function getPermissionGroup() { return PermissionGroups::findById($this->getPermissionGroupId()); }
function search_permission_group() { $name = trim(array_var($_REQUEST, 'query', '')); $start = array_var($_REQUEST, 'start', 0); $orig_limit = array_var($_REQUEST, 'limit'); $limit = $orig_limit + 1; $query_name = ""; if (strlen($name) > 0) { $query_name = "AND (c.first_name LIKE '%{$name}%' OR c.surname LIKE '%{$name}%' OR pg.name LIKE '%{$name}%')"; } // query for permission groups $sql = "SELECT * FROM " . TABLE_PREFIX . "permission_groups pg LEFT JOIN " . TABLE_PREFIX . "contacts c ON pg.id=c.permission_group_id\r\n\t\t\tWHERE pg.type IN ('permission_groups', 'user_groups') AND (c.user_type IS NULL OR c.user_type >= " . logged_user()->getUserType() . ") {$query_name}\r\n\t\t\tORDER BY c.first_name, c.surname, pg.name\r\n\t\t\tLIMIT {$start}, {$limit}"; $rows = DB::executeAll($sql); if (!is_array($rows)) { $rows = array(); } // show more $show_more = false; if (count($rows) > $orig_limit) { array_pop($rows); $show_more = true; } if ($show_more) { ajx_extra_data(array('show_more' => $show_more)); } $tmp_companies = array(); $tmp_roles = array(); $permission_groups = array(); foreach ($rows as $pg_data) { // basic data $data = array('pg_id' => $pg_data['id'], 'type' => $pg_data['type'] == 'permission_groups' ? 'user' : 'group', 'iconCls' => '', 'name' => is_null($pg_data['first_name']) && is_null($pg_data['surname']) ? $pg_data['name'] : trim($pg_data['first_name'] . ' ' . $pg_data['surname'])); // company name $comp_id = array_var($pg_data, 'company_id'); if ($comp_id > 0) { if (!isset($tmp_companies[$comp_id])) { $tmp_companies[$comp_id] = Contacts::findById($comp_id); } $c = array_var($tmp_companies, $comp_id); if ($c instanceof Contact) { $data['company_name'] = trim($c->getObjectName()); } } // picture if ($pg_data['type'] == 'permission_groups') { $data['user_id'] = array_var($pg_data, 'object_id'); if (array_var($pg_data, 'picture_file') != '') { $data['picture_url'] = get_url('files', 'get_public_file', array('id' => array_var($pg_data, 'picture_file'))); } } // user type $user_type_id = array_var($pg_data, 'user_type'); if ($user_type_id > 0) { if (!isset($tmp_roles[$user_type_id])) { $tmp_roles[$user_type_id] = PermissionGroups::findById($user_type_id); } $rol = array_var($tmp_roles, $user_type_id); if ($rol instanceof PermissionGroup) { $data['role'] = trim($rol->getName()); if (in_array($rol->getName(), array('Guest', 'Guest Customer'))) { $data['is_guest'] = '1'; } } } $permission_groups[] = $data; } $row = "search-result-row-medium"; ajx_extra_data(array('row_class' => $row)); ajx_extra_data(array('permission_groups' => $permission_groups)); ajx_current("empty"); }
function get_parent_permissions() { ajx_current("empty"); $dim_id = array_var($_REQUEST, 'dim_id'); $parent = array_var($_REQUEST, 'parent'); $permission_parameters = array(); $permission_parameters = get_default_member_permission($parent, $permission_parameters); $pg_data = array(); $perms = array(); foreach ($permission_parameters['member_permissions'] as $pg_id => $p) { if (is_array($p) && count($p) > 0) { $perms[$pg_id] = $p; // type picture_url name is_guest company_name role $pg = PermissionGroups::findById($pg_id); if ($pg->getType() == 'permission_groups') { $c = Contacts::findById($pg->getContactId()); $name = $name = escape_character($c->getObjectName()); $picture_url = $c->getPictureUrl(); $company_name = $c->getCompany() instanceof Contact ? escape_character($c->getCompany()->getObjectName()) : ""; $type = 'contact'; $is_guest = $c->isGuest() ? "1" : "0"; $role = $c->getUserTypeName(); } else { $name = escape_character($pg->getName()); $picture_url = ""; $company_name = ""; $type = 'group'; $is_guest = "0"; $role = ""; } $pg_data[$pg_id] = array('pg_id' => $pg_id, 'type' => $type, 'picture_url' => $picture_url, 'name' => $name, 'is_guest' => $is_guest, 'company_name' => $company_name, 'role' => $role); } } ajx_extra_data(array('perms' => $perms, 'pg_data' => $pg_data)); }
/** * * After editing permissions refresh associations and object_members for the contact owner of the permission_group modified * @param $pg_id Permission group id * @param $ignored Ignored */ function core_dimensions_after_save_contact_permissions($pg_id, &$ignored) { $pg = PermissionGroups::findById($pg_id); if ($pg instanceof PermissionGroup && $pg->getContactId() > 0 && $pg->getType() == 'permission_groups') { $user = Contacts::findById($pg->getContactId()); if (!$user instanceof Contact || !$user->isUser()) return; $member_ids = array(); $cmps = ContactMemberPermissions::instance()->findAll(array("conditions" => "permission_group_id = ".$pg_id)); foreach ($cmps as $cmp) { $member_ids[$cmp->getMemberId()] = $cmp->getMemberId(); } if (count($member_ids) == 0) return; $members = Members::findAll(array('conditions' => 'id IN ('.implode(',', $member_ids).')')); $persons_dim = Dimensions::findByCode("feng_persons"); $user_member = Members::findOneByObjectId($user->getId(), $persons_dim->getId()); $affected_dimensions = core_dim_create_member_associations($user, $user_member, $members); // remove from all members of the affected dimensions if (count($affected_dimensions) > 0) { $affected_member_ids = Members::findAll(array('id' => true, 'conditions' => 'dimension_id IN ('.implode(',', $affected_dimensions).')')); if (count($affected_member_ids) > 0) { ObjectMembers::removeObjectFromMembers($user, logged_user(), $members, $affected_member_ids); } } // add user content object to associated members $obj_controller = new ObjectController(); ObjectMembers::addObjectToMembers($user->getId(), $members); $user->addToSharingTable(); } }
/** * @author mati * Enter description here ... */ function getUserTypeName() { $type = $this->getUserType(); if (!$type) { return null; } if (!array_var(self::$pg_cache, $type)) { $pg = PermissionGroups::findById($type); self::$pg_cache[$type] = $pg; } else { $pg = array_var(self::$pg_cache, $type); } return $pg->getName(); }
/** * Delete group * * @param void * @return null */ function delete() { if(!can_manage_security(logged_user())) { flash_error(lang('no access permissions')); ajx_current("empty"); return; } $group = PermissionGroups::findById(get_id()); if(!($group instanceof PermissionGroup)) { flash_error(lang('group dnx')); ajx_current("empty"); return ; } if ($group->getContactId() > 0) { flash_error(lang('cannot delete personal permissions')); ajx_current("empty"); return ; } try { DB::beginWork(); $group->delete(); //ApplicationLogs::createLog($group, ApplicationLogs::ACTION_DELETE); DB::commit(); flash_success(lang('success delete group', $group->getName())); ajx_current("reload"); } catch(Exception $e) { DB::rollback(); flash_error(lang('error delete group')); ajx_current("empty"); } // try } // delete_group
/** * Add Permissions on members for a user * @param void * @return null */ function add_permissions_user() { ajx_current("empty"); try { DB::beginWork(); // get user_id if (isset($_POST['cid'])) { $user = Contacts::findById($_POST['cid']); } //get members id if (isset($_POST['mid'])) { $members_id = $_POST['mid']; } else { flash_error(lang('member dnx')); ajx_current("empty"); return; } $members_id = explode(",", $members_id); if (!($user instanceof Contact && $user->isUser()) || $user->getDisabled()) { flash_error(lang('user dnx')); ajx_current("empty"); return; } // if if (!$user->canUpdatePermissions(logged_user())) { flash_error(lang('no access permissions')); ajx_current("empty"); return; } // if //get the role id for the user $role_id = $user->getUserType(); //get the permissions for the user type $rows = DB::executeAll("SELECT object_type_id, can_delete, can_write FROM " . TABLE_PREFIX . "role_object_type_permissions WHERE role_id = '{$role_id}'"); $rol_permissions = $rows; //get the permissions group for the contact $group_id = $user->getPermissionGroupId(); $group = PermissionGroups::findById($group_id); if (!$group instanceof PermissionGroup) { flash_error(lang('group dnx')); return; } //add the permissions on this group $group->addPermissions($members_id, $rol_permissions); //contact info $contact_data['id'] = $user->getId(); $contact_data['card_url'] = $user->getCardUrl(); $contact_data['picture_url'] = $user->getPictureUrl(); $contact_data['object_name'] = clean($user->getObjectName()); $contact_data['email'] = $user->getEmailAddress(); flash_success(lang('success user permissions updated')); // ajx_extra_data($contact_data); DB::commit(); } catch (Exception $e) { DB::rollback(); flash_error($e->getMessage()); } }
function save_permissions($pg_id, $is_guest = false, $permissions_data = null, $save_cmps = true, $update_sharing_table = true, $fire_hook = true, $update_contact_member_cache = true, $users_ids_to_check = array(), $only_member_permissions = false) { if (is_null($permissions_data)) { // system permissions $sys_permissions_data = array_var($_POST, 'sys_perm'); // module permissions $mod_permissions_data = array_var($_POST, 'mod_perm'); // root permissions if ($rp_genid = array_var($_POST, 'root_perm_genid')) { $rp_permissions_data = array(); foreach ($_POST as $name => $value) { if (str_starts_with($name, $rp_genid . 'rg_root_')) { $rp_permissions_data[$name] = $value; } } } // member permissions $permissionsString = array_var($_POST, 'permissions'); } else { // system permissions $sys_permissions_data = array_var($permissions_data, 'sys_perm'); // module permissions $mod_permissions_data = array_var($permissions_data, 'mod_perm'); // root permissions $rp_genid = array_var($permissions_data, 'root_perm_genid'); $rp_permissions_data = array_var($permissions_data, 'root_perm'); // member permissions $permissionsString = array_var($permissions_data, 'permissions'); } try { DB::beginWork(); $changed_members = array(); // save module permissions if (!$only_member_permissions) { try { TabPanelPermissions::clearByPermissionGroup($pg_id, true); if (!is_null($mod_permissions_data) && is_array($mod_permissions_data)) { foreach ($mod_permissions_data as $tab_id => $val) { DB::execute("INSERT INTO " . TABLE_PREFIX . "tab_panel_permissions (permission_group_id,tab_panel_id) VALUES ('{$pg_id}','{$tab_id}') ON DUPLICATE KEY UPDATE permission_group_id=permission_group_id"); } } } catch (Exception $e) { Logger::log("Error saving module permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString()); throw $e; } } $root_permissions_sharing_table_delete = array(); $root_permissions_sharing_table_add = array(); if (logged_user() instanceof Contact && can_manage_security(logged_user())) { try { if (!$only_member_permissions) { // save system permissions $system_permissions = SystemPermissions::findById($pg_id); if (!$system_permissions instanceof SystemPermission) { $system_permissions = new SystemPermission(); $system_permissions->setPermissionGroupId($pg_id); } $system_permissions->setAllPermissions(false); $other_permissions = array(); Hook::fire('add_user_permissions', $pg_id, $other_permissions); foreach ($other_permissions as $k => $v) { $system_permissions->setColumnValue($k, false); } // check max permissions for role, in case of modifying user's permissions $role_id = "-1"; $tmp_contact = Contacts::findOne(array('conditions' => 'permission_group_id = ' . $pg_id)); if ($tmp_contact instanceof Contact) { $role_id = $tmp_contact->getUserType(); } $max_role_system_permissions = MaxSystemPermissions::findOne(array('conditions' => 'permission_group_id = ' . $role_id)); if ($max_role_system_permissions instanceof MaxSystemPermission) { foreach ($sys_permissions_data as $col => &$val) { $max_val = $max_role_system_permissions->getColumnValue($col); if (!$max_val) { unset($sys_permissions_data[$col]); } } } // don't allow to write emails for collaborators and guests if ($tmp_contact instanceof Contact) { $user_type_name = $tmp_contact->getUserTypeName(); if (!in_array($user_type_name, array('Super Administrator', 'Administrator', 'Manager', 'Executive'))) { $mail_ot = ObjectTypes::findByName('mail'); if ($mail_ot instanceof ObjectType) { DB::executeAll("UPDATE " . TABLE_PREFIX . "contact_member_permissions SET can_write=0, can_delete=0 WHERE object_type_id=" . $mail_ot->getId() . " AND permission_group_id={$pg_id}"); } } } $sys_permissions_data['can_task_assignee'] = !$is_guest; $system_permissions->setFromAttributes($sys_permissions_data); $system_permissions->setUseOnDuplicateKeyWhenInsert(true); $system_permissions->save(); //object type root permissions $can_have_root_permissions = config_option('let_users_create_objects_in_root') && in_array($user_type_name, array('Super Administrator', 'Administrator', 'Manager', 'Executive')); if ($rp_genid && $can_have_root_permissions) { ContactMemberPermissions::delete("permission_group_id = {$pg_id} AND member_id = 0"); foreach ($rp_permissions_data as $name => $value) { if (str_starts_with($name, $rp_genid . 'rg_root_')) { $rp_ot = substr($name, strrpos($name, '_') + 1); if (is_numeric($rp_ot) && $rp_ot > 0 && $value == 0) { $root_permissions_sharing_table_delete[] = $rp_ot; } if (!is_numeric($rp_ot) || $rp_ot <= 0 || $value < 1) { continue; } $root_permissions_sharing_table_add[] = $rp_ot; // save with member_id = 0 $root_perm_cmp = new ContactMemberPermission(); $root_perm_cmp->setPermissionGroupId($pg_id); $root_perm_cmp->setMemberId('0'); $root_perm_cmp->setObjectTypeId($rp_ot); $root_perm_cmp->setCanWrite($value >= 2); $root_perm_cmp->setCanDelete($value >= 3); $root_perm_cmp->save(); } } } if (!$can_have_root_permissions) { ContactMemberPermissions::delete("permission_group_id = {$pg_id} AND member_id = 0"); $sh_controller = new SharingTableController(); $all_object_type_ids = ObjectTypes::findAll(array('id' => true)); $sh_controller->adjust_root_permissions($pg_id, array('root_permissions_sharing_table_delete' => $all_object_type_ids)); } } } catch (Exception $e) { Logger::log("Error saving system and root permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString()); throw $e; } } // set all permissions to read_only if user is guest if ($is_guest) { try { $all_saved_permissions = ContactMemberPermissions::findAll(array("conditions" => "`permission_group_id` = {$pg_id}")); foreach ($all_saved_permissions as $sp) { /* @var $sp ContactMemberPermission */ if ($sp->getCanDelete() || $sp->getCanWrite()) { $sp->setCanDelete(false); $sp->setCanWrite(false); $sp->save(); } } $cdps = ContactDimensionPermissions::findAll(array("conditions" => "`permission_type` = 'allow all'")); foreach ($cdps as $cdp) { $cdp->setPermissionType('check'); $cdp->save(); } } catch (Exception $e) { Logger::log("Error setting guest user permissions to read_only for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString()); throw $e; } } // check the status of the changed dimensions to set 'allow_all', 'deny_all' or 'check' try { $dimensions = Dimensions::findAll(array("conditions" => array("`id` IN (SELECT DISTINCT `dimension_id` FROM " . Members::instance()->getTableName(true) . " WHERE `id` IN (?))", $changed_members))); foreach ($dimensions as $dimension) { $dimension->setContactDimensionPermission($pg_id, 'check'); } } catch (Exception $e) { Logger::log("Error setting dimension permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString()); throw $e; } //member permissions if ($permissionsString && $permissionsString != '') { $permissions = json_decode($permissionsString); } if (isset($permissions) && !is_null($permissions) && is_array($permissions)) { try { $tmp_contact = Contacts::findOne(array('conditions' => 'permission_group_id = ' . $pg_id)); if ($tmp_contact instanceof Contact) { $user_type_name = $tmp_contact->getUserTypeName(); $role_id = $tmp_contact->getUserType(); $max_role_ot_perms = MaxRoleObjectTypePermissions::instance()->findAll(array('conditions' => "role_id = '{$role_id}'")); } $mail_ot = ObjectTypes::findByName('mail'); $sql_insert_values = ""; $member_object_types_to_delete = array(); $allowed_members_ids = array(); foreach ($permissions as &$perm) { if (!isset($all_perm_deleted[$perm->m])) { $all_perm_deleted[$perm->m] = true; } $allowed_members_ids[$perm->m] = array(); $allowed_members_ids[$perm->m]['pg'] = $pg_id; if ($perm->r) { if (isset($allowed_members_ids[$perm->m]['w'])) { if ($allowed_members_ids[$perm->m]['w'] != 1) { $allowed_members_ids[$perm->m]['w'] = $is_guest ? false : $perm->w; } } else { $allowed_members_ids[$perm->m]['w'] = $is_guest ? false : $perm->w; } if (isset($allowed_members_ids[$perm->m]['d'])) { if ($allowed_members_ids[$perm->m]['d'] != 1) { $allowed_members_ids[$perm->m]['d'] = $is_guest ? false : $perm->d; } } else { $allowed_members_ids[$perm->m]['d'] = $is_guest ? false : $perm->d; } // check max permissions for user type if ($tmp_contact instanceof Contact) { $max_perm = null; foreach ($max_role_ot_perms as $max_role_ot_perm) { if ($max_role_ot_perm->getObjectTypeId() == $perm->o) { $max_perm = $max_role_ot_perm; } } if ($max_perm) { if (!$max_perm->getCanDelete()) { $perm->d = 0; } if (!$max_perm->getCanWrite()) { $perm->w = 0; } } else { $perm->d = 0; $perm->w = 0; $perm->r = 0; } } if ($save_cmps) { // don't allow to write emails for collaborators and guests if ($tmp_contact instanceof Contact && !in_array($user_type_name, array('Super Administrator', 'Administrator', 'Manager', 'Executive'))) { if ($mail_ot instanceof ObjectType && $perm->o == $mail_ot->getId()) { $perm->d = 0; $perm->w = 0; } } $sql_insert_values .= ($sql_insert_values == "" ? "" : ",") . "('" . $pg_id . "','" . $perm->m . "','" . $perm->o . "','" . $perm->d . "','" . $perm->w . "')"; if (!isset($member_object_types_to_delete[$perm->m])) { $member_object_types_to_delete[$perm->m] = array(); } $member_object_types_to_delete[$perm->m][] = $perm->o; } $all_perm_deleted[$perm->m] = false; } else { if (is_numeric($perm->m) && is_numeric($perm->o)) { DB::execute("DELETE FROM " . TABLE_PREFIX . "contact_member_permissions WHERE member_id='" . $perm->m . "' AND object_type_id='" . $perm->o . "' AND permission_group_id={$pg_id}"); } } $changed_members[] = $perm->m; } if ($save_cmps) { if (count($all_perm_deleted) > 0) { $member_ids_to_delete = array(); foreach ($all_perm_deleted as $mid => $del) { // also check in contact_member_permissions $cmps = ContactMemberPermissions::findAll(array('conditions' => 'permission_group_id=' . $pg_id . " AND member_id={$mid}")); if ($del && (!is_array($cmps) || count($cmps) == 0)) { $member_ids_to_delete[] = $mid; } } if (count($member_ids_to_delete) > 0) { DB::execute("DELETE FROM " . TABLE_PREFIX . "contact_member_permissions WHERE member_id IN (" . implode(',', $member_ids_to_delete) . ") AND permission_group_id={$pg_id}"); } } foreach ($member_object_types_to_delete as $mid => $obj_type_ids) { if (count($obj_type_ids) > 0) { DB::execute("DELETE FROM " . TABLE_PREFIX . "contact_member_permissions WHERE member_id={$mid} AND object_type_id IN (" . implode(',', $obj_type_ids) . ") AND permission_group_id={$pg_id}"); } } if ($sql_insert_values != "") { DB::execute("INSERT INTO " . TABLE_PREFIX . "contact_member_permissions (permission_group_id, member_id, object_type_id, can_delete, can_write) VALUES {$sql_insert_values} ON DUPLICATE KEY UPDATE member_id=member_id"); } } } catch (Exception $e) { Logger::log("Error saving member permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString()); throw $e; } } DB::commit(); } catch (Exception $e) { Logger::log("Error saving permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString()); DB::rollback(); } try { if (isset($permissions) && !is_null($permissions) && is_array($permissions)) { if ($update_sharing_table) { try { $sharingTablecontroller = new SharingTableController(); $rp_info = array('root_permissions_sharing_table_delete' => $root_permissions_sharing_table_delete, 'root_permissions_sharing_table_add' => $root_permissions_sharing_table_add); $sharingTablecontroller->afterPermissionChanged($pg_id, $permissions, $rp_info); } catch (Exception $e) { Logger::log("Error saving permissions to sharing table for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString()); throw $e; } } if ($update_contact_member_cache) { try { $contactMemberCacheController = new ContactMemberCacheController(); $group = PermissionGroups::findById($pg_id); $real_group = null; if ($group->getType() == 'user_groups') { $real_group = $group; } $users = $group->getUsers(); $users_ids_checked = array(); foreach ($users as $us) { $users_ids_checked[] = $us->getId(); $contactMemberCacheController->afterUserPermissionChanged($us, $permissions, $real_group); } //check all users related to the group foreach ($users_ids_to_check as $us_id) { if (!in_array($us_id, $users_ids_checked)) { $users_ids_checked[] = $us_id; $us = Contacts::findById($us_id); if ($us instanceof Contact) { $contactMemberCacheController->afterUserPermissionChanged($us, $permissions, $real_group); } } } } catch (Exception $e) { Logger::log("Error saving permissions to contact member cache for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString()); throw $e; } } } } catch (Exception $e) { Logger::log("Error saving module permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString()); } if ($fire_hook) { Hook::fire('after_save_contact_permissions', $pg_id, $pg_id); } // remove contact object from members where permissions were deleted $user = Contacts::findOne(array('conditions' => 'permission_group_id=' . $pg_id)); if ($user instanceof Contact) { $to_remove = array(); if (isset($all_perm_deleted) && is_array($all_perm_deleted)) { foreach ($all_perm_deleted as $m_id => $must_remove) { if ($must_remove) { $to_remove[] = $m_id; } } ObjectMembers::removeObjectFromMembers($user, logged_user(), null, $to_remove); } } }
// update sharing table DB::beginWork(); $sharingTablecontroller = new SharingTableController(); $sharingTablecontroller->afterPermissionChanged($pg_id, json_decode($permissions), $rp_info); // delete flag $flag->delete(); DB::commit(); } catch (Exception $e) { DB::rollback(); Logger::log("Error saving permissions (2): " . $e->getMessage() . "\n" . $e->getTraceAsString()); } // save tree try { DB::beginWork(); $contactMemberCacheController = new ContactMemberCacheController(); $group = PermissionGroups::findById($pg_id); $real_group = null; if ($group->getType() == 'user_groups') { $real_group = $group; } $users = $group->getUsers(); $users_ids_checked = array(); //check all users related to the group foreach ($users as $us) { $users_ids_checked[] = $us->getId(); $contactMemberCacheController->afterUserPermissionChanged($us, json_decode($permissions), $real_group); } //check all users in users_ids_to_check (we do this because a user can be removed from a group) foreach ($users_ids_to_check as $us_id) { if (!in_array($us_id, $users_ids_checked)) { $users_ids_checked[] = $us_id;
/** * * After editing permissions refresh associations and object_members for the contact owner of the permission_group modified * @param $pg_id Permission group id * @param $ignored Ignored */ function core_dimensions_after_save_contact_permissions($pg_id, &$ignored) { $pg = PermissionGroups::findById($pg_id); if ($pg instanceof PermissionGroup && $pg->getContactId() > 0 && $pg->getType() == 'permission_groups') { $user = Contacts::findById($pg->getContactId()); if (!$user instanceof Contact || !$user->isUser()) { return; } $member_ids = array(); $cmp_rows = DB::executeAll("SELECT member_id FROM " . TABLE_PREFIX . "contact_member_permissions WHERE permission_group_id={$pg_id}"); if (is_array($cmp_rows) && count($cmp_rows) > 0) { $cmps = array_flat($cmp_rows); foreach ($cmps as $mid) { $member_ids[$mid] = $mid; } } if (count($member_ids) == 0) { return; } $members = Members::findAll(array('conditions' => 'id IN (' . implode(',', $member_ids) . ')')); $persons_dim = Dimensions::findByCode("feng_persons"); $user_member = Members::findOneByObjectId($user->getId(), $persons_dim->getId()); $affected_dimensions = core_dim_create_member_associations($user, $user_member, $members); // remove from all members of the affected dimensions if (count($affected_dimensions) > 0) { $affected_member_ids = Members::findAll(array('id' => true, 'conditions' => 'dimension_id IN (' . implode(',', $affected_dimensions) . ')')); if (count($affected_member_ids) > 0) { ObjectMembers::removeObjectFromMembers($user, logged_user(), $members, $affected_member_ids); } } // add user content object to associated members $obj_controller = new ObjectController(); ObjectMembers::addObjectToMembers($user->getId(), $members); // add user content object to sharing table $user->addToSharingTable(); } }