public static function GetFilter($arFilter, $sAliasPrefix = "", $arParams = false) { global $USER; if (!is_array($arFilter)) { $arFilter = array(); } $arSqlSearch = array(); if (is_array($arParams) && array_key_exists('USER_ID', $arParams) && $arParams['USER_ID'] > 0) { $userID = (int) $arParams['USER_ID']; } else { $userID = is_object($USER) ? intval($USER->GetID()) : 0; } $bGetZombie = false; if (isset($arParams['bGetZombie'])) { $bGetZombie = (bool) $arParams['bGetZombie']; } // if TRUE will be generated constraint for members $bMembersTableJoined = false; if (isset($arParams['bMembersTableJoined'])) { $bMembersTableJoined = (bool) $arParams['bMembersTableJoined']; } $sql = self::GetSqlByFilter($arFilter, $userID, $sAliasPrefix, $bGetZombie, $bMembersTableJoined); if (strlen($sql)) { $arSqlSearch[] = $sql; } if (!CTasksTools::IsAdmin($userID) && !CTasksTools::IsPortalB24Admin($userID) && $arFilter["CHECK_PERMISSIONS"] != "N" && $arFilter["SUBORDINATE_TASKS"] != "Y") { $arSubSqlSearch = array($sAliasPrefix . "T.CREATED_BY = " . $userID, $sAliasPrefix . "T.RESPONSIBLE_ID = " . $userID, "EXISTS(SELECT 'x' FROM b_tasks_member " . $sAliasPrefix . "TM WHERE " . $sAliasPrefix . "TM.TASK_ID = " . $sAliasPrefix . "T.ID AND " . $sAliasPrefix . "TM.USER_ID = " . $userID . ")"); // subordinate check if ($strSql = CTasks::GetSubordinateSql($sAliasPrefix, $arParams)) { $arSubSqlSearch[] = "EXISTS(" . $strSql . ")"; } // group permission check if ($arAllowedGroups = CTasks::GetAllowedGroups($arParams)) { $arSubSqlSearch[] = "(" . $sAliasPrefix . "T.GROUP_ID IN (" . implode(",", $arAllowedGroups) . "))"; } $arSqlSearch[] = " \n -- permissions check: start\n (" . implode(" OR ", $arSubSqlSearch) . ") \n -- permissions check: end\n"; } return $arSqlSearch; }
public static function beforeViewDataQuery(&$select, &$filter, &$group, &$order, &$limit, &$options, &$runtime) { parent::beforeViewDataQuery($select, $filter, $group, $order, $limit, $options, $runtime); global $USER, $DB, $DBType; $permFilter = array('LOGIC' => 'OR'); // owner permission if (isset($_GET['select_my_tasks']) || !isset($_GET['select_my_tasks']) && !isset($_GET['select_depts_tasks']) && !isset($_GET['select_group_tasks'])) { $runtime['IS_TASK_COWORKER'] = array('data_type' => 'integer', 'expression' => array("(CASE WHEN EXISTS(" . "SELECT 'x' FROM b_tasks_member TM " . "WHERE TM.TASK_ID = " . $DB->escL . (ToUpper($DBType) === "ORACLE" ? "TASKS_TASK" : "tasks_task") . $DB->escR . ".ID AND TM.USER_ID = " . $USER->GetID() . " AND TM.TYPE = 'A'" . ") THEN 1 ELSE 0 END)")); $permFilter[] = array('LOGIC' => 'OR', '=RESPONSIBLE_ID' => $USER->GetID(), '=IS_TASK_COWORKER' => 1); } // own departments permission if (isset($_GET['select_depts_tasks'])) { $permFilterDepts = array('LOGIC' => 'OR', '=CREATED_BY' => $USER->GetID()); $deptsPermSql = CTasks::GetSubordinateSql('__ULTRAUNIQUEPREFIX__'); if (strlen($deptsPermSql)) { $deptsPermSql = "EXISTS(" . $deptsPermSql . ")"; $deptsPermSql = str_replace('__ULTRAUNIQUEPREFIX__T.', $DB->escL . (ToUpper($DBType) === "ORACLE" ? "TASKS_TASK" : "tasks_task") . $DB->escR . '.', $deptsPermSql); $deptsPermSql = str_replace('__ULTRAUNIQUEPREFIX__', '', $deptsPermSql); $runtime['IS_SUBORDINATED_TASK'] = array('data_type' => 'integer', 'expression' => array("(CASE WHEN " . $deptsPermSql . " THEN 1 ELSE 0 END)")); $permFilterDepts[] = array('!RESPONSIBLE_ID' => $USER->GetID(), '=IS_SUBORDINATED_TASK' => 1); } $permFilter[] = $permFilterDepts; } // group permission if (isset($_GET['select_group_tasks'])) { $allowedGroups = CTasks::GetAllowedGroups(); $permFilter[] = array('=GROUP_ID' => $allowedGroups); } // re-aggregate aggregated subquery in DURATION for mssql if (\Bitrix\Main\Application::getConnection() instanceof \Bitrix\Main\DB\MssqlConnection) { foreach ($select as $k => $v) { if (substr($k, -9) == '_DURATION') { // we have aggregated duration $subQuery = new \Bitrix\Main\Entity\Query(\Bitrix\Tasks\ElapsedTimeTable::getEntity()); $subQuery->addSelect('TASK_ID'); $subQuery->addSelect(new \Bitrix\Main\Entity\ExpressionField('DURATION', 'ROUND(SUM(%s)/60, 0)', 'SECONDS')); $subEntity = \Bitrix\Main\Entity\Base::getInstanceByQuery($subQuery); // make reference $subReferenceName = $k . '_REF'; $runtime[$subReferenceName] = array('data_type' => $subEntity, 'reference' => array('=this.ID' => 'ref.TASK_ID')); // rewrite aggregated duration (put it in the end, after refence) $runtimeField = $runtime[$k]; unset($runtime[$k]); $runtimeField['expression'][1] = $subReferenceName . '.DURATION'; $runtime[$k] = $runtimeField; } else { if (substr($k, -20) == '_DURATION_FOR_PERIOD' && isset($options['SQL_TIME_INTERVAL'])) { // we have aggregated DURATION_FOR_PERIOD field $subQuery = new \Bitrix\Main\Entity\Query(\Bitrix\Tasks\ElapsedTimeTable::getEntity()); $subQuery->addSelect('TASK_ID'); $subQuery->addSelect(new \Bitrix\Main\Entity\ExpressionField('DURATION_FOR_PERIOD', 'ROUND((SUM(CASE WHEN CREATED_DATE ' . $options['SQL_TIME_INTERVAL'] . ' THEN %s ELSE 0 END)/60),0)', 'SECONDS')); $subEntity = \Bitrix\Main\Entity\Base::getInstanceByQuery($subQuery); // make reference $subReferenceName = $k . '_REF'; $runtime[$subReferenceName] = array('data_type' => $subEntity, 'reference' => array('=this.ID' => 'ref.TASK_ID')); // rewrite aggregated duration (put it in the end, after refence) $runtimeField = $runtime[$k]; unset($runtime[$k]); $runtimeField['expression'][1] = $subReferenceName . '.DURATION_FOR_PERIOD'; $runtime[$k] = $runtimeField; } } } } // concat permissions with common filter $filter[] = $permFilter; }
public static function getPermissionFilterConditions($arParams, $behaviour = array('ALIAS' => '', 'USE_PLACEHOLDERS' => false)) { global $USER; if (!is_array($behaviour)) { $behaviour = array(); } if (!isset($behaviour['ALIAS'])) { $behaviour['ALIAS'] = ''; } if (!isset($behaviour['USE_PLACEHOLDERS'])) { $behaviour['USE_PLACEHOLDERS'] = false; } $arSubSqlSearch = array(); $fields = array(); $a = $behaviour['ALIAS']; $b = $behaviour; $f =& $fields; if (is_array($arParams) && array_key_exists('USER_ID', $arParams) && $arParams['USER_ID'] > 0) { $userID = (int) $arParams['USER_ID']; } else { $userID = is_object($USER) ? intval($USER->GetID()) : 0; } if (!CTasksTools::IsAdmin($userID) && !CTasksTools::IsPortalB24Admin($userID)) { $arSubSqlSearch = array(static::placeFieldSql('CREATED_BY', $b, $f) . " = '" . $userID . "'", static::placeFieldSql('RESPONSIBLE_ID', $b, $f) . " = '" . $userID . "'", "EXISTS(\n\t\t\t\t\tSELECT 'x' \n\t\t\t\t\tFROM b_tasks_member " . $a . "TM \n\t\t\t\t\tWHERE \n\t\t\t\t\t\t" . $a . "TM.TASK_ID = " . static::placeFieldSql('ID', $b, $f) . " AND " . $a . "TM.USER_ID = '" . $userID . "'\n\t\t\t\t)"); // subordinate check $arParams['FIELDS'] =& $fields; if ($strSql = CTasks::GetSubordinateSql($a, $arParams, $behaviour)) { $arSubSqlSearch[] = "EXISTS(" . $strSql . ")"; } // group permission check if ($arAllowedGroups = CTasks::GetAllowedGroups($arParams)) { $arSubSqlSearch[] = "(" . static::placeFieldSql('GROUP_ID', $b, $f) . " IN (" . implode(",", $arAllowedGroups) . "))"; } } return array($arSubSqlSearch, $fields); }