* * originaly based on todo written by Joseph Engo * * -------------------------------------------- * * This program is free software; you can redistribute it and/or modify it * * under the terms of the GNU General Public License as published by the * * Free Software Foundation; either version 2 of the License, or (at your * * option) any later version. * \**************************************************************************/ /* $Id$ */ class soinfolog // DB-Layer { var $db,$db2; var $grants; var $data = array( ); var $filters = array( ); var $maybe_slashes = array ( 'info_des'=>1,'info_subject'=>1,'info_from'=>1,'info_addr'=>1 ); function soinfolog( $info_id = 0) { global $phpgw; $this->db = $phpgw->db; $this->grants = $phpgw->acl->get_grants('infolog'); $this->read( $info_id ); } function readProj($proj_id) { if ($proj_id) { if (!is_object($this->projects)) { $this->projects = createobject('projects.projects'); } if (list( $proj ) = $this->projects->read_single_project( $proj_id)) return $proj; } return False; } function readAddr($addr_id) { if ($addr_id) { if (!is_object($this->contacts)) { $this->contacts = createobject('phpgwapi.contacts'); } if (list( $addr ) = $this->contacts->read_single_entry( $addr_id )) return $addr; } return False; } function check_access( $info_id,$required_rights ) { global $phpgw_info; if ($info_id != $this->data['info_id']) // already loaded? { // dont change our own internal data, // dont use new as it changes $phpgw->db $private_info = $this; $info = $private_info->read($info_id); } else { $info = $this->data; } if (!$info || !$info_id) { return False; } $owner = $info['info_owner']; $user = $phpgw_info['user']['account_id']; $access_ok = $owner == $user || // user has all rights // ACL only on public entrys || $owner granted _PRIVATE !!($this->grants[$owner] & $required_rights) && ($info['info_access'] == 'public' || !!($this->grants[$owner] & PHPGW_ACL_PRIVATE)); // echo "check_access(info_id=$info_id (owner=$owner, user=$user),required_rights=$required_rights): access".($access_ok?"Ok":"Denied"); return $access_ok; } // sql to be AND into a query to ensure ACL is respected (incl. _PRIVATE) // filter: none|all - list all entrys user have rights to see // private|own - list only his personal entrys // (incl. those he is responsible for !!!) function aclFilter($filter = 'none') { global $phpgw_info; ereg('.*(own|privat|all|none).*',$filter,$vars); $filter = $vars[1]; if (isset($this->acl_filter[$filter])) { return $this->acl_filter[$filter]; // used cached filter if found } if (is_array($this->grants)) { while (list($user,$grant) = each($this->grants)) { // echo "

grants: user=$user, grant=$grant

"; if ($grant & (PHPGW_ACL_READ|PHPGW_ACL_EDIT)) { $public_user_list[] = $user; } if ($grant & PHPGW_ACL_PRIVATE) { $private_user_list[] = $user; } } if (count($private_user_list)) { $has_private_access = 'info_owner IN ('. implode(',',$private_user_list).')'; } } $user = $phpgw_info['user']['account_id']; $filtermethod = " (info_owner=$user"; // user has all rights // private: own entries plus the one user is responsible for if ($filter == 'private' || $filter == 'own') { $filtermethod .= " OR info_responsible=$user AND (info_access='public'".($has_private_access?" OR $has_private_access":'').')'; } else // none --> all entrys user has rights to see { if ($has_private_access) { $filtermethod .= " OR $has_private_access"; } if (count($public_user_list)) { $filtermethod .= " OR (info_access='public' AND info_owner IN(" . implode(',',$public_user_list) . '))'; } } $filtermethod .= ') '; return $this->acl_filter[$filter] = $filtermethod; // cache the filter } function statusFilter($filter = '') { ereg('.*(done|open|offer).*',$filter,$vars); $filter = $vars[1]; switch ($filter) { case 'done': return " AND info_status IN ('done','billed')"; case 'open': return " AND NOT (info_status IN ('done','billed'))"; case 'offer': return " AND info_status = 'offer'"; } return ''; } function dateFilter($filter = '') { ereg('.*(upcoming|today|overdue).*',$filter,$vars); $filter = $vars[1]; $now = getdate(time()); $tomorrow = mktime(0,0,0,$now['mon'],$now['mday']+1,$now['year']); switch ($filter) { case 'upcoming': return " AND info_startdate >= '$tomorrow'"; case 'today': return " AND info_startdate < '$tomorrow'"; case 'overdue': return " AND (info_enddate != 0 AND info_enddate < '$tomorrow')"; } return ''; } function init() { global $phpgw_info; $this->data = array( 'info_owner' => $phpgw_info['user']['account_id'], 'info_pri' => 'normal' ); } function read($info_id) // did _not_ ensure ACL { if ($info_id <= 0 || $info_id != $this->data['info_id'] && (!$this->db->query("select * FROM phpgw_infolog where info_id='$info_id'") || !$this->db->next_record())) { $this->init( ); return False; } if ($info_id != $this->data['info_id']) // data yet read in { $this->data = $this->db->Record; reset($this->maybe_slashes); while (list($key) = each($this->maybe_slashes)) { $this->data[$key] = stripslashes($this->data[$key]); } } return $this->data; } function delete($info_id) // did _not_ ensure ACL { global $phpgw_info; $this->db->query("delete FROM phpgw_infolog where info_id='$info_id' or info_id_parent='" . "$info_id' AND ((info_access='public' and info_owner != '" . $phpgw_info['user']['account_id'] . "') or (info_owner='" . $phpgw_info['user']['account_id'] . "'))" ,__LINE__,__FILE__); if ($this->data['info_id'] == $info_id) { $this->init( ); } } function write($values) // did _not_ ensure ACL { while (list($key,$val) = each($values)) { if ($key != 'info_id') { $key = 'info_'.$key; $this->data[$key] = $val; // update internal data if ($this->maybe_slashes[$key]) { $val = addslashes($val); } $cols .= ($cols ? ',' : '').$key; $vals .= ($vals ? ',' : '')."'$val'"; $query .= ($query ? ',' : '')."$key='$val'"; } } if ($values['info_id']) { $query = "UPDATE phpgw_infolog SET $query where info_id='".$values['info_id']."'"; } else { $query = "INSERT INTO phpgw_infolog ($cols) VALUES ($vals)"; /* * need to set $this->data['info_id'] with assigned autoincrement id * now data will be rereaded */ } $this->db->query($query,__LINE__,__FILE__); } function anzSubs( $info_id ) { $this->db->query('select count(*) FROM phpgw_infolog where '. "info_id_parent=$info_id",__LINE__,__FILE__); $this->db->next_record(); return $this->db->f(0); } function readIdArray($order,$sort,$filter,$cat_id,$query,$action,$addr_id, $proj_id,$info_id,$ordermethod,&$start,&$total) { if ($order) { $ordermethod = 'order by ' . $order . ' ' . $sort; } else { $ordermethod = 'order by info_datecreated desc'; // newest first } $filtermethod = $this->aclFilter($filter); $filtermethod .= $this->statusFilter($filter); $filtermethod .= $this->dateFilter($filter); // echo "

filtermethod='$filtermethod'

"; if ($cat_id) { $filtermethod .= " AND info_cat='$cat_id' "; } switch ($action) { case 'addr': $filtermethod .= " AND info_addr_id=$addr_id "; break; case 'proj': $filtermethod .= " AND info_proj_id=$proj_id "; break; } if ($query) // we search in _from, _subject and _des for $query { $sql_query = "AND (info_from like '%$query%' OR info_subject ". "like '%$query%' OR info_des like '%$query%') "; } $pid = 'AND info_id_parent='.($action == 'sp' ? $info_id : 0); if (!$phpgw_info['user']['preferences']['infolog']['listNoSubs'] && $action != 'sp') { $pid = ''; } $this->db->query("SELECT COUNT(*) FROM phpgw_infolog WHERE $filtermethod $pid $sql_query",__LINE__,__FILE__); $this->db->next_record(); $total = $this->db->f(0); if (!$start || $start > $total) { $start = 0; } $this->db->limit_query("SELECT info_id,info_id_parent FROM phpgw_infolog WHERE $filtermethod $pid $sql_query $ordermethod",$start,__LINE__,__FILE__); $ids = array( ); while ($this->db->next_record()) { $ids[$this->db->f('info_id')] = $this->db->f('info_id_parent'); } return $ids; } }