function getAllowedCompanies() { global $AppUI; require_once $AppUI->getModuleClass('companies'); $company = new CCompany(); $allowedCompanies = $company->getAllowedRecords($AppUI->user_id, 'company_id,company_name', 'company_name'); //$allowedCompanies = arrayMerge( array( '0'=>'' ), $allowedCompanies ); return $allowedCompanies; }
protected function _createCompanySelection($AppUI, $companyInput) { $company = new CCompany(); $companyMatches = $company->getCompanyList($AppUI, -1, $companyInput); $company_id = count($companyMatches) == 1 ? $companyMatches[0]['company_id'] : $AppUI->user_company; $companies = $company->getAllowedRecords($AppUI->user_id, 'company_id,company_name', 'company_name'); $companies = arrayMerge(array('0' => ''), $companies); $output .= '<td>' . arraySelect($companies, 'company_id', ' onChange=this.form.new_company.value=\'\'', $company_id) . '<input type="text" name="new_company" value="' . ($company_id > 0 ? '' : $companyInput) . '" />'; if ($company_id == 0) { $output .= '<br /><em>' . $AppUI->_('compinfo') . '</em>'; } $output .= '</td></tr>'; return $output; }
$AppUI->savePlace(); w2PsetMicroTime(); // retrieve any state parameters if (isset($_REQUEST['company_id'])) { $AppUI->setState('CalIdxCompany', intval(w2PgetParam($_REQUEST, 'company_id', 0))); } $company_id = $AppUI->getState('CalIdxCompany', 0); // Using simplified set/get semantics. Doesn't need as much code in the module. $event_filter = $AppUI->checkPrefState('CalIdxFilter', w2PgetParam($_REQUEST, 'event_filter', 'my'), 'EVENTFILTER', 'my'); // get the passed timestamp (today if none) $ctoday = new w2p_Utilities_Date(); $today = $ctoday->format(FMT_TIMESTAMP_DATE); $date = w2PgetParam($_GET, 'date', $today); // get the list of visible companies $company = new CCompany(); $companies = $company->getAllowedRecords($AppUI->user_id, 'company_id,company_name', 'company_name'); $companies = arrayMerge(array('0' => $AppUI->_('All')), $companies); // setup the title block $titleBlock = new CTitleBlock('Monthly Calendar', 'myevo-appointments.png', $m, $m . '.' . $a); $titleBlock->addCrumb('?m=calendar&a=year_view&date=' . $date, 'year view'); $titleBlock->addCrumb('?m=calendar&date=' . $date, 'month view'); $titleBlock->addCrumb('?m=calendar&a=week_view&date=' . $date, 'week view'); $titleBlock->addCrumb('?m=calendar&a=day_view&date=' . $date, 'day view'); $titleBlock->addCell($AppUI->_('Company') . ':'); $titleBlock->addCell(arraySelect($companies, 'company_id', 'onChange="document.pickCompany.submit()" class="text"', $company_id), '', '<form action="' . $_SERVER['REQUEST_URI'] . '" method="post" name="pickCompany" accept-charset="utf-8">', '</form>'); $titleBlock->addCell($AppUI->_('Event Filter') . ':'); $titleBlock->addCell(arraySelect($event_filter_list, 'event_filter', 'onChange="document.pickFilter.submit()" class="text"', $event_filter, true), '', '<form action="' . $_SERVER['REQUEST_URI'] . '" method="post" name="pickFilter" accept-charset="utf-8">', '</form>'); $titleBlock->show(); ?> <script language="javascript" type="text/javascript">
/** ** Overload of the w2PObject::getAllowedRecords ** to ensure that the allowed projects are owned by allowed companies. ** ** @author handco <*****@*****.**> ** @see w2PObject::getAllowedRecords **/ public function getAllowedRecords($uid, $fields = '*', $orderby = '', $index = null, $extra = null) { global $AppUI; $oCpy = new CCompany(); $aCpies = $oCpy->getAllowedRecords($uid, 'company_id, company_name'); if (count($aCpies)) { $buffer = '(contact_company IN (' . implode(',', array_keys($aCpies)) . ') OR contact_company IS NULL OR contact_company = \'\' OR contact_company = 0)'; //Department permissions $oDpt = new CDepartment(); $aDpts = $oDpt->getAllowedRecords($uid, 'dept_id, dept_name'); if (count($aDpts)) { $dpt_buffer = '(contact_department IN (' . implode(',', array_keys($aDpts)) . ') OR contact_department = 0)'; } else { // There are no allowed departments, so allow projects with no department. $dpt_buffer = '(contact_department = 0)'; } if ($extra['where'] != '') { $extra['where'] = $extra['where'] . ' AND ' . $buffer . ' AND ' . $dpt_buffer; } else { $extra['where'] = $buffer . ' AND ' . $dpt_buffer; } } else { // There are no allowed companies, so don't allow projects. if ($extra['where'] != '') { $extra['where'] = $extra['where'] . ' AND (contact_company IS NULL OR contact_company = \'\' OR contact_company = 0) '; } else { $extra['where'] = 'contact_company IS NULL OR contact_company = \'\' OR contact_company = 0'; } } return parent::getAllowedRecords($uid, $fields, $orderby, $index, $extra); }
if (!defined('DP_BASE_DIR')) { die('You should not access this file directly.'); } global $search_string; global $owner_filter_id; global $currentTabId; global $currentTabName; global $tabbed; global $type_filter; global $orderby; global $orderdir; // load the company types $types = dPgetSysVal('CompanyType'); // get any records denied from viewing $obj = new CCompany(); $allowedCompanies = $obj->getAllowedRecords($AppUI->user_id, 'company_id, company_name'); $company_type_filter = $currentTabId; //Not Defined $companiesType = true; if ($currentTabName == "All Companies") { $companiesType = false; } if ($currentTabName == "Not Applicable") { $company_type_filter = 0; } // retrieve list of records $q = new DBQuery(); $q->addTable('companies', 'c'); $q->addQuery('c.company_id, c.company_name, c.company_type, c.company_description, count(distinct p.project_id) as countp, count(distinct p2.project_id) as inactive, con.contact_first_name, con.contact_last_name'); $q->addJoin('projects', 'p', 'c.company_id = p.project_company AND p.project_status <> 7'); $q->addJoin('users', 'u', 'c.company_owner = u.user_id');
if (!isset($project_id)) { $project_id = dPgetParam($_REQUEST, 'project_id', 0); } if (!$project_id) { $showProject = true; } // get company to filter files by //if (isset( $_POST['company_id'] )) { // $AppUI->setState( 'FileIdxCompany', intval( $_POST['company_id'] ) ); //} //$company_id = $AppUI->getState( 'FileIdxCompany' ) !== NULL ? $AppUI->getState( 'FileIdxCompany' ) : $AppUI->user_company; if (!isset($company_id)) { $company_id = dPgetParam($_REQUEST, 'company_id', 0); } $obj = new CCompany(); $allowed_companies_ary = $obj->getAllowedRecords($AppUI->user_id, 'company_id,company_name', 'company_name'); $allowed_companies = implode(",", array_keys($allowed_companies_ary)); if (!isset($task_id)) { $task_id = dPgetParam($_REQUEST, 'task_id', 0); } global $xpg_min, $xpg_pagesize; $xpg_pagesize = 30; $xpg_min = $xpg_pagesize * ($page - 1); // This is where we start our record set from // load the following classes to retrieved denied records include_once $AppUI->getModuleClass('projects'); include_once $AppUI->getModuleClass('tasks'); $project = new CProject(); $deny1 = $project->getDeniedRecords($AppUI->user_id); $task = new CTask(); $deny2 = $task->getDeniedRecords($AppUI->user_id);
/** * Overload of the w2PObject::getDeniedRecords * to ensure that the projects owned by denied companies are denied. * * @author handco <*****@*****.**> * @see w2PObject::getAllowedRecords */ public function getDeniedRecords($uid) { $aBuf1 = parent::getDeniedRecords($uid); $oCpy = new CCompany(); // Retrieve which projects are allowed due to the company rules $aCpiesAllowed = $oCpy->getAllowedRecords($uid, 'company_id,company_name'); //Department permissions $oDpt = new CDepartment(); $aDptsAllowed = $oDpt->getAllowedRecords($uid, 'dept_id,dept_name'); $q = $this->_query; $q->addTable('projects'); $q->addQuery('projects.project_id'); $q->addJoin('project_departments', 'pd', 'pd.project_id = projects.project_id'); if (count($aCpiesAllowed)) { if (array_search('0', $aCpiesAllowed) === false) { //If 0 (All Items of a module) are not permited then just add the allowed items only $q->addWhere('NOT (project_company IN (' . implode(',', array_keys($aCpiesAllowed)) . '))'); } else { //If 0 (All Items of a module) are permited then don't add a where clause so the user is permitted to see all } } else { //if the user is not allowed any company then lets shut him off $q->addWhere('0=1'); } if (count($aDptsAllowed)) { if (array_search('0', $aDptsAllowed) === false) { //If 0 (All Items of a module) are not permited then just add the allowed items only $q->addWhere('NOT (department_id IN (' . implode(',', array_keys($aDptsAllowed)) . '))'); } else { //If 0 (All Items of a module) are permited then don't add a where clause so the user is permitted to see all $q->addWhere('NOT (department_id IS NULL)'); } } else { //If 0 (All Items of a module) are permited then don't add a where clause so the user is permitted to see all $q->addWhere('NOT (department_id IS NULL)'); } $aBuf2 = $q->loadColumn(); $q->clear(); return array_merge($aBuf1, $aBuf2); }
/** * Overload of the dpObject::getDeniedRecords * to ensure that the projects owned by denied companies are denied. * * @author handco <*****@*****.**> * @see dpObject::getAllowedRecords */ function getDeniedRecords($uid) { $aBuf1 = parent::getDeniedRecords($uid); $oCpy = new CCompany(); // Retrieve which projects are allowed due to the company rules $aCpiesAllowed = $oCpy->getAllowedRecords($uid, 'company_id,company_name'); $q = new DBQuery(); $q->addTable('projects'); $q->addQuery('project_id'); if (count($aCpiesAllowed)) { $q->addWhere('NOT (project_company IN (' . implode(',', array_keys($aCpiesAllowed)) . '))'); } $sql = $q->prepare(); $q->clear(); $aBuf2 = db_loadColumn($sql); return array_merge($aBuf1, $aBuf2); }
function projects_list_data($user_id = false) { global $AppUI, $addPwOiD, $buffer, $company, $company_id, $company_prefix, $deny, $department, $dept_ids, $w2Pconfig, $orderby, $orderdir, $tasks_problems, $owner, $projectTypeId, $search_text, $project_type; $addProjectsWithAssignedTasks = $AppUI->getState('addProjWithTasks') ? $AppUI->getState('addProjWithTasks') : 0; // get any records denied from viewing $obj = new CProject(); $deny = $obj->getDeniedRecords($AppUI->user_id); // Let's delete temproary tables $q = new w2p_Database_Query(); $q->setDelete('tasks_problems'); $q->exec(); $q->clear(); $q->setDelete('tasks_users'); $q->exec(); $q->clear(); // support task problem logs $q->addInsertSelect('tasks_problems'); $q->addTable('tasks'); $q->addQuery('task_project, task_log_problem'); $q->addJoin('task_log', 'tl', 'tl.task_log_task = task_id', 'inner'); $q->addWhere('task_log_problem = 1'); $q->addGroup('task_project'); $tasks_problems = $q->exec(); $q->clear(); if ($addProjectsWithAssignedTasks) { // support users tasks $q->addInsertSelect('tasks_users'); $q->addTable('tasks'); $q->addQuery('task_project'); $q->addQuery('ut.user_id'); $q->addJoin('user_tasks', 'ut', 'ut.task_id = tasks.task_id'); if ($user_id) { $q->addWhere('ut.user_id = ' . (int) $user_id); } $q->addOrder('task_end_date DESC'); $q->addGroup('task_project'); $tasks_users = $q->exec(); $q->clear(); } // add Projects where the Project Owner is in the given department if ($addPwOiD && isset($department)) { $owner_ids = array(); $q->addTable('users'); $q->addQuery('user_id'); $q->addJoin('contacts', 'c', 'c.contact_id = user_contact', 'inner'); $q->addWhere('c.contact_department = ' . (int) $department); $owner_ids = $q->loadColumn(); $q->clear(); } if (isset($department)) { //If a department is specified, we want to display projects from the department, and all departments under that, so we need to build that list of departments $dept_ids = array(); $q->addTable('departments'); $q->addQuery('dept_id, dept_parent'); $q->addOrder('dept_parent,dept_name'); $rows = $q->loadList(); addDeptId($rows, $department); $dept_ids[] = isset($department->dept_id) ? $department->dept_id : 0; $dept_ids[] = $department > 0 ? $department : 0; } $q->clear(); // retrieve list of records // modified for speed // by Pablo Roca (pabloroca@mvps.org) // 16 August 2003 // get the list of permitted companies $obj = new CCompany(); $companies = $obj->getAllowedRecords($AppUI->user_id, 'companies.company_id,companies.company_name', 'companies.company_name'); if (count($companies) == 0) { $companies = array(); } $q->addTable('projects', 'pr'); $q->addQuery('pr.project_id, project_status, project_color_identifier, project_type, project_name, project_description, project_scheduled_hours as project_duration, project_parent, project_original_parent, project_percent_complete, project_color_identifier, project_company, company_name, project_status, project_last_task as critical_task, tp.task_log_problem, user_username, project_active'); $fields = w2p_Core_Module::getSettings('projects', 'index_list'); unset($fields['department_list']); // added as an alias below foreach ($fields as $field => $text) { $q->addQuery($field); } $q->addQuery('CONCAT(ct.contact_first_name, \' \', ct.contact_last_name) AS owner_name'); $q->addJoin('users', 'u', 'pr.project_owner = u.user_id'); $q->addJoin('contacts', 'ct', 'ct.contact_id = u.user_contact'); $q->addJoin('tasks_problems', 'tp', 'pr.project_id = tp.task_project'); if ($addProjectsWithAssignedTasks) { $q->addJoin('tasks_users', 'tu', 'pr.project_id = tu.task_project'); } if (!isset($department) && $company_id && !$addPwOiD) { $q->addWhere('pr.project_company = ' . (int) $company_id); } if ($project_type > -1) { $q->addWhere('pr.project_type = ' . (int) $project_type); } if (isset($department) && !$addPwOiD) { $q->addWhere('project_departments.department_id in ( ' . implode(',', $dept_ids) . ' )'); } if ($user_id && $addProjectsWithAssignedTasks) { $q->addWhere('(tu.user_id = ' . (int) $user_id . ' OR pr.project_owner = ' . (int) $user_id . ' )'); } elseif ($user_id) { $q->addWhere('pr.project_owner = ' . (int) $user_id); } if ($owner > 0) { $q->addWhere('pr.project_owner = ' . (int) $owner); } if (mb_trim($search_text)) { $q->addWhere('pr.project_name LIKE \'%' . $search_text . '%\' OR pr.project_description LIKE \'%' . $search_text . '%\''); } // Show Projects where the Project Owner is in the given department if ($addPwOiD && !empty($owner_ids)) { $q->addWhere('pr.project_owner IN (' . implode(',', $owner_ids) . ')'); } $orderby = 'project_company' == $orderby ? 'company_name' : $orderby; $q->addGroup('pr.project_id'); $q->addOrder($orderby . ' ' . $orderdir); $prj = new CProject(); $prj->setAllowedSQL($AppUI->user_id, $q, null, 'pr'); $dpt = new CDepartment(); $projects = $q->loadList(); // get the list of permitted companies $companies = arrayMerge(array('0' => $AppUI->_('All')), $companies); $company_array = $companies; //get list of all departments, filtered by the list of permitted companies. $q->clear(); $q->addTable('companies'); $q->addQuery('company_id, company_name, dep.*'); $q->addJoin('departments', 'dep', 'companies.company_id = dep.dept_company'); $q->addOrder('company_name,dept_parent,dept_name'); $obj->setAllowedSQL($AppUI->user_id, $q); $dpt->setAllowedSQL($AppUI->user_id, $q); $rows = $q->loadList(); //display the select list $buffer = '<select name="department" id="department" onChange="document.pickCompany.submit()" class="text" style="width: 200px;">'; $company = ''; foreach ($company_array as $key => $c_name) { $buffer .= '<option value="' . $company_prefix . $key . '" style="font-weight:bold;"' . ($company_id == $key ? 'selected="selected"' : '') . '>' . $c_name . '</option>' . "\n"; foreach ($rows as $row) { if ($row['dept_parent'] == 0) { if ($key == $row['company_id']) { if ($row['dept_parent'] != null) { findchilddept($rows, $row['dept_id']); } } } } } $buffer .= '</select>'; return $projects; }
$call_back_string = !is_null($call_back) ? "window.opener.{$call_back}('{$selected_contacts_id}');" : ""; ?> <script language="javascript"> <?php echo $call_back_string; ?> self.close(); </script> <?php } // Remove any empty elements $contacts_id = remove_invalid(explode(",", $selected_contacts_id)); $selected_contacts_id = implode(',', $contacts_id); require_once $AppUI->getModuleClass('companies'); $oCpy = new CCompany(); $aCpies = $oCpy->getAllowedRecords($AppUI->user_id, "company_id, company_name", 'company_name'); $aCpies_esc = array(); foreach ($aCpies as $key => $company) { $aCpies_esc[$key] = db_escape($company); } if ($selected_contacts_id && !$show_all && !$company_id) { $q =& new DBQuery(); $q->addTable('contacts'); $q->addQuery('DISTINCT contact_company'); $q->addWhere('contact_id IN (' . $selected_contacts_id . ')'); $where = implode(',', $q->loadColumn()); $where = "contact_company IN({$where})"; } else { if (!$company_id) { // Contacts from all allowed companies $where = "contact_company = '' OR (contact_company IN ('" . implode('\',\'', array_values($aCpies_esc)) . "')) OR ( contact_company IN ('" . implode('\',\'', array_keys($aCpies_esc)) . "'))";
$clientes = $row1->getAllowedRecords($AppUI->user_id, 'company_id, company_name, company_type', 'company_name', '', $extra); $clientes = arrayMerge(array('0' => ''), $clientes); echo arraySelect($clientes, 'project_client', 'class="text" size="1"', $row->project_client); ?> </td> </tr> <tr> <td align="right" nowrap="nowrap"><?php echo $AppUI->_('etiq_Moldista'); ?> </td> <td width="100%" colspan="2"> <?php $row2 = new CCompany(); $extra['where'] = 'company_type=3'; $moldistas = $row2->getAllowedRecords($AppUI->user_id, 'company_id, company_name, company_type', 'company_name', '', $extra); $moldistas = arrayMerge(array('0' => ''), $moldistas); echo arraySelect($moldistas, 'project_mold', 'class="text" size="1"', $row->project_mold); ?> </td> </tr> <tr> <td align="right" nowrap="nowrap"><?php echo $AppUI->_('Start Date'); ?> </td> <td nowrap="nowrap"> <input type="hidden" name="project_start_date" value="<?php echo $start_date->format(FMT_TIMESTAMP_DATE); ?> " /> <input type="text" class="text" name="start_date" id="date1" value="<?php