1
|
|
|
<?php |
2
|
|
|
if(!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point'); |
3
|
|
|
|
4
|
|
|
|
5
|
|
|
require_once('modules/SecurityGroups/SecurityGroup.php'); |
6
|
|
|
|
7
|
|
|
require_once('include/formbase.php'); |
8
|
|
|
global $current_user, $db; |
9
|
|
|
|
10
|
|
|
|
11
|
|
|
$module = $_REQUEST['return_module']; |
12
|
|
|
$sugarbean = null; |
13
|
|
|
|
14
|
|
|
$securitygroup = $_REQUEST['massassign_group']; |
15
|
|
|
if(!isset($module) || empty($securitygroup) || !isset($securitygroup)) return; |
16
|
|
|
|
17
|
|
|
if(!empty($GLOBALS['beanList'][$module])){ |
18
|
|
|
$class = $GLOBALS['beanList'][$module]; |
19
|
|
|
if(!empty($GLOBALS['beanFiles'][$class])){ |
20
|
|
|
require_once($GLOBALS['beanFiles'][$class]); |
21
|
|
|
$sugarbean = new $class(); |
22
|
|
|
} |
23
|
|
|
} |
24
|
|
|
|
25
|
|
|
$groupFocus = new SecurityGroup(); |
26
|
|
|
$groupFocus->retrieve($securitygroup); |
27
|
|
|
|
28
|
|
|
|
29
|
|
|
|
30
|
|
|
|
31
|
|
|
|
32
|
|
|
if(!empty($_REQUEST['uid'])) $_POST['mass'] = explode(',', $_REQUEST['uid']); // coming from listview |
33
|
|
|
elseif(isset($_REQUEST['entire'])) { |
34
|
|
|
if(isset($_SESSION['export_where']) && !empty($_SESSION['export_where'])) { // bug 4679 |
35
|
|
|
$where = $_SESSION['export_where']; |
36
|
|
|
$whereArr = explode (" ", trim($where)); |
37
|
|
|
if ($whereArr[0] == trim('where')) { |
38
|
|
|
$whereClean = array_shift($whereArr); |
39
|
|
|
} |
40
|
|
|
$where = implode(" ", $whereArr); |
41
|
|
|
} else { |
42
|
|
|
$where = ''; |
43
|
|
|
} |
44
|
|
|
if(empty($order_by))$order_by = ''; |
45
|
|
|
$query = $sugarbean->create_export_query($order_by,$where); |
46
|
|
|
$result = $db->query($query,true); |
47
|
|
|
|
48
|
|
|
$new_arr = array(); |
49
|
|
|
while($val = $db->fetchByAssoc($result,-1,false)) |
50
|
|
|
{ |
51
|
|
|
array_push($new_arr, $val['id']); |
52
|
|
|
} |
53
|
|
|
$_POST['mass'] = $new_arr; |
54
|
|
|
} |
55
|
|
|
|
56
|
|
|
if(isset($_POST['mass']) && is_array($_POST['mass'])){ |
57
|
|
|
$rel_name = ""; |
58
|
|
|
foreach($_POST['mass'] as $id){ |
|
|
|
|
59
|
|
|
if(isset($_POST['Delete'])){ |
60
|
|
|
$sugarbean->retrieve($id); |
61
|
|
|
|
62
|
|
|
//if($sugarbean->ACLAccess('Delete')){ |
63
|
|
|
|
64
|
|
|
$GLOBALS['log']->debug("MassAssign - deleting relationship: $groupFocus->name"); |
65
|
|
|
if($sugarbean->module_dir == 'Users') { |
66
|
|
|
$rel_name = "SecurityGroups"; |
67
|
|
|
} else if(empty($rel_name) || !isset($rel_name)) { |
68
|
|
|
$rel_name = $groupFocus->getLinkName($sugarbean->module_dir,"SecurityGroups"); |
69
|
|
|
} |
70
|
|
|
$sugarbean->load_relationship($rel_name); |
71
|
|
|
$sugarbean->$rel_name->delete($sugarbean->id,$groupFocus->id); |
72
|
|
|
|
73
|
|
|
//As of 6.3.0 many-to-many requires a link field set in both modules...so lets bypass that |
74
|
|
|
//$groupFocus->removeGroupFromRecord($sugarbean->module_dir, $id, $groupFocus->id); |
75
|
|
|
//} |
76
|
|
|
|
77
|
|
|
|
78
|
|
|
} |
79
|
|
|
else { |
80
|
|
|
$sugarbean->retrieve($id); |
81
|
|
|
|
82
|
|
|
//if($sugarbean->ACLAccess('Save')){ |
83
|
|
|
|
84
|
|
|
$GLOBALS['log']->debug("MassAssign - adding relationship: $groupFocus->name"); |
85
|
|
|
if($sugarbean->module_dir == 'Users') { |
86
|
|
|
$rel_name = "SecurityGroups"; |
87
|
|
|
} else if(empty($rel_name) || !isset($rel_name)) { |
88
|
|
|
$rel_name = $groupFocus->getLinkName($sugarbean->module_dir,"SecurityGroups"); |
89
|
|
|
} |
90
|
|
|
$GLOBALS['log']->debug("MassAssign - adding relationship relationship name: ".$rel_name); |
91
|
|
|
$sugarbean->load_relationship($rel_name); |
92
|
|
|
$sugarbean->$rel_name->add($groupFocus->id); |
93
|
|
|
|
94
|
|
|
|
95
|
|
|
//As of 6.3.0 many-to-many requires a link field set in both modules...so lets bypass that |
96
|
|
|
/** |
97
|
|
|
//check existing |
98
|
|
|
$query = "SELECT * FROM securitygroups_records WHERE securitygroup_id='$groupFocus->id' AND record_id='$id' AND module='$sugarbean->module_dir' AND deleted=0"; |
99
|
|
|
$db = DBManagerFactory::getInstance(); |
100
|
|
|
$result = $db->query($query); |
101
|
|
|
$row = $db->fetchByAssoc($result); |
102
|
|
|
if (empty($row)) |
103
|
|
|
{ |
104
|
|
|
$groupFocus->addGroupToRecord($sugarbean->module_dir, $id, $groupFocus->id); |
105
|
|
|
} |
106
|
|
|
*/ |
107
|
|
|
|
108
|
|
|
|
109
|
|
|
//} |
110
|
|
|
} |
111
|
|
|
} |
112
|
|
|
} |
113
|
|
|
|
114
|
|
|
|
115
|
|
|
header("Location: index.php?action={$_POST['return_action']}&module={$_POST['return_module']}"); |
116
|
|
|
|
117
|
|
|
?> |
118
|
|
|
|
There are different options of fixing this problem.
If you want to be on the safe side, you can add an additional type-check:
If you are sure that the expression is traversable, you might want to add a doc comment cast to improve IDE auto-completion and static analysis:
Mark the issue as a false-positive: Just hover the remove button, in the top-right corner of this issue for more options.