Peter M. Groen / knowledgetree

Commit 663a3779ae50f3a93b58ac929e761e221eac3ecf

Authored by Neil Blakey-Milner
1 parent 33034d52

Provide legacy support for Permission::userHasDocumentWritePermission 

and friends using the new permission system.


git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@3513 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 1 changed file with 33 additions and 473 deletions
lib/security/Permission.inc
  View file @663a377
@@ -28,389 +28,72 @@ @@ -28,389 +28,72 @@
28 * @author Rob Cherry, Jam Warehouse (Pty) Ltd, South Africa 28 * @author Rob Cherry, Jam Warehouse (Pty) Ltd, South Africa
29 * @package lib.security 29 * @package lib.security
30 */ 30 */
  31 +
  32 +require_once(KT_LIB_DIR . '/permissions/permission.inc.php');
  33 +require_once(KT_LIB_DIR . '/permissions/permissionutil.inc.php');
  34 +
31 class Permission { 35 class Permission {
32 36
33 /** 37 /**
34 * Checks if the current user has write permission for a specific document. 38 * Checks if the current user has write permission for a specific document.
35 - * To have document write permission the user must satisfy ONE of the following conditions:  
36 - * o have write permission for the folder in which the document resides  
37 - * o be assigned a role which has write permission for the document  
38 * 39 *
39 * @param $oDocument Document to check 40 * @param $oDocument Document to check
40 * 41 *
41 * @return boolean true if the current user has document write permission, false otherwise and set $_SESSION["errorMessage"] 42 * @return boolean true if the current user has document write permission, false otherwise and set $_SESSION["errorMessage"]
42 */ 43 */
43 - function userHasDocumentWritePermission($oDocument) {  
44 - global $default;  
45 -  
46 - if ($oDocument == null) {  
47 - $default->log->info("Failed to retrieve document from database");  
48 - return false;  
49 - }  
50 - if (Permission::userHasFolderWritePermission(Folder::get($oDocument->getFolderID())) ||  
51 - Permission::userHasWriteRoleForDocument($oDocument)) {  
52 - return true;  
53 - }  
54 - $_SESSION["errorMessage"] = $lang_err_user_doc_write . "id " . $oDocument->getID();  
55 - return false; 44 + function userHasDocumentWritePermission($oDocument) {
  45 + $oUser = User::get($_SESSION["userID"]);
  46 + $oPermission = KTPermission::getByName('ktcore.permissions.write');
  47 +
  48 + return KTPermissionUtil::userHasPermissionOnItem($oUser,
  49 + $oPermission, $oDocument);
56 } 50 }
57 - 51 +
58 /** 52 /**
59 - * Checks if the current user has read permission for a specific document.  
60 - * To have document read permission the folder must be public or the user must satisfy ONE of the following conditions:  
61 - * o have write permission for the document  
62 - * o have read permission for the folder in which the document resides  
63 - * o be assigned a role which has read permission for the document 53 + * Checks if the current user has read permission for a specific
  54 + * document
64 * 55 *
65 - * @param $oDocument Document to check 56 + * @param $oFolder Document object to check
66 * 57 *
67 - * @return boolean true if the current user has document read permission, false otherwise and set $_SESSION["errorMessage"]  
68 - */  
69 - function userHasDocumentReadPermission($oDocument) {  
70 - global $default;  
71 -  
72 - if ($oDocument == null) {  
73 - $default->log->info("Failed to retrieve document from database");  
74 - return false;  
75 - }  
76 - if (Permission::userHasWriteRoleForDocument($oDocument) ||  
77 - Permission::userHasReadRoleForDocument($oDocument) ||  
78 - Permission::userHasFolderReadPermission(Folder::get($oDocument->getFolderID())) ||  
79 - Permission::documentIsTemplateForDependantDocument($oDocument)) {  
80 - return true;  
81 - }  
82 - $_SESSION["errorMessage"] = $lang_err_user_doc_read . "id " . $oDocument->getID();  
83 - return false; 58 + * @return boolean true if the user has document write permission, false otherwise and set $_SESSION["errorMessage"]
  59 + */
  60 + function userHasDocumentReadPermission($oDocument) {
  61 + $oUser = User::get($_SESSION["userID"]);
  62 + $oPermission = KTPermission::getByName('ktcore.permissions.read');
  63 +
  64 + return KTPermissionUtil::userHasPermissionOnItem($oUser,
  65 + $oPermission, $oDocument);
84 } 66 }
85 67
86 /** 68 /**
87 * Checks if the current user has write permission for a specific folder 69 * Checks if the current user has write permission for a specific folder
88 - * To have write permission on a folder the user must satisfy ONE of the following conditions:  
89 - * o be in the system administrator group  
90 - * o be in the unit administrator group for the unit to which the folder belongs  
91 - * o belong to a group that has write access to the folder  
92 - * o be assigned a role that has write access to the folder  
93 * 70 *
94 - * @param $iFolderID Primary key of folder to check 71 + * @param $oFolder Folder object to check
95 * 72 *
96 * @return boolean true if the user has folder write permission, false otherwise and set $_SESSION["errorMessage"] 73 * @return boolean true if the user has folder write permission, false otherwise and set $_SESSION["errorMessage"]
97 */ 74 */
98 function userHasFolderWritePermission($oFolder) { 75 function userHasFolderWritePermission($oFolder) {
99 - global $lang_err_user_folder_write, $default;  
100 - if (Permission::userHasGroupWritePermissionForFolder($oFolder) ||  
101 - Permission::userIsSystemAdministrator() ||  
102 - Permission::userIsUnitAdministratorForFolder($oFolder)) {  
103 - $default->log->debug("FOLDER PERMISSIONS: Does have folder writer permission");  
104 - return true;  
105 - }  
106 - $_SESSION["errorMessage"] = $lang_err_user_folder_write . "id " . $oFolder->getID();  
107 - $default->log->debug("FOLDER PERMISSIONS: Does NOT have folder writer permission");  
108 - return false; 76 + $oUser = User::get($_SESSION["userID"]);
  77 + $oPermission = KTPermission::getByName('ktcore.permissions.write');
  78 +
  79 + return KTPermissionUtil::userHasPermissionOnItem($oUser,
  80 + $oPermission, $oFolder);
109 } 81 }
110 82
111 83
112 /** 84 /**
113 * Checks if the current user has read permission for a specific folder 85 * Checks if the current user has read permission for a specific folder
114 - * To have read permission on a folder, the folder must be public or the user must satisfy ONE of the following conditions  
115 - * o have write permission for the folder  
116 - * o belong to a group that has read access to the folder  
117 - * o be assigned a role that has read permission for the folder  
118 * 86 *
119 - * @param $iFolderID Primary key of folder to check 87 + * @param $oFolder Folder object to check
120 * 88 *
121 * @return boolean true if the user has folder write permission, false otherwise and set $_SESSION["errorMessage"] 89 * @return boolean true if the user has folder write permission, false otherwise and set $_SESSION["errorMessage"]
122 */ 90 */
123 function userHasFolderReadPermission($oFolder) { 91 function userHasFolderReadPermission($oFolder) {
124 - global $lang_err_user_folder_write;  
125 -  
126 - if (Permission::folderIsPublic($oFolder) ||  
127 - Permission::userHasFolderWritePermission($oFolder) ||  
128 - Permission::userHasGroupReadPermissionForFolder($oFolder)) {  
129 - return true;  
130 - }  
131 - $_SESSION["errorMessage"] = $lang_err_user_folder_write . "id " . $oFolder->getID();  
132 - return false;  
133 - }  
134 -  
135 - /**  
136 - * Checks if a folder is public  
137 - *  
138 - * @param $iFolderID Primary key of folder to check  
139 - *  
140 - * @return boolean true if the folder is public, false otherwise and set $_SESSION["errorMessage"]  
141 - */  
142 - function folderIsPublic($oFolder) {  
143 - global $default, $lang_err_folder_not_public;  
144 -  
145 - if ($oFolder->getIsPublic()) {  
146 - return true;  
147 - } else {  
148 - return false;  
149 - }  
150 - }  
151 -  
152 - /**  
153 - * Checks if the current user has write permission through group membership for a particular folder  
154 - *  
155 - * @param $iFolderID Primary key of folder to check  
156 - *  
157 - * @return boolean true if the user has folder write permission, false otherwise and set $_SESSION["errorMessage"]  
158 - */  
159 - function userHasGroupWritePermissionForFolder($oFolder) {  
160 - global $default, $lang_err_user_folder_write;  
161 -  
162 - if ($oFolder == null) {  
163 - $default->log->info("Failed to retrieve folder with ID " . $oFolder->getID() . " from database");  
164 - return false;  
165 - }  
166 - $sql = $default->db;  
167 - $sQuery = "SELECT GFL.folder_id " ./*ok*/  
168 - "FROM $default->groups_folders_table AS GFL INNER JOIN $default->users_groups_table AS UGL ON GFL.group_id = UGL.group_id " .  
169 - "WHERE UGL.user_id = ? " .  
170 - "AND GFL.folder_id = ? " .  
171 - "AND GFL.can_write = ? ";  
172 - $aParams = array($_SESSION["userID"], $oFolder->getPermissionFolderID(), true); 92 + $oUser = User::get($_SESSION["userID"]);
  93 + $oPermission = KTPermission::getByName('ktcore.permissions.read');
173 94
174 - $res = DBUtil::runQuery(array($sQuery, $aParams));  
175 -  
176 - if (PEAR::isError($res)) {  
177 - $default->log->error("userHasGroupWritePermissionForFolder: Error in SQL statement -> follows:");  
178 - $default->log->error($res->toString());  
179 - return false;  
180 - }  
181 - if ($res->numRows()) {  
182 - $default->log->debug("FOLDER PERMISSIONS: Does have group write permission for folder");  
183 - return true;  
184 - }  
185 -  
186 - $_SESSION["errorMessage"] = $lang_err_user_folder_write;  
187 - return false;  
188 - }  
189 -  
190 - /**  
191 - * Generate a string to be used in a where clause  
192 - * that consists of a list of id that are a folders  
193 - * parent Used this because user has read/write permission for a folder if s/he  
194 - * has read/write permission for the folder's parent (have to recurse up  
195 - * entire hierarchy)  
196 - *  
197 - * @param int Primary key of folder to start at  
198 - *  
199 - */  
200 - function generateParentFolderString($iFolderID) {  
201 - $sFolderIDString = $iFolderID;  
202 - //$iParentFolderID = $iFolderID;  
203 - //recurse up the hierarchy, building the string as we go  
204 - $iParentFolderID = Folder::getParentFolderID($iFolderID);  
205 - while ($iParentFolderID != 0) {  
206 - $sFolderIDString .= ", " . $iParentFolderID;  
207 - $iFolderID = $iParentFolderID;  
208 - $iParentFolderID = Folder::getParentFolderID($iFolderID);  
209 - }  
210 - return $sFolderIDString;  
211 - }  
212 -  
213 - /**  
214 - * Checks if the current user has read permission through group membership for a particular folder  
215 - *  
216 - * @param $iFolderID Primary key of folder to check  
217 - *  
218 - * @return boolean true if the user has folder write permission, false otherwise and set $_SESSION["errorMessage"]  
219 - */  
220 - function userHasGroupReadPermissionForFolder($oFolder) {  
221 - global $default, $lang_err_user_folder_read;  
222 - $sql = $default->db;  
223 -  
224 - if ($oFolder == null) {  
225 - $default->log->info("Failed to retrieve folder with ID " . $oFolder->getID() . " from database");  
226 - return false;  
227 - }  
228 -  
229 - $sQuery = "SELECT GFL.folder_id " ./*ok*/  
230 - "FROM $default->groups_folders_table AS GFL INNER JOIN $default->users_groups_table AS UGL ON GFL.group_id = UGL.group_id " .  
231 - "WHERE UGL.user_id = ? " .  
232 - "AND GFL.folder_id = ? " .  
233 - "AND GFL.can_read = ? ";  
234 - $aParams = array($_SESSION["userID"], $oFolder->getPermissionFolderID(), true);  
235 -  
236 - //$sql->query(array($sQuery, $aParams));  
237 - $res = DBUtil::runQuery(array($sQuery, $aParams));  
238 -  
239 - if (PEAR::isError($res)) {  
240 - $default->log->error("userHasGroupReadPermissionForFolder: Error in SQL statement -> follows:");  
241 - $default->log->error($res->toString());  
242 - return false;  
243 - }  
244 - if ($res->numRows()) {  
245 - $default->log->debug("FOLDER PERMISSIONS: Does have group read permission for folder");  
246 - return true;  
247 - }  
248 -  
249 - $_SESSION["errorMessage"] = $lang_err_user_folder_read;  
250 - $default->log->debug("FOLDER PERMISSIONS: Does NOT have group read permission for folder");  
251 - return false;  
252 - }  
253 -  
254 - /**  
255 - * Checks if the current user is in the specified group using the group id  
256 - *  
257 - * @param $iGroupID Primary key of group to check  
258 - *  
259 - * @return boolean true if the user is in the group, false otherwise and sets $_SESSION["errorMessage"]  
260 - */  
261 - function userIsInGroupID($iGroupID) {  
262 - global $default, $lang_err_user_group;  
263 - $sql = $default->db;  
264 - $sQuery = "SELECT id FROM " . $default->users_groups_table . " WHERE group_id = ? AND user_id = ?";/*ok*/  
265 - $aParams = array($iGroupID, $_SESSION["userID"]);  
266 - $sql->query(array($sQuery, $aParams));  
267 - if ($sql->next_record()) {  
268 - return true;  
269 - }  
270 - $_SESSION["errorMessage"] = $lang_err_user_group . "group id = " . $iGroupID;  
271 - return false;  
272 - }  
273 -  
274 - /**  
275 - * Checks if the current user is in the specified group using the group name  
276 - *  
277 - * @param $sGroupName Name of group to check  
278 - *  
279 - * @return boolean true if the user is in the group, false otherwise and sets $_SESSION["errorMessage"]  
280 - */  
281 - function userIsInGroupName($sGroupName) {  
282 - global $default, $lang_err_user_group;  
283 - $sql = $default->db;  
284 - $sQuery = "SELECT GULT.id FROM " . $default->users_groups_table . " AS GULT INNER JOIN " . $default->groups_table . " AS G ON GULT.group_id = G.ID WHERE G.name = ? AND user_id = ?";/*ok*/  
285 - $aParams = array($sGroupName, $_SESSION["userID"]);  
286 - $sql->query(array($sQuery, $aParams));  
287 - if ($sql->next_record()) {  
288 - return true;  
289 - }  
290 - $_SESSION["errorMessage"] = $lang_err_user_group . "group name " . $sGroupName;  
291 - return false;  
292 -  
293 - }  
294 -  
295 - /**  
296 - * Check is the user is assigned a specific role that has write permission for a folder  
297 - *  
298 - * @param $iFolderID Primary key of folder to check  
299 - *  
300 - * @return boolean true is the user has the role assigned, false otherwise and set $_SESSION["errorMessage"]  
301 - */  
302 - function userHasWriteRoleForDocument($oDocument) {  
303 - global $default, $lang_err_user_role;  
304 - $sql = $default->db;  
305 - $sQuery = "SELECT FURL.id FROM $default->folders_user_roles_table AS FURL INNER JOIN $default->groups_folders_approval_table AS GFAL ON FURL.group_folder_approval_id = GFAL.id " ./*ok*/  
306 - "INNER JOIN $default->roles_table AS R ON GFAL.role_id = R.id " .  
307 - "WHERE FURL.user_id = ? " .  
308 - "AND FURL.document_id = ? " .  
309 - "AND R.can_write = ? " .  
310 - "AND R.active = ?";  
311 - $aParams = array($_SESSION["userID"], $oDocument->getID(), true, true);  
312 - $sql->query(array($sQuery, $aParams));  
313 - if ($sql->next_record()) {  
314 - return true;  
315 - }  
316 - $_SESSION["errorMessage"] = $lang_err_user_role;  
317 - return false;  
318 - }  
319 -  
320 - /**  
321 - * Check is the user is assigned a specific role that has read permission for a folder  
322 - *  
323 - * @param $iFolderID Primary key of folder to check  
324 - *  
325 - * @return boolean true is the user has the role assigned, false otherwise and set $_SESSION["errorMessage"]  
326 - */  
327 - function userHasReadRoleForDocument($oDocument) {  
328 - global $default, $lang_err_user_role;  
329 - $sql = $default->db;  
330 - $sQuery = "SELECT * FROM $default->folders_user_roles_table AS FURL INNER JOIN $default->groups_folders_approval_table AS GFAL ON FURL.group_folder_approval_id = GFAL.id " ./*ok*/  
331 - "INNER JOIN $default->roles_table AS R ON GFAL.role_id = R.id " .  
332 - "WHERE FURL.user_id = ? " .  
333 - "AND FURL.document_id = ? " .  
334 - "AND R.can_read = ?";  
335 - $aParams = array($_SESSION["userID"], $oDocument->getID(), true);  
336 - $sql->query(array($sQuery, $aParams));  
337 - if ($sql->next_record()) {  
338 - return true;  
339 - }  
340 - $_SESSION["errorMessage"] = $lang_err_user_role;  
341 - return false;  
342 - }  
343 -  
344 - /** Static functions  
345 - *  
346 - * Checks if the document is a template for a depedant document  
347 - * that the user is responsible for creating  
348 - */  
349 - function documentIsTemplateForDependantDocument($oDocument) {  
350 - global $default;  
351 - $sql = $default->db;  
352 - $sQuery = "SELECT id FROM $default->dependant_document_instance_table WHERE template_document_id = ? and user_id = ?";/*ok*/  
353 - $aParams = array($oDocument->getID(), $_SESSION["userID"]);  
354 - $sql->query(array($sQuery, $aParams));  
355 - if ($sql->next_record()) {  
356 - return true;  
357 - }  
358 - return false;  
359 - }  
360 -  
361 - /**  
362 - * Checks if a given role exists using the role primary key  
363 - *  
364 - * @param $iRoleID Primary key of role to check for  
365 - *  
366 - * @return boolean true if role exists, false otherwise and set $_SESSION["errorMessage"]  
367 - */  
368 - function roleIDExists($iRoleID) {  
369 - global $default, $lang_err_role_not_exist;  
370 - $sql = $default->db;  
371 - $sql->query(array("SELECT id FROM " . $default->roles_table . " WHERE id = ?", $iRoleID));/*ok*/  
372 - if ($sql->next_record()) {  
373 - return true;  
374 - }  
375 - $_SESSION["errorMessage"] = $lang_err_role_not_exist . $sRoleName;  
376 - return false;  
377 - }  
378 -  
379 - /**  
380 - * Checks if a given role exists using the role name  
381 - *  
382 - * @param $sRoleName Name of role to check for  
383 - *  
384 - * @return boolean true if role exists, false otherwise and set $_SESSION["errorMessage"]  
385 - */  
386 - function roleNameExists($sRoleName) {  
387 - global $default, $lang_err_role_not_exist;  
388 - $sql = $default->db;  
389 - $sql->query(array("SELECT id FROM " . $default->roles_table . " WHERE name = ?", $sRoleName));/*ok*/  
390 - if ($sql->next_record()) {  
391 - return true;  
392 - }  
393 - $_SESSION["errorMessage"] = $lang_err_role_not_exist . $sRoleName;  
394 - return false;  
395 - }  
396 -  
397 - /**  
398 - * Get the primary key for a role  
399 - *  
400 - * @param $sRoleName Name of role to get primary key for  
401 - *  
402 - * @return ID if role exists, false otherwise and set $_SESSION["errorMessage"]  
403 - */  
404 - function getRoleID($sRoleName) {  
405 - global $default, $lang_err_database;  
406 - if (roleExists($sRoleName)) {  
407 - $sql = $default->db;  
408 - $sql->query(array("SELECT id FROM " . $default->roles_table . " WHERE name = ?", $sRoleName));/*ok*/  
409 - $sql->next_record();  
410 - return $sql->f("id");  
411 - }  
412 - $_SESSION["errorMessage"] = $lang_err_database;  
413 - return false; 95 + return KTPermissionUtil::userHasPermissionOnItem($oUser,
  96 + $oPermission, $oFolder);
414 } 97 }
415 98
416 /** 99 /**
@@ -455,28 +138,6 @@ class Permission { @@ -455,28 +138,6 @@ class Permission {
455 } 138 }
456 139
457 /** 140 /**
458 - * Checks if the current user is a unit administrator  
459 - *  
460 - * @return boolean true if the user is the unit administrator for the unit to which the folder belongs, false otherwise  
461 - */  
462 - function userIsUnitAdministratorForFolder($oFolder) {  
463 - global $default;  
464 - $sql = $default->db;  
465 -  
466 - $sQuery = "SELECT * " ./*ok*/  
467 - "FROM $default->groups_folders_table AS GFL INNER JOIN $default->folders_table AS F ON GFL.folder_id = F.id " .  
468 - "INNER JOIN $default->groups_units_table AS GUL ON GUL.unit_id = F.unit_id " .  
469 - "INNER JOIN $default->groups_table AS GL ON GUL.group_id = GL.id " .  
470 - "INNER JOIN $default->users_groups_table AS UGL ON UGL.group_id = GL.id " .  
471 - "WHERE GL.is_unit_admin = ? " .  
472 - "AND GFL.folder_id = ? " .  
473 - "AND UGL.user_id = ?";  
474 - $aParams = array(true, $oFolder->getID(), $_SESSION["userID"]);  
475 - $sql->query(array($sQuery, $aParams));  
476 - return $sql->next_record();  
477 - }  
478 -  
479 - /**  
480 * Checks if the current user is a guest user 141 * Checks if the current user is a guest user
481 * 142 *
482 * @return boolean true if the user is in the Anonymous group, else false 143 * @return boolean true if the user is in the Anonymous group, else false
@@ -494,107 +155,6 @@ class Permission { @@ -494,107 +155,6 @@ class Permission {
494 "AND UGL.user_id = ?", $iUserID)); 155 "AND UGL.user_id = ?", $iUserID));
495 return $sql->next_record(); 156 return $sql->next_record();
496 } 157 }
497 -  
498 - function updateSearchPermissionsForDocument($iDocumentID) {  
499 - global $default;  
500 -  
501 - $sql = $default->db;  
502 -  
503 - $aDeleteCurrent = array("DELETE FROM $default->search_permissions_table WHERE document_id = ?", $iDocumentID);  
504 - $res = DBUtil::runQuery($aDeleteCurrent);  
505 - if (PEAR::isError($res)) {  
506 - $default->log->error("Unable to delete existing permissions for document: " . $res->toString());  
507 - // XXX: Carry on regardless...  
508 - }  
509 -  
510 - // group permissions  
511 - $sGroupPerms = array("INSERT INTO $default->search_permissions_table (user_id, document_id) " .  
512 - "SELECT UGL.user_id AS user_id, D.id AS document_id " ./*ok*/  
513 - "FROM $default->documents_table AS D INNER JOIN folders AS F ON D.folder_id = F.id " .  
514 - "INNER JOIN $default->groups_folders_table AS GFL ON GFL.folder_id = F.permission_folder_id " .  
515 - "INNER JOIN $default->users_groups_table AS UGL ON UGL.group_id = GFL.group_id " .  
516 - "WHERE D.id = ?", $iDocumentID);  
517 - $default->log->debug("addDocument groupPerms=$sGroupPerms");  
518 - if ($sql->query($sGroupPerms)) {  
519 - $default->log->debug("groupPerms succeeded");  
520 - } else {  
521 - $default->log->error("groupPerms failed");  
522 - }  
523 - // role permissions  
524 - $sRolePerms = array("INSERT INTO $default->search_permissions_table (user_id, document_id) " .  
525 - "SELECT user_id, document_id " ./*ok*/  
526 - "FROM $default->folders_user_roles_table " .  
527 - "WHERE document_id = ?", $iDocumentID);  
528 - $default->log->info("addDocument rolePerms=$sRolePerms");  
529 - if ($sql->query($sRolePerms)) {  
530 - $default->log->debug("rolePerms succeeded");  
531 - } else {  
532 - $default->log->error("rolePerms failed");  
533 - }  
534 -  
535 -  
536 - // creator permissions  
537 - $sCreatorPerms = array("INSERT INTO $default->search_permissions_table (user_id, document_id) " .  
538 - "SELECT creator_id, id " ./*ok*/  
539 - "FROM $default->documents_table " .  
540 - "WHERE id = ?", $iDocumentID);  
541 - $default->log->debug("addDocument creatorPerms=$sCreatorPerms");  
542 - if ($sql->query($sCreatorPerms)) {  
543 - $default->log->debug("creatorPerms succeeded");  
544 - } else {  
545 - $default->log->error("creatorPerms failed");  
546 - }  
547 - }  
548 -  
549 - function updateSearchPermissionsForUser($iUserID) {  
550 - global $default;  
551 -  
552 - $sql = $default->db;  
553 -  
554 - $aDeleteCurrent = array("DELETE FROM $default->search_permissions_table WHERE user_id = ?", $iUserID);  
555 - $res = DBUtil::runQuery($aDeleteCurrent);  
556 - if (PEAR::isError($res)) {  
557 - $default->log->error("Unable to delete existing permissions for user: " . $res->toString());  
558 - // XXX: Carry on regardless...  
559 - }  
560 -  
561 - // group permissions  
562 - $sGroupPerms = array("INSERT INTO $default->search_permissions_table (user_id, document_id) " .  
563 - "SELECT UGL.user_id AS user_id, D.id AS document_id " ./*ok*/  
564 - "FROM $default->documents_table AS D INNER JOIN folders AS F ON D.folder_id = F.id " .  
565 - "INNER JOIN $default->groups_folders_table AS GFL ON GFL.folder_id = F.permission_folder_id " .  
566 - "INNER JOIN $default->users_groups_table AS UGL ON UGL.group_id = GFL.group_id " .  
567 - "WHERE UGL.user_id = ?", $iUserID);  
568 - if ($sql->query($sGroupPerms)) {  
569 - $default->log->debug("groupPerms succeeded");  
570 - } else {  
571 - $default->log->error("groupPerms failed");  
572 - }  
573 - // role permissions  
574 - $sRolePerms = array("INSERT INTO $default->search_permissions_table (user_id, document_id) " .  
575 - "SELECT user_id, document_id " ./*ok*/  
576 - "FROM $default->folders_user_roles_table " .  
577 - "WHERE user_id = ?", $iUserID);  
578 - $default->log->info("addDocument rolePerms=$sRolePerms");  
579 - if ($sql->query($sRolePerms)) {  
580 - $default->log->debug("rolePerms succeeded");  
581 - } else {  
582 - $default->log->error("rolePerms failed");  
583 - }  
584 -  
585 -  
586 - // creator permissions  
587 - $sCreatorPerms = array("INSERT INTO $default->search_permissions_table (user_id, document_id) " .  
588 - "SELECT creator_id, id " ./*ok*/  
589 - "FROM $default->documents_table " .  
590 - "WHERE creator_id = ?", $iUserID);  
591 - $default->log->debug("addDocument creatorPerms=$sCreatorPerms");  
592 - if ($sql->query($sCreatorPerms)) {  
593 - $default->log->debug("creatorPerms succeeded");  
594 - } else {  
595 - $default->log->error("creatorPerms failed");  
596 - }  
597 - }  
598 } 158 }
599 159
600 ?> 160 ?>