From 0c75189a646ffa5a5bff49e90b93c5697c2dec67 Mon Sep 17 00:00:00 2001 From: Jean-Yves Gaulier Date: Wed, 26 Oct 2016 16:12:25 +0200 Subject: [PATCH] PHRAS-508_acl-cache - refactor : acl strings changed to ACL class constants - code cleanup - wip but try to merge for bc break test --- .../Phrasea/Collection/CollectionService.php | 43 +-- .../Controller/Prod/PushController.php | 6 +- .../Phrasea/Controller/RecordsRequest.php | 4 +- lib/Alchemy/Phrasea/Helper/Prod.php | 2 +- lib/Alchemy/Phrasea/Helper/User/Edit.php | 29 +- .../Model/Manipulator/ACLManipulator.php | 57 +-- .../Manipulator/RegistrationManipulator.php | 17 +- .../Order/Controller/ProdOrderController.php | 2 +- .../Elastic/ElasticSearchEngine.php | 2 +- lib/Alchemy/Phrasea/Setup/Installer.php | 52 +-- .../Phrasea/Twig/PhraseanetExtension.php | 18 +- lib/classes/ACL.php | 337 +++++++++--------- lib/classes/User/Query.php | 2 +- lib/classes/User/QueryInterface.php | 47 --- lib/classes/databox.php | 55 +-- .../web/admin/publications/fiche.html.twig | 2 +- .../web/admin/publications/list.html.twig | 2 +- templates/web/common/caption.html.twig | 2 +- templates/web/prod/preview/caption.html.twig | 2 +- templates/web/prod/results/list.html.twig | 2 +- templates/web/prod/results/record.html.twig | 6 +- .../Phrasea/Controller/Admin/UsersTest.php | 45 ++- .../Phrasea/Controller/Api/ApiJsonTest.php | 42 ++- .../Phrasea/Controller/RecordsRequestTest.php | 11 +- .../Model/Manipulator/ACLManipulatorTest.php | 62 ++-- tests/classes/ACLTest.php | 203 ++++++++--- .../PhraseanetAuthenticatedWebTestCase.php | 17 +- tests/classes/PhraseanetTestCase.php | 68 ++-- 28 files changed, 641 insertions(+), 496 deletions(-) delete mode 100644 lib/classes/User/QueryInterface.php diff --git a/lib/Alchemy/Phrasea/Collection/CollectionService.php b/lib/Alchemy/Phrasea/Collection/CollectionService.php index 1676c0a5d6..fff3c73755 100644 --- a/lib/Alchemy/Phrasea/Collection/CollectionService.php +++ b/lib/Alchemy/Phrasea/Collection/CollectionService.php @@ -268,27 +268,28 @@ class CollectionService */ public function grantAdminRights(CollectionReference $reference, User $user) { - $rights = [ - \ACL::CANPUTINALBUM => "1", - \ACL::CANDWNLDHD => "1", - \ACL::NOWATERMARK => "1", - \ACL::CANDWNLDPREVIEW => "1", - \ACL::CANCMD => "1", - \ACL::CANADMIN => "1", - \ACL::ACTIF => "1", - \ACL::CANREPORT => "1", - \ACL::CANPUSH => "1", - "basusr_infousr" => "", - \ACL::CANADDRECORD => "1", - \ACL::CANMODIFRECORD => "1", - \ACL::CANDELETERECORD => "1", - \ACL::CHGSTATUS => "1", - \ACL::IMGTOOLS => "1", - \ACL::COLL_MANAGE => "1", - \ACL::COLL_MODIFY_STRUCT => "1" - ]; - - $this->app->getAclForUser($user)->update_rights_to_base($reference->getBaseId(), $rights); + $this->app->getAclForUser($user)->update_rights_to_base( + $reference->getBaseId(), + [ + "basusr_infousr" => "", // todo : wtf + \ACL::CANPUTINALBUM => true, + \ACL::CANDWNLDHD => true, + \ACL::NOWATERMARK => true, + \ACL::CANDWNLDPREVIEW => true, + \ACL::CANCMD => true, + \ACL::CANADMIN => true, + \ACL::ACTIF => true, + \ACL::CANREPORT => true, + \ACL::CANPUSH => true, + \ACL::CANADDRECORD => true, + \ACL::CANMODIFRECORD => true, + \ACL::CANDELETERECORD => true, + \ACL::CHGSTATUS => true, + \ACL::IMGTOOLS => true, + \ACL::COLL_MANAGE => true, + \ACL::COLL_MODIFY_STRUCT => true + ] + ); } public function setOrderMasters(CollectionReference $reference, array $userIds) diff --git a/lib/Alchemy/Phrasea/Controller/Prod/PushController.php b/lib/Alchemy/Phrasea/Controller/Prod/PushController.php index 59f443e90e..569537fed3 100644 --- a/lib/Alchemy/Phrasea/Controller/Prod/PushController.php +++ b/lib/Alchemy/Phrasea/Controller/Prod/PushController.php @@ -395,7 +395,7 @@ class PushController extends Controller $data = null; $query = $this->createUserQuery(); - $query->on_bases_where_i_am($this->getAclForUser($this->getAuthenticatedUser()), ['canpush']); + $query->on_bases_where_i_am($this->getAclForUser($this->getAuthenticatedUser()), [\ACL::CANPUSH]); $query->in([$usr_id]); @@ -502,7 +502,7 @@ class PushController extends Controller public function searchUserAction(Request $request) { $query = $this->createUserQuery(); - $query->on_bases_where_i_am($this->getAclForUser($this->getAuthenticatedUser()), ['canpush']); + $query->on_bases_where_i_am($this->getAclForUser($this->getAuthenticatedUser()), [\ACL::CANPUSH]); $query ->like(\User_Query::LIKE_FIRSTNAME, $request->query->get('query')) ->like(\User_Query::LIKE_LASTNAME, $request->query->get('query')) @@ -540,7 +540,7 @@ class PushController extends Controller $list = $repository->findUserListByUserAndId($this->getAuthenticatedUser(), $list_id); $query = $this->createUserQuery(); - $query->on_bases_where_i_am($this->getAclForUser($this->getAuthenticatedUser()), ['canpush']); + $query->on_bases_where_i_am($this->getAclForUser($this->getAuthenticatedUser()), [\ACL::CANPUSH]); if ($request->get('query')) { $query diff --git a/lib/Alchemy/Phrasea/Controller/RecordsRequest.php b/lib/Alchemy/Phrasea/Controller/RecordsRequest.php index 7768a30b15..bb911d15b9 100644 --- a/lib/Alchemy/Phrasea/Controller/RecordsRequest.php +++ b/lib/Alchemy/Phrasea/Controller/RecordsRequest.php @@ -219,8 +219,8 @@ class RecordsRequest extends ArrayCollection $repository = $app['repo.story-wz']; $storyWZ = $repository->findByUserAndId( - $app, $app->getAuthenticatedUser() - , $request->get('story') + $app, $app->getAuthenticatedUser(), + $request->get('story') ); $received[$storyWZ->getRecord($app)->get_serialize_key()] = $storyWZ->getRecord($app); diff --git a/lib/Alchemy/Phrasea/Helper/Prod.php b/lib/Alchemy/Phrasea/Helper/Prod.php index 9aab76ad72..3537b367c0 100644 --- a/lib/Alchemy/Phrasea/Helper/Prod.php +++ b/lib/Alchemy/Phrasea/Helper/Prod.php @@ -93,7 +93,7 @@ class Prod extends Helper if (!$bases[$sbasId]['thesaurus']) { continue; } - if (!$this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_sbas($sbasId, 'bas_modif_th')) { + if (!$this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_sbas($sbasId, \ACL::BAS_MODIF_TH)) { continue; } diff --git a/lib/Alchemy/Phrasea/Helper/User/Edit.php b/lib/Alchemy/Phrasea/Helper/User/Edit.php index 0466bba235..2fab6b47f4 100644 --- a/lib/Alchemy/Phrasea/Helper/User/Edit.php +++ b/lib/Alchemy/Phrasea/Helper/User/Edit.php @@ -115,13 +115,13 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper . " SUM(time_limited) AS time_limited,\n" . " SUM(restrict_dwnld) AS restrict_dwnld,\n" - // --- wtf doing sum on non booleans ? + // --- todo : wtf doing sum on non booleans ? . " SUM(remain_dwnld) AS remain_dwnld,\n" . " SUM(month_dwnld_max) AS month_dwnld_max,\n" . " SUM(mask_and + mask_xor) AS masks,\n" // --- - // -- wtf no aggregate fct ? + // -- todo : wtf no aggregate fct ? . " DATE_FORMAT(limited_from,'%Y%m%d') AS limited_from,\n" . " DATE_FORMAT(limited_to,'%Y%m%d') AS limited_to\n" // --- @@ -509,9 +509,13 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper } $rights[$k] = $right . '_' . $base_id; } + + // todo : wtf check if parm contains good types (a checkbox should be a bool, not a "0" or "1" + // as required by ACL::update_rights_to_bas(...) $parm = $this->unserializedRequestData($this->app['request'], $rights, 'values'); foreach ($parm as $p => $v) { + // p is like {bid}_{right} => right-value if (trim($v) == '') continue; @@ -524,10 +528,14 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper if ($v === '1') { $create_sbas[\phrasea::sbasFromBas($this->app, $base_id)] = \phrasea::sbasFromBas($this->app, $base_id); $create[] = $base_id; - } else + } + else { $delete[] = $base_id; - } else { + } + } + else { $create_sbas[\phrasea::sbasFromBas($this->app, $base_id)] = \phrasea::sbasFromBas($this->app, $base_id); + // todo : wtf $update is arg. for ACL::update_rights_to_base(...) but $v is always a string. how to convert to bool ? $update[$base_id][$p] = $v; } } @@ -550,6 +558,8 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper $rights[$k] = $right . '_' . $databox->get_sbas_id(); } + // todo : wtf check if parm contains good types (a checkbox should be a bool, not a "0" or "1" + // as required by ACL::update_rights_to_sbas(...) $parm = $this->unserializedRequestData($this->app['request'], $rights, 'values'); foreach ($parm as $p => $v) { @@ -577,11 +587,18 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper ->give_access_to_sbas($create_sbas); foreach ($update as $base_id => $rights) { - $this->app->getAclForUser($user)->update_rights_to_base($base_id, $rights); + $this->app->getAclForUser($user) + ->update_rights_to_base( + $base_id, + $rights + ); } foreach ($update_sbas as $sbas_id => $rights) { - $this->app->getAclForUser($user)->update_rights_to_sbas($sbas_id, $rights); + $this->app->getAclForUser($user)->update_rights_to_sbas( + $sbas_id, + $rights + ); } $this->app->getApplicationBox()->get_connection()->commit(); diff --git a/lib/Alchemy/Phrasea/Model/Manipulator/ACLManipulator.php b/lib/Alchemy/Phrasea/Model/Manipulator/ACLManipulator.php index 4b168d3416..748bf9c1fc 100644 --- a/lib/Alchemy/Phrasea/Model/Manipulator/ACLManipulator.php +++ b/lib/Alchemy/Phrasea/Model/Manipulator/ACLManipulator.php @@ -71,12 +71,15 @@ class ACLManipulator implements ManipulatorInterface { $collections = $databox->get_collections(); - $acl->update_rights_to_sbas($databox->get_sbas_id(), [ - \ACL::BAS_MANAGE => '1', - \ACL::BAS_MODIFY_STRUCT => '1', - \ACL::BAS_MODIF_TH => '1', - \ACL::BAS_CHUPUB => '1' - ]); + $acl->update_rights_to_sbas( + $databox->get_sbas_id(), + [ + \ACL::BAS_MANAGE => true, + \ACL::BAS_MODIFY_STRUCT => true, + \ACL::BAS_MODIF_TH => true, + \ACL::BAS_CHUPUB => true + ] + ); $acl->give_access_to_base(array_map(function (\collection $collection) { return $collection->get_base_id(); @@ -100,26 +103,28 @@ class ACLManipulator implements ManipulatorInterface $acl->set_limits($baseId, false); $acl->remove_quotas_on_base($baseId); $acl->set_masks_on_base($baseId, '0', '0', '0', '0'); - $acl->update_rights_to_base($baseId, [ - \ACL::CANPUTINALBUM => '1', - \ACL::CANDWNLDHD => '1', - 'candwnldsubdef' => '1', - \ACL::NOWATERMARK => '1', - \ACL::CANDWNLDPREVIEW => '1', - \ACL::CANCMD => '1', - \ACL::CANADMIN => '1', - \ACL::CANREPORT => '1', - \ACL::CANPUSH => '1', - 'creationdate' => '1', - \ACL::CANADDRECORD => '1', - \ACL::CANMODIFRECORD => '1', - \ACL::CANDELETERECORD => '1', - \ACL::CHGSTATUS => '1', - \ACL::IMGTOOLS => '1', - \ACL::COLL_MANAGE => '1', - \ACL::COLL_MODIFY_STRUCT => '1', - \ACL::BAS_MODIFY_STRUCT => '1' - ]); + $acl->update_rights_to_base( + $baseId, + [ + 'creationdate' => '1', // todo : wtf + \ACL::CANPUTINALBUM => true, + \ACL::CANDWNLDHD => true, + \ACL::NOWATERMARK => true, + \ACL::CANDWNLDPREVIEW => true, + \ACL::CANCMD => true, + \ACL::CANADMIN => true, + \ACL::CANREPORT => true, + \ACL::CANPUSH => true, + \ACL::CANADDRECORD => true, + \ACL::CANMODIFRECORD => true, + \ACL::CANDELETERECORD => true, + \ACL::CHGSTATUS => true, + \ACL::IMGTOOLS => true, + \ACL::COLL_MANAGE => true, + \ACL::COLL_MODIFY_STRUCT => true, + \ACL::BAS_MODIFY_STRUCT => true + ] + ); } /** diff --git a/lib/Alchemy/Phrasea/Model/Manipulator/RegistrationManipulator.php b/lib/Alchemy/Phrasea/Model/Manipulator/RegistrationManipulator.php index c40cbf2c18..34ceb18874 100644 --- a/lib/Alchemy/Phrasea/Model/Manipulator/RegistrationManipulator.php +++ b/lib/Alchemy/Phrasea/Model/Manipulator/RegistrationManipulator.php @@ -81,13 +81,16 @@ class RegistrationManipulator implements ManipulatorInterface $this->aclProvider->get($user)->give_access_to_sbas([$collection->get_sbas_id()]); $this->aclProvider->get($user)->give_access_to_base([$collection->get_base_id()]); - $this->aclProvider->get($user)->update_rights_to_base($collection->get_base_id(), [ - \ACL::CANPUTINALBUM => '1', - \ACL::CANDWNLDHD => (string) (int) $grantHd, - \ACL::NOWATERMARK => (string) (int) $grantWatermark, - \ACL::CANDWNLDPREVIEW => '1', - \ACL::ACTIF => '1' - ]); + $this->aclProvider->get($user)->update_rights_to_base( + $collection->get_base_id(), + [ + \ACL::CANPUTINALBUM => true, + \ACL::CANDWNLDHD => (bool)$grantHd, + \ACL::NOWATERMARK => (bool)$grantWatermark, + \ACL::CANDWNLDPREVIEW => true, + \ACL::ACTIF => true + ] + ); $this->em->remove($registration); $this->em->flush(); } diff --git a/lib/Alchemy/Phrasea/Order/Controller/ProdOrderController.php b/lib/Alchemy/Phrasea/Order/Controller/ProdOrderController.php index 1a86dc381d..d4372c18b8 100644 --- a/lib/Alchemy/Phrasea/Order/Controller/ProdOrderController.php +++ b/lib/Alchemy/Phrasea/Order/Controller/ProdOrderController.php @@ -37,7 +37,7 @@ class ProdOrderController extends BaseOrderController */ public function createOrder(Request $request) { - $records = RecordsRequest::fromRequest($this->app, $request, true, ['cancmd']); + $records = RecordsRequest::fromRequest($this->app, $request, true, [\ACL::CANCMD]); try { if ($records->isEmpty()) { diff --git a/lib/Alchemy/Phrasea/SearchEngine/Elastic/ElasticSearchEngine.php b/lib/Alchemy/Phrasea/SearchEngine/Elastic/ElasticSearchEngine.php index a7064561f6..eff1c38d68 100644 --- a/lib/Alchemy/Phrasea/SearchEngine/Elastic/ElasticSearchEngine.php +++ b/lib/Alchemy/Phrasea/SearchEngine/Elastic/ElasticSearchEngine.php @@ -461,7 +461,7 @@ class ElasticSearchEngine implements SearchEngineInterface $acl = $this->app->getAclForUser($this->app->getAuthenticatedUser()); - $grantedCollections = array_keys($acl->get_granted_base(['actif'])); + $grantedCollections = array_keys($acl->get_granted_base([\ACL::ACTIF])); if (count($grantedCollections) === 0) { return ['bool' => ['must_not' => ['match_all' => new \stdClass()]]]; diff --git a/lib/Alchemy/Phrasea/Setup/Installer.php b/lib/Alchemy/Phrasea/Setup/Installer.php index 7823024b83..2868f79835 100644 --- a/lib/Alchemy/Phrasea/Setup/Installer.php +++ b/lib/Alchemy/Phrasea/Setup/Installer.php @@ -59,11 +59,12 @@ class Installer $this->app->getAclForUser($admin) ->give_access_to_sbas([$databox->get_sbas_id()]) ->update_rights_to_sbas( - $databox->get_sbas_id(), [ - \ACL::BAS_MANAGE => 1, - \ACL::BAS_MODIFY_STRUCT => 1, - \ACL::BAS_MODIF_TH => 1, - \ACL::BAS_CHUPUB => 1 + $databox->get_sbas_id(), + [ + \ACL::BAS_MANAGE => true, + \ACL::BAS_MODIFY_STRUCT => true, + \ACL::BAS_MODIF_TH => true, + \ACL::BAS_CHUPUB => true ] ); @@ -71,26 +72,29 @@ class Installer $this->app->getAclForUser($admin) ->give_access_to_base([$collection->get_base_id()]); + $this->app->getAclForUser($admin) - ->update_rights_to_base($collection->get_base_id(), [ - \ACL::CANPUSH => 1, - \ACL::CANCMD => 1, - \ACL::CANPUTINALBUM => 1, - \ACL::CANDWNLDHD => 1, - \ACL::CANDWNLDPREVIEW => 1, - \ACL::CANADMIN => 1, - \ACL::ACTIF => 1, - \ACL::CANREPORT => 1, - \ACL::CANADDRECORD => 1, - \ACL::CANMODIFRECORD => 1, - \ACL::CANDELETERECORD => 1, - \ACL::CHGSTATUS => 1, - \ACL::IMGTOOLS => 1, - \ACL::COLL_MANAGE => 1, - \ACL::COLL_MODIFY_STRUCT => 1, - \ACL::NOWATERMARK => 1 - ] - ); + ->update_rights_to_base( + $collection->get_base_id(), + [ + \ACL::CANPUSH => true, + \ACL::CANCMD => true, + \ACL::CANPUTINALBUM => true, + \ACL::CANDWNLDHD => true, + \ACL::CANDWNLDPREVIEW => true, + \ACL::CANADMIN => true, + \ACL::ACTIF => true, + \ACL::CANREPORT => true, + \ACL::CANADDRECORD => true, + \ACL::CANMODIFRECORD => true, + \ACL::CANDELETERECORD => true, + \ACL::CHGSTATUS => true, + \ACL::IMGTOOLS => true, + \ACL::COLL_MANAGE => true, + \ACL::COLL_MODIFY_STRUCT => true, + \ACL::NOWATERMARK => true + ] + ); foreach (['Subdefs', 'WriteMetadata'] as $jobName) { /** @var JobInterface $job */ diff --git a/lib/Alchemy/Phrasea/Twig/PhraseanetExtension.php b/lib/Alchemy/Phrasea/Twig/PhraseanetExtension.php index 62a42e46b3..0fef3ee23e 100644 --- a/lib/Alchemy/Phrasea/Twig/PhraseanetExtension.php +++ b/lib/Alchemy/Phrasea/Twig/PhraseanetExtension.php @@ -133,7 +133,7 @@ class PhraseanetExtension extends \Twig_Extension $structure = $databox->getStatusStructure()->toArray(); - if (!$this->isGrantedOnCollection($record->getBaseId(), \ACL::CHGSTATUS)) { + if (!$this->isGrantedOnCollection($record->getBaseId(), [\ACL::CHGSTATUS])) { $structure = array_filter($structure, function($status) { return (bool) $status['printable']; }); @@ -175,16 +175,25 @@ class PhraseanetExtension extends \Twig_Extension return true; } - public function isGrantedOnCollection($baseId, $rights) + /** + * returns true if user is authenticated and has all the passed rights on the base + * todo : wtf $rights is an array since it's never called with more than 1 right in it ? + * + * @param $baseId + * @param array $rights + * @return bool + * @throws \Exception + */ + public function isGrantedOnCollection($baseId, Array $rights) { if (false === ($this->app->getAuthenticatedUser() instanceof User)) { return false; } - $rights = (array) $rights; + $acl = $this->app->getAclForUser($this->app->getAuthenticatedUser()); foreach ($rights as $right) { - if (false === $this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_base($baseId, $right)) { + if (! $acl->has_right_on_base($baseId, $right)) { return false; } @@ -196,6 +205,7 @@ class PhraseanetExtension extends \Twig_Extension public function getCollectionLogo($baseId) { if (false === $this->app['filesystem']->exists(sprintf('%s/config/minilogos/%s', $this->app['root.path'], $baseId))) { + return ''; } diff --git a/lib/classes/ACL.php b/lib/classes/ACL.php index 10544d77b9..6ea8c0f3da 100644 --- a/lib/classes/ACL.php +++ b/lib/classes/ACL.php @@ -32,32 +32,33 @@ use Doctrine\DBAL\DBALException; class ACL implements cache_cacheableInterface { - const BAS_MODIF_TH = 'bas_modif_th'; - const BAS_MODIFY_STRUCT = 'bas_modify_struct'; - const BAS_MANAGE = 'bas_manage'; - const BAS_CHUPUB = 'bas_chupub'; + // those constants MUST match the related sql columns (so sql can be built from anonymous constants... ugly) + const BAS_MODIF_TH = 'bas_modif_th'; + const BAS_MODIFY_STRUCT = 'bas_modify_struct'; + const BAS_MANAGE = 'bas_manage'; + const BAS_CHUPUB = 'bas_chupub'; - const ACCESS = 'access'; - const ACTIF = 'actif'; - const CANADDRECORD = 'canaddrecord'; - const CANADMIN = 'canadmin'; - const CANCMD = 'cancmd'; - const CANDELETERECORD = 'candeleterecord'; - const CANDWNLDHD = 'candwnldhd'; - const CANDWNLDPREVIEW = 'candwnldpreview'; - const CANMODIFRECORD = 'canmodifrecord'; - const CANPUSH = 'canpush'; - const CANPUTINALBUM = 'canputinalbum'; - const CANREPORT = 'canreport'; - const CHGSTATUS = 'chgstatus'; - const IMGTOOLS = 'imgtools'; - const COLL_MANAGE = 'manage'; + const ACCESS = 'access'; // not a real sql column + const ACTIF = 'actif'; + const CANADDRECORD = 'canaddrecord'; + const CANADMIN = 'canadmin'; + const CANCMD = 'cancmd'; + const CANDELETERECORD = 'candeleterecord'; + const CANDWNLDHD = 'candwnldhd'; + const CANDWNLDPREVIEW = 'candwnldpreview'; + const CANMODIFRECORD = 'canmodifrecord'; + const CANPUSH = 'canpush'; + const CANPUTINALBUM = 'canputinalbum'; + const CANREPORT = 'canreport'; + const CHGSTATUS = 'chgstatus'; + const IMGTOOLS = 'imgtools'; + const COLL_MANAGE = 'manage'; const COLL_MODIFY_STRUCT = 'modify_struct'; - const NOWATERMARK = 'nowatermark'; - const ORDER_MASTER = 'order_master'; - const RESTRICT_DWNLD = 'restrict_dwnld'; + const NOWATERMARK = 'nowatermark'; + const ORDER_MASTER = 'order_master'; + const RESTRICT_DWNLD = 'restrict_dwnld'; - const TASKMANAGER = 'taskmanager'; + const TASKMANAGER = 'taskmanager'; protected static $bas_rights = [ self::ACTIF, @@ -144,15 +145,15 @@ class ACL implements cache_cacheableInterface */ protected $app; - const CACHE_IS_ADMIN = 'is_admin'; - const CACHE_RIGHTS_BAS = 'rights_bas'; - const CACHE_LIMITS_BAS = 'limits_bas'; - const CACHE_RIGHTS_SBAS = 'rights_sbas'; - const CACHE_RIGHTS_RECORDS = 'rights_records'; - const CACHE_GLOBAL_RIGHTS = 'global_rights'; - const GRANT_ACTION_PUSH = 'push'; + const CACHE_IS_ADMIN = 'is_admin'; + const CACHE_RIGHTS_BAS = 'rights_bas'; + const CACHE_LIMITS_BAS = 'limits_bas'; + const CACHE_RIGHTS_SBAS = 'rights_sbas'; + const CACHE_RIGHTS_RECORDS = 'rights_records'; + const CACHE_GLOBAL_RIGHTS = 'global_rights'; + const GRANT_ACTION_PUSH = 'push'; const GRANT_ACTION_VALIDATE = 'validate'; - const GRANT_ACTION_ORDER = 'order'; + const GRANT_ACTION_ORDER = 'order'; /** * Constructor @@ -209,8 +210,8 @@ class ACL implements cache_cacheableInterface public function grant_hd_on(RecordReferenceInterface $record, User $pusher, $action) { $sql = "REPLACE INTO records_rights\n" - . "(id, usr_id, sbas_id, record_id, document, `case`, pusher_usr_id)\n" - . "VALUES (null, :usr_id, :sbas_id, :record_id, 1, :case, :pusher)"; + . " (id, usr_id, sbas_id, record_id, document, `case`, pusher_usr_id)\n" + . " VALUES (null, :usr_id, :sbas_id, :record_id, 1, :case, :pusher)"; $params = [ ':usr_id' => $this->user->getId(), @@ -237,11 +238,11 @@ class ACL implements cache_cacheableInterface . " (null, :usr_id, :sbas_id, :record_id, 1, :case, :pusher)"; $params = [ - ':usr_id' => $this->user->getId() - , ':sbas_id' => $record->getDataboxId() - , ':record_id' => $record->getRecordId() - , ':case' => $action - , ':pusher' => $pusher->getId() + ':usr_id' => $this->user->getId(), + ':sbas_id' => $record->getDataboxId(), + ':record_id' => $record->getRecordId(), + ':case' => $action, + ':pusher' => $pusher->getId() ]; $stmt = $this->app->getApplicationBox()->get_connection()->prepare($sql); @@ -367,7 +368,7 @@ class ACL implements cache_cacheableInterface foreach ($sbas_rights as $right) { if ($this->app->getAclForUser($template_user)->has_right_on_sbas($sbas_id, $right)) { - $rights_to_give[$sbas_id][$right] = '1'; + $rights_to_give[$sbas_id][$right] = true; } } } @@ -382,6 +383,8 @@ class ACL implements cache_cacheableInterface $bas_to_acces = $masks_to_give = $rights_to_give = []; + // todo ? wtf simplify this sb manipulation, now it is 32 bits + /** * map masks (and+xor) of template to masks to apply to user on base * (and_and, and_or, xor_and, xor_or) @@ -396,8 +399,9 @@ class ACL implements cache_cacheableInterface foreach ($this->app->getAclForUser($template_user)->get_granted_base() as $collection) { $base_id = $collection->get_base_id(); - if (!in_array($base_id, $base_ids)) + if (!in_array($base_id, $base_ids)) { continue; + } if (!$this->has_access_to_base($base_id)) { $bas_to_acces[] = $base_id; @@ -435,10 +439,10 @@ class ACL implements cache_cacheableInterface } $masks_to_give[$base_id] = [ - 'aa' => $m['aa'] - , 'ao' => $m['ao'] - , 'xa' => $m['xa'] - , 'xo' => $m['xo'] + 'aa' => $m['aa'], + 'ao' => $m['ao'], + 'xa' => $m['xa'], + 'xo' => $m['xo'] ]; } @@ -498,8 +502,9 @@ class ACL implements cache_cacheableInterface return false; } - if (!isset($this->_rights_bas[$base_id][$right])) + if (!isset($this->_rights_bas[$base_id][$right])) { throw new Exception('right ' . $right . ' does not exists'); + } return ($this->_rights_bas[$base_id][$right] === true); } @@ -601,6 +606,8 @@ class ACL implements cache_cacheableInterface * @param int $base_id * @param int $n * @return ACL + * + * todo : wtf direct cache modification, where is sql ? */ public function remove_remaining($base_id, $n = 1) { @@ -610,11 +617,7 @@ class ACL implements cache_cacheableInterface return false; } - $this->_rights_bas[$base_id]['remain_dwnld'] = - $this->_rights_bas[$base_id]['remain_dwnld'] - (int) $n; - $v = $this->_rights_bas[$base_id]['remain_dwnld']; - $this->_rights_bas[$base_id]['remain_dwnld'] = - $this->_rights_bas[$base_id]['remain_dwnld'] < 0 ? 0 : $v; + $this->_rights_bas[$base_id]['remain_dwnld'] = max(0, $this->_rights_bas[$base_id]['remain_dwnld'] - (int) $n); return $this; } @@ -630,8 +633,9 @@ class ACL implements cache_cacheableInterface { $this->load_global_rights(); - if (!isset($this->_global_rights[$right])) + if (!isset($this->_global_rights[$right])) { throw new Exception('This right does not exists'); + } return $this->_global_rights[$right]; } @@ -652,8 +656,9 @@ class ACL implements cache_cacheableInterface return false; } - if (!isset($this->_rights_sbas[$sbas_id][$right])) + if (!isset($this->_rights_sbas[$sbas_id][$right])) { throw new Exception('This right does not exists'); + } if ($this->_rights_sbas[$sbas_id][$right] === true) { return true; @@ -774,8 +779,9 @@ class ACL implements cache_cacheableInterface */ public function get_granted_sbas($rights = []) { - if (is_string($rights)) + if (is_string($rights)) { $rights = [$rights]; + } assert(is_array($rights)); @@ -792,13 +798,14 @@ class ACL implements cache_cacheableInterface break; } } - if ($continue) + if ($continue) { continue; + } try { $ret[$sbas_id] = $this->app->findDataboxById((int) $sbas_id); } catch (\Exception $e) { - + // no-op } } @@ -907,7 +914,7 @@ class ACL implements cache_cacheableInterface return $this; } catch (\Exception $e) { - + // no-op } $sql = "SELECT sbasusr.* FROM sbasusr INNER JOIN sbas USING(sbas_id) WHERE usr_id= :usr_id"; @@ -927,10 +934,10 @@ class ACL implements cache_cacheableInterface foreach ($rs as $row) { $sbid = $row['sbas_id']; $this->_rights_sbas[$sbid] = []; - $this->_global_rights[self::BAS_MODIF_TH] |= ($this->_rights_sbas[$sbid][self::BAS_MODIF_TH] = ($row['bas_modif_th'] == '1')); - $this->_global_rights[self::BAS_MODIFY_STRUCT] |= ($this->_rights_sbas[$sbid][self::BAS_MODIFY_STRUCT] = ($row['bas_modify_struct'] == '1')); - $this->_global_rights[self::BAS_MANAGE] |= ($this->_rights_sbas[$sbid][self::BAS_MANAGE] = ($row['bas_manage'] == '1')); - $this->_global_rights[self::BAS_CHUPUB] |= ($this->_rights_sbas[$sbid][self::BAS_CHUPUB] = ($row['bas_chupub'] == '1')); + $this->_global_rights[self::BAS_MODIF_TH] |= ($this->_rights_sbas[$sbid][self::BAS_MODIF_TH] = ($row[self::BAS_MODIF_TH] == '1')); + $this->_global_rights[self::BAS_MODIFY_STRUCT] |= ($this->_rights_sbas[$sbid][self::BAS_MODIFY_STRUCT] = ($row[self::BAS_MODIFY_STRUCT] == '1')); + $this->_global_rights[self::BAS_MANAGE] |= ($this->_rights_sbas[$sbid][self::BAS_MANAGE] = ($row[self::BAS_MANAGE] == '1')); + $this->_global_rights[self::BAS_CHUPUB] |= ($this->_rights_sbas[$sbid][self::BAS_CHUPUB] = ($row[self::BAS_CHUPUB] == '1')); } $this->set_data_to_cache($this->_rights_sbas, self::CACHE_RIGHTS_SBAS); $this->set_data_to_cache($this->_global_rights, self::CACHE_GLOBAL_RIGHTS); @@ -1002,7 +1009,7 @@ class ACL implements cache_cacheableInterface foreach ($rs as $row) { $bid = $row['base_id']; - $this->_rights_bas[$bid]['actif'] = ($row['actif'] == '1'); + $this->_rights_bas[$bid][self::ACTIF] = ($row[self::ACTIF] == '1'); $row['limited_from'] = $row['limited_from'] == '0000-00-00 00:00:00' ? '' : trim($row['limited_from']); $row['limited_to'] = $row['limited_to'] == '0000-00-00 00:00:00' ? '' : trim($row['limited_to']); @@ -1015,21 +1022,21 @@ class ACL implements cache_cacheableInterface ]; } - $this->_global_rights[self::IMGTOOLS] |= ($this->_rights_bas[$bid][self::IMGTOOLS] = ($row['imgtools'] == '1')); - $this->_global_rights[self::CHGSTATUS] |= ($this->_rights_bas[$bid][self::CHGSTATUS] = ($row['chgstatus'] == '1')); - $this->_global_rights[self::CANCMD] |= ($this->_rights_bas[$bid][self::CANCMD] = ($row['cancmd'] == '1')); - $this->_global_rights[self::CANADDRECORD] |= ($this->_rights_bas[$bid][self::CANADDRECORD] = ($row['canaddrecord'] == '1')); - $this->_global_rights[self::CANPUSH] |= ($this->_rights_bas[$bid][self::CANPUSH] = ($row['canpush'] == '1')); - $this->_global_rights[self::CANDELETERECORD] |= ($this->_rights_bas[$bid][self::CANDELETERECORD] = ($row['candeleterecord'] == '1')); - $this->_global_rights[self::CANADMIN] |= ($this->_rights_bas[$bid][self::CANADMIN] = ($row['canadmin'] == '1')); - $this->_global_rights[self::CANDWNLDPREVIEW] |= ($this->_rights_bas[$bid][self::CANDWNLDPREVIEW] = ($row['candwnldpreview'] == '1')); - $this->_global_rights[self::CANDWNLDHD] |= ($this->_rights_bas[$bid][self::CANDWNLDHD] = ($row['candwnldhd'] == '1')); - $this->_global_rights[self::CANMODIFRECORD] |= ($this->_rights_bas[$bid][self::CANMODIFRECORD] = ($row['canmodifrecord'] == '1')); - $this->_global_rights[self::CANPUTINALBUM] |= ($this->_rights_bas[$bid][self::CANPUTINALBUM] = ($row['canputinalbum'] == '1')); - $this->_global_rights[self::CANREPORT] |= ($this->_rights_bas[$bid][self::CANREPORT] = ($row['canreport'] == '1')); - $this->_global_rights[self::COLL_MODIFY_STRUCT] |= ($this->_rights_bas[$bid][self::COLL_MODIFY_STRUCT] = ($row['modify_struct'] == '1')); - $this->_global_rights[self::COLL_MANAGE] |= ($this->_rights_bas[$bid][self::COLL_MANAGE] = ($row['manage'] == '1')); - $this->_global_rights[self::ORDER_MASTER] |= ($this->_rights_bas[$bid][self::ORDER_MASTER] = ($row['order_master'] == '1')); + $this->_global_rights[self::IMGTOOLS] |= ($this->_rights_bas[$bid][self::IMGTOOLS] = ($row[self::IMGTOOLS] == '1')); + $this->_global_rights[self::CHGSTATUS] |= ($this->_rights_bas[$bid][self::CHGSTATUS] = ($row[self::CHGSTATUS] == '1')); + $this->_global_rights[self::CANCMD] |= ($this->_rights_bas[$bid][self::CANCMD] = ($row[self::CANCMD] == '1')); + $this->_global_rights[self::CANADDRECORD] |= ($this->_rights_bas[$bid][self::CANADDRECORD] = ($row[self::CANADDRECORD] == '1')); + $this->_global_rights[self::CANPUSH] |= ($this->_rights_bas[$bid][self::CANPUSH] = ($row[self::CANPUSH] == '1')); + $this->_global_rights[self::CANDELETERECORD] |= ($this->_rights_bas[$bid][self::CANDELETERECORD] = ($row[self::CANDELETERECORD] == '1')); + $this->_global_rights[self::CANADMIN] |= ($this->_rights_bas[$bid][self::CANADMIN] = ($row[self::CANADMIN] == '1')); + $this->_global_rights[self::CANDWNLDPREVIEW] |= ($this->_rights_bas[$bid][self::CANDWNLDPREVIEW] = ($row[self::CANDWNLDPREVIEW] == '1')); + $this->_global_rights[self::CANDWNLDHD] |= ($this->_rights_bas[$bid][self::CANDWNLDHD] = ($row[self::CANDWNLDHD] == '1')); + $this->_global_rights[self::CANMODIFRECORD] |= ($this->_rights_bas[$bid][self::CANMODIFRECORD] = ($row[self::CANMODIFRECORD] == '1')); + $this->_global_rights[self::CANPUTINALBUM] |= ($this->_rights_bas[$bid][self::CANPUTINALBUM] = ($row[self::CANPUTINALBUM] == '1')); + $this->_global_rights[self::CANREPORT] |= ($this->_rights_bas[$bid][self::CANREPORT] = ($row[self::CANREPORT] == '1')); + $this->_global_rights[self::COLL_MODIFY_STRUCT] |= ($this->_rights_bas[$bid][self::COLL_MODIFY_STRUCT] = ($row[self::COLL_MODIFY_STRUCT] == '1')); + $this->_global_rights[self::COLL_MANAGE] |= ($this->_rights_bas[$bid][self::COLL_MANAGE] = ($row[self::COLL_MANAGE] == '1')); + $this->_global_rights[self::ORDER_MASTER] |= ($this->_rights_bas[$bid][self::ORDER_MASTER] = ($row[self::ORDER_MASTER] == '1')); $this->_rights_bas[$bid][self::NOWATERMARK] = ($row['nowatermark'] == '1'); $this->_rights_bas[$bid][self::RESTRICT_DWNLD] = ($row['restrict_dwnld'] == '1'); @@ -1233,43 +1240,31 @@ class ACL implements cache_cacheableInterface public function update_rights_to_base($base_id, $rights) { - if (!$this->has_access_to_base($base_id) && (!isset($rights['actif']) || $rights['actif'] == '1')) { + if (!$this->has_access_to_base($base_id) && (!isset($rights[self::ACTIF]) || $rights[self::ACTIF] == true)) { $this->give_access_to_base([$base_id]); } - $sql_up = "UPDATE basusr SET "; + $conn = $this->app->getApplicationBox()->get_connection(); - $sql_args = $params = []; + $sql_args = []; foreach ($rights as $right => $v) { - $sql_args[] = " " . $right . " = :" . $right; - switch ($right) { - default: - $params[':' . $right] = $v ? '1' : '0'; - break; - case 'mask_and': - case 'mask_xor': - $params[':' . $right] = $v; - break; + if(is_bool($v)) { + $v = $v ? 1 : 0; } + $sql_args[] = " " . $conn->quoteIdentifier($right) . "=" . $conn->quote($v) . "\n"; } if (count($sql_args) == 0) { return $this; } - $usr_id = $this->user->getId(); + $sql = "UPDATE basusr SET\n" + . implode(',', $sql_args) + . " WHERE base_id = :base_id AND usr_id = :usr_id"; - $sql_up .= implode(', ', $sql_args) . ' WHERE base_id = :base_id - AND usr_id = :usr_id'; - - $params = array_merge( - $params - , [':base_id' => $base_id, ':usr_id' => $usr_id] - ); - - $stmt_up = $this->app->getApplicationBox()->get_connection()->prepare($sql_up); - $stmt_up->execute($params); - $stmt_up->closeCursor(); + $stmt = $conn->prepare($sql); + $stmt->execute([':base_id' => $base_id, ':usr_id' => $this->user->getId()]); + $stmt->closeCursor(); $this->delete_data_from_cache(self::CACHE_RIGHTS_BAS); @@ -1277,10 +1272,10 @@ class ACL implements cache_cacheableInterface AclEvents::RIGHTS_TO_BASE_CHANGED, new RightsToBaseChangedEvent( $this, - array( - 'base_id'=>$base_id, - 'rights'=>$rights - ) + [ + 'base_id' => $base_id, + 'rights' => $rights + ] ) ); @@ -1293,11 +1288,10 @@ class ACL implements cache_cacheableInterface */ public function revoke_unused_sbas_rights() { - $sql = 'DELETE FROM sbasusr - WHERE usr_id = :usr_id_1 - AND sbas_id NOT IN - (SELECT distinct sbas_id FROM basusr bu, bas b - WHERE usr_id = :usr_id_2 AND b.base_id = bu.base_id)'; + $sql = "DELETE FROM sbasusr\n" + . " WHERE usr_id = :usr_id_1\n" + . " AND sbas_id NOT IN\n" + . "(SELECT distinct sbas_id FROM basusr bu, bas b WHERE usr_id = :usr_id_2 AND b.base_id = bu.base_id)"; $usr_id = $this->user->getId(); $params = [':usr_id_1' => $usr_id, ':usr_id_2' => $usr_id]; @@ -1312,48 +1306,50 @@ class ACL implements cache_cacheableInterface } /** - * - * @param $sbas_id - * @param $rights - * @return ACL + * @param $sbas_id + * @param $rights + * @return $this + * @throws DBALException + * @throws Exception */ public function update_rights_to_sbas($sbas_id, $rights) { - if (!$this->has_access_to_sbas($sbas_id)) + if (!$this->has_access_to_sbas($sbas_id)) { $this->give_access_to_sbas([$sbas_id]); - - $sql_up = "UPDATE sbasusr SET "; + } $sql_args = []; - $usr_id = $this->user->getId(); + $conn = $this->app->getApplicationBox()->get_connection(); foreach ($rights as $right => $v) { - $sql_args[] = "`" . $right . "`=" . ($v ? '1' : '0'); + if(is_bool($v)) { + $v = $v ? 1 : 0; + } + $sql_args[] = " " . $conn->quoteIdentifier($right) . "=" . $conn->quote($v) . "\n"; } if (count($sql_args) == 0) { return $this; } - $sql_up .= implode(', ', $sql_args) . "\n" + $sql = "UPDATE sbasusr SET\n" + . implode(',', $sql_args) . " WHERE sbas_id = :sbas_id AND usr_id = :usr_id"; - $stmt_up = $this->app->getApplicationBox()->get_connection()->prepare($sql_up); + $stmt = $conn->prepare($sql); + $stmt->execute([':sbas_id' => $sbas_id, ':usr_id' => $this->user->getId()]); + $stmt->closeCursor(); - if (!$stmt_up->execute([':sbas_id' => $sbas_id, ':usr_id' => $usr_id])) { - throw new Exception('Error while updating some rights'); - } - $stmt_up->closeCursor(); $this->delete_data_from_cache(self::CACHE_RIGHTS_SBAS); $this->app['dispatcher']->dispatch( AclEvents::RIGHTS_TO_SBAS_CHANGED, new RightsToSbasChangedEvent( $this, - array( - 'sbas_id'=>$sbas_id, - 'rights'=>$rights - ) + [ + 'sbas_id' => $sbas_id, + 'rights' => $rights + ] ) ); @@ -1479,28 +1475,28 @@ class ACL implements cache_cacheableInterface $this->give_access_to_base([$base_id_dest]); - $rights = [ - 'mask_and' => $row['mask_and'], - 'mask_xor' => $row['mask_xor'], - ]; - - $rights[self::CANPUTINALBUM] = ($row['canputinalbum'] == '1'); - $rights[self::CANDWNLDHD] = ($row['candwnldhd'] == '1'); - $rights[self::CANDWNLDPREVIEW] = ($row['candwnldpreview'] == '1'); - $rights[self::CANCMD] = ($row['cancmd'] == '1'); - $rights[self::CANADMIN] = ($row['canadmin'] == '1'); - $rights[self::CANREPORT] = ($row['canreport'] == '1'); - $rights[self::CANPUSH] = ($row['canpush'] == '1'); - $rights[self::NOWATERMARK] = ($row['nowatermark'] == '1'); - $rights[self::CANADDRECORD] = ($row['canaddrecord'] == '1'); - $rights[self::CANMODIFRECORD] = ($row['canmodifrecord' == '1']); - $rights[self::CANDELETERECORD] = ($row['candeleterecord'] == '1'); - $rights[self::CHGSTATUS] = ($row['chgstatus'] == '1'); - $rights[self::IMGTOOLS] = ($row['imgtools'] == '1'); - $rights[self::COLL_MANAGE] = ($row['manage'] == '1'); - $rights[self::COLL_MODIFY_STRUCT] = ($row['modify_struct'] == '1'); - - $this->update_rights_to_base($base_id_dest, $rights); + $this->update_rights_to_base( + $base_id_dest, + [ + 'mask_and' => $row['mask_and'], + 'mask_xor' => $row['mask_xor'], + self::CANPUTINALBUM => ($row[self::CANPUTINALBUM] == '1'), + self::CANDWNLDHD => ($row[self::CANDWNLDHD] == '1'), + self::CANDWNLDPREVIEW => ($row[self::CANDWNLDPREVIEW] == '1'), + self::CANCMD => ($row[self::CANCMD] == '1'), + self::CANADMIN => ($row[self::CANADMIN] == '1'), + self::CANREPORT => ($row[self::CANREPORT] == '1'), + self::CANPUSH => ($row[self::CANPUSH] == '1'), + self::NOWATERMARK => ($row[self::NOWATERMARK] == '1'), + self::CANADDRECORD => ($row[self::CANADDRECORD] == '1'), + self::CANMODIFRECORD => ($row[self::CANMODIFRECORD] == '1'), + self::CANDELETERECORD => ($row[self::CANDELETERECORD] == '1'), + self::CHGSTATUS => ($row[self::CHGSTATUS] == '1'), + self::IMGTOOLS => ($row[self::IMGTOOLS] == '1'), + self::COLL_MANAGE => ($row[self::COLL_MANAGE] == '1'), + self::COLL_MODIFY_STRUCT => ($row[self::COLL_MODIFY_STRUCT] == '1') + ] + ); if ($row['time_limited']) { $this->set_limits($base_id_dest, $row['time_limited'], new \DateTime($row['limited_from']), new \DateTime($row['limited_to'])); @@ -1599,10 +1595,10 @@ class ACL implements cache_cacheableInterface } } - $sql = "UPDATE basusr - SET mask_and=((mask_and & " . $vhex['and_and'] . ") | " . $vhex['and_or'] . ") - ,mask_xor=((mask_xor & " . $vhex['xor_and'] . ") | " . $vhex['xor_or'] . ") - WHERE usr_id = :usr_id and base_id = :base_id"; + $sql = "UPDATE basusr\n" + . " SET mask_and=((mask_and & " . $vhex['and_and'] . ") | " . $vhex['and_or'] . "),\n" + . " mask_xor=((mask_xor & " . $vhex['xor_and'] . ") | " . $vhex['xor_or'] . ")\n" + . " WHERE usr_id = :usr_id and base_id = :base_id"; $stmt = $this->app->getApplicationBox()->get_connection()->prepare($sql); $stmt->execute([':base_id' => $base_id, ':usr_id' => $this->user->getId()]); @@ -1661,31 +1657,18 @@ class ACL implements cache_cacheableInterface public function set_limits($base_id, $limit, DateTime $limit_from = null, DateTime $limit_to = null) { - if ($limit) { - $sql = 'UPDATE basusr - SET time_limited = 1 - , limited_from = :limited_from - , limited_to = :limited_to - WHERE base_id = :base_id AND usr_id = :usr_id'; - } else { - $sql = 'UPDATE basusr - SET time_limited = 0 - , limited_from = :limited_from - , limited_to = :limited_to - WHERE base_id = :base_id AND usr_id = :usr_id'; - } - - $params = [ - ':usr_id' => $this->user->getId(), - ':base_id' => $base_id, - 'limited_from' => NullableDateTime::format($limit_from, DATE_ISO8601), - 'limited_to' => NullableDateTime::format($limit_to, DATE_ISO8601), - ]; + $sql = "UPDATE basusr\n" + . " SET time_limited = :time_limited, limited_from = :limited_from, limited_to = :limited_to\n" + . " WHERE base_id = :base_id AND usr_id = :usr_id"; $stmt = $this->app->getApplicationBox()->get_connection()->prepare($sql); - - $stmt->execute($params); - + $stmt->execute([ + ':time_limited' => $limit ? 1 : 0, + ':usr_id' => $this->user->getId(), + ':base_id' => $base_id, + ':limited_from' => NullableDateTime::format($limit_from, DATE_ISO8601), + ':limited_to' => NullableDateTime::format($limit_to, DATE_ISO8601), + ]); $stmt->closeCursor(); $this->delete_data_from_cache(self::CACHE_LIMITS_BAS); diff --git a/lib/classes/User/Query.php b/lib/classes/User/Query.php index 11543ccc0b..4c1c1a8152 100644 --- a/lib/classes/User/Query.php +++ b/lib/classes/User/Query.php @@ -14,7 +14,7 @@ use Alchemy\Phrasea\Model\Entities\User; use Doctrine\Common\Collections\ArrayCollection; use Alchemy\Phrasea\Utilities\Countries; -class User_Query implements User_QueryInterface +class User_Query { const ORD_ASC = 'ASC'; const ORD_DESC = 'DESC'; diff --git a/lib/classes/User/QueryInterface.php b/lib/classes/User/QueryInterface.php deleted file mode 100644 index 837c80c9cf..0000000000 --- a/lib/classes/User/QueryInterface.php +++ /dev/null @@ -1,47 +0,0 @@ -app->getAclForUser($user) ->give_access_to_sbas([$this->id]) ->update_rights_to_sbas( - $this->id, [ - \ACL::BAS_MANAGE => 1, - \ACL::BAS_MODIFY_STRUCT => 1, - \ACL::BAS_MODIF_TH => 1, - \ACL::BAS_CHUPUB => 1 + $this->id, + [ + \ACL::BAS_MANAGE => true, + \ACL::BAS_MODIFY_STRUCT => true, + \ACL::BAS_MODIF_TH => true, + \ACL::BAS_CHUPUB => true ] ); @@ -1133,9 +1134,7 @@ class databox extends base implements ThumbnailedElement $rs = $stmt->fetchAll(PDO::FETCH_ASSOC); $stmt->closeCursor(); - $sql = "INSERT INTO bas - (base_id, active, server_coll_id, sbas_id) VALUES - (null,'1', :coll_id, :sbas_id)"; + $sql = "INSERT INTO bas (active, server_coll_id, sbas_id) VALUES ('1', :coll_id, :sbas_id)"; $stmt = $conn->prepare($sql); $base_ids = []; @@ -1156,24 +1155,28 @@ class databox extends base implements ThumbnailedElement $this->app->getAclForUser($user)->give_access_to_base($base_ids); foreach ($base_ids as $base_id) { - $this->app->getAclForUser($user)->update_rights_to_base($base_id, [ - \ACL::CANPUSH => 1, - \ACL::CANCMD => 1, - \ACL::CANPUTINALBUM => 1, - \ACL::CANDWNLDHD => 1, - \ACL::CANDWNLDPREVIEW => 1, - \ACL::CANADMIN => 1, - \ACL::ACTIF => 1, - \ACL::CANREPORT => 1, - \ACL::CANADDRECORD => 1, - \ACL::CANMODIFRECORD => 1, - \ACL::CANDELETERECORD => 1, - \ACL::CHGSTATUS => 1, - \ACL::IMGTOOLS => 1, - \ACL::COLL_MANAGE => 1, - \ACL::COLL_MODIFY_STRUCT => 1, - \ACL::NOWATERMARK => 1 - ]); + $this->app->getAclForUser($user) + ->update_rights_to_base( + $base_id, + [ + \ACL::CANPUSH => true, + \ACL::CANCMD => true, + \ACL::CANPUTINALBUM => true, + \ACL::CANDWNLDHD => true, + \ACL::CANDWNLDPREVIEW => true, + \ACL::CANADMIN => true, + \ACL::ACTIF => true, + \ACL::CANREPORT => true, + \ACL::CANADDRECORD => true, + \ACL::CANMODIFRECORD => true, + \ACL::CANDELETERECORD => true, + \ACL::CHGSTATUS => true, + \ACL::IMGTOOLS => true, + \ACL::COLL_MANAGE => true, + \ACL::COLL_MODIFY_STRUCT => true, + \ACL::NOWATERMARK => true + ] + ); } $this->app->getAclForUser($user)->delete_data_from_cache(); diff --git a/templates/web/admin/publications/fiche.html.twig b/templates/web/admin/publications/fiche.html.twig index 77a678400e..a211daaef1 100644 --- a/templates/web/admin/publications/fiche.html.twig +++ b/templates/web/admin/publications/fiche.html.twig @@ -106,7 +106,7 @@
- {% for databox in app.getAclForUser(app.getAuthenticatedUser()).get_granted_sbas(constant('\\ACL::BAS_CHUPUB')) %} + {% for databox in app.getAclForUser(app.getAuthenticatedUser()).get_granted_sbas([constant('\\ACL::BAS_CHUPUB')]) %} {% for collection in databox.get_collections() %} diff --git a/templates/web/common/caption.html.twig b/templates/web/common/caption.html.twig index 71b1f1b284..51f277901c 100644 --- a/templates/web/common/caption.html.twig +++ b/templates/web/common/caption.html.twig @@ -1,6 +1,6 @@ {% import 'common/macros.html.twig' as macro %} -{% set business = granted_on_collection(record.baseId, constant('\\ACL::CANMODIFRECORD')) %} +{% set business = granted_on_collection(record.baseId, [constant('\\ACL::CANMODIFRECORD')]) %} {% set display_exif = true %} {% if view == 'answer' %} diff --git a/templates/web/prod/preview/caption.html.twig b/templates/web/prod/preview/caption.html.twig index 792686f091..5562732768 100644 --- a/templates/web/prod/preview/caption.html.twig +++ b/templates/web/prod/preview/caption.html.twig @@ -1,6 +1,6 @@ {% import 'common/macros.html.twig' as macro %} - {% set can_edit = granted_on_collection(record.baseId, constant('\\ACL::CANMODIFRECORD')) %} + {% set can_edit = granted_on_collection(record.baseId, [constant('\\ACL::CANMODIFRECORD')]) %} {% set can_see_business = can_edit %} {% if can_edit %} diff --git a/templates/web/prod/results/list.html.twig b/templates/web/prod/results/list.html.twig index 9a6a5c433e..790a4c2414 100644 --- a/templates/web/prod/results/list.html.twig +++ b/templates/web/prod/results/list.html.twig @@ -13,7 +13,7 @@
- {% set can_see_business = granted_on_collection(record.baseId, constant('\\ACL::CANMODIFRECORD')) %} + {% set can_see_business = granted_on_collection(record.baseId, [constant('\\ACL::CANMODIFRECORD')]) %} {{ macro.caption(record, can_see_business) }}
diff --git a/templates/web/prod/results/record.html.twig b/templates/web/prod/results/record.html.twig index 3f3e5790e5..117925bcb2 100644 --- a/templates/web/prod/results/record.html.twig +++ b/templates/web/prod/results/record.html.twig @@ -18,7 +18,7 @@
- {% set can_see_business = granted_on_collection(record.baseId, constant('\\ACL::CANMODIFRECORD')) %} + {% set can_see_business = granted_on_collection(record.baseId, [constant('\\ACL::CANMODIFRECORD')]) %}
- {% if granted_on_collection(record.baseId, constant('\\ACL::CANPUTINALBUM')) and not record.story %} + {% if granted_on_collection(record.baseId, [constant('\\ACL::CANPUTINALBUM')]) and not record.story %}
@@ -113,7 +113,7 @@
{% endif %} - {% if granted_on_collection(record.baseId, constant('\\ACL::CANDWNLDPREVIEW')) or granted_on_collection(record.baseId, constant('\\ACL::CANDWNLDHD')) %} + {% if granted_on_collection(record.baseId, [constant('\\ACL::CANDWNLDPREVIEW')]) or granted_on_collection(record.baseId, [constant('\\ACL::CANDWNLDHD')]) %}
diff --git a/tests/Alchemy/Tests/Phrasea/Controller/Admin/UsersTest.php b/tests/Alchemy/Tests/Phrasea/Controller/Admin/UsersTest.php index a584ce7846..3b88401969 100644 --- a/tests/Alchemy/Tests/Phrasea/Controller/Admin/UsersTest.php +++ b/tests/Alchemy/Tests/Phrasea/Controller/Admin/UsersTest.php @@ -1,6 +1,8 @@ getAclForUser($user)->give_access_to_sbas(array_keys(self::$DI['app']->getDataboxes())); + /** @var Databox $databox */ foreach (self::$DI['app']->getDataboxes() as $databox) { - $rights = [ - \ACL::BAS_MANAGE => '1', - \ACL::BAS_MODIFY_STRUCT => '1', - \ACL::BAS_MODIF_TH => '1', - \ACL::BAS_CHUPUB => '1', - ]; - - self::$DI['app']->getAclForUser($user)->update_rights_to_sbas($databox->get_sbas_id(), $rights); + self::$DI['app']->getAclForUser($user) + ->update_rights_to_sbas( + $databox->get_sbas_id(), + [ + \ACL::BAS_MANAGE => true, + \ACL::BAS_MODIFY_STRUCT => true, + \ACL::BAS_MODIF_TH => true, + \ACL::BAS_CHUPUB => true, + ] + ); foreach ($databox->get_collections() as $collection) { $base_id = $collection->get_base_id(); self::$DI['app']->getAclForUser($user)->give_access_to_base([$base_id]); - $rights = [ - \ACL::CANPUTINALBUM => '1', - \ACL::CANDWNLDHD => '1', - 'candwnldsubdef' => '1', - \ACL::NOWATERMARK => '1' - ]; + self::$DI['app']->getAclForUser($user) + ->update_rights_to_base( + $collection->get_base_id(), + [ + \ACL::CANPUTINALBUM => true, + \ACL::CANDWNLDHD => true, + \ACL::NOWATERMARK => true + ] + ); - self::$DI['app']->getAclForUser($user)->update_rights_to_base($collection->get_base_id(), $rights); break; } } @@ -444,7 +451,13 @@ class UsersTest extends \PhraseanetAuthenticatedWebTestCase // create a template if (null === self::$DI['app']['repo.users']->findByLogin('csv_template')) { $user = self::$DI['app']['manipulator.user']->createTemplate('csv_template', self::$DI['app']->getAuthenticatedUser()); - self::$DI['app']->getAclForUser($user)->update_rights_to_base(self::$DI['collection']->get_base_id(), ['actif'=> 1]); + self::$DI['app']->getAclForUser($user) + ->update_rights_to_base( + self::$DI['collection']->get_base_id(), + [ + \ACL::ACTIF => true + ] + ); } $nativeQueryMock = $this->getMockBuilder('Alchemy\Phrasea\Model\NativeQueryProvider') diff --git a/tests/Alchemy/Tests/Phrasea/Controller/Api/ApiJsonTest.php b/tests/Alchemy/Tests/Phrasea/Controller/Api/ApiJsonTest.php index ae5dfa3c8f..1d1023c064 100644 --- a/tests/Alchemy/Tests/Phrasea/Controller/Api/ApiJsonTest.php +++ b/tests/Alchemy/Tests/Phrasea/Controller/Api/ApiJsonTest.php @@ -1009,13 +1009,14 @@ class ApiJsonTest extends ApiTestCase if ('none' !== $collection->get_pub_wm()) { $collection->set_public_presentation('none'); } - $app->getAclForUser(self::$DI['user_notAdmin'])->update_rights_to_base( - $collection->get_base_id(), - [ - \ACL::CANDWNLDPREVIEW => 1, - \ACL::CANDWNLDHD => 1 - ] - ); + $app->getAclForUser(self::$DI['user_notAdmin']) + ->update_rights_to_base( + $collection->get_base_id(), + [ + \ACL::CANDWNLDPREVIEW => true, + \ACL::CANDWNLDHD => true + ] + ); /** @var \record_adapter $record_1 */ $record_1 = self::$DI['record_1']; @@ -1053,10 +1054,14 @@ class ApiJsonTest extends ApiTestCase { $this->setToken($this->userAccessToken); - self::$DI['app']->getAclForUser(self::$DI['user_notAdmin'])->update_rights_to_base(self::$DI['collection']->get_base_id(), array( - \ACL::CANDWNLDPREVIEW => 1, - \ACL::CANDWNLDHD => 0 - )); + self::$DI['app']->getAclForUser(self::$DI['user_notAdmin']) + ->update_rights_to_base( + self::$DI['collection']->get_base_id(), + [ + \ACL::CANDWNLDPREVIEW => true, + \ACL::CANDWNLDHD => false + ] + ); $route = '/api/v1/records/' . self::$DI['record_1']->get_sbas_id() . '/' . self::$DI['record_1']->get_record_id() . '/embed/'; @@ -1077,13 +1082,14 @@ class ApiJsonTest extends ApiTestCase { $this->setToken($this->userAccessToken); - self::$DI['app']->getAclForUser(self::$DI['user_notAdmin'])->update_rights_to_base( - self::$DI['collection']->get_base_id(), - [ - \ACL::CANDWNLDPREVIEW => 0, - \ACL::CANDWNLDHD => 0 - ] - ); + self::$DI['app']->getAclForUser(self::$DI['user_notAdmin']) + ->update_rights_to_base( + self::$DI['collection']->get_base_id(), + [ + \ACL::CANDWNLDPREVIEW => false, + \ACL::CANDWNLDHD => false + ] + ); $route = '/api/v1/records/' . self::$DI['record_1']->get_sbas_id() . '/' . self::$DI['record_1']->get_record_id() . '/embed/'; diff --git a/tests/Alchemy/Tests/Phrasea/Controller/RecordsRequestTest.php b/tests/Alchemy/Tests/Phrasea/Controller/RecordsRequestTest.php index ef7fe5d345..96c5ede69b 100644 --- a/tests/Alchemy/Tests/Phrasea/Controller/RecordsRequestTest.php +++ b/tests/Alchemy/Tests/Phrasea/Controller/RecordsRequestTest.php @@ -79,7 +79,12 @@ class RecordsRequestTest extends \PhraseanetAuthenticatedTestCase public function testSimpleWithoutSbasRights() { self::$DI['app']->getAclForUser(self::$DI['app']->getAuthenticatedUser()) - ->update_rights_to_sbas(self::$DI['record_2']->get_sbas_id(), [\ACL::BAS_CHUPUB => 0]); + ->update_rights_to_sbas( + self::$DI['record_2']->get_sbas_id(), + [ + \ACL::BAS_CHUPUB => false + ] + ); $request = new Request([ 'lst' => implode(';', [ @@ -107,7 +112,9 @@ class RecordsRequestTest extends \PhraseanetAuthenticatedTestCase self::$DI['app']->getAclForUser(self::$DI['app']->getAuthenticatedUser()) ->update_rights_to_base( self::$DI['record_2']->get_base_id(), - [\ACL::CHGSTATUS => 0] + [ + \ACL::CHGSTATUS => false + ] ); $request = new Request([ diff --git a/tests/Alchemy/Tests/Phrasea/Model/Manipulator/ACLManipulatorTest.php b/tests/Alchemy/Tests/Phrasea/Model/Manipulator/ACLManipulatorTest.php index 1409291e56..44e1f4752c 100644 --- a/tests/Alchemy/Tests/Phrasea/Model/Manipulator/ACLManipulatorTest.php +++ b/tests/Alchemy/Tests/Phrasea/Model/Manipulator/ACLManipulatorTest.php @@ -2,6 +2,9 @@ namespace Alchemy\Tests\Phrasea\Model\Manipulator; +use \ACL; +use \Databox; + /** * @group functional * @group legacy @@ -11,46 +14,53 @@ class ACLManipulatorTest extends \PhraseanetTestCase public function testResetAdminRights() { $user = self::$DI['app']['manipulator.user']->createUser(uniqid('toto'), 'toto', null, true); + /** @var ACL $acl */ $acl = self::$DI['app']->getAclForUser($user); $databoxId = null; $baseId = null; + /** @var Databox $databox */ foreach (self::$DI['app']->getDataboxes() as $databox) { $databoxId = $databox->get_sbas_id(); - $acl->update_rights_to_sbas($databoxId, [ - \ACL::BAS_MANAGE => '0', - \ACL::BAS_MODIFY_STRUCT => '0', - \ACL::BAS_MODIF_TH => '0', - \ACL::BAS_CHUPUB => '0', - ]); + $acl->update_rights_to_sbas( + $databoxId, + [ + \ACL::BAS_MANAGE => false, + \ACL::BAS_MODIFY_STRUCT => false, + \ACL::BAS_MODIF_TH => false, + \ACL::BAS_CHUPUB => false + ] + ); foreach ($databox->get_collections() as $collection) { $baseId = $collection->get_base_id(); $acl->set_limits($baseId, true); $acl->set_masks_on_base($baseId, '1', '1', '1', '1'); - $acl->update_rights_to_base($baseId, [ - \ACL::CANPUTINALBUM => '0', - \ACL::CANDWNLDHD => '0', - 'candwnldsubdef' => '0', - \ACL::NOWATERMARK => '0', - \ACL::CANDWNLDPREVIEW => '0', - \ACL::CANCMD => '0', - \ACL::CANADMIN => '0', - \ACL::CANREPORT => '0', - \ACL::CANPUSH => '0', - 'creationdate' => '0', - \ACL::CANADDRECORD => '0', - \ACL::CANMODIFRECORD => '0', - \ACL::CANDELETERECORD => '0', - \ACL::CHGSTATUS => '0', - \ACL::IMGTOOLS => '0', - \ACL::COLL_MANAGE => '0', - \ACL::COLL_MODIFY_STRUCT => '0', - \ACL::BAS_MODIFY_STRUCT => '0' - ]); + $acl->update_rights_to_base( + $baseId, + [ + 'creationdate' => '0', // todo: wtf + \ACL::CANPUTINALBUM => false, + \ACL::CANDWNLDHD => false, + \ACL::NOWATERMARK => false, + \ACL::CANDWNLDPREVIEW => false, + \ACL::CANCMD => false, + \ACL::CANADMIN => false, + \ACL::CANREPORT => false, + \ACL::CANPUSH => false, + \ACL::CANADDRECORD => false, + \ACL::CANMODIFRECORD => false, + \ACL::CANDELETERECORD => false, + \ACL::CHGSTATUS => false, + \ACL::IMGTOOLS => false, + \ACL::COLL_MANAGE => false, + \ACL::COLL_MODIFY_STRUCT => false, + \ACL::BAS_MODIFY_STRUCT => false + ] + ); break 2; } diff --git a/tests/classes/ACLTest.php b/tests/classes/ACLTest.php index a6d70f3c87..89f40fe935 100644 --- a/tests/classes/ACLTest.php +++ b/tests/classes/ACLTest.php @@ -118,7 +118,7 @@ class ACLTest extends \PhraseanetTestCase public function testGive_access_to_sbas() { - + /** @var Databox $databox */ foreach (self::$DI['app']->getDataboxes() as $databox) { $sbas_id = $databox->get_sbas_id(); $base_ids = []; @@ -136,6 +136,7 @@ class ACLTest extends \PhraseanetTestCase public function testRevoke_unused_sbas_rights() { + /** @var Databox $databox */ foreach (self::$DI['app']->getDataboxes() as $databox) { $sbas_id = $databox->get_sbas_id(); $base_ids = []; @@ -158,6 +159,7 @@ class ACLTest extends \PhraseanetTestCase public function testSet_quotas_on_base() { + /** @var Databox $databox */ foreach (self::$DI['app']->getDataboxes() as $databox) { foreach ($databox->get_collections() as $collection) { $base_id = $collection->get_base_id(); @@ -178,10 +180,10 @@ class ACLTest extends \PhraseanetTestCase public function testDuplicate_right_from_bas() { - $first = true; $base_ref = null; + /** @var Databox $databox */ foreach (self::$DI['app']->getDataboxes() as $databox) { foreach ($databox->get_collections() as $collection) { $base_id = $collection->get_base_id(); @@ -189,12 +191,15 @@ class ACLTest extends \PhraseanetTestCase $this->object->give_access_to_base([$base_id]); if ($first) { - $this->object->update_rights_to_base($base_id, [ - \ACL::IMGTOOLS => true, - \ACL::CHGSTATUS => true, - \ACL::CANADDRECORD => true, - \ACL::CANPUTINALBUM => true - ]); + $this->object->update_rights_to_base( + $base_id, + [ + \ACL::IMGTOOLS => true, + \ACL::CHGSTATUS => true, + \ACL::CANADDRECORD => true, + \ACL::CANPUTINALBUM => true + ] + ); $base_ref = $base_id; } else { $this->object->duplicate_right_from_bas($base_ref, $base_id); @@ -233,21 +238,34 @@ class ACLTest extends \PhraseanetTestCase \ACL::CANADDRECORD => true, ]; + /** @var Databox $databox */ foreach (self::$DI['app']->getDataboxes() as $databox) { foreach ($databox->get_collections() as $collection) { $base_id = $collection->get_base_id(); $this->object->give_access_to_base([$base_id]); - $this->object->update_rights_to_base($base_id, $rights_false); + + $this->object->update_rights_to_base( + $base_id, + $rights_false + ); $this->assertFalse($this->object->has_right_on_base($base_id, \ACL::IMGTOOLS)); $this->assertFalse($this->object->has_right_on_base($base_id, \ACL::CHGSTATUS)); $this->assertFalse($this->object->has_right_on_base($base_id, \ACL::CANADDRECORD)); $this->assertFalse($this->object->has_right_on_base($base_id, \ACL::CANPUTINALBUM)); - $this->object->update_rights_to_base($base_id, $rights_true); + + $this->object->update_rights_to_base( + $base_id, + $rights_true + ); $this->assertTrue($this->object->has_right_on_base($base_id, \ACL::IMGTOOLS)); $this->assertTrue($this->object->has_right_on_base($base_id, \ACL::CHGSTATUS)); $this->assertTrue($this->object->has_right_on_base($base_id, \ACL::CANADDRECORD)); $this->assertFalse($this->object->has_right_on_base($base_id, \ACL::CANPUTINALBUM)); - $this->object->update_rights_to_base($base_id, $rights_false); + + $this->object->update_rights_to_base( + $base_id, + $rights_false + ); $this->assertFalse($this->object->has_right_on_base($base_id, \ACL::IMGTOOLS)); $this->assertFalse($this->object->has_right_on_base($base_id, \ACL::CHGSTATUS)); $this->assertFalse($this->object->has_right_on_base($base_id, \ACL::CANADDRECORD)); @@ -262,6 +280,7 @@ class ACLTest extends \PhraseanetTestCase */ public function testGetSetOrder_master() { + /** @var Appbox $appbox */ $appbox = self::$DI['app']['phraseanet.appbox']; $acl = $this->object; @@ -338,19 +357,26 @@ class ACLTest extends \PhraseanetTestCase public function testHasRight() { + /** @var Databox $databox */ $databox = self::$DI['collection']->get_databox(); $this->object->give_access_to_sbas([$databox->get_sbas_id()]); - $this->object->update_rights_to_sbas($databox->get_sbas_id(), [ - \ACL::BAS_MODIFY_STRUCT => false, - \ACL::BAS_MODIF_TH => false, - ]); + $this->object->update_rights_to_sbas( + $databox->get_sbas_id(), + [ + \ACL::BAS_MODIFY_STRUCT => false, + \ACL::BAS_MODIF_TH => false + ] + ); $this->assertFalse($this->object->has_right(\ACL::BAS_MODIFY_STRUCT )); $this->assertFalse($this->object->has_right(\ACL::BAS_MODIF_TH)); - $this->object->update_rights_to_sbas($databox->get_sbas_id(), [ - \ACL::BAS_MODIFY_STRUCT => true, - ]); + $this->object->update_rights_to_sbas( + $databox->get_sbas_id(), + [ + \ACL::BAS_MODIFY_STRUCT => true + ] + ); $this->assertTrue($this->object->has_right(\ACL::BAS_MODIFY_STRUCT )); $this->assertFalse($this->object->has_right(\ACL::BAS_MODIF_TH)); @@ -362,29 +388,42 @@ class ACLTest extends \PhraseanetTestCase \ACL::BAS_MODIFY_STRUCT => false, \ACL::BAS_MANAGE => false, \ACL::BAS_CHUPUB => false, - \ACL::BAS_MODIF_TH => false, + \ACL::BAS_MODIF_TH => false ]; $rights_true = [ \ACL::BAS_MODIFY_STRUCT => true, \ACL::BAS_MANAGE => true, \ACL::BAS_CHUPUB => true, - \ACL::BAS_MODIF_TH => true, + \ACL::BAS_MODIF_TH => true ]; + /** @var Databox $databox */ foreach (self::$DI['app']->getDataboxes() as $databox) { $this->object->give_access_to_sbas([$databox->get_sbas_id()]); - $this->object->update_rights_to_sbas($databox->get_sbas_id(), $rights_false); + + $this->object->update_rights_to_sbas( + $databox->get_sbas_id(), + $rights_false + ); $this->assertFalse($this->object->has_right_on_sbas($databox->get_sbas_id(), \ACL::BAS_MODIFY_STRUCT)); $this->assertFalse($this->object->has_right_on_sbas($databox->get_sbas_id(), \ACL::BAS_MANAGE)); $this->assertFalse($this->object->has_right_on_sbas($databox->get_sbas_id(), \ACL::BAS_CHUPUB)); $this->assertFalse($this->object->has_right_on_sbas($databox->get_sbas_id(), \ACL::BAS_MODIF_TH)); - $this->object->update_rights_to_sbas($databox->get_sbas_id(), $rights_true); + + $this->object->update_rights_to_sbas( + $databox->get_sbas_id(), + $rights_true + ); $this->assertTrue($this->object->has_right_on_sbas($databox->get_sbas_id(), \ACL::BAS_MODIFY_STRUCT)); $this->assertTrue($this->object->has_right_on_sbas($databox->get_sbas_id(), \ACL::BAS_MANAGE)); $this->assertTrue($this->object->has_right_on_sbas($databox->get_sbas_id(), \ACL::BAS_CHUPUB)); $this->assertTrue($this->object->has_right_on_sbas($databox->get_sbas_id(), \ACL::BAS_MODIF_TH)); - $this->object->update_rights_to_sbas($databox->get_sbas_id(), $rights_false); + + $this->object->update_rights_to_sbas( + $databox->get_sbas_id(), + $rights_false + ); $this->assertFalse($this->object->has_right_on_sbas($databox->get_sbas_id(), \ACL::BAS_MODIFY_STRUCT)); $this->assertFalse($this->object->has_right_on_sbas($databox->get_sbas_id(), \ACL::BAS_MANAGE)); $this->assertFalse($this->object->has_right_on_sbas($databox->get_sbas_id(), \ACL::BAS_CHUPUB)); @@ -394,18 +433,39 @@ class ACLTest extends \PhraseanetTestCase public function testGet_mask_and() { + /** @var Databox $databox */ foreach (self::$DI['app']->getDataboxes() as $databox) { foreach ($databox->get_collections() as $collection) { $base_id = $collection->get_base_id(); $this->object->give_access_to_base([$base_id]); - $this->object->update_rights_to_base($base_id, ['actif' => false]); + $this->object->update_rights_to_base( + $base_id, + [ + \ACL::ACTIF => false + ] + ); $this->assertFalse($this->object->get_mask_and($base_id)); - $this->object->update_rights_to_base($base_id, ['mask_and' => 42]); + $this->object->update_rights_to_base( + $base_id, + [ + 'mask_and' => 42 + ] + ); $this->assertEquals('42', $this->object->get_mask_and($base_id)); - $this->object->update_rights_to_base($base_id, ['mask_and' => 1]); + $this->object->update_rights_to_base( + $base_id, + [ + 'mask_and' => 1 + ] + ); $this->assertEquals('1', $this->object->get_mask_and($base_id)); - $this->object->update_rights_to_base($base_id, ['mask_and' => 0]); + $this->object->update_rights_to_base( + $base_id, + [ + 'mask_and' => 0 + ] + ); $this->assertEquals('0', $this->object->get_mask_and($base_id)); } } @@ -413,19 +473,45 @@ class ACLTest extends \PhraseanetTestCase public function testGet_mask_xor() { + /** @var Databox $databox */ foreach (self::$DI['app']->getDataboxes() as $databox) { foreach ($databox->get_collections() as $collection) { $base_id = $collection->get_base_id(); $this->object->give_access_to_base([$base_id]); - $this->object->update_rights_to_base($base_id, ['actif' => false]); + $this->object->update_rights_to_base( + $base_id, + [ + \ACL::ACTIF => false + ] + ); $this->assertFalse($this->object->get_mask_xor($base_id)); - $this->object->update_rights_to_base($base_id, ['actif' => true]); - $this->object->update_rights_to_base($base_id, ['mask_xor' => 42]); + $this->object->update_rights_to_base( + $base_id, + [ + \ACL::ACTIF => true + ] + ); + $this->object->update_rights_to_base( + $base_id, + [ + 'mask_xor' => 42 + ] + ); $this->assertEquals('42', $this->object->get_mask_xor($base_id)); - $this->object->update_rights_to_base($base_id, ['mask_xor' => 1]); + $this->object->update_rights_to_base( + $base_id, + [ + 'mask_xor' => 0 + ] + ); $this->assertEquals('1', $this->object->get_mask_xor($base_id)); - $this->object->update_rights_to_base($base_id, ['mask_xor' => 0]); + $this->object->update_rights_to_base( + $base_id, + [ + 'mask_xor' => 0 + ] + ); $this->assertEquals('0', $this->object->get_mask_xor($base_id)); } } @@ -435,6 +521,8 @@ class ACLTest extends \PhraseanetTestCase { $base_ids = []; $n = 0; + + /** @var Databox $databox */ foreach (self::$DI['app']->getDataboxes() as $databox) { foreach ($databox->get_collections() as $collection) { $base_ids[] = $collection->get_base_id(); @@ -460,21 +548,36 @@ class ACLTest extends \PhraseanetTestCase $this->assertEquals(1, $row['actif']); $this->assertTrue($this->object->has_access_to_base($base_id)); - $this->object->update_rights_to_base($base_id, ['actif' => false]); + $this->object->update_rights_to_base( + $base_id, + [ + \ACL::ACTIF => false + ] + ); $stmt->execute([':usr_id' => self::$DI['user']->getId(), ':base_id' => $base_id]); $row = $stmt->fetch(PDO::FETCH_ASSOC); $this->assertEquals(0, $row['actif']); $this->assertFalse($this->object->has_access_to_base($base_id)); - $this->object->update_rights_to_base($base_id, ['actif' => true]); + $this->object->update_rights_to_base( + $base_id, + [ + \ACL::ACTIF => true + ] + ); $stmt->execute([':usr_id' => self::$DI['user']->getId(), ':base_id' => $base_id]); $row = $stmt->fetch(PDO::FETCH_ASSOC); $this->assertEquals(1, $row['actif']); $this->assertTrue($this->object->has_access_to_base($base_id)); - $this->object->update_rights_to_base($base_id, ['actif' => false]); + $this->object->update_rights_to_base( + $base_id, + [ + \ACL::ACTIF => false + ] + ); $this->assertFalse($this->object->has_access_to_base($base_id)); } $this->object->give_access_to_base($base_ids); @@ -489,6 +592,8 @@ class ACLTest extends \PhraseanetTestCase { $base_ids = []; $n = 0; + + /** @var Databox $databox */ foreach (self::$DI['app']->getDataboxes() as $databox) { foreach ($databox->get_collections() as $collection) { $base_ids[] = $collection->get_base_id(); @@ -521,6 +626,8 @@ class ACLTest extends \PhraseanetTestCase { $sbas_ids = []; $n = 0; + + /** @var Databox $databox */ foreach (self::$DI['app']->getDataboxes() as $databox) { $sbas_ids[] = $databox->get_sbas_id(); $n ++; @@ -568,7 +675,12 @@ class ACLTest extends \PhraseanetTestCase foreach ($databox->get_collections() as $collection) { $base_id = $collection->get_base_id(); $base_ids[] = $base_id; - $this->object->update_rights_to_base($base_id, [\ACL::CANREPORT => true]); + $this->object->update_rights_to_base( + $base_id, + [ + \ACL::CANREPORT => true + ] + ); $found = true; break; } @@ -579,8 +691,14 @@ class ACLTest extends \PhraseanetTestCase $this->assertFalse($this->object->has_access_to_module('thesaurus')); $this->assertFalse($this->object->has_access_to_module('upload')); + /** @var Databox $databox */ foreach (self::$DI['app']->getDataboxes() as $databox) { - $this->object->update_rights_to_sbas($databox->get_sbas_id(), [\ACL::BAS_MODIF_TH => true]); + $this->object->update_rights_to_sbas( + $databox->get_sbas_id(), + [ + \ACL::BAS_MODIF_TH => true + ] + ); $found = true; } $this->assertTrue($this->object->has_access_to_module('report')); @@ -592,7 +710,12 @@ class ACLTest extends \PhraseanetTestCase foreach ($databox->get_collections() as $collection) { $base_id = $collection->get_base_id(); $base_ids[] = $base_id; - $this->object->update_rights_to_base($base_id, [\ACL::CANADDRECORD => true]); + $this->object->update_rights_to_base( + $base_id, + [ + \ACL::CANADDRECORD => true + ] + ); $found = true; break; } @@ -606,9 +729,9 @@ class ACLTest extends \PhraseanetTestCase public function testis_limited() { - $found = false; + /** @var Databox $databox */ foreach (self::$DI['app']->getDataboxes() as $databox) { foreach ($databox->get_collections() as $collection) { $base_id = $collection->get_base_id(); @@ -639,9 +762,9 @@ class ACLTest extends \PhraseanetTestCase public function testget_limits() { - $found = false; + /** @var Databox $databox */ foreach (self::$DI['app']->getDataboxes() as $databox) { foreach ($databox->get_collections() as $collection) { $base_id = $collection->get_base_id(); diff --git a/tests/classes/PhraseanetAuthenticatedWebTestCase.php b/tests/classes/PhraseanetAuthenticatedWebTestCase.php index 52d8a2e682..5d28a1d3db 100644 --- a/tests/classes/PhraseanetAuthenticatedWebTestCase.php +++ b/tests/classes/PhraseanetAuthenticatedWebTestCase.php @@ -108,14 +108,15 @@ abstract class PhraseanetAuthenticatedWebTestCase extends \PhraseanetAuthenticat self::$createdDataboxes[] = $databox; - $rights = [ - \ACL::BAS_MANAGE => '1', - \ACL::BAS_MODIFY_STRUCT => '1', - \ACL::BAS_MODIF_TH => '1', - \ACL::BAS_CHUPUB => '1' - ]; - - $app->getAclForUser($app->getAuthenticatedUser())->update_rights_to_sbas($databox->get_sbas_id(), $rights); + $app->getAclForUser($app->getAuthenticatedUser())->update_rights_to_sbas( + $databox->get_sbas_id(), + [ + \ACL::BAS_MANAGE => true, + \ACL::BAS_MODIFY_STRUCT => true, + \ACL::BAS_MODIF_TH => true, + \ACL::BAS_CHUPUB => true + ] + ); $databox->registerAdmin($app->getAuthenticatedUser()); diff --git a/tests/classes/PhraseanetTestCase.php b/tests/classes/PhraseanetTestCase.php index 96e22620d5..ed9e05d8ba 100644 --- a/tests/classes/PhraseanetTestCase.php +++ b/tests/classes/PhraseanetTestCase.php @@ -571,14 +571,15 @@ abstract class PhraseanetTestCase extends WebTestCase foreach ($app->getDataboxes() as $databox) { $app->getAclForUser($user)->delete_data_from_cache(\ACL::CACHE_RIGHTS_SBAS); - $rights = [ - \ACL::BAS_MANAGE => '1', - \ACL::BAS_MODIFY_STRUCT => '1', - \ACL::BAS_MODIF_TH => '1', - \ACL::BAS_CHUPUB => '1' - ]; - - $app->getAclForUser($user)->update_rights_to_sbas($databox->get_sbas_id(), $rights); + $app->getAclForUser($user)->update_rights_to_sbas( + $databox->get_sbas_id(), + [ + \ACL::BAS_MANAGE => true, + \ACL::BAS_MODIFY_STRUCT => true, + \ACL::BAS_MODIF_TH => true, + \ACL::BAS_CHUPUB => true + ] + ); foreach ($databox->get_collections() as $collection) { if (null !== $base_ids && !in_array($collection->get_base_id(), (array) $base_ids, true)) { @@ -594,30 +595,35 @@ abstract class PhraseanetTestCase extends WebTestCase $app->getAclForUser($user)->delete_data_from_cache(\ACL::CACHE_RIGHTS_BAS); $app->getAclForUser($user)->give_access_to_base([$base_id]); - $app->getAclForUser($user)->update_rights_to_base($base_id, [\ACL::ORDER_MASTER => true]); + $app->getAclForUser($user)->update_rights_to_base( + $base_id, + [ + \ACL::ORDER_MASTER => true + ] + ); - $rights = [ - \ACL::CANPUTINALBUM => '1', - \ACL::CANDWNLDHD => '1', - 'candwnldsubdef' => '1', - \ACL::NOWATERMARK => '1', - \ACL::CANDWNLDPREVIEW => '1', - \ACL::CANCMD => '1', - \ACL::CANADMIN => '1', - \ACL::CANREPORT => '1', - \ACL::CANPUSH => '1', - 'creationdate' => '1', - \ACL::CANADDRECORD => '1', - \ACL::CANMODIFRECORD => '1', - \ACL::CANDELETERECORD => '1', - \ACL::CHGSTATUS => '1', - \ACL::IMGTOOLS => '1', - \ACL::COLL_MANAGE => '1', - \ACL::COLL_MODIFY_STRUCT => '1', - \ACL::BAS_MODIFY_STRUCT => '1' - ]; - - $app->getAclForUser($user)->update_rights_to_base($collection->get_base_id(), $rights); + $app->getAclForUser($user)->update_rights_to_base( + $collection->get_base_id(), + [ + 'creationdate' => '1', // todo : wtf + \ACL::CANPUTINALBUM => true, + \ACL::CANDWNLDHD => true, + \ACL::NOWATERMARK => true, + \ACL::CANDWNLDPREVIEW => true, + \ACL::CANCMD => true, + \ACL::CANADMIN => true, + \ACL::CANREPORT => true, + \ACL::CANPUSH => true, + \ACL::CANADDRECORD => true, + \ACL::CANMODIFRECORD => true, + \ACL::CANDELETERECORD => true, + \ACL::CHGSTATUS => true, + \ACL::IMGTOOLS => true, + \ACL::COLL_MANAGE => true, + \ACL::COLL_MODIFY_STRUCT => true, + \ACL::BAS_MODIFY_STRUCT => true + ] + ); } } }