mirror of
https://github.com/SuiteCRM/SuiteCRM-Core.git
synced 2025-08-29 08:17:18 +08:00
75ea167930
23d711b703 [Legacy] update install language label 58fe59c8da [Legacy] Dashlet Settings Modal Styling Fixes b880c34877 [Legacy] User Profile Mobile Styling Fixes ab33cfc7cf [Legacy] Add acls calculation on legacy list data calls 220bf5b8be [Legacy] Get list of visible modules from module name mapper a7a0754a2d Fix valid module check 020a5dcb1b [Legacy] add widget acl metadata - update acl config for top widget 89e8f7c0f2 [Legacy] Subpanels Action Button Styling Fixes 6c287af813 remove photo widgets for contacts and leads 4ac8347d61 [Legacy] Admin Release Styling Fixes 3336b10790 Suite8 ChangeLog ModalPopup Styling Fixes 8df8ad992c [Legacy] Add close menu label 1dfdf6a005 [Legacy] Add not module selected label b234b8a1fe [Legacy] Add parent type ApiBeanMapper 4def7cdfc6 [Legacy] Fix username display for unauthorized users c9771bd330 [Legacy] DetailView Header Title Overlaps fixes 0a0dd3c2c5 [Legacy] Fix htaccess generation 687d5ea7bd Fix Date Filed for Targets 5f863f4b16 [Legacy] Remove Button Hover Fixes 78672e7a27 [Legacy] Reports footer button removed fixes 4b3a9778e8 [Legacy] Reports Styling Fixes 3ab39b6584 [Legacy] Maps Button Position Fixes e50f76f3fc [Legacy] Add Tab Dashlet Sapcing Fixes d2f6433a06 [Legacy] Dashlet Setting Modal Label Fix & Button Fixes e5137262f7 [Legacy] Activity Stream Post Button Hover color fixes 71d44b7274 [Legacy] Bump version to 8.0.0-rc abafbc280b [Legacy] Remove license from install app strings 43281fae73 Fix ignore system checks valitation feab3f0abf [Legacy] Add install labels b0fc8ac7a6 [Legacy] add new install labels 8fea1b7c7f [Legacy] add install validator class e4f7648e50 [Legacy] Add Label for Subpanel Edit Line Action b8ecc0a37e [Legacy] Dashboard Mobile Styling Fixes 7d427720f5 [Legacy] History Subpanel Button Styling Fixes 63d10c40d6 [Legacy] Workflow Stying Fixes 811ad79455 [Legacy] Convert Lead Styling Fixes 01764542a1 [Legacy] Roles Styling Fixes 7ecc573f0e [Legacy] Admin Modules label font fixes 9f13c91e22 [Legacy] HomePage Mobile Fixes 005d1ac949 update legacy handlers to apply new logic considering - base actions - action resolvers - fix url navigation issue in classic view b3c7a14380 [Legacy] Module framework - move suite 8 module config to legacy 542198ac5c [Legacy] Add support for more metadata on listviewdefs e3c82fc9ea [Legacy] Add Support for all modules with parent css classes f2dd774903 [Legacy] Security Group Styling Fixes b6e5591cc4 [Legacy] Password Management Mobile Fixes 1624fdcfad [Leagcy] Email Settings Fixes e033259dac [Legacy] Products Modules Buttons fixes eae8efde52 [Legacy] OAUTH2 Clients and tokens fixes f90c5f5315 [Legacy] adapt legacy install scripts to work with Suite8 install d099fac028 [Legacy] add labels for S8 Installer 8be5c78c4c [Legacy] Add widget not found label eb4449777b [Legacy] Email Action DropDown Styling Fixes 06aff4ce92 SuiteCRM 7.12.0 Release 1cf315c98b Fix BasicSearchResults hit counter c7458ea520 Update PDF samples for compatibility with new PDF Engine a2a392f6d3 Update Reports PDF for compatibility with new PDF Engine 575561903b Update PDF Engines for backward compatibility 3ed5326ca1 Deprecate TCPDF b6c4a4941f Fix TCPDF image scale d6c47de2f5 Fix TCPDF filename 412fd0d006 Add optional malicious file scanner f88149fcfe Feature: Allow configuring the Calendar name for the Google Sync via the config. ae836af690 Fix SearchFormView visible options 5f3545193f Update workflow acceptance test 7c54f0fbc4 SuiteCRM 7.12.0-RC Release 0159e0cd86 Remove unused currency config entries 1c49d879ad Default new MySQL based installs to use utf8mb4 dee7ba0594 Clean up search setting b9b6aeae3a Cleanup old CSS files ed59f5f6d9 Add missing admin icons 732e84c6a3 Move Workflow to default as admin function 60dce30854 Update admin panel to improve grouping 6f7524b46a Fix filepath for mPDF class cdab640886 Add default Engines f79cc55782 Remove MPDFEngine Test 77d38a259d Add check for MPDF class 59261aac8d Remove PDF_Lib 49fb8525a0 Implement TCPDF git-subtree-dir: public/legacy git-subtree-split: 23d711b70345ccf90d7508ce6aa5ddc8fd3dc4dd
737 lines
30 KiB
PHP
Executable file
737 lines
30 KiB
PHP
Executable file
<?php
|
|
/**
|
|
*
|
|
* SugarCRM Community Edition is a customer relationship management program developed by
|
|
* SugarCRM, Inc. Copyright (C) 2004-2013 SugarCRM Inc.
|
|
*
|
|
* SuiteCRM is an extension to SugarCRM Community Edition developed by SalesAgility Ltd.
|
|
* Copyright (C) 2011 - 2019 SalesAgility Ltd.
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify it under
|
|
* the terms of the GNU Affero General Public License version 3 as published by the
|
|
* Free Software Foundation with the addition of the following permission added
|
|
* to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
|
|
* IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
|
|
* OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
|
|
*
|
|
* This program is distributed in the hope that it will be useful, but WITHOUT
|
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
|
* FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
|
* details.
|
|
*
|
|
* You should have received a copy of the GNU Affero General Public License along with
|
|
* this program; if not, see http://www.gnu.org/licenses or write to the Free
|
|
* Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
|
* 02110-1301 USA.
|
|
*
|
|
* You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
|
|
* SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com.
|
|
*
|
|
* The interactive user interfaces in modified source and object code versions
|
|
* of this program must display Appropriate Legal Notices, as required under
|
|
* Section 5 of the GNU Affero General Public License version 3.
|
|
*
|
|
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
|
|
* these Appropriate Legal Notices must retain the display of the "Powered by
|
|
* SugarCRM" logo and "Supercharged by SuiteCRM" logo. If the display of the logos is not
|
|
* reasonably feasible for technical reasons, the Appropriate Legal Notices must
|
|
* display the words "Powered by SugarCRM" and "Supercharged by SuiteCRM".
|
|
*/
|
|
|
|
if (!defined('sugarEntry') || !sugarEntry) {
|
|
die('Not A Valid Entry Point');
|
|
}
|
|
|
|
/* BEGIN - SECURITY GROUPS */
|
|
if (file_exists(__DIR__ . '/../../modules/ACLActions/actiondefs.override.php')) {
|
|
require_once __DIR__ . '/../../modules/ACLActions/actiondefs.override.php';
|
|
} else {
|
|
require_once __DIR__ . '/../../modules/ACLActions/actiondefs.php';
|
|
}
|
|
|
|
/* END - SECURITY GROUPS */
|
|
|
|
class ACLAction extends SugarBean
|
|
{
|
|
public $module_dir = 'ACLActions';
|
|
public $object_name = 'ACLAction';
|
|
public $table_name = 'acl_actions';
|
|
public $new_schema = true;
|
|
public $disable_custom_fields = true;
|
|
|
|
public function __construct()
|
|
{
|
|
parent::__construct();
|
|
}
|
|
|
|
/**
|
|
* static addActions($category, $type='module')
|
|
* Adds all default actions for a category/type
|
|
*
|
|
* @param STRING $category - the category (e.g module name - Accounts, Contacts)
|
|
* @param STRING $type - the type (e.g. 'module', 'field')
|
|
* @throws Exception
|
|
*/
|
|
public static function addActions($category, $type = 'module')
|
|
{
|
|
global $ACLActions;
|
|
$db = DBManagerFactory::getInstance();
|
|
|
|
if(empty($db->database)){
|
|
return;
|
|
}
|
|
|
|
if (isset($ACLActions[$type])) {
|
|
foreach ($ACLActions[$type]['actions'] as $action_name => $action_def) {
|
|
$action = BeanFactory::newBean('ACLActions');
|
|
|
|
$tableName = $action->table_name;
|
|
$actionNameQuoted = $db->quoted($action_name);
|
|
$categoryQuoted = $db->quoted($category);
|
|
$typeQuoted = $db->quoted($type);
|
|
|
|
$query = "SELECT * FROM " . $tableName .
|
|
" WHERE name = " . $actionNameQuoted .
|
|
" AND category = " . $categoryQuoted .
|
|
" AND acltype = " . $typeQuoted .
|
|
" AND deleted = 0";
|
|
|
|
$result = $db->query($query);
|
|
|
|
// Only add if an action with that name and category don't exist
|
|
$row = $db->fetchByAssoc($result);
|
|
if ($row === false) {
|
|
$action->name = $action_name;
|
|
$action->category = $category;
|
|
$action->aclaccess = $action_def['default'];
|
|
$action->acltype = $type;
|
|
$action->modified_user_id = 1;
|
|
$action->created_by = 1;
|
|
$action->save();
|
|
}
|
|
}
|
|
} else {
|
|
sugar_die("FAILED TO ADD: $category - TYPE $type NOT DEFINED IN modules/ACLActions/actiondefs.php");
|
|
}
|
|
}
|
|
|
|
/**
|
|
* static removeActions($category, $type='module')
|
|
* Removes all default actions for a category/type
|
|
*
|
|
* @param STRING $category - the category (e.g module name - Accounts, Contacts)
|
|
* @param STRING $type - the type (e.g. 'module', 'field')
|
|
* @throws Exception
|
|
*/
|
|
public static function removeActions($category, $type = 'module')
|
|
{
|
|
global $ACLActions;
|
|
$db = DBManagerFactory::getInstance();
|
|
|
|
if (isset($ACLActions[$type])) {
|
|
foreach ($ACLActions[$type]['actions'] as $action_name => $action_def) {
|
|
$action = BeanFactory::newBean('ACLActions');
|
|
|
|
$tableName = $action->table_name;
|
|
$actionNameQuoted = $db->quoted($action_name);
|
|
$categoryQuoted = $db->quoted($category);
|
|
$typeQuoted = $db->quoted($type);
|
|
|
|
$query = "SELECT * FROM " . $tableName .
|
|
" WHERE name = " . $actionNameQuoted .
|
|
" AND category = " . $categoryQuoted .
|
|
" AND acltype = " . $typeQuoted .
|
|
" AND deleted = 0";
|
|
|
|
$result = $db->query($query);
|
|
|
|
// Only add if an action with that name and category don't exist
|
|
$row = $db->fetchByAssoc($result);
|
|
if ($row !== false) {
|
|
$action->mark_deleted($row['id']);
|
|
}
|
|
}
|
|
} else {
|
|
sugar_die("FAILED TO REMOVE: $category - TYPE $type NOT DEFINED IN modules/ACLActions/actiondefs.php");
|
|
}
|
|
}
|
|
|
|
/**
|
|
* static AccessColor($access)
|
|
*
|
|
* returns the color associated with an access level
|
|
* these colors exist in the definitions in modules/ACLActions/actiondefs.php
|
|
* @param INT $access - the access level you want the color for
|
|
* @return the color either name or hex representation or false if the level does not exist
|
|
*/
|
|
protected static function AccessColor($access)
|
|
{
|
|
global $ACLActionAccessLevels;
|
|
if (isset($ACLActionAccessLevels[$access])) {
|
|
return $ACLActionAccessLevels[$access]['color'];
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* static AccessName($access)
|
|
*
|
|
* returns the translated name associated with an access level
|
|
* these label definitions exist in the definitions in modules/ACLActions/actiondefs.php
|
|
* @param INT $access - the access level you want the color for
|
|
* @return the translated access level name or false if the level does not exist
|
|
*/
|
|
public static function AccessName($access)
|
|
{
|
|
global $ACLActionAccessLevels;
|
|
if (isset($ACLActionAccessLevels[$access])) {
|
|
return translate($ACLActionAccessLevels[$access]['label'], 'ACLActions');
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* static AccessLabel($access)
|
|
*
|
|
* returns the label associated with an access level
|
|
* these label definitions exist in the definitions in modules/ACLActions/actiondefs.php
|
|
* @param INT $access - the access level you want the color for
|
|
* @return the access level label or false if the level does not exist
|
|
*/
|
|
protected static function AccessLabel($access)
|
|
{
|
|
global $ACLActionAccessLevels;
|
|
if (isset($ACLActionAccessLevels[$access])) {
|
|
$label = preg_replace('/(LBL_ACCESS_)(.*)/', '$2', $ACLActionAccessLevels[$access]['label']);
|
|
|
|
return strtolower($label);
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* static getAccessOptions()
|
|
* this is used for building select boxes
|
|
* @return array containing access levels (ints) as keys and access names as values
|
|
*/
|
|
protected static function getAccessOptions($action, $type = 'module')
|
|
{
|
|
global $ACLActions;
|
|
$options = [];
|
|
|
|
if (empty($ACLActions[$type]['actions'][$action]['aclaccess'])) {
|
|
return $options;
|
|
}
|
|
foreach ($ACLActions[$type]['actions'][$action]['aclaccess'] as $action) {
|
|
$options[$action] = self::AccessName($action);
|
|
}
|
|
|
|
return $options;
|
|
}
|
|
|
|
/**
|
|
* function static getDefaultActions()
|
|
* This function will return a list of acl actions with their default access levels
|
|
*
|
|
* @param string $type
|
|
* @param string $action
|
|
* @return array
|
|
*/
|
|
public static function getDefaultActions($type = 'module', $action = '')
|
|
{
|
|
$query = "SELECT * FROM acl_actions WHERE deleted=0 ";
|
|
if (!empty($type)) {
|
|
$query .= " AND acltype='$type'";
|
|
}
|
|
if (!empty($action)) {
|
|
$query .= "AND name='$action'";
|
|
}
|
|
$query .= " ORDER BY category";
|
|
|
|
$db = DBManagerFactory::getInstance();
|
|
$result = $db->query($query);
|
|
$default_actions = array();
|
|
while ($row = $db->fetchByAssoc($result)) {
|
|
$acl = BeanFactory::newBean('ACLActions');
|
|
$acl->populateFromRow($row);
|
|
$default_actions[] = $acl;
|
|
}
|
|
|
|
return $default_actions;
|
|
}
|
|
|
|
|
|
/**
|
|
* static getUserActions($user_id,$refresh=false, $category='', $action='')
|
|
* returns a list of user actions
|
|
* @param GUID $user_id
|
|
* @param bool $refresh
|
|
* @param string $category
|
|
* @param string $type
|
|
* @param string $action
|
|
* @return array of ACLActionsArray
|
|
*/
|
|
|
|
public static function getUserActions($user_id, $refresh = false, $category = '', $type = '', $action = '')
|
|
{
|
|
//check in the session if we already have it loaded
|
|
if (!$refresh && !empty($_SESSION['ACL'][$user_id])) {
|
|
if (empty($category) && empty($action)) {
|
|
return $_SESSION['ACL'][$user_id];
|
|
} else {
|
|
if (!empty($category) && isset($_SESSION['ACL'][$user_id][$category])) {
|
|
if (empty($action)) {
|
|
if (empty($type)) {
|
|
return $_SESSION['ACL'][$user_id][$category];
|
|
}
|
|
return isset($_SESSION['ACL'][$user_id][$category][$type]) ? $_SESSION['ACL'][$user_id][$category][$type] : null;
|
|
} else {
|
|
if (!empty($type) && isset($_SESSION['ACL'][$user_id][$category][$type][$action])) {
|
|
return $_SESSION['ACL'][$user_id][$category][$type][$action];
|
|
}
|
|
}
|
|
|
|
$aclCatType = null;
|
|
if (isset($_SESSION['ACL'][$user_id][$category][$type])) {
|
|
$aclCatType = $_SESSION['ACL'][$user_id][$category][$type];
|
|
} else {
|
|
LoggerManager::getLogger()->warn('ACL Category Type is not set for user action');
|
|
}
|
|
|
|
return $aclCatType;
|
|
} elseif (!empty($type) && isset($_SESSION['ACL'][$user_id][$category][$type][$action])) {
|
|
return $_SESSION['ACL'][$user_id][$category][$type][$action];
|
|
}
|
|
}
|
|
}
|
|
//if we don't have it loaded then lets check against the db
|
|
$additional_where = '';
|
|
$db = DBManagerFactory::getInstance();
|
|
if (!empty($category)) {
|
|
$additional_where .= " AND acl_actions.category = '$category' ";
|
|
}
|
|
if (!empty($action)) {
|
|
$additional_where .= " AND acl_actions.name = '$action' ";
|
|
}
|
|
if (!empty($type)) {
|
|
$additional_where .= " AND acl_actions.acltype = '$type' ";
|
|
}
|
|
/* BEGIN - SECURITY GROUPS */
|
|
/**
|
|
* $query = "SELECT acl_actions .*, acl_roles_actions.access_override
|
|
* FROM acl_actions
|
|
* LEFT JOIN acl_roles_users ON acl_roles_users.user_id = '$user_id' AND acl_roles_users.deleted = 0
|
|
* LEFT JOIN acl_roles_actions ON acl_roles_actions.role_id = acl_roles_users.role_id AND acl_roles_actions.action_id = acl_actions.id AND acl_roles_actions.deleted=0
|
|
* WHERE acl_actions.deleted=0 $additional_where ORDER BY category,name";
|
|
*/
|
|
$query = "(SELECT acl_actions .*, acl_roles_actions.access_override, 1 as user_role
|
|
FROM acl_actions
|
|
INNER JOIN acl_roles_users ON acl_roles_users.user_id = '$user_id' AND acl_roles_users.deleted = 0
|
|
LEFT JOIN acl_roles_actions ON acl_roles_actions.role_id = acl_roles_users.role_id AND acl_roles_actions.action_id = acl_actions.id AND acl_roles_actions.deleted=0
|
|
WHERE acl_actions.deleted=0 $additional_where )
|
|
|
|
UNION
|
|
|
|
(SELECT acl_actions .*, acl_roles_actions.access_override, 0 as user_role
|
|
FROM acl_actions
|
|
INNER JOIN securitygroups_users ON securitygroups_users.user_id = '$user_id' AND securitygroups_users.deleted = 0
|
|
INNER JOIN securitygroups_acl_roles ON securitygroups_users.securitygroup_id = securitygroups_acl_roles.securitygroup_id and securitygroups_acl_roles.deleted = 0
|
|
LEFT JOIN acl_roles_actions ON acl_roles_actions.role_id = securitygroups_acl_roles.role_id AND acl_roles_actions.action_id = acl_actions.id AND acl_roles_actions.deleted=0
|
|
WHERE acl_actions.deleted=0 $additional_where )
|
|
|
|
UNION
|
|
|
|
(SELECT acl_actions.*, 0 as access_override, -1 as user_role
|
|
FROM acl_actions
|
|
WHERE acl_actions.deleted = 0 )
|
|
|
|
ORDER BY user_role desc, category,name,access_override desc"; //want non-null to show first
|
|
/* END - SECURITY GROUPS */
|
|
$result = $db->query($query);
|
|
$selected_actions = array();
|
|
/* BEGIN - SECURITY GROUPS */
|
|
global $sugar_config;
|
|
$has_user_role = false; //used for user_role_precedence
|
|
$has_role = false; //used to determine if default actions can be ignored. If a user has a defined role don't use the defaults
|
|
/* END - SECURITY GROUPS */
|
|
while ($row = $db->fetchByAssoc($result, false)) {
|
|
/* BEGIN - SECURITY GROUPS */
|
|
if ($has_user_role == false && $row['user_role'] == 1) {
|
|
$has_user_role = true;
|
|
}
|
|
if ($has_role == false && ($row['user_role'] == 1 || $row['user_role'] ==0)) {
|
|
$has_role = true;
|
|
}
|
|
//if user roles should take precedence over group roles and we have a user role
|
|
//break when we get to processing the group roles
|
|
if ($has_user_role == true && $row['user_role'] == 0
|
|
&& isset($sugar_config['securitysuite_user_role_precedence'])
|
|
&& $sugar_config['securitysuite_user_role_precedence'] == true) {
|
|
break;
|
|
}
|
|
if ($row['user_role'] == -1 && $has_role == true) {
|
|
break; //no need for default actions when a role is assigned to the user or user's group already
|
|
}
|
|
/* END - SECURITY GROUPS */
|
|
$acl = BeanFactory::newBean('ACLActions');
|
|
$isOverride = false;
|
|
$acl->populateFromRow($row);
|
|
if (!empty($row['access_override'])) {
|
|
$acl->aclaccess = $row['access_override'];
|
|
$isOverride = true;
|
|
}
|
|
if (!isset($selected_actions[$acl->category])) {
|
|
$selected_actions[$acl->category] = array();
|
|
}
|
|
if (!isset($selected_actions[$acl->category][$acl->acltype][$acl->name])
|
|
|| (
|
|
/* BEGIN - SECURITY GROUPS - additive security*/
|
|
(
|
|
(isset($sugar_config['securitysuite_additive']) && $sugar_config['securitysuite_additive'] == true
|
|
&& $selected_actions[$acl->category][$acl->acltype][$acl->name]['aclaccess'] < $acl->aclaccess)
|
|
||
|
|
((!isset($sugar_config['securitysuite_additive']) || $sugar_config['securitysuite_additive'] == false)
|
|
&& $selected_actions[$acl->category][$acl->acltype][$acl->name]['aclaccess'] > $acl->aclaccess)
|
|
)
|
|
/* END - SECURITY GROUPS */
|
|
&& $isOverride
|
|
)
|
|
||
|
|
(
|
|
!empty($selected_actions[$acl->category][$acl->acltype][$acl->name]['isDefault'])
|
|
&& $isOverride
|
|
)
|
|
) {
|
|
$selected_actions[$acl->category][$acl->acltype][$acl->name] = $acl->toArray();
|
|
$selected_actions[$acl->category][$acl->acltype][$acl->name]['isDefault'] = !$isOverride;
|
|
}
|
|
}
|
|
|
|
//only set the session variable if it was a full list;
|
|
if (empty($category) && empty($action)) {
|
|
if (!isset($_SESSION['ACL'])) {
|
|
$_SESSION['ACL'] = array();
|
|
}
|
|
$_SESSION['ACL'][$user_id] = $selected_actions;
|
|
} elseif (empty($action) && !empty($category)) {
|
|
if (!empty($type)) {
|
|
$selectedActionCategoryType = isset($selected_actions[$category][$type]) ? $selected_actions[$category][$type] : null;
|
|
$_SESSION['ACL'][$user_id][$category][$type] = $selectedActionCategoryType;
|
|
}
|
|
$selectedActionCategory = isset($selected_actions[$category]) ? $selected_actions[$category] : null;
|
|
$_SESSION['ACL'][$user_id][$category] = $selectedActionCategory;
|
|
} elseif (!empty($action) && !empty($category) && !empty($type)) {
|
|
$_SESSION['ACL'][$user_id][$category][$type][$action] = $selected_actions[$category][$action];
|
|
}
|
|
|
|
// Sort by translated categories
|
|
uksort($selected_actions, 'ACLAction::langCompare');
|
|
|
|
return $selected_actions;
|
|
}
|
|
|
|
private static function langCompare($a, $b)
|
|
{
|
|
global $app_list_strings;
|
|
// Fallback to array key if translation is empty
|
|
$a = empty($app_list_strings['moduleList'][$a]) ? $a : $app_list_strings['moduleList'][$a];
|
|
$b = empty($app_list_strings['moduleList'][$b]) ? $b : $app_list_strings['moduleList'][$b];
|
|
if ($a == $b) {
|
|
return 0;
|
|
}
|
|
|
|
return ($a < $b) ? -1 : 1;
|
|
}
|
|
|
|
/**
|
|
* (static/ non-static)function hasAccess($is_owner= false , $access = 0)
|
|
* checks if a user has access to this acl if the user is an owner it will check if owners have access
|
|
*
|
|
* This function may either be used statically or not. If used staticlly a user must pass in an access level not equal to zero
|
|
* @param boolean $is_owner
|
|
* @param int $access
|
|
* @return true or false
|
|
*/
|
|
/* BEGIN - SECURITY GROUPS */
|
|
/**
|
|
* static function hasAccess($is_owner=false, $access = 0){
|
|
*/
|
|
public static function hasAccess($is_owner = false, $in_group = false, $access = 0, ACLAction $action = null)
|
|
{
|
|
/**
|
|
* if($access != 0 && $access == ACL_ALLOW_ALL || ($is_owner && $access == ACL_ALLOW_OWNER))return true;
|
|
* //if this exists, then this function is not static, so check the aclaccess parameter
|
|
* if(isset($this) && isset($this->aclaccess)){
|
|
* if($this->aclaccess == ACL_ALLOW_ALL || ($is_owner && $this->aclaccess == ACL_ALLOW_OWNER))
|
|
* return true;
|
|
* }
|
|
*/
|
|
if ($access != 0 && (
|
|
$access == ACL_ALLOW_ALL
|
|
|| ($is_owner && ($access == ACL_ALLOW_OWNER || $access == ACL_ALLOW_GROUP)) //if owner that's better than in group so count it...better way to clean this up?
|
|
|| ($in_group && $access == ACL_ALLOW_GROUP) //need to pass if in group with access somehow
|
|
)) {
|
|
return true;
|
|
}
|
|
if (!is_null($action) && isset($action->aclaccess)) {
|
|
if ($action->aclaccess == ACL_ALLOW_ALL
|
|
|| ($is_owner && $action->aclaccess == ($access == ACL_ALLOW_OWNER || $access == ACL_ALLOW_GROUP))
|
|
|| ($in_group && $access == ACL_ALLOW_GROUP) //need to pass if in group with access somehow
|
|
) {
|
|
return true;
|
|
}
|
|
}
|
|
|
|
return false;
|
|
}
|
|
/* END - SECURITY GROUPS */
|
|
|
|
/* BEGIN - SECURITY GROUPS */
|
|
/**
|
|
* STATIC function userNeedsSecurityGroup($user_id, $category, $action,$type='module')
|
|
* checks if a user should have ownership to do an action
|
|
* @param string $user_id GUID
|
|
* @param string $category
|
|
* @param string $action
|
|
* @param string $type
|
|
* @return bool
|
|
*/
|
|
public static function userNeedsSecurityGroup($user_id, $category, $action, $type = 'module')
|
|
{
|
|
// Check if we don't have it set in the cache if not lets reload the cache.
|
|
|
|
if (empty($_SESSION['ACL'][$user_id][$category][$type][$action])) {
|
|
self::getUserActions($user_id, false);
|
|
}
|
|
|
|
if (!empty($_SESSION['ACL'][$user_id][$category][$type][$action])) {
|
|
// Requires loose comparison.
|
|
return $_SESSION['ACL'][$user_id][$category][$type][$action]['aclaccess'] == ACL_ALLOW_GROUP;
|
|
}
|
|
|
|
return false;
|
|
}
|
|
/* END - SECURITY GROUPS */
|
|
|
|
|
|
/* BEGIN - SECURITY GROUPS - added $in_group */
|
|
|
|
/**
|
|
* static function userHasAccess($user_id, $category, $action, $is_owner = false)
|
|
*
|
|
* @param GUID $user_id the user id who you want to check access for
|
|
* @param string $category the category you would like to check access for
|
|
* @param string $action the action of that category you would like to check access for
|
|
* @param string $type
|
|
* @param bool $is_owner
|
|
* @param bool $in_group
|
|
* @return bool
|
|
*/
|
|
public static function userHasAccess(
|
|
$user_id,
|
|
$category,
|
|
$action,
|
|
$type = 'module',
|
|
$is_owner = false,
|
|
$in_group = false
|
|
) {
|
|
global $current_user;
|
|
if ($current_user->isAdminForModule($category) && !isset($_SESSION['ACL'][$user_id][$category][$type][$action]['aclaccess'])) {
|
|
return true;
|
|
}
|
|
//check if we don't have it set in the cache if not lets reload the cache
|
|
if (self::getUserAccessLevel($user_id, $category, 'access', $type) < ACL_ALLOW_ENABLED) {
|
|
return false;
|
|
}
|
|
if (empty($_SESSION['ACL'][$user_id][$category][$type][$action])) {
|
|
self::getUserActions($user_id, false);
|
|
}
|
|
|
|
if (!empty($_SESSION['ACL'][$user_id][$category][$type][$action])) {
|
|
/**
|
|
* return ACLAction::hasAccess($is_owner, $_SESSION['ACL'][$user_id][$category][$type][$action]['aclaccess']);
|
|
*/
|
|
return self::hasAccess($is_owner, $in_group,
|
|
$_SESSION['ACL'][$user_id][$category][$type][$action]['aclaccess']);
|
|
}
|
|
|
|
return false;
|
|
}
|
|
/* END - SECURITY GROUPS */
|
|
/**
|
|
* function getUserAccessLevel($user_id, $category, $action,$type='module')
|
|
* returns the access level for a given category and action
|
|
*
|
|
* @param GUID $user_id
|
|
* @param string $category
|
|
* @param string $action
|
|
* @param string $type
|
|
* @return int (ACCESS LEVEL)
|
|
*/
|
|
public static function getUserAccessLevel($user_id, $category, $action, $type = 'module')
|
|
{
|
|
if (empty($_SESSION['ACL'][$user_id][$category][$type][$action])) {
|
|
self::getUserActions($user_id, false);
|
|
}
|
|
if (!empty($_SESSION['ACL'][$user_id][$category][$type][$action])) {
|
|
if (!empty($_SESSION['ACL'][$user_id][$category][$type]['admin']) && $_SESSION['ACL'][$user_id][$category][$type]['admin']['aclaccess'] >= ACL_ALLOW_ADMIN) {
|
|
// If you have admin access for a module, all ACL's are allowed
|
|
return $_SESSION['ACL'][$user_id][$category][$type]['admin']['aclaccess'];
|
|
}
|
|
|
|
return $_SESSION['ACL'][$user_id][$category][$type][$action]['aclaccess'];
|
|
}
|
|
}
|
|
|
|
/**
|
|
* STATIC function userNeedsOwnership($user_id, $category, $action,$type='module')
|
|
* checks if a user should have ownership to do an action
|
|
*
|
|
* @param string $user_id GUID
|
|
* @param string $category
|
|
* @param string $action
|
|
* @param string $type
|
|
* @return bool
|
|
*/
|
|
public static function userNeedsOwnership($user_id, $category, $action, $type = 'module')
|
|
{
|
|
//check if we don't have it set in the cache if not lets reload the cache
|
|
|
|
if (empty($_SESSION['ACL'][$user_id][$category][$type][$action])) {
|
|
self::getUserActions($user_id, false);
|
|
}
|
|
|
|
|
|
if (!empty($_SESSION['ACL'][$user_id][$category][$type][$action])) {
|
|
// Requires loose type casting
|
|
return $_SESSION['ACL'][$user_id][$category][$type][$action]['aclaccess'] == ACL_ALLOW_OWNER;
|
|
}
|
|
return false;
|
|
}
|
|
/**
|
|
*
|
|
* static pass by ref setupCategoriesMatrix(&$categories)
|
|
* takes in an array of categories and modifes them adding display information
|
|
*
|
|
* @param unknown_type $categories
|
|
* @return array
|
|
*/
|
|
public static function setupCategoriesMatrix(&$categories)
|
|
{
|
|
global $ACLActions, $current_user;
|
|
$names = [];
|
|
$disabled = [];
|
|
foreach ($categories as $cat_name => $category) {
|
|
foreach ($category as $type_name => $type) {
|
|
foreach ($type as $act_name => $action) {
|
|
$names[$act_name] = translate($ACLActions[$type_name]['actions'][$act_name]['label'], 'ACLActions');
|
|
|
|
$actionAclAccess = null;
|
|
if (isset($action['aclaccess'])) {
|
|
$actionAclAccess = $action['aclaccess'];
|
|
} else {
|
|
LoggerManager::getLogger()->warn('Action ACL access is not set for setup Categories Matrix');
|
|
}
|
|
|
|
$categories[$cat_name][$type_name][$act_name]['accessColor'] = self::AccessColor($actionAclAccess);
|
|
if ($type_name == 'module') {
|
|
$catModAccACL = null;
|
|
if (isset($categories[$cat_name]['module']['access']['aclaccess'])) {
|
|
$catModAccACL = $categories[$cat_name]['module']['access']['aclaccess'];
|
|
} else {
|
|
LoggerManager::getLogger()->warn('Categories / category name: [' . $cat_name . '] / module / access / aclaccess is not set for ACLAction::setupCategoriesMatrix()');
|
|
}
|
|
|
|
// Requires loose comparison
|
|
if ($act_name != 'aclaccess' && $catModAccACL == ACL_ALLOW_DISABLED) {
|
|
$categories[$cat_name][$type_name][$act_name]['accessColor'] = 'darkgray';
|
|
$disabled[] = $cat_name;
|
|
}
|
|
}
|
|
|
|
$actionAclAccess = null;
|
|
if (isset($action['aclaccess'])) {
|
|
$actionAclAccess = $action['aclaccess'];
|
|
} else {
|
|
LoggerManager::getLogger()->warn('ACL Action access is not set for ACLAction::setupCategoriesMatrix()');
|
|
}
|
|
|
|
$categories[$cat_name][$type_name][$act_name]['accessName'] = ACLAction::AccessName($actionAclAccess);
|
|
$categories[$cat_name][$type_name][$act_name]['accessLabel'] = ACLAction::AccessLabel($actionAclAccess);
|
|
|
|
if ($cat_name == 'Users' && $act_name == 'admin') {
|
|
$categories[$cat_name][$type_name][$act_name]['accessOptions'][ACL_ALLOW_DEFAULT] = ACLAction::AccessName(ACL_ALLOW_DEFAULT);;
|
|
$categories[$cat_name][$type_name][$act_name]['accessOptions'][ACL_ALLOW_DEV] = ACLAction::AccessName(ACL_ALLOW_DEV);;
|
|
} else {
|
|
$categories[$cat_name][$type_name][$act_name]['accessOptions'] = ACLAction::getAccessOptions($act_name,
|
|
$type_name);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
if (!is_admin($current_user)) {
|
|
foreach ($disabled as $cat_name) {
|
|
unset($categories[$cat_name]);
|
|
}
|
|
}
|
|
|
|
return $names;
|
|
}
|
|
|
|
|
|
/**
|
|
* function toArray()
|
|
* returns this acl as an array
|
|
*
|
|
* @param bool $dbOnly
|
|
* @param bool $stringOnly
|
|
* @param bool $upperKeys
|
|
* @return array of fields with id, name, access and category
|
|
*/
|
|
public function toArray($dbOnly = false, $stringOnly = false, $upperKeys = false)
|
|
{
|
|
$array_fields = ['id', 'aclaccess'];
|
|
$arr = [];
|
|
foreach ($array_fields as $field) {
|
|
$thisField = null;
|
|
if (isset($this->$field)) {
|
|
$thisField = $this->$field;
|
|
} else {
|
|
LoggerManager::getLogger()->warn('Field is not set for ACLAction: ' . $field);
|
|
}
|
|
|
|
$arr[$field] = $thisField;
|
|
}
|
|
|
|
return $arr;
|
|
}
|
|
|
|
/**
|
|
* function fromArray($arr)
|
|
* converts an array into an acl mapping name value pairs into files
|
|
*
|
|
* @param array $arr
|
|
*/
|
|
public function fromArray($arr)
|
|
{
|
|
foreach ($arr as $name => $value) {
|
|
$this->$name = $value;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* function clearSessionCache()
|
|
* clears the session variable storing the cache information for acls
|
|
*
|
|
*/
|
|
public function clearSessionCache()
|
|
{
|
|
if (isset($_SESSION['ACL'])) {
|
|
unset($_SESSION['ACL']);
|
|
}
|
|
}
|
|
}
|
