/** * Function to check dashlet permission for current user * * @param string permission string * * @return boolean true if use has permission else false */ static function checkPermission($permission, $operator) { if ($permission) { $permissions = explode(',', $permission); $config = CRM_Core_Config::singleton(); static $allComponents; if (!$allComponents) { $allComponents = CRM_Core_Component::getNames(); } $hasPermission = false; foreach ($permissions as $key) { $showDashlet = true; $componentName = null; if (strpos($key, 'access') === 0) { $componentName = trim(substr($key, 6)); if (!in_array($componentName, $allComponents)) { $componentName = null; } } // hack to handle case permissions if (!$componentName && in_array($key, array('access my cases and activities', 'access all cases and activities'))) { $componentName = 'CiviCase'; } //hack to determine if it's a component related permission if ($componentName) { if (!in_array($componentName, $config->enableComponents) || !CRM_Core_Permission::check($key)) { $showDashlet = false; if ($operator == 'AND') { return $showDashlet; } } else { $hasPermission = true; } } else { if (!CRM_Core_Permission::check($key)) { $showDashlet = false; if ($operator == 'AND') { return $showDashlet; } } else { $hasPermission = true; } } } if (!$showDashlet && !$hasPermission) { return false; } else { return true; } } else { // if permission is not set consider everyone has permission to access it. return true; } }
/** * Class constructor. * * @param array $queryParams * Array of parameters for query. * @param \const|int $action - action of search basic or advanced. * @param string $activityClause * If the caller wants to further restrict the search (used in activities). * @param bool $single * Are we dealing only with one contact?. * @param int $limit * How many activities do we want returned. * * @param string $context * @param null $compContext * * @return \CRM_Activity_Selector_Search */ public function __construct(&$queryParams, $action = CRM_Core_Action::NONE, $activityClause = NULL, $single = FALSE, $limit = NULL, $context = 'search', $compContext = NULL) { // submitted form values $this->_queryParams =& $queryParams; $this->_single = $single; $this->_limit = $limit; $this->_context = $context; $this->_compContext = $compContext; $this->_activityClause = $activityClause; // CRM-12675 $components = CRM_Core_Component::getNames(); $componentClause = array(); foreach ($components as $componentID => $componentName) { if (!CRM_Core_Permission::check("access {$componentName}")) { $componentClause[] = " (activity_type.component_id IS NULL OR activity_type.component_id <> {$componentID}) "; } } if (!empty($componentClause)) { $componentRestriction = implode(' AND ', $componentClause); if (empty($this->_activityClause)) { $this->_activityClause = $componentRestriction; } else { $this->_activityClause .= ' AND ' . $componentRestriction; } } // type of selector $this->_action = $action; $this->_query = new CRM_Contact_BAO_Query($this->_queryParams, CRM_Activity_BAO_Query::defaultReturnProperties(CRM_Contact_BAO_Query::MODE_ACTIVITY, FALSE), NULL, FALSE, FALSE, CRM_Contact_BAO_Query::MODE_ACTIVITY); $this->_query->_distinctComponentClause = '( civicrm_activity.id )'; $this->_query->_groupByComponentClause = " GROUP BY civicrm_activity.id "; }
/** * Return option-values of a particular group * * @param array $groupParams * Array containing group fields whose option-values is to retrieved. * @param array $links * Has links like edit, delete, disable ..etc. * @param string $orderBy * For orderBy clause. * * @return array * Array of option-values * */ public static function getRows($groupParams, $links, $orderBy = 'weight') { $optionValue = array(); $optionGroupID = NULL; if (!isset($groupParams['id']) || !$groupParams['id']) { if ($groupParams['name']) { $config = CRM_Core_Config::singleton(); $optionGroup = CRM_Core_BAO_OptionGroup::retrieve($groupParams, $dnc); $optionGroupID = $optionGroup->id; } } else { $optionGroupID = $groupParams['id']; } $groupName = CRM_Utils_Array::value('name', $groupParams); if (!$groupName && $optionGroupID) { $groupName = CRM_Core_DAO::getFieldValue('CRM_Core_DAO_OptionGroup', $optionGroupID, 'name', 'id'); } $dao = new CRM_Core_DAO_OptionValue(); if ($optionGroupID) { $dao->option_group_id = $optionGroupID; if (in_array($groupName, CRM_Core_OptionGroup::$_domainIDGroups)) { $dao->domain_id = CRM_Core_Config::domainID(); } $dao->orderBy($orderBy); $dao->find(); } if ($groupName == 'case_type') { $caseTypeIds = CRM_Case_BAO_Case::getUsedCaseType(); } elseif ($groupName == 'case_status') { $caseStatusIds = CRM_Case_BAO_Case::getUsedCaseStatuses(); } $componentNames = CRM_Core_Component::getNames(); $visibilityLabels = CRM_Core_PseudoConstant::visibility(); while ($dao->fetch()) { $optionValue[$dao->id] = array(); CRM_Core_DAO::storeValues($dao, $optionValue[$dao->id]); // form all action links $action = array_sum(array_keys($links)); // update enable/disable links depending on if it is is_reserved or is_active if ($dao->is_reserved) { $action = CRM_Core_Action::UPDATE; } else { if ($dao->is_active) { $action -= CRM_Core_Action::ENABLE; } else { $action -= CRM_Core_Action::DISABLE; } if ($groupName == 'case_type' && in_array($dao->value, $caseTypeIds) || $groupName == 'case_status' && in_array($dao->value, $caseStatusIds)) { $action -= CRM_Core_Action::DELETE; } } $optionValue[$dao->id]['label'] = htmlspecialchars($optionValue[$dao->id]['label']); $optionValue[$dao->id]['order'] = $optionValue[$dao->id]['weight']; $optionValue[$dao->id]['action'] = CRM_Core_Action::formLink($links, $action, array('id' => $dao->id, 'gid' => $optionGroupID, 'value' => $dao->value), ts('more'), FALSE, 'optionValue.row.actions', 'optionValue', $dao->id); if (!empty($optionValue[$dao->id]['component_id'])) { $optionValue[$dao->id]['component_name'] = $componentNames[$optionValue[$dao->id]['component_id']]; } else { $optionValue[$dao->id]['component_name'] = 'Contact'; } if (!empty($optionValue[$dao->id]['visibility_id'])) { $optionValue[$dao->id]['visibility_label'] = $visibilityLabels[$optionValue[$dao->id]['visibility_id']]; } } return $optionValue; }
/** * Common pre-process function. * * @param CRM_Core_Form $form * @param bool $useTable */ public static function preProcessCommon(&$form, $useTable = FALSE) { $form->_activityHolderIds = array(); $values = $form->controller->exportValues($form->get('searchFormName')); $form->_task = $values['task']; $activityTasks = CRM_Activity_Task::tasks(); $form->assign('taskName', $activityTasks[$form->_task]); $ids = array(); if ($values['radio_ts'] == 'ts_sel') { foreach ($values as $name => $value) { if (substr($name, 0, CRM_Core_Form::CB_PREFIX_LEN) == CRM_Core_Form::CB_PREFIX) { $ids[] = substr($name, CRM_Core_Form::CB_PREFIX_LEN); } } } else { $queryParams = $form->get('queryParams'); $query = new CRM_Contact_BAO_Query($queryParams, NULL, NULL, FALSE, FALSE, CRM_Contact_BAO_Query::MODE_ACTIVITY); $query->_distinctComponentClause = '( civicrm_activity.id )'; $query->_groupByComponentClause = " GROUP BY civicrm_activity.id "; // CRM-12675 $activityClause = NULL; $components = CRM_Core_Component::getNames(); $componentClause = array(); foreach ($components as $componentID => $componentName) { if (!CRM_Core_Permission::check("access {$componentName}")) { $componentClause[] = " (activity_type.component_id IS NULL OR activity_type.component_id <> {$componentID}) "; } } if (!empty($componentClause)) { $activityClause = implode(' AND ', $componentClause); } $result = $query->searchQuery(0, 0, NULL, FALSE, FALSE, FALSE, FALSE, FALSE, $activityClause); while ($result->fetch()) { if (!empty($result->activity_id)) { $ids[] = $result->activity_id; } } } if (!empty($ids)) { $form->_componentClause = ' civicrm_activity.id IN ( ' . implode(',', $ids) . ' ) '; $form->assign('totalSelectedActivities', count($ids)); } $form->_activityHolderIds = $form->_componentIds = $ids; // Set the context for redirection for any task actions. $qfKey = CRM_Utils_Request::retrieve('qfKey', 'String', $form); $urlParams = 'force=1'; if (CRM_Utils_Rule::qfKey($qfKey)) { $urlParams .= "&qfKey={$qfKey}"; } $session = CRM_Core_Session::singleton(); $searchFormName = strtolower($form->get('searchFormName')); if ($searchFormName == 'search') { $session->replaceUserContext(CRM_Utils_System::url('civicrm/activity/search', $urlParams)); } else { $session->replaceUserContext(CRM_Utils_System::url("civicrm/contact/search/{$searchFormName}", $urlParams)); } }
/** * Class constructor. * * @param array $queryParams * Array of parameters for query. * @param \const|int $action - action of search basic or advanced. * @param string $activityClause * If the caller wants to further restrict the search (used in activities). * @param bool $single * Are we dealing only with one contact?. * @param int $limit * How many activities do we want returned. * * @param string $context * @param null $compContext * * @return \CRM_Activity_Selector_Search */ public function __construct(&$queryParams, $action = CRM_Core_Action::NONE, $activityClause = NULL, $single = FALSE, $limit = NULL, $context = 'search', $compContext = NULL) { // submitted form values $this->_queryParams =& $queryParams; $this->_single = $single; $this->_limit = $limit; $this->_context = $context; $this->_compContext = $compContext; $this->_activityClause = $activityClause; // CRM-12675 $components = CRM_Core_Component::getNames(); $componentClause = array(); foreach ($components as $componentID => $componentName) { // CRM-19201: Add support for searching CiviCampaign and CiviCase // activities. For CiviCase, "access all cases and activities" is // required here rather than "access my cases and activities" to // prevent those with only the later permission from seeing a list // of all cases which might present a privacy issue. if (!CRM_Core_Permission::access($componentName, TRUE, TRUE)) { $componentClause[] = " (activity_type.component_id IS NULL OR activity_type.component_id <> {$componentID}) "; } } if (!empty($componentClause)) { $componentRestriction = implode(' AND ', $componentClause); if (empty($this->_activityClause)) { $this->_activityClause = $componentRestriction; } else { $this->_activityClause .= ' AND ' . $componentRestriction; } } // type of selector $this->_action = $action; $this->_query = new CRM_Contact_BAO_Query($this->_queryParams, CRM_Activity_BAO_Query::defaultReturnProperties(CRM_Contact_BAO_Query::MODE_ACTIVITY, FALSE), NULL, FALSE, FALSE, CRM_Contact_BAO_Query::MODE_ACTIVITY); $this->_query->_distinctComponentClause = '( civicrm_activity.id )'; $this->_query->_groupByComponentClause = " GROUP BY civicrm_activity.id "; }
/** * Get Menu name * * @param $value * @param $skipMenuItems * @return bool|string */ static function getMenuName(&$value, &$skipMenuItems) { // we need to localise the menu labels (CRM-5456) and don’t // want to use ts() as it would throw the ts-extractor off $i18n = CRM_Core_I18n::singleton(); $name = $i18n->crm_translate($value['attributes']['label'], array('context' => 'menu')); $url = $value['attributes']['url']; $permission = $value['attributes']['permission']; $operator = $value['attributes']['operator']; $parentID = $value['attributes']['parentID']; $navID = $value['attributes']['navID']; $active = $value['attributes']['active']; $menuName = $value['attributes']['name']; $target = CRM_Utils_Array::value('target', $value['attributes']); if (in_array($parentID, $skipMenuItems) || !$active) { $skipMenuItems[] = $navID; return FALSE; } //we need to check core view/edit or supported acls. if (in_array($menuName, array('Search...', 'Contacts'))) { if (!CRM_Core_Permission::giveMeAllACLs()) { $skipMenuItems[] = $navID; return FALSE; } } $config = CRM_Core_Config::singleton(); $makeLink = FALSE; if (isset($url) && $url) { if (substr($url, 0, 4) === 'http') { $url = $url; } else { //CRM-7656 --make sure to separate out url path from url params, //as we'r going to validate url path across cross-site scripting. $urlParam = CRM_Utils_System::explode('&', str_replace('?', '&', $url), 2); $url = CRM_Utils_System::url($urlParam[0], $urlParam[1], FALSE, NULL, TRUE); } $makeLink = TRUE; } static $allComponents; if (!$allComponents) { $allComponents = CRM_Core_Component::getNames(); } if (isset($permission) && $permission) { $permissions = explode(',', $permission); $hasPermission = FALSE; foreach ($permissions as $key) { $key = trim($key); $showItem = TRUE; //get the component name from permission. $componentName = CRM_Core_Permission::getComponentName($key); if ($componentName) { if (!in_array($componentName, $config->enableComponents) || !CRM_Core_Permission::check($key)) { $showItem = FALSE; if ($operator == 'AND') { $skipMenuItems[] = $navID; return $showItem; } } else { $hasPermission = TRUE; } } elseif (!CRM_Core_Permission::check($key)) { $showItem = FALSE; if ($operator == 'AND') { $skipMenuItems[] = $navID; return $showItem; } } else { $hasPermission = TRUE; } } if (!$showItem && !$hasPermission) { $skipMenuItems[] = $navID; return FALSE; } } if ($makeLink) { if ($target) { $name = "<a href=\"{$url}\" target=\"{$target}\">{$name}</a>"; } else { $name = "<a href=\"{$url}\">{$name}</a>"; } } return $name; }
/** * Build where clause. * * @param string $recordType */ public function where($recordType = NULL) { $this->_where = " WHERE {$this->_aliases['civicrm_activity']}.is_test = 0 AND\n {$this->_aliases['civicrm_activity']}.is_deleted = 0 AND\n {$this->_aliases['civicrm_activity']}.is_current_revision = 1"; $clauses = array(); foreach ($this->_columns as $tableName => $table) { if (array_key_exists('filters', $table)) { foreach ($table['filters'] as $fieldName => $field) { $clause = NULL; if ($fieldName != 'contact_' . $recordType && (strstr($fieldName, '_target') || strstr($fieldName, '_assignee') || strstr($fieldName, '_source'))) { continue; } if (CRM_Utils_Array::value('type', $field) & CRM_Utils_Type::T_DATE) { $relative = CRM_Utils_Array::value("{$fieldName}_relative", $this->_params); $from = CRM_Utils_Array::value("{$fieldName}_from", $this->_params); $to = CRM_Utils_Array::value("{$fieldName}_to", $this->_params); $clause = $this->dateClause($field['name'], $relative, $from, $to, $field['type']); } else { $op = CRM_Utils_Array::value("{$fieldName}_op", $this->_params); if ($op && ($op != 'nnll' || $op != 'nll')) { $clause = $this->whereClause($field, $op, CRM_Utils_Array::value("{$fieldName}_value", $this->_params), CRM_Utils_Array::value("{$fieldName}_min", $this->_params), CRM_Utils_Array::value("{$fieldName}_max", $this->_params)); if ($fieldName == 'activity_type_id' && empty($this->_params['activity_type_id_value'])) { $actTypes = array_flip(CRM_Core_PseudoConstant::activityType(TRUE, FALSE, FALSE, 'label', TRUE)); $clause = "( {$this->_aliases['civicrm_activity']}.activity_type_id IN (" . implode(',', $actTypes) . ") )"; } } } if ($field['name'] == 'current_user') { if (CRM_Utils_Array::value("{$fieldName}_value", $this->_params) == 1) { // get current user $session = CRM_Core_Session::singleton(); if ($contactID = $session->get('userID')) { $clause = "{$this->_aliases['civicrm_activity_contact']}.activity_id IN\n (SELECT activity_id FROM civicrm_activity_contact WHERE contact_id = {$contactID})"; } else { $clause = NULL; } } else { $clause = NULL; } } if (!empty($clause)) { $clauses[] = $clause; } } } } // CRM-12675 $components = CRM_Core_Component::getNames(); foreach ($components as $componentID => $componentName) { if (!CRM_Core_Permission::check("access {$componentName}")) { $clauses[] = " ({$this->_aliases['civicrm_option_value']}.component_id IS NULL OR {$this->_aliases['civicrm_option_value']}.component_id <> {$componentID}) "; } } if (empty($clauses)) { $this->_where .= " "; } else { $this->_where .= " AND " . implode(' AND ', $clauses); } if ($this->_aclWhere) { $this->_where .= " AND {$this->_aclWhere} "; } }
/** * Function to return option-values of a particular group * * @param array $groupParams Array containing group fields whose option-values is to retrieved. * @param string $orderBy for orderBy clause * @param array $links has links like edit, delete, disable ..etc * * @return array of option-values * * @access public * @static */ static function getRows($groupParams, $links, $orderBy = 'weight') { $optionValue = array(); if (!isset($groupParams['id']) || !$groupParams['id']) { if ($groupParams['name']) { $config =& CRM_Core_Config::singleton(); $optionGroup = CRM_Core_BAO_OptionGroup::retrieve($groupParams, $dnc); $optionGroupID = $optionGroup->id; } } else { $optionGroupID = $groupParams['id']; } $dao =& new CRM_Core_DAO_OptionValue(); if ($optionGroupID) { $dao->option_group_id = $optionGroupID; $dao->orderBy($orderBy); $dao->find(); } require_once 'CRM/Core/Component.php'; $componentNames = CRM_Core_Component::getNames(); $visibilityLabels = CRM_Core_PseudoConstant::visibility(); while ($dao->fetch()) { $optionValue[$dao->id] = array(); CRM_Core_DAO::storeValues($dao, $optionValue[$dao->id]); // form all action links $action = array_sum(array_keys($links)); // update enable/disable links depending on if it is is_reserved or is_active if ($dao->is_reserved) { $action = CRM_Core_Action::UPDATE; } else { if ($dao->is_active) { $action -= CRM_Core_Action::ENABLE; } else { $action -= CRM_Core_Action::DISABLE; } } $optionValue[$dao->id]['label'] = htmlspecialchars($optionValue[$dao->id]['label']); $optionValue[$dao->id]['order'] = $optionValue[$dao->id]['weight']; $optionValue[$dao->id]['action'] = CRM_Core_Action::formLink($links, $action, array('id' => $dao->id, 'gid' => $optionGroupID, 'value' => $dao->value)); if (CRM_Utils_Array::value('component_id', $optionValue[$dao->id])) { $optionValue[$dao->id]['component_name'] = $componentNames[$optionValue[$dao->id]['component_id']]; } else { $optionValue[$dao->id]['component_name'] = 'Contact'; } if (CRM_Utils_Array::value('visibility_id', $optionValue[$dao->id])) { $optionValue[$dao->id]['visibility_label'] = $visibilityLabels[$optionValue[$dao->id]['visibility_id']]; } } return $optionValue; }
/** * Get Menu name */ function getMenuName(&$value, &$skipMenuItems) { // we need to localise the menu labels (CRM-5456) and don’t // want to use ts() as it would throw the ts-extractor off $i18n =& CRM_Core_I18n::singleton(); $name = $i18n->crm_translate($value['attributes']['label'], array('context' => 'menu')); $url = str_replace('&', '&', $value['attributes']['url']); $permission = $value['attributes']['permission']; $operator = $value['attributes']['operator']; $parentID = $value['attributes']['parentID']; $navID = $value['attributes']['navID']; $active = $value['attributes']['active']; $menuName = $value['attributes']['name']; if (in_array($parentID, $skipMenuItems) || !$active) { $skipMenuItems[] = $navID; return false; } //we need to check core view/edit or supported acls. require_once 'CRM/Core/Permission.php'; if (in_array($menuName, array('Search...', 'Contacts'))) { if (!CRM_Core_Permission::giveMeAllACLs()) { $skipMenuItems[] = $navID; return false; } } $config = CRM_Core_Config::singleton(); $makeLink = false; if (isset($url) && $url) { if (substr($url, 0, 4) === 'http') { $url = $url; } else { $url = CRM_Utils_System::url($url); } $makeLink = true; } static $allComponents; if (!$allComponents) { $allComponents = CRM_Core_Component::getNames(); } if (isset($permission) && $permission) { $permissions = explode(',', $permission); $hasPermission = false; foreach ($permissions as $key) { $key = trim($key); $showItem = true; //get the component name from permission. $componentName = CRM_Core_Permission::getComponentName($key); if ($componentName) { if (!in_array($componentName, $config->enableComponents) || !CRM_Core_Permission::check($key)) { $showItem = false; if ($operator == 'AND') { $skipMenuItems[] = $navID; return $showItem; } } else { $hasPermission = true; } } else { if (!CRM_Core_Permission::check($key)) { $showItem = false; if ($operator == 'AND') { $skipMenuItems[] = $navID; return $showItem; } } else { $hasPermission = true; } } } if (!$showItem && !$hasPermission) { $skipMenuItems[] = $navID; return false; } } if ($makeLink) { return $name = "<a href=\"{$url}\">{$name}</a>"; } return $name; }