public function set_site_permissions()
{
$fs = FileSet::getGlobal();
$g1 = Group::getByID(GUEST_GROUP_ID);
$g2 = Group::getByID(REGISTERED_GROUP_ID);
$g3 = Group::getByID(ADMIN_GROUP_ID);
$fs->assignPermissions($g1, array('view_file_set_file'));
$fs->assignPermissions($g3, array('view_file_set_file', 'search_file_set', 'edit_file_set_file_properties', 'edit_file_set_file_contents', 'copy_file_set_files', 'edit_file_set_permissions', 'delete_file_set_files', 'delete_file_set', 'add_file'));
if (defined('SITE_INSTALL_LOCALE') && SITE_INSTALL_LOCALE != '' && SITE_INSTALL_LOCALE != 'en_US') {
Config::save('concrete.locale', SITE_INSTALL_LOCALE);
}
Config::save('concrete.site', SITE);
Config::save('concrete.version_installed', APP_VERSION);
$u = new User();
$u->saveConfig('NEWSFLOW_LAST_VIEWED', 'FIRSTRUN');
$home = Page::getByID(1, "RECENT");
$home->assignPermissions($g1, array('view_page'));
$home->assignPermissions($g3, array('view_page_versions', 'view_page_in_sitemap', 'preview_page_as_user', 'edit_page_properties', 'edit_page_contents', 'edit_page_speed_settings', 'edit_page_multilingual_settings', 'edit_page_theme', 'edit_page_template', 'edit_page_permissions', 'delete_page', 'delete_page_versions', 'approve_page_versions', 'add_subpage', 'move_or_copy_page', 'schedule_page_contents_guest_access'));
// login
$login = Page::getByPath('/login', "RECENT");
$login->assignPermissions($g1, array('view_page'));
// register
$register = Page::getByPath('/register', "RECENT");
$register->assignPermissions($g1, array('view_page'));
// dashboard
$dashboard = Page::getByPath('/dashboard', "RECENT");
$dashboard->assignPermissions($g3, array('view_page'));
// drafts
$drafts = Page::getByPath('/!drafts', "RECENT");
$drafts->assignPermissions($g1, array('view_page'));
$drafts->assignPermissions($g3, array('view_page_versions', 'view_page_in_sitemap', 'preview_page_as_user', 'edit_page_properties', 'edit_page_contents', 'edit_page_speed_settings', 'edit_page_theme', 'edit_page_template', 'edit_page_permissions', 'delete_page', 'delete_page_versions', 'approve_page_versions', 'add_subpage', 'move_or_copy_page', 'schedule_page_contents_guest_access'));
$drafts->assignPermissions(PageOwnerPermissionAccessEntity::getOrCreate(), array('view_page_versions', 'edit_page_properties', 'edit_page_contents', 'edit_page_template', 'delete_page', 'delete_page_versions', 'approve_page_versions'));
$config = \Core::make('config/database');
$config->save('concrete.security.token.jobs', Core::make('helper/validation/identifier')->getString(64));
$config->save('concrete.security.token.encryption', Core::make('helper/validation/identifier')->getString(64));
$config->save('concrete.security.token.validation', Core::make('helper/validation/identifier')->getString(64));
// group permissions
$tree = GroupTree::get();
$node = $tree->getRootTreeNodeObject();
$permissions = array('search_users_in_group', 'edit_group', 'assign_group', 'add_sub_group', 'edit_group_permissions');
$adminGroupEntity = GroupPermissionAccessEntity::getOrCreate($g3);
foreach ($permissions as $pkHandle) {
$pk = PermissionKey::getByHandle($pkHandle);
$pk->setPermissionObject($node);
$pa = PermissionAccess::create($pk);
$pa->addListItem($adminGroupEntity);
$pt = $pk->getPermissionAssignmentObject();
$pt->assignPermissionAccess($pa);
}
// conversation permissions
$messageAuthorEntity = ConversationMessageAuthorEntity::getOrCreate();
$guestEntity = GroupPermissionAccessEntity::getOrCreate($g1);
$registeredEntity = GroupPermissionAccessEntity::getOrCreate($g2);
$pk = PermissionKey::getByHandle('add_conversation_message');
$pa = PermissionAccess::create($pk);
$pa->addListItem($guestEntity);
$pt = $pk->getPermissionAssignmentObject();
$pt->assignPermissionAccess($pa);
$pk = PermissionKey::getByHandle('add_conversation_message_attachments');
$pa = PermissionAccess::create($pk);
$pa->addListItem($guestEntity);
$pt = $pk->getPermissionAssignmentObject();
$pt->assignPermissionAccess($pa);
$pk = PermissionKey::getByHandle('edit_conversation_message');
$pa = PermissionAccess::create($pk);
$pa->addListItem($messageAuthorEntity);
$pa->addListItem($adminGroupEntity);
$pt = $pk->getPermissionAssignmentObject();
$pt->assignPermissionAccess($pa);
$pk = PermissionKey::getByHandle('delete_conversation_message');
$pa = PermissionAccess::create($pk);
$pa->addListItem($messageAuthorEntity);
$pa->addListItem($adminGroupEntity);
$pt = $pk->getPermissionAssignmentObject();
$pt->assignPermissionAccess($pa);
$pk = PermissionKey::getByHandle('rate_conversation_message');
$pa = PermissionAccess::create($pk);
$pa->addListItem($registeredEntity);
$pa->addListItem($adminGroupEntity);
$pt = $pk->getPermissionAssignmentObject();
$pt->assignPermissionAccess($pa);
$permissions = array('edit_conversation_permissions', 'flag_conversation_message', 'approve_conversation_message');
foreach ($permissions as $pkHandle) {
$pk = PermissionKey::getByHandle($pkHandle);
$pa = PermissionAccess::create($pk);
$pa->addListItem($adminGroupEntity);
$pt = $pk->getPermissionAssignmentObject();
$pt->assignPermissionAccess($pa);
}
}
<?php
defined('C5_EXECUTE') or die("Access Denied.");
use Concrete\Core\Permission\Access\Entity\PageOwnerEntity as PageOwnerPermissionAccessEntity;
if (Loader::helper('validation/token')->validate('process')) {
$js = Loader::helper('json');
$obj = new stdClass();
$pae = PageOwnerPermissionAccessEntity::getOrCreate();
$obj->peID = $pae->getAccessEntityID();
$obj->label = $pae->getAccessEntityLabel();
print $js->encode($obj);
}
/**
* Sets up a list to only return items the proper user can access
*/
public function setupPermissions()
{
$u = new User();
if ($u->isSuperUser() || $this->ignorePermissions) {
return;
// super user always sees everything. no need to limit
}
$accessEntities = $u->getUserAccessEntityObjects();
$peIDs = array('-1');
foreach ($accessEntities as $pae) {
$peIDs[] = $pae->getAccessEntityID();
}
$owpae = PageOwnerPermissionAccessEntity::getOrCreate();
// now we retrieve a list of permission duration object IDs that are attached view_page or view_page_version
// against any of these access entity objects. We just get'em all.
$db = Loader::db();
$activePDIDs = array();
$vpPKID = $db->GetOne('select pkID from PermissionKeys where pkHandle = ?', array($this->viewPagePermissionKeyHandle));
/*
$vpvPKID = $db->GetOne('select pkID from PermissionKeys where pkHandle = \'view_page_versions\'');
$pdIDs = $db->GetCol("select distinct pdID from PagePermissionAssignments ppa inner join PermissionAccessList pa on ppa.paID = pa.paID where pkID in (?, ?) and pdID > 0", array($vpPKID, $vpvPKID));
*/
$pdIDs = $db->GetCol("select distinct pdID from PagePermissionAssignments ppa inner join PermissionAccessList pa on ppa.paID = pa.paID where pkID =? and pdID > 0", array($vpPKID));
if (count($pdIDs) > 0) {
// then we iterate through all of them and find any that are active RIGHT NOW
foreach ($pdIDs as $pdID) {
$pd = PermissionDuration::getByID($pdID);
if ($pd->isActive()) {
$activePDIDs[] = $pd->getPermissionDurationID();
}
}
}
$activePDIDs[] = 0;
if ($this->includeAliases) {
$cInheritPermissionsFromCID = 'if(p2.cID is null, p1.cInheritPermissionsFromCID, p2.cInheritPermissionsFromCID)';
} else {
$cInheritPermissionsFromCID = 'p1.cInheritPermissionsFromCID';
}
if ($this->displayOnlyApprovedPages) {
$cvIsApproved = ' and cv.cvIsApproved = 1';
}
$uID = 0;
if ($u->isRegistered()) {
$uID = $u->getUserID();
}
/*
$this->filter(false, "((select count(cID) from PagePermissionAssignments ppa1 inner join PermissionAccessList pa1 on ppa1.paID = pa1.paID where ppa1.cID = {$cInheritPermissionsFromCID} and pa1.accessType = " . PermissionKey::ACCESS_TYPE_INCLUDE . " and pa1.pdID in (" . implode(',', $activePDIDs) . ")
and pa1.peID in (" . implode(',', $peIDs) . ") and (if(pa1.peID = " . $owpae->getAccessEntityID() . " and p1.uID <>" . $uID . ", false, true)) and (ppa1.pkID = " . $vpPKID . $cvIsApproved . " or ppa1.pkID = " . $vpvPKID . ")) > 0
or (p1.cPointerExternalLink !='' AND p1.cPointerExternalLink IS NOT NULL))");
$this->filter(false, "((select count(cID) from PagePermissionAssignments ppaExclude inner join PermissionAccessList paExclude on ppaExclude.paID = paExclude.paID where ppaExclude.cID = {$cInheritPermissionsFromCID} and accessType = " . PermissionKey::ACCESS_TYPE_EXCLUDE . " and pdID in (" . implode(',', $activePDIDs) . ")
and paExclude.peID in (" . implode(',', $peIDs) . ") and (if(paExclude.peID = " . $owpae->getAccessEntityID() . " and p1.uID <>" . $uID . ", false, true)) and (ppaExclude.pkID = " . $vpPKID . $cvIsApproved . " or ppaExclude.pkID = " . $vpvPKID . ")) = 0)");
*/
$this->filter(false, "((select count(cID) from PagePermissionAssignments ppa1 inner join PermissionAccessList pa1 on ppa1.paID = pa1.paID where ppa1.cID = {$cInheritPermissionsFromCID} and pa1.accessType = " . PermissionKey::ACCESS_TYPE_INCLUDE . " and pa1.pdID in (" . implode(',', $activePDIDs) . ")\n\t\t\tand pa1.peID in (" . implode(',', $peIDs) . ") and (if(pa1.peID = " . $owpae->getAccessEntityID() . " and p1.uID <>" . $uID . ", false, true)) and (ppa1.pkID = " . $vpPKID . $cvIsApproved . ")) > 0\n\t\t\tor (p1.cPointerExternalLink !='' AND p1.cPointerExternalLink IS NOT NULL))");
$this->filter(false, "((select count(cID) from PagePermissionAssignments ppaExclude inner join PermissionAccessList paExclude on ppaExclude.paID = paExclude.paID where ppaExclude.cID = {$cInheritPermissionsFromCID} and accessType = " . PermissionKey::ACCESS_TYPE_EXCLUDE . " and pdID in (" . implode(',', $activePDIDs) . ")\n\t\t\tand paExclude.peID in (" . implode(',', $peIDs) . ") and (if(paExclude.peID = " . $owpae->getAccessEntityID() . " and p1.uID <>" . $uID . ", false, true)) and (ppaExclude.pkID = " . $vpPKID . $cvIsApproved . ")) = 0)");
}
/**
* Add a page type.
*
* @param array $data {
* @var string $handle A string which can be used to identify the page type
* @var string $name A user friendly display name
* @var \PageTemplate $defaultTemplate The default template object
* @var string $allowedTemplates (A|C|X) A for all, C for selected only, X for non-selected only
* @var \PageTemplate[] $templates Array or Iterator of selected templates, see `$allowedTemplates`
* @var bool $internal Is this an internal only page type? Default: `false`
* @var bool $ptLaunchInComposer Does this launch in composer? Default: `false`
* @var bool $ptIsFrequentlyAdded Should this always be displayed in the pages panel? Default: `false`
* }
* @param bool|Package $pkg This should be false if the type is not tied to a package, or a package object
*
* @return static|mixed|null
*/
public static function add($data, $pkg = false)
{
$data = $data + array('defaultTemplate' => null, 'allowedTemplates' => null, 'templates' => null, 'internal' => null, 'ptLaunchInComposer' => null, 'ptIsFrequentlyAdded' => null);
$ptHandle = $data['handle'];
$ptName = $data['name'];
$ptDefaultPageTemplateID = 0;
$ptIsFrequentlyAdded = 0;
$ptLaunchInComposer = 0;
$pkgID = 0;
if (is_object($pkg)) {
$pkgID = $pkg->getPackageID();
}
if (is_object($data['defaultTemplate'])) {
$ptDefaultPageTemplateID = $data['defaultTemplate']->getPageTemplateID();
}
$ptAllowedPageTemplates = 'A';
if ($data['allowedTemplates']) {
$ptAllowedPageTemplates = $data['allowedTemplates'];
}
$templates = array();
if (is_array($data['templates'])) {
$templates = $data['templates'];
}
$ptIsInternal = 0;
if ($data['internal']) {
$ptIsInternal = 1;
}
if ($data['ptLaunchInComposer']) {
$ptLaunchInComposer = 1;
}
if ($data['ptIsFrequentlyAdded']) {
$ptIsFrequentlyAdded = 1;
}
$db = Loader::db();
$ptDisplayOrder = 0;
$count = $db->GetOne('select count(ptID) from PageTypes where ptIsInternal = ?', array($ptIsInternal));
if ($count > 0) {
$ptDisplayOrder = $count;
}
$db->Execute('insert into PageTypes (ptName, ptHandle, ptDefaultPageTemplateID, ptAllowedPageTemplates, ptIsInternal, ptLaunchInComposer, ptDisplayOrder, ptIsFrequentlyAdded, pkgID) values (?, ?, ?, ?, ?, ?, ?, ?, ?)', array($ptName, $ptHandle, $ptDefaultPageTemplateID, $ptAllowedPageTemplates, $ptIsInternal, $ptLaunchInComposer, $ptDisplayOrder, $ptIsFrequentlyAdded, $pkgID));
$ptID = $db->Insert_ID();
if ($ptAllowedPageTemplates != 'A') {
foreach ($templates as $pt) {
$db->Execute('insert into PageTypePageTemplates (ptID, pTemplateID) values (?, ?)', array($ptID, $pt->getPageTemplateID()));
}
}
$ptt = static::getByID($ptID);
// set all type publish target as default
$target = PageTypePublishTargetType::getByHandle('all');
if (is_object($target)) {
$configuredTarget = $target->configurePageTypePublishTarget($ptt, array());
$ptt->setConfiguredPageTypePublishTargetObject($configuredTarget);
}
// copy permissions from the defaults to the page type
$cpk = PermissionKey::getByHandle('access_page_type_permissions');
$permissions = PermissionKey::getList('page_type');
foreach ($permissions as $pk) {
$pk->setPermissionObject($ptt);
$pk->copyFromDefaultsToPageType($cpk);
}
// now we clear the default from edit page drafts
$pk = PermissionKey::getByHandle('edit_page_type_drafts');
if (is_object($pk)) {
$pk->setPermissionObject($ptt);
$pt = $pk->getPermissionAssignmentObject();
if (is_object($pt)) {
$pt->clearPermissionAssignment();
}
// now we assign the page draft owner access entity
$pa = PermissionAccess::create($pk);
$pe = PageOwnerPermissionAccessEntity::getOrCreate();
$pa->addListItem($pe);
$pt->assignPermissionAccess($pa);
return $ptt;
}
}
