/**
* Method to determine if user can access a particular issue
*
* @param integer $issue_id The ID of the issue.
* @param integer $usr_id The ID of the user
* @return boolean If the user can access the issue
*/
public static function canAccessIssue($issue_id, $usr_id)
{
static $access;
if (empty($issue_id)) {
return false;
}
if (isset($access[$issue_id . '-' . $usr_id])) {
return $access[$issue_id . '-' . $usr_id];
}
$details = Issue::getDetails($issue_id);
if (empty($details)) {
return true;
}
$usr_details = User::getDetails($usr_id);
$usr_role = User::getRoleByUser($usr_id, $details['iss_prj_id']);
$prj_id = $details['iss_prj_id'];
$can_access_contract = false;
if (CRM::hasCustomerIntegration($prj_id)) {
$crm = CRM::getInstance($prj_id);
try {
if (!empty($usr_details['usr_customer_contact_id']) && !empty($details['iss_customer_contract_id'])) {
$contact = $crm->getContact($usr_details['usr_customer_contact_id']);
$can_access_contract = $contact->canAccessContract($crm->getContract($details['iss_customer_contract_id']));
}
} catch (CRMException $e) {
// TODOCRM: Log exception?
}
}
if (empty($usr_role)) {
// check if they are even allowed to access the project
$return = false;
} elseif (CRM::hasCustomerIntegration($details['iss_prj_id']) && $usr_role == User::getRoleID('Customer') && $can_access_contract === false) {
// check customer permissions
$return = false;
} elseif (!empty($usr_details['usr_par_code']) && !Partner::isPartnerEnabledForIssue($usr_details['usr_par_code'], $issue_id)) {
// check if the user is a partner
$return = false;
} elseif ($details['iss_private'] == 1) {
// check if the issue is even private
// check role, reporter, assignment and group
if ($usr_role > User::getRoleID('Developer')) {
$return = true;
} elseif ($details['iss_usr_id'] == $usr_id) {
$return = true;
} elseif (Issue::isAssignedToUser($issue_id, $usr_id)) {
$return = true;
} elseif (!empty($details['iss_grp_id']) && !empty($usr_details['usr_grp_id']) && $details['iss_grp_id'] == $usr_details['usr_grp_id']) {
$return = true;
} elseif (Authorized_Replier::isUserAuthorizedReplier($issue_id, $usr_id)) {
$return = true;
} else {
$return = false;
}
} elseif (Auth::getCurrentRole() == User::getRoleID('Reporter') && Project::getSegregateReporters($prj_id) && $details['iss_usr_id'] != $usr_id && !Authorized_Replier::isUserAuthorizedReplier($issue_id, $usr_id)) {
return false;
} else {
$return = true;
}
$access[$issue_id . '-' . $usr_id] = $return;
return $return;
}
/**
* Converts a note to a draft or an email
*
* @param int $note_id The id of the note
* @param string $target What the note should be converted too (email, etc)
* @param bool $authorize_sender If $authorize_sender If the sender should be added to authorized senders list.
* @return int
*/
public static function convertNote($note_id, $target, $authorize_sender = false)
{
$issue_id = self::getIssueID($note_id);
$email_account_id = Email_Account::getEmailAccount();
$blocked_message = self::getBlockedMessage($note_id);
$unknown_user = self::getUnknownUser($note_id);
$structure = Mime_Helper::decode($blocked_message, true, true);
$body = $structure->body;
$sender_email = strtolower(Mail_Helper::getEmailAddress($structure->headers['from']));
$current_usr_id = Auth::getUserID();
if ($target == 'email') {
if (Mime_Helper::hasAttachments($structure)) {
$has_attachments = 1;
} else {
$has_attachments = 0;
}
list($blocked_message, $headers) = Mail_Helper::rewriteThreadingHeaders($issue_id, $blocked_message, @$structure->headers);
$t = array('issue_id' => $issue_id, 'ema_id' => $email_account_id, 'message_id' => @$structure->headers['message-id'], 'date' => Date_Helper::getCurrentDateGMT(), 'from' => @$structure->headers['from'], 'to' => @$structure->headers['to'], 'cc' => @$structure->headers['cc'], 'subject' => @$structure->headers['subject'], 'body' => @$body, 'full_email' => @$blocked_message, 'has_attachment' => $has_attachments, 'headers' => $headers);
// need to check for a possible customer association
if (!empty($structure->headers['from'])) {
$details = Email_Account::getDetails($email_account_id);
// check from the associated project if we need to lookup any customers by this email address
if (CRM::hasCustomerIntegration($details['ema_prj_id'])) {
$crm = CRM::getInstance($details['ema_prj_id']);
// check for any customer contact association
try {
$contact = $crm->getContactByEmail($sender_email);
$issue_contract = $crm->getContract(Issue::getContractID($issue_id));
if ($contact->canAccessContract($issue_contract)) {
$t['customer_id'] = $issue_contract->getCustomerID();
}
} catch (CRMException $e) {
}
}
}
if (empty($t['customer_id'])) {
$update_type = 'staff response';
$t['customer_id'] = null;
} else {
$update_type = 'customer action';
}
$res = Support::insertEmail($t, $structure, $sup_id);
if ($res != -1) {
Support::extractAttachments($issue_id, $structure);
// notifications about new emails are always external
$internal_only = false;
// special case when emails are bounced back, so we don't want to notify the customer about those
if (Notification::isBounceMessage($sender_email)) {
$internal_only = true;
}
Notification::notifyNewEmail($current_usr_id, $issue_id, $t, $internal_only, false, '', $sup_id);
Issue::markAsUpdated($issue_id, $update_type);
self::remove($note_id, false);
History::add($issue_id, $current_usr_id, 'note_converted_email', 'Note converted to e-mail (from: {from}) by {user}', array('from' => @$structure->headers['from'], 'user' => User::getFullName($current_usr_id)));
// now add sender as an authorized replier
if ($authorize_sender) {
Authorized_Replier::manualInsert($issue_id, @$structure->headers['from']);
}
}
return $res;
}
// save message as a draft
$res = Draft::saveEmail($issue_id, $structure->headers['to'], $structure->headers['cc'], $structure->headers['subject'], $body, false, $unknown_user);
// remove the note, if the draft was created successfully
if ($res) {
self::remove($note_id, false);
$usr_id = $current_usr_id;
History::add($issue_id, $usr_id, 'note_converted_draft', 'Note converted to draft (from: {from}) by {user}', array('from' => @$structure->headers['from'], 'user' => User::getFullName($current_usr_id)));
}
return $res;
}
/**
* Called when a new message is recieved.
*
* @param integer $prj_id The projectID
* @param integer $issue_id The ID of the issue.
* @param object $message An object containing the new email
* @param array $row The array of data that was inserted into the database.
* @param boolean $closing If we are closing the issue.
*/
function handleNewEmail($prj_id, $issue_id, $message, $row = false, $closing = false)
{
$subject = $row['subject'];
$body = $row['body'];
preg_match('/(H|C)[A-Z0-9]{12,14}/', $subject, $header_matches);
preg_match_all('/(H|C)[A-Z0-9]{12,14}/', $body, $body_matches);
if ($header_matches[0]) {
$refs[] = $header_matches[0];
}
foreach ($body_matches[0] as $body_match) {
if ($body_match) {
$refs[] = $body_match;
}
}
$refs = @array_unique($refs);
$stmt = "Select reference_number,ss_subscription_id from " . ETEL_TRANS_SUBS_TABLE_NOSUB . "\n\t\tWHERE\n\t\t\treference_number in ('" . @implode("','", $refs) . "')";
$res = $GLOBALS["db_api"]->dbh->getRow($stmt);
if (PEAR::isError($res)) {
Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__);
} else {
if ($res[0]) {
Custom_Field::associateIssue($issue_id, 1, $res[0]);
}
if ($res[1]) {
Custom_Field::associateIssue($issue_id, 4, $res[1]);
}
}
$res = Authorized_Replier::manualInsert($issue_id, $row['from']);
Issue::updateControlStatus($issue_id);
}
/**
* Method used to get the details for a specific issue.
*
* @param integer $issue_id The issue ID
* @param boolean $force_refresh If the cache should not be used.
* @return array The details for the specified issue
*/
public static function getDetails($issue_id, $force_refresh = false)
{
static $returns;
if (empty($issue_id)) {
return '';
}
if (!empty($returns[$issue_id]) && $force_refresh != true) {
return $returns[$issue_id];
}
$stmt = 'SELECT
{{%issue}}.*,
prj_title,
prc_title,
pre_title,
pri_title,
sev_title,
sta_title,
sta_abbreviation,
sta_color status_color,
sta_is_closed
FROM
(
{{%issue}},
{{%project}}
)
LEFT JOIN
{{%project_priority}}
ON
iss_pri_id=pri_id
LEFT JOIN
{{%project_severity}}
ON
iss_sev_id=sev_id
LEFT JOIN
{{%status}}
ON
iss_sta_id=sta_id
LEFT JOIN
{{%project_category}}
ON
iss_prc_id=prc_id
LEFT JOIN
{{%project_release}}
ON
iss_pre_id=pre_id
WHERE
iss_id=? AND
iss_prj_id=prj_id';
try {
$res = DB_Helper::getInstance()->getRow($stmt, array($issue_id));
} catch (DbException $e) {
return '';
}
if (empty($res)) {
return '';
}
$created_date_ts = Date_Helper::getUnixTimestamp($res['iss_created_date'], Date_Helper::getDefaultTimezone());
// get customer information, if any
if (!empty($res['iss_customer_id']) && CRM::hasCustomerIntegration($res['iss_prj_id'])) {
$crm = CRM::getInstance($res['iss_prj_id']);
try {
$customer = $crm->getCustomer($res['iss_customer_id']);
$contract = $crm->getContract($res['iss_customer_contract_id']);
$res['contact_local_time'] = Date_Helper::getFormattedDate(Date_Helper::getCurrentDateGMT(), $res['iss_contact_timezone']);
$res['customer'] = $customer;
$res['contract'] = $contract;
$res['contact'] = $crm->getContact($res['iss_customer_contact_id']);
// TODOCRM: Deal with incidents
// $res['redeemed_incidents'] = Customer::getRedeemedIncidentDetails($res['iss_prj_id'], $res['iss_id']);
$max_first_response_time = $contract->getMaximumFirstResponseTime($issue_id);
$res['max_first_response_time'] = Misc::getFormattedTime($max_first_response_time / 60);
if (empty($res['iss_first_response_date'])) {
$first_response_deadline = $created_date_ts + $max_first_response_time;
if (time() <= $first_response_deadline) {
$res['max_first_response_time_left'] = Date_Helper::getFormattedDateDiff($first_response_deadline, time());
} else {
$res['overdue_first_response_time'] = Date_Helper::getFormattedDateDiff(time(), $first_response_deadline);
}
}
} catch (CRMException $e) {
// TODOCRM: Log exception?
}
}
$res['iss_original_description'] = $res['iss_description'];
$res['iss_original_percent_complete'] = $res['iss_percent_complete'];
$res['iss_description'] = nl2br(htmlspecialchars($res['iss_description']));
$res['iss_resolution'] = Resolution::getTitle($res['iss_res_id']);
$res['iss_impact_analysis'] = nl2br(htmlspecialchars($res['iss_impact_analysis']));
$res['iss_created_date_ts'] = $created_date_ts;
$res['assignments'] = @implode(', ', array_values(self::getAssignedUsers($res['iss_id'])));
list($res['authorized_names'], $res['authorized_repliers']) = Authorized_Replier::getAuthorizedRepliers($res['iss_id']);
$temp = self::getAssignedUsersStatus($res['iss_id']);
$res['has_inactive_users'] = 0;
$res['assigned_users'] = array();
$res['assigned_inactive_users'] = array();
foreach ($temp as $usr_id => $usr_status) {
if (!User::isActiveStatus($usr_status)) {
$res['assigned_inactive_users'][] = $usr_id;
$res['has_inactive_users'] = 1;
} else {
$res['assigned_users'][] = $usr_id;
}
}
if (@in_array(Auth::getUserID(), $res['assigned_users'])) {
$res['is_current_user_assigned'] = 1;
} else {
$res['is_current_user_assigned'] = 0;
}
$res['associated_issues_details'] = self::getAssociatedIssuesDetails($res['iss_id']);
$res['associated_issues'] = self::getAssociatedIssues($res['iss_id']);
$res['reporter'] = User::getFullName($res['iss_usr_id']);
if (empty($res['iss_updated_date'])) {
$res['iss_updated_date'] = $res['iss_created_date'];
}
$res['estimated_formatted_time'] = Misc::getFormattedTime($res['iss_dev_time']);
if (Release::isAssignable($res['iss_pre_id'])) {
$release = Release::getDetails($res['iss_pre_id']);
$res['pre_title'] = $release['pre_title'];
$res['pre_status'] = $release['pre_status'];
}
// need to return the list of issues that are duplicates of this one
$res['duplicates'] = self::getDuplicateList($res['iss_id']);
$res['duplicates_details'] = self::getDuplicateDetailsList($res['iss_id']);
// also get the issue title of the duplicated issue
if (!empty($res['iss_duplicated_iss_id'])) {
$res['duplicated_issue'] = self::getDuplicatedDetails($res['iss_duplicated_iss_id']);
}
// get group information
if (!empty($res['iss_grp_id'])) {
$res['group'] = Group::getDetails($res['iss_grp_id']);
}
// get quarantine issue
$res['quarantine'] = self::getQuarantineInfo($res['iss_id']);
$res['products'] = Product::getProductsByIssue($res['iss_id']);
$returns[$issue_id] = $res;
return $res;
}
/**
* @param int $issue_id
* @param int $project_id
* @param string $new_replier
* @return string
* @access protected
*/
public function addAuthorizedReplier($issue_id, $project_id, $new_replier)
{
$usr_id = Auth::getUserID();
$replier_usr_id = User::getUserIDByEmail($new_replier);
// if this is an actual user, not just an email address check permissions
if (!empty($replier_usr_id)) {
// check if the assignee is even allowed to be in the given project
$projects = Project::getRemoteAssocListByUser($replier_usr_id);
if (!in_array($project_id, array_keys($projects))) {
throw new RemoteApiException("The given user is not permitted in the project associated with issue #{$issue_id}");
}
}
// check if user is already authorized
if (Authorized_Replier::isAuthorizedReplier($issue_id, $new_replier)) {
throw new RemoteApiException("The given user is already an authorized replier on issue #{$issue_id}");
}
$res = Authorized_Replier::remoteAddAuthorizedReplier($issue_id, $usr_id, $new_replier);
if ($res == -1) {
throw new RemoteApiException("Could not add '{$new_replier}' as an authorized replier to issue #{$issue_id}");
}
return 'OK';
}
$res = Support::removeEmails();
$tpl->assign('remove_email_result', $res);
} elseif ($cat == 'clear_duplicate') {
$res = Issue::clearDuplicateStatus($iss_id);
$tpl->assign('clear_duplicate_result', $res);
} elseif ($cat == 'delete_phone') {
$res = Phone_Support::remove($id);
$tpl->assign('delete_phone_result', $res);
} elseif ($cat == 'new_status') {
$res = Issue::setStatus($iss_id, $status_id, true);
if ($res == 1) {
History::add($iss_id, $usr_id, 'status_changed', "Issue manually set to status '{status}' by {user}", array('status' => Status::getStatusTitle($status_id), 'user' => User::getFullName($usr_id)));
}
$tpl->assign('new_status_result', $res);
} elseif ($cat == 'authorize_reply') {
$res = Authorized_Replier::addUser($iss_id, $usr_id);
$tpl->assign('authorize_reply_result', $res);
} elseif ($cat == 'remove_quarantine') {
if (Auth::getCurrentRole() > User::getRoleID('Developer')) {
$res = Issue::setQuarantine($iss_id, 0);
$tpl->assign('remove_quarantine_result', $res);
}
} elseif ($cat == 'selfnotify') {
if (Issue::canAccess($iss_id, $usr_id)) {
$res = Notification::subscribeUser($usr_id, $iss_id, $usr_id, Notification::getDefaultActions($iss_id));
$tpl->assign('selfnotify_result', $res);
}
}
$tpl->assign('current_user_prefs', Prefs::get($usr_id));
$tpl->assign('cat', $cat);
$tpl->displayTemplate();
function addAuthorizedReplier($p)
{
$email = XML_RPC_decode($p->getParam(0));
$password = XML_RPC_decode($p->getParam(1));
$auth = authenticate($email, $password);
if (is_object($auth)) {
return $auth;
}
$issue_id = XML_RPC_decode($p->getParam(2));
$project_id = XML_RPC_decode($p->getParam(3));
$new_replier = XML_RPC_decode($p->getParam(4));
$usr_id = User::getUserIDByEmail($email);
$replier_usr_id = User::getUserIDByEmail($new_replier);
// if this is an actual user, not just an email address check permissions
if (!empty($replier_usr_id)) {
// check if the assignee is even allowed to be in the given project
$projects = Project::getRemoteAssocListByUser($replier_usr_id);
if (!in_array($project_id, array_keys($projects))) {
return new XML_RPC_Response(0, $XML_RPC_erruser + 1, "The given user is not permitted in the project associated with issue #{$issue_id}");
}
}
// check if user is already authorized
if (Authorized_Replier::isAuthorizedReplier($issue_id, $new_replier)) {
return new XML_RPC_Response(0, $XML_RPC_erruser + 1, "The given user is already an authorized replier on issue #{$issue_id}");
}
$res = Authorized_Replier::remoteAddAuthorizedReplier($issue_id, $usr_id, $new_replier);
if ($res == -1) {
return new XML_RPC_Response(0, $XML_RPC_erruser + 1, "Could not add '{$new_replier}' as an authorized replier to issue #{$issue_id}");
} else {
return new XML_RPC_Response(XML_RPC_Encode('OK'));
}
}
/**
* Checks whether the given email address is allowed to send emails in the
* issue ID.
*
* @param integer $issue_id The issue ID
* @param string $sender_email The email address
* @return boolean
*/
public static function isAllowedToEmail($issue_id, $sender_email)
{
$prj_id = Issue::getProjectID($issue_id);
// check the workflow
$workflow_can_email = Workflow::canEmailIssue($prj_id, $issue_id, $sender_email);
if ($workflow_can_email != null) {
return $workflow_can_email;
}
$is_allowed = true;
$sender_usr_id = User::getUserIDByEmail($sender_email, true);
if (empty($sender_usr_id)) {
if (CRM::hasCustomerIntegration($prj_id)) {
// check for a customer contact with several email addresses
$crm = CRM::getInstance($prj_id);
try {
$contract = $crm->getContract(Issue::getContractID($issue_id));
$contact_emails = array_keys($contract->getContactEmailAssocList());
$contact_emails = array_map(function ($s) {
return strtolower($s);
}, $contact_emails);
} catch (CRMException $e) {
$contact_emails = array();
}
if (!in_array(strtolower($sender_email), $contact_emails) && !Authorized_Replier::isAuthorizedReplier($issue_id, $sender_email)) {
$is_allowed = false;
}
} else {
if (!Authorized_Replier::isAuthorizedReplier($issue_id, $sender_email)) {
$is_allowed = false;
}
}
} else {
// check if this user is not a customer and
// also not in the assignment list for the current issue and
// also not in the authorized repliers list
// also not the reporter
$details = Issue::getDetails($issue_id);
if ($sender_usr_id == $details['iss_usr_id']) {
$is_allowed = true;
} elseif (User::isPartner($sender_usr_id) && in_array(User::getPartnerID($sender_usr_id), Partner::getPartnerCodesByIssue($issue_id))) {
$is_allowed = true;
} elseif (!Issue::canAccess($issue_id, $sender_usr_id) && !Authorized_Replier::isAuthorizedReplier($issue_id, $sender_email)) {
$is_allowed = false;
} elseif (!Authorized_Replier::isAuthorizedReplier($issue_id, $sender_email) && !Issue::isAssignedToUser($issue_id, $sender_usr_id) && User::getRoleByUser($sender_usr_id, Issue::getProjectID($issue_id)) != User::getRoleID('Customer')) {
$is_allowed = false;
}
}
return $is_allowed;
}
$tpl->assign("delete_phone_result", $res);
} elseif (@$HTTP_GET_VARS["cat"] == "new_status") {
// XXX: need to call the workflow api in the following function?
$res = Issue::setStatus($HTTP_GET_VARS["iss_id"], $HTTP_GET_VARS["new_sta_id"], true);
if ($res == 1) {
History::add($HTTP_GET_VARS["iss_id"], $usr_id, History::getTypeID('status_changed'), "Issue manually set to status '" . Status::getStatusTitle($HTTP_GET_VARS["new_sta_id"]) . "' by " . User::getFullName($usr_id));
}
$tpl->assign("new_status_result", $res);
} elseif (@$HTTP_GET_VARS["cat"] == "new_category") {
$res = Issue::setCategory($HTTP_GET_VARS["iss_id"], $HTTP_GET_VARS["iss_prc_id"], true);
if ($res == 1) {
History::add($HTTP_GET_VARS["iss_id"], $usr_id, History::getTypeID('status_changed'), "Issue manually set to category '" . Category::getTitle($HTTP_GET_VARS["iss_prc_id"]) . "' by " . User::getFullName($usr_id));
}
$tpl->assign("new_status_result", $res);
} elseif (@$HTTP_GET_VARS["cat"] == "new_project") {
$res = Issue::setProject($HTTP_GET_VARS["iss_id"], $HTTP_GET_VARS["iss_prj_id"], true);
if ($res == 1) {
History::add($HTTP_GET_VARS["iss_id"], $usr_id, History::getTypeID('status_changed'), "Issue manually set to project '" . Project::getName($HTTP_GET_VARS["iss_prj_id"]) . "' by " . User::getFullName($usr_id));
}
$tpl->assign("new_status_result", $res);
} elseif (@$HTTP_GET_VARS['cat'] == 'authorize_reply') {
$res = Authorized_Replier::addUser($HTTP_GET_VARS["iss_id"], $usr_id);
$tpl->assign('authorize_reply_result', $res);
} elseif (@$HTTP_GET_VARS['cat'] == 'remove_quarantine') {
if (Auth::getCurrentRole() > User::getRoleID('Developer')) {
$res = Issue::setQuarantine($HTTP_GET_VARS['iss_id'], 0);
$tpl->assign('remove_quarantine_result', $res);
}
}
$tpl->assign("current_user_prefs", Prefs::get($usr_id));
$tpl->displayTemplate();
/**
* Checks whether the given email address is allowed to send emails in the
* issue ID.
*
* @access public
* @param integer $issue_id The issue ID
* @param string $sender_email The email address
* @return boolean
*/
function isAllowedToEmail($issue_id, $sender_email)
{
$prj_id = Issue::getProjectID($issue_id);
// check the workflow
$workflow_can_email = Workflow::canEmailIssue($prj_id, $issue_id, $sender_email);
if ($workflow_can_email != null) {
return $workflow_can_email;
}
$is_allowed = true;
$sender_usr_id = User::getUserIDByEmail($sender_email);
if (empty($sender_usr_id)) {
if (Customer::hasCustomerIntegration($prj_id)) {
// check for a customer contact with several email addresses
$customer_id = Issue::getCustomerID($issue_id);
$contact_emails = array_keys(Customer::getContactEmailAssocList($prj_id, $customer_id, Issue::getContractID($issue_id)));
$contact_emails = array_map('strtolower', $contact_emails);
if (!in_array(strtolower($sender_email), $contact_emails) && !Authorized_Replier::isAuthorizedReplier($issue_id, $sender_email)) {
$is_allowed = false;
}
} else {
if (!Authorized_Replier::isAuthorizedReplier($issue_id, $sender_email)) {
$is_allowed = false;
}
}
} else {
// check if this user is not a customer and
// also not in the assignment list for the current issue and
// also not in the authorized repliers list
// also not the reporter
$details = Issue::getDetails($issue_id);
if (!Issue::canAccess($issue_id, $sender_usr_id)) {
$is_allowed = false;
}
if ($sender_usr_id != $details['iss_usr_id'] && !Authorized_Replier::isUserAuthorizedReplier($issue_id, $sender_usr_id) && !Issue::isAssignedToUser($issue_id, $sender_usr_id) && User::getRoleByUser($sender_usr_id, Issue::getProjectID($issue_id)) != User::getRoleID('Customer')) {
$is_allowed = false;
} elseif (User::getRoleByUser($sender_usr_id, Issue::getProjectID($issue_id)) == User::getRoleID('Customer') && User::getCustomerID($sender_usr_id) != Issue::getCustomerID($issue_id)) {
$is_allowed = false;
}
}
return $is_allowed;
}
// +----------------------------------------------------------------------+
// | Authors: Bryan Alsdorf <*****@*****.**> |
// +----------------------------------------------------------------------+
//
// @(#) $Id$
//
include_once "config.inc.php";
include_once APP_INC_PATH . "class.template.php";
include_once APP_INC_PATH . "class.auth.php";
include_once APP_INC_PATH . "class.project.php";
include_once APP_INC_PATH . "class.authorized_replier.php";
include_once APP_INC_PATH . "class.prefs.php";
include_once APP_INC_PATH . "db_access.php";
$tpl = new Template_API();
$tpl->setTemplate("authorized_replier.tpl.html");
Auth::checkAuthentication(APP_COOKIE, 'index.php?err=5', true);
$prj_id = Auth::getCurrentProject();
$issue_id = @$HTTP_POST_VARS["issue_id"] ? $HTTP_POST_VARS["issue_id"] : $HTTP_GET_VARS["iss_id"];
$tpl->assign("issue_id", $issue_id);
if (@$HTTP_POST_VARS["cat"] == "insert") {
$res = Authorized_Replier::manualInsert($issue_id, $HTTP_POST_VARS['email']);
$tpl->assign("insert_result", $res);
} elseif (@$HTTP_POST_VARS["cat"] == "delete") {
$res = Authorized_Replier::removeRepliers($HTTP_POST_VARS["items"]);
$tpl->assign("delete_result", $res);
}
list(, $repliers) = Authorized_Replier::getAuthorizedRepliers($issue_id);
$tpl->assign("list", $repliers);
$t = Project::getAddressBook($prj_id, $issue_id);
$tpl->assign("assoc_users", $t);
$tpl->displayTemplate();
$show_category = 0;
}
$cookie = Auth::getCookieInfo(APP_PROJECT_COOKIE);
if (!empty($auto_switched_from)) {
$tpl->assign(array("project_auto_switched" => 1, "old_project" => Project::getName($auto_switched_from)));
}
$setup = Setup::load();
$tpl->assign("allow_unassigned_issues", @$setup["allow_unassigned_issues"]);
$tpl->assign(array('next_issue' => @$sides['next'], 'previous_issue' => @$sides['previous'], 'subscribers' => Notification::getSubscribers($issue_id), 'custom_fields' => Custom_Field::getListByIssue($prj_id, $issue_id), 'files' => Attachment::getList($issue_id), 'emails' => Support::getEmailsByIssue($issue_id), 'zones' => Date_API::getTimezoneList(), 'users' => Project::getUserAssocList($prj_id, 'active', User::getRoleID('Customer')), 'ema_id' => Email_Account::getEmailAccount(), 'max_attachment_size' => Attachment::getMaxAttachmentSize(), 'show_releases' => $show_releases, 'show_category' => $show_category, 'categories' => Category::getAssocList($prj_id), 'quarantine' => Issue::getQuarantineInfo($issue_id)));
if ($role_id != User::getRoleID('customer')) {
if (@$_REQUEST['show_all_drafts'] == 1) {
$show_all_drafts = true;
} else {
$show_all_drafts = false;
}
if (Workflow::hasWorkflowIntegration($prj_id)) {
$statuses = Workflow::getAllowedStatuses($prj_id, $issue_id);
// if currently selected release is not on list, go ahead and add it.
} else {
$statuses = Status::getAssocStatusList($prj_id);
}
if (!empty($details['iss_sta_id']) && empty($statuses[$details['iss_sta_id']])) {
$statuses[$details['iss_sta_id']] = Status::getStatusTitle($details['iss_sta_id']);
}
$time_entries = Time_Tracking::getListing($issue_id);
$tpl->assign(array('notes' => Note::getListing($issue_id), 'is_user_assigned' => Issue::isAssignedToUser($issue_id, $usr_id), 'is_user_authorized' => Authorized_Replier::isUserAuthorizedReplier($issue_id, $usr_id), 'phone_entries' => Phone_Support::getListing($issue_id), 'phone_categories' => Phone_Support::getCategoryAssocList($prj_id), 'checkins' => SCM::getCheckinList($issue_id), 'time_categories' => Time_Tracking::getAssocCategories(), 'time_entries' => $time_entries['list'], 'total_time_spent' => $time_entries['total_time_spent'], 'impacts' => Impact_Analysis::getListing($issue_id), 'statuses' => $statuses, 'drafts' => Draft::getList($issue_id, $show_all_drafts), 'groups' => Group::getAssocList($prj_id)));
}
}
}
}
$tpl->displayTemplate();
/**
* Method used to remotely add an authorized replier to a given issue.
*
* @access public
* @param integer $issue_id The issue ID
* @param integer $usr_id The user ID of the person performing the change
* @param boolean $replier The user ID of the authorized replier
* @return integer The status ID
*/
function remoteAddAuthorizedReplier($issue_id, $usr_id, $replier)
{
$res = Authorized_Replier::manualInsert($issue_id, $replier, false);
if ($res != -1) {
// save a history entry about this...
History::add($issue_id, $usr_id, History::getTypeID('remote_replier_added'), $replier . " remotely added to authorized repliers by " . User::getFullName($usr_id));
}
return $res;
}
/**
* Method to determine if user can access a particular issue
*
* @access public
* @param integer $issue_id The ID of the issue.
* @param integer $usr_id The ID of the user
* @return boolean If the user can access the issue
*/
function canAccess($issue_id, $usr_id)
{
static $access;
if (empty($issue_id)) {
return true;
}
if (isset($access[$issue_id . "-" . $usr_id])) {
return $access[$issue_id . "-" . $usr_id];
}
$details = Issue::getDetails($issue_id);
if (empty($details)) {
return true;
}
$usr_details = User::getDetails($usr_id);
$usr_role = User::getRoleByUser($usr_id, $details['iss_prj_id']);
$prj_id = Issue::getProjectID($issue_id);
// check customer permissions
if (Customer::hasCustomerIntegration($details['iss_prj_id']) && $usr_role == User::getRoleID("Customer") && $details['iss_customer_id'] != $usr_details['usr_customer_id']) {
$return = false;
} elseif ($details['iss_private'] == 1) {
// check if the issue is even private
// check role, reporter, assigment and group
if (User::getRoleByUser($usr_id, $details['iss_prj_id']) > User::getRoleID("Developer")) {
$return = true;
} elseif ($details['iss_usr_id'] == $usr_id) {
$return = true;
} elseif (Issue::isAssignedToUser($issue_id, $usr_id)) {
$return = true;
} elseif (!empty($details['iss_grp_id']) && !empty($usr_details['usr_grp_id']) && $details['iss_grp_id'] == $usr_details['usr_grp_id']) {
$return = true;
} elseif (Authorized_Replier::isUserAuthorizedReplier($issue_id, $usr_id)) {
$return = true;
} else {
$return = false;
}
} elseif (Auth::getCurrentRole() <= User::getRoleID("Standard User") && Project::getSegregateReporters($prj_id) && $details['iss_usr_id'] != $usr_id && !Issue::isAssignedToUser($issue_id, $usr_id) && !Authorized_Replier::isUserAuthorizedReplier($issue_id, $usr_id)) {
return false;
} else {
$return = true;
}
$access[$issue_id . "-" . $usr_id] = $return;
return $return;
}
/**
* TODO: merge use of $options and $email arrays to just $email
*
* @param int $issue_id
* @param string $type type of email
* @param string $from
* @param string $to
* @param string $cc
* @param string $subject
* @param string $body
* @param array $options optional parameters
* - (int) parent_sup_id
* - (array) iaf_ids attachment file ids
* - (bool) add_unknown
* - (bool) add_cc_to_ar
* - (int) ema_id
* @return int 1 if it worked, -1 otherwise
*/
public static function sendEmail($issue_id, $type, $from, $to, $cc, $subject, $body, $options = array())
{
if ($to === null) {
// BTW, $to = '' is ok
Logger::app()->error('"To:" can not be NULL');
return -1;
}
$parent_sup_id = isset($options['parent_sup_id']) ? $options['parent_sup_id'] : null;
$iaf_ids = isset($options['iaf_ids']) ? (array) $options['iaf_ids'] : null;
$add_unknown = isset($options['add_unknown']) ? (bool) $options['add_unknown'] : false;
$add_cc_to_ar = isset($options['add_cc_to_ar']) ? (bool) $options['add_cc_to_ar'] : false;
$ema_id = isset($options['ema_id']) ? (int) $options['ema_id'] : null;
$current_usr_id = Auth::getUserID();
$prj_id = Issue::getProjectID($issue_id);
// if we are replying to an existing email, set the In-Reply-To: header accordingly
$in_reply_to = $parent_sup_id ? self::getMessageIDByID($parent_sup_id) : false;
// get ID of whoever is sending this.
$sender_usr_id = User::getUserIDByEmail(Mail_Helper::getEmailAddress($from)) ?: false;
// remove extra 'Re: ' from subject
$subject = Mail_Helper::removeExcessRe($subject, true);
$internal_only = false;
$message_id = Mail_Helper::generateMessageID();
// process any files being uploaded
// from ajax upload, attachment file ids
if ($iaf_ids) {
// FIXME: is it correct to use sender from post data?
$attach_usr_id = $sender_usr_id ?: $current_usr_id;
Attachment::attachFiles($issue_id, $attach_usr_id, $iaf_ids, false, 'Attachment originated from outgoing email');
}
// hack needed to get the full headers of this web-based email
$full_email = self::buildFullHeaders($issue_id, $message_id, $from, $to, $cc, $subject, $body, $in_reply_to, $iaf_ids);
// email blocking should only be done if this is an email about an associated issue
if ($issue_id) {
$user_info = User::getNameEmail($current_usr_id);
// check whether the current user is allowed to send this email to customers or not
if (!self::isAllowedToEmail($issue_id, $user_info['usr_email'])) {
// add the message body as a note
$note = Mail_Helper::getCannedBlockedMsgExplanation() . $body;
$note_options = array('full_message' => $full_email, 'is_blocked' => true);
Note::insertNote($current_usr_id, $issue_id, $subject, $note, $note_options);
$email_details = array('from' => $from, 'to' => $to, 'cc' => $cc, 'subject' => $subject, 'body' => &$body, 'message' => &$body, 'title' => $subject);
Workflow::handleBlockedEmail($prj_id, $issue_id, $email_details, 'web');
return 1;
}
}
// only send a direct email if the user doesn't want to add the Cc'ed people to the notification list
if (($add_unknown || Workflow::shouldAutoAddToNotificationList($prj_id)) && $issue_id) {
// add the recipients to the notification list of the associated issue
$recipients = array($to);
$recipients = array_merge($recipients, self::getRecipientsCC($cc));
foreach ($recipients as $address) {
if ($address && !Notification::isIssueRoutingSender($issue_id, $address)) {
$actions = Notification::getDefaultActions($issue_id, $address, 'add_unknown_user');
Notification::subscribeEmail($current_usr_id, $issue_id, Mail_Helper::getEmailAddress($address), $actions);
}
}
} else {
// Usually when sending out emails associated to an issue, we would
// simply insert the email in the table and call the Notification::notifyNewEmail() method,
// but on this case we need to actually send the email to the recipients that are not
// already in the notification list for the associated issue, if any.
// In the case of replying to an email that is not yet associated with an issue, then
// we are always directly sending the email, without using any notification list
// functionality.
if ($issue_id) {
// send direct emails only to the unknown addresses, and leave the rest to be
// catched by the notification list
$from = Notification::getFixedFromHeader($issue_id, $from, 'issue');
// build the list of unknown recipients
if ($to) {
$recipients = array($to);
$recipients = array_merge($recipients, self::getRecipientsCC($cc));
} else {
$recipients = self::getRecipientsCC($cc);
}
$unknowns = array();
foreach ($recipients as $address) {
if (!Notification::isSubscribedToEmails($issue_id, $address)) {
$unknowns[] = $address;
}
}
if ($unknowns) {
$to2 = array_shift($unknowns);
$cc2 = implode('; ', $unknowns);
// send direct emails
self::sendDirectEmail($issue_id, $from, $to2, $cc2, $subject, $body, $_FILES['attachment'], $message_id, $sender_usr_id);
}
} else {
// send direct emails to all recipients, since we don't have an associated issue
$project_info = Project::getOutgoingSenderAddress(Auth::getCurrentProject());
// use the project-related outgoing email address, if there is one
if (!empty($project_info['email'])) {
$from = Mail_Helper::getFormattedName(User::getFullName($current_usr_id), $project_info['email']);
} else {
// otherwise, use the real email address for the current user
$from = User::getFromHeader($current_usr_id);
}
// send direct emails
self::sendDirectEmail($issue_id, $from, $to, $cc, $subject, $body, $_FILES['attachment'], $message_id);
}
}
if ($add_cc_to_ar) {
foreach (self::getRecipientsCC($cc) as $recipient) {
Authorized_Replier::manualInsert($issue_id, $recipient);
}
}
$email = array('customer_id' => 'NULL', 'issue_id' => $issue_id, 'ema_id' => $ema_id, 'message_id' => $message_id, 'date' => Date_Helper::getCurrentDateGMT(), 'from' => $from, 'to' => $to, 'cc' => $cc, 'subject' => $subject, 'body' => $body, 'full_email' => $full_email);
// associate this new email with a customer, if appropriate
if (Auth::getCurrentRole() == User::ROLE_CUSTOMER) {
if ($issue_id) {
$crm = CRM::getInstance($prj_id);
try {
$contact = $crm->getContact(User::getCustomerContactID($current_usr_id));
$issue_contract = $crm->getContract(Issue::getContractID($issue_id));
if ($contact->canAccessContract($issue_contract)) {
$email['customer_id'] = $issue_contract->getCustomerID();
}
} catch (CRMException $e) {
}
} else {
$customer_id = User::getCustomerID($current_usr_id);
if ($customer_id && $customer_id != -1) {
$email['customer_id'] = $customer_id;
}
}
}
$email['has_attachment'] = $iaf_ids ? 1 : 0;
$structure = Mime_Helper::decode($full_email, true, false);
$email['headers'] = $structure->headers;
self::insertEmail($email, $structure, $sup_id);
if ($issue_id) {
// need to send a notification
Notification::notifyNewEmail($current_usr_id, $issue_id, $email, $internal_only, false, $type, $sup_id);
// mark this issue as updated
$has_customer = $email['customer_id'] && $email['customer_id'] != 'NULL';
if ($has_customer && (!$current_usr_id || User::getRoleByUser($current_usr_id, $prj_id) == User::ROLE_CUSTOMER)) {
Issue::markAsUpdated($issue_id, 'customer action');
} else {
if ($sender_usr_id && User::getRoleByUser($sender_usr_id, $prj_id) > User::ROLE_CUSTOMER) {
Issue::markAsUpdated($issue_id, 'staff response');
} else {
Issue::markAsUpdated($issue_id, 'user response');
}
}
History::add($issue_id, $current_usr_id, 'email_sent', 'Outgoing email sent by {user}', array('user' => User::getFullName($current_usr_id)));
}
return 1;
}
