/**
* Add folder group permission
*
* @access public
* @param string
* @param string
* @param int
*
*/
public function add_folder_group_permissions($group, $folder_id, $namespace, $sig_username = '', $sig_password = '', $reason = '')
{
$response = $this->_check_electronic_signature($folder_id, $sig_username, $sig_password, $reason, $reason, 'ktcore.transactions.permissions_change');
if ($response['status_code'] == 1) {
return $response;
}
if (is_null($this->session)) {
return array("status_code" => 1, "message" => "Your session is not active");
}
/* First check that user trying to add permission can actually do so */
$folder = KTAPI_Folder::get($this, $folder_id);
$permissions = $folder->getPermissionAllocation();
$detail = $permissions->permissions;
if (!in_array("Manage security", $detail)) {
return array("status_code" => 1, "message" => "User does not have permission to manage security");
}
$folder = KTAPI_Folder::get($this, $folder_id);
if (PEAR::isError($folder)) {
return array("status_code" => 1, "message" => $folder->getMessage());
}
$permission = KTAPI_Permission::getByNamespace($namespace);
if (PEAR::isError($permission)) {
return array("status_code" => 1, "message" => $permission->getMessage());
}
$group = KTAPI_Role::getByName($group);
if (PEAR::isError($group)) {
return array("status_code" => 1, "message" => $group->getMessage());
}
$permissions = $folder->getPermissionAllocation();
$permissions->add($group, $permission);
$permissions->save();
}
/**
* Test KTAPI_PermissionAllocation getAllocation(), add(), remove(), save()
*
*/
function testPermissionAllocation()
{
$root = $this->ktapi->get_root_folder();
$folder = $this->ktapi->get_folder_by_name('test123');
if (!$folder instanceof KTAPI_Folder) {
$folder = $root->add_folder('test123');
}
$allocation = KTAPI_PermissionAllocation::getAllocation($this->ktapi, $folder);
$group = KTAPI_Group::getByName('System Administrators');
$user = KTAPI_User::getByUsername('anonymous');
$role = KTAPI_Role::getByName('Publisher');
$read = KTAPI_Permission::getByNamespace('ktcore.permissions.read');
$write = KTAPI_Permission::getByNamespace('ktcore.permissions.write');
$addFolder = KTAPI_Permission::getByNamespace('ktcore.permissions.addFolder');
$security = KTAPI_Permission::getByNamespace('ktcore.permissions.security');
$allocation->add($user, $read);
$allocation->add($user, $write);
$allocation->add($user, $addFolder);
$allocation->add($user, $security);
$allocation->add($role, $read);
$allocation->add($role, $write);
$allocation->remove($group, $write);
$allocation->save();
// refresh object and check permission allocations
$folder2 = $this->ktapi->get_folder_by_name('test123');
$allocation = KTAPI_PermissionAllocation::getAllocation($this->ktapi, $folder2);
$this->assertTrue($allocation->isMemberPermissionSet($user, $read));
$this->assertTrue($allocation->isMemberPermissionSet($user, $write));
$this->assertTrue($allocation->isMemberPermissionSet($role, $write));
$this->assertFalse($allocation->isMemberPermissionSet($group, $write));
$folder->delete('Testing permission allocation');
}
/**
* Add folder group permission
*
* @access public
* @param string
* @param string
* @param int
*
*/
public function add_folder_group_permissions($group, $folder_id, $namespace)
{
if (is_null($this->session)) {
return array("status_code" => 1, "message" => "Your session is not active");
}
/* First check that user trying to add permission can actually do so */
$folder = KTAPI_Folder::get($this, $folder_id);
$permissions = $folder->getPermissionAllocation();
$detail = $permissions->permissions;
if (!in_array("Manage security", $detail)) {
return array("status_code" => 1, "message" => "User does not have permission to manage security");
}
$folder = KTAPI_Folder::get($this, $folder_id);
if (PEAR::isError($folder)) {
return array("status_code" => 1, "message" => $folder->getMessage());
}
$permission = KTAPI_Permission::getByNamespace($namespace);
if (PEAR::isError($permission)) {
return array("status_code" => 1, "message" => $permission->getMessage());
}
$group = KTAPI_Role::getByName($group);
if (PEAR::isError($group)) {
return array("status_code" => 1, "message" => $group->getMessage());
}
$permissions = $folder->getPermissionAllocation();
$permissions->add($group, $permissions);
$permissions->save();
}
