2 if(!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point');
3 /*********************************************************************************
4 * SugarCRM Community Edition is a customer relationship management program developed by
5 * SugarCRM, Inc. Copyright (C) 2004-2012 SugarCRM Inc.
7 * This program is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU Affero General Public License version 3 as published by the
9 * Free Software Foundation with the addition of the following permission added
10 * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
11 * IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
12 * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
14 * This program is distributed in the hope that it will be useful, but WITHOUT
15 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
16 * FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
19 * You should have received a copy of the GNU Affero General Public License along with
20 * this program; if not, see http://www.gnu.org/licenses or write to the Free
21 * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
24 * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
25 * SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com.
27 * The interactive user interfaces in modified source and object code versions
28 * of this program must display Appropriate Legal Notices, as required under
29 * Section 5 of the GNU Affero General Public License version 3.
31 * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
32 * these Appropriate Legal Notices must retain the display of the "Powered by
33 * SugarCRM" logo. If the display of the logo is not reasonably feasible for
34 * technical reasons, the Appropriate Legal Notices must display the words
35 * "Powered by SugarCRM".
36 ********************************************************************************/
38 /*********************************************************************************
40 * Description: TODO: To be written.
41 * Portions created by SugarCRM are Copyright (C) SugarCRM, Inc.
42 * All Rights Reserved.
43 * Contributor(s): ______________________________________..
44 ********************************************************************************/
46 require_once('modules/MySettings/TabController.php');
48 $tabs_def = urldecode(isset($_REQUEST['display_tabs_def']) ? $_REQUEST['display_tabs_def'] : '');
49 $DISPLAY_ARR = array();
50 parse_str($tabs_def,$DISPLAY_ARR);
52 //there was an issue where a non-admin user could use a proxy tool to intercept the save on their own Employee
53 //record and swap out their record_id with the admin employee_id which would cause the email address
54 //of the non-admin user to be associated with the admin user thereby allowing the non-admin to reset the password
56 if(isset($_POST['record']) && !is_admin($GLOBALS['current_user']) && !$GLOBALS['current_user']->isAdminForModule('Employees') && ($_POST['record'] != $GLOBALS['current_user']->id))
58 sugar_die("Unauthorized access to administration.");
60 elseif (!isset($_POST['record']) && !is_admin($GLOBALS['current_user']) && !$GLOBALS['current_user']->isAdminForModule('Employees'))
62 sugar_die ("Unauthorized access to user administration.");
65 $focus = new Employee();
67 $focus->retrieve($_POST['record']);
69 //rrs bug: 30035 - I am not sure how this ever worked b/c old_reports_to_id was not populated.
70 $old_reports_to_id = $focus->reports_to_id;
72 populateFromRow($focus,$_POST);
75 $return_id = $focus->id;
78 if(isset($_POST['return_module']) && $_POST['return_module'] != "") $return_module = $_POST['return_module'];
79 else $return_module = "Employees";
80 if(isset($_POST['return_action']) && $_POST['return_action'] != "") $return_action = $_POST['return_action'];
81 else $return_action = "DetailView";
82 if(isset($_POST['return_id']) && $_POST['return_id'] != "") $return_id = $_POST['return_id'];
84 $GLOBALS['log']->debug("Saved record with id of ".$return_id);
87 header("Location: index.php?action=$return_action&module=$return_module&record=$return_id");
90 function populateFromRow(&$focus,$row){
93 //only employee specific field values need to be copied.
94 $e_fields=array('first_name','last_name','reports_to_id','description','phone_home','phone_mobile','phone_work','phone_other','phone_fax','address_street','address_city','address_state','address_country','address_country', 'address_postalcode', 'messenger_id','messenger_type');
95 if ( is_admin($GLOBALS['current_user']) ) {
96 $e_fields = array_merge($e_fields,array('title','department','employee_status'));
98 // Also add custom fields
99 foreach ($focus->field_defs as $fieldName => $field ) {
100 if ( isset($field['source']) && $field['source'] == 'custom_fields' ) {
101 $e_fields[] = $fieldName;
105 foreach($e_fields as $field)
107 $rfield = $field; // fetch returns it in lowercase only
108 if(isset($row[$rfield]))
110 $focus->$field = $row[$rfield];