public function testgroupHasAccess() { //test for listview $result = SecurityGroup::groupHasAccess('', '[SELECT_ID_LIST]'); $this->assertEquals(true, $result); //test with invalid values $result = SecurityGroup::groupHasAccess('', ''); $this->assertEquals(false, $result); //test with valid values $result = SecurityGroup::groupHasAccess('Users', '1'); $this->assertEquals(false, $result); }
function listviewACLHelper() { $array_assign = parent::listviewACLHelper(); $is_owner = false; $in_group = false; //SECURITY GROUPS if (!empty($this->parent_name)) { if (!empty($this->parent_name_owner)) { global $current_user; $is_owner = $current_user->id == $this->parent_name_owner; } else { if (!empty($this->parent_type) && !empty($this->parent_id)) { global $current_user; $parent_bean = BeanFactory::getBean($this->parent_type, $this->parent_id); if ($parent_bean !== false) { $is_owner = $current_user->id == $parent_bean->assigned_user_id; } } } require_once "modules/SecurityGroups/SecurityGroup.php"; $in_group = SecurityGroup::groupHasAccess($this->parent_type, $this->parent_id, 'view'); /* END - SECURITY GROUPS */ } /* BEGIN - SECURITY GROUPS */ /** if(!ACLController::moduleSupportsACL($this->parent_type) || ACLController::checkAccess($this->parent_type, 'view', $is_owner)){ */ if (!ACLController::moduleSupportsACL($this->parent_type) || ACLController::checkAccess($this->parent_type, 'view', $is_owner, 'module', $in_group)) { /* END - SECURITY GROUPS */ $array_assign['PARENT'] = 'a'; } else { $array_assign['PARENT'] = 'span'; } $is_owner = false; $in_group = false; //SECURITY GROUPS if (!empty($this->contact_name)) { if (!empty($this->contact_name_owner)) { global $current_user; $is_owner = $current_user->id == $this->contact_name_owner; } else { global $current_user; $parent_bean = BeanFactory::getBean('Contacts', $this->contact_id); if ($parent_bean !== false) { $is_owner = $current_user->id == $parent_bean->assigned_user_id; } } require_once "modules/SecurityGroups/SecurityGroup.php"; $in_group = SecurityGroup::groupHasAccess('Contacts', $this->contact_id, 'view'); /* END - SECURITY GROUPS */ } /* BEGIN - SECURITY GROUPS */ /** if( ACLController::checkAccess('Contacts', 'view', $is_owner)){ */ if (ACLController::checkAccess('Contacts', 'view', $is_owner, 'module', $in_group)) { /* END - SECURITY GROUPS */ $array_assign['CONTACT'] = 'a'; } else { $array_assign['CONTACT'] = 'span'; } return $array_assign; }
/** * @return void * @param unknown $data * @param unknown $xTemplateSection * @param unknown $html_varName * @desc INTERNAL FUNCTION handles the rows */ function process_dynamic_listview_rows($data, $parent_data, $xtemplateSection, $html_varName, $subpanel_def) { global $subpanel_item_count; global $odd_bg; global $even_bg; global $hilite_bg; global $click_bg; $this->xTemplate->assign("BG_HILITE", $hilite_bg); $this->xTemplate->assign('CHECKALL', SugarThemeRegistry::current()->getImage('blank', '', 1, 1, ".gif", '')); //$this->xTemplate->assign("BG_CLICK", $click_bg); $subpanel_item_count = 0; $oddRow = true; $count = 0; reset($data); //GETTING OFFSET $offset = $this->getOffset($html_varName); //$totaltime = 0; $processed_ids = array(); $fill_additional_fields = array(); //Either retrieve the is_fill_in_additional_fields property from the lone //subpanel or visit each subpanel's subpanels to retrieve the is_fill_in_addition_fields //property $subpanel_list = array(); if ($subpanel_def->isCollection()) { $subpanel_list = $subpanel_def->sub_subpanels; } else { $subpanel_list[] = $subpanel_def; } foreach ($subpanel_list as $this_subpanel) { if ($this_subpanel->is_fill_in_additional_fields()) { $fill_additional_fields[] = $this_subpanel->bean_name; $fill_additional_fields[$this_subpanel->bean_name] = true; } } if (empty($data)) { $this->xTemplate->assign("ROW_COLOR", 'oddListRow'); $thepanel = $subpanel_def; if ($subpanel_def->isCollection()) { $thepanel = $subpanel_def->get_header_panel_def(); } $this->xTemplate->assign("COL_COUNT", count($thepanel->get_list_fields())); $this->xTemplate->parse($xtemplateSection . ".nodata"); } while (list($aVal, $aItem) = each($data)) { $subpanel_item_count++; $aItem->check_date_relationships_load(); // TODO: expensive and needs to be removed and done better elsewhere if (!empty($fill_additional_fields[$aItem->object_name]) || $aItem->object_name == 'Case' && !empty($fill_additional_fields['aCase'])) { $aItem->fill_in_additional_list_fields(); //$aItem->fill_in_additional_detail_fields(); } //rrs bug: 25343 $aItem->call_custom_logic("process_record"); if (isset($parent_data[$aItem->id])) { $aItem->parent_name = $parent_data[$aItem->id]['parent_name']; if (!empty($parent_data[$aItem->id]['parent_name_owner'])) { $aItem->parent_name_owner = $parent_data[$aItem->id]['parent_name_owner']; $aItem->parent_name_mod = $parent_data[$aItem->id]['parent_name_mod']; } } $fields = $aItem->get_list_view_data(); if (isset($processed_ids[$aItem->id])) { continue; } else { $processed_ids[$aItem->id] = 1; } //ADD OFFSET TO ARRAY $fields['OFFSET'] = $offset + $count + 1; if ($this->shouldProcess) { if ($aItem->ACLAccess('EditView')) { $this->xTemplate->assign('PREROW', "<input type='checkbox' class='checkbox' name='mass[]' value='" . $fields['ID'] . "' />"); } else { $this->xTemplate->assign('PREROW', ''); } if ($aItem->ACLAccess('DetailView')) { $this->xTemplate->assign('TAG_NAME', 'a'); } else { $this->xTemplate->assign('TAG_NAME', 'span'); } $this->xTemplate->assign('CHECKALL', "<input type='checkbox' title='" . $GLOBALS['app_strings']['LBL_SELECT_ALL_TITLE'] . "' class='checkbox' name='massall' id='massall' value='' onclick='sListView.check_all(document.MassUpdate, \"mass[]\", this.checked);' />"); } if ($oddRow) { $ROW_COLOR = 'oddListRow'; $BG_COLOR = $odd_bg; } else { $ROW_COLOR = 'evenListRow'; $BG_COLOR = $even_bg; } $oddRow = !$oddRow; $button_contents = array(); $this->xTemplate->assign("ROW_COLOR", $ROW_COLOR); $this->xTemplate->assign("BG_COLOR", $BG_COLOR); $layout_manager = $this->getLayoutManager(); $layout_manager->setAttribute('context', 'List'); $layout_manager->setAttribute('image_path', $this->local_image_path); $layout_manager->setAttribute('module_name', $subpanel_def->_instance_properties['module']); if (!empty($this->child_focus)) { $layout_manager->setAttribute('related_module_name', $this->child_focus->module_dir); } //AG$subpanel_data = $this->list_field_defs; //$bla = array_pop($subpanel_data); //select which sub-panel to display here, the decision will be made based on the type of //the sub-panel and panel in the bean being processed. if ($subpanel_def->isCollection()) { $thepanel = $subpanel_def->sub_subpanels[$aItem->panel_name]; } else { $thepanel = $subpanel_def; } /* BEGIN - SECURITY GROUPS */ //This check is costly doing it field by field in the below foreach //instead pull up here and do once per record.... $aclaccess_is_owner = false; $aclaccess_in_group = false; global $current_user; if (is_admin($current_user)) { $aclaccess_is_owner = true; } else { $aclaccess_is_owner = $aItem->isOwner($current_user->id); } require_once "modules/SecurityGroups/SecurityGroup.php"; $aclaccess_in_group = SecurityGroup::groupHasAccess($aItem->module_dir, $aItem->id); /* END - SECURITY GROUPS */ //get data source name $linked_field = $thepanel->get_data_source_name(); $linked_field_set = $thepanel->get_data_source_name(true); static $count; if (!isset($count)) { $count = 0; } /* BEGIN - SECURITY GROUPS */ /** $field_acl['DetailView'] = $aItem->ACLAccess('DetailView'); $field_acl['ListView'] = $aItem->ACLAccess('ListView'); $field_acl['EditView'] = $aItem->ACLAccess('EditView'); $field_acl['Delete'] = $aItem->ACLAccess('Delete'); */ //pass is_owner, in_group...vars defined above $field_acl['DetailView'] = $aItem->ACLAccess('DetailView', $aclaccess_is_owner, $aclaccess_in_group); $field_acl['ListView'] = $aItem->ACLAccess('ListView', $aclaccess_is_owner, $aclaccess_in_group); $field_acl['EditView'] = $aItem->ACLAccess('EditView', $aclaccess_is_owner, $aclaccess_in_group); $field_acl['Delete'] = $aItem->ACLAccess('Delete', $aclaccess_is_owner, $aclaccess_in_group); /* END - SECURITY GROUPS */ foreach ($thepanel->get_list_fields() as $field_name => $list_field) { //add linked field attribute to the array. $list_field['linked_field'] = $linked_field; $list_field['linked_field_set'] = $linked_field_set; $usage = empty($list_field['usage']) ? '' : $list_field['usage']; if ($usage == 'query_only' && !empty($list_field['force_query_only_display'])) { //if you are here you have column that is query only but needs to be displayed as blank. This is helpful //for collections such as Activities where you have a field in only one object and wish to show it in the subpanel list $count++; $widget_contents = ' '; $this->xTemplate->assign('CLASS', ""); $this->xTemplate->assign('CELL_COUNT', $count); $this->xTemplate->assign('CELL', $widget_contents); $this->xTemplate->parse($xtemplateSection . ".row.cell"); } else { if ($usage != 'query_only') { $list_field['name'] = $field_name; $module_field = $field_name . '_mod'; $owner_field = $field_name . '_owner'; if (!empty($aItem->{$module_field})) { $list_field['owner_id'] = $aItem->{$owner_field}; $list_field['owner_module'] = $aItem->{$module_field}; } else { $list_field['owner_id'] = false; $list_field['owner_module'] = false; } if (isset($list_field['alias'])) { $list_field['name'] = $list_field['alias']; } else { $list_field['name'] = $field_name; } $list_field['fields'] = $fields; $list_field['module'] = $aItem->module_dir; $list_field['start_link_wrapper'] = $this->start_link_wrapper; $list_field['end_link_wrapper'] = $this->end_link_wrapper; $list_field['subpanel_id'] = $this->subpanel_id; $list_field += $field_acl; if (isset($aItem->field_defs[strtolower($list_field['name'])])) { require_once 'include/SugarFields/SugarFieldHandler.php'; // We need to see if a sugar field exists for this field type first, // if it doesn't, toss it at the old sugarWidgets. This is for // backwards compatibility and will be removed in a future release $vardef = $aItem->field_defs[strtolower($list_field['name'])]; if (isset($vardef['type'])) { $fieldType = isset($vardef['custom_type']) ? $vardef['custom_type'] : $vardef['type']; $tmpField = SugarFieldHandler::getSugarField($fieldType, true); } else { $tmpField = NULL; } if ($tmpField != NULL) { $widget_contents = SugarFieldHandler::displaySmarty($list_field['fields'], $vardef, 'ListView', $list_field); } else { // No SugarField for this particular type // Use the old, icky, SugarWidget for now $widget_contents = $layout_manager->widgetDisplay($list_field); } if (isset($list_field['widget_class']) && $list_field['widget_class'] == 'SubPanelDetailViewLink') { // We need to call into the old SugarWidgets for the time being, so it can generate a proper link with all the various corner-cases handled // So we'll populate the field data with the pre-rendered display for the field $list_field['fields'][$field_name] = $widget_contents; if ('full_name' == $field_name) { //bug #32465 $list_field['fields'][strtoupper($field_name)] = $widget_contents; } //vardef source is non db, assign the field name to varname for processing of column. if (!empty($vardef['source']) && $vardef['source'] == 'non-db') { $list_field['varname'] = $field_name; } $widget_contents = $layout_manager->widgetDisplay($list_field); } else { if (isset($list_field['widget_class']) && $list_field['widget_class'] == 'SubPanelEmailLink') { $widget_contents = $layout_manager->widgetDisplay($list_field); } } $count++; $this->xTemplate->assign('CELL_COUNT', $count); $this->xTemplate->assign('CLASS', ""); if (empty($widget_contents)) { $widget_contents = ' '; } $this->xTemplate->assign('CELL', $widget_contents); $this->xTemplate->parse($xtemplateSection . ".row.cell"); } else { // This handles the edit and remove buttons and icon widget if (isset($list_field['widget_class']) && $list_field['widget_class'] == "SubPanelIcon") { $count++; $widget_contents = $layout_manager->widgetDisplay($list_field); $this->xTemplate->assign('CELL_COUNT', $count); $this->xTemplate->assign('CLASS', ""); if (empty($widget_contents)) { $widget_contents = ' '; } $this->xTemplate->assign('CELL', $widget_contents); $this->xTemplate->parse($xtemplateSection . ".row.cell"); } elseif (preg_match("/button/i", $list_field['name'])) { if (($list_field['name'] === 'edit_button' && $field_acl['EditView'] || $list_field['name'] === 'close_button' && $field_acl['EditView'] || $list_field['name'] === 'remove_button' && $field_acl['Delete']) && '' != ($_content = $layout_manager->widgetDisplay($list_field))) { $button_contents[] = $_content; unset($_content); } else { $button_contents[] = ''; } } else { $count++; $this->xTemplate->assign('CLASS', ""); $widget_contents = $layout_manager->widgetDisplay($list_field); $this->xTemplate->assign('CELL_COUNT', $count); if (empty($widget_contents)) { $widget_contents = ' '; } $this->xTemplate->assign('CELL', $widget_contents); $this->xTemplate->parse($xtemplateSection . ".row.cell"); } } } } } // Make sure we have at least one button before rendering a column for // the action buttons in a list view. Relevant bugs: #51647 and #51640. if (!empty($button_contents)) { $button_contents = array_filter($button_contents); if (!empty($button_contents)) { // this is for inline buttons on listviews // bug#51275: smarty widget to help provide the action menu functionality as it is currently sprinkled throughout the app with html require_once 'include/Smarty/plugins/function.sugar_action_menu.php'; $tempid = create_guid(); array_unshift($button_contents, "<div style='display: inline' id='{$tempid}'>" . array_shift($button_contents) . "</div>"); $action_button = smarty_function_sugar_action_menu(array('id' => $tempid, 'buttons' => $button_contents, 'class' => 'clickMenu subpanel records fancymenu button', 'flat' => false), $this->xTemplate); } else { $action_button = ''; } $this->xTemplate->assign('CLASS', "inlineButtons"); $this->xTemplate->assign('CELL_COUNT', ++$count); //Bug#51275 for beta3 pre_script is not required any more $this->xTemplate->assign('CELL', $action_button); $this->xTemplate->parse($xtemplateSection . ".row.cell"); } $aItem->setupCustomFields($aItem->module_dir); $aItem->custom_fields->populateAllXTPL($this->xTemplate, 'detail', $html_varName, $fields); $count++; $this->xTemplate->parse($xtemplateSection . ".row"); } $this->xTemplate->parse($xtemplateSection); }
function doSearch($index, $queryString, $start = 0, $amount = 20) { global $current_user; $cachePath = 'cache/modules/AOD_Index/QueryCache/' . md5($queryString); if (is_file($cachePath)) { $mTime = getCorrectMTime($cachePath); if ($mTime > time() - 5 * 60) { $hits = unserialize(sugar_file_get_contents($cachePath)); } } if (!isset($hits)) { $tmphits = $index->find($queryString); $hits = array(); foreach ($tmphits as $hit) { $bean = BeanFactory::getBean($hit->record_module, $hit->record_id); if (empty($bean)) { continue; } if ($bean->bean_implements('ACL') && !is_admin($current_user)) { //Annoyingly can't use the following as it always passes true for is_owner checks on list //$bean->ACLAccess('list'); $in_group = SecurityGroup::groupHasAccess($bean->module_dir, $bean->id, 'list'); $is_owner = $bean->isOwner($current_user->id); $access = ACLController::checkAccess($bean->module_dir, 'list', $is_owner, 'module', $in_group); if (!$access) { continue; } } $newHit = new stdClass(); $newHit->record_module = $hit->record_module; $newHit->record_id = $hit->record_id; $newHit->score = $hit->score; $newHit->label = getModuleLabel($bean->module_name); $newHit->name = $bean->get_summary_text(); $newHit->summary = getRecordSummary($bean); $newHit->date_entered = $bean->date_entered; $newHit->date_modified = $bean->date_modified; $hits[] = $newHit; } //Cache results so pagination is nice and snappy. cacheQuery($queryString, $hits); } $total = count($hits); $hits = array_slice($hits, $start, $amount); $res = array('total' => $total, 'hits' => $hits); return $res; }
/** * Get array of activities * @param array $activities * @param string $user_id * @param boolean $show_tasks * @param SugarDateTime $view_start_time start date * @param SugarDateTime $view_end_time end date * @param string $view view; not used for now, left for compatibility * @param boolean $show_calls * @param boolean $show_completed use to allow filtering completed events * @return array */ function get_activities($activities, $user_id, $show_tasks, $view_start_time, $view_end_time, $view, $show_calls = true, $show_completed = true) { global $current_user; global $beanList; $act_list = array(); $seen_ids = array(); $completedCalls = ''; $completedMeetings = ''; $completedTasks = ''; if (!$show_completed) { $completedCalls = " AND calls.status = 'Planned' "; $completedMeetings = " AND meetings.status = 'Planned' "; $completedTasks = " AND tasks.status != 'Completed' "; } foreach ($activities as $key => $activity) { if (ACLController::checkAccess($key, 'list', true)) { /* END - SECURITY GROUPS */ $class = $beanList[$key]; $bean = new $class(); if ($current_user->id == $user_id) { $bean->disable_row_level_security = true; } $where = self::get_occurs_until_where_clause($bean->table_name, $bean->rel_users_table, $view_start_time, $view_end_time, $activity['start'], $activity['end'], $view); if ($key == "Meeting") { $where .= $completedMeetings; } elseif ($key == "Calls") { $where .= $completedCalls; if (!$show_calls) { continue; } } elseif ($key == "Tasks") { $where .= $completedTasks; if (!$show_tasks) { continue; } } $focus_list = build_related_list_by_user_id($bean, $user_id, $where); foreach ($focus_list as $focusBean) { if (isset($seen_ids[$focusBean->id])) { continue; } /* BEGIN - SECURITY GROUPS */ //Show as busy if current user is not in a group associated to the record require_once "modules/SecurityGroups/SecurityGroup.php"; $in_group = SecurityGroup::groupHasAccess($key, $focusBean->id, 'list'); $show_as_busy = !ACLController::checkAccess($key, 'list', $current_user->id == $user_id, 'module', $in_group); $focusBean->show_as_busy = $show_as_busy; /* END - SECURITY GROUPS */ $seen_ids[$focusBean->id] = 1; $act = new CalendarActivity($focusBean); if (!empty($act)) { $act_list[] = $act; } } } } return $act_list; }
/** function ACLAccess($view,$is_owner='not_set') */ function ACLAccess($view, $is_owner = 'not_set', $in_group = 'not_set') { global $current_user; if ($current_user->isAdmin()) { return true; } $not_set = false; /** if($is_owner == 'not_set') */ if ($is_owner === 'not_set') { $not_set = true; $is_owner = $this->isOwner($current_user->id); } // DJM - OBS Customizations - May 2009 // Moved this code to convert to lowercase from below. // Added new action variable. $view = strtolower($view); $action = ''; // DJM - OBS Customizations - END CHANGE if ($in_group === 'not_set') { require_once "modules/SecurityGroups/SecurityGroup.php"; // DJM - OBS Customizations - May 2009 // Added the following switch statement to convert the view // into an action value. As per the switch below. // Added the action parameter to the groupHasAccess call. switch ($view) { case 'list': case 'index': case 'listview': $action = "list"; break; case 'edit': case 'save': case 'popupeditview': case 'editview': $action = "edit"; break; case 'view': case 'detail': case 'detailview': $action = "view"; break; case 'delete': $action = "delete"; break; case 'export': $action = "export"; break; case 'import': $action = "import"; break; default: $action = ""; break; } $in_group = SecurityGroup::groupHasAccess($this->module_dir, $this->id, $action); // DJM - OBS Customizations - END CHANGE } //if we don't implent acls return true if (!$this->bean_implements('ACL')) { return true; } $view = strtolower($view); switch ($view) { case 'list': case 'index': case 'listview': /** return ACLController::checkAccess($this->module_dir,'list', true); */ return ACLController::checkAccess($this->module_dir, 'list', true, $this->acltype, $in_group); case 'edit': case 'save': if (!$is_owner && $not_set && !empty($this->id)) { $class = get_class($this); $temp = new $class(); if (!empty($this->fetched_row) && !empty($this->fetched_row['id']) && !empty($this->fetched_row['assigned_user_id']) && !empty($this->fetched_row['created_by'])) { $temp->populateFromRow($this->fetched_row); } else { $temp->retrieve($this->id); } $is_owner = $temp->isOwner($current_user->id); } case 'popupeditview': case 'editview': /** return ACLController::checkAccess($this->module_dir,'edit', $is_owner, $this->acltype); */ return ACLController::checkAccess($this->module_dir, 'edit', $is_owner, $this->acltype, $in_group); case 'view': case 'detail': case 'detailview': /** return ACLController::checkAccess($this->module_dir,'view', $is_owner, $this->acltype); */ return ACLController::checkAccess($this->module_dir, 'view', $is_owner, $this->acltype, $in_group); case 'delete': /** return ACLController::checkAccess($this->module_dir,'delete', $is_owner, $this->acltype); */ return ACLController::checkAccess($this->module_dir, 'delete', $is_owner, $this->acltype, $in_group); case 'export': /** return ACLController::checkAccess($this->module_dir,'export', $is_owner, $this->acltype); */ return ACLController::checkAccess($this->module_dir, 'export', $is_owner, $this->acltype, $in_group); case 'import': /** return ACLController::checkAccess($this->module_dir,'import', true, $this->acltype); */ return ACLController::checkAccess($this->module_dir, 'import', true, $this->acltype, $in_group); } //if it is not one of the above views then it should be implemented on the page level return true; }
function get_list_view_data() { $data = parent::get_list_view_data(); $delete = ''; /* BEGIN - SECURITY GROUPS */ /** if (ACLController::moduleSupportsACL($data['RELATED_MODULE']) && !ACLController::checkAccess($data['RELATED_MODULE'], 'view', $data['CREATED_BY'] == $GLOBALS['current_user']->id) && !ACLController::checkAccess($data['RELATED_MODULE'], 'list', $data['CREATED_BY'] == $GLOBALS['current_user']->id)){ */ if (ACLController::moduleSupportsACL($data['RELATED_MODULE'])) { $in_group = 'not_set'; require_once "modules/SecurityGroups/SecurityGroup.php"; $in_group = SecurityGroup::groupHasAccess($data['RELATED_MODULE'], $data['RELATED_ID'], 'list'); if (!ACLController::checkAccess($data['RELATED_MODULE'], 'view', $data['CREATED_BY'] == $GLOBALS['current_user']->id, 'module', $in_group) && !ACLController::checkAccess($data['RELATED_MODULE'], 'list', $data['CREATED_BY'] == $GLOBALS['current_user']->id, 'module', $in_group)) { $data['NAME'] = ''; return $data; } } if (is_admin($GLOBALS['current_user']) || isset($data['CREATED_BY']) && $data['CREATED_BY'] == $GLOBALS['current_user']->id) { $delete = ' - <a id="sugarFeedDeleteLink' . $data['ID'] . '" href="#" onclick=\'SugarFeed.deleteFeed("' . $data['ID'] . '", "{this.id}"); return false;\'>' . $GLOBALS['app_strings']['LBL_DELETE_BUTTON_LABEL'] . '</a>'; } /* END - SECURITY GROUPS */ $data['NAME'] .= $data['DESCRIPTION']; $data['NAME'] = '<div style="padding:3px">' . html_entity_decode($data['NAME']); if (!empty($data['LINK_URL'])) { $linkClass = SugarFeed::getLinkClass($data['LINK_TYPE']); if ($linkClass !== FALSE) { $data['NAME'] .= $linkClass->getDisplay($data); } } $data['NAME'] .= '<div class="byLineBox"><span class="byLineLeft">'; $data['NAME'] .= $this->getTimeLapse($data['DATE_ENTERED']) . ' </span><div class="byLineRight"><a id="sugarFeedReplyLink' . $data['ID'] . '" href="#" onclick=\'SugarFeed.buildReplyForm("' . $data['ID'] . '", "{this.id}", this); return false;\'>' . $GLOBALS['app_strings']['LBL_EMAIL_REPLY'] . '</a>' . $delete . '</div></div>'; $data['NAME'] .= $this->fetchReplies($data); return $data; }
function get_activities($user_id, $show_tasks, $view_start_time, $view_end_time, $view) { global $current_user; $act_list = array(); $seen_ids = array(); // get all upcoming meetings, tasks due, and calls for a user /* BEGIN - SECURITY GROUPS */ /** if(ACLController::checkAccess('Meetings', 'list', $current_user->id == $user_id)) { */ if (ACLController::checkAccess('Meetings', 'list', true)) { //$current_user->id == $user_id)) { /* END - SECURITY GROUPS */ $meeting = new Meeting(); if ($current_user->id == $user_id) { $meeting->disable_row_level_security = true; } $where = CalendarActivity::get_occurs_within_where_clause($meeting->table_name, $meeting->rel_users_table, $view_start_time, $view_end_time, 'date_start', $view); $focus_meetings_list = build_related_list_by_user_id($meeting, $user_id, $where); foreach ($focus_meetings_list as $meeting) { if (isset($seen_ids[$meeting->id])) { continue; } /* BEGIN - SECURITY GROUPS */ require_once "modules/SecurityGroups/SecurityGroup.php"; $in_group = SecurityGroup::groupHasAccess('Meetings', $meeting->id, 'list'); $show_as_busy = !ACLController::checkAccess('Meetings', 'list', $current_user->id == $user_id, 'module', $in_group); $meeting->show_as_busy = $show_as_busy; /* END - SECURITY GROUPS */ $seen_ids[$meeting->id] = 1; $act = new CalendarActivity($meeting); if (!empty($act)) { $act_list[] = $act; } } } /* BEGIN - SECURITY GROUPS */ // get all upcoming meetings, tasks due, and calls for a user /** if(ACLController::checkAccess('Calls', 'list',$current_user->id == $user_id)) { */ if (ACLController::checkAccess('Calls', 'list', true)) { //$current_user->id == $user_id)) { $show_as_busy = !ACLController::checkAccess('Calls', 'list', $current_user->id == $user_id); /* END - SECURITY GROUPS */ $call = new Call(); if ($current_user->id == $user_id) { $call->disable_row_level_security = true; } $where = CalendarActivity::get_occurs_within_where_clause($call->table_name, $call->rel_users_table, $view_start_time, $view_end_time, 'date_start', $view); $focus_calls_list = build_related_list_by_user_id($call, $user_id, $where); foreach ($focus_calls_list as $call) { if (isset($seen_ids[$call->id])) { continue; } /* BEGIN - SECURITY GROUPS */ require_once "modules/SecurityGroups/SecurityGroup.php"; $in_group = SecurityGroup::groupHasAccess('Calls', $call->id, 'list'); $show_as_busy = !ACLController::checkAccess('Calls', 'list', $current_user->id == $user_id, 'module', $in_group); $call->show_as_busy = $show_as_busy; /* END - SECURITY GROUPS */ $seen_ids[$call->id] = 1; $act = new CalendarActivity($call); if (!empty($act)) { $act_list[] = $act; } } } if ($show_tasks) { /* BEGIN - SECURITY GROUPS */ // get all upcoming meetings, tasks due, and calls for a user /** if(ACLController::checkAccess('Tasks', 'list',$current_user->id == $user_id)) { */ if (ACLController::checkAccess('Tasks', 'list', true)) { //$current_user->id == $user_id)) { $show_as_busy = !ACLController::checkAccess('Tasks', 'list', $current_user->id == $user_id); /* END - SECURITY GROUPS */ $task = new Task(); $where = CalendarActivity::get_occurs_within_where_clause('tasks', '', $view_start_time, $view_end_time, 'date_due', $view); $where .= " AND tasks.assigned_user_id='{$user_id}' "; $focus_tasks_list = $task->get_full_list("", $where, true); if (!isset($focus_tasks_list)) { $focus_tasks_list = array(); } foreach ($focus_tasks_list as $task) { /* BEGIN - SECURITY GROUPS */ require_once "modules/SecurityGroups/SecurityGroup.php"; $in_group = SecurityGroup::groupHasAccess('Tasks', $task->id, 'list'); $show_as_busy = !ACLController::checkAccess('Tasks', 'list', $current_user->id == $user_id, 'module', $in_group); $task->show_as_busy = $show_as_busy; /* END - SECURITY GROUPS */ $act = new CalendarActivity($task); if (!empty($act)) { $act_list[] = $act; } } } } usort($act_list, 'sort_func_by_act_date'); return $act_list; }
function listviewACLHelper(){ $array_assign = parent::listviewACLHelper(); $is_owner = false; $in_group = false; //SECURITY GROUPS if(!empty($this->account_name)){ if(!empty($this->account_name_owner)){ global $current_user; $is_owner = $current_user->id == $this->account_name_owner; } /* BEGIN - SECURITY GROUPS */ else { global $current_user; $parent_bean = BeanFactory::getBean('Accounts',$this->account_id); if($parent_bean !== false) { $is_owner = $current_user->id == $parent_bean->assigned_user_id; } } require_once("modules/SecurityGroups/SecurityGroup.php"); $in_group = SecurityGroup::groupHasAccess('Accounts', $this->account_id, 'view'); /* END - SECURITY GROUPS */ } /* BEGIN - SECURITY GROUPS */ /** if( ACLController::checkAccess('Accounts', 'view', $is_owner)){ */ if( ACLController::checkAccess('Accounts', 'view', $is_owner, 'module', $in_group)){ /* END - SECURITY GROUPS */ $array_assign['ACCOUNT'] = 'a'; }else{ $array_assign['ACCOUNT'] = 'span'; } $is_owner = false; $in_group = false; //SECURITY GROUPS if(!empty($this->opportunity_name)){ if(!empty($this->opportunity_name_owner)){ global $current_user; $is_owner = $current_user->id == $this->opportunity_name_owner; } /* BEGIN - SECURITY GROUPS */ else { global $current_user; $parent_bean = BeanFactory::getBean('Opportunities',$this->opportunity_id); if($parent_bean !== false) { $is_owner = $current_user->id == $parent_bean->assigned_user_id; } } require_once("modules/SecurityGroups/SecurityGroup.php"); $in_group = SecurityGroup::groupHasAccess('Opportunities', $this->opportunity_id, 'view'); /* END - SECURITY GROUPS */ } /* BEGIN - SECURITY GROUPS */ /** if( ACLController::checkAccess('Opportunities', 'view', $is_owner)){ */ if( ACLController::checkAccess('Opportunities', 'view', $is_owner, 'module', $in_group)){ /* END - SECURITY GROUPS */ $array_assign['OPPORTUNITY'] = 'a'; }else{ $array_assign['OPPORTUNITY'] = 'span'; } $is_owner = false; $in_group = false; //SECURITY GROUPS if(!empty($this->contact_name)){ if(!empty($this->contact_name_owner)){ global $current_user; $is_owner = $current_user->id == $this->contact_name_owner; } /* BEGIN - SECURITY GROUPS */ //contact_name_owner not being set for whatever reason so we need to figure this out else { global $current_user; $parent_bean = BeanFactory::getBean('Contacts',$this->contact_id); if($parent_bean !== false) { $is_owner = $current_user->id == $parent_bean->assigned_user_id; } } require_once("modules/SecurityGroups/SecurityGroup.php"); $in_group = SecurityGroup::groupHasAccess('Contacts', $this->contact_id, 'view'); /* END - SECURITY GROUPS */ } /* BEGIN - SECURITY GROUPS */ /** if( ACLController::checkAccess('Contacts', 'view', $is_owner)){ */ if( ACLController::checkAccess('Contacts', 'view', $is_owner, 'module', $in_group)){ /* END - SECURITY GROUPS */ $array_assign['CONTACT'] = 'a'; }else{ $array_assign['CONTACT'] = 'span'; } return $array_assign; }
function listviewACLHelper(){ $array_assign = parent::listviewACLHelper(); $is_owner = false; $in_group = false; //SECURITY GROUPS if(!empty($this->parent_name)){ if(!empty($this->parent_name_owner)){ global $current_user; $is_owner = $current_user->id == $this->parent_name_owner; } /* BEGIN - SECURITY GROUPS */ //parent_name_owner not being set for whatever reason so we need to figure this out else if(!empty($this->parent_type) && !empty($this->parent_id)) { global $current_user; $parent_bean = BeanFactory::getBean($this->parent_type,$this->parent_id); if($parent_bean !== false) { $is_owner = $current_user->id == $parent_bean->assigned_user_id; } } require_once("modules/SecurityGroups/SecurityGroup.php"); $in_group = SecurityGroup::groupHasAccess($this->parent_type, $this->parent_id, 'view'); /* END - SECURITY GROUPS */ } /* BEGIN - SECURITY GROUPS */ /** if(ACLController::checkAccess('Project', 'view', $is_owner)){ */ if(ACLController::checkAccess('Project', 'view', $is_owner, 'module', $in_group)){ /* END - SECURITY GROUPS */ $array_assign['PARENT'] = 'a'; }else{ $array_assign['PARENT'] = 'span'; } $is_owner = false; if(!empty($this->depends_on_name)){ if(!empty($this->depends_on_name_owner)){ global $current_user; $is_owner = $current_user->id == $this->depends_on_name_owner; } } if( ACLController::checkAccess('ProjectTask', 'view', $is_owner)){ $array_assign['PARENT_TASK'] = 'a'; }else{ $array_assign['PARENT_TASK'] = 'span'; } return $array_assign; }