/**
* @description Set the an user as administrator.
* @param mail Mail of the user.
*/
public function setAdmin($mail)
{
$this->output->writeln(sprintf('Set user <info>%s</info> as Administrator', $mail));
$admin_role = Role::get(1);
if (empty($admin_role)) {
$this->output->writeln('No Administrator role is in the database!');
return FALSE;
}
$user = new User();
$user->mail = $mail;
$user->fetch('mail');
if (empty($user->getId())) {
$this->output->writeln(sprintf('User with the mail address <info>%s</info> not found in in the database!', $mail));
return FALSE;
}
$ur = new UserRole();
$ur->user = $user;
$ur->role = $admin_role;
if (!$ur->save()) {
$this->output->writeln('Unable to associate the administrator role!');
$this->output->writeln(print_r($ur->getErrors(), TRUE));
return FALSE;
}
$this->output->writeln('User associated!');
return TRUE;
}
public function testRoleModification()
{
$role = Role::get(Role::ADMINISTRATOR);
$this->assertTrue($role->hasPerm(Permission::PUBLISH_NEWS));
$this->assertFalse($this->player->hasPermission(Permission::PUBLISH_NEWS));
$this->player->addRole($role);
$this->assertTrue($this->player->hasPermission(Permission::PUBLISH_NEWS));
}
public function testNormalRole()
{
$role = Role::get($this->normalRole->getId());
$this->player_b->addRole($role->getId());
$this->assertFalse($role->displayAsLeader());
$this->assertFalse($role->isProtected());
$this->assertEquals("Sample Normal Role", $role->getName());
$this->assertArrayContainsModel($role, Role::getRoles($this->player_b->getId()));
$this->wipe($role);
}
function list_drop()
{
$role = new Role();
$role->get();
foreach ($role as $row) {
$data[''] = '[ User Role ]';
$data[$row->role_id] = $row->role_name;
}
return $data;
}
public function postAddUser($role_id)
{
$user_id = $this->request()->get('user_id');
$user = User::get($user_id);
$role = Role::get($role_id);
$user->roles[] = $role;
if ($user->save()) {
$this->flash()->success('@string/roles_user_add_success');
}
return $this->response()->redirect();
}
public function getCMSFields()
{
$fields = parent::getCMSFields();
$fields->addFieldToTab('Root.Main', UploadField::create('Photo'), 'Content');
$fields->addFieldToTab('Root.Main', UploadField::create('PDF'), 'Content');
$fields->addFieldToTab('Root.Main', PhoneNumberField::create('Phone'), 'Content');
$fields->addFieldToTab('Root.Main', EmailField::create('Email'), 'Content');
$fields->addFieldToTab('Root.Main', DropdownField::create('RoleID', 'Role', Role::get()->map('ID', 'Title'))->setEmptyString('(Select)'), 'Content');
$fields->addFieldToTab('Root.Main', DropdownField::create('DepartmentID', 'Department', Department::get()->map('ID', 'Title'))->setEmptyString('(Select)'), 'Content');
return $fields;
}
/**
* Render a list of comma-separated usernames for the user to see
*
* @param FormView $view
* @param FormInterface $form
* @param array $options
*/
public function buildView(FormView $view, FormInterface $form, array $options)
{
if ($this->type === 'Role') {
foreach ($view->vars['choices'] as $choice) {
$role = \Role::get($choice->value);
$icon = $role->getDisplayIcon();
if ($icon !== null) {
$choice->attr['data-icon'] = $icon;
}
}
}
}
public function run()
{
DB::table('users')->delete();
$roles = Role::get();
// dd($roles->count());
for ($role_index = 0; $role_index < $roles->count(); $role_index++) {
$role = $roles[$role_index];
for ($user_index = 0; $user_index < $role_index + 1; $user_index++) {
User::create(array('first_name' => 'Morriel', 'last_name' => 'Aquino', 'role_id' => $role->id));
}
}
}
public function getAreaSelected()
{
$roles = Role::get();
$result = [];
foreach ($roles as $role) {
if (empty($result[$role->id])) {
$result[$role->id] = [];
}
foreach ($role->permissions as $permission) {
$result[$role->id][] = $permission->service_id;
}
}
return $result;
}
public function postAddRole($user_id)
{
$user = User::get($user_id);
if (count($user->roles) > 0) {
$this->flash()->error('@string/user_role_limit_reached');
return $this->response()->redirect();
}
$role_id = $this->request()->get('role_id');
$role = Role::get($role_id);
$user->roles[] = $role;
if ($user->save()) {
$this->flash()->success('@string/user_role_add_success');
}
return $this->response()->redirect();
}
public function saveUser($sender, $params)
{
$results = $errors = array();
try {
Dao::beginTransaction();
if (!isset($params->CallbackParameter->firstName) || ($firstName = trim($params->CallbackParameter->firstName)) === '') {
throw new Exception('System Error: firstName is mandatory!');
}
if (!isset($params->CallbackParameter->lastName) || ($lastName = trim($params->CallbackParameter->lastName)) === '') {
throw new Exception('System Error: lastName is mandatory!');
}
if (!isset($params->CallbackParameter->userName) || ($userName = trim($params->CallbackParameter->userName)) === '') {
throw new Exception('System Error: userName is mandatory!');
}
if (!isset($params->CallbackParameter->roleid) || !($role = Role::get($params->CallbackParameter->roleid)) instanceof Role) {
throw new Exception('System Error: role is mandatory!');
}
$newpassword = trim($params->CallbackParameter->newpassword);
if (!isset($params->CallbackParameter->userid) || !($userAccount = UserAccount::get($params->CallbackParameter->userid)) instanceof UserAccount) {
$userAccount = new UserAccount();
$person = new Person();
if ($newpassword === '') {
throw new Exception('System Error: new password is mandatory!');
}
$newpassword = sha1($newpassword);
} else {
$person = $userAccount->getPerson();
if ($newpassword === '') {
$newpassword = $userAccount->getPassword();
} else {
$newpassword = sha1($newpassword);
}
}
//double check whether the username has been used
$users = UserAccount::getAllByCriteria('username=? and id!=?', array($userName, $userAccount->getId()), false, 1, 1);
if (count($users) > 0) {
throw new Exception('Username(=' . $userName . ') has been used by another user, please choose another one!');
}
$person->setFirstName($firstName)->setLastName($lastName)->save();
$userAccount->setUserName($userName)->setPassword($newpassword)->setPerson($person)->save();
$results = $userAccount->clearRoles()->addRole($role)->getJson();
Dao::commitTransaction();
} catch (Exception $ex) {
Dao::rollbackTransaction();
$errors[] = $ex->getMessage();
}
$params->ResponseData = StringUtilsAbstract::getJson($results, $errors);
}
function roles_post()
{
$requested_data = json_decode($this->post('models'));
foreach ($requested_data as $d) {
$user = new User(null, $this->entity);
$user->where('id', $d->user_id);
$user->get();
$role = new Role(null, $this->entity);
$role->where('id', $d->role_id);
$role->get();
if ($user->exists() && $role->exists()) {
if ($user->save($role)) {
$r = $user->include_related('role', NULL, TRUE)->get_raw();
$this->response(array('msg' => 'assigned successfully.', 'results' => $r->result()), 201);
} else {
$this->response(array('msg' => 'error assigning to role.', 'results' => array()), 201);
}
} else {
$this->response(array('msg' => 'either role or user does not exist', 'results' => array()), 201);
}
}
// $this->response(array('msg'=>'assigned successfully.', 'results'=>$r->result()), 201);
}
function roles()
{
$role = new Role();
$total_rows = $role->count();
switch ($this->input->get('c')) {
case "1":
$data['col'] = "role_name";
break;
case "2":
$data['col'] = "role_id";
break;
default:
$data['col'] = "role_id";
}
if ($this->input->get('d') == "1") {
$data['dir'] = "DESC";
} else {
$data['dir'] = "ASC";
}
$data['title'] = "Roles";
$data['btn_add'] = anchor('users/add_role', 'Add New', "class='btn btn-primary'");
$data['btn_home'] = anchor(base_url(), 'Home', "class='btn btn-home'");
$uri_segment = 3;
$offset = $this->uri->segment($uri_segment);
$role->order_by($data['col'], $data['dir']);
$data['role_list'] = $role->get($this->limit, $offset)->all;
$config['base_url'] = site_url("users/roles");
$config['total_rows'] = $total_rows;
$config['per_page'] = $this->limit;
$config['uri_segment'] = $uri_segment;
$this->pagination->initialize($config);
$data['pagination'] = $this->pagination->create_links();
$this->load->view('users/index_roles', $data);
}
/**
* List Roles
* Will get all roles from the database
*
* @param mixed $count
* @param mixed $offset
*
*/
public function list_roles($count = 10000, $offset = 0)
{
$r = new Role();
return $r->get($count, $offset);
}
* the $siteOptions variable.
*
*/
$options = Option::get(['name', 'value']);
foreach ($options as $option) {
$o[$option->name] = $option->value;
}
View::share('siteOptions', $o);
/**
* Attach a PHP array to the window to allow JavaScript to use.
* The "URL" provider is used rather than the Laravel helper paths
* to ensure the paths are consistent across Windows and Unix platforms.
*
* @see https://github.com/laracasts/PHP-Vars-To-Js-Transformer
*/
JavaScript::put(['app_path' => URL::to('/') . '/', 'roles' => Role::get(['id', 'friendly_name']), 'services' => Service::get(['id', 'friendly_name'])]);
});
App::after(function ($request, $response) {
//
});
/*
|--------------------------------------------------------------------------
| Access Filter
|--------------------------------------------------------------------------
|
*/
Route::filter('access', function () {
if (!Access::validate(Request::segment(1))) {
return App::abort(403, 'You do not have the required access for this page');
}
});
/**
* Display a listing of the resource.
*
* @return \Illuminate\Http\Response
*/
public function index()
{
$profiles = $this->profiles->get();
return \View::make('acl::admin.profiles.index', compact('profiles'));
}
function descriptorToJSON($aAllowed)
{
$values = array();
foreach (KTUtil::arrayGet($aAllowed, 'user', array()) as $oU) {
if (!is_object($oU)) {
$iUserId = $oU;
$oU = User::get($iUserId);
} else {
$iUserId = $oU->getId();
}
if (PEAR::isError($oU) || $oU == false) {
continue;
} else {
$values[sprintf("users[%d]", $iUserId)] = sprintf(_kt('User: %s'), $oU->getName());
}
}
foreach (KTUtil::arrayGet($aAllowed, 'group', array()) as $oG) {
if (!is_object($oG)) {
$iGroupId = $oG;
$oG = Group::get($iGroupId);
} else {
$iGroupId = $oG->getId();
}
if (PEAR::isError($oG) || $oG == false) {
continue;
} else {
$values[sprintf("groups[%d]", $iGroupId)] = sprintf(_kt('Group: %s'), $oG->getName());
}
}
foreach (KTUtil::arrayGet($aAllowed, 'role', array()) as $oR) {
if (!is_object($oR)) {
$iRoleId = $oR;
$oR = Role::get($iRoleId);
} else {
$iRoleId = $oR->getId();
}
if (PEAR::isError($oR) || $oR == false) {
continue;
} else {
$values[sprintf("roles[%d]", $iRoleId)] = sprintf(_kt('Role: %s'), $oR->getName());
}
}
return $values;
}
function do_assistance()
{
$sSubject = $this->oValidator->validateString($_REQUEST['subject']);
$sDetails = $this->oValidator->validateString($_REQUEST['details']);
$aUsers = array();
$aGroups = array();
$aRoles = array();
foreach (Group::getAdministratorGroups() as $oGroup) {
$aGroups[$oGroup->getId()] =& $oGroup;
}
foreach (Unit::getUnitsForFolder($this->oDocument->getFolderId()) as $oUnit) {
foreach (Group::getUnitAdministratorGroupsByUnit($oUnit) as $oGroup) {
$aGroups[$oGroup->getId()] =& $oGroup;
}
}
$aRoles[-2] = Role::get(-2);
$oDocument =& $this->oDocument;
foreach ($aRoles as $oRole) {
// Ignore anonymous or Everyone roles
$iRoleId = KTUtil::getId($oRole);
if ($iRoleId == -3 || $iRoleId == -4) {
continue;
}
// first try on the document, then the folder above it.
$oRoleAllocation = DocumentRoleAllocation::getAllocationsForDocumentAndRole($oDocument->getId(), $iRoleId);
if (is_null($oRoleAllocation)) {
// if we don't get a document role, try folder role.
$oRoleAllocation = RoleAllocation::getAllocationsForFolderAndRole($oDocument->getFolderID(), $oRole->getId());
}
if (is_null($oRoleAllocation) || PEAR::isError($oRoleAllocation)) {
continue;
}
$aRoleUsers = $oRoleAllocation->getUsers();
$aRoleGroups = $oRoleAllocation->getGroups();
foreach ($aRoleUsers as $id => $oU) {
$aUsers[$id] = $oU;
}
foreach ($aRoleGroups as $id => $oGroup) {
$aGroups[$id] = $oGroup;
}
}
$aGroupMembershipSet = GroupUtil::buildGroupArray();
$aAllIds = array_keys($aGroups);
foreach ($aGroups as $id => $oGroup) {
$aAllIds = kt_array_merge($aGroupMembershipSet[$id], $aAllIds);
}
foreach ($aAllIds as $id) {
if (!array_key_exists($id, $aGroups)) {
$aGroups[$id] = Group::get($id);
}
}
// now, merge this (again) into the user-set.
foreach ($aGroups as $oGroup) {
$aNewUsers = $oGroup->getMembers();
foreach ($aNewUsers as $oU) {
$id = $oU->getId();
if (!array_key_exists($id, $aUsers)) {
$aUsers[$id] = $oU;
}
}
}
foreach ($aUsers as $oU) {
if (!PEAR::isError($oU)) {
KTAssistNotification::newNotificationForDocument($this->oDocument, $oU, $this->oUser, $sSubject, $sDetails);
}
}
$this->commitTransaction();
$params = 'fDocumentId=' . $oDocument->getId();
$url = generateControllerLink('viewDocument', $params);
exit(redirect($url));
}
function do_editRoleGroups()
{
$iFolderId = $this->oFolder->getId();
$role_allocation_id = KTUtil::arrayGet($_REQUEST, 'alloc_id');
if ($iFolderId == 1 && is_null($role_allocation_id)) {
$oRoleAllocation = $this->rootoverride($_REQUEST['role_id']);
} else {
$oRoleAllocation = RoleAllocation::get($role_allocation_id);
}
if (PEAR::isError($oRoleAllocation) || $oRoleAllocation === false) {
$this->errorRedirectToMain(_kt('No such role allocation.'), sprintf('fFolderId=%d', $iFolderId));
}
$oRole = Role::get($oRoleAllocation->getRoleId());
$this->oPage->setBreadcrumbDetails(_kt('Manage Groups for Role'));
$this->oPage->setTitle(sprintf(_kt('Manage Groups for Role "%s"'), $oRole->getName()));
$initJS = 'var optGroup = new OptionTransfer("groupSelect","chosenGroups"); ' . 'function startTrans() { var f = getElement("grouproleform"); ' . ' optGroup.saveNewRightOptions("groupFinal"); ' . ' optGroup.init(f); }; ' . ' addLoadEvent(startTrans); ';
$this->oPage->requireJSStandalone($initJS);
$aInitialUsers = $oRoleAllocation->getGroups();
$aAllUsers = Group::getList();
// FIXME this is massively non-performant for large userbases..
$aRoleUsers = array();
$aFreeUsers = array();
foreach ($aInitialUsers as $oGroup) {
$aRoleUsers[$oGroup->getId()] = $oGroup;
}
foreach ($aAllUsers as $oGroup) {
if (!array_key_exists($oGroup->getId(), $aRoleUsers)) {
$aFreeUsers[$oGroup->getId()] = $oGroup;
}
}
// Include the electronic signature on the permissions action
global $default;
if ($default->enableESignatures) {
$sUrl = KTPluginUtil::getPluginPath('electronic.signatures.plugin', true);
$heading = _kt('You are attempting to modify roles');
$input['type'] = 'button';
$input['onclick'] = "javascript: showSignatureForm('{$sUrl}', '{$heading}', 'ktcore.transactions.role_allocations_change', 'folder', 'grouproleform', 'submit', {$iFolderId});";
} else {
$input['type'] = 'submit';
$input['onclick'] = '';
}
$oTemplating =& KTTemplating::getSingleton();
$oTemplate = $oTemplating->loadTemplate("ktcore/folder/roles_managegroups");
$aTemplateData = array("context" => $this, "edit_rolealloc" => $oRoleAllocation, 'unused_groups' => $aFreeUsers, 'role_groups' => $aRoleUsers, 'rolename' => $oRole->getName(), 'input' => $input);
return $oTemplate->render($aTemplateData);
}
function do_main()
{
$this->oPage->setBreadcrumbDetails(_kt('Permissions'));
$oTemplate = $this->oValidator->validateTemplate('ktcore/folder/view_permissions');
$oPO = KTPermissionObject::get($this->oFolder->getPermissionObjectID());
$aPermissions = KTPermission::getList();
$aMapPermissionGroup = array();
$aMapPermissionRole = array();
$aMapPermissionUser = array();
$aAllGroups = Group::getList();
// probably small enough
$aAllRoles = Role::getList();
// probably small enough.
// users are _not_ fetched this way.
$aActiveGroups = array();
$aActiveUsers = array();
$aActiveRoles = array();
foreach ($aPermissions as $oPermission) {
$oPLA = KTPermissionAssignment::getByPermissionAndObject($oPermission, $oPO);
if (PEAR::isError($oPLA)) {
continue;
}
$oDescriptor = KTPermissionDescriptor::get($oPLA->getPermissionDescriptorID());
$iPermissionID = $oPermission->getID();
$aIDs = $oDescriptor->getGroups();
$aMapPermissionGroup[$iPermissionID] = array();
foreach ($aIDs as $iID) {
$aMapPermissionGroup[$iPermissionID][$iID] = true;
$aActiveGroups[$iID] = true;
}
$aIds = $oDescriptor->getRoles();
$aMapPermissionRole[$iPermissionID] = array();
foreach ($aIds as $iId) {
$aMapPermissionRole[$iPermissionID][$iId] = true;
$aActiveRoles[$iId] = true;
}
$aIds = $oDescriptor->getUsers();
$aMapPermissionUser[$iPermissionID] = array();
foreach ($aIds as $iId) {
$aMapPermissionUser[$iPermissionID][$iId] = true;
$aActiveUsers[$iId] = true;
}
}
// now we constitute the actual sets.
$users = array();
$groups = array();
$roles = array();
// should _always_ be empty, barring a bug in permissions::updatePermissionLookup
// this should be quite limited - direct role -> user assignment is typically rare.
foreach ($aActiveUsers as $id => $marker) {
$oUser = User::get($id);
if (is_null($oUser)) {
continue;
}
// this is just a patch in case there is a db integrity issue.
$users[$oUser->getName()] = $oUser;
}
asort($users);
// ascending, per convention.
foreach ($aActiveGroups as $id => $marker) {
$oGroup = Group::get($id);
if (is_null($oGroup)) {
continue;
}
// this is just a patch in case there is a db integrity issue.
$groups[$oGroup->getName()] = $oGroup;
}
asort($groups);
foreach ($aActiveRoles as $id => $marker) {
$oRole = Role::get($id);
if (is_null($oRole)) {
continue;
}
// this is just a patch in case there is a db integrity issue.
$roles[$oRole->getName()] = $oRole;
}
asort($roles);
$bEdit = KTPermissionUtil::userHasPermissionOnItem($this->oUser, $this->_sEditShowPermission, $this->oFolder);
if (KTBrowseUtil::inAdminMode($this->oUser, $this->oFolder)) {
$bEdit = true;
}
$sInherited = '';
$oInherited = KTPermissionUtil::findRootObjectForPermissionObject($oPO);
// This is fine, since a folder can only inherit permissions
// from a folder.
if ($oInherited->getId() !== $this->oFolder->getId()) {
$iInheritedFolderId = $oInherited->getId();
$sInherited = join(' > ', $oInherited->getPathArray());
}
// only allow inheritance if not inherited, -and- folders is editable
$bInheritable = $bEdit && $oInherited->getId() !== $this->oFolder->getId();
// only allow edit if the folder is editable.
$bEdit = $bEdit && $oInherited->getId() == $this->oFolder->getId();
$aConditions = array();
$aDynConditions = KTPermissionDynamicCondition::getByPermissionObject($oPO);
foreach ($aDynConditions as $oDynCondition) {
$g = Group::get($oDynCondition->getGroupId());
if (is_null($g)) {
continue;
}
// db integrity catch
if (PEAR::isError($g)) {
continue;
}
$c = KTSavedSearch::get($oDynCondition->getConditionId());
if (is_null($c)) {
continue;
}
// db integrity catch
if (PEAR::isError($c)) {
continue;
}
$aInfo = array('group' => $g->getName(), 'name' => $c->getName());
$aAssign = $oDynCondition->getAssignment();
$perms = array();
foreach ($aAssign as $iPermissionId) {
$perms[$iPermissionId] = true;
}
$aInfo['perms'] = $perms;
$aConditions[] = $aInfo;
}
$aTemplateData = array('context' => $this, 'permissions' => $aPermissions, 'groups' => $groups, 'users' => $users, 'roles' => $roles, 'oFolder' => $this->oFolder, 'aMapPermissionGroup' => $aMapPermissionGroup, 'aMapPermissionRole' => $aMapPermissionRole, 'aMapPermissionUser' => $aMapPermissionUser, 'edit' => $bEdit, 'inheritable' => $bInheritable, 'inherited' => $sInherited, 'conditions' => $aConditions);
return $oTemplate->render($aTemplateData);
}
function do_deleteRole()
{
$role_id = KTUtil::arrayGet($_REQUEST, 'role_id');
$oRole = Role::get($role_id);
if (PEAR::isError($oRole) || $oRole == false) {
$this->errorRedirectToMain(_kt('Please select a valid role first.'));
}
$name = $oRole->getName();
$this->startTransaction();
$res = $oRole->delete();
if (PEAR::isError($res) || $res == false) {
$this->errorRedirectToMain(_kt('Unable to delete the role.') . ' ' . _kt('Possible cause') . ': ' . $_SESSION['errorMessage']);
}
$this->successRedirectToMain(sprintf(_kt('Role "%s" deleted. '), $name));
}
/**
* Display a listing of the resource.
*
* @return \Illuminate\View\View
*/
public function index()
{
$permissions = $this->permissions->get();
return \View::make('admin.permissions.index', ['permissions' => $permissions, 'title' => 'list']);
}
/**
* Using the name, the role can be resolved.
*
* @author KnowledgeTree Team
* @access public
* @static
* @param string $name
* @return KTAPI_Role Returns null if there is no match.
*/
public static function getByName($name)
{
$sql = 'SELECT id FROM roles WHERE name=?';
$id = DBUtil::getOneResultKey(array($sql, array($name)), 'id');
if (PEAR::isError($id)) {
return $id;
}
$role = Role::get($id);
return new KTAPI_Role($role);
}
/**
* Give or remove a role to/form a player
*
* @param int $role_id The role ID to add or remove
* @param string $action Whether to "add" or "remove" a role for a player
*
* @return bool Whether the operation was successful or not
*/
private function modifyRole($role_id, $action)
{
$role = Role::get($role_id);
if ($role->isValid()) {
if ($action == "add") {
$this->db->query("INSERT INTO player_roles (user_id, role_id) VALUES (?, ?)", "ii", array($this->getId(), $role_id));
} elseif ($action == "remove") {
$this->db->query("DELETE FROM player_roles WHERE user_id = ? AND role_id = ?", "ii", array($this->getId(), $role_id));
} else {
throw new Exception("Unrecognized role action");
}
return true;
}
return false;
}
function informUsersForState($oState, $aInformed, $oDocument, $oUser, $sComments)
{
// say no to duplicates.
KTWorkflowNotification::clearNotificationsForDocument($oDocument);
$aUsers = array();
$aGroups = array();
$aRoles = array();
foreach (KTUtil::arrayGet($aInformed, 'user', array()) as $iUserId) {
$oU = User::get($iUserId);
if (PEAR::isError($oU) || $oU == false) {
continue;
} else {
$aUsers[$oU->getId()] = $oU;
}
}
foreach (KTUtil::arrayGet($aInformed, 'group', array()) as $iGroupId) {
$oG = Group::get($iGroupId);
if (PEAR::isError($oG) || $oG == false) {
continue;
} else {
$aGroups[$oG->getId()] = $oG;
}
}
foreach (KTUtil::arrayGet($aInformed, 'role', array()) as $iRoleId) {
$oR = Role::get($iRoleId);
if (PEAR::isError($oR) || $oR == false) {
continue;
} else {
$aRoles[] = $oR;
}
}
// FIXME extract this into a util - I see us using this again and again.
// start with roles ... roles _only_ ever contain groups.
foreach ($aRoles as $oRole) {
// do NOT alert anonymous or Everyone roles - that would be very scary.
$iRoleId = KTUtil::getId($oRole);
if ($iRoleId == -3 || $iRoleId == -4) {
continue;
}
// first try on the document, then the folder above it.
$oRoleAllocation = DocumentRoleAllocation::getAllocationsForDocumentAndRole($oDocument->getId(), $iRoleId);
if (is_null($oRoleAllocation)) {
// if we don't get a document role, try folder role.
$oRoleAllocation = RoleAllocation::getAllocationsForFolderAndRole($oDocument->getFolderID(), $oRole->getId());
}
if (is_null($oRoleAllocation) || PEAR::isError($oRoleAllocation)) {
continue;
}
$aRoleUsers = $oRoleAllocation->getUsers();
$aRoleGroups = $oRoleAllocation->getGroups();
foreach ($aRoleUsers as $id => $oU) {
$aUsers[$id] = $oU;
}
foreach ($aRoleGroups as $id => $oGroup) {
$aGroups[$id] = $oGroup;
}
}
// we now have a (potentially overlapping) set of groups, which may
// have subgroups.
//
// what we need to do _now_ is build a canonical set of groups, and then
// generate the singular user-base.
$aGroupMembershipSet = GroupUtil::buildGroupArray();
$aAllIds = array_keys($aGroups);
foreach ($aGroups as $id => $oGroup) {
$aAllIds = kt_array_merge($aGroupMembershipSet[$id], $aAllIds);
}
foreach ($aAllIds as $id) {
if (!array_key_exists($id, $aGroups)) {
$aGroups[$id] = Group::get($id);
}
}
// now, merge this (again) into the user-set.
foreach ($aGroups as $oGroup) {
$aNewUsers = $oGroup->getMembers();
foreach ($aNewUsers as $oU) {
$id = $oU->getId();
if (!array_key_exists($id, $aUsers)) {
$aUsers[$id] = $oU;
}
}
}
// and done.
foreach ($aUsers as $oU) {
if (!PEAR::isError($oU)) {
KTWorkflowNotification::newNotificationForDocument($oDocument, $oU, $oState, $oUser, $sComments);
}
}
}
/**
* Show the form for creating a new resource.
*
* @return Response
*/
public function create()
{
$roles = Role::get();
return View::make('pages.create_user')->with(['roles' => $roles, 'editmode' => false]);
}
function user_put()
{
$model = json_decode($this->put('models'));
foreach ($model as $d) {
$user = new User(null, $this->entity);
$user->where('id', $d->user);
$user->get();
$role = new Role(null, $this->entity);
$role->where('id', $d->role);
$role->get();
if ($user->exists() && $role->exists()) {
$user->set_join_field($role, 'role_id', $d->role);
if ($user->save($role)) {
$this->response(array('msg' => 'assigned'), 201);
}
}
// $this->response(array('user'=>$user->id), 201);
}
// $this->response(array('user'=>$model[0]->user), 201);
}
function getConfigDescription()
{
if (!$this->isLoaded()) {
return _kt('This trigger has no configuration.');
}
// the actual permissions are stored in the array.
$perms = array();
if (empty($this->aConfig) || is_null($this->aConfig['role_id'])) {
return _kt('No role is required to perform this transition');
}
$oRole = Role::get($this->aConfig['role_id']);
if (PEAR::isError($oRole)) {
return _kt('The role required for this trigger has been deleted, so anyone can perform this action.');
} else {
return sprintf(_kt('The user will require the <strong>%s</strong> role.'), htmlentities($oRole->getName(), ENT_NOQUOTES, 'UTF-8'));
}
}
public static function getRole()
{
$c = Role::get();
self::$role = $c;
return new self();
}
public function getCMSFields()
{
$fields = parent::getCMSFields();
$fields->addFieldToTab('Root.Departments', GridField::create('Department', 'Departments', Department::get()->sort('Title'), GridFieldConfig_RecordEditor::create()));
$fields->addFieldToTab('Root.Roles', GridField::create('Role', 'Roles', Role::get()->sort('Title'), GridFieldConfig_RecordEditor::create()));
return $fields;
}
