public static function getAccessEntitiesForUser($user) {
$entities = array();
$db = Loader::db();
if ($user->isRegistered()) {
$pae = FileUploaderPermissionAccessEntity::getOrCreate();
$r = $db->GetOne('select fID from Files where uID = ?', array($user->getUserID()));
if ($r > 0) {
$entities[] = $pae;
}
}
return $entities;
}
protected function migrateFileSetPermissions()
{
$db = Loader::db();
$tables = $db->MetaTables();
if (!in_array('FileSetPermissions', $tables)) {
return false;
}
// permissions
$fpe = FileUploaderPermissionAccessEntity::getOrCreate();
$permissionMap = array('canRead' => array(PermissionKey::getByHandle('view_file_set_file')), 'canSearch' => array(PermissionKey::getByHandle('search_file_set')), 'canWrite' => array(PermissionKey::getByHandle('edit_file_set_file_properties'), PermissionKey::getByHandle('edit_file_set_file_contents'), PermissionKey::getByHandle('copy_file_set_files'), PermissionKey::getByHandle('delete_file_set_files')), 'canAdmin' => array(PermissionKey::getByHandle('edit_file_set_permissions'), PermissionKey::getByHandle('delete_file_set')));
$r = $db->Execute('select * from FileSetPermissions order by fsID asc');
while ($row = $r->FetchRow()) {
$pe = $this->migrateAccessEntity($row);
if (!$pe) {
continue;
}
if ($row['fsID'] > 0) {
$fs = FileSet::getByID($row['fsID']);
} else {
$fs = FileSet::getGlobal();
}
$permissions = $this->getFileSetPermissionsArray($row);
if (is_object($fs)) {
foreach ($permissions as $p => $accessType) {
if ($accessType == self::ACCESS_TYPE_MINE) {
$_pe = $fpe;
} else {
$_pe = $pe;
}
$permissionsToApply = $permissionMap[$p];
foreach ($permissionsToApply as $pko) {
$pko->setPermissionObject($fs);
$pt = $pko->getPermissionAssignmentObject();
$pa = $pko->getPermissionAccessObject();
if (!is_object($pa)) {
$pa = PermissionAccess::create($pko);
} else {
if ($pa->isPermissionAccessInUse()) {
$pa = $pa->duplicate();
}
}
$pa->addListItem($_pe, false, FileSetPermissionKey::ACCESS_TYPE_INCLUDE);
$pt->assignPermissionAccess($pa);
}
}
}
}
}
protected function setupFilePermissions()
{
$u = new User();
if ($this->permissionLevel == false || $u->isSuperUser()) {
return false;
}
$accessEntities = $u->getUserAccessEntityObjects();
foreach ($accessEntities as $pae) {
$peIDs[] = $pae->getAccessEntityID();
}
$db = Loader::db();
// figure out which sets can read files in, not read files in, and read only my files in.
$fsIDs = $db->GetCol('select fsID from FileSets where fsOverrideGlobalPermissions = 1');
$viewableSets = array(-1);
$nonviewableSets = array(-1);
$myviewableSets = array(-1);
$owpae = FileUploaderPermissionAccessEntity::getOrCreate();
if (count($fsIDs) > 0) {
$pk = PermissionKey::getByHandle($this->permissionLevel);
foreach ($fsIDs as $fsID) {
$fs = FileSet::getByID($fsID);
$pk->setPermissionObject($fs);
$list = $pk->getAccessListItems(PermissionKey::ACCESS_TYPE_ALL, $accessEntities);
$list = PermissionDuration::filterByActive($list);
if (count($list) > 0) {
foreach ($list as $l) {
$pae = $l->getAccessEntityObject();
if ($pae->getAccessEntityID() == $owpae->getAccessEntityID()) {
$myviewableSets[] = $fs->getFileSetID();
} else {
if ($l->getAccessType() == PermissionKey::ACCESS_TYPE_INCLUDE) {
$viewableSets[] = $fs->getFileSetID();
}
if ($l->getAccessType() == PermissionKey::ACCESS_TYPE_EXCLUDE) {
$nonviewableSets[] = $fs->getFileSetID();
}
}
}
} else {
$nonviewableSets[] = $fs->getFileSetID();
}
}
}
$fs = FileSet::getGlobal();
$fk = PermissionKey::getByHandle('search_file_set');
$fk->setPermissionObject($fs);
$accessEntities[] = $owpae;
$list = $fk->getAccessListItems(PermissionKey::ACCESS_TYPE_ALL, $accessEntities);
$list = PermissionDuration::filterByActive($list);
foreach ($list as $l) {
$pae = $l->getAccessEntityObject();
if ($pae->getAccessEntityID() == $owpae->getAccessEntityID()) {
$valid = 'mine';
} else {
if ($l->getAccessType() == PermissionKey::ACCESS_TYPE_INCLUDE) {
$valid = PermissionKey::ACCESS_TYPE_INCLUDE;
}
if ($l->getAccessType() == PermissionKey::ACCESS_TYPE_EXCLUDE) {
$valid = PermissionKey::ACCESS_TYPE_EXCLUDE;
}
}
}
$uID = $u->isRegistered() ? $u->getUserID() : 0;
// This excludes all files found in sets where I may only read mine, and I did not upload the file
$this->filter(false, '(f.uID = ' . $uID . ' or (select count(fID) from FileSetFiles where FileSetFiles.fID = f.fID and fsID in (' . implode(',', $myviewableSets) . ')) = 0)');
if ($valid == 'mine') {
// this means that we're only allowed to read files we've uploaded (unless, of course, those files are in previously covered sets)
$this->filter(false, '(f.uID = ' . $uID . ' or (select count(fID) from FileSetFiles where FileSetFiles.fID = f.fID and fsID in (' . implode(',', $viewableSets) . ')) > 0)');
}
// this excludes all file that are found in sets that I can't find
$this->filter(false, '((select count(fID) from FileSetFiles where FileSetFiles.fID = f.fID and fsID in (' . implode(',', $nonviewableSets) . ')) = 0)');
$uID = $u->isRegistered() ? $u->getUserID() : 0;
// This excludes all files found in sets where I may only read mine, and I did not upload the file
$this->filter(false, '(f.uID = ' . $uID . ' or (select count(fID) from FileSetFiles where FileSetFiles.fID = f.fID and fsID in (' . implode(',', $myviewableSets) . ')) = 0)');
$db = Loader::db();
$vpvPKID = $db->GetOne('select pkID from PermissionKeys where pkHandle = \'view_file\'');
if ($this->permissionLevel == 'search_file_set') {
$vpPKID = $db->GetOne('select pkID from PermissionKeys where pkHandle = \'view_file_in_file_manager\'');
} else {
$vpPKID = $vpvPKID;
}
$pdIDs = $db->GetCol("select distinct pdID from FilePermissionAssignments fpa inner join PermissionAccessList pal on fpa.paID = pal.paID where pkID in (?, ?) and pdID > 0", array($vpPKID, $vpvPKID));
$activePDIDs = array();
if (count($pdIDs) > 0) {
// then we iterate through all of them and find any that are active RIGHT NOW
foreach ($pdIDs as $pdID) {
$pd = PermissionDuration::getByID($pdID);
if ($pd->isActive()) {
$activePDIDs[] = $pd->getPermissionDurationID();
}
}
}
$activePDIDs[] = 0;
// exclude files where its overridden but I don't have the ability to read
$this->filter(false, "(f.fOverrideSetPermissions = 0 or (select count(fID) from FilePermissionAssignments fpa inner join PermissionAccessList fpal on fpa.paID = fpal.paID where fpa.fID = f.fID and fpal.accessType = " . PermissionKey::ACCESS_TYPE_INCLUDE . " and fpal.pdID in (" . implode(',', $activePDIDs) . ") and fpal.peID in (" . implode(',', $peIDs) . ") and (if(fpal.peID = " . $owpae->getAccessEntityID() . " and f.uID <> " . $uID . ", false, true)) and (fpa.pkID = " . $vpPKID . ")) > 0)");
// exclude detail files where read is excluded
$this->filter(false, "f.fID not in (select ff.fID from Files ff inner join FilePermissionAssignments fpaExclude on ff.fID = fpaExclude.fID inner join PermissionAccessList palExclude on fpaExclude.paID = palExclude.paID where fOverrideSetPermissions = 1 and palExclude.accessType = " . PermissionKey::ACCESS_TYPE_EXCLUDE . " and palExclude.pdID in (" . implode(',', $activePDIDs) . ")\n\t\t\tand palExclude.peID in (" . implode(',', $peIDs) . ") and fpaExclude.pkID in (" . $vpPKID . "," . $vpvPKID . "))");
}
<?php
defined('C5_EXECUTE') or die("Access Denied.");
if (Loader::helper('validation/token')->validate('process')) {
$js = Loader::helper('json');
$obj = new stdClass();
$pae = FileUploaderPermissionAccessEntity::getOrCreate();
$obj->peID = $pae->getAccessEntityID();
$obj->label = $pae->getAccessEntityLabel();
print $js->encode($obj);
}
