public function getListResponse(KalturaFilterPager $pager, KalturaDetachedResponseProfile $responseProfile = null)
{
$permissionItemFilter = $this->toObject();
$c = new Criteria();
$permissionItemFilter->attachToCriteria($c);
$count = PermissionItemPeer::doCount($c);
$pager->attachToCriteria($c);
$list = PermissionItemPeer::doSelect($c);
$response = new KalturaPermissionItemListResponse();
$response->objects = KalturaPermissionItemArray::fromDbArray($list, $responseProfile);
$response->totalCount = $count;
return $response;
}
/**
* Cleans up the environment after running a test.
*/
protected function tearDown()
{
UserRolePeer::clearInstancePool();
PermissionPeer::clearInstancePool();
PermissionItemPeer::clearInstancePool();
kuserPeer::clearInstancePool();
PartnerPeer::clearInstancePool();
$this->client = null;
PermissionItemPeer::setUseCriteriaFilter(false);
foreach ($this->addedPermissionItemIds as $id) {
try {
$obj = PermissionItemPeer::retrieveByPK($id);
if ($obj) {
$obj->delete();
}
} catch (PropelException $e) {
}
}
PermissionItemPeer::setUseCriteriaFilter(true);
$this->addedPermissionItemIds = array();
parent::tearDown();
}
/**
* Retrieve multiple objects by pkey.
*
* @param array $pks List of primary keys
* @param PropelPDO $con the connection to use
* @throws PropelException Any exceptions caught during processing will be
* rethrown wrapped into a PropelException.
*/
public static function retrieveByPKs($pks, PropelPDO $con = null)
{
$objs = null;
if (empty($pks)) {
$objs = array();
} else {
$criteria = new Criteria(PermissionItemPeer::DATABASE_NAME);
$criteria->add(PermissionItemPeer::ID, $pks, Criteria::IN);
$objs = PermissionItemPeer::doSelect($criteria, $con);
}
return $objs;
}
$permissions[] = $permissionName;
}
$permissions = implode(', ', $permissions);
fputs($file, "permissionItem{$currentIndex}.permissions = {$permissions}\n");
fputs($file, "\n");
}
if ($file) {
fclose($file);
}
kMemoryManager::clearMemory();
$criteria = new Criteria();
$criteria->add(PermissionItemPeer::PARTNER_ID, array(0, -1, -2, -3), Criteria::IN);
$criteria->add(PermissionItemPeer::TYPE, PermissionItemType::API_PARAMETER_ITEM);
$criteria->addAscendingOrderByColumn(PermissionItemPeer::PARAM_1);
$criteria->addAscendingOrderByColumn(PermissionItemPeer::PARAM_2);
$permissionItems = PermissionItemPeer::doSelect($criteria);
KalturaLog::debug("Found [" . count($permissionItems) . "] parameter permission items");
$file = null;
$currentIndex = null;
$currentObject = null;
foreach ($permissionItems as $parameterPermissionItem) {
/* @var $parameterPermissionItem kApiParameterPermissionItem */
$object = $parameterPermissionItem->getObject();
$parameter = $parameterPermissionItem->getParameter();
$action = $parameterPermissionItem->getAction();
$partnerId = $parameterPermissionItem->getPartnerId();
$param4 = $parameterPermissionItem->getParam4();
$param5 = $parameterPermissionItem->getParam5();
$tags = $parameterPermissionItem->getTags();
if ($object != $currentObject) {
if ($file) {
/**
* @return array Array of permission item objects associated with the current permission
*/
public function getPermissionItems()
{
$ids = $this->getPermissionItemIds();
$c = new Criteria();
$c->add(PermissionItemPeer::ID, $ids, Criteria::IN);
$items = PermissionItemPeer::doSelect($c);
return $items;
}
<?php
/**
* @package deployment
* @subpackage dragonfly.roles_and_permissions
*
* Adds basic API object parameters that require permissions, to their associated permissions.
*
* Delete from permission_to_permission_item where type = 'kApiParameterPermissionItem' to re-deploy
*/
//-- Bootstraping
error_reporting(E_ALL);
require_once dirname(__FILE__) . '/../../../bootstrap.php';
require_once ROOT_DIR . '/api_v3/bootstrap.php';
PermissionPeer::clearInstancePool();
PermissionItemPeer::clearInstancePool();
//-- Script start
// define all items
$permissionItems = array(array('object' => 'KalturaBaseEntry', 'parameter' => 'startDate', 'action' => ApiParameterPermissionItemAction::INSERT, 'permission' => PermissionName::CONTENT_MANAGE_SCHEDULE), array('object' => 'KalturaBaseEntry', 'parameter' => 'startDate', 'action' => ApiParameterPermissionItemAction::UPDATE, 'permission' => PermissionName::CONTENT_MANAGE_SCHEDULE), array('object' => 'KalturaBaseEntry', 'parameter' => 'endDate', 'action' => ApiParameterPermissionItemAction::INSERT, 'permission' => PermissionName::CONTENT_MANAGE_SCHEDULE), array('object' => 'KalturaBaseEntry', 'parameter' => 'endDate', 'action' => ApiParameterPermissionItemAction::UPDATE, 'permission' => PermissionName::CONTENT_MANAGE_SCHEDULE), array('object' => 'KalturaBaseEntry', 'parameter' => 'accessControlId', 'action' => ApiParameterPermissionItemAction::INSERT, 'permission' => PermissionName::CONTENT_MANAGE_ACCESS_CONTROL), array('object' => 'KalturaBaseEntry', 'parameter' => 'accessControlId', 'action' => ApiParameterPermissionItemAction::UPDATE, 'permission' => PermissionName::CONTENT_MANAGE_ACCESS_CONTROL), array('object' => 'KalturaBaseEntry', 'parameter' => 'categories', 'action' => ApiParameterPermissionItemAction::INSERT, 'permission' => PermissionName::CONTENT_MANAGE_ASSIGN_CATEGORIES . ',' . PermissionName::USER_SESSION_PERMISSION), array('object' => 'KalturaBaseEntry', 'parameter' => 'categories', 'action' => ApiParameterPermissionItemAction::UPDATE, 'permission' => PermissionName::CONTENT_MANAGE_ASSIGN_CATEGORIES . ',' . PermissionName::USER_SESSION_PERMISSION), array('object' => 'KalturaBaseEntry', 'parameter' => 'categoriesIds', 'action' => ApiParameterPermissionItemAction::INSERT, 'permission' => PermissionName::CONTENT_MANAGE_ASSIGN_CATEGORIES . ',' . PermissionName::USER_SESSION_PERMISSION), array('object' => 'KalturaBaseEntry', 'parameter' => 'categoriesIds', 'action' => ApiParameterPermissionItemAction::UPDATE, 'permission' => PermissionName::CONTENT_MANAGE_ASSIGN_CATEGORIES . ',' . PermissionName::USER_SESSION_PERMISSION), array('object' => 'KalturaBaseEntry', 'parameter' => 'name', 'action' => ApiParameterPermissionItemAction::UPDATE, 'permission' => PermissionName::CONTENT_MANAGE_METADATA . ',' . PermissionName::USER_SESSION_PERMISSION . ',' . PermissionName::CONTENT_MODERATE_METADATA), array('object' => 'KalturaBaseEntry', 'parameter' => 'tags', 'action' => ApiParameterPermissionItemAction::UPDATE, 'permission' => PermissionName::CONTENT_MANAGE_METADATA . ',' . PermissionName::USER_SESSION_PERMISSION . ',' . PermissionName::CONTENT_MODERATE_METADATA), array('object' => 'KalturaBaseEntry', 'parameter' => 'description', 'action' => ApiParameterPermissionItemAction::UPDATE, 'permission' => PermissionName::CONTENT_MANAGE_METADATA . ',' . PermissionName::USER_SESSION_PERMISSION . ',' . PermissionName::CONTENT_MODERATE_METADATA), array('object' => 'KalturaLiveStreamAdminEntry', 'parameter' => kApiParameterPermissionItem::ALL_VALUES_IDENTIFIER, 'action' => ApiParameterPermissionItemAction::READ, 'permission' => PermissionName::CONTENT_MANAGE_BASE), array('object' => 'KalturaLiveStreamAdminEntry', 'parameter' => kApiParameterPermissionItem::ALL_VALUES_IDENTIFIER, 'action' => ApiParameterPermissionItemAction::INSERT, 'permission' => PermissionName::CONTENT_MANAGE_BASE), array('object' => 'KalturaLiveStreamAdminEntry', 'parameter' => kApiParameterPermissionItem::ALL_VALUES_IDENTIFIER, 'action' => ApiParameterPermissionItemAction::UPDATE, 'permission' => PermissionName::CONTENT_MANAGE_BASE), array('object' => 'KalturaPartner', 'parameter' => 'secret', 'action' => ApiParameterPermissionItemAction::READ, 'permission' => PermissionName::INTEGRATION_BASE), array('object' => 'KalturaPartner', 'parameter' => 'adminSecret', 'action' => ApiParameterPermissionItemAction::READ, 'permission' => PermissionName::INTEGRATION_BASE));
// add all to required permissions
foreach ($permissionItems as $cur) {
$item = new kApiParameterPermissionItem();
$item->setObject($cur['object']);
$item->setParameter($cur['parameter']);
$item->setAction($cur['action']);
$item->setPartnerId(PartnerPeer::GLOBAL_PARTNER);
$item->save();
$permissions = $cur['permission'];
$permissions = explode(',', $permissions);
foreach ($permissions as $permissionName) {
if (!$permissionName) {
/**
* Get the associated PermissionItem object
*
* @param PropelPDO Optional Connection object.
* @return PermissionItem The associated PermissionItem object.
* @throws PropelException
*/
public function getPermissionItem(PropelPDO $con = null)
{
if ($this->aPermissionItem === null && $this->permission_item_id !== null) {
$this->aPermissionItem = PermissionItemPeer::retrieveByPk($this->permission_item_id);
/* The following can be used additionally to
guarantee the related object contains a reference
to this object. This level of coupling may, however, be
undesirable since it could result in an only partially populated collection
in the referenced object.
$this->aPermissionItem->addPermissionToPermissionItems($this);
*/
}
return $this->aPermissionItem;
}
echo $msg . PHP_EOL;
continue;
}
// skip action if set with ticket type N (blocked)
if (in_array(BLOCKED_TICKET_TYPE, $ticketTypes)) {
$msg = '***** NOTICE - Action [' . $serviceActionName . '] is set with ticket type N (blocked) -> skipping!';
KalturaLog::notice($msg);
echo $msg . PHP_EOL;
continue;
}
foreach ($partners as $partner) {
$c = new Criteria();
$c->addAnd(kApiActionPermissionItem::SERVICE_COLUMN_NAME, $serviceId, Criteria::EQUAL);
$c->addAnd(kApiActionPermissionItem::ACTION_COLUMN_NAME, $actionName, Criteria::EQUAL);
$c->addAnd(PermissionItemPeer::PARTNER_ID, array(PartnerPeer::GLOBAL_PARTNER, $partner->getId()), Criteria::IN);
$permissionItem = PermissionItemPeer::doSelectOne($c);
if (!$permissionItem) {
$msg = '***** ERROR - Permission item for service [' . $serviceId . '] action [' . $actionName . '] not found in DB!';
KalturaLog::alert($msg);
echo $msg . PHP_EOL;
continue;
}
// check if a special ticket type was set for the action which is different from the basic system ticket types
if (in_array(USER_KS_TICKET_TYPE, $ticketTypes) && !in_array($permissionItem->getId(), $userSessionPermissionItemIds)) {
// ticket type 1 set - add a special user KS permission to all relevant partners and add current permission item to it
$userKsRole = getOrCreateUserSessionRole($partner->getId());
$userKsPermission = getOrCreateSessionPermission($partner->getId(), 'user');
$userKsPermission->addPermissionItem($permissionItem->getId(), true);
$userKsRole->setPermissionNames(PermissionName::USER_SESSION_PERMISSION . ',' . $userKsPermission->getName());
$partner->setUserSessionRoleId($userKsRole->getId());
$partner->save();
public function getFieldNameFromPeer($field_name)
{
$res = PermissionItemPeer::translateFieldName($field_name, $this->field_name_translation_type, BasePeer::TYPE_COLNAME);
return $res;
}
/**
* Builds a Criteria object containing the primary key for this object.
*
* Unlike buildCriteria() this method includes the primary key values regardless
* of whether or not they have been modified.
*
* @return Criteria The Criteria object containing value(s) for primary key(s).
*/
public function buildPkeyCriteria()
{
$criteria = new Criteria(PermissionItemPeer::DATABASE_NAME);
$criteria->add(PermissionItemPeer::ID, $this->id);
if ($this->alreadyInSave && count($this->modifiedColumns) == 2 && $this->isColumnModified(PermissionItemPeer::UPDATED_AT)) {
$theModifiedColumn = null;
foreach ($this->modifiedColumns as $modifiedColumn) {
if ($modifiedColumn != PermissionItemPeer::UPDATED_AT) {
$theModifiedColumn = $modifiedColumn;
}
}
$atomicColumns = PermissionItemPeer::getAtomicColumns();
if (in_array($theModifiedColumn, $atomicColumns)) {
$criteria->add($theModifiedColumn, $this->getByName($theModifiedColumn, BasePeer::TYPE_COLNAME), Criteria::NOT_EQUAL);
}
}
return $criteria;
}
public static function clearMemory()
{
accessControlPeer::clearInstancePool();
kuserPeer::clearInstancePool();
kshowPeer::clearInstancePool();
entryPeer::clearInstancePool();
// kvotePeer::clearInstancePool();
// commentPeer::clearInstancePool();
// flagPeer::clearInstancePool();
// favoritePeer::clearInstancePool();
// KshowKuserPeer::clearInstancePool();
// MailJobPeer::clearInstancePool();
SchedulerPeer::clearInstancePool();
SchedulerWorkerPeer::clearInstancePool();
SchedulerStatusPeer::clearInstancePool();
SchedulerConfigPeer::clearInstancePool();
ControlPanelCommandPeer::clearInstancePool();
BatchJobPeer::clearInstancePool();
// PriorityGroupPeer::clearInstancePool();
BulkUploadResultPeer::clearInstancePool();
// blockedEmailPeer::clearInstancePool();
// conversionPeer::clearInstancePool();
// flickrTokenPeer::clearInstancePool();
PuserKuserPeer::clearInstancePool();
// PuserRolePeer::clearInstancePool();
PartnerPeer::clearInstancePool();
// WidgetLogPeer::clearInstancePool();
// adminKuserPeer::clearInstancePool();
// notificationPeer::clearInstancePool();
moderationPeer::clearInstancePool();
moderationFlagPeer::clearInstancePool();
roughcutEntryPeer::clearInstancePool();
// widgetPeer::clearInstancePool();
uiConfPeer::clearInstancePool();
// PartnerStatsPeer::clearInstancePool();
// PartnerActivityPeer::clearInstancePool();
ConversionProfilePeer::clearInstancePool();
// ConversionParamsPeer::clearInstancePool();
// KceInstallationErrorPeer::clearInstancePool();
FileSyncPeer::clearInstancePool();
accessControlPeer::clearInstancePool();
mediaInfoPeer::clearInstancePool();
assetParamsPeer::clearInstancePool();
assetParamsOutputPeer::clearInstancePool();
assetPeer::clearInstancePool();
conversionProfile2Peer::clearInstancePool();
flavorParamsConversionProfilePeer::clearInstancePool();
categoryPeer::clearInstancePool();
syndicationFeedPeer::clearInstancePool();
TrackEntryPeer::clearInstancePool();
// SystemUserPeer::clearInstancePool();
StorageProfilePeer::clearInstancePool();
// EmailIngestionProfilePeer::clearInstancePool();
UploadTokenPeer::clearInstancePool();
// invalidSessionPeer::clearInstancePool();
DynamicEnumPeer::clearInstancePool();
UserLoginDataPeer::clearInstancePool();
PermissionPeer::clearInstancePool();
UserRolePeer::clearInstancePool();
PermissionItemPeer::clearInstancePool();
PermissionToPermissionItemPeer::clearInstancePool();
KuserToUserRolePeer::clearInstancePool();
$pluginInstances = KalturaPluginManager::getPluginInstances('IKalturaMemoryCleaner');
foreach ($pluginInstances as $pluginInstance) {
$pluginInstance->cleanMemory();
}
if (function_exists('gc_collect_cycles')) {
// php 5.3 and above
gc_collect_cycles();
}
}
/**
* Selects a collection of PermissionToPermissionItem objects pre-filled with all related objects except Permission.
*
* @param Criteria $criteria
* @param PropelPDO $con
* @param String $join_behavior the type of joins to use, defaults to Criteria::LEFT_JOIN
* @return array Array of PermissionToPermissionItem objects.
* @throws PropelException Any exceptions caught during processing will be
* rethrown wrapped into a PropelException.
*/
public static function doSelectJoinAllExceptPermission(Criteria $criteria, $con = null, $join_behavior = Criteria::LEFT_JOIN)
{
$criteria = clone $criteria;
// Set the correct dbName if it has not been overridden
// $criteria->getDbName() will return the same object if not set to another value
// so == check is okay and faster
if ($criteria->getDbName() == Propel::getDefaultDB()) {
$criteria->setDbName(self::DATABASE_NAME);
}
PermissionToPermissionItemPeer::addSelectColumns($criteria);
$startcol2 = PermissionToPermissionItemPeer::NUM_COLUMNS - PermissionToPermissionItemPeer::NUM_LAZY_LOAD_COLUMNS;
PermissionItemPeer::addSelectColumns($criteria);
$startcol3 = $startcol2 + (PermissionItemPeer::NUM_COLUMNS - PermissionItemPeer::NUM_LAZY_LOAD_COLUMNS);
$criteria->addJoin(PermissionToPermissionItemPeer::PERMISSION_ITEM_ID, PermissionItemPeer::ID, $join_behavior);
$stmt = BasePeer::doSelect($criteria, $con);
$results = array();
while ($row = $stmt->fetch(PDO::FETCH_NUM)) {
$key1 = PermissionToPermissionItemPeer::getPrimaryKeyHashFromRow($row, 0);
if (null !== ($obj1 = PermissionToPermissionItemPeer::getInstanceFromPool($key1))) {
// We no longer rehydrate the object, since this can cause data loss.
// See http://propel.phpdb.org/trac/ticket/509
// $obj1->hydrate($row, 0, true); // rehydrate
} else {
$cls = PermissionToPermissionItemPeer::getOMClass(false);
$obj1 = new $cls();
$obj1->hydrate($row);
PermissionToPermissionItemPeer::addInstanceToPool($obj1, $key1);
}
// if obj1 already loaded
// Add objects for joined PermissionItem rows
$key2 = PermissionItemPeer::getPrimaryKeyHashFromRow($row, $startcol2);
if ($key2 !== null) {
$obj2 = PermissionItemPeer::getInstanceFromPool($key2);
if (!$obj2) {
$omClass = PermissionItemPeer::getOMClass($row, $startcol2);
$cls = substr('.' . $omClass, strrpos('.' . $omClass, '.') + 1);
$obj2 = new $cls();
$obj2->hydrate($row, $startcol2);
PermissionItemPeer::addInstanceToPool($obj2, $key2);
}
// if $obj2 already loaded
// Add the $obj1 (PermissionToPermissionItem) to the collection in $obj2 (PermissionItem)
$obj2->addPermissionToPermissionItem($obj1);
}
// if joined row is not null
$results[] = $obj1;
}
$stmt->closeCursor();
return $results;
}
/**
* Deletes an existing permission item object.
* This action is available only to Kaltura system administrators.
*
* @action delete
* @param int $permissionItemId The permission item's unique identifier
* @return KalturaPermissionItem The deleted permission item object
*
* @throws KalturaErrors::INVALID_OBJECT_ID
*/
public function deleteAction($permissionItemId)
{
$dbPermissionItem = PermissionItemPeer::retrieveByPK($permissionItemId);
if (!$dbPermissionItem) {
throw new KalturaAPIException(KalturaErrors::INVALID_OBJECT_ID, $permissionItemId);
}
$dbPermissionItem->delete();
$permissionItem = new KalturaPermissionItem();
$permissionItem->fromObject($dbPermissionItem, $this->getResponseProfile());
return $permissionItem;
}
/**
* Lists permission item objects that are associated with an account.
*
* @action list
* @param KalturaPermissionItemFilter $filter A filter used to exclude specific types of permission items
* @param KalturaFilterPager $pager A limit for the number of records to display on a page
* @return KalturaPermissionItemListResponse The list of permission item objects
*/
public function listAction(KalturaPermissionItemFilter $filter = null, KalturaFilterPager $pager = null)
{
if (!$filter) {
$filter = new KalturaPermissionItemFilter();
}
$permissionItemFilter = $filter->toObject();
$c = new Criteria();
$permissionItemFilter->attachToCriteria($c);
$count = PermissionItemPeer::doCount($c);
if (!$pager) {
$pager = new KalturaFilterPager();
}
$pager->attachToCriteria($c);
$list = PermissionItemPeer::doSelect($c);
$response = new KalturaPermissionItemListResponse();
$response->objects = KalturaPermissionItemArray::fromDbArray($list);
$response->totalCount = $count;
return $response;
}
/**
* Init with allowed permissions for the user in the given KS or kCurrentContext if not KS given
* kCurrentContext::init should have been executed before!
* @param string $ks KS to extract user and partner IDs from instead of kCurrentContext
* @param boolean $useCache use cache or not
* @throws TODO: add all exceptions
*/
public static function init($useCache = null)
{
// verify that kCurrentContext::init has been executed since it must be used to init current context permissions
if (!kCurrentContext::$ksPartnerUserInitialized) {
KalturaLog::crit('kCurrentContext::initKsPartnerUser must be executed before initializing kPermissionManager');
throw new Exception('kCurrentContext has not been initialized!', null);
}
// can be initialized more than once to support multirequest with different kCurrentContext parameters
self::$initialized = false;
self::$useCache = $useCache ? true : false;
// copy kCurrentContext parameters (kCurrentContext::init should have been executed before)
self::$requestedPartnerId = !self::isEmpty(kCurrentContext::$partner_id) ? kCurrentContext::$partner_id : null;
self::$ksPartnerId = !self::isEmpty(kCurrentContext::$ks_partner_id) ? kCurrentContext::$ks_partner_id : null;
self::$ksUserId = !self::isEmpty(kCurrentContext::$ks_uid) ? kCurrentContext::$ks_uid : null;
self::$ksString = kCurrentContext::$ks ? kCurrentContext::$ks : null;
self::$adminSession = !self::isEmpty(kCurrentContext::$is_admin_session) ? kCurrentContext::$is_admin_session : false;
// clear instance pools
//TODO: may not be needed
UserRolePeer::clearInstancePool();
PermissionPeer::clearInstancePool();
PermissionItemPeer::clearInstancePool();
PermissionToPermissionItemPeer::clearInstancePool();
kuserPeer::clearInstancePool();
// if ks defined - check that it is valid
self::errorIfKsNotValid();
// init partner, user, and role objects
self::initPartnerUserObjects();
// throw an error if KS partner (operating partner) is blocked
self::errorIfPartnerBlocked();
// init role ids
self::initRoleIds();
// init permissions map
self::initPermissionsMap();
// initialization done
self::$initialized = true;
return true;
}
function addParameterPermissionItem($itemCfg)
{
// verify obligatory fields
if (!$itemCfg->object) {
throw new Exception('Permission item object must be set');
}
if (!$itemCfg->parameter) {
throw new Exception('Permission item object parameter must be set');
}
if (!$itemCfg->action) {
throw new Exception('Permission item action id must be set');
}
if (is_null($itemCfg->partnerId) || $itemCfg->partnerId === '') {
throw new Exception('Permission item partner id must be set');
}
if (!in_array($itemCfg->action, array(ApiParameterPermissionItemAction::INSERT, ApiParameterPermissionItemAction::READ, ApiParameterPermissionItemAction::UPDATE, ApiParameterPermissionItemAction::USAGE))) {
throw new Exception("Action type [{$itemCfg->action}] unknown");
}
// check if item already exists in db
$c = new Criteria();
$c->addAnd(kApiParameterPermissionItem::OBJECT_COLUMN_NAME, $itemCfg->object, Criteria::EQUAL);
$c->addAnd(kApiParameterPermissionItem::PARAMETER_COLUMN_NAME, $itemCfg->parameter, Criteria::EQUAL);
$c->addAnd(kApiParameterPermissionItem::ACTION_COLUMN_NAME, $itemCfg->action, Criteria::EQUAL);
$c->addAnd(PermissionItemPeer::PARTNER_ID, array(PartnerPeer::GLOBAL_PARTNER, $itemCfg->partnerId), Criteria::IN);
$c->addAnd(PermissionItemPeer::TYPE, PermissionItemType::API_PARAMETER_ITEM, Criteria::EQUAL);
$existingItem = PermissionItemPeer::doSelectOne($c);
$item = null;
if ($existingItem) {
$item = $existingItem;
KalturaLog::log('Permission item for [' . $item->getAction() . '->' . $item->getObject() . '->' . $item->getParameter() . '] partner id [' . $item->getPartnerId() . '] already exists with id [' . $item->getId() . ']');
} else {
// save new permission item object
$item = new kApiParameterPermissionItem();
foreach ($itemCfg as $key => $value) {
if ($key === 'permissions') {
continue;
// permissions are set later
}
$setterCallback = array($item, "set{$key}");
if (method_exists($item, 'set' . $key)) {
call_user_func_array($setterCallback, array($value));
} else {
KalturaLog::err("Skipping call to set{$key}() since there is no such method.");
}
}
$item->save();
KalturaLog::log('New permission item id [' . $item->getId() . '] added for [' . $item->getAction() . '->' . $item->getObject() . '->' . $item->getParameter() . '] partner id [' . $item->getPartnerId() . ']');
}
// add item to each defined permission
$permissionNames = array_map('trim', str_getcsv($itemCfg->permissions));
addItemToPermissions($item, $permissionNames, $itemCfg->partnerId);
}
function removeParameterPermissionItem($itemCfg)
{
// verify obligatory fields
if (!$itemCfg->object) {
throw new Exception('Permission item object must be set');
}
if (!$itemCfg->parameter) {
throw new Exception('Permission item object parameter must be set');
}
if (!$itemCfg->action) {
throw new Exception('Permission item action id must be set');
}
if (is_null($itemCfg->partnerId) || $itemCfg->partnerId === '') {
throw new Exception('Permission item partner id must be set');
}
if (!in_array($itemCfg->action, array(ApiParameterPermissionItemAction::INSERT, ApiParameterPermissionItemAction::READ, ApiParameterPermissionItemAction::UPDATE))) {
throw new Exception("Action type [{$itemCfg->action}] unknown");
}
if (is_null($itemCfg->permissions) || $itemCfg->permissions === '') {
throw new Exception('Permission item permissions must be set');
}
// check if item already exists in db
$c = new Criteria();
$c->addAnd(kApiParameterPermissionItem::OBJECT_COLUMN_NAME, $itemCfg->object);
$c->addAnd(kApiParameterPermissionItem::PARAMETER_COLUMN_NAME, $itemCfg->parameter);
$c->addAnd(kApiParameterPermissionItem::ACTION_COLUMN_NAME, $itemCfg->action);
$c->addAnd(PermissionItemPeer::PARTNER_ID, array(PartnerPeer::GLOBAL_PARTNER, $itemCfg->partnerId), Criteria::IN);
$c->addAnd(PermissionItemPeer::TYPE, PermissionItemType::API_PARAMETER_ITEM);
$permissionItem = PermissionItemPeer::doSelectOne($c);
if (!$permissionItem) {
return;
}
// add item to each defined permission
$permissionNames = array_map('trim', explode(',', $itemCfg->permissions));
removeItemFromPermissions($permissionItem, $permissionNames);
}
/**
* Populates the object using an array.
*
* This is particularly useful when populating an object from one of the
* request arrays (e.g. $_POST). This method goes through the column
* names, checking to see whether a matching key exists in populated
* array. If so the setByName() method is called for that column.
*
* You can specify the key type of the array by additionally passing one
* of the class type constants BasePeer::TYPE_PHPNAME, BasePeer::TYPE_STUDLYPHPNAME,
* BasePeer::TYPE_COLNAME, BasePeer::TYPE_FIELDNAME, BasePeer::TYPE_NUM.
* The default key type is the column's phpname (e.g. 'AuthorId')
*
* @param array $arr An array to populate the object from.
* @param string $keyType The type of keys the array uses.
* @return void
*/
public function fromArray($arr, $keyType = BasePeer::TYPE_PHPNAME)
{
$keys = PermissionItemPeer::getFieldNames($keyType);
if (array_key_exists($keys[0], $arr)) {
$this->setId($arr[$keys[0]]);
}
if (array_key_exists($keys[1], $arr)) {
$this->setType($arr[$keys[1]]);
}
if (array_key_exists($keys[2], $arr)) {
$this->setPartnerId($arr[$keys[2]]);
}
if (array_key_exists($keys[3], $arr)) {
$this->setParam1($arr[$keys[3]]);
}
if (array_key_exists($keys[4], $arr)) {
$this->setParam2($arr[$keys[4]]);
}
if (array_key_exists($keys[5], $arr)) {
$this->setParam3($arr[$keys[5]]);
}
if (array_key_exists($keys[6], $arr)) {
$this->setParam4($arr[$keys[6]]);
}
if (array_key_exists($keys[7], $arr)) {
$this->setParam5($arr[$keys[7]]);
}
if (array_key_exists($keys[8], $arr)) {
$this->setTags($arr[$keys[8]]);
}
if (array_key_exists($keys[9], $arr)) {
$this->setCreatedAt($arr[$keys[9]]);
}
if (array_key_exists($keys[10], $arr)) {
$this->setUpdatedAt($arr[$keys[10]]);
}
if (array_key_exists($keys[11], $arr)) {
$this->setCustomData($arr[$keys[11]]);
}
}
function setPermissions($serviceConfig, $setBaseSystemPermissions, $userSessionPermission, $noKsPermission, $partnerId)
{
// get list of services defined in the services.ct files
$servicesTable = $serviceConfig->getAllServicesByCt();
// for each defined service.action
foreach ($servicesTable as $ctPath => $services) {
foreach ($services as $serviceActionName) {
$serviceConfig->setServiceName($serviceActionName);
$serviceSplit = explode('.', $serviceActionName);
$serviceName = $serviceSplit[0];
$actionName = $serviceSplit[1];
$ticketTypes = explode(',', $serviceConfig->getTicketType());
$serviceId = $serviceName;
$pluginName = getPluginNameFromServicesCtPath($ctPath);
if ($pluginName) {
$serviceId = strtolower($pluginName) . '_' . $serviceId;
}
$serviceClass = KalturaServicesMap::getService($serviceId);
if (!$serviceClass) {
$tmpServiceIds = KalturaServicesMap::getServiceIdsFromName($serviceName);
if ($tmpServiceIds && count($tmpServiceIds) == 1) {
$serviceId = reset($tmpServiceIds);
$serviceClass = KalturaServicesMap::getService($serviceId);
}
}
if (!$serviceClass) {
$msg = '***** ERROR - service id [' . $serviceId . '] not found in services map!';
KalturaLog::alert($msg);
echo $msg . PHP_EOL;
continue;
}
// skip action if set with ticket type N (blocked)
if (in_array(BLOCKED_TICKET_TYPE, $ticketTypes)) {
$msg = '***** NOTICE - Action [' . $serviceActionName . '] is set with ticket type N (blocked) -> skipping!';
KalturaLog::notice($msg);
echo $msg . PHP_EOL;
continue;
}
// check if a permission item for the current action already exists
$c = new Criteria();
$c->addAnd(kApiActionPermissionItem::SERVICE_COLUMN_NAME, $serviceId, Criteria::EQUAL);
$c->addAnd(kApiActionPermissionItem::ACTION_COLUMN_NAME, $actionName, Criteria::EQUAL);
$c->addAnd(PermissionItemPeer::PARTNER_ID, array(PartnerPeer::GLOBAL_PARTNER, $partnerId), Criteria::IN);
$permissionItem = PermissionItemPeer::doSelectOne($c);
if ($permissionItem) {
$msg = '***** NOTICE - Permission item for [' . $serviceActionName . '] already exists with id [' . $permissionItem->getId() . ']';
KalturaLog::alert($msg);
echo $msg . PHP_EOL;
} else {
// create a new api action permission item and save it
$permissionItem = new kApiActionPermissionItem();
$permissionItem->setService($serviceId);
$permissionItem->setAction($actionName);
$permissionItem->setPartnerId($partnerId);
$permissionItem->save();
}
// get the defined permission names from the tags section of the services.ct file
$permissionNames = $serviceConfig->getTags();
$permissionNames = explode(',', $permissionNames);
$anyPermissionSet = false;
// was any permission set to include the current permission item or not
foreach ($permissionNames as $permissionName) {
if (!$permissionName) {
continue;
}
// add the permission item to all its defined permission objects
$c = new Criteria();
$c->addAnd(PermissionPeer::NAME, $permissionName, Criteria::EQUAL);
$c->addAnd(PermissionPeer::TYPE, PermissionType::NORMAL, Criteria::EQUAL);
//$c->addAnd(PermissionPeer::PARTNER_ID, array(PartnerPeer::GLOBAL_PARTNER, $partnerId), Criteria::IN);
$permission = PermissionPeer::doSelectOne($c);
if (!$permission) {
$msg = '***** ERROR - Permission [' . $permissionName . '] not found in DB although set for [' . $serviceActionName . ']';
KalturaLog::alert($msg);
echo $msg . PHP_EOL;
continue;
}
$permission->addPermissionItem($permissionItem->getId(), true);
$anyPermissionSet = true;
}
// add permission item to the basic NO_KS and USER_KS permissions according to its ticket type
// (partner admin role already contains all other permissions)
if ($setBaseSystemPermissions) {
if (in_array(NO_KS_TICKET_TYPE, $ticketTypes)) {
$noKsPermission->addPermissionItem($permissionItem->getId(), true);
$userSessionPermission->addPermissionItem($permissionItem->getId(), true);
$anyPermissionSet = true;
} else {
if (in_array(USER_KS_TICKET_TYPE, $ticketTypes)) {
$userSessionPermission->addPermissionItem($permissionItem->getId(), true);
$anyPermissionSet = true;
}
}
}
if (!$anyPermissionSet) {
$msg = '***** ERROR - No permission was set for [' . $serviceActionName . ']';
KalturaLog::alert($msg);
echo $msg . PHP_EOL;
}
}
}
}
