* Adds basic API object parameters that require permissions, to their associated permissions.
*
* Delete from permission_to_permission_item where type = 'kApiParameterPermissionItem' to re-deploy
*/
//-- Bootstraping
error_reporting(E_ALL);
require_once dirname(__FILE__) . '/../../../bootstrap.php';
require_once ROOT_DIR . '/api_v3/bootstrap.php';
PermissionPeer::clearInstancePool();
PermissionItemPeer::clearInstancePool();
//-- Script start
// define all items
$permissionItems = array(array('object' => 'KalturaBaseEntry', 'parameter' => 'startDate', 'action' => ApiParameterPermissionItemAction::INSERT, 'permission' => PermissionName::CONTENT_MANAGE_SCHEDULE), array('object' => 'KalturaBaseEntry', 'parameter' => 'startDate', 'action' => ApiParameterPermissionItemAction::UPDATE, 'permission' => PermissionName::CONTENT_MANAGE_SCHEDULE), array('object' => 'KalturaBaseEntry', 'parameter' => 'endDate', 'action' => ApiParameterPermissionItemAction::INSERT, 'permission' => PermissionName::CONTENT_MANAGE_SCHEDULE), array('object' => 'KalturaBaseEntry', 'parameter' => 'endDate', 'action' => ApiParameterPermissionItemAction::UPDATE, 'permission' => PermissionName::CONTENT_MANAGE_SCHEDULE), array('object' => 'KalturaBaseEntry', 'parameter' => 'accessControlId', 'action' => ApiParameterPermissionItemAction::INSERT, 'permission' => PermissionName::CONTENT_MANAGE_ACCESS_CONTROL), array('object' => 'KalturaBaseEntry', 'parameter' => 'accessControlId', 'action' => ApiParameterPermissionItemAction::UPDATE, 'permission' => PermissionName::CONTENT_MANAGE_ACCESS_CONTROL), array('object' => 'KalturaBaseEntry', 'parameter' => 'categories', 'action' => ApiParameterPermissionItemAction::INSERT, 'permission' => PermissionName::CONTENT_MANAGE_ASSIGN_CATEGORIES . ',' . PermissionName::USER_SESSION_PERMISSION), array('object' => 'KalturaBaseEntry', 'parameter' => 'categories', 'action' => ApiParameterPermissionItemAction::UPDATE, 'permission' => PermissionName::CONTENT_MANAGE_ASSIGN_CATEGORIES . ',' . PermissionName::USER_SESSION_PERMISSION), array('object' => 'KalturaBaseEntry', 'parameter' => 'categoriesIds', 'action' => ApiParameterPermissionItemAction::INSERT, 'permission' => PermissionName::CONTENT_MANAGE_ASSIGN_CATEGORIES . ',' . PermissionName::USER_SESSION_PERMISSION), array('object' => 'KalturaBaseEntry', 'parameter' => 'categoriesIds', 'action' => ApiParameterPermissionItemAction::UPDATE, 'permission' => PermissionName::CONTENT_MANAGE_ASSIGN_CATEGORIES . ',' . PermissionName::USER_SESSION_PERMISSION), array('object' => 'KalturaBaseEntry', 'parameter' => 'name', 'action' => ApiParameterPermissionItemAction::UPDATE, 'permission' => PermissionName::CONTENT_MANAGE_METADATA . ',' . PermissionName::USER_SESSION_PERMISSION . ',' . PermissionName::CONTENT_MODERATE_METADATA), array('object' => 'KalturaBaseEntry', 'parameter' => 'tags', 'action' => ApiParameterPermissionItemAction::UPDATE, 'permission' => PermissionName::CONTENT_MANAGE_METADATA . ',' . PermissionName::USER_SESSION_PERMISSION . ',' . PermissionName::CONTENT_MODERATE_METADATA), array('object' => 'KalturaBaseEntry', 'parameter' => 'description', 'action' => ApiParameterPermissionItemAction::UPDATE, 'permission' => PermissionName::CONTENT_MANAGE_METADATA . ',' . PermissionName::USER_SESSION_PERMISSION . ',' . PermissionName::CONTENT_MODERATE_METADATA), array('object' => 'KalturaLiveStreamAdminEntry', 'parameter' => kApiParameterPermissionItem::ALL_VALUES_IDENTIFIER, 'action' => ApiParameterPermissionItemAction::READ, 'permission' => PermissionName::CONTENT_MANAGE_BASE), array('object' => 'KalturaLiveStreamAdminEntry', 'parameter' => kApiParameterPermissionItem::ALL_VALUES_IDENTIFIER, 'action' => ApiParameterPermissionItemAction::INSERT, 'permission' => PermissionName::CONTENT_MANAGE_BASE), array('object' => 'KalturaLiveStreamAdminEntry', 'parameter' => kApiParameterPermissionItem::ALL_VALUES_IDENTIFIER, 'action' => ApiParameterPermissionItemAction::UPDATE, 'permission' => PermissionName::CONTENT_MANAGE_BASE), array('object' => 'KalturaPartner', 'parameter' => 'secret', 'action' => ApiParameterPermissionItemAction::READ, 'permission' => PermissionName::INTEGRATION_BASE), array('object' => 'KalturaPartner', 'parameter' => 'adminSecret', 'action' => ApiParameterPermissionItemAction::READ, 'permission' => PermissionName::INTEGRATION_BASE));
// add all to required permissions
foreach ($permissionItems as $cur) {
$item = new kApiParameterPermissionItem();
$item->setObject($cur['object']);
$item->setParameter($cur['parameter']);
$item->setAction($cur['action']);
$item->setPartnerId(PartnerPeer::GLOBAL_PARTNER);
$item->save();
$permissions = $cur['permission'];
$permissions = explode(',', $permissions);
foreach ($permissions as $permissionName) {
if (!$permissionName) {
continue;
}
$permission = PermissionPeer::getByNameAndPartner(trim($permissionName), array(PartnerPeer::GLOBAL_PARTNER));
if (!$permission) {
$msg = '***** ERROR - Permission [' . $cur['permission'] . '] not found for item [' . $cur['object'] . '->' . $cur['parameter'] . ']';
KalturaLog::alert($msg);
function addParameterPermissionItem($itemCfg)
{
// verify obligatory fields
if (!$itemCfg->object) {
throw new Exception('Permission item object must be set');
}
if (!$itemCfg->parameter) {
throw new Exception('Permission item object parameter must be set');
}
if (!$itemCfg->action) {
throw new Exception('Permission item action id must be set');
}
if (is_null($itemCfg->partnerId) || $itemCfg->partnerId === '') {
throw new Exception('Permission item partner id must be set');
}
if (!in_array($itemCfg->action, array(ApiParameterPermissionItemAction::INSERT, ApiParameterPermissionItemAction::READ, ApiParameterPermissionItemAction::UPDATE))) {
throw new Exception("Action type [{$itemCfg->action}] unknown");
}
// check if item already exists in db
$c = new Criteria();
$c->addAnd(kApiParameterPermissionItem::OBJECT_COLUMN_NAME, $itemCfg->object, Criteria::EQUAL);
$c->addAnd(kApiParameterPermissionItem::PARAMETER_COLUMN_NAME, $itemCfg->parameter, Criteria::EQUAL);
$c->addAnd(kApiParameterPermissionItem::ACTION_COLUMN_NAME, $itemCfg->action, Criteria::EQUAL);
$c->addAnd(PermissionItemPeer::PARTNER_ID, array(PartnerPeer::GLOBAL_PARTNER, $itemCfg->partnerId), Criteria::IN);
$c->addAnd(PermissionItemPeer::TYPE, PermissionItemType::API_PARAMETER_ITEM, Criteria::EQUAL);
$existingItem = PermissionItemPeer::doSelectOne($c);
$item = null;
if (existingItem) {
$item = $existingItem;
KalturaLog::log('Permission item for [' . $item->getAction() . '->' . $item->getObject() . '->' . $item->getParameter() . '] partner id [' . $item->getPartnerId() . '] already exists with id [' . $item->getId() . ']');
} else {
// save new permission item object
$item = new kApiParameterPermissionItem();
foreach ($itemCfg as $key => $value) {
if ($key === 'permissions') {
continue;
// permissions are set later
}
$setterCallback = array($item, "set{$key}");
call_user_func_array($setterCallback, array($value));
}
$item->save();
KalturaLog::log('New permission item id [' . $item->getId() . '] added for [' . $item->getAction() . '->' . $item->getObject() . '->' . $item->getParameter() . '] partner id [' . $item->getPartnerId() . ']');
}
// add item to each defined permission
$permissionNames = array_map('trim', explode(',', $itemCfg->permissions));
addItemToPermissions($item, $permissionNames);
}
/**
* Add an api parameter permission to the local map
* @param array $map map to fill
* @param kApiParameterPermissionItem $item
*/
private static function addApiParameter(array &$map, kApiParameterPermissionItem $item)
{
$itemAction = strtolower($item->getAction());
$itemObject = strtolower($item->getObject());
if (!isset($map[self::API_PARAMETERS_ARRAY_NAME][$itemAction][$itemObject])) {
$map[self::API_PARAMETERS_ARRAY_NAME][$itemAction][$itemObject] = array();
}
$map[self::API_PARAMETERS_ARRAY_NAME][$itemAction][$itemObject][strtolower($item->getParameter())] = true;
}
/**
* Add an api parameter permission to the local map
* @param array $map map to fill
* @param kApiParameterPermissionItem $item
*/
private static function addApiParameter(array &$map, kApiParameterPermissionItem $item)
{
$itemAction = $item->getAction();
// ApiParameterPermissionItemAction
if (!isset($map[self::API_PARAMETERS_ARRAY_NAME][$itemAction][$item->getObject()])) {
$map[self::API_PARAMETERS_ARRAY_NAME][$itemAction][$item->getObject()] = array();
}
$map[self::API_PARAMETERS_ARRAY_NAME][$itemAction][$item->getObject()][] = $item->getParameter();
}
