Peter M. Groen / knowledgetree

Commit bb33dad50e340efdfaa18d3dc6cccbccbb1662b3

Authored by Brad Shuttleworth
1 parent 1f5c058d

- role allocations now can be used to control permissions. 


git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@4458 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 7 changed files with 184 additions and 87 deletions
lib/permissions/permissionutil.inc.php
  View file @bb33dad
... ... @@ -228,12 +228,23 @@ class KTPermissionUtil {
228 228 }
229 229 // roles are _not_ always assigned (can be null at root)
230 230 if ($_roleCache[$iRoleId] != null) {
231   - $aAllowed['user'] = array_merge($aAllowed['user'], $_roleCache[$iRoleId]->getUsers());
232   - $aAllowed['group'] = array_merge($aAllowed['group'], $_roleCache[$iRoleId]->getGroups());
  231 + $aMapPermAllowed[$iPermissionId]['user'] = array_merge($aAllowed['user'], $_roleCache[$iRoleId]->getUserIds());
  232 + $aMapPermAllowed[$iPermissionId]['group'] = array_merge($aAllowed['group'], $_roleCache[$iRoleId]->getGroupIds());
233 233 }
234 234 }
  235 +
235 236 }
  237 + unset($aMapPermAllowed[$iPermissionId]['role']);
236 238 }
  239 +
  240 + /*
  241 + print '<pre>';
  242 + print '=======' . $oFolderOrDocument->getName();
  243 + print '<br />';
  244 + var_dump($aMapPermAllowed);
  245 + print '</pre>';
  246 + */
  247 +
237 248  
238 249 $aMapPermDesc = array();
239 250 foreach ($aMapPermAllowed as $iPermissionId => $aAllowed) {
... ...
lib/roles/roleallocation.inc.php
  View file @bb33dad
... ... @@ -151,6 +151,34 @@ class RoleAllocation extends KTEntity {
151 151 return $aFullGroups;
152 152 }
153 153  
  154 + function getUserIds() {
  155 + $oDescriptor = $this->getPermissionDescriptor();
  156 + $aUsers = array();
  157 + if (PEAR::isError($oDescriptor) || ($oDescriptor == false)) {
  158 + return $aUsers;
  159 + }
  160 + $aAllowed = $oDescriptor->getAllowed();
  161 + if ($aAllowed['user'] !== null) {
  162 + $aUsers = $aAllowed['user'];
  163 + }
  164 +
  165 + return $aUsers;
  166 + }
  167 +
  168 + function getGroupIds() {
  169 + $oDescriptor = $this->getPermissionDescriptor();
  170 + $aGroups = array();
  171 + if (PEAR::isError($oDescriptor) || ($oDescriptor == false)) {
  172 + return $aGroups;
  173 + }
  174 + $aAllowed = $oDescriptor->getAllowed();
  175 + if ($aAllowed['group'] !== null) {
  176 + $aGroups = $aAllowed['group'];
  177 + }
  178 +
  179 + return $aGroups;
  180 + }
  181 +
154 182 // utility function to establish user membership in this allocation.
155 183 // FIXME nbm: is there are more coherent way to do this ITO your PD infrastructure?
156 184 function hasMember($oUser) {
... ...
plugins/ktcore/KTFolderActions.php
  View file @bb33dad
... ... @@ -70,6 +70,7 @@ class KTFolderPermissionsAction extends KTFolderAction {
70 70 $oPO = KTPermissionObject::get($this->oFolder->getPermissionObjectId());
71 71 $aPermissions = KTPermission::getList();
72 72 $aMapPermissionGroup = array();
  73 + $aMapPermissionRole = array();
73 74 foreach ($aPermissions as $oPermission) {
74 75 $oPA = KTPermissionAssignment::getByPermissionAndObject($oPermission, $oPO);
75 76 if (PEAR::isError($oPA)) {
... ... @@ -82,15 +83,10 @@ class KTFolderPermissionsAction extends KTFolderAction {
82 83 foreach ($aIds as $iId) {
83 84 $aMapPermissionGroup[$iPermissionId][$iId] = true;
84 85 }
85   - }
86   - $aMapPermissionUser = array();
87   - $aUsers = User::getList();
88   - foreach ($aPermissions as $oPermission) {
89   - $iPermissionId = $oPermission->getId();
90   - foreach ($aUsers as $oUser) {
91   - if (KTPermissionUtil::userHasPermissionOnItem($oUser, $oPermission, $this->oFolder)) {
92   - $aMapPermissionUser[$iPermissionId][$oUser->getId()] = true;
93   - }
  86 + $aIds = $oDescriptor->getRoles();
  87 + $aMapPermissionRole[$iPermissionId] = array();
  88 + foreach ($aIds as $iId) {
  89 + $aMapPermissionRole[$iPermissionId][$iId] = true;
94 90 }
95 91 }
96 92  
... ... @@ -108,10 +104,10 @@ class KTFolderPermissionsAction extends KTFolderAction {
108 104 $aTemplateData = array(
109 105 "permissions" => $aPermissions,
110 106 "groups" => Group::getList(),
  107 + "roles" => Role::getList(),
111 108 "iFolderId" => $this->oFolder->getId(),
112 109 "aMapPermissionGroup" => $aMapPermissionGroup,
113   - "users" => $aUsers,
114   - "aMapPermissionUser" => $aMapPermissionUser,
  110 + "aMapPermissionRole" => $aMapPermissionRole,
115 111 "edit" => $bEdit,
116 112 "inherited" => $sInherited,
117 113 "conditions" => KTSavedSearch::getConditions(),
... ... @@ -167,6 +163,7 @@ class KTFolderPermissionsAction extends KTFolderAction {
167 163 $this->successRedirectToMain(_("Dynamic permission added"), "fFolderId=" . $this->oFolder->getId());
168 164 }
169 165 }
  166 +
170 167 $oPlugin->registerAction('folderaction', 'KTFolderPermissionsAction', 'ktcore.actions.folder.permissions');
171 168 $oPlugin->registerAction('folderaction', 'KTBulkImportFolderAction', 'ktcore.actions.folder.bulkImport', 'folder/BulkImport.php');
172 169 $oPlugin->registerAction('folderaction', 'KTBulkUploadFolderAction', 'ktcore.actions.folder.bulkUpload', 'folder/BulkUpload.php');
... ...
plugins/ktcore/KTPermissions.php
  View file @bb33dad
... ... @@ -30,6 +30,7 @@ class KTDocumentPermissionsAction extends KTDocumentAction {
30 30 $oPO = KTPermissionObject::get($this->oDocument->getPermissionObjectID());
31 31 $aPermissions = KTPermission::getList();
32 32 $aMapPermissionGroup = array();
  33 + $aMapPermissionRole = array();
33 34 foreach ($aPermissions as $oPermission) {
34 35 $oPA = KTPermissionAssignment::getByPermissionAndObject($oPermission, $oPO);
35 36 if (PEAR::isError($oPA)) {
... ... @@ -42,16 +43,11 @@ class KTDocumentPermissionsAction extends KTDocumentAction {
42 43 foreach ($aIDs as $iID) {
43 44 $aMapPermissionGroup[$iPermissionID][$iID] = true;
44 45 }
45   - }
46   - $aMapPermissionUser = array();
47   - $aUsers = User::getList();
48   - foreach ($aPermissions as $oPermission) {
49   - $iPermissionID = $oPermission->getID();
50   - foreach ($aUsers as $oUser) {
51   - if (KTPermissionUtil::userHasPermissionOnItem($oUser, $oPermission, $this->oDocument)) {
52   - $aMapPermissionUser[$iPermissionID][$oUser->getID()] = true;
53   - }
54   - }
  46 + $aIds = $oDescriptor->getRoles();
  47 + $aMapPermissionRole[$iPermissionID] = array();
  48 + foreach ($aIds as $iId) {
  49 + $aMapPermissionRole[$iPermissionID][$iId] = true;
  50 + }
55 51 }
56 52  
57 53 $oInherited = KTPermissionUtil::findRootObjectForPermissionObject($oPO);
... ... @@ -70,10 +66,10 @@ class KTDocumentPermissionsAction extends KTDocumentAction {
70 66 "context" => $this,
71 67 "permissions" => $aPermissions,
72 68 "groups" => Group::getList(),
  69 + "roles" => Role::getList(),
73 70 "iDocumentID" => $_REQUEST['fDocumentID'],
74 71 "aMapPermissionGroup" => $aMapPermissionGroup,
75   - "users" => $aUsers,
76   - "aMapPermissionUser" => $aMapPermissionUser,
  72 + "aMapPermissionRole" => $aMapPermissionRole,
77 73 "edit" => $bEdit,
78 74 "inherited" => $sInherited,
79 75 );
... ... @@ -158,6 +154,7 @@ class KTRoleAllocationPlugin extends KTFolderAction {
158 154  
159 155 // map to users, groups.
160 156 foreach ($aRoles as $key => $role) {
  157 + /*
161 158 $_users = array();
162 159 foreach ($aRoles[$key]['users'] as $iUserId) {
163 160 $oUser = User::get($iUserId);
... ... @@ -170,6 +167,7 @@ class KTRoleAllocationPlugin extends KTFolderAction {
170 167 } else {
171 168 $aRoles[$key]['users'] = join(', ',$_users);
172 169 }
  170 + */
173 171  
174 172 $_groups = array();
175 173 foreach ($aRoles[$key]['groups'] as $iGroupId) {
... ...
templates/ktcore/document/document_permissions.smarty
  View file @bb33dad
... ... @@ -37,6 +37,7 @@ td.false { background-color: #ffaaaa; text-align: centre }
37 37 { /if }
38 38 <div class="view" id="view">
39 39 <table class="pretty" cellspacing="0" cellpadding="0" border="0" width="100%">
  40 +
40 41 <thead>
41 42 <tr>
42 43 <th>Group</th>
... ... @@ -63,6 +64,34 @@ td.false { background-color: #ffaaaa; text-align: centre }
63 64 </tbody>
64 65 </table>
65 66  
  67 +
  68 +<table class="pretty" cellspacing="0" cellpadding="0" border="0" width="100%">
  69 +<thead>
  70 +<tr>
  71 +<th>Role</th>
  72 +{ foreach item=oPerm from=$permissions }
  73 +<th title="{$oPerm->sName}">{$oPerm->sHumanName}</th>
  74 +{ /foreach }
  75 +</tr>
  76 +</thead>
  77 +<tbody>
  78 +{ foreach item=oRole from=$roles }
  79 +<td>{$oRole->getId()} / {$oRole->getName()}</td>
  80 + { assign var=iRoleId value=$oRole->getId() }
  81 + { foreach item=oPerm from=$permissions }
  82 + { assign var=iPermId value=$oPerm->getId() }
  83 + { assign var=bHasPerm value=$aMapPermissionRole[$iPermId][$iRoleId] }
  84 +{ if $bHasPerm }
  85 +<td class="true">True</td>
  86 +{ else }
  87 +<td class="false">False</td>
  88 +{ /if }
  89 + { /foreach }
  90 +</tr>
  91 +{ /foreach }
  92 +</tbody>
  93 +</table>
  94 +
66 95 <div style="text-align: center; padding-top: 2px">
67 96 <span style="border: 1px solid #cccccc; background-color: #ffeeee;
68 97 padding: 2px; padding-right: 1em; padding-left: 1em">
... ... @@ -114,38 +143,40 @@ value=&quot;{$iGroupID}&quot;&gt;&lt;/td&gt;
114 143 </tbody>
115 144 </table>
116 145  
117   -<input type="submit" name="submit" value="{i18n}Update{/i18n}">
118   -</form>
119   -</div>
120   -{ /if }
121 146  
122   -<h2>{i18n}User permissions{/i18n}</h2>
123   -
124   -<div>
125 147 <table class="pretty" cellspacing="0" cellpadding="0" border="0" width="100%">
126 148 <thead>
127 149 <tr>
128   -<th>{i18n}User{/i18n}</th>
  150 +<th>Role</th>
129 151 { foreach item=oPerm from=$permissions }
130 152 <th title="{$oPerm->sName}">{$oPerm->sHumanName}</th>
131 153 { /foreach }
132 154 </tr>
133 155 </thead>
  156 +
134 157 <tbody>
135   -{ foreach item=oUser from=$users }
136   -<td>{$oUser->getID()} / {$oUser->getName()}</td>
137   - { assign var=iUserID value=$oUser->getID() }
  158 +{ foreach item=oRole from=$roles }
  159 +<td>{$oRole->getId()} / {$oRole->getName()}</td>
  160 + { assign var=iRoleId value=$oRole->getId() }
138 161 { foreach item=oPerm from=$permissions }
139   - { assign var=iPermID value=$oPerm->getID() }
140   - { assign var=bHasPerm value=$aMapPermissionUser[$iPermID][$iUserID] }
  162 + { assign var=iPermId value=$oPerm->getId() }
  163 + { assign var=bHasPerm value=$aMapPermissionRole[$iPermId][$iRoleId] }
  164 +
141 165 { if $bHasPerm }
142   -<td class="true">{i18n}True{/i18n}</td>
  166 +<td class="true"><input type="checkbox" name="foo[{$iPermId}][role][]"
  167 +value="{$iRoleId}" checked="true"></td>
143 168 { else }
144   -<td class="false">{i18n}False{/i18n}</td>
  169 +<td class="false"><input type="checkbox" name="foo[{$iPermId}][role][]"
  170 +value="{$iRoleId}"></td>
145 171 { /if }
146 172 { /foreach }
147 173 </tr>
148 174 { /foreach }
149 175 </tbody>
150 176 </table>
  177 +
  178 +
  179 +<input type="submit" name="submit" value="{i18n}Update{/i18n}">
  180 +</form>
151 181 </div>
  182 +{ /if }
... ...
templates/ktcore/folder/permissions.smarty
  View file @bb33dad
... ... @@ -65,22 +65,36 @@ MochiKit.DOM.hideElement(&#39;view&#39;);&quot;&gt;{i18n}Edit{/i18n}&lt;/a&gt;
65 65 </tbody>
66 66 </table>
67 67  
68   -<div style="text-align: center; padding-top: 2px">
69   -<span style="border: 1px solid #cccccc; background-color: #ffeeee;
70   -padding: 2px; padding-right: 1em; padding-left: 1em">
71   -{ if $inherited }
72   -{i18n}Inherited from:{/i18n} {$inherited}
73   -[<a
74   -href="{$smarty.server.PHP_SELF}?action=copyPermissions&fFolderId={$iFolderId}">{i18n}Copy{/i18n}</a>]
  68 +<table class="pretty" cellspacing="0" cellpadding="0" border="0" width="100%">
  69 +<thead>
  70 +<tr>
  71 +<th>Role</th>
  72 +{ foreach item=oPerm from=$permissions }
  73 +<th title="{$oPerm->sName}">{$oPerm->sHumanName}</th>
  74 +{ /foreach }
  75 +</tr>
  76 +</thead>
  77 +<tbody>
  78 +{ foreach item=oRole from=$roles }
  79 +<td>{$oRole->getId()} / {$oRole->getName()}</td>
  80 + { assign var=iRoleId value=$oRole->getId() }
  81 + { foreach item=oPerm from=$permissions }
  82 + { assign var=iPermId value=$oPerm->getId() }
  83 + { assign var=bHasPerm value=$aMapPermissionRole[$iPermId][$iRoleId] }
  84 +{ if $bHasPerm }
  85 +<td class="true">True</td>
75 86 { else }
76   -[<a
77   -href="{$smarty.server.PHP_SELF}?action=inheritPermissions&fFolderId={$iFolderId}">{i18n}Use
78   -parent's permissions{/i18n}</a>]
  87 +<td class="false">False</td>
79 88 { /if }
80   -</span>
81   -</div>
  89 + { /foreach }
  90 +</tr>
  91 +{ /foreach }
  92 +</tbody>
  93 +</table>
  94 +
82 95 </div>
83 96  
  97 +
84 98 { if $edit }
85 99 <div class="edit" id="edit">
86 100 <form action="{$smarty.server.PHP_SELF}" method="POST">
... ... @@ -115,11 +129,60 @@ value=&quot;{$iGroupId}&quot;&gt;&lt;/td&gt;
115 129 </tbody>
116 130 </table>
117 131  
  132 +<table class="pretty" cellspacing="0" cellpadding="0" border="0" width="100%">
  133 +<thead>
  134 +<tr>
  135 +<th>Role</th>
  136 +{ foreach item=oPerm from=$permissions }
  137 +<th title="{$oPerm->sName}">{$oPerm->sHumanName}</th>
  138 +{ /foreach }
  139 +</tr>
  140 +</thead>
  141 +
  142 +<tbody>
  143 +{ foreach item=oRole from=$roles }
  144 +<td>{$oRole->getId()} / {$oRole->getName()}</td>
  145 + { assign var=iRoleId value=$oRole->getId() }
  146 + { foreach item=oPerm from=$permissions }
  147 + { assign var=iPermId value=$oPerm->getId() }
  148 + { assign var=bHasPerm value=$aMapPermissionRole[$iPermId][$iRoleId] }
  149 +
  150 +{ if $bHasPerm }
  151 +<td class="true"><input type="checkbox" name="foo[{$iPermId}][role][]"
  152 +value="{$iRoleId}" checked="true"></td>
  153 +{ else }
  154 +<td class="false"><input type="checkbox" name="foo[{$iPermId}][role][]"
  155 +value="{$iRoleId}"></td>
  156 +{ /if }
  157 + { /foreach }
  158 +</tr>
  159 +{ /foreach }
  160 +</tbody>
  161 +</table>
  162 +
118 163 <input type="submit" name="submit" value="{i18n}Update{/i18n}">
119 164 </form>
  165 +
120 166 </div>
121 167 { /if }
122 168  
  169 +
  170 +
  171 +<div style="text-align: center; padding-top: 2px">
  172 +<span style="border: 1px solid #cccccc; background-color: #ffeeee;
  173 +padding: 2px; padding-right: 1em; padding-left: 1em">
  174 +{ if $inherited }
  175 +{i18n}Inherited from:{/i18n} {$inherited}
  176 +[<a
  177 +href="{$smarty.server.PHP_SELF}?action=copyPermissions&fFolderId={$iFolderId}">{i18n}Copy{/i18n}</a>]
  178 +{ else }
  179 +[<a
  180 +href="{$smarty.server.PHP_SELF}?action=inheritPermissions&fFolderId={$iFolderId}">{i18n}Use
  181 +parent's permissions{/i18n}</a>]
  182 +{ /if }
  183 +</span>
  184 +</div>
  185 +
123 186 <h2>Dynamic permissions</h2>
124 187  
125 188 { if $dynamic_conditions }
... ... @@ -186,34 +249,3 @@ $this-&gt;assign(&quot;aPermissions&quot;, $this-&gt;_tpl_vars[&#39;oDynamicCondition&#39;]-&gt;getAssignme
186 249 <input type="submit" name="submit" value="{i18n}Add{/i18n}" />
187 250 </form>
188 251 { /if }
189   -
190   -<h2>User permissions</h2>
191   -
192   -<div>
193   -<table class="pretty" cellspacing="0" cellpadding="0" border="0" width="100%">
194   -<thead>
195   -<tr>
196   -<th>{i18n}User{/i18n}</th>
197   -{ foreach item=oPerm from=$permissions }
198   -<th title="{$oPerm->sName}">{$oPerm->sHumanName}</th>
199   -{ /foreach }
200   -</tr>
201   -</thead>
202   -<tbody>
203   -{ foreach item=oUser from=$users }
204   -<td>{$oUser->getId()} / {$oUser->getName()}</td>
205   - { assign var=iUserId value=$oUser->getId() }
206   - { foreach item=oPerm from=$permissions }
207   - { assign var=iPermId value=$oPerm->getId() }
208   - { assign var=bHasPerm value=$aMapPermissionUser[$iPermId][$iUserId] }
209   -{ if $bHasPerm }
210   -<td class="true">{i18n}True{/i18n}</td>
211   -{ else }
212   -<td class="false">{i18n}False{/i18n}</td>
213   -{ /if }
214   - { /foreach }
215   -</tr>
216   -{ /foreach }
217   -</tbody>
218   -</table>
219   -</div>
... ...
templates/ktcore/folder/roles.smarty
  View file @bb33dad
... ... @@ -14,7 +14,7 @@ role allocations can take very long time, depending on the number of folders bel
14 14 <tr>
15 15 <th>{i18n}Role{/i18n}</th>
16 16 <th>{i18n}Allocated users{/i18n}</th>
17   - <th>{i18n}Edit Users{/i18n}</th>
  17 +<!-- <th>{i18n}Edit Users{/i18n}</th> -->
18 18 <th>{i18n}Edit Groups{/i18n}</th>
19 19 <th>{i18n}Use Parent{/i18n}</th>
20 20 </tr>
... ... @@ -28,16 +28,16 @@ role allocations can take very long time, depending on the number of folders bel
28 28 <strong>{i18n}inherited from parent folder.{/i18n}</strong><br />
29 29 <span class="descriptiveText">
30 30 {/if}
31   - {if ($aRole.users != null)}<strong>{i18n}Users:{/i18n}</strong> {$aRole.users}<br />{/if}
  31 +<!-- {if ($aRole.users != null)}<strong>{i18n}Users:{/i18n}</strong> {$aRole.users}<br />{/if} -->
32 32 {if ($aRole.groups != null)}<strong>{i18n}Groups:{/i18n}</strong> {$aRole.groups}{/if}
33 33 {if ($aRole.allocation_id === null)}
34 34 </span class="descriptiveText">
35 35 {/if}
36 36 </td>
37 37 {if ($aRole.allocation_id === null)}
38   - <td colspan="3"><a href="{$smarty.server.PHP_SELF}?action=overrideParent&role_id={$role_id}&fFolderId={$context->oFolder->getId()}">{i18n}Override Parent Allocation{/i18n}</a></td>
  38 + <td colspan="2"><a href="{$smarty.server.PHP_SELF}?action=overrideParent&role_id={$role_id}&fFolderId={$context->oFolder->getId()}">{i18n}Override Parent Allocation{/i18n}</a></td>
39 39 {else}
40   - <td><a href="{$smarty.server.PHP_SELF}?action=editRoleUsers&alloc_id={$aRole.allocation_id}&fFolderId={$context->oFolder->getId()}" class="ktAction ktEdit" title="{i18n}Edit{/i18n}">Edit</a></td>
  40 +<!-- <td><a href="{$smarty.server.PHP_SELF}?action=editRoleUsers&alloc_id={$aRole.allocation_id}&fFolderId={$context->oFolder->getId()}" class="ktAction ktEdit" title="{i18n}Edit{/i18n}">Edit</a></td> -->
41 41 <td><a href="{$smarty.server.PHP_SELF}?action=editRoleGroups&alloc_id={$aRole.allocation_id}&fFolderId={$context->oFolder->getId()}" class="ktAction ktEdit" title="{i18n}Edit{/i18n}">Edit</a></td>
42 42 <td><a href="{$smarty.server.PHP_SELF}?action=useParent&role_id={$role_id}&fFolderId={$context->oFolder->getId()}" class="ktAction ktDelete" title="{i18n}Use parent's allocation{/i18n}">{i18n}Use parent's allocation{/i18n}</a></td>
43 43 {/if}
... ...