/**
* The client CAN use the information contained in
* $response['manage_permission'] to make decisions such as whether or not to
* allow the current user to edit the set of groups in the store.
* @param Array $params Client input parameters
* @return $response for the client.
*/
protected function actionSelectedStore($params)
{
$currentPermissionLevel = \GO\Base\Model\Acl::getUserPermissionLevel($params['model_id'], \GO::user()->id);
$response['manage_permission'] = $params['currentUserHasManagePermission'] = \GO\Base\Model\Acl::hasPermission($currentPermissionLevel, \GO\Base\Model\Acl::MANAGE_PERMISSION);
$response = array_merge($response, parent::actionSelectedStore($params));
return $response;
}
public function checkWritePermission($delete = false)
{
$fsFile = new \GO\Base\Fs\File($this->path);
$this->folder = \GO\Files\Model\Folder::model()->findByPath($fsFile->parent()->stripFileStoragePath());
if (!\GO\Base\Model\Acl::hasPermission($this->folder->getPermissionLevel(), \GO\Base\Model\Acl::WRITE_PERMISSION)) {
throw new Sabre\DAV\Exception\Forbidden("DAV: User " . \GO::user()->username . " doesn't have write permission for file '" . $this->relpath . '"');
}
}
public function checkPermissionsWithLicense()
{
$users = License::moduleIsRestricted($this->id());
// GO::debug($users);
if ($users === false) {
return true;
}
$acl_id = GO::modules()->{$this->id()}->acl_id;
$users = \GO\Base\Model\Acl::getAuthorizedUsers($acl_id);
foreach ($users as $user) {
if (!in_array($user->username, $users)) {
return false;
}
}
return true;
}
/**
* Return information for add and delete buttons in the view. It tells wether add or delete is allowed.
*
* @param array $response
*/
public function setButtonParams(&$response)
{
$models = $this->_getSelectedModels();
foreach ($models as $model) {
if (!isset($response['buttonParams']) && \GO\Base\Model\Acl::hasPermission($model->getPermissionLevel(), \GO\Base\Model\Acl::CREATE_PERMISSION)) {
//instruct the view for the add action.
$response['buttonParams'] = array('id' => $model->id, 'name' => $model->name, 'permissionLevel' => $model->getPermissionLevel());
}
}
}
/**
* Can be used in actionDisplay like actions
* @param \GO\Base\Db\ActiveRecord $data['model'] the model to render display data for
* @param array $extraFields the extra fields that should be attached to the data array as key => value
* @return \GO\Base\Data\JsonResponse Response object
*/
public function renderDisplay($data)
{
$response = array('data' => array(), 'success' => true);
$response['data'] = $data['model']->getAttributes('html');
if (!empty($data['model']->user)) {
$response['data']['username'] = $data['model']->user->name;
}
if (!empty($data['model']->mUser)) {
$response['data']['musername'] = $data['model']->mUser->name;
}
//$response['data'] = $model->getAttributes('html');
//$response['data']['model'] = $model->className();
$response['data']['permission_level'] = $data['model']->getPermissionLevel();
$response['data']['write_permission'] = \GO\Base\Model\Acl::hasPermission($response['data']['permission_level'], \GO\Base\Model\Acl::WRITE_PERMISSION);
$response['data']['customfields'] = array();
if (!isset($response['data']['workflow']) && \GO::modules()->workflow) {
$response = $this->_processWorkflowDisplay($data['model'], $response);
}
if ($data['model']->customfieldsRecord) {
$response = $this->_processCustomFieldsDisplay($data['model'], $response);
}
if ($data['model']->hasLinks()) {
$response = $this->_processLinksDisplay($data['model'], $response);
if (!isset($response['data']['events']) && \GO::modules()->calendar) {
$response = $this->_processEventsDisplay($data['model'], $response);
}
if (!isset($response['data']['tasks']) && \GO::modules()->tasks) {
$response = $this->_processTasksDisplay($data['model'], $response);
}
}
if (\GO::modules()->files && !isset($response['data']['files'])) {
$response = $this->_processFilesDisplay($data['model'], $response);
}
if (\GO::modules()->comments) {
$response = $this->_processCommentsDisplay($data['model'], $response);
}
if (\GO::modules()->lists) {
$response = \GO\Lists\ListsModule::displayResponse($data['model'], $response);
}
//
// $this->fireEvent('display', array(
// &$this,
// &$response,
// &$model
// ));
return new \GO\Base\Data\JsonResponse($response);
}
protected function actionGetNewAcl($params)
{
$acl = new \GO\Base\Model\Acl();
$acl->user_id = isset($params['user_id']) ? $params['user_id'] : \GO::user()->id;
$acl->description = $params['description'];
$acl->save();
echo $acl->id;
}
protected function beforeDelete(array $params)
{
$delKeys = !empty($params['delete_keys']) ? json_decode($params['delete_keys']) : array();
if (!empty($delKeys)) {
// Only admins may edit the set of linked users.
if (!$params['currentUserHasManagePermission']) {
throw new \GO\Base\Exception\AccessDenied();
}
foreach ($delKeys as $delKey) {
// if ($delKey==1)
// throw new \Exception(\GO::t('dontChangeAdminPermissions'));
$aclItem = \GO\Base\Model\Acl::model()->findByPk($params['model_id']);
if ($aclItem->user_id == $delKey) {
// Situation: user with id $delKey is owner of ACL with id $params['model_id']
if (\GO::user()->isAdmin()) {
// Situation: Current user is in root group. Action: set current
// user as owner of the ACL
$aclItem->user_id = \GO::user()->id;
$aclItem->save();
} else {
throw new \Exception(\GO::t('dontChangeOwnersPermissions'));
}
}
}
} else {
return false;
}
return true;
}
protected function actionList($params)
{
if (!empty($params['query'])) {
return $this->_searchFiles($params);
}
if ($params['folder_id'] == 'shared') {
return $this->_listShares($params);
}
//get the folder that contains the files and folders to list.
//This will check permissions too.
$folder = \GO\Files\Model\Folder::model()->findByPk($params['folder_id']);
if (!$folder) {
$folder = \GO\Files\Model\Folder::model()->findHomeFolder(GO::user());
}
if (!$folder) {
throw new Exception('No Folder found with id ' . $params['folder_id']);
}
$user = $folder->quotaUser;
$this->_listFolderPermissionLevel = $folder->permissionLevel;
$response['permission_level'] = $folder->permissionLevel;
//$folder->readonly ? \GO\Base\Model\Acl::READ_PERMISSION : $folder->permissionLevel;
if (empty($params['skip_fs_sync']) && empty(GO::config()->files_disable_filesystem_sync)) {
$folder->checkFsSync();
}
//useful information for the view.
$response['path'] = $folder->path;
//Show this page in thumbnails or list
$folderPreference = \GO\Files\Model\FolderPreference::model()->findByPk(array('user_id' => \GO::user()->id, 'folder_id' => $folder->id));
if ($folderPreference) {
$response['thumbs'] = $folderPreference->thumbs;
} else {
$response['thumbs'] = 0;
}
$response['parent_id'] = $folder->parent_id;
//locked state
$response['lock_state'] = !empty($folder->apply_state);
$response['cm_state'] = isset($folder->cm_state) && !empty($folder->apply_state) ? $folder->cm_state : "";
$response['may_apply_state'] = \GO\Base\Model\Acl::hasPermission($folder->getPermissionLevel(), \GO\Base\Model\Acl::MANAGE_PERMISSION);
// if($response["lock_state"]){
// $state = json_decode($response["cm_state"]);
//
// if(isset($state->sort)){
// $params['sort']=$state->sort->field;
// $params['dir']=$state->sort->direction;
// }
// }
$store = \GO\Base\Data\Store::newInstance(\GO\Files\Model\Folder::model());
//set sort aliases
$store->getColumnModel()->formatColumn('type', '', array(), 'name');
$store->getColumnModel()->formatColumn('size', '"-"', array(), 'name');
$store->getColumnModel()->formatColumn('locked_user_id', '"0"');
//handle delete request for both files and folder
if (isset($params['delete_keys'])) {
$ids = $this->_splitFolderAndFileIds(json_decode($params['delete_keys'], true));
$params['delete_keys'] = json_encode($ids['folders']);
$store->processDeleteActions($params, "GO\\Files\\Model\\Folder");
$params['delete_keys'] = json_encode($ids['files']);
$store->processDeleteActions($params, "GO\\Files\\Model\\File");
}
$store->getColumnModel()->setFormatRecordFunction(array($this, 'formatListRecord'));
$findParams = $store->getDefaultParams($params);
//sorting on custom fields doesn't work for folders
if (isset($params['sort']) && substr($params['sort'], 0, 4) == 'col_') {
$findParams->order("name", $params['dir']);
}
$findParamsArray = $findParams->getParams();
if (!isset($findParamsArray['start'])) {
$findParamsArray['start'] = 0;
}
if (!isset($findParamsArray['limit'])) {
$findParamsArray['limit'] = 0;
}
//$stmt = $folder->folders($findParams);
$stmt = $folder->getSubFolders($findParams);
$store->setStatement($stmt);
$response = array_merge($response, $store->getData());
//add files to the listing if it fits
$folderPages = floor($stmt->foundRows / $findParamsArray['limit']);
$foldersOnLastPage = $stmt->foundRows - $folderPages * $findParamsArray['limit'];
//$isOnLastPageofFolders = $stmt->foundRows < ($findParams['limit'] + $findParams['start']);
if (count($response['results'])) {
$fileStart = $findParamsArray['start'] - $folderPages * $findParamsArray['limit'];
$fileLimit = $findParamsArray['limit'] - $foldersOnLastPage;
} else {
$fileStart = $findParamsArray['start'] - $stmt->foundRows;
$fileLimit = $findParamsArray['limit'];
}
if ($fileStart >= 0) {
$store->resetResults();
$store->getColumnModel()->formatColumn('size', '"-"', array(), 'size');
$store->getColumnModel()->formatColumn('type', '', array(), 'extension');
$store->getColumnModel()->formatColumn('locked', '$model->isLocked()');
$store->getColumnModel()->formatColumn('locked_user_id', '$model->locked_user_id');
$store->getColumnModel()->formatColumn('folder_id', '$model->folder_id');
$findParams = $store->getDefaultParams($params)->limit($fileLimit)->start($fileStart);
// Handle the files filter
if (!empty($params['files_filter'])) {
$extensions = explode(',', $params['files_filter']);
$findParams->getCriteria()->addInCondition('extension', $extensions);
}
$stmt = $folder->files($findParams);
$store->setStatement($stmt);
$filesResponse = $store->getData();
$response['total'] += $filesResponse['total'];
$response['results'] = array_merge($response['results'], $filesResponse['results']);
} else {
$record = $folder->files(\GO\Base\Db\FindParams::newInstance()->single()->select('count(*) as total'));
$response['total'] += $record->total;
}
if (empty($user)) {
$user = \GO::user();
}
$response['owner_id'] = $user->id;
$response['disk_usage'] = round($user->disk_usage / 1024 / 1024, 2);
$response['disk_quota'] = $user->disk_quota;
return $response;
}
/**
* Get's the Acces Control List for this model if it has one.
*
* @return \GO\Base\Model\Acl
*/
public function getAcl()
{
if ($this->_acl) {
return $this->_acl;
} else {
$aclId = $this->findAclId();
if ($aclId) {
$this->_acl = \GO\Base\Model\Acl::model()->findByPk($aclId);
return $this->_acl;
} else {
return false;
}
}
}
/**
* Check if the acl for the finance does exist.
* If not, then create a new acl and return it.
*
* @return \GO\Base\Model\Acl
*/
public static function getFinanceAcl()
{
$financeAclID = \GO::config()->get_setting('projects2_finance_acl');
if (!empty($financeAclID)) {
$financeAcl = \GO\Base\Model\Acl::model()->findByPk($financeAclID);
}
if (empty($financeAcl)) {
$financeAcl = new \GO\Base\Model\Acl();
$financeAcl->user_id = 1;
$financeAcl->description = 'Finance access for Projects 2';
if ($financeAcl->save()) {
\GO::config()->save_setting('projects2_finance_acl', $financeAcl->id);
}
}
return $financeAcl;
}
<?php
$GO_SCRIPTS_JS .= 'GO.addressbook.lang.defaultSalutationExpression="' . \GO\Base\Util\String::escape_javascript(\GO::t('defaultSalutation', 'addressbook')) . '";';
$export_acl_id = \GO::config()->get_setting('go_addressbook_export', 0);
if (!$export_acl_id) {
$acl = new \GO\Base\Model\Acl();
$acl->description = 'addressbook_export';
$acl->save();
$export_acl_id = $acl->id;
\GO::config()->save_setting('go_addressbook_export', $acl->id, 0);
}
$GO_SCRIPTS_JS .= 'GO.addressbook.export_acl_id="' . $export_acl_id . '";';
$acl_level = \GO\Base\Model\Acl::getUserPermissionLevel($export_acl_id, \GO::user()->id);
$GO_SCRIPTS_JS .= 'GO.addressbook.exportPermission="' . ($acl_level ? 1 : 0) . '";';
if (\GO::modules()->customfields) {
$GO_SCRIPTS_JS .= '
GO.customfields.settingsPanels={
name: "' . \GO\Addressbook\Model\Contact::model()->localizedName . '",
panels: []
};' . "\n";
$stmt = \GO\Users\Model\CfSettingTab::model()->getSettingTabs();
while ($category = $stmt->fetch()) {
$fields = array();
$fstmt = $category->fields();
while ($field = $fstmt->fetch()) {
$fields[] = $field->toJsonArray();
}
// Makes global, client-side, editable form panels for every customfield category
$GO_SCRIPTS_JS .= "\n\n" . 'GO.customfields.settingsPanels.panels.push({xtype : "customformpanel", itemId:"cf-panel-' . $category->id . '", category_id: ' . $category->id . ', title : "' . htmlspecialchars($category->name, ENT_QUOTES, 'UTF-8') . '", customfields : ' . json_encode($fields) . '});' . "\n";
}
private function acls()
{
$acls = Acl::model()->findByAttributes(array('user_id' => $this->from));
$success = true;
foreach ($acls as $item) {
$item->user_id = $this->to;
$success = $item->save() && $success;
}
return $success;
}
public function setFolderPermissions()
{
if (\GO::modules()->isInstalled('files')) {
$folder = \GO\Files\Model\Folder::model()->findByPath('addressbook', true);
if ($folder) {
$folder->acl_id = \GO\Base\Model\Acl::model()->getReadOnlyAcl()->id;
$folder->readonly = 1;
$folder->save();
}
$folder = \GO\Files\Model\Folder::model()->findByPath('addressbook/photos', true);
if ($folder && !$folder->acl_id) {
$folder->setNewAcl(1);
$folder->readonly = 1;
$folder->save();
}
//hide old contacts folder if it exists
$folder = \GO\Files\Model\Folder::model()->findByPath('contacts');
if ($folder) {
if (!$folder->acl_id) {
$folder->setNewAcl(1);
$folder->readonly = 1;
$folder->save();
} else {
$folder->getAcl()->clear();
}
}
}
}
public function getPermissionLevel()
{
if (\GO::$ignoreAclPermissions) {
return \GO\Base\Model\Acl::MANAGE_PERMISSION;
}
if (!$this->aclField()) {
return -1;
}
if (!\GO::user()) {
return false;
}
//if($this->isNew && !$this->joinAclField){
if (empty($this->{$this->aclField()}) && !$this->getIsJoinedAclField()) {
//the new model has it's own ACL but it's not created yet.
//In this case we will check the module permissions.
$module = $this->getModule();
if ($module == 'base') {
return \GO::user()->isAdmin() ? \GO\Base\Model\Acl::MANAGE_PERMISSION : false;
} else {
return \GO::modules()->{$module}->permissionLevel;
}
} else {
if (!isset($this->_permissionLevel)) {
$acl_id = $this->findAclId();
if (!$acl_id) {
throw new \Exception("Could not find ACL for " . $this->className() . " with pk: " . $this->pk);
}
$this->_permissionLevel = \GO\Base\Model\Acl::getUserPermissionLevel($acl_id);
// model()->findByPk($acl_id)->getUserPermissionLevel();
}
return $this->_permissionLevel;
}
}
public static function generateGroupsFile()
{
$file = self::getGroupsFile();
$fp = fopen($file->path(), 'w');
fwrite($fp, "[" . GO::config()->product_name . " " . strtolower(GO::t('users')) . "]\n");
$xmppHost = self::getXmppHost();
\GO\Base\Model\Acl::getAuthorizedUsers(GO::modules()->chat->acl_id, \GO\Base\Model\Acl::READ_PERMISSION, function ($user) use($fp, $xmppHost) {
if ($user->enabled) {
$line = $user->username . '@' . $xmppHost . '=' . $user->name . "\n";
fwrite($fp, $line);
}
});
fclose($fp);
}
public function actionPermissionsStore($params)
{
//check access to users or groups module. Because we allow this action without
//access to the modules module
if ($params['paramIdType'] == 'groupId') {
if (!GO::modules()->groups) {
throw new \GO\Base\Exception\AccessDenied();
}
} else {
if (!GO::modules()->users) {
throw new \GO\Base\Exception\AccessDenied();
}
}
$response = new JsonResponse(array('success' => true, 'results' => array(), 'total' => 0));
$modules = array();
$mods = GO::modules()->getAllModules();
while ($module = array_shift($mods)) {
$permissionLevel = 0;
$usersGroupPermissionLevel = false;
if (empty($params['id'])) {
$aclUsersGroup = $module->acl->hasGroup(GO::config()->group_everyone);
// everybody group
$permissionLevel = $usersGroupPermissionLevel = $aclUsersGroup ? $aclUsersGroup->level : 0;
} else {
if ($params['paramIdType'] == 'groupId') {
//when looking at permissions from the groups module.
$aclUsersGroup = $module->acl->hasGroup($params['id']);
$permissionLevel = $aclUsersGroup ? $aclUsersGroup->level : 0;
} else {
//when looking from the users module
$permissionLevel = Acl::getUserPermissionLevel($module->acl_id, $params['id']);
$usersGroupPermissionLevel = Acl::getUserPermissionLevel($module->acl_id, $params['id'], true);
}
}
$translated = $module->moduleManager ? $module->moduleManager->name() : $module->id;
// Module permissions only support read permission and manage permission:
if (Acl::hasPermission($permissionLevel, Acl::CREATE_PERMISSION)) {
$permissionLevel = Acl::MANAGE_PERMISSION;
}
$modules[$translated] = array('id' => $module->id, 'name' => $translated, 'permissionLevel' => $permissionLevel, 'disable_none' => $usersGroupPermissionLevel !== false && Acl::hasPermission($usersGroupPermissionLevel, Acl::READ_PERMISSION), 'disable_use' => $usersGroupPermissionLevel !== false && Acl::hasPermission($usersGroupPermissionLevel, Acl::CREATE_PERMISSION));
$response['total'] += 1;
}
ksort($modules);
$response['results'] = array_values($modules);
echo $response;
}
/**
* Check the ACL permission levels manually added by addRequiredPermissionLevel();
*
* @param string $action
* @return boolean
*/
private function _checkRequiredPermissionLevels($action)
{
//check action permission
if (isset($this->requiredPermissionLevels[$action])) {
$permLevel = Acl::getUserPermissionLevel($this->requiredPermissionLevels[$action]['aclId']);
return Acl::getUserPermissionLevel($permLevel, $this->requiredPermissionLevels[$action]['requiredPermissionLevel']);
} elseif ($action != '*') {
return $this->_checkRequiredPermissionLevels('*');
} else {
return true;
}
}
public static function userHasPermission($userId)
{
$level = \GO\Base\Model\Acl::getUserPermissionLevel(\GO::modules()->leavedays->acl_id, $userId);
return $level >= \GO\Base\Model\Acl::READ_PERMISSION;
}
private function _getContactInfo(\GO\Email\Model\ImapMessage $imapMessage, $params, $response)
{
$response['sender_contact_id'] = 0;
$response['sender_company_id'] = 0;
$response['allow_quicklink'] = 1;
$response['contact_name'] = "";
$response['contact_thumb_url'] = GO::config()->host . 'modules/addressbook/themes/Default/images/unknown-person.png';
$useQL = GO::config()->allow_quicklink;
$response['allow_quicklink'] = $useQL ? 1 : 0;
$contact = \GO\Addressbook\Model\Contact::model()->findSingleByEmail($response['sender']);
if (!empty($contact)) {
$response['contact_thumb_url'] = $contact->getPhotoThumbURL();
if ($useQL) {
$response['sender_contact_id'] = $contact->id;
$response['contact_name'] = $contact->name . ' (' . $contact->addressbook->name . ')';
$company = $contact->company;
if (!empty($company) && Acl::getUserPermissionLevel($company->addressbook->acl_id) >= Acl::WRITE_PERMISSION) {
$response['sender_company_id'] = $company->id;
$response['company_name'] = $company->name . ' (' . $company->addressbook->name . ')';
}
if (GO::modules()->savemailas) {
$contactLinkedMessage = \GO\Savemailas\Model\LinkedEmail::model()->findByImapMessage($imapMessage, $contact);
$response['contact_linked_message_id'] = $contactLinkedMessage && $contactLinkedMessage->linkExists($contact) ? $contactLinkedMessage->id : 0;
if (!empty($company)) {
$companyLinkedMessage = \GO\Savemailas\Model\LinkedEmail::model()->findByImapMessage($imapMessage, $company);
$response['company_linked_message_id'] = $companyLinkedMessage && $companyLinkedMessage->linkExists($company) ? $companyLinkedMessage->id : 0;
}
}
}
}
return $response;
}
public static function hasFreebusyAccess($request_user_id, $target_user_id)
{
$fbAcl = FreebusypermissionsModule::getFreeBusyAcl($target_user_id);
return \GO\Base\Model\Acl::getUserPermissionLevel($fbAcl->acl_id, $request_user_id) > 0;
}
/**
* The default action for displaying a model in a DisplayPanel.
*/
protected function actionDisplay($params)
{
$response = array('data' => array(), 'success' => true);
$modelName = $this->model;
$model = \GO::getModel($modelName)->findByPk($this->getPrimaryKeyFromParams($params));
if (!$model) {
throw new \GO\Base\Exception\NotFound();
}
$response = $this->beforeDisplay($response, $model, $params);
//todo build in new style. Now it's necessary for old library functions
//require_once(\GO::config()->root_path.'Group-Office.php');
$response['data'] = array_merge($response['data'], $model->getAttributes('html'));
$response['data']['model'] = $model->className();
$response['data']['permission_level'] = $model->getPermissionLevel();
$response['data']['write_permission'] = \GO\Base\Model\Acl::hasPermission($response['data']['permission_level'], \GO\Base\Model\Acl::WRITE_PERMISSION);
if (!empty($model->ctime)) {
$response['data']['ctime'] = \GO\Base\Util\Date::get_timestamp($model->ctime);
}
if (!empty($model->mtime)) {
$response['data']['mtime'] = \GO\Base\Util\Date::get_timestamp($model->mtime);
}
if (!empty($model->user)) {
$response['data']['username'] = $model->user->name;
}
if (!empty($model->mUser)) {
$response['data']['musername'] = $model->mUser->name;
}
$response['data']['customfields'] = array();
if (!isset($response['data']['workflow']) && \GO::modules()->workflow) {
$response = $this->_processWorkflowDisplay($model, $response);
}
if ($model->customfieldsRecord) {
$response = $this->_processCustomFieldsDisplay($model, $response);
}
if ($model->hasLinks()) {
$response = $this->_processLinksDisplay($model, $response, isset($params['links_limit']) ? $params['links_limit'] : 15);
if (!isset($response['data']['events']) && \GO::modules()->calendar) {
$response = $this->_processEventsDisplay($model, $response);
}
if (!isset($response['data']['tasks']) && \GO::modules()->tasks) {
$response = $this->_processTasksDisplay($model, $response);
}
}
if (!isset($response['data']['files'])) {
$response = $this->_processFilesDisplay($model, $response);
}
if (\GO::modules()->comments) {
$response = $this->_processCommentsDisplay($model, $response);
}
if (\GO::modules()->lists) {
$response = \GO\Lists\ListsModule::displayResponse($model, $response);
}
$response = $this->afterDisplay($response, $model, $params);
$this->fireEvent('display', array(&$this, &$response, &$model));
return $response;
}
protected function beforeDuplicate(&$duplicate)
{
if (!empty($duplicate->acl_id)) {
$oldAcl = \GO\Base\Model\Acl::model()->findByPk($duplicate->acl_id);
$duplicate->setNewAcl();
$newAcl = \GO\Base\Model\Acl::model()->findByPk($duplicate->acl_id);
$oldAcl->copyPermissions($newAcl);
}
return parent::beforeDuplicate($duplicate);
}
