/** * Returns the vote for the given parameters. * * This method must return one of the following constants: * ACCESS_GRANTED, ACCESS_DENIED, or ACCESS_ABSTAIN. * * @param TokenInterface $token A TokenInterface instance * @param object $object The object to secure * @param array $attributes An array of attributes associated with the method being invoked * * @return integer either ACCESS_GRANTED, ACCESS_ABSTAIN, or ACCESS_DENIED */ public function vote(TokenInterface $token, $object, array $attributes) { foreach ($attributes as $attribute) { if ($this->supportsAttribute($attribute)) { if ($this->repository->hasAccess($attribute->module, $attribute->function) === false) { return VoterInterface::ACCESS_DENIED; } return VoterInterface::ACCESS_GRANTED; } } return VoterInterface::ACCESS_ABSTAIN; }
/** * Publish the content type and update content objects. * * This method updates content objects, depending on the changed field definitions. * * @throws \eZ\Publish\API\Repository\Exceptions\BadStateException If the content type has no draft * @throws \eZ\Publish\API\Repository\Exceptions\InvalidArgumentException If the content type has no field definitions * @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the user is not allowed to publish a content type * * @param \eZ\Publish\API\Repository\Values\ContentType\ContentTypeDraft $contentTypeDraft */ public function publishContentTypeDraft(APIContentTypeDraft $contentTypeDraft) { if ($this->repository->hasAccess('class', 'update') !== true) { throw new UnauthorizedException('ContentType', 'update'); } try { $loadedContentTypeDraft = $this->loadContentTypeDraft($contentTypeDraft->id); } catch (APINotFoundException $e) { throw new BadStateException("\$contentTypeDraft", "The content type does not have a draft.", $e); } if (count($loadedContentTypeDraft->getFieldDefinitions()) === 0) { throw new InvalidArgumentException("\$contentTypeDraft", "The content type draft should have at least one field definition."); } $this->repository->beginTransaction(); try { if (empty($loadedContentTypeDraft->nameSchema)) { $fieldDefinitions = $loadedContentTypeDraft->getFieldDefinitions(); $this->contentTypeHandler->update($contentTypeDraft->id, $contentTypeDraft->status, $this->buildSPIContentTypeUpdateStruct($loadedContentTypeDraft, new ContentTypeUpdateStruct(array("nameSchema" => "<" . $fieldDefinitions[0]->identifier . ">")))); } $this->contentTypeHandler->publish($loadedContentTypeDraft->id); $this->repository->commit(); } catch (Exception $e) { $this->repository->rollback(); throw $e; } }
/** * Checks if user has access to specified module and function. * * @param string $module The module, aka controller identifier to check permissions on * @param string $function The function, aka the controller action to check permissions on * @param \eZ\Publish\API\Repository\Values\User\User $user * * @return bool|array if limitations are on this function an array of limitations is returned */ public function hasAccess($module, $function, User $user = null) { // Full access if sudo nesting level is set by sudo method if ($this->sudoNestingLevel > 0) { return true; } return $this->repository->hasAccess($module, $function, $user); }
/** * Loads a Section from its identifier ($sectionIdentifier) * * @throws \eZ\Publish\API\Repository\Exceptions\NotFoundException if section could not be found * @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException If the current user user is not allowed to read a section * * @param string $sectionIdentifier * * @return \eZ\Publish\API\Repository\Values\Content\Section */ public function loadSectionByIdentifier($sectionIdentifier) { if (!is_string($sectionIdentifier) || empty($sectionIdentifier)) { throw new InvalidArgumentValue("sectionIdentifier", $sectionIdentifier); } if ($this->repository->hasAccess('section', 'view') !== true) { throw new UnauthorizedException('section', 'view'); } $spiSection = $this->sectionHandler->loadByIdentifier($sectionIdentifier); return $this->buildDomainSectionObject($spiSection); }
/** * Returns the roles assigned to the given user group * * @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the authenticated user is not allowed to read a role * * @param \eZ\Publish\API\Repository\Values\User\UserGroup $userGroup * * @return \eZ\Publish\API\Repository\Values\User\UserGroupRoleAssignment[] */ public function getRoleAssignmentsForUserGroup(UserGroup $userGroup) { if ($this->repository->hasAccess('role', 'read') !== true) { throw new UnauthorizedException('role', 'read'); } $roleAssignments = array(); $spiRoleAssignments = $this->userHandler->loadRoleAssignmentsByGroupId($userGroup->id); foreach ($spiRoleAssignments as $spiRoleAssignment) { $roleAssignments[] = $this->buildDomainUserGroupRoleAssignmentObject($spiRoleAssignment, $userGroup); } return $roleAssignments; }
/** * removes an url wildcard. * * @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the user is not allowed to remove url wildcards * * @param \eZ\Publish\API\Repository\Values\Content\UrlWildcard $urlWildcard the url wildcard to remove */ public function remove(URLWildcard $urlWildcard) { if ($this->repository->hasAccess('content', 'urltranslator') !== true) { throw new UnauthorizedException('content', 'urltranslator'); } $this->repository->beginTransaction(); try { $this->urlWildcardHandler->remove($urlWildcard->id); $this->repository->commit(); } catch (Exception $e) { $this->repository->rollback(); throw $e; } }
/** * Deletes a object state. The state of the content objects is reset to the * first object state in the group. * * @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the user is not allowed to delete an object state * * @param \eZ\Publish\API\Repository\Values\ObjectState\ObjectState $objectState */ public function deleteObjectState(APIObjectState $objectState) { if ($this->repository->hasAccess('state', 'administrate') !== true) { throw new UnauthorizedException('state', 'administrate'); } $loadedObjectState = $this->loadObjectState($objectState->id); $this->repository->beginTransaction(); try { $this->objectStateHandler->delete($loadedObjectState->id); $this->repository->commit(); } catch (Exception $e) { $this->repository->rollback(); throw $e; } }
/** * Deletes a trash item. * * The corresponding content object will be removed * * @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the user is not allowed to delete this trash item * * @param \eZ\Publish\API\Repository\Values\Content\TrashItem $trashItem */ public function deleteTrashItem(APITrashItem $trashItem) { if ($this->repository->hasAccess('content', 'cleantrash') !== true) { throw new UnauthorizedException('content', 'cleantrash'); } if (!is_numeric($trashItem->id)) { throw new InvalidArgumentValue("id", $trashItem->id, "TrashItem"); } $this->repository->beginTransaction(); try { $this->persistenceHandler->trashHandler()->deleteTrashItem($trashItem->id); $this->repository->commit(); } catch (Exception $e) { $this->repository->rollback(); throw $e; } }
/** * Deletes a language from content repository * * @throws \eZ\Publish\API\Repository\Exceptions\InvalidArgumentException * if language can not be deleted * because it is still assigned to some content / type / (...). * @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException If user does not have access to content translations * * @param \eZ\Publish\API\Repository\Values\Content\Language $language */ public function deleteLanguage(Language $language) { if ($this->repository->hasAccess('content', 'translations') !== true) { throw new UnauthorizedException('content', 'translations'); } $loadedLanguage = $this->loadLanguageById($language->id); $this->repository->beginTransaction(); try { $this->languageHandler->delete($loadedLanguage->id); $this->repository->commit(); } catch (LogicException $e) { $this->repository->rollback(); throw new InvalidArgumentException("language", $e->getMessage(), $e); } catch (Exception $e) { $this->repository->rollback(); throw $e; } }
/** * Deletes $tag and all its descendants and synonyms. * * If $tag is a synonym, only the synonym is deleted * * @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException If the current user is not allowed to delete this tag * @throws \eZ\Publish\API\Repository\Exceptions\NotFoundException If the specified tag is not found * * @param \Netgen\TagsBundle\API\Repository\Values\Tags\Tag $tag */ public function deleteTag(Tag $tag) { if ($tag->mainTagId > 0) { if ($this->repository->hasAccess('tags', 'deletesynonym') !== true) { throw new UnauthorizedException('tags', 'deletesynonym'); } } else { if ($this->repository->hasAccess('tags', 'delete') !== true) { throw new UnauthorizedException('tags', 'delete'); } } $this->repository->beginTransaction(); try { $this->tagsHandler->deleteTag($tag->id); $this->repository->commit(); } catch (Exception $e) { $this->repository->rollback(); throw $e; } }
/** * Check if user has access to a given module / function * * Low level function, use canUser instead if you have objects to check against. * * @param string $module * @param string $function * @param \eZ\Publish\API\Repository\Values\User\User $user * * @return boolean|array Bool if user has full or no access, array if limitations if not */ public function hasAccess($module, $function, User $user = null) { return $this->repository->hasAccess($module, $function, $user); }