} $more_content_templates = array(); Hook::fire("more_content_templates", $object, $more_content_templates); foreach ($more_content_templates as $ct) { tpl_assign('genid', $genid); tpl_assign('object', $object); $this->includeTemplate(get_template_path($ct[0], $ct[1], array_var($ct, 2))); } if ($object instanceof ContentDataObject) { echo render_co_view_member_path($object); } if ($object instanceof ApplicationDataObject) { echo render_custom_properties($object); } $logged_user_pgs = logged_user()->getPermissionGroupIds(); if ($object instanceof ContentDataObject && $object->allowsTimeslots() && can_access_pgids($logged_user_pgs, $object->getMembers(), Timeslots::instance()->getObjectTypeId(), ACCESS_LEVEL_READ)) { echo render_object_timeslots($object, $object->getViewUrl()); } $isUser = $object instanceof Contact && $object->isUser(); if ($object instanceof ContentDataObject && $object->canView(logged_user()) || $isUser && (logged_user()->getId() == get_id() || logged_user()->isAdministrator())) { //echo render_object_latest_activity($object); //TODO SE rompe } if (!$isUser && $object instanceof ContentDataObject && $object->isCommentable()) { echo render_object_comments($object, $object->getViewUrl()); } ?> </td> </tr> <tr> <td class="coViewBottomLeft"></td> <td class="coViewBottom" colspan=2></td>
/** * Returns the users with permissions for the object type $object_type for the context $context * * @param $object_type_id Object Type * @param $context Context * @param $access_level (ACCESS_LEVEL_READ, ACCESS_LEVEL_WRITE, ACCESS_LEVEL_DELETE) * @param $extra_conditions Extra conditions to add to the users query * @param $to_assign true if this function is called to fill the "assigned to" combobox when editing a task */ function allowed_users_in_context($object_type_id, $context = null, $access_level = ACCESS_LEVEL_READ, $extra_conditions = "") { $result = array(); $members = array(); if (isset($context) && is_array($context)) { foreach ($context as $selection) { if ($selection instanceof Member) { $members[] = $selection; } } } if (count($members) == 0) { $logged_user_pgs = logged_user()->getPermissionGroupIds(); if (count($logged_user_pgs) > 0) { $dimensions = Dimensions::getAllowedDimensions($object_type_id); foreach ($dimensions as $d) { $dim = Dimensions::getDimensionById(array_var($d, 'dimension_id')); if ($dim instanceof Dimension && $dim->getDefinesPermissions() && $dim->getCode() != 'feng_persons' && $dim->getCode() != 'feng_users') { if ($dim->hasAllowAllForContact(implode(",", $logged_user_pgs))) { $permission_conditions = ""; } else { $permission_conditions = " AND EXISTS (SELECT cmp.permission_group_id FROM " . TABLE_PREFIX . "contact_member_permissions cmp \n\t\t\t\t\t\t\t\tWHERE cmp.permission_group_id IN (" . implode(",", $logged_user_pgs) . ") AND cmp.member_id=" . TABLE_PREFIX . "members.id AND cmp.object_type_id={$object_type_id})"; } $members = array_merge($members, $dim->getAllMembers(false, null, true, $permission_conditions)); } } } } $all_permission_groups = array(); $rows = DB::executeAll("SELECT DISTINCT permission_group_id FROM " . TABLE_PREFIX . "contact_permission_groups"); foreach ($rows as $row) { $all_permission_groups[] = $row['permission_group_id']; } $allowed_permission_groups = can_access_pgids($all_permission_groups, $members, $object_type_id, $access_level); if (count($allowed_permission_groups) > 0) { $result = Contacts::instance()->findAll(array('conditions' => "id IN (SELECT DISTINCT contact_id FROM " . TABLE_PREFIX . "contact_permission_groups\n\t\t\t\t\t\t\t\tWHERE permission_group_id IN (" . implode(",", $allowed_permission_groups) . ") {$extra_conditions})", 'order' => 'name')); } return $result; }
function canAddTimeslot($user) { return $this->canChangeStatus($user) || can_manage_time($user) || can_access_pgids($user->getPermissionGroupIds(), $this->getMembers(), Timeslots::instance()->getObjectTypeId(), ACCESS_LEVEL_WRITE); }
/** * Returns the users with permissions for the object type $object_type for the context $context * * @param $object_type_id Object Type * @param $context Context * @param $access_level (ACCESS_LEVEL_READ, ACCESS_LEVEL_WRITE, ACCESS_LEVEL_DELETE) * @param $extra_conditions Extra conditions to add to the users query * @param $to_assign true if this function is called to fill the "assigned to" combobox when editing a task */ function allowed_users_in_context($object_type_id, $context = null, $access_level = ACCESS_LEVEL_READ, $extra_conditions = "", $for_tasks_filter = false) { $result = array(); $members = array(); if (isset($context) && is_array($context)) { foreach ($context as $selection) { if ($selection instanceof Member && $selection->getDimension()->getDefinesPermissions() && $selection->getDimension()->getIsManageable()) { $members[] = $selection; } } } $zero_members = false; if (count($members) == 0) { $zero_members = true; $logged_user_pgs = logged_user()->getPermissionGroupIds(); if (count($logged_user_pgs) > 0) { $dimensions = Dimensions::getAllowedDimensions($object_type_id); foreach ($dimensions as $d) { $dim = Dimensions::getDimensionById(array_var($d, 'dimension_id')); if ($dim instanceof Dimension && $dim->getDefinesPermissions() && $dim->getCode() != 'feng_persons' && $dim->getCode() != 'feng_users') { if ($dim->hasAllowAllForContact(implode(",", $logged_user_pgs))) { $permission_conditions = ""; } else { $permission_conditions = " AND EXISTS (SELECT cmp.permission_group_id FROM " . TABLE_PREFIX . "contact_member_permissions cmp \r\n\t\t\t\t\t\t\t\tWHERE cmp.permission_group_id IN (" . implode(",", $logged_user_pgs) . ") AND cmp.member_id=" . TABLE_PREFIX . "members.id AND cmp.object_type_id={$object_type_id})"; } $members = array_merge($members, $dim->getAllMembers(false, null, true, $permission_conditions)); } } } } $all_permission_groups = array(); $rows = DB::executeAll("SELECT DISTINCT permission_group_id FROM " . TABLE_PREFIX . "contact_permission_groups"); foreach ($rows as $row) { $all_permission_groups[] = $row['permission_group_id']; } if ($zero_members && $for_tasks_filter) { $allowed_permission_groups = get_user_pgs_with_permissions_in_my_members($object_type_id); } else { if ($zero_members && config_option('let_users_create_objects_in_root') && (logged_user()->isAdminGroup() || logged_user()->isExecutive() || logged_user()->isManager())) { $allowed_permission_groups = array_flat(DB::executeAll("SELECT permission_group_id FROM " . TABLE_PREFIX . "contact_member_permissions WHERE member_id=0 AND object_type_id={$object_type_id}")); } else { $allowed_permission_groups = can_access_pgids($all_permission_groups, $members, $object_type_id, $access_level); } } foreach ($allowed_permission_groups as $k => &$apg) { if (trim($apg) == '') { unset($allowed_permission_groups[$k]); } } if (count($allowed_permission_groups) > 0) { $isSuperAdmin = " OR user_type IN (SELECT id FROM " . TABLE_PREFIX . "permission_groups WHERE type='roles' AND name = 'Super Administrator')"; $result = Contacts::instance()->findAll(array('conditions' => "disabled=0 AND (\r\n\t\t\t\t\t\t\t\t\t\t\tid IN (SELECT DISTINCT contact_id FROM " . TABLE_PREFIX . "contact_permission_groups\r\n\t\t\t\t\t\t\t\t\t\t\tWHERE permission_group_id IN (" . implode(",", $allowed_permission_groups) . ") \r\n\t\t\t\t\t\t\t\t\t\t\t{$isSuperAdmin}\r\n\t\t\t\t\t\t\t\t\t\t\t)\r\n\t\t\t\t\t\t\t\t{$extra_conditions})", 'order' => 'name')); } return $result; }