public function assignPermissions($userOrGroup, $permissions = [], $accessType = Key::ACCESS_TYPE_INCLUDE, $cascadeToChildren = true)
{
if (!$cascadeToChildren) {
$this->setChildPermissionsToOverride();
}
$this->setPermissionsToOverride();
if (is_array($userOrGroup)) {
$pe = GroupCombinationEntity::getOrCreate($userOrGroup);
// group combination
} elseif ($userOrGroup instanceof User || $userOrGroup instanceof \Concrete\Core\User\UserInfo || $userOrGroup instanceof \Concrete\Core\User\User) {
$pe = UserEntity::getOrCreate($userOrGroup);
} elseif ($userOrGroup instanceof Entity) {
$pe = $userOrGroup;
} else {
// group;
$pe = GroupEntity::getOrCreate($userOrGroup);
}
foreach ($permissions as $pkHandle) {
$pk = Key::getByHandle($pkHandle);
$pk->setPermissionObject($this);
$pa = $pk->getPermissionAccessObject();
if (!is_object($pa)) {
$pa = Access::create($pk);
} elseif ($pa->isPermissionAccessInUse()) {
$pa = $pa->duplicate();
}
$pa->addListItem($pe, false, $accessType);
$pt = $pk->getPermissionAssignmentObject();
$pt->assignPermissionAccess($pa);
}
}
public function publish(Key $key, AccessEntity $entity)
{
$pa = Access::create($key);
foreach ($this->getAssignments($entity) as $pae) {
$pa->addListItem($pae);
}
$pt = $key->getPermissionAssignmentObject();
$pt->assignPermissionAccess($pa);
}
public function setDefaultPermissions(FileManager $tree)
{
$rootNode = $tree->getRootTreeNodeObject();
$adminGroupEntity = GroupEntity::getOrCreate(Group::getByID(ADMIN_GROUP_ID));
$pk = CategoryTreeNodeKey::getByHandle('view_category_tree_node');
$pk->setPermissionObject($rootNode);
$pa = Access::create($pk);
$pa->addListItem($adminGroupEntity);
$pt = $pk->getPermissionAssignmentObject();
$pt->assignPermissionAccess($pa);
}
public function apply($mixed)
{
$key = Key::getByHandle($this->pkHandle);
$entity = $mixed->getAccessEntity();
$pa = $key->getPermissionAccessObject();
if (!is_object($pa)) {
$pa = Access::create($key);
}
$pa->addListItem($entity, false, $this->accessType);
$pt = $key->getPermissionAssignmentObject();
$pt->assignPermissionAccess($pa);
}
public function import(\SimpleXMLElement $sx)
{
if (isset($sx->permissionkeys)) {
foreach ($sx->permissionkeys->permissionkey as $pk) {
if (is_object(Key::getByHandle((string) $pk['handle']))) {
continue;
}
$pkc = Category::getByHandle((string) $pk['category']);
$c1 = $pkc->getPermissionKeyClass();
$pkx = call_user_func(array($c1, 'import'), $pk);
$assignments = array();
if (isset($pk->access)) {
foreach ($pk->access->children() as $ch) {
if ($ch->getName() == 'group') {
/*
* Legacy
*/
$g = Group::getByName($ch['name']);
if (!is_object($g)) {
$g = Group::add($g['name'], $g['description']);
}
$pae = GroupEntity::getOrCreate($g);
$assignments[] = $pae;
}
if ($ch->getName() == 'entity') {
$type = Type::getByHandle((string) $ch['type']);
$class = $type->getAccessEntityTypeClass();
if (method_exists($class, 'configureFromImport')) {
$pae = $class::configureFromImport($ch);
$assignments[] = $pae;
}
}
}
}
if (count($assignments)) {
$pa = Access::create($pkx);
foreach ($assignments as $pae) {
$pa->addListItem($pae);
}
$pt = $pkx->getPermissionAssignmentObject();
$pt->assignPermissionAccess($pa);
}
}
}
}
public static function add()
{
// copy permissions from the other node.
$rootNode = ExpressEntryCategory::add();
$treeID = parent::create($rootNode);
$tree = self::getByID($treeID);
$adminGroupEntity = GroupEntity::getOrCreate(ConcreteGroup::getByID(ADMIN_GROUP_ID));
$permissions = ['view_express_entries', 'add_express_entries', 'edit_express_entries', 'delete_express_entries'];
foreach ($permissions as $handle) {
$pk = ExpressTreeNodeKey::getByHandle($handle);
$pk->setPermissionObject($rootNode);
$pa = Access::create($pk);
$pa->addListItem($adminGroupEntity);
$pt = $pk->getPermissionAssignmentObject();
$pt->assignPermissionAccess($pa);
}
return $tree;
}
public static function add($name)
{
// copy permissions from the other node.
$rootNode = CategoryTreeNode::add();
$treeID = parent::create($rootNode);
$tree = self::getByID($treeID);
$tree->setTopicTreeName($name);
// by default, topic trees are viewable by all
$guestGroupEntity = GroupPermissionAccessEntity::getOrCreate(UserGroup::getByID(GUEST_GROUP_ID));
$pk = CategoryTreeNodePermissionKey::getByHandle('view_category_tree_node');
if (is_object($pk)) {
$pk->setPermissionObject($rootNode);
$pa = PermissionAccess::create($pk);
$pa->addListItem($guestGroupEntity);
$pt = $pk->getPermissionAssignmentObject();
$pt->assignPermissionAccess($pa);
}
return $tree;
}
public function copyFromFileSetToFile()
{
$opa = $this->getPermissionAccessObject();
$paID = false;
if (is_object($opa)) {
$paID = $opa->getPermissionAccessID();
}
if ($paID == -1) {
// this is proceeding from a merged file set assignment (copying from multiple file sets)
$npa = Access::create($this);
$ids = $opa->getPermissionAccessIDList();
foreach ($ids as $paID) {
$pax = Access::getByID($paID, $this);
$pax->duplicate($npa);
}
$paID = $npa->getPermissionAccessID();
}
if ($paID) {
$db = Loader::db();
$db->Replace('FilePermissionAssignments', array('fID' => $this->permissionObject->getFileID(), 'pkID' => $this->getPermissionKeyID(), 'paID' => $paID), array('fID', 'paID', 'pkID'), true);
}
}
public function installMaintenanceModePermission()
{
$pk = Key::getByHandle('view_in_maintenance_mode');
if (!$pk instanceof Key) {
$pk = Key::add('admin', 'view_in_maintenance_mode', 'View Site in Maintenance Mode', 'Controls whether a user can access the website when its under maintenance.', false, false);
$pa = $pk->getPermissionAccessObject();
if (!is_object($pa)) {
$pa = Access::create($pk);
}
$adminGroup = Group::getByID(ADMIN_GROUP_ID);
if ($adminGroup) {
$adminGroupEntity = GroupEntity::getOrCreate($adminGroup);
$pa->addListItem($adminGroupEntity);
$pt = $pk->getPermissionAssignmentObject();
$pt->assignPermissionAccess($pa);
}
}
}
public function addNotifications()
{
$this->output(t('Adding notifications...'));
$adminGroupEntity = GroupEntity::getOrCreate(\Group::getByID(ADMIN_GROUP_ID));
$adminUserEntity = UserEntity::getOrCreate(\UserInfo::getByID(USER_SUPER_ID));
$pk = Key::getByHandle('notify_in_notification_center');
$pa = Access::create($pk);
$pa->addListItem($adminUserEntity);
$pa->addListItem($adminGroupEntity);
$pt = $pk->getPermissionAssignmentObject();
$pt->assignPermissionAccess($pa);
}
public function save_simple()
{
if ($this->validateAction()) {
$c = $this->page;
$c->setPermissionsToManualOverride();
$pk = PermissionKey::getByHandle('view_page');
$pk->setPermissionObject($c);
$pt = $pk->getPermissionAssignmentObject();
$pt->clearPermissionAssignment();
$pa = Access::create($pk);
if (is_array($_POST['readGID'])) {
foreach ($_POST['readGID'] as $gID) {
$pa->addListItem(GroupPermissionAccessEntity::getOrCreate(Group::getByID($gID)));
}
}
$pt->assignPermissionAccess($pa);
$editAccessEntities = array();
if (is_array($_POST['editGID'])) {
foreach ($_POST['editGID'] as $gID) {
$editAccessEntities[] = GroupPermissionAccessEntity::getOrCreate(Group::getByID($gID));
}
}
$editPermissions = array('view_page_versions', 'edit_page_properties', 'edit_page_contents', 'edit_page_speed_settings', 'edit_page_multilingual_settings', 'edit_page_theme', 'edit_page_page_type', 'edit_page_template', 'edit_page_permissions', 'preview_page_as_user', 'schedule_page_contents_guest_access', 'delete_page', 'delete_page_versions', 'approve_page_versions', 'add_subpage', 'move_or_copy_page');
foreach ($editPermissions as $pkHandle) {
$pk = PermissionKey::getByHandle($pkHandle);
$pk->setPermissionObject($c);
$pt = $pk->getPermissionAssignmentObject();
$pt->clearPermissionAssignment();
$pa = Access::create($pk);
foreach ($editAccessEntities as $editObj) {
$pa->addListItem($editObj);
}
$pt->assignPermissionAccess($pa);
}
$r = new PageEditResponse();
$r->setPage($this->page);
$r->setTitle(t('Page Updated'));
$r->setMessage(t('Page permissions have been saved.'));
$r->outputJSON();
}
}
public function view()
{
$editAccess = array();
if (Config::get('concrete.permissions.model') != 'simple') {
return;
}
$home = Page::getByID(1, "RECENT");
$pk = PermissionKey::getByHandle('view_page');
$pk->setPermissionObject($home);
$assignments = $pk->getAccessListItems();
foreach ($assignments as $asi) {
$ae = $asi->getAccessEntityObject();
if ($ae->getAccessEntityTypeHandle() == 'group' && $ae->getGroupObject()->getGroupID() == GUEST_GROUP_ID) {
$this->set('guestCanRead', true);
} elseif ($ae->getAccessEntityTypeHandle() == 'group' && $ae->getGroupObject()->getGroupID() == REGISTERED_GROUP_ID) {
$this->set('registeredCanRead', true);
}
}
$gl = new GroupList();
$gl->filter('gID', REGISTERED_GROUP_ID, '>');
$gIDs = $gl->getResults();
$gArray = array();
foreach ($gIDs as $g) {
$gArray[] = $g;
}
$pk = PermissionKey::getByHandle('edit_page_contents');
$pk->setPermissionObject($home);
$assignments = $pk->getAccessListItems();
foreach ($assignments as $asi) {
$ae = $asi->getAccessEntityObject();
if ($ae->getAccessEntityTypeHandle() == 'group') {
$groupObject = $ae->getGroupObject();
if ($groupObject) {
$editAccess[] = $ae->getGroupObject()->getGroupID();
}
}
}
$this->set('home', $home);
$this->set('gArray', $gArray);
$this->set('editAccess', $editAccess);
if ($this->isPost()) {
if ($this->token->validate('site_permissions_code')) {
switch ($_POST['view']) {
case "ANYONE":
$viewObj = GroupPermissionAccessEntity::getOrCreate(Group::getByID(GUEST_GROUP_ID));
break;
case "USERS":
$viewObj = GroupPermissionAccessEntity::getOrCreate(Group::getByID(REGISTERED_GROUP_ID));
break;
case "PRIVATE":
$viewObj = GroupPermissionAccessEntity::getOrCreate(Group::getByID(ADMIN_GROUP_ID));
break;
}
$pk = PermissionKey::getByHandle('view_page');
$pk->setPermissionObject($home);
$pt = $pk->getPermissionAssignmentObject();
$pt->clearPermissionAssignment();
$pa = PermissionAccess::create($pk);
$pa->addListItem($viewObj);
$pt->assignPermissionAccess($pa);
$editAccessEntities = array();
if (is_array($_POST['gID'])) {
foreach ($_POST['gID'] as $gID) {
$editAccessEntities[] = GroupPermissionAccessEntity::getOrCreate(Group::getByID($gID));
}
}
$editPermissions = array('view_page_versions', 'edit_page_properties', 'edit_page_contents', 'edit_page_speed_settings', 'edit_page_multilingual_settings', 'edit_page_theme', 'edit_page_page_type', 'edit_page_template', 'edit_page_permissions', 'delete_page', 'preview_page_as_user', 'schedule_page_contents_guest_access', 'delete_page_versions', 'approve_page_versions', 'add_subpage', 'move_or_copy_page');
foreach ($editPermissions as $pkHandle) {
$pk = PermissionKey::getByHandle($pkHandle);
$pk->setPermissionObject($home);
$pt = $pk->getPermissionAssignmentObject();
$pt->clearPermissionAssignment();
$pa = PermissionAccess::create($pk);
foreach ($editAccessEntities as $editObj) {
$pa->addListItem($editObj);
}
$pt->assignPermissionAccess($pa);
}
$pkx = PermissionKey::getbyHandle('add_block');
$pt = $pkx->getPermissionAssignmentObject();
$pt->clearPermissionAssignment();
$pa = PermissionAccess::create($pkx);
foreach ($editAccessEntities as $editObj) {
$pa->addListItem($editObj);
}
$pt->assignPermissionAccess($pa);
$pkx = PermissionKey::getbyHandle('add_stack');
$pt = $pkx->getPermissionAssignmentObject();
$pt->clearPermissionAssignment();
$pa = PermissionAccess::create($pkx);
foreach ($editAccessEntities as $editObj) {
$pa->addListItem($editObj);
}
$pt->assignPermissionAccess($pa);
$cms = Core::make('app');
$cms->clearCaches();
$this->redirect('/dashboard/system/permissions/site/', 'saved');
} else {
$this->error->add($this->token->getErrorMessage());
}
}
}
public function install_site_permissions()
{
$g1 = Group::getByID(GUEST_GROUP_ID);
$g2 = Group::getByID(REGISTERED_GROUP_ID);
$g3 = Group::getByID(ADMIN_GROUP_ID);
$filesystem = new Filesystem();
$folder = $filesystem->getRootFolder();
$folder->assignPermissions($g1, ['view_file_folder_file']);
$folder->assignPermissions($g3, ['view_file_folder_file', 'search_file_folder', 'edit_file_folder', 'edit_file_folder_file_properties', 'edit_file_folder_file_contents', 'copy_file_folder_files', 'edit_file_folder_permissions', 'delete_file_folder_files', 'delete_file_folder', 'add_file']);
$u = new User();
$u->saveConfig('NEWSFLOW_LAST_VIEWED', 'FIRSTRUN');
// login
$login = Page::getByPath('/login', "RECENT");
$login->assignPermissions($g1, ['view_page']);
// register
$register = Page::getByPath('/register', "RECENT");
$register->assignPermissions($g1, ['view_page']);
// dashboard
$dashboard = Page::getByPath('/dashboard', "RECENT");
$dashboard->assignPermissions($g3, ['view_page']);
// drafts
$drafts = Page::getByPath('/!drafts', "RECENT");
$drafts->assignPermissions($g3, ['view_page', 'view_page_versions', 'view_page_in_sitemap', 'preview_page_as_user', 'edit_page_properties', 'edit_page_contents', 'edit_page_speed_settings', 'edit_page_multilingual_settings', 'edit_page_theme', 'edit_page_template', 'edit_page_page_type', 'edit_page_permissions', 'delete_page', 'delete_page_versions', 'approve_page_versions', 'add_subpage', 'move_or_copy_page', 'schedule_page_contents_guest_access']);
$home = Page::getByID(1, "RECENT");
$home->assignPermissions($g1, ['view_page']);
$home->assignPermissions($g3, ['view_page_versions', 'view_page_in_sitemap', 'preview_page_as_user', 'edit_page_properties', 'edit_page_contents', 'edit_page_speed_settings', 'edit_page_multilingual_settings', 'edit_page_theme', 'edit_page_template', 'edit_page_page_type', 'edit_page_permissions', 'delete_page', 'delete_page_versions', 'approve_page_versions', 'add_subpage', 'move_or_copy_page', 'schedule_page_contents_guest_access']);
$config = \Core::make('config/database');
$config->save('concrete.security.token.jobs', Core::make('helper/validation/identifier')->getString(64));
$config->save('concrete.security.token.encryption', Core::make('helper/validation/identifier')->getString(64));
$config->save('concrete.security.token.validation', Core::make('helper/validation/identifier')->getString(64));
// group permissions
$tree = GroupTree::get();
$node = $tree->getRootTreeNodeObject();
$permissions = ['search_users_in_group', 'edit_group', 'assign_group', 'add_sub_group', 'edit_group_permissions'];
$adminGroupEntity = GroupPermissionAccessEntity::getOrCreate($g3);
foreach ($permissions as $pkHandle) {
$pk = PermissionKey::getByHandle($pkHandle);
$pk->setPermissionObject($node);
$pa = PermissionAccess::create($pk);
$pa->addListItem($adminGroupEntity);
$pt = $pk->getPermissionAssignmentObject();
$pt->assignPermissionAccess($pa);
}
// conversation permissions
$messageAuthorEntity = ConversationMessageAuthorEntity::getOrCreate();
$guestEntity = GroupPermissionAccessEntity::getOrCreate($g1);
$registeredEntity = GroupPermissionAccessEntity::getOrCreate($g2);
$pk = PermissionKey::getByHandle('add_conversation_message');
$pa = PermissionAccess::create($pk);
$pa->addListItem($guestEntity);
$pt = $pk->getPermissionAssignmentObject();
$pt->assignPermissionAccess($pa);
$pk = PermissionKey::getByHandle('add_conversation_message_attachments');
$pa = PermissionAccess::create($pk);
$pa->addListItem($guestEntity);
$pt = $pk->getPermissionAssignmentObject();
$pt->assignPermissionAccess($pa);
$pk = PermissionKey::getByHandle('edit_conversation_message');
$pa = PermissionAccess::create($pk);
$pa->addListItem($messageAuthorEntity);
$pa->addListItem($adminGroupEntity);
$pt = $pk->getPermissionAssignmentObject();
$pt->assignPermissionAccess($pa);
$pk = PermissionKey::getByHandle('delete_conversation_message');
$pa = PermissionAccess::create($pk);
$pa->addListItem($messageAuthorEntity);
$pa->addListItem($adminGroupEntity);
$pt = $pk->getPermissionAssignmentObject();
$pt->assignPermissionAccess($pa);
$pk = PermissionKey::getByHandle('rate_conversation_message');
$pa = PermissionAccess::create($pk);
$pa->addListItem($registeredEntity);
$pa->addListItem($adminGroupEntity);
$pt = $pk->getPermissionAssignmentObject();
$pt->assignPermissionAccess($pa);
$permissions = ['edit_conversation_permissions', 'flag_conversation_message', 'approve_conversation_message'];
foreach ($permissions as $pkHandle) {
$pk = PermissionKey::getByHandle($pkHandle);
$pa = PermissionAccess::create($pk);
$pa->addListItem($adminGroupEntity);
$pt = $pk->getPermissionAssignmentObject();
$pt->assignPermissionAccess($pa);
}
// notification
$adminUserEntity = UserEntity::getOrCreate(\UserInfo::getByID(USER_SUPER_ID));
$pk = PermissionKey::getByHandle('notify_in_notification_center');
$pa = PermissionAccess::create($pk);
$pa->addListItem($adminUserEntity);
$pa->addListItem($adminGroupEntity);
$pt = $pk->getPermissionAssignmentObject();
$pt->assignPermissionAccess($pa);
try {
Core::make('helper/file')->makeExecutable(DIR_BASE_CORE . '/bin/concrete5', 'all');
} catch (\Exception $x) {
}
}
/**
* Add a page type.
*
* @param array $data {
*
* @var string $handle A string which can be used to identify the page type
* @var string $name A user friendly display name
* @var \PageTemplate $defaultTemplate The default template object or handle
* @var string $allowedTemplates (A|C|X) A for all, C for selected only, X for non-selected only
* @var \PageTemplate[] $templates Array or Iterator of selected templates, see `$allowedTemplates`, or Page Template Handles
* @var bool $internal Is this an internal only page type? Default: `false`
* @var bool $ptLaunchInComposer Does this launch in composer? Default: `false`
* @var bool $ptIsFrequentlyAdded Should this always be displayed in the pages panel? Default: `false`
* }
*
* @param bool|Package $pkg This should be false if the type is not tied to a package, or a package object
*
* @return static|mixed|null
*/
public static function add($data, $pkg = false)
{
$data = $data + array('defaultTemplate' => null, 'allowedTemplates' => null, 'templates' => null, 'internal' => null, 'ptLaunchInComposer' => null, 'ptIsFrequentlyAdded' => null);
if (!isset($data['siteType'])) {
$data['siteType'] = \Core::make('site/type')->getDefault();
}
$ptHandle = $data['handle'];
$ptName = $data['name'];
$siteTypeID = $data['siteType']->getSiteTypeID();
$ptDefaultPageTemplateID = 0;
$ptIsFrequentlyAdded = 0;
$ptLaunchInComposer = 0;
$pkgID = 0;
if (is_object($pkg)) {
$pkgID = $pkg->getPackageID();
}
if (is_object($data['defaultTemplate'])) {
$ptDefaultPageTemplateID = $data['defaultTemplate']->getPageTemplateID();
} elseif (!empty($data['defaultTemplate'])) {
$ptDefaultPageTemplateID = PageTemplate::getByHandle($data['defaultTemplate'])->getPageTemplateID();
}
$ptAllowedPageTemplates = 'A';
if ($data['allowedTemplates']) {
$ptAllowedPageTemplates = $data['allowedTemplates'];
}
$templates = array();
if (is_array($data['templates'])) {
$templates = $data['templates'];
}
$ptIsInternal = 0;
if ($data['internal']) {
$ptIsInternal = 1;
}
if ($data['ptLaunchInComposer']) {
$ptLaunchInComposer = 1;
}
if ($data['ptIsFrequentlyAdded']) {
$ptIsFrequentlyAdded = 1;
}
$db = Loader::db();
$ptDisplayOrder = 0;
$count = $db->GetOne('select count(ptID) from PageTypes where ptIsInternal = ?', array($ptIsInternal));
if ($count > 0) {
$ptDisplayOrder = $count;
}
$db->Execute('insert into PageTypes (ptName, ptHandle, ptDefaultPageTemplateID, ptAllowedPageTemplates, ptIsInternal, ptLaunchInComposer, ptDisplayOrder, ptIsFrequentlyAdded, siteTypeID, pkgID) values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)', array($ptName, $ptHandle, $ptDefaultPageTemplateID, $ptAllowedPageTemplates, $ptIsInternal, $ptLaunchInComposer, $ptDisplayOrder, $ptIsFrequentlyAdded, $siteTypeID, $pkgID));
$ptID = $db->Insert_ID();
if ($ptAllowedPageTemplates != 'A') {
foreach ($templates as $pt) {
if (!is_object($pt)) {
$pt = PageTemplate::getByHandle($pt);
}
$db->Execute('insert into PageTypePageTemplates (ptID, pTemplateID) values (?, ?)', array($ptID, $pt->getPageTemplateID()));
}
}
$ptt = static::getByID($ptID);
// set all type publish target as default
$target = PageTypePublishTargetType::getByHandle('all');
if (is_object($target)) {
$configuredTarget = $target->configurePageTypePublishTarget($ptt, array());
$ptt->setConfiguredPageTypePublishTargetObject($configuredTarget);
}
// copy permissions from the defaults to the page type
$cpk = PermissionKey::getByHandle('access_page_type_permissions');
$permissions = PermissionKey::getList('page_type');
foreach ($permissions as $pk) {
$pk->setPermissionObject($ptt);
$pk->copyFromDefaultsToPageType($cpk);
}
// now we clear the default from edit page drafts
$pk = PermissionKey::getByHandle('edit_page_type_drafts');
if (is_object($pk)) {
$pk->setPermissionObject($ptt);
$pt = $pk->getPermissionAssignmentObject();
if (is_object($pt)) {
$pt->clearPermissionAssignment();
}
// now we assign the page draft owner access entity
$pa = PermissionAccess::create($pk);
$pe = PageOwnerPermissionAccessEntity::getOrCreate();
$pa->addListItem($pe);
$pt->assignPermissionAccess($pa);
return $ptt;
}
}
