Exemplo n.º 1
0
/**
 * Returns an array containing all the permissions for the specified item.
 * The ugroups that have no permission defined in the request take the permission of the parent folder.
 */
function _get_permissions_as_array($group_id, $item_id, $permissions)
{
    $permissions_array = array();
    $perms = array('PLUGIN_DOCMAN_READ', 'PLUGIN_DOCMAN_WRITE', 'PLUGIN_DOCMAN_MANAGE');
    // Get the ugroups of the parent
    $ugroups = permission_get_ugroups_permissions($group_id, $item_id, $perms, false);
    // Initialize the ugroup permissions to the same values as the parent folder
    foreach ($ugroups as $ugroup) {
        $ugroup_id = $ugroup['ugroup']['id'];
        $permissions_array[$ugroup_id] = 100;
        foreach ($perms as $perm) {
            if (isset($ugroup['permissions'][$perm])) {
                $permissions_array[$ugroup_id] = Docman_PermissionsManager::getDefinitionIndexForPermission($perm);
            }
        }
    }
    // Set the SOAP-provided permissions
    foreach ($permissions as $index => $permission) {
        $ugroup_id = $permission->ugroup_id;
        if (isset($permissions_array[$ugroup_id])) {
            $permissions_array[$ugroup_id] = Docman_PermissionsManager::getDefinitionIndexForPermission($permission->type);
        }
    }
    return $permissions_array;
}
 /**
  * Set the permission for a ugroup on an item.
  *
  * The difficult part of the algorithm comes from two point:
  * - There is a hierarchy between ugroups (@see ugroup_get_parent)
  * - There is a hierarchy between permissions (READ < WRITE < MANAGE)
  *
  * Let's see a scenario:
  * I've selected WRITE permission for Registered users and READ permission for Project Members
  * => Project Members ARE registered users therefore they have WRITE permission.
  * => WRITE is stronger than READ permission.
  * So the permissions wich will be set are: WRITE for registered and WRITE for project members
  *
  * The force parameter must be set to true if you want to bypass permissions checking (@see permission_add_ugroup).
  * Pretty difficult to know if a user can update the permissions which does not exist for a new item...
  *
  * @param $group_id integer The id of the project
  * @param $item_id integer The id of the item
  * @param $permission_definition array The definission of the permission (pretty name, relations between perms, internal name, ...)
  * @param $old_permissions array The permissions before
  * @param &$done_permissions array The permissions after
  * @param $ugroup_id The ugroup_id we want to set permission now
  * @param $wanted_permissions array The permissions the user has asked
  * @param &$history array Does a permission has been set ?
  * @param $force boolean true if you want to bypass permissions checking (@see permission_add_ugroup).
  *
  * @access protected
  */
 function _setPermission($group_id, $item_id, $permission_definition, $old_permissions, &$done_permissions, $ugroup_id, $wanted_permissions, &$history, $force = false)
 {
     //Do nothing if we have already choose a permission for ugroup
     if (!isset($done_permissions[$ugroup_id])) {
         //if the ugroup has a parent
         if (($parent = ugroup_get_parent($ugroup_id)) !== false) {
             //first choose the permission for the parent
             $this->_setPermission($group_id, $item_id, $permission_definition, $old_permissions, $done_permissions, $parent, $wanted_permissions, $history, $force);
             //is there a conflict between given permissions?
             if ($parent = $this->_getBiggerOrEqualParent($permission_definition, $done_permissions, $parent, $wanted_permissions[$ugroup_id])) {
                 //warn the user that there was a conflict
                 $this->_controler->feedback->log('warning', $GLOBALS['Language']->getText('plugin_docman', 'warning_perms', array($old_permissions[$ugroup_id]['ugroup']['name'], $old_permissions[$parent]['ugroup']['name'], $permission_definition[$done_permissions[$parent]]['label'])));
                 //remove permissions which was set for the ugroup
                 if (count($old_permissions[$ugroup_id]['permissions'])) {
                     foreach ($old_permissions[$ugroup_id]['permissions'] as $permission => $nop) {
                         permission_clear_ugroup_object($group_id, $permission, $ugroup_id, $item_id);
                         $history[$permission] = true;
                     }
                 }
                 //The permission is none (default) for this ugroup
                 $done_permissions[$ugroup_id] = 100;
             }
         }
         //If the permissions have not been set (no parent || no conflict)
         if (!isset($done_permissions[$ugroup_id])) {
             //remove permissions if needed
             $perms_cleared = false;
             if (count($old_permissions[$ugroup_id]['permissions'])) {
                 foreach ($old_permissions[$ugroup_id]['permissions'] as $permission => $nop) {
                     if ($permission != $permission_definition[$wanted_permissions[$ugroup_id]]['type']) {
                         //The permission has been changed
                         permission_clear_ugroup_object($group_id, $permission, $ugroup_id, $item_id);
                         $history[$permission] = true;
                         $perms_cleared = true;
                         $done_permissions[$ugroup_id] = 100;
                     } else {
                         //keep the old permission
                         $done_permissions[$ugroup_id] = Docman_PermissionsManager::getDefinitionIndexForPermission($permission);
                     }
                 }
             }
             //If the user set an explicit permission and there was no perms before or they have been removed
             if ($wanted_permissions[$ugroup_id] != 100 && (!count($old_permissions[$ugroup_id]['permissions']) || $perms_cleared)) {
                 //Then give the permission
                 $permission = $permission_definition[$wanted_permissions[$ugroup_id]]['type'];
                 permission_add_ugroup($group_id, $permission, $item_id, $ugroup_id, $force);
                 $history[$permission] = true;
                 $done_permissions[$ugroup_id] = $wanted_permissions[$ugroup_id];
             } else {
                 //else set none(default) permission
                 $done_permissions[$ugroup_id] = 100;
             }
         }
     }
 }