function render($control_name)
{
$genid = gen_id();
$groups = PermissionGroups::findAll(array('conditions' => "`type`='roles' AND `parent_id`>0"));
$value = $this->getValue();
$out = '';
foreach ($groups as $group) {
/* @var $dim Dimension */
$checked = array_search($group->getId(), $value) !== false;
$out .= '<div class="checkbox-config-option">';
$out .= label_tag($group->getName(), $genid . '_' . $control_name . '_' . $group->getId(), false, array('style' => 'cursor:pointer;'), '');
$out .= checkbox_field($control_name . '[' . $group->getId() . ']', $checked, array('id' => $genid . '_' . $control_name . '_' . $group->getId()));
$out .= '</div >';
}
$out .= '<input type="hidden" name="' . $control_name . '[0]" value=" "><div class="clear"></div>';
return $out;
}
function core_dimensions_update_9_10()
{
$template_ot = ObjectTypes::findByName('template');
$users = Contacts::getAllUsers();
foreach ($users as $user) {
/* @var $user Contact */
if (!$user->isAdminGroup()) {
continue;
}
// don't allow to write emails for collaborators and guests
$user_type_name = $user->getUserTypeName();
if ($template_ot instanceof ObjectType) {
DB::executeAll("UPDATE " . TABLE_PREFIX . "contact_member_permissions SET can_write=1, can_delete=1 WHERE object_type_id=" . $template_ot->getId() . " AND permission_group_id=" . $user->getPermissionGroupId());
}
}
$pgs = PermissionGroups::findAll(array("conditions" => "`name` in ('Super Administrator','Administrator')"));
foreach ($pgs as $pg) {
DB::executeAll("UPDATE " . TABLE_PREFIX . "role_object_type_permissions SET can_write=1, can_delete=1 WHERE object_type_id=" . $template_ot->getId() . " AND role_id=" . $user->getPermissionGroupId());
}
}
/**
* Return true is $user can access an $object. False otherwise.
*
* @param Contact $user
* @param array $members
* @param $object_type_id
* @return boolean
*/
function can_access_pgids($permission_group_ids, $members, $object_type_id, $access_level)
{
$write = $access_level == ACCESS_LEVEL_WRITE;
$delete = $access_level == ACCESS_LEVEL_DELETE;
$tmp_contact = null;
$max_role_ot_perm = null;
if (count($permission_group_ids) > 0) {
$permission_groups = PermissionGroups::findAll(array('conditions' => "id IN (" . implode(',', $permission_group_ids) . ")"));
foreach ($permission_groups as $pgroup) {
if ($pgroup->getType() == 'permission_groups' && $pgroup->getContactId() > 0) {
$tmp_contact = Contacts::findById($pgroup->getContactId());
$max_role_ot_perm = MaxRoleObjectTypePermissions::instance()->findOne(array('conditions' => "object_type_id='{$object_type_id}' AND role_id = '" . $tmp_contact->getUserType() . "'"));
break;
}
}
}
try {
$dimension_query_methods = array();
$dimension_permissions = array();
$enabled_dimensions = config_option('enabled_dimensions');
$dimension_info = array();
foreach ($members as $k => $m) {
if (!$m instanceof Member || !in_array($m->getDimensionId(), $enabled_dimensions)) {
unset($members[$k]);
continue;
}
if (!isset($dimension_info[$m->getDimensionId()])) {
$dimension_info[$m->getDimensionId()] = array('dim' => $m->getDimension(), 'members' => array($m->getId() => $m));
} else {
$dimension_info[$m->getDimensionId()]['members'][$m->getId()] = $m;
}
}
foreach ($dimension_info as $did => $info) {
$dimension = $info['dim'];
if (!$dimension->getDefinesPermissions()) {
continue;
}
if ($max_role_ot_perm && ($access_level == ACCESS_LEVEL_DELETE && $max_role_ot_perm->getCanDelete() || $access_level == ACCESS_LEVEL_WRITE && $max_role_ot_perm->getCanWrite() || $access_level == ACCESS_LEVEL_READ)) {
if (!isset($dimension_query_methods[$dimension->getId()])) {
$dimension_query_methods[$dimension->getId()] = $dimension->getPermissionQueryMethod();
}
$dimension_id = $dimension->getId();
$dimension_permissions[$dimension_id] = array();
//dimension defines permissions and user has maximum level of permissions
$dimension_permissions[$dimension_id] = array_merge($dimension_permissions[$dimension_id], $dimension->getPermissionGroupsAllowAll($permission_group_ids));
//check
$dimension_permissions[$dimension_id] = array_merge($dimension_permissions[$dimension_id], ContactMemberPermissions::instance()->canAccessObjectTypeinMembersPermissionGroups($permission_group_ids, array_keys($info['members']), $object_type_id, $write, $delete));
}
}
$mandatory_dimension_ids = array();
foreach ($dimension_query_methods as $dim_id => $qmethod) {
if (!in_array($dim_id, $enabled_dimensions)) {
continue;
}
if ($qmethod == DIMENSION_PERMISSION_QUERY_METHOD_MANDATORY) {
$mandatory_dimension_ids[] = $dim_id;
}
}
// if there are mandatory dimensions involved then intersect the allowed permission groups of each dimension
if (count($mandatory_dimension_ids) > 0) {
$first_mdid = array_pop($mandatory_dimension_ids);
$pgs_accomplishing_mandatory = $dimension_permissions[$first_mdid];
foreach ($mandatory_dimension_ids as $mdid) {
$pgs_accomplishing_mandatory = array_intersect($pgs_accomplishing_mandatory, $dimension_permissions[$mdid]);
}
$all_permission_groups = array_unique($pgs_accomplishing_mandatory);
} else {
// No mandatory dimensions involved => return all allowed permission groups
$other_pgs = array();
foreach ($dimension_query_methods as $dim_id => $qmethod) {
if (!in_array($dim_id, $enabled_dimensions)) {
continue;
}
if ($qmethod == DIMENSION_PERMISSION_QUERY_METHOD_NOT_MANDATORY) {
$other_pgs = array_merge($other_pgs, $dimension_permissions[$dim_id]);
}
}
$all_permission_groups = array_unique($other_pgs);
}
return $all_permission_groups;
} catch (Exception $e) {
tpl_assign('error', $e);
return array();
}
return array();
}
