/**
  * Copy the object's parents permission object details, in
  * preparation for the object to have different permissions from its
  * parent.
  */
 function copyPermissionObject(&$oDocumentOrFolder)
 {
     global $default;
     $oOrigPO = KTPermissionObject::get($oDocumentOrFolder->getPermissionObjectID());
     $aOrigPAs =& KTPermissionAssignment::getByObjectMulti($oOrigPO);
     $oNewPO = KTPermissionObject::createFromArray(array());
     foreach ($aOrigPAs as $oOrigPA) {
         $oNewPA = KTPermissionAssignment::createFromArray(array('permissionid' => $oOrigPA->getPermissionID(), 'permissionobjectid' => $oNewPO->getID(), 'permissiondescriptorid' => $oOrigPA->getPermissionDescriptorID()));
     }
     $oDocumentOrFolder->setPermissionObjectID($oNewPO->getID());
     $oDocumentOrFolder->update();
     // copy any dynamic conditions
     $aDPO = KTPermissionDynamicCondition::getByPermissionObject($oOrigPO);
     foreach ($aDPO as $oOrigDC) {
         $oNewDC = KTPermissionDynamicCondition::createFromArray(array('permissionobjectid' => $oNewPO->getId(), 'groupid' => $oOrigDC->getGroupId(), 'conditionid' => $oOrigDC->getConditionId()));
         $oNewDC->saveAssignment($oOrigDC->getAssignment());
     }
     if (!is_a($oDocumentOrFolder, 'Folder')) {
         KTPermissionUtil::updatePermissionLookup($oDocumentOrFolder);
         return;
     }
     // For a folder - update permission object for all folders and
     // documents under this current folder if they're using the old
     // permission object id.  If they are, then they're getting the
     // permission object via this folder.  If they are not, then
     // they have their own permission object management, and thus
     // this folder has no effect on their permissions.
     $iFolderID = $oDocumentOrFolder->getID();
     $sFolderIDs = Folder::generateFolderIDs($iFolderID);
     $sFolderIDs .= '%';
     $sQuery = "UPDATE {$default->folders_table} SET\n            permission_object_id = ? WHERE permission_object_id = ? AND\n            parent_folder_ids LIKE ?";
     $aParams = array($oNewPO->getID(), $oOrigPO->getID(), $sFolderIDs);
     DBUtil::runQuery(array($sQuery, $aParams));
     Folder::clearAllCaches();
     $sQuery = "UPDATE {$default->documents_table} SET\n            permission_object_id = ? WHERE permission_object_id = ? AND\n            (parent_folder_ids LIKE ? OR folder_id = ?)";
     $aParams[] = $iFolderID;
     DBUtil::runQuery(array($sQuery, $aParams));
     Document::clearAllCaches();
     // All objects using this PO must be new and must need their
     // lookups updated...
     KTPermissionUtil::updatePermissionLookupForPO($oNewPO);
 }
Example #2
0
 function &_getPermissionsMap()
 {
     $oPO = KTPermissionObject::get($this->oFolder->getPermissionObjectId());
     $aPermissions = KTPermission::getList();
     $aPermissionsMap = array('role' => array(), 'group' => array());
     foreach ($aPermissions as $oPermission) {
         $oPA = KTPermissionAssignment::getByPermissionAndObject($oPermission, $oPO);
         if (PEAR::isError($oPA)) {
             continue;
         }
         $oDescriptor = KTPermissionDescriptor::get($oPA->getPermissionDescriptorId());
         $iPermissionId = $oPermission->getId();
         // groups
         $aGroupIds = $oDescriptor->getGroups();
         foreach ($aGroupIds as $iId) {
             $aPermissionsMap['group'][$iId][$iPermissionId] = true;
         }
         // roles
         $aRoleIds = $oDescriptor->getRoles();
         foreach ($aRoleIds as $iId) {
             $aPermissionsMap['role'][$iId][$iPermissionId] = true;
         }
     }
     return $aPermissionsMap;
 }