public function testgetUserActions() { $result1 = ACLAction::getUserActions('1'); $result2 = ACLAction::getUserActions('1', false, 'Accounts'); $result3 = ACLAction::getUserActions('1', false, 'Accounts', 'list'); //verify that all three results retunred are different $this->assertNotSame($result1, $result2); $this->assertNotSame($result1, $result3); $this->assertNotSame($result2, $result3); }
function get_workflow_admin_modules_for_user($user) { if (isset($_SESSION['get_workflow_admin_modules_for_user'])) { return $_SESSION['get_workflow_admin_modules_for_user']; } global $moduleList; $workflow_mod_list = array(); foreach ($moduleList as $module) { $workflow_mod_list[$module] = $module; } // This list is taken from teh previous version of workflow_utils.php $workflow_mod_list['Tasks'] = "Tasks"; $workflow_mod_list['Calls'] = "Calls"; $workflow_mod_list['Meetings'] = "Meetings"; $workflow_mod_list['Notes'] = "Notes"; $workflow_mod_list['ProjectTask'] = "Project Tasks"; $workflow_mod_list['Leads'] = "Leads"; $workflow_mod_list['Opportunities'] = "Opportunities"; // End of list $workflow_admin_modules = array(); if (empty($user)) { return $workflow_admin_modules; } $actions = ACLAction::getUserActions($user->id); //check for ForecastSchedule because it doesn't exist in $workflow_mod_list if (isset($actions['ForecastSchedule']['module']['admin']['aclaccess']) && ($actions['ForecastSchedule']['module']['admin']['aclaccess'] == ACL_ALLOW_DEV || $actions['ForecastSchedule']['module']['admin']['aclaccess'] == ACL_ALLOW_ADMIN_DEV)) { $workflow_admin_modules['Forecasts'] = 'Forecasts'; } foreach ($workflow_mod_list as $key => $val) { if (!in_array($val, $workflow_admin_modules) && ($val != 'iFrames' && $val != 'Feeds' && $val != 'Home' && $val != 'Dashboard' && $val != 'Calendar' && $val != 'Activities' && $val != 'Reports') && $user->isDeveloperForModule($key)) { $workflow_admin_modules[$key] = $val; } } $_SESSION['get_workflow_admin_modules_for_user'] = $workflow_admin_modules; return $workflow_admin_modules; }
function get_user_module_list($user) { $GLOBALS['log']->info('Begin: SoapHelperWebServices->get_user_module_list'); global $app_list_strings, $current_language; $app_list_strings = return_app_list_strings_language($current_language); $modules = query_module_access_list($user); ACLController::filterModuleList($modules, false); global $modInvisList, $modInvisListActivities; foreach ($modInvisList as $invis) { $modules[$invis] = 'read_only'; } if (isset($modules['Calendar']) || $modules['Activities']) { foreach ($modInvisListActivities as $invis) { $modules[$invis] = $invis; } } $actions = ACLAction::getUserActions($user->id, true); foreach ($actions as $key => $value) { if (isset($value['module']) && $value['module']['access']['aclaccess'] < ACL_ALLOW_ENABLED) { if ($value['module']['access']['aclaccess'] == ACL_ALLOW_DISABLED) { unset($modules[$key]); } else { $modules[$key] = 'read_only'; } // else } else { $modules[$key] = ''; } // else } // foreach $GLOBALS['log']->info('End: SoapHelperWebServices->get_user_module_list'); return $modules; }
* In accordance with Section 7(b) of the GNU Affero General Public License version 3, * these Appropriate Legal Notices must retain the display of the "Powered by * SugarCRM" logo and "Supercharged by SuiteCRM" logo. If the display of the logos is not * reasonably feasible for technical reasons, the Appropriate Legal Notices must * display the words "Powered by SugarCRM" and "Supercharged by SuiteCRM". ********************************************************************************/ global $app_list_strings, $app_strings, $current_user; $mod_strings = return_module_language($GLOBALS['current_language'], 'Users'); $focus = new User(); $focus->retrieve($_REQUEST['record']); if (!is_admin($focus)) { $sugar_smarty = new Sugar_Smarty(); $sugar_smarty->assign('MOD', $mod_strings); $sugar_smarty->assign('APP', $app_strings); $sugar_smarty->assign('APP_LIST', $app_list_strings); $categories = ACLAction::getUserActions($_REQUEST['record'], true); //clear out any removed tabs from user display if (!$GLOBALS['current_user']->isAdminForModule('Users')) { $tabs = $focus->getPreference('display_tabs'); global $modInvisList; if (!empty($tabs)) { foreach ($categories as $key => $value) { if (!in_array($key, $tabs) && !in_array($key, $modInvisList)) { unset($categories[$key]); } } } } $names = array(); $names = ACLAction::setupCategoriesMatrix($categories); if (!empty($names)) {
function get_user_module_list($user) { global $app_list_strings, $current_language, $beanList, $beanFiles; $app_list_strings = return_app_list_strings_language($current_language); $modules = query_module_access_list($user); ACLController::filterModuleList($modules, false); global $modInvisList; foreach ($modInvisList as $invis) { $modules[$invis] = 'read_only'; } $actions = ACLAction::getUserActions($user->id, true); foreach ($actions as $key => $value) { if (isset($value['module']) && $value['module']['access']['aclaccess'] < ACL_ALLOW_ENABLED) { if ($value['module']['access']['aclaccess'] == ACL_ALLOW_DISABLED) { unset($modules[$key]); } else { $modules[$key] = 'read_only'; } // else } else { $modules[$key] = ''; } // else } // foreach //Remove all modules that don't have a beanFiles entry associated with it foreach ($modules as $module_name => $module) { if (isset($beanList[$module_name])) { $class_name = $beanList[$module_name]; if (empty($beanFiles[$class_name])) { unset($modules[$module_name]); } } else { unset($modules[$module_name]); } } return $modules; }
function disabledModuleList($moduleList, $by_value = true, $view = 'list') { global $aclModuleList, $current_user; if (is_admin($GLOBALS['current_user'])) { return array(); } $actions = ACLAction::getUserActions($current_user->id, false); $disabled = array(); $compList = array(); if ($by_value) { foreach ($moduleList as $key => $value) { $compList[$value] = $key; } } else { $compList =& $moduleList; } if (isset($moduleList['ProductTemplates'])) { $moduleList['Products'] = 'Products'; } foreach ($actions as $action_name => $action) { if (!empty($action['module'])) { $aclModuleList[$action_name] = $action_name; if (isset($compList[$action_name])) { if ($action['module']['access']['aclaccess'] < ACL_ALLOW_ENABLED || $action['module'][$view]['aclaccess'] < 0) { if ($by_value) { $disabled[$compList[$action_name]] = $compList[$action_name]; } else { $disabled[$action_name] = $action_name; } } } } } if (isset($compList['Calendar']) && !(ACL_ALLOW_ENABLED == $actions['Calls']['module']['access']['aclaccess'] || ACL_ALLOW_ENABLED == $actions['Meetings']['module']['access']['aclaccess'] || ACL_ALLOW_ENABLED == $actions['Tasks']['module']['access']['aclaccess'])) { if ($by_value) { $disabled[$compList['Calendar']] = $compList['Calendar']; } else { $disabled['Calendar'] = 'Calendar'; } if (isset($compList['Activities']) && !(ACL_ALLOW_ENABLED == $actions['Notes']['module']['access']['aclaccess'] || ACL_ALLOW_ENABLED == $actions['Notes']['module']['access']['aclaccess'])) { if ($by_value) { $disabled[$compList['Activities']] = $compList['Activities']; } else { $disabled['Activities'] = 'Activities'; } } } if (isset($disabled['Products'])) { $disabled['ProductTemplates'] = 'ProductTemplates'; } return $disabled; }
function action_DeployPackage() { global $current_user; if (defined('TEMPLATE_URL')) { sugar_cache_reset(); SugarTemplateUtilities::disableCache(); } //increment etag for menu so the new module shows up when the AJAX UI reloads $current_user->incrementETag("mainMenuETag"); $mb = new ModuleBuilder(); $load = $_REQUEST['package']; $message = $GLOBALS['mod_strings']['LBL_MODULE_DEPLOYED']; if (!empty($load)) { $zip = $mb->getPackage($load); require_once 'ModuleInstall/PackageManager/PackageManager.php'; $pm = new PackageManager(); $info = $mb->packages[$load]->build(false); $uploadDir = $pm->upload_dir . '/upgrades/module/'; mkdir_recursive($uploadDir); rename($info['zip'], $uploadDir . $info['name'] . '.zip'); copy($info['manifest'], $uploadDir . $info['name'] . '-manifest.php'); $_REQUEST['install_file'] = $uploadDir . $info['name'] . '.zip'; $GLOBALS['mi_remove_tables'] = false; $pm->performUninstall($load); //#23177 , js cache clear clearAllJsAndJsLangFilesWithoutOutput(); //#30747, clear the cache in memory $cache_key = 'app_list_strings.' . $GLOBALS['current_language']; sugar_cache_clear($cache_key); sugar_cache_reset(); //clear end $pm->performInstall($_REQUEST['install_file'], true); //clear the unified_search_module.php file require_once 'modules/Home/UnifiedSearchAdvanced.php'; UnifiedSearchAdvanced::unlinkUnifiedSearchModulesFile(); //bug 44269 - start //clear workflow admin modules cache if (isset($_SESSION['get_workflow_admin_modules_for_user'])) { unset($_SESSION['get_workflow_admin_modules_for_user']); } //clear "is_admin_for_module" cache $sessionVar = 'MLA_' . $current_user->user_name; foreach ($mb->packages as $package) { foreach ($package->modules as $module) { $_SESSION[$sessionVar][$package->name . '_' . $module->name] = true; } } //recreate acl cache $actions = ACLAction::getUserActions($current_user->id, true); //bug 44269 - end } echo 'complete'; }
private static function getTableModuleArray() { global $current_user; $acl_modules = ACLAction::getUserActions($current_user->id); //Get an array of table names for admin accesible modules $modulesTables = array(); foreach ($acl_modules as $key => $mod) { $tableName = BeanFactory::newBean(BeanFactory::getObjectName($key))->table_name; $tableName = $tableName == '' ? strtolower($key) : $tableName; $modulesTables[$tableName] = $key; } return $modulesTables; }
function get_workflow_admin_modules_for_user($user) { /* Workflow modules blacklist */ $workflowNotSupportedModules = array('iFrames', 'Feeds', 'Home', 'Dashboard', 'Calendar', 'Activities', 'Reports', 'pmse_Business_Rules', 'pmse_Project', 'pmse_Emails_Templates', 'pmse_Inbox'); if (isset($_SESSION['get_workflow_admin_modules_for_user'])) { return $_SESSION['get_workflow_admin_modules_for_user']; } global $moduleList; $workflow_mod_list = array(); foreach ($moduleList as $module) { $workflow_mod_list[$module] = $module; } // This list is taken from teh previous version of workflow_utils.php $workflow_mod_list['Tasks'] = "Tasks"; $workflow_mod_list['Calls'] = "Calls"; $workflow_mod_list['Meetings'] = "Meetings"; $workflow_mod_list['Notes'] = "Notes"; $workflow_mod_list['ProjectTask'] = "Project Tasks"; $workflow_mod_list['Leads'] = "Leads"; $workflow_mod_list['Opportunities'] = "Opportunities"; // End of list $workflow_admin_modules = array(); if (empty($user)) { return $workflow_admin_modules; } $actions = ACLAction::getUserActions($user->id); foreach ($workflow_mod_list as $key => $val) { if (!in_array($val, $workflow_admin_modules) && !in_array($val, $workflowNotSupportedModules) && $user->isDeveloperForModule($key)) { $workflow_admin_modules[$key] = $val; } } $_SESSION['get_workflow_admin_modules_for_user'] = $workflow_admin_modules; return $workflow_admin_modules; }
/** * Get user access for the list of actions * @param string $module * @param array $access_list List of actions * @returns array - List of access levels. Access levels not returned are assumed to be "all allowed". */ public function getUserAccess($module, $access_list, $context) { $user = $this->getCurrentUser($context); if (empty($user) || empty($user->id) || is_admin($user)) { // no user or admin - do nothing return $access_list; } $is_owner = !(isset($context['owner_override']) && $context['owner_override'] == false); if (isset(self::$non_module_acls[$module])) { $level = self::$non_module_acls[$module]; } else { $level = 'module'; } $actions = ACLAction::getUserActions($user->id, false, $module, $level); if (empty($actions)) { return $access_list; } // default implementation, specific ACLs can override $access = $access_list; // check 'access' first - if it's false all others will be false if (isset($access_list['access'])) { if (!ACLAction::userHasAccess($user->id, $module, 'access', $level, true)) { foreach ($access_list as $action => $value) { $access[$action] = false; } return $access; } // no need to check it second time unset($access_list['access']); } foreach ($access_list as $action => $value) { // may have the bean, so we need to use checkAccess if (!$this->checkAccess($module, $action, $context) || isset($actions[$action]['aclaccess']) && !ACLAction::hasAccess($is_owner, $actions[$action]['aclaccess'])) { $access[$action] = false; } } return $access; }
public static function getCurrentUserAllowedModules($noRestrictions = false) { global $current_user, $sugar_config, $app_list_strings; //Obtener los m�dulo a los que tiene acceso el usuario activo $modules = array(); $selectedModuleIndex = 0; $acl_modules = ACLAction::getUserActions($current_user->id); $allowedModule = array(); foreach ($acl_modules as $key => $mod) { if ($mod['module']['access']['aclaccess'] >= 0) { if (!$noRestrictions && (isset($sugar_config['asolModulesPermissions']['asolAllowedTables']) || isset($sugar_config['asolModulesPermissions']['asolForbiddenTables']))) { //Restrictive if (isset($sugar_config['asolModulesPermissions']['asolForbiddenTables']['domains'][$current_user->asol_default_domain]) && in_array($key, $sugar_config['asolModulesPermissions']['asolForbiddenTables']['domains'][$current_user->asol_default_domain])) { $allowedModule[$key] = false; } else { if (isset($sugar_config['asolModulesPermissions']['asolForbiddenTables']['instance']) && in_array($key, $sugar_config['asolModulesPermissions']['asolForbiddenTables']['instance'])) { $allowedModule[$key] = false; } } if (isset($sugar_config['asolModulesPermissions']['asolAllowedTables']['domains'][$current_user->asol_default_domain]) && in_array($key, $sugar_config['asolModulesPermissions']['asolAllowedTables']['domains'][$current_user->asol_default_domain])) { if (!isset($allowedModule[$key])) { $allowedModule[$key] = true; } } else { if (isset($sugar_config['asolModulesPermissions']['asolAllowedTables']['instance']) && in_array($key, $sugar_config['asolModulesPermissions']['asolAllowedTables']['instance'])) { if (!isset($allowedModule[$key])) { $allowedModule[$key] = true; } } } } else { $allowedModule[$key] = true; } } } foreach ($allowedModule as $key => $isAllowed) { if ($isAllowed) { $modules[$key] = isset($app_list_strings['moduleList'][$key]) ? $app_list_strings['moduleList'][$key] : $key; } } asort($modules); return $modules; }
function getUserRole($moudle = '', $user_id) { global $app_list_strings, $db, $current_user; $alcAction = new ACLAction(); $is_owner = true; $bool = ACLController::checkAccess($moudle, 'view', $is_owner); $action = $alcAction->getUserActions($user_id, false, $moudle, 'module', 'view'); if ($current_user->is_admin == '1') { $view = $action[$moudle]['module']['view']['aclaccess']; } else { $view = $action['aclaccess']; } $view2 = $action['aclaccess']; $arr_role = array('access1' => $bool, 'access2' => $view, 'access3' => $view2); return $arr_role; }
$aclrole->setAction($aclrole->id, $action_results['Contacts']['delete']['id'], ACL_ALLOW_ALL); $action_results = ACLAction::getUserActions('will_id', true); echo 'Actions Peon role for will<br>'; foreach ($action_results as $category_name => $category) { foreach ($category as $action_name => $action) { _pp($category_name . ':' . $action_name . ':' . acl_translate($action['access'])); } } echo 'Will is a bad peon user<br>'; echo 'Create a role for Bad Peon Users<br>'; $aclrole = new ACLRole(); $aclrole->name = 'Bad Peon User'; $aclrole->description = 'The Bad Peon Role For All Bad Peons'; $aclrole->user_id = 'will_id'; $aclrole->save(); echo 'No Bad Peon user should have access to contacts <br>'; foreach ($action_results['Contacts'] as $action) { $aclrole->setAction($aclrole->id, $action['id'], ACL_ALLOW_NONE); } $action_results = ACLAction::getUserActions('will_id', true); echo 'Actions Peon role for will<br>'; foreach ($action_results as $category_name => $category) { foreach ($category as $action_name => $action) { _pp($category_name . ':' . $action_name . ':' . acl_translate($action['access'])); } } echo 'PRINTING THE ACTIONS for a role <br>'; $role_actions = ACLRole::getRoleActions($aclrole->id); _pp($role_actions); echo 'PRINTING THE SESSION CACHE FOR ACL <br>'; _PP($_SESSION['ACL']);
/** * Helper function that enumerates the list of modules and checks if they are an admin/dev. * The code was just too similar to copy and paste. * * @return array */ protected function _getModulesForACL($type = 'dev') { $isDev = $type == 'dev'; $isAdmin = $type == 'admin'; global $beanList; $myModules = array(); if (!is_array($beanList)) { return $myModules; } // These modules don't take kindly to the studio trying to play about with them. static $ignoredModuleList = array('iFrames', 'Feeds', 'Home', 'Dashboard', 'Calendar', 'Activities', 'Reports'); $actions = ACLAction::getUserActions($this->id); foreach ($beanList as $module => $val) { // Remap the module name $module = $this->_fixupModuleForACL($module); if (in_array($module, $myModules)) { // Already have the module in the list continue; } if (in_array($module, $ignoredModuleList)) { // You can't develop on these modules. continue; } $key = 'module'; if ($this->isAdmin() && isset($actions[$module][$key])) { $myModules[] = $module; } } return $myModules; }
/** * Helper function that enumerates the list of modules and checks if they are an admin/dev. * The code was just too similar to copy and paste. * * @return array */ protected function _getModulesForACL($type = 'dev') { $isDev = $type == 'dev'; $isAdmin = $type == 'admin'; global $beanList; $myModules = array(); if (!is_array($beanList)) { return $myModules; } // These modules don't take kindly to the studio trying to play about with them. static $ignoredModuleList = array('iFrames', 'Feeds', 'Home', 'Dashboard', 'Calendar', 'Activities', 'Reports', 'UpgradeHistory'); $actions = ACLAction::getUserActions($this->id); foreach ($beanList as $module => $val) { // Remap the module name $module = $this->_fixupModuleForACL($module); if (in_array($module, $myModules)) { // Already have the module in the list continue; } if (in_array($module, $ignoredModuleList)) { // You can't develop on these modules. continue; } $key = 'module'; // The tracker modules have special case ACL mappings // in $GLOBALS['ACLActions'] that we need to account for. // TODO: In the future these should be migrated to a custom ACL strategy for those modules. if (in_array($module, array('Tracker', 'TrackerPerfs', 'TrackerQueries', 'TrackerSessions'))) { $focus = BeanFactory::getBean($module); if ($focus instanceof SugarBean) { $key = $focus->acltype; } } if ($this->isAdmin() && isset($actions[$module][$key]) || isset($actions[$module][$key]['admin']['aclaccess']) && ($isDev && $actions[$module][$key]['admin']['aclaccess'] == ACL_ALLOW_DEV || $isAdmin && $actions[$module][$key]['admin']['aclaccess'] == ACL_ALLOW_ADMIN || $actions[$module][$key]['admin']['aclaccess'] == ACL_ALLOW_ADMIN_DEV)) { $myModules[] = $module; } } return $myModules; }
/** * STATIC function userNeedsOwnership($user_id, $category, $action,$type='module') * checks if a user should have ownership to do an action * * @param GUID $user_id * @param STRING $category * @param STRING $action * @param STRING $type * @return boolean */ public static function userNeedsOwnership($user_id, $category, $action, $type = 'module') { //check if we don't have it set in the cache if not lets reload the cache if (empty($_SESSION['ACL'][$user_id][$category][$type][$action])) { ACLAction::getUserActions($user_id, false); } if (!empty($_SESSION['ACL'][$user_id][$category][$type][$action])) { return $_SESSION['ACL'][$user_id][$category][$type][$action]['aclaccess'] == ACL_ALLOW_OWNER; } return false; }
public static function getCurrentUserAvailableModules($alternativeDb) { global $sugar_config, $current_user; $dbKey = $alternativeDb === false ? 'crm' : 'ext' . $alternativeDb; if (!isset($_SESSION['currentUserAvailableModules'][$dbKey])) { $acl_modules = ACLAction::getUserActions($current_user->id); $currentUserAvailableModules = array(); foreach ($acl_modules as $key => $mod) { if ($mod['module']['access']['aclaccess'] >= 0) { if (isset($sugar_config['asolModulesPermissions']['asolAllowedTables']) || isset($sugar_config['asolModulesPermissions']['asolForbiddenTables'])) { //Restrictive if (isset($sugar_config['asolModulesPermissions']['asolForbiddenTables']['domains'][$current_user->asol_default_domain]) && in_array($key, $sugar_config['asolModulesPermissions']['asolForbiddenTables']['domains'][$current_user->asol_default_domain])) { $currentUserAvailableModules[$key] = false; } else { if (isset($sugar_config['asolModulesPermissions']['asolForbiddenTables']['instance']) && in_array($key, $sugar_config['asolModulesPermissions']['asolForbiddenTables']['instance'])) { $currentUserAvailableModules[$key] = false; } } if (isset($sugar_config['asolModulesPermissions']['asolAllowedTables']['domains'][$current_user->asol_default_domain]) && in_array($key, $sugar_config['asolModulesPermissions']['asolAllowedTables']['domains'][$current_user->asol_default_domain])) { if (!isset($currentUserAvailableModules[$key])) { $currentUserAvailableModules[$key] = true; } } else { if (isset($sugar_config['asolModulesPermissions']['asolAllowedTables']['instance']) && in_array($key, $sugar_config['asolModulesPermissions']['asolAllowedTables']['instance'])) { if (!isset($currentUserAvailableModules[$key])) { $currentUserAvailableModules[$key] = true; } } } } else { $currentUserAvailableModules[$key] = true; } } } $_SESSION['currentUserAvailableModules'][$dbKey] = $currentUserAvailableModules; } else { $currentUserAvailableModules = $_SESSION['currentUserAvailableModules'][$dbKey]; } return $currentUserAvailableModules; }