function do_edit() { $this->oPage->setBreadcrumbDetails(_kt('Viewing Permissions')); $iFolderId = $this->oFolder->getId(); $oPO = KTPermissionObject::get($this->oFolder->getPermissionObjectId()); $aOptions = array('redirect_to' => array('main', 'fFolderId=' . $iFolderId)); if (!KTBrowseUtil::inAdminMode($this->oUser, $this->oFolder)) { $this->oValidator->userHasPermissionOnItem($this->oUser, $this->_sEditShowPermission, $this->oFolder, $aOptions); } // copy permissions if they were inherited $oInherited = KTPermissionUtil::findRootObjectForPermissionObject($oPO); if ($oInherited->getId() !== $iFolderId) { $override = KTUtil::arrayGet($_REQUEST, 'override', false); if (empty($override)) { $this->errorRedirectToMain(_kt('This folder does not override its permissions'), sprintf('fFolderId=%d', $iFolderId)); } $this->startTransaction(); $this->_copyPermissions(); $this->commitTransaction(); $oPO = KTPermissionObject::get($this->oFolder->getPermissionObjectId()); } // permissions in JS format $aPermissionsToJSON = array(); $aPermList = KTPermission::getList(); foreach ($aPermList as $oP) { $aPermissionsToJSON[] = array('id' => $oP->getId(), 'name' => $oP->getHumanName()); } $oJSON = new Services_JSON(); $sJSONPermissions = $oJSON->encode($aPermissionsToJSON); // dynamic conditions $aDynamicConditions = KTPermissionDynamicCondition::getByPermissionObject($oPO); // templating $oTemplating =& KTTemplating::getSingleton(); $oTemplate = $oTemplating->loadTemplate('ktcore/folder/permissions'); $bCanInherit = $iFolderId != 1; global $default; if ($default->enableESignatures) { $sUrl = KTPluginUtil::getPluginPath('electronic.signatures.plugin', true); $heading = _kt('You are attempting to modify permissions'); $input['type'] = 'button'; $input['onclick'] = "javascript: showSignatureForm('{$sUrl}', '{$heading}', 'ktcore.transactions.permissions_change', 'folder', 'update_permissions_form', 'submit', {$iFolderId});"; } else { $input['type'] = 'submit'; $input['onclick'] = ''; } $perms = $aPermList; $docperms = KTPermission::getDocumentRelevantList(); $aTemplateData = array('iFolderId' => $iFolderId, 'roles' => Role::getList(), 'groups' => Group::getList(), 'conditions' => KTSavedSearch::getConditions(), 'dynamic_conditions' => $aDynamicConditions, 'context' => &$this, 'foldername' => $this->oFolder->getName(), 'jsonpermissions' => $sJSONPermissions, 'edit' => true, 'permissions' => $perms, 'document_permissions' => $docperms, 'can_inherit' => $bCanInherit, 'input' => $input); return $oTemplate->render($aTemplateData); }
/** * Copy the object's parents permission object details, in * preparation for the object to have different permissions from its * parent. */ function copyPermissionObject(&$oDocumentOrFolder) { global $default; $oOrigPO = KTPermissionObject::get($oDocumentOrFolder->getPermissionObjectID()); $aOrigPAs =& KTPermissionAssignment::getByObjectMulti($oOrigPO); $oNewPO = KTPermissionObject::createFromArray(array()); foreach ($aOrigPAs as $oOrigPA) { $oNewPA = KTPermissionAssignment::createFromArray(array('permissionid' => $oOrigPA->getPermissionID(), 'permissionobjectid' => $oNewPO->getID(), 'permissiondescriptorid' => $oOrigPA->getPermissionDescriptorID())); } $oDocumentOrFolder->setPermissionObjectID($oNewPO->getID()); $oDocumentOrFolder->update(); // copy any dynamic conditions $aDPO = KTPermissionDynamicCondition::getByPermissionObject($oOrigPO); foreach ($aDPO as $oOrigDC) { $oNewDC = KTPermissionDynamicCondition::createFromArray(array('permissionobjectid' => $oNewPO->getId(), 'groupid' => $oOrigDC->getGroupId(), 'conditionid' => $oOrigDC->getConditionId())); $oNewDC->saveAssignment($oOrigDC->getAssignment()); } if (!is_a($oDocumentOrFolder, 'Folder')) { KTPermissionUtil::updatePermissionLookup($oDocumentOrFolder); return; } // For a folder - update permission object for all folders and // documents under this current folder if they're using the old // permission object id. If they are, then they're getting the // permission object via this folder. If they are not, then // they have their own permission object management, and thus // this folder has no effect on their permissions. $iFolderID = $oDocumentOrFolder->getID(); $sFolderIDs = Folder::generateFolderIDs($iFolderID); $sFolderIDs .= '%'; $sQuery = "UPDATE {$default->folders_table} SET\n permission_object_id = ? WHERE permission_object_id = ? AND\n parent_folder_ids LIKE ?"; $aParams = array($oNewPO->getID(), $oOrigPO->getID(), $sFolderIDs); DBUtil::runQuery(array($sQuery, $aParams)); Folder::clearAllCaches(); $sQuery = "UPDATE {$default->documents_table} SET\n permission_object_id = ? WHERE permission_object_id = ? AND\n (parent_folder_ids LIKE ? OR folder_id = ?)"; $aParams[] = $iFolderID; DBUtil::runQuery(array($sQuery, $aParams)); Document::clearAllCaches(); // All objects using this PO must be new and must need their // lookups updated... KTPermissionUtil::updatePermissionLookupForPO($oNewPO); }
function do_resolved_users() { $this->oPage->setBreadcrumbDetails(_kt("Permissions")); $oTemplate = $this->oValidator->validateTemplate("ktcore/document/resolved_permissions_user"); $oPL = KTPermissionLookup::get($this->oDocument->getPermissionLookupID()); $aPermissions = KTPermission::getList(); $aMapPermissionGroup = array(); $aMapPermissionRole = array(); $aMapPermissionUser = array(); $aUsers = User::getList(); foreach ($aPermissions as $oPermission) { $oPLA = KTPermissionLookupAssignment::getByPermissionAndLookup($oPermission, $oPL); if (PEAR::isError($oPLA)) { continue; } $oDescriptor = KTPermissionDescriptor::get($oPLA->getPermissionDescriptorID()); $iPermissionID = $oPermission->getID(); $aMapPermissionGroup[$iPermissionID] = array(); foreach ($aUsers as $oUser) { if (KTPermissionUtil::userHasPermissionOnItem($oUser, $oPermission, $this->oDocument)) { $aMapPermissionUser[$iPermissionID][$oUser->getId()] = true; $aActiveUsers[$oUser->getId()] = true; } } } // now we constitute the actual sets. $users = array(); $groups = array(); $roles = array(); // should _always_ be empty, barring a bug in permissions::updatePermissionLookup // this should be quite limited - direct role -> user assignment is typically rare. foreach ($aActiveUsers as $id => $marker) { $oUser = User::get($id); $users[$oUser->getName()] = $oUser; } asort($users); // ascending, per convention. $bEdit = false; $sInherited = ''; $aDynamicControls = array(); $aWorkflowControls = array(); // handle conditions $iPermissionObjectId = $this->oDocument->getPermissionObjectID(); if (!empty($iPermissionObjectId)) { $oPO = KTPermissionObject::get($iPermissionObjectId); $aDynamicConditions = KTPermissionDynamicCondition::getByPermissionObject($oPO); if (!PEAR::isError($aDynamicConditions)) { foreach ($aDynamicConditions as $oDynamicCondition) { $iConditionId = $oDynamicCondition->getConditionId(); if (KTSearchUtil::testConditionOnDocument($iConditionId, $this->oDocument)) { $aPermissionIds = $oDynamicCondition->getAssignment(); foreach ($aPermissionIds as $iPermissionId) { $aDynamicControls[$iPermissionId] = true; } } } } } // indicate that workflow controls a given permission $oState = KTWorkflowUtil::getWorkflowStateForDocument($this->oDocument); if (!(PEAR::isError($oState) || is_null($oState) || $oState == false)) { $aWorkflowStatePermissionAssignments = KTWorkflowStatePermissionAssignment::getByState($oState); foreach ($aWorkflowStatePermissionAssignments as $oAssignment) { $aWorkflowControls[$oAssignment->getPermissionId()] = true; unset($aDynamicControls[$oAssignment->getPermissionId()]); } } $aTemplateData = array("context" => $this, "permissions" => $aPermissions, "groups" => $groups, "users" => $users, "roles" => $roles, "oDocument" => $this->oDocument, "aMapPermissionGroup" => $aMapPermissionGroup, "aMapPermissionRole" => $aMapPermissionRole, "aMapPermissionUser" => $aMapPermissionUser, "edit" => $bEdit, "inherited" => $sInherited, 'workflow_controls' => $aWorkflowControls, 'conditions_control' => $aDynamicControls); return $oTemplate->render($aTemplateData); }