ktpermissions.php
来自「PHP 知识管理系统(基于树结构的知识管理系统), 英文原版的PHP源码。」· PHP 代码 · 共 905 行 · 第 1/3 页
PHP
905 行
<?php
/**
* $Id: KTPermissions.php 8387 2008-04-22 16:36:04Z kevin_fourie $
*
* KnowledgeTree Community Edition
* Document Management Made Simple
* Copyright (C) 2008 KnowledgeTree Inc.
* Portions copyright The Jam Warehouse Software (Pty) Limited
*
* This program is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License version 3 as published by the
* Free Software Foundation.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* You can contact KnowledgeTree Inc., PO Box 7775 #87847, San Francisco,
* California 94120-7775, or email info@knowledgetree.com.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU General Public License version 3.
*
* In accordance with Section 7(b) of the GNU General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "Powered by
* KnowledgeTree" logo and retain the original copyright notice. If the display of the
* logo is not reasonably feasible for technical reasons, the Appropriate Legal Notices
* must display the words "Powered by KnowledgeTree" and retain the original
* copyright notice.
* Contributor( s): ______________________________________
*
*/
require_once(KT_LIB_DIR . '/actions/folderaction.inc.php');
require_once(KT_LIB_DIR . '/actions/documentaction.inc.php');
require_once(KT_LIB_DIR . '/widgets/fieldWidgets.php');
require_once(KT_LIB_DIR . "/foldermanagement/Folder.inc");
require_once(KT_LIB_DIR . "/foldermanagement/foldertransaction.inc.php");
require_once(KT_LIB_DIR . "/groups/Group.inc");
require_once(KT_LIB_DIR . "/users/User.inc");
require_once(KT_LIB_DIR . "/roles/Role.inc");
require_once(KT_LIB_DIR . "/roles/roleallocation.inc.php");
require_once(KT_LIB_DIR . "/roles/documentroleallocation.inc.php");
require_once(KT_LIB_DIR . "/permissions/permission.inc.php");
require_once(KT_LIB_DIR . "/permissions/permissionobject.inc.php");
require_once(KT_LIB_DIR . "/permissions/permissionlookup.inc.php");
require_once(KT_LIB_DIR . "/permissions/permissionassignment.inc.php");
require_once(KT_LIB_DIR . "/permissions/permissiondescriptor.inc.php");
require_once(KT_LIB_DIR . "/permissions/permissionutil.inc.php");
require_once(KT_LIB_DIR . '/workflow/workflowutil.inc.php');
class KTDocumentPermissionsAction extends KTDocumentAction {
var $sName = 'ktcore.actions.document.permissions';
var $_sEditShowPermission = "ktcore.permissions.security";
var $_sShowPermission = "ktcore.permissions.security";
var $_bAdminAlwaysAvailable = true;
function getDisplayName() {
return _kt('Permissions');
}
function do_main() {
$this->oPage->setBreadcrumbDetails(_kt("Document Permissions"));
$oTemplate = $this->oValidator->validateTemplate("ktcore/document/document_permissions");
$oPL = KTPermissionLookup::get($this->oDocument->getPermissionLookupID());
$aPermissions = KTPermission::getList();
$aMapPermissionGroup = array();
$aMapPermissionRole = array();
$aMapPermissionUser = array();
$aAllGroups = Group::getList(); // probably small enough
$aAllRoles = Role::getList(); // probably small enough.
// users are _not_ fetched this way.
$aActiveGroups = array();
$aActiveUsers = array();
$aActiveRoles = array();
foreach ($aPermissions as $oPermission) {
$oPLA = KTPermissionLookupAssignment::getByPermissionAndLookup($oPermission, $oPL);
if (PEAR::isError($oPLA)) {
continue;
}
$oDescriptor = KTPermissionDescriptor::get($oPLA->getPermissionDescriptorID());
$iPermissionID = $oPermission->getID();
$aIDs = $oDescriptor->getGroups();
$aMapPermissionGroup[$iPermissionID] = array();
foreach ($aIDs as $iID) {
$aMapPermissionGroup[$iPermissionID][$iID] = true;
$aActiveGroups[$iID] = true;
}
$aIds = $oDescriptor->getRoles();
$aMapPermissionRole[$iPermissionID] = array();
foreach ($aIds as $iId) {
$aMapPermissionRole[$iPermissionID][$iId] = true;
$aActiveRoles[$iId] = true;
}
$aIds = $oDescriptor->getUsers();
$aMapPermissionUser[$iPermissionID] = array();
foreach ($aIds as $iId) {
$aMapPermissionUser[$iPermissionID][$iId] = true;
$aActiveUsers[$iId] = true;
}
}
// now we constitute the actual sets.
$users = array();
$groups = array();
$roles = array(); // should _always_ be empty, barring a bug in permissions::updatePermissionLookup
// this should be quite limited - direct role -> user assignment is typically rare.
foreach ($aActiveUsers as $id => $marker) {
$oUser = User::get($id);
$users[$oUser->getName()] = $oUser;
}
asort($users); // ascending, per convention.
foreach ($aActiveGroups as $id => $marker) {
$oGroup = Group::get($id);
$groups[$oGroup->getName()] = $oGroup;
}
asort($groups);
foreach ($aActiveRoles as $id => $marker) {
$oRole = Role::get($id);
$roles[$oRole->getName()] = $oRole;
}
asort($roles);
$bEdit = KTPermissionUtil::userHasPermissionOnItem($this->oUser, $this->_sEditShowPermission, $this->oDocument);
$sInherited = '';
$aDynamicControls = array();
$aWorkflowControls = array();
// handle conditions
$iPermissionObjectId = $this->oDocument->getPermissionObjectID();
if (!empty($iPermissionObjectId)) {
$oPO = KTPermissionObject::get($iPermissionObjectId);
$aDynamicConditions = KTPermissionDynamicCondition::getByPermissionObject($oPO);
if (!PEAR::isError($aDynamicConditions)) {
foreach ($aDynamicConditions as $oDynamicCondition) {
$iConditionId = $oDynamicCondition->getConditionId();
if (KTSearchUtil::testConditionOnDocument($iConditionId, $this->oDocument)) {
$aPermissionIds = $oDynamicCondition->getAssignment();
foreach ($aPermissionIds as $iPermissionId) {
$aDynamicControls[$iPermissionId] = true;
}
}
}
}
}
// indicate that workflow controls a given permission
$oState = KTWorkflowUtil::getWorkflowStateForDocument($this->oDocument);
if (!(PEAR::isError($oState) || is_null($oState) || ($oState == false))) {
$aWorkflowStatePermissionAssignments = KTWorkflowStatePermissionAssignment::getByState($oState);
foreach ($aWorkflowStatePermissionAssignments as $oAssignment) {
$aWorkflowControls[$oAssignment->getPermissionId()] = true;
unset($aDynamicControls[$oAssignment->getPermissionId()]);
}
}
$aTemplateData = array(
"context" => $this,
"permissions" => $aPermissions,
"groups" => $groups,
"users" => $users,
"roles" => $roles,
"iDocumentID" => $_REQUEST['fDocumentID'],
"aMapPermissionGroup" => $aMapPermissionGroup,
"aMapPermissionRole" => $aMapPermissionRole,
"aMapPermissionUser" => $aMapPermissionUser,
"edit" => $bEdit,
"inherited" => $sInherited,
'workflow_controls' => $aWorkflowControls,
'conditions_control' => $aDynamicControls,
);
return $oTemplate->render($aTemplateData);
}
function do_resolved_users() {
$this->oPage->setBreadcrumbDetails(_kt("Permissions"));
$oTemplate = $this->oValidator->validateTemplate("ktcore/document/resolved_permissions_user");
$oPL = KTPermissionLookup::get($this->oDocument->getPermissionLookupID());
$aPermissions = KTPermission::getList();
$aMapPermissionGroup = array();
$aMapPermissionRole = array();
$aMapPermissionUser = array();
$aUsers = User::getList();
foreach ($aPermissions as $oPermission) {
$oPLA = KTPermissionLookupAssignment::getByPermissionAndLookup($oPermission, $oPL);
if (PEAR::isError($oPLA)) {
continue;
}
$oDescriptor = KTPermissionDescriptor::get($oPLA->getPermissionDescriptorID());
$iPermissionID = $oPermission->getID();
$aMapPermissionGroup[$iPermissionID] = array();
foreach ($aUsers as $oUser) {
if (KTPermissionUtil::userHasPermissionOnItem($oUser, $oPermission, $this->oDocument)) {
$aMapPermissionUser[$iPermissionID][$oUser->getId()] = true;
$aActiveUsers[$oUser->getId()] = true;
}
}
}
// now we constitute the actual sets.
$users = array();
$groups = array();
$roles = array(); // should _always_ be empty, barring a bug in permissions::updatePermissionLookup
// this should be quite limited - direct role -> user assignment is typically rare.
foreach ($aActiveUsers as $id => $marker) {
$oUser = User::get($id);
$users[$oUser->getName()] = $oUser;
}
asort($users); // ascending, per convention.
$bEdit = false;
$sInherited = '';
$aDynamicControls = array();
$aWorkflowControls = array();
// handle conditions
$iPermissionObjectId = $this->oDocument->getPermissionObjectID();
if (!empty($iPermissionObjectId)) {
$oPO = KTPermissionObject::get($iPermissionObjectId);
$aDynamicConditions = KTPermissionDynamicCondition::getByPermissionObject($oPO);
if (!PEAR::isError($aDynamicConditions)) {
foreach ($aDynamicConditions as $oDynamicCondition) {
$iConditionId = $oDynamicCondition->getConditionId();
if (KTSearchUtil::testConditionOnDocument($iConditionId, $this->oDocument)) {
$aPermissionIds = $oDynamicCondition->getAssignment();
foreach ($aPermissionIds as $iPermissionId) {
$aDynamicControls[$iPermissionId] = true;
}
}
}
}
}
// indicate that workflow controls a given permission
$oState = KTWorkflowUtil::getWorkflowStateForDocument($this->oDocument);
if (!(PEAR::isError($oState) || is_null($oState) || ($oState == false))) {
$aWorkflowStatePermissionAssignments = KTWorkflowStatePermissionAssignment::getByState($oState);
foreach ($aWorkflowStatePermissionAssignments as $oAssignment) {
$aWorkflowControls[$oAssignment->getPermissionId()] = true;
unset($aDynamicControls[$oAssignment->getPermissionId()]);
}
}
$aTemplateData = array(
"context" => $this,
"permissions" => $aPermissions,
"groups" => $groups,
"users" => $users,
"roles" => $roles,
"oDocument" => $this->oDocument,
"aMapPermissionGroup" => $aMapPermissionGroup,
"aMapPermissionRole" => $aMapPermissionRole,
"aMapPermissionUser" => $aMapPermissionUser,
"edit" => $bEdit,
"inherited" => $sInherited,
'workflow_controls' => $aWorkflowControls,
'conditions_control' => $aDynamicControls,
);
return $oTemplate->render($aTemplateData);
}
}
class KTRoleAllocationPlugin extends KTFolderAction {
var $sName = 'ktcore.actions.folder.roles';
var $_sShowPermission = "ktcore.permissions.security";
var $bAutomaticTransaction = true;
var $_bAdminAlwaysAvailable = true;
function getDisplayName() {
return _kt('Allocate Roles');
}
function do_main() {
$this->oPage->setTitle(_kt("Allocate Roles"));
$this->oPage->setBreadcrumbDetails(_kt("Allocate Roles"));
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?