permissionutil.inc.php.tmp

来自「PHP 知识管理系统（基于树结构的知识管理系统）, 英文原版的PHP源码。」· TMP 代码 · 共 830 行 · 第 1/3 页

<?php
/**
 * $Id$
 *
 * KnowledgeTree Community Edition
 * Document Management Made Simple
 * Copyright (C) 2008 KnowledgeTree Inc.
 * Portions copyright The Jam Warehouse Software (Pty) Limited
 *
 * This program is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License version 3 as published by the
 * Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 * FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
 * details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 *
 * You can contact KnowledgeTree Inc., PO Box 7775 #87847, San Francisco,
 * California 94120-7775, or email info@knowledgetree.com.
 *
 * The interactive user interfaces in modified source and object code versions
 * of this program must display Appropriate Legal Notices, as required under
 * Section 5 of the GNU General Public License version 3.
 *
 * In accordance with Section 7(b) of the GNU General Public License version 3,
 * these Appropriate Legal Notices must retain the display of the "Powered by
 * KnowledgeTree" logo and retain the original copyright notice. If the display of the
 * logo is not reasonably feasible for technical reasons, the Appropriate Legal Notices
 * must display the words "Powered by KnowledgeTree" and retain the original
 * copyright notice.
 * Contributor( s): ______________________________________
 *
 */

require_once(KT_LIB_DIR . "/documentmanagement/Document.inc");
require_once(KT_LIB_DIR . "/foldermanagement/Folder.inc");
require_once(KT_LIB_DIR . "/permissions/permission.inc.php");
require_once(KT_LIB_DIR . "/permissions/permissionassignment.inc.php");
require_once(KT_LIB_DIR . "/permissions/permissiondescriptor.inc.php");
require_once(KT_LIB_DIR . "/permissions/permissionlookup.inc.php");
require_once(KT_LIB_DIR . "/permissions/permissionlookupassignment.inc.php");
require_once(KT_LIB_DIR . "/permissions/permissionobject.inc.php");
require_once(KT_LIB_DIR . "/permissions/permissiondynamiccondition.inc.php");
require_once(KT_LIB_DIR . "/groups/GroupUtil.php");
require_once(KT_LIB_DIR . "/roles/roleallocation.inc.php");
require_once(KT_LIB_DIR . "/roles/documentroleallocation.inc.php");

require_once(KT_LIB_DIR . "/workflow/workflowutil.inc.php");
require_once(KT_LIB_DIR . "/workflow/workflowstatepermissionsassignment.inc.php");

class KTPermissionUtil {

    static $permArr = array();

    // {{{ generateDescriptor
    /**
     * Generate a unique textual representation of a specific collection
     * of users/groups/roles described by a dictionary.
     *
     * This function _must_ always generate the same descriptor for a
     * given collection of users/groups/roles, no matter the order of
     * the keys or the order of the ids in the values of the collection.
     */
    function generateDescriptor ($aAllowed) {
        $aAllowedSort = array();
        // PHP5: clone
        $aTmp = $aAllowed;
        ksort($aTmp);
        $sOutput = "";
        foreach ($aTmp as $k => $v) {
            if (empty($v)) {
                continue;
            }
            $v = array_unique($v);
            $sOutput .= "$k(";
            sort($v);
            $sOutput .= join(",", $v);
            $sOutput .= ")";
        }

        return $sOutput;
    }
    // }}}

    // {{{ getOrCreateDescriptor
    /**
     * For a given collection of users/groups/roles, get the permission
     * descriptor object that describes that exact collection, creating
     * such an object if it does not already exist.
     */
    function getOrCreateDescriptor ($aAllowed) {
        $sDescriptor = KTPermissionUtil::generateDescriptor($aAllowed);
        $oDescriptor =& KTPermissionDescriptor::getByDescriptor(md5($sDescriptor));
        if (PEAR::isError($oDescriptor)) {
            $oOriginalDescriptor = $oDescriptor;

            $oDescriptor =& KTPermissionDescriptor::createFromArray(array(
                "descriptortext" => $sDescriptor,
            ));
            if (PEAR::isError($oDescriptor)) {
                print '<pre>';
                print_r($aAllowed);
                print "-----------\n";
                print "getOrCreateDescriptor get error (should be 'not found'):";
                print "-----------\n";
                print_r($oOriginalDescriptor);
                print "-----------\n";
                print "getOrCreateDescriptor create error (should not happen):";
                print "-----------\n";
                print_r($oDescriptor);
                print '</pre>';
                exit(0);
            }
            $oDescriptor->saveAllowed($aAllowed);

        }
        return $oDescriptor;
    }
    // }}}

    // {{{ getAllowedForDescriptor
    function getAllowedForDescriptor($oDescriptor) {
        $oDescriptor =& KTUtil::getObject('KTPermissionDescriptor', $oDescriptor);
        return $oDescriptor->getAllowed();
    }
    // }}}

    // {{{ getOrCreateAssignment
    /**
     * For a given permission object, get the assignment object for the
     * given permission, or create one if there isn't one already.
     *
     * This assignment object describes the group of users/groups/roles
     * that have the given permission.  If one is created, it is created
     * empty.
     */
    function getOrCreateAssignment ($sPermission, $iObjectID) {
        if (is_string($sPermission)) {
            $oPermission =& KTPermission::getByName($sPermission);
        } else {
            $oPermission =& $sPermission;
        }
        if (is_numeric($iObjectID)) {
            $oObject =& KTPermissionObject::get($iObjectID);
        } else {
            $oObject =& $iObjectID;
        }
        $oPA = KTPermissionAssignment::getByPermissionAndObject($oPermission, $oObject);
        if (PEAR::isError($oPA)) {
            $oPA = KTPermissionAssignment::createFromArray(array(
                'permissionid' => $oPermission->getID(),
                'permissionobjectid' => $oObject->getID(),
            ));
        }
        return $oPA;
    }
    // }}}

    // {{{ setPermissionForID
    /**
     * For a given permission object, set the given group of
     * users/groups/roles that have a given permission, removing any
     * previous assignment.
     */
    function setPermissionForID($sPermission, $iObjectID, $aAllowed) {
        $oPermissionAssignment =& KTPermissionUtil::getOrCreateAssignment($sPermission, $iObjectID);
        $oDescriptor =& KTPermissionUtil::getOrCreateDescriptor($aAllowed);
        $oPermissionAssignment->setPermissionDescriptorID($oDescriptor->getID());
        $res = $oPermissionAssignment->update();
        return $res;
    }
    // }}}

    // {{{ updatePermissionLookupForState
    function updatePermissionLookupForState($oState) {
        $aDocuments = Document::getByState($oState);
        foreach ($aDocuments as $oDocument) {
            KTPermissionUtil::updatePermissionLookup($oDocument);
        }
    }
    // }}}

    // {{{ updatePermissionLookupForPO
    /**
     * Updates permission lookups for all objects of a certain
     * permission object.
     *
     * It may be that you don't have or want to have the root item for a
     * permission object that you do have and have updates - then use
     * this.
     */
    function updatePermissionLookupForPO($oPO) {
        $sWhere = 'permission_object_id = ?';
        $aParams = array($oPO->getID());
        $aFolders =& Folder::getList(array($sWhere, $aParams));

        // init once time those var for speeding up updates
		$oChannel =& KTPermissionChannel::getSingleton();
		$aPermAssigns = KTPermissionAssignment::getByObjectMulti($oPO);
		$aMapPermAllowed = array();
		foreach ($aPermAssigns as $oPermAssign) {
		  $oPermDescriptor = KTPermissionDescriptor::get($oPermAssign->getPermissionDescriptorID());
		  $aGroupIDs = $oPermDescriptor->getGroups();
		  $aUserIDs = array();
		  $aRoleIDs = $oPermDescriptor->getRoles();
		  $aAllowed = array(
							'group' => $aGroupIDs,
							'user' => $aUserIDs,
							'role' => $aRoleIDs,
							);
		  $aMapPermAllowed[$oPermAssign->getPermissionID()] = $aAllowed;
		}
		$aMapPermDesc = array();
		foreach ($aMapPermAllowed as $iPermissionId => $aAllowed) {
		  $oLookupPD = KTPermissionUtil::getOrCreateDescriptor($aAllowed);
		  $aMapPermDesc[$iPermissionId] = $oLookupPD->getID();
		}

		$oPermLookup = KTPermissionLookupAssignment::findOrCreateLookupByPermissionDescriptorMap($aMapPermDesc);
		$aOptions = array('channel' => $oChannel, 'map_allowed' => $aMapPermAllowed, 'perm_lookup' => $oPermLookup);

        if (!PEAR::isError($aFolders)) {
            foreach ($aFolders as $oFolder) {
                KTPermissionUtil::updatePermissionLookup($oFolder, $aOptions);
            }
        }
        $aIds = DBUtil::getResultArrayKey(array("SELECT id FROM documents WHERE permission_object_id=?", $aParams), 'id');
        if (!PEAR::isError($aIds))
        {
			$cache = KTCache::getSingleton();

			foreach ($aIds as $iId)
	        {
    	        $oDocument =& Document::get($iId);
        	    KTPermissionUtil::updatePermissionLookup($oDocument, $aOptions);

        	    $metadataid = $oDocument->getMetadataVersionId();
				$contentid = $oDocument->getContentVersionId();

				$cache->remove('KTDocumentMetadataVersion/id', $metadataid);
				$cache->remove('KTDocumentContentVersion/id', $contentid);
				$cache->remove('KTDocumentCore/id', $iId);
				$cache->remove('Document/id', $iId);
				unset($GLOBALS['_OBJECTCACHE']['KTDocumentMetadataVersion'][$metadataid]);
				unset($GLOBALS['_OBJECTCACHE']['KTDocumentContentVersion'][$contentid]);
				unset($GLOBALS['_OBJECTCACHE']['KTDocumentCore'][$iId]);

				unset($oDocument);
        	}
        }

       /* $aDocuments =& Document::getList(array($sWhere, $aParams));
        if (!PEAR::isError($aDocuments)) {
            foreach ($aDocuments as $oDocument) {
                KTPermissionUtil::updatePermissionLookup($oDocument, $aOptions);
            }
        }*/
    }
    // }}}

    // {{{ updatePermissionLookupRecursive
    /**
     * Updates permission lookups for this folder and any ancestors, but
     * only if they use the same permission object.
     *
     * To be used any time a folder permission object is changed.
     */
    function updatePermissionLookupRecursive(&$oDocumentOrFolder) {
        if (is_a($oDocumentOrFolder, 'Document')) {
            // XXX: metadata versions may need attention here
            KTPermissionUtil::updatePermissionLookup($oDocumentOrFolder);
            return;
        }