/** * creates a new container * * @param Tinebase_Model_Container $_container the new container * @param Tinebase_Record_RecordSet $_grants the grants for the new folder * @param bool $_ignoreAcl * @return Tinebase_Model_Container the newly created container * @throws Tinebase_Exception_Record_Validation * @throws Tinebase_Exception_AccessDenied */ public function addContainer(Tinebase_Model_Container $_container, $_grants = NULL, $_ignoreAcl = FALSE) { $_container->isValid(TRUE); if ($_ignoreAcl !== TRUE) { switch ($_container->type) { case Tinebase_Model_Container::TYPE_PERSONAL: // is the user allowed to create personal container? break; case Tinebase_Model_Container::TYPE_SHARED: $application = Tinebase_Application::getInstance()->getApplicationById($_container->application_id); $appName = (string) $application; $manageRight = FALSE; // check for MANAGE_SHARED_FOLDERS right $appAclClassName = $appName . '_Acl_Rights'; if (@class_exists($appAclClassName)) { $appAclObj = call_user_func(array($appAclClassName, 'getInstance')); $allRights = $appAclObj->getAllApplicationRights(); if (in_array(Tinebase_Acl_Rights::MANAGE_SHARED_FOLDERS, $allRights)) { $manageRight = Tinebase_Core::getUser()->hasRight($appName, Tinebase_Acl_Rights::MANAGE_SHARED_FOLDERS); } } if (!$manageRight && !Tinebase_Core::getUser()->hasRight($appName, Tinebase_Acl_Rights::ADMIN)) { throw new Tinebase_Exception_AccessDenied('Permission to add shared container denied.'); } break; default: throw new Tinebase_Exception_InvalidArgument('Can add personal or shared folders only when ignoring ACL.'); break; } } if (!empty($_container->owner_id)) { $accountId = $_container->owner_id instanceof Tinebase_Model_User ? $_container->owner_id->getId() : $_container->owner_id; } else { $accountId = is_object(Tinebase_Core::getUser()) ? Tinebase_Core::getUser()->getId() : NULL; } if ($_grants === NULL || count($_grants) == 0) { $creatorGrants = array('account_id' => $accountId, 'account_type' => Tinebase_Acl_Rights::ACCOUNT_TYPE_USER, Tinebase_Model_Grants::GRANT_READ => true, Tinebase_Model_Grants::GRANT_ADD => true, Tinebase_Model_Grants::GRANT_EDIT => true, Tinebase_Model_Grants::GRANT_DELETE => true, Tinebase_Model_Grants::GRANT_EXPORT => true, Tinebase_Model_Grants::GRANT_SYNC => true, Tinebase_Model_Grants::GRANT_ADMIN => true); if ($_container->type === Tinebase_Model_Container::TYPE_SHARED && !Tinebase_Config::getInstance()->get(Tinebase_Config::ANYONE_ACCOUNT_DISABLED)) { // add all grants to creator and // add read grants to any other user $grants = new Tinebase_Record_RecordSet('Tinebase_Model_Grants', array($creatorGrants, array('account_id' => '0', 'account_type' => Tinebase_Acl_Rights::ACCOUNT_TYPE_ANYONE, Tinebase_Model_Grants::GRANT_READ => true, Tinebase_Model_Grants::GRANT_EXPORT => true, Tinebase_Model_Grants::GRANT_SYNC => true)), TRUE); } else { // add all grants to creator only $grants = new Tinebase_Record_RecordSet('Tinebase_Model_Grants', array($creatorGrants), TRUE); } } else { $grants = $_grants; } $event = new Tinebase_Event_Container_BeforeCreate(); $event->accountId = $accountId; $event->container = $_container; $event->grants = $grants; Tinebase_Event::fireEvent($event); Tinebase_Timemachine_ModificationLog::setRecordMetaData($_container, 'create'); $container = $this->create($_container); $this->setGrants($container->getId(), $grants, TRUE, FALSE); return $container; }