Esempio n. 1
0
function permission_form_parameters($pg_id)
{
    set_time_limit(0);
    ini_set('memory_limit', '512M');
    $member_permissions = array();
    $dimensions = array();
    $dims = Dimensions::findAll(array('order' => 'default_order'));
    $members = array();
    $member_types = array();
    $allowed_object_types = array();
    $allowed_object_types_by_member_type[] = array();
    $root_permissions = array();
    $enabled_dimensions = config_option("enabled_dimensions");
    foreach ($dims as $dim) {
        if ($dim->getDefinesPermissions() && in_array($dim->getId(), $enabled_dimensions)) {
            $dimensions[] = $dim;
            $root_members = DB::executeAll("SELECT * FROM " . TABLE_PREFIX . "members WHERE dimension_id=" . $dim->getId() . " AND parent_member_id=0 ORDER BY name ASC");
            $tmp_mem_ids = array();
            foreach ($root_members as $mem) {
                if (!isset($members[$dim->getId()])) {
                    $members[$dim->getId()] = array();
                }
                $members[$dim->getId()][] = $mem;
                $members[$dim->getId()] = array_merge($members[$dim->getId()], get_all_children_sorted($mem));
            }
            $allowed_object_types[$dim->getId()] = array();
            $dim_obj_types = $dim->getAllowedObjectTypeContents();
            foreach ($dim_obj_types as $dim_obj_type) {
                // To draw a row for each object type of the dimension
                if (!in_array($dim_obj_type->getContentObjectTypeId(), $allowed_object_types[$dim->getId()])) {
                    $allowed_object_types[$dim->getId()][] = $dim_obj_type->getContentObjectTypeId();
                }
                // To enable or disable object types depending on the selected member
                if (!is_array(array_var($allowed_object_types_by_member_type, $dim_obj_type->getDimensionObjectTypeId()))) {
                    $allowed_object_types_by_member_type[$dim_obj_type->getDimensionObjectTypeId()] = array();
                }
                $allowed_object_types_by_member_type[$dim_obj_type->getDimensionObjectTypeId()][] = $dim_obj_type->getContentObjectTypeId();
            }
            if ($dim->deniesAllForContact($pg_id)) {
                $cmp_count = ContactMemberPermissions::count("`permission_group_id` = {$pg_id} and member_id in (select m.id from " . TABLE_PREFIX . "members m where m.dimension_id=" . $dim->getId() . ")");
                if ($cmp_count > 0) {
                    $dim->setContactDimensionPermission($pg_id, 'check');
                }
            }
            if ($dim->hasAllowAllForContact($pg_id)) {
                if (isset($members[$dim->getId()])) {
                    foreach ($members[$dim->getId()] as $mem) {
                        $member_permissions[$mem['id']] = array();
                        foreach ($dim_obj_types as $dim_obj_type) {
                            if ($dim_obj_type->getDimensionObjectTypeId() == $mem['object_type_id']) {
                                $member_permissions[$mem['id']][] = array('o' => $dim_obj_type->getContentObjectTypeId(), 'w' => 1, 'd' => 1, 'r' => 1);
                            }
                        }
                    }
                }
            } else {
                if (!$dim->deniesAllForContact($pg_id)) {
                    if (isset($members[$dim->getId()])) {
                        $tmp_ids = array();
                        foreach ($members[$dim->getId()] as $mem) {
                            $tmp_ids[] = $mem['id'];
                        }
                        $mem_pgs = array();
                        if (is_array($tmp_ids) && count($tmp_ids)) {
                            $pgs = DB::executeAll("SELECT * FROM " . TABLE_PREFIX . "contact_member_permissions WHERE permission_group_id={$pg_id} AND member_id IN (" . implode(',', $tmp_ids) . ")\r\n\t\t\t\t\t\t\t\t\tAND object_type_id IN (SELECT ot.id FROM " . TABLE_PREFIX . "object_types ot WHERE ot.type IN ('content_object','located'))");
                            if (is_array($pgs)) {
                                foreach ($pgs as $p) {
                                    if (!isset($mem_pgs[$p['member_id']])) {
                                        $mem_pgs[$p['member_id']] = array();
                                    }
                                    $mem_pgs[$p['member_id']][] = $p;
                                }
                            }
                        }
                        foreach ($members[$dim->getId()] as $mem) {
                            $member_permissions[$mem['id']] = array();
                            if (isset($mem_pgs[$mem['id']]) && is_array($mem_pgs[$mem['id']])) {
                                foreach ($mem_pgs[$mem['id']] as $pg) {
                                    $member_permissions[$mem['id']][] = array('o' => $pg['object_type_id'], 'w' => $pg['can_write'], 'd' => $pg['can_delete'], 'r' => 1);
                                }
                            }
                        }
                    }
                }
            }
            if (isset($members[$dim->getId()])) {
                foreach ($members[$dim->getId()] as $member) {
                    $member_types[$member['id']] = $member['object_type_id'];
                }
            }
        }
    }
    if (config_option('let_users_create_objects_in_root')) {
        $root_cmps = ContactMemberPermissions::findAll(array('conditions' => 'permission_group_id = ' . $pg_id . ' AND member_id = 0'));
        foreach ($root_cmps as $root_cmp) {
            $root_permissions[$root_cmp->getObjectTypeId()] = array('w' => $root_cmp->getCanWrite(), 'd' => $root_cmp->getCanDelete(), 'r' => 1);
        }
    }
    $all_object_types = ObjectTypes::findAll(array("conditions" => "`type` IN ('content_object', 'located') AND name <> 'template_task' AND name <> 'template_milestone' AND `name` <> 'template' AND `name` <> 'file revision'"));
    return array('member_types' => $member_types, 'allowed_object_types_by_member_type' => $allowed_object_types_by_member_type, 'allowed_object_types' => $allowed_object_types, 'all_object_types' => $all_object_types, 'member_permissions' => $member_permissions, 'dimensions' => $dimensions, 'root_permissions' => $root_permissions);
}
Esempio n. 2
0
function save_member_permissions($member)
{
    $permissionsString = array_var($_POST, 'permissions');
    if ($permissionsString && $permissionsString != '') {
        $permissions = json_decode($permissionsString);
    }
    $sharingTablecontroller = new SharingTableController();
    $changed_pgs = array();
    if (isset($permissions) && is_array($permissions)) {
        $allowed_pg_ids = array();
        foreach ($permissions as &$perm) {
            $cmp = ContactMemberPermissions::findById(array('permission_group_id' => $perm->pg, 'member_id' => $member->getId(), 'object_type_id' => $perm->o));
            if (!$cmp instanceof ContactMemberPermission) {
                $cmp = new ContactMemberPermission();
                $cmp->setPermissionGroupId($perm->pg);
                $cmp->setMemberId($member->getId());
                $cmp->setObjectTypeId($perm->o);
            }
            $cmp->setCanWrite($perm->w);
            $cmp->setCanDelete($perm->d);
            if ($perm->r) {
                $allowed_pg_ids[$perm->pg] = array();
                if (isset($allowed_pg_ids[$perm->pg]['w'])) {
                    if (!$allowed_pg_ids[$perm->pg]['w']) {
                        $allowed_pg_ids[$perm->pg]['w'] = $perm->w;
                    }
                } else {
                    $allowed_pg_ids[$perm->pg]['w'] = $perm->w;
                }
                if (isset($allowed_pg_ids[$perm->pg]['d'])) {
                    if (!$allowed_pg_ids[$perm->pg]['d']) {
                        $allowed_pg_ids[$perm->pg]['d'] = $perm->d;
                    }
                } else {
                    $allowed_pg_ids[$perm->pg]['d'] = $perm->d;
                }
                $cmp->save();
            } else {
                $cmp->delete();
            }
            $perm->m = $member->getId();
            $changed_pgs[] = $perm->pg;
        }
        foreach ($changed_pgs as $pg_id) {
            $sharingTablecontroller->afterPermissionChanged($pg_id, $permissions);
        }
        foreach ($allowed_pg_ids as $key => $mids) {
            $root_cmp = ContactMemberPermissions::findById(array('permission_group_id' => $key, 'member_id' => $member->getId(), 'object_type_id' => $member->getObjectTypeId()));
            if (!$root_cmp instanceof ContactMemberPermission) {
                $root_cmp = new ContactMemberPermission();
                $root_cmp->setPermissionGroupId($key);
                $root_cmp->setMemberId($member->getId());
                $root_cmp->setObjectTypeId($member->getObjectTypeId());
            }
            $root_cmp->setCanWrite($mids['w'] == true ? 1 : 0);
            $root_cmp->setCanDelete($mids['d'] == true ? 1 : 0);
            $root_cmp->save();
        }
    }
    // check the status of the dimension to set 'allow_all', 'deny_all' or 'check'
    $dimension = $member->getDimension();
    $mem_ids = $dimension->getAllMembers(true);
    if (count($mem_ids) == 0) {
        $mem_ids[] = 0;
    }
    foreach ($changed_pgs as $pg_id) {
        $count = ContactMemberPermissions::count(array('conditions' => "`permission_group_id`={$pg_id} AND `member_id` IN (" . implode(",", $mem_ids) . ") AND `can_delete` = 0"));
        if ($count > 0) {
            $dimension->setContactDimensionPermission($pg_id, 'check');
        } else {
            $count = ContactMemberPermissions::count(array('conditions' => "`permission_group_id`={$pg_id} AND `member_id` IN (" . implode(",", $mem_ids) . ")"));
            if ($count == 0) {
                $dimension->setContactDimensionPermission($pg_id, 'deny all');
            } else {
                $allow_all = true;
                $dim_obj_types = $dimension->getAllowedObjectTypeContents();
                $members = Members::findAll("`id` IN (" . implode(",", $mem_ids) . ")");
                foreach ($dim_obj_types as $dim_obj_type) {
                    $mem_ids_for_ot = array();
                    foreach ($members as $member) {
                        if ($dim_obj_type->getDimensionObjectTypeId() == $member->getObjectTypeId()) {
                            $mem_ids_for_ot[] = $member->getId();
                        }
                    }
                    if (count($mem_ids_for_ot) == 0) {
                        $mem_ids_for_ot[] = 0;
                    }
                    $count = ContactMemberPermissions::count(array('conditions' => "`permission_group_id`={$pg_id} AND \n\t\t\t\t\t\t`object_type_id` = " . $dim_obj_type->getContentObjectTypeId() . " AND `can_delete` = 1 AND `member_id` IN (" . implode(",", $mem_ids_for_ot) . ")"));
                    if ($count != count($mem_ids_for_ot)) {
                        $allow_all = false;
                        break;
                    }
                }
                if ($allow_all) {
                    $dimension->setContactDimensionPermission($pg_id, 'allow all');
                } else {
                    $dimension->setContactDimensionPermission($pg_id, 'check');
                }
            }
        }
    }
}
function core_dim_add_new_contact_to_person_dimension($object)
{
    /* @var $object Contact */
    $person_ot = ObjectTypes::findOne(array("conditions" => "`name` = 'person'"));
    $company_ot = ObjectTypes::findOne(array("conditions" => "`name` = 'company'"));
    $person_dim = Dimensions::findOne(array("conditions" => "`code` = 'feng_persons'"));
    if ($person_ot instanceof ObjectType && $person_dim instanceof Dimension) {
        $oid = $object->isCompany() ? $company_ot->getId() : $person_ot->getId();
        $tmp_mem = Members::findOne(array("conditions" => "`dimension_id` = " . $person_dim->getId() . " AND `object_type_id` = {$oid} AND `object_id` = " . $object->getId()));
        $reload_dimension = true;
        if ($tmp_mem instanceof Member) {
            $member = $tmp_mem;
            $reload_dimension = false;
        } else {
            $member = new Member();
            $member->setName($object->getObjectName());
            $member->setDimensionId($person_dim->getId());
            $parent_member_id = 0;
            $depth = 1;
            if ($object->isCompany()) {
                $member->setObjectTypeId($company_ot->getId());
            } else {
                $member->setObjectTypeId($person_ot->getId());
                if ($object->getCompanyId() > 0) {
                    $pmember = Members::findOne(array('conditions' => '`object_id` = ' . $object->getCompanyId() . ' AND `object_type_id` = ' . $company_ot->getId() . ' AND `dimension_id` = ' . $person_dim->getId()));
                    if ($pmember instanceof Member) {
                        $parent_member_id = $pmember->getId();
                        $depth = $pmember->getDepth() + 1;
                    }
                }
            }
            $member->setParentMemberId($parent_member_id);
            $member->setDepth($depth);
            $member->setObjectId($object->getId());
            $member->save();
        }
        $sql = "INSERT INTO `" . TABLE_PREFIX . "contact_dimension_permissions` (`permission_group_id`, `dimension_id`, `permission_type`)\r\n\t\t\t\t SELECT `c`.`permission_group_id`, " . $person_dim->getId() . ", 'check'\r\n\t\t\t\t FROM `" . TABLE_PREFIX . "contacts` `c` \r\n\t\t\t\t WHERE `c`.`is_company`=0 AND `c`.`user_type`!=0 AND `c`.`disabled`=0 AND `c`.`object_id`=" . $object->getId() . "\r\n\t\t\t\t ON DUPLICATE KEY UPDATE `dimension_id`=`dimension_id`;";
        DB::execute($sql);
        $sql = "INSERT INTO `" . TABLE_PREFIX . "contact_member_permissions` (`permission_group_id`, `member_id`, `object_type_id`, `can_write`, `can_delete`)\r\n\t\t\t\t SELECT `c`.`permission_group_id`, " . $member->getId() . ", `ot`.`id`, (`c`.`object_id` = " . $object->getId() . ") as `can_write`, (`c`.`object_id` = " . $object->getId() . ") as `can_delete`\r\n\t\t\t\t FROM `" . TABLE_PREFIX . "contacts` `c` JOIN `" . TABLE_PREFIX . "object_types` `ot` \r\n\t\t\t\t WHERE `c`.`is_company`=0 AND `c`.`object_id`=" . $object->getId() . "\r\n\t\t\t\t \tAND `c`.`user_type`!=0 AND `c`.`disabled`=0\r\n\t\t\t\t\tAND `ot`.`type` IN ('content_object', 'comment', 'located')\r\n\t\t\t\t ON DUPLICATE KEY UPDATE `member_id`=`member_id`;";
        DB::execute($sql);
        DB::execute("DELETE FROM `" . TABLE_PREFIX . "contact_member_permissions` WHERE `permission_group_id` = 0;");
        // NEW! Add contact to its own member to be searchable
        if (logged_user() instanceof Contact) {
            $object->addToMembers(array($member));
            $object->addToSharingTable();
        }
        // add permission to creator
        if ($object->getCreatedBy() instanceof Contact) {
            $record_count = ContactMemberPermissions::count(array("`permission_group_id` = ? AND `member_id` = ?", $object->getCreatedBy()->getPermissionGroupId(), $member->getId()));
            if ($record_count == 0) {
                DB::execute("INSERT INTO `" . TABLE_PREFIX . "contact_member_permissions` (`permission_group_id`, `member_id`, `object_type_id`, `can_write`, `can_delete`)\r\n\t\t\t\t SELECT " . $object->getCreatedBy()->getPermissionGroupId() . ", " . $member->getId() . ", `ot`.`id`, 1, 1\r\n\t\t\t\t FROM `" . TABLE_PREFIX . "object_types` `ot` \r\n\t\t\t\t WHERE `ot`.`type` IN ('content_object', 'comment', 'located');");
            }
        }
        if ($reload_dimension) {
            evt_add("reload dimension tree", array('dim_id' => $member->getDimensionId()));
        }
    }
}