Commit 578d920fc38492d86b653029364ff44af90de59f
1 parent
5e04e6be
Merged in from DEV trunk...
BBS-1010 "'Move', 'Copy' and 'Rename' can be done on a Checked Out document in WebDAV." Fixed. The functions now check who is doing the action. Written By: Martin Kirsten Reviewed By: Conrad Vermeulen git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/STABLE/branches/3.4.2-Release-Branch@7074 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
1 changed file
with
81 additions
and
11 deletions
ktwebdav/lib/KTWebDAVServer.inc.php
| @@ -7,7 +7,7 @@ | @@ -7,7 +7,7 @@ | ||
| 7 | * License Version 1.1.2 ("License"); You may not use this file except in | 7 | * License Version 1.1.2 ("License"); You may not use this file except in |
| 8 | * compliance with the License. You may obtain a copy of the License at | 8 | * compliance with the License. You may obtain a copy of the License at |
| 9 | * http://www.knowledgetree.com/KPL | 9 | * http://www.knowledgetree.com/KPL |
| 10 | - * | 10 | + * |
| 11 | * Software distributed under the License is distributed on an "AS IS" | 11 | * Software distributed under the License is distributed on an "AS IS" |
| 12 | * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. | 12 | * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing rights and | 13 | * See the License for the specific language governing rights and |
| @@ -18,9 +18,9 @@ | @@ -18,9 +18,9 @@ | ||
| 18 | * (ii) the KnowledgeTree copyright notice | 18 | * (ii) the KnowledgeTree copyright notice |
| 19 | * in the same form as they appear in the distribution. See the License for | 19 | * in the same form as they appear in the distribution. See the License for |
| 20 | * requirements. | 20 | * requirements. |
| 21 | - * | 21 | + * |
| 22 | * The Original Code is: KnowledgeTree Open Source | 22 | * The Original Code is: KnowledgeTree Open Source |
| 23 | - * | 23 | + * |
| 24 | * The Initial Developer of the Original Code is The Jam Warehouse Software | 24 | * The Initial Developer of the Original Code is The Jam Warehouse Software |
| 25 | * (Pty) Ltd, trading as KnowledgeTree. | 25 | * (Pty) Ltd, trading as KnowledgeTree. |
| 26 | * Portions created by The Jam Warehouse Software (Pty) Ltd are Copyright | 26 | * Portions created by The Jam Warehouse Software (Pty) Ltd are Copyright |
| @@ -333,11 +333,11 @@ class KTWebDAVServer extends HTTP_WebDAV_Server | @@ -333,11 +333,11 @@ class KTWebDAVServer extends HTTP_WebDAV_Server | ||
| 333 | 333 | ||
| 334 | /** | 334 | /** |
| 335 | * check authentication if check is implemented | 335 | * check authentication if check is implemented |
| 336 | - * | 336 | + * |
| 337 | * @param void | 337 | * @param void |
| 338 | * @return bool true if authentication succeded or not necessary | 338 | * @return bool true if authentication succeded or not necessary |
| 339 | */ | 339 | */ |
| 340 | - function _check_auth() | 340 | + function _check_auth() |
| 341 | { | 341 | { |
| 342 | $this->ktwebdavLog('Entering _check_auth...', 'info', true); | 342 | $this->ktwebdavLog('Entering _check_auth...', 'info', true); |
| 343 | 343 | ||
| @@ -489,7 +489,7 @@ class KTWebDAVServer extends HTTP_WebDAV_Server | @@ -489,7 +489,7 @@ class KTWebDAVServer extends HTTP_WebDAV_Server | ||
| 489 | $this->ktwebdavLog("Folder Details permissions GRANTED for user ". $_SESSION["userID"] ." on folder " . $oChildFolder->getName(), 'info', true); | 489 | $this->ktwebdavLog("Folder Details permissions GRANTED for user ". $_SESSION["userID"] ." on folder " . $oChildFolder->getName(), 'info', true); |
| 490 | $files["files"][] = $this->_fileinfoForFolder($oChildFolder, $folder_path . $oChildFolder->getName()); | 490 | $files["files"][] = $this->_fileinfoForFolder($oChildFolder, $folder_path . $oChildFolder->getName()); |
| 491 | } | 491 | } |
| 492 | - else | 492 | + else |
| 493 | { | 493 | { |
| 494 | $this->ktwebdavLog("Folder Details permissions DENIED for ". $_SESSION["userID"] ." on folder " . $oChildFolder->getName(), 'info', true); | 494 | $this->ktwebdavLog("Folder Details permissions DENIED for ". $_SESSION["userID"] ." on folder " . $oChildFolder->getName(), 'info', true); |
| 495 | } | 495 | } |
| @@ -1592,9 +1592,12 @@ class KTWebDAVServer extends HTTP_WebDAV_Server | @@ -1592,9 +1592,12 @@ class KTWebDAVServer extends HTTP_WebDAV_Server | ||
| 1592 | $movestat = $this->_MOVEFolder($options, $iFolderID); | 1592 | $movestat = $this->_MOVEFolder($options, $iFolderID); |
| 1593 | 1593 | ||
| 1594 | } else { | 1594 | } else { |
| 1595 | - // Source is a document | ||
| 1596 | - $movestat = $this->_MOVEDocument($options, $iFolderID, $iDocumentID); | ||
| 1597 | - | 1595 | + // Source is a document |
| 1596 | + if ($this->canCopyMoveRenameDocument($iDocumentID)) { | ||
| 1597 | + $movestat = $this->_MOVEDocument($options, $iFolderID, $iDocumentID); | ||
| 1598 | + } else { | ||
| 1599 | + return "Cannot MOVE document because it is checked out by another user."; | ||
| 1600 | + } | ||
| 1598 | } | 1601 | } |
| 1599 | 1602 | ||
| 1600 | $this->ktwebdavLog("Final movestat result is: " . $movestat, 'info', true); | 1603 | $this->ktwebdavLog("Final movestat result is: " . $movestat, 'info', true); |
| @@ -1890,7 +1893,12 @@ class KTWebDAVServer extends HTTP_WebDAV_Server | @@ -1890,7 +1893,12 @@ class KTWebDAVServer extends HTTP_WebDAV_Server | ||
| 1890 | } else { | 1893 | } else { |
| 1891 | // Source is a document | 1894 | // Source is a document |
| 1892 | $this->ktwebdavLog("Source is a Document.", 'info', true); | 1895 | $this->ktwebdavLog("Source is a Document.", 'info', true); |
| 1893 | - $copystat = $this->_COPYDocument($options, $iFolderID, $iDocumentID, $dest_folder_id); | 1896 | + |
| 1897 | + if ($this->canCopyMoveRenameDocument($iDocumentID)) { | ||
| 1898 | + $copystat = $this->_COPYDocument($options, $iFolderID, $iDocumentID, $dest_folder_id); | ||
| 1899 | + } else { | ||
| 1900 | + return "Cannot COPY document because it is checked out by another user."; | ||
| 1901 | + } | ||
| 1894 | 1902 | ||
| 1895 | } | 1903 | } |
| 1896 | 1904 | ||
| @@ -2103,10 +2111,72 @@ class KTWebDAVServer extends HTTP_WebDAV_Server | @@ -2103,10 +2111,72 @@ class KTWebDAVServer extends HTTP_WebDAV_Server | ||
| 2103 | return $result; | 2111 | return $result; |
| 2104 | } | 2112 | } |
| 2105 | 2113 | ||
| 2114 | + | ||
| 2115 | + /** | ||
| 2116 | + * canCopyMoveRenameDocument() helper | ||
| 2117 | + * checks if document is checked out; if not, returns true | ||
| 2118 | + * if checked out, cheks if checked out by same user; if yes, returns true; | ||
| 2119 | + * else returns false | ||
| 2120 | + * | ||
| 2121 | + * @return bool true or false | ||
| 2122 | + */ | ||
| 2123 | + function canCopyMoveRenameDocument($iDocumentID) | ||
| 2124 | + { | ||
| 2125 | + $this->ktwebdavLog("Entering canCopyMoveRenameDocument ", 'info', true); | ||
| 2126 | + | ||
| 2127 | + $oDocument =& Document::get($iDocumentID); | ||
| 2128 | + | ||
| 2129 | + if (is_null($oDocument) || ($oDocument === false) || PEAR::isError($oDocument)) { | ||
| 2130 | + $this->ktwebdavLog("Document invalid ". print_r($oDocument, true), 'info', true); | ||
| 2131 | + return false; | ||
| 2132 | + } | ||
| 2133 | + | ||
| 2134 | + if($oDocument->getIsCheckedOut()) { | ||
| 2135 | + $info = array(); | ||
| 2136 | + $info["props"][] = $this->mkprop($sNameSpace, 'CheckedOut', $oDocument->getCheckedOutUserID()); | ||
| 2137 | + //$this->ktwebdavLog("getIsCheckedOut ". print_r($info,true), 'info', true); | ||
| 2138 | + | ||
| 2139 | + $oCOUser = User::get( $oDocument->getCheckedOutUserID() ); | ||
| 2140 | + | ||
| 2141 | + if (PEAR::isError($oCOUser) || is_null($oCOUser) || ($oCOUser === false)) { | ||
| 2142 | + $couser_id = '0'; | ||
| 2143 | + } else { | ||
| 2144 | + $couser_id = $oCOUser->getID(); | ||
| 2145 | + } | ||
| 2146 | + | ||
| 2147 | + //$this->ktwebdavLog("getCheckedOutUserID " .$couser_id, 'info', true); | ||
| 2148 | + | ||
| 2149 | + $oUser =& User::get($this->userID); | ||
| 2150 | + | ||
| 2151 | + //$this->ktwebdavLog("this UserID " .$oUser->getID(), 'info', true); | ||
| 2152 | + | ||
| 2153 | + if (PEAR::isError($oUser) || is_null($oUser) || ($oUser === false)) { | ||
| 2154 | + $this->ktwebdavLog("User invalid ". print_r($oUser, true), 'info', true); | ||
| 2155 | + return false; | ||
| 2156 | + } else { | ||
| 2157 | + $ouser_id = $oUser->getID(); | ||
| 2158 | + } | ||
| 2159 | + | ||
| 2160 | + //$this->ktwebdavLog("that UserID " .$oCOUser->getID(), 'info', true); | ||
| 2161 | + | ||
| 2162 | + if ($couser_id != $ouser_id) { | ||
| 2163 | + $this->ktwebdavLog("Document checked out by another user $couser_id != $ouser_id", 'info', true); | ||
| 2164 | + return false; | ||
| 2165 | + } else { | ||
| 2166 | + $this->ktwebdavLog("Document checked out by this user", 'info', true); | ||
| 2167 | + return true; | ||
| 2168 | + } | ||
| 2169 | + } else { | ||
| 2170 | + //not checked out | ||
| 2171 | + $this->ktwebdavLog("Document not checked out by any user", 'info', true); | ||
| 2172 | + return true; | ||
| 2173 | + } | ||
| 2174 | + } | ||
| 2175 | + | ||
| 2106 | /** | 2176 | /** |
| 2107 | * checkSafeMode() helper | 2177 | * checkSafeMode() helper |
| 2108 | * | 2178 | * |
| 2109 | - * @return string true or false | 2179 | + * @return bool true or false |
| 2110 | */ | 2180 | */ |
| 2111 | function checkSafeMode() | 2181 | function checkSafeMode() |
| 2112 | { | 2182 | { |