public function save(waContact $contact, $fields) { if (!isset($fields['categories'])) { return TRUE; } if (empty($fields['categories'][0])) { $fields['categories'] = array(); } if (wa()->getApp() == 'contacts' && !wa()->getUser()->getRights('contacts', 'category.all')) { // only save categories available for current user to see, and do not change others $crm = new contactsRightsModel(); $cats = $this->getModel()->getContactCategories($contact->getId()); $allowed = $crm->getAllowedCategories(); $set = $fields['categories'] ? array_flip($fields['categories']) : array(); foreach ($allowed as $id => $cat) { if (isset($set[$id])) { $cats[$id] = true; } else { unset($cats[$id]); } } $fields['categories'] = array_keys($cats); } $this->getModel()->setContactCategories($contact->getId(), $fields['categories']); return TRUE; }
function getOptions($id = null) { if (!$this->model) { $this->model = new waContactCategoryModel(); } if (!$this->categories) { $this->categories = $this->model->getALl('id'); } // Checklist options, category_id => name $options = array(); foreach ($this->categories as $id => $row) { $options[$id] = $row['name']; } // Admins are allowed to see everything, and person outside of contacts app can see a list of categories too if (wa()->getApp() != 'contacts' || wa()->getUser()->getRights('contacts', 'category.all')) { return $options; } // Only load categories available for current user $crm = new contactsRightsModel(); $allowed = $crm->getAllowedCategories(); foreach ($options as $id => $row) { if (!isset($allowed[$id])) { unset($options[$id]); } } return $options; }
public function execute() { // Only show categories available to current user $crm = new contactsRightsModel(); $cm = new waContactCategoryModel(); // List of categories user is allowed to add contacts to $categories = $cm->getAll('id'); $allowed = $crm->getAllowedCategories(); if ($allowed === true) { $allowed = $categories; } foreach ($categories as $id => &$cat) { if (!isset($allowed[$id]) || $cat['system_id']) { unset($categories[$id]); } $cat = $cat['name']; } unset($cat); // Set of catorories that are always checked and disabled in list $d = waRequest::get('disabled'); if (!is_array($d)) { $d = array($d); } $this->view->assign('categories', $categories); $this->view->assign('disabled', array_fill_keys($d, true)); }
public function execute() { $system = wa(); $datetime = $system->getDateTime(); if (!($this->id = (int) waRequest::get('id'))) { throw new waException('No id specified.'); } $user = $this->getUser()->getRights('contacts', 'backend'); $admin = $user >= 2; $ownProfile = $this->id == wa()->getUser()->getId(); $cr = new contactsRightsModel(); if (!$cr->getRight(null, $this->id)) { if ($user && $ownProfile) { $this->view->assign('readonly', true); } else { throw new waRightsException('Access denied.'); } } $this->getContactInfo(); $this->getUserInfo(); // free or premium app? $this->view->assign('versionFull', $this->getConfig()->getInfo('edition') === 'full'); // collect data from other applications to show in tabs (for premium app only) if ($this->getConfig()->getInfo('edition') === 'full') { $links = array(); foreach (wa()->event('profile.tab', $this->id) as $app_id => $one_or_more_links) { if (!isset($one_or_more_links['html'])) { $i = ''; foreach ($one_or_more_links as $link) { $key = isset($link['id']) ? $link['id'] : $app_id . $i; $links[$key] = $link; $i++; } } else { $key = isset($one_or_more_links['id']) ? $one_or_more_links['id'] : $app_id; $links[$key] = $one_or_more_links; } } $this->view->assign('links', $links); } // tab to open by default $this->view->assign('tab', waRequest::get('tab')); $this->view->assign('admin', $admin); $this->view->assign('superadmin', $admin && $this->getUser()->getRights('webasyst', 'backend')); $this->view->assign('current_user_id', wa()->getUser()->getId()); $this->view->assign('limitedCategories', $admin || $this->getRights('category.all') ? 0 : 1); // Update history if (($name = $this->contact->get('name')) || $name === '0') { $name = trim($this->contact->get('title') . ' ' . $name); $history = new contactsHistoryModel(); $history->save('/contact/' . $this->id, $name); } // Update history in user's browser $historyModel = new contactsHistoryModel(); $this->view->assign('history', $historyModel->get()); $this->view->assign('wa_view', $this->view); }
public function execute() { $ids = waRequest::post('id', array(), 'array_int'); if (!$ids) { $ids = (int) waRequest::get('id'); if (!$ids) { throw new Exception('No ids specified.'); } $ids = array($ids); } // do not try to delete self if (in_array($this->getUser()->getId(), $ids)) { die('<p>' . _w('You can not delete yourself.') . '</p><p>' . _w('Please eliminate yourself from deletion list.') . '</p>'); } // Only allow actions with contacts available for current user if (!$this->getRights('category.all')) { $crm = new contactsRightsModel(); $ccm = new waContactCategoriesModel(); $allowed = array_keys($crm->getAllowedCategories()); foreach ($ccm->getContactsCategories($ids) as $id => $cats) { if (!array_intersect($allowed, $cats)) { throw new waRightsException('Access denied'); } } } $superadmin = wa()->getUser()->getRights('webasyst', 'backend'); $result = wa()->event('links', $ids); $this->view->assign('apps', wa()->getApps()); $links = array(); foreach ($result as $app_id => $app_links) { foreach ($app_links as $contact_id => $contact_links) { if ($contact_links) { $links[$contact_id][$app_id] = $contact_links; } } } // Do not allow non-superadmin to remove users if (!$superadmin) { $um = new waUserModel(); $users = array_keys($um->getByField(array('id' => $ids, 'is_user' => 1), 'id')); foreach ($users as $user_id) { if (!isset($links[$user_id]['contacts'])) { $links[$user_id]['contacts'] = array(); } $links[$user_id]['contacts'][] = array('user', 1); } } $contact_model = new waContactModel(); $this->view->assign('ids', $superadmin ? $ids : array_diff($ids, array_keys($links))); $this->view->assign('contacts', $contact_model->getName(array_keys($links))); $this->view->assign('superadmin', $superadmin); $this->view->assign('all', count($ids)); $this->view->assign('links', $links); }
public function execute() { $superadmin = $this->getUser()->getRights('webasyst', 'backend'); $contacts = waRequest::post('id', array(), 'array_int'); // do not try to delete self if (in_array($this->getUser()->getId(), $contacts)) { throw new waRightsException('Access denied: attempt to delete own account.'); } $this->getRights(); $crm = new contactsRightsModel(); $contacts = $crm->getAllowedContactsIds($contacts); if (!$contacts) { throw new waRightsException('Access denied: no access to contacts '); } // Deletion of contacts with links to other applications is only allowed to superadmins if (!$superadmin && ($links = wa()->event('links', $contacts))) { foreach ($links as $app_id => $l) { foreach ($l as $contact_id => $contact_links) { if ($contact_links) { throw new waRightsException('Access denied: only superadmin is allowed to delete contacts with links to other applications.'); } } } } // Are there users among $contacts? $um = new waUserModel(); $users = array_keys($um->getByField(array('id' => $contacts, 'is_user' => 1), 'id')); // deletion of users is only allowed to superadmins if (!$superadmin && $users) { throw new waRightsException('Access denied: only superadmin is allowed to delete users.'); } // Revoke user access before deletion foreach ($users as $user_id) { waUser::revokeUser($user_id); } $contact_model = new waContactModel(); $cnt = count($contacts); if ($cnt > 30) { $log_params = $cnt; } else { // contact names $log_params = $contact_model->getName($contacts); } $history_model = new contactsHistoryModel(); foreach ($contacts as $contact_id) { $history_model->deleteByField(array('type' => 'add', 'hash' => '/contact/' . $contact_id)); } // Bye bye... $contact_model->delete($contacts); // also throws a contacts.delete event $this->response['deleted'] = $cnt; $this->response['message'] = sprintf(_w("%d contact has been deleted", "%d contacts have been deleted", $this->response['deleted']), $this->response['deleted']); $this->logAction('contact_delete', $log_params); }
public function execute() { $superadmin = $this->getUser()->getRights('webasyst', 'backend'); $contacts = waRequest::post('id', array(), 'array_int'); // do not try to delete self if (in_array($this->getUser()->getId(), $contacts)) { throw new waRightsException('Access denied: attempt to delete own account.'); } // Only allow actions with contacts available for current user if (!$this->getRights('category.all')) { $crm = new contactsRightsModel(); $ccm = new waContactCategoriesModel(); $allowed = array_keys($crm->getAllowedCategories()); foreach ($ccm->getContactsCategories($contacts) as $id => $cats) { if (!array_intersect($allowed, $cats)) { throw new waRightsException('Access denied: no access to contact ' . $id); } } } // Deletion of contacts with links to other applications is only allowed to superadmins if (!$superadmin && ($links = wa()->event('links', $contacts))) { foreach ($links as $app_id => $l) { foreach ($l as $contact_id => $contact_links) { if ($contact_links) { throw new waRightsException('Access denied: only superadmin is allowed to delete contacts with links to other applications.'); } } } } // Are there users among $contacts? $um = new waUserModel(); $users = array_keys($um->getByField(array('id' => $contacts, 'is_user' => 1), 'id')); // deletion of users is only allowed to superadmins if (!$superadmin && $users) { throw new waRightsException('Access denied: only superadmin is allowed to delete users.'); } // Revoke user access before deletion foreach ($users as $user_id) { waUser::revokeUser($user_id); } // Bye bye... $contact_model = new waContactModel(); $contact_model->delete($contacts); // also throws a contacts.delete event $this->response['deleted'] = count($contacts); $this->response['message'] = sprintf(_w("%d contact has been deleted", "%d contacts have been deleted", $this->response['deleted']), $this->response['deleted']); $this->log('contact_delete', count($contacts)); }
public function execute() { $this->view->assign('views', null); $this->view->assign('settings', $this->getUser()->getSettings('contacts')); $historyModel = new contactsHistoryModel(); $this->view->assign('history', $historyModel->get()); $cc = new contactsCollection(); $this->view->assign('totalContacts', $cc->count()); // only show categories available to current user $crm = new contactsRightsModel(); $wcrm = new waContactRightsModel(); $ccm = new waContactCategoryModel(); $allowed = $crm->getAllowedCategories(); $categories = array(); if ($allowed === true) { $categories = $ccm->getAll(); } else { if ($allowed) { foreach ($ccm->getAll() as $cat) { if (isset($allowed[$cat['id']])) { $categories[] = $cat; } } } } $this->view->assign('categories', $categories); // User views are only available to global admin $r = new waContactRightsModel(); $this->view->assign('superadmin', FALSE); $this->view->assign('admin', FALSE); if (wa()->getUser()->getRights('webasyst', 'backend')) { $this->view->assign('superadmin', TRUE); $this->view->assign('admin', TRUE); $group_model = new waGroupModel(); $this->view->assign('groups', $group_model->getAll()); $cc = new contactsCollection('/users/all/'); $this->view->assign('totalUsers', $cc->count()); } else { if (wa()->getUser()->getRights('contacts', 'backend') >= 2) { $this->view->assign('admin', TRUE); } } // is user allowed to add contacts? $this->view->assign('show_create', $wcrm->get(null, null, 'create')); }
protected function checkAccess() { if ($this->getRights('category.all')) { return; } // Only allow actions with categories available for current user $crm = new contactsRightsModel(); $allowed = $crm->getAllowedCategories(); foreach (waRequest::post('categories', array(), 'array_int') as $id) { if (!isset($allowed[$id])) { throw new waRightsException('Access denied'); } } // Only allow actions with contacts available for current user $allowed = array_keys($allowed); $ccm = new waContactCategoriesModel(); foreach ($ccm->getContactsCategories(waRequest::post('contacts', array(), 'array_int')) as $id => $cats) { if (!array_intersect($allowed, $cats)) { throw new waRightsException('Access denied'); } } }
function wa_header() { $system = waSystem::getInstance(); if ($system->getEnv() == 'frontend') { return ''; } $root_url = $system->getRootUrl(); $backend_url = $system->getConfig()->getBackendUrl(true); $user = $system->getUser(); $apps = $user->getApps(); $current_app = $system->getApp(); $app_settings_model = new waAppSettingsModel(); $apps_html = ''; $applist_class = ''; $counts = wa()->getStorage()->read('apps-count'); if (is_array($counts)) { $applist_class .= ' counts-cached'; } foreach ($apps as $app_id => $app) { if (isset($app['img'])) { $img = '<img ' . (!empty($app['icon'][96]) ? 'data-src2="' . $root_url . $app['icon'][96] . '"' : '') . ' src="' . $root_url . $app['img'] . '" alt="">'; } else { $img = ''; } $count = ''; $app_url = $backend_url . $app_id . '/'; if ($counts && isset($counts[$app_id])) { if (is_array($counts[$app_id])) { $app_url = $counts[$app_id]['url']; $n = $counts[$app_id]['count']; } else { $n = $counts[$app_id]; } if ($n) { $count = '<span class="indicator">' . $n . '</span>'; } } $apps_html .= '<li id="wa-app-' . $app_id . '"' . ($app_id == $current_app ? ' class="selected"' : '') . '><a href="' . $app_url . '">' . $img . ' ' . $app['name'] . $count . '</a></li>'; } $announcement_model = new waAnnouncementModel(); $announcements = array(); if ($current_app != 'webasyst') { $data = $announcement_model->getByApps($user->getId(), array_keys($apps), $user['create_datetime']); foreach ($data as $row) { // show no more than 1 message per application if (isset($announcements[$row['app_id']]) && count($announcements[$row['app_id']]) >= 1) { continue; } $announcements[$row['app_id']][] = $row['text'] . ' <span class="hint">' . waDateTime::format('humandatetime', $row['datetime']) . '</span>'; } } $announcements_html = ''; foreach ($announcements as $app_id => $texts) { $announcements_html .= '<a href="#" rel="' . $app_id . '" class="wa-announcement-close" title="close">×</a><p>'; $announcements_html .= implode('<br />', $texts); $announcements_html .= '</p>'; } if ($announcements_html) { $announcements_html = '<div id="wa-announcement">' . $announcements_html . '</div>'; } $logout = _ws('logout'); $userpic = '<img width="32" height="32" src="' . $user->getPhoto(32) . '" alt="">'; $username = htmlspecialchars(waContactNameField::formatName($user), ENT_QUOTES, 'utf-8'); // If the user has access to contacts app then show a link to his profile if (wa()->appExists('contacts')) { require_once wa()->getConfig()->getAppsPath('contacts', 'lib/models/contactsRights.model.php'); try { $cr = new contactsRightsModel(); } catch (waDbException $e) { wa('contacts'); $cr = new contactsRightsModel(); } if ($user->getRights('contacts', 'backend') && $cr->getRight(null, $user['id'])) { $userpic = '<a href="' . $backend_url . 'contacts/#/contact/' . $user['id'] . '">' . $userpic . '</a>'; $username = '******' . $backend_url . 'contacts/#/contact/' . $user['id'] . '" id="wa-my-username">' . $username . '</a>'; } else { $userpic = '<a href="' . $backend_url . '?module=profile">' . $userpic . '</a>'; $username = '******' . $backend_url . '?module=profile" id="wa-my-username">' . $username . '</a>'; } } $more = _ws('more'); if ($applist_class) { $applist_class = ' class="' . trim($applist_class) . '"'; } $company_name = htmlspecialchars($app_settings_model->get('webasyst', 'name', 'Webasyst'), ENT_QUOTES, 'utf-8'); $company_url = $app_settings_model->get('webasyst', 'url', $system->getRootUrl(true)); $version = wa()->getVersion(); $strings = array('customize' => _ws('Customize dashboard'), 'done' => _ws('Done editing'), 'date' => _ws(waDateTime::date('l')) . ', ' . trim(str_replace(date('Y'), '', waDateTime::format('humandate')), ' ,/')); $html = <<<HTML <script type="text/javascript">var backend_url = "{$backend_url}";</script> {$announcements_html} <div id="wa-header"> <div id="wa-account"> HTML; if (wa()->getApp() == 'webasyst') { $html .= <<<HTML <h3>{$company_name} <a href="{$company_url}" class="wa-frontend-link" target="_blank"><i class="icon16 new-window"></i></a></h3> <a class="inline-link" id="show-dashboard-editable-mode" href="{$backend_url}"><b><i>{$strings['customize']}</i></b></a> <input id="close-dashboard-editable-mode" type="button" value="{$strings['done']}" style="display: none;"> HTML; } else { $html .= <<<HTML <a href="{$backend_url}" class="wa-dashboard-link"><h3>{$company_name}</h3> <span class="gray">{$strings['date']}</span></a> HTML; } $html .= <<<HTML </div> <div id="wa-usercorner"> <div class="profile image32px"> <div class="image"> {$userpic} </div> <div class="details"> {$username} <p class="status"></p> <a class="hint" href="{$backend_url}?action=logout">{$logout}</a> </div> </div> </div> <div id="wa-applist" {$applist_class}> <ul> {$apps_html} <li> <a href="#" id="wa-moreapps"></a> </li> </ul> HTML; if (wa()->getApp() == 'webasyst') { $html .= '<div class="d-dashboard-header-content"> <div class="d-dashboards-list-wrapper" id="d-dashboards-list-wrapper"></div> <div class="d-dashboard-link-wrapper" id="d-dashboard-link-wrapper"><i class="icon10 lock-bw"></i> ' . _w('Only you can see this dashboard.') . '</div> </div>'; } $html .= <<<HTML </div> </div> <script id="wa-header-js" type="text/javascript" src="{$root_url}wa-content/js/jquery-wa/wa.header.js?v{$version}"></script> HTML; return $html; }
public function execute() { $system = wa(); $datetime = $system->getDateTime(); $user = $this->getUser()->getRights('contacts', 'backend'); $admin = $user >= 2; $cr = new contactsRightsModel(); if (!empty($this->params['limited_own_profile'])) { $this->id = wa()->getUser()->getId(); $this->view->assign('limited_own_profile', true); $this->view->assign('save_url', '?module=profile&action=save'); $this->view->assign('password_save_url', '?module=profile&action=password'); $this->view->assign('save_geocoords_url', '?module=profile&action=saveGeocoords'); $this->view->assign('photo_upload_url', '?module=profile&action=tmpimage'); $this->view->assign('photo_editor_url', '?module=profile&action=photo'); $this->view->assign('photo_editor_uploaded_url', '?module=profile&action=photo&uploaded=1'); } else { $this->id = (int) waRequest::get('id'); if (empty($this->id)) { throw new waException('No id specified.'); } $r = $cr->getRight(null, $this->id); //var_dump($r );exit; if (!$r) { throw new waRightsException(_w('Access denied')); } else { $this->view->assign('readonly', $r === 'read'); } } $exists = $this->getContactInfo(); if ($exists) { $this->getUserInfo(); $this->view->assign('last_view_context', $this->getLastViewContext()); // collect data from other applications to show in tabs if (empty($this->params['limited_own_profile'])) { $links = array(); foreach (wa()->event('profile.tab', $this->id) as $app_id => $one_or_more_links) { if (!isset($one_or_more_links['html'])) { $i = ''; foreach ($one_or_more_links as $link) { $key = isset($link['id']) ? $link['id'] : $app_id . $i; $links[$key] = $link; $i++; } } else { $key = isset($one_or_more_links['id']) ? $one_or_more_links['id'] : $app_id; $links[$key] = $one_or_more_links; } } $this->view->assign('links', $links); } // tab to open by default $this->view->assign('tab', waRequest::get('tab')); $this->view->assign('admin', $admin); $this->view->assign('superadmin', $admin && $this->getUser()->getRights('webasyst', 'backend')); $this->view->assign('current_user_id', wa()->getUser()->getId()); $this->view->assign('can_edit', $cr->getRight(null, $this->id)); // Update history if (empty($this->params['limited_own_profile'])) { $name = $this->contact->get('name'); if ($name || $name === '0') { $history = new contactsHistoryModel(); $history->save('/contact/' . $this->id, $name); } // Update history in user's browser $historyModel = new contactsHistoryModel(); $this->view->assign('history', $historyModel->get()); } $this->view->assign('wa_view', $this->view); $this->view->assign('access_disable_msg', contactsHelper::getAccessDisableMsg($this->contact)); $this->view->assign('my_url', wa()->getRootUrl(true) . 'my/'); $this->view->assign('backend_url', wa()->getRootUrl(true) . wa()->getConfig()->getBackendUrl(false) . '/'); $this->view->assign('static_url', wa()->getAppStaticUrl('contacts')); } $this->view->assign('exists', $exists); if ($this->getRequest()->request('standalone')) { /** * Include plugins js and css * @event backend_assets * @return array[string]string $return[%plugin_id%] */ $this->view->assign('backend_assets', wa()->event('backend_assets')); } $auth = wa()->getAuthConfig(); $this->view->assign('personal_portal_available', !empty($auth['app'])); /* * @event backend_contact_info * @return array[string]array $return[%plugin_id%] array of html output * @return array[string][string]string $return[%plugin_id%]['after_header'] html output * @return array[string][string]string $return[%plugin_id%]['header'] html output * @return array[string][string]string $return[%plugin_id%]['before_header'] html output * @return array[string][string]string $return[%plugin_id%]['before_top'] html output * @return array[string][string]string $return[%plugin_id%]['top'] html output * @return array[string][string]string $return[%plugin_id%]['after_top'] html output * @return array[string][string]string $return[%plugin_id%]['photo'] html output */ $backend_contact_info_params = array('contact_id' => $this->id); $this->view->assign('backend_contact_info', wa()->event('backend_contact_info', $backend_contact_info_params)); }
public function clearRights($contact_id) { self::$model->deleteByField(array('group_id' => -$contact_id)); }
/** * Delete one or more contacts and fire event Ńontacts.delete * * @event contacts.delete * * @param int|array $id - contact id or array of contact ids * @return bool */ public function delete($id, $send_event = true) { if ($send_event) { // Fire @event contacts.delete allowing other applications to clean up their data if (!is_array($id)) { $id = array($id); } wa()->event(array('contacts', 'delete'), $id); } if (is_array($id)) { $nid = array(); foreach ($id as $i) { $nid[] = -(int) $i; } } else { $nid = -(int) $id; } // Delete rights $right_model = new waContactRightsModel(); $right_model->deleteByField('group_id', $nid); // Delete settings $setting_model = new waContactSettingsModel(); $setting_model->deleteByField('contact_id', $id); // Delete emails $contact_email_model = new waContactEmailsModel(); $contact_email_model->deleteByField('contact_id', $id); // Delete from groups $user_groups_model = new waUserGroupsModel(); $user_groups_model->deleteByField('contact_id', $id); // Delete from contact lists if (class_exists('contactsContactListsModel')) { // @todo: Use plugin for contacts $contact_lists_model = new contactsContactListsModel(); $contact_lists_model->deleteByField('contact_id', $id); } // Delete from contact rights $contact_rights_model = new contactsRightsModel(); $contact_rights_model->deleteByField('group_id', $nid); // Delete data $contact_data_model = new waContactDataModel(); $contact_data_model->deleteByField('contact_id', $id); $contact_data_text_model = new waContactDataTextModel(); $contact_data_text_model->deleteByField('contact_id', $id); // // Delete contact from logs // $login_log_model = new waLoginLogModel(); // $login_log_model->deleteByField('contact_id', $id); // Clear references $this->updateByField(array('company_contact_id' => $id), array('company_contact_id' => 0)); // Delete contact return $this->deleteById($id); }
public function execute() { $this->id = (int) waRequest::post('id'); // Check access if (!$this->id) { if (!$this->getRights('create')) { throw new waRightsException('Access denied.'); } } else { $cr = new contactsRightsModel(); if ($cr->getRight(null, $this->id) != 'write') { throw new waRightsException('Access denied.'); } } $this->type = waRequest::post('type'); $this->contact = new waContact($this->id); if ($this->type == 'company') { $this->contact['is_company'] = 1; } $data = json_decode(waRequest::post('data'), true); if (!$this->id && !isset($data['create_method'])) { $data['create_method'] = 'add'; } $oldLocale = $this->getUser()->getLocale(); // get old data for logging if ($this->id) { $old_data = array(); foreach ($data as $field_id => $field_value) { $old_data[$field_id] = $this->contact->get($field_id); } } $response = array(); if (!($errors = $this->contact->save($data, true))) { if ($this->id) { $new_data = array(); foreach ($data as $field_id => $field_value) { if (!isset($errors[$field_id])) { $response[$field_id] = $this->contact->get($field_id, 'js'); $new_data[$field_id] = $this->contact->get($field_id); } } if (empty($errors)) { $this->logContactEdit($old_data, $new_data); } $response['name'] = $this->contact->get('name', 'js'); $response['top'] = contactsHelper::getTop($this->contact); $response['id'] = $this->contact->getId(); } else { $response = array('id' => $this->contact->getId()); $response['address'] = $this->contact->get('address', 'js'); $this->logAction('contact_add', null, $this->contact->getId()); } // Update recently added menu item $name = waContactNameField::formatName($this->contact); if ($name || $name === '0') { $history = new contactsHistoryModel(); $history->save('/contact/' . $this->contact->getId(), $name, $this->id ? null : 'add'); $history = $history->get(); // to update history in user's browser } } // Reload page with new language if user just changed it in own profile if ($this->contact->getId() == $this->getUser()->getId() && $oldLocale != $this->contact->getLocale()) { $response['reload'] = true; } $this->response = array('errors' => $errors, 'data' => $response); if (isset($history)) { $this->response['history'] = $history; } }
/** * Verifies current user's access rights to contact with specified id. * * @param int|null $contact_id Contact id. If not specified, access rights to all contacts are verified. * @return bool */ public static function getContactRights($contact_id = null) { $rights = false; if (wa()->appExists('contacts')) { if ($contact_id) { wa('contacts'); $contact_rights = new contactsRightsModel(); if ($contact_rights->getRight(null, $contact_id)) { $rights = true; } } else { $rights = wa()->getUser()->getRights('contacts'); $rights = $rights && !empty($rights['backend']); } } return $rights; }
function wa_header() { $system = waSystem::getInstance(); if ($system->getEnv() == 'frontend') { return ''; } $root_url = $system->getRootUrl(); $backend_url = $system->getConfig()->getBackendUrl(true); $user = $system->getUser(); $apps = $user->getApps(); $current_app = $system->getApp(); $app_settings_model = new waAppSettingsModel(); $apps_html = ''; $applist_class = ''; $counts = wa()->getStorage()->read('apps-count'); if (is_array($counts)) { $applist_class .= ' counts-cached'; } foreach ($apps as $app_id => $app) { if (isset($app['img'])) { $img = '<img ' . (!empty($app['icon'][96]) ? 'data-src2="' . $root_url . $app['icon'][96] . '"' : '') . ' src="' . $root_url . $app['img'] . '" alt="">'; } else { $img = ''; } $count = ''; $app_url = $backend_url . $app_id . '/'; if ($counts && isset($counts[$app_id])) { if (is_array($counts[$app_id])) { $app_url = $counts[$app_id]['url']; $n = $counts[$app_id]['count']; } else { $n = $counts[$app_id]; } if ($n) { $count = '<span class="indicator">' . $n . '</span>'; } } $apps_html .= '<li id="wa-app-' . $app_id . '"' . ($app_id == $current_app ? ' class="selected"' : '') . '><a href="' . $app_url . '">' . $img . ' ' . $app['name'] . $count . '</a></li>'; } if ($system->getRequest()->isMobile(false)) { $top_url = '<a href="' . $backend_url . '?mobile=1">mobile version</a>'; } else { $url = $app_settings_model->get('webasyst', 'url', $system->getRootUrl(true)); $url_info = @parse_url($url); if ($url_info) { $url_name = ''; if (empty($url_info['scheme'])) { $url = 'http://' . $url; } if (isset($url_info['host'])) { $url_name .= $url_info['host']; } if (isset($url_info['path'])) { if ($url_info['path'] == '/' && !isset($url_info['query'])) { } else { $url_name .= $url_info['path']; } } if (isset($url_info['query'])) { $url_name .= '?' . $url_info['query']; } } else { $url = $url_name = $system->getRootUrl(true); } $top_url = '<a target="_blank" href="' . $url . '">' . $url_name . '</a>'; } $announcement_model = new waAnnouncementModel(); $data = $announcement_model->getByApps($user->getId(), array_keys($apps), $user['create_datetime']); $announcements = array(); foreach ($data as $row) { // show no more than 1 message per application if (isset($announcements[$row['app_id']]) && count($announcements[$row['app_id']]) >= 1) { continue; } $announcements[$row['app_id']][] = $row['text'] . ' <span class="hint">' . waDateTime::format('humandatetime', $row['datetime']) . '</span>'; } $announcements_html = ''; foreach ($announcements as $app_id => $texts) { $announcements_html .= '<a href="#" rel="' . $app_id . '" class="wa-announcement-close inline-link" title="close"><b><i>' . _ws('Close') . '</i></b></a><p>'; $announcements_html .= implode('<br />', $texts); $announcements_html .= '</p>'; } if ($announcements_html) { $announcements_html = '<div id="wa-announcement">' . $announcements_html . '</div>'; } $logout = _ws('logout'); $userpic = '<img width="32" height="32" src="' . $user->getPhoto(32) . '" alt="">'; $username = htmlspecialchars(waContactNameField::formatName($user), ENT_QUOTES, 'utf-8'); // If the user has access to contacts app then show a link to his profile if (wa()->appExists('contacts')) { require_once wa()->getConfig()->getAppsPath('contacts', 'lib/models/contactsRights.model.php'); try { $cr = new contactsRightsModel(); } catch (waDbException $e) { wa('contacts'); $cr = new contactsRightsModel(); } if ($user->getRights('contacts', 'backend') && $cr->getRight(null, $user['id'])) { $userpic = '<a href="' . $backend_url . 'contacts/#/contact/' . $user['id'] . '">' . $userpic . '</a>'; $username = '******' . $backend_url . 'contacts/#/contact/' . $user['id'] . '" id="wa-my-username">' . $username . '</a>'; } else { $userpic = '<a href="' . $backend_url . '?module=profile">' . $userpic . '</a>'; $username = '******' . $backend_url . '?module=profile" id="wa-my-username">' . $username . '</a>'; } } $more = _ws('more'); if ($applist_class) { $applist_class = ' class="' . trim($applist_class) . '"'; } $company_name = htmlspecialchars($app_settings_model->get('webasyst', 'name', 'Webasyst'), ENT_QUOTES, 'utf-8'); $version = wa()->getVersion(); $html = <<<HTML <script type="text/javascript">var backend_url = "{$backend_url}";</script> {$announcements_html} <div id="wa-header"> <div id="wa-account"> <h3>{$company_name}</h3> {$top_url} </div> <div id="wa-usercorner"> <div class="profile image32px"> <div class="image"> {$userpic} </div> <div class="details"> {$username} <p class="status"></p> <a class="hint" href="{$backend_url}?action=logout">{$logout}</a> </div> </div> </div> <div id="wa-applist" {$applist_class}> <ul> {$apps_html} <li> <a href="#" id="wa-moreapps"></a> </li> </ul> </div> </div> <script id="wa-header-js" type="text/javascript" src="{$root_url}wa-content/js/jquery-wa/wa.header.js?v{$version}"></script> HTML; return $html; }
public function execute() { $this->id = (int) waRequest::post('id'); // Check access if (!$this->id) { if (!$this->getRights('create')) { throw new waRightsException('Access denied.'); } } else { $cr = new contactsRightsModel(); if ($cr->getRight(null, $this->id) != 'write') { throw new waRightsException('Access denied.'); } } $this->type = waRequest::post('type'); $this->contact = new waContact($this->id); if ($this->type == 'company') { $this->contact['is_company'] = 1; } $data = json_decode(waRequest::post('data'), true); if (!$this->id && !isset($data['create_method'])) { $data['create_method'] = 'add'; } $oldLocale = $this->getUser()->getLocale(); $response = array(); if (!($errors = $this->contact->save($data, true))) { if ($this->id) { foreach ($data as $field_id => $field_value) { if (!isset($errors[$field_id])) { $response[$field_id] = $this->contact->get($field_id, 'js'); } } $response['name'] = $this->contact->get('name', 'js'); $fields = array('email', 'phone', 'im'); $top = array(); foreach ($fields as $f) { if ($v = $this->contact->get($f, 'top,html')) { $top[] = array('id' => $f, 'name' => waContactFields::get($f)->getName(), 'value' => is_array($v) ? implode(', ', $v) : $v); } } $response['top'] = $top; } else { $response = array('id' => $this->contact->getId()); $this->log('contact_add', 1); } // Update recently added menu item if (($name = $this->contact->get('name')) || $name === '0') { $name = trim($this->contact->get('title') . ' ' . $name); $history = new contactsHistoryModel(); $history->save('/contact/' . $this->contact->getId(), $name, $this->id ? null : 'add'); $history = $history->get(); // to update history in user's browser } } // Reload page with new language if user just changed it in own profile if ($this->contact->getId() == $this->getUser()->getId() && $oldLocale != $this->contact->getLocale()) { $response['reload'] = TRUE; } $this->response = array('errors' => $errors, 'data' => $response); if (isset($history)) { $this->response['history'] = $history; } }