static function createDefaultUserPermissionsAllDimension(Contact $user, $dimension_id, $remove_previous = true)
 {
     $role_id = $user->getUserType();
     $permission_group_id = $user->getPermissionGroupId();
     $dimension = Dimensions::getDimensionById($dimension_id);
     if (!$dimension instanceof Dimension || !$dimension->getDefinesPermissions()) {
         return;
     }
     try {
         DB::beginWork();
         $shtab_permissions = array();
         $new_permissions = array();
         $role_permissions = self::findAll(array('conditions' => 'role_id = ' . $role_id));
         $members = Members::findAll(array('conditions' => 'dimension_id = ' . $dimension_id));
         foreach ($members as $member) {
             $member_id = $member->getId();
             if ($remove_previous) {
                 ContactMemberPermissions::delete("permission_group_id = {$permission_group_id} AND member_id = {$member_id}");
             }
             foreach ($role_permissions as $role_perm) {
                 if ($member->canContainObject($role_perm->getObjectTypeId())) {
                     $cmp = new ContactMemberPermission();
                     $cmp->setPermissionGroupId($permission_group_id);
                     $cmp->setMemberId($member_id);
                     $cmp->setObjectTypeId($role_perm->getObjectTypeId());
                     $cmp->setCanDelete($role_perm->getCanDelete());
                     $cmp->setCanWrite($role_perm->getCanWrite());
                     $cmp->save();
                     $new_permissions[] = $cmp;
                     $perm = new stdClass();
                     $perm->m = $member_id;
                     $perm->r = 1;
                     $perm->w = $role_perm->getCanWrite();
                     $perm->d = $role_perm->getCanDelete();
                     $perm->o = $role_perm->getObjectTypeId();
                     $shtab_permissions[] = $perm;
                 }
             }
         }
         if (count($shtab_permissions)) {
             $stCtrl = new SharingTableController();
             $stCtrl->afterPermissionChanged($permission_group_id, $shtab_permissions);
         }
         DB::commit();
         return $new_permissions;
     } catch (Exception $e) {
         DB::rollback();
         throw $e;
     }
 }
	function delete() {
		// delete system permissions
		SystemPermissions::delete("`permission_group_id` = ".$this->getId());
		// delete member permissions
		ContactMemberPermissions::delete("`permission_group_id` = ".$this->getId());
		// delte dimension permissions
		ContactDimensionPermissions::delete("`permission_group_id` = ".$this->getId());
		// delete contact_permission_group entries
		ContactPermissionGroups::delete("`permission_group_id` = ".$this->getId());
		// delete tab panel permissions
		TabPanelPermissions::delete("`permission_group_id` = ".$this->getId());
		
		parent::delete();
	}
 function delete()
 {
     if (!can_manage_dimension_members(logged_user())) {
         flash_error(lang('no access permissions'));
         ajx_current("empty");
         return;
     }
     $member = Members::findById(get_id());
     if (!$member instanceof Member) {
         ajx_current("empty");
         return;
     }
     $ret = array();
     Hook::fire('check_additional_member_permissions', array('action' => 'delete', 'member' => $member, 'pg_id' => logged_user()->getPermissionGroupId()), $ret);
     if (count($ret) > 0 && !array_var($ret, 'ok')) {
         flash_error(array_var($ret, 'message'));
         ajx_current("empty");
         return;
     }
     try {
         DB::beginWork();
         if (!$member->canBeDeleted($error_message)) {
             throw new Exception($error_message);
         }
         $dim_id = $member->getDimensionId();
         // Remove from sharing table
         $sqlDeleteSharingTable = "DELETE sh FROM `" . TABLE_PREFIX . "sharing_table` sh\r\n\t\t\t\t\t\t\t\t\t\tLEFT JOIN `" . TABLE_PREFIX . "object_members` om\r\n\t\t\t\t\t\t\t\t\t\tON        om.object_id = sh.object_id\r\n\t\t\t\t\t\t\t\t\t\tWHERE     om.member_id = " . $member->getId() . " AND om.is_optimization = 0;";
         DB::execute($sqlDeleteSharingTable);
         $affectedObjectsRows = DB::executeAll("SELECT distinct(object_id) AS object_id FROM " . TABLE_PREFIX . "object_members where member_id = " . $member->getId() . " AND is_optimization = 0");
         if (is_array($affectedObjectsRows) && count($affectedObjectsRows) > 0) {
             $ids_str = "";
             foreach ($affectedObjectsRows as $row) {
                 $oid = $row['object_id'];
                 $ids_str .= ($ids_str == "" ? "" : ",") . $oid;
             }
             add_multilple_objects_to_sharing_table($ids_str, logged_user());
         }
         // remove member associations
         MemberPropertyMembers::delete('member_id = ' . $member->getId() . ' OR property_member_id = ' . $member->getId());
         MemberRestrictions::delete('member_id = ' . $member->getId() . ' OR restricted_member_id = ' . $member->getId());
         // remove from permissions tables
         ContactMemberPermissions::delete('member_id = ' . $member->getId());
         PermissionContexts::delete('member_id = ' . $member->getId());
         // remove associated content object
         if ($member->getObjectId() > 0) {
             $mobj = Objects::findObject($member->getObjectId());
             if ($mobj instanceof ContentDataObject) {
                 $mobj->delete();
             }
         }
         // delete from object_members
         ObjectMembers::delete('member_id = ' . $member->getId());
         Hook::fire('delete_member', $member, $ret);
         $parent_id = $member->getParentMemberId();
         $ok = $member->delete(false);
         if ($ok) {
             evt_add("reload dimension tree", array('dim_id' => $dim_id, 'node' => null));
             evt_add("try to select member", array('dimension_id' => $dim_id, 'id' => $parent_id));
         }
         DB::commit();
         flash_success(lang('success delete member', $member->getName()));
         if (get_id('start')) {
             ajx_current("start");
         } else {
             if (get_id('dont_reload')) {
                 ajx_current("empty");
             } else {
                 ajx_current("reload");
             }
         }
     } catch (Exception $e) {
         DB::rollback();
         flash_error($e->getMessage());
         ajx_current("empty");
     }
 }
Exemple #4
0
 function delete()
 {
     // change parent of child nodes
     $child_members = $this->getAllChildren();
     if (is_array($child_members)) {
         $parent = $this->getParentMember();
         foreach ($child_members as $child) {
             $child->setParentMemberId($this->getParentMemberId());
             if ($parent instanceof Member) {
                 $child->setDepth($parent->getDepth() + 1);
             } else {
                 $child->setDepth(1);
             }
             $child->save();
         }
     }
     // delete member restrictions
     MemberRestrictions::delete(array("`member_id` = ?", $this->getId()));
     MemberRestrictions::delete(array("`restricted_member_id` = ?", $this->getId()));
     // delete member properties
     MemberPropertyMembers::delete(array("`member_id` = ?", $this->getId()));
     MemberPropertyMembers::delete(array("`property_member_id` = ?", $this->getId()));
     // delete permissions
     ContactMemberPermissions::delete(array("member_id = ?", $this->getId()));
     // delete member objects (if they don't belong to another member)
     $sql = "SELECT `o`.`object_id` FROM `" . ObjectMembers::instance()->getTableName() . "` `o` WHERE `o`.`is_optimization`=0 AND `o`.`member_id`=" . $this->getId() . " AND NOT EXISTS (\n\t\t\tSELECT `om`.`object_id` FROM `" . ObjectMembers::instance()->getTableName() . "` `om` WHERE `om`.`object_id`=`o`.`object_id` AND `om`.`is_optimization`=0 AND `om`.`member_id`<>" . $this->getId() . ")";
     $result = DB::execute($sql);
     $rows = $result->fetchAll();
     if (!is_null($rows)) {
         foreach ($rows as $row) {
             $obj = Objects::findById(array_var($row, 'object_id'));
             $obj->delete();
         }
     }
     // delete object if member is a dimension_object
     if ($this->getObjectId()) {
         $object = Objects::findObject($this->getObjectId());
         if ($object instanceof ContentDataObject) {
             $object->delete();
         }
     }
     return parent::delete();
 }
	function delete() {
		if(!can_manage_dimension_members(logged_user())) {
			flash_error(lang('no access permissions'));
			ajx_current("empty");
			return;
		}
		$member = Members::findById(get_id());
		try {
			
			DB::beginWork();
			
			if (!$member->canBeDeleted($error_message)) {
				throw new Exception($error_message);
			}
			$dim_id = $member->getDimensionId();
			
			// Remove from shring table
			SharingTables::instance()->delete(" 
				object_id IN (
 				 SELECT distinct(object_id) FROM ".TABLE_PREFIX."object_members WHERE member_id = ".$member->getId()." AND is_optimization = 0
				)
			");
			$affectedObjectsRows = DB::executeAll("SELECT distinct(object_id) AS object_id FROM ".TABLE_PREFIX."object_members where member_id = ".$member->getId()." AND is_optimization = 0") ;
			if (is_array($affectedObjectsRows) && count($affectedObjectsRows) > 0) {
				foreach ( $affectedObjectsRows as $row ) {
					$oid = $row['object_id'];
					$object = Objects::findObject($row['object_id']); // return an instance of Message, contact, etc.
					/* @var $object ContentDataObject */
					if ($object instanceof ContentDataObject) {
						$object->addToSharingTable();
					}
				}
			}
			
			// remove member associations
			MemberPropertyMembers::delete('member_id = '.$member->getId().' OR property_member_id = '.$member->getId());
			MemberRestrictions::delete('member_id = '.$member->getId().' OR restricted_member_id = '.$member->getId());
			
			// remove from permissions tables
			ContactMemberPermissions::delete('member_id = '.$member->getId());
			PermissionContexts::delete('member_id = '.$member->getId());
			
			// remove associated content object
			if ($member->getObjectId() > 0) {
				$mobj = Objects::findObject($member->getObjectId());
				if ($mobj instanceof ContentDataObject) $mobj->delete();
			}
			
			// delete from object_members
			ObjectMembers::delete('member_id = '.$member->getId());
			
			Hook::fire('delete_member', $member, $ret);

//			ApplicationLogs::createLog($member, ApplicationLogs::ACTION_DELETE, false, true);
			$ok = $member->delete(false);
			if ($ok) {
				evt_add("reload dimension tree", array('dim_id' => $dim_id, 'node' => null));
				evt_add("select dimension member", array('dim_id' => $dim_id, 'node' => 'root'));
			}
			
			DB::commit();
			flash_success(lang('success delete member', $member->getName()));
			if (get_id('start')) {
				ajx_current("start");
			} else {
				if (get_id('dont_reload')) {
					ajx_current("empty");
				} else {
					ajx_current("reload");
				}
			}
		} catch (Exception $e) {
			DB::rollback();
			flash_error($e->getMessage());
			ajx_current("empty");
		}
	}
	static function createDefaultUserPermissionsAllDimension(Contact $user, $dimension_id, $remove_previous = true) {
		$role_id = $user->getUserType();
		$permission_group_id = $user->getPermissionGroupId();
		
		$dimension = Dimensions::getDimensionById($dimension_id);
		if (!$dimension instanceof Dimension || !$dimension->getDefinesPermissions()) return;
		
		try {
			
			$shtab_permissions = array();
			$new_permissions = array();
			$role_permissions = self::findAll(array('conditions' => 'role_id = '.$role_id));
			$members = Members::findAll(array('conditions' => 'dimension_id = '.$dimension_id));
			
			foreach ($members as $member) {
				$member_id = $member->getId();
				if ($remove_previous) {
					ContactMemberPermissions::delete("permission_group_id = $permission_group_id AND member_id = $member_id");
				}
				
				foreach ($role_permissions as $role_perm) {
					if ($member->canContainObject($role_perm->getObjectTypeId())) {
						$cmp = new ContactMemberPermission();
						$cmp->setPermissionGroupId($permission_group_id);
						$cmp->setMemberId($member_id);
						$cmp->setObjectTypeId($role_perm->getObjectTypeId());
						$cmp->setCanDelete($role_perm->getCanDelete());
						$cmp->setCanWrite($role_perm->getCanWrite());
						$cmp->save();
						$new_permissions[] = $cmp;
						
						$perm = new stdClass();
						$perm->m = $member_id;
						$perm->r = 1;
						$perm->w = $role_perm->getCanWrite();
						$perm->d = $role_perm->getCanDelete();
						$perm->o = $role_perm->getObjectTypeId();
						$shtab_permissions[] = $perm;
					}
				}
			}
			
			if (count($shtab_permissions)) {
				$cdp = ContactDimensionPermissions::instance()->findOne(array('conditions' => "permission_group_id = '$permission_group_id' AND dimension_id = $dimension_id"));
				if (!$cdp instanceof ContactDimensionPermission) {
					$cdp = new ContactDimensionPermission();
					$cdp->setPermissionGroupId($permission_group_id);
					$cdp->setContactDimensionId($dimension_id);
					$cdp->setPermissionType('check');
					$cdp->save();
				} else {
					if ($cdp->getPermissionType() == 'deny all') {
						$cdp->setPermissionType('check');
						$cdp->save();
					}
				}
				$stCtrl = new SharingTableController();
				$stCtrl->afterPermissionChanged($permission_group_id, $shtab_permissions);
			}
			
			return $new_permissions;
			
		} catch (Exception $e) {
			throw $e;
		}
	}
Exemple #7
0
function save_permissions($pg_id, $is_guest = false, $permissions_data = null, $save_cmps = true, $update_sharing_table = true, $fire_hook = true, $update_contact_member_cache = true, $users_ids_to_check = array(), $only_member_permissions = false)
{
    if (is_null($permissions_data)) {
        // system permissions
        $sys_permissions_data = array_var($_POST, 'sys_perm');
        // module permissions
        $mod_permissions_data = array_var($_POST, 'mod_perm');
        // root permissions
        if ($rp_genid = array_var($_POST, 'root_perm_genid')) {
            $rp_permissions_data = array();
            foreach ($_POST as $name => $value) {
                if (str_starts_with($name, $rp_genid . 'rg_root_')) {
                    $rp_permissions_data[$name] = $value;
                }
            }
        }
        // member permissions
        $permissionsString = array_var($_POST, 'permissions');
    } else {
        // system permissions
        $sys_permissions_data = array_var($permissions_data, 'sys_perm');
        // module permissions
        $mod_permissions_data = array_var($permissions_data, 'mod_perm');
        // root permissions
        $rp_genid = array_var($permissions_data, 'root_perm_genid');
        $rp_permissions_data = array_var($permissions_data, 'root_perm');
        // member permissions
        $permissionsString = array_var($permissions_data, 'permissions');
    }
    try {
        DB::beginWork();
        $changed_members = array();
        // save module permissions
        if (!$only_member_permissions) {
            try {
                TabPanelPermissions::clearByPermissionGroup($pg_id, true);
                if (!is_null($mod_permissions_data) && is_array($mod_permissions_data)) {
                    foreach ($mod_permissions_data as $tab_id => $val) {
                        DB::execute("INSERT INTO " . TABLE_PREFIX . "tab_panel_permissions (permission_group_id,tab_panel_id) VALUES ('{$pg_id}','{$tab_id}') ON DUPLICATE KEY UPDATE permission_group_id=permission_group_id");
                    }
                }
            } catch (Exception $e) {
                Logger::log("Error saving module permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
                throw $e;
            }
        }
        $root_permissions_sharing_table_delete = array();
        $root_permissions_sharing_table_add = array();
        if (logged_user() instanceof Contact && can_manage_security(logged_user())) {
            try {
                if (!$only_member_permissions) {
                    // save system permissions
                    $system_permissions = SystemPermissions::findById($pg_id);
                    if (!$system_permissions instanceof SystemPermission) {
                        $system_permissions = new SystemPermission();
                        $system_permissions->setPermissionGroupId($pg_id);
                    }
                    $system_permissions->setAllPermissions(false);
                    $other_permissions = array();
                    Hook::fire('add_user_permissions', $pg_id, $other_permissions);
                    foreach ($other_permissions as $k => $v) {
                        $system_permissions->setColumnValue($k, false);
                    }
                    // check max permissions for role, in case of modifying user's permissions
                    $role_id = "-1";
                    $tmp_contact = Contacts::findOne(array('conditions' => 'permission_group_id = ' . $pg_id));
                    if ($tmp_contact instanceof Contact) {
                        $role_id = $tmp_contact->getUserType();
                    }
                    $max_role_system_permissions = MaxSystemPermissions::findOne(array('conditions' => 'permission_group_id = ' . $role_id));
                    if ($max_role_system_permissions instanceof MaxSystemPermission) {
                        foreach ($sys_permissions_data as $col => &$val) {
                            $max_val = $max_role_system_permissions->getColumnValue($col);
                            if (!$max_val) {
                                unset($sys_permissions_data[$col]);
                            }
                        }
                    }
                    // don't allow to write emails for collaborators and guests
                    if ($tmp_contact instanceof Contact) {
                        $user_type_name = $tmp_contact->getUserTypeName();
                        if (!in_array($user_type_name, array('Super Administrator', 'Administrator', 'Manager', 'Executive'))) {
                            $mail_ot = ObjectTypes::findByName('mail');
                            if ($mail_ot instanceof ObjectType) {
                                DB::executeAll("UPDATE " . TABLE_PREFIX . "contact_member_permissions SET can_write=0, can_delete=0 WHERE object_type_id=" . $mail_ot->getId() . " AND permission_group_id={$pg_id}");
                            }
                        }
                    }
                    $sys_permissions_data['can_task_assignee'] = !$is_guest;
                    $system_permissions->setFromAttributes($sys_permissions_data);
                    $system_permissions->setUseOnDuplicateKeyWhenInsert(true);
                    $system_permissions->save();
                    //object type root permissions
                    $can_have_root_permissions = config_option('let_users_create_objects_in_root') && in_array($user_type_name, array('Super Administrator', 'Administrator', 'Manager', 'Executive'));
                    if ($rp_genid && $can_have_root_permissions) {
                        ContactMemberPermissions::delete("permission_group_id = {$pg_id} AND member_id = 0");
                        foreach ($rp_permissions_data as $name => $value) {
                            if (str_starts_with($name, $rp_genid . 'rg_root_')) {
                                $rp_ot = substr($name, strrpos($name, '_') + 1);
                                if (is_numeric($rp_ot) && $rp_ot > 0 && $value == 0) {
                                    $root_permissions_sharing_table_delete[] = $rp_ot;
                                }
                                if (!is_numeric($rp_ot) || $rp_ot <= 0 || $value < 1) {
                                    continue;
                                }
                                $root_permissions_sharing_table_add[] = $rp_ot;
                                // save with member_id = 0
                                $root_perm_cmp = new ContactMemberPermission();
                                $root_perm_cmp->setPermissionGroupId($pg_id);
                                $root_perm_cmp->setMemberId('0');
                                $root_perm_cmp->setObjectTypeId($rp_ot);
                                $root_perm_cmp->setCanWrite($value >= 2);
                                $root_perm_cmp->setCanDelete($value >= 3);
                                $root_perm_cmp->save();
                            }
                        }
                    }
                    if (!$can_have_root_permissions) {
                        ContactMemberPermissions::delete("permission_group_id = {$pg_id} AND member_id = 0");
                        $sh_controller = new SharingTableController();
                        $all_object_type_ids = ObjectTypes::findAll(array('id' => true));
                        $sh_controller->adjust_root_permissions($pg_id, array('root_permissions_sharing_table_delete' => $all_object_type_ids));
                    }
                }
            } catch (Exception $e) {
                Logger::log("Error saving system and root permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
                throw $e;
            }
        }
        // set all permissions to read_only if user is guest
        if ($is_guest) {
            try {
                $all_saved_permissions = ContactMemberPermissions::findAll(array("conditions" => "`permission_group_id` = {$pg_id}"));
                foreach ($all_saved_permissions as $sp) {
                    /* @var $sp ContactMemberPermission */
                    if ($sp->getCanDelete() || $sp->getCanWrite()) {
                        $sp->setCanDelete(false);
                        $sp->setCanWrite(false);
                        $sp->save();
                    }
                }
                $cdps = ContactDimensionPermissions::findAll(array("conditions" => "`permission_type` = 'allow all'"));
                foreach ($cdps as $cdp) {
                    $cdp->setPermissionType('check');
                    $cdp->save();
                }
            } catch (Exception $e) {
                Logger::log("Error setting guest user permissions to read_only for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
                throw $e;
            }
        }
        // check the status of the changed dimensions to set 'allow_all', 'deny_all' or 'check'
        try {
            $dimensions = Dimensions::findAll(array("conditions" => array("`id` IN (SELECT DISTINCT `dimension_id` FROM " . Members::instance()->getTableName(true) . " WHERE `id` IN (?))", $changed_members)));
            foreach ($dimensions as $dimension) {
                $dimension->setContactDimensionPermission($pg_id, 'check');
            }
        } catch (Exception $e) {
            Logger::log("Error setting dimension permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
            throw $e;
        }
        //member permissions
        if ($permissionsString && $permissionsString != '') {
            $permissions = json_decode($permissionsString);
        }
        if (isset($permissions) && !is_null($permissions) && is_array($permissions)) {
            try {
                $tmp_contact = Contacts::findOne(array('conditions' => 'permission_group_id = ' . $pg_id));
                if ($tmp_contact instanceof Contact) {
                    $user_type_name = $tmp_contact->getUserTypeName();
                    $role_id = $tmp_contact->getUserType();
                    $max_role_ot_perms = MaxRoleObjectTypePermissions::instance()->findAll(array('conditions' => "role_id = '{$role_id}'"));
                }
                $mail_ot = ObjectTypes::findByName('mail');
                $sql_insert_values = "";
                $member_object_types_to_delete = array();
                $allowed_members_ids = array();
                foreach ($permissions as &$perm) {
                    if (!isset($all_perm_deleted[$perm->m])) {
                        $all_perm_deleted[$perm->m] = true;
                    }
                    $allowed_members_ids[$perm->m] = array();
                    $allowed_members_ids[$perm->m]['pg'] = $pg_id;
                    if ($perm->r) {
                        if (isset($allowed_members_ids[$perm->m]['w'])) {
                            if ($allowed_members_ids[$perm->m]['w'] != 1) {
                                $allowed_members_ids[$perm->m]['w'] = $is_guest ? false : $perm->w;
                            }
                        } else {
                            $allowed_members_ids[$perm->m]['w'] = $is_guest ? false : $perm->w;
                        }
                        if (isset($allowed_members_ids[$perm->m]['d'])) {
                            if ($allowed_members_ids[$perm->m]['d'] != 1) {
                                $allowed_members_ids[$perm->m]['d'] = $is_guest ? false : $perm->d;
                            }
                        } else {
                            $allowed_members_ids[$perm->m]['d'] = $is_guest ? false : $perm->d;
                        }
                        // check max permissions for user type
                        if ($tmp_contact instanceof Contact) {
                            $max_perm = null;
                            foreach ($max_role_ot_perms as $max_role_ot_perm) {
                                if ($max_role_ot_perm->getObjectTypeId() == $perm->o) {
                                    $max_perm = $max_role_ot_perm;
                                }
                            }
                            if ($max_perm) {
                                if (!$max_perm->getCanDelete()) {
                                    $perm->d = 0;
                                }
                                if (!$max_perm->getCanWrite()) {
                                    $perm->w = 0;
                                }
                            } else {
                                $perm->d = 0;
                                $perm->w = 0;
                                $perm->r = 0;
                            }
                        }
                        if ($save_cmps) {
                            // don't allow to write emails for collaborators and guests
                            if ($tmp_contact instanceof Contact && !in_array($user_type_name, array('Super Administrator', 'Administrator', 'Manager', 'Executive'))) {
                                if ($mail_ot instanceof ObjectType && $perm->o == $mail_ot->getId()) {
                                    $perm->d = 0;
                                    $perm->w = 0;
                                }
                            }
                            $sql_insert_values .= ($sql_insert_values == "" ? "" : ",") . "('" . $pg_id . "','" . $perm->m . "','" . $perm->o . "','" . $perm->d . "','" . $perm->w . "')";
                            if (!isset($member_object_types_to_delete[$perm->m])) {
                                $member_object_types_to_delete[$perm->m] = array();
                            }
                            $member_object_types_to_delete[$perm->m][] = $perm->o;
                        }
                        $all_perm_deleted[$perm->m] = false;
                    } else {
                        if (is_numeric($perm->m) && is_numeric($perm->o)) {
                            DB::execute("DELETE FROM " . TABLE_PREFIX . "contact_member_permissions WHERE member_id='" . $perm->m . "' AND object_type_id='" . $perm->o . "' AND permission_group_id={$pg_id}");
                        }
                    }
                    $changed_members[] = $perm->m;
                }
                if ($save_cmps) {
                    if (count($all_perm_deleted) > 0) {
                        $member_ids_to_delete = array();
                        foreach ($all_perm_deleted as $mid => $del) {
                            // also check in contact_member_permissions
                            $cmps = ContactMemberPermissions::findAll(array('conditions' => 'permission_group_id=' . $pg_id . " AND member_id={$mid}"));
                            if ($del && (!is_array($cmps) || count($cmps) == 0)) {
                                $member_ids_to_delete[] = $mid;
                            }
                        }
                        if (count($member_ids_to_delete) > 0) {
                            DB::execute("DELETE FROM " . TABLE_PREFIX . "contact_member_permissions WHERE member_id IN (" . implode(',', $member_ids_to_delete) . ") AND permission_group_id={$pg_id}");
                        }
                    }
                    foreach ($member_object_types_to_delete as $mid => $obj_type_ids) {
                        if (count($obj_type_ids) > 0) {
                            DB::execute("DELETE FROM " . TABLE_PREFIX . "contact_member_permissions WHERE member_id={$mid} AND object_type_id IN (" . implode(',', $obj_type_ids) . ") AND permission_group_id={$pg_id}");
                        }
                    }
                    if ($sql_insert_values != "") {
                        DB::execute("INSERT INTO " . TABLE_PREFIX . "contact_member_permissions (permission_group_id, member_id, object_type_id, can_delete, can_write) VALUES {$sql_insert_values} ON DUPLICATE KEY UPDATE member_id=member_id");
                    }
                }
            } catch (Exception $e) {
                Logger::log("Error saving member permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
                throw $e;
            }
        }
        DB::commit();
    } catch (Exception $e) {
        Logger::log("Error saving permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
        DB::rollback();
    }
    try {
        if (isset($permissions) && !is_null($permissions) && is_array($permissions)) {
            if ($update_sharing_table) {
                try {
                    $sharingTablecontroller = new SharingTableController();
                    $rp_info = array('root_permissions_sharing_table_delete' => $root_permissions_sharing_table_delete, 'root_permissions_sharing_table_add' => $root_permissions_sharing_table_add);
                    $sharingTablecontroller->afterPermissionChanged($pg_id, $permissions, $rp_info);
                } catch (Exception $e) {
                    Logger::log("Error saving permissions to sharing table for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
                    throw $e;
                }
            }
            if ($update_contact_member_cache) {
                try {
                    $contactMemberCacheController = new ContactMemberCacheController();
                    $group = PermissionGroups::findById($pg_id);
                    $real_group = null;
                    if ($group->getType() == 'user_groups') {
                        $real_group = $group;
                    }
                    $users = $group->getUsers();
                    $users_ids_checked = array();
                    foreach ($users as $us) {
                        $users_ids_checked[] = $us->getId();
                        $contactMemberCacheController->afterUserPermissionChanged($us, $permissions, $real_group);
                    }
                    //check all users related to the group
                    foreach ($users_ids_to_check as $us_id) {
                        if (!in_array($us_id, $users_ids_checked)) {
                            $users_ids_checked[] = $us_id;
                            $us = Contacts::findById($us_id);
                            if ($us instanceof Contact) {
                                $contactMemberCacheController->afterUserPermissionChanged($us, $permissions, $real_group);
                            }
                        }
                    }
                } catch (Exception $e) {
                    Logger::log("Error saving permissions to contact member cache for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
                    throw $e;
                }
            }
        }
    } catch (Exception $e) {
        Logger::log("Error saving module permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
    }
    if ($fire_hook) {
        Hook::fire('after_save_contact_permissions', $pg_id, $pg_id);
    }
    // remove contact object from members where permissions were deleted
    $user = Contacts::findOne(array('conditions' => 'permission_group_id=' . $pg_id));
    if ($user instanceof Contact) {
        $to_remove = array();
        if (isset($all_perm_deleted) && is_array($all_perm_deleted)) {
            foreach ($all_perm_deleted as $m_id => $must_remove) {
                if ($must_remove) {
                    $to_remove[] = $m_id;
                }
            }
            ObjectMembers::removeObjectFromMembers($user, logged_user(), null, $to_remove);
        }
    }
}
Exemple #8
0
	function delete($check = true) {
		if ($check && !$this->canBeDeleted($error_message)) {
			throw new Exception($error_message);
		}
		// change parent of child nodes
		$child_members = $this->getAllChildren();
		if (is_array($child_members)) {
			$parent = $this->getParentMember();
			foreach($child_members as $child) {
				$child->setParentMemberId($this->getParentMemberId());
				if ($parent instanceof Member) {
					$child->setDepth($parent->getDepth()+1);
				} else $child->setDepth(1);
				$child->save();
			}
		}
		
		// delete member restrictions
		MemberRestrictions::delete(array("`member_id` = ?", $this->getId()));
		MemberRestrictions::delete(array("`restricted_member_id` = ?", $this->getId()));
		
		// delete member properties
		MemberPropertyMembers::delete(array("`member_id` = ?", $this->getId()));
		MemberPropertyMembers::delete(array("`property_member_id` = ?", $this->getId()));
		
		// delete permissions
		ContactMemberPermissions::delete(array("member_id = ?", $this->getId()));
		
		// delete member objects (if they don't belong to another member)
		$sql = "SELECT `o`.`object_id` FROM `".ObjectMembers::instance()->getTableName()."` `o` WHERE `o`.`is_optimization`=0 AND `o`.`member_id`=".$this->getId()." AND NOT EXISTS (
			SELECT `om`.`object_id` FROM `".ObjectMembers::instance()->getTableName()."` `om` WHERE `om`.`object_id`=`o`.`object_id` AND `om`.`is_optimization`=0 AND `om`.`member_id`<>".$this->getId().")";
		$result = DB::execute($sql);
    	$rows = $result->fetchAll();
    	if (!is_null($rows)) {
	    	foreach ($rows as $row) {
	    		$obj = Objects::findById(array_var($row, 'object_id'));
	    		$obj->delete();
	    	}
    	}
    	
    	// clean object_members
    	ObjectMembers::delete("member_id = ".$this->getId());
		
		// delete object if member is a dimension_object
		if ($this->getObjectId()) {
			$object = Objects::findObject($this->getObjectId());
			if ($object instanceof ContentDataObject) $object->delete();
		}
		
		ApplicationLogs::createLog($this, ApplicationLogs::ACTION_DELETE, false, true, true, 'member deleted');
		
		return parent::delete();
	}