Exemplo n.º 1
0
function addActionPermissionItem($itemCfg)
{
    // verify obligatory fields
    if (!$itemCfg->service) {
        throw new Exception('Permission item service must be set');
    }
    if (!$itemCfg->action) {
        throw new Exception('Permission item action must be set');
    }
    if (is_null($itemCfg->partnerId) || $itemCfg->partnerId === '') {
        throw new Exception('Permission item partner id must be set');
    }
    // check if item already exists in db
    $c = new Criteria();
    $c->addAnd(kApiActionPermissionItem::SERVICE_COLUMN_NAME, strtolower($itemCfg->service), Criteria::EQUAL);
    $c->addAnd(kApiActionPermissionItem::ACTION_COLUMN_NAME, strtolower($itemCfg->action), Criteria::EQUAL);
    $c->addAnd(PermissionItemPeer::PARTNER_ID, array(PartnerPeer::GLOBAL_PARTNER, $itemCfg->partnerId), Criteria::IN);
    $c->addAnd(PermissionItemPeer::TYPE, PermissionItemType::API_ACTION_ITEM, Criteria::EQUAL);
    $existingItem = PermissionItemPeer::doSelectOne($c);
    $item = null;
    if ($existingItem) {
        $item = $existingItem;
        KalturaLog::log('Permission item for [' . $item->getService() . '->' . $item->getAction() . '] partner id [' . $item->getPartnerId() . '] already exists with id [' . $existingItem->getId() . ']');
    } else {
        // save new permission item object
        $item = new kApiActionPermissionItem();
        foreach ($itemCfg as $key => $value) {
            if ($key === 'permissions') {
                continue;
                // permissions are set later
            }
            $setterCallback = array($item, "set{$key}");
            call_user_func_array($setterCallback, array($value));
        }
        // service and action are always kept in lowercase
        $item->setService(strtolower($item->getService()));
        $item->setAction(strtolower($item->getAction()));
        $item->save();
        KalturaLog::log('New permission item id [' . $item->getId() . '] added for [' . $item->getService() . '->' . $item->getAction() . '] partner id [' . $item->getPartnerId() . ']');
    }
    // add item to each defined permission
    $permissionNames = array_map('trim', explode(',', $itemCfg->permissions));
    addItemToPermissions($item, $permissionNames, $itemCfg->partnerId);
}
function setPermissions($serviceConfig, $setBaseSystemPermissions, $userSessionPermission, $noKsPermission, $partnerId)
{
    // get list of services defined in the services.ct files
    $servicesTable = $serviceConfig->getAllServicesByCt();
    // for each defined service.action
    foreach ($servicesTable as $ctPath => $services) {
        foreach ($services as $serviceActionName) {
            $serviceConfig->setServiceName($serviceActionName);
            $serviceSplit = explode('.', $serviceActionName);
            $serviceName = $serviceSplit[0];
            $actionName = $serviceSplit[1];
            $ticketTypes = explode(',', $serviceConfig->getTicketType());
            $serviceId = $serviceName;
            $pluginName = getPluginNameFromServicesCtPath($ctPath);
            if ($pluginName) {
                $serviceId = strtolower($pluginName) . '_' . $serviceId;
            }
            $serviceClass = KalturaServicesMap::getService($serviceId);
            if (!$serviceClass) {
                $tmpServiceIds = KalturaServicesMap::getServiceIdsFromName($serviceName);
                if ($tmpServiceIds && count($tmpServiceIds) == 1) {
                    $serviceId = reset($tmpServiceIds);
                    $serviceClass = KalturaServicesMap::getService($serviceId);
                }
            }
            if (!$serviceClass) {
                $msg = '***** ERROR - service id [' . $serviceId . '] not found in services map!';
                KalturaLog::alert($msg);
                echo $msg . PHP_EOL;
                continue;
            }
            // skip action if set with ticket type N (blocked)
            if (in_array(BLOCKED_TICKET_TYPE, $ticketTypes)) {
                $msg = '***** NOTICE - Action [' . $serviceActionName . '] is set with ticket type N (blocked) -> skipping!';
                KalturaLog::notice($msg);
                echo $msg . PHP_EOL;
                continue;
            }
            // check if a permission item for the current action already exists
            $c = new Criteria();
            $c->addAnd(kApiActionPermissionItem::SERVICE_COLUMN_NAME, $serviceId, Criteria::EQUAL);
            $c->addAnd(kApiActionPermissionItem::ACTION_COLUMN_NAME, $actionName, Criteria::EQUAL);
            $c->addAnd(PermissionItemPeer::PARTNER_ID, array(PartnerPeer::GLOBAL_PARTNER, $partnerId), Criteria::IN);
            $permissionItem = PermissionItemPeer::doSelectOne($c);
            if ($permissionItem) {
                $msg = '***** NOTICE - Permission item for [' . $serviceActionName . '] already exists with id [' . $permissionItem->getId() . ']';
                KalturaLog::alert($msg);
                echo $msg . PHP_EOL;
            } else {
                // create a new api action permission item and save it
                $permissionItem = new kApiActionPermissionItem();
                $permissionItem->setService($serviceId);
                $permissionItem->setAction($actionName);
                $permissionItem->setPartnerId($partnerId);
                $permissionItem->save();
            }
            // get the defined permission names from the tags section of the services.ct file
            $permissionNames = $serviceConfig->getTags();
            $permissionNames = explode(',', $permissionNames);
            $anyPermissionSet = false;
            // was any permission set to include the current permission item or not
            foreach ($permissionNames as $permissionName) {
                if (!$permissionName) {
                    continue;
                }
                // add the permission item to all its defined permission objects
                $c = new Criteria();
                $c->addAnd(PermissionPeer::NAME, $permissionName, Criteria::EQUAL);
                $c->addAnd(PermissionPeer::TYPE, PermissionType::NORMAL, Criteria::EQUAL);
                //$c->addAnd(PermissionPeer::PARTNER_ID, array(PartnerPeer::GLOBAL_PARTNER, $partnerId), Criteria::IN);
                $permission = PermissionPeer::doSelectOne($c);
                if (!$permission) {
                    $msg = '***** ERROR - Permission [' . $permissionName . '] not found in DB although set for [' . $serviceActionName . ']';
                    KalturaLog::alert($msg);
                    echo $msg . PHP_EOL;
                    continue;
                }
                $permission->addPermissionItem($permissionItem->getId(), true);
                $anyPermissionSet = true;
            }
            // add permission item to the basic NO_KS and USER_KS permissions according to its ticket type
            // (partner admin role already contains all other permissions)
            if ($setBaseSystemPermissions) {
                if (in_array(NO_KS_TICKET_TYPE, $ticketTypes)) {
                    $noKsPermission->addPermissionItem($permissionItem->getId(), true);
                    $userSessionPermission->addPermissionItem($permissionItem->getId(), true);
                    $anyPermissionSet = true;
                } else {
                    if (in_array(USER_KS_TICKET_TYPE, $ticketTypes)) {
                        $userSessionPermission->addPermissionItem($permissionItem->getId(), true);
                        $anyPermissionSet = true;
                    }
                }
            }
            if (!$anyPermissionSet) {
                $msg = '***** ERROR - No permission was set for [' . $serviceActionName . ']';
                KalturaLog::alert($msg);
                echo $msg . PHP_EOL;
            }
        }
    }
}