/**
* Returns an array containing all the permissions for the specified item.
* The ugroups that have no permission defined in the request take the permission of the parent folder.
*/
function _get_permissions_as_array($group_id, $item_id, $permissions)
{
$permissions_array = array();
$perms = array('PLUGIN_DOCMAN_READ', 'PLUGIN_DOCMAN_WRITE', 'PLUGIN_DOCMAN_MANAGE');
// Get the ugroups of the parent
$ugroups = permission_get_ugroups_permissions($group_id, $item_id, $perms, false);
// Initialize the ugroup permissions to the same values as the parent folder
foreach ($ugroups as $ugroup) {
$ugroup_id = $ugroup['ugroup']['id'];
$permissions_array[$ugroup_id] = 100;
foreach ($perms as $perm) {
if (isset($ugroup['permissions'][$perm])) {
$permissions_array[$ugroup_id] = Docman_PermissionsManager::getDefinitionIndexForPermission($perm);
}
}
}
// Set the SOAP-provided permissions
foreach ($permissions as $index => $permission) {
$ugroup_id = $permission->ugroup_id;
if (isset($permissions_array[$ugroup_id])) {
$permissions_array[$ugroup_id] = Docman_PermissionsManager::getDefinitionIndexForPermission($permission->type);
}
}
return $permissions_array;
}
/**
* Set the permission for a ugroup on an item.
*
* The difficult part of the algorithm comes from two point:
* - There is a hierarchy between ugroups (@see ugroup_get_parent)
* - There is a hierarchy between permissions (READ < WRITE < MANAGE)
*
* Let's see a scenario:
* I've selected WRITE permission for Registered users and READ permission for Project Members
* => Project Members ARE registered users therefore they have WRITE permission.
* => WRITE is stronger than READ permission.
* So the permissions wich will be set are: WRITE for registered and WRITE for project members
*
* The force parameter must be set to true if you want to bypass permissions checking (@see permission_add_ugroup).
* Pretty difficult to know if a user can update the permissions which does not exist for a new item...
*
* @param $group_id integer The id of the project
* @param $item_id integer The id of the item
* @param $permission_definition array The definission of the permission (pretty name, relations between perms, internal name, ...)
* @param $old_permissions array The permissions before
* @param &$done_permissions array The permissions after
* @param $ugroup_id The ugroup_id we want to set permission now
* @param $wanted_permissions array The permissions the user has asked
* @param &$history array Does a permission has been set ?
* @param $force boolean true if you want to bypass permissions checking (@see permission_add_ugroup).
*
* @access protected
*/
function _setPermission($group_id, $item_id, $permission_definition, $old_permissions, &$done_permissions, $ugroup_id, $wanted_permissions, &$history, $force = false)
{
//Do nothing if we have already choose a permission for ugroup
if (!isset($done_permissions[$ugroup_id])) {
//if the ugroup has a parent
if (($parent = ugroup_get_parent($ugroup_id)) !== false) {
//first choose the permission for the parent
$this->_setPermission($group_id, $item_id, $permission_definition, $old_permissions, $done_permissions, $parent, $wanted_permissions, $history, $force);
//is there a conflict between given permissions?
if ($parent = $this->_getBiggerOrEqualParent($permission_definition, $done_permissions, $parent, $wanted_permissions[$ugroup_id])) {
//warn the user that there was a conflict
$this->_controler->feedback->log('warning', $GLOBALS['Language']->getText('plugin_docman', 'warning_perms', array($old_permissions[$ugroup_id]['ugroup']['name'], $old_permissions[$parent]['ugroup']['name'], $permission_definition[$done_permissions[$parent]]['label'])));
//remove permissions which was set for the ugroup
if (count($old_permissions[$ugroup_id]['permissions'])) {
foreach ($old_permissions[$ugroup_id]['permissions'] as $permission => $nop) {
permission_clear_ugroup_object($group_id, $permission, $ugroup_id, $item_id);
$history[$permission] = true;
}
}
//The permission is none (default) for this ugroup
$done_permissions[$ugroup_id] = 100;
}
}
//If the permissions have not been set (no parent || no conflict)
if (!isset($done_permissions[$ugroup_id])) {
//remove permissions if needed
$perms_cleared = false;
if (count($old_permissions[$ugroup_id]['permissions'])) {
foreach ($old_permissions[$ugroup_id]['permissions'] as $permission => $nop) {
if ($permission != $permission_definition[$wanted_permissions[$ugroup_id]]['type']) {
//The permission has been changed
permission_clear_ugroup_object($group_id, $permission, $ugroup_id, $item_id);
$history[$permission] = true;
$perms_cleared = true;
$done_permissions[$ugroup_id] = 100;
} else {
//keep the old permission
$done_permissions[$ugroup_id] = Docman_PermissionsManager::getDefinitionIndexForPermission($permission);
}
}
}
//If the user set an explicit permission and there was no perms before or they have been removed
if ($wanted_permissions[$ugroup_id] != 100 && (!count($old_permissions[$ugroup_id]['permissions']) || $perms_cleared)) {
//Then give the permission
$permission = $permission_definition[$wanted_permissions[$ugroup_id]]['type'];
permission_add_ugroup($group_id, $permission, $item_id, $ugroup_id, $force);
$history[$permission] = true;
$done_permissions[$ugroup_id] = $wanted_permissions[$ugroup_id];
} else {
//else set none(default) permission
$done_permissions[$ugroup_id] = 100;
}
}
}
}
