<?php
defined('C5_EXECUTE') or die("Access Denied.");
if (Loader::helper('validation/token')->validate('process')) {
$js = Loader::helper('json');
$obj = new stdClass();
$ui = UserInfo::getByID($_REQUEST['uID']);
if (is_object($ui)) {
$pae = UserPermissionAccessEntity::getOrCreate($ui);
$obj->peID = $pae->getAccessEntityID();
$obj->label = $pae->getAccessEntityLabel();
}
print $js->encode($obj);
}
public function assignPermissions($userOrGroup, $permissions = array(), $accessType = PagePermissionKey::ACCESS_TYPE_INCLUDE)
{
if ($this->cInheritPermissionsFrom != 'OVERRIDE') {
$this->setPermissionsToManualOverride();
$this->clearPagePermissions();
}
if (is_array($userOrGroup)) {
$pe = GroupCombinationPermissionAccessEntity::getOrCreate($userOrGroup);
// group combination
} else {
if ($userOrGroup instanceof User || $userOrGroup instanceof UserInfo) {
$pe = UserPermissionAccessEntity::getOrCreate($userOrGroup);
} else {
// group;
$pe = GroupPermissionAccessEntity::getOrCreate($userOrGroup);
}
}
foreach ($permissions as $pkHandle) {
$pk = PagePermissionKey::getByHandle($pkHandle);
$pk->setPermissionObject($this);
$pa = $pk->getPermissionAccessObject();
if (!is_object($pa)) {
$pa = PermissionAccess::create($pk);
}
$pa->addListItem($pe, false, $accessType);
$pt = $pk->getPermissionAssignmentObject();
$pt->assignPermissionAccess($pa);
$this->loadPermissionAssignments();
}
}
public function assignPermissions($userOrGroup, $permissions = array(), $accessType = FileSetPermissionKey::ACCESS_TYPE_INCLUDE)
{
$db = Loader::db();
if ($this->fsID > 0) {
$db->Execute("update FileSets set fsOverrideGlobalPermissions = 1 where fsID = ?", array($this->fsID));
$this->fsOverrideGlobalPermissions = true;
}
if (is_array($userOrGroup)) {
$pe = GroupCombinationPermissionAccessEntity::getOrCreate($userOrGroup);
// group combination
} else {
if ($userOrGroup instanceof User || $userOrGroup instanceof UserInfo) {
$pe = UserPermissionAccessEntity::getOrCreate($userOrGroup);
} else {
// group;
$pe = GroupPermissionAccessEntity::getOrCreate($userOrGroup);
}
}
foreach ($permissions as $pkHandle) {
$pk = PermissionKey::getByHandle($pkHandle);
$pk->setPermissionObject($this);
$pa = $pk->getPermissionAccessObject();
if (!is_object($pa)) {
$pa = PermissionAccess::create($pk);
} else {
if ($pa->isPermissionAccessInUse()) {
$pa = $pa->duplicate();
}
}
$pa->addListItem($pe, false, $accessType);
$pt = $pk->getPermissionAssignmentObject();
$pt->assignPermissionAccess($pa);
}
}
protected function migrateAccessEntity($row)
{
if ($row['uID'] > 0) {
$ui = UserInfo::getByID($row['uID']);
if ($ui) {
$pe = UserPermissionAccessEntity::getOrCreate($ui);
}
} else {
$g = Group::getByID($row['gID']);
if ($g) {
$pe = GroupPermissionAccessEntity::getOrCreate($g);
}
}
return $pe;
}
private function setPermissions()
{
/*
* This only covers permissions in 5.6+ They changed quite massively at
* that revision. Eventually, this package will have other branches for
* earlier versions.
*
* Not everything shown here will work with simple permissions. People
* will just be set as able to view or admin, the nuanced stuff about
* sub page permissions, etc will not be applied
*
* First off, we need to set up arrays of what people are allowed to do.
*/
$viewOnly = array('view_page');
$writePage = array('view_page', 'view_page_versions', 'edit_page_properties', 'edit_page_contents', 'approve_page_versions');
$adminPage = array('edit_page_speed_settings', 'edit_page_permissions', 'edit_page_theme', 'schedule_page_contents_guest_access', 'edit_page_type', 'delete_page', 'preview_page_as_user', 'delete_page_versions', 'move_or_copy_page', 'edit_page_type');
// Now to get the the group that we made for boilerplate
$bpGroup = Group::getByName("Boilerplate Admins");
// Then the current user, again, could be anyone
$u = new User();
$ui = UserInfo::getByID($u->getUserID());
// and our sample page
$bpPage = Page::getByPath('/boilerplate-sample');
if (is_object($bpPage) && is_a($bpPage, "Page")) {
// by passing in -1, we are saying that all permissions in the array are
// not allowed
//
// After some more digging, it seems like saying can't view doesn't
// work properly. It will hide the page from everyone. If you simply
// don't assign any permissions for them at all, then it works properly
// I don't get why that is, might be a bug.
//
// $bpPage->assignPermissions(Group::getByID(GUEST_GROUP_ID), $viewOnly, -1);
// $bpPage->assignPermissions(Group::getByID(REGISTERED_GROUP_ID), $viewOnly, -1);
$bpPage->assignPermissions(Group::getByID(ADMIN_GROUP_ID), $adminPage);
$bpPage->assignPermissions(Group::getByID(ADMIN_GROUP_ID), $writePage);
$bpPage->assignPermissions($bpGroup, $writePage);
$bpPage->assignPermissions($ui, $writePage);
// at this point, our page will let people edit, and others can't even view
// in order to allow sub-pages to be added by our admins, we'll need to get
// a _bit_ more complicated.
// this could probbly be cleaned up a little, to be more efficient
// first get the ctID of the page type we want them to be able to add
$bpID = CollectionType::getByHandle('boilerplate')->getCollectionTypeID();
// In order to allow the user to add sub pages, we need to do this
$bpAdminUserPE = UserPermissionAccessEntity::getOrCreate($ui);
$entities[] = $bpAdminUserPE;
// lets them add external links
$args = array();
$args['allowExternalLinksIncluded'][$bpAdminUserPE->getAccessEntityID()] = 1;
// I can't remember why it's "C" or what the other options are...
$args['pageTypesIncluded'][$bpAdminUserPE->getAccessEntityID()] = 'C';
// you can repeat this with as many different collection type IDs as you like
$args['ctIDInclude'][$bpAdminUserPE->getAccessEntityID()][] = $bpID;
// now to allow it for groups
$bpAdminPE = GroupPermissionAccessEntity::getOrCreate($bpGroup);
$entities[] = $bpAdminPE;
$args['allowExternalLinksIncluded'][$bpAdminPE->getAccessEntityID()] = 1;
$args['pageTypesIncluded'][$bpAdminPE->getAccessEntityID()] = 'C';
$args['ctIDInclude'][$bpAdminPE->getAccessEntityID()][] = $bpID;
// ordinary admins
$adminPE = GroupPermissionAccessEntity::getOrCreate(Group::getByID(ADMIN_GROUP_ID));
$entities[] = $adminPE;
$args['allowExternalLinksIncluded'][$adminPE->getAccessEntityID()] = 1;
$args['pageTypesIncluded'][$adminPE->getAccessEntityID()] = 'C';
$args['ctIDInclude'][$adminPE->getAccessEntityID()][] = $bpID;
// and now some crazy voodoo
$pk = PagePermissionKey::getByHandle('add_subpage');
$pk->setPermissionObject($bpPage);
$pt = $pk->getPermissionAssignmentObject();
$pa = $pk->getPermissionAccessObject();
if (!is_object($pa)) {
$pa = PermissionAccess::create($pk);
}
foreach ($entities as $pe) {
$pa->addListItem($pe, false, PagePermissionKey::ACCESS_TYPE_INCLUDE);
}
$pa->save($args);
$pt->assignPermissionAccess($pa);
// and now we set it so that sub-pages added under this page
// inherit the same permissions
$pkr = new ChangeSubpageDefaultsInheritancePageWorkflowRequest();
$pkr->setRequestedPage($bpPage);
// if you pass in 0, they will inherit from page type default
// permissions in the dashboard. That's what they would do anyway,
// if you don't do any of this stuff.
$pkr->setPagePermissionsInheritance(1);
$pkr->setRequesterUserID($u->getUserID());
$pkr->trigger();
}
}
