public function createRecord(ServiceBase $api, array $args) { if (!SugarACL::checkAccess('Forecasts', 'edit')) { throw new SugarApiExceptionNotAuthorized('No access to edit records for module: Forecasts'); } $obj = $this->getClass($args); return $obj->save(); }
function checkDashletDisplay() { if (!in_array($this->type, $GLOBALS['moduleList']) && !in_array($this->type, $GLOBALS['modInvisList']) && !in_array('Activities', $GLOBALS['moduleList'])) { $displayDashlet = false; } else { $displayDashlet = SugarACL::checkAccess($this->type, 'list', array("owner_override" => true)); } return $displayDashlet; }
/** * Only allow access to users with the user admin setting * * @param string $module * @param string $view * @param array $context * * @return bool|void */ public function checkAccess($module, $action, $context) { $action = $this->fixUpActionName($action); if ($action == "field") { return true; } if (!empty($this->parentLink)) { $linkName = $this->parentLink; $bean = SugarACL::loadBean($module, $context); $bean->load_relationship($linkName); if (empty($bean->{$linkName})) { throw new SugarException("Invalid link {$linkName} for parent ACL"); } if ($bean->{$linkName}->getType() == "many") { throw new SugarException("Cannot serch for owners through multi-link {$linkName}"); } $parentModule = $bean->{$linkName}->getRelatedModuleName(); if (!empty($this->parentModule) && $parentModule != $this->parentModule) { throw new SugarException("Cannot search for owners through link with incorrect module {$parentModule}"); } if (in_array($action, self::$requiresOwnerCheck)) { //Check ACL's that require a parent such as edit/detail $parentIds = $bean->{$linkName}->get(); if (is_array($parentIds) && !empty($parentIds)) { $parentId = $parentIds[0]; $parentBean = BeanFactory::getBean($parentModule, $parentId); //The parent failed to retrieve, you probably don't have access if (empty($parentBean->id)) { return false; } $context['bean'] = $parentBean; return $parentBean->ACLAccess($action, $context); } } else { //Fall here for ACL's like list that don't require a parent to check //Don't pass the context since the bean won't match the module. //We also can't check owner at this level since we don't have the bean so owner_override must be true unset($context['bean']); $context['owner_override'] = true; return SugarACL::checkAccess($parentModule, $action, $context); } } return true; }
/** * Forecast Worksheet Filter API Handler * * @param ServiceBase $api * @param array $args * @return array * @throws SugarApiExceptionNotAuthorized */ public function filterList(ServiceBase $api, array $args) { if (!SugarACL::checkAccess('Forecasts', 'list')) { throw new SugarApiExceptionNotAuthorized('No access to view records for module: Forecasts'); } // some local variables $found_assigned_user = false; $found_timeperiod = false; $found_type = false; // if filter is not defined, define it if (!isset($args['filter']) || !is_array($args['filter'])) { $args['filter'] = array(); } if (isset($args['filter'][0]['$tracker'])) { return array('next_offset' => -1, 'records' => array()); } // if there are filters set, process through them if (!empty($args['filter'])) { // todo-sfa: clean this up as it currently doesn't handle much in the way of nested arrays foreach ($args['filter'] as $key => $filter) { $filter_key = array_shift(array_keys($filter)); // if the key is assigned_user_id, take the value and save it for later if ($found_assigned_user == false && $filter_key == 'user_id') { $found_assigned_user = array_pop($filter); } // if the key is timeperiod_id, take the value, save it for later, and remove the filter if ($found_timeperiod == false && $filter_key == 'timeperiod_id') { $found_timeperiod = array_pop($filter); // remove the timeperiod_id unset($args['filter'][$key]); } if ($found_type == false && $filter_key == 'forecast_type') { $found_type = array_pop($filter); unset($args['filter'][$key]); } } } $args['filter'] = $this->createFilter($api, $found_assigned_user, $found_timeperiod, $found_type); return parent::filterList($api, $args); }
/** * This overrides the default retrieve function setting the default to encode to false */ function retrieve($id = '-1', $encode = false, $deleted = true) { $dashboard = parent::retrieve($id, false, $deleted); // Expand the metadata for processing. $metadata = json_decode($dashboard->metadata); // If we don't have a components in metadata for whatever reason, we're out, send back unchanged. if (!isset($metadata->components)) { return $dashboard; } $dirty = false; // Loop through the dashboard, drilling down to the dashlet level. foreach ($metadata->components as $component_key => $component) { foreach ($component->rows as $row_key => $row) { foreach ($row as $item_key => $item) { // Check if this user has access to the module upon which this dashlet is based. if (isset($item->context->module) && !SugarACL::checkAccess($item->context->module, 'access')) { // The user does not have access, remove the dashlet. unset($metadata->components[$component_key]->rows[$row_key][$item_key]); // Check if this row is now empty. if (count($metadata->components[$component_key]->rows[$row_key]) == 0) { // This row is now empty, remove it and mark the metadata as dirty. unset($metadata->components[$component_key]->rows[$row_key]); $dirty = true; } } } } } // Check if we've modified the metadata. if ($dirty) { // Loop through the rows re-assigning sequential array keys for dashboard display. foreach ($metadata->components as $key => $value) { $metadata->components[$key]->rows = array_values($metadata->components[$key]->rows); } } // Re-encode and save the metadata back to the dashboard object before returning it. $dashboard->metadata = json_encode($metadata); return $dashboard; }
function get_user_module_list($user) { global $moduleList, $modInvisList, $beanList, $beanFiles; $modules = array_flip(SugarACL::filterModuleList($moduleList, 'access', true)); // module names end up as keys foreach ($modInvisList as $invis) { $modules[$invis] = 'read_only'; } foreach ($modules as $key => $val) { if (!SugarACL::checkAccess($key, 'edit', array("owner_override" => true))) { // not accessible for write $modules[$key] = 'read_only'; } else { // access ok if ($modules[$key] != 'read_only') { $modules[$key] = ''; } } } //Remove all modules that don't have a beanFiles entry associated with it foreach ($modules as $module_name => $module) { if (isset($beanList[$module_name])) { $class_name = $beanList[$module_name]; if (empty($beanFiles[$class_name])) { unset($modules[$module_name]); } } else { unset($modules[$module_name]); } } return $modules; }
function getDashlets($category = '') { global $app_strings, $current_language, $mod_strings; require_once $GLOBALS['sugar_config']['cache_dir'] . 'dashlets/dashlets.php'; $categories = array('module' => 'Module Views', 'portal' => 'Portal', 'charts' => 'Charts', 'tools' => 'Tools', 'misc' => 'Miscellaneous', 'web' => 'Web'); $dashletStrings = array(); $dashletsList = array(); if (!empty($category)) { $dashletsList[$categories[$category]] = array(); } else { $dashletsList['Module Views'] = array(); $dashletsList['Charts'] = array(); $dashletsList['Tools'] = array(); $dashletsList['Web'] = array(); } asort($dashletsFiles); foreach ($dashletsFiles as $className => $files) { if (!empty($files['meta']) && SugarAutoLoader::fileExists($files['meta'])) { require_once $files['meta']; // get meta file $directory = substr($files['meta'], 0, strrpos($files['meta'], '/') + 1); foreach (SugarAutoLoader::existing($directory . $files['class'] . '.' . $current_language . '.lang.php', $directory . $files['class'] . '.en_us.lang.php') as $file) { require $file; } // try to translate the string if (empty($dashletStrings[$files['class']][$dashletMeta[$files['class']]['title']])) { $title = $dashletMeta[$files['class']]['title']; } else { $title = $dashletStrings[$files['class']][$dashletMeta[$files['class']]['title']]; } // try to translate the string if (empty($dashletStrings[$files['class']][$dashletMeta[$files['class']]['description']])) { $description = $dashletMeta[$files['class']]['description']; } else { $description = $dashletStrings[$files['class']][$dashletMeta[$files['class']]['description']]; } // generate icon if (!empty($dashletMeta[$files['class']]['icon'])) { // here we'll support image inheritance if the supplied image has a path in it // i.e. $dashletMeta[$files['class']]['icon'] = 'themes/default/images/dog.gif' // in this case, we'll strip off the path information to check for the image existing // in the current theme. $imageName = SugarThemeRegistry::current()->getImageURL(basename($dashletMeta[$files['class']]['icon']), false); if (!empty($imageName)) { if (sugar_is_file($imageName)) { $icon = '<img src="' . $imageName . '" alt="" border="0" align="absmiddle" />'; } else { $icon = ''; } } } else { if (empty($dashletMeta[$files['class']]['module'])) { $icon = get_dashlets_dialog_icon('default'); } else { if (!in_array($dashletMeta[$files['class']]['module'], $GLOBALS['moduleList']) && !in_array($dashletMeta[$files['class']]['module'], $GLOBALS['modInvisList']) && !in_array('Activities', $GLOBALS['moduleList'])) { unset($dashletMeta[$files['class']]); continue; } else { $icon = get_dashlets_dialog_icon($dashletMeta[$files['class']]['module']); } } } // determine whether to display if (!empty($dashletMeta[$files['class']]['hidden']) && $dashletMeta[$files['class']]['hidden'] === true) { $displayDashlet = false; } elseif (!empty($dashletMeta[$files['class']]['module']) && (!in_array($dashletMeta[$files['class']]['module'], $GLOBALS['moduleList']) && !in_array($dashletMeta[$files['class']]['module'], $GLOBALS['modInvisList'])) && !in_array('Activities', $GLOBALS['moduleList'])) { $displayDashlet = false; } else { $displayDashlet = true; //check ACL ACCESS if (!empty($dashletMeta[$files['class']]['module'])) { if (!SugarACL::checkAccess($dashletMeta[$files['class']]['module'], 'view', array('owner_override' => true))) { $displayDashlet = false; } if (!SugarACL::checkAccess($dashletMeta[$files['class']]['module'], 'list', array('owner_override' => true))) { $displayDashlet = false; } } } if ($dashletMeta[$files['class']]['category'] == 'Charts') { $type = 'predefined_chart'; } else { $type = 'module'; } if ($displayDashlet && isset($dashletMeta[$files['class']]['dynamic_hide']) && $dashletMeta[$files['class']]['dynamic_hide']) { if (SugarAutoLoader::fileExists($files['file'])) { require_once $files['file']; if (class_exists($files['class'])) { $dashletClassName = $files['class']; $displayDashlet = call_user_func(array($files['class'], 'shouldDisplay')); } } } if ($displayDashlet) { $cell = array('title' => $title, 'description' => $description, 'onclick' => 'return SUGAR.mySugar.addDashlet(\'' . $className . '\', \'' . $type . '\', \'' . (!empty($dashletMeta[$files['class']]['module']) ? $dashletMeta[$files['class']]['module'] : '') . '\');', 'icon' => $icon, 'id' => $files['class'] . '_select'); if (!empty($category) && $dashletMeta[$files['class']]['category'] == $categories[$category]) { array_push($dashletsList[$categories[$category]], $cell); } else { if (empty($category)) { array_push($dashletsList[$dashletMeta[$files['class']]['category']], $cell); } } } } } if (!empty($category)) { asort($dashletsList[$categories[$category]]); } else { foreach ($dashletsList as $key => $value) { asort($dashletsList[$key]); } } $this->dashlets = $dashletsList; }
function get_list_view_data() { global $app_strings; global $mod_strings; $temp_array = $this->get_list_view_array(); $temp_array["ENCODED_NAME"] = $this->name; // $valid = $this->get_custom_results(true,false,false,true); //Always return Valid for now. This was done to prevent performance issues. $valid = array(); $valid['result'] = "Valid"; if ($valid['result'] == "Error") { if (isset($valid['result_type']) && $valid['result_type'] == "Child") { $temp_array["VALID"] = "<font color='blue'>" . $app_strings['LBL_QUERY_CHILD'] . "</font>"; } else { $temp_array["VALID"] = "<font color='red'>" . $app_strings['LBL_QUERY_ERROR'] . "</font>"; } } else { $temp_array["VALID"] = "<font color='green'>" . $app_strings['LBL_QUERY_VALID'] . "</font>"; } if (SugarACL::checkAccess($this->module_name, 'delete')) { $image = SugarThemeRegistry::current()->getImage('delete_inline', 'align="absmiddle" border="0"', null, null, '.gif', $app_strings['LNK_DELETE']); $url = 'index.php?' . http_build_query(array('module' => $this->module_name, 'action' => 'Delete', 'record' => $this->id, 'return_module' => $this->module_name, 'return_action' => 'index')); $url = htmlspecialchars($url); $temp_array['DELETE_BUTTON_INLINE'] = <<<BUTTON <form id="{$this->id}" method="post" action="{$url}"> <a class="listViewTdToolsS1" href="javascript:void(0);" onclick="if (confirm('{$mod_strings['NTC_DELETE_CONFIRMATION']}')) document.getElementById('{$this->id}').submit();">{$image} {$app_strings['LNK_REMOVE']}</a> </form> BUTTON; } if (SugarACL::checkAccess($this->module_name, 'edit')) { $url = 'index.php?' . http_build_query(array('module' => $this->module_name, 'action' => 'index', 'record' => $this->id, 'edit' => 'true')); $temp_array['LINK'] = '<a href="' . htmlspecialchars($url) . '">' . $temp_array['NAME'] . '</a>'; } else { $temp_array['LINK'] = $temp_array['NAME']; } return $temp_array; }
/** * Check ACL access to certain view for this object * @param string $view * @param array $context * @return bool has access? */ public function ACLAccess($view, $context = null) { if (is_bool($context)) { // BC hack to accept owner override $context = array('owner_override' => $context); } if (empty($context) || $context == 'not_set') { $context = array(); } if (!isset($context['bean'])) { $context['bean'] = $this; } return SugarACL::checkAccess($this->getACLCategory(), $view, $context); }
if ($result == null) { sugar_die($app_strings['ERROR_NO_RECORD']); } } else { header("Location: index.php?module=ReportMaker&action=index"); } echo getClassicModuleTitle("Report Maker", array($mod_strings['LBL_MODULE_TITLE'] . " " . $focus->name), true); $button = "<table cellspacing='0' border='0'><form action='index.php' method='post' name='form' id='form'>\n"; $button .= "<input type='hidden' name='module' value='ReportMaker'>\n"; $button .= "<input type='hidden' name='return_module' value='" . $currentModule . "'>\n"; $button .= "<input type='hidden' name='return_action' value='" . $action . "'>\n"; $button .= "<input type='hidden' name='return_id' value='" . $focus->id . "'>\n"; $button .= "<input type='hidden' name='record' value='" . $focus->id . "'>\n"; $button .= "<input type='hidden' name='action'>\n"; $button .= "<input title='" . $mod_strings['LBL_DETAILS_BUTTON_TITLE'] . "' class='button' onclick=\"this.form.action.value='DetailView'\" type='submit' name='button' value=' " . $mod_strings['LBL_DETAILS_BUTTON_LABEL'] . " '>\n"; if (SugarACL::checkAccess($currentModule, 'edit')) { $button .= "<input title='" . $mod_strings['LBL_EDIT_BUTTON_TITLE'] . "' accessKey='" . $mod_strings['LBL_EDIT_BUTTON_KEY'] . "' class='button' onclick=\"this.form.action.value='EditView'\" type='submit' name='button' value=' " . $mod_strings['LBL_EDIT_BUTTON_LABEL'] . " '>\n"; } $button .= "</form></table>\n"; echo "{$button}"; //This is where we run the report itself $data_set_list = $focus->get_data_sets("ORDER BY list_order_y ASC"); $header_xtpl = new XTemplate('modules/ReportMaker/ReportHeaderView.html'); $header_xtpl->assign("REPORT_ALIGN", $focus->report_align); $header_xtpl->assign("REPORT_TITLE", $focus->title); $header_xtpl->assign("PRINT_URL", "index.php?" . $GLOBALS['request_string']); echo "<table width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\"> \n"; echo "<tr><td>"; $header_xtpl->parse("main"); $header_xtpl->out("main"); echo "</td></tr>";
$xtpl->assign('NAME', $focus->name); $xtpl->assign('TITLE', $focus->title); $xtpl->assign("DESCRIPTION", nl2br($focus->description)); $xtpl->assign("REPORT_ALIGN", $app_list_strings['report_align_dom'][$focus->report_align]); $xtpl->assign("TEAM", $focus->assigned_name); global $current_user; //if(is_admin($current_user) && $_REQUEST['module'] != 'DynamicLayout' && !empty($_SESSION['editinplace'])){ // $xtpl->assign("ADMIN_EDIT","<a href='index.php?action=index&module=DynamicLayout&from_action=".$_REQUEST['action'] ."&from_module=".$_REQUEST['module'] ."&record=".$_REQUEST['record']. "'>".SugarThemeRegistry::current()->getImage("EditLayout","border='0' align='bottom'",null,null,'.gif',$mod_strings['LBL_EDITLAYOUT'])."</a>"); //} // adding custom fields: require_once 'modules/DynamicFields/templates/Files/DetailView.php'; if (SugarACL::checkAccess('DataSets', 'edit')) { $xtpl->parse('edit_button'); $xtpl->assign('EDIT_BUTTON', $xtpl->text('edit_button')); } if (SugarACL::checkAccess('DataSets', 'delete')) { $xtpl->parse('delete_button'); $xtpl->assign('DELETE_BUTTON', $xtpl->text('delete_button')); } $xtpl->parse("main"); $xtpl->out("main"); //Show the datasets $old_contents = ob_get_contents(); ob_end_clean(); if ($sub_xtpl->var_exists('subpanel', 'SUBDATASETS')) { ob_start(); global $focus_list; $focus_list = $focus->get_data_sets("ORDER BY list_order_y ASC"); include 'modules/DataSets/SubPanelView.php'; echo "<BR>\n"; $subdatasets = ob_get_contents();
function get_list_view_data() { global $app_strings, $mod_strings; global $app_list_strings; global $current_user; global $focus; if (empty($this->exportable)) { $this->exportable = "0"; } $temp_array = parent::get_list_view_data(); $temp_array['NAME'] = $this->name == "" ? "<em>blank</em>" : $this->name; $temp_array['OUTPUT_DEFAULT'] = $app_list_strings['dataset_output_default_dom'][isset($this->output_default) && !empty($this->output_default) ? $this->output_default : 'table']; $temp_array['LIST_ORDER_Y'] = $this->list_order_y; $temp_array['EXPORTABLE'] = $this->exportable; $temp_array['HEADER'] = $this->header; $temp_array['QUERY_NAME'] = $this->query_name; $temp_array['REPORT_NAME'] = $this->report_name; if (SugarACL::checkAccess('DataSets', 'edit')) { $temp_array['UP_BUTTON'] = $this->getButton('uparrow_inline', 'LNK_UP', array('module' => 'DataSets', 'action' => 'Save', 'data_set_id' => $this->id, 'direction' => 'Up'), $focus); $temp_array['DOWN_BUTTON'] = $this->getButton('downarrow_inline', 'LNK_DOWN', array('module' => 'DataSets', 'action' => 'Save', 'data_set_id' => $this->id, 'direction' => 'Up'), $focus); $temp_array['EDIT_BUTTON'] = $this->getButton('edit_inline', 'LNK_EDIT', array('module' => 'DataSets', 'action' => 'EditView', 'record' => $this->id), $focus); } return $temp_array; }
function processDataSet() { global $currentModule; if (!isset($this->xTemplate)) { $this->createXTemplate(); } //check the error results $query_error = $this->seed_object->get_custom_results(true); if ($query_error['result'] == "Error") { //Invalid Query, Display Error Message return $query_error; } else { //rerun query $this->seed_object->get_custom_results(); //capture standard column information array $this->column_array = $this->seed_object->get_column_array(); //end if query_results produces an error } //PROCESS TABLES //PROCESS EXPORT BUTTON AND PAGINATION IF NECESSARY if (isset($this->data_set_exportable) && $this->data_set_exportable == "1") { $this->processDataSetNavigation($this->seed_object, $this->x_block, $this->html_var); } //Show header if on if (isset($this->data_set_header) && $this->data_set_header == "1") { $this->processDataSetHeader(); } //show custom layout editor tools if enabled if ($this->custom_layout && !$this->final_report_view && SugarACL::checkAccess($currentModule, 'edit')) { $this->get_layout_head_editor(); } //General Data Set Settings if (!empty($this->data_set_object)) { $this->xTemplateAssign('TABLE_WIDTH', $this->table_width . "" . $this->data_set_object->table_width_type); } $this->processDataSetRows(); //Display Form Footer if ($this->display_header_and_footer) { $this->getAdditionalHeader(); echo get_form_header($this->header_title, $this->header_text, false); } //Process Interlock if necessary if (!empty($this->interlock) && $this->interlock == true) { return $this->xTemplate->text($this->x_block); } else { $this->xTemplate->out($this->x_block); } ///END TABLE PROCESSING if (isset($_SESSION['validation'])) { print base64_decode('PGEgaHJlZj0naHR0cDovL3d3dy5zdWdhcmNybS5jb20nPlBPV0VSRUQmbmJzcDtCWSZuYnNwO1NVR0FSQ1JNPC9hPg=='); //end ifset } //end function processdataset }
global $action; // focus_list is the means of passing data to a SubPanelView. global $focus_list; global $current_user; $header_text = ''; //if(is_admin($current_user) && $_REQUEST['module'] != 'DynamicLayout' && !empty($_SESSION['editinplace'])){ // $header_text = " <a href='index.php?action=index&module=DynamicLayout&from_action=SubPanelView&from_module=Leads&record=". $_REQUEST['record']."'>".SugarThemeRegistry::current()->getImage("EditLayout","border='0' align='bottom'",null,null,'.gif',$mod_strings['LBL_EDIT_LAYOUT'])."</a>"; //} $button = "<table cellspacing='0' border='0' width='100%'><tr><td nowrap><form action='index.php' method='post' name='form' id='form'>\n"; $button .= "<input type='hidden' name='module' value='DataSets'>\n"; $button .= "<input type='hidden' name='return_module' value='" . $currentModule . "'>\n"; $button .= "<input type='hidden' name='return_action' value='" . $action . "'>\n"; $button .= "<input type='hidden' name='return_id' value='" . $focus->id . "'>\n"; $button .= "<input type='hidden' name='record' value=''>\n"; $button .= "<input type='hidden' name='action'>\n"; if (SugarACL::checkAccess('DataSets', 'create')) { $button .= "<input title='" . $mod_strings['LBL_NEW_BUTTON_TITLE'] . "' class='button' onclick=\"this.form.action.value='EditView'\" type='submit' name='button' value=' " . $mod_strings['LBL_NEW_BUTTON_LABEL'] . " '>\n"; } $button .= "<input title='" . $mod_strings['LBL_ADD_BUTTON_TITLE'] . "' class='button' onclick='return window.open(\"index.php?module=DataSets&action=Popup&form=AddDataSetEditView&form_submit=true\",\"test\",\"width=600,height=400,resizable=1,scrollbars=1\");' type='button' name='button' value=' " . $mod_strings['LBL_ADD_BUTTON_LABEL'] . " '>\n"; $button .= "</td></tr></form></table>\n"; $ListView = new ListView(); $ListView->initNewXTemplate('modules/DataSets/SubPanelView.html', $current_module_strings); $ListView->xTemplateAssign('UPARROW_INLINE', SugarThemeRegistry::current()->getImage('uparrow_inline', 'align="absmiddle" border="0"', null, null, '.gif', $mod_strings['LNK_UP'])); $ListView->xTemplateAssign('DOWNARROW_INLINE', SugarThemeRegistry::current()->getImage('downarrow_inline', 'align="absmiddle" border="0"', null, null, '.gif', $mod_strings['LNK_DOWN'])); $ListView->xTemplateAssign('DELETE_INLINE', SugarThemeRegistry::current()->getImage('delete_inline', 'align="absmiddle" border="0"', null, null, '.gif', $app_strings['LNK_DELETE'])); $ListView->xTemplateAssign('UPARROW_TEXT', $mod_strings['LNK_UP']); $ListView->xTemplateAssign('DOWNARROW_TEXT', $mod_strings['LNK_DOWN']); $ListView->xTemplateAssign('DELETE_TEXT', $app_strings['LNK_DELETE']); $ListView->xTemplateAssign('REPORT_ID', $focus->id); $ListView->setHeaderTitle($current_module_strings['LBL_MODULE_NAME'] . $header_text); $ListView->setHeaderText($button);
* http://support.sugarcrm.com/06_Customer_Center/10_Master_Subscription_Agreements/. * If you do not agree to all of the applicable terms or do not have the * authority to bind the entity as an authorized representative, then do not * install or use this SugarCRM file. * * Copyright (C) SugarCRM Inc. All rights reserved. */ require_once 'modules/Reports/config.php'; require_once 'modules/Reports/Report.php'; require_once 'modules/Reports/templates/templates_reports.php'; if (!empty($args['reporter']->saved_report)) { $context = array("bean" => $args['reporter']->saved_report); } else { $context = array(); } if (!SugarACL::checkAccess('Reports', 'edit', $context)) { ACLController::displayNoAccess(true); sugar_cleanup(true); } global $current_user, $mod_strings, $ACLAllowedModules, $current_language, $app_list_strings, $app_strings, $sugar_config, $sugar_version; $params = array(); $params[] = $mod_strings['LBL_CREATE_CUSTOM_REPORT']; echo getClassicModuleTitle("Reports", $params, false); $ACLAllowedModules = getACLAllowedModules(); uksort($ACLAllowedModules, "juliansort"); $buttons = array(); require_once "modules/MySettings/TabController.php"; $controller = new TabController(); $tabs = $controller->get_user_tabs($current_user, $type = 'display'); //$ACLAllowedModulesAdded = array(); require_once 'include/SugarSmarty/plugins/function.sugar_help.php';
/** * Check access to given action * @api * TODO: convert to SugarACL, temporary function to allow less code changes * @param string $category Module name * @param string $action * @param bool $is_owner Should we assume current user is owner of the record? * @param string $type ACL type, usually module but can be different for DCE and Trackers * @return bool */ public static function checkAccess($category, $action, $is_owner = false, $type = 'module') { return SugarACL::checkAccess($category, $action, $is_owner ? array("owner_override" => true) : array()); }
function hasExportAccess($args = array()) { global $sugar_config, $current_user; // If reporter is not passed in just default to no access if (empty($args['reporter'])) { return false; } $is_owner = true; if (isset($args['reporter']->saved_report) && $args['reporter']->saved_report->assigned_user_id != $current_user->id) { $is_owner = false; } if (!empty($sugar_config['disable_export']) || $args['reporter']->report_def['report_type'] != 'tabular' || !SugarACL::checkAccess($args['reporter']->module, 'export', $is_owner ? array("owner_override" => true) : array()) || $sugar_config['admin_export_only'] && !$current_user->isAdminForModule($args['reporter']->module)) { // User does not have export access, return false return false; } // User has export access, return true return true; }
/** * Returns the Quota for a given timeperiod_id, user_id, and quota_type * * @param $api * @param $args * @return array * @throws SugarApiExceptionNotAuthorized */ public function getQuota($api, $args) { if (!SugarACL::checkAccess('Quotas', 'access')) { throw new SugarApiExceptionNotAuthorized(); } /* @var $quotaBean Quota */ $quotaBean = BeanFactory::getBean('Quotas'); $isRollup = $args['quota_type'] == 'rollup'; // add the manager's rollup quota to the data returned $data = $quotaBean->getRollupQuota($args['timeperiod_id'], $args['user_id'], $isRollup); // add if the manager is a top-level manager or not $data['is_top_level_manager'] = User::isTopLevelManager($args['user_id']); return $data; }
function get_user_module_list($user) { $GLOBALS['log']->info('Begin: SoapHelperWebServices->get_user_module_list'); global $moduleList; $modules = array_flip(SugarACL::filterModuleList($moduleList, 'access', true)); // module names end up as keys global $modInvisList; foreach ($modInvisList as $invis) { $modules[$invis] = 'read_only'; } foreach ($modules as $key => $val) { if (!SugarACL::checkAccess($key, 'edit', array("owner_override" => true))) { // not accessible for write $modules[$key] = 'read_only'; } else { // access ok if ($modules[$key] != 'read_only') { $modules[$key] = ''; } } } $GLOBALS['log']->info('End: SoapHelperWebServices->get_user_module_list'); return $modules; }