Peter M. Groen / knowledgetree

Commit 070a250d9a214a514bef94247f996d264d6bd2fa

Authored by Megan Watson
1 parent 6e08bea8

KTS-3908 

"Refactor DropDocuments Plugin"
Fixed. Added error catching, root session is only used when creating the folders.

Committed by: Megan Watson
Reviewed by: Tohir Solomons



git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@9595 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 1 changed file with 513 additions and 467 deletions
plugins/MyDropDocumentsPlugin/MyDropDocumentsPage.php
  View file @070a250
... ... @@ -48,209 +48,247 @@ require_once(KT_LIB_DIR . "/roles/roleallocation.inc.php");
48 48 require_once(KT_LIB_DIR . "/permissions/permissionutil.inc.php");
49 49 require_once(KT_LIB_DIR . '/mime.inc.php');
50 50 /* This page is run via an AJAX call from the update.js for this plugin.
51   - * It checks to see if both the dropdocuments folder and the users personal folder exist.
52   - * If they don't, it creates them and assigns permission and roles accordingly.
53   - * If the dropdocuments folder does exist it checks if the WorkSpaceOwner role exists.
54   - * If the role exists it assigns the current user to the role on the dropdocuments folder.
55   - * Therefore any users running the plugin after the dropdocuments folder has been created will have access to it too.
56   - * The underlying logic is that everyone is assigned to the WorkSpaceOwner Role, they have all permission except
57   - * Delete, Rename Folder, Manage security and Manage workflow on the dropdocuments folder.
58   - * This role is then assigned to their personal folder too (which is named according to their username) and is overidden
59   - * to give only the current user full rights to their folder.
60   - * Essentially everyone can look at the dropdocuments folder but will only see their own folder within it.
61   - */
  51 +* It checks to see if both the dropdocuments folder and the users personal folder exist.
  52 +* If they don't, it creates them and assigns permission and roles accordingly.
  53 +* If the dropdocuments folder does exist it checks if the WorkSpaceOwner role exists.
  54 +* If the role exists it assigns the current user to the role on the dropdocuments folder.
  55 +* Therefore any users running the plugin after the dropdocuments folder has been created will have access to it too.
  56 +* The underlying logic is that everyone is assigned to the WorkSpaceOwner Role, they have all permission except
  57 +* Delete, Rename Folder, Manage security and Manage workflow on the dropdocuments folder.
  58 +* This role is then assigned to their personal folder too (which is named according to their username) and is overidden
  59 +* to give only the current user full rights to their folder.
  60 +* Essentially everyone can look at the dropdocuments folder but will only see their own folder within it.
  61 +*/
62 62  
63 63 class MyDropDocumentsPage extends KTStandardDispatcher {
64 64  
65 65 function do_main() {
66 66  
67   - $iRootID = (int)1;
68   - $oUser = $this->oUser;
69   - $sUserName = (string)$this->oUser->getUserName();
70   - $this->ktapi = new KTAPI();
71   - $this->session = $this->ktapi->start_system_session();
72   -
73   - if(!Folder::FolderExistsName('DroppedDocuments', $iRootID))
74   - {
75   -
76   - $root=$this->ktapi->get_root_folder();
77   -
78   - //Create dropdocuments folder
79   - $userFolder = $root->add_folder('DroppedDocuments');
  67 + // Check if users folder exists in DropDocuments folder
  68 + // - it does -> continue on to check for documents
  69 + // - it doesn't -> switch to root user and create it
80 70  
81   - //In order to stop permission inheritance a copy of the parent permission object is created.
82   - //This copy is then used to set separate permissions for this folder.
83   - KTPermissionUtil::copyPermissionObject($userFolder->get_folder());
  71 + global $default;
  72 + $iRootID = (int)1;
  73 + $oUser = $this->oUser;
  74 + $sUserName = (string)$this->oUser->getUserName();
84 75  
85   - //If WorkSpaceOwner role doesn't exist, create it
86   - if(!$this->roleExistsName('WorkSpaceOwner'))
87   - {
88   - $oWorkSpaceOwnerRole = $this->createRole('WorkSpaceOwner');
89   - if ($oWorkSpaceOwnerRole == null)
90   - {
91   - $this->session->logout();
92   - return _kt('Error: Failed to create WorkSpaceOwner Role');
93   - }
94   - }
95 76  
96   - //$root=$this->ktapi->get_root_folder();
97   - //$personalFolder = $root->get_folder_by_name('/dropdocuments/'.$sUserName);
  77 + // Check for the DropDocuments folder in root
  78 + if(!Folder::FolderExistsName('DroppedDocuments', $iRootID))
  79 + {
  80 + // We need to be admin to create the folder and update its permissions
  81 + $this->ktapi = new KTAPI();
  82 + $this->session = $this->ktapi->start_system_session();
98 83  
99   - //Get the folder object
100   - $userFolderObject = $userFolder->get_folder();
  84 + // create the folder
  85 + $res = $this->createDropDocsFolder();
101 86  
102   - //Get the permission object from the dropdocuments folder object
103   - $oUserPO = KTPermissionObject::get($userFolderObject->getPermissionObjectId());
  87 + $this->session->logout();
104 88  
105   - //Check to see if there are duplicate WorkSpaceOwner roles.
106   - if (count($this->getRoleIdByName('WorkSpaceOwner')) > 1)
107   - {
108   - $this->session->logout();
109   - return _kt('Error: cannot set user role permissions: more than one role named \'WorkSpaceOwner\' exists');
  89 + // Check if the creation was successful
  90 + if(!is_null($res)){
  91 + return $res;
  92 + }
  93 + }
110 94  
111   - }
  95 + $iDropDocsFolderID = $this->getFolderID('DroppedDocuments');
112 96  
113   - //call the function to set the permission on the dropdocuments folder
114   - $this->setUserDocsPermissions($oUserPO);
  97 + // Check for users folder
  98 + if(!Folder::FolderExistsName($sUserName, $iDropDocsFolderID))
  99 + {
  100 + // We need to be admin to create the folder and update its permissions
  101 + $this->ktapi = new KTAPI();
  102 + $this->session = $this->ktapi->start_system_session();
115 103  
116   - //Assign the current user to the WorkSpaceOwner role
117   - $this->setUserDocsRoleAllocation($userFolderObject);
  104 + // create the users personal folder in the DroppedDocuments folder
  105 + $res = $this->createPersonalFolder($sUserName, $iDropDocsFolderID);
118 106  
119   - }
120   - else
121   - {
  107 + $this->session->logout();
122 108  
123   - $root = $this->ktapi->get_root_folder();
124   - $userFolder = $root->get_folder_by_name('/DroppedDocuments');
  109 + // Check if the creation was successful
  110 + if(!is_null($res)){
  111 + return $res;
  112 + }
  113 + }
125 114  
126   - //Get the dropdocuments folder object
127   - $userFolderObject = $userFolder->get_folder();
  115 + // Get documents
  116 + return $this->getUsersDocument($sUserName, $iDropDocsFolderID);
  117 + }
128 118  
129   - if(!$this->roleExistsName('WorkSpaceOwner'))
130   - {
  119 + /**
  120 + * Method to create the users personal folder where documents are added from the Drop Box.
  121 + *
  122 + */
  123 + function createPersonalFolder($sUserName, $iDropDocsFolderID)
  124 + {
  125 + // Add the users folder
  126 + // Add the user to the WorkSpaceAdmin role on the DroppedDocuments folder
  127 + // Define users folder permissions
131 128  
132   - $oWorkSpaceOwnerRole = $this->createRole('WorkSpaceOwner');
133   - if ($oWorkSpaceOwnerRole == null)
134   - {
135   - $this->session->logout();
136   - return _kt('Error: Failed to create WorkSpaceOwner Role');
137   - }
  129 + // Get the root folder
  130 + $root = $this->ktapi->get_root_folder();
138 131  
139   - //set permissions
140   - $oUserPO = KTPermissionObject::get($userFolderObject->getPermissionObjectId());
141   - $this->setUserDocsPermissions($oUserPO);
142   - //assign current user to role
143   - $this->setUserDocsRoleAllocation($userFolderObject);
144   - }
145   - else
146   - {
  132 + if(PEAR::isError($root)){
  133 + $default->log->debug('MyDropDocuments: could not get root folder '.$root->getMessage());
  134 + return _kt('Error - could not get the root folder: ').$root->getMessage();
  135 + }
147 136  
148   - //update WrokSpaceOwner role to include current user
149   - $this->updateUserDocsRoleAllocation($userFolderObject);
150   - }
  137 + /* ** Get the Dropped Documents folder object and assign the user to the role */
  138 + // Get the DroppedDocuments folder
  139 + $dropDocsFolder = $root->get_folder_by_name('/DroppedDocuments');
151 140  
152   - }
  141 + if(PEAR::isError($dropDocsFolder)){
  142 + $default->log->debug('MyDropDocuments: could not get DroppedDocuments folder '.$dropDocsFolder->getMessage());
  143 + return _kt('Error - could not get the DropppedDocuments folder: ').$dropDocsFolder->getMessage();
  144 + }
153 145  
154   - $iUserDocsFolderID = $this->getFolderID('DroppedDocuments');
155   - $oUserDocsFolder = Folder::get($iUserDocsFolderID);
  146 + $oDropDocsFolder = $dropDocsFolder->get_folder();
156 147  
157   - if(!Folder::FolderExistsName($sUserName, $iUserDocsFolderID))
158   - {
  148 + // Get the permission object from the dropdocuments folder object
  149 + $oDropDocsPO = KTPermissionObject::get($oDropDocsFolder->getPermissionObjectId());
159 150  
  151 + // Check to see if there are duplicate WorkSpaceOwner roles.
  152 + if (count($this->getRoleIdByName('WorkSpaceOwner')) > 1)
  153 + {
  154 + return _kt('Error: cannot set user role permissions: more than one role named \'WorkSpaceOwner\' exists');
  155 + }
160 156  
161   - $root=$this->ktapi->get_root_folder();
162   - $userDocsFolder = $root->get_folder_by_name('/DroppedDocuments');
  157 + // Assign the current user to the WorkSpaceOwner role
  158 + $this->updateUserDocsRoleAllocation($oDropDocsFolder);
163 159  
164   - //create the personal folder. (Use the username to create it)
165   - $personalFolder = $userDocsFolder->add_folder($sUserName);
  160 + /* ** Create the users personal folder */
  161 + // Create the users personal folder using the username as the folder name
  162 + $personalFolder = $dropDocsFolder->add_folder($sUserName);
166 163  
167   - //Copy the permission object to stop permission inheritance
168   - KTPermissionUtil::copyPermissionObject($personalFolder->get_folder());
  164 + if(PEAR::isError($personalFolder)){
  165 + $default->log->debug('MyDropDocuments: could not create user folder '.$personalFolder->getMessage());
  166 + return _kt('Error - could not create the personal folder: ').$personalFolder->getMessage();
  167 + }
169 168  
170   - //The role should exist by now.
171   - //In both the if and else statements for the dropdocuments above the role is created
172   - //If its doesn't exist by now there is an error
173   - if(!$this->roleExistsName('WorkSpaceOwner'))
174   - {
  169 + $oPersonalFolder = $personalFolder->get_folder();
175 170  
176   - $this->session->logout();
177   - return _kt('Error: WorkSpaceOwner Role not setup, cannot assign to Personal Folder');
  171 + // The folder defines its own permissions - copy the permission object
  172 + KTPermissionUtil::copyPermissionObject($oPersonalFolder);
178 173  
179   - }
  174 + // The role should exist by now.
  175 + if(!$this->roleExistsName('WorkSpaceOwner'))
  176 + {
  177 + return _kt('Error: WorkSpaceOwner Role not setup, cannot assign to Personal Folder');
  178 + }
180 179  
181   - $personalFolderRole = $root->get_folder_by_name('/DroppedDocuments/'.$sUserName);
182   - $PersonalFolderObject = ($personalFolderRole->get_folder());
  180 + //Get permission object
  181 + $oPO = KTPermissionObject::get($oPersonalFolder->getPermissionObjectId());
183 182  
184   - //Get permission object
185   - $oPO = KTPermissionObject::get($PersonalFolderObject->getPermissionObjectId());
  183 + if(PEAR::isError($oPO)){
  184 + $default->log->debug('MyDropDocuments: could not get permission object for user folder '.$oPO->getMessage());
  185 + return _kt('Error - could not get permission object for the personal folder: ').$oPO->getMessage();
  186 + }
186 187  
187   - //Check for duplicate WorkSpaceOwner roles
188   - if (count($this->getRoleIdByName('WorkSpaceOwner')) > 1)
189   - {
190   - $this->session->logout();
191   - return _kt('Error: cannot set personal folder role permissions: more than one role named \'WorkSpaceOwner\' exists');
  188 + $this->setPersonalFolderPermissions($oPO);
192 189  
193   - }
  190 + $this->updatePersonalFolderRoleAllocation($oPersonalFolder);
194 191  
195   - $this->setPersonalFolderPermissions($oPO);
  192 + // Folder just created so no top list of last modified documents
  193 + return _kt('<span class="descriptiveText"> You do not have any dropped documents </span><br><br><br>');
  194 + }
196 195  
197   - $this->updatePersonalFolderRoleAllocation($PersonalFolderObject);
  196 + /**
  197 + * Method to create the DroppedDocuments folder within the Root Folder
  198 + *
  199 + * @return string|null Returns an error message or null on success
  200 + */
  201 + function createDropDocsFolder()
  202 + {
  203 + $root = $this->ktapi->get_root_folder();
198 204  
  205 + if(PEAR::isError($root)){
  206 + $default->log->debug('MyDropDocuments: could not get root folder '.$root->getMessage());
  207 + return _kt('Error - could not get the root folder: ').$root->getMessage();
  208 + }
199 209  
200   - //folder just created so no top list of last modified documents
  210 + //Create dropdocuments folder
  211 + $dropDocsFolder = $root->add_folder('DroppedDocuments');
201 212  
202   - $iMyDocsFolderID = $this->getFolderID($sUserName);
203   - $this->session->logout();
204   - return _kt('<span class="descriptiveText"> You do not have any dropped documents </span><br><br><br>');
  213 + if(PEAR::isError($dropDocsFolder)){
  214 + $default->log->debug('MyDropDocuments: could not create DroppedDocuments folder '.$dropDocsFolder->getMessage());
  215 + return _kt('Error - could not create the DropppedDocuments folder: ').$dropDocsFolder->getMessage();
  216 + }
205 217  
  218 + // Get the DropDocuments folder object
  219 + $dropDocsFolderObject = $dropDocsFolder->get_folder();
206 220  
207   - }
  221 + // The folder must define its own permissions so create a copy of the root folder
  222 + KTPermissionUtil::copyPermissionObject($dropDocsFolderObject);
208 223  
209   - else //if personal folder does exist
210   - {
211   - //Getting personal folder id
212   - $iMyDocsFolderID = $this->getFolderID($sUserName);
  224 + // Each user is added to the WorkSpaceOwner role on their personal folder
  225 + // Check if the role exists and create it if it doesn't
  226 + if(!$this->roleExistsName('WorkSpaceOwner'))
  227 + {
  228 + $oWorkSpaceOwnerRole = $this->createRole('WorkSpaceOwner');
  229 + if ($oWorkSpaceOwnerRole == null)
  230 + {
  231 + return _kt('Error: Failed to create WorkSpaceOwner Role');
  232 + }
  233 + }
213 234  
  235 + // Get the permission object from the dropdocuments folder object
  236 + $oDropDocsPO = KTPermissionObject::get($dropDocsFolderObject->getPermissionObjectId());
214 237  
215   - if(!$this->roleExistsName('WorkSpaceOwner'))
216   - {
217   - $this->session->logout();
218   - return _kt('Error: WorkSpaceOwner Role does not exist');
219   - }
220   - else
221   - {
  238 + if(PEAR::isError($oDropDocsPO)){
  239 + $default->log->debug('MyDropDocuments: could not get permission object for DroppedDocuments folder '.$oDropDocsPO->getMessage());
  240 + return _kt('Error - could not create the DropppedDocuments folder: ').$oDropDocsPO->getMessage();
  241 + }
222 242  
223   - $oTempPersonalFolder = $root->get_folder_by_name('/DroppedDocuments/'.$sUserName);
224   - $oPersonalFolder = $oTempPersonalFolder->get_folder();
225   - //update WorkSpaceOwner role to include current user
  243 + // Check to see if there are duplicate WorkSpaceOwner roles.
  244 + if (count($this->getRoleIdByName('WorkSpaceOwner')) > 1)
  245 + {
  246 + return _kt('Error: cannot set user role permissions: more than one role named \'WorkSpaceOwner\' exists');
  247 + }
226 248  
227   - //Get permission object
228   - $oPO = KTPermissionObject::get($oPersonalFolder->getPermissionObjectId());
  249 + // call the function to set the permission on the dropdocuments folder
  250 + $this->setUserDocsPermissions($oDropDocsPO);
229 251  
230   - $this->setPersonalFolderPermissions($oPO);
  252 + // Assign the current user to the WorkSpaceOwner role
  253 + $this->setUserDocsRoleAllocation($dropDocsFolderObject);
  254 + return null;
  255 + }
231 256  
232   - $this->updatePersonalFolderRoleAllocation($oPersonalFolder);
  257 + /**
  258 + * Method to get any documents added by the user via the Drop Box.
  259 + * Returns the HTML displaying the document list.
  260 + *
  261 + * @param string $sUserName
  262 + * @param numeric $iDropDocsFolderID
  263 + * @return string HTML - the document list on success or an error message on failure
  264 + */
  265 + function getUsersDocument($sUserName, $iDropDocsFolderID)
  266 + {
  267 + $oUser = $this->oUser;
  268 + $oDropDocsFolder = Folder::get($iDropDocsFolderID);
233 269  
234   - }
  270 + $fullPath = $oDropDocsFolder->getFullPath() . '/' . $sUserName;
235 271  
236   - $fullPath = $oUserDocsFolder->getFullPath() . '/' . $sUserName;
  272 + $aExternalWhereClauses[] = '(DT.transaction_namespace IN (?,?,?) AND (D.full_path LIKE "'.$fullPath.'/%"))';
  273 + $aExternalWhereParams[] = 'ktcore.transactions.create';
  274 + $aExternalWhereParams[] = 'ktcore.transactions.check_in';
  275 + $aExternalWhereParams[] = 'ktcore.transactions.event';
237 276  
238   - $aExternalWhereClauses[] = '(DT.transaction_namespace IN (?,?,?) AND (D.full_path LIKE "'.$fullPath.'/%"))';
239   - $aExternalWhereParams[] = 'ktcore.transactions.create';
240   - $aExternalWhereParams[] = 'ktcore.transactions.check_in';
241   - $aExternalWhereParams[] = 'ktcore.transactions.event';
242 277  
  278 + $aDocumentTransactions = $this->getTransactionsMatchingQuery($oUser, '', $aExternalWhereClauses, $aExternalWhereParams);
  279 + if (empty($aDocumentTransactions) || PEAR::isError($aDocumentTransactions))
  280 + {
  281 + if(PEAR::isError($aDocumentTransactions)){
  282 + global $default;
  283 + $default->log->debug('Error retrieving dropped documents - '.$aDocumentTransactions->getMessage());
  284 + }
243 285  
244   - $aDocumentTransactions = $this->getTransactionsMatchingQuery($oUser, '', $aExternalWhereClauses, $aExternalWhereParams);
245   - if (empty($aDocumentTransactions))
246   - {
247   - $this->session->logout();
248   - return _kt('<span class="descriptiveText"> You do not have any dropped documents </span><br><br><br>');
249   - }
  286 + return _kt('<span class="descriptiveText"> You do not have any dropped documents </span><br><br><br>');
  287 + }
250 288  
251   - $maxcount = 5;
  289 + $maxcount = 5;
252 290  
253   - $sReturnTable = '<span class="descriptiveText">'._kt('Recently Dropped Documents').'</span>
  291 + $sReturnTable = '<span class="descriptiveText">'._kt('Recently Dropped Documents').'</span>
254 292 <table width="100%" class="kt_collection drop_box" cellspacing="0">
255 293  
256 294 <thead>
... ... @@ -261,242 +299,250 @@ class MyDropDocumentsPage extends KTStandardDispatcher {
261 299 </thead>
262 300 <tbody>';
263 301  
264   - $sOddorEven = '';
265   - $count = 1;
266   - $rendered = array();
267   - foreach ($aDocumentTransactions as $aRow)
268   - {
269   - $documentId = $aRow['document_id'];
270   - if (in_array($documentId, $rendered))
271   - {
272   - continue;
273   - }
274   -
275   - $rendered[] = $documentId;
276   - $oDocument = Document::get($documentId);
277   -
278   - $sContentType = KTMime::getIconPath($oDocument->getMimeTypeID());
279   - $aAnchorData = $this->getDocInfo($documentId);
280   - $sLink = $aAnchorData[0];
281   - $sShortDocName = $sDocName = $aAnchorData[1];
282   -
283   - $iDocLength = strlen($sDocName);
284   - $iMax = 40;
285   - if ( $iDocLength > $iMax )
286   - {
287   - $sShortDocName = substr($sDocName, 0, $iMax) . '...';
288   - }
289   -
290   - $sOddorEven = ($count%2 == 0)?'even':'odd';
291   -
292   - $sReturnTable .= '<tr class="'.$sOddorEven.'">'.
293   - '<td width="100%"><span class="contenttype '.$sContentType.'"><a title="'.$sDocName.'" href='.$sLink.'>'.$sShortDocName.'</a></span></td>'.
294   - '<td width="1%">'.$aRow['datetime'].'</td>'.
295   - '</tr>';
296   - if (++$count > 5)
297   - {
298   - break;
299   - }
300   - }
301   -
302   - $location = 'browse.php?fFolderId='.$iMyDocsFolderID;
303   - $sReturnTable .= '</tbody>'.
304   - '</table>'.
305   - '<br>'.
306   - '<a href="'.$location.'">'._kt(' View All').' </a><br><br>';
307   - $this->session->logout();
308   -
309   - return $sReturnTable;
310   -
311   - }
312   - }
  302 + $sOddorEven = '';
  303 + $count = 1;
  304 + $rendered = array();
  305 + foreach ($aDocumentTransactions as $aRow)
  306 + {
  307 + $documentId = $aRow['document_id'];
  308 + if (in_array($documentId, $rendered))
  309 + {
  310 + continue;
  311 + }
  312 +
  313 + $rendered[] = $documentId;
  314 + $oDocument = Document::get($documentId);
  315 +
  316 + $sContentType = KTMime::getIconPath($oDocument->getMimeTypeID());
  317 + $aAnchorData = $this->getDocInfo($documentId);
  318 + $sLink = $aAnchorData[0];
  319 + $sShortDocName = $sDocName = $aAnchorData[1];
  320 +
  321 + $iDocLength = strlen($sDocName);
  322 + $iMax = 40;
  323 + if ( $iDocLength > $iMax )
  324 + {
  325 + $sShortDocName = substr($sDocName, 0, $iMax) . '...';
  326 + }
  327 +
  328 + $sOddorEven = ($count%2 == 0)?'even':'odd';
  329 +
  330 + $sReturnTable .= '<tr class="'.$sOddorEven.'">'.
  331 + '<td width="100%"><span class="contenttype '.$sContentType.'"><a title="'.$sDocName.'" href='.$sLink.'>'.$sShortDocName.'</a></span></td>'.
  332 + '<td width="1%">'.$aRow['datetime'].'</td>'.
  333 + '</tr>';
  334 + if (++$count > 5)
  335 + {
  336 + break;
  337 + }
  338 + }
  339 +
  340 + $location = 'browse.php?fFolderId='.$iMyDocsFolderID;
  341 + $sReturnTable .= '</tbody>'.
  342 + '</table>'.
  343 + '<br>'.
  344 + '<a href="'.$location.'">'._kt(' View All').' </a><br><br>';
  345 + //$this->session->logout();
  346 +
  347 + return $sReturnTable;
  348 + }
313 349  
314 350 function handleOutput($sOutput) {
315 351 print $sOutput;
316 352 }
317 353  
318 354 //This function is used to set the permission on the dropdocuments folder
319   - function setUserDocsPermissions($oUserPO)
320   - {
321   - //arrays returned from get Role ID's
322   - $aWorkSpaceOwnerRoleID = $this->getRoleIdByName('WorkSpaceOwner');
323   - $aAdminGroupID = $this->getGroupIdByName('System Administrators');
324   -
325   - //arrays used to make integers for $aAllowed array variable
326   - $iWorkSpaceOwnerRoleID = $aWorkSpaceOwnerRoleID[0]['id'];
327   - $iAdminGroupID = $aAdminGroupID[0]['id'];
328   - //$aBothAllowed is used to give permissions to the admin group and the WorkSpaceOwner role
329   - $aBothAllowed = array('group' => array($iAdminGroupID), 'role' => array($iWorkSpaceOwnerRoleID));
330   -
331   - //$aAdminAllowed is used to give permissions to the admin group only
332   - $aAdminAllowed = array('group' => array($iAdminGroupID));
333   -
334   - //Get the list of permissions
335   - $aPermissions = KTPermission::getList();
336   -
337   - foreach ($aPermissions as $oPermission)
338   - {
339   - //If the permission is not one of the below then both are allowed the permission
340   - //Otherwise only the admin group is allowed the permission
341   - if($oPermission->getHumanName() != 'Delete' && $oPermission->getHumanName() != 'Rename Folder'
342   - && $oPermission->getHumanName() != 'Manage security' && $oPermission->getHumanName() != 'Manage workflow')
343   - {
344   - KTPermissionUtil::setPermissionForId($oPermission, $oUserPO, $aBothAllowed);
345   - }
346   - else
347   - {
348   - KTPermissionUtil::setPermissionForId($oPermission, $oUserPO, $aAdminAllowed);
349   - }
350   - }
  355 + function setUserDocsPermissions($oUserPO)
  356 + {
  357 + //arrays returned from get Role ID's
  358 + $aWorkSpaceOwnerRoleID = $this->getRoleIdByName('WorkSpaceOwner');
  359 + $aAdminGroupID = $this->getGroupIdByName('System Administrators');
  360 +
  361 + //arrays used to make integers for $aAllowed array variable
  362 + $iWorkSpaceOwnerRoleID = $aWorkSpaceOwnerRoleID[0]['id'];
  363 + $iAdminGroupID = $aAdminGroupID[0]['id'];
  364 + //$aBothAllowed is used to give permissions to the admin group and the WorkSpaceOwner role
  365 + $aBothAllowed = array('group' => array($iAdminGroupID), 'role' => array($iWorkSpaceOwnerRoleID));
  366 +
  367 + //$aAdminAllowed is used to give permissions to the admin group only
  368 + $aAdminAllowed = array('group' => array($iAdminGroupID));
  369 +
  370 + //Get the list of permissions
  371 + $aPermissions = KTPermission::getList();
  372 +
  373 + foreach ($aPermissions as $oPermission)
  374 + {
  375 + //If the permission is not one of the below then both are allowed the permission
  376 + //Otherwise only the admin group is allowed the permission
  377 + if($oPermission->getHumanName() != 'Delete' && $oPermission->getHumanName() != 'Rename Folder'
  378 + && $oPermission->getHumanName() != 'Manage security' && $oPermission->getHumanName() != 'Manage workflow')
  379 + {
  380 + KTPermissionUtil::setPermissionForId($oPermission, $oUserPO, $aBothAllowed);
  381 + }
  382 + else
  383 + {
  384 + KTPermissionUtil::setPermissionForId($oPermission, $oUserPO, $aAdminAllowed);
  385 + }
  386 + }
351 387  
352 388 //UPdate the permission lookup
353 389 KTPermissionUtil::updatePermissionLookupForPO($oUserPO);
354   - }
  390 + }
355 391  
356   - //This function is used for allocating the user to the WorkSpaceOwner role only when the dropdocuments folder
357   - //has just been created.
358   - function setUserDocsRoleAllocation($oUserFolderObject)
359   - {
360   - $userFolderID = $oUserFolderObject->getId();
  392 + //This function is used for allocating the user to the WorkSpaceOwner role only when the dropdocuments folder
  393 + //has just been created.
  394 + function setUserDocsRoleAllocation($oUserFolderObject)
  395 + {
  396 + $userFolderID = $oUserFolderObject->getId();
361 397  
362 398 $tempWorkSpaceOwnerRoleID = $this->getRoleIdByName('WorkSpaceOwner');
363 399 $WorkSpaceOwnerRoleID = $tempWorkSpaceOwnerRoleID[0]['id'];
364 400  
365 401 //create a new role allocation
366   - $oDropdocumentsRoleAllocation = new RoleAllocation();
367   - if ($oDropdocumentsRoleAllocation == null)
368   - {
369   - $this->session->logout();
370   - return _kt('Error: cannot create WorkSpaceOwner role allocation');
371   - }
372   -
373   - //set the folder and role for the allocation
374   - $oDropdocumentsRoleAllocation->setFolderId($userFolderID);
375   - $oDropdocumentsRoleAllocation->setRoleId($WorkSpaceOwnerRoleID);
376   -
377   - $aWorkSpaceOwnerRoleAllowed = array();
378   - $oDropdocumentsRoleAllocation->setAllowed($aWorkSpaceOwnerRoleAllowed);
379   - //It might be a problem that i'm not doing a "start transaction" here.
380   - //Unable to roll back in event of db failure
381   - $res = $oDropdocumentsRoleAllocation->create();
382   -
383   - //The role is created and then updated by adding the current user to the allowed list
384   -
385   - $oPD = $oDropdocumentsRoleAllocation->getPermissionDescriptor();
386   - $aWorkSpaceOwnerRoleAssignAllowed = $oPD->getAllowed();
387   - $aUserId[] = $this->oUser->getId();
388   - $aWorkSpaceOwnerRoleAssignAllowed['user'] = $aUserId;
389   - $oDropdocumentsRoleAllocation->setAllowed($aWorkSpaceOwnerRoleAssignAllowed);
390   - $res = $oDropdocumentsRoleAllocation->update();
391   -
392   - //Update all info linked to the role
393   - $this->renegeratePermissionsForRole($oDropdocumentsRoleAllocation->getRoleId(), $userFolderID);
394   - }
395   -
396   - //This function is used to allocate the current user to the WorkSpaceOwner role after the Dropdocuments folder
397   - //has already been created.
398   - function updateUserDocsRoleAllocation($oUserFolder)
399   - {
400   - $userFolderID = $oUserFolder->getId();
401   - $tempWorkSpaceOwnerRoleID = $this->getRoleIdByName('WorkSpaceOwner');//$oUserRole->getId();
  402 + $oDropdocumentsRoleAllocation = new RoleAllocation();
  403 + if ($oDropdocumentsRoleAllocation == null)
  404 + {
  405 + $this->session->logout();
  406 + return _kt('Error: cannot create WorkSpaceOwner role allocation');
  407 + }
  408 +
  409 + //set the folder and role for the allocation
  410 + $oDropdocumentsRoleAllocation->setFolderId($userFolderID);
  411 + $oDropdocumentsRoleAllocation->setRoleId($WorkSpaceOwnerRoleID);
  412 +
  413 + $aWorkSpaceOwnerRoleAllowed = array();
  414 + $oDropdocumentsRoleAllocation->setAllowed($aWorkSpaceOwnerRoleAllowed);
  415 + //It might be a problem that i'm not doing a "start transaction" here.
  416 + //Unable to roll back in event of db failure
  417 + $res = $oDropdocumentsRoleAllocation->create();
  418 +
  419 + if(!$res === true){
  420 + $this->session->logout();
  421 + return _kt('Error: cannot create role allocation');
  422 + }
  423 +
  424 + //The role is created and then updated by adding the current user to the allowed list
  425 +
  426 + $oPD = $oDropdocumentsRoleAllocation->getPermissionDescriptor();
  427 + $aWorkSpaceOwnerRoleAssignAllowed = $oPD->getAllowed();
  428 + $aUserId[] = $this->oUser->getId();
  429 + $aWorkSpaceOwnerRoleAssignAllowed['user'] = $aUserId;
  430 + $oDropdocumentsRoleAllocation->setAllowed($aWorkSpaceOwnerRoleAssignAllowed);
  431 + $res = $oDropdocumentsRoleAllocation->update();
  432 +
  433 + //Update all info linked to the role
  434 + $this->renegeratePermissionsForRole($oDropdocumentsRoleAllocation->getRoleId(), $userFolderID);
  435 + }
  436 +
  437 + //This function is used to allocate the current user to the WorkSpaceOwner role after the Dropdocuments folder
  438 + //has already been created.
  439 + function updateUserDocsRoleAllocation($oUserFolder)
  440 + {
  441 + $userFolderID = $oUserFolder->getId();
  442 + $tempWorkSpaceOwnerRoleID = $this->getRoleIdByName('WorkSpaceOwner');//$oUserRole->getId();
402 443 $WorkSpaceOwnerRoleID = $tempWorkSpaceOwnerRoleID[0]['id'];
403 444  
404 445 //Get the role allocation object for the Dropdocuments folder and the WorkSpaceOwner role
405 446 $oDropdocumentsRoleAllocation = $oRoleAllocation = RoleAllocation::getAllocationsForFolderAndRole($userFolderID, $WorkSpaceOwnerRoleID);
406 447  
407   - //check that the object is not null
408   - if ($oDropdocumentsRoleAllocation == null)
409   - {
410   - $this->session->logout();
411   - return _kt('Error: cannot find WorkSpaceOwner role allocation');
412   - }
413   -
414   - $oPD = $oDropdocumentsRoleAllocation->getPermissionDescriptor();
415   - $aWorkSpaceOwnerRoleAssignAllowed = $oPD->getAllowed();
416   -
417   - //If the user ID is not in the allowed list already then add it to the list.
418   - if(!in_array($this->oUser->getId(), $aWorkSpaceOwnerRoleAssignAllowed['user']))
419   - {
420   - $aNewAllowed = array();
421   - $aNewAllowed = $aWorkSpaceOwnerRoleAssignAllowed['user'];
422   - $aNewAllowed[] = $this->oUser->getId();
423   - $aWorkSpaceOwnerRoleAssignAllowed['user'] = $aNewAllowed;
424   - $oDropdocumentsRoleAllocation->setAllowed($aWorkSpaceOwnerRoleAssignAllowed);
425   - $res = $oDropdocumentsRoleAllocation->update();
426   - $this->renegeratePermissionsForRole($oDropdocumentsRoleAllocation->getRoleId(), $userFolderID);
427   - }
428   - }
429   -
430   - function setPersonalFolderPermissions($oPO)
431   - {
432   - $aWorkSpaceOwnerRoleID = $this->getRoleIdByName('WorkSpaceOwner');
433   - $aAdminGroupID = $this->getGroupIdByName('System Administrators');
434   -
435   - //arrays used to make integers for $aAllowed array variable
436   - $iWorkSpaceOwnerRoleID = $aWorkSpaceOwnerRoleID[0]['id'];
437   - $iAdminGroupID = $aAdminGroupID[0]['id'];
438   -
439   - //set permissions for the role and the admin group
440   - $aAllowed = array('role' => array($iWorkSpaceOwnerRoleID), 'group' => array($iAdminGroupID));
441   -
442   - //Get the List of all the permissions
443   - $aPersonalFolderPermissions = KTPermission::getList();
444   -
445   - //Iterate through and apply all permissions to the current user and the admin group
446   - foreach ($aPersonalFolderPermissions as $oPersonalFolderPermission)
447   - {
448   - KTPermissionUtil::setPermissionForId($oPersonalFolderPermission, $oPO, $aAllowed);
449   -
450   - }
451   -
452   - //Update permission lookup
453   - KTPermissionUtil::updatePermissionLookupForPO($oPO);
454   - }
455   -
456   - function updatePersonalFolderRoleAllocation($oPersonalFolder)
457   - {
458   - //Assign user to the WorkSpaceOwner role
  448 + //check that the object is not null
  449 + if ($oDropdocumentsRoleAllocation == null)
  450 + {
  451 + $this->session->logout();
  452 + return _kt('Error: cannot find WorkSpaceOwner role allocation');
  453 + }
  454 +
  455 + $oPD = $oDropdocumentsRoleAllocation->getPermissionDescriptor();
  456 + $aWorkSpaceOwnerRoleAssignAllowed = $oPD->getAllowed();
  457 +
  458 + //If the user ID is not in the allowed list already then add it to the list.
  459 + if(!in_array($this->oUser->getId(), $aWorkSpaceOwnerRoleAssignAllowed['user']))
  460 + {
  461 + $aNewAllowed = array();
  462 + $aNewAllowed = $aWorkSpaceOwnerRoleAssignAllowed['user'];
  463 + $aNewAllowed[] = $this->oUser->getId();
  464 + $aWorkSpaceOwnerRoleAssignAllowed['user'] = $aNewAllowed;
  465 + $oDropdocumentsRoleAllocation->setAllowed($aWorkSpaceOwnerRoleAssignAllowed);
  466 + $res = $oDropdocumentsRoleAllocation->update();
  467 + $this->renegeratePermissionsForRole($oDropdocumentsRoleAllocation->getRoleId(), $userFolderID);
  468 + }
  469 + }
  470 +
  471 + function setPersonalFolderPermissions($oPO)
  472 + {
  473 + $aWorkSpaceOwnerRoleID = $this->getRoleIdByName('WorkSpaceOwner');
  474 + $aAdminGroupID = $this->getGroupIdByName('System Administrators');
  475 +
  476 + //arrays used to make integers for $aAllowed array variable
  477 + $iWorkSpaceOwnerRoleID = $aWorkSpaceOwnerRoleID[0]['id'];
  478 + $iAdminGroupID = $aAdminGroupID[0]['id'];
  479 +
  480 + //set permissions for the role and the admin group
  481 + $aAllowed = array('role' => array($iWorkSpaceOwnerRoleID), 'group' => array($iAdminGroupID));
  482 +
  483 + //Get the List of all the permissions
  484 + $aPersonalFolderPermissions = KTPermission::getList();
  485 +
  486 + //Iterate through and apply all permissions to the current user and the admin group
  487 + foreach ($aPersonalFolderPermissions as $oPersonalFolderPermission)
  488 + {
  489 + KTPermissionUtil::setPermissionForId($oPersonalFolderPermission, $oPO, $aAllowed);
  490 +
  491 + }
  492 +
  493 + //Update permission lookup
  494 + KTPermissionUtil::updatePermissionLookupForPO($oPO);
  495 + }
  496 +
  497 + function updatePersonalFolderRoleAllocation($oPersonalFolder)
  498 + {
  499 + //Assign user to the WorkSpaceOwner role
459 500 $personalFolderID = $oPersonalFolder->getId();
460 501 $tempWorkSpaceOwnerRoleID = $this->getRoleIdByName('WorkSpaceOwner');
461 502 $WorkSpaceOwnerRoleID = $tempWorkSpaceOwnerRoleID[0]['id'];
462 503  
463   - $oRoleAllocation = new RoleAllocation();
464   - if ($oRoleAllocation == null)
465   - {
466   - $this->session->logout();
467   - return _kt('Error: Cannot create WorkSpaceOwner role allocation on personal folder');
468   - }
469   - $oRoleAllocation->setFolderId($personalFolderID);
470   - $oRoleAllocation->setRoleId($WorkSpaceOwnerRoleID);
471   -
472   - $aRoleAllowed = array();
473   - $oRoleAllocation->setAllowed($aRoleAllowed);
474   -
475   - //It might be a problem that i'm not doing a "start transaction" here.
476   - //Unable to roll back in event of db failure
477   - $res = $oRoleAllocation->create();
478   -
479   - //The role is first created and then the current user is allocated to the role below
480   -
481   - $oPD = $oRoleAllocation->getPermissionDescriptor();
482   - $aRoleAssignAllowed = $oPD->getAllowed();
483   - $aUserId[] = $this->oUser->getId();
484   - $aRoleAssignAllowed['user'] = $aUserId;
485   - $oRoleAllocation->setAllowed($aRoleAssignAllowed);
486   - $res = $oRoleAllocation->update();
487   - $this->renegeratePermissionsForRole($oRoleAllocation->getRoleId(), $personalFolderID);
488   - }
489   -
490   - //FIXME: Direct Database access
  504 + $oRoleAllocation = new RoleAllocation();
  505 + if ($oRoleAllocation == null)
  506 + {
  507 + $this->session->logout();
  508 + return _kt('Error: Cannot create WorkSpaceOwner role allocation on personal folder');
  509 + }
  510 + $oRoleAllocation->setFolderId($personalFolderID);
  511 + $oRoleAllocation->setRoleId($WorkSpaceOwnerRoleID);
  512 +
  513 + $aRoleAllowed = array();
  514 + $oRoleAllocation->setAllowed($aRoleAllowed);
  515 +
  516 + //It might be a problem that i'm not doing a "start transaction" here.
  517 + //Unable to roll back in event of db failure
  518 + $res = $oRoleAllocation->create();
  519 +
  520 + if(!$res === true){
  521 + $this->session->logout();
  522 + return _kt('Error: cannot create role allocation');
  523 + }
  524 +
  525 + //The role is first created and then the current user is allocated to the role below
  526 +
  527 + $oPD = $oRoleAllocation->getPermissionDescriptor();
  528 + $aRoleAssignAllowed = $oPD->getAllowed();
  529 + $aUserId[] = $this->oUser->getId();
  530 + $aRoleAssignAllowed['user'] = $aUserId;
  531 + $oRoleAllocation->setAllowed($aRoleAssignAllowed);
  532 + $res = $oRoleAllocation->update();
  533 + $this->renegeratePermissionsForRole($oRoleAllocation->getRoleId(), $personalFolderID);
  534 + }
  535 +
  536 + //FIXME: Direct Database access
491 537 function getFolderID($sFolderName) {
492 538 $sQuery = 'SELECT id FROM folders WHERE name = \''.$sFolderName.'\'';
493 539  
494   - $id = DBUtil::getResultArray($sQuery);
495   - return $id[0]['id'];
496   - }
  540 + $id = DBUtil::getResultArray($sQuery);
  541 + return $id[0]['id'];
  542 + }
497 543  
498   - //this function returns the document link and document name to be displayed on the dashlet
499   - function getDocInfo($iDocId) {
  544 + //this function returns the document link and document name to be displayed on the dashlet
  545 + function getDocInfo($iDocId) {
500 546 $oDocument = Document::get($iDocId);
501 547  
502 548 if (PEAR::isError($oDocument)) {
... ... @@ -506,30 +552,30 @@ class MyDropDocumentsPage extends KTStandardDispatcher {
506 552 $sName = htmlentities($oDocument->getName(), ENT_NOQUOTES, 'UTF-8');
507 553 $sLink = KTBrowseUtil::getUrlForDocument($oDocument);
508 554  
509   - $aAnchorData = array();
510   - $aAnchorData[] = $sLink;
511   - $aAnchorData[] = $sName;
512   - return $aAnchorData;
  555 + $aAnchorData = array();
  556 + $aAnchorData[] = $sLink;
  557 + $aAnchorData[] = $sName;
  558 + return $aAnchorData;
513 559 }
514 560  
515 561 //This function is used to create the role, role allocation is done separately
516 562 function createRole ($sName)
517 563 {
518   - $this->startTransaction();
  564 + $this->startTransaction();
519 565 $oRole = Role::createFromArray(array('name' => $sName));
520 566  
521 567 if (PEAR::isError($oRole) || ($oRole == false))
522 568 {
523   - if ($this->bTransactionStarted)
  569 + if ($this->bTransactionStarted)
524 570 {
525   - $this->rollbackTransaction();
526   - }
  571 + $this->rollbackTransaction();
  572 + }
527 573 //return null on failure
528 574 return null;
529 575 }
530 576 else
531 577 {
532   - return $oRole;
  578 + return $oRole;
533 579  
534 580 }
535 581 }
... ... @@ -537,131 +583,131 @@ class MyDropDocumentsPage extends KTStandardDispatcher {
537 583 //FIXME: Direct Database access
538 584 function roleExistsName ($sName)
539 585 {
540   - $sQuery = "SELECT id FROM roles WHERE name = ?";
  586 + $sQuery = "SELECT id FROM roles WHERE name = ?";
541 587 $aParams = array($sName);
542   - $res = DBUtil::getResultArray(array($sQuery, $aParams));
  588 + $res = DBUtil::getResultArray(array($sQuery, $aParams));
543 589  
544   - if (count($res) != 0)
545   - {
546   - return true;
547   - }
548   - return false;
  590 + if (count($res) != 0)
  591 + {
  592 + return true;
  593 + }
  594 + return false;
549 595 }
550 596  
551 597 //FIXME: Direct Database access
552 598 function groupExistsName ($sName)
553 599 {
554   - $sQuery = "SELECT id FROM groups_lookup WHERE name = ?";
  600 + $sQuery = "SELECT id FROM groups_lookup WHERE name = ?";
555 601 $aParams = array($sName);
556   - $res = DBUtil::getResultArray(array($sQuery, $aParams));
  602 + $res = DBUtil::getResultArray(array($sQuery, $aParams));
557 603  
558   - if (count($res) != 0)
559   - {
560   - return true;
561   - }
562   - return false;
  604 + if (count($res) != 0)
  605 + {
  606 + return true;
  607 + }
  608 + return false;
563 609 }
564 610  
565 611 //FIXME: Direct Database access
566 612 function getRoleIdByName($sName)
567 613 {
568   - $sQuery = "SELECT id FROM roles WHERE name = ?";
  614 + $sQuery = "SELECT id FROM roles WHERE name = ?";
569 615 $aParams = array($sName);
570   - $res = DBUtil::getResultArray(array($sQuery, $aParams));
571   - return $res;
  616 + $res = DBUtil::getResultArray(array($sQuery, $aParams));
  617 + return $res;
572 618 }
573 619  
574 620 //FIXME: Direct Database access
575 621 function getGroupIdByName ($sName)
576 622 {
577   - $sQuery = "SELECT id FROM groups_lookup WHERE name = ?";
  623 + $sQuery = "SELECT id FROM groups_lookup WHERE name = ?";
578 624 $aParams = array($sName);
579   - $res = DBUtil::getResultArray(array($sQuery, $aParams));
580   - return $res;
  625 + $res = DBUtil::getResultArray(array($sQuery, $aParams));
  626 + return $res;
581 627 }
582 628  
583 629 //function taken from KTPermission.php and edited to work here
584 630 function renegeratePermissionsForRole($iRoleId, $iFolderId) {
585   - $iStartFolderId = $iFolderId;
586   - /*
587   - * 1. find all folders & documents "below" this one which use the role
588   - * definition _active_ (not necessarily present) at this point.
589   - * 2. tell permissionutil to regen their permissions.
590   - *
591   - * The find algorithm is:
592   - *
593   - * folder_queue <- (iStartFolderId)
594   - * while folder_queue is not empty:
595   - * active_folder =
596   - * for each folder in the active_folder:
597   - * find folders in _this_ folder without a role-allocation on the iRoleId
598   - * add them to the folder_queue
599   - * update the folder's permissions.
600   - * find documents in this folder:
601   - * update their permissions.
602   - */
603   -
604   - $sRoleAllocTable = KTUtil::getTableName('role_allocations');
605   - $sFolderTable = KTUtil::getTableName('folders');
606   - $sQuery = sprintf('SELECT f.id as id FROM %s AS f LEFT JOIN %s AS ra ON (f.id = ra.folder_id) WHERE ra.id IS NULL AND f.parent_id = ?', $sFolderTable, $sRoleAllocTable);
607   -
608   -
609   - $folder_queue = array($iStartFolderId);
610   - while (!empty($folder_queue)) {
611   - $active_folder = array_pop($folder_queue);
612   -
613   - $aParams = array($active_folder);
614   -
615   - $aNewFolders = DBUtil::getResultArrayKey(array($sQuery, $aParams), 'id');
616   - if (PEAR::isError($aNewFolders)) {
617   - //$this->errorRedirectToMain(_kt('Failure to generate folderlisting.'));
618   - echo _kt('Failure to generate folderlisting.');
619   - }
620   - $folder_queue = kt_array_merge ($folder_queue, (array) $aNewFolders); // push.
621   -
622   -
623   - // update the folder.
624   - $oFolder =& Folder::get($active_folder);
625   - if (PEAR::isError($oFolder) || ($oFolder == false)) {
626   - //$this->errorRedirectToMain(_kt('Unable to locate folder: ') . $active_folder);
627   - echo _kt('Unable to locate folder: ').$active_folder;
628   - }
629   -
630   - KTPermissionUtil::updatePermissionLookup($oFolder);
631   - $aDocList =& Document::getList(array('folder_id = ?', $active_folder));
632   - if (PEAR::isError($aDocList) || ($aDocList === false)) {
633   - //$this->errorRedirectToMain(sprintf(_kt('Unable to get documents in folder %s: %s'), $active_folder, $aDocList->getMessage()));
634   - echo _kt('Unable to get documents in folder ').$active_folder;
635   - }
636   -
637   - foreach ($aDocList as $oDoc) {
638   - if (!PEAR::isError($oDoc)) {
639   - KTPermissionUtil::updatePermissionLookup($oDoc);
640   - }
641   - }
642   - }
643   - }
644   -
645   - /*
646   - attempt to abstract the transaction-matching query.
647   -
648   - tables that are already defined (other than sec ones):
649   -
650   - - Documents (D)
651   - - Users (U)
652   - - TransactionTypes (DTT)
653   - - Document Transactions (DT)
654   -
655   - so where clausess can take advantage of those.
656   -
657   - */
  631 + $iStartFolderId = $iFolderId;
  632 + /*
  633 + * 1. find all folders & documents "below" this one which use the role
  634 + * definition _active_ (not necessarily present) at this point.
  635 + * 2. tell permissionutil to regen their permissions.
  636 + *
  637 + * The find algorithm is:
  638 + *
  639 + * folder_queue <- (iStartFolderId)
  640 + * while folder_queue is not empty:
  641 + * active_folder =
  642 + * for each folder in the active_folder:
  643 + * find folders in _this_ folder without a role-allocation on the iRoleId
  644 + * add them to the folder_queue
  645 + * update the folder's permissions.
  646 + * find documents in this folder:
  647 + * update their permissions.
  648 + */
  649 +
  650 + $sRoleAllocTable = KTUtil::getTableName('role_allocations');
  651 + $sFolderTable = KTUtil::getTableName('folders');
  652 + $sQuery = sprintf('SELECT f.id as id FROM %s AS f LEFT JOIN %s AS ra ON (f.id = ra.folder_id) WHERE ra.id IS NULL AND f.parent_id = ?', $sFolderTable, $sRoleAllocTable);
  653 +
  654 +
  655 + $folder_queue = array($iStartFolderId);
  656 + while (!empty($folder_queue)) {
  657 + $active_folder = array_pop($folder_queue);
  658 +
  659 + $aParams = array($active_folder);
  660 +
  661 + $aNewFolders = DBUtil::getResultArrayKey(array($sQuery, $aParams), 'id');
  662 + if (PEAR::isError($aNewFolders)) {
  663 + //$this->errorRedirectToMain(_kt('Failure to generate folderlisting.'));
  664 + echo _kt('Failure to generate folderlisting.');
  665 + }
  666 + $folder_queue = kt_array_merge ($folder_queue, (array) $aNewFolders); // push.
  667 +
  668 +
  669 + // update the folder.
  670 + $oFolder =& Folder::get($active_folder);
  671 + if (PEAR::isError($oFolder) || ($oFolder == false)) {
  672 + //$this->errorRedirectToMain(_kt('Unable to locate folder: ') . $active_folder);
  673 + echo _kt('Unable to locate folder: ').$active_folder;
  674 + }
  675 +
  676 + KTPermissionUtil::updatePermissionLookup($oFolder);
  677 + $aDocList =& Document::getList(array('folder_id = ?', $active_folder));
  678 + if (PEAR::isError($aDocList) || ($aDocList === false)) {
  679 + //$this->errorRedirectToMain(sprintf(_kt('Unable to get documents in folder %s: %s'), $active_folder, $aDocList->getMessage()));
  680 + echo _kt('Unable to get documents in folder ').$active_folder;
  681 + }
  682 +
  683 + foreach ($aDocList as $oDoc) {
  684 + if (!PEAR::isError($oDoc)) {
  685 + KTPermissionUtil::updatePermissionLookup($oDoc);
  686 + }
  687 + }
  688 + }
  689 + }
  690 +
  691 + /*
  692 + attempt to abstract the transaction-matching query.
  693 +
  694 + tables that are already defined (other than sec ones):
  695 +
  696 + - Documents (D)
  697 + - Users (U)
  698 + - TransactionTypes (DTT)
  699 + - Document Transactions (DT)
  700 +
  701 + so where clausess can take advantage of those.
  702 +
  703 + */
658 704 function getTransactionsMatchingQuery($oUser, $sJoinClause, $aExternalWhereClauses, $aExternalWhereParams, $aOptions = null) {
659 705  
660 706 $sSelectItems = 'DTT.name AS transaction_name, U.name AS user_name, DT.version AS version, DT.comment AS comment, DT.datetime AS datetime, D.id as document_id, DT.transaction_namespace as namespace';
661 707 $sBaseJoin = "FROM " . KTUtil::getTableName("document_transactions") . " AS DT " .
662   - "INNER JOIN " . KTUtil::getTableName("users") . " AS U ON DT.user_id = U.id " .
663   - "INNER JOIN " . KTUtil::getTableName("transaction_types") . " AS DTT ON DTT.namespace = DT.transaction_namespace " .
664   - "INNER JOIN " . KTUtil::getTableName("documents") . " AS D ON D.id = DT.document_id ";
  708 + "INNER JOIN " . KTUtil::getTableName("users") . " AS U ON DT.user_id = U.id " .
  709 + "INNER JOIN " . KTUtil::getTableName("transaction_types") . " AS DTT ON DTT.namespace = DT.transaction_namespace " .
  710 + "INNER JOIN " . KTUtil::getTableName("documents") . " AS D ON D.id = DT.document_id ";
665 711  
666 712 // now we're almost at partialquery like status.
667 713 $perm_res = KTSearchUtil::permissionToSQL($oUser, 'ktcore.permissions.read');
... ... @@ -687,13 +733,13 @@ class MyDropDocumentsPage extends KTStandardDispatcher {
687 733 }
688 734  
689 735 $sQuery = sprintf("SELECT %s %s %s %s %s ORDER BY %s",
690   - $sSelectItems,
691   - $sBaseJoin,
692   - $sPermissionJoin,
693   - $sJoinClause,
694   - $sWhereClause,
695   - $sOrderBy
696   - );
  736 + $sSelectItems,
  737 + $sBaseJoin,
  738 + $sPermissionJoin,
  739 + $sJoinClause,
  740 + $sWhereClause,
  741 + $sOrderBy
  742 + );
697 743  
698 744 //var_dump(array($sQuery, $aFinalWhereParams));
699 745  
... ...