Spaces:
No application file
No application file
File size: 3,930 Bytes
d2897cd |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 |
<?php
namespace Mautic\LeadBundle\Controller;
use Mautic\LeadBundle\Entity\Lead;
use Symfony\Component\HttpFoundation\Response;
trait LeadAccessTrait
{
/**
* Determines if the user has access to the lead the note is for.
*
* @param bool $isPlugin
*
* @return Response|Lead
*/
protected function checkLeadAccess($leadId, $action, $isPlugin = false, $integration = '')
{
if (!$leadId instanceof Lead) {
// make sure the user has view access to this lead
$leadModel = $this->getModel('lead');
$lead = $leadModel->getEntity((int) $leadId);
} else {
$lead = $leadId;
$leadId = $lead->getId();
}
if (null === $lead || !$lead->getId()) {
if (method_exists($this, 'postActionRedirect')) {
// set the return URL
$page = $this->getCurrentRequest()->getSession()->get($isPlugin ? 'mautic.'.$integration.'.page' : 'mautic.lead.page', 1);
$returnUrl = $this->generateUrl($isPlugin ? 'mautic_plugin_timeline_index' : 'mautic_contact_index', ['page' => $page]);
return $this->postActionRedirect(
[
'returnUrl' => $returnUrl,
'viewParameters' => ['page' => $page],
'contentTemplate' => $isPlugin ? 'Mautic\LeadBundle\Controller\LeadController::pluginIndexAction' : 'Mautic\LeadBundle\Controller\LeadController::indexAction',
'passthroughVars' => [
'activeLink' => $isPlugin ? '#mautic_plugin_timeline_index' : '#mautic_contact_index',
'mauticContent' => 'leadTimeline',
],
'flashes' => [
[
'type' => 'error',
'msg' => 'mautic.lead.lead.error.notfound',
'msgVars' => ['%id%' => $leadId],
],
],
]
);
} else {
return $this->notFound('mautic.contact.error.notfound');
}
} elseif (!$this->security->hasEntityAccess(
'lead:leads:'.$action.'own',
'lead:leads:'.$action.'other',
$lead->getPermissionUser()
)
) {
return $this->accessDenied();
} else {
return $lead;
}
}
/**
* Returns leads the user has access to.
*
* @return array|\Symfony\Component\HttpFoundation\RedirectResponse
*/
protected function checkAllAccess($action, $limit)
{
/** @var LeadModel $model */
$model = $this->getModel('lead');
// make sure the user has view access to leads
$repo = $model->getRepository();
// order by lastactive, filter
$leads = $repo->getEntities(
[
'filter' => [
'force' => [
[
'column' => 'l.date_identified',
'expr' => 'isNotNull',
],
],
],
'oderBy' => 'r.last_active',
'orderByDir' => 'DESC',
'limit' => $limit,
'hydration_mode' => 'HYDRATE_ARRAY',
]);
if (null === $leads) {
return $this->accessDenied();
}
foreach ($leads as $lead) {
if (!$this->security->hasEntityAccess(
'lead:leads:'.$action.'own',
'lead:leads:'.$action.'other',
$lead->getOwner()
)
) {
unset($lead);
}
}
return $leads;
}
}
|