private function cut_max_user_permissions(Contact $user)
{
$admin_pg = PermissionGroups::findOne(array('conditions' => "`name`='Super Administrator'"));
$all_roles_max_permissions = RoleObjectTypePermissions::getAllRoleObjectTypePermissionsInfo();
$admin_perms = $all_roles_max_permissions[$admin_pg->getId()];
$all_object_types = array();
foreach ($admin_perms as &$aperm) {
$all_object_types[] = $aperm['object_type_id'];
}
$max_permissions = array_var($all_roles_max_permissions, $user->getUserType());
$pg_id = $user->getPermissionGroupId();
foreach ($all_object_types as $ot) {
if (!$ot) {
continue;
}
$max = array_var($max_permissions, $ot);
if (!$max) {
// cannot read -> delete in contact_member_permissions
$sql = "DELETE FROM " . TABLE_PREFIX . "contact_member_permissions WHERE permission_group_id={$pg_id} AND object_type_id={$ot}";
DB::execute($sql);
} else {
// cut can_delete and can_write using max permissions
$can_d = $max['can_delete'] ? "1" : "0";
$can_w = $max['can_write'] ? "1" : "0";
$sql = "UPDATE " . TABLE_PREFIX . "contact_member_permissions\r\n\t\t\t\tSET can_delete=(can_delete AND {$can_d}), can_write=(can_write AND {$can_w})\r\n\t\t\t\tWHERE permission_group_id={$pg_id} AND object_type_id={$ot}";
DB::execute($sql);
}
}
// rebuild sharing table for permission group $pg_id
$cmp_rows = DB::executeAll("SELECT * FROM " . TABLE_PREFIX . "contact_member_permissions WHERE permission_group_id={$pg_id}");
$permissions_array = array();
foreach ($cmp_rows as $row) {
$p = new stdClass();
$p->m = array_var($row, 'member_id');
$p->o = array_var($row, 'object_type_id');
$p->d = array_var($row, 'can_delete');
$p->w = array_var($row, 'can_write');
$p->r = 1;
$permissions[] = $p;
}
$sharing_table_controller = new SharingTableController();
$sharing_table_controller->after_permission_changed($pg_id, $permissions_array);
}
