Esempio n. 1
0
 public function assignPermissionAccess(PermissionAccess $pa)
 {
     $db = Loader::db();
     $db->Replace('PagePermissionAssignments', array('cID' => $this->getPermissionObject()->getPermissionsCollectionID(), 'paID' => $pa->getPermissionAccessID(), 'pkID' => $this->pk->getPermissionKeyID()), array('cID', 'pkID'), true);
     $pa->markAsInUse();
     PermissionCache::clearAccessObject($this->pk, $this->getPermissionObject());
 }
Esempio n. 2
0
 public function assignPermissionAccess(PermissionAccess $pa)
 {
     $db = Loader::db();
     $co = $this->permissionObject->getBlockCollectionObject();
     $arHandle = $this->permissionObject->getAreaHandle();
     $db->Replace('BlockPermissionAssignments', array('cID' => $co->getCollectionID(), 'paID' => $pa->getPermissionAccessID(), 'cvID' => $co->getVersionID(), 'bID' => $this->permissionObject->getBlockID(), 'pkID' => $this->pk->getPermissionKeyID()), array('cID', 'cvID', 'bID', 'pkID'), true);
     $pa->markAsInUse();
 }
 public function getAccessEntityUsers(PermissionAccess $pae)
 {
     if ($pae instanceof PagePermissionAccess) {
         $c = $pae->getPermissionObject();
     }
     if (is_object($c) && $c instanceof Page) {
         $pcID = $c->getCollectionParentID() ?: $c->getCollectionID();
         // Check against this page, if no parent set
         $ui = UserInfo::getByID($pcID);
         $users = array($ui);
         return $users;
     }
 }
 public function validate(PermissionAccess $pae)
 {
     if ($pae instanceof FileSetPermissionAccess) {
         return true;
     }
     if ($pae instanceof FilePermissionAccess) {
         $f = $pae->getPermissionObject();
     }
     if (is_object($f)) {
         $u = new User();
         return $u->getUserID() == $f->getUserID();
     }
     return false;
 }
Esempio n. 5
0
	public function getAccessEntityUsers(PermissionAccess $pae) {
		if ($pae instanceof PagePermissionAccess) {
			$c = $pae->getPermissionObject();
		} else if ($pae instanceof AreaPermissionAccess) {
			$c = $pae->getPermissionObject()->getAreaCollectionObject();
		} else if ($pae instanceof BlockPermissionAccess) {
			$a = $pae->getPermissionObject()->getBlockAreaObject();
			$c = $a->getAreaCollectionObject();
		}
		if (is_object($c) && ($c instanceof Page)) {
			$ui = UserInfo::getByID($c->getCollectionUserID());
			$users = array($ui);
			return $users;
		}
	}
Esempio n. 6
0
 public function save($args)
 {
     parent::save();
     $db = Loader::db();
     $db->Execute('delete from ' . $this->dbTableAccessList . ' where paID = ?', array($this->getPermissionAccessID()));
     $db->Execute('delete from ' . $this->dbTableAccessListCustom . ' where paID = ?', array($this->getPermissionAccessID()));
     if (is_array($args['groupsIncluded'])) {
         foreach ($args['groupsIncluded'] as $peID => $permission) {
             $v = array($peID, $this->getPermissionAccessID(), $permission);
             $db->Execute('insert into ' . $this->dbTableAccessList . ' (peID, paID, permission) values (?, ?, ?)', $v);
         }
     }
     if (is_array($args['groupsExcluded'])) {
         foreach ($args['groupsExcluded'] as $peID => $permission) {
             $v = array($peID, $this->getPermissionAccessID(), $permission);
             $db->Execute('insert into ' . $this->dbTableAccessList . ' (peID, paID, permission) values (?, ?, ?)', $v);
         }
     }
     if (is_array($args['gIDInclude'])) {
         foreach ($args['gIDInclude'] as $peID => $gIDs) {
             foreach ($gIDs as $gID) {
                 $v = array($peID, $this->getPermissionAccessID(), $gID);
                 $db->Execute('insert into ' . $this->dbTableAccessListCustom . ' (peID, paID, gID) values (?, ?, ?)', $v);
             }
         }
     }
     if (is_array($args['gIDExclude'])) {
         foreach ($args['gIDExclude'] as $peID => $gIDs) {
             foreach ($gIDs as $gID) {
                 $v = array($peID, $this->getPermissionAccessID(), $gID);
                 $db->Execute('insert into ' . $this->dbTableAccessListCustom . ' (peID, paID, gID) values (?, ?, ?)', $v);
             }
         }
     }
 }
 public function save()
 {
     if (Loader::helper('validation/token')->validate('save_permissions')) {
         $tp = new TaskPermission();
         if ($tp->canAccessTaskPermissions()) {
             $permissions = PermissionKey::getList('sitemap');
             $permissions = array_merge($permissions, PermissionKey::getList('marketplace_newsflow'));
             $permissions = array_merge($permissions, PermissionKey::getList('admin'));
             foreach ($permissions as $pk) {
                 $paID = $_POST['pkID'][$pk->getPermissionKeyID()];
                 $pt = $pk->getPermissionAssignmentObject();
                 $pt->clearPermissionAssignment();
                 if ($paID > 0) {
                     $pa = PermissionAccess::getByID($paID, $pk);
                     if (is_object($pa)) {
                         $pt->assignPermissionAccess($pa);
                     }
                 }
             }
             $this->redirect('/dashboard/system/permissions/tasks', 'updated');
         }
     } else {
         $this->error->add(Loader::helper("validation/token")->getErrorMessage());
     }
 }
 public function save()
 {
     if (Loader::helper('validation/token')->validate('save_permissions')) {
         $fs = FileSet::getGlobal();
         $tp = new TaskPermission();
         if ($tp->canAccessTaskPermissions()) {
             $permissions = PermissionKey::getList('file_set');
             foreach ($permissions as $pk) {
                 $pk->setPermissionObject($fs);
                 $paID = $_POST['pkID'][$pk->getPermissionKeyID()];
                 $pt = $pk->getPermissionAssignmentObject();
                 $pt->clearPermissionAssignment();
                 if ($paID > 0) {
                     $pa = PermissionAccess::getByID($paID, $pk);
                     if (is_object($pa)) {
                         $pt->assignPermissionAccess($pa);
                     }
                 }
             }
             $this->redirect('/dashboard/system/permissions/files', 'updated');
         }
     } else {
         $this->error->add(Loader::helper("validation/token")->getErrorMessage());
     }
 }
Esempio n. 9
0
	public function updateDetails($post) {
		$permissions = PermissionKey::getList('basic_workflow');
		foreach($permissions as $pk) {
			$pk->setPermissionObject($this);
			$pt = $pk->getPermissionAssignmentObject();
			$paID = $post['pkID'][$pk->getPermissionKeyID()];
			$pt->clearPermissionAssignment();
			if ($paID > 0) {
				$pa = PermissionAccess::getByID($paID, $pk);
				if (is_object($pa)) {
					$pt->assignPermissionAccess($pa);
				}			
			}		
		}			
	}
Esempio n. 10
0
 public function copyFromFileSetToFile()
 {
     $db = Loader::db();
     $paID = $this->getPermissionAccessID();
     if (is_array($paID)) {
         // we have to merge the permissions access object into a new one.
         $pa = PermissionAccess::create($this);
         foreach ($paID as $paID) {
             $pax = PermissionAccess::getByID($paID, $this);
             $pax->duplicate($pa);
         }
         $paID = $pa->getPermissionAccessID();
     }
     if ($paID) {
         $db = Loader::db();
         $db->Replace('FilePermissionAssignments', array('fID' => $this->permissionObject->getFileID(), 'pkID' => $this->getPermissionKeyID(), 'paID' => $paID), array('fID', 'paID', 'pkID'), true);
     }
 }
 public function approve(WorkflowProgress $wp)
 {
     $c = Page::getByID($this->getRequestedPageID());
     $ps = $this->getPagePermissionSet();
     $assignments = $ps->getPermissionAssignments();
     foreach ($assignments as $pkID => $paID) {
         $pk = PermissionKey::getByID($pkID);
         $pk->setPermissionObject($c);
         $pt = $pk->getPermissionAssignmentObject();
         $pt->clearPermissionAssignment();
         if ($paID > 0) {
             $pa = PermissionAccess::getByID($paID, $pk);
             if (is_object($pa)) {
                 $pt->assignPermissionAccess($pa);
             }
         }
     }
     $c->refreshCache();
     $wpr = new WorkflowProgressResponse();
     $wpr->setWorkflowProgressResponseURL(BASE_URL . DIR_REL . '/' . DISPATCHER_FILENAME . '?cID=' . $c->getCollectionID());
     return $wpr;
 }
Esempio n. 12
0
 public function run()
 {
     $bt = BlockType::getByHandle('guestbook');
     if (is_object($bt)) {
         $bt->refresh();
     }
     // add user export users task permission
     $pk = PermissionKey::getByHandle('access_user_search_export');
     if (!$pk instanceof PermissionKey) {
         $pk = PermissionKey::add('user', 'access_user_search_export', 'Export Site Users', 'Controls whether a user can export site users or not', false, false);
         $pa = $pk->getPermissionAccessObject();
         if (!is_object($pa)) {
             $pa = PermissionAccess::create($pk);
         }
         $adminGroup = Group::getByID(ADMIN_GROUP_ID);
         //Make sure "Adminstrators" group still exists
         if ($adminGroup) {
             $adminGroupEntity = GroupPermissionAccessEntity::getOrCreate($adminGroup);
             $pa->addListItem($adminGroupEntity);
             $pt = $pk->getPermissionAssignmentObject();
             $pt->assignPermissionAccess($pa);
         }
     }
     if (!Config::get('SECURITY_TOKEN_JOBS')) {
         Config::save('SECURITY_TOKEN_JOBS', Loader::helper('validation/identifier')->getString(64));
     }
     if (!Config::get('SECURITY_TOKEN_ENCRYPTION')) {
         Config::save('SECURITY_TOKEN_ENCRYPTION', Loader::helper('validation/identifier')->getString(64));
     }
     if (!Config::get('SECURITY_TOKEN_VALIDATION')) {
         Config::save('SECURITY_TOKEN_VALIDATION', Loader::helper('validation/identifier')->getString(64));
     }
     $sp = Page::getByPath('/dashboard/system/mail/method/test_settings');
     if (!is_object($sp) || $sp->isError()) {
         $sp = SinglePage::add('/dashboard/system/mail/method/test_settings');
         $sp->update(array('cName' => t('Test Mail Settings')));
         $sp->setAttribute('meta_keywords', 'test smtp, test mail');
     }
 }
Esempio n. 13
0
 public function assignPermissions($userOrGroup, $permissions = array(), $accessType = PagePermissionKey::ACCESS_TYPE_INCLUDE)
 {
     if ($this->cInheritPermissionsFrom != 'OVERRIDE') {
         $this->setPermissionsToManualOverride();
         $this->clearPagePermissions();
     }
     if (is_array($userOrGroup)) {
         $pe = GroupCombinationPermissionAccessEntity::getOrCreate($userOrGroup);
         // group combination
     } else {
         if ($userOrGroup instanceof User || $userOrGroup instanceof UserInfo) {
             $pe = UserPermissionAccessEntity::getOrCreate($userOrGroup);
         } else {
             // group;
             $pe = GroupPermissionAccessEntity::getOrCreate($userOrGroup);
         }
     }
     foreach ($permissions as $pkHandle) {
         $pk = PagePermissionKey::getByHandle($pkHandle);
         $pk->setPermissionObject($this);
         $pa = $pk->getPermissionAccessObject();
         if (!is_object($pa)) {
             $pa = PermissionAccess::create($pk);
         }
         $pa->addListItem($pe, false, $accessType);
         $pt = $pk->getPermissionAssignmentObject();
         $pt->assignPermissionAccess($pa);
         $this->loadPermissionAssignments();
     }
 }
Esempio n. 14
0
            Loader::element('permission/labels', array('pk' => $pk, 'pa' => $pa));
        }
        if ($_REQUEST['task'] == 'save_permission_assignments' && Loader::helper("validation/token")->validate('save_permission_assignments')) {
            $permissions = PermissionKey::getList('file');
            foreach ($permissions as $pk) {
                $paID = $_POST['pkID'][$pk->getPermissionKeyID()];
                $pk->setPermissionObject($f);
                $pt = $pk->getPermissionAssignmentObject();
                $pt->clearPermissionAssignment();
                if ($paID > 0) {
                    $pa = PermissionAccess::getByID($paID, $pk);
                    if (is_object($pa)) {
                        $pt->assignPermissionAccess($pa);
                    }
                }
            }
        }
        if ($_REQUEST['task'] == 'save_workflows' && Loader::helper("validation/token")->validate('save_workflows')) {
            $pk = PermissionKey::getByID($_REQUEST['pkID']);
            $pk->setPermissionObject($f);
            $pa = PermissionAccess::getByID($_REQUEST['paID'], $pk);
            $pk->clearWorkflows();
            foreach ($_POST['wfID'] as $wfID) {
                $wf = Workflow::getByID($wfID);
                if (is_object($wf)) {
                    $pk->attachWorkflow($wf);
                }
            }
        }
    }
}
Esempio n. 15
0
    protected function migrateBlockPermissions()
    {
        if (PERMISSIONS_MODEL == 'simple') {
            return;
        }
        $db = Loader::db();
        $tables = $db->MetaTables();
        if (!in_array('CollectionVersionBlockPermissions', $tables)) {
            return false;
        }
        // permissions
        $permissionMap = array('r' => array(PermissionKey::getByHandle('view_block')), 'wa' => array(PermissionKey::getByHandle('edit_block'), PermissionKey::getByHandle('edit_block_custom_template'), PermissionKey::getByHandle('edit_block_design')), 'db' => array(PermissionKey::getByHandle('delete_block'), PermissionKey::getByHandle('schedule_guest_access'), PermissionKey::getByHandle('edit_block_permissions')));
        $r = $db->Execute('select * from CollectionVersionBlockPermissions order by cID asc');
        while ($row = $r->FetchRow()) {
            $pe = $this->migrateAccessEntity($row);
            if (!$pe) {
                continue;
            }
            $permissions = $this->getPermissionsArray($row['cbgPermissions']);
            $co = Page::getByID($row['cID'], $row['cvID']);
            if (!is_object($co) || $co->isError()) {
                continue;
            }
            $arHandle = $db->GetOne('select arHandle from CollectionVersionBlocks cvb where cvb.cID = ? and 
				cvb.cvID = ? and cvb.bID = ?', array($row['cID'], $row['cvID'], $row['bID']));
            $a = Area::get($co, $arHandle);
            $bo = Block::getByID($row['bID'], $co, $a);
            if (is_object($bo)) {
                foreach ($permissions as $p) {
                    $permissionsToApply = $permissionMap[$p];
                    foreach ($permissionsToApply as $pko) {
                        $pko->setPermissionObject($bo);
                        $pt = $pko->getPermissionAssignmentObject();
                        $pa = $pko->getPermissionAccessObject();
                        if (!is_object($pa)) {
                            $pa = PermissionAccess::create($pko);
                        } else {
                            if ($pa->isPermissionAccessInUse()) {
                                $pa = $pa->duplicate();
                            }
                        }
                        $pa->addListItem($pe, false, BlockPermissionKey::ACCESS_TYPE_INCLUDE);
                        $pt->assignPermissionAccess($pa);
                    }
                }
            }
        }
    }
Esempio n. 16
0
<?php

defined('C5_EXECUTE') or die("Access Denied.");
?>

<?php 
$permissionAccess = $key->getPermissionAssignmentObject()->getPermissionAccessObject();
if (!is_object($permissionAccess)) {
    $permissionAccess = PermissionAccess::create($key);
}
?>
<form id="ccm-permissions-detail-form" onsubmit="return ccm_submitPermissionsDetailForm()" method="post" action="<?php 
echo $key->getPermissionAssignmentObject()->getPermissionKeyToolsURL();
?>
">


	<input type="hidden" name="paID" value="<?php 
echo $permissionAccess->getPermissionAccessID();
?>
" />

	<div id="ccm-tab-content-access-types">
		<?php 
View::element('permission/keys/notify_in_notification_center', array('permissionAccess' => $permissionAccess));
?>

	</div>


	<div class="ccm-dashboard-form-actions-wrapper" style="display:none">
            $pe = PermissionAccessEntity::getByID($_REQUEST['peID']);
            $pa->removeListItem($pe);
        }
        if ($_REQUEST['task'] == 'save_permission' && Loader::helper("validation/token")->validate('save_permission')) {
            $pk = AreaPermissionKey::getByID($_REQUEST['pkID']);
            $pk->setPermissionObject($ax);
            $pa = PermissionAccess::getByID($_REQUEST['paID'], $pk);
            $pa->save($_POST);
        }
        if ($_REQUEST['task'] == 'display_access_cell' && Loader::helper("validation/token")->validate('display_access_cell')) {
            $pk = PermissionKey::getByID($_REQUEST['pkID']);
            $pa = PermissionAccess::getByID($_REQUEST['paID'], $pk);
            Loader::element('permission/labels', array('pk' => $pk, 'pa' => $pa));
        }
        if ($_REQUEST['task'] == 'save_permission_assignments' && Loader::helper("validation/token")->validate('save_permission_assignments')) {
            $permissions = PermissionKey::getList('area');
            foreach ($permissions as $pk) {
                $paID = $_POST['pkID'][$pk->getPermissionKeyID()];
                $pk->setPermissionObject($ax);
                $pt = $pk->getPermissionAssignmentObject();
                $pt->clearPermissionAssignment();
                if ($paID > 0) {
                    $pa = PermissionAccess::getByID($paID, $pk);
                    if (is_object($pa)) {
                        $pt->assignPermissionAccess($pa);
                    }
                }
            }
        }
    }
}
Esempio n. 18
0
	public function file_sets_edit(){
		extract($this->getHelperObjects());
		Loader::model('file_set');
		//do my editing
		if (!$validation_token->validate("file_sets_edit")) {			
			$this->set('error', array($validation_token->getErrorMessage()));
			$this->view();
			return;
		}
		
		if(!$this->post('fsID')){
			$this->set('error', array(t('Invalid ID')));
			$this->view();			
		}

		$file_set = new FileSet();
		$file_set->Load('fsID = ?', $this->post('fsID'));		
		$file_set->fsName = $this->post('file_set_name');
		$copyPermissionsFromBase = false;
		if ($file_set->fsOverrideGlobalPermissions == 0 && $this->post('fsOverrideGlobalPermissions') == 1) {
			// we are checking the checkbox for the first time
			$copyPermissionsFromBase = true;
		}		
		if ($file_set->fsOverrideGlobalPermissions) {
			$permissions = PermissionKey::getList('file_set');
			foreach($permissions as $pk) {
				$pk->setPermissionObject($file_set);
				$pt = $pk->getPermissionAssignmentObject();
				$paID = $_POST['pkID'][$pk->getPermissionKeyID()];
				$pt->clearPermissionAssignment();
				if ($paID > 0) {
					$pa = PermissionAccess::getByID($paID, $pk);
					if (is_object($pa)) {
						$pt->assignPermissionAccess($pa);
					}			
				}		
			}			
		}
		$file_set->fsOverrideGlobalPermissions = ($this->post('fsOverrideGlobalPermissions') == 1) ? 1 : 0;
		$file_set->save();
		
		parse_str($this->post('fsDisplayOrder'));
		$file_set->updateFileSetDisplayOrder($fID);

		if ($file_set->fsOverrideGlobalPermissions == 0) {
			$file_set->resetPermissions();		
		} 		
		if ($copyPermissionsFromBase) {
			$file_set->acquireBaseFileSetPermissions();
		}

		$this->redirect("/dashboard/files/sets", 'view_detail', $this->post('fsID'), 'file_set_updated');
	}
Esempio n. 19
0
 public function getPermissionAccessObject()
 {
     $db = Loader::db();
     $paID = $db->GetOne('select paID from PermissionAssignments where pkID = ?', array($this->pk->getPermissionKeyID()));
     return PermissionAccess::getByID($paID, $this->pk);
 }
Esempio n. 20
0
<? defined('C5_EXECUTE') or die("Access Denied."); ?>

<? 
if ($_REQUEST['paID'] && $_REQUEST['paID'] > 0) { 
	$pa = PermissionAccess::getByID($_REQUEST['paID'], $permissionKey);
	if ($pa->isPermissionAccessInUse()) {
		$pa = $pa->duplicate();
	}
} else { 
	$pa = PermissionAccess::create($permissionKey);
}

?>

<div class="ccm-ui" id="ccm-permission-detail">
<form id="ccm-permissions-detail-form" onsubmit="return ccm_submitPermissionsDetailForm()" method="post" action="<?php 
echo $permissionKey->getPermissionAssignmentObject()->getPermissionKeyToolsURL();
?>
">

<input type="hidden" name="paID" value="<?php 
echo $pa->getPermissionAccessID();
?>
" />

<? $workflows = Workflow::getList();?>

<? Loader::element('permission/message_list'); ?>

<?
$tabs = array();
Esempio n. 21
0
				$pt->clearPermissionAssignment();
				if ($paID > 0) {
					$pa = PermissionAccess::getByID($paID, $pk);
					if (is_object($pa)) {
						$pt->assignPermissionAccess($pa);
					}			
				}
			}
		}

	}
	if ($p->canScheduleGuestAccess()) { 
		if ($_REQUEST['task'] == 'set_timed_guest_access' && Loader::helper("validation/token")->validate('set_timed_guest_access')) {
			if (!$b->overrideAreaPermissions()) {
				$b->doOverrideAreaPermissions();
			}
			$pk = PermissionKey::getByHandle('view_block');
			$pk->setPermissionObject($b);
			$pa = $pk->getPermissionAccessObject();
			if (!is_object($pa)) {
				$pa = PermissionAccess::create($pk);
			}
			$pe = GroupPermissionAccessEntity::getOrCreate(Group::getByID(GUEST_GROUP_ID));
			$pd = PermissionDuration::translateFromRequest();
			$pa->addListItem($pe, $pd, BlockPermissionKey::ACCESS_TYPE_INCLUDE);
			$pt = $pk->getPermissionAssignmentObject();
			$pt->assignPermissionAccess($pa);
		}
	}
}
Esempio n. 22
0
 private function setPermissions()
 {
     /*
      * This only covers permissions in 5.6+ They changed quite massively at
      * that revision. Eventually, this package will have other branches for 
      * earlier versions.
      * 
      * Not everything shown here will work with simple permissions. People 
      * will just be set as able to view or admin, the nuanced stuff about 
      * sub page permissions, etc will not be applied
      * 
      * First off, we need to set up arrays of what people are allowed to do.
      */
     $viewOnly = array('view_page');
     $writePage = array('view_page', 'view_page_versions', 'edit_page_properties', 'edit_page_contents', 'approve_page_versions');
     $adminPage = array('edit_page_speed_settings', 'edit_page_permissions', 'edit_page_theme', 'schedule_page_contents_guest_access', 'edit_page_type', 'delete_page', 'preview_page_as_user', 'delete_page_versions', 'move_or_copy_page', 'edit_page_type');
     // Now to get the the group that we made for boilerplate
     $bpGroup = Group::getByName("Boilerplate Admins");
     // Then the current user, again, could be anyone
     $u = new User();
     $ui = UserInfo::getByID($u->getUserID());
     // and our sample page
     $bpPage = Page::getByPath('/boilerplate-sample');
     if (is_object($bpPage) && is_a($bpPage, "Page")) {
         // by passing in -1, we are saying that all permissions in the array are
         // not allowed
         //
         // After some more digging, it seems like saying can't view doesn't
         // work properly. It will hide the page from everyone. If you simply
         // don't assign any permissions for them at all, then it works properly
         // I don't get why that is, might be a bug.
         //
         //			$bpPage->assignPermissions(Group::getByID(GUEST_GROUP_ID), $viewOnly, -1);
         //			$bpPage->assignPermissions(Group::getByID(REGISTERED_GROUP_ID), $viewOnly, -1);
         $bpPage->assignPermissions(Group::getByID(ADMIN_GROUP_ID), $adminPage);
         $bpPage->assignPermissions(Group::getByID(ADMIN_GROUP_ID), $writePage);
         $bpPage->assignPermissions($bpGroup, $writePage);
         $bpPage->assignPermissions($ui, $writePage);
         // at this point, our page will let people edit, and others can't even view
         // in order to allow sub-pages to be added by our admins, we'll need to get
         // a _bit_ more complicated.
         // this could probbly be cleaned up a little, to be more efficient
         // first get the ctID of the page type we want them to be able to add
         $bpID = CollectionType::getByHandle('boilerplate')->getCollectionTypeID();
         // In order to allow the user to add sub pages, we need to do this
         $bpAdminUserPE = UserPermissionAccessEntity::getOrCreate($ui);
         $entities[] = $bpAdminUserPE;
         // lets them add external links
         $args = array();
         $args['allowExternalLinksIncluded'][$bpAdminUserPE->getAccessEntityID()] = 1;
         // I can't remember why it's "C" or what the other options are...
         $args['pageTypesIncluded'][$bpAdminUserPE->getAccessEntityID()] = 'C';
         // you can repeat this with as many different collection type IDs as you like
         $args['ctIDInclude'][$bpAdminUserPE->getAccessEntityID()][] = $bpID;
         // now to allow it for groups
         $bpAdminPE = GroupPermissionAccessEntity::getOrCreate($bpGroup);
         $entities[] = $bpAdminPE;
         $args['allowExternalLinksIncluded'][$bpAdminPE->getAccessEntityID()] = 1;
         $args['pageTypesIncluded'][$bpAdminPE->getAccessEntityID()] = 'C';
         $args['ctIDInclude'][$bpAdminPE->getAccessEntityID()][] = $bpID;
         // ordinary admins
         $adminPE = GroupPermissionAccessEntity::getOrCreate(Group::getByID(ADMIN_GROUP_ID));
         $entities[] = $adminPE;
         $args['allowExternalLinksIncluded'][$adminPE->getAccessEntityID()] = 1;
         $args['pageTypesIncluded'][$adminPE->getAccessEntityID()] = 'C';
         $args['ctIDInclude'][$adminPE->getAccessEntityID()][] = $bpID;
         // and now some crazy voodoo
         $pk = PagePermissionKey::getByHandle('add_subpage');
         $pk->setPermissionObject($bpPage);
         $pt = $pk->getPermissionAssignmentObject();
         $pa = $pk->getPermissionAccessObject();
         if (!is_object($pa)) {
             $pa = PermissionAccess::create($pk);
         }
         foreach ($entities as $pe) {
             $pa->addListItem($pe, false, PagePermissionKey::ACCESS_TYPE_INCLUDE);
         }
         $pa->save($args);
         $pt->assignPermissionAccess($pa);
         // and now we set it so that sub-pages added under this page
         // inherit the same permissions
         $pkr = new ChangeSubpageDefaultsInheritancePageWorkflowRequest();
         $pkr->setRequestedPage($bpPage);
         // if you pass in 0, they will inherit from page type default
         // permissions in the dashboard. That's what they would do anyway,
         // if you don't do any of this stuff.
         $pkr->setPagePermissionsInheritance(1);
         $pkr->setRequesterUserID($u->getUserID());
         $pkr->trigger();
     }
 }
Esempio n. 23
0
	protected function importPermissions(SimpleXMLElement $sx) {
		if (isset($sx->permissionkeys)) {
			foreach($sx->permissionkeys->permissionkey as $pk) {
				$pkc = PermissionKeyCategory::getByHandle((string) $pk['category']);
				$pkg = ContentImporter::getPackageObject($pk['package']);
				$txt = Loader::helper('text');
				$className = $txt->camelcase($pkc->getPermissionKeyCategoryHandle());
				$c1 = $className . 'PermissionKey';
				$pkx = call_user_func(array($c1, 'import'), $pk);	
				if (isset($pk->access)) {
					foreach($pk->access->children() as $ch) {
						if ($ch->getName() == 'group') {
							$g = Group::getByName($ch['name']);
							if (!is_object($g)) {
								$g = Group::add($g['name'], $g['description']);
							}
							$pae = GroupPermissionAccessEntity::getOrCreate($g);
							$pa = PermissionAccess::create($pkx);
							$pa->addListItem($pae);
							$pt = $pkx->getPermissionAssignmentObject();
							$pt->assignPermissionAccess($pa);
						}
					}
				}
			
			}
		}
	}
Esempio n. 24
0
 public function assignPermissionAccess(PermissionAccess $pa)
 {
     $db = Loader::db();
     $db->Replace('BasicWorkflowPermissionAssignments', array('wfID' => $this->getPermissionObject()->getWorkflowID(), 'paID' => $pa->getPermissionAccessID(), 'pkID' => $this->pk->getPermissionKeyID()), array('wfID', 'pkID'), true);
     $pa->markAsInUse();
 }
Esempio n. 25
0
 public function view()
 {
     if (PERMISSIONS_MODEL != 'simple') {
         return;
     }
     $editAccess = array();
     $home = Page::getByID(1, "RECENT");
     $pk = PermissionKey::getByHandle('view_page');
     $pk->setPermissionObject($home);
     $assignments = $pk->getAccessListItems();
     foreach ($assignments as $asi) {
         $ae = $asi->getAccessEntityObject();
         if ($ae->getAccessEntityTypeHandle() == 'group' && $ae->getGroupObject()->getGroupID() == GUEST_GROUP_ID) {
             $this->set('guestCanRead', true);
         } else {
             if ($ae->getAccessEntityTypeHandle() == 'group' && $ae->getGroupObject()->getGroupID() == REGISTERED_GROUP_ID) {
                 $this->set('registeredCanRead', true);
             }
         }
     }
     Loader::model('search/group');
     $gl = new GroupSearch();
     $gl->filter('gID', REGISTERED_GROUP_ID, '>');
     $gIDs = $gl->get();
     $gArray = array();
     foreach ($gIDs as $gID) {
         $gArray[] = Group::getByID($gID['gID']);
     }
     $pk = PermissionKey::getByHandle('edit_page_contents');
     $pk->setPermissionObject($home);
     $assignments = $pk->getAccessListItems();
     foreach ($assignments as $asi) {
         $ae = $asi->getAccessEntityObject();
         if ($ae->getAccessEntityTypeHandle() == 'group') {
             $editAccess[] = $ae->getGroupObject()->getGroupID();
         }
     }
     $this->set('home', $home);
     $this->set('gArray', $gArray);
     $this->set('editAccess', $editAccess);
     if ($this->isPost()) {
         if ($this->token->validate('site_permissions_code')) {
             switch ($_POST['view']) {
                 case "ANYONE":
                     $viewObj = GroupPermissionAccessEntity::getOrCreate(Group::getByID(GUEST_GROUP_ID));
                     break;
                 case "USERS":
                     $viewObj = GroupPermissionAccessEntity::getOrCreate(Group::getByID(REGISTERED_GROUP_ID));
                     break;
                 case "PRIVATE":
                     $viewObj = GroupPermissionAccessEntity::getOrCreate(Group::getByID(ADMIN_GROUP_ID));
                     break;
             }
             $pk = PermissionKey::getByHandle('view_page');
             $pk->setPermissionObject($home);
             $pt = $pk->getPermissionAssignmentObject();
             $pt->clearPermissionAssignment();
             $pa = PermissionAccess::create($pk);
             $pa->addListItem($viewObj);
             $pt->assignPermissionAccess($pa);
             $editAccessEntities = array();
             if (is_array($_POST['gID'])) {
                 foreach ($_POST['gID'] as $gID) {
                     $editAccessEntities[] = GroupPermissionAccessEntity::getOrCreate(Group::getByID($gID));
                 }
             }
             $editPermissions = array('view_page_versions', 'edit_page_properties', 'edit_page_contents', 'edit_page_speed_settings', 'edit_page_theme', 'edit_page_type', 'edit_page_permissions', 'delete_page', 'preview_page_as_user', 'schedule_page_contents_guest_access', 'delete_page_versions', 'approve_page_versions', 'add_subpage', 'move_or_copy_page');
             foreach ($editPermissions as $pkHandle) {
                 $pk = PermissionKey::getByHandle($pkHandle);
                 $pk->setPermissionObject($home);
                 $pt = $pk->getPermissionAssignmentObject();
                 $pt->clearPermissionAssignment();
                 $pa = PermissionAccess::create($pk);
                 foreach ($editAccessEntities as $editObj) {
                     $pa->addListItem($editObj);
                 }
                 $pt->assignPermissionAccess($pa);
             }
             $pkx = PermissionKey::getbyHandle('add_block');
             $pt = $pkx->getPermissionAssignmentObject();
             $pt->clearPermissionAssignment();
             $pa = PermissionAccess::create($pkx);
             foreach ($editAccessEntities as $editObj) {
                 $pa->addListItem($editObj);
             }
             $pt->assignPermissionAccess($pa);
             $pkx = PermissionKey::getbyHandle('add_stack');
             $pt = $pkx->getPermissionAssignmentObject();
             $pt->clearPermissionAssignment();
             $pa = PermissionAccess::create($pkx);
             foreach ($editAccessEntities as $editObj) {
                 $pa->addListItem($editObj);
             }
             $pt->assignPermissionAccess($pa);
             Cache::flush();
             $this->redirect('/dashboard/system/permissions/site/', 'saved');
         } else {
             $this->error->add($this->token->getErrorMessage());
         }
     }
 }
Esempio n. 26
0
         if ($_REQUEST['paReplaceAll'] == 'add') {
             $pk->setPermissionObject($c);
             $pa = $pk->getPermissionAccessObject();
             if (is_object($pa)) {
                 // that means that we have to take the current $pa object, and the new $pa object, and merge them together into
                 // a third object, and try and assign that object
                 $orig = $pa->duplicate();
                 $newpa = PermissionAccess::getByID($newPAID, $pk);
                 $pa = $newpa->duplicate($orig);
             } else {
                 // no current $pa object, which means we assign the new $pa object to this thing
                 $pk->setPermissionObject($c);
                 $pa = PermissionAccess::getByID($newPAID, $pk);
             }
         } else {
             $pa = PermissionAccess::getByID($newPAID, $pk);
         }
         $pkr = new ChangePagePermissionsPageWorkflowRequest();
         $pkr->setRequestedPage($c);
         $ps = new PermissionSet();
         $ps->setPermissionKeyCategory('page');
         $ps->addPermissionAssignment($pk->getPermissionKeyID(), $pa->getPermissionAccessID());
         $pkr->setPagePermissionSet($ps);
         $pkr->setRequesterUserID($u->getUserID());
         $u->unloadCollectionEdit($c);
         $response = $pkr->trigger();
         if (!$response instanceof \Concrete\Core\Workflow\Progress\Response) {
             $deferred = true;
         }
     }
 }
Esempio n. 27
0
 public function assignPermissions($userOrGroup, $permissions = array(), $accessType = FileSetPermissionKey::ACCESS_TYPE_INCLUDE)
 {
     $db = Loader::db();
     if ($this->fsID > 0) {
         $db->Execute("update FileSets set fsOverrideGlobalPermissions = 1 where fsID = ?", array($this->fsID));
         $this->fsOverrideGlobalPermissions = true;
     }
     if (is_array($userOrGroup)) {
         $pe = GroupCombinationPermissionAccessEntity::getOrCreate($userOrGroup);
         // group combination
     } else {
         if ($userOrGroup instanceof User || $userOrGroup instanceof UserInfo) {
             $pe = UserPermissionAccessEntity::getOrCreate($userOrGroup);
         } else {
             // group;
             $pe = GroupPermissionAccessEntity::getOrCreate($userOrGroup);
         }
     }
     foreach ($permissions as $pkHandle) {
         $pk = PermissionKey::getByHandle($pkHandle);
         $pk->setPermissionObject($this);
         $pa = $pk->getPermissionAccessObject();
         if (!is_object($pa)) {
             $pa = PermissionAccess::create($pk);
         } else {
             if ($pa->isPermissionAccessInUse()) {
                 $pa = $pa->duplicate();
             }
         }
         $pa->addListItem($pe, false, $accessType);
         $pt = $pk->getPermissionAssignmentObject();
         $pt->assignPermissionAccess($pa);
     }
 }
Esempio n. 28
0
	public static function create(PermissionKey $pk) {
		$db = Loader::db();
		$db->Execute('insert into PermissionAccess (paIsInUse) values (0)');
		return PermissionAccess::getByID($db->Insert_ID(), $pk);
	}
Esempio n. 29
0
 public function assignPermissionAccess(PermissionAccess $pa)
 {
     $db = Loader::db();
     $db->Replace('AreaPermissionAssignments', array('cID' => $this->getPermissionObject()->getCollectionID(), 'arHandle' => $this->getPermissionObject()->getAreaHandle(), 'paID' => $pa->getPermissionAccessID(), 'pkID' => $this->pk->getPermissionKeyID()), array('cID', 'arHandle', 'pkID'), true);
     $pa->markAsInUse();
 }