function getPermissionDescriptor() { // could be an error - return as-is. $oDescriptor =& KTPermissionDescriptor::get($this->iPermissionDescriptorId); return $oDescriptor; }
function &getByUsers($aUsers, $aOptions = null) { $sTable = KTUtil::getTableName('permission_descriptor_users'); if (is_null($aOptions)) { $aOptions = array(); } if (count($aUsers) === 0) { return array(); } $ids = KTUtil::arrayGet($aOptions, 'ids'); $aUserIDs = array(); foreach ($aUsers as $oUser) { if (is_numeric($oUser)) { $aUserIDs[] = $oUser; } else { $aUserIDs[] = $oUser->getID(); } } $sUserIDs = DBUtil::paramArray($aUserIDs); $sQuery = "SELECT DISTINCT descriptor_id FROM {$sTable} WHERE user_id IN ( {$sUserIDs} )"; $aParams = $aUserIDs; $aIDs = DBUtil::getResultArrayKey(array($sQuery, $aParams), 'descriptor_id'); $aRet = array(); foreach ($aIDs as $iID) { if ($ids === true) { $aRet[] = $iID; } else { $aRet[] =& KTPermissionDescriptor::get($iID); } } return $aRet; }
function getPermissionDescriptorsForUser($oUser) { $aGroups = GroupUtil::listGroupsForUserExpand($oUser); $roles = array(-3); // everyone $aEveryoneDescriptors = array(); $aAuthenticatedDescriptors = array(); if (!$oUser->isAnonymous()) { // authenticated $roles[] = -4; } $aRoleDescriptors = KTPermissionDescriptor::getByRoles($roles, array('ids' => true)); $aPermissionDescriptors = KTPermissionDescriptor::getByGroups($aGroups, array('ids' => true)); $aUserDescriptors = KTPermissionDescriptor::getByUser($oUser, array('ids' => true)); return kt_array_merge($aPermissionDescriptors, $aUserDescriptors, $aRoleDescriptors); }
function &_getPermissionsMap() { $aStatePermAssigns = KTWorkflowStatePermissionAssignment::getByState($this->oState); $aPermissionsMap = array('role' => array(), 'group' => array()); foreach ($aStatePermAssigns as $oPermAssign) { $oDescriptor = KTPermissionDescriptor::get($oPermAssign->getDescriptorId()); $iPermissionId = $oPermAssign->getPermissionId(); // groups $aGroupIds = $oDescriptor->getGroups(); foreach ($aGroupIds as $iId) { $aPermissionsMap['group'][$iId][$iPermissionId] = true; } // roles $aRoleIds = $oDescriptor->getRoles(); foreach ($aRoleIds as $iId) { $aPermissionsMap['role'][$iId][$iPermissionId] = true; } } return $aPermissionsMap; }
function &_getPermissionsMap() { $oPO = KTPermissionObject::get($this->oFolder->getPermissionObjectId()); $aPermissions = KTPermission::getList(); $aPermissionsMap = array('role' => array(), 'group' => array()); foreach ($aPermissions as $oPermission) { $oPA = KTPermissionAssignment::getByPermissionAndObject($oPermission, $oPO); if (PEAR::isError($oPA)) { continue; } $oDescriptor = KTPermissionDescriptor::get($oPA->getPermissionDescriptorId()); $iPermissionId = $oPermission->getId(); // groups $aGroupIds = $oDescriptor->getGroups(); foreach ($aGroupIds as $iId) { $aPermissionsMap['group'][$iId][$iPermissionId] = true; } // roles $aRoleIds = $oDescriptor->getRoles(); foreach ($aRoleIds as $iId) { $aPermissionsMap['role'][$iId][$iPermissionId] = true; } } return $aPermissionsMap; }
function getAllowed() { $oDescriptor = KTPermissionDescriptor::get($this->iDescriptorId); return $oDescriptor->getAllowed(); }
function do_main() { $this->oPage->setTitle(_kt("Allocate Roles")); $this->oPage->setBreadcrumbDetails(_kt("Allocate Roles")); $oTemplating =& KTTemplating::getSingleton(); $oTemplate = $oTemplating->loadTemplate("ktcore/folder/roles"); // we need to have: // - a list of roles // - with their users / groups // - and that allocation id $aRoles = array(); // stores data for display. $aRoleList = Role::getList('id > 0'); foreach ($aRoleList as $oRole) { $iRoleId = $oRole->getId(); $aRoles[$iRoleId] = array("name" => $oRole->getName()); $oRoleAllocation = RoleAllocation::getAllocationsForFolderAndRole($this->oFolder->getId(), $iRoleId); $u = array(); $g = array(); $aid = null; $raid = null; if ($oRoleAllocation == null) { // nothing. } else { $raid = $oRoleAllocation->getId(); // real_alloc_id if ($oRoleAllocation->getFolderId() == $this->oFolder->getId()) { $aid = $oRoleAllocation->getid(); // alloc_id } $oPermDesc = KTPermissionDescriptor::get($oRoleAllocation->getPermissionDescriptorId()); if (!PEAR::isError($oPermDesc)) { $aAllowed = $oPermDesc->getAllowed(); if (!empty($aAllowed['user'])) { $u = $aAllowed['user']; } if (!empty($aAllowed['group'])) { $g = $aAllowed['group']; } } } $aRoles[$iRoleId]['users'] = $u; $aRoles[$iRoleId]['groups'] = $g; $aRoles[$iRoleId]['allocation_id'] = $aid; $aRoles[$iRoleId]['real_allocation_id'] = $raid; } /* print '<pre>'; var_dump($aRoles); print '</pre>'; */ // FIXME this is test data. /* $aRoles = array( 1 => array('name' => 'Manager', 'users' => array(1), 'groups' => array(1), 'allocation_id' => 1), 2 => array('name' => 'Peasant', 'users' => array(1), 'groups' => array(), 'allocation_id' => 2), 3 => array('name' => 'Inherited', 'users' => array(), 'groups' => array(1), 'allocation_id' => null), ); */ // final step. // Include the electronic signature global $default; $iFolderId = $this->oFolder->getId(); if ($default->enableESignatures) { $sign = true; $sUrl = KTPluginUtil::getPluginPath('electronic.signatures.plugin', true); $heading = _kt('You are attempting to modify roles'); $input_href = '#'; } else { $sign = false; $input_onclick = ''; } // map to users, groups. foreach ($aRoles as $key => $role) { $_users = array(); foreach ($aRoles[$key]['users'] as $iUserId) { $oUser = User::get($iUserId); if (!(PEAR::isError($oUser) || $oUser == false)) { $_users[] = $oUser->getName(); } } if (empty($_users)) { $aRoles[$key]['users'] = '<span class="descriptiveText"> ' . _kt('no users') . '</span>'; } else { $aRoles[$key]['users'] = join(', ', $_users); } $_groups = array(); foreach ($aRoles[$key]['groups'] as $iGroupId) { $oGroup = Group::get($iGroupId); if (!(PEAR::isError($oGroup) || $oGroup == false)) { $_groups[] = $oGroup->getName(); } } if (empty($_groups)) { $aRoles[$key]['groups'] = '<span class="descriptiveText"> ' . _kt('no groups') . '</span>'; } else { $aRoles[$key]['groups'] = join(', ', $_groups); } if ($sign) { $redirect_url = KTUtil::addQueryStringSelf("action=useParent&role_id={$key}&fFolderId={$iFolderId}"); $input_onclick = "javascript: showSignatureForm('{$sUrl}', '{$heading}', 'ktcore.transactions.role_allocations_change', 'folder', '{$redirect_url}', 'redirect', {$iFolderId});"; } else { $input_href = KTUtil::addQueryStringSelf("action=useParent&role_id={$key}&fFolderId={$iFolderId}"); } $aRoles[$key]['onclick'] = $input_onclick; $aRoles[$key]['href'] = $input_href; } $aTemplateData = array('context' => &$this, 'roles' => $aRoles, 'folderName' => $this->oFolder->getName(), 'is_root' => $this->oFolder->getId() == 1); return $oTemplate->render($aTemplateData); }
<?php require_once "../../config/dmsDefaults.php"; require_once KT_LIB_DIR . "/permissions/permissiondescriptor.inc.php"; error_reporting(E_ALL); $res = KTPermissionDescriptor::createFromArray(array("descriptortext" => "asdf")); var_dump($res);