/**
* Returns the vote for the given parameters.
*
* This method must return one of the following constants:
* ACCESS_GRANTED, ACCESS_DENIED, or ACCESS_ABSTAIN.
*
* @param TokenInterface $token A TokenInterface instance
* @param object $object The object to secure
* @param array $attributes An array of attributes associated with the method being invoked
*
* @return integer either ACCESS_GRANTED, ACCESS_ABSTAIN, or ACCESS_DENIED
*/
public function vote(TokenInterface $token, $object, array $attributes)
{
foreach ($attributes as $attribute) {
if ($this->supportsAttribute($attribute)) {
if ($this->repository->hasAccess($attribute->module, $attribute->function) === false) {
return VoterInterface::ACCESS_DENIED;
}
return VoterInterface::ACCESS_GRANTED;
}
}
return VoterInterface::ACCESS_ABSTAIN;
}
/**
* Publish the content type and update content objects.
*
* This method updates content objects, depending on the changed field definitions.
*
* @throws \eZ\Publish\API\Repository\Exceptions\BadStateException If the content type has no draft
* @throws \eZ\Publish\API\Repository\Exceptions\InvalidArgumentException If the content type has no field definitions
* @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the user is not allowed to publish a content type
*
* @param \eZ\Publish\API\Repository\Values\ContentType\ContentTypeDraft $contentTypeDraft
*/
public function publishContentTypeDraft(APIContentTypeDraft $contentTypeDraft)
{
if ($this->repository->hasAccess('class', 'update') !== true) {
throw new UnauthorizedException('ContentType', 'update');
}
try {
$loadedContentTypeDraft = $this->loadContentTypeDraft($contentTypeDraft->id);
} catch (APINotFoundException $e) {
throw new BadStateException("\$contentTypeDraft", "The content type does not have a draft.", $e);
}
if (count($loadedContentTypeDraft->getFieldDefinitions()) === 0) {
throw new InvalidArgumentException("\$contentTypeDraft", "The content type draft should have at least one field definition.");
}
$this->repository->beginTransaction();
try {
if (empty($loadedContentTypeDraft->nameSchema)) {
$fieldDefinitions = $loadedContentTypeDraft->getFieldDefinitions();
$this->contentTypeHandler->update($contentTypeDraft->id, $contentTypeDraft->status, $this->buildSPIContentTypeUpdateStruct($loadedContentTypeDraft, new ContentTypeUpdateStruct(array("nameSchema" => "<" . $fieldDefinitions[0]->identifier . ">"))));
}
$this->contentTypeHandler->publish($loadedContentTypeDraft->id);
$this->repository->commit();
} catch (Exception $e) {
$this->repository->rollback();
throw $e;
}
}
/**
* Checks if user has access to specified module and function.
*
* @param string $module The module, aka controller identifier to check permissions on
* @param string $function The function, aka the controller action to check permissions on
* @param \eZ\Publish\API\Repository\Values\User\User $user
*
* @return bool|array if limitations are on this function an array of limitations is returned
*/
public function hasAccess($module, $function, User $user = null)
{
// Full access if sudo nesting level is set by sudo method
if ($this->sudoNestingLevel > 0) {
return true;
}
return $this->repository->hasAccess($module, $function, $user);
}
/**
* Loads a Section from its identifier ($sectionIdentifier)
*
* @throws \eZ\Publish\API\Repository\Exceptions\NotFoundException if section could not be found
* @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException If the current user user is not allowed to read a section
*
* @param string $sectionIdentifier
*
* @return \eZ\Publish\API\Repository\Values\Content\Section
*/
public function loadSectionByIdentifier($sectionIdentifier)
{
if (!is_string($sectionIdentifier) || empty($sectionIdentifier)) {
throw new InvalidArgumentValue("sectionIdentifier", $sectionIdentifier);
}
if ($this->repository->hasAccess('section', 'view') !== true) {
throw new UnauthorizedException('section', 'view');
}
$spiSection = $this->sectionHandler->loadByIdentifier($sectionIdentifier);
return $this->buildDomainSectionObject($spiSection);
}
/**
* Returns the roles assigned to the given user group
*
* @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the authenticated user is not allowed to read a role
*
* @param \eZ\Publish\API\Repository\Values\User\UserGroup $userGroup
*
* @return \eZ\Publish\API\Repository\Values\User\UserGroupRoleAssignment[]
*/
public function getRoleAssignmentsForUserGroup(UserGroup $userGroup)
{
if ($this->repository->hasAccess('role', 'read') !== true) {
throw new UnauthorizedException('role', 'read');
}
$roleAssignments = array();
$spiRoleAssignments = $this->userHandler->loadRoleAssignmentsByGroupId($userGroup->id);
foreach ($spiRoleAssignments as $spiRoleAssignment) {
$roleAssignments[] = $this->buildDomainUserGroupRoleAssignmentObject($spiRoleAssignment, $userGroup);
}
return $roleAssignments;
}
/**
* removes an url wildcard.
*
* @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the user is not allowed to remove url wildcards
*
* @param \eZ\Publish\API\Repository\Values\Content\UrlWildcard $urlWildcard the url wildcard to remove
*/
public function remove(URLWildcard $urlWildcard)
{
if ($this->repository->hasAccess('content', 'urltranslator') !== true) {
throw new UnauthorizedException('content', 'urltranslator');
}
$this->repository->beginTransaction();
try {
$this->urlWildcardHandler->remove($urlWildcard->id);
$this->repository->commit();
} catch (Exception $e) {
$this->repository->rollback();
throw $e;
}
}
/**
* Deletes a object state. The state of the content objects is reset to the
* first object state in the group.
*
* @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the user is not allowed to delete an object state
*
* @param \eZ\Publish\API\Repository\Values\ObjectState\ObjectState $objectState
*/
public function deleteObjectState(APIObjectState $objectState)
{
if ($this->repository->hasAccess('state', 'administrate') !== true) {
throw new UnauthorizedException('state', 'administrate');
}
$loadedObjectState = $this->loadObjectState($objectState->id);
$this->repository->beginTransaction();
try {
$this->objectStateHandler->delete($loadedObjectState->id);
$this->repository->commit();
} catch (Exception $e) {
$this->repository->rollback();
throw $e;
}
}
/**
* Deletes a trash item.
*
* The corresponding content object will be removed
*
* @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the user is not allowed to delete this trash item
*
* @param \eZ\Publish\API\Repository\Values\Content\TrashItem $trashItem
*/
public function deleteTrashItem(APITrashItem $trashItem)
{
if ($this->repository->hasAccess('content', 'cleantrash') !== true) {
throw new UnauthorizedException('content', 'cleantrash');
}
if (!is_numeric($trashItem->id)) {
throw new InvalidArgumentValue("id", $trashItem->id, "TrashItem");
}
$this->repository->beginTransaction();
try {
$this->persistenceHandler->trashHandler()->deleteTrashItem($trashItem->id);
$this->repository->commit();
} catch (Exception $e) {
$this->repository->rollback();
throw $e;
}
}
/**
* Deletes a language from content repository
*
* @throws \eZ\Publish\API\Repository\Exceptions\InvalidArgumentException
* if language can not be deleted
* because it is still assigned to some content / type / (...).
* @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException If user does not have access to content translations
*
* @param \eZ\Publish\API\Repository\Values\Content\Language $language
*/
public function deleteLanguage(Language $language)
{
if ($this->repository->hasAccess('content', 'translations') !== true) {
throw new UnauthorizedException('content', 'translations');
}
$loadedLanguage = $this->loadLanguageById($language->id);
$this->repository->beginTransaction();
try {
$this->languageHandler->delete($loadedLanguage->id);
$this->repository->commit();
} catch (LogicException $e) {
$this->repository->rollback();
throw new InvalidArgumentException("language", $e->getMessage(), $e);
} catch (Exception $e) {
$this->repository->rollback();
throw $e;
}
}
/**
* Deletes $tag and all its descendants and synonyms.
*
* If $tag is a synonym, only the synonym is deleted
*
* @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException If the current user is not allowed to delete this tag
* @throws \eZ\Publish\API\Repository\Exceptions\NotFoundException If the specified tag is not found
*
* @param \Netgen\TagsBundle\API\Repository\Values\Tags\Tag $tag
*/
public function deleteTag(Tag $tag)
{
if ($tag->mainTagId > 0) {
if ($this->repository->hasAccess('tags', 'deletesynonym') !== true) {
throw new UnauthorizedException('tags', 'deletesynonym');
}
} else {
if ($this->repository->hasAccess('tags', 'delete') !== true) {
throw new UnauthorizedException('tags', 'delete');
}
}
$this->repository->beginTransaction();
try {
$this->tagsHandler->deleteTag($tag->id);
$this->repository->commit();
} catch (Exception $e) {
$this->repository->rollback();
throw $e;
}
}
/**
* Check if user has access to a given module / function
*
* Low level function, use canUser instead if you have objects to check against.
*
* @param string $module
* @param string $function
* @param \eZ\Publish\API\Repository\Values\User\User $user
*
* @return boolean|array Bool if user has full or no access, array if limitations if not
*/
public function hasAccess($module, $function, User $user = null)
{
return $this->repository->hasAccess($module, $function, $user);
}
