/**
*
* @param Contact $user
* @param array $permissions
* @param ContactPermissionGroup $group
*/
function afterUserPermissionChanged($user, $permissions, $group = null)
{
//get members ids
$membersIds = array();
if (is_null($group)) {
//get all members affected from $permission
foreach ($permissions as $permission) {
$memberId = $permission->m;
if (!in_array($memberId, $membersIds)) {
$membersIds[] = $memberId;
}
}
} else {
// dimension
$dimensions = Dimensions::findAll();
$contact_pg_ids = $group->getId();
//get all allowed members for the group
$allowed_members = array();
foreach ($dimensions as $dimension) {
$member_list = array();
if ($dimension->getDefinesPermissions()) {
$member_list = DB::executeAll("SELECT * FROM " . TABLE_PREFIX . "members WHERE dimension_id = " . $dimension->getId() . " ORDER BY id");
}
foreach ($member_list as $dim_member) {
if (ContactMemberPermissions::instance()->contactCanAccessMemberAll($contact_pg_ids, $dim_member['id'], $user, ACCESS_LEVEL_READ, false)) {
$allowed_members[] = $dim_member['id'];
}
}
}
$membersIds = $allowed_members;
}
foreach ($membersIds as $member_id) {
ContactMemberCaches::updateContactMemberCache($user, $member_id);
}
}
static function createDefaultUserPermissionsAllDimension(Contact $user, $dimension_id, $remove_previous = true)
{
$role_id = $user->getUserType();
$permission_group_id = $user->getPermissionGroupId();
$dimension = Dimensions::getDimensionById($dimension_id);
if (!$dimension instanceof Dimension || !$dimension->getDefinesPermissions()) {
return;
}
try {
DB::beginWork();
$shtab_permissions = array();
$new_permissions = array();
$role_permissions = self::findAll(array('conditions' => 'role_id = ' . $role_id));
$members = Members::findAll(array('conditions' => 'dimension_id = ' . $dimension_id));
foreach ($members as $member) {
$member_id = $member->getId();
if ($remove_previous) {
ContactMemberPermissions::delete("permission_group_id = {$permission_group_id} AND member_id = {$member_id}");
}
foreach ($role_permissions as $role_perm) {
if ($member->canContainObject($role_perm->getObjectTypeId())) {
$cmp = new ContactMemberPermission();
$cmp->setPermissionGroupId($permission_group_id);
$cmp->setMemberId($member_id);
$cmp->setObjectTypeId($role_perm->getObjectTypeId());
$cmp->setCanDelete($role_perm->getCanDelete());
$cmp->setCanWrite($role_perm->getCanWrite());
$cmp->save();
$new_permissions[] = $cmp;
$perm = new stdClass();
$perm->m = $member_id;
$perm->r = 1;
$perm->w = $role_perm->getCanWrite();
$perm->d = $role_perm->getCanDelete();
$perm->o = $role_perm->getObjectTypeId();
$shtab_permissions[] = $perm;
}
}
}
if (count($shtab_permissions)) {
$stCtrl = new SharingTableController();
$stCtrl->afterPermissionChanged($permission_group_id, $shtab_permissions);
}
DB::commit();
return $new_permissions;
} catch (Exception $e) {
DB::rollback();
throw $e;
}
}
function delete() {
// delete system permissions
SystemPermissions::delete("`permission_group_id` = ".$this->getId());
// delete member permissions
ContactMemberPermissions::delete("`permission_group_id` = ".$this->getId());
// delte dimension permissions
ContactDimensionPermissions::delete("`permission_group_id` = ".$this->getId());
// delete contact_permission_group entries
ContactPermissionGroups::delete("`permission_group_id` = ".$this->getId());
// delete tab panel permissions
TabPanelPermissions::delete("`permission_group_id` = ".$this->getId());
parent::delete();
}
/**
* Finish the installation - create owner company and administrator
*
* @param void
* @return null
*/
function complete_installation() {
if(Contacts::getOwnerCompany() instanceof Contact) {
die('Owner company already exists'); // Somebody is trying to access this method even if the user already exists
} // if
$form_data = array_var($_POST, 'form');
tpl_assign('form_data', $form_data);
if(array_var($form_data, 'submited') == 'submited') {
try {
$admin_password = trim(array_var($form_data, 'admin_password'));
$admin_password_a = trim(array_var($form_data, 'admin_password_a'));
if(trim($admin_password) == '') {
throw new Error(lang('password value required'));
} // if
if($admin_password <> $admin_password_a) {
throw new Error(lang('passwords dont match'));
} // if
DB::beginWork();
Contacts::delete(); // clear users table
// Create a company
$company = new Contact();
$company->setFirstName(array_var($form_data, 'company_name'));
$company->setObjectName();
$company->setIsCompany(true);
$company->save();
// Init default colors
set_config_option('brand_colors_head_back', "000000");
set_config_option('brand_colors_tabs_back', "14780e");
set_config_option('brand_colors_head_font', "ffffff");
set_config_option('brand_colors_tabs_font', "ffffff");
// Create the administrator user
$administrator = new Contact();
$pergroup = PermissionGroups::findOne(array('conditions'=>"`name`='Super Administrator'"));
$administrator->setUserType($pergroup->getId());
$administrator->setCompanyId($company->getId());
$administrator->setUsername(array_var($form_data, 'admin_username'));
$administrator->setPassword($admin_password);
$administrator->setFirstname(array_var($form_data, 'admin_username'));
$administrator->setObjectName();
$administrator->save();
$user_password = new ContactPassword();
$user_password->setContactId($administrator->getId());
$user_password->password_temp = $admin_password;
$user_password->setPasswordDate(DateTimeValueLib::now());
$user_password->setPassword(cp_encrypt($admin_password, $user_password->getPasswordDate()->getTimestamp()));
$user_password->save();
//Add email after save because is needed.
$administrator->addEmail(array_var($form_data, 'admin_email'), 'personal', true);
//permissions
$permission_group = new PermissionGroup();
$permission_group->setName('Account Owner');
$permission_group->setContactId($administrator->getId());
$permission_group->setIsContext(false);
$permission_group->setType("permission_groups");
$permission_group->save();
$administrator->setPermissionGroupId($permission_group->getId());
$administrator->save();
$company->setCreatedById($administrator->getId());
$company->setUpdatedById($administrator->getId());
$company->save();
$contact_pg = new ContactPermissionGroup();
$contact_pg->setContactId($administrator->getId());
$contact_pg->setPermissionGroupId($permission_group->getId());
$contact_pg->save();
// tab panel permissions
$panels = TabPanels::getEnabled();
foreach ($panels as $panel) {
$tpp = new TabPanelPermission();
$tpp->setPermissionGroupId($administrator->getPermissionGroupId());
$tpp->setTabPanelId($panel->getId());
$tpp->save();
}
// dimension permissions
$dimensions = Dimensions::findAll();
foreach ($dimensions as $dimension) {
if ($dimension->getDefinesPermissions()) {
$cdp = ContactDimensionPermissions::findOne(array("conditions" => "`permission_group_id` = ".$administrator->getPermissionGroupId()." AND `dimension_id` = ".$dimension->getId()));
if (!$cdp instanceof ContactDimensionPermission) {
$cdp = new ContactDimensionPermission();
$cdp->setPermissionGroupId($administrator->getPermissionGroupId());
$cdp->setContactDimensionId($dimension->getId());
}
$cdp->setPermissionType('allow all');
$cdp->save();
// contact member permisssion entries
$members = $dimension->getAllMembers();
foreach ($members as $member) {
$ots = DimensionObjectTypeContents::getContentObjectTypeIds($dimension->getId(), $member->getObjectTypeId());
$ots[]=$member->getObjectId();
foreach ($ots as $ot) {
$cmp = ContactMemberPermissions::findOne();
if (!$cmp instanceof ContactMemberPermission) {
$cmp = new ContactMemberPermission(array("conditions" => "`permission_group_id` = ".$administrator->getPermissionGroupId()." AND `member_id` = ".$member->getId()." AND `object_type_id` = $ot"));
$cmp->setPermissionGroupId($administrator->getPermissionGroupId());
$cmp->setMemberId($member->getId());
$cmp->setObjectTypeId($ot);
}
$cmp->setCanWrite(1);
$cmp->setCanDelete(1);
$cmp->save();
}
}
}
}
// system permissions
$sp = new SystemPermission();
$sp->setPermissionGroupId($administrator->getPermissionGroupId());
$sp->setAllPermissions(true);
$sp->save();
Hook::fire('after_user_add', $administrator, $null);
DB::commit();
$this->redirectTo('access', 'login');
} catch(Exception $e) {
tpl_assign('error', $e);
DB::rollback();
} // try
} // if
} // complete_installation
/**
* @deprecated
* Enter description here ...
* @param unknown_type $dm_conditions
* @param unknown_type $dimension
* @param unknown_type $member_ids
* @param unknown_type $object_type_id
* @param unknown_type $pg_ids
* @param unknown_type $operator
* @param unknown_type $selection_members
* @param unknown_type $all
*/
static function prepareQuery($dm_conditions, $dimension, $member_ids, $object_type_id, $pg_ids, $operator, $selection_members, $all = false)
{
$permission_conditions = "";
$member_ids_csv = count($member_ids) > 0 ? implode(",", $member_ids) : '0';
$check = $dimension->getDefinesPermissions() && !$dimension->hasAllowAllForContact($pg_ids);
if ($check) {
// context permissions
$context_conditions = "";
$context_permission_member_ids = array();
$context_permission_member_ids = ContactMemberPermissions::getActiveContextPermissions(logged_user(), $object_type_id, $selection_members, $member_ids);
if (count($context_permission_member_ids) != 0) {
$context_conditions .= "OR EXISTS (SELECT `om2`.`object_id` FROM `" . TABLE_PREFIX . "object_members` `om2` WHERE\r\n\t \t\t\t\t\t\t\t`om2`.`object_id` = `om`.`object_id` AND `o`.`object_type_id` = {$object_type_id} \r\n\t \t\t\t\t\t\t\tAND `om2`.`member_id` IN (" . implode(",", $context_permission_member_ids) . "))";
}
$permission_conditions = "AND EXISTS (SELECT `cmp`.`member_id` FROM `" . TABLE_PREFIX . "contact_member_permissions` \r\n \t\t\t\t\t\t`cmp` WHERE `om2`.`member_id` = `cmp`.`member_id` AND `cmp`.`permission_group_id` IN ({$pg_ids}) AND \r\n \t\t\t\t\t\t`o`.`object_type_id` = `cmp`.`object_type_id`) {$context_conditions}";
}
$not_exists = "OR NOT EXISTS (SELECT `om2`.`object_id` FROM `" . TABLE_PREFIX . "object_members` `om2` WHERE\r\n \t\t\t\t\t\t`om2`.`object_id` = `om`.`object_id` AND `om2`.`member_id` IN (" . $member_ids_csv . ")\r\n \t\t\t\t\t\tAND `om2`.`is_optimization` = 0)";
$dm_condition = "EXISTS (SELECT `om2`.`object_id` FROM `" . TABLE_PREFIX . "object_members` `om2` WHERE\r\n \t\t\t\t\t\t`om2`.`object_id` = `om`.`object_id` AND `om2`.`member_id` IN (" . $member_ids_csv . ")\r\n \t\t\t\t\t\tAND `om2`.`is_optimization` = 0 {$permission_conditions})";
if ($all) {
$condition = "({$dm_condition} {$not_exists})";
$operator = "AND";
} else {
$condition = $dm_condition;
}
$dm_conditions = $dm_conditions != "" ? " {$operator} {$condition}" : " {$condition}";
return $dm_conditions;
}
function delete()
{
if (!can_manage_dimension_members(logged_user())) {
flash_error(lang('no access permissions'));
ajx_current("empty");
return;
}
$member = Members::findById(get_id());
if (!$member instanceof Member) {
ajx_current("empty");
return;
}
$ret = array();
Hook::fire('check_additional_member_permissions', array('action' => 'delete', 'member' => $member, 'pg_id' => logged_user()->getPermissionGroupId()), $ret);
if (count($ret) > 0 && !array_var($ret, 'ok')) {
flash_error(array_var($ret, 'message'));
ajx_current("empty");
return;
}
try {
DB::beginWork();
if (!$member->canBeDeleted($error_message)) {
throw new Exception($error_message);
}
$dim_id = $member->getDimensionId();
// Remove from sharing table
$sqlDeleteSharingTable = "DELETE sh FROM `" . TABLE_PREFIX . "sharing_table` sh\r\n\t\t\t\t\t\t\t\t\t\tLEFT JOIN `" . TABLE_PREFIX . "object_members` om\r\n\t\t\t\t\t\t\t\t\t\tON om.object_id = sh.object_id\r\n\t\t\t\t\t\t\t\t\t\tWHERE om.member_id = " . $member->getId() . " AND om.is_optimization = 0;";
DB::execute($sqlDeleteSharingTable);
$affectedObjectsRows = DB::executeAll("SELECT distinct(object_id) AS object_id FROM " . TABLE_PREFIX . "object_members where member_id = " . $member->getId() . " AND is_optimization = 0");
if (is_array($affectedObjectsRows) && count($affectedObjectsRows) > 0) {
$ids_str = "";
foreach ($affectedObjectsRows as $row) {
$oid = $row['object_id'];
$ids_str .= ($ids_str == "" ? "" : ",") . $oid;
}
add_multilple_objects_to_sharing_table($ids_str, logged_user());
}
// remove member associations
MemberPropertyMembers::delete('member_id = ' . $member->getId() . ' OR property_member_id = ' . $member->getId());
MemberRestrictions::delete('member_id = ' . $member->getId() . ' OR restricted_member_id = ' . $member->getId());
// remove from permissions tables
ContactMemberPermissions::delete('member_id = ' . $member->getId());
PermissionContexts::delete('member_id = ' . $member->getId());
// remove associated content object
if ($member->getObjectId() > 0) {
$mobj = Objects::findObject($member->getObjectId());
if ($mobj instanceof ContentDataObject) {
$mobj->delete();
}
}
// delete from object_members
ObjectMembers::delete('member_id = ' . $member->getId());
Hook::fire('delete_member', $member, $ret);
$parent_id = $member->getParentMemberId();
$ok = $member->delete(false);
if ($ok) {
evt_add("reload dimension tree", array('dim_id' => $dim_id, 'node' => null));
evt_add("try to select member", array('dimension_id' => $dim_id, 'id' => $parent_id));
}
DB::commit();
flash_success(lang('success delete member', $member->getName()));
if (get_id('start')) {
ajx_current("start");
} else {
if (get_id('dont_reload')) {
ajx_current("empty");
} else {
ajx_current("reload");
}
}
} catch (Exception $e) {
DB::rollback();
flash_error($e->getMessage());
ajx_current("empty");
}
}
/**
* Finish the installation - create owner company and administrator
*
* @param void
* @return null
*/
function complete_installation()
{
if (Contacts::getOwnerCompany() instanceof Contact) {
die('Owner company already exists');
// Somebody is trying to access this method even if the user already exists
}
// if
$form_data = array_var($_POST, 'form');
tpl_assign('form_data', $form_data);
if (array_var($form_data, 'submited') == 'submited') {
try {
$admin_password = trim(array_var($form_data, 'admin_password'));
$admin_password_a = trim(array_var($form_data, 'admin_password_a'));
if (trim($admin_password) == '') {
throw new Error(lang('password value required'));
}
// if
if ($admin_password != $admin_password_a) {
throw new Error(lang('passwords dont match'));
}
// if
DB::beginWork();
Contacts::delete();
// clear users table
// Create a company
$company = new Contact();
$company->setFirstName(array_var($form_data, 'company_name'));
$company->setObjectName();
$company->setIsCompany(true);
$company->save();
// Init default colors
set_config_option('brand_colors_head_back', "424242");
set_config_option('brand_colors_tabs_back', "e7e7e7");
set_config_option('brand_colors_head_font', "FFFFFF");
set_config_option('brand_colors_tabs_font', "333333");
// Create the administrator user
$administrator = new Contact();
$pergroup = PermissionGroups::findOne(array('conditions' => "`name`='Super Administrator'"));
$administrator->setUserType($pergroup->getId());
$administrator->setCompanyId($company->getId());
$administrator->setUsername(array_var($form_data, 'admin_username'));
$administrator->setPassword($admin_password);
$administrator->setFirstname(array_var($form_data, 'admin_username'));
$administrator->setObjectName();
$administrator->save();
$user_password = new ContactPassword();
$user_password->setContactId($administrator->getId());
$user_password->password_temp = $admin_password;
$user_password->setPasswordDate(DateTimeValueLib::now());
$user_password->setPassword(cp_encrypt($admin_password, $user_password->getPasswordDate()->getTimestamp()));
$user_password->save();
//Add email after save because is needed.
$administrator->addEmail(array_var($form_data, 'admin_email'), 'personal', true);
//permissions
$permission_group = new PermissionGroup();
$permission_group->setName('Account Owner');
$permission_group->setContactId($administrator->getId());
$permission_group->setIsContext(false);
$permission_group->setType("permission_groups");
$permission_group->save();
$administrator->setPermissionGroupId($permission_group->getId());
$administrator->save();
$company->setCreatedById($administrator->getId());
$company->setUpdatedById($administrator->getId());
$company->save();
$contact_pg = new ContactPermissionGroup();
$contact_pg->setContactId($administrator->getId());
$contact_pg->setPermissionGroupId($permission_group->getId());
$contact_pg->save();
// tab panel permissions
$panels = TabPanels::getEnabled();
foreach ($panels as $panel) {
$tpp = new TabPanelPermission();
$tpp->setPermissionGroupId($administrator->getPermissionGroupId());
$tpp->setTabPanelId($panel->getId());
$tpp->save();
}
// dimension permissions
$dimensions = Dimensions::findAll();
foreach ($dimensions as $dimension) {
if ($dimension->getDefinesPermissions()) {
$cdp = ContactDimensionPermissions::findOne(array("conditions" => "`permission_group_id` = " . $administrator->getPermissionGroupId() . " AND `dimension_id` = " . $dimension->getId()));
if (!$cdp instanceof ContactDimensionPermission) {
$cdp = new ContactDimensionPermission();
$cdp->setPermissionGroupId($administrator->getPermissionGroupId());
$cdp->setContactDimensionId($dimension->getId());
}
$cdp->setPermissionType('allow all');
$cdp->save();
// contact member permisssion entries
$members = $dimension->getAllMembers();
foreach ($members as $member) {
$ots = DimensionObjectTypeContents::getContentObjectTypeIds($dimension->getId(), $member->getObjectTypeId());
$ots[] = $member->getObjectId();
foreach ($ots as $ot) {
$cmp = ContactMemberPermissions::findOne();
if (!$cmp instanceof ContactMemberPermission) {
$cmp = new ContactMemberPermission(array("conditions" => "`permission_group_id` = " . $administrator->getPermissionGroupId() . " AND `member_id` = " . $member->getId() . " AND `object_type_id` = {$ot}"));
$cmp->setPermissionGroupId($administrator->getPermissionGroupId());
$cmp->setMemberId($member->getId());
$cmp->setObjectTypeId($ot);
}
$cmp->setCanWrite(1);
$cmp->setCanDelete(1);
$cmp->save();
}
}
}
}
// system permissions
$sp = new SystemPermission();
$sp->setPermissionGroupId($administrator->getPermissionGroupId());
$sp->setAllPermissions(true);
$sp->save();
// root permissions
DB::executeAll("\r\n\t\t\t\tINSERT INTO " . TABLE_PREFIX . "contact_member_permissions (permission_group_id, member_id, object_type_id, can_delete, can_write)\r\n\t\t\t\t SELECT " . $administrator->getPermissionGroupId() . ", 0, rtp.object_type_id, rtp.can_delete, rtp.can_write FROM " . TABLE_PREFIX . "role_object_type_permissions rtp \r\n\t\t\t\t WHERE rtp.object_type_id NOT IN (SELECT id FROM " . TABLE_PREFIX . "object_types WHERE name IN ('mail','template','file_revision')) AND rtp.role_id in (\r\n\t\t\t\t SELECT pg.id FROM " . TABLE_PREFIX . "permission_groups pg WHERE pg.type='roles' AND pg.name IN ('Super Administrator','Administrator','Manager','Executive')\r\n\t\t\t\t )\r\n\t\t\t\tON DUPLICATE KEY UPDATE member_id=0;");
Hook::fire('after_user_add', $administrator, $null);
DB::commit();
$this->redirectTo('access', 'login');
} catch (Exception $e) {
tpl_assign('error', $e);
DB::rollback();
}
// try
}
// if
}
/**
* Enter description here ...
* @param Contact $contact
* @param array of ObjectType $types
* @param array of int $members
*/
function grantAllPermissions(Contact $contact, $members)
{
if ($contact->getUserType() > 0 && count($members)) {
$userType = $contact->getUserTypeName();
$permissions = array();
// TO fill sharing table
$gid = $contact->getPermissionGroupId();
foreach ($members as $member_id) {
//new
$member = Members::findById($member_id);
$dimension = $member->getDimension();
$types = array();
$member_types = DimensionObjectTypeContents::getContentObjectTypeIds($dimension->getId(), $member->getObjectTypeId());
if (count($member_types)) {
switch ($userType) {
case 'Super Administrator':
case 'Administrator':
case 'Manager':
case 'Executive':
$types = $member_types;
break;
case 'Collaborator Customer':
case 'Non-Exec Director':
foreach (ObjectTypes::findAll(array("conditions" => " name NOT IN ('mail') ")) as $type) {
//TODO This sucks
$types[] = $type->getId();
}
break;
case 'Internal Collaborator':
case 'External Collaborator':
foreach (ObjectTypes::findAll(array("conditions" => " name NOT IN ('mail','contact', 'report') ")) as $type) {
//TODO This sucks
$types[] = $type->getId();
}
break;
case 'Guest Customer':
foreach (ObjectTypes::findAll(array("conditions" => " name IN ('message', 'weblink', 'event', 'file') ")) as $type) {
//TODO This sucks
$types[] = $type->getId();
}
break;
case 'Guest':
foreach (ObjectTypes::findAll(array("conditions" => " name IN ('message', 'weblink', 'event') ")) as $type) {
//TODO This sucks
$types[] = $type->getId();
}
break;
}
}
foreach ($types as $type_id) {
if (!ContactMemberPermissions::instance()->findOne(array("conditions" => "permission_group_id = {$gid}\tAND \n\t\t\t\t\t\t\tmember_id = {$member_id} AND \n\t\t\t\t\t\t\tobject_type_id = {$type_id}"))) {
$cmp = new ContactMemberPermission();
$cmp->setPermissionGroupId($gid);
$cmp->setMemberId($member_id);
$cmp->setObjectTypeId($type_id);
if ($userType != "Guest" && $userType != "Guest Customer") {
$cmp->setCanWrite(1);
$cmp->setCanDelete(1);
} else {
$cmp->setCanWrite(0);
$cmp->setCanDelete(0);
}
$cmp->save();
$perm = new stdClass();
$perm->m = $member_id;
$perm->r = 1;
$perm->w = 1;
$perm->d = 1;
$perm->o = $type_id;
$permissions[] = $perm;
}
}
}
if (count($permissions)) {
$stCtrl = new SharingTableController();
$stCtrl->afterPermissionChanged($contact->getPermissionGroupId(), $permissions);
}
}
}
/**
* Return manager instance
*
* @access protected
* @param void
* @return ContactMemberPermissions
*/
function manager() {
if(!($this->manager instanceof ContactMemberPermissions)) $this->manager = ContactMemberPermissions::instance();
return $this->manager;
} // manager
function save_member_permissions($member, $permissionsString = null, $save_cmps = true, $update_sharing_table = true, $fire_hook = true, $update_contact_member_cache = true)
{
@set_time_limit(0);
ini_set('memory_limit', '1024M');
if (!$member instanceof Member) {
return;
}
if (is_null($permissionsString)) {
$permissionsString = array_var($_POST, 'permissions');
}
if ($permissionsString && $permissionsString != '') {
$permissions = json_decode($permissionsString);
}
$sharingTablecontroller = new SharingTableController();
$contactMemberCacheController = new ContactMemberCacheController();
$changed_pgs = array();
$sql_insert_values = "";
if (isset($permissions) && is_array($permissions)) {
$allowed_pg_ids = array();
foreach ($permissions as $k => &$perm) {
if ($perm->r) {
$allowed_pg_ids[$perm->pg] = array();
if (isset($allowed_pg_ids[$perm->pg]['w'])) {
if (!$allowed_pg_ids[$perm->pg]['w']) {
$allowed_pg_ids[$perm->pg]['w'] = $perm->w;
}
} else {
$allowed_pg_ids[$perm->pg]['w'] = $perm->w;
}
if (isset($allowed_pg_ids[$perm->pg]['d'])) {
if (!$allowed_pg_ids[$perm->pg]['d']) {
$allowed_pg_ids[$perm->pg]['d'] = $perm->d;
}
} else {
$allowed_pg_ids[$perm->pg]['d'] = $perm->d;
}
// check max permissions for user type
$tmp_contact = Contacts::findOne(array('conditions' => 'permission_group_id = ' . $perm->pg));
if ($tmp_contact instanceof Contact) {
$max_role_ot_perms = MaxRoleObjectTypePermissions::instance()->findAll(array('conditions' => "role_id = '" . $tmp_contact->getUserType() . "'"));
$max_perm = null;
foreach ($max_role_ot_perms as $max_role_ot_perm) {
if ($max_role_ot_perm->getObjectTypeId() == $perm->o) {
$max_perm = $max_role_ot_perm;
}
}
$perm->m = $member->getId();
if ($max_perm) {
if (!$max_perm->getCanDelete()) {
$perm->d = 0;
}
if (!$max_perm->getCanWrite()) {
$perm->w = 0;
}
} else {
$perm->d = 0;
$perm->w = 0;
$perm->r = 0;
unset($permissions[$k]);
continue;
}
}
if ($save_cmps) {
$sql_insert_values .= ($sql_insert_values == "" ? "" : ",") . "('" . $perm->pg . "','" . $member->getId() . "','" . $perm->o . "','" . $perm->d . "','" . $perm->w . "')";
}
}
$perm->m = $member->getId();
$changed_pgs[$perm->pg] = $perm->pg;
}
if ($save_cmps) {
if (count($changed_pgs) > 0) {
DB::execute("DELETE FROM " . TABLE_PREFIX . "contact_member_permissions WHERE permission_group_id IN (" . implode(',', $changed_pgs) . ") AND member_id=" . $member->getId());
}
if ($sql_insert_values != "") {
DB::execute("INSERT INTO " . TABLE_PREFIX . "contact_member_permissions (permission_group_id, member_id, object_type_id, can_delete, can_write) VALUES {$sql_insert_values} ON DUPLICATE KEY UPDATE member_id=member_id");
}
}
foreach ($permissions as $p) {
if (!$p->m) {
$p->m = $member->getId();
}
}
if ($update_sharing_table) {
foreach ($changed_pgs as $pg_id) {
$sharingTablecontroller->afterPermissionChanged($pg_id, $permissions);
}
}
if ($update_contact_member_cache) {
$contactMemberCacheController->afterMemberPermissionChanged(array('changed_pgs' => $changed_pgs, 'member' => $member));
}
foreach ($allowed_pg_ids as $key => $mids) {
$root_cmp = ContactMemberPermissions::findById(array('permission_group_id' => $key, 'member_id' => $member->getId(), 'object_type_id' => $member->getObjectTypeId()));
if (!$root_cmp instanceof ContactMemberPermission) {
$root_cmp = new ContactMemberPermission();
$root_cmp->setPermissionGroupId($key);
$root_cmp->setMemberId($member->getId());
$root_cmp->setObjectTypeId($member->getObjectTypeId());
}
$root_cmp->setCanWrite($mids['w'] == true ? 1 : 0);
$root_cmp->setCanDelete($mids['d'] == true ? 1 : 0);
$root_cmp->save();
}
}
// check the status of the dimension to set 'allow_all', 'deny_all' or 'check'
$dimension = $member->getDimension();
foreach ($changed_pgs as $pg_id) {
$dimension->setContactDimensionPermission($pg_id, 'check');
}
if ($fire_hook) {
Hook::fire('after_save_member_permissions', array('member' => $member, 'user_id' => logged_user()->getId()), $member);
}
return array('changed_pgs' => $changed_pgs, 'member' => $member);
}
/**
*
*
*/
function list_dimension_members($member_id, $context_dimension_id, $object_type_id, $allowed_member_type_ids)
{
if ($member_id != 0) {
$contact_pg_ids = ContactPermissionGroups::getPermissionGroupIdsByContactCSV(logged_user()->getId(), false);
$member = members::findById($member_id);
$dimension = Dimensions::getDimensionById($context_dimension_id);
if ($object_type_id != null) {
$dimension_object_type_contents = $dimension->getObjectTypeContent($object_type_id);
foreach ($dimension_object_type_contents as $dotc) {
$dot_id = $dotc->getDimensionObjectTypeId();
if (is_null($allowed_member_type_ids) || in_array($dot_id, $allowed_member_type_ids)) {
$allowed_object_type_ids[] = $dot_id;
}
}
}
if ($dimension instanceof Dimension && $member instanceof Member) {
if (!$dimension->getDefinesPermissions() || $dimension->hasAllowAllForContact($contact_pg_ids)) {
$dimension_members = $dimension->getAllMembers(false, "parent_member_id, name", true);
} else {
if ($dimension->hasCheckForContact($contact_pg_ids)) {
$member_list = $dimension->getAllMembers(false, "parent_member_id, name", true);
$allowed_members = array();
foreach ($member_list as $dim_member) {
if (ContactMemberPermissions::instance()->contactCanReadMemberAll($contact_pg_ids, $dim_member->getId(), logged_user())) {
$allowed_members[] = $dim_member;
}
}
$dimension_members = $allowed_members;
}
}
$members_to_retrieve = array();
$association_ids = DimensionMemberAssociations::getAllAssociationIds($member->getDimensionId(), $context_dimension_id);
if (count($association_ids) > 0) {
$associated_members_ids_csv = '';
foreach ($association_ids as $id) {
$association = DimensionMemberAssociations::findById($id);
$children = $member->getAllChildrenInHierarchy();
if ($association->getDimensionId() == $context_dimension_id) {
$new_csv = MemberPropertyMembers::getAllMemberIds($id, $member_id);
$associated_members_ids_csv .= $new_csv != '' ? $new_csv . "," : '';
foreach ($children as $child) {
$new_csv = MemberPropertyMembers::getAllMemberIds($id, $child->getId());
$associated_members_ids_csv .= $new_csv != '' ? $new_csv . "," : '';
}
} else {
$new_csv = MemberPropertyMembers::getAllPropertyMemberIds($id, $member_id) . ",";
$associated_members_ids_csv .= $new_csv != '' ? $new_csv . "," : '';
foreach ($children as $child) {
$new_csv = MemberPropertyMembers::getAllPropertyMemberIds($id, $child->getId());
$associated_members_ids_csv .= $new_csv != '' ? $new_csv . "," : '';
}
}
}
$associated_members_ids = explode(',', $associated_members_ids_csv);
$associated_members_ids = array_unique($associated_members_ids);
}
if (isset($associated_members_ids) && count($associated_members_ids) > 0) {
foreach ($associated_members_ids as $id) {
$associated_member = Members::findById($id);
if (in_array($associated_member, $dimension_members)) {
$context_hierarchy_members = $associated_member->getAllParentMembersInHierarchy(true);
foreach ($context_hierarchy_members as $context_member) {
if (!in_array($context_member, $members_to_retrieve) && in_array($context_member, $dimension_members)) {
$members_to_retrieve[$context_member->getName()] = $context_member;
}
}
}
}
// alphabetical order
$members_to_retrieve = array_ksort($members_to_retrieve);
} else {
$members_to_retrieve[] = $dimension_members;
}
$membersset = array();
foreach ($members_to_retrieve as $m) {
$membersset[$m->getId()] = true;
}
$members = array();
// Todo adapt this code to call "buildMemberList" - (performance and code improvement)
foreach ($members_to_retrieve as $m) {
if ($m->getArchivedById() > 0) {
continue;
}
if ($object_type_id != null) {
$selectable = in_array($m->getObjectTypeId(), $allowed_object_type_ids) ? true : false;
}
$tempParent = $m->getParentMemberId();
$x = $m;
while ($x instanceof Member && !isset($membersset[$tempParent])) {
$tempParent = $x->getParentMemberId();
$x = $x->getParentMember();
}
if (!$x instanceof Member) {
$tempParent = 0;
}
if ($dot = DimensionObjectTypes::instance()->findOne(array("conditions" => "\n\t\t\t\t\t\tdimension_id = " . $dimension->getId() . " AND\n\t\t\t\t\t\tobject_type_id = " . $m->getObjectTypeId()))) {
$memberOptions = $dot->getOptions(true);
} else {
$memberOptions = '';
}
/* @var $m Member */
$member = array("id" => $m->getId(), "name" => clean($m->getName()), "parent" => $tempParent, "realParent" => $m->getParentMemberId(), "object_id" => $m->getObjectId(), "options" => $memberOptions, "depth" => $m->getDepth(), "iconCls" => $m->getIconClass(), "selectable" => isset($selectable) ? $selectable : false, "dimension_id" => $m->getDimensionId(), "object_type_id" => $m->getObjectTypeId(), "allow_childs" => $m->allowChilds());
if ($oid = $m->getObjectId()) {
if ($obj = Objects::instance()->findObject($m->getObjectId())) {
$editUrl = $obj->getEditUrl();
}
}
// Member Actions
if (can_manage_dimension_members(logged_user())) {
if ($oid = $m->getObjectId()) {
if ($obj = Objects::instance()->findObject($m->getObjectId())) {
$editUrl = $obj->getEditUrl();
}
} else {
$editUrl = get_url('member', 'edit', array('id' => $m->getId()));
}
$member['actions'] = array(array('url' => $editUrl, 'text' => '', 'iconCls' => 'ico-edit'));
}
$members[] = $member;
}
return $members;
}
return null;
} else {
$members = $this->initial_list_dimension_members($context_dimension_id, $object_type_id, $allowed_member_type_ids);
return $members;
}
}
function create_user($user_data, $permissionsString, $rp_permissions_data = array(), $save_permissions = true)
{
// try to find contact by some properties
$contact_id = array_var($user_data, "contact_id");
$contact = Contacts::instance()->findById($contact_id);
if (!is_valid_email(array_var($user_data, 'email'))) {
throw new Exception(lang("email value is required"));
}
if (!$contact instanceof Contact) {
// Create a new user
$contact = new Contact();
$contact->setUsername(array_var($user_data, 'username'));
$contact->setDisplayName(array_var($user_data, 'display_name'));
$contact->setCompanyId(array_var($user_data, 'company_id'));
$contact->setUserType(array_var($user_data, 'type'));
$contact->setTimezone(array_var($user_data, 'timezone'));
$contact->setFirstname($contact->getObjectName() != "" ? $contact->getObjectName() : $contact->getUsername());
$contact->setObjectName();
$user_from_contact = false;
} else {
// Create user from contact
$contact->setUserType(array_var($user_data, 'type'));
if (array_var($user_data, 'company_id')) {
$contact->setCompanyId(array_var($user_data, 'company_id'));
}
$contact->setUsername(array_var($user_data, 'username'));
$contact->setTimezone(array_var($user_data, 'timezone'));
$user_from_contact = true;
}
$contact->save();
if (is_valid_email(array_var($user_data, 'email'))) {
$user = Contacts::getByEmail(array_var($user_data, 'email'));
if (!$user) {
$contact->addEmail(array_var($user_data, 'email'), 'personal', true);
}
}
//permissions
$additional_name = "";
$tmp_pg = PermissionGroups::findOne(array('conditions' => "`name`='User " . $contact->getId() . " Personal'"));
if ($tmp_pg instanceof PermissionGroup) {
$additional_name = "_" . gen_id();
}
$permission_group = new PermissionGroup();
$permission_group->setName('User ' . $contact->getId() . $additional_name . ' Personal');
$permission_group->setContactId($contact->getId());
$permission_group->setIsContext(false);
$permission_group->setType("permission_groups");
$permission_group->save();
$contact->setPermissionGroupId($permission_group->getId());
$null = null;
Hook::fire('on_create_user_perm_group', $permission_group, $null);
$contact_pg = new ContactPermissionGroup();
$contact_pg->setContactId($contact->getId());
$contact_pg->setPermissionGroupId($permission_group->getId());
$contact_pg->save();
if (can_manage_security(logged_user())) {
$sp = new SystemPermission();
if (!$user_from_contact) {
$rol_permissions = SystemPermissions::getRolePermissions(array_var($user_data, 'type'));
if (is_array($rol_permissions)) {
foreach ($rol_permissions as $pr) {
$sp->setPermission($pr);
}
}
}
$sp->setPermissionGroupId($permission_group->getId());
if (isset($user_data['can_manage_security'])) {
$sp->setCanManageSecurity(array_var($user_data, 'can_manage_security'));
}
if (isset($user_data['can_manage_configuration'])) {
$sp->setCanManageConfiguration(array_var($user_data, 'can_manage_configuration'));
}
if (isset($user_data['can_manage_templates'])) {
$sp->setCanManageTemplates(array_var($user_data, 'can_manage_templates'));
}
if (isset($user_data['can_manage_time'])) {
$sp->setCanManageTime(array_var($user_data, 'can_manage_time'));
}
if (isset($user_data['can_add_mail_accounts'])) {
$sp->setCanAddMailAccounts(array_var($user_data, 'can_add_mail_accounts'));
}
if (isset($user_data['can_manage_dimensions'])) {
$sp->setCanManageDimensions(array_var($user_data, 'can_manage_dimensions'));
}
if (isset($user_data['can_manage_dimension_members'])) {
$sp->setCanManageDimensionMembers(array_var($user_data, 'can_manage_dimension_members'));
}
if (isset($user_data['can_manage_tasks'])) {
$sp->setCanManageTasks(array_var($user_data, 'can_manage_tasks'));
}
if (isset($user_data['can_task_assignee'])) {
$sp->setCanTasksAssignee(array_var($user_data, 'can_task_assignee'));
}
if (isset($user_data['can_manage_billing'])) {
$sp->setCanManageBilling(array_var($user_data, 'can_manage_billing'));
}
if (isset($user_data['can_view_billing'])) {
$sp->setCanViewBilling(array_var($user_data, 'can_view_billing'));
}
if (isset($user_data['can_see_assigned_to_other_tasks'])) {
$sp->setColumnValue('can_see_assigned_to_other_tasks', array_var($user_data, 'can_see_assigned_to_other_tasks'));
}
Hook::fire('add_user_permissions', $sp, $other_permissions);
if (!is_null($other_permissions) && is_array($other_permissions)) {
foreach ($other_permissions as $k => $v) {
$sp->setColumnValue($k, array_var($user_data, $k));
}
}
$sp->save();
$permissions_sent = array_var($_POST, 'manual_permissions_setted') == 1;
// give permissions for user if user type defined in "give_member_permissions_to_new_users" config option
$allowed_user_type_ids = config_option('give_member_permissions_to_new_users');
if ($contact->isAdministrator() || !$permissions_sent && in_array($contact->getUserType(), $allowed_user_type_ids)) {
ini_set('memory_limit', '512M');
$permissions = array();
$default_permissions = RoleObjectTypePermissions::instance()->findAll(array('conditions' => 'role_id = ' . $contact->getUserType()));
$dimensions = Dimensions::findAll();
foreach ($dimensions as $dimension) {
if ($dimension->getDefinesPermissions()) {
$cdp = ContactDimensionPermissions::findOne(array("conditions" => "`permission_group_id` = " . $contact->getPermissionGroupId() . " AND `dimension_id` = " . $dimension->getId()));
if (!$cdp instanceof ContactDimensionPermission) {
$cdp = new ContactDimensionPermission();
$cdp->setPermissionGroupId($contact->getPermissionGroupId());
$cdp->setContactDimensionId($dimension->getId());
}
$cdp->setPermissionType('check');
$cdp->save();
// contact member permisssion entries
$members = DB::executeAll('SELECT * FROM ' . TABLE_PREFIX . 'members WHERE dimension_id=' . $dimension->getId());
foreach ($members as $member) {
foreach ($default_permissions as $p) {
// Add persmissions to sharing table
$perm = new stdClass();
$perm->m = $member['id'];
$perm->r = 1;
$perm->w = $p->getCanWrite();
$perm->d = $p->getCanDelete();
$perm->o = $p->getObjectTypeId();
$permissions[] = $perm;
}
}
}
}
$_POST['permissions'] = json_encode($permissions);
} else {
if ($permissions_sent) {
$_POST['permissions'] = $permissionsString;
} else {
$_POST['permissions'] = "";
}
}
if (config_option('let_users_create_objects_in_root') && ($contact->isAdminGroup() || $contact->isExecutive() || $contact->isManager())) {
if ($permissions_sent) {
foreach ($rp_permissions_data as $name => $value) {
$ot_id = substr($name, strrpos($name, '_') + 1);
$cmp = new ContactMemberPermission();
$cmp->setPermissionGroupId($permission_group->getId());
$cmp->setMemberId(0);
$cmp->setObjectTypeId($ot_id);
$cmp->setCanDelete($value >= 3);
$cmp->setCanWrite($value >= 2);
$cmp->save();
}
} else {
$default_permissions = RoleObjectTypePermissions::instance()->findAll(array('conditions' => 'role_id = ' . $contact->getUserType()));
foreach ($default_permissions as $p) {
$cmp = new ContactMemberPermission();
$cmp->setPermissionGroupId($permission_group->getId());
$cmp->setMemberId(0);
$cmp->setObjectTypeId($p->getObjectTypeId());
$cmp->setCanDelete($p->getCanDelete());
$cmp->setCanWrite($p->getCanWrite());
$cmp->save();
}
}
}
}
if (!isset($_POST['sys_perm']) && !$user_from_contact) {
$rol_permissions = SystemPermissions::getRolePermissions(array_var($user_data, 'type'));
$_POST['sys_perm'] = array();
if (is_array($rol_permissions)) {
foreach ($rol_permissions as $pr) {
$_POST['sys_perm'][$pr] = 1;
}
}
}
if (!isset($_POST['mod_perm']) && !$user_from_contact) {
$tabs_permissions = TabPanelPermissions::getRoleModules(array_var($user_data, 'type'));
$_POST['mod_perm'] = array();
foreach ($tabs_permissions as $pr) {
$_POST['mod_perm'][$pr] = 1;
}
}
$password = '';
if (array_var($user_data, 'password_generator') == 'specify') {
$perform_password_validation = true;
// Validate input
$password = array_var($user_data, 'password');
if (trim($password) == '') {
throw new Error(lang('password value required'));
}
// if
if ($password != array_var($user_data, 'password_a')) {
throw new Error(lang('passwords dont match'));
}
// if
} else {
$user_data['password_generator'] = 'link';
$perform_password_validation = false;
}
$contact->setPassword($password);
$contact->save();
$user_password = new ContactPassword();
$user_password->setContactId($contact->getId());
$user_password->setPasswordDate(DateTimeValueLib::now());
$user_password->setPassword(cp_encrypt($password, $user_password->getPasswordDate()->getTimestamp()));
$user_password->password_temp = $password;
$user_password->perform_validation = $perform_password_validation;
$user_password->save();
if (array_var($user_data, 'autodetect_time_zone', 1) == 1) {
set_user_config_option('autodetect_time_zone', 1, $contact->getId());
}
/* create contact for this user*/
ApplicationLogs::createLog($contact, ApplicationLogs::ACTION_ADD);
// Set role permissions for active members
$active_context = active_context();
$sel_members = array();
if (is_array($active_context) && !$permissions_sent) {
$tmp_perms = array();
if ($_POST['permissions'] != "") {
$tmp_perms = json_decode($_POST['permissions']);
}
foreach ($active_context as $selection) {
if ($selection instanceof Member) {
$sel_members[] = $selection;
$has_project_permissions = ContactMemberPermissions::instance()->count("permission_group_id = '" . $contact->getPermissionGroupId() . "' AND member_id = " . $selection->getId()) > 0;
if (!$has_project_permissions) {
$new_cmps = RoleObjectTypePermissions::createDefaultUserPermissions($contact, $selection);
foreach ($new_cmps as $new_cmp) {
$perm = new stdClass();
$perm->m = $new_cmp->getMemberId();
$perm->r = 1;
$perm->w = $new_cmp->getCanWrite();
$perm->d = $new_cmp->getCanDelete();
$perm->o = $new_cmp->getObjectTypeId();
$tmp_perms[] = $perm;
}
}
}
}
if (count($tmp_perms) > 0) {
$_POST['permissions'] = json_encode($tmp_perms);
}
}
if ($save_permissions) {
//save_permissions($contact->getPermissionGroupId(), $contact->isGuest());
save_user_permissions_background(logged_user(), $contact->getPermissionGroupId(), $contact->isGuest());
}
Hook::fire('after_user_add', $contact, $null);
// add user content object to associated members
if (count($sel_members) > 0) {
ObjectMembers::addObjectToMembers($contact->getId(), $sel_members);
$contact->addToSharingTable();
}
return $contact;
}
function core_dim_add_new_contact_to_person_dimension($object)
{
/* @var $object Contact */
$person_ot = ObjectTypes::findOne(array("conditions" => "`name` = 'person'"));
$company_ot = ObjectTypes::findOne(array("conditions" => "`name` = 'company'"));
$person_dim = Dimensions::findOne(array("conditions" => "`code` = 'feng_persons'"));
if ($person_ot instanceof ObjectType && $person_dim instanceof Dimension) {
$oid = $object->isCompany() ? $company_ot->getId() : $person_ot->getId();
$tmp_mem = Members::findOne(array("conditions" => "`dimension_id` = " . $person_dim->getId() . " AND `object_type_id` = {$oid} AND `object_id` = " . $object->getId()));
$reload_dimension = true;
if ($tmp_mem instanceof Member) {
$member = $tmp_mem;
$reload_dimension = false;
} else {
$member = new Member();
$member->setName($object->getObjectName());
$member->setDimensionId($person_dim->getId());
$parent_member_id = 0;
$depth = 1;
if ($object->isCompany()) {
$member->setObjectTypeId($company_ot->getId());
} else {
$member->setObjectTypeId($person_ot->getId());
if ($object->getCompanyId() > 0) {
$pmember = Members::findOne(array('conditions' => '`object_id` = ' . $object->getCompanyId() . ' AND `object_type_id` = ' . $company_ot->getId() . ' AND `dimension_id` = ' . $person_dim->getId()));
if ($pmember instanceof Member) {
$parent_member_id = $pmember->getId();
$depth = $pmember->getDepth() + 1;
}
}
}
$member->setParentMemberId($parent_member_id);
$member->setDepth($depth);
$member->setObjectId($object->getId());
$member->save();
}
$sql = "INSERT INTO `" . TABLE_PREFIX . "contact_dimension_permissions` (`permission_group_id`, `dimension_id`, `permission_type`)\r\n\t\t\t\t SELECT `c`.`permission_group_id`, " . $person_dim->getId() . ", 'check'\r\n\t\t\t\t FROM `" . TABLE_PREFIX . "contacts` `c` \r\n\t\t\t\t WHERE `c`.`is_company`=0 AND `c`.`user_type`!=0 AND `c`.`disabled`=0 AND `c`.`object_id`=" . $object->getId() . "\r\n\t\t\t\t ON DUPLICATE KEY UPDATE `dimension_id`=`dimension_id`;";
DB::execute($sql);
$sql = "INSERT INTO `" . TABLE_PREFIX . "contact_member_permissions` (`permission_group_id`, `member_id`, `object_type_id`, `can_write`, `can_delete`)\r\n\t\t\t\t SELECT `c`.`permission_group_id`, " . $member->getId() . ", `ot`.`id`, (`c`.`object_id` = " . $object->getId() . ") as `can_write`, (`c`.`object_id` = " . $object->getId() . ") as `can_delete`\r\n\t\t\t\t FROM `" . TABLE_PREFIX . "contacts` `c` JOIN `" . TABLE_PREFIX . "object_types` `ot` \r\n\t\t\t\t WHERE `c`.`is_company`=0 AND `c`.`object_id`=" . $object->getId() . "\r\n\t\t\t\t \tAND `c`.`user_type`!=0 AND `c`.`disabled`=0\r\n\t\t\t\t\tAND `ot`.`type` IN ('content_object', 'comment', 'located')\r\n\t\t\t\t ON DUPLICATE KEY UPDATE `member_id`=`member_id`;";
DB::execute($sql);
DB::execute("DELETE FROM `" . TABLE_PREFIX . "contact_member_permissions` WHERE `permission_group_id` = 0;");
// NEW! Add contact to its own member to be searchable
if (logged_user() instanceof Contact) {
$object->addToMembers(array($member));
$object->addToSharingTable();
}
// add permission to creator
if ($object->getCreatedBy() instanceof Contact) {
$record_count = ContactMemberPermissions::count(array("`permission_group_id` = ? AND `member_id` = ?", $object->getCreatedBy()->getPermissionGroupId(), $member->getId()));
if ($record_count == 0) {
DB::execute("INSERT INTO `" . TABLE_PREFIX . "contact_member_permissions` (`permission_group_id`, `member_id`, `object_type_id`, `can_write`, `can_delete`)\r\n\t\t\t\t SELECT " . $object->getCreatedBy()->getPermissionGroupId() . ", " . $member->getId() . ", `ot`.`id`, 1, 1\r\n\t\t\t\t FROM `" . TABLE_PREFIX . "object_types` `ot` \r\n\t\t\t\t WHERE `ot`.`type` IN ('content_object', 'comment', 'located');");
}
}
if ($reload_dimension) {
evt_add("reload dimension tree", array('dim_id' => $member->getDimensionId()));
}
}
}
function delete($check = true) {
if ($check && !$this->canBeDeleted($error_message)) {
throw new Exception($error_message);
}
// change parent of child nodes
$child_members = $this->getAllChildren();
if (is_array($child_members)) {
$parent = $this->getParentMember();
foreach($child_members as $child) {
$child->setParentMemberId($this->getParentMemberId());
if ($parent instanceof Member) {
$child->setDepth($parent->getDepth()+1);
} else $child->setDepth(1);
$child->save();
}
}
// delete member restrictions
MemberRestrictions::delete(array("`member_id` = ?", $this->getId()));
MemberRestrictions::delete(array("`restricted_member_id` = ?", $this->getId()));
// delete member properties
MemberPropertyMembers::delete(array("`member_id` = ?", $this->getId()));
MemberPropertyMembers::delete(array("`property_member_id` = ?", $this->getId()));
// delete permissions
ContactMemberPermissions::delete(array("member_id = ?", $this->getId()));
// delete member objects (if they don't belong to another member)
$sql = "SELECT `o`.`object_id` FROM `".ObjectMembers::instance()->getTableName()."` `o` WHERE `o`.`is_optimization`=0 AND `o`.`member_id`=".$this->getId()." AND NOT EXISTS (
SELECT `om`.`object_id` FROM `".ObjectMembers::instance()->getTableName()."` `om` WHERE `om`.`object_id`=`o`.`object_id` AND `om`.`is_optimization`=0 AND `om`.`member_id`<>".$this->getId().")";
$result = DB::execute($sql);
$rows = $result->fetchAll();
if (!is_null($rows)) {
foreach ($rows as $row) {
$obj = Objects::findById(array_var($row, 'object_id'));
$obj->delete();
}
}
// clean object_members
ObjectMembers::delete("member_id = ".$this->getId());
// delete object if member is a dimension_object
if ($this->getObjectId()) {
$object = Objects::findObject($this->getObjectId());
if ($object instanceof ContentDataObject) $object->delete();
}
ApplicationLogs::createLog($this, ApplicationLogs::ACTION_DELETE, false, true, true, 'member deleted');
return parent::delete();
}
function delete()
{
// change parent of child nodes
$child_members = $this->getAllChildren();
if (is_array($child_members)) {
$parent = $this->getParentMember();
foreach ($child_members as $child) {
$child->setParentMemberId($this->getParentMemberId());
if ($parent instanceof Member) {
$child->setDepth($parent->getDepth() + 1);
} else {
$child->setDepth(1);
}
$child->save();
}
}
// delete member restrictions
MemberRestrictions::delete(array("`member_id` = ?", $this->getId()));
MemberRestrictions::delete(array("`restricted_member_id` = ?", $this->getId()));
// delete member properties
MemberPropertyMembers::delete(array("`member_id` = ?", $this->getId()));
MemberPropertyMembers::delete(array("`property_member_id` = ?", $this->getId()));
// delete permissions
ContactMemberPermissions::delete(array("member_id = ?", $this->getId()));
// delete member objects (if they don't belong to another member)
$sql = "SELECT `o`.`object_id` FROM `" . ObjectMembers::instance()->getTableName() . "` `o` WHERE `o`.`is_optimization`=0 AND `o`.`member_id`=" . $this->getId() . " AND NOT EXISTS (\n\t\t\tSELECT `om`.`object_id` FROM `" . ObjectMembers::instance()->getTableName() . "` `om` WHERE `om`.`object_id`=`o`.`object_id` AND `om`.`is_optimization`=0 AND `om`.`member_id`<>" . $this->getId() . ")";
$result = DB::execute($sql);
$rows = $result->fetchAll();
if (!is_null($rows)) {
foreach ($rows as $row) {
$obj = Objects::findById(array_var($row, 'object_id'));
$obj->delete();
}
}
// delete object if member is a dimension_object
if ($this->getObjectId()) {
$object = Objects::findObject($this->getObjectId());
if ($object instanceof ContentDataObject) {
$object->delete();
}
}
return parent::delete();
}
function create_user($user_data, $permissionsString) {
// try to find contact by some properties
$contact_id = array_var($user_data, "contact_id") ;
$contact = Contacts::instance()->findById($contact_id) ;
if (!is_valid_email(array_var($user_data, 'email'))) {
throw new Exception(lang("email value is required"));
}
if (!$contact instanceof Contact) {
// Create a new user
$contact = new Contact();
$contact->setUsername(array_var($user_data, 'username'));
$contact->setDisplayName(array_var($user_data, 'display_name'));
$contact->setCompanyId(array_var($user_data, 'company_id'));
$contact->setUserType(array_var($user_data, 'type'));
$contact->setTimezone(array_var($user_data, 'timezone'));
$contact->setFirstname($contact->getObjectName() != "" ? $contact->getObjectName() : $contact->getUsername());
$contact->setObjectName();
} else {
// Create user from contact
$contact->setUserType(array_var($user_data, 'type'));
if (array_var($user_data, 'company_id')) {
$contact->setCompanyId(array_var($user_data, 'company_id'));
}
$contact->setUsername(array_var($user_data, 'username'));
$contact->setTimezone(array_var($user_data, 'timezone'));
}
$contact->save();
if (is_valid_email(array_var($user_data, 'email'))) {
$contact->addEmail(array_var($user_data, 'email'), 'personal', true);
}
//permissions
$permission_group = new PermissionGroup();
$permission_group->setName('User '.$contact->getId().' Personal');
$permission_group->setContactId($contact->getId());
$permission_group->setIsContext(false);
$permission_group->setType("permission_groups");
$permission_group->save();
$contact->setPermissionGroupId($permission_group->getId());
$contact_pg = new ContactPermissionGroup();
$contact_pg->setContactId($contact->getId());
$contact_pg->setPermissionGroupId($permission_group->getId());
$contact_pg->save();
if ( can_manage_security(logged_user()) ) {
$sp = new SystemPermission();
$rol_permissions=SystemPermissions::getRolePermissions(array_var($user_data, 'type'));
foreach($rol_permissions as $pr){
$sp->setPermission($pr);
}
$sp->setPermissionGroupId($permission_group->getId());
$sp->setCanManageSecurity(array_var($user_data, 'can_manage_security'));
$sp->setCanManageConfiguration(array_var($user_data, 'can_manage_configuration'));
$sp->setCanManageTemplates(array_var($user_data, 'can_manage_templates'));
$sp->setCanManageTime(array_var($user_data, 'can_manage_time'));
$sp->setCanAddMailAccounts(array_var($user_data, 'can_add_mail_accounts'));
$sp->setCanManageDimensions(array_var($user_data, 'can_manage_dimensions'));
$sp->setCanManageDimensionMembers(array_var($user_data, 'can_manage_dimension_members'));
$sp->setCanManageTasks(array_var($user_data, 'can_manage_tasks'));
$sp->setCanTasksAssignee(array_var($user_data, 'can_task_assignee'));
$sp->setCanManageBilling(array_var($user_data, 'can_manage_billing'));
$sp->setCanViewBilling(array_var($user_data, 'can_view_billing'));
Hook::fire('add_user_permissions', $sp, $other_permissions);
if (!is_null($other_permissions) && is_array($other_permissions)) {
foreach ($other_permissions as $k => $v) {
$sp->setColumnValue($k, array_var($user_data, $k));
}
}
$sp->save();
if ($contact->isAdminGroup()) {
// allow all un all dimensions if new user is admin
$dimensions = Dimensions::findAll();
$permissions = array();
foreach ($dimensions as $dimension) {
if ($dimension->getDefinesPermissions()) {
$cdp = ContactDimensionPermissions::findOne(array("conditions" => "`permission_group_id` = ".$contact->getPermissionGroupId()." AND `dimension_id` = ".$dimension->getId()));
if (!$cdp instanceof ContactDimensionPermission) {
$cdp = new ContactDimensionPermission();
$cdp->setPermissionGroupId($contact->getPermissionGroupId());
$cdp->setContactDimensionId($dimension->getId());
}
$cdp->setPermissionType('allow all');
$cdp->save();
// contact member permisssion entries
$members = $dimension->getAllMembers();
foreach ($members as $member) {
$ots = DimensionObjectTypeContents::getContentObjectTypeIds($dimension->getId(), $member->getObjectTypeId());
$ots[]=$member->getObjectId();
foreach ($ots as $ot) {
$cmp = ContactMemberPermissions::findOne(array("conditions" => "`permission_group_id` = ".$contact->getPermissionGroupId()." AND `member_id` = ".$member->getId()." AND `object_type_id` = $ot"));
if (!$cmp instanceof ContactMemberPermission) {
$cmp = new ContactMemberPermission();
$cmp->setPermissionGroupId($contact->getPermissionGroupId());
$cmp->setMemberId($member->getId());
$cmp->setObjectTypeId($ot);
}
$cmp->setCanWrite(1);
$cmp->setCanDelete(1);
$cmp->save();
// Add persmissions to sharing table
$perm = new stdClass();
$perm->m = $member->getId();
$perm->r= 1;
$perm->w= 1;
$perm->d= 1;
$perm->o= $ot;
$permissions[] = $perm ;
}
}
}
}
if(count($permissions)){
$sharingTableController = new SharingTableController();
$sharingTableController->afterPermissionChanged($contact->getPermissionGroupId(), $permissions);
}
}
}
if(!isset($_POST['sys_perm'])){
$rol_permissions=SystemPermissions::getRolePermissions(array_var($user_data, 'type'));
$_POST['sys_perm']=array();
foreach($rol_permissions as $pr){
$_POST['sys_perm'][$pr]=1;
}
}
if(!isset($_POST['mod_perm'])){
$tabs_permissions=TabPanelPermissions::getRoleModules(array_var($user_data, 'type'));
$_POST['mod_perm']=array();
foreach($tabs_permissions as $pr){
$_POST['mod_perm'][$pr]=1;
}
}
$password = '';
if (array_var($user_data, 'password_generator') == 'specify') {
$perform_password_validation = true;
// Validate input
$password = array_var($user_data, 'password');
if (trim($password) == '') {
throw new Error(lang('password value required'));
} // if
if ($password <> array_var($user_data, 'password_a')) {
throw new Error(lang('passwords dont match'));
} // if
} else {
$user_data['password_generator'] = 'link';
$perform_password_validation = false;
}
$contact->setPassword($password);
$contact->save();
$user_password = new ContactPassword();
$user_password->setContactId($contact->getId());
$user_password->setPasswordDate(DateTimeValueLib::now());
$user_password->setPassword(cp_encrypt($password, $user_password->getPasswordDate()->getTimestamp()));
$user_password->password_temp = $password;
$user_password->perform_validation = $perform_password_validation;
$user_password->save();
if (array_var($user_data, 'autodetect_time_zone', 1) == 1) {
set_user_config_option('autodetect_time_zone', 1, $contact->getId());
}
/* create contact for this user*/
ApplicationLogs::createLog($contact, ApplicationLogs::ACTION_ADD);
// Set role permissions for active members
$active_context = active_context();
$sel_members = array();
foreach ($active_context as $selection) {
if ($selection instanceof Member) {
$sel_members[] = $selection;
$has_project_permissions = ContactMemberPermissions::instance()->count("permission_group_id = '".$contact->getPermissionGroupId()."' AND member_id = ".$selection->getId()) > 0;
if (!$has_project_permissions) {
RoleObjectTypePermissions::createDefaultUserPermissions($contact, $selection);
}
}
}
save_permissions($contact->getPermissionGroupId(), $contact->isGuest());
Hook::fire('after_user_add', $contact, $null);
// add user content object to associated members
if (count($sel_members) > 0) {
ObjectMembers::addObjectToMembers($contact->getId(), $sel_members);
$contact->addToSharingTable();
}
// Send notification
try {
if (array_var($user_data, 'send_email_notification') && $contact->getEmailAddress()) {
if (array_var($user_data, 'password_generator', 'link') == 'link') {
// Generate link password
$user = Contacts::getByEmail(array_var($user_data, 'email'));
$token = sha1(gen_id() . (defined('SEED') ? SEED : ''));
$timestamp = time() + 60*60*24;
set_user_config_option('reset_password', $token . ";" . $timestamp, $user->getId());
Notifier::newUserAccountLinkPassword($contact, $password, $token);
} else {
Notifier::newUserAccount($contact, $password);
}
}
} catch(Exception $e) {
Logger::log($e->getTraceAsString());
} // try
return $contact;
}
/**
* Return manager instance
*
* @access protected
* @param void
* @return ContactMemberPermissions
*/
function manager()
{
if (!$this->manager instanceof ContactMemberPermissions) {
$this->manager = ContactMemberPermissions::instance();
}
return $this->manager;
}
/**
* Returns all the members to be displayed in the panel that corresponds to the dimension whose id is received by
* parameter. It is called when the application is first loaded.
*/
function initial_list_dimension_members($dimension_id, $object_type_id, $allowed_member_type_ids = null, $return_all_members = false, $extra_conditions = "", $limit=null, $return_member_objects = false, $order=null, $return_only_members_name=false, $filter_by_members=array(), $access_level=ACCESS_LEVEL_READ){
$allowed_member_types = array();
$item_object = null ;
if(logged_user()->isAdministrator())$return_all_members=true;
$contact_pg_ids = ContactPermissionGroups::getPermissionGroupIdsByContactCSV(logged_user()->getId(),false);
$dimension = Dimensions::getDimensionById($dimension_id);
if ($object_type_id != null){
$dimension_object_type_contents = $dimension->getObjectTypeContent($object_type_id);
foreach ($dimension_object_type_contents as $dotc){
$dot_id = $dotc->getDimensionObjectTypeId();
if (is_null($allowed_member_type_ids) || in_array($dot_id, $allowed_member_type_ids)) {
$allowed_member_types[] = $dot_id;
}
}
$object_type = ObjectTypes::findById($object_type_id);
if ($object_type instanceof ObjectType && $object_type->getType() == 'dimension_object' ) {
eval('$ot_manager = '.$object_type->getHandlerClass().'::instance();');
if (isset($ot_manager)) {
eval('$item_object = new '.$ot_manager->getItemClass().'();');
}
}
}
if ($dimension instanceof Dimension){
if (count($allowed_member_types) > 0) {
$extra_conditions = " AND object_type_id IN (".implode(",",$allowed_member_types).")" . $extra_conditions;
}
$parent = 0;
if (is_null($order)) $order = "parent_member_id, name";
if (!$dimension->getDefinesPermissions() || $dimension->hasAllowAllForContact($contact_pg_ids) || $return_all_members){
$all_members = $dimension->getAllMembers(false, $order, true, $extra_conditions, $limit);
}
else if ($dimension->hasCheckForContact($contact_pg_ids)){
$member_list = $dimension->getAllMembers(false, $order, true, $extra_conditions, $limit);
$allowed_members = array();
foreach ($member_list as $dim_member){
if (ContactMemberPermissions::instance()->contactCanAccessMemberAll($contact_pg_ids, $dim_member->getId(), logged_user(), $access_level)) {
$allowed_members[] = $dim_member;
}
}
$all_members = $allowed_members;
}
if (!isset($all_members)) {
$all_members = array();
}
$tmp_array = array();
foreach ($filter_by_members as $filter_id) {
if ($filter_id) $tmp_array[] = $filter_id;
}
$filter_by_members = $tmp_array;
$all_members = $this->apply_association_filters($dimension, $all_members, $filter_by_members);
if ($return_member_objects) {
return $all_members;
} else {
return $this->buildMemberList($all_members, $dimension, $allowed_member_type_ids,$allowed_member_types, $item_object, $object_type_id, $return_only_members_name);
}
}
return null;
}
static function createDefaultUserPermissionsAllDimension(Contact $user, $dimension_id, $remove_previous = true) {
$role_id = $user->getUserType();
$permission_group_id = $user->getPermissionGroupId();
$dimension = Dimensions::getDimensionById($dimension_id);
if (!$dimension instanceof Dimension || !$dimension->getDefinesPermissions()) return;
try {
$shtab_permissions = array();
$new_permissions = array();
$role_permissions = self::findAll(array('conditions' => 'role_id = '.$role_id));
$members = Members::findAll(array('conditions' => 'dimension_id = '.$dimension_id));
foreach ($members as $member) {
$member_id = $member->getId();
if ($remove_previous) {
ContactMemberPermissions::delete("permission_group_id = $permission_group_id AND member_id = $member_id");
}
foreach ($role_permissions as $role_perm) {
if ($member->canContainObject($role_perm->getObjectTypeId())) {
$cmp = new ContactMemberPermission();
$cmp->setPermissionGroupId($permission_group_id);
$cmp->setMemberId($member_id);
$cmp->setObjectTypeId($role_perm->getObjectTypeId());
$cmp->setCanDelete($role_perm->getCanDelete());
$cmp->setCanWrite($role_perm->getCanWrite());
$cmp->save();
$new_permissions[] = $cmp;
$perm = new stdClass();
$perm->m = $member_id;
$perm->r = 1;
$perm->w = $role_perm->getCanWrite();
$perm->d = $role_perm->getCanDelete();
$perm->o = $role_perm->getObjectTypeId();
$shtab_permissions[] = $perm;
}
}
}
if (count($shtab_permissions)) {
$cdp = ContactDimensionPermissions::instance()->findOne(array('conditions' => "permission_group_id = '$permission_group_id' AND dimension_id = $dimension_id"));
if (!$cdp instanceof ContactDimensionPermission) {
$cdp = new ContactDimensionPermission();
$cdp->setPermissionGroupId($permission_group_id);
$cdp->setContactDimensionId($dimension_id);
$cdp->setPermissionType('check');
$cdp->save();
} else {
if ($cdp->getPermissionType() == 'deny all') {
$cdp->setPermissionType('check');
$cdp->save();
}
}
$stCtrl = new SharingTableController();
$stCtrl->afterPermissionChanged($permission_group_id, $shtab_permissions);
}
return $new_permissions;
} catch (Exception $e) {
throw $e;
}
}
function core_dimensions_after_save_member_permissions($member, &$ignored) {
if (!$member instanceof Member || !($member->getId()>0)) return;
$permission_group_ids = array();
$cmp_rows = DB::executeAll("SELECT DISTINCT permission_group_id FROM ".TABLE_PREFIX."contact_member_permissions WHERE member_id = '".$member->getId()."' AND permission_group_id IN (SELECT id FROM ".TABLE_PREFIX."permission_groups WHERE type IN ('permission_groups','user_groups'))");
foreach ($cmp_rows as $row) {
$permission_group_ids[$row['permission_group_id']] = $row['permission_group_id'];
}
$contacts = array();
// users
if (count($permission_group_ids) > 0) {
$contacts = Contacts::findAll(array('conditions' => 'user_type > 0 && permission_group_id IN ('.implode(',', $permission_group_ids).')'));
}
// contacts
$contact_rows = DB::executeAll("SELECT DISTINCT om.object_id FROM ".TABLE_PREFIX."object_members om INNER JOIN ".TABLE_PREFIX."contacts c ON c.object_id=om.object_id
WHERE om.member_id='".$member->getId()."' AND c.user_type=0");
$no_user_ids = array();
if (is_array($contact_rows)) {
foreach ($contact_rows as $row) {
$no_user_ids[] = $row['object_id'];
}
}
$more_contacts = Contacts::findAll(array('conditions' => 'object_id IN ('.implode(',', $no_user_ids).')'));
$contacts = array_merge($contacts, $more_contacts);
$contact_ids = array(0);
$persons_dim = Dimensions::findByCode("feng_persons");
core_dim_remove_contacts_member_associations($member);
foreach ($contacts as $contact) {
$contact_id = $contact->getId();
$contact_member = Members::findOneByObjectId($contact_id, $persons_dim->getId());
if ($contact_member instanceof Member) {
core_dim_add_contact_member_associations($contact_member, $member);
if ($contact instanceof Contact && $contact->isUser()) {
$has_project_permissions = ContactMemberPermissions::instance()->count("permission_group_id = '".$contact->getPermissionGroupId()."' AND member_id = ".$member->getId()) > 0;
if (!$has_project_permissions) {
RoleObjectTypePermissions::createDefaultUserPermissions($contact, $member);
}
}
}
// add user content object to customer member
ObjectMembers::addObjectToMembers($contact_id, array($member));
$contact->addToSharingTable();
$contact_ids[] = $contact_id;
}
// remove contacts whose members are no longer associated to the customer member
$previous_users_in_member = Contacts::instance()->listing(array(
'member_ids' => array($member->getId()),
'ignore_context' => true,
'extra_conditions' => ' AND e.user_type > 0 AND e.object_id NOT IN ('.implode(',', $contact_ids).')',
))->objects;
foreach ($previous_users_in_member as $prev_u) {
ObjectMembers::removeObjectFromMembers($prev_u, logged_user(), array($member), array($member->getId()));
}
// refresh dimensions
evt_add("reload dimension tree", array('dim_id' => $persons_dim->getId(), 'node' => null));
}
function save_member_permissions($member)
{
$permissionsString = array_var($_POST, 'permissions');
if ($permissionsString && $permissionsString != '') {
$permissions = json_decode($permissionsString);
}
$sharingTablecontroller = new SharingTableController();
$changed_pgs = array();
if (isset($permissions) && is_array($permissions)) {
$allowed_pg_ids = array();
foreach ($permissions as &$perm) {
$cmp = ContactMemberPermissions::findById(array('permission_group_id' => $perm->pg, 'member_id' => $member->getId(), 'object_type_id' => $perm->o));
if (!$cmp instanceof ContactMemberPermission) {
$cmp = new ContactMemberPermission();
$cmp->setPermissionGroupId($perm->pg);
$cmp->setMemberId($member->getId());
$cmp->setObjectTypeId($perm->o);
}
$cmp->setCanWrite($perm->w);
$cmp->setCanDelete($perm->d);
if ($perm->r) {
$allowed_pg_ids[$perm->pg] = array();
if (isset($allowed_pg_ids[$perm->pg]['w'])) {
if (!$allowed_pg_ids[$perm->pg]['w']) {
$allowed_pg_ids[$perm->pg]['w'] = $perm->w;
}
} else {
$allowed_pg_ids[$perm->pg]['w'] = $perm->w;
}
if (isset($allowed_pg_ids[$perm->pg]['d'])) {
if (!$allowed_pg_ids[$perm->pg]['d']) {
$allowed_pg_ids[$perm->pg]['d'] = $perm->d;
}
} else {
$allowed_pg_ids[$perm->pg]['d'] = $perm->d;
}
$cmp->save();
} else {
$cmp->delete();
}
$perm->m = $member->getId();
$changed_pgs[] = $perm->pg;
}
foreach ($changed_pgs as $pg_id) {
$sharingTablecontroller->afterPermissionChanged($pg_id, $permissions);
}
foreach ($allowed_pg_ids as $key => $mids) {
$root_cmp = ContactMemberPermissions::findById(array('permission_group_id' => $key, 'member_id' => $member->getId(), 'object_type_id' => $member->getObjectTypeId()));
if (!$root_cmp instanceof ContactMemberPermission) {
$root_cmp = new ContactMemberPermission();
$root_cmp->setPermissionGroupId($key);
$root_cmp->setMemberId($member->getId());
$root_cmp->setObjectTypeId($member->getObjectTypeId());
}
$root_cmp->setCanWrite($mids['w'] == true ? 1 : 0);
$root_cmp->setCanDelete($mids['d'] == true ? 1 : 0);
$root_cmp->save();
}
}
// check the status of the dimension to set 'allow_all', 'deny_all' or 'check'
$dimension = $member->getDimension();
$mem_ids = $dimension->getAllMembers(true);
if (count($mem_ids) == 0) {
$mem_ids[] = 0;
}
foreach ($changed_pgs as $pg_id) {
$count = ContactMemberPermissions::count(array('conditions' => "`permission_group_id`={$pg_id} AND `member_id` IN (" . implode(",", $mem_ids) . ") AND `can_delete` = 0"));
if ($count > 0) {
$dimension->setContactDimensionPermission($pg_id, 'check');
} else {
$count = ContactMemberPermissions::count(array('conditions' => "`permission_group_id`={$pg_id} AND `member_id` IN (" . implode(",", $mem_ids) . ")"));
if ($count == 0) {
$dimension->setContactDimensionPermission($pg_id, 'deny all');
} else {
$allow_all = true;
$dim_obj_types = $dimension->getAllowedObjectTypeContents();
$members = Members::findAll("`id` IN (" . implode(",", $mem_ids) . ")");
foreach ($dim_obj_types as $dim_obj_type) {
$mem_ids_for_ot = array();
foreach ($members as $member) {
if ($dim_obj_type->getDimensionObjectTypeId() == $member->getObjectTypeId()) {
$mem_ids_for_ot[] = $member->getId();
}
}
if (count($mem_ids_for_ot) == 0) {
$mem_ids_for_ot[] = 0;
}
$count = ContactMemberPermissions::count(array('conditions' => "`permission_group_id`={$pg_id} AND \n\t\t\t\t\t\t`object_type_id` = " . $dim_obj_type->getContentObjectTypeId() . " AND `can_delete` = 1 AND `member_id` IN (" . implode(",", $mem_ids_for_ot) . ")"));
if ($count != count($mem_ids_for_ot)) {
$allow_all = false;
break;
}
}
if ($allow_all) {
$dimension->setContactDimensionPermission($pg_id, 'allow all');
} else {
$dimension->setContactDimensionPermission($pg_id, 'check');
}
}
}
}
}
function do_delete()
{
$id = $this->getId();
ContactAddresses::instance()->delete("`contact_id` = {$id}");
ContactImValues::instance()->delete("`contact_id` = {$id}");
ContactEmails::instance()->delete("`contact_id` = {$id}");
ContactTelephones::instance()->delete("`contact_id` = {$id}");
ContactWebpages::instance()->delete("`contact_id` = {$id}");
ContactConfigOptionValues::instance()->delete("`contact_id` = {$id}");
ContactPasswords::instance()->delete("`contact_id` = {$id}");
ObjectSubscriptions::instance()->delete("`contact_id` = {$id}");
ObjectReminders::instance()->delete("`contact_id` = {$id}");
ContactPermissionGroups::instance()->delete("`contact_id` = {$id}");
ContactMemberPermissions::instance()->delete("`permission_group_id` = " . $this->getPermissionGroupId());
ContactDimensionPermissions::instance()->delete("`permission_group_id` = " . $this->getPermissionGroupId());
SystemPermissions::instance()->delete("`permission_group_id` = " . $this->getPermissionGroupId());
TabPanelPermissions::instance()->delete("`permission_group_id` = " . $this->getPermissionGroupId());
$this->delete();
$ret = null;
Hook::fire("after_user_deleted", $this, $ret);
}
function delete() {
if(!can_manage_dimension_members(logged_user())) {
flash_error(lang('no access permissions'));
ajx_current("empty");
return;
}
$member = Members::findById(get_id());
try {
DB::beginWork();
if (!$member->canBeDeleted($error_message)) {
throw new Exception($error_message);
}
$dim_id = $member->getDimensionId();
// Remove from shring table
SharingTables::instance()->delete("
object_id IN (
SELECT distinct(object_id) FROM ".TABLE_PREFIX."object_members WHERE member_id = ".$member->getId()." AND is_optimization = 0
)
");
$affectedObjectsRows = DB::executeAll("SELECT distinct(object_id) AS object_id FROM ".TABLE_PREFIX."object_members where member_id = ".$member->getId()." AND is_optimization = 0") ;
if (is_array($affectedObjectsRows) && count($affectedObjectsRows) > 0) {
foreach ( $affectedObjectsRows as $row ) {
$oid = $row['object_id'];
$object = Objects::findObject($row['object_id']); // return an instance of Message, contact, etc.
/* @var $object ContentDataObject */
if ($object instanceof ContentDataObject) {
$object->addToSharingTable();
}
}
}
// remove member associations
MemberPropertyMembers::delete('member_id = '.$member->getId().' OR property_member_id = '.$member->getId());
MemberRestrictions::delete('member_id = '.$member->getId().' OR restricted_member_id = '.$member->getId());
// remove from permissions tables
ContactMemberPermissions::delete('member_id = '.$member->getId());
PermissionContexts::delete('member_id = '.$member->getId());
// remove associated content object
if ($member->getObjectId() > 0) {
$mobj = Objects::findObject($member->getObjectId());
if ($mobj instanceof ContentDataObject) $mobj->delete();
}
// delete from object_members
ObjectMembers::delete('member_id = '.$member->getId());
Hook::fire('delete_member', $member, $ret);
// ApplicationLogs::createLog($member, ApplicationLogs::ACTION_DELETE, false, true);
$ok = $member->delete(false);
if ($ok) {
evt_add("reload dimension tree", array('dim_id' => $dim_id, 'node' => null));
evt_add("select dimension member", array('dim_id' => $dim_id, 'node' => 'root'));
}
DB::commit();
flash_success(lang('success delete member', $member->getName()));
if (get_id('start')) {
ajx_current("start");
} else {
if (get_id('dont_reload')) {
ajx_current("empty");
} else {
ajx_current("reload");
}
}
} catch (Exception $e) {
DB::rollback();
flash_error($e->getMessage());
ajx_current("empty");
}
}
function get_members()
{
$member_ids = json_decode(array_var($_REQUEST, 'member_ids', null));
if (!is_array($member_ids)) {
$member_ids = null;
} else {
$all_members = array();
$all_members_ids = array();
foreach ($member_ids as $m) {
if (function_exists('logged_user') && logged_user() instanceof Contact && ContactMemberPermissions::contactCanAccessMemberAll(implode(',', logged_user()->getPermissionGroupIds()), $m, logged_user(), ACCESS_LEVEL_READ)) {
$mem = Members::getMemberById($m);
if ($mem instanceof Member) {
$parents = $mem->getAllParentMembersInHierarchy(true);
$all_members[] = $this->buildMemberList($parents, $mem->getDimension(), null, null, null, null);
}
}
}
ajx_extra_data(array("members" => $all_members));
}
ajx_current("empty");
}
/**
* This function will return paginated result. Result is an array where first element is
* array of returned object and second populated pagination object that can be used for
* obtaining and rendering pagination data using various helpers.
*
* Items and pagination array vars are indexed with 0 for items and 1 for pagination
* because you can't use associative indexing with list() construct
*
* @access public
* @param array $arguments Query argumens (@see find()) Limit and offset are ignored!
* @param integer $items_per_page Number of items per page
* @param integer $current_page Current page number
* @return array
*/
function paginate($arguments = null, $items_per_page = 10, $current_page = 1) {
if(isset($this) && instance_of($this, 'ContactMemberPermissions')) {
return parent::paginate($arguments, $items_per_page, $current_page);
} else {
return ContactMemberPermissions::instance()->paginate($arguments, $items_per_page, $current_page);
} // if
} // paginate
function saveMember($member_data, Member $member, $is_new = true)
{
try {
DB::beginWork();
if (!$is_new) {
$old_parent = $member->getParentMemberId();
}
$member->setFromAttributes($member_data);
/* @var $member Member */
$object_type = ObjectTypes::findById($member->getObjectTypeId());
if (!$object_type instanceof ObjectType) {
throw new Exception(lang("you must select a valid object type"));
}
if ($member->getParentMemberId() == 0) {
$dot = DimensionObjectTypes::findById(array('dimension_id' => $member->getDimensionId(), 'object_type_id' => $member->getObjectTypeId()));
if (!$dot->getIsRoot()) {
throw new Exception(lang("member cannot be root", lang($object_type->getName())));
}
$member->setDepth(1);
} else {
$allowedParents = $this->getAssignableParents($member->getDimensionId(), $member->getObjectTypeId());
if (!$is_new) {
$childrenIds = $member->getAllChildrenIds(true);
}
$hasValidParent = false;
if ($member->getId() == $member->getParentMemberId() || !$is_new && in_array($member->getParentMemberId(), $childrenIds)) {
throw new Exception(lang("invalid parent member"));
}
foreach ($allowedParents as $parent) {
if ($parent['id'] == $member->getParentMemberId()) {
$hasValidParent = true;
break;
}
}
if (!$hasValidParent) {
throw new Exception(lang("invalid parent member"));
}
$parent = Members::findById($member->getParentMemberId());
if ($parent instanceof Member) {
$member->setDepth($parent->getDepth() + 1);
} else {
$member->setDepth(1);
}
}
if ($object_type->getType() == 'dimension_object') {
$handler_class = $object_type->getHandlerClass();
if ($is_new || $member->getObjectId() == 0) {
eval('$dimension_object = ' . $handler_class . '::instance()->newDimensionObject();');
} else {
$dimension_object = Objects::findObject($member->getObjectId());
}
if ($dimension_object) {
$dimension_object->modifyMemberValidations($member);
$dimension_obj_data = array_var($_POST, 'dim_obj');
if (!array_var($dimension_obj_data, 'name')) {
$dimension_obj_data['name'] = $member->getName();
}
eval('$fields = ' . $handler_class . '::getPublicColumns();');
foreach ($fields as $field) {
if (array_var($field, 'type') == DATA_TYPE_DATETIME) {
$dimension_obj_data[$field['col']] = getDateValue($dimension_obj_data[$field['col']]);
}
}
$member->save();
$dimension_object->setFromAttributes($dimension_obj_data, $member);
$dimension_object->save();
$member->setObjectId($dimension_object->getId());
$member->save();
Hook::fire("after_add_dimension_object_member", $member, $null);
}
} else {
$member->save();
}
// Other dimensions member restrictions
$restricted_members = array_var($_POST, 'restricted_members');
if (is_array($restricted_members)) {
MemberRestrictions::clearRestrictions($member->getId());
foreach ($restricted_members as $dim_id => $dim_members) {
foreach ($dim_members as $mem_id => $member_restrictions) {
$restricted = isset($member_restrictions['restricted']);
if ($restricted) {
$order_num = array_var($member_restrictions, 'order_num', 0);
$member_restriction = new MemberRestriction();
$member_restriction->setMemberId($member->getId());
$member_restriction->setRestrictedMemberId($mem_id);
$member_restriction->setOrder($order_num);
$member_restriction->save();
}
}
}
}
// Save member property members (also check for required associations)
if (array_var($_POST, 'save_properties')) {
$required_association_ids = DimensionMemberAssociations::getRequiredAssociatations($member->getDimensionId(), $member->getObjectTypeId(), true);
$missing_req_association_ids = array_fill_keys($required_association_ids, true);
// if keeps record change is_active, if not delete record
$old_properties = MemberPropertyMembers::getAssociatedPropertiesForMember($member->getId());
foreach ($old_properties as $property) {
$association = DimensionMemberAssociations::findById($property->getAssociationId());
if (!$association->getKeepsRecord()) {
$property->delete();
}
}
$new_properties = array();
$associated_members = array_var($_POST, 'associated_members', array());
foreach ($associated_members as $prop_member_id => $assoc_id) {
$active_association = null;
if (isset($missing_req_association_ids[$assoc_id])) {
$missing_req_association_ids[$assoc_id] = false;
}
$conditions = "`association_id` = {$assoc_id} AND `member_id` = " . $member->getId() . " AND `is_active` = 1";
$active_associations = MemberPropertyMembers::find(array('conditions' => $conditions));
if (count($active_associations) > 0) {
$active_association = $active_associations[0];
}
$association = DimensionMemberAssociations::findById($assoc_id);
if ($active_association instanceof MemberPropertyMember) {
if ($active_association->getPropertyMemberId() != $prop_member_id) {
if ($association->getKeepsRecord()) {
$active_association->setIsActive(false);
$active_association->save();
}
// save current association
$mpm = new MemberPropertyMember();
$mpm->setAssociationId($assoc_id);
$mpm->setMemberId($member->getId());
$mpm->setPropertyMemberId($prop_member_id);
$mpm->setIsActive(true);
$mpm->save();
$new_properties[] = $mpm;
}
} else {
// save current association
$mpm = new MemberPropertyMember();
$mpm->setAssociationId($assoc_id);
$mpm->setMemberId($member->getId());
$mpm->setPropertyMemberId($prop_member_id);
$mpm->setIsActive(true);
$mpm->save();
$new_properties[] = $mpm;
}
}
$missing_names = array();
$missing_count = 0;
foreach ($missing_req_association_ids as $assoc => $missing) {
$assoc_instance = DimensionMemberAssociations::findById($assoc);
if ($assoc_instance instanceof DimensionMemberAssociation) {
$assoc_dim = Dimensions::getDimensionById($assoc_instance->getAssociatedDimensionMemberAssociationId());
if ($assoc_dim instanceof Dimension) {
if (!in_array($assoc_dim->getName(), $missing_names)) {
$missing_names[] = $assoc_dim->getName();
}
}
}
if ($missing) {
$missing_count++;
}
}
if ($missing_count > 0) {
throw new Exception(lang("missing required associations", implode(", ", $missing_names)));
}
$args = array($member, $old_properties, $new_properties);
Hook::fire('edit_member_properties', $args, $ret);
}
if ($is_new) {
// set all permissions for the creator
$dimension = $member->getDimension();
$allowed_object_types = array();
$dim_obj_types = $dimension->getAllowedObjectTypeContents();
foreach ($dim_obj_types as $dim_obj_type) {
// To draw a row for each object type of the dimension
if (!in_array($dim_obj_type->getContentObjectTypeId(), $allowed_object_types) && $dim_obj_type->getDimensionObjectTypeId() == $member->getObjectTypeId()) {
$allowed_object_types[] = $dim_obj_type->getContentObjectTypeId();
}
}
$allowed_object_types[] = $object_type->getId();
foreach ($allowed_object_types as $ot) {
$cmp = ContactMemberPermissions::findOne(array('conditions' => 'permission_group_id = ' . logged_user()->getPermissionGroupId() . ' AND member_id = ' . $member->getId() . ' AND object_type_id = ' . $ot));
if (!$cmp instanceof ContactMemberPermission) {
$cmp = new ContactMemberPermission();
$cmp->setPermissionGroupId(logged_user()->getPermissionGroupId());
$cmp->setMemberId($member->getId());
$cmp->setObjectTypeId($ot);
}
$cmp->setCanWrite(1);
$cmp->setCanDelete(1);
$cmp->save();
}
// set all permissions for permission groups that has allow all in the dimension
$permission_groups = ContactDimensionPermissions::findAll(array("conditions" => array("`dimension_id` = ? AND `permission_type` = 'allow all'", $dimension->getId())));
if (is_array($permission_groups)) {
foreach ($permission_groups as $pg) {
foreach ($allowed_object_types as $ot) {
$cmp = ContactMemberPermissions::findById(array('permission_group_id' => $pg->getPermissionGroupId(), 'member_id' => $member->getId(), 'object_type_id' => $ot));
if (!$cmp instanceof ContactMemberPermission) {
$cmp = new ContactMemberPermission();
$cmp->setPermissionGroupId($pg->getPermissionGroupId());
$cmp->setMemberId($member->getId());
$cmp->setObjectTypeId($ot);
}
$cmp->setCanWrite(1);
$cmp->setCanDelete(1);
$cmp->save();
}
}
}
// Inherit permissions from parent node, if they are not already set
if ($member->getDepth() && $member->getParentMember()) {
$parentNodeId = $member->getParentMember()->getId();
$condition = "member_id = {$parentNodeId}";
foreach (ContactMemberPermissions::instance()->findAll(array("conditions" => $condition)) as $parentPermission) {
/* @var $parentPermission ContactMemberPermission */
$g = $parentPermission->getPermissionGroupId();
$t = $parentPermission->getObjectTypeId();
$w = $parentPermission->getCanWrite();
$d = $parentPermission->getCanDelete();
$existsCondition = "member_id = " . $member->getId() . " AND permission_group_id= {$g} AND object_type_id = {$t}";
if (!ContactMemberPermissions::instance()->count(array("conditions" => $existsCondition))) {
$newPermission = new ContactMemberPermission();
$newPermission->setPermissionGroupId($g);
$newPermission->setObjectTypeId($t);
$newPermission->setCanWrite($w);
$newPermission->setCanDelete($d);
$newPermission->setMemberId($member->getId());
$newPermission->save();
}
}
}
// Fill sharing table if is a dimension object (after permission creation);
if (isset($dimension_object) && $dimension_object instanceof ContentDataObject) {
$dimension_object->addToSharingTable();
}
} else {
// if parent changed rebuild object_members for every object in this member
if ($old_parent != $member->getParentMemberId()) {
$sql = "SELECT om.object_id FROM " . TABLE_PREFIX . "object_members om WHERE om.member_id=" . $member->getId();
$object_ids = DB::executeAll($sql);
if (!is_array($object_ids)) {
$object_ids = array();
}
foreach ($object_ids as $row) {
$content_object = Objects::findObject($row['object_id']);
if (!$content_object instanceof ContentDataObject) {
continue;
}
$parent_ids = array();
if ($old_parent > 0) {
$all_parents = Members::findById($old_parent)->getAllParentMembersInHierarchy(true);
foreach ($all_parents as $p) {
$parent_ids[] = $p->getId();
}
if (count($parent_ids) > 0) {
DB::execute("DELETE FROM " . TABLE_PREFIX . "object_members WHERE object_id=" . $content_object->getId() . " AND member_id IN (" . implode(",", $parent_ids) . ")");
}
}
$content_object->addToMembers(array($member));
$content_object->addToSharingTable();
}
}
}
DB::commit();
flash_success(lang('success save member', lang(ObjectTypes::findById($member->getObjectTypeId())->getName()), $member->getName()));
ajx_current("back");
// Add od to array on new members
if ($is_new) {
$member_data['member_id'] = $member->getId();
}
evt_add("after member save", $member_data);
return $member;
} catch (Exception $e) {
DB::rollback();
flash_error($e->getMessage());
ajx_current("empty");
}
}
/**
* Lists all contacts and clients
*
*/
function list_all()
{
ajx_current("empty");
// Get all variables from request
$start = array_var($_GET, 'start', 0);
$limit = array_var($_GET, 'limit', config_option('files_per_page'));
$page = 1;
if ($start > 0) {
$page = $start / $limit + 1;
}
$order = array_var($_GET, 'sort');
$order_dir = array_var($_GET, 'dir');
$action = array_var($_GET, 'action');
$attributes = array("ids" => explode(',', array_var($_GET, 'ids')), "types" => explode(',', array_var($_GET, 'types')), "accountId" => array_var($_GET, 'account_id'), "viewType" => array_var($_GET, 'view_type'));
//Resolve actions to perform
$actionMessage = array();
if (isset($action)) {
$actionMessage = $this->resolveAction($action, $attributes);
if ($actionMessage["errorCode"] == 0) {
flash_success($actionMessage["errorMessage"]);
} else {
flash_error($actionMessage["errorMessage"]);
}
}
$extra_conditions = "";
if ($attributes['viewType'] == 'contacts') {
$extra_conditions = 'AND `is_company` = 0';
} else {
if ($attributes['viewType'] == 'companies') {
$extra_conditions = 'AND `is_company` = 1';
}
}
$extra_conditions .= " AND disabled = 0 ";
switch ($order) {
case 'updatedOn':
$order = '`updated_on`';
break;
case 'createdOn':
$order = '`created_on`';
break;
case 'name':
$order = ' concat(surname, first_name) ';
break;
default:
$order = '`name`';
break;
}
if (!$order_dir) {
switch ($order) {
case 'name':
$order_dir = 'ASC';
break;
default:
$order_dir = 'DESC';
}
}
$context = active_context();
if (context_type() == 'mixed') {
// There are members selected
//$content_objects = Contacts::getContentObjects($context, ObjectTypes::findById(Contacts::instance()->getObjectTypeId()), $order, $order_dir, $extra_conditions, null, false,false, $start, $limit);
$content_objects = Contacts::instance()->listing(array("order" => $order, "order_dir" => $order_dir, "extra_conditions" => $extra_conditions, "start" => $start, "limit" => $limit));
} else {
// Estoy parado en 'All'. Filtro solo por permisos TODO: Fix this !
$conditions = "archived_on = '0000-00-00 00:00:00' AND trashed_on = '0000-00-00 00:00:00' {$extra_conditions}";
$content_objects = new stdClass();
$content_objects->objects = Contacts::instance()->findAll(array("conditions" => $conditions, "order" => "{$order} {$order_dir}", "offset" => $start, "limit" => $limit));
$content_objects->total = Contacts::instance()->count(array("conditions" => $conditions));
foreach ($content_objects->objects as $k => $contact) {
/* @var $contact Contact */
if (Plugins::instance()->isActivePlugin("core_dimensions")) {
$m = array_var(Members::instance()->findByObjectId($contact->getId(), Dimensions::findByCode("feng_persons")->getId()), 0);
if ($m instanceof Member) {
$mid = $m->getId();
if (!ContactMemberPermissions::instance()->contactCanReadMember(logged_user()->getPermissionGroupId(), $mid, logged_user())) {
unset($content_objects->objects[$k]);
$content_objects->total--;
}
}
}
}
$content_objects->objects = array_values($content_objects->objects);
}
// Prepare response object
$object = $this->newPrepareObject($content_objects->objects, $content_objects->total, $start, $attributes);
ajx_extra_data($object);
tpl_assign("listing", $object);
}
