permissionutil.inc.php.tmp

来自「PHP 知识管理系统（基于树结构的知识管理系统）, 英文原版的PHP源码。」· TMP 代码 · 共 830 行 · 第 1/3 页

         * If there are any folders with the permission object, then it
         * is set by _a_ folder.  All folders found will have a common
         * ancestor folder, which will be the one with:
         *
         * Potential hack: The shortest parent_folder_ids
         *
         * Potential non-hack: Choose random folder, check parent for
         * permission object recurringly until it changes.  Last success
         * is the ancestor parent...
         */
        $sQuery = "SELECT id FROM $default->folders_table WHERE permission_object_id = ? ORDER BY LENGTH(parent_folder_ids) LIMIT 1";
        $aParams = array($oPO->getID());
        $res = DBUtil::getOneResultKey(array($sQuery, $aParams), 'id');
        if (!is_null($res)) {
            return Folder::get($res);
        }
        $sQuery = "SELECT id FROM $default->documents_table WHERE permission_object_id = ? LIMIT 1";
        $aParams = array($oPO->getID());
        $res = DBUtil::getOneResultKey(array($sQuery, $aParams), 'id');
        if (!is_null($res)) {
            return Document::get($res);
        }
        return false;
    }
    // }}}

    // {{{ copyPermissionObject
    /**
     * Copy the object's parents permission object details, in
     * preparation for the object to have different permissions from its
     * parent.
     */
    function copyPermissionObject(&$oDocumentOrFolder) {
        global $default;
        $oOrigPO = KTPermissionObject::get($oDocumentOrFolder->getPermissionObjectID());
        $aOrigPAs =& KTPermissionAssignment::getByObjectMulti($oOrigPO);
        $oNewPO = KTPermissionObject::createFromArray(array());
        foreach ($aOrigPAs as $oOrigPA) {
            $oNewPA = KTPermissionAssignment::createFromArray(array(
                'permissionid' => $oOrigPA->getPermissionID(),
                'permissionobjectid' => $oNewPO->getID(),
                'permissiondescriptorid' => $oOrigPA->getPermissionDescriptorID(),
            ));
        }
        $oDocumentOrFolder->setPermissionObjectID($oNewPO->getID());
        $oDocumentOrFolder->update();

        // copy any dynamic conditions
        $aDPO = KTPermissionDynamicCondition::getByPermissionObject($oOrigPO);
        foreach ($aDPO as $oOrigDC) {
            $oNewDC = KTPermissionDynamicCondition::createFromArray(array(
                'permissionobjectid' => $oNewPO->getId(),
                'groupid' => $oOrigDC->getGroupId(),
                'conditionid' => $oOrigDC->getConditionId(),
            ));

            $oNewDC->saveAssignment($oOrigDC->getAssignment());
        }

        if (!is_a($oDocumentOrFolder, 'Folder')) {
            KTPermissionUtil::updatePermissionLookup($oDocumentOrFolder);
            return;
        }

        // For a folder - update permission object for all folders and
        // documents under this current folder if they're using the old
        // permission object id.  If they are, then they're getting the
        // permission object via this folder.  If they are not, then
        // they have their own permission object management, and thus
        // this folder has no effect on their permissions.

        $iFolderID = $oDocumentOrFolder->getID();
        $sFolderIDs = Folder::generateFolderIDs($iFolderID);
        $sFolderIDs .= '%';
        $sQuery = "UPDATE $default->folders_table SET
            permission_object_id = ? WHERE permission_object_id = ? AND
            parent_folder_ids LIKE ?";
        $aParams = array($oNewPO->getID(), $oOrigPO->getID(), $sFolderIDs);
        DBUtil::runQuery(array($sQuery, $aParams));

        Folder::clearAllCaches();

        $sQuery = "UPDATE $default->documents_table SET
            permission_object_id = ? WHERE permission_object_id = ? AND
            (parent_folder_ids LIKE ? OR folder_id = ?)";
        $aParams[] = $iFolderID;
        DBUtil::runQuery(array($sQuery, $aParams));

        Document::clearAllCaches();

        // All objects using this PO must be new and must need their
        // lookups updated...
        KTPermissionUtil::updatePermissionLookupForPO($oNewPO);
    }
    // }}}

    // {{{ isPermissionOwner
    /**
     * Verify if the given object is the root of the permission object
     * it has assigned to it - in other words, if its parent has a
     * different permission object than it.
     */
    function isPermissionOwner(&$oDocumentOrFolder) {
        $oPermissionObject = KTPermissionObject::get($oDocumentOrFolder->getPermissionObjectID());
        $oParentObject = KTPermissionUtil::findRootObjectForPermissionObject($oPermissionObject);

        // Documents might be permission owner, but then they'd be the
        // only users of that permission object.
        if (is_a($oParentObject, 'Document')) {
            return true;
        }

        // If you're a document and your permission owner isn't a
        // document, that means it's some ancestor, and thus not you.
        if (is_a($oDocumentOrFolder, 'Document')) {
            return false;
        }

        // We're dealing with folders, so just compare IDs...
        if ($oDocumentOrFolder->getID() == $oParentObject->getID()) {
            return true;
        }
        return false;
    }
    // }}}

    // {{{ inheritPermissionObject
    /**
     * Inherits permission object from parent, throwing away our own
     * permission object.
     */
    function inheritPermissionObject(&$oDocumentOrFolder, $aOptions = null) {
        global $default;

        $oDocumentOrFolder->cacheGlobal=array();

        $bEvenIfNotOwner = KTUtil::arrayGet($aOptions, 'evenifnotowner');
        if (empty($bEvenIfNotOwner) && !KTPermissionUtil::isPermissionOwner($oDocumentOrFolder)) {
            return PEAR::raiseError(_kt("Document or Folder doesn't own its permission object"));
        }
        $iOrigPOID = $oDocumentOrFolder->getPermissionObjectID();
        $oOrigPO =& KTPermissionObject::get($iOrigPOID);
        $oFolder =& Folder::get($oDocumentOrFolder->getParentID());
        $iNewPOID = $oFolder->getPermissionObjectID();
        $oNewPO =& KTPermissionObject::get($iNewPOID);


        $oDocumentOrFolder->setPermissionObjectID($iNewPOID);
        $oDocumentOrFolder->update();

        if (is_a($oDocumentOrFolder, 'Document')) {
            // If we're a document, no niggly children to worry about.
            KTPermissionUtil::updatePermissionLookup($oDocumentOrFolder);
            return;
        }

       // if the new and old permission object and lookup ids are the same, then we might as well bail
       if ($iOrigPOID == $iNewPOID)
        {
        	if ($oDocumentOrFolder->getPermissionLookupID() == $oFolder->getPermissionLookupID())
        	{
        		// doing this, as this was done below... (not ideal to copy, but anyways...)
        		Document::clearAllCaches();
        		Folder::clearAllCaches();
        		return;
        	}
        }

        $iFolderID = $oDocumentOrFolder->getID();
        $sFolderIDs = Folder::generateFolderIDs($iFolderID);
        $sFolderIDs .= '%';
        $sQuery = "UPDATE $default->folders_table SET
            permission_object_id = ? WHERE permission_object_id = ? AND
            parent_folder_ids LIKE ?";
        $aParams = array($oNewPO->getID(), $oOrigPO->getID(), $sFolderIDs);
        DBUtil::runQuery(array($sQuery, $aParams));

        Folder::clearAllCaches();

        // Update all documents in the folder and in the sub-folders
        $sQuery = "UPDATE $default->documents_table SET
            permission_object_id = ? WHERE permission_object_id = ? AND
            (parent_folder_ids LIKE ? OR folder_id = ?)";
        $aParams[] = $iFolderID;
        DBUtil::runQuery(array($sQuery, $aParams));

        Document::clearAllCaches();

        KTPermissionUtil::updatePermissionLookupForPO($oNewPO);
    }
    // }}}

    // {{{ rebuildPermissionLookups
    function rebuildPermissionLookups($bEmptyOnly = true) {
        if ($bEmptyOnly) {
            $sTable = KTUtil::getTableName('folders');
            $sQuery = sprintf("SELECT id FROM %s WHERE permission_lookup_id IS NULL AND permission_object_id IS NOT NULL", $sTable);
        } else {
            $sTable = KTUtil::getTableName('folders');
            $sQuery = sprintf("SELECT id FROM %s WHERE permission_object_id IS NOT NULL", $sTable);
        }
        $aIds = DBUtil::getResultArrayKey($sQuery, 'id');
        foreach ($aIds as $iId) {
            $oFolder =& Folder::get($iId);
            KTPermissionUtil::updatePermissionLookup($oFolder);
        }

        if ($bEmptyOnly) {
            $sTable = KTUtil::getTableName('documents');
            $sQuery = sprintf("SELECT id FROM %s WHERE permission_lookup_id IS NULL", $sTable);
        } else {
            $sTable = KTUtil::getTableName('documents');
            $sQuery = sprintf("SELECT id FROM %s", $sTable);
        }
        $aIds = DBUtil::getResultArrayKey($sQuery, 'id');
        foreach ($aIds as $iId) {
            $oDocument =& Document::get($iId);
            KTPermissionUtil::updatePermissionLookup($oDocument);
        }

    }
    // }}}

    // {{{ getPermissionDescriptorsForUser
    function getPermissionDescriptorsForUser($oUser) {
        $aGroups = GroupUtil::listGroupsForUserExpand($oUser);
        $roles = array(-3); // everyone
        $aEveryoneDescriptors = array();
        $aAuthenticatedDescriptors = array();
        if (!$oUser->isAnonymous()) {
            // authenticated
            $roles[] = -4;
        }
        $aRoleDescriptors = KTPermissionDescriptor::getByRoles($roles, array('ids' => true));
        $aPermissionDescriptors = KTPermissionDescriptor::getByGroups($aGroups, array('ids' => true));
        $aUserDescriptors = KTPermissionDescriptor::getByUser($oUser, array('ids' => true));
        return kt_array_merge($aPermissionDescriptors, $aUserDescriptors, $aRoleDescriptors);
    }
    // }}}
}

class KTPermissionChannel {
    var $observers = array();

    function &getSingleton() {
        if (!KTUtil::arrayGet($GLOBALS, 'KT_PermissionChannel')) {
            $GLOBALS['KT_PermissionChannel'] = new KTPermissionChannel;
        }
        return $GLOBALS['KT_PermissionChannel'];
    }

    function sendMessage(&$msg) {
        foreach ($this->observers as $oObserver) {
            $oObserver->receiveMessage($msg);
        }
    }

    function addObserver(&$obs) {
        array_push($this->observers, $obs);
    }
}

class KTPermissionGenericMessage {
    function KTPermissionGenericMessage($sMessage) {
        $this->sMessage = $sMessage;
    }

    function getString() {
        return $this->sMessage;
    }
}



?>