0013034: add GRANT_PUBLISH
authorPhilipp Schüle <p.schuele@metaways.de>
Mon, 8 May 2017 09:23:12 +0000 (11:23 +0200)
committerMichael Spahn <m.spahn@metaways.de>
Wed, 17 May 2017 10:04:05 +0000 (12:04 +0200)
* check on server
* add to default grants
* check in gui (action updater)
* adds update script to add publish & download grants
 to existing nodes

https://forge.tine20.org/view.php?id=13034

Change-Id: I04e9db37d195812f8ed2a93285c3dc3f06b25aae
Reviewed-on: http://gerrit.tine20.com/customers/4630
Reviewed-by: Michael Spahn <m.spahn@metaways.de>
Tested-by: Michael Spahn <m.spahn@metaways.de>
tests/tine20/Filemanager/Frontend/JsonTests.php
tine20/Filemanager/Controller/DownloadLink.php
tine20/Tinebase/FileSystem.php
tine20/Tinebase/Model/Grants.php
tine20/Tinebase/Setup/Update/Release10.php
tine20/Tinebase/Setup/setup.xml

index 0691104..a780608 100644 (file)
@@ -165,6 +165,7 @@ class Filemanager_Frontend_JsonTests extends TestCase
                 Tinebase_Model_Grants::GRANT_FREEBUSY => false,
                 Tinebase_Model_Grants::GRANT_PRIVATE => false,
                 Tinebase_Model_Grants::GRANT_DOWNLOAD => false,
+                Tinebase_Model_Grants::GRANT_PUBLISH => false,
             ),
             'tags'           => array(),
             ), $searchResult['results'][0], 'my user folder mismatch');
@@ -187,6 +188,7 @@ class Filemanager_Frontend_JsonTests extends TestCase
                 Tinebase_Model_Grants::GRANT_FREEBUSY => false,
                 Tinebase_Model_Grants::GRANT_PRIVATE => false,
                 Tinebase_Model_Grants::GRANT_DOWNLOAD => false,
+                Tinebase_Model_Grants::GRANT_PUBLISH => false,
             ),
             'tags' => array(),
         ), $searchResult['results'][1], 'shared folder mismatch');
@@ -209,6 +211,7 @@ class Filemanager_Frontend_JsonTests extends TestCase
                 Tinebase_Model_Grants::GRANT_FREEBUSY => false,
                 Tinebase_Model_Grants::GRANT_PRIVATE => false,
                 Tinebase_Model_Grants::GRANT_DOWNLOAD => false,
+                Tinebase_Model_Grants::GRANT_PUBLISH => false,
             ),
             'tags' => array(),
         ), $searchResult['results'][2], 'other user folder mismatch');
index b453cda..1661d1b 100644 (file)
@@ -6,7 +6,7 @@
  * @subpackage  Controller
  * @license     http://www.gnu.org/licenses/agpl.html AGPL Version 3
  * @author      Philipp Schüle <p.schuele@metaways.de>
- * @copyright   Copyright (c) 2014 Metaways Infosystems GmbH (http://www.metaways.de)
+ * @copyright   Copyright (c) 2014-2017 Metaways Infosystems GmbH (http://www.metaways.de)
  *
  */
 
@@ -72,6 +72,11 @@ class Filemanager_Controller_DownloadLink extends Tinebase_Controller_Record_Abs
      */
     protected function _inspectBeforeCreate(Tinebase_Record_Interface $_record)
     {
+        $node = Tinebase_FileSystem::getInstance()->get($_record->node_id);
+        if (! Tinebase_Core::getUser()->hasGrant($node, Tinebase_Model_Grants::GRANT_PUBLISH)) {
+            throw new Tinebase_Exception_AccessDenied('you are not allowed to publish this file');
+        }
+
         $this->_sanitizeUserInput($_record);
     }
     
index 3e5a6ee..a95c07e 100644 (file)
@@ -290,12 +290,15 @@ class Tinebase_FileSystem implements Tinebase_Controller_Interface, Tinebase_Con
                 switch ($pathRecord->containerType) {
                     case self::FOLDER_TYPE_PERSONAL:
                         $node->grants = Tinebase_Model_Grants::getPersonalGrants($pathRecord->getUser(), array(
-                            Tinebase_Model_Grants::GRANT_DOWNLOAD => true
+                            Tinebase_Model_Grants::GRANT_DOWNLOAD => true,
+                            Tinebase_Model_Grants::GRANT_PUBLISH => true,
                         ));
                         break;
                     case self::FOLDER_TYPE_SHARED:
                         $node->grants = Tinebase_Model_Grants::getDefaultGrants(array(
                             Tinebase_Model_Grants::GRANT_DOWNLOAD => true
+                        ), array(
+                            Tinebase_Model_Grants::GRANT_PUBLISH => true
                         ));
                         break;
                 }
index a6ec23f..75dc7e9 100644 (file)
@@ -70,6 +70,12 @@ class Tinebase_Model_Grants extends Tinebase_Record_Abstract
     const GRANT_DOWNLOAD = 'downloadGrant';
 
     /**
+     * grant to publish nodes in Filemanager
+     * @todo move to Filemanager_Model_Grant once we are able to cope with app specific grant classes
+     */
+    const GRANT_PUBLISH = 'publishGrant';
+
+    /**
      * key in $_validators/$_properties array for the filed which 
      * represents the identifier
      * 
@@ -138,6 +144,7 @@ class Tinebase_Model_Grants extends Tinebase_Record_Abstract
             self::GRANT_ADMIN,
             self::GRANT_FREEBUSY,
             self::GRANT_DOWNLOAD,
+            self::GRANT_PUBLISH,
         );
     
         return $allGrants;
@@ -225,9 +232,10 @@ class Tinebase_Model_Grants extends Tinebase_Record_Abstract
      * return default grants with read for user group and write/admin for admin group
      *
      * @param array $_additionalGrants
+     * @param array $_additionalAdminGrants
      * @return Tinebase_Record_RecordSet of Tinebase_Model_Grants
      */
-    public static function getDefaultGrants($_additionalGrants = array())
+    public static function getDefaultGrants($_additionalGrants = array(), $_additionalAdminGrants = array())
     {
         $groupsBackend = Tinebase_Group::getInstance();
         return new Tinebase_Record_RecordSet('Tinebase_Model_Grants', array(
@@ -238,7 +246,7 @@ class Tinebase_Model_Grants extends Tinebase_Record_Abstract
                 Tinebase_Model_Grants::GRANT_EXPORT => true,
                 Tinebase_Model_Grants::GRANT_SYNC => true,
             ), $_additionalGrants),
-            array_merge(array(
+            array_merge(array_merge(array(
                 'account_id' => $groupsBackend->getDefaultAdminGroup()->getId(),
                 'account_type' => Tinebase_Acl_Rights::ACCOUNT_TYPE_GROUP,
                 Tinebase_Model_Grants::GRANT_READ => true,
@@ -248,7 +256,7 @@ class Tinebase_Model_Grants extends Tinebase_Record_Abstract
                 Tinebase_Model_Grants::GRANT_ADMIN => true,
                 Tinebase_Model_Grants::GRANT_EXPORT => true,
                 Tinebase_Model_Grants::GRANT_SYNC => true,
-            ), $_additionalGrants),
+            ), $_additionalGrants), $_additionalAdminGrants),
         ), TRUE);
     }
 
index e4aadd0..91e0719 100644 (file)
@@ -1022,4 +1022,45 @@ class Tinebase_Setup_Update_Release10 extends Setup_Update_Abstract
     }
 
 
+
+    /**
+     * update to 10.24
+     *
+     * 0013032: add GRANT_DOWNLOAD
+     * 0013034: add GRANT_PUBLISH
+     */
+    public function update_23()
+    {
+        // get all folder nodes with own acl
+        $searchFilter = new Tinebase_Model_Tree_Node_Filter(array(
+            array(
+                'field'     => 'type',
+                'operator'  => 'equals',
+                'value'     => Tinebase_Model_Tree_FileObject::TYPE_FOLDER
+            )
+        ), Tinebase_Model_Filter_FilterGroup::CONDITION_AND, array('ignoreAcl' => true));
+        $folders = Tinebase_FileSystem::getInstance()->searchNodes($searchFilter);
+        $updateCount = 0;
+        foreach ($folders as $folder) {
+            if ($folder->acl_node === $folder->getId()) {
+                $grants = Tinebase_FileSystem::getInstance()->getGrantsOfContainer($folder, /* ignoreAcl */ true);
+                foreach ($grants as $grant) {
+                    // add download & publish for admins and only download for the rest
+                    if ($grant->{Tinebase_Model_Grants::GRANT_ADMIN}) {
+                        $grant->{Tinebase_Model_Grants::GRANT_DOWNLOAD} = true;
+                        $grant->{Tinebase_Model_Grants::GRANT_PUBLISH} = true;
+                    } else {
+                        $grant->{Tinebase_Model_Grants::GRANT_DOWNLOAD} = true;
+                    }
+                }
+                Tinebase_FileSystem::getInstance()->setGrantsForNode($folder, $grants);
+                $updateCount++;
+            }
+        }
+
+        if (Tinebase_Core::isLogLevel(Zend_Log::INFO)) Tinebase_Core::getLogger()->info(__METHOD__ . '::' . __LINE__
+            . ' Added DOWNLOAD & PUBLISH grants to ' . $updateCount . ' folder nodes');
+
+        $this->setApplicationVersion('Tinebase', '10.24');
+    }
 }
index d7c2294..5af984b 100644 (file)
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="utf-8"?>
 <application>
     <name>Tinebase</name>
-    <version>10.23</version>
+    <version>10.24</version>
     <tables>
         <table>
             <name>applications</name>