function displayConfiguration($args)
{
// permissions
$aPermissions = KTPermission::getList();
$aKeyPermissions = array();
foreach ($aPermissions as $oPermission) {
$aKeyPermissions[$oPermission->getName()] = $oPermission;
}
$current_perms = array();
$this->aConfig['perms'] = KTUtil::arrayGet($this->aConfig, 'perms', array());
foreach ($this->aConfig['perms'] as $sPermName) {
$current_perms[$sPermName] = true;
}
$oTemplating =& KTTemplating::getSingleton();
$oTemplate = $oTemplating->loadTemplate('ktcore/workflowtriggers/permissions');
$aTemplateData = array('context' => $this, 'perms' => $aKeyPermissions, 'current_perms' => $current_perms, 'args' => $args);
return $oTemplate->render($aTemplateData);
}
function setPersonalFolderPermissions($oPO)
{
$aWorkSpaceOwnerRoleID = $this->getRoleIdByName('WorkSpaceOwner');
$aAdminGroupID = $this->getGroupIdByName('System Administrators');
//arrays used to make integers for $aAllowed array variable
$iWorkSpaceOwnerRoleID = $aWorkSpaceOwnerRoleID[0]['id'];
$iAdminGroupID = $aAdminGroupID[0]['id'];
//set permissions for the role and the admin group
$aAllowed = array('role' => array($iWorkSpaceOwnerRoleID), 'group' => array($iAdminGroupID));
//Get the List of all the permissions
$aPersonalFolderPermissions = KTPermission::getList();
//Iterate through and apply all permissions to the current user and the admin group
foreach ($aPersonalFolderPermissions as $oPersonalFolderPermission) {
KTPermissionUtil::setPermissionForId($oPersonalFolderPermission, $oPO, $aAllowed);
}
//Update permission lookup
KTPermissionUtil::updatePermissionLookupForPO($oPO);
}
/**
* Saves changes made by add() and remove().
*
* @author KnowledgeTree Team
* @access public
*/
public function save()
{
if (!$this->changed) {
// we don't have to do anything if nothing has changed.
return;
}
// if the current setup is inherited, then we must create a new copy to store the new associations.
if ($this->getIsInherited()) {
$this->overrideAllocation();
}
$permissions = KTPermission::getList();
$folderItemObject = $this->_logTransaction(_kt('Updated permissions'), 'ktcore.transactions.permissions_change');
$permissionObject = KTPermissionObject::get($folderItemObject->getPermissionObjectId());
// transform the map into the structure expected
foreach ($permissions as $permission) {
$permissionId = $permission->getId();
// not the association is singular here
$allowed = array('group' => array(), 'role' => array(), 'user' => array());
// fill the group allocations
foreach ($this->map['groups']['map'] as $groupId => $allocations) {
if ($allocations[$permissionId]) {
$allowed['group'][] = $groupId;
}
}
// fill the user allocations
foreach ($this->map['users']['map'] as $userId => $allocations) {
if ($allocations[$permissionId]) {
$allowed['user'][] = $userId;
}
}
// fill the role allocations
foreach ($this->map['roles']['map'] as $roleId => $allocations) {
if ($allocations[$permissionId]) {
$allowed['role'][] = $roleId;
}
}
KTPermissionUtil::setPermissionForId($permission, $permissionObject, $allowed);
}
KTPermissionUtil::updatePermissionLookupForPO($permissionObject);
// set the copy to be that of the modified version.
$this->mapCopy = $this->map;
$this->changed = false;
}
function do_update()
{
$aOptions = array('redirect_to' => array('main', 'fFolderId=' . $this->oFolder->getId()));
if (!KTBrowseUtil::inAdminMode($this->oUser, $this->oFolder)) {
$this->oValidator->userHasPermissionOnItem($this->oUser, $this->_sEditShowPermission, $this->oFolder, $aOptions);
}
$aFoo = $_REQUEST['foo'];
$aPermissions = KTPermission::getList();
/*
--- This section has been commented out to remove these checks when permissions
--- are updated.
---------------------------------------------------------------------------------
//-------------------
//This section is used to make sure that a user doesn't disable the admin groups
//Manage security permission or the Manage Security permission of a group they
//are currently a member of.
// Check which groups have permission to manage security
$aNewGroups = (isset($aFoo[4]['group']) ? $aFoo[4]['group'] : array());
$aNewRoles = (isset($aFoo[4]['role']) ? $aFoo[4]['role'] : array());
$iUserId = $this->oUser->getId();
//Check that they aren't removing the sys admin Manage Security permission
//1 in this case is the admin group.
if(!in_array('1', $aNewGroups))
{
$this->addErrorMessage(_kt('You cannot remove the Manage Security permission from the System Administrators Group'));
$this->redirectTo('edit', 'fFolderId=' . $this->oFolder->getId());
exit(0);
}
//Check that they aren't removing the Manage Security permission from a group
//They are a member of.
if(!GroupUtil::checkUserInGroups($iUserId, array(1)))
{
//Ensure the user is not removing his/her own permission to update the folder permissions (manage security)
if(!in_array(-3, $aNewRoles))
{
if(!GroupUtil::checkUserInGroups($iUserId, $aNewGroups))
{
// If user no longer has permission, return an error.
$this->addErrorMessage(_kt('You cannot remove the Manage Security permission from a group you belong to.'));
$this->redirectTo('edit', 'fFolderId=' . $this->oFolder->getId());
exit(0);
}
}
}
//-----------------
*/
require_once KT_LIB_DIR . '/documentmanagement/observers.inc.php';
$oPO = KTPermissionObject::get($this->oFolder->getPermissionObjectId());
foreach ($aPermissions as $oPermission) {
$iPermId = $oPermission->getId();
$aAllowed = KTUtil::arrayGet($aFoo, $iPermId, array());
KTPermissionUtil::setPermissionForId($oPermission, $oPO, $aAllowed);
}
$oTransaction = KTFolderTransaction::createFromArray(array('folderid' => $this->oFolder->getId(), 'comment' => _kt('Updated permissions'), 'transactionNS' => 'ktcore.transactions.permissions_change', 'userid' => $_SESSION['userID'], 'ip' => Session::getClientIP()));
$aOptions = array('defaultmessage' => _kt('Error updating permissions'), 'redirect_to' => array('edit', sprintf('fFolderId=%d', $this->oFolder->getId())));
$this->oValidator->notErrorFalse($oTransaction, $aOptions);
$po =& new JavascriptObserver($this);
$po->start();
$oChannel =& KTPermissionChannel::getSingleton();
$oChannel->addObserver($po);
KTPermissionUtil::updatePermissionLookupForPO($oPO);
$this->commitTransaction();
$this->addInfoMessage(_kt('Permissions on folder updated'));
$po->redirect(KTUtil::addQueryString($_SERVER['PHP_SELF'], 'action=edit&fFolderId=' . $this->oFolder->getId()));
exit(0);
}
function do_newPermission()
{
session_start();
$sName = KTUtil::arrayGet($_REQUEST, 'name');
$sHumanName = KTUtil::arrayGet($_REQUEST, 'human_name');
$sError = 'An error occured while creating your permission';
//Checking that the System Name and Display Name fields aren't empty
if (empty($sName) && !empty($sHumanName)) {
$sError = 'An error occured while creating your permission: The System Name was not provided.';
$_SESSION['Permission']['HumanNameValue'] = $sHumanName;
return $this->errorRedirectToMain(_kt($sError));
} else {
if (!empty($sName) && empty($sHumanName)) {
$sError = 'An error occured while creating your permission: The Display Name was not provided.';
$_SESSION['Permission']['NameValue'] = $sName;
return $this->errorRedirectToMain(_kt($sError));
} else {
if (empty($sName) && empty($sHumanName)) {
$sError = 'An error occured while creating your permission: The Display Name and System Name weren\'t provided.';
return $this->errorRedirectToMain(_kt($sError));
}
}
}
//Checking that the System Name and Display Name aren't already in the database
$aPermissions = KTPermission::getList();
//$iNameErrorCount and $iHumanNameErrorCount are used to check whether only one name is duplicated or if two names are duplicated.
$iNameErrorCount = 0;
$iHumanNameErrorCount = 0;
foreach ($aPermissions as $aPermission) {
if ($sName == $aPermission->getName()) {
$iNameErrorCount++;
}
if ($sHumanName == $aPermission->getHumanName()) {
$iHumanNameErrorCount++;
}
}
if ($iNameErrorCount > 0 && $iHumanNameErrorCount > 0) {
$sError = 'An error occured while creating your permission: The Display Name and System Name you have provided both already exist.';
return $this->errorRedirectToMain(_kt($sError));
} else {
if ($iNameErrorCount > 0 && $iHumanNameErrorCount == 0) {
if (!empty($sHumanName)) {
$_SESSION['Permission']['HumanNameValue'] = $sHumanName;
}
$sError = 'An error occured while creating your permission: A permission with the same System Name already exists.';
return $this->errorRedirectToMain(_kt($sError));
} else {
if ($iNameErrorCount == 0 && $iHumanNameErrorCount > 0) {
if (!empty($sName)) {
$_SESSION['Permission']['NameValue'] = $sName;
}
$sError = 'An error occured while creating your permission: A permission with the same Display Name already exists.';
return $this->errorRedirectToMain(_kt($sError));
}
}
}
$oPerm = KTPermission::createFromArray(array('name' => $sName, 'humanname' => $sHumanName));
if (PEAR::isError($oPerm)) {
return $this->errorRedirectToMain(_kt($sError));
}
return $this->successRedirectToMain(_kt("Permission created"));
}
function do_resolved_users()
{
$this->oPage->setBreadcrumbDetails(_kt("Permissions"));
$oTemplate = $this->oValidator->validateTemplate("ktcore/document/resolved_permissions_user");
$oPL = KTPermissionLookup::get($this->oDocument->getPermissionLookupID());
$aPermissions = KTPermission::getList();
$aMapPermissionGroup = array();
$aMapPermissionRole = array();
$aMapPermissionUser = array();
$aUsers = User::getList();
foreach ($aPermissions as $oPermission) {
$oPLA = KTPermissionLookupAssignment::getByPermissionAndLookup($oPermission, $oPL);
if (PEAR::isError($oPLA)) {
continue;
}
$oDescriptor = KTPermissionDescriptor::get($oPLA->getPermissionDescriptorID());
$iPermissionID = $oPermission->getID();
$aMapPermissionGroup[$iPermissionID] = array();
foreach ($aUsers as $oUser) {
if (KTPermissionUtil::userHasPermissionOnItem($oUser, $oPermission, $this->oDocument)) {
$aMapPermissionUser[$iPermissionID][$oUser->getId()] = true;
$aActiveUsers[$oUser->getId()] = true;
}
}
}
// now we constitute the actual sets.
$users = array();
$groups = array();
$roles = array();
// should _always_ be empty, barring a bug in permissions::updatePermissionLookup
// this should be quite limited - direct role -> user assignment is typically rare.
foreach ($aActiveUsers as $id => $marker) {
$oUser = User::get($id);
$users[$oUser->getName()] = $oUser;
}
asort($users);
// ascending, per convention.
$bEdit = false;
$sInherited = '';
$aDynamicControls = array();
$aWorkflowControls = array();
// handle conditions
$iPermissionObjectId = $this->oDocument->getPermissionObjectID();
if (!empty($iPermissionObjectId)) {
$oPO = KTPermissionObject::get($iPermissionObjectId);
$aDynamicConditions = KTPermissionDynamicCondition::getByPermissionObject($oPO);
if (!PEAR::isError($aDynamicConditions)) {
foreach ($aDynamicConditions as $oDynamicCondition) {
$iConditionId = $oDynamicCondition->getConditionId();
if (KTSearchUtil::testConditionOnDocument($iConditionId, $this->oDocument)) {
$aPermissionIds = $oDynamicCondition->getAssignment();
foreach ($aPermissionIds as $iPermissionId) {
$aDynamicControls[$iPermissionId] = true;
}
}
}
}
}
// indicate that workflow controls a given permission
$oState = KTWorkflowUtil::getWorkflowStateForDocument($this->oDocument);
if (!(PEAR::isError($oState) || is_null($oState) || $oState == false)) {
$aWorkflowStatePermissionAssignments = KTWorkflowStatePermissionAssignment::getByState($oState);
foreach ($aWorkflowStatePermissionAssignments as $oAssignment) {
$aWorkflowControls[$oAssignment->getPermissionId()] = true;
unset($aDynamicControls[$oAssignment->getPermissionId()]);
}
}
$aTemplateData = array("context" => $this, "permissions" => $aPermissions, "groups" => $groups, "users" => $users, "roles" => $roles, "oDocument" => $this->oDocument, "aMapPermissionGroup" => $aMapPermissionGroup, "aMapPermissionRole" => $aMapPermissionRole, "aMapPermissionUser" => $aMapPermissionUser, "edit" => $bEdit, "inherited" => $sInherited, 'workflow_controls' => $aWorkflowControls, 'conditions_control' => $aDynamicControls);
return $oTemplate->render($aTemplateData);
}
