/** * _checkUserResourcePermission * Check if user have access to all of the resources that trigger email record has defined * * We need to do this here, because currently API shuldn't be checking any user permission. * Once user permission are being used in API, we can deprecate this function * * @param Array $record Associated array of the record * @param User_API $user User API * * @return Boolean Returns TRUE if user have all permission, FALSE otherwise * * @todo deprecate this when API take account user permission */ private function _checkUserResourcePermission($record, $user) { // If admin, don't worry about evaluating permission if ($user->Admin()) { return true; } $error = false; $userLists = $user->GetLists(); $userNewsletters = $user->GetNewsletters(); // Check if user have access to particular list if ($record['triggertype'] == 'f' && isset($record['data']['listid']) && !array_key_exists($record['data']['listid'], $userLists)) { trigger_error('Does not have access to contact list', E_USER_NOTICE); $error = true; } // Check if user have access to particular newsletter specified for link if ($record['triggertype'] == 'l' && isset($record['data']['linkid_newsletterid']) && !array_key_exists($record['data']['linkid_newsletterid'], $userNewsletters)) { trigger_error('Does not have access to specified newsletter', E_USER_NOTICE); $error = true; } // Check newsletter ID defined for "Newsletter Opened" event if ($record['triggertype'] == 'n' && isset($record['data']['newsletterid']) && !array_key_exists($record['data']['newsletterid'], $userNewsletters)) { trigger_error('Does not have access to specified newsletter', E_USER_NOTICE); $error = true; } // Check if list IDs defined for static date exists if ($record['triggertype'] == 's' && isset($record['data']['staticdate_listids'])) { foreach ($record['data']['staticdate_listids'] as $each) { if (!array_key_exists($each, $userLists)) { trigger_error('Does not have access to specified list', E_USER_NOTICE); $error = true; break; } } } // ----- The following are required for "send" action if (isset($record['triggeractions']['send']) && isset($record['triggeractions']['send']['enabled']) && $record['triggeractions']['send']['enabled']) { if (isset($record['triggeractions']['send']['newsletterid']) && !array_key_exists($record['triggeractions']['send']['newsletterid'], $userNewsletters)) { trigger_error('Newsletter does not exits', E_USER_NOTICE); return false; } } // ----- // ----- The following are required for "addlist" action if (isset($record['triggeractions']['addlist']) && isset($record['triggeractions']['addlist']['enabled']) && $record['triggeractions']['addlist']['enabled']) { if (isset($record['triggeractions']['addlist']['listid'])) { foreach ($record['triggeractions']['addlist']['listid'] as $each) { if (!array_key_exists($each, $userLists)) { trigger_error('Does not have access to specified newsletter', E_USER_NOTICE); $error = true; break; } } } } // ----- return !$error; }