/** * Getting value to display * @param type $value * @return type */ public function getDisplayValue($value) { if ($value == 0) { return ''; } $metaData = Vtiger_Functions::getCRMRecordMetadata($value); $linkValue = '<a class="moduleColor_' . $metaData['setype'] . '" href="index.php?module=' . $metaData['setype'] . '&view=Detail&record=' . $value . '" title="' . vtranslate($metaData['setype'], $metaData['setype']) . '">' . $metaData['label'] . '</a>'; return $linkValue; }
function handleEvent($eventName, $entityData) { if ($eventName == 'vtiger.entity.aftersave.final' && vglobal('shared_owners') == true) { $moduleName = $entityData->getModuleName(); $recordId = $entityData->getId(); $vtEntityDelta = new VTEntityDelta(); $delta = $vtEntityDelta->getEntityDelta($moduleName, $recordId, true); if (array_key_exists('assigned_user_id', $delta)) { $usersUpadated = TRUE; $oldValue = Vtiger_Functions::getArrayFromValue($delta['assigned_user_id']['oldValue']); $currentValue = Vtiger_Functions::getArrayFromValue($delta['assigned_user_id']['currentValue']); $addUsers = $currentValue; $removeUser = array_diff($oldValue, $currentValue); Users_Privileges_Model::setSharedOwnerRecursively($recordId, $addUsers, $removeUser, $moduleName); } } if ($eventName == 'vtiger.entity.link.after' && vglobal('shared_owners') == true && Vtiger_Processes_Model::getConfig('sales', 'popup', 'update_shared_permissions') == 'true') { $destinationModule = ['Products', 'Services']; if ($entityData['sourceModule'] == 'Potentials' && in_array($entityData['destinationModule'], $destinationModule)) { $db = PearDatabase::getInstance(); $sourceRecordId =& $entityData['sourceRecordId']; $destinationRecordId =& $entityData['destinationRecordId']; $recordMetaData = Vtiger_Functions::getCRMRecordMetadata($sourceRecordId); $shownerIds = Vtiger_SharedOwner_UIType::getSharedOwners($sourceRecordId, $entityData['sourceModule']); $shownerIds[] = $recordMetaData['smownerid']; $shownerIds = array_unique($shownerIds); $usersExist = []; $shownersTable = Vtiger_SharedOwner_UIType::getShownerTable($entityData['destinationModule']); $result = $db->pquery('SELECT crmid, userid FROM ' . $shownersTable . ' WHERE userid IN(' . implode(',', $shownerIds) . ') AND crmid = ?', [$destinationRecordId]); while ($row = $db->getRow($result)) { $usersExist[$row['crmid']][$row['userid']] = true; } foreach ($shownerIds as $userId) { if (!isset($usersExist[$destinationRecordId][$userId])) { $db->insert($shownersTable, ['crmid' => $destinationRecordId, 'userid' => $userId]); } } } } }
/** Function to check if the currently logged in user is permitted to perform the specified action * @param $module -- Module Name:: Type varchar * @param $actionname -- Action Name:: Type varchar * @param $recordid -- Record Id:: Type integer * @returns yes or no. If Yes means this action is allowed for the currently logged in user. If no means this action is not allowed for the currently logged in user * */ function isPermitted($module, $actionname, $record_id = '') { $log = vglobal('log'); $log->debug("Entering isPermitted(" . $module . "," . $actionname . "," . $record_id . ") method ..."); $adb = PearDatabase::getInstance(); $current_user = vglobal('current_user'); global $seclog; require 'user_privileges/user_privileges_' . $current_user->id . '.php'; require 'user_privileges/sharing_privileges_' . $current_user->id . '.php'; $permission = 'no'; if (($module == 'Users' || $module == 'Home' || $module == 'uploads') && $_REQUEST['parenttab'] != 'Settings') { //These modules dont have security right now $permission = 'yes'; $log->debug("Exiting isPermitted method ..."); return $permission; } //Checking the Access for the Settings Module if ($module == 'Settings' || $module == 'Administration' || $module == 'System' || $_REQUEST['parenttab'] == 'Settings') { if (!$is_admin) { $permission = 'no'; } else { $permission = 'yes'; } $log->debug("Exiting isPermitted method ..."); return $permission; } //Retreiving the Tabid and Action Id $tabid = getTabid($module); $actionid = getActionid($actionname); $checkModule = $module; if ($checkModule == 'Events') { $checkModule = 'Calendar'; } if (vtlib_isModuleActive($checkModule)) { //Checking whether the user is admin if ($is_admin) { $permission = 'yes'; $log->debug("Exiting isPermitted method ..."); return $permission; } //If no actionid, then allow action is vtiger_tab permission is available if ($actionid === '') { if ($profileTabsPermission[$tabid] == 0) { $permission = 'yes'; $log->debug("Exiting isPermitted method ..."); } else { $permission = 'no'; } return $permission; } $action = getActionname($actionid); //Checking for view all permission if ($profileGlobalPermission[1] == 0 || $profileGlobalPermission[2] == 0) { if ($actionid == 3 || $actionid == 4) { $permission = 'yes'; $log->debug("Exiting isPermitted method ..."); return $permission; } } //Checking for edit all permission if ($profileGlobalPermission[2] == 0) { if ($actionid == 3 || $actionid == 4 || $actionid == 0 || $actionid == 1) { $permission = 'yes'; $log->debug("Exiting isPermitted method ..."); return $permission; } } //Checking for vtiger_tab permission if ($profileTabsPermission[$tabid] != 0) { $permission = 'no'; $log->debug("Exiting isPermitted method ..."); return $permission; } //Checking for Action Permission if (strlen($profileActionPermission[$tabid][$actionid]) < 1 && $profileActionPermission[$tabid][$actionid] == '') { $permission = 'yes'; $log->debug("Exiting isPermitted method ..."); return $permission; } if ($profileActionPermission[$tabid][$actionid] != 0 && $profileActionPermission[$tabid][$actionid] != '') { $permission = 'no'; $log->debug("Exiting isPermitted method ..."); return $permission; } //Checking and returning true if recorid is null if ($record_id == '') { $permission = 'yes'; $log->debug("Exiting isPermitted method ..."); return $permission; } //If modules is Products,Vendors,Faq,PriceBook then no sharing if ($record_id != '') { if (getTabOwnedBy($module) == 1) { $permission = 'yes'; $log->debug("Exiting isPermitted method ..."); return $permission; } } //Retreiving the RecordOwnerId $recOwnType = ''; $recOwnId = ''; $recordOwnerArr = getRecordOwnerId($record_id); $shownerids = Vtiger_SharedOwner_UIType::getSharedOwners($record_id, $module); foreach ($recordOwnerArr as $type => $id) { $recOwnType = $type; $recOwnId = $id; } //Retreiving the default Organisation sharing Access $others_permission_id = $defaultOrgSharingPermission[$tabid]; if (in_array($current_user->id, $shownerids) || count(array_intersect($shownerids, $current_user_groups)) > 0) { $permission = 'yes'; $log->debug('Exiting isPermitted method ... - Shared Owner'); return $permission; } if ($recOwnType == 'Users') { //Checking if the Record Owner is the current User if ($current_user->id == $recOwnId) { $permission = 'yes'; $log->debug('Exiting isPermitted method ...'); return $permission; } //Checking if the Record Owner is the Subordinate User foreach ($subordinate_roles_users as $roleid => $userids) { if (in_array($recOwnId, $userids)) { $permission = 'yes'; $log->debug('Exiting isPermitted method ...'); return $permission; } } } elseif ($recOwnType == 'Groups') { //Checking if the record owner is the current user's group if (in_array($recOwnId, $current_user_groups)) { $permission = 'yes'; $log->debug("Exiting isPermitted method ..."); return $permission; } } $role = getRoleInformation($current_user->roleid); if (($actionid == 3 || $actionid == 4) && $role['previewrelatedrecord'] != 0 || ($actionid == 0 || $actionid == 1) && $role['editrelatedrecord'] != 0) { $parentRecord = Users_Privileges_Model::getParentRecord($record_id, $module, $role['previewrelatedrecord']); if ($parentRecord) { $recordMetaData = Vtiger_Functions::getCRMRecordMetadata($parentRecord); if ($role['permissionsrelatedfield'] == 0) { $relatedPermission = $current_user->id == $recordMetaData['smownerid']; } else { if ($role['permissionsrelatedfield'] == 1) { $relatedPermission = in_array($current_user->id, Vtiger_SharedOwner_UIType::getSharedOwners($parentRecord, $recordMetaData['setype'])); } else { if ($role['permissionsrelatedfield'] == 2) { $relatedPermission = $current_user->id == $recordMetaData['smownerid'] || in_array($current_user->id, Vtiger_SharedOwner_UIType::getSharedOwners($parentRecord, $recordMetaData['setype'])); } } } if ($relatedPermission) { $permission = 'yes'; $log->debug('Exiting isPermitted method ... - Parent Record Owner'); return $permission; } } } //Checking for Default Org Sharing permission if ($others_permission_id == 0) { if ($actionid == 1 || $actionid == 0) { $permission = isReadWritePermittedBySharing($module, $tabid, $actionid, $record_id); $log->debug("Exiting isPermitted method ..."); return $permission; } elseif ($actionid == 2) { $permission = 'no'; $log->debug("Exiting isPermitted method ..."); return $permission; } else { $permission = 'yes'; $log->debug("Exiting isPermitted method ..."); return $permission; } } elseif ($others_permission_id == 1) { if ($actionid == 2) { $permission = 'no'; $log->debug("Exiting isPermitted method ..."); return $permission; } else { $permission = 'yes'; $log->debug("Exiting isPermitted method ..."); return $permission; } } elseif ($others_permission_id == 2) { $permission = 'yes'; $log->debug("Exiting isPermitted method ..."); return $permission; } elseif ($others_permission_id == 3) { if ($actionid == 3 || $actionid == 4) { $permission = isReadPermittedBySharing($module, $tabid, $actionid, $record_id); $log->debug("Exiting isPermitted method ..."); return $permission; } elseif ($actionid == 0 || $actionid == 1) { if ($module == 'Calendar') { $permission = 'no'; } else { $permission = isReadWritePermittedBySharing($module, $tabid, $actionid, $record_id); } $log->debug("Exiting isPermitted method ..."); return $permission; } elseif ($actionid == 2) { $permission = 'no'; return $permission; } else { $permission = 'yes'; $log->debug("Exiting isPermitted method ..."); return $permission; } } else { $permission = 'yes'; } } else { $permission = 'no'; } $log->debug("Exiting isPermitted method ..."); return $permission; }
/** Function to get a user id or group id for a given entity * @param $record -- entity id :: Type integer * @returns $ownerArr -- owner id :: Type array */ function getRecordOwnerId($record) { $log = vglobal('log'); $log->debug("Entering getRecordOwnerId(" . $record . ") method ..."); $adb = PearDatabase::getInstance(); $ownerArr = []; $recordMetaData = Vtiger_Functions::getCRMRecordMetadata($record); if ($recordMetaData) { $ownerId = $recordMetaData['smownerid']; // Look at cache first for information $count = VTCacheUtils::lookupOwnerType($ownerId); if ($count === false) { $sql_result = $adb->pquery("select count(*) as count from vtiger_users where id = ?", array($ownerId)); $count = $adb->query_result($sql_result, 0, 'count'); // Update cache for re-use VTCacheUtils::updateOwnerType($ownerId, $count); } if ($count > 0) { $ownerArr['Users'] = $ownerId; } else { $ownerArr['Groups'] = $ownerId; } } $log->debug("Exiting getRecordOwnerId method ..."); return $ownerArr; }
public function getParentRecord($record, $moduleName = false, $type = 1) { if (isset(self::$parentRecordCache[$record])) { return self::$parentRecordCache[$record]; } if (!$moduleName) { $recordMetaData = Vtiger_Functions::getCRMRecordMetadata($record); $moduleName = $recordMetaData['setype']; } if ($moduleName == 'Events') { $moduleName = 'Calendar'; } $parentRecord = false; include('user_privileges/moduleHierarchy.php'); if (key_exists($moduleName, $modulesMap1M)) { $parentModule = $modulesMap1M[$moduleName]; $parentModuleModel = Vtiger_Module_Model::getInstance($moduleName); $parentModelFields = $parentModuleModel->getFields(); foreach ($parentModelFields as $fieldName => $fieldModel) { if ($fieldModel->getFieldDataType() == Vtiger_Field_Model::REFERENCE_TYPE && count(array_intersect($parentModule, $fieldModel->getReferenceList())) > 0) { $recordModel = Vtiger_Record_Model::getInstanceById($record); $value = $recordModel->get($fieldName); if ($value != '' && $value != 0) { $parentRecord = $value; continue; } } } if ($parentRecord && $type == 2) { $rparentRecord = self::getParentRecord($parentRecord, false, $type); if ($rparentRecord) { $parentRecord = $rparentRecord; } } return $record != $parentRecord ? $parentRecord : false; } else if (in_array($moduleName, $modulesMapMMBase)) { $currentUser = vglobal('current_user'); $db = PearDatabase::getInstance(); $result = $db->pquery('SELECT * FROM vtiger_crmentityrel WHERE crmid=? OR relcrmid =?', [$record, $record]); while ($row = $db->fetch_array($result)) { $id = $row['crmid'] == $record ? $row['relcrmid'] : $row['crmid']; $recordMetaData = Vtiger_Functions::getCRMRecordMetadata($id); if ($currentUser->id == $recordMetaData['smownerid']) { $parentRecord = $id; break; } else if ($type == 2) { $rparentRecord = self::getParentRecord($id, $recordMetaData['setype'], $type); if ($rparentRecord) { $parentRecord = $rparentRecord; } } } } else if (key_exists($moduleName, $modulesMapMMCustom)) { $currentUser = vglobal('current_user'); $relationInfo = $modulesMapMMCustom[$moduleName]; $db = PearDatabase::getInstance(); $query = 'SELECT ' . $relationInfo['rel'] . ' AS crmid FROM `' . $relationInfo['table'] . '` WHERE ' . $relationInfo['base'] . ' = ?'; $result = $db->pquery($query, [$record]); while ($row = $db->fetch_array($result)) { $recordMetaData = Vtiger_Functions::getCRMRecordMetadata($row['crmid']); if ($currentUser->id == $recordMetaData['smownerid']) { $parentRecord = $row['crmid']; break; } else if ($type == 2) { $rparentRecord = self::getParentRecord($row['crmid'], $recordMetaData['setype'], $type); if ($rparentRecord) { $parentRecord = $rparentRecord; } } } } self::$parentRecordCache[$record] = $parentRecord; return $parentRecord; }
public function process($moduleName, $iD, $recordForm, $config) { $db = PearDatabase::getInstance(); $params = []; $hierarchyAll = []; $save = true; $where = ''; $hierarchyCheck = false; if ($iD != 0 && $iD != '' && !array_key_exists('vat_id', $recordForm)) { $recordModel = Vtiger_Record_Model::getInstanceById($iD, $moduleName); $vatId = $recordModel->get('vat_id'); } else { if (array_key_exists('vat_id', $recordForm)) { $vatId = $recordForm['vat_id']; } } if ($iD != 0 && $iD != '' && !array_key_exists('accountname', $recordForm)) { $recordModel = Vtiger_Record_Model::getInstanceById($iD, $moduleName); $accountName = $recordModel->get('accountname'); } else { if (array_key_exists('accountname', $recordForm)) { $accountName = $recordForm['accountname']; } } if ($vatId) { $moduleModel = Vtiger_Module_Model::getInstance($moduleName); $hierarchyField = Vtiger_Field_Model::getInstance('account_id', $moduleModel); if ($hierarchyField->isActiveField()) { if (array_key_exists('account_id', $recordForm)) { $hierarchyValue = $recordForm['account_id']; } elseif ($iD != 0 && $iD != '' && !array_key_exists('account_id', $recordForm)) { $recordModel = Vtiger_Record_Model::getInstanceById($iD, $moduleName); $hierarchyValue = $recordModel->get('account_id'); } if ($hierarchyValue) { $hierarchyAll = $this->getHierarchy($hierarchyValue, $moduleName, $iD); } elseif ($iD) { $hierarchyAll = $this->getHierarchy($iD, $moduleName, $iD); } } $params[] = $vatId; $where .= ' vat_id = ?'; } else { $params[] = $accountName; $where .= ' accountname = ?'; } if ($iD != 0 && $iD != '') { $params[] = $iD; $where .= ' AND accountid <> ?'; } if ($hierarchyAll && $vatId) { $hierarchyParams = array_merge($params, array_keys($hierarchyAll)); $hierarchyQuery = 'SELECT accountid,accountname FROM vtiger_account WHERE ' . $where . ' AND accountid IN (' . $db->generateQuestionMarks($hierarchyAll) . ')'; $result = $db->pquery($hierarchyQuery, $hierarchyParams); if ($db->getRowCount($result)) { $hierarchyCheck = true; } while ($row = $db->getRow($result)) { if ($row['accountname'] == $accountName) { $metaData = Vtiger_Functions::getCRMRecordMetadata($row['accountid']); $save = false; $fieldlabel .= '<a target="_blank" href="index.php?module=Accounts&view=Detail&record=' . $row['accountid'] . '">• ' . Vtiger_Functions::getCRMRecordLabel($row['accountid']) . '</a> (' . Vtiger_Functions::getOwnerRecordLabel($metaData['smownerid']) . '),<br/>'; } } } if (!$hierarchyCheck) { $sql = "SELECT accountid FROM vtiger_account WHERE {$where};"; $result = $db->pquery($sql, $params); while ($id = $db->getSingleValue($result)) { $metaData = Vtiger_Functions::getCRMRecordMetadata($id); $save = false; $deletedLabel = $metaData['deleted'] ? ' - ' . vtranslate('LBL_RECORD_DELETED', 'DataAccess') : ''; $fieldlabel .= '<a target="_blank" href="index.php?module=Accounts&view=Detail&record=' . $id . '">• ' . Vtiger_Functions::getCRMRecordLabel($id) . '</a> (' . Vtiger_Functions::getOwnerRecordLabel($metaData['smownerid']) . ')' . $deletedLabel . ',<br/>'; } } if (!$save) { $permission = Users_Privileges_Model::isPermitted($moduleName, 'DuplicateRecord'); $text = '<div class="marginLeft10">' . vtranslate('LBL_DUPLICATED_FOUND', 'DataAccess') . ': <br/ >' . trim($fieldlabel, ',') . '</div>'; if ($permission) { $title = '<strong>' . vtranslate('LBL_DUPLICTAE_CREATION_CONFIRMATION', 'DataAccess') . '</strong>'; if (!empty($iD)) { $text .= '<form class="form-horizontal"><div class="checkbox"> <label> <input type="checkbox" name="cache"> ' . vtranslate('LBL_DONT_ASK_AGAIN', 'DataAccess') . ' </label> </div></form>'; } if ($recordForm['view'] == 'quick_edit') { $text = '<div class="alert alert-warning" role="alert">' . vtranslate('LBL_DUPLICTAE_QUICK_EDIT_CONFIRMATION', 'DataAccess') . '</div>' . $text; } } return array('save_record' => $save, 'type' => 3, 'info' => ['text' => $text, 'title' => $title, 'type' => $permission ? 1 : 0]); } else { return array('save_record' => true); } }
public function process($ModuleName, $ID, $record_form, $config) { $db = PearDatabase::getInstance(); $ModuleNameID = Vtiger_Functions::getModuleId($ModuleName); $fieldlabel = $sql_ext = ''; $save_record1 = true; $save_record2 = true; $save_record = true; $type = 0; $typeInfo = 'info'; $info = false; if ($ID != 0 && $ID != '' && !array_key_exists($config['what1'], $record_form)) { $Record_Model = Vtiger_Record_Model::getInstanceById($ID, $ModuleName); $value1 = $Record_Model->get($config['what1']); } else { if (array_key_exists($config['what1'], $record_form)) { $value1 = $record_form[$config['what1']]; } } if ($ID != 0 && $ID != '' && !array_key_exists($config['what2'], $record_form)) { $Record_Model = Vtiger_Record_Model::getInstanceById($ID, $ModuleName); $value2 = $Record_Model->get($config['what2']); } else { if (array_key_exists($config['what2'], $record_form)) { $value2 = $record_form[$config['what2']]; } } if (!is_array($config['where1'])) { $wheres1[] = $config['where1']; } else { $wheres1 = $config['where1']; } if (!is_array($config['where2'])) { $wheres2[] = $config['where2']; } else { $wheres2 = $config['where2']; } if ($value1 != '') { foreach ($wheres1 as $where) { $where = explode('=', $where); $DestModuleName = Vtiger_Functions::getModuleName($where[2]); $ModuleInstance = CRMEntity::getInstance($DestModuleName); $tab_name_index = $ModuleInstance->tab_name_index; $index = $tab_name_index[$where[0]]; $sql_param = array($value1); $sql_ext = ''; $spacialCondition = ''; $sqlSpecial = ''; if ($ModuleNameID == $where[2] && $ID != 0 && $ID != '') { $sql_param[] = $ID; $sql_ext = 'AND ' . $index . ' <> ?'; } if ($DestModuleName == 'Leads') { $spacialCondition = ' AND `converted` = 0'; if ('vtiger_crmentity' == $where[0]) { $sqlSpecial = 'INNER JOIN vtiger_leaddetails ON vtiger_crmentity.crmid = vtiger_leaddetails.leadid '; } } $result = $db->pquery("SELECT {$index} FROM {$where[0]} {$sqlSpecial} WHERE {$where[1]} = ? {$sql_ext} {$spacialCondition};", $sql_param, true); $num = $db->num_rows($result); for ($i = 0; $i < $num; $i++) { $id = $db->query_result_raw($result, $i, $index); $metadata = Vtiger_Functions::getCRMRecordMetadata($id); if ($metadata['setype'] == $DestModuleName) { $save_record1 = false; $deletedLabel = $metadata['deleted'] ? ' - ' . vtranslate('LBL_RECORD_DELETED', 'DataAccess') : ''; $fieldlabel .= '<a target="_blank" href="index.php?module=' . $DestModuleName . '&view=Detail&record=' . $id . '">• ' . Vtiger_Functions::getCRMRecordLabel($id) . '</a> (' . Vtiger_Functions::getOwnerRecordLabel($metadata['smownerid']) . ')' . $deletedLabel . ',<br/>'; } } } } if ($value2 != '') { foreach ($wheres2 as $where) { $where = explode('=', $where); $DestModuleName = Vtiger_Functions::getModuleName($where[2]); $ModuleInstance = CRMEntity::getInstance($DestModuleName); $tab_name_index = $ModuleInstance->tab_name_index; $index = $tab_name_index[$where[0]]; $sql_param = array($value2); $sql_ext = ''; $spacialCondition = ''; $sqlSpecial = ''; if ($ModuleNameID == $where[2] && $ID != 0 && $ID != '') { $sql_param[] = $ID; $sql_ext = 'AND ' . $index . ' <> ?'; } if ($DestModuleName == 'Leads') { $spacialCondition = ' AND `converted` = 0'; if ('vtiger_crmentity' == $where[0]) { $sqlSpecial = 'INNER JOIN vtiger_leaddetails ON vtiger_crmentity.crmid = vtiger_leaddetails.leadid '; } } $result = $db->pquery("SELECT {$index} FROM {$where[0]} WHERE {$where[1]} = ? {$sql_ext};", $sql_param, true); $num = $db->num_rows($result); for ($i = 0; $i < $num; $i++) { $id = $db->query_result_raw($result, $i, $index); $metadata = Vtiger_Functions::getCRMRecordMetadata($id); if ($metadata['setype'] == $DestModuleName) { $save_record2 = false; $deletedLabel = $metadata['deleted'] ? ' - ' . vtranslate('LBL_RECORD_DELETED', 'DataAccess') : ''; $fieldlabel .= '<a target="_blank" href="index.php?module=' . $DestModuleName . '&view=Detail&record=' . $id . '">• ' . Vtiger_Functions::getCRMRecordLabel($id) . '</a> (' . Vtiger_Functions::getOwnerRecordLabel($metadata['smownerid']) . ')' . $deletedLabel . ',<br/>'; } } } } if ($config['locksave'] == 0) { $info = $config['info0']; $type = 2; $save_record = !$save_record1 || !$save_record2 ? false : true; } elseif (!$save_record1 && !$save_record2) { $typeInfo = 'error'; $save_record = false; $info = $config['info2']; } elseif (!$save_record1 || !$save_record2) { $typeInfo = 'error'; $save_record = false; $info = $config['info1']; } if (!$save_record || $info) { return array('save_record' => $save_record, 'type' => $type, 'info' => ['text' => vtranslate($info, 'DataAccess') . ' <br/ >' . trim($fieldlabel, ','), 'ntype' => $typeInfo, 'hide' => false]); } else { return array('save_record' => true); } }
/** * Function to get the share users list * @param int $record record ID * @param bool $returnArray whether return data in an array * @return array */ public static function getSharedOwners($record, $moduleName = false) { $shownerid = Vtiger_Cache::get('SharedOwner', $record); if ($shownerid) { return $shownerid; } $db = PearDatabase::getInstance(); if ($moduleName === false) { $recordMetaData = Vtiger_Functions::getCRMRecordMetadata($parentRecord); $moduleName = $recordMetaData['setype']; } $shownersTable = self::getShownerTable($moduleName); $result = $db->pquery('SELECT DISTINCT userid FROM ' . $shownersTable . ' WHERE crmid = ?', [$record]); $values = []; while (($shownerid = $db->getSingleValue($result)) !== false) { $values[] = $shownerid; } Vtiger_Cache::set('SharedOwner', $record, $values); return $values; }
function getUserAccessConditionsQuerySR($module, $current_user = false, $relatedRecord = false) { if ($current_user == false) { $current_user = vglobal('current_user'); } require 'user_privileges/user_privileges_' . $current_user->id . '.php'; require 'user_privileges/sharing_privileges_' . $current_user->id . '.php'; global $shared_owners; $is_admin = is_admin($current_user); $sharedParameter = $securityParameter = ''; $query = ''; $tabId = getTabid($module); if ($relatedRecord) { $role = getRoleInformation($current_user->roleid); if ($role['listrelatedrecord'] != 0) { $rparentRecord = Users_Privileges_Model::getParentRecord($relatedRecord, false, $role['listrelatedrecord']); if ($rparentRecord) { $relatedRecord = $rparentRecord; } $recordMetaData = Vtiger_Functions::getCRMRecordMetadata($relatedRecord); $recordPermission = Users_Privileges_Model::isPermitted($recordMetaData['setype'], 'DetailView', $relatedRecord); if (!$recordPermission) { throw new AppException('LBL_PERMISSION_DENIED'); } if ($recordMetaData['smownerid'] == $current_user->id) { return ''; } } } if ($is_admin == false && $profileGlobalPermission[1] == 1 && $profileGlobalPermission[2] == 1 && $defaultOrgSharingPermission[$tabId] == 3) { $securityParameter = $this->getUserAccessConditionsQuery($module, $current_user); $shownerid = array_merge([$current_user->id], $current_user_groups); $sharedParameter .= 'vtiger_crmentity.crmid IN (SELECT DISTINCT crmid FROM u_yf_crmentity_showners WHERE userid IN (' . implode(',', $shownerid) . '))'; } if ($shared_owners == true) { if ($securityParameter != '') { $query .= " AND ( ({$securityParameter}) OR ({$sharedParameter}) )"; } elseif ($sharedParameter != '') { $query .= ' AND (' . $sharedParameter . ')'; } } else { $query .= $securityParameter; } return $query; }
public function process($moduleName, $iD, $record_form, $config) { $db = PearDatabase::getInstance(); $moduleNameID = Vtiger_Functions::getModuleId($moduleName); $fieldlabel = $sql_ext = ''; $save_record1 = true; $save_record2 = true; $save_record = true; $type = 0; $typeInfo = 'info'; $info = false; if ($iD != 0 && $iD != '' && !array_key_exists($config['what1'], $record_form)) { $Record_Model = Vtiger_Record_Model::getInstanceById($iD, $moduleName); $value1 = $Record_Model->get($config['what1']); } else { if (array_key_exists($config['what1'], $record_form)) { $value1 = $record_form[$config['what1']]; } } if ($iD != 0 && $iD != '' && !array_key_exists($config['what2'], $record_form)) { $Record_Model = Vtiger_Record_Model::getInstanceById($iD, $moduleName); $value2 = $Record_Model->get($config['what2']); } else { if (array_key_exists($config['what2'], $record_form)) { $value2 = $record_form[$config['what2']]; } } if (!is_array($config['where1'])) { $wheres1[] = $config['where1']; } else { $wheres1 = $config['where1']; } if (!is_array($config['where2'])) { $wheres2[] = $config['where2']; } else { $wheres2 = $config['where2']; } if ($value1 != '') { foreach ($wheres1 as $where) { $where = explode('=', $where); $DestModuleName = Vtiger_Functions::getModuleName($where[2]); $ModuleInstance = CRMEntity::getInstance($DestModuleName); $tab_name_index = $ModuleInstance->tab_name_index; $index = $tab_name_index[$where[0]]; $sql_param = array($value1); $sql_ext = ''; $spacialCondition = ''; $sqlSpecial = ''; if ($moduleNameID == $where[2] && $iD != 0 && $iD != '') { $sql_param[] = $iD; $sql_ext = 'AND ' . $index . ' <> ?'; } if ($DestModuleName == 'Leads') { $spacialCondition = ' AND `converted` = 0'; if ('vtiger_crmentity' == $where[0]) { $sqlSpecial = 'INNER JOIN vtiger_leaddetails ON vtiger_crmentity.crmid = vtiger_leaddetails.leadid '; } } $result = $db->pquery("SELECT {$index} FROM {$where[0]} {$sqlSpecial} WHERE {$where[1]} = ? {$sql_ext} {$spacialCondition};", $sql_param, true); $num = $db->num_rows($result); for ($i = 0; $i < $num; $i++) { $id = $db->query_result_raw($result, $i, $index); $metadata = Vtiger_Functions::getCRMRecordMetadata($id); if ($metadata['setype'] == $DestModuleName) { $save_record1 = false; $deletedLabel = $metadata['deleted'] ? ' - ' . vtranslate('LBL_RECORD_DELETED', 'DataAccess') : ''; $fieldlabel .= '<li><a target="_blank" href="index.php?module=' . $DestModuleName . '&view=Detail&record=' . $id . '"><strong>' . Vtiger_Functions::getCRMRecordLabel($id) . '</strong></a> (' . Vtiger_Functions::getOwnerRecordLabel($metadata['smownerid']) . ')' . $deletedLabel . ',</li>'; } } } } if ($value2 != '') { foreach ($wheres2 as $where) { $where = explode('=', $where); $DestModuleName = Vtiger_Functions::getModuleName($where[2]); $ModuleInstance = CRMEntity::getInstance($DestModuleName); $tab_name_index = $ModuleInstance->tab_name_index; $index = $tab_name_index[$where[0]]; $sql_param = array($value2); $sql_ext = ''; $spacialCondition = ''; $sqlSpecial = ''; if ($moduleNameID == $where[2] && $iD != 0 && $iD != '') { $sql_param[] = $iD; $sql_ext = 'AND ' . $index . ' <> ?'; } if ($DestModuleName == 'Leads') { $spacialCondition = ' AND `converted` = 0'; if ('vtiger_crmentity' == $where[0]) { $sqlSpecial = 'INNER JOIN vtiger_leaddetails ON vtiger_crmentity.crmid = vtiger_leaddetails.leadid '; } } $result = $db->pquery("SELECT {$index} FROM {$where[0]} WHERE {$where[1]} = ? {$sql_ext};", $sql_param, true); $num = $db->num_rows($result); for ($i = 0; $i < $num; $i++) { $id = $db->query_result_raw($result, $i, $index); $metadata = Vtiger_Functions::getCRMRecordMetadata($id); if ($metadata['setype'] == $DestModuleName) { $save_record2 = false; $deletedLabel = $metadata['deleted'] ? ' - ' . vtranslate('LBL_RECORD_DELETED', 'DataAccess') : ''; $fieldlabel .= '<li><a target="_blank" href="index.php?module=' . $DestModuleName . '&view=Detail&record=' . $id . '"><strong>' . Vtiger_Functions::getCRMRecordLabel($id) . '</strong></a> (' . Vtiger_Functions::getOwnerRecordLabel($metadata['smownerid']) . ')' . $deletedLabel . ',</li>'; } } } } if ($config['locksave'] == 0) { $info = $config['info0']; $type = 2; $save_record = !$save_record1 || !$save_record2 ? false : true; } elseif (!$save_record1 && !$save_record2) { $typeInfo = 'error'; $save_record = false; $info = $config['info2']; } elseif (!$save_record1 || !$save_record2) { $typeInfo = 'error'; $save_record = false; $info = $config['info1']; } if ($config['locksave'] == 3 && !$save_record) { $type = $config['locksave']; $permission = Users_Privileges_Model::isPermitted($moduleName, 'DuplicateRecord'); $text = '<div class="marginLeft10">' . vtranslate('LBL_DUPLICATED_FOUND', 'DataAccess') . ': <br/ >' . trim($fieldlabel, ',') . '</div>'; if ($permission) { $title = '<strong>' . vtranslate('LBL_DUPLICTAE_CREATION_CONFIRMATION', 'DataAccess') . '</strong>'; if (!empty($iD)) { $text .= '<form class="form-horizontal"><div class="checkbox"> <label> <input type="checkbox" name="cache"> ' . vtranslate('LBL_DONT_ASK_AGAIN', 'DataAccess') . ' </label> </div></form>'; } if ($record_form['view'] == 'quick_edit') { $text = '<div class="alert alert-warning" role="alert">' . vtranslate('LBL_DUPLICTAE_QUICK_EDIT_CONFIRMATION', 'DataAccess') . '</div>' . $text; } } $info = ['text' => $text, 'title' => $title, 'type' => $permission ? 1 : 0]; } if (!$save_record || $info) { return array('save_record' => $save_record, 'type' => $type, 'info' => $info ? $info : ['text' => vtranslate($info, 'DataAccess') . ' <br/ >' . trim($fieldlabel, ','), 'ntype' => $typeInfo, 'hide' => false]); } else { return array('save_record' => true); } }