Commit 4e66c5cb6ad7f245110125a7dcb950e2aa0b6c7a
1 parent
dc5415f3
BBS-1010
"'Move', 'Copy' and 'Rename' can be done on a Checked Out document in WebDAV." Fixed. The functions now check who is doing the action. Written By: Martin Kirsten Reviewed By: Conrad Vermeulen git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@7071 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
1 changed file
with
81 additions
and
11 deletions
ktwebdav/lib/KTWebDAVServer.inc.php
| ... | ... | @@ -7,7 +7,7 @@ |
| 7 | 7 | * License Version 1.1.2 ("License"); You may not use this file except in |
| 8 | 8 | * compliance with the License. You may obtain a copy of the License at |
| 9 | 9 | * http://www.knowledgetree.com/KPL |
| 10 | - * | |
| 10 | + * | |
| 11 | 11 | * Software distributed under the License is distributed on an "AS IS" |
| 12 | 12 | * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. |
| 13 | 13 | * See the License for the specific language governing rights and |
| ... | ... | @@ -18,9 +18,9 @@ |
| 18 | 18 | * (ii) the KnowledgeTree copyright notice |
| 19 | 19 | * in the same form as they appear in the distribution. See the License for |
| 20 | 20 | * requirements. |
| 21 | - * | |
| 21 | + * | |
| 22 | 22 | * The Original Code is: KnowledgeTree Open Source |
| 23 | - * | |
| 23 | + * | |
| 24 | 24 | * The Initial Developer of the Original Code is The Jam Warehouse Software |
| 25 | 25 | * (Pty) Ltd, trading as KnowledgeTree. |
| 26 | 26 | * Portions created by The Jam Warehouse Software (Pty) Ltd are Copyright |
| ... | ... | @@ -333,11 +333,11 @@ class KTWebDAVServer extends HTTP_WebDAV_Server |
| 333 | 333 | |
| 334 | 334 | /** |
| 335 | 335 | * check authentication if check is implemented |
| 336 | - * | |
| 336 | + * | |
| 337 | 337 | * @param void |
| 338 | 338 | * @return bool true if authentication succeded or not necessary |
| 339 | 339 | */ |
| 340 | - function _check_auth() | |
| 340 | + function _check_auth() | |
| 341 | 341 | { |
| 342 | 342 | $this->ktwebdavLog('Entering _check_auth...', 'info', true); |
| 343 | 343 | |
| ... | ... | @@ -489,7 +489,7 @@ class KTWebDAVServer extends HTTP_WebDAV_Server |
| 489 | 489 | $this->ktwebdavLog("Folder Details permissions GRANTED for user ". $_SESSION["userID"] ." on folder " . $oChildFolder->getName(), 'info', true); |
| 490 | 490 | $files["files"][] = $this->_fileinfoForFolder($oChildFolder, $folder_path . $oChildFolder->getName()); |
| 491 | 491 | } |
| 492 | - else | |
| 492 | + else | |
| 493 | 493 | { |
| 494 | 494 | $this->ktwebdavLog("Folder Details permissions DENIED for ". $_SESSION["userID"] ." on folder " . $oChildFolder->getName(), 'info', true); |
| 495 | 495 | } |
| ... | ... | @@ -1592,9 +1592,12 @@ class KTWebDAVServer extends HTTP_WebDAV_Server |
| 1592 | 1592 | $movestat = $this->_MOVEFolder($options, $iFolderID); |
| 1593 | 1593 | |
| 1594 | 1594 | } else { |
| 1595 | - // Source is a document | |
| 1596 | - $movestat = $this->_MOVEDocument($options, $iFolderID, $iDocumentID); | |
| 1597 | - | |
| 1595 | + // Source is a document | |
| 1596 | + if ($this->canCopyMoveRenameDocument($iDocumentID)) { | |
| 1597 | + $movestat = $this->_MOVEDocument($options, $iFolderID, $iDocumentID); | |
| 1598 | + } else { | |
| 1599 | + return "Cannot MOVE document because it is checked out by another user."; | |
| 1600 | + } | |
| 1598 | 1601 | } |
| 1599 | 1602 | |
| 1600 | 1603 | $this->ktwebdavLog("Final movestat result is: " . $movestat, 'info', true); |
| ... | ... | @@ -1890,7 +1893,12 @@ class KTWebDAVServer extends HTTP_WebDAV_Server |
| 1890 | 1893 | } else { |
| 1891 | 1894 | // Source is a document |
| 1892 | 1895 | $this->ktwebdavLog("Source is a Document.", 'info', true); |
| 1893 | - $copystat = $this->_COPYDocument($options, $iFolderID, $iDocumentID, $dest_folder_id); | |
| 1896 | + | |
| 1897 | + if ($this->canCopyMoveRenameDocument($iDocumentID)) { | |
| 1898 | + $copystat = $this->_COPYDocument($options, $iFolderID, $iDocumentID, $dest_folder_id); | |
| 1899 | + } else { | |
| 1900 | + return "Cannot COPY document because it is checked out by another user."; | |
| 1901 | + } | |
| 1894 | 1902 | |
| 1895 | 1903 | } |
| 1896 | 1904 | |
| ... | ... | @@ -2103,10 +2111,72 @@ class KTWebDAVServer extends HTTP_WebDAV_Server |
| 2103 | 2111 | return $result; |
| 2104 | 2112 | } |
| 2105 | 2113 | |
| 2114 | + | |
| 2115 | + /** | |
| 2116 | + * canCopyMoveRenameDocument() helper | |
| 2117 | + * checks if document is checked out; if not, returns true | |
| 2118 | + * if checked out, cheks if checked out by same user; if yes, returns true; | |
| 2119 | + * else returns false | |
| 2120 | + * | |
| 2121 | + * @return bool true or false | |
| 2122 | + */ | |
| 2123 | + function canCopyMoveRenameDocument($iDocumentID) | |
| 2124 | + { | |
| 2125 | + $this->ktwebdavLog("Entering canCopyMoveRenameDocument ", 'info', true); | |
| 2126 | + | |
| 2127 | + $oDocument =& Document::get($iDocumentID); | |
| 2128 | + | |
| 2129 | + if (is_null($oDocument) || ($oDocument === false) || PEAR::isError($oDocument)) { | |
| 2130 | + $this->ktwebdavLog("Document invalid ". print_r($oDocument, true), 'info', true); | |
| 2131 | + return false; | |
| 2132 | + } | |
| 2133 | + | |
| 2134 | + if($oDocument->getIsCheckedOut()) { | |
| 2135 | + $info = array(); | |
| 2136 | + $info["props"][] = $this->mkprop($sNameSpace, 'CheckedOut', $oDocument->getCheckedOutUserID()); | |
| 2137 | + //$this->ktwebdavLog("getIsCheckedOut ". print_r($info,true), 'info', true); | |
| 2138 | + | |
| 2139 | + $oCOUser = User::get( $oDocument->getCheckedOutUserID() ); | |
| 2140 | + | |
| 2141 | + if (PEAR::isError($oCOUser) || is_null($oCOUser) || ($oCOUser === false)) { | |
| 2142 | + $couser_id = '0'; | |
| 2143 | + } else { | |
| 2144 | + $couser_id = $oCOUser->getID(); | |
| 2145 | + } | |
| 2146 | + | |
| 2147 | + //$this->ktwebdavLog("getCheckedOutUserID " .$couser_id, 'info', true); | |
| 2148 | + | |
| 2149 | + $oUser =& User::get($this->userID); | |
| 2150 | + | |
| 2151 | + //$this->ktwebdavLog("this UserID " .$oUser->getID(), 'info', true); | |
| 2152 | + | |
| 2153 | + if (PEAR::isError($oUser) || is_null($oUser) || ($oUser === false)) { | |
| 2154 | + $this->ktwebdavLog("User invalid ". print_r($oUser, true), 'info', true); | |
| 2155 | + return false; | |
| 2156 | + } else { | |
| 2157 | + $ouser_id = $oUser->getID(); | |
| 2158 | + } | |
| 2159 | + | |
| 2160 | + //$this->ktwebdavLog("that UserID " .$oCOUser->getID(), 'info', true); | |
| 2161 | + | |
| 2162 | + if ($couser_id != $ouser_id) { | |
| 2163 | + $this->ktwebdavLog("Document checked out by another user $couser_id != $ouser_id", 'info', true); | |
| 2164 | + return false; | |
| 2165 | + } else { | |
| 2166 | + $this->ktwebdavLog("Document checked out by this user", 'info', true); | |
| 2167 | + return true; | |
| 2168 | + } | |
| 2169 | + } else { | |
| 2170 | + //not checked out | |
| 2171 | + $this->ktwebdavLog("Document not checked out by any user", 'info', true); | |
| 2172 | + return true; | |
| 2173 | + } | |
| 2174 | + } | |
| 2175 | + | |
| 2106 | 2176 | /** |
| 2107 | 2177 | * checkSafeMode() helper |
| 2108 | 2178 | * |
| 2109 | - * @return string true or false | |
| 2179 | + * @return bool true or false | |
| 2110 | 2180 | */ |
| 2111 | 2181 | function checkSafeMode() |
| 2112 | 2182 | { | ... | ... |