protected function setGeoBlocking(accessControl $accessControl)
{
$rules = $accessControl->getRulesArray();
foreach ($rules as $rule) {
$hasBlockAction = false;
/* @var $rule kRule */
foreach ($rule->getActions() as $action) {
/* @var $action kAccessControlAction */
if ($action->getType() == accessControlActionType::BLOCK) {
$hasBlockAction = true;
break;
}
}
if (!$hasBlockAction) {
continue;
}
foreach ($rule->getConditions() as $condition) {
if ($condition instanceof kCountryCondition) {
/* @var $condition kCountryCondition */
$this->accessControlGeoBlockingCountryList = implode(',', $condition->getStringValues());
if ($condition->getNot() === true) {
$this->accessControlGeoBlockingOperation = 'allow';
} else {
$this->accessControlGeoBlockingOperation = 'deny';
}
break;
}
}
}
}
/**
* @return accessControlScope
*/
public function getAccessControlScope()
{
if ($this->accessControl === null) {
throw new Exception("No scope because access control is null");
}
return $this->accessControl->getScope();
}
public function getFieldValue(accessControl $accessControl)
{
$scope = $accessControl->getScope();
kApiCache::addExtraField(kApiCache::ECF_COUNTRY, kApiCache::COND_MATCH, $this->getStringValues($scope));
$ip = $scope->getIp();
$ipGeo = kGeoCoderManager::getGeoCoder($this->getGeoCoderType());
return $ipGeo->getCountry($ip);
}
public function getFieldValue(accessControl $accessControl)
{
$scope = $accessControl->getScope();
$metadata = MetadataPeer::retrieveByObject($this->profileId, MetadataObjectType::ENTRY, $scope->getEntryId());
if ($metadata) {
return kMetadataManager::parseMetadataValues($metadata, $this->xPath);
}
return null;
}
private static function createDefaultAccessControl($partnerId, $defaultPolicy)
{
$accessControlProfile = new accessControl();
$accessControlProfile->setDescription('DRM default access control');
$accessControlProfile->setName('drm_default_' . $partnerId);
$accessControlProfile->setPartnerId($partnerId);
$accessControlProfile->setSystemName('drm_default_' . $partnerId);
$ruleDefault = self::addAccessControlRule($defaultPolicy->getId());
$accessControlProfile->setRulesArray(array($ruleDefault));
$accessControlProfile->save();
KalturaLog::debug("Access control profile id:" . $accessControlProfile->getId());
}
protected function internalFulfilled(accessControl $accessControl)
{
$scope = $accessControl->getScope();
$referrer = $scope->getReferrer();
if (!$this->globalWhitelistDomainsAppended && strpos($referrer, "kwidget") === false && kConf::hasParam("global_whitelisted_domains")) {
$ks = $scope->getKs();
if (!$ks || !in_array($ks->partner_id, kConf::get('global_whitelisted_domains_exclude'))) {
$this->globalWhitelistDomainsAppended = true;
$globalWhitelistedDomains = kConf::get("global_whitelisted_domains");
if (!is_array($globalWhitelistedDomains)) {
$globalWhitelistedDomains = explode(',', $globalWhitelistedDomains);
}
foreach ($globalWhitelistedDomains as $globalWhitelistedDomain) {
$this->values[] = new kStringValue($globalWhitelistedDomain);
}
}
}
kApiCache::addExtraField(kApiCache::ECF_REFERRER, kApiCache::COND_SITE_MATCH, $this->getStringValues($scope));
return parent::internalFulfilled($accessControl);
}
/**
* @param accessControl $accessControl
*/
public function __construct(accessControl $accessControl = null)
{
$scope = null;
if ($accessControl) {
$this->accessControl = $accessControl;
$scope = $accessControl->getScope();
}
parent::__construct($scope);
$contexts = array(ContextType::PLAY, ContextType::DOWNLOAD);
$partnerId = $accessControl ? $accessControl->getPartnerId() : kCurrentContext::$ks_partner_id;
$partner = PartnerPeer::retrieveByPK($partnerId);
if ($partner) {
if ($partner->getRestrictThumbnailByKs()) {
$contexts[] = ContextType::THUMBNAIL;
}
if ($partner->getShouldApplyAccessControlOnEntryMetadata()) {
$contexts[] = ContextType::METADATA;
}
}
$this->setContexts($contexts);
}
private static function createDefaultAccessControl($partnerId, $defaultPolicy, $rentalPolicy, $purchasePolicy, $subscriptionPolicy)
{
$accessControlProfile = new accessControl();
$accessControlProfile->setDescription('Play Ready default access control');
$accessControlProfile->setName('play_ready_default_' . $partnerId);
$accessControlProfile->setPartnerId($partnerId);
$accessControlProfile->setSystemName('play_ready_default_' . $partnerId);
$rulePurchase = self::addAccessControlRule('scenario_purchase', $purchasePolicy->getId());
$ruleRental = self::addAccessControlRule('scenario_rental', $rentalPolicy->getId());
$ruleDefault = self::addAccessControlRule('scenario_default', $defaultPolicy->getId());
$ruleSubscription = self::addAccessControlRule('scenario_subscription', $subscriptionPolicy->getId());
$accessControlProfile->setRulesArray(array($rulePurchase, $ruleRental, $ruleDefault, $ruleSubscription));
$accessControlProfile->save();
KalturaLog::debug("Access control profile id:" . $accessControlProfile->getId());
}
protected function internalFulfilled(accessControl $accessControl)
{
$scope = $accessControl->getScope();
if (!$scope->getKs() || !$scope->getKs() instanceof ks) {
return false;
}
if ($scope->getKs()->isAdmin()) {
return true;
}
KalturaLog::debug(print_r($this->privileges, true));
foreach ($this->privileges as $privilege) {
if (is_object($privilege)) {
$privilege = $privilege->getValue();
}
KalturaLog::debug("Checking privilege [{$privilege}] with entry [" . $scope->getEntryId() . "]");
if ($scope->getKs()->verifyPrivileges($privilege, $scope->getEntryId())) {
KalturaLog::debug("Privilege [{$privilege}] verified");
return true;
}
}
KalturaLog::debug("No privilege verified");
return false;
}
/**
* @return bool
*/
public function shouldDisableCache()
{
if (!$this->isInContext()) {
return false;
}
if (!is_array($this->conditions)) {
return true;
}
foreach ($this->conditions as $condition) {
if ($condition->shouldDisableCache($this->accessControl->getScope())) {
return true;
}
}
return false;
}
/**
* Adds an object to the instance pool.
*
* Propel keeps cached copies of objects in an instance pool when they are retrieved
* from the database. In some cases -- especially when you override doSelect*()
* methods in your stub classes -- you may need to explicitly add objects
* to the cache in order to ensure that the same objects are always returned by doSelect*()
* and retrieveByPK*() calls.
*
* @param accessControl $value A accessControl object.
* @param string $key (optional) key to use for instance map (for performance boost if key was already calculated externally).
*/
public static function addInstanceToPool(accessControl $obj, $key = null)
{
if (Propel::isInstancePoolingEnabled()) {
if ($key === null) {
$key = (string) $obj->getId();
}
// if key === null
self::$instances[$key] = $obj;
}
}
/**
* Declares an association between this object and a accessControl object.
*
* @param accessControl $v
* @return entry The current object (for fluent API support)
* @throws PropelException
*/
public function setaccessControl(accessControl $v = null)
{
if ($v === null) {
$this->setAccessControlId(NULL);
} else {
$this->setAccessControlId($v->getId());
}
$this->aaccessControl = $v;
// Add binding for other direction of this n:n relationship.
// If this object has already been added to the accessControl object, it will not be re-added.
if ($v !== null) {
$v->addentry($this);
}
return $this;
}
public function getFieldValue(accessControl $accessControl)
{
$this->field->setScope($accessControl->getScope());
return $this->field->getValue();
}
public function getFieldValue(accessControl $accessControl)
{
$scope = $accessControl->getScope();
kApiCache::addExtraField(kApiCache::ECF_USER_AGENT, kApiCache::COND_REGEX, $this->getStringValues($scope));
return $scope->getUserAgent();
}
/**
* Adds an object to the instance pool.
*
* Propel keeps cached copies of objects in an instance pool when they are retrieved
* from the database. In some cases -- especially when you override doSelect*()
* methods in your stub classes -- you may need to explicitly add objects
* to the cache in order to ensure that the same objects are always returned by doSelect*()
* and retrieveByPK*() calls.
*
* @param accessControl $value A accessControl object.
* @param string $key (optional) key to use for instance map (for performance boost if key was already calculated externally).
*/
public static function addInstanceToPool(accessControl $obj, $key = null)
{
if (Propel::isInstancePoolingEnabled()) {
if ($key === null) {
$key = (string) $obj->getId();
}
if (isset(self::$instances[$key]) || count(self::$instances) < kConf::get('max_num_instances_in_pool')) {
self::$instances[$key] = $obj;
kMemoryManager::registerPeer('accessControlPeer');
}
}
}
public function getFieldValue(accessControl $accessControl)
{
$scope = $accessControl->getScope();
kApiCache::addExtraField(kApiCache::ECF_IP, kApiCache::COND_IP_RANGE, $this->getStringValues($scope));
return $scope->getIp();
}
