/**
* @deprecated
* Enter description here ...
* @param unknown_type $dm_conditions
* @param unknown_type $dimension
* @param unknown_type $member_ids
* @param unknown_type $object_type_id
* @param unknown_type $pg_ids
* @param unknown_type $operator
* @param unknown_type $selection_members
* @param unknown_type $all
*/
static function prepareQuery($dm_conditions, $dimension, $member_ids, $object_type_id, $pg_ids, $operator, $selection_members, $all = false)
{
$permission_conditions = "";
$member_ids_csv = count($member_ids) > 0 ? implode(",", $member_ids) : '0';
$check = $dimension->getDefinesPermissions() && !$dimension->hasAllowAllForContact($pg_ids);
if ($check) {
// context permissions
$context_conditions = "";
$context_permission_member_ids = array();
$context_permission_member_ids = ContactMemberPermissions::getActiveContextPermissions(logged_user(), $object_type_id, $selection_members, $member_ids);
if (count($context_permission_member_ids) != 0) {
$context_conditions .= "OR EXISTS (SELECT `om2`.`object_id` FROM `" . TABLE_PREFIX . "object_members` `om2` WHERE\r\n\t \t\t\t\t\t\t\t`om2`.`object_id` = `om`.`object_id` AND `o`.`object_type_id` = {$object_type_id} \r\n\t \t\t\t\t\t\t\tAND `om2`.`member_id` IN (" . implode(",", $context_permission_member_ids) . "))";
}
$permission_conditions = "AND EXISTS (SELECT `cmp`.`member_id` FROM `" . TABLE_PREFIX . "contact_member_permissions` \r\n \t\t\t\t\t\t`cmp` WHERE `om2`.`member_id` = `cmp`.`member_id` AND `cmp`.`permission_group_id` IN ({$pg_ids}) AND \r\n \t\t\t\t\t\t`o`.`object_type_id` = `cmp`.`object_type_id`) {$context_conditions}";
}
$not_exists = "OR NOT EXISTS (SELECT `om2`.`object_id` FROM `" . TABLE_PREFIX . "object_members` `om2` WHERE\r\n \t\t\t\t\t\t`om2`.`object_id` = `om`.`object_id` AND `om2`.`member_id` IN (" . $member_ids_csv . ")\r\n \t\t\t\t\t\tAND `om2`.`is_optimization` = 0)";
$dm_condition = "EXISTS (SELECT `om2`.`object_id` FROM `" . TABLE_PREFIX . "object_members` `om2` WHERE\r\n \t\t\t\t\t\t`om2`.`object_id` = `om`.`object_id` AND `om2`.`member_id` IN (" . $member_ids_csv . ")\r\n \t\t\t\t\t\tAND `om2`.`is_optimization` = 0 {$permission_conditions})";
if ($all) {
$condition = "({$dm_condition} {$not_exists})";
$operator = "AND";
} else {
$condition = $dm_condition;
}
$dm_conditions = $dm_conditions != "" ? " {$operator} {$condition}" : " {$condition}";
return $dm_conditions;
}
/**
* Return true is $user can access an $object. False otherwise.
*
* @param Contact $user
* @param array $members
* @param $object_type_id
* @return boolean
*/
function can_access(Contact $user, $members, $object_type_id, $access_level){
if($user->isAdministrator()){
return true;
}
$write = $access_level == ACCESS_LEVEL_WRITE;
$delete = $access_level == ACCESS_LEVEL_DELETE;
if (($user->isGuest() && $access_level!= ACCESS_LEVEL_READ) || !count($members)>0) return false;
try {
$contact_pg_ids = ContactPermissionGroups::getPermissionGroupIdsByContactCSV($user->getId(),false);
$allow_all_cache = array();
$dimension_query_methods = array();
$dimension_permissions = array();
foreach($members as $k => $m){
if (!$m instanceof Member) {
unset($members[$k]);
continue;
}
$dimension = $m->getDimension();
if(!$dimension->getDefinesPermissions()){
continue;
}
$dimension_id = $dimension->getId();
if (!isset($dimension_permissions[$dimension_id])) {
$dimension_permissions[$dimension_id]=false;
}
if (!$dimension_permissions[$dimension_id]){
if ($m->canContainObject($object_type_id)){
if (!isset($dimension_query_methods[$dimension->getId()])) {
$dimension_query_methods[$dimension->getId()] = $dimension->getPermissionQueryMethod();
}
//dimension defines permissions and user has maximum level of permissions
if (isset($allow_all_cache[$dimension_id])) {
$allow_all = $allow_all_cache[$dimension_id];
} else {
$allow_all = $dimension->hasAllowAllForContact($contact_pg_ids);
$allow_all_cache[$dimension_id] = $allow_all;
}
if ($allow_all) {
$dimension_permissions[$dimension_id]=true;
}
//check individual members
if (!$dimension_permissions[$dimension_id] && ContactMemberPermissions::contactCanReadObjectTypeinMember($contact_pg_ids, $m->getId(), $object_type_id, $write, $delete, $user)){
$dimension_permissions[$dimension_id]=true;
}
} else {
unset($dimension_permissions[$dimension_id]);
}
}
}
$allowed = true;
// check that user has permissions in all mandatory query method dimensions
$mandatory_count = 0;
foreach ($dimension_query_methods as $dim_id => $qmethod) {
if ($qmethod == DIMENSION_PERMISSION_QUERY_METHOD_MANDATORY) {
$mandatory_count++;
if (!array_var($dimension_permissions, $dim_id)) {
// if one of the members belong to a mandatory dimension and user does not have permissions on it then return false
return false;
}
}
}
// If no members in mandatory dimensions then check for not mandatory ones
if ($allowed && $mandatory_count == 0) {
foreach ($dimension_query_methods as $dim_id => $qmethod) {
if ($qmethod == DIMENSION_PERMISSION_QUERY_METHOD_NOT_MANDATORY) {
if (array_var($dimension_permissions, $dim_id)) {
// if has permissions over any member of a non mandatory dimension then return true
return true;
} else {
$allowed = false;
}
}
}
}
if ($allowed && count($dimension_permissions)) {
return true;
}
// Si hasta aca tienen perm en todas las dim, return true. Si hay alguna que no tiene perm sigo
//Check Context Permissions
$member_ids = array();
foreach ($members as $member_obj) $member_ids[] = $member_obj->getId();
$allowed_members = ContactMemberPermissions::getActiveContextPermissions($user, $object_type_id, $members, $member_ids, $write, $delete);
$count=0;
foreach($members as $m){
$count++;
if (!in_array($m->getId(), $allowed_members)) return false;
else if ($count==count($members)) return true;
}
}
catch(Exception $e) {
tpl_assign('error', $e);
return false;
}
return false;
}
/**
* Return true is $user can access an $object. False otherwise.
*
* @param Contact $user
* @param array $members
* @param $object_type_id
* @return boolean
*/
function can_access(Contact $user, $members, $object_type_id, $access_level)
{
if ($user->isAdministrator()) {
return true;
}
$write = $access_level == ACCESS_LEVEL_WRITE;
$delete = $access_level == ACCESS_LEVEL_DELETE;
if ($user->isGuest() && $access_level != ACCESS_LEVEL_READ || !count($members) > 0) {
return false;
}
try {
$contact_pg_ids = ContactPermissionGroups::getPermissionGroupIdsByContactCSV($user->getId(), false);
$allow_all_cache = array();
$dimension_permissions = array();
foreach ($members as $k => $m) {
if (!$m instanceof Member) {
unset($members[$k]);
continue;
}
$dimension = $m->getDimension();
if (!$dimension->getDefinesPermissions()) {
continue;
}
$dimension_id = $dimension->getId();
if (!isset($dimension_permissions[$dimension_id])) {
$dimension_permissions[$dimension_id] = false;
}
if (!$dimension_permissions[$dimension_id]) {
if ($m->canContainObject($object_type_id)) {
//dimension defines permissions and user has maximum level of permissions
if (isset($allow_all_cache[$dimension_id])) {
$allow_all = $allow_all_cache[$dimension_id];
} else {
$allow_all = $dimension->hasAllowAllForContact($contact_pg_ids);
$allow_all_cache[$dimension_id] = $allow_all;
}
if ($allow_all) {
$dimension_permissions[$dimension_id] = true;
}
//check individual members
if (!$dimension_permissions[$dimension_id] && ContactMemberPermissions::contactCanReadObjectTypeinMember($contact_pg_ids, $m->getId(), $object_type_id, $write, $delete, $user)) {
$dimension_permissions[$dimension_id] = true;
}
} else {
unset($dimension_permissions[$dimension_id]);
}
}
}
$allowed = true;
foreach ($dimension_permissions as $perm) {
if (!$perm) {
$allowed = false;
} else {
return true;
// if user has permission in one of the object's members then can access = true
}
}
if ($allowed && count($dimension_permissions)) {
return true;
}
// Si hasta aca tienen perm en todas las dim, return true. Si hay alguna que no tiene perm sigo
//Check Context Permissions
$member_ids = array();
foreach ($members as $member_obj) {
$member_ids[] = $member_obj->getId();
}
$allowed_members = ContactMemberPermissions::getActiveContextPermissions($user, $object_type_id, $members, $member_ids, $write, $delete);
$count = 0;
foreach ($members as $m) {
$count++;
if (!in_array($m->getId(), $allowed_members)) {
return false;
} else {
if ($count == count($members)) {
return true;
}
}
}
} catch (Exception $e) {
tpl_assign('error', $e);
return false;
}
return false;
}
/**
* Return true is $user can access an $object. False otherwise.
*
* @param Contact $user
* @param array $members
* @param $object_type_id
* @return boolean
*/
function can_access(Contact $user, $members, $object_type_id, $access_level, $allow_super_admin = true)
{
if ($allow_super_admin && $user->isAdministrator()) {
return true;
}
$write = $access_level == ACCESS_LEVEL_WRITE;
$delete = $access_level == ACCESS_LEVEL_DELETE;
if ($user->isGuest() && $access_level != ACCESS_LEVEL_READ) {
return false;
}
try {
$contact_pg_ids = ContactPermissionGroups::getPermissionGroupIdsByContactCSV($user->getId(), false);
$allow_all_cache = array();
$dimension_query_methods = array();
// if no manageable member then check if user has permissions wihout classifying
$manageable_members = array();
foreach ($members as $mem) {
if ($mem instanceof Member && $mem->getDimension()->getIsManageable() && $mem->getDimension()->getDefinesPermissions()) {
$manageable_members[] = $mem->getId();
}
}
if (count($manageable_members) == 0) {
$return = false;
if (config_option('let_users_create_objects_in_root') && $contact_pg_ids != "" && ($user->isAdminGroup() || $user->isExecutive() || $user->isManager())) {
$cond = $delete ? 'AND can_delete = 1' : ($write ? 'AND can_write = 1' : '');
$cmp = ContactMemberPermissions::findOne(array('conditions' => "member_id=0 AND object_type_id={$object_type_id} AND permission_group_id IN ({$contact_pg_ids}) {$cond}"));
$return = $cmp instanceof ContactMemberPermission;
}
return $return;
}
$max_role_ot_perm = MaxRoleObjectTypePermissions::instance()->findOne(array('conditions' => "object_type_id='{$object_type_id}' AND role_id = '" . $user->getUserType() . "'"));
$enabled_dimensions = config_option('enabled_dimensions');
$dimension_permissions = array();
foreach ($members as $k => $m) {
if (!$m instanceof Member) {
unset($members[$k]);
continue;
}
$dimension = $m->getDimension();
if (!$dimension->getDefinesPermissions() || !in_array($dimension->getId(), $enabled_dimensions)) {
continue;
}
$dimension_id = $dimension->getId();
if (!isset($dimension_permissions[$dimension_id])) {
$dimension_permissions[$dimension_id] = false;
}
if (!$dimension_permissions[$dimension_id]) {
if ($m->canContainObject($object_type_id)) {
if (!isset($dimension_query_methods[$dimension->getId()])) {
$dimension_query_methods[$dimension->getId()] = $dimension->getPermissionQueryMethod();
}
//dimension defines permissions and user has maximum level of permissions
if (isset($allow_all_cache[$dimension_id])) {
$allow_all = $allow_all_cache[$dimension_id];
} else {
$allow_all = $dimension->hasAllowAllForContact($contact_pg_ids);
$allow_all_cache[$dimension_id] = $allow_all;
}
if ($allow_all) {
$dimension_permissions[$dimension_id] = true;
}
//check individual members
if (!$dimension_permissions[$dimension_id] && ContactMemberPermissions::contactCanReadObjectTypeinMember($contact_pg_ids, $m->getId(), $object_type_id, $write, $delete, $user)) {
if ($max_role_ot_perm) {
if ($access_level == ACCESS_LEVEL_DELETE && $max_role_ot_perm->getCanDelete() || $access_level == ACCESS_LEVEL_WRITE && $max_role_ot_perm->getCanWrite() || $access_level == ACCESS_LEVEL_READ) {
$dimension_permissions[$dimension_id] = true;
}
}
}
} else {
unset($dimension_permissions[$dimension_id]);
}
}
}
$allowed = true;
// check that user has permissions in all mandatory query method dimensions
$mandatory_count = 0;
foreach ($dimension_query_methods as $dim_id => $qmethod) {
if (!in_array($dim_id, $enabled_dimensions)) {
continue;
}
if ($qmethod == DIMENSION_PERMISSION_QUERY_METHOD_MANDATORY) {
$mandatory_count++;
if (!array_var($dimension_permissions, $dim_id)) {
// if one of the members belong to a mandatory dimension and user does not have permissions on it then return false
return false;
}
}
}
// If no members in mandatory dimensions then check for not mandatory ones
if ($allowed && $mandatory_count == 0) {
foreach ($dimension_query_methods as $dim_id => $qmethod) {
if ($qmethod == DIMENSION_PERMISSION_QUERY_METHOD_NOT_MANDATORY) {
if (array_var($dimension_permissions, $dim_id)) {
// if has permissions over any member of a non mandatory dimension then return true
return true;
} else {
$allowed = false;
}
}
}
}
if ($allowed && count($dimension_permissions)) {
return true;
}
// Si hasta aca tienen perm en todas las dim, return true. Si hay alguna que no tiene perm sigo
//Check Context Permissions
$member_ids = array();
foreach ($members as $member_obj) {
$member_ids[] = $member_obj->getId();
}
$allowed_members = ContactMemberPermissions::getActiveContextPermissions($user, $object_type_id, $members, $member_ids, $write, $delete);
$count = 0;
foreach ($members as $m) {
$count++;
if (!in_array($m->getId(), $allowed_members)) {
return false;
} else {
if ($count == count($members)) {
return true;
}
}
}
} catch (Exception $e) {
tpl_assign('error', $e);
return false;
}
return false;
}
