function addPermission($permissionCfg) { // verify obligatory fields if (!$permissionCfg->name) { throw new Exception('Permission name must be set'); } if (is_null($permissionCfg->partnerId) || $permissionCfg->partnerId === '') { throw new Exception('Permission partner id must be set'); } // init new db permission object $permission = new Permission(); foreach ($permissionCfg as $key => $value) { $setterCallback = array($permission, "set{$key}"); call_user_func_array($setterCallback, array($value)); } if (!$permission->getFriendlyName()) { $permission->setFriendlyName($permission->getName()); } if (!$permission->getStatus()) { $permission->setStatus(PermissionStatus::ACTIVE); } // add to database KalturaLog::log('Adding new permission with name [' . $permission->getName() . '] to partner id [' . $permission->getPartnerId() . ']'); try { PermissionPeer::addToPartner($permission, $permission->getPartnerId()); } catch (kPermissionException $e) { if ($e->getCode() === kPermissionException::PERMISSION_ALREADY_EXISTS) { KalturaLog::log('Permission name [' . $permission->getName() . '] already exists for partner id [' . $permission->getPartnerId() . ']'); } else { throw $e; } } }
public function equals(Permission $permission) { if ($permission->getName() != $this->name) { return false; } // True if allow is equal ((true && true) || (false && false)) return !($this->isAllowed() xor $permission->isAllowed()); }
public function implies(Permission $p) { if ($p instanceof BasicPermission) { // This has to be changed to do a wildcard match if ($p->getName() == $this->getName()) { return true; } return false; } return false; }
$dryRun = false; } //------------------------------------------------------ require_once dirname(__FILE__) . '/../../../bootstrap.php'; //------------------------------------------------------ $permissionsData = array(array(-1, PermissionType::NORMAL, PermissionName::BATCH_BASE, 'Batch system permission', null), array(0, PermissionType::NORMAL, PermissionName::USER_SESSION_PERMISSION, 'User session permission', null), array(0, PermissionType::NORMAL, PermissionName::ALWAYS_ALLOWED_ACTIONS, 'No session permission', null), array(0, PermissionType::NORMAL, PermissionName::CONTENT_INGEST_UPLOAD, 'Upload', null), array(0, PermissionType::NORMAL, PermissionName::CONTENT_INGEST_BULK_UPLOAD, 'Bulk upload', null), array(0, PermissionType::NORMAL, PermissionName::CONTENT_INGEST_FEED, 'Feed subscription', null), array(0, PermissionType::NORMAL, PermissionName::CONTENT_MANAGE_MIX, 'Manage remix', null), array(0, PermissionType::NORMAL, PermissionName::CONTENT_MANAGE_BASE, 'Basic content management', null), array(0, PermissionType::NORMAL, PermissionName::CONTENT_MANAGE_METADATA, 'Modify metadata', null), array(0, PermissionType::NORMAL, PermissionName::CONTENT_MANAGE_ASSIGN_CATEGORIES, 'Assign categories', null), array(0, PermissionType::NORMAL, PermissionName::CONTENT_MANAGE_THUMBNAIL, 'Modify thumbnails', null), array(0, PermissionType::NORMAL, PermissionName::CONTENT_MANAGE_SCHEDULE, 'Modify scheduling', null), array(0, PermissionType::NORMAL, PermissionName::CONTENT_MANAGE_ACCESS_CONTROL, 'Modify content access control', null), array(0, PermissionType::NORMAL, PermissionName::CONTENT_MANAGE_CUSTOM_DATA, 'Modify custom data', PermissionPeer::getPermissionNameFromPluginName(MetadataPlugin::getPluginName())), array(0, PermissionType::NORMAL, PermissionName::CONTENT_MANAGE_DELETE, 'Delete content', null), array(0, PermissionType::NORMAL, PermissionName::CONTENT_MANAGE_RECONVERT, 'Reconvert flavors', null), array(0, PermissionType::NORMAL, PermissionName::CONTENT_MANAGE_EDIT_CATEGORIES, 'Manage categories', null), array(0, PermissionType::NORMAL, PermissionName::CONTENT_MANAGE_EMBED_CODE, 'Grab embed code', null), array(0, PermissionType::NORMAL, PermissionName::CONTENT_MANAGE_DISTRIBUTION_BASE, 'Distribution base', PermissionPeer::getPermissionNameFromPluginName(ContentDistributionPlugin::getPluginName())), array(0, PermissionType::NORMAL, PermissionName::CONTENT_MANAGE_DISTRIBUTION_WHERE, 'Where to distribute', PermissionPeer::getPermissionNameFromPluginName(ContentDistributionPlugin::getPluginName())), array(0, PermissionType::NORMAL, PermissionName::CONTENT_MANAGE_DISTRIBUTION_SEND, 'Distribution submit', PermissionPeer::getPermissionNameFromPluginName(ContentDistributionPlugin::getPluginName())), array(0, PermissionType::NORMAL, PermissionName::CONTENT_MANAGE_DISTRIBUTION_REMOVE, 'Distribution remove', PermissionPeer::getPermissionNameFromPluginName(ContentDistributionPlugin::getPluginName())), array(0, PermissionType::NORMAL, PermissionName::CONTENT_MANAGE_DISTRIBUTION_PROFILE_MODIFY, 'Distribution profile manage', PermissionPeer::getPermissionNameFromPluginName(ContentDistributionPlugin::getPluginName())), array(0, PermissionType::NORMAL, PermissionName::CONTENT_MANAGE_VIRUS_SCAN, 'Virus scan actions', PermissionPeer::getPermissionNameFromPluginName(VirusScanPlugin::getPluginName())), array(0, PermissionType::NORMAL, PermissionName::CONTENT_MANAGE_DOWNLOAD, 'Content download', null), array(0, PermissionType::NORMAL, PermissionName::CONTENT_MANAGE_ANNOTATION, 'Annotate', PermissionPeer::getPermissionNameFromPluginName(AnnotationPlugin::getPluginName())), array(0, PermissionType::NORMAL, PermissionName::CONTENT_MANAGE_SHARE, 'Share content', null), array(0, PermissionType::NORMAL, PermissionName::LIVE_STREAM_ADD, 'Add live streams', PermissionName::FEATURE_LIVE_STREAM), array(0, PermissionType::NORMAL, PermissionName::LIVE_STREAM_UPDATE, 'Modify live streams', PermissionName::FEATURE_LIVE_STREAM), array(0, PermissionType::NORMAL, PermissionName::CONTENT_MODERATE_BASE, 'Basic moderation', null), array(0, PermissionType::NORMAL, PermissionName::CONTENT_MODERATE_METADATA, 'Moderate metadata', null), array(0, PermissionType::NORMAL, PermissionName::CONTENT_MODERATE_CUSTOM_DATA, 'Moderate custom data', PermissionPeer::getPermissionNameFromPluginName(MetadataPlugin::getPluginName())), array(0, PermissionType::NORMAL, PermissionName::CONTENT_MODERATE_APPROVE_REJECT, 'Approve/Reject content', null), array(0, PermissionType::NORMAL, PermissionName::PLAYLIST_BASE, 'Playlist access', null), array(0, PermissionType::NORMAL, PermissionName::PLAYLIST_ADD, 'Add playlists', null), array(0, PermissionType::NORMAL, PermissionName::PLAYLIST_UPDATE, 'Modify playlists', null), array(0, PermissionType::NORMAL, PermissionName::PLAYLIST_DELETE, 'Delete playlists', null), array(0, PermissionType::NORMAL, PermissionName::PLAYLIST_EMBED_CODE, 'Grab playlist embed code', null), array(0, PermissionType::NORMAL, PermissionName::SYNDICATION_BASE, 'Syndication feeds access', null), array(0, PermissionType::NORMAL, PermissionName::SYNDICATION_ADD, 'Create syndication feeds', null), array(0, PermissionType::NORMAL, PermissionName::SYNDICATION_UPDATE, 'Modify syndication feeds', null), array(0, PermissionType::NORMAL, PermissionName::SYNDICATION_DELETE, 'Delete syndication feeds', null), array(0, PermissionType::NORMAL, PermissionName::STUDIO_BASE, 'Appstudio access', null), array(0, PermissionType::NORMAL, PermissionName::STUDIO_ADD_UICONF, 'Create players', null), array(0, PermissionType::NORMAL, PermissionName::STUDIO_UPDATE_UICONF, 'Modify players', null), array(0, PermissionType::NORMAL, PermissionName::STUDIO_DELETE_UICONF, 'Delete players', null), array(0, PermissionType::NORMAL, PermissionName::STUDIO_BRAND_UICONF, 'Set player branding', null), array(0, PermissionType::NORMAL, PermissionName::STUDIO_SELECT_CONTENT, 'Select player content', null), array(0, PermissionType::NORMAL, PermissionName::ADVERTISING_BASE, 'Advertising access', null), array(0, PermissionType::NORMAL, PermissionName::ADVERTISING_UPDATE_SETTINGS, 'Modify advertising settings', null), array(0, PermissionType::NORMAL, PermissionName::ACCOUNT_BASE, 'Account settings access', null), array(0, PermissionType::NORMAL, PermissionName::ACCOUNT_UPDATE_SETTINGS, 'Modify account settings', null), array(0, PermissionType::NORMAL, PermissionName::INTEGRATION_BASE, 'Integration settings access', null), array(0, PermissionType::NORMAL, PermissionName::INTEGRATION_UPDATE_SETTINGS, 'Modify integration settings', null), array(0, PermissionType::NORMAL, PermissionName::ACCESS_CONTROL_BASE, 'Access control profiles access', null), array(0, PermissionType::NORMAL, PermissionName::ACCESS_CONTROL_ADD, 'Create access control profiles', null), array(0, PermissionType::NORMAL, PermissionName::ACCESS_CONTROL_UPDATE, 'Modify access control profiles', null), array(0, PermissionType::NORMAL, PermissionName::ACCESS_CONTROL_DELETE, 'Delete access control profiles', null), array(0, PermissionType::NORMAL, PermissionName::TRANSCODING_BASE, 'Transcoding profiles access', null), array(0, PermissionType::NORMAL, PermissionName::TRANSCODING_ADD, 'Create transcoding profiles', null), array(0, PermissionType::NORMAL, PermissionName::TRANSCODING_UPDATE, 'Modify transcoding profiles', null), array(0, PermissionType::NORMAL, PermissionName::TRANSCODING_DELETE, 'Delete transcoding profiles', null), array(0, PermissionType::NORMAL, PermissionName::CUSTOM_DATA_PROFILE_BASE, 'Custom data access', PermissionPeer::getPermissionNameFromPluginName(MetadataPlugin::getPluginName())), array(0, PermissionType::NORMAL, PermissionName::CUSTOM_DATA_PROFILE_ADD, 'Create custom data', PermissionPeer::getPermissionNameFromPluginName(MetadataPlugin::getPluginName())), array(0, PermissionType::NORMAL, PermissionName::CUSTOM_DATA_PROFILE_UPDATE, 'Modify custom data', PermissionPeer::getPermissionNameFromPluginName(MetadataPlugin::getPluginName())), array(0, PermissionType::NORMAL, PermissionName::CUSTOM_DATA_PROFILE_DELETE, 'Delete custom data', PermissionPeer::getPermissionNameFromPluginName(MetadataPlugin::getPluginName())), array(0, PermissionType::NORMAL, PermissionName::ADMIN_BASE, 'Administration settings access', null), array(0, PermissionType::NORMAL, PermissionName::ADMIN_USER_ADD, 'Add users', null), array(0, PermissionType::NORMAL, PermissionName::ADMIN_USER_UPDATE, 'Modify users', null), array(0, PermissionType::NORMAL, PermissionName::ADMIN_USER_DELETE, 'Delete users', null), array(0, PermissionType::NORMAL, PermissionName::ADMIN_ROLE_ADD, 'Add roles', null), array(0, PermissionType::NORMAL, PermissionName::ADMIN_ROLE_UPDATE, 'Modify roles', null), array(0, PermissionType::NORMAL, PermissionName::ADMIN_ROLE_DELETE, 'Delete roles', null), array(0, PermissionType::NORMAL, PermissionName::ADMIN_PUBLISHER_MANAGE, 'Manage publishers', null), array(0, PermissionType::NORMAL, PermissionName::ADMIN_WHITE_BRANDING, 'Manage whitebranding', null), array(0, PermissionType::NORMAL, PermissionName::ANALYTICS_BASE, 'Analytics access', PermissionName::FEATURE_ANALYTICS_TAB), array(0, PermissionType::NORMAL, PermissionName::WIDGET_ADMIN, 'Widget admin', null), array(0, PermissionType::NORMAL, PermissionName::ANALYTICS_SEND_DATA, 'Send analytics data', null), array(0, PermissionType::NORMAL, PermissionName::WIDGET_ADMIN, 'Widget admin', null), array(0, PermissionType::NORMAL, PermissionName::SEARCH_SERVICE, 'Search service', null), array(0, PermissionType::NORMAL, PermissionName::ANALYTICS_SEND_DATA, 'Send analytics data', null), array(0, PermissionType::NORMAL, PermissionName::AUDIT_TRAIL_BASE, 'Audit trail base', PermissionPeer::getPermissionNameFromPluginName(AuditPlugin::getPluginName())), array(0, PermissionType::NORMAL, PermissionName::AUDIT_TRAIL_ADD, 'Audit trail add', PermissionPeer::getPermissionNameFromPluginName(AuditPlugin::getPluginName())), array(0, PermissionType::NORMAL, PermissionName::KMC_ACCESS, 'KMC access', null), array(0, PermissionType::NORMAL, PermissionName::KMC_READ_ONLY, 'KMC access', PermissionName::KMC_ACCESS), array(0, PermissionType::NORMAL, PermissionName::CUSTOM_DATA_FIELD_ADD, 'Add custom data field', null), array(0, PermissionType::NORMAL, PermissionName::CUSTOM_DATA_FIELD_UPDATE, 'Update custom data field', null), array(0, PermissionType::NORMAL, PermissionName::CUSTOM_DATA_FIELD_DELETE, 'Delete custom data field', null), array(-2, PermissionType::NORMAL, PermissionName::SYSTEM_ADMIN_BASE, 'Base system admin permission', null), array(-2, PermissionType::NORMAL, PermissionName::SYSTEM_ADMIN_PUBLISHER_BASE, 'Base system admin permission', null), array(-2, PermissionType::NORMAL, PermissionName::SYSTEM_ADMIN_PUBLISHER_KMC_ACCESS, 'Base system admin permission', null), array(-2, PermissionType::NORMAL, PermissionName::SYSTEM_ADMIN_PUBLISHER_CONFIG, 'Base system admin permission', null), array(-2, PermissionType::NORMAL, PermissionName::SYSTEM_ADMIN_PUBLISHER_BLOCK, 'Base system admin permission', null), array(-2, PermissionType::NORMAL, PermissionName::SYSTEM_ADMIN_PUBLISHER_REMOVE, 'Base system admin permission', null), array(-2, PermissionType::NORMAL, PermissionName::SYSTEM_ADMIN_PUBLISHER_ADD, 'Base system admin permission', null), array(-2, PermissionType::NORMAL, PermissionName::SYSTEM_ADMIN_PUBLISHER_USAGE, 'Base system admin permission', null), array(-2, PermissionType::NORMAL, PermissionName::SYSTEM_ADMIN_USER_MANAGE, 'Base system admin permission', null), array(-2, PermissionType::NORMAL, PermissionName::SYSTEM_ADMIN_SYSTEM_MONITOR, 'Base system admin permission', null), array(-2, PermissionType::NORMAL, PermissionName::SYSTEM_ADMIN_DEVELOPERS_TAB, 'Base system admin permission', null), array(-2, PermissionType::NORMAL, PermissionName::SYSTEM_ADMIN_BATCH_CONTROL, 'Base system admin permission', null), array(-2, PermissionType::NORMAL, PermissionName::SYSTEM_ADMIN_BATCH_CONTROL_INPROGRESS, 'Base system admin permission', null), array(-2, PermissionType::NORMAL, PermissionName::SYSTEM_ADMIN_BATCH_CONTROL_FAILED, 'Base system admin permission', null), array(-2, PermissionType::NORMAL, PermissionName::SYSTEM_ADMIN_BATCH_CONTROL_SETUP, 'Base system admin permission', null), array(-2, PermissionType::NORMAL, PermissionName::SYSTEM_ADMIN_STORAGE, 'Base system admin permission', null), array(-2, PermissionType::NORMAL, PermissionName::SYSTEM_ADMIN_VIRUS_SCAN, 'Base system admin permission', null), array(-2, PermissionType::NORMAL, PermissionName::SYSTEM_ADMIN_EMAIL_INGESTION, 'Base system admin permission', null), array(-2, PermissionType::NORMAL, PermissionName::SYSTEM_ADMIN_CONTENT_DISTRIBUTION_BASE, 'Base system admin permission', null), array(-2, PermissionType::NORMAL, PermissionName::SYSTEM_ADMIN_CONTENT_DISTRIBUTION_MODIFY, 'Base system admin permission', null), array(-2, PermissionType::NORMAL, PermissionName::SYSTEM_ADMIN_PERMISSIONS_MANAGE, 'Base system admin permission', null), array(-2, PermissionType::NORMAL, PermissionName::SYSTEM_INTERNAL, 'System internal actions', null), array(-2, PermissionType::NORMAL, PermissionName::SYSTEM_ADMIN_ENTRY_INVESTIGATION, 'Entry investigation', null), array(-2, PermissionType::NORMAL, PermissionName::SYSTEM_FILESYNC, 'Filesync actions', null), array(99, PermissionType::SPECIAL_FEATURE, PermissionName::FEATURE_PS2_PERMISSIONS_VALIDATION, 'PS2 permissions validation', null)); //------------------------------------------------------ $allPermissions = array(); foreach ($permissionsData as $data) { $permission = new Permission(); $permission->setPartnerId($data[0]); $permission->setType($data[1]); $permission->setName($data[2]); $permission->setFriendlyName($data[3]); $permission->setDependsOnPermissionNames($data[4]); $permission->setStatus(PermissionStatus::ACTIVE); $allPermissions[] = $permission; } //------------------------------------------------------ foreach ($allPermissions as $permission) { if ($dryRun) { KalturaLog::log('DRY RUN - Adding new permission [' . $permission->getName() . '] to partner [' . $permission->getPartnerId() . ']'); } else { KalturaLog::log('Adding new permission [' . $permission->getName() . '] to partner [' . $permission->getPartnerId() . ']'); $permission->save(); } } $msg = 'Done - ' . ($dryRun ? 'DRY RUN!' : 'REAL RUN!'); KalturaLog::log($msg); echo $msg; //------------------------------------------------------
function addPermissionToPartner($permissionCfg, $partnerId = null) { // init new db permission object if (is_null($partnerId)) { $partnerId = $permissionCfg->partnerId; } PermissionPeer::setUseCriteriaFilter(false); $permission = PermissionPeer::getByNameAndPartner($permissionCfg->name, $partnerId); PermissionPeer::setUseCriteriaFilter(true); if (!$permission) { $permission = new Permission(); } foreach ($permissionCfg as $key => $value) { if ($key == 'partnerPackages') { continue; } $setterCallback = array($permission, "set{$key}"); call_user_func_array($setterCallback, array($value)); } if (!$permission->getFriendlyName()) { $permission->setFriendlyName($permission->getName()); } if ($partnerId != null) { $permission->setPartnerId($partnerId); } $permission->setStatus(PermissionStatus::ACTIVE); // add to database KalturaLog::log('Adding new permission with name [' . $permission->getName() . '] to partner id [' . $permission->getPartnerId() . ']'); try { if ($permission->getId()) { $permission->save(); } else { PermissionPeer::addToPartner($permission, $permission->getPartnerId()); } } catch (kPermissionException $e) { if ($e->getCode() === kPermissionException::PERMISSION_ALREADY_EXISTS) { KalturaLog::log('Permission name [' . $permission->getName() . '] already exists for partner id [' . $permission->getPartnerId() . ']'); } else { throw $e; } } }
public function savePermission(Permission $inPermission) { $database = Database::getInstance(); if (!$database->isConnected()) { return false; } $inName = $database->escapeString(htmlspecialchars(preg_replace('/\\s+/', '', $inPermission->getName()))); $inHumanName = $database->escapeString(htmlspecialchars(strip_tags($inPermission->getHumanName()))); $inDescription = $database->escapeString(htmlspecialchars(strip_tags($inPermission->getDescription()))); if (!$database->updateTable('permission', "permissionName='{$inName}', humanName='{$inHumanName}', permissionDescription='{$inDescription}'", "permissionID={$inPermission->getID()}")) { return false; } return true; }
// live stream $allowedLiveStream = $partner->getFromCustomData("liveEnabled", null, 0); if ($allowedLiveStream) { $livePermission = new Permission(); $livePermission->setPartnerId($partner->getId()); $livePermission->setName(PermissionName::FEATURE_LIVE_STREAM); $livePermission->setFriendlyName('Live stream feature'); $livePermission->setDescription('Permission to use live stream'); $livePermission->setStatus(PermissionStatus::ACTIVE); $livePermission->setType(PermissionType::SPECIAL_FEATURE); $newPermissions[] = $livePermission; } if (!$dryRun) { foreach ($newPermissions as $permission) { KalturaLog::log('SAVING new permission for partner [' . $partner->getId() . ']:'); PermissionPeer::enableForPartner($permission->getName(), $permission->getType(), $partner->getId(), $permission->getFriendlyName(), $permission->getDescription()); KalturaLog::log(print_r($permission, true)); } } else { foreach ($newPermissions as $permission) { KalturaLog::log('DRY RUN ONLY - new permission for partner [' . $partner->getId() . ']:'); KalturaLog::log(print_r($permission, true)); // dry run - no saving! } } file_put_contents($lastPartnerFile, $lastPartner); } $partners = getPartners($lastPartner, $partnerLimitEachLoop); } $msg = 'Done - ' . ($dryRun ? 'DRY RUN!' : 'REAL RUN!'); KalturaLog::log($msg);
$c = new Criteria(); $c->add(UserRolePeer::PERMISSION_NAMES, "%dropFolder.CONTENT_INGEST_DROP_FOLDER_MATCH%", Criteria::LIKE); $c->setLimit($countLimitEachLoop); $userRoles = UserRolePeer::doSelect($c, $con); while (count($userRoles)) { foreach ($userRoles as $userRole) { $partnerId = $userRole->getPartnerId(); PermissionPeer::setUseCriteriaFilter(false); $permission = PermissionPeer::getByNameAndPartner('CONTENT_INGEST_DROP_FOLDER_MATCH', array($partnerId)); PermissionPeer::setUseCriteriaFilter(true); if (!$permission) { $permission = new Permission(); $permission->setName('CONTENT_INGEST_DROP_FOLDER_MATCH'); $permission->setDependsOnPermissionNames('DROPFOLDER_PLUGIN_PERMISSION'); $permission->setType(PermissionType::SPECIAL_FEATURE); $permission->setPartnerId($partnerId); $permission->setStatus(PermissionStatus::ACTIVE); // add to database KalturaLog::log('Adding new permission with name [' . $permission->getName() . '] to partner id [' . $permission->getPartnerId() . ']'); PermissionPeer::addToPartner($permission, $permission->getPartnerId()); } } $c->setOffset($offset); UserRolePeer::clearInstancePool(); $userRoles = UserRolePeer::doSelect($c, $con); $offset += $countLimitEachLoop; sleep(1); } $script = realpath(dirname(__FILE__) . '/../../../../') . '/scripts/utils/permissions/addPermissionsAndItems.php'; $config = realpath(dirname(__FILE__)) . '/../../../../plugins/drop_folder/config/drop_folder_permissions.ini'; passthru("php {$script} {$config}");
/** * Modify a permission a role has by either adding a new one or removing an old one * * @param string|Permission $perm_name The permission to add or remove * @param string $action Whether to "add" or "remove" a permission * * @return bool */ private function modifyPerm($perm_name, $action) { $name = $perm_name instanceof Permission ? $perm_name->getName() : $perm_name; if ($action == "remove" && !$this->hasPerm($name) || $action == "add" && $this->hasPerm($name)) { return false; } $permission = Permission::getPermissionFromName($perm_name); if ($permission->isValid()) { if ($action == "add") { $this->db->execute("INSERT INTO role_permission (role_id, perm_id) VALUES (?, ?)", array($this->getId(), $permission->getId())); $this->permissions[$name] = true; } elseif ($action == "remove") { $this->db->execute("DELETE FROM role_permission WHERE role_id = ? AND perm_id = ? LIMIT 1", array($this->getId(), $permission->getId())); unset($this->permissions[$name]); } return true; } return false; }