/**
* Removes accounts where current user has no access to
*
* @param Tinebase_Model_Filter_FilterGroup $_filter
* @param string $_action get|update
*
* @todo move logic to Felamimail_Model_MessageFilter
*/
public function checkFilterACL(Tinebase_Model_Filter_FilterGroup $_filter, $_action = 'get')
{
$accountFilter = $_filter->getFilter('account_id');
// force a $accountFilter filter (ACL) / all accounts of user
if ($accountFilter === NULL || $accountFilter['operator'] !== 'equals' || !empty($accountFilter['value'])) {
$_filter->createFilter('account_id', 'equals', array());
}
}
/**
* you can define default filters here
*
* @param Tinebase_Model_Filter_FilterGroup $_filter
*/
protected function _addDefaultFilter(Tinebase_Model_Filter_FilterGroup $_filter = NULL)
{
if (!$_filter->isFilterSet('showHidden')) {
$hiddenFilter = $_filter->createFilter('showHidden', 'equals', FALSE);
$hiddenFilter->setIsImplicit(TRUE);
$_filter->addFilter($hiddenFilter);
}
}
/**
* search for preferences
*
* @param Tinebase_Model_Filter_FilterGroup $_filter
* @param Tinebase_Model_Pagination $_pagination
* @param boolean $_onlyIds
* @return Tinebase_Record_RecordSet|array of preferences / pref ids
*/
public function search(Tinebase_Model_Filter_FilterGroup $_filter = NULL, Tinebase_Model_Pagination $_pagination = NULL, $_onlyIds = FALSE)
{
// make sure account is set in filter
$userId = Tinebase_Core::getUser()->getId();
if (!$_filter->isFilterSet('account')) {
$accountFilter = $_filter->createFilter('account', 'equals', array('accountId' => $userId, 'accountType' => Tinebase_Acl_Rights::ACCOUNT_TYPE_USER));
$_filter->addFilter($accountFilter);
} else {
// only admins can search for other users prefs
$accountFilter = $_filter->getAccountFilter();
$accountFilterValue = $accountFilter->getValue();
if ($accountFilterValue['accountId'] != $userId && $accountFilterValue['accountType'] == Tinebase_Acl_Rights::ACCOUNT_TYPE_USER) {
if (!Tinebase_Acl_Roles::getInstance()->hasRight($this->_application, Tinebase_Core::getUser()->getId(), Tinebase_Acl_Rights_Abstract::ADMIN)) {
return new Tinebase_Record_RecordSet('Tinebase_Model_Preference');
}
}
}
if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) {
Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' ' . print_r($_filter->toArray(), TRUE));
}
$paging = new Tinebase_Model_Pagination(array('dir' => 'ASC', 'sort' => array('name')));
$allPrefs = parent::search($_filter, $_pagination, $_onlyIds);
if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) {
Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' ' . print_r(is_array($allPrefs) ? $allPrefs : $allPrefs->toArray(), TRUE));
}
if (!$_onlyIds) {
$this->_addDefaultAndRemoveUndefinedPrefs($allPrefs, $_filter);
// get single matching preferences for each different pref
$result = $this->getMatchingPreferences($allPrefs);
} else {
$result = $allPrefs;
}
return $result;
}
/**
* (non-PHPdoc)
* @see ActiveSync_Frontend_Abstract::_addContainerFilter()
*/
protected function _addContainerFilter(Tinebase_Model_Filter_FilterGroup $_filter, $_containerId)
{
// custom filter gets added when created
$_filter->createFilter('account_id', 'equals', Tinebase_Core::getPreference('Expressomail')->{Expressomail_Preference::DEFAULTACCOUNT});
$_filter->addFilter($_filter->createFilter('folder_id', 'equals', $_containerId));
}
/**
* Removes accounts where current user has no access to
*
* @param Tinebase_Model_Filter_FilterGroup $_filter
* @param string $_action get|update
*/
public function checkFilterACL(Tinebase_Model_Filter_FilterGroup $_filter, $_action = 'get')
{
$userFilter = $_filter->getFilter('user_id');
// force a $userFilter filter (ACL)
if ($userFilter === NULL || $userFilter->getOperator() !== 'equals' || $userFilter->getValue() !== $this->_currentAccount->getId()) {
$userFilter = $_filter->createFilter('user_id', 'equals', $this->_currentAccount->getId());
$_filter->addFilter($userFilter);
}
}
/**
* add container acl filter to filter group
*
* @param Tinebase_Model_Filter_FilterGroup $_filter
* @param string $_containerId
*/
protected function _addContainerFilter(Tinebase_Model_Filter_FilterGroup $_filter, $_containerId)
{
$syncableContainers = $this->_getSyncableFolders();
$containerIds = array();
if ($_containerId == $this->_specialFolderName) {
$containerIds = $syncableContainers->getArrayOfIds();
} elseif (in_array($_containerId, $syncableContainers->id)) {
$containerIds = array($_containerId);
}
$_filter->addFilter($_filter->createFilter('container_id', 'in', $containerIds));
}
/**
* Removes containers where current user has no access to
*
* @param Tinebase_Model_Filter_FilterGroup $_filter
* @param string $_action get|update
*/
public function checkFilterACL(Tinebase_Model_Filter_FilterGroup $_filter, $_action = 'get')
{
if (!$this->_doContainerACLChecks) {
if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) {
Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' Container ACL disabled for ' . $_filter->getModelName() . '.');
}
return TRUE;
}
$aclFilters = $_filter->getAclFilters();
if (!$aclFilters) {
if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) {
Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' Force a standard containerFilter (specialNode = all) as ACL filter.');
}
$containerFilter = $_filter->createFilter('container_id', 'specialNode', 'all', array('applicationName' => $_filter->getApplicationName()));
$_filter->addFilter($containerFilter);
}
if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) {
Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' Setting filter grants for action ' . $_action);
}
switch ($_action) {
case 'get':
$_filter->setRequiredGrants(array(Tinebase_Model_Grants::GRANT_READ, Tinebase_Model_Grants::GRANT_ADMIN));
break;
case 'update':
$_filter->setRequiredGrants(array(Tinebase_Model_Grants::GRANT_EDIT, Tinebase_Model_Grants::GRANT_ADMIN));
break;
case 'export':
$_filter->setRequiredGrants(array(Tinebase_Model_Grants::GRANT_EXPORT, Tinebase_Model_Grants::GRANT_ADMIN));
break;
case 'sync':
$_filter->setRequiredGrants(array(Tinebase_Model_Grants::GRANT_SYNC, Tinebase_Model_Grants::GRANT_ADMIN));
break;
default:
throw new Tinebase_Exception_UnexpectedValue('Unknown action: ' . $_action);
}
}
protected function _addContainerFilter(Tinebase_Model_Filter_FilterGroup $_filter, $_containerId)
{
// custom filter gets added when created
$_filter->createFilter('account_id', 'equals', Tinebase_Core::getPreference('Felamimail')->{Felamimail_Preference::DEFAULTACCOUNT});
$_filter->addFilter($_filter->createFilter('folder_id', 'equals', $_containerId));
#if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . " filter " . print_r($_filter->toArray(), true));
}
/**
* redefine required grants for get actions
*
* @param Tinebase_Model_Filter_FilterGroup $_filter
* @param string $_action get|update
*/
public function checkFilterACL(Tinebase_Model_Filter_FilterGroup $_filter, $_action = 'get')
{
$hasGrantsFilter = FALSE;
foreach ($_filter->getAclFilters() as $aclFilter) {
if ($aclFilter instanceof Calendar_Model_GrantFilter) {
$hasGrantsFilter = TRUE;
break;
}
}
if (!$hasGrantsFilter) {
// force a grant filter
// NOTE: actual grants are set via setRequiredGrants later
$grantsFilter = $_filter->createFilter('grants', 'in', '@setRequiredGrants');
$_filter->addFilter($grantsFilter);
}
parent::checkFilterACL($_filter, $_action);
if ($_action == 'get') {
$_filter->setRequiredGrants(array(Tinebase_Model_Grants::GRANT_FREEBUSY, Tinebase_Model_Grants::GRANT_READ, Tinebase_Model_Grants::GRANT_ADMIN));
}
}
/**
* Removes containers where current user has no access to
* -> remove timetracker containers, too (those are managed within the timetracker)
*
* @param Tinebase_Model_Filter_FilterGroup $_filter
* @param string $_action get|update
*/
public function checkFilterACL(Tinebase_Model_Filter_FilterGroup $_filter, $_action = 'get')
{
if ($_action == 'get') {
$userApps = Tinebase_Core::getUser()->getApplications(TRUE);
$filterAppIds = array();
foreach ($userApps as $app) {
if ($app->name !== 'Timetracker') {
$filterAppIds[] = $app->getId();
}
}
$appFilter = $_filter->createFilter('application_id', 'in', $filterAppIds);
$_filter->addFilter($appFilter);
}
}
