function saveMember($member_data, Member $member, $is_new = true)
{
try {
DB::beginWork();
if (!$is_new) {
$old_parent = $member->getParentMemberId();
}
$member->setFromAttributes($member_data);
/* @var $member Member */
$object_type = ObjectTypes::findById($member->getObjectTypeId());
if (!$object_type instanceof ObjectType) {
throw new Exception(lang("you must select a valid object type"));
}
if ($member->getParentMemberId() == 0) {
$dot = DimensionObjectTypes::findById(array('dimension_id' => $member->getDimensionId(), 'object_type_id' => $member->getObjectTypeId()));
if (!$dot->getIsRoot()) {
throw new Exception(lang("member cannot be root", lang($object_type->getName())));
}
$member->setDepth(1);
} else {
$allowedParents = $this->getAssignableParents($member->getDimensionId(), $member->getObjectTypeId());
if (!$is_new) {
$childrenIds = $member->getAllChildrenIds(true);
}
$hasValidParent = false;
if ($member->getId() == $member->getParentMemberId() || !$is_new && in_array($member->getParentMemberId(), $childrenIds)) {
throw new Exception(lang("invalid parent member"));
}
foreach ($allowedParents as $parent) {
if ($parent['id'] == $member->getParentMemberId()) {
$hasValidParent = true;
break;
}
}
if (!$hasValidParent) {
throw new Exception(lang("invalid parent member"));
}
$parent = Members::findById($member->getParentMemberId());
if ($parent instanceof Member) {
$member->setDepth($parent->getDepth() + 1);
} else {
$member->setDepth(1);
}
}
if ($object_type->getType() == 'dimension_object') {
$handler_class = $object_type->getHandlerClass();
if ($is_new || $member->getObjectId() == 0) {
eval('$dimension_object = ' . $handler_class . '::instance()->newDimensionObject();');
} else {
$dimension_object = Objects::findObject($member->getObjectId());
}
if ($dimension_object) {
$dimension_object->modifyMemberValidations($member);
$dimension_obj_data = array_var($_POST, 'dim_obj');
if (!array_var($dimension_obj_data, 'name')) {
$dimension_obj_data['name'] = $member->getName();
}
eval('$fields = ' . $handler_class . '::getPublicColumns();');
foreach ($fields as $field) {
if (array_var($field, 'type') == DATA_TYPE_DATETIME) {
$dimension_obj_data[$field['col']] = getDateValue($dimension_obj_data[$field['col']]);
}
}
$member->save();
$dimension_object->setFromAttributes($dimension_obj_data, $member);
$dimension_object->save();
$member->setObjectId($dimension_object->getId());
$member->save();
Hook::fire("after_add_dimension_object_member", $member, $null);
}
} else {
$member->save();
}
// Other dimensions member restrictions
$restricted_members = array_var($_POST, 'restricted_members');
if (is_array($restricted_members)) {
MemberRestrictions::clearRestrictions($member->getId());
foreach ($restricted_members as $dim_id => $dim_members) {
foreach ($dim_members as $mem_id => $member_restrictions) {
$restricted = isset($member_restrictions['restricted']);
if ($restricted) {
$order_num = array_var($member_restrictions, 'order_num', 0);
$member_restriction = new MemberRestriction();
$member_restriction->setMemberId($member->getId());
$member_restriction->setRestrictedMemberId($mem_id);
$member_restriction->setOrder($order_num);
$member_restriction->save();
}
}
}
}
// Save member property members (also check for required associations)
if (array_var($_POST, 'save_properties')) {
$required_association_ids = DimensionMemberAssociations::getRequiredAssociatations($member->getDimensionId(), $member->getObjectTypeId(), true);
$missing_req_association_ids = array_fill_keys($required_association_ids, true);
// if keeps record change is_active, if not delete record
$old_properties = MemberPropertyMembers::getAssociatedPropertiesForMember($member->getId());
foreach ($old_properties as $property) {
$association = DimensionMemberAssociations::findById($property->getAssociationId());
if (!$association->getKeepsRecord()) {
$property->delete();
}
}
$new_properties = array();
$associated_members = array_var($_POST, 'associated_members', array());
foreach ($associated_members as $prop_member_id => $assoc_id) {
$active_association = null;
if (isset($missing_req_association_ids[$assoc_id])) {
$missing_req_association_ids[$assoc_id] = false;
}
$conditions = "`association_id` = {$assoc_id} AND `member_id` = " . $member->getId() . " AND `is_active` = 1";
$active_associations = MemberPropertyMembers::find(array('conditions' => $conditions));
if (count($active_associations) > 0) {
$active_association = $active_associations[0];
}
$association = DimensionMemberAssociations::findById($assoc_id);
if ($active_association instanceof MemberPropertyMember) {
if ($active_association->getPropertyMemberId() != $prop_member_id) {
if ($association->getKeepsRecord()) {
$active_association->setIsActive(false);
$active_association->save();
}
// save current association
$mpm = new MemberPropertyMember();
$mpm->setAssociationId($assoc_id);
$mpm->setMemberId($member->getId());
$mpm->setPropertyMemberId($prop_member_id);
$mpm->setIsActive(true);
$mpm->save();
$new_properties[] = $mpm;
}
} else {
// save current association
$mpm = new MemberPropertyMember();
$mpm->setAssociationId($assoc_id);
$mpm->setMemberId($member->getId());
$mpm->setPropertyMemberId($prop_member_id);
$mpm->setIsActive(true);
$mpm->save();
$new_properties[] = $mpm;
}
}
$missing_names = array();
$missing_count = 0;
foreach ($missing_req_association_ids as $assoc => $missing) {
$assoc_instance = DimensionMemberAssociations::findById($assoc);
if ($assoc_instance instanceof DimensionMemberAssociation) {
$assoc_dim = Dimensions::getDimensionById($assoc_instance->getAssociatedDimensionMemberAssociationId());
if ($assoc_dim instanceof Dimension) {
if (!in_array($assoc_dim->getName(), $missing_names)) {
$missing_names[] = $assoc_dim->getName();
}
}
}
if ($missing) {
$missing_count++;
}
}
if ($missing_count > 0) {
throw new Exception(lang("missing required associations", implode(", ", $missing_names)));
}
$args = array($member, $old_properties, $new_properties);
Hook::fire('edit_member_properties', $args, $ret);
}
if ($is_new) {
// set all permissions for the creator
$dimension = $member->getDimension();
$allowed_object_types = array();
$dim_obj_types = $dimension->getAllowedObjectTypeContents();
foreach ($dim_obj_types as $dim_obj_type) {
// To draw a row for each object type of the dimension
if (!in_array($dim_obj_type->getContentObjectTypeId(), $allowed_object_types) && $dim_obj_type->getDimensionObjectTypeId() == $member->getObjectTypeId()) {
$allowed_object_types[] = $dim_obj_type->getContentObjectTypeId();
}
}
$allowed_object_types[] = $object_type->getId();
foreach ($allowed_object_types as $ot) {
$cmp = ContactMemberPermissions::findOne(array('conditions' => 'permission_group_id = ' . logged_user()->getPermissionGroupId() . ' AND member_id = ' . $member->getId() . ' AND object_type_id = ' . $ot));
if (!$cmp instanceof ContactMemberPermission) {
$cmp = new ContactMemberPermission();
$cmp->setPermissionGroupId(logged_user()->getPermissionGroupId());
$cmp->setMemberId($member->getId());
$cmp->setObjectTypeId($ot);
}
$cmp->setCanWrite(1);
$cmp->setCanDelete(1);
$cmp->save();
}
// set all permissions for permission groups that has allow all in the dimension
$permission_groups = ContactDimensionPermissions::findAll(array("conditions" => array("`dimension_id` = ? AND `permission_type` = 'allow all'", $dimension->getId())));
if (is_array($permission_groups)) {
foreach ($permission_groups as $pg) {
foreach ($allowed_object_types as $ot) {
$cmp = ContactMemberPermissions::findById(array('permission_group_id' => $pg->getPermissionGroupId(), 'member_id' => $member->getId(), 'object_type_id' => $ot));
if (!$cmp instanceof ContactMemberPermission) {
$cmp = new ContactMemberPermission();
$cmp->setPermissionGroupId($pg->getPermissionGroupId());
$cmp->setMemberId($member->getId());
$cmp->setObjectTypeId($ot);
}
$cmp->setCanWrite(1);
$cmp->setCanDelete(1);
$cmp->save();
}
}
}
// Inherit permissions from parent node, if they are not already set
if ($member->getDepth() && $member->getParentMember()) {
$parentNodeId = $member->getParentMember()->getId();
$condition = "member_id = {$parentNodeId}";
foreach (ContactMemberPermissions::instance()->findAll(array("conditions" => $condition)) as $parentPermission) {
/* @var $parentPermission ContactMemberPermission */
$g = $parentPermission->getPermissionGroupId();
$t = $parentPermission->getObjectTypeId();
$w = $parentPermission->getCanWrite();
$d = $parentPermission->getCanDelete();
$existsCondition = "member_id = " . $member->getId() . " AND permission_group_id= {$g} AND object_type_id = {$t}";
if (!ContactMemberPermissions::instance()->count(array("conditions" => $existsCondition))) {
$newPermission = new ContactMemberPermission();
$newPermission->setPermissionGroupId($g);
$newPermission->setObjectTypeId($t);
$newPermission->setCanWrite($w);
$newPermission->setCanDelete($d);
$newPermission->setMemberId($member->getId());
$newPermission->save();
}
}
}
// Fill sharing table if is a dimension object (after permission creation);
if (isset($dimension_object) && $dimension_object instanceof ContentDataObject) {
$dimension_object->addToSharingTable();
}
} else {
// if parent changed rebuild object_members for every object in this member
if ($old_parent != $member->getParentMemberId()) {
$sql = "SELECT om.object_id FROM " . TABLE_PREFIX . "object_members om WHERE om.member_id=" . $member->getId();
$object_ids = DB::executeAll($sql);
if (!is_array($object_ids)) {
$object_ids = array();
}
foreach ($object_ids as $row) {
$content_object = Objects::findObject($row['object_id']);
if (!$content_object instanceof ContentDataObject) {
continue;
}
$parent_ids = array();
if ($old_parent > 0) {
$all_parents = Members::findById($old_parent)->getAllParentMembersInHierarchy(true);
foreach ($all_parents as $p) {
$parent_ids[] = $p->getId();
}
if (count($parent_ids) > 0) {
DB::execute("DELETE FROM " . TABLE_PREFIX . "object_members WHERE object_id=" . $content_object->getId() . " AND member_id IN (" . implode(",", $parent_ids) . ")");
}
}
$content_object->addToMembers(array($member));
$content_object->addToSharingTable();
}
}
}
DB::commit();
flash_success(lang('success save member', lang(ObjectTypes::findById($member->getObjectTypeId())->getName()), $member->getName()));
ajx_current("back");
// Add od to array on new members
if ($is_new) {
$member_data['member_id'] = $member->getId();
}
evt_add("after member save", $member_data);
return $member;
} catch (Exception $e) {
DB::rollback();
flash_error($e->getMessage());
ajx_current("empty");
}
}
/**
* Finish the installation - create owner company and administrator
*
* @param void
* @return null
*/
function complete_installation()
{
if (Contacts::getOwnerCompany() instanceof Contact) {
die('Owner company already exists');
// Somebody is trying to access this method even if the user already exists
}
// if
$form_data = array_var($_POST, 'form');
tpl_assign('form_data', $form_data);
if (array_var($form_data, 'submited') == 'submited') {
try {
$admin_password = trim(array_var($form_data, 'admin_password'));
$admin_password_a = trim(array_var($form_data, 'admin_password_a'));
if (trim($admin_password) == '') {
throw new Error(lang('password value required'));
}
// if
if ($admin_password != $admin_password_a) {
throw new Error(lang('passwords dont match'));
}
// if
DB::beginWork();
Contacts::delete();
// clear users table
// Create a company
$company = new Contact();
$company->setFirstName(array_var($form_data, 'company_name'));
$company->setObjectName();
$company->setIsCompany(true);
$company->save();
// Init default colors
set_config_option('brand_colors_head_back', "424242");
set_config_option('brand_colors_tabs_back', "e7e7e7");
set_config_option('brand_colors_head_font', "FFFFFF");
set_config_option('brand_colors_tabs_font', "333333");
// Create the administrator user
$administrator = new Contact();
$pergroup = PermissionGroups::findOne(array('conditions' => "`name`='Super Administrator'"));
$administrator->setUserType($pergroup->getId());
$administrator->setCompanyId($company->getId());
$administrator->setUsername(array_var($form_data, 'admin_username'));
$administrator->setPassword($admin_password);
$administrator->setFirstname(array_var($form_data, 'admin_username'));
$administrator->setObjectName();
$administrator->save();
$user_password = new ContactPassword();
$user_password->setContactId($administrator->getId());
$user_password->password_temp = $admin_password;
$user_password->setPasswordDate(DateTimeValueLib::now());
$user_password->setPassword(cp_encrypt($admin_password, $user_password->getPasswordDate()->getTimestamp()));
$user_password->save();
//Add email after save because is needed.
$administrator->addEmail(array_var($form_data, 'admin_email'), 'personal', true);
//permissions
$permission_group = new PermissionGroup();
$permission_group->setName('Account Owner');
$permission_group->setContactId($administrator->getId());
$permission_group->setIsContext(false);
$permission_group->setType("permission_groups");
$permission_group->save();
$administrator->setPermissionGroupId($permission_group->getId());
$administrator->save();
$company->setCreatedById($administrator->getId());
$company->setUpdatedById($administrator->getId());
$company->save();
$contact_pg = new ContactPermissionGroup();
$contact_pg->setContactId($administrator->getId());
$contact_pg->setPermissionGroupId($permission_group->getId());
$contact_pg->save();
// tab panel permissions
$panels = TabPanels::getEnabled();
foreach ($panels as $panel) {
$tpp = new TabPanelPermission();
$tpp->setPermissionGroupId($administrator->getPermissionGroupId());
$tpp->setTabPanelId($panel->getId());
$tpp->save();
}
// dimension permissions
$dimensions = Dimensions::findAll();
foreach ($dimensions as $dimension) {
if ($dimension->getDefinesPermissions()) {
$cdp = ContactDimensionPermissions::findOne(array("conditions" => "`permission_group_id` = " . $administrator->getPermissionGroupId() . " AND `dimension_id` = " . $dimension->getId()));
if (!$cdp instanceof ContactDimensionPermission) {
$cdp = new ContactDimensionPermission();
$cdp->setPermissionGroupId($administrator->getPermissionGroupId());
$cdp->setContactDimensionId($dimension->getId());
}
$cdp->setPermissionType('allow all');
$cdp->save();
// contact member permisssion entries
$members = $dimension->getAllMembers();
foreach ($members as $member) {
$ots = DimensionObjectTypeContents::getContentObjectTypeIds($dimension->getId(), $member->getObjectTypeId());
$ots[] = $member->getObjectId();
foreach ($ots as $ot) {
$cmp = ContactMemberPermissions::findOne();
if (!$cmp instanceof ContactMemberPermission) {
$cmp = new ContactMemberPermission(array("conditions" => "`permission_group_id` = " . $administrator->getPermissionGroupId() . " AND `member_id` = " . $member->getId() . " AND `object_type_id` = {$ot}"));
$cmp->setPermissionGroupId($administrator->getPermissionGroupId());
$cmp->setMemberId($member->getId());
$cmp->setObjectTypeId($ot);
}
$cmp->setCanWrite(1);
$cmp->setCanDelete(1);
$cmp->save();
}
}
}
}
// system permissions
$sp = new SystemPermission();
$sp->setPermissionGroupId($administrator->getPermissionGroupId());
$sp->setAllPermissions(true);
$sp->save();
// root permissions
DB::executeAll("\r\n\t\t\t\tINSERT INTO " . TABLE_PREFIX . "contact_member_permissions (permission_group_id, member_id, object_type_id, can_delete, can_write)\r\n\t\t\t\t SELECT " . $administrator->getPermissionGroupId() . ", 0, rtp.object_type_id, rtp.can_delete, rtp.can_write FROM " . TABLE_PREFIX . "role_object_type_permissions rtp \r\n\t\t\t\t WHERE rtp.object_type_id NOT IN (SELECT id FROM " . TABLE_PREFIX . "object_types WHERE name IN ('mail','template','file_revision')) AND rtp.role_id in (\r\n\t\t\t\t SELECT pg.id FROM " . TABLE_PREFIX . "permission_groups pg WHERE pg.type='roles' AND pg.name IN ('Super Administrator','Administrator','Manager','Executive')\r\n\t\t\t\t )\r\n\t\t\t\tON DUPLICATE KEY UPDATE member_id=0;");
Hook::fire('after_user_add', $administrator, $null);
DB::commit();
$this->redirectTo('access', 'login');
} catch (Exception $e) {
tpl_assign('error', $e);
DB::rollback();
}
// try
}
// if
}
/**
* Finish the installation - create owner company and administrator
*
* @param void
* @return null
*/
function complete_installation() {
if(Contacts::getOwnerCompany() instanceof Contact) {
die('Owner company already exists'); // Somebody is trying to access this method even if the user already exists
} // if
$form_data = array_var($_POST, 'form');
tpl_assign('form_data', $form_data);
if(array_var($form_data, 'submited') == 'submited') {
try {
$admin_password = trim(array_var($form_data, 'admin_password'));
$admin_password_a = trim(array_var($form_data, 'admin_password_a'));
if(trim($admin_password) == '') {
throw new Error(lang('password value required'));
} // if
if($admin_password <> $admin_password_a) {
throw new Error(lang('passwords dont match'));
} // if
DB::beginWork();
Contacts::delete(); // clear users table
// Create a company
$company = new Contact();
$company->setFirstName(array_var($form_data, 'company_name'));
$company->setObjectName();
$company->setIsCompany(true);
$company->save();
// Init default colors
set_config_option('brand_colors_head_back', "000000");
set_config_option('brand_colors_tabs_back', "14780e");
set_config_option('brand_colors_head_font', "ffffff");
set_config_option('brand_colors_tabs_font', "ffffff");
// Create the administrator user
$administrator = new Contact();
$pergroup = PermissionGroups::findOne(array('conditions'=>"`name`='Super Administrator'"));
$administrator->setUserType($pergroup->getId());
$administrator->setCompanyId($company->getId());
$administrator->setUsername(array_var($form_data, 'admin_username'));
$administrator->setPassword($admin_password);
$administrator->setFirstname(array_var($form_data, 'admin_username'));
$administrator->setObjectName();
$administrator->save();
$user_password = new ContactPassword();
$user_password->setContactId($administrator->getId());
$user_password->password_temp = $admin_password;
$user_password->setPasswordDate(DateTimeValueLib::now());
$user_password->setPassword(cp_encrypt($admin_password, $user_password->getPasswordDate()->getTimestamp()));
$user_password->save();
//Add email after save because is needed.
$administrator->addEmail(array_var($form_data, 'admin_email'), 'personal', true);
//permissions
$permission_group = new PermissionGroup();
$permission_group->setName('Account Owner');
$permission_group->setContactId($administrator->getId());
$permission_group->setIsContext(false);
$permission_group->setType("permission_groups");
$permission_group->save();
$administrator->setPermissionGroupId($permission_group->getId());
$administrator->save();
$company->setCreatedById($administrator->getId());
$company->setUpdatedById($administrator->getId());
$company->save();
$contact_pg = new ContactPermissionGroup();
$contact_pg->setContactId($administrator->getId());
$contact_pg->setPermissionGroupId($permission_group->getId());
$contact_pg->save();
// tab panel permissions
$panels = TabPanels::getEnabled();
foreach ($panels as $panel) {
$tpp = new TabPanelPermission();
$tpp->setPermissionGroupId($administrator->getPermissionGroupId());
$tpp->setTabPanelId($panel->getId());
$tpp->save();
}
// dimension permissions
$dimensions = Dimensions::findAll();
foreach ($dimensions as $dimension) {
if ($dimension->getDefinesPermissions()) {
$cdp = ContactDimensionPermissions::findOne(array("conditions" => "`permission_group_id` = ".$administrator->getPermissionGroupId()." AND `dimension_id` = ".$dimension->getId()));
if (!$cdp instanceof ContactDimensionPermission) {
$cdp = new ContactDimensionPermission();
$cdp->setPermissionGroupId($administrator->getPermissionGroupId());
$cdp->setContactDimensionId($dimension->getId());
}
$cdp->setPermissionType('allow all');
$cdp->save();
// contact member permisssion entries
$members = $dimension->getAllMembers();
foreach ($members as $member) {
$ots = DimensionObjectTypeContents::getContentObjectTypeIds($dimension->getId(), $member->getObjectTypeId());
$ots[]=$member->getObjectId();
foreach ($ots as $ot) {
$cmp = ContactMemberPermissions::findOne();
if (!$cmp instanceof ContactMemberPermission) {
$cmp = new ContactMemberPermission(array("conditions" => "`permission_group_id` = ".$administrator->getPermissionGroupId()." AND `member_id` = ".$member->getId()." AND `object_type_id` = $ot"));
$cmp->setPermissionGroupId($administrator->getPermissionGroupId());
$cmp->setMemberId($member->getId());
$cmp->setObjectTypeId($ot);
}
$cmp->setCanWrite(1);
$cmp->setCanDelete(1);
$cmp->save();
}
}
}
}
// system permissions
$sp = new SystemPermission();
$sp->setPermissionGroupId($administrator->getPermissionGroupId());
$sp->setAllPermissions(true);
$sp->save();
Hook::fire('after_user_add', $administrator, $null);
DB::commit();
$this->redirectTo('access', 'login');
} catch(Exception $e) {
tpl_assign('error', $e);
DB::rollback();
} // try
} // if
} // complete_installation
function create_user($user_data, $permissionsString) {
// try to find contact by some properties
$contact_id = array_var($user_data, "contact_id") ;
$contact = Contacts::instance()->findById($contact_id) ;
if (!is_valid_email(array_var($user_data, 'email'))) {
throw new Exception(lang("email value is required"));
}
if (!$contact instanceof Contact) {
// Create a new user
$contact = new Contact();
$contact->setUsername(array_var($user_data, 'username'));
$contact->setDisplayName(array_var($user_data, 'display_name'));
$contact->setCompanyId(array_var($user_data, 'company_id'));
$contact->setUserType(array_var($user_data, 'type'));
$contact->setTimezone(array_var($user_data, 'timezone'));
$contact->setFirstname($contact->getObjectName() != "" ? $contact->getObjectName() : $contact->getUsername());
$contact->setObjectName();
} else {
// Create user from contact
$contact->setUserType(array_var($user_data, 'type'));
if (array_var($user_data, 'company_id')) {
$contact->setCompanyId(array_var($user_data, 'company_id'));
}
$contact->setUsername(array_var($user_data, 'username'));
$contact->setTimezone(array_var($user_data, 'timezone'));
}
$contact->save();
if (is_valid_email(array_var($user_data, 'email'))) {
$contact->addEmail(array_var($user_data, 'email'), 'personal', true);
}
//permissions
$permission_group = new PermissionGroup();
$permission_group->setName('User '.$contact->getId().' Personal');
$permission_group->setContactId($contact->getId());
$permission_group->setIsContext(false);
$permission_group->setType("permission_groups");
$permission_group->save();
$contact->setPermissionGroupId($permission_group->getId());
$contact_pg = new ContactPermissionGroup();
$contact_pg->setContactId($contact->getId());
$contact_pg->setPermissionGroupId($permission_group->getId());
$contact_pg->save();
if ( can_manage_security(logged_user()) ) {
$sp = new SystemPermission();
$rol_permissions=SystemPermissions::getRolePermissions(array_var($user_data, 'type'));
foreach($rol_permissions as $pr){
$sp->setPermission($pr);
}
$sp->setPermissionGroupId($permission_group->getId());
$sp->setCanManageSecurity(array_var($user_data, 'can_manage_security'));
$sp->setCanManageConfiguration(array_var($user_data, 'can_manage_configuration'));
$sp->setCanManageTemplates(array_var($user_data, 'can_manage_templates'));
$sp->setCanManageTime(array_var($user_data, 'can_manage_time'));
$sp->setCanAddMailAccounts(array_var($user_data, 'can_add_mail_accounts'));
$sp->setCanManageDimensions(array_var($user_data, 'can_manage_dimensions'));
$sp->setCanManageDimensionMembers(array_var($user_data, 'can_manage_dimension_members'));
$sp->setCanManageTasks(array_var($user_data, 'can_manage_tasks'));
$sp->setCanTasksAssignee(array_var($user_data, 'can_task_assignee'));
$sp->setCanManageBilling(array_var($user_data, 'can_manage_billing'));
$sp->setCanViewBilling(array_var($user_data, 'can_view_billing'));
Hook::fire('add_user_permissions', $sp, $other_permissions);
if (!is_null($other_permissions) && is_array($other_permissions)) {
foreach ($other_permissions as $k => $v) {
$sp->setColumnValue($k, array_var($user_data, $k));
}
}
$sp->save();
if ($contact->isAdminGroup()) {
// allow all un all dimensions if new user is admin
$dimensions = Dimensions::findAll();
$permissions = array();
foreach ($dimensions as $dimension) {
if ($dimension->getDefinesPermissions()) {
$cdp = ContactDimensionPermissions::findOne(array("conditions" => "`permission_group_id` = ".$contact->getPermissionGroupId()." AND `dimension_id` = ".$dimension->getId()));
if (!$cdp instanceof ContactDimensionPermission) {
$cdp = new ContactDimensionPermission();
$cdp->setPermissionGroupId($contact->getPermissionGroupId());
$cdp->setContactDimensionId($dimension->getId());
}
$cdp->setPermissionType('allow all');
$cdp->save();
// contact member permisssion entries
$members = $dimension->getAllMembers();
foreach ($members as $member) {
$ots = DimensionObjectTypeContents::getContentObjectTypeIds($dimension->getId(), $member->getObjectTypeId());
$ots[]=$member->getObjectId();
foreach ($ots as $ot) {
$cmp = ContactMemberPermissions::findOne(array("conditions" => "`permission_group_id` = ".$contact->getPermissionGroupId()." AND `member_id` = ".$member->getId()." AND `object_type_id` = $ot"));
if (!$cmp instanceof ContactMemberPermission) {
$cmp = new ContactMemberPermission();
$cmp->setPermissionGroupId($contact->getPermissionGroupId());
$cmp->setMemberId($member->getId());
$cmp->setObjectTypeId($ot);
}
$cmp->setCanWrite(1);
$cmp->setCanDelete(1);
$cmp->save();
// Add persmissions to sharing table
$perm = new stdClass();
$perm->m = $member->getId();
$perm->r= 1;
$perm->w= 1;
$perm->d= 1;
$perm->o= $ot;
$permissions[] = $perm ;
}
}
}
}
if(count($permissions)){
$sharingTableController = new SharingTableController();
$sharingTableController->afterPermissionChanged($contact->getPermissionGroupId(), $permissions);
}
}
}
if(!isset($_POST['sys_perm'])){
$rol_permissions=SystemPermissions::getRolePermissions(array_var($user_data, 'type'));
$_POST['sys_perm']=array();
foreach($rol_permissions as $pr){
$_POST['sys_perm'][$pr]=1;
}
}
if(!isset($_POST['mod_perm'])){
$tabs_permissions=TabPanelPermissions::getRoleModules(array_var($user_data, 'type'));
$_POST['mod_perm']=array();
foreach($tabs_permissions as $pr){
$_POST['mod_perm'][$pr]=1;
}
}
$password = '';
if (array_var($user_data, 'password_generator') == 'specify') {
$perform_password_validation = true;
// Validate input
$password = array_var($user_data, 'password');
if (trim($password) == '') {
throw new Error(lang('password value required'));
} // if
if ($password <> array_var($user_data, 'password_a')) {
throw new Error(lang('passwords dont match'));
} // if
} else {
$user_data['password_generator'] = 'link';
$perform_password_validation = false;
}
$contact->setPassword($password);
$contact->save();
$user_password = new ContactPassword();
$user_password->setContactId($contact->getId());
$user_password->setPasswordDate(DateTimeValueLib::now());
$user_password->setPassword(cp_encrypt($password, $user_password->getPasswordDate()->getTimestamp()));
$user_password->password_temp = $password;
$user_password->perform_validation = $perform_password_validation;
$user_password->save();
if (array_var($user_data, 'autodetect_time_zone', 1) == 1) {
set_user_config_option('autodetect_time_zone', 1, $contact->getId());
}
/* create contact for this user*/
ApplicationLogs::createLog($contact, ApplicationLogs::ACTION_ADD);
// Set role permissions for active members
$active_context = active_context();
$sel_members = array();
foreach ($active_context as $selection) {
if ($selection instanceof Member) {
$sel_members[] = $selection;
$has_project_permissions = ContactMemberPermissions::instance()->count("permission_group_id = '".$contact->getPermissionGroupId()."' AND member_id = ".$selection->getId()) > 0;
if (!$has_project_permissions) {
RoleObjectTypePermissions::createDefaultUserPermissions($contact, $selection);
}
}
}
save_permissions($contact->getPermissionGroupId(), $contact->isGuest());
Hook::fire('after_user_add', $contact, $null);
// add user content object to associated members
if (count($sel_members) > 0) {
ObjectMembers::addObjectToMembers($contact->getId(), $sel_members);
$contact->addToSharingTable();
}
// Send notification
try {
if (array_var($user_data, 'send_email_notification') && $contact->getEmailAddress()) {
if (array_var($user_data, 'password_generator', 'link') == 'link') {
// Generate link password
$user = Contacts::getByEmail(array_var($user_data, 'email'));
$token = sha1(gen_id() . (defined('SEED') ? SEED : ''));
$timestamp = time() + 60*60*24;
set_user_config_option('reset_password', $token . ";" . $timestamp, $user->getId());
Notifier::newUserAccountLinkPassword($contact, $password, $token);
} else {
Notifier::newUserAccount($contact, $password);
}
}
} catch(Exception $e) {
Logger::log($e->getTraceAsString());
} // try
return $contact;
}
/**
* Return true is $user can access an $object. False otherwise.
*
* @param Contact $user
* @param array $members
* @param $object_type_id
* @return boolean
*/
function can_access(Contact $user, $members, $object_type_id, $access_level, $allow_super_admin = true)
{
if ($allow_super_admin && $user->isAdministrator()) {
return true;
}
$write = $access_level == ACCESS_LEVEL_WRITE;
$delete = $access_level == ACCESS_LEVEL_DELETE;
if ($user->isGuest() && $access_level != ACCESS_LEVEL_READ) {
return false;
}
try {
$contact_pg_ids = ContactPermissionGroups::getPermissionGroupIdsByContactCSV($user->getId(), false);
$allow_all_cache = array();
$dimension_query_methods = array();
// if no manageable member then check if user has permissions wihout classifying
$manageable_members = array();
foreach ($members as $mem) {
if ($mem instanceof Member && $mem->getDimension()->getIsManageable() && $mem->getDimension()->getDefinesPermissions()) {
$manageable_members[] = $mem->getId();
}
}
if (count($manageable_members) == 0) {
$return = false;
if (config_option('let_users_create_objects_in_root') && $contact_pg_ids != "" && ($user->isAdminGroup() || $user->isExecutive() || $user->isManager())) {
$cond = $delete ? 'AND can_delete = 1' : ($write ? 'AND can_write = 1' : '');
$cmp = ContactMemberPermissions::findOne(array('conditions' => "member_id=0 AND object_type_id={$object_type_id} AND permission_group_id IN ({$contact_pg_ids}) {$cond}"));
$return = $cmp instanceof ContactMemberPermission;
}
return $return;
}
$max_role_ot_perm = MaxRoleObjectTypePermissions::instance()->findOne(array('conditions' => "object_type_id='{$object_type_id}' AND role_id = '" . $user->getUserType() . "'"));
$enabled_dimensions = config_option('enabled_dimensions');
$dimension_permissions = array();
foreach ($members as $k => $m) {
if (!$m instanceof Member) {
unset($members[$k]);
continue;
}
$dimension = $m->getDimension();
if (!$dimension->getDefinesPermissions() || !in_array($dimension->getId(), $enabled_dimensions)) {
continue;
}
$dimension_id = $dimension->getId();
if (!isset($dimension_permissions[$dimension_id])) {
$dimension_permissions[$dimension_id] = false;
}
if (!$dimension_permissions[$dimension_id]) {
if ($m->canContainObject($object_type_id)) {
if (!isset($dimension_query_methods[$dimension->getId()])) {
$dimension_query_methods[$dimension->getId()] = $dimension->getPermissionQueryMethod();
}
//dimension defines permissions and user has maximum level of permissions
if (isset($allow_all_cache[$dimension_id])) {
$allow_all = $allow_all_cache[$dimension_id];
} else {
$allow_all = $dimension->hasAllowAllForContact($contact_pg_ids);
$allow_all_cache[$dimension_id] = $allow_all;
}
if ($allow_all) {
$dimension_permissions[$dimension_id] = true;
}
//check individual members
if (!$dimension_permissions[$dimension_id] && ContactMemberPermissions::contactCanReadObjectTypeinMember($contact_pg_ids, $m->getId(), $object_type_id, $write, $delete, $user)) {
if ($max_role_ot_perm) {
if ($access_level == ACCESS_LEVEL_DELETE && $max_role_ot_perm->getCanDelete() || $access_level == ACCESS_LEVEL_WRITE && $max_role_ot_perm->getCanWrite() || $access_level == ACCESS_LEVEL_READ) {
$dimension_permissions[$dimension_id] = true;
}
}
}
} else {
unset($dimension_permissions[$dimension_id]);
}
}
}
$allowed = true;
// check that user has permissions in all mandatory query method dimensions
$mandatory_count = 0;
foreach ($dimension_query_methods as $dim_id => $qmethod) {
if (!in_array($dim_id, $enabled_dimensions)) {
continue;
}
if ($qmethod == DIMENSION_PERMISSION_QUERY_METHOD_MANDATORY) {
$mandatory_count++;
if (!array_var($dimension_permissions, $dim_id)) {
// if one of the members belong to a mandatory dimension and user does not have permissions on it then return false
return false;
}
}
}
// If no members in mandatory dimensions then check for not mandatory ones
if ($allowed && $mandatory_count == 0) {
foreach ($dimension_query_methods as $dim_id => $qmethod) {
if ($qmethod == DIMENSION_PERMISSION_QUERY_METHOD_NOT_MANDATORY) {
if (array_var($dimension_permissions, $dim_id)) {
// if has permissions over any member of a non mandatory dimension then return true
return true;
} else {
$allowed = false;
}
}
}
}
if ($allowed && count($dimension_permissions)) {
return true;
}
// Si hasta aca tienen perm en todas las dim, return true. Si hay alguna que no tiene perm sigo
//Check Context Permissions
$member_ids = array();
foreach ($members as $member_obj) {
$member_ids[] = $member_obj->getId();
}
$allowed_members = ContactMemberPermissions::getActiveContextPermissions($user, $object_type_id, $members, $member_ids, $write, $delete);
$count = 0;
foreach ($members as $m) {
$count++;
if (!in_array($m->getId(), $allowed_members)) {
return false;
} else {
if ($count == count($members)) {
return true;
}
}
}
} catch (Exception $e) {
tpl_assign('error', $e);
return false;
}
return false;
}
