function getAllowed() { if (!is_null($this->iPermissionDescriptorId)) { $oDescriptor = KTPermissionDescriptor::get($this->iPermissionDescriptorId); // fully done, etc. $aAllowed = $oDescriptor->getAllowed(); } else { $aAllowed = array(); } // special case "document owner". if ($this->iRoleId == -2) { $oDoc = KTDocumentCore::get($this->iDocumentId); /* ! NBM Please Review * * This should never be an error - we were called by PermissionUtil * to get the details for a document, but it _is_ be a DocumentCore * object during _add. * * When we try to grab the Document, it blows up on the MetadataVersion, * so we have to use a DocumentCore to avoid a fail-out on the initial * on-add permission check. * * Is this bad/evil/not appropriate in some way? I can't see a major * issue with it... * */ if (PEAR::isError($oDoc)) { return $aAllowed; } // ! NBM Please review // we cascade "owner" from the folder (if, for some _bizarre_ reason the // owner role is allocated to users/groups/etc. this can be disabled // with the CRACK_IS_BAD flag, or removed entirely. I am undecided. // // There is some argument to be made for the consistency, but it may not be // that big. I think it _may_ lead to easily misconfigured setups, but I // really don't know. $CRACK_IS_BAD = false; if (!$CRACK_IS_BAD && is_null($this->iPermissionDescriptorId)) { $oDerivedAlloc = RoleAllocation::getAllocationsForFolderAndRole($oDoc->getFolderID(), $this->iRoleId); if (!(PEAR::isError($oDerivedAlloc) || is_null($oDerivedAlloc))) { $aAllowed = $oDerivedAlloc->getAllowed(); } } $owner_id = $oDoc->getOwnerId(); if (is_null($aAllowed['user'])) { $aAllowed['user'] = array($owner_id); } else { if (array_search($owner_id, $aAllowed['user']) === false) { $aAllowed['user'][] = $owner_id; } } } return $aAllowed; }