function get_system_tabs() { global $moduleList; static $system_tabs_result = null; // if the value is not already cached, then retrieve it. if (empty($system_tabs_result) || !self::$isCacheValid) { $administration = Administration::getSettings('MySettings'); if (isset($administration->settings) && isset($administration->settings['MySettings_tab'])) { $tabs = $administration->settings['MySettings_tab']; $trimmed_tabs = trim($tabs); //make sure serialized string is not empty if (!empty($trimmed_tabs)) { // TODO: decode JSON rather than base64 $tabs = base64_decode($tabs); $tabs = unserialize($tabs); //Ensure modules saved in the prefences exist. foreach ($tabs as $id => $tab) { if (!in_array($tab, $moduleList)) { unset($tabs[$id]); } } $tabs = $this->get_key_array(SugarACL::filterModuleList($tabs, 'access', true)); $system_tabs_result = $tabs; } else { $system_tabs_result = $this->get_key_array($moduleList); } } else { $system_tabs_result = $this->get_key_array($moduleList); } self::$isCacheValid = true; } return $system_tabs_result; }
function getSearchViewSmarty($parentFieldArray, $vardef, $displayParams, $tabindex) { $form_name = 'search_form'; if (isset($displayParams['formName'])) { $form_name = $displayParams['formName']; } if (preg_match('/(_basic|_advanced)$/', $vardef['name'], $match)) { $vardef['type_name'] = $vardef['type_name'] . $match[1]; } $this->ss->assign('form_name', $form_name); $popup_request_data = array('call_back_function' => 'set_return', 'form_name' => $form_name, 'field_to_name_array' => array('id' => $vardef['id_name'], 'name' => $vardef['name'])); global $app_list_strings; $parent_types = $app_list_strings['record_type_display']; $disabled_parent_types = SugarACL::disabledModuleList($parent_types); foreach ($disabled_parent_types as $disabled_parent_type) { if ($disabled_parent_type != $focus->parent_type) { unset($parent_types[$disabled_parent_type]); } } $json = getJSONobj(); $displayParams['popupData'] = '{literal}' . $json->encode($popup_request_data) . '{/literal}'; $displayParams['disabled_parent_types'] = '<script>var disabledModules=' . $json->encode($disabled_parent_types) . ';</script>'; $this->setup($parentFieldArray, $vardef, $displayParams, $tabindex); return $this->fetch($this->findTemplate('SearchView')); }
function build() { //we will assume that if the ListView.html file exists we will want to use that one if (SugarAutoLoader::fileExists('modules/' . $this->module . '/ListView.html')) { $this->type = 1; $this->lv = new ListView(); $this->template = 'modules/' . $this->module . '/ListView.html'; } else { $metadataFile = SugarAutoLoader::loadWithMetafiles($this->module, 'listviewdefs'); if ($metadataFile) { require $metadataFile; } SugarACL::listFilter($this->module, $listViewDefs[$this->module], array("owner_override" => true)); $this->lv = new ListViewSmarty(); $displayColumns = array(); if (!empty($_REQUEST['displayColumns'])) { foreach (explode('|', $_REQUEST['displayColumns']) as $num => $col) { if (!empty($listViewDefs[$this->module][$col])) { $displayColumns[$col] = $listViewDefs[$this->module][$col]; } } } else { if (isset($listViewDefs[$this->module])) { foreach ($listViewDefs[$this->module] as $col => $params) { if (!empty($params['default']) && $params['default']) { $displayColumns[$col] = $params; } } } } $this->lv->displayColumns = $displayColumns; $this->type = 2; $this->template = 'include/ListView/ListViewGeneric.tpl'; } }
/** * Reset ACL cache * To be used when * @param string $module If empty, all ACL module caches are reset */ public static function resetACLs($module = null) { if ($module) { unset(self::$acls[$module]); } else { self::$acls = array(); } }
public function createRecord(ServiceBase $api, array $args) { if (!SugarACL::checkAccess('Forecasts', 'edit')) { throw new SugarApiExceptionNotAuthorized('No access to edit records for module: Forecasts'); } $obj = $this->getClass($args); return $obj->save(); }
function checkDashletDisplay() { if (!in_array($this->type, $GLOBALS['moduleList']) && !in_array($this->type, $GLOBALS['modInvisList']) && !in_array('Activities', $GLOBALS['moduleList'])) { $displayDashlet = false; } else { $displayDashlet = SugarACL::checkAccess($this->type, 'list', array("owner_override" => true)); } return $displayDashlet; }
public function setLegacyViewdefs() { global $current_language; $GLOBALS['mod_strings'] = return_module_language($current_language, $this->module); SugarACL::setACL($this->module, array(new SidecarMenuMetaDataUpgraderACL())); $module_menu = null; include $this->fullpath; if ($this->basename === 'globalControlLinks') { if (isset($global_control_links)) { $module_menu = $global_control_links; $this->deleteOld = false; } } SugarACL::resetACLs($this->module); $this->legacyViewdefs = $module_menu; }
/** * Forecast Worksheet Filter API Handler * * @param ServiceBase $api * @param array $args * @return array * @throws SugarApiExceptionNotAuthorized */ public function filterList(ServiceBase $api, array $args) { if (!SugarACL::checkAccess('Forecasts', 'list')) { throw new SugarApiExceptionNotAuthorized('No access to view records for module: Forecasts'); } // some local variables $found_assigned_user = false; $found_timeperiod = false; $found_type = false; // if filter is not defined, define it if (!isset($args['filter']) || !is_array($args['filter'])) { $args['filter'] = array(); } if (isset($args['filter'][0]['$tracker'])) { return array('next_offset' => -1, 'records' => array()); } // if there are filters set, process through them if (!empty($args['filter'])) { // todo-sfa: clean this up as it currently doesn't handle much in the way of nested arrays foreach ($args['filter'] as $key => $filter) { $filter_key = array_shift(array_keys($filter)); // if the key is assigned_user_id, take the value and save it for later if ($found_assigned_user == false && $filter_key == 'user_id') { $found_assigned_user = array_pop($filter); } // if the key is timeperiod_id, take the value, save it for later, and remove the filter if ($found_timeperiod == false && $filter_key == 'timeperiod_id') { $found_timeperiod = array_pop($filter); // remove the timeperiod_id unset($args['filter'][$key]); } if ($found_type == false && $filter_key == 'forecast_type') { $found_type = array_pop($filter); unset($args['filter'][$key]); } } } $args['filter'] = $this->createFilter($api, $found_assigned_user, $found_timeperiod, $found_type); return parent::filterList($api, $args); }
function get_body(&$ss, $vardef) { $modules = array(); require_once 'modules/ModuleBuilder/parsers/relationships/DeployedRelationships.php'; $relatableModules = array_keys(DeployedRelationships::findRelatableModules()); foreach ($relatableModules as $module) { $modules[$module] = translate('LBL_MODULE_NAME', $module); } $modules = SugarACL::filterModuleList($modules); unset($modules[""]); unset($modules['Activities']); // cannot relate to Activities as only Activities' submodules have records; use a Flex Relate instead! // tyoung bug 18631 - reduce potential confusion when creating a relate custom field for Products - actually points to the Product Catalog, so label it that way in the drop down list if (isset($modules['ProductTemplates']) && $modules['ProductTemplates'] == 'Product') { $modules['ProductTemplates'] = translate('LBL_MODULE_NAME', 'ProductTemplates'); } // C.L. - Merge from studio_rel_user branch $modules['Users'] = translate('LBL_MODULE_NAME', 'Users'); asort($modules); $ss->assign('modules', $modules); return $ss->fetch('modules/DynamicFields/templates/Fields/Forms/relate.tpl'); }
/** * This overrides the default retrieve function setting the default to encode to false */ function retrieve($id = '-1', $encode = false, $deleted = true) { $dashboard = parent::retrieve($id, false, $deleted); // Expand the metadata for processing. $metadata = json_decode($dashboard->metadata); // If we don't have a components in metadata for whatever reason, we're out, send back unchanged. if (!isset($metadata->components)) { return $dashboard; } $dirty = false; // Loop through the dashboard, drilling down to the dashlet level. foreach ($metadata->components as $component_key => $component) { foreach ($component->rows as $row_key => $row) { foreach ($row as $item_key => $item) { // Check if this user has access to the module upon which this dashlet is based. if (isset($item->context->module) && !SugarACL::checkAccess($item->context->module, 'access')) { // The user does not have access, remove the dashlet. unset($metadata->components[$component_key]->rows[$row_key][$item_key]); // Check if this row is now empty. if (count($metadata->components[$component_key]->rows[$row_key]) == 0) { // This row is now empty, remove it and mark the metadata as dirty. unset($metadata->components[$component_key]->rows[$row_key]); $dirty = true; } } } } } // Check if we've modified the metadata. if ($dirty) { // Loop through the rows re-assigning sequential array keys for dashboard display. foreach ($metadata->components as $key => $value) { $metadata->components[$key]->rows = array_values($metadata->components[$key]->rows); } } // Re-encode and save the metadata back to the dashboard object before returning it. $dashboard->metadata = json_encode($metadata); return $dashboard; }
/** * Sets up necessary visibility for a client. Not all clients will set this * * @return void */ public function setupVisibility() { // Add the necessary visibility and acl classes to the default bean list require_once 'modules/ACL/SugarACLSupportPortal.php'; $default_acls = SugarBean::getDefaultACL(); // This one overrides the Static ACL's, so disable that unset($default_acls['SugarACLStatic']); $default_acls['SugarACLStatic'] = false; $default_acls['SugarACLSupportPortal'] = true; SugarBean::setDefaultACL($default_acls); SugarACL::resetACLs(); $default_visibility = SugarBean::getDefaultVisibility(); $default_visibility['SupportPortalVisibility'] = true; SugarBean::setDefaultVisibility($default_visibility); $GLOBALS['log']->debug("Added SupportPortalVisibility to session."); }
/** * Check ACL access to certain view for this object * @param string $view * @param array $context * @return bool has access? */ public function ACLAccess($view, $context = null) { if (is_bool($context)) { // BC hack to accept owner override $context = array('owner_override' => $context); } if (empty($context) || $context == 'not_set') { $context = array(); } if (!isset($context['bean'])) { $context['bean'] = $this; } return SugarACL::checkAccess($this->getACLCategory(), $view, $context); }
$xtpl->assign('FROM_ADDR_NAME', $from['name']); $xtpl->assign('FROM_ADDR_EMAIL', $from['email']); $xtpl->assign('NAME', from_html($name)); //$xtpl->assign('DESCRIPTION_HTML', from_html($focus->description_html)); $xtpl->assign('DESCRIPTION', $focus->description); $xtpl->assign('TYPE', $email_type); // Unimplemented until jscalendar language files are fixed // $xtpl->assign('CALENDAR_LANG',((empty($cal_codes[$current_language])) ? $cal_codes[$default_language] : $cal_codes[$current_language])); $xtpl->assign('CALENDAR_LANG', 'en'); $xtpl->assign('CALENDAR_DATEFORMAT', $timedate->get_cal_date_format()); $xtpl->assign('DATE_START', $focus->date_start); $xtpl->assign('TIME_FORMAT', '(' . $timedate->get_user_time_format() . ')'); $xtpl->assign('TIME_START', substr($focus->time_start, 0, 5)); $xtpl->assign('TIME_MERIDIEM', $timedate->AMPMMenu('', $focus->time_start)); $parent_types = $app_list_strings['record_type_display']; $disabled_parent_types = SugarACL::disabledModuleList($parent_types); foreach ($disabled_parent_types as $disabled_parent_type) { if ($disabled_parent_type != $focus->parent_type) { unset($parent_types[$disabled_parent_type]); } } $xtpl->assign('TYPE_OPTIONS', get_select_options_with_id($parent_types, $focus->parent_type)); $xtpl->assign('USER_DATEFORMAT', '(' . $timedate->get_user_date_format() . ')'); $xtpl->assign('PARENT_NAME', $focus->parent_name); $xtpl->assign('PARENT_ID', $focus->parent_id); if (empty($focus->parent_type)) { $xtpl->assign('PARENT_RECORD_TYPE', ''); } else { $xtpl->assign('PARENT_RECORD_TYPE', $focus->parent_type); } if (is_admin($current_user) && $_REQUEST['module'] != 'DynamicLayout' && !empty($_SESSION['editinplace'])) {
function checkACLForEachColForFilter($filters, $full_table_list, $is_owner, $hasAccess) { if (!$hasAccess) { return false; } // if $i = 0; while (isset($filters[$i])) { $current_filter = $filters[$i]; if (isset($current_filter['operator'])) { $hasAccess = checkACLForEachColForFilter($current_filter, $full_table_list, $is_owner, $hasAccess); if ($hasAccess) { return $hasAccess; } // if } else { if (!empty($full_table_list[$current_filter['table_key']]['module'])) { $col_module = $full_table_list[$current_filter['table_key']]['module']; if (!SugarACL::checkField($col_module, $current_filter['name'], 'detail', $is_owner ? array('owner_override' => true) : array())) { return false; } // if } } $i++; } // while return $hasAccess; }
function getDashlets($category = '') { global $app_strings, $current_language, $mod_strings; require_once $GLOBALS['sugar_config']['cache_dir'] . 'dashlets/dashlets.php'; $categories = array('module' => 'Module Views', 'portal' => 'Portal', 'charts' => 'Charts', 'tools' => 'Tools', 'misc' => 'Miscellaneous', 'web' => 'Web'); $dashletStrings = array(); $dashletsList = array(); if (!empty($category)) { $dashletsList[$categories[$category]] = array(); } else { $dashletsList['Module Views'] = array(); $dashletsList['Charts'] = array(); $dashletsList['Tools'] = array(); $dashletsList['Web'] = array(); } asort($dashletsFiles); foreach ($dashletsFiles as $className => $files) { if (!empty($files['meta']) && SugarAutoLoader::fileExists($files['meta'])) { require_once $files['meta']; // get meta file $directory = substr($files['meta'], 0, strrpos($files['meta'], '/') + 1); foreach (SugarAutoLoader::existing($directory . $files['class'] . '.' . $current_language . '.lang.php', $directory . $files['class'] . '.en_us.lang.php') as $file) { require $file; } // try to translate the string if (empty($dashletStrings[$files['class']][$dashletMeta[$files['class']]['title']])) { $title = $dashletMeta[$files['class']]['title']; } else { $title = $dashletStrings[$files['class']][$dashletMeta[$files['class']]['title']]; } // try to translate the string if (empty($dashletStrings[$files['class']][$dashletMeta[$files['class']]['description']])) { $description = $dashletMeta[$files['class']]['description']; } else { $description = $dashletStrings[$files['class']][$dashletMeta[$files['class']]['description']]; } // generate icon if (!empty($dashletMeta[$files['class']]['icon'])) { // here we'll support image inheritance if the supplied image has a path in it // i.e. $dashletMeta[$files['class']]['icon'] = 'themes/default/images/dog.gif' // in this case, we'll strip off the path information to check for the image existing // in the current theme. $imageName = SugarThemeRegistry::current()->getImageURL(basename($dashletMeta[$files['class']]['icon']), false); if (!empty($imageName)) { if (sugar_is_file($imageName)) { $icon = '<img src="' . $imageName . '" alt="" border="0" align="absmiddle" />'; } else { $icon = ''; } } } else { if (empty($dashletMeta[$files['class']]['module'])) { $icon = get_dashlets_dialog_icon('default'); } else { if (!in_array($dashletMeta[$files['class']]['module'], $GLOBALS['moduleList']) && !in_array($dashletMeta[$files['class']]['module'], $GLOBALS['modInvisList']) && !in_array('Activities', $GLOBALS['moduleList'])) { unset($dashletMeta[$files['class']]); continue; } else { $icon = get_dashlets_dialog_icon($dashletMeta[$files['class']]['module']); } } } // determine whether to display if (!empty($dashletMeta[$files['class']]['hidden']) && $dashletMeta[$files['class']]['hidden'] === true) { $displayDashlet = false; } elseif (!empty($dashletMeta[$files['class']]['module']) && (!in_array($dashletMeta[$files['class']]['module'], $GLOBALS['moduleList']) && !in_array($dashletMeta[$files['class']]['module'], $GLOBALS['modInvisList'])) && !in_array('Activities', $GLOBALS['moduleList'])) { $displayDashlet = false; } else { $displayDashlet = true; //check ACL ACCESS if (!empty($dashletMeta[$files['class']]['module'])) { if (!SugarACL::checkAccess($dashletMeta[$files['class']]['module'], 'view', array('owner_override' => true))) { $displayDashlet = false; } if (!SugarACL::checkAccess($dashletMeta[$files['class']]['module'], 'list', array('owner_override' => true))) { $displayDashlet = false; } } } if ($dashletMeta[$files['class']]['category'] == 'Charts') { $type = 'predefined_chart'; } else { $type = 'module'; } if ($displayDashlet && isset($dashletMeta[$files['class']]['dynamic_hide']) && $dashletMeta[$files['class']]['dynamic_hide']) { if (SugarAutoLoader::fileExists($files['file'])) { require_once $files['file']; if (class_exists($files['class'])) { $dashletClassName = $files['class']; $displayDashlet = call_user_func(array($files['class'], 'shouldDisplay')); } } } if ($displayDashlet) { $cell = array('title' => $title, 'description' => $description, 'onclick' => 'return SUGAR.mySugar.addDashlet(\'' . $className . '\', \'' . $type . '\', \'' . (!empty($dashletMeta[$files['class']]['module']) ? $dashletMeta[$files['class']]['module'] : '') . '\');', 'icon' => $icon, 'id' => $files['class'] . '_select'); if (!empty($category) && $dashletMeta[$files['class']]['category'] == $categories[$category]) { array_push($dashletsList[$categories[$category]], $cell); } else { if (empty($category)) { array_push($dashletsList[$dashletMeta[$files['class']]['category']], $cell); } } } } } if (!empty($category)) { asort($dashletsList[$categories[$category]]); } else { foreach ($dashletsList as $key => $value) { asort($dashletsList[$key]); } } $this->dashlets = $dashletsList; }
function setup($file) { if (isset($this->_popupMeta)) { if (isset($this->_popupMeta['create']['formBase'])) { require_once 'modules/' . $this->seed->module_dir . '/' . $this->_popupMeta['create']['formBase']; $this->_create = true; } } if (!empty($this->_popupMeta['create'])) { $formBase = new $this->_popupMeta['create']['formBaseClass'](); if (isset($_REQUEST['doAction']) && $_REQUEST['doAction'] == 'save') { //If it's a new record, set useRequired to false $useRequired = empty($_REQUEST['id']) ? false : true; $formBase->handleSave('', false, $useRequired); } } $params = array(); if (!empty($this->_popupMeta['orderBy'])) { $params['orderBy'] = $this->_popupMeta['orderBy']; } $searchFields = SugarAutoLoader::loadSearchFields($this->module); $this->searchdefs[$this->module]['templateMeta']['maxColumns'] = 2; $this->searchdefs[$this->module]['templateMeta']['widths']['label'] = 10; $this->searchdefs[$this->module]['templateMeta']['widths']['field'] = 30; $this->searchForm->view = 'PopupSearchForm'; $this->searchForm->setup($this->searchdefs, $searchFields, 'SearchFormGenericAdvanced.tpl', 'advanced_search', $this->listviewdefs); $lv = new ListViewSmarty(); $displayColumns = array(); if (!empty($_REQUEST['displayColumns'])) { foreach (explode('|', $_REQUEST['displayColumns']) as $num => $col) { if (!empty($listViewDefs[$this->module][$col])) { $displayColumns[$col] = $this->listviewdefs[$this->module][$col]; } } } else { foreach ($this->listviewdefs[$this->module] as $col => $para) { if (!empty($para['default']) && $para['default']) { $displayColumns[$col] = $para; } } } $params['massupdate'] = true; if (!empty($_REQUEST['orderBy'])) { $params['orderBy'] = $_REQUEST['orderBy']; $params['overrideOrder'] = true; if (!empty($_REQUEST['sortOrder'])) { $params['sortOrder'] = $_REQUEST['sortOrder']; } } $lv->displayColumns = $displayColumns; $this->searchForm->lv = $lv; $this->searchForm->displaySavedSearch = false; SugarACL::listFilter($this->module, $this->searchForm->fieldDefs, array("owner_override" => true), array("use_value" => true, "suffix" => '_advanced', "add_acl" => true)); $this->searchForm->populateFromRequest('advanced_search'); $searchWhere = $this->_get_where_clause(); $this->searchColumns = $this->searchForm->searchColumns; //parent::setup($this->seed, $file, $searchWhere, $params, 0, -1, $this->filter_fields); $this->should_process = true; if (isset($params['export'])) { $this->export = $params['export']; } if (!empty($params['multiSelectPopup'])) { $this->multi_select_popup = $params['multiSelectPopup']; } if (!empty($params['massupdate']) && $params['massupdate'] != false) { $this->show_mass_update_form = true; $this->mass = new MassUpdate(); $this->mass->setSugarBean($this->seed); if (!empty($params['handleMassupdate']) || !isset($params['handleMassupdate'])) { $this->mass->handleMassUpdate(); } } // create filter fields based off of display columns if (empty($this->filter_fields) || $this->mergeDisplayColumns) { foreach ($this->displayColumns as $columnName => $def) { $this->filter_fields[strtolower($columnName)] = true; if (!empty($def['related_fields'])) { foreach ($def['related_fields'] as $field) { //id column is added by query construction function. This addition creates duplicates //and causes issues in oracle. #10165 if ($field != 'id') { $this->filter_fields[$field] = true; } } } if (!empty($this->seed->field_defs[strtolower($columnName)]['db_concat_fields'])) { foreach ($this->seed->field_defs[strtolower($columnName)]['db_concat_fields'] as $index => $field) { if (!isset($this->filter_fields[strtolower($field)]) || !$this->filter_fields[strtolower($field)]) { $this->filter_fields[strtolower($field)] = true; } } } } foreach ($this->searchColumns as $columnName => $def) { $this->filter_fields[strtolower($columnName)] = true; } } /** * Bug #46842 : The relate field field_to_name_array fails to copy over custom fields * By default bean's create_new_list_query function loads fields displayed on the page or used in the search * add fields used to populate forms from _viewdefs :: field_to_name_array to retrive from db */ if (isset($_REQUEST['field_to_name']) && $_REQUEST['field_to_name']) { $_REQUEST['field_to_name'] = is_array($_REQUEST['field_to_name']) ? $_REQUEST['field_to_name'] : array($_REQUEST['field_to_name']); foreach ($_REQUEST['field_to_name'] as $add_field) { $add_field = strtolower($add_field); if ($add_field != 'id' && !isset($this->filter_fields[$add_field]) && isset($this->seed->field_defs[$add_field])) { $this->filter_fields[$add_field] = true; } } } else { if (isset($_REQUEST['request_data'])) { $request_data = get_object_vars(json_decode(htmlspecialchars_decode($_REQUEST['request_data']))); $request_data['field_to_name'] = get_object_vars($request_data['field_to_name_array']); if (isset($request_data['field_to_name']) && is_array($request_data['field_to_name'])) { foreach ($request_data['field_to_name'] as $add_field) { $add_field = strtolower($add_field); if ($add_field != 'id' && !isset($this->filter_fields[$add_field]) && isset($this->seed->field_defs[$add_field])) { $this->filter_fields[$add_field] = true; } } } } } //check for team_set_count if (!empty($this->filter_fields['team_name']) && empty($this->filter_fields['team_count'])) { $this->filter_fields['team_count'] = true; $this->displayColumns['TEAM_NAME']['type'] = 'teamset'; $this->displayColumns['TEAM_NAME']['width'] = '2'; $this->displayColumns['TEAM_NAME']['label'] = 'LBL_LIST_TEAM'; unset($this->displayColumns['TEAM_NAME']['link']); //Add the team_id entry so that we can retrieve the team_id to display primary team $this->filter_fields['team_id'] = true; } if (!empty($_REQUEST['query']) || !empty($GLOBALS['sugar_config']['save_query']) && $GLOBALS['sugar_config']['save_query'] != 'populate_only') { $data = $this->lvd->getListViewData($this->seed, $searchWhere, 0, -1, $this->filter_fields, $params, 'id'); } else { $this->should_process = false; $data = array('data' => array(), 'pageData' => array('bean' => array('moduleDir' => $this->seed->module_dir), 'ordering' => '', 'offsets' => array('total' => 0, 'next' => 0, 'current' => 0))); } $this->fillDisplayColumnsWithVardefs(); $data = $this->setupHTMLFields($data); $this->process($file, $data, $this->seed->object_name); }
function get_list_view_data() { global $app_strings, $mod_strings; global $app_list_strings; global $current_user; global $focus; if (empty($this->exportable)) { $this->exportable = "0"; } $temp_array = parent::get_list_view_data(); $temp_array['NAME'] = $this->name == "" ? "<em>blank</em>" : $this->name; $temp_array['OUTPUT_DEFAULT'] = $app_list_strings['dataset_output_default_dom'][isset($this->output_default) && !empty($this->output_default) ? $this->output_default : 'table']; $temp_array['LIST_ORDER_Y'] = $this->list_order_y; $temp_array['EXPORTABLE'] = $this->exportable; $temp_array['HEADER'] = $this->header; $temp_array['QUERY_NAME'] = $this->query_name; $temp_array['REPORT_NAME'] = $this->report_name; if (SugarACL::checkAccess('DataSets', 'edit')) { $temp_array['UP_BUTTON'] = $this->getButton('uparrow_inline', 'LNK_UP', array('module' => 'DataSets', 'action' => 'Save', 'data_set_id' => $this->id, 'direction' => 'Up'), $focus); $temp_array['DOWN_BUTTON'] = $this->getButton('downarrow_inline', 'LNK_DOWN', array('module' => 'DataSets', 'action' => 'Save', 'data_set_id' => $this->id, 'direction' => 'Up'), $focus); $temp_array['EDIT_BUTTON'] = $this->getButton('edit_inline', 'LNK_EDIT', array('module' => 'DataSets', 'action' => 'EditView', 'record' => $this->id), $focus); } return $temp_array; }
/** * Get user access for the list of actions * * @param string $module * @param array $access_list List of actions * * @returns array - List of access levels. Access levels not returned are assumed to be "all allowed". */ public function getUserAccess($module, $access_list, $context) { if (!empty($this->parentModule)) { //Don't pass the context bean since it won't match the module. $parentContext = array('owner_override' => true); if (!empty($context['user'])) { $parentContext['user'] = $context['user']; } return SugarACL::getUserAccess($this->parentModule, $access_list, $parentContext); } return array(); }
function aSubPanel($name, $instance_properties, $parent_bean, $reload = false, $original_only = false, $forApi = false) { $this->_instance_properties = $instance_properties; $this->name = $name; $this->parent_bean = $parent_bean; //set language global $current_language; if (!isset($parent_bean->mbvardefs)) { $mod_strings = return_module_language($current_language, $parent_bean->module_dir); } $this->mod_strings = $mod_strings; if ($this->isCollection()) { $this->canDisplay = $this->load_sub_subpanels(); //load sub-panel definition. } else { if (!SugarAutoLoader::existing('modules/' . $this->_instance_properties['module'])) { $GLOBALS['log']->fatal("Directory for {$this->_instance_properties['module']} does not exist!"); } $def_path = array('modules/' . $this->_instance_properties['module'] . '/metadata/subpanels/' . $this->_instance_properties['subpanel_name'] . '.php'); if (!$original_only) { $def_path[] = 'custom/' . $def_path[0]; if (isset($this->_instance_properties['override_subpanel_name'])) { $def_path[] = 'custom/modules/' . $this->_instance_properties['module'] . '/metadata/subpanels/' . $this->_instance_properties['override_subpanel_name'] . '.php'; } } $loaded = false; foreach (SugarAutoLoader::existing($def_path) as $file) { require $file; $loaded = true; } if (!$loaded) { $defaultSubpanelFile = "modules/{$this->_instance_properties['module']}/metadata/subpanels/default.php"; if (!file_exists($defaultSubpanelFile)) { $GLOBALS['log']->fatal("Failed to load original or custom subpanel data for {$name} in " . join(DIRECTORY_SEPARATOR, $def_path)); $this->canDisplay = false; } else { require $defaultSubpanelFile; } } // load module info from the module's bean file $this->load_module_info(); // check that the loaded subpanel definition includes a $subpanel_layout section - some, such as // projecttasks/default do not... $this->panel_definition = array(); if (isset($subpanel_layout) && is_array($subpanel_layout)) { $this->set_panel_definition($subpanel_layout); if (!$forApi) { SugarACL::listFilter($this->_instance_properties['module'], $this->panel_definition['list_fields'], array("owner_override" => true)); } } } }
function getFormBody($prefix, $mod = '', $formname = '') { if (!ACLController::checkAccess('Accounts', 'edit', true)) { return ''; } global $mod_strings; $temp_strings = $mod_strings; if (!empty($mod)) { global $current_language; $mod_strings = return_module_language($current_language, $mod); } global $app_strings; global $current_user; $lbl_required_symbol = $app_strings['LBL_REQUIRED_SYMBOL']; $lbl_account_name = $mod_strings['LBL_ACCOUNT_NAME']; $lbl_phone = $mod_strings['LBL_PHONE']; $lbl_website = $mod_strings['LBL_WEBSITE']; $lbl_save_button_title = $app_strings['LBL_SAVE_BUTTON_TITLE']; $lbl_save_button_key = $app_strings['LBL_SAVE_BUTTON_KEY']; $lbl_save_button_label = $app_strings['LBL_SAVE_BUTTON_LABEL']; $user_id = $current_user->id; $form = <<<EOQ \t\t\t<p><input type="hidden" name="record" value=""> \t\t\t<input type="hidden" name="email1" value=""> \t\t\t<input type="hidden" name="email2" value=""> \t\t\t<input type="hidden" name="assigned_user_id" value='{$user_id}'> \t\t\t<input type="hidden" name="action" value="Save"> EOQ; if (SugarACL::checkField('Accounts', 'name', 'edit', array("owner_override" => true))) { $form .= "{$lbl_account_name} <span class='required'>{$lbl_required_symbol}</span><br><input name='name' type='text' value=''><br>"; } if (SugarACL::checkField('Accounts', 'phone_office', 'edit', array("owner_override" => true))) { $form .= "{$lbl_phone}<br><input name='phone_office' type='text' value=''><br>"; } if (SugarACL::checkField('Accounts', 'website', 'edit', array("owner_override" => true))) { $form .= "{$lbl_website}<br><input name='website' type='text' value='http://'><br>"; } $form .= '</p>'; $javascript = new javascript(); $javascript->setFormName($formname); $javascript->setSugarBean(BeanFactory::getBean('Accounts')); $javascript->addRequiredFields($prefix); $form .= $javascript->getScript(); $mod_strings = $temp_strings; return $form; }
function display($header = true) { global $theme, $timedate, $current_user; $header_txt = ''; $footer_txt = ''; $return_txt = ''; $this->th->ss->assign('module', $this->module); $this->th->ss->assign('action', $this->action); SugarACL::listFilter($this->module, $this->fieldDefs, array("owner_override" => true), array("use_value" => true, "suffix" => '_' . $this->parsedView, "add_acl" => true)); $this->th->ss->assign('displayView', $this->displayView); $this->th->ss->assign('APP', $GLOBALS['app_strings']); //Show the tabs only if there is more than one if ($this->nbTabs > 1) { $this->th->ss->assign('TABS', $this->_displayTabs($this->module . '|' . $this->displayView)); } $this->th->ss->assign('searchTableColumnCount', (isset($this->searchdefs['templateMeta']['maxColumns']) ? $this->searchdefs['templateMeta']['maxColumns'] : 2) * 2 - 1); $this->th->ss->assign('fields', $this->fieldDefs); $this->th->ss->assign('customFields', $this->customFieldDefs); $this->th->ss->assign('formData', $this->formData); $time_format = $timedate->get_user_time_format(); $this->th->ss->assign('TIME_FORMAT', $time_format); $this->th->ss->assign('USER_DATEFORMAT', $timedate->get_user_date_format()); $this->th->ss->assign('CALENDAR_FDOW', $current_user->get_first_day_of_week()); $date_format = $timedate->get_cal_date_format(); $time_separator = ":"; if (preg_match('/\\d+([^\\d])\\d+([^\\d]*)/s', $time_format, $match)) { $time_separator = $match[1]; } // Create Smarty variables for the Calendar picker widget $t23 = strpos($time_format, '23') !== false ? '%H' : '%I'; if (!isset($match[2]) || $match[2] == '') { $this->th->ss->assign('CALENDAR_FORMAT', $date_format . ' ' . $t23 . $time_separator . "%M"); } else { $pm = $match[2] == "pm" ? "%P" : "%p"; $this->th->ss->assign('CALENDAR_FORMAT', $date_format . ' ' . $t23 . $time_separator . "%M" . $pm); } $this->th->ss->assign('TIME_SEPARATOR', $time_separator); //Show and hide the good tab form foreach ($this->tabs as $tabkey => $viewtab) { $viewName = str_replace(array($this->module . '|', '_search'), '', $viewtab['key']); if (strpos($this->view, $viewName) !== false) { $this->tabs[$tabkey]['displayDiv'] = ''; //if this is advanced tab, use form with saved search sub form built in if ($viewName == 'advanced') { $this->tpl = 'SearchFormGenericAdvanced.tpl'; if ($this->action == 'ListView') { $this->th->ss->assign('DISPLAY_SEARCH_HELP', true); } $this->th->ss->assign('DISPLAY_SAVED_SEARCH', $this->displaySavedSearch); $this->th->ss->assign('SAVED_SEARCH', $this->displaySavedSearch()); //this determines whether the saved search subform should be rendered open or not if (isset($_REQUEST['showSSDIV']) && $_REQUEST['showSSDIV'] == 'yes') { $this->th->ss->assign('SHOWSSDIV', 'yes'); $this->th->ss->assign('DISPLAYSS', ''); } else { $this->th->ss->assign('SHOWSSDIV', 'no'); $this->th->ss->assign('DISPLAYSS', 'display:none'); } } } else { $this->tabs[$tabkey]['displayDiv'] = 'display:none'; } } $this->th->ss->assign('TAB_ARRAY', $this->tabs); $totalWidth = 0; if (isset($this->searchdefs['templateMeta']['widths']) && isset($this->searchdefs['templateMeta']['maxColumns'])) { $totalWidth = ($this->searchdefs['templateMeta']['widths']['label'] + $this->searchdefs['templateMeta']['widths']['field']) * $this->searchdefs['templateMeta']['maxColumns']; // redo the widths in case they are too big if ($totalWidth > 100) { $resize = 100 / $totalWidth; $this->searchdefs['templateMeta']['widths']['label'] = $this->searchdefs['templateMeta']['widths']['label'] * $resize; $this->searchdefs['templateMeta']['widths']['field'] = $this->searchdefs['templateMeta']['widths']['field'] * $resize; } } $this->th->ss->assign('templateMeta', $this->searchdefs['templateMeta']); $this->th->ss->assign('HAS_ADVANCED_SEARCH', !empty($this->searchdefs['layout']['advanced_search'])); $this->th->ss->assign('displayType', $this->displayType); // return the form of the shown tab only if ($this->showSavedSearchesOptions) { $this->th->ss->assign('SAVED_SEARCHES_OPTIONS', $this->displaySavedSearchSelect()); } if ($this->module == 'Documents') { $this->th->ss->assign('DOCUMENTS_MODULE', true); } $return_txt = $this->th->displayTemplate($this->seed->module_dir, 'SearchForm_' . $this->parsedView, $this->locateFile($this->tpl)); if ($header) { $this->th->ss->assign('return_txt', $return_txt); $header_txt = $this->th->displayTemplate($this->seed->module_dir, 'SearchFormHeader', $this->locateFile('header.tpl')); //pass in info to render the select dropdown below the form $footer_txt = $this->th->displayTemplate($this->seed->module_dir, 'SearchFormFooter', $this->locateFile('footer.tpl')); $return_txt = $header_txt . $footer_txt; } return $return_txt; }
/** * Check if module supports ACLs * @api * @param string $module * @return bool */ public function moduleSupportsACL($module) { // FIXME: add support for non-bean ACLs if (!isset($GLOBALS['beanList'][$module])) { return false; } // Always use ACLs via SugarACL return SugarACL::moduleSupportsACL($module); }
function get_list_view_data() { global $app_strings; global $mod_strings; $temp_array = $this->get_list_view_array(); $temp_array["ENCODED_NAME"] = $this->name; // $valid = $this->get_custom_results(true,false,false,true); //Always return Valid for now. This was done to prevent performance issues. $valid = array(); $valid['result'] = "Valid"; if ($valid['result'] == "Error") { if (isset($valid['result_type']) && $valid['result_type'] == "Child") { $temp_array["VALID"] = "<font color='blue'>" . $app_strings['LBL_QUERY_CHILD'] . "</font>"; } else { $temp_array["VALID"] = "<font color='red'>" . $app_strings['LBL_QUERY_ERROR'] . "</font>"; } } else { $temp_array["VALID"] = "<font color='green'>" . $app_strings['LBL_QUERY_VALID'] . "</font>"; } if (SugarACL::checkAccess($this->module_name, 'delete')) { $image = SugarThemeRegistry::current()->getImage('delete_inline', 'align="absmiddle" border="0"', null, null, '.gif', $app_strings['LNK_DELETE']); $url = 'index.php?' . http_build_query(array('module' => $this->module_name, 'action' => 'Delete', 'record' => $this->id, 'return_module' => $this->module_name, 'return_action' => 'index')); $url = htmlspecialchars($url); $temp_array['DELETE_BUTTON_INLINE'] = <<<BUTTON <form id="{$this->id}" method="post" action="{$url}"> <a class="listViewTdToolsS1" href="javascript:void(0);" onclick="if (confirm('{$mod_strings['NTC_DELETE_CONFIRMATION']}')) document.getElementById('{$this->id}').submit();">{$image} {$app_strings['LNK_REMOVE']}</a> </form> BUTTON; } if (SugarACL::checkAccess($this->module_name, 'edit')) { $url = 'index.php?' . http_build_query(array('module' => $this->module_name, 'action' => 'index', 'record' => $this->id, 'edit' => 'true')); $temp_array['LINK'] = '<a href="' . htmlspecialchars($url) . '">' . $temp_array['NAME'] . '</a>'; } else { $temp_array['LINK'] = $temp_array['NAME']; } return $temp_array; }
function parse_list_modules(&$listArray) { global $modListHeader; $returnArray = array(); foreach ($listArray as $optionName => $optionVal) { if (array_key_exists($optionName, $modListHeader)) { $returnArray[$optionName] = $optionVal; } // special case for products if (array_key_exists('Products', $modListHeader)) { $returnArray['ProductTemplates'] = $listArray['ProductTemplates']; } // special case for projects if (array_key_exists('Project', $modListHeader)) { $returnArray['ProjectTask'] = $listArray['ProjectTask']; } } $returnArray = SugarACL::filterModuleList($listArray, 'access', true); asort($returnArray); return $returnArray; }
/** * Gets a module list that is filtered by ACLs * * @param array $list List of modules for the application * @return array */ public function getFilteredModuleList($list) { $user = $this->getCurrentUser(); if (!empty($user->id) && !empty($GLOBALS['sugar_config']['roleBasedViews']) && !$this->public) { $list = SugarACL::filterModuleList($list); } return $list; }
function hasExportAccess($args = array()) { global $sugar_config, $current_user; // If reporter is not passed in just default to no access if (empty($args['reporter'])) { return false; } $is_owner = true; if (isset($args['reporter']->saved_report) && $args['reporter']->saved_report->assigned_user_id != $current_user->id) { $is_owner = false; } if (!empty($sugar_config['disable_export']) || $args['reporter']->report_def['report_type'] != 'tabular' || !SugarACL::checkAccess($args['reporter']->module, 'export', $is_owner ? array("owner_override" => true) : array()) || $sugar_config['admin_export_only'] && !$current_user->isAdminForModule($args['reporter']->module)) { // User does not have export access, return false return false; } // User has export access, return true return true; }
public function ACLFilter() { $GLOBALS['moduleList'] = SugarACL::filterModuleList($GLOBALS['moduleList'], 'access', true); }
$xtpl->assign('NAME', $focus->name); $xtpl->assign('TITLE', $focus->title); $xtpl->assign("DESCRIPTION", nl2br($focus->description)); $xtpl->assign("REPORT_ALIGN", $app_list_strings['report_align_dom'][$focus->report_align]); $xtpl->assign("TEAM", $focus->assigned_name); global $current_user; //if(is_admin($current_user) && $_REQUEST['module'] != 'DynamicLayout' && !empty($_SESSION['editinplace'])){ // $xtpl->assign("ADMIN_EDIT","<a href='index.php?action=index&module=DynamicLayout&from_action=".$_REQUEST['action'] ."&from_module=".$_REQUEST['module'] ."&record=".$_REQUEST['record']. "'>".SugarThemeRegistry::current()->getImage("EditLayout","border='0' align='bottom'",null,null,'.gif',$mod_strings['LBL_EDITLAYOUT'])."</a>"); //} // adding custom fields: require_once 'modules/DynamicFields/templates/Files/DetailView.php'; if (SugarACL::checkAccess('DataSets', 'edit')) { $xtpl->parse('edit_button'); $xtpl->assign('EDIT_BUTTON', $xtpl->text('edit_button')); } if (SugarACL::checkAccess('DataSets', 'delete')) { $xtpl->parse('delete_button'); $xtpl->assign('DELETE_BUTTON', $xtpl->text('delete_button')); } $xtpl->parse("main"); $xtpl->out("main"); //Show the datasets $old_contents = ob_get_contents(); ob_end_clean(); if ($sub_xtpl->var_exists('subpanel', 'SUBDATASETS')) { ob_start(); global $focus_list; $focus_list = $focus->get_data_sets("ORDER BY list_order_y ASC"); include 'modules/DataSets/SubPanelView.php'; echo "<BR>\n"; $subdatasets = ob_get_contents();
/** * Add a parent selection popup window * @param displayname Name to display in the popup window * @param field_name name of the field */ function addParent($displayname, $field) { global $app_strings, $app_list_strings; /////////////////////////////////////// /// /// SETUP POPUP $popup_request_data = array('call_back_function' => 'set_return', 'form_name' => 'MassUpdate', 'field_to_name_array' => array('id' => "parent_id", 'name' => "parent_name")); $json = getJSONobj(); $encoded_popup_request_data = $json->encode($popup_request_data); $qsName = array('form' => 'MassUpdate', 'method' => 'query', 'modules' => array("Accounts"), 'group' => 'or', 'field_list' => array('name', 'id'), 'populate_list' => array("mass_parent_name", "mass_parent_id"), 'conditions' => array(array('name' => 'name', 'op' => 'like_custom', 'end' => '%', 'value' => '')), 'limit' => '30', 'no_match_text' => $app_strings['ERR_SQS_NO_MATCH']); $qsName = $json->encode($qsName); // /////////////////////////////////////// $change_parent_button = "<span class='id-ff'><button title='" . $app_strings['LBL_SELECT_BUTTON_TITLE'] . "' type='button' class='button' value='" . $app_strings['LBL_SELECT_BUTTON_LABEL'] . "' name='button_parent_name' onclick='open_popup(document.MassUpdate.{$field['type_name']}.value, 600, 400, \"\", true, false, {$encoded_popup_request_data});'>\n\t\t\t" . SugarThemeRegistry::current()->getImage("id-ff-select", '', null, null, ".png", $app_strings['LBL_ID_FF_SELECT']) . "\n\t\t\t</button></span>"; $parent_type = $field['parent_type']; $parent_types = $app_list_strings[$parent_type]; $disabled_parent_types = SugarACL::disabledModuleList($parent_types); foreach ($disabled_parent_types as $disabled_parent_type) { unset($parent_types[$disabled_parent_type]); } $types = get_select_options_with_id($parent_types, ''); //BS Fix Bug 17110 $pattern = "#\n<OPTION.*" . $app_strings['LBL_NONE'] . '</OPTION>#'; $types = preg_replace($pattern, "", $types); // End Fix $json = getJSONobj(); $disabled_parent_types = $json->encode($disabled_parent_types); return <<<EOHTML <td width="15%" scope="row">{$displayname} </td> <td> <table width='100%' border='0' cellspacing='0' cellpadding='0'> <tr> <td valign='top'> <select name='{$field['type_name']}' id='mass_{$field['type_name']}'> {$types} </select> </td> <td valign='top'> \t\t\t<input name='{$field['id_name']}' id='mass_{$field['id_name']}' type='hidden' value=''> \t\t\t<input name='parent_name' id='mass_parent_name' class='sqsEnabled' autocomplete='off' type='text' value=''> {$change_parent_button} </td> </tr> </table> </td> <script type="text/javascript"> <!-- var disabledModules='{$disabled_parent_types}'; if(typeof sqs_objects == 'undefined'){ var sqs_objects = new Array; } sqs_objects['MassUpdate_parent_name'] = {$qsName}; registerSingleSmartInputListener(document.getElementById('mass_parent_name')); addToValidateBinaryDependency('MassUpdate', 'parent_name', 'alpha', false, '{$app_strings['ERR_SQS_NO_MATCH_FIELD']} {$app_strings['LBL_ASSIGNED_TO']}','parent_id'); document.getElementById('mass_{$field['type_name']}').onchange = function() { document.MassUpdate.parent_name.value=""; document.MassUpdate.parent_id.value=""; \tnew_module = document.forms["MassUpdate"].elements["parent_type"].value; \tif(typeof(disabledModules[new_module]) != 'undefined') { \t\tsqs_objects["MassUpdate_parent_name"]["disable"] = true; \t\tdocument.forms["MassUpdate"].elements["parent_name"].readOnly = true; \t} else { \t\tsqs_objects["MassUpdate_parent_name"]["disable"] = false; \t\tdocument.forms["MassUpdate"].elements["parent_name"].readOnly = false; \t} \tsqs_objects["MassUpdate_parent_name"]["modules"] = new Array(new_module); enableQS(false); checkParentType(document.MassUpdate.parent_type.value, document.MassUpdate.button_parent_name); } --> </script> EOHTML; }
global $action; // focus_list is the means of passing data to a SubPanelView. global $focus_list; global $current_user; $header_text = ''; //if(is_admin($current_user) && $_REQUEST['module'] != 'DynamicLayout' && !empty($_SESSION['editinplace'])){ // $header_text = " <a href='index.php?action=index&module=DynamicLayout&from_action=SubPanelView&from_module=Leads&record=". $_REQUEST['record']."'>".SugarThemeRegistry::current()->getImage("EditLayout","border='0' align='bottom'",null,null,'.gif',$mod_strings['LBL_EDIT_LAYOUT'])."</a>"; //} $button = "<table cellspacing='0' border='0' width='100%'><tr><td nowrap><form action='index.php' method='post' name='form' id='form'>\n"; $button .= "<input type='hidden' name='module' value='DataSets'>\n"; $button .= "<input type='hidden' name='return_module' value='" . $currentModule . "'>\n"; $button .= "<input type='hidden' name='return_action' value='" . $action . "'>\n"; $button .= "<input type='hidden' name='return_id' value='" . $focus->id . "'>\n"; $button .= "<input type='hidden' name='record' value=''>\n"; $button .= "<input type='hidden' name='action'>\n"; if (SugarACL::checkAccess('DataSets', 'create')) { $button .= "<input title='" . $mod_strings['LBL_NEW_BUTTON_TITLE'] . "' class='button' onclick=\"this.form.action.value='EditView'\" type='submit' name='button' value=' " . $mod_strings['LBL_NEW_BUTTON_LABEL'] . " '>\n"; } $button .= "<input title='" . $mod_strings['LBL_ADD_BUTTON_TITLE'] . "' class='button' onclick='return window.open(\"index.php?module=DataSets&action=Popup&form=AddDataSetEditView&form_submit=true\",\"test\",\"width=600,height=400,resizable=1,scrollbars=1\");' type='button' name='button' value=' " . $mod_strings['LBL_ADD_BUTTON_LABEL'] . " '>\n"; $button .= "</td></tr></form></table>\n"; $ListView = new ListView(); $ListView->initNewXTemplate('modules/DataSets/SubPanelView.html', $current_module_strings); $ListView->xTemplateAssign('UPARROW_INLINE', SugarThemeRegistry::current()->getImage('uparrow_inline', 'align="absmiddle" border="0"', null, null, '.gif', $mod_strings['LNK_UP'])); $ListView->xTemplateAssign('DOWNARROW_INLINE', SugarThemeRegistry::current()->getImage('downarrow_inline', 'align="absmiddle" border="0"', null, null, '.gif', $mod_strings['LNK_DOWN'])); $ListView->xTemplateAssign('DELETE_INLINE', SugarThemeRegistry::current()->getImage('delete_inline', 'align="absmiddle" border="0"', null, null, '.gif', $app_strings['LNK_DELETE'])); $ListView->xTemplateAssign('UPARROW_TEXT', $mod_strings['LNK_UP']); $ListView->xTemplateAssign('DOWNARROW_TEXT', $mod_strings['LNK_DOWN']); $ListView->xTemplateAssign('DELETE_TEXT', $app_strings['LNK_DELETE']); $ListView->xTemplateAssign('REPORT_ID', $focus->id); $ListView->setHeaderTitle($current_module_strings['LBL_MODULE_NAME'] . $header_text); $ListView->setHeaderText($button);