function setAllowed($aAllowed)
{
$oDescriptor = KTPermissionUtil::getOrCreateDescriptor($aAllowed);
// fully done, etc.
$this->iPermissionDescriptorId = $oDescriptor->getId();
}
/**
* Sets which users/groups/roles are to be informed when a state is
* arrived at.
*/
function setInformedForState(&$oState, $aInformed)
{
$oDescriptor =& KTPermissionUtil::getOrCreateDescriptor($aInformed);
if (PEAR::isError($oDescriptor)) {
return $oDescriptor;
}
$iOldDescriptorId = $oState->getInformDescriptorId();
$oState->setInformDescriptorId($oDescriptor->getId());
$res = $oState->update();
if (PEAR::isError($res)) {
$oState->setInformDescriptorId($iOldDescriptorId);
return $res;
}
return $res;
}
/**
* Update's the permission lookup on one folder or document,
* non-recursively.
*/
function updatePermissionLookup(&$oFolderOrDocument, $aOptions = null)
{
$is_a_folder = is_a($oFolderOrDocument, 'Folder');
$is_a_document = is_a($oFolderOrDocument, 'Document') || is_a($oFolderOrDocument, 'KTDocumentCore');
//ensure that the document shortcut is being updated.
if ($is_a_document && $oFolderOrDocument->isSymbolicLink()) {
$oFolderOrDocument->switchToRealCore();
}
$oChannel = null;
$aMapPermAllowed = null;
$oPermLookup = null;
if (!is_null($aOptions)) {
$oChannel = $aOptions['channel'];
$aMapPermAllowed = $aOptions['map_allowed'];
$oPermLookup = $aOptions['perm_lookup'];
}
if (!$is_a_folder && !$is_a_document) {
return;
// we occasionally get handed a PEAR::raiseError. Just ignore it.
}
if (is_null($oChannel)) {
$oChannel =& KTPermissionChannel::getSingleton();
}
if ($is_a_folder) {
$msg = sprintf("Updating folder %s", join('/', $oFolderOrDocument->getPathArray()));
} else {
if (is_a($oFolderOrDocument, 'Document')) {
//modify the message to reflect that a shortcut is begin updated
if ($oFolderOrDocument->isSymbolicLink()) {
$msg = sprintf("Updating shortcut to %s", $oFolderOrDocument->getName());
} else {
$msg = sprintf("Updating document %s", $oFolderOrDocument->getName());
}
} else {
$msg = sprintf("Updating document %d", $oFolderOrDocument->getId());
}
}
$oChannel->sendMessage(new KTPermissionGenericMessage($msg));
//var_dump($msg);
$iPermissionObjectId = $oFolderOrDocument->getPermissionObjectID();
if (empty($iPermissionObjectId)) {
return;
}
$oPO = KTPermissionObject::get($iPermissionObjectId);
if (is_null($aMapPermAllowed)) {
$aPAs = KTPermissionAssignment::getByObjectMulti($oPO);
$aMapPermAllowed = array();
foreach ($aPAs as $oPA) {
$oPD = KTPermissionDescriptor::get($oPA->getPermissionDescriptorID());
$aGroupIDs = $oPD->getGroups();
$aUserIDs = array();
$aRoleIDs = $oPD->getRoles();
$aAllowed = array('group' => $aGroupIDs, 'user' => $aUserIDs, 'role' => $aRoleIDs);
$aMapPermAllowed[$oPA->getPermissionID()] = $aAllowed;
}
}
if (!$is_a_folder) {
$aDynamicConditions = KTPermissionDynamicCondition::getByPermissionObject($oPO);
if (!PEAR::isError($aDynamicConditions)) {
foreach ($aDynamicConditions as $oDynamicCondition) {
$iConditionId = $oDynamicCondition->getConditionId();
if (KTSearchUtil::testConditionOnDocument($iConditionId, $oFolderOrDocument)) {
$iGroupId = $oDynamicCondition->getGroupId();
$aPermissionIds = $oDynamicCondition->getAssignment();
foreach ($aPermissionIds as $iPermissionId) {
$aCurrentAllowed = KTUtil::arrayGet($aMapPermAllowed, $iPermissionId, array());
$aCurrentAllowed['group'][] = $iGroupId;
$aMapPermAllowed[$iPermissionId] = $aCurrentAllowed;
}
}
}
}
}
if (!$is_a_folder) {
$oState = KTWorkflowUtil::getWorkflowStateForDocument($oFolderOrDocument);
if (!(PEAR::isError($oState) || is_null($oState) || $oState == false)) {
$aWorkflowStatePermissionAssignments = KTWorkflowStatePermissionAssignment::getByState($oState);
foreach ($aWorkflowStatePermissionAssignments as $oAssignment) {
$iPermissionId = $oAssignment->getPermissionId();
$iPermissionDescriptorId = $oAssignment->getDescriptorId();
$oPD = KTPermissionDescriptor::get($iPermissionDescriptorId);
$aGroupIDs = $oPD->getGroups();
$aUserIDs = array();
$aRoleIDs = $oPD->getRoles();
$aAllowed = array('group' => $aGroupIDs, 'user' => $aUserIDs, 'role' => $aRoleIDs);
$aMapPermAllowed[$iPermissionId] = $aAllowed;
}
}
}
// if we have roles: nearest folder.
$iRoleSourceFolder = null;
if ($is_a_document) {
$iRoleSourceFolder = $oFolderOrDocument->getFolderID();
} else {
$iRoleSourceFolder = $oFolderOrDocument->getId();
}
// very minor perf win: map role_id (in context) to PD.
$_roleCache = array();
foreach ($aMapPermAllowed as $iPermissionId => $aAllowed) {
$aAfterRoles = array();
if (array_key_exists('role', $aAllowed)) {
foreach ($aAllowed['role'] as $k => $iRoleId) {
// store the PD <-> RoleId map
// special-case "all" or "authenticated".
if ($iRoleId == -3 || $iRoleId == -4) {
$aAfterRoles[] = $iRoleId;
continue;
}
if (!array_key_exists($iRoleId, $_roleCache)) {
$oRoleAllocation = null;
if ($is_a_document) {
$oRoleAllocation =& DocumentRoleAllocation::getAllocationsForDocumentAndRole($oFolderOrDocument->getId(), $iRoleId);
if (PEAR::isError($oRoleAllocation)) {
$oRoleAllocation = null;
}
}
// if that's null - not set _on_ the document, then
if (is_null($oRoleAllocation)) {
$oRoleAllocation =& RoleAllocation::getAllocationsForFolderAndRole($iRoleSourceFolder, $iRoleId);
}
$_roleCache[$iRoleId] = $oRoleAllocation;
}
// roles are _not_ always assigned (can be null at root)
if (!is_null($_roleCache[$iRoleId])) {
$aMapPermAllowed[$iPermissionId]['user'] = kt_array_merge($aMapPermAllowed[$iPermissionId]['user'], $_roleCache[$iRoleId]->getUserIds());
$aMapPermAllowed[$iPermissionId]['group'] = kt_array_merge($aMapPermAllowed[$iPermissionId]['group'], $_roleCache[$iRoleId]->getGroupIds());
// naturally, roles cannot be assigned roles, or madness follows.
}
unset($aAllowed['role'][$k]);
}
}
unset($aMapPermAllowed[$iPermissionId]['role']);
if (!empty($aAfterRoles)) {
$aMapPermAllowed[$iPermissionId]['role'] = $aAfterRoles;
}
}
/*
print '<pre>';
print '=======' . $oFolderOrDocument->getName();
print '<br />';
var_dump($aMapPermAllowed);
print '</pre>';
*/
//if (is_null($oPermLookup)) {
$aMapPermDesc = array();
foreach ($aMapPermAllowed as $iPermissionId => $aAllowed) {
$oLookupPD = KTPermissionUtil::getOrCreateDescriptor($aAllowed);
$aMapPermDesc[$iPermissionId] = $oLookupPD->getID();
}
$oPermLookup = KTPermissionLookupAssignment::findOrCreateLookupByPermissionDescriptorMap($aMapPermDesc);
//}
$oFolderOrDocument->setPermissionLookupID($oPermLookup->getID());
$oFolderOrDocument->update();
}
function do_setpermissionallocations()
{
$aPermissionAllowed = (array) KTUtil::arrayGet($_REQUEST, 'foo');
// thanks BD.
$this->startTransaction();
$aStatePermAssigns = KTWorkflowStatePermissionAssignment::getByState($this->oState);
// we now walk the alloc'd perms, and go.
foreach ($aStatePermAssigns as $oPermAssign) {
$aAllowed = (array) $aPermissionAllowed[$oPermAssign->getPermissionId()];
// is already role, group, etc.
$oDescriptor = KTPermissionUtil::getOrCreateDescriptor($aAllowed);
if (PEAR::isError($oDescriptor)) {
$this->errorRedirectTo('allocatepermissions', _kt('Failed to allocate as specified.'));
}
$oPermAssign->setDescriptorId($oDescriptor->getId());
$res = $oPermAssign->update();
if (PEAR::isError($res)) {
$this->errorRedirectTo('allocatepermissions', _kt('Failed to allocate as specified.'));
}
}
KTPermissionUtil::updatePermissionLookupForState($this->oState);
$this->successRedirectTo('managepermissions', _kt('Permissions Allocated.'));
}
