back out the role allocation (document) stuff.

git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@5056 c91229c3-7414-0410-bfa2-8a42b809f60b

back out the role allocation (document) stuff.
git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@5056 c91229c3-7414-0410-bfa2-8a42b809f60b
Brad Shuttleworth
1 parent 46bc6653
Showing 8 changed files with 48 additions and 225 deletions
config/tableMappings.inc
lib/documentmanagement/Document.inc
lib/documentmanagement/documentcore.inc.php
lib/permissions/permissionutil.inc.php
lib/roles/roleallocation.inc.php
plugins/ktcore/KTCorePlugin.php
plugins/ktcore/KTPermissions.php
templates/ktcore/document/document_permissions.smarty
@@ -143,7 +143,6 @@ $default-&gt;notifications_table = &quot;notifications&quot;;
 $default->authentication_sources_table = "authentication_sources";
 $default->dashlet_disable_table = "dashlet_disables";
 $default->role_allocations_table = "role_allocations";
-$default->document_role_allocations_table = "document_role_allocations";
 $default->plugins_table = "plugins";
 $default->document_metadata_version_table = "document_metadata_version";
 $default->document_content_version_table = "document_content_version";
@@ -69,9 +69,6 @@ class Document {
     function getCreatorID() { return $this->_oDocumentCore->getCreatorId(); }
     function setCreatorID($iNewValue) { $this->_oDocumentCore->setCreatorId($iNewValue); }
-    function getOwnerID() { return $this->_oDocumentCore->getOwnerId(); }
-    function setOwnerID($iNewValue) { $this->_oDocumentCore->setOwnerId($iNewValue); }
-    
     function getLastModifiedDate() { return $this->_oDocumentCore->getLastModifiedDate(); }
     function setLastModifiedDate($dNewValue) { $this->_oDocumentCore->setLastModifiedDate($dNewValue); }
@@ -421,7 +418,6 @@ class Document {
         $oDocument = new Document();
         $aOptions = array_change_key_case($aOptions);
-        
         $aCoreKeys = array(
             "CreatorId",
             "Created",
@@ -73,7 +73,6 @@ class KTDocumentCore extends KTEntity {
         // transaction-related
         "iCreatorId" => 'creator_id',
-        
         "dCreated" => 'created',
         "iModifiedUserId" => 'modified_user_id',
         "dModified" => 'modified',
@@ -93,7 +92,6 @@ class KTDocumentCore extends KTEntity {
         // permission-related
         "iPermissionObjectId" => 'permission_object_id',
         "iPermissionLookupId" => 'permission_lookup_id',
-        "iOwnerId" => 'owner_id',
     );
     function KTDocument() {
@@ -102,8 +100,6 @@ class KTDocumentCore extends KTEntity {
     // {{{ getters/setters
     function getCreatorId() { return $this->iCreatorId; }
     function setCreatorId($iNewValue) { $this->iCreatorId = $iNewValue; }
-    function getOwnerId() { return $this->iOwnerId; }
-    function setOwnerId($iNewValue) { $this->iOwnerId = $iNewValue; }    
     function getCreatedDateTime() { return $this->dCreated; }
     function getModifiedUserId() { return $this->iModifiedUserId; }
     function setModifiedUserId($iNewValue) { $this->iModifiedUserId = $iNewValue; }
@@ -216,9 +212,6 @@ class KTDocumentCore extends KTEntity {
         if (empty($this->iModifiedUserId)) {
             $this->iModifiedUserId = $this->iCreatorId;
         }
-        if (empty($this->iOwnerId)) {
-            $this->iOwnerId = $this->iCreatorId;
-        }
         if (empty($this->iMetadataVersion)) {
             $this->iMetadataVersion = 0;
         }
@@ -228,7 +221,7 @@ class KTDocumentCore extends KTEntity {
         $oFolder = Folder::get($this->getFolderId());
         $this->iPermissionObjectId = $oFolder->getPermissionObjectId();
         $res = parent::create();
-        
+
         if ($res === true) {
             KTPermissionUtil::updatePermissionLookup($this);
         }
@@ -37,7 +37,6 @@ require_once(KT_LIB_DIR . &quot;/permissions/permissionobject.inc.php&quot;);
 require_once(KT_LIB_DIR . "/permissions/permissiondynamiccondition.inc.php");
 require_once(KT_LIB_DIR . "/groups/GroupUtil.php");
 require_once(KT_LIB_DIR . "/roles/roleallocation.inc.php");
-require_once(KT_LIB_DIR . "/roles/documentroleallocation.inc.php");
 require_once(KT_LIB_DIR . "/workflow/workflowutil.inc.php");
 require_once(KT_LIB_DIR . "/workflow/workflowstatepermissionsassignment.inc.php");
@@ -311,22 +310,13 @@ class KTPermissionUtil {
                 foreach ($aAllowed['role'] as $iRoleId) {
                     // store the PD <-> RoleId map
                     if (!array_key_exists($iRoleId, $_roleCache)) {
-                        $oRoleAllocation = null;
-                        if (is_a($oFolderOrDocument, 'KTDocumentCore') || is_a($oFolderOrDocument, 'Document')) {
-                            $oRoleAllocation =& DocumentRoleAllocation::getAllocationsForDocumentAndRole($oFolderOrDocument->getId(), $iRoleId);
-                            if (PEAR::isError($oRoleAllocation)) { $oRoleAllocation = null; }
-                        }
-                        // if that's null - not set _on_ the document, then
-                        if (is_null($oRoleAllocation)) {
-                            $oRoleAllocation =& RoleAllocation::getAllocationsForFolderAndRole($iRoleSourceFolder, $iRoleId);
-                        }
+                        $oRoleAllocation =& RoleAllocation::getAllocationsForFolderAndRole($iRoleSourceFolder, $iRoleId);
                         $_roleCache[$iRoleId] = $oRoleAllocation;
                     }
                     // roles are _not_ always assigned (can be null at root)
-                    if (!is_null($_roleCache[$iRoleId])) {
+                    if ($_roleCache[$iRoleId] != null) {
                         $aMapPermAllowed[$iPermissionId]['user'] = array_merge($aAllowed['user'], $_roleCache[$iRoleId]->getUserIds());
                         $aMapPermAllowed[$iPermissionId]['group'] = array_merge($aAllowed['group'], $_roleCache[$iRoleId]->getGroupIds());
-                        // naturally, roles cannot be assigned roles, or madness follows.
                     }
                 }
@@ -371,8 +361,7 @@ class KTPermissionUtil {
         }
         $oPD = KTPermissionDescriptor::get($oPLA->getPermissionDescriptorID());
         $aGroups = GroupUtil::listGroupsForUserExpand($oUser);
-        if ($oPD->hasUsers(array($oUser))) { return true; }
-        else { return $oPD->hasGroups($aGroups); }
+        return $oPD->hasGroups($aGroups);
     }
     // }}}
@@ -66,18 +66,6 @@ class RoleAllocation extends KTEntity {
 		$this->iPermissionDescriptorId = $oDescriptor->getId();
 	}
-	function getAllowed() {
-	    if (!is_null($this->iPermissionDescriptorId)) {
-	        $oDescriptor = KTPermissionDescriptor::get($this->iPermissionDescriptorId); // fully done, etc.	
-		    $aAllowed = $oDescriptor->getAllowed();
-		} else {
-		    $aAllowed = array();
-		}
-		return $aAllowed;
-	}
-		
-	
-	
     function _fieldValues () { return array(
             'role_id' => $this->iRoleId,
             'folder_id' => $this->iFolderId,
@@ -58,7 +58,6 @@ class KTCorePlugin extends KTPlugin {
         // Permissions
         $this->registerAction('documentaction', 'KTDocumentPermissionsAction', 'ktcore.actions.document.permissions', 'KTPermissions.php');
         $this->registerAction('folderaction', 'KTRoleAllocationPlugin', 'ktcore.actions.folder.roles', 'KTPermissions.php');
-        $this->registerAction('documentaction', 'KTDocumentRolesAction', 'ktcore.actions.document.roles', 'KTPermissions.php');
         $this->registerDashlet('KTInfoDashlet', 'ktcore.dashlet.info', 'KTDashlets.php');
         $this->registerDashlet('KTNotificationDashlet', 'ktcore.dashlet.notifications', 'KTDashlets.php');
@@ -35,12 +35,10 @@ require_once(KT_LIB_DIR . &quot;/groups/Group.inc&quot;);
 require_once(KT_LIB_DIR . "/users/User.inc");
 require_once(KT_LIB_DIR . "/roles/Role.inc");
 require_once(KT_LIB_DIR . "/roles/roleallocation.inc.php");
-require_once(KT_LIB_DIR . "/roles/documentroleallocation.inc.php");
 require_once(KT_LIB_DIR . "/permissions/permission.inc.php");
 require_once(KT_LIB_DIR . "/permissions/permissionobject.inc.php");
-require_once(KT_LIB_DIR . "/permissions/permissionlookup.inc.php");
 require_once(KT_LIB_DIR . "/permissions/permissionassignment.inc.php");
 require_once(KT_LIB_DIR . "/permissions/permissiondescriptor.inc.php");
 require_once(KT_LIB_DIR . "/permissions/permissionutil.inc.php");
@@ -54,87 +52,52 @@ class KTDocumentPermissionsAction extends KTDocumentAction {
     }
     function do_main() {
-        $this->oPage->setBreadcrumbDetails("Document Permissions");
+        $this->oPage->setBreadcrumbDetails("permissions");
+
         $oTemplate = $this->oValidator->validateTemplate("ktcore/document/document_permissions");
-		
-        $oPL = KTPermissionLookup::get($this->oDocument->getPermissionLookupID());
+        $oPO = KTPermissionObject::get($this->oDocument->getPermissionObjectID());
         $aPermissions = KTPermission::getList();
         $aMapPermissionGroup = array();
-        $aMapPermissionRole = array();	
-		$aMapPermissionUser = array();	
-		
-		$aAllGroups = Group::getList();   // probably small enough
-		$aAllRoles = Role::getList();     // probably small enough.
-		// users are _not_ fetched this way.
-		
-		$aActiveGroups = array();
-		$aActiveUsers = array();
-		$aActiveRoles = array();
-		
+        $aMapPermissionRole = array();		
         foreach ($aPermissions as $oPermission) {
-            $oPLA = KTPermissionLookupAssignment::getByPermissionAndLookup($oPermission, $oPL);
-            if (PEAR::isError($oPLA)) {
+            $oPA = KTPermissionAssignment::getByPermissionAndObject($oPermission, $oPO);
+            if (PEAR::isError($oPA)) {
                 continue;
             }
-            $oDescriptor = KTPermissionDescriptor::get($oPLA->getPermissionDescriptorID());
+            $oDescriptor = KTPermissionDescriptor::get($oPA->getPermissionDescriptorID());
             $iPermissionID = $oPermission->getID();
             $aIDs = $oDescriptor->getGroups();
             $aMapPermissionGroup[$iPermissionID] = array();
             foreach ($aIDs as $iID) {
                 $aMapPermissionGroup[$iPermissionID][$iID] = true;
-				$aActiveGroups[$iID] = true;
             }
             $aIds = $oDescriptor->getRoles();
             $aMapPermissionRole[$iPermissionID] = array();
             foreach ($aIds as $iId) {
                 $aMapPermissionRole[$iPermissionID][$iId] = true;
-				$aActiveRoles[$iId] = true;
-            }		
-			$aIds = $oDescriptor->getUsers();
-            $aMapPermissionUser[$iPermissionID] = array();
-            foreach ($aIds as $iId) {
-                $aMapPermissionUser[$iPermissionID][$iId] = true;
-				$aActiveUsers[$iId] = true;
             }		
         }
-		
-		// now we constitute the actual sets.
-		$users = array();
-		$groups = array();
-		$roles = array(); // should _always_ be empty, barring a bug in permissions::updatePermissionLookup
-		// this should be quite limited - direct role -> user assignment is typically rare.
-		foreach ($aActiveUsers as $id => $marker) {
-		    $oUser = User::get($id);
-			$users[$oUser->getName()] = $oUser;
-		}
-		asort($users); // ascending, per convention.
-		
-		foreach ($aActiveGroups as $id => $marker) {
-		    $oGroup = Group::get($id);
-			$groups[$oGroup->getName()] = $oGroup;
-		}
-		asort($groups);
-		
-		foreach ($aActiveRoles as $id => $marker) {
-		    $oRole = Role::get($id);
-			$roles[$oRole->getName()] = $oRole;
-		}
-		asort($roles);
-		
-        $bEdit = false;
-		$sInherited = '';
+        $oInherited = KTPermissionUtil::findRootObjectForPermissionObject($oPO);
+        if ($oInherited === $this->oDocument) {
+            $bEdit = true;
+        } else {
+            $iInheritedFolderID = $oInherited->getID();
+            /* $sInherited = displayFolderPathLink(Folder::getFolderPathAsArray($iInheritedFolderID),
+                        Folder::getFolderPathNamesAsArray($iInheritedFolderID),
+                        "$default->rootUrl/control.php?action=editFolderPermissions");*/
+            $sInherited = join(" &raquo; ", $oInherited->getPathArray());
+            $bEdit = false;
+        }
         $aTemplateData = array(
             "context" => $this,
             "permissions" => $aPermissions,
-            "groups" => $groups,
-			"users" => $users,
-            "roles" => $roles,			
+            "groups" => Group::getList(),
+            "roles" => Role::getList(),			
             "iDocumentID" => $_REQUEST['fDocumentID'],
             "aMapPermissionGroup" => $aMapPermissionGroup,
             "aMapPermissionRole" => $aMapPermissionRole,			
-			"aMapPermissionUser" => $aMapPermissionUser,
             "edit" => $bEdit,
             "inherited" => $sInherited,
         );
@@ -546,93 +509,3 @@ class KTRoleAllocationPlugin extends KTFolderAction {
 		}
 	}
 }
-
-class KTDocumentRolesAction extends KTDocumentAction {
-    var $sDisplayName = 'View Roles';
-    var $sName = 'ktcore.actions.document.roles';
-
-    var $_sShowPermission = "ktcore.permissions.write";
-    var $bAutomaticTransaction = true;
-
-    function do_main() {
-        $this->oPage->setTitle(_("View Roles"));
-        $this->oPage->setBreadcrumbDetails(_("View Roles"));
-        $oTemplating = new KTTemplating;
-        $oTemplate = $oTemplating->loadTemplate("ktcore/action/view_roles");
-        
-        // we need to have:
-        //   - a list of roles
-        //   - with their users / groups
-        //   - and that allocation id
-        $aRoles = array(); // stores data for display.
-        
-        $aRoleList = Role::getList();
-        foreach ($aRoleList as $oRole) {
-            $iRoleId = $oRole->getId();
-            $aRoles[$iRoleId] = array("name" => $oRole->getName());
-            $oRoleAllocation = DocumentRoleAllocation::getAllocationsForDocumentAndRole($this->oDocument->getId(), $iRoleId);
-			if (is_null($oRoleAllocation)) {
-				$oRoleAllocation = RoleAllocation::getAllocationsForFolderAndRole($this->oDocument->getFolderID(), $iRoleId);
-			}
-            
-            $u = array();
-            $g = array();
-            $aid = null;
-            $raid = null;
-            if (is_null($oRoleAllocation)) {
-                ; // nothing.
-            } else {
-			    //var_dump($oRoleAllocation);
-                $raid = $oRoleAllocation->getId(); // real_alloc_id
-                $aAllowed = $oRoleAllocation->getAllowed();
-
-                if (!empty($aAllowed['user'])) {
-                    $u = $aAllowed['user'];
-                }
-                if (!empty($aAllowed['group'])) {
-                    $g = $aAllowed['group'];
-				}
-			}
-            $aRoles[$iRoleId]['users'] = $u;
-            $aRoles[$iRoleId]['groups'] = $g;
-            $aRoles[$iRoleId]['real_allocation_id'] = $raid;
-        }     
-        
-        // final step.
-        
-        // map to users, groups.
-        foreach ($aRoles as $key => $role) {          
-            $_users = array();
-            foreach ($aRoles[$key]['users'] as $iUserId) {
-                $oUser = User::get($iUserId);
-                if (!(PEAR::isError($oUser) || ($oUser == false))) {
-                    $_users[] = $oUser->getName();
-                }
-            }
-			if (empty($_users)) {
-			    $aRoles[$key]['users'] = '<span class="descriptiveText"> ' . _('no users') . '</span>'; 	
-			} else {
-			    $aRoles[$key]['users'] = implode(', ',$_users);
-			}		
-		
-            $_groups = array();
-            foreach ($aRoles[$key]['groups'] as $iGroupId) {
-                $oGroup = Group::get($iGroupId);
-                if (!(PEAR::isError($oGroup) || ($oGroup == false))) {
-                    $_groups[] = $oGroup->getName();
-                }
-            }
-			if (empty($_groups)) {
-			    $aRoles[$key]['groups'] = '<span class="descriptiveText"> ' . _('no groups') . '</span>'; 	
-			} else {
-			    $aRoles[$key]['groups'] = implode(', ',$_groups);
-			}
-        }
-        
-        $aTemplateData = array(
-            'context' => &$this,
-            'roles' => $aRoles,
-        );
-        return $oTemplate->render($aTemplateData);
-    }
-}
 \ No newline at end of file
 <h2>{i18n}Document permissions{/i18n}</h2>
-<p class="descriptiveText">{i18n}This page shows the permissions that apply to
-this specific document.  Where the folder view shows you information by role and group,
-this page shows the actual groups (and, if they are assigned directly to a role, the users)
-who have the different permissions. As a result, groups, users and roles with <strong>no</strong>
-permissions are not shown.{/i18n}</p>
-
-{if ((empty($roles) && empty($groups) && empty($users)))}
-<div class="ktInfo"><p>{i18n}No roles or groups have been defined or have permissions.{/i18n}</p></div>
+
+
+{if ((empty($roles) && empty($groups)))}
+<div class="ktInfo"><p>{i18n}No roles or groups have been defined.  Permissions can only
+be allocated to roles and groups.{/i18n}</p></div>
 {else}
+{*
+
+{if $iFolderId != 1}
+<div class="ktInfo">
+{ if $inherited }
+<p>{i18n arg_permission_source=$inherited}This folder <strong>inherits</strong> its permissions from #permission_source#.{/i18n} 
+<a class="ktActionLink ktEdit"
+   href="{addQS}action=copyPermissions&fFolderId={$iFolderId}{/addQS}">{i18n}Override Permissions{/i18n}</a> </p>
+{ else }
+<p>{i18n}This folder defines its own permissions.{/i18n} 
+<a class="ktActionLink ktDelete"
+   href="{addQS}action=inheritPermissions&fFolderId={$iFolderId}{/addQS}">{i18n}Inherit permissions{/i18n}</a>
+{ /if }
+</span>
+</div>
+{ /if }
+
+*}
+
 <form action="{$smarty.server.PHP_SELF}" method="POST">
 <input type="hidden" name="action" value="update">
 <input type="hidden" name="fFolderId" value="{$iFolderId}">
@@ -78,36 +94,6 @@ value=&quot;{$iGroupId}&quot;&gt;&lt;/td&gt;
   { /foreach }
 </tr>
 { /foreach }
-
-
-{ foreach item=oUser from=$users }
-<td><span class="descriptiveText">{i18n}User: {/i18n}</span> {$oUser->getName()}</td>
-  { assign var=iUserId value=$oUser->getId() }
-  { foreach item=oPerm from=$permissions }
-    { assign var=iPermId value=$oPerm->getId() }
-    { assign var=bHasPerm value=$aMapPermissionUser[$iPermId][$iUserId] }
-
-{ if $edit}
-{ if $bHasPerm }
-<td class="centered"><input type="checkbox" name="foo[{$iPermId}][group][]"
-value="{$iGroupId}" checked="true"></td>
-{ else }
-<td class="centered"><input type="checkbox" name="foo[{$iPermId}][group][]"
-value="{$iGroupId}"></td>
-{ /if }
-{else}
-{ if $bHasPerm }
-<td class="centered"><span class="ktAction ktInline ktAllowed">{i18n}Allowed{/i18n}</span></td>
-{ else }
-<td class="centered"><span class="ktAction ktInline ktDenied">{i18n}Denied{/i18n}</span></td>
-{ /if }
-{/if}
-
-
-  { /foreach }
-</tr>
-{ /foreach }
-
 </tbody>
 </table>
 {if $edit}