/**
* Unit test for eZPolicy::saveTemporary()
*/
public function testSaveTemporary()
{
// Get the first policy from the anonymous role
$policyList = $this->getRole()->policyList();
$policy = current($policyList);
$originalPolicyID = $policy->attribute('id');
// The first fetch should create the temporary copy
$temporaryPolicy = eZPolicy::fetchTemporaryCopy($policy->attribute('id'));
$temporaryPolicy->saveTemporary();
// Check that the temporary policy has been moved to original
$this->assertEquals(0, $temporaryPolicy->attribute('original_id'));
// Check that the source policy has been removed
$oldPolicy = eZPolicy::fetch($originalPolicyID);
$this->assertNull($oldPolicy);
}
$nodeLimitation = eZPolicyLimitation::fetchByIdentifier($policy->attribute('id'), 'Node');
if ($nodeLimitation == null) {
$nodeLimitation = eZPolicyLimitation::createNew($policy->attribute('id'), 'Node');
}
foreach ($selectedNodeIDList as $nodeID) {
if (!in_array($nodeID, $nodeIDList)) {
$nodeLimitationValue = eZPolicyLimitationValue::createNew($nodeLimitation->attribute('id'), $nodeID);
$node = eZContentObjectTreeNode::fetch($nodeID);
$nodeList[] = $node;
}
}
}
if ($http->hasPostVariable('SelectedNodeIDArray') and $http->postVariable('BrowseActionName') == 'FindLimitationSubtree' and !$http->hasPostVariable('BrowseCancelButton')) {
$selectedSubtreeIDList = $http->postVariable('SelectedNodeIDArray');
if ($http->hasSessionVariable('BrowsePolicyID')) {
$policy = eZPolicy::fetch($http->sessionVariable('BrowsePolicyID'));
} else {
$policy = eZPolicy::createNew($roleID, array('ModuleName' => $currentModule, 'FunctionName' => $currentFunction, 'Limitation' => ''));
$http->setSessionVariable('BrowsePolicyID', $policy->attribute('id'));
}
$subtreeLimitation = eZPolicyLimitation::fetchByIdentifier($policy->attribute('id'), 'Subtree');
if ($subtreeLimitation == null) {
$subtreeLimitation = eZPolicyLimitation::createNew($policy->attribute('id'), 'Subtree');
}
foreach ($selectedSubtreeIDList as $nodeID) {
if (!in_array($nodeID, $subtreeIDList)) {
$subtree = eZContentObjectTreeNode::fetch($nodeID);
$pathString = $subtree->attribute('path_string');
$policyLimitationValue = eZPolicyLimitationValue::createNew($subtreeLimitation->attribute('id'), $pathString);
$subtreeList[] = $subtree;
}
/**
* Saves a temporary limitation created with {@link createTemporaryCopy()}
*
* @throws Exception The policy isn't a temporary one
* @return void
*/
public function saveTemporary()
{
if ($this->attribute('original_id') === 0) {
throw new Exception(__METHOD__ . ' can only be used on a temporary policy');
}
// 1. Remove the original policy
$originalPolicy = eZPolicy::fetch($this->attribute('original_id'));
$originalPolicy->removeThis();
// 2. Remove the original ID in the temporary policy (make it final)
$this->setAttribute('original_id', 0);
$this->store();
return $this;
}
static function cleanupByNode($node)
{
// Clean up role assignments with limitations related to this object
$db = eZDB::instance();
$db->begin();
$pathString = $node->attribute('path_string');
$nodeID = $node->attribute('node_id');
$db->query("DELETE FROM ezuser_role\n WHERE limit_value LIKE '{$pathString}%' AND limit_identifier='Subtree'");
// Clean up subtree limitations related to this object
$limitationsToFix = eZPolicyLimitation::findByType('SubTree', $node->attribute('path_string'), true, true);
foreach ($limitationsToFix as $limitation) {
$values = $limitation->attribute('values');
$valueCount = count($values);
if ($valueCount > 0) {
foreach ($values as $value) {
if (strpos($value->attribute('value'), $node->attribute('path_string')) === 0) {
$value->remove();
$valueCount--;
}
}
}
if ($valueCount == 0) {
$policy = eZPolicy::fetch($limitation->attribute('policy_id'));
if (is_object($policy)) {
$policy->removeThis();
}
}
}
$limitationsToFixNode = eZPolicyLimitation::findByType('Node', $node->attribute('node_id'));
foreach ($limitationsToFixNode as $limitation) {
$values = $limitation->attribute('values');
$valueCount = count($values);
if ($valueCount > 0) {
foreach ($values as $value) {
if ($value->attribute('value') == $node->attribute('node_id')) {
$value->remove();
$valueCount--;
}
}
}
if ($valueCount == 0) {
$policy = eZPolicy::fetch($limitation->attribute('policy_id'));
if (is_object($policy)) {
$policy->removeThis();
}
}
}
eZRole::expireCache();
$db->commit();
}
function policy()
{
return eZPolicy::fetch($this->attribute('policy_id'));
}
static function checkObjectAccess($contentObject, $policyID, $userIDArray, $userLimits = false)
{
$policy = eZPolicy::fetch($policyID);
if ($userLimits) {
reset($userLimits);
$policy->setAttribute('limit_identifier', 'User_' . key($userLimits));
$policy->setAttribute('limit_value', current($userLimits));
}
$limitationArray = $policy->accessArray();
$limitationArray = current(current($limitationArray));
$accessUserIDArray = $userIDArray;
if (isset($limitationArray['*']) && $limitationArray['*'] == '*') {
$returnArray = array();
foreach ($accessUserIDArray as $userID) {
$returnArray[] = $userID;
}
return $returnArray;
}
$limitationArray = current($limitationArray);
$user = eZUser::currentUser();
$classID = $contentObject->attribute('contentclass_id');
$nodeArray = $contentObject->attribute('assigned_nodes');
if (isset($limitationArray['Subtree'])) {
$checkedSubtree = false;
} else {
$checkedSubtree = true;
$nodeSubtree = true;
}
if (isset($limitationArray['Node'])) {
$checkedNode = false;
} else {
$checkedNode = true;
$nodeLimit = true;
}
foreach (array_keys($limitationArray) as $key) {
if (count($accessUserIDArray) == 0) {
return array();
}
switch ($key) {
case 'Class':
if (!in_array($contentObject->attribute('contentclass_id'), $limitationArray[$key])) {
return array();
}
break;
case 'ParentClass':
if (!in_array($contentObject->attribute('contentclass_id'), $limitationArray[$key])) {
return array();
}
break;
case 'Section':
case 'User_Section':
if (!in_array($contentObject->attribute('section_id'), $limitationArray[$key])) {
return array();
}
break;
case 'Owner':
if (in_array($contentObject->attribute('owner_id'), $userIDArray)) {
$accessUserIDArray = array($contentObject->attribute('owner_id'));
} else {
if (in_array($contentObject->attribute('id'), $userIDArray)) {
$accessUserIDArray = array($contentObject->attribute('id'));
} else {
return array();
}
}
break;
case 'Node':
$nodeLimit = true;
foreach ($nodeArray as $node) {
if (in_array($node->attribute('node_id'), $limitationArray[$key])) {
$nodeLimit = false;
break;
}
}
if ($nodeLimit && $checkedSubtree && $nodeSubtree) {
return array();
}
$checkedNode = true;
break;
case 'Subtree':
$nodeSubtree = true;
foreach ($nodeArray as $node) {
$path = $node->attribute('path_string');
$subtreeArray = $limitationArray[$key];
$validSubstring = false;
foreach ($subtreeArray as $subtreeString) {
if (strstr($path, $subtreeString)) {
$nodeSubtree = false;
break;
}
}
if (!$nodeSubtree) {
break;
}
}
if ($nodeSubtree && $checkedNode && $nodeLimit) {
return array();
}
$checkedSubtree = true;
break;
case 'User_Subtree':
$userSubtreeLimit = true;
foreach ($nodeArray as $node) {
$path = $node->attribute('path_string');
$subtreeArray = $limitationArray[$key];
$validSubstring = false;
foreach ($subtreeArray as $subtreeString) {
if (strstr($path, $subtreeString)) {
$userSubtreeLimit = false;
break;
}
}
if (!$userSubtreeLimit) {
break;
}
}
if ($userSubtreeLimit) {
return array();
}
break;
default:
//check object state group limitation
if (strncmp($key, 'StateGroup_', 11) === 0) {
if (count(array_intersect($limitationArray[$key], $contentObject->attribute('state_id_array'))) == 0) {
return array();
}
}
}
}
$returnArray = array();
foreach ($accessUserIDArray as $userID) {
$returnArray[] = $userID;
}
return $returnArray;
}
static function removeByID($id)
{
$policy = eZPolicy::fetch($id);
if (!$policy) {
return null;
}
$policy->removeThis();
}
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of version 2.0 of the GNU General
// Public License along with this program; if not, write to the Free
// Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
// MA 02110-1301, USA.
//
//
// ## END COPYRIGHT, LICENSE AND WARRANTY NOTICE ##
//
/*! \file
*/
$Module = $Params['Module'];
$policyID = $Params["PolicyID"];
$policy = eZPolicy::fetch($policyID);
if ($policy === null) {
return $Module->handleError(eZError::KERNEL_NOT_AVAILABLE, 'kernel');
}
$currentModule = $policy->attribute('module_name');
$currentFunction = $policy->attribute('function_name');
$roleID = $policy->attribute('role_id');
$role = eZRole::fetch($roleID);
$roleName = $role->attribute('name');
$limitationValueList = $policy->limitationList();
$nodeList = array();
$subtreeList = array();
if ($currentModule == "*") {
$functions = array();
} else {
$mod = eZModule::exists($currentModule);
