/** * Unit test for eZPolicy::saveTemporary() */ public function testSaveTemporary() { // Get the first policy from the anonymous role $policyList = $this->getRole()->policyList(); $policy = current($policyList); $originalPolicyID = $policy->attribute('id'); // The first fetch should create the temporary copy $temporaryPolicy = eZPolicy::fetchTemporaryCopy($policy->attribute('id')); $temporaryPolicy->saveTemporary(); // Check that the temporary policy has been moved to original $this->assertEquals(0, $temporaryPolicy->attribute('original_id')); // Check that the source policy has been removed $oldPolicy = eZPolicy::fetch($originalPolicyID); $this->assertNull($oldPolicy); }
$nodeLimitation = eZPolicyLimitation::fetchByIdentifier($policy->attribute('id'), 'Node'); if ($nodeLimitation == null) { $nodeLimitation = eZPolicyLimitation::createNew($policy->attribute('id'), 'Node'); } foreach ($selectedNodeIDList as $nodeID) { if (!in_array($nodeID, $nodeIDList)) { $nodeLimitationValue = eZPolicyLimitationValue::createNew($nodeLimitation->attribute('id'), $nodeID); $node = eZContentObjectTreeNode::fetch($nodeID); $nodeList[] = $node; } } } if ($http->hasPostVariable('SelectedNodeIDArray') and $http->postVariable('BrowseActionName') == 'FindLimitationSubtree' and !$http->hasPostVariable('BrowseCancelButton')) { $selectedSubtreeIDList = $http->postVariable('SelectedNodeIDArray'); if ($http->hasSessionVariable('BrowsePolicyID')) { $policy = eZPolicy::fetch($http->sessionVariable('BrowsePolicyID')); } else { $policy = eZPolicy::createNew($roleID, array('ModuleName' => $currentModule, 'FunctionName' => $currentFunction, 'Limitation' => '')); $http->setSessionVariable('BrowsePolicyID', $policy->attribute('id')); } $subtreeLimitation = eZPolicyLimitation::fetchByIdentifier($policy->attribute('id'), 'Subtree'); if ($subtreeLimitation == null) { $subtreeLimitation = eZPolicyLimitation::createNew($policy->attribute('id'), 'Subtree'); } foreach ($selectedSubtreeIDList as $nodeID) { if (!in_array($nodeID, $subtreeIDList)) { $subtree = eZContentObjectTreeNode::fetch($nodeID); $pathString = $subtree->attribute('path_string'); $policyLimitationValue = eZPolicyLimitationValue::createNew($subtreeLimitation->attribute('id'), $pathString); $subtreeList[] = $subtree; }
/** * Saves a temporary limitation created with {@link createTemporaryCopy()} * * @throws Exception The policy isn't a temporary one * @return void */ public function saveTemporary() { if ($this->attribute('original_id') === 0) { throw new Exception(__METHOD__ . ' can only be used on a temporary policy'); } // 1. Remove the original policy $originalPolicy = eZPolicy::fetch($this->attribute('original_id')); $originalPolicy->removeThis(); // 2. Remove the original ID in the temporary policy (make it final) $this->setAttribute('original_id', 0); $this->store(); return $this; }
static function cleanupByNode($node) { // Clean up role assignments with limitations related to this object $db = eZDB::instance(); $db->begin(); $pathString = $node->attribute('path_string'); $nodeID = $node->attribute('node_id'); $db->query("DELETE FROM ezuser_role\n WHERE limit_value LIKE '{$pathString}%' AND limit_identifier='Subtree'"); // Clean up subtree limitations related to this object $limitationsToFix = eZPolicyLimitation::findByType('SubTree', $node->attribute('path_string'), true, true); foreach ($limitationsToFix as $limitation) { $values = $limitation->attribute('values'); $valueCount = count($values); if ($valueCount > 0) { foreach ($values as $value) { if (strpos($value->attribute('value'), $node->attribute('path_string')) === 0) { $value->remove(); $valueCount--; } } } if ($valueCount == 0) { $policy = eZPolicy::fetch($limitation->attribute('policy_id')); if (is_object($policy)) { $policy->removeThis(); } } } $limitationsToFixNode = eZPolicyLimitation::findByType('Node', $node->attribute('node_id')); foreach ($limitationsToFixNode as $limitation) { $values = $limitation->attribute('values'); $valueCount = count($values); if ($valueCount > 0) { foreach ($values as $value) { if ($value->attribute('value') == $node->attribute('node_id')) { $value->remove(); $valueCount--; } } } if ($valueCount == 0) { $policy = eZPolicy::fetch($limitation->attribute('policy_id')); if (is_object($policy)) { $policy->removeThis(); } } } eZRole::expireCache(); $db->commit(); }
function policy() { return eZPolicy::fetch($this->attribute('policy_id')); }
static function checkObjectAccess($contentObject, $policyID, $userIDArray, $userLimits = false) { $policy = eZPolicy::fetch($policyID); if ($userLimits) { reset($userLimits); $policy->setAttribute('limit_identifier', 'User_' . key($userLimits)); $policy->setAttribute('limit_value', current($userLimits)); } $limitationArray = $policy->accessArray(); $limitationArray = current(current($limitationArray)); $accessUserIDArray = $userIDArray; if (isset($limitationArray['*']) && $limitationArray['*'] == '*') { $returnArray = array(); foreach ($accessUserIDArray as $userID) { $returnArray[] = $userID; } return $returnArray; } $limitationArray = current($limitationArray); $user = eZUser::currentUser(); $classID = $contentObject->attribute('contentclass_id'); $nodeArray = $contentObject->attribute('assigned_nodes'); if (isset($limitationArray['Subtree'])) { $checkedSubtree = false; } else { $checkedSubtree = true; $nodeSubtree = true; } if (isset($limitationArray['Node'])) { $checkedNode = false; } else { $checkedNode = true; $nodeLimit = true; } foreach (array_keys($limitationArray) as $key) { if (count($accessUserIDArray) == 0) { return array(); } switch ($key) { case 'Class': if (!in_array($contentObject->attribute('contentclass_id'), $limitationArray[$key])) { return array(); } break; case 'ParentClass': if (!in_array($contentObject->attribute('contentclass_id'), $limitationArray[$key])) { return array(); } break; case 'Section': case 'User_Section': if (!in_array($contentObject->attribute('section_id'), $limitationArray[$key])) { return array(); } break; case 'Owner': if (in_array($contentObject->attribute('owner_id'), $userIDArray)) { $accessUserIDArray = array($contentObject->attribute('owner_id')); } else { if (in_array($contentObject->attribute('id'), $userIDArray)) { $accessUserIDArray = array($contentObject->attribute('id')); } else { return array(); } } break; case 'Node': $nodeLimit = true; foreach ($nodeArray as $node) { if (in_array($node->attribute('node_id'), $limitationArray[$key])) { $nodeLimit = false; break; } } if ($nodeLimit && $checkedSubtree && $nodeSubtree) { return array(); } $checkedNode = true; break; case 'Subtree': $nodeSubtree = true; foreach ($nodeArray as $node) { $path = $node->attribute('path_string'); $subtreeArray = $limitationArray[$key]; $validSubstring = false; foreach ($subtreeArray as $subtreeString) { if (strstr($path, $subtreeString)) { $nodeSubtree = false; break; } } if (!$nodeSubtree) { break; } } if ($nodeSubtree && $checkedNode && $nodeLimit) { return array(); } $checkedSubtree = true; break; case 'User_Subtree': $userSubtreeLimit = true; foreach ($nodeArray as $node) { $path = $node->attribute('path_string'); $subtreeArray = $limitationArray[$key]; $validSubstring = false; foreach ($subtreeArray as $subtreeString) { if (strstr($path, $subtreeString)) { $userSubtreeLimit = false; break; } } if (!$userSubtreeLimit) { break; } } if ($userSubtreeLimit) { return array(); } break; default: //check object state group limitation if (strncmp($key, 'StateGroup_', 11) === 0) { if (count(array_intersect($limitationArray[$key], $contentObject->attribute('state_id_array'))) == 0) { return array(); } } } } $returnArray = array(); foreach ($accessUserIDArray as $userID) { $returnArray[] = $userID; } return $returnArray; }
static function removeByID($id) { $policy = eZPolicy::fetch($id); if (!$policy) { return null; } $policy->removeThis(); }
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // // You should have received a copy of version 2.0 of the GNU General // Public License along with this program; if not, write to the Free // Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, // MA 02110-1301, USA. // // // ## END COPYRIGHT, LICENSE AND WARRANTY NOTICE ## // /*! \file */ $Module = $Params['Module']; $policyID = $Params["PolicyID"]; $policy = eZPolicy::fetch($policyID); if ($policy === null) { return $Module->handleError(eZError::KERNEL_NOT_AVAILABLE, 'kernel'); } $currentModule = $policy->attribute('module_name'); $currentFunction = $policy->attribute('function_name'); $roleID = $policy->attribute('role_id'); $role = eZRole::fetch($roleID); $roleName = $role->attribute('name'); $limitationValueList = $policy->limitationList(); $nodeList = array(); $subtreeList = array(); if ($currentModule == "*") { $functions = array(); } else { $mod = eZModule::exists($currentModule);