/** * Returns an array containing all the permissions for the specified item. * The ugroups that have no permission defined in the request take the permission of the parent folder. */ function _get_permissions_as_array($group_id, $item_id, $permissions) { $permissions_array = array(); $perms = array('PLUGIN_DOCMAN_READ', 'PLUGIN_DOCMAN_WRITE', 'PLUGIN_DOCMAN_MANAGE'); // Get the ugroups of the parent $ugroups = permission_get_ugroups_permissions($group_id, $item_id, $perms, false); // Initialize the ugroup permissions to the same values as the parent folder foreach ($ugroups as $ugroup) { $ugroup_id = $ugroup['ugroup']['id']; $permissions_array[$ugroup_id] = 100; foreach ($perms as $perm) { if (isset($ugroup['permissions'][$perm])) { $permissions_array[$ugroup_id] = Docman_PermissionsManager::getDefinitionIndexForPermission($perm); } } } // Set the SOAP-provided permissions foreach ($permissions as $index => $permission) { $ugroup_id = $permission->ugroup_id; if (isset($permissions_array[$ugroup_id])) { $permissions_array[$ugroup_id] = Docman_PermissionsManager::getDefinitionIndexForPermission($permission->type); } } return $permissions_array; }
function fetch($id, $params) { $html = ''; if ($params['user_can_manage']) { $titles = array(); $titles[] = $GLOBALS['Language']->getText('plugin_docman', 'details_permissions_ugroups'); $titles[] = $GLOBALS['Language']->getText('plugin_docman', 'details_permissions_perms'); $html .= html_build_list_table_top($titles, false, false, false); $odd_even = array('boxitem', 'boxitemalt'); $i = 0; $ugroups = permission_get_ugroups_permissions($params['group_id'], $id, array('PLUGIN_DOCMAN_READ', 'PLUGIN_DOCMAN_WRITE', 'PLUGIN_DOCMAN_MANAGE'), false); ksort($ugroups); foreach ($ugroups as $ugroup) { $html .= '<tr class="' . $odd_even[$i++ % count($odd_even)] . '">'; $html .= '<td>' . $ugroup['ugroup']['name'] . '</td>'; $html .= '<td style="text-align:center;"><select name="permissions[' . $ugroup['ugroup']['id'] . ']">'; $html .= '<option value="100">-</option>'; $perms = array('PLUGIN_DOCMAN_READ', 'PLUGIN_DOCMAN_WRITE', 'PLUGIN_DOCMAN_MANAGE'); $i = 1; foreach ($perms as $perm) { if (isset($params['force_permissions'][$ugroup['ugroup']['id']])) { $selected = $params['force_permissions'][$ugroup['ugroup']['id']] == $i ? 'selected="selected"' : ''; } else { $selected = isset($ugroup['permissions'][$perm]) ? 'selected="selected"' : ''; } $html .= '<option value="' . $i++ . '" ' . $selected . '>' . permission_get_name($perm) . '</option>'; } $html .= '</select></td>'; $html .= '</tr>'; } $html .= '</table>'; } else { $html .= $GLOBALS['Language']->getText('plugin_docman', 'new_same_perms_as_parent'); // Will be created with the same permissions than its parent. $html .= $GLOBALS['Language']->getText('plugin_docman', 'new_need_to_be_manager'); // <br />You need Manage permission to define permissions. } return $html; }
/** * @returns array the permissions for the ugroups */ function plugin_tracker_permission_get_field_tracker_ugroups_permissions($group_id, $atid, $fields) { $tracker_permissions = plugin_tracker_permission_get_tracker_ugroups_permissions($group_id, $atid); //Anonymous can access ? if (isset($tracker_permissions[$GLOBALS['UGROUP_ANONYMOUS']]) && isset($tracker_permissions[$GLOBALS['UGROUP_ANONYMOUS']]['permissions']) && count($tracker_permissions[$GLOBALS['UGROUP_ANONYMOUS']]['permissions']) > 0) { //Do nothing } else { //We remove the id if (isset($tracker_permissions[$GLOBALS['UGROUP_ANONYMOUS']])) { unset($tracker_permissions[$GLOBALS['UGROUP_ANONYMOUS']]); } //Registered can access ? if (isset($tracker_permissions[$GLOBALS['UGROUP_REGISTERED']]) && isset($tracker_permissions[$GLOBALS['UGROUP_REGISTERED']]['permissions']) && count($tracker_permissions[$GLOBALS['UGROUP_REGISTERED']]['permissions']) > 0) { //Do nothing } else { //We remove the id if (isset($tracker_permissions[$GLOBALS['UGROUP_REGISTERED']])) { unset($tracker_permissions[$GLOBALS['UGROUP_REGISTERED']]); } //Each group can access ? foreach ($tracker_permissions as $key => $value) { if (!isset($value['permissions']) || count($value['permissions']) < 1) { unset($tracker_permissions[$key]); } } } } $ugroups_that_can_access_to_tracker = $tracker_permissions; $ugroups_permissions = array(); foreach ($fields as $field) { $fake_id = $field->getID(); $ugroups = permission_get_ugroups_permissions($group_id, $fake_id, array('PLUGIN_TRACKER_FIELD_READ', 'PLUGIN_TRACKER_FIELD_UPDATE', 'PLUGIN_TRACKER_FIELD_SUBMIT'), false); //{{{ We remove the ugroups which can't access to tracker and don't have permissions /*foreach($ugroups as $key => $value) { if (!isset($ugroups_that_can_access_to_tracker[$key]) && count($ugroups[$key]['permissions']) == 0) { unset($ugroups[$key]); } }*/ //}}} //We store permission for the current field $ugroups_permissions[$field->getID()] = array('field' => array('shortname' => $field->getName(), 'name' => $field->getLabel() . ($field->isRequired() ? ' *' : ''), 'id' => $field->getID(), 'field' => $field, 'link' => '/tracker/admin/index.php?group_id=' . $group_id . '&atid=' . $atid . '&func=display_field_update&field_id=' . $field->getID()), 'ugroups' => $ugroups); //{{{ We store tracker permissions foreach ($ugroups_permissions[$field->getID()]['ugroups'] as $key => $ugroup) { if (isset($tracker_permissions[$key])) { $ugroups_permissions[$field->getID()]['ugroups'][$key]['tracker_permissions'] = $tracker_permissions[$key]['permissions']; } else { $ugroups_permissions[$field->getID()]['ugroups'][$key]['tracker_permissions'] = array(); } } //}}} } return $ugroups_permissions; }
/** * @param Docman_Item $item The id of the item * @param bool $force true if you want to bypass permissions checking (@see permission_add_ugroup) * @param PFUser $user The current user */ private function setPermissionsOnItem(Docman_Item $item, $force, PFUser $user) { $permission_definition = array(100 => array('order' => 0, 'type' => null, 'label' => null, 'previous' => null), 1 => array('order' => 1, 'type' => 'PLUGIN_DOCMAN_READ', 'label' => permission_get_name('PLUGIN_DOCMAN_READ'), 'previous' => 0), 2 => array('order' => 2, 'type' => 'PLUGIN_DOCMAN_WRITE', 'label' => permission_get_name('PLUGIN_DOCMAN_WRITE'), 'previous' => 1), 3 => array('order' => 3, 'type' => 'PLUGIN_DOCMAN_MANAGE', 'label' => permission_get_name('PLUGIN_DOCMAN_MANAGE'), 'previous' => 2)); $permissions = $this->_controler->request->get('permissions'); $old_permissions = permission_get_ugroups_permissions($item->getGroupId(), $item->getId(), array('PLUGIN_DOCMAN_READ', 'PLUGIN_DOCMAN_WRITE', 'PLUGIN_DOCMAN_MANAGE'), false); $done_permissions = array(); $history = array('PLUGIN_DOCMAN_READ' => false, 'PLUGIN_DOCMAN_WRITE' => false, 'PLUGIN_DOCMAN_MANAGE' => false); foreach ($permissions as $ugroup_id => $wanted_permission) { $this->_setPermission($item->getGroupId(), $item->getId(), $permission_definition, $old_permissions, $done_permissions, $ugroup_id, $permissions, $history, $force); } $updated = false; foreach ($history as $perm => $put_in_history) { if ($put_in_history) { permission_add_history($item->getGroupId(), $perm, $item->getId()); $updated = true; } } $this->_controler->feedback->log('info', $GLOBALS['Language']->getText('plugin_docman', 'info_perms_updated')); // If requested by user, apply permissions recursively on sub items if ($this->_controler->request->get('recursive')) { //clone permissions for sub items // Recursive application via a callback of Docman_Actions::recursivePermissions in // Docman_ItemFactory::breathFirst $item_factory = $this->_getItemFactory(); $item_factory->breathFirst($item->getId(), array(&$this, 'recursivePermissions'), array('id' => $item->getId())); $this->_controler->feedback->log('info', $GLOBALS['Language']->getText('plugin_docman', 'info_perms_recursive_updated')); } }
/** * @returns array the permissions for the ugroups */ function permission_get_tracker_ugroups_permissions($group_id, $object_id) { return permission_get_ugroups_permissions($group_id, $object_id, array('TRACKER_ACCESS_FULL', 'TRACKER_ACCESS_ASSIGNEE', 'TRACKER_ACCESS_SUBMITTER'), false); }
function getContent() { $folder_or_document = is_a($this->item, 'Docman_Folder') ? 'folder' : 'document'; $content = ''; $content .= '<form action="' . $this->url . '" method="post">'; //{{{ Explanations /* => in the doc $content .= '<div>'; $content .= 'Readers can:<ul> <li>access to document/folder,</li> <li>access to properties of the document/folder.</li> </ul>'; $content .= 'Writers have the same rights than readers plus:<ul> <li>update the document (create a new version),</li> <li>update the properties of the document/folder,</li> <li>move the document/folder,</li> <li>create a sub-item for the folder.</li> </ul>'; $content .= 'Managers have the same rights than writers plus:<ul> <li>delete the document/folder,</li> <li>change permissions of the document/folder.</li> </ul>'; $content .= '</div>'; */ //}}} //{{{ Permissions $content .= '<div>'; $titles = array(); $titles[] = $GLOBALS['Language']->getText('plugin_docman', 'details_permissions_ugroups'); $titles[] = $GLOBALS['Language']->getText('plugin_docman', 'details_permissions_perms'); $content .= html_build_list_table_top($titles, false, false, false); $odd_even = array('boxitem', 'boxitemalt'); $i = 0; $ugroups = permission_get_ugroups_permissions($this->item->getGroupId(), $this->item->getId(), array('PLUGIN_DOCMAN_READ', 'PLUGIN_DOCMAN_WRITE', 'PLUGIN_DOCMAN_MANAGE'), false); ksort($ugroups); foreach ($ugroups as $ugroup) { $content .= '<tr class="' . $odd_even[$i++ % count($odd_even)] . '">'; $content .= '<td>' . $ugroup['ugroup']['name'] . '</td>'; $content .= '<td style="text-align:center;"><select name="permissions[' . $ugroup['ugroup']['id'] . ']">'; $content .= '<option value="100">-</option>'; $perms = array('PLUGIN_DOCMAN_READ', 'PLUGIN_DOCMAN_WRITE', 'PLUGIN_DOCMAN_MANAGE'); $i = 1; foreach ($perms as $perm) { $content .= '<option value="' . $i++ . '" ' . (isset($ugroup['permissions'][$perm]) ? 'selected="selected"' : '') . '>' . permission_get_name($perm) . '</option>'; } $content .= '</select></td>'; $content .= '</tr>'; } $content .= '</table>'; if (is_a($this->item, 'Docman_Folder')) { $content .= '<div>'; $content .= '<input type="checkbox" name="recursive" id="docman_recusrsive_permissions" value="1" /><label for="docman_recusrsive_permissions">' . $GLOBALS['Language']->getText('plugin_docman', 'details_permissions_recursive') . '</label>'; $content .= '</div>'; } $content .= '<div>'; $content .= '<input type="hidden" name="action" value="permissions" />'; $content .= '<input type="hidden" name="id" value="' . $this->item->getId() . '" />'; $content .= '<input type="submit" name="update" value="' . $GLOBALS['Language']->getText('project_admin_permissions', 'submit_perm') . '" />'; $content .= '</div>'; $content .= '</div>'; //}}} $content .= '</form>'; return $content; }