public function setCurrentUserReference(APIUserReference $userReference)
{
$id = $userReference->getUserId();
if (!$id) {
throw new InvalidArgumentValue('$user->getUserId()', $id);
}
$this->currentUserRef = $userReference;
}
/**
* Builds ContentType update struct for storage layer.
*
* @param \eZ\Publish\API\Repository\Values\ContentType\ContentTypeDraft $contentTypeDraft
* @param \eZ\Publish\API\Repository\Values\ContentType\ContentTypeUpdateStruct $contentTypeUpdateStruct
* @param \eZ\Publish\API\Repository\Values\User\UserReference $user
*
* @return \eZ\Publish\SPI\Persistence\Content\Type\UpdateStruct
*/
public function buildSPIContentTypeUpdateStruct(APIContentTypeDraft $contentTypeDraft, APIContentTypeUpdateStruct $contentTypeUpdateStruct, APIUserReference $user)
{
$updateStruct = new SPIContentTypeUpdateStruct();
$updateStruct->identifier = $contentTypeUpdateStruct->identifier !== null ? $contentTypeUpdateStruct->identifier : $contentTypeDraft->identifier;
$updateStruct->remoteId = $contentTypeUpdateStruct->remoteId !== null ? $contentTypeUpdateStruct->remoteId : $contentTypeDraft->remoteId;
$updateStruct->name = $contentTypeUpdateStruct->names !== null ? $contentTypeUpdateStruct->names : $contentTypeDraft->names;
$updateStruct->description = $contentTypeUpdateStruct->descriptions !== null ? $contentTypeUpdateStruct->descriptions : $contentTypeDraft->descriptions;
$updateStruct->modified = $contentTypeUpdateStruct->modificationDate !== null ? $contentTypeUpdateStruct->modificationDate->getTimestamp() : time();
$updateStruct->modifierId = $contentTypeUpdateStruct->modifierId !== null ? $contentTypeUpdateStruct->modifierId : $user->getUserId();
$updateStruct->urlAliasSchema = $contentTypeUpdateStruct->urlAliasSchema !== null ? $contentTypeUpdateStruct->urlAliasSchema : $contentTypeDraft->urlAliasSchema;
$updateStruct->nameSchema = $contentTypeUpdateStruct->nameSchema !== null ? $contentTypeUpdateStruct->nameSchema : $contentTypeDraft->nameSchema;
$updateStruct->isContainer = $contentTypeUpdateStruct->isContainer !== null ? $contentTypeUpdateStruct->isContainer : $contentTypeDraft->isContainer;
$updateStruct->sortField = $contentTypeUpdateStruct->defaultSortField !== null ? $contentTypeUpdateStruct->defaultSortField : $contentTypeDraft->defaultSortField;
$updateStruct->sortOrder = $contentTypeUpdateStruct->defaultSortOrder !== null ? (int) $contentTypeUpdateStruct->defaultSortOrder : $contentTypeDraft->defaultSortOrder;
$updateStruct->defaultAlwaysAvailable = $contentTypeUpdateStruct->defaultAlwaysAvailable !== null ? $contentTypeUpdateStruct->defaultAlwaysAvailable : $contentTypeDraft->defaultAlwaysAvailable;
$updateStruct->initialLanguageId = $this->contentLanguageHandler->loadByLanguageCode($contentTypeUpdateStruct->mainLanguageCode !== null ? $contentTypeUpdateStruct->mainLanguageCode : $contentTypeDraft->mainLanguageCode)->id;
return $updateStruct;
}
/**
* Evaluate permission against content & target(placement/parent/assignment).
*
* @throws \eZ\Publish\API\Repository\Exceptions\InvalidArgumentException If any of the arguments are invalid
* Example: If LimitationValue is instance of ContentTypeLimitationValue, and Type is SectionLimitationType.
* @throws \eZ\Publish\API\Repository\Exceptions\BadStateException If value of the LimitationValue is unsupported
* Example if OwnerLimitationValue->limitationValues[0] is not one of: [ 1, 2 ]
*
* @param \eZ\Publish\API\Repository\Values\User\Limitation $value
* @param \eZ\Publish\API\Repository\Values\User\UserReference $currentUser
* @param \eZ\Publish\API\Repository\Values\ValueObject $object
* @param \eZ\Publish\API\Repository\Values\ValueObject[]|null $targets The context of the $object, like Location of Content, if null none where provided by caller
*
* @return bool
*/
public function evaluate(APILimitationValue $value, APIUserReference $currentUser, ValueObject $object, array $targets = null)
{
if (!$value instanceof APIParentUserGroupLimitation) {
throw new InvalidArgumentException('$value', 'Must be of type: APIParentUserGroupLimitation');
}
if ($value->limitationValues[0] != 1) {
throw new BadStateException('Parent User Group limitation', 'expected limitation value to be 1 but got:' . $value->limitationValues[0]);
}
// Parent Limitations are usually used by content/create where target is specified, so we return false if not provided.
if (empty($targets)) {
return false;
}
$locationHandler = $this->persistence->locationHandler();
$currentUserLocations = $locationHandler->loadLocationsByContent($currentUser->getUserId());
if (empty($currentUserLocations)) {
return false;
}
foreach ($targets as $target) {
if ($target instanceof LocationCreateStruct) {
$target = $locationHandler->load($target->parentLocationId);
}
if ($target instanceof Location) {
// $target is assumed to be parent in this case
$parentOwnerId = $target->getContentInfo()->ownerId;
} elseif ($target instanceof SPILocation) {
// $target is assumed to be parent in this case
$spiContentInfo = $this->persistence->contentHandler()->loadContentInfo($target->contentId);
$parentOwnerId = $spiContentInfo->ownerId;
} else {
throw new InvalidArgumentException('$targets', 'Must contain objects of type: Location or LocationCreateStruct');
}
if ($parentOwnerId === $currentUser->getUserId()) {
continue;
}
/*
* As long as SPI userHandler and API UserService does not speak the same language, this is the ugly truth;
*/
$locationHandler = $this->persistence->locationHandler();
$parentOwnerLocations = $locationHandler->loadLocationsByContent($parentOwnerId);
if (empty($parentOwnerLocations)) {
return false;
}
foreach ($parentOwnerLocations as $parentOwnerLocation) {
foreach ($currentUserLocations as $currentUserLocation) {
if ($parentOwnerLocation->parentId === $currentUserLocation->parentId) {
continue 3;
}
}
}
return false;
}
return true;
}
/**
* Sets the current user to the given $user.
*
* @param \eZ\Publish\API\Repository\Values\User\UserReference $user
*
* @return void
*/
public function setCurrentUser(UserReference $user)
{
$this->currentUser = $user;
$this->authenticator->setUserId($user->getUserId());
}
/**
* Evaluate permission against content & target(placement/parent/assignment).
*
* @throws \eZ\Publish\API\Repository\Exceptions\InvalidArgumentException If any of the arguments are invalid
* Example: If LimitationValue is instance of ContentTypeLimitationValue, and Type is SectionLimitationType.
* @throws \eZ\Publish\API\Repository\Exceptions\BadStateException If value of the LimitationValue is unsupported
* Example if OwnerLimitationValue->limitationValues[0] is not one of: [ 1, 2 ]
*
* @param \eZ\Publish\API\Repository\Values\User\Limitation $value
* @param \eZ\Publish\API\Repository\Values\User\UserReference $currentUser
* @param \eZ\Publish\API\Repository\Values\ValueObject $object
* @param \eZ\Publish\API\Repository\Values\ValueObject[]|null $targets The context of the $object, like Location of Content, if null none where provided by caller
*
* @return bool
*
* @todo Add support for $limitationValues[0] == 2 when session values can be injected somehow
*/
public function evaluate(APILimitationValue $value, APIUserReference $currentUser, ValueObject $object, array $targets = null)
{
if (!$value instanceof APIParentOwnerLimitation) {
throw new InvalidArgumentException('$value', 'Must be of type: APIParentOwnerLimitation');
}
if ($value->limitationValues[0] != 1 && $value->limitationValues[0] != 2) {
throw new BadStateException('Parent Owner limitation', 'expected limitation value to be 1 or 2 but got:' . $value->limitationValues[0]);
}
// Parent Limitations are usually used by content/create where target is specified, so we return false if not provided.
if (empty($targets)) {
return false;
}
foreach ($targets as $target) {
if ($target instanceof LocationCreateStruct) {
$target = $this->persistence->locationHandler()->load($target->parentLocationId);
}
if ($target instanceof Location) {
$targetContentInfo = $target->getContentInfo();
} elseif ($target instanceof SPILocation) {
$targetContentInfo = $this->persistence->contentHandler()->loadContentInfo($target->contentId);
} else {
throw new InvalidArgumentException('$targets', 'Must contain objects of type: Location or LocationCreateStruct');
}
$userId = $currentUser->getUserId();
$isOwner = $targetContentInfo->ownerId === $userId;
$isSelf = $targetContentInfo->id === $userId;
if (!($isOwner || $isSelf)) {
return false;
}
}
return true;
}
/**
* Returns Criterion for use in find() query.
*
* @param \eZ\Publish\API\Repository\Values\User\Limitation $value
* @param \eZ\Publish\API\Repository\Values\User\UserReference $currentUser
*
* @return \eZ\Publish\API\Repository\Values\Content\Query\CriterionInterface
*
* @todo Add support for $limitationValues[0] == 2 when session values can be injected somehow, or deprecate
*/
public function getCriterion(APILimitationValue $value, APIUserReference $currentUser)
{
if (empty($value->limitationValues)) {
// no limitation values
throw new \RuntimeException('$value->limitationValues is empty, it should not have been stored in the first place');
}
if ($value->limitationValues[0] != 1 && $value->limitationValues[0] != 2) {
throw new BadStateException('Parent User Group limitation', 'expected limitation value to be 1 but got:' . $value->limitationValues[0]);
}
return new Criterion\UserMetadata(Criterion\UserMetadata::OWNER, Criterion\Operator::EQ, $currentUser->getUserId());
}
/**
* Sets the current user to the given $user.
*
* @param \eZ\Publish\API\Repository\Values\User\UserReference $user
*
* @throws InvalidArgumentValue If UserReference does not contain a id
*/
public function setCurrentUser(APIUserReference $user)
{
$id = $user->getUserId();
if (!$id) {
throw new InvalidArgumentValue('$user->getUserId()', $id);
}
if ($user instanceof User) {
$this->currentUser = $user;
$this->currentUserRef = new UserReference($id);
} else {
$this->currentUser = null;
$this->currentUserRef = $user;
}
}
/**
* Returns Criterion for use in find() query.
*
* @param \eZ\Publish\API\Repository\Values\User\Limitation $value
* @param \eZ\Publish\API\Repository\Values\User\UserReference $currentUser
*
* @return \eZ\Publish\API\Repository\Values\Content\Query\CriterionInterface
*/
public function getCriterion(APILimitationValue $value, APIUserReference $currentUser)
{
if (empty($value->limitationValues)) {
// no limitation values
throw new \RuntimeException('$value->limitationValues is empty, it should not have been stored in the first place');
}
if ($value->limitationValues[0] != 1) {
throw new BadStateException('Parent User Group limitation', 'expected limitation value to be 1 but got:' . $value->limitationValues[0]);
}
$groupIds = array();
$currentUserLocations = $this->persistence->locationHandler()->loadLocationsByContent($currentUser->getUserId());
if (!empty($currentUserLocations)) {
foreach ($currentUserLocations as $currentUserLocation) {
$groupIds[] = $currentUserLocation->parentId;
}
}
return new Criterion\UserMetadata(Criterion\UserMetadata::GROUP, Criterion\Operator::IN, $groupIds);
}