Exemple #1
0
function create_user($user_data, $permissionsString) {
    
	// try to find contact by some properties 
	$contact_id = array_var($user_data, "contact_id") ;
	$contact =  Contacts::instance()->findById($contact_id) ; 
	
	if (!is_valid_email(array_var($user_data, 'email'))) {
		throw new Exception(lang("email value is required"));
	}

	if (!$contact instanceof Contact) {
		// Create a new user
		$contact = new Contact();
		$contact->setUsername(array_var($user_data, 'username'));
		$contact->setDisplayName(array_var($user_data, 'display_name'));
		$contact->setCompanyId(array_var($user_data, 'company_id'));
		$contact->setUserType(array_var($user_data, 'type'));
		$contact->setTimezone(array_var($user_data, 'timezone'));
		$contact->setFirstname($contact->getObjectName() != "" ? $contact->getObjectName() : $contact->getUsername());
		$contact->setObjectName();
	} else {
		// Create user from contact
		$contact->setUserType(array_var($user_data, 'type'));
		if (array_var($user_data, 'company_id')) {
			$contact->setCompanyId(array_var($user_data, 'company_id'));
		}	
		$contact->setUsername(array_var($user_data, 'username'));
		$contact->setTimezone(array_var($user_data, 'timezone'));
	}
	$contact->save();
	if (is_valid_email(array_var($user_data, 'email'))) {
		$contact->addEmail(array_var($user_data, 'email'), 'personal', true);
	}
	
	
	//permissions
	$permission_group = new PermissionGroup();
	$permission_group->setName('User '.$contact->getId().' Personal');
	$permission_group->setContactId($contact->getId());
	$permission_group->setIsContext(false);
	$permission_group->setType("permission_groups");
	$permission_group->save();
	$contact->setPermissionGroupId($permission_group->getId());
	
	$contact_pg = new ContactPermissionGroup();
	$contact_pg->setContactId($contact->getId());
	$contact_pg->setPermissionGroupId($permission_group->getId());
	$contact_pg->save();

	if ( can_manage_security(logged_user()) ) {
		
		$sp = new SystemPermission();
		$rol_permissions=SystemPermissions::getRolePermissions(array_var($user_data, 'type'));
		foreach($rol_permissions as $pr){
			$sp->setPermission($pr);
		}
		$sp->setPermissionGroupId($permission_group->getId());

		$sp->setCanManageSecurity(array_var($user_data, 'can_manage_security'));
		$sp->setCanManageConfiguration(array_var($user_data, 'can_manage_configuration'));
		$sp->setCanManageTemplates(array_var($user_data, 'can_manage_templates'));
		$sp->setCanManageTime(array_var($user_data, 'can_manage_time'));
		$sp->setCanAddMailAccounts(array_var($user_data, 'can_add_mail_accounts'));
		$sp->setCanManageDimensions(array_var($user_data, 'can_manage_dimensions'));
		$sp->setCanManageDimensionMembers(array_var($user_data, 'can_manage_dimension_members'));
		$sp->setCanManageTasks(array_var($user_data, 'can_manage_tasks'));
		$sp->setCanTasksAssignee(array_var($user_data, 'can_task_assignee'));
		$sp->setCanManageBilling(array_var($user_data, 'can_manage_billing'));
		$sp->setCanViewBilling(array_var($user_data, 'can_view_billing'));
		
		Hook::fire('add_user_permissions', $sp, $other_permissions);
		if (!is_null($other_permissions) && is_array($other_permissions)) {
			foreach ($other_permissions as $k => $v) {
				$sp->setColumnValue($k, array_var($user_data, $k));
			}
		}
		$sp->save();
		
		if ($contact->isAdminGroup()) {
			// allow all un all dimensions if new user is admin
			$dimensions = Dimensions::findAll();
			$permissions = array();
			foreach ($dimensions as $dimension) {
				if ($dimension->getDefinesPermissions()) {
					$cdp = ContactDimensionPermissions::findOne(array("conditions" => "`permission_group_id` = ".$contact->getPermissionGroupId()." AND `dimension_id` = ".$dimension->getId()));
					if (!$cdp instanceof ContactDimensionPermission) {
						$cdp = new ContactDimensionPermission();
						$cdp->setPermissionGroupId($contact->getPermissionGroupId());
						$cdp->setContactDimensionId($dimension->getId());
					}
					$cdp->setPermissionType('allow all');
					$cdp->save();
					
					// contact member permisssion entries
					$members = $dimension->getAllMembers();
					foreach ($members as $member) {
						
						$ots = DimensionObjectTypeContents::getContentObjectTypeIds($dimension->getId(), $member->getObjectTypeId());
						$ots[]=$member->getObjectId();
						foreach ($ots as $ot) {
							$cmp = ContactMemberPermissions::findOne(array("conditions" => "`permission_group_id` = ".$contact->getPermissionGroupId()." AND `member_id` = ".$member->getId()." AND `object_type_id` = $ot"));
							if (!$cmp instanceof ContactMemberPermission) {
								$cmp = new ContactMemberPermission();
								$cmp->setPermissionGroupId($contact->getPermissionGroupId());
								$cmp->setMemberId($member->getId());
								$cmp->setObjectTypeId($ot);
							}
							$cmp->setCanWrite(1);
							$cmp->setCanDelete(1);
							$cmp->save();
							
							// Add persmissions to sharing table
							$perm = new stdClass();
							$perm->m = $member->getId();
							$perm->r= 1;
							$perm->w= 1;
							$perm->d= 1;
							$perm->o= $ot;
							$permissions[] = $perm ;
						}
					}
				}
			}
			
			if(count($permissions)){
				$sharingTableController = new SharingTableController();
				$sharingTableController->afterPermissionChanged($contact->getPermissionGroupId(), $permissions);
			}
			
		}
		
	}
	if(!isset($_POST['sys_perm'])){
		$rol_permissions=SystemPermissions::getRolePermissions(array_var($user_data, 'type'));
		$_POST['sys_perm']=array();
		foreach($rol_permissions as $pr){
			$_POST['sys_perm'][$pr]=1;
		}
		
	}
	if(!isset($_POST['mod_perm'])){
		$tabs_permissions=TabPanelPermissions::getRoleModules(array_var($user_data, 'type'));
		$_POST['mod_perm']=array();
		foreach($tabs_permissions as $pr){
			$_POST['mod_perm'][$pr]=1;
		}
	}
        
    $password = '';
	if (array_var($user_data, 'password_generator') == 'specify') {
		$perform_password_validation = true;
		// Validate input
		$password = array_var($user_data, 'password');
		if (trim($password) == '') {
			throw new Error(lang('password value required'));
		} // if
		if ($password <> array_var($user_data, 'password_a')) {
			throw new Error(lang('passwords dont match'));
		} // if
	} else {
		$user_data['password_generator'] = 'link';
		$perform_password_validation = false;
	}

	$contact->setPassword($password);   
	$contact->save();

	$user_password = new ContactPassword();
	$user_password->setContactId($contact->getId());
	$user_password->setPasswordDate(DateTimeValueLib::now());
	$user_password->setPassword(cp_encrypt($password, $user_password->getPasswordDate()->getTimestamp()));
	$user_password->password_temp = $password;
	$user_password->perform_validation = $perform_password_validation;
	$user_password->save();
        
	if (array_var($user_data, 'autodetect_time_zone', 1) == 1) {
		set_user_config_option('autodetect_time_zone', 1, $contact->getId());
	}
	
	/* create contact for this user*/

	ApplicationLogs::createLog($contact, ApplicationLogs::ACTION_ADD);

	// Set role permissions for active members
	$active_context = active_context();
	$sel_members = array();
	foreach ($active_context as $selection) {
		if ($selection instanceof Member) {
			$sel_members[] = $selection;
			$has_project_permissions = ContactMemberPermissions::instance()->count("permission_group_id = '".$contact->getPermissionGroupId()."' AND member_id = ".$selection->getId()) > 0;
			if (!$has_project_permissions) {
				RoleObjectTypePermissions::createDefaultUserPermissions($contact, $selection);
			}
		}
	}
	save_permissions($contact->getPermissionGroupId(), $contact->isGuest());
	
	Hook::fire('after_user_add', $contact, $null);
	
	// add user content object to associated members
	if (count($sel_members) > 0) {
		ObjectMembers::addObjectToMembers($contact->getId(), $sel_members);
		$contact->addToSharingTable();
	}
	
	// Send notification
	try {
		if (array_var($user_data, 'send_email_notification') && $contact->getEmailAddress()) {
                    
			if (array_var($user_data, 'password_generator', 'link') == 'link') {
				// Generate link password
				$user = Contacts::getByEmail(array_var($user_data, 'email'));
				$token = sha1(gen_id() . (defined('SEED') ? SEED : ''));
				$timestamp = time() + 60*60*24;
				set_user_config_option('reset_password', $token . ";" . $timestamp, $user->getId());
				Notifier::newUserAccountLinkPassword($contact, $password, $token);

			} else {
				Notifier::newUserAccount($contact, $password);
			}
			
		}
	} catch(Exception $e) {
		Logger::log($e->getTraceAsString());
	} // try
	return $contact;
}
Exemple #2
0
function create_user($user_data, $permissionsString, $rp_permissions_data = array(), $save_permissions = true)
{
    // try to find contact by some properties
    $contact_id = array_var($user_data, "contact_id");
    $contact = Contacts::instance()->findById($contact_id);
    if (!is_valid_email(array_var($user_data, 'email'))) {
        throw new Exception(lang("email value is required"));
    }
    if (!$contact instanceof Contact) {
        // Create a new user
        $contact = new Contact();
        $contact->setUsername(array_var($user_data, 'username'));
        $contact->setDisplayName(array_var($user_data, 'display_name'));
        $contact->setCompanyId(array_var($user_data, 'company_id'));
        $contact->setUserType(array_var($user_data, 'type'));
        $contact->setTimezone(array_var($user_data, 'timezone'));
        $contact->setFirstname($contact->getObjectName() != "" ? $contact->getObjectName() : $contact->getUsername());
        $contact->setObjectName();
        $user_from_contact = false;
    } else {
        // Create user from contact
        $contact->setUserType(array_var($user_data, 'type'));
        if (array_var($user_data, 'company_id')) {
            $contact->setCompanyId(array_var($user_data, 'company_id'));
        }
        $contact->setUsername(array_var($user_data, 'username'));
        $contact->setTimezone(array_var($user_data, 'timezone'));
        $user_from_contact = true;
    }
    $contact->save();
    if (is_valid_email(array_var($user_data, 'email'))) {
        $user = Contacts::getByEmail(array_var($user_data, 'email'));
        if (!$user) {
            $contact->addEmail(array_var($user_data, 'email'), 'personal', true);
        }
    }
    //permissions
    $additional_name = "";
    $tmp_pg = PermissionGroups::findOne(array('conditions' => "`name`='User " . $contact->getId() . " Personal'"));
    if ($tmp_pg instanceof PermissionGroup) {
        $additional_name = "_" . gen_id();
    }
    $permission_group = new PermissionGroup();
    $permission_group->setName('User ' . $contact->getId() . $additional_name . ' Personal');
    $permission_group->setContactId($contact->getId());
    $permission_group->setIsContext(false);
    $permission_group->setType("permission_groups");
    $permission_group->save();
    $contact->setPermissionGroupId($permission_group->getId());
    $null = null;
    Hook::fire('on_create_user_perm_group', $permission_group, $null);
    $contact_pg = new ContactPermissionGroup();
    $contact_pg->setContactId($contact->getId());
    $contact_pg->setPermissionGroupId($permission_group->getId());
    $contact_pg->save();
    if (can_manage_security(logged_user())) {
        $sp = new SystemPermission();
        if (!$user_from_contact) {
            $rol_permissions = SystemPermissions::getRolePermissions(array_var($user_data, 'type'));
            if (is_array($rol_permissions)) {
                foreach ($rol_permissions as $pr) {
                    $sp->setPermission($pr);
                }
            }
        }
        $sp->setPermissionGroupId($permission_group->getId());
        if (isset($user_data['can_manage_security'])) {
            $sp->setCanManageSecurity(array_var($user_data, 'can_manage_security'));
        }
        if (isset($user_data['can_manage_configuration'])) {
            $sp->setCanManageConfiguration(array_var($user_data, 'can_manage_configuration'));
        }
        if (isset($user_data['can_manage_templates'])) {
            $sp->setCanManageTemplates(array_var($user_data, 'can_manage_templates'));
        }
        if (isset($user_data['can_manage_time'])) {
            $sp->setCanManageTime(array_var($user_data, 'can_manage_time'));
        }
        if (isset($user_data['can_add_mail_accounts'])) {
            $sp->setCanAddMailAccounts(array_var($user_data, 'can_add_mail_accounts'));
        }
        if (isset($user_data['can_manage_dimensions'])) {
            $sp->setCanManageDimensions(array_var($user_data, 'can_manage_dimensions'));
        }
        if (isset($user_data['can_manage_dimension_members'])) {
            $sp->setCanManageDimensionMembers(array_var($user_data, 'can_manage_dimension_members'));
        }
        if (isset($user_data['can_manage_tasks'])) {
            $sp->setCanManageTasks(array_var($user_data, 'can_manage_tasks'));
        }
        if (isset($user_data['can_task_assignee'])) {
            $sp->setCanTasksAssignee(array_var($user_data, 'can_task_assignee'));
        }
        if (isset($user_data['can_manage_billing'])) {
            $sp->setCanManageBilling(array_var($user_data, 'can_manage_billing'));
        }
        if (isset($user_data['can_view_billing'])) {
            $sp->setCanViewBilling(array_var($user_data, 'can_view_billing'));
        }
        if (isset($user_data['can_see_assigned_to_other_tasks'])) {
            $sp->setColumnValue('can_see_assigned_to_other_tasks', array_var($user_data, 'can_see_assigned_to_other_tasks'));
        }
        Hook::fire('add_user_permissions', $sp, $other_permissions);
        if (!is_null($other_permissions) && is_array($other_permissions)) {
            foreach ($other_permissions as $k => $v) {
                $sp->setColumnValue($k, array_var($user_data, $k));
            }
        }
        $sp->save();
        $permissions_sent = array_var($_POST, 'manual_permissions_setted') == 1;
        // give permissions for user if user type defined in "give_member_permissions_to_new_users" config option
        $allowed_user_type_ids = config_option('give_member_permissions_to_new_users');
        if ($contact->isAdministrator() || !$permissions_sent && in_array($contact->getUserType(), $allowed_user_type_ids)) {
            ini_set('memory_limit', '512M');
            $permissions = array();
            $default_permissions = RoleObjectTypePermissions::instance()->findAll(array('conditions' => 'role_id = ' . $contact->getUserType()));
            $dimensions = Dimensions::findAll();
            foreach ($dimensions as $dimension) {
                if ($dimension->getDefinesPermissions()) {
                    $cdp = ContactDimensionPermissions::findOne(array("conditions" => "`permission_group_id` = " . $contact->getPermissionGroupId() . " AND `dimension_id` = " . $dimension->getId()));
                    if (!$cdp instanceof ContactDimensionPermission) {
                        $cdp = new ContactDimensionPermission();
                        $cdp->setPermissionGroupId($contact->getPermissionGroupId());
                        $cdp->setContactDimensionId($dimension->getId());
                    }
                    $cdp->setPermissionType('check');
                    $cdp->save();
                    // contact member permisssion entries
                    $members = DB::executeAll('SELECT * FROM ' . TABLE_PREFIX . 'members WHERE dimension_id=' . $dimension->getId());
                    foreach ($members as $member) {
                        foreach ($default_permissions as $p) {
                            // Add persmissions to sharing table
                            $perm = new stdClass();
                            $perm->m = $member['id'];
                            $perm->r = 1;
                            $perm->w = $p->getCanWrite();
                            $perm->d = $p->getCanDelete();
                            $perm->o = $p->getObjectTypeId();
                            $permissions[] = $perm;
                        }
                    }
                }
            }
            $_POST['permissions'] = json_encode($permissions);
        } else {
            if ($permissions_sent) {
                $_POST['permissions'] = $permissionsString;
            } else {
                $_POST['permissions'] = "";
            }
        }
        if (config_option('let_users_create_objects_in_root') && ($contact->isAdminGroup() || $contact->isExecutive() || $contact->isManager())) {
            if ($permissions_sent) {
                foreach ($rp_permissions_data as $name => $value) {
                    $ot_id = substr($name, strrpos($name, '_') + 1);
                    $cmp = new ContactMemberPermission();
                    $cmp->setPermissionGroupId($permission_group->getId());
                    $cmp->setMemberId(0);
                    $cmp->setObjectTypeId($ot_id);
                    $cmp->setCanDelete($value >= 3);
                    $cmp->setCanWrite($value >= 2);
                    $cmp->save();
                }
            } else {
                $default_permissions = RoleObjectTypePermissions::instance()->findAll(array('conditions' => 'role_id = ' . $contact->getUserType()));
                foreach ($default_permissions as $p) {
                    $cmp = new ContactMemberPermission();
                    $cmp->setPermissionGroupId($permission_group->getId());
                    $cmp->setMemberId(0);
                    $cmp->setObjectTypeId($p->getObjectTypeId());
                    $cmp->setCanDelete($p->getCanDelete());
                    $cmp->setCanWrite($p->getCanWrite());
                    $cmp->save();
                }
            }
        }
    }
    if (!isset($_POST['sys_perm']) && !$user_from_contact) {
        $rol_permissions = SystemPermissions::getRolePermissions(array_var($user_data, 'type'));
        $_POST['sys_perm'] = array();
        if (is_array($rol_permissions)) {
            foreach ($rol_permissions as $pr) {
                $_POST['sys_perm'][$pr] = 1;
            }
        }
    }
    if (!isset($_POST['mod_perm']) && !$user_from_contact) {
        $tabs_permissions = TabPanelPermissions::getRoleModules(array_var($user_data, 'type'));
        $_POST['mod_perm'] = array();
        foreach ($tabs_permissions as $pr) {
            $_POST['mod_perm'][$pr] = 1;
        }
    }
    $password = '';
    if (array_var($user_data, 'password_generator') == 'specify') {
        $perform_password_validation = true;
        // Validate input
        $password = array_var($user_data, 'password');
        if (trim($password) == '') {
            throw new Error(lang('password value required'));
        }
        // if
        if ($password != array_var($user_data, 'password_a')) {
            throw new Error(lang('passwords dont match'));
        }
        // if
    } else {
        $user_data['password_generator'] = 'link';
        $perform_password_validation = false;
    }
    $contact->setPassword($password);
    $contact->save();
    $user_password = new ContactPassword();
    $user_password->setContactId($contact->getId());
    $user_password->setPasswordDate(DateTimeValueLib::now());
    $user_password->setPassword(cp_encrypt($password, $user_password->getPasswordDate()->getTimestamp()));
    $user_password->password_temp = $password;
    $user_password->perform_validation = $perform_password_validation;
    $user_password->save();
    if (array_var($user_data, 'autodetect_time_zone', 1) == 1) {
        set_user_config_option('autodetect_time_zone', 1, $contact->getId());
    }
    /* create contact for this user*/
    ApplicationLogs::createLog($contact, ApplicationLogs::ACTION_ADD);
    // Set role permissions for active members
    $active_context = active_context();
    $sel_members = array();
    if (is_array($active_context) && !$permissions_sent) {
        $tmp_perms = array();
        if ($_POST['permissions'] != "") {
            $tmp_perms = json_decode($_POST['permissions']);
        }
        foreach ($active_context as $selection) {
            if ($selection instanceof Member) {
                $sel_members[] = $selection;
                $has_project_permissions = ContactMemberPermissions::instance()->count("permission_group_id = '" . $contact->getPermissionGroupId() . "' AND member_id = " . $selection->getId()) > 0;
                if (!$has_project_permissions) {
                    $new_cmps = RoleObjectTypePermissions::createDefaultUserPermissions($contact, $selection);
                    foreach ($new_cmps as $new_cmp) {
                        $perm = new stdClass();
                        $perm->m = $new_cmp->getMemberId();
                        $perm->r = 1;
                        $perm->w = $new_cmp->getCanWrite();
                        $perm->d = $new_cmp->getCanDelete();
                        $perm->o = $new_cmp->getObjectTypeId();
                        $tmp_perms[] = $perm;
                    }
                }
            }
        }
        if (count($tmp_perms) > 0) {
            $_POST['permissions'] = json_encode($tmp_perms);
        }
    }
    if ($save_permissions) {
        //save_permissions($contact->getPermissionGroupId(), $contact->isGuest());
        save_user_permissions_background(logged_user(), $contact->getPermissionGroupId(), $contact->isGuest());
    }
    Hook::fire('after_user_add', $contact, $null);
    // add user content object to associated members
    if (count($sel_members) > 0) {
        ObjectMembers::addObjectToMembers($contact->getId(), $sel_members);
        $contact->addToSharingTable();
    }
    return $contact;
}