/**
* Method to determine if user can access a particular issue
*
* @param integer $issue_id The ID of the issue.
* @param integer $usr_id The ID of the user
* @return boolean If the user can access the issue
*/
public static function canAccessIssue($issue_id, $usr_id)
{
static $access;
if (empty($issue_id)) {
return false;
}
if (isset($access[$issue_id . '-' . $usr_id])) {
return $access[$issue_id . '-' . $usr_id];
}
$details = Issue::getDetails($issue_id);
if (empty($details)) {
return true;
}
$usr_details = User::getDetails($usr_id);
$usr_role = User::getRoleByUser($usr_id, $details['iss_prj_id']);
$prj_id = $details['iss_prj_id'];
$can_access_contract = false;
if (CRM::hasCustomerIntegration($prj_id)) {
$crm = CRM::getInstance($prj_id);
try {
if (!empty($usr_details['usr_customer_contact_id']) && !empty($details['iss_customer_contract_id'])) {
$contact = $crm->getContact($usr_details['usr_customer_contact_id']);
$can_access_contract = $contact->canAccessContract($crm->getContract($details['iss_customer_contract_id']));
}
} catch (CRMException $e) {
// TODOCRM: Log exception?
}
}
if (empty($usr_role)) {
// check if they are even allowed to access the project
$return = false;
} elseif (CRM::hasCustomerIntegration($details['iss_prj_id']) && $usr_role == User::getRoleID('Customer') && $can_access_contract === false) {
// check customer permissions
$return = false;
} elseif (!empty($usr_details['usr_par_code']) && !Partner::isPartnerEnabledForIssue($usr_details['usr_par_code'], $issue_id)) {
// check if the user is a partner
$return = false;
} elseif ($details['iss_private'] == 1) {
// check if the issue is even private
// check role, reporter, assignment and group
if ($usr_role > User::getRoleID('Developer')) {
$return = true;
} elseif ($details['iss_usr_id'] == $usr_id) {
$return = true;
} elseif (Issue::isAssignedToUser($issue_id, $usr_id)) {
$return = true;
} elseif (!empty($details['iss_grp_id']) && !empty($usr_details['usr_grp_id']) && $details['iss_grp_id'] == $usr_details['usr_grp_id']) {
$return = true;
} elseif (Authorized_Replier::isUserAuthorizedReplier($issue_id, $usr_id)) {
$return = true;
} else {
$return = false;
}
} elseif (Auth::getCurrentRole() == User::getRoleID('Reporter') && Project::getSegregateReporters($prj_id) && $details['iss_usr_id'] != $usr_id && !Authorized_Replier::isUserAuthorizedReplier($issue_id, $usr_id)) {
return false;
} else {
$return = true;
}
$access[$issue_id . '-' . $usr_id] = $return;
return $return;
}
/**
* Checks whether the given email address is allowed to send emails in the
* issue ID.
*
* @access public
* @param integer $issue_id The issue ID
* @param string $sender_email The email address
* @return boolean
*/
function isAllowedToEmail($issue_id, $sender_email)
{
$prj_id = Issue::getProjectID($issue_id);
// check the workflow
$workflow_can_email = Workflow::canEmailIssue($prj_id, $issue_id, $sender_email);
if ($workflow_can_email != null) {
return $workflow_can_email;
}
$is_allowed = true;
$sender_usr_id = User::getUserIDByEmail($sender_email);
if (empty($sender_usr_id)) {
if (Customer::hasCustomerIntegration($prj_id)) {
// check for a customer contact with several email addresses
$customer_id = Issue::getCustomerID($issue_id);
$contact_emails = array_keys(Customer::getContactEmailAssocList($prj_id, $customer_id, Issue::getContractID($issue_id)));
$contact_emails = array_map('strtolower', $contact_emails);
if (!in_array(strtolower($sender_email), $contact_emails) && !Authorized_Replier::isAuthorizedReplier($issue_id, $sender_email)) {
$is_allowed = false;
}
} else {
if (!Authorized_Replier::isAuthorizedReplier($issue_id, $sender_email)) {
$is_allowed = false;
}
}
} else {
// check if this user is not a customer and
// also not in the assignment list for the current issue and
// also not in the authorized repliers list
// also not the reporter
$details = Issue::getDetails($issue_id);
if (!Issue::canAccess($issue_id, $sender_usr_id)) {
$is_allowed = false;
}
if ($sender_usr_id != $details['iss_usr_id'] && !Authorized_Replier::isUserAuthorizedReplier($issue_id, $sender_usr_id) && !Issue::isAssignedToUser($issue_id, $sender_usr_id) && User::getRoleByUser($sender_usr_id, Issue::getProjectID($issue_id)) != User::getRoleID('Customer')) {
$is_allowed = false;
} elseif (User::getRoleByUser($sender_usr_id, Issue::getProjectID($issue_id)) == User::getRoleID('Customer') && User::getCustomerID($sender_usr_id) != Issue::getCustomerID($issue_id)) {
$is_allowed = false;
}
}
return $is_allowed;
}
/**
* Returns if the specified user is authorized to reply to this issue.
*
* @access public
* @param integer $issue_id The id of the issue.
* @param string $email The email address to check.
* @return boolean If the specified user is allowed to reply to the issue.
*/
function isAuthorizedReplier($issue_id, $email)
{
$email = strtolower(Mail_API::getEmailAddress($email));
// first check if this is an actual user or just an email address
$user_emails = User::getAssocEmailList();
if (in_array($email, array_keys($user_emails))) {
// real user, get id
$usr_id = User::getUserIDByEmail($email);
return Authorized_Replier::isUserAuthorizedReplier($issue_id, $usr_id);
} else {
// not a real user
$stmt = "SELECT\n COUNT(*) AS total\n FROM\n " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "issue_user_replier\n WHERE\n iur_iss_id=" . Misc::escapeInteger($issue_id) . " AND\n iur_email='" . Misc::escapeString($email) . "'";
$res = $GLOBALS["db_api"]->dbh->getOne($stmt);
if (PEAR::isError($res)) {
Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__);
return false;
} else {
if ($res > 0) {
return true;
} else {
return false;
}
}
}
}
$show_category = 0;
}
$cookie = Auth::getCookieInfo(APP_PROJECT_COOKIE);
if (!empty($auto_switched_from)) {
$tpl->assign(array("project_auto_switched" => 1, "old_project" => Project::getName($auto_switched_from)));
}
$setup = Setup::load();
$tpl->assign("allow_unassigned_issues", @$setup["allow_unassigned_issues"]);
$tpl->assign(array('next_issue' => @$sides['next'], 'previous_issue' => @$sides['previous'], 'subscribers' => Notification::getSubscribers($issue_id), 'custom_fields' => Custom_Field::getListByIssue($prj_id, $issue_id), 'files' => Attachment::getList($issue_id), 'emails' => Support::getEmailsByIssue($issue_id), 'zones' => Date_API::getTimezoneList(), 'users' => Project::getUserAssocList($prj_id, 'active', User::getRoleID('Customer')), 'ema_id' => Email_Account::getEmailAccount(), 'max_attachment_size' => Attachment::getMaxAttachmentSize(), 'show_releases' => $show_releases, 'show_category' => $show_category, 'categories' => Category::getAssocList($prj_id), 'quarantine' => Issue::getQuarantineInfo($issue_id)));
if ($role_id != User::getRoleID('customer')) {
if (@$_REQUEST['show_all_drafts'] == 1) {
$show_all_drafts = true;
} else {
$show_all_drafts = false;
}
if (Workflow::hasWorkflowIntegration($prj_id)) {
$statuses = Workflow::getAllowedStatuses($prj_id, $issue_id);
// if currently selected release is not on list, go ahead and add it.
} else {
$statuses = Status::getAssocStatusList($prj_id);
}
if (!empty($details['iss_sta_id']) && empty($statuses[$details['iss_sta_id']])) {
$statuses[$details['iss_sta_id']] = Status::getStatusTitle($details['iss_sta_id']);
}
$time_entries = Time_Tracking::getListing($issue_id);
$tpl->assign(array('notes' => Note::getListing($issue_id), 'is_user_assigned' => Issue::isAssignedToUser($issue_id, $usr_id), 'is_user_authorized' => Authorized_Replier::isUserAuthorizedReplier($issue_id, $usr_id), 'phone_entries' => Phone_Support::getListing($issue_id), 'phone_categories' => Phone_Support::getCategoryAssocList($prj_id), 'checkins' => SCM::getCheckinList($issue_id), 'time_categories' => Time_Tracking::getAssocCategories(), 'time_entries' => $time_entries['list'], 'total_time_spent' => $time_entries['total_time_spent'], 'impacts' => Impact_Analysis::getListing($issue_id), 'statuses' => $statuses, 'drafts' => Draft::getList($issue_id, $show_all_drafts), 'groups' => Group::getAssocList($prj_id)));
}
}
}
}
$tpl->displayTemplate();
/**
* Method to determine if user can access a particular issue
*
* @access public
* @param integer $issue_id The ID of the issue.
* @param integer $usr_id The ID of the user
* @return boolean If the user can access the issue
*/
function canAccess($issue_id, $usr_id)
{
static $access;
if (empty($issue_id)) {
return true;
}
if (isset($access[$issue_id . "-" . $usr_id])) {
return $access[$issue_id . "-" . $usr_id];
}
$details = Issue::getDetails($issue_id);
if (empty($details)) {
return true;
}
$usr_details = User::getDetails($usr_id);
$usr_role = User::getRoleByUser($usr_id, $details['iss_prj_id']);
$prj_id = Issue::getProjectID($issue_id);
// check customer permissions
if (Customer::hasCustomerIntegration($details['iss_prj_id']) && $usr_role == User::getRoleID("Customer") && $details['iss_customer_id'] != $usr_details['usr_customer_id']) {
$return = false;
} elseif ($details['iss_private'] == 1) {
// check if the issue is even private
// check role, reporter, assigment and group
if (User::getRoleByUser($usr_id, $details['iss_prj_id']) > User::getRoleID("Developer")) {
$return = true;
} elseif ($details['iss_usr_id'] == $usr_id) {
$return = true;
} elseif (Issue::isAssignedToUser($issue_id, $usr_id)) {
$return = true;
} elseif (!empty($details['iss_grp_id']) && !empty($usr_details['usr_grp_id']) && $details['iss_grp_id'] == $usr_details['usr_grp_id']) {
$return = true;
} elseif (Authorized_Replier::isUserAuthorizedReplier($issue_id, $usr_id)) {
$return = true;
} else {
$return = false;
}
} elseif (Auth::getCurrentRole() <= User::getRoleID("Standard User") && Project::getSegregateReporters($prj_id) && $details['iss_usr_id'] != $usr_id && !Issue::isAssignedToUser($issue_id, $usr_id) && !Authorized_Replier::isUserAuthorizedReplier($issue_id, $usr_id)) {
return false;
} else {
$return = true;
}
$access[$issue_id . "-" . $usr_id] = $return;
return $return;
}
