function setAllowed($aAllowed) { $oDescriptor = KTPermissionUtil::getOrCreateDescriptor($aAllowed); // fully done, etc. $this->iPermissionDescriptorId = $oDescriptor->getId(); }
/** * Sets which users/groups/roles are to be informed when a state is * arrived at. */ function setInformedForState(&$oState, $aInformed) { $oDescriptor =& KTPermissionUtil::getOrCreateDescriptor($aInformed); if (PEAR::isError($oDescriptor)) { return $oDescriptor; } $iOldDescriptorId = $oState->getInformDescriptorId(); $oState->setInformDescriptorId($oDescriptor->getId()); $res = $oState->update(); if (PEAR::isError($res)) { $oState->setInformDescriptorId($iOldDescriptorId); return $res; } return $res; }
/** * Update's the permission lookup on one folder or document, * non-recursively. */ function updatePermissionLookup(&$oFolderOrDocument, $aOptions = null) { $is_a_folder = is_a($oFolderOrDocument, 'Folder'); $is_a_document = is_a($oFolderOrDocument, 'Document') || is_a($oFolderOrDocument, 'KTDocumentCore'); //ensure that the document shortcut is being updated. if ($is_a_document && $oFolderOrDocument->isSymbolicLink()) { $oFolderOrDocument->switchToRealCore(); } $oChannel = null; $aMapPermAllowed = null; $oPermLookup = null; if (!is_null($aOptions)) { $oChannel = $aOptions['channel']; $aMapPermAllowed = $aOptions['map_allowed']; $oPermLookup = $aOptions['perm_lookup']; } if (!$is_a_folder && !$is_a_document) { return; // we occasionally get handed a PEAR::raiseError. Just ignore it. } if (is_null($oChannel)) { $oChannel =& KTPermissionChannel::getSingleton(); } if ($is_a_folder) { $msg = sprintf("Updating folder %s", join('/', $oFolderOrDocument->getPathArray())); } else { if (is_a($oFolderOrDocument, 'Document')) { //modify the message to reflect that a shortcut is begin updated if ($oFolderOrDocument->isSymbolicLink()) { $msg = sprintf("Updating shortcut to %s", $oFolderOrDocument->getName()); } else { $msg = sprintf("Updating document %s", $oFolderOrDocument->getName()); } } else { $msg = sprintf("Updating document %d", $oFolderOrDocument->getId()); } } $oChannel->sendMessage(new KTPermissionGenericMessage($msg)); //var_dump($msg); $iPermissionObjectId = $oFolderOrDocument->getPermissionObjectID(); if (empty($iPermissionObjectId)) { return; } $oPO = KTPermissionObject::get($iPermissionObjectId); if (is_null($aMapPermAllowed)) { $aPAs = KTPermissionAssignment::getByObjectMulti($oPO); $aMapPermAllowed = array(); foreach ($aPAs as $oPA) { $oPD = KTPermissionDescriptor::get($oPA->getPermissionDescriptorID()); $aGroupIDs = $oPD->getGroups(); $aUserIDs = array(); $aRoleIDs = $oPD->getRoles(); $aAllowed = array('group' => $aGroupIDs, 'user' => $aUserIDs, 'role' => $aRoleIDs); $aMapPermAllowed[$oPA->getPermissionID()] = $aAllowed; } } if (!$is_a_folder) { $aDynamicConditions = KTPermissionDynamicCondition::getByPermissionObject($oPO); if (!PEAR::isError($aDynamicConditions)) { foreach ($aDynamicConditions as $oDynamicCondition) { $iConditionId = $oDynamicCondition->getConditionId(); if (KTSearchUtil::testConditionOnDocument($iConditionId, $oFolderOrDocument)) { $iGroupId = $oDynamicCondition->getGroupId(); $aPermissionIds = $oDynamicCondition->getAssignment(); foreach ($aPermissionIds as $iPermissionId) { $aCurrentAllowed = KTUtil::arrayGet($aMapPermAllowed, $iPermissionId, array()); $aCurrentAllowed['group'][] = $iGroupId; $aMapPermAllowed[$iPermissionId] = $aCurrentAllowed; } } } } } if (!$is_a_folder) { $oState = KTWorkflowUtil::getWorkflowStateForDocument($oFolderOrDocument); if (!(PEAR::isError($oState) || is_null($oState) || $oState == false)) { $aWorkflowStatePermissionAssignments = KTWorkflowStatePermissionAssignment::getByState($oState); foreach ($aWorkflowStatePermissionAssignments as $oAssignment) { $iPermissionId = $oAssignment->getPermissionId(); $iPermissionDescriptorId = $oAssignment->getDescriptorId(); $oPD = KTPermissionDescriptor::get($iPermissionDescriptorId); $aGroupIDs = $oPD->getGroups(); $aUserIDs = array(); $aRoleIDs = $oPD->getRoles(); $aAllowed = array('group' => $aGroupIDs, 'user' => $aUserIDs, 'role' => $aRoleIDs); $aMapPermAllowed[$iPermissionId] = $aAllowed; } } } // if we have roles: nearest folder. $iRoleSourceFolder = null; if ($is_a_document) { $iRoleSourceFolder = $oFolderOrDocument->getFolderID(); } else { $iRoleSourceFolder = $oFolderOrDocument->getId(); } // very minor perf win: map role_id (in context) to PD. $_roleCache = array(); foreach ($aMapPermAllowed as $iPermissionId => $aAllowed) { $aAfterRoles = array(); if (array_key_exists('role', $aAllowed)) { foreach ($aAllowed['role'] as $k => $iRoleId) { // store the PD <-> RoleId map // special-case "all" or "authenticated". if ($iRoleId == -3 || $iRoleId == -4) { $aAfterRoles[] = $iRoleId; continue; } if (!array_key_exists($iRoleId, $_roleCache)) { $oRoleAllocation = null; if ($is_a_document) { $oRoleAllocation =& DocumentRoleAllocation::getAllocationsForDocumentAndRole($oFolderOrDocument->getId(), $iRoleId); if (PEAR::isError($oRoleAllocation)) { $oRoleAllocation = null; } } // if that's null - not set _on_ the document, then if (is_null($oRoleAllocation)) { $oRoleAllocation =& RoleAllocation::getAllocationsForFolderAndRole($iRoleSourceFolder, $iRoleId); } $_roleCache[$iRoleId] = $oRoleAllocation; } // roles are _not_ always assigned (can be null at root) if (!is_null($_roleCache[$iRoleId])) { $aMapPermAllowed[$iPermissionId]['user'] = kt_array_merge($aMapPermAllowed[$iPermissionId]['user'], $_roleCache[$iRoleId]->getUserIds()); $aMapPermAllowed[$iPermissionId]['group'] = kt_array_merge($aMapPermAllowed[$iPermissionId]['group'], $_roleCache[$iRoleId]->getGroupIds()); // naturally, roles cannot be assigned roles, or madness follows. } unset($aAllowed['role'][$k]); } } unset($aMapPermAllowed[$iPermissionId]['role']); if (!empty($aAfterRoles)) { $aMapPermAllowed[$iPermissionId]['role'] = $aAfterRoles; } } /* print '<pre>'; print '=======' . $oFolderOrDocument->getName(); print '<br />'; var_dump($aMapPermAllowed); print '</pre>'; */ //if (is_null($oPermLookup)) { $aMapPermDesc = array(); foreach ($aMapPermAllowed as $iPermissionId => $aAllowed) { $oLookupPD = KTPermissionUtil::getOrCreateDescriptor($aAllowed); $aMapPermDesc[$iPermissionId] = $oLookupPD->getID(); } $oPermLookup = KTPermissionLookupAssignment::findOrCreateLookupByPermissionDescriptorMap($aMapPermDesc); //} $oFolderOrDocument->setPermissionLookupID($oPermLookup->getID()); $oFolderOrDocument->update(); }
function do_setpermissionallocations() { $aPermissionAllowed = (array) KTUtil::arrayGet($_REQUEST, 'foo'); // thanks BD. $this->startTransaction(); $aStatePermAssigns = KTWorkflowStatePermissionAssignment::getByState($this->oState); // we now walk the alloc'd perms, and go. foreach ($aStatePermAssigns as $oPermAssign) { $aAllowed = (array) $aPermissionAllowed[$oPermAssign->getPermissionId()]; // is already role, group, etc. $oDescriptor = KTPermissionUtil::getOrCreateDescriptor($aAllowed); if (PEAR::isError($oDescriptor)) { $this->errorRedirectTo('allocatepermissions', _kt('Failed to allocate as specified.')); } $oPermAssign->setDescriptorId($oDescriptor->getId()); $res = $oPermAssign->update(); if (PEAR::isError($res)) { $this->errorRedirectTo('allocatepermissions', _kt('Failed to allocate as specified.')); } } KTPermissionUtil::updatePermissionLookupForState($this->oState); $this->successRedirectTo('managepermissions', _kt('Permissions Allocated.')); }