本文整理汇总了PHP中module_security::get_customer_restrictions方法的典型用法代码示例。如果您正苦于以下问题:PHP module_security::get_customer_restrictions方法的具体用法?PHP module_security::get_customer_restrictions怎么用?PHP module_security::get_customer_restrictions使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类module_security
的用法示例。
在下文中一共展示了module_security::get_customer_restrictions方法的11个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: get_files
public static function get_files($search = false, $skip_permissions = false)
{
// build up a custom search sql query based on the provided search fields
$sql = "SELECT f.* ";
$from = " FROM `" . _DB_PREFIX . "file` f ";
if (class_exists('module_customer', false)) {
$from .= " LEFT JOIN `" . _DB_PREFIX . "customer` c USING (customer_id)";
}
$where = " WHERE 1 ";
if (isset($search['generic']) && $search['generic']) {
$str = mysql_real_escape_string($search['generic']);
$where .= " AND ( ";
$where .= " f.file_name LIKE '%{$str}%' ";
//$where .= "OR u.url LIKE '%$str%' ";
$where .= ' ) ';
}
/*if(isset($search['job']) && $search['job']){
$str = mysql_real_escape_string($search['job']);
$from .= " LEFT JOIN `"._DB_PREFIX."job` j USING (job_id)";
$where .= " AND ( ";
$where .= " j.name LIKE '%$str%' ";
$where .= ' ) ';
}*/
// tricky job searching, by name or by job id.
// but we don't want to restrict it to customer if they are searching for a job.
/*
* this is the logic we have to follow:
*
$customer_access = module_customer::get_customer($file['customer_id']);
$job_access = module_job::get_job($file['job_id']);
if(
($customer_access && $customer_access['customer_id'] == $file['customer_id']) ||
($job_access && $job_access['job_id'] == $file['job_id'])
){
*/
foreach (array('file_id', 'owner_id', 'owner_table', 'status', 'bucket_parent_file_id') as $key) {
if (isset($search[$key]) && $search[$key] !== '' && $search[$key] !== false) {
$str = mysql_real_escape_string($search[$key]);
$where .= " AND f.`{$key}` = '{$str}'";
}
}
// permissions from customer module.
// tie in with customer permissions to only get jobs from customers we can access.
if (!$skip_permissions) {
switch (self::get_file_data_access()) {
case _FILE_ACCESS_ALL:
// all files, no limits on SQL here
break;
case _FILE_ACCESS_JOBS:
$jobs = module_job::get_jobs(array(), array('columns' => 'u.job_id AS job_id'));
$where .= " AND f.job_id IN ( ";
if (count($jobs)) {
foreach ($jobs as $valid_job_id) {
$where .= (int) $valid_job_id['job_id'] . ',';
}
$where = rtrim($where, ',');
} else {
$where .= ' -1 ';
}
$where .= ' ) ';
break;
case _FILE_ACCESS_ME:
$where .= " AND f.create_user_id = " . (int) module_security::get_loggedin_id();
break;
case _FILE_ACCESS_ASSIGNED:
$from .= " LEFT JOIN `" . _DB_PREFIX . "file_user_rel` cur ON f.file_id = cur.file_id";
$where .= " AND (cur.user_id = " . (int) module_security::get_loggedin_id() . ")";
break;
case _FILE_ACCESS_CUSTOMERS:
default:
if (class_exists('module_customer', false)) {
//added for compat in newsletter system that doesn't have customer module
switch (module_customer::get_customer_data_access()) {
case _CUSTOMER_ACCESS_ALL:
// all customers! so this means all files!
break;
case _CUSTOMER_ACCESS_ALL_COMPANY:
case _CUSTOMER_ACCESS_CONTACTS:
case _CUSTOMER_ACCESS_TASKS:
case _CUSTOMER_ACCESS_STAFF:
$valid_customer_ids = module_security::get_customer_restrictions();
if (count($valid_customer_ids)) {
$where .= " AND ( ";
foreach ($valid_customer_ids as $valid_customer_id) {
if (isset($search['owner_table'])) {
$where .= " (f.owner_table = 'customer' AND f.owner_id = '" . (int) $valid_customer_id . "') OR ";
} else {
$where .= " (f.customer_id = '" . (int) $valid_customer_id . "') OR ";
if (isset($search['customer_id']) && $search['customer_id'] && $search['customer_id'] == $valid_customer_id) {
unset($search['customer_id']);
}
}
}
$where = rtrim($where, 'OR ');
$where .= ' ) ';
}
break;
}
}
}
//.........这里部分代码省略.........
示例2: get_finances
//.........这里部分代码省略.........
if (isset($search['amount_from']) && $search['amount_from'] != '') {
$where .= " AND f.amount >= '" . mysql_real_escape_string($search['amount_from']) . "'";
}
if (isset($search['amount_to']) && $search['amount_to'] != '') {
$where .= " AND f.amount <= '" . mysql_real_escape_string($search['amount_to']) . "'";
}
if (isset($search['type']) && $search['type'] != '' && $search['type'] != 'ie') {
$where .= " AND f.type = '" . mysql_real_escape_string($search['type']) . "'";
}
// permissions from job module.
/*switch(module_job::get_job_access_permissions()){
case _JOB_ACCESS_ALL:
break;
case _JOB_ACCESS_ASSIGNED:
// only assigned jobs!
//$from .= " LEFT JOIN `"._DB_PREFIX."task` t ON u.job_id = t.job_id ";
//u.user_id = ".(int)module_security::get_loggedin_id()." OR
$where .= " AND (t.user_id = ".(int)module_security::get_loggedin_id().")";
break;
case _JOB_ACCESS_CUSTOMER:
break;
}*/
// permissions from customer module.
// tie in with customer permissions to only get jobs from customers we can access.
switch (module_customer::get_customer_data_access()) {
case _CUSTOMER_ACCESS_ALL:
// all customers! so this means all jobs!
break;
case _CUSTOMER_ACCESS_ALL_COMPANY:
case _CUSTOMER_ACCESS_CONTACTS:
case _CUSTOMER_ACCESS_TASKS:
case _CUSTOMER_ACCESS_STAFF:
$valid_customer_ids = module_security::get_customer_restrictions();
if (count($valid_customer_ids)) {
$where .= " AND f.customer_id IN ( ";
foreach ($valid_customer_ids as $valid_customer_id) {
$where .= (int) $valid_customer_id . ", ";
}
$where = rtrim($where, ', ');
$where .= " )";
}
}
$where .= " GROUP BY f.finance_id ";
$where .= " ORDER BY f.transaction_date DESC ";
$sql .= $where;
$finances_from_finance_db_table = qa($sql);
// invoice payments:
$finance_from_invoice_payments = array();
$finance_from_job_staff_expenses = array();
if (!$hide_invoice_payments && (!isset($search['invoice_id']) || !(int) $search['invoice_id'] > 0)) {
$sql = "SELECT j.*, f.finance_id AS existing_finance_id ";
$sql .= " FROM `" . _DB_PREFIX . "job` j ";
$sql .= " LEFT JOIN `" . _DB_PREFIX . "finance` f ON j.job_id = f.job_id AND f.job_staff_expense > 0 ";
$where = " WHERE 1 ";
//j.date_completed != '0000-00-00' ";
$where .= " AND j.`c_staff_total_amount` > 0 ";
if (isset($search['job_id']) && (int) $search['job_id'] > 0) {
$where .= " AND (j.`job_id` = " . (int) $search['job_id'] . " ) ";
}
if (isset($search['customer_id']) && (int) $search['customer_id'] > 0) {
$where .= " AND j.`customer_id` = " . (int) $search['customer_id'];
}
/*if(isset($search['generic']) && strlen(trim($search['generic']))){
$name = mysql_real_escape_string(trim($search['generic']));
$where .= " AND (i.`name` LIKE '%$name%' OR p.method LIKE '%$name%' )";
示例3: get_jobs
//.........这里部分代码省略.........
//AND ext.owner_table = 'customer'
$where .= " AND (ext.owner_table = 'job' AND ( ";
foreach ($extra_fields as $key => $val) {
$val = mysql_real_escape_string($val);
$key = mysql_real_escape_string($key);
$where .= "( ext.`extra` LIKE '%{$val}%' AND ext.`extra_key` = '{$key}') OR ";
}
$where = rtrim($where, ' OR');
$where .= ' ) )';
}
}
foreach (array('customer_id', 'website_id', 'renew_job_id', 'status', 'type', 'date_start', 'date_quote', 'quote_id') as $key) {
if (isset($search[$key]) && $search[$key] !== '' && $search[$key] !== false) {
$str = mysql_real_escape_string($search[$key]);
if ($str[0] == '!') {
// hack for != sql searching.
$str = ltrim($str, '!');
$where .= " AND u.`{$key}` != '{$str}'";
} else {
$where .= " AND u.`{$key}` = '{$str}'";
}
}
}
if (isset($search['completed']) && (int) $search['completed'] > 0) {
switch ($search['completed']) {
case 1:
// both complete and not complete jobs, dont modify query
break;
case 2:
// only completed jobs.
$where .= " AND u.date_completed != '0000-00-00'";
break;
case 3:
// only non-completed jobs.
$where .= " AND u.date_completed = '0000-00-00'";
break;
case 4:
// only quoted jobs
$where .= " AND u.date_start = '0000-00-00' AND u.date_quote != '0000-00-00'";
break;
case 5:
// only not started jobs
$where .= " AND u.date_start = '0000-00-00'";
break;
}
}
if (isset($return_options['custom_group_by'])) {
$group_order = $return_options['custom_group_by'];
} else {
$group_order = ' GROUP BY u.job_id ORDER BY u.name';
}
switch (self::get_job_access_permissions()) {
case _JOB_ACCESS_ALL:
break;
case _JOB_ACCESS_ASSIGNED:
// only assigned jobs!
$from .= " LEFT JOIN `" . _DB_PREFIX . "task` t ON u.job_id = t.job_id ";
$where .= " AND (u.user_id = " . (int) module_security::get_loggedin_id() . " OR t.user_id = " . (int) module_security::get_loggedin_id() . ")";
break;
case _JOB_ACCESS_CUSTOMER:
// tie in with customer permissions to only get jobs from customers we can access.
$customers = module_customer::get_customers();
if (count($customers)) {
$where .= " AND u.customer_id IN ( ";
foreach ($customers as $customer) {
$where .= $customer['customer_id'] . ', ';
}
$where = rtrim($where, ', ');
$where .= " ) ";
}
break;
}
// tie in with customer permissions to only get jobs from customers we can access.
switch (module_customer::get_customer_data_access()) {
case _CUSTOMER_ACCESS_ALL:
// all customers! so this means all jobs!
break;
case _CUSTOMER_ACCESS_ALL_COMPANY:
case _CUSTOMER_ACCESS_CONTACTS:
case _CUSTOMER_ACCESS_TASKS:
case _CUSTOMER_ACCESS_STAFF:
$valid_customer_ids = module_security::get_customer_restrictions();
if (count($valid_customer_ids)) {
$where .= " AND ( u.customer_id = 0 OR u.customer_id IN ( ";
foreach ($valid_customer_ids as $valid_customer_id) {
$where .= (int) $valid_customer_id . ", ";
}
$where = rtrim($where, ', ');
$where .= " )";
$where .= " )";
}
}
$sql = $sql . $from . $where . $group_order;
// echo $sql;print_r(debug_backtrace());exit;
$result = qa($sql);
//module_security::filter_data_set("job",$result);
module_cache::put('job', $cache_key, $result, $cache_timeout);
return $result;
// return get_multiple("job",$search,"job_id","fuzzy","name");
}
示例4: get_invoices
//.........这里部分代码省略.........
$where .= " AND ( ";
$where .= " u.date_paid >= '{$str}' ";
$where .= ' ) ';
}
if (isset($search['date_paid_to']) && $search['date_paid_to']) {
$str = mysql_real_escape_string(input_date($search['date_paid_to']));
$where .= " AND ( ";
$where .= " u.date_paid <= '{$str}' ";
$where .= ' ) ';
}
if (isset($search['job_id']) && (int) $search['job_id'] > 0) {
$where .= " AND ( t.`job_id` = " . (int) $search['job_id'] . ' OR ';
$where .= " u.deposit_job_id = " . (int) $search['job_id'];
$where .= ' ) ';
}
if (isset($search['deposit_job_id']) && (int) $search['deposit_job_id'] > 0) {
$where .= " AND ( u.deposit_job_id = " . (int) $search['deposit_job_id'];
$where .= ' ) ';
}
if (isset($search['customer_group_id']) && (int) $search['customer_group_id'] > 0) {
$from .= " LEFT JOIN `" . _DB_PREFIX . "group_member` gm ON (c.customer_id = gm.owner_id)";
$where .= " AND (gm.group_id = '" . (int) $search['customer_group_id'] . "' AND gm.owner_table = 'customer')";
}
if (isset($search['renewing']) && $search['renewing']) {
$where .= " AND u.date_renew != '0000-00-00' AND (u.renew_invoice_id IS NULL OR u.renew_invoice_id = 0) ";
}
switch (self::get_invoice_access_permissions()) {
case _INVOICE_ACCESS_ALL:
break;
case _INVOICE_ACCESS_STAFF:
$where .= " AND u.vendor_user_id = " . (int) module_security::get_loggedin_id();
break;
case _INVOICE_ACCESS_JOB:
$valid_job_ids = module_job::get_jobs();
$where .= " AND ( t.`job_id` IN ( ";
if (count($valid_job_ids)) {
foreach ($valid_job_ids as $valid_job_id) {
$where .= (int) $valid_job_id['job_id'] . ", ";
}
$where = rtrim($where, ', ');
} else {
$where .= ' NULL ';
}
$where .= ' ) ';
$where .= " OR ";
$where .= " u.deposit_job_id IN ( ";
if (count($valid_job_ids)) {
foreach ($valid_job_ids as $valid_job_id) {
$where .= (int) $valid_job_id['job_id'] . ", ";
}
$where = rtrim($where, ', ');
} else {
$where .= ' NULL ';
}
$where .= ' ) ';
$where .= " )";
break;
case _INVOICE_ACCESS_CUSTOMER:
$valid_customer_ids = module_security::get_customer_restrictions();
$where .= " AND u.customer_id IN ( ";
if (count($valid_customer_ids)) {
foreach ($valid_customer_ids as $valid_customer_id) {
$where .= (int) $valid_customer_id . ", ";
}
$where = rtrim($where, ', ');
} else {
$where .= ' NULL ';
}
$where .= " )";
}
// permissions from customer module.
// tie in with customer permissions to only get jobs from customers we can access.
switch (module_customer::get_customer_data_access()) {
case _CUSTOMER_ACCESS_ALL:
// all customers! so this means all jobs!
break;
case _CUSTOMER_ACCESS_ALL_COMPANY:
case _CUSTOMER_ACCESS_CONTACTS:
case _CUSTOMER_ACCESS_TASKS:
case _CUSTOMER_ACCESS_STAFF:
$valid_customer_ids = module_security::get_customer_restrictions();
$where .= " AND u.customer_id IN ( ";
if (count($valid_customer_ids)) {
foreach ($valid_customer_ids as $valid_customer_id) {
$where .= (int) $valid_customer_id . ", ";
}
$where = rtrim($where, ', ');
} else {
$where .= ' NULL ';
}
$where .= " )";
}
$group_order = ' GROUP BY u.invoice_id ORDER BY u.date_create DESC';
// stop when multiple company sites have same region
$sql = $sql . $from . $where . $group_order;
$result = qa($sql);
//module_security::filter_data_set("invoice",$result);
return $result;
// return get_multiple("invoice",$search,"invoice_id","fuzzy","name");
}
示例5: switch
<?php
/**
* Copyright: dtbaker 2012
* Licence: Please check CodeCanyon.net for licence details.
* More licence clarification available here: http://codecanyon.net/wiki/support/legal-terms/licensing-terms/
* Deploy: 9809 f200f46c2a19bb98d112f2d32a8de0c4
* Envato: 4ffca17e-861e-4921-86c3-8931978c40ca
* Package Date: 2015-11-25 02:55:20
* IP Address: 67.79.165.254
*/
$access = true;
switch ($table_name) {
case 'invoice':
default:
// check if current user can access this invoice.
if ($data && isset($data['customer_id']) && (int) $data['customer_id'] > 0) {
$valid_customer_ids = module_security::get_customer_restrictions();
if ($valid_customer_ids) {
$access = isset($valid_customer_ids[$data['customer_id']]);
if (!$access) {
return false;
}
}
}
break;
}
示例6: get_quotes
//.........这里部分代码省略.........
$from .= " LEFT JOIN `" . _DB_PREFIX . "website` w ON u.website_id = w.website_id";
// for export
}
$from .= " LEFT JOIN `" . _DB_PREFIX . "user` us ON u.user_id = us.user_id";
// for export
$where = " WHERE 1 ";
if (is_array($return_options) && isset($return_options['custom_where'])) {
// put in return options so harder to push through from user end.
$where .= $return_options['custom_where'];
}
if (isset($search['generic']) && $search['generic']) {
$str = mysql_real_escape_string($search['generic']);
$where .= " AND ( ";
$where .= " u.name LIKE '%{$str}%' ";
//OR ";
//$where .= " u.url LIKE '%$str%' ";
$where .= ' ) ';
}
foreach (array('customer_id', 'website_id', 'status', 'type', 'date_create') as $key) {
if (isset($search[$key]) && $search[$key] !== '' && $search[$key] !== false) {
$str = mysql_real_escape_string($search[$key]);
if ($str[0] == '!') {
// hack for != sql searching.
$str = ltrim($str, '!');
$where .= " AND u.`{$key}` != '{$str}'";
} else {
$where .= " AND u.`{$key}` = '{$str}'";
}
}
}
if (isset($search['ticket_id']) && (int) $search['ticket_id'] > 0) {
// join on the ticket_quote_rel tab.e
$from .= " LEFT JOIN `" . _DB_PREFIX . "ticket_quote_rel` tqr USING (quote_id)";
$where .= " AND tqr.ticket_id = " . (int) $search['ticket_id'];
}
if (isset($search['accepted']) && (int) $search['accepted'] > 0) {
switch ($search['accepted']) {
case 1:
// both complete and not complete quotes, dont modify query
break;
case 2:
// only completed quotes.
$where .= " AND u.date_approved != '0000-00-00'";
break;
case 3:
// only non-completed quotes.
$where .= " AND u.date_approved = '0000-00-00'";
break;
}
}
$group_order = ' GROUP BY u.quote_id ORDER BY u.name';
switch (self::get_quote_access_permissions()) {
case _QUOTE_ACCESS_ALL:
break;
case _QUOTE_ACCESS_ASSIGNED:
// only assigned quotes!
$from .= " LEFT JOIN `" . _DB_PREFIX . "quote_task` t ON u.quote_id = t.quote_id ";
$where .= " AND (u.user_id = " . (int) module_security::get_loggedin_id() . " OR t.user_id = " . (int) module_security::get_loggedin_id() . ")";
break;
case _QUOTE_ACCESS_CUSTOMER:
// tie in with customer permissions to only get quotes from customers we can access.
$customers = module_customer::get_customers();
if (count($customers)) {
$where .= " AND u.customer_id IN ( ";
foreach ($customers as $customer) {
$where .= $customer['customer_id'] . ', ';
}
$where = rtrim($where, ', ');
$where .= " ) ";
}
break;
}
// tie in with customer permissions to only get quotes from customers we can access.
switch (module_customer::get_customer_data_access()) {
case _CUSTOMER_ACCESS_ALL:
// all customers! so this means all quotes!
break;
case _CUSTOMER_ACCESS_ALL_COMPANY:
case _CUSTOMER_ACCESS_CONTACTS:
case _CUSTOMER_ACCESS_TASKS:
case _CUSTOMER_ACCESS_STAFF:
$valid_customer_ids = module_security::get_customer_restrictions();
if (count($valid_customer_ids)) {
$where .= " AND ( u.customer_id = 0 OR u.customer_id IN ( ";
foreach ($valid_customer_ids as $valid_customer_id) {
$where .= (int) $valid_customer_id . ", ";
}
$where = rtrim($where, ', ');
$where .= " )";
$where .= " )";
}
}
$sql = $sql . $from . $where . $group_order;
// echo $sql;print_r(debug_backtrace());exit;
$result = qa($sql);
//module_security::filter_data_set("quote",$result);
module_cache::put('quote', $cache_key, $result, $cache_timeout);
return $result;
// return get_multiple("quote",$search,"quote_id","fuzzy","name");
}
示例7: get_customer
public static function get_customer($customer_id, $skip_permissions = false, $basic_for_link = false)
{
$customer_id = (int) $customer_id;
$customer = false;
if ($customer_id > 0) {
$cache_key_args = func_get_args();
$cache_key = self::_customer_cache_key($customer_id, $cache_key_args);
$cache_timeout = module_config::c('cache_objects', 60);
if ($cached_item = module_cache::get('customer', $cache_key)) {
return $cached_item;
}
$customer = get_single("customer", "customer_id", $customer_id);
// get their address.
if ($customer && isset($customer['customer_id']) && $customer['customer_id'] == $customer_id) {
if (!$basic_for_link) {
$customer['staff_ids'] = array();
foreach (get_multiple('customer_user_rel', array('customer_id' => $customer_id), 'user_id') as $val) {
$customer['staff_ids'][] = $val['user_id'];
}
$customer['customer_address'] = module_address::get_address($customer_id, 'customer', 'physical', true);
}
switch (self::get_customer_data_access()) {
case _CUSTOMER_ACCESS_ALL:
break;
case _CUSTOMER_ACCESS_ALL_COMPANY:
case _CUSTOMER_ACCESS_CONTACTS:
case _CUSTOMER_ACCESS_TASKS:
case _CUSTOMER_ACCESS_STAFF:
$valid_customer_ids = module_security::get_customer_restrictions();
$is_valid_customer = isset($valid_customer_ids[$customer['customer_id']]);
if (!$is_valid_customer) {
if ($skip_permissions) {
$customer['_no_access'] = true;
// set a flag for custom processing. we check for this when calling get_customer with the skip permissions argument. (eg: in the ticket file listing link)
} else {
$customer = false;
}
}
break;
}
}
}
if (!$customer) {
$customer = array('customer_id' => 'new', 'customer_name' => '', 'customer_status' => _CUSTOMER_STATUS_PAID, 'primary_user_id' => '', 'credit' => '0', 'customer_address' => array(), 'staff_ids' => array(), 'customer_type_id' => self::get_current_customer_type_id());
}
if (class_exists('module_company', false) && module_company::is_enabled() && !$basic_for_link) {
$customer['company_ids'] = array();
if (isset($customer['customer_id']) && (int) $customer['customer_id'] > 0) {
foreach (module_company::get_companys_by_customer($customer['customer_id']) as $company) {
$customer['company_ids'][$company['company_id']] = $company['name'];
}
}
}
//$customer['customer_industry_id'] = get_multiple('customer_industry_rel',array('customer_id'=>$customer_id),'customer_industry_id');
//echo $customer_id;print_r($customer);exit;
if (isset($cache_key) && isset($cache_timeout)) {
module_cache::put('customer', $cache_key, $customer, $cache_timeout);
}
return $customer;
}
示例8: get_user
public static function get_user($user_id, $perms = true, $do_link = true, $basic_for_link = false)
{
//,$basic=false
$cache_key_args = func_get_args();
$cache_key = self::_user_cache_key($user_id, $cache_key_args);
$cache_timeout = module_config::c('cache_objects', 60);
if ($cached_item = module_cache::get('user', $cache_key)) {
return $cached_item;
}
$user = get_single("user", "user_id", $user_id);
if ($do_link && $user && isset($user['linked_parent_user_id']) && $user['linked_parent_user_id'] && $user['linked_parent_user_id'] != $user['user_id']) {
$user = self::get_user($user['linked_parent_user_id']);
module_cache::put('user', $cache_key, $user, $cache_timeout);
return $user;
}
if ($user) {
if ($basic_for_link) {
module_cache::put('user', $cache_key, $user, $cache_timeout);
return $user;
}
// if this user is a linked contact to the current contact then we allow access.
if (isset($user['linked_parent_user_id']) && $user['linked_parent_user_id'] == module_security::get_loggedin_id()) {
// allow all access.
} else {
if (class_exists('module_customer', false)) {
if ($user) {
switch (module_user::get_user_data_access()) {
case _USER_ACCESS_ME:
if ($user['user_id'] != module_security::get_loggedin_id()) {
if ($perms) {
$user = false;
} else {
// eg for linking.
$user['_perms'] = false;
}
}
break;
case _USER_ACCESS_CONTACTS:
if (!$user['customer_id'] && !$user['vendor_id'] && $user['user_id'] != module_security::get_loggedin_id()) {
// this user is not a customer contact, don't let them access it.
if ($perms) {
$user = false;
} else {
// eg for linking.
$user['_perms'] = false;
}
}
break;
case _USER_ACCESS_ALL:
default:
// all user accounts.
break;
}
}
if ($user && $user['customer_id'] > 0) {
switch (module_customer::get_customer_data_access()) {
case _CUSTOMER_ACCESS_ALL:
// all customers! so this means all jobs!
break;
case _CUSTOMER_ACCESS_ALL_COMPANY:
case _CUSTOMER_ACCESS_CONTACTS:
case _CUSTOMER_ACCESS_TASKS:
case _CUSTOMER_ACCESS_STAFF:
$valid_customer_ids = module_security::get_customer_restrictions();
$is_valid_user = isset($valid_customer_ids[$user['customer_id']]);
if (!$is_valid_user) {
if ($perms) {
$user = false;
} else {
// eg for linking.
$user['_perms'] = false;
}
}
}
}
}
if ($user && $user['vendor_id'] > 0) {
switch (module_vendor::get_vendor_data_access()) {
case _VENDOR_ACCESS_ALL:
// all vendors! so this means all jobs!
break;
case _VENDOR_ACCESS_ALL_COMPANY:
case _VENDOR_ACCESS_CONTACTS:
$valid_vendor_check = module_vendor::get_vendor($user['vendor_id']);
$is_valid_user = $valid_vendor_check && isset($valid_vendor_check['vendor_id']) && $valid_vendor_check['vendor_id'] == $user['vendor_id'];
if (!$is_valid_user) {
if ($perms) {
$user = false;
} else {
// eg for linking.
$user['_perms'] = false;
}
}
}
}
}
}
if (!$user) {
$user = array('user_id' => 'new', 'customer_id' => 0, 'vendor_id' => 0, 'name' => '', 'last_name' => '', 'email' => '', 'password' => '', 'phone' => '', 'mobile' => '', 'fax' => '', 'roles' => array(), 'language' => module_config::c('default_language', 'en'), 'company_ids' => array());
$use_master_key = self::get_contact_master_key();
//.........这里部分代码省略.........
示例9: print_heading
/**
* Copyright: dtbaker 2012
* Licence: Please check CodeCanyon.net for licence details.
* More licence clarification available here: http://codecanyon.net/wiki/support/legal-terms/licensing-terms/
* Deploy: 9809 f200f46c2a19bb98d112f2d32a8de0c4
* Envato: 4ffca17e-861e-4921-86c3-8931978c40ca
* Package Date: 2015-11-25 02:55:20
* IP Address: 67.79.165.254
*/
print_heading(array('main' => true, 'type' => 'h2', 'title' => 'Calendar'));
$customer_id = isset($_REQUEST['customer_id']) ? (int) $_REQUEST['customer_id'] : false;
$customer_access = module_customer::get_customer_data_access();
if ($customer_access && $customer_access != _CUSTOMER_ACCESS_ALL) {
// restricted to what customers we can see. is it only 1?
$customer_access_ids = module_security::get_customer_restrictions();
if (count($customer_access_ids) == 1) {
$customer_access_id = current($customer_access_ids);
if ($customer_access_id > 0) {
$customer_id = $customer_access_id;
}
}
}
$base_path = _BASE_HREF . 'includes/plugin_calendar/wdCalendar/';
?>
<link href="<?php
echo $base_path;
?>
css/calendar.css" rel="stylesheet" type="text/css" />
<link href="<?php
echo $base_path;
示例10: get_website
public static function get_website($website_id)
{
$website = get_single("website", "website_id", $website_id);
if ($website) {
switch (module_customer::get_customer_data_access()) {
case _CUSTOMER_ACCESS_ALL:
// all customers! so this means all jobs!
break;
case _CUSTOMER_ACCESS_ALL_COMPANY:
case _CUSTOMER_ACCESS_CONTACTS:
case _CUSTOMER_ACCESS_STAFF:
$valid_customer_ids = module_security::get_customer_restrictions();
$is_valid_website = isset($valid_customer_ids[$website['customer_id']]);
if (!$is_valid_website) {
$website = false;
}
break;
case _CUSTOMER_ACCESS_TASKS:
// only customers who have linked jobs that I am assigned to.
$has_job_access = false;
if (isset($website['customer_id']) && $website['customer_id']) {
$jobs = module_job::get_jobs(array('customer_id' => $website['customer_id']));
foreach ($jobs as $job) {
if ($job['user_id'] == module_security::get_loggedin_id()) {
$has_job_access = true;
break;
}
$tasks = module_job::get_tasks($job['job_id']);
foreach ($tasks as $task) {
if ($task['user_id'] == module_security::get_loggedin_id()) {
$has_job_access = true;
break;
}
}
}
}
if (!$has_job_access) {
$website = false;
}
break;
}
}
if (!$website) {
$website = array('website_id' => 'new', 'customer_id' => isset($_REQUEST['customer_id']) ? $_REQUEST['customer_id'] : 0, 'name' => '', 'status' => module_config::s('website_status_default', 'New'), 'url' => '');
}
return $website;
}
示例11: get_ticket
public static function get_ticket($ticket_id, $full = true)
{
$cache_key_args = func_get_args();
$cache_key = self::_ticket_cache_key($ticket_id, $cache_key_args);
$cache_timeout = module_config::c('cache_objects', 60);
if ($cached_item = module_cache::get('ticket', $cache_key)) {
return $cached_item;
}
$ticket_access = self::get_ticket_data_access();
$ticket_id = (int) $ticket_id;
$ticket = false;
if ($ticket_id > 0) {
//$ticket = get_single("ticket","ticket_id",$ticket_id);
$sql = "SELECT * FROM `" . _DB_PREFIX . "ticket` t WHERE t.ticket_id = {$ticket_id} ";
switch ($ticket_access) {
case _TICKET_ACCESS_ALL:
break;
case _TICKET_ACCESS_ASSIGNED:
// we only want tickets assigned to me.
//$sql .= " AND t.assigned_user_id = '".(int)module_security::get_loggedin_id()."'";
$sql .= " AND (t.assigned_user_id = '" . (int) module_security::get_loggedin_id() . "' OR t.assigned_user_id = 0)";
break;
case _TICKET_ACCESS_CREATED:
// we only want tickets I created.
$sql .= " AND t.user_id = '" . (int) module_security::get_loggedin_id() . "'";
break;
case _TICKET_ACCESS_CUSTOMER:
$valid_customer_ids = module_security::get_customer_restrictions();
if (is_array($valid_customer_ids) && count($valid_customer_ids)) {
$sql .= " AND ( ";
foreach ($valid_customer_ids as $valid_customer_id) {
$sql .= " t.customer_id = '" . (int) $valid_customer_id . "' OR ";
}
$sql = rtrim($sql, 'OR ');
$sql .= " )";
}
break;
}
$ticket = qa1($sql, false);
}
if ($full === 2) {
module_cache::put('ticket', $cache_key, $ticket, $cache_timeout);
return $ticket;
}
if (!$ticket) {
$customer_id = $website_id = 0;
$user_id = module_security::get_loggedin_id();
if (isset($_REQUEST['customer_id']) && $_REQUEST['customer_id']) {
//
$customer_id = (int) $_REQUEST['customer_id'];
$customer = module_customer::get_customer($customer_id);
if (!$customer || $customer['customer_id'] != $customer_id) {
$customer_id = 0;
} else {
$user_id = $customer['primary_user_id'];
}
// find default website id to use.
if (isset($_REQUEST['website_id'])) {
$website_id = (int) $_REQUEST['website_id'];
$website = module_website::get_website($website_id);
if (!$website || $website['website_id'] != $website_id || $website['customer_id'] != $customer_id) {
$website_id = 0;
}
} else {
$website_id = 0;
}
}
$position = self::ticket_position();
$ticket = array('ticket_id' => 'new', 'customer_id' => $customer_id, 'website_id' => $website_id, 'subject' => '', 'date_completed' => '', 'status_id' => _TICKET_STATUS_NEW_ID, 'user_id' => $user_id, 'assigned_user_id' => module_config::c('ticket_default_user_id', 1), 'ticket_account_id' => module_config::c('ticket_default_account_id', 0), 'last_message_timestamp' => 0, 'last_ticket_message_id' => 0, 'message_count' => 0, 'position' => $position['current'] + 1, 'priority' => 0, 'ticket_type_id' => module_config::c('ticket_type_id_default', 0), 'total_pending' => $position['total'] + 1, 'extra_data' => array(), 'invoice_id' => false, 'faq_product_id' => false);
} else {
// find the position of this ticket
// the position is determined by the number of pending tickets
// that have a last_message_timestamp earlier than this ticket.
$position = self::ticket_position($ticket_id);
$ticket['position'] = $position['current'];
$ticket['total_pending'] = $position['total'];
/*if($ticket['priority'] == _TICKET_PRIORITY_STATUS_ID){
$ticket['position'] = self::ticket_count('priority',$ticket['last_message_timestamp'],$ticket['ticket_id'],$ticket['priority']);
}else{
$ticket['position'] = self::ticket_count('pending',$ticket['last_message_timestamp'],$ticket['ticket_id'],$ticket['priority']);
}
$ticket['total_pending'] = self::ticket_count('pending');*/
$messages = self::get_ticket_messages($ticket_id, true);
//$ticket['message_count'] = count($messages);
$ticket['message_count'] = mysql_num_rows($messages);
//end($messages);
if ($ticket['message_count'] > 0) {
mysql_data_seek($messages, $ticket['message_count'] - 1);
}
//$last_message = current($messages);
$last_message = mysql_fetch_assoc($messages);
$ticket['last_ticket_message_id'] = $last_message['ticket_message_id'];
$ticket['last_message_was_private'] = isset($last_message['private_message']) && $last_message['private_message'];
// for passwords and website addresses..
$ticket['extra_data'] = self::get_ticket_extras($ticket_id);
// hook into the envato module.
// link any missing envato/faqproduct items together.
if (class_exists('module_envato', false) && isset($_REQUEST['faq_product_envato_hack']) && (!$ticket['faq_product_id'] || $ticket['faq_product_id'] == $_REQUEST['faq_product_envato_hack'])) {
$items = module_envato::get_items_by_ticket($ticket['ticket_id']);
foreach ($items as $envato_item_id => $item) {
//.........这里部分代码省略.........