public function execute() { // only allowed to global admin if (!wa()->getUser()->getRights('webasyst', 'backend')) { throw new waRightsException(_w('Access denied')); } $contact_id = waRequest::get('id'); $group_ids = null; if ($contact_id > 0) { $user_groups_model = new waUserGroupsModel(); $group_ids = $user_groups_model->getGroupIds($contact_id); $group_ids[] = 0; } $app_id = waRequest::get('app'); $right_model = new waContactRightsModel(); $rights = $right_model->get($contact_id, $app_id, null, false); $group_rights = null; if ($group_ids) { $group_rights = $right_model->get(array_map(wa_lambda('$a', 'return -$a;'), $group_ids), $app_id, null, false); } // Check custom rights items $app_config = SystemConfig::getAppConfig($app_id); $class_name = $app_config->getPrefix() . "RightConfig"; $file_path = $app_config->getAppPath('lib/config/' . $class_name . ".class.php"); if (file_exists($file_path)) { // Init app waSystem::getInstance($app_id, $app_config, true); include $file_path; /** * @var waRightConfig $right_config */ $right_config = new $class_name(); $rights += $right_config->getRights($contact_id); if ($group_ids) { $group_rights += $right_config->getRights(array_map(wa_lambda('$a', 'return -$a;'), $group_ids)); } $this->view->assign('html', $right_config->getHTML($rights, $group_rights)); waSystem::setActive('contacts'); } else { $this->view->assign('html', ''); } if ($contact_id > 0) { $this->view->assign('user', new waContact($contact_id)); } else { $gm = new waGroupModel(); $this->view->assign('group', $gm->getById(-$contact_id)); } $app = wa()->getAppInfo($app_id); $app['id'] = $app_id; $this->view->assign('app', $app); $this->view->assign('rights', $rights); $this->view->assign('group_rights', $group_rights); }
/** * Check blog rights for current or specified user * @param int $blog_id null to check blog create * @param bool|int $contact_id * @param int $mode * @throws waRightsException * @internal param $blogRightConfig .RIGHT_READ_WRITE|int $mode * @return int|null */ public static function checkRights($blog_id = null, $contact_id = true, $mode = blogRightConfig::RIGHT_READ_WRITE) { static $rights_model; $rights = null; if (!$rights_model) { $rights_model = new waContactRightsModel(); } if ($contact_id === true) { $user = wa()->getUser(); if ($user->isAdmin('blog')) { return blogRightConfig::RIGHT_FULL; } $contact_id = $user->getId(); } elseif ($contact_id) { if ($rights_model->get($contact_id, 'blog', 'backend') > 2) { return blogRightConfig::RIGHT_FULL; } } if ($contact_id) { //it's backend if ($blog_id) { if ($blog_id === true) { $rights = $rights_model->get($contact_id, 'blog', blogRightConfig::RIGHT_ADD_BLOG); if (!$rights) { throw new waRightsException(_w('Access denied'), 403); } } else { $rights = $rights_model->get($contact_id, 'blog', "blog.{$blog_id}"); if ($rights < $mode) { throw new waRightsException(_w('Access denied'), 403); } } } else { $rights = max($rights_model->get($contact_id, 'blog')); } } else { //it's frontend if ($mode > blogRightConfig::RIGHT_READ) { throw new waRightsException(_w('Access denied'), 403); } $blog_model = new blogBlogModel(); if (!$blog_id || !in_array($blog_id, array($blog_model->getAvailable(false, array(), $blog_id)))) { throw new waRightsException(_w('Access denied'), 403); } return blogRightConfig::RIGHT_READ; } return $rights; }
public function execute() { // only allowed to global admin if (!wa()->getUser()->getRights('webasyst', 'backend')) { throw new waRightsException('Access denied'); } if (!($group_id = (int) waRequest::get('id'))) { throw new waException('Group id not specified.'); } $gm = new waGroupModel(); $group = $gm->getById($group_id); $right_model = new waContactRightsModel(); $fullAccess = $right_model->get(-$group_id, 'webasyst', 'backend'); $apps = wa()->getApps(); if (!$fullAccess) { $appAccess = $right_model->getApps($group_id, 'backend'); } $noAccess = true; foreach ($apps as $app_id => &$app) { $app['id'] = $app_id; $app['customizable'] = isset($app['rights']) ? (bool) $app['rights'] : false; $app['access'] = $fullAccess ? 2 : 0; if (!$app['access'] && isset($appAccess[$app_id])) { $app['access'] = $appAccess[$app_id]; } $noAccess = $noAccess && !$app['access']; } unset($app); $this->view->assign('apps', $apps); $this->view->assign('group', $group); $this->view->assign('noAccess', $noAccess); $this->view->assign('fullAccess', $fullAccess); }
public function execute() { $this->view->assign('views', null); $this->view->assign('settings', $this->getUser()->getSettings('contacts')); $historyModel = new contactsHistoryModel(); $this->view->assign('history', $historyModel->get()); $cc = new contactsCollection(); $this->view->assign('totalContacts', $cc->count()); // only show categories available to current user // $crm = new contactsRightsModel(); $wcrm = new waContactRightsModel(); $ccm = new waContactCategoryModel(); // $allowed = $crm->getAllowedCategories(); // $categories = array(); // if($allowed === true) { // $categories = $ccm->getAll(); // } else if ($allowed) { // foreach($ccm->getAll() as $cat) { // if (isset($allowed[$cat['id']])) { // $categories[] = $cat; // } // } // } $categories = $ccm->getAll(); $this->view->assign('categories', $categories); // User views are only available to global admin $r = new waContactRightsModel(); $this->view->assign('superadmin', FALSE); $this->view->assign('admin', FALSE); if (wa()->getUser()->getRights('webasyst', 'backend')) { $this->view->assign('superadmin', TRUE); $this->view->assign('admin', TRUE); // $group_model = new waGroupModel(); // $this->view->assign('groups', $group_model->getAll()); $cc = new contactsCollection('/users/all/'); $this->view->assign('totalUsers', $cc->count()); } else { if (wa()->getUser()->getRights('contacts', 'backend') >= 2) { $this->view->assign('admin', TRUE); } } // is user allowed to add contacts? $this->view->assign('show_create', $wcrm->get(null, null, 'create')); $event_params = array(); $this->view->assign('backend_sidebar', wa()->event('backend_sidebar', $event_params, array('top_li'))); }
public function execute() { // only allowed to global admin if (!wa()->getUser()->getRights('webasyst', 'backend')) { throw new waRightsException(_w('Access denied')); } $group = null; $group_id = waRequest::get('id'); if ($group_id) { $group_model = new waGroupModel(); $group = $group_model->getById($group_id); } // only allowed to global admin $is_global_admin = wa()->getUser()->getRights('webasyst', 'backend'); $right_model = new waContactRightsModel(); $fullAccess = $right_model->get(-$group_id, 'webasyst', 'backend'); $apps = wa()->getApps(); if (!$fullAccess) { $appAccess = $right_model->getApps($group_id, 'backend'); } $noAccess = true; foreach ($apps as $app_id => &$app) { $app['id'] = $app_id; $app['customizable'] = isset($app['rights']) ? (bool) $app['rights'] : false; $app['access'] = $fullAccess ? 2 : 0; if (!$app['access'] && isset($appAccess[$app_id])) { $app['access'] = $appAccess[$app_id]; } $noAccess = $noAccess && !$app['access']; } unset($app); $user_groups = new waUserGroupsModel(); $users_count = $user_groups->countByField(array('group_id' => $group_id)); $this->view->assign('users_count', $users_count); $this->view->assign('apps', $apps); $this->view->assign('noAccess', $noAccess); $this->view->assign('fullAccess', $fullAccess); $this->view->assign('is_global_admin', $is_global_admin); $this->view->assign('group', $group); $this->view->assign('icons', waGroupModel::getIcons()); }
public function execute() { // only allowed to global admin if (!wa()->getUser()->getRights('webasyst', 'backend')) { throw new waRightsException('Access denied.'); } $app_id = waRequest::post('app_id'); $name = waRequest::post('name'); $value = (int) waRequest::post('value'); $contact_id = waRequest::get('id'); $has_backend_access_old = $this->hasBackendAccess($contact_id); if (!$name && !$value) { $values = waRequest::post('app'); if (!is_array($values)) { throw new waException('Bad values for access rights.'); } } else { $values = array($name => $value); } $right_model = new waContactRightsModel(); $is_admin = $right_model->get($contact_id, 'webasyst', 'backend', false); if ($is_admin && $app_id != 'webasyst') { throw new waException('Cannot change application rights for global admin.'); } // If $contact_id used to have limited access and we're changing global admin privileges, // then need to notify all applications to remove their custom access records. if (!$is_admin && $app_id == 'webasyst' && $name == 'backend') { foreach (wa()->getApps() as $aid => $app) { try { if (isset($app['rights']) && $app['rights']) { $app_config = SystemConfig::getAppConfig($aid); $class_name = $app_config->getPrefix() . "RightConfig"; $file_path = $app_config->getAppPath('lib/config/' . $class_name . ".class.php"); $right_config = null; if (!file_exists($file_path)) { continue; } waSystem::getInstance($aid, $app_config); include_once $file_path; /** * @var waRightConfig */ $right_config = new $class_name(); $right_config->clearRights($contact_id); } } catch (Exception $e) { // silently ignore other applications errors } } } // Update $app_id access records $app_config = SystemConfig::getAppConfig($app_id); $class_name = $app_config->getPrefix() . "RightConfig"; $file_path = $app_config->getAppPath('lib/config/' . $class_name . ".class.php"); $right_config = null; if (file_exists($file_path)) { // Init app waSystem::getInstance($app_id, $app_config); include_once $file_path; /** * @var waRightConfig */ $right_config = new $class_name(); } foreach ($values as $name => $value) { if ($right_config && $right_config->setRights($contact_id, $name, $value)) { // If we've got response from custom rights config, then no need to update main rights table continue; } // Set default limited rights if ($right_config && $name == 'backend' && $value == 1) { /** * @var $right_config waRightConfig */ foreach ($right_config->setDefaultRights($contact_id) as $n => $v) { $right_model->save($contact_id, $app_id, $n, $v); } } $right_model->save($contact_id, $app_id, $name, $value); } waSystem::setActive('contacts'); if ($contact_id) { // TODO: use waContact method for disabling $is_user = waRequest::post('is_user', null, 'int'); if ($is_user === -1 || $is_user === 0 || $is_user === 1) { $contact = new waContact($contact_id); $contact->save(array('is_user' => $is_user)); $this->response['access_disable_msg'] = contactsHelper::getAccessDisableMsg($contact); } } $has_backend_access_new = $this->hasBackendAccess($contact_id); if ($has_backend_access_new !== $has_backend_access_old) { if ($has_backend_access_new) { $this->logAction("grant_backend_access", null, $contact_id); } else { $this->logAction("revoke_backend_access", null, $contact_id); } } }
/** * Returns information about a contact's access rights configuration. * * @param string $app_id Id of the app for which contact's access rights configuration must be returned. * @param string $name String id of the access rights element available for the specified app. If not specified, * all values of access rights for the current contact are returned. If % character is appended to the access * rights element id, then the access rights values for that element are returned as an array. The array * structure is defined by the value of the $assoc parameter. * @param bool $assoc Flag defining the structure of the returned array: * - true (default): multi-fields of access rights configuration elements are included in the returned array * with access rights elements' ids as array keys and 1 as their values. * - false: array keys are incremented starting from 0, array item values containing the ids of access * rights configuration elements of access rights multi-fields enabled for a user. * @return int|bool|array */ public function getRights($app_id, $name = null, $assoc = true) { if ($name !== null && substr($name, -1) === '%') { if (!$this->id) { return array(); } $right_model = new waContactRightsModel(); $data = $right_model->get($this->id, $app_id); $result = array(); $prefix = substr($name, 0, -1); $n = strlen($prefix); foreach ($data as $key => $value) { if (substr($key, 0, $n) === $prefix) { if ($assoc) { $result[substr($key, $n)] = $value; } else { $result[] = substr($key, $n); } } } return $result; } else { if (!$this->id) { return false; } $right_model = new waContactRightsModel(); $r = $right_model->get($this->id, $app_id, $name); // check .all if (!$r && strpos($name, '.') !== false) { return $right_model->get($this->id, $app_id, substr($name, 0, strpos($name, '.')) . '.all'); } return $r; } }