function &getAllocationsForFolderAndRole($iFolderId, $iRoleId)
{
// FIXME the query we use here is ... not very pleasant.
// NBM: is this the "right" way to do this?
$raTable = KTUtil::getTableName('role_allocations');
$fTable = Folder::_table();
$oFolder =& Folder::get($iFolderId);
// if its an invalid folder, we simply return null, since this is undefined anyway.
if (PEAR::isError($oFolder)) {
return null;
}
$parents = Folder::generateFolderIds($iFolderId);
// FIXME what (if anything) do we need to do to check that this can't be used as an attack?
$folders = '(' . $parents . ')';
$sQuery = "SELECT ra.id as `id` FROM " . $raTable . " AS ra " . ' LEFT JOIN ' . $fTable . ' AS f ON (f.id = ra.folder_id) ' . ' WHERE f.id IN ' . $folders . ' AND ra.role_id = ?' . ' ORDER BY CHAR_LENGTH(f.parent_folder_ids) desc, f.parent_folder_ids DESC';
$aParams = array($iRoleId);
$aRoleAllocIds = DBUtil::getResultArrayKey(array($sQuery, $aParams), 'id');
if (false) {
print '<pre>';
var_dump($aRoleAllocIds);
print '';
print $sQuery;
print '</pre>';
}
if (empty($aRoleAllocIds)) {
return null;
}
$iAllocId = $aRoleAllocIds[0];
// array pop?
return RoleAllocation::get($iAllocId);
}
function do_setRoleGroups()
{
$role_allocation_id = KTUtil::arrayGet($_REQUEST, 'allocation_id');
$oRoleAllocation = RoleAllocation::get($role_allocation_id);
if (PEAR::isError($oRoleAllocation) || $oRoleAllocation === false) {
$this->errorRedirectToMain(_kt('No such role allocation.'), sprintf('fFolderId=%d', $this->oFolder->getId()));
}
$groups = KTUtil::arrayGet($_REQUEST, 'groupFinal', '');
$aGroupIds = explode(',', $groups);
// check that its not corrupt..
$aFinalGroupIds = array();
foreach ($aGroupIds as $iGroupId) {
$oGroup =& Group::get($iGroupId);
if (!(PEAR::isError($oGroup) || $oGroup == false)) {
$aFinalGroupIds[] = $iGroupId;
}
}
if (empty($aFinalGroupIds)) {
$aFinalGroupIds = null;
}
// hack straight in.
$oPD = $oRoleAllocation->getPermissionDescriptor();
$aAllowed = $oPD->getAllowed();
// now, grab the existing allowed and modify.
$aAllowed['group'] = $aFinalGroupIds;
$oRoleAllocation->setAllowed($aAllowed);
$res = $oRoleAllocation->update();
if (PEAR::isError($res) || $res == false) {
$this->errorRedirectToMain(_kt('Failed to change the role allocation.') . print_r($res, true), sprintf('fFolderId=%d', $this->oFolder->getId()));
}
$oTransaction = KTFolderTransaction::createFromArray(array('folderid' => $this->oFolder->getId(), 'comment' => _kt('Set role groups'), 'transactionNS' => 'ktcore.transactions.role_allocations_change', 'userid' => $_SESSION['userID'], 'ip' => Session::getClientIP()));
$aOptions = array('defaultmessage' => _kt('Problem assigning role groups'), 'redirect_to' => array('main', sprintf('fFolderId=%d', $this->oFolder->getId())));
$this->oValidator->notErrorFalse($oTransaction, $aOptions);
$this->renegeratePermissionsForRole($oRoleAllocation->getRoleId());
$this->successRedirectToMain(_kt('Allocation changed.'), sprintf('fFolderId=%d', $this->oFolder->getId()));
}
