コード例 #1
0
 public static function beforeViewDataQuery(&$select, &$filter, &$group, &$order, &$limit, &$options, &$runtime)
 {
     if (!isset($select['CRM_LEAD_COMPANY_BY_ID'])) {
         foreach ($select as $k => $v) {
             if (strpos($k, 'CRM_LEAD_COMPANY_BY_') === 0) {
                 $select['CRM_LEAD_COMPANY_BY_ID'] = 'COMPANY_BY.ID';
                 break;
             }
         }
     }
     // HACK: Switch to order by STAGE_BY.SORT instead STAGE_BY.STATUS_ID
     // We are trying to adhere user defined sort rules.
     if (isset($order['STATUS_ID'])) {
         $select['CRM_LEAD_STATUS_BY_SORT'] = 'STATUS_BY.SORT';
         $order['CRM_LEAD_STATUS_BY_SORT'] = $order['STATUS_ID'];
         unset($order['STATUS_ID']);
     }
     if (!isset($select['CRM_LEAD_CONTACT_BY_ID'])) {
         foreach ($select as $k => $v) {
             if (strpos($k, 'CRM_LEAD_CONTACT_BY_') === 0) {
                 $select['CRM_LEAD_CONTACT_BY_ID'] = 'CONTACT_BY.ID';
                 break;
             }
         }
     }
     if (!isset($select['CRM_LEAD_CRM_PRODUCT_ROW_LEAD_OWNER_IBLOCK_ELEMENT_ID'])) {
         foreach ($select as $k => $v) {
             if (strpos($k, 'CRM_LEAD_CRM_PRODUCT_ROW_LEAD_OWNER_IBLOCK_ELEMENT_') === 0) {
                 $select['CRM_LEAD_CRM_PRODUCT_ROW_LEAD_OWNER_IBLOCK_ELEMENT_ID'] = 'ProductRow:LEAD_OWNER.IBLOCK_ELEMENT.ID';
                 $select['CRM_LEAD_CRM_PRODUCT_ROW_LEAD_OWNER_IBLOCK_ELEMENT_IBLOCK_ID'] = 'ProductRow:LEAD_OWNER.IBLOCK_ELEMENT.IBLOCK_ID';
                 break;
             }
         }
     }
     // permission
     $addClause = CCrmLead::BuildPermSql('crm_lead');
     if ($addClause === false) {
         // access dinied
         $filter = array($filter, '=ID' => '0');
     } elseif (!empty($addClause)) {
         global $DB;
         // HACK: add escape chars for ORM
         $addClause = str_replace('crm_lead.ID', $DB->escL . 'crm_lead' . $DB->escR . '.ID', $addClause);
         $filter = array($filter, '=IS_ALLOWED' => '1');
         $runtime['IS_ALLOWED'] = array('data_type' => 'integer', 'expression' => array('CASE WHEN ' . $addClause . ' THEN 1 ELSE 0 END'));
     }
 }
コード例 #2
0
ファイル: crm_activity.php プロジェクト: mrdeadmouse/u136006
 public static function BuildPermSql($aliasPrefix = 'A', $permType = 'READ', $arOptions = array())
 {
     if (!is_array($arOptions)) {
         $arOptions = array();
     }
     $userPermissions = isset($arOptions['PERMS']) ? $arOptions['PERMS'] : null;
     $userID = $userPermissions !== null && is_object($userPermissions) ? $userPermissions->GetUserID() : 0;
     if (CCrmPerms::IsAdmin($userID)) {
         return '';
     }
     if (!CCrmPerms::IsAccessEnabled($userPermissions)) {
         // User does not have permissions at all.
         return false;
     }
     $entitiesSql = array();
     $permOptions = array_merge(array('IDENTITY_COLUMN' => 'OWNER_ID'), $arOptions);
     $entitiesSql[strval(CCrmOwnerType::Lead)] = CCrmLead::BuildPermSql($aliasPrefix, $permType, $permOptions);
     $entitiesSql[strval(CCrmOwnerType::Deal)] = CCrmDeal::BuildPermSql($aliasPrefix, $permType, $permOptions);
     $entitiesSql[strval(CCrmOwnerType::Contact)] = CCrmContact::BuildPermSql($aliasPrefix, $permType, $permOptions);
     $entitiesSql[strval(CCrmOwnerType::Company)] = CCrmCompany::BuildPermSql($aliasPrefix, $permType, $permOptions);
     $entitiesSql[strval(CCrmOwnerType::Invoice)] = CCrmInvoice::BuildPermSql($aliasPrefix, $permType, $permOptions);
     foreach ($entitiesSql as $entityTypeID => $entitySql) {
         if (!is_string($entitySql)) {
             //If $entityPermSql is not string - acces denied. Clear permission SQL and related records will be ignored.
             unset($entitiesSql[$entityTypeID]);
             continue;
         }
         if ($entitySql !== '') {
             $entitiesSql[$entityTypeID] = '(' . $aliasPrefix . '.OWNER_TYPE_ID = ' . $entityTypeID . ' AND (' . $entitySql . ') )';
         } else {
             // No permissions check - fetch all related records
             $entitiesSql[$entityTypeID] = '(' . $aliasPrefix . '.OWNER_TYPE_ID = ' . $entityTypeID . ')';
         }
     }
     //If $entitiesSql is empty - user does not have permissions at all.
     if (empty($entitiesSql)) {
         return false;
     }
     $userID = CCrmSecurityHelper::GetCurrentUserID();
     if ($userID > 0) {
         //Allow responsible user to view activity without permissions check.
         return $aliasPrefix . '.RESPONSIBLE_ID = ' . $userID . ' OR ' . implode(' OR ', $entitiesSql);
     } else {
         return implode(' OR ', $entitiesSql);
     }
 }
コード例 #3
0
ファイル: crm_event.php プロジェクト: DarneoStudio/bitrix
 public static function BuildPermSql($aliasPrefix = 'CE', $permType = 'READ')
 {
     if (empty($arFilter['ENTITY_TYPE'])) {
         $arEntity = array(CCrmOwnerType::LeadName, CCrmOwnerType::DealName, CCrmOwnerType::QuoteName, CCrmOwnerType::ContactName, CCrmOwnerType::CompanyName);
     } elseif (isset($arFilter['ENTITY_TYPE']) && is_array($arFilter['ENTITY_TYPE'])) {
         $arEntity = $arFilter['ENTITY_TYPE'];
     } else {
         $arEntity = array($arFilter['ENTITY_TYPE']);
     }
     $entitiesSql = array();
     $permOptions = array('IDENTITY_COLUMN' => 'ENTITY_ID');
     foreach ($arEntity as $entityType) {
         if ($entityType === CCrmOwnerType::LeadName) {
             $entitiesSql[CCrmOwnerType::LeadName] = CCrmLead::BuildPermSql('CER', $permType, $permOptions);
         } elseif ($entityType === CCrmOwnerType::DealName) {
             $entitiesSql[CCrmOwnerType::DealName] = CCrmDeal::BuildPermSql('CER', $permType, $permOptions);
         } elseif ($entityType === CCrmOwnerType::QuoteName) {
             $entitiesSql[CCrmOwnerType::QuoteName] = CCrmQuote::BuildPermSql('CER', $permType, $permOptions);
         } elseif ($entityType === CCrmOwnerType::ContactName) {
             $entitiesSql[CCrmOwnerType::ContactName] = CCrmContact::BuildPermSql('CER', $permType, $permOptions);
         } elseif ($entityType === CCrmOwnerType::CompanyName) {
             $entitiesSql[CCrmOwnerType::CompanyName] = CCrmCompany::BuildPermSql('CER', $permType, $permOptions);
         }
     }
     foreach ($entitiesSql as $entityType => $entitySql) {
         if (!is_string($entitySql)) {
             //If $entityPermSql is not string - acces denied. Clear permission SQL and related records will be ignored.
             unset($entitiesSql[$entityType]);
             continue;
         }
         if ($entitySql !== '') {
             $entitiesSql[$entityType] = "(CER.ENTITY_TYPE = '{$entityType}' AND ({$entitySql}))";
         } else {
             // No permissions check - fetch all related records
             $entitiesSql[$entityType] = "(CER.ENTITY_TYPE = '{$entityType}')";
         }
     }
     //If $entitiesSql is empty - user does not have permissions at all.
     if (empty($entitiesSql)) {
         return false;
     }
     return implode(' OR ', $entitiesSql);
 }