function getAllowed()
{
if (!is_null($this->iPermissionDescriptorId)) {
$oDescriptor = KTPermissionDescriptor::get($this->iPermissionDescriptorId);
// fully done, etc.
$aAllowed = $oDescriptor->getAllowed();
} else {
$aAllowed = array();
}
// special case "document owner".
if ($this->iRoleId == -2) {
$oDoc = KTDocumentCore::get($this->iDocumentId);
/* ! NBM Please Review
*
* This should never be an error - we were called by PermissionUtil
* to get the details for a document, but it _is_ be a DocumentCore
* object during _add.
*
* When we try to grab the Document, it blows up on the MetadataVersion,
* so we have to use a DocumentCore to avoid a fail-out on the initial
* on-add permission check.
*
* Is this bad/evil/not appropriate in some way? I can't see a major
* issue with it...
*
*/
if (PEAR::isError($oDoc)) {
return $aAllowed;
}
// ! NBM Please review
// we cascade "owner" from the folder (if, for some _bizarre_ reason the
// owner role is allocated to users/groups/etc. this can be disabled
// with the CRACK_IS_BAD flag, or removed entirely. I am undecided.
//
// There is some argument to be made for the consistency, but it may not be
// that big. I think it _may_ lead to easily misconfigured setups, but I
// really don't know.
$CRACK_IS_BAD = false;
if (!$CRACK_IS_BAD && is_null($this->iPermissionDescriptorId)) {
$oDerivedAlloc = RoleAllocation::getAllocationsForFolderAndRole($oDoc->getFolderID(), $this->iRoleId);
if (!(PEAR::isError($oDerivedAlloc) || is_null($oDerivedAlloc))) {
$aAllowed = $oDerivedAlloc->getAllowed();
}
}
$owner_id = $oDoc->getOwnerId();
if (is_null($aAllowed['user'])) {
$aAllowed['user'] = array($owner_id);
} else {
if (array_search($owner_id, $aAllowed['user']) === false) {
$aAllowed['user'][] = $owner_id;
}
}
}
return $aAllowed;
}
