function updatePersonalFolderRoleAllocation($oPersonalFolder) { //Assign user to the WorkSpaceOwner role $personalFolderID = $oPersonalFolder->getId(); $tempWorkSpaceOwnerRoleID = $this->getRoleIdByName('WorkSpaceOwner'); $WorkSpaceOwnerRoleID = $tempWorkSpaceOwnerRoleID[0]['id']; $oRoleAllocation = new RoleAllocation(); if ($oRoleAllocation == null) { $this->session->logout(); return _kt('Error: Cannot create WorkSpaceOwner role allocation on personal folder'); } $oRoleAllocation->setFolderId($personalFolderID); $oRoleAllocation->setRoleId($WorkSpaceOwnerRoleID); $aRoleAllowed = array(); $oRoleAllocation->setAllowed($aRoleAllowed); //It might be a problem that i'm not doing a "start transaction" here. //Unable to roll back in event of db failure $res = $oRoleAllocation->create(); if (!$res === true) { $this->session->logout(); return _kt('Error: cannot create role allocation'); } //The role is first created and then the current user is allocated to the role below $oPD = $oRoleAllocation->getPermissionDescriptor(); $aRoleAssignAllowed = $oPD->getAllowed(); $aUserId[] = $this->oUser->getId(); $aRoleAssignAllowed['user'] = $aUserId; $oRoleAllocation->setAllowed($aRoleAssignAllowed); $res = $oRoleAllocation->update(); $this->renegeratePermissionsForRole($oRoleAllocation->getRoleId(), $personalFolderID); }
function do_overrideParent() { $role_id = KTUtil::arrayGet($_REQUEST, 'role_id', null); $oRole = Role::get($role_id); if (PEAR::isError($oRole)) { $this->errorRedirectToMain(_kt('Invalid Role.')); } // FIXME do we need to check that this role _isn't_ allocated? $oRoleAllocation = new RoleAllocation(); $oRoleAllocation->setFolderId($this->oFolder->getId()); $oRoleAllocation->setRoleId($role_id); // create a new permission descriptor. // FIXME we really want to duplicate the original (if it exists) $aAllowed = array(); // no-op, for now. $this->startTransaction(); $oRoleAllocation->setAllowed($aAllowed); $res = $oRoleAllocation->create(); if (PEAR::isError($res) || $res == false) { $this->errorRedirectToMain(_kt('Failed to create the role allocation.') . print_r($res, true), sprintf('fFolderId=%d', $this->oFolder->getId())); } $oTransaction = KTFolderTransaction::createFromArray(array('folderid' => $this->oFolder->getId(), 'comment' => _kt('Override parent allocation'), 'transactionNS' => 'ktcore.transactions.role_allocations_change', 'userid' => $_SESSION['userID'], 'ip' => Session::getClientIP())); $aOptions = array('defaultmessage' => _kt('Error creating allocation'), 'redirect_to' => array('main', sprintf('fFolderId=%d', $this->oFolder->getId()))); $this->oValidator->notErrorFalse($oTransaction, $aOptions); // inherit parent permissions $oParentAllocation = RoleAllocation::getAllocationsForFolderAndRole($this->oFolder->getParentID(), $role_id); if (!is_null($oParentAllocation) && !PEAR::isError($oParentAllocation)) { $oPD = $oParentAllocation->getPermissionDescriptor(); $aAllowed = $oPD->getAllowed(); $userids = $aAllowed['user']; $groupids = $aAllowed['group']; // now lets update for the new allocation $oPD = $oRoleAllocation->getPermissionDescriptor(); $aAllowed = $oPD->getAllowed(); $aAllowed['user'] = $userids; $aAllowed['group'] = $groupids; $oRoleAllocation->setAllowed($aAllowed); $res = $oRoleAllocation->update(); if (PEAR::isError($res) || $res == false) { $this->errorRedirectToMain(_kt('Failed to create the role allocation.') . print_r($res, true), sprintf('fFolderId=%d', $this->oFolder->getId())); } } // regenerate permissions $this->renegeratePermissionsForRole($oRoleAllocation->getRoleId()); $this->successRedirectToMain(_kt('Role allocation created.'), sprintf('fFolderId=%d', $this->oFolder->getId())); }