Пример #1
0
 /**
  * Init with allowed permissions for the user in the given KS or kCurrentContext if not KS given
  * kCurrentContext::init should have been executed before!
  * @param string $ks KS to extract user and partner IDs from instead of kCurrentContext
  * @param boolean $useCache use cache or not
  * @throws TODO: add all exceptions
  */
 public static function init($useCache = null)
 {
     $securityContext = array(kCurrentContext::$partner_id, kCurrentContext::$ks);
     if ($securityContext === self::$lastInitializedContext) {
         KalturaLog::log('Already initalized for this security context');
         self::$cacheWatcher->apply();
         return;
     }
     // verify that kCurrentContext::init has been executed since it must be used to init current context permissions
     if (!kCurrentContext::$ksPartnerUserInitialized) {
         KalturaLog::crit('kCurrentContext::initKsPartnerUser must be executed before initializing kPermissionManager');
         throw new Exception('kCurrentContext has not been initialized!', null);
     }
     // can be initialized more than once to support multirequest with different kCurrentContext parameters
     self::$lastInitializedContext = null;
     self::$cacheWatcher = new kApiCacheWatcher();
     self::$useCache = $useCache ? true : false;
     // copy kCurrentContext parameters (kCurrentContext::init should have been executed before)
     self::$requestedPartnerId = !self::isEmpty(kCurrentContext::$partner_id) ? kCurrentContext::$partner_id : null;
     self::$ksPartnerId = !self::isEmpty(kCurrentContext::$ks_partner_id) ? kCurrentContext::$ks_partner_id : null;
     if (self::$ksPartnerId == Partner::ADMIN_CONSOLE_PARTNER_ID && kConf::hasParam('admin_console_partner_allowed_ips')) {
         $ipAllowed = false;
         $ipRanges = explode(',', kConf::get('admin_console_partner_allowed_ips'));
         foreach ($ipRanges as $curRange) {
             if (kIpAddressUtils::isIpInRange($_SERVER['REMOTE_ADDR'], $curRange)) {
                 $ipAllowed = true;
                 break;
             }
         }
         if (!$ipAllowed) {
             throw new kCoreException("Admin console partner used from an unallowed address", kCoreException::PARTNER_BLOCKED);
         }
     }
     self::$ksUserId = !self::isEmpty(kCurrentContext::$ks_uid) ? kCurrentContext::$ks_uid : null;
     if (self::$ksPartnerId != Partner::BATCH_PARTNER_ID) {
         self::$kuser = !self::isEmpty(kCurrentContext::getCurrentKsKuser()) ? kCurrentContext::getCurrentKsKuser() : null;
     }
     self::$ksString = kCurrentContext::$ks ? kCurrentContext::$ks : null;
     self::$adminSession = !self::isEmpty(kCurrentContext::$is_admin_session) ? kCurrentContext::$is_admin_session : false;
     // if ks defined - check that it is valid
     self::errorIfKsNotValid();
     // init partner, user, and role objects
     self::initPartnerUserObjects();
     // throw an error if KS partner (operating partner) is blocked
     self::errorIfPartnerBlocked();
     //throw an error if KS user is blocked
     self::errorIfUserBlocked();
     // init role ids
     self::initRoleIds();
     // init permissions map
     self::initPermissionsMap();
     // initialization done
     self::$lastInitializedContext = $securityContext;
     self::$cacheWatcher->stop();
     return true;
 }
Пример #2
0
 /**
  * Init with allowed permissions for the user in the given KS or kCurrentContext if not KS given
  * kCurrentContext::init should have been executed before!
  * @param string $ks KS to extract user and partner IDs from instead of kCurrentContext
  * @param boolean $useCache use cache or not
  * @throws TODO: add all exceptions
  */
 public static function init($useCache = null)
 {
     // verify that kCurrentContext::init has been executed since it must be used to init current context permissions
     if (!kCurrentContext::$ksPartnerUserInitialized) {
         KalturaLog::crit('kCurrentContext::initKsPartnerUser must be executed before initializing kPermissionManager');
         throw new Exception('kCurrentContext has not been initialized!', null);
     }
     // can be initialized more than once to support multirequest with different kCurrentContext parameters
     self::$initialized = false;
     self::$useCache = $useCache ? true : false;
     // copy kCurrentContext parameters (kCurrentContext::init should have been executed before)
     self::$requestedPartnerId = !self::isEmpty(kCurrentContext::$partner_id) ? kCurrentContext::$partner_id : null;
     self::$ksPartnerId = !self::isEmpty(kCurrentContext::$ks_partner_id) ? kCurrentContext::$ks_partner_id : null;
     self::$ksUserId = !self::isEmpty(kCurrentContext::$ks_uid) ? kCurrentContext::$ks_uid : null;
     self::$ksString = kCurrentContext::$ks ? kCurrentContext::$ks : null;
     self::$adminSession = !self::isEmpty(kCurrentContext::$is_admin_session) ? kCurrentContext::$is_admin_session : false;
     // clear instance pools
     //TODO: may not be needed
     UserRolePeer::clearInstancePool();
     PermissionPeer::clearInstancePool();
     PermissionItemPeer::clearInstancePool();
     PermissionToPermissionItemPeer::clearInstancePool();
     kuserPeer::clearInstancePool();
     // if ks defined - check that it is valid
     self::errorIfKsNotValid();
     // init partner, user, and role objects
     self::initPartnerUserObjects();
     // throw an error if KS partner (operating partner) is blocked
     self::errorIfPartnerBlocked();
     // init role ids
     self::initRoleIds();
     // init permissions map
     self::initPermissionsMap();
     // initialization done
     self::$initialized = true;
     return true;
 }