/**
* static getUserActions($user_id,$refresh=false, $category='', $action='')
* returns a list of user actions
* @param GUID $user_id
* @param BOOLEAN $refresh
* @param STRING $category
* @param STRING $action
* @return ARRAY of ACLActionsArray
*/
static function getUserActions($user_id, $refresh = false, $category = '', $type = '', $action = '')
{
//check in the session if we already have it loaded
if (!$refresh && !empty($_SESSION['ACL'][$user_id])) {
if (empty($category) && empty($action)) {
return $_SESSION['ACL'][$user_id];
} else {
if (!empty($category) && isset($_SESSION['ACL'][$user_id][$category])) {
if (empty($action)) {
if (empty($type)) {
return $_SESSION['ACL'][$user_id][$category];
}
return $_SESSION['ACL'][$user_id][$category][$type];
} else {
if (!empty($type) && isset($_SESSION['ACL'][$user_id][$category][$type][$action])) {
return $_SESSION['ACL'][$user_id][$category][$type][$action];
}
}
}
}
}
//if we don't have it loaded then lets check against the db
$additional_where = '';
$db = DBManagerFactory::getInstance();
if (!empty($category)) {
$additional_where .= " AND acl_actions.category = '{$category}' ";
}
if (!empty($action)) {
$additional_where .= " AND acl_actions.name = '{$action}' ";
}
if (!empty($type)) {
$additional_where .= " AND acl_actions.acltype = '{$type}' ";
}
/* BEGIN - SECURITY GROUPS */
/**
$query = "SELECT acl_actions .*, acl_roles_actions.access_override
FROM acl_actions
LEFT JOIN acl_roles_users ON acl_roles_users.user_id = '$user_id' AND acl_roles_users.deleted = 0
LEFT JOIN acl_roles_actions ON acl_roles_actions.role_id = acl_roles_users.role_id AND acl_roles_actions.action_id = acl_actions.id AND acl_roles_actions.deleted=0
WHERE acl_actions.deleted=0 $additional_where ORDER BY category,name";
*/
$query = "(SELECT acl_actions .*, acl_roles_actions.access_override, 1 as user_role\n\t\t\t\tFROM acl_actions\n\t\t\t\tINNER JOIN acl_roles_users ON acl_roles_users.user_id = '{$user_id}' AND acl_roles_users.deleted = 0\n\t\t\t\tLEFT JOIN acl_roles_actions ON acl_roles_actions.role_id = acl_roles_users.role_id AND acl_roles_actions.action_id = acl_actions.id AND acl_roles_actions.deleted=0\n\t\t\t\tWHERE acl_actions.deleted=0 {$additional_where} )\n\n\t\t\t\tUNION\n\n\t\t\t\t(SELECT acl_actions .*, acl_roles_actions.access_override, 0 as user_role\n\t\t\t\tFROM acl_actions\n\t\t\t\tINNER JOIN securitygroups_users ON securitygroups_users.user_id = '{$user_id}' AND securitygroups_users.deleted = 0\n\t\t\t\tINNER JOIN securitygroups_acl_roles ON securitygroups_users.securitygroup_id = securitygroups_acl_roles.securitygroup_id and securitygroups_acl_roles.deleted = 0\n\t\t\t\tLEFT JOIN acl_roles_actions ON acl_roles_actions.role_id = securitygroups_acl_roles.role_id AND acl_roles_actions.action_id = acl_actions.id AND acl_roles_actions.deleted=0\n\t\t\t\tWHERE acl_actions.deleted=0 {$additional_where} )\n\n\t\t\t\tUNION\n\n\t\t\t\t(SELECT acl_actions.*, 0 as access_override, -1 as user_role\n\t\t\t\tFROM acl_actions\n\t\t\t\tWHERE acl_actions.deleted = 0 )\n\n\t\t\t\tORDER BY user_role desc, category,name,access_override desc";
//want non-null to show first
/* END - SECURITY GROUPS */
$result = $db->query($query);
$selected_actions = array();
/* BEGIN - SECURITY GROUPS */
global $sugar_config;
$has_user_role = false;
//used for user_role_precedence
$has_role = false;
//used to determine if default actions can be ignored. If a user has a defined role don't use the defaults
/* END - SECURITY GROUPS */
while ($row = $db->fetchByAssoc($result, FALSE)) {
/* BEGIN - SECURITY GROUPS */
if ($has_user_role == false && $row['user_role'] == 1) {
$has_user_role = true;
}
if ($has_role == false && ($row['user_role'] == 1 || $row['user_role'] == 0)) {
$has_role = true;
}
//if user roles should take precedence over group roles and we have a user role
//break when we get to processing the group roles
if ($has_user_role == true && $row['user_role'] == 0 && isset($sugar_config['securitysuite_user_role_precedence']) && $sugar_config['securitysuite_user_role_precedence'] == true) {
break;
}
if ($row['user_role'] == -1 && $has_role == true) {
break;
//no need for default actions when a role is assigned to the user or user's group already
}
/* END - SECURITY GROUPS */
$acl = new ACLAction();
$isOverride = false;
$acl->populateFromRow($row);
if (!empty($row['access_override'])) {
$acl->aclaccess = $row['access_override'];
$isOverride = true;
}
if (!isset($selected_actions[$acl->category])) {
$selected_actions[$acl->category] = array();
}
if (!isset($selected_actions[$acl->category][$acl->acltype][$acl->name]) || (isset($sugar_config['securitysuite_additive']) && $sugar_config['securitysuite_additive'] == true && $selected_actions[$acl->category][$acl->acltype][$acl->name]['aclaccess'] < $acl->aclaccess || (!isset($sugar_config['securitysuite_additive']) || $sugar_config['securitysuite_additive'] == false) && $selected_actions[$acl->category][$acl->acltype][$acl->name]['aclaccess'] > $acl->aclaccess) && $isOverride || !empty($selected_actions[$acl->category][$acl->acltype][$acl->name]['isDefault']) && $isOverride) {
$selected_actions[$acl->category][$acl->acltype][$acl->name] = $acl->toArray();
$selected_actions[$acl->category][$acl->acltype][$acl->name]['isDefault'] = !$isOverride;
}
}
//only set the session variable if it was a full list;
if (empty($category) && empty($action)) {
if (!isset($_SESSION['ACL'])) {
$_SESSION['ACL'] = array();
}
$_SESSION['ACL'][$user_id] = $selected_actions;
} else {
if (empty($action) && !empty($category)) {
if (!empty($type)) {
$_SESSION['ACL'][$user_id][$category][$type] = $selected_actions[$category][$type];
}
$_SESSION['ACL'][$user_id][$category] = $selected_actions[$category];
} else {
if (!empty($action) && !empty($category) && !empty($type)) {
$_SESSION['ACL'][$user_id][$category][$type][$action] = $selected_actions[$category][$action];
}
}
}
// Sort by translated categories
uksort($selected_actions, "ACLAction::langCompare");
return $selected_actions;
}
/**
* static getRoleActions($role_id)
*
* gets the actions of a given role
*
* @param GUID $role_id
*
* @return array of actions
*/
function getRoleActions($role_id, $type = 'module')
{
global $beanList;
//if we don't have it loaded then lets check against the db
$additional_where = '';
$db = DBManagerFactory::getInstance();
$query = "SELECT acl_actions.*";
//only if we have a role id do we need to join the table otherwise lets use the ones defined in acl_actions as the defaults
if (!empty($role_id)) {
$query .= " ,acl_roles_actions.access_override ";
}
$query .= " FROM acl_actions ";
if (!empty($role_id)) {
$query .= " LEFT JOIN acl_roles_actions ON acl_roles_actions.role_id = '{$role_id}' AND acl_roles_actions.action_id = acl_actions.id AND acl_roles_actions.deleted = 0";
}
$query .= " WHERE acl_actions.deleted=0 ORDER BY acl_actions.category, acl_actions.name";
$result = $db->query($query);
$role_actions = [];
while ($row = $db->fetchByAssoc($result)) {
$action = new ACLAction();
$action->populateFromRow($row);
if (!empty($row['access_override'])) {
$action->aclaccess = $row['access_override'];
} else {
$action->aclaccess = ACL_ALLOW_DEFAULT;
}
//#27877 . If there is no this module in beanlist , we will not show them in UI, no matter this module was deleted or not in ACL_ACTIONS table.
if (empty($beanList[$action->category])) {
continue;
}
//end
if (!isset($role_actions[$action->category])) {
$role_actions[$action->category] = [];
}
$role_actions[$action->category][$action->acltype][$action->name] = $action->toArray();
}
// Sort by translated categories
uksort($role_actions, "ACLRole::langCompare");
return $role_actions;
}
/**
* static getUserActions($user_id,$refresh=false, $category='', $action='')
* returns a list of user actions
* @param GUID $user_id
* @param BOOLEAN $refresh
* @param STRING $category
* @param STRING $action
* @return ARRAY of ACLActionsArray
*/
function getUserActions($user_id, $refresh = false, $category = '', $type = '', $action = '')
{
//check in the session if we already have it loaded
if (!$refresh && !empty($_SESSION['ACL'][$user_id])) {
if (empty($category) && empty($action)) {
return $_SESSION['ACL'][$user_id];
} else {
if (!empty($category) && isset($_SESSION['ACL'][$user_id][$category])) {
if (empty($action)) {
if (empty($type)) {
return $_SESSION['ACL'][$user_id][$category];
}
return $_SESSION['ACL'][$user_id][$category][$type];
} else {
if (!empty($type) && isset($_SESSION['ACL'][$user_id][$category][$type][$action])) {
return $_SESSION['ACL'][$user_id][$category][$type][$action];
}
}
}
}
}
//if we don't have it loaded then lets check against the db
$additional_where = '';
$db = DBManagerFactory::getInstance();
if (!empty($category)) {
$additional_where .= " AND {$this->table_name}.category = '{$category}' ";
}
if (!empty($action)) {
$additional_where .= " AND {$this->table_name}.name = '{$action}' ";
}
if (!empty($type)) {
$additional_where .= " AND {$this->table_name}.acltype = '{$type}' ";
}
$query = null;
if ($db->dbType == 'oci8') {
}
if (empty($query)) {
$query = "SELECT acl_actions .*, acl_roles_actions.access_override \n FROM acl_actions \n LEFT JOIN acl_roles_users ON acl_roles_users.user_id = '{$user_id}' AND acl_roles_users.deleted = 0\n LEFT JOIN acl_roles_actions ON acl_roles_actions.role_id = acl_roles_users.role_id AND acl_roles_actions.action_id = acl_actions.id AND acl_roles_actions.deleted=0\n WHERE acl_actions.deleted=0 {$additional_where} ORDER BY category,name";
}
$result = $db->query($query);
$selected_actions = array();
while ($row = $db->fetchByAssoc($result)) {
$acl = new ACLAction();
$isOverride = false;
$acl->populateFromRow($row);
if (!empty($row['access_override'])) {
$acl->aclaccess = $row['access_override'];
$isOverride = true;
}
if (!isset($selected_actions[$acl->category])) {
$selected_actions[$acl->category] = array();
}
if (!isset($selected_actions[$acl->category][$acl->acltype][$acl->name]) || $selected_actions[$acl->category][$acl->acltype][$acl->name]['aclaccess'] > $acl->aclaccess && $isOverride || !empty($selected_actions[$acl->category][$acl->acltype][$acl->name]['isDefault']) && $isOverride) {
$selected_actions[$acl->category][$acl->acltype][$acl->name] = $acl->toArray();
$selected_actions[$acl->category][$acl->acltype][$acl->name]['isDefault'] = !$isOverride;
}
}
//only set the session variable if it was a full list;
if (empty($category) && empty($action)) {
if (!isset($_SESSION['ACL'])) {
$_SESSION['ACL'] = array();
}
$_SESSION['ACL'][$user_id] = $selected_actions;
} else {
if (empty($action) && !empty($category)) {
if (!empty($type)) {
$_SESSION['ACL'][$user_id][$category][$type] = $selected_actions[$category][$type];
}
$_SESSION['ACL'][$user_id][$category] = $selected_actions[$category];
} else {
if (!empty($action) && !empty($category) && !empty($type)) {
$_SESSION['ACL'][$user_id][$category][$type][$action] = $selected_actions[$category][$action];
}
}
}
return $selected_actions;
}
public function testtoArray()
{
$aclAction = new ACLAction();
//wihout any fields set
$expected = array('id' => null, 'aclaccess' => null);
$actual = $aclAction->toArray();
$this->assertSame($expected, $actual);
//with fileds pre populated
$aclAction->populateFromRow(array('id' => '1234', 'aclaccess' => '9999'));
$expected = array('id' => '1234', 'aclaccess' => '9999');
$actual = $aclAction->toArray();
$this->assertSame($expected, $actual);
}
/**
* static getRoleActions($role_id)
*
* gets the actions of a given role
*
* @param GUID $role_id
* @return array of actions
*/
function getRoleActions($role_id, $type = 'module')
{
//if we don't have it loaded then lets check against the db
$additional_where = '';
$db =& PearDatabase::getInstance();
$query = "SELECT acl_actions.*";
//only if we have a role id do we need to join the table otherwise lets use the ones defined in acl_actions as the defaults
if (!empty($role_id)) {
$query .= " ,acl_roles_actions.access_override ";
}
$query .= " FROM acl_actions ";
if (!empty($role_id)) {
$query .= " LEFT JOIN acl_roles_actions ON acl_roles_actions.role_id = '{$role_id}' AND acl_roles_actions.action_id = acl_actions.id AND acl_roles_actions.deleted = 0";
}
$query .= " WHERE acl_actions.deleted=0 ORDER BY acl_actions.category, acl_actions.name";
$result = $db->query($query);
$role_actions = array();
while ($row = $db->fetchByAssoc($result)) {
$action = new ACLAction();
$action->populateFromRow($row);
if (!empty($row['access_override'])) {
$action->aclaccess = $row['access_override'];
} else {
$action->aclaccess = ACL_ALLOW_DEFAULT;
}
if (!isset($role_actions[$action->category])) {
$role_actions[$action->category] = array();
}
$role_actions[$action->category][$action->acltype][$action->name] = $action->toArray();
}
return $role_actions;
}
/**
* static getUserActions($user_id,$refresh=false, $category='', $action='')
* returns a list of user actions
* @param GUID $user_id
* @param BOOLEAN $refresh
* @param STRING $category
* @param STRING $action
* @return ARRAY of ACLActionsArray
*/
static function getUserActions($user_id, $refresh = false, $category = '', $type = '', $action = '')
{
//check in the session if we already have it loaded
if (!$refresh && !empty($_SESSION['ACL'][$user_id])) {
if (empty($category) && empty($action)) {
return $_SESSION['ACL'][$user_id];
} else {
if (!empty($category) && isset($_SESSION['ACL'][$user_id][$category])) {
if (empty($action)) {
if (empty($type)) {
return $_SESSION['ACL'][$user_id][$category];
}
return $_SESSION['ACL'][$user_id][$category][$type];
} else {
if (!empty($type) && isset($_SESSION['ACL'][$user_id][$category][$type][$action])) {
return $_SESSION['ACL'][$user_id][$category][$type][$action];
}
}
}
}
}
//if we don't have it loaded then lets check against the db
$additional_where = '';
$db = DBManagerFactory::getInstance();
if (!empty($category)) {
$additional_where .= " AND acl_actions.category = '{$category}' ";
}
if (!empty($action)) {
$additional_where .= " AND acl_actions.name = '{$action}' ";
}
if (!empty($type)) {
$additional_where .= " AND acl_actions.acltype = '{$type}' ";
}
$query = "SELECT acl_actions .*, acl_roles_actions.access_override\n FROM acl_actions\n LEFT JOIN acl_roles_users ON acl_roles_users.user_id = '{$user_id}' AND acl_roles_users.deleted = 0\n LEFT JOIN acl_roles_actions ON acl_roles_actions.role_id = acl_roles_users.role_id AND acl_roles_actions.action_id = acl_actions.id AND acl_roles_actions.deleted=0\n WHERE acl_actions.deleted=0 {$additional_where} ORDER BY category,name";
$result = $db->query($query);
$selected_actions = array();
while ($row = $db->fetchByAssoc($result, FALSE)) {
$acl = new ACLAction();
$isOverride = false;
$acl->populateFromRow($row);
if (!empty($row['access_override'])) {
$acl->aclaccess = $row['access_override'];
$isOverride = true;
}
$jrmis_modules = array('JrMis_BackMoney', 'JrMis_BankQuery', 'JrMis_BankUsers', 'JrMis_Borrowers', 'JrMis_Conduits', 'JrMis_Departments', 'JrMis_FinaaceCompanies', 'JrMis_FinanceProducts', 'asol_Reports', 'Users');
if (!in_array($acl->category, $jrmis_modules)) {
continue;
}
if (!isset($selected_actions[$acl->category])) {
$selected_actions[$acl->category] = array();
}
if (!isset($selected_actions[$acl->category][$acl->acltype][$acl->name]) || $selected_actions[$acl->category][$acl->acltype][$acl->name]['aclaccess'] > $acl->aclaccess && $isOverride || !empty($selected_actions[$acl->category][$acl->acltype][$acl->name]['isDefault']) && $isOverride) {
$selected_actions[$acl->category][$acl->acltype][$acl->name] = $acl->toArray();
$selected_actions[$acl->category][$acl->acltype][$acl->name]['isDefault'] = !$isOverride;
}
}
//only set the session variable if it was a full list;
if (empty($category) && empty($action)) {
if (!isset($_SESSION['ACL'])) {
$_SESSION['ACL'] = array();
}
$_SESSION['ACL'][$user_id] = $selected_actions;
} else {
if (empty($action) && !empty($category)) {
if (!empty($type)) {
$_SESSION['ACL'][$user_id][$category][$type] = $selected_actions[$category][$type];
}
$_SESSION['ACL'][$user_id][$category] = $selected_actions[$category];
} else {
if (!empty($action) && !empty($category) && !empty($type)) {
$_SESSION['ACL'][$user_id][$category][$type][$action] = $selected_actions[$category][$action];
}
}
}
// Sort by translated categories
uksort($selected_actions, "ACLAction::langCompare");
return $selected_actions;
}
