permissions.php
来自「PHP 知识管理系统(基于树结构的知识管理系统), 英文原版的PHP源码。」· PHP 代码 · 共 643 行 · 第 1/2 页
PHP
643 行
<?php
/**
* $Id: Permissions.php 9376 2008-09-23 12:40:50Z kevin_fourie $
*
* KnowledgeTree Community Edition
* Document Management Made Simple
* Copyright (C) 2008 KnowledgeTree Inc.
* Portions copyright The Jam Warehouse Software (Pty) Limited
*
* This program is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License version 3 as published by the
* Free Software Foundation.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* You can contact KnowledgeTree Inc., PO Box 7775 #87847, San Francisco,
* California 94120-7775, or email info@knowledgetree.com.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU General Public License version 3.
*
* In accordance with Section 7(b) of the GNU General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "Powered by
* KnowledgeTree" logo and retain the original copyright notice. If the display of the
* logo is not reasonably feasible for technical reasons, the Appropriate Legal Notices
* must display the words "Powered by KnowledgeTree" and retain the original
* copyright notice.
* Contributor( s): ______________________________________
*/
require_once(KT_LIB_DIR . '/actions/folderaction.inc.php');
require_once(KT_LIB_DIR . '/permissions/permission.inc.php');
require_once(KT_LIB_DIR . '/permissions/permissionutil.inc.php');
require_once(KT_LIB_DIR . '/browse/browseutil.inc.php');
require_once(KT_LIB_DIR . '/foldermanagement/folderutil.inc.php');
require_once(KT_LIB_DIR . '/roles/Role.inc');
class KTFolderPermissionsAction extends KTFolderAction {
var $sName = 'ktcore.actions.folder.permissions';
var $_sEditShowPermission = 'ktcore.permissions.security';
var $_sShowPermission = 'ktcore.permissions.security';
var $_bAdminAlwaysAvailable = true;
var $bAutomaticTransaction = true;
function getDisplayName() {
return _kt('Permissions');
}
function do_main() {
$this->oPage->setBreadcrumbDetails(_kt('Permissions'));
$oTemplate = $this->oValidator->validateTemplate('ktcore/folder/view_permissions');
$oPO = KTPermissionObject::get($this->oFolder->getPermissionObjectID());
$aPermissions = KTPermission::getList();
$aMapPermissionGroup = array();
$aMapPermissionRole = array();
$aMapPermissionUser = array();
$aAllGroups = Group::getList(); // probably small enough
$aAllRoles = Role::getList(); // probably small enough.
// users are _not_ fetched this way.
$aActiveGroups = array();
$aActiveUsers = array();
$aActiveRoles = array();
foreach ($aPermissions as $oPermission) {
$oPLA = KTPermissionAssignment::getByPermissionAndObject($oPermission, $oPO);
if (PEAR::isError($oPLA)) {
continue;
}
$oDescriptor = KTPermissionDescriptor::get($oPLA->getPermissionDescriptorID());
$iPermissionID = $oPermission->getID();
$aIDs = $oDescriptor->getGroups();
$aMapPermissionGroup[$iPermissionID] = array();
foreach ($aIDs as $iID) {
$aMapPermissionGroup[$iPermissionID][$iID] = true;
$aActiveGroups[$iID] = true;
}
$aIds = $oDescriptor->getRoles();
$aMapPermissionRole[$iPermissionID] = array();
foreach ($aIds as $iId) {
$aMapPermissionRole[$iPermissionID][$iId] = true;
$aActiveRoles[$iId] = true;
}
$aIds = $oDescriptor->getUsers();
$aMapPermissionUser[$iPermissionID] = array();
foreach ($aIds as $iId) {
$aMapPermissionUser[$iPermissionID][$iId] = true;
$aActiveUsers[$iId] = true;
}
}
// now we constitute the actual sets.
$users = array();
$groups = array();
$roles = array(); // should _always_ be empty, barring a bug in permissions::updatePermissionLookup
// this should be quite limited - direct role -> user assignment is typically rare.
foreach ($aActiveUsers as $id => $marker) {
$oUser = User::get($id);
if (is_null($oUser)) continue; // this is just a patch in case there is a db integrity issue.
$users[$oUser->getName()] = $oUser;
}
asort($users); // ascending, per convention.
foreach ($aActiveGroups as $id => $marker) {
$oGroup = Group::get($id);
if (is_null($oGroup)) continue; // this is just a patch in case there is a db integrity issue.
$groups[$oGroup->getName()] = $oGroup;
}
asort($groups);
foreach ($aActiveRoles as $id => $marker) {
$oRole = Role::get($id);
if (is_null($oRole)) continue; // this is just a patch in case there is a db integrity issue.
$roles[$oRole->getName()] = $oRole;
}
asort($roles);
$bEdit = KTPermissionUtil::userHasPermissionOnItem($this->oUser, $this->_sEditShowPermission, $this->oFolder);
if (KTBrowseUtil::inAdminMode($this->oUser, $this->oFolder)) {
$bEdit = true;
}
$sInherited = '';
$oInherited = KTPermissionUtil::findRootObjectForPermissionObject($oPO);
// This is fine, since a folder can only inherit permissions
// from a folder.
if ($oInherited->getId() !== $this->oFolder->getId()) {
$iInheritedFolderId = $oInherited->getId();
$sInherited = join(' > ', $oInherited->getPathArray());
}
// only allow inheritance if not inherited, -and- folders is editable
$bInheritable = $bEdit && ($oInherited->getId() !== $this->oFolder->getId());
// only allow edit if the folder is editable.
$bEdit = $bEdit && ($oInherited->getId() == $this->oFolder->getId());
$aConditions = array();
$aDynConditions = KTPermissionDynamicCondition::getByPermissionObject($oPO);
foreach ($aDynConditions as $oDynCondition) {
$g = Group::get($oDynCondition->getGroupId());
if (is_null($g)) continue; // db integrity catch
if (PEAR::isError($g)) { continue; }
$c = KTSavedSearch::get($oDynCondition->getConditionId());
if (is_null($c)) continue; // db integrity catch
if (PEAR::isError($c)) { continue; }
$aInfo = array(
'group' => $g->getName(),
'name' => $c->getName(),
);
$aAssign = $oDynCondition->getAssignment();
$perms = array();
foreach ($aAssign as $iPermissionId) {
$perms[$iPermissionId] = true;
}
$aInfo['perms'] = $perms;
$aConditions[] = $aInfo;
}
$aTemplateData = array(
'context' => $this,
'permissions' => $aPermissions,
'groups' => $groups,
'users' => $users,
'roles' => $roles,
'oFolder' => $this->oFolder,
'aMapPermissionGroup' => $aMapPermissionGroup,
'aMapPermissionRole' => $aMapPermissionRole,
'aMapPermissionUser' => $aMapPermissionUser,
'edit' => $bEdit,
'inheritable' => $bInheritable,
'inherited' => $sInherited,
'conditions' => $aConditions,
);
return $oTemplate->render($aTemplateData);
}
function do_resolved_users() {
$this->oPage->setBreadcrumbDetails(_kt('Permissions'));
$oTemplate = $this->oValidator->validateTemplate('ktcore/folder/resolved_permissions_user');
$oPL = KTPermissionLookup::get($this->oFolder->getPermissionLookupID());
$aPermissions = KTPermission::getList();
$aMapPermissionGroup = array();
$aMapPermissionRole = array();
$aMapPermissionUser = array();
$aActiveUsers = array();
$aUsers = User::getList();
foreach ($aPermissions as $oPermission) {
$oPLA = KTPermissionLookupAssignment::getByPermissionAndLookup($oPermission, $oPL);
if (PEAR::isError($oPLA)) {
continue;
}
$oDescriptor =& KTPermissionDescriptor::get($oPLA->getPermissionDescriptorID());
$iPermissionID = $oPermission->getID();
$aMapPermissionGroup[$iPermissionID] = array();
$hasPermission = false;
$everyone = $oDescriptor->hasRoles(array(-3));
$authenticated = $oDescriptor->hasRoles(array(-4));
// TODO : paginate this page, when there are too many users
foreach ($aUsers as $oUser) {
if ($everyone || ($authenticated && $oUser->isAnonymous()) ||
KTPermissionUtil::userHasPermissionOnItem($oUser, $oPermission, $this->oFolder)){
$aMapPermissionUser[$iPermissionID][$oUser->getId()] = true;
$aActiveUsers[$oUser->getId()] = $oUser->getName();
}
}
}
// now we constitute the actual sets.
$users = array();
$groups = array();
$roles = array(); // should _always_ be empty, barring a bug in permissions::updatePermissionLookup
$users = $aActiveUsers;
asort($users); // ascending, per convention.
$bEdit = false;
$sInherited = '';
$aTemplateData = array(
'context' => $this,
'permissions' => $aPermissions,
'groups' => $groups,
'users' => $users,
'roles' => $roles,
'oFolder' => $this->oFolder,
'aMapPermissionGroup' => $aMapPermissionGroup,
'aMapPermissionRole' => $aMapPermissionRole,
'aMapPermissionUser' => $aMapPermissionUser,
'edit' => $bEdit,
'inherited' => $sInherited,
'foldername' => $this->oFolder->getName(),
'iFolderId' => $this->oFolder->getId(),
);
return $oTemplate->render($aTemplateData);
}
function _copyPermissions() {
$oTransaction = KTFolderTransaction::createFromArray(array(
'folderid' => $this->oFolder->getId(),
'comment' => _kt('Override permissions from parent'),
'transactionNS' => 'ktcore.transactions.permissions_change',
'userid' => $_SESSION['userID'],
'ip' => Session::getClientIP(),
));
$aOptions = array(
'defaultmessage' => _kt('Error updating permissions'),
'redirect_to' => array('edit', sprintf('fFolderId=%d', $this->oFolder->getId())),
);
$this->oValidator->notErrorFalse($oTransaction, $aOptions);
KTPermissionUtil::copyPermissionObject($this->oFolder);
}
function do_edit() {
$this->oPage->setBreadcrumbDetails(_kt('Viewing Permissions'));
$oPO = KTPermissionObject::get($this->oFolder->getPermissionObjectId());
$aOptions = array('redirect_to' => array('main', 'fFolderId=' . $this->oFolder->getId()));
if (!KTBrowseUtil::inAdminMode($this->oUser, $this->oFolder)) {
$this->oValidator->userHasPermissionOnItem($this->oUser, $this->_sEditShowPermission, $this->oFolder, $aOptions);
}
// copy permissions if they were inherited
$oInherited = KTPermissionUtil::findRootObjectForPermissionObject($oPO);
if ($oInherited->getId() !== $this->oFolder->getId()) {
$override = KTUtil::arrayGet($_REQUEST, 'override', false);
if (empty($override)) {
$this->errorRedirectToMain(_kt('This folder does not override its permissions'), sprintf('fFolderId=%d', $this->oFolder->getId()));
}
$this->startTransaction();
$this->_copyPermissions();
$this->commitTransaction();
$oPO = KTPermissionObject::get($this->oFolder->getPermissionObjectId());
}
// permissions in JS format
$aPermissionsToJSON = array();
$aPermList = KTPermission::getList();
foreach($aPermList as $oP) {
$aPermissionsToJSON[] = array('id'=>$oP->getId(), 'name'=>$oP->getHumanName());
}
$oJSON = new Services_JSON;
$sJSONPermissions = $oJSON->encode($aPermissionsToJSON);
// dynamic conditions
$aDynamicConditions = KTPermissionDynamicCondition::getByPermissionObject($oPO);
// templating
$oTemplating =& KTTemplating::getSingleton();
$oTemplate = $oTemplating->loadTemplate('ktcore/folder/permissions');
$bCanInherit = ($this->oFolder->getId() != 1);
$perms = $aPermList;
$docperms = KTPermission::getDocumentRelevantList();
$aTemplateData = array(
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?