Exemplo n.º 1
0
 function do_edit()
 {
     $this->oPage->setBreadcrumbDetails(_kt('Viewing Permissions'));
     $iFolderId = $this->oFolder->getId();
     $oPO = KTPermissionObject::get($this->oFolder->getPermissionObjectId());
     $aOptions = array('redirect_to' => array('main', 'fFolderId=' . $iFolderId));
     if (!KTBrowseUtil::inAdminMode($this->oUser, $this->oFolder)) {
         $this->oValidator->userHasPermissionOnItem($this->oUser, $this->_sEditShowPermission, $this->oFolder, $aOptions);
     }
     // copy permissions if they were inherited
     $oInherited = KTPermissionUtil::findRootObjectForPermissionObject($oPO);
     if ($oInherited->getId() !== $iFolderId) {
         $override = KTUtil::arrayGet($_REQUEST, 'override', false);
         if (empty($override)) {
             $this->errorRedirectToMain(_kt('This folder does not override its permissions'), sprintf('fFolderId=%d', $iFolderId));
         }
         $this->startTransaction();
         $this->_copyPermissions();
         $this->commitTransaction();
         $oPO = KTPermissionObject::get($this->oFolder->getPermissionObjectId());
     }
     // permissions in JS format
     $aPermissionsToJSON = array();
     $aPermList = KTPermission::getList();
     foreach ($aPermList as $oP) {
         $aPermissionsToJSON[] = array('id' => $oP->getId(), 'name' => $oP->getHumanName());
     }
     $oJSON = new Services_JSON();
     $sJSONPermissions = $oJSON->encode($aPermissionsToJSON);
     // dynamic conditions
     $aDynamicConditions = KTPermissionDynamicCondition::getByPermissionObject($oPO);
     // templating
     $oTemplating =& KTTemplating::getSingleton();
     $oTemplate = $oTemplating->loadTemplate('ktcore/folder/permissions');
     $bCanInherit = $iFolderId != 1;
     global $default;
     if ($default->enableESignatures) {
         $sUrl = KTPluginUtil::getPluginPath('electronic.signatures.plugin', true);
         $heading = _kt('You are attempting to modify permissions');
         $input['type'] = 'button';
         $input['onclick'] = "javascript: showSignatureForm('{$sUrl}', '{$heading}', 'ktcore.transactions.permissions_change', 'folder', 'update_permissions_form', 'submit', {$iFolderId});";
     } else {
         $input['type'] = 'submit';
         $input['onclick'] = '';
     }
     $perms = $aPermList;
     $docperms = KTPermission::getDocumentRelevantList();
     $aTemplateData = array('iFolderId' => $iFolderId, 'roles' => Role::getList(), 'groups' => Group::getList(), 'conditions' => KTSavedSearch::getConditions(), 'dynamic_conditions' => $aDynamicConditions, 'context' => &$this, 'foldername' => $this->oFolder->getName(), 'jsonpermissions' => $sJSONPermissions, 'edit' => true, 'permissions' => $perms, 'document_permissions' => $docperms, 'can_inherit' => $bCanInherit, 'input' => $input);
     return $oTemplate->render($aTemplateData);
 }
Exemplo n.º 2
0
 /**
  * Copy the object's parents permission object details, in
  * preparation for the object to have different permissions from its
  * parent.
  */
 function copyPermissionObject(&$oDocumentOrFolder)
 {
     global $default;
     $oOrigPO = KTPermissionObject::get($oDocumentOrFolder->getPermissionObjectID());
     $aOrigPAs =& KTPermissionAssignment::getByObjectMulti($oOrigPO);
     $oNewPO = KTPermissionObject::createFromArray(array());
     foreach ($aOrigPAs as $oOrigPA) {
         $oNewPA = KTPermissionAssignment::createFromArray(array('permissionid' => $oOrigPA->getPermissionID(), 'permissionobjectid' => $oNewPO->getID(), 'permissiondescriptorid' => $oOrigPA->getPermissionDescriptorID()));
     }
     $oDocumentOrFolder->setPermissionObjectID($oNewPO->getID());
     $oDocumentOrFolder->update();
     // copy any dynamic conditions
     $aDPO = KTPermissionDynamicCondition::getByPermissionObject($oOrigPO);
     foreach ($aDPO as $oOrigDC) {
         $oNewDC = KTPermissionDynamicCondition::createFromArray(array('permissionobjectid' => $oNewPO->getId(), 'groupid' => $oOrigDC->getGroupId(), 'conditionid' => $oOrigDC->getConditionId()));
         $oNewDC->saveAssignment($oOrigDC->getAssignment());
     }
     if (!is_a($oDocumentOrFolder, 'Folder')) {
         KTPermissionUtil::updatePermissionLookup($oDocumentOrFolder);
         return;
     }
     // For a folder - update permission object for all folders and
     // documents under this current folder if they're using the old
     // permission object id.  If they are, then they're getting the
     // permission object via this folder.  If they are not, then
     // they have their own permission object management, and thus
     // this folder has no effect on their permissions.
     $iFolderID = $oDocumentOrFolder->getID();
     $sFolderIDs = Folder::generateFolderIDs($iFolderID);
     $sFolderIDs .= '%';
     $sQuery = "UPDATE {$default->folders_table} SET\n            permission_object_id = ? WHERE permission_object_id = ? AND\n            parent_folder_ids LIKE ?";
     $aParams = array($oNewPO->getID(), $oOrigPO->getID(), $sFolderIDs);
     DBUtil::runQuery(array($sQuery, $aParams));
     Folder::clearAllCaches();
     $sQuery = "UPDATE {$default->documents_table} SET\n            permission_object_id = ? WHERE permission_object_id = ? AND\n            (parent_folder_ids LIKE ? OR folder_id = ?)";
     $aParams[] = $iFolderID;
     DBUtil::runQuery(array($sQuery, $aParams));
     Document::clearAllCaches();
     // All objects using this PO must be new and must need their
     // lookups updated...
     KTPermissionUtil::updatePermissionLookupForPO($oNewPO);
 }
Exemplo n.º 3
0
 function do_resolved_users()
 {
     $this->oPage->setBreadcrumbDetails(_kt("Permissions"));
     $oTemplate = $this->oValidator->validateTemplate("ktcore/document/resolved_permissions_user");
     $oPL = KTPermissionLookup::get($this->oDocument->getPermissionLookupID());
     $aPermissions = KTPermission::getList();
     $aMapPermissionGroup = array();
     $aMapPermissionRole = array();
     $aMapPermissionUser = array();
     $aUsers = User::getList();
     foreach ($aPermissions as $oPermission) {
         $oPLA = KTPermissionLookupAssignment::getByPermissionAndLookup($oPermission, $oPL);
         if (PEAR::isError($oPLA)) {
             continue;
         }
         $oDescriptor = KTPermissionDescriptor::get($oPLA->getPermissionDescriptorID());
         $iPermissionID = $oPermission->getID();
         $aMapPermissionGroup[$iPermissionID] = array();
         foreach ($aUsers as $oUser) {
             if (KTPermissionUtil::userHasPermissionOnItem($oUser, $oPermission, $this->oDocument)) {
                 $aMapPermissionUser[$iPermissionID][$oUser->getId()] = true;
                 $aActiveUsers[$oUser->getId()] = true;
             }
         }
     }
     // now we constitute the actual sets.
     $users = array();
     $groups = array();
     $roles = array();
     // should _always_ be empty, barring a bug in permissions::updatePermissionLookup
     // this should be quite limited - direct role -> user assignment is typically rare.
     foreach ($aActiveUsers as $id => $marker) {
         $oUser = User::get($id);
         $users[$oUser->getName()] = $oUser;
     }
     asort($users);
     // ascending, per convention.
     $bEdit = false;
     $sInherited = '';
     $aDynamicControls = array();
     $aWorkflowControls = array();
     // handle conditions
     $iPermissionObjectId = $this->oDocument->getPermissionObjectID();
     if (!empty($iPermissionObjectId)) {
         $oPO = KTPermissionObject::get($iPermissionObjectId);
         $aDynamicConditions = KTPermissionDynamicCondition::getByPermissionObject($oPO);
         if (!PEAR::isError($aDynamicConditions)) {
             foreach ($aDynamicConditions as $oDynamicCondition) {
                 $iConditionId = $oDynamicCondition->getConditionId();
                 if (KTSearchUtil::testConditionOnDocument($iConditionId, $this->oDocument)) {
                     $aPermissionIds = $oDynamicCondition->getAssignment();
                     foreach ($aPermissionIds as $iPermissionId) {
                         $aDynamicControls[$iPermissionId] = true;
                     }
                 }
             }
         }
     }
     // indicate that workflow controls a given permission
     $oState = KTWorkflowUtil::getWorkflowStateForDocument($this->oDocument);
     if (!(PEAR::isError($oState) || is_null($oState) || $oState == false)) {
         $aWorkflowStatePermissionAssignments = KTWorkflowStatePermissionAssignment::getByState($oState);
         foreach ($aWorkflowStatePermissionAssignments as $oAssignment) {
             $aWorkflowControls[$oAssignment->getPermissionId()] = true;
             unset($aDynamicControls[$oAssignment->getPermissionId()]);
         }
     }
     $aTemplateData = array("context" => $this, "permissions" => $aPermissions, "groups" => $groups, "users" => $users, "roles" => $roles, "oDocument" => $this->oDocument, "aMapPermissionGroup" => $aMapPermissionGroup, "aMapPermissionRole" => $aMapPermissionRole, "aMapPermissionUser" => $aMapPermissionUser, "edit" => $bEdit, "inherited" => $sInherited, 'workflow_controls' => $aWorkflowControls, 'conditions_control' => $aDynamicControls);
     return $oTemplate->render($aTemplateData);
 }