/**
* Get all entries.
*
* @param string $type custom|system
* @access public
* @return array
*/
public function getEntries($type = 'custom')
{
$entries = $this->dao->select('*')->from(TABLE_ENTRY)->orderBy('`order, id`')->fetchAll();
/* Remove entry if no rights and fix logo path. */
$newEntries = array();
foreach ($entries as $entry) {
if ($entry->logo != '' && substr($entry->logo, 0, 1) != '/') {
$entry->logo = $this->config->webRoot . $entry->logo;
}
if (commonModel::hasAppPriv($entry->code)) {
$newEntries[] = $entry;
}
}
$entries = $newEntries;
if ($type != 'custom') {
return $entries;
}
/* Add custom settings. */
$customApp = isset($this->config->personal->common->customApp) ? json_decode($this->config->personal->common->customApp->value) : new stdclass();
foreach ($entries as $entry) {
if (isset($customApp->{$entry->id})) {
if (isset($customApp->{$entry->id}->order)) {
$entry->order = $customApp->{$entry->id}->order;
}
if (isset($customApp->{$entry->id}->visible)) {
$entry->visible = $customApp->{$entry->id}->visible;
}
}
}
usort($entries, 'commonModel::sortEntryByOrder');
return $entries;
}
/**
* Admin all blocks.
*
* @param int $index
* @access public
* @return void
*/
public function admin($index = 0)
{
$title = $index == 0 ? $this->lang->block->createBlock : $this->lang->block->editBlock;
$entries = $this->dao->select('*')->from(TABLE_ENTRY)->where('block')->ne('')->orWhere('buildin')->eq(1)->fetchAll('id');
if (!$index) {
$index = $this->block->getLastKey('sys') + 1;
}
$allEntries[''] = '';
foreach ($entries as $id => $entry) {
if (!commonModel::hasAppPriv($entry->code)) {
continue;
}
$allEntries[$entry->code] = $entry->name;
}
//$allEntries['rss'] = 'RSS';
$allEntries['html'] = 'HTML';
$allEntries['allEntries'] = $this->lang->block->allEntries;
$allEntries['dynamic'] = $this->lang->block->dynamic;
$hiddenBlocks = $this->block->getHiddenBlocks();
foreach ($hiddenBlocks as $block) {
$allEntries['hiddenBlock' . $block->id] = $block->title;
}
$this->view->block = $this->block->getBlock($index);
$this->view->entries = $entries;
$this->view->allEntries = $allEntries;
$this->view->index = $index;
$this->view->title = $title;
$this->display();
}
/**
* Check privilege for action.
*
* @param object $action
* @access public
* @return bool
*/
public function checkPriv($action)
{
$canView = true;
if ($action->customer) {
static $customers = array();
if (empty($customers)) {
$customers = $this->loadModel('customer', 'crm')->getCustomersSawByMe();
}
if (!in_array($action->customer, $customers)) {
$canView = false;
}
}
if ($action->contact) {
static $contacts = array();
if (empty($contacts)) {
$contacts = $this->loadModel('contact', 'crm')->getContactsSawByMe();
}
if (!in_array($action->contact, $contacts)) {
$canView = false;
}
}
if ($action->objectType == 'order') {
static $orders = array();
if (empty($orders)) {
$orders = $this->loadModel('order', 'crm')->getOrdersSawByMe();
}
if (!in_array($action->objectID, $orders)) {
$canView = false;
}
}
if ($action->objectType == 'project' && !$this->loadModel('project', 'oa')->checkPriv($action->objectID)) {
$canView = false;
}
if ($action->objectType == 'task') {
$task = $this->loadModel('task')->getByID($action->objectID);
if (!$this->loadModel('task', 'sys')->checkPriv($task, 'view')) {
$canView = false;
}
}
if ($action->objectType == 'trade') {
$trade = $this->loadModel('trade', 'cash')->getByID($action->objectID);
$rights = $this->app->user->rights;
if (empty($trade) or $this->app->user->admin != 'super' and $trade->type == 'out' and (!isset($rights['tradebrowse']['out']) or !$this->loadModel('tree')->hasRight($trade->category))) {
$canView = false;
}
}
if ($action->objectType == 'todo') {
$todo = $this->loadModel('todo')->getByID($action->objectID);
if (empty($todo) or $this->app->user->account != $todo->account && $this->app->user->account != $todo->assignedTo) {
$canView = false;
}
}
$objectType = $action->objectType;
$actionType = $action->action;
if (isset($this->lang->action->label->{$objectType})) {
$objectLabel = $this->lang->action->label->{$objectType};
if (!is_array($objectLabel)) {
$action->objectLabel = $objectLabel;
}
if (is_array($objectLabel) and isset($objectLabel[$actionType])) {
$action->objectLabel = $objectLabel[$actionType];
}
if (strpos($action->objectLabel, '|') !== false) {
list($objectLabel, $moduleName, $methodName, $vars) = explode('|', $action->objectLabel);
$action->objectLabel = $objectLabel;
if (!$this->loadModel('common')->isOpenMethod($moduleName, $methodName) and !commonModel::hasPriv($moduleName, $methodName)) {
$canView = false;
}
}
}
if (!commonModel::hasAppPriv($action->appName)) {
$canView = false;
}
return $canView;
}
/**
* Check current user has priviledge to the module's method or not.
*
* @param mixed $module the module
* @param mixed $method the method
* @static
* @access public
* @return bool
*/
public static function hasPriv($module, $method)
{
global $app, $config;
if ($app->user->admin == 'super') {
return true;
}
if (RUN_MODE == 'admin') {
if ($app->user->admin != 'super') {
return false;
}
}
$appName = '';
if (strpos($module, '.') !== false) {
list($appName, $module) = explode('.', $module);
}
/* Check app priv. */
if (!commonModel::hasAppPriv($appName)) {
return false;
}
$rights = $app->user->rights;
if (isset($rights[strtolower($module)][strtolower($method)])) {
return true;
}
return false;
}
/**
* Visit entry.
*
* @param int $entryID
* @param string $referer
* @access public
* @return void
*/
public function visit($entryID, $referer = '')
{
$referer = !empty($_GET['referer']) ? $this->get->referer : $referer;
$entry = $this->entry->getById($entryID);
/* deny if no this app rights. */
if (!commonModel::hasAppPriv($entry->code)) {
$this->loadModel('common', 'sys')->deny($this->app->getModuleName(), $this->app->getMethodName());
}
$location = $entry->login;
$pathinfo = parse_url($location);
if ($entry->integration) {
$token = $this->loadModel('sso')->createToken(session_id(), $entryID);
if (!empty($pathinfo['query'])) {
$location = rtrim($location, '&') . "&token={$token}";
} else {
$location = rtrim($location, '?') . "?token={$token}";
}
if (!empty($referer)) {
$location .= '&referer=' . $referer;
}
}
$this->locate($location);
}
