function getByNameAndPartnerId($roleName, $partnerId)
{
$c = new Criteria();
$c->addAnd(UserRolePeer::PARTNER_ID, $partnerId, Criteria::EQUAL);
$c->addAnd(UserRolePeer::NAME, $roleName, Criteria::EQUAL);
UserRolePeer::setUseCriteriaFilter(false);
$userRole = UserRolePeer::doSelectOne($c);
UserRolePeer::setUseCriteriaFilter(true);
return $userRole;
}
public function getListResponse(KalturaFilterPager $pager, KalturaDetachedResponseProfile $responseProfile = null)
{
$userRoleFilter = $this->toObject();
$c = new Criteria();
$userRoleFilter->attachToCriteria($c);
$count = UserRolePeer::doCount($c);
$pager->attachToCriteria($c);
$list = UserRolePeer::doSelect($c);
$response = new KalturaUserRoleListResponse();
$response->objects = KalturaUserRoleArray::fromDbArray($list, $responseProfile);
$response->totalCount = $count;
return $response;
}
function getAdminUsers($lastUser, $userLimitEachLoop)
{
kuserPeer::clearInstancePool();
UserRolePeer::clearInstancePool();
$c = new Criteria();
$c->addAnd(kuserPeer::ID, $lastUser, Criteria::GREATER_THAN);
$c->addAnd(kuserPeer::IS_ADMIN, true, Criteria::EQUAL);
$c->addAscendingOrderByColumn(kuserPeer::ID);
$c->setLimit($userLimitEachLoop);
kuserPeer::setUseCriteriaFilter(false);
$users = kuserPeer::doSelect($c);
kuserPeer::setUseCriteriaFilter(true);
return $users;
}
/**
* Cleans up the environment after running a test.
*/
protected function tearDown()
{
UserRolePeer::clearInstancePool();
PermissionPeer::clearInstancePool();
PermissionItemPeer::clearInstancePool();
kuserPeer::clearInstancePool();
PartnerPeer::clearInstancePool();
$this->client = null;
PermissionItemPeer::setUseCriteriaFilter(false);
foreach ($this->addedPermissionItemIds as $id) {
try {
$obj = PermissionItemPeer::retrieveByPK($id);
if ($obj) {
$obj->delete();
}
} catch (PropelException $e) {
}
}
PermissionItemPeer::setUseCriteriaFilter(true);
$this->addedPermissionItemIds = array();
parent::tearDown();
}
/**
* Init with allowed permissions for the user in the given KS or kCurrentContext if not KS given
* kCurrentContext::init should have been executed before!
* @param string $ks KS to extract user and partner IDs from instead of kCurrentContext
* @param boolean $useCache use cache or not
* @throws TODO: add all exceptions
*/
public static function init($useCache = null)
{
// verify that kCurrentContext::init has been executed since it must be used to init current context permissions
if (!kCurrentContext::$ksPartnerUserInitialized) {
KalturaLog::crit('kCurrentContext::initKsPartnerUser must be executed before initializing kPermissionManager');
throw new Exception('kCurrentContext has not been initialized!', null);
}
// can be initialized more than once to support multirequest with different kCurrentContext parameters
self::$initialized = false;
self::$useCache = $useCache ? true : false;
// copy kCurrentContext parameters (kCurrentContext::init should have been executed before)
self::$requestedPartnerId = !self::isEmpty(kCurrentContext::$partner_id) ? kCurrentContext::$partner_id : null;
self::$ksPartnerId = !self::isEmpty(kCurrentContext::$ks_partner_id) ? kCurrentContext::$ks_partner_id : null;
self::$ksUserId = !self::isEmpty(kCurrentContext::$ks_uid) ? kCurrentContext::$ks_uid : null;
self::$ksString = kCurrentContext::$ks ? kCurrentContext::$ks : null;
self::$adminSession = !self::isEmpty(kCurrentContext::$is_admin_session) ? kCurrentContext::$is_admin_session : false;
// clear instance pools
//TODO: may not be needed
UserRolePeer::clearInstancePool();
PermissionPeer::clearInstancePool();
PermissionItemPeer::clearInstancePool();
PermissionToPermissionItemPeer::clearInstancePool();
kuserPeer::clearInstancePool();
// if ks defined - check that it is valid
self::errorIfKsNotValid();
// init partner, user, and role objects
self::initPartnerUserObjects();
// throw an error if KS partner (operating partner) is blocked
self::errorIfPartnerBlocked();
// init role ids
self::initRoleIds();
// init permissions map
self::initPermissionsMap();
// initialization done
self::$initialized = true;
return true;
}
/**
* Find object by primary key using raw SQL to go fast.
* Bypass doSelect() and the object formatter by using generated code.
*
* @param mixed $key Primary key to use for the query
* @param PropelPDO $con A connection object
*
* @return UserRole A model object, or null if the key is not found
* @throws PropelException
*/
protected function findPkSimple($key, $con)
{
$sql = 'SELECT `user_id`, `role_key`, `created_at`, `updated_at`, `created_by`, `updated_by` FROM `user_roles` WHERE `user_id` = :p0 AND `role_key` = :p1';
try {
$stmt = $con->prepare($sql);
$stmt->bindValue(':p0', $key[0], PDO::PARAM_INT);
$stmt->bindValue(':p1', $key[1], PDO::PARAM_STR);
$stmt->execute();
} catch (Exception $e) {
Propel::log($e->getMessage(), Propel::LOG_ERR);
throw new PropelException(sprintf('Unable to execute SELECT statement [%s]', $sql), $e);
}
$obj = null;
if ($row = $stmt->fetch(PDO::FETCH_NUM)) {
$obj = new UserRole();
$obj->hydrate($row);
UserRolePeer::addInstanceToPool($obj, serialize(array((string) $key[0], (string) $key[1])));
}
$stmt->closeCursor();
return $obj;
}
function getNewRole($oldRoleName, $userRoles)
{
if (!$oldRoleName) {
$oldRoleName = 'guest';
}
if (!isset($userRoles[$oldRoleName])) {
KalturaLog::alert('New role name was not found for old role name [' . $oldRoleName . ']');
return null;
}
$c = new Criteria();
$c->addAnd(UserRolePeer::PARTNER_ID, ADMIN_CONSOLE_PARTNER_ID, Criteria::EQUAL);
$c->addAnd(UserRolePeer::ID, $userRoles[$oldRoleName]->getId(), Criteria::EQUAL);
$c->addAnd(UserRolePeer::TAGS, '%admin_console%', Criteria::LIKE);
UserRolePeer::clearInstancePool();
UserRolePeer::setUseCriteriaFilter(false);
$newRole = UserRolePeer::doSelectOne($c);
UserRolePeer::setUseCriteriaFilter(true);
if (!$newRole) {
KalturaLog::alert('Role with id [' . $userRoles[$oldRoleName]->getId() . '] was not found in DB!');
return null;
}
return $newRole;
}
/**
* Getter returns the indexed version of the permission names on the role of the kuser separated by commas
* @return string
*/
public function getIndexedPermissionNames()
{
$permissionNamesArray = array();
if ($this->getRoleIds()) {
$roleIds = explode(",", $this->getRoleIds());
foreach ($roleIds as $roleId) {
$role = UserRolePeer::retrieveByPK($roleId);
$permissionNames = $role->getPermissionNames(null, true);
$permissionNames = str_replace("*", self::UNIVERSAL_PERMISSION, $permissionNames);
$permissionNamesArray = array_merge($permissionNamesArray, explode(",", $permissionNames));
}
}
return self::getIndexedFieldValue('kuserPeer::PERMISSION_NAMES', implode(',', $permissionNamesArray), $this->getPartnerId());
}
}
$criteria->addAnd(UserRolePeer::NAME, $roleName, Criteria::EQUAL);
$criteria->addAscendingOrderByColumn(UserRolePeer::ID);
$criteria->setLimit($page);
$userRoles = UserRolePeer::doSelect($criteria);
while (count($userRoles)) {
KalturaLog::info("[" . count($userRoles) . "] user roles .");
foreach ($userRoles as $userRole) {
foreach ($parmissionNames as $parmissionName) {
addPermissionsToRole($userRole, $parmissionName);
}
}
kMemoryManager::clearMemory();
$nextCriteria = clone $criteria;
$nextCriteria->add(UserRolePeer::ID, $userRole->getId(), Criteria::GREATER_THAN);
$userRoles = UserRolePeer::doSelect($nextCriteria);
usleep(100);
}
KalturaLog::info("Done");
function addPermissionsToRole($role, $permissionList)
{
$currentPermissions = $role->getPermissionNames(false, true);
if (UserRole::ALL_PARTNER_PERMISSIONS_WILDCARD == $currentPermissions) {
return;
}
$currentPermissionsArray = explode(',', $currentPermissions);
$permissionsToAddArray = explode(',', $permissionList);
$tempArray = array();
foreach ($permissionsToAddArray as $perm) {
if (in_array($perm, $currentPermissionsArray)) {
KalturaLog::log('Role name [' . $role->getName() . '] already has permission [' . $perm . ']');
public static function copyUserRoles(Partner $fromPartner, Partner $toPartner)
{
KalturaLog::log('Copying user roles from partner [' . $fromPartner->getId() . '] to partner [' . $toPartner->getId() . ']');
UserRolePeer::setUseCriteriaFilter(false);
$c = new Criteria();
$c->addAnd(UserRolePeer::PARTNER_ID, $fromPartner->getId(), Criteria::EQUAL);
$c->addDescendingOrderByColumn(UserRolePeer::CREATED_AT);
$roles = UserRolePeer::doSelect($c);
UserRolePeer::setUseCriteriaFilter(true);
foreach ($roles as $role) {
$newRole = $role->copyToPartner($toPartner->getId());
$newRole->save();
}
}
/**
* Adds a new kuser and user_login_data records as needed
* @param kuser $user
* @param string $password
* @param bool $checkPasswordStructure
* @throws kUserException::USER_NOT_FOUND
* @throws kUserException::USER_ALREADY_EXISTS
* @throws kUserException::INVALID_EMAIL
* @throws kUserException::INVALID_PARTNER
* @throws kUserException::ADMIN_LOGIN_USERS_QUOTA_EXCEEDED
* @throws kUserException::LOGIN_ID_ALREADY_USED
* @throws kUserException::PASSWORD_STRUCTURE_INVALID
* @throws kPermissionException::ROLE_ID_MISSING
* @throws kPermissionException::ONLY_ONE_ROLE_PER_USER_ALLOWED
*/
public static function addUser(kuser $user, $password = null, $checkPasswordStructure = true, $sendEmail = null)
{
if (!$user->getPuserId()) {
throw new kUserException('', kUserException::USER_ID_MISSING);
}
// check if user with the same partner and puserId already exists
$existingUser = kuserPeer::getKuserByPartnerAndUid($user->getPartnerId(), $user->getPuserId());
if ($existingUser) {
throw new kUserException('', kUserException::USER_ALREADY_EXISTS);
}
// check if roles are valid - may throw exceptions
if (!$user->getRoleIds() && $user->getIsAdmin()) {
// assign default role according to user type admin / normal
$userRoleId = $user->getPartner()->getAdminSessionRoleId();
$user->setRoleIds($userRoleId);
}
UserRolePeer::testValidRolesForUser($user->getRoleIds(), $user->getPartnerId());
if ($user->getScreenName() === null) {
$user->setScreenName($user->getPuserId());
}
if ($user->getFullName() === null) {
$user->setFirstName($user->getPuserId());
}
if (is_null($user->getStatus())) {
$user->setStatus(KuserStatus::ACTIVE);
}
// if password is set, user should be able to login to the system - add a user_login_data record
if ($password || $user->getIsAdmin()) {
// throws an action on error
$user->enableLogin($user->getEmail(), $password, $checkPasswordStructure, $sendEmail);
}
$user->save();
return $user;
}
public function getWidgetSessionRoleId()
{
$id = $this->getFromCustomData('widget_session_role_id');
if (!$id) {
$id = UserRolePeer::getIdByStrId(UserRoleId::WIDGET_SESSION_ROLE);
}
return $id;
}
/**
* This is a method for emulating ON DELETE CASCADE for DBs that don't support this
* feature (like MySQL or SQLite).
*
* This method is not very speedy because it must perform a query first to get
* the implicated records and then perform the deletes by calling those Peer classes.
*
* This method should be used within a transaction if possible.
*
* @param Criteria $criteria
* @param PropelPDO $con
* @return int The number of affected rows (if supported by underlying database driver).
*/
protected static function doOnDeleteCascade(Criteria $criteria, PropelPDO $con)
{
// initialize var to track total num of affected rows
$affectedRows = 0;
// first find the objects that are implicated by the $criteria
$objects = RolePeer::doSelect($criteria, $con);
foreach ($objects as $obj) {
// delete related GroupRole objects
$criteria = new Criteria(GroupRolePeer::DATABASE_NAME);
$criteria->add(GroupRolePeer::ROLE_KEY, $obj->getRoleKey());
$affectedRows += GroupRolePeer::doDelete($criteria, $con);
// delete related UserRole objects
$criteria = new Criteria(UserRolePeer::DATABASE_NAME);
$criteria->add(UserRolePeer::ROLE_KEY, $obj->getRoleKey());
$affectedRows += UserRolePeer::doDelete($criteria, $con);
// delete related Right objects
$criteria = new Criteria(RightPeer::DATABASE_NAME);
$criteria->add(RightPeer::ROLE_KEY, $obj->getRoleKey());
$affectedRows += RightPeer::doDelete($criteria, $con);
}
return $affectedRows;
}
/**
* Retrieve object using using composite pkey values.
* @param int $user_id
* @param string $role_key
* @param PropelPDO $con
* @return UserRole
*/
public static function retrieveByPK($user_id, $role_key, PropelPDO $con = null)
{
$_instancePoolKey = serialize(array((string) $user_id, (string) $role_key));
if (null !== ($obj = UserRolePeer::getInstanceFromPool($_instancePoolKey))) {
return $obj;
}
if ($con === null) {
$con = Propel::getConnection(UserRolePeer::DATABASE_NAME, Propel::CONNECTION_READ);
}
$criteria = new Criteria(UserRolePeer::DATABASE_NAME);
$criteria->add(UserRolePeer::USER_ID, $user_id);
$criteria->add(UserRolePeer::ROLE_KEY, $role_key);
$v = UserRolePeer::doSelect($criteria, $con);
return !empty($v) ? $v[0] : null;
}
function getOrCreateUserSessionRole($partnerId)
{
PartnerPeer::clearInstancePool();
$partner = PartnerPeer::retrieveByPK($partnerId);
$role = null;
$id = $partner->getUserSessionRoleId();
if ($id) {
$role = UserRolePeer::retrieveByPK($id);
}
if (!$role) {
$role = new UserRole();
$role->setPartnerId($partnerId);
$role->setStatus(UserRoleStatus::ACTIVE);
$role->setName('Partner ' . $partnerId . ' user session permission');
$role->setDescription('Partner ' . $partnerId . ' user session permission');
$role->setPermissionNames(PermissionName::USER_SESSION_PERMISSION);
$role->save();
}
return $role;
}
private static function initRoleIds()
{
$roleIds = null;
if (!self::$operatingPartner || !self::$ksString) {
// no partner or session -> no role
$roleIds = null;
} else {
$ks = ks::fromSecureString(self::$ksString);
$ksSetRoleId = $ks->getSetRole();
if ($ksSetRoleId) {
//check if role exists
$c = new Criteria();
$c->addAnd(is_numeric($ksSetRoleId) ? UserRolePeer::ID : UserRolePeer::SYSTEM_NAME, $ksSetRoleId, Criteria::EQUAL);
$c->addAnd(UserRolePeer::PARTNER_ID, array(self::$ksPartnerId, PartnerPeer::GLOBAL_PARTNER), Criteria::IN);
$roleId = UserRolePeer::doSelectOne($c);
if ($roleId) {
$roleIds = $roleId->getId();
} else {
KalturaLog::debug("Role id [{$ksSetRoleId}] does not exists");
throw new KalturaAPIException(APIErrors::UNKNOWN_ROLE_ID, $ksSetRoleId);
}
}
// if user is defined -> get his role IDs
if (!$roleIds && self::$kuser) {
$roleIds = self::$kuser->getRoleIds();
}
// if user has no defined roles or no user is defined -> get default role IDs according to session type (admin/not)
if (!$roleIds) {
if ($ks->isWidgetSession()) {
//there is only one partner widget role defined in the system
$roleIds = self::$operatingPartner->getWidgetSessionRoleId();
} elseif (self::$adminSession) {
// there is only one partner admin role defined in the system
$roleIds = self::$operatingPartner->getAdminSessionRoleId();
} else {
// a partner may have special defined user session roles - get them from partner object
$roleIds = self::$operatingPartner->getUserSessionRoleId();
}
}
if ($roleIds) {
$roleIds = explode(',', trim($roleIds, ','));
}
}
self::$roleIds = $roleIds;
}
/**
* Populates the object using an array.
*
* This is particularly useful when populating an object from one of the
* request arrays (e.g. $_POST). This method goes through the column
* names, checking to see whether a matching key exists in populated
* array. If so the setByName() method is called for that column.
*
* You can specify the key type of the array by additionally passing one
* of the class type constants BasePeer::TYPE_PHPNAME, BasePeer::TYPE_STUDLYPHPNAME,
* BasePeer::TYPE_COLNAME, BasePeer::TYPE_FIELDNAME, BasePeer::TYPE_NUM.
* The default key type is the column's phpname (e.g. 'AuthorId')
*
* @param array $arr An array to populate the object from.
* @param string $keyType The type of keys the array uses.
* @return void
*/
public function fromArray($arr, $keyType = BasePeer::TYPE_PHPNAME)
{
$keys = UserRolePeer::getFieldNames($keyType);
if (array_key_exists($keys[0], $arr)) {
$this->setId($arr[$keys[0]]);
}
if (array_key_exists($keys[1], $arr)) {
$this->setStrId($arr[$keys[1]]);
}
if (array_key_exists($keys[2], $arr)) {
$this->setName($arr[$keys[2]]);
}
if (array_key_exists($keys[3], $arr)) {
$this->setDescription($arr[$keys[3]]);
}
if (array_key_exists($keys[4], $arr)) {
$this->setPartnerId($arr[$keys[4]]);
}
if (array_key_exists($keys[5], $arr)) {
$this->setStatus($arr[$keys[5]]);
}
if (array_key_exists($keys[6], $arr)) {
$this->setPermissionNames($arr[$keys[6]]);
}
if (array_key_exists($keys[7], $arr)) {
$this->setTags($arr[$keys[7]]);
}
if (array_key_exists($keys[8], $arr)) {
$this->setCreatedAt($arr[$keys[8]]);
}
if (array_key_exists($keys[9], $arr)) {
$this->setUpdatedAt($arr[$keys[9]]);
}
if (array_key_exists($keys[10], $arr)) {
$this->setCustomData($arr[$keys[10]]);
}
}
/**
* Checks if the current user has one of the permissions with the given names
* @param array $permissionNamesArray Permission names
* @return true or false
*/
public function hasPermissionOr(array $permissionNamesArray)
{
$roleIds = explode(',', $this->getRoleIds());
foreach ($roleIds as $roleId) {
$userRole = UserRolePeer::retrieveByPK($roleId);
if ($userRole) {
$permissions = explode(',', $userRole->getPermissionNames());
foreach ($permissionNamesArray as $permissionName) {
if (in_array($permissionName, $permissions)) {
return true;
}
}
}
}
return false;
}
<?php
/**
* enable feature for each partner
* set to all partners with partner->partnerPackage > 1 to 1
* @package Deployment
* @subpackage updates
*/
$dryRun = true;
//TODO: change for real run
if (in_array('realrun', $argv)) {
$dryRun = false;
}
require_once dirname(__FILE__) . '/../../bootstrap.php';
$con = myDbHelper::getConnection(myDbHelper::DB_HELPER_CONN_PROPEL2);
KalturaStatement::setDryRun($dryRun);
$c = new Criteria();
$c->add(UserRolePeer::NAME, "System Administrator", Criteria::EQUAL);
$adminRoles = UserRolePeer::doSelect($c, $con);
foreach ($adminRoles as $adminRole) {
$c = new Criteria();
$c->add(KuserToUserRolePeer::USER_ROLE_ID, $adminRole->getId(), Criteria::EQUAL);
$admins = KuserToUserRolePeer::doSelect($c, $con);
foreach ($admins as $admin) {
$adminUser = $admin->getkuser($con);
if ($adminUser) {
$adminUser->setAllowedPartners('*');
$adminUser->save();
}
}
}
public static function validatePrivileges($privileges, $partnerId)
{
// break all privileges to their pairs - this is to support same "multi-priv" method expected for
// edit privilege (edit:XXX,edit:YYY,...)
$allPrivileges = explode(',', $privileges);
// foreach pair - check privileges on playlist
foreach ($allPrivileges as $priv) {
// extract playlist ID from pair
$exPrivileges = explode(':', $priv);
//validate setRole
if ($exPrivileges[0] == self::PRIVILEGE_SET_ROLE) {
$c = new Criteria();
$c->addAnd(is_numeric($exPrivileges[1]) ? UserRolePeer::ID : UserRolePeer::SYSTEM_NAME, $exPrivileges[1], Criteria::EQUAL);
$c->addAnd(UserRolePeer::PARTNER_ID, array($partnerId, PartnerPeer::GLOBAL_PARTNER), Criteria::IN);
$roleId = UserRolePeer::doSelectOne($c);
if ($roleId) {
$roleIds = $roleId->getId();
} else {
KalturaLog::debug("Role id [{$exPrivileges['1']}] does not exists");
throw new kCoreException(kCoreException::INTERNAL_SERVER_ERROR, APIErrors::UNKNOWN_ROLE_ID, $exPrivileges[1]);
}
}
}
}
/**
* Will return a UserRole object with the given $roleName and given $partnerId (or partner 0)
* @param string $roleName
* @param int $partnerId
* @return UserRole
*/
public static function getByNameAndPartnerId($roleName, $partnerId)
{
$c = new Criteria();
$c->addAnd(UserRolePeer::PARTNER_ID, array($partnerId, PartnerPeer::GLOBAL_PARTNER), Criteria::IN);
$c->addAnd(UserRolePeer::NAME, $roleName, Criteria::EQUAL);
$c->addAnd(UserRolePeer::STATUS, UserRoleStatus::DELETED, Criteria::NOT_EQUAL);
UserRolePeer::setUseCriteriaFilter(false);
$userRole = UserRolePeer::doSelectOne($c);
UserRolePeer::setUseCriteriaFilter(true);
return $userRole;
}
public function testUpdateAction()
{
$this->startSession(KalturaSessionType::ADMIN, $this->getDbPartner()->getAdminUserId());
// failure to update partner 0 roles
$c = new Criteria();
$c->addAnd(UserRolePeer::PARTNER_ID, PartnerPeer::GLOBAL_PARTNER, Criteria::EQUAL);
$partner0Roles = UserRolePeer::doSelect($c);
for ($i = 1; $i < 4; $i++) {
$randId = rand(0, count($partner0Roles) - 1);
$exceptionThrown = false;
$updateRole = new KalturaUserRole();
$updateRole->name = uniqid();
try {
$this->client->userRole->update($partner0Roles[$randId]->getId(), $updateRole);
} catch (Exception $e) {
$exceptionThrown = $e;
}
$this->checkException($exceptionThrown, 'INVALID_OBJECT_ID');
}
// add a new role to test with
$newRole = new KalturaUserRole();
$newRole->name = uniqid();
$addedRole = $this->addRoleWrap($newRole);
// failure to add a permisison which the partner does not have
$updateRole = new KalturaUserRole();
$updateRole->permissionNames = PermissionName::BATCH_BASE;
$exceptionThrown = false;
try {
$addedRole = $this->client->userRole->update($addedRole->id, $updateRole);
} catch (Exception $e) {
$exceptionThrown = $e;
}
$this->checkException($exceptionThrown, 'PERMISSION_NOT_FOUND');
// success adding and removing valid permissions
$updateRole = new KalturaUserRole();
$updateRole->permissionNames = PermissionName::ACCOUNT_BASE . ',' . PermissionName::CONTENT_MANAGE_EMBED_CODE;
$resultRole = $this->client->userRole->update($addedRole->id, $updateRole);
$this->assertEquals($updateRole->permissionNames, $resultRole->permissionNames);
// replace permissions test - verify that old permissions are no more returned
$updateRole = new KalturaUserRole();
$updateRole->permissionNames = PermissionName::CONTENT_INGEST_BULK_UPLOAD . ',' . PermissionName::CUSTOM_DATA_PROFILE_DELETE;
$resultRole = $this->client->userRole->update($addedRole->id, $updateRole);
$this->assertEquals($updateRole->permissionNames, $resultRole->permissionNames);
// success updating name, description and status
$updateRole = new KalturaUserRole();
$updateRole->name = uniqid();
$updateRole->description = uniqid();
$updateRole->status = KalturaUserRoleStatus::BLOCKED;
$resultRole = $this->client->userRole->update($addedRole->id, $updateRole);
$this->assertEquals($updateRole->name, $resultRole->name);
$this->assertEquals($updateRole->description, $resultRole->description);
$this->assertEquals($updateRole->status, $resultRole->status);
// failure to update partner id
$updateRole = new KalturaUserRole();
$updateRole->partnerId = rand(100, 300);
$exceptionThrown = false;
try {
$addedRole = $this->client->userRole->update($addedRole->id, $updateRole);
} catch (Exception $e) {
$exceptionThrown = $e;
}
$this->checkException($exceptionThrown, 'PROPERTY_VALIDATION_NOT_UPDATABLE');
// failure to update role id
$updateRole = new KalturaUserRole();
$updateRole->id = rand(1, 1000);
$exceptionThrown = false;
try {
$addedRole = $this->client->userRole->update($addedRole->id, $updateRole);
} catch (Exception $e) {
$exceptionThrown = $e;
}
$this->checkException($exceptionThrown, 'PROPERTY_VALIDATION_NOT_UPDATABLE');
// failure to update createdAt
$updateRole = new KalturaUserRole();
$updateRole->createdAt = time();
$exceptionThrown = false;
try {
$addedRole = $this->client->userRole->update($addedRole->id, $updateRole);
} catch (Exception $e) {
$exceptionThrown = $e;
}
$this->checkException($exceptionThrown, 'PROPERTY_VALIDATION_NOT_UPDATABLE');
// failure to update updatedAt
$updateRole = new KalturaUserRole();
$updateRole->updatedAt = time();
$exceptionThrown = false;
try {
$addedRole = $this->client->userRole->update($addedRole->id, $updateRole);
} catch (Exception $e) {
$exceptionThrown = $e;
}
$this->checkException($exceptionThrown, 'PROPERTY_VALIDATION_NOT_UPDATABLE');
//TODO: verify that only given parameters were updated and not other parameters
}
public function getFieldNameFromPeer($field_name)
{
$res = UserRolePeer::translateFieldName($field_name, $this->field_name_translation_type, BasePeer::TYPE_COLNAME);
return $res;
}
/**
* Update existing user, it is possible to update the user id too
*
* @action update
* @param string $userId
* @param KalturaUser $user
* @return KalturaUser
*
* @throws KalturaErrors::INVALID_USER_ID
* @throws KalturaErrors::CANNOT_DELETE_OR_BLOCK_ROOT_ADMIN_USER
* @throws KalturaErrors::USER_ROLE_NOT_FOUND
* @throws KalturaErrors::ACCOUNT_OWNER_NEEDS_PARTNER_ADMIN_ROLE
*/
public function updateAction($userId, KalturaUser $user)
{
$dbUser = kuserPeer::getKuserByPartnerAndUid($this->getPartnerId(), $userId);
if (!$dbUser) {
throw new KalturaAPIException(KalturaErrors::INVALID_USER_ID, $userId);
}
if ($dbUser->getIsAdmin() && !is_null($user->isAdmin) && !$user->isAdmin) {
throw new KalturaAPIException(KalturaErrors::CANNOT_SET_ROOT_ADMIN_AS_NO_ADMIN);
}
// update user
try {
if (!is_null($user->roleIds)) {
UserRolePeer::testValidRolesForUser($user->roleIds);
}
if ($user->id != $userId) {
$existingUser = kuserPeer::getKuserByPartnerAndUid($this->getPartnerId(), $user->id);
if ($existingUser) {
throw new KalturaAPIException(KalturaErrors::DUPLICATE_USER_BY_ID, $user->id);
}
}
$dbUser = $user->toUpdatableObject($dbUser);
$dbUser->save();
} catch (kPermissionException $e) {
$code = $e->getCode();
if ($code == kPermissionException::ROLE_ID_MISSING) {
throw new KalturaAPIException(KalturaErrors::ROLE_ID_MISSING);
}
if ($code == kPermissionException::ONLY_ONE_ROLE_PER_USER_ALLOWED) {
throw new KalturaAPIException(KalturaErrors::ONLY_ONE_ROLE_PER_USER_ALLOWED);
}
if ($code == kPermissionException::USER_ROLE_NOT_FOUND) {
throw new KalturaAPIException(KalturaErrors::USER_ROLE_NOT_FOUND);
}
if ($code == kPermissionException::ACCOUNT_OWNER_NEEDS_PARTNER_ADMIN_ROLE) {
throw new KalturaAPIException(KalturaErrors::ACCOUNT_OWNER_NEEDS_PARTNER_ADMIN_ROLE);
}
throw $e;
} catch (kUserException $e) {
$code = $e->getCode();
if ($code == kUserException::CANNOT_DELETE_OR_BLOCK_ROOT_ADMIN_USER) {
throw new KalturaAPIException(KalturaErrors::CANNOT_DELETE_OR_BLOCK_ROOT_ADMIN_USER);
}
throw $e;
}
$user = new KalturaUser();
$user->fromObject($dbUser);
return $user;
}
/**
* Selects a collection of KuserToUserRole objects pre-filled with all related objects except kuser.
*
* @param Criteria $criteria
* @param PropelPDO $con
* @param String $join_behavior the type of joins to use, defaults to Criteria::LEFT_JOIN
* @return array Array of KuserToUserRole objects.
* @throws PropelException Any exceptions caught during processing will be
* rethrown wrapped into a PropelException.
*/
public static function doSelectJoinAllExceptkuser(Criteria $criteria, $con = null, $join_behavior = Criteria::LEFT_JOIN)
{
$criteria = clone $criteria;
// Set the correct dbName if it has not been overridden
// $criteria->getDbName() will return the same object if not set to another value
// so == check is okay and faster
if ($criteria->getDbName() == Propel::getDefaultDB()) {
$criteria->setDbName(self::DATABASE_NAME);
}
KuserToUserRolePeer::addSelectColumns($criteria);
$startcol2 = KuserToUserRolePeer::NUM_COLUMNS - KuserToUserRolePeer::NUM_LAZY_LOAD_COLUMNS;
UserRolePeer::addSelectColumns($criteria);
$startcol3 = $startcol2 + (UserRolePeer::NUM_COLUMNS - UserRolePeer::NUM_LAZY_LOAD_COLUMNS);
$criteria->addJoin(KuserToUserRolePeer::USER_ROLE_ID, UserRolePeer::ID, $join_behavior);
$stmt = BasePeer::doSelect($criteria, $con);
$results = array();
while ($row = $stmt->fetch(PDO::FETCH_NUM)) {
$key1 = KuserToUserRolePeer::getPrimaryKeyHashFromRow($row, 0);
if (null !== ($obj1 = KuserToUserRolePeer::getInstanceFromPool($key1))) {
// We no longer rehydrate the object, since this can cause data loss.
// See http://propel.phpdb.org/trac/ticket/509
// $obj1->hydrate($row, 0, true); // rehydrate
} else {
$cls = KuserToUserRolePeer::getOMClass(false);
$obj1 = new $cls();
$obj1->hydrate($row);
KuserToUserRolePeer::addInstanceToPool($obj1, $key1);
}
// if obj1 already loaded
// Add objects for joined UserRole rows
$key2 = UserRolePeer::getPrimaryKeyHashFromRow($row, $startcol2);
if ($key2 !== null) {
$obj2 = UserRolePeer::getInstanceFromPool($key2);
if (!$obj2) {
$cls = UserRolePeer::getOMClass(false);
$obj2 = new $cls();
$obj2->hydrate($row, $startcol2);
UserRolePeer::addInstanceToPool($obj2, $key2);
}
// if $obj2 already loaded
// Add the $obj1 (KuserToUserRole) to the collection in $obj2 (UserRole)
$obj2->addKuserToUserRole($obj1);
}
// if joined row is not null
$results[] = $obj1;
}
$stmt->closeCursor();
return $results;
}
public static function getRoleIds(Partner $operatingPartner = null, kuser $kuser = null)
{
$roleIds = null;
$ksString = kCurrentContext::$ks;
$isAdminSession = !self::isEmpty(kCurrentContext::$is_admin_session) ? kCurrentContext::$is_admin_session : false;
if (!$ksString || !$operatingPartner && kCurrentContext::$ks_partner_id != Partner::BATCH_PARTNER_ID) {
$roleId = UserRolePeer::getIdByStrId(UserRoleId::NO_SESSION_ROLE);
if ($roleId) {
return array($roleId);
}
return null;
}
$ks = ks::fromSecureString($ksString);
$ksSetRoleId = $ks->getSetRole();
if ($ksSetRoleId) {
if ($ksSetRoleId == 'null') {
return null;
}
$ksPartnerId = !self::isEmpty(kCurrentContext::$ks_partner_id) ? kCurrentContext::$ks_partner_id : null;
//check if role exists
$c = new Criteria();
$c->addAnd(is_numeric($ksSetRoleId) ? UserRolePeer::ID : UserRolePeer::SYSTEM_NAME, $ksSetRoleId, Criteria::EQUAL);
$partnerIds = array_map('strval', array($ksPartnerId, PartnerPeer::GLOBAL_PARTNER));
$c->addAnd(UserRolePeer::PARTNER_ID, $partnerIds, Criteria::IN);
$roleId = UserRolePeer::doSelectOne($c);
if ($roleId) {
$roleIds = $roleId->getId();
} else {
KalturaLog::debug("Role id [{$ksSetRoleId}] does not exists");
throw new kCoreException("Unknown role Id [{$ksSetRoleId}]", kCoreException::ID_NOT_FOUND);
}
}
// if user is defined -> get his role IDs
if (!$roleIds && $kuser) {
$roleIds = $kuser->getRoleIds();
}
// if user has no defined roles or no user is defined -> get default role IDs according to session type (admin/not)
if (!$roleIds) {
if (!$operatingPartner) {
// use system default roles
if ($ks->isWidgetSession()) {
$strId = UserRoleId::WIDGET_SESSION_ROLE;
} elseif ($isAdminSession) {
$strId = UserRoleId::PARTNER_ADMIN_ROLE;
} else {
$strId = UserRoleId::BASE_USER_SESSION_ROLE;
}
$roleIds = UserRolePeer::getIdByStrId($strId);
} else {
if ($ks->isWidgetSession()) {
//there is only one partner widget role defined in the system
$roleIds = $operatingPartner->getWidgetSessionRoleId();
} elseif ($isAdminSession) {
// there is only one partner admin role defined in the system
$roleIds = $operatingPartner->getAdminSessionRoleId();
} else {
// a partner may have special defined user session roles - get them from partner object
$roleIds = $operatingPartner->getUserSessionRoleId();
}
}
}
if ($roleIds) {
$roleIds = explode(',', trim($roleIds, ','));
}
return $roleIds;
}
/**
* Creates a new user role object that is a duplicate of an existing role.
*
* @action clone
* @param int $userRoleId The user role's unique identifier
* @return KalturaUserRole The duplicate user role object
*
* @throws KalturaErrors::INVALID_OBJECT_ID
*/
public function cloneAction($userRoleId)
{
$dbUserRole = UserRolePeer::retrieveByPK($userRoleId);
if (!$dbUserRole || $dbUserRole->getStatus() == UserRoleStatus::DELETED || $dbUserRole->getPartnerId() != PartnerPeer::GLOBAL_PARTNER && $dbUserRole->getPartnerId() != $this->getPartnerId()) {
throw new KalturaAPIException(KalturaErrors::INVALID_OBJECT_ID, $userRoleId);
}
$newDbRole = $dbUserRole->copyToPartner($this->getPartnerId());
$newName = $newDbRole->getName() . ' copy (' . date("D j M o, H:i:s") . ')';
$newDbRole->setName($newName);
$newDbRole->save();
$userRole = new KalturaUserRole();
$userRole->fromObject($newDbRole, $this->getResponseProfile());
return $userRole;
}
<?php
/**
* @package deployment
*
* Update integration->notify permission name and related objects
*/
$script = realpath(dirname(__FILE__) . '/../../../../') . '/alpha/scripts/utils/permissions/addPermissionsAndItems.php';
$config = realpath(dirname(__FILE__)) . '/../../../permissions/partner.0.ini';
passthru("php {$script} {$config}");
$config = realpath(dirname(__FILE__)) . '/../../../permissions/service.integration.integration.ini';
passthru("php {$script} {$config}");
require_once dirname(__FILE__) . "/../../../../" . "alpha/scripts/bootstrap.php";
$userRole = UserRolePeer::getByNameAndPartnerId(kIntegrationFlowManager::EXTERNAL_INTEGRATION_SERVICES_ROLE_NAME, PartnerPeer::GLOBAL_PARTNER);
$permissionNamesStr = $userRole->getPermissionNames();
$permissionNamesArr = explode(",", $permissionNamesStr);
$permissionNamesArr = array_map('trim', $permissionNamesArr);
$index = array_search("VOICEBASE_ACTIONS", $permissionNamesArr);
if ($index !== false) {
unset($permissionNamesArr[$index]);
}
$permissionNamesArr[] = "INTEGRATION_ACTIONS";
$permissionNamesStr = implode(",", $permissionNamesArr);
$userRole->setPermissionNames($permissionNamesStr);
$userRole->save();
/**
* Get the associated UserRole object
*
* @param PropelPDO Optional Connection object.
* @return UserRole The associated UserRole object.
* @throws PropelException
*/
public function getUserRole(PropelPDO $con = null)
{
if ($this->aUserRole === null && $this->user_role_id !== null) {
$this->aUserRole = UserRolePeer::retrieveByPk($this->user_role_id);
/* The following can be used additionally to
guarantee the related object contains a reference
to this object. This level of coupling may, however, be
undesirable since it could result in an only partially populated collection
in the referenced object.
$this->aUserRole->addKuserToUserRoles($this);
*/
}
return $this->aUserRole;
}
/**
* Retrieve multiple objects by pkey.
*
* @param array $pks List of primary keys
* @param PropelPDO $con the connection to use
* @throws PropelException Any exceptions caught during processing will be
* rethrown wrapped into a PropelException.
*/
public static function retrieveByPKs($pks, PropelPDO $con = null)
{
$objs = null;
if (empty($pks)) {
$objs = array();
} else {
$criteria = new Criteria(UserRolePeer::DATABASE_NAME);
$criteria->add(UserRolePeer::ID, $pks, Criteria::IN);
$objs = UserRolePeer::doSelect($criteria, $con);
}
return $objs;
}
