diff --git a/config/tableMappings.inc b/config/tableMappings.inc index cff29de..68e3960 100644 --- a/config/tableMappings.inc +++ b/config/tableMappings.inc @@ -143,7 +143,6 @@ $default->notifications_table = "notifications"; $default->authentication_sources_table = "authentication_sources"; $default->dashlet_disable_table = "dashlet_disables"; $default->role_allocations_table = "role_allocations"; -$default->document_role_allocations_table = "document_role_allocations"; $default->plugins_table = "plugins"; $default->document_metadata_version_table = "document_metadata_version"; $default->document_content_version_table = "document_content_version"; diff --git a/lib/documentmanagement/Document.inc b/lib/documentmanagement/Document.inc index d17648b..7c08d44 100644 --- a/lib/documentmanagement/Document.inc +++ b/lib/documentmanagement/Document.inc @@ -69,9 +69,6 @@ class Document { function getCreatorID() { return $this->_oDocumentCore->getCreatorId(); } function setCreatorID($iNewValue) { $this->_oDocumentCore->setCreatorId($iNewValue); } - function getOwnerID() { return $this->_oDocumentCore->getOwnerId(); } - function setOwnerID($iNewValue) { $this->_oDocumentCore->setOwnerId($iNewValue); } - function getLastModifiedDate() { return $this->_oDocumentCore->getLastModifiedDate(); } function setLastModifiedDate($dNewValue) { $this->_oDocumentCore->setLastModifiedDate($dNewValue); } @@ -421,7 +418,6 @@ class Document { $oDocument = new Document(); $aOptions = array_change_key_case($aOptions); - $aCoreKeys = array( "CreatorId", "Created", diff --git a/lib/documentmanagement/documentcore.inc.php b/lib/documentmanagement/documentcore.inc.php index cfd1ca5..0802b6b 100644 --- a/lib/documentmanagement/documentcore.inc.php +++ b/lib/documentmanagement/documentcore.inc.php @@ -73,7 +73,6 @@ class KTDocumentCore extends KTEntity { // transaction-related "iCreatorId" => 'creator_id', - "dCreated" => 'created', "iModifiedUserId" => 'modified_user_id', "dModified" => 'modified', @@ -93,7 +92,6 @@ class KTDocumentCore extends KTEntity { // permission-related "iPermissionObjectId" => 'permission_object_id', "iPermissionLookupId" => 'permission_lookup_id', - "iOwnerId" => 'owner_id', ); function KTDocument() { @@ -102,8 +100,6 @@ class KTDocumentCore extends KTEntity { // {{{ getters/setters function getCreatorId() { return $this->iCreatorId; } function setCreatorId($iNewValue) { $this->iCreatorId = $iNewValue; } - function getOwnerId() { return $this->iOwnerId; } - function setOwnerId($iNewValue) { $this->iOwnerId = $iNewValue; } function getCreatedDateTime() { return $this->dCreated; } function getModifiedUserId() { return $this->iModifiedUserId; } function setModifiedUserId($iNewValue) { $this->iModifiedUserId = $iNewValue; } @@ -216,9 +212,6 @@ class KTDocumentCore extends KTEntity { if (empty($this->iModifiedUserId)) { $this->iModifiedUserId = $this->iCreatorId; } - if (empty($this->iOwnerId)) { - $this->iOwnerId = $this->iCreatorId; - } if (empty($this->iMetadataVersion)) { $this->iMetadataVersion = 0; } @@ -228,7 +221,7 @@ class KTDocumentCore extends KTEntity { $oFolder = Folder::get($this->getFolderId()); $this->iPermissionObjectId = $oFolder->getPermissionObjectId(); $res = parent::create(); - + if ($res === true) { KTPermissionUtil::updatePermissionLookup($this); } diff --git a/lib/permissions/permissionutil.inc.php b/lib/permissions/permissionutil.inc.php index 30a67c1..10b16e9 100644 --- a/lib/permissions/permissionutil.inc.php +++ b/lib/permissions/permissionutil.inc.php @@ -37,7 +37,6 @@ require_once(KT_LIB_DIR . "/permissions/permissionobject.inc.php"); require_once(KT_LIB_DIR . "/permissions/permissiondynamiccondition.inc.php"); require_once(KT_LIB_DIR . "/groups/GroupUtil.php"); require_once(KT_LIB_DIR . "/roles/roleallocation.inc.php"); -require_once(KT_LIB_DIR . "/roles/documentroleallocation.inc.php"); require_once(KT_LIB_DIR . "/workflow/workflowutil.inc.php"); require_once(KT_LIB_DIR . "/workflow/workflowstatepermissionsassignment.inc.php"); @@ -311,22 +310,13 @@ class KTPermissionUtil { foreach ($aAllowed['role'] as $iRoleId) { // store the PD <-> RoleId map if (!array_key_exists($iRoleId, $_roleCache)) { - $oRoleAllocation = null; - if (is_a($oFolderOrDocument, 'KTDocumentCore') || is_a($oFolderOrDocument, 'Document')) { - $oRoleAllocation =& DocumentRoleAllocation::getAllocationsForDocumentAndRole($oFolderOrDocument->getId(), $iRoleId); - if (PEAR::isError($oRoleAllocation)) { $oRoleAllocation = null; } - } - // if that's null - not set _on_ the document, then - if (is_null($oRoleAllocation)) { - $oRoleAllocation =& RoleAllocation::getAllocationsForFolderAndRole($iRoleSourceFolder, $iRoleId); - } + $oRoleAllocation =& RoleAllocation::getAllocationsForFolderAndRole($iRoleSourceFolder, $iRoleId); $_roleCache[$iRoleId] = $oRoleAllocation; } // roles are _not_ always assigned (can be null at root) - if (!is_null($_roleCache[$iRoleId])) { + if ($_roleCache[$iRoleId] != null) { $aMapPermAllowed[$iPermissionId]['user'] = array_merge($aAllowed['user'], $_roleCache[$iRoleId]->getUserIds()); $aMapPermAllowed[$iPermissionId]['group'] = array_merge($aAllowed['group'], $_roleCache[$iRoleId]->getGroupIds()); - // naturally, roles cannot be assigned roles, or madness follows. } } @@ -371,8 +361,7 @@ class KTPermissionUtil { } $oPD = KTPermissionDescriptor::get($oPLA->getPermissionDescriptorID()); $aGroups = GroupUtil::listGroupsForUserExpand($oUser); - if ($oPD->hasUsers(array($oUser))) { return true; } - else { return $oPD->hasGroups($aGroups); } + return $oPD->hasGroups($aGroups); } // }}} diff --git a/lib/roles/roleallocation.inc.php b/lib/roles/roleallocation.inc.php index f30e6de..5bf8950 100644 --- a/lib/roles/roleallocation.inc.php +++ b/lib/roles/roleallocation.inc.php @@ -66,18 +66,6 @@ class RoleAllocation extends KTEntity { $this->iPermissionDescriptorId = $oDescriptor->getId(); } - function getAllowed() { - if (!is_null($this->iPermissionDescriptorId)) { - $oDescriptor = KTPermissionDescriptor::get($this->iPermissionDescriptorId); // fully done, etc. - $aAllowed = $oDescriptor->getAllowed(); - } else { - $aAllowed = array(); - } - return $aAllowed; - } - - - function _fieldValues () { return array( 'role_id' => $this->iRoleId, 'folder_id' => $this->iFolderId, diff --git a/plugins/ktcore/KTCorePlugin.php b/plugins/ktcore/KTCorePlugin.php index f6c70a4..17d8a07 100644 --- a/plugins/ktcore/KTCorePlugin.php +++ b/plugins/ktcore/KTCorePlugin.php @@ -58,7 +58,6 @@ class KTCorePlugin extends KTPlugin { // Permissions $this->registerAction('documentaction', 'KTDocumentPermissionsAction', 'ktcore.actions.document.permissions', 'KTPermissions.php'); $this->registerAction('folderaction', 'KTRoleAllocationPlugin', 'ktcore.actions.folder.roles', 'KTPermissions.php'); - $this->registerAction('documentaction', 'KTDocumentRolesAction', 'ktcore.actions.document.roles', 'KTPermissions.php'); $this->registerDashlet('KTInfoDashlet', 'ktcore.dashlet.info', 'KTDashlets.php'); $this->registerDashlet('KTNotificationDashlet', 'ktcore.dashlet.notifications', 'KTDashlets.php'); diff --git a/plugins/ktcore/KTPermissions.php b/plugins/ktcore/KTPermissions.php index e51da90..67c8460 100644 --- a/plugins/ktcore/KTPermissions.php +++ b/plugins/ktcore/KTPermissions.php @@ -35,12 +35,10 @@ require_once(KT_LIB_DIR . "/groups/Group.inc"); require_once(KT_LIB_DIR . "/users/User.inc"); require_once(KT_LIB_DIR . "/roles/Role.inc"); require_once(KT_LIB_DIR . "/roles/roleallocation.inc.php"); -require_once(KT_LIB_DIR . "/roles/documentroleallocation.inc.php"); require_once(KT_LIB_DIR . "/permissions/permission.inc.php"); require_once(KT_LIB_DIR . "/permissions/permissionobject.inc.php"); -require_once(KT_LIB_DIR . "/permissions/permissionlookup.inc.php"); require_once(KT_LIB_DIR . "/permissions/permissionassignment.inc.php"); require_once(KT_LIB_DIR . "/permissions/permissiondescriptor.inc.php"); require_once(KT_LIB_DIR . "/permissions/permissionutil.inc.php"); @@ -54,87 +52,52 @@ class KTDocumentPermissionsAction extends KTDocumentAction { } function do_main() { - $this->oPage->setBreadcrumbDetails("Document Permissions"); + $this->oPage->setBreadcrumbDetails("permissions"); + $oTemplate = $this->oValidator->validateTemplate("ktcore/document/document_permissions"); - - $oPL = KTPermissionLookup::get($this->oDocument->getPermissionLookupID()); + $oPO = KTPermissionObject::get($this->oDocument->getPermissionObjectID()); $aPermissions = KTPermission::getList(); $aMapPermissionGroup = array(); - $aMapPermissionRole = array(); - $aMapPermissionUser = array(); - - $aAllGroups = Group::getList(); // probably small enough - $aAllRoles = Role::getList(); // probably small enough. - // users are _not_ fetched this way. - - $aActiveGroups = array(); - $aActiveUsers = array(); - $aActiveRoles = array(); - + $aMapPermissionRole = array(); foreach ($aPermissions as $oPermission) { - $oPLA = KTPermissionLookupAssignment::getByPermissionAndLookup($oPermission, $oPL); - if (PEAR::isError($oPLA)) { + $oPA = KTPermissionAssignment::getByPermissionAndObject($oPermission, $oPO); + if (PEAR::isError($oPA)) { continue; } - $oDescriptor = KTPermissionDescriptor::get($oPLA->getPermissionDescriptorID()); + $oDescriptor = KTPermissionDescriptor::get($oPA->getPermissionDescriptorID()); $iPermissionID = $oPermission->getID(); $aIDs = $oDescriptor->getGroups(); $aMapPermissionGroup[$iPermissionID] = array(); foreach ($aIDs as $iID) { $aMapPermissionGroup[$iPermissionID][$iID] = true; - $aActiveGroups[$iID] = true; } $aIds = $oDescriptor->getRoles(); $aMapPermissionRole[$iPermissionID] = array(); foreach ($aIds as $iId) { $aMapPermissionRole[$iPermissionID][$iId] = true; - $aActiveRoles[$iId] = true; - } - $aIds = $oDescriptor->getUsers(); - $aMapPermissionUser[$iPermissionID] = array(); - foreach ($aIds as $iId) { - $aMapPermissionUser[$iPermissionID][$iId] = true; - $aActiveUsers[$iId] = true; } } - - // now we constitute the actual sets. - $users = array(); - $groups = array(); - $roles = array(); // should _always_ be empty, barring a bug in permissions::updatePermissionLookup - // this should be quite limited - direct role -> user assignment is typically rare. - foreach ($aActiveUsers as $id => $marker) { - $oUser = User::get($id); - $users[$oUser->getName()] = $oUser; - } - asort($users); // ascending, per convention. - - foreach ($aActiveGroups as $id => $marker) { - $oGroup = Group::get($id); - $groups[$oGroup->getName()] = $oGroup; - } - asort($groups); - - foreach ($aActiveRoles as $id => $marker) { - $oRole = Role::get($id); - $roles[$oRole->getName()] = $oRole; - } - asort($roles); - - $bEdit = false; - $sInherited = ''; + $oInherited = KTPermissionUtil::findRootObjectForPermissionObject($oPO); + if ($oInherited === $this->oDocument) { + $bEdit = true; + } else { + $iInheritedFolderID = $oInherited->getID(); + /* $sInherited = displayFolderPathLink(Folder::getFolderPathAsArray($iInheritedFolderID), + Folder::getFolderPathNamesAsArray($iInheritedFolderID), + "$default->rootUrl/control.php?action=editFolderPermissions");*/ + $sInherited = join(" » ", $oInherited->getPathArray()); + $bEdit = false; + } $aTemplateData = array( "context" => $this, "permissions" => $aPermissions, - "groups" => $groups, - "users" => $users, - "roles" => $roles, + "groups" => Group::getList(), + "roles" => Role::getList(), "iDocumentID" => $_REQUEST['fDocumentID'], "aMapPermissionGroup" => $aMapPermissionGroup, "aMapPermissionRole" => $aMapPermissionRole, - "aMapPermissionUser" => $aMapPermissionUser, "edit" => $bEdit, "inherited" => $sInherited, ); @@ -546,93 +509,3 @@ class KTRoleAllocationPlugin extends KTFolderAction { } } } - -class KTDocumentRolesAction extends KTDocumentAction { - var $sDisplayName = 'View Roles'; - var $sName = 'ktcore.actions.document.roles'; - - var $_sShowPermission = "ktcore.permissions.write"; - var $bAutomaticTransaction = true; - - function do_main() { - $this->oPage->setTitle(_("View Roles")); - $this->oPage->setBreadcrumbDetails(_("View Roles")); - $oTemplating = new KTTemplating; - $oTemplate = $oTemplating->loadTemplate("ktcore/action/view_roles"); - - // we need to have: - // - a list of roles - // - with their users / groups - // - and that allocation id - $aRoles = array(); // stores data for display. - - $aRoleList = Role::getList(); - foreach ($aRoleList as $oRole) { - $iRoleId = $oRole->getId(); - $aRoles[$iRoleId] = array("name" => $oRole->getName()); - $oRoleAllocation = DocumentRoleAllocation::getAllocationsForDocumentAndRole($this->oDocument->getId(), $iRoleId); - if (is_null($oRoleAllocation)) { - $oRoleAllocation = RoleAllocation::getAllocationsForFolderAndRole($this->oDocument->getFolderID(), $iRoleId); - } - - $u = array(); - $g = array(); - $aid = null; - $raid = null; - if (is_null($oRoleAllocation)) { - ; // nothing. - } else { - //var_dump($oRoleAllocation); - $raid = $oRoleAllocation->getId(); // real_alloc_id - $aAllowed = $oRoleAllocation->getAllowed(); - - if (!empty($aAllowed['user'])) { - $u = $aAllowed['user']; - } - if (!empty($aAllowed['group'])) { - $g = $aAllowed['group']; - } - } - $aRoles[$iRoleId]['users'] = $u; - $aRoles[$iRoleId]['groups'] = $g; - $aRoles[$iRoleId]['real_allocation_id'] = $raid; - } - - // final step. - - // map to users, groups. - foreach ($aRoles as $key => $role) { - $_users = array(); - foreach ($aRoles[$key]['users'] as $iUserId) { - $oUser = User::get($iUserId); - if (!(PEAR::isError($oUser) || ($oUser == false))) { - $_users[] = $oUser->getName(); - } - } - if (empty($_users)) { - $aRoles[$key]['users'] = ' ' . _('no users') . ''; - } else { - $aRoles[$key]['users'] = implode(', ',$_users); - } - - $_groups = array(); - foreach ($aRoles[$key]['groups'] as $iGroupId) { - $oGroup = Group::get($iGroupId); - if (!(PEAR::isError($oGroup) || ($oGroup == false))) { - $_groups[] = $oGroup->getName(); - } - } - if (empty($_groups)) { - $aRoles[$key]['groups'] = ' ' . _('no groups') . ''; - } else { - $aRoles[$key]['groups'] = implode(', ',$_groups); - } - } - - $aTemplateData = array( - 'context' => &$this, - 'roles' => $aRoles, - ); - return $oTemplate->render($aTemplateData); - } -} \ No newline at end of file diff --git a/templates/ktcore/document/document_permissions.smarty b/templates/ktcore/document/document_permissions.smarty index 9debfcc..c5139da 100644 --- a/templates/ktcore/document/document_permissions.smarty +++ b/templates/ktcore/document/document_permissions.smarty @@ -1,15 +1,31 @@

{i18n}Document permissions{/i18n}

-

{i18n}This page shows the permissions that apply to -this specific document. Where the folder view shows you information by role and group, -this page shows the actual groups (and, if they are assigned directly to a role, the users) -who have the different permissions. As a result, groups, users and roles with no -permissions are not shown.{/i18n}

- -{if ((empty($roles) && empty($groups) && empty($users)))} -

{i18n}No roles or groups have been defined or have permissions.{/i18n}

+ + +{if ((empty($roles) && empty($groups)))} +

{i18n}No roles or groups have been defined. Permissions can only +be allocated to roles and groups.{/i18n}

{else} +{* + +{if $iFolderId != 1} +
+{ if $inherited } +

{i18n arg_permission_source=$inherited}This folder inherits its permissions from #permission_source#.{/i18n} +{i18n}Override Permissions{/i18n}

+{ else } +

{i18n}This folder defines its own permissions.{/i18n} +{i18n}Inherit permissions{/i18n} +{ /if } + +

+{ /if } + +*} +
@@ -78,36 +94,6 @@ value="{$iGroupId}"> { /foreach } { /foreach } - - -{ foreach item=oUser from=$users } -{i18n}User: {/i18n} {$oUser->getName()} - { assign var=iUserId value=$oUser->getId() } - { foreach item=oPerm from=$permissions } - { assign var=iPermId value=$oPerm->getId() } - { assign var=bHasPerm value=$aMapPermissionUser[$iPermId][$iUserId] } - -{ if $edit} -{ if $bHasPerm } - -{ else } - -{ /if } -{else} -{ if $bHasPerm } -{i18n}Allowed{/i18n} -{ else } -{i18n}Denied{/i18n} -{ /if } -{/if} - - - { /foreach } - -{ /foreach } - {if $edit}