/**
* Verify if the given object is the root of the permission object
* it has assigned to it - in other words, if its parent has a
* different permission object than it.
*/
function isPermissionOwner(&$oDocumentOrFolder)
{
$oPermissionObject = KTPermissionObject::get($oDocumentOrFolder->getPermissionObjectID());
$oParentObject = KTPermissionUtil::findRootObjectForPermissionObject($oPermissionObject);
// Documents might be permission owner, but then they'd be the
// only users of that permission object.
if (is_a($oParentObject, 'Document')) {
return true;
}
// If you're a document and your permission owner isn't a
// document, that means it's some ancestor, and thus not you.
if (is_a($oDocumentOrFolder, 'Document')) {
return false;
}
// We're dealing with folders, so just compare IDs...
if ($oDocumentOrFolder->getID() == $oParentObject->getID()) {
return true;
}
return false;
}
function do_edit()
{
$this->oPage->setBreadcrumbDetails(_kt('Viewing Permissions'));
$iFolderId = $this->oFolder->getId();
$oPO = KTPermissionObject::get($this->oFolder->getPermissionObjectId());
$aOptions = array('redirect_to' => array('main', 'fFolderId=' . $iFolderId));
if (!KTBrowseUtil::inAdminMode($this->oUser, $this->oFolder)) {
$this->oValidator->userHasPermissionOnItem($this->oUser, $this->_sEditShowPermission, $this->oFolder, $aOptions);
}
// copy permissions if they were inherited
$oInherited = KTPermissionUtil::findRootObjectForPermissionObject($oPO);
if ($oInherited->getId() !== $iFolderId) {
$override = KTUtil::arrayGet($_REQUEST, 'override', false);
if (empty($override)) {
$this->errorRedirectToMain(_kt('This folder does not override its permissions'), sprintf('fFolderId=%d', $iFolderId));
}
$this->startTransaction();
$this->_copyPermissions();
$this->commitTransaction();
$oPO = KTPermissionObject::get($this->oFolder->getPermissionObjectId());
}
// permissions in JS format
$aPermissionsToJSON = array();
$aPermList = KTPermission::getList();
foreach ($aPermList as $oP) {
$aPermissionsToJSON[] = array('id' => $oP->getId(), 'name' => $oP->getHumanName());
}
$oJSON = new Services_JSON();
$sJSONPermissions = $oJSON->encode($aPermissionsToJSON);
// dynamic conditions
$aDynamicConditions = KTPermissionDynamicCondition::getByPermissionObject($oPO);
// templating
$oTemplating =& KTTemplating::getSingleton();
$oTemplate = $oTemplating->loadTemplate('ktcore/folder/permissions');
$bCanInherit = $iFolderId != 1;
global $default;
if ($default->enableESignatures) {
$sUrl = KTPluginUtil::getPluginPath('electronic.signatures.plugin', true);
$heading = _kt('You are attempting to modify permissions');
$input['type'] = 'button';
$input['onclick'] = "javascript: showSignatureForm('{$sUrl}', '{$heading}', 'ktcore.transactions.permissions_change', 'folder', 'update_permissions_form', 'submit', {$iFolderId});";
} else {
$input['type'] = 'submit';
$input['onclick'] = '';
}
$perms = $aPermList;
$docperms = KTPermission::getDocumentRelevantList();
$aTemplateData = array('iFolderId' => $iFolderId, 'roles' => Role::getList(), 'groups' => Group::getList(), 'conditions' => KTSavedSearch::getConditions(), 'dynamic_conditions' => $aDynamicConditions, 'context' => &$this, 'foldername' => $this->oFolder->getName(), 'jsonpermissions' => $sJSONPermissions, 'edit' => true, 'permissions' => $perms, 'document_permissions' => $docperms, 'can_inherit' => $bCanInherit, 'input' => $input);
return $oTemplate->render($aTemplateData);
}
/**
* Returns an associative array with permissions mapped onto users, groups and roles.
*
* @author KnowledgeTree Team
* @access public
* @access protected
*/
protected function _resolveAllocations()
{
$object = $this->folderItem->getObject();
$objectId = $object->getPermissionObjectID();
$oPO = KTPermissionObject::get($objectId);
$permissions = KTPermission::getList();
$cleanPermissions = array();
$map = array('roles' => array('active' => array(), 'map' => array()), 'users' => array('active' => array(), 'map' => array()), 'groups' => array('active' => array(), 'map' => array()), 'permissions' => array());
foreach ($permissions as $permission) {
$permissionId = $permission->getId();
$cleanPermissions[$permissionId] = false;
$map['permissions'][$permissionId] = $permission->getHumanName();
}
// The next 3 sections of code are slightly repetitive.
// Get all group permission assignments
$sql = "SELECT\n pa.permission_id, g.name, g.id\n FROM\n permission_assignments pa\n INNER JOIN permissions p ON p.id = pa.permission_id\n INNER JOIN permission_descriptor_groups pdg ON pa.permission_descriptor_id = pdg.descriptor_id\n INNER JOIN groups_lookup g ON pdg.group_id = g.id\n WHERE\n pa.permission_object_id = ?\n ORDER BY g.name\n ";
$groupPermissions = DBUtil::getResultArray(array($sql, array($objectId)));
foreach ($groupPermissions as $group) {
$groupId = $group['id'];
if (!array_key_exists($groupId, $map['groups']['active'])) {
$map['groups']['map'][$groupId] = $cleanPermissions;
}
$map['groups']['active'][$groupId] = $group['name'];
$map['groups']['map'][$groupId][$group['permission_id']] = true;
}
// Get all role permission assignments
$sql = "SELECT\n pa.permission_id, r.name, r.id\n FROM\n permission_assignments pa\n INNER JOIN permissions p ON p.id = pa.permission_id\n INNER JOIN permission_descriptor_roles pdr ON pa.permission_descriptor_id = pdr.descriptor_id\n INNER JOIN roles r ON pdr.role_id = r.id\n WHERE\n pa.permission_object_id = ?\n ORDER BY r.name\n ";
$rolePermissions = DBUtil::getResultArray(array($sql, array($objectId)));
foreach ($rolePermissions as $role) {
$roleId = $role['id'];
if (!array_key_exists($roleId, $map['roles']['active'])) {
$map['roles']['map'][$roleId] = $cleanPermissions;
}
$map['roles']['active'][$roleId] = $role['name'];
$map['roles']['map'][$roleId][$role['permission_id']] = true;
}
// Get all user permission assignments
$sql = "SELECT\n pa.permission_id, u.name, u.id\n FROM\n permission_assignments pa\n INNER JOIN permissions p ON p.id = pa.permission_id\n INNER JOIN permission_descriptor_users pdu ON pa.permission_descriptor_id = pdu.descriptor_id\n INNER JOIN users u ON pdu.user_id = u.id\n WHERE\n pa.permission_object_id = ?\n ORDER BY u.name\n ";
$userPermissions = DBUtil::getResultArray(array($sql, $objectId));
foreach ($userPermissions as $user) {
$userId = $user['id'];
if (!array_key_exists($userId, $map['users']['active'])) {
$map['users']['map'][$userId] = $cleanPermissions;
}
$map['users']['active'][$userId] = $user['name'];
$map['users']['map'][$userId][$user['permission_id']] = true;
}
// resolve editable, inherited, inheritable
$user = $this->ktapi->get_session()->get_user();
$editable = KTPermissionUtil::userHasPermissionOnItem($user, 'ktcore.permissions.security', $object) || KTBrowseUtil::inAdminMode($user, $this->folderItem);
$inherited = KTPermissionUtil::findRootObjectForPermissionObject($oPO);
$inheritedId = $inherited->getId();
$objectId = $object->getId();
$map['inherited'] = $inheritedId !== $objectId && $objectId != 1;
// only allow inheritance of permissions from parent if not inherited, -and- folder is editable
$map['inheritable'] = $editable && !$map['inherited'] && $objectId != 1;
// only allow edit if the folder is editable and not inherited
$map['editable'] = $editable && !$map['inherited'];
$this->map = $map;
$this->mapCopy = $map;
$this->changed = false;
}
<?php require_once "../../config/dmsDefaults.php"; require_once KT_LIB_DIR . '/foldermanagement/Folder.inc'; require_once KT_LIB_DIR . '/permissions/permissionutil.inc.php'; error_reporting(E_ALL); $oFolder =& Folder::get(2); $oPO = KTPermissionObject::get($oFolder->getPermissionObjectID()); $res = KTPermissionUtil::findRootObjectForPermissionObject($oPO); var_dump($res);
