function list_members()
{
if (!logged_user()->isAdminGroup()) {
flash_error(lang('no access permissions'));
ajx_current("empty");
return;
}
ajx_set_no_toolbar();
$dim_id = array_var($_REQUEST, 'dim', 0);
$dimension = Dimensions::findById($dim_id);
if (!$dimension instanceof Dimension) {
flash_error(lang('dimension snx'));
ajx_current("empty");
return;
}
if (isset($_REQUEST['page'])) {
ajx_replace(true);
}
// parameters
$page = array_var($_REQUEST, 'page');
$order_by = array_var($_REQUEST, 'order');
$order_by_dir = array_var($_REQUEST, 'order_dir');
// pagination params
$items_x_page = array_var($_REQUEST, 'items_x_page', 20);
if (!$page) {
$page = 1;
}
$offset = $items_x_page * ($page - 1);
// order defaults
if (!$order_by) {
$order_by = 'name';
}
if (!in_array($order_by_dir, array('ASC', 'DESC'))) {
$order_by_dir = 'ASC';
}
// this function already checks dimension options
$dim_name = $dimension->getName();
// permissions sql
$perm_sql = "";
if ($dimension->getDefinesPermissions() && !logged_user()->isAdministrator()) {
$pg_ids = logged_user()->getPermissionGroupIds();
$perm_sql = " AND EXISTS (SELECT cmp.member_id FROM " . TABLE_PREFIX . "contact_member_permissions cmp WHERE cmp.member_id=m.id AND cmp.permission_group_id IN (" . implode(',', $pg_ids) . "))";
}
$main_sql = "SELECT m.id, l.created_on, l.created_by_id, l.member_id FROM " . TABLE_PREFIX . "members m LEFT JOIN " . TABLE_PREFIX . "application_logs l ON l.member_id=m.id AND l.action='add' WHERE m.dimension_id='{$dim_id}' {$perm_sql}";
$sql = "{$main_sql}\r\n\t\t\t\tORDER BY {$order_by} {$order_by_dir} \r\n\t\t\t\tLIMIT {$offset}, {$items_x_page}";
$rows = DB::executeAll($sql);
$count_sql = str_replace("SELECT m.id, l.created_on, l.created_by_id, l.member_id FROM", "SELECT count(*) as total FROM", $main_sql);
$count_row = DB::executeAll($count_sql);
$members = array();
$ids = array();
$log_data = array();
foreach ($rows as $row) {
$members[] = Members::findById($row['id']);
$log_data[$row['id']] = array('created_on' => $row['created_on'], 'created_by_id' => $row['created_by_id']);
}
$member_type_ids = array_flat(DB::executeAll("SELECT object_type_id FROM " . TABLE_PREFIX . "dimension_object_types WHERE dimension_id={$dim_id} AND is_root=1"));
$member_types = ObjectTypes::findAll(array('conditions' => 'id IN (' . implode(',', $member_type_ids) . ')'));
tpl_assign('members', $members);
tpl_assign('log_data', $log_data);
tpl_assign('dimension', $dimension);
tpl_assign('dimension_name', $dim_name);
tpl_assign('member_types', $member_types);
tpl_assign('page', $page);
tpl_assign('total_items', $count_row[0]['total']);
tpl_assign('items_x_page', $items_x_page);
tpl_assign('order_by', $order_by);
tpl_assign('order_by_dir', $order_by_dir);
}
function edit()
{
if (!can_manage_dimension_members(logged_user())) {
flash_error(lang('no access permissions'));
ajx_current("empty");
return;
}
$member = Members::findById(get_id());
if (!$member instanceof Member) {
flash_error(lang('member dnx'));
ajx_current("empty");
return;
}
$this->setTemplate('add');
$member_data = array_var($_POST, 'member');
if (!is_array($member_data)) {
// New ! Permissions
$permission_parameters = permission_member_form_parameters($member);
tpl_assign('permission_parameters', $permission_parameters);
//--
tpl_assign("member", $member);
$member_data['name'] = $member->getName();
$current_dimension = $member->getDimension();
if (!$current_dimension instanceof Dimension) {
flash_error("dimension dnx");
ajx_current("empty");
return;
}
tpl_assign("current_dimension", $current_dimension);
$ot_ids = implode(",", DimensionObjectTypes::getObjectTypeIdsByDimension($current_dimension->getId()));
$dimension_obj_types = ObjectTypes::findAll(array("conditions" => "`id` IN ({$ot_ids})"));
$dimension_obj_types_info = array();
foreach ($dimension_obj_types as $ot) {
$info = $ot->getArrayInfo(array('id', 'name', 'type'));
$info['name'] = lang(array_var($info, 'name'));
$dimension_obj_types_info[] = $info;
}
tpl_assign('dimension_obj_types', $dimension_obj_types_info);
tpl_assign('obj_type_sel', $member->getObjectTypeId());
tpl_assign('parents', self::getAssignableParents($member->getDimensionId(), $member->getObjectTypeId()));
tpl_assign('parent_sel', $member->getParentMemberId());
tpl_assign("member_data", $member_data);
tpl_assign('can_change_type', false);
$restricted_dim_defs = DimensionMemberRestrictionDefinitions::findAll(array("conditions" => array("`dimension_id` = ?", $member->getDimensionId())));
$ot_with_restrictions = array();
foreach ($restricted_dim_defs as $rdef) {
if (!isset($ot_with_restrictions[$rdef->getObjectTypeId()])) {
$ot_with_restrictions[$rdef->getObjectTypeId()] = true;
}
}
tpl_assign('ot_with_restrictions', $ot_with_restrictions);
$associations = DimensionMemberAssociations::findAll(array("conditions" => array("`dimension_id` = ?", $member->getDimensionId())));
$ot_with_associations = array();
foreach ($associations as $assoc) {
if (!isset($ot_with_associations[$assoc->getObjectTypeId()])) {
$ot_with_associations[$assoc->getObjectTypeId()] = true;
}
}
tpl_assign('ot_with_associations', $ot_with_associations);
} else {
$ok = $this->saveMember($member_data, $member, false);
save_member_permissions($member);
// NEW member permissions
if ($ok) {
$ret = null;
Hook::fire('after_edit_member', $member, $ret);
evt_add("reload dimension tree", $member->getDimensionId());
// ApplicationLogs::createLog($member, ApplicationLogs::ACTION_EDIT, false, true);
}
}
}
function dimension_options_submit()
{
ajx_current("empty");
if (!can_manage_dimensions(logged_user())) {
flash_error(lang('no access permissions'));
return;
}
$folder_ots = ObjectTypes::findAll(array('id' => true, 'conditions' => "name IN ('folder','project_folder','customer_folder')"));
$data = array_var($_POST, 'enabled_dots');
$names_data = array_var($_POST, 'custom_names');
if (is_array($data) || is_array($names_data)) {
try {
DB::beginWork();
// enabled dimension object types
foreach ($data as $dim_id => $ots_info) {
foreach ($ots_info as $ot_id => $enabled) {
DB::execute("UPDATE " . TABLE_PREFIX . "dimension_object_types SET enabled=" . DB::escape($enabled) . " \r\n\t\t\t\t\t\t\tWHERE dimension_id=" . DB::escape($dim_id) . " AND object_type_id=" . DB::escape($ot_id));
// if object type is folder, set the same configuration to all folder types
if (in_array($ot_id, $folder_ots)) {
DB::execute("UPDATE " . TABLE_PREFIX . "dimension_object_types SET enabled=" . DB::escape($enabled) . "\r\n\t\t\t\t\t\t\t\tWHERE dimension_id=" . DB::escape($dim_id) . " AND object_type_id IN (" . implode(',', $folder_ots) . ")");
}
}
}
// custom dimension names
foreach ($names_data as $dim_id => $custom_name) {
$cname = trim($custom_name);
$dimension = Dimensions::getDimensionById($dim_id);
if ($dimension instanceof Dimension) {
$dimension->setOptionValue('custom_dimension_name', $cname);
}
}
DB::commit();
flash_success(lang("success edit dimension options"));
evt_add('tabs changed');
//ajx_current("back");
} catch (Exception $e) {
DB::rollback();
flash_error($e->getMessage());
ajx_current("empty");
}
}
}
function edit()
{
if (!can_manage_dimension_members(logged_user())) {
flash_error(lang('no access permissions'));
ajx_current("empty");
return;
}
$member = Members::findById(get_id());
if (!$member instanceof Member) {
flash_error(lang('member dnx'));
ajx_current("empty");
return;
}
$ret = array();
Hook::fire('check_additional_member_permissions', array('action' => 'edit', 'member' => $member, 'pg_id' => logged_user()->getPermissionGroupId()), $ret);
if (count($ret) > 0 && !array_var($ret, 'ok')) {
flash_error(array_var($ret, 'message'));
ajx_current("empty");
return;
}
$this->setTemplate('add');
$member_data = array_var($_POST, 'member');
if (!is_array($member_data)) {
// New ! Permissions
$permission_parameters = permission_member_form_parameters($member);
tpl_assign('permission_parameters', $permission_parameters);
//--
tpl_assign("member", $member);
$member_data['name'] = $member->getName();
$member_data['description'] = $member->getDescription();
$current_dimension = $member->getDimension();
if (!$current_dimension instanceof Dimension) {
flash_error("dimension dnx");
ajx_current("empty");
return;
}
tpl_assign("current_dimension", $current_dimension);
$ot_ids = implode(",", DimensionObjectTypes::getObjectTypeIdsByDimension($current_dimension->getId()));
$dimension_obj_types = ObjectTypes::findAll(array("conditions" => "`id` IN ({$ot_ids})"));
$dimension_obj_types_info = array();
foreach ($dimension_obj_types as $ot) {
$info = $ot->getArrayInfo(array('id', 'name', 'type'));
$info['name'] = lang(array_var($info, 'name'));
$dimension_obj_types_info[] = $info;
}
tpl_assign('dimension_obj_types', $dimension_obj_types_info);
tpl_assign('obj_type_sel', $member->getObjectTypeId());
tpl_assign('parents', self::getAssignableParents($member->getDimensionId(), $member->getObjectTypeId()));
tpl_assign('parent_sel', $member->getParentMemberId());
tpl_assign("member_data", $member_data);
tpl_assign('can_change_type', false);
$restricted_dim_defs = DimensionMemberRestrictionDefinitions::findAll(array("conditions" => array("`dimension_id` = ?", $member->getDimensionId())));
$ot_with_restrictions = array();
foreach ($restricted_dim_defs as $rdef) {
if (!isset($ot_with_restrictions[$rdef->getObjectTypeId()])) {
$ot_with_restrictions[$rdef->getObjectTypeId()] = true;
}
}
tpl_assign('ot_with_restrictions', $ot_with_restrictions);
$associations = DimensionMemberAssociations::findAll(array("conditions" => array("`dimension_id` = ?", $member->getDimensionId())));
$ot_with_associations = array();
foreach ($associations as $assoc) {
if (!isset($ot_with_associations[$assoc->getObjectTypeId()])) {
$ot_with_associations[$assoc->getObjectTypeId()] = true;
}
}
tpl_assign('ot_with_associations', $ot_with_associations);
} else {
try {
$old_parent = $member->getParentMemberId();
$ok = $this->saveMember($member_data, $member, false);
Env::useHelper('permissions');
save_member_permissions_background(logged_user(), $member, array_var($_REQUEST, 'permissions'), $old_parent);
if ($ok) {
ApplicationLogs::createLog($member, ApplicationLogs::ACTION_EDIT);
$ret = null;
Hook::fire('after_edit_member', $member, $ret);
//evt_add("reload dimension tree", array('dim_id' => $member->getDimensionId(), 'mid' => $member->getId(), 'pid' => $member->getParentMemberId()));
evt_add("update dimension tree node", array('dim_id' => $member->getDimensionId(), 'member_id' => $member->getId()));
}
} catch (Exception $e) {
DB::rollback();
flash_error($e->getMessage());
ajx_current("empty");
}
}
}
echo $type->getIcon();
?>
'
});
<?php
}
}
?>
var searchForm = document.getElementById("searchbox").getElementsByTagName("form")[0] ;
H5F.setup(searchForm);
og.additional_on_dimension_object_click = [];
og.dimension_object_types = [];
<?php
$dimension_object_types = ObjectTypes::findAll(array('conditions' => "`type` IN ('dimension_object', 'dimension_group')"));
foreach ($dimension_object_types as $dot) {
?>
og.dimension_object_types[<?php
echo $dot->getId();
?>
] = '<?php
echo $dot->getName();
?>
';
<?php
}
foreach (Plugins::instance()->getActive() as $p) {
$js_code = 'if (og.' . $p->getName() . ' && og.' . $p->getName() . '.init) og.' . $p->getName() . '.init();' . "\n";
echo $js_code;
}
static function prepareFiltersConditions($filters)
{
$name_filter_condition = "";
$obj_ids_filter_condition = "";
$type_filter_condition = "";
if (!is_null($filters) && is_array($filters)) {
$type_filters = array_var($filters, 'types');
if (is_array($type_filters) && count($type_filters) > 0) {
$type_filters_ids = ObjectTypes::findAll(array('id' => 'true', 'conditions' => "`name` IN (" . DB::escape($type_filters) . ")"));
$type_filter_condition = " AND `o`.`object_type_id` IN (" . implode(",", $type_filters_ids) . ")";
}
$name_filter = array_var($filters, 'name');
$name_filter_condition = is_null($name_filter) ? "" : " AND `o`.`name` LIKE " . DB::escape("{$name_filter}%");
$obj_ids_filter = array_var($filters, 'object_ids');
$obj_ids_filter_condition = is_null($obj_ids_filter) ? "" : " AND `o`.`id` IN ({$obj_ids_filter})";
}
return array($name_filter_condition, $obj_ids_filter_condition, $type_filter_condition);
}
/**
* Enter description here ...
* @param Contact $contact
* @param array of ObjectType $types
* @param array of int $members
*/
function grantAllPermissions(Contact $contact, $members)
{
if ($contact->getUserType() > 0 && count($members)) {
$userType = $contact->getUserTypeName();
$permissions = array();
// TO fill sharing table
$gid = $contact->getPermissionGroupId();
foreach ($members as $member_id) {
//new
$member = Members::findById($member_id);
$dimension = $member->getDimension();
$types = array();
$member_types = DimensionObjectTypeContents::getContentObjectTypeIds($dimension->getId(), $member->getObjectTypeId());
if (count($member_types)) {
switch ($userType) {
case 'Super Administrator':
case 'Administrator':
case 'Manager':
case 'Executive':
$types = $member_types;
break;
case 'Collaborator Customer':
case 'Non-Exec Director':
foreach (ObjectTypes::findAll(array("conditions" => " name NOT IN ('mail') ")) as $type) {
//TODO This sucks
$types[] = $type->getId();
}
break;
case 'Internal Collaborator':
case 'External Collaborator':
foreach (ObjectTypes::findAll(array("conditions" => " name NOT IN ('mail','contact', 'report') ")) as $type) {
//TODO This sucks
$types[] = $type->getId();
}
break;
case 'Guest Customer':
foreach (ObjectTypes::findAll(array("conditions" => " name IN ('message', 'weblink', 'event', 'file') ")) as $type) {
//TODO This sucks
$types[] = $type->getId();
}
break;
case 'Guest':
foreach (ObjectTypes::findAll(array("conditions" => " name IN ('message', 'weblink', 'event') ")) as $type) {
//TODO This sucks
$types[] = $type->getId();
}
break;
}
}
foreach ($types as $type_id) {
if (!ContactMemberPermissions::instance()->findOne(array("conditions" => "permission_group_id = {$gid}\tAND \n\t\t\t\t\t\t\tmember_id = {$member_id} AND \n\t\t\t\t\t\t\tobject_type_id = {$type_id}"))) {
$cmp = new ContactMemberPermission();
$cmp->setPermissionGroupId($gid);
$cmp->setMemberId($member_id);
$cmp->setObjectTypeId($type_id);
if ($userType != "Guest" && $userType != "Guest Customer") {
$cmp->setCanWrite(1);
$cmp->setCanDelete(1);
} else {
$cmp->setCanWrite(0);
$cmp->setCanDelete(0);
}
$cmp->save();
$perm = new stdClass();
$perm->m = $member_id;
$perm->r = 1;
$perm->w = 1;
$perm->d = 1;
$perm->o = $type_id;
$permissions[] = $perm;
}
}
}
if (count($permissions)) {
$stCtrl = new SharingTableController();
$stCtrl->afterPermissionChanged($contact->getPermissionGroupId(), $permissions);
}
}
}
function permission_form_parameters($pg_id)
{
$member_permissions = array();
$dimensions = array();
$dims = Dimensions::findAll();
$members = array();
$member_types = array();
$allowed_object_types = array();
$allowed_object_types_by_member_type[] = array();
foreach ($dims as $dim) {
if ($dim->getDefinesPermissions()) {
$dimensions[] = $dim;
$root_members = Members::findAll(array('conditions' => array('`dimension_id`=? AND `parent_member_id`=0', $dim->getId()), 'order' => '`name` ASC'));
foreach ($root_members as $mem) {
$members[$dim->getId()][] = $mem;
$members[$dim->getId()] = array_merge($members[$dim->getId()], $mem->getAllChildrenSorted());
}
$allowed_object_types[$dim->getId()] = array();
$dim_obj_types = $dim->getAllowedObjectTypeContents();
foreach ($dim_obj_types as $dim_obj_type) {
// To draw a row for each object type of the dimension
if (!in_array($dim_obj_type->getContentObjectTypeId(), $allowed_object_types[$dim->getId()])) {
$allowed_object_types[$dim->getId()][] = $dim_obj_type->getContentObjectTypeId();
}
// To enable or disable object types depending on the selected member
if (!is_array(array_var($allowed_object_types_by_member_type, $dim_obj_type->getDimensionObjectTypeId()))) {
$allowed_object_types_by_member_type[$dim_obj_type->getDimensionObjectTypeId()] = array();
}
$allowed_object_types_by_member_type[$dim_obj_type->getDimensionObjectTypeId()][] = $dim_obj_type->getContentObjectTypeId();
}
if ($dim->hasAllowAllForContact($pg_id)) {
foreach ($members[$dim->getId()] as $mem) {
$member_permissions[$mem->getId()] = array();
foreach ($dim_obj_types as $dim_obj_type) {
if ($dim_obj_type->getDimensionObjectTypeId() == $mem->getObjectTypeId()) {
$member_permissions[$mem->getId()][] = array('o' => $dim_obj_type->getContentObjectTypeId(), 'w' => 1, 'd' => 1, 'r' => 1);
}
}
}
} else {
if (!$dim->deniesAllForContact($pg_id)) {
if (isset($members[$dim->getId()])) {
foreach ($members[$dim->getId()] as $mem) {
$member_permissions[$mem->getId()] = array();
$pgs = ContactMemberPermissions::findAll(array("conditions" => array("`permission_group_id` = ? AND `member_id` = ?", $pg_id, $mem->getId())));
if (is_array($pgs)) {
foreach ($pgs as $pg) {
$member_permissions[$mem->getId()][] = array('o' => $pg->getObjectTypeId(), 'w' => $pg->getCanWrite(), 'd' => $pg->getCanDelete(), 'r' => 1);
}
}
}
}
}
}
if (isset($members[$dim->getId()])) {
foreach ($members[$dim->getId()] as $member) {
$member_types[$member->getId()] = $member->getObjectTypeId();
}
}
}
}
$all_object_types = ObjectTypes::findAll(array("conditions" => "`type` IN ('content_object', 'located') AND `name` <> 'file revision'"));
return array('member_types' => $member_types, 'allowed_object_types_by_member_type' => $allowed_object_types_by_member_type, 'allowed_object_types' => $allowed_object_types, 'all_object_types' => $all_object_types, 'member_permissions' => $member_permissions, 'dimensions' => $dimensions);
}
function save_permissions($pg_id, $is_guest = false, $permissions_data = null, $save_cmps = true, $update_sharing_table = true, $fire_hook = true, $update_contact_member_cache = true, $users_ids_to_check = array(), $only_member_permissions = false)
{
if (is_null($permissions_data)) {
// system permissions
$sys_permissions_data = array_var($_POST, 'sys_perm');
// module permissions
$mod_permissions_data = array_var($_POST, 'mod_perm');
// root permissions
if ($rp_genid = array_var($_POST, 'root_perm_genid')) {
$rp_permissions_data = array();
foreach ($_POST as $name => $value) {
if (str_starts_with($name, $rp_genid . 'rg_root_')) {
$rp_permissions_data[$name] = $value;
}
}
}
// member permissions
$permissionsString = array_var($_POST, 'permissions');
} else {
// system permissions
$sys_permissions_data = array_var($permissions_data, 'sys_perm');
// module permissions
$mod_permissions_data = array_var($permissions_data, 'mod_perm');
// root permissions
$rp_genid = array_var($permissions_data, 'root_perm_genid');
$rp_permissions_data = array_var($permissions_data, 'root_perm');
// member permissions
$permissionsString = array_var($permissions_data, 'permissions');
}
try {
DB::beginWork();
$changed_members = array();
// save module permissions
if (!$only_member_permissions) {
try {
TabPanelPermissions::clearByPermissionGroup($pg_id, true);
if (!is_null($mod_permissions_data) && is_array($mod_permissions_data)) {
foreach ($mod_permissions_data as $tab_id => $val) {
DB::execute("INSERT INTO " . TABLE_PREFIX . "tab_panel_permissions (permission_group_id,tab_panel_id) VALUES ('{$pg_id}','{$tab_id}') ON DUPLICATE KEY UPDATE permission_group_id=permission_group_id");
}
}
} catch (Exception $e) {
Logger::log("Error saving module permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
throw $e;
}
}
$root_permissions_sharing_table_delete = array();
$root_permissions_sharing_table_add = array();
if (logged_user() instanceof Contact && can_manage_security(logged_user())) {
try {
if (!$only_member_permissions) {
// save system permissions
$system_permissions = SystemPermissions::findById($pg_id);
if (!$system_permissions instanceof SystemPermission) {
$system_permissions = new SystemPermission();
$system_permissions->setPermissionGroupId($pg_id);
}
$system_permissions->setAllPermissions(false);
$other_permissions = array();
Hook::fire('add_user_permissions', $pg_id, $other_permissions);
foreach ($other_permissions as $k => $v) {
$system_permissions->setColumnValue($k, false);
}
// check max permissions for role, in case of modifying user's permissions
$role_id = "-1";
$tmp_contact = Contacts::findOne(array('conditions' => 'permission_group_id = ' . $pg_id));
if ($tmp_contact instanceof Contact) {
$role_id = $tmp_contact->getUserType();
}
$max_role_system_permissions = MaxSystemPermissions::findOne(array('conditions' => 'permission_group_id = ' . $role_id));
if ($max_role_system_permissions instanceof MaxSystemPermission) {
foreach ($sys_permissions_data as $col => &$val) {
$max_val = $max_role_system_permissions->getColumnValue($col);
if (!$max_val) {
unset($sys_permissions_data[$col]);
}
}
}
// don't allow to write emails for collaborators and guests
if ($tmp_contact instanceof Contact) {
$user_type_name = $tmp_contact->getUserTypeName();
if (!in_array($user_type_name, array('Super Administrator', 'Administrator', 'Manager', 'Executive'))) {
$mail_ot = ObjectTypes::findByName('mail');
if ($mail_ot instanceof ObjectType) {
DB::executeAll("UPDATE " . TABLE_PREFIX . "contact_member_permissions SET can_write=0, can_delete=0 WHERE object_type_id=" . $mail_ot->getId() . " AND permission_group_id={$pg_id}");
}
}
}
$sys_permissions_data['can_task_assignee'] = !$is_guest;
$system_permissions->setFromAttributes($sys_permissions_data);
$system_permissions->setUseOnDuplicateKeyWhenInsert(true);
$system_permissions->save();
//object type root permissions
$can_have_root_permissions = config_option('let_users_create_objects_in_root') && in_array($user_type_name, array('Super Administrator', 'Administrator', 'Manager', 'Executive'));
if ($rp_genid && $can_have_root_permissions) {
ContactMemberPermissions::delete("permission_group_id = {$pg_id} AND member_id = 0");
foreach ($rp_permissions_data as $name => $value) {
if (str_starts_with($name, $rp_genid . 'rg_root_')) {
$rp_ot = substr($name, strrpos($name, '_') + 1);
if (is_numeric($rp_ot) && $rp_ot > 0 && $value == 0) {
$root_permissions_sharing_table_delete[] = $rp_ot;
}
if (!is_numeric($rp_ot) || $rp_ot <= 0 || $value < 1) {
continue;
}
$root_permissions_sharing_table_add[] = $rp_ot;
// save with member_id = 0
$root_perm_cmp = new ContactMemberPermission();
$root_perm_cmp->setPermissionGroupId($pg_id);
$root_perm_cmp->setMemberId('0');
$root_perm_cmp->setObjectTypeId($rp_ot);
$root_perm_cmp->setCanWrite($value >= 2);
$root_perm_cmp->setCanDelete($value >= 3);
$root_perm_cmp->save();
}
}
}
if (!$can_have_root_permissions) {
ContactMemberPermissions::delete("permission_group_id = {$pg_id} AND member_id = 0");
$sh_controller = new SharingTableController();
$all_object_type_ids = ObjectTypes::findAll(array('id' => true));
$sh_controller->adjust_root_permissions($pg_id, array('root_permissions_sharing_table_delete' => $all_object_type_ids));
}
}
} catch (Exception $e) {
Logger::log("Error saving system and root permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
throw $e;
}
}
// set all permissions to read_only if user is guest
if ($is_guest) {
try {
$all_saved_permissions = ContactMemberPermissions::findAll(array("conditions" => "`permission_group_id` = {$pg_id}"));
foreach ($all_saved_permissions as $sp) {
/* @var $sp ContactMemberPermission */
if ($sp->getCanDelete() || $sp->getCanWrite()) {
$sp->setCanDelete(false);
$sp->setCanWrite(false);
$sp->save();
}
}
$cdps = ContactDimensionPermissions::findAll(array("conditions" => "`permission_type` = 'allow all'"));
foreach ($cdps as $cdp) {
$cdp->setPermissionType('check');
$cdp->save();
}
} catch (Exception $e) {
Logger::log("Error setting guest user permissions to read_only for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
throw $e;
}
}
// check the status of the changed dimensions to set 'allow_all', 'deny_all' or 'check'
try {
$dimensions = Dimensions::findAll(array("conditions" => array("`id` IN (SELECT DISTINCT `dimension_id` FROM " . Members::instance()->getTableName(true) . " WHERE `id` IN (?))", $changed_members)));
foreach ($dimensions as $dimension) {
$dimension->setContactDimensionPermission($pg_id, 'check');
}
} catch (Exception $e) {
Logger::log("Error setting dimension permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
throw $e;
}
//member permissions
if ($permissionsString && $permissionsString != '') {
$permissions = json_decode($permissionsString);
}
if (isset($permissions) && !is_null($permissions) && is_array($permissions)) {
try {
$tmp_contact = Contacts::findOne(array('conditions' => 'permission_group_id = ' . $pg_id));
if ($tmp_contact instanceof Contact) {
$user_type_name = $tmp_contact->getUserTypeName();
$role_id = $tmp_contact->getUserType();
$max_role_ot_perms = MaxRoleObjectTypePermissions::instance()->findAll(array('conditions' => "role_id = '{$role_id}'"));
}
$mail_ot = ObjectTypes::findByName('mail');
$sql_insert_values = "";
$member_object_types_to_delete = array();
$allowed_members_ids = array();
foreach ($permissions as &$perm) {
if (!isset($all_perm_deleted[$perm->m])) {
$all_perm_deleted[$perm->m] = true;
}
$allowed_members_ids[$perm->m] = array();
$allowed_members_ids[$perm->m]['pg'] = $pg_id;
if ($perm->r) {
if (isset($allowed_members_ids[$perm->m]['w'])) {
if ($allowed_members_ids[$perm->m]['w'] != 1) {
$allowed_members_ids[$perm->m]['w'] = $is_guest ? false : $perm->w;
}
} else {
$allowed_members_ids[$perm->m]['w'] = $is_guest ? false : $perm->w;
}
if (isset($allowed_members_ids[$perm->m]['d'])) {
if ($allowed_members_ids[$perm->m]['d'] != 1) {
$allowed_members_ids[$perm->m]['d'] = $is_guest ? false : $perm->d;
}
} else {
$allowed_members_ids[$perm->m]['d'] = $is_guest ? false : $perm->d;
}
// check max permissions for user type
if ($tmp_contact instanceof Contact) {
$max_perm = null;
foreach ($max_role_ot_perms as $max_role_ot_perm) {
if ($max_role_ot_perm->getObjectTypeId() == $perm->o) {
$max_perm = $max_role_ot_perm;
}
}
if ($max_perm) {
if (!$max_perm->getCanDelete()) {
$perm->d = 0;
}
if (!$max_perm->getCanWrite()) {
$perm->w = 0;
}
} else {
$perm->d = 0;
$perm->w = 0;
$perm->r = 0;
}
}
if ($save_cmps) {
// don't allow to write emails for collaborators and guests
if ($tmp_contact instanceof Contact && !in_array($user_type_name, array('Super Administrator', 'Administrator', 'Manager', 'Executive'))) {
if ($mail_ot instanceof ObjectType && $perm->o == $mail_ot->getId()) {
$perm->d = 0;
$perm->w = 0;
}
}
$sql_insert_values .= ($sql_insert_values == "" ? "" : ",") . "('" . $pg_id . "','" . $perm->m . "','" . $perm->o . "','" . $perm->d . "','" . $perm->w . "')";
if (!isset($member_object_types_to_delete[$perm->m])) {
$member_object_types_to_delete[$perm->m] = array();
}
$member_object_types_to_delete[$perm->m][] = $perm->o;
}
$all_perm_deleted[$perm->m] = false;
} else {
if (is_numeric($perm->m) && is_numeric($perm->o)) {
DB::execute("DELETE FROM " . TABLE_PREFIX . "contact_member_permissions WHERE member_id='" . $perm->m . "' AND object_type_id='" . $perm->o . "' AND permission_group_id={$pg_id}");
}
}
$changed_members[] = $perm->m;
}
if ($save_cmps) {
if (count($all_perm_deleted) > 0) {
$member_ids_to_delete = array();
foreach ($all_perm_deleted as $mid => $del) {
// also check in contact_member_permissions
$cmps = ContactMemberPermissions::findAll(array('conditions' => 'permission_group_id=' . $pg_id . " AND member_id={$mid}"));
if ($del && (!is_array($cmps) || count($cmps) == 0)) {
$member_ids_to_delete[] = $mid;
}
}
if (count($member_ids_to_delete) > 0) {
DB::execute("DELETE FROM " . TABLE_PREFIX . "contact_member_permissions WHERE member_id IN (" . implode(',', $member_ids_to_delete) . ") AND permission_group_id={$pg_id}");
}
}
foreach ($member_object_types_to_delete as $mid => $obj_type_ids) {
if (count($obj_type_ids) > 0) {
DB::execute("DELETE FROM " . TABLE_PREFIX . "contact_member_permissions WHERE member_id={$mid} AND object_type_id IN (" . implode(',', $obj_type_ids) . ") AND permission_group_id={$pg_id}");
}
}
if ($sql_insert_values != "") {
DB::execute("INSERT INTO " . TABLE_PREFIX . "contact_member_permissions (permission_group_id, member_id, object_type_id, can_delete, can_write) VALUES {$sql_insert_values} ON DUPLICATE KEY UPDATE member_id=member_id");
}
}
} catch (Exception $e) {
Logger::log("Error saving member permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
throw $e;
}
}
DB::commit();
} catch (Exception $e) {
Logger::log("Error saving permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
DB::rollback();
}
try {
if (isset($permissions) && !is_null($permissions) && is_array($permissions)) {
if ($update_sharing_table) {
try {
$sharingTablecontroller = new SharingTableController();
$rp_info = array('root_permissions_sharing_table_delete' => $root_permissions_sharing_table_delete, 'root_permissions_sharing_table_add' => $root_permissions_sharing_table_add);
$sharingTablecontroller->afterPermissionChanged($pg_id, $permissions, $rp_info);
} catch (Exception $e) {
Logger::log("Error saving permissions to sharing table for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
throw $e;
}
}
if ($update_contact_member_cache) {
try {
$contactMemberCacheController = new ContactMemberCacheController();
$group = PermissionGroups::findById($pg_id);
$real_group = null;
if ($group->getType() == 'user_groups') {
$real_group = $group;
}
$users = $group->getUsers();
$users_ids_checked = array();
foreach ($users as $us) {
$users_ids_checked[] = $us->getId();
$contactMemberCacheController->afterUserPermissionChanged($us, $permissions, $real_group);
}
//check all users related to the group
foreach ($users_ids_to_check as $us_id) {
if (!in_array($us_id, $users_ids_checked)) {
$users_ids_checked[] = $us_id;
$us = Contacts::findById($us_id);
if ($us instanceof Contact) {
$contactMemberCacheController->afterUserPermissionChanged($us, $permissions, $real_group);
}
}
}
} catch (Exception $e) {
Logger::log("Error saving permissions to contact member cache for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
throw $e;
}
}
}
} catch (Exception $e) {
Logger::log("Error saving module permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
}
if ($fire_hook) {
Hook::fire('after_save_contact_permissions', $pg_id, $pg_id);
}
// remove contact object from members where permissions were deleted
$user = Contacts::findOne(array('conditions' => 'permission_group_id=' . $pg_id));
if ($user instanceof Contact) {
$to_remove = array();
if (isset($all_perm_deleted) && is_array($all_perm_deleted)) {
foreach ($all_perm_deleted as $m_id => $must_remove) {
if ($must_remove) {
$to_remove[] = $m_id;
}
}
ObjectMembers::removeObjectFromMembers($user, logged_user(), null, $to_remove);
}
}
}
