/**
* Temporary function that will not allow a user to have 0 or more than 1 role.
* @param string $idsString
* @throws kPermissionException::ROLE_ID_MISSING
* @throws kPermissionException::ONLY_ONE_ROLE_PER_USER_ALLOWED
*/
public static function testValidRolesForUser($idsString, $partnerId)
{
if (!$idsString) {
return true;
}
$ids = explode(',', trim($idsString));
if (count($ids) > 1) {
throw new kPermissionException('', kPermissionException::ONLY_ONE_ROLE_PER_USER_ALLOWED);
}
foreach ($ids as $id) {
$userRole = UserRolePeer::retrieveByPK($id);
if (!$userRole || !in_array($userRole->getPartnerId(), array($partnerId, PartnerPeer::GLOBAL_PARTNER))) {
throw new kPermissionException("A user role with ID [{$id}] does not exist", kPermissionException::USER_ROLE_NOT_FOUND);
}
}
return true;
}
/**
* Cleans up the environment after running a test.
*/
protected function tearDown()
{
UserRolePeer::clearInstancePool();
PermissionPeer::clearInstancePool();
PermissionItemPeer::clearInstancePool();
kuserPeer::clearInstancePool();
PartnerPeer::clearInstancePool();
$this->client = null;
UserRolePeer::setUseCriteriaFilter(false);
foreach ($this->addedRoleIds as $id) {
try {
$obj = UserRolePeer::retrieveByPK($id);
if ($obj) {
$obj->delete();
}
} catch (PropelException $e) {
}
}
UserRolePeer::setUseCriteriaFilter(true);
$this->addedRoleIds = array();
parent::tearDown();
}
/**
* Creates a new user role object that is a duplicate of an existing role.
*
* @action clone
* @param int $userRoleId The user role's unique identifier
* @return KalturaUserRole The duplicate user role object
*
* @throws KalturaErrors::INVALID_OBJECT_ID
*/
public function cloneAction($userRoleId)
{
$dbUserRole = UserRolePeer::retrieveByPK($userRoleId);
if (!$dbUserRole || $dbUserRole->getStatus() == UserRoleStatus::DELETED || $dbUserRole->getPartnerId() != PartnerPeer::GLOBAL_PARTNER && $dbUserRole->getPartnerId() != $this->getPartnerId()) {
throw new KalturaAPIException(KalturaErrors::INVALID_OBJECT_ID, $userRoleId);
}
$newDbRole = $dbUserRole->copyToPartner($this->getPartnerId());
$newName = $newDbRole->getName() . ' copy (' . date("D j M o, H:i:s") . ')';
$newDbRole->setName($newName);
$newDbRole->save();
$userRole = new KalturaUserRole();
$userRole->fromObject($newDbRole, $this->getResponseProfile());
return $userRole;
}
/**
* Getter returns the indexed version of the permission names on the role of the kuser separated by commas
* @return string
*/
public function getIndexedPermissionNames()
{
$permissionNamesArray = array();
if ($this->getRoleIds()) {
$roleIds = explode(",", $this->getRoleIds());
foreach ($roleIds as $roleId) {
$role = UserRolePeer::retrieveByPK($roleId);
$permissionNames = $role->getPermissionNames(null, true);
$permissionNames = str_replace("*", self::UNIVERSAL_PERMISSION, $permissionNames);
$permissionNamesArray = array_merge($permissionNamesArray, explode(",", $permissionNames));
}
}
return self::getIndexedFieldValue('kuserPeer::PERMISSION_NAMES', implode(',', $permissionNamesArray), $this->getPartnerId());
}
public function setUserSessionRoleId($roleId)
{
if ($roleId) {
$userRole = UserRolePeer::retrieveByPK($roleId);
if (!$userRole || !in_array($userRole->getPartnerId(), array($this->getId(), PartnerPeer::GLOBAL_PARTNER))) {
throw new kPermissionException("A user role with ID [{$roleId}] does not exist", kPermissionException::USER_ROLE_NOT_FOUND);
}
} else {
$roleId = null;
}
$this->putInCustomData('user_session_role_id', $roleId);
}
private static function getPermissions($roleId)
{
$map = self::initEmptyMap();
// get cache dirty time
$roleCacheDirtyAt = 0;
if (self::$operatingPartner) {
$roleCacheDirtyAt = self::$operatingPartner->getRoleCacheDirtyAt();
}
// get role from cache
$roleCacheKey = self::getRoleIdKey($roleId, self::$operatingPartnerId);
$cacheRole = self::getFromCache($roleCacheKey, $roleCacheDirtyAt);
// compare updatedAt between partner dirty flag and cache
if ($cacheRole) {
return $cacheRole;
// initialization from cache finished
}
// cache is not updated - delete stored value and re-init from DB
$dbRole = null;
if (!is_null($roleId)) {
UserRolePeer::setUseCriteriaFilter(false);
$dbRole = UserRolePeer::retrieveByPK($roleId);
UserRolePeer::setUseCriteriaFilter(true);
if (!$dbRole) {
KalturaLog::alert('User role ID [' . $roleId . '] set for user ID [' . self::$ksUserId . '] of partner [' . self::$operatingPartnerId . '] was not found in the DB');
throw new kPermissionException('User role ID [' . $roleId . '] set for user ID [' . self::$ksUserId . '] of partner [' . self::$operatingPartnerId . '] was not found in the DB', kPermissionException::ROLE_NOT_FOUND);
}
}
$map = self::getPermissionsFromDb($dbRole);
// update cache
$cacheRole = array('updatedAt' => time(), 'mapHash' => md5(serialize($map)));
self::storeInCache($roleCacheKey, $cacheRole, $map);
return $map;
}
function getOrCreateUserSessionRole($partnerId)
{
PartnerPeer::clearInstancePool();
$partner = PartnerPeer::retrieveByPK($partnerId);
$role = null;
$id = $partner->getUserSessionRoleId();
if ($id) {
$role = UserRolePeer::retrieveByPK($id);
}
if (!$role) {
$role = new UserRole();
$role->setPartnerId($partnerId);
$role->setStatus(UserRoleStatus::ACTIVE);
$role->setName('Partner ' . $partnerId . ' user session permission');
$role->setDescription('Partner ' . $partnerId . ' user session permission');
$role->setPermissionNames(PermissionName::USER_SESSION_PERMISSION);
$role->save();
}
return $role;
}
/**
* Checks if the current user has one of the permissions with the given names
* @param array $permissionNamesArray Permission names
* @return true or false
*/
public function hasPermissionOr(array $permissionNamesArray)
{
$roleIds = explode(',', $this->getRoleIds());
foreach ($roleIds as $roleId) {
$userRole = UserRolePeer::retrieveByPK($roleId);
if ($userRole) {
$permissions = explode(',', $userRole->getPermissionNames());
foreach ($permissionNamesArray as $permissionName) {
if (in_array($permissionName, $permissions)) {
return true;
}
}
}
}
return false;
}
