public function loadPermissionDurationObject($pdID) { if ($pdID > 0) { $pd = PermissionDuration::getByID($pdID); $this->duration = $pd; } }
public function getAllTimedAssignmentsForPage() { $db = Loader::db(); $assignments = array(); $r = $db->Execute('select peID, pkID, pdID from PagePermissionAssignments ppa inner join PermissionAccessList pal on ppa.paID = pal.paID where pdID > 0 and cID = ?', array($this->object->getCollectionID())); while ($row = $r->FetchRow()) { $pk = PagePermissionKey::getByID($row['pkID']); $pae = PermissionAccessEntity::getByID($row['peID']); $pd = PermissionDuration::getByID($row['pdID']); $ppc = new PageContentPermissionTimedAssignment(); $ppc->setDurationObject($pd); $ppc->setAccessEntityObject($pae); $ppc->setPermissionKeyObject($pk); $assignments[] = $ppc; } $r = $db->Execute('select arHandle from Areas where cID = ? and arOverrideCollectionPermissions = 1', array($this->object->getCollectionID())); while ($row = $r->FetchRow()) { $r2 = $db->Execute('select peID, pdID, pkID from AreaPermissionAssignments apa inner join PermissionAccessList pal on apa.paID = pal.paID where pdID > 0 and cID = ? and arHandle = ?', array($this->object->getCollectionID(), $row['arHandle'])); while ($row2 = $r2->FetchRow()) { $pk = AreaPermissionKey::getByID($row2['pkID']); $pae = PermissionAccessEntity::getByID($row2['peID']); $area = Area::get($this->getPermissionObject(), $row['arHandle']); $pk->setPermissionObject($area); $pd = PermissionDuration::getByID($row2['pdID']); $ppc = new PageContentPermissionTimedAssignment(); $ppc->setDurationObject($pd); $ppc->setAccessEntityObject($pae); $ppc->setPermissionKeyObject($pk); $assignments[] = $ppc; } } $r = $db->Execute('select peID, cvb.cvID, cvb.bID, pdID, pkID from BlockPermissionAssignments bpa inner join PermissionAccessList pal on bpa.paID = pal.paID inner join CollectionVersionBlocks cvb on cvb.cID = bpa.cID and cvb.cvID = bpa.cvID and cvb.bID = bpa.bID where pdID > 0 and cvb.cID = ? and cvb.cvID = ? and cvb.cbOverrideAreaPermissions = 1', array($this->object->getCollectionID(), $this->object->getVersionID())); while ($row = $r->FetchRow()) { $pk = BlockPermissionKey::getByID($row['pkID']); $pae = PermissionAccessEntity::getByID($row['peID']); $arHandle = $db->GetOne('select arHandle from CollectionVersionBlocks where bID = ? and cvID = ? and cID = ?', array($row['bID'], $row['cvID'], $this->object->getCollectionID())); $b = Block::getByID($row['bID'], $this->object, $arHandle); $pk->setPermissionObject($b); $pd = PermissionDuration::getByID($row['pdID']); $ppc = new PageContentPermissionTimedAssignment(); $ppc->setDurationObject($pd); $ppc->setAccessEntityObject($pae); $ppc->setPermissionKeyObject($pk); $assignments[] = $ppc; } return $assignments; }
<?php defined('C5_EXECUTE') or die("Access Denied."); $p = new Permissions(); if ($p->canAccessTaskPermissions()) { if ($_REQUEST['task'] == 'add_access_entity' && Loader::helper("validation/token")->validate('add_access_entity')) { $pk = PermissionKey::getByID($_REQUEST['pkID']); $pa = PermissionAccess::getByID($_REQUEST['paID'], $pk); $pe = PermissionAccessEntity::getByID($_REQUEST['peID']); $pd = PermissionDuration::getByID($_REQUEST['pdID']); $pa->addListITem($pe, $pd, $_REQUEST['accessType']); } if ($_REQUEST['task'] == 'remove_access_entity' && Loader::helper("validation/token")->validate('remove_access_entity')) { $pk = PermissionKey::getByID($_REQUEST['pkID']); $pa = PermissionAccess::getByID($_REQUEST['paID'], $pk); $pe = PermissionAccessEntity::getByID($_REQUEST['peID']); $pa->removeListItem($pe); } if ($_REQUEST['task'] == 'save_permission' && Loader::helper("validation/token")->validate('save_permission')) { $pk = PermissionKey::getByID($_REQUEST['pkID']); $pa = PermissionAccess::getByID($_REQUEST['paID'], $pk); $pa->save($_POST); } if ($_REQUEST['task'] == 'display_access_cell' && Loader::helper("validation/token")->validate('display_access_cell')) { $pk = PermissionKey::getByID($_REQUEST['pkID']); $pa = PermissionAccess::getByID($_REQUEST['paID'], $pk); Loader::element('permission/labels', array('pk' => $pk, 'pa' => $pa)); } }
public static function translateFromRequest() { $dt = Loader::helper('form/date_time'); $dateStart = $dt->translate('pdStartDate'); $dateEnd = $dt->translate('pdEndDate'); if ($dateStart || $dateEnd) { // create a PermissionDuration object if ($_REQUEST['pdID']) { $pd = PermissionDuration::getByID($_REQUEST['pdID']); } else { $pd = new PermissionDuration(); } if ($_REQUEST['pdStartDateAllDayActivate']) { $pd->setStartDateAllDay(1); $dateStart = date('Y-m-d 00:00:00', strtotime($dateStart)); } else { $pd->setStartDateAllDay(0); } if ($_REQUEST['pdEndDateAllDayActivate']) { $pd->setEndDateAllDay(1); $dateEnd = date('Y-m-d 23:59:59', strtotime($dateEnd)); } else { $pd->setEndDateAllDay(0); } $pd->setStartDate($dateStart); $pd->setEndDate($dateEnd); if ($_POST['pdRepeatPeriod'] && $_POST['pdRepeat']) { $pd->setRepeatPeriod($_POST['pdRepeatPeriod']); if ($_POST['pdRepeatPeriod'] == 'daily') { $pd->setRepeatEveryNum($_POST['pdRepeatPeriodDaysEvery']); } else { if ($_POST['pdRepeatPeriod'] == 'weekly') { $pd->setRepeatEveryNum($_POST['pdRepeatPeriodWeeksEvery']); $pd->setRepeatPeriodWeekDays($_POST['pdRepeatPeriodWeeksDays']); } else { if ($_POST['pdRepeatPeriod'] == 'monthly') { $pd->setRepeatMonthBy($_POST['pdRepeatPeriodMonthsRepeatBy']); $pd->setRepeatEveryNum($_POST['pdRepeatPeriodMonthsEvery']); } } } $pd->setRepeatPeriodEnd($dt->translate('pdEndRepeatDateSpecific')); } else { $pd->setRepeatPeriod(false); } $pd->save(); } else { unset($pd); } return $pd; }
protected function setupFilePermissions() { $u = new User(); if ($this->permissionLevel == false || $u->isSuperUser()) { return false; } $accessEntities = $u->getUserAccessEntityObjects(); foreach ($accessEntities as $pae) { $peIDs[] = $pae->getAccessEntityID(); } $db = Loader::db(); // figure out which sets can read files in, not read files in, and read only my files in. $fsIDs = $db->GetCol('select fsID from FileSets where fsOverrideGlobalPermissions = 1'); $viewableSets = array(-1); $nonviewableSets = array(-1); $myviewableSets = array(-1); $owpae = FileUploaderPermissionAccessEntity::getOrCreate(); if (count($fsIDs) > 0) { $pk = PermissionKey::getByHandle($this->permissionLevel); foreach ($fsIDs as $fsID) { $fs = FileSet::getByID($fsID); $pk->setPermissionObject($fs); $list = $pk->getAccessListItems(PermissionKey::ACCESS_TYPE_ALL, $accessEntities); $list = PermissionDuration::filterByActive($list); if (count($list) > 0) { foreach ($list as $l) { $pae = $l->getAccessEntityObject(); if ($pae->getAccessEntityID() == $owpae->getAccessEntityID()) { $myviewableSets[] = $fs->getFileSetID(); } else { if ($l->getAccessType() == PermissionKey::ACCESS_TYPE_INCLUDE) { $viewableSets[] = $fs->getFileSetID(); } if ($l->getAccessType() == PermissionKey::ACCESS_TYPE_EXCLUDE) { $nonviewableSets[] = $fs->getFileSetID(); } } } } else { $nonviewableSets[] = $fs->getFileSetID(); } } } $fs = FileSet::getGlobal(); $fk = PermissionKey::getByHandle('search_file_set'); $fk->setPermissionObject($fs); $accessEntities[] = $owpae; $list = $fk->getAccessListItems(PermissionKey::ACCESS_TYPE_ALL, $accessEntities); $list = PermissionDuration::filterByActive($list); foreach ($list as $l) { $pae = $l->getAccessEntityObject(); if ($pae->getAccessEntityID() == $owpae->getAccessEntityID()) { $valid = 'mine'; } else { if ($l->getAccessType() == PermissionKey::ACCESS_TYPE_INCLUDE) { $valid = PermissionKey::ACCESS_TYPE_INCLUDE; } if ($l->getAccessType() == PermissionKey::ACCESS_TYPE_EXCLUDE) { $valid = PermissionKey::ACCESS_TYPE_EXCLUDE; } } } $uID = $u->isRegistered() ? $u->getUserID() : 0; // This excludes all files found in sets where I may only read mine, and I did not upload the file $this->filter(false, '(f.uID = ' . $uID . ' or (select count(fID) from FileSetFiles where FileSetFiles.fID = f.fID and fsID in (' . implode(',', $myviewableSets) . ')) = 0)'); if ($valid == 'mine') { // this means that we're only allowed to read files we've uploaded (unless, of course, those files are in previously covered sets) $this->filter(false, '(f.uID = ' . $uID . ' or (select count(fID) from FileSetFiles where FileSetFiles.fID = f.fID and fsID in (' . implode(',', $viewableSets) . ')) > 0)'); } // this excludes all file that are found in sets that I can't find $this->filter(false, '((select count(fID) from FileSetFiles where FileSetFiles.fID = f.fID and fsID in (' . implode(',', $nonviewableSets) . ')) = 0)'); $uID = $u->isRegistered() ? $u->getUserID() : 0; // This excludes all files found in sets where I may only read mine, and I did not upload the file $this->filter(false, '(f.uID = ' . $uID . ' or (select count(fID) from FileSetFiles where FileSetFiles.fID = f.fID and fsID in (' . implode(',', $myviewableSets) . ')) = 0)'); $db = Loader::db(); $vpvPKID = $db->GetOne('select pkID from PermissionKeys where pkHandle = \'view_file\''); if ($this->permissionLevel == 'search_file_set') { $vpPKID = $db->GetOne('select pkID from PermissionKeys where pkHandle = \'view_file_in_file_manager\''); } else { $vpPKID = $vpvPKID; } $pdIDs = $db->GetCol("select distinct pdID from FilePermissionAssignments fpa inner join PermissionAccessList pal on fpa.paID = pal.paID where pkID in (?, ?) and pdID > 0", array($vpPKID, $vpvPKID)); $activePDIDs = array(); if (count($pdIDs) > 0) { // then we iterate through all of them and find any that are active RIGHT NOW foreach ($pdIDs as $pdID) { $pd = PermissionDuration::getByID($pdID); if ($pd->isActive()) { $activePDIDs[] = $pd->getPermissionDurationID(); } } } $activePDIDs[] = 0; // exclude files where its overridden but I don't have the ability to read $this->filter(false, "(f.fOverrideSetPermissions = 0 or (select count(fID) from FilePermissionAssignments fpa inner join PermissionAccessList fpal on fpa.paID = fpal.paID where fpa.fID = f.fID and fpal.accessType = " . PermissionKey::ACCESS_TYPE_INCLUDE . " and fpal.pdID in (" . implode(',', $activePDIDs) . ") and fpal.peID in (" . implode(',', $peIDs) . ") and (if(fpal.peID = " . $owpae->getAccessEntityID() . " and f.uID <> " . $uID . ", false, true)) and (fpa.pkID = " . $vpPKID . ")) > 0)"); // exclude detail files where read is excluded $this->filter(false, "f.fID not in (select ff.fID from Files ff inner join FilePermissionAssignments fpaExclude on ff.fID = fpaExclude.fID inner join PermissionAccessList palExclude on fpaExclude.paID = palExclude.paID where fOverrideSetPermissions = 1 and palExclude.accessType = " . PermissionKey::ACCESS_TYPE_EXCLUDE . " and palExclude.pdID in (" . implode(',', $activePDIDs) . ")\n\t\t\tand palExclude.peID in (" . implode(',', $peIDs) . ") and fpaExclude.pkID in (" . $vpPKID . "," . $vpvPKID . "))"); }
/** * Sets up a list to only return items the proper user can access */ public function setupPermissions() { $u = new User(); if ($u->isSuperUser() || $this->ignorePermissions) { return; // super user always sees everything. no need to limit } $accessEntities = $u->getUserAccessEntityObjects(); foreach ($accessEntities as $pae) { $peIDs[] = $pae->getAccessEntityID(); } $owpae = PageOwnerPermissionAccessEntity::getOrCreate(); // now we retrieve a list of permission duration object IDs that are attached view_page or view_page_version // against any of these access entity objects. We just get'em all. $db = Loader::db(); $activePDIDs = array(); $vpPKID = $db->GetOne('select pkID from PermissionKeys where pkHandle = \'view_page\''); $vpvPKID = $db->GetOne('select pkID from PermissionKeys where pkHandle = \'view_page_versions\''); $pdIDs = $db->GetCol("select distinct pdID from PagePermissionAssignments ppa inner join PermissionAccessList pa on ppa.paID = pa.paID where pkID in (?, ?) and pdID > 0", array($vpPKID, $vpvPKID)); if (count($pdIDs) > 0) { // then we iterate through all of them and find any that are active RIGHT NOW foreach ($pdIDs as $pdID) { $pd = PermissionDuration::getByID($pdID); if ($pd->isActive()) { $activePDIDs[] = $pd->getPermissionDurationID(); } } } $activePDIDs[] = 0; if ($this->includeAliases) { $cInheritPermissionsFromCID = 'if(p2.cID is null, p1.cInheritPermissionsFromCID, p2.cInheritPermissionsFromCID)'; } else { $cInheritPermissionsFromCID = 'p1.cInheritPermissionsFromCID'; } if ($this->displayOnlyApprovedPages) { $cvIsApproved = ' and cv.cvIsApproved = 1'; } $uID = 0; if ($u->isRegistered()) { $uID = $u->getUserID(); } $this->filter(false, "((select count(cID) from PagePermissionAssignments ppa1 inner join PermissionAccessList pa1 on ppa1.paID = pa1.paID where ppa1.cID = {$cInheritPermissionsFromCID} and pa1.accessType = " . PermissionKey::ACCESS_TYPE_INCLUDE . " and pa1.pdID in (" . implode(',', $activePDIDs) . ")\n\t\t\tand pa1.peID in (" . implode(',', $peIDs) . ") and (if(pa1.peID = " . $owpae->getAccessEntityID() . " and p1.uID <>" . $uID . ", false, true)) and (ppa1.pkID = " . $vpPKID . $cvIsApproved . " or ppa1.pkID = " . $vpvPKID . ")) > 0\n\t\t\tor (p1.cPointerExternalLink !='' AND p1.cPointerExternalLink IS NOT NULL))"); $this->filter(false, "((select count(cID) from PagePermissionAssignments ppaExclude inner join PermissionAccessList paExclude on ppaExclude.paID = paExclude.paID where ppaExclude.cID = {$cInheritPermissionsFromCID} and accessType = " . PermissionKey::ACCESS_TYPE_EXCLUDE . " and pdID in (" . implode(',', $activePDIDs) . ")\n\t\t\tand paExclude.peID in (" . implode(',', $peIDs) . ") and (if(paExclude.peID = " . $owpae->getAccessEntityID() . " and p1.uID <>" . $uID . ", false, true)) and (ppaExclude.pkID = " . $vpPKID . $cvIsApproved . " or ppaExclude.pkID = " . $vpvPKID . ")) = 0)"); }