/**
* function to generate the where condition for the user.
* While displaying data in the list view data may appear from lower level users in the hierarchy.
* For each user when the condition is to be generated, first get the subordinate user if any
* And then generate the condition. Each table (entity - contacts,leads,potentials etc) will have
* iduser representing who is owner of the record.
* @param string $entity_table_name
* @param integer $idmodule
* @param boolean $subordinate_users_data
* @param integer $iduser
* @see modules/User/User.class.php
*/
public function get_user_where_condition($entity_table_name, $idmodule, $subordinate_users_data = true, $iduser = '')
{
if ($iduser == '') {
$iduser = $_SESSION["do_user"]->iduser;
}
$module_data_share_permissions = $_SESSION["do_user"]->get_module_data_share_permissions();
$where = '';
//if($idmodule == 7 ) return " where 1=1 ";
if ($subordinate_users_data === true) {
if ($module_data_share_permissions[$idmodule] == 5) {
return " AND `" . $entity_table_name . "`.`iduser` = " . $iduser;
}
if ($_SESSION["do_user"]->is_admin == 1) {
return "";
}
}
if ($module_data_share_permissions[$idmodule] == 1 || $module_data_share_permissions[$idmodule] == 2 || $module_data_share_permissions[$idmodule] == 3) {
// if the datashare permission is public then display all
$where = '';
} elseif ($module_data_share_permissions[$idmodule] == 5) {
$where = " AND `" . $entity_table_name . "`.`iduser` = " . $iduser;
} else {
if ($_SESSION["do_user"]->iduser > 0) {
$subordinate_users = $_SESSION["do_user"]->get_subordinate_users();
$user_to_groups = $_SESSION["do_user"]->get_user_associated_to_groups();
} else {
$do_user = new User();
$do_group_user_rel = new GroupUserRelation();
$subordinate_users = $do_user->get_subordinate_users_by_iduser($iduser);
$user_to_groups = $do_group_user_rel->get_groups_by_user($iduser, $subordinate_users);
}
$group_qry = false;
if (is_array($user_to_groups) && count($user_to_groups) > 0) {
$do_module = new Module();
$do_module->getId($idmodule);
$module_name = $do_module->name;
$entity_object = new $module_name();
if ($entity_object->module_group_rel_table != '') {
$group_qry = true;
}
}
if (is_array($subordinate_users) && count($subordinate_users) > 0 && $subordinate_users_data === true) {
$unique_subordinate_users = array_unique($subordinate_users);
$comma_seperated_subordinate_users = implode(",", $unique_subordinate_users);
if ($group_qry === true) {
$where = " \n\t\t\t\t\tAND \n\t\t\t\t\t(\n\t\t\t\t\t\t( " . $entity_table_name . ".iduser = "******" \n\t\t\t\t\t\t\tOR " . $entity_table_name . ".iduser IN (" . $comma_seperated_subordinate_users . ") \n\t\t\t\t\t\t)\n\t\t\t\t\t\tOR (" . $entity_object->module_group_rel_table . ".idgroup in (" . implode(",", $user_to_groups) . ") )\n\t\t\t\t\t)";
} else {
$where = " AND ( " . $entity_table_name . ".iduser = "******" OR " . $entity_table_name . ".iduser IN (" . $comma_seperated_subordinate_users . ") )";
}
} else {
if ($group_qry === true) {
$where = " AND ( " . $entity_table_name . ".iduser = "******" OR " . $entity_object->module_group_rel_table . ".idgroup in (" . implode(",", $user_to_groups) . ") )";
} else {
$where = " AND " . $entity_table_name . ".iduser = " . $iduser;
}
}
}
return $where;
}
/**
* function to set the different privileges for the CRM
* the privileges are all defined on the profile so loading all the different privileges
* sets the data in the form of an arrray in the persistent user object so that the data is
* available across the CRM in the current session.
* NOTE : any change in the profile permissions would require the user to logout so that on next
* login the new privileges are loaded again and become available for the current session.
* This idea is to ignore same set of queries again and again for each time the privileges are checked
* @see User::eventLogin()
*/
protected function set_user_crm_privileges()
{
$do_roles = new Roles();
//Get the role details of the user
$role_id = $this->idrole;
$this->set_user_role_info($do_roles->get_role_detail($role_id));
// Set the groups to which the user is associated
$do_group_user_rel = new GroupUserRelation();
$this->set_user_associated_to_groups($do_group_user_rel->get_groups_by_user($_SESSION["do_user"]->iduser, array(), true));
// Now lets find the profile and actual permissions set in the profile
$do_profile = new Profile();
$do_role_profile_rel = new RoleProfileRelation();
$do_module_standard_permission = new ModuleStandardPermission();
$do_role_profile_rel->get_pofiles_related_to_role($role_id);
$module_permissions = array();
$module_standard_permissions_per_profile_array = array();
if ($do_role_profile_rel->getNumRows() > 0) {
$associated_profiles = array();
while ($do_role_profile_rel->next()) {
$associated_profiles[] = $do_role_profile_rel->idprofile;
}
// Loading the active modules for the CRM available. The object "do_module" is persistent and is instantiated in module.php
if (!is_object($_SESSION["do_module"])) {
$do_module = new Module();
$do_module->sessionPersistent("do_module", "logout.php", TTL);
$_SESSION["do_module"]->load_active_modules();
}
$active_modules = $_SESSION["do_module"]->get_active_modules_for_crm();
// variables to hold the permissions when user is associated with multiple roles
$profile_standard_permission_rel_previous = array();
$profile_module_rel_previous = array();
foreach ($associated_profiles as $idprofile) {
// Getting all the module standard permissions vailable to the profile
$profile_standard_permission_rel = $do_profile->get_all_module_standard_permissions($idprofile);
// Getting if the module is permitted for the profile
$profile_module_rel = $do_profile->get_all_module_permissions($idprofile);
foreach ($active_modules as $module => $idmodule) {
if (array_key_exists($profile_module_rel[$idmodule], $profile_module_rel)) {
if (count($profile_module_rel_previous) > 0 && array_key_exists($profile_module_rel_previous[$idmodule], $profile_module_rel_previous)) {
if ($profile_module_rel_previous[$idmodule] > $module_permissions[$idmodule]["module_permission"]) {
$module_permissions[$idmodule]["module_permission"] = $profile_module_rel_previous[$idmodule];
} else {
$module_permissions[$idmodule]["module_permission"] = $profile_module_rel[$idmodule];
}
} else {
$module_permissions[$idmodule]["module_permission"] = $profile_module_rel[$idmodule];
}
$profile_module_rel_previous[$idmodule] = $profile_module_rel[$idmodule];
}
// Loading the module standard permissions
$do_module_standard_permission->get_module_standard_permissions($idmodule);
if ($do_module_standard_permission->getNumRows() > 0) {
while ($do_module_standard_permission->next()) {
if (array_key_exists($profile_standard_permission_rel[$idmodule][$do_module_standard_permission->idstandard_permission], $profile_standard_permission_rel)) {
if (count($profile_standard_permission_rel_previous) > 0 && array_key_exists($profile_standard_permission_rel_previous[$idmodule][$do_module_standard_permission->idstandard_permission], $profile_standard_permission_rel_previous)) {
if ($profile_standard_permission_rel_previous[$idmodule][$do_module_standard_permission->idstandard_permission] > $profile_standard_permission_rel[$idmodule][$do_module_standard_permission->idstandard_permission]) {
$module_standard_permissions_per_profile_array[$idmodule][$do_module_standard_permission->idstandard_permission] = $profile_standard_permission_rel_previous[$idmodule][$do_module_standard_permission->idstandard_permission];
} else {
$module_standard_permissions_per_profile_array[$idmodule][$do_module_standard_permission->idstandard_permission] = $profile_standard_permission_rel[$idmodule][$do_module_standard_permission->idstandard_permission];
}
} else {
$module_standard_permissions_per_profile_array[$idmodule][$do_module_standard_permission->idstandard_permission] = $profile_standard_permission_rel[$idmodule][$do_module_standard_permission->idstandard_permission];
}
$profile_standard_permission_rel_previous[$idmodule][$do_module_standard_permission->idstandard_permission] = $profile_standard_permission_rel[$idmodule][$do_module_standard_permission->idstandard_permission];
}
}
} else {
$module_standard_permissions_per_profile_array[$idmodule][2] = 1;
}
}
}
foreach ($module_standard_permissions_per_profile_array as $idmodule => $standard_permissions) {
$module_permissions[$idmodule]["standard_permissions"] = $standard_permissions;
}
}
$this->set_user_module_privileges($module_permissions);
}
/**
* function to get all the users including the lookup user and groups associated via hierarchy
* @param integer $iduser
* @param boolean $ignore_current_user
* @param string $key , returned array key default pk primary_key
*/
public function get_users_and_groups($iduser, $ignore_current_user = false, $key = 'pk')
{
$users_array = array();
$groups_array = array();
if ($iduser == 0) {
$iduser = $_SESSION["do_user"]->iduser;
}
$users = $this->get_userids($iduser, $ignore_current_user);
$do_group_user_rel = new GroupUserRelation();
$groups = $do_group_user_rel->get_groups_by_user($iduser, array(), true);
if (is_array($users) && count($users) > 0) {
$qry = "\n\t\t\tselect `iduser`,`user_name`,`firstname`,`lastname`\n\t\t\tfrom user \n\t\t\twhere `iduser` in (" . implode(",", $users) . ")\n\t\t\t";
$stmt = $this->getDbConnection()->executeQuery($qry);
if ($stmt->rowCount() > 0) {
while ($data = $stmt->fetch()) {
if ($key == 'pk') {
$users_array[$data["iduser"]] = array("firstname" => $data["firstname"], "lastname" => $data["lastname"], "user_name" => $data["user_name"]);
} else {
$users_array[$data["user_name"]] = array("firstname" => $data["firstname"], "lastname" => $data["lastname"], "iduser" => $data["iduser"]);
}
}
}
}
if (is_array($groups) && count($groups) > 0) {
$qry = "select `idgroup`,`group_name` from `group`\n\t\t\twhere `idgroup` in (" . implode(",", $groups) . ")\n\t\t\t";
$stmt = $this->getDbConnection()->executeQuery($qry);
if ($stmt->rowCount() > 0) {
while ($data = $stmt->fetch()) {
if ($key == 'pk') {
$groups_array[$data["idgroup"]] = array("group_name" => $data["group_name"]);
} else {
$groups_array[$data["group_name"]] = array("idgroup" => $data["idgroup"]);
}
}
}
}
return array("users" => $users_array, "groups" => $groups_array);
}
