Peter M. Groen / knowledgetree

Commit fb3e80c1c607493f07ac93a2bbc83a8c1c79de86

Authored by kevin_fourie
1 parent a0997f0d

Merged in from STABLE trunk... 

KTS-3548
"My Drop Documents plugin references commercial plugin function."
Fixed. Corrected function call.

Committed By: Kevin Fourie
Reviewed By: Conrad Vermeulen


git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/STABLE/branches/3.5.3-Release-Branch@8948 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 1 changed file with 718 additions and 718 deletions
plugins/MyDropDocumentsPlugin/MyDropDocumentsPage.php
  View file @fb3e80c
1   -<?php
2   -/**
3   - * $Id: $
4   - *
5   - * KnowledgeTree Community Edition
6   - * Document Management Made Simple
7   - * Copyright (C) 2008 KnowledgeTree Inc.
8   - * Portions copyright The Jam Warehouse Software (Pty) Limited
9   - *
10   - * This program is free software; you can redistribute it and/or modify it under
11   - * the terms of the GNU General Public License version 3 as published by the
12   - * Free Software Foundation.
13   - *
14   - * This program is distributed in the hope that it will be useful, but WITHOUT
15   - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
16   - * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
17   - * details.
18   - *
19   - * You should have received a copy of the GNU General Public License
20   - * along with this program. If not, see <http://www.gnu.org/licenses/>.
21   - *
22   - * You can contact KnowledgeTree Inc., PO Box 7775 #87847, San Francisco,
23   - * California 94120-7775, or email info@knowledgetree.com.
24   - *
25   - * The interactive user interfaces in modified source and object code versions
26   - * of this program must display Appropriate Legal Notices, as required under
27   - * Section 5 of the GNU General Public License version 3.
28   - *
29   - * In accordance with Section 7(b) of the GNU General Public License version 3,
30   - * these Appropriate Legal Notices must retain the display of the "Powered by
31   - * KnowledgeTree" logo and retain the original copyright notice. If the display of the
32   - * logo is not reasonably feasible for technical reasons, the Appropriate Legal Notices
33   - * must display the words "Powered by KnowledgeTree" and retain the original
34   - * copyright notice.
35   - * Contributor( s): ______________________________________
36   - *
37   - */
38   -
39   -require_once("config/dmsDefaults.php");
40   -require_once(KT_DIR . "/ktapi/ktapi.inc.php");
41   -require_once(KT_LIB_DIR . "/plugins/plugin.inc.php");
42   -require_once(KT_LIB_DIR . "/plugins/pluginregistry.inc.php");
43   -require_once(KT_LIB_DIR . "/dashboard/dashlet.inc.php");
44   -require_once(KT_DIR . "/plugins/ktcore/KTFolderActions.php");
45   -require_once(KT_DIR . "/ktapi/KTAPIFolder.inc.php");
46   -require_once(KT_LIB_DIR . "/roles/Role.inc");
47   -require_once(KT_LIB_DIR . "/roles/roleallocation.inc.php");
48   -require_once(KT_LIB_DIR . "/permissions/permissionutil.inc.php");
49   -require_once(KT_LIB_DIR . '/mime.inc.php');
50   -/* This page is run via an AJAX call from the update.js for this plugin.
51   - * It checks to see if both the dropdocuments folder and the users personal folder exist.
52   - * If they don't, it creates them and assigns permission and roles accordingly.
53   - * If the dropdocuments folder does exist it checks if the WorkSpaceOwner role exists.
54   - * If the role exists it assigns the current user to the role on the dropdocuments folder.
55   - * Therefore any users running the plugin after the dropdocuments folder has been created will have access to it too.
56   - * The underlying logic is that everyone is assigned to the WorkSpaceOwner Role, they have all permission except
57   - * Delete, Rename Folder, Manage security and Manage workflow on the dropdocuments folder.
58   - * This role is then assigned to their personal folder too (which is named according to their username) and is overidden
59   - * to give only the current user full rights to their folder.
60   - * Essentially everyone can look at the dropdocuments folder but will only see their own folder within it.
61   - */
62   -
63   -class MyDropDocumentsPage extends KTStandardDispatcher {
64   -
65   - function do_main() {
66   -
67   - $iRootID = (int)1;
68   - $oUser = $this->oUser;
69   - $sUserName = (string)$this->oUser->getUserName();
70   - $this->ktapi = new KTAPI();
71   - $this->session = $this->ktapi->start_system_session();
72   -
73   - if(!Folder::FolderExistsName('DroppedDocuments', $iRootID))
74   - {
75   -
76   - $root=$this->ktapi->get_root_folder();
77   -
78   - //Create dropdocuments folder
79   - $userFolder = $root->add_folder('DroppedDocuments');
80   -
81   - //In order to stop permission inheritance a copy of the parent permission object is created.
82   - //This copy is then used to set separate permissions for this folder.
83   - KTPermissionUtil::copyPermissionObject($userFolder->get_folder());
84   -
85   - //If WorkSpaceOwner role doesn't exist, create it
86   - if(!$this->roleExistsName('WorkSpaceOwner'))
87   - {
88   - $oWorkSpaceOwnerRole = $this->createRole('WorkSpaceOwner');
89   - if ($oWorkSpaceOwnerRole == null)
90   - {
91   - $this->session->logout();
92   - return _kt('Error: Failed to create WorkSpaceOwner Role');
93   - }
94   - }
95   -
96   - //$root=$this->ktapi->get_root_folder();
97   - //$personalFolder = $root->get_folder_by_name('/dropdocuments/'.$sUserName);
98   -
99   - //Get the folder object
100   - $userFolderObject = $userFolder->get_folder();
101   -
102   - //Get the permission object from the dropdocuments folder object
103   - $oUserPO = KTPermissionObject::get($userFolderObject->getPermissionObjectId());
104   -
105   - //Check to see if there are duplicate WorkSpaceOwner roles.
106   - if (count($this->getRoleIdByName('WorkSpaceOwner')) > 1)
107   - {
108   - $this->session->logout();
109   - return _kt('Error: cannot set user role permissions: more than one role named \'WorkSpaceOwner\' exists');
110   -
111   - }
112   -
113   - //call the function to set the permission on the dropdocuments folder
114   - $this->setUserDocsPermissions($oUserPO);
115   -
116   - //Assign the current user to the WorkSpaceOwner role
117   - $this->setUserDocsRoleAllocation($userFolderObject);
118   -
119   - }
120   - else
121   - {
122   -
123   - $root = $this->ktapi->get_root_folder();
124   - $userFolder = $root->get_folder_by_name('/DroppedDocuments');
125   -
126   - //Get the dropdocuments folder object
127   - $userFolderObject = $userFolder->get_folder();
128   -
129   - if(!$this->roleExistsName('WorkSpaceOwner'))
130   - {
131   -
132   - $oWorkSpaceOwnerRole = $this->createRole('WorkSpaceOwner');
133   - if ($oWorkSpaceOwnerRole == null)
134   - {
135   - $this->session->logout();
136   - return _kt('Error: Failed to create WorkSpaceOwner Role');
137   - }
138   -
139   - //set permissions
140   - $oUserPO = KTPermissionObject::get($userFolderObject->getPermissionObjectId());
141   - $this->setUserDocsPermissions($oUserPO);
142   - //assign current user to role
143   - $this->setUserDocsRoleAllocation($userFolderObject);
144   - }
145   - else
146   - {
147   -
148   - //update WrokSpaceOwner role to include current user
149   - $this->updateUserDocsRoleAllocation($userFolderObject);
150   - }
151   -
152   - }
153   -
154   - $iUserDocsFolderID = $this->getFolderID('DroppedDocuments');
155   - $oUserDocsFolder = Folder::get($iUserDocsFolderID);
156   -
157   - if(!Folder::FolderExistsName($sUserName, $iUserDocsFolderID))
158   - {
159   -
160   -
161   - $root=$this->ktapi->get_root_folder();
162   - $userDocsFolder = $root->get_folder_by_name('/DroppedDocuments');
163   -
164   - //create the personal folder. (Use the username to create it)
165   - $personalFolder = $userDocsFolder->add_folder($sUserName);
166   -
167   - //Copy the permission object to stop permission inheritance
168   - KTPermissionUtil::copyPermissionObject($personalFolder->get_folder());
169   -
170   - //The role should exist by now.
171   - //In both the if and else statements for the dropdocuments above the role is created
172   - //If its doesn't exist by now there is an error
173   - if(!$this->roleExistsName('WorkSpaceOwner'))
174   - {
175   -
176   - $this->session->logout();
177   - return _kt('Error: WorkSpaceOwner Role not setup, cannot assign to Personal Folder');
178   -
179   - }
180   -
181   - $personalFolderRole = $root->get_folder_by_name('/DroppedDocuments/'.$sUserName);
182   - $PersonalFolderObject = ($personalFolderRole->get_folder());
183   -
184   - //Get permission object
185   - $oPO = KTPermissionObject::get($PersonalFolderObject->getPermissionObjectId());
186   -
187   - //Check for duplicate WorkSpaceOwner roles
188   - if (count($this->getRoleIdByName('WorkSpaceOwner')) > 1)
189   - {
190   - $this->session->logout();
191   - return _kt('Error: cannot set personal folder role permissions: more than one role named \'WorkSpaceOwner\' exists');
192   -
193   - }
194   -
195   - $this->setPersonalFolderPermissions($oPO);
196   -
197   - $this->updatePersonalFolderRoleAllocation($PersonalFolderObject);
198   -
199   -
200   - //folder just created so no top list of last modified documents
201   -
202   - $iMyDocsFolderID = $this->getFolderID($sUserName);
203   - $this->session->logout();
204   - return _kt('<span class="descriptiveText"> You do not have any dropped documents </span><br><br><br>');
205   -
206   -
207   - }
208   -
209   - else //if personal folder does exist
210   - {
211   - //Getting personal folder id
212   - $iMyDocsFolderID = $this->getFolderID($sUserName);
213   -
214   -
215   - if(!$this->roleExistsName('WorkSpaceOwner'))
216   - {
217   - $this->session->logout();
218   - return _kt('Error: WorkSpaceOwner Role does not exist');
219   - }
220   - else
221   - {
222   -
223   - $oTempPersonalFolder = $root->get_folder_by_name('/DroppedDocuments/'.$sUserName);
224   - $oPersonalFolder = $oTempPersonalFolder->get_folder();
225   - //update WorkSpaceOwner role to include current user
226   -
227   - //Get permission object
228   - $oPO = KTPermissionObject::get($oPersonalFolder->getPermissionObjectId());
229   -
230   - $this->setPersonalFolderPermissions($oPO);
231   -
232   - $this->updatePersonalFolderRoleAllocation($oPersonalFolder);
233   -
234   - }
235   -
236   -
237   -
238   - $aExternalWhereClauses[] = '(DT.transaction_namespace IN (?,?,?) AND (D.parent_folder_ids LIKE "%,'.$iMyDocsFolderID.',%" OR D.parent_folder_ids LIKE "%,'.$iMyDocsFolderID.'"))';
239   - $aExternalWhereParams[] = 'ktcore.transactions.create';
240   - $aExternalWhereParams[] = 'ktcore.transactions.check_in';
241   - $aExternalWhereParams[] = 'ktcore.transactions.event';
242   -
243   -
244   - $aDocumentTransactions = KTSimpleTransactionUtil::getTransactionsMatchingQuery($oUser, '', $aExternalWhereClauses, $aExternalWhereParams);
245   - if (empty($aDocumentTransactions))
246   - {
247   - $this->session->logout();
248   - return _kt('<span class="descriptiveText"> You do not have any dropped documents </span><br><br><br>');
249   - }
250   -
251   - $maxcount = 5;
252   - $aDocumentTransactions = array_slice($aDocumentTransactions, 0, $maxcount);
253   -
254   - $sReturnTable = '<span class="descriptiveText">'._kt('Recently Dropped Documents').'</span>
255   - <table width="100%" class="kt_collection drop_box" cellspacing="0">
256   -
257   - <thead>
258   - <tr>
259   - <th width="100%">'._kt('Document').'</th>
260   - <th width="1%">'._kt('Date Dropped').'</th>
261   - </tr>
262   - </thead>
263   - <tbody>';
264   -
265   - $sOddorEven = '';
266   - $count = 1;
267   - foreach ($aDocumentTransactions as $aRow)
268   - {
269   - $oDocument = Document::get($aRow[document_id]);
270   - $aParentFolders = explode('/',$oDocument->getFullPath());
271   - $sPath = '';
272   -
273   - for($i = 0; $i < count($aParentFolders); $i++)
274   - {
275   - if ($i > 2)
276   - {
277   - $sPath .= '/'.$aParentFolders[$i];
278   - }
279   - }
280   -
281   - $sContentType = KTMime::getIconPath($oDocument->getMimeTypeID());
282   - $aAnchorData = $this->getDocInfo($aRow[document_id]);
283   - $sLink = $aAnchorData[0];
284   - $sDocName = $aAnchorData[1];
285   - $sShortDocName = $sDocName;
286   - if(strlen($sPath) > 0)
287   - {
288   - $sDocName = $sPath.'/'.$sDocName;
289   - }
290   -
291   - $sFullDocName = $sDocName;
292   - $iDocLength = strlen($sDocName);
293   - if ( $iDocLength > 30 )
294   - {
295   - $sDocName = substr($sDocName, ($iDocLength - 30), $iDocLength);
296   - $sDocName = '...'.$sDocName;
297   - }
298   -
299   - if($count%2 == 0)
300   - {
301   - $sOddorEven = 'even';
302   - }
303   - else
304   - {
305   - $sOddorEven = 'odd';
306   - }
307   -
308   - $sReturnTable .= '<tr class="'.$sOddorEven.'">'.
309   - '<td width="100%"><span class="contenttype '.$sContentType.'"><a title="'.$sShortDocName.'" href='.$sLink.'>'.$sDocName.'</a></span></td>'.
310   - '<td width="1%">'.$aRow[datetime].'</td>'.
311   - '</tr>';
312   - $count ++;
313   - }
314   -
315   - $location = 'browse.php?fFolderId='.$iMyDocsFolderID;
316   - $sReturnTable .= '</tbody>'.
317   - '</table>'.
318   - '<br>'.
319   - '<a href="'.$location.'">'._kt(' View All').' </a><br><br>';
320   - $this->session->logout();
321   -
322   - return $sReturnTable;
323   -
324   - }
325   - }
326   -
327   - function handleOutput($sOutput) {
328   - print $sOutput;
329   - }
330   -
331   - //This function is used to set the permission on the dropdocuments folder
332   - function setUserDocsPermissions($oUserPO)
333   - {
334   - //arrays returned from get Role ID's
335   - $aWorkSpaceOwnerRoleID = $this->getRoleIdByName('WorkSpaceOwner');
336   - $aAdminGroupID = $this->getGroupIdByName('System Administrators');
337   -
338   - //arrays used to make integers for $aAllowed array variable
339   - $iWorkSpaceOwnerRoleID = $aWorkSpaceOwnerRoleID[0]['id'];
340   - $iAdminGroupID = $aAdminGroupID[0]['id'];
341   - //$aBothAllowed is used to give permissions to the admin group and the WorkSpaceOwner role
342   - $aBothAllowed = array('group' => array($iAdminGroupID), 'role' => array($iWorkSpaceOwnerRoleID));
343   -
344   - //$aAdminAllowed is used to give permissions to the admin group only
345   - $aAdminAllowed = array('group' => array($iAdminGroupID));
346   -
347   - //Get the list of permissions
348   - $aPermissions = KTPermission::getList();
349   -
350   - foreach ($aPermissions as $oPermission)
351   - {
352   - //If the permission is not one of the below then both are allowed the permission
353   - //Otherwise only the admin group is allowed the permission
354   - if($oPermission->getHumanName() != 'Delete' && $oPermission->getHumanName() != 'Rename Folder'
355   - && $oPermission->getHumanName() != 'Manage security' && $oPermission->getHumanName() != 'Manage workflow')
356   - {
357   - KTPermissionUtil::setPermissionForId($oPermission, $oUserPO, $aBothAllowed);
358   - }
359   - else
360   - {
361   - KTPermissionUtil::setPermissionForId($oPermission, $oUserPO, $aAdminAllowed);
362   - }
363   - }
364   -
365   - //UPdate the permission lookup
366   - KTPermissionUtil::updatePermissionLookupForPO($oUserPO);
367   - }
368   -
369   - //This function is used for allocating the user to the WorkSpaceOwner role only when the dropdocuments folder
370   - //has just been created.
371   - function setUserDocsRoleAllocation($oUserFolderObject)
372   - {
373   - $userFolderID = $oUserFolderObject->getId();
374   -
375   - $tempWorkSpaceOwnerRoleID = $this->getRoleIdByName('WorkSpaceOwner');
376   - $WorkSpaceOwnerRoleID = $tempWorkSpaceOwnerRoleID[0]['id'];
377   -
378   - //create a new role allocation
379   - $oDropdocumentsRoleAllocation = new RoleAllocation();
380   - if ($oDropdocumentsRoleAllocation == null)
381   - {
382   - $this->session->logout();
383   - return _kt('Error: cannot create WorkSpaceOwner role allocation');
384   - }
385   -
386   - //set the folder and role for the allocation
387   - $oDropdocumentsRoleAllocation->setFolderId($userFolderID);
388   - $oDropdocumentsRoleAllocation->setRoleId($WorkSpaceOwnerRoleID);
389   -
390   - $aWorkSpaceOwnerRoleAllowed = array();
391   - $oDropdocumentsRoleAllocation->setAllowed($aWorkSpaceOwnerRoleAllowed);
392   - //It might be a problem that i'm not doing a "start transaction" here.
393   - //Unable to roll back in event of db failure
394   - $res = $oDropdocumentsRoleAllocation->create();
395   -
396   - //The role is created and then updated by adding the current user to the allowed list
397   -
398   - $oPD = $oDropdocumentsRoleAllocation->getPermissionDescriptor();
399   - $aWorkSpaceOwnerRoleAssignAllowed = $oPD->getAllowed();
400   - $aUserId[] = $this->oUser->getId();
401   - $aWorkSpaceOwnerRoleAssignAllowed['user'] = $aUserId;
402   - $oDropdocumentsRoleAllocation->setAllowed($aWorkSpaceOwnerRoleAssignAllowed);
403   - $res = $oDropdocumentsRoleAllocation->update();
404   -
405   - //Update all info linked to the role
406   - $this->renegeratePermissionsForRole($oDropdocumentsRoleAllocation->getRoleId(), $userFolderID);
407   - }
408   -
409   - //This function is used to allocate the current user to the WorkSpaceOwner role after the Dropdocuments folder
410   - //has already been created.
411   - function updateUserDocsRoleAllocation($oUserFolder)
412   - {
413   - $userFolderID = $oUserFolder->getId();
414   - $tempWorkSpaceOwnerRoleID = $this->getRoleIdByName('WorkSpaceOwner');//$oUserRole->getId();
415   - $WorkSpaceOwnerRoleID = $tempWorkSpaceOwnerRoleID[0]['id'];
416   -
417   - //Get the role allocation object for the Dropdocuments folder and the WorkSpaceOwner role
418   - $oDropdocumentsRoleAllocation = $oRoleAllocation = RoleAllocation::getAllocationsForFolderAndRole($userFolderID, $WorkSpaceOwnerRoleID);
419   -
420   - //check that the object is not null
421   - if ($oDropdocumentsRoleAllocation == null)
422   - {
423   - $this->session->logout();
424   - return _kt('Error: cannot find WorkSpaceOwner role allocation');
425   - }
426   -
427   - $oPD = $oDropdocumentsRoleAllocation->getPermissionDescriptor();
428   - $aWorkSpaceOwnerRoleAssignAllowed = $oPD->getAllowed();
429   -
430   - //If the user ID is not in the allowed list already then add it to the list.
431   - if(!in_array($this->oUser->getId(), $aWorkSpaceOwnerRoleAssignAllowed['user']))
432   - {
433   - $aNewAllowed = array();
434   - $aNewAllowed = $aWorkSpaceOwnerRoleAssignAllowed['user'];
435   - $aNewAllowed[] = $this->oUser->getId();
436   - $aWorkSpaceOwnerRoleAssignAllowed['user'] = $aNewAllowed;
437   - $oDropdocumentsRoleAllocation->setAllowed($aWorkSpaceOwnerRoleAssignAllowed);
438   - $res = $oDropdocumentsRoleAllocation->update();
439   - $this->renegeratePermissionsForRole($oDropdocumentsRoleAllocation->getRoleId(), $userFolderID);
440   - }
441   - }
442   -
443   - function setPersonalFolderPermissions($oPO)
444   - {
445   - $aWorkSpaceOwnerRoleID = $this->getRoleIdByName('WorkSpaceOwner');
446   - $aAdminGroupID = $this->getGroupIdByName('System Administrators');
447   -
448   - //arrays used to make integers for $aAllowed array variable
449   - $iWorkSpaceOwnerRoleID = $aWorkSpaceOwnerRoleID[0]['id'];
450   - $iAdminGroupID = $aAdminGroupID[0]['id'];
451   -
452   - //set permissions for the role and the admin group
453   - $aAllowed = array('role' => array($iWorkSpaceOwnerRoleID), 'group' => array($iAdminGroupID));
454   -
455   - //Get the List of all the permissions
456   - $aPersonalFolderPermissions = KTPermission::getList();
457   -
458   - //Iterate through and apply all permissions to the current user and the admin group
459   - foreach ($aPersonalFolderPermissions as $oPersonalFolderPermission)
460   - {
461   - KTPermissionUtil::setPermissionForId($oPersonalFolderPermission, $oPO, $aAllowed);
462   -
463   - }
464   -
465   - //Update permission lookup
466   - KTPermissionUtil::updatePermissionLookupForPO($oPO);
467   - }
468   -
469   - function updatePersonalFolderRoleAllocation($oPersonalFolder)
470   - {
471   - //Assign user to the WorkSpaceOwner role
472   - $personalFolderID = $oPersonalFolder->getId();
473   - $tempWorkSpaceOwnerRoleID = $this->getRoleIdByName('WorkSpaceOwner');
474   - $WorkSpaceOwnerRoleID = $tempWorkSpaceOwnerRoleID[0]['id'];
475   -
476   - $oRoleAllocation = new RoleAllocation();
477   - if ($oRoleAllocation == null)
478   - {
479   - $this->session->logout();
480   - return _kt('Error: Cannot create WorkSpaceOwner role allocation on personal folder');
481   - }
482   - $oRoleAllocation->setFolderId($personalFolderID);
483   - $oRoleAllocation->setRoleId($WorkSpaceOwnerRoleID);
484   -
485   - $aRoleAllowed = array();
486   - $oRoleAllocation->setAllowed($aRoleAllowed);
487   -
488   - //It might be a problem that i'm not doing a "start transaction" here.
489   - //Unable to roll back in event of db failure
490   - $res = $oRoleAllocation->create();
491   -
492   - //The role is first created and then the current user is allocated to the role below
493   -
494   - $oPD = $oRoleAllocation->getPermissionDescriptor();
495   - $aRoleAssignAllowed = $oPD->getAllowed();
496   - $aUserId[] = $this->oUser->getId();
497   - $aRoleAssignAllowed['user'] = $aUserId;
498   - $oRoleAllocation->setAllowed($aRoleAssignAllowed);
499   - $res = $oRoleAllocation->update();
500   - $this->renegeratePermissionsForRole($oRoleAllocation->getRoleId(), $personalFolderID);
501   - }
502   -
503   - //FIXME: Direct Database access
504   - function getFolderID($sFolderName) {
505   - $sQuery = 'SELECT id FROM folders WHERE name = \''.$sFolderName.'\'';
506   -
507   - $id = DBUtil::getResultArray($sQuery);
508   - return $id[0]['id'];
509   - }
510   -
511   - //this function returns the document link and document name to be displayed on the dashlet
512   - function getDocInfo($iDocId) {
513   - $oDocument = Document::get($iDocId);
514   -
515   - if (PEAR::isError($oDocument)) {
516   - return _kt('Document no longer exists.');
517   - }
518   -
519   - $sName = htmlentities($oDocument->getName(), ENT_NOQUOTES, 'UTF-8');
520   - $sLink = KTBrowseUtil::getUrlForDocument($oDocument);
521   -
522   - $aAnchorData = array();
523   - $aAnchorData[] = $sLink;
524   - $aAnchorData[] = $sName;
525   - return $aAnchorData;
526   - }
527   -
528   - //This function is used to create the role, role allocation is done separately
529   - function createRole ($sName)
530   - {
531   - $this->startTransaction();
532   - $oRole = Role::createFromArray(array('name' => $sName));
533   -
534   - if (PEAR::isError($oRole) || ($oRole == false))
535   - {
536   - if ($this->bTransactionStarted)
537   - {
538   - $this->rollbackTransaction();
539   - }
540   - //return null on failure
541   - return null;
542   - }
543   - else
544   - {
545   - return $oRole;
546   -
547   - }
548   - }
549   -
550   - //FIXME: Direct Database access
551   - function roleExistsName ($sName)
552   - {
553   - $sQuery = "SELECT id FROM roles WHERE name = ?";
554   - $aParams = array($sName);
555   - $res = DBUtil::getResultArray(array($sQuery, $aParams));
556   -
557   - if (count($res) != 0)
558   - {
559   - return true;
560   - }
561   - return false;
562   - }
563   -
564   - //FIXME: Direct Database access
565   - function groupExistsName ($sName)
566   - {
567   - $sQuery = "SELECT id FROM groups_lookup WHERE name = ?";
568   - $aParams = array($sName);
569   - $res = DBUtil::getResultArray(array($sQuery, $aParams));
570   -
571   - if (count($res) != 0)
572   - {
573   - return true;
574   - }
575   - return false;
576   - }
577   -
578   - //FIXME: Direct Database access
579   - function getRoleIdByName($sName)
580   - {
581   - $sQuery = "SELECT id FROM roles WHERE name = ?";
582   - $aParams = array($sName);
583   - $res = DBUtil::getResultArray(array($sQuery, $aParams));
584   - return $res;
585   - }
586   -
587   - //FIXME: Direct Database access
588   - function getGroupIdByName ($sName)
589   - {
590   - $sQuery = "SELECT id FROM groups_lookup WHERE name = ?";
591   - $aParams = array($sName);
592   - $res = DBUtil::getResultArray(array($sQuery, $aParams));
593   - return $res;
594   - }
595   -
596   - //function taken from KTPermission.php and edited to work here
597   - function renegeratePermissionsForRole($iRoleId, $iFolderId) {
598   - $iStartFolderId = $iFolderId;
599   - /*
600   - * 1. find all folders & documents "below" this one which use the role
601   - * definition _active_ (not necessarily present) at this point.
602   - * 2. tell permissionutil to regen their permissions.
603   - *
604   - * The find algorithm is:
605   - *
606   - * folder_queue <- (iStartFolderId)
607   - * while folder_queue is not empty:
608   - * active_folder =
609   - * for each folder in the active_folder:
610   - * find folders in _this_ folder without a role-allocation on the iRoleId
611   - * add them to the folder_queue
612   - * update the folder's permissions.
613   - * find documents in this folder:
614   - * update their permissions.
615   - */
616   -
617   - $sRoleAllocTable = KTUtil::getTableName('role_allocations');
618   - $sFolderTable = KTUtil::getTableName('folders');
619   - $sQuery = sprintf('SELECT f.id as id FROM %s AS f LEFT JOIN %s AS ra ON (f.id = ra.folder_id) WHERE ra.id IS NULL AND f.parent_id = ?', $sFolderTable, $sRoleAllocTable);
620   -
621   -
622   - $folder_queue = array($iStartFolderId);
623   - while (!empty($folder_queue)) {
624   - $active_folder = array_pop($folder_queue);
625   -
626   - $aParams = array($active_folder);
627   -
628   - $aNewFolders = DBUtil::getResultArrayKey(array($sQuery, $aParams), 'id');
629   - if (PEAR::isError($aNewFolders)) {
630   - //$this->errorRedirectToMain(_kt('Failure to generate folderlisting.'));
631   - echo _kt('Failure to generate folderlisting.');
632   - }
633   - $folder_queue = kt_array_merge ($folder_queue, (array) $aNewFolders); // push.
634   -
635   -
636   - // update the folder.
637   - $oFolder =& Folder::get($active_folder);
638   - if (PEAR::isError($oFolder) || ($oFolder == false)) {
639   - //$this->errorRedirectToMain(_kt('Unable to locate folder: ') . $active_folder);
640   - echo _kt('Unable to locate folder: ').$active_folder;
641   - }
642   -
643   - KTPermissionUtil::updatePermissionLookup($oFolder);
644   - $aDocList =& Document::getList(array('folder_id = ?', $active_folder));
645   - if (PEAR::isError($aDocList) || ($aDocList === false)) {
646   - //$this->errorRedirectToMain(sprintf(_kt('Unable to get documents in folder %s: %s'), $active_folder, $aDocList->getMessage()));
647   - echo _kt('Unable to get documents in folder ').$active_folder;
648   - }
649   -
650   - foreach ($aDocList as $oDoc) {
651   - if (!PEAR::isError($oDoc)) {
652   - KTPermissionUtil::updatePermissionLookup($oDoc);
653   - }
654   - }
655   - }
656   - }
657   -
658   - /*
659   - attempt to abstract the transaction-matching query.
660   -
661   - tables that are already defined (other than sec ones):
662   -
663   - - Documents (D)
664   - - Users (U)
665   - - TransactionTypes (DTT)
666   - - Document Transactions (DT)
667   -
668   - so where clausess can take advantage of those.
669   -
670   - */
671   - function getTransactionsMatchingQuery($oUser, $sJoinClause, $aExternalWhereClauses, $aExternalWhereParams, $aOptions = null) {
672   -
673   - $sSelectItems = 'DTT.name AS transaction_name, U.name AS user_name, DT.version AS version, DT.comment AS comment, DT.datetime AS datetime, D.id as document_id, DT.transaction_namespace as namespace';
674   - $sBaseJoin = "FROM " . KTUtil::getTableName("document_transactions") . " AS DT " .
675   - "INNER JOIN " . KTUtil::getTableName("users") . " AS U ON DT.user_id = U.id " .
676   - "INNER JOIN " . KTUtil::getTableName("transaction_types") . " AS DTT ON DTT.namespace = DT.transaction_namespace " .
677   - "INNER JOIN " . KTUtil::getTableName("documents") . " AS D ON D.id = DT.document_id ";
678   -
679   - // now we're almost at partialquery like status.
680   - $perm_res = KTSearchUtil::permissionToSQL($oUser, 'ktcore.permissions.read');
681   - if (PEAR::isError($perm_res)) {
682   - return $perm_res;
683   - }
684   - list($sPermissionString, $aPermissionParams, $sPermissionJoin) = $perm_res;
685   -
686   - // compile the final list
687   - $aFinalWhere = kt_array_merge(array($sPermissionString,'D.creator_id IS NOT NULL'), $aExternalWhereClauses, array('D.status_id = ?'));
688   - $aFinalWhereParams = kt_array_merge($aPermissionParams, $aExternalWhereParams, array(LIVE));
689   -
690   - if (!is_array($aOptions)) {
691   - $aOptions = (array) $aOptions;
692   - }
693   - $sOrderBy = KTUtil::arrayGet($aOptions, 'orderby', 'DT.datetime DESC');
694   -
695   - // compile these.
696   - // NBM: do we need to wrap these in ()?
697   - $sWhereClause = implode(' AND ', $aFinalWhere);
698   - if (!empty($sWhereClause)) {
699   - $sWhereClause = 'WHERE ' . $sWhereClause;
700   - }
701   -
702   - $sQuery = sprintf("SELECT %s %s %s %s %s ORDER BY %s",
703   - $sSelectItems,
704   - $sBaseJoin,
705   - $sPermissionJoin,
706   - $sJoinClause,
707   - $sWhereClause,
708   - $sOrderBy
709   - );
710   -
711   - //var_dump(array($sQuery, $aFinalWhereParams));
712   -
713   - $res = DBUtil::getResultArray(array($sQuery, $aFinalWhereParams));
714   - //var_dump($res); exit(0);
715   - return $res;
716   - }
717   -}
718   -?>
  1 +<?php
  2 +/**
  3 + * $Id: $
  4 + *
  5 + * KnowledgeTree Community Edition
  6 + * Document Management Made Simple
  7 + * Copyright (C) 2008 KnowledgeTree Inc.
  8 + * Portions copyright The Jam Warehouse Software (Pty) Limited
  9 + *
  10 + * This program is free software; you can redistribute it and/or modify it under
  11 + * the terms of the GNU General Public License version 3 as published by the
  12 + * Free Software Foundation.
  13 + *
  14 + * This program is distributed in the hope that it will be useful, but WITHOUT
  15 + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  16 + * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
  17 + * details.
  18 + *
  19 + * You should have received a copy of the GNU General Public License
  20 + * along with this program. If not, see <http://www.gnu.org/licenses/>.
  21 + *
  22 + * You can contact KnowledgeTree Inc., PO Box 7775 #87847, San Francisco,
  23 + * California 94120-7775, or email info@knowledgetree.com.
  24 + *
  25 + * The interactive user interfaces in modified source and object code versions
  26 + * of this program must display Appropriate Legal Notices, as required under
  27 + * Section 5 of the GNU General Public License version 3.
  28 + *
  29 + * In accordance with Section 7(b) of the GNU General Public License version 3,
  30 + * these Appropriate Legal Notices must retain the display of the "Powered by
  31 + * KnowledgeTree" logo and retain the original copyright notice. If the display of the
  32 + * logo is not reasonably feasible for technical reasons, the Appropriate Legal Notices
  33 + * must display the words "Powered by KnowledgeTree" and retain the original
  34 + * copyright notice.
  35 + * Contributor( s): ______________________________________
  36 + *
  37 + */
  38 +
  39 +require_once("config/dmsDefaults.php");
  40 +require_once(KT_DIR . "/ktapi/ktapi.inc.php");
  41 +require_once(KT_LIB_DIR . "/plugins/plugin.inc.php");
  42 +require_once(KT_LIB_DIR . "/plugins/pluginregistry.inc.php");
  43 +require_once(KT_LIB_DIR . "/dashboard/dashlet.inc.php");
  44 +require_once(KT_DIR . "/plugins/ktcore/KTFolderActions.php");
  45 +require_once(KT_DIR . "/ktapi/KTAPIFolder.inc.php");
  46 +require_once(KT_LIB_DIR . "/roles/Role.inc");
  47 +require_once(KT_LIB_DIR . "/roles/roleallocation.inc.php");
  48 +require_once(KT_LIB_DIR . "/permissions/permissionutil.inc.php");
  49 +require_once(KT_LIB_DIR . '/mime.inc.php');
  50 +/* This page is run via an AJAX call from the update.js for this plugin.
  51 + * It checks to see if both the dropdocuments folder and the users personal folder exist.
  52 + * If they don't, it creates them and assigns permission and roles accordingly.
  53 + * If the dropdocuments folder does exist it checks if the WorkSpaceOwner role exists.
  54 + * If the role exists it assigns the current user to the role on the dropdocuments folder.
  55 + * Therefore any users running the plugin after the dropdocuments folder has been created will have access to it too.
  56 + * The underlying logic is that everyone is assigned to the WorkSpaceOwner Role, they have all permission except
  57 + * Delete, Rename Folder, Manage security and Manage workflow on the dropdocuments folder.
  58 + * This role is then assigned to their personal folder too (which is named according to their username) and is overidden
  59 + * to give only the current user full rights to their folder.
  60 + * Essentially everyone can look at the dropdocuments folder but will only see their own folder within it.
  61 + */
  62 +
  63 +class MyDropDocumentsPage extends KTStandardDispatcher {
  64 +
  65 + function do_main() {
  66 +
  67 + $iRootID = (int)1;
  68 + $oUser = $this->oUser;
  69 + $sUserName = (string)$this->oUser->getUserName();
  70 + $this->ktapi = new KTAPI();
  71 + $this->session = $this->ktapi->start_system_session();
  72 +
  73 + if(!Folder::FolderExistsName('DroppedDocuments', $iRootID))
  74 + {
  75 +
  76 + $root=$this->ktapi->get_root_folder();
  77 +
  78 + //Create dropdocuments folder
  79 + $userFolder = $root->add_folder('DroppedDocuments');
  80 +
  81 + //In order to stop permission inheritance a copy of the parent permission object is created.
  82 + //This copy is then used to set separate permissions for this folder.
  83 + KTPermissionUtil::copyPermissionObject($userFolder->get_folder());
  84 +
  85 + //If WorkSpaceOwner role doesn't exist, create it
  86 + if(!$this->roleExistsName('WorkSpaceOwner'))
  87 + {
  88 + $oWorkSpaceOwnerRole = $this->createRole('WorkSpaceOwner');
  89 + if ($oWorkSpaceOwnerRole == null)
  90 + {
  91 + $this->session->logout();
  92 + return _kt('Error: Failed to create WorkSpaceOwner Role');
  93 + }
  94 + }
  95 +
  96 + //$root=$this->ktapi->get_root_folder();
  97 + //$personalFolder = $root->get_folder_by_name('/dropdocuments/'.$sUserName);
  98 +
  99 + //Get the folder object
  100 + $userFolderObject = $userFolder->get_folder();
  101 +
  102 + //Get the permission object from the dropdocuments folder object
  103 + $oUserPO = KTPermissionObject::get($userFolderObject->getPermissionObjectId());
  104 +
  105 + //Check to see if there are duplicate WorkSpaceOwner roles.
  106 + if (count($this->getRoleIdByName('WorkSpaceOwner')) > 1)
  107 + {
  108 + $this->session->logout();
  109 + return _kt('Error: cannot set user role permissions: more than one role named \'WorkSpaceOwner\' exists');
  110 +
  111 + }
  112 +
  113 + //call the function to set the permission on the dropdocuments folder
  114 + $this->setUserDocsPermissions($oUserPO);
  115 +
  116 + //Assign the current user to the WorkSpaceOwner role
  117 + $this->setUserDocsRoleAllocation($userFolderObject);
  118 +
  119 + }
  120 + else
  121 + {
  122 +
  123 + $root = $this->ktapi->get_root_folder();
  124 + $userFolder = $root->get_folder_by_name('/DroppedDocuments');
  125 +
  126 + //Get the dropdocuments folder object
  127 + $userFolderObject = $userFolder->get_folder();
  128 +
  129 + if(!$this->roleExistsName('WorkSpaceOwner'))
  130 + {
  131 +
  132 + $oWorkSpaceOwnerRole = $this->createRole('WorkSpaceOwner');
  133 + if ($oWorkSpaceOwnerRole == null)
  134 + {
  135 + $this->session->logout();
  136 + return _kt('Error: Failed to create WorkSpaceOwner Role');
  137 + }
  138 +
  139 + //set permissions
  140 + $oUserPO = KTPermissionObject::get($userFolderObject->getPermissionObjectId());
  141 + $this->setUserDocsPermissions($oUserPO);
  142 + //assign current user to role
  143 + $this->setUserDocsRoleAllocation($userFolderObject);
  144 + }
  145 + else
  146 + {
  147 +
  148 + //update WrokSpaceOwner role to include current user
  149 + $this->updateUserDocsRoleAllocation($userFolderObject);
  150 + }
  151 +
  152 + }
  153 +
  154 + $iUserDocsFolderID = $this->getFolderID('DroppedDocuments');
  155 + $oUserDocsFolder = Folder::get($iUserDocsFolderID);
  156 +
  157 + if(!Folder::FolderExistsName($sUserName, $iUserDocsFolderID))
  158 + {
  159 +
  160 +
  161 + $root=$this->ktapi->get_root_folder();
  162 + $userDocsFolder = $root->get_folder_by_name('/DroppedDocuments');
  163 +
  164 + //create the personal folder. (Use the username to create it)
  165 + $personalFolder = $userDocsFolder->add_folder($sUserName);
  166 +
  167 + //Copy the permission object to stop permission inheritance
  168 + KTPermissionUtil::copyPermissionObject($personalFolder->get_folder());
  169 +
  170 + //The role should exist by now.
  171 + //In both the if and else statements for the dropdocuments above the role is created
  172 + //If its doesn't exist by now there is an error
  173 + if(!$this->roleExistsName('WorkSpaceOwner'))
  174 + {
  175 +
  176 + $this->session->logout();
  177 + return _kt('Error: WorkSpaceOwner Role not setup, cannot assign to Personal Folder');
  178 +
  179 + }
  180 +
  181 + $personalFolderRole = $root->get_folder_by_name('/DroppedDocuments/'.$sUserName);
  182 + $PersonalFolderObject = ($personalFolderRole->get_folder());
  183 +
  184 + //Get permission object
  185 + $oPO = KTPermissionObject::get($PersonalFolderObject->getPermissionObjectId());
  186 +
  187 + //Check for duplicate WorkSpaceOwner roles
  188 + if (count($this->getRoleIdByName('WorkSpaceOwner')) > 1)
  189 + {
  190 + $this->session->logout();
  191 + return _kt('Error: cannot set personal folder role permissions: more than one role named \'WorkSpaceOwner\' exists');
  192 +
  193 + }
  194 +
  195 + $this->setPersonalFolderPermissions($oPO);
  196 +
  197 + $this->updatePersonalFolderRoleAllocation($PersonalFolderObject);
  198 +
  199 +
  200 + //folder just created so no top list of last modified documents
  201 +
  202 + $iMyDocsFolderID = $this->getFolderID($sUserName);
  203 + $this->session->logout();
  204 + return _kt('<span class="descriptiveText"> You do not have any dropped documents </span><br><br><br>');
  205 +
  206 +
  207 + }
  208 +
  209 + else //if personal folder does exist
  210 + {
  211 + //Getting personal folder id
  212 + $iMyDocsFolderID = $this->getFolderID($sUserName);
  213 +
  214 +
  215 + if(!$this->roleExistsName('WorkSpaceOwner'))
  216 + {
  217 + $this->session->logout();
  218 + return _kt('Error: WorkSpaceOwner Role does not exist');
  219 + }
  220 + else
  221 + {
  222 +
  223 + $oTempPersonalFolder = $root->get_folder_by_name('/DroppedDocuments/'.$sUserName);
  224 + $oPersonalFolder = $oTempPersonalFolder->get_folder();
  225 + //update WorkSpaceOwner role to include current user
  226 +
  227 + //Get permission object
  228 + $oPO = KTPermissionObject::get($oPersonalFolder->getPermissionObjectId());
  229 +
  230 + $this->setPersonalFolderPermissions($oPO);
  231 +
  232 + $this->updatePersonalFolderRoleAllocation($oPersonalFolder);
  233 +
  234 + }
  235 +
  236 +
  237 +
  238 + $aExternalWhereClauses[] = '(DT.transaction_namespace IN (?,?,?) AND (D.parent_folder_ids LIKE "%,'.$iMyDocsFolderID.',%" OR D.parent_folder_ids LIKE "%,'.$iMyDocsFolderID.'"))';
  239 + $aExternalWhereParams[] = 'ktcore.transactions.create';
  240 + $aExternalWhereParams[] = 'ktcore.transactions.check_in';
  241 + $aExternalWhereParams[] = 'ktcore.transactions.event';
  242 +
  243 +
  244 + $aDocumentTransactions = $this->getTransactionsMatchingQuery($oUser, '', $aExternalWhereClauses, $aExternalWhereParams);
  245 + if (empty($aDocumentTransactions))
  246 + {
  247 + $this->session->logout();
  248 + return _kt('<span class="descriptiveText"> You do not have any dropped documents </span><br><br><br>');
  249 + }
  250 +
  251 + $maxcount = 5;
  252 + $aDocumentTransactions = array_slice($aDocumentTransactions, 0, $maxcount);
  253 +
  254 + $sReturnTable = '<span class="descriptiveText">'._kt('Recently Dropped Documents').'</span>
  255 + <table width="100%" class="kt_collection drop_box" cellspacing="0">
  256 +
  257 + <thead>
  258 + <tr>
  259 + <th width="100%">'._kt('Document').'</th>
  260 + <th width="1%">'._kt('Date Dropped').'</th>
  261 + </tr>
  262 + </thead>
  263 + <tbody>';
  264 +
  265 + $sOddorEven = '';
  266 + $count = 1;
  267 + foreach ($aDocumentTransactions as $aRow)
  268 + {
  269 + $oDocument = Document::get($aRow[document_id]);
  270 + $aParentFolders = explode('/',$oDocument->getFullPath());
  271 + $sPath = '';
  272 +
  273 + for($i = 0; $i < count($aParentFolders); $i++)
  274 + {
  275 + if ($i > 2)
  276 + {
  277 + $sPath .= '/'.$aParentFolders[$i];
  278 + }
  279 + }
  280 +
  281 + $sContentType = KTMime::getIconPath($oDocument->getMimeTypeID());
  282 + $aAnchorData = $this->getDocInfo($aRow[document_id]);
  283 + $sLink = $aAnchorData[0];
  284 + $sDocName = $aAnchorData[1];
  285 + $sShortDocName = $sDocName;
  286 + if(strlen($sPath) > 0)
  287 + {
  288 + $sDocName = $sPath.'/'.$sDocName;
  289 + }
  290 +
  291 + $sFullDocName = $sDocName;
  292 + $iDocLength = strlen($sDocName);
  293 + if ( $iDocLength > 30 )
  294 + {
  295 + $sDocName = substr($sDocName, ($iDocLength - 30), $iDocLength);
  296 + $sDocName = '...'.$sDocName;
  297 + }
  298 +
  299 + if($count%2 == 0)
  300 + {
  301 + $sOddorEven = 'even';
  302 + }
  303 + else
  304 + {
  305 + $sOddorEven = 'odd';
  306 + }
  307 +
  308 + $sReturnTable .= '<tr class="'.$sOddorEven.'">'.
  309 + '<td width="100%"><span class="contenttype '.$sContentType.'"><a title="'.$sShortDocName.'" href='.$sLink.'>'.$sDocName.'</a></span></td>'.
  310 + '<td width="1%">'.$aRow[datetime].'</td>'.
  311 + '</tr>';
  312 + $count ++;
  313 + }
  314 +
  315 + $location = 'browse.php?fFolderId='.$iMyDocsFolderID;
  316 + $sReturnTable .= '</tbody>'.
  317 + '</table>'.
  318 + '<br>'.
  319 + '<a href="'.$location.'">'._kt(' View All').' </a><br><br>';
  320 + $this->session->logout();
  321 +
  322 + return $sReturnTable;
  323 +
  324 + }
  325 + }
  326 +
  327 + function handleOutput($sOutput) {
  328 + print $sOutput;
  329 + }
  330 +
  331 + //This function is used to set the permission on the dropdocuments folder
  332 + function setUserDocsPermissions($oUserPO)
  333 + {
  334 + //arrays returned from get Role ID's
  335 + $aWorkSpaceOwnerRoleID = $this->getRoleIdByName('WorkSpaceOwner');
  336 + $aAdminGroupID = $this->getGroupIdByName('System Administrators');
  337 +
  338 + //arrays used to make integers for $aAllowed array variable
  339 + $iWorkSpaceOwnerRoleID = $aWorkSpaceOwnerRoleID[0]['id'];
  340 + $iAdminGroupID = $aAdminGroupID[0]['id'];
  341 + //$aBothAllowed is used to give permissions to the admin group and the WorkSpaceOwner role
  342 + $aBothAllowed = array('group' => array($iAdminGroupID), 'role' => array($iWorkSpaceOwnerRoleID));
  343 +
  344 + //$aAdminAllowed is used to give permissions to the admin group only
  345 + $aAdminAllowed = array('group' => array($iAdminGroupID));
  346 +
  347 + //Get the list of permissions
  348 + $aPermissions = KTPermission::getList();
  349 +
  350 + foreach ($aPermissions as $oPermission)
  351 + {
  352 + //If the permission is not one of the below then both are allowed the permission
  353 + //Otherwise only the admin group is allowed the permission
  354 + if($oPermission->getHumanName() != 'Delete' && $oPermission->getHumanName() != 'Rename Folder'
  355 + && $oPermission->getHumanName() != 'Manage security' && $oPermission->getHumanName() != 'Manage workflow')
  356 + {
  357 + KTPermissionUtil::setPermissionForId($oPermission, $oUserPO, $aBothAllowed);
  358 + }
  359 + else
  360 + {
  361 + KTPermissionUtil::setPermissionForId($oPermission, $oUserPO, $aAdminAllowed);
  362 + }
  363 + }
  364 +
  365 + //UPdate the permission lookup
  366 + KTPermissionUtil::updatePermissionLookupForPO($oUserPO);
  367 + }
  368 +
  369 + //This function is used for allocating the user to the WorkSpaceOwner role only when the dropdocuments folder
  370 + //has just been created.
  371 + function setUserDocsRoleAllocation($oUserFolderObject)
  372 + {
  373 + $userFolderID = $oUserFolderObject->getId();
  374 +
  375 + $tempWorkSpaceOwnerRoleID = $this->getRoleIdByName('WorkSpaceOwner');
  376 + $WorkSpaceOwnerRoleID = $tempWorkSpaceOwnerRoleID[0]['id'];
  377 +
  378 + //create a new role allocation
  379 + $oDropdocumentsRoleAllocation = new RoleAllocation();
  380 + if ($oDropdocumentsRoleAllocation == null)
  381 + {
  382 + $this->session->logout();
  383 + return _kt('Error: cannot create WorkSpaceOwner role allocation');
  384 + }
  385 +
  386 + //set the folder and role for the allocation
  387 + $oDropdocumentsRoleAllocation->setFolderId($userFolderID);
  388 + $oDropdocumentsRoleAllocation->setRoleId($WorkSpaceOwnerRoleID);
  389 +
  390 + $aWorkSpaceOwnerRoleAllowed = array();
  391 + $oDropdocumentsRoleAllocation->setAllowed($aWorkSpaceOwnerRoleAllowed);
  392 + //It might be a problem that i'm not doing a "start transaction" here.
  393 + //Unable to roll back in event of db failure
  394 + $res = $oDropdocumentsRoleAllocation->create();
  395 +
  396 + //The role is created and then updated by adding the current user to the allowed list
  397 +
  398 + $oPD = $oDropdocumentsRoleAllocation->getPermissionDescriptor();
  399 + $aWorkSpaceOwnerRoleAssignAllowed = $oPD->getAllowed();
  400 + $aUserId[] = $this->oUser->getId();
  401 + $aWorkSpaceOwnerRoleAssignAllowed['user'] = $aUserId;
  402 + $oDropdocumentsRoleAllocation->setAllowed($aWorkSpaceOwnerRoleAssignAllowed);
  403 + $res = $oDropdocumentsRoleAllocation->update();
  404 +
  405 + //Update all info linked to the role
  406 + $this->renegeratePermissionsForRole($oDropdocumentsRoleAllocation->getRoleId(), $userFolderID);
  407 + }
  408 +
  409 + //This function is used to allocate the current user to the WorkSpaceOwner role after the Dropdocuments folder
  410 + //has already been created.
  411 + function updateUserDocsRoleAllocation($oUserFolder)
  412 + {
  413 + $userFolderID = $oUserFolder->getId();
  414 + $tempWorkSpaceOwnerRoleID = $this->getRoleIdByName('WorkSpaceOwner');//$oUserRole->getId();
  415 + $WorkSpaceOwnerRoleID = $tempWorkSpaceOwnerRoleID[0]['id'];
  416 +
  417 + //Get the role allocation object for the Dropdocuments folder and the WorkSpaceOwner role
  418 + $oDropdocumentsRoleAllocation = $oRoleAllocation = RoleAllocation::getAllocationsForFolderAndRole($userFolderID, $WorkSpaceOwnerRoleID);
  419 +
  420 + //check that the object is not null
  421 + if ($oDropdocumentsRoleAllocation == null)
  422 + {
  423 + $this->session->logout();
  424 + return _kt('Error: cannot find WorkSpaceOwner role allocation');
  425 + }
  426 +
  427 + $oPD = $oDropdocumentsRoleAllocation->getPermissionDescriptor();
  428 + $aWorkSpaceOwnerRoleAssignAllowed = $oPD->getAllowed();
  429 +
  430 + //If the user ID is not in the allowed list already then add it to the list.
  431 + if(!in_array($this->oUser->getId(), $aWorkSpaceOwnerRoleAssignAllowed['user']))
  432 + {
  433 + $aNewAllowed = array();
  434 + $aNewAllowed = $aWorkSpaceOwnerRoleAssignAllowed['user'];
  435 + $aNewAllowed[] = $this->oUser->getId();
  436 + $aWorkSpaceOwnerRoleAssignAllowed['user'] = $aNewAllowed;
  437 + $oDropdocumentsRoleAllocation->setAllowed($aWorkSpaceOwnerRoleAssignAllowed);
  438 + $res = $oDropdocumentsRoleAllocation->update();
  439 + $this->renegeratePermissionsForRole($oDropdocumentsRoleAllocation->getRoleId(), $userFolderID);
  440 + }
  441 + }
  442 +
  443 + function setPersonalFolderPermissions($oPO)
  444 + {
  445 + $aWorkSpaceOwnerRoleID = $this->getRoleIdByName('WorkSpaceOwner');
  446 + $aAdminGroupID = $this->getGroupIdByName('System Administrators');
  447 +
  448 + //arrays used to make integers for $aAllowed array variable
  449 + $iWorkSpaceOwnerRoleID = $aWorkSpaceOwnerRoleID[0]['id'];
  450 + $iAdminGroupID = $aAdminGroupID[0]['id'];
  451 +
  452 + //set permissions for the role and the admin group
  453 + $aAllowed = array('role' => array($iWorkSpaceOwnerRoleID), 'group' => array($iAdminGroupID));
  454 +
  455 + //Get the List of all the permissions
  456 + $aPersonalFolderPermissions = KTPermission::getList();
  457 +
  458 + //Iterate through and apply all permissions to the current user and the admin group
  459 + foreach ($aPersonalFolderPermissions as $oPersonalFolderPermission)
  460 + {
  461 + KTPermissionUtil::setPermissionForId($oPersonalFolderPermission, $oPO, $aAllowed);
  462 +
  463 + }
  464 +
  465 + //Update permission lookup
  466 + KTPermissionUtil::updatePermissionLookupForPO($oPO);
  467 + }
  468 +
  469 + function updatePersonalFolderRoleAllocation($oPersonalFolder)
  470 + {
  471 + //Assign user to the WorkSpaceOwner role
  472 + $personalFolderID = $oPersonalFolder->getId();
  473 + $tempWorkSpaceOwnerRoleID = $this->getRoleIdByName('WorkSpaceOwner');
  474 + $WorkSpaceOwnerRoleID = $tempWorkSpaceOwnerRoleID[0]['id'];
  475 +
  476 + $oRoleAllocation = new RoleAllocation();
  477 + if ($oRoleAllocation == null)
  478 + {
  479 + $this->session->logout();
  480 + return _kt('Error: Cannot create WorkSpaceOwner role allocation on personal folder');
  481 + }
  482 + $oRoleAllocation->setFolderId($personalFolderID);
  483 + $oRoleAllocation->setRoleId($WorkSpaceOwnerRoleID);
  484 +
  485 + $aRoleAllowed = array();
  486 + $oRoleAllocation->setAllowed($aRoleAllowed);
  487 +
  488 + //It might be a problem that i'm not doing a "start transaction" here.
  489 + //Unable to roll back in event of db failure
  490 + $res = $oRoleAllocation->create();
  491 +
  492 + //The role is first created and then the current user is allocated to the role below
  493 +
  494 + $oPD = $oRoleAllocation->getPermissionDescriptor();
  495 + $aRoleAssignAllowed = $oPD->getAllowed();
  496 + $aUserId[] = $this->oUser->getId();
  497 + $aRoleAssignAllowed['user'] = $aUserId;
  498 + $oRoleAllocation->setAllowed($aRoleAssignAllowed);
  499 + $res = $oRoleAllocation->update();
  500 + $this->renegeratePermissionsForRole($oRoleAllocation->getRoleId(), $personalFolderID);
  501 + }
  502 +
  503 + //FIXME: Direct Database access
  504 + function getFolderID($sFolderName) {
  505 + $sQuery = 'SELECT id FROM folders WHERE name = \''.$sFolderName.'\'';
  506 +
  507 + $id = DBUtil::getResultArray($sQuery);
  508 + return $id[0]['id'];
  509 + }
  510 +
  511 + //this function returns the document link and document name to be displayed on the dashlet
  512 + function getDocInfo($iDocId) {
  513 + $oDocument = Document::get($iDocId);
  514 +
  515 + if (PEAR::isError($oDocument)) {
  516 + return _kt('Document no longer exists.');
  517 + }
  518 +
  519 + $sName = htmlentities($oDocument->getName(), ENT_NOQUOTES, 'UTF-8');
  520 + $sLink = KTBrowseUtil::getUrlForDocument($oDocument);
  521 +
  522 + $aAnchorData = array();
  523 + $aAnchorData[] = $sLink;
  524 + $aAnchorData[] = $sName;
  525 + return $aAnchorData;
  526 + }
  527 +
  528 + //This function is used to create the role, role allocation is done separately
  529 + function createRole ($sName)
  530 + {
  531 + $this->startTransaction();
  532 + $oRole = Role::createFromArray(array('name' => $sName));
  533 +
  534 + if (PEAR::isError($oRole) || ($oRole == false))
  535 + {
  536 + if ($this->bTransactionStarted)
  537 + {
  538 + $this->rollbackTransaction();
  539 + }
  540 + //return null on failure
  541 + return null;
  542 + }
  543 + else
  544 + {
  545 + return $oRole;
  546 +
  547 + }
  548 + }
  549 +
  550 + //FIXME: Direct Database access
  551 + function roleExistsName ($sName)
  552 + {
  553 + $sQuery = "SELECT id FROM roles WHERE name = ?";
  554 + $aParams = array($sName);
  555 + $res = DBUtil::getResultArray(array($sQuery, $aParams));
  556 +
  557 + if (count($res) != 0)
  558 + {
  559 + return true;
  560 + }
  561 + return false;
  562 + }
  563 +
  564 + //FIXME: Direct Database access
  565 + function groupExistsName ($sName)
  566 + {
  567 + $sQuery = "SELECT id FROM groups_lookup WHERE name = ?";
  568 + $aParams = array($sName);
  569 + $res = DBUtil::getResultArray(array($sQuery, $aParams));
  570 +
  571 + if (count($res) != 0)
  572 + {
  573 + return true;
  574 + }
  575 + return false;
  576 + }
  577 +
  578 + //FIXME: Direct Database access
  579 + function getRoleIdByName($sName)
  580 + {
  581 + $sQuery = "SELECT id FROM roles WHERE name = ?";
  582 + $aParams = array($sName);
  583 + $res = DBUtil::getResultArray(array($sQuery, $aParams));
  584 + return $res;
  585 + }
  586 +
  587 + //FIXME: Direct Database access
  588 + function getGroupIdByName ($sName)
  589 + {
  590 + $sQuery = "SELECT id FROM groups_lookup WHERE name = ?";
  591 + $aParams = array($sName);
  592 + $res = DBUtil::getResultArray(array($sQuery, $aParams));
  593 + return $res;
  594 + }
  595 +
  596 + //function taken from KTPermission.php and edited to work here
  597 + function renegeratePermissionsForRole($iRoleId, $iFolderId) {
  598 + $iStartFolderId = $iFolderId;
  599 + /*
  600 + * 1. find all folders & documents "below" this one which use the role
  601 + * definition _active_ (not necessarily present) at this point.
  602 + * 2. tell permissionutil to regen their permissions.
  603 + *
  604 + * The find algorithm is:
  605 + *
  606 + * folder_queue <- (iStartFolderId)
  607 + * while folder_queue is not empty:
  608 + * active_folder =
  609 + * for each folder in the active_folder:
  610 + * find folders in _this_ folder without a role-allocation on the iRoleId
  611 + * add them to the folder_queue
  612 + * update the folder's permissions.
  613 + * find documents in this folder:
  614 + * update their permissions.
  615 + */
  616 +
  617 + $sRoleAllocTable = KTUtil::getTableName('role_allocations');
  618 + $sFolderTable = KTUtil::getTableName('folders');
  619 + $sQuery = sprintf('SELECT f.id as id FROM %s AS f LEFT JOIN %s AS ra ON (f.id = ra.folder_id) WHERE ra.id IS NULL AND f.parent_id = ?', $sFolderTable, $sRoleAllocTable);
  620 +
  621 +
  622 + $folder_queue = array($iStartFolderId);
  623 + while (!empty($folder_queue)) {
  624 + $active_folder = array_pop($folder_queue);
  625 +
  626 + $aParams = array($active_folder);
  627 +
  628 + $aNewFolders = DBUtil::getResultArrayKey(array($sQuery, $aParams), 'id');
  629 + if (PEAR::isError($aNewFolders)) {
  630 + //$this->errorRedirectToMain(_kt('Failure to generate folderlisting.'));
  631 + echo _kt('Failure to generate folderlisting.');
  632 + }
  633 + $folder_queue = kt_array_merge ($folder_queue, (array) $aNewFolders); // push.
  634 +
  635 +
  636 + // update the folder.
  637 + $oFolder =& Folder::get($active_folder);
  638 + if (PEAR::isError($oFolder) || ($oFolder == false)) {
  639 + //$this->errorRedirectToMain(_kt('Unable to locate folder: ') . $active_folder);
  640 + echo _kt('Unable to locate folder: ').$active_folder;
  641 + }
  642 +
  643 + KTPermissionUtil::updatePermissionLookup($oFolder);
  644 + $aDocList =& Document::getList(array('folder_id = ?', $active_folder));
  645 + if (PEAR::isError($aDocList) || ($aDocList === false)) {
  646 + //$this->errorRedirectToMain(sprintf(_kt('Unable to get documents in folder %s: %s'), $active_folder, $aDocList->getMessage()));
  647 + echo _kt('Unable to get documents in folder ').$active_folder;
  648 + }
  649 +
  650 + foreach ($aDocList as $oDoc) {
  651 + if (!PEAR::isError($oDoc)) {
  652 + KTPermissionUtil::updatePermissionLookup($oDoc);
  653 + }
  654 + }
  655 + }
  656 + }
  657 +
  658 + /*
  659 + attempt to abstract the transaction-matching query.
  660 +
  661 + tables that are already defined (other than sec ones):
  662 +
  663 + - Documents (D)
  664 + - Users (U)
  665 + - TransactionTypes (DTT)
  666 + - Document Transactions (DT)
  667 +
  668 + so where clausess can take advantage of those.
  669 +
  670 + */
  671 + function getTransactionsMatchingQuery($oUser, $sJoinClause, $aExternalWhereClauses, $aExternalWhereParams, $aOptions = null) {
  672 +
  673 + $sSelectItems = 'DTT.name AS transaction_name, U.name AS user_name, DT.version AS version, DT.comment AS comment, DT.datetime AS datetime, D.id as document_id, DT.transaction_namespace as namespace';
  674 + $sBaseJoin = "FROM " . KTUtil::getTableName("document_transactions") . " AS DT " .
  675 + "INNER JOIN " . KTUtil::getTableName("users") . " AS U ON DT.user_id = U.id " .
  676 + "INNER JOIN " . KTUtil::getTableName("transaction_types") . " AS DTT ON DTT.namespace = DT.transaction_namespace " .
  677 + "INNER JOIN " . KTUtil::getTableName("documents") . " AS D ON D.id = DT.document_id ";
  678 +
  679 + // now we're almost at partialquery like status.
  680 + $perm_res = KTSearchUtil::permissionToSQL($oUser, 'ktcore.permissions.read');
  681 + if (PEAR::isError($perm_res)) {
  682 + return $perm_res;
  683 + }
  684 + list($sPermissionString, $aPermissionParams, $sPermissionJoin) = $perm_res;
  685 +
  686 + // compile the final list
  687 + $aFinalWhere = kt_array_merge(array($sPermissionString,'D.creator_id IS NOT NULL'), $aExternalWhereClauses, array('D.status_id = ?'));
  688 + $aFinalWhereParams = kt_array_merge($aPermissionParams, $aExternalWhereParams, array(LIVE));
  689 +
  690 + if (!is_array($aOptions)) {
  691 + $aOptions = (array) $aOptions;
  692 + }
  693 + $sOrderBy = KTUtil::arrayGet($aOptions, 'orderby', 'DT.datetime DESC');
  694 +
  695 + // compile these.
  696 + // NBM: do we need to wrap these in ()?
  697 + $sWhereClause = implode(' AND ', $aFinalWhere);
  698 + if (!empty($sWhereClause)) {
  699 + $sWhereClause = 'WHERE ' . $sWhereClause;
  700 + }
  701 +
  702 + $sQuery = sprintf("SELECT %s %s %s %s %s ORDER BY %s",
  703 + $sSelectItems,
  704 + $sBaseJoin,
  705 + $sPermissionJoin,
  706 + $sJoinClause,
  707 + $sWhereClause,
  708 + $sOrderBy
  709 + );
  710 +
  711 + //var_dump(array($sQuery, $aFinalWhereParams));
  712 +
  713 + $res = DBUtil::getResultArray(array($sQuery, $aFinalWhereParams));
  714 + //var_dump($res); exit(0);
  715 + return $res;
  716 + }
  717 +}
  718 +?>
... ...