/**
* Remove a user's permissions from a specific node in Alfresco.
*
* @param string $username The Alfresco user's username.
* @param string $uuid The Alfresco node UUID.
* @return bool True on success, False otherwise.
*/
function remove_permissions($username, $uuid) {
// Get all of the permissions that this user has set to ALLOW on this node and then remove them.
if ($permissions = elis_files_get_permissions($uuid, $username)) {
foreach ($permissions as $permission) {
if (!elis_files_set_permission($username, $uuid, $permission, ELIS_FILES_CAPABILITY_ALLOWED)) {
return false;
}
}
}
return true;
}
/**
* Handle the event when a user is unassigned from a user set.
*
* @uses $DB
* @param object $usersetinfo The ELIS crlm_cluster_assignments record object.
* @return bool True on success or failure (event handlers must always return true).
*/
function elis_files_userset_deassigned($usersetinfo) {
global $DB;
// Only proceed here if we have valid userid,clusterid & the Alfresco plug-in is actually enabled.
if (empty($usersetinfo->userid) || empty($usersetinfo->clusterid) ||
!($repo = repository_factory::factory('elisfiles'))) {
return true;
}
$user = new user($usersetinfo->userid);
// Get the Moodle user info from the CM user record.
if (!$muser = $user->get_moodleuser()) {
return true;
}
if (!($userset = $DB->get_record(userset::TABLE, array('id' => $usersetinfo->clusterid)))) {
return true;
}
if (!file_exists(elispm::file('plugins/usetclassify/usersetclassification.class.php'))) {
return true;
}
require_once(elispm::file('plugins/usetclassify/usersetclassification.class.php'));
// Get the extra user set data and ensure it is present before proceeding.
$usersetdata = usersetclassification::get_for_cluster($userset);
if (empty($usersetdata->params)) {
return true;
}
$usersetparams = unserialize($usersetdata->params);
// Make sure this user set has the Alfresco shared folder property defined
if (empty($usersetparams['elis_files_shared_folder'])) {
return true;
}
// Does this organization have an Alfresco storage space?
if (!$uuid = $repo->get_userset_store($userset->id, false)) {
return true;
}
$context = \local_elisprogram\context\userset::instance($userset->id);
$sql = 'SELECT rc.*
FROM {role_assignments} ra
INNER JOIN {role} r ON ra.roleid = r.id
INNER JOIN {role_capabilities} rc ON r.id = rc.roleid
WHERE ra.contextid = :contextid
AND ra.userid = :userid
AND rc.capability IN (:cap1, :cap2)
AND rc.permission = '.CAP_ALLOW;
$params = array(
'contextid' => $context->id,
'userid' => $muser->id,
'cap1' => 'repository/elisfiles:createusersetcontent',
'cap2' => 'local/elisprogram:userset_enrol'
);
// Check if the user has a specific role assignment on the user set context with the editing capability
if ($DB->record_exists_sql($sql, $params)) {
// Remove all non-editing permissions for this user on the organization shared space.
if ($permissions = elis_files_get_permissions($uuid, $muser->username)) {
foreach ($permissions as $permission) {
// Do not remove editing permissions if this user still actually has a user set membership.
if ($permission == ELIS_FILES_ROLE_COLLABORATOR) {
continue;
}
elis_files_set_permission($muser->username, $uuid, $permission, ELIS_FILES_CAPABILITY_DENIED);
}
}
// Remove all permissions for this user on the organization shared space.
} else if ($permissions = elis_files_get_permissions($uuid, $muser->username)) {
require_once(elispm::lib('data/clusterassignment.class.php'));
foreach ($permissions as $permission) {
// Do not remove view permissions if this user still actually has a user set membership.
$params = array(
'userid' => $usersetinfo->userid,
'clusterid' => $userset->id
);
if ($permission == ELIS_FILES_ROLE_CONSUMER && $DB->record_exists(clusterassignment::TABLE, $params)) {
continue;
}
elis_files_set_permission($muser->username, $uuid, $permission, ELIS_FILES_CAPABILITY_DENIED);
}
}
return true;
}
