/** * (non-PHPdoc) * @see \oat\generis\model\data\RdfInterface::add() */ public function add(\core_kernel_classes_Triple $triple) { if (!in_array($triple->modelid, $this->model->getReadableModels())) { $this->model->addReadableModel($triple->modelid); } $query = "INSERT INTO statements ( modelId, subject, predicate, object, l_language) VALUES ( ? , ? , ? , ? , ? );"; $success = $this->getPersistence()->exec($query, array($triple->modelid, $triple->subject, $triple->predicate, $triple->object, is_null($triple->lg) ? '' : $triple->lg)); if ($triple->predicate == RDFS_SUBCLASSOF || $triple->predicate == RDF_TYPE) { PermissionManager::getPermissionModel()->onResourceCreated(new core_kernel_classes_Resource($triple->subject)); } return $success; }
/** * * @param string $currentVersion * @return string $versionUpdatedTo */ public function update($initialVersion) { $currentVersion = $initialVersion; if ($currentVersion == '1.0') { $impl = new PermissionProvider(); // add read access to Items $class = new \core_kernel_classes_Class(TAO_ITEM_CLASS); AdminService::addPermissionToClass($class, INSTANCE_ROLE_BACKOFFICE, array('READ')); // add backoffice user rights to Tests $class = new \core_kernel_classes_Class(TAO_TEST_CLASS); AdminService::addPermissionToClass($class, INSTANCE_ROLE_BACKOFFICE, $impl->getSupportedRights()); $currentVersion = '1.0.1'; } if ($currentVersion == '1.0.1') { $currentVersion = '1.0.2'; } if ($currentVersion == '1.0.2') { $taoClass = new \core_kernel_classes_Class(TAO_OBJECT_CLASS); $classAdmin = new AdminAction(); ClassActionRegistry::getRegistry()->registerAction($taoClass, $classAdmin); $currentVersion = '1.1'; } if ($currentVersion == '1.1') { $classesToAdd = array(new \core_kernel_classes_Class(CLASS_GENERIS_USER), new \core_kernel_classes_Class(CLASS_ROLE)); // add admin to new instances $classAdmin = new AdminAction(); foreach ($classesToAdd as $class) { ClassActionRegistry::getRegistry()->registerAction($class, $classAdmin); } // add base permissions to new classes $taoClass = new \core_kernel_classes_Class(TAO_OBJECT_CLASS); foreach ($taoClass->getSubClasses(false) as $class) { if (!in_array($class->getUri(), array(TAO_ITEM_CLASS, TAO_TEST_CLASS))) { $classesToAdd[] = $class; } } $rights = PermissionManager::getPermissionModel()->getSupportedRights(); foreach ($classesToAdd as $class) { if (count(AdminService::getUsersPermissions($class->getUri())) == 0) { AdminService::addPermissionToClass($class, INSTANCE_ROLE_BACKOFFICE, $rights); } else { \common_Logger::w('Unexpected rights present for ' . $class->getUri()); } } $currentVersion = '1.2.0'; } return $currentVersion; }
/** * Whenever or not the user has the required rights * * required takes the form of: * resourceId => $right * * @param User $user * @param array $required * @return boolean */ public static function hasPrivileges(User $user, array $required) { foreach ($required as $resourceId => $right) { if ($right === 'WRITE' && !self::hasWritePrivilege($user, $resourceId)) { common_Logger::d('User \'' . $user->getIdentifier() . '\' does not have lock for resource \'' . $resourceId . '\''); return false; } if (!in_array($right, PermissionManager::getPermissionModel()->getSupportedRights())) { $required[$resourceId] = PermissionInterface::RIGHT_UNSUPPORTED; } } $permissions = PermissionManager::getPermissionModel()->getPermissions($user, array_keys($required)); foreach ($required as $id => $right) { if (!isset($permissions[$id]) || !in_array($right, $permissions[$id])) { common_Logger::d('User \'' . $user->getIdentifier() . '\' does not have \'' . $right . '\' permission for resource \'' . $id . '\''); return false; } } return true; }
/** * please use core_kernel_classes_ResourceFactory::create() * instead of this function whenever possible * * Creates a new instance using the properties provided. * * @access public * @author Jerome Bogaerts, <*****@*****.**> * @param array properties May contain additional types * @return core_kernel_classes_Resource * @see core_kernel_classes_ResourceFactory */ public function createInstanceWithProperties($properties) { $returnValue = null; // remove the additional types, because they might be implemented differently $additonalTypes = array(); if (isset($properties[RDF_TYPE])) { $types = is_array($properties[RDF_TYPE]) ? $properties[RDF_TYPE] : array($properties[RDF_TYPE]); foreach ($types as $type) { $uri = is_object($type) ? $type->getUri() : $type; if ($uri != $this->getUri()) { $additonalTypes[] = new core_kernel_classes_Class($uri); } } unset($properties[RDF_TYPE]); } // create the instance $returnValue = $this->getImplementation()->createInstanceWithProperties($this, $properties); foreach ($additonalTypes as $type) { $returnValue->setType($type); } PermissionManager::getPermissionModel()->onResourceCreated($returnValue); return $returnValue; }