public function getData(Vtiger_Request $request, $widget) { $db = PearDatabase::getInstance(); $fields = ['id', 'name', 'calculationsstatus', 'relatedid', 'hdnGrandTotal', 'assigned_user_id']; $limit = 10; $params = []; if (!empty($widget->get('limit'))) { $limit = $widget->get('limit'); } $calculationConfig = Settings_SalesProcesses_Module_Model::getConfig('calculation'); $calculationsStatus = $calculationConfig['calculationsstatus']; $currentUser = Users_Record_Model::getCurrentUserModel(); $module = 'Calculations'; $instance = CRMEntity::getInstance($module); $securityParameter = $instance->getUserAccessConditionsQuerySR($module, $currentUser); $queryGenerator = new QueryGenerator($module, $currentUser); $queryGenerator->setFields($fields); $sql = $queryGenerator->getQuery(); if ($securityParameter != '') { $sql .= $securityParameter; } if (!empty($calculationsStatus)) { $calculationsStatusSearch = implode("','", $calculationsStatus); $sql .= " AND vtiger_calculations.calculationsstatus NOT IN ('{$calculationsStatusSearch}')"; } $showtype = $request->get('showtype'); if ($showtype == 'common') { $shownersTable = Vtiger_SharedOwner_UIType::getShownerTable($module); $sql .= ' AND vtiger_crmentity.crmid IN (SELECT DISTINCT crmid FROM ' . $shownersTable . ' WHERE userid = ?'; } else { $sql .= ' AND vtiger_crmentity.smownerid = ?'; } $params[] = $currentUser->getId(); $sql .= ' LIMIT ' . $limit; $result = $db->pquery($sql, $params); $returnData = array(); for ($i = 0; $i < $db->num_rows($result); $i++) { $returnData[] = $db->query_result_rowdata($result, $i); } return $returnData; }
function handleEvent($eventName, $entityData) { if ($eventName == 'vtiger.entity.aftersave.final' && vglobal('shared_owners') == true) { $moduleName = $entityData->getModuleName(); $recordId = $entityData->getId(); $vtEntityDelta = new VTEntityDelta(); $delta = $vtEntityDelta->getEntityDelta($moduleName, $recordId, true); if (array_key_exists('assigned_user_id', $delta)) { $usersUpadated = TRUE; $oldValue = Vtiger_Functions::getArrayFromValue($delta['assigned_user_id']['oldValue']); $currentValue = Vtiger_Functions::getArrayFromValue($delta['assigned_user_id']['currentValue']); $addUsers = $currentValue; $removeUser = array_diff($oldValue, $currentValue); Users_Privileges_Model::setSharedOwnerRecursively($recordId, $addUsers, $removeUser, $moduleName); } } if ($eventName == 'vtiger.entity.link.after' && vglobal('shared_owners') == true && Vtiger_Processes_Model::getConfig('sales', 'popup', 'update_shared_permissions') == 'true') { $destinationModule = ['Products', 'Services']; if ($entityData['sourceModule'] == 'Potentials' && in_array($entityData['destinationModule'], $destinationModule)) { $db = PearDatabase::getInstance(); $sourceRecordId =& $entityData['sourceRecordId']; $destinationRecordId =& $entityData['destinationRecordId']; $recordMetaData = Vtiger_Functions::getCRMRecordMetadata($sourceRecordId); $shownerIds = Vtiger_SharedOwner_UIType::getSharedOwners($sourceRecordId, $entityData['sourceModule']); $shownerIds[] = $recordMetaData['smownerid']; $shownerIds = array_unique($shownerIds); $usersExist = []; $shownersTable = Vtiger_SharedOwner_UIType::getShownerTable($entityData['destinationModule']); $result = $db->pquery('SELECT crmid, userid FROM ' . $shownersTable . ' WHERE userid IN(' . implode(',', $shownerIds) . ') AND crmid = ?', [$destinationRecordId]); while ($row = $db->getRow($result)) { $usersExist[$row['crmid']][$row['userid']] = true; } foreach ($shownerIds as $userId) { if (!isset($usersExist[$destinationRecordId][$userId])) { $db->insert($shownersTable, ['crmid' => $destinationRecordId, 'userid' => $userId]); } } } } }
/** * Function to get set Shared Owner Recursively */ public static function setSharedOwnerRecursively($recordId, $addUser, $removeUser, $moduleName) { $log = vglobal('log'); $db = PearDatabase::getInstance(); $log->info('Entering Into setSharedOwnerRecursively( ' . $recordId . ', ' . $moduleName . ')'); $recordsByModule = self::getSharedRecordsRecursively($recordId, $moduleName); if (count($recordsByModule) === 0) { $log->info('Exiting setSharedOwnerRecursively() - No shared records'); return false; } $removeUserString = $addUserString = false; if (count($removeUser) > 0) { $removeUserString = implode(',', $removeUser); } if (count($addUser) > 0) { $addUserString = implode(',', $addUser); } foreach ($recordsByModule as $parentModuleName => &$records) { $sqlRecords = implode(',', $records); $shownersTable = Vtiger_SharedOwner_UIType::getShownerTable($parentModuleName); if ($removeUserString !== false) { $db->delete($shownersTable, 'userid IN(' . $removeUserString . ') AND crmid IN (' . $sqlRecords . ')'); } if ($addUserString !== false) { $usersExist = []; $result = $db->query('SELECT crmid, userid FROM ' . $shownersTable . ' WHERE userid IN(' . $addUserString . ') AND crmid IN (' . $sqlRecords . ')'); while ($row = $db->getRow($result)) { $usersExist[$row['crmid']][$row['userid']] = true; } foreach ($records as &$record) { foreach ($addUser as $userId) { if (!isset($usersExist[$record][$userId])) { $db->insert($shownersTable, ['crmid' => $record, 'userid' => $userId]); } } } } } $log->info('Exiting setSharedOwnerRecursively()'); }
/** * * @param mixed $value * @param String $operator * @param WebserviceField $field */ private function getConditionValue($value, $operator, $field) { $operator = strtolower($operator); $db = PearDatabase::getInstance(); $inEqualityFieldTypes = ['currency', 'percentage', 'double', 'integer', 'number']; if (is_string($value) && $this->ignoreComma == false) { $commaSeparatedFieldTypes = ['picklist', 'multipicklist', 'owner', 'date', 'datetime', 'time', 'tree', 'sharedOwner', 'sharedOwner']; if (in_array($field->getFieldDataType(), $commaSeparatedFieldTypes)) { $valueArray = explode(',', $value); if ($field->getFieldDataType() == 'multipicklist' && in_array($operator, ['e', 'n'])) { $valueArray = getCombinations($valueArray); foreach ($valueArray as $key => $value) { $valueArray[$key] = ltrim($value, ' |##| '); } } } else { if ($field->getFieldDataType() == 'multiReferenceValue') { $valueArray = explode(',', $value); foreach ($valueArray as $key => $value) { $valueArray[$key] = '|#|' . $value . '|#|'; } } else { $valueArray = [$value]; } } } elseif (is_array($value)) { $valueArray = $value; } else { $valueArray = [$value]; } $sql = array(); if ($operator == 'between' || $operator == 'bw' || $operator == 'notequal') { if ($field->getFieldName() == 'birthday') { $valueArray[0] = getValidDBInsertDateTimeValue($valueArray[0]); $valueArray[1] = getValidDBInsertDateTimeValue($valueArray[1]); $sql[] = "BETWEEN DATE_FORMAT(" . $db->quote($valueArray[0]) . ", '%m%d') AND " . "DATE_FORMAT(" . $db->quote($valueArray[1]) . ", '%m%d')"; } else { if ($this->isDateType($field->getFieldDataType())) { $start = explode(' ', $valueArray[0]); $end = explode(' ', $valueArray[1]); if ($operator == 'between' && count($start) == 2 && count($end) == 2) { $valueArray[0] = getValidDBInsertDateTimeValue($start[0] . ' ' . $start[1]); if ($start[0] == $end[0]) { $dateTime = new DateTime($valueArray[0]); $nextDay = $dateTime->modify('+1 days'); $nextDay = strtotime($nextDay->format('Y-m-d H:i:s')) - 1; $nextDay = date('Y-m-d H:i:s', $nextDay); $values = explode(' ', $nextDay); $valueArray[1] = getValidDBInsertDateTimeValue($values[0]) . ' ' . $values[1]; } else { $end = $valueArray[1]; $dateObject = new DateTimeField($end); $valueArray[1] = $dateObject->getDBInsertDateTimeValue(); } } else { $valueArray[0] = getValidDBInsertDateTimeValue($valueArray[0]); $dateTimeStart = explode(' ', $valueArray[0]); if ($dateTimeStart[1] == '00:00:00' && $operator != 'between') { $valueArray[0] = $dateTimeStart[0]; } $valueArray[1] = getValidDBInsertDateTimeValue($valueArray[1]); $dateTimeEnd = explode(' ', $valueArray[1]); if ($dateTimeEnd[1] == '00:00:00' || $dateTimeEnd[1] == '23:59:59') { $valueArray[1] = $dateTimeEnd[0]; } } } if ($operator == 'notequal') { $sql[] = "NOT BETWEEN " . $db->quote($valueArray[0]) . " AND " . $db->quote($valueArray[1]); } else { $sql[] = "BETWEEN " . $db->quote($valueArray[0]) . " AND " . $db->quote($valueArray[1]); } } return $sql; } foreach ($valueArray as $value) { if (!$this->isStringType($field->getFieldDataType())) { $value = trim($value); } if ($operator == 'empty' || $operator == 'y') { $sql[] = sprintf("IS NULL OR %s = ''", $this->getSQLColumn($field->getFieldName())); continue; } if ($operator == 'ny') { $sql[] = sprintf("IS NOT NULL AND %s != ''", $this->getSQLColumn($field->getFieldName())); continue; } if (strtolower(trim($value)) == 'null' || trim($value) == '' && !$this->isStringType($field->getFieldDataType()) && ($operator == 'e' || $operator == 'n')) { if ($operator == 'e') { $sql[] = "IS NULL"; continue; } $sql[] = "IS NOT NULL"; continue; } elseif ($field->getFieldDataType() == 'boolean') { $value = strtolower($value); if ($value == 'yes') { $value = 1; } elseif ($value == 'no') { $value = 0; } } elseif ($this->isDateType($field->getFieldDataType())) { // For "after" and "before" conditions $values = explode(' ', $value); if (($operator == 'a' || $operator == 'b') && count($values) == 2) { if ($operator == 'a') { // for after comparator we should check the date after the given $dateTime = new DateTime($value); $modifiedDate = $dateTime->modify('+1 days'); $nextday = $modifiedDate->format('Y-m-d H:i:s'); $temp = strtotime($nextday) - 1; $date = date('Y-m-d H:i:s', $temp); $value = getValidDBInsertDateTimeValue($date); } else { $dateTime = new DateTime($value); $prevday = $dateTime->format('Y-m-d H:i:s'); $temp = strtotime($prevday) - 1; $date = date('Y-m-d H:i:s', $temp); $value = getValidDBInsertDateTimeValue($date); } } else { $value = getValidDBInsertDateTimeValue($value); $dateTime = explode(' ', $value); if ($dateTime[1] == '00:00:00') { $value = $dateTime[0]; } } } else { if (in_array($field->getFieldDataType(), $inEqualityFieldTypes)) { $table = get_html_translation_table(HTML_ENTITIES, ENT_COMPAT, vglobal('default_charset')); $chars = implode('', array_keys($table)); if (preg_match("/[{$chars}]+/", $value) === 1) { if ($operator == 'g' || $operator == 'l') { $value = substr($value, 4); } else { if ($operator == 'h' || $operator == 'm') { $value = substr($value, 5); } } } } else { if ($field->getFieldDataType() === 'currency') { $uiType = $field->getUIType(); if ($uiType == 72) { $value = CurrencyField::convertToDBFormat($value, null, true); } elseif ($uiType == 71) { $value = CurrencyField::convertToDBFormat($value); } } } } if ($field->getFieldName() == 'birthday' && !$this->isRelativeSearchOperators($operator)) { $value = "DATE_FORMAT(" . $db->quote($value) . ", '%m%d')"; } else { $value = $db->sql_escape_string($value, true); } if ($field->getFieldDataType() == 'multiReferenceValue' && in_array($operator, ['e', 's', 'ew', 'c'])) { $sql[] = "LIKE '%{$value}%'"; continue; } else { if ($field->getFieldDataType() == 'multiReferenceValue' && in_array($operator, ['n', 'k'])) { $sql[] = "NOT LIKE '%{$value}%'"; continue; } } if (trim($value) == '' && ($operator == 's' || $operator == 'ew' || $operator == 'c') && ($this->isStringType($field->getFieldDataType()) || $field->getFieldDataType() == 'picklist' || $field->getFieldDataType() == 'multipicklist')) { $sql[] = "LIKE ''"; continue; } if (trim($value) == '' && $operator == 'om' && in_array($field->getFieldName(), $this->ownerFields)) { $sql[] = " = '" . Users_Record_Model::getCurrentUserModel()->get('id') . "'"; continue; } if ($field->getUIType() == 120) { $shownersTable = Vtiger_SharedOwner_UIType::getShownerTable($this->getModule()); if ($operator == 'om') { $sql[] = 'vtiger_crmentity.crmid IN (SELECT DISTINCT crmid FROM ' . $shownersTable . ' WHERE userid = ' . Users_Record_Model::getCurrentUserModel()->get('id') . ')'; } else { if (in_array($operator, ['e', 's', 'ew', 'c'])) { $sql[] = 'vtiger_crmentity.crmid IN (SELECT DISTINCT crmid FROM ' . $shownersTable . ' WHERE userid = ' . $value . ')'; } else { if (in_array($operator, ['n', 'k'])) { $sql[] = 'vtiger_crmentity.crmid NOT IN (SELECT DISTINCT crmid FROM ' . $shownersTable . ' WHERE userid = ' . $value . ')'; } } } continue; } if (trim($value) == '' && $operator == 'k' && $this->isStringType($field->getFieldDataType())) { $sql[] = "NOT LIKE ''"; continue; } $sqlOperatorData = $this->getSqlOperator($operator, $value); $sqlOperator = $sqlOperatorData[0]; $value = $sqlOperatorData[1]; if (!$this->isNumericType($field->getFieldDataType()) && ($field->getFieldName() != 'birthday' || $field->getFieldName() == 'birthday' && $this->isRelativeSearchOperators($operator))) { $value = "'{$value}'"; } if ($this->isNumericType($field->getFieldDataType()) && empty($value)) { $value = '0'; } $sql[] = "{$sqlOperator} {$value}"; } return $sql; }
function getUserAccessConditionsQuerySR($module, $current_user = false, $relatedRecord = false) { if ($current_user == false) { $current_user = vglobal('current_user'); } require 'user_privileges/user_privileges_' . $current_user->id . '.php'; require 'user_privileges/sharing_privileges_' . $current_user->id . '.php'; global $shared_owners; $is_admin = is_admin($current_user); $sharedParameter = $securityParameter = ''; $query = ''; $tabId = getTabid($module); if ($relatedRecord) { $role = getRoleInformation($current_user->roleid); if ($role['listrelatedrecord'] != 0) { $rparentRecord = Users_Privileges_Model::getParentRecord($relatedRecord, false, $role['listrelatedrecord']); if ($rparentRecord) { $relatedRecord = $rparentRecord; } $recordMetaData = Vtiger_Functions::getCRMRecordMetadata($relatedRecord); $recordPermission = Users_Privileges_Model::isPermitted($recordMetaData['setype'], 'DetailView', $relatedRecord); if (!$recordPermission) { throw new AppException('LBL_PERMISSION_DENIED'); } if ($recordMetaData['smownerid'] == $current_user->id) { return ''; } } } if ($is_admin == false && $profileGlobalPermission[1] == 1 && $profileGlobalPermission[2] == 1 && $defaultOrgSharingPermission[$tabId] == 3) { $securityParameter = $this->getUserAccessConditionsQuery($module, $current_user); $shownerid = array_merge([$current_user->id], $current_user_groups); $shownersTable = Vtiger_SharedOwner_UIType::getShownerTable($module); $sharedParameter .= 'vtiger_crmentity.crmid IN (SELECT DISTINCT crmid FROM ' . $shownersTable . ' WHERE userid IN (' . implode(',', $shownerid) . '))'; } if ($shared_owners == true) { if ($securityParameter != '') { $query .= " AND ( ({$securityParameter}) OR ({$sharedParameter}) )"; } elseif ($sharedParameter != '') { $query .= ' AND (' . $sharedParameter . ')'; } } else { $query .= $securityParameter; } return $query; }