public function copyFromFileSetToFile()
{
$db = Loader::db();
$paID = $this->getPermissionAccessID();
if (is_array($paID)) {
// we have to merge the permissions access object into a new one.
$pa = PermissionAccess::create($this);
foreach ($paID as $paID) {
$pax = PermissionAccess::getByID($paID, $this);
$pax->duplicate($pa);
}
$paID = $pa->getPermissionAccessID();
}
if ($paID) {
$db = Loader::db();
$db->Replace('FilePermissionAssignments', array('fID' => $this->permissionObject->getFileID(), 'pkID' => $this->getPermissionKeyID(), 'paID' => $paID), array('fID', 'paID', 'pkID'), true);
}
}
public function run()
{
$bt = BlockType::getByHandle('guestbook');
if (is_object($bt)) {
$bt->refresh();
}
// add user export users task permission
$pk = PermissionKey::getByHandle('access_user_search_export');
if (!$pk instanceof PermissionKey) {
$pk = PermissionKey::add('user', 'access_user_search_export', 'Export Site Users', 'Controls whether a user can export site users or not', false, false);
$pa = $pk->getPermissionAccessObject();
if (!is_object($pa)) {
$pa = PermissionAccess::create($pk);
}
$adminGroup = Group::getByID(ADMIN_GROUP_ID);
//Make sure "Adminstrators" group still exists
if ($adminGroup) {
$adminGroupEntity = GroupPermissionAccessEntity::getOrCreate($adminGroup);
$pa->addListItem($adminGroupEntity);
$pt = $pk->getPermissionAssignmentObject();
$pt->assignPermissionAccess($pa);
}
}
if (!Config::get('SECURITY_TOKEN_JOBS')) {
Config::save('SECURITY_TOKEN_JOBS', Loader::helper('validation/identifier')->getString(64));
}
if (!Config::get('SECURITY_TOKEN_ENCRYPTION')) {
Config::save('SECURITY_TOKEN_ENCRYPTION', Loader::helper('validation/identifier')->getString(64));
}
if (!Config::get('SECURITY_TOKEN_VALIDATION')) {
Config::save('SECURITY_TOKEN_VALIDATION', Loader::helper('validation/identifier')->getString(64));
}
$sp = Page::getByPath('/dashboard/system/mail/method/test_settings');
if (!is_object($sp) || $sp->isError()) {
$sp = SinglePage::add('/dashboard/system/mail/method/test_settings');
$sp->update(array('cName' => t('Test Mail Settings')));
$sp->setAttribute('meta_keywords', 'test smtp, test mail');
}
}
public function assignPermissions($userOrGroup, $permissions = array(), $accessType = PagePermissionKey::ACCESS_TYPE_INCLUDE)
{
if ($this->cInheritPermissionsFrom != 'OVERRIDE') {
$this->setPermissionsToManualOverride();
$this->clearPagePermissions();
}
if (is_array($userOrGroup)) {
$pe = GroupCombinationPermissionAccessEntity::getOrCreate($userOrGroup);
// group combination
} else {
if ($userOrGroup instanceof User || $userOrGroup instanceof UserInfo) {
$pe = UserPermissionAccessEntity::getOrCreate($userOrGroup);
} else {
// group;
$pe = GroupPermissionAccessEntity::getOrCreate($userOrGroup);
}
}
foreach ($permissions as $pkHandle) {
$pk = PagePermissionKey::getByHandle($pkHandle);
$pk->setPermissionObject($this);
$pa = $pk->getPermissionAccessObject();
if (!is_object($pa)) {
$pa = PermissionAccess::create($pk);
}
$pa->addListItem($pe, false, $accessType);
$pt = $pk->getPermissionAssignmentObject();
$pt->assignPermissionAccess($pa);
$this->loadPermissionAssignments();
}
}
protected function migrateBlockPermissions()
{
if (PERMISSIONS_MODEL == 'simple') {
return;
}
$db = Loader::db();
$tables = $db->MetaTables();
if (!in_array('CollectionVersionBlockPermissions', $tables)) {
return false;
}
// permissions
$permissionMap = array('r' => array(PermissionKey::getByHandle('view_block')), 'wa' => array(PermissionKey::getByHandle('edit_block'), PermissionKey::getByHandle('edit_block_custom_template'), PermissionKey::getByHandle('edit_block_design')), 'db' => array(PermissionKey::getByHandle('delete_block'), PermissionKey::getByHandle('schedule_guest_access'), PermissionKey::getByHandle('edit_block_permissions')));
$r = $db->Execute('select * from CollectionVersionBlockPermissions order by cID asc');
while ($row = $r->FetchRow()) {
$pe = $this->migrateAccessEntity($row);
if (!$pe) {
continue;
}
$permissions = $this->getPermissionsArray($row['cbgPermissions']);
$co = Page::getByID($row['cID'], $row['cvID']);
if (!is_object($co) || $co->isError()) {
continue;
}
$arHandle = $db->GetOne('select arHandle from CollectionVersionBlocks cvb where cvb.cID = ? and
cvb.cvID = ? and cvb.bID = ?', array($row['cID'], $row['cvID'], $row['bID']));
$a = Area::get($co, $arHandle);
$bo = Block::getByID($row['bID'], $co, $a);
if (is_object($bo)) {
foreach ($permissions as $p) {
$permissionsToApply = $permissionMap[$p];
foreach ($permissionsToApply as $pko) {
$pko->setPermissionObject($bo);
$pt = $pko->getPermissionAssignmentObject();
$pa = $pko->getPermissionAccessObject();
if (!is_object($pa)) {
$pa = PermissionAccess::create($pko);
} else {
if ($pa->isPermissionAccessInUse()) {
$pa = $pa->duplicate();
}
}
$pa->addListItem($pe, false, BlockPermissionKey::ACCESS_TYPE_INCLUDE);
$pt->assignPermissionAccess($pa);
}
}
}
}
}
public function assignPermissions($userOrGroup, $permissions = array(), $accessType = FileSetPermissionKey::ACCESS_TYPE_INCLUDE)
{
$db = Loader::db();
if ($this->fsID > 0) {
$db->Execute("update FileSets set fsOverrideGlobalPermissions = 1 where fsID = ?", array($this->fsID));
$this->fsOverrideGlobalPermissions = true;
}
if (is_array($userOrGroup)) {
$pe = GroupCombinationPermissionAccessEntity::getOrCreate($userOrGroup);
// group combination
} else {
if ($userOrGroup instanceof User || $userOrGroup instanceof UserInfo) {
$pe = UserPermissionAccessEntity::getOrCreate($userOrGroup);
} else {
// group;
$pe = GroupPermissionAccessEntity::getOrCreate($userOrGroup);
}
}
foreach ($permissions as $pkHandle) {
$pk = PermissionKey::getByHandle($pkHandle);
$pk->setPermissionObject($this);
$pa = $pk->getPermissionAccessObject();
if (!is_object($pa)) {
$pa = PermissionAccess::create($pk);
} else {
if ($pa->isPermissionAccessInUse()) {
$pa = $pa->duplicate();
}
}
$pa->addListItem($pe, false, $accessType);
$pt = $pk->getPermissionAssignmentObject();
$pt->assignPermissionAccess($pa);
}
}
<? defined('C5_EXECUTE') or die("Access Denied."); ?>
<?
if ($_REQUEST['paID'] && $_REQUEST['paID'] > 0) {
$pa = PermissionAccess::getByID($_REQUEST['paID'], $permissionKey);
if ($pa->isPermissionAccessInUse()) {
$pa = $pa->duplicate();
}
} else {
$pa = PermissionAccess::create($permissionKey);
}
?>
<div class="ccm-ui" id="ccm-permission-detail">
<form id="ccm-permissions-detail-form" onsubmit="return ccm_submitPermissionsDetailForm()" method="post" action="<?php
echo $permissionKey->getPermissionAssignmentObject()->getPermissionKeyToolsURL();
?>
">
<input type="hidden" name="paID" value="<?php
echo $pa->getPermissionAccessID();
?>
" />
<? $workflows = Workflow::getList();?>
<? Loader::element('permission/message_list'); ?>
<?
$tabs = array();
private function setPermissions()
{
/*
* This only covers permissions in 5.6+ They changed quite massively at
* that revision. Eventually, this package will have other branches for
* earlier versions.
*
* Not everything shown here will work with simple permissions. People
* will just be set as able to view or admin, the nuanced stuff about
* sub page permissions, etc will not be applied
*
* First off, we need to set up arrays of what people are allowed to do.
*/
$viewOnly = array('view_page');
$writePage = array('view_page', 'view_page_versions', 'edit_page_properties', 'edit_page_contents', 'approve_page_versions');
$adminPage = array('edit_page_speed_settings', 'edit_page_permissions', 'edit_page_theme', 'schedule_page_contents_guest_access', 'edit_page_type', 'delete_page', 'preview_page_as_user', 'delete_page_versions', 'move_or_copy_page', 'edit_page_type');
// Now to get the the group that we made for boilerplate
$bpGroup = Group::getByName("Boilerplate Admins");
// Then the current user, again, could be anyone
$u = new User();
$ui = UserInfo::getByID($u->getUserID());
// and our sample page
$bpPage = Page::getByPath('/boilerplate-sample');
if (is_object($bpPage) && is_a($bpPage, "Page")) {
// by passing in -1, we are saying that all permissions in the array are
// not allowed
//
// After some more digging, it seems like saying can't view doesn't
// work properly. It will hide the page from everyone. If you simply
// don't assign any permissions for them at all, then it works properly
// I don't get why that is, might be a bug.
//
// $bpPage->assignPermissions(Group::getByID(GUEST_GROUP_ID), $viewOnly, -1);
// $bpPage->assignPermissions(Group::getByID(REGISTERED_GROUP_ID), $viewOnly, -1);
$bpPage->assignPermissions(Group::getByID(ADMIN_GROUP_ID), $adminPage);
$bpPage->assignPermissions(Group::getByID(ADMIN_GROUP_ID), $writePage);
$bpPage->assignPermissions($bpGroup, $writePage);
$bpPage->assignPermissions($ui, $writePage);
// at this point, our page will let people edit, and others can't even view
// in order to allow sub-pages to be added by our admins, we'll need to get
// a _bit_ more complicated.
// this could probbly be cleaned up a little, to be more efficient
// first get the ctID of the page type we want them to be able to add
$bpID = CollectionType::getByHandle('boilerplate')->getCollectionTypeID();
// In order to allow the user to add sub pages, we need to do this
$bpAdminUserPE = UserPermissionAccessEntity::getOrCreate($ui);
$entities[] = $bpAdminUserPE;
// lets them add external links
$args = array();
$args['allowExternalLinksIncluded'][$bpAdminUserPE->getAccessEntityID()] = 1;
// I can't remember why it's "C" or what the other options are...
$args['pageTypesIncluded'][$bpAdminUserPE->getAccessEntityID()] = 'C';
// you can repeat this with as many different collection type IDs as you like
$args['ctIDInclude'][$bpAdminUserPE->getAccessEntityID()][] = $bpID;
// now to allow it for groups
$bpAdminPE = GroupPermissionAccessEntity::getOrCreate($bpGroup);
$entities[] = $bpAdminPE;
$args['allowExternalLinksIncluded'][$bpAdminPE->getAccessEntityID()] = 1;
$args['pageTypesIncluded'][$bpAdminPE->getAccessEntityID()] = 'C';
$args['ctIDInclude'][$bpAdminPE->getAccessEntityID()][] = $bpID;
// ordinary admins
$adminPE = GroupPermissionAccessEntity::getOrCreate(Group::getByID(ADMIN_GROUP_ID));
$entities[] = $adminPE;
$args['allowExternalLinksIncluded'][$adminPE->getAccessEntityID()] = 1;
$args['pageTypesIncluded'][$adminPE->getAccessEntityID()] = 'C';
$args['ctIDInclude'][$adminPE->getAccessEntityID()][] = $bpID;
// and now some crazy voodoo
$pk = PagePermissionKey::getByHandle('add_subpage');
$pk->setPermissionObject($bpPage);
$pt = $pk->getPermissionAssignmentObject();
$pa = $pk->getPermissionAccessObject();
if (!is_object($pa)) {
$pa = PermissionAccess::create($pk);
}
foreach ($entities as $pe) {
$pa->addListItem($pe, false, PagePermissionKey::ACCESS_TYPE_INCLUDE);
}
$pa->save($args);
$pt->assignPermissionAccess($pa);
// and now we set it so that sub-pages added under this page
// inherit the same permissions
$pkr = new ChangeSubpageDefaultsInheritancePageWorkflowRequest();
$pkr->setRequestedPage($bpPage);
// if you pass in 0, they will inherit from page type default
// permissions in the dashboard. That's what they would do anyway,
// if you don't do any of this stuff.
$pkr->setPagePermissionsInheritance(1);
$pkr->setRequesterUserID($u->getUserID());
$pkr->trigger();
}
}
$pt->clearPermissionAssignment();
if ($paID > 0) {
$pa = PermissionAccess::getByID($paID, $pk);
if (is_object($pa)) {
$pt->assignPermissionAccess($pa);
}
}
}
}
}
if ($p->canScheduleGuestAccess()) {
if ($_REQUEST['task'] == 'set_timed_guest_access' && Loader::helper("validation/token")->validate('set_timed_guest_access')) {
if (!$b->overrideAreaPermissions()) {
$b->doOverrideAreaPermissions();
}
$pk = PermissionKey::getByHandle('view_block');
$pk->setPermissionObject($b);
$pa = $pk->getPermissionAccessObject();
if (!is_object($pa)) {
$pa = PermissionAccess::create($pk);
}
$pe = GroupPermissionAccessEntity::getOrCreate(Group::getByID(GUEST_GROUP_ID));
$pd = PermissionDuration::translateFromRequest();
$pa->addListItem($pe, $pd, BlockPermissionKey::ACCESS_TYPE_INCLUDE);
$pt = $pk->getPermissionAssignmentObject();
$pt->assignPermissionAccess($pa);
}
}
}
public function view()
{
if (PERMISSIONS_MODEL != 'simple') {
return;
}
$editAccess = array();
$home = Page::getByID(1, "RECENT");
$pk = PermissionKey::getByHandle('view_page');
$pk->setPermissionObject($home);
$assignments = $pk->getAccessListItems();
foreach ($assignments as $asi) {
$ae = $asi->getAccessEntityObject();
if ($ae->getAccessEntityTypeHandle() == 'group' && $ae->getGroupObject()->getGroupID() == GUEST_GROUP_ID) {
$this->set('guestCanRead', true);
} else {
if ($ae->getAccessEntityTypeHandle() == 'group' && $ae->getGroupObject()->getGroupID() == REGISTERED_GROUP_ID) {
$this->set('registeredCanRead', true);
}
}
}
Loader::model('search/group');
$gl = new GroupSearch();
$gl->filter('gID', REGISTERED_GROUP_ID, '>');
$gIDs = $gl->get();
$gArray = array();
foreach ($gIDs as $gID) {
$gArray[] = Group::getByID($gID['gID']);
}
$pk = PermissionKey::getByHandle('edit_page_contents');
$pk->setPermissionObject($home);
$assignments = $pk->getAccessListItems();
foreach ($assignments as $asi) {
$ae = $asi->getAccessEntityObject();
if ($ae->getAccessEntityTypeHandle() == 'group') {
$editAccess[] = $ae->getGroupObject()->getGroupID();
}
}
$this->set('home', $home);
$this->set('gArray', $gArray);
$this->set('editAccess', $editAccess);
if ($this->isPost()) {
if ($this->token->validate('site_permissions_code')) {
switch ($_POST['view']) {
case "ANYONE":
$viewObj = GroupPermissionAccessEntity::getOrCreate(Group::getByID(GUEST_GROUP_ID));
break;
case "USERS":
$viewObj = GroupPermissionAccessEntity::getOrCreate(Group::getByID(REGISTERED_GROUP_ID));
break;
case "PRIVATE":
$viewObj = GroupPermissionAccessEntity::getOrCreate(Group::getByID(ADMIN_GROUP_ID));
break;
}
$pk = PermissionKey::getByHandle('view_page');
$pk->setPermissionObject($home);
$pt = $pk->getPermissionAssignmentObject();
$pt->clearPermissionAssignment();
$pa = PermissionAccess::create($pk);
$pa->addListItem($viewObj);
$pt->assignPermissionAccess($pa);
$editAccessEntities = array();
if (is_array($_POST['gID'])) {
foreach ($_POST['gID'] as $gID) {
$editAccessEntities[] = GroupPermissionAccessEntity::getOrCreate(Group::getByID($gID));
}
}
$editPermissions = array('view_page_versions', 'edit_page_properties', 'edit_page_contents', 'edit_page_speed_settings', 'edit_page_theme', 'edit_page_type', 'edit_page_permissions', 'delete_page', 'preview_page_as_user', 'schedule_page_contents_guest_access', 'delete_page_versions', 'approve_page_versions', 'add_subpage', 'move_or_copy_page');
foreach ($editPermissions as $pkHandle) {
$pk = PermissionKey::getByHandle($pkHandle);
$pk->setPermissionObject($home);
$pt = $pk->getPermissionAssignmentObject();
$pt->clearPermissionAssignment();
$pa = PermissionAccess::create($pk);
foreach ($editAccessEntities as $editObj) {
$pa->addListItem($editObj);
}
$pt->assignPermissionAccess($pa);
}
$pkx = PermissionKey::getbyHandle('add_block');
$pt = $pkx->getPermissionAssignmentObject();
$pt->clearPermissionAssignment();
$pa = PermissionAccess::create($pkx);
foreach ($editAccessEntities as $editObj) {
$pa->addListItem($editObj);
}
$pt->assignPermissionAccess($pa);
$pkx = PermissionKey::getbyHandle('add_stack');
$pt = $pkx->getPermissionAssignmentObject();
$pt->clearPermissionAssignment();
$pa = PermissionAccess::create($pkx);
foreach ($editAccessEntities as $editObj) {
$pa->addListItem($editObj);
}
$pt->assignPermissionAccess($pa);
Cache::flush();
$this->redirect('/dashboard/system/permissions/site/', 'saved');
} else {
$this->error->add($this->token->getErrorMessage());
}
}
}
protected function importPermissions(SimpleXMLElement $sx) {
if (isset($sx->permissionkeys)) {
foreach($sx->permissionkeys->permissionkey as $pk) {
$pkc = PermissionKeyCategory::getByHandle((string) $pk['category']);
$pkg = ContentImporter::getPackageObject($pk['package']);
$txt = Loader::helper('text');
$className = $txt->camelcase($pkc->getPermissionKeyCategoryHandle());
$c1 = $className . 'PermissionKey';
$pkx = call_user_func(array($c1, 'import'), $pk);
if (isset($pk->access)) {
foreach($pk->access->children() as $ch) {
if ($ch->getName() == 'group') {
$g = Group::getByName($ch['name']);
if (!is_object($g)) {
$g = Group::add($g['name'], $g['description']);
}
$pae = GroupPermissionAccessEntity::getOrCreate($g);
$pa = PermissionAccess::create($pkx);
$pa->addListItem($pae);
$pt = $pkx->getPermissionAssignmentObject();
$pt->assignPermissionAccess($pa);
}
}
}
}
}
}
<?php
defined('C5_EXECUTE') or die("Access Denied.");
?>
<?php
$permissionAccess = $key->getPermissionAssignmentObject()->getPermissionAccessObject();
if (!is_object($permissionAccess)) {
$permissionAccess = PermissionAccess::create($key);
}
?>
<form id="ccm-permissions-detail-form" onsubmit="return ccm_submitPermissionsDetailForm()" method="post" action="<?php
echo $key->getPermissionAssignmentObject()->getPermissionKeyToolsURL();
?>
">
<input type="hidden" name="paID" value="<?php
echo $permissionAccess->getPermissionAccessID();
?>
" />
<div id="ccm-tab-content-access-types">
<?php
View::element('permission/keys/notify_in_notification_center', array('permissionAccess' => $permissionAccess));
?>
</div>
<div class="ccm-dashboard-form-actions-wrapper" style="display:none">