private function getAccessControlScope() { $scope = new accessControlScope(); if ($this->referrer) { $scope->setReferrer($this->referrer); } $scope->setKs($this->ks); $scope->setEntryId($this->entry->getId()); $scope->setContexts($this->contexts); return $scope; }
public function validateApiAccessControl() { if (kIpAddressUtils::isInternalIp()) { return true; } if ($this->getEnforceHttpsApi() && infraRequestUtils::getProtocol() != infraRequestUtils::PROTOCOL_HTTPS) { KalturaLog::err('Action was accessed over HTTP while the partner is configured for HTTPS access only'); return false; } $accessControl = $this->getApiAccessControl(); if (is_null($accessControl)) { return true; } $context = new kEntryContextDataResult(); $scope = new accessControlScope(); $scope->setKs(kCurrentContext::$ks); $scope->setContexts(array(ContextType::PLAY)); $disableCache = $accessControl->applyContext($context, $scope); if ($disableCache) { kApiCache::disableCache(); } if (count($context->getMessages())) { header("X-Kaltura-API-Access-Control: " . implode(', ', $context->getMessages())); } if (count($context->getActions())) { $actions = $context->getActions(); foreach ($actions as $action) { /* @var $action kAccessControlAction */ if ($action->getType() == RuleActionType::BLOCK) { KalturaLog::err('Action was blocked by API access control'); return false; } } } return true; }
/** * @return accessControlScope */ public static function partialInit() { $scope = new accessControlScope(); $scope->setIp(requestUtils::getRemoteAddress()); $scope->setReferrer(isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : null); return $scope; }
/** * Validate all the restrictions using the accessControlScope * * @return bool */ public function isValid() { if (!$this->scope instanceof accessControlScope) { throw new Exception("Scope was not set"); } // if we have ks if ($this->scope->getKs() && $this->scope->getKs() instanceof ks) { // not need to validate if we have an admin ks if ($this->scope->getKs()->isAdmin()) { return true; } } $restrictions = $this->getRestrictions(); foreach ($restrictions as $restriction) { if ($restriction->isValid() === false) { // if one is not valid, all access control considered not valid return false; } } return true; }
private function applyAccessControlOnContextData(accessControlScope $accessControlScope) { if ($this->isAdmin) { return; } $accessControl = $this->entry->getAccessControl(); /* @var $accessControl accessControl */ if ($accessControl && $accessControl->hasRules()) { $this->isSecured = true; if (kConf::hasMap("optimized_playback")) { $partnerId = $accessControl->getPartnerId(); $optimizedPlayback = kConf::getMap("optimized_playback"); if (array_key_exists($partnerId, $optimizedPlayback)) { $params = $optimizedPlayback[$partnerId]; if (array_key_exists('cache_kdp_access_control', $params) && $params['cache_kdp_access_control'] && (strpos(strtolower(kCurrentContext::$client_lang), "kdp") !== false || strpos(strtolower(kCurrentContext::$client_lang), "html") !== false)) { return; } } } $accessControlScope->setEntryId($this->entry->getId()); $this->isAdmin = $accessControlScope->getKs() && $accessControlScope->getKs()->isAdmin(); $this->disableCache = $accessControl->applyContext($this->contextDataResult); } }
private function getApiAccessControlScope() { $scope = new accessControlScope(); $scope->setKs(kCurrentContext::$ks); $scope->setContexts(array(accessControlContextType::PLAY)); return $scope; }
private function getAccessControlScope() { $accessControlScope = accessControlScope::partialInit(); if ($this->_referrer) { $accessControlScope->setReferrer($this->_referrer); } $accessControlScope->setKs($this->_ks); $accessControlScope->setEntryId($this->_entry->getId()); return $accessControlScope; }
/** * @action getContextData * @param string $entryId * @param KalturaEntryContextDataParams $contextDataParams * @return KalturaEntryContextDataResult */ public function getContextData($entryId, KalturaEntryContextDataParams $contextDataParams) { $dbEntry = entryPeer::retrieveByPK($entryId); if (!$dbEntry) { throw new KalturaAPIException(KalturaErrors::ENTRY_ID_NOT_FOUND, $entryId); } $ks = $this->getKs(); $isAdmin = false; if ($ks) { $isAdmin = $ks->isAdmin(); } $accessControl = $dbEntry->getAccessControl(); $result = new KalturaEntryContextDataResult(); $result->isAdmin = $isAdmin; $result->isScheduledNow = $dbEntry->isScheduledNow(); // defaults $result->isSiteRestricted = false; $result->isCountryRestricted = false; $result->isSessionRestricted = false; $result->isIpAddressRestricted = false; $result->previewLength = -1; if ($accessControl && $accessControl->hasRestrictions()) { KalturaResponseCacher::disableCache(); $accessControlScope = accessControlScope::partialInit(); $accessControlScope->setReferrer($contextDataParams->referrer); $accessControlScope->setKs($this->getKs()); $accessControlScope->setEntryId($entryId); $accessControl->setScope($accessControlScope); if ($accessControl->hasSiteRestriction()) { $result->isSiteRestricted = !$accessControl->getSiteRestriction()->isValid(); } if ($accessControl->hasCountryRestriction()) { $result->isCountryRestricted = !$accessControl->getCountryRestriction()->isValid(); } if ($accessControl->hasSessionRestriction()) { $result->isSessionRestricted = !$accessControl->getSessionRestriction()->isValid(); } if ($accessControl->hasPreviewRestriction()) { $result->isSessionRestricted = !$accessControl->getPreviewRestriction()->isValid(); $result->previewLength = $accessControl->getPreviewRestriction()->getPreviewLength(); } if ($accessControl->hasIpAddressRestriction()) { $result->isIpAddressRestricted = !$accessControl->getIpAddressRestriction()->isValid(); } } return $result; }