modules/ACL/ACLController.php

   1 <?php
   2 if(!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point');
   3 /*********************************************************************************
   4  * SugarCRM Community Edition is a customer relationship management program developed by
   5  * SugarCRM, Inc. Copyright (C) 2004-2011 SugarCRM Inc.
   6  *
   7  * This program is free software; you can redistribute it and/or modify it under
   8  * the terms of the GNU Affero General Public License version 3 as published by the
   9  * Free Software Foundation with the addition of the following permission added
  10  * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
  11  * IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
  12  * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
  13  *
  14  * This program is distributed in the hope that it will be useful, but WITHOUT
  15  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  16  * FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more
  17  * details.
  18  *
  19  * You should have received a copy of the GNU Affero General Public License along with
  20  * this program; if not, see http://www.gnu.org/licenses or write to the Free
  21  * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
  22  * 02110-1301 USA.
  23  *
  24  * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
  25  * SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com.
  26  *
  27  * The interactive user interfaces in modified source and object code versions
  28  * of this program must display Appropriate Legal Notices, as required under
  29  * Section 5 of the GNU Affero General Public License version 3.
  30  *
  31  * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
  32  * these Appropriate Legal Notices must retain the display of the "Powered by
  33  * SugarCRM" logo. If the display of the logo is not reasonably feasible for
  34  * technical reasons, the Appropriate Legal Notices must display the words
  35  * "Powered by SugarCRM".
  36  ********************************************************************************/
  37
  38 require_once('modules/ACLActions/actiondefs.php');
  39 require_once('modules/ACL/ACLJSController.php');
  40 class ACLController {
  41
  42
  43         function checkAccess($category, $action, $is_owner=false, $type='module'){
  44
  45                 global $current_user;
  46                 if(is_admin($current_user))return true;
  47                 //calendar is a special case since it has 3 modules in it (calls, meetings, tasks)
  48
  49                 if($category == 'Calendar'){
  50                         return ACLAction::userHasAccess($current_user->id, 'Calls', $action,$type, $is_owner) || ACLAction::userHasAccess($current_user->id, 'Meetings', $action,'module', $is_owner) || ACLAction::userHasAccess($current_user->id, 'Tasks', $action,'module', $is_owner);
  51                 }
  52                 if($category == 'Activities'){
  53                         return ACLAction::userHasAccess($current_user->id, 'Calls', $action,$type, $is_owner) || ACLAction::userHasAccess($current_user->id, 'Meetings', $action,'module', $is_owner) || ACLAction::userHasAccess($current_user->id, 'Tasks', $action,'module', $is_owner)|| ACLAction::userHasAccess($current_user->id, 'Emails', $action,'module', $is_owner)|| ACLAction::userHasAccess($current_user->id, 'Notes', $action,'module', $is_owner);
  54                 }
  55                 return ACLAction::userHasAccess($current_user->id, $category, $action,$type, $is_owner);
  56         }
  57
  58         function requireOwner($category, $value, $type='module'){
  59                         global $current_user;
  60                         if(is_admin($current_user))return false;
  61                         return ACLAction::userNeedsOwnership($current_user->id, $category, $value,$type);
  62         }
  63
  64         function filterModuleList(&$moduleList, $by_value=true){
  65
  66                 global $aclModuleList, $current_user;
  67                 if(is_admin($current_user)) return;
  68                 $actions = ACLAction::getUserActions($current_user->id, false);
  69
  70                 $compList = array();
  71                 if($by_value){
  72                         foreach($moduleList as $key=>$value){
  73                                 $compList[$value]= $key;
  74                         }
  75                 }else{
  76                         $compList =& $moduleList;
  77                 }
  78                 foreach($actions as $action_name=>$action){
  79
  80                         if(!empty($action['module'])){
  81                                 $aclModuleList[$action_name] = $action_name;
  82                                 if(isset($compList[$action_name])){
  83                                         if($action['module']['access']['aclaccess'] < ACL_ALLOW_ENABLED){
  84                                                 if($by_value){
  85                                                         unset($moduleList[$compList[$action_name]]);
  86                                                 }else{
  87                                                         unset($moduleList[$action_name]);
  88                                                 }
  89                                         }
  90                                 }
  91                         }
  92                 }
  93                 if(isset($compList['Calendar']) &&
  94                         !( ACLController::checkModuleAllowed('Calls', $actions) || ACLController::checkModuleAllowed('Meetings', $actions) || ACLController::checkModuleAllowed('Tasks', $actions)))
  95             {
  96                         if($by_value){
  97                                 unset($moduleList[$compList['Calendar']]);
  98                         }else{
  99                                 unset($moduleList['Calendar']);
 100                         }
 101                         if(isset($compList['Activities']) &&
 102                                 !( ACLController::checkModuleAllowed('Notes', $actions) || ACLController::checkModuleAllowed('Notes', $actions))){
 103                                 if($by_value){
 104                                         unset($moduleList[$compList['Activities']]);
 105                                 }else{
 106                                         unset($moduleList['Activities']);
 107                                 }
 108                         }
 109                 }
 110
 111         }
 112
 113         /**
 114          * Check to see if the module is available for this user.
 115          *
 116          * @param String $module_name
 117          * @return true if they are allowed.  false otherwise.
 118          */
 119         function checkModuleAllowed($module_name, $actions)
 120         {
 121             if(!empty($actions[$module_name]['module']['access']['aclaccess']) &&
 122                         ACL_ALLOW_ENABLED == $actions[$module_name]['module']['access']['aclaccess'])
 123                 {
 124                         return true;
 125                 }
 126
 127                 return false;
 128         }
 129
 130         function disabledModuleList($moduleList, $by_value=true,$view='list'){
 131                 global $aclModuleList, $current_user;
 132                 if(is_admin($GLOBALS['current_user'])) return array();
 133                 $actions = ACLAction::getUserActions($current_user->id, false);
 134                 $disabled = array();
 135                 $compList = array();
 136
 137                 if($by_value){
 138                         foreach($moduleList as $key=>$value){
 139                                 $compList[$value]= $key;
 140                         }
 141                 }else{
 142                         $compList =& $moduleList;
 143                 }
 144                 if(isset($moduleList['ProductTemplates'])){
 145                         $moduleList['Products'] ='Products';
 146                 }
 147
 148                 foreach($actions as $action_name=>$action){
 149
 150                         if(!empty($action['module'])){
 151                                 $aclModuleList[$action_name] = $action_name;
 152                                 if(isset($compList[$action_name])){
 153                                         if($action['module']['access']['aclaccess'] < ACL_ALLOW_ENABLED || $action['module'][$view]['aclaccess'] < 0){
 154                                                 if($by_value){
 155                                                         $disabled[$compList[$action_name]] =$compList[$action_name] ;
 156                                                 }else{
 157                                                         $disabled[$action_name] = $action_name;
 158                                                 }
 159                                         }
 160                                 }
 161                         }
 162                 }
 163                 if(isset($compList['Calendar'])  && !( ACL_ALLOW_ENABLED == $actions['Calls']['module']['access']['aclaccess'] || ACL_ALLOW_ENABLED == $actions['Meetings']['module']['access']['aclaccess'] || ACL_ALLOW_ENABLED == $actions['Tasks']['module']['access']['aclaccess'])){
 164                         if($by_value){
 165                                                         $disabled[$compList['Calendar']]  = $compList['Calendar'];
 166                         }else{
 167                                                         $disabled['Calendar']  = 'Calendar';
 168                         }
 169                         if(isset($compList['Activities'])  &&!( ACL_ALLOW_ENABLED == $actions['Notes']['module']['access']['aclaccess'] || ACL_ALLOW_ENABLED == $actions['Notes']['module']['access']['aclaccess'] )){
 170                                 if($by_value){
 171                                                         $disabled[$compList['Activities']]  = $compList['Activities'];
 172                                 }else{
 173                                                         $disabled['Activities']  = 'Activities';
 174                                 }
 175                         }
 176                 }
 177                 if(isset($disabled['Products'])){
 178                         $disabled['ProductTemplates'] = 'ProductTemplates';
 179                 }
 180
 181
 182                 return $disabled;
 183
 184         }
 185
 186
 187
 188         function addJavascript($category,$form_name='', $is_owner=false){
 189                 $jscontroller = new ACLJSController($category, $form_name, $is_owner);
 190                 echo $jscontroller->getJavascript();
 191         }
 192
 193         function moduleSupportsACL($module){
 194                 static $checkModules = array();
 195                 global $beanFiles, $beanList;
 196                 if(isset($checkModules[$module])){
 197                         return $checkModules[$module];
 198                 }
 199                 if(!isset($beanList[$module])){
 200                         $checkModules[$module] = false;
 201
 202                 }else{
 203                         $class = $beanList[$module];
 204                         require_once($beanFiles[$class]);
 205                         $mod = new $class();
 206                         if(!is_subclass_of($mod, 'SugarBean')){
 207                                 $checkModules[$module] = false;
 208                         }else{
 209                                 $checkModules[$module] = $mod->bean_implements('ACL');
 210                         }
 211                 }
 212                 return $checkModules[$module] ;
 213
 214         }
 215
 216         function displayNoAccess($redirect_home = false){
 217                 echo '<script>function set_focus(){}</script><p class="error">' . translate('LBL_NO_ACCESS', 'ACL') . '</p>';
 218                 if($redirect_home)echo translate('LBL_REDIRECT_TO_HOME', 'ACL') . ' <span id="seconds_left">3</span> ' . translate('LBL_SECONDS', 'ACL') . '<script> function redirect_countdown(left){document.getElementById("seconds_left").innerHTML = left; if(left == 0){document.location.href = "index.php";}else{left--; setTimeout("redirect_countdown("+ left+")", 1000)}};setTimeout("redirect_countdown(3)", 1000)</script>';
 219         }
 220
 221 }
 222
 223
 224
 225
 226
 227
 228
 229
 230
 231 ?>