/**
* Remove a user's permissions from a specific node in Alfresco.
*
* @param string $username The Alfresco user's username.
* @param string $uuid The Alfresco node UUID.
* @return bool True on success, False otherwise.
*/
function remove_permissions($username, $uuid)
{
// Get all of the permissions that this user has set to ALLOW on this node and then remove them.
if ($permissions = alfresco_get_permissions($uuid, $username)) {
foreach ($permissions as $permission) {
if (!alfresco_set_permission($username, $uuid, $permission, ALFRESCO_CAPABILITY_ALLOWED)) {
return false;
}
}
}
return true;
}
/**
* ELIS(TM): Enterprise Learning Intelligence Suite
* Copyright (C) 2008-2009 Remote-Learner.net Inc (http://www.remote-learner.net)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* @package elis
* @subpackage File system
* @author Remote-Learner.net Inc
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL
* @copyright (C) 2008-2012 Remote Learner.net Inc http://www.remote-learner.net
*
*/
function xmldb_repository_alfresco_upgrade($oldversion = 0)
{
global $CFG, $THEME, $db;
$result = true;
if ($result && $oldversion < 2007011900) {
$result = install_from_xmldb_file($CFG->dirroot . '/repository/alfresco/db/install.xml');
}
if ($result && $oldversion < 2010030901) {
$table = new XMLDBTable('alfresco_course_store');
$table->comment = 'Stores course storage UUID values';
$table->addFieldInfo('id', XMLDB_TYPE_INTEGER, '10', false, XMLDB_NOTNULL, XMLDB_SEQUENCE, null, null, null);
$table->addFieldInfo('courseid', XMLDB_TYPE_INTEGER, '10', false, XMLDB_NOTNULL, null, null, null, null);
$table->addFieldInfo('uuid', XMLDB_TYPE_CHAR, '36', null, false, null, null, null, null);
$table->addKeyInfo('primary', XMLDB_KEY_PRIMARY, array('id'));
$table->addKeyInfo('courseid', XMLDB_KEY_FOREIGN, array('courseid'), 'course', array('id'));
$table->addIndexInfo('courseid-uuid', XMLDB_INDEX_UNIQUE, array('courseid', 'uuid'));
$result = $result && create_table($table);
// Only proceed here if the Alfresco plug-in is actually enabled.
if (isset($CFG->repository_plugins_enabled) && strstr($CFG->repository_plugins_enabled, 'alfresco')) {
// Handle upgrading some things on the Alfresco repository.
require_once $CFG->dirroot . '/file/repository/repository.class.php';
if (!($repo = repository_factory::factory('alfresco'))) {
debugging(get_string('couldnotcreaterepositoryobject', 'repository'), DEBUG_DEVELOPER);
$result = false;
}
// Turn off "Inherit parent space permissions" for the special Moodle storage directories.
$result = $result && $repo->node_inherit($repo->muuid, false);
$result = $result && $repo->node_inherit($repo->suuid, false);
$result = $result && $repo->node_inherit($repo->cuuid, false);
// Make sure that all of the individual course directories are set to not interhit parent space permissions.
$dir = $repo->read_dir($repo->cuuid);
if (!empty($dir->folders)) {
foreach ($dir->folders as $folder) {
if ((int) $folder->title != $folder->title || (int) $folder->title <= 1 || !($course = get_record('course', 'id', $folder->title, '', '', '', '', 'id,shortname'))) {
continue;
}
// Check if we need to add this node to the course store table.
if ($result && !record_exists('alfresco_course_store', 'courseid', $course->id)) {
$coursestore = new stdClass();
$coursestore->courseid = $course->id;
$coursestore->uuid = $folder->uuid;
$coursestore->id = insert_record('alfresco_course_store', $coursestore);
$result = !empty($coursestore->id);
}
$result = $result && $repo->node_inherit($folder->uuid, false);
$result = $result && alfresco_node_rename($folder->uuid, $course->shortname);
}
}
}
}
if ($result && $oldversion < 2010032900) {
// Only proceed here if the Alfresco plug-in is actually enabled.
if (isset($CFG->repository_plugins_enabled) && strstr($CFG->repository_plugins_enabled, 'alfresco')) {
// Handle upgrading some things on the Alfresco repository.
require_once $CFG->dirroot . '/file/repository/repository.class.php';
if (!($repo = repository_factory::factory('alfresco'))) {
debugging(get_string('couldnotcreaterepositoryobject', 'repository'), DEBUG_DEVELOPER);
$result = false;
}
$root = $repo->get_root();
if (!empty($root->uuid)) {
$dir = $repo->read_dir($root->uuid, true);
if (!empty($dir->folders)) {
foreach ($dir->folders as $folder) {
// Process each of these directories to make sure that any non-privileged user cannot directly
// access them.
if ($folder->title == 'Data Dictionary' || $folder->title == 'Guest Home' || $folder->title == 'Sites') {
$a = new stdClass();
$a->uuid = $folder->uuid;
$a->name = $folder->title;
echo '<p>' . get_string('lockingdownpermissionson', 'repository_alfresco', $a) . '</p>';
if ($permissions = alfresco_get_permissions($folder->uuid, 'GROUP_EVERYONE')) {
foreach ($permissions as $permission) {
// Make sure the node isn't inheriting parent node permissions.
$repo->node_inherit($folder->uuid, false);
// Construct the post data
$postdata = array('username' => 'GROUP_EVERYONE', 'name' => $permission, 'capability' => ALFRESCO_CAPABILITY_DENIED);
// We're not going to examine the response (we assume it worked).
$response = alfresco_send('/moodle/setpermissions/' . $folder->uuid, $postdata, 'POST');
}
}
}
}
}
}
}
}
if ($result && $oldversion < 2010090300) {
// Add the mapping table for organization shared spaces.
$table = new XMLDBTable('alfresco_organization_store');
$table->comment = 'Stores organization shared storage UUID values';
$table->addFieldInfo('id', XMLDB_TYPE_INTEGER, '10', false, XMLDB_NOTNULL, XMLDB_SEQUENCE, null, null, null);
$table->addFieldInfo('organizationid', XMLDB_TYPE_INTEGER, '10', false, XMLDB_NOTNULL, null, null, null, null);
$table->addFieldInfo('uuid', XMLDB_TYPE_CHAR, '36', null, false, null, null, null, null);
$table->addKeyInfo('primary', XMLDB_KEY_PRIMARY, array('id'));
$table->addKeyInfo('organizationid', XMLDB_KEY_FOREIGN, array('organizationid'), 'crlm_cluster', array('id'));
$table->addIndexInfo('organization-uuid', XMLDB_INDEX_UNIQUE, array('organizationid', 'uuid'));
$result = $result && create_table($table);
}
return $result;
}
/**
* Handle the event when a user is unassigned to a cluster.
*
* @uses $CFG
* @param object $clusterinfo The Moodle role_assignment record object.
* @return bool True on success or failure (event handlers must always return true).
*/
function block_repository_cluster_deassigned($clusterinfo)
{
global $CFG;
// Only proceed here if the Alfresco plug-in is actually enabled.
if (!isset($CFG->repository_plugins_enabled) || strstr($CFG->repository_plugins_enabled, 'alfresco') === false || !($repo = repository_factory::factory('alfresco'))) {
return true;
}
// Get the Moodle user ID from the CM user ID.
if (!($muserid = cm_get_moodleuserid($clusterinfo->userid))) {
return true;
}
if (!($username = get_field('user', 'username', 'id', $muserid))) {
return true;
}
if (!($cluster = get_record('crlm_cluster', 'id', $clusterinfo->clusterid))) {
return true;
}
// Does this organization have an Alfresco storage space?
if (!($uuid = $repo->get_organization_store($cluster->id, false))) {
return true;
}
$context = get_context_instance(context_level_base::get_custom_context_level('cluster', 'block_curr_admin'), $cluster->id);
$sql = "SELECT rc.*\n FROM {$CFG->prefix}role_capabilities rc\n INNER JOIN {$CFG->prefix}role r ON r.id = rc.roleid\n INNER JOIN {$CFG->prefix}role_assignments ra ON ra.roleid = r.id\n WHERE ra.contextid = {$context->id}\n AND ra.userid = {$muserid}\n AND rc.capability = 'block/repository:createorganizationcontent'\n AND rc.permission = " . CAP_ALLOW;
// Check if the user has a specific role assignment on the cluster context with the editing capability
if (!record_exists_sql($sql)) {
// Remove all non-editing permissions for this user on the organization shared space.
if ($permissions = alfresco_get_permissions($uuid, $username)) {
foreach ($permissions as $permission) {
// Do not remove editing permissions if this user still actually has a cluster membership.
if ($permission == ALFRESCO_ROLE_COLLABORATOR) {
continue;
}
alfresco_set_permission($username, $uuid, $permission, ALFRESCO_CAPABILITY_DENIED);
}
}
// Remove all permissions for this user on the organization shared space.
} else {
if ($permissions = alfresco_get_permissions($uuid, $username)) {
foreach ($permissions as $permission) {
// Do not remove view permissions if this user still actually has a cluster membership.
if ($permission == ALFRESCO_ROLE_CONSUMER && record_exists('crlm_usercluster', 'userid', $clusterinfo->userid, 'clusterid', $cluster->id, 'leader', 0)) {
continue;
}
alfresco_set_permission($username, $uuid, $permission, ALFRESCO_CAPABILITY_DENIED);
}
}
}
return true;
}
