function addActionPermissionItem($itemCfg) { // verify obligatory fields if (!$itemCfg->service) { throw new Exception('Permission item service must be set'); } if (!$itemCfg->action) { throw new Exception('Permission item action must be set'); } if (is_null($itemCfg->partnerId) || $itemCfg->partnerId === '') { throw new Exception('Permission item partner id must be set'); } // check if item already exists in db $c = new Criteria(); $c->addAnd(kApiActionPermissionItem::SERVICE_COLUMN_NAME, strtolower($itemCfg->service), Criteria::EQUAL); $c->addAnd(kApiActionPermissionItem::ACTION_COLUMN_NAME, strtolower($itemCfg->action), Criteria::EQUAL); $c->addAnd(PermissionItemPeer::PARTNER_ID, array(PartnerPeer::GLOBAL_PARTNER, $itemCfg->partnerId), Criteria::IN); $c->addAnd(PermissionItemPeer::TYPE, PermissionItemType::API_ACTION_ITEM, Criteria::EQUAL); $existingItem = PermissionItemPeer::doSelectOne($c); $item = null; if ($existingItem) { $item = $existingItem; KalturaLog::log('Permission item for [' . $item->getService() . '->' . $item->getAction() . '] partner id [' . $item->getPartnerId() . '] already exists with id [' . $existingItem->getId() . ']'); } else { // save new permission item object $item = new kApiActionPermissionItem(); foreach ($itemCfg as $key => $value) { if ($key === 'permissions') { continue; // permissions are set later } $setterCallback = array($item, "set{$key}"); call_user_func_array($setterCallback, array($value)); } // service and action are always kept in lowercase $item->setService(strtolower($item->getService())); $item->setAction(strtolower($item->getAction())); $item->save(); KalturaLog::log('New permission item id [' . $item->getId() . '] added for [' . $item->getService() . '->' . $item->getAction() . '] partner id [' . $item->getPartnerId() . ']'); } // add item to each defined permission $permissionNames = array_map('trim', explode(',', $itemCfg->permissions)); addItemToPermissions($item, $permissionNames, $itemCfg->partnerId); }
function setPermissions($serviceConfig, $setBaseSystemPermissions, $userSessionPermission, $noKsPermission, $partnerId) { // get list of services defined in the services.ct files $servicesTable = $serviceConfig->getAllServicesByCt(); // for each defined service.action foreach ($servicesTable as $ctPath => $services) { foreach ($services as $serviceActionName) { $serviceConfig->setServiceName($serviceActionName); $serviceSplit = explode('.', $serviceActionName); $serviceName = $serviceSplit[0]; $actionName = $serviceSplit[1]; $ticketTypes = explode(',', $serviceConfig->getTicketType()); $serviceId = $serviceName; $pluginName = getPluginNameFromServicesCtPath($ctPath); if ($pluginName) { $serviceId = strtolower($pluginName) . '_' . $serviceId; } $serviceClass = KalturaServicesMap::getService($serviceId); if (!$serviceClass) { $tmpServiceIds = KalturaServicesMap::getServiceIdsFromName($serviceName); if ($tmpServiceIds && count($tmpServiceIds) == 1) { $serviceId = reset($tmpServiceIds); $serviceClass = KalturaServicesMap::getService($serviceId); } } if (!$serviceClass) { $msg = '***** ERROR - service id [' . $serviceId . '] not found in services map!'; KalturaLog::alert($msg); echo $msg . PHP_EOL; continue; } // skip action if set with ticket type N (blocked) if (in_array(BLOCKED_TICKET_TYPE, $ticketTypes)) { $msg = '***** NOTICE - Action [' . $serviceActionName . '] is set with ticket type N (blocked) -> skipping!'; KalturaLog::notice($msg); echo $msg . PHP_EOL; continue; } // check if a permission item for the current action already exists $c = new Criteria(); $c->addAnd(kApiActionPermissionItem::SERVICE_COLUMN_NAME, $serviceId, Criteria::EQUAL); $c->addAnd(kApiActionPermissionItem::ACTION_COLUMN_NAME, $actionName, Criteria::EQUAL); $c->addAnd(PermissionItemPeer::PARTNER_ID, array(PartnerPeer::GLOBAL_PARTNER, $partnerId), Criteria::IN); $permissionItem = PermissionItemPeer::doSelectOne($c); if ($permissionItem) { $msg = '***** NOTICE - Permission item for [' . $serviceActionName . '] already exists with id [' . $permissionItem->getId() . ']'; KalturaLog::alert($msg); echo $msg . PHP_EOL; } else { // create a new api action permission item and save it $permissionItem = new kApiActionPermissionItem(); $permissionItem->setService($serviceId); $permissionItem->setAction($actionName); $permissionItem->setPartnerId($partnerId); $permissionItem->save(); } // get the defined permission names from the tags section of the services.ct file $permissionNames = $serviceConfig->getTags(); $permissionNames = explode(',', $permissionNames); $anyPermissionSet = false; // was any permission set to include the current permission item or not foreach ($permissionNames as $permissionName) { if (!$permissionName) { continue; } // add the permission item to all its defined permission objects $c = new Criteria(); $c->addAnd(PermissionPeer::NAME, $permissionName, Criteria::EQUAL); $c->addAnd(PermissionPeer::TYPE, PermissionType::NORMAL, Criteria::EQUAL); //$c->addAnd(PermissionPeer::PARTNER_ID, array(PartnerPeer::GLOBAL_PARTNER, $partnerId), Criteria::IN); $permission = PermissionPeer::doSelectOne($c); if (!$permission) { $msg = '***** ERROR - Permission [' . $permissionName . '] not found in DB although set for [' . $serviceActionName . ']'; KalturaLog::alert($msg); echo $msg . PHP_EOL; continue; } $permission->addPermissionItem($permissionItem->getId(), true); $anyPermissionSet = true; } // add permission item to the basic NO_KS and USER_KS permissions according to its ticket type // (partner admin role already contains all other permissions) if ($setBaseSystemPermissions) { if (in_array(NO_KS_TICKET_TYPE, $ticketTypes)) { $noKsPermission->addPermissionItem($permissionItem->getId(), true); $userSessionPermission->addPermissionItem($permissionItem->getId(), true); $anyPermissionSet = true; } else { if (in_array(USER_KS_TICKET_TYPE, $ticketTypes)) { $userSessionPermission->addPermissionItem($permissionItem->getId(), true); $anyPermissionSet = true; } } } if (!$anyPermissionSet) { $msg = '***** ERROR - No permission was set for [' . $serviceActionName . ']'; KalturaLog::alert($msg); echo $msg . PHP_EOL; } } } }