function do_update()
{
$aOptions = array('redirect_to' => array('main', 'fFolderId=' . $this->oFolder->getId()));
if (!KTBrowseUtil::inAdminMode($this->oUser, $this->oFolder)) {
$this->oValidator->userHasPermissionOnItem($this->oUser, $this->_sEditShowPermission, $this->oFolder, $aOptions);
}
$aFoo = $_REQUEST['foo'];
$aPermissions = KTPermission::getList();
/*
--- This section has been commented out to remove these checks when permissions
--- are updated.
---------------------------------------------------------------------------------
//-------------------
//This section is used to make sure that a user doesn't disable the admin groups
//Manage security permission or the Manage Security permission of a group they
//are currently a member of.
// Check which groups have permission to manage security
$aNewGroups = (isset($aFoo[4]['group']) ? $aFoo[4]['group'] : array());
$aNewRoles = (isset($aFoo[4]['role']) ? $aFoo[4]['role'] : array());
$iUserId = $this->oUser->getId();
//Check that they aren't removing the sys admin Manage Security permission
//1 in this case is the admin group.
if(!in_array('1', $aNewGroups))
{
$this->addErrorMessage(_kt('You cannot remove the Manage Security permission from the System Administrators Group'));
$this->redirectTo('edit', 'fFolderId=' . $this->oFolder->getId());
exit(0);
}
//Check that they aren't removing the Manage Security permission from a group
//They are a member of.
if(!GroupUtil::checkUserInGroups($iUserId, array(1)))
{
//Ensure the user is not removing his/her own permission to update the folder permissions (manage security)
if(!in_array(-3, $aNewRoles))
{
if(!GroupUtil::checkUserInGroups($iUserId, $aNewGroups))
{
// If user no longer has permission, return an error.
$this->addErrorMessage(_kt('You cannot remove the Manage Security permission from a group you belong to.'));
$this->redirectTo('edit', 'fFolderId=' . $this->oFolder->getId());
exit(0);
}
}
}
//-----------------
*/
require_once KT_LIB_DIR . '/documentmanagement/observers.inc.php';
$oPO = KTPermissionObject::get($this->oFolder->getPermissionObjectId());
foreach ($aPermissions as $oPermission) {
$iPermId = $oPermission->getId();
$aAllowed = KTUtil::arrayGet($aFoo, $iPermId, array());
KTPermissionUtil::setPermissionForId($oPermission, $oPO, $aAllowed);
}
$oTransaction = KTFolderTransaction::createFromArray(array('folderid' => $this->oFolder->getId(), 'comment' => _kt('Updated permissions'), 'transactionNS' => 'ktcore.transactions.permissions_change', 'userid' => $_SESSION['userID'], 'ip' => Session::getClientIP()));
$aOptions = array('defaultmessage' => _kt('Error updating permissions'), 'redirect_to' => array('edit', sprintf('fFolderId=%d', $this->oFolder->getId())));
$this->oValidator->notErrorFalse($oTransaction, $aOptions);
$po =& new JavascriptObserver($this);
$po->start();
$oChannel =& KTPermissionChannel::getSingleton();
$oChannel->addObserver($po);
KTPermissionUtil::updatePermissionLookupForPO($oPO);
$this->commitTransaction();
$this->addInfoMessage(_kt('Permissions on folder updated'));
$po->redirect(KTUtil::addQueryString($_SERVER['PHP_SELF'], 'action=edit&fFolderId=' . $this->oFolder->getId()));
exit(0);
}
/**
* Update's the permission lookup on one folder or document,
* non-recursively.
*/
function updatePermissionLookup(&$oFolderOrDocument, $aOptions = null)
{
$is_a_folder = is_a($oFolderOrDocument, 'Folder');
$is_a_document = is_a($oFolderOrDocument, 'Document') || is_a($oFolderOrDocument, 'KTDocumentCore');
//ensure that the document shortcut is being updated.
if ($is_a_document && $oFolderOrDocument->isSymbolicLink()) {
$oFolderOrDocument->switchToRealCore();
}
$oChannel = null;
$aMapPermAllowed = null;
$oPermLookup = null;
if (!is_null($aOptions)) {
$oChannel = $aOptions['channel'];
$aMapPermAllowed = $aOptions['map_allowed'];
$oPermLookup = $aOptions['perm_lookup'];
}
if (!$is_a_folder && !$is_a_document) {
return;
// we occasionally get handed a PEAR::raiseError. Just ignore it.
}
if (is_null($oChannel)) {
$oChannel =& KTPermissionChannel::getSingleton();
}
if ($is_a_folder) {
$msg = sprintf("Updating folder %s", join('/', $oFolderOrDocument->getPathArray()));
} else {
if (is_a($oFolderOrDocument, 'Document')) {
//modify the message to reflect that a shortcut is begin updated
if ($oFolderOrDocument->isSymbolicLink()) {
$msg = sprintf("Updating shortcut to %s", $oFolderOrDocument->getName());
} else {
$msg = sprintf("Updating document %s", $oFolderOrDocument->getName());
}
} else {
$msg = sprintf("Updating document %d", $oFolderOrDocument->getId());
}
}
$oChannel->sendMessage(new KTPermissionGenericMessage($msg));
//var_dump($msg);
$iPermissionObjectId = $oFolderOrDocument->getPermissionObjectID();
if (empty($iPermissionObjectId)) {
return;
}
$oPO = KTPermissionObject::get($iPermissionObjectId);
if (is_null($aMapPermAllowed)) {
$aPAs = KTPermissionAssignment::getByObjectMulti($oPO);
$aMapPermAllowed = array();
foreach ($aPAs as $oPA) {
$oPD = KTPermissionDescriptor::get($oPA->getPermissionDescriptorID());
$aGroupIDs = $oPD->getGroups();
$aUserIDs = array();
$aRoleIDs = $oPD->getRoles();
$aAllowed = array('group' => $aGroupIDs, 'user' => $aUserIDs, 'role' => $aRoleIDs);
$aMapPermAllowed[$oPA->getPermissionID()] = $aAllowed;
}
}
if (!$is_a_folder) {
$aDynamicConditions = KTPermissionDynamicCondition::getByPermissionObject($oPO);
if (!PEAR::isError($aDynamicConditions)) {
foreach ($aDynamicConditions as $oDynamicCondition) {
$iConditionId = $oDynamicCondition->getConditionId();
if (KTSearchUtil::testConditionOnDocument($iConditionId, $oFolderOrDocument)) {
$iGroupId = $oDynamicCondition->getGroupId();
$aPermissionIds = $oDynamicCondition->getAssignment();
foreach ($aPermissionIds as $iPermissionId) {
$aCurrentAllowed = KTUtil::arrayGet($aMapPermAllowed, $iPermissionId, array());
$aCurrentAllowed['group'][] = $iGroupId;
$aMapPermAllowed[$iPermissionId] = $aCurrentAllowed;
}
}
}
}
}
if (!$is_a_folder) {
$oState = KTWorkflowUtil::getWorkflowStateForDocument($oFolderOrDocument);
if (!(PEAR::isError($oState) || is_null($oState) || $oState == false)) {
$aWorkflowStatePermissionAssignments = KTWorkflowStatePermissionAssignment::getByState($oState);
foreach ($aWorkflowStatePermissionAssignments as $oAssignment) {
$iPermissionId = $oAssignment->getPermissionId();
$iPermissionDescriptorId = $oAssignment->getDescriptorId();
$oPD = KTPermissionDescriptor::get($iPermissionDescriptorId);
$aGroupIDs = $oPD->getGroups();
$aUserIDs = array();
$aRoleIDs = $oPD->getRoles();
$aAllowed = array('group' => $aGroupIDs, 'user' => $aUserIDs, 'role' => $aRoleIDs);
$aMapPermAllowed[$iPermissionId] = $aAllowed;
}
}
}
// if we have roles: nearest folder.
$iRoleSourceFolder = null;
if ($is_a_document) {
$iRoleSourceFolder = $oFolderOrDocument->getFolderID();
} else {
$iRoleSourceFolder = $oFolderOrDocument->getId();
}
// very minor perf win: map role_id (in context) to PD.
$_roleCache = array();
foreach ($aMapPermAllowed as $iPermissionId => $aAllowed) {
$aAfterRoles = array();
if (array_key_exists('role', $aAllowed)) {
foreach ($aAllowed['role'] as $k => $iRoleId) {
// store the PD <-> RoleId map
// special-case "all" or "authenticated".
if ($iRoleId == -3 || $iRoleId == -4) {
$aAfterRoles[] = $iRoleId;
continue;
}
if (!array_key_exists($iRoleId, $_roleCache)) {
$oRoleAllocation = null;
if ($is_a_document) {
$oRoleAllocation =& DocumentRoleAllocation::getAllocationsForDocumentAndRole($oFolderOrDocument->getId(), $iRoleId);
if (PEAR::isError($oRoleAllocation)) {
$oRoleAllocation = null;
}
}
// if that's null - not set _on_ the document, then
if (is_null($oRoleAllocation)) {
$oRoleAllocation =& RoleAllocation::getAllocationsForFolderAndRole($iRoleSourceFolder, $iRoleId);
}
$_roleCache[$iRoleId] = $oRoleAllocation;
}
// roles are _not_ always assigned (can be null at root)
if (!is_null($_roleCache[$iRoleId])) {
$aMapPermAllowed[$iPermissionId]['user'] = kt_array_merge($aMapPermAllowed[$iPermissionId]['user'], $_roleCache[$iRoleId]->getUserIds());
$aMapPermAllowed[$iPermissionId]['group'] = kt_array_merge($aMapPermAllowed[$iPermissionId]['group'], $_roleCache[$iRoleId]->getGroupIds());
// naturally, roles cannot be assigned roles, or madness follows.
}
unset($aAllowed['role'][$k]);
}
}
unset($aMapPermAllowed[$iPermissionId]['role']);
if (!empty($aAfterRoles)) {
$aMapPermAllowed[$iPermissionId]['role'] = $aAfterRoles;
}
}
/*
print '<pre>';
print '=======' . $oFolderOrDocument->getName();
print '<br />';
var_dump($aMapPermAllowed);
print '</pre>';
*/
//if (is_null($oPermLookup)) {
$aMapPermDesc = array();
foreach ($aMapPermAllowed as $iPermissionId => $aAllowed) {
$oLookupPD = KTPermissionUtil::getOrCreateDescriptor($aAllowed);
$aMapPermDesc[$iPermissionId] = $oLookupPD->getID();
}
$oPermLookup = KTPermissionLookupAssignment::findOrCreateLookupByPermissionDescriptorMap($aMapPermDesc);
//}
$oFolderOrDocument->setPermissionLookupID($oPermLookup->getID());
$oFolderOrDocument->update();
}
function _performUpgrade()
{
$this->_deleteSmartyFiles();
$this->_deleteProxyFiles();
require_once KT_LIB_DIR . '/cache/cache.inc.php';
$oCache =& KTCache::getSingleton();
$oCache->deleteAllCaches();
require_once KT_LIB_DIR . '/permissions/permissionutil.inc.php';
$po =& new KTRebuildPermissionObserver($this);
$po->start();
$oChannel =& KTPermissionChannel::getSingleton();
$oChannel->addObserver($po);
set_time_limit(0);
ignore_user_abort(true);
KTPermissionUtil::rebuildPermissionLookups(true);
$po->end();
$versionFile = KT_DIR . '/docs/VERSION-NAME.txt';
$fp = fopen($versionFile, 'rt');
$systemVersion = fread($fp, filesize($versionFile));
fclose($fp);
$query = "UPDATE system_settings SET value = ? WHERE name = ?";
$aParams = array($systemVersion, "knowledgetreeVersion");
DBUtil::runQuery(array($query, $aParams));
$query = "UPDATE system_settings SET value = ? WHERE name = ?";
$aParams = array($this->version, "databaseVersion");
return DBUtil::runQuery(array($query, $aParams));
}
