function getPermissionGroup() {
return PermissionGroups::findById($this->getPermissionGroupId());
}
function search_permission_group()
{
$name = trim(array_var($_REQUEST, 'query', ''));
$start = array_var($_REQUEST, 'start', 0);
$orig_limit = array_var($_REQUEST, 'limit');
$limit = $orig_limit + 1;
$query_name = "";
if (strlen($name) > 0) {
$query_name = "AND (c.first_name LIKE '%{$name}%' OR c.surname LIKE '%{$name}%' OR pg.name LIKE '%{$name}%')";
}
// query for permission groups
$sql = "SELECT * FROM " . TABLE_PREFIX . "permission_groups pg LEFT JOIN " . TABLE_PREFIX . "contacts c ON pg.id=c.permission_group_id\r\n\t\t\tWHERE pg.type IN ('permission_groups', 'user_groups') AND (c.user_type IS NULL OR c.user_type >= " . logged_user()->getUserType() . ") {$query_name}\r\n\t\t\tORDER BY c.first_name, c.surname, pg.name\r\n\t\t\tLIMIT {$start}, {$limit}";
$rows = DB::executeAll($sql);
if (!is_array($rows)) {
$rows = array();
}
// show more
$show_more = false;
if (count($rows) > $orig_limit) {
array_pop($rows);
$show_more = true;
}
if ($show_more) {
ajx_extra_data(array('show_more' => $show_more));
}
$tmp_companies = array();
$tmp_roles = array();
$permission_groups = array();
foreach ($rows as $pg_data) {
// basic data
$data = array('pg_id' => $pg_data['id'], 'type' => $pg_data['type'] == 'permission_groups' ? 'user' : 'group', 'iconCls' => '', 'name' => is_null($pg_data['first_name']) && is_null($pg_data['surname']) ? $pg_data['name'] : trim($pg_data['first_name'] . ' ' . $pg_data['surname']));
// company name
$comp_id = array_var($pg_data, 'company_id');
if ($comp_id > 0) {
if (!isset($tmp_companies[$comp_id])) {
$tmp_companies[$comp_id] = Contacts::findById($comp_id);
}
$c = array_var($tmp_companies, $comp_id);
if ($c instanceof Contact) {
$data['company_name'] = trim($c->getObjectName());
}
}
// picture
if ($pg_data['type'] == 'permission_groups') {
$data['user_id'] = array_var($pg_data, 'object_id');
if (array_var($pg_data, 'picture_file') != '') {
$data['picture_url'] = get_url('files', 'get_public_file', array('id' => array_var($pg_data, 'picture_file')));
}
}
// user type
$user_type_id = array_var($pg_data, 'user_type');
if ($user_type_id > 0) {
if (!isset($tmp_roles[$user_type_id])) {
$tmp_roles[$user_type_id] = PermissionGroups::findById($user_type_id);
}
$rol = array_var($tmp_roles, $user_type_id);
if ($rol instanceof PermissionGroup) {
$data['role'] = trim($rol->getName());
if (in_array($rol->getName(), array('Guest', 'Guest Customer'))) {
$data['is_guest'] = '1';
}
}
}
$permission_groups[] = $data;
}
$row = "search-result-row-medium";
ajx_extra_data(array('row_class' => $row));
ajx_extra_data(array('permission_groups' => $permission_groups));
ajx_current("empty");
}
function get_parent_permissions()
{
ajx_current("empty");
$dim_id = array_var($_REQUEST, 'dim_id');
$parent = array_var($_REQUEST, 'parent');
$permission_parameters = array();
$permission_parameters = get_default_member_permission($parent, $permission_parameters);
$pg_data = array();
$perms = array();
foreach ($permission_parameters['member_permissions'] as $pg_id => $p) {
if (is_array($p) && count($p) > 0) {
$perms[$pg_id] = $p;
// type picture_url name is_guest company_name role
$pg = PermissionGroups::findById($pg_id);
if ($pg->getType() == 'permission_groups') {
$c = Contacts::findById($pg->getContactId());
$name = $name = escape_character($c->getObjectName());
$picture_url = $c->getPictureUrl();
$company_name = $c->getCompany() instanceof Contact ? escape_character($c->getCompany()->getObjectName()) : "";
$type = 'contact';
$is_guest = $c->isGuest() ? "1" : "0";
$role = $c->getUserTypeName();
} else {
$name = escape_character($pg->getName());
$picture_url = "";
$company_name = "";
$type = 'group';
$is_guest = "0";
$role = "";
}
$pg_data[$pg_id] = array('pg_id' => $pg_id, 'type' => $type, 'picture_url' => $picture_url, 'name' => $name, 'is_guest' => $is_guest, 'company_name' => $company_name, 'role' => $role);
}
}
ajx_extra_data(array('perms' => $perms, 'pg_data' => $pg_data));
}
/**
*
* After editing permissions refresh associations and object_members for the contact owner of the permission_group modified
* @param $pg_id Permission group id
* @param $ignored Ignored
*/
function core_dimensions_after_save_contact_permissions($pg_id, &$ignored) {
$pg = PermissionGroups::findById($pg_id);
if ($pg instanceof PermissionGroup && $pg->getContactId() > 0 && $pg->getType() == 'permission_groups') {
$user = Contacts::findById($pg->getContactId());
if (!$user instanceof Contact || !$user->isUser()) return;
$member_ids = array();
$cmps = ContactMemberPermissions::instance()->findAll(array("conditions" => "permission_group_id = ".$pg_id));
foreach ($cmps as $cmp) {
$member_ids[$cmp->getMemberId()] = $cmp->getMemberId();
}
if (count($member_ids) == 0) return;
$members = Members::findAll(array('conditions' => 'id IN ('.implode(',', $member_ids).')'));
$persons_dim = Dimensions::findByCode("feng_persons");
$user_member = Members::findOneByObjectId($user->getId(), $persons_dim->getId());
$affected_dimensions = core_dim_create_member_associations($user, $user_member, $members);
// remove from all members of the affected dimensions
if (count($affected_dimensions) > 0) {
$affected_member_ids = Members::findAll(array('id' => true, 'conditions' => 'dimension_id IN ('.implode(',', $affected_dimensions).')'));
if (count($affected_member_ids) > 0) {
ObjectMembers::removeObjectFromMembers($user, logged_user(), $members, $affected_member_ids);
}
}
// add user content object to associated members
$obj_controller = new ObjectController();
ObjectMembers::addObjectToMembers($user->getId(), $members);
$user->addToSharingTable();
}
}
/**
* @author mati
* Enter description here ...
*/
function getUserTypeName()
{
$type = $this->getUserType();
if (!$type) {
return null;
}
if (!array_var(self::$pg_cache, $type)) {
$pg = PermissionGroups::findById($type);
self::$pg_cache[$type] = $pg;
} else {
$pg = array_var(self::$pg_cache, $type);
}
return $pg->getName();
}
/**
* Delete group
*
* @param void
* @return null
*/
function delete() {
if(!can_manage_security(logged_user())) {
flash_error(lang('no access permissions'));
ajx_current("empty");
return;
}
$group = PermissionGroups::findById(get_id());
if(!($group instanceof PermissionGroup)) {
flash_error(lang('group dnx'));
ajx_current("empty");
return ;
}
if ($group->getContactId() > 0) {
flash_error(lang('cannot delete personal permissions'));
ajx_current("empty");
return ;
}
try {
DB::beginWork();
$group->delete();
//ApplicationLogs::createLog($group, ApplicationLogs::ACTION_DELETE);
DB::commit();
flash_success(lang('success delete group', $group->getName()));
ajx_current("reload");
} catch(Exception $e) {
DB::rollback();
flash_error(lang('error delete group'));
ajx_current("empty");
} // try
} // delete_group
/**
* Add Permissions on members for a user
* @param void
* @return null
*/
function add_permissions_user()
{
ajx_current("empty");
try {
DB::beginWork();
// get user_id
if (isset($_POST['cid'])) {
$user = Contacts::findById($_POST['cid']);
}
//get members id
if (isset($_POST['mid'])) {
$members_id = $_POST['mid'];
} else {
flash_error(lang('member dnx'));
ajx_current("empty");
return;
}
$members_id = explode(",", $members_id);
if (!($user instanceof Contact && $user->isUser()) || $user->getDisabled()) {
flash_error(lang('user dnx'));
ajx_current("empty");
return;
}
// if
if (!$user->canUpdatePermissions(logged_user())) {
flash_error(lang('no access permissions'));
ajx_current("empty");
return;
}
// if
//get the role id for the user
$role_id = $user->getUserType();
//get the permissions for the user type
$rows = DB::executeAll("SELECT object_type_id, can_delete, can_write FROM " . TABLE_PREFIX . "role_object_type_permissions WHERE role_id = '{$role_id}'");
$rol_permissions = $rows;
//get the permissions group for the contact
$group_id = $user->getPermissionGroupId();
$group = PermissionGroups::findById($group_id);
if (!$group instanceof PermissionGroup) {
flash_error(lang('group dnx'));
return;
}
//add the permissions on this group
$group->addPermissions($members_id, $rol_permissions);
//contact info
$contact_data['id'] = $user->getId();
$contact_data['card_url'] = $user->getCardUrl();
$contact_data['picture_url'] = $user->getPictureUrl();
$contact_data['object_name'] = clean($user->getObjectName());
$contact_data['email'] = $user->getEmailAddress();
flash_success(lang('success user permissions updated'));
//
ajx_extra_data($contact_data);
DB::commit();
} catch (Exception $e) {
DB::rollback();
flash_error($e->getMessage());
}
}
function save_permissions($pg_id, $is_guest = false, $permissions_data = null, $save_cmps = true, $update_sharing_table = true, $fire_hook = true, $update_contact_member_cache = true, $users_ids_to_check = array(), $only_member_permissions = false)
{
if (is_null($permissions_data)) {
// system permissions
$sys_permissions_data = array_var($_POST, 'sys_perm');
// module permissions
$mod_permissions_data = array_var($_POST, 'mod_perm');
// root permissions
if ($rp_genid = array_var($_POST, 'root_perm_genid')) {
$rp_permissions_data = array();
foreach ($_POST as $name => $value) {
if (str_starts_with($name, $rp_genid . 'rg_root_')) {
$rp_permissions_data[$name] = $value;
}
}
}
// member permissions
$permissionsString = array_var($_POST, 'permissions');
} else {
// system permissions
$sys_permissions_data = array_var($permissions_data, 'sys_perm');
// module permissions
$mod_permissions_data = array_var($permissions_data, 'mod_perm');
// root permissions
$rp_genid = array_var($permissions_data, 'root_perm_genid');
$rp_permissions_data = array_var($permissions_data, 'root_perm');
// member permissions
$permissionsString = array_var($permissions_data, 'permissions');
}
try {
DB::beginWork();
$changed_members = array();
// save module permissions
if (!$only_member_permissions) {
try {
TabPanelPermissions::clearByPermissionGroup($pg_id, true);
if (!is_null($mod_permissions_data) && is_array($mod_permissions_data)) {
foreach ($mod_permissions_data as $tab_id => $val) {
DB::execute("INSERT INTO " . TABLE_PREFIX . "tab_panel_permissions (permission_group_id,tab_panel_id) VALUES ('{$pg_id}','{$tab_id}') ON DUPLICATE KEY UPDATE permission_group_id=permission_group_id");
}
}
} catch (Exception $e) {
Logger::log("Error saving module permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
throw $e;
}
}
$root_permissions_sharing_table_delete = array();
$root_permissions_sharing_table_add = array();
if (logged_user() instanceof Contact && can_manage_security(logged_user())) {
try {
if (!$only_member_permissions) {
// save system permissions
$system_permissions = SystemPermissions::findById($pg_id);
if (!$system_permissions instanceof SystemPermission) {
$system_permissions = new SystemPermission();
$system_permissions->setPermissionGroupId($pg_id);
}
$system_permissions->setAllPermissions(false);
$other_permissions = array();
Hook::fire('add_user_permissions', $pg_id, $other_permissions);
foreach ($other_permissions as $k => $v) {
$system_permissions->setColumnValue($k, false);
}
// check max permissions for role, in case of modifying user's permissions
$role_id = "-1";
$tmp_contact = Contacts::findOne(array('conditions' => 'permission_group_id = ' . $pg_id));
if ($tmp_contact instanceof Contact) {
$role_id = $tmp_contact->getUserType();
}
$max_role_system_permissions = MaxSystemPermissions::findOne(array('conditions' => 'permission_group_id = ' . $role_id));
if ($max_role_system_permissions instanceof MaxSystemPermission) {
foreach ($sys_permissions_data as $col => &$val) {
$max_val = $max_role_system_permissions->getColumnValue($col);
if (!$max_val) {
unset($sys_permissions_data[$col]);
}
}
}
// don't allow to write emails for collaborators and guests
if ($tmp_contact instanceof Contact) {
$user_type_name = $tmp_contact->getUserTypeName();
if (!in_array($user_type_name, array('Super Administrator', 'Administrator', 'Manager', 'Executive'))) {
$mail_ot = ObjectTypes::findByName('mail');
if ($mail_ot instanceof ObjectType) {
DB::executeAll("UPDATE " . TABLE_PREFIX . "contact_member_permissions SET can_write=0, can_delete=0 WHERE object_type_id=" . $mail_ot->getId() . " AND permission_group_id={$pg_id}");
}
}
}
$sys_permissions_data['can_task_assignee'] = !$is_guest;
$system_permissions->setFromAttributes($sys_permissions_data);
$system_permissions->setUseOnDuplicateKeyWhenInsert(true);
$system_permissions->save();
//object type root permissions
$can_have_root_permissions = config_option('let_users_create_objects_in_root') && in_array($user_type_name, array('Super Administrator', 'Administrator', 'Manager', 'Executive'));
if ($rp_genid && $can_have_root_permissions) {
ContactMemberPermissions::delete("permission_group_id = {$pg_id} AND member_id = 0");
foreach ($rp_permissions_data as $name => $value) {
if (str_starts_with($name, $rp_genid . 'rg_root_')) {
$rp_ot = substr($name, strrpos($name, '_') + 1);
if (is_numeric($rp_ot) && $rp_ot > 0 && $value == 0) {
$root_permissions_sharing_table_delete[] = $rp_ot;
}
if (!is_numeric($rp_ot) || $rp_ot <= 0 || $value < 1) {
continue;
}
$root_permissions_sharing_table_add[] = $rp_ot;
// save with member_id = 0
$root_perm_cmp = new ContactMemberPermission();
$root_perm_cmp->setPermissionGroupId($pg_id);
$root_perm_cmp->setMemberId('0');
$root_perm_cmp->setObjectTypeId($rp_ot);
$root_perm_cmp->setCanWrite($value >= 2);
$root_perm_cmp->setCanDelete($value >= 3);
$root_perm_cmp->save();
}
}
}
if (!$can_have_root_permissions) {
ContactMemberPermissions::delete("permission_group_id = {$pg_id} AND member_id = 0");
$sh_controller = new SharingTableController();
$all_object_type_ids = ObjectTypes::findAll(array('id' => true));
$sh_controller->adjust_root_permissions($pg_id, array('root_permissions_sharing_table_delete' => $all_object_type_ids));
}
}
} catch (Exception $e) {
Logger::log("Error saving system and root permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
throw $e;
}
}
// set all permissions to read_only if user is guest
if ($is_guest) {
try {
$all_saved_permissions = ContactMemberPermissions::findAll(array("conditions" => "`permission_group_id` = {$pg_id}"));
foreach ($all_saved_permissions as $sp) {
/* @var $sp ContactMemberPermission */
if ($sp->getCanDelete() || $sp->getCanWrite()) {
$sp->setCanDelete(false);
$sp->setCanWrite(false);
$sp->save();
}
}
$cdps = ContactDimensionPermissions::findAll(array("conditions" => "`permission_type` = 'allow all'"));
foreach ($cdps as $cdp) {
$cdp->setPermissionType('check');
$cdp->save();
}
} catch (Exception $e) {
Logger::log("Error setting guest user permissions to read_only for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
throw $e;
}
}
// check the status of the changed dimensions to set 'allow_all', 'deny_all' or 'check'
try {
$dimensions = Dimensions::findAll(array("conditions" => array("`id` IN (SELECT DISTINCT `dimension_id` FROM " . Members::instance()->getTableName(true) . " WHERE `id` IN (?))", $changed_members)));
foreach ($dimensions as $dimension) {
$dimension->setContactDimensionPermission($pg_id, 'check');
}
} catch (Exception $e) {
Logger::log("Error setting dimension permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
throw $e;
}
//member permissions
if ($permissionsString && $permissionsString != '') {
$permissions = json_decode($permissionsString);
}
if (isset($permissions) && !is_null($permissions) && is_array($permissions)) {
try {
$tmp_contact = Contacts::findOne(array('conditions' => 'permission_group_id = ' . $pg_id));
if ($tmp_contact instanceof Contact) {
$user_type_name = $tmp_contact->getUserTypeName();
$role_id = $tmp_contact->getUserType();
$max_role_ot_perms = MaxRoleObjectTypePermissions::instance()->findAll(array('conditions' => "role_id = '{$role_id}'"));
}
$mail_ot = ObjectTypes::findByName('mail');
$sql_insert_values = "";
$member_object_types_to_delete = array();
$allowed_members_ids = array();
foreach ($permissions as &$perm) {
if (!isset($all_perm_deleted[$perm->m])) {
$all_perm_deleted[$perm->m] = true;
}
$allowed_members_ids[$perm->m] = array();
$allowed_members_ids[$perm->m]['pg'] = $pg_id;
if ($perm->r) {
if (isset($allowed_members_ids[$perm->m]['w'])) {
if ($allowed_members_ids[$perm->m]['w'] != 1) {
$allowed_members_ids[$perm->m]['w'] = $is_guest ? false : $perm->w;
}
} else {
$allowed_members_ids[$perm->m]['w'] = $is_guest ? false : $perm->w;
}
if (isset($allowed_members_ids[$perm->m]['d'])) {
if ($allowed_members_ids[$perm->m]['d'] != 1) {
$allowed_members_ids[$perm->m]['d'] = $is_guest ? false : $perm->d;
}
} else {
$allowed_members_ids[$perm->m]['d'] = $is_guest ? false : $perm->d;
}
// check max permissions for user type
if ($tmp_contact instanceof Contact) {
$max_perm = null;
foreach ($max_role_ot_perms as $max_role_ot_perm) {
if ($max_role_ot_perm->getObjectTypeId() == $perm->o) {
$max_perm = $max_role_ot_perm;
}
}
if ($max_perm) {
if (!$max_perm->getCanDelete()) {
$perm->d = 0;
}
if (!$max_perm->getCanWrite()) {
$perm->w = 0;
}
} else {
$perm->d = 0;
$perm->w = 0;
$perm->r = 0;
}
}
if ($save_cmps) {
// don't allow to write emails for collaborators and guests
if ($tmp_contact instanceof Contact && !in_array($user_type_name, array('Super Administrator', 'Administrator', 'Manager', 'Executive'))) {
if ($mail_ot instanceof ObjectType && $perm->o == $mail_ot->getId()) {
$perm->d = 0;
$perm->w = 0;
}
}
$sql_insert_values .= ($sql_insert_values == "" ? "" : ",") . "('" . $pg_id . "','" . $perm->m . "','" . $perm->o . "','" . $perm->d . "','" . $perm->w . "')";
if (!isset($member_object_types_to_delete[$perm->m])) {
$member_object_types_to_delete[$perm->m] = array();
}
$member_object_types_to_delete[$perm->m][] = $perm->o;
}
$all_perm_deleted[$perm->m] = false;
} else {
if (is_numeric($perm->m) && is_numeric($perm->o)) {
DB::execute("DELETE FROM " . TABLE_PREFIX . "contact_member_permissions WHERE member_id='" . $perm->m . "' AND object_type_id='" . $perm->o . "' AND permission_group_id={$pg_id}");
}
}
$changed_members[] = $perm->m;
}
if ($save_cmps) {
if (count($all_perm_deleted) > 0) {
$member_ids_to_delete = array();
foreach ($all_perm_deleted as $mid => $del) {
// also check in contact_member_permissions
$cmps = ContactMemberPermissions::findAll(array('conditions' => 'permission_group_id=' . $pg_id . " AND member_id={$mid}"));
if ($del && (!is_array($cmps) || count($cmps) == 0)) {
$member_ids_to_delete[] = $mid;
}
}
if (count($member_ids_to_delete) > 0) {
DB::execute("DELETE FROM " . TABLE_PREFIX . "contact_member_permissions WHERE member_id IN (" . implode(',', $member_ids_to_delete) . ") AND permission_group_id={$pg_id}");
}
}
foreach ($member_object_types_to_delete as $mid => $obj_type_ids) {
if (count($obj_type_ids) > 0) {
DB::execute("DELETE FROM " . TABLE_PREFIX . "contact_member_permissions WHERE member_id={$mid} AND object_type_id IN (" . implode(',', $obj_type_ids) . ") AND permission_group_id={$pg_id}");
}
}
if ($sql_insert_values != "") {
DB::execute("INSERT INTO " . TABLE_PREFIX . "contact_member_permissions (permission_group_id, member_id, object_type_id, can_delete, can_write) VALUES {$sql_insert_values} ON DUPLICATE KEY UPDATE member_id=member_id");
}
}
} catch (Exception $e) {
Logger::log("Error saving member permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
throw $e;
}
}
DB::commit();
} catch (Exception $e) {
Logger::log("Error saving permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
DB::rollback();
}
try {
if (isset($permissions) && !is_null($permissions) && is_array($permissions)) {
if ($update_sharing_table) {
try {
$sharingTablecontroller = new SharingTableController();
$rp_info = array('root_permissions_sharing_table_delete' => $root_permissions_sharing_table_delete, 'root_permissions_sharing_table_add' => $root_permissions_sharing_table_add);
$sharingTablecontroller->afterPermissionChanged($pg_id, $permissions, $rp_info);
} catch (Exception $e) {
Logger::log("Error saving permissions to sharing table for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
throw $e;
}
}
if ($update_contact_member_cache) {
try {
$contactMemberCacheController = new ContactMemberCacheController();
$group = PermissionGroups::findById($pg_id);
$real_group = null;
if ($group->getType() == 'user_groups') {
$real_group = $group;
}
$users = $group->getUsers();
$users_ids_checked = array();
foreach ($users as $us) {
$users_ids_checked[] = $us->getId();
$contactMemberCacheController->afterUserPermissionChanged($us, $permissions, $real_group);
}
//check all users related to the group
foreach ($users_ids_to_check as $us_id) {
if (!in_array($us_id, $users_ids_checked)) {
$users_ids_checked[] = $us_id;
$us = Contacts::findById($us_id);
if ($us instanceof Contact) {
$contactMemberCacheController->afterUserPermissionChanged($us, $permissions, $real_group);
}
}
}
} catch (Exception $e) {
Logger::log("Error saving permissions to contact member cache for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
throw $e;
}
}
}
} catch (Exception $e) {
Logger::log("Error saving module permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString());
}
if ($fire_hook) {
Hook::fire('after_save_contact_permissions', $pg_id, $pg_id);
}
// remove contact object from members where permissions were deleted
$user = Contacts::findOne(array('conditions' => 'permission_group_id=' . $pg_id));
if ($user instanceof Contact) {
$to_remove = array();
if (isset($all_perm_deleted) && is_array($all_perm_deleted)) {
foreach ($all_perm_deleted as $m_id => $must_remove) {
if ($must_remove) {
$to_remove[] = $m_id;
}
}
ObjectMembers::removeObjectFromMembers($user, logged_user(), null, $to_remove);
}
}
}
// update sharing table
DB::beginWork();
$sharingTablecontroller = new SharingTableController();
$sharingTablecontroller->afterPermissionChanged($pg_id, json_decode($permissions), $rp_info);
// delete flag
$flag->delete();
DB::commit();
} catch (Exception $e) {
DB::rollback();
Logger::log("Error saving permissions (2): " . $e->getMessage() . "\n" . $e->getTraceAsString());
}
// save tree
try {
DB::beginWork();
$contactMemberCacheController = new ContactMemberCacheController();
$group = PermissionGroups::findById($pg_id);
$real_group = null;
if ($group->getType() == 'user_groups') {
$real_group = $group;
}
$users = $group->getUsers();
$users_ids_checked = array();
//check all users related to the group
foreach ($users as $us) {
$users_ids_checked[] = $us->getId();
$contactMemberCacheController->afterUserPermissionChanged($us, json_decode($permissions), $real_group);
}
//check all users in users_ids_to_check (we do this because a user can be removed from a group)
foreach ($users_ids_to_check as $us_id) {
if (!in_array($us_id, $users_ids_checked)) {
$users_ids_checked[] = $us_id;
/**
*
* After editing permissions refresh associations and object_members for the contact owner of the permission_group modified
* @param $pg_id Permission group id
* @param $ignored Ignored
*/
function core_dimensions_after_save_contact_permissions($pg_id, &$ignored)
{
$pg = PermissionGroups::findById($pg_id);
if ($pg instanceof PermissionGroup && $pg->getContactId() > 0 && $pg->getType() == 'permission_groups') {
$user = Contacts::findById($pg->getContactId());
if (!$user instanceof Contact || !$user->isUser()) {
return;
}
$member_ids = array();
$cmp_rows = DB::executeAll("SELECT member_id FROM " . TABLE_PREFIX . "contact_member_permissions WHERE permission_group_id={$pg_id}");
if (is_array($cmp_rows) && count($cmp_rows) > 0) {
$cmps = array_flat($cmp_rows);
foreach ($cmps as $mid) {
$member_ids[$mid] = $mid;
}
}
if (count($member_ids) == 0) {
return;
}
$members = Members::findAll(array('conditions' => 'id IN (' . implode(',', $member_ids) . ')'));
$persons_dim = Dimensions::findByCode("feng_persons");
$user_member = Members::findOneByObjectId($user->getId(), $persons_dim->getId());
$affected_dimensions = core_dim_create_member_associations($user, $user_member, $members);
// remove from all members of the affected dimensions
if (count($affected_dimensions) > 0) {
$affected_member_ids = Members::findAll(array('id' => true, 'conditions' => 'dimension_id IN (' . implode(',', $affected_dimensions) . ')'));
if (count($affected_member_ids) > 0) {
ObjectMembers::removeObjectFromMembers($user, logged_user(), $members, $affected_member_ids);
}
}
// add user content object to associated members
$obj_controller = new ObjectController();
ObjectMembers::addObjectToMembers($user->getId(), $members);
// add user content object to sharing table
$user->addToSharingTable();
}
}
