/**
* If this collection has already been initialized with
* an identical criteria, it returns the collection.
* Otherwise if this PermissionItem is new, it will return
* an empty collection; or if this PermissionItem has previously
* been saved, it will retrieve related PermissionToPermissionItems from storage.
*
* This method is protected by default in order to keep the public
* api reasonable. You can provide public methods for those you
* actually need in PermissionItem.
*/
public function getPermissionToPermissionItemsJoinPermission($criteria = null, $con = null, $join_behavior = Criteria::LEFT_JOIN)
{
if ($criteria === null) {
$criteria = new Criteria(PermissionItemPeer::DATABASE_NAME);
} elseif ($criteria instanceof Criteria) {
$criteria = clone $criteria;
}
if ($this->collPermissionToPermissionItems === null) {
if ($this->isNew()) {
$this->collPermissionToPermissionItems = array();
} else {
$criteria->add(PermissionToPermissionItemPeer::PERMISSION_ITEM_ID, $this->id);
$this->collPermissionToPermissionItems = PermissionToPermissionItemPeer::doSelectJoinPermission($criteria, $con, $join_behavior);
}
} else {
// the following code is to determine if a new query is
// called for. If the criteria is the same as the last
// one, just return the collection.
$criteria->add(PermissionToPermissionItemPeer::PERMISSION_ITEM_ID, $this->id);
if (!isset($this->lastPermissionToPermissionItemCriteria) || !$this->lastPermissionToPermissionItemCriteria->equals($criteria)) {
$this->collPermissionToPermissionItems = PermissionToPermissionItemPeer::doSelectJoinPermission($criteria, $con, $join_behavior);
}
}
$this->lastPermissionToPermissionItemCriteria = $criteria;
return $this->collPermissionToPermissionItems;
}
$file = fopen("{$dir}/object.{$object}.ini", 'w');
fputs($file, "[parameter_permission_items]\n");
$currentIndex = 0;
$currentObject = $object;
}
$currentIndex++;
fputs($file, "permissionItem{$currentIndex}.object = {$object}\n");
fputs($file, "permissionItem{$currentIndex}.parameter = {$parameter}\n");
fputs($file, "permissionItem{$currentIndex}.action = {$action}\n");
fputs($file, "permissionItem{$currentIndex}.partnerId = {$partnerId}\n");
fputs($file, "permissionItem{$currentIndex}.param4 = {$param4}\n");
fputs($file, "permissionItem{$currentIndex}.param5 = {$param5}\n");
fputs($file, "permissionItem{$currentIndex}.tags = {$tags}\n");
$criteria = new Criteria();
$criteria->add(PermissionToPermissionItemPeer::PERMISSION_ITEM_ID, $parameterPermissionItem->getId());
$permissionToPermissionItems = PermissionToPermissionItemPeer::doSelect($criteria);
$permissions = array();
foreach ($permissionToPermissionItems as $permissionToPermissionItem) {
/* @var $permissionToPermissionItem PermissionToPermissionItem */
if (!isset($permissionArray[$permissionToPermissionItem->getPermissionId()])) {
continue;
}
$permission = $permissionArray[$permissionToPermissionItem->getPermissionId()];
/* @var $permission Permission */
$permissionName = $permission->getName();
$permissionPartnerId = $permission->getPartnerId();
if ($permissionPartnerId != $partnerId) {
$permissionName = "{$permissionPartnerId}>{$permissionName}";
}
$permissions[] = $permissionName;
}
function addItemToPermissions($item, $permissionNames, $partnerId)
{
foreach ($permissionNames as $permissionName) {
PermissionToPermissionItemPeer::clearInstancePool();
$partnerPermission = array_map('trim', explode('>', $permissionName));
if (count($partnerPermission) === 2) {
$partnerId = trim($partnerPermission[0]);
}
$permissionName = trim(end($partnerPermission));
$c = new Criteria();
$c->addAnd(PermissionPeer::NAME, $permissionName, Criteria::EQUAL);
$c->addAnd(PermissionPeer::TYPE, array(PermissionType::NORMAL, PermissionType::PARTNER_GROUP), Criteria::IN);
$c->addAnd(PermissionPeer::PARTNER_ID, array(PartnerPeer::GLOBAL_PARTNER, $item->getPartnerId(), $partnerId), Criteria::IN);
$permission = PermissionPeer::doSelectOne($c);
if (!$permission) {
KalturaLog::alert('ERROR - Permission name [' . $permissionName . '] for partner [' . $item->getPartnerId() . '] not found in database - skipping!');
continue;
}
KalturaLog::log('Adding permission item id [' . $item->getId() . '] to permission id [' . $permission->getId() . ']');
$permission->addPermissionItem($item->getId(), true);
}
}
function removeItemFromPermissions(PermissionItem $item, array $permissionNames)
{
foreach ($permissionNames as $permissionName) {
$partnerPermission = array_map('trim', explode('>', $permissionName));
$partnerId = PartnerPeer::GLOBAL_PARTNER;
if (count($partnerPermission) === 2) {
$partnerId = trim($partnerPermission[0]);
}
$permissionName = trim(end($partnerPermission));
$c = new Criteria();
$c->addAnd(PermissionPeer::NAME, $permissionName);
$c->addAnd(PermissionPeer::TYPE, array(PermissionType::NORMAL, PermissionType::PARTNER_GROUP), Criteria::IN);
$c->addAnd(PermissionPeer::PARTNER_ID, array(PartnerPeer::GLOBAL_PARTNER, $item->getPartnerId(), $partnerId), Criteria::IN);
$permission = PermissionPeer::doSelectOne($c);
if (!$permission) {
continue;
}
$c = new Criteria();
$c->addAnd(PermissionToPermissionItemPeer::PERMISSION_ITEM_ID, $item->getId());
$c->addAnd(PermissionToPermissionItemPeer::PERMISSION_ID, $permission->getId());
$permissionToPermissionItem = PermissionToPermissionItemPeer::doSelectOne($c);
if (!$permissionToPermissionItem) {
continue;
}
$permissionToPermissionItem->delete();
}
}
/**
* Delete all permission items related from current pemission.
*/
private function deletePermissionItems(array $permissionsItemsToRemove)
{
if (!count($permissionsItemsToRemove)) {
return;
}
$c = new Criteria();
$c->add(PermissionToPermissionItemPeer::PERMISSION_ID, $this->getId(), Criteria::EQUAL);
$c->add(PermissionToPermissionItemPeer::PERMISSION_ITEM_ID, $permissionsItemsToRemove, Criteria::IN);
PermissionToPermissionItemPeer::doDelete($c);
}
/**
* Init permission items map from DB for the given role
* @param UserRole $dbRole
*/
private static function getPermissionsFromDb($dbRole)
{
$map = self::initEmptyMap();
// get all permission object names from role record
if ($dbRole) {
$tmpPermissionNames = $dbRole->getPermissionNames(true);
$tmpPermissionNames = array_map('trim', explode(',', $tmpPermissionNames));
} else {
$tmpPermissionNames = array();
}
// add always allowed permissions
if (self::$operatingPartner) {
$alwaysAllowed = self::$operatingPartner->getAlwaysAllowedPermissionNames();
$alwaysAllowed = array_map('trim', explode(',', $alwaysAllowed));
} else {
$alwaysAllowed = array(PermissionName::ALWAYS_ALLOWED_ACTIONS);
}
$tmpPermissionNames = array_merge($tmpPermissionNames, $alwaysAllowed);
// if the request sent from the internal server set additional permission allowing access without KS
// from internal servers
if (kIpAddressUtils::isInternalIp()) {
KalturaLog::debug('IP in range, adding ALWAYS_ALLOWED_FROM_INTERNAL_IP_ACTIONS permission');
$alwaysAllowedInternal = array(PermissionName::ALWAYS_ALLOWED_FROM_INTERNAL_IP_ACTIONS);
$tmpPermissionNames = array_merge($tmpPermissionNames, $alwaysAllowedInternal);
}
$permissionNames = array();
foreach ($tmpPermissionNames as $name) {
$permissionNames[$name] = $name;
}
$map[self::PERMISSION_NAMES_ARRAY] = $permissionNames;
// get mapping of permissions to permission items
$c = new Criteria();
$c->addAnd(PermissionPeer::NAME, $permissionNames, Criteria::IN);
$c->addAnd(PermissionPeer::PARTNER_ID, array(strval(PartnerPeer::GLOBAL_PARTNER), strval(self::$operatingPartnerId)), Criteria::IN);
$c->addAnd(PermissionItemPeer::PARTNER_ID, array(strval(PartnerPeer::GLOBAL_PARTNER), strval(self::$operatingPartnerId)), Criteria::IN);
$lookups = PermissionToPermissionItemPeer::doSelectJoinAll($c);
foreach ($lookups as $lookup) {
$item = $lookup->getPermissionItem();
$permission = $lookup->getPermission();
if (!$item) {
KalturaLog::err('PermissionToPermissionItem id [' . $lookup->getId() . '] is defined with PermissionItem id [' . $lookup->getPermissionItemId() . '] which does not exists!');
continue;
}
if (!$permission) {
KalturaLog::err('PermissionToPermissionItem id [' . $lookup->getId() . '] is defined with Permission name [' . $lookup->getPermissionName() . '] which does not exists!');
continue;
}
// organize permission items in local arrays
$type = $item->getType();
if ($type == PermissionItemType::API_ACTION_ITEM) {
self::addApiAction($map, $item);
} else {
if ($type == PermissionItemType::API_PARAMETER_ITEM) {
self::addApiParameter($map, $item);
}
}
}
// set partner group permission
$c = new Criteria();
$c->addAnd(PermissionPeer::PARTNER_ID, self::$operatingPartnerId, Criteria::EQUAL);
$c->addAnd(PermissionPeer::TYPE, PermissionType::PARTNER_GROUP, Criteria::EQUAL);
$partnerGroupPermissions = PermissionPeer::doSelect($c);
foreach ($partnerGroupPermissions as $pgPerm) {
self::addPartnerGroupAction($map, $pgPerm);
}
return $map;
}
/**
* Delete all permission items related from current pemission.
*/
private function deleteAllPermissionItems()
{
$c = new Criteria();
$c->add(PermissionToPermissionItemPeer::PERMISSION_ID, $this->getId(), Criteria::EQUAL);
PermissionToPermissionItemPeer::doDelete($c);
}
/**
* Init with allowed permissions for the user in the given KS or kCurrentContext if not KS given
* kCurrentContext::init should have been executed before!
* @param string $ks KS to extract user and partner IDs from instead of kCurrentContext
* @param boolean $useCache use cache or not
* @throws TODO: add all exceptions
*/
public static function init($useCache = null)
{
// verify that kCurrentContext::init has been executed since it must be used to init current context permissions
if (!kCurrentContext::$ksPartnerUserInitialized) {
KalturaLog::crit('kCurrentContext::initKsPartnerUser must be executed before initializing kPermissionManager');
throw new Exception('kCurrentContext has not been initialized!', null);
}
// can be initialized more than once to support multirequest with different kCurrentContext parameters
self::$initialized = false;
self::$useCache = $useCache ? true : false;
// copy kCurrentContext parameters (kCurrentContext::init should have been executed before)
self::$requestedPartnerId = !self::isEmpty(kCurrentContext::$partner_id) ? kCurrentContext::$partner_id : null;
self::$ksPartnerId = !self::isEmpty(kCurrentContext::$ks_partner_id) ? kCurrentContext::$ks_partner_id : null;
self::$ksUserId = !self::isEmpty(kCurrentContext::$ks_uid) ? kCurrentContext::$ks_uid : null;
self::$ksString = kCurrentContext::$ks ? kCurrentContext::$ks : null;
self::$adminSession = !self::isEmpty(kCurrentContext::$is_admin_session) ? kCurrentContext::$is_admin_session : false;
// clear instance pools
//TODO: may not be needed
UserRolePeer::clearInstancePool();
PermissionPeer::clearInstancePool();
PermissionItemPeer::clearInstancePool();
PermissionToPermissionItemPeer::clearInstancePool();
kuserPeer::clearInstancePool();
// if ks defined - check that it is valid
self::errorIfKsNotValid();
// init partner, user, and role objects
self::initPartnerUserObjects();
// throw an error if KS partner (operating partner) is blocked
self::errorIfPartnerBlocked();
// init role ids
self::initRoleIds();
// init permissions map
self::initPermissionsMap();
// initialization done
self::$initialized = true;
return true;
}
public static function clearMemory()
{
accessControlPeer::clearInstancePool();
kuserPeer::clearInstancePool();
kshowPeer::clearInstancePool();
entryPeer::clearInstancePool();
// kvotePeer::clearInstancePool();
// commentPeer::clearInstancePool();
// flagPeer::clearInstancePool();
// favoritePeer::clearInstancePool();
// KshowKuserPeer::clearInstancePool();
// MailJobPeer::clearInstancePool();
SchedulerPeer::clearInstancePool();
SchedulerWorkerPeer::clearInstancePool();
SchedulerStatusPeer::clearInstancePool();
SchedulerConfigPeer::clearInstancePool();
ControlPanelCommandPeer::clearInstancePool();
BatchJobPeer::clearInstancePool();
// PriorityGroupPeer::clearInstancePool();
BulkUploadResultPeer::clearInstancePool();
// blockedEmailPeer::clearInstancePool();
// conversionPeer::clearInstancePool();
// flickrTokenPeer::clearInstancePool();
PuserKuserPeer::clearInstancePool();
// PuserRolePeer::clearInstancePool();
PartnerPeer::clearInstancePool();
// WidgetLogPeer::clearInstancePool();
// adminKuserPeer::clearInstancePool();
// notificationPeer::clearInstancePool();
moderationPeer::clearInstancePool();
moderationFlagPeer::clearInstancePool();
roughcutEntryPeer::clearInstancePool();
// widgetPeer::clearInstancePool();
uiConfPeer::clearInstancePool();
// PartnerStatsPeer::clearInstancePool();
// PartnerActivityPeer::clearInstancePool();
ConversionProfilePeer::clearInstancePool();
// ConversionParamsPeer::clearInstancePool();
// KceInstallationErrorPeer::clearInstancePool();
FileSyncPeer::clearInstancePool();
accessControlPeer::clearInstancePool();
mediaInfoPeer::clearInstancePool();
assetParamsPeer::clearInstancePool();
assetParamsOutputPeer::clearInstancePool();
assetPeer::clearInstancePool();
conversionProfile2Peer::clearInstancePool();
flavorParamsConversionProfilePeer::clearInstancePool();
categoryPeer::clearInstancePool();
syndicationFeedPeer::clearInstancePool();
TrackEntryPeer::clearInstancePool();
// SystemUserPeer::clearInstancePool();
StorageProfilePeer::clearInstancePool();
// EmailIngestionProfilePeer::clearInstancePool();
UploadTokenPeer::clearInstancePool();
// invalidSessionPeer::clearInstancePool();
DynamicEnumPeer::clearInstancePool();
UserLoginDataPeer::clearInstancePool();
PermissionPeer::clearInstancePool();
UserRolePeer::clearInstancePool();
PermissionItemPeer::clearInstancePool();
PermissionToPermissionItemPeer::clearInstancePool();
KuserToUserRolePeer::clearInstancePool();
$pluginInstances = KalturaPluginManager::getPluginInstances('IKalturaMemoryCleaner');
foreach ($pluginInstances as $pluginInstance) {
$pluginInstance->cleanMemory();
}
if (function_exists('gc_collect_cycles')) {
// php 5.3 and above
gc_collect_cycles();
}
}
/**
* Retrieve multiple objects by pkey.
*
* @param array $pks List of primary keys
* @param PropelPDO $con the connection to use
* @throws PropelException Any exceptions caught during processing will be
* rethrown wrapped into a PropelException.
*/
public static function retrieveByPKs($pks, PropelPDO $con = null)
{
$objs = null;
if (empty($pks)) {
$objs = array();
} else {
$criteria = new Criteria(PermissionToPermissionItemPeer::DATABASE_NAME);
$criteria->add(PermissionToPermissionItemPeer::ID, $pks, Criteria::IN);
$objs = PermissionToPermissionItemPeer::doSelect($criteria, $con);
}
return $objs;
}
/**
* Populates the object using an array.
*
* This is particularly useful when populating an object from one of the
* request arrays (e.g. $_POST). This method goes through the column
* names, checking to see whether a matching key exists in populated
* array. If so the setByName() method is called for that column.
*
* You can specify the key type of the array by additionally passing one
* of the class type constants BasePeer::TYPE_PHPNAME, BasePeer::TYPE_STUDLYPHPNAME,
* BasePeer::TYPE_COLNAME, BasePeer::TYPE_FIELDNAME, BasePeer::TYPE_NUM.
* The default key type is the column's phpname (e.g. 'AuthorId')
*
* @param array $arr An array to populate the object from.
* @param string $keyType The type of keys the array uses.
* @return void
*/
public function fromArray($arr, $keyType = BasePeer::TYPE_PHPNAME)
{
$keys = PermissionToPermissionItemPeer::getFieldNames($keyType);
if (array_key_exists($keys[0], $arr)) {
$this->setId($arr[$keys[0]]);
}
if (array_key_exists($keys[1], $arr)) {
$this->setPermissionId($arr[$keys[1]]);
}
if (array_key_exists($keys[2], $arr)) {
$this->setPermissionItemId($arr[$keys[2]]);
}
if (array_key_exists($keys[3], $arr)) {
$this->setCreatedAt($arr[$keys[3]]);
}
if (array_key_exists($keys[4], $arr)) {
$this->setUpdatedAt($arr[$keys[4]]);
}
}
/**
* Builds a Criteria object containing the primary key for this object.
*
* Unlike buildCriteria() this method includes the primary key values regardless
* of whether or not they have been modified.
*
* @return Criteria The Criteria object containing value(s) for primary key(s).
*/
public function buildPkeyCriteria()
{
$criteria = new Criteria(PermissionToPermissionItemPeer::DATABASE_NAME);
$criteria->add(PermissionToPermissionItemPeer::ID, $this->id);
if ($this->alreadyInSave && count($this->modifiedColumns) == 2 && $this->isColumnModified(PermissionToPermissionItemPeer::UPDATED_AT)) {
$theModifiedColumn = null;
foreach ($this->modifiedColumns as $modifiedColumn) {
if ($modifiedColumn != PermissionToPermissionItemPeer::UPDATED_AT) {
$theModifiedColumn = $modifiedColumn;
}
}
$atomicColumns = PermissionToPermissionItemPeer::getAtomicColumns();
if (in_array($theModifiedColumn, $atomicColumns)) {
$criteria->add($theModifiedColumn, $this->getByName($theModifiedColumn, BasePeer::TYPE_COLNAME), Criteria::NOT_EQUAL);
}
}
return $criteria;
}
