/** * Returns an array containing all the permissions for the specified item. * The ugroups that have no permission defined in the request take the permission of the parent folder. */ function _get_permissions_as_array($group_id, $item_id, $permissions) { $permissions_array = array(); $perms = array('PLUGIN_DOCMAN_READ', 'PLUGIN_DOCMAN_WRITE', 'PLUGIN_DOCMAN_MANAGE'); // Get the ugroups of the parent $ugroups = permission_get_ugroups_permissions($group_id, $item_id, $perms, false); // Initialize the ugroup permissions to the same values as the parent folder foreach ($ugroups as $ugroup) { $ugroup_id = $ugroup['ugroup']['id']; $permissions_array[$ugroup_id] = 100; foreach ($perms as $perm) { if (isset($ugroup['permissions'][$perm])) { $permissions_array[$ugroup_id] = Docman_PermissionsManager::getDefinitionIndexForPermission($perm); } } } // Set the SOAP-provided permissions foreach ($permissions as $index => $permission) { $ugroup_id = $permission->ugroup_id; if (isset($permissions_array[$ugroup_id])) { $permissions_array[$ugroup_id] = Docman_PermissionsManager::getDefinitionIndexForPermission($permission->type); } } return $permissions_array; }
/** * Set the permission for a ugroup on an item. * * The difficult part of the algorithm comes from two point: * - There is a hierarchy between ugroups (@see ugroup_get_parent) * - There is a hierarchy between permissions (READ < WRITE < MANAGE) * * Let's see a scenario: * I've selected WRITE permission for Registered users and READ permission for Project Members * => Project Members ARE registered users therefore they have WRITE permission. * => WRITE is stronger than READ permission. * So the permissions wich will be set are: WRITE for registered and WRITE for project members * * The force parameter must be set to true if you want to bypass permissions checking (@see permission_add_ugroup). * Pretty difficult to know if a user can update the permissions which does not exist for a new item... * * @param $group_id integer The id of the project * @param $item_id integer The id of the item * @param $permission_definition array The definission of the permission (pretty name, relations between perms, internal name, ...) * @param $old_permissions array The permissions before * @param &$done_permissions array The permissions after * @param $ugroup_id The ugroup_id we want to set permission now * @param $wanted_permissions array The permissions the user has asked * @param &$history array Does a permission has been set ? * @param $force boolean true if you want to bypass permissions checking (@see permission_add_ugroup). * * @access protected */ function _setPermission($group_id, $item_id, $permission_definition, $old_permissions, &$done_permissions, $ugroup_id, $wanted_permissions, &$history, $force = false) { //Do nothing if we have already choose a permission for ugroup if (!isset($done_permissions[$ugroup_id])) { //if the ugroup has a parent if (($parent = ugroup_get_parent($ugroup_id)) !== false) { //first choose the permission for the parent $this->_setPermission($group_id, $item_id, $permission_definition, $old_permissions, $done_permissions, $parent, $wanted_permissions, $history, $force); //is there a conflict between given permissions? if ($parent = $this->_getBiggerOrEqualParent($permission_definition, $done_permissions, $parent, $wanted_permissions[$ugroup_id])) { //warn the user that there was a conflict $this->_controler->feedback->log('warning', $GLOBALS['Language']->getText('plugin_docman', 'warning_perms', array($old_permissions[$ugroup_id]['ugroup']['name'], $old_permissions[$parent]['ugroup']['name'], $permission_definition[$done_permissions[$parent]]['label']))); //remove permissions which was set for the ugroup if (count($old_permissions[$ugroup_id]['permissions'])) { foreach ($old_permissions[$ugroup_id]['permissions'] as $permission => $nop) { permission_clear_ugroup_object($group_id, $permission, $ugroup_id, $item_id); $history[$permission] = true; } } //The permission is none (default) for this ugroup $done_permissions[$ugroup_id] = 100; } } //If the permissions have not been set (no parent || no conflict) if (!isset($done_permissions[$ugroup_id])) { //remove permissions if needed $perms_cleared = false; if (count($old_permissions[$ugroup_id]['permissions'])) { foreach ($old_permissions[$ugroup_id]['permissions'] as $permission => $nop) { if ($permission != $permission_definition[$wanted_permissions[$ugroup_id]]['type']) { //The permission has been changed permission_clear_ugroup_object($group_id, $permission, $ugroup_id, $item_id); $history[$permission] = true; $perms_cleared = true; $done_permissions[$ugroup_id] = 100; } else { //keep the old permission $done_permissions[$ugroup_id] = Docman_PermissionsManager::getDefinitionIndexForPermission($permission); } } } //If the user set an explicit permission and there was no perms before or they have been removed if ($wanted_permissions[$ugroup_id] != 100 && (!count($old_permissions[$ugroup_id]['permissions']) || $perms_cleared)) { //Then give the permission $permission = $permission_definition[$wanted_permissions[$ugroup_id]]['type']; permission_add_ugroup($group_id, $permission, $item_id, $ugroup_id, $force); $history[$permission] = true; $done_permissions[$ugroup_id] = $wanted_permissions[$ugroup_id]; } else { //else set none(default) permission $done_permissions[$ugroup_id] = 100; } } } }