function list_objects() { /* get query parameters */ $filesPerPage = config_option('files_per_page'); $start = array_var($_GET, 'start') ? (int) array_var($_GET, 'start') : 0; $limit = array_var($_GET, 'limit') ? array_var($_GET, 'limit') : $filesPerPage; $order = array_var($_GET, 'sort'); $id_no_select = array_var($_GET, 'id_no_select', "undefined"); $ignore_context = (bool) array_var($_GET, 'ignore_context'); $member_ids = json_decode(array_var($_GET, 'member_ids')); $extra_member_ids = json_decode(array_var($_GET, 'extra_member_ids')); $orderdir = array_var($_GET, 'dir'); if (!in_array(strtoupper($orderdir), array('ASC', 'DESC'))) { $orderdir = 'ASC'; } if ($order == "dateUpdated") { $order = "updated_on"; } elseif ($order == "dateArchived") { $order = "archived_on"; } elseif ($order == "dateDeleted") { $order = "trashed_on"; } elseif ($order == "name") { $order = "name"; } else { $order = ""; $orderdir = ""; } $extra_list_params = array_var($_GET, 'extra_list_params'); $extra_list_params = json_decode($extra_list_params); $page = (int) ($start / $limit) + 1; $hide_private = !logged_user()->isMemberOfOwnerCompany(); $typeCSV = array_var($_GET, 'type'); $types = null; if ($typeCSV) { $types = explode(",", $typeCSV); } $name_filter = mysql_real_escape_string(array_var($_GET, 'name')); $linked_obj_filter = array_var($_GET, 'linkedobject'); $object_ids_filter = ''; $show_all_linked_objects = false; if (!is_null($linked_obj_filter)) { $show_all_linked_objects = true; $linkedObject = Objects::findObject($linked_obj_filter); $objs = $linkedObject->getLinkedObjects(); foreach ($objs as $obj) { $object_ids_filter .= ($object_ids_filter == '' ? '' : ',') . $obj->getId(); } } $filters = array(); if (!is_null($types)) { $filters['types'] = $types; } if (!is_null($name_filter)) { $filters['name'] = $name_filter; } if ($object_ids_filter != '') { $filters['object_ids'] = $object_ids_filter; } $user = array_var($_GET, 'user'); $trashed = array_var($_GET, 'trashed', false); $archived = array_var($_GET, 'archived', false); /* if there's an action to execute, do so */ if (!$show_all_linked_objects) { $this->processListActions(); } $filterName = array_var($_GET, 'name'); $template_object_names = ""; $template_extra_condition = "true"; $template_objects = false; if (in_array("template_task", array_var($filters, 'types', array())) || in_array("template_milestone", array_var($filters, 'types', array()))) { $template_id = 0; $template_objects = true; if (isset($extra_list_params->template_id)) { $template_id = $extra_list_params->template_id; } $tmpl_task = TemplateTasks::findById(intval($id_no_select)); if ($tmpl_task instanceof TemplateTask) { $template_extra_condition = "o.id IN (SELECT object_id from " . TABLE_PREFIX . "template_tasks WHERE `template_id`=" . $tmpl_task->getTemplateId() . " OR `template_id`=0 AND `session_id`=" . logged_user()->getId() . " )"; } else { $template_extra_condition = "o.id IN (SELECT object_id from " . TABLE_PREFIX . "template_tasks WHERE `template_id`=" . intval($template_id) . " OR `template_id`=0 AND `session_id`=" . logged_user()->getId() . " )"; } } else { $template_object_names = "AND name <> 'template_task' AND name <> 'template_milestone'"; } $result = null; $context = active_context(); $obj_type_types = array('content_object', 'dimension_object'); if (array_var($_GET, 'include_comments')) { $obj_type_types[] = 'comment'; } $type_condition = ""; if ($types) { $type_condition = " AND name IN ('" . implode("','", $types) . "')"; } $extra_conditions = array(); // user filter if (in_array("contact", array_var($filters, 'types', array())) && isset($extra_list_params->is_user)) { $joins[] = "\r\n\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "contacts c on c.object_id=o.id"; $extra_conditions[] = "\r\n\t\t\t\tc.user_type " . ($extra_list_params->is_user == 1 ? ">" : "=") . " 0"; if (isset($extra_list_params->has_permissions) && $extra_list_params->has_permissions > 0) { $mem_id = $extra_list_params->has_permissions; $extra_conditions[] = " EXISTS (\r\n\t\t\t\t\tSELECT cmp.permission_group_id FROM " . TABLE_PREFIX . "contact_member_permissions cmp\r\n\t\t\t\t\tWHERE cmp.permission_group_id IN (SELECT x.permission_group_id FROM " . TABLE_PREFIX . "contact_permission_groups x WHERE x.contact_id=o.id)\r\n\t\t\t\t\tAND cmp.member_id='{$mem_id}' \r\n\t\t\t\t\tAND cmp.object_type_id NOT IN (SELECT tp.object_type_id FROM " . TABLE_PREFIX . "tab_panels tp WHERE tp.enabled=0)\r\n\t\t\t\t\tAND cmp.object_type_id NOT IN (SELECT oott.id FROM " . TABLE_PREFIX . "object_types oott WHERE oott.name IN ('comment','template'))\r\n\t\t\t\t\tAND cmp.object_type_id IN (SELECT oott2.id FROM " . TABLE_PREFIX . "object_types oott2 WHERE oott2.type IN ('content_object','dimension_object'))\r\n\t\t\t\t)"; } } // Object type filter - exclude template types (if not template picker), filter by required type names (if specified) and match value with objects table $extra_object_type_conditions = "\r\n\t\t\tAND name <> 'file revision' {$template_object_names} {$type_condition} AND o.object_type_id = ot.id"; $extra_conditions[] = ObjectTypes::getListableObjectsSqlCondition($extra_object_type_conditions); // -- // logged user permission group ids $logged_user_pg_ids = implode(',', logged_user()->getPermissionGroupIds()); // used in template object picker $extra_conditions[] = $template_extra_condition; // when filtering by name if ($name_filter) { $extra_conditions[] = "\r\n\t\t\t\tname LIKE '%{$name_filter}%'"; } // when excluding some object in particular if ($id_no_select != "undefined") { $extra_conditions[] = "\r\n\t\t\t\tid <> '{$id_no_select}'"; } // when filtering by some group of objects, for example in the linked objects view if ($object_ids_filter != "") { $extra_conditions[] = "\r\n\t\t\t\tid in ({$object_ids_filter})"; } $joins[] = "\r\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "project_tasks pt on pt.object_id=o.id"; if (!SystemPermissions::userHasSystemPermission(logged_user(), 'can_see_assigned_to_other_tasks')) { // exclude other users' tasks if cannot see them $extra_conditions[] = "\r\n\t\t\t\t( pt.assigned_to_contact_id IS NULL OR pt.assigned_to_contact_id= " . logged_user()->getId() . ")"; } // don't include tasks which have is_template=1 $extra_conditions[] = "\r\n\t\t\t( pt.is_template IS NULL OR pt.is_template=0)"; // trashed conditions $extra_conditions[] = "\r\n\t\t\to.trashed_on" . ($trashed ? "<>" : "=") . "0"; // archived conditions $extra_conditions[] = "\r\n\t\t\to.archived_on" . ($archived ? "<>" : "=") . "0"; // don't include unclassified mails from other accounts if (Plugins::instance()->isActivePlugin('mail')) { $accounts_of_loggued_user = MailAccountContacts::getByContact(logged_user()); $account_ids = array(0); foreach ($accounts_of_loggued_user as $acc) { $account_ids[] = $acc->getAccountId(); } $joins[] = "\r\n\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "mail_contents mc on mc.object_id=o.id\r\n\t\t\t"; $extra_conditions[] = "\r\n\t\t\t\tIF( mc.account_id IS NULL, true, mc.account_id IN (" . implode(',', $account_ids) . ") OR EXISTS (\r\n\t\t\t\t\tSELECT om1.object_id FROM " . TABLE_PREFIX . "object_members om1 \r\n\t\t\t\t\t\tINNER JOIN " . TABLE_PREFIX . "members m1 ON m1.id=om1.member_id \r\n\t\t\t\t\t\tINNER JOIN " . TABLE_PREFIX . "dimensions d1 ON d1.id=m1.dimension_id \r\n\t\t\t\t\tWHERE om1.object_id=o.id AND d1.is_manageable=1)\r\n\t\t\t\t)"; } // don't show attached files of emails that cannot be viewed if (logged_user()->isAdministrator() && Plugins::instance()->isActivePlugin('mail')) { $joins[] = "LEFT JOIN " . TABLE_PREFIX . "project_files pf on pf.object_id=o.id"; $extra_conditions[] = "IF(pf.mail_id IS NULL OR pf.mail_id = 0, true, \r\n\t\t\t\tpf.mail_id IN (SELECT sh.object_id FROM " . TABLE_PREFIX . "sharing_table sh WHERE pf.mail_id = sh.object_id AND sh.group_id IN ({$logged_user_pg_ids})))"; } $only_count_result = array_var($_GET, 'only_result', false); $count_results = array_var($_GET, 'count_results', false); // Members filter $sql_members = ""; if (!$ignore_context && !$member_ids) { $members = active_context_members(false); // Context Members Ids } elseif (count($member_ids)) { $members = $member_ids; } else { // get members from context if (!$ignore_context) { $members = active_context_members(false); } } if (is_array($extra_member_ids)) { if (isset($members)) { $members = array_merge($members, $extra_member_ids); } else { $members = $extra_member_ids; } } if (isset($members) && is_array($members) && count($members) > 0 && !(isset($template_id) && $template_id > 0)) { $sql_members = "\r\n\t\t\t\tAND (EXISTS (SELECT om.object_id\r\n\t\t\t\t\tFROM " . TABLE_PREFIX . "object_members om\r\n\t\t\t\t\tWHERE om.member_id IN (" . implode(',', $members) . ") AND o.id = om.object_id \r\n\t\t\t\t\tGROUP BY object_id\r\n\t\t\t\t\tHAVING count(member_id) = " . count($members) . "\r\n\t\t\t\t))\r\n\t\t\t"; } // -- // Permissions filter if (isset($template_id) && $template_id > 0) { // editing template items do not check permissions $sql_permissions = ""; } else { $sql_permissions = "\r\n\t\t\t\tAND EXISTS (SELECT sh.object_id FROM " . TABLE_PREFIX . "sharing_table sh WHERE sh.object_id=o.id AND sh.group_id IN ({$logged_user_pg_ids}))\r\n\t\t\t"; } // Main select $sql_select = "SELECT * FROM " . TABLE_PREFIX . "objects o "; // Joins $sql_joins = implode(" ", $joins); // Where $sql_where = "\r\n\t\t\tWHERE " . implode(" AND ", $extra_conditions) . $sql_permissions . $sql_members; // Order $sql_order = ""; if ($order) { $sql_order = "\r\n\t\t\t\tORDER BY {$order} {$orderdir}\r\n\t\t\t"; } // Limit $sql_limit = ""; if ($start >= 0 && $limit > 0) { $sql_limit = " LIMIT {$start}, {$limit}"; } // Full SQL $sql = "{$sql_select} {$sql_joins} {$sql_where} {$sql_order} {$sql_limit}"; // Execute query if (!$only_count_result) { $rows = DB::executeAll($sql); } // get total items if ($count_results) { $sql_count = "SELECT count(o.id) as total_items FROM " . TABLE_PREFIX . "objects o {$sql_joins} {$sql_where}"; $rows_count = DB::executeAll($sql_count); $total_items = $rows_count[0]['total_items']; } else { if (isset($rows) && is_array($rows)) { $total_items = count($rows) < $filesPerPage ? count($rows) : 1000000; } else { $total_items = 0; } } // prepare response object $info = array(); // get objects if (isset($rows) && is_array($rows)) { foreach ($rows as $row) { $instance = Objects::findObject($row['id']); if (!$instance instanceof ContentDataObject) { continue; } $info_elem = $instance->getObject()->getArrayInfo(); $info_elem['url'] = $instance->getViewUrl(); $info_elem['isRead'] = $instance->getIsRead(logged_user()->getId()); $info_elem['manager'] = get_class($instance->manager()); $info_elem['memPath'] = json_encode($instance->getMembersIdsToDisplayPath()); if ($instance instanceof Contact) { if ($instance->isCompany()) { $info_elem['icon'] = 'ico-company'; $info_elem['type'] = 'company'; } else { $info_elem['memPath'] = json_encode($instance->getUserType() ? "" : $instance->getMembersIdsToDisplayPath()); } } else { if ($instance instanceof ProjectFile) { $info_elem['mimeType'] = $instance->getTypeString(); } } $info[] = $info_elem; } } $listing = array("totalCount" => $total_items, "start" => $start, "objects" => $info); ajx_extra_data($listing); tpl_assign("listing", $listing); if (isset($reload) && $reload) { ajx_current("reload"); } else { ajx_current("empty"); } }