So the Most Wanted Hack contest ended up in showing up a need for better document rights. That's why I've hacked the documents module so you could restrict documents to a certain group on a per-document basis.
What to do? First, add a database attribute:
[code]alter table mod_documents_docs add restrict_view int after full_text;[/code]
The rest isn't too hard either -- the documents module is written very nicely and modular. We just need to change the DocumentManager class to watch the rights, the Document class to provide a front-end for us and the corresponding template so that front-end is template-able.
if( !empty($view_restrictions) and
$view_restrictions>0
)
$view_restriction=!($_SESSION['OBJ_user']->userInGroup($view_restrictions));
else
$view_restriction=false;
return($view_restriction);
}
function mayViewDocument() {
$can_do= is_numeric($_REQUEST['JAS_Document_id']) and
$_SESSION['OBJ_user']->allow_access('document', 'view_document');
$allowed_to_do = $this->isAllowedToDo();
$view_restriction = $this->isViewRestricted();
return( $_SESSION['OBJ_user']->isDeity() or
( ($can_do or $allowed_to_do) and !$view_restriction )
);
}
function mayViewFile() {
$can_do= is_numeric($_REQUEST['JAS_File_id']) and
$_SESSION['OBJ_user']->allow_access('document', 'view_document');
$allowed_to_do=$this->isAllowedToDo();
$view_restriction = $this->isViewRestricted();
return( $_SESSION['OBJ_user']->isDeity() or
( ($can_do or $allowed_to_do) and !$view_restriction )
);
}
[/code]
these new functions replace the existing right-checks of _view and _download. So, instead of the existing _view and _download functions in DocumentManager, use these two:
if($view_restrictions > 0)
$this->message = $_SESSION['translate']->it("Sorry! This document is restricted to group [var1]", $view_restrictions);
else
$this->message = $_SESSION['translate']->it('You do not have permission to [var1] documents', $_SESSION['translate']->it("view"));
$this->_list();
}
}
function _download() {
if($this->mayViewFile()) {
if(!isset($this->document))
$this->document = new JAS_Document();
if($view_restrictions > 0)
$this->message = $_SESSION['translate']->it("Sorry! This document is restricted to group [var1]", $view_restrictions);
else
$this->message = $_SESSION['translate']->it('You do not have permission to [var1] documents', $_SESSION['translate']->it("view"));
$this->_list();
}
}
[/code]
With the changes until now, the rights-management is already in effect. You'd just need to change the "restrict_view" attribute of a given document-record to read the group-id you'd like to restrict a document to.
Let's make a front-end for that, too. Open class/Document.php and add
[code] var $restrict_view = NULL;[/code]
after var $list = NULL. Next, put the following getter / setter methods for the new restrict_view variable somewhere into Document.php:
[code] function getRestrictView() {
return($this->restrict_view);
}
function setRestrictView($restrict_view) {
$this->restrict_view = $restrict_view;
}
Sounds Cool, but I didn't find it! Just looked into the install-sql file again, and still can't:
[code]$ cat install.sql
CREATE TABLE mod_documents_docs (
id int(10) NOT NULL default '0',
owner varchar(20) binary default '',
editor varchar(20) binary default '',
ip varchar(255) NULL,
created int(11) NOT NULL default '0',
updated int(11) NOT NULL default '0',
hidden int(1) NOT NULL default '1',
approved int(1) NOT NULL default '0',
label varchar(255) NOT NULL default '',
PRIMARY KEY (id)
);
CREATE TABLE mod_documents_files (
id int(10) NOT NULL default '0',
owner varchar(20) binary default '',
ip varchar(255) NULL,
created int(11) NOT NULL default '0',
doc int(10) NOT NULL default '0',
name varchar(255) NOT NULL default '',
size varchar(255) NOT NULL default '',
type varchar(255) NOT NULL default '',
PRIMARY KEY (id)
);
CREATE TABLE mod_documents_settings (
userview int(1) NOT NULL default '0',
userdownload int(1) NOT NULL default '0',
showblock int(1) NOT NULL default '1',
approval int(1) NOT NULL default '1',
index (userview, userdownload, showblock)
);
INSERT INTO mod_documents_settings VALUES ('1', '1', '0', '0');
[/code]
It's part of the Item and Manager classes that Documents EXTENDS. Just add a groups field to the database then use the addGroup/removeGroup functions plus the filterGroups parameter in getItems() in Manager.
It's not in the Document module. It's in the core classes.
One caveat, for some reason the groups member variable in Item is commented out in 0.10.2. Not sure why yet.
O.K.,
I love this idea! I made the changes listed, but I must have done something wrong, becausealthough the user groups field shows up in the control panel, it works only as a text box and does not list the user groups.
I've looked over the list of instructions and checked it twice, but I can't find my mistake?
I have done the same thing a while ago, but I used the code that has been used in the pagemaster hack that restrict viewing and editing of pages to certain groups. A simple copy-paste and some small adjustments did the trick.
You can select the groups that are allowed to edit or view documents simply by selecting them from a multiple selec list.
Reply
|
New Topic
