function getAllPermissions($user_permissions = null) { if (is_null($user_permissions) && !$this->isNew()) { $user_permissions = ProjectUsers::findAll(array('conditions' => 'user_id = ' . $this->getId())); } $result = array(); if (is_array($user_permissions)) { foreach ($user_permissions as $perm) { $chkArray = array(); $chkArray[0] = $perm->getCanAssignToOwners() ? 1 : 0; $chkArray[1] = $perm->getCanAssignToOther() ? 1 : 0; $radioArray = array(); $radioArray[0] = $perm->getCanWriteMessages() ? 2 : ($perm->getCanReadMessages() ? 1 : 0); $radioArray[1] = $perm->getCanWriteTasks() ? 2 : ($perm->getCanReadTasks() ? 1 : 0); $radioArray[2] = $perm->getCanWriteMilestones() ? 2 : ($perm->getCanReadMilestones() ? 1 : 0); $radioArray[3] = $perm->getCanWriteMails() ? 2 : ($perm->getCanReadMails() ? 1 : 0); $radioArray[4] = $perm->getCanWriteComments() ? 2 : ($perm->getCanReadComments() ? 1 : 0); $radioArray[5] = $perm->getCanWriteContacts() ? 2 : ($perm->getCanReadContacts() ? 1 : 0); $radioArray[6] = $perm->getCanWriteWeblinks() ? 2 : ($perm->getCanReadWeblinks() ? 1 : 0); $radioArray[7] = $perm->getCanWriteFiles() ? 2 : ($perm->getCanReadFiles() ? 1 : 0); $radioArray[8] = $perm->getCanWriteEvents() ? 2 : ($perm->getCanReadEvents() ? 1 : 0); $result[] = array("wsid" => $perm->getProjectId(), "pc" => $chkArray, "pr" => $radioArray); } } return $result; }
/** * Return true is $user has $access_level (R/W) over $object * * @param User $user * @param ApplicationDataObject $object * @param int $access_level // 1 = read ; 2 = write * @return unknown */ function can_access(User $user, ApplicationDataObject $object, $access_level) { try { if (!$object instanceof ApplicationDataObject) { throw new Exception(lang('object dnx')); } $hookargs = array("user" => $user, "object" => $object, "access_level" => $access_level); $ret = null; Hook::fire('can_access', $hookargs, $ret); if (is_bool($ret)) { return $ret; } if ($object instanceof Comment) { return can_access($user, $object->getObject(), $access_level); } if ($user->isGuest() && $access_level == ACCESS_LEVEL_WRITE) { return false; } if ($object instanceof ProjectFileRevision) { return can_access($user, $object->getFile(), $access_level); } if ($object->columnExists('project_id')) { $user_id = $user->getId(); if (!$object instanceof ProjectContact && $object->getCreatedById() == $user_id) { return true; } // the user is the creator of the object if ($object instanceof ProjectDataObject && $object->getProject() instanceof Project && $object->getProject()->getId() == $user->getPersonalProjectId()) { return true; } // The object belongs to the user's personal project $perms = ObjectUserPermissions::getAllPermissionsByObject($object, $user->getId()); if ($perms && is_array($perms)) { //if the permissions for the user in the object are specially set return has_access_level($perms[0], $access_level); } $group_ids = GroupUsers::getGroupsCSVsByUser($user_id); if ($group_ids && $group_ids != '') { //user belongs to at least one group $perms = ObjectUserPermissions::getAllPermissionsByObject($object, $group_ids); if ($perms) { foreach ($perms as $perm) { if (has_access_level($perm, $access_level)) { return true; } //there is one group permission that allows the user to access } } } if ($object instanceof ProjectDataObject && $object->getProject()) { //if the object has a project assigned to it $proj_perm = ProjectUsers::findOne(array('conditions' => array('user_id = ? AND project_id = ? ', $user_id, $object->getProject()->getId()))); if ($proj_perm && can_manage_type(get_class($object->manager()), $proj_perm, $access_level)) { return true; // if user has permissions over type of object in the project } if ($group_ids && $group_ids != '') { //user belongs to at least one group $proj_perms = ProjectUsers::findAll(array('conditions' => array('project_id = ' . $object->getProject()->getId() . ' AND user_id in (' . $group_ids . ')'))); if ($proj_perms) { foreach ($proj_perms as $perm) { if (can_manage_type(get_class($object->manager()), $perm, $access_level)) { return true; } // if any group has permissions over type of object in the project } } } } } else { // handle object in multiple workspaces $user_id = $user->getId(); if ($object->getCreatedById() == $user_id) { return true; // the user is the creator of the object } if ($object instanceof MailContent) { $acc = MailAccounts::findById($object->getAccountId()); if (!$acc instanceof MailAccount) { return false; // it's an email with no account and not created by the user } else { if ($access_level == ACCESS_LEVEL_READ && $acc->canView($user) || $access_level == ACCESS_LEVEL_WRITE && $acc->canDelete($user)) { return true; } } } $perms = ObjectUserPermissions::getAllPermissionsByObject($object, $user->getId()); if ($perms && is_array($perms)) { //if the permissions for the user in the object are specially set return has_access_level($perms[0], $access_level); } $group_ids = GroupUsers::getGroupsCSVsByUser($user_id); if ($group_ids && $group_ids != '') { //user belongs to at least one group $perms = ObjectUserPermissions::getAllPermissionsByObject($object, $group_ids); if ($perms) { foreach ($perms as $perm) { if (has_access_level($perm, $access_level)) { return true; //there is one group permission that allows the user to access } } } } if ($object instanceof ProjectDataObject) { $ws = $object->getWorkspaces(); foreach ($ws as $w) { // if the object has a project assigned to it $proj_perm = ProjectUsers::findOne(array('conditions' => array('user_id = ? AND project_id = ? ', $user_id, $w->getId()))); if ($proj_perm && can_manage_type(get_class($object->manager()), $proj_perm, $access_level)) { return true; // if user has permissions over type of object in the project } if ($group_ids && $group_ids != '') { //user belongs to at least one group $proj_perms = ProjectUsers::findAll(array('conditions' => array('project_id = ' . $w->getId() . ' AND user_id in (' . $group_ids . ')'))); if ($proj_perms) { foreach ($proj_perms as $perm) { if (can_manage_type(get_class($object->manager()), $perm, $access_level)) { return true; } // if any group has permissions over type of object in the project } } } } } } } catch (Exception $e) { tpl_assign('error', $e); return false; } return false; }