diff --git a/lib/upgrades/UpgradeFunctions.inc.php b/lib/upgrades/UpgradeFunctions.inc.php
index bcfeb22..70a774d 100644
--- a/lib/upgrades/UpgradeFunctions.inc.php
+++ b/lib/upgrades/UpgradeFunctions.inc.php
@@ -2,14 +2,69 @@
class UpgradeFunctions {
var $upgrades = array(
- "2.0.0" => array("setPermissionFolder", "rebuildSearchPermissions"),
+ "2.0.0" => array("setPermissionFolder"),
"2.0.6" => array("addTemplateMimeTypes"),
+ "2.0.8" => array("setPermissionObject"),
);
var $descriptions = array(
"rebuildSearchPermissions" => "Rebuild search permissions with updated algorithm",
"setPermissionFolder" => "Set permission folder for each folder for simplified permissions management",
"addTemplateMimeTypes" => "Add MIME types for Excel and Word templates",
+ "setPermissionObject" => "Set the permission object in charge of a document or folder",
);
+ var $phases = array(
+ "setPermissionObject" => 1,
+ );
+
+ // {{{ _setPermissionFolder
+ function _setPermissionFolder($oFolder) {
+ global $default;
+ $oInheritedFolder = $oFolder;
+ while ($bFoundPermissions !== true) {
+ /*ok*/$aCheckQuery = array('SELECT id FROM groups_folders_link WHERE folder_id = ? LIMIT 1', $oInheritedFolder->getID());
+ if (count(DBUtil::getResultArrayKey($aCheckQuery, 'id')) == 0) {
+ $default->log->debug('No direct permissions on folder ' . $oInheritedFolder->getID());
+ $bInherited = true;
+ $oInheritedFolder =& Folder::get($oInheritedFolder->getParentID());
+ if ($oInheritedFolder === false) {
+ break;
+ }
+ // if our parent knows the permission folder, use that.
+
+ $aQuery = array("SELECT permission_folder_id FROM folders WHERE id = ?", array($oInheritedFolder->getID()));
+ $iPermissionFolderID = DBUtil::getOneResultKey($aQuery, 'permission_folder_id');
+ if (!empty($iPermissionFolderID)) {
+ $aQuery = array(
+ "UPDATE folders SET permission_folder_id = ? WHERE id = ?",
+ array($iPermissionFolderID, $oFolder->getID())
+ );
+ DBUtil::runQuery($aQuery);
+ return;
+ }
+ $default->log->debug('... trying parent: ' . $oInheritedFolder->getID());
+ } else {
+ $default->log->debug('Found direct permissions on folder ' . $oInheritedFolder->getID());
+ $iPermissionFolderID = $oInheritedFolder->getID();
+ $aQuery = array(
+ "UPDATE folders SET permission_folder_id = ? WHERE id = ?",
+ array($iPermissionFolderID, $oFolder->getID())
+ );
+ DBUtil::runQuery($aQuery);
+ return;
+ }
+ }
+
+ $default->log->error('No permissions whatsoever for folder ' . $oFolder->getID());
+ // 0, which can never exist, for non-existent. null for not set yet (database upgrade).
+ $iPermissionFolderID = 0;
+ $aQuery = array(
+ "UPDATE folders SET permission_folder_id = ? WHERE id = ?",
+ array($iPermissionFolderID, $oFolder->getID())
+ );
+ DBUtil::runQuery($aQuery);
+ }
+ // }}}
+
function setPermissionFolder() {
global $default;
require_once(KT_LIB_DIR . '/foldermanagement/Folder.inc');
@@ -20,20 +75,8 @@ class UpgradeFunctions {
foreach ($aIDs as $iID) {
$oFolder =& Folder::get($iID);
- $oFolder->calculatePermissionFolder();
- $oFolder->update();
- }
- }
-
- function rebuildSearchPermissions() {
- require_once(KT_LIB_DIR . '/documentmanagement/Document.inc');
- require_once(KT_LIB_DIR . '/security/Permission.inc');
-
- $aDocuments = Document::getList();
- foreach ($aDocuments as $oDocument) {
- Permission::updateSearchPermissionsForDocument($oDocument->getID());
+ UpgradeFunctions::_setPermissionFolder($oFolder);
}
- return true;
}
function addTemplateMimeTypes() {
@@ -68,6 +111,109 @@ class UpgradeFunctions {
}
return true;
}
+
+ function _setRead($iID, $oPO) {
+ global $default;
+ print "setRead for $iID
\n";
+ $oPermission = KTPermission::getByName('ktcore.permissions.read');
+ $query = "SELECT group_id FROM $default->groups_folders_table WHERE folder_id = ? AND (can_read = ? OR can_write = ?)";
+ $aParams = array($iID, true, true);
+ $aGroupIDs = DBUtil::getResultArrayKey(array($query, $aParams), 'group_id');
+ $aAllowed = array("group" => $aGroupIDs);
+ KTPermissionUtil::setPermissionForID($oPermission, $oPO, $aAllowed);
+ }
+
+ function _setWrite($iID, $oPO) {
+ print "setWrite for $iID
\n";
+ global $default;
+ $oPermission = KTPermission::getByName('ktcore.permissions.write');
+ $query = "SELECT group_id FROM $default->groups_folders_table WHERE folder_id = ? AND can_write = ?";
+ $aParams = array($iID, true);
+ $aGroupIDs = DBUtil::getResultArrayKey(array($query, $aParams), 'group_id');
+ $aAllowed = array("group" => $aGroupIDs);
+ KTPermissionUtil::setPermissionForID($oPermission, $oPO, $aAllowed);
+ }
+
+ function _setAddFolder($iID, $oPO) {
+ print "setAddFolder for $iID
\n";
+ global $default;
+ $oPermission = KTPermission::getByName('ktcore.permissions.addFolder');
+ $query = "SELECT group_id FROM $default->groups_folders_table WHERE folder_id = ? AND can_write = ?";
+ $aParams = array($iID, true);
+ $aGroupIDs = DBUtil::getResultArrayKey(array($query, $aParams), 'group_id');
+ $aAllowed = array("group" => $aGroupIDs);
+ KTPermissionUtil::setPermissionForID($oPermission, $oPO, $aAllowed);
+ }
+
+ function setPermissionObject() {
+ global $default;
+ require_once(KT_LIB_DIR . '/foldermanagement/Folder.inc');
+ require_once(KT_LIB_DIR . '/documentmanagement/Document.inc');
+ require_once(KT_LIB_DIR . '/permissions/permissionobject.inc.php');
+ require_once(KT_LIB_DIR . '/permissions/permissionutil.inc.php');
+ require_once(KT_LIB_DIR . '/permissions/permission.inc.php');
+ $query = "SELECT id FROM $default->folders_table WHERE permission_folder_id = id AND permission_object_id IS NULL";
+ $aIDs = DBUtil::getResultArrayKey($query, 'id');
+ foreach ($aIDs as $iID) {
+ print "Setting permission on Folder $iID
\n";
+ $oFolder =& Folder::get($iID);
+ if (PEAR::isError($oFolder)) {
+ var_dump($oFolder);
+ exit(0);
+ }
+ if ($oFolder === false) {
+ print "Could not find folder...\n";
+ exit(0);
+ }
+ $oPO =& KTPermissionObject::createFromArray(array());
+ if (PEAR::isError($oFolder)) {
+ var_dump($oPO);
+ exit(0);
+ }
+ $oFolder->setPermissionObjectID($oPO->getId());
+ $oFolder->update();
+
+ UpgradeFunctions::_setRead($iID, $oPO);
+ UpgradeFunctions::_setWrite($iID, $oPO);
+ UpgradeFunctions::_setAddFolder($iID, $oPO);
+ }
+ $query = "SELECT id FROM $default->folders_table WHERE permission_object_id IS NULL";
+ $aIDs = DBUtil::getResultArrayKey($query, 'id');
+ foreach ($aIDs as $iID) {
+ $oFolder =& Folder::get($iID);
+ $query = "SELECT permission_folder_id FROM $default->folders_table WHERE id = ?";
+ $aParams = array($iID);
+ $iPermissionFolderID = DBUtil::getOneResultKey(array($query, $aParams), 'permission_folder_id');
+ $oPermissionFolder =& Folder::get($iPermissionFolderID);
+ $oFolder->setPermissionObjectID($oPermissionFolder->getPermissionObjectId());
+ $oFolder->update();
+ }
+ $query = "SELECT id FROM $default->documents_table WHERE permission_object_id IS NULL";
+ $aIDs = DBUtil::getResultArrayKey($query, 'id');
+ foreach ($aIDs as $iID) {
+ $oDocument =& Document::get($iID);
+ $oFolder =& Folder::get($oDocument->getFolderID());
+ if ($oFolder === false) {
+ continue;
+ }
+ $oDocument->setPermissionObjectID($oFolder->getPermissionObjectID());
+ $oDocument->update();
+ }
+
+ $query = "SELECT id FROM $default->documents_table WHERE permission_lookup_id IS NULL AND permission_object_id IS NOT NULL";
+ $aIDs = DBUtil::getResultArrayKey($query, 'id');
+ foreach ($aIDs as $iID) {
+ $oDocument =& Document::get($iID);
+ KTPermissionUtil::updatePermissionLookup($oDocument);
+ }
+
+ $query = "SELECT id FROM $default->folders_table WHERE permission_lookup_id IS NULL";
+ $aIDs = DBUtil::getResultArrayKey($query, 'id');
+ foreach ($aIDs as $iID) {
+ $oFolder =& Folder::get($iID);
+ KTPermissionUtil::updatePermissionLookup($oFolder);
+ }
+ }
}
?>