public function setCurrentUserReference(APIUserReference $userReference)
 {
     $id = $userReference->getUserId();
     if (!$id) {
         throw new InvalidArgumentValue('$user->getUserId()', $id);
     }
     $this->currentUserRef = $userReference;
 }
 /**
  * Builds ContentType update struct for storage layer.
  *
  * @param \eZ\Publish\API\Repository\Values\ContentType\ContentTypeDraft $contentTypeDraft
  * @param \eZ\Publish\API\Repository\Values\ContentType\ContentTypeUpdateStruct $contentTypeUpdateStruct
  * @param \eZ\Publish\API\Repository\Values\User\UserReference $user
  *
  * @return \eZ\Publish\SPI\Persistence\Content\Type\UpdateStruct
  */
 public function buildSPIContentTypeUpdateStruct(APIContentTypeDraft $contentTypeDraft, APIContentTypeUpdateStruct $contentTypeUpdateStruct, APIUserReference $user)
 {
     $updateStruct = new SPIContentTypeUpdateStruct();
     $updateStruct->identifier = $contentTypeUpdateStruct->identifier !== null ? $contentTypeUpdateStruct->identifier : $contentTypeDraft->identifier;
     $updateStruct->remoteId = $contentTypeUpdateStruct->remoteId !== null ? $contentTypeUpdateStruct->remoteId : $contentTypeDraft->remoteId;
     $updateStruct->name = $contentTypeUpdateStruct->names !== null ? $contentTypeUpdateStruct->names : $contentTypeDraft->names;
     $updateStruct->description = $contentTypeUpdateStruct->descriptions !== null ? $contentTypeUpdateStruct->descriptions : $contentTypeDraft->descriptions;
     $updateStruct->modified = $contentTypeUpdateStruct->modificationDate !== null ? $contentTypeUpdateStruct->modificationDate->getTimestamp() : time();
     $updateStruct->modifierId = $contentTypeUpdateStruct->modifierId !== null ? $contentTypeUpdateStruct->modifierId : $user->getUserId();
     $updateStruct->urlAliasSchema = $contentTypeUpdateStruct->urlAliasSchema !== null ? $contentTypeUpdateStruct->urlAliasSchema : $contentTypeDraft->urlAliasSchema;
     $updateStruct->nameSchema = $contentTypeUpdateStruct->nameSchema !== null ? $contentTypeUpdateStruct->nameSchema : $contentTypeDraft->nameSchema;
     $updateStruct->isContainer = $contentTypeUpdateStruct->isContainer !== null ? $contentTypeUpdateStruct->isContainer : $contentTypeDraft->isContainer;
     $updateStruct->sortField = $contentTypeUpdateStruct->defaultSortField !== null ? $contentTypeUpdateStruct->defaultSortField : $contentTypeDraft->defaultSortField;
     $updateStruct->sortOrder = $contentTypeUpdateStruct->defaultSortOrder !== null ? (int) $contentTypeUpdateStruct->defaultSortOrder : $contentTypeDraft->defaultSortOrder;
     $updateStruct->defaultAlwaysAvailable = $contentTypeUpdateStruct->defaultAlwaysAvailable !== null ? $contentTypeUpdateStruct->defaultAlwaysAvailable : $contentTypeDraft->defaultAlwaysAvailable;
     $updateStruct->initialLanguageId = $this->contentLanguageHandler->loadByLanguageCode($contentTypeUpdateStruct->mainLanguageCode !== null ? $contentTypeUpdateStruct->mainLanguageCode : $contentTypeDraft->mainLanguageCode)->id;
     return $updateStruct;
 }
 /**
  * Evaluate permission against content & target(placement/parent/assignment).
  *
  * @throws \eZ\Publish\API\Repository\Exceptions\InvalidArgumentException If any of the arguments are invalid
  *         Example: If LimitationValue is instance of ContentTypeLimitationValue, and Type is SectionLimitationType.
  * @throws \eZ\Publish\API\Repository\Exceptions\BadStateException If value of the LimitationValue is unsupported
  *         Example if OwnerLimitationValue->limitationValues[0] is not one of: [ 1,  2 ]
  *
  * @param \eZ\Publish\API\Repository\Values\User\Limitation $value
  * @param \eZ\Publish\API\Repository\Values\User\UserReference $currentUser
  * @param \eZ\Publish\API\Repository\Values\ValueObject $object
  * @param \eZ\Publish\API\Repository\Values\ValueObject[]|null $targets The context of the $object, like Location of Content, if null none where provided by caller
  *
  * @return bool
  */
 public function evaluate(APILimitationValue $value, APIUserReference $currentUser, ValueObject $object, array $targets = null)
 {
     if (!$value instanceof APIParentUserGroupLimitation) {
         throw new InvalidArgumentException('$value', 'Must be of type: APIParentUserGroupLimitation');
     }
     if ($value->limitationValues[0] != 1) {
         throw new BadStateException('Parent User Group limitation', 'expected limitation value to be 1 but got:' . $value->limitationValues[0]);
     }
     // Parent Limitations are usually used by content/create where target is specified, so we return false if not provided.
     if (empty($targets)) {
         return false;
     }
     $locationHandler = $this->persistence->locationHandler();
     $currentUserLocations = $locationHandler->loadLocationsByContent($currentUser->getUserId());
     if (empty($currentUserLocations)) {
         return false;
     }
     foreach ($targets as $target) {
         if ($target instanceof LocationCreateStruct) {
             $target = $locationHandler->load($target->parentLocationId);
         }
         if ($target instanceof Location) {
             // $target is assumed to be parent in this case
             $parentOwnerId = $target->getContentInfo()->ownerId;
         } elseif ($target instanceof SPILocation) {
             // $target is assumed to be parent in this case
             $spiContentInfo = $this->persistence->contentHandler()->loadContentInfo($target->contentId);
             $parentOwnerId = $spiContentInfo->ownerId;
         } else {
             throw new InvalidArgumentException('$targets', 'Must contain objects of type: Location or LocationCreateStruct');
         }
         if ($parentOwnerId === $currentUser->getUserId()) {
             continue;
         }
         /*
          * As long as SPI userHandler and API UserService does not speak the same language, this is the ugly truth;
          */
         $locationHandler = $this->persistence->locationHandler();
         $parentOwnerLocations = $locationHandler->loadLocationsByContent($parentOwnerId);
         if (empty($parentOwnerLocations)) {
             return false;
         }
         foreach ($parentOwnerLocations as $parentOwnerLocation) {
             foreach ($currentUserLocations as $currentUserLocation) {
                 if ($parentOwnerLocation->parentId === $currentUserLocation->parentId) {
                     continue 3;
                 }
             }
         }
         return false;
     }
     return true;
 }
 /**
  * Sets the current user to the given $user.
  *
  * @param \eZ\Publish\API\Repository\Values\User\UserReference $user
  *
  * @return void
  */
 public function setCurrentUser(UserReference $user)
 {
     $this->currentUser = $user;
     $this->authenticator->setUserId($user->getUserId());
 }
 /**
  * Evaluate permission against content & target(placement/parent/assignment).
  *
  * @throws \eZ\Publish\API\Repository\Exceptions\InvalidArgumentException If any of the arguments are invalid
  *         Example: If LimitationValue is instance of ContentTypeLimitationValue, and Type is SectionLimitationType.
  * @throws \eZ\Publish\API\Repository\Exceptions\BadStateException If value of the LimitationValue is unsupported
  *         Example if OwnerLimitationValue->limitationValues[0] is not one of: [ 1,  2 ]
  *
  * @param \eZ\Publish\API\Repository\Values\User\Limitation $value
  * @param \eZ\Publish\API\Repository\Values\User\UserReference $currentUser
  * @param \eZ\Publish\API\Repository\Values\ValueObject $object
  * @param \eZ\Publish\API\Repository\Values\ValueObject[]|null $targets The context of the $object, like Location of Content, if null none where provided by caller
  *
  * @return bool
  *
  * @todo Add support for $limitationValues[0] == 2 when session values can be injected somehow
  */
 public function evaluate(APILimitationValue $value, APIUserReference $currentUser, ValueObject $object, array $targets = null)
 {
     if (!$value instanceof APIParentOwnerLimitation) {
         throw new InvalidArgumentException('$value', 'Must be of type: APIParentOwnerLimitation');
     }
     if ($value->limitationValues[0] != 1 && $value->limitationValues[0] != 2) {
         throw new BadStateException('Parent Owner limitation', 'expected limitation value to be 1 or 2 but got:' . $value->limitationValues[0]);
     }
     // Parent Limitations are usually used by content/create where target is specified, so we return false if not provided.
     if (empty($targets)) {
         return false;
     }
     foreach ($targets as $target) {
         if ($target instanceof LocationCreateStruct) {
             $target = $this->persistence->locationHandler()->load($target->parentLocationId);
         }
         if ($target instanceof Location) {
             $targetContentInfo = $target->getContentInfo();
         } elseif ($target instanceof SPILocation) {
             $targetContentInfo = $this->persistence->contentHandler()->loadContentInfo($target->contentId);
         } else {
             throw new InvalidArgumentException('$targets', 'Must contain objects of type: Location or LocationCreateStruct');
         }
         $userId = $currentUser->getUserId();
         $isOwner = $targetContentInfo->ownerId === $userId;
         $isSelf = $targetContentInfo->id === $userId;
         if (!($isOwner || $isSelf)) {
             return false;
         }
     }
     return true;
 }
 /**
  * Returns Criterion for use in find() query.
  *
  * @param \eZ\Publish\API\Repository\Values\User\Limitation $value
  * @param \eZ\Publish\API\Repository\Values\User\UserReference $currentUser
  *
  * @return \eZ\Publish\API\Repository\Values\Content\Query\CriterionInterface
  *
  * @todo Add support for $limitationValues[0] == 2 when session values can be injected somehow, or deprecate
  */
 public function getCriterion(APILimitationValue $value, APIUserReference $currentUser)
 {
     if (empty($value->limitationValues)) {
         // no limitation values
         throw new \RuntimeException('$value->limitationValues is empty, it should not have been stored in the first place');
     }
     if ($value->limitationValues[0] != 1 && $value->limitationValues[0] != 2) {
         throw new BadStateException('Parent User Group limitation', 'expected limitation value to be 1 but got:' . $value->limitationValues[0]);
     }
     return new Criterion\UserMetadata(Criterion\UserMetadata::OWNER, Criterion\Operator::EQ, $currentUser->getUserId());
 }
示例#7
0
 /**
  * Sets the current user to the given $user.
  *
  * @param \eZ\Publish\API\Repository\Values\User\UserReference $user
  *
  * @throws InvalidArgumentValue If UserReference does not contain a id
  */
 public function setCurrentUser(APIUserReference $user)
 {
     $id = $user->getUserId();
     if (!$id) {
         throw new InvalidArgumentValue('$user->getUserId()', $id);
     }
     if ($user instanceof User) {
         $this->currentUser = $user;
         $this->currentUserRef = new UserReference($id);
     } else {
         $this->currentUser = null;
         $this->currentUserRef = $user;
     }
 }
 /**
  * Returns Criterion for use in find() query.
  *
  * @param \eZ\Publish\API\Repository\Values\User\Limitation $value
  * @param \eZ\Publish\API\Repository\Values\User\UserReference $currentUser
  *
  * @return \eZ\Publish\API\Repository\Values\Content\Query\CriterionInterface
  */
 public function getCriterion(APILimitationValue $value, APIUserReference $currentUser)
 {
     if (empty($value->limitationValues)) {
         // no limitation values
         throw new \RuntimeException('$value->limitationValues is empty, it should not have been stored in the first place');
     }
     if ($value->limitationValues[0] != 1) {
         throw new BadStateException('Parent User Group limitation', 'expected limitation value to be 1 but got:' . $value->limitationValues[0]);
     }
     $groupIds = array();
     $currentUserLocations = $this->persistence->locationHandler()->loadLocationsByContent($currentUser->getUserId());
     if (!empty($currentUserLocations)) {
         foreach ($currentUserLocations as $currentUserLocation) {
             $groupIds[] = $currentUserLocation->parentId;
         }
     }
     return new Criterion\UserMetadata(Criterion\UserMetadata::GROUP, Criterion\Operator::IN, $groupIds);
 }