public function save()
{
if (Loader::helper('validation/token')->validate('save_permissions')) {
$fs = FileSet::getGlobal();
$tp = new TaskPermission();
if ($tp->canAccessTaskPermissions()) {
$permissions = PermissionKey::getList('file_set');
foreach ($permissions as $pk) {
$pk->setPermissionObject($fs);
$paID = $_POST['pkID'][$pk->getPermissionKeyID()];
$pt = $pk->getPermissionAssignmentObject();
$pt->clearPermissionAssignment();
if ($paID > 0) {
$pa = PermissionAccess::getByID($paID, $pk);
if (is_object($pa)) {
$pt->assignPermissionAccess($pa);
}
}
}
$this->redirect('/dashboard/system/permissions/files', 'updated');
}
} else {
$this->error->add(Loader::helper("validation/token")->getErrorMessage());
}
}
public function setPermissionObject(FileSet $fs)
{
$this->permissionObject = $fs;
if ($fs->overrideGlobalPermissions()) {
$this->permissionObjectToCheck = $fs;
} else {
$fs = FileSet::getGlobal();
$this->permissionObjectToCheck = $fs;
}
}
public function __construct()
{
$fp = new Permissions(\FileSet::getGlobal());
$tp = new Permissions();
$this->assets = ResponseAssetGroup::get();
$this->token = Core::make("token")->generate('editor');
$this->setAllowFileManager($fp->canAccessFileManager());
$this->setAllowSitemap($tp->canAccessSitemap());
$this->pluginManager = new PluginManager();
$this->pluginManager->selectMultiple(\Package::getByHandle('community_ckeditor')->getConfig()->get('plugins', array()));
}
public function setPermissionObject(File $f)
{
$this->permissionObject = $f;
if ($f->overrideFileSetPermissions()) {
$this->permissionObjectToCheck = $f;
} else {
$sets = $f->getFileSets();
$permsets = array();
foreach ($sets as $fs) {
if ($fs->overrideGlobalPermissions()) {
$permsets[] = $fs;
}
}
if (count($permsets) > 0) {
$this->permissionObjectToCheck = $permsets;
} else {
$fs = FileSet::getGlobal();
$this->permissionObjectToCheck = $fs;
}
}
}
?>
<?php
ob_start();
?>
<?php
echo Loader::element('permission/help');
?>
<?php
$help = ob_get_contents();
?>
<?php
ob_end_clean();
?>
<?php
$fs = FileSet::getGlobal();
?>
<form method="post" action="<?php
echo $view->action('save');
?>
" id="ccm-permission-list-form">
<?php
echo Loader::helper('validation/token')->output('save_permissions');
?>
<div class="ccm-pane-body">
<?php
$tp = new TaskPermission();
if ($tp->canAccessTaskPermissions()) {
?>
public function set_site_permissions()
{
Loader::model('file_set');
$fs = FileSet::getGlobal();
$g1 = Group::getByID(GUEST_GROUP_ID);
$g2 = Group::getByID(REGISTERED_GROUP_ID);
$g3 = Group::getByID(ADMIN_GROUP_ID);
$fs->assignPermissions($g1, array('view_file_set_file'));
$fs->assignPermissions($g3, array('view_file_set_file', 'search_file_set', 'edit_file_set_file_properties', 'edit_file_set_file_contents', 'copy_file_set_files', 'edit_file_set_permissions', 'delete_file_set_files', 'delete_file_set', 'add_file'));
if (defined('ACTIVE_LOCALE') && ACTIVE_LOCALE != '' && ACTIVE_LOCALE != 'en_US') {
Config::save('SITE_LOCALE', ACTIVE_LOCALE);
}
Config::save('SITE', SITE);
Config::save('SITE_APP_VERSION', APP_VERSION);
Config::save('SITE_INSTALLED_APP_VERSION', APP_VERSION);
$u = new User();
$u->saveConfig('NEWSFLOW_LAST_VIEWED', 'FIRSTRUN');
$home = Page::getByID(1, "RECENT");
$home->assignPermissions($g1, array('view_page'));
$home->assignPermissions($g3, array('view_page_versions', 'preview_page_as_user', 'edit_page_properties', 'edit_page_contents', 'edit_page_speed_settings', 'edit_page_theme', 'edit_page_type', 'edit_page_permissions', 'delete_page', 'delete_page_versions', 'approve_page_versions', 'add_subpage', 'move_or_copy_page', 'schedule_page_contents_guest_access'));
}
public function save_global_permissions() {
$vt = Loader::helper('validation/token');
if (!$vt->validate("file_permissions")) {
$this->set('error', array($vt->getErrorMessage()));
return;
}
$p = $this->post();
Loader::model('file_set');
$fs = FileSet::getGlobal();
$this->setFileSetPermissions($fs, $p);
$this->redirect('/dashboard/system/permissions/files', 'global_permissions_saved');
}
protected function migrateFileSetPermissions()
{
$db = Loader::db();
$tables = $db->MetaTables();
if (!in_array('FileSetPermissions', $tables)) {
return false;
}
// permissions
$fpe = FileUploaderPermissionAccessEntity::getOrCreate();
$permissionMap = array('canRead' => array(PermissionKey::getByHandle('view_file_set_file')), 'canSearch' => array(PermissionKey::getByHandle('search_file_set')), 'canWrite' => array(PermissionKey::getByHandle('edit_file_set_file_properties'), PermissionKey::getByHandle('edit_file_set_file_contents'), PermissionKey::getByHandle('copy_file_set_files'), PermissionKey::getByHandle('delete_file_set_files')), 'canAdmin' => array(PermissionKey::getByHandle('edit_file_set_permissions'), PermissionKey::getByHandle('delete_file_set')));
$r = $db->Execute('select * from FileSetPermissions order by fsID asc');
while ($row = $r->FetchRow()) {
$pe = $this->migrateAccessEntity($row);
if (!$pe) {
continue;
}
if ($row['fsID'] > 0) {
$fs = FileSet::getByID($row['fsID']);
} else {
$fs = FileSet::getGlobal();
}
$permissions = $this->getFileSetPermissionsArray($row);
if (is_object($fs)) {
foreach ($permissions as $p => $accessType) {
if ($accessType == self::ACCESS_TYPE_MINE) {
$_pe = $fpe;
} else {
$_pe = $pe;
}
$permissionsToApply = $permissionMap[$p];
foreach ($permissionsToApply as $pko) {
$pko->setPermissionObject($fs);
$pt = $pko->getPermissionAssignmentObject();
$pa = $pko->getPermissionAccessObject();
if (!is_object($pa)) {
$pa = PermissionAccess::create($pko);
} else {
if ($pa->isPermissionAccessInUse()) {
$pa = $pa->duplicate();
}
}
$pa->addListItem($_pe, false, FileSetPermissionKey::ACCESS_TYPE_INCLUDE);
$pt->assignPermissionAccess($pa);
}
}
}
}
}
public static function getGlobal()
{
$fs = FileSet::getGlobal();
$fsp = new Permissions($fs);
return $fsp;
}
public static function getGlobal()
{
Loader::model('file_set');
$fs = FileSet::getGlobal();
$fsp = new Permissions($fs);
return $fsp;
}
public function run()
{
$db = Loader::db();
$tables = $db->MetaTables('TABLES');
if (in_array('btFormQuestions', $tables)) {
//$db->CacheFlush();
//$db->setDebug(true);
$questionsWithBIDs = $db->getAll('SELECT max(bID) AS bID, btForm.questionSetId AS qSetId FROM `btForm` GROUP BY questionSetId');
foreach ($questionsWithBIDs as $questionsWithBID) {
$vals = array(intval($questionsWithBID['bID']), intval($questionsWithBID['qSetId']));
$rs = $db->query('UPDATE btFormQuestions SET bID=? WHERE questionSetId=? AND bID=0', $vals);
}
}
// now we populate files
$num = $db->GetOne("select count(*) from Files");
if ($num < 1) {
$r = $db->Execute("select btFile.*, Blocks.bDateAdded from btFile inner join Blocks on btFile.bID = Blocks.bID");
while ($row = $r->fetchRow()) {
$v = array($row['bID'], 1, $row['filename'], null, '', $row['origfilename'], $row['bDateAdded']);
$db->Execute("insert into FileVersions (fID, fvID, fvFilename, fvPrefix, fvExtension, fvTitle, fvDateAdded) values (?, ?, ?, ?, ?, ?, ?)", $v);
$db->Execute("insert into Files (fID, fDateAdded) values (?, ?)", array($row['bID'], $row['bDateAdded']));
}
}
Loader::model('single_page');
// Rename Forms to Reports
$p = Page::getByPath('/dashboard/mediabrowser');
if (!$p->isError()) {
$p->delete();
}
$p = Page::getByPath('/dashboard/files');
if ($p->isError()) {
$d2 = SinglePage::add('/dashboard/files');
$d2a = SinglePage::add('/dashboard/files/search');
$d2b = SinglePage::add('/dashboard/files/attributes');
$d2c = SinglePage::add('/dashboard/files/sets');
$d2d = SinglePage::add('/dashboard/files/access');
$d2->update(array('cName' => t('File Manager'), 'cDescription' => t('All documents and images.')));
$d3b = SinglePage::add('/dashboard/reports/surveys');
}
$p = Page::getByPath('/dashboard/scrapbook');
if ($p->isError()) {
$d3 = SinglePage::add('/dashboard/scrapbook');
$d3b = SinglePage::add('/dashboard/scrapbook/user');
$d3a = SinglePage::add('/dashboard/scrapbook/global');
$d3->update(array('cName' => t('Scrapbook'), 'cDescription' => t('Share content across your site.')));
}
Loader::model('file_set');
Loader::model('groups');
$htbt = BlockType::getByHandle('html');
if (!is_object($htbt)) {
BlockType::installBlockType('html');
}
$g1 = Group::getByID(GUEST_GROUP_ID);
$g2 = Group::getByID(REGISTERED_GROUP_ID);
$g3 = Group::getByID(ADMIN_GROUP_ID);
$fs = FileSet::getGlobal();
$fs->setPermissions($g1, FilePermissions::PTYPE_NONE, FilePermissions::PTYPE_ALL, FilePermissions::PTYPE_NONE, FilePermissions::PTYPE_NONE, FilePermissions::PTYPE_NONE);
$fs->setPermissions($g2, FilePermissions::PTYPE_NONE, FilePermissions::PTYPE_ALL, FilePermissions::PTYPE_NONE, FilePermissions::PTYPE_NONE, FilePermissions::PTYPE_NONE);
$fs->setPermissions($g3, FilePermissions::PTYPE_ALL, FilePermissions::PTYPE_ALL, FilePermissions::PTYPE_ALL, FilePermissions::PTYPE_ALL, FilePermissions::PTYPE_ALL);
$p = Page::getByPath('/dashboard/reports/surveys');
if ($p->isError()) {
$p = SinglePage::add('/dashboard/reports/surveys');
}
}
protected function setupFilePermissions()
{
$u = new User();
if ($this->permissionLevel == false || $u->isSuperUser()) {
return false;
}
$accessEntities = $u->getUserAccessEntityObjects();
foreach ($accessEntities as $pae) {
$peIDs[] = $pae->getAccessEntityID();
}
$db = Loader::db();
// figure out which sets can read files in, not read files in, and read only my files in.
$fsIDs = $db->GetCol('select fsID from FileSets where fsOverrideGlobalPermissions = 1');
$viewableSets = array(-1);
$nonviewableSets = array(-1);
$myviewableSets = array(-1);
$owpae = FileUploaderPermissionAccessEntity::getOrCreate();
if (count($fsIDs) > 0) {
$pk = PermissionKey::getByHandle($this->permissionLevel);
foreach ($fsIDs as $fsID) {
$fs = FileSet::getByID($fsID);
$pk->setPermissionObject($fs);
$list = $pk->getAccessListItems(PermissionKey::ACCESS_TYPE_ALL, $accessEntities);
$list = PermissionDuration::filterByActive($list);
if (count($list) > 0) {
foreach ($list as $l) {
$pae = $l->getAccessEntityObject();
if ($pae->getAccessEntityID() == $owpae->getAccessEntityID()) {
$myviewableSets[] = $fs->getFileSetID();
} else {
if ($l->getAccessType() == PermissionKey::ACCESS_TYPE_INCLUDE) {
$viewableSets[] = $fs->getFileSetID();
}
if ($l->getAccessType() == PermissionKey::ACCESS_TYPE_EXCLUDE) {
$nonviewableSets[] = $fs->getFileSetID();
}
}
}
} else {
$nonviewableSets[] = $fs->getFileSetID();
}
}
}
$fs = FileSet::getGlobal();
$fk = PermissionKey::getByHandle('search_file_set');
$fk->setPermissionObject($fs);
$accessEntities[] = $owpae;
$list = $fk->getAccessListItems(PermissionKey::ACCESS_TYPE_ALL, $accessEntities);
$list = PermissionDuration::filterByActive($list);
foreach ($list as $l) {
$pae = $l->getAccessEntityObject();
if ($pae->getAccessEntityID() == $owpae->getAccessEntityID()) {
$valid = 'mine';
} else {
if ($l->getAccessType() == PermissionKey::ACCESS_TYPE_INCLUDE) {
$valid = PermissionKey::ACCESS_TYPE_INCLUDE;
}
if ($l->getAccessType() == PermissionKey::ACCESS_TYPE_EXCLUDE) {
$valid = PermissionKey::ACCESS_TYPE_EXCLUDE;
}
}
}
$uID = $u->isRegistered() ? $u->getUserID() : 0;
// This excludes all files found in sets where I may only read mine, and I did not upload the file
$this->filter(false, '(f.uID = ' . $uID . ' or (select count(fID) from FileSetFiles where FileSetFiles.fID = f.fID and fsID in (' . implode(',', $myviewableSets) . ')) = 0)');
if ($valid == 'mine') {
// this means that we're only allowed to read files we've uploaded (unless, of course, those files are in previously covered sets)
$this->filter(false, '(f.uID = ' . $uID . ' or (select count(fID) from FileSetFiles where FileSetFiles.fID = f.fID and fsID in (' . implode(',', $viewableSets) . ')) > 0)');
}
// this excludes all file that are found in sets that I can't find
$this->filter(false, '((select count(fID) from FileSetFiles where FileSetFiles.fID = f.fID and fsID in (' . implode(',', $nonviewableSets) . ')) = 0)');
$uID = $u->isRegistered() ? $u->getUserID() : 0;
// This excludes all files found in sets where I may only read mine, and I did not upload the file
$this->filter(false, '(f.uID = ' . $uID . ' or (select count(fID) from FileSetFiles where FileSetFiles.fID = f.fID and fsID in (' . implode(',', $myviewableSets) . ')) = 0)');
$db = Loader::db();
$vpvPKID = $db->GetOne('select pkID from PermissionKeys where pkHandle = \'view_file\'');
if ($this->permissionLevel == 'search_file_set') {
$vpPKID = $db->GetOne('select pkID from PermissionKeys where pkHandle = \'view_file_in_file_manager\'');
} else {
$vpPKID = $vpvPKID;
}
$pdIDs = $db->GetCol("select distinct pdID from FilePermissionAssignments fpa inner join PermissionAccessList pal on fpa.paID = pal.paID where pkID in (?, ?) and pdID > 0", array($vpPKID, $vpvPKID));
$activePDIDs = array();
if (count($pdIDs) > 0) {
// then we iterate through all of them and find any that are active RIGHT NOW
foreach ($pdIDs as $pdID) {
$pd = PermissionDuration::getByID($pdID);
if ($pd->isActive()) {
$activePDIDs[] = $pd->getPermissionDurationID();
}
}
}
$activePDIDs[] = 0;
// exclude files where its overridden but I don't have the ability to read
$this->filter(false, "(f.fOverrideSetPermissions = 0 or (select count(fID) from FilePermissionAssignments fpa inner join PermissionAccessList fpal on fpa.paID = fpal.paID where fpa.fID = f.fID and fpal.accessType = " . PermissionKey::ACCESS_TYPE_INCLUDE . " and fpal.pdID in (" . implode(',', $activePDIDs) . ") and fpal.peID in (" . implode(',', $peIDs) . ") and (if(fpal.peID = " . $owpae->getAccessEntityID() . " and f.uID <> " . $uID . ", false, true)) and (fpa.pkID = " . $vpPKID . ")) > 0)");
// exclude detail files where read is excluded
$this->filter(false, "f.fID not in (select ff.fID from Files ff inner join FilePermissionAssignments fpaExclude on ff.fID = fpaExclude.fID inner join PermissionAccessList palExclude on fpaExclude.paID = palExclude.paID where fOverrideSetPermissions = 1 and palExclude.accessType = " . PermissionKey::ACCESS_TYPE_EXCLUDE . " and palExclude.pdID in (" . implode(',', $activePDIDs) . ")\n\t\t\tand palExclude.peID in (" . implode(',', $peIDs) . ") and fpaExclude.pkID in (" . $vpPKID . "," . $vpvPKID . "))");
}
public function set_site_permissions() {
$ci = new ContentImporter();
$ci->importContentFile(DIR_BASE_CORE. '/config/install/base/permissions.xml');
Loader::model('file_set');
$fs = FileSet::getGlobal();
$g1 = Group::getByID(GUEST_GROUP_ID);
$g2 = Group::getByID(REGISTERED_GROUP_ID);
$g3 = Group::getByID(ADMIN_GROUP_ID);
$fs->setPermissions($g1, FilePermissions::PTYPE_NONE, FilePermissions::PTYPE_ALL, FilePermissions::PTYPE_NONE, FilePermissions::PTYPE_NONE, FilePermissions::PTYPE_NONE);
$fs->setPermissions($g2, FilePermissions::PTYPE_NONE, FilePermissions::PTYPE_ALL, FilePermissions::PTYPE_NONE, FilePermissions::PTYPE_NONE, FilePermissions::PTYPE_NONE);
$fs->setPermissions($g3, FilePermissions::PTYPE_ALL, FilePermissions::PTYPE_ALL, FilePermissions::PTYPE_ALL, FilePermissions::PTYPE_ALL, FilePermissions::PTYPE_ALL);
Config::save('SITE', SITE);
Config::save('SITE_APP_VERSION', APP_VERSION);
$u = new User();
$u->saveConfig('NEWSFLOW_LAST_VIEWED', 'FIRSTRUN');
$args = array();
$args['cInheritPermissionsFrom'] = 'OVERRIDE';
$args['cOverrideTemplatePermissions'] = 1;
$args['collectionRead'][] = 'gID:' . GUEST_GROUP_ID;
$args['collectionAdmin'][] = 'gID:' . ADMIN_GROUP_ID;
$args['collectionRead'][] = 'gID:' . ADMIN_GROUP_ID;
$args['collectionApprove'][] = 'gID:' . ADMIN_GROUP_ID;
$args['collectionReadVersions'][] = 'gID:' . ADMIN_GROUP_ID;
$args['collectionWrite'][] = 'gID:' . ADMIN_GROUP_ID;
$args['collectionDelete'][] = 'gID:' . ADMIN_GROUP_ID;
$home = Page::getByID(1, "RECENT");
$home->updatePermissions($args);
}
