Peter M. Groen / knowledgetree

Commit 8474dc92482e5a8ce0d6346c940a9dff3dc64cb6

Authored by michaeljoseph
1 parent b26a532f

Corrected style convention violations. 


git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@2891 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 1 changed file with 422 additions and 427 deletions
lib/security/Permission.inc
  View file @8474dc9
... ... @@ -3,10 +3,10 @@
3 3 * $Id$
4 4 *
5 5 * Contains static functions used to determine whether the current user:
6   - * o has permission to perform certain actions
  6 + * o has permission to perform certain actions
7 7 * o has a certain role
8   - * o is assigned to a certain group
9   - * o has read/write access for a specific folder/directory
  8 + * o is assigned to a certain group
  9 + * o has read/write access for a specific folder/directory
10 10 *
11 11 * Copyright (c) 2003 Jam Warehouse http://www.jamwarehouse.com
12 12 *
... ... @@ -29,441 +29,436 @@
29 29 * @package lib.security
30 30 */
31 31 class Permission {
32   -
33   - /**
34   - * Checks if the current user has write permission for a specific document.
35   - * To have document write permission the user must satisfy ONE of the following conditions:
36   - * o have write permission for the folder in which the document resides
37   - * o be assigned a role which has write permission for the document
38   - *
39   - * @param $iDocumentID Primary key of document to check
40   - *
41   - * @return boolean true if the current user has document write permission, false otherwise and set $_SESSION["errorMessage"]
42   - */
43   - function userHasDocumentWritePermission($oDocument) {
44   - global $default;
45   -
46   - if ($oDocument == null) {
47   - $default->log->info("Failed to retrieve document with ID $iDocumentID from database");
48   - return false;
49   - }
50   - if (Permission::userHasFolderWritePermission(Folder::get($oDocument->getFolderID())) ||
51   - Permission::userHasWriteRoleForDocument($oDocument)) {
52   - return true;
53   - }
54   - $_SESSION["errorMessage"] = $lang_err_user_doc_write . "id " . $iDocumentID;
55   - return false;
56   - }
57   -
58   - /**
59   - * Checks if the current user has read permission for a specific document.
60   - * To have document read permission the folder must be public or the user must satisfy ONE of the following conditions:
61   - * o have write permission for the document
62   - * o have read permission for the folder in which the document resides
63   - * o be assigned a role which has read permission for the document
64   - *
65   - * @param $iDocumentID Primary key of document to check
66   - *
67   - * @return boolean true if the current user has document read permission, false otherwise and set $_SESSION["errorMessage"]
68   - */
69   - function userHasDocumentReadPermission($oDocument) {
70   - global $default;
  32 +
  33 + /**
  34 + * Checks if the current user has write permission for a specific document.
  35 + * To have document write permission the user must satisfy ONE of the following conditions:
  36 + * o have write permission for the folder in which the document resides
  37 + * o be assigned a role which has write permission for the document
  38 + *
  39 + * @param $iDocumentID Primary key of document to check
  40 + *
  41 + * @return boolean true if the current user has document write permission, false otherwise and set $_SESSION["errorMessage"]
  42 + */
  43 + function userHasDocumentWritePermission($oDocument) {
  44 + global $default;
  45 +
  46 + if ($oDocument == null) {
  47 + $default->log->info("Failed to retrieve document with ID $iDocumentID from database");
  48 + return false;
  49 + }
  50 + if (Permission::userHasFolderWritePermission(Folder::get($oDocument->getFolderID())) ||
  51 + Permission::userHasWriteRoleForDocument($oDocument)) {
  52 + return true;
  53 + }
  54 + $_SESSION["errorMessage"] = $lang_err_user_doc_write . "id " . $iDocumentID;
  55 + return false;
  56 + }
  57 +
  58 + /**
  59 + * Checks if the current user has read permission for a specific document.
  60 + * To have document read permission the folder must be public or the user must satisfy ONE of the following conditions:
  61 + * o have write permission for the document
  62 + * o have read permission for the folder in which the document resides
  63 + * o be assigned a role which has read permission for the document
  64 + *
  65 + * @param $iDocumentID Primary key of document to check
  66 + *
  67 + * @return boolean true if the current user has document read permission, false otherwise and set $_SESSION["errorMessage"]
  68 + */
  69 + function userHasDocumentReadPermission($oDocument) {
  70 + global $default;
71 71  
72   - if ($oDocument == null) {
73   - $default->log->info("Failed to retrieve document with ID " . $oDocument->getID() . " from database");
74   - return false;
75   - }
76   - if (Permission::userHasWriteRoleForDocument($oDocument) ||
77   - Permission::userHasReadRoleForDocument($oDocument) ||
78   - Permission::userHasFolderReadPermission(Folder::get($oDocument->getFolderID())) ||
79   - Permission::documentIsTemplateForDependantDocument($oDocument)) {
80   - return true;
81   - }
82   - $_SESSION["errorMessage"] = $lang_err_user_doc_read . "id " . $oDocument->getID();
83   - return false;
84   - }
85   -
86   - /**
87   - * Checks if the current user has write permission for a specific folder
88   - * To have write permission on a folder the user must satisfy ONE of the following conditions:
89   - * o be in the system administrator group
90   - * o be in the unit administrator group for the unit to which the folder belongs
91   - * o belong to a group that has write access to the folder
92   - * o be assigned a role that has write access to the folder
93   - *
94   - * @param $iFolderID Primary key of folder to check
95   - *
96   - * @return boolean true if the user has folder write permission, false otherwise and set $_SESSION["errorMessage"]
97   - */
98   - function userHasFolderWritePermission($oFolder) {
99   - global $lang_err_user_folder_write, $default;
100   - if (Permission::userHasGroupWritePermissionForFolder($oFolder) ||
101   - Permission::userIsSystemAdministrator() ||
102   - Permission::userIsUnitAdministratorForFolder($oFolder)) {
103   - $default->log->debug("FOLDER PERMISSIONS: Does have folder writer permission");
104   - return true;
105   - }
106   - $_SESSION["errorMessage"] = $lang_err_user_folder_write . "id " . $oFolder->getID();
107   - $default->log->debug("FOLDER PERMISSIONS: Does NOT have folder writer permission");
108   - return false;
109   - }
110   -
111   -
112   - /**
113   - * Checks if the current user has read permission for a specific folder
114   - * To have read permission on a folder, the folder must be public or the user must satisfy ONE of the following conditions
115   - * o have write permission for the folder
116   - * o belong to a group that has read access to the folder
117   - * o be assigned a role that has read permission for the folder
118   - *
119   - * @param $iFolderID Primary key of folder to check
120   - *
121   - * @return boolean true if the user has folder write permission, false otherwise and set $_SESSION["errorMessage"]
122   - */
123   - function userHasFolderReadPermission($oFolder) {
124   - global $lang_err_user_folder_write;
125   -
126   - if (Permission::folderIsPublic($oFolder) ||
127   - Permission::userHasFolderWritePermission($oFolder) ||
128   - Permission::userHasGroupReadPermissionForFolder($oFolder)) {
129   - return true;
130   - }
131   - $_SESSION["errorMessage"] = $lang_err_user_folder_write . "id " . $iFolderID;
132   - return false;
133   - }
134   -
135   - /**
136   - * Checks if a folder is public
137   - *
138   - * @param $iFolderID Primary key of folder to check
139   - *
140   - * @return boolean true if the folder is public, false otherwise and set $_SESSION["errorMessage"]
141   - */
142   - function folderIsPublic($oFolder) {
143   - global $default, $lang_err_folder_not_public;
144   -
145   - if ($oFolder->getIsPublic())
146   - {
147   - $default->log->debug("FOLDER PERMISSIONS: folder is public ");
148   - return true;
149   - }
150   - else
151   - {
152   - $default->log->debug("FOLDER PERMISSIONS: folder NOT public ");
153   - return false;
154   - }
155   - }
156   -
157   - /**
158   - * Checks if the current user has write permission through group membership for a particular folder
159   - *
160   - * @param $iFolderID Primary key of folder to check
161   - *
162   - * @return boolean true if the user has folder write permission, false otherwise and set $_SESSION["errorMessage"]
163   - */
164   - function userHasGroupWritePermissionForFolder($oFolder) {
165   - global $default, $lang_err_user_folder_write;
166   -
167   - if ($oFolder == null) {
168   - $default->log->info("Failed to retrieve folder with ID $iFolderID from database");
169   - return false;
170   - }
171   - $sql = $default->db;
172   - $sQuery = "SELECT GFL.folder_id " .
173   - "FROM groups_folders_link AS GFL INNER JOIN users_groups_link AS UGL ON GFL.group_id = UGL.group_id " .
174   - "WHERE UGL.user_id = " . $_SESSION["userID"] . " " .
175   - "AND GFL.can_write = 1 ";
176   - if ($oFolder->getInheritParentPermission()) {
177   - //if we use parent permissions, get the parent folder ids
178   - $sQuery .= "AND GFL.folder_id IN (" . (strlen($oFolder->getParentFolderIDs()) > 0 ? $oFolder->getParentFolderIDs() . "," . $oFolder->getID() : $oFolder->getID()) . ")";
179   - } else {
180   - //otherwise we just use the current folder id
181   - $sQuery .= "AND GFL.folder_id IN (" . $oFolder->getID() . ")";
182   - }
183   -
184   - $sql->query($sQuery);
185   -
186   - if ($sql->next_record()) {
187   - return true;
188   - }
189   - $_SESSION["errorMessage"] = $lang_err_user_folder_write;
190   - return false;
191   - }
192   -
193   - /**
194   - * Generate a string to be used in a where clause
195   - * that consists of a list of id that are a folders
196   - * parent Used this because user has read/write permission for a folder if s/he
197   - * has read/write permission for the folder's parent (have to recurse up
198   - * entire hierarchy)
199   - *
200   - * @param int Primary key of folder to start at
201   - *
202   - */
203   - function generateParentFolderString($iFolderID) {
204   - $sFolderIDString = $iFolderID;
205   - //$iParentFolderID = $iFolderID;
206   - //recurse up the hierarchy, building the string as we go
207   - $iParentFolderID = Folder::getParentFolderID($iFolderID);
208   - while ($iParentFolderID != 0) {
209   - $sFolderIDString .= ", " . $iParentFolderID;
210   - $iFolderID = $iParentFolderID;
211   - $iParentFolderID = Folder::getParentFolderID($iFolderID);
212   - }
213   - return $sFolderIDString;
214   - }
215   -
216   - /**
217   - * Checks if the current user has read permission through group membership for a particular folder
218   - *
219   - * @param $iFolderID Primary key of folder to check
220   - *
221   - * @return boolean true if the user has folder write permission, false otherwise and set $_SESSION["errorMessage"]
222   - */
223   - function userHasGroupReadPermissionForFolder($oFolder) {
224   - global $default, $lang_err_user_folder_read;
225   - $sql = $default->db;
226   -
227   - if ($oFolder == null) {
228   - $default->log->info("Failed to retrieve folder with ID $iFolderID from database");
229   - return false;
230   - }
231   -
  72 + if ($oDocument == null) {
  73 + $default->log->info("Failed to retrieve document with ID " . $oDocument->getID() . " from database");
  74 + return false;
  75 + }
  76 + if (Permission::userHasWriteRoleForDocument($oDocument) ||
  77 + Permission::userHasReadRoleForDocument($oDocument) ||
  78 + Permission::userHasFolderReadPermission(Folder::get($oDocument->getFolderID())) ||
  79 + Permission::documentIsTemplateForDependantDocument($oDocument)) {
  80 + return true;
  81 + }
  82 + $_SESSION["errorMessage"] = $lang_err_user_doc_read . "id " . $oDocument->getID();
  83 + return false;
  84 + }
  85 +
  86 + /**
  87 + * Checks if the current user has write permission for a specific folder
  88 + * To have write permission on a folder the user must satisfy ONE of the following conditions:
  89 + * o be in the system administrator group
  90 + * o be in the unit administrator group for the unit to which the folder belongs
  91 + * o belong to a group that has write access to the folder
  92 + * o be assigned a role that has write access to the folder
  93 + *
  94 + * @param $iFolderID Primary key of folder to check
  95 + *
  96 + * @return boolean true if the user has folder write permission, false otherwise and set $_SESSION["errorMessage"]
  97 + */
  98 + function userHasFolderWritePermission($oFolder) {
  99 + global $lang_err_user_folder_write, $default;
  100 + if (Permission::userHasGroupWritePermissionForFolder($oFolder) ||
  101 + Permission::userIsSystemAdministrator() ||
  102 + Permission::userIsUnitAdministratorForFolder($oFolder)) {
  103 + $default->log->debug("FOLDER PERMISSIONS: Does have folder writer permission");
  104 + return true;
  105 + }
  106 + $_SESSION["errorMessage"] = $lang_err_user_folder_write . "id " . $oFolder->getID();
  107 + $default->log->debug("FOLDER PERMISSIONS: Does NOT have folder writer permission");
  108 + return false;
  109 + }
  110 +
  111 +
  112 + /**
  113 + * Checks if the current user has read permission for a specific folder
  114 + * To have read permission on a folder, the folder must be public or the user must satisfy ONE of the following conditions
  115 + * o have write permission for the folder
  116 + * o belong to a group that has read access to the folder
  117 + * o be assigned a role that has read permission for the folder
  118 + *
  119 + * @param $iFolderID Primary key of folder to check
  120 + *
  121 + * @return boolean true if the user has folder write permission, false otherwise and set $_SESSION["errorMessage"]
  122 + */
  123 + function userHasFolderReadPermission($oFolder) {
  124 + global $lang_err_user_folder_write;
  125 +
  126 + if (Permission::folderIsPublic($oFolder) ||
  127 + Permission::userHasFolderWritePermission($oFolder) ||
  128 + Permission::userHasGroupReadPermissionForFolder($oFolder)) {
  129 + return true;
  130 + }
  131 + $_SESSION["errorMessage"] = $lang_err_user_folder_write . "id " . $iFolderID;
  132 + return false;
  133 + }
  134 +
  135 + /**
  136 + * Checks if a folder is public
  137 + *
  138 + * @param $iFolderID Primary key of folder to check
  139 + *
  140 + * @return boolean true if the folder is public, false otherwise and set $_SESSION["errorMessage"]
  141 + */
  142 + function folderIsPublic($oFolder) {
  143 + global $default, $lang_err_folder_not_public;
  144 +
  145 + if ($oFolder->getIsPublic()) {
  146 + return true;
  147 + } else {
  148 + return false;
  149 + }
  150 + }
  151 +
  152 + /**
  153 + * Checks if the current user has write permission through group membership for a particular folder
  154 + *
  155 + * @param $iFolderID Primary key of folder to check
  156 + *
  157 + * @return boolean true if the user has folder write permission, false otherwise and set $_SESSION["errorMessage"]
  158 + */
  159 + function userHasGroupWritePermissionForFolder($oFolder) {
  160 + global $default, $lang_err_user_folder_write;
  161 +
  162 + if ($oFolder == null) {
  163 + $default->log->info("Failed to retrieve folder with ID $iFolderID from database");
  164 + return false;
  165 + }
  166 + $sql = $default->db;
  167 + $sQuery = "SELECT GFL.folder_id " .
  168 + "FROM groups_folders_link AS GFL INNER JOIN users_groups_link AS UGL ON GFL.group_id = UGL.group_id " .
  169 + "WHERE UGL.user_id = " . $_SESSION["userID"] . " " .
  170 + "AND GFL.can_write = 1 ";
  171 + if ($oFolder->getInheritParentPermission()) {
  172 + //if we use parent permissions, get the parent folder ids
  173 + $sQuery .= "AND GFL.folder_id IN (" . (strlen($oFolder->getParentFolderIDs()) > 0 ? $oFolder->getParentFolderIDs() . "," . $oFolder->getID() : $oFolder->getID()) . ")";
  174 + } else {
  175 + //otherwise we just use the current folder id
  176 + $sQuery .= "AND GFL.folder_id IN (" . $oFolder->getID() . ")";
  177 + }
  178 +
  179 + $sql->query($sQuery);
  180 +
  181 + if ($sql->next_record()) {
  182 + return true;
  183 + }
  184 + $_SESSION["errorMessage"] = $lang_err_user_folder_write;
  185 + return false;
  186 + }
  187 +
  188 + /**
  189 + * Generate a string to be used in a where clause
  190 + * that consists of a list of id that are a folders
  191 + * parent Used this because user has read/write permission for a folder if s/he
  192 + * has read/write permission for the folder's parent (have to recurse up
  193 + * entire hierarchy)
  194 + *
  195 + * @param int Primary key of folder to start at
  196 + *
  197 + */
  198 + function generateParentFolderString($iFolderID) {
  199 + $sFolderIDString = $iFolderID;
  200 + //$iParentFolderID = $iFolderID;
  201 + //recurse up the hierarchy, building the string as we go
  202 + $iParentFolderID = Folder::getParentFolderID($iFolderID);
  203 + while ($iParentFolderID != 0) {
  204 + $sFolderIDString .= ", " . $iParentFolderID;
  205 + $iFolderID = $iParentFolderID;
  206 + $iParentFolderID = Folder::getParentFolderID($iFolderID);
  207 + }
  208 + return $sFolderIDString;
  209 + }
  210 +
  211 + /**
  212 + * Checks if the current user has read permission through group membership for a particular folder
  213 + *
  214 + * @param $iFolderID Primary key of folder to check
  215 + *
  216 + * @return boolean true if the user has folder write permission, false otherwise and set $_SESSION["errorMessage"]
  217 + */
  218 + function userHasGroupReadPermissionForFolder($oFolder) {
  219 + global $default, $lang_err_user_folder_read;
  220 + $sql = $default->db;
  221 +
  222 + if ($oFolder == null) {
  223 + $default->log->info("Failed to retrieve folder with ID $iFolderID from database");
  224 + return false;
  225 + }
  226 +
232 227 $sQuery = "SELECT GFL.folder_id " .
233 228 "FROM groups_folders_link AS GFL INNER JOIN users_groups_link AS UGL ON GFL.group_id = UGL.group_id " .
234 229 "WHERE UGL.user_id = " . $_SESSION["userID"] . " " .
235 230 "AND GFL.can_read = 1 ";
236   - if ($oFolder->getInheritParentPermission()) {
237   - //if we use parent permissions, get the parent folder ids
238   - $sQuery .= "AND GFL.folder_id IN (" . (strlen($oFolder->getParentFolderIDs()) > 0 ? $oFolder->getParentFolderIDs() . "," . $oFolder->getID() : $oFolder->getID()) . ")";
239   - } else {
240   - //otherwise we just use the current folder id
241   - $sQuery .= "AND GFL.folder_id IN (" . $iFolderID . ")";
242   - }
243   - $sql->query($sQuery);
244   -
245   - $default->log->debug("userHasGroupReadPermissionForFolder sql: " . $sQuery);
246   - if ($sql->next_record()) {
247   - $default->log->debug("FOLDER PERMISSIONS: Does have group read permission for folder");
248   - return true;
249   - }
250   - $_SESSION["errorMessage"] = $lang_err_user_folder_read;
251   - $default->log->debug("FOLDER PERMISSIONS: Does NOT have group read permission for folder");
252   - return false;
253   - }
254   -
255   - /**
256   - * Checks if the current user is in the specified group using the group id
257   - *
258   - * @param $iGroupID Primary key of group to check
259   - *
260   - * @return boolean true if the user is in the group, false otherwise and sets $_SESSION["errorMessage"]
261   - */
262   - function userIsInGroupID($iGroupID) {
263   - global $default, $lang_err_user_group;
264   - $sql = $default->db;
265   - $sql->query("SELECT id FROM " . $default->users_groups_table . " WHERE group_id = " . $iGroupID . " AND user_id = " . $_SESSION["userID"]);
266   - if ($sql->next_record()) {
267   - return true;
268   - }
269   - $_SESSION["errorMessage"] = $lang_err_user_group . "group id = " . $iGroupID;
270   - return false;
271   - }
272   -
273   - /**
274   - * Checks if the current user is in the specified group using the group name
275   - *
276   - * @param $sGroupName Name of group to check
277   - *
278   - * @return boolean true if the user is in the group, false otherwise and sets $_SESSION["errorMessage"]
279   - */
280   - function userIsInGroupName($sGroupName) {
281   - global $default, $lang_err_user_group;
282   - $sql = $default->db;
283   - $sql->query("SELECT GULT.id FROM " . $default->users_groups_table . " AS GULT INNER JOIN " . $default->groups_table . " AS G ON GULT.group_id = G.ID WHERE G.name = '" . $sGroupName . "' AND user_id = " . $_SESSION["userID"]);
284   - if ($sql->next_record()) {
285   - return true;
286   - }
287   - $_SESSION["errorMessage"] = $lang_err_user_group . "group name " . $sGroupName;
288   - return false;
289   -
290   - }
291   -
292   - /**
293   - * Check is the user is assigned a specific role that has write permission for a folder
294   - *
295   - * @param $iFolderID Primary key of folder to check
296   - *
297   - * @return boolean true is the user has the role assigned, false otherwise and set $_SESSION["errorMessage"]
298   - */
299   - function userHasWriteRoleForDocument($oDocument) {
300   - global $default, $lang_err_user_role;
301   - $sql = $default->db;
302   - $sql->query("SELECT FURL.id FROM $default->folders_user_roles_table AS FURL INNER JOIN $default->groups_folders_approval_table AS GFAL ON FURL.group_folder_approval_id = GFAL.id " .
303   - "INNER JOIN $default->roles_table AS R ON GFAL.role_id = R.id " .
304   - "WHERE FURL.user_id = " . $_SESSION["userID"] . " " .
305   - "AND FURL.document_id = " . $oDocument->getID() .
306   - " AND R.can_write = 1 " .
307   - "AND R.active = 1");
308   - if ($sql->next_record()) {
309   - return true;
310   - }
311   - $_SESSION["errorMessage"] = $lang_err_user_role;
312   - return false;
313   - }
314   -
315   - /**
316   - * Check is the user is assigned a specific role that has read permission for a folder
317   - *
318   - * @param $iFolderID Primary key of folder to check
319   - *
320   - * @return boolean true is the user has the role assigned, false otherwise and set $_SESSION["errorMessage"]
321   - */
322   - function userHasReadRoleForDocument($oDocument) {
323   - global $default, $lang_err_user_role;
324   - $sql = $default->db;
325   - $sql->query("SELECT * FROM $default->folders_user_roles_table AS FURL INNER JOIN $default->groups_folders_approval_table AS GFAL ON FURL.group_folder_approval_id = GFAL.id " .
326   - "INNER JOIN $default->roles_table AS R ON GFAL.role_id = R.id " .
327   - "WHERE FURL.user_id = " . $_SESSION["userID"] . " " .
328   - "AND FURL.document_id = " . $oDocument->getID() .
329   - " AND R.can_read = 1");
330   - if ($sql->next_record()) {
331   - return true;
332   - }
333   - $_SESSION["errorMessage"] = $lang_err_user_role;
334   - return false;
335   - }
336   -
337   - /** Static functions
338   - *
339   - * Checks if the document is a template for a depedant document
340   - * that the user is responsible for creating
341   - */
342   - function documentIsTemplateForDependantDocument($oDocument) {
343   - global $default;
344   - $sql = $default->db;
345   - $sql->query("SELECT id FROM $default->dependant_document_instance_table WHERE template_document_id = " . $oDocument->getID() . " and user_id = " . $_SESSION["userID"]);
346   - if ($sql->next_record()) {
347   - return true;
348   - }
349   - return false;
350   - }
351   -
352   - /**
353   - * Checks if a given role exists using the role primary key
354   - *
355   - * @param $iRoleID Primary key of role to check for
356   - *
357   - * @return boolean true if role exists, false otherwise and set $_SESSION["errorMessage"]
358   - */
359   - function roleIDExists($iRoleID) {
360   - global $default, $lang_err_role_not_exist;
361   - $sql = $default->db;
362   - $sql->query("SELECT id FROM " . $default->roles_table . " WHERE id = " . $iRoleID);
363   - if ($sql->next_record()) {
364   - return true;
365   - }
366   - $_SESSION["errorMessage"] = $lang_err_role_not_exist . $sRoleName;
367   - return false;
368   - }
369   -
370   - /**
371   - * Checks if a given role exists using the role name
372   - *
373   - * @param $sRoleName Name of role to check for
374   - *
375   - * @return boolean true if role exists, false otherwise and set $_SESSION["errorMessage"]
376   - */
377   - function roleNameExists($sRoleName) {
378   - global $default, $lang_err_role_not_exist;
379   - $sql = $default->db;
380   - $sql->query("SELECT id FROM " . $default->roles_table . " WHERE name = '" . $sRoleName . "'");
381   - if ($sql->next_record()) {
382   - return true;
383   - }
384   - $_SESSION["errorMessage"] = $lang_err_role_not_exist . $sRoleName;
385   - return false;
386   - }
387   -
388   - /**
389   - * Get the primary key for a role
390   - *
391   - * @param $sRoleName Name of role to get primary key for
392   - *
393   - * @return ID if role exists, false otherwise and set $_SESSION["errorMessage"]
394   - */
395   - function getRoleID($sRoleName) {
396   - global $default, $lang_err_database;
397   - if (roleExists($sRoleName)) {
398   - $sql = $default->db;
399   - $sql->query("SELECT id FROM " . $default->roles_table . " WHERE name = '" . $sRoleName . "'");
400   - $sql->next_record();
401   - return $sql->f("id");
402   - }
403   - $_SESSION["errorMessage"] = $lang_err_database;
404   - return false;
405   - }
406   -
407   - /**
408   - * Check if the current user is a system administrator
409   - *
410   - * @return boolean true is user is system administrator, false otherwise and set $_SESSION["errorMessage"]
411   - *
412   - */
413   - function userIsSystemAdministrator($iUserID = "") {
414   - global $default, $lang_err_database;
  231 + if ($oFolder->getInheritParentPermission()) {
  232 + //if we use parent permissions, get the parent folder ids
  233 + $sQuery .= "AND GFL.folder_id IN (" . (strlen($oFolder->getParentFolderIDs()) > 0 ? $oFolder->getParentFolderIDs() . "," . $oFolder->getID() : $oFolder->getID()) . ")";
  234 + } else {
  235 + //otherwise we just use the current folder id
  236 + $sQuery .= "AND GFL.folder_id IN (" . $iFolderID . ")";
  237 + }
  238 + $sql->query($sQuery);
  239 +
  240 + $default->log->debug("userHasGroupReadPermissionForFolder sql: " . $sQuery);
  241 + if ($sql->next_record()) {
  242 + $default->log->debug("FOLDER PERMISSIONS: Does have group read permission for folder");
  243 + return true;
  244 + }
  245 + $_SESSION["errorMessage"] = $lang_err_user_folder_read;
  246 + $default->log->debug("FOLDER PERMISSIONS: Does NOT have group read permission for folder");
  247 + return false;
  248 + }
  249 +
  250 + /**
  251 + * Checks if the current user is in the specified group using the group id
  252 + *
  253 + * @param $iGroupID Primary key of group to check
  254 + *
  255 + * @return boolean true if the user is in the group, false otherwise and sets $_SESSION["errorMessage"]
  256 + */
  257 + function userIsInGroupID($iGroupID) {
  258 + global $default, $lang_err_user_group;
  259 + $sql = $default->db;
  260 + $sql->query("SELECT id FROM " . $default->users_groups_table . " WHERE group_id = " . $iGroupID . " AND user_id = " . $_SESSION["userID"]);
  261 + if ($sql->next_record()) {
  262 + return true;
  263 + }
  264 + $_SESSION["errorMessage"] = $lang_err_user_group . "group id = " . $iGroupID;
  265 + return false;
  266 + }
  267 +
  268 + /**
  269 + * Checks if the current user is in the specified group using the group name
  270 + *
  271 + * @param $sGroupName Name of group to check
  272 + *
  273 + * @return boolean true if the user is in the group, false otherwise and sets $_SESSION["errorMessage"]
  274 + */
  275 + function userIsInGroupName($sGroupName) {
  276 + global $default, $lang_err_user_group;
  277 + $sql = $default->db;
  278 + $sql->query("SELECT GULT.id FROM " . $default->users_groups_table . " AS GULT INNER JOIN " . $default->groups_table . " AS G ON GULT.group_id = G.ID WHERE G.name = '" . $sGroupName . "' AND user_id = " . $_SESSION["userID"]);
  279 + if ($sql->next_record()) {
  280 + return true;
  281 + }
  282 + $_SESSION["errorMessage"] = $lang_err_user_group . "group name " . $sGroupName;
  283 + return false;
  284 +
  285 + }
  286 +
  287 + /**
  288 + * Check is the user is assigned a specific role that has write permission for a folder
  289 + *
  290 + * @param $iFolderID Primary key of folder to check
  291 + *
  292 + * @return boolean true is the user has the role assigned, false otherwise and set $_SESSION["errorMessage"]
  293 + */
  294 + function userHasWriteRoleForDocument($oDocument) {
  295 + global $default, $lang_err_user_role;
  296 + $sql = $default->db;
  297 + $sql->query("SELECT FURL.id FROM $default->folders_user_roles_table AS FURL INNER JOIN $default->groups_folders_approval_table AS GFAL ON FURL.group_folder_approval_id = GFAL.id " .
  298 + "INNER JOIN $default->roles_table AS R ON GFAL.role_id = R.id " .
  299 + "WHERE FURL.user_id = " . $_SESSION["userID"] . " " .
  300 + "AND FURL.document_id = " . $oDocument->getID() .
  301 + " AND R.can_write = 1 " .
  302 + "AND R.active = 1");
  303 + if ($sql->next_record()) {
  304 + return true;
  305 + }
  306 + $_SESSION["errorMessage"] = $lang_err_user_role;
  307 + return false;
  308 + }
  309 +
  310 + /**
  311 + * Check is the user is assigned a specific role that has read permission for a folder
  312 + *
  313 + * @param $iFolderID Primary key of folder to check
  314 + *
  315 + * @return boolean true is the user has the role assigned, false otherwise and set $_SESSION["errorMessage"]
  316 + */
  317 + function userHasReadRoleForDocument($oDocument) {
  318 + global $default, $lang_err_user_role;
  319 + $sql = $default->db;
  320 + $sql->query("SELECT * FROM $default->folders_user_roles_table AS FURL INNER JOIN $default->groups_folders_approval_table AS GFAL ON FURL.group_folder_approval_id = GFAL.id " .
  321 + "INNER JOIN $default->roles_table AS R ON GFAL.role_id = R.id " .
  322 + "WHERE FURL.user_id = " . $_SESSION["userID"] . " " .
  323 + "AND FURL.document_id = " . $oDocument->getID() .
  324 + " AND R.can_read = 1");
  325 + if ($sql->next_record()) {
  326 + return true;
  327 + }
  328 + $_SESSION["errorMessage"] = $lang_err_user_role;
  329 + return false;
  330 + }
  331 +
  332 + /** Static functions
  333 + *
  334 + * Checks if the document is a template for a depedant document
  335 + * that the user is responsible for creating
  336 + */
  337 + function documentIsTemplateForDependantDocument($oDocument) {
  338 + global $default;
  339 + $sql = $default->db;
  340 + $sql->query("SELECT id FROM $default->dependant_document_instance_table WHERE template_document_id = " . $oDocument->getID() . " and user_id = " . $_SESSION["userID"]);
  341 + if ($sql->next_record()) {
  342 + return true;
  343 + }
  344 + return false;
  345 + }
  346 +
  347 + /**
  348 + * Checks if a given role exists using the role primary key
  349 + *
  350 + * @param $iRoleID Primary key of role to check for
  351 + *
  352 + * @return boolean true if role exists, false otherwise and set $_SESSION["errorMessage"]
  353 + */
  354 + function roleIDExists($iRoleID) {
  355 + global $default, $lang_err_role_not_exist;
  356 + $sql = $default->db;
  357 + $sql->query("SELECT id FROM " . $default->roles_table . " WHERE id = " . $iRoleID);
  358 + if ($sql->next_record()) {
  359 + return true;
  360 + }
  361 + $_SESSION["errorMessage"] = $lang_err_role_not_exist . $sRoleName;
  362 + return false;
  363 + }
  364 +
  365 + /**
  366 + * Checks if a given role exists using the role name
  367 + *
  368 + * @param $sRoleName Name of role to check for
  369 + *
  370 + * @return boolean true if role exists, false otherwise and set $_SESSION["errorMessage"]
  371 + */
  372 + function roleNameExists($sRoleName) {
  373 + global $default, $lang_err_role_not_exist;
  374 + $sql = $default->db;
  375 + $sql->query("SELECT id FROM " . $default->roles_table . " WHERE name = '" . $sRoleName . "'");
  376 + if ($sql->next_record()) {
  377 + return true;
  378 + }
  379 + $_SESSION["errorMessage"] = $lang_err_role_not_exist . $sRoleName;
  380 + return false;
  381 + }
  382 +
  383 + /**
  384 + * Get the primary key for a role
  385 + *
  386 + * @param $sRoleName Name of role to get primary key for
  387 + *
  388 + * @return ID if role exists, false otherwise and set $_SESSION["errorMessage"]
  389 + */
  390 + function getRoleID($sRoleName) {
  391 + global $default, $lang_err_database;
  392 + if (roleExists($sRoleName)) {
  393 + $sql = $default->db;
  394 + $sql->query("SELECT id FROM " . $default->roles_table . " WHERE name = '" . $sRoleName . "'");
  395 + $sql->next_record();
  396 + return $sql->f("id");
  397 + }
  398 + $_SESSION["errorMessage"] = $lang_err_database;
  399 + return false;
  400 + }
  401 +
  402 + /**
  403 + * Check if the current user is a system administrator
  404 + *
  405 + * @return boolean true is user is system administrator, false otherwise and set $_SESSION["errorMessage"]
  406 + *
  407 + */
  408 + function userIsSystemAdministrator($iUserID = "") {
  409 + global $default, $lang_err_database;
415 410 if ($iUserID == "") {
416 411 $iUserID = $_SESSION["userID"];
417 412 }
418   - $sql = $default->db;
419   - $sql->query("SELECT UGL.group_id " .
420   - "FROM $default->users_groups_table AS UGL INNER JOIN $default->groups_table AS GL ON UGL.group_id = GL.id " .
421   - "WHERE UGL.user_id = $iUserID " .
422   - "AND is_sys_admin = 1");
423   - if ($sql->next_record()) {
424   - return true;
425   - }
426   - return false;
427   - }
428   -
429   - /**
430   - * Checks if the current user is a unit administrator
431   - *
432   - * @return boolean true if the user is the unit administrator for the unit to which the folder belongs, false otherwise
433   - */
434   - function userIsUnitAdministrator($iUserID = "") {
  413 + $sql = $default->db;
  414 + $sql->query("SELECT UGL.group_id " .
  415 + "FROM $default->users_groups_table AS UGL INNER JOIN $default->groups_table AS GL ON UGL.group_id = GL.id " .
  416 + "WHERE UGL.user_id = $iUserID " .
  417 + "AND is_sys_admin = 1");
  418 + if ($sql->next_record()) {
  419 + return true;
  420 + }
  421 + return false;
  422 + }
  423 +
  424 + /**
  425 + * Checks if the current user is a unit administrator
  426 + *
  427 + * @return boolean true if the user is the unit administrator for the unit to which the folder belongs, false otherwise
  428 + */
  429 + function userIsUnitAdministrator($iUserID = "") {
435 430 global $default;
436 431 if ($iUserID == "") {
437 432 $iUserID = $_SESSION["userID"];
438 433 }
439   - $sql = $default->db;
440   - $sql->query("SELECT UGL.group_id " .
441   - "FROM $default->users_groups_table AS UGL INNER JOIN $default->groups_units_table AS GUL ON GUL.group_id = UGL.group_id " .
442   - "INNER JOIN $default->groups_table AS GL ON GL.id = UGL.group_id " .
443   - "WHERE UGL.user_id = $iUserID " .
444   - "AND GL.is_unit_admin = 1");
445   - return $sql->next_record();
446   - }
  434 + $sql = $default->db;
  435 + $sql->query("SELECT UGL.group_id " .
  436 + "FROM $default->users_groups_table AS UGL INNER JOIN $default->groups_units_table AS GUL ON GUL.group_id = UGL.group_id " .
  437 + "INNER JOIN $default->groups_table AS GL ON GL.id = UGL.group_id " .
  438 + "WHERE UGL.user_id = $iUserID " .
  439 + "AND GL.is_unit_admin = 1");
  440 + return $sql->next_record();
  441 + }
447 442  
448   - /**
449   - * Checks if the current user is a unit administrator
450   - *
451   - * @return boolean true if the user is the unit administrator for the unit to which the folder belongs, false otherwise
452   - */
453   - function userIsUnitAdministratorForFolder($oFolder) {
  443 + /**
  444 + * Checks if the current user is a unit administrator
  445 + *
  446 + * @return boolean true if the user is the unit administrator for the unit to which the folder belongs, false otherwise
  447 + */
  448 + function userIsUnitAdministratorForFolder($oFolder) {
454 449 global $default;
455   - $sql = $default->db;
456   -
  450 + $sql = $default->db;
  451 +
457 452 $sql->query("SELECT * " .
458   - "FROM $default->groups_folders_table AS GFL INNER JOIN $default->folders_table AS F ON GFL.folder_id = F.id " .
459   - "INNER JOIN $default->groups_units_table AS GUL ON GUL.unit_id = F.unit_id " .
460   - "INNER JOIN $default->groups_table AS GL ON GUL.group_id = GL.id " .
461   - "INNER JOIN $default->users_groups_table AS UGL ON UGL.group_id = GL.id " .
462   - "WHERE GL.is_unit_admin = 1 " .
463   - "AND GFL.folder_id = " . $oFolder->getID() .
464   - " AND UGL.user_id = " . $_SESSION["userID"]);
465   - return $sql->next_record();
466   - }
  453 + "FROM $default->groups_folders_table AS GFL INNER JOIN $default->folders_table AS F ON GFL.folder_id = F.id " .
  454 + "INNER JOIN $default->groups_units_table AS GUL ON GUL.unit_id = F.unit_id " .
  455 + "INNER JOIN $default->groups_table AS GL ON GUL.group_id = GL.id " .
  456 + "INNER JOIN $default->users_groups_table AS UGL ON UGL.group_id = GL.id " .
  457 + "WHERE GL.is_unit_admin = 1 " .
  458 + "AND GFL.folder_id = " . $oFolder->getID() .
  459 + " AND UGL.user_id = " . $_SESSION["userID"]);
  460 + return $sql->next_record();
  461 + }
467 462  
468 463 /**
469 464 * Checks if the current user is a guest user
... ... @@ -475,14 +470,14 @@ class Permission {
475 470 if ($iUserID == "") {
476 471 $iUserID = $_SESSION["userID"];
477 472 }
478   - $sql = $default->db;
  473 + $sql = $default->db;
479 474 // you're a guest user if you're in the Anonymous group
480   - $sql->query("SELECT UGL.group_id
  475 + $sql->query("SELECT UGL.group_id
481 476 FROM $default->users_groups_table AS UGL INNER JOIN $default->groups_table AS GL ON GL.id = UGL.group_id
482 477 WHERE GL.name = 'Anonymous'
483 478 AND UGL.user_id = $iUserID");
484   - return $sql->next_record();
  479 + return $sql->next_record();
485 480 }
486 481 }
487 482  
488 483 -?>
  484 +?>
489 485 \ No newline at end of file
... ...