/** * Get all entries. * * @param string $type custom|system * @access public * @return array */ public function getEntries($type = 'custom') { $entries = $this->dao->select('*')->from(TABLE_ENTRY)->orderBy('`order, id`')->fetchAll(); /* Remove entry if no rights and fix logo path. */ $newEntries = array(); foreach ($entries as $entry) { if ($entry->logo != '' && substr($entry->logo, 0, 1) != '/') { $entry->logo = $this->config->webRoot . $entry->logo; } if (commonModel::hasAppPriv($entry->code)) { $newEntries[] = $entry; } } $entries = $newEntries; if ($type != 'custom') { return $entries; } /* Add custom settings. */ $customApp = isset($this->config->personal->common->customApp) ? json_decode($this->config->personal->common->customApp->value) : new stdclass(); foreach ($entries as $entry) { if (isset($customApp->{$entry->id})) { if (isset($customApp->{$entry->id}->order)) { $entry->order = $customApp->{$entry->id}->order; } if (isset($customApp->{$entry->id}->visible)) { $entry->visible = $customApp->{$entry->id}->visible; } } } usort($entries, 'commonModel::sortEntryByOrder'); return $entries; }
/** * Admin all blocks. * * @param int $index * @access public * @return void */ public function admin($index = 0) { $title = $index == 0 ? $this->lang->block->createBlock : $this->lang->block->editBlock; $entries = $this->dao->select('*')->from(TABLE_ENTRY)->where('block')->ne('')->orWhere('buildin')->eq(1)->fetchAll('id'); if (!$index) { $index = $this->block->getLastKey('sys') + 1; } $allEntries[''] = ''; foreach ($entries as $id => $entry) { if (!commonModel::hasAppPriv($entry->code)) { continue; } $allEntries[$entry->code] = $entry->name; } //$allEntries['rss'] = 'RSS'; $allEntries['html'] = 'HTML'; $allEntries['allEntries'] = $this->lang->block->allEntries; $allEntries['dynamic'] = $this->lang->block->dynamic; $hiddenBlocks = $this->block->getHiddenBlocks(); foreach ($hiddenBlocks as $block) { $allEntries['hiddenBlock' . $block->id] = $block->title; } $this->view->block = $this->block->getBlock($index); $this->view->entries = $entries; $this->view->allEntries = $allEntries; $this->view->index = $index; $this->view->title = $title; $this->display(); }
/** * Check privilege for action. * * @param object $action * @access public * @return bool */ public function checkPriv($action) { $canView = true; if ($action->customer) { static $customers = array(); if (empty($customers)) { $customers = $this->loadModel('customer', 'crm')->getCustomersSawByMe(); } if (!in_array($action->customer, $customers)) { $canView = false; } } if ($action->contact) { static $contacts = array(); if (empty($contacts)) { $contacts = $this->loadModel('contact', 'crm')->getContactsSawByMe(); } if (!in_array($action->contact, $contacts)) { $canView = false; } } if ($action->objectType == 'order') { static $orders = array(); if (empty($orders)) { $orders = $this->loadModel('order', 'crm')->getOrdersSawByMe(); } if (!in_array($action->objectID, $orders)) { $canView = false; } } if ($action->objectType == 'project' && !$this->loadModel('project', 'oa')->checkPriv($action->objectID)) { $canView = false; } if ($action->objectType == 'task') { $task = $this->loadModel('task')->getByID($action->objectID); if (!$this->loadModel('task', 'sys')->checkPriv($task, 'view')) { $canView = false; } } if ($action->objectType == 'trade') { $trade = $this->loadModel('trade', 'cash')->getByID($action->objectID); $rights = $this->app->user->rights; if (empty($trade) or $this->app->user->admin != 'super' and $trade->type == 'out' and (!isset($rights['tradebrowse']['out']) or !$this->loadModel('tree')->hasRight($trade->category))) { $canView = false; } } if ($action->objectType == 'todo') { $todo = $this->loadModel('todo')->getByID($action->objectID); if (empty($todo) or $this->app->user->account != $todo->account && $this->app->user->account != $todo->assignedTo) { $canView = false; } } $objectType = $action->objectType; $actionType = $action->action; if (isset($this->lang->action->label->{$objectType})) { $objectLabel = $this->lang->action->label->{$objectType}; if (!is_array($objectLabel)) { $action->objectLabel = $objectLabel; } if (is_array($objectLabel) and isset($objectLabel[$actionType])) { $action->objectLabel = $objectLabel[$actionType]; } if (strpos($action->objectLabel, '|') !== false) { list($objectLabel, $moduleName, $methodName, $vars) = explode('|', $action->objectLabel); $action->objectLabel = $objectLabel; if (!$this->loadModel('common')->isOpenMethod($moduleName, $methodName) and !commonModel::hasPriv($moduleName, $methodName)) { $canView = false; } } } if (!commonModel::hasAppPriv($action->appName)) { $canView = false; } return $canView; }
/** * Check current user has priviledge to the module's method or not. * * @param mixed $module the module * @param mixed $method the method * @static * @access public * @return bool */ public static function hasPriv($module, $method) { global $app, $config; if ($app->user->admin == 'super') { return true; } if (RUN_MODE == 'admin') { if ($app->user->admin != 'super') { return false; } } $appName = ''; if (strpos($module, '.') !== false) { list($appName, $module) = explode('.', $module); } /* Check app priv. */ if (!commonModel::hasAppPriv($appName)) { return false; } $rights = $app->user->rights; if (isset($rights[strtolower($module)][strtolower($method)])) { return true; } return false; }
/** * Visit entry. * * @param int $entryID * @param string $referer * @access public * @return void */ public function visit($entryID, $referer = '') { $referer = !empty($_GET['referer']) ? $this->get->referer : $referer; $entry = $this->entry->getById($entryID); /* deny if no this app rights. */ if (!commonModel::hasAppPriv($entry->code)) { $this->loadModel('common', 'sys')->deny($this->app->getModuleName(), $this->app->getMethodName()); } $location = $entry->login; $pathinfo = parse_url($location); if ($entry->integration) { $token = $this->loadModel('sso')->createToken(session_id(), $entryID); if (!empty($pathinfo['query'])) { $location = rtrim($location, '&') . "&token={$token}"; } else { $location = rtrim($location, '?') . "?token={$token}"; } if (!empty($referer)) { $location .= '&referer=' . $referer; } } $this->locate($location); }