public function set_site_permissions() { $fs = FileSet::getGlobal(); $g1 = Group::getByID(GUEST_GROUP_ID); $g2 = Group::getByID(REGISTERED_GROUP_ID); $g3 = Group::getByID(ADMIN_GROUP_ID); $fs->assignPermissions($g1, array('view_file_set_file')); $fs->assignPermissions($g3, array('view_file_set_file', 'search_file_set', 'edit_file_set_file_properties', 'edit_file_set_file_contents', 'copy_file_set_files', 'edit_file_set_permissions', 'delete_file_set_files', 'delete_file_set', 'add_file')); if (defined('SITE_INSTALL_LOCALE') && SITE_INSTALL_LOCALE != '' && SITE_INSTALL_LOCALE != 'en_US') { Config::save('concrete.locale', SITE_INSTALL_LOCALE); } Config::save('concrete.site', SITE); Config::save('concrete.version_installed', APP_VERSION); $u = new User(); $u->saveConfig('NEWSFLOW_LAST_VIEWED', 'FIRSTRUN'); $home = Page::getByID(1, "RECENT"); $home->assignPermissions($g1, array('view_page')); $home->assignPermissions($g3, array('view_page_versions', 'view_page_in_sitemap', 'preview_page_as_user', 'edit_page_properties', 'edit_page_contents', 'edit_page_speed_settings', 'edit_page_multilingual_settings', 'edit_page_theme', 'edit_page_template', 'edit_page_permissions', 'delete_page', 'delete_page_versions', 'approve_page_versions', 'add_subpage', 'move_or_copy_page', 'schedule_page_contents_guest_access')); // login $login = Page::getByPath('/login', "RECENT"); $login->assignPermissions($g1, array('view_page')); // register $register = Page::getByPath('/register', "RECENT"); $register->assignPermissions($g1, array('view_page')); // dashboard $dashboard = Page::getByPath('/dashboard', "RECENT"); $dashboard->assignPermissions($g3, array('view_page')); // drafts $drafts = Page::getByPath('/!drafts', "RECENT"); $drafts->assignPermissions($g1, array('view_page')); $drafts->assignPermissions($g3, array('view_page_versions', 'view_page_in_sitemap', 'preview_page_as_user', 'edit_page_properties', 'edit_page_contents', 'edit_page_speed_settings', 'edit_page_theme', 'edit_page_template', 'edit_page_permissions', 'delete_page', 'delete_page_versions', 'approve_page_versions', 'add_subpage', 'move_or_copy_page', 'schedule_page_contents_guest_access')); $drafts->assignPermissions(PageOwnerPermissionAccessEntity::getOrCreate(), array('view_page_versions', 'edit_page_properties', 'edit_page_contents', 'edit_page_template', 'delete_page', 'delete_page_versions', 'approve_page_versions')); $config = \Core::make('config/database'); $config->save('concrete.security.token.jobs', Core::make('helper/validation/identifier')->getString(64)); $config->save('concrete.security.token.encryption', Core::make('helper/validation/identifier')->getString(64)); $config->save('concrete.security.token.validation', Core::make('helper/validation/identifier')->getString(64)); // group permissions $tree = GroupTree::get(); $node = $tree->getRootTreeNodeObject(); $permissions = array('search_users_in_group', 'edit_group', 'assign_group', 'add_sub_group', 'edit_group_permissions'); $adminGroupEntity = GroupPermissionAccessEntity::getOrCreate($g3); foreach ($permissions as $pkHandle) { $pk = PermissionKey::getByHandle($pkHandle); $pk->setPermissionObject($node); $pa = PermissionAccess::create($pk); $pa->addListItem($adminGroupEntity); $pt = $pk->getPermissionAssignmentObject(); $pt->assignPermissionAccess($pa); } // conversation permissions $messageAuthorEntity = ConversationMessageAuthorEntity::getOrCreate(); $guestEntity = GroupPermissionAccessEntity::getOrCreate($g1); $registeredEntity = GroupPermissionAccessEntity::getOrCreate($g2); $pk = PermissionKey::getByHandle('add_conversation_message'); $pa = PermissionAccess::create($pk); $pa->addListItem($guestEntity); $pt = $pk->getPermissionAssignmentObject(); $pt->assignPermissionAccess($pa); $pk = PermissionKey::getByHandle('add_conversation_message_attachments'); $pa = PermissionAccess::create($pk); $pa->addListItem($guestEntity); $pt = $pk->getPermissionAssignmentObject(); $pt->assignPermissionAccess($pa); $pk = PermissionKey::getByHandle('edit_conversation_message'); $pa = PermissionAccess::create($pk); $pa->addListItem($messageAuthorEntity); $pa->addListItem($adminGroupEntity); $pt = $pk->getPermissionAssignmentObject(); $pt->assignPermissionAccess($pa); $pk = PermissionKey::getByHandle('delete_conversation_message'); $pa = PermissionAccess::create($pk); $pa->addListItem($messageAuthorEntity); $pa->addListItem($adminGroupEntity); $pt = $pk->getPermissionAssignmentObject(); $pt->assignPermissionAccess($pa); $pk = PermissionKey::getByHandle('rate_conversation_message'); $pa = PermissionAccess::create($pk); $pa->addListItem($registeredEntity); $pa->addListItem($adminGroupEntity); $pt = $pk->getPermissionAssignmentObject(); $pt->assignPermissionAccess($pa); $permissions = array('edit_conversation_permissions', 'flag_conversation_message', 'approve_conversation_message'); foreach ($permissions as $pkHandle) { $pk = PermissionKey::getByHandle($pkHandle); $pa = PermissionAccess::create($pk); $pa->addListItem($adminGroupEntity); $pt = $pk->getPermissionAssignmentObject(); $pt->assignPermissionAccess($pa); } }
<?php defined('C5_EXECUTE') or die("Access Denied."); use Concrete\Core\Permission\Access\Entity\PageOwnerEntity as PageOwnerPermissionAccessEntity; if (Loader::helper('validation/token')->validate('process')) { $js = Loader::helper('json'); $obj = new stdClass(); $pae = PageOwnerPermissionAccessEntity::getOrCreate(); $obj->peID = $pae->getAccessEntityID(); $obj->label = $pae->getAccessEntityLabel(); print $js->encode($obj); }
/** * Sets up a list to only return items the proper user can access */ public function setupPermissions() { $u = new User(); if ($u->isSuperUser() || $this->ignorePermissions) { return; // super user always sees everything. no need to limit } $accessEntities = $u->getUserAccessEntityObjects(); $peIDs = array('-1'); foreach ($accessEntities as $pae) { $peIDs[] = $pae->getAccessEntityID(); } $owpae = PageOwnerPermissionAccessEntity::getOrCreate(); // now we retrieve a list of permission duration object IDs that are attached view_page or view_page_version // against any of these access entity objects. We just get'em all. $db = Loader::db(); $activePDIDs = array(); $vpPKID = $db->GetOne('select pkID from PermissionKeys where pkHandle = ?', array($this->viewPagePermissionKeyHandle)); /* $vpvPKID = $db->GetOne('select pkID from PermissionKeys where pkHandle = \'view_page_versions\''); $pdIDs = $db->GetCol("select distinct pdID from PagePermissionAssignments ppa inner join PermissionAccessList pa on ppa.paID = pa.paID where pkID in (?, ?) and pdID > 0", array($vpPKID, $vpvPKID)); */ $pdIDs = $db->GetCol("select distinct pdID from PagePermissionAssignments ppa inner join PermissionAccessList pa on ppa.paID = pa.paID where pkID =? and pdID > 0", array($vpPKID)); if (count($pdIDs) > 0) { // then we iterate through all of them and find any that are active RIGHT NOW foreach ($pdIDs as $pdID) { $pd = PermissionDuration::getByID($pdID); if ($pd->isActive()) { $activePDIDs[] = $pd->getPermissionDurationID(); } } } $activePDIDs[] = 0; if ($this->includeAliases) { $cInheritPermissionsFromCID = 'if(p2.cID is null, p1.cInheritPermissionsFromCID, p2.cInheritPermissionsFromCID)'; } else { $cInheritPermissionsFromCID = 'p1.cInheritPermissionsFromCID'; } if ($this->displayOnlyApprovedPages) { $cvIsApproved = ' and cv.cvIsApproved = 1'; } $uID = 0; if ($u->isRegistered()) { $uID = $u->getUserID(); } /* $this->filter(false, "((select count(cID) from PagePermissionAssignments ppa1 inner join PermissionAccessList pa1 on ppa1.paID = pa1.paID where ppa1.cID = {$cInheritPermissionsFromCID} and pa1.accessType = " . PermissionKey::ACCESS_TYPE_INCLUDE . " and pa1.pdID in (" . implode(',', $activePDIDs) . ") and pa1.peID in (" . implode(',', $peIDs) . ") and (if(pa1.peID = " . $owpae->getAccessEntityID() . " and p1.uID <>" . $uID . ", false, true)) and (ppa1.pkID = " . $vpPKID . $cvIsApproved . " or ppa1.pkID = " . $vpvPKID . ")) > 0 or (p1.cPointerExternalLink !='' AND p1.cPointerExternalLink IS NOT NULL))"); $this->filter(false, "((select count(cID) from PagePermissionAssignments ppaExclude inner join PermissionAccessList paExclude on ppaExclude.paID = paExclude.paID where ppaExclude.cID = {$cInheritPermissionsFromCID} and accessType = " . PermissionKey::ACCESS_TYPE_EXCLUDE . " and pdID in (" . implode(',', $activePDIDs) . ") and paExclude.peID in (" . implode(',', $peIDs) . ") and (if(paExclude.peID = " . $owpae->getAccessEntityID() . " and p1.uID <>" . $uID . ", false, true)) and (ppaExclude.pkID = " . $vpPKID . $cvIsApproved . " or ppaExclude.pkID = " . $vpvPKID . ")) = 0)"); */ $this->filter(false, "((select count(cID) from PagePermissionAssignments ppa1 inner join PermissionAccessList pa1 on ppa1.paID = pa1.paID where ppa1.cID = {$cInheritPermissionsFromCID} and pa1.accessType = " . PermissionKey::ACCESS_TYPE_INCLUDE . " and pa1.pdID in (" . implode(',', $activePDIDs) . ")\n\t\t\tand pa1.peID in (" . implode(',', $peIDs) . ") and (if(pa1.peID = " . $owpae->getAccessEntityID() . " and p1.uID <>" . $uID . ", false, true)) and (ppa1.pkID = " . $vpPKID . $cvIsApproved . ")) > 0\n\t\t\tor (p1.cPointerExternalLink !='' AND p1.cPointerExternalLink IS NOT NULL))"); $this->filter(false, "((select count(cID) from PagePermissionAssignments ppaExclude inner join PermissionAccessList paExclude on ppaExclude.paID = paExclude.paID where ppaExclude.cID = {$cInheritPermissionsFromCID} and accessType = " . PermissionKey::ACCESS_TYPE_EXCLUDE . " and pdID in (" . implode(',', $activePDIDs) . ")\n\t\t\tand paExclude.peID in (" . implode(',', $peIDs) . ") and (if(paExclude.peID = " . $owpae->getAccessEntityID() . " and p1.uID <>" . $uID . ", false, true)) and (ppaExclude.pkID = " . $vpPKID . $cvIsApproved . ")) = 0)"); }
/** * Add a page type. * * @param array $data { * @var string $handle A string which can be used to identify the page type * @var string $name A user friendly display name * @var \PageTemplate $defaultTemplate The default template object * @var string $allowedTemplates (A|C|X) A for all, C for selected only, X for non-selected only * @var \PageTemplate[] $templates Array or Iterator of selected templates, see `$allowedTemplates` * @var bool $internal Is this an internal only page type? Default: `false` * @var bool $ptLaunchInComposer Does this launch in composer? Default: `false` * @var bool $ptIsFrequentlyAdded Should this always be displayed in the pages panel? Default: `false` * } * @param bool|Package $pkg This should be false if the type is not tied to a package, or a package object * * @return static|mixed|null */ public static function add($data, $pkg = false) { $data = $data + array('defaultTemplate' => null, 'allowedTemplates' => null, 'templates' => null, 'internal' => null, 'ptLaunchInComposer' => null, 'ptIsFrequentlyAdded' => null); $ptHandle = $data['handle']; $ptName = $data['name']; $ptDefaultPageTemplateID = 0; $ptIsFrequentlyAdded = 0; $ptLaunchInComposer = 0; $pkgID = 0; if (is_object($pkg)) { $pkgID = $pkg->getPackageID(); } if (is_object($data['defaultTemplate'])) { $ptDefaultPageTemplateID = $data['defaultTemplate']->getPageTemplateID(); } $ptAllowedPageTemplates = 'A'; if ($data['allowedTemplates']) { $ptAllowedPageTemplates = $data['allowedTemplates']; } $templates = array(); if (is_array($data['templates'])) { $templates = $data['templates']; } $ptIsInternal = 0; if ($data['internal']) { $ptIsInternal = 1; } if ($data['ptLaunchInComposer']) { $ptLaunchInComposer = 1; } if ($data['ptIsFrequentlyAdded']) { $ptIsFrequentlyAdded = 1; } $db = Loader::db(); $ptDisplayOrder = 0; $count = $db->GetOne('select count(ptID) from PageTypes where ptIsInternal = ?', array($ptIsInternal)); if ($count > 0) { $ptDisplayOrder = $count; } $db->Execute('insert into PageTypes (ptName, ptHandle, ptDefaultPageTemplateID, ptAllowedPageTemplates, ptIsInternal, ptLaunchInComposer, ptDisplayOrder, ptIsFrequentlyAdded, pkgID) values (?, ?, ?, ?, ?, ?, ?, ?, ?)', array($ptName, $ptHandle, $ptDefaultPageTemplateID, $ptAllowedPageTemplates, $ptIsInternal, $ptLaunchInComposer, $ptDisplayOrder, $ptIsFrequentlyAdded, $pkgID)); $ptID = $db->Insert_ID(); if ($ptAllowedPageTemplates != 'A') { foreach ($templates as $pt) { $db->Execute('insert into PageTypePageTemplates (ptID, pTemplateID) values (?, ?)', array($ptID, $pt->getPageTemplateID())); } } $ptt = static::getByID($ptID); // set all type publish target as default $target = PageTypePublishTargetType::getByHandle('all'); if (is_object($target)) { $configuredTarget = $target->configurePageTypePublishTarget($ptt, array()); $ptt->setConfiguredPageTypePublishTargetObject($configuredTarget); } // copy permissions from the defaults to the page type $cpk = PermissionKey::getByHandle('access_page_type_permissions'); $permissions = PermissionKey::getList('page_type'); foreach ($permissions as $pk) { $pk->setPermissionObject($ptt); $pk->copyFromDefaultsToPageType($cpk); } // now we clear the default from edit page drafts $pk = PermissionKey::getByHandle('edit_page_type_drafts'); if (is_object($pk)) { $pk->setPermissionObject($ptt); $pt = $pk->getPermissionAssignmentObject(); if (is_object($pt)) { $pt->clearPermissionAssignment(); } // now we assign the page draft owner access entity $pa = PermissionAccess::create($pk); $pe = PageOwnerPermissionAccessEntity::getOrCreate(); $pa->addListItem($pe); $pt->assignPermissionAccess($pa); return $ptt; } }