public function testgetUserActions()
{
$result1 = ACLAction::getUserActions('1');
$result2 = ACLAction::getUserActions('1', false, 'Accounts');
$result3 = ACLAction::getUserActions('1', false, 'Accounts', 'list');
//verify that all three results retunred are different
$this->assertNotSame($result1, $result2);
$this->assertNotSame($result1, $result3);
$this->assertNotSame($result2, $result3);
}
function get_workflow_admin_modules_for_user($user)
{
if (isset($_SESSION['get_workflow_admin_modules_for_user'])) {
return $_SESSION['get_workflow_admin_modules_for_user'];
}
global $moduleList;
$workflow_mod_list = array();
foreach ($moduleList as $module) {
$workflow_mod_list[$module] = $module;
}
// This list is taken from teh previous version of workflow_utils.php
$workflow_mod_list['Tasks'] = "Tasks";
$workflow_mod_list['Calls'] = "Calls";
$workflow_mod_list['Meetings'] = "Meetings";
$workflow_mod_list['Notes'] = "Notes";
$workflow_mod_list['ProjectTask'] = "Project Tasks";
$workflow_mod_list['Leads'] = "Leads";
$workflow_mod_list['Opportunities'] = "Opportunities";
// End of list
$workflow_admin_modules = array();
if (empty($user)) {
return $workflow_admin_modules;
}
$actions = ACLAction::getUserActions($user->id);
//check for ForecastSchedule because it doesn't exist in $workflow_mod_list
if (isset($actions['ForecastSchedule']['module']['admin']['aclaccess']) && ($actions['ForecastSchedule']['module']['admin']['aclaccess'] == ACL_ALLOW_DEV || $actions['ForecastSchedule']['module']['admin']['aclaccess'] == ACL_ALLOW_ADMIN_DEV)) {
$workflow_admin_modules['Forecasts'] = 'Forecasts';
}
foreach ($workflow_mod_list as $key => $val) {
if (!in_array($val, $workflow_admin_modules) && ($val != 'iFrames' && $val != 'Feeds' && $val != 'Home' && $val != 'Dashboard' && $val != 'Calendar' && $val != 'Activities' && $val != 'Reports') && $user->isDeveloperForModule($key)) {
$workflow_admin_modules[$key] = $val;
}
}
$_SESSION['get_workflow_admin_modules_for_user'] = $workflow_admin_modules;
return $workflow_admin_modules;
}
function get_user_module_list($user)
{
$GLOBALS['log']->info('Begin: SoapHelperWebServices->get_user_module_list');
global $app_list_strings, $current_language;
$app_list_strings = return_app_list_strings_language($current_language);
$modules = query_module_access_list($user);
ACLController::filterModuleList($modules, false);
global $modInvisList, $modInvisListActivities;
foreach ($modInvisList as $invis) {
$modules[$invis] = 'read_only';
}
if (isset($modules['Calendar']) || $modules['Activities']) {
foreach ($modInvisListActivities as $invis) {
$modules[$invis] = $invis;
}
}
$actions = ACLAction::getUserActions($user->id, true);
foreach ($actions as $key => $value) {
if (isset($value['module']) && $value['module']['access']['aclaccess'] < ACL_ALLOW_ENABLED) {
if ($value['module']['access']['aclaccess'] == ACL_ALLOW_DISABLED) {
unset($modules[$key]);
} else {
$modules[$key] = 'read_only';
}
// else
} else {
$modules[$key] = '';
}
// else
}
// foreach
$GLOBALS['log']->info('End: SoapHelperWebServices->get_user_module_list');
return $modules;
}
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "Powered by
* SugarCRM" logo and "Supercharged by SuiteCRM" logo. If the display of the logos is not
* reasonably feasible for technical reasons, the Appropriate Legal Notices must
* display the words "Powered by SugarCRM" and "Supercharged by SuiteCRM".
********************************************************************************/
global $app_list_strings, $app_strings, $current_user;
$mod_strings = return_module_language($GLOBALS['current_language'], 'Users');
$focus = new User();
$focus->retrieve($_REQUEST['record']);
if (!is_admin($focus)) {
$sugar_smarty = new Sugar_Smarty();
$sugar_smarty->assign('MOD', $mod_strings);
$sugar_smarty->assign('APP', $app_strings);
$sugar_smarty->assign('APP_LIST', $app_list_strings);
$categories = ACLAction::getUserActions($_REQUEST['record'], true);
//clear out any removed tabs from user display
if (!$GLOBALS['current_user']->isAdminForModule('Users')) {
$tabs = $focus->getPreference('display_tabs');
global $modInvisList;
if (!empty($tabs)) {
foreach ($categories as $key => $value) {
if (!in_array($key, $tabs) && !in_array($key, $modInvisList)) {
unset($categories[$key]);
}
}
}
}
$names = array();
$names = ACLAction::setupCategoriesMatrix($categories);
if (!empty($names)) {
function get_user_module_list($user)
{
global $app_list_strings, $current_language, $beanList, $beanFiles;
$app_list_strings = return_app_list_strings_language($current_language);
$modules = query_module_access_list($user);
ACLController::filterModuleList($modules, false);
global $modInvisList;
foreach ($modInvisList as $invis) {
$modules[$invis] = 'read_only';
}
$actions = ACLAction::getUserActions($user->id, true);
foreach ($actions as $key => $value) {
if (isset($value['module']) && $value['module']['access']['aclaccess'] < ACL_ALLOW_ENABLED) {
if ($value['module']['access']['aclaccess'] == ACL_ALLOW_DISABLED) {
unset($modules[$key]);
} else {
$modules[$key] = 'read_only';
}
// else
} else {
$modules[$key] = '';
}
// else
}
// foreach
//Remove all modules that don't have a beanFiles entry associated with it
foreach ($modules as $module_name => $module) {
if (isset($beanList[$module_name])) {
$class_name = $beanList[$module_name];
if (empty($beanFiles[$class_name])) {
unset($modules[$module_name]);
}
} else {
unset($modules[$module_name]);
}
}
return $modules;
}
function disabledModuleList($moduleList, $by_value = true, $view = 'list')
{
global $aclModuleList, $current_user;
if (is_admin($GLOBALS['current_user'])) {
return array();
}
$actions = ACLAction::getUserActions($current_user->id, false);
$disabled = array();
$compList = array();
if ($by_value) {
foreach ($moduleList as $key => $value) {
$compList[$value] = $key;
}
} else {
$compList =& $moduleList;
}
if (isset($moduleList['ProductTemplates'])) {
$moduleList['Products'] = 'Products';
}
foreach ($actions as $action_name => $action) {
if (!empty($action['module'])) {
$aclModuleList[$action_name] = $action_name;
if (isset($compList[$action_name])) {
if ($action['module']['access']['aclaccess'] < ACL_ALLOW_ENABLED || $action['module'][$view]['aclaccess'] < 0) {
if ($by_value) {
$disabled[$compList[$action_name]] = $compList[$action_name];
} else {
$disabled[$action_name] = $action_name;
}
}
}
}
}
if (isset($compList['Calendar']) && !(ACL_ALLOW_ENABLED == $actions['Calls']['module']['access']['aclaccess'] || ACL_ALLOW_ENABLED == $actions['Meetings']['module']['access']['aclaccess'] || ACL_ALLOW_ENABLED == $actions['Tasks']['module']['access']['aclaccess'])) {
if ($by_value) {
$disabled[$compList['Calendar']] = $compList['Calendar'];
} else {
$disabled['Calendar'] = 'Calendar';
}
if (isset($compList['Activities']) && !(ACL_ALLOW_ENABLED == $actions['Notes']['module']['access']['aclaccess'] || ACL_ALLOW_ENABLED == $actions['Notes']['module']['access']['aclaccess'])) {
if ($by_value) {
$disabled[$compList['Activities']] = $compList['Activities'];
} else {
$disabled['Activities'] = 'Activities';
}
}
}
if (isset($disabled['Products'])) {
$disabled['ProductTemplates'] = 'ProductTemplates';
}
return $disabled;
}
function action_DeployPackage()
{
global $current_user;
if (defined('TEMPLATE_URL')) {
sugar_cache_reset();
SugarTemplateUtilities::disableCache();
}
//increment etag for menu so the new module shows up when the AJAX UI reloads
$current_user->incrementETag("mainMenuETag");
$mb = new ModuleBuilder();
$load = $_REQUEST['package'];
$message = $GLOBALS['mod_strings']['LBL_MODULE_DEPLOYED'];
if (!empty($load)) {
$zip = $mb->getPackage($load);
require_once 'ModuleInstall/PackageManager/PackageManager.php';
$pm = new PackageManager();
$info = $mb->packages[$load]->build(false);
$uploadDir = $pm->upload_dir . '/upgrades/module/';
mkdir_recursive($uploadDir);
rename($info['zip'], $uploadDir . $info['name'] . '.zip');
copy($info['manifest'], $uploadDir . $info['name'] . '-manifest.php');
$_REQUEST['install_file'] = $uploadDir . $info['name'] . '.zip';
$GLOBALS['mi_remove_tables'] = false;
$pm->performUninstall($load);
//#23177 , js cache clear
clearAllJsAndJsLangFilesWithoutOutput();
//#30747, clear the cache in memory
$cache_key = 'app_list_strings.' . $GLOBALS['current_language'];
sugar_cache_clear($cache_key);
sugar_cache_reset();
//clear end
$pm->performInstall($_REQUEST['install_file'], true);
//clear the unified_search_module.php file
require_once 'modules/Home/UnifiedSearchAdvanced.php';
UnifiedSearchAdvanced::unlinkUnifiedSearchModulesFile();
//bug 44269 - start
//clear workflow admin modules cache
if (isset($_SESSION['get_workflow_admin_modules_for_user'])) {
unset($_SESSION['get_workflow_admin_modules_for_user']);
}
//clear "is_admin_for_module" cache
$sessionVar = 'MLA_' . $current_user->user_name;
foreach ($mb->packages as $package) {
foreach ($package->modules as $module) {
$_SESSION[$sessionVar][$package->name . '_' . $module->name] = true;
}
}
//recreate acl cache
$actions = ACLAction::getUserActions($current_user->id, true);
//bug 44269 - end
}
echo 'complete';
}
private static function getTableModuleArray()
{
global $current_user;
$acl_modules = ACLAction::getUserActions($current_user->id);
//Get an array of table names for admin accesible modules
$modulesTables = array();
foreach ($acl_modules as $key => $mod) {
$tableName = BeanFactory::newBean(BeanFactory::getObjectName($key))->table_name;
$tableName = $tableName == '' ? strtolower($key) : $tableName;
$modulesTables[$tableName] = $key;
}
return $modulesTables;
}
function get_workflow_admin_modules_for_user($user)
{
/* Workflow modules blacklist */
$workflowNotSupportedModules = array('iFrames', 'Feeds', 'Home', 'Dashboard', 'Calendar', 'Activities', 'Reports', 'pmse_Business_Rules', 'pmse_Project', 'pmse_Emails_Templates', 'pmse_Inbox');
if (isset($_SESSION['get_workflow_admin_modules_for_user'])) {
return $_SESSION['get_workflow_admin_modules_for_user'];
}
global $moduleList;
$workflow_mod_list = array();
foreach ($moduleList as $module) {
$workflow_mod_list[$module] = $module;
}
// This list is taken from teh previous version of workflow_utils.php
$workflow_mod_list['Tasks'] = "Tasks";
$workflow_mod_list['Calls'] = "Calls";
$workflow_mod_list['Meetings'] = "Meetings";
$workflow_mod_list['Notes'] = "Notes";
$workflow_mod_list['ProjectTask'] = "Project Tasks";
$workflow_mod_list['Leads'] = "Leads";
$workflow_mod_list['Opportunities'] = "Opportunities";
// End of list
$workflow_admin_modules = array();
if (empty($user)) {
return $workflow_admin_modules;
}
$actions = ACLAction::getUserActions($user->id);
foreach ($workflow_mod_list as $key => $val) {
if (!in_array($val, $workflow_admin_modules) && !in_array($val, $workflowNotSupportedModules) && $user->isDeveloperForModule($key)) {
$workflow_admin_modules[$key] = $val;
}
}
$_SESSION['get_workflow_admin_modules_for_user'] = $workflow_admin_modules;
return $workflow_admin_modules;
}
/**
* Get user access for the list of actions
* @param string $module
* @param array $access_list List of actions
* @returns array - List of access levels. Access levels not returned are assumed to be "all allowed".
*/
public function getUserAccess($module, $access_list, $context)
{
$user = $this->getCurrentUser($context);
if (empty($user) || empty($user->id) || is_admin($user)) {
// no user or admin - do nothing
return $access_list;
}
$is_owner = !(isset($context['owner_override']) && $context['owner_override'] == false);
if (isset(self::$non_module_acls[$module])) {
$level = self::$non_module_acls[$module];
} else {
$level = 'module';
}
$actions = ACLAction::getUserActions($user->id, false, $module, $level);
if (empty($actions)) {
return $access_list;
}
// default implementation, specific ACLs can override
$access = $access_list;
// check 'access' first - if it's false all others will be false
if (isset($access_list['access'])) {
if (!ACLAction::userHasAccess($user->id, $module, 'access', $level, true)) {
foreach ($access_list as $action => $value) {
$access[$action] = false;
}
return $access;
}
// no need to check it second time
unset($access_list['access']);
}
foreach ($access_list as $action => $value) {
// may have the bean, so we need to use checkAccess
if (!$this->checkAccess($module, $action, $context) || isset($actions[$action]['aclaccess']) && !ACLAction::hasAccess($is_owner, $actions[$action]['aclaccess'])) {
$access[$action] = false;
}
}
return $access;
}
public static function getCurrentUserAllowedModules($noRestrictions = false)
{
global $current_user, $sugar_config, $app_list_strings;
//Obtener los m�dulo a los que tiene acceso el usuario activo
$modules = array();
$selectedModuleIndex = 0;
$acl_modules = ACLAction::getUserActions($current_user->id);
$allowedModule = array();
foreach ($acl_modules as $key => $mod) {
if ($mod['module']['access']['aclaccess'] >= 0) {
if (!$noRestrictions && (isset($sugar_config['asolModulesPermissions']['asolAllowedTables']) || isset($sugar_config['asolModulesPermissions']['asolForbiddenTables']))) {
//Restrictive
if (isset($sugar_config['asolModulesPermissions']['asolForbiddenTables']['domains'][$current_user->asol_default_domain]) && in_array($key, $sugar_config['asolModulesPermissions']['asolForbiddenTables']['domains'][$current_user->asol_default_domain])) {
$allowedModule[$key] = false;
} else {
if (isset($sugar_config['asolModulesPermissions']['asolForbiddenTables']['instance']) && in_array($key, $sugar_config['asolModulesPermissions']['asolForbiddenTables']['instance'])) {
$allowedModule[$key] = false;
}
}
if (isset($sugar_config['asolModulesPermissions']['asolAllowedTables']['domains'][$current_user->asol_default_domain]) && in_array($key, $sugar_config['asolModulesPermissions']['asolAllowedTables']['domains'][$current_user->asol_default_domain])) {
if (!isset($allowedModule[$key])) {
$allowedModule[$key] = true;
}
} else {
if (isset($sugar_config['asolModulesPermissions']['asolAllowedTables']['instance']) && in_array($key, $sugar_config['asolModulesPermissions']['asolAllowedTables']['instance'])) {
if (!isset($allowedModule[$key])) {
$allowedModule[$key] = true;
}
}
}
} else {
$allowedModule[$key] = true;
}
}
}
foreach ($allowedModule as $key => $isAllowed) {
if ($isAllowed) {
$modules[$key] = isset($app_list_strings['moduleList'][$key]) ? $app_list_strings['moduleList'][$key] : $key;
}
}
asort($modules);
return $modules;
}
function getUserRole($moudle = '', $user_id)
{
global $app_list_strings, $db, $current_user;
$alcAction = new ACLAction();
$is_owner = true;
$bool = ACLController::checkAccess($moudle, 'view', $is_owner);
$action = $alcAction->getUserActions($user_id, false, $moudle, 'module', 'view');
if ($current_user->is_admin == '1') {
$view = $action[$moudle]['module']['view']['aclaccess'];
} else {
$view = $action['aclaccess'];
}
$view2 = $action['aclaccess'];
$arr_role = array('access1' => $bool, 'access2' => $view, 'access3' => $view2);
return $arr_role;
}
$aclrole->setAction($aclrole->id, $action_results['Contacts']['delete']['id'], ACL_ALLOW_ALL);
$action_results = ACLAction::getUserActions('will_id', true);
echo 'Actions Peon role for will<br>';
foreach ($action_results as $category_name => $category) {
foreach ($category as $action_name => $action) {
_pp($category_name . ':' . $action_name . ':' . acl_translate($action['access']));
}
}
echo 'Will is a bad peon user<br>';
echo 'Create a role for Bad Peon Users<br>';
$aclrole = new ACLRole();
$aclrole->name = 'Bad Peon User';
$aclrole->description = 'The Bad Peon Role For All Bad Peons';
$aclrole->user_id = 'will_id';
$aclrole->save();
echo 'No Bad Peon user should have access to contacts <br>';
foreach ($action_results['Contacts'] as $action) {
$aclrole->setAction($aclrole->id, $action['id'], ACL_ALLOW_NONE);
}
$action_results = ACLAction::getUserActions('will_id', true);
echo 'Actions Peon role for will<br>';
foreach ($action_results as $category_name => $category) {
foreach ($category as $action_name => $action) {
_pp($category_name . ':' . $action_name . ':' . acl_translate($action['access']));
}
}
echo 'PRINTING THE ACTIONS for a role <br>';
$role_actions = ACLRole::getRoleActions($aclrole->id);
_pp($role_actions);
echo 'PRINTING THE SESSION CACHE FOR ACL <br>';
_PP($_SESSION['ACL']);
/**
* Helper function that enumerates the list of modules and checks if they are an admin/dev.
* The code was just too similar to copy and paste.
*
* @return array
*/
protected function _getModulesForACL($type = 'dev')
{
$isDev = $type == 'dev';
$isAdmin = $type == 'admin';
global $beanList;
$myModules = array();
if (!is_array($beanList)) {
return $myModules;
}
// These modules don't take kindly to the studio trying to play about with them.
static $ignoredModuleList = array('iFrames', 'Feeds', 'Home', 'Dashboard', 'Calendar', 'Activities', 'Reports');
$actions = ACLAction::getUserActions($this->id);
foreach ($beanList as $module => $val) {
// Remap the module name
$module = $this->_fixupModuleForACL($module);
if (in_array($module, $myModules)) {
// Already have the module in the list
continue;
}
if (in_array($module, $ignoredModuleList)) {
// You can't develop on these modules.
continue;
}
$key = 'module';
if ($this->isAdmin() && isset($actions[$module][$key])) {
$myModules[] = $module;
}
}
return $myModules;
}
/**
* Helper function that enumerates the list of modules and checks if they are an admin/dev.
* The code was just too similar to copy and paste.
*
* @return array
*/
protected function _getModulesForACL($type = 'dev')
{
$isDev = $type == 'dev';
$isAdmin = $type == 'admin';
global $beanList;
$myModules = array();
if (!is_array($beanList)) {
return $myModules;
}
// These modules don't take kindly to the studio trying to play about with them.
static $ignoredModuleList = array('iFrames', 'Feeds', 'Home', 'Dashboard', 'Calendar', 'Activities', 'Reports', 'UpgradeHistory');
$actions = ACLAction::getUserActions($this->id);
foreach ($beanList as $module => $val) {
// Remap the module name
$module = $this->_fixupModuleForACL($module);
if (in_array($module, $myModules)) {
// Already have the module in the list
continue;
}
if (in_array($module, $ignoredModuleList)) {
// You can't develop on these modules.
continue;
}
$key = 'module';
// The tracker modules have special case ACL mappings
// in $GLOBALS['ACLActions'] that we need to account for.
// TODO: In the future these should be migrated to a custom ACL strategy for those modules.
if (in_array($module, array('Tracker', 'TrackerPerfs', 'TrackerQueries', 'TrackerSessions'))) {
$focus = BeanFactory::getBean($module);
if ($focus instanceof SugarBean) {
$key = $focus->acltype;
}
}
if ($this->isAdmin() && isset($actions[$module][$key]) || isset($actions[$module][$key]['admin']['aclaccess']) && ($isDev && $actions[$module][$key]['admin']['aclaccess'] == ACL_ALLOW_DEV || $isAdmin && $actions[$module][$key]['admin']['aclaccess'] == ACL_ALLOW_ADMIN || $actions[$module][$key]['admin']['aclaccess'] == ACL_ALLOW_ADMIN_DEV)) {
$myModules[] = $module;
}
}
return $myModules;
}
/**
* STATIC function userNeedsOwnership($user_id, $category, $action,$type='module')
* checks if a user should have ownership to do an action
*
* @param GUID $user_id
* @param STRING $category
* @param STRING $action
* @param STRING $type
* @return boolean
*/
public static function userNeedsOwnership($user_id, $category, $action, $type = 'module')
{
//check if we don't have it set in the cache if not lets reload the cache
if (empty($_SESSION['ACL'][$user_id][$category][$type][$action])) {
ACLAction::getUserActions($user_id, false);
}
if (!empty($_SESSION['ACL'][$user_id][$category][$type][$action])) {
return $_SESSION['ACL'][$user_id][$category][$type][$action]['aclaccess'] == ACL_ALLOW_OWNER;
}
return false;
}
public static function getCurrentUserAvailableModules($alternativeDb)
{
global $sugar_config, $current_user;
$dbKey = $alternativeDb === false ? 'crm' : 'ext' . $alternativeDb;
if (!isset($_SESSION['currentUserAvailableModules'][$dbKey])) {
$acl_modules = ACLAction::getUserActions($current_user->id);
$currentUserAvailableModules = array();
foreach ($acl_modules as $key => $mod) {
if ($mod['module']['access']['aclaccess'] >= 0) {
if (isset($sugar_config['asolModulesPermissions']['asolAllowedTables']) || isset($sugar_config['asolModulesPermissions']['asolForbiddenTables'])) {
//Restrictive
if (isset($sugar_config['asolModulesPermissions']['asolForbiddenTables']['domains'][$current_user->asol_default_domain]) && in_array($key, $sugar_config['asolModulesPermissions']['asolForbiddenTables']['domains'][$current_user->asol_default_domain])) {
$currentUserAvailableModules[$key] = false;
} else {
if (isset($sugar_config['asolModulesPermissions']['asolForbiddenTables']['instance']) && in_array($key, $sugar_config['asolModulesPermissions']['asolForbiddenTables']['instance'])) {
$currentUserAvailableModules[$key] = false;
}
}
if (isset($sugar_config['asolModulesPermissions']['asolAllowedTables']['domains'][$current_user->asol_default_domain]) && in_array($key, $sugar_config['asolModulesPermissions']['asolAllowedTables']['domains'][$current_user->asol_default_domain])) {
if (!isset($currentUserAvailableModules[$key])) {
$currentUserAvailableModules[$key] = true;
}
} else {
if (isset($sugar_config['asolModulesPermissions']['asolAllowedTables']['instance']) && in_array($key, $sugar_config['asolModulesPermissions']['asolAllowedTables']['instance'])) {
if (!isset($currentUserAvailableModules[$key])) {
$currentUserAvailableModules[$key] = true;
}
}
}
} else {
$currentUserAvailableModules[$key] = true;
}
}
}
$_SESSION['currentUserAvailableModules'][$dbKey] = $currentUserAvailableModules;
} else {
$currentUserAvailableModules = $_SESSION['currentUserAvailableModules'][$dbKey];
}
return $currentUserAvailableModules;
}
