From 2a59a8894d362ff82bc7f4e5e9a5ba75b0907c15 Mon Sep 17 00:00:00 2001 From: kevin_fourie Date: Sun, 3 Aug 2008 13:21:57 +0000 Subject: [PATCH] Merged in from STABLE trunk... --- plugins/MyDropDocumentsPlugin/MyDropDocumentsPage.php | 1436 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- plugins/ktcore/KTCorePlugin.php | 12 ++++++------ 2 files changed, 724 insertions(+), 724 deletions(-) diff --git a/plugins/MyDropDocumentsPlugin/MyDropDocumentsPage.php b/plugins/MyDropDocumentsPlugin/MyDropDocumentsPage.php index f269816..13fe406 100644 --- a/plugins/MyDropDocumentsPlugin/MyDropDocumentsPage.php +++ b/plugins/MyDropDocumentsPlugin/MyDropDocumentsPage.php @@ -1,718 +1,718 @@ -. - * - * You can contact KnowledgeTree Inc., PO Box 7775 #87847, San Francisco, - * California 94120-7775, or email info@knowledgetree.com. - * - * The interactive user interfaces in modified source and object code versions - * of this program must display Appropriate Legal Notices, as required under - * Section 5 of the GNU General Public License version 3. - * - * In accordance with Section 7(b) of the GNU General Public License version 3, - * these Appropriate Legal Notices must retain the display of the "Powered by - * KnowledgeTree" logo and retain the original copyright notice. If the display of the - * logo is not reasonably feasible for technical reasons, the Appropriate Legal Notices - * must display the words "Powered by KnowledgeTree" and retain the original - * copyright notice. - * Contributor( s): ______________________________________ - * - */ - -require_once("config/dmsDefaults.php"); -require_once(KT_DIR . "/ktapi/ktapi.inc.php"); -require_once(KT_LIB_DIR . "/plugins/plugin.inc.php"); -require_once(KT_LIB_DIR . "/plugins/pluginregistry.inc.php"); -require_once(KT_LIB_DIR . "/dashboard/dashlet.inc.php"); -require_once(KT_DIR . "/plugins/ktcore/KTFolderActions.php"); -require_once(KT_DIR . "/ktapi/KTAPIFolder.inc.php"); -require_once(KT_LIB_DIR . "/roles/Role.inc"); -require_once(KT_LIB_DIR . "/roles/roleallocation.inc.php"); -require_once(KT_LIB_DIR . "/permissions/permissionutil.inc.php"); -require_once(KT_LIB_DIR . '/mime.inc.php'); -/* This page is run via an AJAX call from the update.js for this plugin. - * It checks to see if both the dropdocuments folder and the users personal folder exist. - * If they don't, it creates them and assigns permission and roles accordingly. - * If the dropdocuments folder does exist it checks if the WorkSpaceOwner role exists. - * If the role exists it assigns the current user to the role on the dropdocuments folder. - * Therefore any users running the plugin after the dropdocuments folder has been created will have access to it too. - * The underlying logic is that everyone is assigned to the WorkSpaceOwner Role, they have all permission except - * Delete, Rename Folder, Manage security and Manage workflow on the dropdocuments folder. - * This role is then assigned to their personal folder too (which is named according to their username) and is overidden - * to give only the current user full rights to their folder. - * Essentially everyone can look at the dropdocuments folder but will only see their own folder within it. - */ - -class MyDropDocumentsPage extends KTStandardDispatcher { - - function do_main() { - - $iRootID = (int)1; - $oUser = $this->oUser; - $sUserName = (string)$this->oUser->getUserName(); - $this->ktapi = new KTAPI(); - $this->session = $this->ktapi->start_system_session(); - - if(!Folder::FolderExistsName('DroppedDocuments', $iRootID)) - { - - $root=$this->ktapi->get_root_folder(); - - //Create dropdocuments folder - $userFolder = $root->add_folder('DroppedDocuments'); - - //In order to stop permission inheritance a copy of the parent permission object is created. - //This copy is then used to set separate permissions for this folder. - KTPermissionUtil::copyPermissionObject($userFolder->get_folder()); - - //If WorkSpaceOwner role doesn't exist, create it - if(!$this->roleExistsName('WorkSpaceOwner')) - { - $oWorkSpaceOwnerRole = $this->createRole('WorkSpaceOwner'); - if ($oWorkSpaceOwnerRole == null) - { - $this->session->logout(); - return _kt('Error: Failed to create WorkSpaceOwner Role'); - } - } - - //$root=$this->ktapi->get_root_folder(); - //$personalFolder = $root->get_folder_by_name('/dropdocuments/'.$sUserName); - - //Get the folder object - $userFolderObject = $userFolder->get_folder(); - - //Get the permission object from the dropdocuments folder object - $oUserPO = KTPermissionObject::get($userFolderObject->getPermissionObjectId()); - - //Check to see if there are duplicate WorkSpaceOwner roles. - if (count($this->getRoleIdByName('WorkSpaceOwner')) > 1) - { - $this->session->logout(); - return _kt('Error: cannot set user role permissions: more than one role named \'WorkSpaceOwner\' exists'); - - } - - //call the function to set the permission on the dropdocuments folder - $this->setUserDocsPermissions($oUserPO); - - //Assign the current user to the WorkSpaceOwner role - $this->setUserDocsRoleAllocation($userFolderObject); - - } - else - { - - $root = $this->ktapi->get_root_folder(); - $userFolder = $root->get_folder_by_name('/DroppedDocuments'); - - //Get the dropdocuments folder object - $userFolderObject = $userFolder->get_folder(); - - if(!$this->roleExistsName('WorkSpaceOwner')) - { - - $oWorkSpaceOwnerRole = $this->createRole('WorkSpaceOwner'); - if ($oWorkSpaceOwnerRole == null) - { - $this->session->logout(); - return _kt('Error: Failed to create WorkSpaceOwner Role'); - } - - //set permissions - $oUserPO = KTPermissionObject::get($userFolderObject->getPermissionObjectId()); - $this->setUserDocsPermissions($oUserPO); - //assign current user to role - $this->setUserDocsRoleAllocation($userFolderObject); - } - else - { - - //update WrokSpaceOwner role to include current user - $this->updateUserDocsRoleAllocation($userFolderObject); - } - - } - - $iUserDocsFolderID = $this->getFolderID('DroppedDocuments'); - $oUserDocsFolder = Folder::get($iUserDocsFolderID); - - if(!Folder::FolderExistsName($sUserName, $iUserDocsFolderID)) - { - - - $root=$this->ktapi->get_root_folder(); - $userDocsFolder = $root->get_folder_by_name('/DroppedDocuments'); - - //create the personal folder. (Use the username to create it) - $personalFolder = $userDocsFolder->add_folder($sUserName); - - //Copy the permission object to stop permission inheritance - KTPermissionUtil::copyPermissionObject($personalFolder->get_folder()); - - //The role should exist by now. - //In both the if and else statements for the dropdocuments above the role is created - //If its doesn't exist by now there is an error - if(!$this->roleExistsName('WorkSpaceOwner')) - { - - $this->session->logout(); - return _kt('Error: WorkSpaceOwner Role not setup, cannot assign to Personal Folder'); - - } - - $personalFolderRole = $root->get_folder_by_name('/DroppedDocuments/'.$sUserName); - $PersonalFolderObject = ($personalFolderRole->get_folder()); - - //Get permission object - $oPO = KTPermissionObject::get($PersonalFolderObject->getPermissionObjectId()); - - //Check for duplicate WorkSpaceOwner roles - if (count($this->getRoleIdByName('WorkSpaceOwner')) > 1) - { - $this->session->logout(); - return _kt('Error: cannot set personal folder role permissions: more than one role named \'WorkSpaceOwner\' exists'); - - } - - $this->setPersonalFolderPermissions($oPO); - - $this->updatePersonalFolderRoleAllocation($PersonalFolderObject); - - - //folder just created so no top list of last modified documents - - $iMyDocsFolderID = $this->getFolderID($sUserName); - $this->session->logout(); - return _kt(' You do not have any dropped documents


'); - - - } - - else //if personal folder does exist - { - //Getting personal folder id - $iMyDocsFolderID = $this->getFolderID($sUserName); - - - if(!$this->roleExistsName('WorkSpaceOwner')) - { - $this->session->logout(); - return _kt('Error: WorkSpaceOwner Role does not exist'); - } - else - { - - $oTempPersonalFolder = $root->get_folder_by_name('/DroppedDocuments/'.$sUserName); - $oPersonalFolder = $oTempPersonalFolder->get_folder(); - //update WorkSpaceOwner role to include current user - - //Get permission object - $oPO = KTPermissionObject::get($oPersonalFolder->getPermissionObjectId()); - - $this->setPersonalFolderPermissions($oPO); - - $this->updatePersonalFolderRoleAllocation($oPersonalFolder); - - } - - - - $aExternalWhereClauses[] = '(DT.transaction_namespace IN (?,?,?) AND (D.parent_folder_ids LIKE "%,'.$iMyDocsFolderID.',%" OR D.parent_folder_ids LIKE "%,'.$iMyDocsFolderID.'"))'; - $aExternalWhereParams[] = 'ktcore.transactions.create'; - $aExternalWhereParams[] = 'ktcore.transactions.check_in'; - $aExternalWhereParams[] = 'ktcore.transactions.event'; - - - $aDocumentTransactions = $this->getTransactionsMatchingQuery($oUser, '', $aExternalWhereClauses, $aExternalWhereParams); - if (empty($aDocumentTransactions)) - { - $this->session->logout(); - return _kt(' You do not have any dropped documents


'); - } - - $maxcount = 5; - $aDocumentTransactions = array_slice($aDocumentTransactions, 0, $maxcount); - - $sReturnTable = ''._kt('Recently Dropped Documents').' - - - - - - - - - '; - - $sOddorEven = ''; - $count = 1; - foreach ($aDocumentTransactions as $aRow) - { - $oDocument = Document::get($aRow[document_id]); - $aParentFolders = explode('/',$oDocument->getFullPath()); - $sPath = ''; - - for($i = 0; $i < count($aParentFolders); $i++) - { - if ($i > 2) - { - $sPath .= '/'.$aParentFolders[$i]; - } - } - - $sContentType = KTMime::getIconPath($oDocument->getMimeTypeID()); - $aAnchorData = $this->getDocInfo($aRow[document_id]); - $sLink = $aAnchorData[0]; - $sDocName = $aAnchorData[1]; - $sShortDocName = $sDocName; - if(strlen($sPath) > 0) - { - $sDocName = $sPath.'/'.$sDocName; - } - - $sFullDocName = $sDocName; - $iDocLength = strlen($sDocName); - if ( $iDocLength > 30 ) - { - $sDocName = substr($sDocName, ($iDocLength - 30), $iDocLength); - $sDocName = '...'.$sDocName; - } - - if($count%2 == 0) - { - $sOddorEven = 'even'; - } - else - { - $sOddorEven = 'odd'; - } - - $sReturnTable .= ''. - ''. - ''. - ''; - $count ++; - } - - $location = 'browse.php?fFolderId='.$iMyDocsFolderID; - $sReturnTable .= ''. - '
'._kt('Document').''._kt('Date Dropped').'
'.$sDocName.''.$aRow[datetime].'
'. - '
'. - ''._kt(' View All').'

'; - $this->session->logout(); - - return $sReturnTable; - - } - } - - function handleOutput($sOutput) { - print $sOutput; - } - - //This function is used to set the permission on the dropdocuments folder - function setUserDocsPermissions($oUserPO) - { - //arrays returned from get Role ID's - $aWorkSpaceOwnerRoleID = $this->getRoleIdByName('WorkSpaceOwner'); - $aAdminGroupID = $this->getGroupIdByName('System Administrators'); - - //arrays used to make integers for $aAllowed array variable - $iWorkSpaceOwnerRoleID = $aWorkSpaceOwnerRoleID[0]['id']; - $iAdminGroupID = $aAdminGroupID[0]['id']; - //$aBothAllowed is used to give permissions to the admin group and the WorkSpaceOwner role - $aBothAllowed = array('group' => array($iAdminGroupID), 'role' => array($iWorkSpaceOwnerRoleID)); - - //$aAdminAllowed is used to give permissions to the admin group only - $aAdminAllowed = array('group' => array($iAdminGroupID)); - - //Get the list of permissions - $aPermissions = KTPermission::getList(); - - foreach ($aPermissions as $oPermission) - { - //If the permission is not one of the below then both are allowed the permission - //Otherwise only the admin group is allowed the permission - if($oPermission->getHumanName() != 'Delete' && $oPermission->getHumanName() != 'Rename Folder' - && $oPermission->getHumanName() != 'Manage security' && $oPermission->getHumanName() != 'Manage workflow') - { - KTPermissionUtil::setPermissionForId($oPermission, $oUserPO, $aBothAllowed); - } - else - { - KTPermissionUtil::setPermissionForId($oPermission, $oUserPO, $aAdminAllowed); - } - } - - //UPdate the permission lookup - KTPermissionUtil::updatePermissionLookupForPO($oUserPO); - } - - //This function is used for allocating the user to the WorkSpaceOwner role only when the dropdocuments folder - //has just been created. - function setUserDocsRoleAllocation($oUserFolderObject) - { - $userFolderID = $oUserFolderObject->getId(); - - $tempWorkSpaceOwnerRoleID = $this->getRoleIdByName('WorkSpaceOwner'); - $WorkSpaceOwnerRoleID = $tempWorkSpaceOwnerRoleID[0]['id']; - - //create a new role allocation - $oDropdocumentsRoleAllocation = new RoleAllocation(); - if ($oDropdocumentsRoleAllocation == null) - { - $this->session->logout(); - return _kt('Error: cannot create WorkSpaceOwner role allocation'); - } - - //set the folder and role for the allocation - $oDropdocumentsRoleAllocation->setFolderId($userFolderID); - $oDropdocumentsRoleAllocation->setRoleId($WorkSpaceOwnerRoleID); - - $aWorkSpaceOwnerRoleAllowed = array(); - $oDropdocumentsRoleAllocation->setAllowed($aWorkSpaceOwnerRoleAllowed); - //It might be a problem that i'm not doing a "start transaction" here. - //Unable to roll back in event of db failure - $res = $oDropdocumentsRoleAllocation->create(); - - //The role is created and then updated by adding the current user to the allowed list - - $oPD = $oDropdocumentsRoleAllocation->getPermissionDescriptor(); - $aWorkSpaceOwnerRoleAssignAllowed = $oPD->getAllowed(); - $aUserId[] = $this->oUser->getId(); - $aWorkSpaceOwnerRoleAssignAllowed['user'] = $aUserId; - $oDropdocumentsRoleAllocation->setAllowed($aWorkSpaceOwnerRoleAssignAllowed); - $res = $oDropdocumentsRoleAllocation->update(); - - //Update all info linked to the role - $this->renegeratePermissionsForRole($oDropdocumentsRoleAllocation->getRoleId(), $userFolderID); - } - - //This function is used to allocate the current user to the WorkSpaceOwner role after the Dropdocuments folder - //has already been created. - function updateUserDocsRoleAllocation($oUserFolder) - { - $userFolderID = $oUserFolder->getId(); - $tempWorkSpaceOwnerRoleID = $this->getRoleIdByName('WorkSpaceOwner');//$oUserRole->getId(); - $WorkSpaceOwnerRoleID = $tempWorkSpaceOwnerRoleID[0]['id']; - - //Get the role allocation object for the Dropdocuments folder and the WorkSpaceOwner role - $oDropdocumentsRoleAllocation = $oRoleAllocation = RoleAllocation::getAllocationsForFolderAndRole($userFolderID, $WorkSpaceOwnerRoleID); - - //check that the object is not null - if ($oDropdocumentsRoleAllocation == null) - { - $this->session->logout(); - return _kt('Error: cannot find WorkSpaceOwner role allocation'); - } - - $oPD = $oDropdocumentsRoleAllocation->getPermissionDescriptor(); - $aWorkSpaceOwnerRoleAssignAllowed = $oPD->getAllowed(); - - //If the user ID is not in the allowed list already then add it to the list. - if(!in_array($this->oUser->getId(), $aWorkSpaceOwnerRoleAssignAllowed['user'])) - { - $aNewAllowed = array(); - $aNewAllowed = $aWorkSpaceOwnerRoleAssignAllowed['user']; - $aNewAllowed[] = $this->oUser->getId(); - $aWorkSpaceOwnerRoleAssignAllowed['user'] = $aNewAllowed; - $oDropdocumentsRoleAllocation->setAllowed($aWorkSpaceOwnerRoleAssignAllowed); - $res = $oDropdocumentsRoleAllocation->update(); - $this->renegeratePermissionsForRole($oDropdocumentsRoleAllocation->getRoleId(), $userFolderID); - } - } - - function setPersonalFolderPermissions($oPO) - { - $aWorkSpaceOwnerRoleID = $this->getRoleIdByName('WorkSpaceOwner'); - $aAdminGroupID = $this->getGroupIdByName('System Administrators'); - - //arrays used to make integers for $aAllowed array variable - $iWorkSpaceOwnerRoleID = $aWorkSpaceOwnerRoleID[0]['id']; - $iAdminGroupID = $aAdminGroupID[0]['id']; - - //set permissions for the role and the admin group - $aAllowed = array('role' => array($iWorkSpaceOwnerRoleID), 'group' => array($iAdminGroupID)); - - //Get the List of all the permissions - $aPersonalFolderPermissions = KTPermission::getList(); - - //Iterate through and apply all permissions to the current user and the admin group - foreach ($aPersonalFolderPermissions as $oPersonalFolderPermission) - { - KTPermissionUtil::setPermissionForId($oPersonalFolderPermission, $oPO, $aAllowed); - - } - - //Update permission lookup - KTPermissionUtil::updatePermissionLookupForPO($oPO); - } - - function updatePersonalFolderRoleAllocation($oPersonalFolder) - { - //Assign user to the WorkSpaceOwner role - $personalFolderID = $oPersonalFolder->getId(); - $tempWorkSpaceOwnerRoleID = $this->getRoleIdByName('WorkSpaceOwner'); - $WorkSpaceOwnerRoleID = $tempWorkSpaceOwnerRoleID[0]['id']; - - $oRoleAllocation = new RoleAllocation(); - if ($oRoleAllocation == null) - { - $this->session->logout(); - return _kt('Error: Cannot create WorkSpaceOwner role allocation on personal folder'); - } - $oRoleAllocation->setFolderId($personalFolderID); - $oRoleAllocation->setRoleId($WorkSpaceOwnerRoleID); - - $aRoleAllowed = array(); - $oRoleAllocation->setAllowed($aRoleAllowed); - - //It might be a problem that i'm not doing a "start transaction" here. - //Unable to roll back in event of db failure - $res = $oRoleAllocation->create(); - - //The role is first created and then the current user is allocated to the role below - - $oPD = $oRoleAllocation->getPermissionDescriptor(); - $aRoleAssignAllowed = $oPD->getAllowed(); - $aUserId[] = $this->oUser->getId(); - $aRoleAssignAllowed['user'] = $aUserId; - $oRoleAllocation->setAllowed($aRoleAssignAllowed); - $res = $oRoleAllocation->update(); - $this->renegeratePermissionsForRole($oRoleAllocation->getRoleId(), $personalFolderID); - } - - //FIXME: Direct Database access - function getFolderID($sFolderName) { - $sQuery = 'SELECT id FROM folders WHERE name = \''.$sFolderName.'\''; - - $id = DBUtil::getResultArray($sQuery); - return $id[0]['id']; - } - - //this function returns the document link and document name to be displayed on the dashlet - function getDocInfo($iDocId) { - $oDocument = Document::get($iDocId); - - if (PEAR::isError($oDocument)) { - return _kt('Document no longer exists.'); - } - - $sName = htmlentities($oDocument->getName(), ENT_NOQUOTES, 'UTF-8'); - $sLink = KTBrowseUtil::getUrlForDocument($oDocument); - - $aAnchorData = array(); - $aAnchorData[] = $sLink; - $aAnchorData[] = $sName; - return $aAnchorData; - } - - //This function is used to create the role, role allocation is done separately - function createRole ($sName) - { - $this->startTransaction(); - $oRole = Role::createFromArray(array('name' => $sName)); - - if (PEAR::isError($oRole) || ($oRole == false)) - { - if ($this->bTransactionStarted) - { - $this->rollbackTransaction(); - } - //return null on failure - return null; - } - else - { - return $oRole; - - } - } - - //FIXME: Direct Database access - function roleExistsName ($sName) - { - $sQuery = "SELECT id FROM roles WHERE name = ?"; - $aParams = array($sName); - $res = DBUtil::getResultArray(array($sQuery, $aParams)); - - if (count($res) != 0) - { - return true; - } - return false; - } - - //FIXME: Direct Database access - function groupExistsName ($sName) - { - $sQuery = "SELECT id FROM groups_lookup WHERE name = ?"; - $aParams = array($sName); - $res = DBUtil::getResultArray(array($sQuery, $aParams)); - - if (count($res) != 0) - { - return true; - } - return false; - } - - //FIXME: Direct Database access - function getRoleIdByName($sName) - { - $sQuery = "SELECT id FROM roles WHERE name = ?"; - $aParams = array($sName); - $res = DBUtil::getResultArray(array($sQuery, $aParams)); - return $res; - } - - //FIXME: Direct Database access - function getGroupIdByName ($sName) - { - $sQuery = "SELECT id FROM groups_lookup WHERE name = ?"; - $aParams = array($sName); - $res = DBUtil::getResultArray(array($sQuery, $aParams)); - return $res; - } - - //function taken from KTPermission.php and edited to work here - function renegeratePermissionsForRole($iRoleId, $iFolderId) { - $iStartFolderId = $iFolderId; - /* - * 1. find all folders & documents "below" this one which use the role - * definition _active_ (not necessarily present) at this point. - * 2. tell permissionutil to regen their permissions. - * - * The find algorithm is: - * - * folder_queue <- (iStartFolderId) - * while folder_queue is not empty: - * active_folder = - * for each folder in the active_folder: - * find folders in _this_ folder without a role-allocation on the iRoleId - * add them to the folder_queue - * update the folder's permissions. - * find documents in this folder: - * update their permissions. - */ - - $sRoleAllocTable = KTUtil::getTableName('role_allocations'); - $sFolderTable = KTUtil::getTableName('folders'); - $sQuery = sprintf('SELECT f.id as id FROM %s AS f LEFT JOIN %s AS ra ON (f.id = ra.folder_id) WHERE ra.id IS NULL AND f.parent_id = ?', $sFolderTable, $sRoleAllocTable); - - - $folder_queue = array($iStartFolderId); - while (!empty($folder_queue)) { - $active_folder = array_pop($folder_queue); - - $aParams = array($active_folder); - - $aNewFolders = DBUtil::getResultArrayKey(array($sQuery, $aParams), 'id'); - if (PEAR::isError($aNewFolders)) { - //$this->errorRedirectToMain(_kt('Failure to generate folderlisting.')); - echo _kt('Failure to generate folderlisting.'); - } - $folder_queue = kt_array_merge ($folder_queue, (array) $aNewFolders); // push. - - - // update the folder. - $oFolder =& Folder::get($active_folder); - if (PEAR::isError($oFolder) || ($oFolder == false)) { - //$this->errorRedirectToMain(_kt('Unable to locate folder: ') . $active_folder); - echo _kt('Unable to locate folder: ').$active_folder; - } - - KTPermissionUtil::updatePermissionLookup($oFolder); - $aDocList =& Document::getList(array('folder_id = ?', $active_folder)); - if (PEAR::isError($aDocList) || ($aDocList === false)) { - //$this->errorRedirectToMain(sprintf(_kt('Unable to get documents in folder %s: %s'), $active_folder, $aDocList->getMessage())); - echo _kt('Unable to get documents in folder ').$active_folder; - } - - foreach ($aDocList as $oDoc) { - if (!PEAR::isError($oDoc)) { - KTPermissionUtil::updatePermissionLookup($oDoc); - } - } - } - } - - /* - attempt to abstract the transaction-matching query. - - tables that are already defined (other than sec ones): - - - Documents (D) - - Users (U) - - TransactionTypes (DTT) - - Document Transactions (DT) - - so where clausess can take advantage of those. - - */ - function getTransactionsMatchingQuery($oUser, $sJoinClause, $aExternalWhereClauses, $aExternalWhereParams, $aOptions = null) { - - $sSelectItems = 'DTT.name AS transaction_name, U.name AS user_name, DT.version AS version, DT.comment AS comment, DT.datetime AS datetime, D.id as document_id, DT.transaction_namespace as namespace'; - $sBaseJoin = "FROM " . KTUtil::getTableName("document_transactions") . " AS DT " . - "INNER JOIN " . KTUtil::getTableName("users") . " AS U ON DT.user_id = U.id " . - "INNER JOIN " . KTUtil::getTableName("transaction_types") . " AS DTT ON DTT.namespace = DT.transaction_namespace " . - "INNER JOIN " . KTUtil::getTableName("documents") . " AS D ON D.id = DT.document_id "; - - // now we're almost at partialquery like status. - $perm_res = KTSearchUtil::permissionToSQL($oUser, 'ktcore.permissions.read'); - if (PEAR::isError($perm_res)) { - return $perm_res; - } - list($sPermissionString, $aPermissionParams, $sPermissionJoin) = $perm_res; - - // compile the final list - $aFinalWhere = kt_array_merge(array($sPermissionString,'D.creator_id IS NOT NULL'), $aExternalWhereClauses, array('D.status_id = ?')); - $aFinalWhereParams = kt_array_merge($aPermissionParams, $aExternalWhereParams, array(LIVE)); - - if (!is_array($aOptions)) { - $aOptions = (array) $aOptions; - } - $sOrderBy = KTUtil::arrayGet($aOptions, 'orderby', 'DT.datetime DESC'); - - // compile these. - // NBM: do we need to wrap these in ()? - $sWhereClause = implode(' AND ', $aFinalWhere); - if (!empty($sWhereClause)) { - $sWhereClause = 'WHERE ' . $sWhereClause; - } - - $sQuery = sprintf("SELECT %s %s %s %s %s ORDER BY %s", - $sSelectItems, - $sBaseJoin, - $sPermissionJoin, - $sJoinClause, - $sWhereClause, - $sOrderBy - ); - - //var_dump(array($sQuery, $aFinalWhereParams)); - - $res = DBUtil::getResultArray(array($sQuery, $aFinalWhereParams)); - //var_dump($res); exit(0); - return $res; - } -} -?> +. + * + * You can contact KnowledgeTree Inc., PO Box 7775 #87847, San Francisco, + * California 94120-7775, or email info@knowledgetree.com. + * + * The interactive user interfaces in modified source and object code versions + * of this program must display Appropriate Legal Notices, as required under + * Section 5 of the GNU General Public License version 3. + * + * In accordance with Section 7(b) of the GNU General Public License version 3, + * these Appropriate Legal Notices must retain the display of the "Powered by + * KnowledgeTree" logo and retain the original copyright notice. If the display of the + * logo is not reasonably feasible for technical reasons, the Appropriate Legal Notices + * must display the words "Powered by KnowledgeTree" and retain the original + * copyright notice. + * Contributor( s): ______________________________________ + * + */ + +require_once("config/dmsDefaults.php"); +require_once(KT_DIR . "/ktapi/ktapi.inc.php"); +require_once(KT_LIB_DIR . "/plugins/plugin.inc.php"); +require_once(KT_LIB_DIR . "/plugins/pluginregistry.inc.php"); +require_once(KT_LIB_DIR . "/dashboard/dashlet.inc.php"); +require_once(KT_DIR . "/plugins/ktcore/KTFolderActions.php"); +require_once(KT_DIR . "/ktapi/KTAPIFolder.inc.php"); +require_once(KT_LIB_DIR . "/roles/Role.inc"); +require_once(KT_LIB_DIR . "/roles/roleallocation.inc.php"); +require_once(KT_LIB_DIR . "/permissions/permissionutil.inc.php"); +require_once(KT_LIB_DIR . '/mime.inc.php'); +/* This page is run via an AJAX call from the update.js for this plugin. + * It checks to see if both the dropdocuments folder and the users personal folder exist. + * If they don't, it creates them and assigns permission and roles accordingly. + * If the dropdocuments folder does exist it checks if the WorkSpaceOwner role exists. + * If the role exists it assigns the current user to the role on the dropdocuments folder. + * Therefore any users running the plugin after the dropdocuments folder has been created will have access to it too. + * The underlying logic is that everyone is assigned to the WorkSpaceOwner Role, they have all permission except + * Delete, Rename Folder, Manage security and Manage workflow on the dropdocuments folder. + * This role is then assigned to their personal folder too (which is named according to their username) and is overidden + * to give only the current user full rights to their folder. + * Essentially everyone can look at the dropdocuments folder but will only see their own folder within it. + */ + +class MyDropDocumentsPage extends KTStandardDispatcher { + + function do_main() { + + $iRootID = (int)1; + $oUser = $this->oUser; + $sUserName = (string)$this->oUser->getUserName(); + $this->ktapi = new KTAPI(); + $this->session = $this->ktapi->start_system_session(); + + if(!Folder::FolderExistsName('DroppedDocuments', $iRootID)) + { + + $root=$this->ktapi->get_root_folder(); + + //Create dropdocuments folder + $userFolder = $root->add_folder('DroppedDocuments'); + + //In order to stop permission inheritance a copy of the parent permission object is created. + //This copy is then used to set separate permissions for this folder. + KTPermissionUtil::copyPermissionObject($userFolder->get_folder()); + + //If WorkSpaceOwner role doesn't exist, create it + if(!$this->roleExistsName('WorkSpaceOwner')) + { + $oWorkSpaceOwnerRole = $this->createRole('WorkSpaceOwner'); + if ($oWorkSpaceOwnerRole == null) + { + $this->session->logout(); + return _kt('Error: Failed to create WorkSpaceOwner Role'); + } + } + + //$root=$this->ktapi->get_root_folder(); + //$personalFolder = $root->get_folder_by_name('/dropdocuments/'.$sUserName); + + //Get the folder object + $userFolderObject = $userFolder->get_folder(); + + //Get the permission object from the dropdocuments folder object + $oUserPO = KTPermissionObject::get($userFolderObject->getPermissionObjectId()); + + //Check to see if there are duplicate WorkSpaceOwner roles. + if (count($this->getRoleIdByName('WorkSpaceOwner')) > 1) + { + $this->session->logout(); + return _kt('Error: cannot set user role permissions: more than one role named \'WorkSpaceOwner\' exists'); + + } + + //call the function to set the permission on the dropdocuments folder + $this->setUserDocsPermissions($oUserPO); + + //Assign the current user to the WorkSpaceOwner role + $this->setUserDocsRoleAllocation($userFolderObject); + + } + else + { + + $root = $this->ktapi->get_root_folder(); + $userFolder = $root->get_folder_by_name('/DroppedDocuments'); + + //Get the dropdocuments folder object + $userFolderObject = $userFolder->get_folder(); + + if(!$this->roleExistsName('WorkSpaceOwner')) + { + + $oWorkSpaceOwnerRole = $this->createRole('WorkSpaceOwner'); + if ($oWorkSpaceOwnerRole == null) + { + $this->session->logout(); + return _kt('Error: Failed to create WorkSpaceOwner Role'); + } + + //set permissions + $oUserPO = KTPermissionObject::get($userFolderObject->getPermissionObjectId()); + $this->setUserDocsPermissions($oUserPO); + //assign current user to role + $this->setUserDocsRoleAllocation($userFolderObject); + } + else + { + + //update WrokSpaceOwner role to include current user + $this->updateUserDocsRoleAllocation($userFolderObject); + } + + } + + $iUserDocsFolderID = $this->getFolderID('DroppedDocuments'); + $oUserDocsFolder = Folder::get($iUserDocsFolderID); + + if(!Folder::FolderExistsName($sUserName, $iUserDocsFolderID)) + { + + + $root=$this->ktapi->get_root_folder(); + $userDocsFolder = $root->get_folder_by_name('/DroppedDocuments'); + + //create the personal folder. (Use the username to create it) + $personalFolder = $userDocsFolder->add_folder($sUserName); + + //Copy the permission object to stop permission inheritance + KTPermissionUtil::copyPermissionObject($personalFolder->get_folder()); + + //The role should exist by now. + //In both the if and else statements for the dropdocuments above the role is created + //If its doesn't exist by now there is an error + if(!$this->roleExistsName('WorkSpaceOwner')) + { + + $this->session->logout(); + return _kt('Error: WorkSpaceOwner Role not setup, cannot assign to Personal Folder'); + + } + + $personalFolderRole = $root->get_folder_by_name('/DroppedDocuments/'.$sUserName); + $PersonalFolderObject = ($personalFolderRole->get_folder()); + + //Get permission object + $oPO = KTPermissionObject::get($PersonalFolderObject->getPermissionObjectId()); + + //Check for duplicate WorkSpaceOwner roles + if (count($this->getRoleIdByName('WorkSpaceOwner')) > 1) + { + $this->session->logout(); + return _kt('Error: cannot set personal folder role permissions: more than one role named \'WorkSpaceOwner\' exists'); + + } + + $this->setPersonalFolderPermissions($oPO); + + $this->updatePersonalFolderRoleAllocation($PersonalFolderObject); + + + //folder just created so no top list of last modified documents + + $iMyDocsFolderID = $this->getFolderID($sUserName); + $this->session->logout(); + return _kt(' You do not have any dropped documents


'); + + + } + + else //if personal folder does exist + { + //Getting personal folder id + $iMyDocsFolderID = $this->getFolderID($sUserName); + + + if(!$this->roleExistsName('WorkSpaceOwner')) + { + $this->session->logout(); + return _kt('Error: WorkSpaceOwner Role does not exist'); + } + else + { + + $oTempPersonalFolder = $root->get_folder_by_name('/DroppedDocuments/'.$sUserName); + $oPersonalFolder = $oTempPersonalFolder->get_folder(); + //update WorkSpaceOwner role to include current user + + //Get permission object + $oPO = KTPermissionObject::get($oPersonalFolder->getPermissionObjectId()); + + $this->setPersonalFolderPermissions($oPO); + + $this->updatePersonalFolderRoleAllocation($oPersonalFolder); + + } + + + + $aExternalWhereClauses[] = '(DT.transaction_namespace IN (?,?,?) AND (D.parent_folder_ids LIKE "%,'.$iMyDocsFolderID.',%" OR D.parent_folder_ids LIKE "%,'.$iMyDocsFolderID.'"))'; + $aExternalWhereParams[] = 'ktcore.transactions.create'; + $aExternalWhereParams[] = 'ktcore.transactions.check_in'; + $aExternalWhereParams[] = 'ktcore.transactions.event'; + + + $aDocumentTransactions = $this->getTransactionsMatchingQuery($oUser, '', $aExternalWhereClauses, $aExternalWhereParams); + if (empty($aDocumentTransactions)) + { + $this->session->logout(); + return _kt(' You do not have any dropped documents


'); + } + + $maxcount = 5; + $aDocumentTransactions = array_slice($aDocumentTransactions, 0, $maxcount); + + $sReturnTable = ''._kt('Recently Dropped Documents').' + + + + + + + + + '; + + $sOddorEven = ''; + $count = 1; + foreach ($aDocumentTransactions as $aRow) + { + $oDocument = Document::get($aRow[document_id]); + $aParentFolders = explode('/',$oDocument->getFullPath()); + $sPath = ''; + + for($i = 0; $i < count($aParentFolders); $i++) + { + if ($i > 2) + { + $sPath .= '/'.$aParentFolders[$i]; + } + } + + $sContentType = KTMime::getIconPath($oDocument->getMimeTypeID()); + $aAnchorData = $this->getDocInfo($aRow[document_id]); + $sLink = $aAnchorData[0]; + $sDocName = $aAnchorData[1]; + $sShortDocName = $sDocName; + if(strlen($sPath) > 0) + { + $sDocName = $sPath.'/'.$sDocName; + } + + $sFullDocName = $sDocName; + $iDocLength = strlen($sDocName); + if ( $iDocLength > 30 ) + { + $sDocName = substr($sDocName, ($iDocLength - 30), $iDocLength); + $sDocName = '...'.$sDocName; + } + + if($count%2 == 0) + { + $sOddorEven = 'even'; + } + else + { + $sOddorEven = 'odd'; + } + + $sReturnTable .= ''. + ''. + ''. + ''; + $count ++; + } + + $location = 'browse.php?fFolderId='.$iMyDocsFolderID; + $sReturnTable .= ''. + '
'._kt('Document').''._kt('Date Dropped').'
'.$sDocName.''.$aRow[datetime].'
'. + '
'. + ''._kt(' View All').'

'; + $this->session->logout(); + + return $sReturnTable; + + } + } + + function handleOutput($sOutput) { + print $sOutput; + } + + //This function is used to set the permission on the dropdocuments folder + function setUserDocsPermissions($oUserPO) + { + //arrays returned from get Role ID's + $aWorkSpaceOwnerRoleID = $this->getRoleIdByName('WorkSpaceOwner'); + $aAdminGroupID = $this->getGroupIdByName('System Administrators'); + + //arrays used to make integers for $aAllowed array variable + $iWorkSpaceOwnerRoleID = $aWorkSpaceOwnerRoleID[0]['id']; + $iAdminGroupID = $aAdminGroupID[0]['id']; + //$aBothAllowed is used to give permissions to the admin group and the WorkSpaceOwner role + $aBothAllowed = array('group' => array($iAdminGroupID), 'role' => array($iWorkSpaceOwnerRoleID)); + + //$aAdminAllowed is used to give permissions to the admin group only + $aAdminAllowed = array('group' => array($iAdminGroupID)); + + //Get the list of permissions + $aPermissions = KTPermission::getList(); + + foreach ($aPermissions as $oPermission) + { + //If the permission is not one of the below then both are allowed the permission + //Otherwise only the admin group is allowed the permission + if($oPermission->getHumanName() != 'Delete' && $oPermission->getHumanName() != 'Rename Folder' + && $oPermission->getHumanName() != 'Manage security' && $oPermission->getHumanName() != 'Manage workflow') + { + KTPermissionUtil::setPermissionForId($oPermission, $oUserPO, $aBothAllowed); + } + else + { + KTPermissionUtil::setPermissionForId($oPermission, $oUserPO, $aAdminAllowed); + } + } + + //UPdate the permission lookup + KTPermissionUtil::updatePermissionLookupForPO($oUserPO); + } + + //This function is used for allocating the user to the WorkSpaceOwner role only when the dropdocuments folder + //has just been created. + function setUserDocsRoleAllocation($oUserFolderObject) + { + $userFolderID = $oUserFolderObject->getId(); + + $tempWorkSpaceOwnerRoleID = $this->getRoleIdByName('WorkSpaceOwner'); + $WorkSpaceOwnerRoleID = $tempWorkSpaceOwnerRoleID[0]['id']; + + //create a new role allocation + $oDropdocumentsRoleAllocation = new RoleAllocation(); + if ($oDropdocumentsRoleAllocation == null) + { + $this->session->logout(); + return _kt('Error: cannot create WorkSpaceOwner role allocation'); + } + + //set the folder and role for the allocation + $oDropdocumentsRoleAllocation->setFolderId($userFolderID); + $oDropdocumentsRoleAllocation->setRoleId($WorkSpaceOwnerRoleID); + + $aWorkSpaceOwnerRoleAllowed = array(); + $oDropdocumentsRoleAllocation->setAllowed($aWorkSpaceOwnerRoleAllowed); + //It might be a problem that i'm not doing a "start transaction" here. + //Unable to roll back in event of db failure + $res = $oDropdocumentsRoleAllocation->create(); + + //The role is created and then updated by adding the current user to the allowed list + + $oPD = $oDropdocumentsRoleAllocation->getPermissionDescriptor(); + $aWorkSpaceOwnerRoleAssignAllowed = $oPD->getAllowed(); + $aUserId[] = $this->oUser->getId(); + $aWorkSpaceOwnerRoleAssignAllowed['user'] = $aUserId; + $oDropdocumentsRoleAllocation->setAllowed($aWorkSpaceOwnerRoleAssignAllowed); + $res = $oDropdocumentsRoleAllocation->update(); + + //Update all info linked to the role + $this->renegeratePermissionsForRole($oDropdocumentsRoleAllocation->getRoleId(), $userFolderID); + } + + //This function is used to allocate the current user to the WorkSpaceOwner role after the Dropdocuments folder + //has already been created. + function updateUserDocsRoleAllocation($oUserFolder) + { + $userFolderID = $oUserFolder->getId(); + $tempWorkSpaceOwnerRoleID = $this->getRoleIdByName('WorkSpaceOwner');//$oUserRole->getId(); + $WorkSpaceOwnerRoleID = $tempWorkSpaceOwnerRoleID[0]['id']; + + //Get the role allocation object for the Dropdocuments folder and the WorkSpaceOwner role + $oDropdocumentsRoleAllocation = $oRoleAllocation = RoleAllocation::getAllocationsForFolderAndRole($userFolderID, $WorkSpaceOwnerRoleID); + + //check that the object is not null + if ($oDropdocumentsRoleAllocation == null) + { + $this->session->logout(); + return _kt('Error: cannot find WorkSpaceOwner role allocation'); + } + + $oPD = $oDropdocumentsRoleAllocation->getPermissionDescriptor(); + $aWorkSpaceOwnerRoleAssignAllowed = $oPD->getAllowed(); + + //If the user ID is not in the allowed list already then add it to the list. + if(!in_array($this->oUser->getId(), $aWorkSpaceOwnerRoleAssignAllowed['user'])) + { + $aNewAllowed = array(); + $aNewAllowed = $aWorkSpaceOwnerRoleAssignAllowed['user']; + $aNewAllowed[] = $this->oUser->getId(); + $aWorkSpaceOwnerRoleAssignAllowed['user'] = $aNewAllowed; + $oDropdocumentsRoleAllocation->setAllowed($aWorkSpaceOwnerRoleAssignAllowed); + $res = $oDropdocumentsRoleAllocation->update(); + $this->renegeratePermissionsForRole($oDropdocumentsRoleAllocation->getRoleId(), $userFolderID); + } + } + + function setPersonalFolderPermissions($oPO) + { + $aWorkSpaceOwnerRoleID = $this->getRoleIdByName('WorkSpaceOwner'); + $aAdminGroupID = $this->getGroupIdByName('System Administrators'); + + //arrays used to make integers for $aAllowed array variable + $iWorkSpaceOwnerRoleID = $aWorkSpaceOwnerRoleID[0]['id']; + $iAdminGroupID = $aAdminGroupID[0]['id']; + + //set permissions for the role and the admin group + $aAllowed = array('role' => array($iWorkSpaceOwnerRoleID), 'group' => array($iAdminGroupID)); + + //Get the List of all the permissions + $aPersonalFolderPermissions = KTPermission::getList(); + + //Iterate through and apply all permissions to the current user and the admin group + foreach ($aPersonalFolderPermissions as $oPersonalFolderPermission) + { + KTPermissionUtil::setPermissionForId($oPersonalFolderPermission, $oPO, $aAllowed); + + } + + //Update permission lookup + KTPermissionUtil::updatePermissionLookupForPO($oPO); + } + + function updatePersonalFolderRoleAllocation($oPersonalFolder) + { + //Assign user to the WorkSpaceOwner role + $personalFolderID = $oPersonalFolder->getId(); + $tempWorkSpaceOwnerRoleID = $this->getRoleIdByName('WorkSpaceOwner'); + $WorkSpaceOwnerRoleID = $tempWorkSpaceOwnerRoleID[0]['id']; + + $oRoleAllocation = new RoleAllocation(); + if ($oRoleAllocation == null) + { + $this->session->logout(); + return _kt('Error: Cannot create WorkSpaceOwner role allocation on personal folder'); + } + $oRoleAllocation->setFolderId($personalFolderID); + $oRoleAllocation->setRoleId($WorkSpaceOwnerRoleID); + + $aRoleAllowed = array(); + $oRoleAllocation->setAllowed($aRoleAllowed); + + //It might be a problem that i'm not doing a "start transaction" here. + //Unable to roll back in event of db failure + $res = $oRoleAllocation->create(); + + //The role is first created and then the current user is allocated to the role below + + $oPD = $oRoleAllocation->getPermissionDescriptor(); + $aRoleAssignAllowed = $oPD->getAllowed(); + $aUserId[] = $this->oUser->getId(); + $aRoleAssignAllowed['user'] = $aUserId; + $oRoleAllocation->setAllowed($aRoleAssignAllowed); + $res = $oRoleAllocation->update(); + $this->renegeratePermissionsForRole($oRoleAllocation->getRoleId(), $personalFolderID); + } + + //FIXME: Direct Database access + function getFolderID($sFolderName) { + $sQuery = 'SELECT id FROM folders WHERE name = \''.$sFolderName.'\''; + + $id = DBUtil::getResultArray($sQuery); + return $id[0]['id']; + } + + //this function returns the document link and document name to be displayed on the dashlet + function getDocInfo($iDocId) { + $oDocument = Document::get($iDocId); + + if (PEAR::isError($oDocument)) { + return _kt('Document no longer exists.'); + } + + $sName = htmlentities($oDocument->getName(), ENT_NOQUOTES, 'UTF-8'); + $sLink = KTBrowseUtil::getUrlForDocument($oDocument); + + $aAnchorData = array(); + $aAnchorData[] = $sLink; + $aAnchorData[] = $sName; + return $aAnchorData; + } + + //This function is used to create the role, role allocation is done separately + function createRole ($sName) + { + $this->startTransaction(); + $oRole = Role::createFromArray(array('name' => $sName)); + + if (PEAR::isError($oRole) || ($oRole == false)) + { + if ($this->bTransactionStarted) + { + $this->rollbackTransaction(); + } + //return null on failure + return null; + } + else + { + return $oRole; + + } + } + + //FIXME: Direct Database access + function roleExistsName ($sName) + { + $sQuery = "SELECT id FROM roles WHERE name = ?"; + $aParams = array($sName); + $res = DBUtil::getResultArray(array($sQuery, $aParams)); + + if (count($res) != 0) + { + return true; + } + return false; + } + + //FIXME: Direct Database access + function groupExistsName ($sName) + { + $sQuery = "SELECT id FROM groups_lookup WHERE name = ?"; + $aParams = array($sName); + $res = DBUtil::getResultArray(array($sQuery, $aParams)); + + if (count($res) != 0) + { + return true; + } + return false; + } + + //FIXME: Direct Database access + function getRoleIdByName($sName) + { + $sQuery = "SELECT id FROM roles WHERE name = ?"; + $aParams = array($sName); + $res = DBUtil::getResultArray(array($sQuery, $aParams)); + return $res; + } + + //FIXME: Direct Database access + function getGroupIdByName ($sName) + { + $sQuery = "SELECT id FROM groups_lookup WHERE name = ?"; + $aParams = array($sName); + $res = DBUtil::getResultArray(array($sQuery, $aParams)); + return $res; + } + + //function taken from KTPermission.php and edited to work here + function renegeratePermissionsForRole($iRoleId, $iFolderId) { + $iStartFolderId = $iFolderId; + /* + * 1. find all folders & documents "below" this one which use the role + * definition _active_ (not necessarily present) at this point. + * 2. tell permissionutil to regen their permissions. + * + * The find algorithm is: + * + * folder_queue <- (iStartFolderId) + * while folder_queue is not empty: + * active_folder = + * for each folder in the active_folder: + * find folders in _this_ folder without a role-allocation on the iRoleId + * add them to the folder_queue + * update the folder's permissions. + * find documents in this folder: + * update their permissions. + */ + + $sRoleAllocTable = KTUtil::getTableName('role_allocations'); + $sFolderTable = KTUtil::getTableName('folders'); + $sQuery = sprintf('SELECT f.id as id FROM %s AS f LEFT JOIN %s AS ra ON (f.id = ra.folder_id) WHERE ra.id IS NULL AND f.parent_id = ?', $sFolderTable, $sRoleAllocTable); + + + $folder_queue = array($iStartFolderId); + while (!empty($folder_queue)) { + $active_folder = array_pop($folder_queue); + + $aParams = array($active_folder); + + $aNewFolders = DBUtil::getResultArrayKey(array($sQuery, $aParams), 'id'); + if (PEAR::isError($aNewFolders)) { + //$this->errorRedirectToMain(_kt('Failure to generate folderlisting.')); + echo _kt('Failure to generate folderlisting.'); + } + $folder_queue = kt_array_merge ($folder_queue, (array) $aNewFolders); // push. + + + // update the folder. + $oFolder =& Folder::get($active_folder); + if (PEAR::isError($oFolder) || ($oFolder == false)) { + //$this->errorRedirectToMain(_kt('Unable to locate folder: ') . $active_folder); + echo _kt('Unable to locate folder: ').$active_folder; + } + + KTPermissionUtil::updatePermissionLookup($oFolder); + $aDocList =& Document::getList(array('folder_id = ?', $active_folder)); + if (PEAR::isError($aDocList) || ($aDocList === false)) { + //$this->errorRedirectToMain(sprintf(_kt('Unable to get documents in folder %s: %s'), $active_folder, $aDocList->getMessage())); + echo _kt('Unable to get documents in folder ').$active_folder; + } + + foreach ($aDocList as $oDoc) { + if (!PEAR::isError($oDoc)) { + KTPermissionUtil::updatePermissionLookup($oDoc); + } + } + } + } + + /* + attempt to abstract the transaction-matching query. + + tables that are already defined (other than sec ones): + + - Documents (D) + - Users (U) + - TransactionTypes (DTT) + - Document Transactions (DT) + + so where clausess can take advantage of those. + + */ + function getTransactionsMatchingQuery($oUser, $sJoinClause, $aExternalWhereClauses, $aExternalWhereParams, $aOptions = null) { + + $sSelectItems = 'DTT.name AS transaction_name, U.name AS user_name, DT.version AS version, DT.comment AS comment, DT.datetime AS datetime, D.id as document_id, DT.transaction_namespace as namespace'; + $sBaseJoin = "FROM " . KTUtil::getTableName("document_transactions") . " AS DT " . + "INNER JOIN " . KTUtil::getTableName("users") . " AS U ON DT.user_id = U.id " . + "INNER JOIN " . KTUtil::getTableName("transaction_types") . " AS DTT ON DTT.namespace = DT.transaction_namespace " . + "INNER JOIN " . KTUtil::getTableName("documents") . " AS D ON D.id = DT.document_id "; + + // now we're almost at partialquery like status. + $perm_res = KTSearchUtil::permissionToSQL($oUser, 'ktcore.permissions.read'); + if (PEAR::isError($perm_res)) { + return $perm_res; + } + list($sPermissionString, $aPermissionParams, $sPermissionJoin) = $perm_res; + + // compile the final list + $aFinalWhere = kt_array_merge(array($sPermissionString,'D.creator_id IS NOT NULL'), $aExternalWhereClauses, array('D.status_id = ?')); + $aFinalWhereParams = kt_array_merge($aPermissionParams, $aExternalWhereParams, array(LIVE)); + + if (!is_array($aOptions)) { + $aOptions = (array) $aOptions; + } + $sOrderBy = KTUtil::arrayGet($aOptions, 'orderby', 'DT.datetime DESC'); + + // compile these. + // NBM: do we need to wrap these in ()? + $sWhereClause = implode(' AND ', $aFinalWhere); + if (!empty($sWhereClause)) { + $sWhereClause = 'WHERE ' . $sWhereClause; + } + + $sQuery = sprintf("SELECT %s %s %s %s %s ORDER BY %s", + $sSelectItems, + $sBaseJoin, + $sPermissionJoin, + $sJoinClause, + $sWhereClause, + $sOrderBy + ); + + //var_dump(array($sQuery, $aFinalWhereParams)); + + $res = DBUtil::getResultArray(array($sQuery, $aFinalWhereParams)); + //var_dump($res); exit(0); + return $res; + } +} +?> diff --git a/plugins/ktcore/KTCorePlugin.php b/plugins/ktcore/KTCorePlugin.php index 52aeda3..5d1db9a 100644 --- a/plugins/ktcore/KTCorePlugin.php +++ b/plugins/ktcore/KTCorePlugin.php @@ -320,27 +320,27 @@ class KTCorePlugin extends KTPlugin { //config $this->registerAdminPage('emailconfigpage', 'EmailConfigPageDispatcher', 'config', _kt('Email Settings'), _kt('Manage Email Settings'), - '/admin/configSettings.php', null); + 'admin/configSettings.php', null); $this->registerAdminPage('uiconfigpage', 'UIConfigPageDispatcher', 'config', _kt('User Interface Settings'), _kt('Manage User Interface Settings'), - '/admin/configSettings.php', null); + 'admin/configSettings.php', null); $this->registerAdminPage('searchandindexingconfigpage', 'SearchAndIndexingConfigPageDispatcher', 'config', _kt('Search and Indexing Settings'), _kt('Manage Search and Indexing Settings'), - '/admin/configSettings.php', null); + 'admin/configSettings.php', null); $this->registerAdminPage('clientconfigpage', 'ClientSettingsConfigPageDispatcher', 'config', _kt('Client Tools Settings'), _kt('Manage Client Tools Settings'), - '/admin/configSettings.php', null); + 'admin/configSettings.php', null); $this->registerAdminPage('generalconfigpage', 'GeneralConfigPageDispatcher', 'config', _kt('General Settings'), _kt('Manage General Settings'), - '/admin/configSettings.php', null); + 'admin/configSettings.php', null); $this->registerAdminPage('i18nconfigpage', 'i18nConfigPageDispatcher', 'config', _kt('Internationalisation Settings'), _kt('Manage Internationalisation Settings'), - '/admin/configSettings.php', null); + 'admin/configSettings.php', null); // misc $this->registerAdminPage('helpmanagement', 'ManageHelpDispatcher', 'misc', -- libgit2 0.21.4