public function tearDown()
 {
     eZPolicyLimitation::removeByID($this->policy->attribute('id'));
     eZPolicy::removeByID($this->policy->attribute('id'));
     $this->policy = null;
     parent::tearDown();
 }
 static function removeByValue($value, $policyID = false)
 {
     if ($policyID) {
         $limitationIDList = array();
         $limitations = eZPolicyLimitation::fetchByPolicyID($policyID, false);
         foreach ($limitations as $limitationArray) {
             $limitationIDList[] = $limitationArray['id'];
         }
         if (count($limitationIDList) > 0) {
             eZPersistentObject::removeObject(eZPolicyLimitationValue::definition(), array('limitation_id' => array($limitationIDList), "value" => $value));
             return;
         }
     }
     eZPersistentObject::removeObject(eZPolicyLimitationValue::definition(), array("value" => $value));
 }
Ejemplo n.º 3
0
 function fetchRoles($sectionID)
 {
     $policies = $roleIDs = $usedRoleIDs = $roles = $roleLimitations = array();
     $limitations = eZPolicyLimitation::findByType('Section', $sectionID, true, false);
     foreach ($limitations as $policyEntry) {
         $policy = $policyEntry->policy();
         $policies[] = $policy;
         $roleID = $policy->attribute('role_id');
         $roleIDs[] = $roleID;
         if (!isset($roleLimitations[$roleID])) {
             $roleLimitations[$roleID] = array();
         }
         $roleLimitations[$roleID][] = $policy;
     }
     foreach ($policies as $policy) {
         $roleID = $policy->attribute('role_id');
         if (in_array($roleID, $roleIDs) && !in_array($roleID, $usedRoleIDs)) {
             $roles[] = $policy->attribute('role');
             $usedRoleIDs[] = $roleID;
         }
     }
     return array('result' => array('roles' => $roles, 'limited_policies' => $roleLimitations));
 }
Ejemplo n.º 4
0
/**
 * Applies the POST submitted limitations as found in the dropdowns
 * @param eZPolicy $policy
 * @param string $currentModule
 * @param string $currentFunction
 * @param array $currentFunctionLimitations
 *
 * @return bool True if limitations were found, false otherwise
 */
function processDropdownLimitations( &$policy, $currentModule, $currentFunction, $currentFunctionLimitations )
{
    $hasLimitation = false;

    $http = eZHTTPTool::instance();

    $db = eZDB::instance();
    $db->begin();

    foreach ( $currentFunctionLimitations as $functionLimitation )
    {
        if ( $http->hasPostVariable( $functionLimitation['name'] ) and
            $functionLimitation['name'] != 'Node' and
            $functionLimitation['name'] != 'Subtree' )
        {
            $limitationValueList = $http->postVariable( $functionLimitation['name'] );

            if ( !in_array('-1', $limitationValueList ) )
            {
                $hasLimitation = true;
                $policyLimitation = eZPolicyLimitation::createNew( $policy->attribute( 'id' ),
                                                                   $functionLimitation['name'] );
                foreach ( $limitationValueList as $limitationValue )
                {
                    eZPolicyLimitationValue::createNew( $policyLimitation->attribute( 'id' ), $limitationValue );
                }
            }
        }
    }

    $db->commit();

    return $hasLimitation;
}
Ejemplo n.º 5
0
     }
 }
 if ($http->hasPostVariable('Limitation') && count($currentFunctionLimitations) == 0) {
     $currentModule = $http->postVariable('CurrentModule');
     $currentFunction = $http->postVariable('ModuleFunction');
     eZDebugSetting::writeDebug('kernel-role-edit', $currentModule, 'currentModule');
     $policy = eZPolicy::createNew($roleID, array('ModuleName' => $currentModule, 'FunctionName' => $currentFunction));
 } else {
     $db->commit();
     $currentLimitationList = array();
     foreach ($currentFunctionLimitations as $currentFunctionLimitation) {
         $limitationName = $currentFunctionLimitation['name'];
         $currentLimitationList[$limitationName] = '-1';
     }
     if (isset($policyID)) {
         $limitationList = eZPolicyLimitation::fetchByPolicyID($policyID);
         foreach ($limitationList as $limitation) {
             $limitationID = $limitation->attribute('id');
             $limitationIdentifier = $limitation->attribute('identifier');
             $limitationValues = eZPolicyLimitationValue::fetchList($limitationID);
             $valueList = array();
             foreach ($limitationValues as $limitationValue) {
                 $value = $limitationValue->attribute('value');
                 $valueList[] = $value;
             }
             $currentLimitationList[$limitationIdentifier] = $valueList;
         }
     }
     $tpl->setVariable('current_function', $currentFunction);
     $tpl->setVariable('function_limitations', $currentFunctionLimitations);
     $tpl->setVariable('no_limitations', $noLimitations);
Ejemplo n.º 6
0
 function limitationList($useCache = true, $ignoreLimitIdentifier = false)
 {
     if (!isset($this->Limitations) || !$useCache) {
         $limitations = eZPersistentObject::fetchObjectList(eZPolicyLimitation::definition(), null, array('policy_id' => $this->attribute('id')), null, null, true);
         eZDebugSetting::writeDebug('kernel-policy-limitation', $limitations, "before policy limitations " . $this->ID);
         eZDebugSetting::writeDebug('kernel-policy-limitation', $this, "policy itself before before limitations check");
         if ($ignoreLimitIdentifier === false && isset($this->LimitIdentifier) && $this->LimitIdentifier) {
             $limitIdentifier = $this->attribute('limit_identifier');
             $limitValue = $this->attribute('limit_value');
             $limitationTouched = false;
             $checkEmptyLimitation = true;
             foreach ($limitations as $limitation) {
                 if ($limitation->attribute('identifier') == $limitIdentifier) {
                     if ($limitIdentifier == 'Subtree') {
                         $limitationTouched = true;
                         $values = $limitation->attribute('values');
                         foreach ($values as $limitationValue) {
                             $value = $limitationValue->attribute('value');
                             if (strpos($value, $limitValue) === 0) {
                                 $checkEmptyLimitation = false;
                                 eZDebugSetting::writeDebug('kernel-policy-limitation', $value, "Limitationvalue has been left in the limitation [limitValue={$limitValue}]");
                             } else {
                                 if (strpos($limitValue, $value) === 0) {
                                     $checkEmptyLimitation = false;
                                     $limitationValue->setAttribute('value', $limitValue);
                                     eZDebugSetting::writeDebug('kernel-policy-limitation', $value, "Limitationvalue has been exchanged to the value from cond assignment [limitValue={$limitValue}]");
                                 } else {
                                     eZDebugSetting::writeDebug('kernel-policy-limitation', $value, "Limitationvalue has been removed from limitation [limitValue={$limitValue}]");
                                     //exlude limitation value from limitation..
                                     unset($limitationValue);
                                 }
                             }
                         }
                         if ($checkEmptyLimitation) {
                             eZDebugSetting::writeDebug('kernel-policy-limitation', $this, 'The policy has been disabled');
                             $this->Disabled = true;
                             $this->Limitations = array();
                             return $this->Limitations;
                         }
                     }
                 }
             }
             if (!$limitationTouched) {
                 $policyLimitation = new eZPolicyLimitation(array('id' => -1, 'policy_id' => $this->attribute('id'), 'identifier' => $this->attribute('limit_identifier')));
                 $policyLimitation->setAttribute('limit_value', $this->attribute('limit_value'));
                 $limitations[] = $policyLimitation;
             }
         }
         eZDebugSetting::writeDebug('kernel-policy-limitation', $limitations, "policy limitations " . $this->ID);
         $this->Limitations = $limitations;
     }
     return $this->Limitations;
 }
 function move($newParentNodeID, $nodeID = 0)
 {
     if ($nodeID == 0) {
         $node = $this;
         $nodeID = $node->attribute('node_id');
     } else {
         $node = eZContentObjectTreeNode::fetch($nodeID);
     }
     $oldPath = $node->attribute('path_string');
     $oldParentNodeID = $node->attribute('parent_node_id');
     $newParentNodeID = (int) $newParentNodeID;
     if ($oldParentNodeID != $newParentNodeID) {
         $node->updateAndStoreModified();
         // Who moves which content should be logged.
         $object = $node->object();
         eZAudit::writeAudit('content-move', array('Node ID' => $node->attribute('node_id'), 'Old parent node ID' => $oldParentNodeID, 'New parent node ID' => $newParentNodeID, 'Object ID' => $object->attribute('id'), 'Content Name' => $object->attribute('name'), 'Comment' => 'Moved the node to the given node: eZContentObjectTreeNode::move()'));
         $newParentNode = eZContentObjectTreeNode::fetch($newParentNodeID);
         $newParentPath = $newParentNode->attribute('path_string');
         $newParentDepth = $newParentNode->attribute('depth');
         $newPath = $newParentPath . $nodeID;
         $oldDepth = $node->attribute('depth');
         $oldPathLength = strlen($oldPath);
         $moveQuery = "UPDATE\n                                 ezcontentobject_tree\n                          SET\n                                 parent_node_id = {$newParentNodeID}\n                          WHERE\n                                 node_id = {$nodeID}";
         $db = eZDB::instance();
         $subStringString = $db->subString('path_string', $oldPathLength);
         $newPathString = $db->concatString(array("'{$newPath}'", $subStringString));
         $moveQuery1 = "UPDATE\n                                 ezcontentobject_tree\n                           SET\n                                 path_identification_string = " . $db->concatString(array("'" . $db->escapeString($newParentNode->PathIdentificationString) . "'", $db->subString("path_identification_string", mb_strlen($node->PathIdentificationString) + 1))) . ",\n                                 path_string = {$newPathString},\n                                 depth = depth + {$newParentDepth} - {$oldDepth} + 1\n                           WHERE\n                                 path_string LIKE '{$oldPath}%'";
         $db->begin();
         $db->query($moveQuery);
         $db->query($moveQuery1);
         /// role system clean up
         // Clean up policies and limitations
         $expireRoleCache = false;
         $limitationsToFix = eZPolicyLimitation::findByType('SubTree', $node->attribute('path_string'), false);
         if (count($limitationsToFix) > 0) {
             $limitationIDString = $db->generateSQLINStatement($limitationsToFix, 'limitation_id');
             $subStringString = $db->subString('value', $oldPathLength);
             $newValue = $db->concatString(array("'{$newPath}'", $subStringString));
             $query = "UPDATE\n                                ezpolicy_limitation_value\n                          SET\n                                value = {$newValue}\n                          WHERE\n                                value LIKE '{$oldPath}%' AND {$limitationIDString}";
             $db->query($query);
             $expireRoleCache = true;
         }
         // clean up limitations on role assignment level
         $countRows = $db->arrayQuery("SELECT COUNT(*) AS row_count FROM ezuser_role WHERE limit_identifier='Subtree' AND limit_value LIKE '{$oldPath}%'");
         $assignmentsToFixCount = $countRows[0]['row_count'];
         if ($assignmentsToFixCount > 0) {
             $subStringString = $db->subString('limit_value', $oldPathLength);
             $newValue = $db->concatString(array("'{$newPath}'", $subStringString));
             $db->query("UPDATE\n                                ezuser_role\n                             SET\n                                limit_value = {$newValue}\n                             WHERE\n                                limit_identifier='Subtree' AND limit_value LIKE '{$oldPath}%'");
             $expireRoleCache = true;
         }
         if ($expireRoleCache) {
             eZRole::expireCache();
         }
         // Update "is_invisible" node attribute.
         $newNode = eZContentObjectTreeNode::fetch($nodeID);
         eZContentObjectTreeNode::updateNodeVisibility($newNode, $newParentNode);
         $db->commit();
     }
 }
 /**
  * Fetch policy list
  * Used by fetch( 'user', 'user_role', hash( 'user_id', $id ) ) template function.
  *
  * @param int $id User id or normal content object id in case of none user object (user group)
  * @return array(string=>array)
  */
 function fetchUserRole($id)
 {
     $user = eZUser::fetch($id);
     if ($user instanceof eZUser) {
         $roleList = $user->roles();
     } else {
         // user group or other non user classes:
         $roleList = eZRole::fetchByUser(array($id), true);
     }
     $accessArray = array();
     foreach (array_keys($roleList) as $roleKey) {
         $role = $roleList[$roleKey];
         $accessArray = array_merge_recursive($accessArray, $role->accessArray(true));
     }
     $resultArray = array();
     foreach ($accessArray as $moduleKey => $module) {
         $moduleName = $moduleKey;
         if ($moduleName != '*') {
             foreach ($module as $functionKey => $function) {
                 $functionName = $functionKey;
                 if ($functionName != '*') {
                     $hasLimitation = true;
                     foreach ($function as $limitationKey) {
                         if ($limitationKey == '*') {
                             $hasLimitation = false;
                             $limitationValue = '*';
                             $resultArray[] = array('moduleName' => $moduleName, 'functionName' => $functionName, 'limitation' => $limitationValue);
                         }
                     }
                     if ($hasLimitation) {
                         foreach ($function as $limitationKey => $limitation) {
                             if ($limitationKey !== '*') {
                                 $policyID = str_replace('p_', '', $limitationKey);
                                 $userRoleIdSeperator = strpos($policyID, '_');
                                 if ($userRoleIdSeperator !== false) {
                                     $policyID = substr($policyID, 0, $userRoleIdSeperator);
                                 }
                                 $limitationValue = eZPolicyLimitation::fetchByPolicyID($policyID);
                                 $resultArray[] = array('moduleName' => $moduleName, 'functionName' => $functionName, 'limitation' => $limitationValue);
                             } else {
                                 $limitationValue = '*';
                                 $resultArray[] = array('moduleName' => $moduleName, 'functionName' => $functionName, 'limitation' => $limitationValue);
                                 break;
                             }
                         }
                     }
                 } else {
                     $limitationValue = '*';
                     $resultArray[] = array('moduleName' => $moduleName, 'functionName' => $functionName, 'limitation' => $limitationValue);
                     break;
                 }
             }
         } else {
             $functionName = '*';
             $resultArray[] = array('moduleName' => '*', 'functionName' => $functionName, 'limitation' => '*');
             break;
         }
     }
     return array('result' => $resultArray);
 }
Ejemplo n.º 9
0
 function canBeRemoved($sectionID = false)
 {
     if ($sectionID === false) {
         $sectionID = $this->attribute('id');
     }
     $objects = eZPersistentObject::fetchObjectList(eZContentObject::definition(), null, array('section_id' => $sectionID));
     $limitations = eZPolicyLimitation::findByType('Section', $sectionID, true, false);
     $userRoles = eZRole::fetchRolesByLimitation('section', $sectionID);
     if (count($objects) > 0 or count($limitations) > 0 or count($userRoles) > 0) {
         return false;
     } else {
         return true;
     }
 }
Ejemplo n.º 10
0
 static function cleanupByNode($node)
 {
     // Clean up role assignments with limitations related to this object
     $db = eZDB::instance();
     $db->begin();
     $pathString = $node->attribute('path_string');
     $nodeID = $node->attribute('node_id');
     $db->query("DELETE FROM ezuser_role\n                     WHERE limit_value LIKE '{$pathString}%' AND limit_identifier='Subtree'");
     // Clean up subtree limitations related to this object
     $limitationsToFix = eZPolicyLimitation::findByType('SubTree', $node->attribute('path_string'), true, true);
     foreach ($limitationsToFix as $limitation) {
         $values = $limitation->attribute('values');
         $valueCount = count($values);
         if ($valueCount > 0) {
             foreach ($values as $value) {
                 if (strpos($value->attribute('value'), $node->attribute('path_string')) === 0) {
                     $value->remove();
                     $valueCount--;
                 }
             }
         }
         if ($valueCount == 0) {
             $policy = eZPolicy::fetch($limitation->attribute('policy_id'));
             if (is_object($policy)) {
                 $policy->removeThis();
             }
         }
     }
     $limitationsToFixNode = eZPolicyLimitation::findByType('Node', $node->attribute('node_id'));
     foreach ($limitationsToFixNode as $limitation) {
         $values = $limitation->attribute('values');
         $valueCount = count($values);
         if ($valueCount > 0) {
             foreach ($values as $value) {
                 if ($value->attribute('value') == $node->attribute('node_id')) {
                     $value->remove();
                     $valueCount--;
                 }
             }
         }
         if ($valueCount == 0) {
             $policy = eZPolicy::fetch($limitation->attribute('policy_id'));
             if (is_object($policy)) {
                 $policy->removeThis();
             }
         }
     }
     eZRole::expireCache();
     $db->commit();
 }
Ejemplo n.º 11
0
 function removeThis()
 {
     eZPolicyLimitation::removeByID($this->attribute('id'));
 }