function saveMember($member_data, Member $member, $is_new = true) { try { DB::beginWork(); if (!$is_new) { $old_parent = $member->getParentMemberId(); } $member->setFromAttributes($member_data); /* @var $member Member */ $object_type = ObjectTypes::findById($member->getObjectTypeId()); if (!$object_type instanceof ObjectType) { throw new Exception(lang("you must select a valid object type")); } if ($member->getParentMemberId() == 0) { $dot = DimensionObjectTypes::findById(array('dimension_id' => $member->getDimensionId(), 'object_type_id' => $member->getObjectTypeId())); if (!$dot->getIsRoot()) { throw new Exception(lang("member cannot be root", lang($object_type->getName()))); } $member->setDepth(1); } else { $allowedParents = $this->getAssignableParents($member->getDimensionId(), $member->getObjectTypeId()); if (!$is_new) { $childrenIds = $member->getAllChildrenIds(true); } $hasValidParent = false; if ($member->getId() == $member->getParentMemberId() || !$is_new && in_array($member->getParentMemberId(), $childrenIds)) { throw new Exception(lang("invalid parent member")); } foreach ($allowedParents as $parent) { if ($parent['id'] == $member->getParentMemberId()) { $hasValidParent = true; break; } } if (!$hasValidParent) { throw new Exception(lang("invalid parent member")); } $parent = Members::findById($member->getParentMemberId()); if ($parent instanceof Member) { $member->setDepth($parent->getDepth() + 1); } else { $member->setDepth(1); } } if ($object_type->getType() == 'dimension_object') { $handler_class = $object_type->getHandlerClass(); if ($is_new || $member->getObjectId() == 0) { eval('$dimension_object = ' . $handler_class . '::instance()->newDimensionObject();'); } else { $dimension_object = Objects::findObject($member->getObjectId()); } if ($dimension_object) { $dimension_object->modifyMemberValidations($member); $dimension_obj_data = array_var($_POST, 'dim_obj'); if (!array_var($dimension_obj_data, 'name')) { $dimension_obj_data['name'] = $member->getName(); } eval('$fields = ' . $handler_class . '::getPublicColumns();'); foreach ($fields as $field) { if (array_var($field, 'type') == DATA_TYPE_DATETIME) { $dimension_obj_data[$field['col']] = getDateValue($dimension_obj_data[$field['col']]); } } $member->save(); $dimension_object->setFromAttributes($dimension_obj_data, $member); $dimension_object->save(); $member->setObjectId($dimension_object->getId()); $member->save(); Hook::fire("after_add_dimension_object_member", $member, $null); } } else { $member->save(); } // Other dimensions member restrictions $restricted_members = array_var($_POST, 'restricted_members'); if (is_array($restricted_members)) { MemberRestrictions::clearRestrictions($member->getId()); foreach ($restricted_members as $dim_id => $dim_members) { foreach ($dim_members as $mem_id => $member_restrictions) { $restricted = isset($member_restrictions['restricted']); if ($restricted) { $order_num = array_var($member_restrictions, 'order_num', 0); $member_restriction = new MemberRestriction(); $member_restriction->setMemberId($member->getId()); $member_restriction->setRestrictedMemberId($mem_id); $member_restriction->setOrder($order_num); $member_restriction->save(); } } } } // Save member property members (also check for required associations) if (array_var($_POST, 'save_properties')) { $required_association_ids = DimensionMemberAssociations::getRequiredAssociatations($member->getDimensionId(), $member->getObjectTypeId(), true); $missing_req_association_ids = array_fill_keys($required_association_ids, true); // if keeps record change is_active, if not delete record $old_properties = MemberPropertyMembers::getAssociatedPropertiesForMember($member->getId()); foreach ($old_properties as $property) { $association = DimensionMemberAssociations::findById($property->getAssociationId()); if (!$association->getKeepsRecord()) { $property->delete(); } } $new_properties = array(); $associated_members = array_var($_POST, 'associated_members', array()); foreach ($associated_members as $prop_member_id => $assoc_id) { $active_association = null; if (isset($missing_req_association_ids[$assoc_id])) { $missing_req_association_ids[$assoc_id] = false; } $conditions = "`association_id` = {$assoc_id} AND `member_id` = " . $member->getId() . " AND `is_active` = 1"; $active_associations = MemberPropertyMembers::find(array('conditions' => $conditions)); if (count($active_associations) > 0) { $active_association = $active_associations[0]; } $association = DimensionMemberAssociations::findById($assoc_id); if ($active_association instanceof MemberPropertyMember) { if ($active_association->getPropertyMemberId() != $prop_member_id) { if ($association->getKeepsRecord()) { $active_association->setIsActive(false); $active_association->save(); } // save current association $mpm = new MemberPropertyMember(); $mpm->setAssociationId($assoc_id); $mpm->setMemberId($member->getId()); $mpm->setPropertyMemberId($prop_member_id); $mpm->setIsActive(true); $mpm->save(); $new_properties[] = $mpm; } } else { // save current association $mpm = new MemberPropertyMember(); $mpm->setAssociationId($assoc_id); $mpm->setMemberId($member->getId()); $mpm->setPropertyMemberId($prop_member_id); $mpm->setIsActive(true); $mpm->save(); $new_properties[] = $mpm; } } $missing_names = array(); $missing_count = 0; foreach ($missing_req_association_ids as $assoc => $missing) { $assoc_instance = DimensionMemberAssociations::findById($assoc); if ($assoc_instance instanceof DimensionMemberAssociation) { $assoc_dim = Dimensions::getDimensionById($assoc_instance->getAssociatedDimensionMemberAssociationId()); if ($assoc_dim instanceof Dimension) { if (!in_array($assoc_dim->getName(), $missing_names)) { $missing_names[] = $assoc_dim->getName(); } } } if ($missing) { $missing_count++; } } if ($missing_count > 0) { throw new Exception(lang("missing required associations", implode(", ", $missing_names))); } $args = array($member, $old_properties, $new_properties); Hook::fire('edit_member_properties', $args, $ret); } if ($is_new) { // set all permissions for the creator $dimension = $member->getDimension(); $allowed_object_types = array(); $dim_obj_types = $dimension->getAllowedObjectTypeContents(); foreach ($dim_obj_types as $dim_obj_type) { // To draw a row for each object type of the dimension if (!in_array($dim_obj_type->getContentObjectTypeId(), $allowed_object_types) && $dim_obj_type->getDimensionObjectTypeId() == $member->getObjectTypeId()) { $allowed_object_types[] = $dim_obj_type->getContentObjectTypeId(); } } $allowed_object_types[] = $object_type->getId(); foreach ($allowed_object_types as $ot) { $cmp = ContactMemberPermissions::findOne(array('conditions' => 'permission_group_id = ' . logged_user()->getPermissionGroupId() . ' AND member_id = ' . $member->getId() . ' AND object_type_id = ' . $ot)); if (!$cmp instanceof ContactMemberPermission) { $cmp = new ContactMemberPermission(); $cmp->setPermissionGroupId(logged_user()->getPermissionGroupId()); $cmp->setMemberId($member->getId()); $cmp->setObjectTypeId($ot); } $cmp->setCanWrite(1); $cmp->setCanDelete(1); $cmp->save(); } // set all permissions for permission groups that has allow all in the dimension $permission_groups = ContactDimensionPermissions::findAll(array("conditions" => array("`dimension_id` = ? AND `permission_type` = 'allow all'", $dimension->getId()))); if (is_array($permission_groups)) { foreach ($permission_groups as $pg) { foreach ($allowed_object_types as $ot) { $cmp = ContactMemberPermissions::findById(array('permission_group_id' => $pg->getPermissionGroupId(), 'member_id' => $member->getId(), 'object_type_id' => $ot)); if (!$cmp instanceof ContactMemberPermission) { $cmp = new ContactMemberPermission(); $cmp->setPermissionGroupId($pg->getPermissionGroupId()); $cmp->setMemberId($member->getId()); $cmp->setObjectTypeId($ot); } $cmp->setCanWrite(1); $cmp->setCanDelete(1); $cmp->save(); } } } // Inherit permissions from parent node, if they are not already set if ($member->getDepth() && $member->getParentMember()) { $parentNodeId = $member->getParentMember()->getId(); $condition = "member_id = {$parentNodeId}"; foreach (ContactMemberPermissions::instance()->findAll(array("conditions" => $condition)) as $parentPermission) { /* @var $parentPermission ContactMemberPermission */ $g = $parentPermission->getPermissionGroupId(); $t = $parentPermission->getObjectTypeId(); $w = $parentPermission->getCanWrite(); $d = $parentPermission->getCanDelete(); $existsCondition = "member_id = " . $member->getId() . " AND permission_group_id= {$g} AND object_type_id = {$t}"; if (!ContactMemberPermissions::instance()->count(array("conditions" => $existsCondition))) { $newPermission = new ContactMemberPermission(); $newPermission->setPermissionGroupId($g); $newPermission->setObjectTypeId($t); $newPermission->setCanWrite($w); $newPermission->setCanDelete($d); $newPermission->setMemberId($member->getId()); $newPermission->save(); } } } // Fill sharing table if is a dimension object (after permission creation); if (isset($dimension_object) && $dimension_object instanceof ContentDataObject) { $dimension_object->addToSharingTable(); } } else { // if parent changed rebuild object_members for every object in this member if ($old_parent != $member->getParentMemberId()) { $sql = "SELECT om.object_id FROM " . TABLE_PREFIX . "object_members om WHERE om.member_id=" . $member->getId(); $object_ids = DB::executeAll($sql); if (!is_array($object_ids)) { $object_ids = array(); } foreach ($object_ids as $row) { $content_object = Objects::findObject($row['object_id']); if (!$content_object instanceof ContentDataObject) { continue; } $parent_ids = array(); if ($old_parent > 0) { $all_parents = Members::findById($old_parent)->getAllParentMembersInHierarchy(true); foreach ($all_parents as $p) { $parent_ids[] = $p->getId(); } if (count($parent_ids) > 0) { DB::execute("DELETE FROM " . TABLE_PREFIX . "object_members WHERE object_id=" . $content_object->getId() . " AND member_id IN (" . implode(",", $parent_ids) . ")"); } } $content_object->addToMembers(array($member)); $content_object->addToSharingTable(); } } } DB::commit(); flash_success(lang('success save member', lang(ObjectTypes::findById($member->getObjectTypeId())->getName()), $member->getName())); ajx_current("back"); // Add od to array on new members if ($is_new) { $member_data['member_id'] = $member->getId(); } evt_add("after member save", $member_data); return $member; } catch (Exception $e) { DB::rollback(); flash_error($e->getMessage()); ajx_current("empty"); } }
/** * Finish the installation - create owner company and administrator * * @param void * @return null */ function complete_installation() { if (Contacts::getOwnerCompany() instanceof Contact) { die('Owner company already exists'); // Somebody is trying to access this method even if the user already exists } // if $form_data = array_var($_POST, 'form'); tpl_assign('form_data', $form_data); if (array_var($form_data, 'submited') == 'submited') { try { $admin_password = trim(array_var($form_data, 'admin_password')); $admin_password_a = trim(array_var($form_data, 'admin_password_a')); if (trim($admin_password) == '') { throw new Error(lang('password value required')); } // if if ($admin_password != $admin_password_a) { throw new Error(lang('passwords dont match')); } // if DB::beginWork(); Contacts::delete(); // clear users table // Create a company $company = new Contact(); $company->setFirstName(array_var($form_data, 'company_name')); $company->setObjectName(); $company->setIsCompany(true); $company->save(); // Init default colors set_config_option('brand_colors_head_back', "424242"); set_config_option('brand_colors_tabs_back', "e7e7e7"); set_config_option('brand_colors_head_font', "FFFFFF"); set_config_option('brand_colors_tabs_font', "333333"); // Create the administrator user $administrator = new Contact(); $pergroup = PermissionGroups::findOne(array('conditions' => "`name`='Super Administrator'")); $administrator->setUserType($pergroup->getId()); $administrator->setCompanyId($company->getId()); $administrator->setUsername(array_var($form_data, 'admin_username')); $administrator->setPassword($admin_password); $administrator->setFirstname(array_var($form_data, 'admin_username')); $administrator->setObjectName(); $administrator->save(); $user_password = new ContactPassword(); $user_password->setContactId($administrator->getId()); $user_password->password_temp = $admin_password; $user_password->setPasswordDate(DateTimeValueLib::now()); $user_password->setPassword(cp_encrypt($admin_password, $user_password->getPasswordDate()->getTimestamp())); $user_password->save(); //Add email after save because is needed. $administrator->addEmail(array_var($form_data, 'admin_email'), 'personal', true); //permissions $permission_group = new PermissionGroup(); $permission_group->setName('Account Owner'); $permission_group->setContactId($administrator->getId()); $permission_group->setIsContext(false); $permission_group->setType("permission_groups"); $permission_group->save(); $administrator->setPermissionGroupId($permission_group->getId()); $administrator->save(); $company->setCreatedById($administrator->getId()); $company->setUpdatedById($administrator->getId()); $company->save(); $contact_pg = new ContactPermissionGroup(); $contact_pg->setContactId($administrator->getId()); $contact_pg->setPermissionGroupId($permission_group->getId()); $contact_pg->save(); // tab panel permissions $panels = TabPanels::getEnabled(); foreach ($panels as $panel) { $tpp = new TabPanelPermission(); $tpp->setPermissionGroupId($administrator->getPermissionGroupId()); $tpp->setTabPanelId($panel->getId()); $tpp->save(); } // dimension permissions $dimensions = Dimensions::findAll(); foreach ($dimensions as $dimension) { if ($dimension->getDefinesPermissions()) { $cdp = ContactDimensionPermissions::findOne(array("conditions" => "`permission_group_id` = " . $administrator->getPermissionGroupId() . " AND `dimension_id` = " . $dimension->getId())); if (!$cdp instanceof ContactDimensionPermission) { $cdp = new ContactDimensionPermission(); $cdp->setPermissionGroupId($administrator->getPermissionGroupId()); $cdp->setContactDimensionId($dimension->getId()); } $cdp->setPermissionType('allow all'); $cdp->save(); // contact member permisssion entries $members = $dimension->getAllMembers(); foreach ($members as $member) { $ots = DimensionObjectTypeContents::getContentObjectTypeIds($dimension->getId(), $member->getObjectTypeId()); $ots[] = $member->getObjectId(); foreach ($ots as $ot) { $cmp = ContactMemberPermissions::findOne(); if (!$cmp instanceof ContactMemberPermission) { $cmp = new ContactMemberPermission(array("conditions" => "`permission_group_id` = " . $administrator->getPermissionGroupId() . " AND `member_id` = " . $member->getId() . " AND `object_type_id` = {$ot}")); $cmp->setPermissionGroupId($administrator->getPermissionGroupId()); $cmp->setMemberId($member->getId()); $cmp->setObjectTypeId($ot); } $cmp->setCanWrite(1); $cmp->setCanDelete(1); $cmp->save(); } } } } // system permissions $sp = new SystemPermission(); $sp->setPermissionGroupId($administrator->getPermissionGroupId()); $sp->setAllPermissions(true); $sp->save(); // root permissions DB::executeAll("\r\n\t\t\t\tINSERT INTO " . TABLE_PREFIX . "contact_member_permissions (permission_group_id, member_id, object_type_id, can_delete, can_write)\r\n\t\t\t\t SELECT " . $administrator->getPermissionGroupId() . ", 0, rtp.object_type_id, rtp.can_delete, rtp.can_write FROM " . TABLE_PREFIX . "role_object_type_permissions rtp \r\n\t\t\t\t WHERE rtp.object_type_id NOT IN (SELECT id FROM " . TABLE_PREFIX . "object_types WHERE name IN ('mail','template','file_revision')) AND rtp.role_id in (\r\n\t\t\t\t SELECT pg.id FROM " . TABLE_PREFIX . "permission_groups pg WHERE pg.type='roles' AND pg.name IN ('Super Administrator','Administrator','Manager','Executive')\r\n\t\t\t\t )\r\n\t\t\t\tON DUPLICATE KEY UPDATE member_id=0;"); Hook::fire('after_user_add', $administrator, $null); DB::commit(); $this->redirectTo('access', 'login'); } catch (Exception $e) { tpl_assign('error', $e); DB::rollback(); } // try } // if }
/** * Finish the installation - create owner company and administrator * * @param void * @return null */ function complete_installation() { if(Contacts::getOwnerCompany() instanceof Contact) { die('Owner company already exists'); // Somebody is trying to access this method even if the user already exists } // if $form_data = array_var($_POST, 'form'); tpl_assign('form_data', $form_data); if(array_var($form_data, 'submited') == 'submited') { try { $admin_password = trim(array_var($form_data, 'admin_password')); $admin_password_a = trim(array_var($form_data, 'admin_password_a')); if(trim($admin_password) == '') { throw new Error(lang('password value required')); } // if if($admin_password <> $admin_password_a) { throw new Error(lang('passwords dont match')); } // if DB::beginWork(); Contacts::delete(); // clear users table // Create a company $company = new Contact(); $company->setFirstName(array_var($form_data, 'company_name')); $company->setObjectName(); $company->setIsCompany(true); $company->save(); // Init default colors set_config_option('brand_colors_head_back', "000000"); set_config_option('brand_colors_tabs_back', "14780e"); set_config_option('brand_colors_head_font', "ffffff"); set_config_option('brand_colors_tabs_font', "ffffff"); // Create the administrator user $administrator = new Contact(); $pergroup = PermissionGroups::findOne(array('conditions'=>"`name`='Super Administrator'")); $administrator->setUserType($pergroup->getId()); $administrator->setCompanyId($company->getId()); $administrator->setUsername(array_var($form_data, 'admin_username')); $administrator->setPassword($admin_password); $administrator->setFirstname(array_var($form_data, 'admin_username')); $administrator->setObjectName(); $administrator->save(); $user_password = new ContactPassword(); $user_password->setContactId($administrator->getId()); $user_password->password_temp = $admin_password; $user_password->setPasswordDate(DateTimeValueLib::now()); $user_password->setPassword(cp_encrypt($admin_password, $user_password->getPasswordDate()->getTimestamp())); $user_password->save(); //Add email after save because is needed. $administrator->addEmail(array_var($form_data, 'admin_email'), 'personal', true); //permissions $permission_group = new PermissionGroup(); $permission_group->setName('Account Owner'); $permission_group->setContactId($administrator->getId()); $permission_group->setIsContext(false); $permission_group->setType("permission_groups"); $permission_group->save(); $administrator->setPermissionGroupId($permission_group->getId()); $administrator->save(); $company->setCreatedById($administrator->getId()); $company->setUpdatedById($administrator->getId()); $company->save(); $contact_pg = new ContactPermissionGroup(); $contact_pg->setContactId($administrator->getId()); $contact_pg->setPermissionGroupId($permission_group->getId()); $contact_pg->save(); // tab panel permissions $panels = TabPanels::getEnabled(); foreach ($panels as $panel) { $tpp = new TabPanelPermission(); $tpp->setPermissionGroupId($administrator->getPermissionGroupId()); $tpp->setTabPanelId($panel->getId()); $tpp->save(); } // dimension permissions $dimensions = Dimensions::findAll(); foreach ($dimensions as $dimension) { if ($dimension->getDefinesPermissions()) { $cdp = ContactDimensionPermissions::findOne(array("conditions" => "`permission_group_id` = ".$administrator->getPermissionGroupId()." AND `dimension_id` = ".$dimension->getId())); if (!$cdp instanceof ContactDimensionPermission) { $cdp = new ContactDimensionPermission(); $cdp->setPermissionGroupId($administrator->getPermissionGroupId()); $cdp->setContactDimensionId($dimension->getId()); } $cdp->setPermissionType('allow all'); $cdp->save(); // contact member permisssion entries $members = $dimension->getAllMembers(); foreach ($members as $member) { $ots = DimensionObjectTypeContents::getContentObjectTypeIds($dimension->getId(), $member->getObjectTypeId()); $ots[]=$member->getObjectId(); foreach ($ots as $ot) { $cmp = ContactMemberPermissions::findOne(); if (!$cmp instanceof ContactMemberPermission) { $cmp = new ContactMemberPermission(array("conditions" => "`permission_group_id` = ".$administrator->getPermissionGroupId()." AND `member_id` = ".$member->getId()." AND `object_type_id` = $ot")); $cmp->setPermissionGroupId($administrator->getPermissionGroupId()); $cmp->setMemberId($member->getId()); $cmp->setObjectTypeId($ot); } $cmp->setCanWrite(1); $cmp->setCanDelete(1); $cmp->save(); } } } } // system permissions $sp = new SystemPermission(); $sp->setPermissionGroupId($administrator->getPermissionGroupId()); $sp->setAllPermissions(true); $sp->save(); Hook::fire('after_user_add', $administrator, $null); DB::commit(); $this->redirectTo('access', 'login'); } catch(Exception $e) { tpl_assign('error', $e); DB::rollback(); } // try } // if } // complete_installation
function create_user($user_data, $permissionsString) { // try to find contact by some properties $contact_id = array_var($user_data, "contact_id") ; $contact = Contacts::instance()->findById($contact_id) ; if (!is_valid_email(array_var($user_data, 'email'))) { throw new Exception(lang("email value is required")); } if (!$contact instanceof Contact) { // Create a new user $contact = new Contact(); $contact->setUsername(array_var($user_data, 'username')); $contact->setDisplayName(array_var($user_data, 'display_name')); $contact->setCompanyId(array_var($user_data, 'company_id')); $contact->setUserType(array_var($user_data, 'type')); $contact->setTimezone(array_var($user_data, 'timezone')); $contact->setFirstname($contact->getObjectName() != "" ? $contact->getObjectName() : $contact->getUsername()); $contact->setObjectName(); } else { // Create user from contact $contact->setUserType(array_var($user_data, 'type')); if (array_var($user_data, 'company_id')) { $contact->setCompanyId(array_var($user_data, 'company_id')); } $contact->setUsername(array_var($user_data, 'username')); $contact->setTimezone(array_var($user_data, 'timezone')); } $contact->save(); if (is_valid_email(array_var($user_data, 'email'))) { $contact->addEmail(array_var($user_data, 'email'), 'personal', true); } //permissions $permission_group = new PermissionGroup(); $permission_group->setName('User '.$contact->getId().' Personal'); $permission_group->setContactId($contact->getId()); $permission_group->setIsContext(false); $permission_group->setType("permission_groups"); $permission_group->save(); $contact->setPermissionGroupId($permission_group->getId()); $contact_pg = new ContactPermissionGroup(); $contact_pg->setContactId($contact->getId()); $contact_pg->setPermissionGroupId($permission_group->getId()); $contact_pg->save(); if ( can_manage_security(logged_user()) ) { $sp = new SystemPermission(); $rol_permissions=SystemPermissions::getRolePermissions(array_var($user_data, 'type')); foreach($rol_permissions as $pr){ $sp->setPermission($pr); } $sp->setPermissionGroupId($permission_group->getId()); $sp->setCanManageSecurity(array_var($user_data, 'can_manage_security')); $sp->setCanManageConfiguration(array_var($user_data, 'can_manage_configuration')); $sp->setCanManageTemplates(array_var($user_data, 'can_manage_templates')); $sp->setCanManageTime(array_var($user_data, 'can_manage_time')); $sp->setCanAddMailAccounts(array_var($user_data, 'can_add_mail_accounts')); $sp->setCanManageDimensions(array_var($user_data, 'can_manage_dimensions')); $sp->setCanManageDimensionMembers(array_var($user_data, 'can_manage_dimension_members')); $sp->setCanManageTasks(array_var($user_data, 'can_manage_tasks')); $sp->setCanTasksAssignee(array_var($user_data, 'can_task_assignee')); $sp->setCanManageBilling(array_var($user_data, 'can_manage_billing')); $sp->setCanViewBilling(array_var($user_data, 'can_view_billing')); Hook::fire('add_user_permissions', $sp, $other_permissions); if (!is_null($other_permissions) && is_array($other_permissions)) { foreach ($other_permissions as $k => $v) { $sp->setColumnValue($k, array_var($user_data, $k)); } } $sp->save(); if ($contact->isAdminGroup()) { // allow all un all dimensions if new user is admin $dimensions = Dimensions::findAll(); $permissions = array(); foreach ($dimensions as $dimension) { if ($dimension->getDefinesPermissions()) { $cdp = ContactDimensionPermissions::findOne(array("conditions" => "`permission_group_id` = ".$contact->getPermissionGroupId()." AND `dimension_id` = ".$dimension->getId())); if (!$cdp instanceof ContactDimensionPermission) { $cdp = new ContactDimensionPermission(); $cdp->setPermissionGroupId($contact->getPermissionGroupId()); $cdp->setContactDimensionId($dimension->getId()); } $cdp->setPermissionType('allow all'); $cdp->save(); // contact member permisssion entries $members = $dimension->getAllMembers(); foreach ($members as $member) { $ots = DimensionObjectTypeContents::getContentObjectTypeIds($dimension->getId(), $member->getObjectTypeId()); $ots[]=$member->getObjectId(); foreach ($ots as $ot) { $cmp = ContactMemberPermissions::findOne(array("conditions" => "`permission_group_id` = ".$contact->getPermissionGroupId()." AND `member_id` = ".$member->getId()." AND `object_type_id` = $ot")); if (!$cmp instanceof ContactMemberPermission) { $cmp = new ContactMemberPermission(); $cmp->setPermissionGroupId($contact->getPermissionGroupId()); $cmp->setMemberId($member->getId()); $cmp->setObjectTypeId($ot); } $cmp->setCanWrite(1); $cmp->setCanDelete(1); $cmp->save(); // Add persmissions to sharing table $perm = new stdClass(); $perm->m = $member->getId(); $perm->r= 1; $perm->w= 1; $perm->d= 1; $perm->o= $ot; $permissions[] = $perm ; } } } } if(count($permissions)){ $sharingTableController = new SharingTableController(); $sharingTableController->afterPermissionChanged($contact->getPermissionGroupId(), $permissions); } } } if(!isset($_POST['sys_perm'])){ $rol_permissions=SystemPermissions::getRolePermissions(array_var($user_data, 'type')); $_POST['sys_perm']=array(); foreach($rol_permissions as $pr){ $_POST['sys_perm'][$pr]=1; } } if(!isset($_POST['mod_perm'])){ $tabs_permissions=TabPanelPermissions::getRoleModules(array_var($user_data, 'type')); $_POST['mod_perm']=array(); foreach($tabs_permissions as $pr){ $_POST['mod_perm'][$pr]=1; } } $password = ''; if (array_var($user_data, 'password_generator') == 'specify') { $perform_password_validation = true; // Validate input $password = array_var($user_data, 'password'); if (trim($password) == '') { throw new Error(lang('password value required')); } // if if ($password <> array_var($user_data, 'password_a')) { throw new Error(lang('passwords dont match')); } // if } else { $user_data['password_generator'] = 'link'; $perform_password_validation = false; } $contact->setPassword($password); $contact->save(); $user_password = new ContactPassword(); $user_password->setContactId($contact->getId()); $user_password->setPasswordDate(DateTimeValueLib::now()); $user_password->setPassword(cp_encrypt($password, $user_password->getPasswordDate()->getTimestamp())); $user_password->password_temp = $password; $user_password->perform_validation = $perform_password_validation; $user_password->save(); if (array_var($user_data, 'autodetect_time_zone', 1) == 1) { set_user_config_option('autodetect_time_zone', 1, $contact->getId()); } /* create contact for this user*/ ApplicationLogs::createLog($contact, ApplicationLogs::ACTION_ADD); // Set role permissions for active members $active_context = active_context(); $sel_members = array(); foreach ($active_context as $selection) { if ($selection instanceof Member) { $sel_members[] = $selection; $has_project_permissions = ContactMemberPermissions::instance()->count("permission_group_id = '".$contact->getPermissionGroupId()."' AND member_id = ".$selection->getId()) > 0; if (!$has_project_permissions) { RoleObjectTypePermissions::createDefaultUserPermissions($contact, $selection); } } } save_permissions($contact->getPermissionGroupId(), $contact->isGuest()); Hook::fire('after_user_add', $contact, $null); // add user content object to associated members if (count($sel_members) > 0) { ObjectMembers::addObjectToMembers($contact->getId(), $sel_members); $contact->addToSharingTable(); } // Send notification try { if (array_var($user_data, 'send_email_notification') && $contact->getEmailAddress()) { if (array_var($user_data, 'password_generator', 'link') == 'link') { // Generate link password $user = Contacts::getByEmail(array_var($user_data, 'email')); $token = sha1(gen_id() . (defined('SEED') ? SEED : '')); $timestamp = time() + 60*60*24; set_user_config_option('reset_password', $token . ";" . $timestamp, $user->getId()); Notifier::newUserAccountLinkPassword($contact, $password, $token); } else { Notifier::newUserAccount($contact, $password); } } } catch(Exception $e) { Logger::log($e->getTraceAsString()); } // try return $contact; }
/** * Return true is $user can access an $object. False otherwise. * * @param Contact $user * @param array $members * @param $object_type_id * @return boolean */ function can_access(Contact $user, $members, $object_type_id, $access_level, $allow_super_admin = true) { if ($allow_super_admin && $user->isAdministrator()) { return true; } $write = $access_level == ACCESS_LEVEL_WRITE; $delete = $access_level == ACCESS_LEVEL_DELETE; if ($user->isGuest() && $access_level != ACCESS_LEVEL_READ) { return false; } try { $contact_pg_ids = ContactPermissionGroups::getPermissionGroupIdsByContactCSV($user->getId(), false); $allow_all_cache = array(); $dimension_query_methods = array(); // if no manageable member then check if user has permissions wihout classifying $manageable_members = array(); foreach ($members as $mem) { if ($mem instanceof Member && $mem->getDimension()->getIsManageable() && $mem->getDimension()->getDefinesPermissions()) { $manageable_members[] = $mem->getId(); } } if (count($manageable_members) == 0) { $return = false; if (config_option('let_users_create_objects_in_root') && $contact_pg_ids != "" && ($user->isAdminGroup() || $user->isExecutive() || $user->isManager())) { $cond = $delete ? 'AND can_delete = 1' : ($write ? 'AND can_write = 1' : ''); $cmp = ContactMemberPermissions::findOne(array('conditions' => "member_id=0 AND object_type_id={$object_type_id} AND permission_group_id IN ({$contact_pg_ids}) {$cond}")); $return = $cmp instanceof ContactMemberPermission; } return $return; } $max_role_ot_perm = MaxRoleObjectTypePermissions::instance()->findOne(array('conditions' => "object_type_id='{$object_type_id}' AND role_id = '" . $user->getUserType() . "'")); $enabled_dimensions = config_option('enabled_dimensions'); $dimension_permissions = array(); foreach ($members as $k => $m) { if (!$m instanceof Member) { unset($members[$k]); continue; } $dimension = $m->getDimension(); if (!$dimension->getDefinesPermissions() || !in_array($dimension->getId(), $enabled_dimensions)) { continue; } $dimension_id = $dimension->getId(); if (!isset($dimension_permissions[$dimension_id])) { $dimension_permissions[$dimension_id] = false; } if (!$dimension_permissions[$dimension_id]) { if ($m->canContainObject($object_type_id)) { if (!isset($dimension_query_methods[$dimension->getId()])) { $dimension_query_methods[$dimension->getId()] = $dimension->getPermissionQueryMethod(); } //dimension defines permissions and user has maximum level of permissions if (isset($allow_all_cache[$dimension_id])) { $allow_all = $allow_all_cache[$dimension_id]; } else { $allow_all = $dimension->hasAllowAllForContact($contact_pg_ids); $allow_all_cache[$dimension_id] = $allow_all; } if ($allow_all) { $dimension_permissions[$dimension_id] = true; } //check individual members if (!$dimension_permissions[$dimension_id] && ContactMemberPermissions::contactCanReadObjectTypeinMember($contact_pg_ids, $m->getId(), $object_type_id, $write, $delete, $user)) { if ($max_role_ot_perm) { if ($access_level == ACCESS_LEVEL_DELETE && $max_role_ot_perm->getCanDelete() || $access_level == ACCESS_LEVEL_WRITE && $max_role_ot_perm->getCanWrite() || $access_level == ACCESS_LEVEL_READ) { $dimension_permissions[$dimension_id] = true; } } } } else { unset($dimension_permissions[$dimension_id]); } } } $allowed = true; // check that user has permissions in all mandatory query method dimensions $mandatory_count = 0; foreach ($dimension_query_methods as $dim_id => $qmethod) { if (!in_array($dim_id, $enabled_dimensions)) { continue; } if ($qmethod == DIMENSION_PERMISSION_QUERY_METHOD_MANDATORY) { $mandatory_count++; if (!array_var($dimension_permissions, $dim_id)) { // if one of the members belong to a mandatory dimension and user does not have permissions on it then return false return false; } } } // If no members in mandatory dimensions then check for not mandatory ones if ($allowed && $mandatory_count == 0) { foreach ($dimension_query_methods as $dim_id => $qmethod) { if ($qmethod == DIMENSION_PERMISSION_QUERY_METHOD_NOT_MANDATORY) { if (array_var($dimension_permissions, $dim_id)) { // if has permissions over any member of a non mandatory dimension then return true return true; } else { $allowed = false; } } } } if ($allowed && count($dimension_permissions)) { return true; } // Si hasta aca tienen perm en todas las dim, return true. Si hay alguna que no tiene perm sigo //Check Context Permissions $member_ids = array(); foreach ($members as $member_obj) { $member_ids[] = $member_obj->getId(); } $allowed_members = ContactMemberPermissions::getActiveContextPermissions($user, $object_type_id, $members, $member_ids, $write, $delete); $count = 0; foreach ($members as $m) { $count++; if (!in_array($m->getId(), $allowed_members)) { return false; } else { if ($count == count($members)) { return true; } } } } catch (Exception $e) { tpl_assign('error', $e); return false; } return false; }