Commit 3959695ad2593cce8899ee30c484f207315ef77d
1 parent
dad3e991
Override permissions based on the state of the document.
git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@4807 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
1 changed file
with
31 additions
and
0 deletions
lib/permissions/permissionutil.inc.php
| @@ -12,6 +12,8 @@ require_once(KT_LIB_DIR . "/permissions/permissiondynamiccondition.inc.php"); | @@ -12,6 +12,8 @@ require_once(KT_LIB_DIR . "/permissions/permissiondynamiccondition.inc.php"); | ||
| 12 | require_once(KT_LIB_DIR . "/groups/GroupUtil.php"); | 12 | require_once(KT_LIB_DIR . "/groups/GroupUtil.php"); |
| 13 | require_once(KT_LIB_DIR . "/roles/roleallocation.inc.php"); | 13 | require_once(KT_LIB_DIR . "/roles/roleallocation.inc.php"); |
| 14 | 14 | ||
| 15 | +require_once(KT_LIB_DIR . "/workflow/workflowstatepermissionsassignment.inc.php"); | ||
| 16 | + | ||
| 15 | class KTPermissionUtil { | 17 | class KTPermissionUtil { |
| 16 | // {{{ generateDescriptor | 18 | // {{{ generateDescriptor |
| 17 | /** | 19 | /** |
| @@ -115,6 +117,15 @@ class KTPermissionUtil { | @@ -115,6 +117,15 @@ class KTPermissionUtil { | ||
| 115 | } | 117 | } |
| 116 | // }}} | 118 | // }}} |
| 117 | 119 | ||
| 120 | + // {{{ updatePermissionLookupForState | ||
| 121 | + function updatePermissionLookupForState($oState) { | ||
| 122 | + $aDocuments = Document::getByState($oState); | ||
| 123 | + foreach ($aDocuments as $oDocument) { | ||
| 124 | + KTPermissionUtil::updatePermissionLookup($oDocument); | ||
| 125 | + } | ||
| 126 | + } | ||
| 127 | + // }}} | ||
| 128 | + | ||
| 118 | // {{{ updatePermissionLookupForPO | 129 | // {{{ updatePermissionLookupForPO |
| 119 | /** | 130 | /** |
| 120 | * Updates permission lookups for all objects of a certain | 131 | * Updates permission lookups for all objects of a certain |
| @@ -236,6 +247,26 @@ class KTPermissionUtil { | @@ -236,6 +247,26 @@ class KTPermissionUtil { | ||
| 236 | } | 247 | } |
| 237 | } | 248 | } |
| 238 | 249 | ||
| 250 | + if (!is_a($oFolderOrDocument, 'Folder')) { | ||
| 251 | + $oState = KTWorkflowUtil::getWorkflowStateForDocument($oFolderOrDocument); | ||
| 252 | + $aWorkflowStatePermissionAssignments = KTWorkflowStatePermissionAssignment::getByState($oState); | ||
| 253 | + foreach ($aWorkflowStatePermissionAssignments as $oAssignment) { | ||
| 254 | + $iPermissionId = $oAssignment->getPermissionId(); | ||
| 255 | + $iPermissionDescriptorId = $oAssignment->getDescriptorId(); | ||
| 256 | + | ||
| 257 | + $oPD = KTPermissionDescriptor::get($iPermissionDescriptorId); | ||
| 258 | + $aGroupIDs = $oPD->getGroups(); | ||
| 259 | + $aUserIDs = array(); | ||
| 260 | + $aRoleIDs = $oPD->getRoles(); | ||
| 261 | + $aAllowed = array( | ||
| 262 | + "group" => $aGroupIDs, | ||
| 263 | + "user" => $aUserIDs, | ||
| 264 | + "role" => $aRoleIDs, | ||
| 265 | + ); | ||
| 266 | + $aMapPermAllowed[$iPermissionId] = $aAllowed; | ||
| 267 | + } | ||
| 268 | + } | ||
| 269 | + | ||
| 239 | // if we have roles: nearest folder. | 270 | // if we have roles: nearest folder. |
| 240 | $iRoleSourceFolder = null; | 271 | $iRoleSourceFolder = null; |
| 241 | if (is_a($oFolderOrDocument, 'KTDocumentCore') || is_a($oFolderOrDocument, 'Document')) { $iRoleSourceFolder = $oFolderOrDocument->getFolderID(); } | 272 | if (is_a($oFolderOrDocument, 'KTDocumentCore') || is_a($oFolderOrDocument, 'Document')) { $iRoleSourceFolder = $oFolderOrDocument->getFolderID(); } |