/**
* Return manager instance
*
* @access protected
* @param void
* @return TabPanelPermissions
*/
function manager()
{
if (!$this->manager instanceof TabPanelPermissions) {
$this->manager = TabPanelPermissions::instance();
}
return $this->manager;
}
function delete() {
// delete system permissions
SystemPermissions::delete("`permission_group_id` = ".$this->getId());
// delete member permissions
ContactMemberPermissions::delete("`permission_group_id` = ".$this->getId());
// delte dimension permissions
ContactDimensionPermissions::delete("`permission_group_id` = ".$this->getId());
// delete contact_permission_group entries
ContactPermissionGroups::delete("`permission_group_id` = ".$this->getId());
// delete tab panel permissions
TabPanelPermissions::delete("`permission_group_id` = ".$this->getId());
parent::delete();
}
/**
* Edit group
*
* @param void
* @return null
*/
function edit()
{
$this->setTemplate('add');
if (!can_manage_security(logged_user())) {
flash_error(lang('no access permissions'));
ajx_current("empty");
return;
}
// if
$group = PermissionGroups::findById(get_id());
if (!$group instanceof PermissionGroup) {
flash_error(lang('group dnx'));
$this->redirectTo('administration', 'groups');
}
// if
$group_data = array_var($_POST, 'group');
if (!is_array($group_data)) {
$pg_id = $group->getId();
$parameters = permission_form_parameters($pg_id);
// Module Permissions
$module_permissions = TabPanelPermissions::findAll(array("conditions" => "`permission_group_id` = {$pg_id}"));
$module_permissions_info = array();
foreach ($module_permissions as $mp) {
$module_permissions_info[$mp->getTabPanelId()] = 1;
}
$all_modules = TabPanels::findAll(array("conditions" => "`enabled` = 1", "order" => "ordering"));
$all_modules_info = array();
foreach ($all_modules as $module) {
$all_modules_info[] = array('id' => $module->getId(), 'name' => lang($module->getTitle()), 'ot' => $module->getObjectTypeId());
}
// System Permissions
$system_permissions = SystemPermissions::findById($pg_id);
tpl_assign('module_permissions_info', $module_permissions_info);
tpl_assign('all_modules_info', $all_modules_info);
tpl_assign('system_permissions', $system_permissions);
tpl_assign('permission_parameters', $parameters);
// users
$group_users = array();
$cpgs = ContactPermissionGroups::findAll(array("conditions" => "`permission_group_id` = {$pg_id}"));
foreach ($cpgs as $cpg) {
$group_users[] = $cpg->getContactId();
}
tpl_assign('groupUserIds', $group_users);
tpl_assign('users', Contacts::getAllUsers());
tpl_assign('pg_id', $group->getId());
tpl_assign('group', $group);
tpl_assign('group_data', array('name' => $group->getName()));
add_page_action(lang('delete'), "javascript:if(confirm(lang('confirm delete group'))) og.openLink('" . $group->getDeleteUrl() . "');", 'ico-trash', null, null, true);
} else {
try {
$group->setFromAttributes($group_data);
DB::beginWork();
$group->save();
// set permissions
$pg_id = $group->getId();
//save_permissions($pg_id);
$gr_users = $group->getUsers();
$gr_users_ids = array();
if ($post_users = array_var($_POST, 'user')) {
foreach ($post_users as $user_id => $val) {
if ($val == '1' && is_numeric($user_id)) {
$gr_users_ids[] = $user_id;
}
}
}
foreach ($gr_users as $us) {
if (!in_array($us->getId(), $gr_users_ids)) {
$gr_users_ids[] = $us->getId();
}
}
// save users
ContactPermissionGroups::delete("`permission_group_id` = {$pg_id}");
if ($users = array_var($_POST, 'user')) {
foreach ($users as $user_id => $val) {
if ($val == '1' && is_numeric($user_id) && Contacts::findById($user_id) instanceof Contact) {
$cpg = new ContactPermissionGroup();
$cpg->setPermissionGroupId($pg_id);
$cpg->setContactId($user_id);
$cpg->save();
}
}
}
//ApplicationLogs::createLog($group, ApplicationLogs::ACTION_EDIT);
DB::commit();
flash_success(lang('success edit group', $group->getName()));
ajx_current("back");
} catch (Exception $e) {
DB::rollback();
tpl_assign('error', $e);
return;
}
try {
save_user_permissions_background(logged_user(), $pg_id, false, $gr_users_ids);
} catch (Exception $e) {
tpl_assign('error', $e);
}
}
}
function tabs_submit()
{
ajx_current("empty");
evt_add("tabs changed", null);
if (!can_manage_configuration(logged_user())) {
flash_error(lang('no access permissions'));
ajx_current("empty");
return;
}
foreach ($_POST['tabs'] as $id => $tab) {
$ordering = (int) $tab['ordering'];
$title = mysql_real_escape_string($tab['title']);
$enabled = array_var($tab, 'enabled') == "on" ? 1 : 0;
if ($tp = TabPanels::instance()->findById($id)) {
$tp->setOrdering($ordering);
$tp->setTitle($title);
$tp->setEnabled($enabled);
if ($enabled) {
$pg_id = logged_user()->getPermissionGroupId();
if (!TabPanelPermissions::isModuleEnabled($tp->getId(), $pg_id)) {
$tpp = new TabPanelPermission();
$tpp->setPermissionGroupId($pg_id);
$tpp->setTabPanelId($tp->getId());
$tpp->save();
}
}
$tp->save();
}
}
}
function do_delete()
{
$id = $this->getId();
ContactAddresses::instance()->delete("`contact_id` = {$id}");
ContactImValues::instance()->delete("`contact_id` = {$id}");
ContactEmails::instance()->delete("`contact_id` = {$id}");
ContactTelephones::instance()->delete("`contact_id` = {$id}");
ContactWebpages::instance()->delete("`contact_id` = {$id}");
ContactConfigOptionValues::instance()->delete("`contact_id` = {$id}");
ContactPasswords::instance()->delete("`contact_id` = {$id}");
ObjectSubscriptions::instance()->delete("`contact_id` = {$id}");
ObjectReminders::instance()->delete("`contact_id` = {$id}");
ContactPermissionGroups::instance()->delete("`contact_id` = {$id}");
ContactMemberPermissions::instance()->delete("`permission_group_id` = " . $this->getPermissionGroupId());
ContactDimensionPermissions::instance()->delete("`permission_group_id` = " . $this->getPermissionGroupId());
SystemPermissions::instance()->delete("`permission_group_id` = " . $this->getPermissionGroupId());
TabPanelPermissions::instance()->delete("`permission_group_id` = " . $this->getPermissionGroupId());
$this->delete();
$ret = null;
Hook::fire("after_user_deleted", $this, $ret);
}
function allowed_users_to_assign_all_mobile($member_id = null) {
if ($member_id == null) {
$context = active_context();
}else{
$member = Members::findById($member_id);
if ($member instanceof Member){
$context[] = $member;
}
}
// only companies with users
$companies = Contacts::findAll(array("conditions" => "is_company = 1 AND object_id IN (SELECT company_id FROM ".TABLE_PREFIX."contacts WHERE user_type>0 AND disabled=0)", "order" => "first_name ASC"));
$comp_ids = array("0");
$comp_array = array("0" => array('id' => "0", 'name' => lang('without company'), 'users' => array() ));
foreach ($companies as $company) {
$comp_ids[] = $company->getId();
$comp_array[$company->getId()] = array('id' => $company->getId(), 'name' => $company->getObjectName(), 'users' => array() );
}
if(!can_manage_tasks(logged_user()) && can_task_assignee(logged_user())) {
$contacts = array(logged_user());
} else if (can_manage_tasks(logged_user())) {
$contacts = allowed_users_in_context(ProjectTasks::instance()->getObjectTypeId(), $context, ACCESS_LEVEL_READ, "AND `is_company`=0 AND `company_id` IN (".implode(",", $comp_ids).")");
} else {
$contacts = array();
}
foreach ($contacts as $contact) { /* @var $contact Contact */
if ( TabPanelPermissions::instance()->count( array( "conditions" => "permission_group_id = ".$contact->getPermissionGroupId(). " AND tab_panel_id = 'tasks-panel' " ))){
$comp_array[$contact->getCompanyId()]['users'][] = array('id' => $contact->getId(), 'name' => $contact->getObjectName(), 'isCurrent' => $contact->getId() == logged_user()->getId());
}
}
foreach ($comp_array as $company_id => &$comp_data) {
if (count($comp_data['users']) == 0) {
unset($comp_array[$company_id]);
}
}
return array_values($comp_array);
}
AND `name` <> 'file revision' AND `id` NOT IN (
SELECT `object_type_id` FROM ".TabPanels::instance()->getTableName(true)." WHERE `enabled` = 0
) OR `type` = 'comment' OR `name` = 'milestone'"));
$pg_ids = logged_user()->getPermissionGroupIds();
if (!is_array($pg_ids) || count($pg_ids) == 0) $pg_ids = array(0);
foreach ($obj_picker_type_filters as $type) {
if (! $type instanceof ObjectType ) continue ;
/* @var $type ObjectType */
$linkable = $type->getIsLinkableObjectType();
if ($linkable) {
$tab_ids = DB::executeAll("SELECT id FROM ".TABLE_PREFIX."tab_panels WHERE object_type_id = ".$type->getId());
if (count($tab_ids) > 0) {
$tab_id = $tab_ids[0]['id'];
if (!TabPanelPermissions::isModuleEnabled($tab_id, implode(',', $pg_ids))) {
continue;
}
}
?>
og.objPickerTypeFilters.push({
id: '<?php echo $type->getName() ?>',
name: '<?php echo lang($type->getName()) ?>',
type: '<?php echo $type->getName() ?>',
filter: 'type',
iconCls: 'ico-<?php echo $type->getIcon() ?>'
});
<?php
}
}
?>
/**
* This function will return paginated result. Result is an array where first element is
* array of returned object and second populated pagination object that can be used for
* obtaining and rendering pagination data using various helpers.
*
* Items and pagination array vars are indexed with 0 for items and 1 for pagination
* because you can't use associative indexing with list() construct
*
* @access public
* @param array $arguments Query argumens (@see find()) Limit and offset are ignored!
* @param integer $items_per_page Number of items per page
* @param integer $current_page Current page number
* @return array
*/
function paginate($arguments = null, $items_per_page = 10, $current_page = 1)
{
if (isset($this) && instance_of($this, 'TabPanelPermissions')) {
return parent::paginate($arguments, $items_per_page, $current_page);
} else {
return TabPanelPermissions::instance()->paginate($arguments, $items_per_page, $current_page);
}
// if
}
function allowed_users_to_assign_all($context = null)
{
if ($context == null) {
$context = active_context();
}
// only companies with users
$companies = Contacts::findAll(array("conditions" => "e.is_company = 1 AND EXISTS (SELECT object_id FROM " . TABLE_PREFIX . "contacts WHERE is_company = 0 AND user_type > 0 AND company_id = o.id )", "join" => array("table" => Contacts::instance()->getTableName(), "jt_field" => "object_id", "j_sub_q" => "SELECT xx.object_id FROM " . Contacts::instance()->getTableName(true) . " xx WHERE xx.is_company=0 AND xx.company_id = e.object_id LIMIT 1"), "order" => "name"));
$comp_ids = array("0");
$comp_array = array("0" => array('id' => "0", 'name' => lang('without company'), 'users' => array()));
foreach ($companies as $company) {
$comp_ids[] = $company->getId();
$comp_array[$company->getId()] = array('id' => $company->getId(), 'name' => $company->getObjectName(), 'users' => array());
}
if (!can_manage_tasks(logged_user()) && can_task_assignee(logged_user())) {
$contacts = array(logged_user());
} else {
if (can_manage_tasks(logged_user())) {
$contacts = allowed_users_in_context(ProjectTasks::instance()->getObjectTypeId(), $context, ACCESS_LEVEL_READ, "AND `is_company`=0 AND `company_id` IN (" . implode(",", $comp_ids) . ")");
} else {
$contacts = array();
}
}
foreach ($contacts as $contact) {
/* @var $contact Contact */
if (TabPanelPermissions::instance()->count(array("conditions" => "permission_group_id = " . $contact->getPermissionGroupId() . " AND tab_panel_id = 'tasks-panel' "))) {
$comp_array[]['users'][] = array('id' => $contact->getId(), 'name' => $contact->getObjectName(), 'isCurrent' => $contact->getId() == logged_user()->getId());
}
}
return array_values($comp_array);
}
function create_user($user_data, $permissionsString) {
// try to find contact by some properties
$contact_id = array_var($user_data, "contact_id") ;
$contact = Contacts::instance()->findById($contact_id) ;
if (!is_valid_email(array_var($user_data, 'email'))) {
throw new Exception(lang("email value is required"));
}
if (!$contact instanceof Contact) {
// Create a new user
$contact = new Contact();
$contact->setUsername(array_var($user_data, 'username'));
$contact->setDisplayName(array_var($user_data, 'display_name'));
$contact->setCompanyId(array_var($user_data, 'company_id'));
$contact->setUserType(array_var($user_data, 'type'));
$contact->setTimezone(array_var($user_data, 'timezone'));
$contact->setFirstname($contact->getObjectName() != "" ? $contact->getObjectName() : $contact->getUsername());
$contact->setObjectName();
} else {
// Create user from contact
$contact->setUserType(array_var($user_data, 'type'));
if (array_var($user_data, 'company_id')) {
$contact->setCompanyId(array_var($user_data, 'company_id'));
}
$contact->setUsername(array_var($user_data, 'username'));
$contact->setTimezone(array_var($user_data, 'timezone'));
}
$contact->save();
if (is_valid_email(array_var($user_data, 'email'))) {
$contact->addEmail(array_var($user_data, 'email'), 'personal', true);
}
//permissions
$permission_group = new PermissionGroup();
$permission_group->setName('User '.$contact->getId().' Personal');
$permission_group->setContactId($contact->getId());
$permission_group->setIsContext(false);
$permission_group->setType("permission_groups");
$permission_group->save();
$contact->setPermissionGroupId($permission_group->getId());
$contact_pg = new ContactPermissionGroup();
$contact_pg->setContactId($contact->getId());
$contact_pg->setPermissionGroupId($permission_group->getId());
$contact_pg->save();
if ( can_manage_security(logged_user()) ) {
$sp = new SystemPermission();
$rol_permissions=SystemPermissions::getRolePermissions(array_var($user_data, 'type'));
foreach($rol_permissions as $pr){
$sp->setPermission($pr);
}
$sp->setPermissionGroupId($permission_group->getId());
$sp->setCanManageSecurity(array_var($user_data, 'can_manage_security'));
$sp->setCanManageConfiguration(array_var($user_data, 'can_manage_configuration'));
$sp->setCanManageTemplates(array_var($user_data, 'can_manage_templates'));
$sp->setCanManageTime(array_var($user_data, 'can_manage_time'));
$sp->setCanAddMailAccounts(array_var($user_data, 'can_add_mail_accounts'));
$sp->setCanManageDimensions(array_var($user_data, 'can_manage_dimensions'));
$sp->setCanManageDimensionMembers(array_var($user_data, 'can_manage_dimension_members'));
$sp->setCanManageTasks(array_var($user_data, 'can_manage_tasks'));
$sp->setCanTasksAssignee(array_var($user_data, 'can_task_assignee'));
$sp->setCanManageBilling(array_var($user_data, 'can_manage_billing'));
$sp->setCanViewBilling(array_var($user_data, 'can_view_billing'));
Hook::fire('add_user_permissions', $sp, $other_permissions);
if (!is_null($other_permissions) && is_array($other_permissions)) {
foreach ($other_permissions as $k => $v) {
$sp->setColumnValue($k, array_var($user_data, $k));
}
}
$sp->save();
if ($contact->isAdminGroup()) {
// allow all un all dimensions if new user is admin
$dimensions = Dimensions::findAll();
$permissions = array();
foreach ($dimensions as $dimension) {
if ($dimension->getDefinesPermissions()) {
$cdp = ContactDimensionPermissions::findOne(array("conditions" => "`permission_group_id` = ".$contact->getPermissionGroupId()." AND `dimension_id` = ".$dimension->getId()));
if (!$cdp instanceof ContactDimensionPermission) {
$cdp = new ContactDimensionPermission();
$cdp->setPermissionGroupId($contact->getPermissionGroupId());
$cdp->setContactDimensionId($dimension->getId());
}
$cdp->setPermissionType('allow all');
$cdp->save();
// contact member permisssion entries
$members = $dimension->getAllMembers();
foreach ($members as $member) {
$ots = DimensionObjectTypeContents::getContentObjectTypeIds($dimension->getId(), $member->getObjectTypeId());
$ots[]=$member->getObjectId();
foreach ($ots as $ot) {
$cmp = ContactMemberPermissions::findOne(array("conditions" => "`permission_group_id` = ".$contact->getPermissionGroupId()." AND `member_id` = ".$member->getId()." AND `object_type_id` = $ot"));
if (!$cmp instanceof ContactMemberPermission) {
$cmp = new ContactMemberPermission();
$cmp->setPermissionGroupId($contact->getPermissionGroupId());
$cmp->setMemberId($member->getId());
$cmp->setObjectTypeId($ot);
}
$cmp->setCanWrite(1);
$cmp->setCanDelete(1);
$cmp->save();
// Add persmissions to sharing table
$perm = new stdClass();
$perm->m = $member->getId();
$perm->r= 1;
$perm->w= 1;
$perm->d= 1;
$perm->o= $ot;
$permissions[] = $perm ;
}
}
}
}
if(count($permissions)){
$sharingTableController = new SharingTableController();
$sharingTableController->afterPermissionChanged($contact->getPermissionGroupId(), $permissions);
}
}
}
if(!isset($_POST['sys_perm'])){
$rol_permissions=SystemPermissions::getRolePermissions(array_var($user_data, 'type'));
$_POST['sys_perm']=array();
foreach($rol_permissions as $pr){
$_POST['sys_perm'][$pr]=1;
}
}
if(!isset($_POST['mod_perm'])){
$tabs_permissions=TabPanelPermissions::getRoleModules(array_var($user_data, 'type'));
$_POST['mod_perm']=array();
foreach($tabs_permissions as $pr){
$_POST['mod_perm'][$pr]=1;
}
}
$password = '';
if (array_var($user_data, 'password_generator') == 'specify') {
$perform_password_validation = true;
// Validate input
$password = array_var($user_data, 'password');
if (trim($password) == '') {
throw new Error(lang('password value required'));
} // if
if ($password <> array_var($user_data, 'password_a')) {
throw new Error(lang('passwords dont match'));
} // if
} else {
$user_data['password_generator'] = 'link';
$perform_password_validation = false;
}
$contact->setPassword($password);
$contact->save();
$user_password = new ContactPassword();
$user_password->setContactId($contact->getId());
$user_password->setPasswordDate(DateTimeValueLib::now());
$user_password->setPassword(cp_encrypt($password, $user_password->getPasswordDate()->getTimestamp()));
$user_password->password_temp = $password;
$user_password->perform_validation = $perform_password_validation;
$user_password->save();
if (array_var($user_data, 'autodetect_time_zone', 1) == 1) {
set_user_config_option('autodetect_time_zone', 1, $contact->getId());
}
/* create contact for this user*/
ApplicationLogs::createLog($contact, ApplicationLogs::ACTION_ADD);
// Set role permissions for active members
$active_context = active_context();
$sel_members = array();
foreach ($active_context as $selection) {
if ($selection instanceof Member) {
$sel_members[] = $selection;
$has_project_permissions = ContactMemberPermissions::instance()->count("permission_group_id = '".$contact->getPermissionGroupId()."' AND member_id = ".$selection->getId()) > 0;
if (!$has_project_permissions) {
RoleObjectTypePermissions::createDefaultUserPermissions($contact, $selection);
}
}
}
save_permissions($contact->getPermissionGroupId(), $contact->isGuest());
Hook::fire('after_user_add', $contact, $null);
// add user content object to associated members
if (count($sel_members) > 0) {
ObjectMembers::addObjectToMembers($contact->getId(), $sel_members);
$contact->addToSharingTable();
}
// Send notification
try {
if (array_var($user_data, 'send_email_notification') && $contact->getEmailAddress()) {
if (array_var($user_data, 'password_generator', 'link') == 'link') {
// Generate link password
$user = Contacts::getByEmail(array_var($user_data, 'email'));
$token = sha1(gen_id() . (defined('SEED') ? SEED : ''));
$timestamp = time() + 60*60*24;
set_user_config_option('reset_password', $token . ";" . $timestamp, $user->getId());
Notifier::newUserAccountLinkPassword($contact, $password, $token);
} else {
Notifier::newUserAccount($contact, $password);
}
}
} catch(Exception $e) {
Logger::log($e->getTraceAsString());
} // try
return $contact;
}
function save_permissions($pg_id, $is_guest = false)
{
$sys_permissions_data = array_var($_POST, 'sys_perm');
$changed_members = array();
//module permissions
$mod_permissions_data = array_var($_POST, 'mod_perm');
TabPanelPermissions::clearByPermissionGroup($pg_id);
if (!is_null($mod_permissions_data) && is_array($mod_permissions_data)) {
foreach ($mod_permissions_data as $tab_id => $val) {
$tpp = new TabPanelPermission();
$tpp->setPermissionGroupId($pg_id);
$tpp->setTabPanelId($tab_id);
$tpp->save();
}
}
//system permissions
$system_permissions = SystemPermissions::findById($pg_id);
if (!$system_permissions instanceof SystemPermission) {
$system_permissions = new SystemPermission();
$system_permissions->setPermissionGroupId($pg_id);
}
$system_permissions->setAllPermissions(false);
$other_permissions = array();
Hook::fire('add_user_permissions', $pg_id, $other_permissions);
foreach ($other_permissions as $k => $v) {
$system_permissions->setColumnValue($k, false);
}
$sys_permissions_data['can_task_assignee'] = !$is_guest;
$system_permissions->setFromAttributes($sys_permissions_data);
$system_permissions->save();
//member permissions
$permissionsString = array_var($_POST, 'permissions');
if ($permissionsString && $permissionsString != '') {
$permissions = json_decode($permissionsString);
}
if (isset($permissions) && !is_null($permissions) && is_array($permissions)) {
$allowed_members_ids = array();
foreach ($permissions as $perm) {
if (!isset($all_perm_deleted[$perm->m])) {
$all_perm_deleted[$perm->m] = true;
}
$allowed_members_ids[$perm->m] = array();
$allowed_members_ids[$perm->m]['pg'] = $pg_id;
$cmp = ContactMemberPermissions::findById(array('permission_group_id' => $pg_id, 'member_id' => $perm->m, 'object_type_id' => $perm->o));
if (!$cmp instanceof ContactMemberPermission) {
$cmp = new ContactMemberPermission();
$cmp->setPermissionGroupId($pg_id);
$cmp->setMemberId($perm->m);
$cmp->setObjectTypeId($perm->o);
}
$cmp->setCanWrite($is_guest ? false : $perm->w);
$cmp->setCanDelete($is_guest ? false : $perm->d);
if ($perm->r) {
if (isset($allowed_members_ids[$perm->m]['w'])) {
if ($allowed_members_ids[$perm->m]['w'] != 1) {
$allowed_members_ids[$perm->m]['w'] = $is_guest ? false : $perm->w;
}
} else {
$allowed_members_ids[$perm->m]['w'] = $is_guest ? false : $perm->w;
}
if (isset($allowed_members_ids[$perm->m]['d'])) {
if ($allowed_members_ids[$perm->m]['d'] != 1) {
$allowed_members_ids[$perm->m]['d'] = $is_guest ? false : $perm->d;
}
} else {
$allowed_members_ids[$perm->m]['d'] = $is_guest ? false : $perm->d;
}
$cmp->save();
$all_perm_deleted[$perm->m] = false;
} else {
$cmp->delete();
}
$changed_members[] = $perm->m;
}
$sharingTablecontroller = new SharingTableController();
$sharingTablecontroller->afterPermissionChanged($pg_id, $permissions);
foreach ($allowed_members_ids as $key => $mids) {
$mbm = Members::findById($key);
$root_cmp = ContactMemberPermissions::findById(array('permission_group_id' => $mids['pg'], 'member_id' => $key, 'object_type_id' => $mbm->getObjectTypeId()));
if (!$root_cmp instanceof ContactMemberPermission) {
$root_cmp = new ContactMemberPermission();
$root_cmp->setPermissionGroupId($mids['pg']);
$root_cmp->setMemberId($key);
$root_cmp->setObjectTypeId($mbm->getObjectTypeId());
}
$root_cmp->setCanWrite($mids['w']);
$root_cmp->setCanDelete($mids['d']);
$root_cmp->save();
}
foreach ($all_perm_deleted as $mid => $pd) {
if ($pd) {
ContactMemberPermissions::instance()->delete("`permission_group_id` = {$pg_id} AND `member_id` = {$mid}");
}
}
}
// set all permissiions to read_only
if ($is_guest) {
$all_saved_permissions = ContactMemberPermissions::findAll(array("conditions" => "`permission_group_id` = {$pg_id}"));
foreach ($all_saved_permissions as $sp) {
/* @var $sp ContactMemberPermission */
if ($sp->getCanDelete() || $sp->getCanWrite()) {
$sp->setCanDelete(false);
$sp->setCanWrite(false);
$sp->save();
}
}
$cdps = ContactDimensionPermissions::findAll(array("conditions" => "`permission_type` = 'allow all'"));
foreach ($cdps as $cdp) {
$cdp->setPermissionType('check');
$cdp->save();
}
}
// check the status of the changed dimensions to set 'allow_all', 'deny_all' or 'check'
$dimensions = Dimensions::findAll(array("conditions" => array("`id` IN (SELECT DISTINCT `dimension_id` FROM " . Members::instance()->getTableName(true) . " WHERE `id` IN (?))", $changed_members)));
foreach ($dimensions as $dimension) {
$mem_ids = $dimension->getAllMembers(true);
if (count($mem_ids) == 0) {
$mem_ids[] = 0;
}
$count = ContactMemberPermissions::count(array('conditions' => "`permission_group_id`={$pg_id} AND `member_id` IN (" . implode(",", $mem_ids) . ") AND `can_delete` = 0"));
if ($count > 0) {
$dimension->setContactDimensionPermission($pg_id, 'check');
} else {
$count = ContactMemberPermissions::count(array('conditions' => "`permission_group_id`={$pg_id} AND `member_id` IN (" . implode(",", $mem_ids) . ")"));
if ($count == 0) {
$dimension->setContactDimensionPermission($pg_id, 'deny all');
} else {
$allow_all = true;
$dim_obj_types = $dimension->getAllowedObjectTypeContents();
$members = Members::findAll("`id` IN (" . implode(",", $mem_ids) . ")");
foreach ($dim_obj_types as $dim_obj_type) {
$mem_ids_for_ot = array();
foreach ($members as $member) {
if ($dim_obj_type->getDimensionObjectTypeId() == $member->getObjectTypeId()) {
$mem_ids_for_ot[] = $member->getId();
}
}
if (count($mem_ids_for_ot) == 0) {
$mem_ids_for_ot[] = 0;
}
$count = ContactMemberPermissions::count(array('conditions' => "`permission_group_id`={$pg_id} AND \n\t\t\t\t\t\t`object_type_id` = " . $dim_obj_type->getContentObjectTypeId() . " AND `can_delete` = 1 AND `member_id` IN (" . implode(",", $mem_ids_for_ot) . ")"));
if ($count != count($mem_ids_for_ot)) {
$allow_all = false;
break;
}
}
if ($allow_all) {
$dimension->setContactDimensionPermission($pg_id, 'allow all');
} else {
$dimension->setContactDimensionPermission($pg_id, 'check');
}
}
}
}
}
$member_permissions[$member_id] = array();
}
$member_permissions[$member_id][] = array('o' => $p->getObjectTypeId(), 'w' => $p->getCanWrite(), 'd' => $p->getCanDelete(), 'r' => 1);
}
}
} else {
$pg_id = $contact->getPermissionGroupId();
tpl_assign('user', $contact);
}
$parameters = permission_form_parameters($pg_id);
if ($contact->isNew()) {
$parameters['root_permissions'] = $root_permissions;
$parameters['member_permissions'] = $member_permissions;
}
// Module Permissions
$module_permissions = TabPanelPermissions::findAll(array("conditions" => "`permission_group_id` = {$pg_id}"));
$module_permissions_info = array();
foreach ($module_permissions as $mp) {
$module_permissions_info[$mp->getTabPanelId()] = 1;
}
$all_modules = TabPanels::findAll(array("conditions" => "`enabled` = 1", "order" => "ordering"));
$all_modules_info = array();
foreach ($all_modules as $module) {
$all_modules_info[] = array('id' => $module->getId(), 'name' => lang($module->getTitle()), 'ot' => $module->getObjectTypeId());
}
// System Permissions
$system_permissions = SystemPermissions::findById($pg_id);
tpl_assign('module_permissions_info', $module_permissions_info);
tpl_assign('all_modules_info', $all_modules_info);
if (!$system_permissions instanceof SystemPermission) {
$system_permissions = new SystemPermission();
function save_permissions($pg_id, $is_guest = false, $permissions_data = null, $save_cmps = true, $update_sharing_table = true, $fire_hook = true, $update_contact_member_cache = true, $users_ids_to_check = array(), $only_member_permissions = false)
{
if (is_null($permissions_data)) {
// system permissions
$sys_permissions_data = array_var($_POST, 'sys_perm');
// module permissions
$mod_permissions_data = array_var($_POST, 'mod_perm');
// root permissions
if ($rp_genid = array_var($_POST, 'root_perm_genid')) {
$rp_permissions_data = array();
foreach ($_POST as $name => $value) {
if (str_starts_with($name, $rp_genid . 'rg_root_')) {
$rp_permissions_data[$name] = $value;
}
}
}
// member permissions
$permissionsString = array_var($_POST, 'permissions');
} else {
// system permissions
$sys_permissions_data = array_var($permissions_data, 'sys_perm');
// module permissions
$mod_permissions_data = array_var($permissions_data, 'mod_perm');
// root permissions
$rp_genid = array_var($permissions_data, 'root_perm_genid');
$rp_permissions_data = array_var($permissions_data, 'root_perm');
// member permissions
$permissionsString = array_var($permissions_data, 'permissions');
}
try {
DB::beginWork();
$changed_members = array();
// save module permissions
if (!$only_member_permissions) {
try {
TabPanelPermissions::clearByPermissionGroup($pg_id, true);
if (!is_null($mod_permissions_data) && is_array($mod_permissions_data)) {
foreach ($mod_permissions_data as $tab_id => $val) {
DB::execute("INSERT INTO " . TABLE_PREFIX . "tab_panel_permissions (permission_group_id,tab_panel_id) VALUES ('{$pg_id}','{$tab_id}') ON DUPLICATE KEY UPDATE permission_group_id=permission_group_id");
}
}
} catch (Exception $e) {
Logger::log("Error saving module permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
throw $e;
}
}
$root_permissions_sharing_table_delete = array();
$root_permissions_sharing_table_add = array();
if (logged_user() instanceof Contact && can_manage_security(logged_user())) {
try {
if (!$only_member_permissions) {
// save system permissions
$system_permissions = SystemPermissions::findById($pg_id);
if (!$system_permissions instanceof SystemPermission) {
$system_permissions = new SystemPermission();
$system_permissions->setPermissionGroupId($pg_id);
}
$system_permissions->setAllPermissions(false);
$other_permissions = array();
Hook::fire('add_user_permissions', $pg_id, $other_permissions);
foreach ($other_permissions as $k => $v) {
$system_permissions->setColumnValue($k, false);
}
// check max permissions for role, in case of modifying user's permissions
$role_id = "-1";
$tmp_contact = Contacts::findOne(array('conditions' => 'permission_group_id = ' . $pg_id));
if ($tmp_contact instanceof Contact) {
$role_id = $tmp_contact->getUserType();
}
$max_role_system_permissions = MaxSystemPermissions::findOne(array('conditions' => 'permission_group_id = ' . $role_id));
if ($max_role_system_permissions instanceof MaxSystemPermission) {
foreach ($sys_permissions_data as $col => &$val) {
$max_val = $max_role_system_permissions->getColumnValue($col);
if (!$max_val) {
unset($sys_permissions_data[$col]);
}
}
}
// don't allow to write emails for collaborators and guests
if ($tmp_contact instanceof Contact) {
$user_type_name = $tmp_contact->getUserTypeName();
if (!in_array($user_type_name, array('Super Administrator', 'Administrator', 'Manager', 'Executive'))) {
$mail_ot = ObjectTypes::findByName('mail');
if ($mail_ot instanceof ObjectType) {
DB::executeAll("UPDATE " . TABLE_PREFIX . "contact_member_permissions SET can_write=0, can_delete=0 WHERE object_type_id=" . $mail_ot->getId() . " AND permission_group_id={$pg_id}");
}
}
}
$sys_permissions_data['can_task_assignee'] = !$is_guest;
$system_permissions->setFromAttributes($sys_permissions_data);
$system_permissions->setUseOnDuplicateKeyWhenInsert(true);
$system_permissions->save();
//object type root permissions
$can_have_root_permissions = config_option('let_users_create_objects_in_root') && in_array($user_type_name, array('Super Administrator', 'Administrator', 'Manager', 'Executive'));
if ($rp_genid && $can_have_root_permissions) {
ContactMemberPermissions::delete("permission_group_id = {$pg_id} AND member_id = 0");
foreach ($rp_permissions_data as $name => $value) {
if (str_starts_with($name, $rp_genid . 'rg_root_')) {
$rp_ot = substr($name, strrpos($name, '_') + 1);
if (is_numeric($rp_ot) && $rp_ot > 0 && $value == 0) {
$root_permissions_sharing_table_delete[] = $rp_ot;
}
if (!is_numeric($rp_ot) || $rp_ot <= 0 || $value < 1) {
continue;
}
$root_permissions_sharing_table_add[] = $rp_ot;
// save with member_id = 0
$root_perm_cmp = new ContactMemberPermission();
$root_perm_cmp->setPermissionGroupId($pg_id);
$root_perm_cmp->setMemberId('0');
$root_perm_cmp->setObjectTypeId($rp_ot);
$root_perm_cmp->setCanWrite($value >= 2);
$root_perm_cmp->setCanDelete($value >= 3);
$root_perm_cmp->save();
}
}
}
if (!$can_have_root_permissions) {
ContactMemberPermissions::delete("permission_group_id = {$pg_id} AND member_id = 0");
$sh_controller = new SharingTableController();
$all_object_type_ids = ObjectTypes::findAll(array('id' => true));
$sh_controller->adjust_root_permissions($pg_id, array('root_permissions_sharing_table_delete' => $all_object_type_ids));
}
}
} catch (Exception $e) {
Logger::log("Error saving system and root permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
throw $e;
}
}
// set all permissions to read_only if user is guest
if ($is_guest) {
try {
$all_saved_permissions = ContactMemberPermissions::findAll(array("conditions" => "`permission_group_id` = {$pg_id}"));
foreach ($all_saved_permissions as $sp) {
/* @var $sp ContactMemberPermission */
if ($sp->getCanDelete() || $sp->getCanWrite()) {
$sp->setCanDelete(false);
$sp->setCanWrite(false);
$sp->save();
}
}
$cdps = ContactDimensionPermissions::findAll(array("conditions" => "`permission_type` = 'allow all'"));
foreach ($cdps as $cdp) {
$cdp->setPermissionType('check');
$cdp->save();
}
} catch (Exception $e) {
Logger::log("Error setting guest user permissions to read_only for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
throw $e;
}
}
// check the status of the changed dimensions to set 'allow_all', 'deny_all' or 'check'
try {
$dimensions = Dimensions::findAll(array("conditions" => array("`id` IN (SELECT DISTINCT `dimension_id` FROM " . Members::instance()->getTableName(true) . " WHERE `id` IN (?))", $changed_members)));
foreach ($dimensions as $dimension) {
$dimension->setContactDimensionPermission($pg_id, 'check');
}
} catch (Exception $e) {
Logger::log("Error setting dimension permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
throw $e;
}
//member permissions
if ($permissionsString && $permissionsString != '') {
$permissions = json_decode($permissionsString);
}
if (isset($permissions) && !is_null($permissions) && is_array($permissions)) {
try {
$tmp_contact = Contacts::findOne(array('conditions' => 'permission_group_id = ' . $pg_id));
if ($tmp_contact instanceof Contact) {
$user_type_name = $tmp_contact->getUserTypeName();
$role_id = $tmp_contact->getUserType();
$max_role_ot_perms = MaxRoleObjectTypePermissions::instance()->findAll(array('conditions' => "role_id = '{$role_id}'"));
}
$mail_ot = ObjectTypes::findByName('mail');
$sql_insert_values = "";
$member_object_types_to_delete = array();
$allowed_members_ids = array();
foreach ($permissions as &$perm) {
if (!isset($all_perm_deleted[$perm->m])) {
$all_perm_deleted[$perm->m] = true;
}
$allowed_members_ids[$perm->m] = array();
$allowed_members_ids[$perm->m]['pg'] = $pg_id;
if ($perm->r) {
if (isset($allowed_members_ids[$perm->m]['w'])) {
if ($allowed_members_ids[$perm->m]['w'] != 1) {
$allowed_members_ids[$perm->m]['w'] = $is_guest ? false : $perm->w;
}
} else {
$allowed_members_ids[$perm->m]['w'] = $is_guest ? false : $perm->w;
}
if (isset($allowed_members_ids[$perm->m]['d'])) {
if ($allowed_members_ids[$perm->m]['d'] != 1) {
$allowed_members_ids[$perm->m]['d'] = $is_guest ? false : $perm->d;
}
} else {
$allowed_members_ids[$perm->m]['d'] = $is_guest ? false : $perm->d;
}
// check max permissions for user type
if ($tmp_contact instanceof Contact) {
$max_perm = null;
foreach ($max_role_ot_perms as $max_role_ot_perm) {
if ($max_role_ot_perm->getObjectTypeId() == $perm->o) {
$max_perm = $max_role_ot_perm;
}
}
if ($max_perm) {
if (!$max_perm->getCanDelete()) {
$perm->d = 0;
}
if (!$max_perm->getCanWrite()) {
$perm->w = 0;
}
} else {
$perm->d = 0;
$perm->w = 0;
$perm->r = 0;
}
}
if ($save_cmps) {
// don't allow to write emails for collaborators and guests
if ($tmp_contact instanceof Contact && !in_array($user_type_name, array('Super Administrator', 'Administrator', 'Manager', 'Executive'))) {
if ($mail_ot instanceof ObjectType && $perm->o == $mail_ot->getId()) {
$perm->d = 0;
$perm->w = 0;
}
}
$sql_insert_values .= ($sql_insert_values == "" ? "" : ",") . "('" . $pg_id . "','" . $perm->m . "','" . $perm->o . "','" . $perm->d . "','" . $perm->w . "')";
if (!isset($member_object_types_to_delete[$perm->m])) {
$member_object_types_to_delete[$perm->m] = array();
}
$member_object_types_to_delete[$perm->m][] = $perm->o;
}
$all_perm_deleted[$perm->m] = false;
} else {
if (is_numeric($perm->m) && is_numeric($perm->o)) {
DB::execute("DELETE FROM " . TABLE_PREFIX . "contact_member_permissions WHERE member_id='" . $perm->m . "' AND object_type_id='" . $perm->o . "' AND permission_group_id={$pg_id}");
}
}
$changed_members[] = $perm->m;
}
if ($save_cmps) {
if (count($all_perm_deleted) > 0) {
$member_ids_to_delete = array();
foreach ($all_perm_deleted as $mid => $del) {
// also check in contact_member_permissions
$cmps = ContactMemberPermissions::findAll(array('conditions' => 'permission_group_id=' . $pg_id . " AND member_id={$mid}"));
if ($del && (!is_array($cmps) || count($cmps) == 0)) {
$member_ids_to_delete[] = $mid;
}
}
if (count($member_ids_to_delete) > 0) {
DB::execute("DELETE FROM " . TABLE_PREFIX . "contact_member_permissions WHERE member_id IN (" . implode(',', $member_ids_to_delete) . ") AND permission_group_id={$pg_id}");
}
}
foreach ($member_object_types_to_delete as $mid => $obj_type_ids) {
if (count($obj_type_ids) > 0) {
DB::execute("DELETE FROM " . TABLE_PREFIX . "contact_member_permissions WHERE member_id={$mid} AND object_type_id IN (" . implode(',', $obj_type_ids) . ") AND permission_group_id={$pg_id}");
}
}
if ($sql_insert_values != "") {
DB::execute("INSERT INTO " . TABLE_PREFIX . "contact_member_permissions (permission_group_id, member_id, object_type_id, can_delete, can_write) VALUES {$sql_insert_values} ON DUPLICATE KEY UPDATE member_id=member_id");
}
}
} catch (Exception $e) {
Logger::log("Error saving member permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
throw $e;
}
}
DB::commit();
} catch (Exception $e) {
Logger::log("Error saving permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
DB::rollback();
}
try {
if (isset($permissions) && !is_null($permissions) && is_array($permissions)) {
if ($update_sharing_table) {
try {
$sharingTablecontroller = new SharingTableController();
$rp_info = array('root_permissions_sharing_table_delete' => $root_permissions_sharing_table_delete, 'root_permissions_sharing_table_add' => $root_permissions_sharing_table_add);
$sharingTablecontroller->afterPermissionChanged($pg_id, $permissions, $rp_info);
} catch (Exception $e) {
Logger::log("Error saving permissions to sharing table for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
throw $e;
}
}
if ($update_contact_member_cache) {
try {
$contactMemberCacheController = new ContactMemberCacheController();
$group = PermissionGroups::findById($pg_id);
$real_group = null;
if ($group->getType() == 'user_groups') {
$real_group = $group;
}
$users = $group->getUsers();
$users_ids_checked = array();
foreach ($users as $us) {
$users_ids_checked[] = $us->getId();
$contactMemberCacheController->afterUserPermissionChanged($us, $permissions, $real_group);
}
//check all users related to the group
foreach ($users_ids_to_check as $us_id) {
if (!in_array($us_id, $users_ids_checked)) {
$users_ids_checked[] = $us_id;
$us = Contacts::findById($us_id);
if ($us instanceof Contact) {
$contactMemberCacheController->afterUserPermissionChanged($us, $permissions, $real_group);
}
}
}
} catch (Exception $e) {
Logger::log("Error saving permissions to contact member cache for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
throw $e;
}
}
}
} catch (Exception $e) {
Logger::log("Error saving module permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
}
if ($fire_hook) {
Hook::fire('after_save_contact_permissions', $pg_id, $pg_id);
}
// remove contact object from members where permissions were deleted
$user = Contacts::findOne(array('conditions' => 'permission_group_id=' . $pg_id));
if ($user instanceof Contact) {
$to_remove = array();
if (isset($all_perm_deleted) && is_array($all_perm_deleted)) {
foreach ($all_perm_deleted as $m_id => $must_remove) {
if ($must_remove) {
$to_remove[] = $m_id;
}
}
ObjectMembers::removeObjectFromMembers($user, logged_user(), null, $to_remove);
}
}
}
function create_user($user_data, $permissionsString, $rp_permissions_data = array(), $save_permissions = true)
{
// try to find contact by some properties
$contact_id = array_var($user_data, "contact_id");
$contact = Contacts::instance()->findById($contact_id);
if (!is_valid_email(array_var($user_data, 'email'))) {
throw new Exception(lang("email value is required"));
}
if (!$contact instanceof Contact) {
// Create a new user
$contact = new Contact();
$contact->setUsername(array_var($user_data, 'username'));
$contact->setDisplayName(array_var($user_data, 'display_name'));
$contact->setCompanyId(array_var($user_data, 'company_id'));
$contact->setUserType(array_var($user_data, 'type'));
$contact->setTimezone(array_var($user_data, 'timezone'));
$contact->setFirstname($contact->getObjectName() != "" ? $contact->getObjectName() : $contact->getUsername());
$contact->setObjectName();
$user_from_contact = false;
} else {
// Create user from contact
$contact->setUserType(array_var($user_data, 'type'));
if (array_var($user_data, 'company_id')) {
$contact->setCompanyId(array_var($user_data, 'company_id'));
}
$contact->setUsername(array_var($user_data, 'username'));
$contact->setTimezone(array_var($user_data, 'timezone'));
$user_from_contact = true;
}
$contact->save();
if (is_valid_email(array_var($user_data, 'email'))) {
$user = Contacts::getByEmail(array_var($user_data, 'email'));
if (!$user) {
$contact->addEmail(array_var($user_data, 'email'), 'personal', true);
}
}
//permissions
$additional_name = "";
$tmp_pg = PermissionGroups::findOne(array('conditions' => "`name`='User " . $contact->getId() . " Personal'"));
if ($tmp_pg instanceof PermissionGroup) {
$additional_name = "_" . gen_id();
}
$permission_group = new PermissionGroup();
$permission_group->setName('User ' . $contact->getId() . $additional_name . ' Personal');
$permission_group->setContactId($contact->getId());
$permission_group->setIsContext(false);
$permission_group->setType("permission_groups");
$permission_group->save();
$contact->setPermissionGroupId($permission_group->getId());
$null = null;
Hook::fire('on_create_user_perm_group', $permission_group, $null);
$contact_pg = new ContactPermissionGroup();
$contact_pg->setContactId($contact->getId());
$contact_pg->setPermissionGroupId($permission_group->getId());
$contact_pg->save();
if (can_manage_security(logged_user())) {
$sp = new SystemPermission();
if (!$user_from_contact) {
$rol_permissions = SystemPermissions::getRolePermissions(array_var($user_data, 'type'));
if (is_array($rol_permissions)) {
foreach ($rol_permissions as $pr) {
$sp->setPermission($pr);
}
}
}
$sp->setPermissionGroupId($permission_group->getId());
if (isset($user_data['can_manage_security'])) {
$sp->setCanManageSecurity(array_var($user_data, 'can_manage_security'));
}
if (isset($user_data['can_manage_configuration'])) {
$sp->setCanManageConfiguration(array_var($user_data, 'can_manage_configuration'));
}
if (isset($user_data['can_manage_templates'])) {
$sp->setCanManageTemplates(array_var($user_data, 'can_manage_templates'));
}
if (isset($user_data['can_manage_time'])) {
$sp->setCanManageTime(array_var($user_data, 'can_manage_time'));
}
if (isset($user_data['can_add_mail_accounts'])) {
$sp->setCanAddMailAccounts(array_var($user_data, 'can_add_mail_accounts'));
}
if (isset($user_data['can_manage_dimensions'])) {
$sp->setCanManageDimensions(array_var($user_data, 'can_manage_dimensions'));
}
if (isset($user_data['can_manage_dimension_members'])) {
$sp->setCanManageDimensionMembers(array_var($user_data, 'can_manage_dimension_members'));
}
if (isset($user_data['can_manage_tasks'])) {
$sp->setCanManageTasks(array_var($user_data, 'can_manage_tasks'));
}
if (isset($user_data['can_task_assignee'])) {
$sp->setCanTasksAssignee(array_var($user_data, 'can_task_assignee'));
}
if (isset($user_data['can_manage_billing'])) {
$sp->setCanManageBilling(array_var($user_data, 'can_manage_billing'));
}
if (isset($user_data['can_view_billing'])) {
$sp->setCanViewBilling(array_var($user_data, 'can_view_billing'));
}
if (isset($user_data['can_see_assigned_to_other_tasks'])) {
$sp->setColumnValue('can_see_assigned_to_other_tasks', array_var($user_data, 'can_see_assigned_to_other_tasks'));
}
Hook::fire('add_user_permissions', $sp, $other_permissions);
if (!is_null($other_permissions) && is_array($other_permissions)) {
foreach ($other_permissions as $k => $v) {
$sp->setColumnValue($k, array_var($user_data, $k));
}
}
$sp->save();
$permissions_sent = array_var($_POST, 'manual_permissions_setted') == 1;
// give permissions for user if user type defined in "give_member_permissions_to_new_users" config option
$allowed_user_type_ids = config_option('give_member_permissions_to_new_users');
if ($contact->isAdministrator() || !$permissions_sent && in_array($contact->getUserType(), $allowed_user_type_ids)) {
ini_set('memory_limit', '512M');
$permissions = array();
$default_permissions = RoleObjectTypePermissions::instance()->findAll(array('conditions' => 'role_id = ' . $contact->getUserType()));
$dimensions = Dimensions::findAll();
foreach ($dimensions as $dimension) {
if ($dimension->getDefinesPermissions()) {
$cdp = ContactDimensionPermissions::findOne(array("conditions" => "`permission_group_id` = " . $contact->getPermissionGroupId() . " AND `dimension_id` = " . $dimension->getId()));
if (!$cdp instanceof ContactDimensionPermission) {
$cdp = new ContactDimensionPermission();
$cdp->setPermissionGroupId($contact->getPermissionGroupId());
$cdp->setContactDimensionId($dimension->getId());
}
$cdp->setPermissionType('check');
$cdp->save();
// contact member permisssion entries
$members = DB::executeAll('SELECT * FROM ' . TABLE_PREFIX . 'members WHERE dimension_id=' . $dimension->getId());
foreach ($members as $member) {
foreach ($default_permissions as $p) {
// Add persmissions to sharing table
$perm = new stdClass();
$perm->m = $member['id'];
$perm->r = 1;
$perm->w = $p->getCanWrite();
$perm->d = $p->getCanDelete();
$perm->o = $p->getObjectTypeId();
$permissions[] = $perm;
}
}
}
}
$_POST['permissions'] = json_encode($permissions);
} else {
if ($permissions_sent) {
$_POST['permissions'] = $permissionsString;
} else {
$_POST['permissions'] = "";
}
}
if (config_option('let_users_create_objects_in_root') && ($contact->isAdminGroup() || $contact->isExecutive() || $contact->isManager())) {
if ($permissions_sent) {
foreach ($rp_permissions_data as $name => $value) {
$ot_id = substr($name, strrpos($name, '_') + 1);
$cmp = new ContactMemberPermission();
$cmp->setPermissionGroupId($permission_group->getId());
$cmp->setMemberId(0);
$cmp->setObjectTypeId($ot_id);
$cmp->setCanDelete($value >= 3);
$cmp->setCanWrite($value >= 2);
$cmp->save();
}
} else {
$default_permissions = RoleObjectTypePermissions::instance()->findAll(array('conditions' => 'role_id = ' . $contact->getUserType()));
foreach ($default_permissions as $p) {
$cmp = new ContactMemberPermission();
$cmp->setPermissionGroupId($permission_group->getId());
$cmp->setMemberId(0);
$cmp->setObjectTypeId($p->getObjectTypeId());
$cmp->setCanDelete($p->getCanDelete());
$cmp->setCanWrite($p->getCanWrite());
$cmp->save();
}
}
}
}
if (!isset($_POST['sys_perm']) && !$user_from_contact) {
$rol_permissions = SystemPermissions::getRolePermissions(array_var($user_data, 'type'));
$_POST['sys_perm'] = array();
if (is_array($rol_permissions)) {
foreach ($rol_permissions as $pr) {
$_POST['sys_perm'][$pr] = 1;
}
}
}
if (!isset($_POST['mod_perm']) && !$user_from_contact) {
$tabs_permissions = TabPanelPermissions::getRoleModules(array_var($user_data, 'type'));
$_POST['mod_perm'] = array();
foreach ($tabs_permissions as $pr) {
$_POST['mod_perm'][$pr] = 1;
}
}
$password = '';
if (array_var($user_data, 'password_generator') == 'specify') {
$perform_password_validation = true;
// Validate input
$password = array_var($user_data, 'password');
if (trim($password) == '') {
throw new Error(lang('password value required'));
}
// if
if ($password != array_var($user_data, 'password_a')) {
throw new Error(lang('passwords dont match'));
}
// if
} else {
$user_data['password_generator'] = 'link';
$perform_password_validation = false;
}
$contact->setPassword($password);
$contact->save();
$user_password = new ContactPassword();
$user_password->setContactId($contact->getId());
$user_password->setPasswordDate(DateTimeValueLib::now());
$user_password->setPassword(cp_encrypt($password, $user_password->getPasswordDate()->getTimestamp()));
$user_password->password_temp = $password;
$user_password->perform_validation = $perform_password_validation;
$user_password->save();
if (array_var($user_data, 'autodetect_time_zone', 1) == 1) {
set_user_config_option('autodetect_time_zone', 1, $contact->getId());
}
/* create contact for this user*/
ApplicationLogs::createLog($contact, ApplicationLogs::ACTION_ADD);
// Set role permissions for active members
$active_context = active_context();
$sel_members = array();
if (is_array($active_context) && !$permissions_sent) {
$tmp_perms = array();
if ($_POST['permissions'] != "") {
$tmp_perms = json_decode($_POST['permissions']);
}
foreach ($active_context as $selection) {
if ($selection instanceof Member) {
$sel_members[] = $selection;
$has_project_permissions = ContactMemberPermissions::instance()->count("permission_group_id = '" . $contact->getPermissionGroupId() . "' AND member_id = " . $selection->getId()) > 0;
if (!$has_project_permissions) {
$new_cmps = RoleObjectTypePermissions::createDefaultUserPermissions($contact, $selection);
foreach ($new_cmps as $new_cmp) {
$perm = new stdClass();
$perm->m = $new_cmp->getMemberId();
$perm->r = 1;
$perm->w = $new_cmp->getCanWrite();
$perm->d = $new_cmp->getCanDelete();
$perm->o = $new_cmp->getObjectTypeId();
$tmp_perms[] = $perm;
}
}
}
}
if (count($tmp_perms) > 0) {
$_POST['permissions'] = json_encode($tmp_perms);
}
}
if ($save_permissions) {
//save_permissions($contact->getPermissionGroupId(), $contact->isGuest());
save_user_permissions_background(logged_user(), $contact->getPermissionGroupId(), $contact->isGuest());
}
Hook::fire('after_user_add', $contact, $null);
// add user content object to associated members
if (count($sel_members) > 0) {
ObjectMembers::addObjectToMembers($contact->getId(), $sel_members);
$contact->addToSharingTable();
}
return $contact;
}
/**
* Show update permissions page
*
* @param void
* @return null
*/
function update_permissions()
{
$user = Contacts::findById(get_id());
if (!($user instanceof Contact && $user->isUser()) || $user->getDisabled()) {
flash_error(lang('user dnx'));
ajx_current("empty");
return;
}
// if
if (!$user->canUpdatePermissions(logged_user())) {
flash_error(lang('no access permissions'));
ajx_current("empty");
return;
}
// if
$redirect_to = array_var($_GET, 'redirect_to');
if (trim($redirect_to) == '' || !is_valid_url($redirect_to)) {
$redirect_to = $user->getCardUserUrl();
}
// if
$sys_permissions_data = array_var($_POST, 'sys_perm');
if (!is_array($sys_permissions_data)) {
$pg_id = $user->getPermissionGroupId();
$parameters = permission_form_parameters($pg_id);
// Module Permissions
$module_permissions = TabPanelPermissions::findAll(array("conditions" => "`permission_group_id` = {$pg_id}"));
$module_permissions_info = array();
foreach ($module_permissions as $mp) {
$module_permissions_info[$mp->getTabPanelId()] = 1;
}
$all_modules = TabPanels::findAll(array("conditions" => "`enabled` = 1", "order" => "ordering"));
$all_modules_info = array();
foreach ($all_modules as $module) {
$all_modules_info[] = array('id' => $module->getId(), 'name' => lang($module->getTitle()), 'ot' => $module->getObjectTypeId());
}
// System Permissions
$system_permissions = SystemPermissions::findById($pg_id);
tpl_assign('module_permissions_info', $module_permissions_info);
tpl_assign('all_modules_info', $all_modules_info);
tpl_assign('system_permissions', $system_permissions);
tpl_assign('permission_parameters', $parameters);
$more_permissions = array();
Hook::fire('add_user_permissions', $pg_id, $more_permissions);
tpl_assign('more_permissions', $more_permissions);
// Permission Groups
$groups = PermissionGroups::getNonPersonalSameLevelPermissionsGroups('`parent_id`,`id` ASC');
tpl_assign('groups', $groups);
$roles = SystemPermissions::getAllRolesPermissions();
tpl_assign('roles', $roles);
$tabs = TabPanelPermissions::getAllRolesModules();
tpl_assign('tabs_allowed', $tabs);
tpl_assign('guest_groups', PermissionGroups::instance()->getGuestPermissionGroups());
}
tpl_assign('user', $user);
tpl_assign('redirect_to', $redirect_to);
if (array_var($_POST, 'submitted') == 'submitted') {
$user_data = array_var($_POST, 'user');
if (!is_array($user_data)) {
$user_data = array();
}
try {
DB::beginWork();
$pg_id = $user->getPermissionGroupId();
$user->setUserType(array_var($user_data, 'type'));
$user->save();
save_permissions($pg_id, $user->isGuest());
DB::commit();
flash_success(lang('success user permissions updated'));
ajx_current("back");
} catch (Exception $e) {
DB::rollback();
flash_error($e->getMessage());
ajx_current("empty");
}
}
// if
}
/**
* Add user
*
* @access public
* @param void
* @return null
*/
function add_user() {
$max_users = config_option('max_users');
if ($max_users && (Contacts::count() >= $max_users)) {
flash_error(lang('maximum number of users reached error'));
ajx_current("empty");
return;
}
$company = Contacts::findById(get_id('company_id'));
if (!($company instanceof Contact)) {
$company = owner_company();
}
if (!can_manage_security(logged_user())) {
flash_error(lang('no access permissions'));
ajx_current("empty");
return;
} // if
$user = new Contact();
$user_data = array_var($_POST, 'user');
// Populate form fields
if (!is_array($user_data)) {
//if it is a new user
$contact_id = get_id('contact_id');
$contact = Contacts::findById($contact_id);
if ($contact instanceof Contact) {
if (!is_valid_email($contact->getEmailAddress())){
ajx_current("empty");
flash_error(lang("contact email is required to create user"));
return false;
}
//if it will be created from a contact
$user_data = array(
'username' => $this->generateUserNameFromContact($contact),
'display_name' => $contact->getFirstname() . $contact->getSurname(),
'email' => $contact->getEmailAddress('personal'),
'contact_id' => $contact->getId(),
'password_generator' => 'random',
'type' => 'Executive',
'can_manage_time' => true,
); // array
tpl_assign('ask_email', false);
} else {
// if it is new, and created from admin interface
$user_data = array(
'password_generator' => 'random',
'company_id' => $company->getId(),
'timezone' => $company->getTimezone(),
'create_contact' => true,
'send_email_notification' => false,
'type' => 'Executive',
'can_manage_time' => true,
);
tpl_assign('ask_email', true);
}
// System permissions
tpl_assign('system_permissions', new SystemPermission());
// Module permissions
$module_permissions_info = array();
$all_modules = TabPanels::findAll(array("conditions" => "`enabled` = 1", "order" => "ordering"));
$all_modules_info = array();
foreach ($all_modules as $module) {
$all_modules_info[] = array('id' => $module->getId(), 'name' => lang($module->getTitle()), 'ot' => $module->getObjectTypeId());
}
tpl_assign('module_permissions_info', $module_permissions_info);
tpl_assign('all_modules_info', $all_modules_info);
// Member permissions
$parameters = permission_form_parameters(0);
tpl_assign('permission_parameters', $parameters);
// Permission Groups
$groups = PermissionGroups::getNonPersonalSameLevelPermissionsGroups('`parent_id`,`id` ASC');
tpl_assign('groups', $groups);
$roles= SystemPermissions::getAllRolesPermissions();
tpl_assign('roles', $roles);
$tabs= TabPanelPermissions::getAllRolesModules();
tpl_assign('tabs_allowed', $tabs);
} // if
tpl_assign('user', $user);
tpl_assign('company', $company);
tpl_assign('user_data', $user_data);
//Submit User
if (is_array(array_var($_POST, 'user'))) {
if (!array_var($user_data, 'createPersonalProject')) {
$user_data['personal_project'] = 0;
}
try {
Contacts::validateUser($user_data);
DB::beginWork();
$user = $this->createUser($user_data, array_var($_POST,'permissions'));
DB::commit();
flash_success(lang('success add user', $user->getObjectName()));
ajx_current("back");
} catch(Exception $e) {
DB::rollback();
ajx_current("empty");
flash_error($e->getMessage());
} // try
} // if
} // add_user
/**
* Return manager instance
*
* @access protected
* @param void
* @return TabPanelPermissions
*/
function manager() {
if(!($this->manager instanceof TabPanelPermissions)) $this->manager = TabPanelPermissions::instance();
return $this->manager;
} // manager
