diff --git a/lib/permissions/permissionutil.inc.php b/lib/permissions/permissionutil.inc.php index 24c0254..7202a88 100644 --- a/lib/permissions/permissionutil.inc.php +++ b/lib/permissions/permissionutil.inc.php @@ -228,12 +228,23 @@ class KTPermissionUtil { } // roles are _not_ always assigned (can be null at root) if ($_roleCache[$iRoleId] != null) { - $aAllowed['user'] = array_merge($aAllowed['user'], $_roleCache[$iRoleId]->getUsers()); - $aAllowed['group'] = array_merge($aAllowed['group'], $_roleCache[$iRoleId]->getGroups()); + $aMapPermAllowed[$iPermissionId]['user'] = array_merge($aAllowed['user'], $_roleCache[$iRoleId]->getUserIds()); + $aMapPermAllowed[$iPermissionId]['group'] = array_merge($aAllowed['group'], $_roleCache[$iRoleId]->getGroupIds()); } } + } + unset($aMapPermAllowed[$iPermissionId]['role']); } + + /* + print '
';
+        print '=======' . $oFolderOrDocument->getName();
+        print '
';
+        var_dump($aMapPermAllowed);
+        print '
'; + */ + $aMapPermDesc = array(); foreach ($aMapPermAllowed as $iPermissionId => $aAllowed) { diff --git a/lib/roles/roleallocation.inc.php b/lib/roles/roleallocation.inc.php index 99f09bb..57cbf38 100644 --- a/lib/roles/roleallocation.inc.php +++ b/lib/roles/roleallocation.inc.php @@ -151,6 +151,34 @@ class RoleAllocation extends KTEntity { return $aFullGroups; } + function getUserIds() { + $oDescriptor = $this->getPermissionDescriptor(); + $aUsers = array(); + if (PEAR::isError($oDescriptor) || ($oDescriptor == false)) { + return $aUsers; + } + $aAllowed = $oDescriptor->getAllowed(); + if ($aAllowed['user'] !== null) { + $aUsers = $aAllowed['user']; + } + + return $aUsers; + } + + function getGroupIds() { + $oDescriptor = $this->getPermissionDescriptor(); + $aGroups = array(); + if (PEAR::isError($oDescriptor) || ($oDescriptor == false)) { + return $aGroups; + } + $aAllowed = $oDescriptor->getAllowed(); + if ($aAllowed['group'] !== null) { + $aGroups = $aAllowed['group']; + } + + return $aGroups; + } + // utility function to establish user membership in this allocation. // FIXME nbm: is there are more coherent way to do this ITO your PD infrastructure? function hasMember($oUser) { diff --git a/plugins/ktcore/KTFolderActions.php b/plugins/ktcore/KTFolderActions.php index 2fd15fb..c0590f7 100644 --- a/plugins/ktcore/KTFolderActions.php +++ b/plugins/ktcore/KTFolderActions.php @@ -70,6 +70,7 @@ class KTFolderPermissionsAction extends KTFolderAction { $oPO = KTPermissionObject::get($this->oFolder->getPermissionObjectId()); $aPermissions = KTPermission::getList(); $aMapPermissionGroup = array(); + $aMapPermissionRole = array(); foreach ($aPermissions as $oPermission) { $oPA = KTPermissionAssignment::getByPermissionAndObject($oPermission, $oPO); if (PEAR::isError($oPA)) { @@ -82,15 +83,10 @@ class KTFolderPermissionsAction extends KTFolderAction { foreach ($aIds as $iId) { $aMapPermissionGroup[$iPermissionId][$iId] = true; } - } - $aMapPermissionUser = array(); - $aUsers = User::getList(); - foreach ($aPermissions as $oPermission) { - $iPermissionId = $oPermission->getId(); - foreach ($aUsers as $oUser) { - if (KTPermissionUtil::userHasPermissionOnItem($oUser, $oPermission, $this->oFolder)) { - $aMapPermissionUser[$iPermissionId][$oUser->getId()] = true; - } + $aIds = $oDescriptor->getRoles(); + $aMapPermissionRole[$iPermissionId] = array(); + foreach ($aIds as $iId) { + $aMapPermissionRole[$iPermissionId][$iId] = true; } } @@ -108,10 +104,10 @@ class KTFolderPermissionsAction extends KTFolderAction { $aTemplateData = array( "permissions" => $aPermissions, "groups" => Group::getList(), + "roles" => Role::getList(), "iFolderId" => $this->oFolder->getId(), "aMapPermissionGroup" => $aMapPermissionGroup, - "users" => $aUsers, - "aMapPermissionUser" => $aMapPermissionUser, + "aMapPermissionRole" => $aMapPermissionRole, "edit" => $bEdit, "inherited" => $sInherited, "conditions" => KTSavedSearch::getConditions(), @@ -167,6 +163,7 @@ class KTFolderPermissionsAction extends KTFolderAction { $this->successRedirectToMain(_("Dynamic permission added"), "fFolderId=" . $this->oFolder->getId()); } } + $oPlugin->registerAction('folderaction', 'KTFolderPermissionsAction', 'ktcore.actions.folder.permissions'); $oPlugin->registerAction('folderaction', 'KTBulkImportFolderAction', 'ktcore.actions.folder.bulkImport', 'folder/BulkImport.php'); $oPlugin->registerAction('folderaction', 'KTBulkUploadFolderAction', 'ktcore.actions.folder.bulkUpload', 'folder/BulkUpload.php'); diff --git a/plugins/ktcore/KTPermissions.php b/plugins/ktcore/KTPermissions.php index a41723a..0118dc0 100644 --- a/plugins/ktcore/KTPermissions.php +++ b/plugins/ktcore/KTPermissions.php @@ -30,6 +30,7 @@ class KTDocumentPermissionsAction extends KTDocumentAction { $oPO = KTPermissionObject::get($this->oDocument->getPermissionObjectID()); $aPermissions = KTPermission::getList(); $aMapPermissionGroup = array(); + $aMapPermissionRole = array(); foreach ($aPermissions as $oPermission) { $oPA = KTPermissionAssignment::getByPermissionAndObject($oPermission, $oPO); if (PEAR::isError($oPA)) { @@ -42,16 +43,11 @@ class KTDocumentPermissionsAction extends KTDocumentAction { foreach ($aIDs as $iID) { $aMapPermissionGroup[$iPermissionID][$iID] = true; } - } - $aMapPermissionUser = array(); - $aUsers = User::getList(); - foreach ($aPermissions as $oPermission) { - $iPermissionID = $oPermission->getID(); - foreach ($aUsers as $oUser) { - if (KTPermissionUtil::userHasPermissionOnItem($oUser, $oPermission, $this->oDocument)) { - $aMapPermissionUser[$iPermissionID][$oUser->getID()] = true; - } - } + $aIds = $oDescriptor->getRoles(); + $aMapPermissionRole[$iPermissionID] = array(); + foreach ($aIds as $iId) { + $aMapPermissionRole[$iPermissionID][$iId] = true; + } } $oInherited = KTPermissionUtil::findRootObjectForPermissionObject($oPO); @@ -70,10 +66,10 @@ class KTDocumentPermissionsAction extends KTDocumentAction { "context" => $this, "permissions" => $aPermissions, "groups" => Group::getList(), + "roles" => Role::getList(), "iDocumentID" => $_REQUEST['fDocumentID'], "aMapPermissionGroup" => $aMapPermissionGroup, - "users" => $aUsers, - "aMapPermissionUser" => $aMapPermissionUser, + "aMapPermissionRole" => $aMapPermissionRole, "edit" => $bEdit, "inherited" => $sInherited, ); @@ -158,6 +154,7 @@ class KTRoleAllocationPlugin extends KTFolderAction { // map to users, groups. foreach ($aRoles as $key => $role) { + /* $_users = array(); foreach ($aRoles[$key]['users'] as $iUserId) { $oUser = User::get($iUserId); @@ -170,6 +167,7 @@ class KTRoleAllocationPlugin extends KTFolderAction { } else { $aRoles[$key]['users'] = join(', ',$_users); } + */ $_groups = array(); foreach ($aRoles[$key]['groups'] as $iGroupId) { diff --git a/templates/ktcore/document/document_permissions.smarty b/templates/ktcore/document/document_permissions.smarty index 8e08153..21a1ceb 100644 --- a/templates/ktcore/document/document_permissions.smarty +++ b/templates/ktcore/document/document_permissions.smarty @@ -37,6 +37,7 @@ td.false { background-color: #ffaaaa; text-align: centre } { /if }
+ @@ -63,6 +64,34 @@ td.false { background-color: #ffaaaa; text-align: centre }
Group
+ + + + + +{ foreach item=oPerm from=$permissions } + +{ /foreach } + + + +{ foreach item=oRole from=$roles } + + { assign var=iRoleId value=$oRole->getId() } + { foreach item=oPerm from=$permissions } + { assign var=iPermId value=$oPerm->getId() } + { assign var=bHasPerm value=$aMapPermissionRole[$iPermId][$iRoleId] } +{ if $bHasPerm } + +{ else } + +{ /if } + { /foreach } + +{ /foreach } + +
Role{$oPerm->sHumanName}
{$oRole->getId()} / {$oRole->getName()}TrueFalse
+
@@ -114,38 +143,40 @@ value="{$iGroupID}"> - - -
-{ /if } -

{i18n}User permissions{/i18n}

- -
- + { foreach item=oPerm from=$permissions } { /foreach } + -{ foreach item=oUser from=$users } - - { assign var=iUserID value=$oUser->getID() } +{ foreach item=oRole from=$roles } + + { assign var=iRoleId value=$oRole->getId() } { foreach item=oPerm from=$permissions } - { assign var=iPermID value=$oPerm->getID() } - { assign var=bHasPerm value=$aMapPermissionUser[$iPermID][$iUserID] } + { assign var=iPermId value=$oPerm->getId() } + { assign var=bHasPerm value=$aMapPermissionRole[$iPermId][$iRoleId] } + { if $bHasPerm } - + { else } - + { /if } { /foreach } { /foreach }
{i18n}User{/i18n}Role{$oPerm->sHumanName}
{$oUser->getID()} / {$oUser->getName()}{$oRole->getId()} / {$oRole->getName()}{i18n}True{/i18n}{i18n}False{/i18n}
+ + + +
+{ /if } diff --git a/templates/ktcore/folder/permissions.smarty b/templates/ktcore/folder/permissions.smarty index 9336b5f..edb9f7d 100644 --- a/templates/ktcore/folder/permissions.smarty +++ b/templates/ktcore/folder/permissions.smarty @@ -65,22 +65,36 @@ MochiKit.DOM.hideElement('view');">{i18n}Edit{/i18n} -
- -{ if $inherited } -{i18n}Inherited from:{/i18n} {$inherited} -[{i18n}Copy{/i18n}] + + + + +{ foreach item=oPerm from=$permissions } + +{ /foreach } + + + +{ foreach item=oRole from=$roles } + + { assign var=iRoleId value=$oRole->getId() } + { foreach item=oPerm from=$permissions } + { assign var=iPermId value=$oPerm->getId() } + { assign var=bHasPerm value=$aMapPermissionRole[$iPermId][$iRoleId] } +{ if $bHasPerm } + { else } -[{i18n}Use -parent's permissions{/i18n}] + { /if } - - + { /foreach } + +{ /foreach } + +
Role{$oPerm->sHumanName}
{$oRole->getId()} / {$oRole->getName()}TrueFalse
+
+ { if $edit }
@@ -115,11 +129,60 @@ value="{$iGroupId}"> + + + + +{ foreach item=oPerm from=$permissions } + +{ /foreach } + + + + +{ foreach item=oRole from=$roles } + + { assign var=iRoleId value=$oRole->getId() } + { foreach item=oPerm from=$permissions } + { assign var=iPermId value=$oPerm->getId() } + { assign var=bHasPerm value=$aMapPermissionRole[$iPermId][$iRoleId] } + +{ if $bHasPerm } + +{ else } + +{ /if } + { /foreach } + +{ /foreach } + +
Role{$oPerm->sHumanName}
{$oRole->getId()} / {$oRole->getName()}
+
+
{ /if } + + +
+ +{ if $inherited } +{i18n}Inherited from:{/i18n} {$inherited} +[{i18n}Copy{/i18n}] +{ else } +[{i18n}Use +parent's permissions{/i18n}] +{ /if } + +
+

Dynamic permissions

{ if $dynamic_conditions } @@ -186,34 +249,3 @@ $this->assign("aPermissions", $this->_tpl_vars['oDynamicCondition']->getAssignme { /if } - -

User permissions

- -
- - - - -{ foreach item=oPerm from=$permissions } - -{ /foreach } - - - -{ foreach item=oUser from=$users } - - { assign var=iUserId value=$oUser->getId() } - { foreach item=oPerm from=$permissions } - { assign var=iPermId value=$oPerm->getId() } - { assign var=bHasPerm value=$aMapPermissionUser[$iPermId][$iUserId] } -{ if $bHasPerm } - -{ else } - -{ /if } - { /foreach } - -{ /foreach } - -
{i18n}User{/i18n}{$oPerm->sHumanName}
{$oUser->getId()} / {$oUser->getName()}{i18n}True{/i18n}{i18n}False{/i18n}
-
diff --git a/templates/ktcore/folder/roles.smarty b/templates/ktcore/folder/roles.smarty index dc292b6..ee06e92 100644 --- a/templates/ktcore/folder/roles.smarty +++ b/templates/ktcore/folder/roles.smarty @@ -14,7 +14,7 @@ role allocations can take very long time, depending on the number of folders bel {i18n}Role{/i18n} {i18n}Allocated users{/i18n} - {i18n}Edit Users{/i18n} + {i18n}Edit Groups{/i18n} {i18n}Use Parent{/i18n} @@ -28,16 +28,16 @@ role allocations can take very long time, depending on the number of folders bel {i18n}inherited from parent folder.{/i18n}
{/if} - {if ($aRole.users != null)}{i18n}Users:{/i18n} {$aRole.users}
{/if} + {if ($aRole.groups != null)}{i18n}Groups:{/i18n} {$aRole.groups}{/if} {if ($aRole.allocation_id === null)} {/if} {if ($aRole.allocation_id === null)} - {i18n}Override Parent Allocation{/i18n} + {i18n}Override Parent Allocation{/i18n} {else} - Edit + Edit {i18n}Use parent's allocation{/i18n} {/if}