protected function internalFulfilled(kScope $scope)
{
$partner = PartnerPeer::retrieveByPK(kCurrentContext::$ks_partner_id);
$roleIds = kPermissionManager::getRoleIds($partner, kCurrentContext::getCurrentKsKuser());
$conditionRoleIds = array_map('trim', explode(',', $this->roleIds));
if (!is_array($roleIds)) {
$roleIds = array();
}
foreach ($roleIds as $roleId) {
if (!in_array($roleId, $conditionRoleIds)) {
return false;
}
}
return true;
}
/**
* @action exportToCsv
* @param KalturaLiveReportExportType $reportType
* @param KalturaLiveReportExportParams $params
* @return KalturaLiveReportExportResponse
*/
public function exportToCsvAction($reportType, KalturaLiveReportExportParams $params)
{
if (!$params->recpientEmail) {
$kuser = kCurrentContext::getCurrentKsKuser();
if ($kuser) {
$params->recpientEmail = $kuser->getEmail();
} else {
$partnerId = kCurrentContext::getCurrentPartnerId();
$partner = PartnerPeer::retrieveByPK($partnerId);
$params->recpientEmail = $partner->getAdminEmail();
}
}
// Validate input
if ($params->entryIds) {
$entryIds = explode(",", $params->entryIds);
$entries = entryPeer::retrieveByPKs($entryIds);
if (count($entryIds) != count($entries)) {
throw new KalturaAPIException(KalturaErrors::ENTRY_ID_NOT_FOUND, $params->entryIds);
}
}
$dbBatchJob = kJobsManager::addExportLiveReportJob($reportType, $params);
$res = new KalturaLiveReportExportResponse();
$res->referenceJobId = $dbBatchJob->getId();
$res->reportEmail = $params->recpientEmail;
return $res;
}
/**
* Return all categories kuser is entitled to view the content.
* (User may call category->get to view a category - but not to view its content)
*
* @param int $kuserId
* @param int $limit
* @return array<category>
*/
public static function retrieveEntitledAndNonIndexedByKuser($kuserId, $limit)
{
$partnerId = kCurrentContext::$partner_id ? kCurrentContext::$partner_id : kCurrentContext::$ks_partner_id;
$partner = PartnerPeer::retrieveByPK($partnerId);
$categoryGroupSize = kConf::get('max_number_of_memebrs_to_be_indexed_on_entry');
if ($partner && $partner->getCategoryGroupSize()) {
$categoryGroupSize = $partner->getCategoryGroupSize();
}
$c = KalturaCriteria::create(categoryPeer::OM_CLASS);
$filteredCategoriesIds = entryPeer::getFilterdCategoriesIds();
if (count($filteredCategoriesIds)) {
$c->addAnd(categoryPeer::ID, $filteredCategoriesIds, Criteria::IN);
}
$membersCountCrit = $c->getNewCriterion(categoryPeer::MEMBERS_COUNT, $categoryGroupSize, Criteria::GREATER_THAN);
$membersCountCrit->addOr($c->getNewCriterion(categoryPeer::ENTRIES_COUNT, kConf::get('category_entries_count_limit_to_be_indexed'), Criteria::GREATER_THAN));
$c->addAnd($membersCountCrit);
$c->setLimit($limit);
$c->addDescendingOrderByColumn(categoryPeer::UPDATED_AT);
//all fields needed from default criteria
//here we cannot use the default criteria, as we need to get all categories user is entitled to view the content.
//not deleted or purged
$c->add(self::STATUS, array(CategoryStatus::DELETED, CategoryStatus::PURGED), Criteria::NOT_IN);
$c->add(self::PARTNER_ID, $partnerId, Criteria::EQUAL);
//add privacy context
$privacyContextCrit = $c->getNewCriterion(self::PRIVACY_CONTEXTS, kEntitlementUtils::getKsPrivacyContext(), KalturaCriteria::IN_LIKE);
$privacyContextCrit->addTag(KalturaCriterion::TAG_ENTITLEMENT_CATEGORY);
$c->addAnd($privacyContextCrit);
//set privacy by ks and type
$crit = $c->getNewCriterion(self::PRIVACY, kEntitlementUtils::getPrivacyForKs($partnerId), Criteria::IN);
$crit->addTag(KalturaCriterion::TAG_ENTITLEMENT_CATEGORY);
//user is entitled to view all cantent that belong to categoires he is a membr of
$kuser = null;
$ksString = kCurrentContext::$ks ? kCurrentContext::$ks : '';
if ($ksString != '') {
$kuser = kCurrentContext::getCurrentKsKuser();
}
if ($kuser) {
// get the groups that the user belongs to in case she is not associated to the category directly
$kgroupIds = KuserKgroupPeer::retrieveKgroupIdsByKuserId($kuser->getId());
$kgroupIds[] = $kuser->getId();
$membersCrit = $c->getNewCriterion(self::MEMBERS, $kgroupIds, KalturaCriteria::IN_LIKE);
$membersCrit->addTag(KalturaCriterion::TAG_ENTITLEMENT_CATEGORY);
$crit->addOr($membersCrit);
}
$c->addAnd($crit);
$c->applyFilters();
$categoryIds = $c->getFetchedIds();
return $categoryIds;
}
/**
* Init with allowed permissions for the user in the given KS or kCurrentContext if not KS given
* kCurrentContext::init should have been executed before!
* @param string $ks KS to extract user and partner IDs from instead of kCurrentContext
* @param boolean $useCache use cache or not
* @throws TODO: add all exceptions
*/
public static function init($useCache = null)
{
$securityContext = array(kCurrentContext::$partner_id, kCurrentContext::$ks);
if ($securityContext === self::$lastInitializedContext) {
KalturaLog::log('Already initalized for this security context');
self::$cacheWatcher->apply();
return;
}
// verify that kCurrentContext::init has been executed since it must be used to init current context permissions
if (!kCurrentContext::$ksPartnerUserInitialized) {
KalturaLog::crit('kCurrentContext::initKsPartnerUser must be executed before initializing kPermissionManager');
throw new Exception('kCurrentContext has not been initialized!', null);
}
// can be initialized more than once to support multirequest with different kCurrentContext parameters
self::$lastInitializedContext = null;
self::$cacheWatcher = new kApiCacheWatcher();
self::$useCache = $useCache ? true : false;
// copy kCurrentContext parameters (kCurrentContext::init should have been executed before)
self::$requestedPartnerId = !self::isEmpty(kCurrentContext::$partner_id) ? kCurrentContext::$partner_id : null;
self::$ksPartnerId = !self::isEmpty(kCurrentContext::$ks_partner_id) ? kCurrentContext::$ks_partner_id : null;
if (self::$ksPartnerId == Partner::ADMIN_CONSOLE_PARTNER_ID && kConf::hasParam('admin_console_partner_allowed_ips')) {
$ipAllowed = false;
$ipRanges = explode(',', kConf::get('admin_console_partner_allowed_ips'));
foreach ($ipRanges as $curRange) {
if (kIpAddressUtils::isIpInRange($_SERVER['REMOTE_ADDR'], $curRange)) {
$ipAllowed = true;
break;
}
}
if (!$ipAllowed) {
throw new kCoreException("Admin console partner used from an unallowed address", kCoreException::PARTNER_BLOCKED);
}
}
self::$ksUserId = !self::isEmpty(kCurrentContext::$ks_uid) ? kCurrentContext::$ks_uid : null;
if (self::$ksPartnerId != Partner::BATCH_PARTNER_ID) {
self::$kuser = !self::isEmpty(kCurrentContext::getCurrentKsKuser()) ? kCurrentContext::getCurrentKsKuser() : null;
}
self::$ksString = kCurrentContext::$ks ? kCurrentContext::$ks : null;
self::$adminSession = !self::isEmpty(kCurrentContext::$is_admin_session) ? kCurrentContext::$is_admin_session : false;
// if ks defined - check that it is valid
self::errorIfKsNotValid();
// init partner, user, and role objects
self::initPartnerUserObjects();
// throw an error if KS partner (operating partner) is blocked
self::errorIfPartnerBlocked();
//throw an error if KS user is blocked
self::errorIfUserBlocked();
// init role ids
self::initRoleIds();
// init permissions map
self::initPermissionsMap();
// initialization done
self::$lastInitializedContext = $securityContext;
self::$cacheWatcher->stop();
return true;
}
public function toInsertableObject($object_to_fill = null, $props_to_skip = array())
{
$hasPrivacyContext = false;
if ($this->privacyContext) {
$hasPrivacyContext = true;
} elseif ($this->parentId != null) {
$parentCategory = categoryPeer::retrieveByPK($this->parentId);
if (!$parentCategory) {
throw new KalturaAPIException(KalturaErrors::CATEGORY_NOT_FOUND, $this->parentId);
}
if ($parentCategory->getPrivacyContexts()) {
$hasPrivacyContext = true;
}
}
if ($hasPrivacyContext) {
if (!$this->owner && $this->inheritanceType != KalturaInheritanceType::INHERIT) {
if (kCurrentContext::getCurrentKsKuser()) {
$this->owner = kCurrentContext::getCurrentKsKuser()->getPuserId();
}
}
}
return parent::toInsertableObject($object_to_fill, $props_to_skip);
}
public static function getCurrentKsKuserId()
{
if (!is_null(kCurrentContext::$ks_kuser_id)) {
return kCurrentContext::$ks_kuser_id;
}
$ksKuser = kCurrentContext::getCurrentKsKuser(false);
if ($ksKuser) {
kCurrentContext::$ks_kuser_id = $ksKuser->getId();
} else {
kCurrentContext::$ks_kuser_id = 0;
}
return kCurrentContext::$ks_kuser_id;
}
