/** * Add folder group permission * * @access public * @param string * @param string * @param int * */ public function add_folder_group_permissions($group, $folder_id, $namespace, $sig_username = '', $sig_password = '', $reason = '') { $response = $this->_check_electronic_signature($folder_id, $sig_username, $sig_password, $reason, $reason, 'ktcore.transactions.permissions_change'); if ($response['status_code'] == 1) { return $response; } if (is_null($this->session)) { return array("status_code" => 1, "message" => "Your session is not active"); } /* First check that user trying to add permission can actually do so */ $folder = KTAPI_Folder::get($this, $folder_id); $permissions = $folder->getPermissionAllocation(); $detail = $permissions->permissions; if (!in_array("Manage security", $detail)) { return array("status_code" => 1, "message" => "User does not have permission to manage security"); } $folder = KTAPI_Folder::get($this, $folder_id); if (PEAR::isError($folder)) { return array("status_code" => 1, "message" => $folder->getMessage()); } $permission = KTAPI_Permission::getByNamespace($namespace); if (PEAR::isError($permission)) { return array("status_code" => 1, "message" => $permission->getMessage()); } $group = KTAPI_Role::getByName($group); if (PEAR::isError($group)) { return array("status_code" => 1, "message" => $group->getMessage()); } $permissions = $folder->getPermissionAllocation(); $permissions->add($group, $permission); $permissions->save(); }
/** * Test KTAPI_PermissionAllocation getAllocation(), add(), remove(), save() * */ function testPermissionAllocation() { $root = $this->ktapi->get_root_folder(); $folder = $this->ktapi->get_folder_by_name('test123'); if (!$folder instanceof KTAPI_Folder) { $folder = $root->add_folder('test123'); } $allocation = KTAPI_PermissionAllocation::getAllocation($this->ktapi, $folder); $group = KTAPI_Group::getByName('System Administrators'); $user = KTAPI_User::getByUsername('anonymous'); $role = KTAPI_Role::getByName('Publisher'); $read = KTAPI_Permission::getByNamespace('ktcore.permissions.read'); $write = KTAPI_Permission::getByNamespace('ktcore.permissions.write'); $addFolder = KTAPI_Permission::getByNamespace('ktcore.permissions.addFolder'); $security = KTAPI_Permission::getByNamespace('ktcore.permissions.security'); $allocation->add($user, $read); $allocation->add($user, $write); $allocation->add($user, $addFolder); $allocation->add($user, $security); $allocation->add($role, $read); $allocation->add($role, $write); $allocation->remove($group, $write); $allocation->save(); // refresh object and check permission allocations $folder2 = $this->ktapi->get_folder_by_name('test123'); $allocation = KTAPI_PermissionAllocation::getAllocation($this->ktapi, $folder2); $this->assertTrue($allocation->isMemberPermissionSet($user, $read)); $this->assertTrue($allocation->isMemberPermissionSet($user, $write)); $this->assertTrue($allocation->isMemberPermissionSet($role, $write)); $this->assertFalse($allocation->isMemberPermissionSet($group, $write)); $folder->delete('Testing permission allocation'); }
/** * Add folder group permission * * @access public * @param string * @param string * @param int * */ public function add_folder_group_permissions($group, $folder_id, $namespace) { if (is_null($this->session)) { return array("status_code" => 1, "message" => "Your session is not active"); } /* First check that user trying to add permission can actually do so */ $folder = KTAPI_Folder::get($this, $folder_id); $permissions = $folder->getPermissionAllocation(); $detail = $permissions->permissions; if (!in_array("Manage security", $detail)) { return array("status_code" => 1, "message" => "User does not have permission to manage security"); } $folder = KTAPI_Folder::get($this, $folder_id); if (PEAR::isError($folder)) { return array("status_code" => 1, "message" => $folder->getMessage()); } $permission = KTAPI_Permission::getByNamespace($namespace); if (PEAR::isError($permission)) { return array("status_code" => 1, "message" => $permission->getMessage()); } $group = KTAPI_Role::getByName($group); if (PEAR::isError($group)) { return array("status_code" => 1, "message" => $group->getMessage()); } $permissions = $folder->getPermissionAllocation(); $permissions->add($group, $permissions); $permissions->save(); }