Skip to content

Commit

Permalink
SinergiaCRM 1.7.1 Release merge
Browse files Browse the repository at this point in the history
  • Loading branch information
@PaulaaSTIC
PaulaaSTIC authored Oct 24, 2024
2 parents 616eb62 + b96498d commit aa2de58
Show file tree
Hide file tree
Showing 2 changed files with 60 additions and 43 deletions.
99 changes: 58 additions & 41 deletions SticInclude/SinergiaDA.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -602,11 +602,7 @@ public function createViews($callUpdateModel = true, $rebuildFilter = 'all')
case 'fullname':
case 'name':
case 'url':
case 'decimal':
case 'int':
case 'html':
case 'currency':
case 'float':
case 'user_name':
case 'ColorPicker':
case 'email':
Expand All @@ -625,6 +621,17 @@ public function createViews($callUpdateModel = true, $rebuildFilter = 'all')
}
break;

// Numeric types
case 'decimal':
case 'int':
case 'currency':
case 'float':
$fieldV['alias'] = $fieldV['name'];
// Numeric type columns are converted to decimal to ensure they remain in this type in the view,
// avoiding errors in min and max aggregations due to ordering
$fieldSrc = "CONVERT(IFNULL({$fieldPrefix}.{$fieldV['name']},''), decimal(10,4) ) AS {$fieldName}";
break;

default:
$this->info .= "<div class='error' style='color:red;'>ERROR: [FATAL: Unprocessed field type. {$fieldV['type']} | Módule: {$moduleName} - Field: {$fieldV['name']}] </div>";
$this->info .= "[FATAL: Unprocessed field type. {$fieldV['type']} | Módule: {$moduleName} - Field: {$fieldV['name']}]";
Expand Down Expand Up @@ -1295,16 +1302,15 @@ private function resetMetadataViews()

// 2) eda_def_groups
$sqlMetadata[] = "CREATE or REPLACE VIEW `sda_def_groups` AS
SELECT CONCAT('SDA_',name) as name FROM securitygroups WHERE deleted=0
SELECT CONCAT('SCRM_',name) as name FROM securitygroups WHERE deleted=0
UNION SELECT 'EDA_ADMIN'
UNION SELECT 'NO_SINERGIACRM_USERS'
;";
// 3) eda_def_users_groups
$sqlMetadata[] = "CREATE or REPLACE VIEW `sda_def_user_groups` AS
-- Normal users are assigned to their own security groups.
SELECT
user_name,
CONCAT('SDA_',s.name) as name
CONCAT('SCRM_',s.name) as name
FROM
users u
JOIN securitygroups_users su ON
Expand All @@ -1326,8 +1332,38 @@ private function resetMetadataViews()
WHERE
u.is_admin = 1
AND u.deleted = 0;";
// 4) eda_def_permissions

// 4) eda_def_security_group_records
$sqlMetadata[] = "CREATE or REPLACE VIEW `sda_def_permissions` AS
SELECT * from sda_def_permissions_actions p where p.stic_permission_source IN ('ACL_ALLOW_ALL', 'ACL_ALLOW_GROUP_priv','ACL_ALLOW_OWNER')
UNION
SELECT
sdug.user_name,
`group`,
`table`,
`column`,
`global`,
stic_permission_source
FROM
sda_def_permissions_actions p
JOIN sda_def_user_groups sdug ON
p.`group` = sdug.name
WHERE
p.stic_permission_source IN('ACL_ALLOW_GROUP') AND(
CONCAT(sdug.user_name, `table`) IN(
SELECT
CONCAT(p.user_name, `table`)
FROM
sda_def_permissions_actions p
WHERE
p.stic_permission_source = 'ACL_ALLOW_GROUP_priv'
)
)
GROUP BY
`group`,
`table`,
sdug.user_name;";
// 5) eda_def_security_group_records

// Set a switch to determine whether to populate the sda_def_security_group_records view based
// on the value of $sugar_config['stic_sinergiada']['group_permissions_enabled']
Expand All @@ -1341,7 +1377,7 @@ private function resetMetadataViews()
SELECT
CONCAT('{$this->viewPrefix}_', LCASE(module)) as `table`,
record_id,
CONCAT('SDA_',s.name) as `group`
CONCAT('SCRM_',s.name) as `group`
FROM
securitygroups_records sr
JOIN securitygroups s on sr.securitygroup_id=s.id
Expand Down Expand Up @@ -1427,8 +1463,8 @@ private function resetMetadataTables()
) ENGINE = MyISAM;';

// 5) eda_def_permissions
$sqlMetadata[] = 'DROP TABLE IF EXISTS `sda_def_permissions`';
$sqlMetadata[] = 'CREATE TABLE IF NOT EXISTS `sda_def_permissions` (
$sqlMetadata[] = 'DROP TABLE IF EXISTS `sda_def_permissions_actions`';
$sqlMetadata[] = 'CREATE TABLE IF NOT EXISTS `sda_def_permissions_actions` (
`user_name` VARCHAR(64) NOT NULL,
`group` VARCHAR(64) NOT NULL,
`table` VARCHAR(64) NOT NULL,
Expand Down Expand Up @@ -1703,7 +1739,7 @@ public function createMultiEnumJoinViews()
* This function retrieves the list of active users from the 'users' table, and for each user,
* it retrieves their ACL for the specified modules using the 'ACLAction::getUserActions' method.
* Then it processes the ACL for each module and saves metadata for the user's access level and source of access,
* such as 'ACL_ALLOW_GROUP' or 'ACL_ALLOW_OWNER' in the 'sda_def_permissions' table.
* such as 'ACL_ALLOW_GROUP' or 'ACL_ALLOW_OWNER' in the 'sda_def_permissions_actions' table.
* It also saves the user's access level for each module in the 'aclList' array.
*
* @return void
Expand Down Expand Up @@ -1746,16 +1782,8 @@ public function getAndSaveUserACL($modules)
$key = $key == 'CampaignLog' ? 'Campaign_Log' : $key;

$currentTable = $this->viewPrefix . '_' . strtolower($key);
if ($u['is_admin'] == 1) {
$userModuleAccessMode["{$aclSource}_{$u['user_name']}_{$currentTable}"] = [
'user_name' => $u['user_name'],
'table' => $currentTable,
'column' => 'users_id',
'stic_permission_source' => 'ACL_ALLOW_ALL',
'global' => 1,
];
} elseif ($value['module']['access']['aclaccess'] >= 0 && $value['module']['view']['aclaccess'] >= 0) {


if ($u['is_admin'] == 0 && $value['module']['access']['aclaccess'] >= 0 && $value['module']['view']['aclaccess'] >= 0) {
// Determine the metadata to be saved based on the type of permissions,
// first we'll add them to the $userModuleAccessMode array with a unique key to avoid duplicates
switch ($value['module']['view']['aclaccess']) {
Expand All @@ -1772,8 +1800,8 @@ public function getAndSaveUserACL($modules)
$userGroupsRes = $db->query("SELECT distinct(name) as 'group' FROM sda_def_user_groups ug WHERE user_name='{$u['user_name']}';");

while ($userGroups = $db->fetchByAssoc($userGroupsRes, false)) {
$crmGroupName = explode('SDA_', $userGroups['group'])[1];

$crmGroupName = explode('SCRM_', $userGroups['group'])[1];

// Verify whether or not the group or user has access to the module for their roles
$groupHasAccessToModule = groupHasAccess($crmGroupName, $u['id'], $key, 'view');
Expand All @@ -1793,10 +1821,10 @@ public function getAndSaveUserACL($modules)
// the user_name with the assigned_user_name field content in each module in which the user has group permission
$userModuleAccessMode["{$u['user_name']}_{$aclSource}_{$userGroups['group']}_private_{$currentTable}"] = [
'user_name' => $u['user_name'],
'group' => null,
'group' => $userGroups['group'],
'table' => $currentTable,
'column' => 'assigned_user_name',
'stic_permission_source' => "{$aclSource}_private",
'stic_permission_source' => "{$aclSource}_priv",
'global' => 0,
];
}
Expand Down Expand Up @@ -1836,7 +1864,7 @@ public function getAndSaveUserACL($modules)
// Add the permissions with the values determined in the previous switch case to the metadata table, based on the case.
foreach (array_unique($userModuleAccessMode, SORT_REGULAR) as $key => $value) {
$this->addMetadataRecord(
'sda_def_permissions',
'sda_def_permissions_actions',
[
'user_name' => $value['user_name'],
'group' => $value['group'],
Expand Down Expand Up @@ -1911,7 +1939,7 @@ public function checkSdaTablesInViews()
UNION SELECT `table`,'sda_def_tables', 'table' FROM sda_def_tables
UNION SELECT source_table,'sda_def_enumerations','source_table' FROM sda_def_enumerations
UNION SELECT master_table,'sda_def_enumerations', 'master_table' FROM sda_def_enumerations
UNION SELECT `table`, 'sda_def_permissions','table' FROM sda_def_permissions
UNION SELECT `table`, 'sda_def_permissions_actions','table' FROM sda_def_permissions_actions
UNION SELECT source_table,'sda_def_relationships','source_table' FROM sda_def_relationships
UNION SELECT target_table,'sda_def_relationships','target_table' FROM sda_def_relationships)
AS source WHERE (
Expand Down Expand Up @@ -1972,22 +2000,11 @@ function groupHasAccess($group_name, $userId, $category, $action, $type = 'modul
// Escape the group name to prevent SQL injection
$group_name = $db->quote($group_name);

// Get the group ID based on the name
$query = "SELECT id FROM securitygroups WHERE name = '$group_name' AND deleted = 0";
$result = $db->query($query);
$row = $db->fetchByAssoc($result);

if (empty($row)) {
return false; // The group doesn't exist
}

$group_id = $row['id'];

// Get the roles associated with this security group or user
$query = "SELECT role_id FROM (
SELECT role_id FROM securitygroups_acl_roles
WHERE securitygroup_id = '$group_id' AND deleted = 0
UNION SELECT role_id from acl_roles_users aru
WHERE securitygroup_id IN (SELECT DISTINCT securitygroup_id FROM securitygroups_users sgu WHERE sgu.user_id='$userId' AND sgu.deleted = false)
UNION SELECT role_id FROM acl_roles_users aru
WHERE aru.user_id='$userId' AND deleted=false ) m
LIMIT 1
";
Expand Down
4 changes: 2 additions & 2 deletions config.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -576,9 +576,9 @@

// STIC Custom 20231124 JBL - SemVer in SinergiaCRM
// STIC#1319
'sinergiacrm_version' => '1.7.0',
'sinergiacrm_version' => '1.7.1',
'js_custom_version' => 10,
'stic_show_update_alert' => 1,
'stic_show_update_alert' => 0,
// END STIC

// STIC-Custom 20240117 JCH - Security Groups Module Rules activation config
Expand Down

0 comments on commit aa2de58

Please sign in to comment.