/** * Remove a user's permissions from a specific node in Alfresco. * * @param string $username The Alfresco user's username. * @param string $uuid The Alfresco node UUID. * @return bool True on success, False otherwise. */ function remove_permissions($username, $uuid) { // Get all of the permissions that this user has set to ALLOW on this node and then remove them. if ($permissions = alfresco_get_permissions($uuid, $username)) { foreach ($permissions as $permission) { if (!alfresco_set_permission($username, $uuid, $permission, ALFRESCO_CAPABILITY_ALLOWED)) { return false; } } } return true; }
/** * Handle the event when a user is unassigned to a cluster. * * @uses $CFG * @param object $clusterinfo The Moodle role_assignment record object. * @return bool True on success or failure (event handlers must always return true). */ function block_repository_cluster_deassigned($clusterinfo) { global $CFG; // Only proceed here if the Alfresco plug-in is actually enabled. if (!isset($CFG->repository_plugins_enabled) || strstr($CFG->repository_plugins_enabled, 'alfresco') === false || !($repo = repository_factory::factory('alfresco'))) { return true; } // Get the Moodle user ID from the CM user ID. if (!($muserid = cm_get_moodleuserid($clusterinfo->userid))) { return true; } if (!($username = get_field('user', 'username', 'id', $muserid))) { return true; } if (!($cluster = get_record('crlm_cluster', 'id', $clusterinfo->clusterid))) { return true; } // Does this organization have an Alfresco storage space? if (!($uuid = $repo->get_organization_store($cluster->id, false))) { return true; } $context = get_context_instance(context_level_base::get_custom_context_level('cluster', 'block_curr_admin'), $cluster->id); $sql = "SELECT rc.*\n FROM {$CFG->prefix}role_capabilities rc\n INNER JOIN {$CFG->prefix}role r ON r.id = rc.roleid\n INNER JOIN {$CFG->prefix}role_assignments ra ON ra.roleid = r.id\n WHERE ra.contextid = {$context->id}\n AND ra.userid = {$muserid}\n AND rc.capability = 'block/repository:createorganizationcontent'\n AND rc.permission = " . CAP_ALLOW; // Check if the user has a specific role assignment on the cluster context with the editing capability if (!record_exists_sql($sql)) { // Remove all non-editing permissions for this user on the organization shared space. if ($permissions = alfresco_get_permissions($uuid, $username)) { foreach ($permissions as $permission) { // Do not remove editing permissions if this user still actually has a cluster membership. if ($permission == ALFRESCO_ROLE_COLLABORATOR) { continue; } alfresco_set_permission($username, $uuid, $permission, ALFRESCO_CAPABILITY_DENIED); } } // Remove all permissions for this user on the organization shared space. } else { if ($permissions = alfresco_get_permissions($uuid, $username)) { foreach ($permissions as $permission) { // Do not remove view permissions if this user still actually has a cluster membership. if ($permission == ALFRESCO_ROLE_CONSUMER && record_exists('crlm_usercluster', 'userid', $clusterinfo->userid, 'clusterid', $cluster->id, 'leader', 0)) { continue; } alfresco_set_permission($username, $uuid, $permission, ALFRESCO_CAPABILITY_DENIED); } } } return true; }