/**
* Gets only the recipients with at least a 'read' right
* and checks if the user has disabled/enabled the settings for saving the messages.
*
* If no recipient is given, returns an empty array.
*
* @return array Array with user IDs.
*/
public function getRecipients()
{
if (false === empty($this->_recipients)) {
return $this->_recipients;
}
$recipients = array();
if ($this->_model instanceof Phprojekt_Tree_Node_Database || $this->_model instanceof Phprojekt_Model_Interface) {
$userIds = $this->_model->getUsersRights();
if (is_array($userIds) && !empty($userIds)) {
foreach ($userIds as $right) {
if ($right['userId'] == Phprojekt_Auth::getUserId() || true === $right['none']) {
continue;
}
$recipients[] = $right['userId'];
}
}
} else {
$user = Phprojekt_Loader::getLibraryClass('Phprojekt_User_User');
$userIds = $user->fetchAll();
foreach ($userIds as $user) {
if ($user->id == Phprojekt_Auth::getUserId()) {
continue;
}
$recipients[] = $user->id;
}
}
return $this->filterRecipientsToSettings($recipients);
}
/**
* Checks that the user has permission for modifying the item, in this case for uploading or deleting files.
*
* @param Phprojekt_Model_Interface $model Current module.
* @param integer $itemId Current item id.
*
* @throws Exception On no write access.
*
* @return void
*/
private static function _checkWritePermission($model, $itemId)
{
if ($itemId != 0) {
$model->find($itemId);
}
if (!$model->hasRight(Phprojekt_Auth_Proxy::getEffectiveUserId(), Phprojekt_Acl::WRITE)) {
$error = Phprojekt::getInstance()->translate('You don\'t have permission for modifying this item.');
self::_logError("Error: trying to Delete or Upload a file without write access.", array(get_class($model), $itemId));
throw new Exception($error);
}
}
/**
* Checks that the user has permission for modifying the item, in this case for uploading or deleting files.
* If not, prints an error, terminating script execution.
*
* @param Phprojekt_Model_Interface $model Current module.
* @param integer $itemId Current item id.
*
* @return void
*/
private function _fileCheckWritePermission($model, $itemId)
{
$model->find($itemId);
$rights = $model->getRights();
if (!$rights['currentUser']['write']) {
$error = Phprojekt::getInstance()->translate('You don\'t have permission for modifying this item.');
// Log error
Phprojekt::getInstance()->getLog()->err("Error: trying to Delete or Upload a file without write access. " . "User Id: " . Phprojekt_Auth::getUserId() . " - Module: " . $this->getRequest()->getModuleName());
// Show error to user and stop script execution
die($error);
}
}
/**
* Check if the user has write access to the item if is not a global module.
*
* @param Phprojekt_Model_Interface $model The model to save.
* @param string $moduleName The current module.
*
* @return boolean False if not.
*/
private static function _checkItemRights($model, $moduleName)
{
$canWrite = false;
if ($moduleName == 'Core') {
return Phprojekt_Auth::isAdminUser();
} else {
if (Phprojekt_Module::saveTypeIsNormal(Phprojekt_Module::getId($moduleName))) {
$itemRights = $model->getRights();
if (isset($itemRights['currentUser'])) {
if (!$itemRights['currentUser']['write'] && !$itemRights['currentUser']['create'] && !$itemRights['currentUser']['copy'] && !$itemRights['currentUser']['admin']) {
$canWrite = false;
} else {
$canWrite = true;
}
}
} else {
$canWrite = true;
}
}
return $canWrite;
}
/**
* Validates a value using the database type of the field.
*
* @param Phprojekt_Model_Interface $class Model object.
* @param string $varname Name of the field.
* @param mix $value Value to validate.
*
* @return boolean True for valid.
*/
public function validateValue(Phprojekt_Model_Interface $class, $varname, $value)
{
$info = $class->info();
$varForInfo = Phprojekt_ActiveRecord_Abstract::convertVarToSql($varname);
$valid = true;
if (isset($info['metadata'][$varForInfo]) && !empty($value)) {
$type = $info['metadata'][$varForInfo]['DATA_TYPE'];
switch ($type) {
case 'int':
$valid = Cleaner::validate('integer', $value, false);
break;
case 'float':
$valid = Cleaner::validate('float', $value, false);
break;
case 'date':
$valid = Cleaner::validate('date', $value, false);
break;
case 'time':
// $valid = Cleaner::validate('timestamp', $value, false);
break;
case 'timestamp':
case 'datetime':
$valid = Cleaner::validate('timestamp', $value, false);
break;
default:
$valid = Cleaner::validate('string', $value, true);
break;
}
}
return $valid !== false;
}
/**
* Add read, write and delete access to the assigned user in an item.
*
* @param string $key The name of the user field.
* @param array $params The post values.
* @param Phprojekt_Model_Interface $model The current module to save.
* @param boolean $newItem If is new item or not.
*
* @return array Array with user IDs per access.
*/
public static function addRightsToAssignedUser($key, $params, $model, $newItem)
{
// Add rights to the Assigned user, if any
$assignedUser = isset($params[$key]) ? $params[$key] : 0;
// The assgined user is set
if ($assignedUser != 0) {
// Is an Existing item
// The logged user don't have access to the 'Access' tab
if (!$newItem && !isset($params['dataAccess'])) {
// The rights will be added to the Request Params, but also it needs to be added the
// already existing rights for users on this item. Case else, the saving routine deletes all
// other rights that the ones added for the assigned user
// Add already existing rights of the item,
// except for the new assignedUser
// except for the old assignedUser
$currentRights = $model->getUsersRights();
$rightsType = array('access', 'read', 'write', 'create', 'copy', 'delete', 'download', 'admin');
foreach ($currentRights as $userRights) {
$userId = $userRights['userId'];
if ($userId != $assignedUser && $userId != $model->{$key}) {
$params = self::addUser($params, $userId);
foreach ($rightsType as $rightName) {
if (array_key_exists($rightName, $userRights)) {
if ($userRights[$rightName] == 1) {
$rightCompleteName = 'check' . ucfirst($rightName) . 'Access';
if (!array_key_exists($rightCompleteName, $params)) {
$params[$rightCompleteName] = array();
}
$params[$rightCompleteName][$userId] = 1;
}
}
}
}
}
}
// Add the assigned user basic write rights to $params
// If is the owner, set full access
if ($model->ownerId == $assignedUser) {
$params = self::allowAll($params, $model->ownerId);
} else {
$params = self::allowReadWriteDownloadDelete($params, $assignedUser);
}
}
return $params;
}
