/**
* The client CAN use the information contained in
* $response['manage_permission'] to make decisions such as whether or not to
* allow the current user to edit the set of groups in the store.
* @param Array $params Client input parameters
* @return $response for the client.
*/
protected function actionSelectedStore($params)
{
$currentPermissionLevel = \GO\Base\Model\Acl::getUserPermissionLevel($params['model_id'], \GO::user()->id);
$response['manage_permission'] = $params['currentUserHasManagePermission'] = \GO\Base\Model\Acl::hasPermission($currentPermissionLevel, \GO\Base\Model\Acl::MANAGE_PERMISSION);
$response = array_merge($response, parent::actionSelectedStore($params));
return $response;
}
<?php
$GO_SCRIPTS_JS .= 'GO.addressbook.lang.defaultSalutationExpression="' . \GO\Base\Util\String::escape_javascript(\GO::t('defaultSalutation', 'addressbook')) . '";';
$export_acl_id = \GO::config()->get_setting('go_addressbook_export', 0);
if (!$export_acl_id) {
$acl = new \GO\Base\Model\Acl();
$acl->description = 'addressbook_export';
$acl->save();
$export_acl_id = $acl->id;
\GO::config()->save_setting('go_addressbook_export', $acl->id, 0);
}
$GO_SCRIPTS_JS .= 'GO.addressbook.export_acl_id="' . $export_acl_id . '";';
$acl_level = \GO\Base\Model\Acl::getUserPermissionLevel($export_acl_id, \GO::user()->id);
$GO_SCRIPTS_JS .= 'GO.addressbook.exportPermission="' . ($acl_level ? 1 : 0) . '";';
if (\GO::modules()->customfields) {
$GO_SCRIPTS_JS .= '
GO.customfields.settingsPanels={
name: "' . \GO\Addressbook\Model\Contact::model()->localizedName . '",
panels: []
};' . "\n";
$stmt = \GO\Users\Model\CfSettingTab::model()->getSettingTabs();
while ($category = $stmt->fetch()) {
$fields = array();
$fstmt = $category->fields();
while ($field = $fstmt->fetch()) {
$fields[] = $field->toJsonArray();
}
// Makes global, client-side, editable form panels for every customfield category
$GO_SCRIPTS_JS .= "\n\n" . 'GO.customfields.settingsPanels.panels.push({xtype : "customformpanel", itemId:"cf-panel-' . $category->id . '", category_id: ' . $category->id . ', title : "' . htmlspecialchars($category->name, ENT_QUOTES, 'UTF-8') . '", customfields : ' . json_encode($fields) . '});' . "\n";
}
private function _getContactInfo(\GO\Email\Model\ImapMessage $imapMessage, $params, $response)
{
$response['sender_contact_id'] = 0;
$response['sender_company_id'] = 0;
$response['allow_quicklink'] = 1;
$response['contact_name'] = "";
$response['contact_thumb_url'] = GO::config()->host . 'modules/addressbook/themes/Default/images/unknown-person.png';
$useQL = GO::config()->allow_quicklink;
$response['allow_quicklink'] = $useQL ? 1 : 0;
$contact = \GO\Addressbook\Model\Contact::model()->findSingleByEmail($response['sender']);
if (!empty($contact)) {
$response['contact_thumb_url'] = $contact->getPhotoThumbURL();
if ($useQL) {
$response['sender_contact_id'] = $contact->id;
$response['contact_name'] = $contact->name . ' (' . $contact->addressbook->name . ')';
$company = $contact->company;
if (!empty($company) && Acl::getUserPermissionLevel($company->addressbook->acl_id) >= Acl::WRITE_PERMISSION) {
$response['sender_company_id'] = $company->id;
$response['company_name'] = $company->name . ' (' . $company->addressbook->name . ')';
}
if (GO::modules()->savemailas) {
$contactLinkedMessage = \GO\Savemailas\Model\LinkedEmail::model()->findByImapMessage($imapMessage, $contact);
$response['contact_linked_message_id'] = $contactLinkedMessage && $contactLinkedMessage->linkExists($contact) ? $contactLinkedMessage->id : 0;
if (!empty($company)) {
$companyLinkedMessage = \GO\Savemailas\Model\LinkedEmail::model()->findByImapMessage($imapMessage, $company);
$response['company_linked_message_id'] = $companyLinkedMessage && $companyLinkedMessage->linkExists($company) ? $companyLinkedMessage->id : 0;
}
}
}
}
return $response;
}
/**
* Check the ACL permission levels manually added by addRequiredPermissionLevel();
*
* @param string $action
* @return boolean
*/
private function _checkRequiredPermissionLevels($action)
{
//check action permission
if (isset($this->requiredPermissionLevels[$action])) {
$permLevel = Acl::getUserPermissionLevel($this->requiredPermissionLevels[$action]['aclId']);
return Acl::getUserPermissionLevel($permLevel, $this->requiredPermissionLevels[$action]['requiredPermissionLevel']);
} elseif ($action != '*') {
return $this->_checkRequiredPermissionLevels('*');
} else {
return true;
}
}
/**
* Check when the permissions level was before moving the object to a differend
* related ACL object eg. moving contact to different addressbook
* @param int $level permissio nlevel to check for
* @return boolean if the user has the specified level
* @throws Exception if the ACL is not found
*/
public function checkOldPermissionLevel($level)
{
$arr = explode('.', $this->aclField());
$relation = array_shift($arr);
$r = $this->getRelation($relation);
$aclFKfield = $r['field'];
$oldValue = $this->getOldAttributeValue($aclFKfield);
if (empty($oldValue)) {
return true;
}
//TODO: check if above code is needed (test by moving contact to differend addresbook)
$acl_id = $this->_getOldParentAclId();
$result = \GO\Base\Model\Acl::getUserPermissionLevel($acl_id) >= $level;
return $result;
}
public static function hasFreebusyAccess($request_user_id, $target_user_id)
{
$fbAcl = FreebusypermissionsModule::getFreeBusyAcl($target_user_id);
return \GO\Base\Model\Acl::getUserPermissionLevel($fbAcl->acl_id, $request_user_id) > 0;
}
public function getPermissionLevel()
{
if (\GO::$ignoreAclPermissions) {
return \GO\Base\Model\Acl::MANAGE_PERMISSION;
}
if (!$this->aclField()) {
return -1;
}
if (!\GO::user()) {
return false;
}
//if($this->isNew && !$this->joinAclField){
if (empty($this->{$this->aclField()}) && !$this->getIsJoinedAclField()) {
//the new model has it's own ACL but it's not created yet.
//In this case we will check the module permissions.
$module = $this->getModule();
if ($module == 'base') {
return \GO::user()->isAdmin() ? \GO\Base\Model\Acl::MANAGE_PERMISSION : false;
} else {
return \GO::modules()->{$module}->permissionLevel;
}
} else {
if (!isset($this->_permissionLevel)) {
$acl_id = $this->findAclId();
if (!$acl_id) {
throw new \Exception("Could not find ACL for " . $this->className() . " with pk: " . $this->pk);
}
$this->_permissionLevel = \GO\Base\Model\Acl::getUserPermissionLevel($acl_id);
// model()->findByPk($acl_id)->getUserPermissionLevel();
}
return $this->_permissionLevel;
}
}
public function actionPermissionsStore($params)
{
//check access to users or groups module. Because we allow this action without
//access to the modules module
if ($params['paramIdType'] == 'groupId') {
if (!GO::modules()->groups) {
throw new \GO\Base\Exception\AccessDenied();
}
} else {
if (!GO::modules()->users) {
throw new \GO\Base\Exception\AccessDenied();
}
}
$response = new JsonResponse(array('success' => true, 'results' => array(), 'total' => 0));
$modules = array();
$mods = GO::modules()->getAllModules();
while ($module = array_shift($mods)) {
$permissionLevel = 0;
$usersGroupPermissionLevel = false;
if (empty($params['id'])) {
$aclUsersGroup = $module->acl->hasGroup(GO::config()->group_everyone);
// everybody group
$permissionLevel = $usersGroupPermissionLevel = $aclUsersGroup ? $aclUsersGroup->level : 0;
} else {
if ($params['paramIdType'] == 'groupId') {
//when looking at permissions from the groups module.
$aclUsersGroup = $module->acl->hasGroup($params['id']);
$permissionLevel = $aclUsersGroup ? $aclUsersGroup->level : 0;
} else {
//when looking from the users module
$permissionLevel = Acl::getUserPermissionLevel($module->acl_id, $params['id']);
$usersGroupPermissionLevel = Acl::getUserPermissionLevel($module->acl_id, $params['id'], true);
}
}
$translated = $module->moduleManager ? $module->moduleManager->name() : $module->id;
// Module permissions only support read permission and manage permission:
if (Acl::hasPermission($permissionLevel, Acl::CREATE_PERMISSION)) {
$permissionLevel = Acl::MANAGE_PERMISSION;
}
$modules[$translated] = array('id' => $module->id, 'name' => $translated, 'permissionLevel' => $permissionLevel, 'disable_none' => $usersGroupPermissionLevel !== false && Acl::hasPermission($usersGroupPermissionLevel, Acl::READ_PERMISSION), 'disable_use' => $usersGroupPermissionLevel !== false && Acl::hasPermission($usersGroupPermissionLevel, Acl::CREATE_PERMISSION));
$response['total'] += 1;
}
ksort($modules);
$response['results'] = array_values($modules);
echo $response;
}
public static function userHasPermission($userId)
{
$level = \GO\Base\Model\Acl::getUserPermissionLevel(\GO::modules()->leavedays->acl_id, $userId);
return $level >= \GO\Base\Model\Acl::READ_PERMISSION;
}
