/** * Render project users combo. * * @param String $name * @param array $attributes * @return String All users I am sharing something with. */ function render_sharing_users($name, $attributes = null) { //TODO: This functions must be rebuilt $perms = ObjectUserPermissions::getAllPermissionsByUser(logged_user()); $options = array(option_tag(lang('none'), 0)); $my_id = logged_user()->getId(); if (isset($perms)) { foreach ($perms as $perm) { $file_id = $perm->getFileId(); if (trim($file_id) != '') { $users = ObjectUserPermissions::getAllPermissionsByObjectIdAndManager($file_id, 'ProjectFiles'); foreach ($users as $user_perm) { $user_id = $user_perm->getUserId(); if ($user_id != null && trim($user_id) != '' && $user_id != $my_id) { $user = Users::findById($user_id); if ($user != null) { //foreach user $options[] = option_tag($user->getUserName(), $user->getUserName()); } } } } } } $options = array_unique($options); return select_box($name, $options, $attributes); }
/** * Return parent object object * * @param void * @return ProjectObject */ function getObject() { if (is_null($this->object)) { $this->object = ObjectUserPermissions::findById($this->getObjectId()); } // if return $this->object; }
/** * Return manager instance * * @access protected * @param void * @return ObjectUserPermission */ function manager() { if (!$this->manager instanceof ObjectUserPermissions) { $this->manager = ObjectUserPermissions::instance(); } return $this->manager; }
/** * Return true is $user has $access_level (R/W) over $object * * @param User $user * @param ApplicationDataObject $object * @param int $access_level // 1 = read ; 2 = write * @return unknown */ function can_access(User $user, ApplicationDataObject $object, $access_level) { try { if (!$object instanceof ApplicationDataObject) { throw new Exception(lang('object dnx')); } $hookargs = array("user" => $user, "object" => $object, "access_level" => $access_level); $ret = null; Hook::fire('can_access', $hookargs, $ret); if (is_bool($ret)) { return $ret; } if ($object instanceof Comment) { return can_access($user, $object->getObject(), $access_level); } if ($user->isGuest() && $access_level == ACCESS_LEVEL_WRITE) { return false; } if ($object instanceof ProjectFileRevision) { return can_access($user, $object->getFile(), $access_level); } if ($object->columnExists('project_id')) { $user_id = $user->getId(); if (!$object instanceof ProjectContact && $object->getCreatedById() == $user_id) { return true; } // the user is the creator of the object if ($object instanceof ProjectDataObject && $object->getProject() instanceof Project && $object->getProject()->getId() == $user->getPersonalProjectId()) { return true; } // The object belongs to the user's personal project $perms = ObjectUserPermissions::getAllPermissionsByObject($object, $user->getId()); if ($perms && is_array($perms)) { //if the permissions for the user in the object are specially set return has_access_level($perms[0], $access_level); } $group_ids = GroupUsers::getGroupsCSVsByUser($user_id); if ($group_ids && $group_ids != '') { //user belongs to at least one group $perms = ObjectUserPermissions::getAllPermissionsByObject($object, $group_ids); if ($perms) { foreach ($perms as $perm) { if (has_access_level($perm, $access_level)) { return true; } //there is one group permission that allows the user to access } } } if ($object instanceof ProjectDataObject && $object->getProject()) { //if the object has a project assigned to it $proj_perm = ProjectUsers::findOne(array('conditions' => array('user_id = ? AND project_id = ? ', $user_id, $object->getProject()->getId()))); if ($proj_perm && can_manage_type(get_class($object->manager()), $proj_perm, $access_level)) { return true; // if user has permissions over type of object in the project } if ($group_ids && $group_ids != '') { //user belongs to at least one group $proj_perms = ProjectUsers::findAll(array('conditions' => array('project_id = ' . $object->getProject()->getId() . ' AND user_id in (' . $group_ids . ')'))); if ($proj_perms) { foreach ($proj_perms as $perm) { if (can_manage_type(get_class($object->manager()), $perm, $access_level)) { return true; } // if any group has permissions over type of object in the project } } } } } else { // handle object in multiple workspaces $user_id = $user->getId(); if ($object->getCreatedById() == $user_id) { return true; // the user is the creator of the object } if ($object instanceof MailContent) { $acc = MailAccounts::findById($object->getAccountId()); if (!$acc instanceof MailAccount) { return false; // it's an email with no account and not created by the user } else { if ($access_level == ACCESS_LEVEL_READ && $acc->canView($user) || $access_level == ACCESS_LEVEL_WRITE && $acc->canDelete($user)) { return true; } } } $perms = ObjectUserPermissions::getAllPermissionsByObject($object, $user->getId()); if ($perms && is_array($perms)) { //if the permissions for the user in the object are specially set return has_access_level($perms[0], $access_level); } $group_ids = GroupUsers::getGroupsCSVsByUser($user_id); if ($group_ids && $group_ids != '') { //user belongs to at least one group $perms = ObjectUserPermissions::getAllPermissionsByObject($object, $group_ids); if ($perms) { foreach ($perms as $perm) { if (has_access_level($perm, $access_level)) { return true; //there is one group permission that allows the user to access } } } } if ($object instanceof ProjectDataObject) { $ws = $object->getWorkspaces(); foreach ($ws as $w) { // if the object has a project assigned to it $proj_perm = ProjectUsers::findOne(array('conditions' => array('user_id = ? AND project_id = ? ', $user_id, $w->getId()))); if ($proj_perm && can_manage_type(get_class($object->manager()), $proj_perm, $access_level)) { return true; // if user has permissions over type of object in the project } if ($group_ids && $group_ids != '') { //user belongs to at least one group $proj_perms = ProjectUsers::findAll(array('conditions' => array('project_id = ' . $w->getId() . ' AND user_id in (' . $group_ids . ')'))); if ($proj_perms) { foreach ($proj_perms as $perm) { if (can_manage_type(get_class($object->manager()), $perm, $access_level)) { return true; } // if any group has permissions over type of object in the project } } } } } } } catch (Exception $e) { tpl_assign('error', $e); return false; } return false; }
function setObjUserPermission($user, $obj, $canWrite) { $obj_perm = ObjectUserPermissions::findOne(array('conditions' => "rel_object_id = " . $obj->getId() . " AND rel_object_manager = '" . $obj->getObjectManagerName() . "' AND user_id = " . $user->getId())); if ($obj_perm) { $obj_perm->setColumnValue('can_write', $canWrite); } else { $obj_perm = new ObjectUserPermission(); $obj_perm->setFromAttributes(array('rel_object_id' => $obj->getId(), 'rel_object_manager' => $obj->getObjectManagerName(), 'user_id' => $user->getId(), 'can_read' => 1, 'can_write' => $canWrite)); } try { DB::beginWork(); $obj_perm->save(); DB::commit(); } catch (Exception $e) { DB::rollback(); flash_error($e->getMessage()); ajx_current("empty"); } }
function clearUserPermissions() { return ObjectUserPermissions::delete(array("`rel_object_manager` = ? AND `rel_object_id` = ?", $this->getObjectManagerName(), $this->getId())); }
/** * This function will return paginated result. Result is an array where first element is * array of returned object and second populated pagination object that can be used for * obtaining and rendering pagination data using various helpers. * * Items and pagination array vars are indexed with 0 for items and 1 for pagination * because you can't use associative indexing with list() construct * * @access public * @param array $arguments Query argumens (@see find()) Limit and offset are ignored! * @param integer $items_per_page Number of items per page * @param integer $current_page Current page number * @return array */ function paginate($arguments = null, $items_per_page = 10, $current_page = 1) { if (isset($this) && instance_of($this, 'ObjectUserPermissions')) { return parent::paginate($arguments, $items_per_page, $current_page); } else { return ObjectUserPermissions::instance()->paginate($arguments, $items_per_page, $current_page); //$instance =& ObjectUserPermissions::instance(); //return $instance->paginate($arguments, $items_per_page, $current_page); } // if }