/** * Will return a UserRole object with the given $roleName and given $partnerId (or partner 0) * @param string $roleName * @param int $partnerId * @return UserRole */ public static function getByNameAndPartnerId($roleName, $partnerId) { $c = new Criteria(); $c->addAnd(UserRolePeer::PARTNER_ID, array($partnerId, PartnerPeer::GLOBAL_PARTNER), Criteria::IN); $c->addAnd(UserRolePeer::NAME, $roleName, Criteria::EQUAL); UserRolePeer::setUseCriteriaFilter(false); $userRole = UserRolePeer::doSelectOne($c); UserRolePeer::setUseCriteriaFilter(true); return $userRole; }
/** * Updates an existing user role object. * * @action update * @param int $userRoleId The user role's unique identifier * @param KalturaUserRole $userRole The user role's unique identifier * @return KalturaUserRole The updated user role object * * @throws KalturaErrors::INVALID_OBJECT_ID * @throws KalturaErrors::PERMISSION_NOT_FOUND */ public function updateAction($userRoleId, KalturaUserRole $userRole) { /* critera is used here instead of retrieveByPk on purpose! if the current context is assigned to a partner 0 role, then retrieveByPk will return it from cache even though partner 0 is not in the partner group for the current action and context */ $c = new Criteria(); $c->addAnd(UserRolePeer::ID, $userRoleId, Criteria::EQUAL); if ($this->partnerGroup() != myPartnerUtils::ALL_PARTNERS_WILD_CHAR) { $c->addAnd(UserRolePeer::PARTNER_ID, explode(',', $this->partnerGroup()), Criteria::IN); } $dbUserRole = UserRolePeer::doSelectOne($c); if (!$dbUserRole) { throw new KalturaAPIException(KalturaErrors::INVALID_OBJECT_ID, $userRoleId); } // cannot update name to a name that already exists if ($userRole->name && $userRole->name != $dbUserRole->getName()) { if (UserRolePeer::getByNameAndPartnerId($userRole->name, $this->getPartnerId())) { throw new KalturaAPIException(KalturaErrors::ROLE_NAME_ALREADY_EXISTS); } } if (!is_null($userRole->permissionNames) && !$userRole->permissionNames instanceof KalturaNullField) { try { PermissionPeer::checkValidPermissionsForRole($userRole->permissionNames, $this->getPartnerId()); } catch (kPermissionException $e) { $code = $e->getCode(); if ($code == kPermissionException::PERMISSION_NOT_FOUND) { throw new KalturaAPIException(KalturaErrors::PERMISSION_NOT_FOUND, $e->getMessage()); } } } $dbUserRole = $userRole->toUpdatableObject($dbUserRole); $dbUserRole->save(); $userRole = new KalturaUserRole(); $userRole->fromObject($dbUserRole, $this->getResponseProfile()); return $userRole; }
function getNewRole($oldRoleName, $userRoles) { if (!$oldRoleName) { $oldRoleName = 'guest'; } if (!isset($userRoles[$oldRoleName])) { KalturaLog::alert('New role name was not found for old role name [' . $oldRoleName . ']'); return null; } $c = new Criteria(); $c->addAnd(UserRolePeer::PARTNER_ID, ADMIN_CONSOLE_PARTNER_ID, Criteria::EQUAL); $c->addAnd(UserRolePeer::ID, $userRoles[$oldRoleName]->getId(), Criteria::EQUAL); $c->addAnd(UserRolePeer::TAGS, '%admin_console%', Criteria::LIKE); UserRolePeer::clearInstancePool(); UserRolePeer::setUseCriteriaFilter(false); $newRole = UserRolePeer::doSelectOne($c); UserRolePeer::setUseCriteriaFilter(true); if (!$newRole) { KalturaLog::alert('Role with id [' . $userRoles[$oldRoleName]->getId() . '] was not found in DB!'); return null; } return $newRole; }
public static function getRoleIds(Partner $operatingPartner = null, kuser $kuser = null) { $roleIds = null; $ksString = kCurrentContext::$ks; $isAdminSession = !self::isEmpty(kCurrentContext::$is_admin_session) ? kCurrentContext::$is_admin_session : false; if (!$ksString || !$operatingPartner && kCurrentContext::$ks_partner_id != Partner::BATCH_PARTNER_ID) { $roleId = UserRolePeer::getIdByStrId(UserRoleId::NO_SESSION_ROLE); if ($roleId) { return array($roleId); } return null; } $ks = ks::fromSecureString($ksString); $ksSetRoleId = $ks->getSetRole(); if ($ksSetRoleId) { if ($ksSetRoleId == 'null') { return null; } $ksPartnerId = !self::isEmpty(kCurrentContext::$ks_partner_id) ? kCurrentContext::$ks_partner_id : null; //check if role exists $c = new Criteria(); $c->addAnd(is_numeric($ksSetRoleId) ? UserRolePeer::ID : UserRolePeer::SYSTEM_NAME, $ksSetRoleId, Criteria::EQUAL); $partnerIds = array_map('strval', array($ksPartnerId, PartnerPeer::GLOBAL_PARTNER)); $c->addAnd(UserRolePeer::PARTNER_ID, $partnerIds, Criteria::IN); $roleId = UserRolePeer::doSelectOne($c); if ($roleId) { $roleIds = $roleId->getId(); } else { KalturaLog::debug("Role id [{$ksSetRoleId}] does not exists"); throw new kCoreException("Unknown role Id [{$ksSetRoleId}]", kCoreException::ID_NOT_FOUND); } } // if user is defined -> get his role IDs if (!$roleIds && $kuser) { $roleIds = $kuser->getRoleIds(); } // if user has no defined roles or no user is defined -> get default role IDs according to session type (admin/not) if (!$roleIds) { if (!$operatingPartner) { // use system default roles if ($ks->isWidgetSession()) { $strId = UserRoleId::WIDGET_SESSION_ROLE; } elseif ($isAdminSession) { $strId = UserRoleId::PARTNER_ADMIN_ROLE; } else { $strId = UserRoleId::BASE_USER_SESSION_ROLE; } $roleIds = UserRolePeer::getIdByStrId($strId); } else { if ($ks->isWidgetSession()) { //there is only one partner widget role defined in the system $roleIds = $operatingPartner->getWidgetSessionRoleId(); } elseif ($isAdminSession) { // there is only one partner admin role defined in the system $roleIds = $operatingPartner->getAdminSessionRoleId(); } else { // a partner may have special defined user session roles - get them from partner object $roleIds = $operatingPartner->getUserSessionRoleId(); } } } if ($roleIds) { $roleIds = explode(',', trim($roleIds, ',')); } return $roleIds; }
public static function validatePrivileges($privileges, $partnerId) { // break all privileges to their pairs - this is to support same "multi-priv" method expected for // edit privilege (edit:XXX,edit:YYY,...) $allPrivileges = explode(',', $privileges); // foreach pair - check privileges on playlist foreach ($allPrivileges as $priv) { // extract playlist ID from pair $exPrivileges = explode(':', $priv); //validate setRole if ($exPrivileges[0] == self::PRIVILEGE_SET_ROLE) { $c = new Criteria(); $c->addAnd(is_numeric($exPrivileges[1]) ? UserRolePeer::ID : UserRolePeer::SYSTEM_NAME, $exPrivileges[1], Criteria::EQUAL); $c->addAnd(UserRolePeer::PARTNER_ID, array($partnerId, PartnerPeer::GLOBAL_PARTNER), Criteria::IN); $roleId = UserRolePeer::doSelectOne($c); if ($roleId) { $roleIds = $roleId->getId(); } else { KalturaLog::debug("Role id [{$exPrivileges['1']}] does not exists"); throw new kCoreException(kCoreException::INTERNAL_SERVER_ERROR, APIErrors::UNKNOWN_ROLE_ID, $exPrivileges[1]); } } } }
private static function initRoleIds() { $roleIds = null; if (!self::$operatingPartner || !self::$ksString) { // no partner or session -> no role $roleIds = null; } else { $ks = ks::fromSecureString(self::$ksString); $ksSetRoleId = $ks->getSetRole(); if ($ksSetRoleId) { //check if role exists $c = new Criteria(); $c->addAnd(is_numeric($ksSetRoleId) ? UserRolePeer::ID : UserRolePeer::SYSTEM_NAME, $ksSetRoleId, Criteria::EQUAL); $c->addAnd(UserRolePeer::PARTNER_ID, array(self::$ksPartnerId, PartnerPeer::GLOBAL_PARTNER), Criteria::IN); $roleId = UserRolePeer::doSelectOne($c); if ($roleId) { $roleIds = $roleId->getId(); } else { KalturaLog::debug("Role id [{$ksSetRoleId}] does not exists"); throw new KalturaAPIException(APIErrors::UNKNOWN_ROLE_ID, $ksSetRoleId); } } // if user is defined -> get his role IDs if (!$roleIds && self::$kuser) { $roleIds = self::$kuser->getRoleIds(); } // if user has no defined roles or no user is defined -> get default role IDs according to session type (admin/not) if (!$roleIds) { if ($ks->isWidgetSession()) { //there is only one partner widget role defined in the system $roleIds = self::$operatingPartner->getWidgetSessionRoleId(); } elseif (self::$adminSession) { // there is only one partner admin role defined in the system $roleIds = self::$operatingPartner->getAdminSessionRoleId(); } else { // a partner may have special defined user session roles - get them from partner object $roleIds = self::$operatingPartner->getUserSessionRoleId(); } } if ($roleIds) { $roleIds = explode(',', trim($roleIds, ',')); } } self::$roleIds = $roleIds; }