public function execute()
 {
     $system = wa();
     $datetime = $system->getDateTime();
     $user = $this->getUser()->getRights('contacts', 'backend');
     $admin = $user >= 2;
     $cr = new contactsRightsModel();
     if (!empty($this->params['limited_own_profile'])) {
         $this->id = wa()->getUser()->getId();
         $this->view->assign('limited_own_profile', true);
         $this->view->assign('save_url', '?module=profile&action=save');
         $this->view->assign('password_save_url', '?module=profile&action=password');
         $this->view->assign('save_geocoords_url', '?module=profile&action=saveGeocoords');
         $this->view->assign('photo_upload_url', '?module=profile&action=tmpimage');
         $this->view->assign('photo_editor_url', '?module=profile&action=photo');
         $this->view->assign('photo_editor_uploaded_url', '?module=profile&action=photo&uploaded=1');
     } else {
         $this->id = (int) waRequest::get('id');
         if (empty($this->id)) {
             throw new waException('No id specified.');
         }
         $r = $cr->getRight(null, $this->id);
         //var_dump($r );exit;
         if (!$r) {
             throw new waRightsException(_w('Access denied'));
         } else {
             $this->view->assign('readonly', $r === 'read');
         }
     }
     $exists = $this->getContactInfo();
     if ($exists) {
         $this->getUserInfo();
         $this->view->assign('last_view_context', $this->getLastViewContext());
         // collect data from other applications to show in tabs
         if (empty($this->params['limited_own_profile'])) {
             $links = array();
             foreach (wa()->event('profile.tab', $this->id) as $app_id => $one_or_more_links) {
                 if (!isset($one_or_more_links['html'])) {
                     $i = '';
                     foreach ($one_or_more_links as $link) {
                         $key = isset($link['id']) ? $link['id'] : $app_id . $i;
                         $links[$key] = $link;
                         $i++;
                     }
                 } else {
                     $key = isset($one_or_more_links['id']) ? $one_or_more_links['id'] : $app_id;
                     $links[$key] = $one_or_more_links;
                 }
             }
             $this->view->assign('links', $links);
         }
         // tab to open by default
         $this->view->assign('tab', waRequest::get('tab'));
         $this->view->assign('admin', $admin);
         $this->view->assign('superadmin', $admin && $this->getUser()->getRights('webasyst', 'backend'));
         $this->view->assign('current_user_id', wa()->getUser()->getId());
         $this->view->assign('can_edit', $cr->getRight(null, $this->id));
         // Update history
         if (empty($this->params['limited_own_profile'])) {
             $name = $this->contact->get('name');
             if ($name || $name === '0') {
                 $history = new contactsHistoryModel();
                 $history->save('/contact/' . $this->id, $name);
             }
             // Update history in user's browser
             $historyModel = new contactsHistoryModel();
             $this->view->assign('history', $historyModel->get());
         }
         $this->view->assign('wa_view', $this->view);
         $this->view->assign('access_disable_msg', contactsHelper::getAccessDisableMsg($this->contact));
         $this->view->assign('my_url', wa()->getRootUrl(true) . 'my/');
         $this->view->assign('backend_url', wa()->getRootUrl(true) . wa()->getConfig()->getBackendUrl(false) . '/');
         $this->view->assign('static_url', wa()->getAppStaticUrl('contacts'));
     }
     $this->view->assign('exists', $exists);
     if ($this->getRequest()->request('standalone')) {
         /**
          * Include plugins js and css
          * @event backend_assets
          * @return array[string]string $return[%plugin_id%]
          */
         $this->view->assign('backend_assets', wa()->event('backend_assets'));
     }
     $auth = wa()->getAuthConfig();
     $this->view->assign('personal_portal_available', !empty($auth['app']));
     /*
      * @event backend_contact_info
      * @return array[string]array $return[%plugin_id%] array of html output
      * @return array[string][string]string $return[%plugin_id%]['after_header'] html output
      * @return array[string][string]string $return[%plugin_id%]['header'] html output
      * @return array[string][string]string $return[%plugin_id%]['before_header'] html output
      * @return array[string][string]string $return[%plugin_id%]['before_top'] html output
      * @return array[string][string]string $return[%plugin_id%]['top'] html output
      * @return array[string][string]string $return[%plugin_id%]['after_top'] html output
      * @return array[string][string]string $return[%plugin_id%]['photo'] html output
      */
     $backend_contact_info_params = array('contact_id' => $this->id);
     $this->view->assign('backend_contact_info', wa()->event('backend_contact_info', $backend_contact_info_params));
 }
 public function execute()
 {
     // only allowed to global admin
     if (!wa()->getUser()->getRights('webasyst', 'backend')) {
         throw new waRightsException('Access denied.');
     }
     $app_id = waRequest::post('app_id');
     $name = waRequest::post('name');
     $value = (int) waRequest::post('value');
     $contact_id = waRequest::get('id');
     $has_backend_access_old = $this->hasBackendAccess($contact_id);
     if (!$name && !$value) {
         $values = waRequest::post('app');
         if (!is_array($values)) {
             throw new waException('Bad values for access rights.');
         }
     } else {
         $values = array($name => $value);
     }
     $right_model = new waContactRightsModel();
     $is_admin = $right_model->get($contact_id, 'webasyst', 'backend', false);
     if ($is_admin && $app_id != 'webasyst') {
         throw new waException('Cannot change application rights for global admin.');
     }
     // If $contact_id used to have limited access and we're changing global admin privileges,
     // then need to notify all applications to remove their custom access records.
     if (!$is_admin && $app_id == 'webasyst' && $name == 'backend') {
         foreach (wa()->getApps() as $aid => $app) {
             try {
                 if (isset($app['rights']) && $app['rights']) {
                     $app_config = SystemConfig::getAppConfig($aid);
                     $class_name = $app_config->getPrefix() . "RightConfig";
                     $file_path = $app_config->getAppPath('lib/config/' . $class_name . ".class.php");
                     $right_config = null;
                     if (!file_exists($file_path)) {
                         continue;
                     }
                     waSystem::getInstance($aid, $app_config);
                     include_once $file_path;
                     /**
                      * @var waRightConfig
                      */
                     $right_config = new $class_name();
                     $right_config->clearRights($contact_id);
                 }
             } catch (Exception $e) {
                 // silently ignore other applications errors
             }
         }
     }
     // Update $app_id access records
     $app_config = SystemConfig::getAppConfig($app_id);
     $class_name = $app_config->getPrefix() . "RightConfig";
     $file_path = $app_config->getAppPath('lib/config/' . $class_name . ".class.php");
     $right_config = null;
     if (file_exists($file_path)) {
         // Init app
         waSystem::getInstance($app_id, $app_config);
         include_once $file_path;
         /**
          * @var waRightConfig
          */
         $right_config = new $class_name();
     }
     foreach ($values as $name => $value) {
         if ($right_config && $right_config->setRights($contact_id, $name, $value)) {
             // If we've got response from custom rights config, then no need to update main rights table
             continue;
         }
         // Set default limited rights
         if ($right_config && $name == 'backend' && $value == 1) {
             /**
              * @var $right_config waRightConfig
              */
             foreach ($right_config->setDefaultRights($contact_id) as $n => $v) {
                 $right_model->save($contact_id, $app_id, $n, $v);
             }
         }
         $right_model->save($contact_id, $app_id, $name, $value);
     }
     waSystem::setActive('contacts');
     if ($contact_id) {
         // TODO: use waContact method for disabling
         $is_user = waRequest::post('is_user', null, 'int');
         if ($is_user === -1 || $is_user === 0 || $is_user === 1) {
             $contact = new waContact($contact_id);
             $contact->save(array('is_user' => $is_user));
             $this->response['access_disable_msg'] = contactsHelper::getAccessDisableMsg($contact);
         }
     }
     $has_backend_access_new = $this->hasBackendAccess($contact_id);
     if ($has_backend_access_new !== $has_backend_access_old) {
         if ($has_backend_access_new) {
             $this->logAction("grant_backend_access", null, $contact_id);
         } else {
             $this->logAction("revoke_backend_access", null, $contact_id);
         }
     }
 }