|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
namespace App; |
|
4
|
|
|
|
|
5
|
|
|
/** |
|
6
|
|
|
* Create user privileges file class. |
|
7
|
|
|
* |
|
8
|
|
|
* @package App |
|
9
|
|
|
* |
|
10
|
|
|
* @copyright YetiForce S.A. |
|
11
|
|
|
* @license YetiForce Public License 5.0 (licenses/LicenseEN.txt or yetiforce.com) |
|
12
|
|
|
*/ |
|
13
|
|
|
class UserPrivilegesFile |
|
14
|
|
|
{ |
|
15
|
|
|
/** |
|
16
|
|
|
* Function to recalculate the Sharing Rules for all the vtiger_users |
|
17
|
5 |
|
* This function will recalculate all the sharing rules for all the vtiger_users in the Organization and will write them in flat vtiger_files. |
|
18
|
|
|
* |
|
19
|
5 |
|
* @return int |
|
20
|
5 |
|
*/ |
|
21
|
5 |
|
public static function recalculateAll(): int |
|
22
|
5 |
|
{ |
|
23
|
|
|
$userIds = (new Db\Query())->select(['id'])->from('vtiger_users')->where(['deleted' => 0])->column(); |
|
24
|
5 |
|
foreach ($userIds as $id) { |
|
25
|
|
|
static::createUserPrivilegesfile($id); |
|
26
|
|
|
static::createUserSharingPrivilegesfile($id); |
|
27
|
|
|
} |
|
28
|
|
|
return \count($userIds); |
|
29
|
|
|
} |
|
30
|
|
|
|
|
31
|
|
|
/** |
|
32
|
5778 |
|
* Creates a file with all the user, user-role,user-profile, user-groups informations. |
|
33
|
|
|
* |
|
34
|
5778 |
|
* @param int $userid |
|
35
|
5778 |
|
* |
|
36
|
5778 |
|
* @returns User_Privileges_Userid file under the User_Privileges Directory |
|
37
|
5778 |
|
*/ |
|
38
|
5778 |
|
public static function createUserPrivilegesfile($userid) |
|
39
|
5778 |
|
{ |
|
40
|
5778 |
|
$fileUserPrivileges = ROOT_DIRECTORY . \DIRECTORY_SEPARATOR . 'user_privileges/user_privileges_' . $userid . '.php'; |
|
41
|
5778 |
|
$handle = fopen($fileUserPrivileges, 'w+'); |
|
42
|
5778 |
|
if ($handle) { |
|
|
|
|
|
|
43
|
5778 |
|
$newBuf = ''; |
|
44
|
5778 |
|
$newBuf .= "<?php\n"; |
|
45
|
5778 |
|
$userFocus = clone \CRMEntity::getInstance('Users'); |
|
46
|
5778 |
|
$userFocus->retrieveEntityInfo($userid, 'Users'); |
|
47
|
5778 |
|
$userInfo = []; |
|
48
|
|
|
$userFocus->column_fields['id'] = $userid; |
|
49
|
5778 |
|
foreach ($userFocus->column_fields as $field => $value) { |
|
50
|
|
|
if ('currency_symbol' === $field || 'imagename' === $field || 'othereventduration' === $field) { |
|
51
|
|
|
$userInfo[$field] = $value; |
|
52
|
|
|
} else { |
|
53
|
5778 |
|
$userInfo[$field] = is_numeric($value) ? $value : \App\Purifier::encodeHtml($value); |
|
54
|
5776 |
|
} |
|
55
|
5776 |
|
} |
|
56
|
|
|
if ('on' == $userFocus->column_fields['is_admin']) { |
|
57
|
2 |
|
$newBuf .= "\$is_admin=true;\n"; |
|
58
|
2 |
|
$newBuf .= '$user_info=' . Utils::varExport($userInfo) . ";\n"; |
|
59
|
2 |
|
} else { |
|
60
|
2 |
|
$newBuf .= "\$is_admin=false;\n"; |
|
61
|
2 |
|
$globalPermissionArr = PrivilegeUtil::getCombinedUserGlobalPermissions($userid); |
|
62
|
2 |
|
$tabsPermissionArr = PrivilegeUtil::getCombinedUserModulesPermissions($userid); |
|
63
|
2 |
|
$actionPermissionArr = PrivilegeUtil::getCombinedUserActionsPermissions($userid); |
|
64
|
2 |
|
$userRole = PrivilegeUtil::getRoleByUsers($userid); |
|
65
|
2 |
|
$userRoleParent = PrivilegeUtil::getRoleDetail($userRole)['parentrole']; |
|
66
|
2 |
|
$subRoles = PrivilegeUtil::getRoleSubordinates($userRole); |
|
67
|
|
|
$subRoleAndUsers = []; |
|
68
|
2 |
|
foreach ($subRoles as $subRoleId) { |
|
69
|
2 |
|
$subRoleAndUsers[$subRoleId] = \App\PrivilegeUtil::getUsersNameByRole($subRoleId); |
|
70
|
2 |
|
} |
|
71
|
2 |
|
$parentRoles = PrivilegeUtil::getParentRole($userRole); |
|
72
|
2 |
|
$newBuf .= "\$current_user_roles='" . $userRole . "';\n"; |
|
73
|
2 |
|
$newBuf .= "\$current_user_parent_role_seq='" . $userRoleParent . "';\n"; |
|
74
|
2 |
|
$newBuf .= '$current_user_profiles=' . Utils::varExport(PrivilegeUtil::getProfilesByRole($userRole)) . ";\n"; |
|
75
|
2 |
|
$newBuf .= '$profileGlobalPermission=' . Utils::varExport($globalPermissionArr) . ";\n"; |
|
76
|
2 |
|
$newBuf .= '$profileTabsPermission=' . Utils::varExport($tabsPermissionArr) . ";\n"; |
|
77
|
2 |
|
$newBuf .= '$profileActionPermission=' . Utils::varExport($actionPermissionArr) . ";\n"; |
|
78
|
2 |
|
$newBuf .= '$current_user_groups=' . Utils::varExport(PrivilegeUtil::getAllGroupsByUser($userid)) . ";\n"; |
|
79
|
2 |
|
$newBuf .= '$subordinate_roles=' . Utils::varExport($subRoles) . ";\n"; |
|
80
|
|
|
$newBuf .= '$parent_roles=' . Utils::varExport($parentRoles) . ";\n"; |
|
81
|
5778 |
|
$newBuf .= '$subordinate_roles_users=' . Utils::varExport($subRoleAndUsers) . ";\n"; |
|
82
|
5778 |
|
$newBuf .= '$user_info=' . Utils::varExport($userInfo) . ";\n"; |
|
83
|
5778 |
|
} |
|
84
|
5778 |
|
fwrite($handle, $newBuf); |
|
85
|
5778 |
|
fclose($handle); |
|
86
|
5778 |
|
PrivilegeFile::createUserPrivilegesFile($userid); |
|
87
|
|
|
\Users_Privileges_Model::clearCache($userid); |
|
88
|
5778 |
|
User::clearCache($userid); |
|
89
|
|
|
\App\Cache::resetFileCache($fileUserPrivileges); |
|
90
|
|
|
} |
|
91
|
|
|
} |
|
92
|
|
|
|
|
93
|
|
|
/** |
|
94
|
|
|
* Creates a file with all the organization default sharing permissions |
|
95
|
|
|
* and custom sharing permissins specific for the specified user. |
|
96
|
|
|
* In this file the information of the other users whose data is shared with the specified user is stored. |
|
97
|
|
|
* |
|
98
|
5778 |
|
* @param int $userid |
|
99
|
|
|
* |
|
100
|
5778 |
|
* @returns sharing_privileges_userid file under the user_privileges directory |
|
101
|
5778 |
|
*/ |
|
102
|
5778 |
|
public static function createUserSharingPrivilegesfile($userid) |
|
103
|
5778 |
|
{ |
|
104
|
5778 |
|
\vtlib\Deprecated::checkFileAccessForInclusion('user_privileges/user_privileges_' . $userid . '.php'); |
|
105
|
5778 |
|
require 'user_privileges/user_privileges_' . $userid . '.php'; |
|
106
|
5778 |
|
$sharingFileLoc = 'user_privileges/sharing_privileges_' . $userid . '.php'; |
|
107
|
5778 |
|
$fileUserSharingPrivileges = ROOT_DIRECTORY . \DIRECTORY_SEPARATOR . $sharingFileLoc; |
|
108
|
5778 |
|
$handle = fopen($fileUserSharingPrivileges, 'w+'); |
|
109
|
5776 |
|
if ($handle) { |
|
|
|
|
|
|
110
|
5776 |
|
$newBuf = "<?php\n"; |
|
111
|
|
|
$userFocus = \CRMEntity::getInstance('Users'); |
|
112
|
2 |
|
$userFocus->retrieveEntityInfo($userid, 'Users'); |
|
113
|
|
|
if ('on' == $userFocus->column_fields['is_admin']) { |
|
114
|
2 |
|
fwrite($handle, $newBuf); |
|
115
|
2 |
|
fclose($handle); |
|
116
|
2 |
|
} else { |
|
117
|
2 |
|
$sharingPrivileges = []; |
|
118
|
2 |
|
// Constructig the Default Org Share Array |
|
119
|
2 |
|
$defOrgShare = PrivilegeUtil::getAllDefaultSharingAction(); |
|
120
|
|
|
$newBuf .= '$defaultOrgSharingPermission=' . Utils::varExport($defOrgShare) . ";\n"; |
|
121
|
2 |
|
$sharingPrivileges['defOrgShare'] = $defOrgShare; |
|
122
|
2 |
|
$relatedModuleShare = PrivilegeUtil::getDatashareRelatedModules(); |
|
123
|
2 |
|
$newBuf .= '$related_module_share=' . Utils::varExport($relatedModuleShare) . ";\n"; |
|
124
|
2 |
|
$sharingPrivileges['relatedModuleShare'] = $relatedModuleShare; |
|
125
|
2 |
|
// Constructing Account Sharing Rules |
|
126
|
2 |
|
$accountSharePerArray = PrivilegeUtil::getUserModuleSharingObjects('Accounts', $userid, $defOrgShare, $current_user_roles, $parent_roles, $current_user_groups); |
|
|
|
|
|
|
127
|
2 |
|
$accountShareReadPer = $accountSharePerArray['read']; |
|
128
|
|
|
$accountShareWritePer = $accountSharePerArray['write']; |
|
129
|
2 |
|
$accountSharingruleMembers = $accountSharePerArray['sharingrules']; |
|
130
|
2 |
|
$newBuf .= "\$Accounts_share_read_permission=array('ROLE'=>" . Utils::varExport($accountShareReadPer['ROLE']) . ",'GROUP'=>" . Utils::varExport($accountShareReadPer['GROUP']) . ");\n"; |
|
131
|
2 |
|
$newBuf .= "\$Accounts_share_write_permission=array('ROLE'=>" . Utils::varExport($accountShareWritePer['ROLE']) . ",'GROUP'=>" . Utils::varExport($accountShareWritePer['GROUP']) . ");\n"; |
|
132
|
|
|
$sharingPrivileges['permission']['Accounts'] = ['read' => $accountShareReadPer, 'write' => $accountShareWritePer]; |
|
133
|
2 |
|
// Constructing Contact Sharing Rules |
|
134
|
2 |
|
$newBuf .= "\$Contacts_share_read_permission=array('ROLE'=>" . Utils::varExport($accountShareReadPer['ROLE']) . ",'GROUP'=>" . Utils::varExport($accountShareReadPer['GROUP']) . ");\n"; |
|
135
|
2 |
|
$newBuf .= "\$Contacts_share_write_permission=array('ROLE'=>" . Utils::varExport($accountShareWritePer['ROLE']) . ",'GROUP'=>" . Utils::varExport($accountShareWritePer['GROUP']) . ");\n"; |
|
136
|
2 |
|
$sharingPrivileges['permission']['Contacts'] = ['read' => $accountShareReadPer, 'write' => $accountShareWritePer]; |
|
137
|
2 |
|
// Constructing the Account Ticket Related Module Sharing Array |
|
138
|
2 |
|
$acctRelatedTkt = static::getRelatedModuleSharingArray('Accounts', 'HelpDesk', $accountSharingruleMembers, $accountShareReadPer, $accountShareWritePer, $defOrgShare); |
|
139
|
2 |
|
$accTktShareReadPer = $acctRelatedTkt['read']; |
|
140
|
2 |
|
$accTktShareWriteer = $acctRelatedTkt['write']; |
|
141
|
2 |
|
$newBuf .= "\$Accounts_HelpDesk_share_read_permission=array('ROLE'=>" . Utils::varExport($accTktShareReadPer['ROLE']) . ",'GROUP'=>" . Utils::varExport($accTktShareReadPer['GROUP']) . ");\n"; |
|
142
|
2 |
|
$newBuf .= "\$Accounts_HelpDesk_share_write_permission=array('ROLE'=>" . Utils::varExport($accTktShareWriteer['ROLE']) . ",'GROUP'=>" . Utils::varExport($accTktShareWriteer['GROUP']) . ");\n"; |
|
143
|
2 |
|
$sharingPrivileges['permission']['Accounts_HelpDesk'] = ['read' => $accTktShareReadPer, 'write' => $accTktShareWriteer]; |
|
144
|
2 |
|
$customModules = Module::getSharingModuleList(['Accounts', 'Contacts']); |
|
145
|
2 |
|
foreach ($customModules as $moduleName) { |
|
146
|
2 |
|
$modSharePermArray = PrivilegeUtil::getUserModuleSharingObjects($moduleName, $userid, $defOrgShare, $current_user_roles, $parent_roles, $current_user_groups); |
|
147
|
2 |
|
$modShareReadPerm = $modSharePermArray['read']; |
|
148
|
2 |
|
$modShareWritePerm = $modSharePermArray['write']; |
|
149
|
2 |
|
$newBuf .= '$' . $moduleName . "_share_read_permission=['ROLE'=>" . |
|
150
|
|
|
Utils::varExport($modShareReadPerm['ROLE']) . ",'GROUP'=>" . |
|
151
|
2 |
|
Utils::varExport($modShareReadPerm['GROUP']) . "];\n"; |
|
152
|
|
|
$newBuf .= '$' . $moduleName . "_share_write_permission=['ROLE'=>" . |
|
153
|
2 |
|
Utils::varExport($modShareWritePerm['ROLE']) . ",'GROUP'=>" . |
|
154
|
|
|
Utils::varExport($modShareWritePerm['GROUP']) . "];\n"; |
|
155
|
2 |
|
|
|
156
|
2 |
|
$sharingPrivileges['permission'][$moduleName] = ['read' => $modShareReadPerm, 'write' => $modShareWritePerm]; |
|
157
|
|
|
} |
|
158
|
2 |
|
$newBuf .= 'return ' . Utils::varExport($sharingPrivileges) . ";\n"; |
|
159
|
2 |
|
// END |
|
160
|
2 |
|
fwrite($handle, $newBuf); |
|
161
|
|
|
fclose($handle); |
|
162
|
|
|
// Populating Temp Tables |
|
163
|
5778 |
|
\App\Cache::resetFileCache($sharingFileLoc); |
|
164
|
|
|
\App\Cache::resetFileCache($fileUserSharingPrivileges); |
|
165
|
|
|
static::populateSharingtmptables($userid); |
|
166
|
|
|
User::clearCache($userid); |
|
167
|
|
|
} |
|
168
|
|
|
} |
|
169
|
|
|
} |
|
170
|
|
|
|
|
171
|
|
|
/** |
|
172
|
|
|
* Gives an array which contains the information for what all roles, |
|
173
|
|
|
* groups and user's related module data that is to be shared for the specified parent module and shared module. |
|
174
|
|
|
* |
|
175
|
|
|
* @param string $par_mod |
|
176
|
|
|
* @param string $share_mod |
|
177
|
|
|
* @param array $mod_sharingrule_members |
|
178
|
2 |
|
* @param array $mod_share_read_per |
|
179
|
|
|
* @param array $mod_share_write_per |
|
180
|
2 |
|
* @param array $def_org_share |
|
181
|
2 |
|
* |
|
182
|
2 |
|
* @return array |
|
183
|
2 |
|
*/ |
|
184
|
2 |
|
public static function getRelatedModuleSharingArray($par_mod, $share_mod, $mod_sharingrule_members, $mod_share_read_per, $mod_share_write_per, $def_org_share) |
|
185
|
2 |
|
{ |
|
186
|
2 |
|
$relatedModSharingPermission = []; |
|
187
|
2 |
|
$modShareReadPermission = []; |
|
188
|
2 |
|
$modShareWritePermission = []; |
|
189
|
2 |
|
$modShareReadPermission['ROLE'] = []; |
|
190
|
|
|
$modShareWritePermission['ROLE'] = []; |
|
191
|
|
|
$modShareReadPermission['GROUP'] = []; |
|
192
|
|
|
$modShareWritePermission['GROUP'] = []; |
|
193
|
|
|
$parModId = Module::getModuleId($par_mod); |
|
194
|
|
|
$shareModId = Module::getModuleId($share_mod); |
|
195
|
|
|
if (3 == $def_org_share[$shareModId] || 0 == $def_org_share[$shareModId]) { |
|
196
|
|
|
$roleReadPer = []; |
|
197
|
|
|
$roleWritePer = []; |
|
198
|
|
|
$grpReadPer = []; |
|
199
|
|
|
$grpWritePer = []; |
|
200
|
|
|
foreach ($mod_sharingrule_members as $sharingid => $sharingInfoArr) { |
|
201
|
|
|
$sharePermission = (new Db\Query())->select(['vtiger_datashare_relatedmodule_permission.permission']) |
|
202
|
|
|
->from('vtiger_datashare_relatedmodule_permission') |
|
203
|
|
|
->innerJoin('vtiger_datashare_relatedmodules', 'vtiger_datashare_relatedmodules.datashare_relatedmodule_id = vtiger_datashare_relatedmodule_permission.datashare_relatedmodule_id') |
|
204
|
|
|
->where([ |
|
205
|
|
|
'vtiger_datashare_relatedmodule_permission.shareid' => $sharingid, |
|
206
|
|
|
'vtiger_datashare_relatedmodules.tabid' => $parModId, |
|
207
|
|
|
'vtiger_datashare_relatedmodules.relatedto_tabid' => $shareModId, |
|
208
|
|
|
])->scalar(); |
|
209
|
|
|
foreach ($sharingInfoArr as $shareType => $shareEntArr) { |
|
210
|
|
|
foreach ($shareEntArr as $shareEntId) { |
|
211
|
|
|
if ('ROLE' == $shareType) { |
|
212
|
|
|
if (1 == $sharePermission) { |
|
213
|
|
|
if (3 == $def_org_share[$shareModId] && !isset($roleReadPer[$shareEntId])) { |
|
214
|
|
|
if (isset($mod_share_read_per['ROLE'][$shareEntId])) { |
|
215
|
|
|
$shareRoleUsers = $mod_share_read_per['ROLE'][$shareEntId]; |
|
216
|
|
|
} elseif (isset($mod_share_write_per['ROLE'][$shareEntId])) { |
|
217
|
|
|
$shareRoleUsers = $mod_share_write_per['ROLE'][$shareEntId]; |
|
218
|
|
|
} else { |
|
219
|
|
|
$shareRoleUsers = PrivilegeUtil::getUsersByRole($shareEntId); |
|
220
|
|
|
} |
|
221
|
|
|
$roleReadPer[$shareEntId] = $shareRoleUsers; |
|
222
|
|
|
} |
|
223
|
|
|
if (!isset($roleWritePer[$shareEntId])) { |
|
224
|
|
|
if (isset($mod_share_read_per['ROLE'][$shareEntId])) { |
|
225
|
|
|
$shareRoleUsers = $mod_share_read_per['ROLE'][$shareEntId]; |
|
226
|
|
|
} elseif (isset($mod_share_write_per['ROLE'][$shareEntId])) { |
|
227
|
|
|
$shareRoleUsers = $mod_share_write_per['ROLE'][$shareEntId]; |
|
228
|
|
|
} else { |
|
229
|
|
|
$shareRoleUsers = PrivilegeUtil::getUsersByRole($shareEntId); |
|
230
|
|
|
} |
|
231
|
|
|
$roleWritePer[$shareEntId] = $shareRoleUsers; |
|
232
|
|
|
} |
|
233
|
|
|
} elseif (0 == $sharePermission && 3 == $def_org_share[$shareModId]) { |
|
|
|
|
|
|
234
|
|
|
if (!isset($roleReadPer[$shareEntId])) { |
|
235
|
|
|
if (isset($mod_share_read_per['ROLE'][$shareEntId])) { |
|
236
|
|
|
$shareRoleUsers = $mod_share_read_per['ROLE'][$shareEntId]; |
|
237
|
|
|
} elseif (isset($mod_share_write_per['ROLE'][$shareEntId])) { |
|
238
|
|
|
$shareRoleUsers = $mod_share_write_per['ROLE'][$shareEntId]; |
|
239
|
|
|
} else { |
|
240
|
|
|
$shareRoleUsers = PrivilegeUtil::getUsersByRole($shareEntId); |
|
241
|
|
|
} |
|
242
|
|
|
$roleReadPer[$shareEntId] = $shareRoleUsers; |
|
243
|
|
|
} |
|
244
|
|
|
} |
|
245
|
|
|
} elseif ('GROUP' == $shareType) { |
|
246
|
|
|
if (1 == $sharePermission) { |
|
247
|
|
|
if (3 == $def_org_share[$shareModId] && !isset($grpReadPer[$shareEntId])) { |
|
248
|
|
|
if (isset($mod_share_read_per['GROUP'][$shareEntId])) { |
|
249
|
|
|
$shareGrpUsers = $mod_share_read_per['GROUP'][$shareEntId]; |
|
250
|
|
|
} elseif (isset($mod_share_write_per['GROUP'][$shareEntId])) { |
|
251
|
|
|
$shareGrpUsers = $mod_share_write_per['GROUP'][$shareEntId]; |
|
252
|
|
|
} else { |
|
253
|
|
|
$usersByGroup = PrivilegeUtil::getUsersByGroup($shareEntId, true); |
|
254
|
|
|
$shareGrpUsers = $usersByGroup['users']; |
|
255
|
|
|
foreach ($usersByGroup['subGroups'] as $subgrpid => $subgrpusers) { |
|
256
|
|
|
if (!isset($grpReadPer[$subgrpid])) { |
|
257
|
|
|
$grpReadPer[$subgrpid] = $subgrpusers; |
|
258
|
|
|
} |
|
259
|
|
|
} |
|
260
|
|
|
} |
|
261
|
|
|
$grpReadPer[$shareEntId] = $shareGrpUsers; |
|
262
|
|
|
} |
|
263
|
|
|
if (!isset($grpWritePer[$shareEntId])) { |
|
264
|
|
|
if (isset($mod_share_read_per['GROUP'][$shareEntId])) { |
|
265
|
|
|
$shareGrpUsers = $mod_share_read_per['GROUP'][$shareEntId]; |
|
266
|
|
|
} elseif (isset($mod_share_write_per['GROUP'][$shareEntId])) { |
|
267
|
|
|
$shareGrpUsers = $mod_share_write_per['GROUP'][$shareEntId]; |
|
268
|
|
|
} else { |
|
269
|
|
|
$usersByGroup = PrivilegeUtil::getUsersByGroup($shareEntId, true); |
|
270
|
|
|
$shareGrpUsers = $usersByGroup['users']; |
|
271
|
|
|
foreach ($usersByGroup['subGroups'] as $subgrpid => $subgrpusers) { |
|
272
|
|
|
if (!isset($grpWritePer[$subgrpid])) { |
|
273
|
|
|
$grpWritePer[$subgrpid] = $subgrpusers; |
|
274
|
|
|
} |
|
275
|
|
|
} |
|
276
|
|
|
} |
|
277
|
|
|
$grpWritePer[$shareEntId] = $shareGrpUsers; |
|
278
|
|
|
} |
|
279
|
|
|
} elseif (0 == $sharePermission && 3 == $def_org_share[$shareModId]) { |
|
|
|
|
|
|
280
|
|
|
if (!isset($grpReadPer[$shareEntId])) { |
|
281
|
|
|
if (isset($mod_share_read_per['GROUP'][$shareEntId])) { |
|
282
|
|
|
$shareGrpUsers = $mod_share_read_per['GROUP'][$shareEntId]; |
|
283
|
|
|
} elseif (isset($mod_share_write_per['GROUP'][$shareEntId])) { |
|
284
|
|
|
$shareGrpUsers = $mod_share_write_per['GROUP'][$shareEntId]; |
|
285
|
|
|
} else { |
|
286
|
|
|
$usersByGroup = PrivilegeUtil::getUsersByGroup($shareEntId, true); |
|
287
|
|
|
$shareGrpUsers = $usersByGroup['users']; |
|
288
|
|
|
foreach ($usersByGroup['subGroups'] as $subgrpid => $subgrpusers) { |
|
289
|
|
|
if (!isset($grpReadPer[$subgrpid])) { |
|
290
|
|
|
$grpReadPer[$subgrpid] = $subgrpusers; |
|
291
|
|
|
} |
|
292
|
|
|
} |
|
293
|
|
|
} |
|
294
|
|
|
$grpReadPer[$shareEntId] = $shareGrpUsers; |
|
295
|
|
|
} |
|
296
|
|
|
} |
|
297
|
|
|
} |
|
298
|
|
|
} |
|
299
|
|
|
} |
|
300
|
2 |
|
} |
|
301
|
2 |
|
$modShareReadPermission['ROLE'] = $roleReadPer; |
|
302
|
|
|
$modShareWritePermission['ROLE'] = $roleWritePer; |
|
303
|
2 |
|
$modShareReadPermission['GROUP'] = $grpReadPer; |
|
304
|
|
|
$modShareWritePermission['GROUP'] = $grpWritePer; |
|
305
|
|
|
} |
|
306
|
|
|
$relatedModSharingPermission['read'] = $modShareReadPermission; |
|
307
|
|
|
$relatedModSharingPermission['write'] = $modShareWritePermission; |
|
308
|
|
|
|
|
309
|
2 |
|
return $relatedModSharingPermission; |
|
310
|
|
|
} |
|
311
|
2 |
|
|
|
312
|
2 |
|
/** Function to populate the read/wirte Sharing permissions data of user/groups for the specified user into the database. |
|
313
|
|
|
* @param int $userid |
|
314
|
2 |
|
*/ |
|
315
|
|
|
public static function populateSharingtmptables($userid) |
|
316
|
2 |
|
{ |
|
317
|
2 |
|
$dbCommand = \App\Db::getInstance()->createCommand(); |
|
318
|
2 |
|
\vtlib\Deprecated::checkFileAccessForInclusion('user_privileges/sharing_privileges_' . $userid . '.php'); |
|
319
|
|
|
|
|
320
|
|
|
require 'user_privileges/sharing_privileges_' . $userid . '.php'; |
|
321
|
2 |
|
// Deleting from the existing vtiger_tables |
|
322
|
2 |
|
$tableArr = ['vtiger_tmp_read_user_sharing_per', 'vtiger_tmp_write_user_sharing_per', 'vtiger_tmp_read_group_sharing_per', 'vtiger_tmp_write_group_sharing_per', 'vtiger_tmp_read_user_rel_sharing_per', 'vtiger_tmp_write_user_rel_sharing_per', 'vtiger_tmp_read_group_rel_sharing_per', 'vtiger_tmp_write_group_rel_sharing_per']; |
|
323
|
2 |
|
foreach ($tableArr as $tableName) { |
|
324
|
2 |
|
$dbCommand->delete($tableName, ['userid' => $userid])->execute(); |
|
325
|
2 |
|
} |
|
326
|
2 |
|
// Look up for modules for which sharing access is enabled. |
|
327
|
2 |
|
$modules = \vtlib\Functions::getAllModules(true, true, 0, false, 0); |
|
328
|
2 |
|
$sharingArray = array_column($modules, 'name'); |
|
329
|
2 |
|
foreach ($sharingArray as $module) { |
|
330
|
|
|
$moduleSharingReadPermvar = $module . '_share_read_permission'; |
|
331
|
|
|
$moduleSharingWritePermvar = $module . '_share_write_permission'; |
|
332
|
2 |
|
static::populateSharingPrivileges('USER', $userid, $module, 'read', ${$moduleSharingReadPermvar}); |
|
333
|
2 |
|
static::populateSharingPrivileges('USER', $userid, $module, 'write', ${$moduleSharingWritePermvar}); |
|
334
|
2 |
|
static::populateSharingPrivileges('GROUP', $userid, $module, 'read', ${$moduleSharingReadPermvar}); |
|
335
|
2 |
|
static::populateSharingPrivileges('GROUP', $userid, $module, 'write', ${$moduleSharingWritePermvar}); |
|
336
|
2 |
|
} |
|
337
|
2 |
|
// Populating Values into the temp related sharing tables |
|
338
|
2 |
|
foreach ($related_module_share as $relTabId => $tabIdArr) { |
|
|
|
|
|
|
339
|
2 |
|
$relTabName = Module::getModuleName($relTabId); |
|
340
|
2 |
|
if (!empty($relTabName)) { |
|
341
|
2 |
|
foreach ($tabIdArr as $tabId) { |
|
342
|
2 |
|
$tabName = Module::getModuleName($tabId); |
|
343
|
|
|
$relmoduleSharingReadPermvar = $tabName . '_' . $relTabName . '_share_read_permission'; |
|
344
|
|
|
$relmoduleSharingWritePermvar = $tabName . '_' . $relTabName . '_share_write_permission'; |
|
345
|
|
|
static::populateRelatedSharingPrivileges('USER', $userid, $tabName, $relTabName, 'read', ${$relmoduleSharingReadPermvar}); |
|
346
|
2 |
|
static::populateRelatedSharingPrivileges('USER', $userid, $tabName, $relTabName, 'write', ${$relmoduleSharingWritePermvar}); |
|
347
|
|
|
static::populateRelatedSharingPrivileges('GROUP', $userid, $tabName, $relTabName, 'read', ${$relmoduleSharingReadPermvar}); |
|
348
|
|
|
static::populateRelatedSharingPrivileges('GROUP', $userid, $tabName, $relTabName, 'write', ${$relmoduleSharingWritePermvar}); |
|
349
|
|
|
} |
|
350
|
|
|
} |
|
351
|
|
|
} |
|
352
|
|
|
} |
|
353
|
|
|
|
|
354
|
|
|
/** |
|
355
|
|
|
* Function to populate the read/wirte Sharing permissions data for the specified user into the database. |
|
356
|
|
|
* |
|
357
|
2 |
|
* @param string $enttype |
|
358
|
|
|
* @param int $userId |
|
359
|
2 |
|
* @param string $module |
|
360
|
2 |
|
* @param string $pertype |
|
361
|
2 |
|
* @param bool $varArr |
|
362
|
|
|
*/ |
|
363
|
|
|
public static function populateSharingPrivileges($enttype, $userId, $module, $pertype, $varArr = false) |
|
364
|
2 |
|
{ |
|
365
|
2 |
|
$tabId = Module::getModuleId($module); |
|
366
|
2 |
|
$dbCommand = \App\Db::getInstance()->createCommand(); |
|
367
|
2 |
|
if (empty($varArr)) { |
|
368
|
2 |
|
return; |
|
369
|
|
|
} |
|
370
|
2 |
|
if ('USER' === $enttype) { |
|
371
|
2 |
|
if ('read' === $pertype) { |
|
372
|
|
|
$tableName = 'vtiger_tmp_read_user_sharing_per'; |
|
373
|
|
|
} elseif ('write' === $pertype) { |
|
374
|
|
|
$tableName = 'vtiger_tmp_write_user_sharing_per'; |
|
375
|
|
|
} |
|
376
|
|
|
$useArrr = []; |
|
377
|
|
|
if (!empty($varArr['ROLE'])) { |
|
378
|
|
|
foreach ($varArr['ROLE'] as $roleUsers) { |
|
379
|
|
|
foreach ($roleUsers as $sharedUserId) { |
|
380
|
|
|
if (!\in_array($sharedUserId, $useArrr) && $userId != $sharedUserId) { |
|
381
|
2 |
|
$dbCommand->insert($tableName, ['userid' => $userId, 'tabid' => $tabId, 'shareduserid' => $sharedUserId])->execute(); |
|
|
|
|
|
|
382
|
|
|
$useArrr[] = $sharedUserId; |
|
383
|
|
|
} |
|
384
|
|
|
} |
|
385
|
|
|
} |
|
386
|
|
|
} |
|
387
|
|
|
if (!empty($varArr['GROUP'])) { |
|
388
|
|
|
foreach ($varArr['GROUP'] as $grpUsers) { |
|
389
|
|
|
foreach ($grpUsers as $sharedUserId) { |
|
390
|
|
|
if (!\in_array($sharedUserId, $useArrr)) { |
|
391
|
2 |
|
$dbCommand->insert($tableName, ['userid' => $userId, 'tabid' => $tabId, 'shareduserid' => $sharedUserId])->execute(); |
|
392
|
2 |
|
$useArrr[] = $sharedUserId; |
|
393
|
2 |
|
} |
|
394
|
2 |
|
} |
|
395
|
2 |
|
} |
|
396
|
|
|
} |
|
397
|
2 |
|
} elseif ('GROUP' === $enttype) { |
|
398
|
2 |
|
if ('read' === $pertype) { |
|
399
|
|
|
$tableName = 'vtiger_tmp_read_group_sharing_per'; |
|
400
|
|
|
} elseif ('write' === $pertype) { |
|
401
|
|
|
$tableName = 'vtiger_tmp_write_group_sharing_per'; |
|
402
|
|
|
} |
|
403
|
|
|
$grpArr = []; |
|
404
|
|
|
if (!empty($varArr['GROUP'])) { |
|
405
|
|
|
foreach ($varArr['GROUP'] as $groupId => $grpusers) { |
|
406
|
|
|
if (!\in_array($groupId, $grpArr)) { |
|
407
|
2 |
|
$dbCommand->insert($tableName, ['userid' => $userId, 'tabid' => $tabId, 'sharedgroupid' => $groupId])->execute(); |
|
408
|
|
|
$grpArr[] = $groupId; |
|
409
|
|
|
} |
|
410
|
|
|
} |
|
411
|
|
|
} |
|
412
|
|
|
} |
|
413
|
|
|
} |
|
414
|
|
|
|
|
415
|
|
|
/** |
|
416
|
|
|
* Function to populate the read/wirte Sharing permissions related module data for the specified user into the database. |
|
417
|
|
|
* |
|
418
|
|
|
* @param string $enttype |
|
419
|
|
|
* @param int $userid |
|
420
|
2 |
|
* @param string $module |
|
421
|
|
|
* @param string $relmodule |
|
422
|
2 |
|
* @param string $pertype |
|
423
|
2 |
|
* @param bool $varArr |
|
424
|
2 |
|
* @param mixed $userId |
|
425
|
2 |
|
*/ |
|
426
|
|
|
public static function populateRelatedSharingPrivileges($enttype, $userId, $module, $relmodule, $pertype, $varArr = false) |
|
427
|
|
|
{ |
|
428
|
2 |
|
$dbCommand = \App\Db::getInstance()->createCommand(); |
|
429
|
2 |
|
$tabId = Module::getModuleId($module); |
|
430
|
2 |
|
$relTabId = Module::getModuleId($relmodule); |
|
431
|
2 |
|
if (empty($varArr)) { |
|
432
|
2 |
|
return; |
|
433
|
|
|
} |
|
434
|
2 |
|
if ('USER' === $enttype) { |
|
435
|
2 |
|
if ('read' === $pertype) { |
|
436
|
|
|
$tableName = 'vtiger_tmp_read_user_rel_sharing_per'; |
|
437
|
|
|
} elseif ('write' === $pertype) { |
|
438
|
|
|
$tableName = 'vtiger_tmp_write_user_rel_sharing_per'; |
|
439
|
|
|
} |
|
440
|
|
|
$userArr = []; |
|
441
|
|
|
if (!empty($varArr['ROLE'])) { |
|
442
|
|
|
foreach ($varArr['ROLE'] as $roleUsers) { |
|
443
|
|
|
foreach ($roleUsers as $sharedUserId) { |
|
444
|
|
|
if (!\in_array($sharedUserId, $userArr) && $userId != $sharedUserId) { |
|
445
|
2 |
|
$dbCommand->insert($tableName, ['userid' => $userId, 'tabid' => $tabId, 'relatedtabid' => $relTabId, 'shareduserid' => $sharedUserId])->execute(); |
|
|
|
|
|
|
446
|
|
|
$userArr[] = $sharedUserId; |
|
447
|
|
|
} |
|
448
|
|
|
} |
|
449
|
|
|
} |
|
450
|
|
|
} |
|
451
|
|
|
if (!empty($varArr['GROUP'])) { |
|
452
|
|
|
foreach ($varArr['GROUP'] as $grpUsers) { |
|
453
|
|
|
foreach ($grpUsers as $sharedUserId) { |
|
454
|
|
|
if (!\in_array($sharedUserId, $userArr)) { |
|
455
|
2 |
|
$dbCommand->insert($tableName, ['userid' => $userId, 'tabid' => $tabId, 'relatedtabid' => $relTabId, 'shareduserid' => $sharedUserId])->execute(); |
|
456
|
2 |
|
$userArr[] = $sharedUserId; |
|
457
|
2 |
|
} |
|
458
|
2 |
|
} |
|
459
|
2 |
|
} |
|
460
|
|
|
} |
|
461
|
2 |
|
} elseif ('GROUP' === $enttype) { |
|
462
|
2 |
|
if ('read' === $pertype) { |
|
463
|
|
|
$tableName = 'vtiger_tmp_read_group_rel_sharing_per'; |
|
464
|
|
|
} elseif ('write' === $pertype) { |
|
465
|
|
|
$tableName = 'vtiger_tmp_write_group_rel_sharing_per'; |
|
466
|
|
|
} |
|
467
|
|
|
$grpArr = []; |
|
468
|
|
|
if (!empty($varArr['GROUP'])) { |
|
469
|
|
|
foreach ($varArr['GROUP'] as $groupId => $grpUsers) { |
|
470
|
|
|
if (!\in_array($groupId, $grpArr)) { |
|
471
|
2 |
|
$dbCommand->insert($tableName, ['userid' => $userId, 'tabid' => $tabId, 'relatedtabid' => $relTabId, 'sharedgroupid' => $groupId])->execute(); |
|
472
|
|
|
$grpArr[] = $groupId; |
|
473
|
|
|
} |
|
474
|
|
|
} |
|
475
|
|
|
} |
|
476
|
|
|
} |
|
477
|
|
|
} |
|
478
|
|
|
|
|
479
|
|
|
/** |
|
480
|
|
|
* Reload user privileges file by multi company id. |
|
481
|
|
|
* |
|
482
|
|
|
* @param int $companyId |
|
483
|
|
|
*/ |
|
484
|
|
|
public static function reloadByMultiCompany(int $companyId) |
|
485
|
|
|
{ |
|
486
|
|
|
foreach (MultiCompany::getUsersByCompany($companyId) as $userId) { |
|
487
|
|
|
static::createUserPrivilegesfile($userId); |
|
488
|
|
|
} |
|
489
|
|
|
} |
|
490
|
|
|
} |
|
491
|
|
|
|
YetiForceCompany /
YetiForceCRM
Loading history...
