function addPermission($permissionCfg)
{
// verify obligatory fields
if (!$permissionCfg->name) {
throw new Exception('Permission name must be set');
}
if (is_null($permissionCfg->partnerId) || $permissionCfg->partnerId === '') {
throw new Exception('Permission partner id must be set');
}
// init new db permission object
$permission = new Permission();
foreach ($permissionCfg as $key => $value) {
$setterCallback = array($permission, "set{$key}");
call_user_func_array($setterCallback, array($value));
}
if (!$permission->getFriendlyName()) {
$permission->setFriendlyName($permission->getName());
}
if (!$permission->getStatus()) {
$permission->setStatus(PermissionStatus::ACTIVE);
}
// add to database
KalturaLog::log('Adding new permission with name [' . $permission->getName() . '] to partner id [' . $permission->getPartnerId() . ']');
try {
PermissionPeer::addToPartner($permission, $permission->getPartnerId());
} catch (kPermissionException $e) {
if ($e->getCode() === kPermissionException::PERMISSION_ALREADY_EXISTS) {
KalturaLog::log('Permission name [' . $permission->getName() . '] already exists for partner id [' . $permission->getPartnerId() . ']');
} else {
throw $e;
}
}
}
public static function enableForPartner($permissionName, $permissionType, $partnerId, $friendlyName = null, $description = null)
{
$permission = new Permission();
$permission->setName($permissionName);
$permission->setFriendlyName($friendlyName ? $friendlyName : $permissionName);
$permission->setDescription($description);
$permission->setType($permissionType);
$permission->setStatus(PermissionStatus::ACTIVE);
try {
// try to add permission
self::addToPartner($permission, $partnerId);
return true;
} catch (kPermissionException $e) {
$code = $e->getCode();
if ($code == kPermissionException::PERMISSION_ALREADY_EXISTS) {
// permission already exists - set status to active
$permission = self::getByNameAndPartner($permissionName, array($partnerId));
if (!$permission) {
throw new kCoreException("Permission [{$permissionName}] not found for partner [{$partnerId}]", kCoreException::INTERNAL_SERVER_ERROR);
}
$permission->setStatus(PermissionStatus::ACTIVE);
$permission->save();
return true;
}
throw $e;
}
throw new kCoreException('Unknown error occured', kCoreException::INTERNAL_SERVER_ERROR);
}
//TODO: change for real run
if ($argc > 1 && $argv[1] == 'realrun') {
$dryRun = false;
}
//------------------------------------------------------
require_once dirname(__FILE__) . '/../../../bootstrap.php';
//------------------------------------------------------
$permissionsData = array(array(-1, PermissionType::NORMAL, PermissionName::BATCH_BASE, 'Batch system permission', null), array(0, PermissionType::NORMAL, PermissionName::USER_SESSION_PERMISSION, 'User session permission', null), array(0, PermissionType::NORMAL, PermissionName::ALWAYS_ALLOWED_ACTIONS, 'No session permission', null), array(0, PermissionType::NORMAL, PermissionName::CONTENT_INGEST_UPLOAD, 'Upload', null), array(0, PermissionType::NORMAL, PermissionName::CONTENT_INGEST_BULK_UPLOAD, 'Bulk upload', null), array(0, PermissionType::NORMAL, PermissionName::CONTENT_INGEST_FEED, 'Feed subscription', null), array(0, PermissionType::NORMAL, PermissionName::CONTENT_MANAGE_MIX, 'Manage remix', null), array(0, PermissionType::NORMAL, PermissionName::CONTENT_MANAGE_BASE, 'Basic content management', null), array(0, PermissionType::NORMAL, PermissionName::CONTENT_MANAGE_METADATA, 'Modify metadata', null), array(0, PermissionType::NORMAL, PermissionName::CONTENT_MANAGE_ASSIGN_CATEGORIES, 'Assign categories', null), array(0, PermissionType::NORMAL, PermissionName::CONTENT_MANAGE_THUMBNAIL, 'Modify thumbnails', null), array(0, PermissionType::NORMAL, PermissionName::CONTENT_MANAGE_SCHEDULE, 'Modify scheduling', null), array(0, PermissionType::NORMAL, PermissionName::CONTENT_MANAGE_ACCESS_CONTROL, 'Modify content access control', null), array(0, PermissionType::NORMAL, PermissionName::CONTENT_MANAGE_CUSTOM_DATA, 'Modify custom data', PermissionPeer::getPermissionNameFromPluginName(MetadataPlugin::getPluginName())), array(0, PermissionType::NORMAL, PermissionName::CONTENT_MANAGE_DELETE, 'Delete content', null), array(0, PermissionType::NORMAL, PermissionName::CONTENT_MANAGE_RECONVERT, 'Reconvert flavors', null), array(0, PermissionType::NORMAL, PermissionName::CONTENT_MANAGE_EDIT_CATEGORIES, 'Manage categories', null), array(0, PermissionType::NORMAL, PermissionName::CONTENT_MANAGE_EMBED_CODE, 'Grab embed code', null), array(0, PermissionType::NORMAL, PermissionName::CONTENT_MANAGE_DISTRIBUTION_BASE, 'Distribution base', PermissionPeer::getPermissionNameFromPluginName(ContentDistributionPlugin::getPluginName())), array(0, PermissionType::NORMAL, PermissionName::CONTENT_MANAGE_DISTRIBUTION_WHERE, 'Where to distribute', PermissionPeer::getPermissionNameFromPluginName(ContentDistributionPlugin::getPluginName())), array(0, PermissionType::NORMAL, PermissionName::CONTENT_MANAGE_DISTRIBUTION_SEND, 'Distribution submit', PermissionPeer::getPermissionNameFromPluginName(ContentDistributionPlugin::getPluginName())), array(0, PermissionType::NORMAL, PermissionName::CONTENT_MANAGE_DISTRIBUTION_REMOVE, 'Distribution remove', PermissionPeer::getPermissionNameFromPluginName(ContentDistributionPlugin::getPluginName())), array(0, PermissionType::NORMAL, PermissionName::CONTENT_MANAGE_DISTRIBUTION_PROFILE_MODIFY, 'Distribution profile manage', PermissionPeer::getPermissionNameFromPluginName(ContentDistributionPlugin::getPluginName())), array(0, PermissionType::NORMAL, PermissionName::CONTENT_MANAGE_VIRUS_SCAN, 'Virus scan actions', PermissionPeer::getPermissionNameFromPluginName(VirusScanPlugin::getPluginName())), array(0, PermissionType::NORMAL, PermissionName::CONTENT_MANAGE_DOWNLOAD, 'Content download', null), array(0, PermissionType::NORMAL, PermissionName::CONTENT_MANAGE_ANNOTATION, 'Annotate', PermissionPeer::getPermissionNameFromPluginName(AnnotationPlugin::getPluginName())), array(0, PermissionType::NORMAL, PermissionName::CONTENT_MANAGE_SHARE, 'Share content', null), array(0, PermissionType::NORMAL, PermissionName::LIVE_STREAM_ADD, 'Add live streams', PermissionName::FEATURE_LIVE_STREAM), array(0, PermissionType::NORMAL, PermissionName::LIVE_STREAM_UPDATE, 'Modify live streams', PermissionName::FEATURE_LIVE_STREAM), array(0, PermissionType::NORMAL, PermissionName::CONTENT_MODERATE_BASE, 'Basic moderation', null), array(0, PermissionType::NORMAL, PermissionName::CONTENT_MODERATE_METADATA, 'Moderate metadata', null), array(0, PermissionType::NORMAL, PermissionName::CONTENT_MODERATE_CUSTOM_DATA, 'Moderate custom data', PermissionPeer::getPermissionNameFromPluginName(MetadataPlugin::getPluginName())), array(0, PermissionType::NORMAL, PermissionName::CONTENT_MODERATE_APPROVE_REJECT, 'Approve/Reject content', null), array(0, PermissionType::NORMAL, PermissionName::PLAYLIST_BASE, 'Playlist access', null), array(0, PermissionType::NORMAL, PermissionName::PLAYLIST_ADD, 'Add playlists', null), array(0, PermissionType::NORMAL, PermissionName::PLAYLIST_UPDATE, 'Modify playlists', null), array(0, PermissionType::NORMAL, PermissionName::PLAYLIST_DELETE, 'Delete playlists', null), array(0, PermissionType::NORMAL, PermissionName::PLAYLIST_EMBED_CODE, 'Grab playlist embed code', null), array(0, PermissionType::NORMAL, PermissionName::SYNDICATION_BASE, 'Syndication feeds access', null), array(0, PermissionType::NORMAL, PermissionName::SYNDICATION_ADD, 'Create syndication feeds', null), array(0, PermissionType::NORMAL, PermissionName::SYNDICATION_UPDATE, 'Modify syndication feeds', null), array(0, PermissionType::NORMAL, PermissionName::SYNDICATION_DELETE, 'Delete syndication feeds', null), array(0, PermissionType::NORMAL, PermissionName::STUDIO_BASE, 'Appstudio access', null), array(0, PermissionType::NORMAL, PermissionName::STUDIO_ADD_UICONF, 'Create players', null), array(0, PermissionType::NORMAL, PermissionName::STUDIO_UPDATE_UICONF, 'Modify players', null), array(0, PermissionType::NORMAL, PermissionName::STUDIO_DELETE_UICONF, 'Delete players', null), array(0, PermissionType::NORMAL, PermissionName::STUDIO_BRAND_UICONF, 'Set player branding', null), array(0, PermissionType::NORMAL, PermissionName::STUDIO_SELECT_CONTENT, 'Select player content', null), array(0, PermissionType::NORMAL, PermissionName::ADVERTISING_BASE, 'Advertising access', null), array(0, PermissionType::NORMAL, PermissionName::ADVERTISING_UPDATE_SETTINGS, 'Modify advertising settings', null), array(0, PermissionType::NORMAL, PermissionName::ACCOUNT_BASE, 'Account settings access', null), array(0, PermissionType::NORMAL, PermissionName::ACCOUNT_UPDATE_SETTINGS, 'Modify account settings', null), array(0, PermissionType::NORMAL, PermissionName::INTEGRATION_BASE, 'Integration settings access', null), array(0, PermissionType::NORMAL, PermissionName::INTEGRATION_UPDATE_SETTINGS, 'Modify integration settings', null), array(0, PermissionType::NORMAL, PermissionName::ACCESS_CONTROL_BASE, 'Access control profiles access', null), array(0, PermissionType::NORMAL, PermissionName::ACCESS_CONTROL_ADD, 'Create access control profiles', null), array(0, PermissionType::NORMAL, PermissionName::ACCESS_CONTROL_UPDATE, 'Modify access control profiles', null), array(0, PermissionType::NORMAL, PermissionName::ACCESS_CONTROL_DELETE, 'Delete access control profiles', null), array(0, PermissionType::NORMAL, PermissionName::TRANSCODING_BASE, 'Transcoding profiles access', null), array(0, PermissionType::NORMAL, PermissionName::TRANSCODING_ADD, 'Create transcoding profiles', null), array(0, PermissionType::NORMAL, PermissionName::TRANSCODING_UPDATE, 'Modify transcoding profiles', null), array(0, PermissionType::NORMAL, PermissionName::TRANSCODING_DELETE, 'Delete transcoding profiles', null), array(0, PermissionType::NORMAL, PermissionName::CUSTOM_DATA_PROFILE_BASE, 'Custom data access', PermissionPeer::getPermissionNameFromPluginName(MetadataPlugin::getPluginName())), array(0, PermissionType::NORMAL, PermissionName::CUSTOM_DATA_PROFILE_ADD, 'Create custom data', PermissionPeer::getPermissionNameFromPluginName(MetadataPlugin::getPluginName())), array(0, PermissionType::NORMAL, PermissionName::CUSTOM_DATA_PROFILE_UPDATE, 'Modify custom data', PermissionPeer::getPermissionNameFromPluginName(MetadataPlugin::getPluginName())), array(0, PermissionType::NORMAL, PermissionName::CUSTOM_DATA_PROFILE_DELETE, 'Delete custom data', PermissionPeer::getPermissionNameFromPluginName(MetadataPlugin::getPluginName())), array(0, PermissionType::NORMAL, PermissionName::ADMIN_BASE, 'Administration settings access', null), array(0, PermissionType::NORMAL, PermissionName::ADMIN_USER_ADD, 'Add users', null), array(0, PermissionType::NORMAL, PermissionName::ADMIN_USER_UPDATE, 'Modify users', null), array(0, PermissionType::NORMAL, PermissionName::ADMIN_USER_DELETE, 'Delete users', null), array(0, PermissionType::NORMAL, PermissionName::ADMIN_ROLE_ADD, 'Add roles', null), array(0, PermissionType::NORMAL, PermissionName::ADMIN_ROLE_UPDATE, 'Modify roles', null), array(0, PermissionType::NORMAL, PermissionName::ADMIN_ROLE_DELETE, 'Delete roles', null), array(0, PermissionType::NORMAL, PermissionName::ADMIN_PUBLISHER_MANAGE, 'Manage publishers', null), array(0, PermissionType::NORMAL, PermissionName::ADMIN_WHITE_BRANDING, 'Manage whitebranding', null), array(0, PermissionType::NORMAL, PermissionName::ANALYTICS_BASE, 'Analytics access', PermissionName::FEATURE_ANALYTICS_TAB), array(0, PermissionType::NORMAL, PermissionName::WIDGET_ADMIN, 'Widget admin', null), array(0, PermissionType::NORMAL, PermissionName::ANALYTICS_SEND_DATA, 'Send analytics data', null), array(0, PermissionType::NORMAL, PermissionName::WIDGET_ADMIN, 'Widget admin', null), array(0, PermissionType::NORMAL, PermissionName::SEARCH_SERVICE, 'Search service', null), array(0, PermissionType::NORMAL, PermissionName::ANALYTICS_SEND_DATA, 'Send analytics data', null), array(0, PermissionType::NORMAL, PermissionName::AUDIT_TRAIL_BASE, 'Audit trail base', PermissionPeer::getPermissionNameFromPluginName(AuditPlugin::getPluginName())), array(0, PermissionType::NORMAL, PermissionName::AUDIT_TRAIL_ADD, 'Audit trail add', PermissionPeer::getPermissionNameFromPluginName(AuditPlugin::getPluginName())), array(0, PermissionType::NORMAL, PermissionName::KMC_ACCESS, 'KMC access', null), array(0, PermissionType::NORMAL, PermissionName::KMC_READ_ONLY, 'KMC access', PermissionName::KMC_ACCESS), array(0, PermissionType::NORMAL, PermissionName::CUSTOM_DATA_FIELD_ADD, 'Add custom data field', null), array(0, PermissionType::NORMAL, PermissionName::CUSTOM_DATA_FIELD_UPDATE, 'Update custom data field', null), array(0, PermissionType::NORMAL, PermissionName::CUSTOM_DATA_FIELD_DELETE, 'Delete custom data field', null), array(-2, PermissionType::NORMAL, PermissionName::SYSTEM_ADMIN_BASE, 'Base system admin permission', null), array(-2, PermissionType::NORMAL, PermissionName::SYSTEM_ADMIN_PUBLISHER_BASE, 'Base system admin permission', null), array(-2, PermissionType::NORMAL, PermissionName::SYSTEM_ADMIN_PUBLISHER_KMC_ACCESS, 'Base system admin permission', null), array(-2, PermissionType::NORMAL, PermissionName::SYSTEM_ADMIN_PUBLISHER_CONFIG, 'Base system admin permission', null), array(-2, PermissionType::NORMAL, PermissionName::SYSTEM_ADMIN_PUBLISHER_BLOCK, 'Base system admin permission', null), array(-2, PermissionType::NORMAL, PermissionName::SYSTEM_ADMIN_PUBLISHER_REMOVE, 'Base system admin permission', null), array(-2, PermissionType::NORMAL, PermissionName::SYSTEM_ADMIN_PUBLISHER_ADD, 'Base system admin permission', null), array(-2, PermissionType::NORMAL, PermissionName::SYSTEM_ADMIN_PUBLISHER_USAGE, 'Base system admin permission', null), array(-2, PermissionType::NORMAL, PermissionName::SYSTEM_ADMIN_USER_MANAGE, 'Base system admin permission', null), array(-2, PermissionType::NORMAL, PermissionName::SYSTEM_ADMIN_SYSTEM_MONITOR, 'Base system admin permission', null), array(-2, PermissionType::NORMAL, PermissionName::SYSTEM_ADMIN_DEVELOPERS_TAB, 'Base system admin permission', null), array(-2, PermissionType::NORMAL, PermissionName::SYSTEM_ADMIN_BATCH_CONTROL, 'Base system admin permission', null), array(-2, PermissionType::NORMAL, PermissionName::SYSTEM_ADMIN_BATCH_CONTROL_INPROGRESS, 'Base system admin permission', null), array(-2, PermissionType::NORMAL, PermissionName::SYSTEM_ADMIN_BATCH_CONTROL_FAILED, 'Base system admin permission', null), array(-2, PermissionType::NORMAL, PermissionName::SYSTEM_ADMIN_BATCH_CONTROL_SETUP, 'Base system admin permission', null), array(-2, PermissionType::NORMAL, PermissionName::SYSTEM_ADMIN_STORAGE, 'Base system admin permission', null), array(-2, PermissionType::NORMAL, PermissionName::SYSTEM_ADMIN_VIRUS_SCAN, 'Base system admin permission', null), array(-2, PermissionType::NORMAL, PermissionName::SYSTEM_ADMIN_EMAIL_INGESTION, 'Base system admin permission', null), array(-2, PermissionType::NORMAL, PermissionName::SYSTEM_ADMIN_CONTENT_DISTRIBUTION_BASE, 'Base system admin permission', null), array(-2, PermissionType::NORMAL, PermissionName::SYSTEM_ADMIN_CONTENT_DISTRIBUTION_MODIFY, 'Base system admin permission', null), array(-2, PermissionType::NORMAL, PermissionName::SYSTEM_ADMIN_PERMISSIONS_MANAGE, 'Base system admin permission', null), array(-2, PermissionType::NORMAL, PermissionName::SYSTEM_INTERNAL, 'System internal actions', null), array(-2, PermissionType::NORMAL, PermissionName::SYSTEM_ADMIN_ENTRY_INVESTIGATION, 'Entry investigation', null), array(-2, PermissionType::NORMAL, PermissionName::SYSTEM_FILESYNC, 'Filesync actions', null), array(99, PermissionType::SPECIAL_FEATURE, PermissionName::FEATURE_PS2_PERMISSIONS_VALIDATION, 'PS2 permissions validation', null));
//------------------------------------------------------
$allPermissions = array();
foreach ($permissionsData as $data) {
$permission = new Permission();
$permission->setPartnerId($data[0]);
$permission->setType($data[1]);
$permission->setName($data[2]);
$permission->setFriendlyName($data[3]);
$permission->setDependsOnPermissionNames($data[4]);
$permission->setStatus(PermissionStatus::ACTIVE);
$allPermissions[] = $permission;
}
//------------------------------------------------------
foreach ($allPermissions as $permission) {
if ($dryRun) {
KalturaLog::log('DRY RUN - Adding new permission [' . $permission->getName() . '] to partner [' . $permission->getPartnerId() . ']');
} else {
KalturaLog::log('Adding new permission [' . $permission->getName() . '] to partner [' . $permission->getPartnerId() . ']');
$permission->save();
}
}
$msg = 'Done - ' . ($dryRun ? 'DRY RUN!' : 'REAL RUN!');
KalturaLog::log($msg);
function addPermissionToPartner($permissionCfg, $partnerId = null)
{
// init new db permission object
if (is_null($partnerId)) {
$partnerId = $permissionCfg->partnerId;
}
PermissionPeer::setUseCriteriaFilter(false);
$permission = PermissionPeer::getByNameAndPartner($permissionCfg->name, $partnerId);
PermissionPeer::setUseCriteriaFilter(true);
if (!$permission) {
$permission = new Permission();
}
foreach ($permissionCfg as $key => $value) {
if ($key == 'partnerPackages') {
continue;
}
$setterCallback = array($permission, "set{$key}");
call_user_func_array($setterCallback, array($value));
}
if (!$permission->getFriendlyName()) {
$permission->setFriendlyName($permission->getName());
}
if ($partnerId != null) {
$permission->setPartnerId($partnerId);
}
$permission->setStatus(PermissionStatus::ACTIVE);
// add to database
KalturaLog::log('Adding new permission with name [' . $permission->getName() . '] to partner id [' . $permission->getPartnerId() . ']');
try {
if ($permission->getId()) {
$permission->save();
} else {
PermissionPeer::addToPartner($permission, $permission->getPartnerId());
}
} catch (kPermissionException $e) {
if ($e->getCode() === kPermissionException::PERMISSION_ALREADY_EXISTS) {
KalturaLog::log('Permission name [' . $permission->getName() . '] already exists for partner id [' . $permission->getPartnerId() . ']');
} else {
throw $e;
}
}
}
/**
* Copy current permission to the given partner.
* @param int $partnerId
*/
public function copyToPartner($partnerId)
{
$permission = new Permission();
$permission->setName($this->getName());
$permission->setFriendlyName($this->getFriendlyName());
$permission->setDescription($this->getDescription());
$permission->setStatus($this->getStatus());
$permission->setTags($this->getTags());
$permission->setType($this->getType());
$permission->setCustomData($this->getCustomData());
$permission->setPartnerId($partnerId);
// set new partner id
return $permission;
}
/**
* Create a special partner group permission for given partner id, or get an existing one
* @param int $partnerId
* @param string $partnerGroup
*/
function getOrCreatePartnerGroupPermission($partnerId, $partnerGroup)
{
$permissionName = 'PARTNER_' . $partnerId . '_GROUP_' . $partnerGroup . '_PERMISSION';
PermissionPeer::clearInstancePool();
$c = new Criteria();
$c->addAnd(PermissionPeer::PARTNER_ID, $partnerId, Criteria::EQUAL);
$c->addAnd(PermissionPeer::NAME, $permissionName, Criteria::EQUAL);
$c->addAnd(PermissionPeer::TYPE, PermissionType::PARTNER_GROUP, Criteria::EQUAL);
$permission = PermissionPeer::doSelectOne($c);
if (!$permission) {
// create permission if not yet created
$permission = new Permission();
$permission->setPartnerId($partnerId);
$permission->setName($permissionName);
$permission->setFriendlyName('Partner ' . $partnerId . ' permission for group ' . $partnerGroup);
$permission->setDescription('Partner ' . $partnerId . ' permission for group ' . $partnerGroup);
$permission->setType(PermissionType::PARTNER_GROUP);
$permission->setPartnerGroup($partnerGroup);
$permission->setStatus(PermissionStatus::ACTIVE);
$permission->save();
} else {
if ($permission->getPartnerGroup() != $partnerGroup) {
$msg = '***** ERROR - Permission id [' . $permission->getId() . '] partner group [' . $permission->getPartnerGroup() . '] is different from the required partner group [' . $partnerGroup . ']';
KalturaLog::alert($msg);
echo $msg . PHP_EOL;
}
}
return $permission;
}
$players508Permission = new Permission();
$players508Permission->setPartnerId($partner->getId());
$players508Permission->setName(PermissionName::FEATURE_508_PLAYERS);
$players508Permission->setFriendlyName('508 players feature');
$players508Permission->setDescription('Permission to use 508 players');
$players508Permission->setStatus(PermissionStatus::ACTIVE);
$players508Permission->setType(PermissionType::SPECIAL_FEATURE);
$newPermissions[] = $players508Permission;
}
// live stream
$allowedLiveStream = $partner->getFromCustomData("liveEnabled", null, 0);
if ($allowedLiveStream) {
$livePermission = new Permission();
$livePermission->setPartnerId($partner->getId());
$livePermission->setName(PermissionName::FEATURE_LIVE_STREAM);
$livePermission->setFriendlyName('Live stream feature');
$livePermission->setDescription('Permission to use live stream');
$livePermission->setStatus(PermissionStatus::ACTIVE);
$livePermission->setType(PermissionType::SPECIAL_FEATURE);
$newPermissions[] = $livePermission;
}
if (!$dryRun) {
foreach ($newPermissions as $permission) {
KalturaLog::log('SAVING new permission for partner [' . $partner->getId() . ']:');
PermissionPeer::enableForPartner($permission->getName(), $permission->getType(), $partner->getId(), $permission->getFriendlyName(), $permission->getDescription());
KalturaLog::log(print_r($permission, true));
}
} else {
foreach ($newPermissions as $permission) {
KalturaLog::log('DRY RUN ONLY - new permission for partner [' . $partner->getId() . ']:');
KalturaLog::log(print_r($permission, true));
