function setPermissionObject()
{
global $default;
require_once KT_LIB_DIR . '/permissions/permissionobject.inc.php';
DBUtil::runQuery("UPDATE folders SET permission_folder_id = 1 WHERE id = 1");
$aBrokenFolders = DBUtil::getResultArray('SELECT id, parent_id FROM folders WHERE permission_folder_id = 0 OR permission_folder_id IS NULL ORDER BY LENGTH(parent_folder_ids)');
foreach ($aBrokenFolders as $aFolderInfo) {
$iFolderId = $aFolderInfo['id'];
$iParentFolderId = $aFolderInfo['parent_id'];
$iParentFolderPermissionFolder = DBUtil::getOneResultKey(array("SELECT permission_folder_id FROM folders WHERE id = ?", array($iParentFolderId)), 'permission_folder_id');
$res = DBUtil::whereUpdate('folders', array('permission_folder_id' => $iParentFolderPermissionFolder), array('id' => $iFolderId));
}
// First, set permission object on all folders that were
// "permission folders".
$query = "SELECT id FROM {$default->folders_table} WHERE permission_folder_id = id AND permission_object_id IS NULL";
$aIDs = DBUtil::getResultArrayKey($query, 'id');
foreach ($aIDs as $iID) {
$oPO =& KTPermissionObject::createFromArray(array());
if (PEAR::isError($oPO)) {
var_dump($oPO);
exit(0);
}
$sTableName = KTUtil::getTableName('folders');
$query = sprintf("UPDATE %s SET permission_object_id = %d WHERE id = %d", $sTableName, $oPO->getId(), $iID);
$res = DBUtil::runQuery($query);
UpgradeFunctions::_setRead($iID, $oPO);
UpgradeFunctions::_setWrite($iID, $oPO);
UpgradeFunctions::_setAddFolder($iID, $oPO);
}
// Next, set permission object on all folders that weren't
// "permission folders" by using the permission object on their
// permission folders.
$query = "SELECT id FROM {$default->folders_table} WHERE permission_object_id IS NULL";
$aIDs = DBUtil::getResultArrayKey($query, 'id');
foreach ($aIDs as $iID) {
$sTableName = KTUtil::getTableName('folders');
$query = sprintf("SELECT F2.permission_object_id AS poi FROM %s AS F LEFT JOIN %s AS F2 ON F2.id = F.permission_folder_id WHERE F.id = ?", $sTableName, $sTableName);
$aParams = array($iID);
$iPermissionObjectId = DBUtil::getOneResultKey(array($query, $aParams), 'poi');
$sTableName = KTUtil::getTableName('folders');
$query = sprintf("UPDATE %s SET permission_object_id = %d WHERE id = %d", $sTableName, $iPermissionObjectId, $iID);
DBUtil::runQuery($query);
}
$sDocumentsTable = KTUtil::getTableName('documents');
$sFoldersTable = KTUtil::getTableName('folders');
$query = sprintf("UPDATE %s AS D, %s AS F SET D.permission_object_id = F.permission_object_id WHERE D.folder_id = F.id AND D.permission_object_id IS NULL", $sDocumentsTable, $sFoldersTable);
DBUtil::runQuery($query);
}
/**
* Inherits permission object from parent, throwing away our own
* permission object.
*/
function inheritPermissionObject(&$oDocumentOrFolder, $aOptions = null)
{
global $default;
$oDocumentOrFolder->cacheGlobal = array();
$bEvenIfNotOwner = KTUtil::arrayGet($aOptions, 'evenifnotowner');
if (empty($bEvenIfNotOwner) && !KTPermissionUtil::isPermissionOwner($oDocumentOrFolder)) {
return PEAR::raiseError(_kt("Document or Folder doesn't own its permission object"));
}
$iOrigPOID = $oDocumentOrFolder->getPermissionObjectID();
$oOrigPO =& KTPermissionObject::get($iOrigPOID);
$oFolder =& Folder::get($oDocumentOrFolder->getParentID());
$iNewPOID = $oFolder->getPermissionObjectID();
$oNewPO =& KTPermissionObject::get($iNewPOID);
$oDocumentOrFolder->setPermissionObjectID($iNewPOID);
$oDocumentOrFolder->update();
if (is_a($oDocumentOrFolder, 'Document')) {
// If we're a document, no niggly children to worry about.
KTPermissionUtil::updatePermissionLookup($oDocumentOrFolder);
return;
}
// if the new and old permission object and lookup ids are the same, then we might as well bail
if ($iOrigPOID == $iNewPOID) {
if ($oDocumentOrFolder->getPermissionLookupID() == $oFolder->getPermissionLookupID()) {
// doing this, as this was done below... (not ideal to copy, but anyways...)
Document::clearAllCaches();
Folder::clearAllCaches();
return;
}
}
$iFolderID = $oDocumentOrFolder->getID();
$sFolderIDs = Folder::generateFolderIDs($iFolderID);
$sFolderIDs .= '%';
$sQuery = "UPDATE {$default->folders_table} SET\n permission_object_id = ? WHERE permission_object_id = ? AND\n parent_folder_ids LIKE ?";
$aParams = array($oNewPO->getID(), $oOrigPO->getID(), $sFolderIDs);
DBUtil::runQuery(array($sQuery, $aParams));
Folder::clearAllCaches();
// Update all documents in the folder and in the sub-folders
$sQuery = "UPDATE {$default->documents_table} SET\n permission_object_id = ? WHERE permission_object_id = ? AND\n (parent_folder_ids LIKE ? OR folder_id = ?)";
$aParams[] = $iFolderID;
DBUtil::runQuery(array($sQuery, $aParams));
Document::clearAllCaches();
KTPermissionUtil::updatePermissionLookupForPO($oNewPO);
}
/**
* Method to create the DroppedDocuments folder within the Root Folder
*
* @return string|null Returns an error message or null on success
*/
function createDropDocsFolder()
{
$root = $this->ktapi->get_root_folder();
if (PEAR::isError($root)) {
$default->log->debug('MyDropDocuments: could not get root folder ' . $root->getMessage());
return _kt('Error - could not get the root folder: ') . $root->getMessage();
}
//Create dropdocuments folder
$dropDocsFolder = $root->add_folder('DroppedDocuments');
if (PEAR::isError($dropDocsFolder)) {
$default->log->debug('MyDropDocuments: could not create DroppedDocuments folder ' . $dropDocsFolder->getMessage());
return _kt('Error - could not create the DropppedDocuments folder: ') . $dropDocsFolder->getMessage();
}
// Get the DropDocuments folder object
$dropDocsFolderObject = $dropDocsFolder->get_folder();
// The folder must define its own permissions so create a copy of the root folder
KTPermissionUtil::copyPermissionObject($dropDocsFolderObject);
// Each user is added to the WorkSpaceOwner role on their personal folder
// Check if the role exists and create it if it doesn't
if (!$this->roleExistsName('WorkSpaceOwner')) {
$oWorkSpaceOwnerRole = $this->createRole('WorkSpaceOwner');
if ($oWorkSpaceOwnerRole == null) {
return _kt('Error: Failed to create WorkSpaceOwner Role');
}
}
// Get the permission object from the dropdocuments folder object
$oDropDocsPO = KTPermissionObject::get($dropDocsFolderObject->getPermissionObjectId());
if (PEAR::isError($oDropDocsPO)) {
$default->log->debug('MyDropDocuments: could not get permission object for DroppedDocuments folder ' . $oDropDocsPO->getMessage());
return _kt('Error - could not create the DropppedDocuments folder: ') . $oDropDocsPO->getMessage();
}
// Check to see if there are duplicate WorkSpaceOwner roles.
if (count($this->getRoleIdByName('WorkSpaceOwner')) > 1) {
return _kt('Error: cannot set user role permissions: more than one role named \'WorkSpaceOwner\' exists');
}
// call the function to set the permission on the dropdocuments folder
$this->setUserDocsPermissions($oDropDocsPO);
// Assign the current user to the WorkSpaceOwner role
$this->setUserDocsRoleAllocation($dropDocsFolderObject);
return null;
}
/**
* Saves changes made by add() and remove().
*
* @author KnowledgeTree Team
* @access public
*/
public function save()
{
if (!$this->changed) {
// we don't have to do anything if nothing has changed.
return;
}
// if the current setup is inherited, then we must create a new copy to store the new associations.
if ($this->getIsInherited()) {
$this->overrideAllocation();
}
$permissions = KTPermission::getList();
$folderItemObject = $this->_logTransaction(_kt('Updated permissions'), 'ktcore.transactions.permissions_change');
$permissionObject = KTPermissionObject::get($folderItemObject->getPermissionObjectId());
// transform the map into the structure expected
foreach ($permissions as $permission) {
$permissionId = $permission->getId();
// not the association is singular here
$allowed = array('group' => array(), 'role' => array(), 'user' => array());
// fill the group allocations
foreach ($this->map['groups']['map'] as $groupId => $allocations) {
if ($allocations[$permissionId]) {
$allowed['group'][] = $groupId;
}
}
// fill the user allocations
foreach ($this->map['users']['map'] as $userId => $allocations) {
if ($allocations[$permissionId]) {
$allowed['user'][] = $userId;
}
}
// fill the role allocations
foreach ($this->map['roles']['map'] as $roleId => $allocations) {
if ($allocations[$permissionId]) {
$allowed['role'][] = $roleId;
}
}
KTPermissionUtil::setPermissionForId($permission, $permissionObject, $allowed);
}
KTPermissionUtil::updatePermissionLookupForPO($permissionObject);
// set the copy to be that of the modified version.
$this->mapCopy = $this->map;
$this->changed = false;
}
<?php require_once "../../config/dmsDefaults.php"; require_once KT_LIB_DIR . "/permissions/permissionobject.inc.php"; error_reporting(E_ALL); $res = KTPermissionObject::createFromArray(array()); var_dump($res);
function do_removeDynamicCondition()
{
$aOptions = array('redirect_to' => array('main', 'fFolderId=' . $this->oFolder->getId()));
if (!KTBrowseUtil::inAdminMode($this->oUser, $this->oFolder)) {
$this->oValidator->userHasPermissionOnItem($this->oUser, $this->_sEditShowPermission, $this->oFolder, $aOptions);
}
$aOptions = array('redirect_to' => array('edit', 'fFolderId=' . $this->oFolder->getId()));
$oDynamicCondition =& $this->oValidator->validateDynamicCondition($_REQUEST['fDynamicConditionId'], $aOptions);
$res = $oDynamicCondition->delete();
$this->oValidator->notError($res, $aOptions);
$oTransaction = KTFolderTransaction::createFromArray(array('folderid' => $this->oFolder->getId(), 'comment' => _kt('Removed dynamic permissions'), 'transactionNS' => 'ktcore.transactions.permissions_change', 'userid' => $_SESSION['userID'], 'ip' => Session::getClientIP()));
$aOptions = array('defaultmessage' => _kt('Error updating permissions'), 'redirect_to' => array('edit', sprintf('fFolderId=%d', $this->oFolder->getId())));
$this->oValidator->notErrorFalse($oTransaction, $aOptions);
$oPO = KTPermissionObject::get($this->oFolder->getPermissionObjectId());
KTPermissionUtil::updatePermissionLookupForPO($oPO);
$this->successRedirectTo('edit', _kt('Dynamic permission removed'), 'fFolderId=' . $this->oFolder->getId());
}
<?php require_once "../../config/dmsDefaults.php"; require_once KT_LIB_DIR . '/foldermanagement/Folder.inc'; require_once KT_LIB_DIR . '/permissions/permissionutil.inc.php'; error_reporting(E_ALL); $oFolder =& Folder::get(2); $oPO = KTPermissionObject::get($oFolder->getPermissionObjectID()); $res = KTPermissionUtil::findRootObjectForPermissionObject($oPO); var_dump($res);
<?php
require_once "../../config/dmsDefaults.php";
require_once KT_LIB_DIR . "/permissions/permissionobject.inc.php";
require_once KT_LIB_DIR . "/permissions/permissionassignment.inc.php";
require_once KT_LIB_DIR . "/permissions/permission.inc.php";
require_once KT_LIB_DIR . "/permissions/permissionutil.inc.php";
error_reporting(E_ALL);
$oPermissionObject = KTPermissionObject::get(22);
$oPermission = KTPermission::getByName('ktcore.permissions.read');
/*$oPermissionAssignment = KTPermissionAssignment::createFromArray(array(
'permissionid' => $oPermission->getId(),
'permissionobjectid' => $oPermissionObject->getId(),
));*/
// $oPermissionAssignment = KTPermissionAssignment::getByPermissionAndObject($oPermission, $oPermissionObject);
$aAllowed = array("group" => array(1, 2, 3, 4));
KTPermissionUtil::setPermissionForID($oPermission, $oPermissionObject, $aAllowed);
function do_resolved_users()
{
$this->oPage->setBreadcrumbDetails(_kt("Permissions"));
$oTemplate = $this->oValidator->validateTemplate("ktcore/document/resolved_permissions_user");
$oPL = KTPermissionLookup::get($this->oDocument->getPermissionLookupID());
$aPermissions = KTPermission::getList();
$aMapPermissionGroup = array();
$aMapPermissionRole = array();
$aMapPermissionUser = array();
$aUsers = User::getList();
foreach ($aPermissions as $oPermission) {
$oPLA = KTPermissionLookupAssignment::getByPermissionAndLookup($oPermission, $oPL);
if (PEAR::isError($oPLA)) {
continue;
}
$oDescriptor = KTPermissionDescriptor::get($oPLA->getPermissionDescriptorID());
$iPermissionID = $oPermission->getID();
$aMapPermissionGroup[$iPermissionID] = array();
foreach ($aUsers as $oUser) {
if (KTPermissionUtil::userHasPermissionOnItem($oUser, $oPermission, $this->oDocument)) {
$aMapPermissionUser[$iPermissionID][$oUser->getId()] = true;
$aActiveUsers[$oUser->getId()] = true;
}
}
}
// now we constitute the actual sets.
$users = array();
$groups = array();
$roles = array();
// should _always_ be empty, barring a bug in permissions::updatePermissionLookup
// this should be quite limited - direct role -> user assignment is typically rare.
foreach ($aActiveUsers as $id => $marker) {
$oUser = User::get($id);
$users[$oUser->getName()] = $oUser;
}
asort($users);
// ascending, per convention.
$bEdit = false;
$sInherited = '';
$aDynamicControls = array();
$aWorkflowControls = array();
// handle conditions
$iPermissionObjectId = $this->oDocument->getPermissionObjectID();
if (!empty($iPermissionObjectId)) {
$oPO = KTPermissionObject::get($iPermissionObjectId);
$aDynamicConditions = KTPermissionDynamicCondition::getByPermissionObject($oPO);
if (!PEAR::isError($aDynamicConditions)) {
foreach ($aDynamicConditions as $oDynamicCondition) {
$iConditionId = $oDynamicCondition->getConditionId();
if (KTSearchUtil::testConditionOnDocument($iConditionId, $this->oDocument)) {
$aPermissionIds = $oDynamicCondition->getAssignment();
foreach ($aPermissionIds as $iPermissionId) {
$aDynamicControls[$iPermissionId] = true;
}
}
}
}
}
// indicate that workflow controls a given permission
$oState = KTWorkflowUtil::getWorkflowStateForDocument($this->oDocument);
if (!(PEAR::isError($oState) || is_null($oState) || $oState == false)) {
$aWorkflowStatePermissionAssignments = KTWorkflowStatePermissionAssignment::getByState($oState);
foreach ($aWorkflowStatePermissionAssignments as $oAssignment) {
$aWorkflowControls[$oAssignment->getPermissionId()] = true;
unset($aDynamicControls[$oAssignment->getPermissionId()]);
}
}
$aTemplateData = array("context" => $this, "permissions" => $aPermissions, "groups" => $groups, "users" => $users, "roles" => $roles, "oDocument" => $this->oDocument, "aMapPermissionGroup" => $aMapPermissionGroup, "aMapPermissionRole" => $aMapPermissionRole, "aMapPermissionUser" => $aMapPermissionUser, "edit" => $bEdit, "inherited" => $sInherited, 'workflow_controls' => $aWorkflowControls, 'conditions_control' => $aDynamicControls);
return $oTemplate->render($aTemplateData);
}
function do_updateSearch()
{
$id = KTUtil::arrayGet($_REQUEST, 'fSavedSearchId');
$sName = KTUtil::arrayGet($_REQUEST, 'name');
$oSearch = KTSavedSearch::get($id);
if (PEAR::isError($oSearch) || $oSearch == false) {
$this->errorRedirectToMain('No such dynamic condition');
}
$datavars = KTUtil::arrayGet($_REQUEST, 'boolean_search');
if (!is_array($datavars)) {
$datavars = unserialize($datavars);
}
if (empty($datavars)) {
$this->errorRedirectToMain(_kt('You need to have at least 1 condition.'));
}
//$sName = "Neil's saved search";
if (!empty($sName)) {
$oSearch->setName($sName);
}
$oSearch->setSearch($datavars);
$res = $oSearch->update();
$this->oValidator->notError($res, array('redirect_to' => 'main', 'message' => _kt('Search not saved')));
// Update permission object if exists
$sWhere = 'condition_id = ?';
$aParams = array($id);
$aPermissionObjects = KTPermissionDynamicCondition::getPermissionObjectIdList($sWhere, $aParams);
if (!PEAR::isError($aPermissionObjects) && !empty($aPermissionObjects)) {
// update permission objects
foreach ($aPermissionObjects as $iPermObjectId) {
$oPO = KTPermissionObject::get($iPermObjectId['permission_object_id']);
KTPermissionUtil::updatePermissionLookupForPO($oPO);
}
}
$this->successRedirectToMain(_kt('Dynamic condition saved'));
}
