private function validateTicketSetPartner($partner_id, $subp_id, $puser_id, $ks_str) { if ($ks_str) { // 1. crack the ks - $ks = kSessionUtils::crackKs($ks_str); // 2. extract partner_id $ks_partner_id = $ks->partner_id; $master_partner_id = $ks->master_partner_id; if (!$master_partner_id) { $master_partner_id = $ks_partner_id; } if (!$partner_id) { $partner_id = $ks_partner_id; } // use the user from the ks if not explicity set if (!$puser_id) { $puser_id = $ks->user; } kCurrentContext::$ks = $ks_str; kCurrentContext::$partner_id = $partner_id; kCurrentContext::$ks_partner_id = $ks_partner_id; kCurrentContext::$master_partner_id = $master_partner_id; kCurrentContext::$uid = $puser_id; kCurrentContext::$ks_uid = $ks->user; // 3. retrieve partner $ks_partner = PartnerPeer::retrieveByPK($ks_partner_id); // the service_confgi is assumed to be the one of the operating_partner == ks_partner if (!$ks_partner) { $this->addException(APIErrors::UNKNOWN_PARTNER_ID, $ks_partner_id); } $this->setServiceConfigFromPartner($ks_partner); if ($ks_partner && !$ks_partner->getStatus()) { $this->addException(APIErrors::SERVICE_FORBIDDEN_PARTNER_DELETED); } // 4. validate ticket per service for the ticket's partner $ticket_type = $this->ticketType2(); if ($ticket_type == kSessionUtils::REQUIED_TICKET_NOT_ACCESSIBLE) { // partner cannot access this service $this->addException(APIErrors::SERVICE_FORBIDDEN); } if ($this->force_ticket_check && $ticket_type != kSessionUtils::REQUIED_TICKET_NONE) { // TODO - which user is this ? from the ks ? from the puser_id ? $ks_puser_id = $ks->user; //$ks = null; $res = kSessionUtils::validateKSession2($ticket_type, $ks_partner_id, $ks_puser_id, $ks_str, $ks); if (0 >= $res) { // chaned this to be an exception rather than an error $this->addException(APIErrors::INVALID_KS, $ks_str, $res, ks::getErrorStr($res)); } $this->ks = $ks; } elseif ($ticket_type == kSessionUtils::REQUIED_TICKET_NONE && $ks_str) { $ks_puser_id = $ks->user; $res = kSessionUtils::validateKSession2($ticket_type, $ks_partner_id, $ks_puser_id, $ks_str, $ks); if ($res > 0) { $this->ks = $ks; } } // 5. see partner is allowed to access the desired partner (if himself - easy, else - should appear in the partnerGroup) $allow_access = myPartnerUtils::allowPartnerAccessPartner($ks_partner_id, $this->partnerGroup2(), $partner_id); if (!$allow_access) { $this->addException(APIErrors::PARTNER_ACCESS_FORBIDDEN, $ks_partner_id, $partner_id); } // 6. set the partner to be the desired partner and the operating_partner to be the one from the ks $this->partner = PartnerPeer::retrieveByPK($partner_id); $this->operating_partner = $ks_partner; // the config is that of the ks_partner NOT of the partner // $this->setServiceConfigFromPartner( $ks_partner ); - was already set above to extract the ks // TODO - should change service_config to be the one of the partner_id ?? // 7. if ok - return the partner_id to be used from this point onwards return array($partner_id, $subp_id, $puser_id, true); // allow private_partner_data } else { // no ks_str // 1. extract partner by partner_id + // 2. retrieve partner $this->partner = PartnerPeer::retrieveByPK($partner_id); if (!$this->partner) { $this->partner = null; // go to the default config $this->setServiceConfigFromPartner(null); if ($this->requirePartner2()) { $this->addException(APIErrors::UNKNOWN_PARTNER_ID, $partner_id); } } if ($this->partner && !$this->partner->getStatus()) { $this->addException(APIErrors::SERVICE_FORBIDDEN_PARTNER_DELETED); } kCurrentContext::$ks = null; kCurrentContext::$partner_id = $partner_id; kCurrentContext::$ks_partner_id = null; kCurrentContext::$uid = $puser_id; kCurrentContext::$ks_uid = null; // 3. make sure the service can be accessed with no ticket $this->setServiceConfigFromPartner($this->partner); $ticket_type = $this->ticketType2(); if ($ticket_type == kSessionUtils::REQUIED_TICKET_NOT_ACCESSIBLE) { // partner cannot access this service $this->addException(APIErrors::SERVICE_FORBIDDEN); } if ($this->force_ticket_check && $ticket_type != kSessionUtils::REQUIED_TICKET_NONE) { // NEW: 2008-12-28 // Instead of throwing an exception, see if the service allows KN. // If so - a relativly week partner access if ($this->kalturaNetwork2()) { // if the service supports KN - continue without private data return array($partner_id, $subp_id, $puser_id, false); // DONT allow private_partner_data } // chaned this to be an exception rather than an error $this->addException(APIErrors::MISSING_KS); } // 4. set the partner & operating_partner to be the one-and-only partner of this session $this->operating_partner = $this->partner; return array($partner_id, $subp_id, $puser_id, true); // allow private_partner_data } }
public static function initKsPartnerUser($ksString, $requestedPartnerId = null, $requestedPuserId = null) { if (!$ksString) { kCurrentContext::$ks = null; kCurrentContext::$ks_partner_id = null; kCurrentContext::$ks_uid = null; kCurrentContext::$master_partner_id = null; kCurrentContext::$partner_id = $requestedPartnerId; kCurrentContext::$uid = $requestedPuserId; kCurrentContext::$is_admin_session = false; } else { try { $ksObj = kSessionUtils::crackKs($ksString); } catch (Exception $ex) { if (strpos($ex->getMessage(), "INVALID_STR") !== null) { //TODO: throw different type of error throw new KalturaAPIException(APIErrors::INVALID_KS, $ksString, ks::INVALID_STR, ks::getErrorStr(ks::INVALID_STR)); } else { throw $ex; } } kCurrentContext::$ks = $ksString; kCurrentContext::$ks_object = $ksObj; kCurrentContext::$ks_partner_id = $ksObj->partner_id; kCurrentContext::$ks_uid = $ksObj->user; kCurrentContext::$master_partner_id = $ksObj->master_partner_id ? $ksObj->master_partner_id : kCurrentContext::$ks_partner_id; kCurrentContext::$is_admin_session = $ksObj->isAdmin(); kCurrentContext::$partner_id = $requestedPartnerId; kCurrentContext::$uid = $requestedPuserId; } // set partner ID for logger if (kCurrentContext::$partner_id) { $GLOBALS["partnerId"] = kCurrentContext::$partner_id; } else { if (kCurrentContext::$ks_partner_id) { $GLOBALS["partnerId"] = kCurrentContext::$ks_partner_id; } } self::$ksPartnerUserInitialized = true; }
public static function initKsPartnerUser($ksString, $requestedPartnerId = null, $requestedPuserId = null) { if (!$ksString) { kCurrentContext::$ks = null; kCurrentContext::$ks_object = null; kCurrentContext::$ks_hash = null; kCurrentContext::$ks_partner_id = null; kCurrentContext::$ks_uid = null; kCurrentContext::$ks_kuser_id = 0; kCurrentContext::$master_partner_id = null; kCurrentContext::$partner_id = $requestedPartnerId; kCurrentContext::$uid = $requestedPuserId; kCurrentContext::$is_admin_session = false; kCurrentContext::$kuser_id = null; } else { try { $ksObj = kSessionUtils::crackKs($ksString); } catch (Exception $ex) { if (strpos($ex->getMessage(), "INVALID_STR") !== null) { throw new kCoreException($ex->getMessage(), kCoreException::INVALID_KS, $ksString); } else { throw $ex; } } kCurrentContext::$ks = $ksString; kCurrentContext::$ks_object = $ksObj; kCurrentContext::$ks_hash = $ksObj->getHash(); kCurrentContext::$ks_partner_id = $ksObj->partner_id; kCurrentContext::$ks_uid = $ksObj->user; kCurrentContext::$ks_kuser_id = 0; kCurrentContext::$master_partner_id = $ksObj->master_partner_id ? $ksObj->master_partner_id : kCurrentContext::$ks_partner_id; kCurrentContext::$is_admin_session = $ksObj->isAdmin(); kCurrentContext::$partner_id = $requestedPartnerId; kCurrentContext::$uid = $requestedPuserId; kCurrentContext::$kuser_id = null; $ksKuser = kuserPeer::getKuserByPartnerAndUid(kCurrentContext::$ks_partner_id, kCurrentContext::$ks_uid, true); if ($ksKuser) { kCurrentContext::$ks_kuser_id = $ksKuser->getId(); } } // set partner ID for logger if (kCurrentContext::$partner_id) { $GLOBALS["partnerId"] = kCurrentContext::$partner_id; } else { if (kCurrentContext::$ks_partner_id) { $GLOBALS["partnerId"] = kCurrentContext::$ks_partner_id; } } self::$ksPartnerUserInitialized = true; }