/** * Init permission items map from DB for the given role * @param UserRole $dbRole */ private static function getPermissionsFromDb($dbRole) { $map = self::initEmptyMap(); // get all permission object names from role record if ($dbRole) { $tmpPermissionNames = $dbRole->getPermissionNames(true); $tmpPermissionNames = array_map('trim', explode(',', $tmpPermissionNames)); } else { $tmpPermissionNames = array(); } // add always allowed permissions if (self::$operatingPartner) { $alwaysAllowed = self::$operatingPartner->getAlwaysAllowedPermissionNames(); $alwaysAllowed = array_map('trim', explode(',', $alwaysAllowed)); } else { $alwaysAllowed = array(PermissionName::ALWAYS_ALLOWED_ACTIONS); } $tmpPermissionNames = array_merge($tmpPermissionNames, $alwaysAllowed); // if the request sent from the internal server set additional permission allowing access without KS // from internal servers if (kIpAddressUtils::isInternalIp()) { KalturaLog::debug('IP in range, adding ALWAYS_ALLOWED_FROM_INTERNAL_IP_ACTIONS permission'); $alwaysAllowedInternal = array(PermissionName::ALWAYS_ALLOWED_FROM_INTERNAL_IP_ACTIONS); $tmpPermissionNames = array_merge($tmpPermissionNames, $alwaysAllowedInternal); } $permissionNames = array(); foreach ($tmpPermissionNames as $name) { $permissionNames[$name] = $name; } $map[self::PERMISSION_NAMES_ARRAY] = $permissionNames; // get mapping of permissions to permission items $c = new Criteria(); $c->addAnd(PermissionPeer::NAME, $permissionNames, Criteria::IN); $c->addAnd(PermissionPeer::PARTNER_ID, array(strval(PartnerPeer::GLOBAL_PARTNER), strval(self::$operatingPartnerId)), Criteria::IN); $c->addAnd(PermissionItemPeer::PARTNER_ID, array(strval(PartnerPeer::GLOBAL_PARTNER), strval(self::$operatingPartnerId)), Criteria::IN); $lookups = PermissionToPermissionItemPeer::doSelectJoinAll($c); foreach ($lookups as $lookup) { $item = $lookup->getPermissionItem(); $permission = $lookup->getPermission(); if (!$item) { KalturaLog::err('PermissionToPermissionItem id [' . $lookup->getId() . '] is defined with PermissionItem id [' . $lookup->getPermissionItemId() . '] which does not exists!'); continue; } if (!$permission) { KalturaLog::err('PermissionToPermissionItem id [' . $lookup->getId() . '] is defined with Permission name [' . $lookup->getPermissionName() . '] which does not exists!'); continue; } // organize permission items in local arrays $type = $item->getType(); if ($type == PermissionItemType::API_ACTION_ITEM) { self::addApiAction($map, $item); } else { if ($type == PermissionItemType::API_PARAMETER_ITEM) { self::addApiParameter($map, $item); } } } // set partner group permission $c = new Criteria(); $c->addAnd(PermissionPeer::PARTNER_ID, self::$operatingPartnerId, Criteria::EQUAL); $c->addAnd(PermissionPeer::TYPE, PermissionType::PARTNER_GROUP, Criteria::EQUAL); $partnerGroupPermissions = PermissionPeer::doSelect($c); foreach ($partnerGroupPermissions as $pgPerm) { self::addPartnerGroupAction($map, $pgPerm); } return $map; }