📄 permissionutil.inc.php
字号:
* If there are any folders with the permission object, then it
* is set by _a_ folder. All folders found will have a common
* ancestor folder, which will be the one with:
*
* Potential hack: The shortest parent_folder_ids
*
* Potential non-hack: Choose random folder, check parent for
* permission object recurringly until it changes. Last success
* is the ancestor parent...
*/
$sQuery = "SELECT id FROM $default->folders_table WHERE permission_object_id = ? ORDER BY LENGTH(parent_folder_ids) LIMIT 1";
$aParams = array($oPO->getID());
$res = DBUtil::getOneResultKey(array($sQuery, $aParams), 'id');
if (!is_null($res)) {
return Folder::get($res);
}
$sQuery = "SELECT id FROM $default->documents_table WHERE permission_object_id = ? LIMIT 1";
$aParams = array($oPO->getID());
$res = DBUtil::getOneResultKey(array($sQuery, $aParams), 'id');
if (!is_null($res)) {
return Document::get($res);
}
return false;
}
// }}}
// {{{ copyPermissionObject
/**
* Copy the object's parents permission object details, in
* preparation for the object to have different permissions from its
* parent.
*/
function copyPermissionObject(&$oDocumentOrFolder) {
global $default;
$oOrigPO = KTPermissionObject::get($oDocumentOrFolder->getPermissionObjectID());
$aOrigPAs =& KTPermissionAssignment::getByObjectMulti($oOrigPO);
$oNewPO = KTPermissionObject::createFromArray(array());
foreach ($aOrigPAs as $oOrigPA) {
$oNewPA = KTPermissionAssignment::createFromArray(array(
'permissionid' => $oOrigPA->getPermissionID(),
'permissionobjectid' => $oNewPO->getID(),
'permissiondescriptorid' => $oOrigPA->getPermissionDescriptorID(),
));
}
$oDocumentOrFolder->setPermissionObjectID($oNewPO->getID());
$oDocumentOrFolder->update();
// copy any dynamic conditions
$aDPO = KTPermissionDynamicCondition::getByPermissionObject($oOrigPO);
foreach ($aDPO as $oOrigDC) {
$oNewDC = KTPermissionDynamicCondition::createFromArray(array(
'permissionobjectid' => $oNewPO->getId(),
'groupid' => $oOrigDC->getGroupId(),
'conditionid' => $oOrigDC->getConditionId(),
));
$oNewDC->saveAssignment($oOrigDC->getAssignment());
}
if (!is_a($oDocumentOrFolder, 'Folder')) {
KTPermissionUtil::updatePermissionLookup($oDocumentOrFolder);
return;
}
// For a folder - update permission object for all folders and
// documents under this current folder if they're using the old
// permission object id. If they are, then they're getting the
// permission object via this folder. If they are not, then
// they have their own permission object management, and thus
// this folder has no effect on their permissions.
$iFolderID = $oDocumentOrFolder->getID();
$sFolderIDs = Folder::generateFolderIDs($iFolderID);
$sFolderIDs .= '%';
$sQuery = "UPDATE $default->folders_table SET
permission_object_id = ? WHERE permission_object_id = ? AND
parent_folder_ids LIKE ?";
$aParams = array($oNewPO->getID(), $oOrigPO->getID(), $sFolderIDs);
DBUtil::runQuery(array($sQuery, $aParams));
Folder::clearAllCaches();
$sQuery = "UPDATE $default->documents_table SET
permission_object_id = ? WHERE permission_object_id = ? AND
(parent_folder_ids LIKE ? OR folder_id = ?)";
$aParams[] = $iFolderID;
DBUtil::runQuery(array($sQuery, $aParams));
Document::clearAllCaches();
// All objects using this PO must be new and must need their
// lookups updated...
KTPermissionUtil::updatePermissionLookupForPO($oNewPO);
}
// }}}
// {{{ isPermissionOwner
/**
* Verify if the given object is the root of the permission object
* it has assigned to it - in other words, if its parent has a
* different permission object than it.
*/
function isPermissionOwner(&$oDocumentOrFolder) {
$oPermissionObject = KTPermissionObject::get($oDocumentOrFolder->getPermissionObjectID());
$oParentObject = KTPermissionUtil::findRootObjectForPermissionObject($oPermissionObject);
// Documents might be permission owner, but then they'd be the
// only users of that permission object.
if (is_a($oParentObject, 'Document')) {
return true;
}
// If you're a document and your permission owner isn't a
// document, that means it's some ancestor, and thus not you.
if (is_a($oDocumentOrFolder, 'Document')) {
return false;
}
// We're dealing with folders, so just compare IDs...
if ($oDocumentOrFolder->getID() == $oParentObject->getID()) {
return true;
}
return false;
}
// }}}
// {{{ inheritPermissionObject
/**
* Inherits permission object from parent, throwing away our own
* permission object.
*/
function inheritPermissionObject(&$oDocumentOrFolder, $aOptions = null) {
global $default;
$oDocumentOrFolder->cacheGlobal=array();
$bEvenIfNotOwner = KTUtil::arrayGet($aOptions, 'evenifnotowner');
if (empty($bEvenIfNotOwner) && !KTPermissionUtil::isPermissionOwner($oDocumentOrFolder)) {
return PEAR::raiseError(_kt("Document or Folder doesn't own its permission object"));
}
$iOrigPOID = $oDocumentOrFolder->getPermissionObjectID();
$oOrigPO =& KTPermissionObject::get($iOrigPOID);
$oFolder =& Folder::get($oDocumentOrFolder->getParentID());
$iNewPOID = $oFolder->getPermissionObjectID();
$oNewPO =& KTPermissionObject::get($iNewPOID);
$oDocumentOrFolder->setPermissionObjectID($iNewPOID);
$oDocumentOrFolder->update();
if (is_a($oDocumentOrFolder, 'Document')) {
// If we're a document, no niggly children to worry about.
KTPermissionUtil::updatePermissionLookup($oDocumentOrFolder);
return;
}
// if the new and old permission object and lookup ids are the same, then we might as well bail
if ($iOrigPOID == $iNewPOID)
{
if ($oDocumentOrFolder->getPermissionLookupID() == $oFolder->getPermissionLookupID())
{
// doing this, as this was done below... (not ideal to copy, but anyways...)
Document::clearAllCaches();
Folder::clearAllCaches();
return;
}
}
$iFolderID = $oDocumentOrFolder->getID();
$sFolderIDs = Folder::generateFolderIDs($iFolderID);
$sFolderIDs .= '%';
$sQuery = "UPDATE $default->folders_table SET
permission_object_id = ? WHERE permission_object_id = ? AND
parent_folder_ids LIKE ?";
$aParams = array($oNewPO->getID(), $oOrigPO->getID(), $sFolderIDs);
DBUtil::runQuery(array($sQuery, $aParams));
Folder::clearAllCaches();
// Update all documents in the folder and in the sub-folders
$sQuery = "UPDATE $default->documents_table SET
permission_object_id = ? WHERE permission_object_id = ? AND
(parent_folder_ids LIKE ? OR folder_id = ?)";
$aParams[] = $iFolderID;
DBUtil::runQuery(array($sQuery, $aParams));
Document::clearAllCaches();
KTPermissionUtil::updatePermissionLookupForPO($oNewPO);
}
// }}}
// {{{ rebuildPermissionLookups
function rebuildPermissionLookups($bEmptyOnly = true) {
if ($bEmptyOnly) {
$sTable = KTUtil::getTableName('folders');
$sQuery = sprintf("SELECT id FROM %s WHERE permission_lookup_id IS NULL AND permission_object_id IS NOT NULL", $sTable);
} else {
$sTable = KTUtil::getTableName('folders');
$sQuery = sprintf("SELECT id FROM %s WHERE permission_object_id IS NOT NULL", $sTable);
}
$aIds = DBUtil::getResultArrayKey($sQuery, 'id');
foreach ($aIds as $iId) {
$oFolder =& Folder::get($iId);
KTPermissionUtil::updatePermissionLookup($oFolder);
}
if ($bEmptyOnly) {
$sTable = KTUtil::getTableName('documents');
$sQuery = sprintf("SELECT id FROM %s WHERE permission_lookup_id IS NULL", $sTable);
} else {
$sTable = KTUtil::getTableName('documents');
$sQuery = sprintf("SELECT id FROM %s", $sTable);
}
$aIds = DBUtil::getResultArrayKey($sQuery, 'id');
foreach ($aIds as $iId) {
$oDocument =& Document::get($iId);
KTPermissionUtil::updatePermissionLookup($oDocument);
}
}
// }}}
// {{{ getPermissionDescriptorsForUser
function getPermissionDescriptorsForUser($oUser) {
$aGroups = GroupUtil::listGroupsForUserExpand($oUser);
$roles = array(-3); // everyone
$aEveryoneDescriptors = array();
$aAuthenticatedDescriptors = array();
if (!$oUser->isAnonymous()) {
// authenticated
$roles[] = -4;
}
$aRoleDescriptors = KTPermissionDescriptor::getByRoles($roles, array('ids' => true));
$aPermissionDescriptors = KTPermissionDescriptor::getByGroups($aGroups, array('ids' => true));
$aUserDescriptors = KTPermissionDescriptor::getByUser($oUser, array('ids' => true));
return kt_array_merge($aPermissionDescriptors, $aUserDescriptors, $aRoleDescriptors);
}
// }}}
}
class KTPermissionChannel {
var $observers = array();
function &getSingleton() {
if (!KTUtil::arrayGet($GLOBALS, 'KT_PermissionChannel')) {
$GLOBALS['KT_PermissionChannel'] = new KTPermissionChannel;
}
return $GLOBALS['KT_PermissionChannel'];
}
function sendMessage(&$msg) {
foreach ($this->observers as $oObserver) {
$oObserver->receiveMessage($msg);
}
}
function addObserver(&$obs) {
array_push($this->observers, $obs);
}
}
class KTPermissionGenericMessage {
function KTPermissionGenericMessage($sMessage) {
$this->sMessage = $sMessage;
}
function getString() {
return $this->sMessage;
}
}
?>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -