/**
* Overrides a role allocation
*
* @author KnowledgeTree Team
* @access public
* @param KTAPI_Role $role
*/
public function overrideRoleAllocation(KTAPI_Role $role)
{
$roleId = $role->Id;
$object = $this->folderItem->getObject();
$objectId = $object->getId();
$parentId = $object->getParentID();
// FIXME do we need to check that this role _isn't_ allocated?
$roleAllocation = new RoleAllocation();
$roleAllocation->setFolderId($objectId);
$roleAllocation->setRoleId($roleId);
// create a new permission descriptor.
// FIXME we really want to duplicate the original (if it exists)
$allowed = array();
// no-op, for now.
$roleAllocation->setAllowed($allowed);
$res = $roleAllocation->create();
$this->_logTransaction(_kt('Override parent allocation'), 'ktcore.transactions.role_allocations_change');
// inherit parent permissions
$parentAllocation = RoleAllocation::getAllocationsForFolderAndRole($parentId, $roleId);
if (!is_null($parentAllocation) && !PEAR::isError($parentAllocation)) {
$descriptor = $parentAllocation->getPermissionDescriptor();
$allowed = $descriptor->getAllowed();
$allowed = array('user' => $allowed['user'], 'group' => $allowed['group']);
$roleAllocation->setAllowed($allowed);
$res = $roleAllocation->update();
}
// regenerate permissions
$this->_regeneratePermissionsForRole($roleId);
return $roleAllocation;
}
function updatePersonalFolderRoleAllocation($oPersonalFolder)
{
//Assign user to the WorkSpaceOwner role
$personalFolderID = $oPersonalFolder->getId();
$tempWorkSpaceOwnerRoleID = $this->getRoleIdByName('WorkSpaceOwner');
$WorkSpaceOwnerRoleID = $tempWorkSpaceOwnerRoleID[0]['id'];
$oRoleAllocation = new RoleAllocation();
if ($oRoleAllocation == null) {
$this->session->logout();
return _kt('Error: Cannot create WorkSpaceOwner role allocation on personal folder');
}
$oRoleAllocation->setFolderId($personalFolderID);
$oRoleAllocation->setRoleId($WorkSpaceOwnerRoleID);
$aRoleAllowed = array();
$oRoleAllocation->setAllowed($aRoleAllowed);
//It might be a problem that i'm not doing a "start transaction" here.
//Unable to roll back in event of db failure
$res = $oRoleAllocation->create();
if (!$res === true) {
$this->session->logout();
return _kt('Error: cannot create role allocation');
}
//The role is first created and then the current user is allocated to the role below
$oPD = $oRoleAllocation->getPermissionDescriptor();
$aRoleAssignAllowed = $oPD->getAllowed();
$aUserId[] = $this->oUser->getId();
$aRoleAssignAllowed['user'] = $aUserId;
$oRoleAllocation->setAllowed($aRoleAssignAllowed);
$res = $oRoleAllocation->update();
$this->renegeratePermissionsForRole($oRoleAllocation->getRoleId(), $personalFolderID);
}
function do_overrideParent()
{
$role_id = KTUtil::arrayGet($_REQUEST, 'role_id', null);
$oRole = Role::get($role_id);
if (PEAR::isError($oRole)) {
$this->errorRedirectToMain(_kt('Invalid Role.'));
}
// FIXME do we need to check that this role _isn't_ allocated?
$oRoleAllocation = new RoleAllocation();
$oRoleAllocation->setFolderId($this->oFolder->getId());
$oRoleAllocation->setRoleId($role_id);
// create a new permission descriptor.
// FIXME we really want to duplicate the original (if it exists)
$aAllowed = array();
// no-op, for now.
$this->startTransaction();
$oRoleAllocation->setAllowed($aAllowed);
$res = $oRoleAllocation->create();
if (PEAR::isError($res) || $res == false) {
$this->errorRedirectToMain(_kt('Failed to create the role allocation.') . print_r($res, true), sprintf('fFolderId=%d', $this->oFolder->getId()));
}
$oTransaction = KTFolderTransaction::createFromArray(array('folderid' => $this->oFolder->getId(), 'comment' => _kt('Override parent allocation'), 'transactionNS' => 'ktcore.transactions.role_allocations_change', 'userid' => $_SESSION['userID'], 'ip' => Session::getClientIP()));
$aOptions = array('defaultmessage' => _kt('Error creating allocation'), 'redirect_to' => array('main', sprintf('fFolderId=%d', $this->oFolder->getId())));
$this->oValidator->notErrorFalse($oTransaction, $aOptions);
// inherit parent permissions
$oParentAllocation = RoleAllocation::getAllocationsForFolderAndRole($this->oFolder->getParentID(), $role_id);
if (!is_null($oParentAllocation) && !PEAR::isError($oParentAllocation)) {
$oPD = $oParentAllocation->getPermissionDescriptor();
$aAllowed = $oPD->getAllowed();
$userids = $aAllowed['user'];
$groupids = $aAllowed['group'];
// now lets update for the new allocation
$oPD = $oRoleAllocation->getPermissionDescriptor();
$aAllowed = $oPD->getAllowed();
$aAllowed['user'] = $userids;
$aAllowed['group'] = $groupids;
$oRoleAllocation->setAllowed($aAllowed);
$res = $oRoleAllocation->update();
if (PEAR::isError($res) || $res == false) {
$this->errorRedirectToMain(_kt('Failed to create the role allocation.') . print_r($res, true), sprintf('fFolderId=%d', $this->oFolder->getId()));
}
}
// regenerate permissions
$this->renegeratePermissionsForRole($oRoleAllocation->getRoleId());
$this->successRedirectToMain(_kt('Role allocation created.'), sprintf('fFolderId=%d', $this->oFolder->getId()));
}
