permissions.php
来自「PHP 知识管理系统(基于树结构的知识管理系统), 英文原版的PHP源码。」· PHP 代码 · 共 643 行 · 第 1/2 页
PHP
643 行
'iFolderId' => $this->oFolder->getId(),
'roles' => Role::getList(),
'groups' => Group::getList(),
'conditions' => KTSavedSearch::getConditions(),
'dynamic_conditions' => $aDynamicConditions,
'context' => &$this,
'foldername' => $this->oFolder->getName(),
'jsonpermissions' => $sJSONPermissions,
'edit' => true,
'permissions' => $perms,
'document_permissions' => $docperms,
'can_inherit' => $bCanInherit
);
return $oTemplate->render($aTemplateData);
}
function json_permissionError() {
return array('error' => true,
'type' => 'kt.permission_denied',
'alert' => true,
'message' => _kt('You do not have permission to alter security settings.'));
}
function &_getPermissionsMap() {
$oPO = KTPermissionObject::get($this->oFolder->getPermissionObjectId());
$aPermissions = KTPermission::getList();
$aPermissionsMap = array('role'=>array(), 'group'=>array());
foreach ($aPermissions as $oPermission) {
$oPA = KTPermissionAssignment::getByPermissionAndObject($oPermission, $oPO);
if (PEAR::isError($oPA)) {
continue;
}
$oDescriptor = KTPermissionDescriptor::get($oPA->getPermissionDescriptorId());
$iPermissionId = $oPermission->getId();
// groups
$aGroupIds = $oDescriptor->getGroups();
foreach ($aGroupIds as $iId) {
$aPermissionsMap['group'][$iId][$iPermissionId] = true;
}
// roles
$aRoleIds = $oDescriptor->getRoles();
foreach ($aRoleIds as $iId) {
$aPermissionsMap['role'][$iId][$iPermissionId] = true;
}
}
return $aPermissionsMap;
}
function json_getEntities($optFilter = null) {
$sFilter = KTUtil::arrayGet($_REQUEST, 'filter', false);
if($sFilter == false && $optFilter != null) {
$sFilter = $optFilter;
}
$bSelected = KTUtil::arrayGet($_REQUEST, 'selected', false);
$aEntityList = array('off' => _kt('-- Please filter --'));
// check permissions
$oPO = KTPermissionObject::get($this->oFolder->getPermissionObjectId());
$aOptions = array('redirect_to' => array('json', 'json_action=permission_error&fFolderId=' . $this->oFolder->getId()));
if (!KTBrowseUtil::inAdminMode($this->oUser, $this->oFolder)) {
$this->oValidator->userHasPermissionOnItem($this->oUser, $this->_sEditShowPermission, $this->oFolder, $aOptions);
}
// get permissions map
$aPermissionsMap =& $this->_getPermissionsMap();
if($bSelected || $sFilter && trim($sFilter)) {
if(!$bSelected) {
$aEntityList = array();
}
$aGroups = Group::getList(sprintf('name like \'%%%s%%\'', $sFilter));
foreach($aGroups as $oGroup) {
$aPerm = @array_keys($aPermissionsMap['group'][$oGroup->getId()]);
if(!is_array($aPerm)) {
$aPerm = array();
}
if($bSelected) {
if(count($aPerm))
$aEntityList['g'.$oGroup->getId()] = array('type' => 'group',
'display' => _kt('Group') . ': ' . $oGroup->getName(),
'name' => $oGroup->getName(),
'permissions' => $aPerm,
'id' => $oGroup->getId(),
'selected' => true);
} else {
$aEntityList['g'.$oGroup->getId()] = array('type' => 'group',
'display' => _kt('Group') . ': ' . $oGroup->getName(),
'name' => $oGroup->getName(),
'permissions' => $aPerm,
'id' => $oGroup->getId());
}
}
$aRoles = Role::getList(sprintf('name like \'%%%s%%\'', $sFilter));
foreach($aRoles as $oRole) {
$aPerm = @array_keys($aPermissionsMap['role'][$oRole->getId()]);
if(!is_array($aPerm)) {
$aPerm = array();
}
if($bSelected) {
if(count($aPerm))
$aEntityList['r'.$oRole->getId()] = array('type' => 'role',
'display' => _kt('Role') . ': ' . $oRole->getName(),
'name' => $oRole->getName(),
'permissions' => $aPerm,
'id' => $oRole->getId(),
'selected' => true);
} else {
$aEntityList['r'.$oRole->getId()] = array('type' => 'role',
'display' => _kt('Role') . ': ' . $oRole->getName(),
'name' => $oRole->getName(),
'permissions' => $aPerm,
'id' => $oRole->getId());
}
}
}
return $aEntityList;
}
function do_update() {
$aOptions = array('redirect_to' => array('main', 'fFolderId=' . $this->oFolder->getId()));
if (!KTBrowseUtil::inAdminMode($this->oUser, $this->oFolder)) {
$this->oValidator->userHasPermissionOnItem($this->oUser, $this->_sEditShowPermission, $this->oFolder, $aOptions);
}
$aFoo = $_REQUEST['foo'];
$aPermissions = KTPermission::getList();
/*
--- This section has been commented out to remove these checks when permissions
--- are updated.
---------------------------------------------------------------------------------
//-------------------
//This section is used to make sure that a user doesn't disable the admin groups
//Manage security permission or the Manage Security permission of a group they
//are currently a member of.
// Check which groups have permission to manage security
$aNewGroups = (isset($aFoo[4]['group']) ? $aFoo[4]['group'] : array());
$aNewRoles = (isset($aFoo[4]['role']) ? $aFoo[4]['role'] : array());
$iUserId = $this->oUser->getId();
//Check that they aren't removing the sys admin Manage Security permission
//1 in this case is the admin group.
if(!in_array('1', $aNewGroups))
{
$this->addErrorMessage(_kt('You cannot remove the Manage Security permission from the System Administrators Group'));
$this->redirectTo('edit', 'fFolderId=' . $this->oFolder->getId());
exit(0);
}
//Check that they aren't removing the Manage Security permission from a group
//They are a member of.
if(!GroupUtil::checkUserInGroups($iUserId, array(1)))
{
//Ensure the user is not removing his/her own permission to update the folder permissions (manage security)
if(!in_array(-3, $aNewRoles))
{
if(!GroupUtil::checkUserInGroups($iUserId, $aNewGroups))
{
// If user no longer has permission, return an error.
$this->addErrorMessage(_kt('You cannot remove the Manage Security permission from a group you belong to.'));
$this->redirectTo('edit', 'fFolderId=' . $this->oFolder->getId());
exit(0);
}
}
}
//-----------------
*/
require_once(KT_LIB_DIR . '/documentmanagement/observers.inc.php');
$oPO = KTPermissionObject::get($this->oFolder->getPermissionObjectId());
foreach ($aPermissions as $oPermission) {
$iPermId = $oPermission->getId();
$aAllowed = KTUtil::arrayGet($aFoo, $iPermId, array());
KTPermissionUtil::setPermissionForId($oPermission, $oPO, $aAllowed);
}
$oTransaction = KTFolderTransaction::createFromArray(array(
'folderid' => $this->oFolder->getId(),
'comment' => _kt('Updated permissions'),
'transactionNS' => 'ktcore.transactions.permissions_change',
'userid' => $_SESSION['userID'],
'ip' => Session::getClientIP(),
));
$aOptions = array(
'defaultmessage' => _kt('Error updating permissions'),
'redirect_to' => array('edit', sprintf('fFolderId=%d', $this->oFolder->getId())),
);
$this->oValidator->notErrorFalse($oTransaction, $aOptions);
$po =& new JavascriptObserver($this);
$po->start();
$oChannel =& KTPermissionChannel::getSingleton();
$oChannel->addObserver($po);
KTPermissionUtil::updatePermissionLookupForPO($oPO);
$this->commitTransaction();
$this->addInfoMessage(_kt('Permissions on folder updated'));
$po->redirect(KTUtil::addQueryString($_SERVER['PHP_SELF'], 'action=edit&fFolderId=' . $this->oFolder->getId()));
exit(0);
}
function do_inheritPermissions() {
$aOptions = array('redirect_to' => array('main', 'fFolderId=' . $this->oFolder->getId()));
if (!KTBrowseUtil::inAdminMode($this->oUser, $this->oFolder)) {
$this->oValidator->userHasPermissionOnItem($this->oUser, $this->_sEditShowPermission, $this->oFolder, $aOptions);
}
$oTransaction = KTFolderTransaction::createFromArray(array(
'folderid' => $this->oFolder->getId(),
'comment' => _kt('Inherit permissions from parent'),
'transactionNS' => 'ktcore.transactions.permissions_change',
'userid' => $_SESSION['userID'],
'ip' => Session::getClientIP(),
));
$aOptions = array(
'defaultmessage' => _kt('Error updating permissions'),
'redirect_to' => array('edit', sprintf('fFolderId=%d', $this->oFolder->getId())),
);
$this->oValidator->notErrorFalse($oTransaction, $aOptions);
KTPermissionUtil::inheritPermissionObject($this->oFolder);
return $this->successRedirectTo('main', _kt('Permissions updated'),
array('fFolderId' => $this->oFolder->getId()));
}
function do_newDynamicPermission() {
$aOptions = array('redirect_to' => array('main', 'fFolderId=' . $this->oFolder->getId()));
if (!KTBrowseUtil::inAdminMode($this->oUser, $this->oFolder)) {
$this->oValidator->userHasPermissionOnItem($this->oUser, $this->_sEditShowPermission, $this->oFolder, $aOptions);
}
$aOptions = array(
'redirect_to' => array('edit', 'fFolderId=' . $this->oFolder->getId()),
);
$oGroup =& $this->oValidator->validateGroup($_REQUEST['fGroupId'], $aOptions);
$oCondition =& $this->oValidator->validateCondition($_REQUEST['fConditionId'], $aOptions);
$aPermissionIds = (array) $_REQUEST['fPermissionIds'];
if (empty($aPermissionIds)) { $this->errorRedirectTo('edit', _kt('Please select one or more permissions.'), sprintf('fFolderId=%d', $this->oFolder->getId())); }
$oPO = KTPermissionObject::get($this->oFolder->getPermissionObjectId());
$oTransaction = KTFolderTransaction::createFromArray(array(
'folderid' => $this->oFolder->getId(),
'comment' => _kt('Added dynamic permissions'),
'transactionNS' => 'ktcore.transactions.permissions_change',
'userid' => $_SESSION['userID'],
'ip' => Session::getClientIP(),
));
$aOptions = array(
'defaultmessage' => _kt('Error updating permissions'),
'redirect_to' => array('edit', sprintf('fFolderId=%d', $this->oFolder->getId())),
);
$this->oValidator->notErrorFalse($oTransaction, $aOptions);
$oDynamicCondition = KTPermissionDynamicCondition::createFromArray(array(
'groupid' => $oGroup->getId(),
'conditionid' => $oCondition->getId(),
'permissionobjectid' => $oPO->getId(),
));
$this->oValidator->notError($oDynamicCondition, $aOptions);
$res = $oDynamicCondition->saveAssignment($aPermissionIds);
$this->oValidator->notError($res, $aOptions);
KTPermissionUtil::updatePermissionLookupForPO($oPO);
$this->successRedirectTo('edit', _kt('Dynamic permission added'), 'fFolderId=' . $this->oFolder->getId());
}
function do_removeDynamicCondition() {
$aOptions = array('redirect_to' => array('main', 'fFolderId=' . $this->oFolder->getId()));
if (!KTBrowseUtil::inAdminMode($this->oUser, $this->oFolder)) {
$this->oValidator->userHasPermissionOnItem($this->oUser, $this->_sEditShowPermission, $this->oFolder, $aOptions);
}
$aOptions = array(
'redirect_to' => array('edit', 'fFolderId=' . $this->oFolder->getId()),
);
$oDynamicCondition =& $this->oValidator->validateDynamicCondition($_REQUEST['fDynamicConditionId'], $aOptions);
$res = $oDynamicCondition->delete();
$this->oValidator->notError($res, $aOptions);
$oTransaction = KTFolderTransaction::createFromArray(array(
'folderid' => $this->oFolder->getId(),
'comment' => _kt('Removed dynamic permissions'),
'transactionNS' => 'ktcore.transactions.permissions_change',
'userid' => $_SESSION['userID'],
'ip' => Session::getClientIP(),
));
$aOptions = array(
'defaultmessage' => _kt('Error updating permissions'),
'redirect_to' => array('edit', sprintf('fFolderId=%d', $this->oFolder->getId())),
);
$this->oValidator->notErrorFalse($oTransaction, $aOptions);
$oPO = KTPermissionObject::get($this->oFolder->getPermissionObjectId());
KTPermissionUtil::updatePermissionLookupForPO($oPO);
$this->successRedirectTo('edit', _kt('Dynamic permission removed'), 'fFolderId=' . $this->oFolder->getId());
}
}
?>
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?