/** static stuff */ public static function link_generate($customer_id = false, $options = array(), $link_options = array()) { // link generation can be cached and save a few db calls. $link_cache_key = 'customer_link_' . md5(module_security::get_loggedin_id() . '_' . serialize(func_get_args()) . '_' . (isset($_REQUEST['customer_id']) ? $_REQUEST['customer_id'] : false)); $link_cache_timeout = module_config::c('cache_link_timeout', 3600); if ($cached_link = module_cache::get('customer', $link_cache_key)) { return $cached_link; } // we accept link options from a bubbled link call. // so we have to prepent our options to the start of the link_options array incase // anything bubbled up to this method. // build our options into the $options variable and array_unshift this onto the link_options at the end. $key = 'customer_id'; // the key we look for in data arrays, on in _REQUEST variables. for sub link building. $customer_data = false; // we check if we're bubbling from a sub link, and find the item id from a sub link if (${$key} === false && $link_options) { foreach ($link_options as $link_option) { if (isset($link_option['data']) && isset($link_option['data'][$key])) { ${$key} = $link_option['data'][$key]; break; } } if (!${$key} && isset($_REQUEST[$key])) { ${$key} = $_REQUEST[$key]; } // check if this still exists. // this is a hack incase the customer is deleted, the invoices are still left behind. if (${$key} && $link_options) { $customer_data = self::get_customer(${$key}, true, true); if (!$customer_data || !isset($customer_data[$key]) || $customer_data[$key] != ${$key}) { $link = link_generate($link_options); module_cache::put('customer', $link_cache_key, $link, $link_cache_timeout); return $link; } } } // grab the data for this particular link, so that any parent bubbled link_generate() methods // can access data from a sub item (eg: an id) //$options['text'] = isset($options['text']) ? htmlspecialchars($options['text']) : ''; // generate the arguments for this link if (!isset($options['type'])) { $options['type'] = 'customer'; } if (!isset($options['page'])) { $options['page'] = 'customer_admin_' . ($customer_id || $customer_id == 'new' ? 'open' : 'list'); } if (!isset($options['arguments'])) { $options['arguments'] = array(); } $options['arguments']['customer_id'] = $customer_id; if (!isset($options['arguments']['customer_type_id'])) { $options['arguments']['customer_type_id'] = self::get_current_customer_type_id(); } // generate the path (module & page) for this link $options['module'] = 'customer'; if ($options['page'] == 'customer_settings_types') { if (empty($options['data'])) { $data = self::get_customer_type($customer_id); $options['data'] = $data; } $options['text'] = isset($options['data']['type_name_plural']) ? $options['data']['type_name_plural'] : ''; array_unshift($link_options, $options); $options['page'] = 'customer_settings'; // bubble back onto ourselves for the link. return self::link_generate(0, $options, $link_options); } if (isset($options['full']) && $options['full']) { // only hit database if we need to print a full link with the name in it. if (!isset($options['data']) || !$options['data']) { if ((int) $customer_id > 0) { $data = $customer_data ? $customer_data : self::get_customer($customer_id, true, true); } else { $data = array(); } $options['data'] = $data; } else { $data = $options['data']; } // what text should we display in this link? $options['text'] = !empty($options['text']) ? $options['text'] : (!isset($data['customer_name']) || !trim($data['customer_name']) ? _l('N/A') : $data['customer_name']); if (!$data || !$customer_id && $options['page'] != 'customer_settings' || !$customer_id && $options['page'] == 'customer_settings' && !$options['arguments']['customer_type_id'] || isset($data['_no_access'])) { $link = $options['text']; module_cache::put('customer', $link_cache_key, $link, $link_cache_timeout); return $link; } } // append this to our link options array, which is eventually passed to the // global link generate function which takes all these arguments and builds a link out of them. // $options['skip_permissions'] is used in password reset, otherwise we get # in url $page_type = 'Active Leads'; if ($options['arguments']['customer_type_id'] > 0) { $customer_type = module_customer::get_customer_type($options['arguments']['customer_type_id']); if ($customer_type && !empty($customer_type['type_name'])) { $page_type = $customer_type['type_name_plural']; } } if (!self::can_i('view', $page_type) && (!isset($options['skip_permissions']) || !$options['skip_permissions'])) { if (!isset($options['full']) || !$options['full']) { $link = '#'; } else { $link = isset($options['text']) ? $options['text'] : 'N/A'; } module_cache::put('customer', $link_cache_key, $link, $link_cache_timeout); return $link; } if (isset($data['customer_status'])) { switch ($data['customer_status']) { case _CUSTOMER_STATUS_OVERDUE: $link_options['class'] = 'customer_overdue error_text'; break; case _CUSTOMER_STATUS_OWING: $link_options['class'] = 'customer_owing'; break; case _CUSTOMER_STATUS_PAID: $link_options['class'] = 'customer_paid success_text'; break; } } // optionally bubble this link up to a parent link_generate() method, so we can nest modules easily // change this variable to the one we are going to bubble up to: $bubble_to_module = false; if ($options['page'] == 'customer_settings') { $link_options[0]['arguments']['customer_id'] = false; $bubble_to_module = array('module' => 'config'); } /*$bubble_to_module = array( 'module' => 'people', 'argument' => 'people_id', );*/ array_unshift($link_options, $options); if ($bubble_to_module) { global $plugins; $link = $plugins[$bubble_to_module['module']]->link_generate(false, array(), $link_options); } else { // return the link as-is, no more bubbling or anything. // pass this off to the global link_generate() function $link = link_generate($link_options); } module_cache::put('customer', $link_cache_key, $link, $link_cache_timeout); return $link; }
if (!$use_master_key) { throw new Exception('Sorry no Customer or Vendor selected'); } else { if (isset($_REQUEST[$use_master_key])) { $search[$use_master_key] = $_REQUEST[$use_master_key]; } } switch ($use_master_key) { case 'customer_id': $contact_type = 'Customer'; $contact_type_permission = 'Customer'; $contact_module_name = 'customer'; // is this a customer or a lead? $current_customer_type_id = module_customer::get_current_customer_type_id(); if ($current_customer_type_id > 0) { $customer_type = module_customer::get_customer_type($current_customer_type_id); if ($customer_type && !empty($customer_type['type_name'])) { $contact_type_permission = $customer_type['type_name']; } } break; case 'vendor_id': $contact_type = 'Vendor'; $contact_type_permission = 'Vendor'; $contact_module_name = 'vendor'; break; default: die('Unsupported type'); } $module->page_title = _l($contact_type_permission . ' Contacts'); if (!isset($search[$use_master_key]) || !$search[$use_master_key]) {
public static function get_contacts($search = array(), $new_security_check = false, $as_array = true) { // limit based on customer id // build up a custom search sql query based on the provided search fields $sql = "SELECT u.*,u.user_id AS id "; $sql .= ", u.name AS name "; $from = " FROM `" . _DB_PREFIX . "user` u "; $where = " WHERE (u.customer_id > 0 OR u.vendor_id > 0) "; if (isset($search['generic']) && $search['generic']) { $str = mysql_real_escape_string($search['generic']); $where .= " AND ( "; $where .= " u.name LIKE '%{$str}%' OR "; $where .= " u.email LIKE '%{$str}%' OR "; $where .= " u.phone LIKE '%{$str}%' OR "; $where .= " u.mobile LIKE '%{$str}%' "; $where .= ' ) '; } if (isset($search['customer_id'])) { $sql .= ", c.* "; $sql .= " , c.primary_user_id AS is_primary "; $from .= " LEFT JOIN `" . _DB_PREFIX . "customer` c ON u.customer_id = c.customer_id "; $str = (int) $search['customer_id']; if ($str > 0) { $where .= " AND u.customer_id = '{$str}'"; } else { // searching all customers $where .= " AND u.customer_id > 0 "; } } else { if (isset($search['vendor_id'])) { //$search['vendor_id'] $sql .= ", c.* "; $sql .= " , c.primary_user_id AS is_primary "; $from .= " LEFT JOIN `" . _DB_PREFIX . "vendor` c ON u.vendor_id = c.vendor_id "; $str = (int) $search['vendor_id']; if ($str > 0) { $where .= " AND u.vendor_id = '{$str}'"; } else { // searching all vendors $where .= " AND u.vendor_id > 0 "; } } } foreach (array('is_staff', 'split_hours') as $key) { if (isset($search[$key]) && $search[$key] !== '' && $search[$key] !== false) { $str = mysql_real_escape_string($search[$key]); $where .= " AND u.`{$key}` = '{$str}'"; } } if (isset($search['security_role_id']) && (int) $search['security_role_id'] > 0) { $str = (int) $search['security_role_id']; $from .= " LEFT JOIN `" . _DB_PREFIX . "user_role` ur ON u.user_id = ur.user_id"; $where .= " AND ur.security_role_id = {$str}"; } foreach (array('email') as $key) { if (isset($search[$key]) && $search[$key] !== '' && $search[$key] !== false) { $str = mysql_real_escape_string($search[$key]); $where .= " AND u.`{$key}` LIKE '{$str}'"; } } if (class_exists('module_customer', false)) { switch (module_user::get_user_data_access()) { case _USER_ACCESS_ALL: // all user accounts. break; case _USER_ACCESS_ME: $where .= " AND u.`user_id` = " . (int) module_security::get_loggedin_id(); break; case _USER_ACCESS_CONTACTS: $where .= " AND (u.`customer_id` > 0 OR u.`vendor_id` > 0) "; break; } switch (module_customer::get_customer_data_access()) { case _CUSTOMER_ACCESS_ALL: // all customers! so this means all jobs! break; case _CUSTOMER_ACCESS_ALL_COMPANY: case _CUSTOMER_ACCESS_CONTACTS: case _CUSTOMER_ACCESS_TASKS: case _CUSTOMER_ACCESS_STAFF: $valid_customer_ids = module_security::get_customer_restrictions(); if (count($valid_customer_ids)) { $where .= " AND u.customer_id IN ( "; foreach ($valid_customer_ids as $valid_customer_id) { $where .= (int) $valid_customer_id . ", "; } $where = rtrim($where, ', '); $where .= " )"; } } if (class_exists('module_vendor', false)) { switch (module_vendor::get_vendor_data_access()) { case _VENDOR_ACCESS_ALL: // all vendors! so this means all jobs! break; case _VENDOR_ACCESS_ALL_COMPANY: case _VENDOR_ACCESS_CONTACTS: case _VENDOR_ACCESS_TASKS: $valid_vendor_ids = module_vendor::get_vendors(array(), array('columns', 'c.vendor_id AS id')); if (count($valid_vendor_ids)) { $where .= " AND u.vendor_id IN ( "; foreach ($valid_vendor_ids as $valid_vendor_id => $v) { $where .= (int) $valid_vendor_id . ", "; } $where = rtrim($where, ', '); $where .= " )"; } } } } if ($new_security_check) { // addition for the 'all customer contacts' permission // if user doesn't' have this permission then we only show ourselves in this list. $current_customer_type_id = module_customer::get_current_customer_type_id(); $permission_check_string = 'Customer'; if ($current_customer_type_id > 0) { $customer_type = module_customer::get_customer_type($current_customer_type_id); if ($customer_type && !empty($customer_type['type_name'])) { $permission_check_string = $customer_type['type_name']; } } if (isset($search['customer_id']) && $search['customer_id'] && !module_user::can_i('view', 'All ' . $permission_check_string . ' Contacts', 'Customer', 'customer')) { $where .= " AND u.user_id = " . (int) module_security::get_loggedin_id(); /*foreach($result as $key=>$val){ if($val['user_id']!=module_security::get_loggedin_id())unset($result[$key]); }*/ } else { if (isset($search['vendor_id']) && $search['vendor_id'] && !module_user::can_i('view', 'All Vendor Contacts', 'Vendor', 'vendor')) { $where .= " AND u.user_id = " . (int) module_security::get_loggedin_id(); } } } $group_order = ' GROUP BY u.user_id '; if (isset($search['customer_id']) && $search['customer_id']) { $group_order .= 'ORDER BY c.customer_name, u.name'; // stop when multiple company sites have same region } else { if (isset($search['vendor_id']) && $search['vendor_id']) { $group_order .= 'ORDER BY c.vendor_name, u.name'; // stop when multiple company sites have same region } } $sql = $sql . $from . $where . $group_order; if ($as_array) { $result = qa($sql); } else { $result = query($sql); } //module_security::filter_data_set("user",$result); return $result; // return get_multiple("user",$search,"user_id","fuzzy","name"); }