Пример #1
0
 /**
  * Returns true if the current user can view the event $event.
  * 
  * @param array $eventDate TimeIt_Model_EventDate as an array.
  * @param int   $level     ACCESS_* constant.
  *
  * @return boolean
  */
 public static function canViewEvent(array $eventDate, $level = ACCESS_READ)
 {
     $event = $eventDate['Event'];
     $groups = UserUtil::getGroupsForUser(UserUtil::getVar('uid'));
     // hack: Admins (group id 2 are in group 1(users) to)
     if (in_array(2, $groups)) {
         $groups[] = 1;
     }
     if ($event['group'] == 'all') {
         $groupId = null;
         // group irrelevant
     } else {
         $groupId = explode(',', $event['group']);
     }
     static $calendarCache = array();
     if (!isset($calendarCache[(int) $event['id']])) {
         // get calendar
         $calendarCache[(int) $event['id']] = $eventDate['Calendar'];
     }
     $calendar = $calendarCache[(int) $event['id']];
     // check permissions
     // hierarchy level 1: module itself
     if (!SecurityUtil::checkPermission('TimeIt::', '::', $level)) {
         return false;
     }
     // hierarchy level 2: calendar
     if (!SecurityUtil::checkPermission('TimeIt:Calendar:', $calendar['id'] . '::', $level)) {
         return false;
     }
     // hierarchy level 3: group
     if (!empty($groupId)) {
         $access = false;
         foreach ($groupId as $grpId) {
             if (in_array($grpId, $groups)) {
                 $access = true;
             }
         }
         if (!$access) {
             return false;
         }
     }
     // hierarchy level 5: timeit category permission
     if (count($event['__CATEGORIES__']) > 0) {
         $permissionOk = false;
         foreach ($event['__CATEGORIES__'] as $cat) {
             $cid = $cat;
             if (is_array($cat)) {
                 $cid = $cat['id'];
             }
             $permissionOk = SecurityUtil::checkPermission('TimeIt:Category:', $cid . "::", $level);
             if ($permissionOk) {
                 // user has got permission -> stop permission checks
                 $hasPermission = true;
                 break;
             }
         }
         if (!$hasPermission) {
             return false;
         }
     }
     // hierarchy level 6: zikula category permission
     if (ModUtil::getVar('TimeIt', 'filterByPermission', 0) && !CategoryUtil::hasCategoryAccess($event['__CATEGORIES__'], 'TimeIt', $level)) {
         return false;
     }
     // hierarchy level 7: event
     if (!SecurityUtil::checkPermission('TimeIt::Event', $event['id'] . '::', $level)) {
         return false;
     }
     // hierarchy level 8: contact list
     if (ModUtil::available('ContactList')) {
         // cache
         static $ignored = null;
         if ($ignored == null) {
             $ignored = ModUtil::apiFunc('ContactList', 'user', 'getallignorelist', array('uid' => UserUtil::getVar('uid')));
         }
         if ($calendar['friendCalendar']) {
             $buddys = ModUtil::apiFunc('ContactList', 'user', 'getBuddyList', array('uid' => $event['cr_uid']));
         }
         if ((int) $event['sharing'] == 4 && $event['cr_uid'] != UserUtil::getVar('uid')) {
             $buddyFound = false;
             foreach ($buddys as $buddy) {
                 if ($buddy['uid'] == UserUtil::getVar('uid')) {
                     $buddyFound = true;
                     break;
                 }
             }
             if (!$buddyFound) {
                 return false;
             }
         }
         $ignoredFound = false;
         foreach ($ignored as $ignore) {
             if ($ignore['iuid'] == $obj['cr_uid']) {
                 $ignoredFound = true;
                 break;
             }
         }
         if ($ignoredFound) {
             return false;
         }
     }
     return true;
 }
Пример #2
0
 /**
  * Simplify "in" & "out" file information. 
  *   
  * > The purpose is optimize insertion and deletion actions.\n
  * > For example, if file indicates that a user must be deleted from a group
  * > and added in the same group id, group id will be removed from "in" and "out" list.\n
  * > Filter non existent group ids. Aviod redundant information processing
  * 
  * @parameter array $args.
  * Array description:
  * * integer **uid** User id
  * * string **in** Group ids separated by "|". Group ids where user will be added.
  * * string **out** Group ids separated by "|". Group ids where user will be removed.
  * 
  * @return array 
  */
 public function optimizeGroups($args){
     $this->throwForbiddenUnless(SecurityUtil::checkPermission('IWusers::', '::', ACCESS_READ));
     $line = $args['data'];
     //Initialize vars
     $result = array();
     $result['in'] = null;
     $result['out'] = null;
             
     // All Zikula groups
     $allGroups = array_keys(UserUtil::getGroups());
     // User groups
     $usrGroups = UserUtil::getGroupsForUser($args['uid']); 
    
     if (array_key_exists('in', $line)) {
         // File contains "in" field
         // 1. Erase non exitent groups
         $clean_in = array_intersect($allGroups, explode('|', $line['in']));
         // 2. Mantain only new groups. Remove gid from list "in" if user already belongs to this group            
         $result['in'] = implode('|', array_diff($clean_in, $usrGroups));             
     } else {
         // Needed in "out" clean process
         $clean_in = array();
     }        
     if (array_key_exists('out', $line)) {
         // File contains "out" field
         $out = explode('|', $line['out']);
         // 1. Erase non exitent groups
         $clean_out = array_intersect($allGroups, explode('|', $line['out']));
         // 2. Only in "out" list gid that are not in "in" list
         $out = array_diff($clean_out, $clean_in);
         // 3. Only in "out" list gids where user is member
         $result['out'] = implode('|', array_intersect($out, $usrGroups));            
     }                
     return $result;
 }
Пример #3
0
    /** ???
     * Retorna els grups als quals pertany un usuari
     * @author: Albert Pérez Monfort (aperezm@xtec.cat)
     * @return: array amb els grups
     */
    public function getAllUserGroups($uid) {
        //Verificar permisos
        $this->throwForbiddenUnless(SecurityUtil::checkPermission('Cataleg::', '::', ACCESS_READ));
        /* $items = array();
          // argument needed
          if ($uid != null && is_numeric($uid)) {

          $table = DBUtil::getTables();
          $c = $table['group_membership_column'];
          $where = "$c[uid]=" . $uid;
          // get the objects from the db
          $items = DBUtil::selectObjectArray('group_membership', $where);

          // Check for an error with the database code, and if so set an appropriate
          // error message and return
          if ($items === false)
          return LogUtil::registerError($this->__('S\'ha produit una errada. L\'usuari no pertany a cap grup.'));
          // Return the items
          }
          return $items;
         * 
         */
        return UserUtil::getGroupsForUser(UserUtil::getVar('uid'));
    }
Пример #4
0
    /**
     * Edició d'un usuari del catàleg
     *
     * > Obre el formulari per a editar l'usuari triat amb les dades que tenia.
     *
     * ### Paràmetres rebuts per GET:
     * * integer **uid** uid de l'usuari triat.
     *

     * @return void Plantilla *Cataleg_admin_addeditUser.tpl* per a editar les dades
     */
    public function editUser() {
        if (!SecurityUtil::checkPermission('Cataleg::', '::', ACCESS_ADMIN)) {
            return LogUtil::registerPermissionError();
        }
        $gestor = (SecurityUtil::checkPermission('CatalegAdmin::', '::', ACCESS_ADMIN)) ? true : false;
        $uid = FormUtil::getPassedValue('uid', null, 'GET');
        $grupCat = ModUtil::apiFunc('Cataleg', 'admin', 'getgrupsZikula');
        $allGroupsUnits = ModUtil::apiFunc('Cataleg', 'admin', 'getAllGroupsUnits');
        $catUsersList = UserUtil::getUsersForGroup($grupCat['Sirius']);
        if (!in_array($uid, $catUsersList)) {
            LogUtil::registerError($this->__('No existeix cap usuari del catàleg amb l\'identificador indicat.'));
            return system::redirect(ModUtil::url('Cataleg', 'admin', 'usersgest'));
        }
        //Només els gestors-administradors poden editar altres gestors
        if (!SecurityUtil::checkPermission('CatalegAdmin::', '::', ACCESS_ADMIN)) {
            $gestorUsersList = UserUtil::getUsersForGroup($grupCat['Gestors']);
            if (in_array($uid, $gestorUsersList)) {
                LogUtil::registerError($this->__('Només els gestors-administradors poden editar altres gestors.'));
                return system::redirect(ModUtil::url('Cataleg', 'admin', 'usersgest'));
            }
        }
        $user = UserUtil::getVars($uid);
        $user['iw'] = DBUtil::selectObject('IWusers', 'iw_uid = ' . $uid);
        $user['pw'] = (DBUtil::selectField('users','pass','uid = '.$uid) != '' ? true: false);
        $grups = UserUtil::getGroupsForUser($uid);
        $uni = array();
        foreach ($grups as $grup) {
            ($grupCat['Generics'] == $grup) ? $gr['Generics'] = 1 : false;
            ($grupCat['Personals'] == $grup) ? $gr['Personals'] = 1 : false;
            ($grupCat['Gestform'] == $grup) ? $gr['Gestform'] = 1 : false;
            ($grupCat['LectorsCat'] == $grup) ? $gr['LectorsCat'] = 1 : false;
            ($grupCat['EditorsCat'] == $grup) ? $gr['EditorsCat'] = 1 : false;
            ($grupCat['Gestors'] == $grup) ? $gr['Gestors'] = 1 : false;
            ($grupCat['Odissea'] == $grup) ? $gr['Odissea'] = 1 : false;
            ($grupCat['Cert'] == $grup) ? $gr['Cert'] = 1 : false;
            ($grupCat['gA'] == $grup) ? $gr['gA'] = 1 : false;
            ($grupCat['gB'] == $grup) ? $gr['gB'] = 1 : false;
            if (isset($allGroupsUnits[$grup])) {
                $uni[$grup]['gid'] = $grup;
                $uni[$grup]['name'] = $allGroupsUnits[$grup]['name'];
            }
        }
        $user['gr'] = $gr;
        $user['uni'] = $uni;
        $minpass = ModUtil::getVar('Users', 'minpass');
        $gtafInfo = ModUtil::apiFunc($this->name,'admin','getGtafInfo');
        $this->view->assign('gtafInfo',$gtafInfo);
        $this->view->assign('edit', true);
        $this->view->assign('minpass', $minpass);
        $this->view->assign('gestor', $gestor);
        $this->view->assign('user', $user);
        $this->view->assign('grupCat', $grupCat);
        $this->view->assign('allGroupsUnits', $allGroupsUnits);
        return $this->view->fetch('admin/Cataleg_admin_addeditUser.tpl');
    }