Permission.inc
5.66 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
<?php
/**
* $Id$
*
* Contains static functions used to determine whether the current user:
* o has permission to perform certain actions
* o has a certain role
* o is assigned to a certain group
* o has read/write access for a specific folder/directory
*
* The contents of this file are subject to the KnowledgeTree Public
* License Version 1.1.2 ("License"); You may not use this file except in
* compliance with the License. You may obtain a copy of the License at
* http://www.knowledgetree.com/KPL
*
* Software distributed under the License is distributed on an "AS IS"
* basis, WITHOUT WARRANTY OF ANY KIND, either express or implied.
* See the License for the specific language governing rights and
* limitations under the License.
*
* All copies of the Covered Code must include on each user interface screen:
* (i) the "Powered by KnowledgeTree" logo and
* (ii) the KnowledgeTree copyright notice
* in the same form as they appear in the distribution. See the License for
* requirements.
*
* The Original Code is: KnowledgeTree Open Source
*
* The Initial Developer of the Original Code is The Jam Warehouse Software
* (Pty) Ltd, trading as KnowledgeTree.
* Portions created by The Jam Warehouse Software (Pty) Ltd are Copyright
* (C) 2007 The Jam Warehouse Software (Pty) Ltd;
* All Rights Reserved.
* Contributor( s): ______________________________________
*/
require_once(KT_LIB_DIR . '/permissions/permission.inc.php');
require_once(KT_LIB_DIR . '/permissions/permissionutil.inc.php');
class Permission {
/**
* Checks if the current user has write permission for a specific document.
*
* @param $oDocument Document to check
*
* @return boolean true if the current user has document write permission, false otherwise and set $_SESSION["errorMessage"]
*/
function userHasDocumentWritePermission($oDocument) {
$oUser = User::get($_SESSION["userID"]);
$oPermission = KTPermission::getByName('ktcore.permissions.write');
return KTPermissionUtil::userHasPermissionOnItem($oUser,
$oPermission, $oDocument);
}
/**
* Checks if the current user has read permission for a specific
* document
*
* @param $oFolder Document object to check
*
* @return boolean true if the user has document write permission, false otherwise and set $_SESSION["errorMessage"]
*/
function userHasDocumentReadPermission($oDocument) {
$oUser = User::get($_SESSION["userID"]);
$oPermission = KTPermission::getByName('ktcore.permissions.read');
return KTPermissionUtil::userHasPermissionOnItem($oUser,
$oPermission, $oDocument);
}
/**
* Checks if the current user has write permission for a specific folder
*
* @param $oFolder Folder object to check
*
* @return boolean true if the user has folder write permission, false otherwise and set $_SESSION["errorMessage"]
*/
function userHasFolderWritePermission($oFolder) {
$oUser = User::get($_SESSION["userID"]);
$oPermission = KTPermission::getByName('ktcore.permissions.write');
return KTPermissionUtil::userHasPermissionOnItem($oUser,
$oPermission, $oFolder);
}
/**
* Checks if the current user has read permission for a specific folder
*
* @param $oFolder Folder object to check
*
* @return boolean true if the user has folder write permission, false otherwise and set $_SESSION["errorMessage"]
*/
function userHasFolderReadPermission($oFolder) {
$oUser = User::get($_SESSION["userID"]);
$oPermission = KTPermission::getByName('ktcore.permissions.read');
return KTPermissionUtil::userHasPermissionOnItem($oUser,
$oPermission, $oFolder);
}
/**
* Check if the current user is a system administrator
*
* @return boolean true is user is system administrator, false otherwise and set $_SESSION["errorMessage"]
*
*/
function userIsSystemAdministrator($iUserID = "") {
global $default;
if ($iUserID == "") {
$iUserID = $_SESSION["userID"];
}
$iUserID = KTUtil::getId($iUserID);
$sql = $default->db;
$sql->query(array("SELECT UGL.group_id " . /*ok*/
"FROM $default->users_groups_table AS UGL INNER JOIN $default->groups_table AS GL ON UGL.group_id = GL.id " .
"WHERE UGL.user_id = ? " .
"AND is_sys_admin = ?", array($iUserID, true)));
if ($sql->next_record()) {
return true;
}
return false;
}
function isUnitAdministratorForFolder($oUser, $oFolder) {
$oFolder =& KTUtil::getObject('Folder', $oFolder);
$oUser =& KTUtil::getObject('User', $oUser);
$sUnitTable = KTUtil::getTableName('units');
if (PEAR::isError($oFolder)) { // can't be admin for a non-existant folder.
return false;
}
$sFolderIds = $oFolder->getParentFolderIds();
$aFolderIds = split(",", $sFolderIds);
$aFolderIds[] = $oFolder->getId();
$sParams = DBUtil::paramArray($aFolderIds);
$aParams = $aFolderIds;
$sQuery = "SELECT id FROM $sUnitTable WHERE folder_id IN ($sParams)";
$aUnitIds = DBUtil::getResultArrayKey(array($sQuery, $aParams), 'id');
foreach($aUnitIds as $iUnitId) {
$aGroups = Group::getUnitAdministratorGroupsByUnit($iUnitId);
foreach ($aGroups as $oGroup) {
if ($oGroup->hasMember($oUser)) {
return true;
}
}
}
return false;
}
}
?>