public function execute()
{
// only allowed to global admin
if (!wa()->getUser()->getRights('webasyst', 'backend')) {
throw new waRightsException('Access denied');
}
if (!($group_id = (int) waRequest::get('id'))) {
throw new waException('Group id not specified.');
}
$gm = new waGroupModel();
$group = $gm->getById($group_id);
$right_model = new waContactRightsModel();
$fullAccess = $right_model->get(-$group_id, 'webasyst', 'backend');
$apps = wa()->getApps();
if (!$fullAccess) {
$appAccess = $right_model->getApps($group_id, 'backend');
}
$noAccess = true;
foreach ($apps as $app_id => &$app) {
$app['id'] = $app_id;
$app['customizable'] = isset($app['rights']) ? (bool) $app['rights'] : false;
$app['access'] = $fullAccess ? 2 : 0;
if (!$app['access'] && isset($appAccess[$app_id])) {
$app['access'] = $appAccess[$app_id];
}
$noAccess = $noAccess && !$app['access'];
}
unset($app);
$this->view->assign('apps', $apps);
$this->view->assign('group', $group);
$this->view->assign('noAccess', $noAccess);
$this->view->assign('fullAccess', $fullAccess);
}
public function execute()
{
// only allowed to global admin
if (!wa()->getUser()->getRights('webasyst', 'backend')) {
throw new waRightsException(_w('Access denied'));
}
$group = null;
$group_id = waRequest::get('id');
if ($group_id) {
$group_model = new waGroupModel();
$group = $group_model->getById($group_id);
}
// only allowed to global admin
$is_global_admin = wa()->getUser()->getRights('webasyst', 'backend');
$right_model = new waContactRightsModel();
$fullAccess = $right_model->get(-$group_id, 'webasyst', 'backend');
$apps = wa()->getApps();
if (!$fullAccess) {
$appAccess = $right_model->getApps($group_id, 'backend');
}
$noAccess = true;
foreach ($apps as $app_id => &$app) {
$app['id'] = $app_id;
$app['customizable'] = isset($app['rights']) ? (bool) $app['rights'] : false;
$app['access'] = $fullAccess ? 2 : 0;
if (!$app['access'] && isset($appAccess[$app_id])) {
$app['access'] = $appAccess[$app_id];
}
$noAccess = $noAccess && !$app['access'];
}
unset($app);
$user_groups = new waUserGroupsModel();
$users_count = $user_groups->countByField(array('group_id' => $group_id));
$this->view->assign('users_count', $users_count);
$this->view->assign('apps', $apps);
$this->view->assign('noAccess', $noAccess);
$this->view->assign('fullAccess', $fullAccess);
$this->view->assign('is_global_admin', $is_global_admin);
$this->view->assign('group', $group);
$this->view->assign('icons', waGroupModel::getIcons());
}
public function getApps($sorted = true)
{
$apps = waSystem::getInstance()->getApps();
$right_model = new waContactRightsModel();
$rights = $right_model->getApps(-$this->id, 'backend', true, false);
$is_admin = isset($rights['webasyst']) && $rights['webasyst'];
$sorted_apps = array();
if ($sorted) {
$sort = explode(',', $this->getSettings('', 'apps'));
foreach ($sort as $app_id) {
if (!$is_admin && (!isset($rights[$app_id]) || !$rights[$app_id])) {
continue;
}
if (isset($apps[$app_id])) {
$sorted_apps[$app_id] = $apps[$app_id];
unset($apps[$app_id]);
}
}
}
foreach ($apps as $app_id => $app) {
if (!$is_admin && (!isset($rights[$app_id]) || !$rights[$app_id])) {
continue;
}
$sorted_apps[$app_id] = $app;
}
return $sorted_apps;
}
/** Using $this->id and $this->contact, if contact is a user,
* collect and load vars into $this->view specific to waUser. */
protected function getUserInfo()
{
$system = waSystem::getInstance();
$rm = new waContactRightsModel();
$ugm = new waUserGroupsModel();
$gm = new waGroupModel();
// Personal and group access rights
$groups = $ugm->getGroups($this->id);
$ownAccess = $rm->getApps(-$this->id, 'backend', FALSE, FALSE);
$groupAccess = $rm->getApps(array_keys($groups), 'backend', FALSE, FALSE);
if (!isset($ownAccess['webasyst'])) {
$ownAccess['webasyst'] = 0;
}
if (!isset($groupAccess['webasyst'])) {
$groupAccess['webasyst'] = 0;
}
// Build application list with personal and group access rights for each app
$apps = $system->getApps();
$noAccess = true;
$gNoAccess = true;
foreach ($apps as $app_id => &$app) {
$app['id'] = $app_id;
$app['customizable'] = isset($app['rights']) ? (bool) $app['rights'] : false;
$app['access'] = $ownAccess['webasyst'] ? 2 : 0;
if (!$app['access'] && isset($ownAccess[$app_id])) {
$app['access'] = $ownAccess[$app_id];
}
$app['gaccess'] = $groupAccess['webasyst'] ? 2 : 0;
if (!$app['gaccess'] && isset($groupAccess[$app_id])) {
$app['gaccess'] = $groupAccess[$app_id];
}
$noAccess = $noAccess && !$app['gaccess'] && !$app['access'];
$gNoAccess = $gNoAccess && !$app['gaccess'];
}
unset($app);
$this->view->assign('apps', $apps);
$this->view->assign('groups', $groups);
$this->view->assign('noAccess', $noAccess ? 1 : 0);
$this->view->assign('gNoAccess', $gNoAccess ? 1 : 0);
$this->view->assign('all_groups', $gm->getNames());
$this->view->assign('fullAccess', $ownAccess['webasyst']);
$this->view->assign('gFullAccess', $groupAccess['webasyst']);
$this->view->assign('access_to_contacts', $this->getUser()->getRights('contacts', 'backend'));
}
public function hasBackendAccess($contact_id)
{
$ugm = new waUserGroupsModel();
$rm = new waContactRightsModel();
$ownAccess = $rm->getApps(-$contact_id, 'backend', FALSE, FALSE);
if (!isset($ownAccess['webasyst'])) {
$ownAccess['webasyst'] = 0;
}
$groups = $ugm->getGroups($contact_id);
$groupAccess = $rm->getApps(array_keys($groups), 'backend', FALSE, FALSE);
if (!isset($groupAccess['webasyst'])) {
$groupAccess['webasyst'] = 0;
}
$system = waSystem::getInstance();
$apps = $system->getApps();
$noAccess = true;
$gNoAccess = true;
foreach ($apps as $app_id => &$app) {
$app['id'] = $app_id;
$app['customizable'] = isset($app['rights']) ? (bool) $app['rights'] : false;
$app['access'] = $ownAccess['webasyst'] ? 2 : 0;
if (!$app['access'] && isset($ownAccess[$app_id])) {
$app['access'] = $ownAccess[$app_id];
}
$app['gaccess'] = $groupAccess['webasyst'] ? 2 : 0;
if (!$app['gaccess'] && isset($groupAccess[$app_id])) {
$app['gaccess'] = $groupAccess[$app_id];
}
$noAccess = $noAccess && !$app['gaccess'] && !$app['access'];
$gNoAccess = $gNoAccess && !$app['gaccess'];
}
unset($app);
return $ownAccess['webasyst'] || !$noAccess;
}
public static function getAccessTabTitle(waContact $contact)
{
$rm = new waContactRightsModel();
$ugm = new waUserGroupsModel();
$gm = new waGroupModel();
// Personal and group access rights
$groups = $ugm->getGroups($contact['id']);
$ownAccess = $rm->getApps(-$contact['id'], 'backend', false, false);
$groupAccess = $rm->getApps(array_keys($groups), 'backend', false, false);
if (!isset($ownAccess['webasyst'])) {
$ownAccess['webasyst'] = 0;
}
if (!isset($groupAccess['webasyst'])) {
$groupAccess['webasyst'] = 0;
}
// Build application list with personal and group access rights for each app
$apps = wa()->getApps();
$noAccess = true;
$gNoAccess = true;
foreach ($apps as $app_id => &$app) {
$app['id'] = $app_id;
$app['customizable'] = isset($app['rights']) ? (bool) $app['rights'] : false;
$app['access'] = $ownAccess['webasyst'] ? 2 : 0;
if (!$app['access'] && isset($ownAccess[$app_id])) {
$app['access'] = $ownAccess[$app_id];
}
$app['gaccess'] = $groupAccess['webasyst'] ? 2 : 0;
if (!$app['gaccess'] && isset($groupAccess[$app_id])) {
$app['gaccess'] = $groupAccess[$app_id];
}
$noAccess = $noAccess && !$app['gaccess'] && !$app['access'];
$gNoAccess = $gNoAccess && !$app['gaccess'];
}
unset($app);
$html = _w('Access');
$html .= ' <i class="icon16 c-access-icon ';
if ($contact['is_user'] == -1) {
$html .= 'delete';
} else {
if (!$groupAccess['webasyst'] && !$ownAccess['webasyst'] && $noAccess) {
$html .= 'key-bw';
} else {
$html .= 'key';
}
}
$html .= '"></i>';
return $html;
}
