hazza/Phraseanet
1
0
Fork 0
mirror of https://github.com/alchemy-fr/Phraseanet.git synced 2025-10-17 06:53:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

PHRAS-508_acl-cache

Browse Source 
- refactor : acl strings changed to ACL class constants
 - code cleanup
 - wip but try to merge for bc break test
This commit is contained in:
Jean-Yves Gaulier
2016-10-26 16:12:25 +02:00
parent 642da0fca5
commit 0c75189a64
28 changed files with 641 additions and 496 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
lib/Alchemy/Phrasea/Collection/CollectionService.php
View File

@@ -268,27 +268,28 @@ class CollectionService
*/
public function grantAdminRights(CollectionReference $reference, User $user)
{
$rights = [
\ACL::CANPUTINALBUM => "1",
\ACL::CANDWNLDHD => "1",
\ACL::NOWATERMARK => "1",
\ACL::CANDWNLDPREVIEW => "1",
\ACL::CANCMD => "1",
\ACL::CANADMIN => "1",
\ACL::ACTIF => "1",
\ACL::CANREPORT => "1",
\ACL::CANPUSH => "1",
"basusr_infousr" => "",
\ACL::CANADDRECORD => "1",
\ACL::CANMODIFRECORD => "1",
\ACL::CANDELETERECORD => "1",
\ACL::CHGSTATUS => "1",
\ACL::IMGTOOLS => "1",
\ACL::COLL_MANAGE => "1",
\ACL::COLL_MODIFY_STRUCT => "1"
];
$this->app->getAclForUser($user)->update_rights_to_base($reference->getBaseId(), $rights);
$this->app->getAclForUser($user)->update_rights_to_base(
$reference->getBaseId(),
[
"basusr_infousr" => "", // todo : wtf
\ACL::CANPUTINALBUM => true,
\ACL::CANDWNLDHD => true,
\ACL::NOWATERMARK => true,
\ACL::CANDWNLDPREVIEW => true,
\ACL::CANCMD => true,
\ACL::CANADMIN => true,
\ACL::ACTIF => true,
\ACL::CANREPORT => true,
\ACL::CANPUSH => true,
\ACL::CANADDRECORD => true,
\ACL::CANMODIFRECORD => true,
\ACL::CANDELETERECORD => true,
\ACL::CHGSTATUS => true,
\ACL::IMGTOOLS => true,
\ACL::COLL_MANAGE => true,
\ACL::COLL_MODIFY_STRUCT => true
]
);
}
public function setOrderMasters(CollectionReference $reference, array $userIds)

6
lib/Alchemy/Phrasea/Controller/Prod/PushController.php
View File

@@ -395,7 +395,7 @@ class PushController extends Controller
$data = null;
$query = $this->createUserQuery();
$query->on_bases_where_i_am($this->getAclForUser($this->getAuthenticatedUser()), ['canpush']);
$query->on_bases_where_i_am($this->getAclForUser($this->getAuthenticatedUser()), [\ACL::CANPUSH]);
$query->in([$usr_id]);
@@ -502,7 +502,7 @@ class PushController extends Controller
public function searchUserAction(Request $request)
{
$query = $this->createUserQuery();
$query->on_bases_where_i_am($this->getAclForUser($this->getAuthenticatedUser()), ['canpush']);
$query->on_bases_where_i_am($this->getAclForUser($this->getAuthenticatedUser()), [\ACL::CANPUSH]);
$query
->like(\User_Query::LIKE_FIRSTNAME, $request->query->get('query'))
->like(\User_Query::LIKE_LASTNAME, $request->query->get('query'))
@@ -540,7 +540,7 @@ class PushController extends Controller
$list = $repository->findUserListByUserAndId($this->getAuthenticatedUser(), $list_id);
$query = $this->createUserQuery();
$query->on_bases_where_i_am($this->getAclForUser($this->getAuthenticatedUser()), ['canpush']);
$query->on_bases_where_i_am($this->getAclForUser($this->getAuthenticatedUser()), [\ACL::CANPUSH]);
if ($request->get('query')) {
$query

4
lib/Alchemy/Phrasea/Controller/RecordsRequest.php
View File

@@ -219,8 +219,8 @@ class RecordsRequest extends ArrayCollection
$repository = $app['repo.story-wz'];
$storyWZ = $repository->findByUserAndId(
$app, $app->getAuthenticatedUser()
, $request->get('story')
$app, $app->getAuthenticatedUser(),
$request->get('story')
);
$received[$storyWZ->getRecord($app)->get_serialize_key()] = $storyWZ->getRecord($app);

2
lib/Alchemy/Phrasea/Helper/Prod.php
View File

@@ -93,7 +93,7 @@ class Prod extends Helper
if (!$bases[$sbasId]['thesaurus']) {
continue;
}
if (!$this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_sbas($sbasId, 'bas_modif_th')) {
if (!$this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_sbas($sbasId, \ACL::BAS_MODIF_TH)) {
continue;
}

29
lib/Alchemy/Phrasea/Helper/User/Edit.php
View File

@@ -115,13 +115,13 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
. " SUM(time_limited) AS time_limited,\n"
. " SUM(restrict_dwnld) AS restrict_dwnld,\n"
// --- wtf doing sum on non booleans ?
// --- todo : wtf doing sum on non booleans ?
. " SUM(remain_dwnld) AS remain_dwnld,\n"
. " SUM(month_dwnld_max) AS month_dwnld_max,\n"
. " SUM(mask_and + mask_xor) AS masks,\n"
// ---
// -- wtf no aggregate fct ?
// -- todo : wtf no aggregate fct ?
. " DATE_FORMAT(limited_from,'%Y%m%d') AS limited_from,\n"
. " DATE_FORMAT(limited_to,'%Y%m%d') AS limited_to\n"
// ---
@@ -509,9 +509,13 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
}
$rights[$k] = $right . '_' . $base_id;
}
// todo : wtf check if parm contains good types (a checkbox should be a bool, not a "0" or "1"
// as required by ACL::update_rights_to_bas(...)
$parm = $this->unserializedRequestData($this->app['request'], $rights, 'values');
foreach ($parm as $p => $v) {
// p is like {bid}_{right} => right-value
if (trim($v) == '')
continue;
@@ -524,10 +528,14 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
if ($v === '1') {
$create_sbas[\phrasea::sbasFromBas($this->app, $base_id)] = \phrasea::sbasFromBas($this->app, $base_id);
$create[] = $base_id;
} else
}
else {
$delete[] = $base_id;
} else {
}
}
else {
$create_sbas[\phrasea::sbasFromBas($this->app, $base_id)] = \phrasea::sbasFromBas($this->app, $base_id);
// todo : wtf $update is arg. for ACL::update_rights_to_base(...) but $v is always a string. how to convert to bool ?
$update[$base_id][$p] = $v;
}
}
@@ -550,6 +558,8 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
$rights[$k] = $right . '_' . $databox->get_sbas_id();
}
// todo : wtf check if parm contains good types (a checkbox should be a bool, not a "0" or "1"
// as required by ACL::update_rights_to_sbas(...)
$parm = $this->unserializedRequestData($this->app['request'], $rights, 'values');
foreach ($parm as $p => $v) {
@@ -577,11 +587,18 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
->give_access_to_sbas($create_sbas);
foreach ($update as $base_id => $rights) {
$this->app->getAclForUser($user)->update_rights_to_base($base_id, $rights);
$this->app->getAclForUser($user)
->update_rights_to_base(
$base_id,
$rights
);
}
foreach ($update_sbas as $sbas_id => $rights) {
$this->app->getAclForUser($user)->update_rights_to_sbas($sbas_id, $rights);
$this->app->getAclForUser($user)->update_rights_to_sbas(
$sbas_id,
$rights
);
}
$this->app->getApplicationBox()->get_connection()->commit();

57
lib/Alchemy/Phrasea/Model/Manipulator/ACLManipulator.php
View File

@@ -71,12 +71,15 @@ class ACLManipulator implements ManipulatorInterface
{
$collections = $databox->get_collections();
$acl->update_rights_to_sbas($databox->get_sbas_id(), [
\ACL::BAS_MANAGE => '1',
\ACL::BAS_MODIFY_STRUCT => '1',
\ACL::BAS_MODIF_TH => '1',
\ACL::BAS_CHUPUB => '1'
]);
$acl->update_rights_to_sbas(
$databox->get_sbas_id(),
[
\ACL::BAS_MANAGE => true,
\ACL::BAS_MODIFY_STRUCT => true,
\ACL::BAS_MODIF_TH => true,
\ACL::BAS_CHUPUB => true
]
);
$acl->give_access_to_base(array_map(function (\collection $collection) {
return $collection->get_base_id();
@@ -100,26 +103,28 @@ class ACLManipulator implements ManipulatorInterface
$acl->set_limits($baseId, false);
$acl->remove_quotas_on_base($baseId);
$acl->set_masks_on_base($baseId, '0', '0', '0', '0');
$acl->update_rights_to_base($baseId, [
\ACL::CANPUTINALBUM => '1',
\ACL::CANDWNLDHD => '1',
'candwnldsubdef' => '1',
\ACL::NOWATERMARK => '1',
\ACL::CANDWNLDPREVIEW => '1',
\ACL::CANCMD => '1',
\ACL::CANADMIN => '1',
\ACL::CANREPORT => '1',
\ACL::CANPUSH => '1',
'creationdate' => '1',
\ACL::CANADDRECORD => '1',
\ACL::CANMODIFRECORD => '1',
\ACL::CANDELETERECORD => '1',
\ACL::CHGSTATUS => '1',
\ACL::IMGTOOLS => '1',
\ACL::COLL_MANAGE => '1',
\ACL::COLL_MODIFY_STRUCT => '1',
\ACL::BAS_MODIFY_STRUCT => '1'
]);
$acl->update_rights_to_base(
$baseId,
[
'creationdate' => '1', // todo : wtf
\ACL::CANPUTINALBUM => true,
\ACL::CANDWNLDHD => true,
\ACL::NOWATERMARK => true,
\ACL::CANDWNLDPREVIEW => true,
\ACL::CANCMD => true,
\ACL::CANADMIN => true,
\ACL::CANREPORT => true,
\ACL::CANPUSH => true,
\ACL::CANADDRECORD => true,
\ACL::CANMODIFRECORD => true,
\ACL::CANDELETERECORD => true,
\ACL::CHGSTATUS => true,
\ACL::IMGTOOLS => true,
\ACL::COLL_MANAGE => true,
\ACL::COLL_MODIFY_STRUCT => true,
\ACL::BAS_MODIFY_STRUCT => true
]
);
}
/**

17
lib/Alchemy/Phrasea/Model/Manipulator/RegistrationManipulator.php
View File

@@ -81,13 +81,16 @@ class RegistrationManipulator implements ManipulatorInterface
$this->aclProvider->get($user)->give_access_to_sbas([$collection->get_sbas_id()]);
$this->aclProvider->get($user)->give_access_to_base([$collection->get_base_id()]);
$this->aclProvider->get($user)->update_rights_to_base($collection->get_base_id(), [
\ACL::CANPUTINALBUM => '1',
\ACL::CANDWNLDHD => (string) (int) $grantHd,
\ACL::NOWATERMARK => (string) (int) $grantWatermark,
\ACL::CANDWNLDPREVIEW => '1',
\ACL::ACTIF => '1'
]);
$this->aclProvider->get($user)->update_rights_to_base(
$collection->get_base_id(),
[
\ACL::CANPUTINALBUM => true,
\ACL::CANDWNLDHD => (bool)$grantHd,
\ACL::NOWATERMARK => (bool)$grantWatermark,
\ACL::CANDWNLDPREVIEW => true,
\ACL::ACTIF => true
]
);
$this->em->remove($registration);
$this->em->flush();
}

2
lib/Alchemy/Phrasea/Order/Controller/ProdOrderController.php
View File

@@ -37,7 +37,7 @@ class ProdOrderController extends BaseOrderController
*/
public function createOrder(Request $request)
{
$records = RecordsRequest::fromRequest($this->app, $request, true, ['cancmd']);
$records = RecordsRequest::fromRequest($this->app, $request, true, [\ACL::CANCMD]);
try {
if ($records->isEmpty()) {

2
lib/Alchemy/Phrasea/SearchEngine/Elastic/ElasticSearchEngine.php
View File

@@ -461,7 +461,7 @@ class ElasticSearchEngine implements SearchEngineInterface
$acl = $this->app->getAclForUser($this->app->getAuthenticatedUser());
$grantedCollections = array_keys($acl->get_granted_base(['actif']));
$grantedCollections = array_keys($acl->get_granted_base([\ACL::ACTIF]));
if (count($grantedCollections) === 0) {
return ['bool' => ['must_not' => ['match_all' => new \stdClass()]]];

48
lib/Alchemy/Phrasea/Setup/Installer.php
View File

@@ -59,11 +59,12 @@ class Installer
$this->app->getAclForUser($admin)
->give_access_to_sbas([$databox->get_sbas_id()])
->update_rights_to_sbas(
$databox->get_sbas_id(), [
\ACL::BAS_MANAGE => 1,
\ACL::BAS_MODIFY_STRUCT => 1,
\ACL::BAS_MODIF_TH => 1,
\ACL::BAS_CHUPUB => 1
$databox->get_sbas_id(),
[
\ACL::BAS_MANAGE => true,
\ACL::BAS_MODIFY_STRUCT => true,
\ACL::BAS_MODIF_TH => true,
\ACL::BAS_CHUPUB => true
]
);
@@ -71,24 +72,27 @@ class Installer
$this->app->getAclForUser($admin)
->give_access_to_base([$collection->get_base_id()]);
$this->app->getAclForUser($admin)
->update_rights_to_base($collection->get_base_id(), [
\ACL::CANPUSH => 1,
\ACL::CANCMD => 1,
\ACL::CANPUTINALBUM => 1,
\ACL::CANDWNLDHD => 1,
\ACL::CANDWNLDPREVIEW => 1,
\ACL::CANADMIN => 1,
\ACL::ACTIF => 1,
\ACL::CANREPORT => 1,
\ACL::CANADDRECORD => 1,
\ACL::CANMODIFRECORD => 1,
\ACL::CANDELETERECORD => 1,
\ACL::CHGSTATUS => 1,
\ACL::IMGTOOLS => 1,
\ACL::COLL_MANAGE => 1,
\ACL::COLL_MODIFY_STRUCT => 1,
\ACL::NOWATERMARK => 1
->update_rights_to_base(
$collection->get_base_id(),
[
\ACL::CANPUSH => true,
\ACL::CANCMD => true,
\ACL::CANPUTINALBUM => true,
\ACL::CANDWNLDHD => true,
\ACL::CANDWNLDPREVIEW => true,
\ACL::CANADMIN => true,
\ACL::ACTIF => true,
\ACL::CANREPORT => true,
\ACL::CANADDRECORD => true,
\ACL::CANMODIFRECORD => true,
\ACL::CANDELETERECORD => true,
\ACL::CHGSTATUS => true,
\ACL::IMGTOOLS => true,
\ACL::COLL_MANAGE => true,
\ACL::COLL_MODIFY_STRUCT => true,
\ACL::NOWATERMARK => true
]
);

18
lib/Alchemy/Phrasea/Twig/PhraseanetExtension.php
View File

@@ -133,7 +133,7 @@ class PhraseanetExtension extends \Twig_Extension
$structure = $databox->getStatusStructure()->toArray();
if (!$this->isGrantedOnCollection($record->getBaseId(), \ACL::CHGSTATUS)) {
if (!$this->isGrantedOnCollection($record->getBaseId(), [\ACL::CHGSTATUS])) {
$structure = array_filter($structure, function($status) {
return (bool) $status['printable'];
});
@@ -175,16 +175,25 @@ class PhraseanetExtension extends \Twig_Extension
return true;
}
public function isGrantedOnCollection($baseId, $rights)
/**
* returns true if user is authenticated and has all the passed rights on the base
* todo : wtf $rights is an array since it's never called with more than 1 right in it ?
*
* @param $baseId
* @param array $rights
* @return bool
* @throws \Exception
*/
public function isGrantedOnCollection($baseId, Array $rights)
{
if (false === ($this->app->getAuthenticatedUser() instanceof User)) {
return false;
}
$rights = (array) $rights;
$acl = $this->app->getAclForUser($this->app->getAuthenticatedUser());
foreach ($rights as $right) {
if (false === $this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_base($baseId, $right)) {
if (! $acl->has_right_on_base($baseId, $right)) {
return false;
}
@@ -196,6 +205,7 @@ class PhraseanetExtension extends \Twig_Extension
public function getCollectionLogo($baseId)
{
if (false === $this->app['filesystem']->exists(sprintf('%s/config/minilogos/%s', $this->app['root.path'], $baseId))) {
return '';
}

261
lib/classes/ACL.php
View File

@@ -32,12 +32,13 @@ use Doctrine\DBAL\DBALException;
class ACL implements cache_cacheableInterface
{
// those constants MUST match the related sql columns (so sql can be built from anonymous constants... ugly)
const BAS_MODIF_TH = 'bas_modif_th';
const BAS_MODIFY_STRUCT = 'bas_modify_struct';
const BAS_MANAGE = 'bas_manage';
const BAS_CHUPUB = 'bas_chupub';
const ACCESS = 'access';
const ACCESS = 'access'; // not a real sql column
const ACTIF = 'actif';
const CANADDRECORD = 'canaddrecord';
const CANADMIN = 'canadmin';
@@ -237,11 +238,11 @@ class ACL implements cache_cacheableInterface
. " (null, :usr_id, :sbas_id, :record_id, 1, :case, :pusher)";
$params = [
':usr_id' => $this->user->getId()
, ':sbas_id' => $record->getDataboxId()
, ':record_id' => $record->getRecordId()
, ':case' => $action
, ':pusher' => $pusher->getId()
':usr_id' => $this->user->getId(),
':sbas_id' => $record->getDataboxId(),
':record_id' => $record->getRecordId(),
':case' => $action,
':pusher' => $pusher->getId()
];
$stmt = $this->app->getApplicationBox()->get_connection()->prepare($sql);
@@ -367,7 +368,7 @@ class ACL implements cache_cacheableInterface
foreach ($sbas_rights as $right) {
if ($this->app->getAclForUser($template_user)->has_right_on_sbas($sbas_id, $right)) {
$rights_to_give[$sbas_id][$right] = '1';
$rights_to_give[$sbas_id][$right] = true;
}
}
}
@@ -382,6 +383,8 @@ class ACL implements cache_cacheableInterface
$bas_to_acces = $masks_to_give = $rights_to_give = [];
// todo ? wtf simplify this sb manipulation, now it is 32 bits
/**
* map masks (and+xor) of template to masks to apply to user on base
* (and_and, and_or, xor_and, xor_or)
@@ -396,8 +399,9 @@ class ACL implements cache_cacheableInterface
foreach ($this->app->getAclForUser($template_user)->get_granted_base() as $collection) {
$base_id = $collection->get_base_id();
if (!in_array($base_id, $base_ids))
if (!in_array($base_id, $base_ids)) {
continue;
}
if (!$this->has_access_to_base($base_id)) {
$bas_to_acces[] = $base_id;
@@ -435,10 +439,10 @@ class ACL implements cache_cacheableInterface
}
$masks_to_give[$base_id] = [
'aa' => $m['aa']
, 'ao' => $m['ao']
, 'xa' => $m['xa']
, 'xo' => $m['xo']
'aa' => $m['aa'],
'ao' => $m['ao'],
'xa' => $m['xa'],
'xo' => $m['xo']
];
}
@@ -498,8 +502,9 @@ class ACL implements cache_cacheableInterface
return false;
}
if (!isset($this->_rights_bas[$base_id][$right]))
if (!isset($this->_rights_bas[$base_id][$right])) {
throw new Exception('right ' . $right . ' does not exists');
}
return ($this->_rights_bas[$base_id][$right] === true);
}
@@ -601,6 +606,8 @@ class ACL implements cache_cacheableInterface
* @param int $base_id
* @param int $n
* @return ACL
*
* todo : wtf direct cache modification, where is sql ?
*/
public function remove_remaining($base_id, $n = 1)
{
@@ -610,11 +617,7 @@ class ACL implements cache_cacheableInterface
return false;
}
$this->_rights_bas[$base_id]['remain_dwnld'] =
$this->_rights_bas[$base_id]['remain_dwnld'] - (int) $n;
$v = $this->_rights_bas[$base_id]['remain_dwnld'];
$this->_rights_bas[$base_id]['remain_dwnld'] =
$this->_rights_bas[$base_id]['remain_dwnld'] < 0 ? 0 : $v;
$this->_rights_bas[$base_id]['remain_dwnld'] = max(0, $this->_rights_bas[$base_id]['remain_dwnld'] - (int) $n);
return $this;
}
@@ -630,8 +633,9 @@ class ACL implements cache_cacheableInterface
{
$this->load_global_rights();
if (!isset($this->_global_rights[$right]))
if (!isset($this->_global_rights[$right])) {
throw new Exception('This right does not exists');
}
return $this->_global_rights[$right];
}
@@ -652,8 +656,9 @@ class ACL implements cache_cacheableInterface
return false;
}
if (!isset($this->_rights_sbas[$sbas_id][$right]))
if (!isset($this->_rights_sbas[$sbas_id][$right])) {
throw new Exception('This right does not exists');
}
if ($this->_rights_sbas[$sbas_id][$right] === true) {
return true;
@@ -774,8 +779,9 @@ class ACL implements cache_cacheableInterface
*/
public function get_granted_sbas($rights = [])
{
if (is_string($rights))
if (is_string($rights)) {
$rights = [$rights];
}
assert(is_array($rights));
@@ -792,13 +798,14 @@ class ACL implements cache_cacheableInterface
break;
}
}
if ($continue)
if ($continue) {
continue;
}
try {
$ret[$sbas_id] = $this->app->findDataboxById((int) $sbas_id);
} catch (\Exception $e) {
// no-op
}
}
@@ -907,7 +914,7 @@ class ACL implements cache_cacheableInterface
return $this;
} catch (\Exception $e) {
// no-op
}
$sql = "SELECT sbasusr.* FROM sbasusr INNER JOIN sbas USING(sbas_id) WHERE usr_id= :usr_id";
@@ -927,10 +934,10 @@ class ACL implements cache_cacheableInterface
foreach ($rs as $row) {
$sbid = $row['sbas_id'];
$this->_rights_sbas[$sbid] = [];
$this->_global_rights[self::BAS_MODIF_TH] |= ($this->_rights_sbas[$sbid][self::BAS_MODIF_TH] = ($row['bas_modif_th'] == '1'));
$this->_global_rights[self::BAS_MODIFY_STRUCT] |= ($this->_rights_sbas[$sbid][self::BAS_MODIFY_STRUCT] = ($row['bas_modify_struct'] == '1'));
$this->_global_rights[self::BAS_MANAGE] |= ($this->_rights_sbas[$sbid][self::BAS_MANAGE] = ($row['bas_manage'] == '1'));
$this->_global_rights[self::BAS_CHUPUB] |= ($this->_rights_sbas[$sbid][self::BAS_CHUPUB] = ($row['bas_chupub'] == '1'));
$this->_global_rights[self::BAS_MODIF_TH] |= ($this->_rights_sbas[$sbid][self::BAS_MODIF_TH] = ($row[self::BAS_MODIF_TH] == '1'));
$this->_global_rights[self::BAS_MODIFY_STRUCT] |= ($this->_rights_sbas[$sbid][self::BAS_MODIFY_STRUCT] = ($row[self::BAS_MODIFY_STRUCT] == '1'));
$this->_global_rights[self::BAS_MANAGE] |= ($this->_rights_sbas[$sbid][self::BAS_MANAGE] = ($row[self::BAS_MANAGE] == '1'));
$this->_global_rights[self::BAS_CHUPUB] |= ($this->_rights_sbas[$sbid][self::BAS_CHUPUB] = ($row[self::BAS_CHUPUB] == '1'));
}
$this->set_data_to_cache($this->_rights_sbas, self::CACHE_RIGHTS_SBAS);
$this->set_data_to_cache($this->_global_rights, self::CACHE_GLOBAL_RIGHTS);
@@ -1002,7 +1009,7 @@ class ACL implements cache_cacheableInterface
foreach ($rs as $row) {
$bid = $row['base_id'];
$this->_rights_bas[$bid]['actif'] = ($row['actif'] == '1');
$this->_rights_bas[$bid][self::ACTIF] = ($row[self::ACTIF] == '1');
$row['limited_from'] = $row['limited_from'] == '0000-00-00 00:00:00' ? '' : trim($row['limited_from']);
$row['limited_to'] = $row['limited_to'] == '0000-00-00 00:00:00' ? '' : trim($row['limited_to']);
@@ -1015,21 +1022,21 @@ class ACL implements cache_cacheableInterface
];
}
$this->_global_rights[self::IMGTOOLS] |= ($this->_rights_bas[$bid][self::IMGTOOLS] = ($row['imgtools'] == '1'));
$this->_global_rights[self::CHGSTATUS] |= ($this->_rights_bas[$bid][self::CHGSTATUS] = ($row['chgstatus'] == '1'));
$this->_global_rights[self::CANCMD] |= ($this->_rights_bas[$bid][self::CANCMD] = ($row['cancmd'] == '1'));
$this->_global_rights[self::CANADDRECORD] |= ($this->_rights_bas[$bid][self::CANADDRECORD] = ($row['canaddrecord'] == '1'));
$this->_global_rights[self::CANPUSH] |= ($this->_rights_bas[$bid][self::CANPUSH] = ($row['canpush'] == '1'));
$this->_global_rights[self::CANDELETERECORD] |= ($this->_rights_bas[$bid][self::CANDELETERECORD] = ($row['candeleterecord'] == '1'));
$this->_global_rights[self::CANADMIN] |= ($this->_rights_bas[$bid][self::CANADMIN] = ($row['canadmin'] == '1'));
$this->_global_rights[self::CANDWNLDPREVIEW] |= ($this->_rights_bas[$bid][self::CANDWNLDPREVIEW] = ($row['candwnldpreview'] == '1'));
$this->_global_rights[self::CANDWNLDHD] |= ($this->_rights_bas[$bid][self::CANDWNLDHD] = ($row['candwnldhd'] == '1'));
$this->_global_rights[self::CANMODIFRECORD] |= ($this->_rights_bas[$bid][self::CANMODIFRECORD] = ($row['canmodifrecord'] == '1'));
$this->_global_rights[self::CANPUTINALBUM] |= ($this->_rights_bas[$bid][self::CANPUTINALBUM] = ($row['canputinalbum'] == '1'));
$this->_global_rights[self::CANREPORT] |= ($this->_rights_bas[$bid][self::CANREPORT] = ($row['canreport'] == '1'));
$this->_global_rights[self::COLL_MODIFY_STRUCT] |= ($this->_rights_bas[$bid][self::COLL_MODIFY_STRUCT] = ($row['modify_struct'] == '1'));
$this->_global_rights[self::COLL_MANAGE] |= ($this->_rights_bas[$bid][self::COLL_MANAGE] = ($row['manage'] == '1'));
$this->_global_rights[self::ORDER_MASTER] |= ($this->_rights_bas[$bid][self::ORDER_MASTER] = ($row['order_master'] == '1'));
$this->_global_rights[self::IMGTOOLS] |= ($this->_rights_bas[$bid][self::IMGTOOLS] = ($row[self::IMGTOOLS] == '1'));
$this->_global_rights[self::CHGSTATUS] |= ($this->_rights_bas[$bid][self::CHGSTATUS] = ($row[self::CHGSTATUS] == '1'));
$this->_global_rights[self::CANCMD] |= ($this->_rights_bas[$bid][self::CANCMD] = ($row[self::CANCMD] == '1'));
$this->_global_rights[self::CANADDRECORD] |= ($this->_rights_bas[$bid][self::CANADDRECORD] = ($row[self::CANADDRECORD] == '1'));
$this->_global_rights[self::CANPUSH] |= ($this->_rights_bas[$bid][self::CANPUSH] = ($row[self::CANPUSH] == '1'));
$this->_global_rights[self::CANDELETERECORD] |= ($this->_rights_bas[$bid][self::CANDELETERECORD] = ($row[self::CANDELETERECORD] == '1'));
$this->_global_rights[self::CANADMIN] |= ($this->_rights_bas[$bid][self::CANADMIN] = ($row[self::CANADMIN] == '1'));
$this->_global_rights[self::CANDWNLDPREVIEW] |= ($this->_rights_bas[$bid][self::CANDWNLDPREVIEW] = ($row[self::CANDWNLDPREVIEW] == '1'));
$this->_global_rights[self::CANDWNLDHD] |= ($this->_rights_bas[$bid][self::CANDWNLDHD] = ($row[self::CANDWNLDHD] == '1'));
$this->_global_rights[self::CANMODIFRECORD] |= ($this->_rights_bas[$bid][self::CANMODIFRECORD] = ($row[self::CANMODIFRECORD] == '1'));
$this->_global_rights[self::CANPUTINALBUM] |= ($this->_rights_bas[$bid][self::CANPUTINALBUM] = ($row[self::CANPUTINALBUM] == '1'));
$this->_global_rights[self::CANREPORT] |= ($this->_rights_bas[$bid][self::CANREPORT] = ($row[self::CANREPORT] == '1'));
$this->_global_rights[self::COLL_MODIFY_STRUCT] |= ($this->_rights_bas[$bid][self::COLL_MODIFY_STRUCT] = ($row[self::COLL_MODIFY_STRUCT] == '1'));
$this->_global_rights[self::COLL_MANAGE] |= ($this->_rights_bas[$bid][self::COLL_MANAGE] = ($row[self::COLL_MANAGE] == '1'));
$this->_global_rights[self::ORDER_MASTER] |= ($this->_rights_bas[$bid][self::ORDER_MASTER] = ($row[self::ORDER_MASTER] == '1'));
$this->_rights_bas[$bid][self::NOWATERMARK] = ($row['nowatermark'] == '1');
$this->_rights_bas[$bid][self::RESTRICT_DWNLD] = ($row['restrict_dwnld'] == '1');
@@ -1233,43 +1240,31 @@ class ACL implements cache_cacheableInterface
public function update_rights_to_base($base_id, $rights)
{
if (!$this->has_access_to_base($base_id) && (!isset($rights['actif']) || $rights['actif'] == '1')) {
if (!$this->has_access_to_base($base_id) && (!isset($rights[self::ACTIF]) || $rights[self::ACTIF] == true)) {
$this->give_access_to_base([$base_id]);
}
$sql_up = "UPDATE basusr SET ";
$conn = $this->app->getApplicationBox()->get_connection();
$sql_args = $params = [];
$sql_args = [];
foreach ($rights as $right => $v) {
$sql_args[] = " " . $right . " = :" . $right;
switch ($right) {
default:
$params[':' . $right] = $v ? '1' : '0';
break;
case 'mask_and':
case 'mask_xor':
$params[':' . $right] = $v;
break;
if(is_bool($v)) {
$v = $v ? 1 : 0;
}
$sql_args[] = " " . $conn->quoteIdentifier($right) . "=" . $conn->quote($v) . "\n";
}
if (count($sql_args) == 0) {
return $this;
}
$usr_id = $this->user->getId();
$sql = "UPDATE basusr SET\n"
. implode(',', $sql_args)
. " WHERE base_id = :base_id AND usr_id = :usr_id";
$sql_up .= implode(', ', $sql_args) . ' WHERE base_id = :base_id
AND usr_id = :usr_id';
$params = array_merge(
$params
, [':base_id' => $base_id, ':usr_id' => $usr_id]
);
$stmt_up = $this->app->getApplicationBox()->get_connection()->prepare($sql_up);
$stmt_up->execute($params);
$stmt_up->closeCursor();
$stmt = $conn->prepare($sql);
$stmt->execute([':base_id' => $base_id, ':usr_id' => $this->user->getId()]);
$stmt->closeCursor();
$this->delete_data_from_cache(self::CACHE_RIGHTS_BAS);
@@ -1277,10 +1272,10 @@ class ACL implements cache_cacheableInterface
AclEvents::RIGHTS_TO_BASE_CHANGED,
new RightsToBaseChangedEvent(
$this,
array(
[
'base_id' => $base_id,
'rights' => $rights
)
]
)
);
@@ -1293,11 +1288,10 @@ class ACL implements cache_cacheableInterface
*/
public function revoke_unused_sbas_rights()
{
$sql = 'DELETE FROM sbasusr
WHERE usr_id = :usr_id_1
AND sbas_id NOT IN
(SELECT distinct sbas_id FROM basusr bu, bas b
WHERE usr_id = :usr_id_2 AND b.base_id = bu.base_id)';
$sql = "DELETE FROM sbasusr\n"
. " WHERE usr_id = :usr_id_1\n"
. " AND sbas_id NOT IN\n"
. "(SELECT distinct sbas_id FROM basusr bu, bas b WHERE usr_id = :usr_id_2 AND b.base_id = bu.base_id)";
$usr_id = $this->user->getId();
$params = [':usr_id_1' => $usr_id, ':usr_id_2' => $usr_id];
@@ -1312,48 +1306,50 @@ class ACL implements cache_cacheableInterface
}
/**
*
* @param <type> $sbas_id
* @param <type> $rights
* @return ACL
* @param $sbas_id
* @param $rights
* @return $this
* @throws DBALException
* @throws Exception
*/
public function update_rights_to_sbas($sbas_id, $rights)
{
if (!$this->has_access_to_sbas($sbas_id))
if (!$this->has_access_to_sbas($sbas_id)) {
$this->give_access_to_sbas([$sbas_id]);
$sql_up = "UPDATE sbasusr SET ";
}
$sql_args = [];
$usr_id = $this->user->getId();
$conn = $this->app->getApplicationBox()->get_connection();
foreach ($rights as $right => $v) {
$sql_args[] = "`" . $right . "`=" . ($v ? '1' : '0');
if(is_bool($v)) {
$v = $v ? 1 : 0;
}
$sql_args[] = " " . $conn->quoteIdentifier($right) . "=" . $conn->quote($v) . "\n";
}
if (count($sql_args) == 0) {
return $this;
}
$sql_up .= implode(', ', $sql_args) . "\n"
$sql = "UPDATE sbasusr SET\n"
. implode(',', $sql_args)
. " WHERE sbas_id = :sbas_id AND usr_id = :usr_id";
$stmt_up = $this->app->getApplicationBox()->get_connection()->prepare($sql_up);
$stmt = $conn->prepare($sql);
$stmt->execute([':sbas_id' => $sbas_id, ':usr_id' => $this->user->getId()]);
$stmt->closeCursor();
if (!$stmt_up->execute([':sbas_id' => $sbas_id, ':usr_id' => $usr_id])) {
throw new Exception('Error while updating some rights');
}
$stmt_up->closeCursor();
$this->delete_data_from_cache(self::CACHE_RIGHTS_SBAS);
$this->app['dispatcher']->dispatch(
AclEvents::RIGHTS_TO_SBAS_CHANGED,
new RightsToSbasChangedEvent(
$this,
array(
[
'sbas_id' => $sbas_id,
'rights' => $rights
)
]
)
);
@@ -1479,28 +1475,28 @@ class ACL implements cache_cacheableInterface
$this->give_access_to_base([$base_id_dest]);
$rights = [
$this->update_rights_to_base(
$base_id_dest,
[
'mask_and' => $row['mask_and'],
'mask_xor' => $row['mask_xor'],
];
$rights[self::CANPUTINALBUM] = ($row['canputinalbum'] == '1');
$rights[self::CANDWNLDHD] = ($row['candwnldhd'] == '1');
$rights[self::CANDWNLDPREVIEW] = ($row['candwnldpreview'] == '1');
$rights[self::CANCMD] = ($row['cancmd'] == '1');
$rights[self::CANADMIN] = ($row['canadmin'] == '1');
$rights[self::CANREPORT] = ($row['canreport'] == '1');
$rights[self::CANPUSH] = ($row['canpush'] == '1');
$rights[self::NOWATERMARK] = ($row['nowatermark'] == '1');
$rights[self::CANADDRECORD] = ($row['canaddrecord'] == '1');
$rights[self::CANMODIFRECORD] = ($row['canmodifrecord' == '1']);
$rights[self::CANDELETERECORD] = ($row['candeleterecord'] == '1');
$rights[self::CHGSTATUS] = ($row['chgstatus'] == '1');
$rights[self::IMGTOOLS] = ($row['imgtools'] == '1');
$rights[self::COLL_MANAGE] = ($row['manage'] == '1');
$rights[self::COLL_MODIFY_STRUCT] = ($row['modify_struct'] == '1');
$this->update_rights_to_base($base_id_dest, $rights);
self::CANPUTINALBUM => ($row[self::CANPUTINALBUM] == '1'),
self::CANDWNLDHD => ($row[self::CANDWNLDHD] == '1'),
self::CANDWNLDPREVIEW => ($row[self::CANDWNLDPREVIEW] == '1'),
self::CANCMD => ($row[self::CANCMD] == '1'),
self::CANADMIN => ($row[self::CANADMIN] == '1'),
self::CANREPORT => ($row[self::CANREPORT] == '1'),
self::CANPUSH => ($row[self::CANPUSH] == '1'),
self::NOWATERMARK => ($row[self::NOWATERMARK] == '1'),
self::CANADDRECORD => ($row[self::CANADDRECORD] == '1'),
self::CANMODIFRECORD => ($row[self::CANMODIFRECORD] == '1'),
self::CANDELETERECORD => ($row[self::CANDELETERECORD] == '1'),
self::CHGSTATUS => ($row[self::CHGSTATUS] == '1'),
self::IMGTOOLS => ($row[self::IMGTOOLS] == '1'),
self::COLL_MANAGE => ($row[self::COLL_MANAGE] == '1'),
self::COLL_MODIFY_STRUCT => ($row[self::COLL_MODIFY_STRUCT] == '1')
]
);
if ($row['time_limited']) {
$this->set_limits($base_id_dest, $row['time_limited'], new \DateTime($row['limited_from']), new \DateTime($row['limited_to']));
@@ -1599,10 +1595,10 @@ class ACL implements cache_cacheableInterface
}
}
$sql = "UPDATE basusr
SET mask_and=((mask_and & " . $vhex['and_and'] . ") | " . $vhex['and_or'] . ")
,mask_xor=((mask_xor & " . $vhex['xor_and'] . ") | " . $vhex['xor_or'] . ")
WHERE usr_id = :usr_id and base_id = :base_id";
$sql = "UPDATE basusr\n"
. " SET mask_and=((mask_and & " . $vhex['and_and'] . ") | " . $vhex['and_or'] . "),\n"
. " mask_xor=((mask_xor & " . $vhex['xor_and'] . ") | " . $vhex['xor_or'] . ")\n"
. " WHERE usr_id = :usr_id and base_id = :base_id";
$stmt = $this->app->getApplicationBox()->get_connection()->prepare($sql);
$stmt->execute([':base_id' => $base_id, ':usr_id' => $this->user->getId()]);
@@ -1661,31 +1657,18 @@ class ACL implements cache_cacheableInterface
public function set_limits($base_id, $limit, DateTime $limit_from = null, DateTime $limit_to = null)
{
if ($limit) {
$sql = 'UPDATE basusr
SET time_limited = 1
, limited_from = :limited_from
, limited_to = :limited_to
WHERE base_id = :base_id AND usr_id = :usr_id';
} else {
$sql = 'UPDATE basusr
SET time_limited = 0
, limited_from = :limited_from
, limited_to = :limited_to
WHERE base_id = :base_id AND usr_id = :usr_id';
}
$params = [
':usr_id' => $this->user->getId(),
':base_id' => $base_id,
'limited_from' => NullableDateTime::format($limit_from, DATE_ISO8601),
'limited_to' => NullableDateTime::format($limit_to, DATE_ISO8601),
];
$sql = "UPDATE basusr\n"
. " SET time_limited = :time_limited, limited_from = :limited_from, limited_to = :limited_to\n"
. " WHERE base_id = :base_id AND usr_id = :usr_id";
$stmt = $this->app->getApplicationBox()->get_connection()->prepare($sql);
$stmt->execute($params);
$stmt->execute([
':time_limited' => $limit ? 1 : 0,
':usr_id' => $this->user->getId(),
':base_id' => $base_id,
':limited_from' => NullableDateTime::format($limit_from, DATE_ISO8601),
':limited_to' => NullableDateTime::format($limit_to, DATE_ISO8601),
]);
$stmt->closeCursor();
$this->delete_data_from_cache(self::CACHE_LIMITS_BAS);

2
lib/classes/User/Query.php
View File

@@ -14,7 +14,7 @@ use Alchemy\Phrasea\Model\Entities\User;
use Doctrine\Common\Collections\ArrayCollection;
use Alchemy\Phrasea\Utilities\Countries;
class User_Query implements User_QueryInterface
class User_Query
{
const ORD_ASC = 'ASC';
const ORD_DESC = 'DESC';

47
lib/classes/User/QueryInterface.php
View File

@@ -1,47 +0,0 @@
<?php
/*
* This file is part of Phraseanet
*
* (c) 2005-2016 Alchemy
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
use Alchemy\Phrasea\Application;
interface User_QueryInterface
{
public function __construct(Application $app);
public function get_results();
public function who_have_right(Array $rights);
public function who_have_not_right(Array $rights);
public function execute();
public function get_total();
public function get_page();
public function on_bases_where_i_am(ACL $ACL, Array $rights);
public function on_sbas_where_i_am(ACL $ACL, Array $rights);
public function limit($offset_start, $results_quantity);
public function like($like_field, $like_value);
public function like_match($like_match);
public function on_sbas_ids(Array $sbas_ids);
public function on_base_ids(Array $base_ids);
public function sort_by($sort, $ord = 'asc');
public function get_inactives($boolean = true);
}

55
lib/classes/databox.php
View File

@@ -1119,11 +1119,12 @@ class databox extends base implements ThumbnailedElement
$this->app->getAclForUser($user)
->give_access_to_sbas([$this->id])
->update_rights_to_sbas(
$this->id, [
\ACL::BAS_MANAGE => 1,
\ACL::BAS_MODIFY_STRUCT => 1,
\ACL::BAS_MODIF_TH => 1,
\ACL::BAS_CHUPUB => 1
$this->id,
[
\ACL::BAS_MANAGE => true,
\ACL::BAS_MODIFY_STRUCT => true,
\ACL::BAS_MODIF_TH => true,
\ACL::BAS_CHUPUB => true
]
);
@@ -1133,9 +1134,7 @@ class databox extends base implements ThumbnailedElement
$rs = $stmt->fetchAll(PDO::FETCH_ASSOC);
$stmt->closeCursor();
$sql = "INSERT INTO bas
(base_id, active, server_coll_id, sbas_id) VALUES
(null,'1', :coll_id, :sbas_id)";
$sql = "INSERT INTO bas (active, server_coll_id, sbas_id) VALUES ('1', :coll_id, :sbas_id)";
$stmt = $conn->prepare($sql);
$base_ids = [];
@@ -1156,24 +1155,28 @@ class databox extends base implements ThumbnailedElement
$this->app->getAclForUser($user)->give_access_to_base($base_ids);
foreach ($base_ids as $base_id) {
$this->app->getAclForUser($user)->update_rights_to_base($base_id, [
\ACL::CANPUSH => 1,
\ACL::CANCMD => 1,
\ACL::CANPUTINALBUM => 1,
\ACL::CANDWNLDHD => 1,
\ACL::CANDWNLDPREVIEW => 1,
\ACL::CANADMIN => 1,
\ACL::ACTIF => 1,
\ACL::CANREPORT => 1,
\ACL::CANADDRECORD => 1,
\ACL::CANMODIFRECORD => 1,
\ACL::CANDELETERECORD => 1,
\ACL::CHGSTATUS => 1,
\ACL::IMGTOOLS => 1,
\ACL::COLL_MANAGE => 1,
\ACL::COLL_MODIFY_STRUCT => 1,
\ACL::NOWATERMARK => 1
]);
$this->app->getAclForUser($user)
->update_rights_to_base(
$base_id,
[
\ACL::CANPUSH => true,
\ACL::CANCMD => true,
\ACL::CANPUTINALBUM => true,
\ACL::CANDWNLDHD => true,
\ACL::CANDWNLDPREVIEW => true,
\ACL::CANADMIN => true,
\ACL::ACTIF => true,
\ACL::CANREPORT => true,
\ACL::CANADDRECORD => true,
\ACL::CANMODIFRECORD => true,
\ACL::CANDELETERECORD => true,
\ACL::CHGSTATUS => true,
\ACL::IMGTOOLS => true,
\ACL::COLL_MANAGE => true,
\ACL::COLL_MODIFY_STRUCT => true,
\ACL::NOWATERMARK => true
]
);
}
$this->app->getAclForUser($user)->delete_data_from_cache();

2
templates/web/admin/publications/fiche.html.twig
View File

@@ -106,7 +106,7 @@
<div class="controls">
<select id="edit_pub_base_id" class="input-large" name="base_id" {% if feed.isPublic() %}disabled="disabled"{% endif %}>
<option value="">{{ 'Non-Restreinte (publique)' | trans }}</option>
{% for databox in app.getAclForUser(app.getAuthenticatedUser()).get_granted_sbas(constant('\\ACL::BAS_CHUPUB')) %}
{% for databox in app.getAclForUser(app.getAuthenticatedUser()).get_granted_sbas([constant('\\ACL::BAS_CHUPUB')]) %}
<optgroup label="{{ databox.get_label(app['locale']) }}">
{% for collection in databox.get_collections() %}
<option {% if feed.getBaseId() and feed.getCollection(app).get_base_id() == collection.get_base_id() %}selected="selected"{% endif %} value="{{ collection.get_base_id() }}">{{ collection.get_name() }}</option>

2
templates/web/admin/publications/list.html.twig
View File

@@ -23,7 +23,7 @@
<div class="controls">
<select id="add_pub_base_id" class="input-large" name="base_id">
<option value="">{{ 'Non-Restreinte (publique)' | trans }}</option>
{% for databox in app.getAclForUser(app.getAuthenticatedUser()).get_granted_sbas(constant('\\ACL::BAS_CHUPUB')) %}
{% for databox in app.getAclForUser(app.getAuthenticatedUser()).get_granted_sbas([constant('\\ACL::BAS_CHUPUB')]) %}
<optgroup label="{{ databox.get_label(app['locale']) }}">
{% for collection in databox.get_collections() %}
<option value="{{ collection.get_base_id() }}">{{ collection.get_name() }}</option>

2
templates/web/common/caption.html.twig
View File

@@ -1,6 +1,6 @@
{% import 'common/macros.html.twig' as macro %}
{% set business = granted_on_collection(record.baseId, constant('\\ACL::CANMODIFRECORD')) %}
{% set business = granted_on_collection(record.baseId, [constant('\\ACL::CANMODIFRECORD')]) %}
{% set display_exif = true %}
{% if view == 'answer' %}

2
templates/web/prod/preview/caption.html.twig
View File

@@ -1,6 +1,6 @@
{% import 'common/macros.html.twig' as macro %}
{% set can_edit = granted_on_collection(record.baseId, constant('\\ACL::CANMODIFRECORD')) %}
{% set can_edit = granted_on_collection(record.baseId, [constant('\\ACL::CANMODIFRECORD')]) %}
{% set can_see_business = can_edit %}
{% if can_edit %}

2
templates/web/prod/results/list.html.twig
View File

@@ -13,7 +13,7 @@
<td valign="middle">
<div class='desc' style='max-height:{{ settings.images_size + 70 }}px;overflow-y:auto;'>
<div class="fixeddesc">
{% set can_see_business = granted_on_collection(record.baseId, constant('\\ACL::CANMODIFRECORD')) %}
{% set can_see_business = granted_on_collection(record.baseId, [constant('\\ACL::CANMODIFRECORD')]) %}
{{ macro.caption(record, can_see_business) }}
</div>
</div>

6
templates/web/prod/results/record.html.twig
View File

@@ -18,7 +18,7 @@
</div>
</div>
{% set can_see_business = granted_on_collection(record.baseId, constant('\\ACL::CANMODIFRECORD')) %}
{% set can_see_business = granted_on_collection(record.baseId, [constant('\\ACL::CANMODIFRECORD')]) %}
<div class="thumb captionTips"
{% if settings.rollover_thumbnail == 'caption' %}title="{{ macro.caption(record, can_see_business, false) | e }}"{% endif %}
@@ -105,7 +105,7 @@
<tr>
<td>
<div class="context-menu context-menu-theme-vista">
{% if granted_on_collection(record.baseId, constant('\\ACL::CANPUTINALBUM')) and not record.story %}
{% if granted_on_collection(record.baseId, [constant('\\ACL::CANPUTINALBUM')]) and not record.story %}
<div title="" class="context-menu-item">
<div class="context-menu-item-inner"
onclick="evt_add_in_chutier('{{record.databoxId}}','{{record.recordId}}',false,this);return(false);">
@@ -113,7 +113,7 @@
</div>
</div>
{% endif %}
{% if granted_on_collection(record.baseId, constant('\\ACL::CANDWNLDPREVIEW')) or granted_on_collection(record.baseId, constant('\\ACL::CANDWNLDHD')) %}
{% if granted_on_collection(record.baseId, [constant('\\ACL::CANDWNLDPREVIEW')]) or granted_on_collection(record.baseId, [constant('\\ACL::CANDWNLDHD')]) %}
<div title="" class="context-menu-item">
<div class="context-menu-item-inner"
onclick="evt_dwnl('{{record.id}}',false,this);return(false);">

45
tests/Alchemy/Tests/Phrasea/Controller/Admin/UsersTest.php
View File

@@ -1,6 +1,8 @@
<?php
namespace Alchemy\Tests\Phrasea\Controller\Admin;
use \Databox;
use Symfony\Component\HttpKernel\Client;
/**
@@ -339,29 +341,34 @@ class UsersTest extends \PhraseanetAuthenticatedWebTestCase
self::$DI['app']->getAclForUser($user)->give_access_to_sbas(array_keys(self::$DI['app']->getDataboxes()));
/** @var Databox $databox */
foreach (self::$DI['app']->getDataboxes() as $databox) {
$rights = [
\ACL::BAS_MANAGE => '1',
\ACL::BAS_MODIFY_STRUCT => '1',
\ACL::BAS_MODIF_TH => '1',
\ACL::BAS_CHUPUB => '1',
];
self::$DI['app']->getAclForUser($user)->update_rights_to_sbas($databox->get_sbas_id(), $rights);
self::$DI['app']->getAclForUser($user)
->update_rights_to_sbas(
$databox->get_sbas_id(),
[
\ACL::BAS_MANAGE => true,
\ACL::BAS_MODIFY_STRUCT => true,
\ACL::BAS_MODIF_TH => true,
\ACL::BAS_CHUPUB => true,
]
);
foreach ($databox->get_collections() as $collection) {
$base_id = $collection->get_base_id();
self::$DI['app']->getAclForUser($user)->give_access_to_base([$base_id]);
$rights = [
\ACL::CANPUTINALBUM => '1',
\ACL::CANDWNLDHD => '1',
'candwnldsubdef' => '1',
\ACL::NOWATERMARK => '1'
];
self::$DI['app']->getAclForUser($user)
->update_rights_to_base(
$collection->get_base_id(),
[
\ACL::CANPUTINALBUM => true,
\ACL::CANDWNLDHD => true,
\ACL::NOWATERMARK => true
]
);
self::$DI['app']->getAclForUser($user)->update_rights_to_base($collection->get_base_id(), $rights);
break;
}
}
@@ -444,7 +451,13 @@ class UsersTest extends \PhraseanetAuthenticatedWebTestCase
// create a template
if (null === self::$DI['app']['repo.users']->findByLogin('csv_template')) {
$user = self::$DI['app']['manipulator.user']->createTemplate('csv_template', self::$DI['app']->getAuthenticatedUser());
self::$DI['app']->getAclForUser($user)->update_rights_to_base(self::$DI['collection']->get_base_id(), ['actif'=> 1]);
self::$DI['app']->getAclForUser($user)
->update_rights_to_base(
self::$DI['collection']->get_base_id(),
[
\ACL::ACTIF => true
]
);
}
$nativeQueryMock = $this->getMockBuilder('Alchemy\Phrasea\Model\NativeQueryProvider')

26
tests/Alchemy/Tests/Phrasea/Controller/Api/ApiJsonTest.php
View File

@@ -1009,11 +1009,12 @@ class ApiJsonTest extends ApiTestCase
if ('none' !== $collection->get_pub_wm()) {
$collection->set_public_presentation('none');
}
$app->getAclForUser(self::$DI['user_notAdmin'])->update_rights_to_base(
$app->getAclForUser(self::$DI['user_notAdmin'])
->update_rights_to_base(
$collection->get_base_id(),
[
\ACL::CANDWNLDPREVIEW => 1,
\ACL::CANDWNLDHD => 1
\ACL::CANDWNLDPREVIEW => true,
\ACL::CANDWNLDHD => true
]
);
@@ -1053,10 +1054,14 @@ class ApiJsonTest extends ApiTestCase
{
$this->setToken($this->userAccessToken);
self::$DI['app']->getAclForUser(self::$DI['user_notAdmin'])->update_rights_to_base(self::$DI['collection']->get_base_id(), array(
\ACL::CANDWNLDPREVIEW => 1,
\ACL::CANDWNLDHD => 0
));
self::$DI['app']->getAclForUser(self::$DI['user_notAdmin'])
->update_rights_to_base(
self::$DI['collection']->get_base_id(),
[
\ACL::CANDWNLDPREVIEW => true,
\ACL::CANDWNLDHD => false
]
);
$route = '/api/v1/records/' . self::$DI['record_1']->get_sbas_id() . '/' . self::$DI['record_1']->get_record_id() . '/embed/';
@@ -1077,11 +1082,12 @@ class ApiJsonTest extends ApiTestCase
{
$this->setToken($this->userAccessToken);
self::$DI['app']->getAclForUser(self::$DI['user_notAdmin'])->update_rights_to_base(
self::$DI['app']->getAclForUser(self::$DI['user_notAdmin'])
->update_rights_to_base(
self::$DI['collection']->get_base_id(),
[
\ACL::CANDWNLDPREVIEW => 0,
\ACL::CANDWNLDHD => 0
\ACL::CANDWNLDPREVIEW => false,
\ACL::CANDWNLDHD => false
]
);

11
tests/Alchemy/Tests/Phrasea/Controller/RecordsRequestTest.php
View File

@@ -79,7 +79,12 @@ class RecordsRequestTest extends \PhraseanetAuthenticatedTestCase
public function testSimpleWithoutSbasRights()
{
self::$DI['app']->getAclForUser(self::$DI['app']->getAuthenticatedUser())
->update_rights_to_sbas(self::$DI['record_2']->get_sbas_id(), [\ACL::BAS_CHUPUB => 0]);
->update_rights_to_sbas(
self::$DI['record_2']->get_sbas_id(),
[
\ACL::BAS_CHUPUB => false
]
);
$request = new Request([
'lst' => implode(';', [
@@ -107,7 +112,9 @@ class RecordsRequestTest extends \PhraseanetAuthenticatedTestCase
self::$DI['app']->getAclForUser(self::$DI['app']->getAuthenticatedUser())
->update_rights_to_base(
self::$DI['record_2']->get_base_id(),
[\ACL::CHGSTATUS => 0]
[
\ACL::CHGSTATUS => false
]
);
$request = new Request([

62
tests/Alchemy/Tests/Phrasea/Model/Manipulator/ACLManipulatorTest.php
View File

@@ -2,6 +2,9 @@
namespace Alchemy\Tests\Phrasea\Model\Manipulator;
use \ACL;
use \Databox;
/**
* @group functional
* @group legacy
@@ -11,46 +14,53 @@ class ACLManipulatorTest extends \PhraseanetTestCase
public function testResetAdminRights()
{
$user = self::$DI['app']['manipulator.user']->createUser(uniqid('toto'), 'toto', null, true);
/** @var ACL $acl */
$acl = self::$DI['app']->getAclForUser($user);
$databoxId = null;
$baseId = null;
/** @var Databox $databox */
foreach (self::$DI['app']->getDataboxes() as $databox) {
$databoxId = $databox->get_sbas_id();
$acl->update_rights_to_sbas($databoxId, [
\ACL::BAS_MANAGE => '0',
\ACL::BAS_MODIFY_STRUCT => '0',
\ACL::BAS_MODIF_TH => '0',
\ACL::BAS_CHUPUB => '0',
]);
$acl->update_rights_to_sbas(
$databoxId,
[
\ACL::BAS_MANAGE => false,
\ACL::BAS_MODIFY_STRUCT => false,
\ACL::BAS_MODIF_TH => false,
\ACL::BAS_CHUPUB => false
]
);
foreach ($databox->get_collections() as $collection) {
$baseId = $collection->get_base_id();
$acl->set_limits($baseId, true);
$acl->set_masks_on_base($baseId, '1', '1', '1', '1');
$acl->update_rights_to_base($baseId, [
\ACL::CANPUTINALBUM => '0',
\ACL::CANDWNLDHD => '0',
'candwnldsubdef' => '0',
\ACL::NOWATERMARK => '0',
\ACL::CANDWNLDPREVIEW => '0',
\ACL::CANCMD => '0',
\ACL::CANADMIN => '0',
\ACL::CANREPORT => '0',
\ACL::CANPUSH => '0',
'creationdate' => '0',
\ACL::CANADDRECORD => '0',
\ACL::CANMODIFRECORD => '0',
\ACL::CANDELETERECORD => '0',
\ACL::CHGSTATUS => '0',
\ACL::IMGTOOLS => '0',
\ACL::COLL_MANAGE => '0',
\ACL::COLL_MODIFY_STRUCT => '0',
\ACL::BAS_MODIFY_STRUCT => '0'
]);
$acl->update_rights_to_base(
$baseId,
[
'creationdate' => '0', // todo: wtf
\ACL::CANPUTINALBUM => false,
\ACL::CANDWNLDHD => false,
\ACL::NOWATERMARK => false,
\ACL::CANDWNLDPREVIEW => false,
\ACL::CANCMD => false,
\ACL::CANADMIN => false,
\ACL::CANREPORT => false,
\ACL::CANPUSH => false,
\ACL::CANADDRECORD => false,
\ACL::CANMODIFRECORD => false,
\ACL::CANDELETERECORD => false,
\ACL::CHGSTATUS => false,
\ACL::IMGTOOLS => false,
\ACL::COLL_MANAGE => false,
\ACL::COLL_MODIFY_STRUCT => false,
\ACL::BAS_MODIFY_STRUCT => false
]
);
break 2;
}

193
tests/classes/ACLTest.php
View File

@@ -118,7 +118,7 @@ class ACLTest extends \PhraseanetTestCase
public function testGive_access_to_sbas()
{
/** @var Databox $databox */
foreach (self::$DI['app']->getDataboxes() as $databox) {
$sbas_id = $databox->get_sbas_id();
$base_ids = [];
@@ -136,6 +136,7 @@ class ACLTest extends \PhraseanetTestCase
public function testRevoke_unused_sbas_rights()
{
/** @var Databox $databox */
foreach (self::$DI['app']->getDataboxes() as $databox) {
$sbas_id = $databox->get_sbas_id();
$base_ids = [];
@@ -158,6 +159,7 @@ class ACLTest extends \PhraseanetTestCase
public function testSet_quotas_on_base()
{
/** @var Databox $databox */
foreach (self::$DI['app']->getDataboxes() as $databox) {
foreach ($databox->get_collections() as $collection) {
$base_id = $collection->get_base_id();
@@ -178,10 +180,10 @@ class ACLTest extends \PhraseanetTestCase
public function testDuplicate_right_from_bas()
{
$first = true;
$base_ref = null;
/** @var Databox $databox */
foreach (self::$DI['app']->getDataboxes() as $databox) {
foreach ($databox->get_collections() as $collection) {
$base_id = $collection->get_base_id();
@@ -189,12 +191,15 @@ class ACLTest extends \PhraseanetTestCase
$this->object->give_access_to_base([$base_id]);
if ($first) {
$this->object->update_rights_to_base($base_id, [
$this->object->update_rights_to_base(
$base_id,
[
\ACL::IMGTOOLS => true,
\ACL::CHGSTATUS => true,
\ACL::CANADDRECORD => true,
\ACL::CANPUTINALBUM => true
]);
]
);
$base_ref = $base_id;
} else {
$this->object->duplicate_right_from_bas($base_ref, $base_id);
@@ -233,21 +238,34 @@ class ACLTest extends \PhraseanetTestCase
\ACL::CANADDRECORD => true,
];
/** @var Databox $databox */
foreach (self::$DI['app']->getDataboxes() as $databox) {
foreach ($databox->get_collections() as $collection) {
$base_id = $collection->get_base_id();
$this->object->give_access_to_base([$base_id]);
$this->object->update_rights_to_base($base_id, $rights_false);
$this->object->update_rights_to_base(
$base_id,
$rights_false
);
$this->assertFalse($this->object->has_right_on_base($base_id, \ACL::IMGTOOLS));
$this->assertFalse($this->object->has_right_on_base($base_id, \ACL::CHGSTATUS));
$this->assertFalse($this->object->has_right_on_base($base_id, \ACL::CANADDRECORD));
$this->assertFalse($this->object->has_right_on_base($base_id, \ACL::CANPUTINALBUM));
$this->object->update_rights_to_base($base_id, $rights_true);
$this->object->update_rights_to_base(
$base_id,
$rights_true
);
$this->assertTrue($this->object->has_right_on_base($base_id, \ACL::IMGTOOLS));
$this->assertTrue($this->object->has_right_on_base($base_id, \ACL::CHGSTATUS));
$this->assertTrue($this->object->has_right_on_base($base_id, \ACL::CANADDRECORD));
$this->assertFalse($this->object->has_right_on_base($base_id, \ACL::CANPUTINALBUM));
$this->object->update_rights_to_base($base_id, $rights_false);
$this->object->update_rights_to_base(
$base_id,
$rights_false
);
$this->assertFalse($this->object->has_right_on_base($base_id, \ACL::IMGTOOLS));
$this->assertFalse($this->object->has_right_on_base($base_id, \ACL::CHGSTATUS));
$this->assertFalse($this->object->has_right_on_base($base_id, \ACL::CANADDRECORD));
@@ -262,6 +280,7 @@ class ACLTest extends \PhraseanetTestCase
*/
public function testGetSetOrder_master()
{
/** @var Appbox $appbox */
$appbox = self::$DI['app']['phraseanet.appbox'];
$acl = $this->object;
@@ -338,19 +357,26 @@ class ACLTest extends \PhraseanetTestCase
public function testHasRight()
{
/** @var Databox $databox */
$databox = self::$DI['collection']->get_databox();
$this->object->give_access_to_sbas([$databox->get_sbas_id()]);
$this->object->update_rights_to_sbas($databox->get_sbas_id(), [
$this->object->update_rights_to_sbas(
$databox->get_sbas_id(),
[
\ACL::BAS_MODIFY_STRUCT => false,
\ACL::BAS_MODIF_TH => false,
]);
\ACL::BAS_MODIF_TH => false
]
);
$this->assertFalse($this->object->has_right(\ACL::BAS_MODIFY_STRUCT ));
$this->assertFalse($this->object->has_right(\ACL::BAS_MODIF_TH));
$this->object->update_rights_to_sbas($databox->get_sbas_id(), [
\ACL::BAS_MODIFY_STRUCT => true,
]);
$this->object->update_rights_to_sbas(
$databox->get_sbas_id(),
[
\ACL::BAS_MODIFY_STRUCT => true
]
);
$this->assertTrue($this->object->has_right(\ACL::BAS_MODIFY_STRUCT ));
$this->assertFalse($this->object->has_right(\ACL::BAS_MODIF_TH));
@@ -362,29 +388,42 @@ class ACLTest extends \PhraseanetTestCase
\ACL::BAS_MODIFY_STRUCT => false,
\ACL::BAS_MANAGE => false,
\ACL::BAS_CHUPUB => false,
\ACL::BAS_MODIF_TH => false,
\ACL::BAS_MODIF_TH => false
];
$rights_true = [
\ACL::BAS_MODIFY_STRUCT => true,
\ACL::BAS_MANAGE => true,
\ACL::BAS_CHUPUB => true,
\ACL::BAS_MODIF_TH => true,
\ACL::BAS_MODIF_TH => true
];
/** @var Databox $databox */
foreach (self::$DI['app']->getDataboxes() as $databox) {
$this->object->give_access_to_sbas([$databox->get_sbas_id()]);
$this->object->update_rights_to_sbas($databox->get_sbas_id(), $rights_false);
$this->object->update_rights_to_sbas(
$databox->get_sbas_id(),
$rights_false
);
$this->assertFalse($this->object->has_right_on_sbas($databox->get_sbas_id(), \ACL::BAS_MODIFY_STRUCT));
$this->assertFalse($this->object->has_right_on_sbas($databox->get_sbas_id(), \ACL::BAS_MANAGE));
$this->assertFalse($this->object->has_right_on_sbas($databox->get_sbas_id(), \ACL::BAS_CHUPUB));
$this->assertFalse($this->object->has_right_on_sbas($databox->get_sbas_id(), \ACL::BAS_MODIF_TH));
$this->object->update_rights_to_sbas($databox->get_sbas_id(), $rights_true);
$this->object->update_rights_to_sbas(
$databox->get_sbas_id(),
$rights_true
);
$this->assertTrue($this->object->has_right_on_sbas($databox->get_sbas_id(), \ACL::BAS_MODIFY_STRUCT));
$this->assertTrue($this->object->has_right_on_sbas($databox->get_sbas_id(), \ACL::BAS_MANAGE));
$this->assertTrue($this->object->has_right_on_sbas($databox->get_sbas_id(), \ACL::BAS_CHUPUB));
$this->assertTrue($this->object->has_right_on_sbas($databox->get_sbas_id(), \ACL::BAS_MODIF_TH));
$this->object->update_rights_to_sbas($databox->get_sbas_id(), $rights_false);
$this->object->update_rights_to_sbas(
$databox->get_sbas_id(),
$rights_false
);
$this->assertFalse($this->object->has_right_on_sbas($databox->get_sbas_id(), \ACL::BAS_MODIFY_STRUCT));
$this->assertFalse($this->object->has_right_on_sbas($databox->get_sbas_id(), \ACL::BAS_MANAGE));
$this->assertFalse($this->object->has_right_on_sbas($databox->get_sbas_id(), \ACL::BAS_CHUPUB));
@@ -394,18 +433,39 @@ class ACLTest extends \PhraseanetTestCase
public function testGet_mask_and()
{
/** @var Databox $databox */
foreach (self::$DI['app']->getDataboxes() as $databox) {
foreach ($databox->get_collections() as $collection) {
$base_id = $collection->get_base_id();
$this->object->give_access_to_base([$base_id]);
$this->object->update_rights_to_base($base_id, ['actif' => false]);
$this->object->update_rights_to_base(
$base_id,
[
\ACL::ACTIF => false
]
);
$this->assertFalse($this->object->get_mask_and($base_id));
$this->object->update_rights_to_base($base_id, ['mask_and' => 42]);
$this->object->update_rights_to_base(
$base_id,
[
'mask_and' => 42
]
);
$this->assertEquals('42', $this->object->get_mask_and($base_id));
$this->object->update_rights_to_base($base_id, ['mask_and' => 1]);
$this->object->update_rights_to_base(
$base_id,
[
'mask_and' => 1
]
);
$this->assertEquals('1', $this->object->get_mask_and($base_id));
$this->object->update_rights_to_base($base_id, ['mask_and' => 0]);
$this->object->update_rights_to_base(
$base_id,
[
'mask_and' => 0
]
);
$this->assertEquals('0', $this->object->get_mask_and($base_id));
}
}
@@ -413,19 +473,45 @@ class ACLTest extends \PhraseanetTestCase
public function testGet_mask_xor()
{
/** @var Databox $databox */
foreach (self::$DI['app']->getDataboxes() as $databox) {
foreach ($databox->get_collections() as $collection) {
$base_id = $collection->get_base_id();
$this->object->give_access_to_base([$base_id]);
$this->object->update_rights_to_base($base_id, ['actif' => false]);
$this->object->update_rights_to_base(
$base_id,
[
\ACL::ACTIF => false
]
);
$this->assertFalse($this->object->get_mask_xor($base_id));
$this->object->update_rights_to_base($base_id, ['actif' => true]);
$this->object->update_rights_to_base($base_id, ['mask_xor' => 42]);
$this->object->update_rights_to_base(
$base_id,
[
\ACL::ACTIF => true
]
);
$this->object->update_rights_to_base(
$base_id,
[
'mask_xor' => 42
]
);
$this->assertEquals('42', $this->object->get_mask_xor($base_id));
$this->object->update_rights_to_base($base_id, ['mask_xor' => 1]);
$this->object->update_rights_to_base(
$base_id,
[
'mask_xor' => 0
]
);
$this->assertEquals('1', $this->object->get_mask_xor($base_id));
$this->object->update_rights_to_base($base_id, ['mask_xor' => 0]);
$this->object->update_rights_to_base(
$base_id,
[
'mask_xor' => 0
]
);
$this->assertEquals('0', $this->object->get_mask_xor($base_id));
}
}
@@ -435,6 +521,8 @@ class ACLTest extends \PhraseanetTestCase
{
$base_ids = [];
$n = 0;
/** @var Databox $databox */
foreach (self::$DI['app']->getDataboxes() as $databox) {
foreach ($databox->get_collections() as $collection) {
$base_ids[] = $collection->get_base_id();
@@ -460,21 +548,36 @@ class ACLTest extends \PhraseanetTestCase
$this->assertEquals(1, $row['actif']);
$this->assertTrue($this->object->has_access_to_base($base_id));
$this->object->update_rights_to_base($base_id, ['actif' => false]);
$this->object->update_rights_to_base(
$base_id,
[
\ACL::ACTIF => false
]
);
$stmt->execute([':usr_id' => self::$DI['user']->getId(), ':base_id' => $base_id]);
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$this->assertEquals(0, $row['actif']);
$this->assertFalse($this->object->has_access_to_base($base_id));
$this->object->update_rights_to_base($base_id, ['actif' => true]);
$this->object->update_rights_to_base(
$base_id,
[
\ACL::ACTIF => true
]
);
$stmt->execute([':usr_id' => self::$DI['user']->getId(), ':base_id' => $base_id]);
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$this->assertEquals(1, $row['actif']);
$this->assertTrue($this->object->has_access_to_base($base_id));
$this->object->update_rights_to_base($base_id, ['actif' => false]);
$this->object->update_rights_to_base(
$base_id,
[
\ACL::ACTIF => false
]
);
$this->assertFalse($this->object->has_access_to_base($base_id));
}
$this->object->give_access_to_base($base_ids);
@@ -489,6 +592,8 @@ class ACLTest extends \PhraseanetTestCase
{
$base_ids = [];
$n = 0;
/** @var Databox $databox */
foreach (self::$DI['app']->getDataboxes() as $databox) {
foreach ($databox->get_collections() as $collection) {
$base_ids[] = $collection->get_base_id();
@@ -521,6 +626,8 @@ class ACLTest extends \PhraseanetTestCase
{
$sbas_ids = [];
$n = 0;
/** @var Databox $databox */
foreach (self::$DI['app']->getDataboxes() as $databox) {
$sbas_ids[] = $databox->get_sbas_id();
$n ++;
@@ -568,7 +675,12 @@ class ACLTest extends \PhraseanetTestCase
foreach ($databox->get_collections() as $collection) {
$base_id = $collection->get_base_id();
$base_ids[] = $base_id;
$this->object->update_rights_to_base($base_id, [\ACL::CANREPORT => true]);
$this->object->update_rights_to_base(
$base_id,
[
\ACL::CANREPORT => true
]
);
$found = true;
break;
}
@@ -579,8 +691,14 @@ class ACLTest extends \PhraseanetTestCase
$this->assertFalse($this->object->has_access_to_module('thesaurus'));
$this->assertFalse($this->object->has_access_to_module('upload'));
/** @var Databox $databox */
foreach (self::$DI['app']->getDataboxes() as $databox) {
$this->object->update_rights_to_sbas($databox->get_sbas_id(), [\ACL::BAS_MODIF_TH => true]);
$this->object->update_rights_to_sbas(
$databox->get_sbas_id(),
[
\ACL::BAS_MODIF_TH => true
]
);
$found = true;
}
$this->assertTrue($this->object->has_access_to_module('report'));
@@ -592,7 +710,12 @@ class ACLTest extends \PhraseanetTestCase
foreach ($databox->get_collections() as $collection) {
$base_id = $collection->get_base_id();
$base_ids[] = $base_id;
$this->object->update_rights_to_base($base_id, [\ACL::CANADDRECORD => true]);
$this->object->update_rights_to_base(
$base_id,
[
\ACL::CANADDRECORD => true
]
);
$found = true;
break;
}
@@ -606,9 +729,9 @@ class ACLTest extends \PhraseanetTestCase
public function testis_limited()
{
$found = false;
/** @var Databox $databox */
foreach (self::$DI['app']->getDataboxes() as $databox) {
foreach ($databox->get_collections() as $collection) {
$base_id = $collection->get_base_id();
@@ -639,9 +762,9 @@ class ACLTest extends \PhraseanetTestCase
public function testget_limits()
{
$found = false;
/** @var Databox $databox */
foreach (self::$DI['app']->getDataboxes() as $databox) {
foreach ($databox->get_collections() as $collection) {
$base_id = $collection->get_base_id();

17
tests/classes/PhraseanetAuthenticatedWebTestCase.php
View File

@@ -108,14 +108,15 @@ abstract class PhraseanetAuthenticatedWebTestCase extends \PhraseanetAuthenticat
self::$createdDataboxes[] = $databox;
$rights = [
\ACL::BAS_MANAGE => '1',
\ACL::BAS_MODIFY_STRUCT => '1',
\ACL::BAS_MODIF_TH => '1',
\ACL::BAS_CHUPUB => '1'
];
$app->getAclForUser($app->getAuthenticatedUser())->update_rights_to_sbas($databox->get_sbas_id(), $rights);
$app->getAclForUser($app->getAuthenticatedUser())->update_rights_to_sbas(
$databox->get_sbas_id(),
[
\ACL::BAS_MANAGE => true,
\ACL::BAS_MODIFY_STRUCT => true,
\ACL::BAS_MODIF_TH => true,
\ACL::BAS_CHUPUB => true
]
);
$databox->registerAdmin($app->getAuthenticatedUser());

68
tests/classes/PhraseanetTestCase.php
View File

@@ -571,14 +571,15 @@ abstract class PhraseanetTestCase extends WebTestCase
foreach ($app->getDataboxes() as $databox) {
$app->getAclForUser($user)->delete_data_from_cache(\ACL::CACHE_RIGHTS_SBAS);
$rights = [
\ACL::BAS_MANAGE => '1',
\ACL::BAS_MODIFY_STRUCT => '1',
\ACL::BAS_MODIF_TH => '1',
\ACL::BAS_CHUPUB => '1'
];
$app->getAclForUser($user)->update_rights_to_sbas($databox->get_sbas_id(), $rights);
$app->getAclForUser($user)->update_rights_to_sbas(
$databox->get_sbas_id(),
[
\ACL::BAS_MANAGE => true,
\ACL::BAS_MODIFY_STRUCT => true,
\ACL::BAS_MODIF_TH => true,
\ACL::BAS_CHUPUB => true
]
);
foreach ($databox->get_collections() as $collection) {
if (null !== $base_ids && !in_array($collection->get_base_id(), (array) $base_ids, true)) {
@@ -594,30 +595,35 @@ abstract class PhraseanetTestCase extends WebTestCase
$app->getAclForUser($user)->delete_data_from_cache(\ACL::CACHE_RIGHTS_BAS);
$app->getAclForUser($user)->give_access_to_base([$base_id]);
$app->getAclForUser($user)->update_rights_to_base($base_id, [\ACL::ORDER_MASTER => true]);
$app->getAclForUser($user)->update_rights_to_base(
$base_id,
[
\ACL::ORDER_MASTER => true
]
);
$rights = [
\ACL::CANPUTINALBUM => '1',
\ACL::CANDWNLDHD => '1',
'candwnldsubdef' => '1',
\ACL::NOWATERMARK => '1',
\ACL::CANDWNLDPREVIEW => '1',
\ACL::CANCMD => '1',
\ACL::CANADMIN => '1',
\ACL::CANREPORT => '1',
\ACL::CANPUSH => '1',
'creationdate' => '1',
\ACL::CANADDRECORD => '1',
\ACL::CANMODIFRECORD => '1',
\ACL::CANDELETERECORD => '1',
\ACL::CHGSTATUS => '1',
\ACL::IMGTOOLS => '1',
\ACL::COLL_MANAGE => '1',
\ACL::COLL_MODIFY_STRUCT => '1',
\ACL::BAS_MODIFY_STRUCT => '1'
];
$app->getAclForUser($user)->update_rights_to_base($collection->get_base_id(), $rights);
$app->getAclForUser($user)->update_rights_to_base(
$collection->get_base_id(),
[
'creationdate' => '1', // todo : wtf
\ACL::CANPUTINALBUM => true,
\ACL::CANDWNLDHD => true,
\ACL::NOWATERMARK => true,
\ACL::CANDWNLDPREVIEW => true,
\ACL::CANCMD => true,
\ACL::CANADMIN => true,
\ACL::CANREPORT => true,
\ACL::CANPUSH => true,
\ACL::CANADDRECORD => true,
\ACL::CANMODIFRECORD => true,
\ACL::CANDELETERECORD => true,
\ACL::CHGSTATUS => true,
\ACL::IMGTOOLS => true,
\ACL::COLL_MANAGE => true,
\ACL::COLL_MODIFY_STRUCT => true,
\ACL::BAS_MODIFY_STRUCT => true
]
);
}
}
}