/**
** Overload of the w2PObject::getAllowedRecords
** to ensure that the allowed projects are owned by allowed companies.
**
** @author handco <*****@*****.**>
** @see w2PObject::getAllowedRecords
**/
public function getAllowedRecords($uid, $fields = '*', $orderby = '', $index = null, $extra = null)
{
global $AppUI;
$oCpy = new CCompany();
$aCpies = $oCpy->getAllowedRecords($uid, 'company_id, company_name');
if (count($aCpies)) {
$buffer = '(contact_company IN (' . implode(',', array_keys($aCpies)) . ') OR contact_company IS NULL OR contact_company = \'\' OR contact_company = 0)';
//Department permissions
$oDpt = new CDepartment();
$aDpts = $oDpt->getAllowedRecords($uid, 'dept_id, dept_name');
if (count($aDpts)) {
$dpt_buffer = '(contact_department IN (' . implode(',', array_keys($aDpts)) . ') OR contact_department = 0)';
} else {
// There are no allowed departments, so allow projects with no department.
$dpt_buffer = '(contact_department = 0)';
}
if ($extra['where'] != '') {
$extra['where'] = $extra['where'] . ' AND ' . $buffer . ' AND ' . $dpt_buffer;
} else {
$extra['where'] = $buffer . ' AND ' . $dpt_buffer;
}
} else {
// There are no allowed companies, so don't allow projects.
if ($extra['where'] != '') {
$extra['where'] = $extra['where'] . ' AND (contact_company IS NULL OR contact_company = \'\' OR contact_company = 0) ';
} else {
$extra['where'] = 'contact_company IS NULL OR contact_company = \'\' OR contact_company = 0';
}
}
return parent::getAllowedRecords($uid, $fields, $orderby, $index, $extra);
}
/**
* Overload of the w2PObject::getDeniedRecords
* to ensure that the projects owned by denied companies are denied.
*
* @author handco <*****@*****.**>
* @see w2PObject::getAllowedRecords
*/
public function getDeniedRecords($uid)
{
$aBuf1 = parent::getDeniedRecords($uid);
$oCpy = new CCompany();
// Retrieve which projects are allowed due to the company rules
$aCpiesAllowed = $oCpy->getAllowedRecords($uid, 'company_id,company_name');
//Department permissions
$oDpt = new CDepartment();
$aDptsAllowed = $oDpt->getAllowedRecords($uid, 'dept_id,dept_name');
$q = $this->_query;
$q->addTable('projects');
$q->addQuery('projects.project_id');
$q->addJoin('project_departments', 'pd', 'pd.project_id = projects.project_id');
if (count($aCpiesAllowed)) {
if (array_search('0', $aCpiesAllowed) === false) {
//If 0 (All Items of a module) are not permited then just add the allowed items only
$q->addWhere('NOT (project_company IN (' . implode(',', array_keys($aCpiesAllowed)) . '))');
} else {
//If 0 (All Items of a module) are permited then don't add a where clause so the user is permitted to see all
}
} else {
//if the user is not allowed any company then lets shut him off
$q->addWhere('0=1');
}
if (count($aDptsAllowed)) {
if (array_search('0', $aDptsAllowed) === false) {
//If 0 (All Items of a module) are not permited then just add the allowed items only
$q->addWhere('NOT (department_id IN (' . implode(',', array_keys($aDptsAllowed)) . '))');
} else {
//If 0 (All Items of a module) are permited then don't add a where clause so the user is permitted to see all
$q->addWhere('NOT (department_id IS NULL)');
}
} else {
//If 0 (All Items of a module) are permited then don't add a where clause so the user is permitted to see all
$q->addWhere('NOT (department_id IS NULL)');
}
$aBuf2 = $q->loadColumn();
$q->clear();
return array_merge($aBuf1, $aBuf2);
}