static function addObjToSharingTable($oid, $tid, $obj_mem_ids)
 {
     $gids = array();
     $table_prefix = defined('FORCED_TABLE_PREFIX') && FORCED_TABLE_PREFIX ? FORCED_TABLE_PREFIX : TABLE_PREFIX;
     //1. clear sharing table for this object
     SharingTables::delete("object_id={$oid}");
     //2. get dimensions of this object's members that defines permissions
     $res = DB::execute("SELECT d.id as did FROM " . $table_prefix . "dimensions d INNER JOIN " . $table_prefix . "members m on m.dimension_id=d.id\r\n\t\t\t\tWHERE m.id IN ( SELECT member_id FROM " . $table_prefix . "object_members WHERE object_id = {$oid} AND is_optimization = 0 ) AND d.defines_permissions = 1");
     $dids_tmp = array();
     while ($row = $res->fetchRow()) {
         $dids_tmp[$row['did']] = $row['did'];
     }
     $res->free();
     $dids = array_values($dids_tmp);
     $dids_tmp = null;
     $sql_from = "" . $table_prefix . "contact_member_permissions cmp\r\n\t\tLEFT JOIN " . $table_prefix . "members m ON m.id = cmp.member_id\r\n\t\tLEFT JOIN " . $table_prefix . "dimensions d ON d.id = m.dimension_id";
     $member_where_conditions = "";
     $dim_where_conditions = "";
     // if users can add objects without classifying then check for permissions with member_id=0
     if (config_option('let_users_create_objects_in_root')) {
         $member_where_conditions = "member_id=0 OR ";
         $dim_where_conditions = " OR d.id IS NULL";
     }
     $sql_where = "({$member_where_conditions} member_id IN ( SELECT member_id FROM " . $table_prefix . "object_members WHERE object_id = {$oid} AND is_optimization = 0)) AND cmp.object_type_id = {$tid}";
     //3. If there are dimensions that defines permissions containing any of the object members
     if (count($dids)) {
         // 3.1 get permission groups with permissions over the object.
         $sql_fields = "permission_group_id  AS group_id";
         $sql = "\r\n\t\t\t\tSELECT\r\n\t\t\t\t{$sql_fields}\r\n\t\t\t\tFROM\r\n\t\t\t\t{$sql_from}\r\n\t\t\t\tWHERE\r\n\t\t\t\t{$sql_where} AND (d.id IN (" . implode(',', $dids) . ") {$dim_where_conditions})\r\n\t\t\t";
         $res = DB::execute($sql);
         $gids_tmp = array();
         while ($row = $res->fetchRow()) {
             $gids_tmp[$row['group_id']] = $row['group_id'];
         }
         $res->free();
         // allow all permission groups
         $allow_all_rows = DB::executeAll("SELECT DISTINCT permission_group_id FROM " . $table_prefix . "contact_dimension_permissions cdp\r\n\t\t\t\t\tINNER JOIN " . $table_prefix . "members m on m.dimension_id=cdp.dimension_id\r\n\t\t\t\t\tWHERE cdp.permission_type='allow all' AND cdp.dimension_id IN (" . implode(',', $dids) . ");");
         if (is_array($allow_all_rows)) {
             foreach ($allow_all_rows as $row) {
                 $gids_tmp[$row['permission_group_id']] = $row['permission_group_id'];
             }
         }
         $gids = array_values($gids_tmp);
         $gids_tmp = null;
         // check for mandatory dimensions
         $enabled_dimensions_sql = "";
         $enabled_dimensions_ids = implode(',', config_option('enabled_dimensions'));
         if ($enabled_dimensions_ids != "") {
             $enabled_dimensions_sql = "AND id IN ({$enabled_dimensions_ids})";
         }
         $mandatory_dim_ids = Dimensions::findAll(array('id' => true, 'conditions' => "`defines_permissions`=1 {$enabled_dimensions_sql} AND `permission_query_method`='" . DIMENSION_PERMISSION_QUERY_METHOD_MANDATORY . "'"));
         if (count($gids) > 0 && count($mandatory_dim_ids) > 0) {
             $sql = "SELECT om.member_id, m.dimension_id FROM " . $table_prefix . "object_members om\r\n\t\t\t\t\tINNER JOIN " . $table_prefix . "members m ON m.id=om.member_id INNER JOIN " . $table_prefix . "dimensions d ON d.id=m.dimension_id\r\n\t\t\t\t\tWHERE om.object_id = {$oid} AND om.is_optimization = 0 AND d.id IN (" . implode(",", $mandatory_dim_ids) . ")";
             // Object members in mandatory dimensions
             $object_member_ids_res = DB::executeAll($sql);
             $mandatory_dim_members = array();
             if (!is_null($object_member_ids_res)) {
                 foreach ($object_member_ids_res as $row) {
                     if (!isset($mandatory_dim_members[$row['dimension_id']])) {
                         $mandatory_dim_members[$row['dimension_id']] = array();
                     }
                     $mandatory_dim_members[$row['dimension_id']][] = $row['member_id'];
                 }
                 $mandatory_dim_allowed_pgs = array();
                 // Check foreach group that it has permissions over at least one member of each mandatory dimension
                 foreach ($mandatory_dim_members as $mdim_id => $mmember_ids) {
                     $sql = "SELECT pg.id FROM " . $table_prefix . "permission_groups pg\r\n\t\t\t\t\t\t\tINNER JOIN " . $table_prefix . "contact_dimension_permissions cdp ON cdp.permission_group_id=pg.id\r\n\t\t\t\t\t\t\tINNER JOIN " . $table_prefix . "contact_member_permissions cmp ON cmp.permission_group_id=pg.id\r\n\t\t\t\t\t\t\tWHERE cdp.dimension_id = '{$mdim_id}' AND (\r\n\t\t\t\t\t\t\tcdp.permission_type='allow all' OR cdp.permission_type='check' AND cmp.permission_group_id IN (" . implode(',', $gids) . ")\r\n\t\t\t\t\t\t\tAND cmp.member_id IN (" . implode(',', $mmember_ids) . ")\r\n\t\t\t\t\t\t)";
                     $permission_groups_res = DB::executeAll($sql);
                     $mandatory_dim_allowed_pgs[$mdim_id] = array();
                     if (!is_null($permission_groups_res)) {
                         foreach ($permission_groups_res as $row) {
                             if (!in_array($row['id'], $mandatory_dim_allowed_pgs[$mdim_id])) {
                                 $mandatory_dim_allowed_pgs[$mdim_id][] = $row['id'];
                             }
                         }
                     }
                 }
                 if (isset($mandatory_dim_allowed_pgs) && count($mandatory_dim_allowed_pgs) > 0) {
                     $original_mandatory_dim_allowed_pgs = $mandatory_dim_allowed_pgs;
                     $allowed_gids = array_pop($mandatory_dim_allowed_pgs);
                     foreach ($mandatory_dim_allowed_pgs as $pg_array) {
                         $allowed_gids = array_intersect($allowed_gids, $pg_array);
                     }
                     // If an user has permissions in one dim using a group and in other dim using his personal permissions then add to sharing table its personal permission group
                     $pg_ids = array_unique(array_flat($original_mandatory_dim_allowed_pgs));
                     if (count($pg_ids) == 0) {
                         $pg_ids[0] = 0;
                     }
                     $contact_pgs = array();
                     $contact_pg_rows = DB::executeAll("SELECT * FROM " . TABLE_PREFIX . "contact_permission_groups WHERE permission_group_id IN (" . implode(',', $pg_ids) . ") ORDER BY permission_group_id");
                     if (is_array($contact_pg_rows)) {
                         foreach ($contact_pg_rows as $cpgr) {
                             if (!isset($contact_pgs[$cpgr['contact_id']])) {
                                 $contact_pgs[$cpgr['contact_id']] = array();
                             }
                             $contact_pgs[$cpgr['contact_id']][] = $cpgr['permission_group_id'];
                         }
                     }
                     // each user must have at least one pg for every dimension
                     foreach ($contact_pgs as $contact_id => $permission_groups) {
                         $has_one = array_flip(array_keys($original_mandatory_dim_allowed_pgs));
                         foreach ($has_one as $k => &$v) {
                             $v = false;
                         }
                         foreach ($permission_groups as $pg_id) {
                             foreach ($original_mandatory_dim_allowed_pgs as $dim_id => $allowedpgs) {
                                 if (in_array($pg_id, $allowedpgs)) {
                                     $has_one[$dim_id] = true;
                                     break;
                                 }
                             }
                         }
                         // all dims must be true in this array to allow permissions
                         $has_permission = !in_array(false, $has_one);
                         if ($has_permission) {
                             $contact_row = DB::executeOne("SELECT permission_group_id FROM " . TABLE_PREFIX . "contacts where object_id = {$contact_id}");
                             if (is_array($contact_row) && $contact_row['permission_group_id'] > 0) {
                                 $allowed_gids[] = $contact_row['permission_group_id'];
                             }
                         }
                     }
                     $gids = array_unique($allowed_gids, SORT_NUMERIC);
                 } else {
                     $gids = array();
                 }
             }
         }
     } else {
         if ($obj_mem_ids) {
             // 3.2 No memeber dimensions defines permissions.
             // No esta en ninguna dimension que defina permisos, El objecto esta en algun lado
             // => En todas las dimensiones en la que está no definen permisos => Busco todos los grupos
             $gids = PermissionGroups::instance()->findAll(array('id' => true, 'conditions' => "type != 'roles'"));
         } else {
             // if this object is an email and it is unclassified => add to sharing table the permission groups of the users that have permissions in the email's account
             if (Plugins::instance()->isActivePlugin('mail')) {
                 $mail_ot = ObjectTypes::instance()->findByName('mail');
                 if ($mail_ot instanceof ObjectType && $tid == $mail_ot->getId()) {
                     $gids = array_flat(DB::executeAll("\r\n\t\t\t\t\t\t\tSELECT cpg.permission_group_id\r\n\t\t\t\t\t\t\tFROM " . TABLE_PREFIX . "contact_permission_groups cpg\r\n\t\t\t\t\t\t\tINNER JOIN " . TABLE_PREFIX . "contacts c ON c.permission_group_id=cpg.permission_group_id\r\n\t\t\t\t\t\t\tWHERE cpg.contact_id IN (\r\n\t\t\t\t\t\t\t  SELECT mac.contact_id FROM " . TABLE_PREFIX . "mail_account_contacts mac WHERE mac.account_id = (SELECT mc.account_id FROM " . TABLE_PREFIX . "mail_contents mc WHERE mc.object_id={$oid})\r\n\t\t\t\t\t\t\t);\r\n\t\t\t\t\t\t"));
                 }
             }
         }
     }
     if (count($gids)) {
         $stManager = SharingTables::instance();
         $stManager->populateGroups($gids, $oid);
         $gids = null;
     }
 }
 function clearSharingTable()
 {
     return SharingTables::delete("`object_id` = " . $this->getId());
 }
Пример #3
0
 /**
  * 
  * @author Ignacio Vazquez - elpepe.uy@gmail.com
  */
 function addToSharingTable()
 {
     $oid = $this->getId();
     $tid = $this->getObjectTypeId();
     $gids = array();
     $table_prefix = defined('FORCED_TABLE_PREFIX') && FORCED_TABLE_PREFIX ? FORCED_TABLE_PREFIX : TABLE_PREFIX;
     //1 clear sharing table for this object
     SharingTables::delete("object_id={$oid}");
     //2 get dimensions of this object's members that defines permissions
     $res = DB::execute("SELECT d.id as did FROM " . $table_prefix . "dimensions d INNER JOIN " . $table_prefix . "members m on m.dimension_id=d.id\n\t\t\tWHERE m.id IN ( SELECT member_id FROM " . $table_prefix . "object_members WHERE object_id = {$oid} AND is_optimization = 0 ) AND d.defines_permissions = 1");
     $dids_tmp = array();
     while ($row = $res->fetchRow()) {
         $dids_tmp[$row['did']] = $row['did'];
     }
     $res->free();
     $dids = array_values($dids_tmp);
     $dids_tmp = null;
     $sql_from = "" . $table_prefix . "contact_member_permissions cmp\n\t\t\tINNER JOIN " . $table_prefix . "members m ON m.id = cmp.member_id\n\t\t\tINNER JOIN " . $table_prefix . "dimensions d ON d.id = m.dimension_id";
     $sql_where = "member_id IN ( SELECT member_id FROM " . $table_prefix . "object_members WHERE object_id = {$oid} AND is_optimization = 0) AND cmp.object_type_id = {$tid}";
     //3 If there are dimensions that defines permissions containing any of the object members
     if (count($dids)) {
         // 3.1 get permission groups with permissions over the object.
         $sql_fields = "permission_group_id  AS group_id";
         $sql = "\n\t\t\t\tSELECT \n\t\t\t\t  {$sql_fields}\t\n\t\t\t\tFROM\n\t\t\t\t  {$sql_from}\n\t\t\t\tWHERE\n\t\t\t\t  {$sql_where} AND d.id IN (" . implode(',', $dids) . ")";
         $res = DB::execute($sql);
         $gids_tmp = array();
         while ($row = $res->fetchRow()) {
             $gids_tmp[$row['group_id']] = $row['group_id'];
         }
         $res->free();
         // allow all permission groups
         $allow_all_rows = DB::executeAll("SELECT DISTINCT permission_group_id FROM " . $table_prefix . "contact_dimension_permissions cdp \n\t\t\t\tINNER JOIN " . $table_prefix . "members m on m.dimension_id=cdp.dimension_id\n\t\t\t\tWHERE cdp.permission_type='allow all' AND cdp.dimension_id IN (" . implode(',', $dids) . ");");
         if (is_array($allow_all_rows)) {
             foreach ($allow_all_rows as $row) {
                 $gids_tmp[$row['permission_group_id']] = $row['permission_group_id'];
             }
         }
         $gids = array_values($gids_tmp);
         $gids_tmp = null;
     } else {
         if (count($this->getMemberIds()) > 0) {
             // 3.2 No memeber dimensions defines permissions.
             // No esta en ninguna dimension que defina permisos, El objecto esta en algun lado
             // => En todas las dimensiones en la que está no definen permisos => Busco todos los grupos
             $gids = PermissionGroups::instance()->findAll(array('id' => true));
         }
     }
     if (count($gids)) {
         $stManager = SharingTables::instance();
         $stManager->populateGroups($gids, $oid);
         $gids = null;
     }
 }
	/**
	 * 
	 * 
	 */
	function addToSharingTable() {
		$oid = $this->getId();
		$tid = $this->getObjectTypeId() ;
		$gids = array();
		
		$table_prefix = defined('FORCED_TABLE_PREFIX') && FORCED_TABLE_PREFIX ? FORCED_TABLE_PREFIX : TABLE_PREFIX;
		
		//1. clear sharing table for this object
		SharingTables::delete("object_id=$oid");
		
		//2. get dimensions of this object's members that defines permissions
		$res = DB::execute("SELECT d.id as did FROM ".$table_prefix."dimensions d INNER JOIN ".$table_prefix."members m on m.dimension_id=d.id
			WHERE m.id IN ( SELECT member_id FROM ".$table_prefix."object_members WHERE object_id = $oid AND is_optimization = 0 ) AND d.defines_permissions = 1");
		$dids_tmp = array();
		while ($row = $res->fetchRow() ) {
			$dids_tmp[$row['did']] = $row['did'] ;
		}
		$res->free();
		$dids = array_values($dids_tmp);
		$dids_tmp = null;
		
		$sql_from = "".$table_prefix."contact_member_permissions cmp
			INNER JOIN ".$table_prefix."members m ON m.id = cmp.member_id
			INNER JOIN ".$table_prefix."dimensions d ON d.id = m.dimension_id";
		
		$sql_where = "member_id IN ( SELECT member_id FROM ".$table_prefix."object_members WHERE object_id = $oid AND is_optimization = 0) AND cmp.object_type_id = $tid";

		//3. If there are dimensions that defines permissions containing any of the object members
		if ( count($dids) ){
			// 3.1 get permission groups with permissions over the object.
			$sql_fields = "permission_group_id  AS group_id";
			
			$sql = "
				SELECT 
				  $sql_fields	
				FROM
				  $sql_from
				WHERE
				  $sql_where AND d.id IN (". implode(',',$dids).")";
				 
			$res = DB::execute($sql);
			$gids_tmp = array();
			while ( $row = $res->fetchRow() ) {
				$gids_tmp[$row['group_id']] = $row['group_id'];
			}
			$res->free();
			
			// allow all permission groups
			$allow_all_rows = DB::executeAll("SELECT DISTINCT permission_group_id FROM ".$table_prefix."contact_dimension_permissions cdp 
				INNER JOIN ".$table_prefix."members m on m.dimension_id=cdp.dimension_id
				WHERE cdp.permission_type='allow all' AND cdp.dimension_id IN (". implode(',',$dids).");");
			
			if (is_array($allow_all_rows)) {
				foreach ($allow_all_rows as $row) {
					$gids_tmp[$row['permission_group_id']] = $row['permission_group_id'];
				}
			}
			
			$gids = array_values($gids_tmp);
			$gids_tmp = null;
			
			// check for mandatory dimensions
			$mandatory_dim_ids = Dimensions::findAll(array('id' => true, 'conditions' => "`defines_permissions`=1 AND `permission_query_method`='".DIMENSION_PERMISSION_QUERY_METHOD_MANDATORY."'"));
			if (count($gids) > 0 && count($mandatory_dim_ids) > 0) {
				$sql = "SELECT om.member_id, m.dimension_id FROM ".$table_prefix."object_members om 
				INNER JOIN ".$table_prefix."members m ON m.id=om.member_id INNER JOIN ".$table_prefix."dimensions d ON d.id=m.dimension_id 
				WHERE om.object_id = $oid AND om.is_optimization = 0 AND d.id IN (".implode(",", $mandatory_dim_ids).")";
				
				// Object members in mandatory dimensions
				$object_member_ids_res = DB::executeAll($sql);
				$mandatory_dim_members = array();
				if (!is_null($object_member_ids_res)) {
					foreach ($object_member_ids_res as $row) {
						if (!isset($mandatory_dim_members[$row['dimension_id']])) $mandatory_dim_members[$row['dimension_id']] = array();
						$mandatory_dim_members[$row['dimension_id']][] = $row['member_id'];
					}
					
					$mandatory_dim_allowed_pgs = array();
					// Check foreach group that it has permissions over at least one member of each mandatory dimension
					foreach ($mandatory_dim_members as $mdim_id => $mmember_ids) {
						$sql = "SELECT pg.id FROM ".$table_prefix."permission_groups pg
						INNER JOIN ".$table_prefix."contact_dimension_permissions cdp ON cdp.permission_group_id=pg.id
						INNER JOIN ".$table_prefix."contact_member_permissions cmp ON cmp.permission_group_id=pg.id
						WHERE cdp.dimension_id = '$mdim_id' AND (
							cdp.permission_type='allow all' OR cdp.permission_type='check' AND cmp.permission_group_id IN (".implode(',', $gids).")
							AND cmp.member_id IN (".implode(',', $mmember_ids).")
						)";
						
						$permission_groups_res = DB::executeAll($sql);
						$mandatory_dim_allowed_pgs[$mdim_id] = array();
						if (!is_null($permission_groups_res)) {
							foreach ($permission_groups_res as $row) {
								if (!in_array($row['id'], $mandatory_dim_allowed_pgs[$mdim_id])) $mandatory_dim_allowed_pgs[$mdim_id][] = $row['id'];
							}
						}
					}

					if (isset($mandatory_dim_allowed_pgs) && count($mandatory_dim_allowed_pgs) > 0) {
						$original_mandatory_dim_allowed_pgs = $mandatory_dim_allowed_pgs;
						$allowed_gids = array_pop($mandatory_dim_allowed_pgs);
						foreach ($mandatory_dim_allowed_pgs as $pg_array) {
							$allowed_gids = array_intersect($allowed_gids, $pg_array);
						}
						
						// If an user has permissions in one dim using a group and in other dim using his personal permissions then add to sharing table its personal permission group
						$pg_ids = array_unique(array_flat($original_mandatory_dim_allowed_pgs));
						$pgs_data = DB::executeAll("SELECT * FROM ".TABLE_PREFIX."permission_groups WHERE id IN (".implode(',',$pg_ids).")");
						$contact_pgs = array();
						$contact_pg_rows = DB::executeAll("SELECT * FROM ".TABLE_PREFIX."contact_permission_groups WHERE permission_group_id IN (".implode(',',$pg_ids).") ORDER BY permission_group_id");
						foreach ($contact_pg_rows as $cpgr) {
							if (!isset($contact_pgs[$cpgr['contact_id']])) $contact_pgs[$cpgr['contact_id']] = array();
							$contact_pgs[$cpgr['contact_id']][] = $cpgr['permission_group_id'];
						}
						
						// each user must have at least one pg for every dimension
						foreach ($contact_pgs as $contact_id => $permission_groups) {
							$has_one = array_flip(array_keys($original_mandatory_dim_allowed_pgs));
							foreach ($has_one as $k => &$v) $v = false;
							
							foreach ($permission_groups as $pg_id) {
								foreach ($original_mandatory_dim_allowed_pgs as $dim_id => $allowedpgs) {
									if (in_array($pg_id, $allowedpgs)) {
										$has_one[$dim_id] = true;
										break;
									}
								}
							}
							// all dims must be true in this array to allow permissions
							$has_permission = !in_array(false, $has_one);
							if ($has_permission) {
								$contact_row = DB::executeOne("SELECT permission_group_id FROM ".TABLE_PREFIX."contacts where object_id = $contact_id");
								if (is_array($contact_row) && $contact_row['permission_group_id'] > 0) {
									$allowed_gids[] = $contact_row['permission_group_id'];
								} 
							}
						}
						
						$gids = array_unique($allowed_gids, SORT_NUMERIC);
					} else {
						$gids = array();
					}
				}
			}
			
		}else { 
			if ( count($this->getMemberIds()) > 0 ) {
				// 3.2 No memeber dimensions defines permissions. 
				// No esta en ninguna dimension que defina permisos, El objecto esta en algun lado
				// => En todas las dimensiones en la que está no definen permisos => Busco todos los grupos
				$gids = PermissionGroups::instance()->findAll(array('id' => true));
			}
		}
		
		if(count($gids)) {
			$stManager = SharingTables::instance();
			$stManager->populateGroups($gids, $oid);
			$gids = null;
		} 
		
	}