function getPermissionDescriptor()
{
// could be an error - return as-is.
$oDescriptor =& KTPermissionDescriptor::get($this->iPermissionDescriptorId);
return $oDescriptor;
}
function &getByUsers($aUsers, $aOptions = null)
{
$sTable = KTUtil::getTableName('permission_descriptor_users');
if (is_null($aOptions)) {
$aOptions = array();
}
if (count($aUsers) === 0) {
return array();
}
$ids = KTUtil::arrayGet($aOptions, 'ids');
$aUserIDs = array();
foreach ($aUsers as $oUser) {
if (is_numeric($oUser)) {
$aUserIDs[] = $oUser;
} else {
$aUserIDs[] = $oUser->getID();
}
}
$sUserIDs = DBUtil::paramArray($aUserIDs);
$sQuery = "SELECT DISTINCT descriptor_id FROM {$sTable} WHERE user_id IN ( {$sUserIDs} )";
$aParams = $aUserIDs;
$aIDs = DBUtil::getResultArrayKey(array($sQuery, $aParams), 'descriptor_id');
$aRet = array();
foreach ($aIDs as $iID) {
if ($ids === true) {
$aRet[] = $iID;
} else {
$aRet[] =& KTPermissionDescriptor::get($iID);
}
}
return $aRet;
}
function getPermissionDescriptorsForUser($oUser)
{
$aGroups = GroupUtil::listGroupsForUserExpand($oUser);
$roles = array(-3);
// everyone
$aEveryoneDescriptors = array();
$aAuthenticatedDescriptors = array();
if (!$oUser->isAnonymous()) {
// authenticated
$roles[] = -4;
}
$aRoleDescriptors = KTPermissionDescriptor::getByRoles($roles, array('ids' => true));
$aPermissionDescriptors = KTPermissionDescriptor::getByGroups($aGroups, array('ids' => true));
$aUserDescriptors = KTPermissionDescriptor::getByUser($oUser, array('ids' => true));
return kt_array_merge($aPermissionDescriptors, $aUserDescriptors, $aRoleDescriptors);
}
function &_getPermissionsMap()
{
$aStatePermAssigns = KTWorkflowStatePermissionAssignment::getByState($this->oState);
$aPermissionsMap = array('role' => array(), 'group' => array());
foreach ($aStatePermAssigns as $oPermAssign) {
$oDescriptor = KTPermissionDescriptor::get($oPermAssign->getDescriptorId());
$iPermissionId = $oPermAssign->getPermissionId();
// groups
$aGroupIds = $oDescriptor->getGroups();
foreach ($aGroupIds as $iId) {
$aPermissionsMap['group'][$iId][$iPermissionId] = true;
}
// roles
$aRoleIds = $oDescriptor->getRoles();
foreach ($aRoleIds as $iId) {
$aPermissionsMap['role'][$iId][$iPermissionId] = true;
}
}
return $aPermissionsMap;
}
function &_getPermissionsMap()
{
$oPO = KTPermissionObject::get($this->oFolder->getPermissionObjectId());
$aPermissions = KTPermission::getList();
$aPermissionsMap = array('role' => array(), 'group' => array());
foreach ($aPermissions as $oPermission) {
$oPA = KTPermissionAssignment::getByPermissionAndObject($oPermission, $oPO);
if (PEAR::isError($oPA)) {
continue;
}
$oDescriptor = KTPermissionDescriptor::get($oPA->getPermissionDescriptorId());
$iPermissionId = $oPermission->getId();
// groups
$aGroupIds = $oDescriptor->getGroups();
foreach ($aGroupIds as $iId) {
$aPermissionsMap['group'][$iId][$iPermissionId] = true;
}
// roles
$aRoleIds = $oDescriptor->getRoles();
foreach ($aRoleIds as $iId) {
$aPermissionsMap['role'][$iId][$iPermissionId] = true;
}
}
return $aPermissionsMap;
}
function getAllowed()
{
$oDescriptor = KTPermissionDescriptor::get($this->iDescriptorId);
return $oDescriptor->getAllowed();
}
function do_main()
{
$this->oPage->setTitle(_kt("Allocate Roles"));
$this->oPage->setBreadcrumbDetails(_kt("Allocate Roles"));
$oTemplating =& KTTemplating::getSingleton();
$oTemplate = $oTemplating->loadTemplate("ktcore/folder/roles");
// we need to have:
// - a list of roles
// - with their users / groups
// - and that allocation id
$aRoles = array();
// stores data for display.
$aRoleList = Role::getList('id > 0');
foreach ($aRoleList as $oRole) {
$iRoleId = $oRole->getId();
$aRoles[$iRoleId] = array("name" => $oRole->getName());
$oRoleAllocation = RoleAllocation::getAllocationsForFolderAndRole($this->oFolder->getId(), $iRoleId);
$u = array();
$g = array();
$aid = null;
$raid = null;
if ($oRoleAllocation == null) {
// nothing.
} else {
$raid = $oRoleAllocation->getId();
// real_alloc_id
if ($oRoleAllocation->getFolderId() == $this->oFolder->getId()) {
$aid = $oRoleAllocation->getid();
// alloc_id
}
$oPermDesc = KTPermissionDescriptor::get($oRoleAllocation->getPermissionDescriptorId());
if (!PEAR::isError($oPermDesc)) {
$aAllowed = $oPermDesc->getAllowed();
if (!empty($aAllowed['user'])) {
$u = $aAllowed['user'];
}
if (!empty($aAllowed['group'])) {
$g = $aAllowed['group'];
}
}
}
$aRoles[$iRoleId]['users'] = $u;
$aRoles[$iRoleId]['groups'] = $g;
$aRoles[$iRoleId]['allocation_id'] = $aid;
$aRoles[$iRoleId]['real_allocation_id'] = $raid;
}
/*
print '<pre>';
var_dump($aRoles);
print '</pre>';
*/
// FIXME this is test data.
/*
$aRoles = array(
1 => array('name' => 'Manager', 'users' => array(1), 'groups' => array(1), 'allocation_id' => 1),
2 => array('name' => 'Peasant', 'users' => array(1), 'groups' => array(), 'allocation_id' => 2),
3 => array('name' => 'Inherited', 'users' => array(), 'groups' => array(1), 'allocation_id' => null),
);
*/
// final step.
// Include the electronic signature
global $default;
$iFolderId = $this->oFolder->getId();
if ($default->enableESignatures) {
$sign = true;
$sUrl = KTPluginUtil::getPluginPath('electronic.signatures.plugin', true);
$heading = _kt('You are attempting to modify roles');
$input_href = '#';
} else {
$sign = false;
$input_onclick = '';
}
// map to users, groups.
foreach ($aRoles as $key => $role) {
$_users = array();
foreach ($aRoles[$key]['users'] as $iUserId) {
$oUser = User::get($iUserId);
if (!(PEAR::isError($oUser) || $oUser == false)) {
$_users[] = $oUser->getName();
}
}
if (empty($_users)) {
$aRoles[$key]['users'] = '<span class="descriptiveText"> ' . _kt('no users') . '</span>';
} else {
$aRoles[$key]['users'] = join(', ', $_users);
}
$_groups = array();
foreach ($aRoles[$key]['groups'] as $iGroupId) {
$oGroup = Group::get($iGroupId);
if (!(PEAR::isError($oGroup) || $oGroup == false)) {
$_groups[] = $oGroup->getName();
}
}
if (empty($_groups)) {
$aRoles[$key]['groups'] = '<span class="descriptiveText"> ' . _kt('no groups') . '</span>';
} else {
$aRoles[$key]['groups'] = join(', ', $_groups);
}
if ($sign) {
$redirect_url = KTUtil::addQueryStringSelf("action=useParent&role_id={$key}&fFolderId={$iFolderId}");
$input_onclick = "javascript: showSignatureForm('{$sUrl}', '{$heading}', 'ktcore.transactions.role_allocations_change', 'folder', '{$redirect_url}', 'redirect', {$iFolderId});";
} else {
$input_href = KTUtil::addQueryStringSelf("action=useParent&role_id={$key}&fFolderId={$iFolderId}");
}
$aRoles[$key]['onclick'] = $input_onclick;
$aRoles[$key]['href'] = $input_href;
}
$aTemplateData = array('context' => &$this, 'roles' => $aRoles, 'folderName' => $this->oFolder->getName(), 'is_root' => $this->oFolder->getId() == 1);
return $oTemplate->render($aTemplateData);
}
<?php
require_once "../../config/dmsDefaults.php";
require_once KT_LIB_DIR . "/permissions/permissiondescriptor.inc.php";
error_reporting(E_ALL);
$res = KTPermissionDescriptor::createFromArray(array("descriptortext" => "asdf"));
var_dump($res);
