/**
* Init permission items map from DB for the given role
* @param UserRole $dbRole
*/
private static function getPermissionsFromDb($dbRole)
{
$map = self::initEmptyMap();
// get all permission object names from role record
if ($dbRole) {
$tmpPermissionNames = $dbRole->getPermissionNames(true);
$tmpPermissionNames = array_map('trim', explode(',', $tmpPermissionNames));
} else {
$tmpPermissionNames = array();
}
// add always allowed permissions
if (self::$operatingPartner) {
$alwaysAllowed = self::$operatingPartner->getAlwaysAllowedPermissionNames();
$alwaysAllowed = array_map('trim', explode(',', $alwaysAllowed));
} else {
$alwaysAllowed = array(PermissionName::ALWAYS_ALLOWED_ACTIONS);
}
$tmpPermissionNames = array_merge($tmpPermissionNames, $alwaysAllowed);
// if the request sent from the internal server set additional permission allowing access without KS
// from internal servers
if (kIpAddressUtils::isInternalIp()) {
KalturaLog::debug('IP in range, adding ALWAYS_ALLOWED_FROM_INTERNAL_IP_ACTIONS permission');
$alwaysAllowedInternal = array(PermissionName::ALWAYS_ALLOWED_FROM_INTERNAL_IP_ACTIONS);
$tmpPermissionNames = array_merge($tmpPermissionNames, $alwaysAllowedInternal);
}
$permissionNames = array();
foreach ($tmpPermissionNames as $name) {
$permissionNames[$name] = $name;
}
$map[self::PERMISSION_NAMES_ARRAY] = $permissionNames;
// get mapping of permissions to permission items
$c = new Criteria();
$c->addAnd(PermissionPeer::NAME, $permissionNames, Criteria::IN);
$c->addAnd(PermissionPeer::PARTNER_ID, array(strval(PartnerPeer::GLOBAL_PARTNER), strval(self::$operatingPartnerId)), Criteria::IN);
$c->addAnd(PermissionItemPeer::PARTNER_ID, array(strval(PartnerPeer::GLOBAL_PARTNER), strval(self::$operatingPartnerId)), Criteria::IN);
$lookups = PermissionToPermissionItemPeer::doSelectJoinAll($c);
foreach ($lookups as $lookup) {
$item = $lookup->getPermissionItem();
$permission = $lookup->getPermission();
if (!$item) {
KalturaLog::err('PermissionToPermissionItem id [' . $lookup->getId() . '] is defined with PermissionItem id [' . $lookup->getPermissionItemId() . '] which does not exists!');
continue;
}
if (!$permission) {
KalturaLog::err('PermissionToPermissionItem id [' . $lookup->getId() . '] is defined with Permission name [' . $lookup->getPermissionName() . '] which does not exists!');
continue;
}
// organize permission items in local arrays
$type = $item->getType();
if ($type == PermissionItemType::API_ACTION_ITEM) {
self::addApiAction($map, $item);
} else {
if ($type == PermissionItemType::API_PARAMETER_ITEM) {
self::addApiParameter($map, $item);
}
}
}
// set partner group permission
$c = new Criteria();
$c->addAnd(PermissionPeer::PARTNER_ID, self::$operatingPartnerId, Criteria::EQUAL);
$c->addAnd(PermissionPeer::TYPE, PermissionType::PARTNER_GROUP, Criteria::EQUAL);
$partnerGroupPermissions = PermissionPeer::doSelect($c);
foreach ($partnerGroupPermissions as $pgPerm) {
self::addPartnerGroupAction($map, $pgPerm);
}
return $map;
}
