$search = isset($_REQUEST['search']) && is_array($_REQUEST['search']) ? $_REQUEST['search'] : array();
$use_master_key = module_user::get_contact_master_key();
if (!$use_master_key) {
throw new Exception('Sorry no Customer or Vendor selected');
} else {
if (isset($_REQUEST[$use_master_key])) {
$search[$use_master_key] = $_REQUEST[$use_master_key];
}
}
switch ($use_master_key) {
case 'customer_id':
$contact_type = 'Customer';
$contact_type_permission = 'Customer';
$contact_module_name = 'customer';
// is this a customer or a lead?
$current_customer_type_id = module_customer::get_current_customer_type_id();
if ($current_customer_type_id > 0) {
$customer_type = module_customer::get_customer_type($current_customer_type_id);
if ($customer_type && !empty($customer_type['type_name'])) {
$contact_type_permission = $customer_type['type_name'];
}
}
break;
case 'vendor_id':
$contact_type = 'Vendor';
$contact_type_permission = 'Vendor';
$contact_module_name = 'vendor';
break;
default:
die('Unsupported type');
}
public static function get_contacts($search = array(), $new_security_check = false, $as_array = true)
{
// limit based on customer id
// build up a custom search sql query based on the provided search fields
$sql = "SELECT u.*,u.user_id AS id ";
$sql .= ", u.name AS name ";
$from = " FROM `" . _DB_PREFIX . "user` u ";
$where = " WHERE (u.customer_id > 0 OR u.vendor_id > 0) ";
if (isset($search['generic']) && $search['generic']) {
$str = mysql_real_escape_string($search['generic']);
$where .= " AND ( ";
$where .= " u.name LIKE '%{$str}%' OR ";
$where .= " u.email LIKE '%{$str}%' OR ";
$where .= " u.phone LIKE '%{$str}%' OR ";
$where .= " u.mobile LIKE '%{$str}%' ";
$where .= ' ) ';
}
if (isset($search['customer_id'])) {
$sql .= ", c.* ";
$sql .= " , c.primary_user_id AS is_primary ";
$from .= " LEFT JOIN `" . _DB_PREFIX . "customer` c ON u.customer_id = c.customer_id ";
$str = (int) $search['customer_id'];
if ($str > 0) {
$where .= " AND u.customer_id = '{$str}'";
} else {
// searching all customers
$where .= " AND u.customer_id > 0 ";
}
} else {
if (isset($search['vendor_id'])) {
//$search['vendor_id']
$sql .= ", c.* ";
$sql .= " , c.primary_user_id AS is_primary ";
$from .= " LEFT JOIN `" . _DB_PREFIX . "vendor` c ON u.vendor_id = c.vendor_id ";
$str = (int) $search['vendor_id'];
if ($str > 0) {
$where .= " AND u.vendor_id = '{$str}'";
} else {
// searching all vendors
$where .= " AND u.vendor_id > 0 ";
}
}
}
foreach (array('is_staff', 'split_hours') as $key) {
if (isset($search[$key]) && $search[$key] !== '' && $search[$key] !== false) {
$str = mysql_real_escape_string($search[$key]);
$where .= " AND u.`{$key}` = '{$str}'";
}
}
if (isset($search['security_role_id']) && (int) $search['security_role_id'] > 0) {
$str = (int) $search['security_role_id'];
$from .= " LEFT JOIN `" . _DB_PREFIX . "user_role` ur ON u.user_id = ur.user_id";
$where .= " AND ur.security_role_id = {$str}";
}
foreach (array('email') as $key) {
if (isset($search[$key]) && $search[$key] !== '' && $search[$key] !== false) {
$str = mysql_real_escape_string($search[$key]);
$where .= " AND u.`{$key}` LIKE '{$str}'";
}
}
if (class_exists('module_customer', false)) {
switch (module_user::get_user_data_access()) {
case _USER_ACCESS_ALL:
// all user accounts.
break;
case _USER_ACCESS_ME:
$where .= " AND u.`user_id` = " . (int) module_security::get_loggedin_id();
break;
case _USER_ACCESS_CONTACTS:
$where .= " AND (u.`customer_id` > 0 OR u.`vendor_id` > 0) ";
break;
}
switch (module_customer::get_customer_data_access()) {
case _CUSTOMER_ACCESS_ALL:
// all customers! so this means all jobs!
break;
case _CUSTOMER_ACCESS_ALL_COMPANY:
case _CUSTOMER_ACCESS_CONTACTS:
case _CUSTOMER_ACCESS_TASKS:
case _CUSTOMER_ACCESS_STAFF:
$valid_customer_ids = module_security::get_customer_restrictions();
if (count($valid_customer_ids)) {
$where .= " AND u.customer_id IN ( ";
foreach ($valid_customer_ids as $valid_customer_id) {
$where .= (int) $valid_customer_id . ", ";
}
$where = rtrim($where, ', ');
$where .= " )";
}
}
if (class_exists('module_vendor', false)) {
switch (module_vendor::get_vendor_data_access()) {
case _VENDOR_ACCESS_ALL:
// all vendors! so this means all jobs!
break;
case _VENDOR_ACCESS_ALL_COMPANY:
case _VENDOR_ACCESS_CONTACTS:
case _VENDOR_ACCESS_TASKS:
$valid_vendor_ids = module_vendor::get_vendors(array(), array('columns', 'c.vendor_id AS id'));
if (count($valid_vendor_ids)) {
$where .= " AND u.vendor_id IN ( ";
foreach ($valid_vendor_ids as $valid_vendor_id => $v) {
$where .= (int) $valid_vendor_id . ", ";
}
$where = rtrim($where, ', ');
$where .= " )";
}
}
}
}
if ($new_security_check) {
// addition for the 'all customer contacts' permission
// if user doesn't' have this permission then we only show ourselves in this list.
$current_customer_type_id = module_customer::get_current_customer_type_id();
$permission_check_string = 'Customer';
if ($current_customer_type_id > 0) {
$customer_type = module_customer::get_customer_type($current_customer_type_id);
if ($customer_type && !empty($customer_type['type_name'])) {
$permission_check_string = $customer_type['type_name'];
}
}
if (isset($search['customer_id']) && $search['customer_id'] && !module_user::can_i('view', 'All ' . $permission_check_string . ' Contacts', 'Customer', 'customer')) {
$where .= " AND u.user_id = " . (int) module_security::get_loggedin_id();
/*foreach($result as $key=>$val){
if($val['user_id']!=module_security::get_loggedin_id())unset($result[$key]);
}*/
} else {
if (isset($search['vendor_id']) && $search['vendor_id'] && !module_user::can_i('view', 'All Vendor Contacts', 'Vendor', 'vendor')) {
$where .= " AND u.user_id = " . (int) module_security::get_loggedin_id();
}
}
}
$group_order = ' GROUP BY u.user_id ';
if (isset($search['customer_id']) && $search['customer_id']) {
$group_order .= 'ORDER BY c.customer_name, u.name';
// stop when multiple company sites have same region
} else {
if (isset($search['vendor_id']) && $search['vendor_id']) {
$group_order .= 'ORDER BY c.vendor_name, u.name';
// stop when multiple company sites have same region
}
}
$sql = $sql . $from . $where . $group_order;
if ($as_array) {
$result = qa($sql);
} else {
$result = query($sql);
}
//module_security::filter_data_set("user",$result);
return $result;
// return get_multiple("user",$search,"user_id","fuzzy","name");
}
