/** * Remove a user's permissions from a specific node in Alfresco. * * @param string $username The Alfresco user's username. * @param string $uuid The Alfresco node UUID. * @return bool True on success, False otherwise. */ function remove_permissions($username, $uuid) { // Get all of the permissions that this user has set to ALLOW on this node and then remove them. if ($permissions = elis_files_get_permissions($uuid, $username)) { foreach ($permissions as $permission) { if (!elis_files_set_permission($username, $uuid, $permission, ELIS_FILES_CAPABILITY_ALLOWED)) { return false; } } } return true; }
/** * Handle the event when a user is unassigned from a user set. * * @uses $DB * @param object $usersetinfo The ELIS crlm_cluster_assignments record object. * @return bool True on success or failure (event handlers must always return true). */ function elis_files_userset_deassigned($usersetinfo) { global $DB; // Only proceed here if we have valid userid,clusterid & the Alfresco plug-in is actually enabled. if (empty($usersetinfo->userid) || empty($usersetinfo->clusterid) || !($repo = repository_factory::factory('elisfiles'))) { return true; } $user = new user($usersetinfo->userid); // Get the Moodle user info from the CM user record. if (!$muser = $user->get_moodleuser()) { return true; } if (!($userset = $DB->get_record(userset::TABLE, array('id' => $usersetinfo->clusterid)))) { return true; } if (!file_exists(elispm::file('plugins/usetclassify/usersetclassification.class.php'))) { return true; } require_once(elispm::file('plugins/usetclassify/usersetclassification.class.php')); // Get the extra user set data and ensure it is present before proceeding. $usersetdata = usersetclassification::get_for_cluster($userset); if (empty($usersetdata->params)) { return true; } $usersetparams = unserialize($usersetdata->params); // Make sure this user set has the Alfresco shared folder property defined if (empty($usersetparams['elis_files_shared_folder'])) { return true; } // Does this organization have an Alfresco storage space? if (!$uuid = $repo->get_userset_store($userset->id, false)) { return true; } $context = \local_elisprogram\context\userset::instance($userset->id); $sql = 'SELECT rc.* FROM {role_assignments} ra INNER JOIN {role} r ON ra.roleid = r.id INNER JOIN {role_capabilities} rc ON r.id = rc.roleid WHERE ra.contextid = :contextid AND ra.userid = :userid AND rc.capability IN (:cap1, :cap2) AND rc.permission = '.CAP_ALLOW; $params = array( 'contextid' => $context->id, 'userid' => $muser->id, 'cap1' => 'repository/elisfiles:createusersetcontent', 'cap2' => 'local/elisprogram:userset_enrol' ); // Check if the user has a specific role assignment on the user set context with the editing capability if ($DB->record_exists_sql($sql, $params)) { // Remove all non-editing permissions for this user on the organization shared space. if ($permissions = elis_files_get_permissions($uuid, $muser->username)) { foreach ($permissions as $permission) { // Do not remove editing permissions if this user still actually has a user set membership. if ($permission == ELIS_FILES_ROLE_COLLABORATOR) { continue; } elis_files_set_permission($muser->username, $uuid, $permission, ELIS_FILES_CAPABILITY_DENIED); } } // Remove all permissions for this user on the organization shared space. } else if ($permissions = elis_files_get_permissions($uuid, $muser->username)) { require_once(elispm::lib('data/clusterassignment.class.php')); foreach ($permissions as $permission) { // Do not remove view permissions if this user still actually has a user set membership. $params = array( 'userid' => $usersetinfo->userid, 'clusterid' => $userset->id ); if ($permission == ELIS_FILES_ROLE_CONSUMER && $DB->record_exists(clusterassignment::TABLE, $params)) { continue; } elis_files_set_permission($muser->username, $uuid, $permission, ELIS_FILES_CAPABILITY_DENIED); } } return true; }