Peter M. Groen / knowledgetree

Commit a8552d870c70643f4d541c82b4033c77f9b49551

Authored by rob
1 parent b1a71138

Updated to facilitable table changes to folders_users_roles_link 


git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@696 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 1 changed file with 14 additions and 14 deletions
lib/security/permission.inc
  View file @a8552d8
@@ -28,7 +28,8 @@ class Permission { @@ -28,7 +28,8 @@ class Permission {
28 */ 28 */
29 function userHasDocumentWritePermission($iDocumentID) { 29 function userHasDocumentWritePermission($iDocumentID) {
30 $oDocument = & Document::get($iDocumentID); 30 $oDocument = & Document::get($iDocumentID);
31 - if (Permission::userHasFolderWritePermission($oDocument->getFolderID())) { 31 + if (Permission::userHasFolderWritePermission($oDocument->getFolderID()) ||
  32 + Permission::userHasWriteRoleForDocument($iDocumentID)) {
32 return true; 33 return true;
33 } 34 }
34 $_SESSION["errorMessage"] = $lang_err_user_doc_write . "id " . $iDocumentID; 35 $_SESSION["errorMessage"] = $lang_err_user_doc_write . "id " . $iDocumentID;
@@ -49,6 +50,7 @@ class Permission { @@ -49,6 +50,7 @@ class Permission {
49 function userHasDocumentReadPermission($iDocumentID) { 50 function userHasDocumentReadPermission($iDocumentID) {
50 $oDocument = & Document::get($iDocumentID); 51 $oDocument = & Document::get($iDocumentID);
51 if (Permission::userHasDocumentWritePermission($iDocumentID) || 52 if (Permission::userHasDocumentWritePermission($iDocumentID) ||
  53 + Permission::userHasReadRoleForDocument($iDocumentID) ||
52 Permission::userHasFolderReadPermission($oDocument->getFolderID())) { 54 Permission::userHasFolderReadPermission($oDocument->getFolderID())) {
53 return true; 55 return true;
54 } 56 }
@@ -70,8 +72,7 @@ class Permission { @@ -70,8 +72,7 @@ class Permission {
70 */ 72 */
71 function userHasFolderWritePermission($iFolderID) { 73 function userHasFolderWritePermission($iFolderID) {
72 global $lang_err_user_folder_write; 74 global $lang_err_user_folder_write;
73 - if (Permission::userHasGroupWritePermissionForFolder($iFolderID) ||  
74 - Permission::userHasWriteRoleForFolder($iFolderID) || 75 + if (Permission::userHasGroupWritePermissionForFolder($iFolderID) ||
75 Permission::userIsSystemAdministrator() || 76 Permission::userIsSystemAdministrator() ||
76 Permission::userIsUnitAdministratorForFolder($iFolderID)) { 77 Permission::userIsUnitAdministratorForFolder($iFolderID)) {
77 return true; 78 return true;
@@ -96,8 +97,7 @@ class Permission { @@ -96,8 +97,7 @@ class Permission {
96 global $lang_err_user_folder_write; 97 global $lang_err_user_folder_write;
97 if (Permission::folderIsPublic($iFolderID) || 98 if (Permission::folderIsPublic($iFolderID) ||
98 Permission::userHasFolderWritePermission($iFolderID) || 99 Permission::userHasFolderWritePermission($iFolderID) ||
99 - Permission::userHasGroupReadPermissionForFolder($iFolderID) ||  
100 - Permission::userHasReadRoleForFolder($iFolderID)) { 100 + Permission::userHasGroupReadPermissionForFolder($iFolderID)) {
101 return true; 101 return true;
102 } 102 }
103 $_SESSION["errorMessage"] = $lang_err_user_folder_write . "id " . $iFolderID; 103 $_SESSION["errorMessage"] = $lang_err_user_folder_write . "id " . $iFolderID;
@@ -234,13 +234,13 @@ class Permission { @@ -234,13 +234,13 @@ class Permission {
234 * 234 *
235 * @return boolean true is the user has the role assigned, false otherwise and set $_SESSION["errorMessage"] 235 * @return boolean true is the user has the role assigned, false otherwise and set $_SESSION["errorMessage"]
236 */ 236 */
237 - function userHasWriteRoleForFolder($iFolderID) { 237 + function userHasWriteRoleForDocument($iDocumentID) {
238 global $default, $lang_err_user_role; 238 global $default, $lang_err_user_role;
239 $sql = $default->db; 239 $sql = $default->db;
240 $sql->query("SELECT * FROM $default->owl_folders_user_roles_table AS FURL INNER JOIN $default->owl_groups_folders_approval_table AS GFAL ON FURL.group_folder_approval_id = GFAL.id " . 240 $sql->query("SELECT * FROM $default->owl_folders_user_roles_table AS FURL INNER JOIN $default->owl_groups_folders_approval_table AS GFAL ON FURL.group_folder_approval_id = GFAL.id " .
241 - "INNER JOIN $default->owl_roles_table AS R ON GFAL.role_id = R.id " .  
242 - "WHERE GFAL.folder_id = " . $iFolderID . " " .  
243 - "AND user_id = " . $_SESSION["userID"] . " " . 241 + "INNER JOIN $default->owl_roles_table AS R ON GFAL.role_id = R.id " .
  242 + "WHERE user_id = " . $_SESSION["userID"] . " " .
  243 + "AND FURL.document_id = $iDocumentID " .
244 "AND R.can_write = 1"); 244 "AND R.can_write = 1");
245 if ($sql->next_record()) { 245 if ($sql->next_record()) {
246 return true; 246 return true;
@@ -256,13 +256,13 @@ class Permission { @@ -256,13 +256,13 @@ class Permission {
256 * 256 *
257 * @return boolean true is the user has the role assigned, false otherwise and set $_SESSION["errorMessage"] 257 * @return boolean true is the user has the role assigned, false otherwise and set $_SESSION["errorMessage"]
258 */ 258 */
259 - function userHasReadRoleForFolder($iFolderID) { 259 + function userHasReadRoleForDocument($iDocumentID) {
260 global $default, $lang_err_user_role; 260 global $default, $lang_err_user_role;
261 $sql = $default->db; 261 $sql = $default->db;
262 - $sql->query("SELECT * " .  
263 - "FROM " . $default->owl_folders_user_roles_table . " AS FURL INNER JOIN " . $default->owl_roles_table . " AS R ON FURL.role_type_id = R.id " .  
264 - "WHERE folder_id = " . $iFolderID . " " .  
265 - "AND user_id = " . $_SESSION["userID"] . " " . 262 + $sql->query("SELECT * FROM $default->owl_folders_user_roles_table AS FURL INNER JOIN $default->owl_groups_folders_approval_table AS GFAL ON FURL.group_folder_approval_id = GFAL.id " .
  263 + "INNER JOIN $default->owl_roles_table AS R ON GFAL.role_id = R.id " .
  264 + "WHERE user_id = " . $_SESSION["userID"] . " " .
  265 + "AND FURL.document_id = $iDocumentID " .
266 "AND R.can_read = 1"); 266 "AND R.can_read = 1");
267 if ($sql->next_record()) { 267 if ($sql->next_record()) {
268 return true; 268 return true;