function userHasPermissionOnItem($oUser, $oPermission, $oItem, $aOptions = null)
{
require_once KT_LIB_DIR . '/permissions/permissionutil.inc.php';
if (KTPermissionUtil::userHasPermissionOnItem($oUser, $oPermission, $oItem)) {
return;
}
$this->oDispatcher->errorPage(_kt("Insufficient permissions to perform action"));
}
function allowTransition($oDocument, $oUser)
{
if (!$this->isLoaded()) {
return true;
}
// the actual permissions are stored in the array.
if (!is_null($this->aConfig['perms'])) {
foreach ($this->aConfig['perms'] as $sPermName) {
$oPerm = KTPermission::getByName($sPermName);
if (PEAR::isError($oPerm)) {
continue;
// possible loss of referential integrity, just ignore it for now.
}
$res = KTPermissionUtil::userHasPermissionOnItem($oUser, $oPerm, $oDocument);
if (!$res) {
return false;
}
}
}
return true;
}
/**
* Gets a list of linked documents
*
* @author KnowledgeTree Team
* @access public
* @return array|PEAR_Error Returns a list of linked documents on success | a PEAR_Error on failure
*/
function get_linked_documents()
{
$sql = "\n\t\tSELECT\n\t\t\tdl.child_document_id as document_id,\n\t\t\tdmv.name as title,\n\t\t\tdcv.size,\n\t\t\tw.name as workflow,\n\t\t\tws.name as workflow_state,\n\t\t\tdlt.name as link_type, dtl.name as document_type,\n\t\t\tdcv.major_version, dcv.minor_version, d.oem_no\n\t\tFROM\n\t\t\tdocument_link dl\n\t\t\tINNER JOIN document_link_types dlt ON dl.link_type_id=dlt.id\n\t\t\tINNER JOIN documents d ON dl.child_document_id=d.id\n\t\t\tINNER JOIN document_metadata_version dmv ON d.metadata_version_id=dmv.id\n\t\t\tINNER JOIN document_content_version dcv ON dmv.content_version_id=dcv.id\n\t\t\tINNER JOIN document_types_lookup dtl ON dtl.id=dmv.document_type_id\n\t\t\tLEFT OUTER JOIN workflow_documents wd ON d.id=wd.document_id\n\t\t\tLEFT OUTER JOIN workflows w ON w.id=wd.workflow_id\n\t\t\tLEFT OUTER JOIN workflow_states ws ON wd.state_id=ws.id\n\t\tWHERE\n\t\t\tdl.parent_document_id={$this->documentid}\n\n\t\t";
$rows = DBUtil::getResultArray($sql);
if (PEAR::isError($rows)) {
return $rows;
}
$result = array();
$read_permission =& KTPermission::getByName(KTAPI_PERMISSION_READ);
$user = $this->ktapi->get_user();
foreach ($rows as $row) {
$document = Document::get($row['document_id']);
if (PEAR::isError($document) || is_null($document)) {
continue;
}
if (!KTPermissionUtil::userHasPermissionOnItem($user, $read_permission, $document)) {
continue;
}
$oem_no = $row['oem_no'];
if (empty($oem_no)) {
$oem_no = 'n/a';
}
$result[] = array('document_id' => (int) $row['document_id'], 'custom_document_no' => 'n/a', 'oem_document_no' => $oem_no, 'title' => $row['title'], 'document_type' => $row['document_type'], 'version' => (double) ($row['major_version'] . '.' . $row['minor_version']), 'filesize' => (int) $row['size'], 'workflow' => empty($row['workflow']) ? 'n/a' : $row['workflow'], 'workflow_state' => empty($row['workflow_state']) ? 'n/a' : $row['workflow_state'], 'link_type' => empty($row['link_type']) ? 'unknown' : $row['link_type']);
}
return $result;
}
function _importfolder($oFolder, $sPath)
{
$oPermission = KTPermission::getByName('ktcore.permissions.addFolder');
$aDocPaths = $this->oStorage->listDocuments($sPath);
if (PEAR::isError($aDocPaths)) {
return $aDocPaths;
}
$oDocObjects = array();
foreach ($aDocPaths as $sDocumentPath) {
$res = $this->_importdocument($oFolder, $sDocumentPath);
if (PEAR::isError($res)) {
return $res;
}
// Store document object
$this->uploadedDocs[] = $res;
}
$aFolderPaths = $this->oStorage->listFolders($sPath);
if (PEAR::isError($aFolderPaths)) {
return $aFolderPaths;
}
$oFolderObjects = array();
foreach ($aFolderPaths as $sFolderPath) {
$sFolderBasePath = basename($sFolderPath);
$sFolderBasePath = $this->is_utf8($sFolderBasePath) ? $sFolderBasePath : utf8_encode($sFolderBasePath);
if (Folder::folderExistsName($sFolderPath, KTUtil::getId($oFolder))) {
$_SESSION['KTErrorMessage'][] = sprintf(_kt("The folder %s is already present in %s. Adding files into pre-existing folder."), $sFolderBasePath, $oFolder->getName());
$aOptions = Folder::getList("parent_id = " . KTUtil::getId($oFolder) . ' AND name = "' . DBUtil::escapeSimple($sFolderBasePath) . '"');
if (PEAR::isError($aOptions)) {
return $aOptions;
}
if (count($aOptions) != 1) {
return PEAR::raiseError(sprintf(_kt("Two folders named %s present in %s. Unable to decide which to use..."), $sFolderName, $oFolder->getName()));
} else {
$oThisFolder = $aOptions[0];
}
} else {
if (KTPermissionUtil::userHasPermissionOnItem($this->oUser, $oPermission, $oFolder)) {
$oThisFolder = KTFolderUtil::add($oFolder, $sFolderBasePath, $this->oUser, true);
} else {
$oThisFolder = $oFolder;
if (!in_array('Your documents have been added to this folder and not the folder structure within the upload file because you do not have permission to add any folders.', $_SESSION['KTErrorMessage'])) {
$_SESSION['KTErrorMessage'][] = sprintf(_kt('Your documents have been added to this folder and not the folder structure within the upload file because you do not have permission to add any folders.'));
}
}
}
if (PEAR::isError($oThisFolder)) {
return $oThisFolder;
}
$res = $this->_importfolder($oThisFolder, $sFolderPath);
if (PEAR::isError($res)) {
return $res;
}
// Store folder object
$this->uploadedFolders[] = $res;
}
}
/**
* Deletes a symbolic link folder
*
* @param Folder $folder tthe symbolic link folder to delete
* @param User $user the current user
* @return unknown
*/
static function deleteSymbolicLink($folder, $user = null)
{
//validate input
if (is_numeric($folder)) {
$folder = Folder::get($folder);
}
if (!$folder instanceof Folder) {
return PEAR::raiseError(_kt('Folder not specified'));
}
if (!$folder->isSymbolicLink()) {
return PEAR::raiseError(_kt('Folder must be a symbolic link entity'));
}
if (is_null($user)) {
$user = $_SESSION['userID'];
}
if (is_numeric($user)) {
$user = User::get($user);
}
//check if the user has sufficient permissions
$oPerm = KTPermission::getByName('ktcore.permissions.delete');
if (!KTBrowseUtil::inAdminMode($user, $folder)) {
if (!KTPermissionUtil::userHasPermissionOnItem($user, $oPerm, $folder)) {
return PEAR::raiseError(_kt('You\'re not authorized to delete shortcuts'));
}
}
// we only need to delete the folder entry for the link
$sql = "DELETE FROM folders WHERE id=?";
DBUtil::runQuery(array($sql, array($folder->getId())));
}
function check()
{
$this->oFolder =& $this->oValidator->validateFolder($_REQUEST['fFolderId']);
if (!$this->_show()) {
return false;
}
$aOptions = array('final' => false, 'documentaction' => 'viewDocument', 'folderaction' => 'browse');
$this->aBreadcrumbs = kt_array_merge($this->aBreadcrumbs, KTBrowseUtil::breadcrumbsForFolder($this->oFolder, $aOptions));
$portlet = new KTActionPortlet(sprintf(_kt('About this folder')));
$aActions = KTFolderActionUtil::getFolderInfoActionsForFolder($this->oFolder, $this->oUser);
$portlet->setActions($aActions, $this->sName);
$this->oPage->addPortlet($portlet);
$portlet = new KTActionPortlet(sprintf(_kt('Actions on this folder')));
$aActions = KTFolderActionUtil::getFolderActionsForFolder($this->oFolder, $this->oUser);
$portlet->setActions($aActions, $this->sName);
$this->oPage->addPortlet($portlet);
if (KTPermissionUtil::userHasPermissionOnItem($this->oUser, 'ktcore.permissions.folder_details', $this->oFolder)) {
$this->oPage->setSecondaryTitle($this->oFolder->getName());
} else {
if (KTBrowseUtil::inAdminMode($this->oUser, $this->oFolder)) {
$this->oPage->setSecondaryTitle(sprintf('(%s)', $this->oFolder->getName()));
} else {
$this->oPage->setSecondaryTitle('...');
}
}
return true;
}
/**
* COPY method helper for Folders
*
* @param array parameter passing array
* @param int Parent Folder ID
* @return string HTTP status code or false
*/
function _COPYFolder($options, $iFolderID)
{
/* ** Ensure that the destination path exists ** */
if ($options['dest'] == '') {
$options["dest"] = substr($options["dest_url"], strlen($_SERVER["SCRIPT_NAME"]));
}
$this->ktwebdavLog("Entering _COPYFolder. options are " . print_r($options, true), 'info', true);
/* ** RFC 2518 Section 8.8.3. DAV compliant servers must support depth headers of '0' and 'infinity'.
Check the requested depth. If depth is set to '0', set copyall to false. A depth of 0 indicates
that the folder is copied without any children. If depth is set to '1', return a 400 error. ** */
$copyAll = true;
if ($options["depth"] != "infinity") {
if ($options['depth'] == '0') {
$copyAll = false;
$this->ktwebdavLog("Depth is 0. Copy only the base folder.", 'info', true);
} else {
$this->ktwebdavLog("400 Bad request. Depth must be infinity or 0.", 'info', true);
return "400 Bad request - Depth must be 'infinity' or '0'.";
}
}
global $default;
$new = true;
/* ** Get the relevant paths. Get the basename of the destination path as the destination path name.
Check whether the destination path refers to a folder / document. ** */
$source_path = $options["path"];
$dest_path = urldecode($options["dest"]);
$sDestPathName = basename($dest_path);
list($iDestFolder, $iDestDoc) = $this->_folderOrDocument($dest_path);
/* ** Get the source and destination folder objects.
If the destination document is null, then the destination is an existing folder. Check overwrite.
If overwrite is true, then check permissions and delete the folder, continue.
If the destination document returns an id, then the destination is a document, return 409 error.
If the destination document is false, then continue. ** */
$oSrcFolder = Folder::get($iFolderID);
$oDestFolder = Folder::get($iDestFolder);
include_once KT_LIB_DIR . '/foldermanagement/folderutil.inc.php';
if (is_null($iDestDoc)) {
// Destination is a folder and exists
//$sDestPathName = '';
$this->ktwebdavLog("Destination Folder exists.", 'info', true);
$oReplaceFolder = $oDestFolder;
if ($options['overwrite'] != 'T') {
$this->ktwebdavLog("Overwrite needs to be TRUE.", 'info', true);
return "412 Precondition Failed - Destination Folder exists. Overwrite needs to be TRUE.";
}
$this->ktwebdavLog("Overwrite is TRUE, deleting Destination Folder.", 'info', true);
// Check if the user has permissions to delete this folder
$oPerm =& KTPermission::getByName('ktcore.permissions.delete');
$oUser =& User::get($this->userID);
if (!KTPermissionUtil::userHasPermissionOnItem($oUser, $oPerm, $oReplaceFolder)) {
return "403 Forbidden - User does not have sufficient permissions";
}
KTFolderUtil::delete($oReplaceFolder, $oUser, 'KTWebDAV move overwrites target.');
// Destination folder has been deleted - get new object of destination parent folder
list($iDestFolder, $iDestDoc) = $this->_folderOrDocument($dest_path);
$oDestFolder = Folder::get($iDestFolder);
$new = false;
} else {
if ($iDestDoc !== false) {
// Destination is a document
return "409 Conflict - Can't write a collection to a document";
}
}
/* ** Get the destination folder object and the source document object.
Check if user has permission to write to the folder.
Copy the document. Pass parameters for the destination folder name and the depth of copy. ** */
$oUser =& User::get($this->userID);
$this->ktwebdavLog("Got an oSrcFolder of " . print_r($oSrcFolder, true), 'info', true);
$this->ktwebdavLog("Got an oDestFolder of " . print_r($oDestFolder, true), 'info', true);
$this->ktwebdavLog("Got an oUser of " . print_r($oUser, true), 'info', true);
// Check if the user has permissions to write in this folder
$oPerm =& KTPermission::getByName('ktcore.permissions.write');
$oUser =& User::get($this->userID);
if (!KTPermissionUtil::userHasPermissionOnItem($oUser, $oPerm, $oDestFolder)) {
return "403 Forbidden - User does not have sufficient permissions";
}
$reason = isset($_SERVER['HTTP_REASON']) && !empty($_SERVER['HTTP_REASON']) ? $_SERVER['HTTP_REASON'] : "KTWebDAV Copy.";
$res = KTFolderUtil::copy($oSrcFolder, $oDestFolder, $oUser, $reason, $sDestPathName, $copyAll);
if (PEAR::isError($res)) {
$this->ktwebdavLog("Copy on folder failed: " . $res->getMessage(), 'info', true);
return "500 Internal Server Error - Copy on folder failed.";
}
if ($new) {
$this->ktwebdavLog("201 Created", 'info', true);
return "201 Created";
} else {
$this->ktwebdavLog("204 No Content", 'info', true);
return "204 No Content";
}
}
function check()
{
$this->browse_mode = KTUtil::arrayGet($_REQUEST, 'fBrowseMode', 'folder');
$action = KTUtil::arrayGet($_REQUEST, $this->event_var, 'main');
$this->editable = false;
// catch the alternative actions.
if ($action != 'main') {
return true;
}
// if we're going to main ...
// folder browse mode
if ($this->browse_mode == 'folder') {
$in_folder_id = KTUtil::arrayGet($_REQUEST, 'fFolderId');
if (empty($in_folder_id)) {
$oConfig = KTConfig::getSingleton();
if ($oConfig->get('tweaks/browseToUnitFolder')) {
$iHomeFolderId = $this->oUser->getHomeFolderId();
if ($iHomeFolderId) {
$in_folder_id = $iHomeFolderId;
}
}
}
$folder_id = (int) $in_folder_id;
// conveniently, will be 0 if not possible.
if ($folder_id == 0) {
$folder_id = 1;
}
$_REQUEST['fBrowseMode'] = 'folder';
// here we need the folder object to do the breadcrumbs.
$oFolder =& Folder::get($folder_id);
if (PEAR::isError($oFolder)) {
return false;
// just fail.
}
// check whether the user can edit this folder
$oPerm = KTPermission::getByName('ktcore.permissions.write');
if (KTPermissionUtil::userHasPermissionOnItem($this->oUser, $oPerm, $oFolder)) {
$this->editable = true;
} else {
$this->editable = false;
}
// set the title and breadcrumbs...
$this->oPage->setTitle(_kt('Browse'));
if (KTPermissionUtil::userHasPermissionOnItem($this->oUser, 'ktcore.permissions.folder_details', $oFolder)) {
$this->oPage->setSecondaryTitle($oFolder->getName());
} else {
if (KTBrowseUtil::inAdminMode($this->oUser, $oFolder)) {
$this->oPage->setSecondaryTitle(sprintf('(%s)', $oFolder->getName()));
} else {
$this->oPage->setSecondaryTitle('...');
}
}
//Figure out if we came here by navigating trough a shortcut.
//If we came here from a shortcut, the breadcrumbspath should be relative
//to the shortcut folder.
$iSymLinkFolderId = KTUtil::arrayGet($_REQUEST, 'fShortcutFolder', null);
if (is_numeric($iSymLinkFolderId)) {
$oBreadcrumbsFolder = Folder::get($iSymLinkFolderId);
$this->aBreadcrumbs = kt_array_merge($this->aBreadcrumbs, KTBrowseUtil::breadcrumbsForFolder($oBreadcrumbsFolder, array('final' => false)));
$this->aBreadcrumbs[] = array('name' => $oFolder->getName());
} else {
$this->aBreadcrumbs = kt_array_merge($this->aBreadcrumbs, KTBrowseUtil::breadcrumbsForFolder($oFolder));
}
$this->oFolder =& $oFolder;
// we now have a folder, and need to create the query.
$aOptions = array('ignorepermissions' => KTBrowseUtil::inAdminMode($this->oUser, $oFolder));
$this->oQuery = new BrowseQuery($oFolder->getId(), $this->oUser, $aOptions);
$this->resultURL = KTUtil::addQueryString($_SERVER['PHP_SELF'], sprintf('fFolderId=%d', $oFolder->getId()));
// and the portlets
$portlet = new KTActionPortlet(sprintf(_kt('About this folder')));
$aActions = KTFolderActionUtil::getFolderInfoActionsForFolder($this->oFolder, $this->oUser);
$portlet->setActions($aActions, $this->sName);
$this->oPage->addPortlet($portlet);
$portlet = new KTActionPortlet(sprintf(_kt('Actions on this folder')));
$aActions = KTFolderActionUtil::getFolderActionsForFolder($oFolder, $this->oUser);
$portlet->setActions($aActions, null);
$this->oPage->addPortlet($portlet);
} else {
if ($this->browse_mode == 'lookup_value') {
// browsing by a lookup value
$this->editable = false;
// check the inputs
$field = KTUtil::arrayGet($_REQUEST, 'fField', null);
$oField = DocumentField::get($field);
if (PEAR::isError($oField) || $oField == false) {
$this->errorRedirectToMain('No Field selected.');
exit(0);
}
$value = KTUtil::arrayGet($_REQUEST, 'fValue', null);
$oValue = MetaData::get($value);
if (PEAR::isError($oValue) || $oValue == false) {
$this->errorRedirectToMain('No Value selected.');
exit(0);
}
$this->oQuery = new ValueBrowseQuery($oField, $oValue);
$this->resultURL = KTUtil::addQueryString($_SERVER['PHP_SELF'], sprintf('fBrowseMode=lookup_value&fField=%d&fValue=%d', $field, $value));
// setup breadcrumbs
$this->aBreadcrumbs = array(array('name' => _kt('Lookup Values'), 'url' => KTUtil::addQueryString($_SERVER['PHP_SELF'], 'action=selectField')), array('name' => $oField->getName(), 'url' => KTUtil::addQueryString($_SERVER['PHP_SELF'], 'action=selectLookup&fField=' . $oField->getId())), array('name' => $oValue->getName(), 'url' => KTUtil::addQueryString($_SERVER['PHP_SELF'], sprintf('fBrowseMode=lookup_value&fField=%d&fValue=%d', $field, $value))));
} else {
if ($this->browse_mode == 'document_type') {
// browsing by document type
$this->editable = false;
$doctype = KTUtil::arrayGet($_REQUEST, 'fType', null);
$oDocType = DocumentType::get($doctype);
if (PEAR::isError($oDocType) || $oDocType == false) {
$this->errorRedirectToMain('No Document Type selected.');
exit(0);
}
$this->oQuery = new TypeBrowseQuery($oDocType);
// FIXME probably want to redirect to self + action=selectType
$this->aBreadcrumbs[] = array('name' => _kt('Document Types'), 'url' => KTUtil::addQueryString($_SERVER['PHP_SELF'], 'action=selectType'));
$this->aBreadcrumbs[] = array('name' => $oDocType->getName(), 'url' => KTUtil::addQueryString($_SERVER['PHP_SELF'], 'fBrowseMode=document_type&fType=' . $oDocType->getId()));
$this->resultURL = KTUtil::addQueryString($_SERVER['PHP_SELF'], sprintf('fType=%s&fBrowseMode=document_type', $doctype));
} else {
// FIXME what should we do if we can't initiate the browse? we "pretend" to have no perms.
return false;
}
}
}
return true;
}
function do_resolved_users()
{
$this->oPage->setBreadcrumbDetails(_kt('Permissions'));
$oTemplate = $this->oValidator->validateTemplate('ktcore/folder/resolved_permissions_user');
$oPL = KTPermissionLookup::get($this->oFolder->getPermissionLookupID());
$aPermissions = KTPermission::getList();
$aMapPermissionGroup = array();
$aMapPermissionRole = array();
$aMapPermissionUser = array();
$aActiveUsers = array();
$aUsers = User::getList();
foreach ($aPermissions as $oPermission) {
$oPLA = KTPermissionLookupAssignment::getByPermissionAndLookup($oPermission, $oPL);
if (PEAR::isError($oPLA)) {
continue;
}
$oDescriptor =& KTPermissionDescriptor::get($oPLA->getPermissionDescriptorID());
$iPermissionID = $oPermission->getID();
$aMapPermissionGroup[$iPermissionID] = array();
$hasPermission = false;
$everyone = $oDescriptor->hasRoles(array(-3));
$authenticated = $oDescriptor->hasRoles(array(-4));
// TODO : paginate this page, when there are too many users
foreach ($aUsers as $oUser) {
if ($everyone || $authenticated && $oUser->isAnonymous() || KTPermissionUtil::userHasPermissionOnItem($oUser, $oPermission, $this->oFolder)) {
$aMapPermissionUser[$iPermissionID][$oUser->getId()] = true;
$aActiveUsers[$oUser->getId()] = $oUser->getName();
}
}
}
// now we constitute the actual sets.
$users = array();
$groups = array();
$roles = array();
// should _always_ be empty, barring a bug in permissions::updatePermissionLookup
$users = $aActiveUsers;
asort($users);
// ascending, per convention.
$bEdit = false;
$sInherited = '';
$aTemplateData = array('context' => $this, 'permissions' => $aPermissions, 'groups' => $groups, 'users' => $users, 'roles' => $roles, 'oFolder' => $this->oFolder, 'aMapPermissionGroup' => $aMapPermissionGroup, 'aMapPermissionRole' => $aMapPermissionRole, 'aMapPermissionUser' => $aMapPermissionUser, 'edit' => $bEdit, 'inherited' => $sInherited, 'foldername' => $this->oFolder->getName(), 'iFolderId' => $this->oFolder->getId());
return $oTemplate->render($aTemplateData);
}
function do_changestate()
{
$aErrorOptions = array('redirect_to' => array('main', sprintf('fDocumentId=%d', $this->oDocument->getId())));
$iThreadId = KTUtil::arrayGet($_REQUEST, 'fThreadId');
$oThread = DiscussionThread::get($iThreadId);
$this->oValidator->notError($oThread, $aErrorOptions);
$aErrorOptions = array('redirect_to' => array('viewthread', sprintf('fDocumentId=%d&fThreadId=%d', $this->oDocument->getId(), $oThread->getId())));
$oPermission =& KTPermission::getByName('ktcore.permissions.workflow');
$sRedirectTo = implode('&', $aErrorOptions['redirect_to']);
if (PEAR::isError($oPermission)) {
$this->errorRedirectTo($sRedirectTo, _kt("Error getting permission"));
exit(0);
}
if (!KTPermissionUtil::userHasPermissionOnItem($this->oUser, $oPermission, $this->oDocument)) {
$this->errorRedirectTo($sRedirectTo, _kt("You do not have permission to close this thread"));
exit(0);
}
$iStateId = KTUtil::arrayGet($_REQUEST, 'state');
if (!in_array($iStateId, $this->aTransitions[$oThread->getState()])) {
$this->errorRedirectTo($sRedirectTo, _kt("Invalid transition"));
exit(0);
}
$aErrorOptions['message'] = _kt("No reason provided");
$sReason = $this->oValidator->validateString(KTUtil::arrayGet($_REQUEST, 'reason'), $aErrorOptions);
if ($iStateId > $oThread->getState()) {
$sTransactionNamespace = 'ktcore.transactions.collaboration_step_approve';
} else {
$sTransactionNamespace = 'ktcore.transactions.collaboration_step_rollback';
}
// Start the transaction comment creation
$this->startTransaction();
$oThread->setState($iStateId);
if ($iStateId == DISCUSSION_CLOSED) {
$oThread->setCloseMetadataVersion($this->oDocument->getMetadataVersion());
} else {
if ($iStateId == DISCUSSION_CONCLUSION) {
$oThread->setCloseReason($sReason);
}
}
$oDocumentTransaction = new DocumentTransaction($this->oDocument, $sReason, $sTransactionNamespace);
$oDocumentTransaction->create();
$res = $oThread->update();
$aErrorOptions['message'] = _kt("There was an error updating the thread with the new comment");
$this->oValidator->notError($res, $aErrorOptions);
// Thread closed correctly, so commit
$this->commitTransaction();
$this->successRedirectTo('viewThread', _kt("Thread state changed"), sprintf('fDocumentId=%d&fThreadId=%d', $this->oDocument->getId(), $oThread->getId()));
exit(0);
}
/**
* Get's a folder listing, recursing to the maximum depth.
* Derived from the get_listing function.
*
* <code>
* $root = $this->ktapi->get_root_folder();
* $listing = $root->get_full_listing();
* foreach($listing as $val) {
* if($val['item_type'] == 'F') {
* // It's a folder
* echo $val['title'];
* }
* }
* </code>
*
* @author KnowledgeTree Team
* @access public
* @param string $what
* @return array
*/
function get_full_listing($what = 'DFS')
{
$what = strtoupper($what);
$read_permission =& KTPermission::getByName(KTAPI_PERMISSION_READ);
$folder_permission =& KTPermission::getByName(KTAPI_PERMISSION_VIEW_FOLDER);
$config = KTConfig::getSingleton();
$wsversion = $config->get('webservice/version', LATEST_WEBSERVICE_VERSION);
$user = $this->ktapi->get_user();
$contents = array();
if (strpos($what, 'F') !== false) {
$folder_children = Folder::getList(array('parent_id = ?', $this->folderid));
foreach ($folder_children as $folder) {
if (KTPermissionUtil::userHasPermissionOnItem($user, $folder_permission, $folder) || KTPermissionUtil::userHasPermissionOnItem($user, $read_permission, $folder)) {
$sub_folder =& $this->ktapi->get_folder_by_id($folder->getId());
if (!PEAR::isError($sub_folder)) {
$items = $sub_folder->get_full_listing($what);
} else {
$items = array();
}
$creator = $this->_resolve_user($folder->getCreatorID());
if ($wsversion >= 2) {
$array = array('id' => (int) $folder->getId(), 'item_type' => 'F', 'custom_document_no' => 'n/a', 'oem_document_no' => 'n/a', 'title' => $folder->getName(), 'document_type' => 'n/a', 'filename' => $folder->getName(), 'filesize' => 'n/a', 'created_by' => is_null($creator) ? 'n/a' : $creator->getName(), 'created_date' => 'n/a', 'checked_out_by' => 'n/a', 'checked_out_date' => 'n/a', 'modified_by' => 'n/a', 'modified_date' => 'n/a', 'owned_by' => 'n/a', 'version' => 'n/a', 'is_immutable' => 'n/a', 'permissions' => KTAPI_Folder::get_permission_string($folder), 'workflow' => 'n/a', 'workflow_state' => 'n/a', 'mime_type' => 'folder', 'mime_icon_path' => 'folder', 'mime_display' => 'Folder', 'storage_path' => 'n/a');
if ($wsversion >= 3) {
$array['linked_folder_id'] = $folder->getLinkedFolderId();
if ($folder->isSymbolicLink()) {
$array['item_type'] = "S";
}
}
$array['items'] = $items;
if ($wsversion < 3 || strpos($what, 'F') !== false && !$folder->isSymbolicLink() || $folder->isSymbolicLink() && strpos($what, 'S') !== false) {
$contents[] = $array;
}
} else {
$contents[] = array('id' => (int) $folder->getId(), 'item_type' => 'F', 'title' => $folder->getName(), 'creator' => is_null($creator) ? 'n/a' : $creator->getName(), 'checkedoutby' => 'n/a', 'modifiedby' => 'n/a', 'filename' => $folder->getName(), 'size' => 'n/a', 'major_version' => 'n/a', 'minor_version' => 'n/a', 'storage_path' => 'n/a', 'mime_type' => 'folder', 'mime_icon_path' => 'folder', 'mime_display' => 'Folder', 'items' => $items, 'workflow' => 'n/a', 'workflow_state' => 'n/a');
}
}
}
}
if (strpos($what, 'D') !== false) {
$document_children = Document::getList(array('folder_id = ? AND status_id = 1', $this->folderid));
// I hate that KT doesn't cache things nicely...
$mime_cache = array();
foreach ($document_children as $document) {
if (KTPermissionUtil::userHasPermissionOnItem($user, $read_permission, $document)) {
$created_by = $this->_resolve_user($document->getCreatorID());
$created_date = $document->getCreatedDateTime();
if (empty($created_date)) {
$created_date = 'n/a';
}
$checked_out_by = $this->_resolve_user($document->getCheckedOutUserID());
$checked_out_date = $document->getCheckedOutDate();
if (empty($checked_out_date)) {
$checked_out_date = 'n/a';
}
$modified_by = $this->_resolve_user($document->getCreatorID());
$modified_date = $document->getLastModifiedDate();
if (empty($modified_date)) {
$modified_date = 'n/a';
}
$owned_by = $this->_resolve_user($document->getOwnerID());
$mimetypeid = $document->getMimeTypeID();
if (!array_key_exists($mimetypeid, $mime_cache)) {
$type = KTMime::getMimeTypeName($mimetypeid);
$icon = KTMime::getIconPath($mimetypeid);
$display = KTMime::getFriendlyNameForString($type);
$mime_cache[$mimetypeid] = array('type' => $type, 'icon' => $icon, 'display' => $display);
}
$mimeinfo = $mime_cache[$mimetypeid];
$workflow = 'n/a';
$state = 'n/a';
$wf = KTWorkflowUtil::getWorkflowForDocument($document);
if (!is_null($wf) && !PEAR::isError($wf)) {
$workflow = $wf->getHumanName();
$ws = KTWorkflowUtil::getWorkflowStateForDocument($document);
if (!is_null($ws) && !PEAR::isError($ws)) {
$state = $ws->getHumanName();
}
}
if ($wsversion >= 2) {
$docTypeId = $document->getDocumentTypeID();
$documentType = DocumentType::get($docTypeId);
$oemDocumentNo = $document->getOemNo();
if (empty($oemDocumentNo)) {
$oemDocumentNo = 'n/a';
}
$array = array('id' => (int) $document->getId(), 'item_type' => 'D', 'custom_document_no' => 'n/a', 'oem_document_no' => $oemDocumentNo, 'title' => $document->getName(), 'document_type' => $documentType->getName(), 'filename' => $document->getFileName(), 'filesize' => $document->getFileSize(), 'created_by' => is_null($created_by) ? 'n/a' : $created_by->getName(), 'created_date' => $created_date, 'checked_out_by' => is_null($checked_out_by) ? 'n/a' : $checked_out_by->getName(), 'checked_out_date' => $checked_out_date, 'modified_by' => is_null($modified_by) ? 'n/a' : $modified_by->getName(), 'modified_date' => $modified_date, 'owned_by' => is_null($owned_by) ? 'n/a' : $owned_by->getName(), 'version' => $document->getMajorVersionNumber() . '.' . $document->getMinorVersionNumber(), 'content_id' => $document->getContentVersionId(), 'is_immutable' => $document->getImmutable() ? 'true' : 'false', 'permissions' => KTAPI_Document::get_permission_string($document), 'workflow' => $workflow, 'workflow_state' => $state, 'mime_type' => $mime_cache[$mimetypeid]['type'], 'mime_icon_path' => $mime_cache[$mimetypeid]['icon'], 'mime_display' => $mime_cache[$mimetypeid]['display'], 'storage_path' => $document->getStoragePath());
if ($wsversion >= 3) {
$document->switchToRealCore();
$array['linked_document_id'] = $document->getLinkedDocumentId();
$document->switchToLinkedCore();
if ($document->isSymbolicLink()) {
$array['item_type'] = "S";
}
}
$array['items'] = array();
if ($wsversion < 3 || strpos($what, 'D') !== false && !$document->isSymbolicLink() || $document->isSymbolicLink() && strpos($what, 'S') !== false) {
$contents[] = $array;
}
} else {
$contents[] = array('id' => (int) $document->getId(), 'item_type' => 'D', 'title' => $document->getName(), 'creator' => is_null($created_by) ? 'n/a' : $created_by->getName(), 'checkedoutby' => is_null($checked_out_by) ? 'n/a' : $checked_out_by->getName(), 'modifiedby' => is_null($modified_by) ? 'n/a' : $modified_by->getName(), 'filename' => $document->getFileName(), 'size' => $document->getFileSize(), 'major_version' => $document->getMajorVersionNumber(), 'minor_version' => $document->getMinorVersionNumber(), 'storage_path' => $document->getStoragePath(), 'mime_type' => $mime_cache[$mimetypeid]['type'], 'mime_icon_path' => $mime_cache[$mimetypeid]['icon'], 'mime_display' => $mime_cache[$mimetypeid]['display'], 'items' => array(), 'workflow' => $workflow, 'workflow_state' => $state);
}
}
}
}
return $contents;
}
function check_entity($oEntity)
{
$oPermission =& KTPermission::getByName($this->_sPermission);
if (PEAR::isError($oPermission)) {
return true;
}
// basic document checks
// TODO: check if this is appropriate
// should probably store the 'equivalent' action (ie. document.delete)
// and check that, rather than add a new list of actions to the workflow
// section
if (is_a($oEntity, 'Document')) {
if (!KTWorkflowUtil::actionEnabledForDocument($oEntity, $this->sName)) {
return PEAR::raiseError(_kt('Action is disabled by workflow'));
}
$status = $oEntity->getStatusID();
if ($status == DELETED || $status == ARCHIVED) {
return PEAR::raiseError(_kt('Document is archived or deleted'));
}
}
// admin check
if ($this->bAllowInAdminMode) {
if (KTBrowseUtil::inAdminMode($this->oUser, null)) {
return true;
}
}
if (!KTPermissionUtil::userHasPermissionOnItem($this->oUser, $oPermission, $oEntity)) {
return PEAR::raiseError(_kt('You do not have the required permissions'));
}
return true;
}
/**
* Deletes a document symbolic link
*
* @param Document $document the symbolic link document
* @param User $user the user deleting the link
* @return unknown
*/
static function deleteSymbolicLink($document, $user = null)
{
//validate input
if (is_numeric($document)) {
$document = Document::get($document);
}
if (!$document instanceof Document) {
return PEAR::raiseError(_kt('Document not specified'));
}
if (!$document->isSymbolicLink()) {
return PEAR::raiseError(_kt('Document must be a symbolic link entity'));
}
if (is_null($user)) {
$user = $_SESSION['userID'];
}
if (is_numeric($user)) {
$user = User::get($user);
}
//check permissions
$oPerm = KTPermission::getByName('ktcore.permissions.delete');
if (!KTBrowseUtil::inAdminMode($user, $document->getParentID())) {
if (!KTPermissionUtil::userHasPermissionOnItem($user, $oPerm, $document)) {
return PEAR::raiseError(_kt('You\'re not authorized to delete this shortcut'));
}
}
// we only need to delete the document entry for the link
$sql = "DELETE FROM documents WHERE id=?";
DBUtil::runQuery(array($sql, array($document->getId())));
}
function do_resolved_users()
{
$this->oPage->setBreadcrumbDetails(_kt("Permissions"));
$oTemplate = $this->oValidator->validateTemplate("ktcore/document/resolved_permissions_user");
$oPL = KTPermissionLookup::get($this->oDocument->getPermissionLookupID());
$aPermissions = KTPermission::getList();
$aMapPermissionGroup = array();
$aMapPermissionRole = array();
$aMapPermissionUser = array();
$aUsers = User::getList();
foreach ($aPermissions as $oPermission) {
$oPLA = KTPermissionLookupAssignment::getByPermissionAndLookup($oPermission, $oPL);
if (PEAR::isError($oPLA)) {
continue;
}
$oDescriptor = KTPermissionDescriptor::get($oPLA->getPermissionDescriptorID());
$iPermissionID = $oPermission->getID();
$aMapPermissionGroup[$iPermissionID] = array();
foreach ($aUsers as $oUser) {
if (KTPermissionUtil::userHasPermissionOnItem($oUser, $oPermission, $this->oDocument)) {
$aMapPermissionUser[$iPermissionID][$oUser->getId()] = true;
$aActiveUsers[$oUser->getId()] = true;
}
}
}
// now we constitute the actual sets.
$users = array();
$groups = array();
$roles = array();
// should _always_ be empty, barring a bug in permissions::updatePermissionLookup
// this should be quite limited - direct role -> user assignment is typically rare.
foreach ($aActiveUsers as $id => $marker) {
$oUser = User::get($id);
$users[$oUser->getName()] = $oUser;
}
asort($users);
// ascending, per convention.
$bEdit = false;
$sInherited = '';
$aDynamicControls = array();
$aWorkflowControls = array();
// handle conditions
$iPermissionObjectId = $this->oDocument->getPermissionObjectID();
if (!empty($iPermissionObjectId)) {
$oPO = KTPermissionObject::get($iPermissionObjectId);
$aDynamicConditions = KTPermissionDynamicCondition::getByPermissionObject($oPO);
if (!PEAR::isError($aDynamicConditions)) {
foreach ($aDynamicConditions as $oDynamicCondition) {
$iConditionId = $oDynamicCondition->getConditionId();
if (KTSearchUtil::testConditionOnDocument($iConditionId, $this->oDocument)) {
$aPermissionIds = $oDynamicCondition->getAssignment();
foreach ($aPermissionIds as $iPermissionId) {
$aDynamicControls[$iPermissionId] = true;
}
}
}
}
}
// indicate that workflow controls a given permission
$oState = KTWorkflowUtil::getWorkflowStateForDocument($this->oDocument);
if (!(PEAR::isError($oState) || is_null($oState) || $oState == false)) {
$aWorkflowStatePermissionAssignments = KTWorkflowStatePermissionAssignment::getByState($oState);
foreach ($aWorkflowStatePermissionAssignments as $oAssignment) {
$aWorkflowControls[$oAssignment->getPermissionId()] = true;
unset($aDynamicControls[$oAssignment->getPermissionId()]);
}
}
$aTemplateData = array("context" => $this, "permissions" => $aPermissions, "groups" => $groups, "users" => $users, "roles" => $roles, "oDocument" => $this->oDocument, "aMapPermissionGroup" => $aMapPermissionGroup, "aMapPermissionRole" => $aMapPermissionRole, "aMapPermissionUser" => $aMapPermissionUser, "edit" => $bEdit, "inherited" => $sInherited, 'workflow_controls' => $aWorkflowControls, 'conditions_control' => $aDynamicControls);
return $oTemplate->render($aTemplateData);
}
/**
* This checks if a user can access an object with a certain permission.
*
* @author KnowledgeTree Team
* @access public
* @param object $object The internal document object or a folder object
* @param string $permission The permissions string
* @return object $user SUCCESS - The User object | FAILURE - an error object
*/
public function can_user_access_object_requiring_permission(&$object, $permission)
{
assert(!is_null($object));
assert(is_a($object, 'DocumentProxy') || is_a($object, 'FolderProxy') || is_a($object, 'Document') || is_a($object, 'Folder'));
/*
if(is_null($object) || PEAR::isError($object)){
$error = $object;
return $object;
}
if(!is_a($object,'DocumentProxy') && !is_a($object,'FolderProxy') && !is_a($object,'Document') && !is_a($object,'Folder')){
$error = new KTAPI_Error(KTAPI_ERROR_INTERNAL_ERROR, $rows);
return $error;
}
*/
$permissions =& KTAPI::get_permission($permission);
if (is_null($permissions) || PEAR::isError($permissions)) {
$error = $permissions;
return $error;
}
$user =& KTAPI::get_user();
if (is_null($user) || PEAR::isError($user)) {
$error = $user;
return $error;
}
if (!KTPermissionUtil::userHasPermissionOnItem($user, $permission, $object)) {
$error = new PEAR_Error(KTAPI_ERROR_INSUFFICIENT_PERMISSIONS);
return $error;
}
return $user;
}
function _show()
{
if (is_null($this->_sShowPermission)) {
return true;
}
$oFolder = Folder::get($this->oDocument->getFolderId());
if ($this->_bMutator && $this->oDocument->getImmutable()) {
if ($this->_bMutationAllowedByAdmin === true) {
if (!KTBrowseUtil::inAdminMode($this->oUser, $oFolder)) {
return false;
}
} else {
return false;
}
}
if ($this->_bAdminAlwaysAvailable) {
if (Permission::userIsSystemAdministrator($this->oUser->getId())) {
return true;
}
if (Permission::isUnitAdministratorForFolder($this->oUser, $this->oDocument->getFolderId())) {
return true;
}
}
$oPermission =& KTPermission::getByName($this->_sShowPermission);
if (PEAR::isError($oPermission)) {
return true;
}
if (!KTWorkflowUtil::actionEnabledForDocument($this->oDocument, $this->sName)) {
return false;
}
// be nasty in archive/delete status.
$status = $this->oDocument->getStatusID();
if ($status == DELETED || $status == ARCHIVED) {
return false;
}
if ($this->bAllowInAdminMode) {
// check if this user is in admin mode
if (KTBrowseUtil::inAdminMode($this->oUser, $oFolder)) {
return true;
}
}
return KTPermissionUtil::userHasPermissionOnItem($this->oUser, $oPermission, $this->oDocument);
}
function do_delete()
{
$this->oPage->setBreadcrumbDetails(_kt("link"));
// check security
$oPermission =& KTPermission::getByName('ktcore.permissions.write');
if (PEAR::isError($oPermission) || !KTPermissionUtil::userHasPermissionOnItem($this->oUser, $oPermission, $this->oDocument)) {
$this->errorRedirectToMain(_kt('You do not have sufficient permissions to delete a link'), sprintf("fDocumentId=%d", $this->oDocument->getId()));
exit(0);
}
// check validity of things
$oDocumentLink = DocumentLink::get(KTUtil::arrayGet($_REQUEST, 'fDocumentLinkId'));
if (PEAR::isError($oDocumentLink)) {
$this->errorRedirectToMain(_kt('Invalid document link selected.'));
exit(0);
}
$oParentDocument = Document::get(KTUtil::arrayGet($_REQUEST, 'fDocumentId'));
if (PEAR::isError($oParentDocument)) {
$this->errorRedirectToMain(_kt('Invalid document selected.'));
exit(0);
}
// do deletion
$this->startTransaction();
// Cannot call delete directly if no link exists.
if ($oDocumentLink) {
$res = $oDocumentLink->delete();
if (PEAR::isError($res)) {
$this->errorRedirectToMain(_kt('Could not delete document link'), sprintf('fDocumentId=%d', $oParentDocument->getId()));
exit(0);
}
} else {
$this->successRedirectToMain(_kt('Document link not deleted. Document link does not exists, or previously deleted.'), sprintf('fDocumentId=%d', $oParentDocument->getId()));
}
$this->commitTransaction();
$this->successRedirectToMain(_kt('Document link deleted'), sprintf('fDocumentId=%d', $oParentDocument->getId()));
exit(0);
}
function check_entity($oEntity)
{
if (is_a($oEntity, 'Document')) {
if ($oEntity->getImmutable()) {
return PEAR::raiseError(_kt('Document cannot be checked out as it is immutable'));
}
// Check that the document isn't already checked out
if ($oEntity->getIsCheckedOut()) {
$checkedOutUser = $oEntity->getCheckedOutUserID();
$sUserId = $_SESSION['userID'];
if ($checkedOutUser != $sUserId) {
$oCheckedOutUser = User::get($checkedOutUser);
return PEAR::raiseError($oEntity->getName() . ': ' . _kt('Document has already been checked out by ') . $oCheckedOutUser->getName());
}
}
// Check that the checkout action isn't restricted for the document
if (!KTWorkflowUtil::actionEnabledForDocument($oEntity, 'ktcore.actions.document.checkout')) {
return PEAR::raiseError($oEntity->getName() . ': ' . _kt('Checkout is restricted by the workflow state.'));
}
} else {
if (!is_a($oEntity, 'Folder')) {
return PEAR::raiseError(_kt('Document cannot be checked out'));
}
}
//we need to do an extra folder permission check in case of a shortcut
if (is_a($oEntity, 'Folder') && $oEntity->isSymbolicLink()) {
if (!KTPermissionUtil::userHasPermissionOnItem($this->oUser, $this->_sPermission, $oEntity->getLinkedFolder())) {
return PEAR::raiseError(_kt('You do not have the required permissions'));
}
}
return parent::check_entity($oEntity);
}
function do_main()
{
$this->oPage->setBreadcrumbDetails(_kt('workflow'));
$oTemplate =& $this->oValidator->validateTemplate('ktcore/workflow/documentWorkflow');
$oDocument =& $this->oValidator->validateDocument($_REQUEST['fDocumentId']);
$oWorkflow = KTWorkflowUtil::getWorkflowForDocument($oDocument);
$oWorkflowState = KTWorkflowUtil::getWorkflowStateForDocument($oDocument);
$oUser =& User::get($_SESSION['userID']);
// If the document is checked out - set transitions and workflows to empty and set checkedout to true
$bIsCheckedOut = $this->oDocument->getIsCheckedOut();
if ($bIsCheckedOut) {
$aTransitions = array();
$aWorkflows = array();
$transition_fields = array();
$bHasPerm = FALSE;
} else {
$aTransitions = KTWorkflowUtil::getTransitionsForDocumentUser($oDocument, $oUser);
$aWorkflows = KTWorkflow::getList('start_state_id IS NOT NULL AND enabled = 1 ');
$bHasPerm = false;
if (KTPermissionUtil::userHasPermissionOnItem($oUser, 'ktcore.permissions.workflow', $oDocument)) {
$bHasPerm = true;
}
$fieldErrors = null;
$transition_fields = array();
if ($aTransitions) {
$aVocab = array();
foreach ($aTransitions as $oTransition) {
if (is_null($oTransition) || PEAR::isError($oTransition)) {
continue;
}
$aVocab[$oTransition->getId()] = $oTransition->showDescription();
}
$fieldOptions = array('vocab' => $aVocab);
$transition_fields[] = new KTLookupWidget(_kt('Transition to perform'), _kt('The transition listed will cause the document to change from its current state to the listed destination state.'), 'fTransitionId', null, $this->oPage, true, null, $fieldErrors, $fieldOptions);
$transition_fields[] = new KTTextWidget(_kt('Reason for transition'), _kt('Describe why this document qualifies to be changed from its current state to the destination state of the transition chosen.'), 'fComments', '', $this->oPage, true, null, null, array('cols' => 80, 'rows' => 4));
}
}
// Add an electronic signature
global $default;
if ($default->enableESignatures) {
$sUrl = KTPluginUtil::getPluginPath('electronic.signatures.plugin', true);
$heading = _kt('You are attempting to modify the document workflow');
$submit['type'] = 'button';
$submit['onclick'] = "javascript: showSignatureForm('{$sUrl}', '{$heading}', 'ktcore.transactions.modify_workflow', 'document', 'start_workflow_form', 'submit', {$this->oDocument->iId});";
$heading2 = _kt('You are attempting to transition the document workflow');
$submit2['onclick'] = "javascript: showSignatureForm('{$sUrl}', '{$heading2}', 'ktcore.transactions.transition_workflow', 'document', 'transition_wf_form', 'submit', {$this->oDocument->iId});";
} else {
$submit['type'] = 'submit';
$submit['onclick'] = '';
$submit2['onclick'] = '';
}
$aTemplateData = array('oDocument' => $oDocument, 'oWorkflow' => $oWorkflow, 'oState' => $oWorkflowState, 'aTransitions' => $aTransitions, 'aWorkflows' => $aWorkflows, 'transition_fields' => $transition_fields, 'bHasPerm' => $bHasPerm, 'bIsCheckedOut' => $bIsCheckedOut, 'submit' => $submit, 'submit2' => $submit2);
return $oTemplate->render($aTemplateData);
}
/**
* Returns an associative array with permissions mapped onto users, groups and roles.
*
* @author KnowledgeTree Team
* @access public
* @access protected
*/
protected function _resolveAllocations()
{
$object = $this->folderItem->getObject();
$objectId = $object->getPermissionObjectID();
$oPO = KTPermissionObject::get($objectId);
$permissions = KTPermission::getList();
$cleanPermissions = array();
$map = array('roles' => array('active' => array(), 'map' => array()), 'users' => array('active' => array(), 'map' => array()), 'groups' => array('active' => array(), 'map' => array()), 'permissions' => array());
foreach ($permissions as $permission) {
$permissionId = $permission->getId();
$cleanPermissions[$permissionId] = false;
$map['permissions'][$permissionId] = $permission->getHumanName();
}
// The next 3 sections of code are slightly repetitive.
// Get all group permission assignments
$sql = "SELECT\n pa.permission_id, g.name, g.id\n FROM\n permission_assignments pa\n INNER JOIN permissions p ON p.id = pa.permission_id\n INNER JOIN permission_descriptor_groups pdg ON pa.permission_descriptor_id = pdg.descriptor_id\n INNER JOIN groups_lookup g ON pdg.group_id = g.id\n WHERE\n pa.permission_object_id = ?\n ORDER BY g.name\n ";
$groupPermissions = DBUtil::getResultArray(array($sql, array($objectId)));
foreach ($groupPermissions as $group) {
$groupId = $group['id'];
if (!array_key_exists($groupId, $map['groups']['active'])) {
$map['groups']['map'][$groupId] = $cleanPermissions;
}
$map['groups']['active'][$groupId] = $group['name'];
$map['groups']['map'][$groupId][$group['permission_id']] = true;
}
// Get all role permission assignments
$sql = "SELECT\n pa.permission_id, r.name, r.id\n FROM\n permission_assignments pa\n INNER JOIN permissions p ON p.id = pa.permission_id\n INNER JOIN permission_descriptor_roles pdr ON pa.permission_descriptor_id = pdr.descriptor_id\n INNER JOIN roles r ON pdr.role_id = r.id\n WHERE\n pa.permission_object_id = ?\n ORDER BY r.name\n ";
$rolePermissions = DBUtil::getResultArray(array($sql, array($objectId)));
foreach ($rolePermissions as $role) {
$roleId = $role['id'];
if (!array_key_exists($roleId, $map['roles']['active'])) {
$map['roles']['map'][$roleId] = $cleanPermissions;
}
$map['roles']['active'][$roleId] = $role['name'];
$map['roles']['map'][$roleId][$role['permission_id']] = true;
}
// Get all user permission assignments
$sql = "SELECT\n pa.permission_id, u.name, u.id\n FROM\n permission_assignments pa\n INNER JOIN permissions p ON p.id = pa.permission_id\n INNER JOIN permission_descriptor_users pdu ON pa.permission_descriptor_id = pdu.descriptor_id\n INNER JOIN users u ON pdu.user_id = u.id\n WHERE\n pa.permission_object_id = ?\n ORDER BY u.name\n ";
$userPermissions = DBUtil::getResultArray(array($sql, $objectId));
foreach ($userPermissions as $user) {
$userId = $user['id'];
if (!array_key_exists($userId, $map['users']['active'])) {
$map['users']['map'][$userId] = $cleanPermissions;
}
$map['users']['active'][$userId] = $user['name'];
$map['users']['map'][$userId][$user['permission_id']] = true;
}
// resolve editable, inherited, inheritable
$user = $this->ktapi->get_session()->get_user();
$editable = KTPermissionUtil::userHasPermissionOnItem($user, 'ktcore.permissions.security', $object) || KTBrowseUtil::inAdminMode($user, $this->folderItem);
$inherited = KTPermissionUtil::findRootObjectForPermissionObject($oPO);
$inheritedId = $inherited->getId();
$objectId = $object->getId();
$map['inherited'] = $inheritedId !== $objectId && $objectId != 1;
// only allow inheritance of permissions from parent if not inherited, -and- folder is editable
$map['inheritable'] = $editable && !$map['inherited'] && $objectId != 1;
// only allow edit if the folder is editable and not inherited
$map['editable'] = $editable && !$map['inherited'];
$this->map = $map;
$this->mapCopy = $map;
$this->changed = false;
}
function breadcrumbsForFolder($oFolder, $aOptions = null)
{
$oFolder =& KTUtil::getObject('Folder', $oFolder);
$sAction = KTUtil::arrayGet($aOptions, 'folderaction');
if (PEAR::isError($oFolder)) {
$url = KTUtil::addQueryStringSelf('fFolderId=1');
if (!empty($sAction)) {
$url = generateControllerUrl($sAction, 'fFolderId=1');
}
return array(array('url' => $url, 'name' => '…'));
}
$bFinal = KTUtil::arrayGet($aOptions, 'final', true, false);
$bFolderBrowseBase = KTUtil::arrayGet($aOptions, 'folderbase', '');
$aBreadcrumbs = array();
// skip root.
//$folder_path_names = $oFolder->getPathArray();
$folder_path_ids = array_slice(explode(',', $oFolder->getParentFolderIds()), 1);
$parents = count($folder_path_ids);
// we have made the "default" folder non-root, so we need to be able
// to reach "Root" (Folder::get(1)).
$url = KTUtil::addQueryStringSelf('fFolderId=1');
if (!empty($sAction)) {
$url = generateControllerUrl($sAction, 'fFolderId=1');
}
$aBreadcrumbs[] = array('url' => $url, 'name' => _kt('Folders'));
$oUser = User::get($_SESSION['userID']);
if ($parents != 0) {
foreach (range(0, $parents - 1) as $index) {
$id = $folder_path_ids[$index];
$oThisFolder = Folder::get($id);
$sFolderName = $oThisFolder->getName();
$url = KTUtil::addQueryStringSelf('fFolderId=' . $id);
if (!empty($sAction)) {
$url = generateControllerUrl($sAction, 'fFolderId=' . $id);
}
if (!KTPermissionUtil::userHasPermissionOnItem($oUser, 'ktcore.permissions.folder_details', $oThisFolder)) {
if (KTBrowseUtil::inAdminMode($oUser, $oThisFolder)) {
$aBreadcrumbs[] = array('url' => $url, 'name' => sprintf('(%s)', $sFolderName));
} else {
$aBreadcrumbs[] = array('name' => '...');
}
continue;
}
$aBreadcrumbs[] = array('url' => $url, 'name' => $sFolderName);
}
}
// now add this folder, _if we aren't in 1_.
if ($oFolder->getId() != 1) {
$id = $oFolder->getId();
$url = KTUtil::addQueryStringSelf('fFolderId=' . $id);
if (!empty($sAction)) {
$url = generateControllerUrl($sAction, 'fFolderId=' . $id);
}
if (!KTPermissionUtil::userHasPermissionOnItem($oUser, 'ktcore.permissions.folder_details', $oFolder)) {
if (KTBrowseUtil::inAdminMode($oUser, $oFolder)) {
$aBreadcrumbs[] = array('url' => $url, 'name' => sprintf('(%s)', $oFolder->getName()));
} else {
$aBreadcrumbs[] = array('name' => '...');
}
} else {
if ($bFinal) {
$aBreadcrumbs[] = array('name' => $oFolder->getName());
} else {
$aBreadcrumbs[] = array('url' => $url, 'name' => $oFolder->getName());
}
}
}
$aCompactBreadcrumbs = array();
$lastdotdotdot = false;
foreach ($aBreadcrumbs as $aBreadcrumb) {
if ($aBreadcrumb['name'] == '...') {
if ($lastdotdotdot == true) {
continue;
}
$lastdotdotdot = true;
} else {
$lastdotdotdot = false;
}
$aCompactBreadcrumbs[] = $aBreadcrumb;
}
return $aCompactBreadcrumbs;
}
<?php
require_once "../../config/dmsDefaults.php";
require_once KT_LIB_DIR . '/foldermanagement/Folder.inc';
require_once KT_LIB_DIR . '/users/User.inc';
require_once KT_LIB_DIR . '/permissions/permission.inc.php';
require_once KT_LIB_DIR . '/permissions/permissionutil.inc.php';
error_reporting(E_ALL);
$oFolder = Folder::get(2);
$oUser = User::get(4);
$oPermission = KTPermission::getByName('ktcore.permissions.read');
$res = KTPermissionUtil::userHasPermissionOnItem($oUser, $oPermission, $oFolder);
var_dump($res);
