function delete() {
// delete system permissions
SystemPermissions::delete("`permission_group_id` = ".$this->getId());
// delete member permissions
ContactMemberPermissions::delete("`permission_group_id` = ".$this->getId());
// delte dimension permissions
ContactDimensionPermissions::delete("`permission_group_id` = ".$this->getId());
// delete contact_permission_group entries
ContactPermissionGroups::delete("`permission_group_id` = ".$this->getId());
// delete tab panel permissions
TabPanelPermissions::delete("`permission_group_id` = ".$this->getId());
parent::delete();
}
function create_user($user_data, $permissionsString, $rp_permissions_data = array(), $save_permissions = true)
{
// try to find contact by some properties
$contact_id = array_var($user_data, "contact_id");
$contact = Contacts::instance()->findById($contact_id);
if (!is_valid_email(array_var($user_data, 'email'))) {
throw new Exception(lang("email value is required"));
}
if (!$contact instanceof Contact) {
// Create a new user
$contact = new Contact();
$contact->setUsername(array_var($user_data, 'username'));
$contact->setDisplayName(array_var($user_data, 'display_name'));
$contact->setCompanyId(array_var($user_data, 'company_id'));
$contact->setUserType(array_var($user_data, 'type'));
$contact->setTimezone(array_var($user_data, 'timezone'));
$contact->setFirstname($contact->getObjectName() != "" ? $contact->getObjectName() : $contact->getUsername());
$contact->setObjectName();
$user_from_contact = false;
} else {
// Create user from contact
$contact->setUserType(array_var($user_data, 'type'));
if (array_var($user_data, 'company_id')) {
$contact->setCompanyId(array_var($user_data, 'company_id'));
}
$contact->setUsername(array_var($user_data, 'username'));
$contact->setTimezone(array_var($user_data, 'timezone'));
$user_from_contact = true;
}
$contact->save();
if (is_valid_email(array_var($user_data, 'email'))) {
$user = Contacts::getByEmail(array_var($user_data, 'email'));
if (!$user) {
$contact->addEmail(array_var($user_data, 'email'), 'personal', true);
}
}
//permissions
$additional_name = "";
$tmp_pg = PermissionGroups::findOne(array('conditions' => "`name`='User " . $contact->getId() . " Personal'"));
if ($tmp_pg instanceof PermissionGroup) {
$additional_name = "_" . gen_id();
}
$permission_group = new PermissionGroup();
$permission_group->setName('User ' . $contact->getId() . $additional_name . ' Personal');
$permission_group->setContactId($contact->getId());
$permission_group->setIsContext(false);
$permission_group->setType("permission_groups");
$permission_group->save();
$contact->setPermissionGroupId($permission_group->getId());
$null = null;
Hook::fire('on_create_user_perm_group', $permission_group, $null);
$contact_pg = new ContactPermissionGroup();
$contact_pg->setContactId($contact->getId());
$contact_pg->setPermissionGroupId($permission_group->getId());
$contact_pg->save();
if (can_manage_security(logged_user())) {
$sp = new SystemPermission();
if (!$user_from_contact) {
$rol_permissions = SystemPermissions::getRolePermissions(array_var($user_data, 'type'));
if (is_array($rol_permissions)) {
foreach ($rol_permissions as $pr) {
$sp->setPermission($pr);
}
}
}
$sp->setPermissionGroupId($permission_group->getId());
if (isset($user_data['can_manage_security'])) {
$sp->setCanManageSecurity(array_var($user_data, 'can_manage_security'));
}
if (isset($user_data['can_manage_configuration'])) {
$sp->setCanManageConfiguration(array_var($user_data, 'can_manage_configuration'));
}
if (isset($user_data['can_manage_templates'])) {
$sp->setCanManageTemplates(array_var($user_data, 'can_manage_templates'));
}
if (isset($user_data['can_manage_time'])) {
$sp->setCanManageTime(array_var($user_data, 'can_manage_time'));
}
if (isset($user_data['can_add_mail_accounts'])) {
$sp->setCanAddMailAccounts(array_var($user_data, 'can_add_mail_accounts'));
}
if (isset($user_data['can_manage_dimensions'])) {
$sp->setCanManageDimensions(array_var($user_data, 'can_manage_dimensions'));
}
if (isset($user_data['can_manage_dimension_members'])) {
$sp->setCanManageDimensionMembers(array_var($user_data, 'can_manage_dimension_members'));
}
if (isset($user_data['can_manage_tasks'])) {
$sp->setCanManageTasks(array_var($user_data, 'can_manage_tasks'));
}
if (isset($user_data['can_task_assignee'])) {
$sp->setCanTasksAssignee(array_var($user_data, 'can_task_assignee'));
}
if (isset($user_data['can_manage_billing'])) {
$sp->setCanManageBilling(array_var($user_data, 'can_manage_billing'));
}
if (isset($user_data['can_view_billing'])) {
$sp->setCanViewBilling(array_var($user_data, 'can_view_billing'));
}
if (isset($user_data['can_see_assigned_to_other_tasks'])) {
$sp->setColumnValue('can_see_assigned_to_other_tasks', array_var($user_data, 'can_see_assigned_to_other_tasks'));
}
Hook::fire('add_user_permissions', $sp, $other_permissions);
if (!is_null($other_permissions) && is_array($other_permissions)) {
foreach ($other_permissions as $k => $v) {
$sp->setColumnValue($k, array_var($user_data, $k));
}
}
$sp->save();
$permissions_sent = array_var($_POST, 'manual_permissions_setted') == 1;
// give permissions for user if user type defined in "give_member_permissions_to_new_users" config option
$allowed_user_type_ids = config_option('give_member_permissions_to_new_users');
if ($contact->isAdministrator() || !$permissions_sent && in_array($contact->getUserType(), $allowed_user_type_ids)) {
ini_set('memory_limit', '512M');
$permissions = array();
$default_permissions = RoleObjectTypePermissions::instance()->findAll(array('conditions' => 'role_id = ' . $contact->getUserType()));
$dimensions = Dimensions::findAll();
foreach ($dimensions as $dimension) {
if ($dimension->getDefinesPermissions()) {
$cdp = ContactDimensionPermissions::findOne(array("conditions" => "`permission_group_id` = " . $contact->getPermissionGroupId() . " AND `dimension_id` = " . $dimension->getId()));
if (!$cdp instanceof ContactDimensionPermission) {
$cdp = new ContactDimensionPermission();
$cdp->setPermissionGroupId($contact->getPermissionGroupId());
$cdp->setContactDimensionId($dimension->getId());
}
$cdp->setPermissionType('check');
$cdp->save();
// contact member permisssion entries
$members = DB::executeAll('SELECT * FROM ' . TABLE_PREFIX . 'members WHERE dimension_id=' . $dimension->getId());
foreach ($members as $member) {
foreach ($default_permissions as $p) {
// Add persmissions to sharing table
$perm = new stdClass();
$perm->m = $member['id'];
$perm->r = 1;
$perm->w = $p->getCanWrite();
$perm->d = $p->getCanDelete();
$perm->o = $p->getObjectTypeId();
$permissions[] = $perm;
}
}
}
}
$_POST['permissions'] = json_encode($permissions);
} else {
if ($permissions_sent) {
$_POST['permissions'] = $permissionsString;
} else {
$_POST['permissions'] = "";
}
}
if (config_option('let_users_create_objects_in_root') && ($contact->isAdminGroup() || $contact->isExecutive() || $contact->isManager())) {
if ($permissions_sent) {
foreach ($rp_permissions_data as $name => $value) {
$ot_id = substr($name, strrpos($name, '_') + 1);
$cmp = new ContactMemberPermission();
$cmp->setPermissionGroupId($permission_group->getId());
$cmp->setMemberId(0);
$cmp->setObjectTypeId($ot_id);
$cmp->setCanDelete($value >= 3);
$cmp->setCanWrite($value >= 2);
$cmp->save();
}
} else {
$default_permissions = RoleObjectTypePermissions::instance()->findAll(array('conditions' => 'role_id = ' . $contact->getUserType()));
foreach ($default_permissions as $p) {
$cmp = new ContactMemberPermission();
$cmp->setPermissionGroupId($permission_group->getId());
$cmp->setMemberId(0);
$cmp->setObjectTypeId($p->getObjectTypeId());
$cmp->setCanDelete($p->getCanDelete());
$cmp->setCanWrite($p->getCanWrite());
$cmp->save();
}
}
}
}
if (!isset($_POST['sys_perm']) && !$user_from_contact) {
$rol_permissions = SystemPermissions::getRolePermissions(array_var($user_data, 'type'));
$_POST['sys_perm'] = array();
if (is_array($rol_permissions)) {
foreach ($rol_permissions as $pr) {
$_POST['sys_perm'][$pr] = 1;
}
}
}
if (!isset($_POST['mod_perm']) && !$user_from_contact) {
$tabs_permissions = TabPanelPermissions::getRoleModules(array_var($user_data, 'type'));
$_POST['mod_perm'] = array();
foreach ($tabs_permissions as $pr) {
$_POST['mod_perm'][$pr] = 1;
}
}
$password = '';
if (array_var($user_data, 'password_generator') == 'specify') {
$perform_password_validation = true;
// Validate input
$password = array_var($user_data, 'password');
if (trim($password) == '') {
throw new Error(lang('password value required'));
}
// if
if ($password != array_var($user_data, 'password_a')) {
throw new Error(lang('passwords dont match'));
}
// if
} else {
$user_data['password_generator'] = 'link';
$perform_password_validation = false;
}
$contact->setPassword($password);
$contact->save();
$user_password = new ContactPassword();
$user_password->setContactId($contact->getId());
$user_password->setPasswordDate(DateTimeValueLib::now());
$user_password->setPassword(cp_encrypt($password, $user_password->getPasswordDate()->getTimestamp()));
$user_password->password_temp = $password;
$user_password->perform_validation = $perform_password_validation;
$user_password->save();
if (array_var($user_data, 'autodetect_time_zone', 1) == 1) {
set_user_config_option('autodetect_time_zone', 1, $contact->getId());
}
/* create contact for this user*/
ApplicationLogs::createLog($contact, ApplicationLogs::ACTION_ADD);
// Set role permissions for active members
$active_context = active_context();
$sel_members = array();
if (is_array($active_context) && !$permissions_sent) {
$tmp_perms = array();
if ($_POST['permissions'] != "") {
$tmp_perms = json_decode($_POST['permissions']);
}
foreach ($active_context as $selection) {
if ($selection instanceof Member) {
$sel_members[] = $selection;
$has_project_permissions = ContactMemberPermissions::instance()->count("permission_group_id = '" . $contact->getPermissionGroupId() . "' AND member_id = " . $selection->getId()) > 0;
if (!$has_project_permissions) {
$new_cmps = RoleObjectTypePermissions::createDefaultUserPermissions($contact, $selection);
foreach ($new_cmps as $new_cmp) {
$perm = new stdClass();
$perm->m = $new_cmp->getMemberId();
$perm->r = 1;
$perm->w = $new_cmp->getCanWrite();
$perm->d = $new_cmp->getCanDelete();
$perm->o = $new_cmp->getObjectTypeId();
$tmp_perms[] = $perm;
}
}
}
}
if (count($tmp_perms) > 0) {
$_POST['permissions'] = json_encode($tmp_perms);
}
}
if ($save_permissions) {
//save_permissions($contact->getPermissionGroupId(), $contact->isGuest());
save_user_permissions_background(logged_user(), $contact->getPermissionGroupId(), $contact->isGuest());
}
Hook::fire('after_user_add', $contact, $null);
// add user content object to associated members
if (count($sel_members) > 0) {
ObjectMembers::addObjectToMembers($contact->getId(), $sel_members);
$contact->addToSharingTable();
}
return $contact;
}
}
// if
$otherInvitationsTable = '';
if (!$event->isNew()) {
$otherInvitations = EventInvitations::findAll(array('conditions' => 'event_id = ' . $event->getId()));
if (isset($otherInvitations) && is_array($otherInvitations)) {
$otherInvitationsTable .= '<div class="coInputMainBlock adminMainBlock" style="width:70%;">';
$otherInvitationsTable .= '<table style="width:100%;"><col width="50%" /><col width="50%" />';
$otherInvitationsTable .= '<tr><th><b>' . lang('name') . '</b></th><th><b>' . lang('participate') . '</b></th></tr>';
$isAlt = false;
$cant = 0;
foreach ($otherInvitations as $inv) {
$inv_user = Contacts::findById($inv->getContactId());
if ($inv_user instanceof Contact) {
if (can_access($inv_user, $event->getMembers(), ProjectEvents::instance()->getObjectTypeId(), ACCESS_LEVEL_READ)) {
if (!SystemPermissions::userHasSystemPermission(logged_user(), 'can_update_other_users_invitations')) {
// only show status
$state_desc = lang('pending response');
if ($inv->getInvitationState() == 1) {
$state_desc = lang('yes');
} else {
if ($inv->getInvitationState() == 2) {
$state_desc = lang('no');
} else {
if ($inv->getInvitationState() == 3) {
$state_desc = lang('maybe');
}
}
}
$otherInvitationsTable .= '<tr' . ($isAlt ? ' class="altRow"' : '') . '><td>' . clean($inv_user->getObjectName()) . '</td><td>' . $state_desc . '</td></tr>';
} else {
function core_dimensions_update_8_9()
{
$mail_ot = ObjectTypes::findByName('mail');
$users = Contacts::getAllUsers();
foreach ($users as $user) {
/* @var $user Contact */
if ($user->isAdminGroup()) {
continue;
}
$role_id = $user->getUserType();
$sys_perm = SystemPermissions::findOne(array('conditions' => 'permission_group_id=' . $user->getPermissionGroupId()));
// check max system permissions
$max_role_system_permissions = MaxSystemPermissions::findOne(array('conditions' => 'permission_group_id = ' . $role_id));
if ($max_role_system_permissions instanceof MaxSystemPermission) {
$sys_perm_cols = get_table_columns(TABLE_PREFIX . "system_permissions");
foreach ($sys_perm_cols as $col) {
$max_val = $max_role_system_permissions->getColumnValue($col);
if (!$max_val) {
$sys_perm->setColumnValue($col, 0);
}
}
$sys_perm->save();
}
// don't allow to write emails for collaborators and guests
$user_type_name = $user->getUserTypeName();
if (!in_array($user_type_name, array('Super Administrator', 'Administrator', 'Manager', 'Executive'))) {
if ($mail_ot instanceof ObjectType) {
DB::executeAll("UPDATE " . TABLE_PREFIX . "contact_member_permissions SET can_write=0, can_delete=0 WHERE object_type_id=" . $mail_ot->getId() . " AND permission_group_id=" . $user->getPermissionGroupId());
}
}
}
}
static function getOverdueAndUpcomingObjects($limit = null) {
$conditions_tasks = " AND is_template = 0 AND `e`.`completed_by_id` = 0 AND `e`.`due_date` > 0";
$conditions_milestones = " AND is_template = 0 AND `e`.`completed_by_id` = 0 AND `e`.`due_date` > 0";
if (!SystemPermissions::userHasSystemPermission(logged_user(), 'can_see_assigned_to_other_tasks')) {
$conditions_tasks .= " AND assigned_to_contact_id = ".logged_user()->getId();
}
$tasks_result = self::instance()->listing(array(
"limit" => $limit,
"extra_conditions" => $conditions_tasks,
"order"=> array('due_date', 'priority'),
"order_dir" => "ASC"
));
$tasks = $tasks_result->objects;
$milestones_result = ProjectMilestones::instance()->listing(array(
"limit" => $limit,
"extra_conditions" => $conditions_milestones,
"order" => array('due_date'),
"order_dir" => "ASC"
));
$milestones = $milestones_result->objects;
$ordered = array();
foreach ($tasks as $task) { /* @var $task ProjectTask */
if (!$task->isCompleted() && $task->getDueDate() instanceof DateTimeValue ) {
if (!isset($ordered[$task->getDueDate()->getTimestamp()])){
$ordered[$task->getDueDate()->getTimestamp()] = array();
}
$ordered[$task->getDueDate()->getTimestamp()][] = $task;
}
}
foreach ($milestones as $milestone) {
if (!isset($ordered[$milestone->getDueDate()->getTimestamp()])) {
$ordered[$milestone->getDueDate()->getTimestamp()] = array();
}
$ordered[$milestone->getDueDate()->getTimestamp()][] = $milestone;
}
ksort($ordered, SORT_NUMERIC);
$ordered_flat = array();
foreach ($ordered as $k => $values) {
foreach ($values as $v) $ordered_flat[] = $v;
}
return $ordered_flat;
}
function do_delete()
{
$id = $this->getId();
ContactAddresses::instance()->delete("`contact_id` = {$id}");
ContactImValues::instance()->delete("`contact_id` = {$id}");
ContactEmails::instance()->delete("`contact_id` = {$id}");
ContactTelephones::instance()->delete("`contact_id` = {$id}");
ContactWebpages::instance()->delete("`contact_id` = {$id}");
ContactConfigOptionValues::instance()->delete("`contact_id` = {$id}");
ContactPasswords::instance()->delete("`contact_id` = {$id}");
ObjectSubscriptions::instance()->delete("`contact_id` = {$id}");
ObjectReminders::instance()->delete("`contact_id` = {$id}");
ContactPermissionGroups::instance()->delete("`contact_id` = {$id}");
ContactMemberPermissions::instance()->delete("`permission_group_id` = " . $this->getPermissionGroupId());
ContactDimensionPermissions::instance()->delete("`permission_group_id` = " . $this->getPermissionGroupId());
SystemPermissions::instance()->delete("`permission_group_id` = " . $this->getPermissionGroupId());
TabPanelPermissions::instance()->delete("`permission_group_id` = " . $this->getPermissionGroupId());
$this->delete();
$ret = null;
Hook::fire("after_user_deleted", $this, $ret);
}
private function get_tasks_request_conditions()
{
// get query parameters, save user preferences if necessary
$status = array_var($_REQUEST, 'status', null);
if (is_null($status) || $status == '') {
$status = user_config_option('task panel status', 2);
} else {
if (user_config_option('task panel status') != $status) {
set_user_config_option('task panel status', $status, logged_user()->getId());
}
}
$previous_filter = user_config_option('task panel filter', 'no_filter');
$filter_from_date = getDateValue(array_var($_REQUEST, 'from_date'));
if ($filter_from_date instanceof DateTimeValue) {
$copFromDate = $filter_from_date;
$filter_from_date = $filter_from_date->toMySQL();
}
$tasks_from_date = '';
$filter_to_date = getDateValue(array_var($_REQUEST, 'to_date'));
if ($filter_to_date instanceof DateTimeValue) {
$copToDate = $filter_to_date;
$filter_to_date = $filter_to_date->toMySQL();
}
$tasks_to_date = '';
if (user_config_option('tasksDateStart') != $filter_from_date) {
if ($filter_from_date != '0000-00-00 00:00:00' || array_var($_REQUEST, 'resetDateStart')) {
set_user_config_option('tasksDateStart', $copFromDate, logged_user()->getId());
} else {
$filter_from_date = user_config_option('tasksDateStart');
}
}
if (user_config_option('tasksDateEnd') != $filter_to_date) {
if ($filter_to_date != '0000-00-00 00:00:00' || array_var($_REQUEST, 'resetDateEnd')) {
set_user_config_option('tasksDateEnd', $copToDate, logged_user()->getId());
} else {
$filter_to_date = user_config_option('tasksDateEnd');
}
}
if ($filter_from_date != '0000-00-00 00:00:00' || $filter_to_date != '0000-00-00 00:00:00') {
if ($filter_from_date != '0000-00-00 00:00:00') {
$dateFrom = DateTimeValueLib::dateFromFormatAndString(DATE_MYSQL, $filter_from_date);
$dateFrom->advance(logged_user()->getTimezone() * -3600);
$dateFrom = $dateFrom->toMySQL();
}
if ($filter_to_date != '0000-00-00 00:00:00') {
$dateTo = DateTimeValueLib::dateFromFormatAndString(DATE_MYSQL, $filter_to_date);
$dateTo->setHour(23);
$dateTo->setMinute(59);
$dateTo->setSecond(59);
$dateTo->advance(logged_user()->getTimezone() * -3600);
$dateTo = $dateTo->toMySQL();
}
if ($filter_from_date != '0000-00-00 00:00:00' && $filter_to_date != '0000-00-00 00:00:00') {
$tasks_from_date = " AND (((`start_date` BETWEEN '" . $dateFrom . "' AND '" . $dateTo . "') AND `start_date` != " . DB::escape(EMPTY_DATETIME) . ") OR ((`due_date` BETWEEN '" . $dateFrom . "' AND '" . $dateTo . "') AND `due_date` != " . DB::escape(EMPTY_DATETIME) . "))";
} elseif ($filter_from_date != '0000-00-00 00:00:00') {
$tasks_from_date = " AND (`start_date` > '" . $dateFrom . "' OR `due_date` > '" . $dateFrom . "') ";
} else {
$tasks_from_date = "AND ((`start_date` < '" . $dateTo . "' AND `start_date` != " . DB::escape(EMPTY_DATETIME) . ") OR (`due_date` < '" . $dateTo . "' AND `due_date` != " . DB::escape(EMPTY_DATETIME) . "))";
}
} else {
$tasks_from_date = "";
}
$filter = array_var($_REQUEST, 'filter');
if (is_null($filter) || $filter == '') {
$filter = $previous_filter;
} else {
if ($previous_filter != $filter) {
set_user_config_option('task panel filter', $filter, logged_user()->getId());
}
}
if ($filter != 'no_filter') {
$filter_value = array_var($_REQUEST, 'fval');
if (is_null($filter_value) || $filter_value == '') {
$filter_value = user_config_option('task panel filter value', null, logged_user()->getId());
set_user_config_option('task panel filter value', $filter_value, logged_user()->getId());
$filter = $previous_filter;
set_user_config_option('task panel filter', $filter, logged_user()->getId());
} else {
if (user_config_option('task panel filter value') != $filter_value) {
set_user_config_option('task panel filter value', $filter_value, logged_user()->getId());
}
}
}
/* $isJson = array_var($_GET,'isJson',false);
if ($isJson) ajx_current("empty");
*/
$template_condition = "`e`.`is_template` = 0 ";
//Get the task query conditions
$task_filter_condition = "";
switch ($filter) {
case 'assigned_to':
$assigned_to = $filter_value;
if ($assigned_to > 0) {
$task_filter_condition = " AND (`assigned_to_contact_id` = " . $assigned_to . ") ";
} else {
if ($assigned_to == -1) {
$task_filter_condition = " AND `assigned_to_contact_id` = 0";
}
}
break;
case 'assigned_by':
if ($filter_value != 0) {
$task_filter_condition = " AND `assigned_by_id` = " . $filter_value . " ";
}
break;
case 'created_by':
if ($filter_value != 0) {
$task_filter_condition = " AND `created_by_id` = " . $filter_value . " ";
}
break;
case 'completed_by':
if ($filter_value != 0) {
$task_filter_condition = " AND `completed_by_id` = " . $filter_value . " ";
}
break;
case 'milestone':
$task_filter_condition = " AND `milestone_id` = " . $filter_value . " ";
break;
case 'priority':
$task_filter_condition = " AND `priority` = " . $filter_value . " ";
break;
case 'subtype':
if ($filter_value != 0) {
$task_filter_condition = " AND `object_subtype` = " . $filter_value . " ";
}
break;
case 'subscribed_to':
if ($filter_value > 0) {
$res20 = DB::execute("SELECT object_id FROM " . TABLE_PREFIX . "object_subscriptions WHERE `contact_id` = " . $filter_value);
$subs_rows = $res20->fetchAll($res20);
$subs = array();
if (count($subs_rows) > 0) {
foreach ($subs_rows as $row) {
$subs[] = $row['object_id'];
}
unset($res20, $subs_rows, $row);
if (count($subs) > 0) {
$task_filter_condition = " AND `e`.`completed_on` = " . DB::escape(EMPTY_DATETIME) . " AND `o`.`id` IN(" . implode(',', $subs) . ")";
}
} else {
$task_filter_condition = " AND `e`.`completed_on` = " . DB::escape(EMPTY_DATETIME) . " AND `o`.`id` = -1";
}
}
break;
case 'no_filter':
$task_filter_condition = "";
break;
default:
flash_error(lang('task filter criteria not recognised', $filter));
}
$task_status_condition = "";
$now_date = DateTimeValueLib::now();
$now_date->advance(logged_user()->getTimezone() * 3600);
$now = $now_date->format('Y-m-d 00:00:00');
$now_end = $now_date->format('Y-m-d 23:59:59');
switch ($status) {
case 0:
// Incomplete tasks
$task_status_condition = " AND `e`.`completed_on` = " . DB::escape(EMPTY_DATETIME);
break;
case 1:
// Complete tasks
$task_status_condition = " AND `e`.`completed_on` > " . DB::escape(EMPTY_DATETIME);
break;
case 10:
// Active tasks
$task_status_condition = " AND (SELECT COUNT(ts.object_id) FROM " . TABLE_PREFIX . "timeslots ts WHERE ts.rel_object_id=o.id AND ts.end_time = '" . EMPTY_DATETIME . "') > 0";
break;
case 11:
// Overdue tasks
$task_status_condition = " AND `e`.`completed_on` = " . DB::escape(EMPTY_DATETIME) . " AND `e`.`due_date` < '{$now}'";
break;
case 12:
// Today tasks
$task_status_condition = " AND `e`.`completed_on` = " . DB::escape(EMPTY_DATETIME) . " AND `e`.`due_date` >= '{$now}' AND `e`.`due_date` <= '{$now_end}'";
break;
case 13:
// Today + Overdue tasks
$task_status_condition = " AND `e`.`completed_on` = " . DB::escape(EMPTY_DATETIME) . " AND `e`.`due_date` <= '{$now_end}'";
break;
case 20:
// Actives task by current user
$task_status_condition = " AND `e`.`completed_on` = " . DB::escape(EMPTY_DATETIME) . " AND `e`.`start_date` <= '{$now}' AND `e`.`assigned_to_contact_id` = " . logged_user()->getId();
break;
case 21:
// Subscribed tasks by current user
$res20 = DB::execute("SELECT object_id FROM " . TABLE_PREFIX . "object_subscriptions WHERE `contact_id` = " . logged_user()->getId());
$subs_rows = $res20->fetchAll($res20);
foreach ($subs_rows as $row) {
$subs[] = $row['object_id'];
}
unset($res20, $subs_rows, $row);
$task_status_condition = " AND `e`.`completed_on` = " . DB::escape(EMPTY_DATETIME) . " AND `o`.`id` IN(" . implode(',', $subs) . ")";
break;
case 2:
// All tasks
break;
default:
throw new Exception('Task status "' . $status . '" not recognised');
}
$task_assignment_conditions = "";
if (!SystemPermissions::userHasSystemPermission(logged_user(), 'can_see_assigned_to_other_tasks')) {
$task_assignment_conditions = " AND assigned_to_contact_id = " . logged_user()->getId();
}
$conditions = "AND {$template_condition} {$task_filter_condition} {$task_status_condition} {$task_assignment_conditions} {$tasks_from_date}";
$data = array();
$data['conditions'] = $conditions;
$data['filterValue'] = isset($filter_value) ? $filter_value : '';
$data['filter'] = $filter;
$data['status'] = $status;
$data['limit'] = array_var($_REQUEST, 'limit', user_config_option('task_display_limit', 999));
return $data;
}
static function getLastActivities() {
$members = active_context_members(false); // Context Members Ids
$options = explode(",",user_config_option("filters_dashboard",null,null,true));
$extra_conditions = "action <> 'login' AND action <> 'logout' AND action <> 'subscribe' ";
if($options[1] == 0){//do not show timeslots
$extra_conditions .= "AND action <> 'open' AND action <> 'close' AND ((action <> 'add' OR action <> 'edit' OR action <> 'delete') AND object_name NOT LIKE 'Time%')";
}
// task assignment conditions
if (!SystemPermissions::userHasSystemPermission(logged_user(), 'can_see_assigned_to_other_tasks')) {
$extra_conditions .= " AND IF((SELECT o.object_type_id FROM ".TABLE_PREFIX."objects o WHERE o.id=rel_object_id)=(SELECT ot.id FROM ".TABLE_PREFIX."object_types ot WHERE ot.name='task'),
(SELECT t.assigned_to_contact_id FROM ".TABLE_PREFIX."project_tasks t WHERE t.object_id=rel_object_id) = ".logged_user()->getId().",
true)";
}
$members_sql = "";
if(count($members) > 0){
$object_ids_rows = DB::executeAll("SELECT object_id FROM " . TABLE_PREFIX . "object_members om
WHERE member_id IN (" . implode ( ',', $members ) . ")
GROUP BY object_id HAVING count(member_id) = ".count($members)."");
$object_ids = implode(',', array_flat($object_ids_rows));
if ($object_ids == "") $object_ids = "0";
$members_sql = "rel_object_id IN ($object_ids)";
}
$permissions_sql = "AND rel_object_id IN (
SELECT object_id FROM ".TABLE_PREFIX."sharing_table
WHERE group_id IN (SELECT permission_group_id FROM ".TABLE_PREFIX."contact_permission_groups WHERE contact_id = ".logged_user()->getId().")
)";
$condition = ($members_sql != "" ? $members_sql . " AND " : "") . $extra_conditions . $permissions_sql;
return ApplicationLogs::findAll(array(
"condition" => $condition,
"order" => "created_on DESC",
"limit" => "100"
));
}
function add_timeslot()
{
$object_id = array_var($_REQUEST, "object_id", false);
ajx_current("empty");
$timeslot_data = array_var($_POST, 'timeslot');
if ($object_id) {
$object = Objects::findObject($object_id);
if (!$object instanceof ContentDataObject || !$object->canAddTimeslot(logged_user())) {
flash_error(lang('no access permissions'));
ajx_current("empty");
return;
}
$member_ids = $object->getMemberIds();
} else {
$member_ids = json_decode(array_var($_POST, 'members', array()));
// clean member_ids
$tmp_mids = array();
foreach ($member_ids as $mid) {
if (!is_null($mid) && trim($mid) != "") {
$tmp_mids[] = $mid;
}
}
$member_ids = $tmp_mids;
if (empty($member_ids)) {
if (!can_add(logged_user(), active_context(), Timeslots::instance()->getObjectTypeId())) {
flash_error(lang('no access permissions'));
ajx_current("empty");
return;
}
} else {
if (count($member_ids) > 0) {
$enteredMembers = Members::findAll(array('conditions' => 'id IN (' . implode(",", $member_ids) . ')'));
} else {
$enteredMembers = array();
}
if (!can_add(logged_user(), $enteredMembers, Timeslots::instance()->getObjectTypeId())) {
flash_error(lang('no access permissions'));
ajx_current("empty");
return;
}
}
$object_id = 0;
}
try {
$hoursToAdd = array_var($timeslot_data, 'hours', 0);
$minutes = array_var($timeslot_data, 'minutes', 0);
if (strpos($hoursToAdd, ',') && !strpos($hoursToAdd, '.')) {
$hoursToAdd = str_replace(',', '.', $hoursToAdd);
}
if (strpos($hoursToAdd, ':') && !strpos($hoursToAdd, '.')) {
$pos = strpos($hoursToAdd, ':') + 1;
$len = strlen($hoursToAdd) - $pos;
$minutesToAdd = substr($hoursToAdd, $pos, $len);
if (!strlen($minutesToAdd) <= 2 || !strlen($minutesToAdd) > 0) {
$minutesToAdd = substr($minutesToAdd, 0, 2);
}
$mins = $minutesToAdd / 60;
$hours = substr($hoursToAdd, 0, $pos - 1);
$hoursToAdd = $hours + $mins;
}
if ($minutes) {
$min = str_replace('.', '', $minutes / 6);
$hoursToAdd = $hoursToAdd + ("0." . $min);
}
if ($hoursToAdd <= 0) {
flash_error(lang('time has to be greater than 0'));
return;
}
$startTime = getDateValue(array_var($timeslot_data, 'date'));
$startTime = $startTime->add('h', 8 - logged_user()->getTimezone());
$endTime = getDateValue(array_var($timeslot_data, 'date'));
$endTime = $endTime->add('h', 8 - logged_user()->getTimezone() + $hoursToAdd);
//use current time
if (array_var($_REQUEST, "use_current_time", false)) {
$currentStartTime = DateTimeValueLib::now();
$currentEndTime = DateTimeValueLib::now();
$currentStartTime = $currentStartTime->add('h', -$hoursToAdd);
$startTime->setHour($currentStartTime->getHour());
$startTime->setMinute($currentStartTime->getMinute());
$endTime->setHour($currentEndTime->getHour());
$endTime->setMinute($currentEndTime->getMinute());
}
$timeslot_data['start_time'] = $startTime;
$timeslot_data['end_time'] = $endTime;
$timeslot_data['description'] = html_to_text($timeslot_data['description']);
$timeslot_data['name'] = $timeslot_data['description'];
$timeslot_data['rel_object_id'] = $object_id;
//array_var($timeslot_data,'project_id');
$timeslot = new Timeslot();
//Only admins can change timeslot user
if (!array_var($timeslot_data, 'contact_id', false) || !SystemPermissions::userHasSystemPermission(logged_user(), 'can_manage_time')) {
$timeslot_data['contact_id'] = logged_user()->getId();
}
$timeslot->setFromAttributes($timeslot_data);
$user = Contacts::findById($timeslot_data['contact_id']);
$billing_category_id = $user->getDefaultBillingId();
$bc = BillingCategories::findById($billing_category_id);
if ($bc instanceof BillingCategory) {
$timeslot->setBillingId($billing_category_id);
$hourly_billing = $bc->getDefaultValue();
$timeslot->setHourlyBilling($hourly_billing);
$timeslot->setFixedBilling($hourly_billing * $hoursToAdd);
$timeslot->setIsFixedBilling(false);
}
DB::beginWork();
$timeslot->save();
$task = ProjectTasks::findById($object_id);
if ($task instanceof ProjectTask) {
$task->calculatePercentComplete();
}
if (!isset($member_ids) || !is_array($member_ids) || count($member_ids) == 0) {
$member_ids = json_decode(array_var($_POST, 'members'));
}
$object_controller = new ObjectController();
$object_controller->add_to_members($timeslot, $member_ids);
DB::commit();
ApplicationLogs::createLog($timeslot, ApplicationLogs::ACTION_ADD);
$show_billing = can_manage_billing(logged_user());
ajx_extra_data(array("timeslot" => $timeslot->getArrayInfo($show_billing), "real_obj_id" => $timeslot->getRelObjectId()));
} catch (Exception $e) {
DB::rollback();
flash_error($e->getMessage());
}
// try
}
function add_timeslot(){
if (!can_add(logged_user(), active_context(), Timeslots::instance()->getObjectTypeId())) {
flash_error(lang('no access permissions'));
ajx_current("empty");
return;
}
ajx_current("empty");
$timeslot_data = array_var($_POST, 'timeslot');
try {
$hoursToAdd = array_var($timeslot_data, 'hours',0);
$minutes = array_var($timeslot_data, 'minutes',0);
if (strpos($hoursToAdd,',') && !strpos($hoursToAdd,'.'))
$hoursToAdd = str_replace(',','.',$hoursToAdd);
if (strpos($hoursToAdd,':') && !strpos($hoursToAdd,'.')) {
$pos = strpos($hoursToAdd,':') + 1;
$len = strlen($hoursToAdd) - $pos;
$minutesToAdd = substr($hoursToAdd,$pos,$len);
if( !strlen($minutesToAdd)<=2 || !strlen($minutesToAdd)>0){
$minutesToAdd = substr($minutesToAdd,0,2);
}
$mins = $minutesToAdd / 60;
$hours = substr($hoursToAdd, 0, $pos-1);
$hoursToAdd = $hours + $mins;
}
if($minutes){
$min = str_replace('.','',($minutes/6));
$hoursToAdd = $hoursToAdd + ("0.".$min);
}
if ($hoursToAdd <= 0){
flash_error(lang('time has to be greater than 0'));
return;
}
$startTime = getDateValue(array_var($timeslot_data, 'date'));
$startTime = $startTime->add('h', 8 - logged_user()->getTimezone());
$endTime = getDateValue(array_var($timeslot_data, 'date'));
$endTime = $endTime->add('h', 8 - logged_user()->getTimezone() + $hoursToAdd);
$timeslot_data['start_time'] = $startTime;
$timeslot_data['end_time'] = $endTime;
$timeslot_data['name'] = $timeslot_data['description'];
$timeslot_data['object_id'] = 0;//array_var($timeslot_data,'project_id');
$timeslot = new Timeslot();
//Only admins can change timeslot user
if (!array_var($timeslot_data, 'contact_id', false) || !SystemPermissions::userHasSystemPermission(logged_user(), 'can_manage_time')) {
$timeslot_data['contact_id'] = logged_user()->getId();
}
$timeslot->setFromAttributes($timeslot_data);
$user = Contacts::findById($timeslot_data['contact_id']);
$billing_category_id = $user->getDefaultBillingId();
$bc = BillingCategories::findById($billing_category_id);
if ($bc instanceof BillingCategory) {
$timeslot->setBillingId($billing_category_id);
$hourly_billing = $bc->getDefaultValue();
$timeslot->setHourlyBilling($hourly_billing);
$timeslot->setFixedBilling($hourly_billing * $hoursToAdd);
$timeslot->setIsFixedBilling(false);
}
DB::beginWork();
$timeslot->save();
$member_ids = json_decode(array_var($_POST, 'members'));
$object_controller = new ObjectController();
$object_controller->add_to_members($timeslot, $member_ids);
ApplicationLogs::createLog($timeslot, ApplicationLogs::ACTION_ADD);
DB::commit();
$show_billing = can_manage_billing(logged_user());
ajx_extra_data(array("timeslot" => $timeslot->getArrayInfo($show_billing)));
} catch(Exception $e) {
DB::rollback();
flash_error($e->getMessage());
} // try
}
function save_permissions($pg_id, $is_guest = false)
{
$sys_permissions_data = array_var($_POST, 'sys_perm');
$changed_members = array();
//module permissions
$mod_permissions_data = array_var($_POST, 'mod_perm');
TabPanelPermissions::clearByPermissionGroup($pg_id);
if (!is_null($mod_permissions_data) && is_array($mod_permissions_data)) {
foreach ($mod_permissions_data as $tab_id => $val) {
$tpp = new TabPanelPermission();
$tpp->setPermissionGroupId($pg_id);
$tpp->setTabPanelId($tab_id);
$tpp->save();
}
}
//system permissions
$system_permissions = SystemPermissions::findById($pg_id);
if (!$system_permissions instanceof SystemPermission) {
$system_permissions = new SystemPermission();
$system_permissions->setPermissionGroupId($pg_id);
}
$system_permissions->setAllPermissions(false);
$other_permissions = array();
Hook::fire('add_user_permissions', $pg_id, $other_permissions);
foreach ($other_permissions as $k => $v) {
$system_permissions->setColumnValue($k, false);
}
$sys_permissions_data['can_task_assignee'] = !$is_guest;
$system_permissions->setFromAttributes($sys_permissions_data);
$system_permissions->save();
//member permissions
$permissionsString = array_var($_POST, 'permissions');
if ($permissionsString && $permissionsString != '') {
$permissions = json_decode($permissionsString);
}
if (isset($permissions) && !is_null($permissions) && is_array($permissions)) {
$allowed_members_ids = array();
foreach ($permissions as $perm) {
if (!isset($all_perm_deleted[$perm->m])) {
$all_perm_deleted[$perm->m] = true;
}
$allowed_members_ids[$perm->m] = array();
$allowed_members_ids[$perm->m]['pg'] = $pg_id;
$cmp = ContactMemberPermissions::findById(array('permission_group_id' => $pg_id, 'member_id' => $perm->m, 'object_type_id' => $perm->o));
if (!$cmp instanceof ContactMemberPermission) {
$cmp = new ContactMemberPermission();
$cmp->setPermissionGroupId($pg_id);
$cmp->setMemberId($perm->m);
$cmp->setObjectTypeId($perm->o);
}
$cmp->setCanWrite($is_guest ? false : $perm->w);
$cmp->setCanDelete($is_guest ? false : $perm->d);
if ($perm->r) {
if (isset($allowed_members_ids[$perm->m]['w'])) {
if ($allowed_members_ids[$perm->m]['w'] != 1) {
$allowed_members_ids[$perm->m]['w'] = $is_guest ? false : $perm->w;
}
} else {
$allowed_members_ids[$perm->m]['w'] = $is_guest ? false : $perm->w;
}
if (isset($allowed_members_ids[$perm->m]['d'])) {
if ($allowed_members_ids[$perm->m]['d'] != 1) {
$allowed_members_ids[$perm->m]['d'] = $is_guest ? false : $perm->d;
}
} else {
$allowed_members_ids[$perm->m]['d'] = $is_guest ? false : $perm->d;
}
$cmp->save();
$all_perm_deleted[$perm->m] = false;
} else {
$cmp->delete();
}
$changed_members[] = $perm->m;
}
$sharingTablecontroller = new SharingTableController();
$sharingTablecontroller->afterPermissionChanged($pg_id, $permissions);
foreach ($allowed_members_ids as $key => $mids) {
$mbm = Members::findById($key);
$root_cmp = ContactMemberPermissions::findById(array('permission_group_id' => $mids['pg'], 'member_id' => $key, 'object_type_id' => $mbm->getObjectTypeId()));
if (!$root_cmp instanceof ContactMemberPermission) {
$root_cmp = new ContactMemberPermission();
$root_cmp->setPermissionGroupId($mids['pg']);
$root_cmp->setMemberId($key);
$root_cmp->setObjectTypeId($mbm->getObjectTypeId());
}
$root_cmp->setCanWrite($mids['w']);
$root_cmp->setCanDelete($mids['d']);
$root_cmp->save();
}
foreach ($all_perm_deleted as $mid => $pd) {
if ($pd) {
ContactMemberPermissions::instance()->delete("`permission_group_id` = {$pg_id} AND `member_id` = {$mid}");
}
}
}
// set all permissiions to read_only
if ($is_guest) {
$all_saved_permissions = ContactMemberPermissions::findAll(array("conditions" => "`permission_group_id` = {$pg_id}"));
foreach ($all_saved_permissions as $sp) {
/* @var $sp ContactMemberPermission */
if ($sp->getCanDelete() || $sp->getCanWrite()) {
$sp->setCanDelete(false);
$sp->setCanWrite(false);
$sp->save();
}
}
$cdps = ContactDimensionPermissions::findAll(array("conditions" => "`permission_type` = 'allow all'"));
foreach ($cdps as $cdp) {
$cdp->setPermissionType('check');
$cdp->save();
}
}
// check the status of the changed dimensions to set 'allow_all', 'deny_all' or 'check'
$dimensions = Dimensions::findAll(array("conditions" => array("`id` IN (SELECT DISTINCT `dimension_id` FROM " . Members::instance()->getTableName(true) . " WHERE `id` IN (?))", $changed_members)));
foreach ($dimensions as $dimension) {
$mem_ids = $dimension->getAllMembers(true);
if (count($mem_ids) == 0) {
$mem_ids[] = 0;
}
$count = ContactMemberPermissions::count(array('conditions' => "`permission_group_id`={$pg_id} AND `member_id` IN (" . implode(",", $mem_ids) . ") AND `can_delete` = 0"));
if ($count > 0) {
$dimension->setContactDimensionPermission($pg_id, 'check');
} else {
$count = ContactMemberPermissions::count(array('conditions' => "`permission_group_id`={$pg_id} AND `member_id` IN (" . implode(",", $mem_ids) . ")"));
if ($count == 0) {
$dimension->setContactDimensionPermission($pg_id, 'deny all');
} else {
$allow_all = true;
$dim_obj_types = $dimension->getAllowedObjectTypeContents();
$members = Members::findAll("`id` IN (" . implode(",", $mem_ids) . ")");
foreach ($dim_obj_types as $dim_obj_type) {
$mem_ids_for_ot = array();
foreach ($members as $member) {
if ($dim_obj_type->getDimensionObjectTypeId() == $member->getObjectTypeId()) {
$mem_ids_for_ot[] = $member->getId();
}
}
if (count($mem_ids_for_ot) == 0) {
$mem_ids_for_ot[] = 0;
}
$count = ContactMemberPermissions::count(array('conditions' => "`permission_group_id`={$pg_id} AND \n\t\t\t\t\t\t`object_type_id` = " . $dim_obj_type->getContentObjectTypeId() . " AND `can_delete` = 1 AND `member_id` IN (" . implode(",", $mem_ids_for_ot) . ")"));
if ($count != count($mem_ids_for_ot)) {
$allow_all = false;
break;
}
}
if ($allow_all) {
$dimension->setContactDimensionPermission($pg_id, 'allow all');
} else {
$dimension->setContactDimensionPermission($pg_id, 'check');
}
}
}
}
}
function list_objects()
{
/* get query parameters */
$filesPerPage = config_option('files_per_page');
$start = array_var($_GET, 'start') ? (int) array_var($_GET, 'start') : 0;
$limit = array_var($_GET, 'limit') ? array_var($_GET, 'limit') : $filesPerPage;
$order = array_var($_GET, 'sort');
$id_no_select = array_var($_GET, 'id_no_select', "undefined");
$ignore_context = (bool) array_var($_GET, 'ignore_context');
$member_ids = json_decode(array_var($_GET, 'member_ids'));
$extra_member_ids = json_decode(array_var($_GET, 'extra_member_ids'));
$orderdir = array_var($_GET, 'dir');
if (!in_array(strtoupper($orderdir), array('ASC', 'DESC'))) {
$orderdir = 'ASC';
}
if ($order == "dateUpdated") {
$order = "updated_on";
} elseif ($order == "dateArchived") {
$order = "archived_on";
} elseif ($order == "dateDeleted") {
$order = "trashed_on";
} elseif ($order == "name") {
$order = "name";
} else {
$order = "";
$orderdir = "";
}
$extra_list_params = array_var($_GET, 'extra_list_params');
$extra_list_params = json_decode($extra_list_params);
$page = (int) ($start / $limit) + 1;
$hide_private = !logged_user()->isMemberOfOwnerCompany();
$typeCSV = array_var($_GET, 'type');
$types = null;
if ($typeCSV) {
$types = explode(",", $typeCSV);
}
$name_filter = mysql_real_escape_string(array_var($_GET, 'name'));
$linked_obj_filter = array_var($_GET, 'linkedobject');
$object_ids_filter = '';
$show_all_linked_objects = false;
if (!is_null($linked_obj_filter)) {
$show_all_linked_objects = true;
$linkedObject = Objects::findObject($linked_obj_filter);
$objs = $linkedObject->getLinkedObjects();
foreach ($objs as $obj) {
$object_ids_filter .= ($object_ids_filter == '' ? '' : ',') . $obj->getId();
}
}
$filters = array();
if (!is_null($types)) {
$filters['types'] = $types;
}
if (!is_null($name_filter)) {
$filters['name'] = $name_filter;
}
if ($object_ids_filter != '') {
$filters['object_ids'] = $object_ids_filter;
}
$user = array_var($_GET, 'user');
$trashed = array_var($_GET, 'trashed', false);
$archived = array_var($_GET, 'archived', false);
/* if there's an action to execute, do so */
if (!$show_all_linked_objects) {
$this->processListActions();
}
$filterName = array_var($_GET, 'name');
$template_object_names = "";
$template_extra_condition = "true";
$template_objects = false;
if (in_array("template_task", array_var($filters, 'types', array())) || in_array("template_milestone", array_var($filters, 'types', array()))) {
$template_id = 0;
$template_objects = true;
if (isset($extra_list_params->template_id)) {
$template_id = $extra_list_params->template_id;
}
$tmpl_task = TemplateTasks::findById(intval($id_no_select));
if ($tmpl_task instanceof TemplateTask) {
$template_extra_condition = "o.id IN (SELECT object_id from " . TABLE_PREFIX . "template_tasks WHERE `template_id`=" . $tmpl_task->getTemplateId() . " OR `template_id`=0 AND `session_id`=" . logged_user()->getId() . " )";
} else {
$template_extra_condition = "o.id IN (SELECT object_id from " . TABLE_PREFIX . "template_tasks WHERE `template_id`=" . intval($template_id) . " OR `template_id`=0 AND `session_id`=" . logged_user()->getId() . " )";
}
} else {
$template_object_names = "AND name <> 'template_task' AND name <> 'template_milestone'";
}
$result = null;
$context = active_context();
$obj_type_types = array('content_object', 'dimension_object');
if (array_var($_GET, 'include_comments')) {
$obj_type_types[] = 'comment';
}
$type_condition = "";
if ($types) {
$type_condition = " AND name IN ('" . implode("','", $types) . "')";
}
$extra_conditions = array();
// user filter
if (in_array("contact", array_var($filters, 'types', array())) && isset($extra_list_params->is_user)) {
$joins[] = "\r\n\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "contacts c on c.object_id=o.id";
$extra_conditions[] = "\r\n\t\t\t\tc.user_type " . ($extra_list_params->is_user == 1 ? ">" : "=") . " 0";
if (isset($extra_list_params->has_permissions) && $extra_list_params->has_permissions > 0) {
$mem_id = $extra_list_params->has_permissions;
$extra_conditions[] = " EXISTS (\r\n\t\t\t\t\tSELECT cmp.permission_group_id FROM " . TABLE_PREFIX . "contact_member_permissions cmp\r\n\t\t\t\t\tWHERE cmp.permission_group_id IN (SELECT x.permission_group_id FROM " . TABLE_PREFIX . "contact_permission_groups x WHERE x.contact_id=o.id)\r\n\t\t\t\t\tAND cmp.member_id='{$mem_id}' \r\n\t\t\t\t\tAND cmp.object_type_id NOT IN (SELECT tp.object_type_id FROM " . TABLE_PREFIX . "tab_panels tp WHERE tp.enabled=0)\r\n\t\t\t\t\tAND cmp.object_type_id NOT IN (SELECT oott.id FROM " . TABLE_PREFIX . "object_types oott WHERE oott.name IN ('comment','template'))\r\n\t\t\t\t\tAND cmp.object_type_id IN (SELECT oott2.id FROM " . TABLE_PREFIX . "object_types oott2 WHERE oott2.type IN ('content_object','dimension_object'))\r\n\t\t\t\t)";
}
}
// Object type filter - exclude template types (if not template picker), filter by required type names (if specified) and match value with objects table
$extra_object_type_conditions = "\r\n\t\t\tAND name <> 'file revision' {$template_object_names} {$type_condition} AND o.object_type_id = ot.id";
$extra_conditions[] = ObjectTypes::getListableObjectsSqlCondition($extra_object_type_conditions);
// --
// logged user permission group ids
$logged_user_pg_ids = implode(',', logged_user()->getPermissionGroupIds());
// used in template object picker
$extra_conditions[] = $template_extra_condition;
// when filtering by name
if ($name_filter) {
$extra_conditions[] = "\r\n\t\t\t\tname LIKE '%{$name_filter}%'";
}
// when excluding some object in particular
if ($id_no_select != "undefined") {
$extra_conditions[] = "\r\n\t\t\t\tid <> '{$id_no_select}'";
}
// when filtering by some group of objects, for example in the linked objects view
if ($object_ids_filter != "") {
$extra_conditions[] = "\r\n\t\t\t\tid in ({$object_ids_filter})";
}
$joins[] = "\r\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "project_tasks pt on pt.object_id=o.id";
if (!SystemPermissions::userHasSystemPermission(logged_user(), 'can_see_assigned_to_other_tasks')) {
// exclude other users' tasks if cannot see them
$extra_conditions[] = "\r\n\t\t\t\t( pt.assigned_to_contact_id IS NULL OR pt.assigned_to_contact_id= " . logged_user()->getId() . ")";
}
// don't include tasks which have is_template=1
$extra_conditions[] = "\r\n\t\t\t( pt.is_template IS NULL OR pt.is_template=0)";
// trashed conditions
$extra_conditions[] = "\r\n\t\t\to.trashed_on" . ($trashed ? "<>" : "=") . "0";
// archived conditions
$extra_conditions[] = "\r\n\t\t\to.archived_on" . ($archived ? "<>" : "=") . "0";
// don't include unclassified mails from other accounts
if (Plugins::instance()->isActivePlugin('mail')) {
$accounts_of_loggued_user = MailAccountContacts::getByContact(logged_user());
$account_ids = array(0);
foreach ($accounts_of_loggued_user as $acc) {
$account_ids[] = $acc->getAccountId();
}
$joins[] = "\r\n\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "mail_contents mc on mc.object_id=o.id\r\n\t\t\t";
$extra_conditions[] = "\r\n\t\t\t\tIF( mc.account_id IS NULL, true, mc.account_id IN (" . implode(',', $account_ids) . ") OR EXISTS (\r\n\t\t\t\t\tSELECT om1.object_id FROM " . TABLE_PREFIX . "object_members om1 \r\n\t\t\t\t\t\tINNER JOIN " . TABLE_PREFIX . "members m1 ON m1.id=om1.member_id \r\n\t\t\t\t\t\tINNER JOIN " . TABLE_PREFIX . "dimensions d1 ON d1.id=m1.dimension_id \r\n\t\t\t\t\tWHERE om1.object_id=o.id AND d1.is_manageable=1)\r\n\t\t\t\t)";
}
// don't show attached files of emails that cannot be viewed
if (logged_user()->isAdministrator() && Plugins::instance()->isActivePlugin('mail')) {
$joins[] = "LEFT JOIN " . TABLE_PREFIX . "project_files pf on pf.object_id=o.id";
$extra_conditions[] = "IF(pf.mail_id IS NULL OR pf.mail_id = 0, true, \r\n\t\t\t\tpf.mail_id IN (SELECT sh.object_id FROM " . TABLE_PREFIX . "sharing_table sh WHERE pf.mail_id = sh.object_id AND sh.group_id IN ({$logged_user_pg_ids})))";
}
$only_count_result = array_var($_GET, 'only_result', false);
$count_results = array_var($_GET, 'count_results', false);
// Members filter
$sql_members = "";
if (!$ignore_context && !$member_ids) {
$members = active_context_members(false);
// Context Members Ids
} elseif (count($member_ids)) {
$members = $member_ids;
} else {
// get members from context
if (!$ignore_context) {
$members = active_context_members(false);
}
}
if (is_array($extra_member_ids)) {
if (isset($members)) {
$members = array_merge($members, $extra_member_ids);
} else {
$members = $extra_member_ids;
}
}
if (isset($members) && is_array($members) && count($members) > 0 && !(isset($template_id) && $template_id > 0)) {
$sql_members = "\r\n\t\t\t\tAND (EXISTS (SELECT om.object_id\r\n\t\t\t\t\tFROM " . TABLE_PREFIX . "object_members om\r\n\t\t\t\t\tWHERE om.member_id IN (" . implode(',', $members) . ") AND o.id = om.object_id \r\n\t\t\t\t\tGROUP BY object_id\r\n\t\t\t\t\tHAVING count(member_id) = " . count($members) . "\r\n\t\t\t\t))\r\n\t\t\t";
}
// --
// Permissions filter
if (isset($template_id) && $template_id > 0) {
// editing template items do not check permissions
$sql_permissions = "";
} else {
$sql_permissions = "\r\n\t\t\t\tAND EXISTS (SELECT sh.object_id FROM " . TABLE_PREFIX . "sharing_table sh WHERE sh.object_id=o.id AND sh.group_id IN ({$logged_user_pg_ids}))\r\n\t\t\t";
}
// Main select
$sql_select = "SELECT * FROM " . TABLE_PREFIX . "objects o ";
// Joins
$sql_joins = implode(" ", $joins);
// Where
$sql_where = "\r\n\t\t\tWHERE " . implode(" AND ", $extra_conditions) . $sql_permissions . $sql_members;
// Order
$sql_order = "";
if ($order) {
$sql_order = "\r\n\t\t\t\tORDER BY {$order} {$orderdir}\r\n\t\t\t";
}
// Limit
$sql_limit = "";
if ($start >= 0 && $limit > 0) {
$sql_limit = " LIMIT {$start}, {$limit}";
}
// Full SQL
$sql = "{$sql_select} {$sql_joins} {$sql_where} {$sql_order} {$sql_limit}";
// Execute query
if (!$only_count_result) {
$rows = DB::executeAll($sql);
}
// get total items
if ($count_results) {
$sql_count = "SELECT count(o.id) as total_items FROM " . TABLE_PREFIX . "objects o {$sql_joins} {$sql_where}";
$rows_count = DB::executeAll($sql_count);
$total_items = $rows_count[0]['total_items'];
} else {
if (isset($rows) && is_array($rows)) {
$total_items = count($rows) < $filesPerPage ? count($rows) : 1000000;
} else {
$total_items = 0;
}
}
// prepare response object
$info = array();
// get objects
if (isset($rows) && is_array($rows)) {
foreach ($rows as $row) {
$instance = Objects::findObject($row['id']);
if (!$instance instanceof ContentDataObject) {
continue;
}
$info_elem = $instance->getObject()->getArrayInfo();
$info_elem['url'] = $instance->getViewUrl();
$info_elem['isRead'] = $instance->getIsRead(logged_user()->getId());
$info_elem['manager'] = get_class($instance->manager());
$info_elem['memPath'] = json_encode($instance->getMembersIdsToDisplayPath());
if ($instance instanceof Contact) {
if ($instance->isCompany()) {
$info_elem['icon'] = 'ico-company';
$info_elem['type'] = 'company';
} else {
$info_elem['memPath'] = json_encode($instance->getUserType() ? "" : $instance->getMembersIdsToDisplayPath());
}
} else {
if ($instance instanceof ProjectFile) {
$info_elem['mimeType'] = $instance->getTypeString();
}
}
$info[] = $info_elem;
}
}
$listing = array("totalCount" => $total_items, "start" => $start, "objects" => $info);
ajx_extra_data($listing);
tpl_assign("listing", $listing);
if (isset($reload) && $reload) {
ajx_current("reload");
} else {
ajx_current("empty");
}
}
$parameters['root_permissions'] = $root_permissions;
$parameters['member_permissions'] = $member_permissions;
}
// Module Permissions
$module_permissions = TabPanelPermissions::findAll(array("conditions" => "`permission_group_id` = {$pg_id}"));
$module_permissions_info = array();
foreach ($module_permissions as $mp) {
$module_permissions_info[$mp->getTabPanelId()] = 1;
}
$all_modules = TabPanels::findAll(array("conditions" => "`enabled` = 1", "order" => "ordering"));
$all_modules_info = array();
foreach ($all_modules as $module) {
$all_modules_info[] = array('id' => $module->getId(), 'name' => lang($module->getTitle()), 'ot' => $module->getObjectTypeId());
}
// System Permissions
$system_permissions = SystemPermissions::findById($pg_id);
tpl_assign('module_permissions_info', $module_permissions_info);
tpl_assign('all_modules_info', $all_modules_info);
if (!$system_permissions instanceof SystemPermission) {
$system_permissions = new SystemPermission();
}
tpl_assign('system_permissions', $system_permissions);
tpl_assign('permission_parameters', $parameters);
$more_permissions = array();
Hook::fire('add_user_permissions', $pg_id, $more_permissions);
tpl_assign('more_permissions', $more_permissions);
tpl_assign('pg_id', $pg_id);
// Permission Groups
$groups = PermissionGroups::getNonPersonalSameLevelPermissionsGroups('`parent_id`,`id` ASC');
tpl_assign('groups', $groups);
foreach ($groups as $group) {
function save_permissions($pg_id, $is_guest = false, $permissions_data = null, $save_cmps = true, $update_sharing_table = true, $fire_hook = true, $update_contact_member_cache = true, $users_ids_to_check = array(), $only_member_permissions = false)
{
if (is_null($permissions_data)) {
// system permissions
$sys_permissions_data = array_var($_POST, 'sys_perm');
// module permissions
$mod_permissions_data = array_var($_POST, 'mod_perm');
// root permissions
if ($rp_genid = array_var($_POST, 'root_perm_genid')) {
$rp_permissions_data = array();
foreach ($_POST as $name => $value) {
if (str_starts_with($name, $rp_genid . 'rg_root_')) {
$rp_permissions_data[$name] = $value;
}
}
}
// member permissions
$permissionsString = array_var($_POST, 'permissions');
} else {
// system permissions
$sys_permissions_data = array_var($permissions_data, 'sys_perm');
// module permissions
$mod_permissions_data = array_var($permissions_data, 'mod_perm');
// root permissions
$rp_genid = array_var($permissions_data, 'root_perm_genid');
$rp_permissions_data = array_var($permissions_data, 'root_perm');
// member permissions
$permissionsString = array_var($permissions_data, 'permissions');
}
try {
DB::beginWork();
$changed_members = array();
// save module permissions
if (!$only_member_permissions) {
try {
TabPanelPermissions::clearByPermissionGroup($pg_id, true);
if (!is_null($mod_permissions_data) && is_array($mod_permissions_data)) {
foreach ($mod_permissions_data as $tab_id => $val) {
DB::execute("INSERT INTO " . TABLE_PREFIX . "tab_panel_permissions (permission_group_id,tab_panel_id) VALUES ('{$pg_id}','{$tab_id}') ON DUPLICATE KEY UPDATE permission_group_id=permission_group_id");
}
}
} catch (Exception $e) {
Logger::log("Error saving module permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
throw $e;
}
}
$root_permissions_sharing_table_delete = array();
$root_permissions_sharing_table_add = array();
if (logged_user() instanceof Contact && can_manage_security(logged_user())) {
try {
if (!$only_member_permissions) {
// save system permissions
$system_permissions = SystemPermissions::findById($pg_id);
if (!$system_permissions instanceof SystemPermission) {
$system_permissions = new SystemPermission();
$system_permissions->setPermissionGroupId($pg_id);
}
$system_permissions->setAllPermissions(false);
$other_permissions = array();
Hook::fire('add_user_permissions', $pg_id, $other_permissions);
foreach ($other_permissions as $k => $v) {
$system_permissions->setColumnValue($k, false);
}
// check max permissions for role, in case of modifying user's permissions
$role_id = "-1";
$tmp_contact = Contacts::findOne(array('conditions' => 'permission_group_id = ' . $pg_id));
if ($tmp_contact instanceof Contact) {
$role_id = $tmp_contact->getUserType();
}
$max_role_system_permissions = MaxSystemPermissions::findOne(array('conditions' => 'permission_group_id = ' . $role_id));
if ($max_role_system_permissions instanceof MaxSystemPermission) {
foreach ($sys_permissions_data as $col => &$val) {
$max_val = $max_role_system_permissions->getColumnValue($col);
if (!$max_val) {
unset($sys_permissions_data[$col]);
}
}
}
// don't allow to write emails for collaborators and guests
if ($tmp_contact instanceof Contact) {
$user_type_name = $tmp_contact->getUserTypeName();
if (!in_array($user_type_name, array('Super Administrator', 'Administrator', 'Manager', 'Executive'))) {
$mail_ot = ObjectTypes::findByName('mail');
if ($mail_ot instanceof ObjectType) {
DB::executeAll("UPDATE " . TABLE_PREFIX . "contact_member_permissions SET can_write=0, can_delete=0 WHERE object_type_id=" . $mail_ot->getId() . " AND permission_group_id={$pg_id}");
}
}
}
$sys_permissions_data['can_task_assignee'] = !$is_guest;
$system_permissions->setFromAttributes($sys_permissions_data);
$system_permissions->setUseOnDuplicateKeyWhenInsert(true);
$system_permissions->save();
//object type root permissions
$can_have_root_permissions = config_option('let_users_create_objects_in_root') && in_array($user_type_name, array('Super Administrator', 'Administrator', 'Manager', 'Executive'));
if ($rp_genid && $can_have_root_permissions) {
ContactMemberPermissions::delete("permission_group_id = {$pg_id} AND member_id = 0");
foreach ($rp_permissions_data as $name => $value) {
if (str_starts_with($name, $rp_genid . 'rg_root_')) {
$rp_ot = substr($name, strrpos($name, '_') + 1);
if (is_numeric($rp_ot) && $rp_ot > 0 && $value == 0) {
$root_permissions_sharing_table_delete[] = $rp_ot;
}
if (!is_numeric($rp_ot) || $rp_ot <= 0 || $value < 1) {
continue;
}
$root_permissions_sharing_table_add[] = $rp_ot;
// save with member_id = 0
$root_perm_cmp = new ContactMemberPermission();
$root_perm_cmp->setPermissionGroupId($pg_id);
$root_perm_cmp->setMemberId('0');
$root_perm_cmp->setObjectTypeId($rp_ot);
$root_perm_cmp->setCanWrite($value >= 2);
$root_perm_cmp->setCanDelete($value >= 3);
$root_perm_cmp->save();
}
}
}
if (!$can_have_root_permissions) {
ContactMemberPermissions::delete("permission_group_id = {$pg_id} AND member_id = 0");
$sh_controller = new SharingTableController();
$all_object_type_ids = ObjectTypes::findAll(array('id' => true));
$sh_controller->adjust_root_permissions($pg_id, array('root_permissions_sharing_table_delete' => $all_object_type_ids));
}
}
} catch (Exception $e) {
Logger::log("Error saving system and root permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
throw $e;
}
}
// set all permissions to read_only if user is guest
if ($is_guest) {
try {
$all_saved_permissions = ContactMemberPermissions::findAll(array("conditions" => "`permission_group_id` = {$pg_id}"));
foreach ($all_saved_permissions as $sp) {
/* @var $sp ContactMemberPermission */
if ($sp->getCanDelete() || $sp->getCanWrite()) {
$sp->setCanDelete(false);
$sp->setCanWrite(false);
$sp->save();
}
}
$cdps = ContactDimensionPermissions::findAll(array("conditions" => "`permission_type` = 'allow all'"));
foreach ($cdps as $cdp) {
$cdp->setPermissionType('check');
$cdp->save();
}
} catch (Exception $e) {
Logger::log("Error setting guest user permissions to read_only for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
throw $e;
}
}
// check the status of the changed dimensions to set 'allow_all', 'deny_all' or 'check'
try {
$dimensions = Dimensions::findAll(array("conditions" => array("`id` IN (SELECT DISTINCT `dimension_id` FROM " . Members::instance()->getTableName(true) . " WHERE `id` IN (?))", $changed_members)));
foreach ($dimensions as $dimension) {
$dimension->setContactDimensionPermission($pg_id, 'check');
}
} catch (Exception $e) {
Logger::log("Error setting dimension permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
throw $e;
}
//member permissions
if ($permissionsString && $permissionsString != '') {
$permissions = json_decode($permissionsString);
}
if (isset($permissions) && !is_null($permissions) && is_array($permissions)) {
try {
$tmp_contact = Contacts::findOne(array('conditions' => 'permission_group_id = ' . $pg_id));
if ($tmp_contact instanceof Contact) {
$user_type_name = $tmp_contact->getUserTypeName();
$role_id = $tmp_contact->getUserType();
$max_role_ot_perms = MaxRoleObjectTypePermissions::instance()->findAll(array('conditions' => "role_id = '{$role_id}'"));
}
$mail_ot = ObjectTypes::findByName('mail');
$sql_insert_values = "";
$member_object_types_to_delete = array();
$allowed_members_ids = array();
foreach ($permissions as &$perm) {
if (!isset($all_perm_deleted[$perm->m])) {
$all_perm_deleted[$perm->m] = true;
}
$allowed_members_ids[$perm->m] = array();
$allowed_members_ids[$perm->m]['pg'] = $pg_id;
if ($perm->r) {
if (isset($allowed_members_ids[$perm->m]['w'])) {
if ($allowed_members_ids[$perm->m]['w'] != 1) {
$allowed_members_ids[$perm->m]['w'] = $is_guest ? false : $perm->w;
}
} else {
$allowed_members_ids[$perm->m]['w'] = $is_guest ? false : $perm->w;
}
if (isset($allowed_members_ids[$perm->m]['d'])) {
if ($allowed_members_ids[$perm->m]['d'] != 1) {
$allowed_members_ids[$perm->m]['d'] = $is_guest ? false : $perm->d;
}
} else {
$allowed_members_ids[$perm->m]['d'] = $is_guest ? false : $perm->d;
}
// check max permissions for user type
if ($tmp_contact instanceof Contact) {
$max_perm = null;
foreach ($max_role_ot_perms as $max_role_ot_perm) {
if ($max_role_ot_perm->getObjectTypeId() == $perm->o) {
$max_perm = $max_role_ot_perm;
}
}
if ($max_perm) {
if (!$max_perm->getCanDelete()) {
$perm->d = 0;
}
if (!$max_perm->getCanWrite()) {
$perm->w = 0;
}
} else {
$perm->d = 0;
$perm->w = 0;
$perm->r = 0;
}
}
if ($save_cmps) {
// don't allow to write emails for collaborators and guests
if ($tmp_contact instanceof Contact && !in_array($user_type_name, array('Super Administrator', 'Administrator', 'Manager', 'Executive'))) {
if ($mail_ot instanceof ObjectType && $perm->o == $mail_ot->getId()) {
$perm->d = 0;
$perm->w = 0;
}
}
$sql_insert_values .= ($sql_insert_values == "" ? "" : ",") . "('" . $pg_id . "','" . $perm->m . "','" . $perm->o . "','" . $perm->d . "','" . $perm->w . "')";
if (!isset($member_object_types_to_delete[$perm->m])) {
$member_object_types_to_delete[$perm->m] = array();
}
$member_object_types_to_delete[$perm->m][] = $perm->o;
}
$all_perm_deleted[$perm->m] = false;
} else {
if (is_numeric($perm->m) && is_numeric($perm->o)) {
DB::execute("DELETE FROM " . TABLE_PREFIX . "contact_member_permissions WHERE member_id='" . $perm->m . "' AND object_type_id='" . $perm->o . "' AND permission_group_id={$pg_id}");
}
}
$changed_members[] = $perm->m;
}
if ($save_cmps) {
if (count($all_perm_deleted) > 0) {
$member_ids_to_delete = array();
foreach ($all_perm_deleted as $mid => $del) {
// also check in contact_member_permissions
$cmps = ContactMemberPermissions::findAll(array('conditions' => 'permission_group_id=' . $pg_id . " AND member_id={$mid}"));
if ($del && (!is_array($cmps) || count($cmps) == 0)) {
$member_ids_to_delete[] = $mid;
}
}
if (count($member_ids_to_delete) > 0) {
DB::execute("DELETE FROM " . TABLE_PREFIX . "contact_member_permissions WHERE member_id IN (" . implode(',', $member_ids_to_delete) . ") AND permission_group_id={$pg_id}");
}
}
foreach ($member_object_types_to_delete as $mid => $obj_type_ids) {
if (count($obj_type_ids) > 0) {
DB::execute("DELETE FROM " . TABLE_PREFIX . "contact_member_permissions WHERE member_id={$mid} AND object_type_id IN (" . implode(',', $obj_type_ids) . ") AND permission_group_id={$pg_id}");
}
}
if ($sql_insert_values != "") {
DB::execute("INSERT INTO " . TABLE_PREFIX . "contact_member_permissions (permission_group_id, member_id, object_type_id, can_delete, can_write) VALUES {$sql_insert_values} ON DUPLICATE KEY UPDATE member_id=member_id");
}
}
} catch (Exception $e) {
Logger::log("Error saving member permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
throw $e;
}
}
DB::commit();
} catch (Exception $e) {
Logger::log("Error saving permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
DB::rollback();
}
try {
if (isset($permissions) && !is_null($permissions) && is_array($permissions)) {
if ($update_sharing_table) {
try {
$sharingTablecontroller = new SharingTableController();
$rp_info = array('root_permissions_sharing_table_delete' => $root_permissions_sharing_table_delete, 'root_permissions_sharing_table_add' => $root_permissions_sharing_table_add);
$sharingTablecontroller->afterPermissionChanged($pg_id, $permissions, $rp_info);
} catch (Exception $e) {
Logger::log("Error saving permissions to sharing table for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
throw $e;
}
}
if ($update_contact_member_cache) {
try {
$contactMemberCacheController = new ContactMemberCacheController();
$group = PermissionGroups::findById($pg_id);
$real_group = null;
if ($group->getType() == 'user_groups') {
$real_group = $group;
}
$users = $group->getUsers();
$users_ids_checked = array();
foreach ($users as $us) {
$users_ids_checked[] = $us->getId();
$contactMemberCacheController->afterUserPermissionChanged($us, $permissions, $real_group);
}
//check all users related to the group
foreach ($users_ids_to_check as $us_id) {
if (!in_array($us_id, $users_ids_checked)) {
$users_ids_checked[] = $us_id;
$us = Contacts::findById($us_id);
if ($us instanceof Contact) {
$contactMemberCacheController->afterUserPermissionChanged($us, $permissions, $real_group);
}
}
}
} catch (Exception $e) {
Logger::log("Error saving permissions to contact member cache for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
throw $e;
}
}
}
} catch (Exception $e) {
Logger::log("Error saving module permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
}
if ($fire_hook) {
Hook::fire('after_save_contact_permissions', $pg_id, $pg_id);
}
// remove contact object from members where permissions were deleted
$user = Contacts::findOne(array('conditions' => 'permission_group_id=' . $pg_id));
if ($user instanceof Contact) {
$to_remove = array();
if (isset($all_perm_deleted) && is_array($all_perm_deleted)) {
foreach ($all_perm_deleted as $m_id => $must_remove) {
if ($must_remove) {
$to_remove[] = $m_id;
}
}
ObjectMembers::removeObjectFromMembers($user, logged_user(), null, $to_remove);
}
}
}
function new_list_tasks(){
//load config options into cache for better performance
load_user_config_options_by_category_name('task panel');
// get query parameters, save user preferences if necessary
$status = array_var($_GET,'status',null);
if (is_null($status) || $status == '') {
$status = user_config_option('task panel status',2);
} else
if (user_config_option('task panel status') != $status) {
set_user_config_option('task panel status', $status, logged_user()->getId());
}
$previous_filter = user_config_option('task panel filter', 'no_filter');
$filter = array_var($_GET, 'filter');
if (is_null($filter) || $filter == '') {
$filter = $previous_filter;
} else if ($previous_filter != $filter) {
set_user_config_option('task panel filter', $filter, logged_user()->getId());
}
if ($filter != 'no_filter'){
$filter_value = array_var($_GET,'fval');
if (is_null($filter_value) || $filter_value == '') {
$filter_value = user_config_option('task panel filter value', null, logged_user()->getId());
set_user_config_option('task panel filter value', $filter_value, logged_user()->getId());
$filter = $previous_filter;
set_user_config_option('task panel filter', $filter, logged_user()->getId());
} else
if (user_config_option('task panel filter value') != $filter_value) {
set_user_config_option('task panel filter value', $filter_value, logged_user()->getId());
}
}
$isJson = array_var($_GET,'isJson',false);
if ($isJson) ajx_current("empty");
$template_condition = "`is_template` = 0 ";
//Get the task query conditions
$task_filter_condition = "";
switch($filter){
case 'assigned_to':
$assigned_to = $filter_value;
if ($assigned_to > 0) {
$task_filter_condition = " AND (`assigned_to_contact_id` = " . $assigned_to . ") ";
} else {
if ($assigned_to == -1)
$task_filter_condition = " AND `assigned_to_contact_id` = 0";
}
break;
case 'assigned_by':
if ($filter_value != 0) {
$task_filter_condition = " AND `assigned_by_id` = " . $filter_value . " ";
}
break;
case 'created_by':
if ($filter_value != 0) {
$task_filter_condition = " AND `created_by_id` = " . $filter_value . " ";
}
break;
case 'completed_by':
if ($filter_value != 0) {
$task_filter_condition = " AND `completed_by_id` = " . $filter_value . " ";
}
break;
case 'milestone':
$task_filter_condition = " AND `milestone_id` = " . $filter_value . " ";
break;
case 'priority':
$task_filter_condition = " AND `priority` = " . $filter_value . " ";
break;
case 'subtype':
if ($filter_value != 0) {
$task_filter_condition = " AND `object_subtype` = " . $filter_value . " ";
}
break;
case 'subscribed_to':
if ($filter_value > 0) {
$res20 = DB::execute("SELECT object_id FROM ". TABLE_PREFIX . "object_subscriptions WHERE `contact_id` = " . $filter_value);
$subs_rows = $res20->fetchAll($res20);
$subs = array();
if(count($subs_rows) > 0){
foreach($subs_rows as $row) $subs[] = $row['object_id'];
unset($res20, $subs_rows, $row);
if(count($subs) > 0){
$task_filter_condition = " AND `completed_on` = " . DB::escape(EMPTY_DATETIME) . " AND `id` IN(" . implode(',', $subs) . ")";
}
}else{
$task_filter_condition = " AND `completed_on` = " . DB::escape(EMPTY_DATETIME) . " AND `id` = -1";
}
}
break;
case 'no_filter':
$task_filter_condition = "";
break;
default:
flash_error(lang('task filter criteria not recognised', $filter));
}
$task_status_condition = "";
$now_date = DateTimeValueLib::now();
$now_date->advance(logged_user()->getTimezone() * 3600);
$now = $now_date->format('Y-m-d 00:00:00');
$now_end = $now_date->format('Y-m-d 23:59:59');
switch($status){
case 0: // Incomplete tasks
$task_status_condition = " AND `completed_on` = " . DB::escape(EMPTY_DATETIME);
break;
case 1: // Complete tasks
$task_status_condition = " AND `completed_on` > " . DB::escape(EMPTY_DATETIME);
break;
case 10: // Active tasks
$task_status_condition = " AND (SELECT COUNT(ts.object_id) FROM ".TABLE_PREFIX."timeslots ts WHERE ts.rel_object_id=o.id AND ts.end_time = '".EMPTY_DATETIME."') > 0";
break;
case 11: // Overdue tasks
$task_status_condition = " AND `completed_on` = " . DB::escape(EMPTY_DATETIME) . " AND `due_date` < '$now'";
break;
case 12: // Today tasks
$task_status_condition = " AND `completed_on` = " . DB::escape(EMPTY_DATETIME) . " AND `due_date` >= '$now' AND `due_date` <= '$now_end'";
break;
case 13: // Today + Overdue tasks
$task_status_condition = " AND `completed_on` = " . DB::escape(EMPTY_DATETIME) . " AND `due_date` <= '$now_end'";
break;
case 20: // Actives task by current user
$task_status_condition = " AND `completed_on` = " . DB::escape(EMPTY_DATETIME) . " AND `start_date` <= '$now' AND `assigned_to_contact_id` = " . logged_user()->getId();
break;
case 21: // Subscribed tasks by current user
$res20 = DB::execute("SELECT object_id FROM ". TABLE_PREFIX . "object_subscriptions WHERE `contact_id` = " . logged_user()->getId());
$subs_rows = $res20->fetchAll($res20);
foreach($subs_rows as $row) $subs[] = $row['object_id'];
unset($res20, $subs_rows, $row);
$task_status_condition = " AND `completed_on` = " . DB::escape(EMPTY_DATETIME) . " AND `id` IN(" . implode(',', $subs) . ")";
break;
case 2: // All tasks
break;
default:
throw new Exception('Task status "' . $status . '" not recognised');
}
$task_assignment_conditions = "";
if (!SystemPermissions::userHasSystemPermission(logged_user(), 'can_see_assigned_to_other_tasks')) {
$task_assignment_conditions = " AND assigned_to_contact_id = ".logged_user()->getId();
}
$conditions = "AND $template_condition $task_filter_condition $task_status_condition $task_assignment_conditions";
//Now get the tasks
$tasks = ProjectTasks::instance()->listing(array(
"extra_conditions" => $conditions,
"start" => 0,
"limit" => user_config_option('task_display_limit', 501),
"count_results" => false,
"raw_data" => true,
))->objects;
$pendingstr = $status == 0 ? " AND `completed_on` = " . DB::escape(EMPTY_DATETIME) . " " : "";
$milestone_conditions = " AND `is_template` = false " . $pendingstr;
//Find all internal milestones for these tasks
$internalMilestones = ProjectMilestones::instance()->listing(array("extra_conditions" => $milestone_conditions))->objects;
//Find all external milestones for these tasks, external milestones are the ones that belong to a parent member and have tasks in the current member
$milestone_ids = array();
if($tasks){
$task_ids = array();
foreach ($tasks as $task){
$task_ids[] = $task['id'];
if ($task['milestone_id'] != 0) {
$milestone_ids[$task['milestone_id']] = $task['milestone_id'];
}
}
// generate request cache
ObjectMembers::instance()->getCachedObjectMembers(0, $task_ids);
ProjectTasks::instance()->findByRelatedCached(0, $task_ids);
}
$int_milestone_ids = array();
foreach($internalMilestones as $milestone) {
$int_milestone_ids[] = $milestone->getId();
}
$milestone_ids = array_diff($milestone_ids, $int_milestone_ids);
if (count($milestone_ids) == 0) $milestone_ids[] = 0;
$ext_milestone_conditions = " `is_template` = false " . $pendingstr . ' AND `object_id` IN (' . implode(',',$milestone_ids) . ')';
$externalMilestones = ProjectMilestones::findAll(array('conditions' => $ext_milestone_conditions));
// Get Users Info
$users = allowed_users_in_context(ProjectTasks::instance()->getObjectTypeId(), active_context(), ACCESS_LEVEL_READ);
$allUsers = Contacts::getAllUsers();
$user_ids = array(-1);
foreach ($allUsers as $user) {
$user_ids[] = $user->getId();
}
// only companies with users
$companies = Contacts::findAll(array(
"conditions" => "e.is_company = 1",
"join" => array(
"table" => Contacts::instance()->getTableName(),
"jt_field" => "object_id",
"j_sub_q" => "SELECT xx.object_id FROM ".Contacts::instance()->getTableName(true)." xx WHERE
xx.is_company=0 AND xx.company_id = e.object_id AND xx.object_id IN (".implode(",", $user_ids).") LIMIT 1"
)
));
tpl_assign('tasks', $tasks);
if (config_option('use tasks dependencies')) {
$dependency_count = array();
foreach ($tasks as $task) {
$previous = 0;
$ptasks = ProjectTaskDependencies::getDependenciesForTask($task['id']);
foreach ($ptasks as $pdep) {
$ptask = ProjectTasks::findById($pdep->getPreviousTaskId());
if ($ptask instanceof ProjectTask && !$ptask->isCompleted()) $previous++;
}
$dependants = ProjectTaskDependencies::getDependantsForTask($task['id']);
$dep_csv = "";
foreach ($dependants as $dep) $dep_csv .= ($dep_csv==""?"":",") . $dep->getTaskId();
$dependency_count[] = array('id' => $task['id'], 'count' => $previous, 'dependants' => $dep_csv);
}
tpl_assign('dependency_count', $dependency_count);
}
if (!$isJson){
$all_templates = COTemplates::findAll(array('conditions' => '`trashed_by_id` = 0 AND `archived_by_id` = 0'));
tpl_assign('all_templates', $all_templates);
if (user_config_option('task_display_limit') > 0 && count($tasks) > user_config_option('task_display_limit')) {
tpl_assign('displayTooManyTasks', true);
array_pop($tasks);
}
tpl_assign('object_subtypes',array());
tpl_assign('internalMilestones', $internalMilestones);
tpl_assign('externalMilestones', $externalMilestones);
tpl_assign('users', $users);
tpl_assign('allUsers', $allUsers);
tpl_assign('companies', $companies);
$userPref = array();
$userPref = array(
'filterValue' => isset($filter_value) ? $filter_value : '',
'filter' => $filter,
'status' => $status,
'showWorkspaces' => user_config_option('tasksShowWorkspaces',1),
'showTime' => user_config_option('tasksShowTime'),
'showDates' => user_config_option('tasksShowDates'),
'showTags' => user_config_option('tasksShowTags',0),
'showEmptyMilestones' => user_config_option('tasksShowEmptyMilestones',1),
'showTimeEstimates' => user_config_option('tasksShowTimeEstimates',1),
'groupBy' => user_config_option('tasksGroupBy'),
'orderBy' => user_config_option('tasksOrderBy'),
'defaultNotifyValue' => user_config_option('can notify from quick add'),
);
hook::fire('tasks_user_preferences', null, $userPref);
tpl_assign('userPreferences', $userPref);
ajx_set_no_toolbar(true);
}
}
/**
* Returns timeslots based on the set query parameters
*
* @param User $user
* @param string $workspacesCSV
* @param DateTimeValue $start_date
* @param DateTimeValue $end_date
* @param string $object_id
* @param array $group_by
* @param array $order_by
* @return array
*/
static function getTaskTimeslots($context, $members = null, $user = null, $start_date = null, $end_date = null, $object_id = 0, $group_by = null, $order_by = null, $limit = 0, $offset = 0, $timeslot_type = 0, $extra_conditions = '')
{
$commonConditions = "";
if ($start_date) {
$commonConditions .= DB::prepareString(' AND `e`.`start_time` >= ? ', array($start_date));
}
if ($end_date) {
$commonConditions .= DB::prepareString(' AND (`e`.`paused_on` <> 0 AND `e`.`paused_on` <= ? OR `e`.`end_time` <> 0 AND `e`.`end_time` <= ?) ', array($end_date, $end_date));
}
//User condition
$commonConditions .= $user ? ' AND `e`.`contact_id` = ' . $user->getId() : '';
//Object condition
$commonConditions .= $object_id > 0 ? ' AND `e`.`rel_object_id` = ' . $object_id : '';
switch ($timeslot_type) {
case 0:
//Task timeslots
$conditions = " AND EXISTS (SELECT `obj`.`id` FROM `" . TABLE_PREFIX . "objects` `obj` WHERE `obj`.`id` = `e`.`rel_object_id` AND `obj`.`trashed_on` = 0 AND `obj`.`archived_on` = 0)";
break;
case 1:
//Time timeslots
$conditions = " AND `e`.`rel_object_id` = 0";
break;
case 2:
//All timeslots
$conditions = " AND (`e`.`rel_object_id` = 0 OR `e`.`rel_object_id` IN (SELECT `obj`.`id` FROM `" . TABLE_PREFIX . "objects` `obj` WHERE `obj`.`trashed_on` = 0 AND `obj`.`archived_on` = 0))";
break;
default:
throw new Error("Timeslot type not recognised: " . $timeslot_type);
}
if (!SystemPermissions::userHasSystemPermission(logged_user(), 'can_see_assigned_to_other_tasks')) {
$conditions .= " AND `e`.`contact_id` = " . logged_user()->getId();
}
$conditions .= $commonConditions . $extra_conditions;
$order_by[] = 'start_time';
$result = self::instance()->listing(array('order' => $order_by, 'extra_conditions' => $conditions));
return $result->objects;
}
/**
* This function will return paginated result. Result is an array where first element is
* array of returned object and second populated pagination object that can be used for
* obtaining and rendering pagination data using various helpers.
*
* Items and pagination array vars are indexed with 0 for items and 1 for pagination
* because you can't use associative indexing with list() construct
*
* @access public
* @param array $arguments Query argumens (@see find()) Limit and offset are ignored!
* @param integer $items_per_page Number of items per page
* @param integer $current_page Current page number
* @return array
*/
function paginate($arguments = null, $items_per_page = 10, $current_page = 1)
{
if (isset($this) && instance_of($this, 'SystemPermissions')) {
return parent::paginate($arguments, $items_per_page, $current_page);
} else {
return SystemPermissions::instance()->paginate($arguments, $items_per_page, $current_page);
}
// if
}
function change_invitation_state($attendance = null, $event_id = null, $user_id = null)
{
$from_post_get = $attendance == null || $event_id == null;
// Take variables from post
if ($attendance == null) {
$attendance = array_var($_POST, 'event_attendance');
}
if ($event_id == null) {
$event_id = array_var($_POST, 'event_id');
}
if ($user_id == null) {
$user_id = array_var($_POST, 'user_id');
}
// If post is empty, take variables from get
if ($attendance == null) {
$attendance = array_var($_GET, 'at');
}
if ($event_id == null) {
$event_id = array_var($_GET, 'e');
}
if ($user_id == null) {
$user_id = array_var($_GET, 'u');
}
$silent = array_var($_REQUEST, 'silent');
if ($attendance == null || $event_id == null) {
flash_error('Missing parameters');
ajx_current("back");
} else {
$conditions = array('conditions' => "`event_id` = " . DB::escape($event_id) . " AND `contact_id` = " . DB::escape($user_id));
$inv = EventInvitations::findOne($conditions);
$conditions_all = array('conditions' => "`event_id` = " . DB::escape($event_id));
$invs = EventInvitations::findAll($conditions_all);
if ($inv != null) {
if (!SystemPermissions::userHasSystemPermission(logged_user(), 'can_update_other_users_invitations') && $inv->getContactId() != logged_user()->getId()) {
flash_error(lang('no access permissions'));
self::view_calendar();
return;
}
try {
DB::beginWork();
$inv->setInvitationState($attendance);
$inv->save();
DB::commit();
} catch (Exception $e) {
DB::rollback();
flash_error($e->getMessage());
ajx_current("empty");
return;
}
}
if ($from_post_get) {
// Notify creator (only when invitation is accepted or declined)
$event = ProjectEvents::findById(array('id' => $event_id));
if ($inv->getInvitationState() == 1 || $inv->getInvitationState() == 2) {
$user = Contacts::findById(array('id' => $user_id));
session_commit();
Notifier::notifEventAssistance($event, $inv, $user, $invs);
if (!$silent) {
if ($inv->getInvitationState() == 1) {
flash_success(lang('invitation accepted'));
} else {
flash_success(lang('invitation rejected'));
}
}
} else {
if (!$silent) {
flash_success(lang('success edit event', $event instanceof ProjectEvent ? clean($event->getObjectName()) : ''));
}
}
if (array_var($_GET, 'at')) {
self::view_calendar();
} else {
if (!$silent) {
ajx_current("reload");
} else {
ajx_current("empty");
}
}
}
}
}
function list_objects() {
/* get query parameters */
$filesPerPage = config_option('files_per_page');
$start = array_var($_GET,'start') ? (integer)array_var($_GET,'start') : 0;
$limit = array_var($_GET,'limit') ? array_var($_GET,'limit') : $filesPerPage;
$order = array_var($_GET,'sort');
$id_no_select = array_var($_GET,'id_no_select',"undefined");
$ignore_context = (bool) array_var($_GET, 'ignore_context');
$member_ids = json_decode(array_var($_GET, 'member_ids'));
$extra_member_ids = json_decode(array_var($_GET, 'extra_member_ids'));
$orderdir = array_var($_GET,'dir');
if (!in_array(strtoupper($orderdir), array('ASC', 'DESC'))) $orderdir = 'ASC';
if ($order == "dateUpdated") {
$order = "updated_on";
}elseif ($order == "dateArchived") {
$order = "archived_on";
}elseif ($order == "dateDeleted") {
$order = "trashed_on";
} else {
$order = "";
$orderdir = "";
}
$page = (integer) ($start / $limit) + 1;
$hide_private = !logged_user()->isMemberOfOwnerCompany();
$typeCSV = array_var($_GET, 'type');
$types = null;
if ($typeCSV) {
$types = explode(",", $typeCSV);
}
$name_filter = mysql_escape_string( array_var($_GET, 'name') );
$linked_obj_filter = array_var($_GET, 'linkedobject');
$object_ids_filter = '';
$show_all_linked_objects = false;
if (!is_null($linked_obj_filter)) {
$show_all_linked_objects = true;
$linkedObject = Objects::findObject($linked_obj_filter);
$objs = $linkedObject->getLinkedObjects();
foreach ($objs as $obj) $object_ids_filter .= ($object_ids_filter == '' ? '' : ',') . $obj->getId();
}
$filters = array();
if (!is_null($types)) $filters['types'] = $types;
if (!is_null($name_filter)) $filters['name'] = $name_filter;
if ($object_ids_filter != '') $filters['object_ids'] = $object_ids_filter;
$user = array_var($_GET,'user');
$trashed = array_var($_GET, 'trashed', false);
$archived = array_var($_GET, 'archived', false);
/* if there's an action to execute, do so */
if (!$show_all_linked_objects){
$linkedObject = null;
if (array_var($_GET, 'action') == 'delete') {
$ids = explode(',', array_var($_GET, 'objects'));
$result = ContentDataObjects::listing(array(
"extra_conditions" => " AND o.id IN (".implode(",",$ids).") ",
"include_deleted" => true
));
$objects = $result->objects;
$real_deleted_ids = array();
list($succ, $err) = $this->do_delete_objects($objects, false, $real_deleted_ids);
if ($err > 0) {
flash_error(lang('error delete objects', $err));
} else {
Hook::fire('after_object_delete_permanently', $real_deleted_ids, $ignored);
flash_success(lang('success delete objects', $succ));
}
} else if (array_var($_GET, 'action') == 'delete_permanently') {
$ids = explode(',', array_var($_GET, 'objects'));
$objects = Objects::instance()->findAll(array("conditions" => "id IN (".implode(",",$ids).")"));
$real_deleted_ids = array();
list($succ, $err) = $this->do_delete_objects($objects, true, $real_deleted_ids);
if ($err > 0) {
flash_error(lang('error delete objects', $err));
}
if ($succ > 0) {
Hook::fire('after_object_delete_permanently', $real_deleted_ids, $ignored);
flash_success(lang('success delete objects', $succ));
}
}else if (array_var($_GET, 'action') == 'markasread') {
$ids = explode(',', array_var($_GET, 'objects'));
list($succ, $err) = $this->do_mark_as_read_unread_objects($ids, true);
}else if (array_var($_GET, 'action') == 'markasunread') {
$ids = explode(',', array_var($_GET, 'objects'));
list($succ, $err) = $this->do_mark_as_read_unread_objects($ids, false);
}else if (array_var($_GET, 'action') == 'empty_trash_can') {
$result = Objects::getObjectsFromContext(active_context(), 'trashed_on', 'desc', true);
$objects = $result->objects;
list($succ, $err) = $this->do_delete_objects($objects, true);
if ($err > 0) {
flash_error(lang('error delete objects', $err));
}
if ($succ > 0) {
flash_success(lang('success delete objects', $succ));
}
} else if (array_var($_GET, 'action') == 'archive') {
$ids = explode(',', array_var($_GET, 'objects'));
list($succ, $err) = $this->do_archive_unarchive_objects($ids, 'archive');
if ($err > 0) {
flash_error(lang('error archive objects', $err));
} else {
flash_success(lang('success archive objects', $succ));
}
} else if (array_var($_GET, 'action') == 'unarchive') {
$ids = explode(',', array_var($_GET, 'objects'));
list($succ, $err) = $this->do_archive_unarchive_objects($ids, 'unarchive');
if ($err > 0) {
flash_error(lang('error unarchive objects', $err));
} else {
flash_success(lang('success unarchive objects', $succ));
}
}
else if (array_var($_GET, 'action') == 'unclassify') {
$ids = explode(',', array_var($_GET, 'objects'));
$err = 0;
$succ = 0;
foreach ($ids as $id) {
$split = explode(":", $id);
$type = $split[0];
if (Plugins::instance()->isActivePlugin('mail') && $type == 'MailContents') {
$email = MailContents::findById($split[1]);
if (isset($email) && !$email->isDeleted() && $email->canEdit(logged_user())){
if (MailController::do_unclassify($email)) $succ++;
else $err++;
} else $err++;
}
}
if ($err > 0) {
flash_error(lang('error unclassify emails', $err));
} else {
flash_success(lang('success unclassify emails', $succ));
}
}
else if (array_var($_GET, 'action') == 'restore') {
$errorMessage = null;
$ids = explode(',', array_var($_GET, 'objects'));
$success = 0; $error = 0;
foreach ($ids as $id) {
$obj = Objects::findObject($id);
if ($obj->canDelete(logged_user())) {
try {
$obj->untrash($errorMessage);
if($obj->getObjectTypeId() == 11){
$event = ProjectEvents::findById($obj->getId());
if($event->getExtCalId() != ""){
$this->created_event_google_calendar($obj,$event);
}
}
ApplicationLogs::createLog($obj, ApplicationLogs::ACTION_UNTRASH);
$success++;
} catch (Exception $e) {
$error++;
}
} else {
$error++;
}
}
if ($success > 0) {
flash_success(lang("success untrash objects", $success));
}
if ($error > 0) {
$errorString = is_null($errorMessage) ? lang("error untrash objects", $error) : $errorMessage;
flash_error($errorString);
}
}
}
$filterName = array_var($_GET,'name');
$result = null;
$context = active_context();
$obj_type_types = array('content_object', 'dimension_object');
if (array_var($_GET, 'include_comments')) $obj_type_types[] = 'comment';
$type_condition = "";
if ($types) {
$type_condition = " AND name IN ('".implode("','",$types) ."')";
}
$res = DB::executeAll("SELECT id from ".TABLE_PREFIX."object_types WHERE type IN ('". implode("','",$obj_type_types)."') AND name <> 'file revision' $type_condition ");
$type_ids = array();
foreach ($res as $row){
if (ObjectTypes::isListableObjectType($row['id']) ){
$types_ids[] = $row['id'] ;
}
}
//Hook::fire('list_objects_type_ids', null, $types_ids);
$type_ids_csv = implode(',', $types_ids);
$extra_conditions = array() ;
$extra_conditions[] = "object_type_id in ($type_ids_csv)";
if ($name_filter) {
$extra_conditions[] = "name LIKE '%$name_filter%'" ;
}
if ($id_no_select != "undefined") {
$extra_conditions[] = "id <> $id_no_select" ;
}
if($object_ids_filter != ""){
$extra_conditions[] = "id in ($object_ids_filter)";
}
if (!SystemPermissions::userHasSystemPermission(logged_user(), 'can_see_assigned_to_other_tasks')) {
$extra_conditions[] = "IF((SELECT ot.name FROM ".TABLE_PREFIX."object_types ot WHERE ot.id=o.object_type_id)='task',
(SELECT t.assigned_to_contact_id FROM ".TABLE_PREFIX."project_tasks t WHERE t.object_id=o.id) = ".logged_user()->getId().",
true)";
}
if($object_ids_filter == "" && $show_all_linked_objects){
$pagination = array();
}else{
$pagination = ContentDataObjects::listing(array(
"start" => $start,
"limit" => $limit,
"order" => $order,
"order_dir" => $orderdir,
"trashed" => $trashed,
"archived" => $archived,
"types" => $types,
"extra_conditions" => " AND ".implode(" AND ", $extra_conditions),
"ignore_context" => $ignore_context,
"extra_member_ids" => $extra_member_ids
));
}
$result = $pagination->objects;
$total_items = $pagination->total;
if(!$result) $result = array();
/* prepare response object */
$info = array();
foreach ($result as $obj /* @var $obj Object */) {
$info_elem = $obj->getArrayInfo($trashed, $archived);
$instance = Objects::instance()->findObject($info_elem['object_id']);
if (!$instance instanceof ContentDataObject) continue;
$info_elem['url'] = $instance->getViewUrl();
/* @var $instance Contact */
if ($instance instanceof Contact /* @var $instance Contact */ ) {
if( $instance->isCompany() ) {
$info_elem['icon'] = 'ico-company';
$info_elem['type'] = 'company';
}
} else if ($instance instanceof ProjectFile) {
$info_elem['mimeType'] = $instance->getTypeString();
}
$info_elem['isRead'] = $instance->getIsRead(logged_user()->getId()) ;
$info_elem['manager'] = get_class($instance->manager()) ;
$info_elem['memPath'] = json_encode($instance->getMembersToDisplayPath());
$info[] = $info_elem;
}
$listing = array(
"totalCount" => $total_items,
"start" => $start,
"objects" => $info
);
ajx_extra_data($listing);
tpl_assign("listing", $listing);
if (isset($reload) && $reload) ajx_current("reload");
else ajx_current("empty");
}
function general_search()
{
// Init vars
$search_dimension = array_var($_GET, 'search_dimension');
$filteredResults = 0;
$uid = logged_user()->getId();
if (!isset($search_dimension)) {
$members = active_context_members(false);
} else {
if ($search_dimension == 0) {
$members = array();
} else {
$members = array($search_dimension);
}
}
// click on search everywhere
if (array_var($_REQUEST, 'search_all_projects')) {
$members = array();
}
$revisionObjectTypeId = ObjectTypes::findByName("file revision")->getId();
$members_sql = "";
if (count($members) > 0) {
$context_condition = "(EXISTS\r\n\t\t\t\t\t\t\t\t\t\t(SELECT om.object_id\r\n\t\t\t\t\t\t\t\t\t\t\tFROM " . TABLE_PREFIX . "object_members om\r\n\t\t\t\t\t\t\t\t\t\t\tWHERE\tom.member_id IN (" . implode(',', $members) . ") AND so.rel_object_id = om.object_id\r\n\t\t\t\t\t\t\t\t\t\t\tGROUP BY object_id\r\n\t\t\t\t\t\t\t\t\t\t\tHAVING count(member_id) = " . count($members) . "\r\n\t\t\t\t\t\t\t\t\t\t)\r\n\t\t\t\t\t\t\t\t\t)";
$context_condition_rev = "(EXISTS\r\n\t\t\t\t\t\t\t\t\t\t(SELECT fr.object_id FROM " . TABLE_PREFIX . "object_members om\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tINNER JOIN " . TABLE_PREFIX . "project_file_revisions fr ON om.object_id=fr.file_id\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tINNER JOIN " . TABLE_PREFIX . "objects ob ON fr.object_id=ob.id\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tWHERE fr.file_id = so.rel_object_id AND ob.object_type_id = {$revisionObjectTypeId} AND member_id IN (" . implode(',', $members) . ")\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tGROUP BY object_id\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tHAVING count(member_id) = " . count($members) . "\r\n\t\t\t\t\t\t\t\t\t\t)\r\n\t\t\t\t\t\t\t\t\t)";
$members_sql = "AND ( " . $context_condition . " OR " . $context_condition_rev . ")";
$this->search_dimension = implode(',', $members);
} else {
$this->search_dimension = 0;
}
$listableObjectTypeIds = implode(",", ObjectTypes::getListableObjectTypeIds());
$can_see_all_tasks_cond = "";
if (!SystemPermissions::userHasSystemPermission(logged_user(), 'can_see_assigned_to_other_tasks')) {
$can_see_all_tasks_cond = " AND IF((SELECT ot.name FROM " . TABLE_PREFIX . "object_types ot WHERE ot.id=o.object_type_id)='task',\r\n\t\t\t (SELECT t.assigned_to_contact_id FROM " . TABLE_PREFIX . "project_tasks t WHERE t.object_id=o.id) = " . logged_user()->getId() . ",\r\n\t\t\t true)";
}
$search_string = trim(array_var($_REQUEST, 'query', ''));
$search_string = mysql_real_escape_string($search_string, DB::connection()->getLink());
$start = array_var($_REQUEST, 'start', 0);
$orig_limit = array_var($_REQUEST, 'limit');
$limit = $orig_limit + 1;
$useLike = false;
if (user_config_option("search_engine") == 'like') {
$useLike = true;
}
if (strlen($search_string) < 4) {
$useLike = true;
}
if (strlen($search_string) > 0) {
$this->search_for = $search_string;
$logged_user_pgs = implode(',', logged_user()->getPermissionGroupIds());
$sql = "\r\n\t\t\tSELECT DISTINCT so.rel_object_id AS id, so.content AS text_match, so.column_name AS field_match\r\n\t\t\tFROM " . TABLE_PREFIX . "searchable_objects so\r\n\t\t\tWHERE " . ($useLike ? " so.content LIKE '%{$search_string}%' " : " MATCH (so.content) AGAINST ('\"{$search_string}\"' IN BOOLEAN MODE) ") . "\r\n\t\t\tAND (EXISTS\r\n\t\t\t\t(SELECT o.id\r\n\t\t\t\t FROM " . TABLE_PREFIX . "objects o\r\n\t\t\t\t\t\t\t WHERE\to.id = so.rel_object_id AND (\r\n\t\t\t\t\t\t\t (o.object_type_id = {$revisionObjectTypeId} AND\r\n\t\t\t\t\t\t\t EXISTS (\r\n\t\t\t\t\t\t\t SELECT group_id FROM " . TABLE_PREFIX . "sharing_table WHERE object_id = ( SELECT file_id FROM " . TABLE_PREFIX . "project_file_revisions WHERE object_id = o.id )\r\n\t\t\t\t\t\t\t\t\tAND group_id IN ({$logged_user_pgs})\r\n\t\t\t\t\t\t\t\t\t\t\t\t)\r\n\t\t\t\t\t\t\t\t\t\t\t\t)\r\n\t\t\t\t\t\t\t\t\t\t\t\tOR (\r\n\t\t\t\t\t\t\t\t\t\t\t\t(EXISTS\r\n\t\t\t\t\t\t\t\t\t\t\t\t(SELECT object_id\r\n\t\t\t\t\t\t\t\t\t\t\t\tFROM " . TABLE_PREFIX . "sharing_table sh\r\n\t\t\t\t\t\t\t\t\t\tWHERE o.id = sh.object_id\r\n\t\t\t\t\t\t\t\t\t\tAND sh.group_id IN (\r\n\t\t\t\t\t\t\t\t\t\t\t{$logged_user_pgs}\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t)\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t)\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t)\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t)\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t) AND o.object_type_id IN ({$listableObjectTypeIds}) " . $members_sql . $can_see_all_tasks_cond . "\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t)\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t)\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\r\n\t\t\t\t\t\tGROUP BY(id)\t\r\n\t\t\t\t\t\tORDER BY(id) DESC\t\t\t\t\t\t\t\r\n\t\t\t\t\t\tLIMIT {$start}, {$limit}";
$rows = DB::executeAll($sql);
if (!is_array($rows)) {
$rows = array();
}
// show more
$show_more = false;
if (count($rows) > $orig_limit) {
array_pop($rows);
$show_more = true;
}
if ($show_more) {
ajx_extra_data(array('show_more' => $show_more));
}
$search_results = array();
$object_ids = array();
foreach ($rows as $ob_data) {
// basic data
$data = array('id' => $ob_data['id'], 'text_match' => $this->highlightOneResult($ob_data['text_match']), 'field_match' => $ob_data['field_match']);
$object_ids[] = $ob_data['id'];
$search_results[] = $data;
}
if (count($object_ids) > 0) {
$result = ContentDataObjects::listing(array("extra_conditions" => " AND o.id IN (" . implode(",", $object_ids) . ") ", "include_deleted" => true));
$objects = $result->objects;
foreach ($objects as $object) {
foreach ($search_results as $key => $search_result) {
if ($search_result['id'] == $object->getId()) {
$search_results[$key]['name'] = $object->getObjectName();
$class = 'ico-' . $object->getObjectTypeName();
$search_results[$key]['iconCls'] = $class;
$search_results[$key]['url'] = $object->getViewUrl();
continue;
}
}
}
}
$row = "search-result-row-medium";
ajx_extra_data(array('row_class' => $row));
ajx_extra_data(array('search_results' => $search_results));
}
ajx_current("empty");
}
/**
* Return manager instance
*
* @access protected
* @param void
* @return SystemPermissions
*/
function manager()
{
if (!$this->manager instanceof SystemPermissions) {
$this->manager = SystemPermissions::instance();
}
return $this->manager;
}
function create_user($user_data, $permissionsString) {
// try to find contact by some properties
$contact_id = array_var($user_data, "contact_id") ;
$contact = Contacts::instance()->findById($contact_id) ;
if (!is_valid_email(array_var($user_data, 'email'))) {
throw new Exception(lang("email value is required"));
}
if (!$contact instanceof Contact) {
// Create a new user
$contact = new Contact();
$contact->setUsername(array_var($user_data, 'username'));
$contact->setDisplayName(array_var($user_data, 'display_name'));
$contact->setCompanyId(array_var($user_data, 'company_id'));
$contact->setUserType(array_var($user_data, 'type'));
$contact->setTimezone(array_var($user_data, 'timezone'));
$contact->setFirstname($contact->getObjectName() != "" ? $contact->getObjectName() : $contact->getUsername());
$contact->setObjectName();
} else {
// Create user from contact
$contact->setUserType(array_var($user_data, 'type'));
if (array_var($user_data, 'company_id')) {
$contact->setCompanyId(array_var($user_data, 'company_id'));
}
$contact->setUsername(array_var($user_data, 'username'));
$contact->setTimezone(array_var($user_data, 'timezone'));
}
$contact->save();
if (is_valid_email(array_var($user_data, 'email'))) {
$contact->addEmail(array_var($user_data, 'email'), 'personal', true);
}
//permissions
$permission_group = new PermissionGroup();
$permission_group->setName('User '.$contact->getId().' Personal');
$permission_group->setContactId($contact->getId());
$permission_group->setIsContext(false);
$permission_group->setType("permission_groups");
$permission_group->save();
$contact->setPermissionGroupId($permission_group->getId());
$contact_pg = new ContactPermissionGroup();
$contact_pg->setContactId($contact->getId());
$contact_pg->setPermissionGroupId($permission_group->getId());
$contact_pg->save();
if ( can_manage_security(logged_user()) ) {
$sp = new SystemPermission();
$rol_permissions=SystemPermissions::getRolePermissions(array_var($user_data, 'type'));
foreach($rol_permissions as $pr){
$sp->setPermission($pr);
}
$sp->setPermissionGroupId($permission_group->getId());
$sp->setCanManageSecurity(array_var($user_data, 'can_manage_security'));
$sp->setCanManageConfiguration(array_var($user_data, 'can_manage_configuration'));
$sp->setCanManageTemplates(array_var($user_data, 'can_manage_templates'));
$sp->setCanManageTime(array_var($user_data, 'can_manage_time'));
$sp->setCanAddMailAccounts(array_var($user_data, 'can_add_mail_accounts'));
$sp->setCanManageDimensions(array_var($user_data, 'can_manage_dimensions'));
$sp->setCanManageDimensionMembers(array_var($user_data, 'can_manage_dimension_members'));
$sp->setCanManageTasks(array_var($user_data, 'can_manage_tasks'));
$sp->setCanTasksAssignee(array_var($user_data, 'can_task_assignee'));
$sp->setCanManageBilling(array_var($user_data, 'can_manage_billing'));
$sp->setCanViewBilling(array_var($user_data, 'can_view_billing'));
Hook::fire('add_user_permissions', $sp, $other_permissions);
if (!is_null($other_permissions) && is_array($other_permissions)) {
foreach ($other_permissions as $k => $v) {
$sp->setColumnValue($k, array_var($user_data, $k));
}
}
$sp->save();
if ($contact->isAdminGroup()) {
// allow all un all dimensions if new user is admin
$dimensions = Dimensions::findAll();
$permissions = array();
foreach ($dimensions as $dimension) {
if ($dimension->getDefinesPermissions()) {
$cdp = ContactDimensionPermissions::findOne(array("conditions" => "`permission_group_id` = ".$contact->getPermissionGroupId()." AND `dimension_id` = ".$dimension->getId()));
if (!$cdp instanceof ContactDimensionPermission) {
$cdp = new ContactDimensionPermission();
$cdp->setPermissionGroupId($contact->getPermissionGroupId());
$cdp->setContactDimensionId($dimension->getId());
}
$cdp->setPermissionType('allow all');
$cdp->save();
// contact member permisssion entries
$members = $dimension->getAllMembers();
foreach ($members as $member) {
$ots = DimensionObjectTypeContents::getContentObjectTypeIds($dimension->getId(), $member->getObjectTypeId());
$ots[]=$member->getObjectId();
foreach ($ots as $ot) {
$cmp = ContactMemberPermissions::findOne(array("conditions" => "`permission_group_id` = ".$contact->getPermissionGroupId()." AND `member_id` = ".$member->getId()." AND `object_type_id` = $ot"));
if (!$cmp instanceof ContactMemberPermission) {
$cmp = new ContactMemberPermission();
$cmp->setPermissionGroupId($contact->getPermissionGroupId());
$cmp->setMemberId($member->getId());
$cmp->setObjectTypeId($ot);
}
$cmp->setCanWrite(1);
$cmp->setCanDelete(1);
$cmp->save();
// Add persmissions to sharing table
$perm = new stdClass();
$perm->m = $member->getId();
$perm->r= 1;
$perm->w= 1;
$perm->d= 1;
$perm->o= $ot;
$permissions[] = $perm ;
}
}
}
}
if(count($permissions)){
$sharingTableController = new SharingTableController();
$sharingTableController->afterPermissionChanged($contact->getPermissionGroupId(), $permissions);
}
}
}
if(!isset($_POST['sys_perm'])){
$rol_permissions=SystemPermissions::getRolePermissions(array_var($user_data, 'type'));
$_POST['sys_perm']=array();
foreach($rol_permissions as $pr){
$_POST['sys_perm'][$pr]=1;
}
}
if(!isset($_POST['mod_perm'])){
$tabs_permissions=TabPanelPermissions::getRoleModules(array_var($user_data, 'type'));
$_POST['mod_perm']=array();
foreach($tabs_permissions as $pr){
$_POST['mod_perm'][$pr]=1;
}
}
$password = '';
if (array_var($user_data, 'password_generator') == 'specify') {
$perform_password_validation = true;
// Validate input
$password = array_var($user_data, 'password');
if (trim($password) == '') {
throw new Error(lang('password value required'));
} // if
if ($password <> array_var($user_data, 'password_a')) {
throw new Error(lang('passwords dont match'));
} // if
} else {
$user_data['password_generator'] = 'link';
$perform_password_validation = false;
}
$contact->setPassword($password);
$contact->save();
$user_password = new ContactPassword();
$user_password->setContactId($contact->getId());
$user_password->setPasswordDate(DateTimeValueLib::now());
$user_password->setPassword(cp_encrypt($password, $user_password->getPasswordDate()->getTimestamp()));
$user_password->password_temp = $password;
$user_password->perform_validation = $perform_password_validation;
$user_password->save();
if (array_var($user_data, 'autodetect_time_zone', 1) == 1) {
set_user_config_option('autodetect_time_zone', 1, $contact->getId());
}
/* create contact for this user*/
ApplicationLogs::createLog($contact, ApplicationLogs::ACTION_ADD);
// Set role permissions for active members
$active_context = active_context();
$sel_members = array();
foreach ($active_context as $selection) {
if ($selection instanceof Member) {
$sel_members[] = $selection;
$has_project_permissions = ContactMemberPermissions::instance()->count("permission_group_id = '".$contact->getPermissionGroupId()."' AND member_id = ".$selection->getId()) > 0;
if (!$has_project_permissions) {
RoleObjectTypePermissions::createDefaultUserPermissions($contact, $selection);
}
}
}
save_permissions($contact->getPermissionGroupId(), $contact->isGuest());
Hook::fire('after_user_add', $contact, $null);
// add user content object to associated members
if (count($sel_members) > 0) {
ObjectMembers::addObjectToMembers($contact->getId(), $sel_members);
$contact->addToSharingTable();
}
// Send notification
try {
if (array_var($user_data, 'send_email_notification') && $contact->getEmailAddress()) {
if (array_var($user_data, 'password_generator', 'link') == 'link') {
// Generate link password
$user = Contacts::getByEmail(array_var($user_data, 'email'));
$token = sha1(gen_id() . (defined('SEED') ? SEED : ''));
$timestamp = time() + 60*60*24;
set_user_config_option('reset_password', $token . ";" . $timestamp, $user->getId());
Notifier::newUserAccountLinkPassword($contact, $password, $token);
} else {
Notifier::newUserAccount($contact, $password);
}
}
} catch(Exception $e) {
Logger::log($e->getTraceAsString());
} // try
return $contact;
}
/**
* Edit group
*
* @param void
* @return null
*/
function edit()
{
$this->setTemplate('add');
if (!can_manage_security(logged_user())) {
flash_error(lang('no access permissions'));
ajx_current("empty");
return;
}
// if
$group = PermissionGroups::findById(get_id());
if (!$group instanceof PermissionGroup) {
flash_error(lang('group dnx'));
$this->redirectTo('administration', 'groups');
}
// if
$group_data = array_var($_POST, 'group');
if (!is_array($group_data)) {
$pg_id = $group->getId();
$parameters = permission_form_parameters($pg_id);
// Module Permissions
$module_permissions = TabPanelPermissions::findAll(array("conditions" => "`permission_group_id` = {$pg_id}"));
$module_permissions_info = array();
foreach ($module_permissions as $mp) {
$module_permissions_info[$mp->getTabPanelId()] = 1;
}
$all_modules = TabPanels::findAll(array("conditions" => "`enabled` = 1", "order" => "ordering"));
$all_modules_info = array();
foreach ($all_modules as $module) {
$all_modules_info[] = array('id' => $module->getId(), 'name' => lang($module->getTitle()), 'ot' => $module->getObjectTypeId());
}
// System Permissions
$system_permissions = SystemPermissions::findById($pg_id);
tpl_assign('module_permissions_info', $module_permissions_info);
tpl_assign('all_modules_info', $all_modules_info);
tpl_assign('system_permissions', $system_permissions);
tpl_assign('permission_parameters', $parameters);
// users
$group_users = array();
$cpgs = ContactPermissionGroups::findAll(array("conditions" => "`permission_group_id` = {$pg_id}"));
foreach ($cpgs as $cpg) {
$group_users[] = $cpg->getContactId();
}
tpl_assign('groupUserIds', $group_users);
tpl_assign('users', Contacts::getAllUsers());
tpl_assign('pg_id', $group->getId());
tpl_assign('group', $group);
tpl_assign('group_data', array('name' => $group->getName()));
add_page_action(lang('delete'), "javascript:if(confirm(lang('confirm delete group'))) og.openLink('" . $group->getDeleteUrl() . "');", 'ico-trash', null, null, true);
} else {
try {
$group->setFromAttributes($group_data);
DB::beginWork();
$group->save();
// set permissions
$pg_id = $group->getId();
//save_permissions($pg_id);
$gr_users = $group->getUsers();
$gr_users_ids = array();
if ($post_users = array_var($_POST, 'user')) {
foreach ($post_users as $user_id => $val) {
if ($val == '1' && is_numeric($user_id)) {
$gr_users_ids[] = $user_id;
}
}
}
foreach ($gr_users as $us) {
if (!in_array($us->getId(), $gr_users_ids)) {
$gr_users_ids[] = $us->getId();
}
}
// save users
ContactPermissionGroups::delete("`permission_group_id` = {$pg_id}");
if ($users = array_var($_POST, 'user')) {
foreach ($users as $user_id => $val) {
if ($val == '1' && is_numeric($user_id) && Contacts::findById($user_id) instanceof Contact) {
$cpg = new ContactPermissionGroup();
$cpg->setPermissionGroupId($pg_id);
$cpg->setContactId($user_id);
$cpg->save();
}
}
}
//ApplicationLogs::createLog($group, ApplicationLogs::ACTION_EDIT);
DB::commit();
flash_success(lang('success edit group', $group->getName()));
ajx_current("back");
} catch (Exception $e) {
DB::rollback();
tpl_assign('error', $e);
return;
}
try {
save_user_permissions_background(logged_user(), $pg_id, false, $gr_users_ids);
} catch (Exception $e) {
tpl_assign('error', $e);
}
}
}
/**
* Execute a report and return results
*
* @param $id
* @param $params
*
* @return array
*/
static function executeReport($id, $params, $order_by_col = '', $order_by_asc = true, $offset=0, $limit=50, $to_print = false) {
if (is_null(active_context())) {
CompanyWebsite::instance()->setContext(build_context_array(array_var($_REQUEST, 'context')));
}
$results = array();
$report = self::getReport($id);
if($report instanceof Report){
$conditionsFields = ReportConditions::getAllReportConditionsForFields($id);
$conditionsCp = ReportConditions::getAllReportConditionsForCustomProperties($id);
$ot = ObjectTypes::findById($report->getReportObjectTypeId());
$table = $ot->getTableName();
eval('$managerInstance = ' . $ot->getHandlerClass() . "::instance();");
eval('$item_class = ' . $ot->getHandlerClass() . '::instance()->getItemClass(); $object = new $item_class();');
$order_by = '';
if (is_object($params)) {
$params = get_object_vars($params);
}
$report_columns = ReportColumns::getAllReportColumns($id);
$allConditions = "";
if(count($conditionsFields) > 0){
foreach($conditionsFields as $condField){
$skip_condition = false;
$model = $ot->getHandlerClass();
$model_instance = new $model();
$col_type = $model_instance->getColumnType($condField->getFieldName());
$allConditions .= ' AND ';
$dateFormat = 'm/d/Y';
if(isset($params[$condField->getId()])){
$value = $params[$condField->getId()];
if ($col_type == DATA_TYPE_DATE || $col_type == DATA_TYPE_DATETIME)
$dateFormat = user_config_option('date_format');
} else {
$value = $condField->getValue();
}
if ($value == '' && $condField->getIsParametrizable()) $skip_condition = true;
if (!$skip_condition) {
if($condField->getCondition() == 'like' || $condField->getCondition() == 'not like'){
$value = '%'.$value.'%';
}
if ($col_type == DATA_TYPE_DATE || $col_type == DATA_TYPE_DATETIME) {
$dtValue = DateTimeValueLib::dateFromFormatAndString($dateFormat, $value);
$value = $dtValue->format('Y-m-d');
}
if($condField->getCondition() != '%'){
if ($col_type == DATA_TYPE_INTEGER || $col_type == DATA_TYPE_FLOAT) {
$allConditions .= '`'.$condField->getFieldName().'` '.$condField->getCondition().' '.DB::escape($value);
} else {
if ($condField->getCondition()=='=' || $condField->getCondition()=='<=' || $condField->getCondition()=='>='){
if ($col_type == DATA_TYPE_DATETIME || $col_type == DATA_TYPE_DATE) {
$equal = 'datediff('.DB::escape($value).', `'.$condField->getFieldName().'`)=0';
} else {
$equal = '`'.$condField->getFieldName().'` '.$condField->getCondition().' '.DB::escape($value);
}
switch($condField->getCondition()){
case '=':
$allConditions .= $equal;
break;
case '<=':
case '>=':
$allConditions .= '(`'.$condField->getFieldName().'` '.$condField->getCondition().' '.DB::escape($value).' OR '.$equal.') ';
break;
}
} else {
$allConditions .= '`'.$condField->getFieldName().'` '.$condField->getCondition().' '.DB::escape($value);
}
}
} else {
$allConditions .= '`'.$condField->getFieldName().'` like '.DB::escape("%$value");
}
} else $allConditions .= ' true';
}
}
if(count($conditionsCp) > 0){
$dateFormat = user_config_option('date_format');
$date_format_tip = date_format_tip($dateFormat);
foreach($conditionsCp as $condCp){
$cp = CustomProperties::getCustomProperty($condCp->getCustomPropertyId());
$skip_condition = false;
if(isset($params[$condCp->getId()."_".$cp->getName()])){
$value = $params[$condCp->getId()."_".$cp->getName()];
}else{
$value = $condCp->getValue();
}
if ($value == '' && $condCp->getIsParametrizable()) $skip_condition = true;
if (!$skip_condition) {
$current_condition = ' AND ';
$current_condition .= 'o.id IN ( SELECT object_id as id FROM '.TABLE_PREFIX.'custom_property_values cpv WHERE ';
$current_condition .= ' cpv.custom_property_id = '.$condCp->getCustomPropertyId();
$fieldType = $object->getColumnType($condCp->getFieldName());
if($condCp->getCondition() == 'like' || $condCp->getCondition() == 'not like'){
$value = '%'.$value.'%';
}
if ($cp->getType() == 'date') {
if ($value == $date_format_tip) continue;
$dtValue = DateTimeValueLib::dateFromFormatAndString($dateFormat, $value);
$value = $dtValue->format('Y-m-d H:i:s');
}
if($condCp->getCondition() != '%'){
if ($cp->getType() == 'numeric') {
$current_condition .= ' AND cpv.value '.$condCp->getCondition().' '.DB::escape($value);
}else if ($cp->getType() == 'boolean') {
$current_condition .= ' AND cpv.value '.$condCp->getCondition().' '.$value;
if (!$value) {
$current_condition .= ') OR o.id NOT IN (SELECT object_id as id FROM '.TABLE_PREFIX.'custom_property_values cpv2 WHERE cpv2.object_id=o.id AND cpv2.value=1 AND cpv2.custom_property_id = '.$condCp->getCustomPropertyId();
}
}else{
$current_condition .= ' AND cpv.value '.$condCp->getCondition().' '.DB::escape($value);
}
}else{
$current_condition .= ' AND cpv.value like '.DB::escape("%$value");
}
$current_condition .= ')';
$allConditions .= $current_condition;
}
}
}
$select_columns = array('*');
$join_params = null;
if ($order_by_col == '') {
$order_by_col = $report->getOrderBy();
}
if (in_array($order_by_col, self::$external_columns)) {
$original_order_by_col = $order_by_col;
$order_by_col = 'name_order';
$join_params = array(
'table' => Objects::instance()->getTableName(),
'jt_field' => 'id',
'e_field' => $original_order_by_col,
'join_type' => 'left'
);
$select_columns = array();
$tmp_cols = $managerInstance->getColumns();
foreach ($tmp_cols as $col) $select_columns[] = "e.$col";
$tmp_cols = Objects::instance()->getColumns();
foreach ($tmp_cols as $col) $select_columns[] = "o.$col";
$select_columns[] = 'jt.name as name_order';
}
if ($order_by_asc == null) $order_by_asc = $report->getIsOrderByAsc();
if ($ot->getName() == 'task' && !SystemPermissions::userHasSystemPermission(logged_user(), 'can_see_assigned_to_other_tasks')) {
$allConditions .= " AND assigned_to_contact_id = ".logged_user()->getId();
}
if ($managerInstance) {
$result = $managerInstance->listing(array(
"select_columns" => $select_columns,
"order" => "$order_by_col",
"order_dir" => ($order_by_asc ? "ASC" : "DESC"),
"extra_conditions" => $allConditions,
"join_params" => $join_params
));
}else{
// TODO Performance Killer
$result = ContentDataObjects::getContentObjects(active_context(), $ot, $order_by_col, ($order_by_asc ? "ASC" : "DESC"), $allConditions);
}
$objects = $result->objects;
$totalResults = $result->total;
$results['pagination'] = Reports::getReportPagination($id, $params, $order_by_col, $order_by_asc, $offset, $limit, $totalResults);
$dimensions_cache = array();
foreach($report_columns as $column){
if ($column->getCustomPropertyId() == 0) {
$field = $column->getFieldName();
if (str_starts_with($field, 'dim_')) {
$dim_id = str_replace("dim_", "", $field);
$dimension = Dimensions::getDimensionById($dim_id);
$dimensions_cache[$dim_id] = $dimension;
$doptions = $dimension->getOptions(true);
$column_name = $doptions && isset($doptions->useLangs) && $doptions->useLangs ? lang($dimension->getCode()) : $dimension->getName();
$results['columns'][$field] = $column_name;
$results['db_columns'][$column_name] = $field;
} else {
if ($managerInstance->columnExists($field) || Objects::instance()->columnExists($field)) {
$column_name = Localization::instance()->lang('field '.$ot->getHandlerClass().' '.$field);
if (is_null($column_name)) $column_name = lang('field Objects '.$field);
$results['columns'][$field] = $column_name;
$results['db_columns'][$column_name] = $field;
}
}
} else {
$results['columns'][$column->getCustomPropertyId()] = $column->getCustomPropertyId();
}
}
$report_rows = array();
foreach($objects as &$object){/* @var $object Object */
$obj_name = $object->getObjectName();
$icon_class = $object->getIconClass();
$row_values = array('object_type_id' => $object->getObjectTypeId());
if (!$to_print) {
$row_values['link'] = '<a class="link-ico '.$icon_class.'" title="' . $obj_name . '" target="new" href="' . $object->getViewUrl() . '"> </a>';
}
foreach($report_columns as $column){
if ($column->getCustomPropertyId() == 0) {
$field = $column->getFieldName();
if (str_starts_with($field, 'dim_')) {
$dim_id = str_replace("dim_", "", $field);
if (!array_var($dimensions_cache, $dim_id) instanceof Dimension) {
$dimension = Dimensions::getDimensionById($dim_id);
$dimensions_cache[$dim_id] = $dimension;
} else {
$dimension = array_var($dimensions_cache, $dim_id);
}
$members = ObjectMembers::getMembersByObjectAndDimension($object->getId(), $dim_id, " AND om.is_optimization=0");
$value = "";
foreach ($members as $member) {/* @var $member Member */
$val = $member->getPath();
$val .= ($val == "" ? "" : "/") . $member->getName();
if ($value != "") $val = " - $val";
$value .= $val;
}
$row_values[$field] = $value;
} else {
$value = $object->getColumnValue($field);
if ($value instanceof DateTimeValue) {
$field_type = $managerInstance->columnExists($field) ? $managerInstance->getColumnType($field) : Objects::instance()->getColumnType($field);
$value = format_value_to_print($field, $value->toMySQL(), $field_type, $report->getReportObjectTypeId());
}
if(in_array($field, $managerInstance->getExternalColumns())){
$value = self::instance()->getExternalColumnValue($field, $value, $managerInstance);
} else if ($field != 'link'){
$value = html_to_text($value);
}
if(self::isReportColumnEmail($value)) {
if(logged_user()->hasMailAccounts()){
$value = '<a class="internalLink" href="'.get_url('mail', 'add_mail', array('to' => clean($value))).'">'.clean($value).'</a></div>';
}else{
$value = '<a class="internalLink" target="_self" href="mailto:'.clean($value).'">'.clean($value).'</a></div>';
}
}
$row_values[$field] = $value;
}
} else {
$colCp = $column->getCustomPropertyId();
$cp = CustomProperties::getCustomProperty($colCp);
if ($cp instanceof CustomProperty) { /* @var $cp CustomProperty */
$cp_val = CustomPropertyValues::getCustomPropertyValue($object->getId(), $colCp);
$row_values[$cp->getName()] = $cp_val instanceof CustomPropertyValue ? $cp_val->getValue() : "";
$results['columns'][$colCp] = $cp->getName();
$results['db_columns'][$cp->getName()] = $colCp;
}
}
}
Hook::fire("report_row", $object, $row_values);
$report_rows[] = $row_values;
}
if (!$to_print) {
if (is_array($results['columns'])) {
array_unshift($results['columns'], '');
} else {
$results['columns'] = array('');
}
Hook::fire("report_header", $ot, $results['columns']);
}
$results['rows'] = $report_rows;
}
return $results;
} // executeReport
/**
* Show update permissions page
*
* @param void
* @return null
*/
function update_permissions()
{
$user = Contacts::findById(get_id());
if (!($user instanceof Contact && $user->isUser()) || $user->getDisabled()) {
flash_error(lang('user dnx'));
ajx_current("empty");
return;
}
// if
if (!$user->canUpdatePermissions(logged_user())) {
flash_error(lang('no access permissions'));
ajx_current("empty");
return;
}
// if
$redirect_to = array_var($_GET, 'redirect_to');
if (trim($redirect_to) == '' || !is_valid_url($redirect_to)) {
$redirect_to = $user->getCardUserUrl();
}
// if
$sys_permissions_data = array_var($_POST, 'sys_perm');
if (!is_array($sys_permissions_data)) {
$pg_id = $user->getPermissionGroupId();
$parameters = permission_form_parameters($pg_id);
// Module Permissions
$module_permissions = TabPanelPermissions::findAll(array("conditions" => "`permission_group_id` = {$pg_id}"));
$module_permissions_info = array();
foreach ($module_permissions as $mp) {
$module_permissions_info[$mp->getTabPanelId()] = 1;
}
$all_modules = TabPanels::findAll(array("conditions" => "`enabled` = 1", "order" => "ordering"));
$all_modules_info = array();
foreach ($all_modules as $module) {
$all_modules_info[] = array('id' => $module->getId(), 'name' => lang($module->getTitle()), 'ot' => $module->getObjectTypeId());
}
// System Permissions
$system_permissions = SystemPermissions::findById($pg_id);
tpl_assign('module_permissions_info', $module_permissions_info);
tpl_assign('all_modules_info', $all_modules_info);
tpl_assign('system_permissions', $system_permissions);
tpl_assign('permission_parameters', $parameters);
$more_permissions = array();
Hook::fire('add_user_permissions', $pg_id, $more_permissions);
tpl_assign('more_permissions', $more_permissions);
// Permission Groups
$groups = PermissionGroups::getNonPersonalSameLevelPermissionsGroups('`parent_id`,`id` ASC');
tpl_assign('groups', $groups);
$roles = SystemPermissions::getAllRolesPermissions();
tpl_assign('roles', $roles);
$tabs = TabPanelPermissions::getAllRolesModules();
tpl_assign('tabs_allowed', $tabs);
tpl_assign('guest_groups', PermissionGroups::instance()->getGuestPermissionGroups());
}
tpl_assign('user', $user);
tpl_assign('redirect_to', $redirect_to);
if (array_var($_POST, 'submitted') == 'submitted') {
$user_data = array_var($_POST, 'user');
if (!is_array($user_data)) {
$user_data = array();
}
try {
DB::beginWork();
$pg_id = $user->getPermissionGroupId();
$user->setUserType(array_var($user_data, 'type'));
$user->save();
save_permissions($pg_id, $user->isGuest());
DB::commit();
flash_success(lang('success user permissions updated'));
ajx_current("back");
} catch (Exception $e) {
DB::rollback();
flash_error($e->getMessage());
ajx_current("empty");
}
}
// if
}
static function getLastActivities()
{
$members = active_context_members(false);
// Context Members Ids
$options = explode(",", user_config_option("filters_dashboard", null, null, true));
$extra_conditions = "action <> 'login' AND action <> 'logout' AND action <> 'subscribe' AND created_by_id > '0'";
if ($options[1] == 0) {
//do not show timeslots
$extra_conditions .= "AND action <> 'open' AND action <> 'close' AND ((action <> 'add' OR action <> 'edit' OR action <> 'delete') AND object_name NOT LIKE 'Time%')";
}
// task assignment conditions
if (!SystemPermissions::userHasSystemPermission(logged_user(), 'can_see_assigned_to_other_tasks')) {
$extra_conditions .= " AND IF((SELECT o.object_type_id FROM " . TABLE_PREFIX . "objects o WHERE o.id=rel_object_id)=(SELECT ot.id FROM " . TABLE_PREFIX . "object_types ot WHERE ot.name='task'),\r\n\t\t\t\t(SELECT t.assigned_to_contact_id FROM " . TABLE_PREFIX . "project_tasks t WHERE t.object_id=rel_object_id) = " . logged_user()->getId() . ",\r\n\t\t\t\ttrue)";
}
//do not display template tasks logs
$extra_conditions .= " AND IF((SELECT o.object_type_id FROM " . TABLE_PREFIX . "objects o WHERE o.id=rel_object_id)=(SELECT ot.id FROM " . TABLE_PREFIX . "object_types ot WHERE ot.name='template_task'), false, true)";
// if logged user is guest dont show other users logs
if (logged_user()->isGuest()) {
$extra_conditions .= " AND `created_by_id`=" . logged_user()->getId();
}
$members_sql = "";
$is_member_child = "";
if (count($members) > 0) {
$members_sql = "(EXISTS(\r\n\t\t\t\tSELECT om.object_id FROM " . TABLE_PREFIX . "object_members om\r\n\t\t\t\tWHERE om.member_id IN (" . implode(',', $members) . ") AND rel_object_id = om.object_id\r\n\t\t\t\tGROUP BY object_id\r\n\t\t\t\tHAVING count(member_id) = " . count($members) . "\r\n\t\t\t))";
$is_member_child = "AND mem.parent_member_id IN (" . implode(',', $members) . ")";
}
//permissions
$logged_user_pgs = implode(',', logged_user()->getPermissionGroupIds());
$permissions_condition = "al.rel_object_id IN (\r\n\t\tSELECT sh.object_id FROM " . TABLE_PREFIX . "sharing_table sh\r\n\t\tWHERE al.rel_object_id = sh.object_id AND sh.object_id > 0\r\n\t\tAND sh.group_id IN ({$logged_user_pgs})\r\n\t\t)";
$sql = "SELECT al.id FROM " . TABLE_PREFIX . "application_logs al \r\n\t\t\t\tWHERE {$permissions_condition} AND {$extra_conditions}";
if ($members_sql != "") {
$sql .= " AND {$members_sql}";
//do not display users logs
$sql .= " AND NOT EXISTS(SELECT con.object_id FROM " . TABLE_PREFIX . "contacts con WHERE con.object_id=rel_object_id AND user_type > 0)";
}
$sql .= " ORDER BY created_on DESC LIMIT 100";
$id_rows = array_flat(DB::executeAll($sql));
// if logged user is guest dont show other users logs
$user_condition = "";
if (logged_user()->isGuest()) {
$user_condition .= " AND `created_by_id`=" . logged_user()->getId();
}
$member_logs_sql = "SELECT al.id FROM " . TABLE_PREFIX . "application_logs al\r\n\t\t\t\t\t\t\t\t\tINNER JOIN " . TABLE_PREFIX . "members mem ON mem.id=al.member_id \r\n\t\t\t\t\t\t\t\t\t\tINNER JOIN " . TABLE_PREFIX . "contact_member_cache cmcache ON cmcache.member_id=mem.id AND cmcache.contact_id = " . logged_user()->getId() . "\r\n\t\t\t\t\t\t\t\t\t\t\tWHERE al.member_id>0\r\n\t\t\t\t\t\t\t\t\t\t\t{$user_condition}\r\n\t\t\t\t\t\t\t\t\t\t\t{$is_member_child}\r\n\t\t\t\t\t\t\tORDER BY created_on DESC LIMIT 100";
$m_id_rows = array_flat(DB::executeAll($member_logs_sql));
$id_rows = array_filter(array_merge($id_rows, $m_id_rows));
$logs = array();
if (count($id_rows) > 0) {
$logs = ApplicationLogs::findAll(array("condition" => "id IN (" . implode(',', $id_rows) . ")", "order" => "created_on DESC"));
}
return $logs;
}
/**
* Execute a report and return results
*
* @param $id
* @param $params
*
* @return array
*/
static function executeReport($id, $params, $order_by_col = '', $order_by_asc = true, $offset = 0, $limit = 50, $to_print = false)
{
if (is_null(active_context())) {
CompanyWebsite::instance()->setContext(build_context_array(array_var($_REQUEST, 'context')));
}
$results = array();
$report = self::getReport($id);
$show_archived = false;
if ($report instanceof Report) {
$conditionsFields = ReportConditions::getAllReportConditionsForFields($id);
$conditionsCp = ReportConditions::getAllReportConditionsForCustomProperties($id);
$ot = ObjectTypes::findById($report->getReportObjectTypeId());
$table = $ot->getTableName();
if ($ot->getType() == 'dimension_object' || $ot->getType() == 'dimension_group') {
$hook_parameters = array('report' => $report, 'params' => $params, 'order_by_col' => $order_by_col, 'order_by_asc' => $order_by_asc, 'offset' => $offset, 'limit' => $limit, 'to_print' => $to_print);
$report_result = null;
Hook::fire('replace_execute_report_function', $hook_parameters, $report_result);
if ($report_result) {
return $report_result;
}
}
eval('$managerInstance = ' . $ot->getHandlerClass() . "::instance();");
eval('$item_class = ' . $ot->getHandlerClass() . '::instance()->getItemClass(); $object = new $item_class();');
$order_by = '';
if (is_object($params)) {
$params = get_object_vars($params);
}
$report_columns = ReportColumns::getAllReportColumns($id);
$allConditions = "";
$contact_extra_columns = self::get_extra_contact_columns();
if (count($conditionsFields) > 0) {
foreach ($conditionsFields as $condField) {
if ($condField->getFieldName() == "archived_on") {
$show_archived = true;
}
$skip_condition = false;
$model = $ot->getHandlerClass();
$model_instance = new $model();
$col_type = $model_instance->getColumnType($condField->getFieldName());
$allConditions .= ' AND ';
$dateFormat = 'm/d/Y';
if (isset($params[$condField->getId()])) {
$value = $params[$condField->getId()];
if ($col_type == DATA_TYPE_DATE || $col_type == DATA_TYPE_DATETIME) {
$dateFormat = user_config_option('date_format');
}
} else {
$value = $condField->getValue();
}
if ($ot->getHandlerClass() == 'Contacts' && in_array($condField->getFieldName(), $contact_extra_columns)) {
$allConditions .= self::get_extra_contact_column_condition($condField->getFieldName(), $condField->getCondition(), $value);
} else {
if ($value == '' && $condField->getIsParametrizable()) {
$skip_condition = true;
}
if (!$skip_condition) {
$field_name = $condField->getFieldName();
if (in_array($condField->getFieldName(), Objects::getColumns())) {
$field_name = 'o`.`' . $condField->getFieldName();
}
if ($condField->getCondition() == 'like' || $condField->getCondition() == 'not like') {
$value = '%' . $value . '%';
}
if ($col_type == DATA_TYPE_DATE || $col_type == DATA_TYPE_DATETIME) {
if ($value == date_format_tip($dateFormat)) {
$value = EMPTY_DATE;
} else {
$dtValue = DateTimeValueLib::dateFromFormatAndString($dateFormat, $value);
$value = $dtValue->format('Y-m-d');
}
}
if ($condField->getCondition() != '%') {
if ($col_type == DATA_TYPE_INTEGER || $col_type == DATA_TYPE_FLOAT) {
$allConditions .= '`' . $field_name . '` ' . $condField->getCondition() . ' ' . DB::escape($value);
} else {
if ($condField->getCondition() == '=' || $condField->getCondition() == '<=' || $condField->getCondition() == '>=') {
if ($col_type == DATA_TYPE_DATETIME || $col_type == DATA_TYPE_DATE) {
$equal = 'datediff(' . DB::escape($value) . ', `' . $field_name . '`)=0';
} else {
$equal = '`' . $field_name . '` ' . $condField->getCondition() . ' ' . DB::escape($value);
}
switch ($condField->getCondition()) {
case '=':
$allConditions .= $equal;
break;
case '<=':
case '>=':
$allConditions .= '(`' . $field_name . '` ' . $condField->getCondition() . ' ' . DB::escape($value) . ' OR ' . $equal . ') ';
break;
}
} else {
$allConditions .= '`' . $field_name . '` ' . $condField->getCondition() . ' ' . DB::escape($value);
}
}
} else {
$allConditions .= '`' . $field_name . '` like ' . DB::escape("%{$value}");
}
} else {
$allConditions .= ' true';
}
}
}
}
if (count($conditionsCp) > 0) {
$dateFormat = user_config_option('date_format');
$date_format_tip = date_format_tip($dateFormat);
foreach ($conditionsCp as $condCp) {
$cp = CustomProperties::getCustomProperty($condCp->getCustomPropertyId());
$skip_condition = false;
if (isset($params[$condCp->getId() . "_" . $cp->getName()])) {
$value = $params[$condCp->getId() . "_" . $cp->getName()];
} else {
$value = $condCp->getValue();
}
if ($value == '' && $condCp->getIsParametrizable()) {
$skip_condition = true;
}
if (!$skip_condition) {
$current_condition = ' AND ';
$current_condition .= 'o.id IN ( SELECT object_id as id FROM ' . TABLE_PREFIX . 'custom_property_values cpv WHERE ';
$current_condition .= ' cpv.custom_property_id = ' . $condCp->getCustomPropertyId();
$fieldType = $object->getColumnType($condCp->getFieldName());
if ($condCp->getCondition() == 'like' || $condCp->getCondition() == 'not like') {
$value = '%' . $value . '%';
}
if ($cp->getType() == 'date') {
if ($value == $date_format_tip) {
continue;
}
$dtValue = DateTimeValueLib::dateFromFormatAndString($dateFormat, $value);
$value = $dtValue->format('Y-m-d H:i:s');
}
if ($condCp->getCondition() != '%') {
if ($cp->getType() == 'numeric') {
$current_condition .= ' AND cpv.value ' . $condCp->getCondition() . ' ' . DB::escape($value);
} else {
if ($cp->getType() == 'boolean') {
$current_condition .= ' AND cpv.value ' . $condCp->getCondition() . ' ' . ($value ? '1' : '0');
if (!$value) {
$current_condition .= ') OR o.id NOT IN (SELECT object_id as id FROM ' . TABLE_PREFIX . 'custom_property_values cpv2 WHERE cpv2.object_id=o.id AND cpv2.value=1 AND cpv2.custom_property_id = ' . $condCp->getCustomPropertyId();
}
} else {
$current_condition .= ' AND cpv.value ' . $condCp->getCondition() . ' ' . DB::escape($value);
}
}
} else {
$current_condition .= ' AND cpv.value like ' . DB::escape("%{$value}");
}
$current_condition .= ')';
$allConditions .= $current_condition;
}
}
}
$select_columns = array('*');
$join_params = null;
if ($order_by_col == '') {
$order_by_col = $report->getOrderBy();
}
if ($ot->getHandlerClass() == 'Contacts' && in_array($order_by_col, $contact_extra_columns)) {
$join_params = self::get_extra_contact_column_order_by($order_by_col, $order_by_col, $select_columns);
}
$original_order_by_col = $order_by_col;
if (in_array($order_by_col, self::$external_columns)) {
$order_by_col = 'name_order';
$join_params = array('table' => Objects::instance()->getTableName(), 'jt_field' => 'id', 'e_field' => $original_order_by_col, 'join_type' => 'left');
$select_columns = array();
$tmp_cols = $managerInstance->getColumns();
foreach ($tmp_cols as $col) {
$select_columns[] = "e.{$col}";
}
$tmp_cols = Objects::instance()->getColumns();
foreach ($tmp_cols as $col) {
$select_columns[] = "o.{$col}";
}
$select_columns[] = 'jt.name as name_order';
}
if ($order_by_asc == null) {
$order_by_asc = $report->getIsOrderByAsc();
}
if ($ot->getName() == 'task' && !SystemPermissions::userHasSystemPermission(logged_user(), 'can_see_assigned_to_other_tasks')) {
$allConditions .= " AND assigned_to_contact_id = " . logged_user()->getId();
}
if ($managerInstance) {
if ($order_by_col == "order") {
$order_by_col = "`{$order_by_col}`";
}
$listing_parameters = array("select_columns" => $select_columns, "order" => "{$order_by_col}", "order_dir" => $order_by_asc ? "ASC" : "DESC", "extra_conditions" => $allConditions, "count_results" => true, "join_params" => $join_params);
if ($limit > 0) {
$listing_parameters["start"] = $offset;
$listing_parameters["limit"] = $limit;
}
if ($show_archived) {
$listing_parameters["archived"] = true;
}
$result = $managerInstance->listing($listing_parameters);
} else {
// TODO Performance Killer
$result = ContentDataObjects::getContentObjects(active_context(), $ot, $order_by_col, $order_by_asc ? "ASC" : "DESC", $allConditions);
}
$objects = $result->objects;
$totalResults = $result->total;
$results['pagination'] = Reports::getReportPagination($id, $params, $original_order_by_col, $order_by_asc, $offset, $limit, $totalResults);
$dimensions_cache = array();
foreach ($report_columns as $column) {
if ($column->getCustomPropertyId() == 0) {
$field = $column->getFieldName();
if (str_starts_with($field, 'dim_')) {
$dim_id = str_replace("dim_", "", $field);
$dimension = Dimensions::getDimensionById($dim_id);
$dimensions_cache[$dim_id] = $dimension;
$column_name = $dimension->getName();
$results['columns'][$field] = $column_name;
$results['db_columns'][$column_name] = $field;
} else {
if ($managerInstance->columnExists($field) || Objects::instance()->columnExists($field)) {
$column_name = Localization::instance()->lang('field ' . $ot->getHandlerClass() . ' ' . $field);
if (is_null($column_name)) {
$column_name = lang('field Objects ' . $field);
}
$results['columns'][$field] = $column_name;
$results['db_columns'][$column_name] = $field;
} else {
if ($ot->getHandlerClass() == 'Contacts') {
if (in_array($field, $contact_extra_columns)) {
$results['columns'][$field] = lang($field);
$results['db_columns'][lang($field)] = $field;
}
} else {
if ($ot->getHandlerClass() == 'Timeslots') {
if (in_array($field, array('time', 'billing'))) {
$results['columns'][$field] = lang('field Objects ' . $field);
$results['db_columns'][lang('field Objects ' . $field)] = $field;
}
} else {
if ($ot->getHandlerClass() == 'MailContents') {
if (in_array($field, array('to', 'cc', 'bcc', 'body_plain', 'body_html'))) {
$results['columns'][$field] = lang('field Objects ' . $field);
$results['db_columns'][lang('field Objects ' . $field)] = $field;
}
}
}
}
}
}
} else {
$results['columns'][$column->getCustomPropertyId()] = $column->getCustomPropertyId();
}
}
$report_rows = array();
foreach ($objects as &$object) {
/* @var $object Object */
$obj_name = $object->getObjectName();
$icon_class = $object->getIconClass();
$row_values = array('object_type_id' => $object->getObjectTypeId());
if (!$to_print) {
$row_values['link'] = '<a class="link-ico ' . $icon_class . '" title="' . clean($obj_name) . '" target="new" href="' . $object->getViewUrl() . '"> </a>';
}
foreach ($report_columns as $column) {
if ($column->getCustomPropertyId() == 0) {
$field = $column->getFieldName();
if (str_starts_with($field, 'dim_')) {
$dim_id = str_replace("dim_", "", $field);
if (!array_var($dimensions_cache, $dim_id) instanceof Dimension) {
$dimension = Dimensions::getDimensionById($dim_id);
$dimensions_cache[$dim_id] = $dimension;
} else {
$dimension = array_var($dimensions_cache, $dim_id);
}
$om_object_id = $object instanceof Timeslot ? $object->getRelObjectId() : $object->getId();
$members = ObjectMembers::getMembersByObjectAndDimension($om_object_id, $dim_id, " AND om.is_optimization=0");
$value = "";
foreach ($members as $member) {
/* @var $member Member */
$val = $member->getPath();
$val .= ($val == "" ? "" : "/") . $member->getName();
if ($value != "") {
$val = " - {$val}";
}
$value .= $val;
}
$row_values[$field] = $value;
} else {
if ($object instanceof Timeslot) {
if ($field == 'id') {
$value = $object->getObjectId();
} else {
$value = $object->getColumnValue($field);
// if it is a task column
if (in_array($field, ProjectTasks::instance()->getColumns())) {
$task = ProjectTasks::findById($object->getRelObjectId());
// if task exists
if ($task instanceof ProjectTask) {
$value = $task->getColumnValue($field);
// if it is an external task column
if (in_array($field, ProjectTasks::instance()->getExternalColumns())) {
$value = self::instance()->getExternalColumnValue($field, $value, ProjectTasks::instance());
} else {
// if is a date then use format
if (ProjectTasks::instance()->getColumnType($field) == DATA_TYPE_DATETIME && $value instanceof DateTimeValue) {
$value = format_value_to_print($field, $value->toMySQL(), DATA_TYPE_DATETIME, $report->getReportObjectTypeId());
}
}
}
$results['columns'][$field] = lang('field ProjectTasks ' . $field);
$results['db_columns'][lang('field ProjectTasks ' . $field)] = $field;
}
}
} else {
$value = $object->getColumnValue($field);
}
if ($value instanceof DateTimeValue) {
$dateFormat = user_config_option('date_format');
Hook::fire("custom_property_date_format", null, $dateFormat);
$tz = logged_user()->getTimezone();
if ($object instanceof ProjectTask) {
if ($field == 'due_date' && !$object->getUseDueTime() || $field == 'start_date' && !$object->getUseStartTime()) {
$dateFormat = user_config_option('date_format');
$tz = 0;
}
}
$value = format_date($value, $dateFormat, $tz * 3600);
}
if (in_array($field, $managerInstance->getExternalColumns())) {
if ($object instanceof Timeslot && $field == 'time') {
$lastStop = $object->getEndTime() != null ? $object->getEndTime() : ($object->isPaused() ? $object->getPausedOn() : DateTimeValueLib::now());
$seconds = $lastStop->getTimestamp() - $object->getStartTime()->getTimestamp();
$hours = number_format($seconds / 3600, 2, ',', '.');
$value = $hours;
//$value = DateTimeValue::FormatTimeDiff($object->getStartTime(), $lastStop, "hm", 60, $object->getSubtract());
} else {
if ($object instanceof Timeslot && $field == 'billing') {
$value = config_option('currency_code', '$') . ' ' . $object->getFixedBilling();
} else {
$value = self::instance()->getExternalColumnValue($field, $value, $managerInstance);
}
}
} else {
if ($field != 'link') {
//$value = html_to_text(html_entity_decode($value));
if ($object->getColumnType($field) == DATA_TYPE_STRING) {
// change html block end tags and brs to \n, then remove all other html tags, then replace \n with <br>, to remove all styles and keep the enters
$value = str_replace(array("</div>", "</p>", "<br>", "<br />", "<br/>"), "\n", $value);
$value = nl2br(strip_tags($value));
}
}
}
if (self::isReportColumnEmail($value)) {
if (logged_user()->hasMailAccounts()) {
$value = '<a class="internalLink" href="' . get_url('mail', 'add_mail', array('to' => clean($value))) . '">' . clean($value) . '</a></div>';
} else {
$value = '<a class="internalLink" target="_self" href="mailto:' . clean($value) . '">' . clean($value) . '</a></div>';
}
}
$row_values[$field] = $value;
if ($ot->getHandlerClass() == 'Contacts') {
if ($managerInstance instanceof Contacts) {
$contact = Contacts::findOne(array("conditions" => "object_id = " . $object->getId()));
if ($field == "email_address") {
$row_values[$field] = $contact->getEmailAddress();
}
if ($field == "is_user") {
$row_values[$field] = $contact->getUserType() > 0 && !$contact->getIsCompany();
}
if ($field == "im_values") {
$str = "";
foreach ($contact->getAllImValues() as $type => $value) {
$str .= ($str == "" ? "" : " | ") . "{$type}: {$value}";
}
$row_values[$field] = $str;
}
if (in_array($field, array("mobile_phone", "work_phone", "home_phone"))) {
if ($field == "mobile_phone") {
$row_values[$field] = $contact->getPhoneNumber('mobile', null, false);
} else {
if ($field == "work_phone") {
$row_values[$field] = $contact->getPhoneNumber('work', null, false);
} else {
if ($field == "home_phone") {
$row_values[$field] = $contact->getPhoneNumber('home', null, false);
}
}
}
}
if (in_array($field, array("personal_webpage", "work_webpage", "other_webpage"))) {
if ($field == "personal_webpage") {
$row_values[$field] = $contact->getWebpageUrl('personal');
} else {
if ($field == "work_webpage") {
$row_values[$field] = $contact->getWebpageUrl('work');
} else {
if ($field == "other_webpage") {
$row_values[$field] = $contact->getWebpageUrl('other');
}
}
}
}
if (in_array($field, array("home_address", "work_address", "other_address"))) {
if ($field == "home_address") {
$row_values[$field] = $contact->getStringAddress('home');
} else {
if ($field == "work_address") {
$row_values[$field] = $contact->getStringAddress('work');
} else {
if ($field == "other_address") {
$row_values[$field] = $contact->getStringAddress('other');
}
}
}
}
}
} else {
if ($ot->getHandlerClass() == 'MailContents') {
if (in_array($field, array('to', 'cc', 'bcc', 'body_plain', 'body_html'))) {
$mail_data = MailDatas::findById($object->getId());
$row_values[$field] = $mail_data->getColumnValue($field);
if ($field == "body_html") {
if (class_exists("DOMDocument")) {
$d = new DOMDocument();
$mock = new DOMDocument();
$d->loadHTML(remove_css_and_scripts($row_values[$field]));
$body = $d->getElementsByTagName('body')->item(0);
foreach ($body->childNodes as $child) {
$mock->appendChild($mock->importNode($child, true));
}
// if css is inside an html comment => remove it
$row_values[$field] = preg_replace('/<!--(.*)-->/Uis', '', remove_css($row_values[$field]));
} else {
$row_values[$field] = preg_replace('/<!--(.*)-->/Uis', '', remove_css_and_scripts($row_values[$field]));
}
}
}
}
}
if (!$to_print && $field == "name") {
$row_values[$field] = '<a target="new-' . $object->getId() . '" href="' . $object->getViewUrl() . '">' . $value . '</a>';
}
}
} else {
$colCp = $column->getCustomPropertyId();
$cp = CustomProperties::getCustomProperty($colCp);
if ($cp instanceof CustomProperty) {
/* @var $cp CustomProperty */
$row_values[$cp->getName()] = get_custom_property_value_for_listing($cp, $object);
$results['columns'][$colCp] = $cp->getName();
$results['db_columns'][$cp->getName()] = $colCp;
}
}
}
Hook::fire("report_row", $object, $row_values);
$report_rows[] = $row_values;
}
if (!$to_print) {
if (is_array($results['columns'])) {
array_unshift($results['columns'], '');
} else {
$results['columns'] = array('');
}
Hook::fire("report_header", $ot, $results['columns']);
}
$results['rows'] = $report_rows;
}
return $results;
}
?>
<table style="width:100%;"><tr><td style="padding-right:10px;width:50%;">
<fieldset class=""><legend class="toggle_expanded" onclick="og.toggle('<?php
echo $genid;
?>
userSystemPermissions',this)"><?php
echo lang("system permissions");
?>
</legend>
<div id="<?php
echo $genid;
?>
userSystemPermissions" style="display:block">
<?php
$columns = SystemPermissions::instance()->getColumns();
$hidden_cols = array('permission_group_id', 'can_manage_billing', 'can_view_billing', 'can_task_assignee');
foreach ($columns as $column_name) {
if (in_array($column_name, $hidden_cols)) {
continue;
}
?>
<div id="<?php
echo $genid;
?>
div_<?php
echo $column_name;
?>
">
<?php
$attributes = array('id' => $genid . 'sys_perm[' . $column_name . ']');
/**
* Add user
*
* @access public
* @param void
* @return null
*/
function add_user() {
$max_users = config_option('max_users');
if ($max_users && (Contacts::count() >= $max_users)) {
flash_error(lang('maximum number of users reached error'));
ajx_current("empty");
return;
}
$company = Contacts::findById(get_id('company_id'));
if (!($company instanceof Contact)) {
$company = owner_company();
}
if (!can_manage_security(logged_user())) {
flash_error(lang('no access permissions'));
ajx_current("empty");
return;
} // if
$user = new Contact();
$user_data = array_var($_POST, 'user');
// Populate form fields
if (!is_array($user_data)) {
//if it is a new user
$contact_id = get_id('contact_id');
$contact = Contacts::findById($contact_id);
if ($contact instanceof Contact) {
if (!is_valid_email($contact->getEmailAddress())){
ajx_current("empty");
flash_error(lang("contact email is required to create user"));
return false;
}
//if it will be created from a contact
$user_data = array(
'username' => $this->generateUserNameFromContact($contact),
'display_name' => $contact->getFirstname() . $contact->getSurname(),
'email' => $contact->getEmailAddress('personal'),
'contact_id' => $contact->getId(),
'password_generator' => 'random',
'type' => 'Executive',
'can_manage_time' => true,
); // array
tpl_assign('ask_email', false);
} else {
// if it is new, and created from admin interface
$user_data = array(
'password_generator' => 'random',
'company_id' => $company->getId(),
'timezone' => $company->getTimezone(),
'create_contact' => true,
'send_email_notification' => false,
'type' => 'Executive',
'can_manage_time' => true,
);
tpl_assign('ask_email', true);
}
// System permissions
tpl_assign('system_permissions', new SystemPermission());
// Module permissions
$module_permissions_info = array();
$all_modules = TabPanels::findAll(array("conditions" => "`enabled` = 1", "order" => "ordering"));
$all_modules_info = array();
foreach ($all_modules as $module) {
$all_modules_info[] = array('id' => $module->getId(), 'name' => lang($module->getTitle()), 'ot' => $module->getObjectTypeId());
}
tpl_assign('module_permissions_info', $module_permissions_info);
tpl_assign('all_modules_info', $all_modules_info);
// Member permissions
$parameters = permission_form_parameters(0);
tpl_assign('permission_parameters', $parameters);
// Permission Groups
$groups = PermissionGroups::getNonPersonalSameLevelPermissionsGroups('`parent_id`,`id` ASC');
tpl_assign('groups', $groups);
$roles= SystemPermissions::getAllRolesPermissions();
tpl_assign('roles', $roles);
$tabs= TabPanelPermissions::getAllRolesModules();
tpl_assign('tabs_allowed', $tabs);
} // if
tpl_assign('user', $user);
tpl_assign('company', $company);
tpl_assign('user_data', $user_data);
//Submit User
if (is_array(array_var($_POST, 'user'))) {
if (!array_var($user_data, 'createPersonalProject')) {
$user_data['personal_project'] = 0;
}
try {
Contacts::validateUser($user_data);
DB::beginWork();
$user = $this->createUser($user_data, array_var($_POST,'permissions'));
DB::commit();
flash_success(lang('success add user', $user->getObjectName()));
ajx_current("back");
} catch(Exception $e) {
DB::rollback();
ajx_current("empty");
flash_error($e->getMessage());
} // try
} // if
} // add_user
<?php
$genid = gen_id();
$limit = 20;
$total = $limit;
$page = 10;
$task_assignment_conditions = "";
if (!SystemPermissions::userHasSystemPermission(logged_user(), 'can_see_assigned_to_other_tasks')) {
$task_assignment_conditions = " AND assigned_to_contact_id = " . logged_user()->getId();
}
$tasks_result = ProjectTasks::instance()->listing(array("order" => "completed_on", "order_dir" => "DESC", "extra_conditions" => " AND is_template = 0 AND completed_by_id > 0 {$task_assignment_conditions}", "limit" => $limit + 1));
$tasks = $tasks_result->objects;
$active_members = array();
$context = active_context();
if (is_array($context)) {
foreach ($context as $selection) {
if ($selection instanceof Member) {
$active_members[] = $selection;
}
}
}
if (count($active_members) > 0) {
$mnames = array();
$allowed_contact_ids = array();
foreach ($active_members as $member) {
$mnames[] = clean($member->getName());
}
$widget_title = lang('completed tasks') . ' ' . lang('in') . ' ' . implode(", ", $mnames);
}
if ($tasks_result->total > 0) {
include 'template.php';
