Commit 36d479c6e1f477a3ecd113ed00a51d8cfecc5442
1 parent
b3a8d64b
fix for KTS-972(?): Owner and Anonymous roles don't work properly for browse/search
The problem is the way that permission-descriptors for the current users are generated. Before, this was done both in permissionutil and searchutil: both now use KTSearchUtil::getPermissionDescriptorsForUser. Secondly, these functions were only considering group permissions. Now, these check for the two magic roles (-3 and -4) as well as user-specific ones (e.g. those generated by roles with user-entries - like Owner) git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@5408 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
4 changed files
with
22 additions
and
5 deletions
lib/browse/PartialQuery.inc.php
| @@ -97,6 +97,7 @@ class BrowseQuery extends PartialQuery{ | @@ -97,6 +97,7 @@ class BrowseQuery extends PartialQuery{ | ||
| 97 | if (PEAR::isError($res)) { | 97 | if (PEAR::isError($res)) { |
| 98 | return $res; | 98 | return $res; |
| 99 | } | 99 | } |
| 100 | + //var_dump($res); | ||
| 100 | list($sPermissionString, $aPermissionParams, $sPermissionJoin) = $res; | 101 | list($sPermissionString, $aPermissionParams, $sPermissionJoin) = $res; |
| 101 | $aPotentialWhere = array($sPermissionString, 'D.folder_id = ?', 'D.status_id = 1'); | 102 | $aPotentialWhere = array($sPermissionString, 'D.folder_id = ?', 'D.status_id = 1'); |
| 102 | $aWhere = array(); | 103 | $aWhere = array(); |
lib/permissions/permissiondescriptor.inc.php
| @@ -425,14 +425,22 @@ class KTPermissionDescriptor extends KTEntity { | @@ -425,14 +425,22 @@ class KTPermissionDescriptor extends KTEntity { | ||
| 425 | // }}} | 425 | // }}} |
| 426 | 426 | ||
| 427 | // {{{ STATIC: getByUser | 427 | // {{{ STATIC: getByUser |
| 428 | - function &getByUser($oUser) { | 428 | + function &getByUser($oUser, $aOptions = null) { |
| 429 | $sTable = KTUtil::getTableName('permission_descriptor_users'); | 429 | $sTable = KTUtil::getTableName('permission_descriptor_users'); |
| 430 | $sQuery = "SELECT descriptor_id FROM $sTable WHERE user_id = ?"; | 430 | $sQuery = "SELECT descriptor_id FROM $sTable WHERE user_id = ?"; |
| 431 | $aParams = array($oUser->getID()); | 431 | $aParams = array($oUser->getID()); |
| 432 | $aIDs = DBUtil::getResultArrayKey(array($sQuery, $aParams), 'descriptor_id'); | 432 | $aIDs = DBUtil::getResultArrayKey(array($sQuery, $aParams), 'descriptor_id'); |
| 433 | + if (is_null($aOptions)) { | ||
| 434 | + $aOptions = array(); | ||
| 435 | + } | ||
| 436 | + $ids = KTUtil::arrayGet($aOptions, 'ids'); | ||
| 433 | $aRet = array(); | 437 | $aRet = array(); |
| 434 | foreach ($aIDs as $iID) { | 438 | foreach ($aIDs as $iID) { |
| 435 | - $aRet[] =& KTPermissionDescriptor::get($iID); | 439 | + if ($ids === true) { |
| 440 | + $aRet[] = $iID; | ||
| 441 | + } else { | ||
| 442 | + $aRet[] =& KTPermissionDescriptor::get($iID); | ||
| 443 | + } | ||
| 436 | } | 444 | } |
| 437 | return $aRet; | 445 | return $aRet; |
| 438 | } | 446 | } |
lib/permissions/permissionutil.inc.php
| @@ -623,8 +623,17 @@ class KTPermissionUtil { | @@ -623,8 +623,17 @@ class KTPermissionUtil { | ||
| 623 | // {{{ getPermissionDescriptorsForUser | 623 | // {{{ getPermissionDescriptorsForUser |
| 624 | function getPermissionDescriptorsForUser($oUser) { | 624 | function getPermissionDescriptorsForUser($oUser) { |
| 625 | $aGroups = GroupUtil::listGroupsForUserExpand($oUser); | 625 | $aGroups = GroupUtil::listGroupsForUserExpand($oUser); |
| 626 | + $roles = array(-3); // everyone | ||
| 627 | + $aEveryoneDescriptors = array(); | ||
| 628 | + $aAuthenticatedDescriptors = array(); | ||
| 629 | + if (!$oUser->isAnonymous()) { | ||
| 630 | + // authenticated | ||
| 631 | + $roles[] = -4; | ||
| 632 | + } | ||
| 633 | + $aRoleDescriptors = KTPermissionDescriptor::getByRoles($roles, array('ids' => true)); | ||
| 626 | $aPermissionDescriptors = KTPermissionDescriptor::getByGroups($aGroups, array('ids' => true)); | 634 | $aPermissionDescriptors = KTPermissionDescriptor::getByGroups($aGroups, array('ids' => true)); |
| 627 | - return $aPermissionDescriptors; | 635 | + $aUserDescriptors = KTPermissionDescriptor::getByUser($oUser, array('ids' => true)); |
| 636 | + return kt_array_merge($aPermissionDescriptors, $aUserDescriptors, $aRoleDescriptors); | ||
| 628 | } | 637 | } |
| 629 | // }}} | 638 | // }}} |
| 630 | } | 639 | } |
lib/search/searchutil.inc.php
| @@ -190,8 +190,7 @@ class KTSearchUtil { | @@ -190,8 +190,7 @@ class KTSearchUtil { | ||
| 190 | INNER JOIN $sPermissionLookupsTable AS PL ON $sItemTableName.permission_lookup_id = PL.id | 190 | INNER JOIN $sPermissionLookupsTable AS PL ON $sItemTableName.permission_lookup_id = PL.id |
| 191 | INNER JOIN $sPermissionLookupAssignmentsTable AS PLA ON PL.id = PLA.permission_lookup_id AND PLA.permission_id = ? | 191 | INNER JOIN $sPermissionLookupAssignmentsTable AS PLA ON PL.id = PLA.permission_lookup_id AND PLA.permission_id = ? |
| 192 | "; | 192 | "; |
| 193 | - $aGroups = GroupUtil::listGroupsForUserExpand($oUser); | ||
| 194 | - $aPermissionDescriptors = KTPermissionDescriptor::getByGroups($aGroups, array('ids' => true)); | 193 | + $aPermissionDescriptors = KTPermissionUtil::getPermissionDescriptorsForUser($oUser); |
| 195 | if (count($aPermissionDescriptors) === 0) { | 194 | if (count($aPermissionDescriptors) === 0) { |
| 196 | return PEAR::raiseError('You have no permissions'); | 195 | return PEAR::raiseError('You have no permissions'); |
| 197 | } | 196 | } |