示例#1
0
 public function copyFromFileSetToFile()
 {
     $db = Loader::db();
     $paID = $this->getPermissionAccessID();
     if (is_array($paID)) {
         // we have to merge the permissions access object into a new one.
         $pa = PermissionAccess::create($this);
         foreach ($paID as $paID) {
             $pax = PermissionAccess::getByID($paID, $this);
             $pax->duplicate($pa);
         }
         $paID = $pa->getPermissionAccessID();
     }
     if ($paID) {
         $db = Loader::db();
         $db->Replace('FilePermissionAssignments', array('fID' => $this->permissionObject->getFileID(), 'pkID' => $this->getPermissionKeyID(), 'paID' => $paID), array('fID', 'paID', 'pkID'), true);
     }
 }
示例#2
0
 public function run()
 {
     $bt = BlockType::getByHandle('guestbook');
     if (is_object($bt)) {
         $bt->refresh();
     }
     // add user export users task permission
     $pk = PermissionKey::getByHandle('access_user_search_export');
     if (!$pk instanceof PermissionKey) {
         $pk = PermissionKey::add('user', 'access_user_search_export', 'Export Site Users', 'Controls whether a user can export site users or not', false, false);
         $pa = $pk->getPermissionAccessObject();
         if (!is_object($pa)) {
             $pa = PermissionAccess::create($pk);
         }
         $adminGroup = Group::getByID(ADMIN_GROUP_ID);
         //Make sure "Adminstrators" group still exists
         if ($adminGroup) {
             $adminGroupEntity = GroupPermissionAccessEntity::getOrCreate($adminGroup);
             $pa->addListItem($adminGroupEntity);
             $pt = $pk->getPermissionAssignmentObject();
             $pt->assignPermissionAccess($pa);
         }
     }
     if (!Config::get('SECURITY_TOKEN_JOBS')) {
         Config::save('SECURITY_TOKEN_JOBS', Loader::helper('validation/identifier')->getString(64));
     }
     if (!Config::get('SECURITY_TOKEN_ENCRYPTION')) {
         Config::save('SECURITY_TOKEN_ENCRYPTION', Loader::helper('validation/identifier')->getString(64));
     }
     if (!Config::get('SECURITY_TOKEN_VALIDATION')) {
         Config::save('SECURITY_TOKEN_VALIDATION', Loader::helper('validation/identifier')->getString(64));
     }
     $sp = Page::getByPath('/dashboard/system/mail/method/test_settings');
     if (!is_object($sp) || $sp->isError()) {
         $sp = SinglePage::add('/dashboard/system/mail/method/test_settings');
         $sp->update(array('cName' => t('Test Mail Settings')));
         $sp->setAttribute('meta_keywords', 'test smtp, test mail');
     }
 }
示例#3
0
 public function assignPermissions($userOrGroup, $permissions = array(), $accessType = PagePermissionKey::ACCESS_TYPE_INCLUDE)
 {
     if ($this->cInheritPermissionsFrom != 'OVERRIDE') {
         $this->setPermissionsToManualOverride();
         $this->clearPagePermissions();
     }
     if (is_array($userOrGroup)) {
         $pe = GroupCombinationPermissionAccessEntity::getOrCreate($userOrGroup);
         // group combination
     } else {
         if ($userOrGroup instanceof User || $userOrGroup instanceof UserInfo) {
             $pe = UserPermissionAccessEntity::getOrCreate($userOrGroup);
         } else {
             // group;
             $pe = GroupPermissionAccessEntity::getOrCreate($userOrGroup);
         }
     }
     foreach ($permissions as $pkHandle) {
         $pk = PagePermissionKey::getByHandle($pkHandle);
         $pk->setPermissionObject($this);
         $pa = $pk->getPermissionAccessObject();
         if (!is_object($pa)) {
             $pa = PermissionAccess::create($pk);
         }
         $pa->addListItem($pe, false, $accessType);
         $pt = $pk->getPermissionAssignmentObject();
         $pt->assignPermissionAccess($pa);
         $this->loadPermissionAssignments();
     }
 }
示例#4
0
    protected function migrateBlockPermissions()
    {
        if (PERMISSIONS_MODEL == 'simple') {
            return;
        }
        $db = Loader::db();
        $tables = $db->MetaTables();
        if (!in_array('CollectionVersionBlockPermissions', $tables)) {
            return false;
        }
        // permissions
        $permissionMap = array('r' => array(PermissionKey::getByHandle('view_block')), 'wa' => array(PermissionKey::getByHandle('edit_block'), PermissionKey::getByHandle('edit_block_custom_template'), PermissionKey::getByHandle('edit_block_design')), 'db' => array(PermissionKey::getByHandle('delete_block'), PermissionKey::getByHandle('schedule_guest_access'), PermissionKey::getByHandle('edit_block_permissions')));
        $r = $db->Execute('select * from CollectionVersionBlockPermissions order by cID asc');
        while ($row = $r->FetchRow()) {
            $pe = $this->migrateAccessEntity($row);
            if (!$pe) {
                continue;
            }
            $permissions = $this->getPermissionsArray($row['cbgPermissions']);
            $co = Page::getByID($row['cID'], $row['cvID']);
            if (!is_object($co) || $co->isError()) {
                continue;
            }
            $arHandle = $db->GetOne('select arHandle from CollectionVersionBlocks cvb where cvb.cID = ? and 
				cvb.cvID = ? and cvb.bID = ?', array($row['cID'], $row['cvID'], $row['bID']));
            $a = Area::get($co, $arHandle);
            $bo = Block::getByID($row['bID'], $co, $a);
            if (is_object($bo)) {
                foreach ($permissions as $p) {
                    $permissionsToApply = $permissionMap[$p];
                    foreach ($permissionsToApply as $pko) {
                        $pko->setPermissionObject($bo);
                        $pt = $pko->getPermissionAssignmentObject();
                        $pa = $pko->getPermissionAccessObject();
                        if (!is_object($pa)) {
                            $pa = PermissionAccess::create($pko);
                        } else {
                            if ($pa->isPermissionAccessInUse()) {
                                $pa = $pa->duplicate();
                            }
                        }
                        $pa->addListItem($pe, false, BlockPermissionKey::ACCESS_TYPE_INCLUDE);
                        $pt->assignPermissionAccess($pa);
                    }
                }
            }
        }
    }
示例#5
0
 public function assignPermissions($userOrGroup, $permissions = array(), $accessType = FileSetPermissionKey::ACCESS_TYPE_INCLUDE)
 {
     $db = Loader::db();
     if ($this->fsID > 0) {
         $db->Execute("update FileSets set fsOverrideGlobalPermissions = 1 where fsID = ?", array($this->fsID));
         $this->fsOverrideGlobalPermissions = true;
     }
     if (is_array($userOrGroup)) {
         $pe = GroupCombinationPermissionAccessEntity::getOrCreate($userOrGroup);
         // group combination
     } else {
         if ($userOrGroup instanceof User || $userOrGroup instanceof UserInfo) {
             $pe = UserPermissionAccessEntity::getOrCreate($userOrGroup);
         } else {
             // group;
             $pe = GroupPermissionAccessEntity::getOrCreate($userOrGroup);
         }
     }
     foreach ($permissions as $pkHandle) {
         $pk = PermissionKey::getByHandle($pkHandle);
         $pk->setPermissionObject($this);
         $pa = $pk->getPermissionAccessObject();
         if (!is_object($pa)) {
             $pa = PermissionAccess::create($pk);
         } else {
             if ($pa->isPermissionAccessInUse()) {
                 $pa = $pa->duplicate();
             }
         }
         $pa->addListItem($pe, false, $accessType);
         $pt = $pk->getPermissionAssignmentObject();
         $pt->assignPermissionAccess($pa);
     }
 }
示例#6
0
<? defined('C5_EXECUTE') or die("Access Denied."); ?>

<? 
if ($_REQUEST['paID'] && $_REQUEST['paID'] > 0) { 
	$pa = PermissionAccess::getByID($_REQUEST['paID'], $permissionKey);
	if ($pa->isPermissionAccessInUse()) {
		$pa = $pa->duplicate();
	}
} else { 
	$pa = PermissionAccess::create($permissionKey);
}

?>

<div class="ccm-ui" id="ccm-permission-detail">
<form id="ccm-permissions-detail-form" onsubmit="return ccm_submitPermissionsDetailForm()" method="post" action="<?php 
echo $permissionKey->getPermissionAssignmentObject()->getPermissionKeyToolsURL();
?>
">

<input type="hidden" name="paID" value="<?php 
echo $pa->getPermissionAccessID();
?>
" />

<? $workflows = Workflow::getList();?>

<? Loader::element('permission/message_list'); ?>

<?
$tabs = array();
示例#7
0
 private function setPermissions()
 {
     /*
      * This only covers permissions in 5.6+ They changed quite massively at
      * that revision. Eventually, this package will have other branches for 
      * earlier versions.
      * 
      * Not everything shown here will work with simple permissions. People 
      * will just be set as able to view or admin, the nuanced stuff about 
      * sub page permissions, etc will not be applied
      * 
      * First off, we need to set up arrays of what people are allowed to do.
      */
     $viewOnly = array('view_page');
     $writePage = array('view_page', 'view_page_versions', 'edit_page_properties', 'edit_page_contents', 'approve_page_versions');
     $adminPage = array('edit_page_speed_settings', 'edit_page_permissions', 'edit_page_theme', 'schedule_page_contents_guest_access', 'edit_page_type', 'delete_page', 'preview_page_as_user', 'delete_page_versions', 'move_or_copy_page', 'edit_page_type');
     // Now to get the the group that we made for boilerplate
     $bpGroup = Group::getByName("Boilerplate Admins");
     // Then the current user, again, could be anyone
     $u = new User();
     $ui = UserInfo::getByID($u->getUserID());
     // and our sample page
     $bpPage = Page::getByPath('/boilerplate-sample');
     if (is_object($bpPage) && is_a($bpPage, "Page")) {
         // by passing in -1, we are saying that all permissions in the array are
         // not allowed
         //
         // After some more digging, it seems like saying can't view doesn't
         // work properly. It will hide the page from everyone. If you simply
         // don't assign any permissions for them at all, then it works properly
         // I don't get why that is, might be a bug.
         //
         //			$bpPage->assignPermissions(Group::getByID(GUEST_GROUP_ID), $viewOnly, -1);
         //			$bpPage->assignPermissions(Group::getByID(REGISTERED_GROUP_ID), $viewOnly, -1);
         $bpPage->assignPermissions(Group::getByID(ADMIN_GROUP_ID), $adminPage);
         $bpPage->assignPermissions(Group::getByID(ADMIN_GROUP_ID), $writePage);
         $bpPage->assignPermissions($bpGroup, $writePage);
         $bpPage->assignPermissions($ui, $writePage);
         // at this point, our page will let people edit, and others can't even view
         // in order to allow sub-pages to be added by our admins, we'll need to get
         // a _bit_ more complicated.
         // this could probbly be cleaned up a little, to be more efficient
         // first get the ctID of the page type we want them to be able to add
         $bpID = CollectionType::getByHandle('boilerplate')->getCollectionTypeID();
         // In order to allow the user to add sub pages, we need to do this
         $bpAdminUserPE = UserPermissionAccessEntity::getOrCreate($ui);
         $entities[] = $bpAdminUserPE;
         // lets them add external links
         $args = array();
         $args['allowExternalLinksIncluded'][$bpAdminUserPE->getAccessEntityID()] = 1;
         // I can't remember why it's "C" or what the other options are...
         $args['pageTypesIncluded'][$bpAdminUserPE->getAccessEntityID()] = 'C';
         // you can repeat this with as many different collection type IDs as you like
         $args['ctIDInclude'][$bpAdminUserPE->getAccessEntityID()][] = $bpID;
         // now to allow it for groups
         $bpAdminPE = GroupPermissionAccessEntity::getOrCreate($bpGroup);
         $entities[] = $bpAdminPE;
         $args['allowExternalLinksIncluded'][$bpAdminPE->getAccessEntityID()] = 1;
         $args['pageTypesIncluded'][$bpAdminPE->getAccessEntityID()] = 'C';
         $args['ctIDInclude'][$bpAdminPE->getAccessEntityID()][] = $bpID;
         // ordinary admins
         $adminPE = GroupPermissionAccessEntity::getOrCreate(Group::getByID(ADMIN_GROUP_ID));
         $entities[] = $adminPE;
         $args['allowExternalLinksIncluded'][$adminPE->getAccessEntityID()] = 1;
         $args['pageTypesIncluded'][$adminPE->getAccessEntityID()] = 'C';
         $args['ctIDInclude'][$adminPE->getAccessEntityID()][] = $bpID;
         // and now some crazy voodoo
         $pk = PagePermissionKey::getByHandle('add_subpage');
         $pk->setPermissionObject($bpPage);
         $pt = $pk->getPermissionAssignmentObject();
         $pa = $pk->getPermissionAccessObject();
         if (!is_object($pa)) {
             $pa = PermissionAccess::create($pk);
         }
         foreach ($entities as $pe) {
             $pa->addListItem($pe, false, PagePermissionKey::ACCESS_TYPE_INCLUDE);
         }
         $pa->save($args);
         $pt->assignPermissionAccess($pa);
         // and now we set it so that sub-pages added under this page
         // inherit the same permissions
         $pkr = new ChangeSubpageDefaultsInheritancePageWorkflowRequest();
         $pkr->setRequestedPage($bpPage);
         // if you pass in 0, they will inherit from page type default
         // permissions in the dashboard. That's what they would do anyway,
         // if you don't do any of this stuff.
         $pkr->setPagePermissionsInheritance(1);
         $pkr->setRequesterUserID($u->getUserID());
         $pkr->trigger();
     }
 }
示例#8
0
文件: block.php 项目: nveid/concrete5
				$pt->clearPermissionAssignment();
				if ($paID > 0) {
					$pa = PermissionAccess::getByID($paID, $pk);
					if (is_object($pa)) {
						$pt->assignPermissionAccess($pa);
					}			
				}
			}
		}

	}
	if ($p->canScheduleGuestAccess()) { 
		if ($_REQUEST['task'] == 'set_timed_guest_access' && Loader::helper("validation/token")->validate('set_timed_guest_access')) {
			if (!$b->overrideAreaPermissions()) {
				$b->doOverrideAreaPermissions();
			}
			$pk = PermissionKey::getByHandle('view_block');
			$pk->setPermissionObject($b);
			$pa = $pk->getPermissionAccessObject();
			if (!is_object($pa)) {
				$pa = PermissionAccess::create($pk);
			}
			$pe = GroupPermissionAccessEntity::getOrCreate(Group::getByID(GUEST_GROUP_ID));
			$pd = PermissionDuration::translateFromRequest();
			$pa->addListItem($pe, $pd, BlockPermissionKey::ACCESS_TYPE_INCLUDE);
			$pt = $pk->getPermissionAssignmentObject();
			$pt->assignPermissionAccess($pa);
		}
	}
}
示例#9
0
文件: site.php 项目: nveid/concrete5
 public function view()
 {
     if (PERMISSIONS_MODEL != 'simple') {
         return;
     }
     $editAccess = array();
     $home = Page::getByID(1, "RECENT");
     $pk = PermissionKey::getByHandle('view_page');
     $pk->setPermissionObject($home);
     $assignments = $pk->getAccessListItems();
     foreach ($assignments as $asi) {
         $ae = $asi->getAccessEntityObject();
         if ($ae->getAccessEntityTypeHandle() == 'group' && $ae->getGroupObject()->getGroupID() == GUEST_GROUP_ID) {
             $this->set('guestCanRead', true);
         } else {
             if ($ae->getAccessEntityTypeHandle() == 'group' && $ae->getGroupObject()->getGroupID() == REGISTERED_GROUP_ID) {
                 $this->set('registeredCanRead', true);
             }
         }
     }
     Loader::model('search/group');
     $gl = new GroupSearch();
     $gl->filter('gID', REGISTERED_GROUP_ID, '>');
     $gIDs = $gl->get();
     $gArray = array();
     foreach ($gIDs as $gID) {
         $gArray[] = Group::getByID($gID['gID']);
     }
     $pk = PermissionKey::getByHandle('edit_page_contents');
     $pk->setPermissionObject($home);
     $assignments = $pk->getAccessListItems();
     foreach ($assignments as $asi) {
         $ae = $asi->getAccessEntityObject();
         if ($ae->getAccessEntityTypeHandle() == 'group') {
             $editAccess[] = $ae->getGroupObject()->getGroupID();
         }
     }
     $this->set('home', $home);
     $this->set('gArray', $gArray);
     $this->set('editAccess', $editAccess);
     if ($this->isPost()) {
         if ($this->token->validate('site_permissions_code')) {
             switch ($_POST['view']) {
                 case "ANYONE":
                     $viewObj = GroupPermissionAccessEntity::getOrCreate(Group::getByID(GUEST_GROUP_ID));
                     break;
                 case "USERS":
                     $viewObj = GroupPermissionAccessEntity::getOrCreate(Group::getByID(REGISTERED_GROUP_ID));
                     break;
                 case "PRIVATE":
                     $viewObj = GroupPermissionAccessEntity::getOrCreate(Group::getByID(ADMIN_GROUP_ID));
                     break;
             }
             $pk = PermissionKey::getByHandle('view_page');
             $pk->setPermissionObject($home);
             $pt = $pk->getPermissionAssignmentObject();
             $pt->clearPermissionAssignment();
             $pa = PermissionAccess::create($pk);
             $pa->addListItem($viewObj);
             $pt->assignPermissionAccess($pa);
             $editAccessEntities = array();
             if (is_array($_POST['gID'])) {
                 foreach ($_POST['gID'] as $gID) {
                     $editAccessEntities[] = GroupPermissionAccessEntity::getOrCreate(Group::getByID($gID));
                 }
             }
             $editPermissions = array('view_page_versions', 'edit_page_properties', 'edit_page_contents', 'edit_page_speed_settings', 'edit_page_theme', 'edit_page_type', 'edit_page_permissions', 'delete_page', 'preview_page_as_user', 'schedule_page_contents_guest_access', 'delete_page_versions', 'approve_page_versions', 'add_subpage', 'move_or_copy_page');
             foreach ($editPermissions as $pkHandle) {
                 $pk = PermissionKey::getByHandle($pkHandle);
                 $pk->setPermissionObject($home);
                 $pt = $pk->getPermissionAssignmentObject();
                 $pt->clearPermissionAssignment();
                 $pa = PermissionAccess::create($pk);
                 foreach ($editAccessEntities as $editObj) {
                     $pa->addListItem($editObj);
                 }
                 $pt->assignPermissionAccess($pa);
             }
             $pkx = PermissionKey::getbyHandle('add_block');
             $pt = $pkx->getPermissionAssignmentObject();
             $pt->clearPermissionAssignment();
             $pa = PermissionAccess::create($pkx);
             foreach ($editAccessEntities as $editObj) {
                 $pa->addListItem($editObj);
             }
             $pt->assignPermissionAccess($pa);
             $pkx = PermissionKey::getbyHandle('add_stack');
             $pt = $pkx->getPermissionAssignmentObject();
             $pt->clearPermissionAssignment();
             $pa = PermissionAccess::create($pkx);
             foreach ($editAccessEntities as $editObj) {
                 $pa->addListItem($editObj);
             }
             $pt->assignPermissionAccess($pa);
             Cache::flush();
             $this->redirect('/dashboard/system/permissions/site/', 'saved');
         } else {
             $this->error->add($this->token->getErrorMessage());
         }
     }
 }
示例#10
0
	protected function importPermissions(SimpleXMLElement $sx) {
		if (isset($sx->permissionkeys)) {
			foreach($sx->permissionkeys->permissionkey as $pk) {
				$pkc = PermissionKeyCategory::getByHandle((string) $pk['category']);
				$pkg = ContentImporter::getPackageObject($pk['package']);
				$txt = Loader::helper('text');
				$className = $txt->camelcase($pkc->getPermissionKeyCategoryHandle());
				$c1 = $className . 'PermissionKey';
				$pkx = call_user_func(array($c1, 'import'), $pk);	
				if (isset($pk->access)) {
					foreach($pk->access->children() as $ch) {
						if ($ch->getName() == 'group') {
							$g = Group::getByName($ch['name']);
							if (!is_object($g)) {
								$g = Group::add($g['name'], $g['description']);
							}
							$pae = GroupPermissionAccessEntity::getOrCreate($g);
							$pa = PermissionAccess::create($pkx);
							$pa->addListItem($pae);
							$pt = $pkx->getPermissionAssignmentObject();
							$pt->assignPermissionAccess($pa);
						}
					}
				}
			
			}
		}
	}
示例#11
0
<?php

defined('C5_EXECUTE') or die("Access Denied.");
?>

<?php 
$permissionAccess = $key->getPermissionAssignmentObject()->getPermissionAccessObject();
if (!is_object($permissionAccess)) {
    $permissionAccess = PermissionAccess::create($key);
}
?>
<form id="ccm-permissions-detail-form" onsubmit="return ccm_submitPermissionsDetailForm()" method="post" action="<?php 
echo $key->getPermissionAssignmentObject()->getPermissionKeyToolsURL();
?>
">


	<input type="hidden" name="paID" value="<?php 
echo $permissionAccess->getPermissionAccessID();
?>
" />

	<div id="ccm-tab-content-access-types">
		<?php 
View::element('permission/keys/notify_in_notification_center', array('permissionAccess' => $permissionAccess));
?>

	</div>


	<div class="ccm-dashboard-form-actions-wrapper" style="display:none">