public static function beforeViewDataQuery(&$select, &$filter, &$group, &$order, &$limit, &$options, &$runtime) { // permission $addClause = CCrmDeal::BuildPermSql('crm_product_row_deal_owner'); if ($addClause === false) { // access dinied $filter = array($filter, '=DEAL_OWNER.ID' => '0'); } elseif (!empty($addClause)) { global $DB; // HACK: add escape chars for ORM $addClause = str_replace('crm_product_row_deal_owner.ID', $DB->escL . 'crm_product_row_deal_owner' . $DB->escR . '.ID', $addClause); $filter = array($filter, '=IS_ALLOWED' => '1'); $runtime['IS_ALLOWED'] = array('data_type' => 'integer', 'expression' => array('CASE WHEN ' . $addClause . ' THEN 1 ELSE 0 END')); // Strongly required for permision check. if (!isset($select['CRM_PRODUCT_ROW_DEAL_OWNER_ID'])) { $select['CRM_PRODUCT_ROW_DEAL_OWNER_ID'] = 'DEAL_OWNER.ID'; } } if (!isset($select['CRM_PRODUCT_ROW_IBLOCK_ELEMENT_ID'])) { $select['CRM_PRODUCT_ROW_IBLOCK_ELEMENT_ID'] = 'IBLOCK_ELEMENT.ID'; } if (!isset($select['CRM_PRODUCT_ROW_IBLOCK_ELEMENT_IBLOCK_ID'])) { $select['CRM_PRODUCT_ROW_IBLOCK_ELEMENT_IBLOCK_ID'] = 'IBLOCK_ELEMENT.IBLOCK_ID'; } }
public static function BuildPermSql($aliasPrefix = 'A', $permType = 'READ', $arOptions = array()) { if (!is_array($arOptions)) { $arOptions = array(); } $userPermissions = isset($arOptions['PERMS']) ? $arOptions['PERMS'] : null; $userID = $userPermissions !== null && is_object($userPermissions) ? $userPermissions->GetUserID() : 0; if (CCrmPerms::IsAdmin($userID)) { return ''; } if (!CCrmPerms::IsAccessEnabled($userPermissions)) { // User does not have permissions at all. return false; } $entitiesSql = array(); $permOptions = array_merge(array('IDENTITY_COLUMN' => 'OWNER_ID'), $arOptions); $entitiesSql[strval(CCrmOwnerType::Lead)] = CCrmLead::BuildPermSql($aliasPrefix, $permType, $permOptions); $entitiesSql[strval(CCrmOwnerType::Deal)] = CCrmDeal::BuildPermSql($aliasPrefix, $permType, $permOptions); $entitiesSql[strval(CCrmOwnerType::Contact)] = CCrmContact::BuildPermSql($aliasPrefix, $permType, $permOptions); $entitiesSql[strval(CCrmOwnerType::Company)] = CCrmCompany::BuildPermSql($aliasPrefix, $permType, $permOptions); $entitiesSql[strval(CCrmOwnerType::Invoice)] = CCrmInvoice::BuildPermSql($aliasPrefix, $permType, $permOptions); foreach ($entitiesSql as $entityTypeID => $entitySql) { if (!is_string($entitySql)) { //If $entityPermSql is not string - acces denied. Clear permission SQL and related records will be ignored. unset($entitiesSql[$entityTypeID]); continue; } if ($entitySql !== '') { $entitiesSql[$entityTypeID] = '(' . $aliasPrefix . '.OWNER_TYPE_ID = ' . $entityTypeID . ' AND (' . $entitySql . ') )'; } else { // No permissions check - fetch all related records $entitiesSql[$entityTypeID] = '(' . $aliasPrefix . '.OWNER_TYPE_ID = ' . $entityTypeID . ')'; } } //If $entitiesSql is empty - user does not have permissions at all. if (empty($entitiesSql)) { return false; } $userID = CCrmSecurityHelper::GetCurrentUserID(); if ($userID > 0) { //Allow responsible user to view activity without permissions check. return $aliasPrefix . '.RESPONSIBLE_ID = ' . $userID . ' OR ' . implode(' OR ', $entitiesSql); } else { return implode(' OR ', $entitiesSql); } }
public static function BuildPermSql($aliasPrefix = 'CE', $permType = 'READ') { if (empty($arFilter['ENTITY_TYPE'])) { $arEntity = array(CCrmOwnerType::LeadName, CCrmOwnerType::DealName, CCrmOwnerType::QuoteName, CCrmOwnerType::ContactName, CCrmOwnerType::CompanyName); } elseif (isset($arFilter['ENTITY_TYPE']) && is_array($arFilter['ENTITY_TYPE'])) { $arEntity = $arFilter['ENTITY_TYPE']; } else { $arEntity = array($arFilter['ENTITY_TYPE']); } $entitiesSql = array(); $permOptions = array('IDENTITY_COLUMN' => 'ENTITY_ID'); foreach ($arEntity as $entityType) { if ($entityType === CCrmOwnerType::LeadName) { $entitiesSql[CCrmOwnerType::LeadName] = CCrmLead::BuildPermSql('CER', $permType, $permOptions); } elseif ($entityType === CCrmOwnerType::DealName) { $entitiesSql[CCrmOwnerType::DealName] = CCrmDeal::BuildPermSql('CER', $permType, $permOptions); } elseif ($entityType === CCrmOwnerType::QuoteName) { $entitiesSql[CCrmOwnerType::QuoteName] = CCrmQuote::BuildPermSql('CER', $permType, $permOptions); } elseif ($entityType === CCrmOwnerType::ContactName) { $entitiesSql[CCrmOwnerType::ContactName] = CCrmContact::BuildPermSql('CER', $permType, $permOptions); } elseif ($entityType === CCrmOwnerType::CompanyName) { $entitiesSql[CCrmOwnerType::CompanyName] = CCrmCompany::BuildPermSql('CER', $permType, $permOptions); } } foreach ($entitiesSql as $entityType => $entitySql) { if (!is_string($entitySql)) { //If $entityPermSql is not string - acces denied. Clear permission SQL and related records will be ignored. unset($entitiesSql[$entityType]); continue; } if ($entitySql !== '') { $entitiesSql[$entityType] = "(CER.ENTITY_TYPE = '{$entityType}' AND ({$entitySql}))"; } else { // No permissions check - fetch all related records $entitiesSql[$entityType] = "(CER.ENTITY_TYPE = '{$entityType}')"; } } //If $entitiesSql is empty - user does not have permissions at all. if (empty($entitiesSql)) { return false; } return implode(' OR ', $entitiesSql); }