Peter M. Groen / knowledgetree

Commit 5bf097a09f013edc0ec2cae7891b8517af7ec8c6

Authored by Conrad Vermeulen
1 parent 9485cb89

KTS-3968 

"Add permissions management to KTAPI"
Implemented. Initial development. Refinements pending.

Committed By: Conrad Vermeulen
Reviewed By: Megan Watson


git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@9698 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 4 changed files with 261 additions and 38 deletions
ktapi/KTAPIAcl.inc.php
  View file @5bf097a
... ... @@ -1252,6 +1252,15 @@ final class KTAPI_RoleAllocation extends KTAPI_AllocationBase
1252 1252 $map['role']['role'][$roleId] = $role->Name;
1253 1253  
1254 1254 $allocation = $type . 'Allocation';
  1255 + if (!array_key_exists($roleId, $map['role'][$allocation]))
  1256 + {
  1257 + $map['role'][$allocation][$roleId] = array();
  1258 + }
  1259 + if (array_key_exists($memberId, $map['role'][$allocation][$roleId]))
  1260 + {
  1261 + // if the key exists, we don't have to do anything.
  1262 + return;
  1263 + }
1255 1264 $map['role'][$allocation][$roleId][$memberId] = $memberId;
1256 1265  
1257 1266 $this->changed = true;
... ... @@ -1284,7 +1293,7 @@ final class KTAPI_RoleAllocation extends KTAPI_AllocationBase
1284 1293 }
1285 1294  
1286 1295 public
1287   - function doesRoleHasMember(KTAPI_Role $role, KTAPI_Member $member)
  1296 + function doesRoleHaveMember(KTAPI_Role $role, KTAPI_Member $member)
1288 1297 {
1289 1298 $map = & $this->map;
1290 1299  
... ... @@ -1294,6 +1303,11 @@ final class KTAPI_RoleAllocation extends KTAPI_AllocationBase
1294 1303 $type = $this->_getMemberType($member);
1295 1304 $allocation = $type . 'Allocation';
1296 1305  
  1306 + if (!array_key_exists($roleId, $map['role'][$allocation]))
  1307 + {
  1308 + return false;
  1309 + }
  1310 +
1297 1311 $array = & $map['role'][$allocation][$roleId];
1298 1312  
1299 1313 return (array_key_exists($memberId, $array));
... ... @@ -1341,56 +1355,46 @@ final class KTAPI_RoleAllocation extends KTAPI_AllocationBase
1341 1355 {
1342 1356 $roleId = $role->Id;
1343 1357  
  1358 + $object = $this->folderItem->getObject();
  1359 + $objectId = $object->getId();
  1360 + $parentId = $object->getParentID();
  1361 +
1344 1362 // FIXME do we need to check that this role _isn't_ allocated?
1345   - $oRoleAllocation = new RoleAllocation();
1346   - $oRoleAllocation->setFolderId($this->oFolder->getId());
1347   - $oRoleAllocation->setRoleId($role_id);
  1363 + $roleAllocation = new RoleAllocation();
  1364 + $roleAllocation->setFolderId($objectId);
  1365 + $roleAllocation->setRoleId($roleId);
1348 1366  
1349 1367 // create a new permission descriptor.
1350 1368 // FIXME we really want to duplicate the original (if it exists)
1351 1369  
1352   - $aAllowed = array(); // no-op, for now.
1353   - $this->startTransaction();
1354   -
1355   - $oRoleAllocation->setAllowed($aAllowed);
1356   - $res = $oRoleAllocation->create();
1357   -
1358   - if (PEAR::isError($res) || ($res == false)) {
1359   - $this->errorRedirectToMain(_kt('Failed to create the role allocation.') . print_r($res, true), sprintf('fFolderId=%d', $this->oFolder->getId()));
1360   - }
  1370 + $allowed = array(); // no-op, for now.
  1371 + $roleAllocation->setAllowed($allowed);
  1372 + $res = $roleAllocation->create();
1361 1373  
1362 1374 $this->_logTransaction(_kt('Override parent allocation'), 'ktcore.transactions.role_allocations_change');
1363 1375  
  1376 +
1364 1377 // inherit parent permissions
1365   - $oParentAllocation = RoleAllocation::getAllocationsForFolderAndRole($this->oFolder->getParentID(), $role_id);
1366   - if (!is_null($oParentAllocation) && !PEAR::isError($oParentAllocation))
  1378 + $parentAllocation = RoleAllocation::getAllocationsForFolderAndRole($parentId, $roleId);
  1379 + if (!is_null($parentAllocation) && !PEAR::isError($parentAllocation))
1367 1380 {
1368   - $oPD = $oParentAllocation->getPermissionDescriptor();
1369   -
1370   - $aAllowed = $oPD->getAllowed();
1371   - $userids=$aAllowed['user'];
1372   - $groupids=$aAllowed['group'];
  1381 + $descriptor = $parentAllocation->getPermissionDescriptor();
1373 1382  
1374   - // now lets update for the new allocation
1375   - $oPD = $oRoleAllocation->getPermissionDescriptor();
  1383 + $allowed = $descriptor->getAllowed();
1376 1384  
1377   - $aAllowed = $oPD->getAllowed();
  1385 + $allowed = array(
  1386 + 'user' => $allowed['user'],
  1387 + 'group' => $allowed['group'],
  1388 + );
1378 1389  
1379   - $aAllowed['user'] = $userids;
1380   - $aAllowed['group'] = $groupids;
  1390 + $roleAllocation->setAllowed($allowed);
  1391 + $res = $roleAllocation->update();
1381 1392  
1382   - $oRoleAllocation->setAllowed($aAllowed);
1383   - $res = $oRoleAllocation->update();
1384   -
1385   - if (PEAR::isError($res) || ($res == false))
1386   - {
1387   - $this->errorRedirectToMain(_kt('Failed to create the role allocation.') . print_r($res, true), sprintf('fFolderId=%d', $this->oFolder->getId()));
1388   - }
1389 1393 }
1390 1394  
1391 1395 // regenerate permissions
1392 1396  
1393   - $this->renegeratePermissionsForRole($oRoleAllocation->getRoleId());
  1397 + $this->renegeratePermissionsForRole($roleId);
1394 1398 }
1395 1399  
1396 1400 /**
... ... @@ -1400,26 +1404,50 @@ final class KTAPI_RoleAllocation extends KTAPI_AllocationBase
1400 1404 public
1401 1405 function inheritAllocation()
1402 1406 {
  1407 + if (!$this->canInheritRoleAllocation())
  1408 + {
  1409 + return;
  1410 + }
  1411 +
  1412 + $this->_logTransaction(_kt('Use parent allocation'), 'ktcore.transactions.role_allocations_change');
  1413 +
1403 1414 foreach($this->map['role']['role'] as $roleId=>$roleName)
1404 1415 {
1405   - $this->inheritRoleAllocation(KTAPI_Role::getById($roleId));
  1416 + $this->inheritRoleAllocation(KTAPI_Role::getById($roleId), false);
1406 1417 }
1407 1418 }
1408 1419  
  1420 + public
  1421 + function canInheritRoleAllocation()
  1422 + {
  1423 + $object = $this->folderItem->getObject();
  1424 + $objectId = $object->getId();
  1425 +
  1426 + return ($objectId != 1);
  1427 + }
  1428 +
1409 1429 /**
1410 1430 * Inherit the role associations from the parent.
1411 1431 *
1412 1432 * @param KTAPI_Role $role
1413 1433 */
1414 1434 public
1415   - function inheritRoleAllocation(KTAPI_Role $role)
  1435 + function inheritRoleAllocation(KTAPI_Role $role, $log = true)
1416 1436 {
1417   - $roleId = $role->Id;
1418   - $this->_logTransaction(_kt('Use parent allocation'), 'ktcore.transactions.role_allocations_change');
  1437 + if (!$this->canInheritRoleAllocation())
  1438 + {
  1439 + return;
  1440 + }
1419 1441  
1420 1442 $object = $this->folderItem->getObject();
1421 1443 $objectId = $object->getId();
1422 1444  
  1445 + $roleId = $role->Id;
  1446 + if ($log)
  1447 + {
  1448 + $this->_logTransaction(_kt('Use parent allocation'), 'ktcore.transactions.role_allocations_change');
  1449 + }
  1450 +
1423 1451 $roleAllocation = RoleAllocation::getAllocationsForFolderAndRole($objectId, $roleId);
1424 1452  
1425 1453 $res = $oRoleAllocation->delete();
... ... @@ -1510,9 +1538,50 @@ final class KTAPI_RoleAllocation extends KTAPI_AllocationBase
1510 1538 public
1511 1539 function save()
1512 1540 {
  1541 + if (!$this->changed)
  1542 + {
  1543 + // we don't have to do anything if nothing has changed.
  1544 + return;
  1545 + }
1513 1546  
1514   - }
  1547 + $map = & $this->map;
  1548 + $folderId = $this->folderItem->getObject()->getId();
  1549 +
  1550 + foreach($map['role']['role'] as $roleId => $roleName)
  1551 + {
  1552 + $roleAllocation = RoleAllocation::getAllocationsForFolderAndRole($folderId, $roleId);
  1553 +
  1554 + $allowed = array();
1515 1555  
  1556 + $userIds = array();
  1557 + $groupIds = array();
  1558 + if (array_key_exists($roleId, $map['role']['userAllocation']))
  1559 + {
  1560 + foreach($map['role']['userAllocation'][$roleId] as $userId)
  1561 + {
  1562 + $userIds[] = $userId;
  1563 + }
  1564 + }
  1565 + if (array_key_exists($roleId, $map['role']['groupAllocation']))
  1566 + {
  1567 + foreach($map['role']['groupAllocation'][$roleId] as $groupId)
  1568 + {
  1569 + $groupIds[] = $groupId;
  1570 + }
  1571 + }
  1572 +
  1573 + $allowed['user'] = $userIds;
  1574 + $allowed['group'] = $groupIds;
  1575 +
  1576 + if (is_null($roleAllocation))
  1577 + {
  1578 + $roleAllocation = $this->overrideRoleAllocation(KTAPI_Role::getById($roleId));
  1579 + }
  1580 +
  1581 + $roleAllocation->setAllowed($allowed);
  1582 + $roleAllocation->update();
  1583 + }
  1584 + }
1516 1585 }
1517 1586  
1518 1587 ?>
1519 1588 \ No newline at end of file
... ...
ktapi/KTAPIDocument.inc.php
  View file @5bf097a
... ... @@ -1930,6 +1930,113 @@ class KTAPI_Document extends KTAPI_FolderItem
1930 1930 return $this->document;
1931 1931 }
1932 1932  
  1933 + public function isSubscribed()
  1934 + {
  1935 + $subscriptionType = SubscriptionEvent::subTypes('Document');
  1936 + $user = $this->ktapi->get_user();
  1937 + $document = $this->document;
  1938 +
  1939 + return Subscription::exists($user->getId(), $document->getId(), $subscriptionType);
  1940 + }
  1941 +
  1942 + public function unsubscribe()
  1943 + {
  1944 + if (!$this->isSubscribed())
  1945 + {
  1946 + return;
  1947 + }
  1948 +
  1949 + $subscriptionType = SubscriptionEvent::subTypes('Document');
  1950 + $user = $this->ktapi->get_user();
  1951 + $document = $this->document;
  1952 +
  1953 + $subscription = & Subscription::getByIDs($user->getId(), $document->getId(), $subscriptionType);
  1954 + $subscription->delete();
  1955 + }
  1956 +
  1957 + public function subscribe()
  1958 + {
  1959 + if ($this->isSubscribed())
  1960 + {
  1961 + return;
  1962 + }
  1963 +
  1964 + $subscriptionType = SubscriptionEvent::subTypes('Document');
  1965 + $user = $this->ktapi->get_user();
  1966 + $document = $this->document;
  1967 +
  1968 + $subscription = new Subscription($user->getId(), $document->getId(), $subscriptionType);
  1969 + $subscription->create();
  1970 + }
  1971 +
  1972 +
  1973 + public function isImmutable()
  1974 + {
  1975 + return $this->document->getImmutable();
  1976 + }
  1977 +
  1978 + public function immute()
  1979 + {
  1980 + $this->document->setImmutable(true);
  1981 + $this->document->update();
  1982 + }
  1983 +
  1984 + public function unimmute()
  1985 + {
  1986 + $this->document->setImmutable(false);
  1987 + $this->document->update();
  1988 + }
  1989 +
  1990 + public function email($members, $title, $comment, $attachDocument = true)
  1991 + {
  1992 + if (empty($members))
  1993 + {
  1994 + return;
  1995 + }
  1996 +
  1997 + $userIds = array();
  1998 + $groupIds = array();
  1999 + $emailAddrs = array();
  2000 +
  2001 + foreach($members as $member)
  2002 + {
  2003 + if ($member instanceof KTAPI_User)
  2004 + {
  2005 + $userIds[] = $member->Id;
  2006 + }
  2007 + elseif ($member instanceof KTAPI_Group)
  2008 + {
  2009 + $groupIds[] = $member->Id;
  2010 + }
  2011 + elseif (is_string($member))
  2012 + {
  2013 + $emailAddrs[] = $member;
  2014 + }
  2015 + }
  2016 +
  2017 + $config = KTConfig::getSingleton();
  2018 + $allowAttachment = $config->get('email/allowAttachment', false);
  2019 + $allowEmailAddresses = $oConfig->get('email/allowEmailAddresses', false);
  2020 +
  2021 + $emailErrors = array();
  2022 + $userEmails = array();
  2023 +
  2024 + sendGroupEmails($groupIds, $userEmails, $emailErrors);
  2025 +
  2026 + sendUserEmails($userIds, $userEmails, $emailErrors);
  2027 +
  2028 + if ($attachDocument)
  2029 + {
  2030 + sendManualEmails($aEmailAddresses, $userEmails, $emailErrors);
  2031 + }
  2032 + else
  2033 + {
  2034 + sendExternalEmails($aEmailAddresses, $this->document->getID(), $this->document->getName(), $comment, $emailErrors);
  2035 + }
  2036 +
  2037 + sendEmail($aListEmails, $this->document->getID(), $this->document->getName(), $comment, (boolean)$fAttachDocument, $aEmailErrors);
  2038 +
  2039 + }
1933 2040 }
1934 2041  
1935 2042 ?>
... ...
ktapi/KTAPIFolder.inc.php
  View file @5bf097a
... ... @@ -959,6 +959,46 @@ class KTAPI_Folder extends KTAPI_FolderItem
959 959 {
960 960 return $this->folder;
961 961 }
  962 +
  963 + public function isSubscribed()
  964 + {
  965 + $subscriptionType = SubscriptionEvent::subTypes('Folder');
  966 + $user = $this->ktapi->get_user();
  967 + $folder = $this->folder;
  968 +
  969 + return Subscription::exists($user->getId(), $folder->getId(), $subscriptionType);
  970 + }
  971 +
  972 + public function unsubscribe()
  973 + {
  974 + if (!$this->isSubscribed())
  975 + {
  976 + return;
  977 + }
  978 +
  979 + $subscriptionType = SubscriptionEvent::subTypes('Folder');
  980 + $user = $this->ktapi->get_user();
  981 + $folder = $this->folder;
  982 +
  983 + $subscription = & Subscription::getByIDs($user->getId(), $folder->getId(), $subscriptionType);
  984 + $subscription->delete();
  985 + }
  986 +
  987 + public function subscribe()
  988 + {
  989 + if ($this->isSubscribed())
  990 + {
  991 + return;
  992 + }
  993 +
  994 + $subscriptionType = SubscriptionEvent::subTypes('Folder ');
  995 + $user = $this->ktapi->get_user();
  996 + $folder = $this->folder;
  997 +
  998 + $subscription = new Subscription($user->getId(), $folder->getId(), $subscriptionType);
  999 + $subscription->create();
  1000 + }
  1001 +
962 1002 }
963 1003  
964 1004 ?>
... ...
ktapi/ktapi.inc.php
  View file @5bf097a
... ... @@ -70,6 +70,13 @@ abstract class KTAPI_FolderItem
70 70 }
71 71  
72 72 public abstract function getObject();
  73 +
  74 + public abstract function isSubscribed();
  75 +
  76 + public abstract function unsubscribe();
  77 +
  78 + public abstract function subscribe();
  79 +
73 80 }
74 81  
75 82 class KTAPI_Error extends PEAR_Error
... ...