/**
* _checkUserResourcePermission
* Check if user have access to all of the resources that trigger email record has defined
*
* We need to do this here, because currently API shuldn't be checking any user permission.
* Once user permission are being used in API, we can deprecate this function
*
* @param Array $record Associated array of the record
* @param User_API $user User API
*
* @return Boolean Returns TRUE if user have all permission, FALSE otherwise
*
* @todo deprecate this when API take account user permission
*/
private function _checkUserResourcePermission($record, $user)
{
// If admin, don't worry about evaluating permission
if ($user->Admin()) {
return true;
}
$error = false;
$userLists = $user->GetLists();
$userNewsletters = $user->GetNewsletters();
// Check if user have access to particular list
if ($record['triggertype'] == 'f' && isset($record['data']['listid']) && !array_key_exists($record['data']['listid'], $userLists)) {
trigger_error('Does not have access to contact list', E_USER_NOTICE);
$error = true;
}
// Check if user have access to particular newsletter specified for link
if ($record['triggertype'] == 'l' && isset($record['data']['linkid_newsletterid']) && !array_key_exists($record['data']['linkid_newsletterid'], $userNewsletters)) {
trigger_error('Does not have access to specified newsletter', E_USER_NOTICE);
$error = true;
}
// Check newsletter ID defined for "Newsletter Opened" event
if ($record['triggertype'] == 'n' && isset($record['data']['newsletterid']) && !array_key_exists($record['data']['newsletterid'], $userNewsletters)) {
trigger_error('Does not have access to specified newsletter', E_USER_NOTICE);
$error = true;
}
// Check if list IDs defined for static date exists
if ($record['triggertype'] == 's' && isset($record['data']['staticdate_listids'])) {
foreach ($record['data']['staticdate_listids'] as $each) {
if (!array_key_exists($each, $userLists)) {
trigger_error('Does not have access to specified list', E_USER_NOTICE);
$error = true;
break;
}
}
}
// ----- The following are required for "send" action
if (isset($record['triggeractions']['send']) && isset($record['triggeractions']['send']['enabled']) && $record['triggeractions']['send']['enabled']) {
if (isset($record['triggeractions']['send']['newsletterid']) && !array_key_exists($record['triggeractions']['send']['newsletterid'], $userNewsletters)) {
trigger_error('Newsletter does not exits', E_USER_NOTICE);
return false;
}
}
// -----
// ----- The following are required for "addlist" action
if (isset($record['triggeractions']['addlist']) && isset($record['triggeractions']['addlist']['enabled']) && $record['triggeractions']['addlist']['enabled']) {
if (isset($record['triggeractions']['addlist']['listid'])) {
foreach ($record['triggeractions']['addlist']['listid'] as $each) {
if (!array_key_exists($each, $userLists)) {
trigger_error('Does not have access to specified newsletter', E_USER_NOTICE);
$error = true;
break;
}
}
}
}
// -----
return !$error;
}
/**
* _checkPermissionCanEdit
* Check whether or not a user can edit a segment
*
* Checking user privilege in this instance will also means checking
* whether or not a user have access to all mailing list used in a segment.
* Once lists used in a segment become "restricted" to a user, user should not be able to edit
* the segment at all.
*
* Here's the logic:
* (1) If Admin go to (7), otherwise go to (2)
* (2) If segment is owned by user, go to (3), otherwise go (4)
* (3) If user have "edit" permission, go to (7), otherwise (6)
* (4) If user is allowed to have "edit" access to the segment, then check (5), otherwise go (7)
* (5) If user DO NOT have access to all the lists in the segment, go (6), otherwise go (7)
* (6) CANNOT EDIT
* (7) CAN EDIT
*
* @param Segment_API $segmentapi Current segment API
* @param User_API $userapi Current user API
*
* @return Boolean Returns TRUE if user have edit privilege on segment, FALSE otherwise
*
* @uses User_API::HasAccess()
* @uses User_API::GetLists()
*
* @access private
*/
function _checkPermissionCanEdit($segmentapi, $userapi)
{
if ($userapi->Admin()) {
return true;
}
$haveAccess = false;
$userList = array_keys($userapi->GetLists());
if ($segmentapi->ownerid == $userapi->userid) {
if ($userapi->HasAccess('Segments', 'Edit')) {
$haveAccess = true;
}
} else {
if ($userapi->HasAccess('Segments', 'Edit', $segmentapi->segmentid)) {
if (count(array_intersect($userList, $segmentapi->searchinfo['Lists'])) == count($segmentapi->searchinfo['Lists'])) {
$haveAccess = true;
}
}
}
return $haveAccess;
}
