Commit a8552d870c70643f4d541c82b4033c77f9b49551
1 parent
b1a71138
Updated to facilitable table changes to folders_users_roles_link
git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@696 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
1 changed file
with
14 additions
and
14 deletions
lib/security/permission.inc
| ... | ... | @@ -28,7 +28,8 @@ class Permission { |
| 28 | 28 | */ |
| 29 | 29 | function userHasDocumentWritePermission($iDocumentID) { |
| 30 | 30 | $oDocument = & Document::get($iDocumentID); |
| 31 | - if (Permission::userHasFolderWritePermission($oDocument->getFolderID())) { | |
| 31 | + if (Permission::userHasFolderWritePermission($oDocument->getFolderID()) || | |
| 32 | + Permission::userHasWriteRoleForDocument($iDocumentID)) { | |
| 32 | 33 | return true; |
| 33 | 34 | } |
| 34 | 35 | $_SESSION["errorMessage"] = $lang_err_user_doc_write . "id " . $iDocumentID; |
| ... | ... | @@ -49,6 +50,7 @@ class Permission { |
| 49 | 50 | function userHasDocumentReadPermission($iDocumentID) { |
| 50 | 51 | $oDocument = & Document::get($iDocumentID); |
| 51 | 52 | if (Permission::userHasDocumentWritePermission($iDocumentID) || |
| 53 | + Permission::userHasReadRoleForDocument($iDocumentID) || | |
| 52 | 54 | Permission::userHasFolderReadPermission($oDocument->getFolderID())) { |
| 53 | 55 | return true; |
| 54 | 56 | } |
| ... | ... | @@ -70,8 +72,7 @@ class Permission { |
| 70 | 72 | */ |
| 71 | 73 | function userHasFolderWritePermission($iFolderID) { |
| 72 | 74 | global $lang_err_user_folder_write; |
| 73 | - if (Permission::userHasGroupWritePermissionForFolder($iFolderID) || | |
| 74 | - Permission::userHasWriteRoleForFolder($iFolderID) || | |
| 75 | + if (Permission::userHasGroupWritePermissionForFolder($iFolderID) || | |
| 75 | 76 | Permission::userIsSystemAdministrator() || |
| 76 | 77 | Permission::userIsUnitAdministratorForFolder($iFolderID)) { |
| 77 | 78 | return true; |
| ... | ... | @@ -96,8 +97,7 @@ class Permission { |
| 96 | 97 | global $lang_err_user_folder_write; |
| 97 | 98 | if (Permission::folderIsPublic($iFolderID) || |
| 98 | 99 | Permission::userHasFolderWritePermission($iFolderID) || |
| 99 | - Permission::userHasGroupReadPermissionForFolder($iFolderID) || | |
| 100 | - Permission::userHasReadRoleForFolder($iFolderID)) { | |
| 100 | + Permission::userHasGroupReadPermissionForFolder($iFolderID)) { | |
| 101 | 101 | return true; |
| 102 | 102 | } |
| 103 | 103 | $_SESSION["errorMessage"] = $lang_err_user_folder_write . "id " . $iFolderID; |
| ... | ... | @@ -234,13 +234,13 @@ class Permission { |
| 234 | 234 | * |
| 235 | 235 | * @return boolean true is the user has the role assigned, false otherwise and set $_SESSION["errorMessage"] |
| 236 | 236 | */ |
| 237 | - function userHasWriteRoleForFolder($iFolderID) { | |
| 237 | + function userHasWriteRoleForDocument($iDocumentID) { | |
| 238 | 238 | global $default, $lang_err_user_role; |
| 239 | 239 | $sql = $default->db; |
| 240 | 240 | $sql->query("SELECT * FROM $default->owl_folders_user_roles_table AS FURL INNER JOIN $default->owl_groups_folders_approval_table AS GFAL ON FURL.group_folder_approval_id = GFAL.id " . |
| 241 | - "INNER JOIN $default->owl_roles_table AS R ON GFAL.role_id = R.id " . | |
| 242 | - "WHERE GFAL.folder_id = " . $iFolderID . " " . | |
| 243 | - "AND user_id = " . $_SESSION["userID"] . " " . | |
| 241 | + "INNER JOIN $default->owl_roles_table AS R ON GFAL.role_id = R.id " . | |
| 242 | + "WHERE user_id = " . $_SESSION["userID"] . " " . | |
| 243 | + "AND FURL.document_id = $iDocumentID " . | |
| 244 | 244 | "AND R.can_write = 1"); |
| 245 | 245 | if ($sql->next_record()) { |
| 246 | 246 | return true; |
| ... | ... | @@ -256,13 +256,13 @@ class Permission { |
| 256 | 256 | * |
| 257 | 257 | * @return boolean true is the user has the role assigned, false otherwise and set $_SESSION["errorMessage"] |
| 258 | 258 | */ |
| 259 | - function userHasReadRoleForFolder($iFolderID) { | |
| 259 | + function userHasReadRoleForDocument($iDocumentID) { | |
| 260 | 260 | global $default, $lang_err_user_role; |
| 261 | 261 | $sql = $default->db; |
| 262 | - $sql->query("SELECT * " . | |
| 263 | - "FROM " . $default->owl_folders_user_roles_table . " AS FURL INNER JOIN " . $default->owl_roles_table . " AS R ON FURL.role_type_id = R.id " . | |
| 264 | - "WHERE folder_id = " . $iFolderID . " " . | |
| 265 | - "AND user_id = " . $_SESSION["userID"] . " " . | |
| 262 | + $sql->query("SELECT * FROM $default->owl_folders_user_roles_table AS FURL INNER JOIN $default->owl_groups_folders_approval_table AS GFAL ON FURL.group_folder_approval_id = GFAL.id " . | |
| 263 | + "INNER JOIN $default->owl_roles_table AS R ON GFAL.role_id = R.id " . | |
| 264 | + "WHERE user_id = " . $_SESSION["userID"] . " " . | |
| 265 | + "AND FURL.document_id = $iDocumentID " . | |
| 266 | 266 | "AND R.can_read = 1"); |
| 267 | 267 | if ($sql->next_record()) { |
| 268 | 268 | return true; | ... | ... |