function getByUserAndProject($project, $user) { return ProjectUsers::findOne(array('conditions' => array('`user_id` = ? AND `project_id` = ? ', $user->getId(), $project->getId()))); }
/** * Return true is $user has $access_level (R/W) over $object * * @param User $user * @param ApplicationDataObject $object * @param int $access_level // 1 = read ; 2 = write * @return unknown */ function can_access(User $user, ApplicationDataObject $object, $access_level) { try { if (!$object instanceof ApplicationDataObject) { throw new Exception(lang('object dnx')); } $hookargs = array("user" => $user, "object" => $object, "access_level" => $access_level); $ret = null; Hook::fire('can_access', $hookargs, $ret); if (is_bool($ret)) { return $ret; } if ($object instanceof Comment) { return can_access($user, $object->getObject(), $access_level); } if ($user->isGuest() && $access_level == ACCESS_LEVEL_WRITE) { return false; } if ($object instanceof ProjectFileRevision) { return can_access($user, $object->getFile(), $access_level); } if ($object->columnExists('project_id')) { $user_id = $user->getId(); if (!$object instanceof ProjectContact && $object->getCreatedById() == $user_id) { return true; } // the user is the creator of the object if ($object instanceof ProjectDataObject && $object->getProject() instanceof Project && $object->getProject()->getId() == $user->getPersonalProjectId()) { return true; } // The object belongs to the user's personal project $perms = ObjectUserPermissions::getAllPermissionsByObject($object, $user->getId()); if ($perms && is_array($perms)) { //if the permissions for the user in the object are specially set return has_access_level($perms[0], $access_level); } $group_ids = GroupUsers::getGroupsCSVsByUser($user_id); if ($group_ids && $group_ids != '') { //user belongs to at least one group $perms = ObjectUserPermissions::getAllPermissionsByObject($object, $group_ids); if ($perms) { foreach ($perms as $perm) { if (has_access_level($perm, $access_level)) { return true; } //there is one group permission that allows the user to access } } } if ($object instanceof ProjectDataObject && $object->getProject()) { //if the object has a project assigned to it $proj_perm = ProjectUsers::findOne(array('conditions' => array('user_id = ? AND project_id = ? ', $user_id, $object->getProject()->getId()))); if ($proj_perm && can_manage_type(get_class($object->manager()), $proj_perm, $access_level)) { return true; // if user has permissions over type of object in the project } if ($group_ids && $group_ids != '') { //user belongs to at least one group $proj_perms = ProjectUsers::findAll(array('conditions' => array('project_id = ' . $object->getProject()->getId() . ' AND user_id in (' . $group_ids . ')'))); if ($proj_perms) { foreach ($proj_perms as $perm) { if (can_manage_type(get_class($object->manager()), $perm, $access_level)) { return true; } // if any group has permissions over type of object in the project } } } } } else { // handle object in multiple workspaces $user_id = $user->getId(); if ($object->getCreatedById() == $user_id) { return true; // the user is the creator of the object } if ($object instanceof MailContent) { $acc = MailAccounts::findById($object->getAccountId()); if (!$acc instanceof MailAccount) { return false; // it's an email with no account and not created by the user } else { if ($access_level == ACCESS_LEVEL_READ && $acc->canView($user) || $access_level == ACCESS_LEVEL_WRITE && $acc->canDelete($user)) { return true; } } } $perms = ObjectUserPermissions::getAllPermissionsByObject($object, $user->getId()); if ($perms && is_array($perms)) { //if the permissions for the user in the object are specially set return has_access_level($perms[0], $access_level); } $group_ids = GroupUsers::getGroupsCSVsByUser($user_id); if ($group_ids && $group_ids != '') { //user belongs to at least one group $perms = ObjectUserPermissions::getAllPermissionsByObject($object, $group_ids); if ($perms) { foreach ($perms as $perm) { if (has_access_level($perm, $access_level)) { return true; //there is one group permission that allows the user to access } } } } if ($object instanceof ProjectDataObject) { $ws = $object->getWorkspaces(); foreach ($ws as $w) { // if the object has a project assigned to it $proj_perm = ProjectUsers::findOne(array('conditions' => array('user_id = ? AND project_id = ? ', $user_id, $w->getId()))); if ($proj_perm && can_manage_type(get_class($object->manager()), $proj_perm, $access_level)) { return true; // if user has permissions over type of object in the project } if ($group_ids && $group_ids != '') { //user belongs to at least one group $proj_perms = ProjectUsers::findAll(array('conditions' => array('project_id = ' . $w->getId() . ' AND user_id in (' . $group_ids . ')'))); if ($proj_perms) { foreach ($proj_perms as $perm) { if (can_manage_type(get_class($object->manager()), $perm, $access_level)) { return true; } // if any group has permissions over type of object in the project } } } } } } } catch (Exception $e) { tpl_assign('error', $e); return false; } return false; }
/** * Check if this user is part of specific project * * @param Project $project * @return boolean */ function isProjectUser(Project $project) { if (!isset($this->is_project_user_cache[$project->getId()])) { $user_ids = $this->getId(); $group_ids = GroupUsers::getGroupsCSVsByUser($user_ids); if ($group_ids && $group_ids != '') { $user_ids = $user_ids . ',' . $group_ids; } $project_user = ProjectUsers::findOne(array('conditions' => '`user_id` in (' . $user_ids . ') AND ' . 'project_id =' . $project->getId())); // findById $this->is_project_user_cache[$project->getId()] = $project_user instanceof ProjectUser; } // if return $this->is_project_user_cache[$project->getId()]; }