/**
* _checkUserResourcePermission
* Check if user have access to all of the resources that trigger email record has defined
*
* We need to do this here, because currently API shuldn't be checking any user permission.
* Once user permission are being used in API, we can deprecate this function
*
* @param Array $record Associated array of the record
* @param User_API $user User API
*
* @return Boolean Returns TRUE if user have all permission, FALSE otherwise
*
* @todo deprecate this when API take account user permission
*/
private function _checkUserResourcePermission($record, $user)
{
// If admin, don't worry about evaluating permission
if ($user->Admin()) {
return true;
}
$error = false;
$userLists = $user->GetLists();
$userNewsletters = $user->GetNewsletters();
// Check if user have access to particular list
if ($record['triggertype'] == 'f' && isset($record['data']['listid']) && !array_key_exists($record['data']['listid'], $userLists)) {
trigger_error('Does not have access to contact list', E_USER_NOTICE);
$error = true;
}
// Check if user have access to particular newsletter specified for link
if ($record['triggertype'] == 'l' && isset($record['data']['linkid_newsletterid']) && !array_key_exists($record['data']['linkid_newsletterid'], $userNewsletters)) {
trigger_error('Does not have access to specified newsletter', E_USER_NOTICE);
$error = true;
}
// Check newsletter ID defined for "Newsletter Opened" event
if ($record['triggertype'] == 'n' && isset($record['data']['newsletterid']) && !array_key_exists($record['data']['newsletterid'], $userNewsletters)) {
trigger_error('Does not have access to specified newsletter', E_USER_NOTICE);
$error = true;
}
// Check if list IDs defined for static date exists
if ($record['triggertype'] == 's' && isset($record['data']['staticdate_listids'])) {
foreach ($record['data']['staticdate_listids'] as $each) {
if (!array_key_exists($each, $userLists)) {
trigger_error('Does not have access to specified list', E_USER_NOTICE);
$error = true;
break;
}
}
}
// ----- The following are required for "send" action
if (isset($record['triggeractions']['send']) && isset($record['triggeractions']['send']['enabled']) && $record['triggeractions']['send']['enabled']) {
if (isset($record['triggeractions']['send']['newsletterid']) && !array_key_exists($record['triggeractions']['send']['newsletterid'], $userNewsletters)) {
trigger_error('Newsletter does not exits', E_USER_NOTICE);
return false;
}
}
// -----
// ----- The following are required for "addlist" action
if (isset($record['triggeractions']['addlist']) && isset($record['triggeractions']['addlist']['enabled']) && $record['triggeractions']['addlist']['enabled']) {
if (isset($record['triggeractions']['addlist']['listid'])) {
foreach ($record['triggeractions']['addlist']['listid'] as $each) {
if (!array_key_exists($each, $userLists)) {
trigger_error('Does not have access to specified newsletter', E_USER_NOTICE);
$error = true;
break;
}
}
}
}
// -----
return !$error;
}
