public function assignPermissions($userOrGroup, $permissions = [], $accessType = Key::ACCESS_TYPE_INCLUDE, $cascadeToChildren = true) { if (!$cascadeToChildren) { $this->setChildPermissionsToOverride(); } $this->setPermissionsToOverride(); if (is_array($userOrGroup)) { $pe = GroupCombinationEntity::getOrCreate($userOrGroup); // group combination } elseif ($userOrGroup instanceof User || $userOrGroup instanceof \Concrete\Core\User\UserInfo || $userOrGroup instanceof \Concrete\Core\User\User) { $pe = UserEntity::getOrCreate($userOrGroup); } elseif ($userOrGroup instanceof Entity) { $pe = $userOrGroup; } else { // group; $pe = GroupEntity::getOrCreate($userOrGroup); } foreach ($permissions as $pkHandle) { $pk = Key::getByHandle($pkHandle); $pk->setPermissionObject($this); $pa = $pk->getPermissionAccessObject(); if (!is_object($pa)) { $pa = Access::create($pk); } elseif ($pa->isPermissionAccessInUse()) { $pa = $pa->duplicate(); } $pa->addListItem($pe, false, $accessType); $pt = $pk->getPermissionAssignmentObject(); $pt->assignPermissionAccess($pa); } }
public function publish(Key $key, AccessEntity $entity) { $pa = Access::create($key); foreach ($this->getAssignments($entity) as $pae) { $pa->addListItem($pae); } $pt = $key->getPermissionAssignmentObject(); $pt->assignPermissionAccess($pa); }
public function setDefaultPermissions(FileManager $tree) { $rootNode = $tree->getRootTreeNodeObject(); $adminGroupEntity = GroupEntity::getOrCreate(Group::getByID(ADMIN_GROUP_ID)); $pk = CategoryTreeNodeKey::getByHandle('view_category_tree_node'); $pk->setPermissionObject($rootNode); $pa = Access::create($pk); $pa->addListItem($adminGroupEntity); $pt = $pk->getPermissionAssignmentObject(); $pt->assignPermissionAccess($pa); }
public function apply($mixed) { $key = Key::getByHandle($this->pkHandle); $entity = $mixed->getAccessEntity(); $pa = $key->getPermissionAccessObject(); if (!is_object($pa)) { $pa = Access::create($key); } $pa->addListItem($entity, false, $this->accessType); $pt = $key->getPermissionAssignmentObject(); $pt->assignPermissionAccess($pa); }
public function import(\SimpleXMLElement $sx) { if (isset($sx->permissionkeys)) { foreach ($sx->permissionkeys->permissionkey as $pk) { if (is_object(Key::getByHandle((string) $pk['handle']))) { continue; } $pkc = Category::getByHandle((string) $pk['category']); $c1 = $pkc->getPermissionKeyClass(); $pkx = call_user_func(array($c1, 'import'), $pk); $assignments = array(); if (isset($pk->access)) { foreach ($pk->access->children() as $ch) { if ($ch->getName() == 'group') { /* * Legacy */ $g = Group::getByName($ch['name']); if (!is_object($g)) { $g = Group::add($g['name'], $g['description']); } $pae = GroupEntity::getOrCreate($g); $assignments[] = $pae; } if ($ch->getName() == 'entity') { $type = Type::getByHandle((string) $ch['type']); $class = $type->getAccessEntityTypeClass(); if (method_exists($class, 'configureFromImport')) { $pae = $class::configureFromImport($ch); $assignments[] = $pae; } } } } if (count($assignments)) { $pa = Access::create($pkx); foreach ($assignments as $pae) { $pa->addListItem($pae); } $pt = $pkx->getPermissionAssignmentObject(); $pt->assignPermissionAccess($pa); } } } }
public static function add() { // copy permissions from the other node. $rootNode = ExpressEntryCategory::add(); $treeID = parent::create($rootNode); $tree = self::getByID($treeID); $adminGroupEntity = GroupEntity::getOrCreate(ConcreteGroup::getByID(ADMIN_GROUP_ID)); $permissions = ['view_express_entries', 'add_express_entries', 'edit_express_entries', 'delete_express_entries']; foreach ($permissions as $handle) { $pk = ExpressTreeNodeKey::getByHandle($handle); $pk->setPermissionObject($rootNode); $pa = Access::create($pk); $pa->addListItem($adminGroupEntity); $pt = $pk->getPermissionAssignmentObject(); $pt->assignPermissionAccess($pa); } return $tree; }
public static function add($name) { // copy permissions from the other node. $rootNode = CategoryTreeNode::add(); $treeID = parent::create($rootNode); $tree = self::getByID($treeID); $tree->setTopicTreeName($name); // by default, topic trees are viewable by all $guestGroupEntity = GroupPermissionAccessEntity::getOrCreate(UserGroup::getByID(GUEST_GROUP_ID)); $pk = CategoryTreeNodePermissionKey::getByHandle('view_category_tree_node'); if (is_object($pk)) { $pk->setPermissionObject($rootNode); $pa = PermissionAccess::create($pk); $pa->addListItem($guestGroupEntity); $pt = $pk->getPermissionAssignmentObject(); $pt->assignPermissionAccess($pa); } return $tree; }
public function copyFromFileSetToFile() { $opa = $this->getPermissionAccessObject(); $paID = false; if (is_object($opa)) { $paID = $opa->getPermissionAccessID(); } if ($paID == -1) { // this is proceeding from a merged file set assignment (copying from multiple file sets) $npa = Access::create($this); $ids = $opa->getPermissionAccessIDList(); foreach ($ids as $paID) { $pax = Access::getByID($paID, $this); $pax->duplicate($npa); } $paID = $npa->getPermissionAccessID(); } if ($paID) { $db = Loader::db(); $db->Replace('FilePermissionAssignments', array('fID' => $this->permissionObject->getFileID(), 'pkID' => $this->getPermissionKeyID(), 'paID' => $paID), array('fID', 'paID', 'pkID'), true); } }
public function installMaintenanceModePermission() { $pk = Key::getByHandle('view_in_maintenance_mode'); if (!$pk instanceof Key) { $pk = Key::add('admin', 'view_in_maintenance_mode', 'View Site in Maintenance Mode', 'Controls whether a user can access the website when its under maintenance.', false, false); $pa = $pk->getPermissionAccessObject(); if (!is_object($pa)) { $pa = Access::create($pk); } $adminGroup = Group::getByID(ADMIN_GROUP_ID); if ($adminGroup) { $adminGroupEntity = GroupEntity::getOrCreate($adminGroup); $pa->addListItem($adminGroupEntity); $pt = $pk->getPermissionAssignmentObject(); $pt->assignPermissionAccess($pa); } } }
public function addNotifications() { $this->output(t('Adding notifications...')); $adminGroupEntity = GroupEntity::getOrCreate(\Group::getByID(ADMIN_GROUP_ID)); $adminUserEntity = UserEntity::getOrCreate(\UserInfo::getByID(USER_SUPER_ID)); $pk = Key::getByHandle('notify_in_notification_center'); $pa = Access::create($pk); $pa->addListItem($adminUserEntity); $pa->addListItem($adminGroupEntity); $pt = $pk->getPermissionAssignmentObject(); $pt->assignPermissionAccess($pa); }
public function save_simple() { if ($this->validateAction()) { $c = $this->page; $c->setPermissionsToManualOverride(); $pk = PermissionKey::getByHandle('view_page'); $pk->setPermissionObject($c); $pt = $pk->getPermissionAssignmentObject(); $pt->clearPermissionAssignment(); $pa = Access::create($pk); if (is_array($_POST['readGID'])) { foreach ($_POST['readGID'] as $gID) { $pa->addListItem(GroupPermissionAccessEntity::getOrCreate(Group::getByID($gID))); } } $pt->assignPermissionAccess($pa); $editAccessEntities = array(); if (is_array($_POST['editGID'])) { foreach ($_POST['editGID'] as $gID) { $editAccessEntities[] = GroupPermissionAccessEntity::getOrCreate(Group::getByID($gID)); } } $editPermissions = array('view_page_versions', 'edit_page_properties', 'edit_page_contents', 'edit_page_speed_settings', 'edit_page_multilingual_settings', 'edit_page_theme', 'edit_page_page_type', 'edit_page_template', 'edit_page_permissions', 'preview_page_as_user', 'schedule_page_contents_guest_access', 'delete_page', 'delete_page_versions', 'approve_page_versions', 'add_subpage', 'move_or_copy_page'); foreach ($editPermissions as $pkHandle) { $pk = PermissionKey::getByHandle($pkHandle); $pk->setPermissionObject($c); $pt = $pk->getPermissionAssignmentObject(); $pt->clearPermissionAssignment(); $pa = Access::create($pk); foreach ($editAccessEntities as $editObj) { $pa->addListItem($editObj); } $pt->assignPermissionAccess($pa); } $r = new PageEditResponse(); $r->setPage($this->page); $r->setTitle(t('Page Updated')); $r->setMessage(t('Page permissions have been saved.')); $r->outputJSON(); } }
public function view() { $editAccess = array(); if (Config::get('concrete.permissions.model') != 'simple') { return; } $home = Page::getByID(1, "RECENT"); $pk = PermissionKey::getByHandle('view_page'); $pk->setPermissionObject($home); $assignments = $pk->getAccessListItems(); foreach ($assignments as $asi) { $ae = $asi->getAccessEntityObject(); if ($ae->getAccessEntityTypeHandle() == 'group' && $ae->getGroupObject()->getGroupID() == GUEST_GROUP_ID) { $this->set('guestCanRead', true); } elseif ($ae->getAccessEntityTypeHandle() == 'group' && $ae->getGroupObject()->getGroupID() == REGISTERED_GROUP_ID) { $this->set('registeredCanRead', true); } } $gl = new GroupList(); $gl->filter('gID', REGISTERED_GROUP_ID, '>'); $gIDs = $gl->getResults(); $gArray = array(); foreach ($gIDs as $g) { $gArray[] = $g; } $pk = PermissionKey::getByHandle('edit_page_contents'); $pk->setPermissionObject($home); $assignments = $pk->getAccessListItems(); foreach ($assignments as $asi) { $ae = $asi->getAccessEntityObject(); if ($ae->getAccessEntityTypeHandle() == 'group') { $groupObject = $ae->getGroupObject(); if ($groupObject) { $editAccess[] = $ae->getGroupObject()->getGroupID(); } } } $this->set('home', $home); $this->set('gArray', $gArray); $this->set('editAccess', $editAccess); if ($this->isPost()) { if ($this->token->validate('site_permissions_code')) { switch ($_POST['view']) { case "ANYONE": $viewObj = GroupPermissionAccessEntity::getOrCreate(Group::getByID(GUEST_GROUP_ID)); break; case "USERS": $viewObj = GroupPermissionAccessEntity::getOrCreate(Group::getByID(REGISTERED_GROUP_ID)); break; case "PRIVATE": $viewObj = GroupPermissionAccessEntity::getOrCreate(Group::getByID(ADMIN_GROUP_ID)); break; } $pk = PermissionKey::getByHandle('view_page'); $pk->setPermissionObject($home); $pt = $pk->getPermissionAssignmentObject(); $pt->clearPermissionAssignment(); $pa = PermissionAccess::create($pk); $pa->addListItem($viewObj); $pt->assignPermissionAccess($pa); $editAccessEntities = array(); if (is_array($_POST['gID'])) { foreach ($_POST['gID'] as $gID) { $editAccessEntities[] = GroupPermissionAccessEntity::getOrCreate(Group::getByID($gID)); } } $editPermissions = array('view_page_versions', 'edit_page_properties', 'edit_page_contents', 'edit_page_speed_settings', 'edit_page_multilingual_settings', 'edit_page_theme', 'edit_page_page_type', 'edit_page_template', 'edit_page_permissions', 'delete_page', 'preview_page_as_user', 'schedule_page_contents_guest_access', 'delete_page_versions', 'approve_page_versions', 'add_subpage', 'move_or_copy_page'); foreach ($editPermissions as $pkHandle) { $pk = PermissionKey::getByHandle($pkHandle); $pk->setPermissionObject($home); $pt = $pk->getPermissionAssignmentObject(); $pt->clearPermissionAssignment(); $pa = PermissionAccess::create($pk); foreach ($editAccessEntities as $editObj) { $pa->addListItem($editObj); } $pt->assignPermissionAccess($pa); } $pkx = PermissionKey::getbyHandle('add_block'); $pt = $pkx->getPermissionAssignmentObject(); $pt->clearPermissionAssignment(); $pa = PermissionAccess::create($pkx); foreach ($editAccessEntities as $editObj) { $pa->addListItem($editObj); } $pt->assignPermissionAccess($pa); $pkx = PermissionKey::getbyHandle('add_stack'); $pt = $pkx->getPermissionAssignmentObject(); $pt->clearPermissionAssignment(); $pa = PermissionAccess::create($pkx); foreach ($editAccessEntities as $editObj) { $pa->addListItem($editObj); } $pt->assignPermissionAccess($pa); $cms = Core::make('app'); $cms->clearCaches(); $this->redirect('/dashboard/system/permissions/site/', 'saved'); } else { $this->error->add($this->token->getErrorMessage()); } } }
public function install_site_permissions() { $g1 = Group::getByID(GUEST_GROUP_ID); $g2 = Group::getByID(REGISTERED_GROUP_ID); $g3 = Group::getByID(ADMIN_GROUP_ID); $filesystem = new Filesystem(); $folder = $filesystem->getRootFolder(); $folder->assignPermissions($g1, ['view_file_folder_file']); $folder->assignPermissions($g3, ['view_file_folder_file', 'search_file_folder', 'edit_file_folder', 'edit_file_folder_file_properties', 'edit_file_folder_file_contents', 'copy_file_folder_files', 'edit_file_folder_permissions', 'delete_file_folder_files', 'delete_file_folder', 'add_file']); $u = new User(); $u->saveConfig('NEWSFLOW_LAST_VIEWED', 'FIRSTRUN'); // login $login = Page::getByPath('/login', "RECENT"); $login->assignPermissions($g1, ['view_page']); // register $register = Page::getByPath('/register', "RECENT"); $register->assignPermissions($g1, ['view_page']); // dashboard $dashboard = Page::getByPath('/dashboard', "RECENT"); $dashboard->assignPermissions($g3, ['view_page']); // drafts $drafts = Page::getByPath('/!drafts', "RECENT"); $drafts->assignPermissions($g3, ['view_page', 'view_page_versions', 'view_page_in_sitemap', 'preview_page_as_user', 'edit_page_properties', 'edit_page_contents', 'edit_page_speed_settings', 'edit_page_multilingual_settings', 'edit_page_theme', 'edit_page_template', 'edit_page_page_type', 'edit_page_permissions', 'delete_page', 'delete_page_versions', 'approve_page_versions', 'add_subpage', 'move_or_copy_page', 'schedule_page_contents_guest_access']); $home = Page::getByID(1, "RECENT"); $home->assignPermissions($g1, ['view_page']); $home->assignPermissions($g3, ['view_page_versions', 'view_page_in_sitemap', 'preview_page_as_user', 'edit_page_properties', 'edit_page_contents', 'edit_page_speed_settings', 'edit_page_multilingual_settings', 'edit_page_theme', 'edit_page_template', 'edit_page_page_type', 'edit_page_permissions', 'delete_page', 'delete_page_versions', 'approve_page_versions', 'add_subpage', 'move_or_copy_page', 'schedule_page_contents_guest_access']); $config = \Core::make('config/database'); $config->save('concrete.security.token.jobs', Core::make('helper/validation/identifier')->getString(64)); $config->save('concrete.security.token.encryption', Core::make('helper/validation/identifier')->getString(64)); $config->save('concrete.security.token.validation', Core::make('helper/validation/identifier')->getString(64)); // group permissions $tree = GroupTree::get(); $node = $tree->getRootTreeNodeObject(); $permissions = ['search_users_in_group', 'edit_group', 'assign_group', 'add_sub_group', 'edit_group_permissions']; $adminGroupEntity = GroupPermissionAccessEntity::getOrCreate($g3); foreach ($permissions as $pkHandle) { $pk = PermissionKey::getByHandle($pkHandle); $pk->setPermissionObject($node); $pa = PermissionAccess::create($pk); $pa->addListItem($adminGroupEntity); $pt = $pk->getPermissionAssignmentObject(); $pt->assignPermissionAccess($pa); } // conversation permissions $messageAuthorEntity = ConversationMessageAuthorEntity::getOrCreate(); $guestEntity = GroupPermissionAccessEntity::getOrCreate($g1); $registeredEntity = GroupPermissionAccessEntity::getOrCreate($g2); $pk = PermissionKey::getByHandle('add_conversation_message'); $pa = PermissionAccess::create($pk); $pa->addListItem($guestEntity); $pt = $pk->getPermissionAssignmentObject(); $pt->assignPermissionAccess($pa); $pk = PermissionKey::getByHandle('add_conversation_message_attachments'); $pa = PermissionAccess::create($pk); $pa->addListItem($guestEntity); $pt = $pk->getPermissionAssignmentObject(); $pt->assignPermissionAccess($pa); $pk = PermissionKey::getByHandle('edit_conversation_message'); $pa = PermissionAccess::create($pk); $pa->addListItem($messageAuthorEntity); $pa->addListItem($adminGroupEntity); $pt = $pk->getPermissionAssignmentObject(); $pt->assignPermissionAccess($pa); $pk = PermissionKey::getByHandle('delete_conversation_message'); $pa = PermissionAccess::create($pk); $pa->addListItem($messageAuthorEntity); $pa->addListItem($adminGroupEntity); $pt = $pk->getPermissionAssignmentObject(); $pt->assignPermissionAccess($pa); $pk = PermissionKey::getByHandle('rate_conversation_message'); $pa = PermissionAccess::create($pk); $pa->addListItem($registeredEntity); $pa->addListItem($adminGroupEntity); $pt = $pk->getPermissionAssignmentObject(); $pt->assignPermissionAccess($pa); $permissions = ['edit_conversation_permissions', 'flag_conversation_message', 'approve_conversation_message']; foreach ($permissions as $pkHandle) { $pk = PermissionKey::getByHandle($pkHandle); $pa = PermissionAccess::create($pk); $pa->addListItem($adminGroupEntity); $pt = $pk->getPermissionAssignmentObject(); $pt->assignPermissionAccess($pa); } // notification $adminUserEntity = UserEntity::getOrCreate(\UserInfo::getByID(USER_SUPER_ID)); $pk = PermissionKey::getByHandle('notify_in_notification_center'); $pa = PermissionAccess::create($pk); $pa->addListItem($adminUserEntity); $pa->addListItem($adminGroupEntity); $pt = $pk->getPermissionAssignmentObject(); $pt->assignPermissionAccess($pa); try { Core::make('helper/file')->makeExecutable(DIR_BASE_CORE . '/bin/concrete5', 'all'); } catch (\Exception $x) { } }
/** * Add a page type. * * @param array $data { * * @var string $handle A string which can be used to identify the page type * @var string $name A user friendly display name * @var \PageTemplate $defaultTemplate The default template object or handle * @var string $allowedTemplates (A|C|X) A for all, C for selected only, X for non-selected only * @var \PageTemplate[] $templates Array or Iterator of selected templates, see `$allowedTemplates`, or Page Template Handles * @var bool $internal Is this an internal only page type? Default: `false` * @var bool $ptLaunchInComposer Does this launch in composer? Default: `false` * @var bool $ptIsFrequentlyAdded Should this always be displayed in the pages panel? Default: `false` * } * * @param bool|Package $pkg This should be false if the type is not tied to a package, or a package object * * @return static|mixed|null */ public static function add($data, $pkg = false) { $data = $data + array('defaultTemplate' => null, 'allowedTemplates' => null, 'templates' => null, 'internal' => null, 'ptLaunchInComposer' => null, 'ptIsFrequentlyAdded' => null); if (!isset($data['siteType'])) { $data['siteType'] = \Core::make('site/type')->getDefault(); } $ptHandle = $data['handle']; $ptName = $data['name']; $siteTypeID = $data['siteType']->getSiteTypeID(); $ptDefaultPageTemplateID = 0; $ptIsFrequentlyAdded = 0; $ptLaunchInComposer = 0; $pkgID = 0; if (is_object($pkg)) { $pkgID = $pkg->getPackageID(); } if (is_object($data['defaultTemplate'])) { $ptDefaultPageTemplateID = $data['defaultTemplate']->getPageTemplateID(); } elseif (!empty($data['defaultTemplate'])) { $ptDefaultPageTemplateID = PageTemplate::getByHandle($data['defaultTemplate'])->getPageTemplateID(); } $ptAllowedPageTemplates = 'A'; if ($data['allowedTemplates']) { $ptAllowedPageTemplates = $data['allowedTemplates']; } $templates = array(); if (is_array($data['templates'])) { $templates = $data['templates']; } $ptIsInternal = 0; if ($data['internal']) { $ptIsInternal = 1; } if ($data['ptLaunchInComposer']) { $ptLaunchInComposer = 1; } if ($data['ptIsFrequentlyAdded']) { $ptIsFrequentlyAdded = 1; } $db = Loader::db(); $ptDisplayOrder = 0; $count = $db->GetOne('select count(ptID) from PageTypes where ptIsInternal = ?', array($ptIsInternal)); if ($count > 0) { $ptDisplayOrder = $count; } $db->Execute('insert into PageTypes (ptName, ptHandle, ptDefaultPageTemplateID, ptAllowedPageTemplates, ptIsInternal, ptLaunchInComposer, ptDisplayOrder, ptIsFrequentlyAdded, siteTypeID, pkgID) values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)', array($ptName, $ptHandle, $ptDefaultPageTemplateID, $ptAllowedPageTemplates, $ptIsInternal, $ptLaunchInComposer, $ptDisplayOrder, $ptIsFrequentlyAdded, $siteTypeID, $pkgID)); $ptID = $db->Insert_ID(); if ($ptAllowedPageTemplates != 'A') { foreach ($templates as $pt) { if (!is_object($pt)) { $pt = PageTemplate::getByHandle($pt); } $db->Execute('insert into PageTypePageTemplates (ptID, pTemplateID) values (?, ?)', array($ptID, $pt->getPageTemplateID())); } } $ptt = static::getByID($ptID); // set all type publish target as default $target = PageTypePublishTargetType::getByHandle('all'); if (is_object($target)) { $configuredTarget = $target->configurePageTypePublishTarget($ptt, array()); $ptt->setConfiguredPageTypePublishTargetObject($configuredTarget); } // copy permissions from the defaults to the page type $cpk = PermissionKey::getByHandle('access_page_type_permissions'); $permissions = PermissionKey::getList('page_type'); foreach ($permissions as $pk) { $pk->setPermissionObject($ptt); $pk->copyFromDefaultsToPageType($cpk); } // now we clear the default from edit page drafts $pk = PermissionKey::getByHandle('edit_page_type_drafts'); if (is_object($pk)) { $pk->setPermissionObject($ptt); $pt = $pk->getPermissionAssignmentObject(); if (is_object($pt)) { $pt->clearPermissionAssignment(); } // now we assign the page draft owner access entity $pa = PermissionAccess::create($pk); $pe = PageOwnerPermissionAccessEntity::getOrCreate(); $pa->addListItem($pe); $pt->assignPermissionAccess($pa); return $ptt; } }