1: <?php
2: /*****************************************************************************************
3: * X2Engine Open Source Edition is a customer relationship management program developed by
4: * X2Engine, Inc. Copyright (C) 2011-2016 X2Engine Inc.
5: *
6: * This program is free software; you can redistribute it and/or modify it under
7: * the terms of the GNU Affero General Public License version 3 as published by the
8: * Free Software Foundation with the addition of the following permission added
9: * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
10: * IN WHICH THE COPYRIGHT IS OWNED BY X2ENGINE, X2ENGINE DISCLAIMS THE WARRANTY
11: * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
12: *
13: * This program is distributed in the hope that it will be useful, but WITHOUT
14: * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
15: * FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
16: * details.
17: *
18: * You should have received a copy of the GNU Affero General Public License along with
19: * this program; if not, see http://www.gnu.org/licenses or write to the Free
20: * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
21: * 02110-1301 USA.
22: *
23: * You can contact X2Engine, Inc. P.O. Box 66752, Scotts Valley,
24: * California 95067, USA. or at email address contact@x2engine.com.
25: *
26: * The interactive user interfaces in modified source and object code versions
27: * of this program must display Appropriate Legal Notices, as required under
28: * Section 5 of the GNU Affero General Public License version 3.
29: *
30: * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
31: * these Appropriate Legal Notices must retain the display of the "Powered by
32: * X2Engine" logo. If the display of the logo is not reasonably feasible for
33: * technical reasons, the Appropriate Legal Notices must display the words
34: * "Powered by X2Engine".
35: *****************************************************************************************/
36:
37: /**
38: * @package application.modules.calendar.models
39: */
40: class X2CalendarPermissions extends CActiveRecord
41: {
42: /**
43: * Returns the static model of the specified AR class.
44: * @return Contacts the static model class
45: */
46: public static function model($className=__CLASS__) {
47: return parent::model($className);
48: }
49:
50: /**
51: * @return string the associated database table name
52: */
53: public function tableName() {
54: return 'x2_calendar_permissions';
55: }
56:
57: public static function getViewableUserCalendarNames() {
58:
59: $users = User::model()->findAll( // all users
60: array(
61: 'select'=>'id, username, firstName, lastName',
62: 'index'=>'id',
63: 'condition'=>'status=1'
64: )
65: );
66:
67: // array mapping username to user's full name for user calendars we can view
68: $names = array();
69:
70: if(Yii::app()->params->isAdmin) { // admin sees all user calendars
71: foreach($users as $user) {
72: $first = $user->firstName;
73: $last = $user->lastName;
74: $fullname = Formatter::fullName($first, $last);
75: $username = $user->username;
76: $names[$username] = $fullname;
77: }
78: } else {
79: // permissions for user's that have set there permissions
80: $permissions = X2CalendarPermissions::model()->findAll(
81: array(
82: 'select'=>'user_id, other_user_id, view',
83: 'condition'=>'other_user_id=:user_id',
84: 'params'=>array(':user_id'=>Yii::app()->user->id),
85: 'index'=>'user_id',
86: )
87: );
88:
89: // user's who have there permission set up. Other user's will have default permissions
90: $checked = array();
91:
92: // loop through user's that have set there permissions
93: foreach($permissions as $permission) {
94:
95: // user gives us permission to view there calendar?
96: if($permission->view && isset($users[$permission->user_id])) {
97: $user = $users[$permission->user_id];
98: $first = $user->firstName;
99: $last = $user->lastName;
100: $fullname = Formatter::fullName($first, $last);
101: $username = $user->username;
102: $names[$username] = $fullname;
103: }
104: $checked[] = $permission->user_id;
105: }
106:
107: // user's who have not set permissions default to letting everyone see there calendar
108: foreach($users as $user) {
109: if(!in_array($user->id, $checked)) {
110: $first = $user->firstName;
111: $last = $user->lastName;
112: $fullname = Formatter::fullName($first, $last);
113: $username = $user->username;
114: $names[$username] = $fullname;
115: }
116: }
117:
118: // let current user view there own calendar
119: $user = $users[Yii::app()->user->id];
120: $first = $user->firstName;
121: $last = $user->lastName;
122: $fullname = Formatter::fullName($first, $last);
123: $username = $user->username;
124: $names[$username] = $fullname;
125:
126: }
127:
128: // put 'Web Admin' and 'Anyone' at the end of the list
129: $names['Anyone'] = 'Anyone';
130: if(isset($names['admin'])) {
131: $adminName = ucwords($names['admin']); // Round-about way
132: unset($names['admin']); // of putting admin
133: $names['admin'] = $adminName; // at the end of the list
134: }
135: if(isset($names['api']))
136: unset($names['api']);
137:
138: return $names;
139: }
140:
141: public static function getEditableUserCalendarNames() {
142: $users = User::model()->findAll( // all users
143: array(
144: 'select'=>'id, username, firstName, lastName',
145: 'index'=>'id',
146: )
147: );
148:
149: $names = array('Anyone'=>'Anyone'); // array mapping username to user's full name for user calendars we can edit
150:
151: if(Yii::app()->params->isAdmin) {
152: foreach($users as $user) {
153: $first = $user->firstName;
154: $last = $user->lastName;
155: $fullname = Formatter::fullName($first, $last);
156: $username = $user->username;
157: $names[$username] = $fullname;
158: }
159: } else {
160:
161: $permissions = X2CalendarPermissions::model()->findAll( // permissions for user's that have set there permissions
162: array(
163: 'select'=>'user_id, other_user_id, edit',
164: 'condition'=>'other_user_id=:user_id',
165: 'params'=>array(':user_id'=>Yii::app()->user->id),
166: 'index'=>'user_id',
167: )
168: );
169:
170: /* x2tempstart */
171: // safeguard to prevent invalid permissions from being used
172: // TODO: write migration script to delete old invalid permissions
173: $permissions = array_filter ($permissions, function ($permission) use ($users) {
174: return in_array ($permission->user_id, array_keys ($users));
175: });
176: /* x2tempend */
177:
178: $checked = array(); // user's who have there permission set up. Other user's will have default permissions
179: foreach($permissions as $permission) { // loop through user's that have set there permissions
180: if($permission->edit) { // user gives us permission to view there calendar?
181: $user = $users[$permission->user_id];
182: $first = $user->firstName;
183: $last = $user->lastName;
184: $fullname = Formatter::fullName($first, $last);
185: $username = $user->username;
186: $names[$username] = $fullname;
187: }
188: $checked[] = $permission->user_id;
189: }
190:
191: // user's who have not set permissions default to not letting everyone edit there calendar
192:
193: // let current user edit there own calendar
194: $user = $users[Yii::app()->user->id];
195: $first = $user->firstName;
196: $last = $user->lastName;
197: $fullname = Formatter::fullName($first, $last);
198: $username = $user->username;
199: $names[$username] = $fullname;
200:
201: }
202:
203: return $names;
204: }
205:
206:
207: public static function getUserIdsWithViewPermission($id) {
208:
209: $users = User::model()->findAll( // all users
210: array(
211: 'select'=>'id, username, firstName, lastName',
212: 'index'=>'id',
213: )
214: );
215: $permissions = X2CalendarPermissions::model()->findAll( // permissions for user's that have set there permissions
216: array(
217: 'select'=>'user_id, other_user_id, view',
218: 'condition'=>'user_id=:user_id',
219: 'params'=>array(':user_id'=>$id),
220: 'index'=>'other_user_id',
221: )
222: );
223:
224: $ids = array();
225: $ids[] = 0;
226:
227: if(count($permissions) > 0) { // user has set permissions
228: foreach($users as $user) {
229: if(isset($permissions[$user->id]) && $permissions[$user->id]->view)
230: $ids[] = $user->id;
231: }
232: } else {
233: foreach($users as $user) {
234: $ids[] = $user->id;
235: }
236: }
237:
238: return $ids;
239: }
240:
241: public static function getUserIdsWithEditPermission($id) {
242: $users = User::model()->findAll( // all users
243: array(
244: 'select'=>'id, username, firstName, lastName',
245: 'index'=>'id',
246: )
247: );
248: $permissions = X2CalendarPermissions::model()->findAll( // permissions for user's that have set there permissions
249: array(
250: 'select'=>'user_id, other_user_id, edit',
251: 'condition'=>'user_id=:user_id',
252: 'params'=>array(':user_id'=>$id),
253: 'index'=>'other_user_id',
254: )
255: );
256:
257: $ids = array();
258: $ids[] = 0;
259:
260: if(count($permissions) > 0) { // user has set permissions
261: foreach($users as $user) {
262: if(isset($permissions[$user->id]) && $permissions[$user->id]->edit)
263: $ids[] = $user->id;
264: }
265: }
266:
267: // if user hasn't set permissions, default to not let anyone edit there calendar
268:
269: return $ids;
270: }
271: }
272: