/** * static getUserActions($user_id,$refresh=false, $category='', $action='') * returns a list of user actions * @param GUID $user_id * @param BOOLEAN $refresh * @param STRING $category * @param STRING $action * @return ARRAY of ACLActionsArray */ static function getUserActions($user_id, $refresh = false, $category = '', $type = '', $action = '') { //check in the session if we already have it loaded if (!$refresh && !empty($_SESSION['ACL'][$user_id])) { if (empty($category) && empty($action)) { return $_SESSION['ACL'][$user_id]; } else { if (!empty($category) && isset($_SESSION['ACL'][$user_id][$category])) { if (empty($action)) { if (empty($type)) { return $_SESSION['ACL'][$user_id][$category]; } return $_SESSION['ACL'][$user_id][$category][$type]; } else { if (!empty($type) && isset($_SESSION['ACL'][$user_id][$category][$type][$action])) { return $_SESSION['ACL'][$user_id][$category][$type][$action]; } } } } } //if we don't have it loaded then lets check against the db $additional_where = ''; $db = DBManagerFactory::getInstance(); if (!empty($category)) { $additional_where .= " AND acl_actions.category = '{$category}' "; } if (!empty($action)) { $additional_where .= " AND acl_actions.name = '{$action}' "; } if (!empty($type)) { $additional_where .= " AND acl_actions.acltype = '{$type}' "; } /* BEGIN - SECURITY GROUPS */ /** $query = "SELECT acl_actions .*, acl_roles_actions.access_override FROM acl_actions LEFT JOIN acl_roles_users ON acl_roles_users.user_id = '$user_id' AND acl_roles_users.deleted = 0 LEFT JOIN acl_roles_actions ON acl_roles_actions.role_id = acl_roles_users.role_id AND acl_roles_actions.action_id = acl_actions.id AND acl_roles_actions.deleted=0 WHERE acl_actions.deleted=0 $additional_where ORDER BY category,name"; */ $query = "(SELECT acl_actions .*, acl_roles_actions.access_override, 1 as user_role\n\t\t\t\tFROM acl_actions\n\t\t\t\tINNER JOIN acl_roles_users ON acl_roles_users.user_id = '{$user_id}' AND acl_roles_users.deleted = 0\n\t\t\t\tLEFT JOIN acl_roles_actions ON acl_roles_actions.role_id = acl_roles_users.role_id AND acl_roles_actions.action_id = acl_actions.id AND acl_roles_actions.deleted=0\n\t\t\t\tWHERE acl_actions.deleted=0 {$additional_where} )\n\n\t\t\t\tUNION\n\n\t\t\t\t(SELECT acl_actions .*, acl_roles_actions.access_override, 0 as user_role\n\t\t\t\tFROM acl_actions\n\t\t\t\tINNER JOIN securitygroups_users ON securitygroups_users.user_id = '{$user_id}' AND securitygroups_users.deleted = 0\n\t\t\t\tINNER JOIN securitygroups_acl_roles ON securitygroups_users.securitygroup_id = securitygroups_acl_roles.securitygroup_id and securitygroups_acl_roles.deleted = 0\n\t\t\t\tLEFT JOIN acl_roles_actions ON acl_roles_actions.role_id = securitygroups_acl_roles.role_id AND acl_roles_actions.action_id = acl_actions.id AND acl_roles_actions.deleted=0\n\t\t\t\tWHERE acl_actions.deleted=0 {$additional_where} )\n\n\t\t\t\tUNION\n\n\t\t\t\t(SELECT acl_actions.*, 0 as access_override, -1 as user_role\n\t\t\t\tFROM acl_actions\n\t\t\t\tWHERE acl_actions.deleted = 0 )\n\n\t\t\t\tORDER BY user_role desc, category,name,access_override desc"; //want non-null to show first /* END - SECURITY GROUPS */ $result = $db->query($query); $selected_actions = array(); /* BEGIN - SECURITY GROUPS */ global $sugar_config; $has_user_role = false; //used for user_role_precedence $has_role = false; //used to determine if default actions can be ignored. If a user has a defined role don't use the defaults /* END - SECURITY GROUPS */ while ($row = $db->fetchByAssoc($result, FALSE)) { /* BEGIN - SECURITY GROUPS */ if ($has_user_role == false && $row['user_role'] == 1) { $has_user_role = true; } if ($has_role == false && ($row['user_role'] == 1 || $row['user_role'] == 0)) { $has_role = true; } //if user roles should take precedence over group roles and we have a user role //break when we get to processing the group roles if ($has_user_role == true && $row['user_role'] == 0 && isset($sugar_config['securitysuite_user_role_precedence']) && $sugar_config['securitysuite_user_role_precedence'] == true) { break; } if ($row['user_role'] == -1 && $has_role == true) { break; //no need for default actions when a role is assigned to the user or user's group already } /* END - SECURITY GROUPS */ $acl = new ACLAction(); $isOverride = false; $acl->populateFromRow($row); if (!empty($row['access_override'])) { $acl->aclaccess = $row['access_override']; $isOverride = true; } if (!isset($selected_actions[$acl->category])) { $selected_actions[$acl->category] = array(); } if (!isset($selected_actions[$acl->category][$acl->acltype][$acl->name]) || (isset($sugar_config['securitysuite_additive']) && $sugar_config['securitysuite_additive'] == true && $selected_actions[$acl->category][$acl->acltype][$acl->name]['aclaccess'] < $acl->aclaccess || (!isset($sugar_config['securitysuite_additive']) || $sugar_config['securitysuite_additive'] == false) && $selected_actions[$acl->category][$acl->acltype][$acl->name]['aclaccess'] > $acl->aclaccess) && $isOverride || !empty($selected_actions[$acl->category][$acl->acltype][$acl->name]['isDefault']) && $isOverride) { $selected_actions[$acl->category][$acl->acltype][$acl->name] = $acl->toArray(); $selected_actions[$acl->category][$acl->acltype][$acl->name]['isDefault'] = !$isOverride; } } //only set the session variable if it was a full list; if (empty($category) && empty($action)) { if (!isset($_SESSION['ACL'])) { $_SESSION['ACL'] = array(); } $_SESSION['ACL'][$user_id] = $selected_actions; } else { if (empty($action) && !empty($category)) { if (!empty($type)) { $_SESSION['ACL'][$user_id][$category][$type] = $selected_actions[$category][$type]; } $_SESSION['ACL'][$user_id][$category] = $selected_actions[$category]; } else { if (!empty($action) && !empty($category) && !empty($type)) { $_SESSION['ACL'][$user_id][$category][$type][$action] = $selected_actions[$category][$action]; } } } // Sort by translated categories uksort($selected_actions, "ACLAction::langCompare"); return $selected_actions; }
/** * static getRoleActions($role_id) * * gets the actions of a given role * * @param GUID $role_id * * @return array of actions */ function getRoleActions($role_id, $type = 'module') { global $beanList; //if we don't have it loaded then lets check against the db $additional_where = ''; $db = DBManagerFactory::getInstance(); $query = "SELECT acl_actions.*"; //only if we have a role id do we need to join the table otherwise lets use the ones defined in acl_actions as the defaults if (!empty($role_id)) { $query .= " ,acl_roles_actions.access_override "; } $query .= " FROM acl_actions "; if (!empty($role_id)) { $query .= " LEFT JOIN acl_roles_actions ON acl_roles_actions.role_id = '{$role_id}' AND acl_roles_actions.action_id = acl_actions.id AND acl_roles_actions.deleted = 0"; } $query .= " WHERE acl_actions.deleted=0 ORDER BY acl_actions.category, acl_actions.name"; $result = $db->query($query); $role_actions = []; while ($row = $db->fetchByAssoc($result)) { $action = new ACLAction(); $action->populateFromRow($row); if (!empty($row['access_override'])) { $action->aclaccess = $row['access_override']; } else { $action->aclaccess = ACL_ALLOW_DEFAULT; } //#27877 . If there is no this module in beanlist , we will not show them in UI, no matter this module was deleted or not in ACL_ACTIONS table. if (empty($beanList[$action->category])) { continue; } //end if (!isset($role_actions[$action->category])) { $role_actions[$action->category] = []; } $role_actions[$action->category][$action->acltype][$action->name] = $action->toArray(); } // Sort by translated categories uksort($role_actions, "ACLRole::langCompare"); return $role_actions; }
/** * static getUserActions($user_id,$refresh=false, $category='', $action='') * returns a list of user actions * @param GUID $user_id * @param BOOLEAN $refresh * @param STRING $category * @param STRING $action * @return ARRAY of ACLActionsArray */ function getUserActions($user_id, $refresh = false, $category = '', $type = '', $action = '') { //check in the session if we already have it loaded if (!$refresh && !empty($_SESSION['ACL'][$user_id])) { if (empty($category) && empty($action)) { return $_SESSION['ACL'][$user_id]; } else { if (!empty($category) && isset($_SESSION['ACL'][$user_id][$category])) { if (empty($action)) { if (empty($type)) { return $_SESSION['ACL'][$user_id][$category]; } return $_SESSION['ACL'][$user_id][$category][$type]; } else { if (!empty($type) && isset($_SESSION['ACL'][$user_id][$category][$type][$action])) { return $_SESSION['ACL'][$user_id][$category][$type][$action]; } } } } } //if we don't have it loaded then lets check against the db $additional_where = ''; $db = DBManagerFactory::getInstance(); if (!empty($category)) { $additional_where .= " AND {$this->table_name}.category = '{$category}' "; } if (!empty($action)) { $additional_where .= " AND {$this->table_name}.name = '{$action}' "; } if (!empty($type)) { $additional_where .= " AND {$this->table_name}.acltype = '{$type}' "; } $query = null; if ($db->dbType == 'oci8') { } if (empty($query)) { $query = "SELECT acl_actions .*, acl_roles_actions.access_override \n FROM acl_actions \n LEFT JOIN acl_roles_users ON acl_roles_users.user_id = '{$user_id}' AND acl_roles_users.deleted = 0\n LEFT JOIN acl_roles_actions ON acl_roles_actions.role_id = acl_roles_users.role_id AND acl_roles_actions.action_id = acl_actions.id AND acl_roles_actions.deleted=0\n WHERE acl_actions.deleted=0 {$additional_where} ORDER BY category,name"; } $result = $db->query($query); $selected_actions = array(); while ($row = $db->fetchByAssoc($result)) { $acl = new ACLAction(); $isOverride = false; $acl->populateFromRow($row); if (!empty($row['access_override'])) { $acl->aclaccess = $row['access_override']; $isOverride = true; } if (!isset($selected_actions[$acl->category])) { $selected_actions[$acl->category] = array(); } if (!isset($selected_actions[$acl->category][$acl->acltype][$acl->name]) || $selected_actions[$acl->category][$acl->acltype][$acl->name]['aclaccess'] > $acl->aclaccess && $isOverride || !empty($selected_actions[$acl->category][$acl->acltype][$acl->name]['isDefault']) && $isOverride) { $selected_actions[$acl->category][$acl->acltype][$acl->name] = $acl->toArray(); $selected_actions[$acl->category][$acl->acltype][$acl->name]['isDefault'] = !$isOverride; } } //only set the session variable if it was a full list; if (empty($category) && empty($action)) { if (!isset($_SESSION['ACL'])) { $_SESSION['ACL'] = array(); } $_SESSION['ACL'][$user_id] = $selected_actions; } else { if (empty($action) && !empty($category)) { if (!empty($type)) { $_SESSION['ACL'][$user_id][$category][$type] = $selected_actions[$category][$type]; } $_SESSION['ACL'][$user_id][$category] = $selected_actions[$category]; } else { if (!empty($action) && !empty($category) && !empty($type)) { $_SESSION['ACL'][$user_id][$category][$type][$action] = $selected_actions[$category][$action]; } } } return $selected_actions; }
public function testtoArray() { $aclAction = new ACLAction(); //wihout any fields set $expected = array('id' => null, 'aclaccess' => null); $actual = $aclAction->toArray(); $this->assertSame($expected, $actual); //with fileds pre populated $aclAction->populateFromRow(array('id' => '1234', 'aclaccess' => '9999')); $expected = array('id' => '1234', 'aclaccess' => '9999'); $actual = $aclAction->toArray(); $this->assertSame($expected, $actual); }
/** * static getRoleActions($role_id) * * gets the actions of a given role * * @param GUID $role_id * @return array of actions */ function getRoleActions($role_id, $type = 'module') { //if we don't have it loaded then lets check against the db $additional_where = ''; $db =& PearDatabase::getInstance(); $query = "SELECT acl_actions.*"; //only if we have a role id do we need to join the table otherwise lets use the ones defined in acl_actions as the defaults if (!empty($role_id)) { $query .= " ,acl_roles_actions.access_override "; } $query .= " FROM acl_actions "; if (!empty($role_id)) { $query .= " LEFT JOIN acl_roles_actions ON acl_roles_actions.role_id = '{$role_id}' AND acl_roles_actions.action_id = acl_actions.id AND acl_roles_actions.deleted = 0"; } $query .= " WHERE acl_actions.deleted=0 ORDER BY acl_actions.category, acl_actions.name"; $result = $db->query($query); $role_actions = array(); while ($row = $db->fetchByAssoc($result)) { $action = new ACLAction(); $action->populateFromRow($row); if (!empty($row['access_override'])) { $action->aclaccess = $row['access_override']; } else { $action->aclaccess = ACL_ALLOW_DEFAULT; } if (!isset($role_actions[$action->category])) { $role_actions[$action->category] = array(); } $role_actions[$action->category][$action->acltype][$action->name] = $action->toArray(); } return $role_actions; }
/** * static getUserActions($user_id,$refresh=false, $category='', $action='') * returns a list of user actions * @param GUID $user_id * @param BOOLEAN $refresh * @param STRING $category * @param STRING $action * @return ARRAY of ACLActionsArray */ static function getUserActions($user_id, $refresh = false, $category = '', $type = '', $action = '') { //check in the session if we already have it loaded if (!$refresh && !empty($_SESSION['ACL'][$user_id])) { if (empty($category) && empty($action)) { return $_SESSION['ACL'][$user_id]; } else { if (!empty($category) && isset($_SESSION['ACL'][$user_id][$category])) { if (empty($action)) { if (empty($type)) { return $_SESSION['ACL'][$user_id][$category]; } return $_SESSION['ACL'][$user_id][$category][$type]; } else { if (!empty($type) && isset($_SESSION['ACL'][$user_id][$category][$type][$action])) { return $_SESSION['ACL'][$user_id][$category][$type][$action]; } } } } } //if we don't have it loaded then lets check against the db $additional_where = ''; $db = DBManagerFactory::getInstance(); if (!empty($category)) { $additional_where .= " AND acl_actions.category = '{$category}' "; } if (!empty($action)) { $additional_where .= " AND acl_actions.name = '{$action}' "; } if (!empty($type)) { $additional_where .= " AND acl_actions.acltype = '{$type}' "; } $query = "SELECT acl_actions .*, acl_roles_actions.access_override\n FROM acl_actions\n LEFT JOIN acl_roles_users ON acl_roles_users.user_id = '{$user_id}' AND acl_roles_users.deleted = 0\n LEFT JOIN acl_roles_actions ON acl_roles_actions.role_id = acl_roles_users.role_id AND acl_roles_actions.action_id = acl_actions.id AND acl_roles_actions.deleted=0\n WHERE acl_actions.deleted=0 {$additional_where} ORDER BY category,name"; $result = $db->query($query); $selected_actions = array(); while ($row = $db->fetchByAssoc($result, FALSE)) { $acl = new ACLAction(); $isOverride = false; $acl->populateFromRow($row); if (!empty($row['access_override'])) { $acl->aclaccess = $row['access_override']; $isOverride = true; } $jrmis_modules = array('JrMis_BackMoney', 'JrMis_BankQuery', 'JrMis_BankUsers', 'JrMis_Borrowers', 'JrMis_Conduits', 'JrMis_Departments', 'JrMis_FinaaceCompanies', 'JrMis_FinanceProducts', 'asol_Reports', 'Users'); if (!in_array($acl->category, $jrmis_modules)) { continue; } if (!isset($selected_actions[$acl->category])) { $selected_actions[$acl->category] = array(); } if (!isset($selected_actions[$acl->category][$acl->acltype][$acl->name]) || $selected_actions[$acl->category][$acl->acltype][$acl->name]['aclaccess'] > $acl->aclaccess && $isOverride || !empty($selected_actions[$acl->category][$acl->acltype][$acl->name]['isDefault']) && $isOverride) { $selected_actions[$acl->category][$acl->acltype][$acl->name] = $acl->toArray(); $selected_actions[$acl->category][$acl->acltype][$acl->name]['isDefault'] = !$isOverride; } } //only set the session variable if it was a full list; if (empty($category) && empty($action)) { if (!isset($_SESSION['ACL'])) { $_SESSION['ACL'] = array(); } $_SESSION['ACL'][$user_id] = $selected_actions; } else { if (empty($action) && !empty($category)) { if (!empty($type)) { $_SESSION['ACL'][$user_id][$category][$type] = $selected_actions[$category][$type]; } $_SESSION['ACL'][$user_id][$category] = $selected_actions[$category]; } else { if (!empty($action) && !empty($category) && !empty($type)) { $_SESSION['ACL'][$user_id][$category][$type][$action] = $selected_actions[$category][$action]; } } } // Sort by translated categories uksort($selected_actions, "ACLAction::langCompare"); return $selected_actions; }