;
foreach ($members as $d => $dim_members) {
foreach ($dim_members as $member) {
if ($member->getId() == $mem_id) {
$actual_order_info[] = array('dim' => $d, 'mem' => $mem_id, 'parent' => $member->getParentMemberId());
$break = true;
break;
}
}
if ($break) {
break;
}
}
}
ajx_extra_data(array('actual_order' => $actual_order_info));
}
tpl_assign('genid', array_var($_GET, 'genid'));
tpl_assign('members', $members);
tpl_assign('dimensions', $dimensions);
tpl_assign('orderable_dimensions_otypes', $orderable_dimensions_otypes);
ajx_extra_data(array('ord_members' => $orderable_members));
$this->setTemplate('dim_restrictions');
}
/**
* Add/edit Dimension Members
*
* @access public
* @param void
* @return null
*/
function edit_members() {
if(!can_manage_dimension_members(logged_user())) {
flash_error(lang('no access permissions'));
ajx_current("empty");
return;
} // if
$dimensions = Dimensions::findAll(array('conditions' => '`is_manageable` = 1'));
$members = array();
$logged_user_pgs = implode(',', logged_user()->getPermissionGroupIds());
foreach($dimensions as $dim) {
$dimensions = Dimensions::findAll(array('conditions' => '`is_manageable` = 1'));
$members = array();
foreach($dimensions as $dim) {
//if ($dim->deniesAllForContact($logged_user_pgs)) continue;
$allows_all = $dim->hasAllowAllForContact($logged_user_pgs);
$root_members = Members::findAll(array('conditions' => array('`dimension_id`=? AND `parent_member_id`=0', $dim->getId()), 'order' => '`name` ASC'));
foreach ($root_members as $mem) {
if (!$allows_all) {
if (!$mem->canBeReadByContact($logged_user_pgs, logged_user())) continue;
}
$members[$dim->getId()][] = $mem;
$members[$dim->getId()] = array_merge($members[$dim->getId()], $mem->getAllChildrenSorted());
}
}
}
tpl_assign('members', $members);
tpl_assign('dimensions', $dimensions);
}
