public function save() { if (Loader::helper('validation/token')->validate('save_permissions')) { $fs = FileSet::getGlobal(); $tp = new TaskPermission(); if ($tp->canAccessTaskPermissions()) { $permissions = PermissionKey::getList('file_set'); foreach ($permissions as $pk) { $pk->setPermissionObject($fs); $paID = $_POST['pkID'][$pk->getPermissionKeyID()]; $pt = $pk->getPermissionAssignmentObject(); $pt->clearPermissionAssignment(); if ($paID > 0) { $pa = PermissionAccess::getByID($paID, $pk); if (is_object($pa)) { $pt->assignPermissionAccess($pa); } } } $this->redirect('/dashboard/system/permissions/files', 'updated'); } } else { $this->error->add(Loader::helper("validation/token")->getErrorMessage()); } }
public function setPermissionObject(FileSet $fs) { $this->permissionObject = $fs; if ($fs->overrideGlobalPermissions()) { $this->permissionObjectToCheck = $fs; } else { $fs = FileSet::getGlobal(); $this->permissionObjectToCheck = $fs; } }
public function __construct() { $fp = new Permissions(\FileSet::getGlobal()); $tp = new Permissions(); $this->assets = ResponseAssetGroup::get(); $this->token = Core::make("token")->generate('editor'); $this->setAllowFileManager($fp->canAccessFileManager()); $this->setAllowSitemap($tp->canAccessSitemap()); $this->pluginManager = new PluginManager(); $this->pluginManager->selectMultiple(\Package::getByHandle('community_ckeditor')->getConfig()->get('plugins', array())); }
public function setPermissionObject(File $f) { $this->permissionObject = $f; if ($f->overrideFileSetPermissions()) { $this->permissionObjectToCheck = $f; } else { $sets = $f->getFileSets(); $permsets = array(); foreach ($sets as $fs) { if ($fs->overrideGlobalPermissions()) { $permsets[] = $fs; } } if (count($permsets) > 0) { $this->permissionObjectToCheck = $permsets; } else { $fs = FileSet::getGlobal(); $this->permissionObjectToCheck = $fs; } } }
?> <?php ob_start(); ?> <?php echo Loader::element('permission/help'); ?> <?php $help = ob_get_contents(); ?> <?php ob_end_clean(); ?> <?php $fs = FileSet::getGlobal(); ?> <form method="post" action="<?php echo $view->action('save'); ?> " id="ccm-permission-list-form"> <?php echo Loader::helper('validation/token')->output('save_permissions'); ?> <div class="ccm-pane-body"> <?php $tp = new TaskPermission(); if ($tp->canAccessTaskPermissions()) { ?>
public function set_site_permissions() { Loader::model('file_set'); $fs = FileSet::getGlobal(); $g1 = Group::getByID(GUEST_GROUP_ID); $g2 = Group::getByID(REGISTERED_GROUP_ID); $g3 = Group::getByID(ADMIN_GROUP_ID); $fs->assignPermissions($g1, array('view_file_set_file')); $fs->assignPermissions($g3, array('view_file_set_file', 'search_file_set', 'edit_file_set_file_properties', 'edit_file_set_file_contents', 'copy_file_set_files', 'edit_file_set_permissions', 'delete_file_set_files', 'delete_file_set', 'add_file')); if (defined('ACTIVE_LOCALE') && ACTIVE_LOCALE != '' && ACTIVE_LOCALE != 'en_US') { Config::save('SITE_LOCALE', ACTIVE_LOCALE); } Config::save('SITE', SITE); Config::save('SITE_APP_VERSION', APP_VERSION); Config::save('SITE_INSTALLED_APP_VERSION', APP_VERSION); $u = new User(); $u->saveConfig('NEWSFLOW_LAST_VIEWED', 'FIRSTRUN'); $home = Page::getByID(1, "RECENT"); $home->assignPermissions($g1, array('view_page')); $home->assignPermissions($g3, array('view_page_versions', 'preview_page_as_user', 'edit_page_properties', 'edit_page_contents', 'edit_page_speed_settings', 'edit_page_theme', 'edit_page_type', 'edit_page_permissions', 'delete_page', 'delete_page_versions', 'approve_page_versions', 'add_subpage', 'move_or_copy_page', 'schedule_page_contents_guest_access')); }
public function save_global_permissions() { $vt = Loader::helper('validation/token'); if (!$vt->validate("file_permissions")) { $this->set('error', array($vt->getErrorMessage())); return; } $p = $this->post(); Loader::model('file_set'); $fs = FileSet::getGlobal(); $this->setFileSetPermissions($fs, $p); $this->redirect('/dashboard/system/permissions/files', 'global_permissions_saved'); }
protected function migrateFileSetPermissions() { $db = Loader::db(); $tables = $db->MetaTables(); if (!in_array('FileSetPermissions', $tables)) { return false; } // permissions $fpe = FileUploaderPermissionAccessEntity::getOrCreate(); $permissionMap = array('canRead' => array(PermissionKey::getByHandle('view_file_set_file')), 'canSearch' => array(PermissionKey::getByHandle('search_file_set')), 'canWrite' => array(PermissionKey::getByHandle('edit_file_set_file_properties'), PermissionKey::getByHandle('edit_file_set_file_contents'), PermissionKey::getByHandle('copy_file_set_files'), PermissionKey::getByHandle('delete_file_set_files')), 'canAdmin' => array(PermissionKey::getByHandle('edit_file_set_permissions'), PermissionKey::getByHandle('delete_file_set'))); $r = $db->Execute('select * from FileSetPermissions order by fsID asc'); while ($row = $r->FetchRow()) { $pe = $this->migrateAccessEntity($row); if (!$pe) { continue; } if ($row['fsID'] > 0) { $fs = FileSet::getByID($row['fsID']); } else { $fs = FileSet::getGlobal(); } $permissions = $this->getFileSetPermissionsArray($row); if (is_object($fs)) { foreach ($permissions as $p => $accessType) { if ($accessType == self::ACCESS_TYPE_MINE) { $_pe = $fpe; } else { $_pe = $pe; } $permissionsToApply = $permissionMap[$p]; foreach ($permissionsToApply as $pko) { $pko->setPermissionObject($fs); $pt = $pko->getPermissionAssignmentObject(); $pa = $pko->getPermissionAccessObject(); if (!is_object($pa)) { $pa = PermissionAccess::create($pko); } else { if ($pa->isPermissionAccessInUse()) { $pa = $pa->duplicate(); } } $pa->addListItem($_pe, false, FileSetPermissionKey::ACCESS_TYPE_INCLUDE); $pt->assignPermissionAccess($pa); } } } } }
public static function getGlobal() { $fs = FileSet::getGlobal(); $fsp = new Permissions($fs); return $fsp; }
public static function getGlobal() { Loader::model('file_set'); $fs = FileSet::getGlobal(); $fsp = new Permissions($fs); return $fsp; }
public function run() { $db = Loader::db(); $tables = $db->MetaTables('TABLES'); if (in_array('btFormQuestions', $tables)) { //$db->CacheFlush(); //$db->setDebug(true); $questionsWithBIDs = $db->getAll('SELECT max(bID) AS bID, btForm.questionSetId AS qSetId FROM `btForm` GROUP BY questionSetId'); foreach ($questionsWithBIDs as $questionsWithBID) { $vals = array(intval($questionsWithBID['bID']), intval($questionsWithBID['qSetId'])); $rs = $db->query('UPDATE btFormQuestions SET bID=? WHERE questionSetId=? AND bID=0', $vals); } } // now we populate files $num = $db->GetOne("select count(*) from Files"); if ($num < 1) { $r = $db->Execute("select btFile.*, Blocks.bDateAdded from btFile inner join Blocks on btFile.bID = Blocks.bID"); while ($row = $r->fetchRow()) { $v = array($row['bID'], 1, $row['filename'], null, '', $row['origfilename'], $row['bDateAdded']); $db->Execute("insert into FileVersions (fID, fvID, fvFilename, fvPrefix, fvExtension, fvTitle, fvDateAdded) values (?, ?, ?, ?, ?, ?, ?)", $v); $db->Execute("insert into Files (fID, fDateAdded) values (?, ?)", array($row['bID'], $row['bDateAdded'])); } } Loader::model('single_page'); // Rename Forms to Reports $p = Page::getByPath('/dashboard/mediabrowser'); if (!$p->isError()) { $p->delete(); } $p = Page::getByPath('/dashboard/files'); if ($p->isError()) { $d2 = SinglePage::add('/dashboard/files'); $d2a = SinglePage::add('/dashboard/files/search'); $d2b = SinglePage::add('/dashboard/files/attributes'); $d2c = SinglePage::add('/dashboard/files/sets'); $d2d = SinglePage::add('/dashboard/files/access'); $d2->update(array('cName' => t('File Manager'), 'cDescription' => t('All documents and images.'))); $d3b = SinglePage::add('/dashboard/reports/surveys'); } $p = Page::getByPath('/dashboard/scrapbook'); if ($p->isError()) { $d3 = SinglePage::add('/dashboard/scrapbook'); $d3b = SinglePage::add('/dashboard/scrapbook/user'); $d3a = SinglePage::add('/dashboard/scrapbook/global'); $d3->update(array('cName' => t('Scrapbook'), 'cDescription' => t('Share content across your site.'))); } Loader::model('file_set'); Loader::model('groups'); $htbt = BlockType::getByHandle('html'); if (!is_object($htbt)) { BlockType::installBlockType('html'); } $g1 = Group::getByID(GUEST_GROUP_ID); $g2 = Group::getByID(REGISTERED_GROUP_ID); $g3 = Group::getByID(ADMIN_GROUP_ID); $fs = FileSet::getGlobal(); $fs->setPermissions($g1, FilePermissions::PTYPE_NONE, FilePermissions::PTYPE_ALL, FilePermissions::PTYPE_NONE, FilePermissions::PTYPE_NONE, FilePermissions::PTYPE_NONE); $fs->setPermissions($g2, FilePermissions::PTYPE_NONE, FilePermissions::PTYPE_ALL, FilePermissions::PTYPE_NONE, FilePermissions::PTYPE_NONE, FilePermissions::PTYPE_NONE); $fs->setPermissions($g3, FilePermissions::PTYPE_ALL, FilePermissions::PTYPE_ALL, FilePermissions::PTYPE_ALL, FilePermissions::PTYPE_ALL, FilePermissions::PTYPE_ALL); $p = Page::getByPath('/dashboard/reports/surveys'); if ($p->isError()) { $p = SinglePage::add('/dashboard/reports/surveys'); } }
protected function setupFilePermissions() { $u = new User(); if ($this->permissionLevel == false || $u->isSuperUser()) { return false; } $accessEntities = $u->getUserAccessEntityObjects(); foreach ($accessEntities as $pae) { $peIDs[] = $pae->getAccessEntityID(); } $db = Loader::db(); // figure out which sets can read files in, not read files in, and read only my files in. $fsIDs = $db->GetCol('select fsID from FileSets where fsOverrideGlobalPermissions = 1'); $viewableSets = array(-1); $nonviewableSets = array(-1); $myviewableSets = array(-1); $owpae = FileUploaderPermissionAccessEntity::getOrCreate(); if (count($fsIDs) > 0) { $pk = PermissionKey::getByHandle($this->permissionLevel); foreach ($fsIDs as $fsID) { $fs = FileSet::getByID($fsID); $pk->setPermissionObject($fs); $list = $pk->getAccessListItems(PermissionKey::ACCESS_TYPE_ALL, $accessEntities); $list = PermissionDuration::filterByActive($list); if (count($list) > 0) { foreach ($list as $l) { $pae = $l->getAccessEntityObject(); if ($pae->getAccessEntityID() == $owpae->getAccessEntityID()) { $myviewableSets[] = $fs->getFileSetID(); } else { if ($l->getAccessType() == PermissionKey::ACCESS_TYPE_INCLUDE) { $viewableSets[] = $fs->getFileSetID(); } if ($l->getAccessType() == PermissionKey::ACCESS_TYPE_EXCLUDE) { $nonviewableSets[] = $fs->getFileSetID(); } } } } else { $nonviewableSets[] = $fs->getFileSetID(); } } } $fs = FileSet::getGlobal(); $fk = PermissionKey::getByHandle('search_file_set'); $fk->setPermissionObject($fs); $accessEntities[] = $owpae; $list = $fk->getAccessListItems(PermissionKey::ACCESS_TYPE_ALL, $accessEntities); $list = PermissionDuration::filterByActive($list); foreach ($list as $l) { $pae = $l->getAccessEntityObject(); if ($pae->getAccessEntityID() == $owpae->getAccessEntityID()) { $valid = 'mine'; } else { if ($l->getAccessType() == PermissionKey::ACCESS_TYPE_INCLUDE) { $valid = PermissionKey::ACCESS_TYPE_INCLUDE; } if ($l->getAccessType() == PermissionKey::ACCESS_TYPE_EXCLUDE) { $valid = PermissionKey::ACCESS_TYPE_EXCLUDE; } } } $uID = $u->isRegistered() ? $u->getUserID() : 0; // This excludes all files found in sets where I may only read mine, and I did not upload the file $this->filter(false, '(f.uID = ' . $uID . ' or (select count(fID) from FileSetFiles where FileSetFiles.fID = f.fID and fsID in (' . implode(',', $myviewableSets) . ')) = 0)'); if ($valid == 'mine') { // this means that we're only allowed to read files we've uploaded (unless, of course, those files are in previously covered sets) $this->filter(false, '(f.uID = ' . $uID . ' or (select count(fID) from FileSetFiles where FileSetFiles.fID = f.fID and fsID in (' . implode(',', $viewableSets) . ')) > 0)'); } // this excludes all file that are found in sets that I can't find $this->filter(false, '((select count(fID) from FileSetFiles where FileSetFiles.fID = f.fID and fsID in (' . implode(',', $nonviewableSets) . ')) = 0)'); $uID = $u->isRegistered() ? $u->getUserID() : 0; // This excludes all files found in sets where I may only read mine, and I did not upload the file $this->filter(false, '(f.uID = ' . $uID . ' or (select count(fID) from FileSetFiles where FileSetFiles.fID = f.fID and fsID in (' . implode(',', $myviewableSets) . ')) = 0)'); $db = Loader::db(); $vpvPKID = $db->GetOne('select pkID from PermissionKeys where pkHandle = \'view_file\''); if ($this->permissionLevel == 'search_file_set') { $vpPKID = $db->GetOne('select pkID from PermissionKeys where pkHandle = \'view_file_in_file_manager\''); } else { $vpPKID = $vpvPKID; } $pdIDs = $db->GetCol("select distinct pdID from FilePermissionAssignments fpa inner join PermissionAccessList pal on fpa.paID = pal.paID where pkID in (?, ?) and pdID > 0", array($vpPKID, $vpvPKID)); $activePDIDs = array(); if (count($pdIDs) > 0) { // then we iterate through all of them and find any that are active RIGHT NOW foreach ($pdIDs as $pdID) { $pd = PermissionDuration::getByID($pdID); if ($pd->isActive()) { $activePDIDs[] = $pd->getPermissionDurationID(); } } } $activePDIDs[] = 0; // exclude files where its overridden but I don't have the ability to read $this->filter(false, "(f.fOverrideSetPermissions = 0 or (select count(fID) from FilePermissionAssignments fpa inner join PermissionAccessList fpal on fpa.paID = fpal.paID where fpa.fID = f.fID and fpal.accessType = " . PermissionKey::ACCESS_TYPE_INCLUDE . " and fpal.pdID in (" . implode(',', $activePDIDs) . ") and fpal.peID in (" . implode(',', $peIDs) . ") and (if(fpal.peID = " . $owpae->getAccessEntityID() . " and f.uID <> " . $uID . ", false, true)) and (fpa.pkID = " . $vpPKID . ")) > 0)"); // exclude detail files where read is excluded $this->filter(false, "f.fID not in (select ff.fID from Files ff inner join FilePermissionAssignments fpaExclude on ff.fID = fpaExclude.fID inner join PermissionAccessList palExclude on fpaExclude.paID = palExclude.paID where fOverrideSetPermissions = 1 and palExclude.accessType = " . PermissionKey::ACCESS_TYPE_EXCLUDE . " and palExclude.pdID in (" . implode(',', $activePDIDs) . ")\n\t\t\tand palExclude.peID in (" . implode(',', $peIDs) . ") and fpaExclude.pkID in (" . $vpPKID . "," . $vpvPKID . "))"); }
public function set_site_permissions() { $ci = new ContentImporter(); $ci->importContentFile(DIR_BASE_CORE. '/config/install/base/permissions.xml'); Loader::model('file_set'); $fs = FileSet::getGlobal(); $g1 = Group::getByID(GUEST_GROUP_ID); $g2 = Group::getByID(REGISTERED_GROUP_ID); $g3 = Group::getByID(ADMIN_GROUP_ID); $fs->setPermissions($g1, FilePermissions::PTYPE_NONE, FilePermissions::PTYPE_ALL, FilePermissions::PTYPE_NONE, FilePermissions::PTYPE_NONE, FilePermissions::PTYPE_NONE); $fs->setPermissions($g2, FilePermissions::PTYPE_NONE, FilePermissions::PTYPE_ALL, FilePermissions::PTYPE_NONE, FilePermissions::PTYPE_NONE, FilePermissions::PTYPE_NONE); $fs->setPermissions($g3, FilePermissions::PTYPE_ALL, FilePermissions::PTYPE_ALL, FilePermissions::PTYPE_ALL, FilePermissions::PTYPE_ALL, FilePermissions::PTYPE_ALL); Config::save('SITE', SITE); Config::save('SITE_APP_VERSION', APP_VERSION); $u = new User(); $u->saveConfig('NEWSFLOW_LAST_VIEWED', 'FIRSTRUN'); $args = array(); $args['cInheritPermissionsFrom'] = 'OVERRIDE'; $args['cOverrideTemplatePermissions'] = 1; $args['collectionRead'][] = 'gID:' . GUEST_GROUP_ID; $args['collectionAdmin'][] = 'gID:' . ADMIN_GROUP_ID; $args['collectionRead'][] = 'gID:' . ADMIN_GROUP_ID; $args['collectionApprove'][] = 'gID:' . ADMIN_GROUP_ID; $args['collectionReadVersions'][] = 'gID:' . ADMIN_GROUP_ID; $args['collectionWrite'][] = 'gID:' . ADMIN_GROUP_ID; $args['collectionDelete'][] = 'gID:' . ADMIN_GROUP_ID; $home = Page::getByID(1, "RECENT"); $home->updatePermissions($args); }