Пример #1
1
 function display()
 {
     require_once 'modules/ACLRoles/ACLRole.php';
     //Get the current user's role
     $objACLRole = new ACLRole();
     $roles = $objACLRole->getUserRoles($GLOBALS['current_user']->id);
     //check if they are in the Admin or Admin Manager's role
     if (in_array('Admin', $roles) || in_array('Branch Manager - Delhi', $roles)) {
         $this->ev->ss->assign('ReadOnly', '');
     } else {
         //If not pass in a variable with the value readonly
         $this->ev->ss->assign('ReadOnly', 'readonly');
     }
     //Call the parent display function
     parent::display();
 }
Пример #2
0
 public function testgetUserRoles()
 {
     error_reporting(E_ERROR | E_PARSE);
     $aclRole = new ACLRole();
     //test with default/true getAsNameArray param value
     $result = $aclRole->getUserRoles('1');
     $this->assertTrue(is_array($result));
     //test with flase getAsNameArray param value
     $result = $aclRole->getUserRoles('1', false);
     $this->assertTrue(is_array($result));
 }
Пример #3
0
 /**
  * Returns object storage containing available roles as keys
  * and flags indicating if there is role specific metadata as value
  *
  * @param callable $callback Callback that checks if there is role specific metadata
  * @return SplObjectStorage
  */
 public static function getRoles($callback = null)
 {
     global $current_user;
     $roles = new SplObjectStorage();
     //Only super user should have access to all roles
     $allRoles = $current_user->isAdmin() ? ACLRole::getAllRoles() : ACLRole::getUserRoles($current_user->id, false);
     foreach ($allRoles as $role) {
         if (in_array($role->name, static::$hiddenRoles)) {
             continue;
         }
         $roles[$role] = $callback ? $callback(array('role' => $role->id)) : null;
     }
     return $roles;
 }
Пример #4
0
//***AlineaSol Premium***//
//***********************//
$hasPremiumFeatures = asol_ReportsUtils::managePremiumFeature("managePremiumFeature", "reportFunctions.php", "hasPremiumFeatures", null);
//***********************//
//***AlineaSol Premium***//
//***********************//
//****************************//
//***Display Edition Screen***//
//****************************//
//Calculate SubSelectQueries Scope
$mySQLcheckInsecurity = false;
if ($mySQLinsecurityScope === 1 && !$current_user->is_admin || $mySQLinsecurityScope === 2) {
    $mySQLcheckInsecurity = true;
} else {
    if ($mySQLinsecurityScope === 3 && !$current_user->is_admin) {
        $userRoles = $_SESSION['asolUserRoles'] = isset($_SESSION['asolUserRoles']) && !empty($_SESSION['asolUserRoles']) ? $_SESSION['asolUserRoles'] : ACLRole::getUserRoles($current_user->id);
        foreach ($userRoles as $userRole) {
            if (!in_array($userRole, $sugar_config["asolReportsMySQLinsecuritySubSelectRoles"])) {
                $mySQLcheckInsecurity = true;
                break;
            }
        }
    }
}
//Calculate SubSelectQueries Scope
$PHPcheckInsecurity = $current_user->is_admin ? false : true;
//Get predefined color palette schemas for Nvd3 charts
$predefinedColorPaletteSchemas = isset($sugar_config['asolReportsNvd3ChartPredefinedColorPaletteSchemas']) ? $sugar_config['asolReportsNvd3ChartPredefinedColorPaletteSchemas'] : array();
$predefinedColorPaletteSchemasJson = htmlentities(json_encode($predefinedColorPaletteSchemas));
//Get predefined color palette schemas for Nvd3 charts
//Set configuration flags
Пример #5
0
/**
 * The Quick edit for case updates which appears under update stream
 * Also includes the javascript for AJAX update
 *
 * @return string - the html to be displayed and javascript
 */
function quick_edit_case_updates($case)
{
    global $action, $app_strings, $mod_strings;
    //on DetailView only
    if ($action != 'DetailView') {
        return;
    }
    //current record id
    $record = $_GET['record'];
    //Get Users roles
    require_once 'modules/ACLRoles/ACLRole.php';
    $user = $GLOBALS['current_user'];
    $id = $user->id;
    $acl = new ACLRole();
    $roles = $acl->getUserRoles($id);
    //Return if user cannot edit cases
    if (in_array("no edit cases", $roles) || $roles === "no edit cases") {
        return;
    }
    $internalChecked = '';
    if (isset($case->internal) && $case->internal) {
        $internalChecked = "checked='checked'";
    }
    $internal = $mod_strings['LBL_AOP_INTERNAL'];
    $saveBtn = $app_strings['LBL_SAVE_BUTTON_LABEL'];
    $saveTitle = $app_strings['LBL_SAVE_BUTTON_TITLE'];
    $html = <<<EOD
    <form id='case_updates' enctype="multipart/form-data">


    <textarea id="update_text" name="update_text" cols="80" rows="4"></textarea>

    <input id='internal' type='checkbox' name='internal' tabindex=0 title='' value='1' {$internalChecked} > {$internal}</input>
    </br>
    <input type='button' value='{$saveBtn}' onclick="caseUpdates('{$record}')" title="{$saveTitle}" name="button"> </input>


    </br>
    </form>


EOD;
    return $html;
}
Пример #6
0
 /**
  * Returns all the user data to be sent in the REST API call for a normal
  * `/me` call.
  *
  * This data is dependent on the platform used. Each own platform has a
  * different data set to be sent in the response.
  *
  * @param string $platform The platform of the request.
  * @param array $options A list of options like `category` to retrieve the
  *   basic user info. Will use `global` if no `category` is supplied.
  * @return array The user's data to be used in a `/me` request.
  */
 protected function getUserData($platform, array $options)
 {
     $current_user = $this->getUserBean();
     // Get the basics
     $category = isset($options['category']) ? $options['category'] : 'global';
     $user_data = $this->getBasicUserInfo($platform, $category);
     // Fill in the rest
     $user_data['type'] = self::TYPE_USER;
     if ($current_user->isAdmin()) {
         $user_data['type'] = self::TYPE_ADMIN;
     }
     $user_data['show_wizard'] = $this->shouldShowWizard($category);
     $user_data['id'] = $current_user->id;
     $current_user->_create_proper_name_field();
     $user_data['full_name'] = $current_user->full_name;
     $user_data['user_name'] = $current_user->user_name;
     $user_data['roles'] = ACLRole::getUserRoles($current_user->id);
     $user_data = $this->setExpiredPassword($user_data);
     $user_data['picture'] = $current_user->picture;
     $user_data['acl'] = $this->getAcls($platform);
     $user_data['is_manager'] = User::isManager($current_user->id);
     $user_data['is_top_level_manager'] = false;
     $user_data['reports_to_id'] = $current_user->reports_to_id;
     $user_data['reports_to_name'] = $current_user->reports_to_name;
     if ($user_data['is_manager']) {
         $user_data['is_top_level_manager'] = User::isTopLevelManager($current_user->id);
     }
     // Address information
     $user_data['address_street'] = $current_user->address_street;
     $user_data['address_city'] = $current_user->address_city;
     $user_data['address_state'] = $current_user->address_state;
     $user_data['address_country'] = $current_user->address_country;
     $user_data['address_postalcode'] = $current_user->address_postalcode;
     require_once 'modules/Teams/TeamSetManager.php';
     $teams = $current_user->get_my_teams();
     $my_teams = array();
     foreach ($teams as $id => $name) {
         $my_teams[] = array('id' => $id, 'name' => $name);
     }
     $user_data['my_teams'] = $my_teams;
     $defaultTeams = TeamSetManager::getTeamsFromSet($current_user->team_set_id);
     foreach ($defaultTeams as $id => $team) {
         $defaultTeams[$id]['primary'] = false;
         if ($team['id'] == $current_user->team_id) {
             $defaultTeams[$id]['primary'] = true;
         }
     }
     $user_data['preferences']['default_teams'] = $defaultTeams;
     // Send back a hash of this data for use by the client
     $user_data['_hash'] = $current_user->getUserMDHash();
     return array('current_user' => $user_data);
 }
Пример #7
0
 /**
  * Returns user's ACL roles
  *
  * @param User $user
  * @return ACLRole[]
  */
 protected function getUserRoles(User $user)
 {
     return ACLRole::getUserRoles($user->id, false);
 }
Пример #8
0
/**
 * The Quick edit for case updates which appears under update stream
 * Also includes the javascript for AJAX update
 *
 * @return string - the html to be displayed and javascript
 */
function quick_edit_case_updates()
{
    global $action;
    //on DetailView only
    if ($action != 'DetailView') {
        return;
    }
    //current record id
    $record = $_GET['record'];
    //Get Users roles
    require_once 'modules/ACLRoles/ACLRole.php';
    $user = $GLOBALS['current_user'];
    $id = $user->id;
    $acl = new ACLRole();
    $roles = $acl->getUserRoles($id);
    //Return if user cannot edit cases
    if (in_array("no edit cases", $roles) || $roles === "no edit cases") {
        return;
    }
    $html = <<<EOD
    <form id='case_updates' enctype="multipart/form-data">


    <textarea id="update_text" name="update_text" cols="80" rows="4"></textarea>

    <input id='internal' type='checkbox' name='internal' tabindex=0 title='' value='1'> Internal</input>
    </br>
    <input type='button' value='Save' onclick="caseUpdates('{$record}')" title="Save" name="button"> </input>


    </br>
    </form>


EOD;
    return $html;
}
Пример #9
0
//set cookies
if (isset($_SESSION['authenticated_user_id'])) {
    setCookie('ck_login_id_20', $_SESSION['authenticated_user_id'], time() + 86400 * 90);
}
if (isset($_SESSION['authenticated_user_theme'])) {
    setCookie('ck_login_theme_20', $_SESSION['authenticated_user_theme'], time() + 86400 * 90);
}
if (isset($_SESSION['authenticated_user_theme_color'])) {
    setCookie('ck_login_theme_color_20', $_SESSION['authenticated_user_theme_color'], time() + 86400 * 90);
}
if (isset($_SESSION['authenticated_user_theme_font'])) {
    setCookie('ck_login_theme_font_20', $_SESSION['authenticated_user_theme_font'], time() + 86400 * 90);
}
if (isset($_SESSION['authenticated_user_language'])) {
    setCookie('ck_login_language_20', $_SESSION['authenticated_user_language'], time() + 86400 * 90);
}
require_once 'modules/ACLRoles/ACLRole.php';
$objACLRole = new ACLRole();
$roles = $objACLRole->getUserRoles($GLOBALS['current_user']->id);
if (in_array('Lawyer', $roles)) {
    print "<h2>You do not have permissions to access this function.</h2>";
    exit;
}
chdir($current_directory);
$_POST = $post;
$_GET = $get;
/*foreach(array_keys($GLOBALS) as $key) {
		if (!in_array($key, array('_GET', '_POST', '_COOKIE', '_FILES', '_SERVER', '_REQUEST', 'GLOBALS'))) {
			unset($GLOBALS[$key]);
	}
	}*/
Пример #10
0
/**
 * The Quick edit for case updates which appears under update stream
 * Also includes the javascript for AJAX update
 *
 * @return string - the html to be displayed and javascript
 */
function quick_edit_case_updates()
{
    //current record id
    $record = $_GET['record'];
    //Get Users roles
    require_once 'modules/ACLRoles/ACLRole.php';
    $user = $GLOBALS['current_user'];
    $id = $user->id;
    $acl = new ACLRole();
    $roles = $acl->getUserRoles($id);
    //Return if user cannot edit cases
    if (in_array("no edit cases", $roles) || $roles === "no edit cases") {
        return;
    }
    //Javascript for Asynchronous update
    $javascript = <<<A
<script>
function caseUpdates(){
    loadingMessgPanl = new YAHOO.widget.SimpleDialog('loading', {
                    width: '200px',
                    close: true,
                    modal: true,
                    visible: true,
                    fixedcenter: true,
                    constraintoviewport: true,
                    draggable: false
                });
    loadingMessgPanl.setHeader(SUGAR.language.get('app_strings', 'LBL_EMAIL_PERFORMING_TASK'));
    loadingMessgPanl.setBody(SUGAR.language.get('app_strings', 'LBL_EMAIL_ONE_MOMENT'));
    loadingMessgPanl.render(document.body);
    loadingMessgPanl.show();

    var update_data = document.getElementById('update_text').value;
    var checkbox = document.getElementById('internal').checked;
    var internal = "";
    if(checkbox){
        internal=1;
    }

    //Post parameters

    var params =
        "record={$record}&module=Cases&return_module=Cases&action=Save&return_id={$record}&return_action=DetailView&relate_to=Cases&relate_id={$record}&offset=1&update_text="
        + update_data + "&internal=" + internal;

    var xmlhttp = new XMLHttpRequest();
    xmlhttp.open("POST", "index.php", true);


    xmlhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
    xmlhttp.setRequestHeader("Content-length", params.length);
    xmlhttp.setRequestHeader("Connection", "close");

    //When button is clicked
    xmlhttp.onreadystatechange = function() {

        if(xmlhttp.readyState == 4 && xmlhttp.status == 200) {


            showSubPanel('history', null, true);
            //Reload the case updates stream and history panels
\t\t    \$("#LBL_AOP_CASE_UPDATES").load("index.php?module=Cases&action=DetailView&record={$record}" + " #LBL_AOP_CASE_UPDATES", function(){


            //Collapse all except newest update
            \$('.caseUpdateImage').attr("src",showUpdateImage);
            \$('.caseUpdate').slideUp('fast');

            var id = \$('.caseUpdate').last().attr('id');
            if(id){
            toggleCaseUpdate(id.replace('caseUpdate',''));
            }


            loadingMessgPanl.hide();

            }

        );
\t}
}

        xmlhttp.send(params);



}
</script>
A;
    $html = <<<EOD
    <form id='case_updates' enctype="multipart/form-data">


    <textarea id="update_text" name="update_text" cols="80" rows="4"></textarea>

    <input id='internal' type='checkbox' name='internal' tabindex=0 title='' value='1'> Internal</input>
    </br>
    <input type='button' value='Save' onclick="caseUpdates()" title="Save" name="button"> </input>


    </br>
    </form>


EOD;
    return $javascript . $html;
}