Peter M. Groen / knowledgetree

Commit 6e85fb5407e7858bb03a397031b342e4e25ade3c

Authored by nbm
1 parent d4e85bae

Add support for arbitrary permissions (not just read and write). 

Documentation of the new system in docs/Permission.txt


git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@3500 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 7 changed files with 760 additions and 0 deletions
lib/permissions/permission.inc.php 0 → 100644
  View file @6e85fb5
  1 +<?php
  2 +
  3 +require_once(KT_LIB_DIR . "/ktentity.inc");
  4 +
  5 +class KTPermission extends KTEntity {
  6 + /** primary key */
  7 + var $iId = -1;
  8 + /** help file name */
  9 + var $sName;
  10 + /** help file name */
  11 + var $sHumanName;
  12 + /** whether it's built into KT */
  13 + var $bBuiltIn = false;
  14 +
  15 + var $_aFieldToSelect = array(
  16 + "iId" => "id",
  17 + "sName" => "name",
  18 + "sHumanName" => "human_name",
  19 + "bBuiltIn" => "built_in",
  20 + );
  21 +
  22 + var $_bUsePearError = true;
  23 +
  24 + function getID() { return $this->iId; }
  25 + function getName() { return $this->sName; }
  26 + function getHumanName() { return $this->sHumanName; }
  27 + function getBuiltIn() { return $this->bBuiltIn; }
  28 + function setID($iId) { $this->iId = $iId; }
  29 + function setName($sName) { $this->sName = $sName; }
  30 + function setHumanName($sHumanName) { $this->sHumanName = $sHumanName; }
  31 + function setBuiltIn($sBuiltIn) { $this->sBuiltIn = $sBuiltIn; }
  32 +
  33 + function _table () {
  34 + global $default;
  35 + return $default->permissions_table;
  36 + }
  37 +
  38 + // STATIC
  39 + function &get($iId) {
  40 + return KTEntityUtil::get('KTPermission', $iId);
  41 + }
  42 +
  43 + // STATIC
  44 + function &createFromArray($aOptions) {
  45 + return KTEntityUtil::createFromArray('KTPermission', $aOptions);
  46 + }
  47 +
  48 + // STATIC
  49 + function &getList($sWhereClause = null) {
  50 + global $default;
  51 + return KTEntityUtil::getList($default->permissions_table, 'KTPermission', $sWhereClause);
  52 + }
  53 +
  54 + // STATIC
  55 + function &getByName($sName) {
  56 + return KTEntityUtil::getBy('KTPermission', 'name', $sName);
  57 + }
  58 +}
  59 +
  60 +?>
... ...
lib/permissions/permissionassignment.inc.php 0 → 100644
  View file @6e85fb5
  1 +<?php
  2 +
  3 +require_once(KT_LIB_DIR . "/ktentity.inc");
  4 +
  5 +class KTPermissionAssignment extends KTEntity {
  6 + /** primary key */
  7 + var $iId = -1;
  8 +
  9 + var $iPermissionID;
  10 + var $iPermissionObjectID;
  11 + var $iPermissionDescriptorID;
  12 +
  13 + var $_aFieldToSelect = array(
  14 + "iId" => "id",
  15 + "iPermissionID" => "permission_id",
  16 + "iPermissionObjectID" => "permission_object_id",
  17 + "iPermissionDescriptorID" => "permission_descriptor_id",
  18 + );
  19 +
  20 + var $_bUsePearError = true;
  21 +
  22 + function getID() { return $this->iId; }
  23 + function setID($iId) { $this->iId = $iId; }
  24 + function getPermissionID() { return $this->iPermissionID; }
  25 + function setPermissionID($iPermissionID) { $this->iPermissionID = $iPermissionID; }
  26 + function getPermissionObjectID() { return $this->iPermissionObjectID; }
  27 + function setPermissionObjectID($iPermissionObjectID) { $this->iPermissionObjectID = $iPermissionObjectID; }
  28 + function getPermissionDescriptorID() { return $this->iPermissionDescriptorID; }
  29 + function setPermissionDescriptorID($iPermissionDescriptorID) { $this->iPermissionDescriptorID = $iPermissionDescriptorID; }
  30 +
  31 + function _table () {
  32 + global $default;
  33 + return $default->permission_assignments_table;
  34 + }
  35 +
  36 + // STATIC
  37 + function &get($iId) {
  38 + return KTEntityUtil::get('KTPermissionAssignment', $iId);
  39 + }
  40 +
  41 + // STATIC
  42 + function &createFromArray($aOptions) {
  43 + return KTEntityUtil::createFromArray('KTPermissionAssignment', $aOptions);
  44 + }
  45 +
  46 + // STATIC
  47 + function &getList($sWhereClause = null) {
  48 + global $default;
  49 + return KTEntityUtil::getList($default->permission_assignments_table, 'KTPermissionAssignment', $sWhereClause);
  50 + }
  51 +
  52 + function &getByPermissionAndObject($oPermission, $oObject) {
  53 + return KTEntityUtil::getByDict('KTPermissionAssignment', array(
  54 + 'permission_id' => $oPermission->getId(),
  55 + 'permission_object_id' => $oObject->getId(),
  56 + ));
  57 + }
  58 +
  59 + function &getByObjectMulti($oObject) {
  60 + return KTEntityUtil::getByDict('KTPermissionAssignment', array(
  61 + 'permission_object_id' => $oObject->getId(),
  62 + ), array('multi' => true));
  63 + }
  64 +}
  65 +
  66 +?>
... ...
lib/permissions/permissiondescriptor.inc.php 0 → 100644
  View file @6e85fb5
  1 +<?php
  2 +
  3 +require_once(KT_LIB_DIR . "/ktentity.inc");
  4 +
  5 +class KTPermissionDescriptor extends KTEntity {
  6 + /** primary key */
  7 + var $iId = -1;
  8 +
  9 + var $_aFieldToSelect = array(
  10 + "iId" => "id",
  11 + "sDescriptor" => "descriptor",
  12 + "sDescriptorText" => "descriptor_text",
  13 + );
  14 +
  15 + var $_bUsePearError = true;
  16 +
  17 + function getID() { return $this->iId; }
  18 + function setID($iId) { $this->iId = $iId; }
  19 + function getDescriptor() { return $this->sDescriptor; }
  20 + function setDescriptor($sDescriptor) { $this->sDescriptor = $sDescriptor; }
  21 + function getDescriptorText() { return $this->sDescriptorText; }
  22 + function setDescriptorText($sDescriptorText) { $this->sDescriptorText = $sDescriptorText; }
  23 +
  24 + function _table () {
  25 + global $default;
  26 + return $default->permission_descriptors_table;
  27 + }
  28 +
  29 + function create() {
  30 + if (empty($this->sDescriptor)) {
  31 + $this->sDescriptor = md5($this->sDescriptorText);
  32 + }
  33 + return parent::create();
  34 + }
  35 +
  36 + function update() {
  37 + if (empty($this->sDescriptor)) {
  38 + $this->sDescriptor = md5($this->sDescriptorText);
  39 + }
  40 + return parent::update();
  41 + }
  42 +
  43 + // STATIC
  44 + function &get($iId) {
  45 + return KTEntityUtil::get('KTPermissionDescriptor', $iId);
  46 + }
  47 +
  48 + // STATIC
  49 + function &createFromArray($aOptions) {
  50 + return KTEntityUtil::createFromArray('KTPermissionDescriptor', $aOptions);
  51 + }
  52 +
  53 + // STATIC
  54 + function &getList($sWhereClause = null) {
  55 + global $default;
  56 + return KTEntityUtil::getList($default->permission_objects_table, 'KTPermissionDescriptor', $sWhereClause);
  57 + }
  58 +
  59 + // STATIC
  60 + function &getByDescriptor($sDescriptor) {
  61 + return KTEntityUtil::getBy('KTPermissionDescriptor', 'descriptor', $sDescriptor);
  62 + }
  63 +
  64 + function saveAllowed($aAllowed) {
  65 + foreach ($aAllowed as $k => $aIDs) {
  66 + if ($k === "group") {
  67 + $this->_clearGroups();
  68 + foreach ($aIDs as $iID) {
  69 + $this->_addGroup($iID);
  70 + }
  71 + }
  72 + }
  73 + }
  74 +
  75 + function _clearGroups() {
  76 + global $default;
  77 + $sQuery = "DELETE FROM $default->permission_descriptor_groups_table WHERE descriptor_id = ?";
  78 + $aParams = array($this->getID());
  79 + $res = DBUtil::runQuery(array($sQuery, $aParams));
  80 + return $res;
  81 + }
  82 +
  83 + function _addGroup($iID) {
  84 + global $default;
  85 + $sQuery = "INSERT INTO $default->permission_descriptor_groups_table (descriptor_id, group_id) VALUES (?, ?)";
  86 + $aParams = array($this->getID(), $iID);
  87 + $res = DBUtil::runQuery(array($sQuery, $aParams));
  88 + return $res;
  89 + }
  90 +
  91 + function hasGroups($aGroups) {
  92 + global $default;
  93 + $aGroupIDs = array();
  94 + foreach ($aGroups as $oGroup) {
  95 + $aGroupIDs[] = $oGroup->getID();
  96 + }
  97 + $sGroupIDs = DBUtil::paramArray($aGroupIDs);
  98 + $sQuery = "SELECT COUNT(group_id) AS num FROM $default->permission_descriptor_groups_table
  99 + WHERE descriptor_id = ? AND group_id IN ($sGroupIDs)";
  100 + $aParams = array($this->getID());
  101 + $aParams = array_merge($aParams, $aGroupIDs);
  102 + $res = DBUtil::getOneResultKey(array($sQuery, $aParams), 'num');
  103 + if (PEAR::isError($res)) {
  104 + return $res;
  105 + }
  106 + if ((int)$res === 0) {
  107 + return false;
  108 + }
  109 + return true;
  110 + }
  111 +
  112 + function getGroups() {
  113 + global $default;
  114 + $sQuery = "SELECT group_id FROM $default->permission_descriptor_groups_table WHERE descriptor_id = ?";
  115 + $aParams = array($this->getID());
  116 + return DBUtil::getResultArrayKey(array($sQuery, $aParams), 'group_id');
  117 + }
  118 +
  119 + function &getByGroup($oGroup) {
  120 + global $default;
  121 + $sQuery = "SELECT descriptor_id FROM $default->permission_descriptor_groups_table WHERE group_id = ?";
  122 + $aParams = array($oGroup->getID());
  123 + $aIDs = DBUtil::getResultArrayKey(array($sQuery, $aParams), 'descriptor_id');
  124 + $aRet = array();
  125 + foreach ($aIDs as $iID) {
  126 + $aRet[] =& KTPermissionDescriptor::get($iID);
  127 + }
  128 + return $aRet;
  129 + }
  130 +
  131 + function &getByGroups($aGroups) {
  132 + global $default;
  133 + $aGroupIDs = array();
  134 + foreach ($aGroups as $oGroup) {
  135 + $aGroupIDs[] = $oGroup->getID();
  136 + }
  137 + $sGroupIDs = DBUtil::paramArray($aGroupIDs);
  138 + $sQuery = "SELECT DISTINCT descriptor_id FROM $default->permission_descriptor_groups_table WHERE group_id IN ( $sGroupIDs )";
  139 + $aParams = $aGroupIDs;
  140 + $aIDs = DBUtil::getResultArrayKey(array($sQuery, $aParams), 'descriptor_id');
  141 + $aRet = array();
  142 + foreach ($aIDs as $iID) {
  143 + $aRet[] =& KTPermissionDescriptor::get($iID);
  144 + }
  145 + return $aRet;
  146 + }
  147 +}
  148 +
  149 +?>
... ...
lib/permissions/permissionlookup.inc.php 0 → 100644
  View file @6e85fb5
  1 +<?php
  2 +
  3 +require_once(KT_LIB_DIR . "/ktentity.inc");
  4 +
  5 +class KTPermissionLookup extends KTEntity {
  6 + /** primary key */
  7 + var $iId = -1;
  8 +
  9 + var $_aFieldToSelect = array(
  10 + "iId" => "id",
  11 + );
  12 +
  13 + var $_bUsePearError = true;
  14 +
  15 + function getID() { return $this->iId; }
  16 + function setID($iId) { $this->iId = $iId; }
  17 +
  18 + function _table () {
  19 + global $default;
  20 + return $default->permission_lookups_table;
  21 + }
  22 +
  23 + // STATIC
  24 + function &get($iId) {
  25 + return KTEntityUtil::get('KTPermissionLookup', $iId);
  26 + }
  27 +
  28 + // STATIC
  29 + function &createFromArray($aOptions) {
  30 + return KTEntityUtil::createFromArray('KTPermissionLookup', $aOptions);
  31 + }
  32 +
  33 + // STATIC
  34 + function &getList($sWhereClause = null) {
  35 + global $default;
  36 + return KTEntityUtil::getList($default->permission_lookups_table, 'KTPermissionLookup', $sWhereClause);
  37 + }
  38 +}
  39 +
  40 +?>
... ...
lib/permissions/permissionlookupassignment.inc.php 0 → 100644
  View file @6e85fb5
  1 +<?php
  2 +
  3 +require_once(KT_LIB_DIR . "/ktentity.inc");
  4 +
  5 +class KTPermissionLookupAssignment extends KTEntity {
  6 + /** primary key */
  7 + var $iId = -1;
  8 +
  9 + var $iPermissionID;
  10 + var $iPermissionLookupID;
  11 + var $iPermissionDescriptorID;
  12 +
  13 + var $_aFieldToSelect = array(
  14 + "iId" => "id",
  15 + "iPermissionID" => "permission_id",
  16 + "iPermissionLookupID" => "permission_lookup_id",
  17 + "iPermissionDescriptorID" => "permission_descriptor_id",
  18 + );
  19 +
  20 + var $_bUsePearError = true;
  21 +
  22 + function getID() { return $this->iId; }
  23 + function setID($iId) { $this->iId = $iId; }
  24 + function getPermissionID() { return $this->iPermissionID; }
  25 + function setPermissionID($iPermissionID) { $this->iPermissionID = $iPermissionID; }
  26 + function getPermissionLookupID() { return $this->iPermissionLookupID; }
  27 + function setPermissionLookupID($iPermissionLookupID) { $this->iPermissionLookupID = $iPermissionLookupID; }
  28 + function getPermissionDescriptorID() { return $this->iPermissionDescriptorID; }
  29 + function setPermissionDescriptorID($iPermissionDescriptorID) { $this->iPermissionDescriptorID = $iPermissionDescriptorID; }
  30 +
  31 + function _table () {
  32 + global $default;
  33 + return $default->permission_lookup_assignments_table;
  34 + }
  35 +
  36 + // STATIC
  37 + function &get($iId) {
  38 + return KTEntityUtil::get('KTPermissionLookupAssignment', $iId);
  39 + }
  40 +
  41 + // STATIC
  42 + function &createFromArray($aOptions) {
  43 + return KTEntityUtil::createFromArray('KTPermissionLookupAssignment', $aOptions);
  44 + }
  45 +
  46 + // STATIC
  47 + function &getList($sWhereClause = null) {
  48 + global $default;
  49 + return KTEntityUtil::getList2('KTPermissionLookupAssignment', $sWhereClause);
  50 + }
  51 +
  52 + function &getByPermissionAndDescriptor($oPermission, $oDescriptor) {
  53 + return KTEntityUtil::getByDict('KTPermissionLookupAssignment', array(
  54 + 'permission_id' => $oPermission->getId(),
  55 + 'permission_descriptor_id' => $oDescriptor->getId(),
  56 + ), array('multi' => true));
  57 + }
  58 +
  59 + function &getByPermissionAndLookup($oPermission, $oLookup) {
  60 + return KTEntityUtil::getByDict('KTPermissionLookupAssignment', array(
  61 + 'permission_id' => $oPermission->getId(),
  62 + 'permission_lookup_id' => $oLookup->getId(),
  63 + ));
  64 + }
  65 +
  66 + function &_getLookupIDsByPermissionIDAndDescriptorID($iPermissionID, $iDescriptorID) {
  67 + return KTEntityUtil::getByDict('KTPermissionLookupAssignment', array(
  68 + 'permission_id' => $iPermissionID,
  69 + 'permission_descriptor_id' => $iDescriptorID,
  70 + ), array('multi' => true, 'ids' => true, 'idfield' => 'permission_lookup_id'));
  71 + }
  72 +
  73 + function &findOrCreateLookupByPermissionDescriptorMap($aMapPermDesc) {
  74 + $aOptions = array();
  75 + foreach ($aMapPermDesc as $iPermissionID => $iDescriptorID) {
  76 + $aThisOptions = array();
  77 + foreach (KTPermissionLookupAssignment::_getLookupIDsByPermissionIDAndDescriptorID($iPermissionID, $iDescriptorID) as $iPLID) {
  78 + $aThisOptions[] = $iPLID;
  79 + }
  80 + $aOptions[] = $aThisOptions;
  81 + }
  82 + $aPLIDs = call_user_func_array('array_intersect', $aOptions);
  83 + if (empty($aPLIDs)) {
  84 + $oPL = KTPermissionLookup::createFromArray(array());
  85 + $iPLID = $oPL->getID();
  86 + foreach ($aMapPermDesc as $iPermissionID => $iDescriptorID) {
  87 + $res = KTPermissionLookupAssignment::createFromArray(array(
  88 + 'permissionlookupid' => $iPLID,
  89 + 'permissionid' => $iPermissionID,
  90 + 'permissiondescriptorid' => $iDescriptorID,
  91 + ));
  92 + }
  93 + return $oPL;
  94 + }
  95 + sort($aPLIDs);
  96 + $res = KTPermissionLookup::get($aPLIDs[0]);
  97 + return $res;
  98 + }
  99 +
  100 +
  101 +}
  102 +
  103 +?>
... ...
lib/permissions/permissionobject.inc.php 0 → 100644
  View file @6e85fb5
  1 +<?php
  2 +
  3 +require_once(KT_LIB_DIR . "/ktentity.inc");
  4 +
  5 +class KTPermissionObject extends KTEntity {
  6 + /** primary key */
  7 + var $iId = -1;
  8 +
  9 + var $_aFieldToSelect = array(
  10 + "iId" => "id",
  11 + );
  12 +
  13 + var $_bUsePearError = true;
  14 +
  15 + function getID() { return $this->iId; }
  16 + function setID($iId) { $this->iId = $iId; }
  17 +
  18 + function _table () {
  19 + global $default;
  20 + return $default->permission_objects_table;
  21 + }
  22 +
  23 + // STATIC
  24 + function &get($iId) {
  25 + return KTEntityUtil::get('KTPermissionObject', $iId);
  26 + }
  27 +
  28 + // STATIC
  29 + function &createFromArray($aOptions) {
  30 + return KTEntityUtil::createFromArray('KTPermissionObject', $aOptions);
  31 + }
  32 +
  33 + // STATIC
  34 + function &getList($sWhereClause = null) {
  35 + global $default;
  36 + return KTEntityUtil::getList($default->permission_objects_table, 'KTPermissionObject', $sWhereClause);
  37 + }
  38 +}
  39 +
  40 +?>
... ...
lib/permissions/permissionutil.inc.php 0 → 100644
  View file @6e85fb5
  1 +<?php
  2 +
  3 +require_once(KT_LIB_DIR . "/documentmanagement/Document.inc");
  4 +require_once(KT_LIB_DIR . "/foldermanagement/Folder.inc");
  5 +require_once(KT_LIB_DIR . "/permissions/permission.inc.php");
  6 +require_once(KT_LIB_DIR . "/permissions/permissionassignment.inc.php");
  7 +require_once(KT_LIB_DIR . "/permissions/permissiondescriptor.inc.php");
  8 +require_once(KT_LIB_DIR . "/permissions/permissionlookup.inc.php");
  9 +require_once(KT_LIB_DIR . "/permissions/permissionlookupassignment.inc.php");
  10 +require_once(KT_LIB_DIR . "/permissions/permissionobject.inc.php");
  11 +require_once(KT_LIB_DIR . "/groups/GroupUtil.php");
  12 +
  13 +class KTPermissionUtil {
  14 + function generateDescriptor ($aAllowed) {
  15 + $aAllowedSort = array();
  16 + // PHP5: clone
  17 + $aTmp = $aAllowed;
  18 + ksort($aTmp);
  19 + $sOutput = "";
  20 + foreach ($aTmp as $k => $v) {
  21 + if (empty($v)) {
  22 + continue;
  23 + }
  24 + $v = array_unique($v);
  25 + $sOutput .= "$k(";
  26 + sort($v);
  27 + $sOutput .= join(",", $v);
  28 + $sOutput .= ")";
  29 + }
  30 +
  31 + return $sOutput;
  32 + }
  33 +
  34 + function getOrCreateDescriptor ($aAllowed) {
  35 + $sDescriptor = KTPermissionUtil::generateDescriptor($aAllowed);
  36 + $oDescriptor =& KTPermissionDescriptor::getByDescriptor(md5($sDescriptor));
  37 + if (PEAR::isError($oDescriptor)) {
  38 + $oDescriptor =& KTPermissionDescriptor::createFromArray(array(
  39 + "descriptortext" => $sDescriptor,
  40 + ));
  41 + $oDescriptor->saveAllowed($aAllowed);
  42 + }
  43 + return $oDescriptor;
  44 + }
  45 +
  46 + function getOrCreateAssignment ($sPermission, $iObjectID) {
  47 + if (is_string($sPermission)) {
  48 + $oPermission =& KTPermission::getByName($sPermission);
  49 + } else {
  50 + $oPermission =& $sPermission;
  51 + }
  52 + if (is_numeric($iObjectID)) {
  53 + $oObject =& KTPermissionObject::get($iObjectID);
  54 + } else {
  55 + $oObject =& $iObjectID;
  56 + }
  57 + $oPA = KTPermissionAssignment::getByPermissionAndObject($oPermission, $oObject);
  58 + if (PEAR::isError($oPA)) {
  59 + $oPA = KTPermissionAssignment::createFromArray(array(
  60 + 'permissionid' => $oPermission->getID(),
  61 + 'permissionobjectid' => $oObject->getID(),
  62 + ));
  63 + }
  64 + return $oPA;
  65 + }
  66 +
  67 + function setPermissionForID($sPermission, $iObjectID, $aAllowed) {
  68 + $oPermissionAssignment = KTPermissionUtil::getOrCreateAssignment($sPermission, $iObjectID);
  69 + $oDescriptor = KTPermissionUtil::getOrCreateDescriptor($aAllowed);
  70 + $oPermissionAssignment->setPermissionDescriptorID($oDescriptor->getID());
  71 + $oPermissionAssignment->update();
  72 + }
  73 +
  74 + // {{{ updatePermissionLookupForPO
  75 + /**
  76 + * Updates permission lookups for all objects of a certain
  77 + * permission object.
  78 + *
  79 + * It may be that you don't have or want to have the root item for a
  80 + * permission object that you do have and have updates - then use
  81 + * this.
  82 + */
  83 + function updatePermissionLookupForPO($oPO) {
  84 + $sWhere = 'permission_object_id = ?';
  85 + $aParams = array($oPO->getID());
  86 + $aFolders =& Folder::getList(array($sWhere, $aParams));
  87 + foreach ($aFolders as $oFolder) {
  88 + KTPermissionUtil::updatePermissionLookup($oFolder);
  89 + }
  90 + $aDocuments =& Document::getList(array($sWhere, $aParams));
  91 + foreach ($aDocuments as $oDocument) {
  92 + KTPermissionUtil::updatePermissionLookup($oDocument);
  93 + }
  94 + }
  95 + // }}}
  96 +
  97 +
  98 + // {{{ updatePermissionLookupRecursive
  99 + /**
  100 + * Updates permission lookups for this folder and any ancestors, but
  101 + * only if they use the same permission object.
  102 + *
  103 + * To be used any time a folder permission object is changed.
  104 + */
  105 + function updatePermissionLookupRecursive($oDocumentOrFolder) {
  106 + if (is_a($oDocumentOrFolder, 'Document')) {
  107 + // XXX: metadata versions may need attention here
  108 + KTPermissionUtil::updatePermissionLookup($oDocumentOrFolder);
  109 + return;
  110 + }
  111 +
  112 + $iFolderID = $oDocumentOrFolder->getID();
  113 + $sFolderIDs = Folder::generateFolderIDs($iFolderID);
  114 + $sFolderIDs .= '%';
  115 +
  116 + $sWhere = 'permission_object_id = ? AND parent_folder_ids LIKE ?';
  117 + $aParams = array($oDocumentOrFolder->getPermissionObjectID(), $sFolderIDs);
  118 +
  119 + $aFolders =& Folder::getList(array($sWhere, $aParams));
  120 + foreach ($aFolders as $oFolder) {
  121 + KTPermissionUtil::updatePermissionLookup($oFolder);
  122 + }
  123 +
  124 + $aDocuments =& Document::getList(array($sWhere, $aParams));
  125 + foreach ($aDocuments as $oDocument) {
  126 + KTPermissionUtil::updatePermissionLookup($oDocument);
  127 + }
  128 + }
  129 + // }}}
  130 +
  131 + // {{{ updatePermissionLookup
  132 + /**
  133 + * Update's the permission lookup on one folder or document,
  134 + * non-recursively.
  135 + */
  136 + function updatePermissionLookup($oFolderOrDocument) {
  137 + $oPO = KTPermissionObject::get($oFolderOrDocument->getPermissionObjectID());
  138 + $aPAs = KTPermissionAssignment::getByObjectMulti($oPO);
  139 + $aMapPermDesc = array();
  140 + foreach ($aPAs as $oPA) {
  141 + $oPD = KTPermissionDescriptor::get($oPA->getPermissionDescriptorID());
  142 + $aGroupIDs = $oPD->getGroups();
  143 + $aUserIDs = array();
  144 + $aAllowed = array(
  145 + "group" => $aGroupIDs,
  146 + "user" => $aUserIDs,
  147 + );
  148 + $oLookupPD = KTPermissionUtil::getOrCreateDescriptor($aAllowed);
  149 + $aMapPermDesc[$oPA->getPermissionID()] = $oLookupPD->getID();
  150 + }
  151 +
  152 + $oPL = KTPermissionLookupAssignment::findOrCreateLookupByPermissionDescriptorMap($aMapPermDesc);
  153 + $oFolderOrDocument->setPermissionLookupID($oPL->getID());
  154 + $oFolderOrDocument->update();
  155 + }
  156 + // }}}
  157 +
  158 + function userHasPermissionOnItem($oUser, $oPermission, $oFolderOrDocument) {
  159 + $oPL = KTPermissionLookup::get($oFolderOrDocument->getPermissionLookupID());
  160 + $oPLA = KTPermissionLookupAssignment::getByPermissionAndLookup($oPermission, $oPL);
  161 + if (PEAR::isError($oPLA)) {
  162 + print $oPL->getID();
  163 + return false;
  164 + }
  165 + $oPD = KTPermissionDescriptor::get($oPLA->getPermissionDescriptorID());
  166 + $aGroups = GroupUtil::listGroupsForUser($oUser);
  167 + return $oPD->hasGroups($aGroups);
  168 + }
  169 +
  170 + function findRootObjectForPermissionObject($oPO) {
  171 + global $default;
  172 + /*
  173 + * If there are any folders with the permission object, then it
  174 + * is set by _a_ folder. All folders found will have a common
  175 + * ancestor folder, which will be the one with:
  176 + *
  177 + * Potential hack: The shortest parent_folder_ids
  178 + *
  179 + * Potential non-hack: Choose random folder, check parent for
  180 + * permission object recurringly until it changes. Last success
  181 + * is the ancestor parent...
  182 + */
  183 + $sQuery = "SELECT id FROM $default->folders_table WHERE permission_object_id = ? ORDER BY LENGTH(parent_folder_ids) LIMIT 1";
  184 + $aParams = array($oPO->getID());
  185 + $res = DBUtil::getResultArrayKey(array($sQuery, $aParams), 'id');
  186 + if (is_array($res)) {
  187 + return Folder::get($res[0]);
  188 + }
  189 + return false;
  190 + }
  191 +
  192 + function copyPermissionObject(&$oDocumentOrFolder) {
  193 + global $default;
  194 + $oOrigPO = KTPermissionObject::get($oDocumentOrFolder->getPermissionObjectID());
  195 + $aOrigPAs =& KTPermissionAssignment::getByObjectMulti($oOrigPO);
  196 + $oNewPO = KTPermissionObject::createFromArray(array());
  197 + foreach ($aOrigPAs as $oOrigPA) {
  198 + $oNewPA = KTPermissionAssignment::createFromArray(array(
  199 + 'permissionid' => $oOrigPA->getPermissionID(),
  200 + 'permissionobjectid' => $oNewPO->getID(),
  201 + 'permissiondescriptorid' => $oOrigPA->getPermissionDescriptorID(),
  202 + ));
  203 + }
  204 + $oDocumentOrFolder->setPermissionObjectID($oNewPO->getID());
  205 + $oDocumentOrFolder->update();
  206 +
  207 + if (!is_a($oDocumentOrFolder, 'Folder')) {
  208 + KTPermissionUtil::updatePermissionLookup($oDocumentOrFolder);
  209 + return;
  210 + }
  211 +
  212 + // For a folder - update permission object for all folders and
  213 + // documents under this current folder if they're using the old
  214 + // permission object id. If they are, then they're getting the
  215 + // permission object via this folder. If they are not, then
  216 + // they have their own permission object management, and thus
  217 + // this folder has no effect on their permissions.
  218 +
  219 + $iFolderID = $oDocumentOrFolder->getID();
  220 + $sFolderIDs = Folder::generateFolderIDs($iFolderID);
  221 + $sFolderIDs .= '%';
  222 + $sQuery = "UPDATE $default->folders_table SET
  223 + permission_object_id = ? WHERE permission_object_id = ? AND
  224 + parent_folder_ids LIKE ?";
  225 + $aParams = array($oNewPO->getID(), $oOrigPO->getID(), $sFolderIDs);
  226 + DBUtil::runQuery(array($sQuery, $aParams));
  227 +
  228 + $sQuery = "UPDATE $default->documents_table SET
  229 + permission_object_id = ? WHERE permission_object_id = ? AND
  230 + parent_folder_ids LIKE ?";
  231 + DBUtil::runQuery(array($sQuery, $aParams));
  232 +
  233 + // All objects using this PO must be new and must need their
  234 + // lookups updated...
  235 + KTPermissionUtil::updatePermissionLookupForPO($oNewPO);
  236 + }
  237 +
  238 + function isPermissionOwner(&$oDocumentOrFolder) {
  239 + $oPermissionObject = KTPermissionObject::get($oDocumentOrFolder->getPermissionObjectID());
  240 + $oParentObject = KTPermissionUtil::findRootObjectForPermissionObject($oPermissionObject);
  241 +
  242 + // Documents might be permission owner, but then they'd be the
  243 + // only users of that permission object.
  244 + if (is_a($oParentObject, 'Document')) {
  245 + return true;
  246 + }
  247 +
  248 + // If you're a document and your permission owner isn't a
  249 + // document, that means it's some ancestor, and thus not you.
  250 + if (is_a($oDocumentOrFolder, 'Document')) {
  251 + return false;
  252 + }
  253 +
  254 + // We're dealing with folders, so just compare IDs...
  255 + if ($oDocumentOrFolder->getID() == $oParentObject->getID()) {
  256 + return true;
  257 + }
  258 + return false;
  259 + }
  260 +
  261 + function inheritPermissionObject(&$oDocumentOrFolder) {
  262 + global $default;
  263 + if (!KTPermissionUtil::isPermissionOwner($oDocumentOrFolder)) {
  264 + return PEAR::raiseError("Document or Folder doesn't own its permission object");
  265 + }
  266 + $oOrigPO =& KTPermissionObject::get($oDocumentOrFolder->getPermissionObjectID());
  267 + $oFolder =& Folder::get($oDocumentOrFolder->getParentID());
  268 + $iNewPOID = $oFolder->getPermissionObjectID();
  269 + $oNewPO =& KTPermissionObject::get($iNewPOID);
  270 +
  271 +
  272 + $oDocumentOrFolder->setPermissionObjectID($iNewPOID);
  273 + $oDocumentOrFolder->update();
  274 +
  275 + if (is_a($oDocumentOrFolder, 'Document')) {
  276 + // If we're a document, no niggly children to worry about.
  277 + //
  278 + // Well, except for document versions, which we don't know
  279 + // how to deal with yet, really.
  280 + KTPermissionUtil::updatePermissionLookup($oDocumentOrFolder);
  281 + return;
  282 + }
  283 +
  284 + $iFolderID = $oDocumentOrFolder->getID();
  285 + $sFolderIDs = Folder::generateFolderIDs($iFolderID);
  286 + $sFolderIDs .= '%';
  287 + $sQuery = "UPDATE $default->folders_table SET
  288 + permission_object_id = ? WHERE permission_object_id = ? AND
  289 + parent_folder_ids LIKE ?";
  290 + $aParams = array($oNewPO->getID(), $oOrigPO->getID(), $sFolderIDs);
  291 + DBUtil::runQuery(array($sQuery, $aParams));
  292 +
  293 + $sQuery = "UPDATE $default->documents_table SET
  294 + permission_object_id = ? WHERE permission_object_id = ? AND
  295 + parent_folder_ids LIKE ?";
  296 + DBUtil::runQuery(array($sQuery, $aParams));
  297 +
  298 + KTPermissionUtil::updatePermissionLookupForPO($oNewPO);
  299 + }
  300 +}
  301 +
  302 +?>
... ...