hazza/Phraseanet
1
0
Fork 0
mirror of https://github.com/alchemy-fr/Phraseanet.git synced 2025-10-11 12:03:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Apply user rights on sub-definition

Browse Source
This commit is contained in:
Nicolas Le Goff
2014-08-04 11:25:59 +02:00
parent 26190331ed
commit 042748e044
6 changed files with 109 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
lib/classes/API/V1/adapter.php
View File

@@ -1039,7 +1039,6 @@ class API_V1_adapter extends API_V1_Abstract
*/ */
public function get_record_embed(Request $request, $databox_id, $record_id) public function get_record_embed(Request $request, $databox_id, $record_id)
{ {
$result = new API_V1_result($this->app, $request, $this); $result = new API_V1_result($this->app, $request, $this);
$record = $this->app['phraseanet.appbox']->get_databox($databox_id)->get_record($record_id); $record = $this->app['phraseanet.appbox']->get_databox($databox_id)->get_record($record_id);
@@ -1050,7 +1049,9 @@ class API_V1_adapter extends API_V1_Abstract
$mimes = $request->get('mimes', array()); $mimes = $request->get('mimes', array());
foreach ($record->get_embedable_medias($devices, $mimes) as $name => $media) { foreach ($record->get_embedable_medias($devices, $mimes) as $name => $media) {
$ret[] = $this->list_embedable_media($media, $this->app['phraseanet.registry']); if (null !== $subdef = $this->list_embedable_media($record, $media, $this->app['phraseanet.registry'])) {
$ret[] = $subdef;
}
} }
$result->set_datas(array("embed" => $ret)); $result->set_datas(array("embed" => $ret));
@@ -1082,7 +1083,9 @@ class API_V1_adapter extends API_V1_Abstract
$mimes = $request->get('mimes', array()); $mimes = $request->get('mimes', array());
foreach ($record->get_embedable_medias($devices, $mimes) as $name => $media) { foreach ($record->get_embedable_medias($devices, $mimes) as $name => $media) {
$ret[] = $this->list_embedable_media($media, $this->app['phraseanet.registry']); if (null !== $subdef = $this->list_embedable_media($record, $media, $this->app['phraseanet.registry'])) {
$ret[] = $subdef;
}
} }
$result->set_datas(array("embed" => $ret)); $result->set_datas(array("embed" => $ret));
@@ -1705,12 +1708,22 @@ class API_V1_adapter extends API_V1_Abstract
* @param media_subdef $media * @param media_subdef $media
* @return array * @return array
*/ */
protected function list_embedable_media(media_subdef $media, registryInterface $registry) protected function list_embedable_media(\record_adapter $record, media_subdef $media, registryInterface $registry)
{ {
if (!$media->is_physically_present()) { if (!$media->is_physically_present()) {
return null; return null;
} }
if ($this->app['authentication']->isAuthenticated()) {
if ($media->get_name() !== 'document' && false === $this->app['authentication']->getUser()->ACL()->has_access_to_subdef($record, $media->get_name())) {
return null;
} else if ($media->get_name() === 'document'
&& !$this->app['authentication']->getUser()->ACL()->has_right_on_base($record->get_base_id(), 'candwnldhd')
&& !$this->app['authentication']->getUser()->ACL()->has_hd_grant($record)) {
return null;
}
}
if ($media->get_permalink() instanceof media_Permalink_Adapter) { if ($media->get_permalink() instanceof media_Permalink_Adapter) {
$permalink = $this->list_permalink($media->get_permalink(), $registry); $permalink = $this->list_permalink($media->get_permalink(), $registry);
} else { } else {
@@ -1897,7 +1910,7 @@ class API_V1_adapter extends API_V1_Abstract
'created_on' => $record->get_creation_date()->format(DATE_ATOM), 'created_on' => $record->get_creation_date()->format(DATE_ATOM),
'collection_id' => phrasea::collFromBas($this->app, $record->get_base_id()), 'collection_id' => phrasea::collFromBas($this->app, $record->get_base_id()),
'sha256' => $record->get_sha256(), 'sha256' => $record->get_sha256(),
'thumbnail' => $this->list_embedable_media($record->get_thumbnail(), $this->app['phraseanet.registry']), 'thumbnail' => $this->list_embedable_media($record, $record->get_thumbnail(), $this->app['phraseanet.registry']),
'technical_informations' => $technicalInformation, 'technical_informations' => $technicalInformation,
'phrasea_type' => $record->get_type(), 'phrasea_type' => $record->get_type(),
'uuid' => $record->get_uuid(), 'uuid' => $record->get_uuid(),
@@ -1907,7 +1920,9 @@ class API_V1_adapter extends API_V1_Abstract
$subdefs = $caption = array(); $subdefs = $caption = array();
foreach ($record->get_embedable_medias(array(), array()) as $name => $media) { foreach ($record->get_embedable_medias(array(), array()) as $name => $media) {
$subdefs[] = $this->list_embedable_media($media, $this->app['phraseanet.registry']); if (null !== $subdef = $this->list_embedable_media($record, $media, $this->app['phraseanet.registry'])) {
$subdefs[] = $subdef;
}
} }
foreach ($record->get_caption()->get_fields() as $field) { foreach ($record->get_caption()->get_fields() as $field) {
@@ -1969,7 +1984,7 @@ class API_V1_adapter extends API_V1_Abstract
'updated_on' => $story->get_modification_date()->format(DATE_ATOM), 'updated_on' => $story->get_modification_date()->format(DATE_ATOM),
'created_on' => $story->get_creation_date()->format(DATE_ATOM), 'created_on' => $story->get_creation_date()->format(DATE_ATOM),
'collection_id' => phrasea::collFromBas($this->app, $story->get_base_id()), 'collection_id' => phrasea::collFromBas($this->app, $story->get_base_id()),
'thumbnail' => $this->list_embedable_media($story->get_thumbnail(), $this->app['phraseanet.registry']), 'thumbnail' => $this->list_embedable_media($story, $story->get_thumbnail(), $this->app['phraseanet.registry']),
'uuid' => $story->get_uuid(), 'uuid' => $story->get_uuid(),
'metadatas' => array( 'metadatas' => array(
'@entity@' => self::OBJECT_TYPE_STORY_METADATA_BAG, '@entity@' => self::OBJECT_TYPE_STORY_METADATA_BAG,

3
lib/classes/Feed/Entry/Adapter.php
View File

@@ -450,6 +450,8 @@ class Feed_Entry_Adapter implements Feed_Entry_Interface, cache_cacheableInterfa
$rs = $this->retrieve_elements(); $rs = $this->retrieve_elements();
$items = array(); $items = array();
if ($rs) {
foreach ($rs as $item_id) { foreach ($rs as $item_id) {
try { try {
$items[] = new Feed_Entry_Item($this->app['phraseanet.appbox'], $this, $item_id); $items[] = new Feed_Entry_Item($this->app['phraseanet.appbox'], $this, $item_id);
@@ -457,6 +459,7 @@ class Feed_Entry_Adapter implements Feed_Entry_Interface, cache_cacheableInterfa
} }
} }
}
$this->items = $items; $this->items = $items;

5
lib/classes/caption/record.php
View File

@@ -205,16 +205,21 @@ class caption_record implements caption_interface, cache_cacheableInterface
$stmt->execute(array(':record_id' => $this->record->get_record_id())); $stmt->execute(array(':record_id' => $this->record->get_record_id()));
$fields = $stmt->fetchAll(PDO::FETCH_ASSOC); $fields = $stmt->fetchAll(PDO::FETCH_ASSOC);
$stmt->closeCursor(); $stmt->closeCursor();
if ($fields) {
$this->set_data_to_cache($fields); $this->set_data_to_cache($fields);
} }
}
$rec_fields = array(); $rec_fields = array();
if ($fields) {
foreach ($fields as $row) { foreach ($fields as $row) {
$databox_meta_struct = databox_field::get_instance($this->app, $this->databox, $row['structure_id']); $databox_meta_struct = databox_field::get_instance($this->app, $this->databox, $row['structure_id']);
$metadata = new caption_field($this->app, $databox_meta_struct, $this->record); $metadata = new caption_field($this->app, $databox_meta_struct, $this->record);
$rec_fields[$databox_meta_struct->get_id()] = $metadata; $rec_fields[$databox_meta_struct->get_id()] = $metadata;
} }
}
$this->fields = $rec_fields; $this->fields = $rec_fields;
return $this->fields; return $this->fields;

63
tests/Alchemy/Tests/Phrasea/Application/ApiAbstract.php
View File

@@ -85,6 +85,7 @@ abstract class ApiAbstract extends \PhraseanetWebTestCaseAbstract
if (!static::$APIrecord) { if (!static::$APIrecord) {
$file = new File(self::$DI['app'], self::$DI['app']['mediavorus']->guess(__DIR__ . '/../../../../files/test024.jpg'), self::$DI['collection']); $file = new File(self::$DI['app'], self::$DI['app']['mediavorus']->guess(__DIR__ . '/../../../../files/test024.jpg'), self::$DI['collection']);
static::$APIrecord = \record_adapter::createFromFile($file, self::$DI['app']); static::$APIrecord = \record_adapter::createFromFile($file, self::$DI['app']);
static::$APIrecord->generate_subdefs(static::$APIrecord->get_databox(), self::$DI['app']); static::$APIrecord->generate_subdefs(static::$APIrecord->get_databox(), self::$DI['app']);
} }
@@ -121,8 +122,10 @@ abstract class ApiAbstract extends \PhraseanetWebTestCaseAbstract
self::$adminApplication->delete(); self::$adminApplication->delete();
} }
if (static::$APIrecord) {
static::$APIrecord->delete(); static::$APIrecord->delete();
static::$APIrecord = null; static::$APIrecord = null;
}
parent::tearDownAfterClass(); parent::tearDownAfterClass();
} }
@@ -1045,7 +1048,10 @@ abstract class ApiAbstract extends \PhraseanetWebTestCaseAbstract
{ {
$this->setToken(self::$token); $this->setToken(self::$token);
$keys = array_keys($this->record->get_subdefs()); self::$DI['user_notAdmin']->ACL()->update_rights_to_base(self::$DI['collection']->get_base_id(), array(
'candwnldpreview' => 1,
'candwnldhd' => 1
));
$route = '/api/v1/records/' . $this->record->get_sbas_id() . '/' . $this->record->get_record_id() . '/embed/'; $route = '/api/v1/records/' . $this->record->get_sbas_id() . '/' . $this->record->get_record_id() . '/embed/';
$this->evaluateMethodNotAllowedRoute($route, array('POST', 'PUT', 'DELETE')); $this->evaluateMethodNotAllowedRoute($route, array('POST', 'PUT', 'DELETE'));
@@ -1058,6 +1064,13 @@ abstract class ApiAbstract extends \PhraseanetWebTestCaseAbstract
$this->assertArrayHasKey('embed', $content['response']); $this->assertArrayHasKey('embed', $content['response']);
$embedTypes = array_flip(array_map(function($subdef) {return $subdef['name'];},$content['response']['embed']));
//access to all subdefs
$this->assertArrayHasKey('document', $embedTypes);
$this->assertArrayHasKey('preview', $embedTypes);
$this->assertArrayHasKey('thumbnail', $embedTypes);
foreach ($content['response']['embed'] as $embed) { foreach ($content['response']['embed'] as $embed) {
$this->checkEmbed($embed, $this->record); $this->checkEmbed($embed, $this->record);
} }
@@ -1069,6 +1082,52 @@ abstract class ApiAbstract extends \PhraseanetWebTestCaseAbstract
$this->evaluateMethodNotAllowedRoute($route, array('POST', 'PUT', 'DELETE')); $this->evaluateMethodNotAllowedRoute($route, array('POST', 'PUT', 'DELETE'));
} }
public function testRecordsEmbedRouteNoHdRights()
{
$this->setToken(self::$token);
self::$DI['user_notAdmin']->ACL()->update_rights_to_base(self::$DI['collection']->get_base_id(), array(
'candwnldhd' => 0,
'candwnldpreview' => 1
));
$route = '/api/v1/records/' . $this->record->get_sbas_id() . '/' . $this->record->get_record_id() . '/embed/';
self::$DI['client']->request('GET', $route, $this->getParameters(), array(), array('HTTP_Accept' => $this->getAcceptMimeType()));
$content = $this->unserialize(self::$DI['client']->getResponse()->getContent());
$this->evaluateResponse200(self::$DI['client']->getResponse());
$this->evaluateMeta200($content);
$this->assertArrayHasKey('embed', $content['response']);
// no hd subdef
$embedTypes = array_flip(array_map(function($subdef) {return $subdef['name'];},$content['response']['embed']));
$this->assertArrayHasKey('preview', $embedTypes);
$this->assertArrayNotHasKey('document', $embedTypes);
}
public function testRecordsEmbedRouteNoPreviewAndHdRights()
{
$this->setToken(self::$token);
self::$DI['user_notAdmin']->ACL()->update_rights_to_base(self::$DI['collection']->get_base_id(), array(
'candwnldpreview' => 0,
'candwnldhd' => 0
));
$route = '/api/v1/records/' . $this->record->get_sbas_id() . '/' . $this->record->get_record_id() . '/embed/';
self::$DI['client']->request('GET', $route, $this->getParameters(), array(), array('HTTP_Accept' => $this->getAcceptMimeType()));
$content = $this->unserialize(self::$DI['client']->getResponse()->getContent());
$this->evaluateResponse200(self::$DI['client']->getResponse());
$this->evaluateMeta200($content);
$this->assertArrayHasKey('embed', $content['response']);
// no preview
$this->assertArrayNotHasKey('document', array_flip(array_map(function($subdef) {return $subdef['name'];},$content['response']['embed'])));
$this->assertArrayNotHasKey('preview', array_flip(array_map(function($subdef) {return $subdef['name'];},$content['response']['embed'])));
}
/** /**
* @covers \API_V1_adapter::get_record_embed * @covers \API_V1_adapter::get_record_embed
* @covers \API_V1_adapter::list_embedable_media * @covers \API_V1_adapter::list_embedable_media
@@ -2019,7 +2078,7 @@ abstract class ApiAbstract extends \PhraseanetWebTestCaseAbstract
$lazaretSession = new \Entities\LazaretSession(); $lazaretSession = new \Entities\LazaretSession();
self::$DI['app']['EM']->persist($lazaretSession); self::$DI['app']['EM']->persist($lazaretSession);
$quarantineItem; $quarantineItem = null;
$callback = function ($element, $visa, $code) use (&$quarantineItem) { $callback = function ($element, $visa, $code) use (&$quarantineItem) {
$quarantineItem = $element; $quarantineItem = $element;
}; };

8
tests/Alchemy/Tests/Phrasea/Application/OverviewTest.php
View File

@@ -104,7 +104,7 @@ class OverviewTest extends \PhraseanetWebTestCaseAuthenticatedAbstract
$this->assertRegExp('/^attachment;/', $response->headers->get('content-disposition')); $this->assertRegExp('/^attachment;/', $response->headers->get('content-disposition'));
$this->assertEquals(rtrim(self::$DI['app']['phraseanet.configuration']['main']['servername'], '/') . "/permalink/v1/1/". self::$DI['record_1']->get_record_id()."/caption/?token=".$token, $response->headers->get("Link")); $this->assertContains(self::$DI['record_1']->get_record_id()."/caption/?token=".$token, $response->headers->get("Link"));
$this->assertEquals(200, $response->getStatusCode()); $this->assertEquals(200, $response->getStatusCode());
} }
@@ -221,7 +221,7 @@ class OverviewTest extends \PhraseanetWebTestCaseAuthenticatedAbstract
$this->assertEquals($value, $response->headers->get($name)); $this->assertEquals($value, $response->headers->get($name));
} }
$this->assertEquals(rtrim(self::$DI['app']['phraseanet.configuration']['main']['servername'], '/') . "/permalink/v1/1/". self::$DI['record_1']->get_record_id()."/caption/?token=".$token, $response->headers->get("Link")); $this->assertContains(self::$DI['record_1']->get_record_id()."/caption/?token=".$token, $response->headers->get("Link"));
$this->assertEquals(200, $response->getStatusCode()); $this->assertEquals(200, $response->getStatusCode());
} }
@@ -253,7 +253,7 @@ class OverviewTest extends \PhraseanetWebTestCaseAuthenticatedAbstract
$this->assertEquals($value, $response->headers->get($name)); $this->assertEquals($value, $response->headers->get($name));
} }
$this->assertEquals(200, $response->getStatusCode()); $this->assertTrue($response->isOk(), $response);
} }
protected function get_a_permalink(array $headers = array()) protected function get_a_permalink(array $headers = array())
@@ -269,7 +269,7 @@ class OverviewTest extends \PhraseanetWebTestCaseAuthenticatedAbstract
$this->assertEquals($value, $response->headers->get($name)); $this->assertEquals($value, $response->headers->get($name));
} }
$this->assertEquals(rtrim(self::$DI['app']['phraseanet.configuration']['main']['servername'], '/') . "/permalink/v1/1/". self::$DI['record_1']->get_record_id()."/caption/?token=".$token, $response->headers->get("Link")); $this->assertContains(self::$DI['record_1']->get_record_id()."/caption/?token=".$token, $response->headers->get("Link"));
$this->assertEquals(200, $response->getStatusCode()); $this->assertEquals(200, $response->getStatusCode());
self::$DI['client']->request('OPTIONS', $url); self::$DI['client']->request('OPTIONS', $url);

6
tests/Alchemy/Tests/Phrasea/Controller/Root/RSSFeedTest.php
View File

@@ -226,8 +226,8 @@ class RSSFeedTest extends \PhraseanetWebTestCaseAbstract
protected function evaluateResponse200(Response $response) protected function evaluateResponse200(Response $response)
{ {
$this->assertEquals(200, $response->getStatusCode(), 'Test status code '); $this->assertEquals(200, $response->getStatusCode(), $response);
$this->assertEquals('UTF-8', $response->getCharset(), 'Test charset response'); $this->assertEquals('UTF-8', $response->getCharset(), $response);
} }
public function testPublicFeed() public function testPublicFeed()
@@ -321,7 +321,7 @@ class RSSFeedTest extends \PhraseanetWebTestCaseAbstract
$this->assertTrue($feed->is_public()); $this->assertTrue($feed->is_public());
} }
$crawler = self::$DI['client']->request("GET", "/feeds/aggregated/rss/"); $crawler = self::$DI['client']->request("GET", "/feeds/aggregated/rss/");
$this->assertTrue(self::$DI['client']->getResponse()->isOk()); $this->assertTrue(self::$DI['client']->getResponse()->isOk(), self::$DI['client']->getResponse());
$this->assertEquals("application/rss+xml", self::$DI['client']->getResponse()->headers->get("content-type")); $this->assertEquals("application/rss+xml", self::$DI['client']->getResponse()->headers->get("content-type"));
$xml = self::$DI['client']->getResponse()->getContent(); $xml = self::$DI['client']->getResponse()->getContent();
$this->verifyXML($xml); $this->verifyXML($xml);