/** * Constructor for the bean, it performs following tasks: * * 1. Initalized a database connections * 2. Load the vardefs for the module implemeting the class. cache the entries * if needed * 3. Setup row-level security preference * All implementing classes must call this constructor using the parent::__construct() * */ public function __construct() { // FIXME: this will be removed, needed for ensuring BeanFactory is always used //$this->checkBacktrace(); global $dictionary, $current_user; $this->db = DBManagerFactory::getInstance(); if (empty($this->module_name)) { $this->module_name = $this->module_dir; } if (isset($this->disable_team_security)) { $this->disable_row_level_security = $this->disable_team_security; } // Verify that current user is not null then do an ACL check. The current user check is to support installation. if (!$this->disable_row_level_security && !empty($current_user->id) && (is_admin($current_user) || $this->bean_implements('ACL') && (ACLAction::getUserAccessLevel($current_user->id, $this->module_dir, 'access') == ACL_ALLOW_ENABLED && (ACLAction::getUserAccessLevel($current_user->id, $this->module_dir, 'admin') == ACL_ALLOW_ADMIN || ACLAction::getUserAccessLevel($current_user->id, $this->module_dir, 'admin') == ACL_ALLOW_ADMIN_DEV)))) { $this->disable_row_level_security = true; } if (false == $this->disable_vardefs && (empty(self::$loadedDefs[$this->object_name]) || !empty($GLOBALS['reload_vardefs']))) { $refresh = inDeveloperMode() || !empty($_SESSION['developerMode']); if ($refresh && !empty(VardefManager::$inReload["{$this->module_dir}:{$this->object_name}"])) { // if we're already reloading this vardef, no need to do it again $refresh = false; } VardefManager::loadVardef($this->module_dir, $this->object_name, $refresh, array("bean" => $this)); // build $this->column_fields from the field_defs if they exist if (!empty($dictionary[$this->object_name]['fields'])) { foreach ($dictionary[$this->object_name]['fields'] as $key => $value_array) { $column_fields[] = $key; if (!empty($value_array['required']) && !empty($value_array['name'])) { $this->required_fields[$value_array['name']] = 1; } } $this->column_fields = $column_fields; } //setup custom fields if (!isset($this->custom_fields) && empty($this->disable_custom_fields)) { $this->setupCustomFields($this->module_dir); } //load up field_arrays from CacheHandler; if (empty($this->list_fields)) { $this->list_fields = $this->_loadCachedArray($this->module_dir, $this->object_name, 'list_fields'); } if (empty($this->column_fields)) { $this->column_fields = $this->_loadCachedArray($this->module_dir, $this->object_name, 'column_fields'); } if (empty($this->required_fields)) { $this->required_fields = $this->_loadCachedArray($this->module_dir, $this->object_name, 'required_fields'); } if (isset($GLOBALS['dictionary'][$this->object_name]) && !$this->disable_vardefs) { $this->field_name_map = $dictionary[$this->object_name]['fields']; $this->field_defs = $dictionary[$this->object_name]['fields']; if (isset($dictionary[$this->object_name]['name_format_map'])) { $this->name_format_map = $dictionary[$this->object_name]['name_format_map']; } if (!empty($dictionary[$this->object_name]['optimistic_locking'])) { $this->optimistic_lock = true; } if (isset($dictionary[$this->object_name]['importable'])) { $this->importable = isTruthy($dictionary[$this->object_name]['importable']); } } self::$loadedDefs[$this->object_name]['column_fields'] =& $this->column_fields; self::$loadedDefs[$this->object_name]['list_fields'] =& $this->list_fields; self::$loadedDefs[$this->object_name]['required_fields'] =& $this->required_fields; self::$loadedDefs[$this->object_name]['field_name_map'] =& $this->field_name_map; self::$loadedDefs[$this->object_name]['field_defs'] =& $this->field_defs; self::$loadedDefs[$this->object_name]['name_format_map'] =& $this->name_format_map; } else { $this->column_fields =& self::$loadedDefs[$this->object_name]['column_fields']; $this->list_fields =& self::$loadedDefs[$this->object_name]['list_fields']; $this->required_fields =& self::$loadedDefs[$this->object_name]['required_fields']; $this->field_name_map =& self::$loadedDefs[$this->object_name]['field_name_map']; $this->field_defs =& self::$loadedDefs[$this->object_name]['field_defs']; $this->name_format_map =& self::$loadedDefs[$this->object_name]['name_format_map']; $this->added_custom_field_defs = true; if (!isset($this->custom_fields) && empty($this->disable_custom_fields)) { $this->setupCustomFields($this->module_dir, false); } if (!empty($dictionary[$this->object_name]['optimistic_locking'])) { $this->optimistic_lock = true; } } // Verify that current user is not null then do an ACL check. The current user check is to support installation. if (!$this->disable_row_level_security && !empty($current_user->id) && !isset($this->disable_team_security) && !SugarACL::checkAccess($this->module_dir, 'team_security', array('bean' => $this))) { // We can disable team security for this module $this->disable_row_level_security = true; } if ($this->bean_implements('ACL')) { $this->acl_fields = isset($dictionary[$this->object_name]['acl_fields']) && $dictionary[$this->object_name]['acl_fields'] === false ? false : true; if (!empty($current_user->id)) { ACLField::loadUserFields($this->module_dir, $this->object_name, $current_user->id); } $this->addVisibilityStrategy("ACLVisibility"); } $this->populateDefaultValues(); if (isset($this->disable_team_security)) { $this->disable_row_level_security = $this->disable_team_security; } }
/** * returnFieldsWithAccess * * @param object $seed an instance of the bean we are checking acl's on * @param array $select_fields array of fields being explicitly checked for access, empty array means check all * @return array Array of the fields for this bean that passed the acl filter test */ function returnFieldsWithAccess($seed, $select_fields = array()) { //can't do anything if there is no bean if (empty($seed)) { return $select_fields; } //if the select fields array is empty, then use all the fields for this bean if (empty($select_fields)) { $fields = $seed->field_name_map; $select_fields = array_keys($fields); } //check to see if bean implements acl and this is not an admin so we can remove any restricted fields if ($seed->bean_implements('ACL') && !empty($GLOBALS['current_user']) && !$GLOBALS['current_user']->is_admin) { //lets load up any acl fields for this uer ACLField::loadUserFields($seed->module_dir, $seed->object_name, $GLOBALS['current_user']->id); //iterate through the select fields array and remove any restricted acl fields (less than 0) foreach ($select_fields as $fieldnum => $fieldname) { if (isset($_SESSION['ACL'][$GLOBALS['current_user']->id][$seed->module_dir]['fields'][$fieldname]) && $_SESSION['ACL'][$GLOBALS['current_user']->id][$seed->module_dir]['fields'][$fieldname] < 0) { //this field has an acl restricting the user from accessing it, unset it unset($select_fields[$fieldnum]); } } } return $select_fields; }