Peter M. Groen / knowledgetree

Commit aff54aa6642c0e4e78add9cbb7ddbfc3610ba736

Authored by kevin_fourie
1 parent beed1ac8

Merged in from STABLE trunk... 

KTS-3616
"MyDropDocuments not working correctly in 3.5.3"
Fixed. updated ajax call and resolved permissions on document by looking at full path.

Committed By: Conrad Vermeulen
Reviewed By: Kevin Fourie


git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/STABLE/branches/3.5.3-Release-Branch@9167 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 2 changed files with 736 additions and 731 deletions
plugins/MyDropDocumentsPlugin/MyDropDocumentsPage.php
  View file @aff54aa
1 -<?php  
2 -/**  
3 - * $Id: $  
4 - *  
5 - * KnowledgeTree Community Edition  
6 - * Document Management Made Simple  
7 - * Copyright (C) 2008 KnowledgeTree Inc.  
8 - * Portions copyright The Jam Warehouse Software (Pty) Limited  
9 - *  
10 - * This program is free software; you can redistribute it and/or modify it under  
11 - * the terms of the GNU General Public License version 3 as published by the  
12 - * Free Software Foundation.  
13 - *  
14 - * This program is distributed in the hope that it will be useful, but WITHOUT  
15 - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS  
16 - * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more  
17 - * details.  
18 - *  
19 - * You should have received a copy of the GNU General Public License  
20 - * along with this program. If not, see <http://www.gnu.org/licenses/>.  
21 - *  
22 - * You can contact KnowledgeTree Inc., PO Box 7775 #87847, San Francisco,  
23 - * California 94120-7775, or email info@knowledgetree.com.  
24 - *  
25 - * The interactive user interfaces in modified source and object code versions  
26 - * of this program must display Appropriate Legal Notices, as required under  
27 - * Section 5 of the GNU General Public License version 3.  
28 - *  
29 - * In accordance with Section 7(b) of the GNU General Public License version 3,  
30 - * these Appropriate Legal Notices must retain the display of the "Powered by  
31 - * KnowledgeTree" logo and retain the original copyright notice. If the display of the  
32 - * logo is not reasonably feasible for technical reasons, the Appropriate Legal Notices  
33 - * must display the words "Powered by KnowledgeTree" and retain the original  
34 - * copyright notice.  
35 - * Contributor( s): ______________________________________  
36 - *  
37 - */  
38 -  
39 -require_once("config/dmsDefaults.php");  
40 -require_once(KT_DIR . "/ktapi/ktapi.inc.php");  
41 -require_once(KT_LIB_DIR . "/plugins/plugin.inc.php");  
42 -require_once(KT_LIB_DIR . "/plugins/pluginregistry.inc.php");  
43 -require_once(KT_LIB_DIR . "/dashboard/dashlet.inc.php");  
44 -require_once(KT_DIR . "/plugins/ktcore/KTFolderActions.php");  
45 -require_once(KT_DIR . "/ktapi/KTAPIFolder.inc.php");  
46 -require_once(KT_LIB_DIR . "/roles/Role.inc");  
47 -require_once(KT_LIB_DIR . "/roles/roleallocation.inc.php");  
48 -require_once(KT_LIB_DIR . "/permissions/permissionutil.inc.php");  
49 -require_once(KT_LIB_DIR . '/mime.inc.php');  
50 -/* This page is run via an AJAX call from the update.js for this plugin.  
51 - * It checks to see if both the dropdocuments folder and the users personal folder exist.  
52 - * If they don't, it creates them and assigns permission and roles accordingly.  
53 - * If the dropdocuments folder does exist it checks if the WorkSpaceOwner role exists.  
54 - * If the role exists it assigns the current user to the role on the dropdocuments folder.  
55 - * Therefore any users running the plugin after the dropdocuments folder has been created will have access to it too.  
56 - * The underlying logic is that everyone is assigned to the WorkSpaceOwner Role, they have all permission except  
57 - * Delete, Rename Folder, Manage security and Manage workflow on the dropdocuments folder.  
58 - * This role is then assigned to their personal folder too (which is named according to their username) and is overidden  
59 - * to give only the current user full rights to their folder.  
60 - * Essentially everyone can look at the dropdocuments folder but will only see their own folder within it.  
61 - */  
62 -  
63 -class MyDropDocumentsPage extends KTStandardDispatcher {  
64 -  
65 - function do_main() {  
66 -  
67 - $iRootID = (int)1;  
68 - $oUser = $this->oUser;  
69 - $sUserName = (string)$this->oUser->getUserName();  
70 - $this->ktapi = new KTAPI();  
71 - $this->session = $this->ktapi->start_system_session();  
72 -  
73 - if(!Folder::FolderExistsName('DroppedDocuments', $iRootID))  
74 - {  
75 -  
76 - $root=$this->ktapi->get_root_folder();  
77 -  
78 - //Create dropdocuments folder  
79 - $userFolder = $root->add_folder('DroppedDocuments');  
80 -  
81 - //In order to stop permission inheritance a copy of the parent permission object is created.  
82 - //This copy is then used to set separate permissions for this folder.  
83 - KTPermissionUtil::copyPermissionObject($userFolder->get_folder());  
84 -  
85 - //If WorkSpaceOwner role doesn't exist, create it  
86 - if(!$this->roleExistsName('WorkSpaceOwner'))  
87 - {  
88 - $oWorkSpaceOwnerRole = $this->createRole('WorkSpaceOwner');  
89 - if ($oWorkSpaceOwnerRole == null)  
90 - {  
91 - $this->session->logout();  
92 - return _kt('Error: Failed to create WorkSpaceOwner Role');  
93 - }  
94 - }  
95 -  
96 - //$root=$this->ktapi->get_root_folder();  
97 - //$personalFolder = $root->get_folder_by_name('/dropdocuments/'.$sUserName);  
98 -  
99 - //Get the folder object  
100 - $userFolderObject = $userFolder->get_folder();  
101 -  
102 - //Get the permission object from the dropdocuments folder object  
103 - $oUserPO = KTPermissionObject::get($userFolderObject->getPermissionObjectId());  
104 -  
105 - //Check to see if there are duplicate WorkSpaceOwner roles.  
106 - if (count($this->getRoleIdByName('WorkSpaceOwner')) > 1)  
107 - {  
108 - $this->session->logout();  
109 - return _kt('Error: cannot set user role permissions: more than one role named \'WorkSpaceOwner\' exists');  
110 -  
111 - }  
112 -  
113 - //call the function to set the permission on the dropdocuments folder  
114 - $this->setUserDocsPermissions($oUserPO);  
115 -  
116 - //Assign the current user to the WorkSpaceOwner role  
117 - $this->setUserDocsRoleAllocation($userFolderObject);  
118 -  
119 - }  
120 - else  
121 - {  
122 -  
123 - $root = $this->ktapi->get_root_folder();  
124 - $userFolder = $root->get_folder_by_name('/DroppedDocuments');  
125 -  
126 - //Get the dropdocuments folder object  
127 - $userFolderObject = $userFolder->get_folder();  
128 -  
129 - if(!$this->roleExistsName('WorkSpaceOwner'))  
130 - {  
131 -  
132 - $oWorkSpaceOwnerRole = $this->createRole('WorkSpaceOwner');  
133 - if ($oWorkSpaceOwnerRole == null)  
134 - {  
135 - $this->session->logout();  
136 - return _kt('Error: Failed to create WorkSpaceOwner Role');  
137 - }  
138 -  
139 - //set permissions  
140 - $oUserPO = KTPermissionObject::get($userFolderObject->getPermissionObjectId());  
141 - $this->setUserDocsPermissions($oUserPO);  
142 - //assign current user to role  
143 - $this->setUserDocsRoleAllocation($userFolderObject);  
144 - }  
145 - else  
146 - {  
147 -  
148 - //update WrokSpaceOwner role to include current user  
149 - $this->updateUserDocsRoleAllocation($userFolderObject);  
150 - }  
151 -  
152 - }  
153 -  
154 - $iUserDocsFolderID = $this->getFolderID('DroppedDocuments');  
155 - $oUserDocsFolder = Folder::get($iUserDocsFolderID);  
156 -  
157 - if(!Folder::FolderExistsName($sUserName, $iUserDocsFolderID))  
158 - {  
159 -  
160 -  
161 - $root=$this->ktapi->get_root_folder();  
162 - $userDocsFolder = $root->get_folder_by_name('/DroppedDocuments');  
163 -  
164 - //create the personal folder. (Use the username to create it)  
165 - $personalFolder = $userDocsFolder->add_folder($sUserName);  
166 -  
167 - //Copy the permission object to stop permission inheritance  
168 - KTPermissionUtil::copyPermissionObject($personalFolder->get_folder());  
169 -  
170 - //The role should exist by now.  
171 - //In both the if and else statements for the dropdocuments above the role is created  
172 - //If its doesn't exist by now there is an error  
173 - if(!$this->roleExistsName('WorkSpaceOwner'))  
174 - {  
175 -  
176 - $this->session->logout();  
177 - return _kt('Error: WorkSpaceOwner Role not setup, cannot assign to Personal Folder');  
178 -  
179 - }  
180 -  
181 - $personalFolderRole = $root->get_folder_by_name('/DroppedDocuments/'.$sUserName);  
182 - $PersonalFolderObject = ($personalFolderRole->get_folder());  
183 -  
184 - //Get permission object  
185 - $oPO = KTPermissionObject::get($PersonalFolderObject->getPermissionObjectId());  
186 -  
187 - //Check for duplicate WorkSpaceOwner roles  
188 - if (count($this->getRoleIdByName('WorkSpaceOwner')) > 1)  
189 - {  
190 - $this->session->logout();  
191 - return _kt('Error: cannot set personal folder role permissions: more than one role named \'WorkSpaceOwner\' exists');  
192 -  
193 - }  
194 -  
195 - $this->setPersonalFolderPermissions($oPO);  
196 -  
197 - $this->updatePersonalFolderRoleAllocation($PersonalFolderObject);  
198 -  
199 -  
200 - //folder just created so no top list of last modified documents  
201 -  
202 - $iMyDocsFolderID = $this->getFolderID($sUserName);  
203 - $this->session->logout();  
204 - return _kt('<span class="descriptiveText"> You do not have any dropped documents </span><br><br><br>');  
205 -  
206 -  
207 - }  
208 -  
209 - else //if personal folder does exist  
210 - {  
211 - //Getting personal folder id  
212 - $iMyDocsFolderID = $this->getFolderID($sUserName);  
213 -  
214 -  
215 - if(!$this->roleExistsName('WorkSpaceOwner'))  
216 - {  
217 - $this->session->logout();  
218 - return _kt('Error: WorkSpaceOwner Role does not exist');  
219 - }  
220 - else  
221 - {  
222 -  
223 - $oTempPersonalFolder = $root->get_folder_by_name('/DroppedDocuments/'.$sUserName);  
224 - $oPersonalFolder = $oTempPersonalFolder->get_folder();  
225 - //update WorkSpaceOwner role to include current user  
226 -  
227 - //Get permission object  
228 - $oPO = KTPermissionObject::get($oPersonalFolder->getPermissionObjectId());  
229 -  
230 - $this->setPersonalFolderPermissions($oPO);  
231 -  
232 - $this->updatePersonalFolderRoleAllocation($oPersonalFolder);  
233 -  
234 - }  
235 -  
236 -  
237 -  
238 - $aExternalWhereClauses[] = '(DT.transaction_namespace IN (?,?,?) AND (D.parent_folder_ids LIKE "%,'.$iMyDocsFolderID.',%" OR D.parent_folder_ids LIKE "%,'.$iMyDocsFolderID.'"))';  
239 - $aExternalWhereParams[] = 'ktcore.transactions.create';  
240 - $aExternalWhereParams[] = 'ktcore.transactions.check_in';  
241 - $aExternalWhereParams[] = 'ktcore.transactions.event';  
242 -  
243 -  
244 - $aDocumentTransactions = $this->getTransactionsMatchingQuery($oUser, '', $aExternalWhereClauses, $aExternalWhereParams);  
245 - if (empty($aDocumentTransactions))  
246 - {  
247 - $this->session->logout();  
248 - return _kt('<span class="descriptiveText"> You do not have any dropped documents </span><br><br><br>');  
249 - }  
250 -  
251 - $maxcount = 5;  
252 - $aDocumentTransactions = array_slice($aDocumentTransactions, 0, $maxcount);  
253 -  
254 - $sReturnTable = '<span class="descriptiveText">'._kt('Recently Dropped Documents').'</span>  
255 - <table width="100%" class="kt_collection drop_box" cellspacing="0">  
256 -  
257 - <thead>  
258 - <tr>  
259 - <th width="100%">'._kt('Document').'</th>  
260 - <th width="1%">'._kt('Date Dropped').'</th>  
261 - </tr>  
262 - </thead>  
263 - <tbody>';  
264 -  
265 - $sOddorEven = '';  
266 - $count = 1;  
267 - foreach ($aDocumentTransactions as $aRow)  
268 - {  
269 - $oDocument = Document::get($aRow[document_id]);  
270 - $aParentFolders = explode('/',$oDocument->getFullPath());  
271 - $sPath = '';  
272 -  
273 - for($i = 0; $i < count($aParentFolders); $i++)  
274 - {  
275 - if ($i > 2)  
276 - {  
277 - $sPath .= '/'.$aParentFolders[$i];  
278 - }  
279 - }  
280 -  
281 - $sContentType = KTMime::getIconPath($oDocument->getMimeTypeID());  
282 - $aAnchorData = $this->getDocInfo($aRow[document_id]);  
283 - $sLink = $aAnchorData[0];  
284 - $sDocName = $aAnchorData[1];  
285 - $sShortDocName = $sDocName;  
286 - if(strlen($sPath) > 0)  
287 - {  
288 - $sDocName = $sPath.'/'.$sDocName;  
289 - }  
290 -  
291 - $sFullDocName = $sDocName;  
292 - $iDocLength = strlen($sDocName);  
293 - if ( $iDocLength > 30 )  
294 - {  
295 - $sDocName = substr($sDocName, ($iDocLength - 30), $iDocLength);  
296 - $sDocName = '...'.$sDocName;  
297 - }  
298 -  
299 - if($count%2 == 0)  
300 - {  
301 - $sOddorEven = 'even';  
302 - }  
303 - else  
304 - {  
305 - $sOddorEven = 'odd';  
306 - }  
307 -  
308 - $sReturnTable .= '<tr class="'.$sOddorEven.'">'.  
309 - '<td width="100%"><span class="contenttype '.$sContentType.'"><a title="'.$sShortDocName.'" href='.$sLink.'>'.$sDocName.'</a></span></td>'.  
310 - '<td width="1%">'.$aRow[datetime].'</td>'.  
311 - '</tr>';  
312 - $count ++;  
313 - }  
314 -  
315 - $location = 'browse.php?fFolderId='.$iMyDocsFolderID;  
316 - $sReturnTable .= '</tbody>'.  
317 - '</table>'.  
318 - '<br>'.  
319 - '<a href="'.$location.'">'._kt(' View All').' </a><br><br>';  
320 - $this->session->logout();  
321 -  
322 - return $sReturnTable;  
323 -  
324 - }  
325 - }  
326 -  
327 - function handleOutput($sOutput) {  
328 - print $sOutput;  
329 - }  
330 -  
331 - //This function is used to set the permission on the dropdocuments folder  
332 - function setUserDocsPermissions($oUserPO)  
333 - {  
334 - //arrays returned from get Role ID's  
335 - $aWorkSpaceOwnerRoleID = $this->getRoleIdByName('WorkSpaceOwner');  
336 - $aAdminGroupID = $this->getGroupIdByName('System Administrators');  
337 -  
338 - //arrays used to make integers for $aAllowed array variable  
339 - $iWorkSpaceOwnerRoleID = $aWorkSpaceOwnerRoleID[0]['id'];  
340 - $iAdminGroupID = $aAdminGroupID[0]['id'];  
341 - //$aBothAllowed is used to give permissions to the admin group and the WorkSpaceOwner role  
342 - $aBothAllowed = array('group' => array($iAdminGroupID), 'role' => array($iWorkSpaceOwnerRoleID));  
343 -  
344 - //$aAdminAllowed is used to give permissions to the admin group only  
345 - $aAdminAllowed = array('group' => array($iAdminGroupID));  
346 -  
347 - //Get the list of permissions  
348 - $aPermissions = KTPermission::getList();  
349 -  
350 - foreach ($aPermissions as $oPermission)  
351 - {  
352 - //If the permission is not one of the below then both are allowed the permission  
353 - //Otherwise only the admin group is allowed the permission  
354 - if($oPermission->getHumanName() != 'Delete' && $oPermission->getHumanName() != 'Rename Folder'  
355 - && $oPermission->getHumanName() != 'Manage security' && $oPermission->getHumanName() != 'Manage workflow')  
356 - {  
357 - KTPermissionUtil::setPermissionForId($oPermission, $oUserPO, $aBothAllowed);  
358 - }  
359 - else  
360 - {  
361 - KTPermissionUtil::setPermissionForId($oPermission, $oUserPO, $aAdminAllowed);  
362 - }  
363 - }  
364 -  
365 - //UPdate the permission lookup  
366 - KTPermissionUtil::updatePermissionLookupForPO($oUserPO);  
367 - }  
368 -  
369 - //This function is used for allocating the user to the WorkSpaceOwner role only when the dropdocuments folder  
370 - //has just been created.  
371 - function setUserDocsRoleAllocation($oUserFolderObject)  
372 - {  
373 - $userFolderID = $oUserFolderObject->getId();  
374 -  
375 - $tempWorkSpaceOwnerRoleID = $this->getRoleIdByName('WorkSpaceOwner');  
376 - $WorkSpaceOwnerRoleID = $tempWorkSpaceOwnerRoleID[0]['id'];  
377 -  
378 - //create a new role allocation  
379 - $oDropdocumentsRoleAllocation = new RoleAllocation();  
380 - if ($oDropdocumentsRoleAllocation == null)  
381 - {  
382 - $this->session->logout();  
383 - return _kt('Error: cannot create WorkSpaceOwner role allocation');  
384 - }  
385 -  
386 - //set the folder and role for the allocation  
387 - $oDropdocumentsRoleAllocation->setFolderId($userFolderID);  
388 - $oDropdocumentsRoleAllocation->setRoleId($WorkSpaceOwnerRoleID);  
389 -  
390 - $aWorkSpaceOwnerRoleAllowed = array();  
391 - $oDropdocumentsRoleAllocation->setAllowed($aWorkSpaceOwnerRoleAllowed);  
392 - //It might be a problem that i'm not doing a "start transaction" here.  
393 - //Unable to roll back in event of db failure  
394 - $res = $oDropdocumentsRoleAllocation->create();  
395 -  
396 - //The role is created and then updated by adding the current user to the allowed list  
397 -  
398 - $oPD = $oDropdocumentsRoleAllocation->getPermissionDescriptor();  
399 - $aWorkSpaceOwnerRoleAssignAllowed = $oPD->getAllowed();  
400 - $aUserId[] = $this->oUser->getId();  
401 - $aWorkSpaceOwnerRoleAssignAllowed['user'] = $aUserId;  
402 - $oDropdocumentsRoleAllocation->setAllowed($aWorkSpaceOwnerRoleAssignAllowed);  
403 - $res = $oDropdocumentsRoleAllocation->update();  
404 -  
405 - //Update all info linked to the role  
406 - $this->renegeratePermissionsForRole($oDropdocumentsRoleAllocation->getRoleId(), $userFolderID);  
407 - }  
408 -  
409 - //This function is used to allocate the current user to the WorkSpaceOwner role after the Dropdocuments folder  
410 - //has already been created.  
411 - function updateUserDocsRoleAllocation($oUserFolder)  
412 - {  
413 - $userFolderID = $oUserFolder->getId();  
414 - $tempWorkSpaceOwnerRoleID = $this->getRoleIdByName('WorkSpaceOwner');//$oUserRole->getId();  
415 - $WorkSpaceOwnerRoleID = $tempWorkSpaceOwnerRoleID[0]['id'];  
416 -  
417 - //Get the role allocation object for the Dropdocuments folder and the WorkSpaceOwner role  
418 - $oDropdocumentsRoleAllocation = $oRoleAllocation = RoleAllocation::getAllocationsForFolderAndRole($userFolderID, $WorkSpaceOwnerRoleID);  
419 -  
420 - //check that the object is not null  
421 - if ($oDropdocumentsRoleAllocation == null)  
422 - {  
423 - $this->session->logout();  
424 - return _kt('Error: cannot find WorkSpaceOwner role allocation');  
425 - }  
426 -  
427 - $oPD = $oDropdocumentsRoleAllocation->getPermissionDescriptor();  
428 - $aWorkSpaceOwnerRoleAssignAllowed = $oPD->getAllowed();  
429 -  
430 - //If the user ID is not in the allowed list already then add it to the list.  
431 - if(!in_array($this->oUser->getId(), $aWorkSpaceOwnerRoleAssignAllowed['user']))  
432 - {  
433 - $aNewAllowed = array();  
434 - $aNewAllowed = $aWorkSpaceOwnerRoleAssignAllowed['user'];  
435 - $aNewAllowed[] = $this->oUser->getId();  
436 - $aWorkSpaceOwnerRoleAssignAllowed['user'] = $aNewAllowed;  
437 - $oDropdocumentsRoleAllocation->setAllowed($aWorkSpaceOwnerRoleAssignAllowed);  
438 - $res = $oDropdocumentsRoleAllocation->update();  
439 - $this->renegeratePermissionsForRole($oDropdocumentsRoleAllocation->getRoleId(), $userFolderID);  
440 - }  
441 - }  
442 -  
443 - function setPersonalFolderPermissions($oPO)  
444 - {  
445 - $aWorkSpaceOwnerRoleID = $this->getRoleIdByName('WorkSpaceOwner');  
446 - $aAdminGroupID = $this->getGroupIdByName('System Administrators');  
447 -  
448 - //arrays used to make integers for $aAllowed array variable  
449 - $iWorkSpaceOwnerRoleID = $aWorkSpaceOwnerRoleID[0]['id'];  
450 - $iAdminGroupID = $aAdminGroupID[0]['id'];  
451 -  
452 - //set permissions for the role and the admin group  
453 - $aAllowed = array('role' => array($iWorkSpaceOwnerRoleID), 'group' => array($iAdminGroupID));  
454 -  
455 - //Get the List of all the permissions  
456 - $aPersonalFolderPermissions = KTPermission::getList();  
457 -  
458 - //Iterate through and apply all permissions to the current user and the admin group  
459 - foreach ($aPersonalFolderPermissions as $oPersonalFolderPermission)  
460 - {  
461 - KTPermissionUtil::setPermissionForId($oPersonalFolderPermission, $oPO, $aAllowed);  
462 -  
463 - }  
464 -  
465 - //Update permission lookup  
466 - KTPermissionUtil::updatePermissionLookupForPO($oPO);  
467 - }  
468 -  
469 - function updatePersonalFolderRoleAllocation($oPersonalFolder)  
470 - {  
471 - //Assign user to the WorkSpaceOwner role  
472 - $personalFolderID = $oPersonalFolder->getId();  
473 - $tempWorkSpaceOwnerRoleID = $this->getRoleIdByName('WorkSpaceOwner');  
474 - $WorkSpaceOwnerRoleID = $tempWorkSpaceOwnerRoleID[0]['id'];  
475 -  
476 - $oRoleAllocation = new RoleAllocation();  
477 - if ($oRoleAllocation == null)  
478 - {  
479 - $this->session->logout();  
480 - return _kt('Error: Cannot create WorkSpaceOwner role allocation on personal folder');  
481 - }  
482 - $oRoleAllocation->setFolderId($personalFolderID);  
483 - $oRoleAllocation->setRoleId($WorkSpaceOwnerRoleID);  
484 -  
485 - $aRoleAllowed = array();  
486 - $oRoleAllocation->setAllowed($aRoleAllowed);  
487 -  
488 - //It might be a problem that i'm not doing a "start transaction" here.  
489 - //Unable to roll back in event of db failure  
490 - $res = $oRoleAllocation->create();  
491 -  
492 - //The role is first created and then the current user is allocated to the role below  
493 -  
494 - $oPD = $oRoleAllocation->getPermissionDescriptor();  
495 - $aRoleAssignAllowed = $oPD->getAllowed();  
496 - $aUserId[] = $this->oUser->getId();  
497 - $aRoleAssignAllowed['user'] = $aUserId;  
498 - $oRoleAllocation->setAllowed($aRoleAssignAllowed);  
499 - $res = $oRoleAllocation->update();  
500 - $this->renegeratePermissionsForRole($oRoleAllocation->getRoleId(), $personalFolderID);  
501 - }  
502 -  
503 - //FIXME: Direct Database access  
504 - function getFolderID($sFolderName) {  
505 - $sQuery = 'SELECT id FROM folders WHERE name = \''.$sFolderName.'\'';  
506 -  
507 - $id = DBUtil::getResultArray($sQuery);  
508 - return $id[0]['id'];  
509 - }  
510 -  
511 - //this function returns the document link and document name to be displayed on the dashlet  
512 - function getDocInfo($iDocId) {  
513 - $oDocument = Document::get($iDocId);  
514 -  
515 - if (PEAR::isError($oDocument)) {  
516 - return _kt('Document no longer exists.');  
517 - }  
518 -  
519 - $sName = htmlentities($oDocument->getName(), ENT_NOQUOTES, 'UTF-8');  
520 - $sLink = KTBrowseUtil::getUrlForDocument($oDocument);  
521 -  
522 - $aAnchorData = array();  
523 - $aAnchorData[] = $sLink;  
524 - $aAnchorData[] = $sName;  
525 - return $aAnchorData;  
526 - }  
527 -  
528 - //This function is used to create the role, role allocation is done separately  
529 - function createRole ($sName)  
530 - {  
531 - $this->startTransaction();  
532 - $oRole = Role::createFromArray(array('name' => $sName));  
533 -  
534 - if (PEAR::isError($oRole) || ($oRole == false))  
535 - {  
536 - if ($this->bTransactionStarted)  
537 - {  
538 - $this->rollbackTransaction();  
539 - }  
540 - //return null on failure  
541 - return null;  
542 - }  
543 - else  
544 - {  
545 - return $oRole;  
546 -  
547 - }  
548 - }  
549 -  
550 - //FIXME: Direct Database access  
551 - function roleExistsName ($sName)  
552 - {  
553 - $sQuery = "SELECT id FROM roles WHERE name = ?";  
554 - $aParams = array($sName);  
555 - $res = DBUtil::getResultArray(array($sQuery, $aParams));  
556 -  
557 - if (count($res) != 0)  
558 - {  
559 - return true;  
560 - }  
561 - return false;  
562 - }  
563 -  
564 - //FIXME: Direct Database access  
565 - function groupExistsName ($sName)  
566 - {  
567 - $sQuery = "SELECT id FROM groups_lookup WHERE name = ?";  
568 - $aParams = array($sName);  
569 - $res = DBUtil::getResultArray(array($sQuery, $aParams));  
570 -  
571 - if (count($res) != 0)  
572 - {  
573 - return true;  
574 - }  
575 - return false;  
576 - }  
577 -  
578 - //FIXME: Direct Database access  
579 - function getRoleIdByName($sName)  
580 - {  
581 - $sQuery = "SELECT id FROM roles WHERE name = ?";  
582 - $aParams = array($sName);  
583 - $res = DBUtil::getResultArray(array($sQuery, $aParams));  
584 - return $res;  
585 - }  
586 -  
587 - //FIXME: Direct Database access  
588 - function getGroupIdByName ($sName)  
589 - {  
590 - $sQuery = "SELECT id FROM groups_lookup WHERE name = ?";  
591 - $aParams = array($sName);  
592 - $res = DBUtil::getResultArray(array($sQuery, $aParams));  
593 - return $res;  
594 - }  
595 -  
596 - //function taken from KTPermission.php and edited to work here  
597 - function renegeratePermissionsForRole($iRoleId, $iFolderId) {  
598 - $iStartFolderId = $iFolderId;  
599 - /*  
600 - * 1. find all folders & documents "below" this one which use the role  
601 - * definition _active_ (not necessarily present) at this point.  
602 - * 2. tell permissionutil to regen their permissions.  
603 - *  
604 - * The find algorithm is:  
605 - *  
606 - * folder_queue <- (iStartFolderId)  
607 - * while folder_queue is not empty:  
608 - * active_folder =  
609 - * for each folder in the active_folder:  
610 - * find folders in _this_ folder without a role-allocation on the iRoleId  
611 - * add them to the folder_queue  
612 - * update the folder's permissions.  
613 - * find documents in this folder:  
614 - * update their permissions.  
615 - */  
616 -  
617 - $sRoleAllocTable = KTUtil::getTableName('role_allocations');  
618 - $sFolderTable = KTUtil::getTableName('folders');  
619 - $sQuery = sprintf('SELECT f.id as id FROM %s AS f LEFT JOIN %s AS ra ON (f.id = ra.folder_id) WHERE ra.id IS NULL AND f.parent_id = ?', $sFolderTable, $sRoleAllocTable);  
620 -  
621 -  
622 - $folder_queue = array($iStartFolderId);  
623 - while (!empty($folder_queue)) {  
624 - $active_folder = array_pop($folder_queue);  
625 -  
626 - $aParams = array($active_folder);  
627 -  
628 - $aNewFolders = DBUtil::getResultArrayKey(array($sQuery, $aParams), 'id');  
629 - if (PEAR::isError($aNewFolders)) {  
630 - //$this->errorRedirectToMain(_kt('Failure to generate folderlisting.'));  
631 - echo _kt('Failure to generate folderlisting.');  
632 - }  
633 - $folder_queue = kt_array_merge ($folder_queue, (array) $aNewFolders); // push.  
634 -  
635 -  
636 - // update the folder.  
637 - $oFolder =& Folder::get($active_folder);  
638 - if (PEAR::isError($oFolder) || ($oFolder == false)) {  
639 - //$this->errorRedirectToMain(_kt('Unable to locate folder: ') . $active_folder);  
640 - echo _kt('Unable to locate folder: ').$active_folder;  
641 - }  
642 -  
643 - KTPermissionUtil::updatePermissionLookup($oFolder);  
644 - $aDocList =& Document::getList(array('folder_id = ?', $active_folder));  
645 - if (PEAR::isError($aDocList) || ($aDocList === false)) {  
646 - //$this->errorRedirectToMain(sprintf(_kt('Unable to get documents in folder %s: %s'), $active_folder, $aDocList->getMessage()));  
647 - echo _kt('Unable to get documents in folder ').$active_folder;  
648 - }  
649 -  
650 - foreach ($aDocList as $oDoc) {  
651 - if (!PEAR::isError($oDoc)) {  
652 - KTPermissionUtil::updatePermissionLookup($oDoc);  
653 - }  
654 - }  
655 - }  
656 - }  
657 -  
658 - /*  
659 - attempt to abstract the transaction-matching query.  
660 -  
661 - tables that are already defined (other than sec ones):  
662 -  
663 - - Documents (D)  
664 - - Users (U)  
665 - - TransactionTypes (DTT)  
666 - - Document Transactions (DT)  
667 -  
668 - so where clausess can take advantage of those.  
669 -  
670 - */  
671 - function getTransactionsMatchingQuery($oUser, $sJoinClause, $aExternalWhereClauses, $aExternalWhereParams, $aOptions = null) {  
672 -  
673 - $sSelectItems = 'DTT.name AS transaction_name, U.name AS user_name, DT.version AS version, DT.comment AS comment, DT.datetime AS datetime, D.id as document_id, DT.transaction_namespace as namespace';  
674 - $sBaseJoin = "FROM " . KTUtil::getTableName("document_transactions") . " AS DT " .  
675 - "INNER JOIN " . KTUtil::getTableName("users") . " AS U ON DT.user_id = U.id " .  
676 - "INNER JOIN " . KTUtil::getTableName("transaction_types") . " AS DTT ON DTT.namespace = DT.transaction_namespace " .  
677 - "INNER JOIN " . KTUtil::getTableName("documents") . " AS D ON D.id = DT.document_id ";  
678 -  
679 - // now we're almost at partialquery like status.  
680 - $perm_res = KTSearchUtil::permissionToSQL($oUser, 'ktcore.permissions.read');  
681 - if (PEAR::isError($perm_res)) {  
682 - return $perm_res;  
683 - }  
684 - list($sPermissionString, $aPermissionParams, $sPermissionJoin) = $perm_res;  
685 -  
686 - // compile the final list  
687 - $aFinalWhere = kt_array_merge(array($sPermissionString,'D.creator_id IS NOT NULL'), $aExternalWhereClauses, array('D.status_id = ?'));  
688 - $aFinalWhereParams = kt_array_merge($aPermissionParams, $aExternalWhereParams, array(LIVE));  
689 -  
690 - if (!is_array($aOptions)) {  
691 - $aOptions = (array) $aOptions;  
692 - }  
693 - $sOrderBy = KTUtil::arrayGet($aOptions, 'orderby', 'DT.datetime DESC');  
694 -  
695 - // compile these.  
696 - // NBM: do we need to wrap these in ()?  
697 - $sWhereClause = implode(' AND ', $aFinalWhere);  
698 - if (!empty($sWhereClause)) {  
699 - $sWhereClause = 'WHERE ' . $sWhereClause;  
700 - }  
701 -  
702 - $sQuery = sprintf("SELECT %s %s %s %s %s ORDER BY %s",  
703 - $sSelectItems,  
704 - $sBaseJoin,  
705 - $sPermissionJoin,  
706 - $sJoinClause,  
707 - $sWhereClause,  
708 - $sOrderBy  
709 - );  
710 -  
711 - //var_dump(array($sQuery, $aFinalWhereParams));  
712 -  
713 - $res = DBUtil::getResultArray(array($sQuery, $aFinalWhereParams));  
714 - //var_dump($res); exit(0);  
715 - return $res;  
716 - }  
717 -}  
718 -?> 1 +<?php
  2 +/**
  3 + * $Id: $
  4 + *
  5 + * KnowledgeTree Community Edition
  6 + * Document Management Made Simple
  7 + * Copyright (C) 2008 KnowledgeTree Inc.
  8 + * Portions copyright The Jam Warehouse Software (Pty) Limited
  9 + *
  10 + * This program is free software; you can redistribute it and/or modify it under
  11 + * the terms of the GNU General Public License version 3 as published by the
  12 + * Free Software Foundation.
  13 + *
  14 + * This program is distributed in the hope that it will be useful, but WITHOUT
  15 + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  16 + * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
  17 + * details.
  18 + *
  19 + * You should have received a copy of the GNU General Public License
  20 + * along with this program. If not, see <http://www.gnu.org/licenses/>.
  21 + *
  22 + * You can contact KnowledgeTree Inc., PO Box 7775 #87847, San Francisco,
  23 + * California 94120-7775, or email info@knowledgetree.com.
  24 + *
  25 + * The interactive user interfaces in modified source and object code versions
  26 + * of this program must display Appropriate Legal Notices, as required under
  27 + * Section 5 of the GNU General Public License version 3.
  28 + *
  29 + * In accordance with Section 7(b) of the GNU General Public License version 3,
  30 + * these Appropriate Legal Notices must retain the display of the "Powered by
  31 + * KnowledgeTree" logo and retain the original copyright notice. If the display of the
  32 + * logo is not reasonably feasible for technical reasons, the Appropriate Legal Notices
  33 + * must display the words "Powered by KnowledgeTree" and retain the original
  34 + * copyright notice.
  35 + * Contributor( s): ______________________________________
  36 + *
  37 + */
  38 +
  39 +require_once("config/dmsDefaults.php");
  40 +require_once(KT_DIR . "/ktapi/ktapi.inc.php");
  41 +require_once(KT_LIB_DIR . "/plugins/plugin.inc.php");
  42 +require_once(KT_LIB_DIR . "/plugins/pluginregistry.inc.php");
  43 +require_once(KT_LIB_DIR . "/dashboard/dashlet.inc.php");
  44 +require_once(KT_DIR . "/plugins/ktcore/KTFolderActions.php");
  45 +require_once(KT_DIR . "/ktapi/KTAPIFolder.inc.php");
  46 +require_once(KT_LIB_DIR . "/roles/Role.inc");
  47 +require_once(KT_LIB_DIR . "/roles/roleallocation.inc.php");
  48 +require_once(KT_LIB_DIR . "/permissions/permissionutil.inc.php");
  49 +require_once(KT_LIB_DIR . '/mime.inc.php');
  50 +/* This page is run via an AJAX call from the update.js for this plugin.
  51 + * It checks to see if both the dropdocuments folder and the users personal folder exist.
  52 + * If they don't, it creates them and assigns permission and roles accordingly.
  53 + * If the dropdocuments folder does exist it checks if the WorkSpaceOwner role exists.
  54 + * If the role exists it assigns the current user to the role on the dropdocuments folder.
  55 + * Therefore any users running the plugin after the dropdocuments folder has been created will have access to it too.
  56 + * The underlying logic is that everyone is assigned to the WorkSpaceOwner Role, they have all permission except
  57 + * Delete, Rename Folder, Manage security and Manage workflow on the dropdocuments folder.
  58 + * This role is then assigned to their personal folder too (which is named according to their username) and is overidden
  59 + * to give only the current user full rights to their folder.
  60 + * Essentially everyone can look at the dropdocuments folder but will only see their own folder within it.
  61 + */
  62 +
  63 +class MyDropDocumentsPage extends KTStandardDispatcher {
  64 +
  65 + function do_main() {
  66 +
  67 + $iRootID = (int)1;
  68 + $oUser = $this->oUser;
  69 + $sUserName = (string)$this->oUser->getUserName();
  70 + $this->ktapi = new KTAPI();
  71 + $this->session = $this->ktapi->start_system_session();
  72 +
  73 + if(!Folder::FolderExistsName('DroppedDocuments', $iRootID))
  74 + {
  75 +
  76 + $root=$this->ktapi->get_root_folder();
  77 +
  78 + //Create dropdocuments folder
  79 + $userFolder = $root->add_folder('DroppedDocuments');
  80 +
  81 + //In order to stop permission inheritance a copy of the parent permission object is created.
  82 + //This copy is then used to set separate permissions for this folder.
  83 + KTPermissionUtil::copyPermissionObject($userFolder->get_folder());
  84 +
  85 + //If WorkSpaceOwner role doesn't exist, create it
  86 + if(!$this->roleExistsName('WorkSpaceOwner'))
  87 + {
  88 + $oWorkSpaceOwnerRole = $this->createRole('WorkSpaceOwner');
  89 + if ($oWorkSpaceOwnerRole == null)
  90 + {
  91 + $this->session->logout();
  92 + return _kt('Error: Failed to create WorkSpaceOwner Role');
  93 + }
  94 + }
  95 +
  96 + //$root=$this->ktapi->get_root_folder();
  97 + //$personalFolder = $root->get_folder_by_name('/dropdocuments/'.$sUserName);
  98 +
  99 + //Get the folder object
  100 + $userFolderObject = $userFolder->get_folder();
  101 +
  102 + //Get the permission object from the dropdocuments folder object
  103 + $oUserPO = KTPermissionObject::get($userFolderObject->getPermissionObjectId());
  104 +
  105 + //Check to see if there are duplicate WorkSpaceOwner roles.
  106 + if (count($this->getRoleIdByName('WorkSpaceOwner')) > 1)
  107 + {
  108 + $this->session->logout();
  109 + return _kt('Error: cannot set user role permissions: more than one role named \'WorkSpaceOwner\' exists');
  110 +
  111 + }
  112 +
  113 + //call the function to set the permission on the dropdocuments folder
  114 + $this->setUserDocsPermissions($oUserPO);
  115 +
  116 + //Assign the current user to the WorkSpaceOwner role
  117 + $this->setUserDocsRoleAllocation($userFolderObject);
  118 +
  119 + }
  120 + else
  121 + {
  122 +
  123 + $root = $this->ktapi->get_root_folder();
  124 + $userFolder = $root->get_folder_by_name('/DroppedDocuments');
  125 +
  126 + //Get the dropdocuments folder object
  127 + $userFolderObject = $userFolder->get_folder();
  128 +
  129 + if(!$this->roleExistsName('WorkSpaceOwner'))
  130 + {
  131 +
  132 + $oWorkSpaceOwnerRole = $this->createRole('WorkSpaceOwner');
  133 + if ($oWorkSpaceOwnerRole == null)
  134 + {
  135 + $this->session->logout();
  136 + return _kt('Error: Failed to create WorkSpaceOwner Role');
  137 + }
  138 +
  139 + //set permissions
  140 + $oUserPO = KTPermissionObject::get($userFolderObject->getPermissionObjectId());
  141 + $this->setUserDocsPermissions($oUserPO);
  142 + //assign current user to role
  143 + $this->setUserDocsRoleAllocation($userFolderObject);
  144 + }
  145 + else
  146 + {
  147 +
  148 + //update WrokSpaceOwner role to include current user
  149 + $this->updateUserDocsRoleAllocation($userFolderObject);
  150 + }
  151 +
  152 + }
  153 +
  154 + $iUserDocsFolderID = $this->getFolderID('DroppedDocuments');
  155 + $oUserDocsFolder = Folder::get($iUserDocsFolderID);
  156 +
  157 + if(!Folder::FolderExistsName($sUserName, $iUserDocsFolderID))
  158 + {
  159 +
  160 +
  161 + $root=$this->ktapi->get_root_folder();
  162 + $userDocsFolder = $root->get_folder_by_name('/DroppedDocuments');
  163 +
  164 + //create the personal folder. (Use the username to create it)
  165 + $personalFolder = $userDocsFolder->add_folder($sUserName);
  166 +
  167 + //Copy the permission object to stop permission inheritance
  168 + KTPermissionUtil::copyPermissionObject($personalFolder->get_folder());
  169 +
  170 + //The role should exist by now.
  171 + //In both the if and else statements for the dropdocuments above the role is created
  172 + //If its doesn't exist by now there is an error
  173 + if(!$this->roleExistsName('WorkSpaceOwner'))
  174 + {
  175 +
  176 + $this->session->logout();
  177 + return _kt('Error: WorkSpaceOwner Role not setup, cannot assign to Personal Folder');
  178 +
  179 + }
  180 +
  181 + $personalFolderRole = $root->get_folder_by_name('/DroppedDocuments/'.$sUserName);
  182 + $PersonalFolderObject = ($personalFolderRole->get_folder());
  183 +
  184 + //Get permission object
  185 + $oPO = KTPermissionObject::get($PersonalFolderObject->getPermissionObjectId());
  186 +
  187 + //Check for duplicate WorkSpaceOwner roles
  188 + if (count($this->getRoleIdByName('WorkSpaceOwner')) > 1)
  189 + {
  190 + $this->session->logout();
  191 + return _kt('Error: cannot set personal folder role permissions: more than one role named \'WorkSpaceOwner\' exists');
  192 +
  193 + }
  194 +
  195 + $this->setPersonalFolderPermissions($oPO);
  196 +
  197 + $this->updatePersonalFolderRoleAllocation($PersonalFolderObject);
  198 +
  199 +
  200 + //folder just created so no top list of last modified documents
  201 +
  202 + $iMyDocsFolderID = $this->getFolderID($sUserName);
  203 + $this->session->logout();
  204 + return _kt('<span class="descriptiveText"> You do not have any dropped documents </span><br><br><br>');
  205 +
  206 +
  207 + }
  208 +
  209 + else //if personal folder does exist
  210 + {
  211 + //Getting personal folder id
  212 + $iMyDocsFolderID = $this->getFolderID($sUserName);
  213 +
  214 +
  215 + if(!$this->roleExistsName('WorkSpaceOwner'))
  216 + {
  217 + $this->session->logout();
  218 + return _kt('Error: WorkSpaceOwner Role does not exist');
  219 + }
  220 + else
  221 + {
  222 +
  223 + $oTempPersonalFolder = $root->get_folder_by_name('/DroppedDocuments/'.$sUserName);
  224 + $oPersonalFolder = $oTempPersonalFolder->get_folder();
  225 + //update WorkSpaceOwner role to include current user
  226 +
  227 + //Get permission object
  228 + $oPO = KTPermissionObject::get($oPersonalFolder->getPermissionObjectId());
  229 +
  230 + $this->setPersonalFolderPermissions($oPO);
  231 +
  232 + $this->updatePersonalFolderRoleAllocation($oPersonalFolder);
  233 +
  234 + }
  235 +
  236 + $fullPath = $oUserDocsFolder->getFullPath() . '/' . $sUserName;
  237 +
  238 + $aExternalWhereClauses[] = '(DT.transaction_namespace IN (?,?,?) AND (D.full_path LIKE "'.$fullPath.'/%"))';
  239 + $aExternalWhereParams[] = 'ktcore.transactions.create';
  240 + $aExternalWhereParams[] = 'ktcore.transactions.check_in';
  241 + $aExternalWhereParams[] = 'ktcore.transactions.event';
  242 +
  243 +
  244 + $aDocumentTransactions = $this->getTransactionsMatchingQuery($oUser, '', $aExternalWhereClauses, $aExternalWhereParams);
  245 + if (empty($aDocumentTransactions))
  246 + {
  247 + $this->session->logout();
  248 + return _kt('<span class="descriptiveText"> You do not have any dropped documents </span><br><br><br>');
  249 + }
  250 +
  251 + $maxcount = 5;
  252 + $aDocumentTransactions = array_slice($aDocumentTransactions, 0, $maxcount);
  253 +
  254 + $sReturnTable = '<span class="descriptiveText">'._kt('Recently Dropped Documents').'</span>
  255 + <table width="100%" class="kt_collection drop_box" cellspacing="0">
  256 +
  257 + <thead>
  258 + <tr>
  259 + <th width="100%">'._kt('Document').'</th>
  260 + <th width="1%">'._kt('Date Dropped').'</th>
  261 + </tr>
  262 + </thead>
  263 + <tbody>';
  264 +
  265 + $sOddorEven = '';
  266 + $count = 1;
  267 + foreach ($aDocumentTransactions as $aRow)
  268 + {
  269 + $oDocument = Document::get($aRow[document_id]);
  270 + $aParentFolders = explode('/',$oDocument->getFullPath());
  271 + $sPath = '';
  272 +
  273 + for($i = 0; $i < count($aParentFolders); $i++)
  274 + {
  275 + if ($i > 2)
  276 + {
  277 + $sPath .= '/'.$aParentFolders[$i];
  278 + }
  279 + }
  280 +
  281 + $sContentType = KTMime::getIconPath($oDocument->getMimeTypeID());
  282 + $aAnchorData = $this->getDocInfo($aRow[document_id]);
  283 + $sLink = $aAnchorData[0];
  284 + $sDocName = $aAnchorData[1];
  285 + $sShortDocName = $sDocName;
  286 + if(strlen($sPath) > 0)
  287 + {
  288 + $sDocName = $sPath.'/'.$sDocName;
  289 + }
  290 +
  291 + $sFullDocName = $sDocName;
  292 + $iDocLength = strlen($sDocName);
  293 + if ( $iDocLength > 30 )
  294 + {
  295 + $sDocName = substr($sDocName, ($iDocLength - 30), $iDocLength);
  296 + $sDocName = '...'.$sDocName;
  297 + }
  298 +
  299 + if($count%2 == 0)
  300 + {
  301 + $sOddorEven = 'even';
  302 + }
  303 + else
  304 + {
  305 + $sOddorEven = 'odd';
  306 + }
  307 +
  308 + $sReturnTable .= '<tr class="'.$sOddorEven.'">'.
  309 + '<td width="100%"><span class="contenttype '.$sContentType.'"><a title="'.$sShortDocName.'" href='.$sLink.'>'.$sDocName.'</a></span></td>'.
  310 + '<td width="1%">'.$aRow[datetime].'</td>'.
  311 + '</tr>';
  312 + $count ++;
  313 + }
  314 +
  315 + $location = 'browse.php?fFolderId='.$iMyDocsFolderID;
  316 + $sReturnTable .= '</tbody>'.
  317 + '</table>'.
  318 + '<br>'.
  319 + '<a href="'.$location.'">'._kt(' View All').' </a><br><br>';
  320 + $this->session->logout();
  321 +
  322 + return $sReturnTable;
  323 +
  324 + }
  325 + }
  326 +
  327 + function handleOutput($sOutput) {
  328 + print $sOutput;
  329 + }
  330 +
  331 + //This function is used to set the permission on the dropdocuments folder
  332 + function setUserDocsPermissions($oUserPO)
  333 + {
  334 + //arrays returned from get Role ID's
  335 + $aWorkSpaceOwnerRoleID = $this->getRoleIdByName('WorkSpaceOwner');
  336 + $aAdminGroupID = $this->getGroupIdByName('System Administrators');
  337 +
  338 + //arrays used to make integers for $aAllowed array variable
  339 + $iWorkSpaceOwnerRoleID = $aWorkSpaceOwnerRoleID[0]['id'];
  340 + $iAdminGroupID = $aAdminGroupID[0]['id'];
  341 + //$aBothAllowed is used to give permissions to the admin group and the WorkSpaceOwner role
  342 + $aBothAllowed = array('group' => array($iAdminGroupID), 'role' => array($iWorkSpaceOwnerRoleID));
  343 +
  344 + //$aAdminAllowed is used to give permissions to the admin group only
  345 + $aAdminAllowed = array('group' => array($iAdminGroupID));
  346 +
  347 + //Get the list of permissions
  348 + $aPermissions = KTPermission::getList();
  349 +
  350 + foreach ($aPermissions as $oPermission)
  351 + {
  352 + //If the permission is not one of the below then both are allowed the permission
  353 + //Otherwise only the admin group is allowed the permission
  354 + if($oPermission->getHumanName() != 'Delete' && $oPermission->getHumanName() != 'Rename Folder'
  355 + && $oPermission->getHumanName() != 'Manage security' && $oPermission->getHumanName() != 'Manage workflow')
  356 + {
  357 + KTPermissionUtil::setPermissionForId($oPermission, $oUserPO, $aBothAllowed);
  358 + }
  359 + else
  360 + {
  361 + KTPermissionUtil::setPermissionForId($oPermission, $oUserPO, $aAdminAllowed);
  362 + }
  363 + }
  364 +
  365 + //UPdate the permission lookup
  366 + KTPermissionUtil::updatePermissionLookupForPO($oUserPO);
  367 + }
  368 +
  369 + //This function is used for allocating the user to the WorkSpaceOwner role only when the dropdocuments folder
  370 + //has just been created.
  371 + function setUserDocsRoleAllocation($oUserFolderObject)
  372 + {
  373 + $userFolderID = $oUserFolderObject->getId();
  374 +
  375 + $tempWorkSpaceOwnerRoleID = $this->getRoleIdByName('WorkSpaceOwner');
  376 + $WorkSpaceOwnerRoleID = $tempWorkSpaceOwnerRoleID[0]['id'];
  377 +
  378 + //create a new role allocation
  379 + $oDropdocumentsRoleAllocation = new RoleAllocation();
  380 + if ($oDropdocumentsRoleAllocation == null)
  381 + {
  382 + $this->session->logout();
  383 + return _kt('Error: cannot create WorkSpaceOwner role allocation');
  384 + }
  385 +
  386 + //set the folder and role for the allocation
  387 + $oDropdocumentsRoleAllocation->setFolderId($userFolderID);
  388 + $oDropdocumentsRoleAllocation->setRoleId($WorkSpaceOwnerRoleID);
  389 +
  390 + $aWorkSpaceOwnerRoleAllowed = array();
  391 + $oDropdocumentsRoleAllocation->setAllowed($aWorkSpaceOwnerRoleAllowed);
  392 + //It might be a problem that i'm not doing a "start transaction" here.
  393 + //Unable to roll back in event of db failure
  394 + $res = $oDropdocumentsRoleAllocation->create();
  395 +
  396 + //The role is created and then updated by adding the current user to the allowed list
  397 +
  398 + $oPD = $oDropdocumentsRoleAllocation->getPermissionDescriptor();
  399 + $aWorkSpaceOwnerRoleAssignAllowed = $oPD->getAllowed();
  400 + $aUserId[] = $this->oUser->getId();
  401 + $aWorkSpaceOwnerRoleAssignAllowed['user'] = $aUserId;
  402 + $oDropdocumentsRoleAllocation->setAllowed($aWorkSpaceOwnerRoleAssignAllowed);
  403 + $res = $oDropdocumentsRoleAllocation->update();
  404 +
  405 + //Update all info linked to the role
  406 + $this->renegeratePermissionsForRole($oDropdocumentsRoleAllocation->getRoleId(), $userFolderID);
  407 + }
  408 +
  409 + //This function is used to allocate the current user to the WorkSpaceOwner role after the Dropdocuments folder
  410 + //has already been created.
  411 + function updateUserDocsRoleAllocation($oUserFolder)
  412 + {
  413 + $userFolderID = $oUserFolder->getId();
  414 + $tempWorkSpaceOwnerRoleID = $this->getRoleIdByName('WorkSpaceOwner');//$oUserRole->getId();
  415 + $WorkSpaceOwnerRoleID = $tempWorkSpaceOwnerRoleID[0]['id'];
  416 +
  417 + //Get the role allocation object for the Dropdocuments folder and the WorkSpaceOwner role
  418 + $oDropdocumentsRoleAllocation = $oRoleAllocation = RoleAllocation::getAllocationsForFolderAndRole($userFolderID, $WorkSpaceOwnerRoleID);
  419 +
  420 + //check that the object is not null
  421 + if ($oDropdocumentsRoleAllocation == null)
  422 + {
  423 + $this->session->logout();
  424 + return _kt('Error: cannot find WorkSpaceOwner role allocation');
  425 + }
  426 +
  427 + $oPD = $oDropdocumentsRoleAllocation->getPermissionDescriptor();
  428 + $aWorkSpaceOwnerRoleAssignAllowed = $oPD->getAllowed();
  429 +
  430 + //If the user ID is not in the allowed list already then add it to the list.
  431 + if(!in_array($this->oUser->getId(), $aWorkSpaceOwnerRoleAssignAllowed['user']))
  432 + {
  433 + $aNewAllowed = array();
  434 + $aNewAllowed = $aWorkSpaceOwnerRoleAssignAllowed['user'];
  435 + $aNewAllowed[] = $this->oUser->getId();
  436 + $aWorkSpaceOwnerRoleAssignAllowed['user'] = $aNewAllowed;
  437 + $oDropdocumentsRoleAllocation->setAllowed($aWorkSpaceOwnerRoleAssignAllowed);
  438 + $res = $oDropdocumentsRoleAllocation->update();
  439 + $this->renegeratePermissionsForRole($oDropdocumentsRoleAllocation->getRoleId(), $userFolderID);
  440 + }
  441 + }
  442 +
  443 + function setPersonalFolderPermissions($oPO)
  444 + {
  445 + $aWorkSpaceOwnerRoleID = $this->getRoleIdByName('WorkSpaceOwner');
  446 + $aAdminGroupID = $this->getGroupIdByName('System Administrators');
  447 +
  448 + //arrays used to make integers for $aAllowed array variable
  449 + $iWorkSpaceOwnerRoleID = $aWorkSpaceOwnerRoleID[0]['id'];
  450 + $iAdminGroupID = $aAdminGroupID[0]['id'];
  451 +
  452 + //set permissions for the role and the admin group
  453 + $aAllowed = array('role' => array($iWorkSpaceOwnerRoleID), 'group' => array($iAdminGroupID));
  454 +
  455 + //Get the List of all the permissions
  456 + $aPersonalFolderPermissions = KTPermission::getList();
  457 +
  458 + //Iterate through and apply all permissions to the current user and the admin group
  459 + foreach ($aPersonalFolderPermissions as $oPersonalFolderPermission)
  460 + {
  461 + KTPermissionUtil::setPermissionForId($oPersonalFolderPermission, $oPO, $aAllowed);
  462 +
  463 + }
  464 +
  465 + //Update permission lookup
  466 + KTPermissionUtil::updatePermissionLookupForPO($oPO);
  467 + }
  468 +
  469 + function updatePersonalFolderRoleAllocation($oPersonalFolder)
  470 + {
  471 + //Assign user to the WorkSpaceOwner role
  472 + $personalFolderID = $oPersonalFolder->getId();
  473 + $tempWorkSpaceOwnerRoleID = $this->getRoleIdByName('WorkSpaceOwner');
  474 + $WorkSpaceOwnerRoleID = $tempWorkSpaceOwnerRoleID[0]['id'];
  475 +
  476 + $oRoleAllocation = new RoleAllocation();
  477 + if ($oRoleAllocation == null)
  478 + {
  479 + $this->session->logout();
  480 + return _kt('Error: Cannot create WorkSpaceOwner role allocation on personal folder');
  481 + }
  482 + $oRoleAllocation->setFolderId($personalFolderID);
  483 + $oRoleAllocation->setRoleId($WorkSpaceOwnerRoleID);
  484 +
  485 + $aRoleAllowed = array();
  486 + $oRoleAllocation->setAllowed($aRoleAllowed);
  487 +
  488 + //It might be a problem that i'm not doing a "start transaction" here.
  489 + //Unable to roll back in event of db failure
  490 + $res = $oRoleAllocation->create();
  491 +
  492 + //The role is first created and then the current user is allocated to the role below
  493 +
  494 + $oPD = $oRoleAllocation->getPermissionDescriptor();
  495 + $aRoleAssignAllowed = $oPD->getAllowed();
  496 + $aUserId[] = $this->oUser->getId();
  497 + $aRoleAssignAllowed['user'] = $aUserId;
  498 + $oRoleAllocation->setAllowed($aRoleAssignAllowed);
  499 + $res = $oRoleAllocation->update();
  500 + $this->renegeratePermissionsForRole($oRoleAllocation->getRoleId(), $personalFolderID);
  501 + }
  502 +
  503 + //FIXME: Direct Database access
  504 + function getFolderID($sFolderName) {
  505 + $sQuery = 'SELECT id FROM folders WHERE name = \''.$sFolderName.'\'';
  506 +
  507 + $id = DBUtil::getResultArray($sQuery);
  508 + return $id[0]['id'];
  509 + }
  510 +
  511 + //this function returns the document link and document name to be displayed on the dashlet
  512 + function getDocInfo($iDocId) {
  513 + $oDocument = Document::get($iDocId);
  514 +
  515 + if (PEAR::isError($oDocument)) {
  516 + return _kt('Document no longer exists.');
  517 + }
  518 +
  519 + $sName = htmlentities($oDocument->getName(), ENT_NOQUOTES, 'UTF-8');
  520 + $sLink = KTBrowseUtil::getUrlForDocument($oDocument);
  521 +
  522 + $aAnchorData = array();
  523 + $aAnchorData[] = $sLink;
  524 + $aAnchorData[] = $sName;
  525 + return $aAnchorData;
  526 + }
  527 +
  528 + //This function is used to create the role, role allocation is done separately
  529 + function createRole ($sName)
  530 + {
  531 + $this->startTransaction();
  532 + $oRole = Role::createFromArray(array('name' => $sName));
  533 +
  534 + if (PEAR::isError($oRole) || ($oRole == false))
  535 + {
  536 + if ($this->bTransactionStarted)
  537 + {
  538 + $this->rollbackTransaction();
  539 + }
  540 + //return null on failure
  541 + return null;
  542 + }
  543 + else
  544 + {
  545 + return $oRole;
  546 +
  547 + }
  548 + }
  549 +
  550 + //FIXME: Direct Database access
  551 + function roleExistsName ($sName)
  552 + {
  553 + $sQuery = "SELECT id FROM roles WHERE name = ?";
  554 + $aParams = array($sName);
  555 + $res = DBUtil::getResultArray(array($sQuery, $aParams));
  556 +
  557 + if (count($res) != 0)
  558 + {
  559 + return true;
  560 + }
  561 + return false;
  562 + }
  563 +
  564 + //FIXME: Direct Database access
  565 + function groupExistsName ($sName)
  566 + {
  567 + $sQuery = "SELECT id FROM groups_lookup WHERE name = ?";
  568 + $aParams = array($sName);
  569 + $res = DBUtil::getResultArray(array($sQuery, $aParams));
  570 +
  571 + if (count($res) != 0)
  572 + {
  573 + return true;
  574 + }
  575 + return false;
  576 + }
  577 +
  578 + //FIXME: Direct Database access
  579 + function getRoleIdByName($sName)
  580 + {
  581 + $sQuery = "SELECT id FROM roles WHERE name = ?";
  582 + $aParams = array($sName);
  583 + $res = DBUtil::getResultArray(array($sQuery, $aParams));
  584 + return $res;
  585 + }
  586 +
  587 + //FIXME: Direct Database access
  588 + function getGroupIdByName ($sName)
  589 + {
  590 + $sQuery = "SELECT id FROM groups_lookup WHERE name = ?";
  591 + $aParams = array($sName);
  592 + $res = DBUtil::getResultArray(array($sQuery, $aParams));
  593 + return $res;
  594 + }
  595 +
  596 + //function taken from KTPermission.php and edited to work here
  597 + function renegeratePermissionsForRole($iRoleId, $iFolderId) {
  598 + $iStartFolderId = $iFolderId;
  599 + /*
  600 + * 1. find all folders & documents "below" this one which use the role
  601 + * definition _active_ (not necessarily present) at this point.
  602 + * 2. tell permissionutil to regen their permissions.
  603 + *
  604 + * The find algorithm is:
  605 + *
  606 + * folder_queue <- (iStartFolderId)
  607 + * while folder_queue is not empty:
  608 + * active_folder =
  609 + * for each folder in the active_folder:
  610 + * find folders in _this_ folder without a role-allocation on the iRoleId
  611 + * add them to the folder_queue
  612 + * update the folder's permissions.
  613 + * find documents in this folder:
  614 + * update their permissions.
  615 + */
  616 +
  617 + $sRoleAllocTable = KTUtil::getTableName('role_allocations');
  618 + $sFolderTable = KTUtil::getTableName('folders');
  619 + $sQuery = sprintf('SELECT f.id as id FROM %s AS f LEFT JOIN %s AS ra ON (f.id = ra.folder_id) WHERE ra.id IS NULL AND f.parent_id = ?', $sFolderTable, $sRoleAllocTable);
  620 +
  621 +
  622 + $folder_queue = array($iStartFolderId);
  623 + while (!empty($folder_queue)) {
  624 + $active_folder = array_pop($folder_queue);
  625 +
  626 + $aParams = array($active_folder);
  627 +
  628 + $aNewFolders = DBUtil::getResultArrayKey(array($sQuery, $aParams), 'id');
  629 + if (PEAR::isError($aNewFolders)) {
  630 + //$this->errorRedirectToMain(_kt('Failure to generate folderlisting.'));
  631 + echo _kt('Failure to generate folderlisting.');
  632 + }
  633 + $folder_queue = kt_array_merge ($folder_queue, (array) $aNewFolders); // push.
  634 +
  635 +
  636 + // update the folder.
  637 + $oFolder =& Folder::get($active_folder);
  638 + if (PEAR::isError($oFolder) || ($oFolder == false)) {
  639 + //$this->errorRedirectToMain(_kt('Unable to locate folder: ') . $active_folder);
  640 + echo _kt('Unable to locate folder: ').$active_folder;
  641 + }
  642 +
  643 + KTPermissionUtil::updatePermissionLookup($oFolder);
  644 + $aDocList =& Document::getList(array('folder_id = ?', $active_folder));
  645 + if (PEAR::isError($aDocList) || ($aDocList === false)) {
  646 + //$this->errorRedirectToMain(sprintf(_kt('Unable to get documents in folder %s: %s'), $active_folder, $aDocList->getMessage()));
  647 + echo _kt('Unable to get documents in folder ').$active_folder;
  648 + }
  649 +
  650 + foreach ($aDocList as $oDoc) {
  651 + if (!PEAR::isError($oDoc)) {
  652 + KTPermissionUtil::updatePermissionLookup($oDoc);
  653 + }
  654 + }
  655 + }
  656 + }
  657 +
  658 + /*
  659 + attempt to abstract the transaction-matching query.
  660 +
  661 + tables that are already defined (other than sec ones):
  662 +
  663 + - Documents (D)
  664 + - Users (U)
  665 + - TransactionTypes (DTT)
  666 + - Document Transactions (DT)
  667 +
  668 + so where clausess can take advantage of those.
  669 +
  670 + */
  671 + function getTransactionsMatchingQuery($oUser, $sJoinClause, $aExternalWhereClauses, $aExternalWhereParams, $aOptions = null) {
  672 +
  673 + $sSelectItems = 'DTT.name AS transaction_name, U.name AS user_name, DT.version AS version, DT.comment AS comment, DT.datetime AS datetime, D.id as document_id, DT.transaction_namespace as namespace';
  674 + $sBaseJoin = "FROM " . KTUtil::getTableName("document_transactions") . " AS DT " .
  675 + "INNER JOIN " . KTUtil::getTableName("users") . " AS U ON DT.user_id = U.id " .
  676 + "INNER JOIN " . KTUtil::getTableName("transaction_types") . " AS DTT ON DTT.namespace = DT.transaction_namespace " .
  677 + "INNER JOIN " . KTUtil::getTableName("documents") . " AS D ON D.id = DT.document_id ";
  678 +
  679 + // now we're almost at partialquery like status.
  680 + $perm_res = KTSearchUtil::permissionToSQL($oUser, 'ktcore.permissions.read');
  681 + if (PEAR::isError($perm_res)) {
  682 + return $perm_res;
  683 + }
  684 + list($sPermissionString, $aPermissionParams, $sPermissionJoin) = $perm_res;
  685 +
  686 + // compile the final list
  687 + $aFinalWhere = kt_array_merge(array($sPermissionString,'D.creator_id IS NOT NULL'), $aExternalWhereClauses, array('D.status_id = ?'));
  688 + $aFinalWhereParams = kt_array_merge($aPermissionParams, $aExternalWhereParams, array(LIVE));
  689 +
  690 + if (!is_array($aOptions)) {
  691 + $aOptions = (array) $aOptions;
  692 + }
  693 + $sOrderBy = KTUtil::arrayGet($aOptions, 'orderby', 'DT.datetime DESC');
  694 +
  695 + // compile these.
  696 + // NBM: do we need to wrap these in ()?
  697 + $sWhereClause = implode(' AND ', $aFinalWhere);
  698 + if (!empty($sWhereClause)) {
  699 + $sWhereClause = 'WHERE ' . $sWhereClause;
  700 + }
  701 +
  702 + $sQuery = sprintf("SELECT %s %s %s %s %s ORDER BY %s",
  703 + $sSelectItems,
  704 + $sBaseJoin,
  705 + $sPermissionJoin,
  706 + $sJoinClause,
  707 + $sWhereClause,
  708 + $sOrderBy
  709 + );
  710 +
  711 + //var_dump(array($sQuery, $aFinalWhereParams));
  712 +
  713 + $res = DBUtil::getResultArray(array($sQuery, $aFinalWhereParams));
  714 + //var_dump($res); exit(0);
  715 + return $res;
  716 + }
  717 +}
  718 +?>
plugins/MyDropDocumentsPlugin/templates/MyDropDocumentsPlugin/dashlet.smarty
  View file @aff54aa
@@ -13,7 +13,7 @@ function hideTooltip() @@ -13,7 +13,7 @@ function hideTooltip()
13 </script> 13 </script>
14 <style type="text/css"> 14 <style type="text/css">
15 15
16 -#MyDropDocumentsDashlet 16 +#MyDropDocumentsDashlet
17 { 17 {
18 display: block; 18 display: block;
19 } 19 }
@@ -32,23 +32,23 @@ function hideTooltip() @@ -32,23 +32,23 @@ function hideTooltip()
32 background-color: #F5F6BE; 32 background-color: #F5F6BE;
33 } 33 }
34 34
35 -#MyDropDocumentsHeader  
36 -{  
37 - font-weight: bold; 35 +#MyDropDocumentsHeader
  36 +{
  37 + font-weight: bold;
38 margin-left: 25px; 38 margin-left: 25px;
39 } 39 }
40 -  
41 -#MyDropDocumentsBlock { 40 +
  41 +#MyDropDocumentsBlock {
42 padding: 0 25px; 42 padding: 0 25px;
43 } 43 }
44 -#MyDropDocumentsFooter 44 +#MyDropDocumentsFooter
45 { 45 {
46 position: absolute; 46 position: absolute;
47 bottom: 10px; 47 bottom: 10px;
48 - right: 35px; 48 + right: 35px;
49 width: 50%; 49 width: 50%;
50 -  
51 - 50 +
  51 +
52 } 52 }
53 53
54 .drop_box{ 54 .drop_box{
@@ -60,7 +60,7 @@ function hideTooltip() @@ -60,7 +60,7 @@ function hideTooltip()
60 {/literal} 60 {/literal}
61 <div> 61 <div>
62 <div id="MyDropDocumentsHeader"> 62 <div id="MyDropDocumentsHeader">
63 - 63 +
64 </div> 64 </div>
65 <div id="MyDropDocumentsBlock" name="MyDropDocumentsBlock"> 65 <div id="MyDropDocumentsBlock" name="MyDropDocumentsBlock">
66 Checking My Drop Documents 66 Checking My Drop Documents
@@ -70,9 +70,14 @@ function hideTooltip() @@ -70,9 +70,14 @@ function hideTooltip()
70 </div> 70 </div>
71 71
72 <div id="MyDropDocumentsFooter"> 72 <div id="MyDropDocumentsFooter">
73 - 73 +
74 </div> 74 </div>
75 75
76 </div> 76 </div>
77 <script type="text/javascript">var MY_DROP_DOCUMENTS = "{$url}";</script> 77 <script type="text/javascript">var MY_DROP_DOCUMENTS = "{$url}";</script>
78 -<script type="text/javascript">CheckFolderExists();</script>  
79 \ No newline at end of file 78 \ No newline at end of file
  79 +<script type="text/javascript">
  80 +Ext.onReady(function()
  81 +{
  82 + CheckFolderExists();
  83 +});
  84 +</script>
80 \ No newline at end of file 85 \ No newline at end of file