/** * Gets only the recipients with at least a 'read' right * and checks if the user has disabled/enabled the settings for saving the messages. * * If no recipient is given, returns an empty array. * * @return array Array with user IDs. */ public function getRecipients() { if (false === empty($this->_recipients)) { return $this->_recipients; } $recipients = array(); if ($this->_model instanceof Phprojekt_Tree_Node_Database || $this->_model instanceof Phprojekt_Model_Interface) { $userIds = $this->_model->getUsersRights(); if (is_array($userIds) && !empty($userIds)) { foreach ($userIds as $right) { if ($right['userId'] == Phprojekt_Auth::getUserId() || true === $right['none']) { continue; } $recipients[] = $right['userId']; } } } else { $user = Phprojekt_Loader::getLibraryClass('Phprojekt_User_User'); $userIds = $user->fetchAll(); foreach ($userIds as $user) { if ($user->id == Phprojekt_Auth::getUserId()) { continue; } $recipients[] = $user->id; } } return $this->filterRecipientsToSettings($recipients); }
/** * Checks that the user has permission for modifying the item, in this case for uploading or deleting files. * * @param Phprojekt_Model_Interface $model Current module. * @param integer $itemId Current item id. * * @throws Exception On no write access. * * @return void */ private static function _checkWritePermission($model, $itemId) { if ($itemId != 0) { $model->find($itemId); } if (!$model->hasRight(Phprojekt_Auth_Proxy::getEffectiveUserId(), Phprojekt_Acl::WRITE)) { $error = Phprojekt::getInstance()->translate('You don\'t have permission for modifying this item.'); self::_logError("Error: trying to Delete or Upload a file without write access.", array(get_class($model), $itemId)); throw new Exception($error); } }
/** * Checks that the user has permission for modifying the item, in this case for uploading or deleting files. * If not, prints an error, terminating script execution. * * @param Phprojekt_Model_Interface $model Current module. * @param integer $itemId Current item id. * * @return void */ private function _fileCheckWritePermission($model, $itemId) { $model->find($itemId); $rights = $model->getRights(); if (!$rights['currentUser']['write']) { $error = Phprojekt::getInstance()->translate('You don\'t have permission for modifying this item.'); // Log error Phprojekt::getInstance()->getLog()->err("Error: trying to Delete or Upload a file without write access. " . "User Id: " . Phprojekt_Auth::getUserId() . " - Module: " . $this->getRequest()->getModuleName()); // Show error to user and stop script execution die($error); } }
/** * Check if the user has write access to the item if is not a global module. * * @param Phprojekt_Model_Interface $model The model to save. * @param string $moduleName The current module. * * @return boolean False if not. */ private static function _checkItemRights($model, $moduleName) { $canWrite = false; if ($moduleName == 'Core') { return Phprojekt_Auth::isAdminUser(); } else { if (Phprojekt_Module::saveTypeIsNormal(Phprojekt_Module::getId($moduleName))) { $itemRights = $model->getRights(); if (isset($itemRights['currentUser'])) { if (!$itemRights['currentUser']['write'] && !$itemRights['currentUser']['create'] && !$itemRights['currentUser']['copy'] && !$itemRights['currentUser']['admin']) { $canWrite = false; } else { $canWrite = true; } } } else { $canWrite = true; } } return $canWrite; }
/** * Validates a value using the database type of the field. * * @param Phprojekt_Model_Interface $class Model object. * @param string $varname Name of the field. * @param mix $value Value to validate. * * @return boolean True for valid. */ public function validateValue(Phprojekt_Model_Interface $class, $varname, $value) { $info = $class->info(); $varForInfo = Phprojekt_ActiveRecord_Abstract::convertVarToSql($varname); $valid = true; if (isset($info['metadata'][$varForInfo]) && !empty($value)) { $type = $info['metadata'][$varForInfo]['DATA_TYPE']; switch ($type) { case 'int': $valid = Cleaner::validate('integer', $value, false); break; case 'float': $valid = Cleaner::validate('float', $value, false); break; case 'date': $valid = Cleaner::validate('date', $value, false); break; case 'time': // $valid = Cleaner::validate('timestamp', $value, false); break; case 'timestamp': case 'datetime': $valid = Cleaner::validate('timestamp', $value, false); break; default: $valid = Cleaner::validate('string', $value, true); break; } } return $valid !== false; }
/** * Add read, write and delete access to the assigned user in an item. * * @param string $key The name of the user field. * @param array $params The post values. * @param Phprojekt_Model_Interface $model The current module to save. * @param boolean $newItem If is new item or not. * * @return array Array with user IDs per access. */ public static function addRightsToAssignedUser($key, $params, $model, $newItem) { // Add rights to the Assigned user, if any $assignedUser = isset($params[$key]) ? $params[$key] : 0; // The assgined user is set if ($assignedUser != 0) { // Is an Existing item // The logged user don't have access to the 'Access' tab if (!$newItem && !isset($params['dataAccess'])) { // The rights will be added to the Request Params, but also it needs to be added the // already existing rights for users on this item. Case else, the saving routine deletes all // other rights that the ones added for the assigned user // Add already existing rights of the item, // except for the new assignedUser // except for the old assignedUser $currentRights = $model->getUsersRights(); $rightsType = array('access', 'read', 'write', 'create', 'copy', 'delete', 'download', 'admin'); foreach ($currentRights as $userRights) { $userId = $userRights['userId']; if ($userId != $assignedUser && $userId != $model->{$key}) { $params = self::addUser($params, $userId); foreach ($rightsType as $rightName) { if (array_key_exists($rightName, $userRights)) { if ($userRights[$rightName] == 1) { $rightCompleteName = 'check' . ucfirst($rightName) . 'Access'; if (!array_key_exists($rightCompleteName, $params)) { $params[$rightCompleteName] = array(); } $params[$rightCompleteName][$userId] = 1; } } } } } } // Add the assigned user basic write rights to $params // If is the owner, set full access if ($model->ownerId == $assignedUser) { $params = self::allowAll($params, $model->ownerId); } else { $params = self::allowReadWriteDownloadDelete($params, $assignedUser); } } return $params; }