public static function OnSearchCheckPermissions($FIELD) { global $USER; $res = CAccess::GetUserCodes($USER->GetID(), array("PROVIDER_ID" => "intranet")); $arResult = array(); while ($arr = $res->Fetch()) { $arResult[] = $arr["ACCESS_CODE"]; } return $arResult; }
public static function OnUserLogin($USER_ID) { global $USER; $arGroups = $USER->GetUserGroupArray(); $arCodes = array(); $res = CAccess::GetUserCodes($USER_ID, array("PROVIDER_ID" => self::ID)); while ($arCode = $res->Fetch()) { $arCodes[] = substr($arCode["ACCESS_CODE"], 1); } sort($arCodes); if ($arCodes != $arGroups) { $provider = new CGroupAuthProvider(); $provider->DeleteByUser($USER_ID); } }
function GetSocNetPostPerms($postId = 0, $bNeedFull = false, $userId = false) { if (!$userId) { $userId = IntVal($GLOBALS["USER"]->GetID()); $bByUserId = false; } else { $userId = IntVal($userId); $bByUserId = true; } $postId = IntVal($postId); if ($postId <= 0) { return false; } $perms = BLOG_PERMS_DENY; $arAvailPerms = array_keys($GLOBALS["AR_BLOG_PERMS"]); if (!$bByUserId) { $blogModulePermissions = $GLOBALS["APPLICATION"]->GetGroupRight("blog"); if ($blogModulePermissions >= "W" || CSocNetUser::IsCurrentUserModuleAdmin()) { $perms = $arAvailPerms[count($arAvailPerms) - 1]; } } else { if (CSocNetUser::IsUserModuleAdmin($userId)) { $perms = $arAvailPerms[count($arAvailPerms) - 1]; } } $arPost = CBlogPost::GetByID($postId); if ($arPost["AUTHOR_ID"] == $userId) { $perms = BLOG_PERMS_FULL; } if ($perms <= BLOG_PERMS_DENY) { $arPerms = CBlogPost::GetSocNetPerms($postId); $arEntities = array(); if (isset($GLOBALS["BLOG_POST"]["UAC_CACHE_" . $userId]) && !empty($GLOBALS["BLOG_POST"]["UAC_CACHE_" . $userId])) { $arEntities = $GLOBALS["BLOG_POST"]["UAC_CACHE_" . $userId]; } else { $dbA = CAccess::GetUserCodes($userId); while ($arA = $dbA->Fetch()) { if ($arA["PROVIDER_ID"] == "intranet") { $arEntities["DR"][] = $arA["ACCESS_CODE"]; } elseif ($arA["PROVIDER_ID"] == "socnetgroup") { $g = substr($arA["ACCESS_CODE"], 2); $gId = IntVal($g); $gR = substr($g, strpos($g, "_") + 1); $arEntities["SG"][$gId][] = $gR; } } $GLOBALS["BLOG_POST"]["UAC_CACHE_" . $userId] = $arEntities; } foreach ($arPerms as $t => $val) { foreach ($val as $id => $p) { if ($userId > 0 && $t == "U" && $userId == $id) { $perms = BLOG_PERMS_READ; if (in_array("US" . $userId, $p)) { // if author $perms = BLOG_PERMS_FULL; } break; } if (in_array("G2", $p)) { $perms = BLOG_PERMS_READ; break; } if ($userId > 0 && in_array("AU", $p)) { $perms = BLOG_PERMS_READ; break; } if ($t == "SG") { if (!empty($arEntities["SG"][$id])) { foreach ($arEntities["SG"][$id] as $gr) { if (in_array("SG" . $id . "_" . $gr, $p)) { $perms = BLOG_PERMS_READ; break; } } } } if ($t == "DR") { if (in_array("DR" . $id, $arEntities["DR"])) { $perms = BLOG_PERMS_READ; break; } } } if ($perms > BLOG_PERMS_DENY) { break; } } if ($bNeedFull && $perms <= BLOG_PERMS_FULL) { $arGroupsId = array(); if (!empty($arPerms["SG"])) { foreach ($arPerms["SG"] as $gid => $val) { if (!empty($arEntities["SG"][$gid])) { $arGroupsId[] = $gid; } } } $operation = array("full_post", "moderate_post", "write_post", "premoderate_post"); if (!empty($arGroupsId)) { foreach ($operation as $v) { if ($perms <= BLOG_PERMS_READ) { $f = CSocNetFeaturesPerms::GetOperationPerm(SONET_ENTITY_GROUP, $arGroupsId, "blog", $v); if (!empty($f)) { foreach ($f as $gid => $val) { if (in_array($val, $arEntities["SG"][$gid])) { switch ($v) { case "full_post": $perms = BLOG_PERMS_FULL; break; case "moderate_post": $perms = BLOG_PERMS_MODERATE; break; case "write_post": $perms = BLOG_PERMS_WRITE; break; case "premoderate_post": $perms = BLOG_PERMS_PREMODERATE; break; } } } } } } } } } return $perms; }
public static function GetSocNetUserPerms($postId = 0, $authorId = 0) { global $APPLICATION, $USER, $AR_BLOG_PERMS, $BLOG_POST; $userId = IntVal($USER->GetID()); $postId = IntVal($postId); $authorId = IntVal($authorId); if($postId <= 0) return false; $perms = BLOG_PERMS_DENY; $blogModulePermissions = $APPLICATION->GetGroupRight("blog"); if($authorId > 0 && $userId == $authorId) $perms = BLOG_PERMS_FULL; elseif ($blogModulePermissions >= "W" || CSocNetUser::IsCurrentUserModuleAdmin()) { end($AR_BLOG_PERMS); $perms = key($AR_BLOG_PERMS); reset($AR_BLOG_PERMS); } if($perms <= BLOG_PERMS_DENY) { $arPerms = CBlogPost::GetSocNetPerms($postId); $arEntities = Array(); if (isset($BLOG_POST["UAC_CACHE_".$userId]) && !empty($BLOG_POST["UAC_CACHE_".$userId])) { $arEntities = $BLOG_POST["UAC_CACHE_".$userId]; } else { $dbA = CAccess::GetUserCodes($userId); while($arA = $dbA->Fetch()) { if($arA["PROVIDER_ID"] == "intranet") { $arEntities["DR"][$arA["ACCESS_CODE"]] = $arA["ACCESS_CODE"]; } elseif($arA["PROVIDER_ID"] == "socnetgroup") { $g = substr($arA["ACCESS_CODE"], 2); $gId = IntVal($g); $gR = substr($g, strpos($g, "_")+1); $arEntities["SG"][$gId][$gR] = $gR; } } $BLOG_POST["UAC_CACHE_".$userId] = $arEntities; } if(!empty($arEntities["DR"]) && !empty($arPerms["DR"])) { foreach($arPerms["DR"] as $id => $val) { if(isset($arEntities["DR"]["DR".$id])) { $perms = BLOG_PERMS_READ; break; } } } if((!empty($arPerms["U"][$userId]) && in_array("US".$userId, $arPerms["U"][$userId])) || ($authorId >0 && $userId == $authorId)) // if author $perms = BLOG_PERMS_FULL; else { if($authorId <= 0) { foreach($arPerms["U"] as $id => $p) { if(in_array("US".$id, $p)) { $authorId = $id; break; } } } if(!empty($arPerms["U"][$userId]) || (!empty($arPerms["U"][$authorId]) && in_array("US".$authorId, $arPerms["U"][$authorId])) || $perms == BLOG_PERMS_READ) { if (CSocNetFeaturesPerms::CanPerformOperation($userId, SONET_ENTITY_USER, $authorId, "blog", "write_comment")) $perms = BLOG_PERMS_WRITE; elseif (CSocNetFeaturesPerms::CanPerformOperation($userId, SONET_ENTITY_USER, $authorId, "blog", "premoderate_comment")) $perms = BLOG_PERMS_PREMODERATE; elseif (CSocNetFeaturesPerms::CanPerformOperation($userId, SONET_ENTITY_USER, $authorId, "blog", "view_comment")) $perms = BLOG_PERMS_READ; } } if($perms <= BLOG_PERMS_FULL) { $arGroupsId = Array(); if(!empty($arPerms["SG"])) { foreach($arPerms["SG"] as $gid => $val) { //if(!empty($arEntities["SG"][$gid])) $arGroupsId[] = $gid; } $operation = Array("full_comment", "moderate_comment", "write_comment", "premoderate_comment"); if($perms < BLOG_PERMS_READ) $operation[] = "view_comment"; } if(!empty($arGroupsId)) { foreach($operation as $v) { if($perms <= BLOG_PERMS_READ) { $f = CSocNetFeaturesPerms::GetOperationPerm(SONET_ENTITY_GROUP, $arGroupsId, "blog", $v); if(!empty($f)) { foreach($f as $gid => $val) { if((!empty($arEntities["SG"][$gid]) && in_array($val, $arEntities["SG"][$gid])) || $val == SONET_ROLES_ALL || ($userId > 0 && $val == SONET_ROLES_AUTHORIZED)) { switch($v) { case "full_comment": $perms = BLOG_PERMS_FULL; break; case "moderate_comment": $perms = BLOG_PERMS_MODERATE; break; case "write_comment": $perms = BLOG_PERMS_WRITE; break; case "premoderate_comment": $perms = BLOG_PERMS_PREMODERATE; break; case "view_comment": $perms = BLOG_PERMS_READ; break; } } } } } } } } } return $perms; }
/** * @return array of access codes, includes AU symbol (if user is authorized) */ protected function GetAccessCodes($isUseCache = false) { global $USER; static $cache = array(); $isNeedCAccessUpdate = true; if ($isUseCache) { // Cache hits? if (isset($cache['str' . $this->userId])) { return $cache['str' . $this->userId]; } // Prevent call CAccess->UpdateCodes() multiple times per hit, // except long time period (three seconds) expired. if ($this->CAccessLastUpdated === false || microtime(true) - $this->CAccessLastUpdated > 3) { $isNeedCAccessUpdate = true; } else { $isNeedCAccessUpdate = false; } } else { $isNeedCAccessUpdate = true; } if ($isNeedCAccessUpdate) { $oAcc = new CAccess(); $oAcc->UpdateCodes(); if ($isUseCache) { $this->CAccessLastUpdated = microtime(true); } unset($oAcc); } $rc = CAccess::GetUserCodes($this->userId); if ($rc === false) { throw new LearnException('', LearnException::EXC_ERR_ALL_GIVEUP | LearnException::EXC_ERR_ALL_ACCESS_DENIED); } $arData = array(); while ($arItem = $rc->Fetch()) { if ((int) $arItem['USER_ID'] !== $this->userId) { throw new LearnException('', LearnException::EXC_ERR_ALL_GIVEUP | LearnException::EXC_ERR_ALL_LOGIC | LearnException::EXC_ERR_ALL_ACCESS_DENIED); } $arData[] = $arItem['ACCESS_CODE']; } if (is_object($USER) && $this->userId === (int) $USER->GetID()) { $arData[] = 'AU'; } // Cache in case when $isUseCache === false too. // Because, this will refresh cache, if it exists before. $cache['str' . $this->userId] = $arData; return $arData; }
function GetAccessCodes() { if (!$this->IsAuthorized()) { return array('G2'); } static $arCodes = array(); $USER_ID = intval($this->GetID()); if (!array_key_exists($USER_ID, $arCodes)) { $access = new CAccess(); $access->UpdateCodes(); $arCodes[$USER_ID] = array(); $res = CAccess::GetUserCodes($USER_ID); while ($arRes = $res->Fetch()) { $arCodes[$USER_ID][] = $arRes["ACCESS_CODE"]; } if ($this->IsAuthorized()) { $arCodes[$USER_ID][] = "AU"; } } return $arCodes[$USER_ID]; }
public static function GetPermissions($Params = array()) { global $USER; $type = isset($Params['type']) ? $Params['type'] : self::$type; $ownerId = isset($Params['ownerId']) ? $Params['ownerId'] : self::$ownerId; $userId = isset($Params['userId']) ? $Params['userId'] : self::$userId; $bView = true; $bEdit = true; $bEditSection = true; if ($type == 'user' && $ownerId != $userId) { $bEdit = false; $bEditSection = false; } if ($type == 'group') { if (!$USER->CanDoOperation('edit_php')) { $keyOwner = 'SG' . $ownerId . '_A'; $keyMod = 'SG' . $ownerId . '_E'; $keyMember = 'SG' . $ownerId . '_K'; $arCodes = array(); $rCodes = CAccess::GetUserCodes($userId); while ($code = $rCodes->Fetch()) { $arCodes[] = $code['ACCESS_CODE']; } if (in_array($keyOwner, $arCodes)) { $bEdit = true; $bEditSection = true; } elseif (in_array($keyMod, $arCodes)) { $bEdit = true; $bEditSection = true; } elseif (in_array($keyMember, $arCodes)) { $bEdit = true; $bEditSection = false; } } } if ($Params['setProperties'] !== false) { self::$perm['view'] = $bView; self::$perm['edit'] = $bEdit; self::$perm['section_edit'] = $bEditSection; } return array('view' => $bView, 'edit' => $bEdit, 'section_edit' => $bEditSection); }
public static function GetUserCodesArray($USER_ID, $arFilter = array()) { global $CACHE_MANAGER; $USER_ID = intval($USER_ID); $useCache = empty($arFilter) && CACHED_b_user_access_check !== false; if ($useCache && $CACHE_MANAGER->Read(CACHED_b_user_access_check, "access_codes" . $USER_ID, "access_check")) { return $CACHE_MANAGER->Get("access_codes" . $USER_ID); } else { $arCodes = array(); $res = CAccess::GetUserCodes($USER_ID, $arFilter); while ($arRes = $res->Fetch()) { $arCodes[] = $arRes["ACCESS_CODE"]; } if ($useCache) { $CACHE_MANAGER->Set("access_codes" . $USER_ID, $arCodes); } return $arCodes; } }
public static function ProcessLogEventEditPOST($arPOST, $entityTypeID, $entityID, &$arResult) { $arEntityData = array(); $errors = array(); $enableTitle = isset($arPOST['ENABLE_POST_TITLE']) && strtoupper($arPOST['ENABLE_POST_TITLE']) === 'Y'; $title = $enableTitle && isset($arPOST['POST_TITLE']) ? $arPOST['POST_TITLE'] : ''; $message = isset($arPOST['MESSAGE']) ? htmlspecialcharsback($arPOST['MESSAGE']) : ''; $arResult['EVENT']['MESSAGE'] = $message; $arResult['EVENT']['TITLE'] = $title; $arResult['ENABLE_TITLE'] = $enableTitle; $attachedFiles = array(); $webDavFileFieldName = $arResult['WEB_DAV_FILE_FIELD_NAME']; if ($webDavFileFieldName !== '' && isset($GLOBALS[$webDavFileFieldName]) && is_array($GLOBALS[$webDavFileFieldName])) { foreach ($GLOBALS[$webDavFileFieldName] as $fileID) { if ($fileID === '') { continue; } //fileID: "888|165|16" $attachedFiles[] = $fileID; } if (!empty($attachedFiles) && is_array($arResult['WEB_DAV_FILE_FIELD'])) { $arResult['WEB_DAV_FILE_FIELD']['VALUE'] = $attachedFiles; } } $allowToAll = COption::GetOptionString('socialnetwork', 'allow_livefeed_toall', 'Y') === 'Y'; if ($allowToAll) { $arToAllRights = unserialize(COption::GetOptionString("socialnetwork", "livefeed_toall_rights", 'a:1:{i:0;s:2:"AU";}')); if (!$arToAllRights) { $arToAllRights = array('AU'); } $arUserGroupCode = array_merge(array('AU'), CAccess::GetUserCodesArray($arResult['USER_ID'])); if (count(array_intersect($arToAllRights, $arUserGroupCode)) <= 0) { $allowToAll = false; } } $arSocnetRights = array(); if (!empty($arPOST['SPERM'])) { foreach ($arPOST['SPERM'] as $v => $k) { if (strlen($v) > 0 && is_array($k) && !empty($k)) { foreach ($k as $vv) { if (strlen($vv) > 0) { $arSocnetRights[] = $vv; } } } } } if (in_array('UA', $arSocnetRights) && !$allowToAll) { foreach ($arSocnetRights as $key => $value) { if ($value == 'UA') { unset($arSocnetRights[$key]); break; } } } foreach ($arSocnetRights as $key => $value) { if ($value == 'UA') { $arSocnetRights[] = 'AU'; unset($arSocnetRights[$key]); break; } } $arSocnetRights = array_unique($arSocnetRights); $allFeedEtityTypes = CCrmLiveFeedEntity::GetAll(); $userPerms = CCrmPerms::GetCurrentUserPermissions(); foreach ($arSocnetRights as $key => $value) { $groupCodeData = array(); if (CCrmLiveFeed::TryParseGroupCode($value, $groupCodeData) && in_array($groupCodeData['ENTITY_TYPE'], $allFeedEtityTypes, true)) { $groupCodeEntityType = $groupCodeData['ENTITY_TYPE']; $groupCodeEntityID = $groupCodeData['ENTITY_ID']; if (!CCrmLiveFeed::CheckCreatePermission($groupCodeEntityType, $groupCodeEntityID, $userPerms)) { $canonicalEntityTypeID = CCrmLiveFeedEntity::ResolveEntityTypeID($groupCodeEntityType); $errors[] = GetMessage('CRM_SL_EVENT_EDIT_PERMISSION_DENIED', array('#TITLE#' => CCrmOwnerType::GetCaption($canonicalEntityTypeID, $groupCodeEntityID, false))); } else { $arEntityData[] = array('ENTITY_TYPE' => $groupCodeEntityType, 'ENTITY_ID' => $groupCodeEntityID); } } } if (!(CCrmOwnerType::IsDefined($entityTypeID) && $entityID > 0) && !empty($arEntityData)) { $entityData = $arEntityData[0]; $entityTypeID = CCrmLiveFeedEntity::ResolveEntityTypeID($entityData['ENTITY_TYPE']); $entityID = $entityData['ENTITY_ID']; } if (!empty($arEntityData)) { $arResult['ENTITY_DATA'] = $arEntityData; } if (!(CCrmOwnerType::IsDefined($entityTypeID) && $entityID > 0)) { $errors[] = GetMessage('CRM_SL_EVENT_EDIT_ENTITY_NOT_DEFINED'); } if ($message === '') { $errors[] = GetMessage('CRM_SL_EVENT_EDIT_EMPTY_MESSAGE'); } if (empty($errors)) { $fields = array('ENTITY_TYPE_ID' => $entityTypeID, 'ENTITY_ID' => $entityID, 'USER_ID' => $arResult['USER_ID'], 'TITLE' => $title, 'MESSAGE' => $message, 'RIGHTS' => $arSocnetRights); $parents = array(); CCrmOwnerType::TryGetOwnerInfos($entityTypeID, $entityID, $parents, array('ENABLE_MAPPING' => true)); foreach ($arEntityData as $entityData) { $curEntityTypeID = CCrmLiveFeedEntity::ResolveEntityTypeID($entityData['ENTITY_TYPE']); $curEntityID = $entityData['ENTITY_ID']; $entityKey = "{$curEntityTypeID}_{$curEntityID}"; if (!isset($parents[$entityKey]) && !($curEntityTypeID === $entityTypeID && $curEntityID === $entityID)) { $parents[$entityKey] = array('ENTITY_TYPE_ID' => $curEntityTypeID, 'ENTITY_ID' => $curEntityID); } } if (!empty($parents)) { $fields['PARENTS'] = array_values($parents); } if (!empty($attachedFiles)) { $fields['WEB_DAV_FILES'] = array($webDavFileFieldName => $attachedFiles); } $messageID = CCrmLiveFeed::CreateLogMessage($fields); if (!(is_int($messageID) && $messageID > 0)) { $errors[] = isset($fields['ERROR']) ? $fields['ERROR'] : 'UNKNOWN ERROR'; } else { preg_match_all("/\\[user\\s*=\\s*([^\\]]*)\\](.+?)\\[\\/user\\]/is" . BX_UTF_PCRE_MODIFIER, $message, $arMention); if (!empty($arMention) && !empty($arMention[1]) && CModule::IncludeModule("im")) { $arMention = $arMention[1]; $arMention = array_unique($arMention); $arMessageFields = array("MESSAGE_TYPE" => IM_MESSAGE_SYSTEM, "TO_USER_ID" => "", "FROM_USER_ID" => $arResult['USER_ID'], "NOTIFY_TYPE" => IM_NOTIFY_FROM, "NOTIFY_MODULE" => "crm", "NOTIFY_EVENT" => "mention"); $genderSuffix = ""; $dbUser = CUser::GetByID($arResult['USER_ID']); if ($arUser = $dbUser->Fetch()) { switch ($arUser["PERSONAL_GENDER"]) { case "M": $genderSuffix = "_M"; break; case "F": $genderSuffix = "_F"; break; default: $genderSuffix = ""; } } $strIMMessageTitle = str_replace(array("\r\n", "\n"), " ", strlen($title) > 0 ? $title : $message); if (CModule::IncludeModule("blog")) { $strIMMessageTitle = trim(blogTextParser::killAllTags($strIMMessageTitle)); } $strIMMessageTitle = TruncateText($strIMMessageTitle, 100); $strIMMessageTitleOut = TruncateText($strIMMessageTitle, 255); $strLogEntryURL = COption::GetOptionString("socialnetwork", "log_entry_page", SITE_DIR . "company/personal/log/#log_id#/", SITE_ID); $strLogEntryURL = CComponentEngine::MakePathFromTemplate($strLogEntryURL, array("log_id" => $messageID)); $strLogEntryCrmURL = CComponentEngine::MakePathFromTemplate(SITE_DIR . "crm/stream/?log_id=#log_id#", array("log_id" => $messageID)); $serverName = (CMain::IsHTTPS() ? "https" : "http") . "://" . (defined("SITE_SERVER_NAME") && strlen(SITE_SERVER_NAME) > 0 ? SITE_SERVER_NAME : COption::GetOptionString("main", "server_name", "")); foreach ($arMention as $val) { $val = IntVal($val); if ($val > 0 && $val != $arResult['USER_ID']) { $bHasAccess = false; if (in_array('U' . $val, $arSocnetRights)) { $url = $strLogEntryURL; $bHasAccess = true; } if (!$bHasAccess) { $arAccessCodes = array(); $dbAccess = CAccess::GetUserCodes($val); while ($arAccess = $dbAccess->Fetch()) { $arAccessCodes[] = $arAccess["ACCESS_CODE"]; } $arTmp = array_intersect($arAccess, $arSocnetRights); if (!empty($arTmp)) { $url = $strLogEntryURL; $bHasAccess = true; } } if (!$bHasAccess) { $userPermissions = CCrmPerms::GetUserPermissions($val); foreach ($arEntityData as $arEntity) { if (CCrmAuthorizationHelper::CheckReadPermission(CCrmOwnerType::ResolveName(CCrmLiveFeedEntity::ResolveEntityTypeID($arEntity['ENTITY_TYPE'])), $arEntity['ENTITY_ID'], $userPermissions)) { $url = $strLogEntryCrmURL; $bHasAccess = true; break; } } } if ($bHasAccess) { $arMessageFields["TO_USER_ID"] = $val; $arMessageFields["NOTIFY_TAG"] = "CRM|MESSAGE_MENTION|" . $messageID; $arMessageFields["NOTIFY_MESSAGE"] = GetMessage("CRM_SL_EVENT_IM_MENTION_POST" . $genderSuffix, array("#title#" => "<a href=\"" . $url . "\" class=\"bx-notifier-item-action\">" . htmlspecialcharsbx($strIMMessageTitle) . "</a>")); $arMessageFields["NOTIFY_MESSAGE_OUT"] = GetMessage("CRM_SL_EVENT_IM_MENTION_POST" . $genderSuffix, array("#title#" => htmlspecialcharsbx($strIMMessageTitleOut))) . " (" . $serverName . $url . ")"; CIMNotify::Add($arMessageFields); } } } } return $messageID; } } return $errors; }
function CanAccess($arCodes) { if (!is_array($arCodes) || empty($arCodes)) { return false; } if (!$this->IsAuthorized() && in_array('G2', $arCodes)) { return true; } if ($this->IsAuthorized() && in_array('AU', $arCodes)) { return true; } $bEmpty = true; foreach ($arCodes as $code) { if (trim($code) != '') { $bEmpty = false; break; } } if ($bEmpty) { return false; } $access = new CAccess(); $access->UpdateCodes(); $res = CAccess::GetUserCodes($this->GetID(), array("ACCESS_CODE" => $arCodes)); if ($res->Fetch()) { return true; } return false; }
public static function GetOperations($sectId, $userId = false) { global $USER; if (!$userId) { $userId = intVal($USER->GetId()); } $arCodes = array(); $rCodes = CAccess::GetUserCodes($userId); while ($code = $rCodes->Fetch()) { $arCodes[] = $code['ACCESS_CODE']; } if (!in_array('G2', $arCodes)) { $arCodes[] = 'G2'; } $key = $sectId . '|' . implode(',', $arCodes); if (self::$bClearOperationCache || !is_array(self::$arOp[$key])) { if (!isset(self::$Permissions[$sectId])) { self::GetArrayPermissions(array($sectId)); } $perms = self::$Permissions[$sectId]; self::$arOp[$key] = array(); if (is_array($perms)) { foreach ($perms as $code => $taskId) { if (in_array($code, $arCodes)) { self::$arOp[$key] = array_merge(self::$arOp[$key], CTask::GetOperations($taskId, true)); } } } } return self::$arOp[$key]; }
public static function GetUserAttr($iUserID) { static $arResult = array(); if (!empty($arResult[$iUserID])) { return $arResult[$iUserID]; } $iUserID = (int) $iUserID; $arResult[$iUserID] = array(); $obRes = CAccess::GetUserCodes($iUserID); while ($arCode = $obRes->Fetch()) { if (strpos($arCode['ACCESS_CODE'], 'DR') !== 0) { $arResult[$iUserID][strtoupper($arCode['PROVIDER_ID'])][] = $arCode['ACCESS_CODE']; } } if (!empty($arResult[$iUserID]['INTRANET']) && IsModuleInstalled('intranet')) { foreach ($arResult[$iUserID]['INTRANET'] as $iDepartment) { if (substr($iDepartment, 0, 1) === 'D') { $arTree = CIntranetUtils::GetDeparmentsTree(substr($iDepartment, 1), true); foreach ($arTree as $iSubDepartment) { $arResult[$iUserID]['SUBINTRANET'][] = 'D' . $iSubDepartment; } } } } return $arResult[$iUserID]; }
public static function GetOperations($xmlId, $userId = false) { if ($userId === false) { $userId = CCalendar::GetCurUserId(); } $arCodes = array(); $rCodes = CAccess::GetUserCodes($userId); while ($code = $rCodes->Fetch()) { $arCodes[] = $code['ACCESS_CODE']; } if (!in_array('G2', $arCodes)) { $arCodes[] = 'G2'; } $key = $xmlId . '|' . implode(',', $arCodes); if (!is_array(self::$arOp[$key])) { if (!isset(self::$Permissions[$xmlId])) { self::GetArrayPermissions(array($xmlId)); } $perms = self::$Permissions[$xmlId]; self::$arOp[$key] = array(); if (is_array($perms)) { foreach ($perms as $code => $taskId) { if (in_array($code, $arCodes)) { self::$arOp[$key] = array_merge(self::$arOp[$key], CTask::GetOperations($taskId, true)); } } } } return self::$arOp[$key]; }
public static function GetUserCodesArray($USER_ID, $arFilter = array()) { $USER_ID = intval($USER_ID); $arCodes = array(); $res = CAccess::GetUserCodes($USER_ID, $arFilter); while ($arRes = $res->Fetch()) { $arCodes[] = $arRes["ACCESS_CODE"]; } return $arCodes; }
public static function GetPermissions($Params = array()) { global $USER; $type = isset($Params['type']) ? $Params['type'] : self::$type; $ownerId = isset($Params['ownerId']) ? $Params['ownerId'] : self::$ownerId; $userId = isset($Params['userId']) ? $Params['userId'] : self::$userId; $bView = true; $bEdit = true; $bEditSection = true; if ($type == 'user' && $ownerId != $userId) { $bEdit = false; $bEditSection = false; } if ($type == 'group') { if (!$USER->CanDoOperation('edit_php')) { $keyOwner = 'SG' . $ownerId . '_A'; $keyMod = 'SG' . $ownerId . '_E'; $keyMember = 'SG' . $ownerId . '_K'; $arCodes = array(); $rCodes = CAccess::GetUserCodes($userId); while ($code = $rCodes->Fetch()) { $arCodes[] = $code['ACCESS_CODE']; } if (CModule::IncludeModule("socialnetwork")) { $group = CSocNetGroup::getByID($ownerId); if (!empty($group['CLOSED']) && $group['CLOSED'] === 'Y' && \Bitrix\Main\Config\Option::get('socialnetwork', 'work_with_closed_groups', 'N') === 'N') { self::$isArchivedGroup = true; } } if (in_array($keyOwner, $arCodes)) { $bEdit = true; $bEditSection = true; } elseif (in_array($keyMod, $arCodes) && !self::$isArchivedGroup) { $bEdit = true; $bEditSection = true; } elseif (in_array($keyMember, $arCodes) && !self::$isArchivedGroup) { $bEdit = true; $bEditSection = false; } else { $bEdit = false; $bEditSection = false; } } } if ($type != 'user' && $type != 'group') { $bView = CCalendarType::CanDo('calendar_type_view', $type); $bEdit = CCalendarType::CanDo('calendar_type_edit', $type); $bEditSection = CCalendarType::CanDo('calendar_type_edit_section', $type); } if ($Params['setProperties'] !== false) { self::$perm['view'] = $bView; self::$perm['edit'] = $bEdit; self::$perm['section_edit'] = $bEditSection; } return array('view' => $bView, 'edit' => $bEdit, 'section_edit' => $bEditSection); }