/** * The client CAN use the information contained in * $response['manage_permission'] to make decisions such as whether or not to * allow the current user to edit the set of groups in the store. * @param Array $params Client input parameters * @return $response for the client. */ protected function actionSelectedStore($params) { $currentPermissionLevel = \GO\Base\Model\Acl::getUserPermissionLevel($params['model_id'], \GO::user()->id); $response['manage_permission'] = $params['currentUserHasManagePermission'] = \GO\Base\Model\Acl::hasPermission($currentPermissionLevel, \GO\Base\Model\Acl::MANAGE_PERMISSION); $response = array_merge($response, parent::actionSelectedStore($params)); return $response; }
public function checkWritePermission($delete = false) { $fsFile = new \GO\Base\Fs\File($this->path); $this->folder = \GO\Files\Model\Folder::model()->findByPath($fsFile->parent()->stripFileStoragePath()); if (!\GO\Base\Model\Acl::hasPermission($this->folder->getPermissionLevel(), \GO\Base\Model\Acl::WRITE_PERMISSION)) { throw new Sabre\DAV\Exception\Forbidden("DAV: User " . \GO::user()->username . " doesn't have write permission for file '" . $this->relpath . '"'); } }
public function checkPermissionsWithLicense() { $users = License::moduleIsRestricted($this->id()); // GO::debug($users); if ($users === false) { return true; } $acl_id = GO::modules()->{$this->id()}->acl_id; $users = \GO\Base\Model\Acl::getAuthorizedUsers($acl_id); foreach ($users as $user) { if (!in_array($user->username, $users)) { return false; } } return true; }
/** * Return information for add and delete buttons in the view. It tells wether add or delete is allowed. * * @param array $response */ public function setButtonParams(&$response) { $models = $this->_getSelectedModels(); foreach ($models as $model) { if (!isset($response['buttonParams']) && \GO\Base\Model\Acl::hasPermission($model->getPermissionLevel(), \GO\Base\Model\Acl::CREATE_PERMISSION)) { //instruct the view for the add action. $response['buttonParams'] = array('id' => $model->id, 'name' => $model->name, 'permissionLevel' => $model->getPermissionLevel()); } } }
/** * Can be used in actionDisplay like actions * @param \GO\Base\Db\ActiveRecord $data['model'] the model to render display data for * @param array $extraFields the extra fields that should be attached to the data array as key => value * @return \GO\Base\Data\JsonResponse Response object */ public function renderDisplay($data) { $response = array('data' => array(), 'success' => true); $response['data'] = $data['model']->getAttributes('html'); if (!empty($data['model']->user)) { $response['data']['username'] = $data['model']->user->name; } if (!empty($data['model']->mUser)) { $response['data']['musername'] = $data['model']->mUser->name; } //$response['data'] = $model->getAttributes('html'); //$response['data']['model'] = $model->className(); $response['data']['permission_level'] = $data['model']->getPermissionLevel(); $response['data']['write_permission'] = \GO\Base\Model\Acl::hasPermission($response['data']['permission_level'], \GO\Base\Model\Acl::WRITE_PERMISSION); $response['data']['customfields'] = array(); if (!isset($response['data']['workflow']) && \GO::modules()->workflow) { $response = $this->_processWorkflowDisplay($data['model'], $response); } if ($data['model']->customfieldsRecord) { $response = $this->_processCustomFieldsDisplay($data['model'], $response); } if ($data['model']->hasLinks()) { $response = $this->_processLinksDisplay($data['model'], $response); if (!isset($response['data']['events']) && \GO::modules()->calendar) { $response = $this->_processEventsDisplay($data['model'], $response); } if (!isset($response['data']['tasks']) && \GO::modules()->tasks) { $response = $this->_processTasksDisplay($data['model'], $response); } } if (\GO::modules()->files && !isset($response['data']['files'])) { $response = $this->_processFilesDisplay($data['model'], $response); } if (\GO::modules()->comments) { $response = $this->_processCommentsDisplay($data['model'], $response); } if (\GO::modules()->lists) { $response = \GO\Lists\ListsModule::displayResponse($data['model'], $response); } // // $this->fireEvent('display', array( // &$this, // &$response, // &$model // )); return new \GO\Base\Data\JsonResponse($response); }
protected function actionGetNewAcl($params) { $acl = new \GO\Base\Model\Acl(); $acl->user_id = isset($params['user_id']) ? $params['user_id'] : \GO::user()->id; $acl->description = $params['description']; $acl->save(); echo $acl->id; }
protected function beforeDelete(array $params) { $delKeys = !empty($params['delete_keys']) ? json_decode($params['delete_keys']) : array(); if (!empty($delKeys)) { // Only admins may edit the set of linked users. if (!$params['currentUserHasManagePermission']) { throw new \GO\Base\Exception\AccessDenied(); } foreach ($delKeys as $delKey) { // if ($delKey==1) // throw new \Exception(\GO::t('dontChangeAdminPermissions')); $aclItem = \GO\Base\Model\Acl::model()->findByPk($params['model_id']); if ($aclItem->user_id == $delKey) { // Situation: user with id $delKey is owner of ACL with id $params['model_id'] if (\GO::user()->isAdmin()) { // Situation: Current user is in root group. Action: set current // user as owner of the ACL $aclItem->user_id = \GO::user()->id; $aclItem->save(); } else { throw new \Exception(\GO::t('dontChangeOwnersPermissions')); } } } } else { return false; } return true; }
protected function actionList($params) { if (!empty($params['query'])) { return $this->_searchFiles($params); } if ($params['folder_id'] == 'shared') { return $this->_listShares($params); } //get the folder that contains the files and folders to list. //This will check permissions too. $folder = \GO\Files\Model\Folder::model()->findByPk($params['folder_id']); if (!$folder) { $folder = \GO\Files\Model\Folder::model()->findHomeFolder(GO::user()); } if (!$folder) { throw new Exception('No Folder found with id ' . $params['folder_id']); } $user = $folder->quotaUser; $this->_listFolderPermissionLevel = $folder->permissionLevel; $response['permission_level'] = $folder->permissionLevel; //$folder->readonly ? \GO\Base\Model\Acl::READ_PERMISSION : $folder->permissionLevel; if (empty($params['skip_fs_sync']) && empty(GO::config()->files_disable_filesystem_sync)) { $folder->checkFsSync(); } //useful information for the view. $response['path'] = $folder->path; //Show this page in thumbnails or list $folderPreference = \GO\Files\Model\FolderPreference::model()->findByPk(array('user_id' => \GO::user()->id, 'folder_id' => $folder->id)); if ($folderPreference) { $response['thumbs'] = $folderPreference->thumbs; } else { $response['thumbs'] = 0; } $response['parent_id'] = $folder->parent_id; //locked state $response['lock_state'] = !empty($folder->apply_state); $response['cm_state'] = isset($folder->cm_state) && !empty($folder->apply_state) ? $folder->cm_state : ""; $response['may_apply_state'] = \GO\Base\Model\Acl::hasPermission($folder->getPermissionLevel(), \GO\Base\Model\Acl::MANAGE_PERMISSION); // if($response["lock_state"]){ // $state = json_decode($response["cm_state"]); // // if(isset($state->sort)){ // $params['sort']=$state->sort->field; // $params['dir']=$state->sort->direction; // } // } $store = \GO\Base\Data\Store::newInstance(\GO\Files\Model\Folder::model()); //set sort aliases $store->getColumnModel()->formatColumn('type', '', array(), 'name'); $store->getColumnModel()->formatColumn('size', '"-"', array(), 'name'); $store->getColumnModel()->formatColumn('locked_user_id', '"0"'); //handle delete request for both files and folder if (isset($params['delete_keys'])) { $ids = $this->_splitFolderAndFileIds(json_decode($params['delete_keys'], true)); $params['delete_keys'] = json_encode($ids['folders']); $store->processDeleteActions($params, "GO\\Files\\Model\\Folder"); $params['delete_keys'] = json_encode($ids['files']); $store->processDeleteActions($params, "GO\\Files\\Model\\File"); } $store->getColumnModel()->setFormatRecordFunction(array($this, 'formatListRecord')); $findParams = $store->getDefaultParams($params); //sorting on custom fields doesn't work for folders if (isset($params['sort']) && substr($params['sort'], 0, 4) == 'col_') { $findParams->order("name", $params['dir']); } $findParamsArray = $findParams->getParams(); if (!isset($findParamsArray['start'])) { $findParamsArray['start'] = 0; } if (!isset($findParamsArray['limit'])) { $findParamsArray['limit'] = 0; } //$stmt = $folder->folders($findParams); $stmt = $folder->getSubFolders($findParams); $store->setStatement($stmt); $response = array_merge($response, $store->getData()); //add files to the listing if it fits $folderPages = floor($stmt->foundRows / $findParamsArray['limit']); $foldersOnLastPage = $stmt->foundRows - $folderPages * $findParamsArray['limit']; //$isOnLastPageofFolders = $stmt->foundRows < ($findParams['limit'] + $findParams['start']); if (count($response['results'])) { $fileStart = $findParamsArray['start'] - $folderPages * $findParamsArray['limit']; $fileLimit = $findParamsArray['limit'] - $foldersOnLastPage; } else { $fileStart = $findParamsArray['start'] - $stmt->foundRows; $fileLimit = $findParamsArray['limit']; } if ($fileStart >= 0) { $store->resetResults(); $store->getColumnModel()->formatColumn('size', '"-"', array(), 'size'); $store->getColumnModel()->formatColumn('type', '', array(), 'extension'); $store->getColumnModel()->formatColumn('locked', '$model->isLocked()'); $store->getColumnModel()->formatColumn('locked_user_id', '$model->locked_user_id'); $store->getColumnModel()->formatColumn('folder_id', '$model->folder_id'); $findParams = $store->getDefaultParams($params)->limit($fileLimit)->start($fileStart); // Handle the files filter if (!empty($params['files_filter'])) { $extensions = explode(',', $params['files_filter']); $findParams->getCriteria()->addInCondition('extension', $extensions); } $stmt = $folder->files($findParams); $store->setStatement($stmt); $filesResponse = $store->getData(); $response['total'] += $filesResponse['total']; $response['results'] = array_merge($response['results'], $filesResponse['results']); } else { $record = $folder->files(\GO\Base\Db\FindParams::newInstance()->single()->select('count(*) as total')); $response['total'] += $record->total; } if (empty($user)) { $user = \GO::user(); } $response['owner_id'] = $user->id; $response['disk_usage'] = round($user->disk_usage / 1024 / 1024, 2); $response['disk_quota'] = $user->disk_quota; return $response; }
/** * Get's the Acces Control List for this model if it has one. * * @return \GO\Base\Model\Acl */ public function getAcl() { if ($this->_acl) { return $this->_acl; } else { $aclId = $this->findAclId(); if ($aclId) { $this->_acl = \GO\Base\Model\Acl::model()->findByPk($aclId); return $this->_acl; } else { return false; } } }
/** * Check if the acl for the finance does exist. * If not, then create a new acl and return it. * * @return \GO\Base\Model\Acl */ public static function getFinanceAcl() { $financeAclID = \GO::config()->get_setting('projects2_finance_acl'); if (!empty($financeAclID)) { $financeAcl = \GO\Base\Model\Acl::model()->findByPk($financeAclID); } if (empty($financeAcl)) { $financeAcl = new \GO\Base\Model\Acl(); $financeAcl->user_id = 1; $financeAcl->description = 'Finance access for Projects 2'; if ($financeAcl->save()) { \GO::config()->save_setting('projects2_finance_acl', $financeAcl->id); } } return $financeAcl; }
<?php $GO_SCRIPTS_JS .= 'GO.addressbook.lang.defaultSalutationExpression="' . \GO\Base\Util\String::escape_javascript(\GO::t('defaultSalutation', 'addressbook')) . '";'; $export_acl_id = \GO::config()->get_setting('go_addressbook_export', 0); if (!$export_acl_id) { $acl = new \GO\Base\Model\Acl(); $acl->description = 'addressbook_export'; $acl->save(); $export_acl_id = $acl->id; \GO::config()->save_setting('go_addressbook_export', $acl->id, 0); } $GO_SCRIPTS_JS .= 'GO.addressbook.export_acl_id="' . $export_acl_id . '";'; $acl_level = \GO\Base\Model\Acl::getUserPermissionLevel($export_acl_id, \GO::user()->id); $GO_SCRIPTS_JS .= 'GO.addressbook.exportPermission="' . ($acl_level ? 1 : 0) . '";'; if (\GO::modules()->customfields) { $GO_SCRIPTS_JS .= ' GO.customfields.settingsPanels={ name: "' . \GO\Addressbook\Model\Contact::model()->localizedName . '", panels: [] };' . "\n"; $stmt = \GO\Users\Model\CfSettingTab::model()->getSettingTabs(); while ($category = $stmt->fetch()) { $fields = array(); $fstmt = $category->fields(); while ($field = $fstmt->fetch()) { $fields[] = $field->toJsonArray(); } // Makes global, client-side, editable form panels for every customfield category $GO_SCRIPTS_JS .= "\n\n" . 'GO.customfields.settingsPanels.panels.push({xtype : "customformpanel", itemId:"cf-panel-' . $category->id . '", category_id: ' . $category->id . ', title : "' . htmlspecialchars($category->name, ENT_QUOTES, 'UTF-8') . '", customfields : ' . json_encode($fields) . '});' . "\n"; }
private function acls() { $acls = Acl::model()->findByAttributes(array('user_id' => $this->from)); $success = true; foreach ($acls as $item) { $item->user_id = $this->to; $success = $item->save() && $success; } return $success; }
public function setFolderPermissions() { if (\GO::modules()->isInstalled('files')) { $folder = \GO\Files\Model\Folder::model()->findByPath('addressbook', true); if ($folder) { $folder->acl_id = \GO\Base\Model\Acl::model()->getReadOnlyAcl()->id; $folder->readonly = 1; $folder->save(); } $folder = \GO\Files\Model\Folder::model()->findByPath('addressbook/photos', true); if ($folder && !$folder->acl_id) { $folder->setNewAcl(1); $folder->readonly = 1; $folder->save(); } //hide old contacts folder if it exists $folder = \GO\Files\Model\Folder::model()->findByPath('contacts'); if ($folder) { if (!$folder->acl_id) { $folder->setNewAcl(1); $folder->readonly = 1; $folder->save(); } else { $folder->getAcl()->clear(); } } } }
public function getPermissionLevel() { if (\GO::$ignoreAclPermissions) { return \GO\Base\Model\Acl::MANAGE_PERMISSION; } if (!$this->aclField()) { return -1; } if (!\GO::user()) { return false; } //if($this->isNew && !$this->joinAclField){ if (empty($this->{$this->aclField()}) && !$this->getIsJoinedAclField()) { //the new model has it's own ACL but it's not created yet. //In this case we will check the module permissions. $module = $this->getModule(); if ($module == 'base') { return \GO::user()->isAdmin() ? \GO\Base\Model\Acl::MANAGE_PERMISSION : false; } else { return \GO::modules()->{$module}->permissionLevel; } } else { if (!isset($this->_permissionLevel)) { $acl_id = $this->findAclId(); if (!$acl_id) { throw new \Exception("Could not find ACL for " . $this->className() . " with pk: " . $this->pk); } $this->_permissionLevel = \GO\Base\Model\Acl::getUserPermissionLevel($acl_id); // model()->findByPk($acl_id)->getUserPermissionLevel(); } return $this->_permissionLevel; } }
public static function generateGroupsFile() { $file = self::getGroupsFile(); $fp = fopen($file->path(), 'w'); fwrite($fp, "[" . GO::config()->product_name . " " . strtolower(GO::t('users')) . "]\n"); $xmppHost = self::getXmppHost(); \GO\Base\Model\Acl::getAuthorizedUsers(GO::modules()->chat->acl_id, \GO\Base\Model\Acl::READ_PERMISSION, function ($user) use($fp, $xmppHost) { if ($user->enabled) { $line = $user->username . '@' . $xmppHost . '=' . $user->name . "\n"; fwrite($fp, $line); } }); fclose($fp); }
public function actionPermissionsStore($params) { //check access to users or groups module. Because we allow this action without //access to the modules module if ($params['paramIdType'] == 'groupId') { if (!GO::modules()->groups) { throw new \GO\Base\Exception\AccessDenied(); } } else { if (!GO::modules()->users) { throw new \GO\Base\Exception\AccessDenied(); } } $response = new JsonResponse(array('success' => true, 'results' => array(), 'total' => 0)); $modules = array(); $mods = GO::modules()->getAllModules(); while ($module = array_shift($mods)) { $permissionLevel = 0; $usersGroupPermissionLevel = false; if (empty($params['id'])) { $aclUsersGroup = $module->acl->hasGroup(GO::config()->group_everyone); // everybody group $permissionLevel = $usersGroupPermissionLevel = $aclUsersGroup ? $aclUsersGroup->level : 0; } else { if ($params['paramIdType'] == 'groupId') { //when looking at permissions from the groups module. $aclUsersGroup = $module->acl->hasGroup($params['id']); $permissionLevel = $aclUsersGroup ? $aclUsersGroup->level : 0; } else { //when looking from the users module $permissionLevel = Acl::getUserPermissionLevel($module->acl_id, $params['id']); $usersGroupPermissionLevel = Acl::getUserPermissionLevel($module->acl_id, $params['id'], true); } } $translated = $module->moduleManager ? $module->moduleManager->name() : $module->id; // Module permissions only support read permission and manage permission: if (Acl::hasPermission($permissionLevel, Acl::CREATE_PERMISSION)) { $permissionLevel = Acl::MANAGE_PERMISSION; } $modules[$translated] = array('id' => $module->id, 'name' => $translated, 'permissionLevel' => $permissionLevel, 'disable_none' => $usersGroupPermissionLevel !== false && Acl::hasPermission($usersGroupPermissionLevel, Acl::READ_PERMISSION), 'disable_use' => $usersGroupPermissionLevel !== false && Acl::hasPermission($usersGroupPermissionLevel, Acl::CREATE_PERMISSION)); $response['total'] += 1; } ksort($modules); $response['results'] = array_values($modules); echo $response; }
/** * Check the ACL permission levels manually added by addRequiredPermissionLevel(); * * @param string $action * @return boolean */ private function _checkRequiredPermissionLevels($action) { //check action permission if (isset($this->requiredPermissionLevels[$action])) { $permLevel = Acl::getUserPermissionLevel($this->requiredPermissionLevels[$action]['aclId']); return Acl::getUserPermissionLevel($permLevel, $this->requiredPermissionLevels[$action]['requiredPermissionLevel']); } elseif ($action != '*') { return $this->_checkRequiredPermissionLevels('*'); } else { return true; } }
public static function userHasPermission($userId) { $level = \GO\Base\Model\Acl::getUserPermissionLevel(\GO::modules()->leavedays->acl_id, $userId); return $level >= \GO\Base\Model\Acl::READ_PERMISSION; }
private function _getContactInfo(\GO\Email\Model\ImapMessage $imapMessage, $params, $response) { $response['sender_contact_id'] = 0; $response['sender_company_id'] = 0; $response['allow_quicklink'] = 1; $response['contact_name'] = ""; $response['contact_thumb_url'] = GO::config()->host . 'modules/addressbook/themes/Default/images/unknown-person.png'; $useQL = GO::config()->allow_quicklink; $response['allow_quicklink'] = $useQL ? 1 : 0; $contact = \GO\Addressbook\Model\Contact::model()->findSingleByEmail($response['sender']); if (!empty($contact)) { $response['contact_thumb_url'] = $contact->getPhotoThumbURL(); if ($useQL) { $response['sender_contact_id'] = $contact->id; $response['contact_name'] = $contact->name . ' (' . $contact->addressbook->name . ')'; $company = $contact->company; if (!empty($company) && Acl::getUserPermissionLevel($company->addressbook->acl_id) >= Acl::WRITE_PERMISSION) { $response['sender_company_id'] = $company->id; $response['company_name'] = $company->name . ' (' . $company->addressbook->name . ')'; } if (GO::modules()->savemailas) { $contactLinkedMessage = \GO\Savemailas\Model\LinkedEmail::model()->findByImapMessage($imapMessage, $contact); $response['contact_linked_message_id'] = $contactLinkedMessage && $contactLinkedMessage->linkExists($contact) ? $contactLinkedMessage->id : 0; if (!empty($company)) { $companyLinkedMessage = \GO\Savemailas\Model\LinkedEmail::model()->findByImapMessage($imapMessage, $company); $response['company_linked_message_id'] = $companyLinkedMessage && $companyLinkedMessage->linkExists($company) ? $companyLinkedMessage->id : 0; } } } } return $response; }
public static function hasFreebusyAccess($request_user_id, $target_user_id) { $fbAcl = FreebusypermissionsModule::getFreeBusyAcl($target_user_id); return \GO\Base\Model\Acl::getUserPermissionLevel($fbAcl->acl_id, $request_user_id) > 0; }
/** * The default action for displaying a model in a DisplayPanel. */ protected function actionDisplay($params) { $response = array('data' => array(), 'success' => true); $modelName = $this->model; $model = \GO::getModel($modelName)->findByPk($this->getPrimaryKeyFromParams($params)); if (!$model) { throw new \GO\Base\Exception\NotFound(); } $response = $this->beforeDisplay($response, $model, $params); //todo build in new style. Now it's necessary for old library functions //require_once(\GO::config()->root_path.'Group-Office.php'); $response['data'] = array_merge($response['data'], $model->getAttributes('html')); $response['data']['model'] = $model->className(); $response['data']['permission_level'] = $model->getPermissionLevel(); $response['data']['write_permission'] = \GO\Base\Model\Acl::hasPermission($response['data']['permission_level'], \GO\Base\Model\Acl::WRITE_PERMISSION); if (!empty($model->ctime)) { $response['data']['ctime'] = \GO\Base\Util\Date::get_timestamp($model->ctime); } if (!empty($model->mtime)) { $response['data']['mtime'] = \GO\Base\Util\Date::get_timestamp($model->mtime); } if (!empty($model->user)) { $response['data']['username'] = $model->user->name; } if (!empty($model->mUser)) { $response['data']['musername'] = $model->mUser->name; } $response['data']['customfields'] = array(); if (!isset($response['data']['workflow']) && \GO::modules()->workflow) { $response = $this->_processWorkflowDisplay($model, $response); } if ($model->customfieldsRecord) { $response = $this->_processCustomFieldsDisplay($model, $response); } if ($model->hasLinks()) { $response = $this->_processLinksDisplay($model, $response, isset($params['links_limit']) ? $params['links_limit'] : 15); if (!isset($response['data']['events']) && \GO::modules()->calendar) { $response = $this->_processEventsDisplay($model, $response); } if (!isset($response['data']['tasks']) && \GO::modules()->tasks) { $response = $this->_processTasksDisplay($model, $response); } } if (!isset($response['data']['files'])) { $response = $this->_processFilesDisplay($model, $response); } if (\GO::modules()->comments) { $response = $this->_processCommentsDisplay($model, $response); } if (\GO::modules()->lists) { $response = \GO\Lists\ListsModule::displayResponse($model, $response); } $response = $this->afterDisplay($response, $model, $params); $this->fireEvent('display', array(&$this, &$response, &$model)); return $response; }
protected function beforeDuplicate(&$duplicate) { if (!empty($duplicate->acl_id)) { $oldAcl = \GO\Base\Model\Acl::model()->findByPk($duplicate->acl_id); $duplicate->setNewAcl(); $newAcl = \GO\Base\Model\Acl::model()->findByPk($duplicate->acl_id); $oldAcl->copyPermissions($newAcl); } return parent::beforeDuplicate($duplicate); }