diff --git a/config/config.ini b/config/config.ini
index 6046d9b..541cf10 100644
--- a/config/config.ini
+++ b/config/config.ini
@@ -140,6 +140,7 @@ uiUrl = ${rootUrl}/presentation/lookAndFeel/knowledgeTree
[session]
; session timeout (in seconds)
sessionTimeout = 1200
+allowAnonymousLogin = true
[import]
; unzip command - will use execSearchPath to find if the path to the
diff --git a/config/siteMap.inc b/config/siteMap.inc
index c4312af..4db0b79 100644
--- a/config/siteMap.inc
+++ b/config/siteMap.inc
@@ -34,27 +34,27 @@ $default->siteMap->addPage("dashboard", "/dashboard.php", "General", Guest, "das
// dashboard news
//pages for manage documents section
-$default->siteMap->addPage("browse", "/browse.php", "Manage Documents", Guest, _("browse documents"));
-$default->siteMap->addPage("viewDocument", "/view.php", "Manage Documents", Guest, _("View Document"), false);
-$default->siteMap->addPage("editDocument", "/edit.php", "Manage Documents", Guest, _("Edit Document"), false);
+$default->siteMap->addPage("browse", "/browse.php", "Manage Documents", Guest, _kt("browse documents"));
+$default->siteMap->addPage("viewDocument", "/view.php", "Manage Documents", Guest, _kt("View Document"), false);
+$default->siteMap->addPage("editDocument", "/edit.php", "Manage Documents", Guest, _kt("Edit Document"), false);
// pages for administration section
-$default->siteMap->addDefaultPage("administration", "/admin.php", "Administration", UnitAdmin, _("Administration"));
+$default->siteMap->addDefaultPage("administration", "/admin.php", "Administration", UnitAdmin, _kt("Administration"));
// pages for advanced search section
-$default->siteMap->addDefaultPage("advancedSearch", "/search/advancedSearchBL.php", "Advanced Search", Guest, _("Advanced Search"), true);
-$default->siteMap->addPage("booleanSearch", "/search/booleanSearch.php", "Boolean Search", Guest, _("Boolean Search"), false);
+$default->siteMap->addDefaultPage("advancedSearch", "/search/advancedSearchBL.php", "Advanced Search", Guest, _kt("Advanced Search"), true);
+$default->siteMap->addPage("booleanSearch", "/search/booleanSearch.php", "Boolean Search", Guest, _kt("Boolean Search"), false);
$default->siteMap->addSectionColour("Advanced Search", "th", "A1571B");
$default->siteMap->addSectionColour("Standard Search", "th", "A1571B");
// pages for prefs section
-$default->siteMap->addDefaultPage("preferences", "/preferences.php", "Preferences", User, _("Preferences"));
+$default->siteMap->addDefaultPage("preferences", "/preferences.php", "Preferences", User, _kt("Preferences"));
// pages for Help section
-$default->siteMap->addDefaultPage("help", "/presentation/lookAndFeel/knowledgeTree/help.php", "Help", Guest, _("Help"));
+$default->siteMap->addDefaultPage("help", "/presentation/lookAndFeel/knowledgeTree/help.php", "Help", Guest, _kt("Help"));
// pages for logout section section
-$default->siteMap->addDefaultPage("logout", "/presentation/logout.php", "Logout", Guest, _("Logout"));
+$default->siteMap->addDefaultPage("logout", "/presentation/logout.php", "Logout", Guest, _kt("Logout"));
?>
diff --git a/control.php b/control.php
index 1d3ec36..cbae881 100644
--- a/control.php
+++ b/control.php
@@ -63,9 +63,13 @@ if ($action != "login") {
}
} else {
// session check fails, so default action should be the login form if no action was specified
+ $oKTConfig = KTConfig::getSingleton();
+ $dest = 'login';
+ if ($oKTConfig->get('allowAnonymousLogin', false)) { $dest = 'dashboard'; }
+
if (!isset($action)) {
- $action = "login";
- } elseif ($action <> "login") {
+ $action = $dest;
+ } elseif ($action <> $dest) {
// we have a controller link and auth has failed, so redirect to the login page
// with the controller link as the redirect
$url = generateControllerUrl("login");
diff --git a/lib/dispatcher.inc.php b/lib/dispatcher.inc.php
index dfc8572..c9dea41 100644
--- a/lib/dispatcher.inc.php
+++ b/lib/dispatcher.inc.php
@@ -218,6 +218,25 @@ class KTStandardDispatcher extends KTDispatcher {
}
function loginRequired() {
+ $oKTConfig =& KTConfig::getSingleton();
+ if ($oKTConfig->get('allowAnonymousLogin', false)) {
+ // anonymous logins are now allowed.
+ // the anonymous user is -1.
+ //
+ // we short-circuit the login mechanisms, setup the session, and go.
+
+ $oUser =& User::get(-2);
+ if (PEAR::isError($oUser) || ($oUser->getName() != 'Anonymous')) {
+ ; // do nothing - the database integrity would break if we log the user in now.
+ } else {
+ $session = new Session();
+ $sessionID = $session->create($oUser);
+
+ return ;
+ }
+ }
+
+
$sErrorMessage = "";
if (PEAR::isError($this->sessionStatus)) {
$sErrorMessage = $this->sessionStatus->getMessage();
@@ -249,9 +268,9 @@ class KTStandardDispatcher extends KTDispatcher {
$this->session = new Session();
$this->sessionStatus = $this->session->verify();
if ($this->sessionStatus !== true) {
- $this->loginRequired();
+ $this->loginRequired();
}
-
+ //var_dump($this->sessionStatus);
$this->oUser =& User::get($_SESSION['userID']);
$oProvider =& KTAuthenticationUtil::getAuthenticationProviderForUser($this->oUser);
$oProvider->verify($this->oUser);
diff --git a/lib/documentmanagement/DocumentType.inc b/lib/documentmanagement/DocumentType.inc
index 3a6dc7c..39de6a4 100644
--- a/lib/documentmanagement/DocumentType.inc
+++ b/lib/documentmanagement/DocumentType.inc
@@ -185,10 +185,18 @@ class DocumentType extends KTEntity {
function &getList($sWhereClause = null) {
return KTEntityUtil::getList2('DocumentType', $sWhereClause);
}
+
+ /* alternative for use in creation: delegate for user and location */
+ function &getListForUserAndFolder($oUser, $oFolder) {
+ $src =& KTDocumentTypeManager::getSingleton();
+ return $src->getListForUserAndFolder($oUser, $oFolder);
+ }
function &createFromArray($aArray) {
return KTEntityUtil::createFromArray('DocumentType', $aArray);
}
+
+
}
@@ -207,4 +215,71 @@ function & documenttypeCreateFromArray($aParameters) {
return $oDocType;
}
+
+class DemoDelegation {
+ var $handler_ns = 'brad.oddhandler';
+ var $handler_name = null;
+
+ function DemoDelegation() {
+ $this->handler_name = _kt('Demo Delegator');
+ }
+
+ function &getListForUserAndFolder($oUser, $oFolder) {
+ $list =& DocumentType::getList();
+ $finallist = array();
+ foreach ($list as $oType) {
+ if ($oType->getId() % 2 == 0) {
+ $finallist[] = $oType;
+ }
+ }
+ return $finallist;
+ }
+}
+
+/* simple singleton util class */
+class KTDocumentTypeManager {
+ var $_handlers = array();
+ var $_active_handler = null;
+ var $_checked = false;
+
+ function &getSingleton() {
+ if (!KTUtil::arrayGet($GLOBALS, 'oKTDocumentTypeManager')) {
+ $GLOBALS['oKTDocumentTypeManager'] = new KTDocumentTypeManager;
+ }
+ return $GLOBALS['oKTDocumentTypeManager'];
+ }
+
+ function &getListForUserAndFolder($oUser, $oFolder) {
+ $this->checkActiveHandler();
+ if (is_null($this->_active_handler)) {
+ // as totally normal if nothing is registered.
+ return DocumentType::getList();
+ } else {
+ return $this->_active_handler->getListForUserAndFolder($oUser, $oFolder);
+ }
+ }
+
+ function checkActiveHandler() {
+ if ($this->_checked) { return ; }
+ // not perfect - see workflow-delegator for explanation.
+ $res = KTUtil::getSystemSetting('documenttypehandler');
+
+ if (empty($res) || PEAR::isError($res)) { // just fail silently - don't degrade the system
+ $this->_active_handler = null;
+ } else {
+ $ns = $res;
+ $this->_active_handler = KTUtil::arrayGet($this->handlers, $ns);
+ }
+
+ $this->_checked = true;
+
+ return ;
+ }
+
+ function registerHandler($oHandler) {
+ $this->_handlers[$oHandler->handler_ns] = $oHandler;
+ }
+}
+
+
?>
diff --git a/lib/foldermanagement/Folder.inc b/lib/foldermanagement/Folder.inc
index 67e7c98..d94f92f 100644
--- a/lib/foldermanagement/Folder.inc
+++ b/lib/foldermanagement/Folder.inc
@@ -143,6 +143,7 @@ class Folder extends KTEntity {
}
$oFolder =& Folder::get($iFolderId);
+ if (PEAR::isError($oFolder)) { sprintf("The invalid folder id is: %s", print_r($iFolderId, true)); }
$iParentId = $oFolder->getParentId();
if (empty($iParentId)) {
return $oFolder->getName();
diff --git a/lib/groups/Group.inc b/lib/groups/Group.inc
index 7640246..8ed13dc 100644
--- a/lib/groups/Group.inc
+++ b/lib/groups/Group.inc
@@ -235,6 +235,9 @@ class Group extends KTEntity {
if (PEAR::isError($res)) {
return $res;
}
+
+ GroupUtil::clearGroupCacheForUser($oUser);
+
return true;
}
// }}}
diff --git a/lib/groups/GroupUtil.php b/lib/groups/GroupUtil.php
index 29f37c7..54dcddf 100644
--- a/lib/groups/GroupUtil.php
+++ b/lib/groups/GroupUtil.php
@@ -368,6 +368,14 @@ class GroupUtil {
// }
}
// }}}
+
+ function clearGroupCacheForUser($oUser) {
+ $oCache =& KTCache::getSingleton();
+ if (PEAR::isError($oUser)) { return $oUser; }
+ $group = "groupidsforuser";
+ $iUserId = KTUtil::getId($oUser);
+ $oCache->remove($group, $iUserId);
+ }
}
// }}}
diff --git a/lib/ktentity.inc b/lib/ktentity.inc
index 129cf96..1c04179 100644
--- a/lib/ktentity.inc
+++ b/lib/ktentity.inc
@@ -610,14 +610,16 @@ class KTEntityUtil {
}
return $oObject;
/* */
- $oObject =& KTUtil::arrayGet($GLOBALS['_OBJECTCACHE'][$sClassName], $iId);
- if ($oObject) { return $oObject; }
+ // XXX Object cache currently causes hard-to-trace inconsistencies in data.
+ // $oObject =& KTUtil::arrayGet($GLOBALS['_OBJECTCACHE'][$sClassName], $iId);
+ // if ($oObject) { return $oObject; }
$oObject =& new $sClassName;
$res = $oObject->load($iId);
if (PEAR::isError($res)) {
return $res;
}
- $GLOBALS['_OBJECTCACHE'][$sClassName][$iId] =& $oObject;
+ // XXX Object cache currently causes hard-to-trace inconsistencies in data.
+ //$GLOBALS['_OBJECTCACHE'][$sClassName][$iId] =& $oObject;
return $oObject;
/* */
}
diff --git a/lib/permissions/permissiondescriptor.inc.php b/lib/permissions/permissiondescriptor.inc.php
index b2869f2..04c494f 100644
--- a/lib/permissions/permissiondescriptor.inc.php
+++ b/lib/permissions/permissiondescriptor.inc.php
@@ -276,13 +276,14 @@ class KTPermissionDescriptor extends KTEntity {
// {{{ hasRoles
function hasRoles($aRoles) {
+ if (!is_array($aRoles)) { return false; }
$sTable = KTUtil::getTableName('permission_descriptor_roles');
if (count($aRoles) === 0) {
return false;
}
$aRoleIDs = array();
foreach ($aRoles as $oRole) {
- $aRoleIDs[] = $oRole->getID();
+ $aRoleIDs[] = KTUtil::getId($oRole);
}
$sRoleIDs = DBUtil::paramArray($aRoleIDs);
$sQuery = "SELECT COUNT(role_id) AS num FROM $sTable
diff --git a/lib/permissions/permissionutil.inc.php b/lib/permissions/permissionutil.inc.php
index b3358b5..d225af2 100644
--- a/lib/permissions/permissionutil.inc.php
+++ b/lib/permissions/permissionutil.inc.php
@@ -83,10 +83,19 @@ class KTPermissionUtil {
$sDescriptor = KTPermissionUtil::generateDescriptor($aAllowed);
$oDescriptor =& KTPermissionDescriptor::getByDescriptor(md5($sDescriptor));
if (PEAR::isError($oDescriptor)) {
+
$oDescriptor =& KTPermissionDescriptor::createFromArray(array(
"descriptortext" => $sDescriptor,
));
+ if (PEAR::isError($oDescriptor)) {
+ print '';
+ print_r($aAllowed);
+ print "-----------\n";
+ print_r($oDescriptor);
+ print '
';
+ }
$oDescriptor->saveAllowed($aAllowed);
+
}
return $oDescriptor;
}
@@ -137,8 +146,8 @@ class KTPermissionUtil {
* previous assignment.
*/
function setPermissionForID($sPermission, $iObjectID, $aAllowed) {
- $oPermissionAssignment = KTPermissionUtil::getOrCreateAssignment($sPermission, $iObjectID);
- $oDescriptor = KTPermissionUtil::getOrCreateDescriptor($aAllowed);
+ $oPermissionAssignment =& KTPermissionUtil::getOrCreateAssignment($sPermission, $iObjectID);
+ $oDescriptor =& KTPermissionUtil::getOrCreateDescriptor($aAllowed);
$oPermissionAssignment->setPermissionDescriptorID($oDescriptor->getID());
$res = $oPermissionAssignment->update();
return $res;
@@ -167,12 +176,16 @@ class KTPermissionUtil {
$sWhere = 'permission_object_id = ?';
$aParams = array($oPO->getID());
$aFolders =& Folder::getList(array($sWhere, $aParams));
- foreach ($aFolders as $oFolder) {
- KTPermissionUtil::updatePermissionLookup($oFolder);
+ if (!PEAR::isError($aFolders)) {
+ foreach ($aFolders as $oFolder) {
+ KTPermissionUtil::updatePermissionLookup($oFolder);
+ }
}
$aDocuments =& Document::getList(array($sWhere, $aParams));
- foreach ($aDocuments as $oDocument) {
- KTPermissionUtil::updatePermissionLookup($oDocument);
+ if (!PEAR::isError($aDocuments)) {
+ foreach ($aDocuments as $oDocument) {
+ KTPermissionUtil::updatePermissionLookup($oDocument);
+ }
}
}
// }}}
@@ -219,9 +232,7 @@ class KTPermissionUtil {
if (!is_a($oFolderOrDocument, 'Folder')) {
if (!is_a($oFolderOrDocument, 'Document')) {
if (!is_a($oFolderOrDocument, 'KTDocumentCore')) {
- echo "";
- var_dump($oFolderOrDocument);
- echo "
";
+ return ; // we occasionally get handed a PEAR::raiseError. Just ignore it.
}
}
}
@@ -307,9 +318,16 @@ class KTPermissionUtil {
$_roleCache = array();
foreach ($aMapPermAllowed as $iPermissionId => $aAllowed) {
+ $aAfterRoles = array();
if (array_key_exists('role', $aAllowed)) {
- foreach ($aAllowed['role'] as $iRoleId) {
+ foreach ($aAllowed['role'] as $k => $iRoleId) {
// store the PD <-> RoleId map
+
+ // special-case "all" or "authenticated".
+ if (($iRoleId == -3) || ($iRoleId == -4)) {
+ $aAfterRoles[] = $iRoleId;
+ continue;
+ }
if (!array_key_exists($iRoleId, $_roleCache)) {
$oRoleAllocation = null;
if (is_a($oFolderOrDocument, 'KTDocumentCore') || is_a($oFolderOrDocument, 'Document')) {
@@ -328,10 +346,16 @@ class KTPermissionUtil {
$aMapPermAllowed[$iPermissionId]['group'] = kt_array_merge($aAllowed['group'], $_roleCache[$iRoleId]->getGroupIds());
// naturally, roles cannot be assigned roles, or madness follows.
}
+
+ unset($aAllowed['role'][$k]);
}
}
+
unset($aMapPermAllowed[$iPermissionId]['role']);
+ if (!empty($aAfterRoles)) {
+ $aMapPermAllowed[$iPermissionId]['role'] = $aAfterRoles;
+ }
}
/*
@@ -370,9 +394,15 @@ class KTPermissionUtil {
return false;
}
$oPD = KTPermissionDescriptor::get($oPLA->getPermissionDescriptorID());
+
$aGroups = GroupUtil::listGroupsForUserExpand($oUser);
- if ($oPD->hasUsers(array($oUser))) { return true; }
- else { return $oPD->hasGroups($aGroups); }
+ if ($oPD->hasRoles(array(-3))) { return true; } // everyone has access.
+ else if ($oPD->hasUsers(array($oUser))) { return true; }
+ else if ($oPD->hasGroups($aGroups)) { return true; }
+ // here we specialcase roles -3 [everyone]
+ else if ($oPD->hasRoles(-4) && !$oUser->isAnonymous()) { return true; }
+
+ return false;
}
// }}}
diff --git a/lib/roles/documentroleallocation.inc.php b/lib/roles/documentroleallocation.inc.php
index 5aefd9b..3e42e38 100644
--- a/lib/roles/documentroleallocation.inc.php
+++ b/lib/roles/documentroleallocation.inc.php
@@ -52,7 +52,7 @@ class DocumentRoleAllocation extends KTEntity {
$aAllowed = array();
}
// special case "document owner".
- if ($this->iRoleId == -1) {
+ if ($this->iRoleId == -2) {
$oDoc = KTDocumentCore::get($this->iDocumentId);
@@ -139,7 +139,7 @@ class DocumentRoleAllocation extends KTEntity {
}
// magic for the Owner role here.
- if (empty($iAllocId) && ($iRoleId == -1)) {
+ if (empty($iAllocId) && ($iRoleId == -2)) {
$permDescriptor = null;
// THIS OBJECT MUST NEVER BE MODIFIED, without first calling CREATE.
$oFakeAlloc = new DocumentRoleAllocation();
diff --git a/lib/roles/roleallocation.inc.php b/lib/roles/roleallocation.inc.php
index c3a4505..c510755 100644
--- a/lib/roles/roleallocation.inc.php
+++ b/lib/roles/roleallocation.inc.php
@@ -101,6 +101,10 @@ class RoleAllocation extends KTEntity {
$fTable = Folder::_table();
$oFolder =& Folder::get($iFolderId);
+ // if its an invalid folder, we simply return null, since this is undefined anyway.
+ if (PEAR::isError($oFolder)) {
+ return null;
+ }
$parents = Folder::generateFolderIds($iFolderId);
// FIXME what (if anything) do we need to do to check that this can't be used as an attack?
diff --git a/lib/session/Session.inc b/lib/session/Session.inc
index d57f1c6..3b9560c 100644
--- a/lib/session/Session.inc
+++ b/lib/session/Session.inc
@@ -92,14 +92,17 @@ class Session {
$iUserID = $_SESSION["userID"];
// remove the session information from the database
- $sql = $default->db;
- $query = "DELETE FROM $default->sessions_table WHERE session_id = '$sSessionID'" . ($iUserID ? " AND user_id=$iUserID" : "");
- $default->log->info("Session::destroy $query");
- $sql->query($query);
+
+ $sTable = KTUtil::getTableName('sessions');
+ $res = DBUtil::whereDelete($sTable, array('session_id' => $sSessionID));
+
+
// remove the php4 session
+ unset($_SESSION['userID']);
+ unset($_SESSION['sessionStatus']);
session_unset();
- session_destroy();
+ session_destroy();
}
/**
@@ -139,6 +142,7 @@ class Session {
// this should be an existing session, so check the db
$aRows = DBUtil::getResultArray(array("SELECT * FROM $default->sessions_table WHERE session_id = ?", $sessionID));
+
$numrows = count($aRows);
// FIXME: if there aren't more rows that the max sessions for this user
@@ -151,10 +155,14 @@ class Session {
$default->log->debug("Session::verify found session in db");
$aRow = $aRows[0];
- // foreach ($aRows as $aRow) {
$iUserID = $aRow["user_id"];
-
+
+ $oKTConfig = KTConfig::getSingleton();
+ $allowAnon = $oKTConfig->get('allowAnonymousLogin', false);
+ $ANON = -2;
+ if ((!allowAnon) && ($iUserId == $ANON)) { return false; }
+
// check that ip matches
$ip = $this->getClientIP();
if ($ip != trim($aRow["ip"])) {
diff --git a/lib/session/control.inc b/lib/session/control.inc
index 72049c1..264d8ea 100644
--- a/lib/session/control.inc
+++ b/lib/session/control.inc
@@ -143,12 +143,17 @@ function checkSessionAndRedirect($bRedirect, $bDownload = false) {
if (PEAR::isError($sessionStatus)) {
$sErrorMessage = $sessionStatus->getMessage();
}
+
+ $oKTConfig = KTConfig::getSingleton();
+ $dest = 'login';
+ if ($oKTConfig->get('allowAnonymousLogin', false)) { $dest = 'dashboard'; }
+
// redirect to login with error message
if ($sErrorMessage) {
// session timed out
- $url = generateControllerUrl("login", "errorMessage=" . urlencode($sErrorMessage));
+ $url = generateControllerUrl($dest, "errorMessage=" . urlencode($sErrorMessage));
} else {
- $url = generateControllerUrl("login");
+ $url = generateControllerUrl($dest);
}
$redirect = urlencode(KTUtil::addQueryStringSelf($_SERVER["QUERY_STRING"]));
diff --git a/lib/templating/kt3template.inc.php b/lib/templating/kt3template.inc.php
index e44c5e7..1f46a76 100644
--- a/lib/templating/kt3template.inc.php
+++ b/lib/templating/kt3template.inc.php
@@ -123,10 +123,7 @@ class KTPage {
"administration" => $this->_actionHelper(array("name" => _kt("DMS Administration"), "action" => "administration", "active" => 0)),
);
- $this->userMenu = array(
- "preferences" => $this->_actionHelper(array("name" => _kt("Preferences"), "action" => "preferences", "active" => 0)),
- "logout" => $this->_actionHelper(array("name" => _kt("Logout"), "action" => "logout", "active" => 0)),
- );
+
}
@@ -303,6 +300,18 @@ class KTPage {
}
}
+ $this->userMenu = array();
+ if (!(PEAR::isError($this->user) || is_null($this->user) || $this->user->isAnonymous())) {
+ $this->userMenu = array(
+ "preferences" => $this->_actionHelper(array("name" => _kt("Preferences"), "action" => "preferences", "active" => 0)),
+ "logout" => $this->_actionHelper(array("name" => _kt("Logout"), "action" => "logout", "active" => 0)),
+ );
+ } else {
+ $this->userMenu = array(
+ "login" => $this->_actionHelper(array("name" => _kt("Login"), "action" => "login")),
+ );
+ }
+
// FIXME we need a more complete solution to navigation restriction
if (!is_null($this->menu['administration']) && !is_null($this->user)) {
if (!Permission::userIsSystemAdministrator($this->user->getId())) {
diff --git a/lib/users/User.inc b/lib/users/User.inc
index 03e5eb1..83cefd9 100644
--- a/lib/users/User.inc
+++ b/lib/users/User.inc
@@ -285,4 +285,6 @@ class User extends KTEntity {
'last_login' => array('type' => 'after', 'value' => $dDateTime),
), array('multi' => true));
}
+
+ function isAnonymous() { return $this->iId == -2; }
}
diff --git a/lib/util/ktutil.inc b/lib/util/ktutil.inc
index 61756c8..e79765e 100644
--- a/lib/util/ktutil.inc
+++ b/lib/util/ktutil.inc
@@ -587,6 +587,52 @@ class KTUtil {
}
return null;
}
+
+ function getSystemSetting($name, $default = null) {
+ // XXX make this use a cache layer?
+ $sTable = KTUtil::getTableName('system_settings');
+ $aQuery = array(
+ sprintf('SELECT value FROM %s WHERE name = ?', $sTable),
+ array($name),
+ );
+ $res = DBUtil::getOneResultKey($aQuery, 'value');
+ if (PEAR::isError($res)) {
+ return PEAR::raiseError(sprintf(_kt('Unable to retrieve system setting %s: %s'), $name, $res->getMessage()));
+ }
+
+ if (empty($res)) { return $default; }
+
+ return $res;
+ }
+
+ function setSystemSetting($name, $value) {
+ // we either need to insert or update:
+ $sTable = KTUtil::getTableName('system_settings');
+ $current_value = KTUtil::getSystemSetting($name);
+ if (is_null($current_value)) {
+ // insert
+ $res = DBUtil::autoInsert(
+ $sTable,
+ array(
+ 'name' => $name,
+ 'value' => $value,
+ ),
+ null // opts
+ );
+ if (PEAR::isError($res)) { return $res; }
+ else { return true; }
+ } else {
+ // update
+ $aQuery = array(
+ sprintf('UPDATE %s SET value = ? WHERE name = ?', $sTable),
+ array($value, $name),
+ );
+ $res = DBUtil::runQuery($aQuery);
+ if (PEAR::isError($res)) { return $res; }
+ return true;
+ }
+ }
+
}
/**
diff --git a/login.php b/login.php
index 8bc1999..e14d035 100644
--- a/login.php
+++ b/login.php
@@ -37,9 +37,15 @@ require_once(KT_LIB_DIR . '/authentication/authenticationutil.inc.php');
class LoginPageDispatcher extends KTDispatcher {
function check() {
+ $oKTConfig = KTConfig::getSingleton();
$this->session = new Session();
- if ($this->session->verify() == 1) { // erk. neil - DOUBLE CHECK THIS PLEASE.
- exit(redirect(generateControllerLink('dashboard')));
+ if ($this->session->verify() == 1) { // the session is valid
+ if ($_SESSION['userID'] == -2 && $oKTConfig->get('allowAnonymousLogin', false)) {
+ ; // that's ok - we want to login.
+ }
+ else {
+ exit(redirect(generateControllerLink('dashboard')));
+ }
} else {
$this->session->destroy(); // toast it - its probably a hostile session.
}
diff --git a/plugins/ktcore/KTPermissions.php b/plugins/ktcore/KTPermissions.php
index 04ec568..3bbef36 100644
--- a/plugins/ktcore/KTPermissions.php
+++ b/plugins/ktcore/KTPermissions.php
@@ -165,7 +165,7 @@ class KTRoleAllocationPlugin extends KTFolderAction {
// - and that allocation id
$aRoles = array(); // stores data for display.
- $aRoleList = Role::getList();
+ $aRoleList = Role::getList('id > 0');
foreach ($aRoleList as $oRole) {
$iRoleId = $oRole->getId();
$aRoles[$iRoleId] = array("name" => $oRole->getName());
@@ -541,7 +541,9 @@ class KTRoleAllocationPlugin extends KTFolderAction {
}
foreach ($aDocList as $oDoc) {
- KTPermissionUtil::updatePermissionLookup($oDoc);
+ if (!PEAR::isError($oDoc)) {
+ KTPermissionUtil::updatePermissionLookup($oDoc);
+ }
}
}
}
diff --git a/plugins/ktcore/admin/groupManagement.php b/plugins/ktcore/admin/groupManagement.php
index e892f38..944729a 100755
--- a/plugins/ktcore/admin/groupManagement.php
+++ b/plugins/ktcore/admin/groupManagement.php
@@ -64,9 +64,9 @@ class KTGroupAdminDispatcher extends KTAdminDispatcher {
$search_fields[] = new KTStringWidget(_kt('Group Name'), _kt("Enter part of the group's name. e.g. ad will match administrators."), 'name', $name, $this->oPage, true);
if (!empty($name)) {
- $search_results =& Group::getList('WHERE name LIKE \'%' . DBUtil::escapeSimple($name) . '%\'');
+ $search_results =& Group::getList('WHERE name LIKE \'%' . DBUtil::escapeSimple($name) . '%\' AND id > 0');
} else if ($show_all !== false) {
- $search_results =& Group::getList();
+ $search_results =& Group::getList('id > 0');
$no_search = false;
}
@@ -211,7 +211,7 @@ class KTGroupAdminDispatcher extends KTAdminDispatcher {
$this->oPage->requireJSStandalone($initJS);
$aInitialUsers = $oGroup->getMembers();
- $aAllUsers = User::getList();
+ $aAllUsers = User::getList('id > 0');
// FIXME this is massively non-performant for large userbases..
diff --git a/plugins/ktcore/admin/roleManagement.php b/plugins/ktcore/admin/roleManagement.php
index 0ed8b55..9736761 100644
--- a/plugins/ktcore/admin/roleManagement.php
+++ b/plugins/ktcore/admin/roleManagement.php
@@ -41,7 +41,11 @@ class RoleAdminDispatcher extends KTAdminDispatcher {
$edit_fields = array();
$role_id = KTUtil::arrayGet($_REQUEST, 'role_id', null);
- $oRole = Role::get($role_id);
+ if (is_null($role_id)) {
+ $oRole = null; // handle broken case of role == -1
+ } else {
+ $oRole = Role::get($role_id);
+ }
if (PEAR::isError($oRole) || ($oRole == false)) { $for_edit = false; }
else {
diff --git a/plugins/ktcore/admin/userManagement.php b/plugins/ktcore/admin/userManagement.php
index bddc905..b9da91c 100755
--- a/plugins/ktcore/admin/userManagement.php
+++ b/plugins/ktcore/admin/userManagement.php
@@ -68,9 +68,9 @@ class KTUserAdminDispatcher extends KTAdminDispatcher {
// FIXME handle group search stuff.
$search_results = null;
if (!empty($name)) {
- $search_results =& User::getList('WHERE username LIKE \'%' . DBUtil::escapeSimple($name) . '%\'');
+ $search_results =& User::getList('WHERE username LIKE \'%' . DBUtil::escapeSimple($name) . '%\' AND id > 0');
} else if ($show_all !== false) {
- $search_results =& User::getList();
+ $search_results =& User::getList('id > 0');
$no_search = false;
}
diff --git a/plugins/ktcore/admin/workflows.php b/plugins/ktcore/admin/workflows.php
index 8490dde..3f5c11c 100755
--- a/plugins/ktcore/admin/workflows.php
+++ b/plugins/ktcore/admin/workflows.php
@@ -1330,6 +1330,22 @@ class KTWorkflowDispatcher extends KTAdminDispatcher {
'redirect_to' => array('editTransition', 'fWorkflowId=' . $oWorkflow->getId() . '&fTransitionId=' . $oTransition->getId()),
'message' => _kt('Error saving transition'),
));
+
+ // also grab the list of transitions for the dest state, and remove this one if application
+ $aDestTransitions = KTWorkflowUtil::getTransitionsFrom($oState, array('ids' => true));
+ $bClean = true;
+ $aNewTransitions = array();
+ foreach ($aDestTransitions as $iOldTransitionId) {
+ if ($oTransition->getId() == $iOldTransitionId) {
+ $bClean = false;
+ } else {
+ $aNewTransitions[] = $iOldTransitionId;
+ }
+ }
+ if (!$bClean) {
+ KTWorkflowUtil::saveTransitionsFrom($oState, $aNewTransitions);
+ }
+
$this->successRedirectTo('editTransition', _kt('Changes saved'), 'fWorkflowId=' . $oWorkflow->getId() . '&fTransitionId=' . $oTransition->getId());
exit(0);
}
diff --git a/plugins/ktcore/folder/BulkImport.php b/plugins/ktcore/folder/BulkImport.php
index 2f23b6b..d05e635 100644
--- a/plugins/ktcore/folder/BulkImport.php
+++ b/plugins/ktcore/folder/BulkImport.php
@@ -63,7 +63,7 @@ class KTBulkImportFolderAction extends KTFolderAction {
$add_fields[] = new KTStringWidget(_kt('Path'), _kt('The path containing the documents to be added to the document management system.'), 'path', "", $this->oPage, true);
$aVocab = array('' => _kt('<Please select a document type>'));
- foreach (DocumentType::getList() as $oDocumentType) {
+ foreach (DocumentType::getListForUserAndFolder($this->oUser, $this->oFolder) as $oDocumentType) {
if(!$oDocumentType->getDisabled()) {
$aVocab[$oDocumentType->getId()] = $oDocumentType->getName();
}
diff --git a/plugins/ktcore/folder/BulkUpload.php b/plugins/ktcore/folder/BulkUpload.php
index fc03343..7a0bc9a 100644
--- a/plugins/ktcore/folder/BulkUpload.php
+++ b/plugins/ktcore/folder/BulkUpload.php
@@ -70,7 +70,7 @@ class KTBulkUploadFolderAction extends KTFolderAction {
$add_fields[] = new KTFileUploadWidget(_kt('Archive file'), _kt('The archive file containing the documents you wish to add to the document management system.'), 'file', "", $this->oPage, true);
$aVocab = array('' => _kt('<Please select a document type>'));
- foreach (DocumentType::getList() as $oDocumentType) {
+ foreach (DocumentType::getListForUserAndFolder($this->oUser, $this->oFolder) as $oDocumentType) {
if(!$oDocumentType->getDisabled()) {
$aVocab[$oDocumentType->getId()] = $oDocumentType->getName();
}
diff --git a/plugins/ktcore/folder/addDocument.php b/plugins/ktcore/folder/addDocument.php
index 191e746..3ef1cfc 100644
--- a/plugins/ktcore/folder/addDocument.php
+++ b/plugins/ktcore/folder/addDocument.php
@@ -74,7 +74,7 @@ class KTFolderAddDocumentAction extends KTFolderAction {
$aVocab = array('' => _kt('<Please select a document type>'));
- foreach (DocumentType::getList() as $oDocumentType) {
+ foreach (DocumentType::getListForUserAndFolder($this->oUser, $this->oFolder) as $oDocumentType) {
if(!$oDocumentType->getDisabled()) {
$aVocab[$oDocumentType->getId()] = $oDocumentType->getName();
}
diff --git a/preferences.php b/preferences.php
index b744844..4fe478c 100644
--- a/preferences.php
+++ b/preferences.php
@@ -39,6 +39,11 @@ require_once(KT_LIB_DIR . '/widgets/fieldWidgets.php');
class PreferencesDispatcher extends KTStandardDispatcher {
var $sSection = 'preferences';
+ function check() {
+ if ($this->oUser->getId() == -2) { return false; }
+ return parent::check();
+ }
+
function PreferencesDispatcher() {
$this->aBreadcrumbs = array(
array('action' => 'preferences', 'name' => _kt('Preferences')),
diff --git a/sql/mysql/install/data.sql b/sql/mysql/install/data.sql
index de1854e..c5d7a95 100644
--- a/sql/mysql/install/data.sql
+++ b/sql/mysql/install/data.sql
@@ -657,7 +657,7 @@ INSERT INTO `plugins` VALUES (15, 'nbm.browseable.plugin', 'plugins/browseableda
-- Dumping data for table `roles`
--
-INSERT INTO `roles` VALUES (-1, 'Owner');
+INSERT INTO `roles` VALUES (-2, 'Owner');
--
-- Dumping data for table `saved_searches`
diff --git a/sql/mysql/upgrade/3.0.1.2/owner_role_move.sql b/sql/mysql/upgrade/3.0.1.2/owner_role_move.sql
new file mode 100644
index 0000000..d63b53c
--- /dev/null
+++ b/sql/mysql/upgrade/3.0.1.2/owner_role_move.sql
@@ -0,0 +1 @@
+UPDATE roles SET id = -2 WHERE id = -1;
diff --git a/templates/kt3/standard_page.smarty b/templates/kt3/standard_page.smarty
index fc5acf8..3bbe3c3 100644
--- a/templates/kt3/standard_page.smarty
+++ b/templates/kt3/standard_page.smarty
@@ -70,8 +70,9 @@
{if ($page->user)}
{$page->user->getName()}
{/if}
+ {if !empty($page->userMenu)}
·
-
+ {/if}
{foreach item=aMenuItem from=$page->userMenu name=prefmenu}
{if ($aMenuItem.active == 1)}