/** * get recursivly the permissions for the passed user * * @param User $user * @return Asset_Permission */ public function getPermissionsForUser(User $user) { $pathParts = explode("/", $this->model->getPath() . $this->model->getFilename()); unset($pathParts[0]); $tmpPathes = array(); $pathConditionParts[] = "cpath = '/'"; foreach ($pathParts as $pathPart) { $tmpPathes[] = $pathPart; $pathConditionParts[] = $this->db->quoteInto("cpath = ?", "/" . implode("/", $tmpPathes)); } $pathCondition = implode(" OR ", $pathConditionParts); $permissionRaw = $this->db->fetchRow("SELECT id FROM assets_permissions WHERE (" . $pathCondition . ") AND userId = ? ORDER BY cpath DESC LIMIT 1", $user->getId()); //path condition for parent asset $parentAssetPathParts = array_slice($pathParts, 0, -1); $parentAssetPathConditionParts[] = "cpath = '/'"; foreach ($parentAssetPathParts as $parentAssetPathPart) { $parentAssetTmpPaths[] = $parentAssetPathPart; $parentAssetPathConditionParts[] = $this->db->quoteInto("cpath = ?", "/" . implode("/", $parentAssetTmpPaths)); } $parentAssetPathCondition = implode(" OR ", $parentAssetPathConditionParts); $parentAssetPermissionRaw = $this->db->fetchRow("SELECT id FROM assets_permissions WHERE (" . $parentAssetPathCondition . ") AND userId = ? ORDER BY cpath DESC LIMIT 1", $user->getId()); $parentAssetPermissions = new Asset_Permissions(); if ($parentAssetPermissionRaw["id"]) { $parentAssetPermissions = Asset_Permissions::getById($parentAssetPermissionRaw["id"]); } $parentUser = $user->getParent(); if ($parentUser instanceof User and $parentUser->isAllowed("assets")) { $parentPermission = $this->getPermissionsForUser($parentUser); } else { $parentPermission = null; } $permission = new Asset_Permissions(); if ($permissionRaw["id"] and $parentPermission instanceof Asset_Permissions) { //consider user group permissions $permission = Asset_Permissions::getById($permissionRaw["id"]); $permissionKeys = $permission->getValidPermissionKeys(); foreach ($permissionKeys as $key) { $getter = "get" . ucfirst($key); $setter = "set" . ucfirst($key); if (!$permission->getList() and !$parentPermission->getList() or !$parentAssetPermissions->getList()) { //no list - return false for all $permission->{$setter}(false); } else { if ($parentPermission->{$getter}()) { //if user group allows -> return true, it overrides the user permission! $permission->{$setter}(true); } } } } else { if ($permissionRaw["id"]) { //use user permissions, no user group to override anything $permission = Asset_Permissions::getById($permissionRaw["id"]); //check parent asset's list permission and current object's list permission if (!$parentAssetPermissions->getList() or !$permission->getList()) { $permissionKeys = $permission->getValidPermissionKeys(); foreach ($permissionKeys as $key) { $setter = "set" . ucfirst($key); $permission->{$setter}(false); } } } else { if ($parentPermission instanceof Asset_Permissions and $parentPermission->getId() > 0) { //use user group permissions - no permission found for user at all $permission = $parentPermission; //check parent asset's list permission and current object's list permission if (!$parentAssetPermissions->getList() or !$permission->getList()) { $permissionKeys = $permission->getValidPermissionKeys(); foreach ($permissionKeys as $key) { $setter = "set" . ucfirst($key); $permission->{$setter}(false); } } } else { //neither user group nor user has permissions set -> use default all allowed $permission->setUser($user); $permission->setUserId($user->getId()); $permission->setUsername($user->getUsername()); $permission->setCid($this->model->getId()); $permission->setCpath($this->model->getFullPath()); } } } $this->model->setUserPermissions($permission); return $permission; }
/** * @param User $user * @param Asset $asset * @param Asset $parent * @param boolean $expanded * @return */ protected function getTreeNodePermissionConfig($user, $child, $parent, $expanded) { $userGroup = $user->getParent(); if ($userGroup instanceof User) { $child->getPermissionsForUser($userGroup); $lock_list = $child->isAllowed("list"); $lock_view = $child->isAllowed("view"); $lock_publish = $child->isAllowed("publish"); $lock_delete = $child->isAllowed("delete"); $lock_rename = $child->isAllowed("rename"); $lock_create = $child->isAllowed("create"); $lock_permissions = $child->isAllowed("permissions"); $lock_settings = $child->isAllowed("settings"); $lock_versions = $child->isAllowed("versions"); $lock_properties = $child->isAllowed("properties"); } if ($parent instanceof Asset) { $parent->getPermissionsForUser($user); } $assetPermission = $child->getPermissionsForUser($user); $generallyAllowed = $user->isAllowed("assets"); $parentId = (int) $child->getParentId(); $parentAllowedList = true; if ($parent instanceof Asset) { $parentAllowedList = $parent->isAllowed("list") and $generallyAllowed; } $tmpAsset = array("_parent" => $parentId > 0 ? $parentId : null, "_id" => (int) $child->getId(), "text" => $child->getFilename(), "type" => $child->getType(), "path" => $child->getFullPath(), "basePath" => $child->getPath(), "elementType" => "asset", "permissionSet" => $assetPermission->getId() > 0 and $assetPermission->getCid() === $child->getId(), "list" => $child->isAllowed("list"), "list_editable" => $parentAllowedList and $generallyAllowed and !$lock_list and !$user->isAdmin(), "view" => $child->isAllowed("view"), "view_editable" => $child->isAllowed("list") and $generallyAllowed and !$lock_view and !$user->isAdmin(), "publish" => $child->isAllowed("publish"), "publish_editable" => $child->isAllowed("list") and $generallyAllowed and !$lock_publish and !$user->isAdmin(), "delete" => $child->isAllowed("delete"), "delete_editable" => $child->isAllowed("list") and $generallyAllowed and !$lock_delete and !$user->isAdmin(), "rename" => $child->isAllowed("rename"), "rename_editable" => $child->isAllowed("list") and $generallyAllowed and !$lock_rename and !$user->isAdmin(), "create" => $child->isAllowed("create"), "create_editable" => $child->isAllowed("list") and $generallyAllowed and !$lock_create and !$user->isAdmin(), "permissions" => $child->isAllowed("permissions"), "permissions_editable" => $child->isAllowed("list") and $generallyAllowed and !$lock_permissions and !$user->isAdmin(), "settings" => $child->isAllowed("settings"), "settings_editable" => $child->isAllowed("list") and $generallyAllowed and !$lock_settings and !$user->isAdmin(), "versions" => $child->isAllowed("versions"), "versions_editable" => $child->isAllowed("list") and $generallyAllowed and !$lock_versions and !$user->isAdmin(), "properties" => $child->isAllowed("properties"), "properties_editable" => $child->isAllowed("list") and $generallyAllowed and !$lock_properties and !$user->isAdmin()); $tmpAsset["expanded"] = $expanded; $tmpAsset["_is_leaf"] = $child->hasNoChilds(); // set type specific settings if ($child->getType() == "folder") { $tmpAsset["iconCls"] = "pimcore_icon_folder"; } else { $tmpAsset["iconCls"] = "pimcore_icon_" . Pimcore_File::getFileExtension($child->getFilename()); } return $tmpAsset; }
/** * @param User $user * @param Object_Abstract $child * @param Object_Abstract $parent * @param boolean $expanded * @return */ protected function getTreeNodePermissionConfig($user, $child, $parent, $expanded) { $userGroup = $user->getParent(); if ($userGroup instanceof User) { $child->getPermissionsForUser($userGroup); $lock_list = $child->isAllowed("list"); $lock_view = $child->isAllowed("view"); $lock_save = $child->isAllowed("save"); $lock_publish = $child->isAllowed("publish"); $lock_unpublish = $child->isAllowed("unpublish"); $lock_delete = $child->isAllowed("delete"); $lock_rename = $child->isAllowed("rename"); $lock_create = $child->isAllowed("create"); $lock_permissions = $child->isAllowed("permissions"); $lock_settings = $child->isAllowed("settings"); $lock_versions = $child->isAllowed("versions"); $lock_properties = $child->isAllowed("properties"); $lock_properties = $child->isAllowed("properties"); } if ($parent instanceof Object_Abstract) { $parent->getPermissionsForUser($user); } $objectPermissions = $child->getPermissionsForUser($user); $generallyAllowed = $user->isAllowed("objects"); $parentId = (int) $child->getParentId(); $parentAllowedList = true; if ($parent instanceof Object_Abstract) { $parentAllowedList = $parent->isAllowed("list") and $generallyAllowed; } $listAllowed = $child->isAllowed("list"); $child->getPermissionsForUser($user); $tmpObject = array("_parent" => $parentId > 0 ? $parentId : null, "_id" => (int) $child->getId(), "text" => $child->getKey(), "type" => $child->getType(), "path" => $child->getFullPath(), "basePath" => $child->getPath(), "elementType" => "object", "permissionSet" => $objectPermissions->getId() > 0 and $objectPermissions->getCid() === $child->getId(), "list" => $listAllowed, "list_editable" => $parentAllowedList and $generallyAllowed and !$lock_list and !$user->isAdmin(), "view" => $child->isAllowed("view"), "view_editable" => $listAllowed and $generallyAllowed and !$lock_view and !$user->isAdmin(), "save" => $child->isAllowed("save"), "save_editable" => $listAllowed and $generallyAllowed and !$lock_save and !$user->isAdmin(), "publish" => $child->isAllowed("publish"), "publish_editable" => $listAllowed and $generallyAllowed and !$lock_publish and !$user->isAdmin(), "unpublish" => $child->isAllowed("unpublish"), "unpublish_editable" => $listAllowed and $generallyAllowed and !$lock_unpublish and !$user->isAdmin(), "delete" => $child->isAllowed("delete"), "delete_editable" => $listAllowed and $generallyAllowed and !$lock_delete and !$user->isAdmin(), "rename" => $child->isAllowed("rename"), "rename_editable" => $listAllowed and $generallyAllowed and !$lock_rename and !$user->isAdmin(), "create" => $child->isAllowed("create"), "create_editable" => $listAllowed and $generallyAllowed and !$lock_create and !$user->isAdmin(), "permissions" => $child->isAllowed("permissions"), "permissions_editable" => $listAllowed and $generallyAllowed and !$lock_permissions and !$user->isAdmin(), "settings" => $child->isAllowed("settings"), "settings_editable" => $listAllowed and $generallyAllowed and !$lock_settings and !$user->isAdmin(), "versions" => $child->isAllowed("versions"), "versions_editable" => $listAllowed and $generallyAllowed and !$lock_versions and !$user->isAdmin(), "properties" => $child->isAllowed("properties"), "properties_editable" => $listAllowed and $generallyAllowed and !$lock_properties and !$user->isAdmin()); $tmpObject["expanded"] = $expanded; $tmpObject["_is_leaf"] = $child->hasNoChilds(); $tmpObject["iconCls"] = "pimcore_icon_object"; if ($child->getType() == "folder") { $tmpObject["iconCls"] = "pimcore_icon_folder"; $tmpObject["qtipCfg"] = array("title" => "ID: " . $child->getId()); } else { $tmpObject["className"] = $child->getClass()->getName(); $tmpObject["qtipCfg"] = array("title" => "ID: " . $child->getId(), "text" => 'Type: ' . $child->getClass()->getName()); if (!$child->isPublished()) { $tmpObject["cls"] = "pimcore_unpublished"; } if ($child->getClass()->getIcon()) { unset($tmpObject["iconCls"]); $tmpObject["icon"] = $child->getClass()->getIcon(); } } return $tmpObject; }
/** * @param User $user * @param Document $childDocument * @param Document $parentDocument * @param boolean $expanded * @return */ protected function getTreeNodePermissionConfig($user, $childDocument, $parentDocument, $expanded) { $userGroup = $user->getParent(); if ($userGroup instanceof User) { $childDocument->getPermissionsForUser($userGroup); $lock_list = $childDocument->isAllowed("list"); $lock_view = $childDocument->isAllowed("view"); $lock_save = $childDocument->isAllowed("save"); $lock_publish = $childDocument->isAllowed("publish"); $lock_unpublish = $childDocument->isAllowed("unpublish"); $lock_delete = $childDocument->isAllowed("delete"); $lock_rename = $childDocument->isAllowed("rename"); $lock_create = $childDocument->isAllowed("create"); $lock_permissions = $childDocument->isAllowed("permissions"); $lock_settings = $childDocument->isAllowed("settings"); $lock_versions = $childDocument->isAllowed("versions"); $lock_properties = $childDocument->isAllowed("properties"); $lock_properties = $childDocument->isAllowed("properties"); } if ($parentDocument) { $parentDocument->getPermissionsForUser($user); } $documentPermission = $childDocument->getPermissionsForUser($user); $generallyAllowed = $user->isAllowed("documents"); $parentId = (int) $childDocument->getParentId(); $parentAllowedList = true; if ($parentDocument instanceof Document) { $parentAllowedList = $parentDocument->isAllowed("list") and $generallyAllowed; } $tmpDocument = array("_parent" => $parentId > 0 ? $parentId : null, "_id" => (int) $childDocument->getId(), "text" => $childDocument->getKey(), "type" => $childDocument->getType(), "path" => $childDocument->getFullPath(), "basePath" => $childDocument->getPath(), "elementType" => "document", "permissionSet" => $documentPermission->getId() > 0 and $documentPermission->getCid() === $childDocument->getId(), "list" => $childDocument->isAllowed("list"), "list_editable" => $parentAllowedList and $generallyAllowed and !$lock_list and !$user->isAdmin(), "view" => $childDocument->isAllowed("view"), "view_editable" => $childDocument->isAllowed("list") and $generallyAllowed and !$lock_view and !$user->isAdmin(), "save" => $childDocument->isAllowed("save"), "save_editable" => $childDocument->isAllowed("list") and $generallyAllowed and !$lock_save and !$user->isAdmin(), "publish" => $childDocument->isAllowed("publish"), "publish_editable" => $childDocument->isAllowed("list") and $generallyAllowed and !$lock_publish and !$user->isAdmin(), "unpublish" => $childDocument->isAllowed("unpublish"), "unpublish_editable" => $childDocument->isAllowed("list") and $generallyAllowed and !$lock_unpublish and !$user->isAdmin(), "delete" => $childDocument->isAllowed("delete"), "delete_editable" => $childDocument->isAllowed("list") and $generallyAllowed and !$lock_delete and !$user->isAdmin(), "rename" => $childDocument->isAllowed("rename"), "rename_editable" => $childDocument->isAllowed("list") and $generallyAllowed and !$lock_rename and !$user->isAdmin(), "create" => $childDocument->isAllowed("create"), "create_editable" => $childDocument->isAllowed("list") and $generallyAllowed and !$lock_create and !$user->isAdmin(), "permissions" => $childDocument->isAllowed("permissions"), "permissions_editable" => $childDocument->isAllowed("list") and $generallyAllowed and !$lock_permissions and !$user->isAdmin(), "settings" => $childDocument->isAllowed("settings"), "settings_editable" => $childDocument->isAllowed("list") and $generallyAllowed and !$lock_settings and !$user->isAdmin(), "versions" => $childDocument->isAllowed("versions"), "versions_editable" => $childDocument->isAllowed("list") and $generallyAllowed and !$lock_versions and !$user->isAdmin(), "properties" => $childDocument->isAllowed("properties"), "properties_editable" => $childDocument->isAllowed("list") and $generallyAllowed and !$lock_properties and !$user->isAdmin()); $tmpDocument["expanded"] = $expanded; $tmpDocument["iconCls"] = "pimcore_icon_" . $childDocument->getType(); // set type specific settings if ($childDocument->getType() == "page") { $tmpDocument["_is_leaf"] = $childDocument->hasNoChilds(); $tmpDocument["iconCls"] = "pimcore_icon_page"; // test for a site try { $site = Site::getByRootId($childDocument->getId()); $tmpDocument["iconCls"] = "pimcore_icon_site"; $tmpDocument["site"] = $site; } catch (Exception $e) { } } else { if ($childDocument->getType() == "folder") { $tmpDocument["_is_leaf"] = $childDocument->hasNoChilds(); if ($childDocument->hasNoChilds()) { $tmpDocument["iconCls"] = "pimcore_icon_folder"; } } else { if ($childDocument->getType() == "link") { $tmpDocument["_is_leaf"] = $childDocument->hasNoChilds(); if ($childDocument->hasNoChilds()) { $tmpDocument["iconCls"] = "pimcore_icon_link"; } } else { $tmpDocument["leaf"] = true; $tmpDocument["_is_leaf"] = true; } } } if (!$childDocument->isPublished()) { $tmpDocument["cls"] = "pimcore_unpublished"; } return $tmpDocument; }