diff --git a/plugins/MyDropDocumentsPlugin/MyDropDocumentsPage.php b/plugins/MyDropDocumentsPlugin/MyDropDocumentsPage.php index 9251470..761589f 100644 --- a/plugins/MyDropDocumentsPlugin/MyDropDocumentsPage.php +++ b/plugins/MyDropDocumentsPlugin/MyDropDocumentsPage.php @@ -48,209 +48,247 @@ require_once(KT_LIB_DIR . "/roles/roleallocation.inc.php"); require_once(KT_LIB_DIR . "/permissions/permissionutil.inc.php"); require_once(KT_LIB_DIR . '/mime.inc.php'); /* This page is run via an AJAX call from the update.js for this plugin. - * It checks to see if both the dropdocuments folder and the users personal folder exist. - * If they don't, it creates them and assigns permission and roles accordingly. - * If the dropdocuments folder does exist it checks if the WorkSpaceOwner role exists. - * If the role exists it assigns the current user to the role on the dropdocuments folder. - * Therefore any users running the plugin after the dropdocuments folder has been created will have access to it too. - * The underlying logic is that everyone is assigned to the WorkSpaceOwner Role, they have all permission except - * Delete, Rename Folder, Manage security and Manage workflow on the dropdocuments folder. - * This role is then assigned to their personal folder too (which is named according to their username) and is overidden - * to give only the current user full rights to their folder. - * Essentially everyone can look at the dropdocuments folder but will only see their own folder within it. - */ +* It checks to see if both the dropdocuments folder and the users personal folder exist. +* If they don't, it creates them and assigns permission and roles accordingly. +* If the dropdocuments folder does exist it checks if the WorkSpaceOwner role exists. +* If the role exists it assigns the current user to the role on the dropdocuments folder. +* Therefore any users running the plugin after the dropdocuments folder has been created will have access to it too. +* The underlying logic is that everyone is assigned to the WorkSpaceOwner Role, they have all permission except +* Delete, Rename Folder, Manage security and Manage workflow on the dropdocuments folder. +* This role is then assigned to their personal folder too (which is named according to their username) and is overidden +* to give only the current user full rights to their folder. +* Essentially everyone can look at the dropdocuments folder but will only see their own folder within it. +*/ class MyDropDocumentsPage extends KTStandardDispatcher { function do_main() { - $iRootID = (int)1; - $oUser = $this->oUser; - $sUserName = (string)$this->oUser->getUserName(); - $this->ktapi = new KTAPI(); - $this->session = $this->ktapi->start_system_session(); - - if(!Folder::FolderExistsName('DroppedDocuments', $iRootID)) - { - - $root=$this->ktapi->get_root_folder(); - - //Create dropdocuments folder - $userFolder = $root->add_folder('DroppedDocuments'); + // Check if users folder exists in DropDocuments folder + // - it does -> continue on to check for documents + // - it doesn't -> switch to root user and create it - //In order to stop permission inheritance a copy of the parent permission object is created. - //This copy is then used to set separate permissions for this folder. - KTPermissionUtil::copyPermissionObject($userFolder->get_folder()); + global $default; + $iRootID = (int)1; + $oUser = $this->oUser; + $sUserName = (string)$this->oUser->getUserName(); - //If WorkSpaceOwner role doesn't exist, create it - if(!$this->roleExistsName('WorkSpaceOwner')) - { - $oWorkSpaceOwnerRole = $this->createRole('WorkSpaceOwner'); - if ($oWorkSpaceOwnerRole == null) - { - $this->session->logout(); - return _kt('Error: Failed to create WorkSpaceOwner Role'); - } - } - //$root=$this->ktapi->get_root_folder(); - //$personalFolder = $root->get_folder_by_name('/dropdocuments/'.$sUserName); + // Check for the DropDocuments folder in root + if(!Folder::FolderExistsName('DroppedDocuments', $iRootID)) + { + // We need to be admin to create the folder and update its permissions + $this->ktapi = new KTAPI(); + $this->session = $this->ktapi->start_system_session(); - //Get the folder object - $userFolderObject = $userFolder->get_folder(); + // create the folder + $res = $this->createDropDocsFolder(); - //Get the permission object from the dropdocuments folder object - $oUserPO = KTPermissionObject::get($userFolderObject->getPermissionObjectId()); + $this->session->logout(); - //Check to see if there are duplicate WorkSpaceOwner roles. - if (count($this->getRoleIdByName('WorkSpaceOwner')) > 1) - { - $this->session->logout(); - return _kt('Error: cannot set user role permissions: more than one role named \'WorkSpaceOwner\' exists'); + // Check if the creation was successful + if(!is_null($res)){ + return $res; + } + } - } + $iDropDocsFolderID = $this->getFolderID('DroppedDocuments'); - //call the function to set the permission on the dropdocuments folder - $this->setUserDocsPermissions($oUserPO); + // Check for users folder + if(!Folder::FolderExistsName($sUserName, $iDropDocsFolderID)) + { + // We need to be admin to create the folder and update its permissions + $this->ktapi = new KTAPI(); + $this->session = $this->ktapi->start_system_session(); - //Assign the current user to the WorkSpaceOwner role - $this->setUserDocsRoleAllocation($userFolderObject); + // create the users personal folder in the DroppedDocuments folder + $res = $this->createPersonalFolder($sUserName, $iDropDocsFolderID); - } - else - { + $this->session->logout(); - $root = $this->ktapi->get_root_folder(); - $userFolder = $root->get_folder_by_name('/DroppedDocuments'); + // Check if the creation was successful + if(!is_null($res)){ + return $res; + } + } - //Get the dropdocuments folder object - $userFolderObject = $userFolder->get_folder(); + // Get documents + return $this->getUsersDocument($sUserName, $iDropDocsFolderID); + } - if(!$this->roleExistsName('WorkSpaceOwner')) - { + /** + * Method to create the users personal folder where documents are added from the Drop Box. + * + */ + function createPersonalFolder($sUserName, $iDropDocsFolderID) + { + // Add the users folder + // Add the user to the WorkSpaceAdmin role on the DroppedDocuments folder + // Define users folder permissions - $oWorkSpaceOwnerRole = $this->createRole('WorkSpaceOwner'); - if ($oWorkSpaceOwnerRole == null) - { - $this->session->logout(); - return _kt('Error: Failed to create WorkSpaceOwner Role'); - } + // Get the root folder + $root = $this->ktapi->get_root_folder(); - //set permissions - $oUserPO = KTPermissionObject::get($userFolderObject->getPermissionObjectId()); - $this->setUserDocsPermissions($oUserPO); - //assign current user to role - $this->setUserDocsRoleAllocation($userFolderObject); - } - else - { + if(PEAR::isError($root)){ + $default->log->debug('MyDropDocuments: could not get root folder '.$root->getMessage()); + return _kt('Error - could not get the root folder: ').$root->getMessage(); + } - //update WrokSpaceOwner role to include current user - $this->updateUserDocsRoleAllocation($userFolderObject); - } + /* ** Get the Dropped Documents folder object and assign the user to the role */ + // Get the DroppedDocuments folder + $dropDocsFolder = $root->get_folder_by_name('/DroppedDocuments'); - } + if(PEAR::isError($dropDocsFolder)){ + $default->log->debug('MyDropDocuments: could not get DroppedDocuments folder '.$dropDocsFolder->getMessage()); + return _kt('Error - could not get the DropppedDocuments folder: ').$dropDocsFolder->getMessage(); + } - $iUserDocsFolderID = $this->getFolderID('DroppedDocuments'); - $oUserDocsFolder = Folder::get($iUserDocsFolderID); + $oDropDocsFolder = $dropDocsFolder->get_folder(); - if(!Folder::FolderExistsName($sUserName, $iUserDocsFolderID)) - { + // Get the permission object from the dropdocuments folder object + $oDropDocsPO = KTPermissionObject::get($oDropDocsFolder->getPermissionObjectId()); + // Check to see if there are duplicate WorkSpaceOwner roles. + if (count($this->getRoleIdByName('WorkSpaceOwner')) > 1) + { + return _kt('Error: cannot set user role permissions: more than one role named \'WorkSpaceOwner\' exists'); + } - $root=$this->ktapi->get_root_folder(); - $userDocsFolder = $root->get_folder_by_name('/DroppedDocuments'); + // Assign the current user to the WorkSpaceOwner role + $this->updateUserDocsRoleAllocation($oDropDocsFolder); - //create the personal folder. (Use the username to create it) - $personalFolder = $userDocsFolder->add_folder($sUserName); + /* ** Create the users personal folder */ + // Create the users personal folder using the username as the folder name + $personalFolder = $dropDocsFolder->add_folder($sUserName); - //Copy the permission object to stop permission inheritance - KTPermissionUtil::copyPermissionObject($personalFolder->get_folder()); + if(PEAR::isError($personalFolder)){ + $default->log->debug('MyDropDocuments: could not create user folder '.$personalFolder->getMessage()); + return _kt('Error - could not create the personal folder: ').$personalFolder->getMessage(); + } - //The role should exist by now. - //In both the if and else statements for the dropdocuments above the role is created - //If its doesn't exist by now there is an error - if(!$this->roleExistsName('WorkSpaceOwner')) - { + $oPersonalFolder = $personalFolder->get_folder(); - $this->session->logout(); - return _kt('Error: WorkSpaceOwner Role not setup, cannot assign to Personal Folder'); + // The folder defines its own permissions - copy the permission object + KTPermissionUtil::copyPermissionObject($oPersonalFolder); - } + // The role should exist by now. + if(!$this->roleExistsName('WorkSpaceOwner')) + { + return _kt('Error: WorkSpaceOwner Role not setup, cannot assign to Personal Folder'); + } - $personalFolderRole = $root->get_folder_by_name('/DroppedDocuments/'.$sUserName); - $PersonalFolderObject = ($personalFolderRole->get_folder()); + //Get permission object + $oPO = KTPermissionObject::get($oPersonalFolder->getPermissionObjectId()); - //Get permission object - $oPO = KTPermissionObject::get($PersonalFolderObject->getPermissionObjectId()); + if(PEAR::isError($oPO)){ + $default->log->debug('MyDropDocuments: could not get permission object for user folder '.$oPO->getMessage()); + return _kt('Error - could not get permission object for the personal folder: ').$oPO->getMessage(); + } - //Check for duplicate WorkSpaceOwner roles - if (count($this->getRoleIdByName('WorkSpaceOwner')) > 1) - { - $this->session->logout(); - return _kt('Error: cannot set personal folder role permissions: more than one role named \'WorkSpaceOwner\' exists'); + $this->setPersonalFolderPermissions($oPO); - } + $this->updatePersonalFolderRoleAllocation($oPersonalFolder); - $this->setPersonalFolderPermissions($oPO); + // Folder just created so no top list of last modified documents + return _kt(' You do not have any dropped documents


'); + } - $this->updatePersonalFolderRoleAllocation($PersonalFolderObject); + /** + * Method to create the DroppedDocuments folder within the Root Folder + * + * @return string|null Returns an error message or null on success + */ + function createDropDocsFolder() + { + $root = $this->ktapi->get_root_folder(); + if(PEAR::isError($root)){ + $default->log->debug('MyDropDocuments: could not get root folder '.$root->getMessage()); + return _kt('Error - could not get the root folder: ').$root->getMessage(); + } - //folder just created so no top list of last modified documents + //Create dropdocuments folder + $dropDocsFolder = $root->add_folder('DroppedDocuments'); - $iMyDocsFolderID = $this->getFolderID($sUserName); - $this->session->logout(); - return _kt(' You do not have any dropped documents


'); + if(PEAR::isError($dropDocsFolder)){ + $default->log->debug('MyDropDocuments: could not create DroppedDocuments folder '.$dropDocsFolder->getMessage()); + return _kt('Error - could not create the DropppedDocuments folder: ').$dropDocsFolder->getMessage(); + } + // Get the DropDocuments folder object + $dropDocsFolderObject = $dropDocsFolder->get_folder(); - } + // The folder must define its own permissions so create a copy of the root folder + KTPermissionUtil::copyPermissionObject($dropDocsFolderObject); - else //if personal folder does exist - { - //Getting personal folder id - $iMyDocsFolderID = $this->getFolderID($sUserName); + // Each user is added to the WorkSpaceOwner role on their personal folder + // Check if the role exists and create it if it doesn't + if(!$this->roleExistsName('WorkSpaceOwner')) + { + $oWorkSpaceOwnerRole = $this->createRole('WorkSpaceOwner'); + if ($oWorkSpaceOwnerRole == null) + { + return _kt('Error: Failed to create WorkSpaceOwner Role'); + } + } + // Get the permission object from the dropdocuments folder object + $oDropDocsPO = KTPermissionObject::get($dropDocsFolderObject->getPermissionObjectId()); - if(!$this->roleExistsName('WorkSpaceOwner')) - { - $this->session->logout(); - return _kt('Error: WorkSpaceOwner Role does not exist'); - } - else - { + if(PEAR::isError($oDropDocsPO)){ + $default->log->debug('MyDropDocuments: could not get permission object for DroppedDocuments folder '.$oDropDocsPO->getMessage()); + return _kt('Error - could not create the DropppedDocuments folder: ').$oDropDocsPO->getMessage(); + } - $oTempPersonalFolder = $root->get_folder_by_name('/DroppedDocuments/'.$sUserName); - $oPersonalFolder = $oTempPersonalFolder->get_folder(); - //update WorkSpaceOwner role to include current user + // Check to see if there are duplicate WorkSpaceOwner roles. + if (count($this->getRoleIdByName('WorkSpaceOwner')) > 1) + { + return _kt('Error: cannot set user role permissions: more than one role named \'WorkSpaceOwner\' exists'); + } - //Get permission object - $oPO = KTPermissionObject::get($oPersonalFolder->getPermissionObjectId()); + // call the function to set the permission on the dropdocuments folder + $this->setUserDocsPermissions($oDropDocsPO); - $this->setPersonalFolderPermissions($oPO); + // Assign the current user to the WorkSpaceOwner role + $this->setUserDocsRoleAllocation($dropDocsFolderObject); + return null; + } - $this->updatePersonalFolderRoleAllocation($oPersonalFolder); + /** + * Method to get any documents added by the user via the Drop Box. + * Returns the HTML displaying the document list. + * + * @param string $sUserName + * @param numeric $iDropDocsFolderID + * @return string HTML - the document list on success or an error message on failure + */ + function getUsersDocument($sUserName, $iDropDocsFolderID) + { + $oUser = $this->oUser; + $oDropDocsFolder = Folder::get($iDropDocsFolderID); - } + $fullPath = $oDropDocsFolder->getFullPath() . '/' . $sUserName; - $fullPath = $oUserDocsFolder->getFullPath() . '/' . $sUserName; + $aExternalWhereClauses[] = '(DT.transaction_namespace IN (?,?,?) AND (D.full_path LIKE "'.$fullPath.'/%"))'; + $aExternalWhereParams[] = 'ktcore.transactions.create'; + $aExternalWhereParams[] = 'ktcore.transactions.check_in'; + $aExternalWhereParams[] = 'ktcore.transactions.event'; - $aExternalWhereClauses[] = '(DT.transaction_namespace IN (?,?,?) AND (D.full_path LIKE "'.$fullPath.'/%"))'; - $aExternalWhereParams[] = 'ktcore.transactions.create'; - $aExternalWhereParams[] = 'ktcore.transactions.check_in'; - $aExternalWhereParams[] = 'ktcore.transactions.event'; + $aDocumentTransactions = $this->getTransactionsMatchingQuery($oUser, '', $aExternalWhereClauses, $aExternalWhereParams); + if (empty($aDocumentTransactions) || PEAR::isError($aDocumentTransactions)) + { + if(PEAR::isError($aDocumentTransactions)){ + global $default; + $default->log->debug('Error retrieving dropped documents - '.$aDocumentTransactions->getMessage()); + } - $aDocumentTransactions = $this->getTransactionsMatchingQuery($oUser, '', $aExternalWhereClauses, $aExternalWhereParams); - if (empty($aDocumentTransactions)) - { - $this->session->logout(); - return _kt(' You do not have any dropped documents


'); - } + return _kt(' You do not have any dropped documents


'); + } - $maxcount = 5; + $maxcount = 5; - $sReturnTable = ''._kt('Recently Dropped Documents').' + $sReturnTable = ''._kt('Recently Dropped Documents').' @@ -261,242 +299,250 @@ class MyDropDocumentsPage extends KTStandardDispatcher { '; - $sOddorEven = ''; - $count = 1; - $rendered = array(); - foreach ($aDocumentTransactions as $aRow) - { - $documentId = $aRow['document_id']; - if (in_array($documentId, $rendered)) - { - continue; - } - - $rendered[] = $documentId; - $oDocument = Document::get($documentId); - - $sContentType = KTMime::getIconPath($oDocument->getMimeTypeID()); - $aAnchorData = $this->getDocInfo($documentId); - $sLink = $aAnchorData[0]; - $sShortDocName = $sDocName = $aAnchorData[1]; - - $iDocLength = strlen($sDocName); - $iMax = 40; - if ( $iDocLength > $iMax ) - { - $sShortDocName = substr($sDocName, 0, $iMax) . '...'; - } - - $sOddorEven = ($count%2 == 0)?'even':'odd'; - - $sReturnTable .= ''. - ''. - ''. - ''; - if (++$count > 5) - { - break; - } - } - - $location = 'browse.php?fFolderId='.$iMyDocsFolderID; - $sReturnTable .= ''. - '
'.$sShortDocName.''.$aRow['datetime'].'
'. - '
'. - ''._kt(' View All').'

'; - $this->session->logout(); - - return $sReturnTable; - - } - } + $sOddorEven = ''; + $count = 1; + $rendered = array(); + foreach ($aDocumentTransactions as $aRow) + { + $documentId = $aRow['document_id']; + if (in_array($documentId, $rendered)) + { + continue; + } + + $rendered[] = $documentId; + $oDocument = Document::get($documentId); + + $sContentType = KTMime::getIconPath($oDocument->getMimeTypeID()); + $aAnchorData = $this->getDocInfo($documentId); + $sLink = $aAnchorData[0]; + $sShortDocName = $sDocName = $aAnchorData[1]; + + $iDocLength = strlen($sDocName); + $iMax = 40; + if ( $iDocLength > $iMax ) + { + $sShortDocName = substr($sDocName, 0, $iMax) . '...'; + } + + $sOddorEven = ($count%2 == 0)?'even':'odd'; + + $sReturnTable .= ''. + ''.$sShortDocName.''. + ''.$aRow['datetime'].''. + ''; + if (++$count > 5) + { + break; + } + } + + $location = 'browse.php?fFolderId='.$iMyDocsFolderID; + $sReturnTable .= ''. + ''. + '
'. + ''._kt(' View All').'

'; + //$this->session->logout(); + + return $sReturnTable; + } function handleOutput($sOutput) { print $sOutput; } //This function is used to set the permission on the dropdocuments folder - function setUserDocsPermissions($oUserPO) - { - //arrays returned from get Role ID's - $aWorkSpaceOwnerRoleID = $this->getRoleIdByName('WorkSpaceOwner'); - $aAdminGroupID = $this->getGroupIdByName('System Administrators'); - - //arrays used to make integers for $aAllowed array variable - $iWorkSpaceOwnerRoleID = $aWorkSpaceOwnerRoleID[0]['id']; - $iAdminGroupID = $aAdminGroupID[0]['id']; - //$aBothAllowed is used to give permissions to the admin group and the WorkSpaceOwner role - $aBothAllowed = array('group' => array($iAdminGroupID), 'role' => array($iWorkSpaceOwnerRoleID)); - - //$aAdminAllowed is used to give permissions to the admin group only - $aAdminAllowed = array('group' => array($iAdminGroupID)); - - //Get the list of permissions - $aPermissions = KTPermission::getList(); - - foreach ($aPermissions as $oPermission) - { - //If the permission is not one of the below then both are allowed the permission - //Otherwise only the admin group is allowed the permission - if($oPermission->getHumanName() != 'Delete' && $oPermission->getHumanName() != 'Rename Folder' - && $oPermission->getHumanName() != 'Manage security' && $oPermission->getHumanName() != 'Manage workflow') - { - KTPermissionUtil::setPermissionForId($oPermission, $oUserPO, $aBothAllowed); - } - else - { - KTPermissionUtil::setPermissionForId($oPermission, $oUserPO, $aAdminAllowed); - } - } + function setUserDocsPermissions($oUserPO) + { + //arrays returned from get Role ID's + $aWorkSpaceOwnerRoleID = $this->getRoleIdByName('WorkSpaceOwner'); + $aAdminGroupID = $this->getGroupIdByName('System Administrators'); + + //arrays used to make integers for $aAllowed array variable + $iWorkSpaceOwnerRoleID = $aWorkSpaceOwnerRoleID[0]['id']; + $iAdminGroupID = $aAdminGroupID[0]['id']; + //$aBothAllowed is used to give permissions to the admin group and the WorkSpaceOwner role + $aBothAllowed = array('group' => array($iAdminGroupID), 'role' => array($iWorkSpaceOwnerRoleID)); + + //$aAdminAllowed is used to give permissions to the admin group only + $aAdminAllowed = array('group' => array($iAdminGroupID)); + + //Get the list of permissions + $aPermissions = KTPermission::getList(); + + foreach ($aPermissions as $oPermission) + { + //If the permission is not one of the below then both are allowed the permission + //Otherwise only the admin group is allowed the permission + if($oPermission->getHumanName() != 'Delete' && $oPermission->getHumanName() != 'Rename Folder' + && $oPermission->getHumanName() != 'Manage security' && $oPermission->getHumanName() != 'Manage workflow') + { + KTPermissionUtil::setPermissionForId($oPermission, $oUserPO, $aBothAllowed); + } + else + { + KTPermissionUtil::setPermissionForId($oPermission, $oUserPO, $aAdminAllowed); + } + } //UPdate the permission lookup KTPermissionUtil::updatePermissionLookupForPO($oUserPO); - } + } - //This function is used for allocating the user to the WorkSpaceOwner role only when the dropdocuments folder - //has just been created. - function setUserDocsRoleAllocation($oUserFolderObject) - { - $userFolderID = $oUserFolderObject->getId(); + //This function is used for allocating the user to the WorkSpaceOwner role only when the dropdocuments folder + //has just been created. + function setUserDocsRoleAllocation($oUserFolderObject) + { + $userFolderID = $oUserFolderObject->getId(); $tempWorkSpaceOwnerRoleID = $this->getRoleIdByName('WorkSpaceOwner'); $WorkSpaceOwnerRoleID = $tempWorkSpaceOwnerRoleID[0]['id']; //create a new role allocation - $oDropdocumentsRoleAllocation = new RoleAllocation(); - if ($oDropdocumentsRoleAllocation == null) - { - $this->session->logout(); - return _kt('Error: cannot create WorkSpaceOwner role allocation'); - } - - //set the folder and role for the allocation - $oDropdocumentsRoleAllocation->setFolderId($userFolderID); - $oDropdocumentsRoleAllocation->setRoleId($WorkSpaceOwnerRoleID); - - $aWorkSpaceOwnerRoleAllowed = array(); - $oDropdocumentsRoleAllocation->setAllowed($aWorkSpaceOwnerRoleAllowed); - //It might be a problem that i'm not doing a "start transaction" here. - //Unable to roll back in event of db failure - $res = $oDropdocumentsRoleAllocation->create(); - - //The role is created and then updated by adding the current user to the allowed list - - $oPD = $oDropdocumentsRoleAllocation->getPermissionDescriptor(); - $aWorkSpaceOwnerRoleAssignAllowed = $oPD->getAllowed(); - $aUserId[] = $this->oUser->getId(); - $aWorkSpaceOwnerRoleAssignAllowed['user'] = $aUserId; - $oDropdocumentsRoleAllocation->setAllowed($aWorkSpaceOwnerRoleAssignAllowed); - $res = $oDropdocumentsRoleAllocation->update(); - - //Update all info linked to the role - $this->renegeratePermissionsForRole($oDropdocumentsRoleAllocation->getRoleId(), $userFolderID); - } - - //This function is used to allocate the current user to the WorkSpaceOwner role after the Dropdocuments folder - //has already been created. - function updateUserDocsRoleAllocation($oUserFolder) - { - $userFolderID = $oUserFolder->getId(); - $tempWorkSpaceOwnerRoleID = $this->getRoleIdByName('WorkSpaceOwner');//$oUserRole->getId(); + $oDropdocumentsRoleAllocation = new RoleAllocation(); + if ($oDropdocumentsRoleAllocation == null) + { + $this->session->logout(); + return _kt('Error: cannot create WorkSpaceOwner role allocation'); + } + + //set the folder and role for the allocation + $oDropdocumentsRoleAllocation->setFolderId($userFolderID); + $oDropdocumentsRoleAllocation->setRoleId($WorkSpaceOwnerRoleID); + + $aWorkSpaceOwnerRoleAllowed = array(); + $oDropdocumentsRoleAllocation->setAllowed($aWorkSpaceOwnerRoleAllowed); + //It might be a problem that i'm not doing a "start transaction" here. + //Unable to roll back in event of db failure + $res = $oDropdocumentsRoleAllocation->create(); + + if(!$res === true){ + $this->session->logout(); + return _kt('Error: cannot create role allocation'); + } + + //The role is created and then updated by adding the current user to the allowed list + + $oPD = $oDropdocumentsRoleAllocation->getPermissionDescriptor(); + $aWorkSpaceOwnerRoleAssignAllowed = $oPD->getAllowed(); + $aUserId[] = $this->oUser->getId(); + $aWorkSpaceOwnerRoleAssignAllowed['user'] = $aUserId; + $oDropdocumentsRoleAllocation->setAllowed($aWorkSpaceOwnerRoleAssignAllowed); + $res = $oDropdocumentsRoleAllocation->update(); + + //Update all info linked to the role + $this->renegeratePermissionsForRole($oDropdocumentsRoleAllocation->getRoleId(), $userFolderID); + } + + //This function is used to allocate the current user to the WorkSpaceOwner role after the Dropdocuments folder + //has already been created. + function updateUserDocsRoleAllocation($oUserFolder) + { + $userFolderID = $oUserFolder->getId(); + $tempWorkSpaceOwnerRoleID = $this->getRoleIdByName('WorkSpaceOwner');//$oUserRole->getId(); $WorkSpaceOwnerRoleID = $tempWorkSpaceOwnerRoleID[0]['id']; //Get the role allocation object for the Dropdocuments folder and the WorkSpaceOwner role $oDropdocumentsRoleAllocation = $oRoleAllocation = RoleAllocation::getAllocationsForFolderAndRole($userFolderID, $WorkSpaceOwnerRoleID); - //check that the object is not null - if ($oDropdocumentsRoleAllocation == null) - { - $this->session->logout(); - return _kt('Error: cannot find WorkSpaceOwner role allocation'); - } - - $oPD = $oDropdocumentsRoleAllocation->getPermissionDescriptor(); - $aWorkSpaceOwnerRoleAssignAllowed = $oPD->getAllowed(); - - //If the user ID is not in the allowed list already then add it to the list. - if(!in_array($this->oUser->getId(), $aWorkSpaceOwnerRoleAssignAllowed['user'])) - { - $aNewAllowed = array(); - $aNewAllowed = $aWorkSpaceOwnerRoleAssignAllowed['user']; - $aNewAllowed[] = $this->oUser->getId(); - $aWorkSpaceOwnerRoleAssignAllowed['user'] = $aNewAllowed; - $oDropdocumentsRoleAllocation->setAllowed($aWorkSpaceOwnerRoleAssignAllowed); - $res = $oDropdocumentsRoleAllocation->update(); - $this->renegeratePermissionsForRole($oDropdocumentsRoleAllocation->getRoleId(), $userFolderID); - } - } - - function setPersonalFolderPermissions($oPO) - { - $aWorkSpaceOwnerRoleID = $this->getRoleIdByName('WorkSpaceOwner'); - $aAdminGroupID = $this->getGroupIdByName('System Administrators'); - - //arrays used to make integers for $aAllowed array variable - $iWorkSpaceOwnerRoleID = $aWorkSpaceOwnerRoleID[0]['id']; - $iAdminGroupID = $aAdminGroupID[0]['id']; - - //set permissions for the role and the admin group - $aAllowed = array('role' => array($iWorkSpaceOwnerRoleID), 'group' => array($iAdminGroupID)); - - //Get the List of all the permissions - $aPersonalFolderPermissions = KTPermission::getList(); - - //Iterate through and apply all permissions to the current user and the admin group - foreach ($aPersonalFolderPermissions as $oPersonalFolderPermission) - { - KTPermissionUtil::setPermissionForId($oPersonalFolderPermission, $oPO, $aAllowed); - - } - - //Update permission lookup - KTPermissionUtil::updatePermissionLookupForPO($oPO); - } - - function updatePersonalFolderRoleAllocation($oPersonalFolder) - { - //Assign user to the WorkSpaceOwner role + //check that the object is not null + if ($oDropdocumentsRoleAllocation == null) + { + $this->session->logout(); + return _kt('Error: cannot find WorkSpaceOwner role allocation'); + } + + $oPD = $oDropdocumentsRoleAllocation->getPermissionDescriptor(); + $aWorkSpaceOwnerRoleAssignAllowed = $oPD->getAllowed(); + + //If the user ID is not in the allowed list already then add it to the list. + if(!in_array($this->oUser->getId(), $aWorkSpaceOwnerRoleAssignAllowed['user'])) + { + $aNewAllowed = array(); + $aNewAllowed = $aWorkSpaceOwnerRoleAssignAllowed['user']; + $aNewAllowed[] = $this->oUser->getId(); + $aWorkSpaceOwnerRoleAssignAllowed['user'] = $aNewAllowed; + $oDropdocumentsRoleAllocation->setAllowed($aWorkSpaceOwnerRoleAssignAllowed); + $res = $oDropdocumentsRoleAllocation->update(); + $this->renegeratePermissionsForRole($oDropdocumentsRoleAllocation->getRoleId(), $userFolderID); + } + } + + function setPersonalFolderPermissions($oPO) + { + $aWorkSpaceOwnerRoleID = $this->getRoleIdByName('WorkSpaceOwner'); + $aAdminGroupID = $this->getGroupIdByName('System Administrators'); + + //arrays used to make integers for $aAllowed array variable + $iWorkSpaceOwnerRoleID = $aWorkSpaceOwnerRoleID[0]['id']; + $iAdminGroupID = $aAdminGroupID[0]['id']; + + //set permissions for the role and the admin group + $aAllowed = array('role' => array($iWorkSpaceOwnerRoleID), 'group' => array($iAdminGroupID)); + + //Get the List of all the permissions + $aPersonalFolderPermissions = KTPermission::getList(); + + //Iterate through and apply all permissions to the current user and the admin group + foreach ($aPersonalFolderPermissions as $oPersonalFolderPermission) + { + KTPermissionUtil::setPermissionForId($oPersonalFolderPermission, $oPO, $aAllowed); + + } + + //Update permission lookup + KTPermissionUtil::updatePermissionLookupForPO($oPO); + } + + function updatePersonalFolderRoleAllocation($oPersonalFolder) + { + //Assign user to the WorkSpaceOwner role $personalFolderID = $oPersonalFolder->getId(); $tempWorkSpaceOwnerRoleID = $this->getRoleIdByName('WorkSpaceOwner'); $WorkSpaceOwnerRoleID = $tempWorkSpaceOwnerRoleID[0]['id']; - $oRoleAllocation = new RoleAllocation(); - if ($oRoleAllocation == null) - { - $this->session->logout(); - return _kt('Error: Cannot create WorkSpaceOwner role allocation on personal folder'); - } - $oRoleAllocation->setFolderId($personalFolderID); - $oRoleAllocation->setRoleId($WorkSpaceOwnerRoleID); - - $aRoleAllowed = array(); - $oRoleAllocation->setAllowed($aRoleAllowed); - - //It might be a problem that i'm not doing a "start transaction" here. - //Unable to roll back in event of db failure - $res = $oRoleAllocation->create(); - - //The role is first created and then the current user is allocated to the role below - - $oPD = $oRoleAllocation->getPermissionDescriptor(); - $aRoleAssignAllowed = $oPD->getAllowed(); - $aUserId[] = $this->oUser->getId(); - $aRoleAssignAllowed['user'] = $aUserId; - $oRoleAllocation->setAllowed($aRoleAssignAllowed); - $res = $oRoleAllocation->update(); - $this->renegeratePermissionsForRole($oRoleAllocation->getRoleId(), $personalFolderID); - } - - //FIXME: Direct Database access + $oRoleAllocation = new RoleAllocation(); + if ($oRoleAllocation == null) + { + $this->session->logout(); + return _kt('Error: Cannot create WorkSpaceOwner role allocation on personal folder'); + } + $oRoleAllocation->setFolderId($personalFolderID); + $oRoleAllocation->setRoleId($WorkSpaceOwnerRoleID); + + $aRoleAllowed = array(); + $oRoleAllocation->setAllowed($aRoleAllowed); + + //It might be a problem that i'm not doing a "start transaction" here. + //Unable to roll back in event of db failure + $res = $oRoleAllocation->create(); + + if(!$res === true){ + $this->session->logout(); + return _kt('Error: cannot create role allocation'); + } + + //The role is first created and then the current user is allocated to the role below + + $oPD = $oRoleAllocation->getPermissionDescriptor(); + $aRoleAssignAllowed = $oPD->getAllowed(); + $aUserId[] = $this->oUser->getId(); + $aRoleAssignAllowed['user'] = $aUserId; + $oRoleAllocation->setAllowed($aRoleAssignAllowed); + $res = $oRoleAllocation->update(); + $this->renegeratePermissionsForRole($oRoleAllocation->getRoleId(), $personalFolderID); + } + + //FIXME: Direct Database access function getFolderID($sFolderName) { $sQuery = 'SELECT id FROM folders WHERE name = \''.$sFolderName.'\''; - $id = DBUtil::getResultArray($sQuery); - return $id[0]['id']; - } + $id = DBUtil::getResultArray($sQuery); + return $id[0]['id']; + } - //this function returns the document link and document name to be displayed on the dashlet - function getDocInfo($iDocId) { + //this function returns the document link and document name to be displayed on the dashlet + function getDocInfo($iDocId) { $oDocument = Document::get($iDocId); if (PEAR::isError($oDocument)) { @@ -506,30 +552,30 @@ class MyDropDocumentsPage extends KTStandardDispatcher { $sName = htmlentities($oDocument->getName(), ENT_NOQUOTES, 'UTF-8'); $sLink = KTBrowseUtil::getUrlForDocument($oDocument); - $aAnchorData = array(); - $aAnchorData[] = $sLink; - $aAnchorData[] = $sName; - return $aAnchorData; + $aAnchorData = array(); + $aAnchorData[] = $sLink; + $aAnchorData[] = $sName; + return $aAnchorData; } //This function is used to create the role, role allocation is done separately function createRole ($sName) { - $this->startTransaction(); + $this->startTransaction(); $oRole = Role::createFromArray(array('name' => $sName)); if (PEAR::isError($oRole) || ($oRole == false)) { - if ($this->bTransactionStarted) + if ($this->bTransactionStarted) { - $this->rollbackTransaction(); - } + $this->rollbackTransaction(); + } //return null on failure return null; } else { - return $oRole; + return $oRole; } } @@ -537,131 +583,131 @@ class MyDropDocumentsPage extends KTStandardDispatcher { //FIXME: Direct Database access function roleExistsName ($sName) { - $sQuery = "SELECT id FROM roles WHERE name = ?"; + $sQuery = "SELECT id FROM roles WHERE name = ?"; $aParams = array($sName); - $res = DBUtil::getResultArray(array($sQuery, $aParams)); + $res = DBUtil::getResultArray(array($sQuery, $aParams)); - if (count($res) != 0) - { - return true; - } - return false; + if (count($res) != 0) + { + return true; + } + return false; } //FIXME: Direct Database access function groupExistsName ($sName) { - $sQuery = "SELECT id FROM groups_lookup WHERE name = ?"; + $sQuery = "SELECT id FROM groups_lookup WHERE name = ?"; $aParams = array($sName); - $res = DBUtil::getResultArray(array($sQuery, $aParams)); + $res = DBUtil::getResultArray(array($sQuery, $aParams)); - if (count($res) != 0) - { - return true; - } - return false; + if (count($res) != 0) + { + return true; + } + return false; } //FIXME: Direct Database access function getRoleIdByName($sName) { - $sQuery = "SELECT id FROM roles WHERE name = ?"; + $sQuery = "SELECT id FROM roles WHERE name = ?"; $aParams = array($sName); - $res = DBUtil::getResultArray(array($sQuery, $aParams)); - return $res; + $res = DBUtil::getResultArray(array($sQuery, $aParams)); + return $res; } //FIXME: Direct Database access function getGroupIdByName ($sName) { - $sQuery = "SELECT id FROM groups_lookup WHERE name = ?"; + $sQuery = "SELECT id FROM groups_lookup WHERE name = ?"; $aParams = array($sName); - $res = DBUtil::getResultArray(array($sQuery, $aParams)); - return $res; + $res = DBUtil::getResultArray(array($sQuery, $aParams)); + return $res; } //function taken from KTPermission.php and edited to work here function renegeratePermissionsForRole($iRoleId, $iFolderId) { - $iStartFolderId = $iFolderId; - /* - * 1. find all folders & documents "below" this one which use the role - * definition _active_ (not necessarily present) at this point. - * 2. tell permissionutil to regen their permissions. - * - * The find algorithm is: - * - * folder_queue <- (iStartFolderId) - * while folder_queue is not empty: - * active_folder = - * for each folder in the active_folder: - * find folders in _this_ folder without a role-allocation on the iRoleId - * add them to the folder_queue - * update the folder's permissions. - * find documents in this folder: - * update their permissions. - */ - - $sRoleAllocTable = KTUtil::getTableName('role_allocations'); - $sFolderTable = KTUtil::getTableName('folders'); - $sQuery = sprintf('SELECT f.id as id FROM %s AS f LEFT JOIN %s AS ra ON (f.id = ra.folder_id) WHERE ra.id IS NULL AND f.parent_id = ?', $sFolderTable, $sRoleAllocTable); - - - $folder_queue = array($iStartFolderId); - while (!empty($folder_queue)) { - $active_folder = array_pop($folder_queue); - - $aParams = array($active_folder); - - $aNewFolders = DBUtil::getResultArrayKey(array($sQuery, $aParams), 'id'); - if (PEAR::isError($aNewFolders)) { - //$this->errorRedirectToMain(_kt('Failure to generate folderlisting.')); - echo _kt('Failure to generate folderlisting.'); - } - $folder_queue = kt_array_merge ($folder_queue, (array) $aNewFolders); // push. - - - // update the folder. - $oFolder =& Folder::get($active_folder); - if (PEAR::isError($oFolder) || ($oFolder == false)) { - //$this->errorRedirectToMain(_kt('Unable to locate folder: ') . $active_folder); - echo _kt('Unable to locate folder: ').$active_folder; - } - - KTPermissionUtil::updatePermissionLookup($oFolder); - $aDocList =& Document::getList(array('folder_id = ?', $active_folder)); - if (PEAR::isError($aDocList) || ($aDocList === false)) { - //$this->errorRedirectToMain(sprintf(_kt('Unable to get documents in folder %s: %s'), $active_folder, $aDocList->getMessage())); - echo _kt('Unable to get documents in folder ').$active_folder; - } - - foreach ($aDocList as $oDoc) { - if (!PEAR::isError($oDoc)) { - KTPermissionUtil::updatePermissionLookup($oDoc); - } - } - } - } - - /* - attempt to abstract the transaction-matching query. - - tables that are already defined (other than sec ones): - - - Documents (D) - - Users (U) - - TransactionTypes (DTT) - - Document Transactions (DT) - - so where clausess can take advantage of those. - - */ + $iStartFolderId = $iFolderId; + /* + * 1. find all folders & documents "below" this one which use the role + * definition _active_ (not necessarily present) at this point. + * 2. tell permissionutil to regen their permissions. + * + * The find algorithm is: + * + * folder_queue <- (iStartFolderId) + * while folder_queue is not empty: + * active_folder = + * for each folder in the active_folder: + * find folders in _this_ folder without a role-allocation on the iRoleId + * add them to the folder_queue + * update the folder's permissions. + * find documents in this folder: + * update their permissions. + */ + + $sRoleAllocTable = KTUtil::getTableName('role_allocations'); + $sFolderTable = KTUtil::getTableName('folders'); + $sQuery = sprintf('SELECT f.id as id FROM %s AS f LEFT JOIN %s AS ra ON (f.id = ra.folder_id) WHERE ra.id IS NULL AND f.parent_id = ?', $sFolderTable, $sRoleAllocTable); + + + $folder_queue = array($iStartFolderId); + while (!empty($folder_queue)) { + $active_folder = array_pop($folder_queue); + + $aParams = array($active_folder); + + $aNewFolders = DBUtil::getResultArrayKey(array($sQuery, $aParams), 'id'); + if (PEAR::isError($aNewFolders)) { + //$this->errorRedirectToMain(_kt('Failure to generate folderlisting.')); + echo _kt('Failure to generate folderlisting.'); + } + $folder_queue = kt_array_merge ($folder_queue, (array) $aNewFolders); // push. + + + // update the folder. + $oFolder =& Folder::get($active_folder); + if (PEAR::isError($oFolder) || ($oFolder == false)) { + //$this->errorRedirectToMain(_kt('Unable to locate folder: ') . $active_folder); + echo _kt('Unable to locate folder: ').$active_folder; + } + + KTPermissionUtil::updatePermissionLookup($oFolder); + $aDocList =& Document::getList(array('folder_id = ?', $active_folder)); + if (PEAR::isError($aDocList) || ($aDocList === false)) { + //$this->errorRedirectToMain(sprintf(_kt('Unable to get documents in folder %s: %s'), $active_folder, $aDocList->getMessage())); + echo _kt('Unable to get documents in folder ').$active_folder; + } + + foreach ($aDocList as $oDoc) { + if (!PEAR::isError($oDoc)) { + KTPermissionUtil::updatePermissionLookup($oDoc); + } + } + } + } + + /* + attempt to abstract the transaction-matching query. + + tables that are already defined (other than sec ones): + + - Documents (D) + - Users (U) + - TransactionTypes (DTT) + - Document Transactions (DT) + + so where clausess can take advantage of those. + + */ function getTransactionsMatchingQuery($oUser, $sJoinClause, $aExternalWhereClauses, $aExternalWhereParams, $aOptions = null) { $sSelectItems = 'DTT.name AS transaction_name, U.name AS user_name, DT.version AS version, DT.comment AS comment, DT.datetime AS datetime, D.id as document_id, DT.transaction_namespace as namespace'; $sBaseJoin = "FROM " . KTUtil::getTableName("document_transactions") . " AS DT " . - "INNER JOIN " . KTUtil::getTableName("users") . " AS U ON DT.user_id = U.id " . - "INNER JOIN " . KTUtil::getTableName("transaction_types") . " AS DTT ON DTT.namespace = DT.transaction_namespace " . - "INNER JOIN " . KTUtil::getTableName("documents") . " AS D ON D.id = DT.document_id "; + "INNER JOIN " . KTUtil::getTableName("users") . " AS U ON DT.user_id = U.id " . + "INNER JOIN " . KTUtil::getTableName("transaction_types") . " AS DTT ON DTT.namespace = DT.transaction_namespace " . + "INNER JOIN " . KTUtil::getTableName("documents") . " AS D ON D.id = DT.document_id "; // now we're almost at partialquery like status. $perm_res = KTSearchUtil::permissionToSQL($oUser, 'ktcore.permissions.read'); @@ -687,13 +733,13 @@ class MyDropDocumentsPage extends KTStandardDispatcher { } $sQuery = sprintf("SELECT %s %s %s %s %s ORDER BY %s", - $sSelectItems, - $sBaseJoin, - $sPermissionJoin, - $sJoinClause, - $sWhereClause, - $sOrderBy - ); + $sSelectItems, + $sBaseJoin, + $sPermissionJoin, + $sJoinClause, + $sWhereClause, + $sOrderBy + ); //var_dump(array($sQuery, $aFinalWhereParams));