activities_helper.php
1 year ago
agent_helper.php
1 year ago
auth_helper.php
1 year ago
blocks_helper.php
1 year ago
booking_helper.php
1 year ago
bricks_helper.php
1 year ago
bundles_helper.php
1 year ago
calendar_helper.php
1 year ago
carts_helper.php
1 year ago
connector_helper.php
1 year ago
csv_helper.php
1 year ago
customer_helper.php
1 year ago
database_helper.php
1 year ago
debug_helper.php
1 year ago
defaults_helper.php
1 year ago
elementor_helper.php
1 year ago
email_helper.php
1 year ago
encrypt_helper.php
1 year ago
events_helper.php
1 year ago
form_helper.php
1 year ago
icalendar_helper.php
1 year ago
image_helper.php
1 year ago
invoices_helper.php
1 year ago
license_helper.php
1 year ago
location_helper.php
1 year ago
marketing_systems_helper.php
1 year ago
meeting_systems_helper.php
1 year ago
menu_helper.php
1 year ago
meta_helper.php
1 year ago
migrations_helper.php
1 year ago
money_helper.php
1 year ago
notifications_helper.php
1 year ago
order_intent_helper.php
1 year ago
orders_helper.php
1 year ago
pages_helper.php
1 year ago
params_helper.php
1 year ago
payments_helper.php
1 year ago
price_breakdown_helper.php
1 year ago
process_jobs_helper.php
1 year ago
processes_helper.php
1 year ago
replacer_helper.php
1 year ago
resource_helper.php
1 year ago
roles_helper.php
1 year ago
router_helper.php
1 year ago
service_helper.php
1 year ago
sessions_helper.php
1 year ago
settings_helper.php
1 year ago
shortcodes_helper.php
1 year ago
sms_helper.php
1 year ago
steps_helper.php
1 year ago
stripe_connect_helper.php
1 year ago
styles_helper.php
1 year ago
support_topics_helper.php
1 year ago
time_helper.php
1 year ago
timeline_helper.php
1 year ago
transaction_intent_helper.php
1 year ago
util_helper.php
1 year ago
version_specific_updates_helper.php
1 year ago
whatsapp_helper.php
1 year ago
work_periods_helper.php
1 year ago
wp_datetime.php
1 year ago
wp_user_helper.php
1 year ago
roles_helper.php
461 lines
| 1 | <?php |
| 2 | /* |
| 3 | * Copyright (c) 2023 LatePoint LLC. All rights reserved. |
| 4 | */ |
| 5 | |
| 6 | class OsRolesHelper { |
| 7 | public static array $capabilities_for_controllers; |
| 8 | |
| 9 | public static function get_capabilities_for_all_controllers(){ |
| 10 | if(isset(self::$capabilities_for_controllers)) return self::$capabilities_for_controllers; |
| 11 | $capabilities = include(LATEPOINT_CONFIG_ABSPATH . 'capabilities_for_controllers.php'); |
| 12 | |
| 13 | /** |
| 14 | * Get array of capabilities for all controllers |
| 15 | * |
| 16 | * @since 4.7.0 |
| 17 | * @hook latepoint_capabilities_for_controllers |
| 18 | * |
| 19 | * @param {array} $capabilities array of controllers with their default and per action capablities |
| 20 | * @returns {array} The filtered array of controllers with capability information |
| 21 | */ |
| 22 | self::$capabilities_for_controllers = apply_filters('latepoint_capabilities_for_controllers', $capabilities); |
| 23 | return self::$capabilities_for_controllers; |
| 24 | } |
| 25 | |
| 26 | public static function build_capability_name_from_model_action(string $model_class, string $action): string{ |
| 27 | $capability_names_for_models = [ |
| 28 | 'OsActivityModel' => 'activity', |
| 29 | 'OsAgentModel' => 'agent', |
| 30 | 'OsAgentMetaModel' => 'agent', |
| 31 | 'OsOrderModel' => 'booking', |
| 32 | 'OsOrderIntentModel' => 'booking', |
| 33 | 'OsOrderMetaModel' => 'booking', |
| 34 | 'OsBookingModel' => 'booking', |
| 35 | 'OsBookingMetaModel' => 'booking', |
| 36 | 'OsConnectorModel' => 'connection', |
| 37 | 'OsCustomerModel' => 'customer', |
| 38 | 'OsCustomerMetaModel' => 'customer', |
| 39 | 'OsLocationModel' => 'location', |
| 40 | 'OsLocationCategoryModel' => 'location', |
| 41 | 'OsServiceModel' => 'service', |
| 42 | 'OsServiceExtraModel' => 'service', |
| 43 | 'OsServiceMetaModel' => 'service', |
| 44 | 'OsBundleModel' => 'bundle', |
| 45 | 'OsServiceCategoryModel' => 'service', |
| 46 | 'OsTransactionModel' => 'transaction', |
| 47 | 'OsInvoiceModel' => 'invoice', |
| 48 | 'OsProcessJobModel' => 'settings', |
| 49 | 'OsStepSettingsModel' => 'settings', |
| 50 | 'OsProcessModel' => 'settings', |
| 51 | 'OsSettingsModel' => 'settings', |
| 52 | 'OsWorkPeriodModel' => 'settings', |
| 53 | ]; |
| 54 | /** |
| 55 | * Get array of key => value connections between model name and capability name |
| 56 | * |
| 57 | * @since 4.7.0 |
| 58 | * @hook latepoint_capability_names_for_models |
| 59 | * |
| 60 | * @param {array} $capability_names_for_models array of key => value pairs of model name => capability name |
| 61 | * @returns {array} The filtered array of value pairs |
| 62 | */ |
| 63 | $capability_names_for_models = apply_filters('latepoint_capability_names_for_models', $capability_names_for_models); |
| 64 | if(isset($capability_names_for_models[$model_class])){ |
| 65 | $capability = $capability_names_for_models[$model_class].'__'.$action; |
| 66 | $all_actions = self::get_all_available_actions_list(); |
| 67 | if(in_array($capability, $all_actions)){ |
| 68 | return $capability; |
| 69 | }else{ |
| 70 | $capability = $capability_names_for_models[$model_class].'__edit'; |
| 71 | if(in_array($capability, $all_actions)) return $capability; |
| 72 | } |
| 73 | } |
| 74 | return ''; |
| 75 | } |
| 76 | |
| 77 | public static function can_user_make_action_on_model_record(OsModel $model, string $action){ |
| 78 | if(OsAuthHelper::get_current_user()->backend_user_type == LATEPOINT_USER_TYPE_ADMIN) return true; // admins are allowed to do everything |
| 79 | |
| 80 | // check if customer is logged in and tries to edit records that belong to them |
| 81 | if(OsAuthHelper::is_customer_logged_in()){ |
| 82 | // if it's customer - they can edit their customer record and also their bookings |
| 83 | if($model instanceof OsBookingModel && $model->customer_id == OsAuthHelper::get_logged_in_customer_id()){ |
| 84 | return true; |
| 85 | } |
| 86 | if($model instanceof OsCustomerModel && $model->id == OsAuthHelper::get_logged_in_customer_id()){ |
| 87 | return true; |
| 88 | } |
| 89 | } |
| 90 | // if customer is not logged in or logged in customer doesn't have rights to access this record, check if backend user has |
| 91 | if(self::can_user_perform_model_action(get_class($model), $action)){ |
| 92 | switch(get_class($model)){ |
| 93 | case 'OsBookingModel': |
| 94 | if(OsAuthHelper::get_current_user()->are_all_records_allowed('agent')) return true; |
| 95 | $allowed_ids = OsAuthHelper::get_current_user()->get_allowed_records('agent'); |
| 96 | if($allowed_ids && in_array($model->agent_id, $allowed_ids)) return true; |
| 97 | break; |
| 98 | case 'OsCustomerModel': |
| 99 | // check if this customer has any bookings with allowed agents |
| 100 | if(OsAuthHelper::get_current_user()->are_all_records_allowed('agent')) return true; |
| 101 | $allowed_ids = OsAuthHelper::get_current_user()->get_allowed_records('agent'); |
| 102 | $bookings = new OsBookingModel(); |
| 103 | if($allowed_ids){ |
| 104 | if($allowed_ids && in_array($model->agent_id, $allowed_ids)) return true; |
| 105 | $has_bookings_with_allowed_agents = $bookings->select('id')->where(['agent_id' => $allowed_ids, 'customer_id' => $model->id])->set_limit(1)->get_results(); |
| 106 | if(!empty($has_bookings_with_allowed_agents)){ |
| 107 | return true; |
| 108 | } |
| 109 | } |
| 110 | break; |
| 111 | } |
| 112 | } |
| 113 | return false; |
| 114 | } |
| 115 | |
| 116 | public static function can_user_perform_model_action(string $model_class, string $action): bool{ |
| 117 | $capability = self::build_capability_name_from_model_action($model_class, $action); |
| 118 | $can = !empty($capability) ? self::can_user($capability) : true; |
| 119 | return $can; |
| 120 | } |
| 121 | |
| 122 | /** |
| 123 | * |
| 124 | * Get capabilities required to access specific action of the controller |
| 125 | * |
| 126 | * @param string $controller_name class name of the controller |
| 127 | * @param string $action action name |
| 128 | * @return array |
| 129 | */ |
| 130 | public static function get_capabilities_required_for_controller_action(string $controller_name, string $action): array{ |
| 131 | $required_capabilities = ['settings__edit']; // default capabilities, if not set on controller/action level |
| 132 | |
| 133 | $capabilities_for_controllers = self::get_capabilities_for_all_controllers(); |
| 134 | |
| 135 | if(isset($capabilities_for_controllers[$controller_name])){ |
| 136 | // try to get capabilities that are specific for action, if not get default for controller |
| 137 | if(isset($capabilities_for_controllers[$controller_name]['per_action'][$action])){ |
| 138 | $required_capabilities = $capabilities_for_controllers[$controller_name]['per_action'][$action]; |
| 139 | }elseif(isset($capabilities_for_controllers[$controller_name]['default'])){ |
| 140 | $required_capabilities = $capabilities_for_controllers[$controller_name]['default']; |
| 141 | } |
| 142 | } |
| 143 | /** |
| 144 | * Get array of capabilities required to access controller's action |
| 145 | * |
| 146 | * @since 4.7.0 |
| 147 | * @hook latepoint_get_capabilities_for_controller_action |
| 148 | * |
| 149 | * @param {array} $required_capabilities array of required capabilities |
| 150 | * @returns {array} The filtered array of required capabilities |
| 151 | */ |
| 152 | return apply_filters('latepoint_get_capabilities_for_controller_action', $required_capabilities, $controller_name, $action); |
| 153 | } |
| 154 | |
| 155 | public static function save_capabilities_list_for_agent_role(array $capabilities){ |
| 156 | return OsSettingsHelper::save_setting_by_name('agent_role_capabilities', wp_json_encode($capabilities)); |
| 157 | } |
| 158 | |
| 159 | public static function get_capabilities_list_for_agent_role(){ |
| 160 | $capabilities = json_decode(OsSettingsHelper::get_settings_value('agent_role_capabilities', ''), true); |
| 161 | if(empty($capabilities)) $capabilities = self::get_default_capabilities_list_for_agent_role(); |
| 162 | /** |
| 163 | * Get array of permitted actions for agent role |
| 164 | * |
| 165 | * @since 4.7.0 |
| 166 | * @hook latepoint_get_capabilities_list_for_agent_role |
| 167 | * |
| 168 | * @param {array} $capabilities array of actions permitted to admin user type |
| 169 | * @returns {array} The filtered array of permitted actions |
| 170 | */ |
| 171 | return apply_filters('latepoint_get_capabilities_list_for_agent_role', $capabilities); |
| 172 | } |
| 173 | |
| 174 | |
| 175 | public static function get_all_available_actions_list_grouped(){ |
| 176 | $actions = self::get_all_available_actions_list(); |
| 177 | $groups = []; |
| 178 | foreach($actions as $action){ |
| 179 | $object = explode('__', $action); |
| 180 | $groups[$object[0]][] = $object[1]; |
| 181 | } |
| 182 | return $groups; |
| 183 | } |
| 184 | |
| 185 | public static function save_from_params(array $role_params){ |
| 186 | $role = \LatePoint\Misc\Role::generate_from_params($role_params); |
| 187 | if(empty($role->wp_role)) return new WP_Error('invalid_wp_role', __('WP Role invalid', 'latepoint')); |
| 188 | switch($role->user_type){ |
| 189 | case LATEPOINT_USER_TYPE_AGENT: |
| 190 | if(self::save_capabilities_list_for_agent_role($role->get_capabilities())){ |
| 191 | return true; |
| 192 | }else{ |
| 193 | return new WP_Error('error_saving_role', __('WP Agent role can not be saved', 'latepoint')); |
| 194 | } |
| 195 | break; |
| 196 | case LATEPOINT_USER_TYPE_CUSTOM: |
| 197 | $roles = self::get_custom_roles(); |
| 198 | $roles[$role->wp_role] = $role->as_array_to_save(); |
| 199 | if(OsSettingsHelper::save_setting_by_name('custom_roles', wp_json_encode($roles))){ |
| 200 | // register in WP (it's ok to register it on every save, we remove it first and then add, to make sure display name is updated) |
| 201 | $role->register_in_wp(); |
| 202 | return true; |
| 203 | }else{ |
| 204 | return new WP_Error('error_saving_role', __('WP Role can not be saved', 'latepoint')); |
| 205 | } |
| 206 | break; |
| 207 | default: |
| 208 | return new WP_Error('invalid_role_type', __('Invalid role type', 'latepoint')); |
| 209 | break; |
| 210 | } |
| 211 | } |
| 212 | |
| 213 | public static function register_roles_in_wp(){ |
| 214 | // Register Agent Role |
| 215 | $role = \LatePoint\Misc\Role::get_from_wp_role(LATEPOINT_WP_AGENT_ROLE); |
| 216 | $role->register_in_wp(); |
| 217 | |
| 218 | // Register Custom Roles |
| 219 | $custom_roles = self::get_custom_roles(true); |
| 220 | if($custom_roles){ |
| 221 | foreach($custom_roles as $custom_role){ |
| 222 | $custom_role->register_in_wp(); |
| 223 | } |
| 224 | } |
| 225 | } |
| 226 | |
| 227 | public static function get_model_types_for_allowed_records(){ |
| 228 | return ['agent', 'service', 'location']; |
| 229 | } |
| 230 | |
| 231 | |
| 232 | public static function generate_role_id(){ |
| 233 | return 'role_'.OsUtilHelper::random_text('alnum', 8); |
| 234 | } |
| 235 | |
| 236 | public static function get_custom_roles($as_objects = false): array{ |
| 237 | $roles = json_decode(\OsSettingsHelper::get_settings_value('custom_roles', ''), true) ?? []; |
| 238 | if($as_objects){ |
| 239 | $roles_objects = []; |
| 240 | foreach($roles as $role_params){ |
| 241 | $roles_objects[$role_params['wp_role']] = \LatePoint\Misc\Role::generate_from_params($role_params); |
| 242 | } |
| 243 | return $roles_objects; |
| 244 | }else{ |
| 245 | return $roles; |
| 246 | } |
| 247 | } |
| 248 | |
| 249 | public static function save_custom_roles(array $roles){ |
| 250 | return \OsSettingsHelper::save_setting_by_name('custom_roles', wp_json_encode($roles)); |
| 251 | } |
| 252 | |
| 253 | public static function delete(string $wp_role): bool{ |
| 254 | // can't delete default roles (admin and agent) |
| 255 | if(in_array($wp_role, [LATEPOINT_WP_ADMIN_ROLE, LATEPOINT_WP_AGENT_ROLE])) return false; |
| 256 | // get all custom roles to make sure the one that needs to be deleted is custom role |
| 257 | $custom_roles = self::get_custom_roles(); |
| 258 | if(isset($custom_roles[$wp_role])){ |
| 259 | unset($custom_roles[$wp_role]); |
| 260 | self::save_custom_roles($custom_roles); |
| 261 | remove_role($wp_role); |
| 262 | } |
| 263 | return true; |
| 264 | } |
| 265 | |
| 266 | public static function get_default_roles(): array{ |
| 267 | $roles = []; |
| 268 | |
| 269 | $roles[] = new \LatePoint\Misc\Role(LATEPOINT_USER_TYPE_ADMIN); |
| 270 | $roles[] = new \LatePoint\Misc\Role(LATEPOINT_USER_TYPE_AGENT); |
| 271 | |
| 272 | return $roles; |
| 273 | } |
| 274 | |
| 275 | public static function description_for_action($action_code){ |
| 276 | $action_descriptions = [ |
| 277 | 'resource_schedule' => __('Edit custom schedule of individual agent, location or service.', 'latepoint'), |
| 278 | 'settings' => __('Access to all settings pages, including general schedule and booking steps.', 'latepoint'), |
| 279 | 'connection' => __('Ability to connect agents to services and locations.', 'latepoint'), |
| 280 | 'chat' => __('Ability to send messages to customers (available with chat addon).', 'latepoint'), |
| 281 | ]; |
| 282 | |
| 283 | /** |
| 284 | * List of detailed descriptions for available actions |
| 285 | * |
| 286 | * @since 4.7.2 |
| 287 | * @hook latepoint_roles_action_descriptions |
| 288 | * |
| 289 | * @param {array} $action_descriptions Array of descriptions for available actions |
| 290 | * @param {string} $action_code Programmatic code of the action being filtered |
| 291 | * @returns {array} The filtered array of action descriptions |
| 292 | */ |
| 293 | $action_descriptions = apply_filters('latepoint_roles_action_descriptions', $action_descriptions, $action_code); |
| 294 | return $action_descriptions[$action_code] ?? ''; |
| 295 | } |
| 296 | |
| 297 | public static function name_for_action($action_code){ |
| 298 | $action_names = [ |
| 299 | 'chat' => __('Chat', 'latepoint'), |
| 300 | 'activity' => __('Activity Logs', 'latepoint'), |
| 301 | 'agent' => __('Agents', 'latepoint'), |
| 302 | 'service' => __('Services', 'latepoint'), |
| 303 | 'bundle' => __('Bundle', 'latepoint'), |
| 304 | 'location' => __('Locations', 'latepoint'), |
| 305 | 'booking' => __('Bookings & Orders', 'latepoint'), |
| 306 | 'customer' => __('Customers', 'latepoint'), |
| 307 | 'transaction' => __('Payments', 'latepoint'), |
| 308 | 'invoice' => __('Invoice', 'latepoint'), |
| 309 | 'order' => __('Order', 'latepoint'), |
| 310 | 'resource_schedule' => __('Resource Schedules', 'latepoint'), |
| 311 | 'settings' => __('Settings', 'latepoint'), |
| 312 | 'connection' => __('Connections', 'latepoint'), |
| 313 | 'edit' => __('Edit', 'latepoint'), |
| 314 | 'delete' => __('Delete', 'latepoint'), |
| 315 | 'view' => __('View', 'latepoint'), |
| 316 | 'create' => __('Create', 'latepoint'), |
| 317 | ]; |
| 318 | |
| 319 | /** |
| 320 | * List of human-friendly names for available actions |
| 321 | * |
| 322 | * @since 4.7.2 |
| 323 | * @hook latepoint_roles_action_names |
| 324 | * |
| 325 | * @param {array} $action_names Array of names for available actions |
| 326 | * @param {string} $action_code Programmatic code of the action being filtered |
| 327 | * @returns {array} The filtered array of action names |
| 328 | */ |
| 329 | $action_names = apply_filters('latepoint_roles_action_names', $action_names, $action_code); |
| 330 | return $action_names[$action_code] ?? $action_code; |
| 331 | } |
| 332 | |
| 333 | public static function get_default_capabilities_list_for_agent_role(){ |
| 334 | $capabilities = [ |
| 335 | 'agent__view', 'agent__edit' , |
| 336 | 'booking__view', 'booking__delete' ,'booking__create', 'booking__edit', |
| 337 | 'customer__view', 'customer__delete' ,'customer__create', 'customer__edit', |
| 338 | 'transaction__view', 'transaction__delete' ,'transaction__create', 'transaction__edit', |
| 339 | 'invoice__view', 'invoice__delete' ,'invoice__create', 'invoice__edit', |
| 340 | 'activity__view', 'activity__delete' ,'activity__create', 'activity__edit', |
| 341 | 'chat__edit', 'resource_schedule__edit' |
| 342 | ]; |
| 343 | |
| 344 | /** |
| 345 | * Default list of permitted actions available for agent user type |
| 346 | * |
| 347 | * @since 4.7.0 |
| 348 | * @hook latepoint_roles_get_default_capabilities_list_for_agent_role |
| 349 | * |
| 350 | * @param {array} $capabilities array of permitted actions available to agent user type by default |
| 351 | * @returns {array} The filtered array of permitted actions |
| 352 | */ |
| 353 | return apply_filters('latepoint_roles_get_default_capabilities_list_for_agent_role', $capabilities); |
| 354 | } |
| 355 | |
| 356 | public static function get_all_available_actions_list(){ |
| 357 | $actions = [ |
| 358 | 'agent__view', 'agent__delete' ,'agent__create', 'agent__edit' , |
| 359 | 'service__view', 'service__delete' ,'service__create', 'service__edit' , |
| 360 | 'bundle__view', 'bundle__delete' ,'bundle__create', 'bundle__edit' , |
| 361 | 'location__view', 'location__delete' ,'location__create', 'location__edit' , |
| 362 | 'booking__view', 'booking__delete' ,'booking__create', 'booking__edit' , |
| 363 | 'customer__view', 'customer__delete' ,'customer__create', 'customer__edit' , |
| 364 | 'transaction__view', 'transaction__delete' ,'transaction__create', 'transaction__edit' , |
| 365 | 'invoice__view', 'invoice__delete' ,'invoice__create', 'invoice__edit' , |
| 366 | 'activity__view', 'activity__delete' ,'activity__create', 'activity__edit' , |
| 367 | 'chat__edit', 'resource_schedule__edit', 'settings__edit', 'connection__edit' |
| 368 | ]; |
| 369 | |
| 370 | /** |
| 371 | * All available actions to be attached to a user role |
| 372 | * |
| 373 | * @since 4.7.0 |
| 374 | * @hook latepoint_roles_get_all_available_actions_list |
| 375 | * |
| 376 | * @param {array} $actions array of actions that can be attached to a user role |
| 377 | * @returns {array} The filtered array of actions |
| 378 | */ |
| 379 | return apply_filters('latepoint_roles_get_all_available_actions_list', $actions); |
| 380 | } |
| 381 | |
| 382 | /** |
| 383 | * @param \LatePoint\Misc\Role $role |
| 384 | * @return \LatePoint\Misc\User[] |
| 385 | */ |
| 386 | public static function get_users_for_role(\LatePoint\Misc\Role $role): array{ |
| 387 | $users = []; |
| 388 | $wp_users = []; |
| 389 | switch($role->user_type){ |
| 390 | case LATEPOINT_USER_TYPE_ADMIN: |
| 391 | $wp_users = get_users(['role__in' => LATEPOINT_WP_ADMIN_ROLE]); |
| 392 | break; |
| 393 | case LATEPOINT_USER_TYPE_AGENT: |
| 394 | $wp_users = get_users(['role' => LATEPOINT_WP_AGENT_ROLE]); |
| 395 | break; |
| 396 | case LATEPOINT_USER_TYPE_CUSTOM: |
| 397 | if($role->wp_role) $wp_users = get_users(['role' => $role->wp_role]); |
| 398 | break; |
| 399 | } |
| 400 | foreach($wp_users as $wp_user){ |
| 401 | $users[] = \LatePoint\Misc\User::load_from_wp_user($wp_user); |
| 402 | } |
| 403 | return $users; |
| 404 | } |
| 405 | |
| 406 | public static function get_user_roles($user): array { |
| 407 | return []; |
| 408 | } |
| 409 | |
| 410 | /** |
| 411 | * Checks if currently logged in user has certain capabilities |
| 412 | * |
| 413 | * @param array|string $capabilities array or string of capabilities that you want to check if logged in user has or not |
| 414 | * @return bool |
| 415 | */ |
| 416 | public static function can_user($capabilities) :bool{ |
| 417 | if (OsAuthHelper::get_current_user()) { |
| 418 | return OsAuthHelper::get_current_user()->has_capability( $capabilities ); |
| 419 | } |
| 420 | |
| 421 | return false; |
| 422 | } |
| 423 | |
| 424 | public static function get_allowed_records(string $model_type, $load_from_db = false){ |
| 425 | return OsAuthHelper::get_current_user()->get_allowed_records($model_type, $load_from_db); |
| 426 | } |
| 427 | |
| 428 | public static function are_all_records_allowed(string $model_type = '', $load_from_db = false): bool{ |
| 429 | return OsAuthHelper::get_current_user()->are_all_records_allowed($model_type, $load_from_db); |
| 430 | } |
| 431 | |
| 432 | /* |
| 433 | * Pass filter object or an array of arguments for a query to be filtered based on what logged in user is allowed to access |
| 434 | */ |
| 435 | public static function filter_allowed_records_from_arguments_or_filter($args_or_filter){ |
| 436 | $model_types = ['agent', 'location', 'service']; |
| 437 | foreach($model_types as $model_type){ |
| 438 | if(!OsAuthHelper::get_current_user()->are_all_records_allowed($model_type)){ |
| 439 | $prop = $model_type.'_id'; |
| 440 | |
| 441 | // get value that needs to be filtered by allowed records |
| 442 | $value = ($args_or_filter instanceof \LatePoint\Misc\Filter) ? $args_or_filter->$prop ?? [] : $args_or_filter[$prop] ?? []; |
| 443 | |
| 444 | if(empty($value)){ |
| 445 | // no value is set - limit it to allowed records |
| 446 | $value = OsAuthHelper::get_current_user()->get_allowed_records($model_type); |
| 447 | }else{ |
| 448 | // value is set - make sure it's in the allowed records list, if not - set to allowed records |
| 449 | $allowed_from_set = array_intersect(is_array($value) ? $value : [$value], OsAuthHelper::get_current_user()->get_allowed_records($model_type)); |
| 450 | $value = empty($allowed_from_set) ? OsAuthHelper::get_current_user()->get_allowed_records($model_type) : $allowed_from_set; |
| 451 | } |
| 452 | if($args_or_filter instanceof \LatePoint\Misc\Filter){ |
| 453 | $args_or_filter->$prop = $value; |
| 454 | }elseif(is_array($args_or_filter)){ |
| 455 | $args_or_filter[$prop] = $value; |
| 456 | } |
| 457 | } |
| 458 | } |
| 459 | return $args_or_filter; |
| 460 | } |
| 461 | } |