Peter M. Groen / knowledgetree

Commit 8474dc92482e5a8ce0d6346c940a9dff3dc64cb6

Authored by michaeljoseph
1 parent b26a532f

Corrected style convention violations. 


git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@2891 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 1 changed file with 422 additions and 427 deletions
lib/security/Permission.inc
  View file @8474dc9
@@ -3,10 +3,10 @@ @@ -3,10 +3,10 @@
3 * $Id$ 3 * $Id$
4 * 4 *
5 * Contains static functions used to determine whether the current user: 5 * Contains static functions used to determine whether the current user:
6 - * o has permission to perform certain actions 6 + * o has permission to perform certain actions
7 * o has a certain role 7 * o has a certain role
8 - * o is assigned to a certain group  
9 - * o has read/write access for a specific folder/directory 8 + * o is assigned to a certain group
  9 + * o has read/write access for a specific folder/directory
10 * 10 *
11 * Copyright (c) 2003 Jam Warehouse http://www.jamwarehouse.com 11 * Copyright (c) 2003 Jam Warehouse http://www.jamwarehouse.com
12 * 12 *
@@ -29,441 +29,436 @@ @@ -29,441 +29,436 @@
29 * @package lib.security 29 * @package lib.security
30 */ 30 */
31 class Permission { 31 class Permission {
32 -  
33 - /**  
34 - * Checks if the current user has write permission for a specific document.  
35 - * To have document write permission the user must satisfy ONE of the following conditions:  
36 - * o have write permission for the folder in which the document resides  
37 - * o be assigned a role which has write permission for the document  
38 - *  
39 - * @param $iDocumentID Primary key of document to check  
40 - *  
41 - * @return boolean true if the current user has document write permission, false otherwise and set $_SESSION["errorMessage"]  
42 - */  
43 - function userHasDocumentWritePermission($oDocument) {  
44 - global $default;  
45 -  
46 - if ($oDocument == null) {  
47 - $default->log->info("Failed to retrieve document with ID $iDocumentID from database");  
48 - return false;  
49 - }  
50 - if (Permission::userHasFolderWritePermission(Folder::get($oDocument->getFolderID())) ||  
51 - Permission::userHasWriteRoleForDocument($oDocument)) {  
52 - return true;  
53 - }  
54 - $_SESSION["errorMessage"] = $lang_err_user_doc_write . "id " . $iDocumentID;  
55 - return false;  
56 - }  
57 -  
58 - /**  
59 - * Checks if the current user has read permission for a specific document.  
60 - * To have document read permission the folder must be public or the user must satisfy ONE of the following conditions:  
61 - * o have write permission for the document  
62 - * o have read permission for the folder in which the document resides  
63 - * o be assigned a role which has read permission for the document  
64 - *  
65 - * @param $iDocumentID Primary key of document to check  
66 - *  
67 - * @return boolean true if the current user has document read permission, false otherwise and set $_SESSION["errorMessage"]  
68 - */  
69 - function userHasDocumentReadPermission($oDocument) {  
70 - global $default; 32 +
  33 + /**
  34 + * Checks if the current user has write permission for a specific document.
  35 + * To have document write permission the user must satisfy ONE of the following conditions:
  36 + * o have write permission for the folder in which the document resides
  37 + * o be assigned a role which has write permission for the document
  38 + *
  39 + * @param $iDocumentID Primary key of document to check
  40 + *
  41 + * @return boolean true if the current user has document write permission, false otherwise and set $_SESSION["errorMessage"]
  42 + */
  43 + function userHasDocumentWritePermission($oDocument) {
  44 + global $default;
  45 +
  46 + if ($oDocument == null) {
  47 + $default->log->info("Failed to retrieve document with ID $iDocumentID from database");
  48 + return false;
  49 + }
  50 + if (Permission::userHasFolderWritePermission(Folder::get($oDocument->getFolderID())) ||
  51 + Permission::userHasWriteRoleForDocument($oDocument)) {
  52 + return true;
  53 + }
  54 + $_SESSION["errorMessage"] = $lang_err_user_doc_write . "id " . $iDocumentID;
  55 + return false;
  56 + }
  57 +
  58 + /**
  59 + * Checks if the current user has read permission for a specific document.
  60 + * To have document read permission the folder must be public or the user must satisfy ONE of the following conditions:
  61 + * o have write permission for the document
  62 + * o have read permission for the folder in which the document resides
  63 + * o be assigned a role which has read permission for the document
  64 + *
  65 + * @param $iDocumentID Primary key of document to check
  66 + *
  67 + * @return boolean true if the current user has document read permission, false otherwise and set $_SESSION["errorMessage"]
  68 + */
  69 + function userHasDocumentReadPermission($oDocument) {
  70 + global $default;
71 71
72 - if ($oDocument == null) {  
73 - $default->log->info("Failed to retrieve document with ID " . $oDocument->getID() . " from database");  
74 - return false;  
75 - }  
76 - if (Permission::userHasWriteRoleForDocument($oDocument) ||  
77 - Permission::userHasReadRoleForDocument($oDocument) ||  
78 - Permission::userHasFolderReadPermission(Folder::get($oDocument->getFolderID())) ||  
79 - Permission::documentIsTemplateForDependantDocument($oDocument)) {  
80 - return true;  
81 - }  
82 - $_SESSION["errorMessage"] = $lang_err_user_doc_read . "id " . $oDocument->getID();  
83 - return false;  
84 - }  
85 -  
86 - /**  
87 - * Checks if the current user has write permission for a specific folder  
88 - * To have write permission on a folder the user must satisfy ONE of the following conditions:  
89 - * o be in the system administrator group  
90 - * o be in the unit administrator group for the unit to which the folder belongs  
91 - * o belong to a group that has write access to the folder  
92 - * o be assigned a role that has write access to the folder  
93 - *  
94 - * @param $iFolderID Primary key of folder to check  
95 - *  
96 - * @return boolean true if the user has folder write permission, false otherwise and set $_SESSION["errorMessage"]  
97 - */  
98 - function userHasFolderWritePermission($oFolder) {  
99 - global $lang_err_user_folder_write, $default;  
100 - if (Permission::userHasGroupWritePermissionForFolder($oFolder) ||  
101 - Permission::userIsSystemAdministrator() ||  
102 - Permission::userIsUnitAdministratorForFolder($oFolder)) {  
103 - $default->log->debug("FOLDER PERMISSIONS: Does have folder writer permission");  
104 - return true;  
105 - }  
106 - $_SESSION["errorMessage"] = $lang_err_user_folder_write . "id " . $oFolder->getID();  
107 - $default->log->debug("FOLDER PERMISSIONS: Does NOT have folder writer permission");  
108 - return false;  
109 - }  
110 -  
111 -  
112 - /**  
113 - * Checks if the current user has read permission for a specific folder  
114 - * To have read permission on a folder, the folder must be public or the user must satisfy ONE of the following conditions  
115 - * o have write permission for the folder  
116 - * o belong to a group that has read access to the folder  
117 - * o be assigned a role that has read permission for the folder  
118 - *  
119 - * @param $iFolderID Primary key of folder to check  
120 - *  
121 - * @return boolean true if the user has folder write permission, false otherwise and set $_SESSION["errorMessage"]  
122 - */  
123 - function userHasFolderReadPermission($oFolder) {  
124 - global $lang_err_user_folder_write;  
125 -  
126 - if (Permission::folderIsPublic($oFolder) ||  
127 - Permission::userHasFolderWritePermission($oFolder) ||  
128 - Permission::userHasGroupReadPermissionForFolder($oFolder)) {  
129 - return true;  
130 - }  
131 - $_SESSION["errorMessage"] = $lang_err_user_folder_write . "id " . $iFolderID;  
132 - return false;  
133 - }  
134 -  
135 - /**  
136 - * Checks if a folder is public  
137 - *  
138 - * @param $iFolderID Primary key of folder to check  
139 - *  
140 - * @return boolean true if the folder is public, false otherwise and set $_SESSION["errorMessage"]  
141 - */  
142 - function folderIsPublic($oFolder) {  
143 - global $default, $lang_err_folder_not_public;  
144 -  
145 - if ($oFolder->getIsPublic())  
146 - {  
147 - $default->log->debug("FOLDER PERMISSIONS: folder is public ");  
148 - return true;  
149 - }  
150 - else  
151 - {  
152 - $default->log->debug("FOLDER PERMISSIONS: folder NOT public ");  
153 - return false;  
154 - }  
155 - }  
156 -  
157 - /**  
158 - * Checks if the current user has write permission through group membership for a particular folder  
159 - *  
160 - * @param $iFolderID Primary key of folder to check  
161 - *  
162 - * @return boolean true if the user has folder write permission, false otherwise and set $_SESSION["errorMessage"]  
163 - */  
164 - function userHasGroupWritePermissionForFolder($oFolder) {  
165 - global $default, $lang_err_user_folder_write;  
166 -  
167 - if ($oFolder == null) {  
168 - $default->log->info("Failed to retrieve folder with ID $iFolderID from database");  
169 - return false;  
170 - }  
171 - $sql = $default->db;  
172 - $sQuery = "SELECT GFL.folder_id " .  
173 - "FROM groups_folders_link AS GFL INNER JOIN users_groups_link AS UGL ON GFL.group_id = UGL.group_id " .  
174 - "WHERE UGL.user_id = " . $_SESSION["userID"] . " " .  
175 - "AND GFL.can_write = 1 ";  
176 - if ($oFolder->getInheritParentPermission()) {  
177 - //if we use parent permissions, get the parent folder ids  
178 - $sQuery .= "AND GFL.folder_id IN (" . (strlen($oFolder->getParentFolderIDs()) > 0 ? $oFolder->getParentFolderIDs() . "," . $oFolder->getID() : $oFolder->getID()) . ")";  
179 - } else {  
180 - //otherwise we just use the current folder id  
181 - $sQuery .= "AND GFL.folder_id IN (" . $oFolder->getID() . ")";  
182 - }  
183 -  
184 - $sql->query($sQuery);  
185 -  
186 - if ($sql->next_record()) {  
187 - return true;  
188 - }  
189 - $_SESSION["errorMessage"] = $lang_err_user_folder_write;  
190 - return false;  
191 - }  
192 -  
193 - /**  
194 - * Generate a string to be used in a where clause  
195 - * that consists of a list of id that are a folders  
196 - * parent Used this because user has read/write permission for a folder if s/he  
197 - * has read/write permission for the folder's parent (have to recurse up  
198 - * entire hierarchy)  
199 - *  
200 - * @param int Primary key of folder to start at  
201 - *  
202 - */  
203 - function generateParentFolderString($iFolderID) {  
204 - $sFolderIDString = $iFolderID;  
205 - //$iParentFolderID = $iFolderID;  
206 - //recurse up the hierarchy, building the string as we go  
207 - $iParentFolderID = Folder::getParentFolderID($iFolderID);  
208 - while ($iParentFolderID != 0) {  
209 - $sFolderIDString .= ", " . $iParentFolderID;  
210 - $iFolderID = $iParentFolderID;  
211 - $iParentFolderID = Folder::getParentFolderID($iFolderID);  
212 - }  
213 - return $sFolderIDString;  
214 - }  
215 -  
216 - /**  
217 - * Checks if the current user has read permission through group membership for a particular folder  
218 - *  
219 - * @param $iFolderID Primary key of folder to check  
220 - *  
221 - * @return boolean true if the user has folder write permission, false otherwise and set $_SESSION["errorMessage"]  
222 - */  
223 - function userHasGroupReadPermissionForFolder($oFolder) {  
224 - global $default, $lang_err_user_folder_read;  
225 - $sql = $default->db;  
226 -  
227 - if ($oFolder == null) {  
228 - $default->log->info("Failed to retrieve folder with ID $iFolderID from database");  
229 - return false;  
230 - }  
231 - 72 + if ($oDocument == null) {
  73 + $default->log->info("Failed to retrieve document with ID " . $oDocument->getID() . " from database");
  74 + return false;
  75 + }
  76 + if (Permission::userHasWriteRoleForDocument($oDocument) ||
  77 + Permission::userHasReadRoleForDocument($oDocument) ||
  78 + Permission::userHasFolderReadPermission(Folder::get($oDocument->getFolderID())) ||
  79 + Permission::documentIsTemplateForDependantDocument($oDocument)) {
  80 + return true;
  81 + }
  82 + $_SESSION["errorMessage"] = $lang_err_user_doc_read . "id " . $oDocument->getID();
  83 + return false;
  84 + }
  85 +
  86 + /**
  87 + * Checks if the current user has write permission for a specific folder
  88 + * To have write permission on a folder the user must satisfy ONE of the following conditions:
  89 + * o be in the system administrator group
  90 + * o be in the unit administrator group for the unit to which the folder belongs
  91 + * o belong to a group that has write access to the folder
  92 + * o be assigned a role that has write access to the folder
  93 + *
  94 + * @param $iFolderID Primary key of folder to check
  95 + *
  96 + * @return boolean true if the user has folder write permission, false otherwise and set $_SESSION["errorMessage"]
  97 + */
  98 + function userHasFolderWritePermission($oFolder) {
  99 + global $lang_err_user_folder_write, $default;
  100 + if (Permission::userHasGroupWritePermissionForFolder($oFolder) ||
  101 + Permission::userIsSystemAdministrator() ||
  102 + Permission::userIsUnitAdministratorForFolder($oFolder)) {
  103 + $default->log->debug("FOLDER PERMISSIONS: Does have folder writer permission");
  104 + return true;
  105 + }
  106 + $_SESSION["errorMessage"] = $lang_err_user_folder_write . "id " . $oFolder->getID();
  107 + $default->log->debug("FOLDER PERMISSIONS: Does NOT have folder writer permission");
  108 + return false;
  109 + }
  110 +
  111 +
  112 + /**
  113 + * Checks if the current user has read permission for a specific folder
  114 + * To have read permission on a folder, the folder must be public or the user must satisfy ONE of the following conditions
  115 + * o have write permission for the folder
  116 + * o belong to a group that has read access to the folder
  117 + * o be assigned a role that has read permission for the folder
  118 + *
  119 + * @param $iFolderID Primary key of folder to check
  120 + *
  121 + * @return boolean true if the user has folder write permission, false otherwise and set $_SESSION["errorMessage"]
  122 + */
  123 + function userHasFolderReadPermission($oFolder) {
  124 + global $lang_err_user_folder_write;
  125 +
  126 + if (Permission::folderIsPublic($oFolder) ||
  127 + Permission::userHasFolderWritePermission($oFolder) ||
  128 + Permission::userHasGroupReadPermissionForFolder($oFolder)) {
  129 + return true;
  130 + }
  131 + $_SESSION["errorMessage"] = $lang_err_user_folder_write . "id " . $iFolderID;
  132 + return false;
  133 + }
  134 +
  135 + /**
  136 + * Checks if a folder is public
  137 + *
  138 + * @param $iFolderID Primary key of folder to check
  139 + *
  140 + * @return boolean true if the folder is public, false otherwise and set $_SESSION["errorMessage"]
  141 + */
  142 + function folderIsPublic($oFolder) {
  143 + global $default, $lang_err_folder_not_public;
  144 +
  145 + if ($oFolder->getIsPublic()) {
  146 + return true;
  147 + } else {
  148 + return false;
  149 + }
  150 + }
  151 +
  152 + /**
  153 + * Checks if the current user has write permission through group membership for a particular folder
  154 + *
  155 + * @param $iFolderID Primary key of folder to check
  156 + *
  157 + * @return boolean true if the user has folder write permission, false otherwise and set $_SESSION["errorMessage"]
  158 + */
  159 + function userHasGroupWritePermissionForFolder($oFolder) {
  160 + global $default, $lang_err_user_folder_write;
  161 +
  162 + if ($oFolder == null) {
  163 + $default->log->info("Failed to retrieve folder with ID $iFolderID from database");
  164 + return false;
  165 + }
  166 + $sql = $default->db;
  167 + $sQuery = "SELECT GFL.folder_id " .
  168 + "FROM groups_folders_link AS GFL INNER JOIN users_groups_link AS UGL ON GFL.group_id = UGL.group_id " .
  169 + "WHERE UGL.user_id = " . $_SESSION["userID"] . " " .
  170 + "AND GFL.can_write = 1 ";
  171 + if ($oFolder->getInheritParentPermission()) {
  172 + //if we use parent permissions, get the parent folder ids
  173 + $sQuery .= "AND GFL.folder_id IN (" . (strlen($oFolder->getParentFolderIDs()) > 0 ? $oFolder->getParentFolderIDs() . "," . $oFolder->getID() : $oFolder->getID()) . ")";
  174 + } else {
  175 + //otherwise we just use the current folder id
  176 + $sQuery .= "AND GFL.folder_id IN (" . $oFolder->getID() . ")";
  177 + }
  178 +
  179 + $sql->query($sQuery);
  180 +
  181 + if ($sql->next_record()) {
  182 + return true;
  183 + }
  184 + $_SESSION["errorMessage"] = $lang_err_user_folder_write;
  185 + return false;
  186 + }
  187 +
  188 + /**
  189 + * Generate a string to be used in a where clause
  190 + * that consists of a list of id that are a folders
  191 + * parent Used this because user has read/write permission for a folder if s/he
  192 + * has read/write permission for the folder's parent (have to recurse up
  193 + * entire hierarchy)
  194 + *
  195 + * @param int Primary key of folder to start at
  196 + *
  197 + */
  198 + function generateParentFolderString($iFolderID) {
  199 + $sFolderIDString = $iFolderID;
  200 + //$iParentFolderID = $iFolderID;
  201 + //recurse up the hierarchy, building the string as we go
  202 + $iParentFolderID = Folder::getParentFolderID($iFolderID);
  203 + while ($iParentFolderID != 0) {
  204 + $sFolderIDString .= ", " . $iParentFolderID;
  205 + $iFolderID = $iParentFolderID;
  206 + $iParentFolderID = Folder::getParentFolderID($iFolderID);
  207 + }
  208 + return $sFolderIDString;
  209 + }
  210 +
  211 + /**
  212 + * Checks if the current user has read permission through group membership for a particular folder
  213 + *
  214 + * @param $iFolderID Primary key of folder to check
  215 + *
  216 + * @return boolean true if the user has folder write permission, false otherwise and set $_SESSION["errorMessage"]
  217 + */
  218 + function userHasGroupReadPermissionForFolder($oFolder) {
  219 + global $default, $lang_err_user_folder_read;
  220 + $sql = $default->db;
  221 +
  222 + if ($oFolder == null) {
  223 + $default->log->info("Failed to retrieve folder with ID $iFolderID from database");
  224 + return false;
  225 + }
  226 +
232 $sQuery = "SELECT GFL.folder_id " . 227 $sQuery = "SELECT GFL.folder_id " .
233 "FROM groups_folders_link AS GFL INNER JOIN users_groups_link AS UGL ON GFL.group_id = UGL.group_id " . 228 "FROM groups_folders_link AS GFL INNER JOIN users_groups_link AS UGL ON GFL.group_id = UGL.group_id " .
234 "WHERE UGL.user_id = " . $_SESSION["userID"] . " " . 229 "WHERE UGL.user_id = " . $_SESSION["userID"] . " " .
235 "AND GFL.can_read = 1 "; 230 "AND GFL.can_read = 1 ";
236 - if ($oFolder->getInheritParentPermission()) {  
237 - //if we use parent permissions, get the parent folder ids  
238 - $sQuery .= "AND GFL.folder_id IN (" . (strlen($oFolder->getParentFolderIDs()) > 0 ? $oFolder->getParentFolderIDs() . "," . $oFolder->getID() : $oFolder->getID()) . ")";  
239 - } else {  
240 - //otherwise we just use the current folder id  
241 - $sQuery .= "AND GFL.folder_id IN (" . $iFolderID . ")";  
242 - }  
243 - $sql->query($sQuery);  
244 -  
245 - $default->log->debug("userHasGroupReadPermissionForFolder sql: " . $sQuery);  
246 - if ($sql->next_record()) {  
247 - $default->log->debug("FOLDER PERMISSIONS: Does have group read permission for folder");  
248 - return true;  
249 - }  
250 - $_SESSION["errorMessage"] = $lang_err_user_folder_read;  
251 - $default->log->debug("FOLDER PERMISSIONS: Does NOT have group read permission for folder");  
252 - return false;  
253 - }  
254 -  
255 - /**  
256 - * Checks if the current user is in the specified group using the group id  
257 - *  
258 - * @param $iGroupID Primary key of group to check  
259 - *  
260 - * @return boolean true if the user is in the group, false otherwise and sets $_SESSION["errorMessage"]  
261 - */  
262 - function userIsInGroupID($iGroupID) {  
263 - global $default, $lang_err_user_group;  
264 - $sql = $default->db;  
265 - $sql->query("SELECT id FROM " . $default->users_groups_table . " WHERE group_id = " . $iGroupID . " AND user_id = " . $_SESSION["userID"]);  
266 - if ($sql->next_record()) {  
267 - return true;  
268 - }  
269 - $_SESSION["errorMessage"] = $lang_err_user_group . "group id = " . $iGroupID;  
270 - return false;  
271 - }  
272 -  
273 - /**  
274 - * Checks if the current user is in the specified group using the group name  
275 - *  
276 - * @param $sGroupName Name of group to check  
277 - *  
278 - * @return boolean true if the user is in the group, false otherwise and sets $_SESSION["errorMessage"]  
279 - */  
280 - function userIsInGroupName($sGroupName) {  
281 - global $default, $lang_err_user_group;  
282 - $sql = $default->db;  
283 - $sql->query("SELECT GULT.id FROM " . $default->users_groups_table . " AS GULT INNER JOIN " . $default->groups_table . " AS G ON GULT.group_id = G.ID WHERE G.name = '" . $sGroupName . "' AND user_id = " . $_SESSION["userID"]);  
284 - if ($sql->next_record()) {  
285 - return true;  
286 - }  
287 - $_SESSION["errorMessage"] = $lang_err_user_group . "group name " . $sGroupName;  
288 - return false;  
289 -  
290 - }  
291 -  
292 - /**  
293 - * Check is the user is assigned a specific role that has write permission for a folder  
294 - *  
295 - * @param $iFolderID Primary key of folder to check  
296 - *  
297 - * @return boolean true is the user has the role assigned, false otherwise and set $_SESSION["errorMessage"]  
298 - */  
299 - function userHasWriteRoleForDocument($oDocument) {  
300 - global $default, $lang_err_user_role;  
301 - $sql = $default->db;  
302 - $sql->query("SELECT FURL.id FROM $default->folders_user_roles_table AS FURL INNER JOIN $default->groups_folders_approval_table AS GFAL ON FURL.group_folder_approval_id = GFAL.id " .  
303 - "INNER JOIN $default->roles_table AS R ON GFAL.role_id = R.id " .  
304 - "WHERE FURL.user_id = " . $_SESSION["userID"] . " " .  
305 - "AND FURL.document_id = " . $oDocument->getID() .  
306 - " AND R.can_write = 1 " .  
307 - "AND R.active = 1");  
308 - if ($sql->next_record()) {  
309 - return true;  
310 - }  
311 - $_SESSION["errorMessage"] = $lang_err_user_role;  
312 - return false;  
313 - }  
314 -  
315 - /**  
316 - * Check is the user is assigned a specific role that has read permission for a folder  
317 - *  
318 - * @param $iFolderID Primary key of folder to check  
319 - *  
320 - * @return boolean true is the user has the role assigned, false otherwise and set $_SESSION["errorMessage"]  
321 - */  
322 - function userHasReadRoleForDocument($oDocument) {  
323 - global $default, $lang_err_user_role;  
324 - $sql = $default->db;  
325 - $sql->query("SELECT * FROM $default->folders_user_roles_table AS FURL INNER JOIN $default->groups_folders_approval_table AS GFAL ON FURL.group_folder_approval_id = GFAL.id " .  
326 - "INNER JOIN $default->roles_table AS R ON GFAL.role_id = R.id " .  
327 - "WHERE FURL.user_id = " . $_SESSION["userID"] . " " .  
328 - "AND FURL.document_id = " . $oDocument->getID() .  
329 - " AND R.can_read = 1");  
330 - if ($sql->next_record()) {  
331 - return true;  
332 - }  
333 - $_SESSION["errorMessage"] = $lang_err_user_role;  
334 - return false;  
335 - }  
336 -  
337 - /** Static functions  
338 - *  
339 - * Checks if the document is a template for a depedant document  
340 - * that the user is responsible for creating  
341 - */  
342 - function documentIsTemplateForDependantDocument($oDocument) {  
343 - global $default;  
344 - $sql = $default->db;  
345 - $sql->query("SELECT id FROM $default->dependant_document_instance_table WHERE template_document_id = " . $oDocument->getID() . " and user_id = " . $_SESSION["userID"]);  
346 - if ($sql->next_record()) {  
347 - return true;  
348 - }  
349 - return false;  
350 - }  
351 -  
352 - /**  
353 - * Checks if a given role exists using the role primary key  
354 - *  
355 - * @param $iRoleID Primary key of role to check for  
356 - *  
357 - * @return boolean true if role exists, false otherwise and set $_SESSION["errorMessage"]  
358 - */  
359 - function roleIDExists($iRoleID) {  
360 - global $default, $lang_err_role_not_exist;  
361 - $sql = $default->db;  
362 - $sql->query("SELECT id FROM " . $default->roles_table . " WHERE id = " . $iRoleID);  
363 - if ($sql->next_record()) {  
364 - return true;  
365 - }  
366 - $_SESSION["errorMessage"] = $lang_err_role_not_exist . $sRoleName;  
367 - return false;  
368 - }  
369 -  
370 - /**  
371 - * Checks if a given role exists using the role name  
372 - *  
373 - * @param $sRoleName Name of role to check for  
374 - *  
375 - * @return boolean true if role exists, false otherwise and set $_SESSION["errorMessage"]  
376 - */  
377 - function roleNameExists($sRoleName) {  
378 - global $default, $lang_err_role_not_exist;  
379 - $sql = $default->db;  
380 - $sql->query("SELECT id FROM " . $default->roles_table . " WHERE name = '" . $sRoleName . "'");  
381 - if ($sql->next_record()) {  
382 - return true;  
383 - }  
384 - $_SESSION["errorMessage"] = $lang_err_role_not_exist . $sRoleName;  
385 - return false;  
386 - }  
387 -  
388 - /**  
389 - * Get the primary key for a role  
390 - *  
391 - * @param $sRoleName Name of role to get primary key for  
392 - *  
393 - * @return ID if role exists, false otherwise and set $_SESSION["errorMessage"]  
394 - */  
395 - function getRoleID($sRoleName) {  
396 - global $default, $lang_err_database;  
397 - if (roleExists($sRoleName)) {  
398 - $sql = $default->db;  
399 - $sql->query("SELECT id FROM " . $default->roles_table . " WHERE name = '" . $sRoleName . "'");  
400 - $sql->next_record();  
401 - return $sql->f("id");  
402 - }  
403 - $_SESSION["errorMessage"] = $lang_err_database;  
404 - return false;  
405 - }  
406 -  
407 - /**  
408 - * Check if the current user is a system administrator  
409 - *  
410 - * @return boolean true is user is system administrator, false otherwise and set $_SESSION["errorMessage"]  
411 - *  
412 - */  
413 - function userIsSystemAdministrator($iUserID = "") {  
414 - global $default, $lang_err_database; 231 + if ($oFolder->getInheritParentPermission()) {
  232 + //if we use parent permissions, get the parent folder ids
  233 + $sQuery .= "AND GFL.folder_id IN (" . (strlen($oFolder->getParentFolderIDs()) > 0 ? $oFolder->getParentFolderIDs() . "," . $oFolder->getID() : $oFolder->getID()) . ")";
  234 + } else {
  235 + //otherwise we just use the current folder id
  236 + $sQuery .= "AND GFL.folder_id IN (" . $iFolderID . ")";
  237 + }
  238 + $sql->query($sQuery);
  239 +
  240 + $default->log->debug("userHasGroupReadPermissionForFolder sql: " . $sQuery);
  241 + if ($sql->next_record()) {
  242 + $default->log->debug("FOLDER PERMISSIONS: Does have group read permission for folder");
  243 + return true;
  244 + }
  245 + $_SESSION["errorMessage"] = $lang_err_user_folder_read;
  246 + $default->log->debug("FOLDER PERMISSIONS: Does NOT have group read permission for folder");
  247 + return false;
  248 + }
  249 +
  250 + /**
  251 + * Checks if the current user is in the specified group using the group id
  252 + *
  253 + * @param $iGroupID Primary key of group to check
  254 + *
  255 + * @return boolean true if the user is in the group, false otherwise and sets $_SESSION["errorMessage"]
  256 + */
  257 + function userIsInGroupID($iGroupID) {
  258 + global $default, $lang_err_user_group;
  259 + $sql = $default->db;
  260 + $sql->query("SELECT id FROM " . $default->users_groups_table . " WHERE group_id = " . $iGroupID . " AND user_id = " . $_SESSION["userID"]);
  261 + if ($sql->next_record()) {
  262 + return true;
  263 + }
  264 + $_SESSION["errorMessage"] = $lang_err_user_group . "group id = " . $iGroupID;
  265 + return false;
  266 + }
  267 +
  268 + /**
  269 + * Checks if the current user is in the specified group using the group name
  270 + *
  271 + * @param $sGroupName Name of group to check
  272 + *
  273 + * @return boolean true if the user is in the group, false otherwise and sets $_SESSION["errorMessage"]
  274 + */
  275 + function userIsInGroupName($sGroupName) {
  276 + global $default, $lang_err_user_group;
  277 + $sql = $default->db;
  278 + $sql->query("SELECT GULT.id FROM " . $default->users_groups_table . " AS GULT INNER JOIN " . $default->groups_table . " AS G ON GULT.group_id = G.ID WHERE G.name = '" . $sGroupName . "' AND user_id = " . $_SESSION["userID"]);
  279 + if ($sql->next_record()) {
  280 + return true;
  281 + }
  282 + $_SESSION["errorMessage"] = $lang_err_user_group . "group name " . $sGroupName;
  283 + return false;
  284 +
  285 + }
  286 +
  287 + /**
  288 + * Check is the user is assigned a specific role that has write permission for a folder
  289 + *
  290 + * @param $iFolderID Primary key of folder to check
  291 + *
  292 + * @return boolean true is the user has the role assigned, false otherwise and set $_SESSION["errorMessage"]
  293 + */
  294 + function userHasWriteRoleForDocument($oDocument) {
  295 + global $default, $lang_err_user_role;
  296 + $sql = $default->db;
  297 + $sql->query("SELECT FURL.id FROM $default->folders_user_roles_table AS FURL INNER JOIN $default->groups_folders_approval_table AS GFAL ON FURL.group_folder_approval_id = GFAL.id " .
  298 + "INNER JOIN $default->roles_table AS R ON GFAL.role_id = R.id " .
  299 + "WHERE FURL.user_id = " . $_SESSION["userID"] . " " .
  300 + "AND FURL.document_id = " . $oDocument->getID() .
  301 + " AND R.can_write = 1 " .
  302 + "AND R.active = 1");
  303 + if ($sql->next_record()) {
  304 + return true;
  305 + }
  306 + $_SESSION["errorMessage"] = $lang_err_user_role;
  307 + return false;
  308 + }
  309 +
  310 + /**
  311 + * Check is the user is assigned a specific role that has read permission for a folder
  312 + *
  313 + * @param $iFolderID Primary key of folder to check
  314 + *
  315 + * @return boolean true is the user has the role assigned, false otherwise and set $_SESSION["errorMessage"]
  316 + */
  317 + function userHasReadRoleForDocument($oDocument) {
  318 + global $default, $lang_err_user_role;
  319 + $sql = $default->db;
  320 + $sql->query("SELECT * FROM $default->folders_user_roles_table AS FURL INNER JOIN $default->groups_folders_approval_table AS GFAL ON FURL.group_folder_approval_id = GFAL.id " .
  321 + "INNER JOIN $default->roles_table AS R ON GFAL.role_id = R.id " .
  322 + "WHERE FURL.user_id = " . $_SESSION["userID"] . " " .
  323 + "AND FURL.document_id = " . $oDocument->getID() .
  324 + " AND R.can_read = 1");
  325 + if ($sql->next_record()) {
  326 + return true;
  327 + }
  328 + $_SESSION["errorMessage"] = $lang_err_user_role;
  329 + return false;
  330 + }
  331 +
  332 + /** Static functions
  333 + *
  334 + * Checks if the document is a template for a depedant document
  335 + * that the user is responsible for creating
  336 + */
  337 + function documentIsTemplateForDependantDocument($oDocument) {
  338 + global $default;
  339 + $sql = $default->db;
  340 + $sql->query("SELECT id FROM $default->dependant_document_instance_table WHERE template_document_id = " . $oDocument->getID() . " and user_id = " . $_SESSION["userID"]);
  341 + if ($sql->next_record()) {
  342 + return true;
  343 + }
  344 + return false;
  345 + }
  346 +
  347 + /**
  348 + * Checks if a given role exists using the role primary key
  349 + *
  350 + * @param $iRoleID Primary key of role to check for
  351 + *
  352 + * @return boolean true if role exists, false otherwise and set $_SESSION["errorMessage"]
  353 + */
  354 + function roleIDExists($iRoleID) {
  355 + global $default, $lang_err_role_not_exist;
  356 + $sql = $default->db;
  357 + $sql->query("SELECT id FROM " . $default->roles_table . " WHERE id = " . $iRoleID);
  358 + if ($sql->next_record()) {
  359 + return true;
  360 + }
  361 + $_SESSION["errorMessage"] = $lang_err_role_not_exist . $sRoleName;
  362 + return false;
  363 + }
  364 +
  365 + /**
  366 + * Checks if a given role exists using the role name
  367 + *
  368 + * @param $sRoleName Name of role to check for
  369 + *
  370 + * @return boolean true if role exists, false otherwise and set $_SESSION["errorMessage"]
  371 + */
  372 + function roleNameExists($sRoleName) {
  373 + global $default, $lang_err_role_not_exist;
  374 + $sql = $default->db;
  375 + $sql->query("SELECT id FROM " . $default->roles_table . " WHERE name = '" . $sRoleName . "'");
  376 + if ($sql->next_record()) {
  377 + return true;
  378 + }
  379 + $_SESSION["errorMessage"] = $lang_err_role_not_exist . $sRoleName;
  380 + return false;
  381 + }
  382 +
  383 + /**
  384 + * Get the primary key for a role
  385 + *
  386 + * @param $sRoleName Name of role to get primary key for
  387 + *
  388 + * @return ID if role exists, false otherwise and set $_SESSION["errorMessage"]
  389 + */
  390 + function getRoleID($sRoleName) {
  391 + global $default, $lang_err_database;
  392 + if (roleExists($sRoleName)) {
  393 + $sql = $default->db;
  394 + $sql->query("SELECT id FROM " . $default->roles_table . " WHERE name = '" . $sRoleName . "'");
  395 + $sql->next_record();
  396 + return $sql->f("id");
  397 + }
  398 + $_SESSION["errorMessage"] = $lang_err_database;
  399 + return false;
  400 + }
  401 +
  402 + /**
  403 + * Check if the current user is a system administrator
  404 + *
  405 + * @return boolean true is user is system administrator, false otherwise and set $_SESSION["errorMessage"]
  406 + *
  407 + */
  408 + function userIsSystemAdministrator($iUserID = "") {
  409 + global $default, $lang_err_database;
415 if ($iUserID == "") { 410 if ($iUserID == "") {
416 $iUserID = $_SESSION["userID"]; 411 $iUserID = $_SESSION["userID"];
417 } 412 }
418 - $sql = $default->db;  
419 - $sql->query("SELECT UGL.group_id " .  
420 - "FROM $default->users_groups_table AS UGL INNER JOIN $default->groups_table AS GL ON UGL.group_id = GL.id " .  
421 - "WHERE UGL.user_id = $iUserID " .  
422 - "AND is_sys_admin = 1");  
423 - if ($sql->next_record()) {  
424 - return true;  
425 - }  
426 - return false;  
427 - }  
428 -  
429 - /**  
430 - * Checks if the current user is a unit administrator  
431 - *  
432 - * @return boolean true if the user is the unit administrator for the unit to which the folder belongs, false otherwise  
433 - */  
434 - function userIsUnitAdministrator($iUserID = "") { 413 + $sql = $default->db;
  414 + $sql->query("SELECT UGL.group_id " .
  415 + "FROM $default->users_groups_table AS UGL INNER JOIN $default->groups_table AS GL ON UGL.group_id = GL.id " .
  416 + "WHERE UGL.user_id = $iUserID " .
  417 + "AND is_sys_admin = 1");
  418 + if ($sql->next_record()) {
  419 + return true;
  420 + }
  421 + return false;
  422 + }
  423 +
  424 + /**
  425 + * Checks if the current user is a unit administrator
  426 + *
  427 + * @return boolean true if the user is the unit administrator for the unit to which the folder belongs, false otherwise
  428 + */
  429 + function userIsUnitAdministrator($iUserID = "") {
435 global $default; 430 global $default;
436 if ($iUserID == "") { 431 if ($iUserID == "") {
437 $iUserID = $_SESSION["userID"]; 432 $iUserID = $_SESSION["userID"];
438 } 433 }
439 - $sql = $default->db;  
440 - $sql->query("SELECT UGL.group_id " .  
441 - "FROM $default->users_groups_table AS UGL INNER JOIN $default->groups_units_table AS GUL ON GUL.group_id = UGL.group_id " .  
442 - "INNER JOIN $default->groups_table AS GL ON GL.id = UGL.group_id " .  
443 - "WHERE UGL.user_id = $iUserID " .  
444 - "AND GL.is_unit_admin = 1");  
445 - return $sql->next_record();  
446 - } 434 + $sql = $default->db;
  435 + $sql->query("SELECT UGL.group_id " .
  436 + "FROM $default->users_groups_table AS UGL INNER JOIN $default->groups_units_table AS GUL ON GUL.group_id = UGL.group_id " .
  437 + "INNER JOIN $default->groups_table AS GL ON GL.id = UGL.group_id " .
  438 + "WHERE UGL.user_id = $iUserID " .
  439 + "AND GL.is_unit_admin = 1");
  440 + return $sql->next_record();
  441 + }
447 442
448 - /**  
449 - * Checks if the current user is a unit administrator  
450 - *  
451 - * @return boolean true if the user is the unit administrator for the unit to which the folder belongs, false otherwise  
452 - */  
453 - function userIsUnitAdministratorForFolder($oFolder) { 443 + /**
  444 + * Checks if the current user is a unit administrator
  445 + *
  446 + * @return boolean true if the user is the unit administrator for the unit to which the folder belongs, false otherwise
  447 + */
  448 + function userIsUnitAdministratorForFolder($oFolder) {
454 global $default; 449 global $default;
455 - $sql = $default->db;  
456 - 450 + $sql = $default->db;
  451 +
457 $sql->query("SELECT * " . 452 $sql->query("SELECT * " .
458 - "FROM $default->groups_folders_table AS GFL INNER JOIN $default->folders_table AS F ON GFL.folder_id = F.id " .  
459 - "INNER JOIN $default->groups_units_table AS GUL ON GUL.unit_id = F.unit_id " .  
460 - "INNER JOIN $default->groups_table AS GL ON GUL.group_id = GL.id " .  
461 - "INNER JOIN $default->users_groups_table AS UGL ON UGL.group_id = GL.id " .  
462 - "WHERE GL.is_unit_admin = 1 " .  
463 - "AND GFL.folder_id = " . $oFolder->getID() .  
464 - " AND UGL.user_id = " . $_SESSION["userID"]);  
465 - return $sql->next_record();  
466 - } 453 + "FROM $default->groups_folders_table AS GFL INNER JOIN $default->folders_table AS F ON GFL.folder_id = F.id " .
  454 + "INNER JOIN $default->groups_units_table AS GUL ON GUL.unit_id = F.unit_id " .
  455 + "INNER JOIN $default->groups_table AS GL ON GUL.group_id = GL.id " .
  456 + "INNER JOIN $default->users_groups_table AS UGL ON UGL.group_id = GL.id " .
  457 + "WHERE GL.is_unit_admin = 1 " .
  458 + "AND GFL.folder_id = " . $oFolder->getID() .
  459 + " AND UGL.user_id = " . $_SESSION["userID"]);
  460 + return $sql->next_record();
  461 + }
467 462
468 /** 463 /**
469 * Checks if the current user is a guest user 464 * Checks if the current user is a guest user
@@ -475,14 +470,14 @@ class Permission { @@ -475,14 +470,14 @@ class Permission {
475 if ($iUserID == "") { 470 if ($iUserID == "") {
476 $iUserID = $_SESSION["userID"]; 471 $iUserID = $_SESSION["userID"];
477 } 472 }
478 - $sql = $default->db; 473 + $sql = $default->db;
479 // you're a guest user if you're in the Anonymous group 474 // you're a guest user if you're in the Anonymous group
480 - $sql->query("SELECT UGL.group_id 475 + $sql->query("SELECT UGL.group_id
481 FROM $default->users_groups_table AS UGL INNER JOIN $default->groups_table AS GL ON GL.id = UGL.group_id 476 FROM $default->users_groups_table AS UGL INNER JOIN $default->groups_table AS GL ON GL.id = UGL.group_id
482 WHERE GL.name = 'Anonymous' 477 WHERE GL.name = 'Anonymous'
483 AND UGL.user_id = $iUserID"); 478 AND UGL.user_id = $iUserID");
484 - return $sql->next_record(); 479 + return $sql->next_record();
485 } 480 }
486 } 481 }
487 482
488 -?> 483 -?>
  484 +?>
489 \ No newline at end of file 485 \ No newline at end of file