/**
* Enter description here...
* assumes manager has one field as PK
*
* @param DataManager $manager
* @param $access_level ACCESS_LEVEL_XX objects that defines which permission is being checked
* @param string $project_id string that will be compared to the project id while searching project_user table
* @param int $user_id user whose permissions are being checked
* @return unknown
*/
function permissions_sql_for_listings(DataManager $manager, $access_level, User $user, $project_id = '`project_id`', $table_alias = null)
{
if (!$manager instanceof DataManager) {
throw new Exception("Invalid manager '{$manager}' in permissions helper", -1);
return '';
}
$user_id = $user->getId();
$oup_tablename = ObjectUserPermissions::instance()->getTableName(true);
$wo_tablename = WorkspaceObjects::instance()->getTableName(true);
$users_table_name = Users::instance()->getTableName(true);
$pu_table_name = ProjectUsers::instance()->getTableName(true);
if ($user->isGuest() && $access_level == ACCESS_LEVEL_WRITE) {
return 'false';
}
if (isset($table_alias) && $table_alias && $table_alias != '') {
$object_table_name = $table_alias;
} else {
$object_table_name = $manager->getTableName();
}
if (!is_numeric($project_id)) {
$project_id = "{$object_table_name}.{$project_id}";
}
$object_id_field = $manager->getPkColumns();
$object_id = $object_table_name . '.' . $object_id_field;
$object_manager = get_class($manager);
$access_level_text = access_level_field_name($access_level);
$item_class = $manager->getItemClass();
$is_project_data_object = new $item_class() instanceof ProjectDataObject;
// permissions for contacts
if ($manager instanceof Contacts && can_manage_contacts($user)) {
return 'true';
}
if ($manager instanceof Companies && can_manage_contacts($user)) {
return 'true';
}
// permissions for file revisions
if ($manager instanceof ProjectFileRevisions) {
$pfTableName = "`" . TABLE_PREFIX . "project_files`";
return "{$object_table_name}.`file_id` IN (SELECT `id` FROM {$pfTableName} WHERE " . permissions_sql_for_listings(ProjectFiles::instance(), $access_level, $user) . ")";
}
// permissions for projects
if ($manager instanceof Projects) {
$pcTableName = "`" . TABLE_PREFIX . 'project_users`';
return "{$object_table_name}.`id` IN (SELECT `project_id` FROM {$pcTableName} `pc` WHERE `user_id` = {$user_id})";
}
// permissions for users
if ($manager instanceof Users) {
if (logged_user()->isMemberOfOwnerCompany()) {
return "true";
} else {
return "{$object_table_name}.`company_id` = " . owner_company()->getId() . " OR {$object_table_name}.`company_id` = " . logged_user()->getCompanyId();
}
}
$can_manage_object = manager_class_field_name($object_manager, $access_level);
// user is creator
$str = " ( `created_by_id` = {$user_id}) ";
// element belongs to personal project
/*if($is_project_data_object) // TODO: type of element belongs to a project
if (!in_array('project_id', $manager->getColumns())) {
$str .= "\n OR ( EXISTS(SELECT * FROM $users_table_name `xx_u`, $wo_tablename `xx_wo`
WHERE `xx_u`.`id` = $user_id
AND `xx_u`.`personal_project_id` = `xx_wo`.`workspace_id`
AND `xx_wo`.`object_id` = $object_id
AND `xx_wo`.`object_manager` = '$object_manager' )) ";
} else {
$str .= "\n OR ( $project_id = (SELECT `personal_project_id` FROM $users_table_name `xx_u` WHERE `xx_u`.`id` = $user_id)) ";
}
*/
// user or group has specific permissions over object
$group_ids = $user->getGroupsCSV();
$all_ids = '(' . $user_id . ($group_ids != '' ? ',' . $group_ids : '') . ')';
$str .= "\n OR ( EXISTS ( SELECT * FROM {$oup_tablename} `xx_oup` \n\t\t\t\tWHERE `xx_oup`.`rel_object_id` = {$object_id} \n\t\t\t\t\tAND `xx_oup`.`rel_object_manager` = '{$object_manager}' \n\t\t\t\t\tAND `xx_oup`.`user_id` IN {$all_ids} \n\t\t\t\t\tAND `xx_oup`.{$access_level_text} = true) )";
if ($is_project_data_object) {
// TODO: type of element belongs to a project
if (!in_array('project_id', $manager->getColumns())) {
$str .= "\n OR ( EXISTS ( SELECT * FROM {$pu_table_name} `xx_pu`, {$wo_tablename} `xx_wo` \n\t\t\t\tWHERE `xx_pu`.`user_id` IN {$all_ids} \n\t\t\t\t\tAND `xx_pu`.`project_id` = `xx_wo`.`workspace_id`\n\t\t\t\t\tAND `xx_wo`.`object_id` = {$object_id} \n\t\t\t\t\tAND `xx_wo`.`object_manager` = '{$object_manager}'\n\t\t\t\t\tAND `xx_pu`.{$can_manage_object} = true ) ) ";
} else {
$str .= "\n OR ( EXISTS ( SELECT * FROM {$pu_table_name} `xx_pu` \n\t\t\t\tWHERE `xx_pu`.`user_id` IN {$all_ids} \n\t\t\t\t\tAND `xx_pu`.`project_id` = {$project_id} \n\t\t\t\t\tAND `xx_pu`.{$can_manage_object} = true ) ) ";
}
}
// check account permissions in case of emails
if ($manager instanceof MailContents) {
$maccTableName = MailAccountUsers::instance()->getTableName(true);
$str .= "\n OR EXISTS(SELECT `id` FROM {$maccTableName} WHERE `account_id` = {$object_table_name}.`account_id` AND `user_id` = {$user_id})";
if (user_config_option('view deleted accounts emails', null, $user_id)) {
$str .= "\n OR ((SELECT count(*) FROM `" . TABLE_PREFIX . "mail_accounts` WHERE `id` = {$object_table_name}.`account_id`) = 0) AND `created_by_id` = {$user_id}";
}
}
$hookargs = array('manager' => $manager, 'access_level' => $access_level, 'user' => $user, 'project_id' => $project_id, 'table_alias' => $table_alias);
Hook::fire('permissions_sql', $hookargs, $str);
return ' (' . $str . ') ';
}
/**
* Return manager instance
*
* @access protected
* @param void
* @return ObjectUserPermission
*/
function manager()
{
if (!$this->manager instanceof ObjectUserPermissions) {
$this->manager = ObjectUserPermissions::instance();
}
return $this->manager;
}
/**
* This function will return paginated result. Result is an array where first element is
* array of returned object and second populated pagination object that can be used for
* obtaining and rendering pagination data using various helpers.
*
* Items and pagination array vars are indexed with 0 for items and 1 for pagination
* because you can't use associative indexing with list() construct
*
* @access public
* @param array $arguments Query argumens (@see find()) Limit and offset are ignored!
* @param integer $items_per_page Number of items per page
* @param integer $current_page Current page number
* @return array
*/
function paginate($arguments = null, $items_per_page = 10, $current_page = 1)
{
if (isset($this) && instance_of($this, 'ObjectUserPermissions')) {
return parent::paginate($arguments, $items_per_page, $current_page);
} else {
return ObjectUserPermissions::instance()->paginate($arguments, $items_per_page, $current_page);
//$instance =& ObjectUserPermissions::instance();
//return $instance->paginate($arguments, $items_per_page, $current_page);
}
// if
}