diff --git a/include/QueryGenerator/EnhancedQueryGenerator.php b/include/QueryGenerator/EnhancedQueryGenerator.php
index d3d067ee547f2dfc98c786b156878123d43b427f..a9f8c3f9ba065812ef54467403cc216fca2c8499 100644
--- a/include/QueryGenerator/EnhancedQueryGenerator.php
+++ b/include/QueryGenerator/EnhancedQueryGenerator.php
@@ -829,6 +829,20 @@ class EnhancedQueryGenerator extends QueryGenerator {
$fieldSqlList[$index] = $fieldSql;
}
+ $currentUserModel = Users_Record_Model::getCurrentUserModel();
+ if(($baseModule == 'Calendar' || $baseModule == 'Events') && !$currentUserModel->isAdminUser()) {
+ $moduleFocus = CRMEntity::getInstance('Calendar');
+ $condition = $moduleFocus->buildWhereClauseConditionForCalendar();
+
+ if($condition) {
+ if($this->conditionInstanceCount > 0) {
+ $sql .= $condition.' AND ';
+ }else {
+ $sql .= ' AND '.$condition;
+ }
+ }
+ }
+
// This is needed as there can be condition in different order and there is an assumption in makeGroupSqlReplacements API
// that it expects the array in an order and then replaces the sql with its the corresponding place
ksort($fieldSqlList);
diff --git a/include/QueryGenerator/QueryGenerator.php b/include/QueryGenerator/QueryGenerator.php
index 737cafabe6a2dd304215bebdf544a368ca4feffa..c548e93969e119863fd0b3a9c2d1a6de8d43d219 100644
--- a/include/QueryGenerator/QueryGenerator.php
+++ b/include/QueryGenerator/QueryGenerator.php
@@ -919,6 +919,20 @@ class QueryGenerator {
$fieldSqlList[$index] = $fieldSql;
}
}
+
+ $currentUserModel = Users_Record_Model::getCurrentUserModel();
+ if(($baseModule == 'Calendar' || $baseModule == 'Events') && !$currentUserModel->isAdminUser()) {
+ $moduleFocus = CRMEntity::getInstance('Calendar');
+ $condition = $moduleFocus->buildWhereClauseConditionForCalendar();
+ if ($condition) {
+ if ($this->conditionInstanceCount > 0) {
+ $sql .= $condition . ' AND ';
+ } else {
+ $sql .= ' AND ' . $condition;
+ }
+ }
+ }
+
// This is needed as there can be condition in different order and there is an assumption in makeGroupSqlReplacements API
// that it expects the array in an order and then replaces the sql with its the corresponding place
ksort($fieldSqlList);
diff --git a/modules/Accounts/models/Module.php b/modules/Accounts/models/Module.php
index bced04aa49c9d53b095d8c479517d9c0ce4a8f06..853d5e5fca447bfd61dbd7970210ba346ba98ed1 100644
--- a/modules/Accounts/models/Module.php
+++ b/modules/Accounts/models/Module.php
@@ -110,6 +110,14 @@ class Accounts_Module_Model extends Vtiger_Module_Model {
$nonAdminQuery = $this->getNonAdminAccessControlQueryForRelation($relatedModuleName);
if ($nonAdminQuery) {
$query = appendFromClauseToQuery($query, $nonAdminQuery);
+
+ if(trim($nonAdminQuery)) {
+ $relModuleFocus = CRMEntity::getInstance($relatedModuleName);
+ $condition = $relModuleFocus->buildWhereClauseConditionForCalendar();
+ if($condition) {
+ $query .= ' AND '.$condition;
+ }
+ }
}
// There could be more than one contact for an activity.
@@ -162,6 +170,14 @@ class Accounts_Module_Model extends Vtiger_Module_Model {
AND (vtiger_activity.status is NULL OR vtiger_activity.status NOT IN ('Completed', 'Deferred', 'Cancelled'))
AND (vtiger_activity.eventstatus is NULL OR vtiger_activity.eventstatus NOT IN ('Held', 'Cancelled'))";
+ if(!$currentUser->isAdminUser()) {
+ $moduleFocus = CRMEntity::getInstance('Calendar');
+ $condition = $moduleFocus->buildWhereClauseConditionForCalendar();
+ if($condition) {
+ $query .= ' AND '.$condition;
+ }
+ }
+
if ($mode === 'upcoming') {
$query .= " AND CASE WHEN vtiger_activity.activitytype='Task' THEN due_date >= '$currentDate' ELSE CONCAT(due_date,' ',time_end) >= '$nowInDBFormat' END";
} elseif ($mode === 'overdue') {
diff --git a/modules/Calendar/Activity.php b/modules/Calendar/Activity.php
index b384cfcd944984afdb3340b61ede59e4a60539d1..545cda9389e9853eaa715e8fb60857e3c6bc1d76 100644
--- a/modules/Calendar/Activity.php
+++ b/modules/Calendar/Activity.php
@@ -1052,21 +1052,22 @@ function insertIntoRecurringTable(& $recurObj)
$query = ' ';
$tabId = getTabid($module);
if($is_admin==false && $profileGlobalPermission[1] == 1 && $profileGlobalPermission[2]
- == 1 && $defaultOrgSharingPermission[$tabId] == 3) {
- $tableName = 'vt_tmp_u'.$user->id.'_t'.$tabId;
- $sharingRuleInfoVariable = $module.'_share_read_permission';
- $sharingRuleInfo = $$sharingRuleInfoVariable;
+ == 1) {
$sharedTabId = null;
- $this->setupTemporaryTable($tableName, $sharedTabId, $user,
- $current_user_parent_role_seq, $current_user_groups);
-
- $sharedUsers = $this->getListViewAccessibleUsers($user->id);
- // we need to include group id's in $sharedUsers list to get the current user's group records
- if($current_user_groups){
- $sharedUsers = $sharedUsers.','. implode(',',$current_user_groups);
- }
- $query = " INNER JOIN $tableName $tableName$scope ON ($tableName$scope.id = ".
- "vtiger_crmentity$scope.smownerid and $tableName$scope.shared=0 and $tableName$scope.id IN ($sharedUsers)) ";
+ //For Events
+ $tableName = 'vt_tmp_u'.$user->id.'_t'.$tabId.'_events';
+ $this->setupTemporaryTableForEvents($tableName, $sharedTabId, $user,
+ $current_user_parent_role_seq, $current_user_groups);
+ $query = " LEFT JOIN $tableName $tableName$scope ON ($tableName$scope.id = ".
+ "vtiger_crmentity$scope.smownerid AND vtiger_activity.activitytype NOT IN ('Emails', 'Task')) ";
+
+ //For Task
+ $task_tableName = 'vt_tmp_u'.$user->id.'_t'.$tabId.'_task';
+ $this->setupTemporaryTableForTask($task_tableName, $tabId, $user,
+ $current_user_parent_role_seq, $current_user_groups, $defaultOrgSharingPermission[$tabId]);
+
+ $query .= " LEFT JOIN $task_tableName $task_tableName$scope ON ($task_tableName$scope.id = ".
+ "vtiger_crmentity$scope.smownerid AND vtiger_activity.activitytype = 'Task') ";
}
return $query;
}
@@ -1087,7 +1088,7 @@ function insertIntoRecurringTable(& $recurObj)
return $query;
}
- protected function setupTemporaryTable($tableName, $tabId, $user, $parentRole, $userGroups) {
+ protected function setupTemporaryTableForEvents($tableName, $tabId, $user, $parentRole, $userGroups) {
$module = null;
if (!empty($tabId)) {
$module = getTabname($tabId);
@@ -1113,6 +1114,26 @@ function insertIntoRecurringTable(& $recurObj)
return false;
}
+ protected function setupTemporaryTableForTask($tableName, $tabId, $user, $parentRole, $userGroups, $sharingPermission) {
+ $module = null;
+ if (!empty($tabId)) {
+ $module = getTabname($tabId);
+ }
+
+ if($sharingPermission == 3) {
+ $query = $this->getNonAdminAccessQuery($module, $user, $parentRole, $userGroups);
+ } else {
+ $query = " (SELECT $user->id as id) UNION (SELECT id FROM vtiger_users "
+ . "WHERE vtiger_users.deleted=0 AND vtiger_users.status='Active') "
+ . "UNION (SELECT groupid FROM vtiger_groups)";
+ }
+
+ $query = "CREATE TEMPORARY TABLE IF NOT EXISTS $tableName(id INT(11) PRIMARY KEY, shared ".
+ "int(1) DEFAULT 0) IGNORE ".$query;
+ $db = PearDatabase::getInstance();
+ $db->pquery($query, array());
+ }
+
protected function getListViewAccessibleUsers($sharedid) {
$db = PearDatabase::getInstance();;
$query = "SELECT vtiger_users.id as userid FROM vtiger_sharedcalendar
@@ -1131,5 +1152,19 @@ function insertIntoRecurringTable(& $recurObj)
$shared_ids = implode(",",$userid);
return $shared_ids;
}
+
+ public function buildWhereClauseConditionForCalendar($scope = '') {
+ $userModel = Users_Record_Model::getCurrentUserModel();
+ require('user_privileges/user_privileges_'.$userModel->id.'.php');
+
+ $query = "";
+ if($profileGlobalPermission[1] == 1 && $profileGlobalPermission[2] == 1) {
+ $tabId = getTabid("Calendar");
+ $eventTempTable = 'vt_tmp_u'.$userModel->id.'_t'.$tabId.'_events'.$scope;
+ $taskTempTable = 'vt_tmp_u'.$userModel->id.'_t'.$tabId.'_task'.$scope;
+ $query = " ($eventTempTable.shared IS NOT NULL OR $taskTempTable.shared IS NOT NULL) ";
+ }
+ return $query;
+ }
}
?>
diff --git a/modules/Contacts/models/Module.php b/modules/Contacts/models/Module.php
index 7d492ec7a3f1b05683be0e548da7af898cf22dc2..5817ded3164010f20c21ff5a49633eff213f6fa0 100644
--- a/modules/Contacts/models/Module.php
+++ b/modules/Contacts/models/Module.php
@@ -65,6 +65,14 @@ class Contacts_Module_Model extends Vtiger_Module_Model {
AND (vtiger_activity.status is NULL OR vtiger_activity.status NOT IN ('Completed', 'Deferred'))
AND (vtiger_activity.eventstatus is NULL OR vtiger_activity.eventstatus NOT IN ('Held'))";
+ if(!$currentUser->isAdminUser()) {
+ $moduleFocus = CRMEntity::getInstance('Calendar');
+ $condition = $moduleFocus->buildWhereClauseConditionForCalendar();
+ if($condition) {
+ $query .= ' AND '.$condition;
+ }
+ }
+
if ($recordId) {
$query .= " AND vtiger_cntactivityrel.contactid = ?";
} elseif ($mode === 'upcoming') {
@@ -251,6 +259,14 @@ class Contacts_Module_Model extends Vtiger_Module_Model {
$nonAdminQuery = $this->getNonAdminAccessControlQueryForRelation($relatedModuleName);
if ($nonAdminQuery) {
$query = appendFromClauseToQuery($query, $nonAdminQuery);
+
+ if(trim($nonAdminQuery)) {
+ $relModuleFocus = CRMEntity::getInstance($relatedModuleName);
+ $condition = $relModuleFocus->buildWhereClauseConditionForCalendar();
+ if($condition) {
+ $query .= ' AND '.$condition;
+ }
+ }
}
} else {
$query = parent::getRelationQuery($recordId, $functionName, $relatedModule, $relationId);
diff --git a/modules/HelpDesk/models/Module.php b/modules/HelpDesk/models/Module.php
index 5426fb6e1a2f4cab85667e42b0efc4c30a9bb510..7f82378012e17cef4242631fc027c3b3a5d1e8d5 100644
--- a/modules/HelpDesk/models/Module.php
+++ b/modules/HelpDesk/models/Module.php
@@ -164,6 +164,14 @@ class HelpDesk_Module_Model extends Vtiger_Module_Model {
$nonAdminQuery = $this->getNonAdminAccessControlQueryForRelation($relatedModuleName);
if ($nonAdminQuery) {
$query = appendFromClauseToQuery($query, $nonAdminQuery);
+
+ if(trim($nonAdminQuery)) {
+ $relModuleFocus = CRMEntity::getInstance($relatedModuleName);
+ $condition = $relModuleFocus->buildWhereClauseConditionForCalendar();
+ if($condition) {
+ $query .= ' AND '.$condition;
+ }
+ }
}
} else {
$query = parent::getRelationQuery($recordId, $functionName, $relatedModule, $relationId);
diff --git a/modules/Home/models/Module.php b/modules/Home/models/Module.php
index 2bea4aa117b1c703f219dbf3bc019341347d4c2e..f2fa1265ac9268443ec8b952aa0e7ff24c4a3225 100644
--- a/modules/Home/models/Module.php
+++ b/modules/Home/models/Module.php
@@ -198,6 +198,14 @@ class Home_Module_Model extends Vtiger_Module_Model {
AND (vtiger_activity.status is NULL OR vtiger_activity.status NOT IN ('Completed', 'Deferred', 'Cancelled'))
AND (vtiger_activity.eventstatus is NULL OR vtiger_activity.eventstatus NOT IN ('Held', 'Cancelled'))";
+ if(!$currentUser->isAdminUser()) {
+ $moduleFocus = CRMEntity::getInstance('Calendar');
+ $condition = $moduleFocus->buildWhereClauseConditionForCalendar();
+ if($condition) {
+ $query .= ' AND '.$condition;
+ }
+ }
+
if ($mode === 'upcoming') {
$query .= " AND CASE WHEN vtiger_activity.activitytype='Task' THEN due_date >= '$currentDate' ELSE CONCAT(due_date,' ',time_end) >= '$nowInDBFormat' END";
} elseif ($mode === 'overdue') {
diff --git a/modules/Inventory/models/Module.php b/modules/Inventory/models/Module.php
index 991e5d59f7166ee4b0c47f2992bc281966464427..5e917570b28392359fca1fb0b89de7c303a22c49 100644
--- a/modules/Inventory/models/Module.php
+++ b/modules/Inventory/models/Module.php
@@ -84,6 +84,14 @@ class Inventory_Module_Model extends Vtiger_Module_Model {
$nonAdminQuery = $this->getNonAdminAccessControlQueryForRelation($relatedModuleName);
if ($nonAdminQuery) {
$query = appendFromClauseToQuery($query, $nonAdminQuery);
+
+ if(trim($nonAdminQuery)) {
+ $relModuleFocus = CRMEntity::getInstance($relatedModuleName);
+ $condition = $relModuleFocus->buildWhereClauseConditionForCalendar();
+ if($condition) {
+ $query .= ' AND '.$condition;
+ }
+ }
}
} else {
$query = parent::getRelationQuery($recordId, $functionName, $relatedModule, $relationId);
diff --git a/modules/Leads/models/Module.php b/modules/Leads/models/Module.php
index 94289dad9eea3bf471158dc622a9243502553528..2f3126412e0792089babc7304bcb6c1a28026ee7 100644
--- a/modules/Leads/models/Module.php
+++ b/modules/Leads/models/Module.php
@@ -297,6 +297,14 @@ class Leads_Module_Model extends Vtiger_Module_Model {
$nonAdminQuery = $this->getNonAdminAccessControlQueryForRelation($relatedModuleName);
if ($nonAdminQuery) {
$query = appendFromClauseToQuery($query, $nonAdminQuery);
+
+ if(trim($nonAdminQuery)) {
+ $relModuleFocus = CRMEntity::getInstance($relatedModuleName);
+ $condition = $relModuleFocus->buildWhereClauseConditionForCalendar();
+ if($condition) {
+ $query .= ' AND '.$condition;
+ }
+ }
}
} else {
$query = parent::getRelationQuery($recordId, $functionName, $relatedModule, $relationId);
diff --git a/modules/Potentials/models/Module.php b/modules/Potentials/models/Module.php
index 1e7782f48bcf9e9296754e9b8de20d877a5cf2f1..9ea4f242bc3a1335bf6d010698e5b00f5f148f77 100644
--- a/modules/Potentials/models/Module.php
+++ b/modules/Potentials/models/Module.php
@@ -278,6 +278,14 @@ class Potentials_Module_Model extends Vtiger_Module_Model {
$nonAdminQuery = $this->getNonAdminAccessControlQueryForRelation($relatedModuleName);
if ($nonAdminQuery) {
$query = appendFromClauseToQuery($query, $nonAdminQuery);
+
+ if(trim($nonAdminQuery)) {
+ $relModuleFocus = CRMEntity::getInstance($relatedModuleName);
+ $condition = $relModuleFocus->buildWhereClauseConditionForCalendar();
+ if($condition) {
+ $query .= ' AND '.$condition;
+ }
+ }
}
} else {
$query = parent::getRelationQuery($recordId, $functionName, $relatedModule, $relationId);
diff --git a/modules/PriceBooks/models/Relation.php b/modules/PriceBooks/models/Relation.php
index a265a1c5c97a4e764f41f4dfebe5b49d30cc2b2f..793b76b0f91848ddf2781e6f083d95c24420da08 100644
--- a/modules/PriceBooks/models/Relation.php
+++ b/modules/PriceBooks/models/Relation.php
@@ -48,6 +48,20 @@ class PriceBooks_Relation_Model extends Vtiger_Relation_Model{
if(!empty($selectColumnSql)) {
$query = $selectColumnSql.' FROM '.$newQuery[1];
}
+
+ if($relatedModuleName == 'Calendar') {
+ $nonAdminQuery = Users_Privileges_Model::getNonAdminAccessControlQuery($relatedModuleName);
+
+ if (trim($nonAdminQuery)) {
+ $query = appendFromClauseToQuery($query, $nonAdminQuery);
+
+ $moduleFocus = CRMEntity::getInstance('Calendar');
+ $condition = $moduleFocus->buildWhereClauseConditionForCalendar();
+ if($condition) {
+ $query .= ' AND '.$condition;
+ }
+ }
+ }
return $query;
}
diff --git a/modules/Products/models/RelationListView.php b/modules/Products/models/RelationListView.php
index 19e7d665f6b3d16d0fbfbf2e32002d87bfe7a3a8..b9c320d1e48be73e0f5dfee03a4dd645ee24627c 100644
--- a/modules/Products/models/RelationListView.php
+++ b/modules/Products/models/RelationListView.php
@@ -70,6 +70,21 @@ class Products_RelationListView_Model extends Vtiger_RelationListView_Model {
}
}
+ $nonAdminQuery = Users_Privileges_Model::getNonAdminAccessControlQuery($relatedModuleName);
+ if (trim($nonAdminQuery)) {
+ if($relatedModuleName == 'Calendar') {
+ $query = appendFromClauseToQuery($query, $nonAdminQuery);
+
+ $moduleFocus = CRMEntity::getInstance('Calendar');
+ $condition = $moduleFocus->buildWhereClauseConditionForCalendar();
+ if($condition) {
+ $query .= ' AND '.$condition;
+ }
+ } else {
+ $query = appendFromClauseToQuery($query, $nonAdminQuery);
+ }
+ }
+
return $query;
}
diff --git a/modules/Reports/ReportRun.php b/modules/Reports/ReportRun.php
index 5f9c6564c65c638ab52873f22aa3a1943a34120e..44af415b788c0419356598a835a10cb78307ec20 100644
--- a/modules/Reports/ReportRun.php
+++ b/modules/Reports/ReportRun.php
@@ -2828,6 +2828,25 @@ class ReportRun extends CRMEntity {
}
$log->info("ReportRun :: Successfully returned getReportsQuery" . $module);
+
+ $secondarymodule = explode(":", $this->secondarymodule);
+ if(in_array('Calendar', $secondarymodule) || $module == 'Calendar') {
+ $currentUserModel = Users_Record_Model::getCurrentUserModel();
+ $tabId = getTabid('Calendar');
+ $task_tableName = 'vt_tmp_u'.$currentUserModel->id.'_t'.$tabId.'_task';
+ $event_tableName = 'vt_tmp_u'.$currentUserModel->id.'_t'.$tabId.'_events';
+ if(!$currentUserModel->isAdminUser()
+ && stripos($query, $event_tableName) && stripos($query, $task_tableName)) {
+ $moduleFocus = CRMEntity::getInstance('Calendar');
+ $scope = '';
+ if(in_array('Calendar', $secondarymodule)) $scope = 'Calendar';
+ $condition = $moduleFocus->buildWhereClauseConditionForCalendar($scope);
+ if($condition) {
+ $query .= ' AND '.$condition;
+ }
+ }
+ }
+
return $query;
}
diff --git a/modules/Vtiger/models/Module.php b/modules/Vtiger/models/Module.php
index f1ffd66ce63cc8cd9ee46e8cba7f8e23d4f62f30..ad7ddf65b630bd5282439603c82906421c81bee0 100644
--- a/modules/Vtiger/models/Module.php
+++ b/modules/Vtiger/models/Module.php
@@ -1089,6 +1089,14 @@ class Vtiger_Module_Model extends Vtiger_Module {
AND (vtiger_activity.status is NULL OR vtiger_activity.status NOT IN ('Completed', 'Deferred', 'Cancelled'))
AND (vtiger_activity.eventstatus is NULL OR vtiger_activity.eventstatus NOT IN ('Held','Cancelled'))";
+ if(!$currentUser->isAdminUser()) {
+ $moduleFocus = CRMEntity::getInstance('Calendar');
+ $condition = $moduleFocus->buildWhereClauseConditionForCalendar();
+ if($condition) {
+ $query .= ' AND '.$condition;
+ }
+ }
+
$params = array($this->getName());
if ($recordId) {
@@ -1521,6 +1529,14 @@ class Vtiger_Module_Model extends Vtiger_Module {
if ($nonAdminQuery) {
$query = appendFromClauseToQuery($query, $nonAdminQuery);
+
+ if($functionName == 'get_activities' && trim($nonAdminQuery)) {
+ $moduleFocus = CRMEntity::getInstance('Calendar');
+ $condition = $moduleFocus->buildWhereClauseConditionForCalendar();
+ if($condition) {
+ $query .= ' AND '.$condition;
+ }
+ }
}
return $query;