public function tearDown() { eZPolicyLimitation::removeByID($this->policy->attribute('id')); eZPolicy::removeByID($this->policy->attribute('id')); $this->policy = null; parent::tearDown(); }
static function removeByValue($value, $policyID = false) { if ($policyID) { $limitationIDList = array(); $limitations = eZPolicyLimitation::fetchByPolicyID($policyID, false); foreach ($limitations as $limitationArray) { $limitationIDList[] = $limitationArray['id']; } if (count($limitationIDList) > 0) { eZPersistentObject::removeObject(eZPolicyLimitationValue::definition(), array('limitation_id' => array($limitationIDList), "value" => $value)); return; } } eZPersistentObject::removeObject(eZPolicyLimitationValue::definition(), array("value" => $value)); }
function fetchRoles($sectionID) { $policies = $roleIDs = $usedRoleIDs = $roles = $roleLimitations = array(); $limitations = eZPolicyLimitation::findByType('Section', $sectionID, true, false); foreach ($limitations as $policyEntry) { $policy = $policyEntry->policy(); $policies[] = $policy; $roleID = $policy->attribute('role_id'); $roleIDs[] = $roleID; if (!isset($roleLimitations[$roleID])) { $roleLimitations[$roleID] = array(); } $roleLimitations[$roleID][] = $policy; } foreach ($policies as $policy) { $roleID = $policy->attribute('role_id'); if (in_array($roleID, $roleIDs) && !in_array($roleID, $usedRoleIDs)) { $roles[] = $policy->attribute('role'); $usedRoleIDs[] = $roleID; } } return array('result' => array('roles' => $roles, 'limited_policies' => $roleLimitations)); }
/** * Applies the POST submitted limitations as found in the dropdowns * @param eZPolicy $policy * @param string $currentModule * @param string $currentFunction * @param array $currentFunctionLimitations * * @return bool True if limitations were found, false otherwise */ function processDropdownLimitations( &$policy, $currentModule, $currentFunction, $currentFunctionLimitations ) { $hasLimitation = false; $http = eZHTTPTool::instance(); $db = eZDB::instance(); $db->begin(); foreach ( $currentFunctionLimitations as $functionLimitation ) { if ( $http->hasPostVariable( $functionLimitation['name'] ) and $functionLimitation['name'] != 'Node' and $functionLimitation['name'] != 'Subtree' ) { $limitationValueList = $http->postVariable( $functionLimitation['name'] ); if ( !in_array('-1', $limitationValueList ) ) { $hasLimitation = true; $policyLimitation = eZPolicyLimitation::createNew( $policy->attribute( 'id' ), $functionLimitation['name'] ); foreach ( $limitationValueList as $limitationValue ) { eZPolicyLimitationValue::createNew( $policyLimitation->attribute( 'id' ), $limitationValue ); } } } } $db->commit(); return $hasLimitation; }
} } if ($http->hasPostVariable('Limitation') && count($currentFunctionLimitations) == 0) { $currentModule = $http->postVariable('CurrentModule'); $currentFunction = $http->postVariable('ModuleFunction'); eZDebugSetting::writeDebug('kernel-role-edit', $currentModule, 'currentModule'); $policy = eZPolicy::createNew($roleID, array('ModuleName' => $currentModule, 'FunctionName' => $currentFunction)); } else { $db->commit(); $currentLimitationList = array(); foreach ($currentFunctionLimitations as $currentFunctionLimitation) { $limitationName = $currentFunctionLimitation['name']; $currentLimitationList[$limitationName] = '-1'; } if (isset($policyID)) { $limitationList = eZPolicyLimitation::fetchByPolicyID($policyID); foreach ($limitationList as $limitation) { $limitationID = $limitation->attribute('id'); $limitationIdentifier = $limitation->attribute('identifier'); $limitationValues = eZPolicyLimitationValue::fetchList($limitationID); $valueList = array(); foreach ($limitationValues as $limitationValue) { $value = $limitationValue->attribute('value'); $valueList[] = $value; } $currentLimitationList[$limitationIdentifier] = $valueList; } } $tpl->setVariable('current_function', $currentFunction); $tpl->setVariable('function_limitations', $currentFunctionLimitations); $tpl->setVariable('no_limitations', $noLimitations);
function limitationList($useCache = true, $ignoreLimitIdentifier = false) { if (!isset($this->Limitations) || !$useCache) { $limitations = eZPersistentObject::fetchObjectList(eZPolicyLimitation::definition(), null, array('policy_id' => $this->attribute('id')), null, null, true); eZDebugSetting::writeDebug('kernel-policy-limitation', $limitations, "before policy limitations " . $this->ID); eZDebugSetting::writeDebug('kernel-policy-limitation', $this, "policy itself before before limitations check"); if ($ignoreLimitIdentifier === false && isset($this->LimitIdentifier) && $this->LimitIdentifier) { $limitIdentifier = $this->attribute('limit_identifier'); $limitValue = $this->attribute('limit_value'); $limitationTouched = false; $checkEmptyLimitation = true; foreach ($limitations as $limitation) { if ($limitation->attribute('identifier') == $limitIdentifier) { if ($limitIdentifier == 'Subtree') { $limitationTouched = true; $values = $limitation->attribute('values'); foreach ($values as $limitationValue) { $value = $limitationValue->attribute('value'); if (strpos($value, $limitValue) === 0) { $checkEmptyLimitation = false; eZDebugSetting::writeDebug('kernel-policy-limitation', $value, "Limitationvalue has been left in the limitation [limitValue={$limitValue}]"); } else { if (strpos($limitValue, $value) === 0) { $checkEmptyLimitation = false; $limitationValue->setAttribute('value', $limitValue); eZDebugSetting::writeDebug('kernel-policy-limitation', $value, "Limitationvalue has been exchanged to the value from cond assignment [limitValue={$limitValue}]"); } else { eZDebugSetting::writeDebug('kernel-policy-limitation', $value, "Limitationvalue has been removed from limitation [limitValue={$limitValue}]"); //exlude limitation value from limitation.. unset($limitationValue); } } } if ($checkEmptyLimitation) { eZDebugSetting::writeDebug('kernel-policy-limitation', $this, 'The policy has been disabled'); $this->Disabled = true; $this->Limitations = array(); return $this->Limitations; } } } } if (!$limitationTouched) { $policyLimitation = new eZPolicyLimitation(array('id' => -1, 'policy_id' => $this->attribute('id'), 'identifier' => $this->attribute('limit_identifier'))); $policyLimitation->setAttribute('limit_value', $this->attribute('limit_value')); $limitations[] = $policyLimitation; } } eZDebugSetting::writeDebug('kernel-policy-limitation', $limitations, "policy limitations " . $this->ID); $this->Limitations = $limitations; } return $this->Limitations; }
function move($newParentNodeID, $nodeID = 0) { if ($nodeID == 0) { $node = $this; $nodeID = $node->attribute('node_id'); } else { $node = eZContentObjectTreeNode::fetch($nodeID); } $oldPath = $node->attribute('path_string'); $oldParentNodeID = $node->attribute('parent_node_id'); $newParentNodeID = (int) $newParentNodeID; if ($oldParentNodeID != $newParentNodeID) { $node->updateAndStoreModified(); // Who moves which content should be logged. $object = $node->object(); eZAudit::writeAudit('content-move', array('Node ID' => $node->attribute('node_id'), 'Old parent node ID' => $oldParentNodeID, 'New parent node ID' => $newParentNodeID, 'Object ID' => $object->attribute('id'), 'Content Name' => $object->attribute('name'), 'Comment' => 'Moved the node to the given node: eZContentObjectTreeNode::move()')); $newParentNode = eZContentObjectTreeNode::fetch($newParentNodeID); $newParentPath = $newParentNode->attribute('path_string'); $newParentDepth = $newParentNode->attribute('depth'); $newPath = $newParentPath . $nodeID; $oldDepth = $node->attribute('depth'); $oldPathLength = strlen($oldPath); $moveQuery = "UPDATE\n ezcontentobject_tree\n SET\n parent_node_id = {$newParentNodeID}\n WHERE\n node_id = {$nodeID}"; $db = eZDB::instance(); $subStringString = $db->subString('path_string', $oldPathLength); $newPathString = $db->concatString(array("'{$newPath}'", $subStringString)); $moveQuery1 = "UPDATE\n ezcontentobject_tree\n SET\n path_identification_string = " . $db->concatString(array("'" . $db->escapeString($newParentNode->PathIdentificationString) . "'", $db->subString("path_identification_string", mb_strlen($node->PathIdentificationString) + 1))) . ",\n path_string = {$newPathString},\n depth = depth + {$newParentDepth} - {$oldDepth} + 1\n WHERE\n path_string LIKE '{$oldPath}%'"; $db->begin(); $db->query($moveQuery); $db->query($moveQuery1); /// role system clean up // Clean up policies and limitations $expireRoleCache = false; $limitationsToFix = eZPolicyLimitation::findByType('SubTree', $node->attribute('path_string'), false); if (count($limitationsToFix) > 0) { $limitationIDString = $db->generateSQLINStatement($limitationsToFix, 'limitation_id'); $subStringString = $db->subString('value', $oldPathLength); $newValue = $db->concatString(array("'{$newPath}'", $subStringString)); $query = "UPDATE\n ezpolicy_limitation_value\n SET\n value = {$newValue}\n WHERE\n value LIKE '{$oldPath}%' AND {$limitationIDString}"; $db->query($query); $expireRoleCache = true; } // clean up limitations on role assignment level $countRows = $db->arrayQuery("SELECT COUNT(*) AS row_count FROM ezuser_role WHERE limit_identifier='Subtree' AND limit_value LIKE '{$oldPath}%'"); $assignmentsToFixCount = $countRows[0]['row_count']; if ($assignmentsToFixCount > 0) { $subStringString = $db->subString('limit_value', $oldPathLength); $newValue = $db->concatString(array("'{$newPath}'", $subStringString)); $db->query("UPDATE\n ezuser_role\n SET\n limit_value = {$newValue}\n WHERE\n limit_identifier='Subtree' AND limit_value LIKE '{$oldPath}%'"); $expireRoleCache = true; } if ($expireRoleCache) { eZRole::expireCache(); } // Update "is_invisible" node attribute. $newNode = eZContentObjectTreeNode::fetch($nodeID); eZContentObjectTreeNode::updateNodeVisibility($newNode, $newParentNode); $db->commit(); } }
/** * Fetch policy list * Used by fetch( 'user', 'user_role', hash( 'user_id', $id ) ) template function. * * @param int $id User id or normal content object id in case of none user object (user group) * @return array(string=>array) */ function fetchUserRole($id) { $user = eZUser::fetch($id); if ($user instanceof eZUser) { $roleList = $user->roles(); } else { // user group or other non user classes: $roleList = eZRole::fetchByUser(array($id), true); } $accessArray = array(); foreach (array_keys($roleList) as $roleKey) { $role = $roleList[$roleKey]; $accessArray = array_merge_recursive($accessArray, $role->accessArray(true)); } $resultArray = array(); foreach ($accessArray as $moduleKey => $module) { $moduleName = $moduleKey; if ($moduleName != '*') { foreach ($module as $functionKey => $function) { $functionName = $functionKey; if ($functionName != '*') { $hasLimitation = true; foreach ($function as $limitationKey) { if ($limitationKey == '*') { $hasLimitation = false; $limitationValue = '*'; $resultArray[] = array('moduleName' => $moduleName, 'functionName' => $functionName, 'limitation' => $limitationValue); } } if ($hasLimitation) { foreach ($function as $limitationKey => $limitation) { if ($limitationKey !== '*') { $policyID = str_replace('p_', '', $limitationKey); $userRoleIdSeperator = strpos($policyID, '_'); if ($userRoleIdSeperator !== false) { $policyID = substr($policyID, 0, $userRoleIdSeperator); } $limitationValue = eZPolicyLimitation::fetchByPolicyID($policyID); $resultArray[] = array('moduleName' => $moduleName, 'functionName' => $functionName, 'limitation' => $limitationValue); } else { $limitationValue = '*'; $resultArray[] = array('moduleName' => $moduleName, 'functionName' => $functionName, 'limitation' => $limitationValue); break; } } } } else { $limitationValue = '*'; $resultArray[] = array('moduleName' => $moduleName, 'functionName' => $functionName, 'limitation' => $limitationValue); break; } } } else { $functionName = '*'; $resultArray[] = array('moduleName' => '*', 'functionName' => $functionName, 'limitation' => '*'); break; } } return array('result' => $resultArray); }
function canBeRemoved($sectionID = false) { if ($sectionID === false) { $sectionID = $this->attribute('id'); } $objects = eZPersistentObject::fetchObjectList(eZContentObject::definition(), null, array('section_id' => $sectionID)); $limitations = eZPolicyLimitation::findByType('Section', $sectionID, true, false); $userRoles = eZRole::fetchRolesByLimitation('section', $sectionID); if (count($objects) > 0 or count($limitations) > 0 or count($userRoles) > 0) { return false; } else { return true; } }
static function cleanupByNode($node) { // Clean up role assignments with limitations related to this object $db = eZDB::instance(); $db->begin(); $pathString = $node->attribute('path_string'); $nodeID = $node->attribute('node_id'); $db->query("DELETE FROM ezuser_role\n WHERE limit_value LIKE '{$pathString}%' AND limit_identifier='Subtree'"); // Clean up subtree limitations related to this object $limitationsToFix = eZPolicyLimitation::findByType('SubTree', $node->attribute('path_string'), true, true); foreach ($limitationsToFix as $limitation) { $values = $limitation->attribute('values'); $valueCount = count($values); if ($valueCount > 0) { foreach ($values as $value) { if (strpos($value->attribute('value'), $node->attribute('path_string')) === 0) { $value->remove(); $valueCount--; } } } if ($valueCount == 0) { $policy = eZPolicy::fetch($limitation->attribute('policy_id')); if (is_object($policy)) { $policy->removeThis(); } } } $limitationsToFixNode = eZPolicyLimitation::findByType('Node', $node->attribute('node_id')); foreach ($limitationsToFixNode as $limitation) { $values = $limitation->attribute('values'); $valueCount = count($values); if ($valueCount > 0) { foreach ($values as $value) { if ($value->attribute('value') == $node->attribute('node_id')) { $value->remove(); $valueCount--; } } } if ($valueCount == 0) { $policy = eZPolicy::fetch($limitation->attribute('policy_id')); if (is_object($policy)) { $policy->removeThis(); } } } eZRole::expireCache(); $db->commit(); }
function removeThis() { eZPolicyLimitation::removeByID($this->attribute('id')); }