function list_members() { if (!logged_user()->isAdminGroup()) { flash_error(lang('no access permissions')); ajx_current("empty"); return; } ajx_set_no_toolbar(); $dim_id = array_var($_REQUEST, 'dim', 0); $dimension = Dimensions::findById($dim_id); if (!$dimension instanceof Dimension) { flash_error(lang('dimension snx')); ajx_current("empty"); return; } if (isset($_REQUEST['page'])) { ajx_replace(true); } // parameters $page = array_var($_REQUEST, 'page'); $order_by = array_var($_REQUEST, 'order'); $order_by_dir = array_var($_REQUEST, 'order_dir'); // pagination params $items_x_page = array_var($_REQUEST, 'items_x_page', 20); if (!$page) { $page = 1; } $offset = $items_x_page * ($page - 1); // order defaults if (!$order_by) { $order_by = 'name'; } if (!in_array($order_by_dir, array('ASC', 'DESC'))) { $order_by_dir = 'ASC'; } // this function already checks dimension options $dim_name = $dimension->getName(); // permissions sql $perm_sql = ""; if ($dimension->getDefinesPermissions() && !logged_user()->isAdministrator()) { $pg_ids = logged_user()->getPermissionGroupIds(); $perm_sql = " AND EXISTS (SELECT cmp.member_id FROM " . TABLE_PREFIX . "contact_member_permissions cmp WHERE cmp.member_id=m.id AND cmp.permission_group_id IN (" . implode(',', $pg_ids) . "))"; } $main_sql = "SELECT m.id, l.created_on, l.created_by_id, l.member_id FROM " . TABLE_PREFIX . "members m LEFT JOIN " . TABLE_PREFIX . "application_logs l ON l.member_id=m.id AND l.action='add' WHERE m.dimension_id='{$dim_id}' {$perm_sql}"; $sql = "{$main_sql}\r\n\t\t\t\tORDER BY {$order_by} {$order_by_dir} \r\n\t\t\t\tLIMIT {$offset}, {$items_x_page}"; $rows = DB::executeAll($sql); $count_sql = str_replace("SELECT m.id, l.created_on, l.created_by_id, l.member_id FROM", "SELECT count(*) as total FROM", $main_sql); $count_row = DB::executeAll($count_sql); $members = array(); $ids = array(); $log_data = array(); foreach ($rows as $row) { $members[] = Members::findById($row['id']); $log_data[$row['id']] = array('created_on' => $row['created_on'], 'created_by_id' => $row['created_by_id']); } $member_type_ids = array_flat(DB::executeAll("SELECT object_type_id FROM " . TABLE_PREFIX . "dimension_object_types WHERE dimension_id={$dim_id} AND is_root=1")); $member_types = ObjectTypes::findAll(array('conditions' => 'id IN (' . implode(',', $member_type_ids) . ')')); tpl_assign('members', $members); tpl_assign('log_data', $log_data); tpl_assign('dimension', $dimension); tpl_assign('dimension_name', $dim_name); tpl_assign('member_types', $member_types); tpl_assign('page', $page); tpl_assign('total_items', $count_row[0]['total']); tpl_assign('items_x_page', $items_x_page); tpl_assign('order_by', $order_by); tpl_assign('order_by_dir', $order_by_dir); }
function edit() { if (!can_manage_dimension_members(logged_user())) { flash_error(lang('no access permissions')); ajx_current("empty"); return; } $member = Members::findById(get_id()); if (!$member instanceof Member) { flash_error(lang('member dnx')); ajx_current("empty"); return; } $this->setTemplate('add'); $member_data = array_var($_POST, 'member'); if (!is_array($member_data)) { // New ! Permissions $permission_parameters = permission_member_form_parameters($member); tpl_assign('permission_parameters', $permission_parameters); //-- tpl_assign("member", $member); $member_data['name'] = $member->getName(); $current_dimension = $member->getDimension(); if (!$current_dimension instanceof Dimension) { flash_error("dimension dnx"); ajx_current("empty"); return; } tpl_assign("current_dimension", $current_dimension); $ot_ids = implode(",", DimensionObjectTypes::getObjectTypeIdsByDimension($current_dimension->getId())); $dimension_obj_types = ObjectTypes::findAll(array("conditions" => "`id` IN ({$ot_ids})")); $dimension_obj_types_info = array(); foreach ($dimension_obj_types as $ot) { $info = $ot->getArrayInfo(array('id', 'name', 'type')); $info['name'] = lang(array_var($info, 'name')); $dimension_obj_types_info[] = $info; } tpl_assign('dimension_obj_types', $dimension_obj_types_info); tpl_assign('obj_type_sel', $member->getObjectTypeId()); tpl_assign('parents', self::getAssignableParents($member->getDimensionId(), $member->getObjectTypeId())); tpl_assign('parent_sel', $member->getParentMemberId()); tpl_assign("member_data", $member_data); tpl_assign('can_change_type', false); $restricted_dim_defs = DimensionMemberRestrictionDefinitions::findAll(array("conditions" => array("`dimension_id` = ?", $member->getDimensionId()))); $ot_with_restrictions = array(); foreach ($restricted_dim_defs as $rdef) { if (!isset($ot_with_restrictions[$rdef->getObjectTypeId()])) { $ot_with_restrictions[$rdef->getObjectTypeId()] = true; } } tpl_assign('ot_with_restrictions', $ot_with_restrictions); $associations = DimensionMemberAssociations::findAll(array("conditions" => array("`dimension_id` = ?", $member->getDimensionId()))); $ot_with_associations = array(); foreach ($associations as $assoc) { if (!isset($ot_with_associations[$assoc->getObjectTypeId()])) { $ot_with_associations[$assoc->getObjectTypeId()] = true; } } tpl_assign('ot_with_associations', $ot_with_associations); } else { $ok = $this->saveMember($member_data, $member, false); save_member_permissions($member); // NEW member permissions if ($ok) { $ret = null; Hook::fire('after_edit_member', $member, $ret); evt_add("reload dimension tree", $member->getDimensionId()); // ApplicationLogs::createLog($member, ApplicationLogs::ACTION_EDIT, false, true); } } }
function dimension_options_submit() { ajx_current("empty"); if (!can_manage_dimensions(logged_user())) { flash_error(lang('no access permissions')); return; } $folder_ots = ObjectTypes::findAll(array('id' => true, 'conditions' => "name IN ('folder','project_folder','customer_folder')")); $data = array_var($_POST, 'enabled_dots'); $names_data = array_var($_POST, 'custom_names'); if (is_array($data) || is_array($names_data)) { try { DB::beginWork(); // enabled dimension object types foreach ($data as $dim_id => $ots_info) { foreach ($ots_info as $ot_id => $enabled) { DB::execute("UPDATE " . TABLE_PREFIX . "dimension_object_types SET enabled=" . DB::escape($enabled) . " \r\n\t\t\t\t\t\t\tWHERE dimension_id=" . DB::escape($dim_id) . " AND object_type_id=" . DB::escape($ot_id)); // if object type is folder, set the same configuration to all folder types if (in_array($ot_id, $folder_ots)) { DB::execute("UPDATE " . TABLE_PREFIX . "dimension_object_types SET enabled=" . DB::escape($enabled) . "\r\n\t\t\t\t\t\t\t\tWHERE dimension_id=" . DB::escape($dim_id) . " AND object_type_id IN (" . implode(',', $folder_ots) . ")"); } } } // custom dimension names foreach ($names_data as $dim_id => $custom_name) { $cname = trim($custom_name); $dimension = Dimensions::getDimensionById($dim_id); if ($dimension instanceof Dimension) { $dimension->setOptionValue('custom_dimension_name', $cname); } } DB::commit(); flash_success(lang("success edit dimension options")); evt_add('tabs changed'); //ajx_current("back"); } catch (Exception $e) { DB::rollback(); flash_error($e->getMessage()); ajx_current("empty"); } } }
function edit() { if (!can_manage_dimension_members(logged_user())) { flash_error(lang('no access permissions')); ajx_current("empty"); return; } $member = Members::findById(get_id()); if (!$member instanceof Member) { flash_error(lang('member dnx')); ajx_current("empty"); return; } $ret = array(); Hook::fire('check_additional_member_permissions', array('action' => 'edit', 'member' => $member, 'pg_id' => logged_user()->getPermissionGroupId()), $ret); if (count($ret) > 0 && !array_var($ret, 'ok')) { flash_error(array_var($ret, 'message')); ajx_current("empty"); return; } $this->setTemplate('add'); $member_data = array_var($_POST, 'member'); if (!is_array($member_data)) { // New ! Permissions $permission_parameters = permission_member_form_parameters($member); tpl_assign('permission_parameters', $permission_parameters); //-- tpl_assign("member", $member); $member_data['name'] = $member->getName(); $member_data['description'] = $member->getDescription(); $current_dimension = $member->getDimension(); if (!$current_dimension instanceof Dimension) { flash_error("dimension dnx"); ajx_current("empty"); return; } tpl_assign("current_dimension", $current_dimension); $ot_ids = implode(",", DimensionObjectTypes::getObjectTypeIdsByDimension($current_dimension->getId())); $dimension_obj_types = ObjectTypes::findAll(array("conditions" => "`id` IN ({$ot_ids})")); $dimension_obj_types_info = array(); foreach ($dimension_obj_types as $ot) { $info = $ot->getArrayInfo(array('id', 'name', 'type')); $info['name'] = lang(array_var($info, 'name')); $dimension_obj_types_info[] = $info; } tpl_assign('dimension_obj_types', $dimension_obj_types_info); tpl_assign('obj_type_sel', $member->getObjectTypeId()); tpl_assign('parents', self::getAssignableParents($member->getDimensionId(), $member->getObjectTypeId())); tpl_assign('parent_sel', $member->getParentMemberId()); tpl_assign("member_data", $member_data); tpl_assign('can_change_type', false); $restricted_dim_defs = DimensionMemberRestrictionDefinitions::findAll(array("conditions" => array("`dimension_id` = ?", $member->getDimensionId()))); $ot_with_restrictions = array(); foreach ($restricted_dim_defs as $rdef) { if (!isset($ot_with_restrictions[$rdef->getObjectTypeId()])) { $ot_with_restrictions[$rdef->getObjectTypeId()] = true; } } tpl_assign('ot_with_restrictions', $ot_with_restrictions); $associations = DimensionMemberAssociations::findAll(array("conditions" => array("`dimension_id` = ?", $member->getDimensionId()))); $ot_with_associations = array(); foreach ($associations as $assoc) { if (!isset($ot_with_associations[$assoc->getObjectTypeId()])) { $ot_with_associations[$assoc->getObjectTypeId()] = true; } } tpl_assign('ot_with_associations', $ot_with_associations); } else { try { $old_parent = $member->getParentMemberId(); $ok = $this->saveMember($member_data, $member, false); Env::useHelper('permissions'); save_member_permissions_background(logged_user(), $member, array_var($_REQUEST, 'permissions'), $old_parent); if ($ok) { ApplicationLogs::createLog($member, ApplicationLogs::ACTION_EDIT); $ret = null; Hook::fire('after_edit_member', $member, $ret); //evt_add("reload dimension tree", array('dim_id' => $member->getDimensionId(), 'mid' => $member->getId(), 'pid' => $member->getParentMemberId())); evt_add("update dimension tree node", array('dim_id' => $member->getDimensionId(), 'member_id' => $member->getId())); } } catch (Exception $e) { DB::rollback(); flash_error($e->getMessage()); ajx_current("empty"); } } }
echo $type->getIcon(); ?> ' }); <?php } } ?> var searchForm = document.getElementById("searchbox").getElementsByTagName("form")[0] ; H5F.setup(searchForm); og.additional_on_dimension_object_click = []; og.dimension_object_types = []; <?php $dimension_object_types = ObjectTypes::findAll(array('conditions' => "`type` IN ('dimension_object', 'dimension_group')")); foreach ($dimension_object_types as $dot) { ?> og.dimension_object_types[<?php echo $dot->getId(); ?> ] = '<?php echo $dot->getName(); ?> '; <?php } foreach (Plugins::instance()->getActive() as $p) { $js_code = 'if (og.' . $p->getName() . ' && og.' . $p->getName() . '.init) og.' . $p->getName() . '.init();' . "\n"; echo $js_code; }
static function prepareFiltersConditions($filters) { $name_filter_condition = ""; $obj_ids_filter_condition = ""; $type_filter_condition = ""; if (!is_null($filters) && is_array($filters)) { $type_filters = array_var($filters, 'types'); if (is_array($type_filters) && count($type_filters) > 0) { $type_filters_ids = ObjectTypes::findAll(array('id' => 'true', 'conditions' => "`name` IN (" . DB::escape($type_filters) . ")")); $type_filter_condition = " AND `o`.`object_type_id` IN (" . implode(",", $type_filters_ids) . ")"; } $name_filter = array_var($filters, 'name'); $name_filter_condition = is_null($name_filter) ? "" : " AND `o`.`name` LIKE " . DB::escape("{$name_filter}%"); $obj_ids_filter = array_var($filters, 'object_ids'); $obj_ids_filter_condition = is_null($obj_ids_filter) ? "" : " AND `o`.`id` IN ({$obj_ids_filter})"; } return array($name_filter_condition, $obj_ids_filter_condition, $type_filter_condition); }
/** * Enter description here ... * @param Contact $contact * @param array of ObjectType $types * @param array of int $members */ function grantAllPermissions(Contact $contact, $members) { if ($contact->getUserType() > 0 && count($members)) { $userType = $contact->getUserTypeName(); $permissions = array(); // TO fill sharing table $gid = $contact->getPermissionGroupId(); foreach ($members as $member_id) { //new $member = Members::findById($member_id); $dimension = $member->getDimension(); $types = array(); $member_types = DimensionObjectTypeContents::getContentObjectTypeIds($dimension->getId(), $member->getObjectTypeId()); if (count($member_types)) { switch ($userType) { case 'Super Administrator': case 'Administrator': case 'Manager': case 'Executive': $types = $member_types; break; case 'Collaborator Customer': case 'Non-Exec Director': foreach (ObjectTypes::findAll(array("conditions" => " name NOT IN ('mail') ")) as $type) { //TODO This sucks $types[] = $type->getId(); } break; case 'Internal Collaborator': case 'External Collaborator': foreach (ObjectTypes::findAll(array("conditions" => " name NOT IN ('mail','contact', 'report') ")) as $type) { //TODO This sucks $types[] = $type->getId(); } break; case 'Guest Customer': foreach (ObjectTypes::findAll(array("conditions" => " name IN ('message', 'weblink', 'event', 'file') ")) as $type) { //TODO This sucks $types[] = $type->getId(); } break; case 'Guest': foreach (ObjectTypes::findAll(array("conditions" => " name IN ('message', 'weblink', 'event') ")) as $type) { //TODO This sucks $types[] = $type->getId(); } break; } } foreach ($types as $type_id) { if (!ContactMemberPermissions::instance()->findOne(array("conditions" => "permission_group_id = {$gid}\tAND \n\t\t\t\t\t\t\tmember_id = {$member_id} AND \n\t\t\t\t\t\t\tobject_type_id = {$type_id}"))) { $cmp = new ContactMemberPermission(); $cmp->setPermissionGroupId($gid); $cmp->setMemberId($member_id); $cmp->setObjectTypeId($type_id); if ($userType != "Guest" && $userType != "Guest Customer") { $cmp->setCanWrite(1); $cmp->setCanDelete(1); } else { $cmp->setCanWrite(0); $cmp->setCanDelete(0); } $cmp->save(); $perm = new stdClass(); $perm->m = $member_id; $perm->r = 1; $perm->w = 1; $perm->d = 1; $perm->o = $type_id; $permissions[] = $perm; } } } if (count($permissions)) { $stCtrl = new SharingTableController(); $stCtrl->afterPermissionChanged($contact->getPermissionGroupId(), $permissions); } } }
function permission_form_parameters($pg_id) { $member_permissions = array(); $dimensions = array(); $dims = Dimensions::findAll(); $members = array(); $member_types = array(); $allowed_object_types = array(); $allowed_object_types_by_member_type[] = array(); foreach ($dims as $dim) { if ($dim->getDefinesPermissions()) { $dimensions[] = $dim; $root_members = Members::findAll(array('conditions' => array('`dimension_id`=? AND `parent_member_id`=0', $dim->getId()), 'order' => '`name` ASC')); foreach ($root_members as $mem) { $members[$dim->getId()][] = $mem; $members[$dim->getId()] = array_merge($members[$dim->getId()], $mem->getAllChildrenSorted()); } $allowed_object_types[$dim->getId()] = array(); $dim_obj_types = $dim->getAllowedObjectTypeContents(); foreach ($dim_obj_types as $dim_obj_type) { // To draw a row for each object type of the dimension if (!in_array($dim_obj_type->getContentObjectTypeId(), $allowed_object_types[$dim->getId()])) { $allowed_object_types[$dim->getId()][] = $dim_obj_type->getContentObjectTypeId(); } // To enable or disable object types depending on the selected member if (!is_array(array_var($allowed_object_types_by_member_type, $dim_obj_type->getDimensionObjectTypeId()))) { $allowed_object_types_by_member_type[$dim_obj_type->getDimensionObjectTypeId()] = array(); } $allowed_object_types_by_member_type[$dim_obj_type->getDimensionObjectTypeId()][] = $dim_obj_type->getContentObjectTypeId(); } if ($dim->hasAllowAllForContact($pg_id)) { foreach ($members[$dim->getId()] as $mem) { $member_permissions[$mem->getId()] = array(); foreach ($dim_obj_types as $dim_obj_type) { if ($dim_obj_type->getDimensionObjectTypeId() == $mem->getObjectTypeId()) { $member_permissions[$mem->getId()][] = array('o' => $dim_obj_type->getContentObjectTypeId(), 'w' => 1, 'd' => 1, 'r' => 1); } } } } else { if (!$dim->deniesAllForContact($pg_id)) { if (isset($members[$dim->getId()])) { foreach ($members[$dim->getId()] as $mem) { $member_permissions[$mem->getId()] = array(); $pgs = ContactMemberPermissions::findAll(array("conditions" => array("`permission_group_id` = ? AND `member_id` = ?", $pg_id, $mem->getId()))); if (is_array($pgs)) { foreach ($pgs as $pg) { $member_permissions[$mem->getId()][] = array('o' => $pg->getObjectTypeId(), 'w' => $pg->getCanWrite(), 'd' => $pg->getCanDelete(), 'r' => 1); } } } } } } if (isset($members[$dim->getId()])) { foreach ($members[$dim->getId()] as $member) { $member_types[$member->getId()] = $member->getObjectTypeId(); } } } } $all_object_types = ObjectTypes::findAll(array("conditions" => "`type` IN ('content_object', 'located') AND `name` <> 'file revision'")); return array('member_types' => $member_types, 'allowed_object_types_by_member_type' => $allowed_object_types_by_member_type, 'allowed_object_types' => $allowed_object_types, 'all_object_types' => $all_object_types, 'member_permissions' => $member_permissions, 'dimensions' => $dimensions); }
function save_permissions($pg_id, $is_guest = false, $permissions_data = null, $save_cmps = true, $update_sharing_table = true, $fire_hook = true, $update_contact_member_cache = true, $users_ids_to_check = array(), $only_member_permissions = false) { if (is_null($permissions_data)) { // system permissions $sys_permissions_data = array_var($_POST, 'sys_perm'); // module permissions $mod_permissions_data = array_var($_POST, 'mod_perm'); // root permissions if ($rp_genid = array_var($_POST, 'root_perm_genid')) { $rp_permissions_data = array(); foreach ($_POST as $name => $value) { if (str_starts_with($name, $rp_genid . 'rg_root_')) { $rp_permissions_data[$name] = $value; } } } // member permissions $permissionsString = array_var($_POST, 'permissions'); } else { // system permissions $sys_permissions_data = array_var($permissions_data, 'sys_perm'); // module permissions $mod_permissions_data = array_var($permissions_data, 'mod_perm'); // root permissions $rp_genid = array_var($permissions_data, 'root_perm_genid'); $rp_permissions_data = array_var($permissions_data, 'root_perm'); // member permissions $permissionsString = array_var($permissions_data, 'permissions'); } try { DB::beginWork(); $changed_members = array(); // save module permissions if (!$only_member_permissions) { try { TabPanelPermissions::clearByPermissionGroup($pg_id, true); if (!is_null($mod_permissions_data) && is_array($mod_permissions_data)) { foreach ($mod_permissions_data as $tab_id => $val) { DB::execute("INSERT INTO " . TABLE_PREFIX . "tab_panel_permissions (permission_group_id,tab_panel_id) VALUES ('{$pg_id}','{$tab_id}') ON DUPLICATE KEY UPDATE permission_group_id=permission_group_id"); } } } catch (Exception $e) { Logger::log("Error saving module permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString()); throw $e; } } $root_permissions_sharing_table_delete = array(); $root_permissions_sharing_table_add = array(); if (logged_user() instanceof Contact && can_manage_security(logged_user())) { try { if (!$only_member_permissions) { // save system permissions $system_permissions = SystemPermissions::findById($pg_id); if (!$system_permissions instanceof SystemPermission) { $system_permissions = new SystemPermission(); $system_permissions->setPermissionGroupId($pg_id); } $system_permissions->setAllPermissions(false); $other_permissions = array(); Hook::fire('add_user_permissions', $pg_id, $other_permissions); foreach ($other_permissions as $k => $v) { $system_permissions->setColumnValue($k, false); } // check max permissions for role, in case of modifying user's permissions $role_id = "-1"; $tmp_contact = Contacts::findOne(array('conditions' => 'permission_group_id = ' . $pg_id)); if ($tmp_contact instanceof Contact) { $role_id = $tmp_contact->getUserType(); } $max_role_system_permissions = MaxSystemPermissions::findOne(array('conditions' => 'permission_group_id = ' . $role_id)); if ($max_role_system_permissions instanceof MaxSystemPermission) { foreach ($sys_permissions_data as $col => &$val) { $max_val = $max_role_system_permissions->getColumnValue($col); if (!$max_val) { unset($sys_permissions_data[$col]); } } } // don't allow to write emails for collaborators and guests if ($tmp_contact instanceof Contact) { $user_type_name = $tmp_contact->getUserTypeName(); if (!in_array($user_type_name, array('Super Administrator', 'Administrator', 'Manager', 'Executive'))) { $mail_ot = ObjectTypes::findByName('mail'); if ($mail_ot instanceof ObjectType) { DB::executeAll("UPDATE " . TABLE_PREFIX . "contact_member_permissions SET can_write=0, can_delete=0 WHERE object_type_id=" . $mail_ot->getId() . " AND permission_group_id={$pg_id}"); } } } $sys_permissions_data['can_task_assignee'] = !$is_guest; $system_permissions->setFromAttributes($sys_permissions_data); $system_permissions->setUseOnDuplicateKeyWhenInsert(true); $system_permissions->save(); //object type root permissions $can_have_root_permissions = config_option('let_users_create_objects_in_root') && in_array($user_type_name, array('Super Administrator', 'Administrator', 'Manager', 'Executive')); if ($rp_genid && $can_have_root_permissions) { ContactMemberPermissions::delete("permission_group_id = {$pg_id} AND member_id = 0"); foreach ($rp_permissions_data as $name => $value) { if (str_starts_with($name, $rp_genid . 'rg_root_')) { $rp_ot = substr($name, strrpos($name, '_') + 1); if (is_numeric($rp_ot) && $rp_ot > 0 && $value == 0) { $root_permissions_sharing_table_delete[] = $rp_ot; } if (!is_numeric($rp_ot) || $rp_ot <= 0 || $value < 1) { continue; } $root_permissions_sharing_table_add[] = $rp_ot; // save with member_id = 0 $root_perm_cmp = new ContactMemberPermission(); $root_perm_cmp->setPermissionGroupId($pg_id); $root_perm_cmp->setMemberId('0'); $root_perm_cmp->setObjectTypeId($rp_ot); $root_perm_cmp->setCanWrite($value >= 2); $root_perm_cmp->setCanDelete($value >= 3); $root_perm_cmp->save(); } } } if (!$can_have_root_permissions) { ContactMemberPermissions::delete("permission_group_id = {$pg_id} AND member_id = 0"); $sh_controller = new SharingTableController(); $all_object_type_ids = ObjectTypes::findAll(array('id' => true)); $sh_controller->adjust_root_permissions($pg_id, array('root_permissions_sharing_table_delete' => $all_object_type_ids)); } } } catch (Exception $e) { Logger::log("Error saving system and root permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString()); throw $e; } } // set all permissions to read_only if user is guest if ($is_guest) { try { $all_saved_permissions = ContactMemberPermissions::findAll(array("conditions" => "`permission_group_id` = {$pg_id}")); foreach ($all_saved_permissions as $sp) { /* @var $sp ContactMemberPermission */ if ($sp->getCanDelete() || $sp->getCanWrite()) { $sp->setCanDelete(false); $sp->setCanWrite(false); $sp->save(); } } $cdps = ContactDimensionPermissions::findAll(array("conditions" => "`permission_type` = 'allow all'")); foreach ($cdps as $cdp) { $cdp->setPermissionType('check'); $cdp->save(); } } catch (Exception $e) { Logger::log("Error setting guest user permissions to read_only for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString()); throw $e; } } // check the status of the changed dimensions to set 'allow_all', 'deny_all' or 'check' try { $dimensions = Dimensions::findAll(array("conditions" => array("`id` IN (SELECT DISTINCT `dimension_id` FROM " . Members::instance()->getTableName(true) . " WHERE `id` IN (?))", $changed_members))); foreach ($dimensions as $dimension) { $dimension->setContactDimensionPermission($pg_id, 'check'); } } catch (Exception $e) { Logger::log("Error setting dimension permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString()); throw $e; } //member permissions if ($permissionsString && $permissionsString != '') { $permissions = json_decode($permissionsString); } if (isset($permissions) && !is_null($permissions) && is_array($permissions)) { try { $tmp_contact = Contacts::findOne(array('conditions' => 'permission_group_id = ' . $pg_id)); if ($tmp_contact instanceof Contact) { $user_type_name = $tmp_contact->getUserTypeName(); $role_id = $tmp_contact->getUserType(); $max_role_ot_perms = MaxRoleObjectTypePermissions::instance()->findAll(array('conditions' => "role_id = '{$role_id}'")); } $mail_ot = ObjectTypes::findByName('mail'); $sql_insert_values = ""; $member_object_types_to_delete = array(); $allowed_members_ids = array(); foreach ($permissions as &$perm) { if (!isset($all_perm_deleted[$perm->m])) { $all_perm_deleted[$perm->m] = true; } $allowed_members_ids[$perm->m] = array(); $allowed_members_ids[$perm->m]['pg'] = $pg_id; if ($perm->r) { if (isset($allowed_members_ids[$perm->m]['w'])) { if ($allowed_members_ids[$perm->m]['w'] != 1) { $allowed_members_ids[$perm->m]['w'] = $is_guest ? false : $perm->w; } } else { $allowed_members_ids[$perm->m]['w'] = $is_guest ? false : $perm->w; } if (isset($allowed_members_ids[$perm->m]['d'])) { if ($allowed_members_ids[$perm->m]['d'] != 1) { $allowed_members_ids[$perm->m]['d'] = $is_guest ? false : $perm->d; } } else { $allowed_members_ids[$perm->m]['d'] = $is_guest ? false : $perm->d; } // check max permissions for user type if ($tmp_contact instanceof Contact) { $max_perm = null; foreach ($max_role_ot_perms as $max_role_ot_perm) { if ($max_role_ot_perm->getObjectTypeId() == $perm->o) { $max_perm = $max_role_ot_perm; } } if ($max_perm) { if (!$max_perm->getCanDelete()) { $perm->d = 0; } if (!$max_perm->getCanWrite()) { $perm->w = 0; } } else { $perm->d = 0; $perm->w = 0; $perm->r = 0; } } if ($save_cmps) { // don't allow to write emails for collaborators and guests if ($tmp_contact instanceof Contact && !in_array($user_type_name, array('Super Administrator', 'Administrator', 'Manager', 'Executive'))) { if ($mail_ot instanceof ObjectType && $perm->o == $mail_ot->getId()) { $perm->d = 0; $perm->w = 0; } } $sql_insert_values .= ($sql_insert_values == "" ? "" : ",") . "('" . $pg_id . "','" . $perm->m . "','" . $perm->o . "','" . $perm->d . "','" . $perm->w . "')"; if (!isset($member_object_types_to_delete[$perm->m])) { $member_object_types_to_delete[$perm->m] = array(); } $member_object_types_to_delete[$perm->m][] = $perm->o; } $all_perm_deleted[$perm->m] = false; } else { if (is_numeric($perm->m) && is_numeric($perm->o)) { DB::execute("DELETE FROM " . TABLE_PREFIX . "contact_member_permissions WHERE member_id='" . $perm->m . "' AND object_type_id='" . $perm->o . "' AND permission_group_id={$pg_id}"); } } $changed_members[] = $perm->m; } if ($save_cmps) { if (count($all_perm_deleted) > 0) { $member_ids_to_delete = array(); foreach ($all_perm_deleted as $mid => $del) { // also check in contact_member_permissions $cmps = ContactMemberPermissions::findAll(array('conditions' => 'permission_group_id=' . $pg_id . " AND member_id={$mid}")); if ($del && (!is_array($cmps) || count($cmps) == 0)) { $member_ids_to_delete[] = $mid; } } if (count($member_ids_to_delete) > 0) { DB::execute("DELETE FROM " . TABLE_PREFIX . "contact_member_permissions WHERE member_id IN (" . implode(',', $member_ids_to_delete) . ") AND permission_group_id={$pg_id}"); } } foreach ($member_object_types_to_delete as $mid => $obj_type_ids) { if (count($obj_type_ids) > 0) { DB::execute("DELETE FROM " . TABLE_PREFIX . "contact_member_permissions WHERE member_id={$mid} AND object_type_id IN (" . implode(',', $obj_type_ids) . ") AND permission_group_id={$pg_id}"); } } if ($sql_insert_values != "") { DB::execute("INSERT INTO " . TABLE_PREFIX . "contact_member_permissions (permission_group_id, member_id, object_type_id, can_delete, can_write) VALUES {$sql_insert_values} ON DUPLICATE KEY UPDATE member_id=member_id"); } } } catch (Exception $e) { Logger::log("Error saving member permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString()); throw $e; } } DB::commit(); } catch (Exception $e) { Logger::log("Error saving permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString()); DB::rollback(); } try { if (isset($permissions) && !is_null($permissions) && is_array($permissions)) { if ($update_sharing_table) { try { $sharingTablecontroller = new SharingTableController(); $rp_info = array('root_permissions_sharing_table_delete' => $root_permissions_sharing_table_delete, 'root_permissions_sharing_table_add' => $root_permissions_sharing_table_add); $sharingTablecontroller->afterPermissionChanged($pg_id, $permissions, $rp_info); } catch (Exception $e) { Logger::log("Error saving permissions to sharing table for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString()); throw $e; } } if ($update_contact_member_cache) { try { $contactMemberCacheController = new ContactMemberCacheController(); $group = PermissionGroups::findById($pg_id); $real_group = null; if ($group->getType() == 'user_groups') { $real_group = $group; } $users = $group->getUsers(); $users_ids_checked = array(); foreach ($users as $us) { $users_ids_checked[] = $us->getId(); $contactMemberCacheController->afterUserPermissionChanged($us, $permissions, $real_group); } //check all users related to the group foreach ($users_ids_to_check as $us_id) { if (!in_array($us_id, $users_ids_checked)) { $users_ids_checked[] = $us_id; $us = Contacts::findById($us_id); if ($us instanceof Contact) { $contactMemberCacheController->afterUserPermissionChanged($us, $permissions, $real_group); } } } } catch (Exception $e) { Logger::log("Error saving permissions to contact member cache for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString()); throw $e; } } } } catch (Exception $e) { Logger::log("Error saving module permissions for permission group {$pg_id}: " . $e->getMessage() . "\n" . $e->getTraceAsString()); } if ($fire_hook) { Hook::fire('after_save_contact_permissions', $pg_id, $pg_id); } // remove contact object from members where permissions were deleted $user = Contacts::findOne(array('conditions' => 'permission_group_id=' . $pg_id)); if ($user instanceof Contact) { $to_remove = array(); if (isset($all_perm_deleted) && is_array($all_perm_deleted)) { foreach ($all_perm_deleted as $m_id => $must_remove) { if ($must_remove) { $to_remove[] = $m_id; } } ObjectMembers::removeObjectFromMembers($user, logged_user(), null, $to_remove); } } }