function render($control_name) { $genid = gen_id(); $groups = PermissionGroups::findAll(array('conditions' => "`type`='roles' AND `parent_id`>0")); $value = $this->getValue(); $out = ''; foreach ($groups as $group) { /* @var $dim Dimension */ $checked = array_search($group->getId(), $value) !== false; $out .= '<div class="checkbox-config-option">'; $out .= label_tag($group->getName(), $genid . '_' . $control_name . '_' . $group->getId(), false, array('style' => 'cursor:pointer;'), ''); $out .= checkbox_field($control_name . '[' . $group->getId() . ']', $checked, array('id' => $genid . '_' . $control_name . '_' . $group->getId())); $out .= '</div >'; } $out .= '<input type="hidden" name="' . $control_name . '[0]" value=" "><div class="clear"></div>'; return $out; }
function core_dimensions_update_9_10() { $template_ot = ObjectTypes::findByName('template'); $users = Contacts::getAllUsers(); foreach ($users as $user) { /* @var $user Contact */ if (!$user->isAdminGroup()) { continue; } // don't allow to write emails for collaborators and guests $user_type_name = $user->getUserTypeName(); if ($template_ot instanceof ObjectType) { DB::executeAll("UPDATE " . TABLE_PREFIX . "contact_member_permissions SET can_write=1, can_delete=1 WHERE object_type_id=" . $template_ot->getId() . " AND permission_group_id=" . $user->getPermissionGroupId()); } } $pgs = PermissionGroups::findAll(array("conditions" => "`name` in ('Super Administrator','Administrator')")); foreach ($pgs as $pg) { DB::executeAll("UPDATE " . TABLE_PREFIX . "role_object_type_permissions SET can_write=1, can_delete=1 WHERE object_type_id=" . $template_ot->getId() . " AND role_id=" . $user->getPermissionGroupId()); } }
/** * Return true is $user can access an $object. False otherwise. * * @param Contact $user * @param array $members * @param $object_type_id * @return boolean */ function can_access_pgids($permission_group_ids, $members, $object_type_id, $access_level) { $write = $access_level == ACCESS_LEVEL_WRITE; $delete = $access_level == ACCESS_LEVEL_DELETE; $tmp_contact = null; $max_role_ot_perm = null; if (count($permission_group_ids) > 0) { $permission_groups = PermissionGroups::findAll(array('conditions' => "id IN (" . implode(',', $permission_group_ids) . ")")); foreach ($permission_groups as $pgroup) { if ($pgroup->getType() == 'permission_groups' && $pgroup->getContactId() > 0) { $tmp_contact = Contacts::findById($pgroup->getContactId()); $max_role_ot_perm = MaxRoleObjectTypePermissions::instance()->findOne(array('conditions' => "object_type_id='{$object_type_id}' AND role_id = '" . $tmp_contact->getUserType() . "'")); break; } } } try { $dimension_query_methods = array(); $dimension_permissions = array(); $enabled_dimensions = config_option('enabled_dimensions'); $dimension_info = array(); foreach ($members as $k => $m) { if (!$m instanceof Member || !in_array($m->getDimensionId(), $enabled_dimensions)) { unset($members[$k]); continue; } if (!isset($dimension_info[$m->getDimensionId()])) { $dimension_info[$m->getDimensionId()] = array('dim' => $m->getDimension(), 'members' => array($m->getId() => $m)); } else { $dimension_info[$m->getDimensionId()]['members'][$m->getId()] = $m; } } foreach ($dimension_info as $did => $info) { $dimension = $info['dim']; if (!$dimension->getDefinesPermissions()) { continue; } if ($max_role_ot_perm && ($access_level == ACCESS_LEVEL_DELETE && $max_role_ot_perm->getCanDelete() || $access_level == ACCESS_LEVEL_WRITE && $max_role_ot_perm->getCanWrite() || $access_level == ACCESS_LEVEL_READ)) { if (!isset($dimension_query_methods[$dimension->getId()])) { $dimension_query_methods[$dimension->getId()] = $dimension->getPermissionQueryMethod(); } $dimension_id = $dimension->getId(); $dimension_permissions[$dimension_id] = array(); //dimension defines permissions and user has maximum level of permissions $dimension_permissions[$dimension_id] = array_merge($dimension_permissions[$dimension_id], $dimension->getPermissionGroupsAllowAll($permission_group_ids)); //check $dimension_permissions[$dimension_id] = array_merge($dimension_permissions[$dimension_id], ContactMemberPermissions::instance()->canAccessObjectTypeinMembersPermissionGroups($permission_group_ids, array_keys($info['members']), $object_type_id, $write, $delete)); } } $mandatory_dimension_ids = array(); foreach ($dimension_query_methods as $dim_id => $qmethod) { if (!in_array($dim_id, $enabled_dimensions)) { continue; } if ($qmethod == DIMENSION_PERMISSION_QUERY_METHOD_MANDATORY) { $mandatory_dimension_ids[] = $dim_id; } } // if there are mandatory dimensions involved then intersect the allowed permission groups of each dimension if (count($mandatory_dimension_ids) > 0) { $first_mdid = array_pop($mandatory_dimension_ids); $pgs_accomplishing_mandatory = $dimension_permissions[$first_mdid]; foreach ($mandatory_dimension_ids as $mdid) { $pgs_accomplishing_mandatory = array_intersect($pgs_accomplishing_mandatory, $dimension_permissions[$mdid]); } $all_permission_groups = array_unique($pgs_accomplishing_mandatory); } else { // No mandatory dimensions involved => return all allowed permission groups $other_pgs = array(); foreach ($dimension_query_methods as $dim_id => $qmethod) { if (!in_array($dim_id, $enabled_dimensions)) { continue; } if ($qmethod == DIMENSION_PERMISSION_QUERY_METHOD_NOT_MANDATORY) { $other_pgs = array_merge($other_pgs, $dimension_permissions[$dim_id]); } } $all_permission_groups = array_unique($other_pgs); } return $all_permission_groups; } catch (Exception $e) { tpl_assign('error', $e); return array(); } return array(); }