/** * Method to determine if user can access a particular issue * * @param integer $issue_id The ID of the issue. * @param integer $usr_id The ID of the user * @return boolean If the user can access the issue */ public static function canAccessIssue($issue_id, $usr_id) { static $access; if (empty($issue_id)) { return false; } if (isset($access[$issue_id . '-' . $usr_id])) { return $access[$issue_id . '-' . $usr_id]; } $details = Issue::getDetails($issue_id); if (empty($details)) { return true; } $usr_details = User::getDetails($usr_id); $usr_role = User::getRoleByUser($usr_id, $details['iss_prj_id']); $prj_id = $details['iss_prj_id']; $can_access_contract = false; if (CRM::hasCustomerIntegration($prj_id)) { $crm = CRM::getInstance($prj_id); try { if (!empty($usr_details['usr_customer_contact_id']) && !empty($details['iss_customer_contract_id'])) { $contact = $crm->getContact($usr_details['usr_customer_contact_id']); $can_access_contract = $contact->canAccessContract($crm->getContract($details['iss_customer_contract_id'])); } } catch (CRMException $e) { // TODOCRM: Log exception? } } if (empty($usr_role)) { // check if they are even allowed to access the project $return = false; } elseif (CRM::hasCustomerIntegration($details['iss_prj_id']) && $usr_role == User::getRoleID('Customer') && $can_access_contract === false) { // check customer permissions $return = false; } elseif (!empty($usr_details['usr_par_code']) && !Partner::isPartnerEnabledForIssue($usr_details['usr_par_code'], $issue_id)) { // check if the user is a partner $return = false; } elseif ($details['iss_private'] == 1) { // check if the issue is even private // check role, reporter, assignment and group if ($usr_role > User::getRoleID('Developer')) { $return = true; } elseif ($details['iss_usr_id'] == $usr_id) { $return = true; } elseif (Issue::isAssignedToUser($issue_id, $usr_id)) { $return = true; } elseif (!empty($details['iss_grp_id']) && !empty($usr_details['usr_grp_id']) && $details['iss_grp_id'] == $usr_details['usr_grp_id']) { $return = true; } elseif (Authorized_Replier::isUserAuthorizedReplier($issue_id, $usr_id)) { $return = true; } else { $return = false; } } elseif (Auth::getCurrentRole() == User::getRoleID('Reporter') && Project::getSegregateReporters($prj_id) && $details['iss_usr_id'] != $usr_id && !Authorized_Replier::isUserAuthorizedReplier($issue_id, $usr_id)) { return false; } else { $return = true; } $access[$issue_id . '-' . $usr_id] = $return; return $return; }
/** * Checks whether the given email address is allowed to send emails in the * issue ID. * * @access public * @param integer $issue_id The issue ID * @param string $sender_email The email address * @return boolean */ function isAllowedToEmail($issue_id, $sender_email) { $prj_id = Issue::getProjectID($issue_id); // check the workflow $workflow_can_email = Workflow::canEmailIssue($prj_id, $issue_id, $sender_email); if ($workflow_can_email != null) { return $workflow_can_email; } $is_allowed = true; $sender_usr_id = User::getUserIDByEmail($sender_email); if (empty($sender_usr_id)) { if (Customer::hasCustomerIntegration($prj_id)) { // check for a customer contact with several email addresses $customer_id = Issue::getCustomerID($issue_id); $contact_emails = array_keys(Customer::getContactEmailAssocList($prj_id, $customer_id, Issue::getContractID($issue_id))); $contact_emails = array_map('strtolower', $contact_emails); if (!in_array(strtolower($sender_email), $contact_emails) && !Authorized_Replier::isAuthorizedReplier($issue_id, $sender_email)) { $is_allowed = false; } } else { if (!Authorized_Replier::isAuthorizedReplier($issue_id, $sender_email)) { $is_allowed = false; } } } else { // check if this user is not a customer and // also not in the assignment list for the current issue and // also not in the authorized repliers list // also not the reporter $details = Issue::getDetails($issue_id); if (!Issue::canAccess($issue_id, $sender_usr_id)) { $is_allowed = false; } if ($sender_usr_id != $details['iss_usr_id'] && !Authorized_Replier::isUserAuthorizedReplier($issue_id, $sender_usr_id) && !Issue::isAssignedToUser($issue_id, $sender_usr_id) && User::getRoleByUser($sender_usr_id, Issue::getProjectID($issue_id)) != User::getRoleID('Customer')) { $is_allowed = false; } elseif (User::getRoleByUser($sender_usr_id, Issue::getProjectID($issue_id)) == User::getRoleID('Customer') && User::getCustomerID($sender_usr_id) != Issue::getCustomerID($issue_id)) { $is_allowed = false; } } return $is_allowed; }
/** * Returns if the specified user is authorized to reply to this issue. * * @access public * @param integer $issue_id The id of the issue. * @param string $email The email address to check. * @return boolean If the specified user is allowed to reply to the issue. */ function isAuthorizedReplier($issue_id, $email) { $email = strtolower(Mail_API::getEmailAddress($email)); // first check if this is an actual user or just an email address $user_emails = User::getAssocEmailList(); if (in_array($email, array_keys($user_emails))) { // real user, get id $usr_id = User::getUserIDByEmail($email); return Authorized_Replier::isUserAuthorizedReplier($issue_id, $usr_id); } else { // not a real user $stmt = "SELECT\n COUNT(*) AS total\n FROM\n " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "issue_user_replier\n WHERE\n iur_iss_id=" . Misc::escapeInteger($issue_id) . " AND\n iur_email='" . Misc::escapeString($email) . "'"; $res = $GLOBALS["db_api"]->dbh->getOne($stmt); if (PEAR::isError($res)) { Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__); return false; } else { if ($res > 0) { return true; } else { return false; } } } }
$show_category = 0; } $cookie = Auth::getCookieInfo(APP_PROJECT_COOKIE); if (!empty($auto_switched_from)) { $tpl->assign(array("project_auto_switched" => 1, "old_project" => Project::getName($auto_switched_from))); } $setup = Setup::load(); $tpl->assign("allow_unassigned_issues", @$setup["allow_unassigned_issues"]); $tpl->assign(array('next_issue' => @$sides['next'], 'previous_issue' => @$sides['previous'], 'subscribers' => Notification::getSubscribers($issue_id), 'custom_fields' => Custom_Field::getListByIssue($prj_id, $issue_id), 'files' => Attachment::getList($issue_id), 'emails' => Support::getEmailsByIssue($issue_id), 'zones' => Date_API::getTimezoneList(), 'users' => Project::getUserAssocList($prj_id, 'active', User::getRoleID('Customer')), 'ema_id' => Email_Account::getEmailAccount(), 'max_attachment_size' => Attachment::getMaxAttachmentSize(), 'show_releases' => $show_releases, 'show_category' => $show_category, 'categories' => Category::getAssocList($prj_id), 'quarantine' => Issue::getQuarantineInfo($issue_id))); if ($role_id != User::getRoleID('customer')) { if (@$_REQUEST['show_all_drafts'] == 1) { $show_all_drafts = true; } else { $show_all_drafts = false; } if (Workflow::hasWorkflowIntegration($prj_id)) { $statuses = Workflow::getAllowedStatuses($prj_id, $issue_id); // if currently selected release is not on list, go ahead and add it. } else { $statuses = Status::getAssocStatusList($prj_id); } if (!empty($details['iss_sta_id']) && empty($statuses[$details['iss_sta_id']])) { $statuses[$details['iss_sta_id']] = Status::getStatusTitle($details['iss_sta_id']); } $time_entries = Time_Tracking::getListing($issue_id); $tpl->assign(array('notes' => Note::getListing($issue_id), 'is_user_assigned' => Issue::isAssignedToUser($issue_id, $usr_id), 'is_user_authorized' => Authorized_Replier::isUserAuthorizedReplier($issue_id, $usr_id), 'phone_entries' => Phone_Support::getListing($issue_id), 'phone_categories' => Phone_Support::getCategoryAssocList($prj_id), 'checkins' => SCM::getCheckinList($issue_id), 'time_categories' => Time_Tracking::getAssocCategories(), 'time_entries' => $time_entries['list'], 'total_time_spent' => $time_entries['total_time_spent'], 'impacts' => Impact_Analysis::getListing($issue_id), 'statuses' => $statuses, 'drafts' => Draft::getList($issue_id, $show_all_drafts), 'groups' => Group::getAssocList($prj_id))); } } } } $tpl->displayTemplate();
/** * Method to determine if user can access a particular issue * * @access public * @param integer $issue_id The ID of the issue. * @param integer $usr_id The ID of the user * @return boolean If the user can access the issue */ function canAccess($issue_id, $usr_id) { static $access; if (empty($issue_id)) { return true; } if (isset($access[$issue_id . "-" . $usr_id])) { return $access[$issue_id . "-" . $usr_id]; } $details = Issue::getDetails($issue_id); if (empty($details)) { return true; } $usr_details = User::getDetails($usr_id); $usr_role = User::getRoleByUser($usr_id, $details['iss_prj_id']); $prj_id = Issue::getProjectID($issue_id); // check customer permissions if (Customer::hasCustomerIntegration($details['iss_prj_id']) && $usr_role == User::getRoleID("Customer") && $details['iss_customer_id'] != $usr_details['usr_customer_id']) { $return = false; } elseif ($details['iss_private'] == 1) { // check if the issue is even private // check role, reporter, assigment and group if (User::getRoleByUser($usr_id, $details['iss_prj_id']) > User::getRoleID("Developer")) { $return = true; } elseif ($details['iss_usr_id'] == $usr_id) { $return = true; } elseif (Issue::isAssignedToUser($issue_id, $usr_id)) { $return = true; } elseif (!empty($details['iss_grp_id']) && !empty($usr_details['usr_grp_id']) && $details['iss_grp_id'] == $usr_details['usr_grp_id']) { $return = true; } elseif (Authorized_Replier::isUserAuthorizedReplier($issue_id, $usr_id)) { $return = true; } else { $return = false; } } elseif (Auth::getCurrentRole() <= User::getRoleID("Standard User") && Project::getSegregateReporters($prj_id) && $details['iss_usr_id'] != $usr_id && !Issue::isAssignedToUser($issue_id, $usr_id) && !Authorized_Replier::isUserAuthorizedReplier($issue_id, $usr_id)) { return false; } else { $return = true; } $access[$issue_id . "-" . $usr_id] = $return; return $return; }