/** * function to generate the where condition for the user. * While displaying data in the list view data may appear from lower level users in the hierarchy. * For each user when the condition is to be generated, first get the subordinate user if any * And then generate the condition. Each table (entity - contacts,leads,potentials etc) will have * iduser representing who is owner of the record. * @param string $entity_table_name * @param integer $idmodule * @param boolean $subordinate_users_data * @param integer $iduser * @see modules/User/User.class.php */ public function get_user_where_condition($entity_table_name, $idmodule, $subordinate_users_data = true, $iduser = '') { if ($iduser == '') { $iduser = $_SESSION["do_user"]->iduser; } $module_data_share_permissions = $_SESSION["do_user"]->get_module_data_share_permissions(); $where = ''; //if($idmodule == 7 ) return " where 1=1 "; if ($subordinate_users_data === true) { if ($module_data_share_permissions[$idmodule] == 5) { return " AND `" . $entity_table_name . "`.`iduser` = " . $iduser; } if ($_SESSION["do_user"]->is_admin == 1) { return ""; } } if ($module_data_share_permissions[$idmodule] == 1 || $module_data_share_permissions[$idmodule] == 2 || $module_data_share_permissions[$idmodule] == 3) { // if the datashare permission is public then display all $where = ''; } elseif ($module_data_share_permissions[$idmodule] == 5) { $where = " AND `" . $entity_table_name . "`.`iduser` = " . $iduser; } else { if ($_SESSION["do_user"]->iduser > 0) { $subordinate_users = $_SESSION["do_user"]->get_subordinate_users(); $user_to_groups = $_SESSION["do_user"]->get_user_associated_to_groups(); } else { $do_user = new User(); $do_group_user_rel = new GroupUserRelation(); $subordinate_users = $do_user->get_subordinate_users_by_iduser($iduser); $user_to_groups = $do_group_user_rel->get_groups_by_user($iduser, $subordinate_users); } $group_qry = false; if (is_array($user_to_groups) && count($user_to_groups) > 0) { $do_module = new Module(); $do_module->getId($idmodule); $module_name = $do_module->name; $entity_object = new $module_name(); if ($entity_object->module_group_rel_table != '') { $group_qry = true; } } if (is_array($subordinate_users) && count($subordinate_users) > 0 && $subordinate_users_data === true) { $unique_subordinate_users = array_unique($subordinate_users); $comma_seperated_subordinate_users = implode(",", $unique_subordinate_users); if ($group_qry === true) { $where = " \n\t\t\t\t\tAND \n\t\t\t\t\t(\n\t\t\t\t\t\t( " . $entity_table_name . ".iduser = "******" \n\t\t\t\t\t\t\tOR " . $entity_table_name . ".iduser IN (" . $comma_seperated_subordinate_users . ") \n\t\t\t\t\t\t)\n\t\t\t\t\t\tOR (" . $entity_object->module_group_rel_table . ".idgroup in (" . implode(",", $user_to_groups) . ") )\n\t\t\t\t\t)"; } else { $where = " AND ( " . $entity_table_name . ".iduser = "******" OR " . $entity_table_name . ".iduser IN (" . $comma_seperated_subordinate_users . ") )"; } } else { if ($group_qry === true) { $where = " AND ( " . $entity_table_name . ".iduser = "******" OR " . $entity_object->module_group_rel_table . ".idgroup in (" . implode(",", $user_to_groups) . ") )"; } else { $where = " AND " . $entity_table_name . ".iduser = " . $iduser; } } } return $where; }
/** * function to set the different privileges for the CRM * the privileges are all defined on the profile so loading all the different privileges * sets the data in the form of an arrray in the persistent user object so that the data is * available across the CRM in the current session. * NOTE : any change in the profile permissions would require the user to logout so that on next * login the new privileges are loaded again and become available for the current session. * This idea is to ignore same set of queries again and again for each time the privileges are checked * @see User::eventLogin() */ protected function set_user_crm_privileges() { $do_roles = new Roles(); //Get the role details of the user $role_id = $this->idrole; $this->set_user_role_info($do_roles->get_role_detail($role_id)); // Set the groups to which the user is associated $do_group_user_rel = new GroupUserRelation(); $this->set_user_associated_to_groups($do_group_user_rel->get_groups_by_user($_SESSION["do_user"]->iduser, array(), true)); // Now lets find the profile and actual permissions set in the profile $do_profile = new Profile(); $do_role_profile_rel = new RoleProfileRelation(); $do_module_standard_permission = new ModuleStandardPermission(); $do_role_profile_rel->get_pofiles_related_to_role($role_id); $module_permissions = array(); $module_standard_permissions_per_profile_array = array(); if ($do_role_profile_rel->getNumRows() > 0) { $associated_profiles = array(); while ($do_role_profile_rel->next()) { $associated_profiles[] = $do_role_profile_rel->idprofile; } // Loading the active modules for the CRM available. The object "do_module" is persistent and is instantiated in module.php if (!is_object($_SESSION["do_module"])) { $do_module = new Module(); $do_module->sessionPersistent("do_module", "logout.php", TTL); $_SESSION["do_module"]->load_active_modules(); } $active_modules = $_SESSION["do_module"]->get_active_modules_for_crm(); // variables to hold the permissions when user is associated with multiple roles $profile_standard_permission_rel_previous = array(); $profile_module_rel_previous = array(); foreach ($associated_profiles as $idprofile) { // Getting all the module standard permissions vailable to the profile $profile_standard_permission_rel = $do_profile->get_all_module_standard_permissions($idprofile); // Getting if the module is permitted for the profile $profile_module_rel = $do_profile->get_all_module_permissions($idprofile); foreach ($active_modules as $module => $idmodule) { if (array_key_exists($profile_module_rel[$idmodule], $profile_module_rel)) { if (count($profile_module_rel_previous) > 0 && array_key_exists($profile_module_rel_previous[$idmodule], $profile_module_rel_previous)) { if ($profile_module_rel_previous[$idmodule] > $module_permissions[$idmodule]["module_permission"]) { $module_permissions[$idmodule]["module_permission"] = $profile_module_rel_previous[$idmodule]; } else { $module_permissions[$idmodule]["module_permission"] = $profile_module_rel[$idmodule]; } } else { $module_permissions[$idmodule]["module_permission"] = $profile_module_rel[$idmodule]; } $profile_module_rel_previous[$idmodule] = $profile_module_rel[$idmodule]; } // Loading the module standard permissions $do_module_standard_permission->get_module_standard_permissions($idmodule); if ($do_module_standard_permission->getNumRows() > 0) { while ($do_module_standard_permission->next()) { if (array_key_exists($profile_standard_permission_rel[$idmodule][$do_module_standard_permission->idstandard_permission], $profile_standard_permission_rel)) { if (count($profile_standard_permission_rel_previous) > 0 && array_key_exists($profile_standard_permission_rel_previous[$idmodule][$do_module_standard_permission->idstandard_permission], $profile_standard_permission_rel_previous)) { if ($profile_standard_permission_rel_previous[$idmodule][$do_module_standard_permission->idstandard_permission] > $profile_standard_permission_rel[$idmodule][$do_module_standard_permission->idstandard_permission]) { $module_standard_permissions_per_profile_array[$idmodule][$do_module_standard_permission->idstandard_permission] = $profile_standard_permission_rel_previous[$idmodule][$do_module_standard_permission->idstandard_permission]; } else { $module_standard_permissions_per_profile_array[$idmodule][$do_module_standard_permission->idstandard_permission] = $profile_standard_permission_rel[$idmodule][$do_module_standard_permission->idstandard_permission]; } } else { $module_standard_permissions_per_profile_array[$idmodule][$do_module_standard_permission->idstandard_permission] = $profile_standard_permission_rel[$idmodule][$do_module_standard_permission->idstandard_permission]; } $profile_standard_permission_rel_previous[$idmodule][$do_module_standard_permission->idstandard_permission] = $profile_standard_permission_rel[$idmodule][$do_module_standard_permission->idstandard_permission]; } } } else { $module_standard_permissions_per_profile_array[$idmodule][2] = 1; } } } foreach ($module_standard_permissions_per_profile_array as $idmodule => $standard_permissions) { $module_permissions[$idmodule]["standard_permissions"] = $standard_permissions; } } $this->set_user_module_privileges($module_permissions); }
/** * function to get all the users including the lookup user and groups associated via hierarchy * @param integer $iduser * @param boolean $ignore_current_user * @param string $key , returned array key default pk primary_key */ public function get_users_and_groups($iduser, $ignore_current_user = false, $key = 'pk') { $users_array = array(); $groups_array = array(); if ($iduser == 0) { $iduser = $_SESSION["do_user"]->iduser; } $users = $this->get_userids($iduser, $ignore_current_user); $do_group_user_rel = new GroupUserRelation(); $groups = $do_group_user_rel->get_groups_by_user($iduser, array(), true); if (is_array($users) && count($users) > 0) { $qry = "\n\t\t\tselect `iduser`,`user_name`,`firstname`,`lastname`\n\t\t\tfrom user \n\t\t\twhere `iduser` in (" . implode(",", $users) . ")\n\t\t\t"; $stmt = $this->getDbConnection()->executeQuery($qry); if ($stmt->rowCount() > 0) { while ($data = $stmt->fetch()) { if ($key == 'pk') { $users_array[$data["iduser"]] = array("firstname" => $data["firstname"], "lastname" => $data["lastname"], "user_name" => $data["user_name"]); } else { $users_array[$data["user_name"]] = array("firstname" => $data["firstname"], "lastname" => $data["lastname"], "iduser" => $data["iduser"]); } } } } if (is_array($groups) && count($groups) > 0) { $qry = "select `idgroup`,`group_name` from `group`\n\t\t\twhere `idgroup` in (" . implode(",", $groups) . ")\n\t\t\t"; $stmt = $this->getDbConnection()->executeQuery($qry); if ($stmt->rowCount() > 0) { while ($data = $stmt->fetch()) { if ($key == 'pk') { $groups_array[$data["idgroup"]] = array("group_name" => $data["group_name"]); } else { $groups_array[$data["group_name"]] = array("idgroup" => $data["idgroup"]); } } } } return array("users" => $users_array, "groups" => $groups_array); }