public function assignPermissionAccess(PermissionAccess $pa)
{
$db = Loader::db();
$db->Replace('PagePermissionAssignments', array('cID' => $this->getPermissionObject()->getPermissionsCollectionID(), 'paID' => $pa->getPermissionAccessID(), 'pkID' => $this->pk->getPermissionKeyID()), array('cID', 'pkID'), true);
$pa->markAsInUse();
PermissionCache::clearAccessObject($this->pk, $this->getPermissionObject());
}
public function assignPermissionAccess(PermissionAccess $pa)
{
$db = Loader::db();
$co = $this->permissionObject->getBlockCollectionObject();
$arHandle = $this->permissionObject->getAreaHandle();
$db->Replace('BlockPermissionAssignments', array('cID' => $co->getCollectionID(), 'paID' => $pa->getPermissionAccessID(), 'cvID' => $co->getVersionID(), 'bID' => $this->permissionObject->getBlockID(), 'pkID' => $this->pk->getPermissionKeyID()), array('cID', 'cvID', 'bID', 'pkID'), true);
$pa->markAsInUse();
}
public function getAccessEntityUsers(PermissionAccess $pae)
{
if ($pae instanceof PagePermissionAccess) {
$c = $pae->getPermissionObject();
}
if (is_object($c) && $c instanceof Page) {
$pcID = $c->getCollectionParentID() ?: $c->getCollectionID();
// Check against this page, if no parent set
$ui = UserInfo::getByID($pcID);
$users = array($ui);
return $users;
}
}
public function validate(PermissionAccess $pae)
{
if ($pae instanceof FileSetPermissionAccess) {
return true;
}
if ($pae instanceof FilePermissionAccess) {
$f = $pae->getPermissionObject();
}
if (is_object($f)) {
$u = new User();
return $u->getUserID() == $f->getUserID();
}
return false;
}
public function getAccessEntityUsers(PermissionAccess $pae) {
if ($pae instanceof PagePermissionAccess) {
$c = $pae->getPermissionObject();
} else if ($pae instanceof AreaPermissionAccess) {
$c = $pae->getPermissionObject()->getAreaCollectionObject();
} else if ($pae instanceof BlockPermissionAccess) {
$a = $pae->getPermissionObject()->getBlockAreaObject();
$c = $a->getAreaCollectionObject();
}
if (is_object($c) && ($c instanceof Page)) {
$ui = UserInfo::getByID($c->getCollectionUserID());
$users = array($ui);
return $users;
}
}
public function save($args)
{
parent::save();
$db = Loader::db();
$db->Execute('delete from ' . $this->dbTableAccessList . ' where paID = ?', array($this->getPermissionAccessID()));
$db->Execute('delete from ' . $this->dbTableAccessListCustom . ' where paID = ?', array($this->getPermissionAccessID()));
if (is_array($args['groupsIncluded'])) {
foreach ($args['groupsIncluded'] as $peID => $permission) {
$v = array($peID, $this->getPermissionAccessID(), $permission);
$db->Execute('insert into ' . $this->dbTableAccessList . ' (peID, paID, permission) values (?, ?, ?)', $v);
}
}
if (is_array($args['groupsExcluded'])) {
foreach ($args['groupsExcluded'] as $peID => $permission) {
$v = array($peID, $this->getPermissionAccessID(), $permission);
$db->Execute('insert into ' . $this->dbTableAccessList . ' (peID, paID, permission) values (?, ?, ?)', $v);
}
}
if (is_array($args['gIDInclude'])) {
foreach ($args['gIDInclude'] as $peID => $gIDs) {
foreach ($gIDs as $gID) {
$v = array($peID, $this->getPermissionAccessID(), $gID);
$db->Execute('insert into ' . $this->dbTableAccessListCustom . ' (peID, paID, gID) values (?, ?, ?)', $v);
}
}
}
if (is_array($args['gIDExclude'])) {
foreach ($args['gIDExclude'] as $peID => $gIDs) {
foreach ($gIDs as $gID) {
$v = array($peID, $this->getPermissionAccessID(), $gID);
$db->Execute('insert into ' . $this->dbTableAccessListCustom . ' (peID, paID, gID) values (?, ?, ?)', $v);
}
}
}
}
public function save()
{
if (Loader::helper('validation/token')->validate('save_permissions')) {
$tp = new TaskPermission();
if ($tp->canAccessTaskPermissions()) {
$permissions = PermissionKey::getList('sitemap');
$permissions = array_merge($permissions, PermissionKey::getList('marketplace_newsflow'));
$permissions = array_merge($permissions, PermissionKey::getList('admin'));
foreach ($permissions as $pk) {
$paID = $_POST['pkID'][$pk->getPermissionKeyID()];
$pt = $pk->getPermissionAssignmentObject();
$pt->clearPermissionAssignment();
if ($paID > 0) {
$pa = PermissionAccess::getByID($paID, $pk);
if (is_object($pa)) {
$pt->assignPermissionAccess($pa);
}
}
}
$this->redirect('/dashboard/system/permissions/tasks', 'updated');
}
} else {
$this->error->add(Loader::helper("validation/token")->getErrorMessage());
}
}
public function save()
{
if (Loader::helper('validation/token')->validate('save_permissions')) {
$fs = FileSet::getGlobal();
$tp = new TaskPermission();
if ($tp->canAccessTaskPermissions()) {
$permissions = PermissionKey::getList('file_set');
foreach ($permissions as $pk) {
$pk->setPermissionObject($fs);
$paID = $_POST['pkID'][$pk->getPermissionKeyID()];
$pt = $pk->getPermissionAssignmentObject();
$pt->clearPermissionAssignment();
if ($paID > 0) {
$pa = PermissionAccess::getByID($paID, $pk);
if (is_object($pa)) {
$pt->assignPermissionAccess($pa);
}
}
}
$this->redirect('/dashboard/system/permissions/files', 'updated');
}
} else {
$this->error->add(Loader::helper("validation/token")->getErrorMessage());
}
}
public function updateDetails($post) {
$permissions = PermissionKey::getList('basic_workflow');
foreach($permissions as $pk) {
$pk->setPermissionObject($this);
$pt = $pk->getPermissionAssignmentObject();
$paID = $post['pkID'][$pk->getPermissionKeyID()];
$pt->clearPermissionAssignment();
if ($paID > 0) {
$pa = PermissionAccess::getByID($paID, $pk);
if (is_object($pa)) {
$pt->assignPermissionAccess($pa);
}
}
}
}
public function copyFromFileSetToFile()
{
$db = Loader::db();
$paID = $this->getPermissionAccessID();
if (is_array($paID)) {
// we have to merge the permissions access object into a new one.
$pa = PermissionAccess::create($this);
foreach ($paID as $paID) {
$pax = PermissionAccess::getByID($paID, $this);
$pax->duplicate($pa);
}
$paID = $pa->getPermissionAccessID();
}
if ($paID) {
$db = Loader::db();
$db->Replace('FilePermissionAssignments', array('fID' => $this->permissionObject->getFileID(), 'pkID' => $this->getPermissionKeyID(), 'paID' => $paID), array('fID', 'paID', 'pkID'), true);
}
}
public function approve(WorkflowProgress $wp)
{
$c = Page::getByID($this->getRequestedPageID());
$ps = $this->getPagePermissionSet();
$assignments = $ps->getPermissionAssignments();
foreach ($assignments as $pkID => $paID) {
$pk = PermissionKey::getByID($pkID);
$pk->setPermissionObject($c);
$pt = $pk->getPermissionAssignmentObject();
$pt->clearPermissionAssignment();
if ($paID > 0) {
$pa = PermissionAccess::getByID($paID, $pk);
if (is_object($pa)) {
$pt->assignPermissionAccess($pa);
}
}
}
$c->refreshCache();
$wpr = new WorkflowProgressResponse();
$wpr->setWorkflowProgressResponseURL(BASE_URL . DIR_REL . '/' . DISPATCHER_FILENAME . '?cID=' . $c->getCollectionID());
return $wpr;
}
public function run()
{
$bt = BlockType::getByHandle('guestbook');
if (is_object($bt)) {
$bt->refresh();
}
// add user export users task permission
$pk = PermissionKey::getByHandle('access_user_search_export');
if (!$pk instanceof PermissionKey) {
$pk = PermissionKey::add('user', 'access_user_search_export', 'Export Site Users', 'Controls whether a user can export site users or not', false, false);
$pa = $pk->getPermissionAccessObject();
if (!is_object($pa)) {
$pa = PermissionAccess::create($pk);
}
$adminGroup = Group::getByID(ADMIN_GROUP_ID);
//Make sure "Adminstrators" group still exists
if ($adminGroup) {
$adminGroupEntity = GroupPermissionAccessEntity::getOrCreate($adminGroup);
$pa->addListItem($adminGroupEntity);
$pt = $pk->getPermissionAssignmentObject();
$pt->assignPermissionAccess($pa);
}
}
if (!Config::get('SECURITY_TOKEN_JOBS')) {
Config::save('SECURITY_TOKEN_JOBS', Loader::helper('validation/identifier')->getString(64));
}
if (!Config::get('SECURITY_TOKEN_ENCRYPTION')) {
Config::save('SECURITY_TOKEN_ENCRYPTION', Loader::helper('validation/identifier')->getString(64));
}
if (!Config::get('SECURITY_TOKEN_VALIDATION')) {
Config::save('SECURITY_TOKEN_VALIDATION', Loader::helper('validation/identifier')->getString(64));
}
$sp = Page::getByPath('/dashboard/system/mail/method/test_settings');
if (!is_object($sp) || $sp->isError()) {
$sp = SinglePage::add('/dashboard/system/mail/method/test_settings');
$sp->update(array('cName' => t('Test Mail Settings')));
$sp->setAttribute('meta_keywords', 'test smtp, test mail');
}
}
public function assignPermissions($userOrGroup, $permissions = array(), $accessType = PagePermissionKey::ACCESS_TYPE_INCLUDE)
{
if ($this->cInheritPermissionsFrom != 'OVERRIDE') {
$this->setPermissionsToManualOverride();
$this->clearPagePermissions();
}
if (is_array($userOrGroup)) {
$pe = GroupCombinationPermissionAccessEntity::getOrCreate($userOrGroup);
// group combination
} else {
if ($userOrGroup instanceof User || $userOrGroup instanceof UserInfo) {
$pe = UserPermissionAccessEntity::getOrCreate($userOrGroup);
} else {
// group;
$pe = GroupPermissionAccessEntity::getOrCreate($userOrGroup);
}
}
foreach ($permissions as $pkHandle) {
$pk = PagePermissionKey::getByHandle($pkHandle);
$pk->setPermissionObject($this);
$pa = $pk->getPermissionAccessObject();
if (!is_object($pa)) {
$pa = PermissionAccess::create($pk);
}
$pa->addListItem($pe, false, $accessType);
$pt = $pk->getPermissionAssignmentObject();
$pt->assignPermissionAccess($pa);
$this->loadPermissionAssignments();
}
}
Loader::element('permission/labels', array('pk' => $pk, 'pa' => $pa));
}
if ($_REQUEST['task'] == 'save_permission_assignments' && Loader::helper("validation/token")->validate('save_permission_assignments')) {
$permissions = PermissionKey::getList('file');
foreach ($permissions as $pk) {
$paID = $_POST['pkID'][$pk->getPermissionKeyID()];
$pk->setPermissionObject($f);
$pt = $pk->getPermissionAssignmentObject();
$pt->clearPermissionAssignment();
if ($paID > 0) {
$pa = PermissionAccess::getByID($paID, $pk);
if (is_object($pa)) {
$pt->assignPermissionAccess($pa);
}
}
}
}
if ($_REQUEST['task'] == 'save_workflows' && Loader::helper("validation/token")->validate('save_workflows')) {
$pk = PermissionKey::getByID($_REQUEST['pkID']);
$pk->setPermissionObject($f);
$pa = PermissionAccess::getByID($_REQUEST['paID'], $pk);
$pk->clearWorkflows();
foreach ($_POST['wfID'] as $wfID) {
$wf = Workflow::getByID($wfID);
if (is_object($wf)) {
$pk->attachWorkflow($wf);
}
}
}
}
}
protected function migrateBlockPermissions()
{
if (PERMISSIONS_MODEL == 'simple') {
return;
}
$db = Loader::db();
$tables = $db->MetaTables();
if (!in_array('CollectionVersionBlockPermissions', $tables)) {
return false;
}
// permissions
$permissionMap = array('r' => array(PermissionKey::getByHandle('view_block')), 'wa' => array(PermissionKey::getByHandle('edit_block'), PermissionKey::getByHandle('edit_block_custom_template'), PermissionKey::getByHandle('edit_block_design')), 'db' => array(PermissionKey::getByHandle('delete_block'), PermissionKey::getByHandle('schedule_guest_access'), PermissionKey::getByHandle('edit_block_permissions')));
$r = $db->Execute('select * from CollectionVersionBlockPermissions order by cID asc');
while ($row = $r->FetchRow()) {
$pe = $this->migrateAccessEntity($row);
if (!$pe) {
continue;
}
$permissions = $this->getPermissionsArray($row['cbgPermissions']);
$co = Page::getByID($row['cID'], $row['cvID']);
if (!is_object($co) || $co->isError()) {
continue;
}
$arHandle = $db->GetOne('select arHandle from CollectionVersionBlocks cvb where cvb.cID = ? and
cvb.cvID = ? and cvb.bID = ?', array($row['cID'], $row['cvID'], $row['bID']));
$a = Area::get($co, $arHandle);
$bo = Block::getByID($row['bID'], $co, $a);
if (is_object($bo)) {
foreach ($permissions as $p) {
$permissionsToApply = $permissionMap[$p];
foreach ($permissionsToApply as $pko) {
$pko->setPermissionObject($bo);
$pt = $pko->getPermissionAssignmentObject();
$pa = $pko->getPermissionAccessObject();
if (!is_object($pa)) {
$pa = PermissionAccess::create($pko);
} else {
if ($pa->isPermissionAccessInUse()) {
$pa = $pa->duplicate();
}
}
$pa->addListItem($pe, false, BlockPermissionKey::ACCESS_TYPE_INCLUDE);
$pt->assignPermissionAccess($pa);
}
}
}
}
}
<?php
defined('C5_EXECUTE') or die("Access Denied.");
?>
<?php
$permissionAccess = $key->getPermissionAssignmentObject()->getPermissionAccessObject();
if (!is_object($permissionAccess)) {
$permissionAccess = PermissionAccess::create($key);
}
?>
<form id="ccm-permissions-detail-form" onsubmit="return ccm_submitPermissionsDetailForm()" method="post" action="<?php
echo $key->getPermissionAssignmentObject()->getPermissionKeyToolsURL();
?>
">
<input type="hidden" name="paID" value="<?php
echo $permissionAccess->getPermissionAccessID();
?>
" />
<div id="ccm-tab-content-access-types">
<?php
View::element('permission/keys/notify_in_notification_center', array('permissionAccess' => $permissionAccess));
?>
</div>
<div class="ccm-dashboard-form-actions-wrapper" style="display:none">
$pe = PermissionAccessEntity::getByID($_REQUEST['peID']);
$pa->removeListItem($pe);
}
if ($_REQUEST['task'] == 'save_permission' && Loader::helper("validation/token")->validate('save_permission')) {
$pk = AreaPermissionKey::getByID($_REQUEST['pkID']);
$pk->setPermissionObject($ax);
$pa = PermissionAccess::getByID($_REQUEST['paID'], $pk);
$pa->save($_POST);
}
if ($_REQUEST['task'] == 'display_access_cell' && Loader::helper("validation/token")->validate('display_access_cell')) {
$pk = PermissionKey::getByID($_REQUEST['pkID']);
$pa = PermissionAccess::getByID($_REQUEST['paID'], $pk);
Loader::element('permission/labels', array('pk' => $pk, 'pa' => $pa));
}
if ($_REQUEST['task'] == 'save_permission_assignments' && Loader::helper("validation/token")->validate('save_permission_assignments')) {
$permissions = PermissionKey::getList('area');
foreach ($permissions as $pk) {
$paID = $_POST['pkID'][$pk->getPermissionKeyID()];
$pk->setPermissionObject($ax);
$pt = $pk->getPermissionAssignmentObject();
$pt->clearPermissionAssignment();
if ($paID > 0) {
$pa = PermissionAccess::getByID($paID, $pk);
if (is_object($pa)) {
$pt->assignPermissionAccess($pa);
}
}
}
}
}
}
public function file_sets_edit(){
extract($this->getHelperObjects());
Loader::model('file_set');
//do my editing
if (!$validation_token->validate("file_sets_edit")) {
$this->set('error', array($validation_token->getErrorMessage()));
$this->view();
return;
}
if(!$this->post('fsID')){
$this->set('error', array(t('Invalid ID')));
$this->view();
}
$file_set = new FileSet();
$file_set->Load('fsID = ?', $this->post('fsID'));
$file_set->fsName = $this->post('file_set_name');
$copyPermissionsFromBase = false;
if ($file_set->fsOverrideGlobalPermissions == 0 && $this->post('fsOverrideGlobalPermissions') == 1) {
// we are checking the checkbox for the first time
$copyPermissionsFromBase = true;
}
if ($file_set->fsOverrideGlobalPermissions) {
$permissions = PermissionKey::getList('file_set');
foreach($permissions as $pk) {
$pk->setPermissionObject($file_set);
$pt = $pk->getPermissionAssignmentObject();
$paID = $_POST['pkID'][$pk->getPermissionKeyID()];
$pt->clearPermissionAssignment();
if ($paID > 0) {
$pa = PermissionAccess::getByID($paID, $pk);
if (is_object($pa)) {
$pt->assignPermissionAccess($pa);
}
}
}
}
$file_set->fsOverrideGlobalPermissions = ($this->post('fsOverrideGlobalPermissions') == 1) ? 1 : 0;
$file_set->save();
parse_str($this->post('fsDisplayOrder'));
$file_set->updateFileSetDisplayOrder($fID);
if ($file_set->fsOverrideGlobalPermissions == 0) {
$file_set->resetPermissions();
}
if ($copyPermissionsFromBase) {
$file_set->acquireBaseFileSetPermissions();
}
$this->redirect("/dashboard/files/sets", 'view_detail', $this->post('fsID'), 'file_set_updated');
}
public function getPermissionAccessObject()
{
$db = Loader::db();
$paID = $db->GetOne('select paID from PermissionAssignments where pkID = ?', array($this->pk->getPermissionKeyID()));
return PermissionAccess::getByID($paID, $this->pk);
}
<? defined('C5_EXECUTE') or die("Access Denied."); ?>
<?
if ($_REQUEST['paID'] && $_REQUEST['paID'] > 0) {
$pa = PermissionAccess::getByID($_REQUEST['paID'], $permissionKey);
if ($pa->isPermissionAccessInUse()) {
$pa = $pa->duplicate();
}
} else {
$pa = PermissionAccess::create($permissionKey);
}
?>
<div class="ccm-ui" id="ccm-permission-detail">
<form id="ccm-permissions-detail-form" onsubmit="return ccm_submitPermissionsDetailForm()" method="post" action="<?php
echo $permissionKey->getPermissionAssignmentObject()->getPermissionKeyToolsURL();
?>
">
<input type="hidden" name="paID" value="<?php
echo $pa->getPermissionAccessID();
?>
" />
<? $workflows = Workflow::getList();?>
<? Loader::element('permission/message_list'); ?>
<?
$tabs = array();
$pt->clearPermissionAssignment();
if ($paID > 0) {
$pa = PermissionAccess::getByID($paID, $pk);
if (is_object($pa)) {
$pt->assignPermissionAccess($pa);
}
}
}
}
}
if ($p->canScheduleGuestAccess()) {
if ($_REQUEST['task'] == 'set_timed_guest_access' && Loader::helper("validation/token")->validate('set_timed_guest_access')) {
if (!$b->overrideAreaPermissions()) {
$b->doOverrideAreaPermissions();
}
$pk = PermissionKey::getByHandle('view_block');
$pk->setPermissionObject($b);
$pa = $pk->getPermissionAccessObject();
if (!is_object($pa)) {
$pa = PermissionAccess::create($pk);
}
$pe = GroupPermissionAccessEntity::getOrCreate(Group::getByID(GUEST_GROUP_ID));
$pd = PermissionDuration::translateFromRequest();
$pa->addListItem($pe, $pd, BlockPermissionKey::ACCESS_TYPE_INCLUDE);
$pt = $pk->getPermissionAssignmentObject();
$pt->assignPermissionAccess($pa);
}
}
}
private function setPermissions()
{
/*
* This only covers permissions in 5.6+ They changed quite massively at
* that revision. Eventually, this package will have other branches for
* earlier versions.
*
* Not everything shown here will work with simple permissions. People
* will just be set as able to view or admin, the nuanced stuff about
* sub page permissions, etc will not be applied
*
* First off, we need to set up arrays of what people are allowed to do.
*/
$viewOnly = array('view_page');
$writePage = array('view_page', 'view_page_versions', 'edit_page_properties', 'edit_page_contents', 'approve_page_versions');
$adminPage = array('edit_page_speed_settings', 'edit_page_permissions', 'edit_page_theme', 'schedule_page_contents_guest_access', 'edit_page_type', 'delete_page', 'preview_page_as_user', 'delete_page_versions', 'move_or_copy_page', 'edit_page_type');
// Now to get the the group that we made for boilerplate
$bpGroup = Group::getByName("Boilerplate Admins");
// Then the current user, again, could be anyone
$u = new User();
$ui = UserInfo::getByID($u->getUserID());
// and our sample page
$bpPage = Page::getByPath('/boilerplate-sample');
if (is_object($bpPage) && is_a($bpPage, "Page")) {
// by passing in -1, we are saying that all permissions in the array are
// not allowed
//
// After some more digging, it seems like saying can't view doesn't
// work properly. It will hide the page from everyone. If you simply
// don't assign any permissions for them at all, then it works properly
// I don't get why that is, might be a bug.
//
// $bpPage->assignPermissions(Group::getByID(GUEST_GROUP_ID), $viewOnly, -1);
// $bpPage->assignPermissions(Group::getByID(REGISTERED_GROUP_ID), $viewOnly, -1);
$bpPage->assignPermissions(Group::getByID(ADMIN_GROUP_ID), $adminPage);
$bpPage->assignPermissions(Group::getByID(ADMIN_GROUP_ID), $writePage);
$bpPage->assignPermissions($bpGroup, $writePage);
$bpPage->assignPermissions($ui, $writePage);
// at this point, our page will let people edit, and others can't even view
// in order to allow sub-pages to be added by our admins, we'll need to get
// a _bit_ more complicated.
// this could probbly be cleaned up a little, to be more efficient
// first get the ctID of the page type we want them to be able to add
$bpID = CollectionType::getByHandle('boilerplate')->getCollectionTypeID();
// In order to allow the user to add sub pages, we need to do this
$bpAdminUserPE = UserPermissionAccessEntity::getOrCreate($ui);
$entities[] = $bpAdminUserPE;
// lets them add external links
$args = array();
$args['allowExternalLinksIncluded'][$bpAdminUserPE->getAccessEntityID()] = 1;
// I can't remember why it's "C" or what the other options are...
$args['pageTypesIncluded'][$bpAdminUserPE->getAccessEntityID()] = 'C';
// you can repeat this with as many different collection type IDs as you like
$args['ctIDInclude'][$bpAdminUserPE->getAccessEntityID()][] = $bpID;
// now to allow it for groups
$bpAdminPE = GroupPermissionAccessEntity::getOrCreate($bpGroup);
$entities[] = $bpAdminPE;
$args['allowExternalLinksIncluded'][$bpAdminPE->getAccessEntityID()] = 1;
$args['pageTypesIncluded'][$bpAdminPE->getAccessEntityID()] = 'C';
$args['ctIDInclude'][$bpAdminPE->getAccessEntityID()][] = $bpID;
// ordinary admins
$adminPE = GroupPermissionAccessEntity::getOrCreate(Group::getByID(ADMIN_GROUP_ID));
$entities[] = $adminPE;
$args['allowExternalLinksIncluded'][$adminPE->getAccessEntityID()] = 1;
$args['pageTypesIncluded'][$adminPE->getAccessEntityID()] = 'C';
$args['ctIDInclude'][$adminPE->getAccessEntityID()][] = $bpID;
// and now some crazy voodoo
$pk = PagePermissionKey::getByHandle('add_subpage');
$pk->setPermissionObject($bpPage);
$pt = $pk->getPermissionAssignmentObject();
$pa = $pk->getPermissionAccessObject();
if (!is_object($pa)) {
$pa = PermissionAccess::create($pk);
}
foreach ($entities as $pe) {
$pa->addListItem($pe, false, PagePermissionKey::ACCESS_TYPE_INCLUDE);
}
$pa->save($args);
$pt->assignPermissionAccess($pa);
// and now we set it so that sub-pages added under this page
// inherit the same permissions
$pkr = new ChangeSubpageDefaultsInheritancePageWorkflowRequest();
$pkr->setRequestedPage($bpPage);
// if you pass in 0, they will inherit from page type default
// permissions in the dashboard. That's what they would do anyway,
// if you don't do any of this stuff.
$pkr->setPagePermissionsInheritance(1);
$pkr->setRequesterUserID($u->getUserID());
$pkr->trigger();
}
}
protected function importPermissions(SimpleXMLElement $sx) {
if (isset($sx->permissionkeys)) {
foreach($sx->permissionkeys->permissionkey as $pk) {
$pkc = PermissionKeyCategory::getByHandle((string) $pk['category']);
$pkg = ContentImporter::getPackageObject($pk['package']);
$txt = Loader::helper('text');
$className = $txt->camelcase($pkc->getPermissionKeyCategoryHandle());
$c1 = $className . 'PermissionKey';
$pkx = call_user_func(array($c1, 'import'), $pk);
if (isset($pk->access)) {
foreach($pk->access->children() as $ch) {
if ($ch->getName() == 'group') {
$g = Group::getByName($ch['name']);
if (!is_object($g)) {
$g = Group::add($g['name'], $g['description']);
}
$pae = GroupPermissionAccessEntity::getOrCreate($g);
$pa = PermissionAccess::create($pkx);
$pa->addListItem($pae);
$pt = $pkx->getPermissionAssignmentObject();
$pt->assignPermissionAccess($pa);
}
}
}
}
}
}
public function assignPermissionAccess(PermissionAccess $pa)
{
$db = Loader::db();
$db->Replace('BasicWorkflowPermissionAssignments', array('wfID' => $this->getPermissionObject()->getWorkflowID(), 'paID' => $pa->getPermissionAccessID(), 'pkID' => $this->pk->getPermissionKeyID()), array('wfID', 'pkID'), true);
$pa->markAsInUse();
}
public function view()
{
if (PERMISSIONS_MODEL != 'simple') {
return;
}
$editAccess = array();
$home = Page::getByID(1, "RECENT");
$pk = PermissionKey::getByHandle('view_page');
$pk->setPermissionObject($home);
$assignments = $pk->getAccessListItems();
foreach ($assignments as $asi) {
$ae = $asi->getAccessEntityObject();
if ($ae->getAccessEntityTypeHandle() == 'group' && $ae->getGroupObject()->getGroupID() == GUEST_GROUP_ID) {
$this->set('guestCanRead', true);
} else {
if ($ae->getAccessEntityTypeHandle() == 'group' && $ae->getGroupObject()->getGroupID() == REGISTERED_GROUP_ID) {
$this->set('registeredCanRead', true);
}
}
}
Loader::model('search/group');
$gl = new GroupSearch();
$gl->filter('gID', REGISTERED_GROUP_ID, '>');
$gIDs = $gl->get();
$gArray = array();
foreach ($gIDs as $gID) {
$gArray[] = Group::getByID($gID['gID']);
}
$pk = PermissionKey::getByHandle('edit_page_contents');
$pk->setPermissionObject($home);
$assignments = $pk->getAccessListItems();
foreach ($assignments as $asi) {
$ae = $asi->getAccessEntityObject();
if ($ae->getAccessEntityTypeHandle() == 'group') {
$editAccess[] = $ae->getGroupObject()->getGroupID();
}
}
$this->set('home', $home);
$this->set('gArray', $gArray);
$this->set('editAccess', $editAccess);
if ($this->isPost()) {
if ($this->token->validate('site_permissions_code')) {
switch ($_POST['view']) {
case "ANYONE":
$viewObj = GroupPermissionAccessEntity::getOrCreate(Group::getByID(GUEST_GROUP_ID));
break;
case "USERS":
$viewObj = GroupPermissionAccessEntity::getOrCreate(Group::getByID(REGISTERED_GROUP_ID));
break;
case "PRIVATE":
$viewObj = GroupPermissionAccessEntity::getOrCreate(Group::getByID(ADMIN_GROUP_ID));
break;
}
$pk = PermissionKey::getByHandle('view_page');
$pk->setPermissionObject($home);
$pt = $pk->getPermissionAssignmentObject();
$pt->clearPermissionAssignment();
$pa = PermissionAccess::create($pk);
$pa->addListItem($viewObj);
$pt->assignPermissionAccess($pa);
$editAccessEntities = array();
if (is_array($_POST['gID'])) {
foreach ($_POST['gID'] as $gID) {
$editAccessEntities[] = GroupPermissionAccessEntity::getOrCreate(Group::getByID($gID));
}
}
$editPermissions = array('view_page_versions', 'edit_page_properties', 'edit_page_contents', 'edit_page_speed_settings', 'edit_page_theme', 'edit_page_type', 'edit_page_permissions', 'delete_page', 'preview_page_as_user', 'schedule_page_contents_guest_access', 'delete_page_versions', 'approve_page_versions', 'add_subpage', 'move_or_copy_page');
foreach ($editPermissions as $pkHandle) {
$pk = PermissionKey::getByHandle($pkHandle);
$pk->setPermissionObject($home);
$pt = $pk->getPermissionAssignmentObject();
$pt->clearPermissionAssignment();
$pa = PermissionAccess::create($pk);
foreach ($editAccessEntities as $editObj) {
$pa->addListItem($editObj);
}
$pt->assignPermissionAccess($pa);
}
$pkx = PermissionKey::getbyHandle('add_block');
$pt = $pkx->getPermissionAssignmentObject();
$pt->clearPermissionAssignment();
$pa = PermissionAccess::create($pkx);
foreach ($editAccessEntities as $editObj) {
$pa->addListItem($editObj);
}
$pt->assignPermissionAccess($pa);
$pkx = PermissionKey::getbyHandle('add_stack');
$pt = $pkx->getPermissionAssignmentObject();
$pt->clearPermissionAssignment();
$pa = PermissionAccess::create($pkx);
foreach ($editAccessEntities as $editObj) {
$pa->addListItem($editObj);
}
$pt->assignPermissionAccess($pa);
Cache::flush();
$this->redirect('/dashboard/system/permissions/site/', 'saved');
} else {
$this->error->add($this->token->getErrorMessage());
}
}
}
if ($_REQUEST['paReplaceAll'] == 'add') {
$pk->setPermissionObject($c);
$pa = $pk->getPermissionAccessObject();
if (is_object($pa)) {
// that means that we have to take the current $pa object, and the new $pa object, and merge them together into
// a third object, and try and assign that object
$orig = $pa->duplicate();
$newpa = PermissionAccess::getByID($newPAID, $pk);
$pa = $newpa->duplicate($orig);
} else {
// no current $pa object, which means we assign the new $pa object to this thing
$pk->setPermissionObject($c);
$pa = PermissionAccess::getByID($newPAID, $pk);
}
} else {
$pa = PermissionAccess::getByID($newPAID, $pk);
}
$pkr = new ChangePagePermissionsPageWorkflowRequest();
$pkr->setRequestedPage($c);
$ps = new PermissionSet();
$ps->setPermissionKeyCategory('page');
$ps->addPermissionAssignment($pk->getPermissionKeyID(), $pa->getPermissionAccessID());
$pkr->setPagePermissionSet($ps);
$pkr->setRequesterUserID($u->getUserID());
$u->unloadCollectionEdit($c);
$response = $pkr->trigger();
if (!$response instanceof \Concrete\Core\Workflow\Progress\Response) {
$deferred = true;
}
}
}
public function assignPermissions($userOrGroup, $permissions = array(), $accessType = FileSetPermissionKey::ACCESS_TYPE_INCLUDE)
{
$db = Loader::db();
if ($this->fsID > 0) {
$db->Execute("update FileSets set fsOverrideGlobalPermissions = 1 where fsID = ?", array($this->fsID));
$this->fsOverrideGlobalPermissions = true;
}
if (is_array($userOrGroup)) {
$pe = GroupCombinationPermissionAccessEntity::getOrCreate($userOrGroup);
// group combination
} else {
if ($userOrGroup instanceof User || $userOrGroup instanceof UserInfo) {
$pe = UserPermissionAccessEntity::getOrCreate($userOrGroup);
} else {
// group;
$pe = GroupPermissionAccessEntity::getOrCreate($userOrGroup);
}
}
foreach ($permissions as $pkHandle) {
$pk = PermissionKey::getByHandle($pkHandle);
$pk->setPermissionObject($this);
$pa = $pk->getPermissionAccessObject();
if (!is_object($pa)) {
$pa = PermissionAccess::create($pk);
} else {
if ($pa->isPermissionAccessInUse()) {
$pa = $pa->duplicate();
}
}
$pa->addListItem($pe, false, $accessType);
$pt = $pk->getPermissionAssignmentObject();
$pt->assignPermissionAccess($pa);
}
}
public static function create(PermissionKey $pk) {
$db = Loader::db();
$db->Execute('insert into PermissionAccess (paIsInUse) values (0)');
return PermissionAccess::getByID($db->Insert_ID(), $pk);
}
public function assignPermissionAccess(PermissionAccess $pa)
{
$db = Loader::db();
$db->Replace('AreaPermissionAssignments', array('cID' => $this->getPermissionObject()->getCollectionID(), 'arHandle' => $this->getPermissionObject()->getAreaHandle(), 'paID' => $pa->getPermissionAccessID(), 'pkID' => $this->pk->getPermissionKeyID()), array('cID', 'arHandle', 'pkID'), true);
$pa->markAsInUse();
}
