public function getListResponse(KalturaFilterPager $pager, KalturaDetachedResponseProfile $responseProfile = null) { $permissionItemFilter = $this->toObject(); $c = new Criteria(); $permissionItemFilter->attachToCriteria($c); $count = PermissionItemPeer::doCount($c); $pager->attachToCriteria($c); $list = PermissionItemPeer::doSelect($c); $response = new KalturaPermissionItemListResponse(); $response->objects = KalturaPermissionItemArray::fromDbArray($list, $responseProfile); $response->totalCount = $count; return $response; }
/** * Cleans up the environment after running a test. */ protected function tearDown() { UserRolePeer::clearInstancePool(); PermissionPeer::clearInstancePool(); PermissionItemPeer::clearInstancePool(); kuserPeer::clearInstancePool(); PartnerPeer::clearInstancePool(); $this->client = null; PermissionItemPeer::setUseCriteriaFilter(false); foreach ($this->addedPermissionItemIds as $id) { try { $obj = PermissionItemPeer::retrieveByPK($id); if ($obj) { $obj->delete(); } } catch (PropelException $e) { } } PermissionItemPeer::setUseCriteriaFilter(true); $this->addedPermissionItemIds = array(); parent::tearDown(); }
/** * Retrieve multiple objects by pkey. * * @param array $pks List of primary keys * @param PropelPDO $con the connection to use * @throws PropelException Any exceptions caught during processing will be * rethrown wrapped into a PropelException. */ public static function retrieveByPKs($pks, PropelPDO $con = null) { $objs = null; if (empty($pks)) { $objs = array(); } else { $criteria = new Criteria(PermissionItemPeer::DATABASE_NAME); $criteria->add(PermissionItemPeer::ID, $pks, Criteria::IN); $objs = PermissionItemPeer::doSelect($criteria, $con); } return $objs; }
$permissions[] = $permissionName; } $permissions = implode(', ', $permissions); fputs($file, "permissionItem{$currentIndex}.permissions = {$permissions}\n"); fputs($file, "\n"); } if ($file) { fclose($file); } kMemoryManager::clearMemory(); $criteria = new Criteria(); $criteria->add(PermissionItemPeer::PARTNER_ID, array(0, -1, -2, -3), Criteria::IN); $criteria->add(PermissionItemPeer::TYPE, PermissionItemType::API_PARAMETER_ITEM); $criteria->addAscendingOrderByColumn(PermissionItemPeer::PARAM_1); $criteria->addAscendingOrderByColumn(PermissionItemPeer::PARAM_2); $permissionItems = PermissionItemPeer::doSelect($criteria); KalturaLog::debug("Found [" . count($permissionItems) . "] parameter permission items"); $file = null; $currentIndex = null; $currentObject = null; foreach ($permissionItems as $parameterPermissionItem) { /* @var $parameterPermissionItem kApiParameterPermissionItem */ $object = $parameterPermissionItem->getObject(); $parameter = $parameterPermissionItem->getParameter(); $action = $parameterPermissionItem->getAction(); $partnerId = $parameterPermissionItem->getPartnerId(); $param4 = $parameterPermissionItem->getParam4(); $param5 = $parameterPermissionItem->getParam5(); $tags = $parameterPermissionItem->getTags(); if ($object != $currentObject) { if ($file) {
/** * @return array Array of permission item objects associated with the current permission */ public function getPermissionItems() { $ids = $this->getPermissionItemIds(); $c = new Criteria(); $c->add(PermissionItemPeer::ID, $ids, Criteria::IN); $items = PermissionItemPeer::doSelect($c); return $items; }
<?php /** * @package deployment * @subpackage dragonfly.roles_and_permissions * * Adds basic API object parameters that require permissions, to their associated permissions. * * Delete from permission_to_permission_item where type = 'kApiParameterPermissionItem' to re-deploy */ //-- Bootstraping error_reporting(E_ALL); require_once dirname(__FILE__) . '/../../../bootstrap.php'; require_once ROOT_DIR . '/api_v3/bootstrap.php'; PermissionPeer::clearInstancePool(); PermissionItemPeer::clearInstancePool(); //-- Script start // define all items $permissionItems = array(array('object' => 'KalturaBaseEntry', 'parameter' => 'startDate', 'action' => ApiParameterPermissionItemAction::INSERT, 'permission' => PermissionName::CONTENT_MANAGE_SCHEDULE), array('object' => 'KalturaBaseEntry', 'parameter' => 'startDate', 'action' => ApiParameterPermissionItemAction::UPDATE, 'permission' => PermissionName::CONTENT_MANAGE_SCHEDULE), array('object' => 'KalturaBaseEntry', 'parameter' => 'endDate', 'action' => ApiParameterPermissionItemAction::INSERT, 'permission' => PermissionName::CONTENT_MANAGE_SCHEDULE), array('object' => 'KalturaBaseEntry', 'parameter' => 'endDate', 'action' => ApiParameterPermissionItemAction::UPDATE, 'permission' => PermissionName::CONTENT_MANAGE_SCHEDULE), array('object' => 'KalturaBaseEntry', 'parameter' => 'accessControlId', 'action' => ApiParameterPermissionItemAction::INSERT, 'permission' => PermissionName::CONTENT_MANAGE_ACCESS_CONTROL), array('object' => 'KalturaBaseEntry', 'parameter' => 'accessControlId', 'action' => ApiParameterPermissionItemAction::UPDATE, 'permission' => PermissionName::CONTENT_MANAGE_ACCESS_CONTROL), array('object' => 'KalturaBaseEntry', 'parameter' => 'categories', 'action' => ApiParameterPermissionItemAction::INSERT, 'permission' => PermissionName::CONTENT_MANAGE_ASSIGN_CATEGORIES . ',' . PermissionName::USER_SESSION_PERMISSION), array('object' => 'KalturaBaseEntry', 'parameter' => 'categories', 'action' => ApiParameterPermissionItemAction::UPDATE, 'permission' => PermissionName::CONTENT_MANAGE_ASSIGN_CATEGORIES . ',' . PermissionName::USER_SESSION_PERMISSION), array('object' => 'KalturaBaseEntry', 'parameter' => 'categoriesIds', 'action' => ApiParameterPermissionItemAction::INSERT, 'permission' => PermissionName::CONTENT_MANAGE_ASSIGN_CATEGORIES . ',' . PermissionName::USER_SESSION_PERMISSION), array('object' => 'KalturaBaseEntry', 'parameter' => 'categoriesIds', 'action' => ApiParameterPermissionItemAction::UPDATE, 'permission' => PermissionName::CONTENT_MANAGE_ASSIGN_CATEGORIES . ',' . PermissionName::USER_SESSION_PERMISSION), array('object' => 'KalturaBaseEntry', 'parameter' => 'name', 'action' => ApiParameterPermissionItemAction::UPDATE, 'permission' => PermissionName::CONTENT_MANAGE_METADATA . ',' . PermissionName::USER_SESSION_PERMISSION . ',' . PermissionName::CONTENT_MODERATE_METADATA), array('object' => 'KalturaBaseEntry', 'parameter' => 'tags', 'action' => ApiParameterPermissionItemAction::UPDATE, 'permission' => PermissionName::CONTENT_MANAGE_METADATA . ',' . PermissionName::USER_SESSION_PERMISSION . ',' . PermissionName::CONTENT_MODERATE_METADATA), array('object' => 'KalturaBaseEntry', 'parameter' => 'description', 'action' => ApiParameterPermissionItemAction::UPDATE, 'permission' => PermissionName::CONTENT_MANAGE_METADATA . ',' . PermissionName::USER_SESSION_PERMISSION . ',' . PermissionName::CONTENT_MODERATE_METADATA), array('object' => 'KalturaLiveStreamAdminEntry', 'parameter' => kApiParameterPermissionItem::ALL_VALUES_IDENTIFIER, 'action' => ApiParameterPermissionItemAction::READ, 'permission' => PermissionName::CONTENT_MANAGE_BASE), array('object' => 'KalturaLiveStreamAdminEntry', 'parameter' => kApiParameterPermissionItem::ALL_VALUES_IDENTIFIER, 'action' => ApiParameterPermissionItemAction::INSERT, 'permission' => PermissionName::CONTENT_MANAGE_BASE), array('object' => 'KalturaLiveStreamAdminEntry', 'parameter' => kApiParameterPermissionItem::ALL_VALUES_IDENTIFIER, 'action' => ApiParameterPermissionItemAction::UPDATE, 'permission' => PermissionName::CONTENT_MANAGE_BASE), array('object' => 'KalturaPartner', 'parameter' => 'secret', 'action' => ApiParameterPermissionItemAction::READ, 'permission' => PermissionName::INTEGRATION_BASE), array('object' => 'KalturaPartner', 'parameter' => 'adminSecret', 'action' => ApiParameterPermissionItemAction::READ, 'permission' => PermissionName::INTEGRATION_BASE)); // add all to required permissions foreach ($permissionItems as $cur) { $item = new kApiParameterPermissionItem(); $item->setObject($cur['object']); $item->setParameter($cur['parameter']); $item->setAction($cur['action']); $item->setPartnerId(PartnerPeer::GLOBAL_PARTNER); $item->save(); $permissions = $cur['permission']; $permissions = explode(',', $permissions); foreach ($permissions as $permissionName) { if (!$permissionName) {
/** * Get the associated PermissionItem object * * @param PropelPDO Optional Connection object. * @return PermissionItem The associated PermissionItem object. * @throws PropelException */ public function getPermissionItem(PropelPDO $con = null) { if ($this->aPermissionItem === null && $this->permission_item_id !== null) { $this->aPermissionItem = PermissionItemPeer::retrieveByPk($this->permission_item_id); /* The following can be used additionally to guarantee the related object contains a reference to this object. This level of coupling may, however, be undesirable since it could result in an only partially populated collection in the referenced object. $this->aPermissionItem->addPermissionToPermissionItems($this); */ } return $this->aPermissionItem; }
echo $msg . PHP_EOL; continue; } // skip action if set with ticket type N (blocked) if (in_array(BLOCKED_TICKET_TYPE, $ticketTypes)) { $msg = '***** NOTICE - Action [' . $serviceActionName . '] is set with ticket type N (blocked) -> skipping!'; KalturaLog::notice($msg); echo $msg . PHP_EOL; continue; } foreach ($partners as $partner) { $c = new Criteria(); $c->addAnd(kApiActionPermissionItem::SERVICE_COLUMN_NAME, $serviceId, Criteria::EQUAL); $c->addAnd(kApiActionPermissionItem::ACTION_COLUMN_NAME, $actionName, Criteria::EQUAL); $c->addAnd(PermissionItemPeer::PARTNER_ID, array(PartnerPeer::GLOBAL_PARTNER, $partner->getId()), Criteria::IN); $permissionItem = PermissionItemPeer::doSelectOne($c); if (!$permissionItem) { $msg = '***** ERROR - Permission item for service [' . $serviceId . '] action [' . $actionName . '] not found in DB!'; KalturaLog::alert($msg); echo $msg . PHP_EOL; continue; } // check if a special ticket type was set for the action which is different from the basic system ticket types if (in_array(USER_KS_TICKET_TYPE, $ticketTypes) && !in_array($permissionItem->getId(), $userSessionPermissionItemIds)) { // ticket type 1 set - add a special user KS permission to all relevant partners and add current permission item to it $userKsRole = getOrCreateUserSessionRole($partner->getId()); $userKsPermission = getOrCreateSessionPermission($partner->getId(), 'user'); $userKsPermission->addPermissionItem($permissionItem->getId(), true); $userKsRole->setPermissionNames(PermissionName::USER_SESSION_PERMISSION . ',' . $userKsPermission->getName()); $partner->setUserSessionRoleId($userKsRole->getId()); $partner->save();
public function getFieldNameFromPeer($field_name) { $res = PermissionItemPeer::translateFieldName($field_name, $this->field_name_translation_type, BasePeer::TYPE_COLNAME); return $res; }
/** * Builds a Criteria object containing the primary key for this object. * * Unlike buildCriteria() this method includes the primary key values regardless * of whether or not they have been modified. * * @return Criteria The Criteria object containing value(s) for primary key(s). */ public function buildPkeyCriteria() { $criteria = new Criteria(PermissionItemPeer::DATABASE_NAME); $criteria->add(PermissionItemPeer::ID, $this->id); if ($this->alreadyInSave && count($this->modifiedColumns) == 2 && $this->isColumnModified(PermissionItemPeer::UPDATED_AT)) { $theModifiedColumn = null; foreach ($this->modifiedColumns as $modifiedColumn) { if ($modifiedColumn != PermissionItemPeer::UPDATED_AT) { $theModifiedColumn = $modifiedColumn; } } $atomicColumns = PermissionItemPeer::getAtomicColumns(); if (in_array($theModifiedColumn, $atomicColumns)) { $criteria->add($theModifiedColumn, $this->getByName($theModifiedColumn, BasePeer::TYPE_COLNAME), Criteria::NOT_EQUAL); } } return $criteria; }
public static function clearMemory() { accessControlPeer::clearInstancePool(); kuserPeer::clearInstancePool(); kshowPeer::clearInstancePool(); entryPeer::clearInstancePool(); // kvotePeer::clearInstancePool(); // commentPeer::clearInstancePool(); // flagPeer::clearInstancePool(); // favoritePeer::clearInstancePool(); // KshowKuserPeer::clearInstancePool(); // MailJobPeer::clearInstancePool(); SchedulerPeer::clearInstancePool(); SchedulerWorkerPeer::clearInstancePool(); SchedulerStatusPeer::clearInstancePool(); SchedulerConfigPeer::clearInstancePool(); ControlPanelCommandPeer::clearInstancePool(); BatchJobPeer::clearInstancePool(); // PriorityGroupPeer::clearInstancePool(); BulkUploadResultPeer::clearInstancePool(); // blockedEmailPeer::clearInstancePool(); // conversionPeer::clearInstancePool(); // flickrTokenPeer::clearInstancePool(); PuserKuserPeer::clearInstancePool(); // PuserRolePeer::clearInstancePool(); PartnerPeer::clearInstancePool(); // WidgetLogPeer::clearInstancePool(); // adminKuserPeer::clearInstancePool(); // notificationPeer::clearInstancePool(); moderationPeer::clearInstancePool(); moderationFlagPeer::clearInstancePool(); roughcutEntryPeer::clearInstancePool(); // widgetPeer::clearInstancePool(); uiConfPeer::clearInstancePool(); // PartnerStatsPeer::clearInstancePool(); // PartnerActivityPeer::clearInstancePool(); ConversionProfilePeer::clearInstancePool(); // ConversionParamsPeer::clearInstancePool(); // KceInstallationErrorPeer::clearInstancePool(); FileSyncPeer::clearInstancePool(); accessControlPeer::clearInstancePool(); mediaInfoPeer::clearInstancePool(); assetParamsPeer::clearInstancePool(); assetParamsOutputPeer::clearInstancePool(); assetPeer::clearInstancePool(); conversionProfile2Peer::clearInstancePool(); flavorParamsConversionProfilePeer::clearInstancePool(); categoryPeer::clearInstancePool(); syndicationFeedPeer::clearInstancePool(); TrackEntryPeer::clearInstancePool(); // SystemUserPeer::clearInstancePool(); StorageProfilePeer::clearInstancePool(); // EmailIngestionProfilePeer::clearInstancePool(); UploadTokenPeer::clearInstancePool(); // invalidSessionPeer::clearInstancePool(); DynamicEnumPeer::clearInstancePool(); UserLoginDataPeer::clearInstancePool(); PermissionPeer::clearInstancePool(); UserRolePeer::clearInstancePool(); PermissionItemPeer::clearInstancePool(); PermissionToPermissionItemPeer::clearInstancePool(); KuserToUserRolePeer::clearInstancePool(); $pluginInstances = KalturaPluginManager::getPluginInstances('IKalturaMemoryCleaner'); foreach ($pluginInstances as $pluginInstance) { $pluginInstance->cleanMemory(); } if (function_exists('gc_collect_cycles')) { // php 5.3 and above gc_collect_cycles(); } }
/** * Selects a collection of PermissionToPermissionItem objects pre-filled with all related objects except Permission. * * @param Criteria $criteria * @param PropelPDO $con * @param String $join_behavior the type of joins to use, defaults to Criteria::LEFT_JOIN * @return array Array of PermissionToPermissionItem objects. * @throws PropelException Any exceptions caught during processing will be * rethrown wrapped into a PropelException. */ public static function doSelectJoinAllExceptPermission(Criteria $criteria, $con = null, $join_behavior = Criteria::LEFT_JOIN) { $criteria = clone $criteria; // Set the correct dbName if it has not been overridden // $criteria->getDbName() will return the same object if not set to another value // so == check is okay and faster if ($criteria->getDbName() == Propel::getDefaultDB()) { $criteria->setDbName(self::DATABASE_NAME); } PermissionToPermissionItemPeer::addSelectColumns($criteria); $startcol2 = PermissionToPermissionItemPeer::NUM_COLUMNS - PermissionToPermissionItemPeer::NUM_LAZY_LOAD_COLUMNS; PermissionItemPeer::addSelectColumns($criteria); $startcol3 = $startcol2 + (PermissionItemPeer::NUM_COLUMNS - PermissionItemPeer::NUM_LAZY_LOAD_COLUMNS); $criteria->addJoin(PermissionToPermissionItemPeer::PERMISSION_ITEM_ID, PermissionItemPeer::ID, $join_behavior); $stmt = BasePeer::doSelect($criteria, $con); $results = array(); while ($row = $stmt->fetch(PDO::FETCH_NUM)) { $key1 = PermissionToPermissionItemPeer::getPrimaryKeyHashFromRow($row, 0); if (null !== ($obj1 = PermissionToPermissionItemPeer::getInstanceFromPool($key1))) { // We no longer rehydrate the object, since this can cause data loss. // See http://propel.phpdb.org/trac/ticket/509 // $obj1->hydrate($row, 0, true); // rehydrate } else { $cls = PermissionToPermissionItemPeer::getOMClass(false); $obj1 = new $cls(); $obj1->hydrate($row); PermissionToPermissionItemPeer::addInstanceToPool($obj1, $key1); } // if obj1 already loaded // Add objects for joined PermissionItem rows $key2 = PermissionItemPeer::getPrimaryKeyHashFromRow($row, $startcol2); if ($key2 !== null) { $obj2 = PermissionItemPeer::getInstanceFromPool($key2); if (!$obj2) { $omClass = PermissionItemPeer::getOMClass($row, $startcol2); $cls = substr('.' . $omClass, strrpos('.' . $omClass, '.') + 1); $obj2 = new $cls(); $obj2->hydrate($row, $startcol2); PermissionItemPeer::addInstanceToPool($obj2, $key2); } // if $obj2 already loaded // Add the $obj1 (PermissionToPermissionItem) to the collection in $obj2 (PermissionItem) $obj2->addPermissionToPermissionItem($obj1); } // if joined row is not null $results[] = $obj1; } $stmt->closeCursor(); return $results; }
/** * Deletes an existing permission item object. * This action is available only to Kaltura system administrators. * * @action delete * @param int $permissionItemId The permission item's unique identifier * @return KalturaPermissionItem The deleted permission item object * * @throws KalturaErrors::INVALID_OBJECT_ID */ public function deleteAction($permissionItemId) { $dbPermissionItem = PermissionItemPeer::retrieveByPK($permissionItemId); if (!$dbPermissionItem) { throw new KalturaAPIException(KalturaErrors::INVALID_OBJECT_ID, $permissionItemId); } $dbPermissionItem->delete(); $permissionItem = new KalturaPermissionItem(); $permissionItem->fromObject($dbPermissionItem, $this->getResponseProfile()); return $permissionItem; }
/** * Lists permission item objects that are associated with an account. * * @action list * @param KalturaPermissionItemFilter $filter A filter used to exclude specific types of permission items * @param KalturaFilterPager $pager A limit for the number of records to display on a page * @return KalturaPermissionItemListResponse The list of permission item objects */ public function listAction(KalturaPermissionItemFilter $filter = null, KalturaFilterPager $pager = null) { if (!$filter) { $filter = new KalturaPermissionItemFilter(); } $permissionItemFilter = $filter->toObject(); $c = new Criteria(); $permissionItemFilter->attachToCriteria($c); $count = PermissionItemPeer::doCount($c); if (!$pager) { $pager = new KalturaFilterPager(); } $pager->attachToCriteria($c); $list = PermissionItemPeer::doSelect($c); $response = new KalturaPermissionItemListResponse(); $response->objects = KalturaPermissionItemArray::fromDbArray($list); $response->totalCount = $count; return $response; }
/** * Init with allowed permissions for the user in the given KS or kCurrentContext if not KS given * kCurrentContext::init should have been executed before! * @param string $ks KS to extract user and partner IDs from instead of kCurrentContext * @param boolean $useCache use cache or not * @throws TODO: add all exceptions */ public static function init($useCache = null) { // verify that kCurrentContext::init has been executed since it must be used to init current context permissions if (!kCurrentContext::$ksPartnerUserInitialized) { KalturaLog::crit('kCurrentContext::initKsPartnerUser must be executed before initializing kPermissionManager'); throw new Exception('kCurrentContext has not been initialized!', null); } // can be initialized more than once to support multirequest with different kCurrentContext parameters self::$initialized = false; self::$useCache = $useCache ? true : false; // copy kCurrentContext parameters (kCurrentContext::init should have been executed before) self::$requestedPartnerId = !self::isEmpty(kCurrentContext::$partner_id) ? kCurrentContext::$partner_id : null; self::$ksPartnerId = !self::isEmpty(kCurrentContext::$ks_partner_id) ? kCurrentContext::$ks_partner_id : null; self::$ksUserId = !self::isEmpty(kCurrentContext::$ks_uid) ? kCurrentContext::$ks_uid : null; self::$ksString = kCurrentContext::$ks ? kCurrentContext::$ks : null; self::$adminSession = !self::isEmpty(kCurrentContext::$is_admin_session) ? kCurrentContext::$is_admin_session : false; // clear instance pools //TODO: may not be needed UserRolePeer::clearInstancePool(); PermissionPeer::clearInstancePool(); PermissionItemPeer::clearInstancePool(); PermissionToPermissionItemPeer::clearInstancePool(); kuserPeer::clearInstancePool(); // if ks defined - check that it is valid self::errorIfKsNotValid(); // init partner, user, and role objects self::initPartnerUserObjects(); // throw an error if KS partner (operating partner) is blocked self::errorIfPartnerBlocked(); // init role ids self::initRoleIds(); // init permissions map self::initPermissionsMap(); // initialization done self::$initialized = true; return true; }
function addParameterPermissionItem($itemCfg) { // verify obligatory fields if (!$itemCfg->object) { throw new Exception('Permission item object must be set'); } if (!$itemCfg->parameter) { throw new Exception('Permission item object parameter must be set'); } if (!$itemCfg->action) { throw new Exception('Permission item action id must be set'); } if (is_null($itemCfg->partnerId) || $itemCfg->partnerId === '') { throw new Exception('Permission item partner id must be set'); } if (!in_array($itemCfg->action, array(ApiParameterPermissionItemAction::INSERT, ApiParameterPermissionItemAction::READ, ApiParameterPermissionItemAction::UPDATE, ApiParameterPermissionItemAction::USAGE))) { throw new Exception("Action type [{$itemCfg->action}] unknown"); } // check if item already exists in db $c = new Criteria(); $c->addAnd(kApiParameterPermissionItem::OBJECT_COLUMN_NAME, $itemCfg->object, Criteria::EQUAL); $c->addAnd(kApiParameterPermissionItem::PARAMETER_COLUMN_NAME, $itemCfg->parameter, Criteria::EQUAL); $c->addAnd(kApiParameterPermissionItem::ACTION_COLUMN_NAME, $itemCfg->action, Criteria::EQUAL); $c->addAnd(PermissionItemPeer::PARTNER_ID, array(PartnerPeer::GLOBAL_PARTNER, $itemCfg->partnerId), Criteria::IN); $c->addAnd(PermissionItemPeer::TYPE, PermissionItemType::API_PARAMETER_ITEM, Criteria::EQUAL); $existingItem = PermissionItemPeer::doSelectOne($c); $item = null; if ($existingItem) { $item = $existingItem; KalturaLog::log('Permission item for [' . $item->getAction() . '->' . $item->getObject() . '->' . $item->getParameter() . '] partner id [' . $item->getPartnerId() . '] already exists with id [' . $item->getId() . ']'); } else { // save new permission item object $item = new kApiParameterPermissionItem(); foreach ($itemCfg as $key => $value) { if ($key === 'permissions') { continue; // permissions are set later } $setterCallback = array($item, "set{$key}"); if (method_exists($item, 'set' . $key)) { call_user_func_array($setterCallback, array($value)); } else { KalturaLog::err("Skipping call to set{$key}() since there is no such method."); } } $item->save(); KalturaLog::log('New permission item id [' . $item->getId() . '] added for [' . $item->getAction() . '->' . $item->getObject() . '->' . $item->getParameter() . '] partner id [' . $item->getPartnerId() . ']'); } // add item to each defined permission $permissionNames = array_map('trim', str_getcsv($itemCfg->permissions)); addItemToPermissions($item, $permissionNames, $itemCfg->partnerId); }
function removeParameterPermissionItem($itemCfg) { // verify obligatory fields if (!$itemCfg->object) { throw new Exception('Permission item object must be set'); } if (!$itemCfg->parameter) { throw new Exception('Permission item object parameter must be set'); } if (!$itemCfg->action) { throw new Exception('Permission item action id must be set'); } if (is_null($itemCfg->partnerId) || $itemCfg->partnerId === '') { throw new Exception('Permission item partner id must be set'); } if (!in_array($itemCfg->action, array(ApiParameterPermissionItemAction::INSERT, ApiParameterPermissionItemAction::READ, ApiParameterPermissionItemAction::UPDATE))) { throw new Exception("Action type [{$itemCfg->action}] unknown"); } if (is_null($itemCfg->permissions) || $itemCfg->permissions === '') { throw new Exception('Permission item permissions must be set'); } // check if item already exists in db $c = new Criteria(); $c->addAnd(kApiParameterPermissionItem::OBJECT_COLUMN_NAME, $itemCfg->object); $c->addAnd(kApiParameterPermissionItem::PARAMETER_COLUMN_NAME, $itemCfg->parameter); $c->addAnd(kApiParameterPermissionItem::ACTION_COLUMN_NAME, $itemCfg->action); $c->addAnd(PermissionItemPeer::PARTNER_ID, array(PartnerPeer::GLOBAL_PARTNER, $itemCfg->partnerId), Criteria::IN); $c->addAnd(PermissionItemPeer::TYPE, PermissionItemType::API_PARAMETER_ITEM); $permissionItem = PermissionItemPeer::doSelectOne($c); if (!$permissionItem) { return; } // add item to each defined permission $permissionNames = array_map('trim', explode(',', $itemCfg->permissions)); removeItemFromPermissions($permissionItem, $permissionNames); }
/** * Populates the object using an array. * * This is particularly useful when populating an object from one of the * request arrays (e.g. $_POST). This method goes through the column * names, checking to see whether a matching key exists in populated * array. If so the setByName() method is called for that column. * * You can specify the key type of the array by additionally passing one * of the class type constants BasePeer::TYPE_PHPNAME, BasePeer::TYPE_STUDLYPHPNAME, * BasePeer::TYPE_COLNAME, BasePeer::TYPE_FIELDNAME, BasePeer::TYPE_NUM. * The default key type is the column's phpname (e.g. 'AuthorId') * * @param array $arr An array to populate the object from. * @param string $keyType The type of keys the array uses. * @return void */ public function fromArray($arr, $keyType = BasePeer::TYPE_PHPNAME) { $keys = PermissionItemPeer::getFieldNames($keyType); if (array_key_exists($keys[0], $arr)) { $this->setId($arr[$keys[0]]); } if (array_key_exists($keys[1], $arr)) { $this->setType($arr[$keys[1]]); } if (array_key_exists($keys[2], $arr)) { $this->setPartnerId($arr[$keys[2]]); } if (array_key_exists($keys[3], $arr)) { $this->setParam1($arr[$keys[3]]); } if (array_key_exists($keys[4], $arr)) { $this->setParam2($arr[$keys[4]]); } if (array_key_exists($keys[5], $arr)) { $this->setParam3($arr[$keys[5]]); } if (array_key_exists($keys[6], $arr)) { $this->setParam4($arr[$keys[6]]); } if (array_key_exists($keys[7], $arr)) { $this->setParam5($arr[$keys[7]]); } if (array_key_exists($keys[8], $arr)) { $this->setTags($arr[$keys[8]]); } if (array_key_exists($keys[9], $arr)) { $this->setCreatedAt($arr[$keys[9]]); } if (array_key_exists($keys[10], $arr)) { $this->setUpdatedAt($arr[$keys[10]]); } if (array_key_exists($keys[11], $arr)) { $this->setCustomData($arr[$keys[11]]); } }
function setPermissions($serviceConfig, $setBaseSystemPermissions, $userSessionPermission, $noKsPermission, $partnerId) { // get list of services defined in the services.ct files $servicesTable = $serviceConfig->getAllServicesByCt(); // for each defined service.action foreach ($servicesTable as $ctPath => $services) { foreach ($services as $serviceActionName) { $serviceConfig->setServiceName($serviceActionName); $serviceSplit = explode('.', $serviceActionName); $serviceName = $serviceSplit[0]; $actionName = $serviceSplit[1]; $ticketTypes = explode(',', $serviceConfig->getTicketType()); $serviceId = $serviceName; $pluginName = getPluginNameFromServicesCtPath($ctPath); if ($pluginName) { $serviceId = strtolower($pluginName) . '_' . $serviceId; } $serviceClass = KalturaServicesMap::getService($serviceId); if (!$serviceClass) { $tmpServiceIds = KalturaServicesMap::getServiceIdsFromName($serviceName); if ($tmpServiceIds && count($tmpServiceIds) == 1) { $serviceId = reset($tmpServiceIds); $serviceClass = KalturaServicesMap::getService($serviceId); } } if (!$serviceClass) { $msg = '***** ERROR - service id [' . $serviceId . '] not found in services map!'; KalturaLog::alert($msg); echo $msg . PHP_EOL; continue; } // skip action if set with ticket type N (blocked) if (in_array(BLOCKED_TICKET_TYPE, $ticketTypes)) { $msg = '***** NOTICE - Action [' . $serviceActionName . '] is set with ticket type N (blocked) -> skipping!'; KalturaLog::notice($msg); echo $msg . PHP_EOL; continue; } // check if a permission item for the current action already exists $c = new Criteria(); $c->addAnd(kApiActionPermissionItem::SERVICE_COLUMN_NAME, $serviceId, Criteria::EQUAL); $c->addAnd(kApiActionPermissionItem::ACTION_COLUMN_NAME, $actionName, Criteria::EQUAL); $c->addAnd(PermissionItemPeer::PARTNER_ID, array(PartnerPeer::GLOBAL_PARTNER, $partnerId), Criteria::IN); $permissionItem = PermissionItemPeer::doSelectOne($c); if ($permissionItem) { $msg = '***** NOTICE - Permission item for [' . $serviceActionName . '] already exists with id [' . $permissionItem->getId() . ']'; KalturaLog::alert($msg); echo $msg . PHP_EOL; } else { // create a new api action permission item and save it $permissionItem = new kApiActionPermissionItem(); $permissionItem->setService($serviceId); $permissionItem->setAction($actionName); $permissionItem->setPartnerId($partnerId); $permissionItem->save(); } // get the defined permission names from the tags section of the services.ct file $permissionNames = $serviceConfig->getTags(); $permissionNames = explode(',', $permissionNames); $anyPermissionSet = false; // was any permission set to include the current permission item or not foreach ($permissionNames as $permissionName) { if (!$permissionName) { continue; } // add the permission item to all its defined permission objects $c = new Criteria(); $c->addAnd(PermissionPeer::NAME, $permissionName, Criteria::EQUAL); $c->addAnd(PermissionPeer::TYPE, PermissionType::NORMAL, Criteria::EQUAL); //$c->addAnd(PermissionPeer::PARTNER_ID, array(PartnerPeer::GLOBAL_PARTNER, $partnerId), Criteria::IN); $permission = PermissionPeer::doSelectOne($c); if (!$permission) { $msg = '***** ERROR - Permission [' . $permissionName . '] not found in DB although set for [' . $serviceActionName . ']'; KalturaLog::alert($msg); echo $msg . PHP_EOL; continue; } $permission->addPermissionItem($permissionItem->getId(), true); $anyPermissionSet = true; } // add permission item to the basic NO_KS and USER_KS permissions according to its ticket type // (partner admin role already contains all other permissions) if ($setBaseSystemPermissions) { if (in_array(NO_KS_TICKET_TYPE, $ticketTypes)) { $noKsPermission->addPermissionItem($permissionItem->getId(), true); $userSessionPermission->addPermissionItem($permissionItem->getId(), true); $anyPermissionSet = true; } else { if (in_array(USER_KS_TICKET_TYPE, $ticketTypes)) { $userSessionPermission->addPermissionItem($permissionItem->getId(), true); $anyPermissionSet = true; } } } if (!$anyPermissionSet) { $msg = '***** ERROR - No permission was set for [' . $serviceActionName . ']'; KalturaLog::alert($msg); echo $msg . PHP_EOL; } } } }