private function cut_max_user_permissions(Contact $user) { $admin_pg = PermissionGroups::findOne(array('conditions' => "`name`='Super Administrator'")); $all_roles_max_permissions = RoleObjectTypePermissions::getAllRoleObjectTypePermissionsInfo(); $admin_perms = $all_roles_max_permissions[$admin_pg->getId()]; $all_object_types = array(); foreach ($admin_perms as &$aperm) { $all_object_types[] = $aperm['object_type_id']; } $max_permissions = array_var($all_roles_max_permissions, $user->getUserType()); $pg_id = $user->getPermissionGroupId(); foreach ($all_object_types as $ot) { if (!$ot) { continue; } $max = array_var($max_permissions, $ot); if (!$max) { // cannot read -> delete in contact_member_permissions $sql = "DELETE FROM " . TABLE_PREFIX . "contact_member_permissions WHERE permission_group_id={$pg_id} AND object_type_id={$ot}"; DB::execute($sql); } else { // cut can_delete and can_write using max permissions $can_d = $max['can_delete'] ? "1" : "0"; $can_w = $max['can_write'] ? "1" : "0"; $sql = "UPDATE " . TABLE_PREFIX . "contact_member_permissions\r\n\t\t\t\tSET can_delete=(can_delete AND {$can_d}), can_write=(can_write AND {$can_w})\r\n\t\t\t\tWHERE permission_group_id={$pg_id} AND object_type_id={$ot}"; DB::execute($sql); } } // rebuild sharing table for permission group $pg_id $cmp_rows = DB::executeAll("SELECT * FROM " . TABLE_PREFIX . "contact_member_permissions WHERE permission_group_id={$pg_id}"); $permissions_array = array(); foreach ($cmp_rows as $row) { $p = new stdClass(); $p->m = array_var($row, 'member_id'); $p->o = array_var($row, 'object_type_id'); $p->d = array_var($row, 'can_delete'); $p->w = array_var($row, 'can_write'); $p->r = 1; $permissions[] = $p; } $sharing_table_controller = new SharingTableController(); $sharing_table_controller->after_permission_changed($pg_id, $permissions_array); }