/**
* Remove a user's permissions from a specific node in Alfresco.
*
* @param string $username The Alfresco user's username.
* @param string $uuid The Alfresco node UUID.
* @return bool True on success, False otherwise.
*/
function remove_permissions($username, $uuid)
{
// Get all of the permissions that this user has set to ALLOW on this node and then remove them.
if ($permissions = alfresco_get_permissions($uuid, $username)) {
foreach ($permissions as $permission) {
if (!alfresco_set_permission($username, $uuid, $permission, ALFRESCO_CAPABILITY_ALLOWED)) {
return false;
}
}
}
return true;
}
/**
* Handle the event when a user is unassigned to a cluster.
*
* @uses $CFG
* @param object $clusterinfo The Moodle role_assignment record object.
* @return bool True on success or failure (event handlers must always return true).
*/
function block_repository_cluster_deassigned($clusterinfo)
{
global $CFG;
// Only proceed here if the Alfresco plug-in is actually enabled.
if (!isset($CFG->repository_plugins_enabled) || strstr($CFG->repository_plugins_enabled, 'alfresco') === false || !($repo = repository_factory::factory('alfresco'))) {
return true;
}
// Get the Moodle user ID from the CM user ID.
if (!($muserid = cm_get_moodleuserid($clusterinfo->userid))) {
return true;
}
if (!($username = get_field('user', 'username', 'id', $muserid))) {
return true;
}
if (!($cluster = get_record('crlm_cluster', 'id', $clusterinfo->clusterid))) {
return true;
}
// Does this organization have an Alfresco storage space?
if (!($uuid = $repo->get_organization_store($cluster->id, false))) {
return true;
}
$context = get_context_instance(context_level_base::get_custom_context_level('cluster', 'block_curr_admin'), $cluster->id);
$sql = "SELECT rc.*\n FROM {$CFG->prefix}role_capabilities rc\n INNER JOIN {$CFG->prefix}role r ON r.id = rc.roleid\n INNER JOIN {$CFG->prefix}role_assignments ra ON ra.roleid = r.id\n WHERE ra.contextid = {$context->id}\n AND ra.userid = {$muserid}\n AND rc.capability = 'block/repository:createorganizationcontent'\n AND rc.permission = " . CAP_ALLOW;
// Check if the user has a specific role assignment on the cluster context with the editing capability
if (!record_exists_sql($sql)) {
// Remove all non-editing permissions for this user on the organization shared space.
if ($permissions = alfresco_get_permissions($uuid, $username)) {
foreach ($permissions as $permission) {
// Do not remove editing permissions if this user still actually has a cluster membership.
if ($permission == ALFRESCO_ROLE_COLLABORATOR) {
continue;
}
alfresco_set_permission($username, $uuid, $permission, ALFRESCO_CAPABILITY_DENIED);
}
}
// Remove all permissions for this user on the organization shared space.
} else {
if ($permissions = alfresco_get_permissions($uuid, $username)) {
foreach ($permissions as $permission) {
// Do not remove view permissions if this user still actually has a cluster membership.
if ($permission == ALFRESCO_ROLE_CONSUMER && record_exists('crlm_usercluster', 'userid', $clusterinfo->userid, 'clusterid', $cluster->id, 'leader', 0)) {
continue;
}
alfresco_set_permission($username, $uuid, $permission, ALFRESCO_CAPABILITY_DENIED);
}
}
}
return true;
}
