/** * Overload of the w2PObject::getDeniedRecords * to ensure that the projects owned by denied companies are denied. * * @author handco <*****@*****.**> * @see w2PObject::getAllowedRecords */ public function getDeniedRecords($uid) { $aBuf1 = parent::getDeniedRecords($uid); $oCpy = new CCompany(); // Retrieve which projects are allowed due to the company rules $aCpiesAllowed = $oCpy->getAllowedRecords($uid, 'company_id,company_name'); //Department permissions $oDpt = new CDepartment(); $aDptsAllowed = $oDpt->getAllowedRecords($uid, 'dept_id,dept_name'); $q = new DBQuery(); $q->addTable('projects'); $q->addQuery('projects.project_id'); $q->addJoin('project_departments', 'pd', 'pd.project_id = projects.project_id'); if (count($aCpiesAllowed)) { if (array_search('0', $aCpiesAllowed) === false) { //If 0 (All Items of a module) are not permited then just add the allowed items only $q->addWhere('NOT (project_company IN (' . implode(',', array_keys($aCpiesAllowed)) . '))'); } else { //If 0 (All Items of a module) are permited then don't add a where clause so the user is permitted to see all } } else { //if the user is not allowed any company then lets shut him off $q->addWhere('0=1'); } if (count($aDptsAllowed)) { if (array_search('0', $aDptsAllowed) === false) { //If 0 (All Items of a module) are not permited then just add the allowed items only $q->addWhere('NOT (department_id IN (' . implode(',', array_keys($aDptsAllowed)) . '))'); } else { //If 0 (All Items of a module) are permited then don't add a where clause so the user is permitted to see all $q->addWhere('NOT (department_id IS NULL)'); } } else { //If 0 (All Items of a module) are permited then don't add a where clause so the user is permitted to see all $q->addWhere('NOT (department_id IS NULL)'); } $aBuf2 = $q->loadColumn(); $q->clear(); return array_merge($aBuf1, $aBuf2); }