/** * Verify if the given object is the root of the permission object * it has assigned to it - in other words, if its parent has a * different permission object than it. */ function isPermissionOwner(&$oDocumentOrFolder) { $oPermissionObject = KTPermissionObject::get($oDocumentOrFolder->getPermissionObjectID()); $oParentObject = KTPermissionUtil::findRootObjectForPermissionObject($oPermissionObject); // Documents might be permission owner, but then they'd be the // only users of that permission object. if (is_a($oParentObject, 'Document')) { return true; } // If you're a document and your permission owner isn't a // document, that means it's some ancestor, and thus not you. if (is_a($oDocumentOrFolder, 'Document')) { return false; } // We're dealing with folders, so just compare IDs... if ($oDocumentOrFolder->getID() == $oParentObject->getID()) { return true; } return false; }
function do_edit() { $this->oPage->setBreadcrumbDetails(_kt('Viewing Permissions')); $iFolderId = $this->oFolder->getId(); $oPO = KTPermissionObject::get($this->oFolder->getPermissionObjectId()); $aOptions = array('redirect_to' => array('main', 'fFolderId=' . $iFolderId)); if (!KTBrowseUtil::inAdminMode($this->oUser, $this->oFolder)) { $this->oValidator->userHasPermissionOnItem($this->oUser, $this->_sEditShowPermission, $this->oFolder, $aOptions); } // copy permissions if they were inherited $oInherited = KTPermissionUtil::findRootObjectForPermissionObject($oPO); if ($oInherited->getId() !== $iFolderId) { $override = KTUtil::arrayGet($_REQUEST, 'override', false); if (empty($override)) { $this->errorRedirectToMain(_kt('This folder does not override its permissions'), sprintf('fFolderId=%d', $iFolderId)); } $this->startTransaction(); $this->_copyPermissions(); $this->commitTransaction(); $oPO = KTPermissionObject::get($this->oFolder->getPermissionObjectId()); } // permissions in JS format $aPermissionsToJSON = array(); $aPermList = KTPermission::getList(); foreach ($aPermList as $oP) { $aPermissionsToJSON[] = array('id' => $oP->getId(), 'name' => $oP->getHumanName()); } $oJSON = new Services_JSON(); $sJSONPermissions = $oJSON->encode($aPermissionsToJSON); // dynamic conditions $aDynamicConditions = KTPermissionDynamicCondition::getByPermissionObject($oPO); // templating $oTemplating =& KTTemplating::getSingleton(); $oTemplate = $oTemplating->loadTemplate('ktcore/folder/permissions'); $bCanInherit = $iFolderId != 1; global $default; if ($default->enableESignatures) { $sUrl = KTPluginUtil::getPluginPath('electronic.signatures.plugin', true); $heading = _kt('You are attempting to modify permissions'); $input['type'] = 'button'; $input['onclick'] = "javascript: showSignatureForm('{$sUrl}', '{$heading}', 'ktcore.transactions.permissions_change', 'folder', 'update_permissions_form', 'submit', {$iFolderId});"; } else { $input['type'] = 'submit'; $input['onclick'] = ''; } $perms = $aPermList; $docperms = KTPermission::getDocumentRelevantList(); $aTemplateData = array('iFolderId' => $iFolderId, 'roles' => Role::getList(), 'groups' => Group::getList(), 'conditions' => KTSavedSearch::getConditions(), 'dynamic_conditions' => $aDynamicConditions, 'context' => &$this, 'foldername' => $this->oFolder->getName(), 'jsonpermissions' => $sJSONPermissions, 'edit' => true, 'permissions' => $perms, 'document_permissions' => $docperms, 'can_inherit' => $bCanInherit, 'input' => $input); return $oTemplate->render($aTemplateData); }
/** * Returns an associative array with permissions mapped onto users, groups and roles. * * @author KnowledgeTree Team * @access public * @access protected */ protected function _resolveAllocations() { $object = $this->folderItem->getObject(); $objectId = $object->getPermissionObjectID(); $oPO = KTPermissionObject::get($objectId); $permissions = KTPermission::getList(); $cleanPermissions = array(); $map = array('roles' => array('active' => array(), 'map' => array()), 'users' => array('active' => array(), 'map' => array()), 'groups' => array('active' => array(), 'map' => array()), 'permissions' => array()); foreach ($permissions as $permission) { $permissionId = $permission->getId(); $cleanPermissions[$permissionId] = false; $map['permissions'][$permissionId] = $permission->getHumanName(); } // The next 3 sections of code are slightly repetitive. // Get all group permission assignments $sql = "SELECT\n pa.permission_id, g.name, g.id\n FROM\n permission_assignments pa\n INNER JOIN permissions p ON p.id = pa.permission_id\n INNER JOIN permission_descriptor_groups pdg ON pa.permission_descriptor_id = pdg.descriptor_id\n INNER JOIN groups_lookup g ON pdg.group_id = g.id\n WHERE\n pa.permission_object_id = ?\n ORDER BY g.name\n "; $groupPermissions = DBUtil::getResultArray(array($sql, array($objectId))); foreach ($groupPermissions as $group) { $groupId = $group['id']; if (!array_key_exists($groupId, $map['groups']['active'])) { $map['groups']['map'][$groupId] = $cleanPermissions; } $map['groups']['active'][$groupId] = $group['name']; $map['groups']['map'][$groupId][$group['permission_id']] = true; } // Get all role permission assignments $sql = "SELECT\n pa.permission_id, r.name, r.id\n FROM\n permission_assignments pa\n INNER JOIN permissions p ON p.id = pa.permission_id\n INNER JOIN permission_descriptor_roles pdr ON pa.permission_descriptor_id = pdr.descriptor_id\n INNER JOIN roles r ON pdr.role_id = r.id\n WHERE\n pa.permission_object_id = ?\n ORDER BY r.name\n "; $rolePermissions = DBUtil::getResultArray(array($sql, array($objectId))); foreach ($rolePermissions as $role) { $roleId = $role['id']; if (!array_key_exists($roleId, $map['roles']['active'])) { $map['roles']['map'][$roleId] = $cleanPermissions; } $map['roles']['active'][$roleId] = $role['name']; $map['roles']['map'][$roleId][$role['permission_id']] = true; } // Get all user permission assignments $sql = "SELECT\n pa.permission_id, u.name, u.id\n FROM\n permission_assignments pa\n INNER JOIN permissions p ON p.id = pa.permission_id\n INNER JOIN permission_descriptor_users pdu ON pa.permission_descriptor_id = pdu.descriptor_id\n INNER JOIN users u ON pdu.user_id = u.id\n WHERE\n pa.permission_object_id = ?\n ORDER BY u.name\n "; $userPermissions = DBUtil::getResultArray(array($sql, $objectId)); foreach ($userPermissions as $user) { $userId = $user['id']; if (!array_key_exists($userId, $map['users']['active'])) { $map['users']['map'][$userId] = $cleanPermissions; } $map['users']['active'][$userId] = $user['name']; $map['users']['map'][$userId][$user['permission_id']] = true; } // resolve editable, inherited, inheritable $user = $this->ktapi->get_session()->get_user(); $editable = KTPermissionUtil::userHasPermissionOnItem($user, 'ktcore.permissions.security', $object) || KTBrowseUtil::inAdminMode($user, $this->folderItem); $inherited = KTPermissionUtil::findRootObjectForPermissionObject($oPO); $inheritedId = $inherited->getId(); $objectId = $object->getId(); $map['inherited'] = $inheritedId !== $objectId && $objectId != 1; // only allow inheritance of permissions from parent if not inherited, -and- folder is editable $map['inheritable'] = $editable && !$map['inherited'] && $objectId != 1; // only allow edit if the folder is editable and not inherited $map['editable'] = $editable && !$map['inherited']; $this->map = $map; $this->mapCopy = $map; $this->changed = false; }
<?php require_once "../../config/dmsDefaults.php"; require_once KT_LIB_DIR . '/foldermanagement/Folder.inc'; require_once KT_LIB_DIR . '/permissions/permissionutil.inc.php'; error_reporting(E_ALL); $oFolder =& Folder::get(2); $oPO = KTPermissionObject::get($oFolder->getPermissionObjectID()); $res = KTPermissionUtil::findRootObjectForPermissionObject($oPO); var_dump($res);