📄 permissionutil.inc.php
字号:
<?php
/**
* $Id: permissionutil.inc.php 9010 2008-08-07 15:00:29Z kevin_fourie $
*
* KnowledgeTree Community Edition
* Document Management Made Simple
* Copyright (C) 2008 KnowledgeTree Inc.
* Portions copyright The Jam Warehouse Software (Pty) Limited
*
* This program is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License version 3 as published by the
* Free Software Foundation.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* You can contact KnowledgeTree Inc., PO Box 7775 #87847, San Francisco,
* California 94120-7775, or email info@knowledgetree.com.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU General Public License version 3.
*
* In accordance with Section 7(b) of the GNU General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "Powered by
* KnowledgeTree" logo and retain the original copyright notice. If the display of the
* logo is not reasonably feasible for technical reasons, the Appropriate Legal Notices
* must display the words "Powered by KnowledgeTree" and retain the original
* copyright notice.
* Contributor( s): ______________________________________
*
*/
require_once(KT_LIB_DIR . "/documentmanagement/Document.inc");
require_once(KT_LIB_DIR . "/foldermanagement/Folder.inc");
require_once(KT_LIB_DIR . "/permissions/permission.inc.php");
require_once(KT_LIB_DIR . "/permissions/permissionassignment.inc.php");
require_once(KT_LIB_DIR . "/permissions/permissiondescriptor.inc.php");
require_once(KT_LIB_DIR . "/permissions/permissionlookup.inc.php");
require_once(KT_LIB_DIR . "/permissions/permissionlookupassignment.inc.php");
require_once(KT_LIB_DIR . "/permissions/permissionobject.inc.php");
require_once(KT_LIB_DIR . "/permissions/permissiondynamiccondition.inc.php");
require_once(KT_LIB_DIR . "/groups/GroupUtil.php");
require_once(KT_LIB_DIR . "/roles/roleallocation.inc.php");
require_once(KT_LIB_DIR . "/roles/documentroleallocation.inc.php");
require_once(KT_LIB_DIR . "/workflow/workflowutil.inc.php");
require_once(KT_LIB_DIR . "/workflow/workflowstatepermissionsassignment.inc.php");
class KTPermissionUtil {
static $permArr = array();
// {{{ generateDescriptor
/**
* Generate a unique textual representation of a specific collection
* of users/groups/roles described by a dictionary.
*
* This function _must_ always generate the same descriptor for a
* given collection of users/groups/roles, no matter the order of
* the keys or the order of the ids in the values of the collection.
*/
function generateDescriptor ($aAllowed) {
$aAllowedSort = array();
// PHP5: clone
$aTmp = $aAllowed;
ksort($aTmp);
$sOutput = "";
foreach ($aTmp as $k => $v) {
if (empty($v)) {
continue;
}
$v = array_unique($v);
$sOutput .= "$k(";
sort($v);
$sOutput .= join(",", $v);
$sOutput .= ")";
}
return $sOutput;
}
// }}}
// {{{ getOrCreateDescriptor
/**
* For a given collection of users/groups/roles, get the permission
* descriptor object that describes that exact collection, creating
* such an object if it does not already exist.
*/
function getOrCreateDescriptor ($aAllowed) {
$sDescriptor = KTPermissionUtil::generateDescriptor($aAllowed);
$oDescriptor =& KTPermissionDescriptor::getByDescriptor(md5($sDescriptor));
if (PEAR::isError($oDescriptor)) {
$oOriginalDescriptor = $oDescriptor;
$oDescriptor =& KTPermissionDescriptor::createFromArray(array(
"descriptortext" => $sDescriptor,
));
if (PEAR::isError($oDescriptor)) {
print '<pre>';
print_r($aAllowed);
print "-----------\n";
print "getOrCreateDescriptor get error (should be 'not found'):";
print "-----------\n";
print_r($oOriginalDescriptor);
print "-----------\n";
print "getOrCreateDescriptor create error (should not happen):";
print "-----------\n";
print_r($oDescriptor);
print '</pre>';
exit(0);
}
$oDescriptor->saveAllowed($aAllowed);
}
return $oDescriptor;
}
// }}}
// {{{ getAllowedForDescriptor
function getAllowedForDescriptor($oDescriptor) {
$oDescriptor =& KTUtil::getObject('KTPermissionDescriptor', $oDescriptor);
return $oDescriptor->getAllowed();
}
// }}}
// {{{ getOrCreateAssignment
/**
* For a given permission object, get the assignment object for the
* given permission, or create one if there isn't one already.
*
* This assignment object describes the group of users/groups/roles
* that have the given permission. If one is created, it is created
* empty.
*/
function getOrCreateAssignment ($sPermission, $iObjectID) {
if (is_string($sPermission)) {
$oPermission =& KTPermission::getByName($sPermission);
} else {
$oPermission =& $sPermission;
}
if (is_numeric($iObjectID)) {
$oObject =& KTPermissionObject::get($iObjectID);
} else {
$oObject =& $iObjectID;
}
$oPA = KTPermissionAssignment::getByPermissionAndObject($oPermission, $oObject);
if (PEAR::isError($oPA)) {
$oPA = KTPermissionAssignment::createFromArray(array(
'permissionid' => $oPermission->getID(),
'permissionobjectid' => $oObject->getID(),
));
}
return $oPA;
}
// }}}
// {{{ setPermissionForID
/**
* For a given permission object, set the given group of
* users/groups/roles that have a given permission, removing any
* previous assignment.
*/
function setPermissionForID($sPermission, $iObjectID, $aAllowed) {
$oPermissionAssignment =& KTPermissionUtil::getOrCreateAssignment($sPermission, $iObjectID);
$oDescriptor =& KTPermissionUtil::getOrCreateDescriptor($aAllowed);
$oPermissionAssignment->setPermissionDescriptorID($oDescriptor->getID());
$res = $oPermissionAssignment->update();
return $res;
}
// }}}
// {{{ updatePermissionLookupForState
function updatePermissionLookupForState($oState) {
$aDocuments = Document::getByState($oState);
foreach ($aDocuments as $oDocument) {
KTPermissionUtil::updatePermissionLookup($oDocument);
}
}
// }}}
// {{{ updatePermissionLookupForPO
/**
* Updates permission lookups for all objects of a certain
* permission object.
*
* It may be that you don't have or want to have the root item for a
* permission object that you do have and have updates - then use
* this.
*/
function updatePermissionLookupForPO($oPO) {
$sWhere = 'permission_object_id = ?';
$aParams = array($oPO->getID());
$aFolders =& Folder::getList(array($sWhere, $aParams));
// init once time those var for speeding up updates
$oChannel =& KTPermissionChannel::getSingleton();
$aPermAssigns = KTPermissionAssignment::getByObjectMulti($oPO);
$aMapPermAllowed = array();
foreach ($aPermAssigns as $oPermAssign) {
$oPermDescriptor = KTPermissionDescriptor::get($oPermAssign->getPermissionDescriptorID());
$aGroupIDs = $oPermDescriptor->getGroups();
$aUserIDs = array();
$aRoleIDs = $oPermDescriptor->getRoles();
$aAllowed = array(
'group' => $aGroupIDs,
'user' => $aUserIDs,
'role' => $aRoleIDs,
);
$aMapPermAllowed[$oPermAssign->getPermissionID()] = $aAllowed;
}
$aMapPermDesc = array();
foreach ($aMapPermAllowed as $iPermissionId => $aAllowed) {
$oLookupPD = KTPermissionUtil::getOrCreateDescriptor($aAllowed);
$aMapPermDesc[$iPermissionId] = $oLookupPD->getID();
}
$oPermLookup = KTPermissionLookupAssignment::findOrCreateLookupByPermissionDescriptorMap($aMapPermDesc);
$aOptions = array('channel' => $oChannel, 'map_allowed' => $aMapPermAllowed, 'perm_lookup' => $oPermLookup);
if (!PEAR::isError($aFolders)) {
foreach ($aFolders as $oFolder) {
KTPermissionUtil::updatePermissionLookup($oFolder, $aOptions);
}
}
$aIds = DBUtil::getResultArrayKey(array("SELECT id FROM documents WHERE permission_object_id=?", $aParams), 'id');
if (!PEAR::isError($aIds))
{
$cache = KTCache::getSingleton();
foreach ($aIds as $iId)
{
$oDocument =& Document::get($iId);
KTPermissionUtil::updatePermissionLookup($oDocument, $aOptions);
$metadataid = $oDocument->getMetadataVersionId();
$contentid = $oDocument->getContentVersionId();
$cache->remove('KTDocumentMetadataVersion/id', $metadataid);
$cache->remove('KTDocumentContentVersion/id', $contentid);
$cache->remove('KTDocumentCore/id', $iId);
$cache->remove('Document/id', $iId);
unset($GLOBALS['_OBJECTCACHE']['KTDocumentMetadataVersion'][$metadataid]);
unset($GLOBALS['_OBJECTCACHE']['KTDocumentContentVersion'][$contentid]);
unset($GLOBALS['_OBJECTCACHE']['KTDocumentCore'][$iId]);
unset($oDocument);
}
}
/* $aDocuments =& Document::getList(array($sWhere, $aParams));
if (!PEAR::isError($aDocuments)) {
foreach ($aDocuments as $oDocument) {
KTPermissionUtil::updatePermissionLookup($oDocument, $aOptions);
}
}*/
}
// }}}
// {{{ updatePermissionLookupRecursive
/**
* Updates permission lookups for this folder and any ancestors, but
* only if they use the same permission object.
*
* To be used any time a folder permission object is changed.
*/
function updatePermissionLookupRecursive(&$oDocumentOrFolder) {
if (is_a($oDocumentOrFolder, 'Document')) {
// XXX: metadata versions may need attention here
KTPermissionUtil::updatePermissionLookup($oDocumentOrFolder);
return;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -