public function assignPermissionAccess(Access $pa)
{
$db = Database::connection();
$co = $this->permissionObject->getBlockCollectionObject();
$arHandle = $this->permissionObject->getAreaHandle();
$db->Replace('BlockPermissionAssignments', array('cID' => $co->getCollectionID(), 'paID' => $pa->getPermissionAccessID(), 'cvID' => $co->getVersionID(), 'bID' => $this->permissionObject->getBlockID(), 'pkID' => $this->pk->getPermissionKeyID()), array('cID', 'cvID', 'bID', 'pkID'), true);
$pa->markAsInUse();
}
public function assignPermissionAccess(Access $pa)
{
$db = Loader::db();
$db->Replace('PagePermissionAssignments', array('cID' => $this->getPermissionObject()->getPermissionsCollectionID(), 'paID' => $pa->getPermissionAccessID(), 'pkID' => $this->pk->getPermissionKeyID()), array('cID', 'pkID'), true);
$pa->markAsInUse();
$cache = Core::make('cache/request');
$identifier = sprintf('permission/assignment/access/%s/%s', $this->pk->getPermissionKeyHandle(), $this->getPermissionObject()->getPermissionObjectIdentifier());
$cache->delete($identifier);
}
public function assignPermissionAccess(Access $pa)
{
$cnvID = 0;
if (is_object($this->permissionObject)) {
$cnvID = $this->permissionObject->getConversationID();
}
$db = Database::connection();
$db->Replace('ConversationPermissionAssignments', array('cnvID' => $cnvID, 'paID' => $pa->getPermissionAccessID(), 'pkID' => $this->pk->getPermissionKeyID()), array('cnvID', 'pkID'), true);
$pa->markAsInUse();
}
public function validate(PermissionAccess $pae)
{
if ($pae instanceof ConversationAccess) {
$message = $pae->getPermissionObject();
}
if ($message instanceof Message) {
$u = new User();
return $u->getUserID() == $message->getConversationMessageUserID();
}
return false;
}
public function validate(PermissionAccess $pae)
{
if ($pae instanceof FileSetPermissionAccess) {
return true;
}
if ($pae instanceof FilePermissionAccess) {
$f = $pae->getPermissionObject();
if (is_object($f)) {
$u = new User();
return $u->getUserID() == $f->getUserID();
}
}
return false;
}
public function assignPermissions($userOrGroup, $permissions = [], $accessType = Key::ACCESS_TYPE_INCLUDE, $cascadeToChildren = true)
{
if (!$cascadeToChildren) {
$this->setChildPermissionsToOverride();
}
$this->setPermissionsToOverride();
if (is_array($userOrGroup)) {
$pe = GroupCombinationEntity::getOrCreate($userOrGroup);
// group combination
} elseif ($userOrGroup instanceof User || $userOrGroup instanceof \Concrete\Core\User\UserInfo || $userOrGroup instanceof \Concrete\Core\User\User) {
$pe = UserEntity::getOrCreate($userOrGroup);
} elseif ($userOrGroup instanceof Entity) {
$pe = $userOrGroup;
} else {
// group;
$pe = GroupEntity::getOrCreate($userOrGroup);
}
foreach ($permissions as $pkHandle) {
$pk = Key::getByHandle($pkHandle);
$pk->setPermissionObject($this);
$pa = $pk->getPermissionAccessObject();
if (!is_object($pa)) {
$pa = Access::create($pk);
} elseif ($pa->isPermissionAccessInUse()) {
$pa = $pa->duplicate();
}
$pa->addListItem($pe, false, $accessType);
$pt = $pk->getPermissionAssignmentObject();
$pt->assignPermissionAccess($pa);
}
}
public function handlePageUpdate($event)
{
$page = $event->getPageObject();
$pk = PermissionKey::getByHandle('view_page');
$pk->setPermissionObject($page);
$list = $pk->getAccessListItems();
foreach ($list as $pa) {
$pae = $pa->getAccessEntityObject();
if ($pae->getAccessEntityTypeHandle() == 'group') {
if ($pae->getGroupObject()->getGroupID() == GUEST_GROUP_ID) {
$pd = $pa->getPermissionDurationObject();
if (!is_object($pd)) {
$pd = new PermissionDuration();
}
$publicDate = strtotime($page->getCollectionDatePublic());
$pd->setStartDateAllDay(0);
$pd->setEndDateAllDay(0);
$pd->setStartDate($dateStart = date('Y-m-d H:i:s', $publicDate));
$pd->save();
$paa = PermissionAccess::getByID($pa->paID, $pk);
$paa->addListItem($pae, $pd, PermissionKey::ACCESS_TYPE_INCLUDE);
}
}
}
}
public function save()
{
if (Loader::helper('validation/token')->validate('save_permissions')) {
$root = (new Filesystem())->getRootFolder();
$tp = new TaskPermission();
if ($tp->canAccessTaskPermissions()) {
$permissions = PermissionKey::getList('file_folder');
foreach ($permissions as $pk) {
$pk->setPermissionObject($root);
$paID = $_POST['pkID'][$pk->getPermissionKeyID()];
$pt = $pk->getPermissionAssignmentObject();
$pt->clearPermissionAssignment();
if ($paID > 0) {
$pa = Access::getByID($paID, $pk);
if (is_object($pa)) {
$pt->assignPermissionAccess($pa);
}
}
}
$this->redirect('/dashboard/system/files/permissions', 'updated');
}
} else {
$this->error->add(Loader::helper("validation/token")->getErrorMessage());
}
}
public function save()
{
if (Loader::helper('validation/token')->validate('save_permissions')) {
$tp = new TaskPermission();
if ($tp->canAccessTaskPermissions()) {
$permissions = PermissionKey::getList('sitemap');
$permissions = array_merge($permissions, PermissionKey::getList('notification'));
$permissions = array_merge($permissions, PermissionKey::getList('marketplace_newsflow'));
$permissions = array_merge($permissions, PermissionKey::getList('admin'));
foreach ($permissions as $pk) {
$paID = $_POST['pkID'][$pk->getPermissionKeyID()];
$pt = $pk->getPermissionAssignmentObject();
$pt->clearPermissionAssignment();
if ($paID > 0) {
$pa = PermissionAccess::getByID($paID, $pk);
if (is_object($pa)) {
$pt->assignPermissionAccess($pa);
}
}
}
$this->redirect('/dashboard/system/registration/notification', 'updated');
}
} else {
$this->error->add(Loader::helper("validation/token")->getErrorMessage());
}
$this->view();
}
public function publish(Key $key, AccessEntity $entity)
{
$pa = Access::create($key);
foreach ($this->getAssignments($entity) as $pae) {
$pa->addListItem($pae);
}
$pt = $key->getPermissionAssignmentObject();
$pt->assignPermissionAccess($pa);
}
public function setDefaultPermissions(FileManager $tree)
{
$rootNode = $tree->getRootTreeNodeObject();
$adminGroupEntity = GroupEntity::getOrCreate(Group::getByID(ADMIN_GROUP_ID));
$pk = CategoryTreeNodeKey::getByHandle('view_category_tree_node');
$pk->setPermissionObject($rootNode);
$pa = Access::create($pk);
$pa->addListItem($adminGroupEntity);
$pt = $pk->getPermissionAssignmentObject();
$pt->assignPermissionAccess($pa);
}
public function getAccessEntityUsers(PermissionAccess $pae)
{
$c = null;
if ($pae instanceof PagePermissionAccess) {
$c = $pae->getPermissionObject();
} else {
if ($pae instanceof AreaPermissionAccess) {
$c = $pae->getPermissionObject()->getAreaCollectionObject();
} else {
if ($pae instanceof BlockPermissionAccess) {
$a = $pae->getPermissionObject()->getBlockAreaObject();
$c = $a->getAreaCollectionObject();
}
}
}
if (is_object($c) && $c instanceof Page) {
$ui = UserInfo::getByID($c->getCollectionUserID());
$users = array($ui);
return $users;
}
}
public function apply($mixed)
{
$key = Key::getByHandle($this->pkHandle);
$entity = $mixed->getAccessEntity();
$pa = $key->getPermissionAccessObject();
if (!is_object($pa)) {
$pa = Access::create($key);
}
$pa->addListItem($entity, false, $this->accessType);
$pt = $key->getPermissionAssignmentObject();
$pt->assignPermissionAccess($pa);
}
public function getPermissionAccessObject()
{
$db = Database::connection();
if ($this->permissionObjectToCheck instanceof TopicTreeNode) {
$pa = parent::getPermissionAccessObject();
} elseif ($this->permissionObjectToCheck instanceof CategoryTreeNode && isset($this->inheritedPermissions[$this->pk->getPermissionKeyHandle()])) {
$inheritedPKID = $db->GetOne('select pkID from PermissionKeys where pkHandle = ?', array($this->inheritedPermissions[$this->pk->getPermissionKeyHandle()]));
$r = $db->GetOne('select paID from TreeNodePermissionAssignments where treeNodeID = ? and pkID = ?', array($this->permissionObjectToCheck->getTreeNodePermissionsNodeID(), $inheritedPKID));
$pa = Access::getByID($r, $this->pk);
} else {
return false;
}
return $pa;
}
/**
* @return Access
*/
public function getPermissionAccessObject()
{
$cache = \Core::make('cache/request');
$identifier = sprintf('permission/key/assignment/%s', $this->pk->getPermissionKeyID());
$item = $cache->getItem($identifier);
if (!$item->isMiss()) {
return $item->get();
}
$item->lock();
$db = Loader::db();
$paID = $db->GetOne('select paID from PermissionAssignments where pkID = ?', array($this->pk->getPermissionKeyID()));
$pa = Access::getByID($paID, $this->pk);
$cache->save($item->set($pa));
return $pa;
}
public function updateDetails($post)
{
$permissions = PermissionKey::getList('basic_workflow');
foreach ($permissions as $pk) {
$pk->setPermissionObject($this);
$pt = $pk->getPermissionAssignmentObject();
$paID = $post['pkID'][$pk->getPermissionKeyID()];
$pt->clearPermissionAssignment();
if ($paID > 0) {
$pa = PermissionAccess::getByID($paID, $pk);
if (is_object($pa)) {
$pt->assignPermissionAccess($pa);
}
}
}
}
public function import(\SimpleXMLElement $sx)
{
if (isset($sx->permissionkeys)) {
foreach ($sx->permissionkeys->permissionkey as $pk) {
if (is_object(Key::getByHandle((string) $pk['handle']))) {
continue;
}
$pkc = Category::getByHandle((string) $pk['category']);
$c1 = $pkc->getPermissionKeyClass();
$pkx = call_user_func(array($c1, 'import'), $pk);
$assignments = array();
if (isset($pk->access)) {
foreach ($pk->access->children() as $ch) {
if ($ch->getName() == 'group') {
/*
* Legacy
*/
$g = Group::getByName($ch['name']);
if (!is_object($g)) {
$g = Group::add($g['name'], $g['description']);
}
$pae = GroupEntity::getOrCreate($g);
$assignments[] = $pae;
}
if ($ch->getName() == 'entity') {
$type = Type::getByHandle((string) $ch['type']);
$class = $type->getAccessEntityTypeClass();
if (method_exists($class, 'configureFromImport')) {
$pae = $class::configureFromImport($ch);
$assignments[] = $pae;
}
}
}
}
if (count($assignments)) {
$pa = Access::create($pkx);
foreach ($assignments as $pae) {
$pa->addListItem($pae);
}
$pt = $pkx->getPermissionAssignmentObject();
$pt->assignPermissionAccess($pa);
}
}
}
}
public static function add()
{
// copy permissions from the other node.
$rootNode = ExpressEntryCategory::add();
$treeID = parent::create($rootNode);
$tree = self::getByID($treeID);
$adminGroupEntity = GroupEntity::getOrCreate(ConcreteGroup::getByID(ADMIN_GROUP_ID));
$permissions = ['view_express_entries', 'add_express_entries', 'edit_express_entries', 'delete_express_entries'];
foreach ($permissions as $handle) {
$pk = ExpressTreeNodeKey::getByHandle($handle);
$pk->setPermissionObject($rootNode);
$pa = Access::create($pk);
$pa->addListItem($adminGroupEntity);
$pt = $pk->getPermissionAssignmentObject();
$pt->assignPermissionAccess($pa);
}
return $tree;
}
public static function add($name)
{
// copy permissions from the other node.
$rootNode = CategoryTreeNode::add();
$treeID = parent::create($rootNode);
$tree = self::getByID($treeID);
$tree->setTopicTreeName($name);
// by default, topic trees are viewable by all
$guestGroupEntity = GroupPermissionAccessEntity::getOrCreate(UserGroup::getByID(GUEST_GROUP_ID));
$pk = CategoryTreeNodePermissionKey::getByHandle('view_category_tree_node');
if (is_object($pk)) {
$pk->setPermissionObject($rootNode);
$pa = PermissionAccess::create($pk);
$pa->addListItem($guestGroupEntity);
$pt = $pk->getPermissionAssignmentObject();
$pt->assignPermissionAccess($pa);
}
return $tree;
}
public function copyFromFileSetToFile()
{
$opa = $this->getPermissionAccessObject();
$paID = false;
if (is_object($opa)) {
$paID = $opa->getPermissionAccessID();
}
if ($paID == -1) {
// this is proceeding from a merged file set assignment (copying from multiple file sets)
$npa = Access::create($this);
$ids = $opa->getPermissionAccessIDList();
foreach ($ids as $paID) {
$pax = Access::getByID($paID, $this);
$pax->duplicate($npa);
}
$paID = $npa->getPermissionAccessID();
}
if ($paID) {
$db = Loader::db();
$db->Replace('FilePermissionAssignments', array('fID' => $this->permissionObject->getFileID(), 'pkID' => $this->getPermissionKeyID(), 'paID' => $paID), array('fID', 'paID', 'pkID'), true);
}
}
public function save()
{
$this->view($this->post('ptID'));
if (Loader::helper('validation/token')->validate('save_permissions')) {
$permissions = PermissionKey::getList('page_type');
foreach ($permissions as $pk) {
$pk->setPermissionObject($this->pagetype);
$paID = $_POST['pkID'][$pk->getPermissionKeyID()];
$pt = $pk->getPermissionAssignmentObject();
$pt->clearPermissionAssignment();
if ($paID > 0) {
$pa = Access::getByID($paID, $pk);
if (is_object($pa)) {
$pt->assignPermissionAccess($pa);
}
}
}
if (Config::get('concrete.permissions.model') == 'advanced') {
$permissions = PermissionKey::getList('page');
$defaultPage = $this->pagetype->getPageTypePageTemplateDefaultPageObject();
foreach ($permissions as $pk) {
$pk->setPermissionObject($defaultPage);
$paID = $_POST['pkID'][$pk->getPermissionKeyID()];
$pt = $pk->getPermissionAssignmentObject();
$pt->clearPermissionAssignment();
if ($paID > 0) {
$pa = Access::getByID($paID, $pk);
if (is_object($pa)) {
$pt->assignPermissionAccess($pa);
}
}
}
}
$this->redirect('/dashboard/pages/types/permissions', $this->pagetype->getPageTypeID(), 'updated');
} else {
$this->error->add(Loader::helper("validation/token")->getErrorMessage());
}
}
public function assignPermissionAccess(Access $pa)
{
$db = Database::connection();
$db->Replace('FilePermissionAssignments', array('fID' => $this->getPermissionObject()->getFileID(), 'paID' => $pa->getPermissionAccessID(), 'pkID' => $this->pk->getPermissionKeyID()), array('fID', 'pkID'), true);
$pa->markAsInUse();
}
public function installMaintenanceModePermission()
{
$pk = Key::getByHandle('view_in_maintenance_mode');
if (!$pk instanceof Key) {
$pk = Key::add('admin', 'view_in_maintenance_mode', 'View Site in Maintenance Mode', 'Controls whether a user can access the website when its under maintenance.', false, false);
$pa = $pk->getPermissionAccessObject();
if (!is_object($pa)) {
$pa = Access::create($pk);
}
$adminGroup = Group::getByID(ADMIN_GROUP_ID);
if ($adminGroup) {
$adminGroupEntity = GroupEntity::getOrCreate($adminGroup);
$pa->addListItem($adminGroupEntity);
$pt = $pk->getPermissionAssignmentObject();
$pt->assignPermissionAccess($pa);
}
}
}
public function setPropertiesFromArray($arr)
{
return parent::setPropertiesFromArray($arr);
}
public function addNotifications()
{
$this->output(t('Adding notifications...'));
$adminGroupEntity = GroupEntity::getOrCreate(\Group::getByID(ADMIN_GROUP_ID));
$adminUserEntity = UserEntity::getOrCreate(\UserInfo::getByID(USER_SUPER_ID));
$pk = Key::getByHandle('notify_in_notification_center');
$pa = Access::create($pk);
$pa->addListItem($adminUserEntity);
$pa->addListItem($adminGroupEntity);
$pt = $pk->getPermissionAssignmentObject();
$pt->assignPermissionAccess($pa);
}
public function assignPermissionAccess(Access $pa)
{
$db = Database::connection();
$db->Replace('AreaPermissionAssignments', array('cID' => $this->getPermissionObject()->getCollectionID(), 'arHandle' => $this->getPermissionObject()->getAreaHandle(), 'paID' => $pa->getPermissionAccessID(), 'pkID' => $this->pk->getPermissionKeyID()), array('cID', 'arHandle', 'pkID'), true);
$pa->markAsInUse();
}
public function save_simple()
{
if ($this->validateAction()) {
$c = $this->page;
$c->setPermissionsToManualOverride();
$pk = PermissionKey::getByHandle('view_page');
$pk->setPermissionObject($c);
$pt = $pk->getPermissionAssignmentObject();
$pt->clearPermissionAssignment();
$pa = Access::create($pk);
if (is_array($_POST['readGID'])) {
foreach ($_POST['readGID'] as $gID) {
$pa->addListItem(GroupPermissionAccessEntity::getOrCreate(Group::getByID($gID)));
}
}
$pt->assignPermissionAccess($pa);
$editAccessEntities = array();
if (is_array($_POST['editGID'])) {
foreach ($_POST['editGID'] as $gID) {
$editAccessEntities[] = GroupPermissionAccessEntity::getOrCreate(Group::getByID($gID));
}
}
$editPermissions = array('view_page_versions', 'edit_page_properties', 'edit_page_contents', 'edit_page_speed_settings', 'edit_page_multilingual_settings', 'edit_page_theme', 'edit_page_page_type', 'edit_page_template', 'edit_page_permissions', 'preview_page_as_user', 'schedule_page_contents_guest_access', 'delete_page', 'delete_page_versions', 'approve_page_versions', 'add_subpage', 'move_or_copy_page');
foreach ($editPermissions as $pkHandle) {
$pk = PermissionKey::getByHandle($pkHandle);
$pk->setPermissionObject($c);
$pt = $pk->getPermissionAssignmentObject();
$pt->clearPermissionAssignment();
$pa = Access::create($pk);
foreach ($editAccessEntities as $editObj) {
$pa->addListItem($editObj);
}
$pt->assignPermissionAccess($pa);
}
$r = new PageEditResponse();
$r->setPage($this->page);
$r->setTitle(t('Page Updated'));
$r->setMessage(t('Page permissions have been saved.'));
$r->outputJSON();
}
}
public function assignPermissionAccess(Access $pa)
{
$db = Loader::db();
$db->Replace('PageTypePermissionAssignments', array('ptID' => $this->getPermissionObject()->getPageTypeID(), 'paID' => $pa->getPermissionAccessID(), 'pkID' => $this->pk->getPermissionKeyID()), array('ptID', 'pkID'), true);
$pa->markAsInUse();
}
public function approve(WorkflowProgress $wp)
{
$c = Page::getByID($this->getRequestedPageID());
$ps = $this->getPagePermissionSet();
$assignments = $ps->getPermissionAssignments();
foreach ($assignments as $pkID => $paID) {
$pk = PermissionKey::getByID($pkID);
$pk->setPermissionObject($c);
$pt = $pk->getPermissionAssignmentObject();
$pt->clearPermissionAssignment();
if ($paID > 0) {
$pa = PermissionAccess::getByID($paID, $pk);
if (is_object($pa)) {
$pt->assignPermissionAccess($pa);
}
}
}
$c->refreshCache();
$wpr = new WorkflowProgressResponse();
$wpr->setWorkflowProgressResponseURL(\URL::to($c));
return $wpr;
}
public function view()
{
$editAccess = array();
if (Config::get('concrete.permissions.model') != 'simple') {
return;
}
$home = Page::getByID(1, "RECENT");
$pk = PermissionKey::getByHandle('view_page');
$pk->setPermissionObject($home);
$assignments = $pk->getAccessListItems();
foreach ($assignments as $asi) {
$ae = $asi->getAccessEntityObject();
if ($ae->getAccessEntityTypeHandle() == 'group' && $ae->getGroupObject()->getGroupID() == GUEST_GROUP_ID) {
$this->set('guestCanRead', true);
} elseif ($ae->getAccessEntityTypeHandle() == 'group' && $ae->getGroupObject()->getGroupID() == REGISTERED_GROUP_ID) {
$this->set('registeredCanRead', true);
}
}
$gl = new GroupList();
$gl->filter('gID', REGISTERED_GROUP_ID, '>');
$gIDs = $gl->getResults();
$gArray = array();
foreach ($gIDs as $g) {
$gArray[] = $g;
}
$pk = PermissionKey::getByHandle('edit_page_contents');
$pk->setPermissionObject($home);
$assignments = $pk->getAccessListItems();
foreach ($assignments as $asi) {
$ae = $asi->getAccessEntityObject();
if ($ae->getAccessEntityTypeHandle() == 'group') {
$groupObject = $ae->getGroupObject();
if ($groupObject) {
$editAccess[] = $ae->getGroupObject()->getGroupID();
}
}
}
$this->set('home', $home);
$this->set('gArray', $gArray);
$this->set('editAccess', $editAccess);
if ($this->isPost()) {
if ($this->token->validate('site_permissions_code')) {
switch ($_POST['view']) {
case "ANYONE":
$viewObj = GroupPermissionAccessEntity::getOrCreate(Group::getByID(GUEST_GROUP_ID));
break;
case "USERS":
$viewObj = GroupPermissionAccessEntity::getOrCreate(Group::getByID(REGISTERED_GROUP_ID));
break;
case "PRIVATE":
$viewObj = GroupPermissionAccessEntity::getOrCreate(Group::getByID(ADMIN_GROUP_ID));
break;
}
$pk = PermissionKey::getByHandle('view_page');
$pk->setPermissionObject($home);
$pt = $pk->getPermissionAssignmentObject();
$pt->clearPermissionAssignment();
$pa = PermissionAccess::create($pk);
$pa->addListItem($viewObj);
$pt->assignPermissionAccess($pa);
$editAccessEntities = array();
if (is_array($_POST['gID'])) {
foreach ($_POST['gID'] as $gID) {
$editAccessEntities[] = GroupPermissionAccessEntity::getOrCreate(Group::getByID($gID));
}
}
$editPermissions = array('view_page_versions', 'edit_page_properties', 'edit_page_contents', 'edit_page_speed_settings', 'edit_page_multilingual_settings', 'edit_page_theme', 'edit_page_page_type', 'edit_page_template', 'edit_page_permissions', 'delete_page', 'preview_page_as_user', 'schedule_page_contents_guest_access', 'delete_page_versions', 'approve_page_versions', 'add_subpage', 'move_or_copy_page');
foreach ($editPermissions as $pkHandle) {
$pk = PermissionKey::getByHandle($pkHandle);
$pk->setPermissionObject($home);
$pt = $pk->getPermissionAssignmentObject();
$pt->clearPermissionAssignment();
$pa = PermissionAccess::create($pk);
foreach ($editAccessEntities as $editObj) {
$pa->addListItem($editObj);
}
$pt->assignPermissionAccess($pa);
}
$pkx = PermissionKey::getbyHandle('add_block');
$pt = $pkx->getPermissionAssignmentObject();
$pt->clearPermissionAssignment();
$pa = PermissionAccess::create($pkx);
foreach ($editAccessEntities as $editObj) {
$pa->addListItem($editObj);
}
$pt->assignPermissionAccess($pa);
$pkx = PermissionKey::getbyHandle('add_stack');
$pt = $pkx->getPermissionAssignmentObject();
$pt->clearPermissionAssignment();
$pa = PermissionAccess::create($pkx);
foreach ($editAccessEntities as $editObj) {
$pa->addListItem($editObj);
}
$pt->assignPermissionAccess($pa);
$cms = Core::make('app');
$cms->clearCaches();
$this->redirect('/dashboard/system/permissions/site/', 'saved');
} else {
$this->error->add($this->token->getErrorMessage());
}
}
}
