public function tearDown()
{
eZPolicyLimitation::removeByID($this->policy->attribute('id'));
eZPolicy::removeByID($this->policy->attribute('id'));
$this->policy = null;
parent::tearDown();
}
static function removeByValue($value, $policyID = false)
{
if ($policyID) {
$limitationIDList = array();
$limitations = eZPolicyLimitation::fetchByPolicyID($policyID, false);
foreach ($limitations as $limitationArray) {
$limitationIDList[] = $limitationArray['id'];
}
if (count($limitationIDList) > 0) {
eZPersistentObject::removeObject(eZPolicyLimitationValue::definition(), array('limitation_id' => array($limitationIDList), "value" => $value));
return;
}
}
eZPersistentObject::removeObject(eZPolicyLimitationValue::definition(), array("value" => $value));
}
function fetchRoles($sectionID)
{
$policies = $roleIDs = $usedRoleIDs = $roles = $roleLimitations = array();
$limitations = eZPolicyLimitation::findByType('Section', $sectionID, true, false);
foreach ($limitations as $policyEntry) {
$policy = $policyEntry->policy();
$policies[] = $policy;
$roleID = $policy->attribute('role_id');
$roleIDs[] = $roleID;
if (!isset($roleLimitations[$roleID])) {
$roleLimitations[$roleID] = array();
}
$roleLimitations[$roleID][] = $policy;
}
foreach ($policies as $policy) {
$roleID = $policy->attribute('role_id');
if (in_array($roleID, $roleIDs) && !in_array($roleID, $usedRoleIDs)) {
$roles[] = $policy->attribute('role');
$usedRoleIDs[] = $roleID;
}
}
return array('result' => array('roles' => $roles, 'limited_policies' => $roleLimitations));
}
/**
* Applies the POST submitted limitations as found in the dropdowns
* @param eZPolicy $policy
* @param string $currentModule
* @param string $currentFunction
* @param array $currentFunctionLimitations
*
* @return bool True if limitations were found, false otherwise
*/
function processDropdownLimitations( &$policy, $currentModule, $currentFunction, $currentFunctionLimitations )
{
$hasLimitation = false;
$http = eZHTTPTool::instance();
$db = eZDB::instance();
$db->begin();
foreach ( $currentFunctionLimitations as $functionLimitation )
{
if ( $http->hasPostVariable( $functionLimitation['name'] ) and
$functionLimitation['name'] != 'Node' and
$functionLimitation['name'] != 'Subtree' )
{
$limitationValueList = $http->postVariable( $functionLimitation['name'] );
if ( !in_array('-1', $limitationValueList ) )
{
$hasLimitation = true;
$policyLimitation = eZPolicyLimitation::createNew( $policy->attribute( 'id' ),
$functionLimitation['name'] );
foreach ( $limitationValueList as $limitationValue )
{
eZPolicyLimitationValue::createNew( $policyLimitation->attribute( 'id' ), $limitationValue );
}
}
}
}
$db->commit();
return $hasLimitation;
}
}
}
if ($http->hasPostVariable('Limitation') && count($currentFunctionLimitations) == 0) {
$currentModule = $http->postVariable('CurrentModule');
$currentFunction = $http->postVariable('ModuleFunction');
eZDebugSetting::writeDebug('kernel-role-edit', $currentModule, 'currentModule');
$policy = eZPolicy::createNew($roleID, array('ModuleName' => $currentModule, 'FunctionName' => $currentFunction));
} else {
$db->commit();
$currentLimitationList = array();
foreach ($currentFunctionLimitations as $currentFunctionLimitation) {
$limitationName = $currentFunctionLimitation['name'];
$currentLimitationList[$limitationName] = '-1';
}
if (isset($policyID)) {
$limitationList = eZPolicyLimitation::fetchByPolicyID($policyID);
foreach ($limitationList as $limitation) {
$limitationID = $limitation->attribute('id');
$limitationIdentifier = $limitation->attribute('identifier');
$limitationValues = eZPolicyLimitationValue::fetchList($limitationID);
$valueList = array();
foreach ($limitationValues as $limitationValue) {
$value = $limitationValue->attribute('value');
$valueList[] = $value;
}
$currentLimitationList[$limitationIdentifier] = $valueList;
}
}
$tpl->setVariable('current_function', $currentFunction);
$tpl->setVariable('function_limitations', $currentFunctionLimitations);
$tpl->setVariable('no_limitations', $noLimitations);
function limitationList($useCache = true, $ignoreLimitIdentifier = false)
{
if (!isset($this->Limitations) || !$useCache) {
$limitations = eZPersistentObject::fetchObjectList(eZPolicyLimitation::definition(), null, array('policy_id' => $this->attribute('id')), null, null, true);
eZDebugSetting::writeDebug('kernel-policy-limitation', $limitations, "before policy limitations " . $this->ID);
eZDebugSetting::writeDebug('kernel-policy-limitation', $this, "policy itself before before limitations check");
if ($ignoreLimitIdentifier === false && isset($this->LimitIdentifier) && $this->LimitIdentifier) {
$limitIdentifier = $this->attribute('limit_identifier');
$limitValue = $this->attribute('limit_value');
$limitationTouched = false;
$checkEmptyLimitation = true;
foreach ($limitations as $limitation) {
if ($limitation->attribute('identifier') == $limitIdentifier) {
if ($limitIdentifier == 'Subtree') {
$limitationTouched = true;
$values = $limitation->attribute('values');
foreach ($values as $limitationValue) {
$value = $limitationValue->attribute('value');
if (strpos($value, $limitValue) === 0) {
$checkEmptyLimitation = false;
eZDebugSetting::writeDebug('kernel-policy-limitation', $value, "Limitationvalue has been left in the limitation [limitValue={$limitValue}]");
} else {
if (strpos($limitValue, $value) === 0) {
$checkEmptyLimitation = false;
$limitationValue->setAttribute('value', $limitValue);
eZDebugSetting::writeDebug('kernel-policy-limitation', $value, "Limitationvalue has been exchanged to the value from cond assignment [limitValue={$limitValue}]");
} else {
eZDebugSetting::writeDebug('kernel-policy-limitation', $value, "Limitationvalue has been removed from limitation [limitValue={$limitValue}]");
//exlude limitation value from limitation..
unset($limitationValue);
}
}
}
if ($checkEmptyLimitation) {
eZDebugSetting::writeDebug('kernel-policy-limitation', $this, 'The policy has been disabled');
$this->Disabled = true;
$this->Limitations = array();
return $this->Limitations;
}
}
}
}
if (!$limitationTouched) {
$policyLimitation = new eZPolicyLimitation(array('id' => -1, 'policy_id' => $this->attribute('id'), 'identifier' => $this->attribute('limit_identifier')));
$policyLimitation->setAttribute('limit_value', $this->attribute('limit_value'));
$limitations[] = $policyLimitation;
}
}
eZDebugSetting::writeDebug('kernel-policy-limitation', $limitations, "policy limitations " . $this->ID);
$this->Limitations = $limitations;
}
return $this->Limitations;
}
function move($newParentNodeID, $nodeID = 0)
{
if ($nodeID == 0) {
$node = $this;
$nodeID = $node->attribute('node_id');
} else {
$node = eZContentObjectTreeNode::fetch($nodeID);
}
$oldPath = $node->attribute('path_string');
$oldParentNodeID = $node->attribute('parent_node_id');
$newParentNodeID = (int) $newParentNodeID;
if ($oldParentNodeID != $newParentNodeID) {
$node->updateAndStoreModified();
// Who moves which content should be logged.
$object = $node->object();
eZAudit::writeAudit('content-move', array('Node ID' => $node->attribute('node_id'), 'Old parent node ID' => $oldParentNodeID, 'New parent node ID' => $newParentNodeID, 'Object ID' => $object->attribute('id'), 'Content Name' => $object->attribute('name'), 'Comment' => 'Moved the node to the given node: eZContentObjectTreeNode::move()'));
$newParentNode = eZContentObjectTreeNode::fetch($newParentNodeID);
$newParentPath = $newParentNode->attribute('path_string');
$newParentDepth = $newParentNode->attribute('depth');
$newPath = $newParentPath . $nodeID;
$oldDepth = $node->attribute('depth');
$oldPathLength = strlen($oldPath);
$moveQuery = "UPDATE\n ezcontentobject_tree\n SET\n parent_node_id = {$newParentNodeID}\n WHERE\n node_id = {$nodeID}";
$db = eZDB::instance();
$subStringString = $db->subString('path_string', $oldPathLength);
$newPathString = $db->concatString(array("'{$newPath}'", $subStringString));
$moveQuery1 = "UPDATE\n ezcontentobject_tree\n SET\n path_identification_string = " . $db->concatString(array("'" . $db->escapeString($newParentNode->PathIdentificationString) . "'", $db->subString("path_identification_string", mb_strlen($node->PathIdentificationString) + 1))) . ",\n path_string = {$newPathString},\n depth = depth + {$newParentDepth} - {$oldDepth} + 1\n WHERE\n path_string LIKE '{$oldPath}%'";
$db->begin();
$db->query($moveQuery);
$db->query($moveQuery1);
/// role system clean up
// Clean up policies and limitations
$expireRoleCache = false;
$limitationsToFix = eZPolicyLimitation::findByType('SubTree', $node->attribute('path_string'), false);
if (count($limitationsToFix) > 0) {
$limitationIDString = $db->generateSQLINStatement($limitationsToFix, 'limitation_id');
$subStringString = $db->subString('value', $oldPathLength);
$newValue = $db->concatString(array("'{$newPath}'", $subStringString));
$query = "UPDATE\n ezpolicy_limitation_value\n SET\n value = {$newValue}\n WHERE\n value LIKE '{$oldPath}%' AND {$limitationIDString}";
$db->query($query);
$expireRoleCache = true;
}
// clean up limitations on role assignment level
$countRows = $db->arrayQuery("SELECT COUNT(*) AS row_count FROM ezuser_role WHERE limit_identifier='Subtree' AND limit_value LIKE '{$oldPath}%'");
$assignmentsToFixCount = $countRows[0]['row_count'];
if ($assignmentsToFixCount > 0) {
$subStringString = $db->subString('limit_value', $oldPathLength);
$newValue = $db->concatString(array("'{$newPath}'", $subStringString));
$db->query("UPDATE\n ezuser_role\n SET\n limit_value = {$newValue}\n WHERE\n limit_identifier='Subtree' AND limit_value LIKE '{$oldPath}%'");
$expireRoleCache = true;
}
if ($expireRoleCache) {
eZRole::expireCache();
}
// Update "is_invisible" node attribute.
$newNode = eZContentObjectTreeNode::fetch($nodeID);
eZContentObjectTreeNode::updateNodeVisibility($newNode, $newParentNode);
$db->commit();
}
}
/**
* Fetch policy list
* Used by fetch( 'user', 'user_role', hash( 'user_id', $id ) ) template function.
*
* @param int $id User id or normal content object id in case of none user object (user group)
* @return array(string=>array)
*/
function fetchUserRole($id)
{
$user = eZUser::fetch($id);
if ($user instanceof eZUser) {
$roleList = $user->roles();
} else {
// user group or other non user classes:
$roleList = eZRole::fetchByUser(array($id), true);
}
$accessArray = array();
foreach (array_keys($roleList) as $roleKey) {
$role = $roleList[$roleKey];
$accessArray = array_merge_recursive($accessArray, $role->accessArray(true));
}
$resultArray = array();
foreach ($accessArray as $moduleKey => $module) {
$moduleName = $moduleKey;
if ($moduleName != '*') {
foreach ($module as $functionKey => $function) {
$functionName = $functionKey;
if ($functionName != '*') {
$hasLimitation = true;
foreach ($function as $limitationKey) {
if ($limitationKey == '*') {
$hasLimitation = false;
$limitationValue = '*';
$resultArray[] = array('moduleName' => $moduleName, 'functionName' => $functionName, 'limitation' => $limitationValue);
}
}
if ($hasLimitation) {
foreach ($function as $limitationKey => $limitation) {
if ($limitationKey !== '*') {
$policyID = str_replace('p_', '', $limitationKey);
$userRoleIdSeperator = strpos($policyID, '_');
if ($userRoleIdSeperator !== false) {
$policyID = substr($policyID, 0, $userRoleIdSeperator);
}
$limitationValue = eZPolicyLimitation::fetchByPolicyID($policyID);
$resultArray[] = array('moduleName' => $moduleName, 'functionName' => $functionName, 'limitation' => $limitationValue);
} else {
$limitationValue = '*';
$resultArray[] = array('moduleName' => $moduleName, 'functionName' => $functionName, 'limitation' => $limitationValue);
break;
}
}
}
} else {
$limitationValue = '*';
$resultArray[] = array('moduleName' => $moduleName, 'functionName' => $functionName, 'limitation' => $limitationValue);
break;
}
}
} else {
$functionName = '*';
$resultArray[] = array('moduleName' => '*', 'functionName' => $functionName, 'limitation' => '*');
break;
}
}
return array('result' => $resultArray);
}
function canBeRemoved($sectionID = false)
{
if ($sectionID === false) {
$sectionID = $this->attribute('id');
}
$objects = eZPersistentObject::fetchObjectList(eZContentObject::definition(), null, array('section_id' => $sectionID));
$limitations = eZPolicyLimitation::findByType('Section', $sectionID, true, false);
$userRoles = eZRole::fetchRolesByLimitation('section', $sectionID);
if (count($objects) > 0 or count($limitations) > 0 or count($userRoles) > 0) {
return false;
} else {
return true;
}
}
static function cleanupByNode($node)
{
// Clean up role assignments with limitations related to this object
$db = eZDB::instance();
$db->begin();
$pathString = $node->attribute('path_string');
$nodeID = $node->attribute('node_id');
$db->query("DELETE FROM ezuser_role\n WHERE limit_value LIKE '{$pathString}%' AND limit_identifier='Subtree'");
// Clean up subtree limitations related to this object
$limitationsToFix = eZPolicyLimitation::findByType('SubTree', $node->attribute('path_string'), true, true);
foreach ($limitationsToFix as $limitation) {
$values = $limitation->attribute('values');
$valueCount = count($values);
if ($valueCount > 0) {
foreach ($values as $value) {
if (strpos($value->attribute('value'), $node->attribute('path_string')) === 0) {
$value->remove();
$valueCount--;
}
}
}
if ($valueCount == 0) {
$policy = eZPolicy::fetch($limitation->attribute('policy_id'));
if (is_object($policy)) {
$policy->removeThis();
}
}
}
$limitationsToFixNode = eZPolicyLimitation::findByType('Node', $node->attribute('node_id'));
foreach ($limitationsToFixNode as $limitation) {
$values = $limitation->attribute('values');
$valueCount = count($values);
if ($valueCount > 0) {
foreach ($values as $value) {
if ($value->attribute('value') == $node->attribute('node_id')) {
$value->remove();
$valueCount--;
}
}
}
if ($valueCount == 0) {
$policy = eZPolicy::fetch($limitation->attribute('policy_id'));
if (is_object($policy)) {
$policy->removeThis();
}
}
}
eZRole::expireCache();
$db->commit();
}
function removeThis()
{
eZPolicyLimitation::removeByID($this->attribute('id'));
}
