2 if(!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point');
3 /*********************************************************************************
4 * SugarCRM Community Edition is a customer relationship management program developed by
5 * SugarCRM, Inc. Copyright (C) 2004-2013 SugarCRM Inc.
7 * This program is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU Affero General Public License version 3 as published by the
9 * Free Software Foundation with the addition of the following permission added
10 * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
11 * IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
12 * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
14 * This program is distributed in the hope that it will be useful, but WITHOUT
15 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
16 * FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
19 * You should have received a copy of the GNU Affero General Public License along with
20 * this program; if not, see http://www.gnu.org/licenses or write to the Free
21 * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
24 * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
25 * SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com.
27 * The interactive user interfaces in modified source and object code versions
28 * of this program must display Appropriate Legal Notices, as required under
29 * Section 5 of the GNU Affero General Public License version 3.
31 * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
32 * these Appropriate Legal Notices must retain the display of the "Powered by
33 * SugarCRM" logo. If the display of the logo is not reasonably feasible for
34 * technical reasons, the Appropriate Legal Notices must display the words
35 * "Powered by SugarCRM".
36 ********************************************************************************/
38 require_once('modules/ACLActions/actiondefs.php');
39 require_once('modules/ACL/ACLJSController.php');
43 function checkAccess($category, $action, $is_owner=false, $type='module'){
46 if(is_admin($current_user))return true;
47 //calendar is a special case since it has 3 modules in it (calls, meetings, tasks)
49 if($category == 'Calendar'){
50 return ACLAction::userHasAccess($current_user->id, 'Calls', $action,$type, $is_owner) || ACLAction::userHasAccess($current_user->id, 'Meetings', $action,'module', $is_owner) || ACLAction::userHasAccess($current_user->id, 'Tasks', $action,'module', $is_owner);
52 if($category == 'Activities'){
53 return ACLAction::userHasAccess($current_user->id, 'Calls', $action,$type, $is_owner) || ACLAction::userHasAccess($current_user->id, 'Meetings', $action,'module', $is_owner) || ACLAction::userHasAccess($current_user->id, 'Tasks', $action,'module', $is_owner)|| ACLAction::userHasAccess($current_user->id, 'Emails', $action,'module', $is_owner)|| ACLAction::userHasAccess($current_user->id, 'Notes', $action,'module', $is_owner);
55 return ACLAction::userHasAccess($current_user->id, $category, $action,$type, $is_owner);
58 function requireOwner($category, $value, $type='module'){
60 if(is_admin($current_user))return false;
61 return ACLAction::userNeedsOwnership($current_user->id, $category, $value,$type);
64 function filterModuleList(&$moduleList, $by_value=true){
66 global $aclModuleList, $current_user;
67 if(is_admin($current_user)) return;
68 $actions = ACLAction::getUserActions($current_user->id, false);
72 foreach($moduleList as $key=>$value){
73 $compList[$value]= $key;
76 $compList =& $moduleList;
78 foreach($actions as $action_name=>$action){
80 if(!empty($action['module'])){
81 $aclModuleList[$action_name] = $action_name;
82 if(isset($compList[$action_name])){
83 if($action['module']['access']['aclaccess'] < ACL_ALLOW_ENABLED){
85 unset($moduleList[$compList[$action_name]]);
87 unset($moduleList[$action_name]);
93 if(isset($compList['Calendar']) &&
94 !( ACLController::checkModuleAllowed('Calls', $actions) || ACLController::checkModuleAllowed('Meetings', $actions) || ACLController::checkModuleAllowed('Tasks', $actions)))
97 unset($moduleList[$compList['Calendar']]);
99 unset($moduleList['Calendar']);
101 if(isset($compList['Activities']) && !ACLController::checkModuleAllowed('Notes', $actions)){
103 unset($moduleList[$compList['Activities']]);
105 unset($moduleList['Activities']);
113 * Check to see if the module is available for this user.
115 * @param String $module_name
116 * @return true if they are allowed. false otherwise.
118 function checkModuleAllowed($module_name, $actions)
120 if(!empty($actions[$module_name]['module']['access']['aclaccess']) &&
121 ACL_ALLOW_ENABLED == $actions[$module_name]['module']['access']['aclaccess'])
129 static function disabledModuleList($moduleList, $by_value=true,$view='list'){
130 global $aclModuleList, $current_user;
131 if(is_admin($GLOBALS['current_user'])) return array();
132 $actions = ACLAction::getUserActions($current_user->id, false);
137 foreach($moduleList as $key=>$value){
138 $compList[$value]= $key;
141 $compList =& $moduleList;
143 if(isset($moduleList['ProductTemplates'])){
144 $moduleList['Products'] ='Products';
147 foreach($actions as $action_name=>$action){
149 if(!empty($action['module'])){
150 $aclModuleList[$action_name] = $action_name;
151 if(isset($compList[$action_name])){
152 if($action['module']['access']['aclaccess'] < ACL_ALLOW_ENABLED || $action['module'][$view]['aclaccess'] < 0){
154 $disabled[$compList[$action_name]] =$compList[$action_name] ;
156 $disabled[$action_name] = $action_name;
162 if(isset($compList['Calendar']) && !( ACL_ALLOW_ENABLED == $actions['Calls']['module']['access']['aclaccess'] || ACL_ALLOW_ENABLED == $actions['Meetings']['module']['access']['aclaccess'] || ACL_ALLOW_ENABLED == $actions['Tasks']['module']['access']['aclaccess'])){
164 $disabled[$compList['Calendar']] = $compList['Calendar'];
166 $disabled['Calendar'] = 'Calendar';
168 if(isset($compList['Activities']) &&!( ACL_ALLOW_ENABLED == $actions['Notes']['module']['access']['aclaccess'] || ACL_ALLOW_ENABLED == $actions['Notes']['module']['access']['aclaccess'] )){
170 $disabled[$compList['Activities']] = $compList['Activities'];
172 $disabled['Activities'] = 'Activities';
176 if(isset($disabled['Products'])){
177 $disabled['ProductTemplates'] = 'ProductTemplates';
187 function addJavascript($category,$form_name='', $is_owner=false){
188 $jscontroller = new ACLJSController($category, $form_name, $is_owner);
189 echo $jscontroller->getJavascript();
192 function moduleSupportsACL($module){
193 static $checkModules = array();
194 global $beanFiles, $beanList;
195 if(isset($checkModules[$module])){
196 return $checkModules[$module];
198 if(!isset($beanList[$module])){
199 $checkModules[$module] = false;
202 $class = $beanList[$module];
203 require_once($beanFiles[$class]);
205 if(!is_subclass_of($mod, 'SugarBean')){
206 $checkModules[$module] = false;
208 $checkModules[$module] = $mod->bean_implements('ACL');
211 return $checkModules[$module] ;
215 function displayNoAccess($redirect_home = false){
216 echo '<script>function set_focus(){}</script><p class="error">' . translate('LBL_NO_ACCESS', 'ACL') . '</p>';
217 if($redirect_home)echo translate('LBL_REDIRECT_TO_HOME', 'ACL') . ' <span id="seconds_left">3</span> ' . translate('LBL_SECONDS', 'ACL') . '<script> function redirect_countdown(left){document.getElementById("seconds_left").innerHTML = left; if(left == 0){document.location.href = "index.php";}else{left--; setTimeout("redirect_countdown("+ left+")", 1000)}};setTimeout("redirect_countdown(3)", 1000)</script>';