]> CyberLeo.Net >> Repos - Github/sugarcrm.git/blob - modules/ACL/ACLController.php
Release 6.5.16
[Github/sugarcrm.git] / modules / ACL / ACLController.php
1 <?php
2 if(!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point');
3 /*********************************************************************************
4  * SugarCRM Community Edition is a customer relationship management program developed by
5  * SugarCRM, Inc. Copyright (C) 2004-2013 SugarCRM Inc.
6  * 
7  * This program is free software; you can redistribute it and/or modify it under
8  * the terms of the GNU Affero General Public License version 3 as published by the
9  * Free Software Foundation with the addition of the following permission added
10  * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
11  * IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
12  * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
13  * 
14  * This program is distributed in the hope that it will be useful, but WITHOUT
15  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
16  * FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more
17  * details.
18  * 
19  * You should have received a copy of the GNU Affero General Public License along with
20  * this program; if not, see http://www.gnu.org/licenses or write to the Free
21  * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
22  * 02110-1301 USA.
23  * 
24  * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
25  * SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com.
26  * 
27  * The interactive user interfaces in modified source and object code versions
28  * of this program must display Appropriate Legal Notices, as required under
29  * Section 5 of the GNU Affero General Public License version 3.
30  * 
31  * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
32  * these Appropriate Legal Notices must retain the display of the "Powered by
33  * SugarCRM" logo. If the display of the logo is not reasonably feasible for
34  * technical reasons, the Appropriate Legal Notices must display the words
35  * "Powered by SugarCRM".
36  ********************************************************************************/
37
38 require_once('modules/ACLActions/actiondefs.php');
39 require_once('modules/ACL/ACLJSController.php');
40 class ACLController {
41
42
43         function checkAccess($category, $action, $is_owner=false, $type='module'){
44
45                 global $current_user;
46                 if(is_admin($current_user))return true;
47                 //calendar is a special case since it has 3 modules in it (calls, meetings, tasks)
48
49                 if($category == 'Calendar'){
50                         return ACLAction::userHasAccess($current_user->id, 'Calls', $action,$type, $is_owner) || ACLAction::userHasAccess($current_user->id, 'Meetings', $action,'module', $is_owner) || ACLAction::userHasAccess($current_user->id, 'Tasks', $action,'module', $is_owner);
51                 }
52                 if($category == 'Activities'){
53                         return ACLAction::userHasAccess($current_user->id, 'Calls', $action,$type, $is_owner) || ACLAction::userHasAccess($current_user->id, 'Meetings', $action,'module', $is_owner) || ACLAction::userHasAccess($current_user->id, 'Tasks', $action,'module', $is_owner)|| ACLAction::userHasAccess($current_user->id, 'Emails', $action,'module', $is_owner)|| ACLAction::userHasAccess($current_user->id, 'Notes', $action,'module', $is_owner);
54                 }
55                 return ACLAction::userHasAccess($current_user->id, $category, $action,$type, $is_owner);
56         }
57
58         function requireOwner($category, $value, $type='module'){
59                         global $current_user;
60                         if(is_admin($current_user))return false;
61                         return ACLAction::userNeedsOwnership($current_user->id, $category, $value,$type);
62         }
63
64         function filterModuleList(&$moduleList, $by_value=true){
65
66                 global $aclModuleList, $current_user;
67                 if(is_admin($current_user)) return;
68                 $actions = ACLAction::getUserActions($current_user->id, false);
69
70                 $compList = array();
71                 if($by_value){
72                         foreach($moduleList as $key=>$value){
73                                 $compList[$value]= $key;
74                         }
75                 }else{
76                         $compList =& $moduleList;
77                 }
78                 foreach($actions as $action_name=>$action){
79
80                         if(!empty($action['module'])){
81                                 $aclModuleList[$action_name] = $action_name;
82                                 if(isset($compList[$action_name])){
83                                         if($action['module']['access']['aclaccess'] < ACL_ALLOW_ENABLED){
84                                                 if($by_value){
85                                                         unset($moduleList[$compList[$action_name]]);
86                                                 }else{
87                                                         unset($moduleList[$action_name]);
88                                                 }
89                                         }
90                                 }
91                         }
92                 }
93                 if(isset($compList['Calendar']) &&
94                         !( ACLController::checkModuleAllowed('Calls', $actions) || ACLController::checkModuleAllowed('Meetings', $actions) || ACLController::checkModuleAllowed('Tasks', $actions)))
95             {
96                         if($by_value){
97                                 unset($moduleList[$compList['Calendar']]);
98                         }else{
99                                 unset($moduleList['Calendar']);
100                         }
101                         if(isset($compList['Activities']) && !ACLController::checkModuleAllowed('Notes', $actions)){
102                                 if($by_value){
103                                         unset($moduleList[$compList['Activities']]);
104                                 }else{
105                                         unset($moduleList['Activities']);
106                                 }
107                         }
108                 }
109
110         }
111
112         /**
113          * Check to see if the module is available for this user.
114          *
115          * @param String $module_name
116          * @return true if they are allowed.  false otherwise.
117          */
118         function checkModuleAllowed($module_name, $actions)
119         {
120             if(!empty($actions[$module_name]['module']['access']['aclaccess']) &&
121                         ACL_ALLOW_ENABLED == $actions[$module_name]['module']['access']['aclaccess'])
122                 {
123                         return true;
124                 }
125
126                 return false;
127         }
128
129         static function disabledModuleList($moduleList, $by_value=true,$view='list'){
130                 global $aclModuleList, $current_user;
131                 if(is_admin($GLOBALS['current_user'])) return array();
132                 $actions = ACLAction::getUserActions($current_user->id, false);
133                 $disabled = array();
134                 $compList = array();
135
136                 if($by_value){
137                         foreach($moduleList as $key=>$value){
138                                 $compList[$value]= $key;
139                         }
140                 }else{
141                         $compList =& $moduleList;
142                 }
143                 if(isset($moduleList['ProductTemplates'])){
144                         $moduleList['Products'] ='Products';
145                 }
146
147                 foreach($actions as $action_name=>$action){
148
149                         if(!empty($action['module'])){
150                                 $aclModuleList[$action_name] = $action_name;
151                                 if(isset($compList[$action_name])){
152                                         if($action['module']['access']['aclaccess'] < ACL_ALLOW_ENABLED || $action['module'][$view]['aclaccess'] < 0){
153                                                 if($by_value){
154                                                         $disabled[$compList[$action_name]] =$compList[$action_name] ;
155                                                 }else{
156                                                         $disabled[$action_name] = $action_name;
157                                                 }
158                                         }
159                                 }
160                         }
161                 }
162                 if(isset($compList['Calendar'])  && !( ACL_ALLOW_ENABLED == $actions['Calls']['module']['access']['aclaccess'] || ACL_ALLOW_ENABLED == $actions['Meetings']['module']['access']['aclaccess'] || ACL_ALLOW_ENABLED == $actions['Tasks']['module']['access']['aclaccess'])){
163                         if($by_value){
164                                                         $disabled[$compList['Calendar']]  = $compList['Calendar'];
165                         }else{
166                                                         $disabled['Calendar']  = 'Calendar';
167                         }
168                         if(isset($compList['Activities'])  &&!( ACL_ALLOW_ENABLED == $actions['Notes']['module']['access']['aclaccess'] || ACL_ALLOW_ENABLED == $actions['Notes']['module']['access']['aclaccess'] )){
169                                 if($by_value){
170                                                         $disabled[$compList['Activities']]  = $compList['Activities'];
171                                 }else{
172                                                         $disabled['Activities']  = 'Activities';
173                                 }
174                         }
175                 }
176                 if(isset($disabled['Products'])){
177                         $disabled['ProductTemplates'] = 'ProductTemplates';
178                 }
179
180
181                 return $disabled;
182
183         }
184
185
186
187         function addJavascript($category,$form_name='', $is_owner=false){
188                 $jscontroller = new ACLJSController($category, $form_name, $is_owner);
189                 echo $jscontroller->getJavascript();
190         }
191
192         function moduleSupportsACL($module){
193                 static $checkModules = array();
194                 global $beanFiles, $beanList;
195                 if(isset($checkModules[$module])){
196                         return $checkModules[$module];
197                 }
198                 if(!isset($beanList[$module])){
199                         $checkModules[$module] = false;
200
201                 }else{
202                         $class = $beanList[$module];
203                         require_once($beanFiles[$class]);
204                         $mod = new $class();
205                         if(!is_subclass_of($mod, 'SugarBean')){
206                                 $checkModules[$module] = false;
207                         }else{
208                                 $checkModules[$module] = $mod->bean_implements('ACL');
209                         }
210                 }
211                 return $checkModules[$module] ;
212
213         }
214
215         function displayNoAccess($redirect_home = false){
216                 echo '<script>function set_focus(){}</script><p class="error">' . translate('LBL_NO_ACCESS', 'ACL') . '</p>';
217                 if($redirect_home)echo translate('LBL_REDIRECT_TO_HOME', 'ACL') . ' <span id="seconds_left">3</span> ' . translate('LBL_SECONDS', 'ACL') . '<script> function redirect_countdown(left){document.getElementById("seconds_left").innerHTML = left; if(left == 0){document.location.href = "index.php";}else{left--; setTimeout("redirect_countdown("+ left+")", 1000)}};setTimeout("redirect_countdown(3)", 1000)</script>';
218         }
219
220 }
221
222
223
224
225
226
227
228
229
230 ?>