/** * Saves changes made by add() and remove(). * * @author KnowledgeTree Team * @access public */ public function save() { if (!$this->changed) { // we don't have to do anything if nothing has changed. return; } // if the current setup is inherited, then we must create a new copy to store the new associations. if ($this->getIsInherited()) { $this->overrideAllocation(); } $permissions = KTPermission::getList(); $folderItemObject = $this->_logTransaction(_kt('Updated permissions'), 'ktcore.transactions.permissions_change'); $permissionObject = KTPermissionObject::get($folderItemObject->getPermissionObjectId()); // transform the map into the structure expected foreach ($permissions as $permission) { $permissionId = $permission->getId(); // not the association is singular here $allowed = array('group' => array(), 'role' => array(), 'user' => array()); // fill the group allocations foreach ($this->map['groups']['map'] as $groupId => $allocations) { if ($allocations[$permissionId]) { $allowed['group'][] = $groupId; } } // fill the user allocations foreach ($this->map['users']['map'] as $userId => $allocations) { if ($allocations[$permissionId]) { $allowed['user'][] = $userId; } } // fill the role allocations foreach ($this->map['roles']['map'] as $roleId => $allocations) { if ($allocations[$permissionId]) { $allowed['role'][] = $roleId; } } KTPermissionUtil::setPermissionForId($permission, $permissionObject, $allowed); } KTPermissionUtil::updatePermissionLookupForPO($permissionObject); // set the copy to be that of the modified version. $this->mapCopy = $this->map; $this->changed = false; }
function setPersonalFolderPermissions($oPO) { $aWorkSpaceOwnerRoleID = $this->getRoleIdByName('WorkSpaceOwner'); $aAdminGroupID = $this->getGroupIdByName('System Administrators'); //arrays used to make integers for $aAllowed array variable $iWorkSpaceOwnerRoleID = $aWorkSpaceOwnerRoleID[0]['id']; $iAdminGroupID = $aAdminGroupID[0]['id']; //set permissions for the role and the admin group $aAllowed = array('role' => array($iWorkSpaceOwnerRoleID), 'group' => array($iAdminGroupID)); //Get the List of all the permissions $aPersonalFolderPermissions = KTPermission::getList(); //Iterate through and apply all permissions to the current user and the admin group foreach ($aPersonalFolderPermissions as $oPersonalFolderPermission) { KTPermissionUtil::setPermissionForId($oPersonalFolderPermission, $oPO, $aAllowed); } //Update permission lookup KTPermissionUtil::updatePermissionLookupForPO($oPO); }
function do_update() { $aOptions = array('redirect_to' => array('main', 'fFolderId=' . $this->oFolder->getId())); if (!KTBrowseUtil::inAdminMode($this->oUser, $this->oFolder)) { $this->oValidator->userHasPermissionOnItem($this->oUser, $this->_sEditShowPermission, $this->oFolder, $aOptions); } $aFoo = $_REQUEST['foo']; $aPermissions = KTPermission::getList(); /* --- This section has been commented out to remove these checks when permissions --- are updated. --------------------------------------------------------------------------------- //------------------- //This section is used to make sure that a user doesn't disable the admin groups //Manage security permission or the Manage Security permission of a group they //are currently a member of. // Check which groups have permission to manage security $aNewGroups = (isset($aFoo[4]['group']) ? $aFoo[4]['group'] : array()); $aNewRoles = (isset($aFoo[4]['role']) ? $aFoo[4]['role'] : array()); $iUserId = $this->oUser->getId(); //Check that they aren't removing the sys admin Manage Security permission //1 in this case is the admin group. if(!in_array('1', $aNewGroups)) { $this->addErrorMessage(_kt('You cannot remove the Manage Security permission from the System Administrators Group')); $this->redirectTo('edit', 'fFolderId=' . $this->oFolder->getId()); exit(0); } //Check that they aren't removing the Manage Security permission from a group //They are a member of. if(!GroupUtil::checkUserInGroups($iUserId, array(1))) { //Ensure the user is not removing his/her own permission to update the folder permissions (manage security) if(!in_array(-3, $aNewRoles)) { if(!GroupUtil::checkUserInGroups($iUserId, $aNewGroups)) { // If user no longer has permission, return an error. $this->addErrorMessage(_kt('You cannot remove the Manage Security permission from a group you belong to.')); $this->redirectTo('edit', 'fFolderId=' . $this->oFolder->getId()); exit(0); } } } //----------------- */ require_once KT_LIB_DIR . '/documentmanagement/observers.inc.php'; $oPO = KTPermissionObject::get($this->oFolder->getPermissionObjectId()); foreach ($aPermissions as $oPermission) { $iPermId = $oPermission->getId(); $aAllowed = KTUtil::arrayGet($aFoo, $iPermId, array()); KTPermissionUtil::setPermissionForId($oPermission, $oPO, $aAllowed); } $oTransaction = KTFolderTransaction::createFromArray(array('folderid' => $this->oFolder->getId(), 'comment' => _kt('Updated permissions'), 'transactionNS' => 'ktcore.transactions.permissions_change', 'userid' => $_SESSION['userID'], 'ip' => Session::getClientIP())); $aOptions = array('defaultmessage' => _kt('Error updating permissions'), 'redirect_to' => array('edit', sprintf('fFolderId=%d', $this->oFolder->getId()))); $this->oValidator->notErrorFalse($oTransaction, $aOptions); $po =& new JavascriptObserver($this); $po->start(); $oChannel =& KTPermissionChannel::getSingleton(); $oChannel->addObserver($po); KTPermissionUtil::updatePermissionLookupForPO($oPO); $this->commitTransaction(); $this->addInfoMessage(_kt('Permissions on folder updated')); $po->redirect(KTUtil::addQueryString($_SERVER['PHP_SELF'], 'action=edit&fFolderId=' . $this->oFolder->getId())); exit(0); }