private function loadPanels($options) { if (!$this->panels) { $contact_pg_ids = ContactPermissionGroups::getPermissionGroupIdsByContactCSV(logged_user()->getId(), false); $this->panels = array(); $sql = "\r\n\t\t\t\tSELECT * FROM " . TABLE_PREFIX . "tab_panels \r\n\t\t\t\tWHERE \r\n\t\t\t\t\tenabled = 1 AND\t\t\t\t\t\r\n\t\t\t\t\t( \t\r\n\t\t\t\t\t\tplugin_id IS NULL OR plugin_id=0 OR\r\n\t\t\t\t\t\tplugin_id IN (SELECT id FROM " . TABLE_PREFIX . "plugins WHERE is_installed = 1 AND is_activated = 1) \r\n\t\t\t\t\t)\r\n\t\t\t\t\tAND id IN (SELECT tab_panel_id FROM " . TABLE_PREFIX . "tab_panel_permissions WHERE permission_group_id IN ({$contact_pg_ids}))\r\n\t\t\t\tORDER BY ordering ASC "; $res = DB::execute($sql); while ($row = $res->fetchRow()) { $object = array("title" => lang($row['title']), "id" => $row['id'], "quickAddTitle" => lang($row['default_controller']), "refreshOnWorkspaceChange" => (bool) $row['refresh_on_context_change'], "defaultController" => $row['default_controller'], "defaultContent" => array("type" => "url", "data" => get_url($row['default_controller'], $row['default_action'])), "enabled" => $row['enabled'], "type" => $row['type'], "tabTip" => lang($row['title'])); if (config_option('show_tab_icons')) { $object["iconCls"] = $row['icon_cls']; } if ($row['initial_controller'] && $row['initial_action']) { $object["initialContent"] = array("type" => "url", "data" => get_url($row['initial_controller'], $row['initial_action'])); } if ($row['id'] == 'more-panel' && config_option('getting_started_step') >= 99) { $object['closable'] = true; if (!user_config_option('settings_closed')) { $this->panels[] = $object; } } else { $this->panels[] = $object; } } } return $this->panels; }
/** * Render form control * * @param string $control_name * @return string */ function render($control_name) { $value = $this->getValue(); $dimensions = Dimensions::instance()->findAll(); $permission_group_ids = ContactPermissionGroups::getPermissionGroupIdsByContactCSV(logged_user()->getId(), false); $out = ''; foreach ($dimensions as $dim) { /* @var $dim Dimension */ if ($dim->getOptions(1) && isset($dim->getOptions(1)->hidden) && $dim->getOptions(1)->hidden) { continue; } if (!$dim->getDefinesPermissions() || !$dim->deniesAllForContact($permission_group_ids)) { if (array_search($dim->getId(), $value) !== false) { $checked = 1; } else { $checked = 0; } $out .= '<div class="dimension" >'; $out .= label_tag($dim->getName(), null, false, array('style' => 'display:inline;margin:10px;vertical-align:super;')); $out .= checkbox_field($control_name . '[' . $dim->getId() . ']', $checked); $out .= '</div >'; } } $out .= '<input type="hidden" name="' . $control_name . '[0]" value=" ">'; return $out; }
static function userHasSystemPermission(Contact $user, $system_permission) { if ($user->isAdministrator()) { return true; } if (array_var(self::$permission_cache, $user->getId())) { if (array_key_exists($system_permission, self::$permission_cache[$user->getId()])) { return array_var(self::$permission_cache[$user->getId()], $system_permission); } } if (array_var(self::$permission_group_ids_cache, $user->getId())) { $contact_pg_ids = self::$permission_group_ids_cache[$user->getId()]; } else { $contact_pg_ids = ContactPermissionGroups::getPermissionGroupIdsByContactCSV($user->getId(), false); self::$permission_group_ids_cache[$user->getId()] = $contact_pg_ids; } $permission = self::findOne(array('conditions' => "`{$system_permission}` = 1 AND `permission_group_id` IN ({$contact_pg_ids})")); if (!array_var(self::$permission_cache, $user->getId())) { self::$permission_cache[$user->getId()] = array(); } if (!array_key_exists($system_permission, self::$permission_cache[$user->getId()])) { self::$permission_cache[$user->getId()][$system_permission] = !is_null($permission); } if (!is_null($permission)) { return true; } return false; }
private function loadPanels($options) { if (! $this->panels) { $contact_pg_ids = ContactPermissionGroups::getPermissionGroupIdsByContactCSV(logged_user()->getId(),false); $this->panels = array(); $sql = " SELECT * FROM " . TABLE_PREFIX . "tab_panels WHERE enabled = 1 AND ( type = 'system' OR plugin_id IN (SELECT id FROM ".TABLE_PREFIX."plugins WHERE is_installed = 1 AND is_activated = 1) ) AND id IN (SELECT tab_panel_id FROM ".TABLE_PREFIX."tab_panel_permissions WHERE permission_group_id IN ($contact_pg_ids)) ORDER BY ordering ASC "; $res = DB::execute ( $sql ); while ( $row = $res->fetchRow () ) { $object = array ( "title" => lang($row ['title']), "id" => $row ['id'], "quickAddTitle" => lang ($row['default_controller']), "refreshOnWorkspaceChange" => (bool) $row ['refresh_on_context_change'] , "defaultController" => $row['default_controller'] , "defaultContent" => array ( "type" => "url", "data" => get_url ( $row ['default_controller'], $row ['default_action'] ) ), "enabled" => $row ['enabled'], "type" => $row ['type'], ); if (config_option('show_tab_icons')) { $object["iconCls"] = $row ['icon_cls']; } if ( $row ['initial_controller'] && $row['initial_action'] ) { $object["initialContent"] = array ( "type" => "url", "data" => get_url ( $row ['initial_controller'], $row ['initial_action'] ) ); } /* if ( $row['title'] == "overview" ) { $object["initialContent"] = array ( "type" => "url", "data" => ROOT_URL ); }*/ $this->panels [] = $object ; } } return $this->panels; }
/** * Render form control * * @param string $control_name * @return string */ function render($control_name) { $value = $this->getValue(); $dimensions = Dimensions::instance()->findAll(); $permission_group_ids = ContactPermissionGroups::getPermissionGroupIdsByContactCSV(logged_user()->getId(),false); $out = '' ; foreach ($dimensions as $dim) { /* @var $dim Dimension */ if ( $dim->getOptions(1) && isset($dim->getOptions(1)->hidden) && $dim->getOptions(1)->hidden ) { continue ; } if (!$dim->getDefinesPermissions() || !$dim->deniesAllForContact($permission_group_ids)) { if (array_search($dim->getId(), $value) !== false ){ $checked = 1 ; }else{ $checked = 0 ; } $out.='<div class="dimension" >'; $out.=label_tag($dim->getName()); $out.=checkbox_field($control_name.'['.$dim->getId().']',$checked ); $out.='</div >'; } } return $out ; }
static function userHasSystemPermission(Contact $user, $system_permission) { if ($user instanceof Contact && $user->isAdministrator()) { return true; } if (array_var(self::$permission_cache, $user->getId())) { if (array_key_exists($system_permission, self::$permission_cache[$user->getId()])) { return array_var(self::$permission_cache[$user->getId()], $system_permission); } } if (array_var(self::$permission_group_ids_cache, $user->getId())) { $contact_pg_ids = self::$permission_group_ids_cache[$user->getId()]; } else { $contact_pg_ids = ContactPermissionGroups::getPermissionGroupIdsByContactCSV($user->getId(), false); self::$permission_group_ids_cache[$user->getId()] = $contact_pg_ids; } $permission = self::findOne(array('conditions' => "`{$system_permission}` = 1 AND `permission_group_id` IN ({$contact_pg_ids})")); // check max system permission $max_role_system_permissions = MaxSystemPermissions::findOne(array('conditions' => 'permission_group_id = ' . $user->getUserType())); if ($max_role_system_permissions instanceof MaxSystemPermission) { $max_val = $max_role_system_permissions->getColumnValue($system_permission); if (!$max_val) { $permission = null; } } if (!array_var(self::$permission_cache, $user->getId())) { self::$permission_cache[$user->getId()] = array(); } if (!array_key_exists($system_permission, self::$permission_cache[$user->getId()])) { self::$permission_cache[$user->getId()][$system_permission] = !is_null($permission); } if (!is_null($permission)) { return true; } return false; }
/** * Returns a list of emails according to the requested parameters * * @param string $tag * @param array $attributes * @param Project $project * @return array */ function getEmails($account_id = null, $state = null, $read_filter = "", $classif_filter = "", $context = null, $start = null, $limit = null, $order_by = 'received_date', $dir = 'ASC', $join_params = null, $archived = false) { $mailTablePrefix = "e"; if (!$limit) $limit = user_config_option('mails_per_page') ? user_config_option('mails_per_page') : config_option('files_per_page'); $accountConditions = ""; // Check for accounts $accountConditions = ''; if (isset($account_id) && $account_id > 0) { //Single account $accountConditions = " AND $mailTablePrefix.account_id = " . DB::escape($account_id); } else { // show emails from other accounts $macs = MailAccountContacts::instance()->getByContact(logged_user()); $acc_ids = array(0); foreach ($macs as $mac) $acc_ids[] = $mac->getAccountId(); // permission conditions $pgs = ContactPermissionGroups::getPermissionGroupIdsByContactCSV(logged_user()->getId()); if (trim($pgs == '')) $pgs = '0'; $perm_sql = "(SELECT count(*) FROM ".TABLE_PREFIX."sharing_table st WHERE st.object_id = $mailTablePrefix.object_id AND st.group_id IN ($pgs)) > 0"; // show mails for all visible accounts and classified mails where logged_user has permissions $accountConditions = " AND ($mailTablePrefix.account_id IN (" . implode(",", $acc_ids) . ") OR $perm_sql)"; } // Check for unclassified emails $classified = ''; if ($classif_filter != '' && $classif_filter != 'all') { $classified = "AND " . ($classif_filter == 'unclassified' ? "NOT " : ""); $classified .= "o.id IN (SELECT object_id FROM ".TABLE_PREFIX."object_members)"; } // Check for draft, junk, etc. emails if ($state == "draft") { $stateConditions = " $mailTablePrefix.state = '2'"; } else if ($state == "sent") { $stateConditions = " $mailTablePrefix.state IN ('1','3','5')"; } else if ($state == "received") { $stateConditions = " $mailTablePrefix.state IN ('0','5')"; } else if ($state == "junk") { $stateConditions = " $mailTablePrefix.state = '4'"; } else if ($state == "outbox") { $stateConditions = " $mailTablePrefix.state >= 200"; } else { $stateConditions = ""; } // Check read emails if ($read_filter != "" && $read_filter != "all") { if ($read_filter == "unread") { $read = "AND NOT "; $subread = "AND NOT mc."; } else { $read = "AND "; $subread = "AND mc."; } $read2 = "id IN (SELECT rel_object_id FROM " . TABLE_PREFIX . "read_objects t WHERE contact_id = " . logged_user()->getId() . " AND t.is_read = '1')"; $read .= $read2; $subread .= $read2; } else { $read = ""; $subread = ""; } // Conversations not allowed yet //if (user_config_option('show_emails_as_conversations')) { // $state_conv_cond_1 = $state != 'received' ? " $stateConditions AND " : " m.state <> '2' AND "; // $state_conv_cond_2 = $state != 'received' ? " AND (mc.state = '1' OR mc.state = '3' OR mc.state = '5') " : " AND mc.state <> '2' "; // $archived_by_id = $archived ? "AND o.archived_by_id != 0" : "AND o.archived_by_id = 0"; // $trashed_by_id = "AND o.trashed_by_id = 0"; // $conversation_cond = "AND IF(m.conversation_id = 0, $stateConditions, $state_conv_cond_1 NOT EXISTS (SELECT * FROM ".TABLE_PREFIX."mail_contents mc WHERE m.conversation_id = mc.conversation_id AND m.account_id = mc.account_id AND m.received_date < mc.received_date $archived_by_id AND mc.is_deleted = 0 $trashed_by_id $subread $state_conv_cond_2))"; // $box_cond = "AND IF(EXISTS(SELECT * FROM ".TABLE_PREFIX."mail_contents mc WHERE m.conversation_id = mc.conversation_id AND m.object_id <> o.id AND m.account_id = mc.account_id $archived_by_id AND mc.is_deleted = 0 $trashed_by_id AND $stateConditions), TRUE, $stateConditions)"; //} else { $conversation_cond = ""; $box_cond = "AND $stateConditions"; //} /*return self::findByContext(array('limit' => $limit, 'offset' => $start, 'order' => "$order_by $dir", 'extra_conditions' => "$accountConditions $classified $read $conversation_cond $box_cond")); */ return self::instance()->listing(array( 'limit' => $limit, 'start' => $start, 'order' => $order_by, 'order_dir' => $dir, 'extra_conditions' => "$accountConditions $classified $read $conversation_cond $box_cond", //'count_results' => false, 'join_params' => $join_params )); }
static function prepareDimensionConditions($context, $object_type_id) { //get contact's permission groups ids $pg_ids = ContactPermissionGroups::getPermissionGroupIdsByContactCSV(logged_user()->getId(), false); $all_dim_in_all_conditions = ""; $dm_conditions = ""; $context_dimensions = array(); $selection_members = array(); // - stores the ids of all members selected in context $selected_dimensions = array(); // - stores the ids of all dimensions selected in context $properties = array(); //- stores associations between dimensions $redefined_context = array(); // - if there are dimensions that are associated to another dimension in the context, we may need to redefine the context foreach ($context as $selection) { if ($selection instanceof Member) { $selection_members[] = $selection; } } $member_count = 0; foreach ($context as $selection) { if ($selection instanceof Member) { // condiciones para filtrar por el miembro seleccionado $member_count++; $dimension = $selection->getDimension(); $dimension_id = $dimension->getId(); $selected_dimensions[] = $dimension; $context_dimensions[$dimension_id]['allowed_members'] = array(); // - stores the ids of the members where we must search for objects $context_dimensions[$dimension_id]['allowed_members'][] = $selection->getId(); $children = $selection->getAllChildrenInHierarchy(); foreach ($children as $child) { $context_dimensions[$dimension_id]['allowed_members'][] = $child->getId(); } if ($dimension->canContainObjects()) { $allowed_members = $context_dimensions[$dimension_id]['allowed_members']; $dm_conditions .= self::prepareQuery($dm_conditions, $dimension, $allowed_members, $object_type_id, $pg_ids, 'AND', $selection_members); $redefined_context[] = $dimension_id; } else { //let's check if this dimension is property of another $associated_dimensions_ids = $dimension->getAssociatedDimensions(); if (count($associated_dimensions_ids) > 0) { foreach ($associated_dimensions_ids as $aid) { $properties[$dimension_id][] = $aid; } } } } else { // condiciones para cuando se selecciona "all" en todas las dimensiones visibles $all_members = $selection->getAllMembers(); foreach ($all_members as $member) { $context_dimensions[$selection->getId()]['allowed_members'][] = $member->getId(); } //get all the content object type ids that can hang in the dimension if ($selection->canContainObjects()) { if (!isset($context_dimensions[$selection->getId()])) { $context_dimensions[$selection->getId()] = array(); } $allowed_members = array_var($context_dimensions[$selection->getId()], 'allowed_members', array()); $all_dim_in_all_conditions .= self::prepareQuery($all_dim_in_all_conditions, $selection, $allowed_members, $object_type_id, $pg_ids, 'OR', $selection_members, true); } } } // Si esta parado en 'all' de todas las dimensiones visibles aplico la condicion de que el objeto pertenezca a algun miembro de las dimensiones al cual yo tenga permisos if ($member_count == 0) { $dm_conditions .= $all_dim_in_all_conditions; } if (count($properties) > 0) { foreach ($properties as $property => $values) { foreach ($values as $dim_id) { if (!in_array($dim_id, $redefined_context)) { $redefined_context[] = $dim_id; } } } return self::prepareAssociationConditions($redefined_context, $context_dimensions, $properties, $object_type_id, $pg_ids, $selection_members); } $dimensions = Dimensions::findAll(); foreach ($dimensions as $dimension) { if ($dimension->canContainObjects() && !in_array($dimension, $context) && !in_array($dimension, $selected_dimensions)) { $member_ids = array(); $all_members = $dimension->getAllMembers(); foreach ($all_members as $member) { $member_ids[] = $member->getId(); } $dm_conditions .= self::prepareQuery($dm_conditions, $dimension, $member_ids, $object_type_id, $pg_ids, 'OR', $selection_members, true); } } return $dm_conditions; }
/** * Returns all the members to be displayed in the panel that corresponds to the dimension for which the id is received by * parameter. * It is called when the application is first loaded. * @todo: return only the members that are going to be retrieved * @todo: add a function to retrieve the rest of the members - dimension_members - and make it more efficient * @todo: add a funciton to retrieve a specific set of members * @todo: check where this function is called * @todo: check (and fix) that the system doesn't use the left-panel navigation tree to get member's data * */ function initial_list_dimension_members($dimension_id, $object_type_id, $allowed_member_type_ids = null, $return_all_members = false, $extra_conditions = "", $limit = null, $return_member_objects = false, $order = null, $return_only_members_name = false, $filter_by_members = array(), $access_level = ACCESS_LEVEL_READ, $use_member_cache = false) { $allowed_member_types = array(); $item_object = null; if (logged_user()->isAdministrator()) { $return_all_members = true; } $contact_pg_ids = ContactPermissionGroups::getPermissionGroupIdsByContactCSV(logged_user()->getId(), false); $dimension = Dimensions::getDimensionById($dimension_id); if ($object_type_id != null) { $dimension_object_type_contents = $dimension->getObjectTypeContent($object_type_id); foreach ($dimension_object_type_contents as $dotc) { $dot_id = $dotc->getDimensionObjectTypeId(); if (is_null($allowed_member_type_ids) || in_array($dot_id, $allowed_member_type_ids)) { $allowed_member_types[] = $dot_id; } } $object_type = ObjectTypes::findById($object_type_id); if ($object_type instanceof ObjectType && $object_type->getType() == 'dimension_object') { eval('$ot_manager = ' . $object_type->getHandlerClass() . '::instance();'); if (isset($ot_manager)) { eval('$item_object = new ' . $ot_manager->getItemClass() . '();'); } } } $extra_conditions .= " AND archived_by_id=0"; if ($dimension instanceof Dimension) { if (count($allowed_member_types) > 0) { $extra_conditions = " AND object_type_id IN (" . implode(",", $allowed_member_types) . ")" . $extra_conditions; } $parent = 0; if (is_null($order)) { $order = "parent_member_id, name"; } if (!$dimension->getDefinesPermissions() || $dimension->hasAllowAllForContact($contact_pg_ids) || $return_all_members) { $all_members = $dimension->getAllMembers(false, $order, true, $extra_conditions, $limit); } else { if ($dimension->hasCheckForContact($contact_pg_ids)) { if ($use_member_cache) { //use the contact member cache $params = array("dimension" => $dimension, "contact_id" => logged_user()->getId(), "parent_member_id" => 0, "start" => $limit['offset'], "limit" => $limit['limit'], "extra_condition" => $extra_conditions, "order" => '`name`', "order_dir" => 'ASC'); $all_members = ContactMemberCaches::getAllMembersWithCachedParentId($params); } else { $member_list = $dimension->getAllMembers(false, $order, true, $extra_conditions, $limit); $allowed_members = array(); foreach ($member_list as $dim_member) { if (ContactMemberPermissions::instance()->contactCanAccessMemberAll($contact_pg_ids, $dim_member->getId(), logged_user(), $access_level)) { $allowed_members[] = $dim_member; } } $all_members = $allowed_members; } } } if (!isset($all_members)) { $all_members = array(); } $tmp_array = array(); foreach ($filter_by_members as $filter_id) { if ($filter_id) { $tmp_array[] = $filter_id; } } $filter_by_members = $tmp_array; $all_members = $this->apply_association_filters($dimension, $all_members, $filter_by_members); if ($return_member_objects) { return $all_members; } else { return $this->buildMemberList($all_members, $dimension, $allowed_member_type_ids, $allowed_member_types, $item_object, $object_type_id, $return_only_members_name); } } return null; }
/** * @deprecated * @author Ignacio Vazquez - elpepe.uy@gmail.com */ static function _findAllowed() { //1. Find members where user can add tasks //$sqlMembers = " $sql = "\n\t\t\tSELECT distinct(id) AS id\n\t\t\tFROM " . TABLE_PREFIX . "object_members om\n\t\t\tINNER JOIN " . TABLE_PREFIX . "templates t ON t.object_id = om.object_id\n\t\t\tINNER JOIN " . TABLE_PREFIX . "objects o ON om.object_id = o.id\n\t\t\tWHERE\n\t\t\t member_id IN ( \n\t\t\t \tSELECT distinct(member_id) \n\t\t\t\t\tFROM " . TABLE_PREFIX . "contact_member_permissions o \n\t\t\t\t\tWHERE object_type_id = " . ProjectTasks::instance()->getObjectTypeId() . " \n\t\t\t\t\tAND permission_group_id IN ( " . ContactPermissionGroups::getPermissionGroupIdsByContactCSV(logged_user()->getId()) . " ) AND can_write= 1 \n\t\t\t\t)\n\t\t\t\tAND is_optimization = 0\n\t\t\tGROUP BY om.object_id\t\t\n\t\t"; $res = DB::execute($sql); $tpls = array(); // Iterate on the results and make som filtering while ($row = $res->fetchRow()) { $tpl = COTemplates::instance()->findById($row['id']); $tpls[] = $tpl; } return $tpls; }
static function prepareDimensionConditions($context) { //get contact's permission groups ids $pg_ids = ContactPermissionGroups::getPermissionGroupIdsByContactCSV(logged_user()->getId(), false); $dm_conditions = ""; $context_dimensions = array(); $selection_members = array(); // - stores the ids of all members selected in context $selected_dimensions = array(); // - stores the ids of all dimensions selected in context $properties = array(); //- stores associations between dimensions $redefined_context = array(); // - if there are dimensions that are associated to another dimension in the context, we may need to redefine the context foreach ($context as $selection) { if ($selection instanceof Member) { $selection_members[] = $selection; } } foreach ($context as $selection) { if ($selection instanceof Member) { $dimension = $selection->getDimension(); $dimension_id = $dimension->getId(); $selected_dimensions[] = $dimension; $context_dimensions[$dimension_id]['allowed_members'] = array(); // - stores the ids of the members where we must search for objects $context_dimensions[$dimension_id]['object_types'] = array(); // - stores the ids of those content object types that we must search for //first get all the object types of the member that is selected and its children $member_object_types = array(); $member_object_types[] = $selection->getObjectTypeId(); $context_dimensions[$dimension_id]['allowed_members'][] = $selection->getId(); $children = $selection->getAllChildrenInHierarchy(); foreach ($children as $child) { $context_dimensions[$dimension_id]['allowed_members'][] = $child->getId(); if (!in_array($child->getObjectTypeId(), $member_object_types)) { $member_object_types[] = $child->getObjectTypeId(); } } //now let's check which content object type ids can hang from the object types that correspond to these members in this dimension foreach ($member_object_types as $object_type) { $content_object_types = DimensionObjectTypeContents::getContentObjectTypeIds($dimension_id, $object_type); foreach ($content_object_types as $co_type) { if (!in_array($co_type, $context_dimensions[$dimension_id]['object_types'])) { $context_dimensions[$dimension_id]['object_types'][] = $co_type; } } } if ($dimension->canContainObjects()) { $allowed_members = $context_dimensions[$dimension_id]['allowed_members']; $object_types = $context_dimensions[$dimension_id]['object_types']; $dm_conditions .= self::prepareQuery($dm_conditions, $dimension, $allowed_members, $object_types, $pg_ids, 'AND', $selection_members); $redefined_context[] = $dimension_id; } else { //let's check if this dimension is property of another $associated_dimensions_ids = $dimension->getAssociatedDimensions(); if (count($associated_dimensions_ids) > 0) { foreach ($associated_dimensions_ids as $aid) { $properties[$dimension_id][] = $aid; } } } } else { $all_members = $selection->getAllMembers(); foreach ($all_members as $member) { if (!isset($context_dimensions[$selection->getId()]['allowed_members'])) { $context_dimensions[$selection->getId()]['allowed_members'] = array(); } $context_dimensions[$selection->getId()]['allowed_members'][] = $member->getId(); } //get all the content object type ids that can hang in the dimension $context_dimensions[$selection->getId()]['object_types'] = DimensionObjectTypeContents::getContentObjectTypeIds($selection->getId()); if ($selection->canContainObjects()) { $allowed_members = array_var($context_dimensions[$selection->getId()], 'allowed_members', array()); $object_types = array_var($context_dimensions[$selection->getId()], 'object_types', array()); $dm_conditions .= self::prepareQuery($dm_conditions, $selection, $allowed_members, $object_types, $pg_ids, 'OR', $selection_members, true); } } } if (count($properties) > 0) { foreach ($properties as $property => $values) { foreach ($values as $dim_id) { if (!in_array($dim_id, $redefined_context)) { $redefined_context[] = $dim_id; } } } return self::prepareAssociationConditions($redefined_context, $context_dimensions, $properties, $pg_ids, $selection_members); } $dimensions = Dimensions::findAll(); foreach ($dimensions as $dimension) { if ($dimension->canContainObjects() && !in_array($dimension, $context) && !in_array($dimension, $selected_dimensions)) { $member_ids = array(); $all_members = $dimension->getAllMembers(); foreach ($all_members as $member) { $member_ids[] = $member->getId(); } $object_types = DimensionObjectTypeContents::getContentObjectTypeIds($dimension->getId()); $dm_conditions .= self::prepareQuery($dm_conditions, $dimension, $member_ids, $object_types, $pg_ids, 'OR', $selection_members, true); } } return $dm_conditions; }
function get_user_dimensions_ids(){ //All dimensions $all_dimensions = Dimensions::findAll(); $dimensions_to_show = array(); foreach ($all_dimensions as $dim){ if (!$dim->getDefinesPermissions()){ $dimensions_to_show [$dim->getId()] = $dim->getId(); } else{ $contact_pg_ids = ContactPermissionGroups::getPermissionGroupIdsByContactCSV(logged_user()->getId(),false); /*if dimension does not deny everything for each contact's PG, show it*/ if (!$dim->deniesAllForContact($contact_pg_ids)){ $dimensions_to_show [$dim->getId()] = $dim->getId(); } } } return $dimensions_to_show; }
/** * Return true is $user can access an $object. False otherwise. * * @param Contact $user * @param array $members * @param $object_type_id * @return boolean */ function can_access(Contact $user, $members, $object_type_id, $access_level) { if ($user->isAdministrator()) { return true; } $write = $access_level == ACCESS_LEVEL_WRITE; $delete = $access_level == ACCESS_LEVEL_DELETE; if ($user->isGuest() && $access_level != ACCESS_LEVEL_READ || !count($members) > 0) { return false; } try { $contact_pg_ids = ContactPermissionGroups::getPermissionGroupIdsByContactCSV($user->getId(), false); $allow_all_cache = array(); $dimension_permissions = array(); foreach ($members as $k => $m) { if (!$m instanceof Member) { unset($members[$k]); continue; } $dimension = $m->getDimension(); if (!$dimension->getDefinesPermissions()) { continue; } $dimension_id = $dimension->getId(); if (!isset($dimension_permissions[$dimension_id])) { $dimension_permissions[$dimension_id] = false; } if (!$dimension_permissions[$dimension_id]) { if ($m->canContainObject($object_type_id)) { //dimension defines permissions and user has maximum level of permissions if (isset($allow_all_cache[$dimension_id])) { $allow_all = $allow_all_cache[$dimension_id]; } else { $allow_all = $dimension->hasAllowAllForContact($contact_pg_ids); $allow_all_cache[$dimension_id] = $allow_all; } if ($allow_all) { $dimension_permissions[$dimension_id] = true; } //check individual members if (!$dimension_permissions[$dimension_id] && ContactMemberPermissions::contactCanReadObjectTypeinMember($contact_pg_ids, $m->getId(), $object_type_id, $write, $delete, $user)) { $dimension_permissions[$dimension_id] = true; } } else { unset($dimension_permissions[$dimension_id]); } } } $allowed = true; foreach ($dimension_permissions as $perm) { if (!$perm) { $allowed = false; } else { return true; // if user has permission in one of the object's members then can access = true } } if ($allowed && count($dimension_permissions)) { return true; } // Si hasta aca tienen perm en todas las dim, return true. Si hay alguna que no tiene perm sigo //Check Context Permissions $member_ids = array(); foreach ($members as $member_obj) { $member_ids[] = $member_obj->getId(); } $allowed_members = ContactMemberPermissions::getActiveContextPermissions($user, $object_type_id, $members, $member_ids, $write, $delete); $count = 0; foreach ($members as $m) { $count++; if (!in_array($m->getId(), $allowed_members)) { return false; } else { if ($count == count($members)) { return true; } } } } catch (Exception $e) { tpl_assign('error', $e); return false; } return false; }
/** * Return true is $user can access an $object. False otherwise. * * @param Contact $user * @param array $members * @param $object_type_id * @return boolean */ function can_access(Contact $user, $members, $object_type_id, $access_level){ if($user->isAdministrator()){ return true; } $write = $access_level == ACCESS_LEVEL_WRITE; $delete = $access_level == ACCESS_LEVEL_DELETE; if (($user->isGuest() && $access_level!= ACCESS_LEVEL_READ) || !count($members)>0) return false; try { $contact_pg_ids = ContactPermissionGroups::getPermissionGroupIdsByContactCSV($user->getId(),false); $allow_all_cache = array(); $dimension_query_methods = array(); $dimension_permissions = array(); foreach($members as $k => $m){ if (!$m instanceof Member) { unset($members[$k]); continue; } $dimension = $m->getDimension(); if(!$dimension->getDefinesPermissions()){ continue; } $dimension_id = $dimension->getId(); if (!isset($dimension_permissions[$dimension_id])) { $dimension_permissions[$dimension_id]=false; } if (!$dimension_permissions[$dimension_id]){ if ($m->canContainObject($object_type_id)){ if (!isset($dimension_query_methods[$dimension->getId()])) { $dimension_query_methods[$dimension->getId()] = $dimension->getPermissionQueryMethod(); } //dimension defines permissions and user has maximum level of permissions if (isset($allow_all_cache[$dimension_id])) { $allow_all = $allow_all_cache[$dimension_id]; } else { $allow_all = $dimension->hasAllowAllForContact($contact_pg_ids); $allow_all_cache[$dimension_id] = $allow_all; } if ($allow_all) { $dimension_permissions[$dimension_id]=true; } //check individual members if (!$dimension_permissions[$dimension_id] && ContactMemberPermissions::contactCanReadObjectTypeinMember($contact_pg_ids, $m->getId(), $object_type_id, $write, $delete, $user)){ $dimension_permissions[$dimension_id]=true; } } else { unset($dimension_permissions[$dimension_id]); } } } $allowed = true; // check that user has permissions in all mandatory query method dimensions $mandatory_count = 0; foreach ($dimension_query_methods as $dim_id => $qmethod) { if ($qmethod == DIMENSION_PERMISSION_QUERY_METHOD_MANDATORY) { $mandatory_count++; if (!array_var($dimension_permissions, $dim_id)) { // if one of the members belong to a mandatory dimension and user does not have permissions on it then return false return false; } } } // If no members in mandatory dimensions then check for not mandatory ones if ($allowed && $mandatory_count == 0) { foreach ($dimension_query_methods as $dim_id => $qmethod) { if ($qmethod == DIMENSION_PERMISSION_QUERY_METHOD_NOT_MANDATORY) { if (array_var($dimension_permissions, $dim_id)) { // if has permissions over any member of a non mandatory dimension then return true return true; } else { $allowed = false; } } } } if ($allowed && count($dimension_permissions)) { return true; } // Si hasta aca tienen perm en todas las dim, return true. Si hay alguna que no tiene perm sigo //Check Context Permissions $member_ids = array(); foreach ($members as $member_obj) $member_ids[] = $member_obj->getId(); $allowed_members = ContactMemberPermissions::getActiveContextPermissions($user, $object_type_id, $members, $member_ids, $write, $delete); $count=0; foreach($members as $m){ $count++; if (!in_array($m->getId(), $allowed_members)) return false; else if ($count==count($members)) return true; } } catch(Exception $e) { tpl_assign('error', $e); return false; } return false; }
/** * Return true is $user can access an $object. False otherwise. * * @param Contact $user * @param array $members * @param $object_type_id * @return boolean */ function can_access(Contact $user, $members, $object_type_id, $access_level, $allow_super_admin = true) { if ($allow_super_admin && $user->isAdministrator()) { return true; } $write = $access_level == ACCESS_LEVEL_WRITE; $delete = $access_level == ACCESS_LEVEL_DELETE; if ($user->isGuest() && $access_level != ACCESS_LEVEL_READ) { return false; } try { $contact_pg_ids = ContactPermissionGroups::getPermissionGroupIdsByContactCSV($user->getId(), false); $allow_all_cache = array(); $dimension_query_methods = array(); // if no manageable member then check if user has permissions wihout classifying $manageable_members = array(); foreach ($members as $mem) { if ($mem instanceof Member && $mem->getDimension()->getIsManageable() && $mem->getDimension()->getDefinesPermissions()) { $manageable_members[] = $mem->getId(); } } if (count($manageable_members) == 0) { $return = false; if (config_option('let_users_create_objects_in_root') && $contact_pg_ids != "" && ($user->isAdminGroup() || $user->isExecutive() || $user->isManager())) { $cond = $delete ? 'AND can_delete = 1' : ($write ? 'AND can_write = 1' : ''); $cmp = ContactMemberPermissions::findOne(array('conditions' => "member_id=0 AND object_type_id={$object_type_id} AND permission_group_id IN ({$contact_pg_ids}) {$cond}")); $return = $cmp instanceof ContactMemberPermission; } return $return; } $max_role_ot_perm = MaxRoleObjectTypePermissions::instance()->findOne(array('conditions' => "object_type_id='{$object_type_id}' AND role_id = '" . $user->getUserType() . "'")); $enabled_dimensions = config_option('enabled_dimensions'); $dimension_permissions = array(); foreach ($members as $k => $m) { if (!$m instanceof Member) { unset($members[$k]); continue; } $dimension = $m->getDimension(); if (!$dimension->getDefinesPermissions() || !in_array($dimension->getId(), $enabled_dimensions)) { continue; } $dimension_id = $dimension->getId(); if (!isset($dimension_permissions[$dimension_id])) { $dimension_permissions[$dimension_id] = false; } if (!$dimension_permissions[$dimension_id]) { if ($m->canContainObject($object_type_id)) { if (!isset($dimension_query_methods[$dimension->getId()])) { $dimension_query_methods[$dimension->getId()] = $dimension->getPermissionQueryMethod(); } //dimension defines permissions and user has maximum level of permissions if (isset($allow_all_cache[$dimension_id])) { $allow_all = $allow_all_cache[$dimension_id]; } else { $allow_all = $dimension->hasAllowAllForContact($contact_pg_ids); $allow_all_cache[$dimension_id] = $allow_all; } if ($allow_all) { $dimension_permissions[$dimension_id] = true; } //check individual members if (!$dimension_permissions[$dimension_id] && ContactMemberPermissions::contactCanReadObjectTypeinMember($contact_pg_ids, $m->getId(), $object_type_id, $write, $delete, $user)) { if ($max_role_ot_perm) { if ($access_level == ACCESS_LEVEL_DELETE && $max_role_ot_perm->getCanDelete() || $access_level == ACCESS_LEVEL_WRITE && $max_role_ot_perm->getCanWrite() || $access_level == ACCESS_LEVEL_READ) { $dimension_permissions[$dimension_id] = true; } } } } else { unset($dimension_permissions[$dimension_id]); } } } $allowed = true; // check that user has permissions in all mandatory query method dimensions $mandatory_count = 0; foreach ($dimension_query_methods as $dim_id => $qmethod) { if (!in_array($dim_id, $enabled_dimensions)) { continue; } if ($qmethod == DIMENSION_PERMISSION_QUERY_METHOD_MANDATORY) { $mandatory_count++; if (!array_var($dimension_permissions, $dim_id)) { // if one of the members belong to a mandatory dimension and user does not have permissions on it then return false return false; } } } // If no members in mandatory dimensions then check for not mandatory ones if ($allowed && $mandatory_count == 0) { foreach ($dimension_query_methods as $dim_id => $qmethod) { if ($qmethod == DIMENSION_PERMISSION_QUERY_METHOD_NOT_MANDATORY) { if (array_var($dimension_permissions, $dim_id)) { // if has permissions over any member of a non mandatory dimension then return true return true; } else { $allowed = false; } } } } if ($allowed && count($dimension_permissions)) { return true; } // Si hasta aca tienen perm en todas las dim, return true. Si hay alguna que no tiene perm sigo //Check Context Permissions $member_ids = array(); foreach ($members as $member_obj) { $member_ids[] = $member_obj->getId(); } $allowed_members = ContactMemberPermissions::getActiveContextPermissions($user, $object_type_id, $members, $member_ids, $write, $delete); $count = 0; foreach ($members as $m) { $count++; if (!in_array($m->getId(), $allowed_members)) { return false; } else { if ($count == count($members)) { return true; } } } } catch (Exception $e) { tpl_assign('error', $e); return false; } return false; }
/** * * */ function list_dimension_members($member_id, $context_dimension_id, $object_type_id, $allowed_member_type_ids) { if ($member_id != 0) { $contact_pg_ids = ContactPermissionGroups::getPermissionGroupIdsByContactCSV(logged_user()->getId(), false); $member = members::findById($member_id); $dimension = Dimensions::getDimensionById($context_dimension_id); if ($object_type_id != null) { $dimension_object_type_contents = $dimension->getObjectTypeContent($object_type_id); foreach ($dimension_object_type_contents as $dotc) { $dot_id = $dotc->getDimensionObjectTypeId(); if (is_null($allowed_member_type_ids) || in_array($dot_id, $allowed_member_type_ids)) { $allowed_object_type_ids[] = $dot_id; } } } if ($dimension instanceof Dimension && $member instanceof Member) { if (!$dimension->getDefinesPermissions() || $dimension->hasAllowAllForContact($contact_pg_ids)) { $dimension_members = $dimension->getAllMembers(false, "parent_member_id, name", true); } else { if ($dimension->hasCheckForContact($contact_pg_ids)) { $member_list = $dimension->getAllMembers(false, "parent_member_id, name", true); $allowed_members = array(); foreach ($member_list as $dim_member) { if (ContactMemberPermissions::instance()->contactCanReadMemberAll($contact_pg_ids, $dim_member->getId(), logged_user())) { $allowed_members[] = $dim_member; } } $dimension_members = $allowed_members; } } $members_to_retrieve = array(); $association_ids = DimensionMemberAssociations::getAllAssociationIds($member->getDimensionId(), $context_dimension_id); if (count($association_ids) > 0) { $associated_members_ids_csv = ''; foreach ($association_ids as $id) { $association = DimensionMemberAssociations::findById($id); $children = $member->getAllChildrenInHierarchy(); if ($association->getDimensionId() == $context_dimension_id) { $new_csv = MemberPropertyMembers::getAllMemberIds($id, $member_id); $associated_members_ids_csv .= $new_csv != '' ? $new_csv . "," : ''; foreach ($children as $child) { $new_csv = MemberPropertyMembers::getAllMemberIds($id, $child->getId()); $associated_members_ids_csv .= $new_csv != '' ? $new_csv . "," : ''; } } else { $new_csv = MemberPropertyMembers::getAllPropertyMemberIds($id, $member_id) . ","; $associated_members_ids_csv .= $new_csv != '' ? $new_csv . "," : ''; foreach ($children as $child) { $new_csv = MemberPropertyMembers::getAllPropertyMemberIds($id, $child->getId()); $associated_members_ids_csv .= $new_csv != '' ? $new_csv . "," : ''; } } } $associated_members_ids = explode(',', $associated_members_ids_csv); $associated_members_ids = array_unique($associated_members_ids); } if (isset($associated_members_ids) && count($associated_members_ids) > 0) { foreach ($associated_members_ids as $id) { $associated_member = Members::findById($id); if (in_array($associated_member, $dimension_members)) { $context_hierarchy_members = $associated_member->getAllParentMembersInHierarchy(true); foreach ($context_hierarchy_members as $context_member) { if (!in_array($context_member, $members_to_retrieve) && in_array($context_member, $dimension_members)) { $members_to_retrieve[$context_member->getName()] = $context_member; } } } } // alphabetical order $members_to_retrieve = array_ksort($members_to_retrieve); } else { $members_to_retrieve[] = $dimension_members; } $membersset = array(); foreach ($members_to_retrieve as $m) { $membersset[$m->getId()] = true; } $members = array(); // Todo adapt this code to call "buildMemberList" - (performance and code improvement) foreach ($members_to_retrieve as $m) { if ($m->getArchivedById() > 0) { continue; } if ($object_type_id != null) { $selectable = in_array($m->getObjectTypeId(), $allowed_object_type_ids) ? true : false; } $tempParent = $m->getParentMemberId(); $x = $m; while ($x instanceof Member && !isset($membersset[$tempParent])) { $tempParent = $x->getParentMemberId(); $x = $x->getParentMember(); } if (!$x instanceof Member) { $tempParent = 0; } if ($dot = DimensionObjectTypes::instance()->findOne(array("conditions" => "\n\t\t\t\t\t\tdimension_id = " . $dimension->getId() . " AND\n\t\t\t\t\t\tobject_type_id = " . $m->getObjectTypeId()))) { $memberOptions = $dot->getOptions(true); } else { $memberOptions = ''; } /* @var $m Member */ $member = array("id" => $m->getId(), "name" => clean($m->getName()), "parent" => $tempParent, "realParent" => $m->getParentMemberId(), "object_id" => $m->getObjectId(), "options" => $memberOptions, "depth" => $m->getDepth(), "iconCls" => $m->getIconClass(), "selectable" => isset($selectable) ? $selectable : false, "dimension_id" => $m->getDimensionId(), "object_type_id" => $m->getObjectTypeId(), "allow_childs" => $m->allowChilds()); if ($oid = $m->getObjectId()) { if ($obj = Objects::instance()->findObject($m->getObjectId())) { $editUrl = $obj->getEditUrl(); } } // Member Actions if (can_manage_dimension_members(logged_user())) { if ($oid = $m->getObjectId()) { if ($obj = Objects::instance()->findObject($m->getObjectId())) { $editUrl = $obj->getEditUrl(); } } else { $editUrl = get_url('member', 'edit', array('id' => $m->getId())); } $member['actions'] = array(array('url' => $editUrl, 'text' => '', 'iconCls' => 'ico-edit')); } $members[] = $member; } return $members; } return null; } else { $members = $this->initial_list_dimension_members($context_dimension_id, $object_type_id, $allowed_member_type_ids); return $members; } }