public function execute() { // only allowed to global admin if (!wa()->getUser()->getRights('webasyst', 'backend')) { throw new waRightsException('Access denied'); } if (!($group_id = (int) waRequest::get('id'))) { throw new waException('Group id not specified.'); } $gm = new waGroupModel(); $group = $gm->getById($group_id); $right_model = new waContactRightsModel(); $fullAccess = $right_model->get(-$group_id, 'webasyst', 'backend'); $apps = wa()->getApps(); if (!$fullAccess) { $appAccess = $right_model->getApps($group_id, 'backend'); } $noAccess = true; foreach ($apps as $app_id => &$app) { $app['id'] = $app_id; $app['customizable'] = isset($app['rights']) ? (bool) $app['rights'] : false; $app['access'] = $fullAccess ? 2 : 0; if (!$app['access'] && isset($appAccess[$app_id])) { $app['access'] = $appAccess[$app_id]; } $noAccess = $noAccess && !$app['access']; } unset($app); $this->view->assign('apps', $apps); $this->view->assign('group', $group); $this->view->assign('noAccess', $noAccess); $this->view->assign('fullAccess', $fullAccess); }
public function execute() { // only allowed to global admin if (!wa()->getUser()->getRights('webasyst', 'backend')) { throw new waRightsException(_w('Access denied')); } $group = null; $group_id = waRequest::get('id'); if ($group_id) { $group_model = new waGroupModel(); $group = $group_model->getById($group_id); } // only allowed to global admin $is_global_admin = wa()->getUser()->getRights('webasyst', 'backend'); $right_model = new waContactRightsModel(); $fullAccess = $right_model->get(-$group_id, 'webasyst', 'backend'); $apps = wa()->getApps(); if (!$fullAccess) { $appAccess = $right_model->getApps($group_id, 'backend'); } $noAccess = true; foreach ($apps as $app_id => &$app) { $app['id'] = $app_id; $app['customizable'] = isset($app['rights']) ? (bool) $app['rights'] : false; $app['access'] = $fullAccess ? 2 : 0; if (!$app['access'] && isset($appAccess[$app_id])) { $app['access'] = $appAccess[$app_id]; } $noAccess = $noAccess && !$app['access']; } unset($app); $user_groups = new waUserGroupsModel(); $users_count = $user_groups->countByField(array('group_id' => $group_id)); $this->view->assign('users_count', $users_count); $this->view->assign('apps', $apps); $this->view->assign('noAccess', $noAccess); $this->view->assign('fullAccess', $fullAccess); $this->view->assign('is_global_admin', $is_global_admin); $this->view->assign('group', $group); $this->view->assign('icons', waGroupModel::getIcons()); }
public function getApps($sorted = true) { $apps = waSystem::getInstance()->getApps(); $right_model = new waContactRightsModel(); $rights = $right_model->getApps(-$this->id, 'backend', true, false); $is_admin = isset($rights['webasyst']) && $rights['webasyst']; $sorted_apps = array(); if ($sorted) { $sort = explode(',', $this->getSettings('', 'apps')); foreach ($sort as $app_id) { if (!$is_admin && (!isset($rights[$app_id]) || !$rights[$app_id])) { continue; } if (isset($apps[$app_id])) { $sorted_apps[$app_id] = $apps[$app_id]; unset($apps[$app_id]); } } } foreach ($apps as $app_id => $app) { if (!$is_admin && (!isset($rights[$app_id]) || !$rights[$app_id])) { continue; } $sorted_apps[$app_id] = $app; } return $sorted_apps; }
/** Using $this->id and $this->contact, if contact is a user, * collect and load vars into $this->view specific to waUser. */ protected function getUserInfo() { $system = waSystem::getInstance(); $rm = new waContactRightsModel(); $ugm = new waUserGroupsModel(); $gm = new waGroupModel(); // Personal and group access rights $groups = $ugm->getGroups($this->id); $ownAccess = $rm->getApps(-$this->id, 'backend', FALSE, FALSE); $groupAccess = $rm->getApps(array_keys($groups), 'backend', FALSE, FALSE); if (!isset($ownAccess['webasyst'])) { $ownAccess['webasyst'] = 0; } if (!isset($groupAccess['webasyst'])) { $groupAccess['webasyst'] = 0; } // Build application list with personal and group access rights for each app $apps = $system->getApps(); $noAccess = true; $gNoAccess = true; foreach ($apps as $app_id => &$app) { $app['id'] = $app_id; $app['customizable'] = isset($app['rights']) ? (bool) $app['rights'] : false; $app['access'] = $ownAccess['webasyst'] ? 2 : 0; if (!$app['access'] && isset($ownAccess[$app_id])) { $app['access'] = $ownAccess[$app_id]; } $app['gaccess'] = $groupAccess['webasyst'] ? 2 : 0; if (!$app['gaccess'] && isset($groupAccess[$app_id])) { $app['gaccess'] = $groupAccess[$app_id]; } $noAccess = $noAccess && !$app['gaccess'] && !$app['access']; $gNoAccess = $gNoAccess && !$app['gaccess']; } unset($app); $this->view->assign('apps', $apps); $this->view->assign('groups', $groups); $this->view->assign('noAccess', $noAccess ? 1 : 0); $this->view->assign('gNoAccess', $gNoAccess ? 1 : 0); $this->view->assign('all_groups', $gm->getNames()); $this->view->assign('fullAccess', $ownAccess['webasyst']); $this->view->assign('gFullAccess', $groupAccess['webasyst']); $this->view->assign('access_to_contacts', $this->getUser()->getRights('contacts', 'backend')); }
public function hasBackendAccess($contact_id) { $ugm = new waUserGroupsModel(); $rm = new waContactRightsModel(); $ownAccess = $rm->getApps(-$contact_id, 'backend', FALSE, FALSE); if (!isset($ownAccess['webasyst'])) { $ownAccess['webasyst'] = 0; } $groups = $ugm->getGroups($contact_id); $groupAccess = $rm->getApps(array_keys($groups), 'backend', FALSE, FALSE); if (!isset($groupAccess['webasyst'])) { $groupAccess['webasyst'] = 0; } $system = waSystem::getInstance(); $apps = $system->getApps(); $noAccess = true; $gNoAccess = true; foreach ($apps as $app_id => &$app) { $app['id'] = $app_id; $app['customizable'] = isset($app['rights']) ? (bool) $app['rights'] : false; $app['access'] = $ownAccess['webasyst'] ? 2 : 0; if (!$app['access'] && isset($ownAccess[$app_id])) { $app['access'] = $ownAccess[$app_id]; } $app['gaccess'] = $groupAccess['webasyst'] ? 2 : 0; if (!$app['gaccess'] && isset($groupAccess[$app_id])) { $app['gaccess'] = $groupAccess[$app_id]; } $noAccess = $noAccess && !$app['gaccess'] && !$app['access']; $gNoAccess = $gNoAccess && !$app['gaccess']; } unset($app); return $ownAccess['webasyst'] || !$noAccess; }
public static function getAccessTabTitle(waContact $contact) { $rm = new waContactRightsModel(); $ugm = new waUserGroupsModel(); $gm = new waGroupModel(); // Personal and group access rights $groups = $ugm->getGroups($contact['id']); $ownAccess = $rm->getApps(-$contact['id'], 'backend', false, false); $groupAccess = $rm->getApps(array_keys($groups), 'backend', false, false); if (!isset($ownAccess['webasyst'])) { $ownAccess['webasyst'] = 0; } if (!isset($groupAccess['webasyst'])) { $groupAccess['webasyst'] = 0; } // Build application list with personal and group access rights for each app $apps = wa()->getApps(); $noAccess = true; $gNoAccess = true; foreach ($apps as $app_id => &$app) { $app['id'] = $app_id; $app['customizable'] = isset($app['rights']) ? (bool) $app['rights'] : false; $app['access'] = $ownAccess['webasyst'] ? 2 : 0; if (!$app['access'] && isset($ownAccess[$app_id])) { $app['access'] = $ownAccess[$app_id]; } $app['gaccess'] = $groupAccess['webasyst'] ? 2 : 0; if (!$app['gaccess'] && isset($groupAccess[$app_id])) { $app['gaccess'] = $groupAccess[$app_id]; } $noAccess = $noAccess && !$app['gaccess'] && !$app['access']; $gNoAccess = $gNoAccess && !$app['gaccess']; } unset($app); $html = _w('Access'); $html .= ' <i class="icon16 c-access-icon '; if ($contact['is_user'] == -1) { $html .= 'delete'; } else { if (!$groupAccess['webasyst'] && !$ownAccess['webasyst'] && $noAccess) { $html .= 'key-bw'; } else { $html .= 'key'; } } $html .= '"></i>'; return $html; }