protected function internalFulfilled(kScope $scope) { $partner = PartnerPeer::retrieveByPK(kCurrentContext::$ks_partner_id); $roleIds = kPermissionManager::getRoleIds($partner, kCurrentContext::getCurrentKsKuser()); $conditionRoleIds = array_map('trim', explode(',', $this->roleIds)); if (!is_array($roleIds)) { $roleIds = array(); } foreach ($roleIds as $roleId) { if (!in_array($roleId, $conditionRoleIds)) { return false; } } return true; }
/** * @action exportToCsv * @param KalturaLiveReportExportType $reportType * @param KalturaLiveReportExportParams $params * @return KalturaLiveReportExportResponse */ public function exportToCsvAction($reportType, KalturaLiveReportExportParams $params) { if (!$params->recpientEmail) { $kuser = kCurrentContext::getCurrentKsKuser(); if ($kuser) { $params->recpientEmail = $kuser->getEmail(); } else { $partnerId = kCurrentContext::getCurrentPartnerId(); $partner = PartnerPeer::retrieveByPK($partnerId); $params->recpientEmail = $partner->getAdminEmail(); } } // Validate input if ($params->entryIds) { $entryIds = explode(",", $params->entryIds); $entries = entryPeer::retrieveByPKs($entryIds); if (count($entryIds) != count($entries)) { throw new KalturaAPIException(KalturaErrors::ENTRY_ID_NOT_FOUND, $params->entryIds); } } $dbBatchJob = kJobsManager::addExportLiveReportJob($reportType, $params); $res = new KalturaLiveReportExportResponse(); $res->referenceJobId = $dbBatchJob->getId(); $res->reportEmail = $params->recpientEmail; return $res; }
/** * Return all categories kuser is entitled to view the content. * (User may call category->get to view a category - but not to view its content) * * @param int $kuserId * @param int $limit * @return array<category> */ public static function retrieveEntitledAndNonIndexedByKuser($kuserId, $limit) { $partnerId = kCurrentContext::$partner_id ? kCurrentContext::$partner_id : kCurrentContext::$ks_partner_id; $partner = PartnerPeer::retrieveByPK($partnerId); $categoryGroupSize = kConf::get('max_number_of_memebrs_to_be_indexed_on_entry'); if ($partner && $partner->getCategoryGroupSize()) { $categoryGroupSize = $partner->getCategoryGroupSize(); } $c = KalturaCriteria::create(categoryPeer::OM_CLASS); $filteredCategoriesIds = entryPeer::getFilterdCategoriesIds(); if (count($filteredCategoriesIds)) { $c->addAnd(categoryPeer::ID, $filteredCategoriesIds, Criteria::IN); } $membersCountCrit = $c->getNewCriterion(categoryPeer::MEMBERS_COUNT, $categoryGroupSize, Criteria::GREATER_THAN); $membersCountCrit->addOr($c->getNewCriterion(categoryPeer::ENTRIES_COUNT, kConf::get('category_entries_count_limit_to_be_indexed'), Criteria::GREATER_THAN)); $c->addAnd($membersCountCrit); $c->setLimit($limit); $c->addDescendingOrderByColumn(categoryPeer::UPDATED_AT); //all fields needed from default criteria //here we cannot use the default criteria, as we need to get all categories user is entitled to view the content. //not deleted or purged $c->add(self::STATUS, array(CategoryStatus::DELETED, CategoryStatus::PURGED), Criteria::NOT_IN); $c->add(self::PARTNER_ID, $partnerId, Criteria::EQUAL); //add privacy context $privacyContextCrit = $c->getNewCriterion(self::PRIVACY_CONTEXTS, kEntitlementUtils::getKsPrivacyContext(), KalturaCriteria::IN_LIKE); $privacyContextCrit->addTag(KalturaCriterion::TAG_ENTITLEMENT_CATEGORY); $c->addAnd($privacyContextCrit); //set privacy by ks and type $crit = $c->getNewCriterion(self::PRIVACY, kEntitlementUtils::getPrivacyForKs($partnerId), Criteria::IN); $crit->addTag(KalturaCriterion::TAG_ENTITLEMENT_CATEGORY); //user is entitled to view all cantent that belong to categoires he is a membr of $kuser = null; $ksString = kCurrentContext::$ks ? kCurrentContext::$ks : ''; if ($ksString != '') { $kuser = kCurrentContext::getCurrentKsKuser(); } if ($kuser) { // get the groups that the user belongs to in case she is not associated to the category directly $kgroupIds = KuserKgroupPeer::retrieveKgroupIdsByKuserId($kuser->getId()); $kgroupIds[] = $kuser->getId(); $membersCrit = $c->getNewCriterion(self::MEMBERS, $kgroupIds, KalturaCriteria::IN_LIKE); $membersCrit->addTag(KalturaCriterion::TAG_ENTITLEMENT_CATEGORY); $crit->addOr($membersCrit); } $c->addAnd($crit); $c->applyFilters(); $categoryIds = $c->getFetchedIds(); return $categoryIds; }
/** * Init with allowed permissions for the user in the given KS or kCurrentContext if not KS given * kCurrentContext::init should have been executed before! * @param string $ks KS to extract user and partner IDs from instead of kCurrentContext * @param boolean $useCache use cache or not * @throws TODO: add all exceptions */ public static function init($useCache = null) { $securityContext = array(kCurrentContext::$partner_id, kCurrentContext::$ks); if ($securityContext === self::$lastInitializedContext) { KalturaLog::log('Already initalized for this security context'); self::$cacheWatcher->apply(); return; } // verify that kCurrentContext::init has been executed since it must be used to init current context permissions if (!kCurrentContext::$ksPartnerUserInitialized) { KalturaLog::crit('kCurrentContext::initKsPartnerUser must be executed before initializing kPermissionManager'); throw new Exception('kCurrentContext has not been initialized!', null); } // can be initialized more than once to support multirequest with different kCurrentContext parameters self::$lastInitializedContext = null; self::$cacheWatcher = new kApiCacheWatcher(); self::$useCache = $useCache ? true : false; // copy kCurrentContext parameters (kCurrentContext::init should have been executed before) self::$requestedPartnerId = !self::isEmpty(kCurrentContext::$partner_id) ? kCurrentContext::$partner_id : null; self::$ksPartnerId = !self::isEmpty(kCurrentContext::$ks_partner_id) ? kCurrentContext::$ks_partner_id : null; if (self::$ksPartnerId == Partner::ADMIN_CONSOLE_PARTNER_ID && kConf::hasParam('admin_console_partner_allowed_ips')) { $ipAllowed = false; $ipRanges = explode(',', kConf::get('admin_console_partner_allowed_ips')); foreach ($ipRanges as $curRange) { if (kIpAddressUtils::isIpInRange($_SERVER['REMOTE_ADDR'], $curRange)) { $ipAllowed = true; break; } } if (!$ipAllowed) { throw new kCoreException("Admin console partner used from an unallowed address", kCoreException::PARTNER_BLOCKED); } } self::$ksUserId = !self::isEmpty(kCurrentContext::$ks_uid) ? kCurrentContext::$ks_uid : null; if (self::$ksPartnerId != Partner::BATCH_PARTNER_ID) { self::$kuser = !self::isEmpty(kCurrentContext::getCurrentKsKuser()) ? kCurrentContext::getCurrentKsKuser() : null; } self::$ksString = kCurrentContext::$ks ? kCurrentContext::$ks : null; self::$adminSession = !self::isEmpty(kCurrentContext::$is_admin_session) ? kCurrentContext::$is_admin_session : false; // if ks defined - check that it is valid self::errorIfKsNotValid(); // init partner, user, and role objects self::initPartnerUserObjects(); // throw an error if KS partner (operating partner) is blocked self::errorIfPartnerBlocked(); //throw an error if KS user is blocked self::errorIfUserBlocked(); // init role ids self::initRoleIds(); // init permissions map self::initPermissionsMap(); // initialization done self::$lastInitializedContext = $securityContext; self::$cacheWatcher->stop(); return true; }
public function toInsertableObject($object_to_fill = null, $props_to_skip = array()) { $hasPrivacyContext = false; if ($this->privacyContext) { $hasPrivacyContext = true; } elseif ($this->parentId != null) { $parentCategory = categoryPeer::retrieveByPK($this->parentId); if (!$parentCategory) { throw new KalturaAPIException(KalturaErrors::CATEGORY_NOT_FOUND, $this->parentId); } if ($parentCategory->getPrivacyContexts()) { $hasPrivacyContext = true; } } if ($hasPrivacyContext) { if (!$this->owner && $this->inheritanceType != KalturaInheritanceType::INHERIT) { if (kCurrentContext::getCurrentKsKuser()) { $this->owner = kCurrentContext::getCurrentKsKuser()->getPuserId(); } } } return parent::toInsertableObject($object_to_fill, $props_to_skip); }
public static function getCurrentKsKuserId() { if (!is_null(kCurrentContext::$ks_kuser_id)) { return kCurrentContext::$ks_kuser_id; } $ksKuser = kCurrentContext::getCurrentKsKuser(false); if ($ksKuser) { kCurrentContext::$ks_kuser_id = $ksKuser->getId(); } else { kCurrentContext::$ks_kuser_id = 0; } return kCurrentContext::$ks_kuser_id; }