/**
* Will return a UserRole object with the given $roleName and given $partnerId (or partner 0)
* @param string $roleName
* @param int $partnerId
* @return UserRole
*/
public static function getByNameAndPartnerId($roleName, $partnerId)
{
$c = new Criteria();
$c->addAnd(UserRolePeer::PARTNER_ID, array($partnerId, PartnerPeer::GLOBAL_PARTNER), Criteria::IN);
$c->addAnd(UserRolePeer::NAME, $roleName, Criteria::EQUAL);
UserRolePeer::setUseCriteriaFilter(false);
$userRole = UserRolePeer::doSelectOne($c);
UserRolePeer::setUseCriteriaFilter(true);
return $userRole;
}
/**
* Updates an existing user role object.
*
* @action update
* @param int $userRoleId The user role's unique identifier
* @param KalturaUserRole $userRole The user role's unique identifier
* @return KalturaUserRole The updated user role object
*
* @throws KalturaErrors::INVALID_OBJECT_ID
* @throws KalturaErrors::PERMISSION_NOT_FOUND
*/
public function updateAction($userRoleId, KalturaUserRole $userRole)
{
/* critera is used here instead of retrieveByPk on purpose!
if the current context is assigned to a partner 0 role, then retrieveByPk will return it from cache even though partner 0 is not in
the partner group for the current action and context */
$c = new Criteria();
$c->addAnd(UserRolePeer::ID, $userRoleId, Criteria::EQUAL);
if ($this->partnerGroup() != myPartnerUtils::ALL_PARTNERS_WILD_CHAR) {
$c->addAnd(UserRolePeer::PARTNER_ID, explode(',', $this->partnerGroup()), Criteria::IN);
}
$dbUserRole = UserRolePeer::doSelectOne($c);
if (!$dbUserRole) {
throw new KalturaAPIException(KalturaErrors::INVALID_OBJECT_ID, $userRoleId);
}
// cannot update name to a name that already exists
if ($userRole->name && $userRole->name != $dbUserRole->getName()) {
if (UserRolePeer::getByNameAndPartnerId($userRole->name, $this->getPartnerId())) {
throw new KalturaAPIException(KalturaErrors::ROLE_NAME_ALREADY_EXISTS);
}
}
if (!is_null($userRole->permissionNames) && !$userRole->permissionNames instanceof KalturaNullField) {
try {
PermissionPeer::checkValidPermissionsForRole($userRole->permissionNames, $this->getPartnerId());
} catch (kPermissionException $e) {
$code = $e->getCode();
if ($code == kPermissionException::PERMISSION_NOT_FOUND) {
throw new KalturaAPIException(KalturaErrors::PERMISSION_NOT_FOUND, $e->getMessage());
}
}
}
$dbUserRole = $userRole->toUpdatableObject($dbUserRole);
$dbUserRole->save();
$userRole = new KalturaUserRole();
$userRole->fromObject($dbUserRole, $this->getResponseProfile());
return $userRole;
}
function getNewRole($oldRoleName, $userRoles)
{
if (!$oldRoleName) {
$oldRoleName = 'guest';
}
if (!isset($userRoles[$oldRoleName])) {
KalturaLog::alert('New role name was not found for old role name [' . $oldRoleName . ']');
return null;
}
$c = new Criteria();
$c->addAnd(UserRolePeer::PARTNER_ID, ADMIN_CONSOLE_PARTNER_ID, Criteria::EQUAL);
$c->addAnd(UserRolePeer::ID, $userRoles[$oldRoleName]->getId(), Criteria::EQUAL);
$c->addAnd(UserRolePeer::TAGS, '%admin_console%', Criteria::LIKE);
UserRolePeer::clearInstancePool();
UserRolePeer::setUseCriteriaFilter(false);
$newRole = UserRolePeer::doSelectOne($c);
UserRolePeer::setUseCriteriaFilter(true);
if (!$newRole) {
KalturaLog::alert('Role with id [' . $userRoles[$oldRoleName]->getId() . '] was not found in DB!');
return null;
}
return $newRole;
}
public static function getRoleIds(Partner $operatingPartner = null, kuser $kuser = null)
{
$roleIds = null;
$ksString = kCurrentContext::$ks;
$isAdminSession = !self::isEmpty(kCurrentContext::$is_admin_session) ? kCurrentContext::$is_admin_session : false;
if (!$ksString || !$operatingPartner && kCurrentContext::$ks_partner_id != Partner::BATCH_PARTNER_ID) {
$roleId = UserRolePeer::getIdByStrId(UserRoleId::NO_SESSION_ROLE);
if ($roleId) {
return array($roleId);
}
return null;
}
$ks = ks::fromSecureString($ksString);
$ksSetRoleId = $ks->getSetRole();
if ($ksSetRoleId) {
if ($ksSetRoleId == 'null') {
return null;
}
$ksPartnerId = !self::isEmpty(kCurrentContext::$ks_partner_id) ? kCurrentContext::$ks_partner_id : null;
//check if role exists
$c = new Criteria();
$c->addAnd(is_numeric($ksSetRoleId) ? UserRolePeer::ID : UserRolePeer::SYSTEM_NAME, $ksSetRoleId, Criteria::EQUAL);
$partnerIds = array_map('strval', array($ksPartnerId, PartnerPeer::GLOBAL_PARTNER));
$c->addAnd(UserRolePeer::PARTNER_ID, $partnerIds, Criteria::IN);
$roleId = UserRolePeer::doSelectOne($c);
if ($roleId) {
$roleIds = $roleId->getId();
} else {
KalturaLog::debug("Role id [{$ksSetRoleId}] does not exists");
throw new kCoreException("Unknown role Id [{$ksSetRoleId}]", kCoreException::ID_NOT_FOUND);
}
}
// if user is defined -> get his role IDs
if (!$roleIds && $kuser) {
$roleIds = $kuser->getRoleIds();
}
// if user has no defined roles or no user is defined -> get default role IDs according to session type (admin/not)
if (!$roleIds) {
if (!$operatingPartner) {
// use system default roles
if ($ks->isWidgetSession()) {
$strId = UserRoleId::WIDGET_SESSION_ROLE;
} elseif ($isAdminSession) {
$strId = UserRoleId::PARTNER_ADMIN_ROLE;
} else {
$strId = UserRoleId::BASE_USER_SESSION_ROLE;
}
$roleIds = UserRolePeer::getIdByStrId($strId);
} else {
if ($ks->isWidgetSession()) {
//there is only one partner widget role defined in the system
$roleIds = $operatingPartner->getWidgetSessionRoleId();
} elseif ($isAdminSession) {
// there is only one partner admin role defined in the system
$roleIds = $operatingPartner->getAdminSessionRoleId();
} else {
// a partner may have special defined user session roles - get them from partner object
$roleIds = $operatingPartner->getUserSessionRoleId();
}
}
}
if ($roleIds) {
$roleIds = explode(',', trim($roleIds, ','));
}
return $roleIds;
}
public static function validatePrivileges($privileges, $partnerId)
{
// break all privileges to their pairs - this is to support same "multi-priv" method expected for
// edit privilege (edit:XXX,edit:YYY,...)
$allPrivileges = explode(',', $privileges);
// foreach pair - check privileges on playlist
foreach ($allPrivileges as $priv) {
// extract playlist ID from pair
$exPrivileges = explode(':', $priv);
//validate setRole
if ($exPrivileges[0] == self::PRIVILEGE_SET_ROLE) {
$c = new Criteria();
$c->addAnd(is_numeric($exPrivileges[1]) ? UserRolePeer::ID : UserRolePeer::SYSTEM_NAME, $exPrivileges[1], Criteria::EQUAL);
$c->addAnd(UserRolePeer::PARTNER_ID, array($partnerId, PartnerPeer::GLOBAL_PARTNER), Criteria::IN);
$roleId = UserRolePeer::doSelectOne($c);
if ($roleId) {
$roleIds = $roleId->getId();
} else {
KalturaLog::debug("Role id [{$exPrivileges['1']}] does not exists");
throw new kCoreException(kCoreException::INTERNAL_SERVER_ERROR, APIErrors::UNKNOWN_ROLE_ID, $exPrivileges[1]);
}
}
}
}
private static function initRoleIds()
{
$roleIds = null;
if (!self::$operatingPartner || !self::$ksString) {
// no partner or session -> no role
$roleIds = null;
} else {
$ks = ks::fromSecureString(self::$ksString);
$ksSetRoleId = $ks->getSetRole();
if ($ksSetRoleId) {
//check if role exists
$c = new Criteria();
$c->addAnd(is_numeric($ksSetRoleId) ? UserRolePeer::ID : UserRolePeer::SYSTEM_NAME, $ksSetRoleId, Criteria::EQUAL);
$c->addAnd(UserRolePeer::PARTNER_ID, array(self::$ksPartnerId, PartnerPeer::GLOBAL_PARTNER), Criteria::IN);
$roleId = UserRolePeer::doSelectOne($c);
if ($roleId) {
$roleIds = $roleId->getId();
} else {
KalturaLog::debug("Role id [{$ksSetRoleId}] does not exists");
throw new KalturaAPIException(APIErrors::UNKNOWN_ROLE_ID, $ksSetRoleId);
}
}
// if user is defined -> get his role IDs
if (!$roleIds && self::$kuser) {
$roleIds = self::$kuser->getRoleIds();
}
// if user has no defined roles or no user is defined -> get default role IDs according to session type (admin/not)
if (!$roleIds) {
if ($ks->isWidgetSession()) {
//there is only one partner widget role defined in the system
$roleIds = self::$operatingPartner->getWidgetSessionRoleId();
} elseif (self::$adminSession) {
// there is only one partner admin role defined in the system
$roleIds = self::$operatingPartner->getAdminSessionRoleId();
} else {
// a partner may have special defined user session roles - get them from partner object
$roleIds = self::$operatingPartner->getUserSessionRoleId();
}
}
if ($roleIds) {
$roleIds = explode(',', trim($roleIds, ','));
}
}
self::$roleIds = $roleIds;
}
