/** * Creates an account * * @param Application $app The application * @param string $id The base for user login * @param string $email The email * @param array $templates Some extra templates to apply with the ones of this creator * * @return User * * @throws RuntimeException In case the AccountCreator is disabled * @throws InvalidArgumentException In case a user with the same email already exists */ public function create(Application $app, $id, $email = null, array $templates = []) { if (!$this->enabled) { throw new RuntimeException('Account creator is disabled'); } $login = $id; $n = 1; if (null !== $email && null !== $app['repo.users']->findByEmail($email)) { throw new InvalidArgumentException('Provided email already exist in account base.'); } while (null !== $app['repo.users']->findByLogin($login)) { $login = $id . '#' . $n; $n++; } $user = $app['manipulator.user']->createUser($login, $this->random->generateString(128), $email); $base_ids = []; foreach ($this->appbox->get_databoxes() as $databox) { foreach ($databox->get_collections() as $collection) { $base_ids[] = $collection->get_base_id(); } } foreach (array_merge($this->templates, $templates) as $template) { $app->getAclForUser($user)->apply_model($template, $base_ids); } return $user; }
public function hasAccessSubDefinition(RecordInterface $record, $subDefinition) { if (false === $this->app->getAuthenticatedUser() instanceof User) { return false; } return $this->app->getAclForUser($this->app->getAuthenticatedUser())->has_access_to_subdef($record, $subDefinition); }
private function createUser(Application $app) { $user = $app['manipulator.user']->createUser(uniqid('fixturejs'), uniqid('fixturejs'), uniqid('fixturejs') . '@js.js', true); $app->getAclForUser($user)->set_admin(true); $app['manipulator.acl']->resetAdminRights($user); return $user; }
private static function getUnvalidated(Application $app, $home = false) { $terms = []; foreach ($app->getDataboxes() as $databox) { try { $cgus = $databox->get_cgus(); if (!isset($cgus[$app['locale']])) { throw new Exception('No CGus for this locale'); } $name = $databox->get_label($app['locale']); $update = $cgus[$app['locale']]['updated_on']; $value = $cgus[$app['locale']]['value']; $userValidation = true; if (!$home) { if (!$app->getAclForUser($app->getAuthenticatedUser())->has_access_to_sbas($databox->get_sbas_id())) { continue; } $userValidation = $app['settings']->getUserSetting($app->getAuthenticatedUser(), 'terms_of_use_' . $databox->get_sbas_id()) !== $update && trim($value) !== ''; } if ($userValidation) { $terms[$name] = ['sbas_id' => $databox->get_sbas_id(), 'terms' => $value, 'date' => $update]; } } catch (\Exception $e) { } } return $terms; }
/** * Creates an aggregate from all the feeds available to a given user. * * @param Application $app * @param User $user * * @param array $restrictions * @return Aggregate */ public static function createFromUser(Application $app, User $user, array $restrictions = []) { /** @var FeedRepository $feedRepository */ $feedRepository = $app['repo.feeds']; $feeds = $feedRepository->filterUserAccessibleByIds($app->getAclForUser($user), $restrictions); $token = $app['repo.aggregate-tokens']->findOneBy(['user' => $user]); return new static($app['orm.em'], $feeds, $token); }
private function apply_template_time_limits(User $template_user, array $base_ids) { foreach ($base_ids as $base_id) { $limited = $this->app->getAclForUser($template_user)->get_limits($base_id); if (null !== $limited) { $this->set_limits($base_id, '1', $limited['dmin'], $limited['dmax']); } else { $this->set_limits($base_id, '0', $limited['dmin'], $limited['dmax']); } } }
public static function getSearchStatus(Application $app) { $structures = $stats = []; foreach ($app->getAclForUser($app->getAuthenticatedUser())->get_granted_sbas() as $databox) { $see_all = false; foreach ($databox->get_collections() as $collection) { if ($app->getAclForUser($app->getAuthenticatedUser())->has_right_on_base($collection->get_base_id(), 'chgstatus')) { $see_all = true; break; } } $status = $databox->getStatusStructure()->toArray(); if (!$see_all) { $status = array_filter($status, function ($statusbit) { return (bool) $statusbit['searchable']; }); } ksort($status); $structures[$databox->get_sbas_id()] = array('name' => $databox->get_label($app['locale']), 'status' => $status); } ksort($structures); return $structures; }
protected function get_feed(Application $app, appbox $appbox, User $user, $pub_restrict, $homelink) { $user_key = 'user_' . $user->getId(); if ($homelink == '1') { $feed_key = 'feed_homelink'; } elseif ($pub_restrict == '1') { $feed_key = 'feed_restricted'; } else { $feed_key = 'feed_public'; } if (!array_key_exists($user_key, self::$feeds) || !isset(self::$feeds[$user_key][$feed_key])) { if ($homelink == '1') { $title = $user->getDisplayName() . ' - ' . 'homelink Feed'; } elseif ($pub_restrict == '1') { $title = $user->getDisplayName() . ' - ' . 'private Feed'; } else { $title = $user->getDisplayName() . ' - ' . 'public Feed'; } $feed = new Feed(); $publisher = new FeedPublisher(); $feed->setTitle('title'); $feed->setSubtitle(''); $feed->addPublisher($publisher); $publisher->setFeed($feed); $publisher->setIsOwner(true); $publisher->setUser($user); if ($homelink) { $feed->setIsPublic(true); $app['orm.em']->persist($feed); $app['orm.em']->persist($user); $app['orm.em']->flush(); } elseif ($pub_restrict == 1) { $collections = $app->getAclForUser($user)->get_granted_base(); $collection = array_shift($collections); if (!$collection instanceof collection) { foreach ($appbox->get_databoxes() as $databox) { foreach ($databox->get_collections() as $coll) { $collection = $coll; break; } if ($collection instanceof collection) { break; } } } if (!$collection instanceof collection) { return false; } $feed->setCollection($collection); } self::$feeds[$user_key][$feed_key] = $feed; } else { $feed = self::$feeds[$user_key][$feed_key]; } return $feed; }
public static function updateClientInfos(Application $app, $appId) { if (!$app->getAuthenticator()->isAuthenticated()) { return; } $session = $app['repo.sessions']->find($app['session']->get('session_id')); if (!$session) { throw new SessionNotFound('No session found'); } if (!$session->hasModuleId($appId)) { $module = new SessionModule(); $module->setModuleId($appId); $module->setSession($session); $session->addModule($module); $app['orm.em']->persist($module); $app['orm.em']->persist($session); $app['orm.em']->flush(); } $appName = ['1' => 'Prod', '2' => 'Client', '3' => 'Admin', '4' => 'Report', '5' => 'Thesaurus', '6' => 'Compare', '7' => 'Validate', '8' => 'Upload', '9' => 'API']; if (isset($appName[$appId])) { $sbas_ids = array_keys($app->getAclForUser($app->getAuthenticatedUser())->get_granted_sbas()); foreach ($sbas_ids as $sbas_id) { try { $logger = $app['phraseanet.logger']($app->findDataboxById($sbas_id)); $databox = $app->findDataboxById($sbas_id); $connbas = $databox->get_connection(); $sql = 'SELECT appli FROM log WHERE id = :log_id'; $stmt = $connbas->prepare($sql); $stmt->execute([':log_id' => $logger->get_id()]); $row3 = $stmt->fetch(PDO::FETCH_ASSOC); $stmt->closeCursor(); if (!$row3) { throw new Exception('no log'); } $applis = unserialize($row3['appli']); if (!in_array($appId, $applis)) { $applis[] = $appId; } $sql = 'UPDATE log SET appli = :applis WHERE id = :log_id'; $params = [':applis' => serialize($applis), ':log_id' => $logger->get_id()]; $stmt = $connbas->prepare($sql); $stmt->execute($params); $stmt->closeCursor(); } catch (\Exception $e) { } } } return; }
public function unmount_collection(Application $app) { $old_coll_id = $this->get_coll_id(); $old_name = $this->get_name(); $params = [':base_id' => $this->get_base_id()]; $query = $app['phraseanet.user-query']; $total = $query->on_base_ids([$this->get_base_id()])->include_phantoms(false)->include_special_users(true)->include_invite(true)->include_templates(true)->get_total(); $n = 0; while ($n < $total) { $results = $query->limit($n, 50)->execute()->get_results(); foreach ($results as $user) { $app->getAclForUser($user)->delete_data_from_cache(ACL::CACHE_RIGHTS_SBAS); $app->getAclForUser($user)->delete_data_from_cache(ACL::CACHE_RIGHTS_BAS); } $n += 50; } $sql = "DELETE FROM basusr WHERE base_id = :base_id"; $stmt = $app->getApplicationBox()->get_connection()->prepare($sql); $stmt->execute($params); $stmt->closeCursor(); $sql = "DELETE FROM bas WHERE base_id = :base_id"; $stmt = $app->getApplicationBox()->get_connection()->prepare($sql); $stmt->execute($params); $stmt->closeCursor(); $this->app['manipulator.registration']->deleteRegistrationsOnCollection($this); phrasea::reset_baseDatas($app['phraseanet.appbox']); $app['dispatcher']->dispatch(CollectionEvents::UNMOUNTED, new UnmountedEvent(null, array('coll_id' => $old_coll_id, 'coll_name' => $old_name))); return $this; }
/** * * @param Application $app * @param string $lst * @param integer $sstid * @param integer $storyWZid * @return set_export */ public function __construct(Application $app, $lst, $sstid, $storyWZid = null) { $this->app = $app; $download_list = []; $remain_hd = []; if ($storyWZid) { $repository = $app['repo.story-wz']; $storyWZ = $repository->findByUserAndId($this->app, $app->getAuthenticatedUser(), $storyWZid); $lst = $storyWZ->getRecord($this->app)->get_serialize_key(); } if ($sstid != "") { $repository = $app['repo.baskets']; /* @var $repository Alchemy\Phrasea\Model\Repositories\BasketRepository */ $Basket = $repository->findUserBasket($sstid, $app->getAuthenticatedUser(), false); $this->exportName = str_replace([' ', '\\', '/'], '_', $Basket->getName()) . "_" . date("Y-n-d"); foreach ($Basket->getElements() as $basket_element) { $base_id = $basket_element->getRecord($this->app)->get_base_id(); $record_id = $basket_element->getRecord($this->app)->get_record_id(); if (!isset($remain_hd[$base_id])) { if ($app->getAclForUser($app->getAuthenticatedUser())->is_restricted_download($base_id)) { $remain_hd[$base_id] = $app->getAclForUser($app->getAuthenticatedUser())->remaining_download($base_id); } else { $remain_hd[$base_id] = false; } } $current_element = $download_list[] = new record_exportElement($app, $basket_element->getRecord($this->app)->get_sbas_id(), $record_id, $Basket->getName(), $remain_hd[$base_id]); $remain_hd[$base_id] = $current_element->get_remain_hd(); } } else { $this->exportName = "Export_" . date("Y-n-d") . '_' . mt_rand(100, 999); $tmp_lst = explode(';', $lst); $n = 1; foreach ($tmp_lst as $basrec) { $basrec = explode('_', $basrec); if (count($basrec) != 2) { continue; } try { $record = new record_adapter($this->app, $basrec[0], $basrec[1]); } catch (\Exception_Record_AdapterNotFound $e) { continue; } if ($record->isStory()) { foreach ($record->get_children() as $child_basrec) { $base_id = $child_basrec->get_base_id(); $record_id = $child_basrec->get_record_id(); if (!isset($remain_hd[$base_id])) { if ($app->getAclForUser($app->getAuthenticatedUser())->is_restricted_download($base_id)) { $remain_hd[$base_id] = $app->getAclForUser($app->getAuthenticatedUser())->remaining_download($base_id); } else { $remain_hd[$base_id] = false; } } $current_element = $download_list[] = new record_exportElement($app, $child_basrec->get_sbas_id(), $record_id, $record->get_title(null, null, true) . '_' . $n, $remain_hd[$base_id]); $remain_hd[$base_id] = $current_element->get_remain_hd(); } } else { $base_id = $record->get_base_id(); $record_id = $record->get_record_id(); if (!isset($remain_hd[$base_id])) { if ($app->getAclForUser($app->getAuthenticatedUser())->is_restricted_download($base_id)) { $remain_hd[$base_id] = $app->getAclForUser($app->getAuthenticatedUser())->remaining_download($base_id); } else { $remain_hd[$base_id] = false; } } $current_element = $download_list[$basrec[0] . '_' . $basrec[1]] = new record_exportElement($app, $record->get_sbas_id(), $record_id, '', $remain_hd[$base_id]); $remain_hd[$base_id] = $current_element->get_remain_hd(); } $n++; } } $this->elements = $download_list; $display_download = []; $display_orderable = []; $this->total_download = 0; $this->total_order = 0; $this->total_ftp = 0; $this->businessFieldsAccess = false; foreach ($this->elements as $download_element) { if ($app->getAclForUser($app->getAuthenticatedUser())->has_right_on_base($download_element->get_base_id(), 'canmodifrecord')) { $this->businessFieldsAccess = true; } foreach ($download_element->get_downloadable() as $name => $properties) { if (!isset($display_download[$name])) { $display_download[$name] = ['size' => 0, 'total' => 0, 'available' => 0, 'refused' => []]; } $display_download[$name]['total']++; if ($properties !== false) { $display_download[$name]['available']++; $display_download[$name]['label'] = $properties['label']; $display_download[$name]['class'] = $properties['class']; $this->total_download++; $display_download[$name]['size'] += $download_element->get_size($name); } else { $display_download[$name]['refused'][] = $download_element->get_thumbnail(); } } foreach ($download_element->get_orderable() as $name => $properties) { if (!isset($display_orderable[$name])) { $display_orderable[$name] = ['total' => 0, 'available' => 0, 'refused' => []]; } $display_orderable[$name]['total']++; if ($properties !== false) { $display_orderable[$name]['available']++; $this->total_order++; } else { $display_orderable[$name]['refused'][] = $download_element->get_thumbnail(); } } } foreach ($display_download as $name => $values) { $display_download[$name]['size'] = (int) $values['size']; } $display_ftp = []; $hasadminright = $app->getAclForUser($app->getAuthenticatedUser())->has_right('addrecord') || $app->getAclForUser($app->getAuthenticatedUser())->has_right('deleterecord') || $app->getAclForUser($app->getAuthenticatedUser())->has_right('modifyrecord') || $app->getAclForUser($app->getAuthenticatedUser())->has_right('coll_manage') || $app->getAclForUser($app->getAuthenticatedUser())->has_right('coll_modify_struct'); $this->ftp_datas = []; if ($this->app['conf']->get(['registry', 'ftp', 'ftp-enabled']) && ($hasadminright || $this->app['conf']->get(['registry', 'ftp', 'ftp-user-access']))) { $display_ftp = $display_download; $this->total_ftp = $this->total_download; $lst_base_id = array_keys($app->getAclForUser($app->getAuthenticatedUser())->get_granted_base()); if ($hasadminright) { $sql = "SELECT Users.id AS usr_id ,Users.login AS usr_login ,Users.email AS usr_mail, FtpCredential.*\n FROM (\n FtpCredential INNER JOIN Users ON (\n FtpCredential.active = 1 AND FtpCredential.user_id = Users.id\n ) INNER JOIN basusr ON (\n Users.id=basusr.usr_id\n AND (basusr.base_id=\n '" . implode("' OR basusr.base_id='", $lst_base_id) . "'\n )\n )\n )\n GROUP BY Users.id "; $params = []; } elseif ($this->app['conf']->get(['registry', 'ftp', 'ftp-user-access'])) { $sql = "SELECT Users.id AS usr_id ,Users.login AS usr_login ,Users.email AS usr_mail, FtpCredential.*\n FROM (\n FtpCredential INNER JOIN Users ON (\n FtpCredential.active = 1 AND FtpCredential.id = Users.id\n ) INNER JOIN basusr ON (\n Users.id=basusr.usr_id\n AND Users.id = :usr_id\n AND (basusr.base_id=\n '" . implode("' OR basusr.base_id='", $lst_base_id) . "'\n )\n )\n )\n GROUP BY Users.id "; $params = [':usr_id' => $app->getAuthenticatedUser()->getId()]; } $datas[] = ['name' => $app->trans('export::ftp: reglages manuels'), 'usr_id' => '0', 'address' => '', 'login' => '', 'password' => '', 'ssl' => false, 'dest_folder' => '', 'prefix_folder' => 'Export_' . date("Y-m-d_H.i.s"), 'passive' => false, 'max_retry' => 5, 'sendermail' => $app->getAuthenticatedUser()->getEmail()]; $stmt = $app->getApplicationBox()->get_connection()->prepare($sql); $stmt->execute($params); $rs = $stmt->fetchAll(PDO::FETCH_ASSOC); $stmt->closeCursor(); foreach ($rs as $row) { $datas[] = ['name' => $row["usr_login"], 'usr_id' => $row['usr_id'], 'address' => $row['address'], 'login' => $row['login'], 'password' => $row['password'], 'ssl' => !!$row['tls'], 'dest_folder' => $row['reception_folder'], 'prefix_folder' => strlen(trim($row['repository_prefix_name'])) > 0 ? trim($row['repository_prefix_name']) : 'Export_' . date("Y-m-d_H.i.s"), 'passive' => !!$row['passive'], 'max_retry' => $row['max_retry'], 'usr_mail' => $row['usr_mail'], 'sender_mail' => $app->getAuthenticatedUser()->getEmail()]; } $this->ftp_datas = $datas; } $this->display_orderable = $display_orderable; $this->display_download = $display_download; $this->display_ftp = $display_ftp; return $this; }
/** * Gives Bases Rights to User. * * @param User $user */ public static function giveRightsToUser(Application $app, User $user, $base_ids = null, $force = false) { $app->getAclForUser($user)->delete_data_from_cache(\ACL::CACHE_GLOBAL_RIGHTS); $app->getAclForUser($user)->delete_data_from_cache(databox::CACHE_COLLECTIONS); $app->getAclForUser($user)->give_access_to_sbas(array_keys($app->getDataboxes())); foreach ($app->getDataboxes() as $databox) { $app->getAclForUser($user)->delete_data_from_cache(\ACL::CACHE_RIGHTS_SBAS); $rights = ['bas_manage' => '1', 'bas_modify_struct' => '1', 'bas_modif_th' => '1', 'bas_chupub' => '1']; $app->getAclForUser($user)->update_rights_to_sbas($databox->get_sbas_id(), $rights); foreach ($databox->get_collections() as $collection) { if (null !== $base_ids && !in_array($collection->get_base_id(), (array) $base_ids, true)) { continue; } $base_id = $collection->get_base_id(); if ($app->getAclForUser($user)->has_access_to_base($base_id) && false === $force) { continue; } $app->getAclForUser($user)->delete_data_from_cache(\ACL::CACHE_RIGHTS_BAS); $app->getAclForUser($user)->give_access_to_base([$base_id]); $app->getAclForUser($user)->update_rights_to_base($base_id, ['order_master' => true]); $rights = ['canputinalbum' => '1', 'candwnldhd' => '1', 'candwnldsubdef' => '1', 'nowatermark' => '1', 'candwnldpreview' => '1', 'cancmd' => '1', 'canadmin' => '1', 'canreport' => '1', 'canpush' => '1', 'creationdate' => '1', 'canaddrecord' => '1', 'canmodifrecord' => '1', 'candeleterecord' => '1', 'chgstatus' => '1', 'imgtools' => '1', 'manage' => '1', 'modify_struct' => '1', 'bas_modify_struct' => '1']; $app->getAclForUser($user)->update_rights_to_base($collection->get_base_id(), $rights); } } }