function OnSearchCheckPermissions($FIELD)
{
global $USER;
$CCrmPerms = new CCrmPerms($USER->GetID());
$arAttr['LEAD'] = $CCrmPerms->GetUserAttrForSelectEntity('LEAD', 'READ');
$arAttr['DEAL'] = $CCrmPerms->GetUserAttrForSelectEntity('DEAL', 'READ');
$arAttr['INVOICE'] = $CCrmPerms->GetUserAttrForSelectEntity('INVOICE', 'READ');
$arAttr['QUOTE'] = $CCrmPerms->GetUserAttrForSelectEntity('QUOTE', 'READ');
$arAttr['CONTACT'] = $CCrmPerms->GetUserAttrForSelectEntity('CONTACT', 'READ');
$arAttr['COMPANY'] = $CCrmPerms->GetUserAttrForSelectEntity('COMPANY', 'READ');
$arRel = array();
foreach ($arAttr as $ENTITY_TYPE => $_arRel) {
foreach ($_arRel as $arRelType) {
if (empty($arRelType)) {
$arRel[] = $ENTITY_TYPE;
continue;
}
$arattr_d = array();
$sattr_s = '';
$sattr_u = '';
$sattr_o = '';
foreach ($arRelType as $_s) {
if ($_s[0] == 'U') {
$sattr_u = $_s;
} else {
if ($_s[0] == 'D') {
$arattr_d[] = $_s;
} else {
if ($_s[0] == 'S') {
$sattr_s = $_s;
} else {
if ($_s[0] == 'O') {
$sattr_o = $_s;
}
}
}
}
}
$sattr = $ENTITY_TYPE;
if (!empty($arattr_d)) {
foreach ($arattr_d as $sattr_d) {
$sattr = $sattr_u !== '' ? "{$ENTITY_TYPE}_{$sattr_u}_{$sattr_d}" : "{$ENTITY_TYPE}_{$sattr_d}";
if (!empty($sattr_s)) {
$sattr .= '_' . $sattr_s;
}
$arRel[] = $sattr;
}
if (!empty($sattr_o)) {
$sattr .= '_' . $sattr_o;
$arRel[] = $sattr;
}
} else {
if (!empty($sattr_u)) {
$sattr .= '_' . $sattr_u;
}
if (!empty($sattr_s)) {
$sattr .= '_' . $sattr_s;
}
if (!empty($sattr_o)) {
$sattr .= '_' . $sattr_o;
}
$arRel[] = $sattr;
}
}
}
return $arRel;
}
public static function GetList($arSort = array(), $arFilter = array(), $nPageTop = false)
{
global $DB, $USER;
$currentUser = isset($USER) && (get_class($USER) === 'CUser' || $USER instanceof CUser) ? $USER : new CUser();
$arSqlSearch = array();
$strSqlSearch = "";
$err_mess = self::err_mess() . '<br />Function: GetList<br />Line: ';
if (isset($arFilter['ENTITY'])) {
$ar = explode('_', $arFilter['ENTITY']);
$arFilter['ENTITY_TYPE'] = CUserTypeCrm::GetLongEntityType($ar[0]);
$arFilter['ENTITY_ID'] = intval($ar[1]);
unset($arFilter['ENTITY']);
}
// permission check
$strPermission = "";
if (!$currentUser->IsAdmin()) {
$CCrmPerms = new CCrmPerms($currentUser->GetID());
$arUserAttr = array();
$arEntity = array();
if (empty($arFilter['ENTITY_TYPE'])) {
$arEntity = array('LEAD', 'DEAL', 'CONTACT', 'COMPANY', 'QUOTE');
} else {
if (is_array($arFilter['ENTITY_TYPE'])) {
$arEntity = $arFilter['ENTITY_TYPE'];
} else {
$arEntity = array($arFilter['ENTITY_TYPE']);
}
}
$arInEntity = array();
foreach ($arEntity as $sEntityType) {
$arEntityAttr = $CCrmPerms->GetUserAttrForSelectEntity($sEntityType, 'READ');
$arUserAttr[$sEntityType] = $arEntityAttr;
}
if (empty($arUserAttr)) {
$CDBResult = new CDBResult();
$CDBResult->InitFromArray(array());
return $CDBResult;
}
$arUserPerm = array();
foreach ($arUserAttr as $sEntityType => $_arAttrs) {
if (isset($_arAttrs[0]) && is_array($_arAttrs[0]) && empty($_arAttrs[0])) {
$arInEntity[] = $sEntityType;
continue;
}
foreach ($_arAttrs as $_arAttr) {
if (empty($_arAttr)) {
continue;
}
$_icnt = count($_arAttr);
$_idcnt = -1;
foreach ($_arAttr as $sAttr) {
if ($sAttr[0] == 'D') {
$_idcnt++;
}
}
if ($_icnt == 1 && ($_idcnt == 1 || $_idcnt == -1)) {
$_idcnt = 0;
}
$arUserPerm[] = "(P.ENTITY = '{$sEntityType}' AND SUM(CASE WHEN P.ATTR = '" . implode("' or P.ATTR = '", $_arAttr) . "' THEN 1 ELSE 0 END) = " . ($_icnt - $_idcnt) . ')';
}
}
$arPermission = array();
if (!empty($arInEntity)) {
$arPermission[] = " CER.ENTITY_TYPE IN ('" . implode("','", $arInEntity) . "')";
}
if (!empty($arUserPerm)) {
$arPermission[] = "\n\t\t\t\t\t\tEXISTS(\n\t\t\t\t\t\t\tSELECT 1\n\t\t\t\t\t\t\tFROM b_crm_entity_perms P\n\t\t\t\t\t\t\tWHERE P.ENTITY = CER.ENTITY_TYPE AND CER.ENTITY_ID = P.ENTITY_ID\n\t\t\t\t\t\t\tGROUP BY P.ENTITY, P.ENTITY_ID\n\t\t\t\t\t\t\tHAVING " . implode(" \n\t\t\t\t\t\t\t\tOR ", $arUserPerm) . "\n\t\t\t\t\t\t)";
}
if (!empty($arPermission)) {
$strPermission = 'AND (' . implode(' OR ', $arPermission) . ')';
}
}
$sOrder = '';
foreach ($arSort as $key => $val) {
$ord = strtoupper($val) != 'ASC' ? 'DESC' : 'ASC';
switch (strtoupper($key)) {
case 'ID':
$sOrder .= ', CER.ID ' . $ord;
break;
case 'CREATED_BY_ID':
$sOrder .= ', CE.CREATED_BY_ID ' . $ord;
break;
case 'EVENT_TYPE':
$sOrder .= ', CE.EVENT_TYPE ' . $ord;
break;
case 'ENTITY_TYPE':
$sOrder .= ', CER.ENTITY_TYPE ' . $ord;
break;
case 'ENTITY_ID':
$sOrder .= ', CER.ENTITY_ID ' . $ord;
break;
case 'EVENT_ID':
$sOrder .= ', CE.EVENT_ID ' . $ord;
break;
case 'DATE_CREATE':
$sOrder .= ', CE.DATE_CREATE ' . $ord;
break;
case 'EVENT_NAME':
$sOrder .= ', CE.EVENT_NAME ' . $ord;
break;
case 'ENTITY_FIELD':
$sOrder .= ', CER.ENTITY_FIELD ' . $ord;
break;
}
}
if (strlen($sOrder) <= 0) {
$sOrder = 'CER.ID DESC';
}
$strSqlOrder = ' ORDER BY ' . TrimEx($sOrder, ',');
// where
$arWhereFields = array('ID' => array('TABLE_ALIAS' => 'CER', 'FIELD_NAME' => 'CER.ID', 'FIELD_TYPE' => 'int', 'JOIN' => false), 'ENTITY_TYPE' => array('TABLE_ALIAS' => 'CER', 'FIELD_NAME' => 'CER.ENTITY_TYPE', 'FIELD_TYPE' => 'string', 'JOIN' => false), 'EVENT_REL_ID' => array('TABLE_ALIAS' => 'CER', 'FIELD_NAME' => 'CER.EVENT_ID', 'FIELD_TYPE' => 'string', 'JOIN' => false), 'EVENT_ID' => array('TABLE_ALIAS' => 'CE', 'FIELD_NAME' => 'CE.EVENT_ID', 'FIELD_TYPE' => 'string', 'JOIN' => false), 'CREATED_BY_ID' => array('TABLE_ALIAS' => 'CE', 'FIELD_NAME' => 'CE.CREATED_BY_ID', 'FIELD_TYPE' => 'int', 'JOIN' => false), 'ASSIGNED_BY_ID' => array('TABLE_ALIAS' => 'CER', 'FIELD_NAME' => 'CER.ASSIGNED_BY_ID', 'FIELD_TYPE' => 'int', 'JOIN' => false), 'EVENT_TYPE' => array('TABLE_ALIAS' => 'CE', 'FIELD_NAME' => 'CE.EVENT_TYPE', 'FIELD_TYPE' => 'string', 'JOIN' => false), 'EVENT_DESC' => array('TABLE_ALIAS' => 'CE', 'FIELD_NAME' => 'CE.EVENT_TEXT_1', 'FIELD_TYPE' => 'string', 'JOIN' => false), 'ENTITY_ID' => array('TABLE_ALIAS' => 'CER', 'FIELD_NAME' => 'CER.ENTITY_ID', 'FIELD_TYPE' => 'int', 'JOIN' => false), 'ENTITY_FIELD' => array('TABLE_ALIAS' => 'CER', 'FIELD_NAME' => 'CER.ENTITY_FIELD', 'FIELD_TYPE' => 'string', 'JOIN' => false), 'DATE_CREATE' => array('TABLE_ALIAS' => 'CE', 'FIELD_NAME' => 'CE.DATE_CREATE', 'FIELD_TYPE' => 'datetime', 'JOIN' => false));
$obQueryWhere = new CSQLWhere();
$obQueryWhere->SetFields($arWhereFields);
if (!is_array($arFilter)) {
$arFilter = array();
}
$sQueryWhereFields = $obQueryWhere->GetQuery($arFilter);
if (!empty($sQueryWhereFields)) {
$strSqlSearch .= "\n\t\t\t\tAND ({$sQueryWhereFields}) ";
}
$strSql = "\n\t\t\tSELECT\n\t\t\t\tCER.ID,\n\t\t\t\tCER.ENTITY_TYPE,\n\t\t\t\tCER.ENTITY_ID,\n\t\t\t\tCER.ENTITY_FIELD,\n\t\t\t\t" . $DB->DateToCharFunction('CE.DATE_CREATE') . " DATE_CREATE,\n\t\t\t\tCER.EVENT_ID,\n\t\t\t\tCE.EVENT_NAME,\n\t\t\t\tCE.EVENT_TYPE,\n\t\t\t\tCE.EVENT_TEXT_1,\n\t\t\t\tCE.EVENT_TEXT_2,\n\t\t\t\tCE.FILES,\n\t\t\t\tCE.CREATED_BY_ID,\n\t\t\t\tU.LOGIN as CREATED_BY_LOGIN,\n\t\t\t\tU.NAME as CREATED_BY_NAME,\n\t\t\t\tU.LAST_NAME as CREATED_BY_LAST_NAME,\n\t\t\t\tU.SECOND_NAME as CREATED_BY_SECOND_NAME\n\t\t\tFROM\n\t\t\t\tb_crm_event_relations CER,\n\t\t\t\tb_crm_event CE LEFT JOIN b_user U ON CE.CREATED_BY_ID = U.ID\n\t\t\tWHERE\n\t\t\t\tCER.EVENT_ID = CE.ID\n\t\t\t\t{$strSqlSearch}\n\t\t\t\t{$strPermission}\n\t\t\t\t{$strSqlOrder}";
if ($nPageTop !== false) {
$nPageTop = (int) $nPageTop;
$strSql = $DB->TopSql($strSql, $nPageTop);
}
$res = $DB->Query($strSql, false, $err_mess . __LINE__);
$res->SetUserFields(array('FILES' => array('MULTIPLE' => 'Y')));
return $res;
}