Peter M. Groen / knowledgetree

Commit 36d479c6e1f477a3ecd113ed00a51d8cfecc5442

Authored by bshuttle
1 parent b3a8d64b

fix for KTS-972(?): Owner and Anonymous roles don't work properly for browse/search 

The problem is the way that permission-descriptors for the current users are
generated.  Before, this was done both in permissionutil and searchutil:
both now use KTSearchUtil::getPermissionDescriptorsForUser.  Secondly,
these functions were only considering group permissions.  Now, these
check for the two magic roles (-3 and -4) as well as user-specific ones
(e.g. those generated by roles with user-entries - like Owner)


git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@5408 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 4 changed files with 22 additions and 5 deletions
lib/browse/PartialQuery.inc.php
  View file @36d479c
... ... @@ -97,6 +97,7 @@ class BrowseQuery extends PartialQuery{
97 97 if (PEAR::isError($res)) {
98 98 return $res;
99 99 }
  100 + //var_dump($res);
100 101 list($sPermissionString, $aPermissionParams, $sPermissionJoin) = $res;
101 102 $aPotentialWhere = array($sPermissionString, 'D.folder_id = ?', 'D.status_id = 1');
102 103 $aWhere = array();
... ...
lib/permissions/permissiondescriptor.inc.php
  View file @36d479c
... ... @@ -425,14 +425,22 @@ class KTPermissionDescriptor extends KTEntity {
425 425 // }}}
426 426  
427 427 // {{{ STATIC: getByUser
428   - function &getByUser($oUser) {
  428 + function &getByUser($oUser, $aOptions = null) {
429 429 $sTable = KTUtil::getTableName('permission_descriptor_users');
430 430 $sQuery = "SELECT descriptor_id FROM $sTable WHERE user_id = ?";
431 431 $aParams = array($oUser->getID());
432 432 $aIDs = DBUtil::getResultArrayKey(array($sQuery, $aParams), 'descriptor_id');
  433 + if (is_null($aOptions)) {
  434 + $aOptions = array();
  435 + }
  436 + $ids = KTUtil::arrayGet($aOptions, 'ids');
433 437 $aRet = array();
434 438 foreach ($aIDs as $iID) {
435   - $aRet[] =& KTPermissionDescriptor::get($iID);
  439 + if ($ids === true) {
  440 + $aRet[] = $iID;
  441 + } else {
  442 + $aRet[] =& KTPermissionDescriptor::get($iID);
  443 + }
436 444 }
437 445 return $aRet;
438 446 }
... ...
lib/permissions/permissionutil.inc.php
  View file @36d479c
... ... @@ -623,8 +623,17 @@ class KTPermissionUtil {
623 623 // {{{ getPermissionDescriptorsForUser
624 624 function getPermissionDescriptorsForUser($oUser) {
625 625 $aGroups = GroupUtil::listGroupsForUserExpand($oUser);
  626 + $roles = array(-3); // everyone
  627 + $aEveryoneDescriptors = array();
  628 + $aAuthenticatedDescriptors = array();
  629 + if (!$oUser->isAnonymous()) {
  630 + // authenticated
  631 + $roles[] = -4;
  632 + }
  633 + $aRoleDescriptors = KTPermissionDescriptor::getByRoles($roles, array('ids' => true));
626 634 $aPermissionDescriptors = KTPermissionDescriptor::getByGroups($aGroups, array('ids' => true));
627   - return $aPermissionDescriptors;
  635 + $aUserDescriptors = KTPermissionDescriptor::getByUser($oUser, array('ids' => true));
  636 + return kt_array_merge($aPermissionDescriptors, $aUserDescriptors, $aRoleDescriptors);
628 637 }
629 638 // }}}
630 639 }
... ...
lib/search/searchutil.inc.php
  View file @36d479c
... ... @@ -190,8 +190,7 @@ class KTSearchUtil {
190 190 INNER JOIN $sPermissionLookupsTable AS PL ON $sItemTableName.permission_lookup_id = PL.id
191 191 INNER JOIN $sPermissionLookupAssignmentsTable AS PLA ON PL.id = PLA.permission_lookup_id AND PLA.permission_id = ?
192 192 ";
193   - $aGroups = GroupUtil::listGroupsForUserExpand($oUser);
194   - $aPermissionDescriptors = KTPermissionDescriptor::getByGroups($aGroups, array('ids' => true));
  193 + $aPermissionDescriptors = KTPermissionUtil::getPermissionDescriptorsForUser($oUser);
195 194 if (count($aPermissionDescriptors) === 0) {
196 195 return PEAR::raiseError('You have no permissions');
197 196 }
... ...