ktpermissions.php.svn-base
来自「PHP 知识管理系统(基于树结构的知识管理系统), 英文原版的PHP源码。」· SVN-BASE 代码 · 共 905 行 · 第 1/3 页
SVN-BASE
905 行
$oTemplating =& KTTemplating::getSingleton(); $oTemplate = $oTemplating->loadTemplate("ktcore/folder/roles"); // we need to have: // - a list of roles // - with their users / groups // - and that allocation id $aRoles = array(); // stores data for display. $aRoleList = Role::getList('id > 0'); foreach ($aRoleList as $oRole) { $iRoleId = $oRole->getId(); $aRoles[$iRoleId] = array("name" => $oRole->getName()); $oRoleAllocation = RoleAllocation::getAllocationsForFolderAndRole($this->oFolder->getId(), $iRoleId); $u = array(); $g = array(); $aid = null; $raid = null; if ($oRoleAllocation == null) { ; // nothing. } else { $raid = $oRoleAllocation->getId(); // real_alloc_id if ($oRoleAllocation->getFolderId() == $this->oFolder->getId()) { $aid = $oRoleAllocation->getid(); // alloc_id } $oPermDesc = KTPermissionDescriptor::get($oRoleAllocation->getPermissionDescriptorId()); if (!PEAR::isError($oPermDesc)) { $aAllowed = $oPermDesc->getAllowed(); if (!empty($aAllowed['user'])) { $u = $aAllowed['user']; } if (!empty($aAllowed['group'])) { $g = $aAllowed['group']; } } } $aRoles[$iRoleId]['users'] = $u; $aRoles[$iRoleId]['groups'] = $g; $aRoles[$iRoleId]['allocation_id'] = $aid; $aRoles[$iRoleId]['real_allocation_id'] = $raid; } /* print '<pre>'; var_dump($aRoles); print '</pre>'; */ // FIXME this is test data. /* $aRoles = array( 1 => array('name' => 'Manager', 'users' => array(1), 'groups' => array(1), 'allocation_id' => 1), 2 => array('name' => 'Peasant', 'users' => array(1), 'groups' => array(), 'allocation_id' => 2), 3 => array('name' => 'Inherited', 'users' => array(), 'groups' => array(1), 'allocation_id' => null), ); */ // final step. // map to users, groups. foreach ($aRoles as $key => $role) { $_users = array(); foreach ($aRoles[$key]['users'] as $iUserId) { $oUser = User::get($iUserId); if (!(PEAR::isError($oUser) || ($oUser == false))) { $_users[] = $oUser->getName(); } } if (empty($_users)) { $aRoles[$key]['users'] = '<span class="descriptiveText"> ' . _kt('no users') . '</span>'; } else { $aRoles[$key]['users'] = join(', ',$_users); } $_groups = array(); foreach ($aRoles[$key]['groups'] as $iGroupId) { $oGroup = Group::get($iGroupId); if (!(PEAR::isError($oGroup) || ($oGroup == false))) { $_groups[] = $oGroup->getName(); } } if (empty($_groups)) { $aRoles[$key]['groups'] = '<span class="descriptiveText"> ' . _kt('no groups') . '</span>'; } else { $aRoles[$key]['groups'] = join(', ',$_groups); } } $aTemplateData = array( 'context' => &$this, 'roles' => $aRoles, 'folderName'=>$this->oFolder->getName(), 'is_root' => ($this->oFolder->getId() == 1), ); return $oTemplate->render($aTemplateData); } function do_overrideParent() { $role_id = KTUtil::arrayGet($_REQUEST, 'role_id', null); $oRole = Role::get($role_id); if (PEAR::isError($oRole)) { $this->errorRedirectToMain(_kt('Invalid Role.')); } // FIXME do we need to check that this role _isn't_ allocated? $oRoleAllocation = new RoleAllocation(); $oRoleAllocation->setFolderId($this->oFolder->getId()); $oRoleAllocation->setRoleId($role_id); // create a new permission descriptor. // FIXME we really want to duplicate the original (if it exists) $aAllowed = array(); // no-op, for now. $this->startTransaction(); $oRoleAllocation->setAllowed($aAllowed); $res = $oRoleAllocation->create(); if (PEAR::isError($res) || ($res == false)) { $this->errorRedirectToMain(_kt('Failed to create the role allocation.') . print_r($res, true), sprintf('fFolderId=%d', $this->oFolder->getId())); } $oTransaction = KTFolderTransaction::createFromArray(array( 'folderid' => $this->oFolder->getId(), 'comment' => _kt('Override parent allocation'), 'transactionNS' => 'ktcore.transactions.role_allocations_change', 'userid' => $_SESSION['userID'], 'ip' => Session::getClientIP(), )); $aOptions = array( 'defaultmessage' => _kt('Error creating allocation'), 'redirect_to' => array('main', sprintf('fFolderId=%d', $this->oFolder->getId())), ); $this->oValidator->notErrorFalse($oTransaction, $aOptions); // inherit parent permissions $oParentAllocation = RoleAllocation::getAllocationsForFolderAndRole($this->oFolder->getParentID(), $role_id); if (!is_null($oParentAllocation) && !PEAR::isError($oParentAllocation)) { $oPD = $oParentAllocation->getPermissionDescriptor(); $aAllowed = $oPD->getAllowed(); $userids=$aAllowed['user']; $groupids=$aAllowed['group']; // now lets update for the new allocation $oPD = $oRoleAllocation->getPermissionDescriptor(); $aAllowed = $oPD->getAllowed(); $aAllowed['user'] = $userids; $aAllowed['group'] = $groupids; $oRoleAllocation->setAllowed($aAllowed); $res = $oRoleAllocation->update(); if (PEAR::isError($res) || ($res == false)) { $this->errorRedirectToMain(_kt('Failed to create the role allocation.') . print_r($res, true), sprintf('fFolderId=%d', $this->oFolder->getId())); } } // regenerate permissions $this->renegeratePermissionsForRole($oRoleAllocation->getRoleId()); $this->successRedirectToMain(_kt('Role allocation created.'), sprintf('fFolderId=%d', $this->oFolder->getId())); } function do_useParent() { $role_id = KTUtil::arrayGet($_REQUEST, 'role_id', null); $oRole = Role::get($role_id); if (PEAR::isError($oRole)) { $this->errorRedirectToMain(_kt('Invalid Role.'), sprintf('fFolderId=%d',$this->oFolder->getId())); } $role_id = $oRole->getId(); // numeric, for various testing purposes. $oRoleAllocation = RoleAllocation::getAllocationsForFolderAndRole($this->oFolder->getId(), $role_id); if ($oRoleAllocation->getFolderId() != $this->oFolder->getId()) { $this->errorRedirectToMain(_kt('Already using a different descriptor.'), sprintf('fFolderId=%d',$this->oFolder->getId())); } $this->startTransaction(); $res = $oRoleAllocation->delete(); if (PEAR::isError($res) || ($res == false)) { $this->errorRedirectToMain(_kt('Unable to change role allocation.') . print_r($res, true), sprintf('fFolderId=%d',$this->oFolder->getId())); exit(0); } $oTransaction = KTFolderTransaction::createFromArray(array( 'folderid' => $this->oFolder->getId(), 'comment' => _kt('Use parent allocation'), 'transactionNS' => 'ktcore.transactions.role_allocations_change', 'userid' => $_SESSION['userID'], 'ip' => Session::getClientIP(), )); $aOptions = array( 'defaultmessage' => _kt('Problem assigning role to parent allocation'), 'redirect_to' => array('main', sprintf('fFolderId=%d', $this->oFolder->getId())), ); $this->oValidator->notErrorFalse($oTransaction, $aOptions); $this->renegeratePermissionsForRole($oRoleAllocation->getRoleId()); $this->successRedirectToMain(_kt('Role now uses parent.'), sprintf('fFolderId=%d',$this->oFolder->getId())); } function rootoverride($role_id) { if ($this->oFolder->getId() != 1) { $this->errorRedirectToMain(_kt("Cannot create allocation for non-root locations.")); } $oRoleAllocation = new RoleAllocation(); $oRoleAllocation->setFolderId($this->oFolder->getId()); $oRoleAllocation->setRoleId($role_id); // create a new permission descriptor. // FIXME we really want to duplicate the original (if it exists) $aAllowed = array(); // no-op, for now. $this->startTransaction(); $oRoleAllocation->setAllowed($aAllowed); $res = $oRoleAllocation->create(); if (PEAR::isError($res) || ($res == false)) { $this->errorRedirectToMain(_kt('Failed to create the role allocation.') . print_r($res, true), sprintf('fFolderId=%d', $this->oFolder->getId())); } return $oRoleAllocation; } function do_editRoleUsers() { $role_allocation_id = KTUtil::arrayGet($_REQUEST, 'alloc_id'); if (($this->oFolder->getId() == 1) && is_null($role_allocation_id)) { $oRoleAllocation = $this->rootoverride($_REQUEST['role_id']); } else { $oRoleAllocation = RoleAllocation::get($role_allocation_id); } if ((PEAR::isError($oRoleAllocation)) || ($oRoleAllocation=== false)) { $this->errorRedirectToMain(_kt('No such role allocation.'), sprintf('fFolderId=%d',$this->oFolder->getId())); } $this->oPage->setBreadcrumbDetails(_kt('Manage Users for Role')); $this->oPage->setTitle(sprintf(_kt('Manage Users for Role'))); $initJS = 'var optGroup = new OptionTransfer("userSelect","chosenUsers"); ' . 'function startTrans() { var f = getElement("userroleform"); ' . ' optGroup.saveNewRightOptions("userFinal"); ' . ' optGroup.init(f); }; ' . ' addLoadEvent(startTrans); '; $this->oPage->requireJSStandalone($initJS); $aInitialUsers = $oRoleAllocation->getUsers(); $aAllUsers = User::getList('id > 0 AND disabled = 0'); // FIXME this is massively non-performant for large userbases.. $aRoleUsers = array(); $aFreeUsers = array(); foreach ($aInitialUsers as $oUser) { $aRoleUsers[$oUser->getId()] = $oUser; } foreach ($aAllUsers as $oUser) { if (!array_key_exists($oUser->getId(), $aRoleUsers)) { $aFreeUsers[$oUser->getId()] = $oUser; } } $oTemplating =& KTTemplating::getSingleton(); $oTemplate = $oTemplating->loadTemplate("ktcore/folder/roles_manageusers"); $aTemplateData = array( "context" => $this, "edit_rolealloc" => $oRoleAllocation, 'unused_users' => $aFreeUsers, 'role_users' => $aRoleUsers, ); return $oTemplate->render($aTemplateData); } function do_editRoleGroups() { $role_allocation_id = KTUtil::arrayGet($_REQUEST, 'alloc_id'); if (($this->oFolder->getId() == 1) && is_null($role_allocation_id)) { $oRoleAllocation = $this->rootoverride($_REQUEST['role_id']); } else { $oRoleAllocation = RoleAllocation::get($role_allocation_id); } if ((PEAR::isError($oRoleAllocation)) || ($oRoleAllocation=== false)) { $this->errorRedirectToMain(_kt('No such role allocation.'), sprintf('fFolderId=%d',$this->oFolder->getId())); } $oRole = Role::get($oRoleAllocation->getRoleId()); $this->oPage->setBreadcrumbDetails(_kt('Manage Groups for Role'));⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?