function displayConfiguration($args) { // permissions $aPermissions = KTPermission::getList(); $aKeyPermissions = array(); foreach ($aPermissions as $oPermission) { $aKeyPermissions[$oPermission->getName()] = $oPermission; } $current_perms = array(); $this->aConfig['perms'] = KTUtil::arrayGet($this->aConfig, 'perms', array()); foreach ($this->aConfig['perms'] as $sPermName) { $current_perms[$sPermName] = true; } $oTemplating =& KTTemplating::getSingleton(); $oTemplate = $oTemplating->loadTemplate('ktcore/workflowtriggers/permissions'); $aTemplateData = array('context' => $this, 'perms' => $aKeyPermissions, 'current_perms' => $current_perms, 'args' => $args); return $oTemplate->render($aTemplateData); }
function setPersonalFolderPermissions($oPO) { $aWorkSpaceOwnerRoleID = $this->getRoleIdByName('WorkSpaceOwner'); $aAdminGroupID = $this->getGroupIdByName('System Administrators'); //arrays used to make integers for $aAllowed array variable $iWorkSpaceOwnerRoleID = $aWorkSpaceOwnerRoleID[0]['id']; $iAdminGroupID = $aAdminGroupID[0]['id']; //set permissions for the role and the admin group $aAllowed = array('role' => array($iWorkSpaceOwnerRoleID), 'group' => array($iAdminGroupID)); //Get the List of all the permissions $aPersonalFolderPermissions = KTPermission::getList(); //Iterate through and apply all permissions to the current user and the admin group foreach ($aPersonalFolderPermissions as $oPersonalFolderPermission) { KTPermissionUtil::setPermissionForId($oPersonalFolderPermission, $oPO, $aAllowed); } //Update permission lookup KTPermissionUtil::updatePermissionLookupForPO($oPO); }
/** * Saves changes made by add() and remove(). * * @author KnowledgeTree Team * @access public */ public function save() { if (!$this->changed) { // we don't have to do anything if nothing has changed. return; } // if the current setup is inherited, then we must create a new copy to store the new associations. if ($this->getIsInherited()) { $this->overrideAllocation(); } $permissions = KTPermission::getList(); $folderItemObject = $this->_logTransaction(_kt('Updated permissions'), 'ktcore.transactions.permissions_change'); $permissionObject = KTPermissionObject::get($folderItemObject->getPermissionObjectId()); // transform the map into the structure expected foreach ($permissions as $permission) { $permissionId = $permission->getId(); // not the association is singular here $allowed = array('group' => array(), 'role' => array(), 'user' => array()); // fill the group allocations foreach ($this->map['groups']['map'] as $groupId => $allocations) { if ($allocations[$permissionId]) { $allowed['group'][] = $groupId; } } // fill the user allocations foreach ($this->map['users']['map'] as $userId => $allocations) { if ($allocations[$permissionId]) { $allowed['user'][] = $userId; } } // fill the role allocations foreach ($this->map['roles']['map'] as $roleId => $allocations) { if ($allocations[$permissionId]) { $allowed['role'][] = $roleId; } } KTPermissionUtil::setPermissionForId($permission, $permissionObject, $allowed); } KTPermissionUtil::updatePermissionLookupForPO($permissionObject); // set the copy to be that of the modified version. $this->mapCopy = $this->map; $this->changed = false; }
function do_update() { $aOptions = array('redirect_to' => array('main', 'fFolderId=' . $this->oFolder->getId())); if (!KTBrowseUtil::inAdminMode($this->oUser, $this->oFolder)) { $this->oValidator->userHasPermissionOnItem($this->oUser, $this->_sEditShowPermission, $this->oFolder, $aOptions); } $aFoo = $_REQUEST['foo']; $aPermissions = KTPermission::getList(); /* --- This section has been commented out to remove these checks when permissions --- are updated. --------------------------------------------------------------------------------- //------------------- //This section is used to make sure that a user doesn't disable the admin groups //Manage security permission or the Manage Security permission of a group they //are currently a member of. // Check which groups have permission to manage security $aNewGroups = (isset($aFoo[4]['group']) ? $aFoo[4]['group'] : array()); $aNewRoles = (isset($aFoo[4]['role']) ? $aFoo[4]['role'] : array()); $iUserId = $this->oUser->getId(); //Check that they aren't removing the sys admin Manage Security permission //1 in this case is the admin group. if(!in_array('1', $aNewGroups)) { $this->addErrorMessage(_kt('You cannot remove the Manage Security permission from the System Administrators Group')); $this->redirectTo('edit', 'fFolderId=' . $this->oFolder->getId()); exit(0); } //Check that they aren't removing the Manage Security permission from a group //They are a member of. if(!GroupUtil::checkUserInGroups($iUserId, array(1))) { //Ensure the user is not removing his/her own permission to update the folder permissions (manage security) if(!in_array(-3, $aNewRoles)) { if(!GroupUtil::checkUserInGroups($iUserId, $aNewGroups)) { // If user no longer has permission, return an error. $this->addErrorMessage(_kt('You cannot remove the Manage Security permission from a group you belong to.')); $this->redirectTo('edit', 'fFolderId=' . $this->oFolder->getId()); exit(0); } } } //----------------- */ require_once KT_LIB_DIR . '/documentmanagement/observers.inc.php'; $oPO = KTPermissionObject::get($this->oFolder->getPermissionObjectId()); foreach ($aPermissions as $oPermission) { $iPermId = $oPermission->getId(); $aAllowed = KTUtil::arrayGet($aFoo, $iPermId, array()); KTPermissionUtil::setPermissionForId($oPermission, $oPO, $aAllowed); } $oTransaction = KTFolderTransaction::createFromArray(array('folderid' => $this->oFolder->getId(), 'comment' => _kt('Updated permissions'), 'transactionNS' => 'ktcore.transactions.permissions_change', 'userid' => $_SESSION['userID'], 'ip' => Session::getClientIP())); $aOptions = array('defaultmessage' => _kt('Error updating permissions'), 'redirect_to' => array('edit', sprintf('fFolderId=%d', $this->oFolder->getId()))); $this->oValidator->notErrorFalse($oTransaction, $aOptions); $po =& new JavascriptObserver($this); $po->start(); $oChannel =& KTPermissionChannel::getSingleton(); $oChannel->addObserver($po); KTPermissionUtil::updatePermissionLookupForPO($oPO); $this->commitTransaction(); $this->addInfoMessage(_kt('Permissions on folder updated')); $po->redirect(KTUtil::addQueryString($_SERVER['PHP_SELF'], 'action=edit&fFolderId=' . $this->oFolder->getId())); exit(0); }
function do_newPermission() { session_start(); $sName = KTUtil::arrayGet($_REQUEST, 'name'); $sHumanName = KTUtil::arrayGet($_REQUEST, 'human_name'); $sError = 'An error occured while creating your permission'; //Checking that the System Name and Display Name fields aren't empty if (empty($sName) && !empty($sHumanName)) { $sError = 'An error occured while creating your permission: The System Name was not provided.'; $_SESSION['Permission']['HumanNameValue'] = $sHumanName; return $this->errorRedirectToMain(_kt($sError)); } else { if (!empty($sName) && empty($sHumanName)) { $sError = 'An error occured while creating your permission: The Display Name was not provided.'; $_SESSION['Permission']['NameValue'] = $sName; return $this->errorRedirectToMain(_kt($sError)); } else { if (empty($sName) && empty($sHumanName)) { $sError = 'An error occured while creating your permission: The Display Name and System Name weren\'t provided.'; return $this->errorRedirectToMain(_kt($sError)); } } } //Checking that the System Name and Display Name aren't already in the database $aPermissions = KTPermission::getList(); //$iNameErrorCount and $iHumanNameErrorCount are used to check whether only one name is duplicated or if two names are duplicated. $iNameErrorCount = 0; $iHumanNameErrorCount = 0; foreach ($aPermissions as $aPermission) { if ($sName == $aPermission->getName()) { $iNameErrorCount++; } if ($sHumanName == $aPermission->getHumanName()) { $iHumanNameErrorCount++; } } if ($iNameErrorCount > 0 && $iHumanNameErrorCount > 0) { $sError = 'An error occured while creating your permission: The Display Name and System Name you have provided both already exist.'; return $this->errorRedirectToMain(_kt($sError)); } else { if ($iNameErrorCount > 0 && $iHumanNameErrorCount == 0) { if (!empty($sHumanName)) { $_SESSION['Permission']['HumanNameValue'] = $sHumanName; } $sError = 'An error occured while creating your permission: A permission with the same System Name already exists.'; return $this->errorRedirectToMain(_kt($sError)); } else { if ($iNameErrorCount == 0 && $iHumanNameErrorCount > 0) { if (!empty($sName)) { $_SESSION['Permission']['NameValue'] = $sName; } $sError = 'An error occured while creating your permission: A permission with the same Display Name already exists.'; return $this->errorRedirectToMain(_kt($sError)); } } } $oPerm = KTPermission::createFromArray(array('name' => $sName, 'humanname' => $sHumanName)); if (PEAR::isError($oPerm)) { return $this->errorRedirectToMain(_kt($sError)); } return $this->successRedirectToMain(_kt("Permission created")); }
function do_resolved_users() { $this->oPage->setBreadcrumbDetails(_kt("Permissions")); $oTemplate = $this->oValidator->validateTemplate("ktcore/document/resolved_permissions_user"); $oPL = KTPermissionLookup::get($this->oDocument->getPermissionLookupID()); $aPermissions = KTPermission::getList(); $aMapPermissionGroup = array(); $aMapPermissionRole = array(); $aMapPermissionUser = array(); $aUsers = User::getList(); foreach ($aPermissions as $oPermission) { $oPLA = KTPermissionLookupAssignment::getByPermissionAndLookup($oPermission, $oPL); if (PEAR::isError($oPLA)) { continue; } $oDescriptor = KTPermissionDescriptor::get($oPLA->getPermissionDescriptorID()); $iPermissionID = $oPermission->getID(); $aMapPermissionGroup[$iPermissionID] = array(); foreach ($aUsers as $oUser) { if (KTPermissionUtil::userHasPermissionOnItem($oUser, $oPermission, $this->oDocument)) { $aMapPermissionUser[$iPermissionID][$oUser->getId()] = true; $aActiveUsers[$oUser->getId()] = true; } } } // now we constitute the actual sets. $users = array(); $groups = array(); $roles = array(); // should _always_ be empty, barring a bug in permissions::updatePermissionLookup // this should be quite limited - direct role -> user assignment is typically rare. foreach ($aActiveUsers as $id => $marker) { $oUser = User::get($id); $users[$oUser->getName()] = $oUser; } asort($users); // ascending, per convention. $bEdit = false; $sInherited = ''; $aDynamicControls = array(); $aWorkflowControls = array(); // handle conditions $iPermissionObjectId = $this->oDocument->getPermissionObjectID(); if (!empty($iPermissionObjectId)) { $oPO = KTPermissionObject::get($iPermissionObjectId); $aDynamicConditions = KTPermissionDynamicCondition::getByPermissionObject($oPO); if (!PEAR::isError($aDynamicConditions)) { foreach ($aDynamicConditions as $oDynamicCondition) { $iConditionId = $oDynamicCondition->getConditionId(); if (KTSearchUtil::testConditionOnDocument($iConditionId, $this->oDocument)) { $aPermissionIds = $oDynamicCondition->getAssignment(); foreach ($aPermissionIds as $iPermissionId) { $aDynamicControls[$iPermissionId] = true; } } } } } // indicate that workflow controls a given permission $oState = KTWorkflowUtil::getWorkflowStateForDocument($this->oDocument); if (!(PEAR::isError($oState) || is_null($oState) || $oState == false)) { $aWorkflowStatePermissionAssignments = KTWorkflowStatePermissionAssignment::getByState($oState); foreach ($aWorkflowStatePermissionAssignments as $oAssignment) { $aWorkflowControls[$oAssignment->getPermissionId()] = true; unset($aDynamicControls[$oAssignment->getPermissionId()]); } } $aTemplateData = array("context" => $this, "permissions" => $aPermissions, "groups" => $groups, "users" => $users, "roles" => $roles, "oDocument" => $this->oDocument, "aMapPermissionGroup" => $aMapPermissionGroup, "aMapPermissionRole" => $aMapPermissionRole, "aMapPermissionUser" => $aMapPermissionUser, "edit" => $bEdit, "inherited" => $sInherited, 'workflow_controls' => $aWorkflowControls, 'conditions_control' => $aDynamicControls); return $oTemplate->render($aTemplateData); }