function _fieldValues()
{
if (empty($this->dDateTime)) {
$this->dDateTime = getCurrentDateTime();
}
if (empty($this->iSessionId)) {
$this->iSessionId = $_SESSION['sessionID'];
}
$oFolder = Folder::get($this->iFolderId);
// head off the certain breakage down the line.
if (PEAR::isError($oFolder) || $oFolder === false) {
$this->bAdminMode = 0;
} else {
if (KTBrowseUtil::inAdminMode($oUser, $oFolder)) {
$this->bAdminMode = 1;
} else {
$this->bAdminMode = 0;
}
}
return parent::_fieldValues();
}
function check()
{
$res = parent::check();
if ($res !== true) {
return $res;
}
if (!$this->oDocument->getIsCheckedOut()) {
$_SESSION['KTErrorMessage'][] = _kt('This document is not checked out');
controllerRedirect('viewDocument', 'fDocumentId=' . $this->oDocument->getId());
exit(0);
}
// hard override if we're in admin mode for this doc.
if (is_null($this->bInAdminMode)) {
$oFolder = Folder::get($this->oDocument->getFolderId());
if (KTBrowseUtil::inAdminMode($this->oUser, $oFolder)) {
$this->bAdminMode = true;
return true;
}
} else {
if ($this->bInAdminMode == true) {
return true;
}
}
if ($this->oDocument->getCheckedOutUserID() != $this->oUser->getId()) {
$_SESSION['KTErrorMessage'][] = _kt('This document is checked out, but not by you');
controllerRedirect('viewDocument', 'fDocumentId=' . $this->oDocument->getId());
exit(0);
}
return true;
}
function check()
{
$this->browse_mode = KTUtil::arrayGet($_REQUEST, 'fBrowseMode', 'folder');
$action = KTUtil::arrayGet($_REQUEST, $this->event_var, 'main');
$this->editable = false;
// catch the alternative actions.
if ($action != 'main') {
return true;
}
// if we're going to main ...
// folder browse mode
if ($this->browse_mode == 'folder') {
$in_folder_id = KTUtil::arrayGet($_REQUEST, 'fFolderId');
if (empty($in_folder_id)) {
$oConfig = KTConfig::getSingleton();
if ($oConfig->get('tweaks/browseToUnitFolder')) {
$iHomeFolderId = $this->oUser->getHomeFolderId();
if ($iHomeFolderId) {
$in_folder_id = $iHomeFolderId;
}
}
}
$folder_id = (int) $in_folder_id;
// conveniently, will be 0 if not possible.
if ($folder_id == 0) {
$folder_id = 1;
}
$_REQUEST['fBrowseMode'] = 'folder';
// here we need the folder object to do the breadcrumbs.
$oFolder =& Folder::get($folder_id);
if (PEAR::isError($oFolder)) {
return false;
// just fail.
}
// check whether the user can edit this folder
$oPerm = KTPermission::getByName('ktcore.permissions.write');
if (KTPermissionUtil::userHasPermissionOnItem($this->oUser, $oPerm, $oFolder)) {
$this->editable = true;
} else {
$this->editable = false;
}
// set the title and breadcrumbs...
$this->oPage->setTitle(_kt('Browse'));
if (KTPermissionUtil::userHasPermissionOnItem($this->oUser, 'ktcore.permissions.folder_details', $oFolder)) {
$this->oPage->setSecondaryTitle($oFolder->getName());
} else {
if (KTBrowseUtil::inAdminMode($this->oUser, $oFolder)) {
$this->oPage->setSecondaryTitle(sprintf('(%s)', $oFolder->getName()));
} else {
$this->oPage->setSecondaryTitle('...');
}
}
//Figure out if we came here by navigating trough a shortcut.
//If we came here from a shortcut, the breadcrumbspath should be relative
//to the shortcut folder.
$iSymLinkFolderId = KTUtil::arrayGet($_REQUEST, 'fShortcutFolder', null);
if (is_numeric($iSymLinkFolderId)) {
$oBreadcrumbsFolder = Folder::get($iSymLinkFolderId);
$this->aBreadcrumbs = kt_array_merge($this->aBreadcrumbs, KTBrowseUtil::breadcrumbsForFolder($oBreadcrumbsFolder, array('final' => false)));
$this->aBreadcrumbs[] = array('name' => $oFolder->getName());
} else {
$this->aBreadcrumbs = kt_array_merge($this->aBreadcrumbs, KTBrowseUtil::breadcrumbsForFolder($oFolder));
}
$this->oFolder =& $oFolder;
// we now have a folder, and need to create the query.
$aOptions = array('ignorepermissions' => KTBrowseUtil::inAdminMode($this->oUser, $oFolder));
$this->oQuery = new BrowseQuery($oFolder->getId(), $this->oUser, $aOptions);
$this->resultURL = KTUtil::addQueryString($_SERVER['PHP_SELF'], sprintf('fFolderId=%d', $oFolder->getId()));
// and the portlets
$portlet = new KTActionPortlet(sprintf(_kt('About this folder')));
$aActions = KTFolderActionUtil::getFolderInfoActionsForFolder($this->oFolder, $this->oUser);
$portlet->setActions($aActions, $this->sName);
$this->oPage->addPortlet($portlet);
$portlet = new KTActionPortlet(sprintf(_kt('Actions on this folder')));
$aActions = KTFolderActionUtil::getFolderActionsForFolder($oFolder, $this->oUser);
$portlet->setActions($aActions, null);
$this->oPage->addPortlet($portlet);
} else {
if ($this->browse_mode == 'lookup_value') {
// browsing by a lookup value
$this->editable = false;
// check the inputs
$field = KTUtil::arrayGet($_REQUEST, 'fField', null);
$oField = DocumentField::get($field);
if (PEAR::isError($oField) || $oField == false) {
$this->errorRedirectToMain('No Field selected.');
exit(0);
}
$value = KTUtil::arrayGet($_REQUEST, 'fValue', null);
$oValue = MetaData::get($value);
if (PEAR::isError($oValue) || $oValue == false) {
$this->errorRedirectToMain('No Value selected.');
exit(0);
}
$this->oQuery = new ValueBrowseQuery($oField, $oValue);
$this->resultURL = KTUtil::addQueryString($_SERVER['PHP_SELF'], sprintf('fBrowseMode=lookup_value&fField=%d&fValue=%d', $field, $value));
// setup breadcrumbs
$this->aBreadcrumbs = array(array('name' => _kt('Lookup Values'), 'url' => KTUtil::addQueryString($_SERVER['PHP_SELF'], 'action=selectField')), array('name' => $oField->getName(), 'url' => KTUtil::addQueryString($_SERVER['PHP_SELF'], 'action=selectLookup&fField=' . $oField->getId())), array('name' => $oValue->getName(), 'url' => KTUtil::addQueryString($_SERVER['PHP_SELF'], sprintf('fBrowseMode=lookup_value&fField=%d&fValue=%d', $field, $value))));
} else {
if ($this->browse_mode == 'document_type') {
// browsing by document type
$this->editable = false;
$doctype = KTUtil::arrayGet($_REQUEST, 'fType', null);
$oDocType = DocumentType::get($doctype);
if (PEAR::isError($oDocType) || $oDocType == false) {
$this->errorRedirectToMain('No Document Type selected.');
exit(0);
}
$this->oQuery = new TypeBrowseQuery($oDocType);
// FIXME probably want to redirect to self + action=selectType
$this->aBreadcrumbs[] = array('name' => _kt('Document Types'), 'url' => KTUtil::addQueryString($_SERVER['PHP_SELF'], 'action=selectType'));
$this->aBreadcrumbs[] = array('name' => $oDocType->getName(), 'url' => KTUtil::addQueryString($_SERVER['PHP_SELF'], 'fBrowseMode=document_type&fType=' . $oDocType->getId()));
$this->resultURL = KTUtil::addQueryString($_SERVER['PHP_SELF'], sprintf('fType=%s&fBrowseMode=document_type', $doctype));
} else {
// FIXME what should we do if we can't initiate the browse? we "pretend" to have no perms.
return false;
}
}
}
return true;
}
function do_main()
{
// fix legacy, broken items.
if (KTUtil::arrayGet($_REQUEST, 'fDocumentID', true) !== true) {
$_REQUEST['fDocumentId'] = sanitizeForSQL(KTUtil::arrayGet($_REQUEST, 'fDocumentID'));
unset($_REQUEST['fDocumentID']);
}
$document_data = array();
$document_id = sanitizeForSQL(KTUtil::arrayGet($_REQUEST, 'fDocumentId'));
if ($document_id === null) {
$this->oPage->addError(sprintf(_kt("No document was requested. Please <a href=\"%s\">browse</a> for one."), KTBrowseUtil::getBrowseBaseUrl()));
return $this->do_error();
}
// try get the document.
$oDocument =& Document::get($document_id);
if (PEAR::isError($oDocument)) {
$this->oPage->addError(sprintf(_kt("The document you attempted to retrieve is invalid. Please <a href=\"%s\">browse</a> for one."), KTBrowseUtil::getBrowseBaseUrl()));
$this->oPage->booleanLink = true;
return $this->do_error();
}
$document_id = $oDocument->getId();
$document_data['document_id'] = $oDocument->getId();
if (!KTBrowseUtil::inAdminMode($this->oUser, $oDocument->getFolderId())) {
if ($oDocument->getStatusID() == ARCHIVED) {
$this->oPage->addError(_kt('This document has been archived. Please contact the system administrator to have it restored if it is still needed.'));
return $this->do_request($oDocument);
} else {
if ($oDocument->getStatusID() == DELETED) {
$this->oPage->addError(_kt('This document has been deleted. Please contact the system administrator to have it restored if it is still needed.'));
return $this->do_error();
} else {
if (!Permission::userHasDocumentReadPermission($oDocument)) {
$this->oPage->addError(_kt('You are not allowed to view this document'));
return $this->permissionDenied();
}
}
}
}
if ($oDocument->getStatusID() == ARCHIVED) {
$this->oPage->addError(_kt('This document has been archived.'));
} else {
if ($oDocument->getStatusID() == DELETED) {
$this->oPage->addError(_kt('This document has been deleted.'));
}
}
$this->oPage->setSecondaryTitle($oDocument->getName());
$aOptions = array('documentaction' => 'viewDocument', 'folderaction' => 'browse');
$this->oDocument =& $oDocument;
//Figure out if we came here by navigating trough a shortcut.
//If we came here from a shortcut, the breadcrumbspath should be relative
//to the shortcut folder.
$iSymLinkFolderId = KTUtil::arrayGet($_REQUEST, 'fShortcutFolder', null);
if (is_numeric($iSymLinkFolderId)) {
$oBreadcrumbsFolder = Folder::get($iSymLinkFolderId);
$aOptions['final'] = false;
$this->aBreadcrumbs = kt_array_merge($this->aBreadcrumbs, KTBrowseUtil::breadcrumbsForFolder($oBreadcrumbsFolder, $aOptions));
$this->aBreadcrumbs[] = array('name' => $this->oDocument->getName());
} else {
$this->aBreadcrumbs = kt_array_merge($this->aBreadcrumbs, KTBrowseUtil::breadcrumbsForDocument($oDocument, $aOptions, $iSymLinkFolderId));
}
$this->oPage->setBreadcrumbDetails(_kt('document details'));
$this->addPortlets('Document Details');
$document_data['document'] = $oDocument;
$document_data['document_type'] =& DocumentType::get($oDocument->getDocumentTypeID());
$is_valid_doctype = true;
if (PEAR::isError($document_data['document_type'])) {
$this->oPage->addError(_kt('The document you requested has an invalid <strong>document type</strong>. Unfortunately, this means that we cannot effectively display it.'));
$is_valid_doctype = false;
}
// we want to grab all the md for this doc, since its faster that way.
$mdlist =& DocumentFieldLink::getByDocument($oDocument);
$field_values = array();
foreach ($mdlist as $oFieldLink) {
$field_values[$oFieldLink->getDocumentFieldID()] = $oFieldLink->getValue();
}
//var_dump($field_values);
$document_data['field_values'] = $field_values;
// Fieldset generation.
//
// we need to create a set of FieldsetDisplay objects
// that adapt the Fieldsets associated with this lot
// to the view (i.e. ZX3). Unfortunately, we don't have
// any of the plumbing to do it, so we handle this here.
$fieldsets = array();
// we always have a generic.
array_push($fieldsets, new GenericFieldsetDisplay());
$fieldsetDisplayReg =& KTFieldsetDisplayRegistry::getSingleton();
$aDocFieldsets = KTMetadataUtil::fieldsetsForDocument($oDocument);
foreach ($aDocFieldsets as $oFieldset) {
$displayClass = $fieldsetDisplayReg->getHandler($oFieldset->getNamespace());
array_push($fieldsets, new $displayClass($oFieldset));
}
$checkout_user = '******';
if ($oDocument->getIsCheckedOut() == 1) {
$oCOU = User::get($oDocument->getCheckedOutUserId());
if (!(PEAR::isError($oCOU) || $oCOU == false)) {
$checkout_user = $oCOU->getName();
}
}
// is the checkout action active?
$bCanCheckin = false;
foreach ($this->actions as $oDocAction) {
$sActName = $oDocAction->sName;
if ($sActName == 'ktcore.actions.document.cancelcheckout') {
if ($oDocAction->getInfo()) {
$bCanCheckin = true;
}
}
}
// viewlets.
$aViewlets = array();
$aViewletActions = KTDocumentActionUtil::getDocumentActionsForDocument($this->oDocument, $this->oUser, 'documentviewlet');
foreach ($aViewletActions as $oAction) {
$aInfo = $oAction->getInfo();
if ($aInfo !== null) {
$aViewlets[] = $oAction->display_viewlet();
// use the action, since we display_viewlet() later.
}
}
$viewlet_data = implode(' ', $aViewlets);
$viewlet_data = trim($viewlet_data);
$content_class = 'view';
if (!empty($viewlet_data)) {
$content_class = 'view withviewlets';
}
$this->oPage->setContentClass($content_class);
$oTemplating =& KTTemplating::getSingleton();
$oTemplate = $oTemplating->loadTemplate('ktcore/document/view');
$aTemplateData = array('context' => $this, 'sCheckoutUser' => $checkout_user, 'isCheckoutUser' => $this->oUser->getId() == $oDocument->getCheckedOutUserId(), 'canCheckin' => $bCanCheckin, 'document_id' => $document_id, 'document' => $oDocument, 'documentName' => $oDocument->getName(), 'document_data' => $document_data, 'fieldsets' => $fieldsets, 'viewlet_data' => $viewlet_data);
//return '<pre>' . print_r($aTemplateData, true) . '</pre>';
return $oTemplate->render($aTemplateData);
}
function _show()
{
if (is_null($this->_sShowPermission)) {
return true;
}
$oFolder = Folder::get($this->oDocument->getFolderId());
if ($this->_bMutator && $this->oDocument->getImmutable()) {
if ($this->_bMutationAllowedByAdmin === true) {
if (!KTBrowseUtil::inAdminMode($this->oUser, $oFolder)) {
return false;
}
} else {
return false;
}
}
if ($this->_bAdminAlwaysAvailable) {
if (Permission::userIsSystemAdministrator($this->oUser->getId())) {
return true;
}
if (Permission::isUnitAdministratorForFolder($this->oUser, $this->oDocument->getFolderId())) {
return true;
}
}
$oPermission =& KTPermission::getByName($this->_sShowPermission);
if (PEAR::isError($oPermission)) {
return true;
}
if (!KTWorkflowUtil::actionEnabledForDocument($this->oDocument, $this->sName)) {
return false;
}
// be nasty in archive/delete status.
$status = $this->oDocument->getStatusID();
if ($status == DELETED || $status == ARCHIVED) {
return false;
}
if ($this->bAllowInAdminMode) {
// check if this user is in admin mode
if (KTBrowseUtil::inAdminMode($this->oUser, $oFolder)) {
return true;
}
}
return KTPermissionUtil::userHasPermissionOnItem($this->oUser, $oPermission, $this->oDocument);
}
/**
* Deletes a symbolic link folder
*
* @param Folder $folder tthe symbolic link folder to delete
* @param User $user the current user
* @return unknown
*/
static function deleteSymbolicLink($folder, $user = null)
{
//validate input
if (is_numeric($folder)) {
$folder = Folder::get($folder);
}
if (!$folder instanceof Folder) {
return PEAR::raiseError(_kt('Folder not specified'));
}
if (!$folder->isSymbolicLink()) {
return PEAR::raiseError(_kt('Folder must be a symbolic link entity'));
}
if (is_null($user)) {
$user = $_SESSION['userID'];
}
if (is_numeric($user)) {
$user = User::get($user);
}
//check if the user has sufficient permissions
$oPerm = KTPermission::getByName('ktcore.permissions.delete');
if (!KTBrowseUtil::inAdminMode($user, $folder)) {
if (!KTPermissionUtil::userHasPermissionOnItem($user, $oPerm, $folder)) {
return PEAR::raiseError(_kt('You\'re not authorized to delete shortcuts'));
}
}
// we only need to delete the folder entry for the link
$sql = "DELETE FROM folders WHERE id=?";
DBUtil::runQuery(array($sql, array($folder->getId())));
}
function do_main()
{
$sCode = KTUtil::arrayGet($_REQUEST, 'code');
$sName = KTUtil::arrayGet($_REQUEST, 'varname', 'fFolderId');
$oWidget = unserialize($_SESSION['collection_widgets'][$sCode]);
$oCollection = $oWidget->getCollection();
$oFolder = Folder::get(KTUtil::arrayGet($_REQUEST, 'fFolderId', 1));
if (PEAR::isError($oFolder)) {
$this->errorRedirectToMain(_kt('Invalid folder selected.'));
exit(0);
}
$aOptions = array('ignorepermissions' => KTBrowseUtil::inAdminMode($this->oUser, $oFolder));
$oCollection->_queryObj->folder_id = $oFolder->getId();
$aOptions = $oCollection->getEnvironOptions();
$aOptions['return_url'] = KTUtil::addQueryString($_SERVER['PHP_SELF'], array('code' => $sCode, 'varname' => $sName, 'fFolderId' => $oFolder->getId()));
$oCollection->setOptions($aOptions);
// add the collection code to the title column QS params
foreach ($oWidget->aCols as $ns) {
$aColOpts = $oCollection->getColumnOptions($ns);
$aColOpts['qs_params'] = kt_array_merge(KTUtil::arrayGet($aColOpts, 'qs_params', array()), array('code' => $sCode, 'varname' => $sName));
$oCollection->setColumnOptions($ns, $aColOpts);
}
// make the breadcrumbs
$aBreadcrumbs = $this->_generate_breadcrumbs($oFolder, $sCode, $oWidget->aBCUrlParams, $sName);
print KTTemplating::renderTemplate('ktcore/forms/widgets/collection', array('collection' => $oCollection, 'folder' => $oFolder, 'breadcrumbs' => $aBreadcrumbs, 'targetname' => $sName));
exit(0);
}
function breadcrumbsForFolder($oFolder, $aOptions = null)
{
$oFolder =& KTUtil::getObject('Folder', $oFolder);
$sAction = KTUtil::arrayGet($aOptions, 'folderaction');
if (PEAR::isError($oFolder)) {
$url = KTUtil::addQueryStringSelf('fFolderId=1');
if (!empty($sAction)) {
$url = generateControllerUrl($sAction, 'fFolderId=1');
}
return array(array('url' => $url, 'name' => '…'));
}
$bFinal = KTUtil::arrayGet($aOptions, 'final', true, false);
$bFolderBrowseBase = KTUtil::arrayGet($aOptions, 'folderbase', '');
$aBreadcrumbs = array();
// skip root.
//$folder_path_names = $oFolder->getPathArray();
$folder_path_ids = array_slice(explode(',', $oFolder->getParentFolderIds()), 1);
$parents = count($folder_path_ids);
// we have made the "default" folder non-root, so we need to be able
// to reach "Root" (Folder::get(1)).
$url = KTUtil::addQueryStringSelf('fFolderId=1');
if (!empty($sAction)) {
$url = generateControllerUrl($sAction, 'fFolderId=1');
}
$aBreadcrumbs[] = array('url' => $url, 'name' => _kt('Folders'));
$oUser = User::get($_SESSION['userID']);
if ($parents != 0) {
foreach (range(0, $parents - 1) as $index) {
$id = $folder_path_ids[$index];
$oThisFolder = Folder::get($id);
$sFolderName = $oThisFolder->getName();
$url = KTUtil::addQueryStringSelf('fFolderId=' . $id);
if (!empty($sAction)) {
$url = generateControllerUrl($sAction, 'fFolderId=' . $id);
}
if (!KTPermissionUtil::userHasPermissionOnItem($oUser, 'ktcore.permissions.folder_details', $oThisFolder)) {
if (KTBrowseUtil::inAdminMode($oUser, $oThisFolder)) {
$aBreadcrumbs[] = array('url' => $url, 'name' => sprintf('(%s)', $sFolderName));
} else {
$aBreadcrumbs[] = array('name' => '...');
}
continue;
}
$aBreadcrumbs[] = array('url' => $url, 'name' => $sFolderName);
}
}
// now add this folder, _if we aren't in 1_.
if ($oFolder->getId() != 1) {
$id = $oFolder->getId();
$url = KTUtil::addQueryStringSelf('fFolderId=' . $id);
if (!empty($sAction)) {
$url = generateControllerUrl($sAction, 'fFolderId=' . $id);
}
if (!KTPermissionUtil::userHasPermissionOnItem($oUser, 'ktcore.permissions.folder_details', $oFolder)) {
if (KTBrowseUtil::inAdminMode($oUser, $oFolder)) {
$aBreadcrumbs[] = array('url' => $url, 'name' => sprintf('(%s)', $oFolder->getName()));
} else {
$aBreadcrumbs[] = array('name' => '...');
}
} else {
if ($bFinal) {
$aBreadcrumbs[] = array('name' => $oFolder->getName());
} else {
$aBreadcrumbs[] = array('url' => $url, 'name' => $oFolder->getName());
}
}
}
$aCompactBreadcrumbs = array();
$lastdotdotdot = false;
foreach ($aBreadcrumbs as $aBreadcrumb) {
if ($aBreadcrumb['name'] == '...') {
if ($lastdotdotdot == true) {
continue;
}
$lastdotdotdot = true;
} else {
$lastdotdotdot = false;
}
$aCompactBreadcrumbs[] = $aBreadcrumb;
}
return $aCompactBreadcrumbs;
}
/**
* Returns an associative array with permissions mapped onto users, groups and roles.
*
* @author KnowledgeTree Team
* @access public
* @access protected
*/
protected function _resolveAllocations()
{
$object = $this->folderItem->getObject();
$objectId = $object->getPermissionObjectID();
$oPO = KTPermissionObject::get($objectId);
$permissions = KTPermission::getList();
$cleanPermissions = array();
$map = array('roles' => array('active' => array(), 'map' => array()), 'users' => array('active' => array(), 'map' => array()), 'groups' => array('active' => array(), 'map' => array()), 'permissions' => array());
foreach ($permissions as $permission) {
$permissionId = $permission->getId();
$cleanPermissions[$permissionId] = false;
$map['permissions'][$permissionId] = $permission->getHumanName();
}
// The next 3 sections of code are slightly repetitive.
// Get all group permission assignments
$sql = "SELECT\n pa.permission_id, g.name, g.id\n FROM\n permission_assignments pa\n INNER JOIN permissions p ON p.id = pa.permission_id\n INNER JOIN permission_descriptor_groups pdg ON pa.permission_descriptor_id = pdg.descriptor_id\n INNER JOIN groups_lookup g ON pdg.group_id = g.id\n WHERE\n pa.permission_object_id = ?\n ORDER BY g.name\n ";
$groupPermissions = DBUtil::getResultArray(array($sql, array($objectId)));
foreach ($groupPermissions as $group) {
$groupId = $group['id'];
if (!array_key_exists($groupId, $map['groups']['active'])) {
$map['groups']['map'][$groupId] = $cleanPermissions;
}
$map['groups']['active'][$groupId] = $group['name'];
$map['groups']['map'][$groupId][$group['permission_id']] = true;
}
// Get all role permission assignments
$sql = "SELECT\n pa.permission_id, r.name, r.id\n FROM\n permission_assignments pa\n INNER JOIN permissions p ON p.id = pa.permission_id\n INNER JOIN permission_descriptor_roles pdr ON pa.permission_descriptor_id = pdr.descriptor_id\n INNER JOIN roles r ON pdr.role_id = r.id\n WHERE\n pa.permission_object_id = ?\n ORDER BY r.name\n ";
$rolePermissions = DBUtil::getResultArray(array($sql, array($objectId)));
foreach ($rolePermissions as $role) {
$roleId = $role['id'];
if (!array_key_exists($roleId, $map['roles']['active'])) {
$map['roles']['map'][$roleId] = $cleanPermissions;
}
$map['roles']['active'][$roleId] = $role['name'];
$map['roles']['map'][$roleId][$role['permission_id']] = true;
}
// Get all user permission assignments
$sql = "SELECT\n pa.permission_id, u.name, u.id\n FROM\n permission_assignments pa\n INNER JOIN permissions p ON p.id = pa.permission_id\n INNER JOIN permission_descriptor_users pdu ON pa.permission_descriptor_id = pdu.descriptor_id\n INNER JOIN users u ON pdu.user_id = u.id\n WHERE\n pa.permission_object_id = ?\n ORDER BY u.name\n ";
$userPermissions = DBUtil::getResultArray(array($sql, $objectId));
foreach ($userPermissions as $user) {
$userId = $user['id'];
if (!array_key_exists($userId, $map['users']['active'])) {
$map['users']['map'][$userId] = $cleanPermissions;
}
$map['users']['active'][$userId] = $user['name'];
$map['users']['map'][$userId][$user['permission_id']] = true;
}
// resolve editable, inherited, inheritable
$user = $this->ktapi->get_session()->get_user();
$editable = KTPermissionUtil::userHasPermissionOnItem($user, 'ktcore.permissions.security', $object) || KTBrowseUtil::inAdminMode($user, $this->folderItem);
$inherited = KTPermissionUtil::findRootObjectForPermissionObject($oPO);
$inheritedId = $inherited->getId();
$objectId = $object->getId();
$map['inherited'] = $inheritedId !== $objectId && $objectId != 1;
// only allow inheritance of permissions from parent if not inherited, -and- folder is editable
$map['inheritable'] = $editable && !$map['inherited'] && $objectId != 1;
// only allow edit if the folder is editable and not inherited
$map['editable'] = $editable && !$map['inherited'];
$this->map = $map;
$this->mapCopy = $map;
$this->changed = false;
}
function do_removeDynamicCondition()
{
$aOptions = array('redirect_to' => array('main', 'fFolderId=' . $this->oFolder->getId()));
if (!KTBrowseUtil::inAdminMode($this->oUser, $this->oFolder)) {
$this->oValidator->userHasPermissionOnItem($this->oUser, $this->_sEditShowPermission, $this->oFolder, $aOptions);
}
$aOptions = array('redirect_to' => array('edit', 'fFolderId=' . $this->oFolder->getId()));
$oDynamicCondition =& $this->oValidator->validateDynamicCondition($_REQUEST['fDynamicConditionId'], $aOptions);
$res = $oDynamicCondition->delete();
$this->oValidator->notError($res, $aOptions);
$oTransaction = KTFolderTransaction::createFromArray(array('folderid' => $this->oFolder->getId(), 'comment' => _kt('Removed dynamic permissions'), 'transactionNS' => 'ktcore.transactions.permissions_change', 'userid' => $_SESSION['userID'], 'ip' => Session::getClientIP()));
$aOptions = array('defaultmessage' => _kt('Error updating permissions'), 'redirect_to' => array('edit', sprintf('fFolderId=%d', $this->oFolder->getId())));
$this->oValidator->notErrorFalse($oTransaction, $aOptions);
$oPO = KTPermissionObject::get($this->oFolder->getPermissionObjectId());
KTPermissionUtil::updatePermissionLookupForPO($oPO);
$this->successRedirectTo('edit', _kt('Dynamic permission removed'), 'fFolderId=' . $this->oFolder->getId());
}
function check_entity($oEntity)
{
$oPermission =& KTPermission::getByName($this->_sPermission);
if (PEAR::isError($oPermission)) {
return true;
}
// basic document checks
// TODO: check if this is appropriate
// should probably store the 'equivalent' action (ie. document.delete)
// and check that, rather than add a new list of actions to the workflow
// section
if (is_a($oEntity, 'Document')) {
if (!KTWorkflowUtil::actionEnabledForDocument($oEntity, $this->sName)) {
return PEAR::raiseError(_kt('Action is disabled by workflow'));
}
$status = $oEntity->getStatusID();
if ($status == DELETED || $status == ARCHIVED) {
return PEAR::raiseError(_kt('Document is archived or deleted'));
}
}
// admin check
if ($this->bAllowInAdminMode) {
if (KTBrowseUtil::inAdminMode($this->oUser, null)) {
return true;
}
}
if (!KTPermissionUtil::userHasPermissionOnItem($this->oUser, $oPermission, $oEntity)) {
return PEAR::raiseError(_kt('You do not have the required permissions'));
}
return true;
}
/**
* Deletes a document symbolic link
*
* @param Document $document the symbolic link document
* @param User $user the user deleting the link
* @return unknown
*/
static function deleteSymbolicLink($document, $user = null)
{
//validate input
if (is_numeric($document)) {
$document = Document::get($document);
}
if (!$document instanceof Document) {
return PEAR::raiseError(_kt('Document not specified'));
}
if (!$document->isSymbolicLink()) {
return PEAR::raiseError(_kt('Document must be a symbolic link entity'));
}
if (is_null($user)) {
$user = $_SESSION['userID'];
}
if (is_numeric($user)) {
$user = User::get($user);
}
//check permissions
$oPerm = KTPermission::getByName('ktcore.permissions.delete');
if (!KTBrowseUtil::inAdminMode($user, $document->getParentID())) {
if (!KTPermissionUtil::userHasPermissionOnItem($user, $oPerm, $document)) {
return PEAR::raiseError(_kt('You\'re not authorized to delete this shortcut'));
}
}
// we only need to delete the document entry for the link
$sql = "DELETE FROM documents WHERE id=?";
DBUtil::runQuery(array($sql, array($document->getId())));
}
function check()
{
$this->oFolder =& $this->oValidator->validateFolder($_REQUEST['fFolderId']);
if (!$this->_show()) {
return false;
}
$aOptions = array('final' => false, 'documentaction' => 'viewDocument', 'folderaction' => 'browse');
$this->aBreadcrumbs = kt_array_merge($this->aBreadcrumbs, KTBrowseUtil::breadcrumbsForFolder($this->oFolder, $aOptions));
$portlet = new KTActionPortlet(sprintf(_kt('About this folder')));
$aActions = KTFolderActionUtil::getFolderInfoActionsForFolder($this->oFolder, $this->oUser);
$portlet->setActions($aActions, $this->sName);
$this->oPage->addPortlet($portlet);
$portlet = new KTActionPortlet(sprintf(_kt('Actions on this folder')));
$aActions = KTFolderActionUtil::getFolderActionsForFolder($this->oFolder, $this->oUser);
$portlet->setActions($aActions, $this->sName);
$this->oPage->addPortlet($portlet);
if (KTPermissionUtil::userHasPermissionOnItem($this->oUser, 'ktcore.permissions.folder_details', $this->oFolder)) {
$this->oPage->setSecondaryTitle($this->oFolder->getName());
} else {
if (KTBrowseUtil::inAdminMode($this->oUser, $this->oFolder)) {
$this->oPage->setSecondaryTitle(sprintf('(%s)', $this->oFolder->getName()));
} else {
$this->oPage->setSecondaryTitle('...');
}
}
return true;
}