public function process(Vtiger_Request $request) { PDFMaker_Debugger_Model::GetInstance()->Init(); $adb = PearDatabase::getInstance(); $PDFMaker = new PDFMaker_PDFMaker_Model(); //Debugger::GetInstance()->Init(); $viewer = $this->getViewer($request); $permissions = $PDFMaker->GetProfilesPermissions(); $profilesActions = $PDFMaker->GetProfilesActions(); $actionEDIT = getActionid($profilesActions["EDIT"]); $actionDETAIL = getActionid($profilesActions["DETAIL"]); $actionDELETE = getActionid($profilesActions["DELETE"]); $actionEXPORT_RTF = getActionid($profilesActions["EXPORT_RTF"]); $mode = $request->get('mode'); $viewer->assign("MODE", $mode); $permissionNames = array(); foreach ($permissions as $profileid => $subArr) { $permissionNames[$profileid] = array(); $profileName = $this->getProfileName($profileid); foreach ($subArr as $actionid => $perm) { $permStr = $perm == "0" ? 'checked="checked"' : ""; switch ($actionid) { case $actionEDIT: $permissionNames[$profileid][$profileName]["EDIT"]["name"] = 'priv_chk_' . $profileid . '_' . $actionEDIT; $permissionNames[$profileid][$profileName]["EDIT"]["checked"] = $permStr; break; case $actionDETAIL: $permissionNames[$profileid][$profileName]["DETAIL"]["name"] = 'priv_chk_' . $profileid . '_' . $actionDETAIL; $permissionNames[$profileid][$profileName]["DETAIL"]["checked"] = $permStr; break; case $actionDELETE: $permissionNames[$profileid][$profileName]["DELETE"]["name"] = 'priv_chk_' . $profileid . '_' . $actionDELETE; $permissionNames[$profileid][$profileName]["DELETE"]["checked"] = $permStr; break; case $actionEXPORT_RTF: $permissionNames[$profileid][$profileName]["EXPORT_RTF"]["name"] = 'priv_chk_' . $profileid . '_' . $actionEXPORT_RTF; $permissionNames[$profileid][$profileName]["EXPORT_RTF"]["checked"] = $permStr; break; } } } $viewer->assign("PERMISSIONS", $permissionNames); $viewer->view('ProfilesPrivilegies.tpl', 'PDFMaker'); }
* All Rights Reserved. ********************************************************************************/ require_once 'Smarty_setup.php'; require_once "include/utils/utils.php"; require_once 'modules/Calendar4You/Calendar4You.php'; global $mod_strings, $app_strings, $theme, $currentModule, $adb; $smarty = new vtigerCRM_Smarty(); $smarty->assign("MOD", $mod_strings); $smarty->assign("APP", $app_strings); $smarty->assign("THEME", $theme); $Calendar4You = new Calendar4You(); $permissions = $Calendar4You->GetProfilesPermissions(); $profilesActions = $Calendar4You->GetProfilesActions(); $actionEDIT = getActionid($profilesActions["EDIT"]); $actionDETAIL = getActionid($profilesActions["DETAIL"]); $actionDELETE = getActionid($profilesActions["DELETE"]); if (isset($_REQUEST["mode"]) && $_REQUEST["mode"] == "save") { foreach ($permissions as $profileid => $subArr) { foreach ($subArr as $actionid => $perm) { $sql = "DELETE FROM its4you_calendar4you_profilespermissions WHERE profileid = ? AND operation = ?"; $adb->pquery($sql, array($profileid, $actionid)); if (isset($_REQUEST["priv_chk_" . $profileid . "_" . $actionid]) && $_REQUEST["priv_chk_" . $profileid . "_" . $actionid] == "on") { $params = array($profileid, $actionid, "0"); } else { $params = array($profileid, $actionid, "1"); } $sql = "INSERT INTO its4you_calendar4you_profilespermissions (profileid, operation, permissions) VALUES(?, ?, ?)"; $adb->pquery($sql, $params); } } echo '<meta http-equiv="refresh" content="0; url=index.php?module=Settings&action=ModuleManager&module_settings=true&formodule=Calendar4You&parenttab=Settings">';
/** Function to check if the currently logged in user is permitted to perform the specified action * @param $module -- Module Name:: Type varchar * @param $actionname -- Action Name:: Type varchar * @param $recordid -- Record Id:: Type integer * @returns yes or no. If Yes means this action is allowed for the currently logged in user. If no means this action is not allowed for the currently logged in user * */ function isPermitted($module, $actionname, $record_id = '') { $log = vglobal('log'); $log->debug("Entering isPermitted(" . $module . "," . $actionname . "," . $record_id . ") method ..."); $adb = PearDatabase::getInstance(); $current_user = vglobal('current_user'); global $seclog; require 'user_privileges/user_privileges_' . $current_user->id . '.php'; require 'user_privileges/sharing_privileges_' . $current_user->id . '.php'; $permission = 'no'; if (($module == 'Users' || $module == 'Home' || $module == 'uploads') && $_REQUEST['parenttab'] != 'Settings') { //These modules dont have security right now $permission = 'yes'; $log->debug("Exiting isPermitted method ..."); return $permission; } //Checking the Access for the Settings Module if ($module == 'Settings' || $module == 'Administration' || $module == 'System' || $_REQUEST['parenttab'] == 'Settings') { if (!$is_admin) { $permission = 'no'; } else { $permission = 'yes'; } $log->debug("Exiting isPermitted method ..."); return $permission; } //Retreiving the Tabid and Action Id $tabid = getTabid($module); $actionid = getActionid($actionname); $checkModule = $module; if ($checkModule == 'Events') { $checkModule = 'Calendar'; } if (vtlib_isModuleActive($checkModule)) { //Checking whether the user is admin if ($is_admin) { $permission = 'yes'; $log->debug("Exiting isPermitted method ..."); return $permission; } //If no actionid, then allow action is vtiger_tab permission is available if ($actionid === '') { if ($profileTabsPermission[$tabid] == 0) { $permission = 'yes'; $log->debug("Exiting isPermitted method ..."); } else { $permission = 'no'; } return $permission; } $action = getActionname($actionid); //Checking for view all permission if ($profileGlobalPermission[1] == 0 || $profileGlobalPermission[2] == 0) { if ($actionid == 3 || $actionid == 4) { $permission = 'yes'; $log->debug("Exiting isPermitted method ..."); return $permission; } } //Checking for edit all permission if ($profileGlobalPermission[2] == 0) { if ($actionid == 3 || $actionid == 4 || $actionid == 0 || $actionid == 1) { $permission = 'yes'; $log->debug("Exiting isPermitted method ..."); return $permission; } } //Checking for vtiger_tab permission if ($profileTabsPermission[$tabid] != 0) { $permission = 'no'; $log->debug("Exiting isPermitted method ..."); return $permission; } //Checking for Action Permission if (strlen($profileActionPermission[$tabid][$actionid]) < 1 && $profileActionPermission[$tabid][$actionid] == '') { $permission = 'yes'; $log->debug("Exiting isPermitted method ..."); return $permission; } if ($profileActionPermission[$tabid][$actionid] != 0 && $profileActionPermission[$tabid][$actionid] != '') { $permission = 'no'; $log->debug("Exiting isPermitted method ..."); return $permission; } //Checking and returning true if recorid is null if ($record_id == '') { $permission = 'yes'; $log->debug("Exiting isPermitted method ..."); return $permission; } //If modules is Products,Vendors,Faq,PriceBook then no sharing if ($record_id != '') { if (getTabOwnedBy($module) == 1) { $permission = 'yes'; $log->debug("Exiting isPermitted method ..."); return $permission; } } //Retreiving the RecordOwnerId $recOwnType = ''; $recOwnId = ''; $recordOwnerArr = getRecordOwnerId($record_id); $shownerids = Vtiger_SharedOwner_UIType::getSharedOwners($record_id, $module); foreach ($recordOwnerArr as $type => $id) { $recOwnType = $type; $recOwnId = $id; } //Retreiving the default Organisation sharing Access $others_permission_id = $defaultOrgSharingPermission[$tabid]; if (in_array($current_user->id, $shownerids) || count(array_intersect($shownerids, $current_user_groups)) > 0) { $permission = 'yes'; $log->debug('Exiting isPermitted method ... - Shared Owner'); return $permission; } if ($recOwnType == 'Users') { //Checking if the Record Owner is the current User if ($current_user->id == $recOwnId) { $permission = 'yes'; $log->debug('Exiting isPermitted method ...'); return $permission; } //Checking if the Record Owner is the Subordinate User foreach ($subordinate_roles_users as $roleid => $userids) { if (in_array($recOwnId, $userids)) { $permission = 'yes'; $log->debug('Exiting isPermitted method ...'); return $permission; } } } elseif ($recOwnType == 'Groups') { //Checking if the record owner is the current user's group if (in_array($recOwnId, $current_user_groups)) { $permission = 'yes'; $log->debug("Exiting isPermitted method ..."); return $permission; } } $role = getRoleInformation($current_user->roleid); if (($actionid == 3 || $actionid == 4) && $role['previewrelatedrecord'] != 0 || ($actionid == 0 || $actionid == 1) && $role['editrelatedrecord'] != 0) { $parentRecord = Users_Privileges_Model::getParentRecord($record_id, $module, $role['previewrelatedrecord']); if ($parentRecord) { $recordMetaData = Vtiger_Functions::getCRMRecordMetadata($parentRecord); if ($role['permissionsrelatedfield'] == 0) { $relatedPermission = $current_user->id == $recordMetaData['smownerid']; } else { if ($role['permissionsrelatedfield'] == 1) { $relatedPermission = in_array($current_user->id, Vtiger_SharedOwner_UIType::getSharedOwners($parentRecord, $recordMetaData['setype'])); } else { if ($role['permissionsrelatedfield'] == 2) { $relatedPermission = $current_user->id == $recordMetaData['smownerid'] || in_array($current_user->id, Vtiger_SharedOwner_UIType::getSharedOwners($parentRecord, $recordMetaData['setype'])); } } } if ($relatedPermission) { $permission = 'yes'; $log->debug('Exiting isPermitted method ... - Parent Record Owner'); return $permission; } } } //Checking for Default Org Sharing permission if ($others_permission_id == 0) { if ($actionid == 1 || $actionid == 0) { $permission = isReadWritePermittedBySharing($module, $tabid, $actionid, $record_id); $log->debug("Exiting isPermitted method ..."); return $permission; } elseif ($actionid == 2) { $permission = 'no'; $log->debug("Exiting isPermitted method ..."); return $permission; } else { $permission = 'yes'; $log->debug("Exiting isPermitted method ..."); return $permission; } } elseif ($others_permission_id == 1) { if ($actionid == 2) { $permission = 'no'; $log->debug("Exiting isPermitted method ..."); return $permission; } else { $permission = 'yes'; $log->debug("Exiting isPermitted method ..."); return $permission; } } elseif ($others_permission_id == 2) { $permission = 'yes'; $log->debug("Exiting isPermitted method ..."); return $permission; } elseif ($others_permission_id == 3) { if ($actionid == 3 || $actionid == 4) { $permission = isReadPermittedBySharing($module, $tabid, $actionid, $record_id); $log->debug("Exiting isPermitted method ..."); return $permission; } elseif ($actionid == 0 || $actionid == 1) { if ($module == 'Calendar') { $permission = 'no'; } else { $permission = isReadWritePermittedBySharing($module, $tabid, $actionid, $record_id); } $log->debug("Exiting isPermitted method ..."); return $permission; } elseif ($actionid == 2) { $permission = 'no'; return $permission; } else { $permission = 'yes'; $log->debug("Exiting isPermitted method ..."); return $permission; } } else { $permission = 'yes'; } } else { $permission = 'no'; } $log->debug("Exiting isPermitted method ..."); return $permission; }
/** Function to check if the outlook user is permitted to perform the specified action * @param $module -- Module Name:: Type varchar * @param $actionname -- Action Name:: Type varchar * @param $recordid -- Record Id:: Type integer * @returns yes or no. If Yes means this action is allowed for the currently logged in user. If no means this action is not allowed for the currently logged in user * */ function isAllowed_Outlook($module, $action, $user_id, $record_id) { global $log; $log->debug("Entering isAllowed_Outlook(" . $module . "," . $action . "," . $user_id . "," . $record_id . ") method ..."); $permission = "no"; if ($module == 'Users' || $module == 'Home' || $module == 'Administration' || $module == 'uploads' || $module == 'Settings' || $module == 'Calendar') { //These modules done have security $permission = "yes"; } else { global $adb; global $current_user; $tabid = getTabid($module); $actionid = getActionid($action); $profile_id = fetchUserProfileId($user_id); $tab_per_Data = getAllTabsPermission($profile_id); $permissionData = getTabsActionPermission($profile_id); $defSharingPermissionData = getDefaultSharingAction(); $others_permission_id = $defSharingPermissionData[$tabid]; //Checking whether this vtiger_tab is allowed if ($tab_per_Data[$tabid] == 0) { $permission = 'yes'; //Checking whether this action is allowed if ($permissionData[$tabid][$actionid] == 0) { $permission = 'yes'; $rec_owner_id = ''; if ($record_id != '' && $module != 'Faq') { $rec_owner_id = getUserId($record_id); } if ($record_id != '' && $others_permission_id != '' && $module != 'Faq' && $rec_owner_id != 0) { if ($rec_owner_id != $current_user->id) { if ($others_permission_id == 0) { if ($action == 'EditView' || $action == 'Delete') { $permission = "no"; } else { $permission = "yes"; } } elseif ($others_permission_id == 1) { if ($action == 'Delete') { $permission = "no"; } else { $permission = "yes"; } } elseif ($others_permission_id == 2) { $permission = "yes"; } elseif ($others_permission_id == 3) { if ($action == 'DetailView' || $action == 'EditView' || $action == 'Delete') { $permission = "no"; } else { $permission = "yes"; } } } else { $permission = "yes"; } } } else { $permission = "no"; } } else { $permission = "no"; } } $log->debug("Exiting isAllowed_Outlook method ..."); return $permission; }
/** Function to check if the currently logged in user is permitted to perform the specified action * @param $module -- Module Name:: Type varchar * @param $actionname -- Action Name:: Type varchar * @param $recordid -- Record Id:: Type integer * @returns yes or no. If Yes means this action is allowed for the currently logged in user. If no means this action is not allowed for the currently logged in user * */ function isPermitted($module, $actionname, $record_id = '') { global $log; $log->debug("Entering isPermitted(" . $module . "," . $actionname . "," . $record_id . ") method ..."); global $adb; global $current_user; global $seclog; require 'user_privileges/user_privileges_' . $current_user->id . '.php'; require 'user_privileges/sharing_privileges_' . $current_user->id . '.php'; $permission = "no"; if (($module == 'Users' || $module == 'Home' || $module == 'uploads') && $_REQUEST['parenttab'] != 'Settings') { //These modules dont have security right now $permission = "yes"; $log->debug("Exiting isPermitted method ..."); return $permission; } //Checking the Access for the Settings Module if ($module == 'Settings' || $module == 'Administration' || $module == 'System' || $_REQUEST['parenttab'] == 'Settings') { if (!$is_admin) { $permission = "no"; } else { $permission = "yes"; } $log->debug("Exiting isPermitted method ..."); return $permission; } //Retreiving the Tabid and Action Id $tabid = getTabid($module); $actionid = getActionid($actionname); $checkModule = $module; if ($checkModule == 'Events') { $checkModule = 'Calendar'; } if (vtlib_isModuleActive($checkModule)) { //Checking whether the user is admin if ($is_admin) { $permission = "yes"; $log->debug("Exiting isPermitted method ..."); return $permission; } //If no actionid, then allow action is vtiger_tab permission is available if ($actionid === '') { if ($profileTabsPermission[$tabid] == 0) { $permission = "yes"; $log->debug("Exiting isPermitted method ..."); } else { $permission = "no"; } return $permission; } $action = getActionname($actionid); //Checking for view all permission if ($profileGlobalPermission[1] == 0 || $profileGlobalPermission[2] == 0) { if ($actionid == 3 || $actionid == 4) { $permission = "yes"; $log->debug("Exiting isPermitted method ..."); return $permission; } } //Checking for edit all permission if ($profileGlobalPermission[2] == 0) { if ($actionid == 3 || $actionid == 4 || $actionid == 0 || $actionid == 1) { $permission = "yes"; $log->debug("Exiting isPermitted method ..."); return $permission; } } //Checking for vtiger_tab permission if ($profileTabsPermission[$tabid] != 0) { $permission = "no"; $log->debug("Exiting isPermitted method ..."); return $permission; } //Checking for Action Permission if (strlen($profileActionPermission[$tabid][$actionid]) < 1 && $profileActionPermission[$tabid][$actionid] == '') { $permission = "yes"; $log->debug("Exiting isPermitted method ..."); return $permission; } if ($profileActionPermission[$tabid][$actionid] != 0 && $profileActionPermission[$tabid][$actionid] != '') { $permission = "no"; $log->debug("Exiting isPermitted method ..."); return $permission; } //Checking and returning true if recorid is null if ($record_id == '') { $permission = "yes"; $log->debug("Exiting isPermitted method ..."); return $permission; } //If modules is Products,Vendors,Faq,PriceBook then no sharing if ($record_id != '') { if (getTabOwnedBy($module) == 1) { $permission = "yes"; $log->debug("Exiting isPermitted method ..."); return $permission; } } //Retreiving the RecordOwnerId $recOwnType = ''; $recOwnId = ''; $recordOwnerArr = getRecordOwnerId($record_id); foreach ($recordOwnerArr as $type => $id) { $recOwnType = $type; $recOwnId = $id; } //Retreiving the default Organisation sharing Access $others_permission_id = $defaultOrgSharingPermission[$tabid]; if ($recOwnType == 'Users') { //Checking if the Record Owner is the current User if ($current_user->id == $recOwnId) { $permission = "yes"; $log->debug("Exiting isPermitted method ..."); return $permission; } //Checking if the Record Owner is the Subordinate User foreach ($subordinate_roles_users as $roleid => $userids) { if (in_array($recOwnId, $userids)) { $permission = 'yes'; $log->debug("Exiting isPermitted method ..."); return $permission; } } } elseif ($recOwnType == 'Groups') { //Checking if the record owner is the current user's group if (in_array($recOwnId, $current_user_groups)) { $permission = 'yes'; $log->debug("Exiting isPermitted method ..."); return $permission; } } //Checking for Default Org Sharing permission if ($others_permission_id == 0) { if ($actionid == 1 || $actionid == 0) { if ($module == 'Calendar') { if ($recOwnType == 'Users') { $permission = isCalendarPermittedBySharing($record_id); } else { $permission = 'no'; } } else { $permission = isReadWritePermittedBySharing($module, $tabid, $actionid, $record_id); } $log->debug("Exiting isPermitted method ..."); return $permission; } elseif ($actionid == 2) { $permission = "no"; $log->debug("Exiting isPermitted method ..."); return $permission; } else { $permission = "yes"; $log->debug("Exiting isPermitted method ..."); return $permission; } } elseif ($others_permission_id == 1) { if ($actionid == 2) { $permission = "no"; $log->debug("Exiting isPermitted method ..."); return $permission; } else { $permission = "yes"; $log->debug("Exiting isPermitted method ..."); return $permission; } } elseif ($others_permission_id == 2) { $permission = "yes"; $log->debug("Exiting isPermitted method ..."); return $permission; } elseif ($others_permission_id == 3) { if ($actionid == 3 || $actionid == 4) { if ($module == 'Calendar') { if ($recOwnType == 'Users') { $permission = isCalendarPermittedBySharing($record_id); } else { $permission = 'no'; } } else { $permission = isReadPermittedBySharing($module, $tabid, $actionid, $record_id); } $log->debug("Exiting isPermitted method ..."); return $permission; } elseif ($actionid == 0 || $actionid == 1) { if ($module == 'Calendar') { $permission = 'no'; } else { $permission = isReadWritePermittedBySharing($module, $tabid, $actionid, $record_id); } $log->debug("Exiting isPermitted method ..."); return $permission; } elseif ($actionid == 2) { $permission = "no"; return $permission; } else { $permission = "yes"; $log->debug("Exiting isPermitted method ..."); return $permission; } } else { $permission = "yes"; } } else { $permission = "no"; } $log->debug("Exiting isPermitted method ..."); return $permission; }
public function CheckPermissions($actionKey, $record_id = '') { global $current_user; if (empty($this->view_all)) { $this->GetDefPermission($current_user->id); } if ($this->is_admin) { return true; } if ($this->profile_Global_Permission[1] == "0" && $actionKey == "DETAIL") { return true; } elseif ($this->profile_Global_Permission[2] == "0" && $actionKey == "EDIT") { return true; } else { $profileid = fetchUserProfileId($current_user->id); if (isset($this->profilesActions[$actionKey])) { $actionid = getActionid($this->profilesActions[$actionKey]); $permissions = $this->GetProfilesPermissions(); if (isset($permissions[$profileid][$actionid]) && $permissions[$profileid][$actionid] == "0") { if ($this->edit_all && ($actionKey == "DETAIL" || $actionKey == "EDIT") || $this->delete_all && $actionKey == "DELETE") { return true; } elseif ($record_id != "") { $recOwnType = ''; $recOwnId = ''; $recordOwnerArr = getRecordOwnerId($record_id); foreach ($recordOwnerArr as $type => $id) { $recOwnType = $type; $recOwnId = $id; } if ($recOwnType == 'Users') { if ($current_user->id == $recOwnId) { return true; } //Checking if the Record Owner is the Subordinate User foreach ($this->subordinate_roles_users as $roleid => $userids) { if (in_array($recOwnId, $userids)) { return true; } } $permission = isCalendarPermittedBySharing($record_id); if ($permission == "yes" && $actionKey == "DETAIL") { return true; } } elseif ($recOwnType == 'Groups') { //Checking if the record owner is the current user's group if (in_array($recOwnId, $this->current_user_groups)) { return true; } } if ($actionKey == "DETAIL") { $ui = $this->isUserCalendarPermittedByInviti($record_id); if ($ui) { return true; } } } else { return true; } } } } return false; }
public function CheckPermissions($actionKey) { $profileid = fetchUserProfileId($this->current_user->id); $result = false; if (isset($this->profilesActions[$actionKey])) { $actionid = getActionid($this->profilesActions[$actionKey]); $permissions = $this->GetProfilesPermissions(); if (isset($permissions[$profileid][$actionid]) && $permissions[$profileid][$actionid] == "0") { $result = true; } } return $result; }