fix for KTS-583: delete fails

git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@5060 c91229c3-7414-0410-bfa2-8a42b809f60b

fix for KTS-583: delete fails
git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@5060 c91229c3-7414-0410-bfa2-8a42b809f60b
Brad Shuttleworth
1 parent 43686f9f
Showing 3 changed files with 22 additions and 10 deletions
browse.php
lib/foldermanagement/folderutil.inc.php
plugins/ktcore/KTDocumentActions.php
@@ -43,6 +43,8 @@ require_once(KT_LIB_DIR . &quot;/widgets/portlet.inc.php&quot;);
 require_once(KT_LIB_DIR . '/actions/folderaction.inc.php');
 require_once(KT_DIR . '/plugins/ktcore/KTFolderActions.php');
+require_once(KT_LIB_DIR . "/permissions/permissionutil.inc.php");
+require_once(KT_LIB_DIR . "/permissions/permission.inc.php");
 /******* NBM's FAMOUS MOVECOLUMN HACK
  *
@@ -683,6 +685,7 @@ class BrowseDispatcher extends KTStandardDispatcher {
         $aFolderSelection = KTUtil::arrayGet($_REQUEST, 'selection_f' , array());
         $aDocumentSelection = KTUtil::arrayGet($_REQUEST, 'selection_d' , array());
+        $oPerm = KTPermission::getByName('ktcore.permissions.delete');
         // now show the items...
         $delItems = array();
@@ -696,6 +699,9 @@ class BrowseDispatcher extends KTStandardDispatcher {
             $folderStr = '<strong>' . _('Folders: ') . '</strong>';
             foreach ($aFolderSelection as $iFolderId) {
                 $oF = Folder::get($iFolderId);
+                if (!KTPermissionUtil::userHasPermissionOnItem($this->oUser, $oPerm, $oF)) {
+                    $this->errorRedirectToMain(_('You do not have permission to delete the folder: ') . $oF->getName());
+                }
                 $delItems['folders'][] = $oF->getName();
             }
             $folderStr .= implode(', ', $delItems['folders']);
@@ -705,7 +711,12 @@ class BrowseDispatcher extends KTStandardDispatcher {
             $documentStr = '<strong>' . _('Documents: ') . '</strong>';
             foreach ($aDocumentSelection as $iDocId) {
                 $oD = Document::get($iDocId);
-                $delItems['documents'][] = $oD->getName();
+                if (!KTPermissionUtil::userHasPermissionOnItem($this->oUser, $oPerm, $oD)) {
+                    $this->errorRedirectToMain(_('You do not have permission to delete the document: ') . $oD->getName());
+                }
+                if (!PEAR::isError($oD)) {
+                    $delItems['documents'][] = $oD->getName();
+                }
             }
             $documentStr .= implode(', ', $delItems['documents']);
         }
@@ -734,7 +745,7 @@ class BrowseDispatcher extends KTStandardDispatcher {
         $fFolderId = KTUtil::arrayGet($_REQUEST, 'fFolderId', 1);
-        
+        $oPerm = KTPermission::getByName('ktcore.permissions.delete');
         $res = KTUtil::arrayGet($_REQUEST,'sReason');
         $sReason = $res;
         if (empty($res)) {
@@ -751,17 +762,19 @@ class BrowseDispatcher extends KTStandardDispatcher {
             $oF = Folder::get($id);
             if (PEAR::isError($oF) || ($oF == false)) {
                 return $this->errorRedirectToMain(_('Invalid Folder selected.'));
-            } else {
+            } else if (!KTPermissionUtil::userHasPermissionOnItem($this->oUser, $oPerm, $oF)) {
+                return $this->errorRedirectToMain(sprintf(_('You do not have permissions to delete the folder: %s'), $oF->getName()));             
+            } else{
                 $aFolders[] = $oF;
             }
         }
         foreach ($aDocumentSelection as $id) {
             $oD = Document::get($id);
-            if (!Permission::userHasDocumentWritePermission($oD)) {
-                return $this->errorRedirectToMain(sprintf(_('You do not have permissions to delete the documen: %s'), $oD->getName()));             
-            }
+            
             if (PEAR::isError($oD) || ($oD == false)) {
                 return $this->errorRedirectToMain(_('Invalid Document selected.'));
+            } else if (!KTPermissionUtil::userHasPermissionOnItem($this->oUser, $oPerm, $oD)) {
+                return $this->errorRedirectToMain(sprintf(_('You do not have permissions to delete the document: %s'), $oD->getName()));             
             } else {
                 $aDocuments[] = $oD;
             }
@@ -203,8 +203,7 @@ class KTFolderUtil {
     function delete($oStartFolder, $oUser, $sReason, $aOptions = null) {
         require_once(KT_LIB_DIR . '/unitmanagement/Unit.inc');
-        // FIXME: we need to work out if "write" is the right perm.
-        $oPerm = KTPermission::getByName('ktcore.permissions.write');
+        $oPerm = KTPermission::getByName('ktcore.permissions.delete');
         $bIgnorePermissions = KTUtil::arrayGet($aOptions, 'ignore_permissions');
@@ -270,7 +269,7 @@ class KTFolderUtil {
         // now we can go ahead.
         foreach ($aDocuments as $oDocument) {
-            $res = KTDocumentUtil::delete($oDocument, $sReason, 1); // id of destination folder = ROOT
+            $res = KTDocumentUtil::delete($oDocument, $sReason);
             if (PEAR::isError($res)) {
                 DBUtil::rollback();
                 return PEAR::raiseError(_('Delete Aborted. Unexpected failure to delete document: ') . $oDocument->getName() . $res->getMessage());
@@ -359,7 +359,7 @@ class KTDocumentEditAction extends KTDocumentAction {
 class KTDocumentDeleteAction extends KTDocumentAction {
     var $sName = 'ktcore.actions.document.delete';
-    var $_sShowPermission = "ktcore.permissions.write";
+    var $_sShowPermission = "ktcore.permissions.delete";
     function getDisplayName() {
         return _('Delete');