/**
* Overrides a role allocation
*
* @author KnowledgeTree Team
* @access public
* @param KTAPI_Role $role
*/
public function overrideRoleAllocation(KTAPI_Role $role)
{
$roleId = $role->Id;
$object = $this->folderItem->getObject();
$objectId = $object->getId();
$parentId = $object->getParentID();
// FIXME do we need to check that this role _isn't_ allocated?
$roleAllocation = new RoleAllocation();
$roleAllocation->setFolderId($objectId);
$roleAllocation->setRoleId($roleId);
// create a new permission descriptor.
// FIXME we really want to duplicate the original (if it exists)
$allowed = array();
// no-op, for now.
$roleAllocation->setAllowed($allowed);
$res = $roleAllocation->create();
$this->_logTransaction(_kt('Override parent allocation'), 'ktcore.transactions.role_allocations_change');
// inherit parent permissions
$parentAllocation = RoleAllocation::getAllocationsForFolderAndRole($parentId, $roleId);
if (!is_null($parentAllocation) && !PEAR::isError($parentAllocation)) {
$descriptor = $parentAllocation->getPermissionDescriptor();
$allowed = $descriptor->getAllowed();
$allowed = array('user' => $allowed['user'], 'group' => $allowed['group']);
$roleAllocation->setAllowed($allowed);
$res = $roleAllocation->update();
}
// regenerate permissions
$this->_regeneratePermissionsForRole($roleId);
return $roleAllocation;
}
function updatePersonalFolderRoleAllocation($oPersonalFolder)
{
//Assign user to the WorkSpaceOwner role
$personalFolderID = $oPersonalFolder->getId();
$tempWorkSpaceOwnerRoleID = $this->getRoleIdByName('WorkSpaceOwner');
$WorkSpaceOwnerRoleID = $tempWorkSpaceOwnerRoleID[0]['id'];
$oRoleAllocation = new RoleAllocation();
if ($oRoleAllocation == null) {
$this->session->logout();
return _kt('Error: Cannot create WorkSpaceOwner role allocation on personal folder');
}
$oRoleAllocation->setFolderId($personalFolderID);
$oRoleAllocation->setRoleId($WorkSpaceOwnerRoleID);
$aRoleAllowed = array();
$oRoleAllocation->setAllowed($aRoleAllowed);
//It might be a problem that i'm not doing a "start transaction" here.
//Unable to roll back in event of db failure
$res = $oRoleAllocation->create();
if (!$res === true) {
$this->session->logout();
return _kt('Error: cannot create role allocation');
}
//The role is first created and then the current user is allocated to the role below
$oPD = $oRoleAllocation->getPermissionDescriptor();
$aRoleAssignAllowed = $oPD->getAllowed();
$aUserId[] = $this->oUser->getId();
$aRoleAssignAllowed['user'] = $aUserId;
$oRoleAllocation->setAllowed($aRoleAssignAllowed);
$res = $oRoleAllocation->update();
$this->renegeratePermissionsForRole($oRoleAllocation->getRoleId(), $personalFolderID);
}
function rootoverride($role_id)
{
if ($this->oFolder->getId() != 1) {
$this->errorRedirectToMain(_kt("Cannot create allocation for non-root locations."));
}
$oRoleAllocation = new RoleAllocation();
$oRoleAllocation->setFolderId($this->oFolder->getId());
$oRoleAllocation->setRoleId($role_id);
// create a new permission descriptor.
// FIXME we really want to duplicate the original (if it exists)
$aAllowed = array();
// no-op, for now.
$this->startTransaction();
$oRoleAllocation->setAllowed($aAllowed);
$res = $oRoleAllocation->create();
if (PEAR::isError($res) || $res == false) {
$this->errorRedirectToMain(_kt('Failed to create the role allocation.') . print_r($res, true), sprintf('fFolderId=%d', $this->oFolder->getId()));
}
return $oRoleAllocation;
}
