function getAllRolesPermissions(){
$groups = PermissionGroups::getNonPersonalPermissionGroups('`parent_id`,`id` ASC');
$roles_permissions = array();
foreach($groups as $group){
$roles_permissions[$group->getId()] = self::getRolePermissions($group->getId());
}
return $roles_permissions;
}
/**
* Render form control
*
* @param string $control_name
* @return string
*/
function render($control_name)
{
$groups = PermissionGroups::getNonRolePermissionGroups();
$selected = config_option('default_guest_user_group');
$options = array();
$attrs = $selected == 0 ? array('selected' => 'selected') : array();
$options[] = option_tag(lang('none'), 0, $attrs);
foreach ($groups as $group) {
$attrs = $selected == $group->getId() ? array('selected' => 'selected') : array();
$options[] = option_tag(clean($group->getName()), $group->getId(), $attrs);
}
echo select_box($control_name, $options);
}
function getDefaultRolesByType()
{
$result = array();
$exe_group = PermissionGroups::findOne(array('id' => true, 'conditions' => "name='ExecutiveGroup' AND type='roles'"));
$col_group = PermissionGroups::findOne(array('id' => true, 'conditions' => "name='CollaboratorGroup' AND type='roles'"));
$gue_group = PermissionGroups::findOne(array('id' => true, 'conditions' => "name='GuestGroup' AND type='roles'"));
$exe = PermissionGroups::findOne(array('id' => true, 'conditions' => "name='Executive' AND type='roles'"));
$col = PermissionGroups::findOne(array('id' => true, 'conditions' => "name='Internal Collaborator' AND type='roles'"));
$gue = PermissionGroups::findOne(array('id' => true, 'conditions' => "name='Guest' AND type='roles'"));
$result[$exe_group[0]] = $exe[0];
$result[$col_group[0]] = $col[0];
$result[$gue_group[0]] = $gue[0];
return $result;
}
function render($control_name)
{
$genid = gen_id();
$groups = PermissionGroups::findAll(array('conditions' => "`type`='roles' AND `parent_id`>0"));
$value = $this->getValue();
$out = '';
foreach ($groups as $group) {
/* @var $dim Dimension */
$checked = array_search($group->getId(), $value) !== false;
$out .= '<div class="checkbox-config-option">';
$out .= label_tag($group->getName(), $genid . '_' . $control_name . '_' . $group->getId(), false, array('style' => 'cursor:pointer;'), '');
$out .= checkbox_field($control_name . '[' . $group->getId() . ']', $checked, array('id' => $genid . '_' . $control_name . '_' . $group->getId()));
$out .= '</div >';
}
$out .= '<input type="hidden" name="' . $control_name . '[0]" value=" "><div class="clear"></div>';
return $out;
}
/**
* List groups
*
* @access public
* @param void
* @return null
*/
function groups()
{
if (!can_manage_security(logged_user())) {
flash_error(lang('no access permissions'));
ajx_current("empty");
return;
}
$groups = PermissionGroups::getNonRolePermissionGroups();
$gr_lengths = array();
foreach ($groups as $gr) {
$count = ContactPermissionGroups::count("`permission_group_id` = " . $gr->getId());
$gr_lengths[$gr->getId()] = $count;
}
tpl_assign('gr_lengths', $gr_lengths);
tpl_assign('permission_groups', $groups);
}
/**
* Finish the installation - create owner company and administrator
*
* @param void
* @return null
*/
function complete_installation()
{
if (Contacts::getOwnerCompany() instanceof Contact) {
die('Owner company already exists');
// Somebody is trying to access this method even if the user already exists
}
// if
$form_data = array_var($_POST, 'form');
tpl_assign('form_data', $form_data);
if (array_var($form_data, 'submited') == 'submited') {
try {
$admin_password = trim(array_var($form_data, 'admin_password'));
$admin_password_a = trim(array_var($form_data, 'admin_password_a'));
if (trim($admin_password) == '') {
throw new Error(lang('password value required'));
}
// if
if ($admin_password != $admin_password_a) {
throw new Error(lang('passwords dont match'));
}
// if
DB::beginWork();
Contacts::delete();
// clear users table
// Create a company
$company = new Contact();
$company->setFirstName(array_var($form_data, 'company_name'));
$company->setObjectName();
$company->setIsCompany(true);
$company->save();
// Init default colors
set_config_option('brand_colors_head_back', "424242");
set_config_option('brand_colors_tabs_back', "e7e7e7");
set_config_option('brand_colors_head_font', "FFFFFF");
set_config_option('brand_colors_tabs_font', "333333");
// Create the administrator user
$administrator = new Contact();
$pergroup = PermissionGroups::findOne(array('conditions' => "`name`='Super Administrator'"));
$administrator->setUserType($pergroup->getId());
$administrator->setCompanyId($company->getId());
$administrator->setUsername(array_var($form_data, 'admin_username'));
$administrator->setPassword($admin_password);
$administrator->setFirstname(array_var($form_data, 'admin_username'));
$administrator->setObjectName();
$administrator->save();
$user_password = new ContactPassword();
$user_password->setContactId($administrator->getId());
$user_password->password_temp = $admin_password;
$user_password->setPasswordDate(DateTimeValueLib::now());
$user_password->setPassword(cp_encrypt($admin_password, $user_password->getPasswordDate()->getTimestamp()));
$user_password->save();
//Add email after save because is needed.
$administrator->addEmail(array_var($form_data, 'admin_email'), 'personal', true);
//permissions
$permission_group = new PermissionGroup();
$permission_group->setName('Account Owner');
$permission_group->setContactId($administrator->getId());
$permission_group->setIsContext(false);
$permission_group->setType("permission_groups");
$permission_group->save();
$administrator->setPermissionGroupId($permission_group->getId());
$administrator->save();
$company->setCreatedById($administrator->getId());
$company->setUpdatedById($administrator->getId());
$company->save();
$contact_pg = new ContactPermissionGroup();
$contact_pg->setContactId($administrator->getId());
$contact_pg->setPermissionGroupId($permission_group->getId());
$contact_pg->save();
// tab panel permissions
$panels = TabPanels::getEnabled();
foreach ($panels as $panel) {
$tpp = new TabPanelPermission();
$tpp->setPermissionGroupId($administrator->getPermissionGroupId());
$tpp->setTabPanelId($panel->getId());
$tpp->save();
}
// dimension permissions
$dimensions = Dimensions::findAll();
foreach ($dimensions as $dimension) {
if ($dimension->getDefinesPermissions()) {
$cdp = ContactDimensionPermissions::findOne(array("conditions" => "`permission_group_id` = " . $administrator->getPermissionGroupId() . " AND `dimension_id` = " . $dimension->getId()));
if (!$cdp instanceof ContactDimensionPermission) {
$cdp = new ContactDimensionPermission();
$cdp->setPermissionGroupId($administrator->getPermissionGroupId());
$cdp->setContactDimensionId($dimension->getId());
}
$cdp->setPermissionType('allow all');
$cdp->save();
// contact member permisssion entries
$members = $dimension->getAllMembers();
foreach ($members as $member) {
$ots = DimensionObjectTypeContents::getContentObjectTypeIds($dimension->getId(), $member->getObjectTypeId());
$ots[] = $member->getObjectId();
foreach ($ots as $ot) {
$cmp = ContactMemberPermissions::findOne();
if (!$cmp instanceof ContactMemberPermission) {
$cmp = new ContactMemberPermission(array("conditions" => "`permission_group_id` = " . $administrator->getPermissionGroupId() . " AND `member_id` = " . $member->getId() . " AND `object_type_id` = {$ot}"));
$cmp->setPermissionGroupId($administrator->getPermissionGroupId());
$cmp->setMemberId($member->getId());
$cmp->setObjectTypeId($ot);
}
$cmp->setCanWrite(1);
$cmp->setCanDelete(1);
$cmp->save();
}
}
}
}
// system permissions
$sp = new SystemPermission();
$sp->setPermissionGroupId($administrator->getPermissionGroupId());
$sp->setAllPermissions(true);
$sp->save();
// root permissions
DB::executeAll("\r\n\t\t\t\tINSERT INTO " . TABLE_PREFIX . "contact_member_permissions (permission_group_id, member_id, object_type_id, can_delete, can_write)\r\n\t\t\t\t SELECT " . $administrator->getPermissionGroupId() . ", 0, rtp.object_type_id, rtp.can_delete, rtp.can_write FROM " . TABLE_PREFIX . "role_object_type_permissions rtp \r\n\t\t\t\t WHERE rtp.object_type_id NOT IN (SELECT id FROM " . TABLE_PREFIX . "object_types WHERE name IN ('mail','template','file_revision')) AND rtp.role_id in (\r\n\t\t\t\t SELECT pg.id FROM " . TABLE_PREFIX . "permission_groups pg WHERE pg.type='roles' AND pg.name IN ('Super Administrator','Administrator','Manager','Executive')\r\n\t\t\t\t )\r\n\t\t\t\tON DUPLICATE KEY UPDATE member_id=0;");
Hook::fire('after_user_add', $administrator, $null);
DB::commit();
$this->redirectTo('access', 'login');
} catch (Exception $e) {
tpl_assign('error', $e);
DB::rollback();
}
// try
}
// if
}
/**
* Check if this user can update this users permissions
*
* @param Contact $user
* @return boolean
*/
function canUpdatePermissions(Contact $user)
{
if (!$this->isUser()) {
return false;
}
$actual_user_type = array_var(self::$pg_cache, $user->getUserType());
if (!$actual_user_type) {
$actual_user_type = PermissionGroups::instance()->findOne(array("conditions" => "id = " . $user->getUserType()));
}
$this_user_type = array_var(self::$pg_cache, $this->getUserType());
if (!$this_user_type) {
$this_user_type = PermissionGroups::instance()->findOne(array("conditions" => "id = " . $this->getUserType()));
}
$can_change_type = $actual_user_type->getId() < $this_user_type->getId() || $user->isAdminGroup() && $this->getId() == $user->getId() || $user->isAdministrator();
return can_manage_security($user) && $can_change_type;
}
function create_user($user_data, $permissionsString, $rp_permissions_data = array(), $save_permissions = true)
{
// try to find contact by some properties
$contact_id = array_var($user_data, "contact_id");
$contact = Contacts::instance()->findById($contact_id);
if (!is_valid_email(array_var($user_data, 'email'))) {
throw new Exception(lang("email value is required"));
}
if (!$contact instanceof Contact) {
// Create a new user
$contact = new Contact();
$contact->setUsername(array_var($user_data, 'username'));
$contact->setDisplayName(array_var($user_data, 'display_name'));
$contact->setCompanyId(array_var($user_data, 'company_id'));
$contact->setUserType(array_var($user_data, 'type'));
$contact->setTimezone(array_var($user_data, 'timezone'));
$contact->setFirstname($contact->getObjectName() != "" ? $contact->getObjectName() : $contact->getUsername());
$contact->setObjectName();
$user_from_contact = false;
} else {
// Create user from contact
$contact->setUserType(array_var($user_data, 'type'));
if (array_var($user_data, 'company_id')) {
$contact->setCompanyId(array_var($user_data, 'company_id'));
}
$contact->setUsername(array_var($user_data, 'username'));
$contact->setTimezone(array_var($user_data, 'timezone'));
$user_from_contact = true;
}
$contact->save();
if (is_valid_email(array_var($user_data, 'email'))) {
$user = Contacts::getByEmail(array_var($user_data, 'email'));
if (!$user) {
$contact->addEmail(array_var($user_data, 'email'), 'personal', true);
}
}
//permissions
$additional_name = "";
$tmp_pg = PermissionGroups::findOne(array('conditions' => "`name`='User " . $contact->getId() . " Personal'"));
if ($tmp_pg instanceof PermissionGroup) {
$additional_name = "_" . gen_id();
}
$permission_group = new PermissionGroup();
$permission_group->setName('User ' . $contact->getId() . $additional_name . ' Personal');
$permission_group->setContactId($contact->getId());
$permission_group->setIsContext(false);
$permission_group->setType("permission_groups");
$permission_group->save();
$contact->setPermissionGroupId($permission_group->getId());
$null = null;
Hook::fire('on_create_user_perm_group', $permission_group, $null);
$contact_pg = new ContactPermissionGroup();
$contact_pg->setContactId($contact->getId());
$contact_pg->setPermissionGroupId($permission_group->getId());
$contact_pg->save();
if (can_manage_security(logged_user())) {
$sp = new SystemPermission();
if (!$user_from_contact) {
$rol_permissions = SystemPermissions::getRolePermissions(array_var($user_data, 'type'));
if (is_array($rol_permissions)) {
foreach ($rol_permissions as $pr) {
$sp->setPermission($pr);
}
}
}
$sp->setPermissionGroupId($permission_group->getId());
if (isset($user_data['can_manage_security'])) {
$sp->setCanManageSecurity(array_var($user_data, 'can_manage_security'));
}
if (isset($user_data['can_manage_configuration'])) {
$sp->setCanManageConfiguration(array_var($user_data, 'can_manage_configuration'));
}
if (isset($user_data['can_manage_templates'])) {
$sp->setCanManageTemplates(array_var($user_data, 'can_manage_templates'));
}
if (isset($user_data['can_manage_time'])) {
$sp->setCanManageTime(array_var($user_data, 'can_manage_time'));
}
if (isset($user_data['can_add_mail_accounts'])) {
$sp->setCanAddMailAccounts(array_var($user_data, 'can_add_mail_accounts'));
}
if (isset($user_data['can_manage_dimensions'])) {
$sp->setCanManageDimensions(array_var($user_data, 'can_manage_dimensions'));
}
if (isset($user_data['can_manage_dimension_members'])) {
$sp->setCanManageDimensionMembers(array_var($user_data, 'can_manage_dimension_members'));
}
if (isset($user_data['can_manage_tasks'])) {
$sp->setCanManageTasks(array_var($user_data, 'can_manage_tasks'));
}
if (isset($user_data['can_task_assignee'])) {
$sp->setCanTasksAssignee(array_var($user_data, 'can_task_assignee'));
}
if (isset($user_data['can_manage_billing'])) {
$sp->setCanManageBilling(array_var($user_data, 'can_manage_billing'));
}
if (isset($user_data['can_view_billing'])) {
$sp->setCanViewBilling(array_var($user_data, 'can_view_billing'));
}
if (isset($user_data['can_see_assigned_to_other_tasks'])) {
$sp->setColumnValue('can_see_assigned_to_other_tasks', array_var($user_data, 'can_see_assigned_to_other_tasks'));
}
Hook::fire('add_user_permissions', $sp, $other_permissions);
if (!is_null($other_permissions) && is_array($other_permissions)) {
foreach ($other_permissions as $k => $v) {
$sp->setColumnValue($k, array_var($user_data, $k));
}
}
$sp->save();
$permissions_sent = array_var($_POST, 'manual_permissions_setted') == 1;
// give permissions for user if user type defined in "give_member_permissions_to_new_users" config option
$allowed_user_type_ids = config_option('give_member_permissions_to_new_users');
if ($contact->isAdministrator() || !$permissions_sent && in_array($contact->getUserType(), $allowed_user_type_ids)) {
ini_set('memory_limit', '512M');
$permissions = array();
$default_permissions = RoleObjectTypePermissions::instance()->findAll(array('conditions' => 'role_id = ' . $contact->getUserType()));
$dimensions = Dimensions::findAll();
foreach ($dimensions as $dimension) {
if ($dimension->getDefinesPermissions()) {
$cdp = ContactDimensionPermissions::findOne(array("conditions" => "`permission_group_id` = " . $contact->getPermissionGroupId() . " AND `dimension_id` = " . $dimension->getId()));
if (!$cdp instanceof ContactDimensionPermission) {
$cdp = new ContactDimensionPermission();
$cdp->setPermissionGroupId($contact->getPermissionGroupId());
$cdp->setContactDimensionId($dimension->getId());
}
$cdp->setPermissionType('check');
$cdp->save();
// contact member permisssion entries
$members = DB::executeAll('SELECT * FROM ' . TABLE_PREFIX . 'members WHERE dimension_id=' . $dimension->getId());
foreach ($members as $member) {
foreach ($default_permissions as $p) {
// Add persmissions to sharing table
$perm = new stdClass();
$perm->m = $member['id'];
$perm->r = 1;
$perm->w = $p->getCanWrite();
$perm->d = $p->getCanDelete();
$perm->o = $p->getObjectTypeId();
$permissions[] = $perm;
}
}
}
}
$_POST['permissions'] = json_encode($permissions);
} else {
if ($permissions_sent) {
$_POST['permissions'] = $permissionsString;
} else {
$_POST['permissions'] = "";
}
}
if (config_option('let_users_create_objects_in_root') && ($contact->isAdminGroup() || $contact->isExecutive() || $contact->isManager())) {
if ($permissions_sent) {
foreach ($rp_permissions_data as $name => $value) {
$ot_id = substr($name, strrpos($name, '_') + 1);
$cmp = new ContactMemberPermission();
$cmp->setPermissionGroupId($permission_group->getId());
$cmp->setMemberId(0);
$cmp->setObjectTypeId($ot_id);
$cmp->setCanDelete($value >= 3);
$cmp->setCanWrite($value >= 2);
$cmp->save();
}
} else {
$default_permissions = RoleObjectTypePermissions::instance()->findAll(array('conditions' => 'role_id = ' . $contact->getUserType()));
foreach ($default_permissions as $p) {
$cmp = new ContactMemberPermission();
$cmp->setPermissionGroupId($permission_group->getId());
$cmp->setMemberId(0);
$cmp->setObjectTypeId($p->getObjectTypeId());
$cmp->setCanDelete($p->getCanDelete());
$cmp->setCanWrite($p->getCanWrite());
$cmp->save();
}
}
}
}
if (!isset($_POST['sys_perm']) && !$user_from_contact) {
$rol_permissions = SystemPermissions::getRolePermissions(array_var($user_data, 'type'));
$_POST['sys_perm'] = array();
if (is_array($rol_permissions)) {
foreach ($rol_permissions as $pr) {
$_POST['sys_perm'][$pr] = 1;
}
}
}
if (!isset($_POST['mod_perm']) && !$user_from_contact) {
$tabs_permissions = TabPanelPermissions::getRoleModules(array_var($user_data, 'type'));
$_POST['mod_perm'] = array();
foreach ($tabs_permissions as $pr) {
$_POST['mod_perm'][$pr] = 1;
}
}
$password = '';
if (array_var($user_data, 'password_generator') == 'specify') {
$perform_password_validation = true;
// Validate input
$password = array_var($user_data, 'password');
if (trim($password) == '') {
throw new Error(lang('password value required'));
}
// if
if ($password != array_var($user_data, 'password_a')) {
throw new Error(lang('passwords dont match'));
}
// if
} else {
$user_data['password_generator'] = 'link';
$perform_password_validation = false;
}
$contact->setPassword($password);
$contact->save();
$user_password = new ContactPassword();
$user_password->setContactId($contact->getId());
$user_password->setPasswordDate(DateTimeValueLib::now());
$user_password->setPassword(cp_encrypt($password, $user_password->getPasswordDate()->getTimestamp()));
$user_password->password_temp = $password;
$user_password->perform_validation = $perform_password_validation;
$user_password->save();
if (array_var($user_data, 'autodetect_time_zone', 1) == 1) {
set_user_config_option('autodetect_time_zone', 1, $contact->getId());
}
/* create contact for this user*/
ApplicationLogs::createLog($contact, ApplicationLogs::ACTION_ADD);
// Set role permissions for active members
$active_context = active_context();
$sel_members = array();
if (is_array($active_context) && !$permissions_sent) {
$tmp_perms = array();
if ($_POST['permissions'] != "") {
$tmp_perms = json_decode($_POST['permissions']);
}
foreach ($active_context as $selection) {
if ($selection instanceof Member) {
$sel_members[] = $selection;
$has_project_permissions = ContactMemberPermissions::instance()->count("permission_group_id = '" . $contact->getPermissionGroupId() . "' AND member_id = " . $selection->getId()) > 0;
if (!$has_project_permissions) {
$new_cmps = RoleObjectTypePermissions::createDefaultUserPermissions($contact, $selection);
foreach ($new_cmps as $new_cmp) {
$perm = new stdClass();
$perm->m = $new_cmp->getMemberId();
$perm->r = 1;
$perm->w = $new_cmp->getCanWrite();
$perm->d = $new_cmp->getCanDelete();
$perm->o = $new_cmp->getObjectTypeId();
$tmp_perms[] = $perm;
}
}
}
}
if (count($tmp_perms) > 0) {
$_POST['permissions'] = json_encode($tmp_perms);
}
}
if ($save_permissions) {
//save_permissions($contact->getPermissionGroupId(), $contact->isGuest());
save_user_permissions_background(logged_user(), $contact->getPermissionGroupId(), $contact->isGuest());
}
Hook::fire('after_user_add', $contact, $null);
// add user content object to associated members
if (count($sel_members) > 0) {
ObjectMembers::addObjectToMembers($contact->getId(), $sel_members);
$contact->addToSharingTable();
}
return $contact;
}
/**
* Returns a control to select multiple users or groups
*
*/
function select_users_or_groups($name = "", $selected = null, $id = null) {
require_javascript('og/UserGroupPicker.js');
if (!isset($id)) $id = gen_id();
$selectedCSV = "";
$json = array();
$company_users = Contacts::getGroupedByCompany(false);
foreach ($company_users as $company_row){
$company = $company_row['details'];
$users = $company_row['users'];
$comp_id = $company instanceof Contact ? $company->getId() : "0";
$comp_name = $company instanceof Contact ? $company->getObjectName() : lang('without company');
if (count($users) > 0) {
$json[] = array(
'p' => 'users',
't' => 'company',
'id' => 'c' . $comp_id,
'n' => $comp_name,
);
foreach ($users as $u) {
$json[] = array(
'p' => 'c' . $comp_id,
't' => 'user',
'g' => $u->isGuest() ? 1 : 0,
'id' => $u->getPermissionGroupId(),
'n' => $u->getObjectName(),
'isg' => $u->isGuest()
);
}
}
}
$groups = PermissionGroups::getNonRolePermissionGroups();
foreach ($groups as $group) {
$json[] = array(
'p' => 'groups',
't' => 'group',
'id' => $group->getId(),
'n' => $group->getName(),
);
}
$jsonUsers = json_encode($json);
$output = "<div id=\"$id-user-picker\" style=\"box-shadow:2px 4px 5px 1px #CCCCCC; border-top:1px solid #ccc;\"></div>
<input id=\"$id-field\" type=\"hidden\" value=\"$selectedCSV\" name=\"$name\"></input>
<script>
var userPicker = new og.UserPicker({
renderTo: '$id-user-picker',
field: '$id-field',
id: '$id',
users: $jsonUsers,
height: 320,
width: 240
});
</script>
";
return $output;
} // select_users_or_groups
groups" style="display:none;">
<div id="<?php
echo $genid;
?>
user_groups_container"></div>
<?php
$user_group_ids = array();
$ugroups_data = array();
if (!$contact->isNew()) {
$tmp_user_group_ids = $contact->getPermissionGroupIds();
foreach ($tmp_user_group_ids as $ugid) {
if ($ugid != $contact->getPermissionGroupId()) {
$user_group_ids[] = $ugid;
}
}
$ugroups_data = PermissionGroups::instance()->getUserGroupsInfo(" AND id IN (" . implode(',', $user_group_ids) . ")", null, false);
}
echo "<script>";
foreach ($ugroups_data as $ugdata) {
echo "og.addUserGroupToUser('{$genid}', '" . $genid . "user_groups_container', '" . json_encode($ugdata) . "');";
}
echo "</script>";
?>
<input type="hidden" id="<?php
echo $genid;
?>
_user_groups" name="user_groups" value=""/>
<div class="clear"></div>
<div class="user-groups-selector">
<?php
echo lang('select group to add user');
static function addObjToSharingTable($oid, $tid, $obj_mem_ids)
{
$gids = array();
$table_prefix = defined('FORCED_TABLE_PREFIX') && FORCED_TABLE_PREFIX ? FORCED_TABLE_PREFIX : TABLE_PREFIX;
//1. clear sharing table for this object
SharingTables::delete("object_id={$oid}");
//2. get dimensions of this object's members that defines permissions
$res = DB::execute("SELECT d.id as did FROM " . $table_prefix . "dimensions d INNER JOIN " . $table_prefix . "members m on m.dimension_id=d.id\r\n\t\t\t\tWHERE m.id IN ( SELECT member_id FROM " . $table_prefix . "object_members WHERE object_id = {$oid} AND is_optimization = 0 ) AND d.defines_permissions = 1");
$dids_tmp = array();
while ($row = $res->fetchRow()) {
$dids_tmp[$row['did']] = $row['did'];
}
$res->free();
$dids = array_values($dids_tmp);
$dids_tmp = null;
$sql_from = "" . $table_prefix . "contact_member_permissions cmp\r\n\t\tLEFT JOIN " . $table_prefix . "members m ON m.id = cmp.member_id\r\n\t\tLEFT JOIN " . $table_prefix . "dimensions d ON d.id = m.dimension_id";
$member_where_conditions = "";
$dim_where_conditions = "";
// if users can add objects without classifying then check for permissions with member_id=0
if (config_option('let_users_create_objects_in_root')) {
$member_where_conditions = "member_id=0 OR ";
$dim_where_conditions = " OR d.id IS NULL";
}
$sql_where = "({$member_where_conditions} member_id IN ( SELECT member_id FROM " . $table_prefix . "object_members WHERE object_id = {$oid} AND is_optimization = 0)) AND cmp.object_type_id = {$tid}";
//3. If there are dimensions that defines permissions containing any of the object members
if (count($dids)) {
// 3.1 get permission groups with permissions over the object.
$sql_fields = "permission_group_id AS group_id";
$sql = "\r\n\t\t\t\tSELECT\r\n\t\t\t\t{$sql_fields}\r\n\t\t\t\tFROM\r\n\t\t\t\t{$sql_from}\r\n\t\t\t\tWHERE\r\n\t\t\t\t{$sql_where} AND (d.id IN (" . implode(',', $dids) . ") {$dim_where_conditions})\r\n\t\t\t";
$res = DB::execute($sql);
$gids_tmp = array();
while ($row = $res->fetchRow()) {
$gids_tmp[$row['group_id']] = $row['group_id'];
}
$res->free();
// allow all permission groups
$allow_all_rows = DB::executeAll("SELECT DISTINCT permission_group_id FROM " . $table_prefix . "contact_dimension_permissions cdp\r\n\t\t\t\t\tINNER JOIN " . $table_prefix . "members m on m.dimension_id=cdp.dimension_id\r\n\t\t\t\t\tWHERE cdp.permission_type='allow all' AND cdp.dimension_id IN (" . implode(',', $dids) . ");");
if (is_array($allow_all_rows)) {
foreach ($allow_all_rows as $row) {
$gids_tmp[$row['permission_group_id']] = $row['permission_group_id'];
}
}
$gids = array_values($gids_tmp);
$gids_tmp = null;
// check for mandatory dimensions
$enabled_dimensions_sql = "";
$enabled_dimensions_ids = implode(',', config_option('enabled_dimensions'));
if ($enabled_dimensions_ids != "") {
$enabled_dimensions_sql = "AND id IN ({$enabled_dimensions_ids})";
}
$mandatory_dim_ids = Dimensions::findAll(array('id' => true, 'conditions' => "`defines_permissions`=1 {$enabled_dimensions_sql} AND `permission_query_method`='" . DIMENSION_PERMISSION_QUERY_METHOD_MANDATORY . "'"));
if (count($gids) > 0 && count($mandatory_dim_ids) > 0) {
$sql = "SELECT om.member_id, m.dimension_id FROM " . $table_prefix . "object_members om\r\n\t\t\t\t\tINNER JOIN " . $table_prefix . "members m ON m.id=om.member_id INNER JOIN " . $table_prefix . "dimensions d ON d.id=m.dimension_id\r\n\t\t\t\t\tWHERE om.object_id = {$oid} AND om.is_optimization = 0 AND d.id IN (" . implode(",", $mandatory_dim_ids) . ")";
// Object members in mandatory dimensions
$object_member_ids_res = DB::executeAll($sql);
$mandatory_dim_members = array();
if (!is_null($object_member_ids_res)) {
foreach ($object_member_ids_res as $row) {
if (!isset($mandatory_dim_members[$row['dimension_id']])) {
$mandatory_dim_members[$row['dimension_id']] = array();
}
$mandatory_dim_members[$row['dimension_id']][] = $row['member_id'];
}
$mandatory_dim_allowed_pgs = array();
// Check foreach group that it has permissions over at least one member of each mandatory dimension
foreach ($mandatory_dim_members as $mdim_id => $mmember_ids) {
$sql = "SELECT pg.id FROM " . $table_prefix . "permission_groups pg\r\n\t\t\t\t\t\t\tINNER JOIN " . $table_prefix . "contact_dimension_permissions cdp ON cdp.permission_group_id=pg.id\r\n\t\t\t\t\t\t\tINNER JOIN " . $table_prefix . "contact_member_permissions cmp ON cmp.permission_group_id=pg.id\r\n\t\t\t\t\t\t\tWHERE cdp.dimension_id = '{$mdim_id}' AND (\r\n\t\t\t\t\t\t\tcdp.permission_type='allow all' OR cdp.permission_type='check' AND cmp.permission_group_id IN (" . implode(',', $gids) . ")\r\n\t\t\t\t\t\t\tAND cmp.member_id IN (" . implode(',', $mmember_ids) . ")\r\n\t\t\t\t\t\t)";
$permission_groups_res = DB::executeAll($sql);
$mandatory_dim_allowed_pgs[$mdim_id] = array();
if (!is_null($permission_groups_res)) {
foreach ($permission_groups_res as $row) {
if (!in_array($row['id'], $mandatory_dim_allowed_pgs[$mdim_id])) {
$mandatory_dim_allowed_pgs[$mdim_id][] = $row['id'];
}
}
}
}
if (isset($mandatory_dim_allowed_pgs) && count($mandatory_dim_allowed_pgs) > 0) {
$original_mandatory_dim_allowed_pgs = $mandatory_dim_allowed_pgs;
$allowed_gids = array_pop($mandatory_dim_allowed_pgs);
foreach ($mandatory_dim_allowed_pgs as $pg_array) {
$allowed_gids = array_intersect($allowed_gids, $pg_array);
}
// If an user has permissions in one dim using a group and in other dim using his personal permissions then add to sharing table its personal permission group
$pg_ids = array_unique(array_flat($original_mandatory_dim_allowed_pgs));
if (count($pg_ids) == 0) {
$pg_ids[0] = 0;
}
$contact_pgs = array();
$contact_pg_rows = DB::executeAll("SELECT * FROM " . TABLE_PREFIX . "contact_permission_groups WHERE permission_group_id IN (" . implode(',', $pg_ids) . ") ORDER BY permission_group_id");
if (is_array($contact_pg_rows)) {
foreach ($contact_pg_rows as $cpgr) {
if (!isset($contact_pgs[$cpgr['contact_id']])) {
$contact_pgs[$cpgr['contact_id']] = array();
}
$contact_pgs[$cpgr['contact_id']][] = $cpgr['permission_group_id'];
}
}
// each user must have at least one pg for every dimension
foreach ($contact_pgs as $contact_id => $permission_groups) {
$has_one = array_flip(array_keys($original_mandatory_dim_allowed_pgs));
foreach ($has_one as $k => &$v) {
$v = false;
}
foreach ($permission_groups as $pg_id) {
foreach ($original_mandatory_dim_allowed_pgs as $dim_id => $allowedpgs) {
if (in_array($pg_id, $allowedpgs)) {
$has_one[$dim_id] = true;
break;
}
}
}
// all dims must be true in this array to allow permissions
$has_permission = !in_array(false, $has_one);
if ($has_permission) {
$contact_row = DB::executeOne("SELECT permission_group_id FROM " . TABLE_PREFIX . "contacts where object_id = {$contact_id}");
if (is_array($contact_row) && $contact_row['permission_group_id'] > 0) {
$allowed_gids[] = $contact_row['permission_group_id'];
}
}
}
$gids = array_unique($allowed_gids, SORT_NUMERIC);
} else {
$gids = array();
}
}
}
} else {
if ($obj_mem_ids) {
// 3.2 No memeber dimensions defines permissions.
// No esta en ninguna dimension que defina permisos, El objecto esta en algun lado
// => En todas las dimensiones en la que está no definen permisos => Busco todos los grupos
$gids = PermissionGroups::instance()->findAll(array('id' => true, 'conditions' => "type != 'roles'"));
} else {
// if this object is an email and it is unclassified => add to sharing table the permission groups of the users that have permissions in the email's account
if (Plugins::instance()->isActivePlugin('mail')) {
$mail_ot = ObjectTypes::instance()->findByName('mail');
if ($mail_ot instanceof ObjectType && $tid == $mail_ot->getId()) {
$gids = array_flat(DB::executeAll("\r\n\t\t\t\t\t\t\tSELECT cpg.permission_group_id\r\n\t\t\t\t\t\t\tFROM " . TABLE_PREFIX . "contact_permission_groups cpg\r\n\t\t\t\t\t\t\tINNER JOIN " . TABLE_PREFIX . "contacts c ON c.permission_group_id=cpg.permission_group_id\r\n\t\t\t\t\t\t\tWHERE cpg.contact_id IN (\r\n\t\t\t\t\t\t\t SELECT mac.contact_id FROM " . TABLE_PREFIX . "mail_account_contacts mac WHERE mac.account_id = (SELECT mc.account_id FROM " . TABLE_PREFIX . "mail_contents mc WHERE mc.object_id={$oid})\r\n\t\t\t\t\t\t\t);\r\n\t\t\t\t\t\t"));
}
}
}
}
if (count($gids)) {
$stManager = SharingTables::instance();
$stManager->populateGroups($gids, $oid);
$gids = null;
}
}
/**
* Show update permissions page
*
* @param void
* @return null
*/
function update_permissions()
{
$user = Contacts::findById(get_id());
if (!($user instanceof Contact && $user->isUser()) || $user->getDisabled()) {
flash_error(lang('user dnx'));
ajx_current("empty");
return;
}
// if
if (!$user->canUpdatePermissions(logged_user())) {
flash_error(lang('no access permissions'));
ajx_current("empty");
return;
}
// if
$redirect_to = array_var($_GET, 'redirect_to');
if (trim($redirect_to) == '' || !is_valid_url($redirect_to)) {
$redirect_to = $user->getCardUserUrl();
}
// if
$sys_permissions_data = array_var($_POST, 'sys_perm');
if (!is_array($sys_permissions_data)) {
$pg_id = $user->getPermissionGroupId();
$parameters = permission_form_parameters($pg_id);
// Module Permissions
$module_permissions = TabPanelPermissions::findAll(array("conditions" => "`permission_group_id` = {$pg_id}"));
$module_permissions_info = array();
foreach ($module_permissions as $mp) {
$module_permissions_info[$mp->getTabPanelId()] = 1;
}
$all_modules = TabPanels::findAll(array("conditions" => "`enabled` = 1", "order" => "ordering"));
$all_modules_info = array();
foreach ($all_modules as $module) {
$all_modules_info[] = array('id' => $module->getId(), 'name' => lang($module->getTitle()), 'ot' => $module->getObjectTypeId());
}
// System Permissions
$system_permissions = SystemPermissions::findById($pg_id);
tpl_assign('module_permissions_info', $module_permissions_info);
tpl_assign('all_modules_info', $all_modules_info);
tpl_assign('system_permissions', $system_permissions);
tpl_assign('permission_parameters', $parameters);
$more_permissions = array();
Hook::fire('add_user_permissions', $pg_id, $more_permissions);
tpl_assign('more_permissions', $more_permissions);
// Permission Groups
$groups = PermissionGroups::getNonPersonalSameLevelPermissionsGroups('`parent_id`,`id` ASC');
tpl_assign('groups', $groups);
$roles = SystemPermissions::getAllRolesPermissions();
tpl_assign('roles', $roles);
$tabs = TabPanelPermissions::getAllRolesModules();
tpl_assign('tabs_allowed', $tabs);
tpl_assign('guest_groups', PermissionGroups::instance()->getGuestPermissionGroups());
}
tpl_assign('user', $user);
tpl_assign('redirect_to', $redirect_to);
if (array_var($_POST, 'submitted') == 'submitted') {
$user_data = array_var($_POST, 'user');
if (!is_array($user_data)) {
$user_data = array();
}
try {
DB::beginWork();
$pg_id = $user->getPermissionGroupId();
$user->setUserType(array_var($user_data, 'type'));
$user->save();
save_permissions($pg_id, $user->isGuest());
DB::commit();
flash_success(lang('success user permissions updated'));
ajx_current("back");
} catch (Exception $e) {
DB::rollback();
flash_error($e->getMessage());
ajx_current("empty");
}
}
// if
}
function core_dimensions_update_9_10()
{
$template_ot = ObjectTypes::findByName('template');
$users = Contacts::getAllUsers();
foreach ($users as $user) {
/* @var $user Contact */
if (!$user->isAdminGroup()) {
continue;
}
// don't allow to write emails for collaborators and guests
$user_type_name = $user->getUserTypeName();
if ($template_ot instanceof ObjectType) {
DB::executeAll("UPDATE " . TABLE_PREFIX . "contact_member_permissions SET can_write=1, can_delete=1 WHERE object_type_id=" . $template_ot->getId() . " AND permission_group_id=" . $user->getPermissionGroupId());
}
}
$pgs = PermissionGroups::findAll(array("conditions" => "`name` in ('Super Administrator','Administrator')"));
foreach ($pgs as $pg) {
DB::executeAll("UPDATE " . TABLE_PREFIX . "role_object_type_permissions SET can_write=1, can_delete=1 WHERE object_type_id=" . $template_ot->getId() . " AND role_id=" . $user->getPermissionGroupId());
}
}
/**
* Finish the installation - create owner company and administrator
*
* @param void
* @return null
*/
function complete_installation() {
if(Contacts::getOwnerCompany() instanceof Contact) {
die('Owner company already exists'); // Somebody is trying to access this method even if the user already exists
} // if
$form_data = array_var($_POST, 'form');
tpl_assign('form_data', $form_data);
if(array_var($form_data, 'submited') == 'submited') {
try {
$admin_password = trim(array_var($form_data, 'admin_password'));
$admin_password_a = trim(array_var($form_data, 'admin_password_a'));
if(trim($admin_password) == '') {
throw new Error(lang('password value required'));
} // if
if($admin_password <> $admin_password_a) {
throw new Error(lang('passwords dont match'));
} // if
DB::beginWork();
Contacts::delete(); // clear users table
// Create a company
$company = new Contact();
$company->setFirstName(array_var($form_data, 'company_name'));
$company->setObjectName();
$company->setIsCompany(true);
$company->save();
// Init default colors
set_config_option('brand_colors_head_back', "000000");
set_config_option('brand_colors_tabs_back', "14780e");
set_config_option('brand_colors_head_font', "ffffff");
set_config_option('brand_colors_tabs_font', "ffffff");
// Create the administrator user
$administrator = new Contact();
$pergroup = PermissionGroups::findOne(array('conditions'=>"`name`='Super Administrator'"));
$administrator->setUserType($pergroup->getId());
$administrator->setCompanyId($company->getId());
$administrator->setUsername(array_var($form_data, 'admin_username'));
$administrator->setPassword($admin_password);
$administrator->setFirstname(array_var($form_data, 'admin_username'));
$administrator->setObjectName();
$administrator->save();
$user_password = new ContactPassword();
$user_password->setContactId($administrator->getId());
$user_password->password_temp = $admin_password;
$user_password->setPasswordDate(DateTimeValueLib::now());
$user_password->setPassword(cp_encrypt($admin_password, $user_password->getPasswordDate()->getTimestamp()));
$user_password->save();
//Add email after save because is needed.
$administrator->addEmail(array_var($form_data, 'admin_email'), 'personal', true);
//permissions
$permission_group = new PermissionGroup();
$permission_group->setName('Account Owner');
$permission_group->setContactId($administrator->getId());
$permission_group->setIsContext(false);
$permission_group->setType("permission_groups");
$permission_group->save();
$administrator->setPermissionGroupId($permission_group->getId());
$administrator->save();
$company->setCreatedById($administrator->getId());
$company->setUpdatedById($administrator->getId());
$company->save();
$contact_pg = new ContactPermissionGroup();
$contact_pg->setContactId($administrator->getId());
$contact_pg->setPermissionGroupId($permission_group->getId());
$contact_pg->save();
// tab panel permissions
$panels = TabPanels::getEnabled();
foreach ($panels as $panel) {
$tpp = new TabPanelPermission();
$tpp->setPermissionGroupId($administrator->getPermissionGroupId());
$tpp->setTabPanelId($panel->getId());
$tpp->save();
}
// dimension permissions
$dimensions = Dimensions::findAll();
foreach ($dimensions as $dimension) {
if ($dimension->getDefinesPermissions()) {
$cdp = ContactDimensionPermissions::findOne(array("conditions" => "`permission_group_id` = ".$administrator->getPermissionGroupId()." AND `dimension_id` = ".$dimension->getId()));
if (!$cdp instanceof ContactDimensionPermission) {
$cdp = new ContactDimensionPermission();
$cdp->setPermissionGroupId($administrator->getPermissionGroupId());
$cdp->setContactDimensionId($dimension->getId());
}
$cdp->setPermissionType('allow all');
$cdp->save();
// contact member permisssion entries
$members = $dimension->getAllMembers();
foreach ($members as $member) {
$ots = DimensionObjectTypeContents::getContentObjectTypeIds($dimension->getId(), $member->getObjectTypeId());
$ots[]=$member->getObjectId();
foreach ($ots as $ot) {
$cmp = ContactMemberPermissions::findOne();
if (!$cmp instanceof ContactMemberPermission) {
$cmp = new ContactMemberPermission(array("conditions" => "`permission_group_id` = ".$administrator->getPermissionGroupId()." AND `member_id` = ".$member->getId()." AND `object_type_id` = $ot"));
$cmp->setPermissionGroupId($administrator->getPermissionGroupId());
$cmp->setMemberId($member->getId());
$cmp->setObjectTypeId($ot);
}
$cmp->setCanWrite(1);
$cmp->setCanDelete(1);
$cmp->save();
}
}
}
}
// system permissions
$sp = new SystemPermission();
$sp->setPermissionGroupId($administrator->getPermissionGroupId());
$sp->setAllPermissions(true);
$sp->save();
Hook::fire('after_user_add', $administrator, $null);
DB::commit();
$this->redirectTo('access', 'login');
} catch(Exception $e) {
tpl_assign('error', $e);
DB::rollback();
} // try
} // if
} // complete_installation
/**
* Return manager instance
*
* @access protected
* @param void
* @return PermissionGroups
*/
function manager() {
if(!($this->manager instanceof PermissionGroups)) $this->manager = PermissionGroups::instance();
return $this->manager;
} // manager
if ($member instanceof Member) {
$with_perm_pg_ids = DB::executeAll("SELECT DISTINCT(cmp.permission_group_id) FROM " . TABLE_PREFIX . "contact_member_permissions cmp where cmp.member_id=" . $member->getId() . " {$pg_condition} AND object_type_id IN (" . implode(',', $allowed_object_types_json) . ")");
} else {
if (isset($parent_sel) && $parent_sel > 0) {
$with_perm_pg_ids = DB::executeAll("SELECT DISTINCT(cmp.permission_group_id) FROM " . TABLE_PREFIX . "contact_member_permissions cmp where cmp.member_id=" . $parent_sel . " {$pg_condition} AND object_type_id IN (" . implode(',', $allowed_object_types_json) . ")");
} else {
$with_perm_pg_ids = DB::executeAll("SELECT c.permission_group_id FROM " . TABLE_PREFIX . "contacts c where c.user_type IN (SELECT id FROM " . TABLE_PREFIX . "permission_groups WHERE type='roles' AND name IN ('Executive','Manager','Administrator','Super Administrator'));");
}
}
if (count($with_perm_pg_ids)) {
$with_perm_pg_ids = array_flat($with_perm_pg_ids);
} else {
$with_perm_pg_ids = array(0);
}
if (count($with_perm_pg_ids) > 0) {
$with_perm_pgs = PermissionGroups::instance()->FindAll(array('conditions' => 'id IN (' . implode(',', $with_perm_pg_ids) . ')'));
}
$users_with_perms = array();
$groups_with_perms = array();
foreach ($with_perm_pgs as $pg) {
if ($pg->getType() == 'user_groups') {
$groups_with_perms[] = $pg;
} else {
$c = Contacts::findById($pg->getContactId());
if ($c instanceof Contact && !$c->getDisabled() && ($c->getUserType() >= logged_user()->getUserType() || $c->getId() == logged_user()->getId())) {
// key is to order by role and name
$users_with_perms[str_pad($c->getUserType(), 2, '0', STR_PAD_LEFT) . "_" . $c->getObjectName()] = $c;
}
}
}
ksort($users_with_perms);
/**
*
* @author Ignacio Vazquez - elpepe.uy@gmail.com
*/
function addToSharingTable()
{
$oid = $this->getId();
$tid = $this->getObjectTypeId();
$gids = array();
$table_prefix = defined('FORCED_TABLE_PREFIX') && FORCED_TABLE_PREFIX ? FORCED_TABLE_PREFIX : TABLE_PREFIX;
//1 clear sharing table for this object
SharingTables::delete("object_id={$oid}");
//2 get dimensions of this object's members that defines permissions
$res = DB::execute("SELECT d.id as did FROM " . $table_prefix . "dimensions d INNER JOIN " . $table_prefix . "members m on m.dimension_id=d.id\n\t\t\tWHERE m.id IN ( SELECT member_id FROM " . $table_prefix . "object_members WHERE object_id = {$oid} AND is_optimization = 0 ) AND d.defines_permissions = 1");
$dids_tmp = array();
while ($row = $res->fetchRow()) {
$dids_tmp[$row['did']] = $row['did'];
}
$res->free();
$dids = array_values($dids_tmp);
$dids_tmp = null;
$sql_from = "" . $table_prefix . "contact_member_permissions cmp\n\t\t\tINNER JOIN " . $table_prefix . "members m ON m.id = cmp.member_id\n\t\t\tINNER JOIN " . $table_prefix . "dimensions d ON d.id = m.dimension_id";
$sql_where = "member_id IN ( SELECT member_id FROM " . $table_prefix . "object_members WHERE object_id = {$oid} AND is_optimization = 0) AND cmp.object_type_id = {$tid}";
//3 If there are dimensions that defines permissions containing any of the object members
if (count($dids)) {
// 3.1 get permission groups with permissions over the object.
$sql_fields = "permission_group_id AS group_id";
$sql = "\n\t\t\t\tSELECT \n\t\t\t\t {$sql_fields}\t\n\t\t\t\tFROM\n\t\t\t\t {$sql_from}\n\t\t\t\tWHERE\n\t\t\t\t {$sql_where} AND d.id IN (" . implode(',', $dids) . ")";
$res = DB::execute($sql);
$gids_tmp = array();
while ($row = $res->fetchRow()) {
$gids_tmp[$row['group_id']] = $row['group_id'];
}
$res->free();
// allow all permission groups
$allow_all_rows = DB::executeAll("SELECT DISTINCT permission_group_id FROM " . $table_prefix . "contact_dimension_permissions cdp \n\t\t\t\tINNER JOIN " . $table_prefix . "members m on m.dimension_id=cdp.dimension_id\n\t\t\t\tWHERE cdp.permission_type='allow all' AND cdp.dimension_id IN (" . implode(',', $dids) . ");");
if (is_array($allow_all_rows)) {
foreach ($allow_all_rows as $row) {
$gids_tmp[$row['permission_group_id']] = $row['permission_group_id'];
}
}
$gids = array_values($gids_tmp);
$gids_tmp = null;
} else {
if (count($this->getMemberIds()) > 0) {
// 3.2 No memeber dimensions defines permissions.
// No esta en ninguna dimension que defina permisos, El objecto esta en algun lado
// => En todas las dimensiones en la que está no definen permisos => Busco todos los grupos
$gids = PermissionGroups::instance()->findAll(array('id' => true));
}
}
if (count($gids)) {
$stManager = SharingTables::instance();
$stManager->populateGroups($gids, $oid);
$gids = null;
}
}
function permission_member_form_parameters($member = null)
{
if ($member) {
$dim = $member->getDimension();
} elseif (array_var($_REQUEST, 'dim_id')) {
$dim = Dimensions::getDimensionById(array_var($_REQUEST, 'dim_id'));
}
if (logged_user()->isMemberOfOwnerCompany()) {
$companies = Contacts::findAll(array("conditions" => "is_company = 1", 'order' => 'name'));
} else {
$companies = array(owner_company());
if (logged_user()->getCompany() instanceof Contact) {
$companies[] = logged_user()->getCompany();
}
}
$allowed_object_types = array();
$dim_obj_types = $dim->getAllowedObjectTypeContents();
foreach ($dim_obj_types as $dim_obj_type) {
// To draw a row for each object type of the dimension
if (!array_key_exists($dim_obj_type->getContentObjectTypeId(), $allowed_object_types) && (!$member || $dim_obj_type->getDimensionObjectTypeId() == $member->getObjectTypeId())) {
$allowed_object_types[$dim_obj_type->getContentObjectTypeId()] = ObjectTypes::findById($dim_obj_type->getContentObjectTypeId());
$allowed_object_types_json[] = $dim_obj_type->getContentObjectTypeId();
}
}
$permission_groups = array();
foreach ($companies as $company) {
$users = $company->getUsersByCompany();
foreach ($users as $u) {
$permission_groups[] = $u->getPermissionGroupId();
}
}
$no_company_users = Contacts::getAllUsers("AND `company_id` = 0", true);
foreach ($no_company_users as $noc_user) {
$permission_groups[] = $noc_user->getPermissionGroupId();
}
$non_personal_groups = PermissionGroups::getNonRolePermissionGroups();
foreach ($non_personal_groups as $group) {
$permission_groups[] = $group->getId();
}
foreach ($permission_groups as $pg_id) {
if ($dim->hasAllowAllForContact($pg_id)) {
$member_permissions[$pg_id] = array();
foreach ($dim_obj_types as $dim_obj_type) {
if ($member && $dim_obj_type->getDimensionObjectTypeId() == $member->getObjectTypeId()) {
$member_permissions[$pg_id][] = array('o' => $dim_obj_type->getContentObjectTypeId(), 'w' => 1, 'd' => 1, 'r' => 1);
} elseif (!$member) {
// WHEN CREATING a new member dont allow any user
$member_permissions[$pg_id][] = array('o' => $dim_obj_type->getContentObjectTypeId(), 'w' => 0, 'd' => 0, 'r' => 0);
}
}
} else {
if (!$dim->deniesAllForContact($pg_id)) {
$member_permissions[$pg_id] = array();
if ($member) {
$mpgs = ContactMemberPermissions::findAll(array("conditions" => array("`permission_group_id` = ? AND `member_id` = ?", $pg_id, $member->getId())));
if (is_array($mpgs)) {
foreach ($mpgs as $mpg) {
$member_permissions[$mpg->getPermissionGroupId()][] = array('o' => $mpg->getObjectTypeId(), 'w' => $mpg->getCanWrite() ? 1 : 0, 'd' => $mpg->getCanDelete() ? 1 : 0, 'r' => 1);
}
}
}
}
}
}
return array('member' => $member, 'allowed_object_types' => $allowed_object_types, 'allowed_object_types_json' => $allowed_object_types_json, 'permission_groups' => $permission_groups, 'member_permissions' => $member_permissions);
}
function search_permission_group()
{
$name = trim(array_var($_REQUEST, 'query', ''));
$start = array_var($_REQUEST, 'start', 0);
$orig_limit = array_var($_REQUEST, 'limit');
$limit = $orig_limit + 1;
$query_name = "";
if (strlen($name) > 0) {
$query_name = "AND (c.first_name LIKE '%{$name}%' OR c.surname LIKE '%{$name}%' OR pg.name LIKE '%{$name}%')";
}
// query for permission groups
$sql = "SELECT * FROM " . TABLE_PREFIX . "permission_groups pg LEFT JOIN " . TABLE_PREFIX . "contacts c ON pg.id=c.permission_group_id\r\n\t\t\tWHERE pg.type IN ('permission_groups', 'user_groups') AND (c.user_type IS NULL OR c.user_type >= " . logged_user()->getUserType() . ") {$query_name}\r\n\t\t\tORDER BY c.first_name, c.surname, pg.name\r\n\t\t\tLIMIT {$start}, {$limit}";
$rows = DB::executeAll($sql);
if (!is_array($rows)) {
$rows = array();
}
// show more
$show_more = false;
if (count($rows) > $orig_limit) {
array_pop($rows);
$show_more = true;
}
if ($show_more) {
ajx_extra_data(array('show_more' => $show_more));
}
$tmp_companies = array();
$tmp_roles = array();
$permission_groups = array();
foreach ($rows as $pg_data) {
// basic data
$data = array('pg_id' => $pg_data['id'], 'type' => $pg_data['type'] == 'permission_groups' ? 'user' : 'group', 'iconCls' => '', 'name' => is_null($pg_data['first_name']) && is_null($pg_data['surname']) ? $pg_data['name'] : trim($pg_data['first_name'] . ' ' . $pg_data['surname']));
// company name
$comp_id = array_var($pg_data, 'company_id');
if ($comp_id > 0) {
if (!isset($tmp_companies[$comp_id])) {
$tmp_companies[$comp_id] = Contacts::findById($comp_id);
}
$c = array_var($tmp_companies, $comp_id);
if ($c instanceof Contact) {
$data['company_name'] = trim($c->getObjectName());
}
}
// picture
if ($pg_data['type'] == 'permission_groups') {
$data['user_id'] = array_var($pg_data, 'object_id');
if (array_var($pg_data, 'picture_file') != '') {
$data['picture_url'] = get_url('files', 'get_public_file', array('id' => array_var($pg_data, 'picture_file')));
}
}
// user type
$user_type_id = array_var($pg_data, 'user_type');
if ($user_type_id > 0) {
if (!isset($tmp_roles[$user_type_id])) {
$tmp_roles[$user_type_id] = PermissionGroups::findById($user_type_id);
}
$rol = array_var($tmp_roles, $user_type_id);
if ($rol instanceof PermissionGroup) {
$data['role'] = trim($rol->getName());
if (in_array($rol->getName(), array('Guest', 'Guest Customer'))) {
$data['is_guest'] = '1';
}
}
}
$permission_groups[] = $data;
}
$row = "search-result-row-medium";
ajx_extra_data(array('row_class' => $row));
ajx_extra_data(array('permission_groups' => $permission_groups));
ajx_current("empty");
}
<?php
$permission_groups = array();
$groups = PermissionGroups::getNonPersonalSameLevelPermissionsGroups('id');
foreach ($groups as $group) {
$permission_groups[] = array($group->getId(), $group->getName());
}
$genid = gen_id();
$jqid = "#{$genid}";
?>
<script>
$(function(){
function passwordError(message) {
$("<?php
echo $jqid;
?>
.password input,<?php
echo $jqid;
?>
.repeat input").addClass("field-error").val("");
$("<?php
echo $jqid;
?>
.password input").addClass("field-error").focus().val('');
$("<?php
echo $jqid;
?>
.field-error-msg").remove();
$("<?php
function get_parent_permissions()
{
ajx_current("empty");
$dim_id = array_var($_REQUEST, 'dim_id');
$parent = array_var($_REQUEST, 'parent');
$permission_parameters = array();
$permission_parameters = get_default_member_permission($parent, $permission_parameters);
$pg_data = array();
$perms = array();
foreach ($permission_parameters['member_permissions'] as $pg_id => $p) {
if (is_array($p) && count($p) > 0) {
$perms[$pg_id] = $p;
// type picture_url name is_guest company_name role
$pg = PermissionGroups::findById($pg_id);
if ($pg->getType() == 'permission_groups') {
$c = Contacts::findById($pg->getContactId());
$name = $name = escape_character($c->getObjectName());
$picture_url = $c->getPictureUrl();
$company_name = $c->getCompany() instanceof Contact ? escape_character($c->getCompany()->getObjectName()) : "";
$type = 'contact';
$is_guest = $c->isGuest() ? "1" : "0";
$role = $c->getUserTypeName();
} else {
$name = escape_character($pg->getName());
$picture_url = "";
$company_name = "";
$type = 'group';
$is_guest = "0";
$role = "";
}
$pg_data[$pg_id] = array('pg_id' => $pg_id, 'type' => $type, 'picture_url' => $picture_url, 'name' => $name, 'is_guest' => $is_guest, 'company_name' => $company_name, 'role' => $role);
}
}
ajx_extra_data(array('perms' => $perms, 'pg_data' => $pg_data));
}
function permission_member_form_parameters($member = null, $dimension_id = null) {
if ( $member ) {
$dim = $member->getDimension();
}elseif (array_var( $_REQUEST,'dim_id')) {
$dim = Dimensions::getDimensionById(array_var( $_REQUEST,'dim_id'));
}elseif (!is_null($dimension_id)) {
$dim = Dimensions::getDimensionById($dimension_id);
}
if (!$dim instanceof Dimension) {
Logger::log("Invalid dimension: " . ($member instanceof Member ? " for member ".$member->getId() : "request: ".print_r($_REQUEST, 1)));
throw new Exception("Invalid dimension");
}
if (logged_user()->isMemberOfOwnerCompany()) {
$companies = Contacts::findAll(array("conditions" => "is_company = 1 AND object_id IN (SELECT company_id FROM ".TABLE_PREFIX."contacts WHERE user_type>0 AND disabled=0)", 'order' => 'first_name'));
} else {
$companies = array(owner_company());
if (logged_user()->getCompany() instanceof Contact) $companies[] = logged_user()->getCompany();
}
$allowed_object_types = array();
$dim_obj_types = $dim->getAllowedObjectTypeContents();
foreach ($dim_obj_types as $dim_obj_type) {
// To draw a row for each object type of the dimension
if ( !array_key_exists($dim_obj_type->getContentObjectTypeId(), $allowed_object_types) && (!$member || $dim_obj_type->getDimensionObjectTypeId() == $member->getObjectTypeId()) ) {
$allowed_object_types[$dim_obj_type->getContentObjectTypeId()] = ObjectTypes::findById($dim_obj_type->getContentObjectTypeId());
$allowed_object_types_json[] = $dim_obj_type->getContentObjectTypeId();
}
}
$permission_groups = array();
foreach ($companies as $company) {
$users = $company->getUsersByCompany();
foreach ($users as $u) $permission_groups[] = $u->getPermissionGroupId();
}
$no_company_users = Contacts::getAllUsers("AND `company_id` = 0", true);
foreach ($no_company_users as $noc_user) {
$permission_groups[] = $noc_user->getPermissionGroupId();
}
$non_personal_groups = PermissionGroups::getNonRolePermissionGroups();
foreach ($non_personal_groups as $group) {
$permission_groups[] = $group->getId();
}
foreach ($permission_groups as $pg_id) {
if ($dim->hasAllowAllForContact($pg_id)) {
$member_permissions[$pg_id] = array();
foreach ($dim_obj_types as $dim_obj_type) {
if ($member && $dim_obj_type->getDimensionObjectTypeId() == $member->getObjectTypeId()) {
$member_permissions[$pg_id][] = array(
'o' => $dim_obj_type->getContentObjectTypeId(),
'w' => 1,
'd' => 1,
'r' => 1
);
}elseif(!$member){
// WHEN CREATING a new member dont allow any user
$member_permissions[$pg_id][] = array(
'o' => $dim_obj_type->getContentObjectTypeId(),
'w' => 0,
'd' => 0,
'r' => 0
);
}
}
} else if (!$dim->deniesAllForContact($pg_id)) {
$member_permissions[$pg_id] = array();
if ($member) {
$mpgs = ContactMemberPermissions::findAll(array("conditions" => array("`permission_group_id` = ? AND `member_id` = ?", $pg_id, $member->getId())));
if (is_array($mpgs)) {
foreach ($mpgs as $mpg) {
$member_permissions[$mpg->getPermissionGroupId()][] = array(
'o' => $mpg->getObjectTypeId(),
'w' => $mpg->getCanWrite() ? 1 : 0,
'd' => $mpg->getCanDelete() ? 1 : 0,
'r' => 1
);
}
}
}
}
}
return array(
'member' => $member,
'allowed_object_types' => $allowed_object_types,
'allowed_object_types_json' => $allowed_object_types_json,
'permission_groups' => $permission_groups,
'member_permissions' => $member_permissions,
);
}
/**
* This function will return paginated result. Result is an array where first element is
* array of returned object and second populated pagination object that can be used for
* obtaining and rendering pagination data using various helpers.
*
* Items and pagination array vars are indexed with 0 for items and 1 for pagination
* because you can't use associative indexing with list() construct
*
* @access public
* @param array $arguments Query argumens (@see find()) Limit and offset are ignored!
* @param integer $items_per_page Number of items per page
* @param integer $current_page Current page number
* @return array
*/
function paginate($arguments = null, $items_per_page = 10, $current_page = 1) {
if(isset($this) && instance_of($this, 'PermissionGroups')) {
return parent::paginate($arguments, $items_per_page, $current_page);
} else {
return PermissionGroups::instance()->paginate($arguments, $items_per_page, $current_page);
} // if
} // paginate
private function cut_max_user_permissions(Contact $user)
{
$admin_pg = PermissionGroups::findOne(array('conditions' => "`name`='Super Administrator'"));
$all_roles_max_permissions = RoleObjectTypePermissions::getAllRoleObjectTypePermissionsInfo();
$admin_perms = $all_roles_max_permissions[$admin_pg->getId()];
$all_object_types = array();
foreach ($admin_perms as &$aperm) {
$all_object_types[] = $aperm['object_type_id'];
}
$max_permissions = array_var($all_roles_max_permissions, $user->getUserType());
$pg_id = $user->getPermissionGroupId();
foreach ($all_object_types as $ot) {
if (!$ot) {
continue;
}
$max = array_var($max_permissions, $ot);
if (!$max) {
// cannot read -> delete in contact_member_permissions
$sql = "DELETE FROM " . TABLE_PREFIX . "contact_member_permissions WHERE permission_group_id={$pg_id} AND object_type_id={$ot}";
DB::execute($sql);
} else {
// cut can_delete and can_write using max permissions
$can_d = $max['can_delete'] ? "1" : "0";
$can_w = $max['can_write'] ? "1" : "0";
$sql = "UPDATE " . TABLE_PREFIX . "contact_member_permissions\r\n\t\t\t\tSET can_delete=(can_delete AND {$can_d}), can_write=(can_write AND {$can_w})\r\n\t\t\t\tWHERE permission_group_id={$pg_id} AND object_type_id={$ot}";
DB::execute($sql);
}
}
// rebuild sharing table for permission group $pg_id
$cmp_rows = DB::executeAll("SELECT * FROM " . TABLE_PREFIX . "contact_member_permissions WHERE permission_group_id={$pg_id}");
$permissions_array = array();
foreach ($cmp_rows as $row) {
$p = new stdClass();
$p->m = array_var($row, 'member_id');
$p->o = array_var($row, 'object_type_id');
$p->d = array_var($row, 'can_delete');
$p->w = array_var($row, 'can_write');
$p->r = 1;
$permissions[] = $p;
}
$sharing_table_controller = new SharingTableController();
$sharing_table_controller->after_permission_changed($pg_id, $permissions_array);
}
var guest_selected = false;
for (j=0; j<og.guest_permission_group_ids.length; j++) {
if (type == og.guest_permission_group_ids[j]) {
guest_selected = true;
break;
}
}
og.showHideNonGuestPermissionOptions(guest_selected);
};
</script>
<div>
<?php
$actual_user_type = PermissionGroups::instance()->findOne(array("conditions" => "id = ".$user->getUserType()));
$can_change_type = false;
$permission_groups = array();
foreach($groups as $group){
$permission_groups[] = array($group->getId(), lang($group->getName()));
if ($group->getId() == $actual_user_type->getId()) $can_change_type = true;
}
if ($can_change_type) {
echo label_tag(lang('user type'), null, true);
echo simple_select_box('user[type]', $permission_groups, $actual_user_type->getId(), array(
'onchange' => "og.addUpdatePermissionsUserTypeChange('$genid', this.value)",
'tabindex' => "300"
));
}
foreach ($guest_groups as $gg) {
/**
* Delete group
*
* @param void
* @return null
*/
function delete() {
if(!can_manage_security(logged_user())) {
flash_error(lang('no access permissions'));
ajx_current("empty");
return;
}
$group = PermissionGroups::findById(get_id());
if(!($group instanceof PermissionGroup)) {
flash_error(lang('group dnx'));
ajx_current("empty");
return ;
}
if ($group->getContactId() > 0) {
flash_error(lang('cannot delete personal permissions'));
ajx_current("empty");
return ;
}
try {
DB::beginWork();
$group->delete();
//ApplicationLogs::createLog($group, ApplicationLogs::ACTION_DELETE);
DB::commit();
flash_success(lang('success delete group', $group->getName()));
ajx_current("reload");
} catch(Exception $e) {
DB::rollback();
flash_error(lang('error delete group'));
ajx_current("empty");
} // try
} // delete_group
function getPermissionGroup() {
return PermissionGroups::findById($this->getPermissionGroupId());
}
<?php
}
?>
<?php
}
?>
</ul>
<?php
/*
* This section is for add permissions
*/
?>
<?php
if ($render_add) {
$exe_pg = PermissionGroups::instance()->findOne(array('conditions' => "type='roles' AND parent_id>0 AND name='Executive'"));
?>
<div style="margin-top:4px; margin-left:10px; margin-right:10px;">
<?php
/*
* Add people button
*/
?>
<div style="float:left; width: 75%; margin-top: 10px;">
<?php
if (!isset($add_people_btn)) {
?>
<button style="overflow: hidden; width:auto;" onclick="og.openLink(og.getUrl('contact','add', {is_user:1, user_type:'<?php
/**
* Add user
*
* @access public
* @param void
* @return null
*/
function add_user() {
$max_users = config_option('max_users');
if ($max_users && (Contacts::count() >= $max_users)) {
flash_error(lang('maximum number of users reached error'));
ajx_current("empty");
return;
}
$company = Contacts::findById(get_id('company_id'));
if (!($company instanceof Contact)) {
$company = owner_company();
}
if (!can_manage_security(logged_user())) {
flash_error(lang('no access permissions'));
ajx_current("empty");
return;
} // if
$user = new Contact();
$user_data = array_var($_POST, 'user');
// Populate form fields
if (!is_array($user_data)) {
//if it is a new user
$contact_id = get_id('contact_id');
$contact = Contacts::findById($contact_id);
if ($contact instanceof Contact) {
if (!is_valid_email($contact->getEmailAddress())){
ajx_current("empty");
flash_error(lang("contact email is required to create user"));
return false;
}
//if it will be created from a contact
$user_data = array(
'username' => $this->generateUserNameFromContact($contact),
'display_name' => $contact->getFirstname() . $contact->getSurname(),
'email' => $contact->getEmailAddress('personal'),
'contact_id' => $contact->getId(),
'password_generator' => 'random',
'type' => 'Executive',
'can_manage_time' => true,
); // array
tpl_assign('ask_email', false);
} else {
// if it is new, and created from admin interface
$user_data = array(
'password_generator' => 'random',
'company_id' => $company->getId(),
'timezone' => $company->getTimezone(),
'create_contact' => true,
'send_email_notification' => false,
'type' => 'Executive',
'can_manage_time' => true,
);
tpl_assign('ask_email', true);
}
// System permissions
tpl_assign('system_permissions', new SystemPermission());
// Module permissions
$module_permissions_info = array();
$all_modules = TabPanels::findAll(array("conditions" => "`enabled` = 1", "order" => "ordering"));
$all_modules_info = array();
foreach ($all_modules as $module) {
$all_modules_info[] = array('id' => $module->getId(), 'name' => lang($module->getTitle()), 'ot' => $module->getObjectTypeId());
}
tpl_assign('module_permissions_info', $module_permissions_info);
tpl_assign('all_modules_info', $all_modules_info);
// Member permissions
$parameters = permission_form_parameters(0);
tpl_assign('permission_parameters', $parameters);
// Permission Groups
$groups = PermissionGroups::getNonPersonalSameLevelPermissionsGroups('`parent_id`,`id` ASC');
tpl_assign('groups', $groups);
$roles= SystemPermissions::getAllRolesPermissions();
tpl_assign('roles', $roles);
$tabs= TabPanelPermissions::getAllRolesModules();
tpl_assign('tabs_allowed', $tabs);
} // if
tpl_assign('user', $user);
tpl_assign('company', $company);
tpl_assign('user_data', $user_data);
//Submit User
if (is_array(array_var($_POST, 'user'))) {
if (!array_var($user_data, 'createPersonalProject')) {
$user_data['personal_project'] = 0;
}
try {
Contacts::validateUser($user_data);
DB::beginWork();
$user = $this->createUser($user_data, array_var($_POST,'permissions'));
DB::commit();
flash_success(lang('success add user', $user->getObjectName()));
ajx_current("back");
} catch(Exception $e) {
DB::rollback();
ajx_current("empty");
flash_error($e->getMessage());
} // try
} // if
} // add_user
/**
*
* After editing permissions refresh associations and object_members for the contact owner of the permission_group modified
* @param $pg_id Permission group id
* @param $ignored Ignored
*/
function core_dimensions_after_save_contact_permissions($pg_id, &$ignored) {
$pg = PermissionGroups::findById($pg_id);
if ($pg instanceof PermissionGroup && $pg->getContactId() > 0 && $pg->getType() == 'permission_groups') {
$user = Contacts::findById($pg->getContactId());
if (!$user instanceof Contact || !$user->isUser()) return;
$member_ids = array();
$cmps = ContactMemberPermissions::instance()->findAll(array("conditions" => "permission_group_id = ".$pg_id));
foreach ($cmps as $cmp) {
$member_ids[$cmp->getMemberId()] = $cmp->getMemberId();
}
if (count($member_ids) == 0) return;
$members = Members::findAll(array('conditions' => 'id IN ('.implode(',', $member_ids).')'));
$persons_dim = Dimensions::findByCode("feng_persons");
$user_member = Members::findOneByObjectId($user->getId(), $persons_dim->getId());
$affected_dimensions = core_dim_create_member_associations($user, $user_member, $members);
// remove from all members of the affected dimensions
if (count($affected_dimensions) > 0) {
$affected_member_ids = Members::findAll(array('id' => true, 'conditions' => 'dimension_id IN ('.implode(',', $affected_dimensions).')'));
if (count($affected_member_ids) > 0) {
ObjectMembers::removeObjectFromMembers($user, logged_user(), $members, $affected_member_ids);
}
}
// add user content object to associated members
$obj_controller = new ObjectController();
ObjectMembers::addObjectToMembers($user->getId(), $members);
$user->addToSharingTable();
}
}