/** * Method to determine if user can access a particular issue * * @param integer $issue_id The ID of the issue. * @param integer $usr_id The ID of the user * @return boolean If the user can access the issue */ public static function canAccessIssue($issue_id, $usr_id) { static $access; if (empty($issue_id)) { return false; } if (isset($access[$issue_id . '-' . $usr_id])) { return $access[$issue_id . '-' . $usr_id]; } $details = Issue::getDetails($issue_id); if (empty($details)) { return true; } $usr_details = User::getDetails($usr_id); $usr_role = User::getRoleByUser($usr_id, $details['iss_prj_id']); $prj_id = $details['iss_prj_id']; $can_access_contract = false; if (CRM::hasCustomerIntegration($prj_id)) { $crm = CRM::getInstance($prj_id); try { if (!empty($usr_details['usr_customer_contact_id']) && !empty($details['iss_customer_contract_id'])) { $contact = $crm->getContact($usr_details['usr_customer_contact_id']); $can_access_contract = $contact->canAccessContract($crm->getContract($details['iss_customer_contract_id'])); } } catch (CRMException $e) { // TODOCRM: Log exception? } } if (empty($usr_role)) { // check if they are even allowed to access the project $return = false; } elseif (CRM::hasCustomerIntegration($details['iss_prj_id']) && $usr_role == User::getRoleID('Customer') && $can_access_contract === false) { // check customer permissions $return = false; } elseif (!empty($usr_details['usr_par_code']) && !Partner::isPartnerEnabledForIssue($usr_details['usr_par_code'], $issue_id)) { // check if the user is a partner $return = false; } elseif ($details['iss_private'] == 1) { // check if the issue is even private // check role, reporter, assignment and group if ($usr_role > User::getRoleID('Developer')) { $return = true; } elseif ($details['iss_usr_id'] == $usr_id) { $return = true; } elseif (Issue::isAssignedToUser($issue_id, $usr_id)) { $return = true; } elseif (!empty($details['iss_grp_id']) && !empty($usr_details['usr_grp_id']) && $details['iss_grp_id'] == $usr_details['usr_grp_id']) { $return = true; } elseif (Authorized_Replier::isUserAuthorizedReplier($issue_id, $usr_id)) { $return = true; } else { $return = false; } } elseif (Auth::getCurrentRole() == User::getRoleID('Reporter') && Project::getSegregateReporters($prj_id) && $details['iss_usr_id'] != $usr_id && !Authorized_Replier::isUserAuthorizedReplier($issue_id, $usr_id)) { return false; } else { $return = true; } $access[$issue_id . '-' . $usr_id] = $return; return $return; }
/** * Converts a note to a draft or an email * * @param int $note_id The id of the note * @param string $target What the note should be converted too (email, etc) * @param bool $authorize_sender If $authorize_sender If the sender should be added to authorized senders list. * @return int */ public static function convertNote($note_id, $target, $authorize_sender = false) { $issue_id = self::getIssueID($note_id); $email_account_id = Email_Account::getEmailAccount(); $blocked_message = self::getBlockedMessage($note_id); $unknown_user = self::getUnknownUser($note_id); $structure = Mime_Helper::decode($blocked_message, true, true); $body = $structure->body; $sender_email = strtolower(Mail_Helper::getEmailAddress($structure->headers['from'])); $current_usr_id = Auth::getUserID(); if ($target == 'email') { if (Mime_Helper::hasAttachments($structure)) { $has_attachments = 1; } else { $has_attachments = 0; } list($blocked_message, $headers) = Mail_Helper::rewriteThreadingHeaders($issue_id, $blocked_message, @$structure->headers); $t = array('issue_id' => $issue_id, 'ema_id' => $email_account_id, 'message_id' => @$structure->headers['message-id'], 'date' => Date_Helper::getCurrentDateGMT(), 'from' => @$structure->headers['from'], 'to' => @$structure->headers['to'], 'cc' => @$structure->headers['cc'], 'subject' => @$structure->headers['subject'], 'body' => @$body, 'full_email' => @$blocked_message, 'has_attachment' => $has_attachments, 'headers' => $headers); // need to check for a possible customer association if (!empty($structure->headers['from'])) { $details = Email_Account::getDetails($email_account_id); // check from the associated project if we need to lookup any customers by this email address if (CRM::hasCustomerIntegration($details['ema_prj_id'])) { $crm = CRM::getInstance($details['ema_prj_id']); // check for any customer contact association try { $contact = $crm->getContactByEmail($sender_email); $issue_contract = $crm->getContract(Issue::getContractID($issue_id)); if ($contact->canAccessContract($issue_contract)) { $t['customer_id'] = $issue_contract->getCustomerID(); } } catch (CRMException $e) { } } } if (empty($t['customer_id'])) { $update_type = 'staff response'; $t['customer_id'] = null; } else { $update_type = 'customer action'; } $res = Support::insertEmail($t, $structure, $sup_id); if ($res != -1) { Support::extractAttachments($issue_id, $structure); // notifications about new emails are always external $internal_only = false; // special case when emails are bounced back, so we don't want to notify the customer about those if (Notification::isBounceMessage($sender_email)) { $internal_only = true; } Notification::notifyNewEmail($current_usr_id, $issue_id, $t, $internal_only, false, '', $sup_id); Issue::markAsUpdated($issue_id, $update_type); self::remove($note_id, false); History::add($issue_id, $current_usr_id, 'note_converted_email', 'Note converted to e-mail (from: {from}) by {user}', array('from' => @$structure->headers['from'], 'user' => User::getFullName($current_usr_id))); // now add sender as an authorized replier if ($authorize_sender) { Authorized_Replier::manualInsert($issue_id, @$structure->headers['from']); } } return $res; } // save message as a draft $res = Draft::saveEmail($issue_id, $structure->headers['to'], $structure->headers['cc'], $structure->headers['subject'], $body, false, $unknown_user); // remove the note, if the draft was created successfully if ($res) { self::remove($note_id, false); $usr_id = $current_usr_id; History::add($issue_id, $usr_id, 'note_converted_draft', 'Note converted to draft (from: {from}) by {user}', array('from' => @$structure->headers['from'], 'user' => User::getFullName($current_usr_id))); } return $res; }
/** * Called when a new message is recieved. * * @param integer $prj_id The projectID * @param integer $issue_id The ID of the issue. * @param object $message An object containing the new email * @param array $row The array of data that was inserted into the database. * @param boolean $closing If we are closing the issue. */ function handleNewEmail($prj_id, $issue_id, $message, $row = false, $closing = false) { $subject = $row['subject']; $body = $row['body']; preg_match('/(H|C)[A-Z0-9]{12,14}/', $subject, $header_matches); preg_match_all('/(H|C)[A-Z0-9]{12,14}/', $body, $body_matches); if ($header_matches[0]) { $refs[] = $header_matches[0]; } foreach ($body_matches[0] as $body_match) { if ($body_match) { $refs[] = $body_match; } } $refs = @array_unique($refs); $stmt = "Select reference_number,ss_subscription_id from " . ETEL_TRANS_SUBS_TABLE_NOSUB . "\n\t\tWHERE\n\t\t\treference_number in ('" . @implode("','", $refs) . "')"; $res = $GLOBALS["db_api"]->dbh->getRow($stmt); if (PEAR::isError($res)) { Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__); } else { if ($res[0]) { Custom_Field::associateIssue($issue_id, 1, $res[0]); } if ($res[1]) { Custom_Field::associateIssue($issue_id, 4, $res[1]); } } $res = Authorized_Replier::manualInsert($issue_id, $row['from']); Issue::updateControlStatus($issue_id); }
/** * Method used to get the details for a specific issue. * * @param integer $issue_id The issue ID * @param boolean $force_refresh If the cache should not be used. * @return array The details for the specified issue */ public static function getDetails($issue_id, $force_refresh = false) { static $returns; if (empty($issue_id)) { return ''; } if (!empty($returns[$issue_id]) && $force_refresh != true) { return $returns[$issue_id]; } $stmt = 'SELECT {{%issue}}.*, prj_title, prc_title, pre_title, pri_title, sev_title, sta_title, sta_abbreviation, sta_color status_color, sta_is_closed FROM ( {{%issue}}, {{%project}} ) LEFT JOIN {{%project_priority}} ON iss_pri_id=pri_id LEFT JOIN {{%project_severity}} ON iss_sev_id=sev_id LEFT JOIN {{%status}} ON iss_sta_id=sta_id LEFT JOIN {{%project_category}} ON iss_prc_id=prc_id LEFT JOIN {{%project_release}} ON iss_pre_id=pre_id WHERE iss_id=? AND iss_prj_id=prj_id'; try { $res = DB_Helper::getInstance()->getRow($stmt, array($issue_id)); } catch (DbException $e) { return ''; } if (empty($res)) { return ''; } $created_date_ts = Date_Helper::getUnixTimestamp($res['iss_created_date'], Date_Helper::getDefaultTimezone()); // get customer information, if any if (!empty($res['iss_customer_id']) && CRM::hasCustomerIntegration($res['iss_prj_id'])) { $crm = CRM::getInstance($res['iss_prj_id']); try { $customer = $crm->getCustomer($res['iss_customer_id']); $contract = $crm->getContract($res['iss_customer_contract_id']); $res['contact_local_time'] = Date_Helper::getFormattedDate(Date_Helper::getCurrentDateGMT(), $res['iss_contact_timezone']); $res['customer'] = $customer; $res['contract'] = $contract; $res['contact'] = $crm->getContact($res['iss_customer_contact_id']); // TODOCRM: Deal with incidents // $res['redeemed_incidents'] = Customer::getRedeemedIncidentDetails($res['iss_prj_id'], $res['iss_id']); $max_first_response_time = $contract->getMaximumFirstResponseTime($issue_id); $res['max_first_response_time'] = Misc::getFormattedTime($max_first_response_time / 60); if (empty($res['iss_first_response_date'])) { $first_response_deadline = $created_date_ts + $max_first_response_time; if (time() <= $first_response_deadline) { $res['max_first_response_time_left'] = Date_Helper::getFormattedDateDiff($first_response_deadline, time()); } else { $res['overdue_first_response_time'] = Date_Helper::getFormattedDateDiff(time(), $first_response_deadline); } } } catch (CRMException $e) { // TODOCRM: Log exception? } } $res['iss_original_description'] = $res['iss_description']; $res['iss_original_percent_complete'] = $res['iss_percent_complete']; $res['iss_description'] = nl2br(htmlspecialchars($res['iss_description'])); $res['iss_resolution'] = Resolution::getTitle($res['iss_res_id']); $res['iss_impact_analysis'] = nl2br(htmlspecialchars($res['iss_impact_analysis'])); $res['iss_created_date_ts'] = $created_date_ts; $res['assignments'] = @implode(', ', array_values(self::getAssignedUsers($res['iss_id']))); list($res['authorized_names'], $res['authorized_repliers']) = Authorized_Replier::getAuthorizedRepliers($res['iss_id']); $temp = self::getAssignedUsersStatus($res['iss_id']); $res['has_inactive_users'] = 0; $res['assigned_users'] = array(); $res['assigned_inactive_users'] = array(); foreach ($temp as $usr_id => $usr_status) { if (!User::isActiveStatus($usr_status)) { $res['assigned_inactive_users'][] = $usr_id; $res['has_inactive_users'] = 1; } else { $res['assigned_users'][] = $usr_id; } } if (@in_array(Auth::getUserID(), $res['assigned_users'])) { $res['is_current_user_assigned'] = 1; } else { $res['is_current_user_assigned'] = 0; } $res['associated_issues_details'] = self::getAssociatedIssuesDetails($res['iss_id']); $res['associated_issues'] = self::getAssociatedIssues($res['iss_id']); $res['reporter'] = User::getFullName($res['iss_usr_id']); if (empty($res['iss_updated_date'])) { $res['iss_updated_date'] = $res['iss_created_date']; } $res['estimated_formatted_time'] = Misc::getFormattedTime($res['iss_dev_time']); if (Release::isAssignable($res['iss_pre_id'])) { $release = Release::getDetails($res['iss_pre_id']); $res['pre_title'] = $release['pre_title']; $res['pre_status'] = $release['pre_status']; } // need to return the list of issues that are duplicates of this one $res['duplicates'] = self::getDuplicateList($res['iss_id']); $res['duplicates_details'] = self::getDuplicateDetailsList($res['iss_id']); // also get the issue title of the duplicated issue if (!empty($res['iss_duplicated_iss_id'])) { $res['duplicated_issue'] = self::getDuplicatedDetails($res['iss_duplicated_iss_id']); } // get group information if (!empty($res['iss_grp_id'])) { $res['group'] = Group::getDetails($res['iss_grp_id']); } // get quarantine issue $res['quarantine'] = self::getQuarantineInfo($res['iss_id']); $res['products'] = Product::getProductsByIssue($res['iss_id']); $returns[$issue_id] = $res; return $res; }
/** * @param int $issue_id * @param int $project_id * @param string $new_replier * @return string * @access protected */ public function addAuthorizedReplier($issue_id, $project_id, $new_replier) { $usr_id = Auth::getUserID(); $replier_usr_id = User::getUserIDByEmail($new_replier); // if this is an actual user, not just an email address check permissions if (!empty($replier_usr_id)) { // check if the assignee is even allowed to be in the given project $projects = Project::getRemoteAssocListByUser($replier_usr_id); if (!in_array($project_id, array_keys($projects))) { throw new RemoteApiException("The given user is not permitted in the project associated with issue #{$issue_id}"); } } // check if user is already authorized if (Authorized_Replier::isAuthorizedReplier($issue_id, $new_replier)) { throw new RemoteApiException("The given user is already an authorized replier on issue #{$issue_id}"); } $res = Authorized_Replier::remoteAddAuthorizedReplier($issue_id, $usr_id, $new_replier); if ($res == -1) { throw new RemoteApiException("Could not add '{$new_replier}' as an authorized replier to issue #{$issue_id}"); } return 'OK'; }
$res = Support::removeEmails(); $tpl->assign('remove_email_result', $res); } elseif ($cat == 'clear_duplicate') { $res = Issue::clearDuplicateStatus($iss_id); $tpl->assign('clear_duplicate_result', $res); } elseif ($cat == 'delete_phone') { $res = Phone_Support::remove($id); $tpl->assign('delete_phone_result', $res); } elseif ($cat == 'new_status') { $res = Issue::setStatus($iss_id, $status_id, true); if ($res == 1) { History::add($iss_id, $usr_id, 'status_changed', "Issue manually set to status '{status}' by {user}", array('status' => Status::getStatusTitle($status_id), 'user' => User::getFullName($usr_id))); } $tpl->assign('new_status_result', $res); } elseif ($cat == 'authorize_reply') { $res = Authorized_Replier::addUser($iss_id, $usr_id); $tpl->assign('authorize_reply_result', $res); } elseif ($cat == 'remove_quarantine') { if (Auth::getCurrentRole() > User::getRoleID('Developer')) { $res = Issue::setQuarantine($iss_id, 0); $tpl->assign('remove_quarantine_result', $res); } } elseif ($cat == 'selfnotify') { if (Issue::canAccess($iss_id, $usr_id)) { $res = Notification::subscribeUser($usr_id, $iss_id, $usr_id, Notification::getDefaultActions($iss_id)); $tpl->assign('selfnotify_result', $res); } } $tpl->assign('current_user_prefs', Prefs::get($usr_id)); $tpl->assign('cat', $cat); $tpl->displayTemplate();
function addAuthorizedReplier($p) { $email = XML_RPC_decode($p->getParam(0)); $password = XML_RPC_decode($p->getParam(1)); $auth = authenticate($email, $password); if (is_object($auth)) { return $auth; } $issue_id = XML_RPC_decode($p->getParam(2)); $project_id = XML_RPC_decode($p->getParam(3)); $new_replier = XML_RPC_decode($p->getParam(4)); $usr_id = User::getUserIDByEmail($email); $replier_usr_id = User::getUserIDByEmail($new_replier); // if this is an actual user, not just an email address check permissions if (!empty($replier_usr_id)) { // check if the assignee is even allowed to be in the given project $projects = Project::getRemoteAssocListByUser($replier_usr_id); if (!in_array($project_id, array_keys($projects))) { return new XML_RPC_Response(0, $XML_RPC_erruser + 1, "The given user is not permitted in the project associated with issue #{$issue_id}"); } } // check if user is already authorized if (Authorized_Replier::isAuthorizedReplier($issue_id, $new_replier)) { return new XML_RPC_Response(0, $XML_RPC_erruser + 1, "The given user is already an authorized replier on issue #{$issue_id}"); } $res = Authorized_Replier::remoteAddAuthorizedReplier($issue_id, $usr_id, $new_replier); if ($res == -1) { return new XML_RPC_Response(0, $XML_RPC_erruser + 1, "Could not add '{$new_replier}' as an authorized replier to issue #{$issue_id}"); } else { return new XML_RPC_Response(XML_RPC_Encode('OK')); } }
/** * Checks whether the given email address is allowed to send emails in the * issue ID. * * @param integer $issue_id The issue ID * @param string $sender_email The email address * @return boolean */ public static function isAllowedToEmail($issue_id, $sender_email) { $prj_id = Issue::getProjectID($issue_id); // check the workflow $workflow_can_email = Workflow::canEmailIssue($prj_id, $issue_id, $sender_email); if ($workflow_can_email != null) { return $workflow_can_email; } $is_allowed = true; $sender_usr_id = User::getUserIDByEmail($sender_email, true); if (empty($sender_usr_id)) { if (CRM::hasCustomerIntegration($prj_id)) { // check for a customer contact with several email addresses $crm = CRM::getInstance($prj_id); try { $contract = $crm->getContract(Issue::getContractID($issue_id)); $contact_emails = array_keys($contract->getContactEmailAssocList()); $contact_emails = array_map(function ($s) { return strtolower($s); }, $contact_emails); } catch (CRMException $e) { $contact_emails = array(); } if (!in_array(strtolower($sender_email), $contact_emails) && !Authorized_Replier::isAuthorizedReplier($issue_id, $sender_email)) { $is_allowed = false; } } else { if (!Authorized_Replier::isAuthorizedReplier($issue_id, $sender_email)) { $is_allowed = false; } } } else { // check if this user is not a customer and // also not in the assignment list for the current issue and // also not in the authorized repliers list // also not the reporter $details = Issue::getDetails($issue_id); if ($sender_usr_id == $details['iss_usr_id']) { $is_allowed = true; } elseif (User::isPartner($sender_usr_id) && in_array(User::getPartnerID($sender_usr_id), Partner::getPartnerCodesByIssue($issue_id))) { $is_allowed = true; } elseif (!Issue::canAccess($issue_id, $sender_usr_id) && !Authorized_Replier::isAuthorizedReplier($issue_id, $sender_email)) { $is_allowed = false; } elseif (!Authorized_Replier::isAuthorizedReplier($issue_id, $sender_email) && !Issue::isAssignedToUser($issue_id, $sender_usr_id) && User::getRoleByUser($sender_usr_id, Issue::getProjectID($issue_id)) != User::getRoleID('Customer')) { $is_allowed = false; } } return $is_allowed; }
$tpl->assign("delete_phone_result", $res); } elseif (@$HTTP_GET_VARS["cat"] == "new_status") { // XXX: need to call the workflow api in the following function? $res = Issue::setStatus($HTTP_GET_VARS["iss_id"], $HTTP_GET_VARS["new_sta_id"], true); if ($res == 1) { History::add($HTTP_GET_VARS["iss_id"], $usr_id, History::getTypeID('status_changed'), "Issue manually set to status '" . Status::getStatusTitle($HTTP_GET_VARS["new_sta_id"]) . "' by " . User::getFullName($usr_id)); } $tpl->assign("new_status_result", $res); } elseif (@$HTTP_GET_VARS["cat"] == "new_category") { $res = Issue::setCategory($HTTP_GET_VARS["iss_id"], $HTTP_GET_VARS["iss_prc_id"], true); if ($res == 1) { History::add($HTTP_GET_VARS["iss_id"], $usr_id, History::getTypeID('status_changed'), "Issue manually set to category '" . Category::getTitle($HTTP_GET_VARS["iss_prc_id"]) . "' by " . User::getFullName($usr_id)); } $tpl->assign("new_status_result", $res); } elseif (@$HTTP_GET_VARS["cat"] == "new_project") { $res = Issue::setProject($HTTP_GET_VARS["iss_id"], $HTTP_GET_VARS["iss_prj_id"], true); if ($res == 1) { History::add($HTTP_GET_VARS["iss_id"], $usr_id, History::getTypeID('status_changed'), "Issue manually set to project '" . Project::getName($HTTP_GET_VARS["iss_prj_id"]) . "' by " . User::getFullName($usr_id)); } $tpl->assign("new_status_result", $res); } elseif (@$HTTP_GET_VARS['cat'] == 'authorize_reply') { $res = Authorized_Replier::addUser($HTTP_GET_VARS["iss_id"], $usr_id); $tpl->assign('authorize_reply_result', $res); } elseif (@$HTTP_GET_VARS['cat'] == 'remove_quarantine') { if (Auth::getCurrentRole() > User::getRoleID('Developer')) { $res = Issue::setQuarantine($HTTP_GET_VARS['iss_id'], 0); $tpl->assign('remove_quarantine_result', $res); } } $tpl->assign("current_user_prefs", Prefs::get($usr_id)); $tpl->displayTemplate();
/** * Checks whether the given email address is allowed to send emails in the * issue ID. * * @access public * @param integer $issue_id The issue ID * @param string $sender_email The email address * @return boolean */ function isAllowedToEmail($issue_id, $sender_email) { $prj_id = Issue::getProjectID($issue_id); // check the workflow $workflow_can_email = Workflow::canEmailIssue($prj_id, $issue_id, $sender_email); if ($workflow_can_email != null) { return $workflow_can_email; } $is_allowed = true; $sender_usr_id = User::getUserIDByEmail($sender_email); if (empty($sender_usr_id)) { if (Customer::hasCustomerIntegration($prj_id)) { // check for a customer contact with several email addresses $customer_id = Issue::getCustomerID($issue_id); $contact_emails = array_keys(Customer::getContactEmailAssocList($prj_id, $customer_id, Issue::getContractID($issue_id))); $contact_emails = array_map('strtolower', $contact_emails); if (!in_array(strtolower($sender_email), $contact_emails) && !Authorized_Replier::isAuthorizedReplier($issue_id, $sender_email)) { $is_allowed = false; } } else { if (!Authorized_Replier::isAuthorizedReplier($issue_id, $sender_email)) { $is_allowed = false; } } } else { // check if this user is not a customer and // also not in the assignment list for the current issue and // also not in the authorized repliers list // also not the reporter $details = Issue::getDetails($issue_id); if (!Issue::canAccess($issue_id, $sender_usr_id)) { $is_allowed = false; } if ($sender_usr_id != $details['iss_usr_id'] && !Authorized_Replier::isUserAuthorizedReplier($issue_id, $sender_usr_id) && !Issue::isAssignedToUser($issue_id, $sender_usr_id) && User::getRoleByUser($sender_usr_id, Issue::getProjectID($issue_id)) != User::getRoleID('Customer')) { $is_allowed = false; } elseif (User::getRoleByUser($sender_usr_id, Issue::getProjectID($issue_id)) == User::getRoleID('Customer') && User::getCustomerID($sender_usr_id) != Issue::getCustomerID($issue_id)) { $is_allowed = false; } } return $is_allowed; }
// +----------------------------------------------------------------------+ // | Authors: Bryan Alsdorf <*****@*****.**> | // +----------------------------------------------------------------------+ // // @(#) $Id$ // include_once "config.inc.php"; include_once APP_INC_PATH . "class.template.php"; include_once APP_INC_PATH . "class.auth.php"; include_once APP_INC_PATH . "class.project.php"; include_once APP_INC_PATH . "class.authorized_replier.php"; include_once APP_INC_PATH . "class.prefs.php"; include_once APP_INC_PATH . "db_access.php"; $tpl = new Template_API(); $tpl->setTemplate("authorized_replier.tpl.html"); Auth::checkAuthentication(APP_COOKIE, 'index.php?err=5', true); $prj_id = Auth::getCurrentProject(); $issue_id = @$HTTP_POST_VARS["issue_id"] ? $HTTP_POST_VARS["issue_id"] : $HTTP_GET_VARS["iss_id"]; $tpl->assign("issue_id", $issue_id); if (@$HTTP_POST_VARS["cat"] == "insert") { $res = Authorized_Replier::manualInsert($issue_id, $HTTP_POST_VARS['email']); $tpl->assign("insert_result", $res); } elseif (@$HTTP_POST_VARS["cat"] == "delete") { $res = Authorized_Replier::removeRepliers($HTTP_POST_VARS["items"]); $tpl->assign("delete_result", $res); } list(, $repliers) = Authorized_Replier::getAuthorizedRepliers($issue_id); $tpl->assign("list", $repliers); $t = Project::getAddressBook($prj_id, $issue_id); $tpl->assign("assoc_users", $t); $tpl->displayTemplate();
$show_category = 0; } $cookie = Auth::getCookieInfo(APP_PROJECT_COOKIE); if (!empty($auto_switched_from)) { $tpl->assign(array("project_auto_switched" => 1, "old_project" => Project::getName($auto_switched_from))); } $setup = Setup::load(); $tpl->assign("allow_unassigned_issues", @$setup["allow_unassigned_issues"]); $tpl->assign(array('next_issue' => @$sides['next'], 'previous_issue' => @$sides['previous'], 'subscribers' => Notification::getSubscribers($issue_id), 'custom_fields' => Custom_Field::getListByIssue($prj_id, $issue_id), 'files' => Attachment::getList($issue_id), 'emails' => Support::getEmailsByIssue($issue_id), 'zones' => Date_API::getTimezoneList(), 'users' => Project::getUserAssocList($prj_id, 'active', User::getRoleID('Customer')), 'ema_id' => Email_Account::getEmailAccount(), 'max_attachment_size' => Attachment::getMaxAttachmentSize(), 'show_releases' => $show_releases, 'show_category' => $show_category, 'categories' => Category::getAssocList($prj_id), 'quarantine' => Issue::getQuarantineInfo($issue_id))); if ($role_id != User::getRoleID('customer')) { if (@$_REQUEST['show_all_drafts'] == 1) { $show_all_drafts = true; } else { $show_all_drafts = false; } if (Workflow::hasWorkflowIntegration($prj_id)) { $statuses = Workflow::getAllowedStatuses($prj_id, $issue_id); // if currently selected release is not on list, go ahead and add it. } else { $statuses = Status::getAssocStatusList($prj_id); } if (!empty($details['iss_sta_id']) && empty($statuses[$details['iss_sta_id']])) { $statuses[$details['iss_sta_id']] = Status::getStatusTitle($details['iss_sta_id']); } $time_entries = Time_Tracking::getListing($issue_id); $tpl->assign(array('notes' => Note::getListing($issue_id), 'is_user_assigned' => Issue::isAssignedToUser($issue_id, $usr_id), 'is_user_authorized' => Authorized_Replier::isUserAuthorizedReplier($issue_id, $usr_id), 'phone_entries' => Phone_Support::getListing($issue_id), 'phone_categories' => Phone_Support::getCategoryAssocList($prj_id), 'checkins' => SCM::getCheckinList($issue_id), 'time_categories' => Time_Tracking::getAssocCategories(), 'time_entries' => $time_entries['list'], 'total_time_spent' => $time_entries['total_time_spent'], 'impacts' => Impact_Analysis::getListing($issue_id), 'statuses' => $statuses, 'drafts' => Draft::getList($issue_id, $show_all_drafts), 'groups' => Group::getAssocList($prj_id))); } } } } $tpl->displayTemplate();
/** * Method used to remotely add an authorized replier to a given issue. * * @access public * @param integer $issue_id The issue ID * @param integer $usr_id The user ID of the person performing the change * @param boolean $replier The user ID of the authorized replier * @return integer The status ID */ function remoteAddAuthorizedReplier($issue_id, $usr_id, $replier) { $res = Authorized_Replier::manualInsert($issue_id, $replier, false); if ($res != -1) { // save a history entry about this... History::add($issue_id, $usr_id, History::getTypeID('remote_replier_added'), $replier . " remotely added to authorized repliers by " . User::getFullName($usr_id)); } return $res; }
/** * Method to determine if user can access a particular issue * * @access public * @param integer $issue_id The ID of the issue. * @param integer $usr_id The ID of the user * @return boolean If the user can access the issue */ function canAccess($issue_id, $usr_id) { static $access; if (empty($issue_id)) { return true; } if (isset($access[$issue_id . "-" . $usr_id])) { return $access[$issue_id . "-" . $usr_id]; } $details = Issue::getDetails($issue_id); if (empty($details)) { return true; } $usr_details = User::getDetails($usr_id); $usr_role = User::getRoleByUser($usr_id, $details['iss_prj_id']); $prj_id = Issue::getProjectID($issue_id); // check customer permissions if (Customer::hasCustomerIntegration($details['iss_prj_id']) && $usr_role == User::getRoleID("Customer") && $details['iss_customer_id'] != $usr_details['usr_customer_id']) { $return = false; } elseif ($details['iss_private'] == 1) { // check if the issue is even private // check role, reporter, assigment and group if (User::getRoleByUser($usr_id, $details['iss_prj_id']) > User::getRoleID("Developer")) { $return = true; } elseif ($details['iss_usr_id'] == $usr_id) { $return = true; } elseif (Issue::isAssignedToUser($issue_id, $usr_id)) { $return = true; } elseif (!empty($details['iss_grp_id']) && !empty($usr_details['usr_grp_id']) && $details['iss_grp_id'] == $usr_details['usr_grp_id']) { $return = true; } elseif (Authorized_Replier::isUserAuthorizedReplier($issue_id, $usr_id)) { $return = true; } else { $return = false; } } elseif (Auth::getCurrentRole() <= User::getRoleID("Standard User") && Project::getSegregateReporters($prj_id) && $details['iss_usr_id'] != $usr_id && !Issue::isAssignedToUser($issue_id, $usr_id) && !Authorized_Replier::isUserAuthorizedReplier($issue_id, $usr_id)) { return false; } else { $return = true; } $access[$issue_id . "-" . $usr_id] = $return; return $return; }
/** * TODO: merge use of $options and $email arrays to just $email * * @param int $issue_id * @param string $type type of email * @param string $from * @param string $to * @param string $cc * @param string $subject * @param string $body * @param array $options optional parameters * - (int) parent_sup_id * - (array) iaf_ids attachment file ids * - (bool) add_unknown * - (bool) add_cc_to_ar * - (int) ema_id * @return int 1 if it worked, -1 otherwise */ public static function sendEmail($issue_id, $type, $from, $to, $cc, $subject, $body, $options = array()) { if ($to === null) { // BTW, $to = '' is ok Logger::app()->error('"To:" can not be NULL'); return -1; } $parent_sup_id = isset($options['parent_sup_id']) ? $options['parent_sup_id'] : null; $iaf_ids = isset($options['iaf_ids']) ? (array) $options['iaf_ids'] : null; $add_unknown = isset($options['add_unknown']) ? (bool) $options['add_unknown'] : false; $add_cc_to_ar = isset($options['add_cc_to_ar']) ? (bool) $options['add_cc_to_ar'] : false; $ema_id = isset($options['ema_id']) ? (int) $options['ema_id'] : null; $current_usr_id = Auth::getUserID(); $prj_id = Issue::getProjectID($issue_id); // if we are replying to an existing email, set the In-Reply-To: header accordingly $in_reply_to = $parent_sup_id ? self::getMessageIDByID($parent_sup_id) : false; // get ID of whoever is sending this. $sender_usr_id = User::getUserIDByEmail(Mail_Helper::getEmailAddress($from)) ?: false; // remove extra 'Re: ' from subject $subject = Mail_Helper::removeExcessRe($subject, true); $internal_only = false; $message_id = Mail_Helper::generateMessageID(); // process any files being uploaded // from ajax upload, attachment file ids if ($iaf_ids) { // FIXME: is it correct to use sender from post data? $attach_usr_id = $sender_usr_id ?: $current_usr_id; Attachment::attachFiles($issue_id, $attach_usr_id, $iaf_ids, false, 'Attachment originated from outgoing email'); } // hack needed to get the full headers of this web-based email $full_email = self::buildFullHeaders($issue_id, $message_id, $from, $to, $cc, $subject, $body, $in_reply_to, $iaf_ids); // email blocking should only be done if this is an email about an associated issue if ($issue_id) { $user_info = User::getNameEmail($current_usr_id); // check whether the current user is allowed to send this email to customers or not if (!self::isAllowedToEmail($issue_id, $user_info['usr_email'])) { // add the message body as a note $note = Mail_Helper::getCannedBlockedMsgExplanation() . $body; $note_options = array('full_message' => $full_email, 'is_blocked' => true); Note::insertNote($current_usr_id, $issue_id, $subject, $note, $note_options); $email_details = array('from' => $from, 'to' => $to, 'cc' => $cc, 'subject' => $subject, 'body' => &$body, 'message' => &$body, 'title' => $subject); Workflow::handleBlockedEmail($prj_id, $issue_id, $email_details, 'web'); return 1; } } // only send a direct email if the user doesn't want to add the Cc'ed people to the notification list if (($add_unknown || Workflow::shouldAutoAddToNotificationList($prj_id)) && $issue_id) { // add the recipients to the notification list of the associated issue $recipients = array($to); $recipients = array_merge($recipients, self::getRecipientsCC($cc)); foreach ($recipients as $address) { if ($address && !Notification::isIssueRoutingSender($issue_id, $address)) { $actions = Notification::getDefaultActions($issue_id, $address, 'add_unknown_user'); Notification::subscribeEmail($current_usr_id, $issue_id, Mail_Helper::getEmailAddress($address), $actions); } } } else { // Usually when sending out emails associated to an issue, we would // simply insert the email in the table and call the Notification::notifyNewEmail() method, // but on this case we need to actually send the email to the recipients that are not // already in the notification list for the associated issue, if any. // In the case of replying to an email that is not yet associated with an issue, then // we are always directly sending the email, without using any notification list // functionality. if ($issue_id) { // send direct emails only to the unknown addresses, and leave the rest to be // catched by the notification list $from = Notification::getFixedFromHeader($issue_id, $from, 'issue'); // build the list of unknown recipients if ($to) { $recipients = array($to); $recipients = array_merge($recipients, self::getRecipientsCC($cc)); } else { $recipients = self::getRecipientsCC($cc); } $unknowns = array(); foreach ($recipients as $address) { if (!Notification::isSubscribedToEmails($issue_id, $address)) { $unknowns[] = $address; } } if ($unknowns) { $to2 = array_shift($unknowns); $cc2 = implode('; ', $unknowns); // send direct emails self::sendDirectEmail($issue_id, $from, $to2, $cc2, $subject, $body, $_FILES['attachment'], $message_id, $sender_usr_id); } } else { // send direct emails to all recipients, since we don't have an associated issue $project_info = Project::getOutgoingSenderAddress(Auth::getCurrentProject()); // use the project-related outgoing email address, if there is one if (!empty($project_info['email'])) { $from = Mail_Helper::getFormattedName(User::getFullName($current_usr_id), $project_info['email']); } else { // otherwise, use the real email address for the current user $from = User::getFromHeader($current_usr_id); } // send direct emails self::sendDirectEmail($issue_id, $from, $to, $cc, $subject, $body, $_FILES['attachment'], $message_id); } } if ($add_cc_to_ar) { foreach (self::getRecipientsCC($cc) as $recipient) { Authorized_Replier::manualInsert($issue_id, $recipient); } } $email = array('customer_id' => 'NULL', 'issue_id' => $issue_id, 'ema_id' => $ema_id, 'message_id' => $message_id, 'date' => Date_Helper::getCurrentDateGMT(), 'from' => $from, 'to' => $to, 'cc' => $cc, 'subject' => $subject, 'body' => $body, 'full_email' => $full_email); // associate this new email with a customer, if appropriate if (Auth::getCurrentRole() == User::ROLE_CUSTOMER) { if ($issue_id) { $crm = CRM::getInstance($prj_id); try { $contact = $crm->getContact(User::getCustomerContactID($current_usr_id)); $issue_contract = $crm->getContract(Issue::getContractID($issue_id)); if ($contact->canAccessContract($issue_contract)) { $email['customer_id'] = $issue_contract->getCustomerID(); } } catch (CRMException $e) { } } else { $customer_id = User::getCustomerID($current_usr_id); if ($customer_id && $customer_id != -1) { $email['customer_id'] = $customer_id; } } } $email['has_attachment'] = $iaf_ids ? 1 : 0; $structure = Mime_Helper::decode($full_email, true, false); $email['headers'] = $structure->headers; self::insertEmail($email, $structure, $sup_id); if ($issue_id) { // need to send a notification Notification::notifyNewEmail($current_usr_id, $issue_id, $email, $internal_only, false, $type, $sup_id); // mark this issue as updated $has_customer = $email['customer_id'] && $email['customer_id'] != 'NULL'; if ($has_customer && (!$current_usr_id || User::getRoleByUser($current_usr_id, $prj_id) == User::ROLE_CUSTOMER)) { Issue::markAsUpdated($issue_id, 'customer action'); } else { if ($sender_usr_id && User::getRoleByUser($sender_usr_id, $prj_id) > User::ROLE_CUSTOMER) { Issue::markAsUpdated($issue_id, 'staff response'); } else { Issue::markAsUpdated($issue_id, 'user response'); } } History::add($issue_id, $current_usr_id, 'email_sent', 'Outgoing email sent by {user}', array('user' => User::getFullName($current_usr_id))); } return 1; }