Peter M. Groen / knowledgetree

Commit f6d9b805a12d3ba19b8a4493b920bdb4ad279661

Authored by nbm
1 parent 09e5fb43

Make permissions take effect in default browse listing. 


git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@4249 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 1 changed file with 72 additions and 38 deletions
lib/browse/PartialQuery.inc.php
  View file @f6d9b80
... ... @@ -51,41 +51,88 @@ class PartialQuery {
51 51 class BrowseQuery extends PartialQuery{
52 52 // FIXME cache permission lookups, etc.
53 53 var $folder_id = -1;
  54 + var $sPermissionName = "ktcore.permissions.read";
54 55  
55 56 function BrowseQuery($iFolderId) { $this->folder_id = $iFolderId; }
56 57  
  58 + function _getDocumentQuery($aOptions = null) {
  59 + $oUser = User::get($_SESSION['userID']);
  60 + list($sPermissionString, $aPermissionParams, $sPermissionJoin) = KTSearchUtil::permissionToSQL($oUser, $this->sPermissionName);
  61 +
  62 + $aPotentialWhere = array($sPermissionString, 'D.folder_id = ?', 'D.status_id = 1');
  63 + $aWhere = array();
  64 + foreach ($aPotentialWhere as $sWhere) {
  65 + if (empty($sWhere)) {
  66 + continue;
  67 + }
  68 + if ($sWhere == "()") {
  69 + continue;
  70 + }
  71 + $aWhere[] = $sWhere;
  72 + }
  73 + $sWhere = "";
  74 + if ($aWhere) {
  75 + $sWhere = "\tWHERE " . join(" AND ", $aWhere);
  76 + }
  77 +
  78 + $sSelect = KTUtil::arrayGet($aOptions, 'select', 'D.id');
  79 +
  80 + $sQuery = "SELECT $sSelect FROM " . KTUtil::getTableName("documents") . " AS D $sPermissionJoin $sWhere ";
  81 + $aParams = array();
  82 + $aParams = array_merge($aParams, $aPermissionParams);
  83 + $aParams[] = $this->folder_id;
  84 + return array($sQuery, $aParams);
  85 + }
  86 +
  87 + function _getFolderQuery($aOptions = null) {
  88 + $oUser = User::get($_SESSION['userID']);
  89 + list($sPermissionString, $aPermissionParams, $sPermissionJoin) = KTSearchUtil::permissionToSQL($oUser, $this->sPermissionName, "F");
  90 +
  91 + $aPotentialWhere = array($sPermissionString, 'F.parent_id = ?');
  92 + $aWhere = array();
  93 + foreach ($aPotentialWhere as $sWhere) {
  94 + if (empty($sWhere)) {
  95 + continue;
  96 + }
  97 + if ($sWhere == "()") {
  98 + continue;
  99 + }
  100 + $aWhere[] = $sWhere;
  101 + }
  102 + $sWhere = "";
  103 + if ($aWhere) {
  104 + $sWhere = "\tWHERE " . join(" AND ", $aWhere);
  105 + }
  106 +
  107 + $sSelect = KTUtil::arrayGet($aOptions, 'select', 'F.id');
  108 +
  109 + $sQuery = "SELECT $sSelect FROM " . KTUtil::getTableName("folders") . " AS F $sPermissionJoin $sWhere ";
  110 + $aParams = array();
  111 + $aParams = array_merge($aParams, $aPermissionParams);
  112 + $aParams[] = $this->folder_id;
  113 + return array($sQuery, $aParams);
  114 + }
57 115  
58 116 function getFolderCount() {
59   - // FIXME add permission checks here
60   - $sQuery = "SELECT count(id) AS c FROM " . KTUtil::getTableName("folders") . " WHERE parent_id = ? ";
61   - $aParams = array($this->folder_id);
62   -
63   - return DBUtil::getOneResultKey(array($sQuery, $aParams), 'c');
  117 + $aOptions = array(
  118 + 'select' => 'count(F.id) AS cnt',
  119 + );
  120 + $aQuery = $this->_getFolderQuery($aOptions);
  121 + $iRet = DBUtil::getOneResultKey($aQuery, 'cnt');
  122 + return $iRet;
64 123 }
65 124  
66 125 function getDocumentCount() {
67   - // FIXME add permission checks here
68   - $sQuery = "SELECT count(id) AS c FROM " . KTUtil::getTableName("documents") . " AS D WHERE D.folder_id = ? AND D.status_id = 1 ";
69   - $aParams = array($this->folder_id);
70   -
71   - return DBUtil::getOneResultKey(array($sQuery, $aParams), 'c'); // FIXME is this right?
  126 + $aOptions = array(
  127 + 'select' => 'count(D.id) AS cnt',
  128 + );
  129 + $aQuery = $this->_getDocumentQuery($aOptions);
  130 + $iRet = DBUtil::getOneResultKey($aQuery, 'cnt');
  131 + return $iRet;
72 132 }
73 133  
74 134 function getFolders($iBatchSize, $iBatchStart, $sSortColumn, $sSortOrder, $sJoinClause = null, $aJoinParams = null) {
75   - // FIXME add permission checks here
76   - $aParams = array();
77   - $aJoinParams = array($aJoinParams);
78   -
79   - $sQuery = "SELECT id FROM " . KTUtil::getTableName("folders") . " AS F WHERE parent_id = ? ";
80   - $aParams[] = $this->folder_id;
81   -
82   - if ($sJoinClause !== null) {
83   - $sQuery .= $sJoinClause;
84   - foreach ($aJoinParams as $param) {
85   - $aParams[] = $param;
86   - } // FIXME use merge...
87   - }
88   -
  135 + list($sQuery, $aParams) = $this->_getFolderQuery();
89 136 $sQuery .= " ORDER BY " . $sSortColumn . " " . $sSortOrder . " ";
90 137  
91 138 $sQuery .= " LIMIT ?, ?";
... ... @@ -100,20 +147,7 @@ class BrowseQuery extends PartialQuery{
100 147 }
101 148  
102 149 function getDocuments($iBatchSize, $iBatchStart, $sSortColumn, $sSortOrder, $sJoinClause = null, $aJoinParams = null) {
103   - // FIXME add permission checks here
104   - $aParams = array(); // main parameter array.
105   - $aJoinParams = array($aJoinParams);
106   -
107   - $sQuery = "SELECT id FROM " . KTUtil::getTableName("documents") . " AS D WHERE D.folder_id = ? AND D.status_id = 1 ";
108   - $aParams = array($this->folder_id);
109   -
110   - if ($sJoinClause !== null) {
111   - $sQuery .= $sJoinClause;
112   - foreach ($aJoinParams as $param) {
113   - $aParams[] = $param;
114   - } // FIXME use merge...
115   - }
116   -
  150 + list($sQuery, $aParams) = $this->_getDocumentQuery();
117 151 $sQuery .= " ORDER BY " . $sSortColumn . " " . $sSortOrder . " ";
118 152  
119 153 $sQuery .= " LIMIT ?, ?";
... ...