function _fieldValues()
 {
     if (empty($this->dDateTime)) {
         $this->dDateTime = getCurrentDateTime();
     }
     if (empty($this->iSessionId)) {
         $this->iSessionId = $_SESSION['sessionID'];
     }
     $oFolder = Folder::get($this->iFolderId);
     // head off the certain breakage down the line.
     if (PEAR::isError($oFolder) || $oFolder === false) {
         $this->bAdminMode = 0;
     } else {
         if (KTBrowseUtil::inAdminMode($oUser, $oFolder)) {
             $this->bAdminMode = 1;
         } else {
             $this->bAdminMode = 0;
         }
     }
     return parent::_fieldValues();
 }
Пример #2
0
 function check()
 {
     $res = parent::check();
     if ($res !== true) {
         return $res;
     }
     if (!$this->oDocument->getIsCheckedOut()) {
         $_SESSION['KTErrorMessage'][] = _kt('This document is not checked out');
         controllerRedirect('viewDocument', 'fDocumentId=' . $this->oDocument->getId());
         exit(0);
     }
     // hard override if we're in admin mode for this doc.
     if (is_null($this->bInAdminMode)) {
         $oFolder = Folder::get($this->oDocument->getFolderId());
         if (KTBrowseUtil::inAdminMode($this->oUser, $oFolder)) {
             $this->bAdminMode = true;
             return true;
         }
     } else {
         if ($this->bInAdminMode == true) {
             return true;
         }
     }
     if ($this->oDocument->getCheckedOutUserID() != $this->oUser->getId()) {
         $_SESSION['KTErrorMessage'][] = _kt('This document is checked out, but not by you');
         controllerRedirect('viewDocument', 'fDocumentId=' . $this->oDocument->getId());
         exit(0);
     }
     return true;
 }
Пример #3
0
 function check()
 {
     $this->browse_mode = KTUtil::arrayGet($_REQUEST, 'fBrowseMode', 'folder');
     $action = KTUtil::arrayGet($_REQUEST, $this->event_var, 'main');
     $this->editable = false;
     // catch the alternative actions.
     if ($action != 'main') {
         return true;
     }
     // if we're going to main ...
     // folder browse mode
     if ($this->browse_mode == 'folder') {
         $in_folder_id = KTUtil::arrayGet($_REQUEST, 'fFolderId');
         if (empty($in_folder_id)) {
             $oConfig = KTConfig::getSingleton();
             if ($oConfig->get('tweaks/browseToUnitFolder')) {
                 $iHomeFolderId = $this->oUser->getHomeFolderId();
                 if ($iHomeFolderId) {
                     $in_folder_id = $iHomeFolderId;
                 }
             }
         }
         $folder_id = (int) $in_folder_id;
         // conveniently, will be 0 if not possible.
         if ($folder_id == 0) {
             $folder_id = 1;
         }
         $_REQUEST['fBrowseMode'] = 'folder';
         // here we need the folder object to do the breadcrumbs.
         $oFolder =& Folder::get($folder_id);
         if (PEAR::isError($oFolder)) {
             return false;
             // just fail.
         }
         // check whether the user can edit this folder
         $oPerm = KTPermission::getByName('ktcore.permissions.write');
         if (KTPermissionUtil::userHasPermissionOnItem($this->oUser, $oPerm, $oFolder)) {
             $this->editable = true;
         } else {
             $this->editable = false;
         }
         // set the title and breadcrumbs...
         $this->oPage->setTitle(_kt('Browse'));
         if (KTPermissionUtil::userHasPermissionOnItem($this->oUser, 'ktcore.permissions.folder_details', $oFolder)) {
             $this->oPage->setSecondaryTitle($oFolder->getName());
         } else {
             if (KTBrowseUtil::inAdminMode($this->oUser, $oFolder)) {
                 $this->oPage->setSecondaryTitle(sprintf('(%s)', $oFolder->getName()));
             } else {
                 $this->oPage->setSecondaryTitle('...');
             }
         }
         //Figure out if we came here by navigating trough a shortcut.
         //If we came here from a shortcut, the breadcrumbspath should be relative
         //to the shortcut folder.
         $iSymLinkFolderId = KTUtil::arrayGet($_REQUEST, 'fShortcutFolder', null);
         if (is_numeric($iSymLinkFolderId)) {
             $oBreadcrumbsFolder = Folder::get($iSymLinkFolderId);
             $this->aBreadcrumbs = kt_array_merge($this->aBreadcrumbs, KTBrowseUtil::breadcrumbsForFolder($oBreadcrumbsFolder, array('final' => false)));
             $this->aBreadcrumbs[] = array('name' => $oFolder->getName());
         } else {
             $this->aBreadcrumbs = kt_array_merge($this->aBreadcrumbs, KTBrowseUtil::breadcrumbsForFolder($oFolder));
         }
         $this->oFolder =& $oFolder;
         // we now have a folder, and need to create the query.
         $aOptions = array('ignorepermissions' => KTBrowseUtil::inAdminMode($this->oUser, $oFolder));
         $this->oQuery = new BrowseQuery($oFolder->getId(), $this->oUser, $aOptions);
         $this->resultURL = KTUtil::addQueryString($_SERVER['PHP_SELF'], sprintf('fFolderId=%d', $oFolder->getId()));
         // and the portlets
         $portlet = new KTActionPortlet(sprintf(_kt('About this folder')));
         $aActions = KTFolderActionUtil::getFolderInfoActionsForFolder($this->oFolder, $this->oUser);
         $portlet->setActions($aActions, $this->sName);
         $this->oPage->addPortlet($portlet);
         $portlet = new KTActionPortlet(sprintf(_kt('Actions on this folder')));
         $aActions = KTFolderActionUtil::getFolderActionsForFolder($oFolder, $this->oUser);
         $portlet->setActions($aActions, null);
         $this->oPage->addPortlet($portlet);
     } else {
         if ($this->browse_mode == 'lookup_value') {
             // browsing by a lookup value
             $this->editable = false;
             // check the inputs
             $field = KTUtil::arrayGet($_REQUEST, 'fField', null);
             $oField = DocumentField::get($field);
             if (PEAR::isError($oField) || $oField == false) {
                 $this->errorRedirectToMain('No Field selected.');
                 exit(0);
             }
             $value = KTUtil::arrayGet($_REQUEST, 'fValue', null);
             $oValue = MetaData::get($value);
             if (PEAR::isError($oValue) || $oValue == false) {
                 $this->errorRedirectToMain('No Value selected.');
                 exit(0);
             }
             $this->oQuery = new ValueBrowseQuery($oField, $oValue);
             $this->resultURL = KTUtil::addQueryString($_SERVER['PHP_SELF'], sprintf('fBrowseMode=lookup_value&fField=%d&fValue=%d', $field, $value));
             // setup breadcrumbs
             $this->aBreadcrumbs = array(array('name' => _kt('Lookup Values'), 'url' => KTUtil::addQueryString($_SERVER['PHP_SELF'], 'action=selectField')), array('name' => $oField->getName(), 'url' => KTUtil::addQueryString($_SERVER['PHP_SELF'], 'action=selectLookup&fField=' . $oField->getId())), array('name' => $oValue->getName(), 'url' => KTUtil::addQueryString($_SERVER['PHP_SELF'], sprintf('fBrowseMode=lookup_value&fField=%d&fValue=%d', $field, $value))));
         } else {
             if ($this->browse_mode == 'document_type') {
                 // browsing by document type
                 $this->editable = false;
                 $doctype = KTUtil::arrayGet($_REQUEST, 'fType', null);
                 $oDocType = DocumentType::get($doctype);
                 if (PEAR::isError($oDocType) || $oDocType == false) {
                     $this->errorRedirectToMain('No Document Type selected.');
                     exit(0);
                 }
                 $this->oQuery = new TypeBrowseQuery($oDocType);
                 // FIXME probably want to redirect to self + action=selectType
                 $this->aBreadcrumbs[] = array('name' => _kt('Document Types'), 'url' => KTUtil::addQueryString($_SERVER['PHP_SELF'], 'action=selectType'));
                 $this->aBreadcrumbs[] = array('name' => $oDocType->getName(), 'url' => KTUtil::addQueryString($_SERVER['PHP_SELF'], 'fBrowseMode=document_type&fType=' . $oDocType->getId()));
                 $this->resultURL = KTUtil::addQueryString($_SERVER['PHP_SELF'], sprintf('fType=%s&fBrowseMode=document_type', $doctype));
             } else {
                 // FIXME what should we do if we can't initiate the browse?  we "pretend" to have no perms.
                 return false;
             }
         }
     }
     return true;
 }
Пример #4
0
 function do_main()
 {
     // fix legacy, broken items.
     if (KTUtil::arrayGet($_REQUEST, 'fDocumentID', true) !== true) {
         $_REQUEST['fDocumentId'] = sanitizeForSQL(KTUtil::arrayGet($_REQUEST, 'fDocumentID'));
         unset($_REQUEST['fDocumentID']);
     }
     $document_data = array();
     $document_id = sanitizeForSQL(KTUtil::arrayGet($_REQUEST, 'fDocumentId'));
     if ($document_id === null) {
         $this->oPage->addError(sprintf(_kt("No document was requested.  Please <a href=\"%s\">browse</a> for one."), KTBrowseUtil::getBrowseBaseUrl()));
         return $this->do_error();
     }
     // try get the document.
     $oDocument =& Document::get($document_id);
     if (PEAR::isError($oDocument)) {
         $this->oPage->addError(sprintf(_kt("The document you attempted to retrieve is invalid.   Please <a href=\"%s\">browse</a> for one."), KTBrowseUtil::getBrowseBaseUrl()));
         $this->oPage->booleanLink = true;
         return $this->do_error();
     }
     $document_id = $oDocument->getId();
     $document_data['document_id'] = $oDocument->getId();
     if (!KTBrowseUtil::inAdminMode($this->oUser, $oDocument->getFolderId())) {
         if ($oDocument->getStatusID() == ARCHIVED) {
             $this->oPage->addError(_kt('This document has been archived.  Please contact the system administrator to have it restored if it is still needed.'));
             return $this->do_request($oDocument);
         } else {
             if ($oDocument->getStatusID() == DELETED) {
                 $this->oPage->addError(_kt('This document has been deleted.  Please contact the system administrator to have it restored if it is still needed.'));
                 return $this->do_error();
             } else {
                 if (!Permission::userHasDocumentReadPermission($oDocument)) {
                     $this->oPage->addError(_kt('You are not allowed to view this document'));
                     return $this->permissionDenied();
                 }
             }
         }
     }
     if ($oDocument->getStatusID() == ARCHIVED) {
         $this->oPage->addError(_kt('This document has been archived.'));
     } else {
         if ($oDocument->getStatusID() == DELETED) {
             $this->oPage->addError(_kt('This document has been deleted.'));
         }
     }
     $this->oPage->setSecondaryTitle($oDocument->getName());
     $aOptions = array('documentaction' => 'viewDocument', 'folderaction' => 'browse');
     $this->oDocument =& $oDocument;
     //Figure out if we came here by navigating trough a shortcut.
     //If we came here from a shortcut, the breadcrumbspath should be relative
     //to the shortcut folder.
     $iSymLinkFolderId = KTUtil::arrayGet($_REQUEST, 'fShortcutFolder', null);
     if (is_numeric($iSymLinkFolderId)) {
         $oBreadcrumbsFolder = Folder::get($iSymLinkFolderId);
         $aOptions['final'] = false;
         $this->aBreadcrumbs = kt_array_merge($this->aBreadcrumbs, KTBrowseUtil::breadcrumbsForFolder($oBreadcrumbsFolder, $aOptions));
         $this->aBreadcrumbs[] = array('name' => $this->oDocument->getName());
     } else {
         $this->aBreadcrumbs = kt_array_merge($this->aBreadcrumbs, KTBrowseUtil::breadcrumbsForDocument($oDocument, $aOptions, $iSymLinkFolderId));
     }
     $this->oPage->setBreadcrumbDetails(_kt('document details'));
     $this->addPortlets('Document Details');
     $document_data['document'] = $oDocument;
     $document_data['document_type'] =& DocumentType::get($oDocument->getDocumentTypeID());
     $is_valid_doctype = true;
     if (PEAR::isError($document_data['document_type'])) {
         $this->oPage->addError(_kt('The document you requested has an invalid <strong>document type</strong>.  Unfortunately, this means that we cannot effectively display it.'));
         $is_valid_doctype = false;
     }
     // we want to grab all the md for this doc, since its faster that way.
     $mdlist =& DocumentFieldLink::getByDocument($oDocument);
     $field_values = array();
     foreach ($mdlist as $oFieldLink) {
         $field_values[$oFieldLink->getDocumentFieldID()] = $oFieldLink->getValue();
     }
     //var_dump($field_values);
     $document_data['field_values'] = $field_values;
     // Fieldset generation.
     //
     //   we need to create a set of FieldsetDisplay objects
     //   that adapt the Fieldsets associated with this lot
     //   to the view (i.e. ZX3).   Unfortunately, we don't have
     //   any of the plumbing to do it, so we handle this here.
     $fieldsets = array();
     // we always have a generic.
     array_push($fieldsets, new GenericFieldsetDisplay());
     $fieldsetDisplayReg =& KTFieldsetDisplayRegistry::getSingleton();
     $aDocFieldsets = KTMetadataUtil::fieldsetsForDocument($oDocument);
     foreach ($aDocFieldsets as $oFieldset) {
         $displayClass = $fieldsetDisplayReg->getHandler($oFieldset->getNamespace());
         array_push($fieldsets, new $displayClass($oFieldset));
     }
     $checkout_user = '******';
     if ($oDocument->getIsCheckedOut() == 1) {
         $oCOU = User::get($oDocument->getCheckedOutUserId());
         if (!(PEAR::isError($oCOU) || $oCOU == false)) {
             $checkout_user = $oCOU->getName();
         }
     }
     // is the checkout action active?
     $bCanCheckin = false;
     foreach ($this->actions as $oDocAction) {
         $sActName = $oDocAction->sName;
         if ($sActName == 'ktcore.actions.document.cancelcheckout') {
             if ($oDocAction->getInfo()) {
                 $bCanCheckin = true;
             }
         }
     }
     // viewlets.
     $aViewlets = array();
     $aViewletActions = KTDocumentActionUtil::getDocumentActionsForDocument($this->oDocument, $this->oUser, 'documentviewlet');
     foreach ($aViewletActions as $oAction) {
         $aInfo = $oAction->getInfo();
         if ($aInfo !== null) {
             $aViewlets[] = $oAction->display_viewlet();
             // use the action, since we display_viewlet() later.
         }
     }
     $viewlet_data = implode(' ', $aViewlets);
     $viewlet_data = trim($viewlet_data);
     $content_class = 'view';
     if (!empty($viewlet_data)) {
         $content_class = 'view withviewlets';
     }
     $this->oPage->setContentClass($content_class);
     $oTemplating =& KTTemplating::getSingleton();
     $oTemplate = $oTemplating->loadTemplate('ktcore/document/view');
     $aTemplateData = array('context' => $this, 'sCheckoutUser' => $checkout_user, 'isCheckoutUser' => $this->oUser->getId() == $oDocument->getCheckedOutUserId(), 'canCheckin' => $bCanCheckin, 'document_id' => $document_id, 'document' => $oDocument, 'documentName' => $oDocument->getName(), 'document_data' => $document_data, 'fieldsets' => $fieldsets, 'viewlet_data' => $viewlet_data);
     //return '<pre>' . print_r($aTemplateData, true) . '</pre>';
     return $oTemplate->render($aTemplateData);
 }
Пример #5
0
 function _show()
 {
     if (is_null($this->_sShowPermission)) {
         return true;
     }
     $oFolder = Folder::get($this->oDocument->getFolderId());
     if ($this->_bMutator && $this->oDocument->getImmutable()) {
         if ($this->_bMutationAllowedByAdmin === true) {
             if (!KTBrowseUtil::inAdminMode($this->oUser, $oFolder)) {
                 return false;
             }
         } else {
             return false;
         }
     }
     if ($this->_bAdminAlwaysAvailable) {
         if (Permission::userIsSystemAdministrator($this->oUser->getId())) {
             return true;
         }
         if (Permission::isUnitAdministratorForFolder($this->oUser, $this->oDocument->getFolderId())) {
             return true;
         }
     }
     $oPermission =& KTPermission::getByName($this->_sShowPermission);
     if (PEAR::isError($oPermission)) {
         return true;
     }
     if (!KTWorkflowUtil::actionEnabledForDocument($this->oDocument, $this->sName)) {
         return false;
     }
     // be nasty in archive/delete status.
     $status = $this->oDocument->getStatusID();
     if ($status == DELETED || $status == ARCHIVED) {
         return false;
     }
     if ($this->bAllowInAdminMode) {
         // check if this user is in admin mode
         if (KTBrowseUtil::inAdminMode($this->oUser, $oFolder)) {
             return true;
         }
     }
     return KTPermissionUtil::userHasPermissionOnItem($this->oUser, $oPermission, $this->oDocument);
 }
Пример #6
0
 /**
  * Deletes a symbolic link folder
  *
  * @param Folder $folder tthe symbolic link folder to delete
  * @param User $user the current user
  * @return unknown
  */
 static function deleteSymbolicLink($folder, $user = null)
 {
     //validate input
     if (is_numeric($folder)) {
         $folder = Folder::get($folder);
     }
     if (!$folder instanceof Folder) {
         return PEAR::raiseError(_kt('Folder not specified'));
     }
     if (!$folder->isSymbolicLink()) {
         return PEAR::raiseError(_kt('Folder must be a symbolic link entity'));
     }
     if (is_null($user)) {
         $user = $_SESSION['userID'];
     }
     if (is_numeric($user)) {
         $user = User::get($user);
     }
     //check if the user has sufficient permissions
     $oPerm = KTPermission::getByName('ktcore.permissions.delete');
     if (!KTBrowseUtil::inAdminMode($user, $folder)) {
         if (!KTPermissionUtil::userHasPermissionOnItem($user, $oPerm, $folder)) {
             return PEAR::raiseError(_kt('You\'re not authorized to delete shortcuts'));
         }
     }
     // we only need to delete the folder entry for the link
     $sql = "DELETE FROM folders WHERE id=?";
     DBUtil::runQuery(array($sql, array($folder->getId())));
 }
Пример #7
0
 function do_main()
 {
     $sCode = KTUtil::arrayGet($_REQUEST, 'code');
     $sName = KTUtil::arrayGet($_REQUEST, 'varname', 'fFolderId');
     $oWidget = unserialize($_SESSION['collection_widgets'][$sCode]);
     $oCollection = $oWidget->getCollection();
     $oFolder = Folder::get(KTUtil::arrayGet($_REQUEST, 'fFolderId', 1));
     if (PEAR::isError($oFolder)) {
         $this->errorRedirectToMain(_kt('Invalid folder selected.'));
         exit(0);
     }
     $aOptions = array('ignorepermissions' => KTBrowseUtil::inAdminMode($this->oUser, $oFolder));
     $oCollection->_queryObj->folder_id = $oFolder->getId();
     $aOptions = $oCollection->getEnvironOptions();
     $aOptions['return_url'] = KTUtil::addQueryString($_SERVER['PHP_SELF'], array('code' => $sCode, 'varname' => $sName, 'fFolderId' => $oFolder->getId()));
     $oCollection->setOptions($aOptions);
     // add the collection code to the title column QS params
     foreach ($oWidget->aCols as $ns) {
         $aColOpts = $oCollection->getColumnOptions($ns);
         $aColOpts['qs_params'] = kt_array_merge(KTUtil::arrayGet($aColOpts, 'qs_params', array()), array('code' => $sCode, 'varname' => $sName));
         $oCollection->setColumnOptions($ns, $aColOpts);
     }
     // make the breadcrumbs
     $aBreadcrumbs = $this->_generate_breadcrumbs($oFolder, $sCode, $oWidget->aBCUrlParams, $sName);
     print KTTemplating::renderTemplate('ktcore/forms/widgets/collection', array('collection' => $oCollection, 'folder' => $oFolder, 'breadcrumbs' => $aBreadcrumbs, 'targetname' => $sName));
     exit(0);
 }
Пример #8
0
 function breadcrumbsForFolder($oFolder, $aOptions = null)
 {
     $oFolder =& KTUtil::getObject('Folder', $oFolder);
     $sAction = KTUtil::arrayGet($aOptions, 'folderaction');
     if (PEAR::isError($oFolder)) {
         $url = KTUtil::addQueryStringSelf('fFolderId=1');
         if (!empty($sAction)) {
             $url = generateControllerUrl($sAction, 'fFolderId=1');
         }
         return array(array('url' => $url, 'name' => '&hellip;'));
     }
     $bFinal = KTUtil::arrayGet($aOptions, 'final', true, false);
     $bFolderBrowseBase = KTUtil::arrayGet($aOptions, 'folderbase', '');
     $aBreadcrumbs = array();
     // skip root.
     //$folder_path_names = $oFolder->getPathArray();
     $folder_path_ids = array_slice(explode(',', $oFolder->getParentFolderIds()), 1);
     $parents = count($folder_path_ids);
     // we have made the "default" folder non-root, so we need to be able
     // to reach "Root" (Folder::get(1)).
     $url = KTUtil::addQueryStringSelf('fFolderId=1');
     if (!empty($sAction)) {
         $url = generateControllerUrl($sAction, 'fFolderId=1');
     }
     $aBreadcrumbs[] = array('url' => $url, 'name' => _kt('Folders'));
     $oUser = User::get($_SESSION['userID']);
     if ($parents != 0) {
         foreach (range(0, $parents - 1) as $index) {
             $id = $folder_path_ids[$index];
             $oThisFolder = Folder::get($id);
             $sFolderName = $oThisFolder->getName();
             $url = KTUtil::addQueryStringSelf('fFolderId=' . $id);
             if (!empty($sAction)) {
                 $url = generateControllerUrl($sAction, 'fFolderId=' . $id);
             }
             if (!KTPermissionUtil::userHasPermissionOnItem($oUser, 'ktcore.permissions.folder_details', $oThisFolder)) {
                 if (KTBrowseUtil::inAdminMode($oUser, $oThisFolder)) {
                     $aBreadcrumbs[] = array('url' => $url, 'name' => sprintf('(%s)', $sFolderName));
                 } else {
                     $aBreadcrumbs[] = array('name' => '...');
                 }
                 continue;
             }
             $aBreadcrumbs[] = array('url' => $url, 'name' => $sFolderName);
         }
     }
     // now add this folder, _if we aren't in 1_.
     if ($oFolder->getId() != 1) {
         $id = $oFolder->getId();
         $url = KTUtil::addQueryStringSelf('fFolderId=' . $id);
         if (!empty($sAction)) {
             $url = generateControllerUrl($sAction, 'fFolderId=' . $id);
         }
         if (!KTPermissionUtil::userHasPermissionOnItem($oUser, 'ktcore.permissions.folder_details', $oFolder)) {
             if (KTBrowseUtil::inAdminMode($oUser, $oFolder)) {
                 $aBreadcrumbs[] = array('url' => $url, 'name' => sprintf('(%s)', $oFolder->getName()));
             } else {
                 $aBreadcrumbs[] = array('name' => '...');
             }
         } else {
             if ($bFinal) {
                 $aBreadcrumbs[] = array('name' => $oFolder->getName());
             } else {
                 $aBreadcrumbs[] = array('url' => $url, 'name' => $oFolder->getName());
             }
         }
     }
     $aCompactBreadcrumbs = array();
     $lastdotdotdot = false;
     foreach ($aBreadcrumbs as $aBreadcrumb) {
         if ($aBreadcrumb['name'] == '...') {
             if ($lastdotdotdot == true) {
                 continue;
             }
             $lastdotdotdot = true;
         } else {
             $lastdotdotdot = false;
         }
         $aCompactBreadcrumbs[] = $aBreadcrumb;
     }
     return $aCompactBreadcrumbs;
 }
Пример #9
0
 /**
  * Returns an associative array with permissions mapped onto users, groups and roles.
  *
  * @author KnowledgeTree Team
  * @access public
  * @access protected
  */
 protected function _resolveAllocations()
 {
     $object = $this->folderItem->getObject();
     $objectId = $object->getPermissionObjectID();
     $oPO = KTPermissionObject::get($objectId);
     $permissions = KTPermission::getList();
     $cleanPermissions = array();
     $map = array('roles' => array('active' => array(), 'map' => array()), 'users' => array('active' => array(), 'map' => array()), 'groups' => array('active' => array(), 'map' => array()), 'permissions' => array());
     foreach ($permissions as $permission) {
         $permissionId = $permission->getId();
         $cleanPermissions[$permissionId] = false;
         $map['permissions'][$permissionId] = $permission->getHumanName();
     }
     // The next 3 sections of code are slightly repetitive.
     // Get all group permission assignments
     $sql = "SELECT\n                    pa.permission_id, g.name, g.id\n                FROM\n                    permission_assignments pa\n                    INNER JOIN permissions p ON p.id = pa.permission_id\n                    INNER JOIN permission_descriptor_groups pdg ON pa.permission_descriptor_id = pdg.descriptor_id\n                    INNER JOIN groups_lookup g ON pdg.group_id = g.id\n                WHERE\n                    pa.permission_object_id = ?\n                ORDER BY g.name\n        ";
     $groupPermissions = DBUtil::getResultArray(array($sql, array($objectId)));
     foreach ($groupPermissions as $group) {
         $groupId = $group['id'];
         if (!array_key_exists($groupId, $map['groups']['active'])) {
             $map['groups']['map'][$groupId] = $cleanPermissions;
         }
         $map['groups']['active'][$groupId] = $group['name'];
         $map['groups']['map'][$groupId][$group['permission_id']] = true;
     }
     // Get all role permission assignments
     $sql = "SELECT\n                    pa.permission_id, r.name, r.id\n                FROM\n                    permission_assignments pa\n                    INNER JOIN permissions p ON p.id = pa.permission_id\n                    INNER JOIN permission_descriptor_roles pdr ON pa.permission_descriptor_id = pdr.descriptor_id\n                    INNER JOIN roles r ON pdr.role_id = r.id\n                WHERE\n                    pa.permission_object_id = ?\n                ORDER BY r.name\n        ";
     $rolePermissions = DBUtil::getResultArray(array($sql, array($objectId)));
     foreach ($rolePermissions as $role) {
         $roleId = $role['id'];
         if (!array_key_exists($roleId, $map['roles']['active'])) {
             $map['roles']['map'][$roleId] = $cleanPermissions;
         }
         $map['roles']['active'][$roleId] = $role['name'];
         $map['roles']['map'][$roleId][$role['permission_id']] = true;
     }
     // Get all user permission assignments
     $sql = "SELECT\n                    pa.permission_id, u.name, u.id\n                FROM\n                    permission_assignments pa\n                    INNER JOIN permissions p ON p.id = pa.permission_id\n                    INNER JOIN permission_descriptor_users pdu ON pa.permission_descriptor_id = pdu.descriptor_id\n                    INNER JOIN users u ON pdu.user_id = u.id\n                WHERE\n                    pa.permission_object_id = ?\n                ORDER BY u.name\n        ";
     $userPermissions = DBUtil::getResultArray(array($sql, $objectId));
     foreach ($userPermissions as $user) {
         $userId = $user['id'];
         if (!array_key_exists($userId, $map['users']['active'])) {
             $map['users']['map'][$userId] = $cleanPermissions;
         }
         $map['users']['active'][$userId] = $user['name'];
         $map['users']['map'][$userId][$user['permission_id']] = true;
     }
     // resolve editable, inherited, inheritable
     $user = $this->ktapi->get_session()->get_user();
     $editable = KTPermissionUtil::userHasPermissionOnItem($user, 'ktcore.permissions.security', $object) || KTBrowseUtil::inAdminMode($user, $this->folderItem);
     $inherited = KTPermissionUtil::findRootObjectForPermissionObject($oPO);
     $inheritedId = $inherited->getId();
     $objectId = $object->getId();
     $map['inherited'] = $inheritedId !== $objectId && $objectId != 1;
     // only allow inheritance of permissions from parent if not inherited, -and- folder is editable
     $map['inheritable'] = $editable && !$map['inherited'] && $objectId != 1;
     // only allow edit if the folder is editable and not inherited
     $map['editable'] = $editable && !$map['inherited'];
     $this->map = $map;
     $this->mapCopy = $map;
     $this->changed = false;
 }
Пример #10
0
 function do_removeDynamicCondition()
 {
     $aOptions = array('redirect_to' => array('main', 'fFolderId=' . $this->oFolder->getId()));
     if (!KTBrowseUtil::inAdminMode($this->oUser, $this->oFolder)) {
         $this->oValidator->userHasPermissionOnItem($this->oUser, $this->_sEditShowPermission, $this->oFolder, $aOptions);
     }
     $aOptions = array('redirect_to' => array('edit', 'fFolderId=' . $this->oFolder->getId()));
     $oDynamicCondition =& $this->oValidator->validateDynamicCondition($_REQUEST['fDynamicConditionId'], $aOptions);
     $res = $oDynamicCondition->delete();
     $this->oValidator->notError($res, $aOptions);
     $oTransaction = KTFolderTransaction::createFromArray(array('folderid' => $this->oFolder->getId(), 'comment' => _kt('Removed dynamic permissions'), 'transactionNS' => 'ktcore.transactions.permissions_change', 'userid' => $_SESSION['userID'], 'ip' => Session::getClientIP()));
     $aOptions = array('defaultmessage' => _kt('Error updating permissions'), 'redirect_to' => array('edit', sprintf('fFolderId=%d', $this->oFolder->getId())));
     $this->oValidator->notErrorFalse($oTransaction, $aOptions);
     $oPO = KTPermissionObject::get($this->oFolder->getPermissionObjectId());
     KTPermissionUtil::updatePermissionLookupForPO($oPO);
     $this->successRedirectTo('edit', _kt('Dynamic permission removed'), 'fFolderId=' . $this->oFolder->getId());
 }
Пример #11
0
 function check_entity($oEntity)
 {
     $oPermission =& KTPermission::getByName($this->_sPermission);
     if (PEAR::isError($oPermission)) {
         return true;
     }
     // basic document checks
     // TODO: check if this is appropriate
     //       should probably store the 'equivalent' action (ie. document.delete)
     //       and check that, rather than add a new list of actions to the workflow
     //       section
     if (is_a($oEntity, 'Document')) {
         if (!KTWorkflowUtil::actionEnabledForDocument($oEntity, $this->sName)) {
             return PEAR::raiseError(_kt('Action is disabled by workflow'));
         }
         $status = $oEntity->getStatusID();
         if ($status == DELETED || $status == ARCHIVED) {
             return PEAR::raiseError(_kt('Document is archived or deleted'));
         }
     }
     // admin check
     if ($this->bAllowInAdminMode) {
         if (KTBrowseUtil::inAdminMode($this->oUser, null)) {
             return true;
         }
     }
     if (!KTPermissionUtil::userHasPermissionOnItem($this->oUser, $oPermission, $oEntity)) {
         return PEAR::raiseError(_kt('You do not have the required permissions'));
     }
     return true;
 }
Пример #12
0
 /**
  * Deletes a document symbolic link
  *
  * @param Document $document the symbolic link document
  * @param User $user the user deleting the link
  * @return unknown
  */
 static function deleteSymbolicLink($document, $user = null)
 {
     //validate input
     if (is_numeric($document)) {
         $document = Document::get($document);
     }
     if (!$document instanceof Document) {
         return PEAR::raiseError(_kt('Document not specified'));
     }
     if (!$document->isSymbolicLink()) {
         return PEAR::raiseError(_kt('Document must be a symbolic link entity'));
     }
     if (is_null($user)) {
         $user = $_SESSION['userID'];
     }
     if (is_numeric($user)) {
         $user = User::get($user);
     }
     //check permissions
     $oPerm = KTPermission::getByName('ktcore.permissions.delete');
     if (!KTBrowseUtil::inAdminMode($user, $document->getParentID())) {
         if (!KTPermissionUtil::userHasPermissionOnItem($user, $oPerm, $document)) {
             return PEAR::raiseError(_kt('You\'re not authorized to delete this shortcut'));
         }
     }
     // we only need to delete the document entry for the link
     $sql = "DELETE FROM documents WHERE id=?";
     DBUtil::runQuery(array($sql, array($document->getId())));
 }
Пример #13
0
 function check()
 {
     $this->oFolder =& $this->oValidator->validateFolder($_REQUEST['fFolderId']);
     if (!$this->_show()) {
         return false;
     }
     $aOptions = array('final' => false, 'documentaction' => 'viewDocument', 'folderaction' => 'browse');
     $this->aBreadcrumbs = kt_array_merge($this->aBreadcrumbs, KTBrowseUtil::breadcrumbsForFolder($this->oFolder, $aOptions));
     $portlet = new KTActionPortlet(sprintf(_kt('About this folder')));
     $aActions = KTFolderActionUtil::getFolderInfoActionsForFolder($this->oFolder, $this->oUser);
     $portlet->setActions($aActions, $this->sName);
     $this->oPage->addPortlet($portlet);
     $portlet = new KTActionPortlet(sprintf(_kt('Actions on this folder')));
     $aActions = KTFolderActionUtil::getFolderActionsForFolder($this->oFolder, $this->oUser);
     $portlet->setActions($aActions, $this->sName);
     $this->oPage->addPortlet($portlet);
     if (KTPermissionUtil::userHasPermissionOnItem($this->oUser, 'ktcore.permissions.folder_details', $this->oFolder)) {
         $this->oPage->setSecondaryTitle($this->oFolder->getName());
     } else {
         if (KTBrowseUtil::inAdminMode($this->oUser, $this->oFolder)) {
             $this->oPage->setSecondaryTitle(sprintf('(%s)', $this->oFolder->getName()));
         } else {
             $this->oPage->setSecondaryTitle('...');
         }
     }
     return true;
 }