/** * The client CAN use the information contained in * $response['manage_permission'] to make decisions such as whether or not to * allow the current user to edit the set of groups in the store. * @param Array $params Client input parameters * @return $response for the client. */ protected function actionSelectedStore($params) { $currentPermissionLevel = \GO\Base\Model\Acl::getUserPermissionLevel($params['model_id'], \GO::user()->id); $response['manage_permission'] = $params['currentUserHasManagePermission'] = \GO\Base\Model\Acl::hasPermission($currentPermissionLevel, \GO\Base\Model\Acl::MANAGE_PERMISSION); $response = array_merge($response, parent::actionSelectedStore($params)); return $response; }
<?php $GO_SCRIPTS_JS .= 'GO.addressbook.lang.defaultSalutationExpression="' . \GO\Base\Util\String::escape_javascript(\GO::t('defaultSalutation', 'addressbook')) . '";'; $export_acl_id = \GO::config()->get_setting('go_addressbook_export', 0); if (!$export_acl_id) { $acl = new \GO\Base\Model\Acl(); $acl->description = 'addressbook_export'; $acl->save(); $export_acl_id = $acl->id; \GO::config()->save_setting('go_addressbook_export', $acl->id, 0); } $GO_SCRIPTS_JS .= 'GO.addressbook.export_acl_id="' . $export_acl_id . '";'; $acl_level = \GO\Base\Model\Acl::getUserPermissionLevel($export_acl_id, \GO::user()->id); $GO_SCRIPTS_JS .= 'GO.addressbook.exportPermission="' . ($acl_level ? 1 : 0) . '";'; if (\GO::modules()->customfields) { $GO_SCRIPTS_JS .= ' GO.customfields.settingsPanels={ name: "' . \GO\Addressbook\Model\Contact::model()->localizedName . '", panels: [] };' . "\n"; $stmt = \GO\Users\Model\CfSettingTab::model()->getSettingTabs(); while ($category = $stmt->fetch()) { $fields = array(); $fstmt = $category->fields(); while ($field = $fstmt->fetch()) { $fields[] = $field->toJsonArray(); } // Makes global, client-side, editable form panels for every customfield category $GO_SCRIPTS_JS .= "\n\n" . 'GO.customfields.settingsPanels.panels.push({xtype : "customformpanel", itemId:"cf-panel-' . $category->id . '", category_id: ' . $category->id . ', title : "' . htmlspecialchars($category->name, ENT_QUOTES, 'UTF-8') . '", customfields : ' . json_encode($fields) . '});' . "\n"; }
private function _getContactInfo(\GO\Email\Model\ImapMessage $imapMessage, $params, $response) { $response['sender_contact_id'] = 0; $response['sender_company_id'] = 0; $response['allow_quicklink'] = 1; $response['contact_name'] = ""; $response['contact_thumb_url'] = GO::config()->host . 'modules/addressbook/themes/Default/images/unknown-person.png'; $useQL = GO::config()->allow_quicklink; $response['allow_quicklink'] = $useQL ? 1 : 0; $contact = \GO\Addressbook\Model\Contact::model()->findSingleByEmail($response['sender']); if (!empty($contact)) { $response['contact_thumb_url'] = $contact->getPhotoThumbURL(); if ($useQL) { $response['sender_contact_id'] = $contact->id; $response['contact_name'] = $contact->name . ' (' . $contact->addressbook->name . ')'; $company = $contact->company; if (!empty($company) && Acl::getUserPermissionLevel($company->addressbook->acl_id) >= Acl::WRITE_PERMISSION) { $response['sender_company_id'] = $company->id; $response['company_name'] = $company->name . ' (' . $company->addressbook->name . ')'; } if (GO::modules()->savemailas) { $contactLinkedMessage = \GO\Savemailas\Model\LinkedEmail::model()->findByImapMessage($imapMessage, $contact); $response['contact_linked_message_id'] = $contactLinkedMessage && $contactLinkedMessage->linkExists($contact) ? $contactLinkedMessage->id : 0; if (!empty($company)) { $companyLinkedMessage = \GO\Savemailas\Model\LinkedEmail::model()->findByImapMessage($imapMessage, $company); $response['company_linked_message_id'] = $companyLinkedMessage && $companyLinkedMessage->linkExists($company) ? $companyLinkedMessage->id : 0; } } } } return $response; }
/** * Check the ACL permission levels manually added by addRequiredPermissionLevel(); * * @param string $action * @return boolean */ private function _checkRequiredPermissionLevels($action) { //check action permission if (isset($this->requiredPermissionLevels[$action])) { $permLevel = Acl::getUserPermissionLevel($this->requiredPermissionLevels[$action]['aclId']); return Acl::getUserPermissionLevel($permLevel, $this->requiredPermissionLevels[$action]['requiredPermissionLevel']); } elseif ($action != '*') { return $this->_checkRequiredPermissionLevels('*'); } else { return true; } }
/** * Check when the permissions level was before moving the object to a differend * related ACL object eg. moving contact to different addressbook * @param int $level permissio nlevel to check for * @return boolean if the user has the specified level * @throws Exception if the ACL is not found */ public function checkOldPermissionLevel($level) { $arr = explode('.', $this->aclField()); $relation = array_shift($arr); $r = $this->getRelation($relation); $aclFKfield = $r['field']; $oldValue = $this->getOldAttributeValue($aclFKfield); if (empty($oldValue)) { return true; } //TODO: check if above code is needed (test by moving contact to differend addresbook) $acl_id = $this->_getOldParentAclId(); $result = \GO\Base\Model\Acl::getUserPermissionLevel($acl_id) >= $level; return $result; }
public static function hasFreebusyAccess($request_user_id, $target_user_id) { $fbAcl = FreebusypermissionsModule::getFreeBusyAcl($target_user_id); return \GO\Base\Model\Acl::getUserPermissionLevel($fbAcl->acl_id, $request_user_id) > 0; }
public function getPermissionLevel() { if (\GO::$ignoreAclPermissions) { return \GO\Base\Model\Acl::MANAGE_PERMISSION; } if (!$this->aclField()) { return -1; } if (!\GO::user()) { return false; } //if($this->isNew && !$this->joinAclField){ if (empty($this->{$this->aclField()}) && !$this->getIsJoinedAclField()) { //the new model has it's own ACL but it's not created yet. //In this case we will check the module permissions. $module = $this->getModule(); if ($module == 'base') { return \GO::user()->isAdmin() ? \GO\Base\Model\Acl::MANAGE_PERMISSION : false; } else { return \GO::modules()->{$module}->permissionLevel; } } else { if (!isset($this->_permissionLevel)) { $acl_id = $this->findAclId(); if (!$acl_id) { throw new \Exception("Could not find ACL for " . $this->className() . " with pk: " . $this->pk); } $this->_permissionLevel = \GO\Base\Model\Acl::getUserPermissionLevel($acl_id); // model()->findByPk($acl_id)->getUserPermissionLevel(); } return $this->_permissionLevel; } }
public function actionPermissionsStore($params) { //check access to users or groups module. Because we allow this action without //access to the modules module if ($params['paramIdType'] == 'groupId') { if (!GO::modules()->groups) { throw new \GO\Base\Exception\AccessDenied(); } } else { if (!GO::modules()->users) { throw new \GO\Base\Exception\AccessDenied(); } } $response = new JsonResponse(array('success' => true, 'results' => array(), 'total' => 0)); $modules = array(); $mods = GO::modules()->getAllModules(); while ($module = array_shift($mods)) { $permissionLevel = 0; $usersGroupPermissionLevel = false; if (empty($params['id'])) { $aclUsersGroup = $module->acl->hasGroup(GO::config()->group_everyone); // everybody group $permissionLevel = $usersGroupPermissionLevel = $aclUsersGroup ? $aclUsersGroup->level : 0; } else { if ($params['paramIdType'] == 'groupId') { //when looking at permissions from the groups module. $aclUsersGroup = $module->acl->hasGroup($params['id']); $permissionLevel = $aclUsersGroup ? $aclUsersGroup->level : 0; } else { //when looking from the users module $permissionLevel = Acl::getUserPermissionLevel($module->acl_id, $params['id']); $usersGroupPermissionLevel = Acl::getUserPermissionLevel($module->acl_id, $params['id'], true); } } $translated = $module->moduleManager ? $module->moduleManager->name() : $module->id; // Module permissions only support read permission and manage permission: if (Acl::hasPermission($permissionLevel, Acl::CREATE_PERMISSION)) { $permissionLevel = Acl::MANAGE_PERMISSION; } $modules[$translated] = array('id' => $module->id, 'name' => $translated, 'permissionLevel' => $permissionLevel, 'disable_none' => $usersGroupPermissionLevel !== false && Acl::hasPermission($usersGroupPermissionLevel, Acl::READ_PERMISSION), 'disable_use' => $usersGroupPermissionLevel !== false && Acl::hasPermission($usersGroupPermissionLevel, Acl::CREATE_PERMISSION)); $response['total'] += 1; } ksort($modules); $response['results'] = array_values($modules); echo $response; }
public static function userHasPermission($userId) { $level = \GO\Base\Model\Acl::getUserPermissionLevel(\GO::modules()->leavedays->acl_id, $userId); return $level >= \GO\Base\Model\Acl::READ_PERMISSION; }