public function indexAction() { $projectId = (int) $this->getRequest()->getParam('projectId', 0); $range = $this->getRequest()->getHeader('range'); sscanf($range, 'items=%d-%d', $start, $end); $count = $end - $start + 1; $sort = $this->getRequest()->getParam('sort', null); $recursive = $this->getRequest()->getParam('recursive', 'false'); $recursive = $recursive === 'true'; $model = $this->newModelObject(); $moduleId = Phprojekt_Module::getId($this->getRequest()->getModuleName()); $isGlobal = Phprojekt_Module::saveTypeIsGlobal($moduleId); if (empty($projectId) && !$isGlobal) { throw new Zend_Controller_Action_Exception('projectId not given for non-global module', 422); } else { if (!empty($projectId) && $isGlobal) { throw new Zend_Controller_Action_Exception('projectId given for global module', 422); } } $recursive = $isGlobal ? false : $recursive; $records = array(); $recordCount = 0; if ($recursive) { $tree = new Phprojekt_Tree_Node_Database(new Project_Models_Project(), $projectId); $tree->setup(); $where = $this->getFilterWhere(); $records = $tree->getRecordsFor($model, $count, $start, $where, $sort); $recordCount = $tree->getRecordsCount($model, $where); } else { if (!empty($projectId) && $model->hasField('projectId')) { $where = Phprojekt::getInstance()->getDb()->quoteInto('project_id = ?', (int) $projectId); } else { $where = null; } $where = $this->getFilterWhere($where); $records = $model->fetchAll($where, $sort, $count, $start); $recordCount = $model->count($where); } $end = min($end, $recordCount); $this->getResponse()->setHeader('Content-Range', "items {$start}-{$end}/{$recordCount}"); Phprojekt_CompressedSender::send(Zend_Json::encode(Phprojekt_Model_Converter::convertModels($records))); }
/** * Help to save a model by setting the models properties. * Validation is based on the ModelInformation implementation. * * @param Phprojekt_Model_Interface $model The model * @param array $params The parameters used to feed the model. * * @throws Exception If validation of parameters fails. * * @return boolean True for a sucessful save. */ protected static function _saveModel(Phprojekt_Model_Interface $model, array $params) { foreach ($params as $k => $v) { if (isset($model->{$k})) { // Don't allow to set the id on save, since it is done by the ActiveRecord if (!in_array($k, array('id'))) { $model->{$k} = $v; } } } if (empty($model->id)) { $newItem = true; } else { $newItem = false; } // Set the owner if ($newItem && isset($model->ownerId)) { $model->ownerId = Phprojekt_Auth::getUserId(); } // Parent Project if (isset($model->projectId)) { $projectId = $model->projectId; } else { $projectId = 0; } // Checks $moduleName = Phprojekt_Loader::getModuleFromObject($model); $moduleId = Phprojekt_Module::getId($moduleName); if (!$model->recordValidate()) { $errors = $model->getError(); $error = array_pop($errors); throw new Phprojekt_PublishedException($error['label'] . ': ' . $error['message']); } else { if (!self::_checkModule($moduleId, $projectId)) { throw new Phprojekt_PublishedException('The parent project do not have enabled this module'); } else { if (!self::_checkItemRights($model, $moduleName)) { throw new Phprojekt_PublishedException('You do not have access to do this action'); } else { // Set the projectId to 1 for global modules if (isset($model->projectId) && Phprojekt_Module::saveTypeIsGlobal($moduleId)) { $model->projectId = 1; } $model->save(); // Save access only if the user have "admin" right $itemRights = Phprojekt_Loader::getLibraryClass('Phprojekt_Item_Rights'); $check = $itemRights->getRights($moduleId, $model->id); if ($check['currentUser']['admin']) { if ($moduleName == 'Core') { $rights = Default_Helpers_Right::getModuleRights($params); } else { $rights = Default_Helpers_Right::getItemRights($params, $moduleId, $newItem); } if (count($rights) > 0) { $model->saveRights($rights); } } return $model; } } } }
/** * Help to save a model by setting the models properties. * Validation is based on the ModelInformation implementation. * * @param Phprojekt_Model_Interface $model The model * @param array $params The parameters used to feed the model. * * @throws Exception If validation of parameters fails. * * @return boolean True for a sucessful save. */ protected static function _saveModel(Phprojekt_Model_Interface $model, array $params) { $newItem = empty($params['id']); $model = self::parameterToModel($model, $params, $newItem); $projectId = $model->hasField('projectId') ? $model->projectId : 0; $userId = Phprojekt_Auth_Proxy::getEffectiveUserId(); $moduleName = Phprojekt_Loader::getModuleFromObject($model); $moduleId = Phprojekt_Module::getId($moduleName); if (!$model->recordValidate()) { $errors = $model->getError(); $error = array_pop($errors); throw new Zend_Controller_Action_Exception($error['label'] . ': ' . $error['message'], 400); } if (!self::_checkModule($moduleId, $projectId)) { throw new Zend_Controller_Action_Exception('The parent project do not have enabled this module', 400); } $rights = Default_Helpers_Right::getRights($params); if ($model instanceof Phprojekt_Item_Abstract) { if ($newItem && !Phprojekt_Module::saveTypeIsGlobal($moduleId)) { $project = new Project_Models_Project(); $project->find($projectId); if (!$project->hasRight($userId, Phprojekt_Acl::CREATE)) { throw new Zend_Controller_Action_Exception('You do not have the necessary create right', 403); } $rights[$userId] = Phprojekt_Acl::ALL; } else { if (!$model->hasRight($userId, Phprojekt_Acl::WRITE)) { throw new Zend_Controller_Action_Exception('You do not have the necessary write right', 403); } } // Set the projectId to 1 for global modules // @TODO Remove the Timecard limitation if ($model->hasField('projectId') && Phprojekt_Module::saveTypeIsGlobal($moduleId) && Phprojekt_Module::getModuleName($moduleId) != 'Timecard') { $model->projectId = 1; } $model->save(); // Save access only if the user have "admin" right if ($newItem || $model->hasRight(Phprojekt_Auth_Proxy::getEffectiveUserId(), Phprojekt_Acl::ADMIN)) { if (!Phprojekt_Auth_Proxy::isAdminUser() && count($rights) <= 0) { throw new Zend_Controller_Action_Exception('At least one person must have access to this item', 400); } $model->saveRights($rights); } } else { $model->save(); $model->saveRights($rights); } return $model; }
/** * Parse the rights for all the users and return it into a bitmask per user. * * @param array $params The post values. * @param string $type Type of right, for users or modules. * @param string $moduleId The module ID. * @param boolean $newItem If is a new item or not. * @param integer $ownerId The owner ID or 0 for the current user. * * @return array Array with user IDs per access. */ private static function getRights($params, $type, $moduleId = 0, $newItem = false, $ownerId = 0) { $right = array(); $rights = array(); if (isset($params['dataAccess'])) { $ids = array_keys($params['dataAccess']); foreach ($ids as $accessId) { $right = array(); $right['none'] = self::_checked($params, 'checkNoneAccess', $accessId); $right['read'] = self::_checked($params, 'checkReadAccess', $accessId); $right['write'] = self::_checked($params, 'checkWriteAccess', $accessId); $right['access'] = self::_checked($params, 'checkAccessAccess', $accessId); $right['create'] = self::_checked($params, 'checkCreateAccess', $accessId); $right['copy'] = self::_checked($params, 'checkCopyAccess', $accessId); $right['delete'] = self::_checked($params, 'checkDeleteAccess', $accessId); $right['download'] = self::_checked($params, 'checkDownloadAccess', $accessId); $right['admin'] = self::_checked($params, 'checkAdminAccess', $accessId); $rights[$accessId] = Phprojekt_Acl::convertArrayToBitmask($right); } } if ($type == self::ITEM_TYPE) { // Only set the full access if is a new item if ($newItem) { if ($ownerId == 0) { $ownerId = Phprojekt_Auth::getUserId(); } $rights[$ownerId] = Phprojekt_Acl::ALL; } // Return access only for allowed users $activeRecord = Phprojekt_Loader::getLibraryClass('Phprojekt_User_User'); $result = $activeRecord->getAllowedUsers(); $resultRights = array(); foreach ($result as $node) { if (isset($rights[$node['id']])) { $resultRights[$node['id']] = $rights[$node['id']]; } } if (isset($params['dataAccess'])) { if (!Phprojekt_Module::saveTypeIsGlobal($moduleId)) { // Items under a project => add admin with full access $resultRights[1] = Phprojekt_Acl::ALL; } } } else { $resultRights = $rights; } return $resultRights; }