Example #1
0
 /**
  * get recursivly the permissions for the passed user
  *
  * @param User $user
  * @return Asset_Permission
  */
 public function getPermissionsForUser(User $user)
 {
     $pathParts = explode("/", $this->model->getPath() . $this->model->getFilename());
     unset($pathParts[0]);
     $tmpPathes = array();
     $pathConditionParts[] = "cpath = '/'";
     foreach ($pathParts as $pathPart) {
         $tmpPathes[] = $pathPart;
         $pathConditionParts[] = $this->db->quoteInto("cpath = ?", "/" . implode("/", $tmpPathes));
     }
     $pathCondition = implode(" OR ", $pathConditionParts);
     $permissionRaw = $this->db->fetchRow("SELECT id FROM assets_permissions WHERE (" . $pathCondition . ") AND userId = ? ORDER BY cpath DESC LIMIT 1", $user->getId());
     //path condition for parent asset
     $parentAssetPathParts = array_slice($pathParts, 0, -1);
     $parentAssetPathConditionParts[] = "cpath = '/'";
     foreach ($parentAssetPathParts as $parentAssetPathPart) {
         $parentAssetTmpPaths[] = $parentAssetPathPart;
         $parentAssetPathConditionParts[] = $this->db->quoteInto("cpath = ?", "/" . implode("/", $parentAssetTmpPaths));
     }
     $parentAssetPathCondition = implode(" OR ", $parentAssetPathConditionParts);
     $parentAssetPermissionRaw = $this->db->fetchRow("SELECT id FROM assets_permissions WHERE (" . $parentAssetPathCondition . ") AND userId = ? ORDER BY cpath DESC LIMIT 1", $user->getId());
     $parentAssetPermissions = new Asset_Permissions();
     if ($parentAssetPermissionRaw["id"]) {
         $parentAssetPermissions = Asset_Permissions::getById($parentAssetPermissionRaw["id"]);
     }
     $parentUser = $user->getParent();
     if ($parentUser instanceof User and $parentUser->isAllowed("assets")) {
         $parentPermission = $this->getPermissionsForUser($parentUser);
     } else {
         $parentPermission = null;
     }
     $permission = new Asset_Permissions();
     if ($permissionRaw["id"] and $parentPermission instanceof Asset_Permissions) {
         //consider user group permissions
         $permission = Asset_Permissions::getById($permissionRaw["id"]);
         $permissionKeys = $permission->getValidPermissionKeys();
         foreach ($permissionKeys as $key) {
             $getter = "get" . ucfirst($key);
             $setter = "set" . ucfirst($key);
             if (!$permission->getList() and !$parentPermission->getList() or !$parentAssetPermissions->getList()) {
                 //no list - return false for all
                 $permission->{$setter}(false);
             } else {
                 if ($parentPermission->{$getter}()) {
                     //if user group allows -> return true, it overrides the user permission!
                     $permission->{$setter}(true);
                 }
             }
         }
     } else {
         if ($permissionRaw["id"]) {
             //use user permissions, no user group to override anything
             $permission = Asset_Permissions::getById($permissionRaw["id"]);
             //check parent asset's list permission and current object's list permission
             if (!$parentAssetPermissions->getList() or !$permission->getList()) {
                 $permissionKeys = $permission->getValidPermissionKeys();
                 foreach ($permissionKeys as $key) {
                     $setter = "set" . ucfirst($key);
                     $permission->{$setter}(false);
                 }
             }
         } else {
             if ($parentPermission instanceof Asset_Permissions and $parentPermission->getId() > 0) {
                 //use user group permissions - no permission found for user at all
                 $permission = $parentPermission;
                 //check parent asset's list permission and current object's list permission
                 if (!$parentAssetPermissions->getList() or !$permission->getList()) {
                     $permissionKeys = $permission->getValidPermissionKeys();
                     foreach ($permissionKeys as $key) {
                         $setter = "set" . ucfirst($key);
                         $permission->{$setter}(false);
                     }
                 }
             } else {
                 //neither user group nor user has permissions set -> use default all allowed
                 $permission->setUser($user);
                 $permission->setUserId($user->getId());
                 $permission->setUsername($user->getUsername());
                 $permission->setCid($this->model->getId());
                 $permission->setCpath($this->model->getFullPath());
             }
         }
     }
     $this->model->setUserPermissions($permission);
     return $permission;
 }
Example #2
0
 /**
  * @param  User $user
  * @param  Asset $asset
  * @param  Asset $parent
  * @param boolean $expanded
  * @return
  */
 protected function getTreeNodePermissionConfig($user, $child, $parent, $expanded)
 {
     $userGroup = $user->getParent();
     if ($userGroup instanceof User) {
         $child->getPermissionsForUser($userGroup);
         $lock_list = $child->isAllowed("list");
         $lock_view = $child->isAllowed("view");
         $lock_publish = $child->isAllowed("publish");
         $lock_delete = $child->isAllowed("delete");
         $lock_rename = $child->isAllowed("rename");
         $lock_create = $child->isAllowed("create");
         $lock_permissions = $child->isAllowed("permissions");
         $lock_settings = $child->isAllowed("settings");
         $lock_versions = $child->isAllowed("versions");
         $lock_properties = $child->isAllowed("properties");
     }
     if ($parent instanceof Asset) {
         $parent->getPermissionsForUser($user);
     }
     $assetPermission = $child->getPermissionsForUser($user);
     $generallyAllowed = $user->isAllowed("assets");
     $parentId = (int) $child->getParentId();
     $parentAllowedList = true;
     if ($parent instanceof Asset) {
         $parentAllowedList = $parent->isAllowed("list") and $generallyAllowed;
     }
     $tmpAsset = array("_parent" => $parentId > 0 ? $parentId : null, "_id" => (int) $child->getId(), "text" => $child->getFilename(), "type" => $child->getType(), "path" => $child->getFullPath(), "basePath" => $child->getPath(), "elementType" => "asset", "permissionSet" => $assetPermission->getId() > 0 and $assetPermission->getCid() === $child->getId(), "list" => $child->isAllowed("list"), "list_editable" => $parentAllowedList and $generallyAllowed and !$lock_list and !$user->isAdmin(), "view" => $child->isAllowed("view"), "view_editable" => $child->isAllowed("list") and $generallyAllowed and !$lock_view and !$user->isAdmin(), "publish" => $child->isAllowed("publish"), "publish_editable" => $child->isAllowed("list") and $generallyAllowed and !$lock_publish and !$user->isAdmin(), "delete" => $child->isAllowed("delete"), "delete_editable" => $child->isAllowed("list") and $generallyAllowed and !$lock_delete and !$user->isAdmin(), "rename" => $child->isAllowed("rename"), "rename_editable" => $child->isAllowed("list") and $generallyAllowed and !$lock_rename and !$user->isAdmin(), "create" => $child->isAllowed("create"), "create_editable" => $child->isAllowed("list") and $generallyAllowed and !$lock_create and !$user->isAdmin(), "permissions" => $child->isAllowed("permissions"), "permissions_editable" => $child->isAllowed("list") and $generallyAllowed and !$lock_permissions and !$user->isAdmin(), "settings" => $child->isAllowed("settings"), "settings_editable" => $child->isAllowed("list") and $generallyAllowed and !$lock_settings and !$user->isAdmin(), "versions" => $child->isAllowed("versions"), "versions_editable" => $child->isAllowed("list") and $generallyAllowed and !$lock_versions and !$user->isAdmin(), "properties" => $child->isAllowed("properties"), "properties_editable" => $child->isAllowed("list") and $generallyAllowed and !$lock_properties and !$user->isAdmin());
     $tmpAsset["expanded"] = $expanded;
     $tmpAsset["_is_leaf"] = $child->hasNoChilds();
     // set type specific settings
     if ($child->getType() == "folder") {
         $tmpAsset["iconCls"] = "pimcore_icon_folder";
     } else {
         $tmpAsset["iconCls"] = "pimcore_icon_" . Pimcore_File::getFileExtension($child->getFilename());
     }
     return $tmpAsset;
 }
Example #3
0
 /**
  * @param  User $user
  * @param  Object_Abstract $child
  * @param  Object_Abstract $parent
  * @param  boolean $expanded
  * @return
  */
 protected function getTreeNodePermissionConfig($user, $child, $parent, $expanded)
 {
     $userGroup = $user->getParent();
     if ($userGroup instanceof User) {
         $child->getPermissionsForUser($userGroup);
         $lock_list = $child->isAllowed("list");
         $lock_view = $child->isAllowed("view");
         $lock_save = $child->isAllowed("save");
         $lock_publish = $child->isAllowed("publish");
         $lock_unpublish = $child->isAllowed("unpublish");
         $lock_delete = $child->isAllowed("delete");
         $lock_rename = $child->isAllowed("rename");
         $lock_create = $child->isAllowed("create");
         $lock_permissions = $child->isAllowed("permissions");
         $lock_settings = $child->isAllowed("settings");
         $lock_versions = $child->isAllowed("versions");
         $lock_properties = $child->isAllowed("properties");
         $lock_properties = $child->isAllowed("properties");
     }
     if ($parent instanceof Object_Abstract) {
         $parent->getPermissionsForUser($user);
     }
     $objectPermissions = $child->getPermissionsForUser($user);
     $generallyAllowed = $user->isAllowed("objects");
     $parentId = (int) $child->getParentId();
     $parentAllowedList = true;
     if ($parent instanceof Object_Abstract) {
         $parentAllowedList = $parent->isAllowed("list") and $generallyAllowed;
     }
     $listAllowed = $child->isAllowed("list");
     $child->getPermissionsForUser($user);
     $tmpObject = array("_parent" => $parentId > 0 ? $parentId : null, "_id" => (int) $child->getId(), "text" => $child->getKey(), "type" => $child->getType(), "path" => $child->getFullPath(), "basePath" => $child->getPath(), "elementType" => "object", "permissionSet" => $objectPermissions->getId() > 0 and $objectPermissions->getCid() === $child->getId(), "list" => $listAllowed, "list_editable" => $parentAllowedList and $generallyAllowed and !$lock_list and !$user->isAdmin(), "view" => $child->isAllowed("view"), "view_editable" => $listAllowed and $generallyAllowed and !$lock_view and !$user->isAdmin(), "save" => $child->isAllowed("save"), "save_editable" => $listAllowed and $generallyAllowed and !$lock_save and !$user->isAdmin(), "publish" => $child->isAllowed("publish"), "publish_editable" => $listAllowed and $generallyAllowed and !$lock_publish and !$user->isAdmin(), "unpublish" => $child->isAllowed("unpublish"), "unpublish_editable" => $listAllowed and $generallyAllowed and !$lock_unpublish and !$user->isAdmin(), "delete" => $child->isAllowed("delete"), "delete_editable" => $listAllowed and $generallyAllowed and !$lock_delete and !$user->isAdmin(), "rename" => $child->isAllowed("rename"), "rename_editable" => $listAllowed and $generallyAllowed and !$lock_rename and !$user->isAdmin(), "create" => $child->isAllowed("create"), "create_editable" => $listAllowed and $generallyAllowed and !$lock_create and !$user->isAdmin(), "permissions" => $child->isAllowed("permissions"), "permissions_editable" => $listAllowed and $generallyAllowed and !$lock_permissions and !$user->isAdmin(), "settings" => $child->isAllowed("settings"), "settings_editable" => $listAllowed and $generallyAllowed and !$lock_settings and !$user->isAdmin(), "versions" => $child->isAllowed("versions"), "versions_editable" => $listAllowed and $generallyAllowed and !$lock_versions and !$user->isAdmin(), "properties" => $child->isAllowed("properties"), "properties_editable" => $listAllowed and $generallyAllowed and !$lock_properties and !$user->isAdmin());
     $tmpObject["expanded"] = $expanded;
     $tmpObject["_is_leaf"] = $child->hasNoChilds();
     $tmpObject["iconCls"] = "pimcore_icon_object";
     if ($child->getType() == "folder") {
         $tmpObject["iconCls"] = "pimcore_icon_folder";
         $tmpObject["qtipCfg"] = array("title" => "ID: " . $child->getId());
     } else {
         $tmpObject["className"] = $child->getClass()->getName();
         $tmpObject["qtipCfg"] = array("title" => "ID: " . $child->getId(), "text" => 'Type: ' . $child->getClass()->getName());
         if (!$child->isPublished()) {
             $tmpObject["cls"] = "pimcore_unpublished";
         }
         if ($child->getClass()->getIcon()) {
             unset($tmpObject["iconCls"]);
             $tmpObject["icon"] = $child->getClass()->getIcon();
         }
     }
     return $tmpObject;
 }
Example #4
0
 /**
  * @param  User $user
  * @param  Document $childDocument
  * @param  Document $parentDocument
  * @param boolean $expanded
  * @return
  */
 protected function getTreeNodePermissionConfig($user, $childDocument, $parentDocument, $expanded)
 {
     $userGroup = $user->getParent();
     if ($userGroup instanceof User) {
         $childDocument->getPermissionsForUser($userGroup);
         $lock_list = $childDocument->isAllowed("list");
         $lock_view = $childDocument->isAllowed("view");
         $lock_save = $childDocument->isAllowed("save");
         $lock_publish = $childDocument->isAllowed("publish");
         $lock_unpublish = $childDocument->isAllowed("unpublish");
         $lock_delete = $childDocument->isAllowed("delete");
         $lock_rename = $childDocument->isAllowed("rename");
         $lock_create = $childDocument->isAllowed("create");
         $lock_permissions = $childDocument->isAllowed("permissions");
         $lock_settings = $childDocument->isAllowed("settings");
         $lock_versions = $childDocument->isAllowed("versions");
         $lock_properties = $childDocument->isAllowed("properties");
         $lock_properties = $childDocument->isAllowed("properties");
     }
     if ($parentDocument) {
         $parentDocument->getPermissionsForUser($user);
     }
     $documentPermission = $childDocument->getPermissionsForUser($user);
     $generallyAllowed = $user->isAllowed("documents");
     $parentId = (int) $childDocument->getParentId();
     $parentAllowedList = true;
     if ($parentDocument instanceof Document) {
         $parentAllowedList = $parentDocument->isAllowed("list") and $generallyAllowed;
     }
     $tmpDocument = array("_parent" => $parentId > 0 ? $parentId : null, "_id" => (int) $childDocument->getId(), "text" => $childDocument->getKey(), "type" => $childDocument->getType(), "path" => $childDocument->getFullPath(), "basePath" => $childDocument->getPath(), "elementType" => "document", "permissionSet" => $documentPermission->getId() > 0 and $documentPermission->getCid() === $childDocument->getId(), "list" => $childDocument->isAllowed("list"), "list_editable" => $parentAllowedList and $generallyAllowed and !$lock_list and !$user->isAdmin(), "view" => $childDocument->isAllowed("view"), "view_editable" => $childDocument->isAllowed("list") and $generallyAllowed and !$lock_view and !$user->isAdmin(), "save" => $childDocument->isAllowed("save"), "save_editable" => $childDocument->isAllowed("list") and $generallyAllowed and !$lock_save and !$user->isAdmin(), "publish" => $childDocument->isAllowed("publish"), "publish_editable" => $childDocument->isAllowed("list") and $generallyAllowed and !$lock_publish and !$user->isAdmin(), "unpublish" => $childDocument->isAllowed("unpublish"), "unpublish_editable" => $childDocument->isAllowed("list") and $generallyAllowed and !$lock_unpublish and !$user->isAdmin(), "delete" => $childDocument->isAllowed("delete"), "delete_editable" => $childDocument->isAllowed("list") and $generallyAllowed and !$lock_delete and !$user->isAdmin(), "rename" => $childDocument->isAllowed("rename"), "rename_editable" => $childDocument->isAllowed("list") and $generallyAllowed and !$lock_rename and !$user->isAdmin(), "create" => $childDocument->isAllowed("create"), "create_editable" => $childDocument->isAllowed("list") and $generallyAllowed and !$lock_create and !$user->isAdmin(), "permissions" => $childDocument->isAllowed("permissions"), "permissions_editable" => $childDocument->isAllowed("list") and $generallyAllowed and !$lock_permissions and !$user->isAdmin(), "settings" => $childDocument->isAllowed("settings"), "settings_editable" => $childDocument->isAllowed("list") and $generallyAllowed and !$lock_settings and !$user->isAdmin(), "versions" => $childDocument->isAllowed("versions"), "versions_editable" => $childDocument->isAllowed("list") and $generallyAllowed and !$lock_versions and !$user->isAdmin(), "properties" => $childDocument->isAllowed("properties"), "properties_editable" => $childDocument->isAllowed("list") and $generallyAllowed and !$lock_properties and !$user->isAdmin());
     $tmpDocument["expanded"] = $expanded;
     $tmpDocument["iconCls"] = "pimcore_icon_" . $childDocument->getType();
     // set type specific settings
     if ($childDocument->getType() == "page") {
         $tmpDocument["_is_leaf"] = $childDocument->hasNoChilds();
         $tmpDocument["iconCls"] = "pimcore_icon_page";
         // test for a site
         try {
             $site = Site::getByRootId($childDocument->getId());
             $tmpDocument["iconCls"] = "pimcore_icon_site";
             $tmpDocument["site"] = $site;
         } catch (Exception $e) {
         }
     } else {
         if ($childDocument->getType() == "folder") {
             $tmpDocument["_is_leaf"] = $childDocument->hasNoChilds();
             if ($childDocument->hasNoChilds()) {
                 $tmpDocument["iconCls"] = "pimcore_icon_folder";
             }
         } else {
             if ($childDocument->getType() == "link") {
                 $tmpDocument["_is_leaf"] = $childDocument->hasNoChilds();
                 if ($childDocument->hasNoChilds()) {
                     $tmpDocument["iconCls"] = "pimcore_icon_link";
                 }
             } else {
                 $tmpDocument["leaf"] = true;
                 $tmpDocument["_is_leaf"] = true;
             }
         }
     }
     if (!$childDocument->isPublished()) {
         $tmpDocument["cls"] = "pimcore_unpublished";
     }
     return $tmpDocument;
 }