2 if(!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point');
3 /*********************************************************************************
4 * SugarCRM Community Edition is a customer relationship management program developed by
5 * SugarCRM, Inc. Copyright (C) 2004-2011 SugarCRM Inc.
7 * This program is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU Affero General Public License version 3 as published by the
9 * Free Software Foundation with the addition of the following permission added
10 * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
11 * IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
12 * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
14 * This program is distributed in the hope that it will be useful, but WITHOUT
15 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
16 * FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
19 * You should have received a copy of the GNU Affero General Public License along with
20 * this program; if not, see http://www.gnu.org/licenses or write to the Free
21 * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
24 * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
25 * SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com.
27 * The interactive user interfaces in modified source and object code versions
28 * of this program must display Appropriate Legal Notices, as required under
29 * Section 5 of the GNU Affero General Public License version 3.
31 * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
32 * these Appropriate Legal Notices must retain the display of the "Powered by
33 * SugarCRM" logo. If the display of the logo is not reasonably feasible for
34 * technical reasons, the Appropriate Legal Notices must display the words
35 * "Powered by SugarCRM".
36 ********************************************************************************/
39 class ACLRole extends SugarBean{
40 var $module_dir = 'ACLRoles';
41 var $object_name = 'ACLRole';
42 var $table_name = 'acl_roles';
43 var $new_schema = true;
44 var $disable_row_level_security = true;
45 var $disable_custom_fields = true;
46 var $relationship_fields = array(
56 // bug 16790 - missing get_summary_text method led Tracker to display SugarBean's "base implementation"
57 function get_summary_text()
64 * function setAction($role_id, $action_id, $access)
66 * Sets the relationship between a role and an action and sets the access level of that relationship
68 * @param GUID $role_id - the role id
69 * @param GUID $action_id - the ACL Action id
70 * @param int $access - the access level ACL_ALLOW_ALL ACL_ALLOW_NONE ACL_ALLOW_OWNER...
72 function setAction($role_id, $action_id, $access){
73 $relationship_data = array('role_id'=>$role_id, 'action_id'=>$action_id,);
74 $additional_data = array('access_override'=>$access);
75 $this->set_relationship('acl_roles_actions',$relationship_data,true, true,$additional_data);
80 * static getUserRoles($user_id)
81 * returns a list of ACLRoles for a given user id
83 * @param GUID $user_id
84 * @return a list of ACLRole objects
86 function getUserRoles($user_id, $getAsNameArray = true){
88 //if we don't have it loaded then lets check against the db
89 $additional_where = '';
90 $query = "SELECT acl_roles.* ".
92 "INNER JOIN acl_roles_users ON acl_roles_users.user_id = '$user_id' ".
93 "AND acl_roles_users.role_id = acl_roles.id AND acl_roles_users.deleted = 0 ".
94 "WHERE acl_roles.deleted=0 ";
96 $result = $GLOBALS['db']->query($query);
97 $user_roles = array();
99 while($row = $GLOBALS['db']->fetchByAssoc($result) ){
100 $role = new ACLRole();
101 $role->populateFromRow($row);
103 $user_roles[] = $role->name;
105 $user_roles[] = $role;
112 * static getUserRoleNames($user_id)
113 * returns a list of Role names for a given user id
115 * @param GUID $user_id
116 * @return a list of ACLRole Names
118 function getUserRoleNames($user_id){
120 $user_roles = sugar_cache_retrieve("RoleMembershipNames_".$user_id);
123 //if we don't have it loaded then lets check against the db
124 $additional_where = '';
125 $query = "SELECT acl_roles.* ".
127 "INNER JOIN acl_roles_users ON acl_roles_users.user_id = '$user_id' ".
128 "AND acl_roles_users.role_id = acl_roles.id AND acl_roles_users.deleted = 0 ".
129 "WHERE acl_roles.deleted=0 ";
131 $result = $GLOBALS['db']->query($query);
132 $user_roles = array();
134 while($row = $GLOBALS['db']->fetchByAssoc($result) ){
135 $user_roles[] = $row['name'];
138 sugar_cache_put("RoleMembershipNames_".$user_id, $user_roles);
146 * static getAllRoles($returnAsArray = false)
148 * @param boolean $returnAsArray - should it return the results as an array of arrays or as an array of ACLRoles
149 * @return either an array of array representations of acl roles or an array of ACLRoles
151 function getAllRoles($returnAsArray = false){
152 $db = DBManagerFactory::getInstance();
153 $query = "SELECT acl_roles.* FROM acl_roles
154 WHERE acl_roles.deleted=0 ORDER BY name";
156 $result = $db->query($query);
159 while($row = $db->fetchByAssoc($result) ){
160 $role = new ACLRole();
161 $role->populateFromRow($row);
163 $roles[] = $role->toArray();
175 * static getRoleActions($role_id)
177 * gets the actions of a given role
179 * @param GUID $role_id
180 * @return array of actions
182 function getRoleActions($role_id, $type='module'){
184 //if we don't have it loaded then lets check against the db
185 $additional_where = '';
186 $db = DBManagerFactory::getInstance();
187 $query = "SELECT acl_actions.*";
188 //only if we have a role id do we need to join the table otherwise lets use the ones defined in acl_actions as the defaults
189 if(!empty($role_id)){
190 $query .=" ,acl_roles_actions.access_override ";
192 $query .=" FROM acl_actions ";
194 if(!empty($role_id)){
195 $query .= " LEFT JOIN acl_roles_actions ON acl_roles_actions.role_id = '$role_id' AND acl_roles_actions.action_id = acl_actions.id AND acl_roles_actions.deleted = 0";
197 $query .= " WHERE acl_actions.deleted=0 ORDER BY acl_actions.category, acl_actions.name";
198 $result = $db->query($query);
199 $role_actions = array();
201 while($row = $db->fetchByAssoc($result) ){
202 $action = new ACLAction();
203 $action->populateFromRow($row);
204 if(!empty($row['access_override'])){
205 $action->aclaccess = $row['access_override'];
207 $action->aclaccess = ACL_ALLOW_DEFAULT;
210 //#27877 . If there is no this module in beanlist , we will not show them in UI, no matter this module was deleted or not in ACL_ACTIONS table.
211 if(empty($beanList[$action->category])){
216 if(!isset($role_actions[$action->category])){
217 $role_actions[$action->category] = array();
220 $role_actions[$action->category][$action->acltype][$action->name] = $action->toArray();
224 return $role_actions;
228 * function mark_relationships_deleted($id)
230 * special case to delete acl_roles_actions relationship
232 * @param ACLRole GUID $id
234 function mark_relationships_deleted($id){
235 //we need to delete the actions relationship by hand (special case)
236 $date_modified = db_convert("'".TimeDate::getInstance()->nowDb()."'", 'datetime');
237 $query = "UPDATE acl_roles_actions SET deleted=1 , date_modified=$date_modified WHERE role_id = '$id' AND deleted=0";
238 $this->db->query($query);
239 parent::mark_relationships_deleted($id);
244 * returns this role as an array
246 * @return array of fields with id, name, description
249 $array_fields = array('id', 'name', 'description');
251 foreach($array_fields as $field){
252 if(isset($this->$field)){
253 $arr[$field] = $this->$field;
263 * converts an array into an role mapping name value pairs into files
267 function fromArray($arr){
268 foreach($arr as $name=>$value){
269 $this->$name = $value;