Esempio n. 1
0
 public static function addFilesForProduct(array $files, StoreProduct $product)
 {
     self::removeFilesForProduct($product);
     //add new ones.
     if (!empty($files['dffID'])) {
         foreach ($files['dffID'] as $fileID) {
             if (!empty($fileID) && $fileID > 0) {
                 self::add($product->getProductID(), $fileID);
                 $fileObj = \File::getByID($fileID);
                 $fs = \FileSet::getByName("Digital Downloads");
                 $fs->addFileToSet($fileObj);
                 $fileObj->resetPermissions(1);
                 $pk = \Concrete\Core\Permission\Key\FileKey::getByHandle('view_file');
                 $pk->setPermissionObject($fileObj);
                 $pao = $pk->getPermissionAssignmentObject();
                 $groupEntity = \Concrete\Core\Permission\Access\Entity\GroupEntity::getOrCreate(\Group::getByID(GUEST_GROUP_ID));
                 $pa = $pk->getPermissionAccessObject();
                 if ($pa) {
                     $pa->removeListItem($groupEntity);
                     $pao->assignPermissionAccess($pa);
                 }
             }
         }
     }
 }
 public function assignPermissions($userOrGroup, $permissions = [], $accessType = Key::ACCESS_TYPE_INCLUDE, $cascadeToChildren = true)
 {
     if (!$cascadeToChildren) {
         $this->setChildPermissionsToOverride();
     }
     $this->setPermissionsToOverride();
     if (is_array($userOrGroup)) {
         $pe = GroupCombinationEntity::getOrCreate($userOrGroup);
         // group combination
     } elseif ($userOrGroup instanceof User || $userOrGroup instanceof \Concrete\Core\User\UserInfo || $userOrGroup instanceof \Concrete\Core\User\User) {
         $pe = UserEntity::getOrCreate($userOrGroup);
     } elseif ($userOrGroup instanceof Entity) {
         $pe = $userOrGroup;
     } else {
         // group;
         $pe = GroupEntity::getOrCreate($userOrGroup);
     }
     foreach ($permissions as $pkHandle) {
         $pk = Key::getByHandle($pkHandle);
         $pk->setPermissionObject($this);
         $pa = $pk->getPermissionAccessObject();
         if (!is_object($pa)) {
             $pa = Access::create($pk);
         } elseif ($pa->isPermissionAccessInUse()) {
             $pa = $pa->duplicate();
         }
         $pa->addListItem($pe, false, $accessType);
         $pt = $pk->getPermissionAssignmentObject();
         $pt->assignPermissionAccess($pa);
     }
 }
 /** Executes the job.
  * @throws \Exception Throws an exception in case of errors.
  *
  * @return string Returns a string describing the job result in case of success.
  */
 public function run()
 {
     Cache::disableAll();
     try {
         $instances = array('navigation' => Core::make('helper/navigation'), 'dashboard' => Core::make('helper/concrete/dashboard'), 'view_page' => PermissionKey::getByHandle('view_page'), 'guestGroup' => Group::getByID(GUEST_GROUP_ID), 'now' => new DateTime('now'), 'ak_exclude_sitemapxml' => CollectionAttributeKey::getByHandle('exclude_sitemapxml'), 'ak_sitemap_changefreq' => CollectionAttributeKey::getByHandle('sitemap_changefreq'), 'ak_sitemap_priority' => CollectionAttributeKey::getByHandle('sitemap_priority'));
         $instances['guestGroupAE'] = array(GroupPermissionAccessEntity::getOrCreate($instances['guestGroup']));
         if (\Core::make('multilingual/detector')->isEnabled()) {
             $instances['multilingualSections'] = MultilingualSection::getList();
         } else {
             $instances['multilingualSections'] = array();
         }
         $xml = '<?xml version="1.0" encoding="' . APP_CHARSET . '"?>';
         $xml .= '<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"';
         if ($instances['multilingualSections']) {
             $xml .= ' xmlns:x="http://www.w3.org/1999/xhtml"';
         }
         $xml .= ' />';
         $xmlDoc = new SimpleXMLElement($xml);
         $rs = Database::get()->query('SELECT cID FROM Pages');
         while ($row = $rs->FetchRow()) {
             self::addPage($xmlDoc, intval($row['cID']), $instances);
         }
         $rs->Close();
         $event = new \Symfony\Component\EventDispatcher\GenericEvent();
         $event->setArgument('xmlDoc', $xmlDoc);
         Events::dispatch('on_sitemap_xml_ready', $event);
         $dom = dom_import_simplexml($xmlDoc)->ownerDocument;
         $dom->formatOutput = true;
         $addedPages = count($xmlDoc->url);
         $relName = ltrim(Config::get('concrete.sitemap_xml.file'), '\\/');
         $osName = rtrim(DIR_BASE, '\\/') . '/' . $relName;
         $urlName = rtrim(\Core::getApplicationURL(), '\\/') . '/' . $relName;
         if (!file_exists($osName)) {
             @touch($osName);
         }
         if (!is_writable($osName)) {
             throw new \Exception(t('The file %s is not writable', $osName));
         }
         if (!($hFile = @fopen($osName, 'w'))) {
             throw new \Exception(t('Cannot open file %s', $osName));
         }
         if (!@fwrite($hFile, $dom->saveXML())) {
             throw new \Exception(t('Error writing to file %s', $osName));
         }
         @fflush($hFile);
         @fclose($hFile);
         unset($hFile);
         return t('%1$s file saved (%2$d pages).', sprintf('<a href="%s" target="_blank">%s</a>', $urlName, preg_replace('/^https?:\\/\\//i', '', $urlName)), $addedPages);
     } catch (\Exception $x) {
         if (isset($hFile) && $hFile) {
             @fflush($hFile);
             @ftruncate($hFile, 0);
             @fclose($hFile);
             $hFile = null;
         }
         throw $x;
     }
 }
Esempio n. 4
0
 public function setDefaultPermissions(FileManager $tree)
 {
     $rootNode = $tree->getRootTreeNodeObject();
     $adminGroupEntity = GroupEntity::getOrCreate(Group::getByID(ADMIN_GROUP_ID));
     $pk = CategoryTreeNodeKey::getByHandle('view_category_tree_node');
     $pk->setPermissionObject($rootNode);
     $pa = Access::create($pk);
     $pa->addListItem($adminGroupEntity);
     $pt = $pk->getPermissionAssignmentObject();
     $pt->assignPermissionAccess($pa);
 }
Esempio n. 5
0
 public function getAccessEntity()
 {
     $group = $this->group;
     if (!is_object($group)) {
         $group = Group::getByName($this->group);
         if (!is_object($group)) {
             $group = Group::getByPath($this->group);
         }
     }
     if (is_object($group)) {
         $entity = GroupAccessEntity::getOrCreate($group);
         return $entity;
     }
 }
Esempio n. 6
0
 public static function add($name)
 {
     // copy permissions from the other node.
     $rootNode = TopicCategoryTreeNode::add();
     $treeID = parent::add($rootNode);
     $tree = self::getByID($treeID);
     $tree->setTopicTreeName($name);
     // by default, topic trees are viewable by all
     $guestGroupEntity = GroupPermissionAccessEntity::getOrCreate(UserGroup::getByID(GUEST_GROUP_ID));
     $pk = TopicCategoryTreeNodePermissionKey::getByHandle('view_topic_category_tree_node');
     $pk->setPermissionObject($rootNode);
     $pa = PermissionAccess::create($pk);
     $pa->addListItem($guestGroupEntity);
     $pt = $pk->getPermissionAssignmentObject();
     $pt->assignPermissionAccess($pa);
     return $tree;
 }
 public function import(\SimpleXMLElement $sx)
 {
     if (isset($sx->permissionkeys)) {
         foreach ($sx->permissionkeys->permissionkey as $pk) {
             if (is_object(Key::getByHandle((string) $pk['handle']))) {
                 continue;
             }
             $pkc = Category::getByHandle((string) $pk['category']);
             $c1 = $pkc->getPermissionKeyClass();
             $pkx = call_user_func(array($c1, 'import'), $pk);
             $assignments = array();
             if (isset($pk->access)) {
                 foreach ($pk->access->children() as $ch) {
                     if ($ch->getName() == 'group') {
                         /*
                          * Legacy
                          */
                         $g = Group::getByName($ch['name']);
                         if (!is_object($g)) {
                             $g = Group::add($g['name'], $g['description']);
                         }
                         $pae = GroupEntity::getOrCreate($g);
                         $assignments[] = $pae;
                     }
                     if ($ch->getName() == 'entity') {
                         $type = Type::getByHandle((string) $ch['type']);
                         $class = $type->getAccessEntityTypeClass();
                         if (method_exists($class, 'configureFromImport')) {
                             $pae = $class::configureFromImport($ch);
                             $assignments[] = $pae;
                         }
                     }
                 }
             }
             if (count($assignments)) {
                 $pa = Access::create($pkx);
                 foreach ($assignments as $pae) {
                     $pa->addListItem($pae);
                 }
                 $pt = $pkx->getPermissionAssignmentObject();
                 $pt->assignPermissionAccess($pa);
             }
         }
     }
 }
Esempio n. 8
0
 public function canGuestsViewThisBlock()
 {
     $pk = PermissionKey::getByHandle('view_block');
     $pk->setPermissionObject($this->getPermissionObject());
     $gg = GroupPermissionAccessEntity::getOrCreate(Group::getByID(GUEST_GROUP_ID));
     $accessEntities = array($gg);
     $valid = false;
     $list = $pk->getAccessListItems(PermissionKey::ACCESS_TYPE_ALL, $accessEntities);
     foreach ($list as $l) {
         if ($l->getAccessType() == PermissionKey::ACCESS_TYPE_INCLUDE) {
             $valid = true;
         }
         if ($l->getAccessType() == PermissionKey::ACCESS_TYPE_EXCLUDE) {
             $valid = false;
         }
     }
     return $valid;
 }
 public static function add()
 {
     // copy permissions from the other node.
     $rootNode = ExpressEntryCategory::add();
     $treeID = parent::create($rootNode);
     $tree = self::getByID($treeID);
     $adminGroupEntity = GroupEntity::getOrCreate(ConcreteGroup::getByID(ADMIN_GROUP_ID));
     $permissions = ['view_express_entries', 'add_express_entries', 'edit_express_entries', 'delete_express_entries'];
     foreach ($permissions as $handle) {
         $pk = ExpressTreeNodeKey::getByHandle($handle);
         $pk->setPermissionObject($rootNode);
         $pa = Access::create($pk);
         $pa->addListItem($adminGroupEntity);
         $pt = $pk->getPermissionAssignmentObject();
         $pt->assignPermissionAccess($pa);
     }
     return $tree;
 }
Esempio n. 10
0
 public function save_simple()
 {
     if ($this->validateAction()) {
         $c = $this->page;
         $c->setPermissionsToManualOverride();
         $pk = PermissionKey::getByHandle('view_page');
         $pk->setPermissionObject($c);
         $pt = $pk->getPermissionAssignmentObject();
         $pt->clearPermissionAssignment();
         $pa = Access::create($pk);
         if (is_array($_POST['readGID'])) {
             foreach ($_POST['readGID'] as $gID) {
                 $pa->addListItem(GroupPermissionAccessEntity::getOrCreate(Group::getByID($gID)));
             }
         }
         $pt->assignPermissionAccess($pa);
         $editAccessEntities = array();
         if (is_array($_POST['editGID'])) {
             foreach ($_POST['editGID'] as $gID) {
                 $editAccessEntities[] = GroupPermissionAccessEntity::getOrCreate(Group::getByID($gID));
             }
         }
         $editPermissions = array('view_page_versions', 'edit_page_properties', 'edit_page_contents', 'edit_page_speed_settings', 'edit_page_multilingual_settings', 'edit_page_theme', 'edit_page_page_type', 'edit_page_template', 'edit_page_permissions', 'preview_page_as_user', 'schedule_page_contents_guest_access', 'delete_page', 'delete_page_versions', 'approve_page_versions', 'add_subpage', 'move_or_copy_page');
         foreach ($editPermissions as $pkHandle) {
             $pk = PermissionKey::getByHandle($pkHandle);
             $pk->setPermissionObject($c);
             $pt = $pk->getPermissionAssignmentObject();
             $pt->clearPermissionAssignment();
             $pa = Access::create($pk);
             foreach ($editAccessEntities as $editObj) {
                 $pa->addListItem($editObj);
             }
             $pt->assignPermissionAccess($pa);
         }
         $r = new PageEditResponse();
         $r->setPage($this->page);
         $r->setTitle(t('Page Updated'));
         $r->setMessage(t('Page permissions have been saved.'));
         $r->outputJSON();
     }
 }
 public function set_site_permissions()
 {
     $fs = FileSet::getGlobal();
     $g1 = Group::getByID(GUEST_GROUP_ID);
     $g2 = Group::getByID(REGISTERED_GROUP_ID);
     $g3 = Group::getByID(ADMIN_GROUP_ID);
     $fs->assignPermissions($g1, array('view_file_set_file'));
     $fs->assignPermissions($g3, array('view_file_set_file', 'search_file_set', 'edit_file_set_file_properties', 'edit_file_set_file_contents', 'copy_file_set_files', 'edit_file_set_permissions', 'delete_file_set_files', 'delete_file_set', 'add_file'));
     if (defined('SITE_INSTALL_LOCALE') && SITE_INSTALL_LOCALE != '' && SITE_INSTALL_LOCALE != 'en_US') {
         Config::save('concrete.locale', SITE_INSTALL_LOCALE);
     }
     Config::save('concrete.site', SITE);
     Config::save('concrete.version_installed', APP_VERSION);
     $u = new User();
     $u->saveConfig('NEWSFLOW_LAST_VIEWED', 'FIRSTRUN');
     $home = Page::getByID(1, "RECENT");
     $home->assignPermissions($g1, array('view_page'));
     $home->assignPermissions($g3, array('view_page_versions', 'view_page_in_sitemap', 'preview_page_as_user', 'edit_page_properties', 'edit_page_contents', 'edit_page_speed_settings', 'edit_page_multilingual_settings', 'edit_page_theme', 'edit_page_template', 'edit_page_permissions', 'delete_page', 'delete_page_versions', 'approve_page_versions', 'add_subpage', 'move_or_copy_page', 'schedule_page_contents_guest_access'));
     // login
     $login = Page::getByPath('/login', "RECENT");
     $login->assignPermissions($g1, array('view_page'));
     // register
     $register = Page::getByPath('/register', "RECENT");
     $register->assignPermissions($g1, array('view_page'));
     // dashboard
     $dashboard = Page::getByPath('/dashboard', "RECENT");
     $dashboard->assignPermissions($g3, array('view_page'));
     // drafts
     $drafts = Page::getByPath('/!drafts', "RECENT");
     $drafts->assignPermissions($g1, array('view_page'));
     $drafts->assignPermissions($g3, array('view_page_versions', 'view_page_in_sitemap', 'preview_page_as_user', 'edit_page_properties', 'edit_page_contents', 'edit_page_speed_settings', 'edit_page_theme', 'edit_page_template', 'edit_page_permissions', 'delete_page', 'delete_page_versions', 'approve_page_versions', 'add_subpage', 'move_or_copy_page', 'schedule_page_contents_guest_access'));
     $drafts->assignPermissions(PageOwnerPermissionAccessEntity::getOrCreate(), array('view_page_versions', 'edit_page_properties', 'edit_page_contents', 'edit_page_template', 'delete_page', 'delete_page_versions', 'approve_page_versions'));
     $config = \Core::make('config/database');
     $config->save('concrete.security.token.jobs', Core::make('helper/validation/identifier')->getString(64));
     $config->save('concrete.security.token.encryption', Core::make('helper/validation/identifier')->getString(64));
     $config->save('concrete.security.token.validation', Core::make('helper/validation/identifier')->getString(64));
     // group permissions
     $tree = GroupTree::get();
     $node = $tree->getRootTreeNodeObject();
     $permissions = array('search_users_in_group', 'edit_group', 'assign_group', 'add_sub_group', 'edit_group_permissions');
     $adminGroupEntity = GroupPermissionAccessEntity::getOrCreate($g3);
     foreach ($permissions as $pkHandle) {
         $pk = PermissionKey::getByHandle($pkHandle);
         $pk->setPermissionObject($node);
         $pa = PermissionAccess::create($pk);
         $pa->addListItem($adminGroupEntity);
         $pt = $pk->getPermissionAssignmentObject();
         $pt->assignPermissionAccess($pa);
     }
     // conversation permissions
     $messageAuthorEntity = ConversationMessageAuthorEntity::getOrCreate();
     $guestEntity = GroupPermissionAccessEntity::getOrCreate($g1);
     $registeredEntity = GroupPermissionAccessEntity::getOrCreate($g2);
     $pk = PermissionKey::getByHandle('add_conversation_message');
     $pa = PermissionAccess::create($pk);
     $pa->addListItem($guestEntity);
     $pt = $pk->getPermissionAssignmentObject();
     $pt->assignPermissionAccess($pa);
     $pk = PermissionKey::getByHandle('add_conversation_message_attachments');
     $pa = PermissionAccess::create($pk);
     $pa->addListItem($guestEntity);
     $pt = $pk->getPermissionAssignmentObject();
     $pt->assignPermissionAccess($pa);
     $pk = PermissionKey::getByHandle('edit_conversation_message');
     $pa = PermissionAccess::create($pk);
     $pa->addListItem($messageAuthorEntity);
     $pa->addListItem($adminGroupEntity);
     $pt = $pk->getPermissionAssignmentObject();
     $pt->assignPermissionAccess($pa);
     $pk = PermissionKey::getByHandle('delete_conversation_message');
     $pa = PermissionAccess::create($pk);
     $pa->addListItem($messageAuthorEntity);
     $pa->addListItem($adminGroupEntity);
     $pt = $pk->getPermissionAssignmentObject();
     $pt->assignPermissionAccess($pa);
     $pk = PermissionKey::getByHandle('rate_conversation_message');
     $pa = PermissionAccess::create($pk);
     $pa->addListItem($registeredEntity);
     $pa->addListItem($adminGroupEntity);
     $pt = $pk->getPermissionAssignmentObject();
     $pt->assignPermissionAccess($pa);
     $permissions = array('edit_conversation_permissions', 'flag_conversation_message', 'approve_conversation_message');
     foreach ($permissions as $pkHandle) {
         $pk = PermissionKey::getByHandle($pkHandle);
         $pa = PermissionAccess::create($pk);
         $pa->addListItem($adminGroupEntity);
         $pt = $pk->getPermissionAssignmentObject();
         $pt->assignPermissionAccess($pa);
     }
 }
Esempio n. 12
0
 public function save($data)
 {
     $db = Database::get();
     if ($data['pID']) {
         //if we know the pID, we're updating.
         $pID = $data['pID'];
         //update product details
         $vals = array($data['gID'], $data['pName'], $data['pDesc'], $data['pDetail'], $data['pPrice'], $data['pFeatured'], $data['pQty'], $data['pTaxable'], $data['pfID'], $data['pActive'], $data['pShippable'], $data['pWidth'], $data['pHeight'], $data['pLength'], $data['pWeight'], $data['pID']);
         $db->Execute('UPDATE VividStoreProducts SET gID=?,pName=?,pDesc=?,pDetail=?,pPrice=?,pFeatured=?,pQty=?,pTaxable=?,pfID=?,pActive=?,pShippable=?,pWidth=?,pHeight=?,pLength=?,pWeight=? WHERE pID = ?', $vals);
         //update additional images
         $db->Execute('DELETE FROM VividStoreProductImages WHERE pID = ?', $data['pID']);
         $count = count($data['pifID']);
         if ($count > 0) {
             for ($i = 0; $i < $count; $i++) {
                 $vals = array($data['pID'], $data['pifID'][$i], $data['piSort'][$i]);
                 $db->Execute("INSERT INTO VividStoreProductImages (pID,pifID,piSort) VALUES (?,?,?)", $vals);
             }
         }
         //update user groups
         $db->Execute('DELETE FROM VividStoreProductUserGroups WHERE pID = ?', $data['pID']);
         if (!empty($data['pUserGroups'])) {
             foreach ($data['pUserGroups'] as $gID) {
                 $vals = array($data['pID'], $gID);
                 $db->Execute("INSERT INTO VividStoreProductUserGroups (pID,gID) VALUES (?,?)", $vals);
             }
         }
         //update product groups
         $db->Execute('DELETE FROM VividStoreProductGroups WHERE pID = ?', $data['pID']);
         if (!empty($data['pProductGroups'])) {
             foreach ($data['pProductGroups'] as $gID) {
                 $vals = array($pID, $gID);
                 $db->Execute("INSERT INTO VividStoreProductGroups (pID,gID) VALUES (?,?)", $vals);
             }
         }
         //update option groups
         $db->Execute('DELETE FROM VividStoreProductOptionGroups WHERE pID = ?', $data['pID']);
         $db->Execute('DELETE FROM VividStoreProductOptionItems WHERE pID = ?', $data['pID']);
         $count = count($data['pogSort']);
         $ii = 0;
         //set counter for items
         if ($count > 0) {
             for ($i = 0; $i < $count; $i++) {
                 $vals = array($data['pID'], $data['pogName'][$i], $data['pogSort'][$i]);
                 $db->Execute("INSERT INTO VividStoreProductOptionGroups (pID,pogName,pogSort) VALUES (?,?,?)", $vals);
                 //add option items
                 $pogID = $db->lastInsertId();
                 $itemsInGroup = count($data['optGroup' . $i]);
                 if ($itemsInGroup > 0) {
                     for ($gi = 0; $gi < $itemsInGroup; $gi++, $ii++) {
                         $vals = array($data['pID'], $pogID, $data['poiName'][$ii], $data['poiSort'][$ii]);
                         $db->Execute("INSERT INTO VividStoreProductOptionItems (pID,pogID,poiName,poiSort) VALUES (?,?,?,?)", $vals);
                     }
                 }
             }
         }
     } else {
         //else, we don't know it, so we're adding
         $dt = Core::make('helper/date');
         $now = $dt->getLocalDateTime();
         //add product details
         $vals = array($data['gID'], $data['pName'], $data['pDesc'], $data['pDetail'], $data['pPrice'], $data['pFeatured'], $data['pQty'], $data['pTaxable'], $data['pfID'], $data['pActive'], $data['pShippable'], $data['pWidth'], $data['pHeight'], $data['pLength'], $data['pWeight'], $now);
         $db->Execute("INSERT INTO VividStoreProducts (gID,pName,pDesc,pDetail,pPrice,pFeatured,pQty,pTaxable,pfID,pActive,pShippable,pWidth,pHeight,pLength,pWeight,pDateAdded) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)", $vals);
         //add additional images
         $pID = $db->lastInsertId();
         $count = count($data['pifID']);
         if ($count > 0) {
             for ($i = 0; $i < $count; $i++) {
                 $vals = array($pID, $data['pifID'][$i], $data['piSort'][$i]);
                 $db->Execute("INSERT INTO VividStoreProductImages (pID,pifID,piSort) VALUES (?,?,?)", $vals);
             }
         }
         //insert user groups
         if (!empty($data['pUserGroups'])) {
             foreach ($data['pUserGroups'] as $gID) {
                 $vals = array($pID, $gID);
                 $db->Execute("INSERT INTO VividStoreProductUserGroups (pID,gID) VALUES (?,?)", $vals);
             }
         }
         //insert product groups
         if (!empty($data['pProductGroups'])) {
             foreach ($data['pProductGroups'] as $gID) {
                 $vals = array($pID, $gID);
                 $db->Execute("INSERT INTO VividStoreProductGroups (pID,gID) VALUES (?,?)", $vals);
             }
         }
         //add option groups
         $count = count($data['pogSort']);
         $ii = 0;
         //set counter for items
         if ($count > 0) {
             for ($i = 0; $i < $count; $i++) {
                 $vals = array($pID, $data['pogName'][$i], $data['pogSort'][$i]);
                 $db->Execute("INSERT INTO VividStoreProductOptionGroups (pID,pogName,pogSort) VALUES (?,?,?)", $vals);
                 //add option items
                 $pogID = $db->lastInsertId();
                 $itemsInGroup = count($data['optGroup' . $i]);
                 if ($itemsInGroup > 0) {
                     for ($gi = 0; $gi < $itemsInGroup; $gi++, $ii++) {
                         $vals = array($pID, $pogID, $data['poiName'][$ii], $data['poiSort'][$ii]);
                         $db->Execute("INSERT INTO VividStoreProductOptionItems (pID,pogID,poiName,poiSort) VALUES (?,?,?,?)", $vals);
                     }
                 }
             }
         }
         $product = Product::getByID($pID);
         $product->generatePage($data['selectPageTemplate']);
     }
     //save files
     $db->Execute("DELETE FROM VividStoreDigitalFiles WHERE pID=?", $pID);
     $u = User::getByUserID(1);
     $ui = \UserInfo::getByID($u->getUserID());
     if ($data['dffID']) {
         foreach ($data['dffID'] as $dffID) {
             if ($dffID) {
                 $db->Execute("INSERT INTO VividStoreDigitalFiles(dffID,pID) VALUES (?,?)", array($dffID, $pID));
                 $fileObj = File::getByID($dffID);
                 $fs = \FileSet::getByName("Digital Downloads");
                 $fs->addFileToSet($fileObj);
                 $fileObj->resetPermissions(1);
                 $pk = \Concrete\Core\Permission\Key\FileKey::getByHandle('view_file');
                 $pk->setPermissionObject($fileObj);
                 $pao = $pk->getPermissionAssignmentObject();
                 $groupEntity = \Concrete\Core\Permission\Access\Entity\GroupEntity::getOrCreate(\Group::getByID(GUEST_GROUP_ID));
                 $pa = $pk->getPermissionAccessObject();
                 if ($pa) {
                     $pa->removeListItem($groupEntity);
                     $pao->assignPermissionAccess($pa);
                 }
             }
         }
     }
     $db->Execute("DELETE FROM VividStoreProductLocations where pID = ?", array($pID));
     foreach ($data['cID'] as $cID) {
         if ($cID > 0) {
             $db->Execute("REPLACE INTO VividStoreProductLocations(pID,cID) VALUES (?,?)", array($pID, (int) $cID));
         }
     }
     $product = Product::getByID($pID);
     return $product;
 }
Esempio n. 13
0
 public function view()
 {
     $editAccess = array();
     if (Config::get('concrete.permissions_model') != 'simple') {
         return;
     }
     $home = Page::getByID(1, "RECENT");
     $pk = PermissionKey::getByHandle('view_page');
     $pk->setPermissionObject($home);
     $assignments = $pk->getAccessListItems();
     foreach ($assignments as $asi) {
         $ae = $asi->getAccessEntityObject();
         if ($ae->getAccessEntityTypeHandle() == 'group' && $ae->getGroupObject()->getGroupID() == GUEST_GROUP_ID) {
             $this->set('guestCanRead', true);
         } else {
             if ($ae->getAccessEntityTypeHandle() == 'group' && $ae->getGroupObject()->getGroupID() == REGISTERED_GROUP_ID) {
                 $this->set('registeredCanRead', true);
             }
         }
     }
     $gl = new GroupList();
     $gl->filter('gID', REGISTERED_GROUP_ID, '>');
     $gIDs = $gl->getResults();
     $gArray = array();
     foreach ($gIDs as $g) {
         $gArray[] = $g;
     }
     $pk = PermissionKey::getByHandle('edit_page_contents');
     $pk->setPermissionObject($home);
     $assignments = $pk->getAccessListItems();
     foreach ($assignments as $asi) {
         $ae = $asi->getAccessEntityObject();
         if ($ae->getAccessEntityTypeHandle() == 'group') {
             $groupObject = $ae->getGroupObject();
             if ($groupObject) {
                 $editAccess[] = $ae->getGroupObject()->getGroupID();
             }
         }
     }
     $this->set('home', $home);
     $this->set('gArray', $gArray);
     $this->set('editAccess', $editAccess);
     if ($this->isPost()) {
         if ($this->token->validate('site_permissions_code')) {
             switch ($_POST['view']) {
                 case "ANYONE":
                     $viewObj = GroupPermissionAccessEntity::getOrCreate(Group::getByID(GUEST_GROUP_ID));
                     break;
                 case "USERS":
                     $viewObj = GroupPermissionAccessEntity::getOrCreate(Group::getByID(REGISTERED_GROUP_ID));
                     break;
                 case "PRIVATE":
                     $viewObj = GroupPermissionAccessEntity::getOrCreate(Group::getByID(ADMIN_GROUP_ID));
                     break;
             }
             $pk = PermissionKey::getByHandle('view_page');
             $pk->setPermissionObject($home);
             $pt = $pk->getPermissionAssignmentObject();
             $pt->clearPermissionAssignment();
             $pa = PermissionAccess::create($pk);
             $pa->addListItem($viewObj);
             $pt->assignPermissionAccess($pa);
             $editAccessEntities = array();
             if (is_array($_POST['gID'])) {
                 foreach ($_POST['gID'] as $gID) {
                     $editAccessEntities[] = GroupPermissionAccessEntity::getOrCreate(Group::getByID($gID));
                 }
             }
             $editPermissions = array('view_page_versions', 'edit_page_properties', 'edit_page_contents', 'edit_page_speed_settings', 'edit_page_theme', 'edit_page_template', 'edit_page_permissions', 'delete_page', 'preview_page_as_user', 'schedule_page_contents_guest_access', 'delete_page_versions', 'approve_page_versions', 'add_subpage', 'move_or_copy_page');
             foreach ($editPermissions as $pkHandle) {
                 $pk = PermissionKey::getByHandle($pkHandle);
                 $pk->setPermissionObject($home);
                 $pt = $pk->getPermissionAssignmentObject();
                 $pt->clearPermissionAssignment();
                 $pa = PermissionAccess::create($pk);
                 foreach ($editAccessEntities as $editObj) {
                     $pa->addListItem($editObj);
                 }
                 $pt->assignPermissionAccess($pa);
             }
             $pkx = PermissionKey::getbyHandle('add_block');
             $pt = $pkx->getPermissionAssignmentObject();
             $pt->clearPermissionAssignment();
             $pa = PermissionAccess::create($pkx);
             foreach ($editAccessEntities as $editObj) {
                 $pa->addListItem($editObj);
             }
             $pt->assignPermissionAccess($pa);
             $pkx = PermissionKey::getbyHandle('add_stack');
             $pt = $pkx->getPermissionAssignmentObject();
             $pt->clearPermissionAssignment();
             $pa = PermissionAccess::create($pkx);
             foreach ($editAccessEntities as $editObj) {
                 $pa->addListItem($editObj);
             }
             $pt->assignPermissionAccess($pa);
             Core::make('cache')->flush();
             $this->redirect('/dashboard/system/permissions/site/', 'saved');
         } else {
             $this->error->add($this->token->getErrorMessage());
         }
     }
 }
 public function installMaintenanceModePermission()
 {
     $pk = Key::getByHandle('view_in_maintenance_mode');
     if (!$pk instanceof Key) {
         $pk = Key::add('admin', 'view_in_maintenance_mode', 'View Site in Maintenance Mode', 'Controls whether a user can access the website when its under maintenance.', false, false);
         $pa = $pk->getPermissionAccessObject();
         if (!is_object($pa)) {
             $pa = Access::create($pk);
         }
         $adminGroup = Group::getByID(ADMIN_GROUP_ID);
         if ($adminGroup) {
             $adminGroupEntity = GroupEntity::getOrCreate($adminGroup);
             $pa->addListItem($adminGroupEntity);
             $pt = $pk->getPermissionAssignmentObject();
             $pt->assignPermissionAccess($pa);
         }
     }
 }
Esempio n. 15
0
 public function assignPermissions($userOrGroup, $permissions = array(), $accessType = FileSetPermissionKey::ACCESS_TYPE_INCLUDE)
 {
     $db = Loader::db();
     if ($this->fsID > 0) {
         $db->Execute("UPDATE FileSets SET fsOverrideGlobalPermissions = 1 WHERE fsID = ?", array($this->fsID));
         $this->fsOverrideGlobalPermissions = true;
     }
     if (is_array($userOrGroup)) {
         $pe = GroupCombinationPermissionAccessEntity::getOrCreate($userOrGroup);
         // group combination
     } else {
         if ($userOrGroup instanceof User || $userOrGroup instanceof \UserInfo) {
             $pe = UserPermissionAccessEntity::getOrCreate($userOrGroup);
         } else {
             // group;
             $pe = GroupPermissionAccessEntity::getOrCreate($userOrGroup);
         }
     }
     foreach ($permissions as $pkHandle) {
         $pk = PermissionKey::getByHandle($pkHandle);
         $pk->setPermissionObject($this);
         $pa = $pk->getPermissionAccessObject();
         if (!is_object($pa)) {
             $pa = PermissionAccess::create($pk);
         } else {
             if ($pa->isPermissionAccessInUse()) {
                 $pa = $pa->duplicate();
             }
         }
         $pa->addListItem($pe, false, $accessType);
         $pt = $pk->getPermissionAssignmentObject();
         $pt->assignPermissionAccess($pa);
     }
 }
 public function addNotifications()
 {
     $this->output(t('Adding notifications...'));
     $adminGroupEntity = GroupEntity::getOrCreate(\Group::getByID(ADMIN_GROUP_ID));
     $adminUserEntity = UserEntity::getOrCreate(\UserInfo::getByID(USER_SUPER_ID));
     $pk = Key::getByHandle('notify_in_notification_center');
     $pa = Access::create($pk);
     $pa->addListItem($adminUserEntity);
     $pa->addListItem($adminGroupEntity);
     $pt = $pk->getPermissionAssignmentObject();
     $pt->assignPermissionAccess($pa);
 }
Esempio n. 17
0
<?php

defined('C5_EXECUTE') or die("Access Denied.");
use Concrete\Core\Permission\Access\Entity\GroupEntity as GroupPermissionAccessEntity;
if (Loader::helper('validation/token')->validate('process')) {
    $js = Loader::helper('json');
    $obj = new stdClass();
    $g = Group::getByID($_REQUEST['gID']);
    if (is_object($g)) {
        $pae = GroupPermissionAccessEntity::getOrCreate($g);
        $obj->peID = $pae->getAccessEntityID();
        $obj->label = $pae->getAccessEntityLabel();
    }
    echo $js->encode($obj);
}
Esempio n. 18
0
 /**
  * @return \Concrete\Core\Page\PageList
  */
 public function getPageListObject()
 {
     $pl = new PageList();
     $pl->setItemsPerPage($this->itemsPerFeed);
     $pl->sortByPublicDateDescending();
     if (!$this->checkPagePermissions) {
         $pl->ignorePermissions();
     } else {
         $vp = \Concrete\Core\Permission\Key\Key::getByHandle('view_page');
         $guest = \Group::getByID(GUEST_GROUP_ID);
         $access = GroupEntity::getOrCreate($guest);
         // we set page permissions to be Guest group only, because
         // authentication won't work with RSS feeds
         $pl->setPermissionsChecker(function ($page) use($vp, $access) {
             $vp->setPermissionObject($page);
             $pa = $vp->getPermissionAccessObject($page);
             if (!is_object($pa)) {
                 return false;
             }
             return $pa->validateAccessEntities(array($access));
         });
     }
     if ($this->cParentID) {
         if ($this->pfIncludeAllDescendents) {
             $parent = \Page::getByID($this->cParentID);
             if (is_object($parent) && !$parent->isError()) {
                 $pl->filterByPath($parent->getCollectionPath());
             }
         } else {
             $pl->filterByParentID($this->cParentID);
         }
     }
     if ($this->pfDisplayAliases) {
         $pl->includeAliases();
     }
     if ($this->ptID) {
         $pl->filterByPageTypeID($this->ptID);
     }
     if ($this->pfDisplayFeaturedOnly) {
         $pl->filterByAttribute('is_featured', true);
     }
     return $pl;
 }
 public function install_site_permissions()
 {
     $g1 = Group::getByID(GUEST_GROUP_ID);
     $g2 = Group::getByID(REGISTERED_GROUP_ID);
     $g3 = Group::getByID(ADMIN_GROUP_ID);
     $filesystem = new Filesystem();
     $folder = $filesystem->getRootFolder();
     $folder->assignPermissions($g1, ['view_file_folder_file']);
     $folder->assignPermissions($g3, ['view_file_folder_file', 'search_file_folder', 'edit_file_folder', 'edit_file_folder_file_properties', 'edit_file_folder_file_contents', 'copy_file_folder_files', 'edit_file_folder_permissions', 'delete_file_folder_files', 'delete_file_folder', 'add_file']);
     $u = new User();
     $u->saveConfig('NEWSFLOW_LAST_VIEWED', 'FIRSTRUN');
     // login
     $login = Page::getByPath('/login', "RECENT");
     $login->assignPermissions($g1, ['view_page']);
     // register
     $register = Page::getByPath('/register', "RECENT");
     $register->assignPermissions($g1, ['view_page']);
     // dashboard
     $dashboard = Page::getByPath('/dashboard', "RECENT");
     $dashboard->assignPermissions($g3, ['view_page']);
     // drafts
     $drafts = Page::getByPath('/!drafts', "RECENT");
     $drafts->assignPermissions($g3, ['view_page', 'view_page_versions', 'view_page_in_sitemap', 'preview_page_as_user', 'edit_page_properties', 'edit_page_contents', 'edit_page_speed_settings', 'edit_page_multilingual_settings', 'edit_page_theme', 'edit_page_template', 'edit_page_page_type', 'edit_page_permissions', 'delete_page', 'delete_page_versions', 'approve_page_versions', 'add_subpage', 'move_or_copy_page', 'schedule_page_contents_guest_access']);
     $home = Page::getByID(1, "RECENT");
     $home->assignPermissions($g1, ['view_page']);
     $home->assignPermissions($g3, ['view_page_versions', 'view_page_in_sitemap', 'preview_page_as_user', 'edit_page_properties', 'edit_page_contents', 'edit_page_speed_settings', 'edit_page_multilingual_settings', 'edit_page_theme', 'edit_page_template', 'edit_page_page_type', 'edit_page_permissions', 'delete_page', 'delete_page_versions', 'approve_page_versions', 'add_subpage', 'move_or_copy_page', 'schedule_page_contents_guest_access']);
     $config = \Core::make('config/database');
     $config->save('concrete.security.token.jobs', Core::make('helper/validation/identifier')->getString(64));
     $config->save('concrete.security.token.encryption', Core::make('helper/validation/identifier')->getString(64));
     $config->save('concrete.security.token.validation', Core::make('helper/validation/identifier')->getString(64));
     // group permissions
     $tree = GroupTree::get();
     $node = $tree->getRootTreeNodeObject();
     $permissions = ['search_users_in_group', 'edit_group', 'assign_group', 'add_sub_group', 'edit_group_permissions'];
     $adminGroupEntity = GroupPermissionAccessEntity::getOrCreate($g3);
     foreach ($permissions as $pkHandle) {
         $pk = PermissionKey::getByHandle($pkHandle);
         $pk->setPermissionObject($node);
         $pa = PermissionAccess::create($pk);
         $pa->addListItem($adminGroupEntity);
         $pt = $pk->getPermissionAssignmentObject();
         $pt->assignPermissionAccess($pa);
     }
     // conversation permissions
     $messageAuthorEntity = ConversationMessageAuthorEntity::getOrCreate();
     $guestEntity = GroupPermissionAccessEntity::getOrCreate($g1);
     $registeredEntity = GroupPermissionAccessEntity::getOrCreate($g2);
     $pk = PermissionKey::getByHandle('add_conversation_message');
     $pa = PermissionAccess::create($pk);
     $pa->addListItem($guestEntity);
     $pt = $pk->getPermissionAssignmentObject();
     $pt->assignPermissionAccess($pa);
     $pk = PermissionKey::getByHandle('add_conversation_message_attachments');
     $pa = PermissionAccess::create($pk);
     $pa->addListItem($guestEntity);
     $pt = $pk->getPermissionAssignmentObject();
     $pt->assignPermissionAccess($pa);
     $pk = PermissionKey::getByHandle('edit_conversation_message');
     $pa = PermissionAccess::create($pk);
     $pa->addListItem($messageAuthorEntity);
     $pa->addListItem($adminGroupEntity);
     $pt = $pk->getPermissionAssignmentObject();
     $pt->assignPermissionAccess($pa);
     $pk = PermissionKey::getByHandle('delete_conversation_message');
     $pa = PermissionAccess::create($pk);
     $pa->addListItem($messageAuthorEntity);
     $pa->addListItem($adminGroupEntity);
     $pt = $pk->getPermissionAssignmentObject();
     $pt->assignPermissionAccess($pa);
     $pk = PermissionKey::getByHandle('rate_conversation_message');
     $pa = PermissionAccess::create($pk);
     $pa->addListItem($registeredEntity);
     $pa->addListItem($adminGroupEntity);
     $pt = $pk->getPermissionAssignmentObject();
     $pt->assignPermissionAccess($pa);
     $permissions = ['edit_conversation_permissions', 'flag_conversation_message', 'approve_conversation_message'];
     foreach ($permissions as $pkHandle) {
         $pk = PermissionKey::getByHandle($pkHandle);
         $pa = PermissionAccess::create($pk);
         $pa->addListItem($adminGroupEntity);
         $pt = $pk->getPermissionAssignmentObject();
         $pt->assignPermissionAccess($pa);
     }
     // notification
     $adminUserEntity = UserEntity::getOrCreate(\UserInfo::getByID(USER_SUPER_ID));
     $pk = PermissionKey::getByHandle('notify_in_notification_center');
     $pa = PermissionAccess::create($pk);
     $pa->addListItem($adminUserEntity);
     $pa->addListItem($adminGroupEntity);
     $pt = $pk->getPermissionAssignmentObject();
     $pt->assignPermissionAccess($pa);
     try {
         Core::make('helper/file')->makeExecutable(DIR_BASE_CORE . '/bin/concrete5', 'all');
     } catch (\Exception $x) {
     }
 }
Esempio n. 20
0
 protected function importPermissions(\SimpleXMLElement $sx)
 {
     if (isset($sx->permissionkeys)) {
         foreach ($sx->permissionkeys->permissionkey as $pk) {
             if (is_object(PermissionKey::getByHandle((string) $pk['handle']))) {
                 continue;
             }
             $pkc = PermissionKeyCategory::getByHandle((string) $pk['category']);
             $pkg = static::getPackageObject($pk['package']);
             $txt = Core::make('helper/text');
             $c1 = '\\Concrete\\Core\\Permission\\Key\\' . $txt->camelcase($pkc->getPermissionKeyCategoryHandle()) . 'Key';
             $pkx = call_user_func(array($c1, 'import'), $pk);
             if (isset($pk->access)) {
                 foreach ($pk->access->children() as $ch) {
                     if ($ch->getName() == 'group') {
                         $g = Group::getByName($ch['name']);
                         if (!is_object($g)) {
                             $g = Group::add($g['name'], $g['description']);
                         }
                         $pae = GroupPermissionAccessEntity::getOrCreate($g);
                         $pa = PermissionAccess::create($pkx);
                         $pa->addListItem($pae);
                         $pt = $pkx->getPermissionAssignmentObject();
                         $pt->assignPermissionAccess($pa);
                     }
                 }
             }
         }
     }
 }
Esempio n. 21
0
 public function assignPermissions($userOrGroup, $permissions = array(), $accessType = PagePermissionKey::ACCESS_TYPE_INCLUDE)
 {
     if ($this->cInheritPermissionsFrom != 'OVERRIDE') {
         $this->setPermissionsToManualOverride();
         $this->clearPagePermissions();
     }
     if (is_array($userOrGroup)) {
         $pe = GroupCombinationPermissionAccessEntity::getOrCreate($userOrGroup);
         // group combination
     } else {
         if ($userOrGroup instanceof User || $userOrGroup instanceof UserInfo) {
             $pe = UserPermissionAccessEntity::getOrCreate($userOrGroup);
         } else {
             // group;
             $pe = GroupPermissionAccessEntity::getOrCreate($userOrGroup);
         }
     }
     foreach ($permissions as $pkHandle) {
         $pk = PagePermissionKey::getByHandle($pkHandle);
         $pk->setPermissionObject($this);
         $pa = $pk->getPermissionAccessObject();
         if (!is_object($pa)) {
             $pa = PermissionAccess::create($pk);
         } else {
             if ($pa->isPermissionAccessInUse()) {
                 $pa = $pa->duplicate();
             }
         }
         $pa->addListItem($pe, false, $accessType);
         $pt = $pk->getPermissionAssignmentObject();
         $pt->assignPermissionAccess($pa);
     }
 }
Esempio n. 22
0
 public function removePermissions($userOrGroup, $permissions = array())
 {
     if ($this->cInheritPermissionsFrom != 'OVERRIDE') {
         return;
     }
     if (is_array($userOrGroup)) {
         $pe = GroupCombinationPermissionAccessEntity::getOrCreate($userOrGroup);
         // group combination
     } elseif ($userOrGroup instanceof User || $userOrGroup instanceof UserInfo) {
         $pe = UserPermissionAccessEntity::getOrCreate($userOrGroup);
     } else {
         // group;
         $pe = GroupPermissionAccessEntity::getOrCreate($userOrGroup);
     }
     foreach ($permissions as $pkHandle) {
         $pk = PagePermissionKey::getByHandle($pkHandle);
         $pk->setPermissionObject($this);
         $pa = $pk->getPermissionAccessObject();
         if (is_object($pa)) {
             if ($pa->isPermissionAccessInUse()) {
                 $pa = $pa->duplicate();
             }
             $pa->removeListItem($pe);
             $pt = $pk->getPermissionAssignmentObject();
             $pt->assignPermissionAccess($pa);
         }
     }
 }
Esempio n. 23
0
                    $pa = PermissionAccess::getByID($paID, $pk);
                    if (is_object($pa)) {
                        $pt->assignPermissionAccess($pa);
                    }
                }
            }
        }
    }
    if ($p->canScheduleGuestAccess()) {
        if ($_REQUEST['task'] == 'set_timed_guest_access' && Loader::helper("validation/token")->validate('set_timed_guest_access')) {
            if (!$b->overrideAreaPermissions()) {
                $b->doOverrideAreaPermissions();
            }
            $pk = PermissionKey::getByHandle('view_block');
            $pk->setPermissionObject($b);
            $pa = $pk->getPermissionAccessObject();
            if (!is_object($pa)) {
                $pa = PermissionAccess::create($pk);
            } else {
                if ($pa->isPermissionAccessInUse()) {
                    $pa = $pa->duplicate();
                }
            }
            $pe = GroupPermissionAccessEntity::getOrCreate(Group::getByID(GUEST_GROUP_ID));
            $pd = PermissionDuration::createFromRequest();
            $pa->addListItem($pe, $pd, PermissionKey::ACCESS_TYPE_INCLUDE);
            $pt = $pk->getPermissionAssignmentObject();
            $pt->assignPermissionAccess($pa);
        }
    }
}