ktpermissions.php
来自「PHP 知识管理系统(基于树结构的知识管理系统), 英文原版的PHP源码。」· PHP 代码 · 共 905 行 · 第 1/3 页
PHP
905 行
$oTemplating =& KTTemplating::getSingleton();
$oTemplate = $oTemplating->loadTemplate("ktcore/folder/roles");
// we need to have:
// - a list of roles
// - with their users / groups
// - and that allocation id
$aRoles = array(); // stores data for display.
$aRoleList = Role::getList('id > 0');
foreach ($aRoleList as $oRole) {
$iRoleId = $oRole->getId();
$aRoles[$iRoleId] = array("name" => $oRole->getName());
$oRoleAllocation = RoleAllocation::getAllocationsForFolderAndRole($this->oFolder->getId(), $iRoleId);
$u = array();
$g = array();
$aid = null;
$raid = null;
if ($oRoleAllocation == null) {
; // nothing.
} else {
$raid = $oRoleAllocation->getId(); // real_alloc_id
if ($oRoleAllocation->getFolderId() == $this->oFolder->getId()) {
$aid = $oRoleAllocation->getid(); // alloc_id
}
$oPermDesc = KTPermissionDescriptor::get($oRoleAllocation->getPermissionDescriptorId());
if (!PEAR::isError($oPermDesc)) {
$aAllowed = $oPermDesc->getAllowed();
if (!empty($aAllowed['user'])) {
$u = $aAllowed['user'];
}
if (!empty($aAllowed['group'])) {
$g = $aAllowed['group'];
}
}
}
$aRoles[$iRoleId]['users'] = $u;
$aRoles[$iRoleId]['groups'] = $g;
$aRoles[$iRoleId]['allocation_id'] = $aid;
$aRoles[$iRoleId]['real_allocation_id'] = $raid;
}
/*
print '<pre>';
var_dump($aRoles);
print '</pre>';
*/
// FIXME this is test data.
/*
$aRoles = array(
1 => array('name' => 'Manager', 'users' => array(1), 'groups' => array(1), 'allocation_id' => 1),
2 => array('name' => 'Peasant', 'users' => array(1), 'groups' => array(), 'allocation_id' => 2),
3 => array('name' => 'Inherited', 'users' => array(), 'groups' => array(1), 'allocation_id' => null),
);
*/
// final step.
// map to users, groups.
foreach ($aRoles as $key => $role) {
$_users = array();
foreach ($aRoles[$key]['users'] as $iUserId) {
$oUser = User::get($iUserId);
if (!(PEAR::isError($oUser) || ($oUser == false))) {
$_users[] = $oUser->getName();
}
}
if (empty($_users)) {
$aRoles[$key]['users'] = '<span class="descriptiveText"> ' . _kt('no users') . '</span>';
} else {
$aRoles[$key]['users'] = join(', ',$_users);
}
$_groups = array();
foreach ($aRoles[$key]['groups'] as $iGroupId) {
$oGroup = Group::get($iGroupId);
if (!(PEAR::isError($oGroup) || ($oGroup == false))) {
$_groups[] = $oGroup->getName();
}
}
if (empty($_groups)) {
$aRoles[$key]['groups'] = '<span class="descriptiveText"> ' . _kt('no groups') . '</span>';
} else {
$aRoles[$key]['groups'] = join(', ',$_groups);
}
}
$aTemplateData = array(
'context' => &$this,
'roles' => $aRoles,
'folderName'=>$this->oFolder->getName(),
'is_root' => ($this->oFolder->getId() == 1),
);
return $oTemplate->render($aTemplateData);
}
function do_overrideParent() {
$role_id = KTUtil::arrayGet($_REQUEST, 'role_id', null);
$oRole = Role::get($role_id);
if (PEAR::isError($oRole)) {
$this->errorRedirectToMain(_kt('Invalid Role.'));
}
// FIXME do we need to check that this role _isn't_ allocated?
$oRoleAllocation = new RoleAllocation();
$oRoleAllocation->setFolderId($this->oFolder->getId());
$oRoleAllocation->setRoleId($role_id);
// create a new permission descriptor.
// FIXME we really want to duplicate the original (if it exists)
$aAllowed = array(); // no-op, for now.
$this->startTransaction();
$oRoleAllocation->setAllowed($aAllowed);
$res = $oRoleAllocation->create();
if (PEAR::isError($res) || ($res == false)) {
$this->errorRedirectToMain(_kt('Failed to create the role allocation.') . print_r($res, true), sprintf('fFolderId=%d', $this->oFolder->getId()));
}
$oTransaction = KTFolderTransaction::createFromArray(array(
'folderid' => $this->oFolder->getId(),
'comment' => _kt('Override parent allocation'),
'transactionNS' => 'ktcore.transactions.role_allocations_change',
'userid' => $_SESSION['userID'],
'ip' => Session::getClientIP(),
));
$aOptions = array(
'defaultmessage' => _kt('Error creating allocation'),
'redirect_to' => array('main', sprintf('fFolderId=%d', $this->oFolder->getId())),
);
$this->oValidator->notErrorFalse($oTransaction, $aOptions);
// inherit parent permissions
$oParentAllocation = RoleAllocation::getAllocationsForFolderAndRole($this->oFolder->getParentID(), $role_id);
if (!is_null($oParentAllocation) && !PEAR::isError($oParentAllocation))
{
$oPD = $oParentAllocation->getPermissionDescriptor();
$aAllowed = $oPD->getAllowed();
$userids=$aAllowed['user'];
$groupids=$aAllowed['group'];
// now lets update for the new allocation
$oPD = $oRoleAllocation->getPermissionDescriptor();
$aAllowed = $oPD->getAllowed();
$aAllowed['user'] = $userids;
$aAllowed['group'] = $groupids;
$oRoleAllocation->setAllowed($aAllowed);
$res = $oRoleAllocation->update();
if (PEAR::isError($res) || ($res == false))
{
$this->errorRedirectToMain(_kt('Failed to create the role allocation.') . print_r($res, true), sprintf('fFolderId=%d', $this->oFolder->getId()));
}
}
// regenerate permissions
$this->renegeratePermissionsForRole($oRoleAllocation->getRoleId());
$this->successRedirectToMain(_kt('Role allocation created.'), sprintf('fFolderId=%d', $this->oFolder->getId()));
}
function do_useParent() {
$role_id = KTUtil::arrayGet($_REQUEST, 'role_id', null);
$oRole = Role::get($role_id);
if (PEAR::isError($oRole)) {
$this->errorRedirectToMain(_kt('Invalid Role.'), sprintf('fFolderId=%d',$this->oFolder->getId()));
}
$role_id = $oRole->getId(); // numeric, for various testing purposes.
$oRoleAllocation = RoleAllocation::getAllocationsForFolderAndRole($this->oFolder->getId(), $role_id);
if ($oRoleAllocation->getFolderId() != $this->oFolder->getId()) {
$this->errorRedirectToMain(_kt('Already using a different descriptor.'), sprintf('fFolderId=%d',$this->oFolder->getId()));
}
$this->startTransaction();
$res = $oRoleAllocation->delete();
if (PEAR::isError($res) || ($res == false)) {
$this->errorRedirectToMain(_kt('Unable to change role allocation.') . print_r($res, true), sprintf('fFolderId=%d',$this->oFolder->getId()));
exit(0);
}
$oTransaction = KTFolderTransaction::createFromArray(array(
'folderid' => $this->oFolder->getId(),
'comment' => _kt('Use parent allocation'),
'transactionNS' => 'ktcore.transactions.role_allocations_change',
'userid' => $_SESSION['userID'],
'ip' => Session::getClientIP(),
));
$aOptions = array(
'defaultmessage' => _kt('Problem assigning role to parent allocation'),
'redirect_to' => array('main', sprintf('fFolderId=%d', $this->oFolder->getId())),
);
$this->oValidator->notErrorFalse($oTransaction, $aOptions);
$this->renegeratePermissionsForRole($oRoleAllocation->getRoleId());
$this->successRedirectToMain(_kt('Role now uses parent.'), sprintf('fFolderId=%d',$this->oFolder->getId()));
}
function rootoverride($role_id) {
if ($this->oFolder->getId() != 1) {
$this->errorRedirectToMain(_kt("Cannot create allocation for non-root locations."));
}
$oRoleAllocation = new RoleAllocation();
$oRoleAllocation->setFolderId($this->oFolder->getId());
$oRoleAllocation->setRoleId($role_id);
// create a new permission descriptor.
// FIXME we really want to duplicate the original (if it exists)
$aAllowed = array(); // no-op, for now.
$this->startTransaction();
$oRoleAllocation->setAllowed($aAllowed);
$res = $oRoleAllocation->create();
if (PEAR::isError($res) || ($res == false)) {
$this->errorRedirectToMain(_kt('Failed to create the role allocation.') . print_r($res, true), sprintf('fFolderId=%d', $this->oFolder->getId()));
}
return $oRoleAllocation;
}
function do_editRoleUsers() {
$role_allocation_id = KTUtil::arrayGet($_REQUEST, 'alloc_id');
if (($this->oFolder->getId() == 1) && is_null($role_allocation_id)) {
$oRoleAllocation = $this->rootoverride($_REQUEST['role_id']);
} else {
$oRoleAllocation = RoleAllocation::get($role_allocation_id);
}
if ((PEAR::isError($oRoleAllocation)) || ($oRoleAllocation=== false)) {
$this->errorRedirectToMain(_kt('No such role allocation.'), sprintf('fFolderId=%d',$this->oFolder->getId()));
}
$this->oPage->setBreadcrumbDetails(_kt('Manage Users for Role'));
$this->oPage->setTitle(sprintf(_kt('Manage Users for Role')));
$initJS = 'var optGroup = new OptionTransfer("userSelect","chosenUsers"); ' .
'function startTrans() { var f = getElement("userroleform"); ' .
' optGroup.saveNewRightOptions("userFinal"); ' .
' optGroup.init(f); }; ' .
' addLoadEvent(startTrans); ';
$this->oPage->requireJSStandalone($initJS);
$aInitialUsers = $oRoleAllocation->getUsers();
$aAllUsers = User::getList('id > 0 AND disabled = 0');
// FIXME this is massively non-performant for large userbases..
$aRoleUsers = array();
$aFreeUsers = array();
foreach ($aInitialUsers as $oUser) {
$aRoleUsers[$oUser->getId()] = $oUser;
}
foreach ($aAllUsers as $oUser) {
if (!array_key_exists($oUser->getId(), $aRoleUsers)) {
$aFreeUsers[$oUser->getId()] = $oUser;
}
}
$oTemplating =& KTTemplating::getSingleton();
$oTemplate = $oTemplating->loadTemplate("ktcore/folder/roles_manageusers");
$aTemplateData = array(
"context" => $this,
"edit_rolealloc" => $oRoleAllocation,
'unused_users' => $aFreeUsers,
'role_users' => $aRoleUsers,
);
return $oTemplate->render($aTemplateData);
}
function do_editRoleGroups() {
$role_allocation_id = KTUtil::arrayGet($_REQUEST, 'alloc_id');
if (($this->oFolder->getId() == 1) && is_null($role_allocation_id)) {
$oRoleAllocation = $this->rootoverride($_REQUEST['role_id']);
} else {
$oRoleAllocation = RoleAllocation::get($role_allocation_id);
}
if ((PEAR::isError($oRoleAllocation)) || ($oRoleAllocation=== false)) {
$this->errorRedirectToMain(_kt('No such role allocation.'), sprintf('fFolderId=%d',$this->oFolder->getId()));
}
$oRole = Role::get($oRoleAllocation->getRoleId());
$this->oPage->setBreadcrumbDetails(_kt('Manage Groups for Role'));
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?