/**
* @action getCsvUrl
* @param int $id
* @param int $reportPartnerId
* @return string
*/
function getCsvUrlAction($id, $reportPartnerId)
{
$dbReport = ReportPeer::retrieveByPK($id);
if (is_null($dbReport)) {
throw new KalturaAPIException(KalturaErrors::REPORT_NOT_FOUND, $id);
}
$dbPartner = PartnerPeer::retrieveByPK($reportPartnerId);
if (is_null($dbPartner)) {
throw new KalturaAPIException(KalturaErrors::INVALID_PARTNER_ID, $reportPartnerId);
}
// allow creating urls for reports that are associated with partner 0 and the report owner
if ($dbReport->getPartnerId() !== 0 && $dbReport->getPartnerId() !== $reportPartnerId) {
throw new KalturaAPIException(KalturaErrors::REPORT_NOT_PUBLIC, $id);
}
$ks = new ks();
$ks->valid_until = time() + 2 * 365 * 24 * 60 * 60;
// 2 years
$ks->type = ks::TYPE_KS;
$ks->partner_id = $reportPartnerId;
$ks->master_partner_id = null;
$ks->partner_pattern = $reportPartnerId;
$ks->error = 0;
$ks->rand = microtime(true);
$ks->user = '';
$ks->privileges = 'setrole:REPORT_VIEWER_ROLE';
$ks->additional_data = null;
$ks_str = $ks->toSecureString();
$paramsArray = $this->getParametersAction($id);
$paramsStrArray = array();
foreach ($paramsArray as $param) {
$paramsStrArray[] = $param->value . '={' . $param->value . '}';
}
$url = "http://" . kConf::get("www_host") . "/api_v3/index.php/service/report/action/getCsvFromStringParams/id/{$id}/ks/" . $ks_str . "/params/" . implode(';', $paramsStrArray);
return $url;
}
/**
* @param ks $ks
* @return invalidSession
*/
public static function invalidateKs(ks $ks)
{
$invalidSession = new invalidSession();
$invalidSession->setKs(base64_decode($ks->getOriginalString()));
$invalidSession->setKsValidUntil($ks->valid_until);
$invalidSession->save();
return $invalidSession;
}
/**
* @param ks $ks
* @return invalidSession
*/
public static function invalidateKs(ks $ks, PropelPDO $con = null)
{
$result = self::invalidateByKey($ks->getHash(), invalidSession::INVALID_SESSION_TYPE_KS, $ks->valid_until, $con);
$sessionId = $ks->getSessionIdHash();
if ($sessionId) {
self::invalidateByKey($sessionId, invalidSession::INVALID_SESSION_TYPE_SESSION_ID, time() + 24 * 60 * 60, $con);
}
return $result;
}
/**
* @param ks $ks
* @return invalidSession
*/
public static function invalidateKs(ks $ks, PropelPDO $con = null)
{
$criteria = new Criteria();
$criteria->add(invalidSessionPeer::KS, $ks->getHash());
$invalidSession = invalidSessionPeer::doSelectOne($criteria, $con);
if (!$invalidSession) {
$invalidSession = new invalidSession();
$invalidSession->setKs($ks->getHash());
$invalidSession->setKsValidUntil($ks->valid_until);
}
$invalidSession->setActionsLimit(null);
$invalidSession->save();
return $invalidSession;
}
/**
* KS from Secure String
* @action fromSecureString
* @param string $str
* @return KalturaInternalToolsSession
*
*/
public static function fromSecureStringAction($str)
{
$ks = ks::fromSecureString($str);
$ksFromSecureString = new KalturaInternalToolsSession();
$ksFromSecureString->fromObject($ks);
return $ksFromSecureString;
}
/**
* @param ks $v
*/
public function setKs($v)
{
if (is_string($v)) {
$v = ks::fromSecureString($v);
}
$this->ks = $v;
}
public function execute()
{
$ksStr = $this->getP("ks");
if ($ksStr) {
$ksObj = null;
try {
$ksObj = ks::fromSecureString($ksStr);
} catch (Exception $e) {
}
if ($ksObj) {
$partner = PartnerPeer::retrieveByPK($ksObj->partner_id);
if (!$partner) {
KExternalErrors::dieError(KExternalErrors::PARTNER_NOT_FOUND);
}
if (!$partner->validateApiAccessControl()) {
KExternalErrors::dieError(KExternalErrors::SERVICE_ACCESS_CONTROL_RESTRICTED);
}
$ksObj->kill();
}
KalturaLog::info("Killing session with ks - [{$ksStr}], decoded - [" . base64_decode($ksStr) . "]");
} else {
KalturaLog::err('logoutAction called with no KS');
}
setcookie('pid', "", 0, "/");
setcookie('subpid', "", 0, "/");
setcookie('kmcks', "", 0, "/");
return sfView::NONE;
//redirection to kmc/kmc is done from java script
}
/**
* KS from Secure String
* @action fromSecureString
* @param string $str
* @return KalturaInternalToolsSession
*
*/
public function fromSecureStringAction($str)
{
$ks = ks::fromSecureString($str);
$ksFromSecureString = new KalturaInternalToolsSession();
$ksFromSecureString->fromObject($ks, $this->getResponseProfile());
return $ksFromSecureString;
}
protected function getKsUniqueString()
{
if ($this->ks) {
return $this->ks->getUniqueString();
} else {
return substr(md5(rand(10000, 99999) . microtime(true)), 1, 7);
//throw new Exception ( "Cannot find unique string" );
}
}
public static function getCurrentSessionType()
{
if (!self::$ks_object) {
return kSessionBase::SESSION_TYPE_NONE;
}
if (self::$ks_object->isAdmin()) {
return kSessionBase::SESSION_TYPE_ADMIN;
}
if (self::$ks_object->isWidgetSession()) {
return kSessionBase::SESSION_TYPE_WIDGET;
}
return kSessionBase::SESSION_TYPE_USER;
}
public function executeImpl($partner_id, $subp_id, $puser_id, $partner_prefix, $puser_kuser, $create_cachekey = false)
{
myDbHelper::$use_alternative_con = myDbHelper::DB_HELPER_CONN_PROPEL3;
// TODO - verify permissions for viewing lists
$detailed = $this->getP("detailed", false);
if (!$detailed) {
$detailed = false;
}
$playlist_id = $this->getPM("playlist_id");
if ($create_cachekey) {
if ($this->isAdmin()) {
return null;
}
$ks_partner_id = null;
$privileges = null;
$ks = ks::fromSecureString(kCurrentContext::$ks);
if ($ks) {
$ks_partner_id = $ks->getPartnerId();
$privileges = $ks->getPrivileges();
}
$cache_key_arr = array("playlist_id" => $playlist_id, "partner_id" => $partner_id, "ks_partner_id" => $ks_partner_id, "detailed" => $detailed, "user" => kCurrentContext::$ks_uid, "privileges" => $privileges, "is_admin" => $this->isAdmin(), "protocol" => infraRequestUtils::getProtocol());
$cahce_key = new executionCacheKey();
$cahce_key->expiry = 600;
$cahce_key->key = md5(print_r($cache_key_arr, true));
return $cahce_key;
}
// this service is executed twice! (first time for the cache key, second time for the execution)
if (is_null($this->playlist)) {
$playlist = entryPeer::retrieveByPK($playlist_id);
if (!$playlist) {
throw new APIException(APIErrors::INVALID_ENTRY_ID, "Playlist", $playlist_id);
}
myPartnerUtils::addPartnerToCriteria('accessControl', $playlist->getPartnerId(), $this->getPrivatePartnerData(), $this->partnerGroup2(), null);
$this->playlist = $playlist;
}
if ($this->isAdmin()) {
myPlaylistUtils::setIsAdminKs(true);
}
$entry_list = myPlaylistUtils::executePlaylistById($partner_id, $playlist_id, null, $detailed);
myEntryUtils::updatePuserIdsForEntries($entry_list);
$level = $detailed ? objectWrapperBase::DETAIL_LEVEL_DETAILED : objectWrapperBase::DETAIL_LEVEL_REGULAR;
$wrapper = objectWrapperBase::getWrapperClass($entry_list, $level);
$this->addMsg("count", count($entry_list));
$this->addMsg($this->getObjectPrefix(), $wrapper);
}
public function executeImpl($partner_id, $subp_id, $puser_id, $partner_prefix, $puser_kuser)
{
// make sure the secret fits the one in the partner's table
$ks_str = "";
$expiry = $this->getP("expiry", 86400);
$widget_id = $this->getPM("widget_id");
$widget = widgetPeer::retrieveByPK($widget_id);
if (!$widget) {
$this->addError(APIErrors::INVALID_WIDGET_ID, $widget_id);
return;
}
$partner_id = $widget->getPartnerId();
$partner = PartnerPeer::retrieveByPK($partner_id);
// TODO - see how to decide if the partner has a URL to redirect to
// according to the partner's policy and the widget's policy - define the privileges of the ks
// TODO - decide !! - for now only view - any kshow
$privileges = "view:*,widget:1";
if ($widget->getSecurityType() == widget::WIDGET_SECURITY_TYPE_FORCE_KS) {
if (!$this->ks) {
// the one from the defPartnerservices2Action
$this->addException(APIErrors::MISSING_KS);
}
$ks_str = $this->getP("ks");
$widget_partner_id = $widget->getPartnerId();
$res = kSessionUtils::validateKSession2(1, $widget_partner_id, $puser_id, $ks_str, $this->ks);
if (0 >= $res) {
// chaned this to be an exception rather than an error
$this->addException(APIErrors::INVALID_KS, $ks_str, $res, ks::getErrorStr($res));
}
} else {
// the session will be for NON admins and privileges of view only
$puser_id = 0;
$result = kSessionUtils::createKSessionNoValidations($partner_id, $puser_id, $ks_str, $expiry, false, "", $privileges);
}
if ($result >= 0) {
$this->addMsg("ks", $ks_str);
$this->addMsg("partner_id", $partner_id);
$this->addMsg("subp_id", $widget->getSubpId());
$this->addMsg("uid", "0");
} else {
// TODO - see that there is a good error for when the invalid login count exceed s the max
$this->addError(APIErrors::START_WIDGET_SESSION_ERROR, $widget_id);
}
}
public static function initKsPartnerUser($ksString, $requestedPartnerId = null, $requestedPuserId = null)
{
if (!$ksString) {
kCurrentContext::$ks = null;
kCurrentContext::$ks_partner_id = null;
kCurrentContext::$ks_uid = null;
kCurrentContext::$master_partner_id = null;
kCurrentContext::$partner_id = $requestedPartnerId;
kCurrentContext::$uid = $requestedPuserId;
kCurrentContext::$is_admin_session = false;
} else {
try {
$ksObj = kSessionUtils::crackKs($ksString);
} catch (Exception $ex) {
if (strpos($ex->getMessage(), "INVALID_STR") !== null) {
//TODO: throw different type of error
throw new KalturaAPIException(APIErrors::INVALID_KS, $ksString, ks::INVALID_STR, ks::getErrorStr(ks::INVALID_STR));
} else {
throw $ex;
}
}
kCurrentContext::$ks = $ksString;
kCurrentContext::$ks_object = $ksObj;
kCurrentContext::$ks_partner_id = $ksObj->partner_id;
kCurrentContext::$ks_uid = $ksObj->user;
kCurrentContext::$master_partner_id = $ksObj->master_partner_id ? $ksObj->master_partner_id : kCurrentContext::$ks_partner_id;
kCurrentContext::$is_admin_session = $ksObj->isAdmin();
kCurrentContext::$partner_id = $requestedPartnerId;
kCurrentContext::$uid = $requestedPuserId;
}
// set partner ID for logger
if (kCurrentContext::$partner_id) {
$GLOBALS["partnerId"] = kCurrentContext::$partner_id;
} else {
if (kCurrentContext::$ks_partner_id) {
$GLOBALS["partnerId"] = kCurrentContext::$ks_partner_id;
}
}
self::$ksPartnerUserInitialized = true;
}
/**
* @param string $objectClass
* @param string $objectId
* @param string $privilege optional
* @param string $options optional
* @throws KalturaErrors::INVALID_KS
*/
protected function validateUser($objectClass, $objectId, $privilege = null, $options = null)
{
// don't allow operations without ks
if (!kCurrentContext::$ks_object) {
throw new KalturaAPIException(KalturaErrors::INVALID_KS, "", ks::INVALID_TYPE, ks::getErrorStr(ks::INVALID_TYPE));
}
// if admin always allowed
if (kCurrentContext::$is_admin_session) {
return;
}
$objectGetters = null;
if (strstr($objectClass, '::')) {
$objectGetters = explode('::', $objectClass);
$objectClass = array_shift($objectGetters);
}
$objectClassPeer = "{$objectClass}Peer";
if (!class_exists($objectClassPeer)) {
return;
}
$dbObject = $objectClassPeer::retrieveByPK($objectId);
if ($objectGetters) {
foreach ($objectGetters as $objectGetter) {
$getterMethod = "get{$objectGetter}";
$reflector = new ReflectionObject($dbObject);
if (!$reflector->hasMethod($getterMethod)) {
KalturaLog::err("Method " . $getterMethod . " does not exist for class " . $reflector->getName());
return;
}
$dbObject = $dbObject->{$getterMethod}();
}
}
if (!$dbObject instanceof IOwnable) {
return;
}
if ($privilege) {
// check if all ids are privileged
if (kCurrentContext::$ks_object->verifyPrivileges($privilege, ks::PRIVILEGE_WILDCARD)) {
return;
}
// check if object id is privileged
if (kCurrentContext::$ks_object->verifyPrivileges($privilege, $dbObject->getId())) {
return;
}
}
if (strtolower($dbObject->getPuserId()) != strtolower(kCurrentContext::$ks_uid)) {
$optionsArray = array();
if ($options) {
$optionsArray = explode(",", $options);
}
if (!$dbObject->isEntitledKuserEdit(kCurrentContext::getCurrentKsKuserId()) || in_array(self::OWNER_ONLY_OPTION, $optionsArray)) {
throw new KalturaAPIException(KalturaErrors::INVALID_KS, "", ks::INVALID_TYPE, ks::getErrorStr(ks::INVALID_TYPE));
}
}
}
/**
* @param string $encoded_str
* @return ks
*/
public static function fromSecureString($encoded_str)
{
if (empty($encoded_str)) {
return null;
}
$ks = new ks();
if (!$ks->parseKS($encoded_str)) {
throw new Exception(self::getErrorStr(self::INVALID_STR));
}
$ks->valid_string = true;
return $ks;
}
private static function errorIfKsNotValid()
{
// if no ks in current context - no need to check anything
if (!self::$ksString) {
return;
}
$ksObj = null;
$res = kSessionUtils::validateKSessionNoTicket(self::$ksPartnerId, self::$ksUserId, self::$ksString, $ksObj);
if (0 >= $res) {
switch ($res) {
case ks::INVALID_STR:
KalturaLog::err('Invalid KS [' . self::$ksString . ']');
break;
case ks::INVALID_PARTNER:
KalturaLog::err('Wrong partner [' . self::$ksPartnerId . '] actual partner [' . $ksObj->partner_id . ']');
break;
case ks::INVALID_USER:
KalturaLog::err('Wrong user [' . self::$ksUserId . '] actual user [' . $ksObj->user . ']');
break;
case ks::EXPIRED:
KalturaLog::err('KS Expired [' . date('Y-m-d H:i:s', $ksObj->valid_until) . ']');
break;
case ks::LOGOUT:
KalturaLog::err('KS already logged out');
break;
}
throw new KalturaAPIException(APIErrors::INVALID_KS, self::$ksString, $res, ks::getErrorStr($res));
}
}
private function validateTicketSetPartner($partner_id, $subp_id, $puser_id, $ks_str)
{
if ($ks_str) {
// 1. crack the ks -
$ks = kSessionUtils::crackKs($ks_str);
// 2. extract partner_id
$ks_partner_id = $ks->partner_id;
$master_partner_id = $ks->master_partner_id;
if (!$master_partner_id) {
$master_partner_id = $ks_partner_id;
}
if (!$partner_id) {
$partner_id = $ks_partner_id;
}
// use the user from the ks if not explicity set
if (!$puser_id) {
$puser_id = $ks->user;
}
kCurrentContext::$ks = $ks_str;
kCurrentContext::$partner_id = $partner_id;
kCurrentContext::$ks_partner_id = $ks_partner_id;
kCurrentContext::$master_partner_id = $master_partner_id;
kCurrentContext::$uid = $puser_id;
kCurrentContext::$ks_uid = $ks->user;
// 3. retrieve partner
$ks_partner = PartnerPeer::retrieveByPK($ks_partner_id);
// the service_confgi is assumed to be the one of the operating_partner == ks_partner
if (!$ks_partner) {
$this->addException(APIErrors::UNKNOWN_PARTNER_ID, $ks_partner_id);
}
$this->setServiceConfigFromPartner($ks_partner);
if ($ks_partner && !$ks_partner->getStatus()) {
$this->addException(APIErrors::SERVICE_FORBIDDEN_PARTNER_DELETED);
}
// 4. validate ticket per service for the ticket's partner
$ticket_type = $this->ticketType2();
if ($ticket_type == kSessionUtils::REQUIED_TICKET_NOT_ACCESSIBLE) {
// partner cannot access this service
$this->addException(APIErrors::SERVICE_FORBIDDEN);
}
if ($this->force_ticket_check && $ticket_type != kSessionUtils::REQUIED_TICKET_NONE) {
// TODO - which user is this ? from the ks ? from the puser_id ?
$ks_puser_id = $ks->user;
//$ks = null;
$res = kSessionUtils::validateKSession2($ticket_type, $ks_partner_id, $ks_puser_id, $ks_str, $ks);
if (0 >= $res) {
// chaned this to be an exception rather than an error
$this->addException(APIErrors::INVALID_KS, $ks_str, $res, ks::getErrorStr($res));
}
$this->ks = $ks;
} elseif ($ticket_type == kSessionUtils::REQUIED_TICKET_NONE && $ks_str) {
$ks_puser_id = $ks->user;
$res = kSessionUtils::validateKSession2($ticket_type, $ks_partner_id, $ks_puser_id, $ks_str, $ks);
if ($res > 0) {
$this->ks = $ks;
}
}
// 5. see partner is allowed to access the desired partner (if himself - easy, else - should appear in the partnerGroup)
$allow_access = myPartnerUtils::allowPartnerAccessPartner($ks_partner_id, $this->partnerGroup2(), $partner_id);
if (!$allow_access) {
$this->addException(APIErrors::PARTNER_ACCESS_FORBIDDEN, $ks_partner_id, $partner_id);
}
// 6. set the partner to be the desired partner and the operating_partner to be the one from the ks
$this->partner = PartnerPeer::retrieveByPK($partner_id);
$this->operating_partner = $ks_partner;
// the config is that of the ks_partner NOT of the partner
// $this->setServiceConfigFromPartner( $ks_partner ); - was already set above to extract the ks
// TODO - should change service_config to be the one of the partner_id ??
// 7. if ok - return the partner_id to be used from this point onwards
return array($partner_id, $subp_id, $puser_id, true);
// allow private_partner_data
} else {
// no ks_str
// 1. extract partner by partner_id +
// 2. retrieve partner
$this->partner = PartnerPeer::retrieveByPK($partner_id);
if (!$this->partner) {
$this->partner = null;
// go to the default config
$this->setServiceConfigFromPartner(null);
if ($this->requirePartner2()) {
$this->addException(APIErrors::UNKNOWN_PARTNER_ID, $partner_id);
}
}
if ($this->partner && !$this->partner->getStatus()) {
$this->addException(APIErrors::SERVICE_FORBIDDEN_PARTNER_DELETED);
}
kCurrentContext::$ks = null;
kCurrentContext::$partner_id = $partner_id;
kCurrentContext::$ks_partner_id = null;
kCurrentContext::$uid = $puser_id;
kCurrentContext::$ks_uid = null;
// 3. make sure the service can be accessed with no ticket
$this->setServiceConfigFromPartner($this->partner);
$ticket_type = $this->ticketType2();
if ($ticket_type == kSessionUtils::REQUIED_TICKET_NOT_ACCESSIBLE) {
// partner cannot access this service
$this->addException(APIErrors::SERVICE_FORBIDDEN);
}
if ($this->force_ticket_check && $ticket_type != kSessionUtils::REQUIED_TICKET_NONE) {
// NEW: 2008-12-28
// Instead of throwing an exception, see if the service allows KN.
// If so - a relativly week partner access
if ($this->kalturaNetwork2()) {
// if the service supports KN - continue without private data
return array($partner_id, $subp_id, $puser_id, false);
// DONT allow private_partner_data
}
// chaned this to be an exception rather than an error
$this->addException(APIErrors::MISSING_KS);
}
// 4. set the partner & operating_partner to be the one-and-only partner of this session
$this->operating_partner = $this->partner;
return array($partner_id, $subp_id, $puser_id, true);
// allow private_partner_data
}
}
function normalizeKS($value, $ks)
{
$ksObj = new ks();
if (!$ksObj->parseKS($ks)) {
return $value;
}
$ksFields = array($ksObj->partner_id, $ksObj->partner_id, 0, $ksObj->type, 0, $ksObj->user, $ksObj->privileges, $ksObj->master_partner_id, $ksObj->additional_data);
$ksFields = implode(';', $ksFields);
return str_replace($ks, $ksFields, $value);
}
public static function getKsPrivacyContext()
{
$partnerId = kCurrentContext::$ks_partner_id ? kCurrentContext::$ks_partner_id : kCurrentContext::$partner_id;
$ks = ks::fromSecureString(kCurrentContext::$ks);
if (!$ks) {
return array(self::DEFAULT_CONTEXT . $partnerId);
}
$ksPrivacyContexts = $ks->getPrivacyContext();
if (is_null($ksPrivacyContexts) || $ksPrivacyContexts == '') {
return array(self::DEFAULT_CONTEXT . $partnerId);
}
return explode(',', $ksPrivacyContexts);
}
/**
* Indicates that the KS user is the owner of the entry
* @return bool
*/
protected function isKsUserOwnsEntry()
{
return !$this->isKsWidget() && $this->ks && $this->entry && $this->entry->getKuserId() == $this->ks->getKuserId();
}
/**
* @param string $encoded_str
* @return ks
*/
public static function fromSecureString($encoded_str)
{
if (empty($encoded_str)) {
return null;
}
$str = base64_decode($encoded_str, true);
// encode this string
$ks = new ks();
$real_str = $str;
@(list($hash, $real_str) = @explode("|", $str, 2));
// echo "[$str]<br>[$hash]<br>[$real_str]<br>[" . self::hash ( $real_str ) . "]<br>";
$ks->original_str = $encoded_str;
$parts = explode(self::SEPARATOR, $real_str);
list($ks->partner_id, $ks->partner_pattern, $ks->valid_until, $ks->type, $ks->rand, ) = $parts;
if (isset($parts[5])) {
$ks->user = $parts[5];
}
if (isset($parts[6])) {
$ks->privileges = $parts[6];
}
if (isset($parts[7])) {
$ks->master_partner_id = $parts[7];
}
if (isset($parts[8])) {
$ks->additional_data = $parts[8];
}
$salt = $ks->getSalt();
if (self::hash($salt, $real_str) != $hash) {
throw new Exception(self::getErrorStr(self::INVALID_STR));
//$ks->valid_string = false;
//return $ks;
}
$ks->valid_string = true;
return $ks;
}
private static function errorIfKsNotValid()
{
// if no ks in current context - no need to check anything
if (!self::$ksString) {
return;
}
$ksObj = null;
$res = kSessionUtils::validateKSessionNoTicket(self::$ksPartnerId, self::$ksUserId, self::$ksString, $ksObj);
if (0 >= $res) {
switch ($res) {
case ks::INVALID_STR:
KalturaLog::err('Invalid KS [' . self::$ksString . ']');
break;
case ks::INVALID_PARTNER:
KalturaLog::err('Wrong partner [' . self::$ksPartnerId . '] actual partner [' . $ksObj->partner_id . ']');
break;
case ks::INVALID_USER:
KalturaLog::err('Wrong user [' . self::$ksUserId . '] actual user [' . $ksObj->user . ']');
break;
case ks::EXPIRED:
KalturaLog::err('KS Expired [' . date('Y-m-d H:i:s', $ksObj->valid_until) . ']');
break;
case ks::LOGOUT:
KalturaLog::err('KS already logged out');
break;
case ks::EXCEEDED_ACTIONS_LIMIT:
KalturaLog::err('KS exceeded number of actions limit');
break;
case ks::EXCEEDED_RESTRICTED_IP:
KalturaLog::err('IP does not match KS restriction');
break;
}
throw new kCoreException("Invalid KS", kCoreException::INVALID_KS, ks::getErrorStr($res));
}
}
/**
* Parse session key and return its info
*
* @action get
* @param string $session The KS to be parsed, keep it empty to use current session.
* @return KalturaSessionInfo
*
* @throws APIErrors::START_SESSION_ERROR
*/
function getAction($session = null)
{
if (!$session) {
$session = kCurrentContext::$ks;
}
$ks = ks::fromSecureString($session);
$sessionInfo = new KalturaSessionInfo();
$sessionInfo->ks = $session;
$sessionInfo->partnerId = $ks->partner_id;
$sessionInfo->userId = $ks->user;
$sessionInfo->expiry = $ks->valid_until;
$sessionInfo->sessionType = $ks->type;
$sessionInfo->privileges = $ks->privileges;
return $sessionInfo;
}
/**
* Throws an error if the user is trying to update entry that doesn't belong to him and the session is not admin
*
* @param entry $dbEntry
*/
protected function checkIfUserAllowedToUpdateEntry(entry $dbEntry)
{
// if session is not admin, but privileges are
// edit:* or edit:ENTRY_ID or editplaylist:PLAYLIST_ID
// edit is allowed
if (!$this->getKs() || !$this->getKs()->isAdmin()) {
// check if wildcard on 'edit'
if ($this->getKs()->verifyPrivileges(ks::PRIVILEGE_EDIT, ks::PRIVILEGE_WILDCARD)) {
return;
}
// check if entryID on 'edit'
if ($this->getKs()->verifyPrivileges(ks::PRIVILEGE_EDIT, $dbEntry->getId())) {
return;
}
//
if ($this->getKs()->verifyPlaylistPrivileges(ks::PRIVILEGE_EDIT_ENTRY_OF_PLAYLIST, $dbEntry->getId(), $this->getPartnerId())) {
return;
}
}
// if user is not the entry owner, and the KS is user type - do not allow update
if ($dbEntry->getKuserId() != $this->getKuser()->getId() && (!$this->getKs() || !$this->getKs()->isAdmin())) {
throw new KalturaAPIException(KalturaErrors::INVALID_KS, "", ks::INVALID_TYPE, ks::getErrorStr(ks::INVALID_TYPE));
}
}
/**
* Sets the valid user for the entry
* Throws an error if the session user is trying to update entry to another user and not using an admin session
*
* @param KalturaBaseEntry $entry
* @param entry $dbEntry
*/
protected function checkAndSetValidUserUpdate(KalturaBaseEntry $entry, entry $dbEntry)
{
KalturaLog::debug("DB puser id [" . $dbEntry->getPuserId() . "] kuser id [" . $dbEntry->getKuserId() . "]");
// user id not being changed
if ($entry->userId === null) {
KalturaLog::debug("entry->userId is null, not changing user");
return;
}
if (!$this->getKs() || !$this->getKs()->isAdmin()) {
$entryPuserId = $dbEntry->getPuserId();
// non admin cannot change the owner of an existing entry
if (strtolower($entry->userId) != strtolower($entryPuserId)) {
KalturaLog::debug('API entry userId [' . $entry->userId . '], DB entry userId [' . $entryPuserId . '] - change required but KS is not admin');
throw new KalturaAPIException(KalturaErrors::INVALID_KS, "", ks::INVALID_TYPE, ks::getErrorStr(ks::INVALID_TYPE));
}
}
// need to create kuser if this is an admin changing the owner of the entry to a different user
$kuser = kuserPeer::createKuserForPartner($dbEntry->getPartnerId(), $entry->userId);
KalturaLog::debug("Set kuser id [" . $kuser->getId() . "] line [" . __LINE__ . "]");
$dbEntry->setKuserId($kuser->getId());
}
public static function setDefaultCriteriaFilter()
{
if (self::$s_criteria_filter == null) {
self::$s_criteria_filter = new criteriaFilter();
}
$c = KalturaCriteria::create(entryPeer::OM_CLASS);
$c->addAnd(entryPeer::STATUS, entryStatus::DELETED, Criteria::NOT_EQUAL);
$critEntitled = null;
$ks = ks::fromSecureString(kCurrentContext::$ks);
//when entitlement is enable and admin session or user session with list:* privilege
if (kEntitlementUtils::getEntitlementEnforcement() && (kCurrentContext::$is_admin_session || !self::$userContentOnly)) {
$privacyContexts = kEntitlementUtils::getPrivacyContextSearch();
$critEntitled = $c->getNewCriterion(self::PRIVACY_BY_CONTEXTS, $privacyContexts, KalturaCriteria::IN_LIKE);
$critEntitled->addTag(KalturaCriterion::TAG_ENTITLEMENT_ENTRY);
if (kCurrentContext::getCurrentKsKuserId()) {
//ENTITLED_KUSERS field includes $this->entitledUserEdit, $this->entitledUserEdit, and users on work groups categories.
$entitledKuserByPrivacyContext = kEntitlementUtils::getEntitledKuserByPrivacyContext();
$critEntitledKusers = $c->getNewCriterion(self::ENTITLED_KUSERS, $entitledKuserByPrivacyContext, KalturaCriteria::IN_LIKE);
$critEntitledKusers->addTag(KalturaCriterion::TAG_ENTITLEMENT_ENTRY);
$categoriesIds = array();
$categoriesIds = categoryPeer::retrieveEntitledAndNonIndexedByKuser(kCurrentContext::getCurrentKsKuserId(), kConf::get('category_search_limit'));
if (count($categoriesIds) >= kConf::get('category_search_limit')) {
self::$kuserBlongToMoreThanMaxCategoriesForSearch = true;
}
if (count($categoriesIds)) {
$critCategories = $c->getNewCriterion(self::CATEGORIES_IDS, $categoriesIds, KalturaCriteria::IN_LIKE);
$critCategories->addTag(KalturaCriterion::TAG_ENTITLEMENT_ENTRY);
$critEntitled->addOr($critCategories);
}
$critEntitled->addOr($critEntitledKusers);
}
//user should be able to get all entries s\he uploaded - outside the privacy context
$kuser = kCurrentContext::getCurrentKsKuserId();
if ($kuser !== 0) {
$critKuser = $c->getNewCriterion(entryPeer::KUSER_ID, $kuser, Criteria::EQUAL);
$critKuser->addTag(KalturaCriterion::TAG_ENTITLEMENT_ENTRY);
$critEntitled->addOr($critKuser);
}
} elseif (self::$userContentOnly) {
$critEntitled = $c->getNewCriterion(entryPeer::KUSER_ID, kCurrentContext::getCurrentKsKuserId(), Criteria::EQUAL);
$critEntitled->addTag(KalturaCriterion::TAG_WIDGET_SESSION);
}
if ($ks && count($ks->getDisableEntitlementForEntry())) {
$entryCrit = $c->getNewCriterion(entryPeer::ENTRY_ID, $ks->getDisableEntitlementForEntry(), Criteria::IN);
$entryCrit->addTag(KalturaCriterion::TAG_ENTITLEMENT_ENTRY);
if ($critEntitled) {
$critEntitled->addOr($entryCrit);
} else {
$critEntitled = $entryCrit;
}
}
if ($critEntitled) {
$c->addAnd($critEntitled);
}
self::$s_criteria_filter->setFilter($c);
}
/**
* Throws an error if the non-onwer session user is trying to update entitledPusersEdit or entitledPusersPublish
*
* @param KalturaBaseEntry $entry
* @param entry $dbEntry
*/
protected function validateEntitledUsersUpdate(KalturaBaseEntry $entry, entry $dbEntry)
{
if (!$this->getKs() || !$this->getKs()->isAdmin()) {
//non owner cannot change entitledUsersEdit and entitledUsersPublish
if ($this->getKuser()->getId() != $dbEntry->getKuserId()) {
if ($entry->entitledUsersEdit !== null && strtolower($entry->entitledUsersEdit) != strtolower($dbEntry->getEntitledPusersEdit())) {
throw new KalturaAPIException(KalturaErrors::INVALID_KS, "", ks::INVALID_TYPE, ks::getErrorStr(ks::INVALID_TYPE));
}
if ($entry->entitledUsersPublish !== null && strtolower($entry->entitledUsersPublish) != strtolower($dbEntry->getEntitledPusersPublish())) {
throw new KalturaAPIException(KalturaErrors::INVALID_KS, "", ks::INVALID_TYPE, ks::getErrorStr(ks::INVALID_TYPE));
}
}
}
}
public function executeImpl($partner_id, $subp_id, $puser_id, $partner_prefix, $puser_kuser, $create_cachekey = false)
{
myDbHelper::$use_alternative_con = myDbHelper::DB_HELPER_CONN_PROPEL3;
// TODO - verify permissions for viewing lists
$detailed = $this->getP("detailed", false);
if (!$detailed) {
$detailed = false;
}
$limit = $this->getP("page_size", 10);
$limit = $this->maxPageSize($limit);
$page = $this->getP("page", 1);
$user_filter_prefix = $this->getP("fp", "filter");
$offset = ($page - 1) * $limit;
// TODO - should limit search to partner ??
// kuserPeer::setUseCriteriaFilter( false );
// entryPeer::setUseCriteriaFilter( false );
$playlist_id = $this->getPM("playlist_id");
$input_params = $this->getInputParams();
$extra_filters = array();
for ($i = 1; $i < self::MAX_FILTER_COUNT; $i++) {
// filter
$extra_filter = new entryFilter();
$fields_set = $extra_filter->fillObjectFromRequest($input_params, "{$user_filter_prefix}{$i}_", null);
if ($fields_set) {
$extra_filters[$i] = $extra_filter;
}
}
if ($create_cachekey) {
if ($this->isAdmin()) {
return null;
}
$ks_partner_id = null;
$privileges = null;
$ks = ks::fromSecureString(kCurrentContext::$ks);
if ($ks) {
$ks_partner_id = $ks->getPartnerId();
$privileges = $ks->getPrivileges();
}
$cache_key_arr = array("playlist_id" => $playlist_id, "filters" => $extra_filters, "partner_id" => $partner_id, "ks_partner_id" => $ks_partner_id, "detailed" => $detailed, "user" => kCurrentContext::$ks_uid, "privileges" => $privileges, "is_admin" => $this->isAdmin());
$cahce_key = new executionCacheKey();
$cahce_key->expiry = 600;
$cahce_key->key = md5(print_r($cache_key_arr, true));
return $cahce_key;
}
// this service is executed twice! (first time for the cache key, second time for the execution)
if (is_null($this->playlist)) {
$playlist = entryPeer::retrieveByPK($playlist_id);
if (!$playlist) {
throw new APIException(APIErrors::INVALID_ENTRY_ID, "Playlist", $playlist_id);
}
myPartnerUtils::addPartnerToCriteria(new accessControlPeer(), $playlist->getPartnerId(), $this->getPrivatePartnerData(), $this->partnerGroup2(), null);
$this->playlist = $playlist;
}
if ($this->isAdmin()) {
myPlaylistUtils::setIsAdminKs(true);
}
$entry_list = myPlaylistUtils::executePlaylistById($partner_id, $playlist_id, $extra_filters, $detailed);
myEntryUtils::updatePuserIdsForEntries($entry_list);
$level = $detailed ? objectWrapperBase::DETAIL_LEVEL_DETAILED : objectWrapperBase::DETAIL_LEVEL_REGULAR;
$wrapper = objectWrapperBase::getWrapperClass($entry_list, $level);
$this->addMsg("count", count($entry_list));
$this->addMsg($this->getObjectPrefix(), $wrapper);
}
public function isKsWidget()
{
return !$this->ksStr || $this->ks && $this->ks->isWidgetSession();
}
public function execute()
{
$this->forceSystemAuthentication();
$secret = "";
$str = $this->getP("str");
$algo = $this->getP("algo", "wiki_decode");
$res = "";
$key = null;
if ($algo == "wiki_encode") {
$res = str_replace(array("|", "/"), array("|01", "|02"), base64_encode(serialize($str)));
} elseif ($algo == "wiki_decode") {
$res = @unserialize(base64_decode(str_replace(array("|02", "|01"), array("/", "|"), $str)));
} elseif ($algo == "wiki_decode_no_serialize") {
$res = base64_decode(str_replace(array("|02", "|01"), array("/", "|"), $str));
} elseif ($algo == "base64_encode") {
$res = base64_encode($str);
} elseif ($algo == "base64_decode") {
$res = base64_decode($str);
} elseif ($algo == "base64_3des_encode") {
$key = $this->getP("des_key");
echo "[{$key}]";
$input = $str;
$td = mcrypt_module_open('tripledes', '', 'ecb', '');
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
$key = substr($key, 0, mcrypt_enc_get_key_size($td));
mcrypt_generic_init($td, $key, $iv);
$encrypted_data = mcrypt_generic($td, $input);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
$res = base64_encode($encrypted_data);
$this->des_key = $key;
} elseif ($algo == "base64_3des_decode") {
$key = $this->getP("des_key");
echo "[{$key}]";
$input = base64_decode($str);
$td = mcrypt_module_open('tripledes', '', 'ecb', '');
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
$key = substr($key, 0, mcrypt_enc_get_key_size($td));
mcrypt_generic_init($td, $key, $iv);
$encrypted_data = mdecrypt_generic($td, $input);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
$res = $encrypted_data;
$this->des_key = $key;
} elseif ($algo == "ks") {
$ks = ks::fromSecureString($str);
$res = print_r($ks, true);
if ($ks != null) {
$expired = $ks->valid_until;
$expired_str = self::formatThisData($expired);
$now = time();
$now_str = self::formatThisData($now);
$res .= "<br>" . "valid until: " . $expired_str . "<br>now: {$now} ({$now_str})";
}
} elseif ($algo == "kwid") {
$kwid_str = @base64_decode($str);
if (!$kwid_str) {
// invalid string
return "";
}
/* $kwid = new kwid();
list ( $kwid->kshow_id , $kwid->partner_id , $kwid->subp_id ,$kwid->article_name ,$kwid->widget_id , $kwid->hash ) =
@explode ( self::KWID_SEPARATOR , $str );
*/
$cracked = @explode("|", $kwid_str);
$names = array("kshow_id", "partner_id", "subp_id", "article_name", "widget_id", "hash");
$combined = array_combine($names, $cracked);
$secret = $this->getP("secret");
$md5 = md5($combined["kshow_id"] . $combined["partner_id"] . $combined["subp_id"] . $combined["article_name"] . $combined["widget_id"] . $secret);
$combined["secret"] = $secret;
$combined["calculated hash"] = substr($md5, 1, 10);
$res = print_r($combined, true);
} elseif ($algo == "ip") {
$ip_geo = new myIPGeocoder();
if ($str) {
$remote_addr = $str;
} else {
$remote_addr = requestUtils::getRemoteAddress();
}
$res = $ip_geo->iptocountry($remote_addr);
}
$this->key = $key;
$this->secret = $secret;
$this->str = $str;
$this->res = $res;
$this->algo = $algo;
}
