function &getAllocationsForFolderAndRole($iFolderId, $iRoleId) { // FIXME the query we use here is ... not very pleasant. // NBM: is this the "right" way to do this? $raTable = KTUtil::getTableName('role_allocations'); $fTable = Folder::_table(); $oFolder =& Folder::get($iFolderId); // if its an invalid folder, we simply return null, since this is undefined anyway. if (PEAR::isError($oFolder)) { return null; } $parents = Folder::generateFolderIds($iFolderId); // FIXME what (if anything) do we need to do to check that this can't be used as an attack? $folders = '(' . $parents . ')'; $sQuery = "SELECT ra.id as `id` FROM " . $raTable . " AS ra " . ' LEFT JOIN ' . $fTable . ' AS f ON (f.id = ra.folder_id) ' . ' WHERE f.id IN ' . $folders . ' AND ra.role_id = ?' . ' ORDER BY CHAR_LENGTH(f.parent_folder_ids) desc, f.parent_folder_ids DESC'; $aParams = array($iRoleId); $aRoleAllocIds = DBUtil::getResultArrayKey(array($sQuery, $aParams), 'id'); if (false) { print '<pre>'; var_dump($aRoleAllocIds); print ''; print $sQuery; print '</pre>'; } if (empty($aRoleAllocIds)) { return null; } $iAllocId = $aRoleAllocIds[0]; // array pop? return RoleAllocation::get($iAllocId); }
function do_setRoleGroups() { $role_allocation_id = KTUtil::arrayGet($_REQUEST, 'allocation_id'); $oRoleAllocation = RoleAllocation::get($role_allocation_id); if (PEAR::isError($oRoleAllocation) || $oRoleAllocation === false) { $this->errorRedirectToMain(_kt('No such role allocation.'), sprintf('fFolderId=%d', $this->oFolder->getId())); } $groups = KTUtil::arrayGet($_REQUEST, 'groupFinal', ''); $aGroupIds = explode(',', $groups); // check that its not corrupt.. $aFinalGroupIds = array(); foreach ($aGroupIds as $iGroupId) { $oGroup =& Group::get($iGroupId); if (!(PEAR::isError($oGroup) || $oGroup == false)) { $aFinalGroupIds[] = $iGroupId; } } if (empty($aFinalGroupIds)) { $aFinalGroupIds = null; } // hack straight in. $oPD = $oRoleAllocation->getPermissionDescriptor(); $aAllowed = $oPD->getAllowed(); // now, grab the existing allowed and modify. $aAllowed['group'] = $aFinalGroupIds; $oRoleAllocation->setAllowed($aAllowed); $res = $oRoleAllocation->update(); if (PEAR::isError($res) || $res == false) { $this->errorRedirectToMain(_kt('Failed to change the role allocation.') . print_r($res, true), sprintf('fFolderId=%d', $this->oFolder->getId())); } $oTransaction = KTFolderTransaction::createFromArray(array('folderid' => $this->oFolder->getId(), 'comment' => _kt('Set role groups'), 'transactionNS' => 'ktcore.transactions.role_allocations_change', 'userid' => $_SESSION['userID'], 'ip' => Session::getClientIP())); $aOptions = array('defaultmessage' => _kt('Problem assigning role groups'), 'redirect_to' => array('main', sprintf('fFolderId=%d', $this->oFolder->getId()))); $this->oValidator->notErrorFalse($oTransaction, $aOptions); $this->renegeratePermissionsForRole($oRoleAllocation->getRoleId()); $this->successRedirectToMain(_kt('Allocation changed.'), sprintf('fFolderId=%d', $this->oFolder->getId())); }