protected function _initAcl()
 {
     $acl = new Zend_Acl();
     $acl->addRole(Infra_AclHelper::ROLE_GUEST);
     $currentRole = Infra_AclHelper::getCurrentRole();
     $currentPermissions = Infra_AclHelper::getCurrentPermissions();
     if (!$acl->hasRole($currentRole)) {
         $acl->addRole($currentRole);
     }
     $accessItems = Zend_Registry::get('config')->access;
     $allAccess = array();
     foreach ($accessItems as $resource => $accessConfig) {
         if (!$accessConfig instanceof Zend_Config) {
             $requiredPermissions = $accessConfig;
         } else {
             if (isset($accessConfig->all)) {
                 $requiredPermissions = $accessConfig->all;
             } else {
                 continue;
             }
         }
         $acl->addResource(new Zend_Acl_Resource($resource));
         if ($requiredPermissions) {
             $allow = true;
             if ($requiredPermissions != '*') {
                 $allAccess[$resource] = $requiredPermissions;
                 $requiredPermissions = array_map('trim', explode(',', $requiredPermissions));
                 foreach ($requiredPermissions as $required) {
                     if (!in_array($required, $currentPermissions, true)) {
                         $allow = false;
                         break;
                     }
                 }
             }
             if ($allow) {
                 $acl->allow($currentRole, $resource);
             } else {
                 $acl->deny($currentRole, $resource);
             }
         }
     }
     foreach ($accessItems as $resource => $accessConfig) {
         if ($accessConfig instanceof Zend_Config) {
             foreach ($accessConfig as $action => $requiredPermissions) {
                 if ($action == 'all') {
                     continue;
                 }
                 $acl->addResource(new Zend_Acl_Resource($resource . $action), $resource);
                 $allow = true;
                 if ($requiredPermissions != '*') {
                     if (isset($allAccess[$resource])) {
                         $requiredPermissions .= ',' . $allAccess[$resource];
                     }
                     $requiredPermissions = array_map('trim', explode(',', $requiredPermissions));
                     foreach ($requiredPermissions as $required) {
                         if (!in_array($required, $currentPermissions, true)) {
                             $allow = false;
                             break;
                         }
                     }
                 } else {
                     //If no special permission is required to view this resource, it should be added to the whitelisted resources
                     $resourceUrl = "{$resource}/{$action}";
                     Infra_AuthPlugin::addToWhitelist($resourceUrl);
                 }
                 if ($allow) {
                     $acl->allow($currentRole, $resource, $action);
                 } else {
                     $acl->deny($currentRole, $resource, $action);
                 }
             }
         }
     }
     Zend_Registry::set('acl', $acl);
 }
예제 #2
0
 public function listAction()
 {
     $request = $this->getRequest();
     $page = $this->_getParam('page', 1);
     $pageSize = $this->_getParam('pageSize', 10);
     // reset form url
     $action = $this->view->url(array('controller' => $request->getParam('controller'), 'action' => $request->getParam('action')), null, true);
     $client = Infra_ClientHelper::getClient();
     $form = new Form_PartnerFilter();
     $form->setAction($action);
     $systemPartnerPlugin = Kaltura_Client_SystemPartner_Plugin::get($client);
     $partnerPackages = $systemPartnerPlugin->systemPartner->getPackages();
     Form_PackageHelper::addPackagesToForm($form, $partnerPackages, 'partner_package', true, 'All Service Editions');
     if ($request->isPost() && $request->getParam('filter_type')) {
         $form->isValid($request->getPost());
     }
     $this->view->partnerPackages = array();
     foreach ($partnerPackages as $package) {
         $this->view->partnerPackages[$package->id] = $package->name;
     }
     // init filter
     $partnerFilter = $this->getPartnerFilterFromRequest($request);
     // if non-commercial partners are not allowed, add to filter
     if (Infra_AclHelper::isAllowed('partner', 'commercial')) {
         $this->view->commercialFiltered = false;
     } else {
         $this->view->commercialFiltered = true;
         $partnerFilter->partnerPackageLessThanOrEqual = self::PARTNER_PACKAGE_FREE;
     }
     // get results and paginate
     $systemPartnerPlugin = Kaltura_Client_SystemPartner_Plugin::get($client);
     $paginatorAdapter = new Infra_FilterPaginator($systemPartnerPlugin->systemPartner, "listAction", null, $partnerFilter);
     $paginator = new Infra_Paginator($paginatorAdapter, $request);
     $paginator->setCurrentPageNumber($page);
     $paginator->setItemCountPerPage($pageSize);
     // popule the form
     $form->populate($request->getParams());
     // set view
     $this->view->form = $form;
     $this->view->paginator = $paginator;
     $plugins = array();
     $pluginInstances = KalturaPluginManager::getPluginInstances('IKalturaAdminConsolePages');
     $partnerActionPluginPages = array();
     foreach ($pluginInstances as $pluginInstance) {
         $pluginPages = $pluginInstance->getApplicationPages(Infra_AclHelper::getCurrentPermissions());
         foreach ($pluginPages as $pluginPage) {
             if ($pluginPage instanceof IKalturaAdminConsolePublisherAction && $pluginPage->accessCheck(Infra_AclHelper::getCurrentPermissions())) {
                 $partnerActionPluginPages[] = $pluginPage;
             }
         }
     }
     $this->view->partnerActionPluginPages = $partnerActionPluginPages;
 }