public function allowAccess() { $access = $this->m_Access; if (!$access) { $access = $this->m_Access; } if ($access) { return BizSystem::allowUserAccess($access); } return ALLOW; }
protected function getSelectFrom() { $formobj = $this->getFormObj(); if (!BizSystem::allowUserAccess("data_assign.assign_to_other")) { $groups = BizSystem::getUserProfile("groups"); if ($groups) { $ids = implode(",", $groups); $selectFrom = $this->m_SelectFrom . ",[Id] IN ({$ids})"; } else { $selectFrom = $this->m_SelectFrom; } } else { $selectFrom = $this->m_SelectFrom; } return Expression::evaluateExpression($selectFrom, $formobj); }
public function SwitchSession() { if (!BizSystem::allowUserAccess('Session.Switch_Session')) { if (!BizSystem::sessionContext()->getVar("_PREV_USER_PROFILE")) { return; } } $data = $this->readInputRecord(); $username = $data['username']; if (!$username) { return; } $serviceObj = BizSystem::getService(PROFILE_SERVICE); if (method_exists($serviceObj, 'SwitchUserProfile')) { $serviceObj->SwitchUserProfile($username); } BizSystem::clientProxy()->runClientScript("<script>window.location.reload();</script>"); }
protected function allowDisplay($user_id) { if (BizSystem::allowUserAccess("data_manage.manage")) { return true; } //get user acl info $actionRec = BizSystem::getObject("system.do.AclActionDO")->fetchOne("[module]='common' AND [resource]='data_assign' AND [action]='accept_other_assigned'"); $actionId = $actionRec['Id']; if (!$actionId) { //the system doesnt support accept_other_assigned feature then return true; return true; } //get list of all roles which enabled this action $roleList = BizSystem::getObject("system.do.AclRoleActionDO")->directFetch("[action_id]='{$actionId}' AND ([access_level]='1' OR [access_level]='2')"); foreach ($roleList as $roleRec) { $roleId = $roleRec['role_id']; //check if target user has this role $AssocRecs = BizSystem::getObject("system.do.UserRoleDO")->directFetch("[role_id]='{$roleId}' AND [user_id]='{$user_id}'"); if ($AssocRecs->count()) { return true; } } //if we are in same group return true //get user groups info $user_id = (int) $user_id; $groups = BizSystem::getUserProfile("groups"); $groupset = BizSystem::getObject("system.do.UserGroupDO")->directFetch("[user_id]='{$user_id}'"); foreach ($groupset as $groupRec) { $user_group_id = $groupRec['group_id']; foreach ($groups as $group_id) { if ($group_id == $user_group_id) { return true; } } } return false; }
public function fetchData() { if ($this->m_ActiveRecord != null) { return $this->m_ActiveRecord; } $prtForm = $this->m_ParentFormName; $prtFormObj = BizSystem::GetObject($prtForm); if (!$prtForm) { return array(); } $this->SetPrtRecordId($this->m_RecordId); $recId = $this->m_ParentRecordId; $dataObj = $prtFormObj->getDataObj(); $dataRec = $dataObj->fetchById($recId); $user_id = BizSystem::GetUserProfile("Id"); $group_id = BizSystem::GetUserProfile("default_group"); $this->m_hasOwnerField = $this->hasOwnerField(); $result = array(); $result['Id'] = $dataRec['Id']; $result['editable'] = 0; $result['has_ref_data'] = 0; if ($dataObj->m_ObjReferences->count()) { $result['has_ref_data'] = 1; } if ($user_id == $dataRec['create_by']) { $result['shared_data'] = 0; $result['editable'] = 1; } elseif ($this->m_hasOwnerField && $owner_id == $user_id) { $result['shared_data'] = 0; $result['editable'] = 1; } elseif ($group_id == $dataRec['group_id']) { $result['shared_data'] = 1; } else { $result['shared_data'] = 2; } if ($dataRec['name'] != '') { $result['data_record'] = $dataRec['name']; } elseif ($dataRec['subject'] != '') { $result['data_record'] = $dataRec['subject']; } elseif ($dataRec['title'] != '') { $result['data_record'] = $dataRec['title']; } elseif ($dataRec['display_name'] != '') { $result['data_record'] = $dataRec['display_name']; } else { $result['data_record'] = $dataRec['Id']; } $this->m_DataRecordName = $result['data_record']; if ($this->m_hasOwnerField) { $owner_id = $dataRec['owner_id']; $result['owner_id'] = $dataRec['owner_id']; if ($dataRec['owner_id'] != $dataRec['create_by']) { if ($dataRec['owner_id'] == $user_id) { $result['shared_data'] = 3; $result['editable'] = 1; } elseif ($dataRec['create_by'] == $user_id) { $result['shared_data'] = 4; $result['editable'] = 1; } } } else { $owner_id = $dataRec['create_by']; } $result['data_record'] = str_replace("<br />", "", $result['data_record']); $result['owner_perm'] = 3; $result['create_by'] = $dataRec['create_by']; $inputArr = $this->readInputRecord(); $result['group_id'] = $dataRec['group_id']; $result['group_perm'] = isset($inputArr['group_perm']) ? $inputArr['group_perm'] : $dataRec['group_perm']; $result['other_perm'] = isset($inputArr['other_perm']) ? $inputArr['other_perm'] : $dataRec['other_perm']; $result['group_name'] = $this->_getGroupName($dataRec['group_id']); $result['owner_name'] = $this->_getOwnerName($owner_id); $result['creator_name'] = $this->_getOwnerName($dataRec['create_by']); $result['hasOwnerField'] = (int) $this->m_hasOwnerField; $result['form_title'] = $prtFormObj->m_Title; $result['action_timestamp'] = date("Y-m-d H:i:s"); $result['refer_url'] = SITE_URL; if ($result['editable'] == 0) { $svcObj = BizSystem::GetService(DATAPERM_SERVICE); $result['editable'] = (int) $svcObj->checkDataPerm($dataRec, 3, $dataObj); } if ($result['editable'] == 0) { $result['has_ref_data'] = 0; } $this->m_RecordId = $result['Id']; $this->m_ParentRecordId = $result['Id']; //$this->setActiveRecord($result); if (BizSystem::allowUserAccess("data_manage.manage")) { $result['editable'] = 1; $result['data_manage'] = 1; } else { $result['data_manage'] = 0; } return $result; }
public function BuildSQLRule($dataObj, $type, $hasOwnerField = false, $alias = false) { if (BizSystem::allowUserAccess("data_manage.manage")) { return " TRUE "; } $sql_where = null; $user_id = BizSystem::GetUserProfile('Id'); $user_groups = BizSystem::GetUserProfile('groups'); if ($hasOwnerField) { $sql_where = " ( ([create_by]='{$user_id}' OR [owner_id]='{$user_id}') "; } else { $sql_where = " ( [create_by]='{$user_id}' "; } if (GROUP_DATA_SHARE == 0) { return $sql_where . " ) "; } switch ($type) { default: case 'select': $perm_limit = ">=1"; break; case 'update': $perm_limit = ">=2"; break; case 'delete': $perm_limit = ">=3"; break; } if (count($user_groups)) { $sql_where .= " OR ( [group_perm] {$perm_limit} AND ("; foreach ($user_groups as $group_id) { $sql_where .= " [group_id] = '{$group_id}' OR "; } $sql_where .= " FALSE ) )"; } $sql_where .= " OR [other_perm] {$perm_limit} "; $aclDO = BizSystem::getObject("common.do.DataACLDO"); if ($aclDO && DATA_ACL) { $acl_table = $aclDO->m_MainTable; if ($type == 'select' || $alias == true) { $record_table = "T0"; } else { $record_table = $dataObj->m_MainTable; } $record_main_table = $dataObj->m_MainTable; $record_id_field = $dataObj->getField("Id")->m_Column; $sql_where .= " OR (\n\t\t\t\t\t\t\t\tSELECT COUNT(*) FROM `{$acl_table}` WHERE \t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\t`{$acl_table}`.`user_id`='{$user_id}' AND\n\t\t\t\t\t\t\t\t`{$acl_table}`.`record_table` = '{$record_main_table}' AND\n\t\t\t\t\t\t\t\t`{$acl_table}`.`record_id` = `{$record_table}`.`{$record_id_field}`\n\t\t\t\t\t\t\t\t )"; } $sql_where .= " )"; return $sql_where; }
public function recordCount($sql) { $counter = 0; $rs = $this->directFetch($sql); foreach ($rs as $record) { $access = $record['access']; if (empty($access) || BizSystem::allowUserAccess($access)) { $counter++; } } return $counter; }