diff --git a/lib/Alchemy/Phrasea/Application.php b/lib/Alchemy/Phrasea/Application.php index c6cb14acc9..0fcdb82a18 100644 --- a/lib/Alchemy/Phrasea/Application.php +++ b/lib/Alchemy/Phrasea/Application.php @@ -736,7 +736,7 @@ class Application extends SilexApplication return false; } - return count(\User_Adapter::getInstance($usrId, $this)->ACL()->get_granted_base()) > 0; + return count($this['acl']->get(\User_Adapter::getInstance($usrId, $this))->get_granted_base()) > 0; } /** diff --git a/lib/Alchemy/Phrasea/Authentication/ACLProvider.php b/lib/Alchemy/Phrasea/Authentication/ACLProvider.php new file mode 100644 index 0000000000..420a290155 --- /dev/null +++ b/lib/Alchemy/Phrasea/Authentication/ACLProvider.php @@ -0,0 +1,92 @@ +app = $app; + } + + /** + * Gets ACL for user. + * + * @param User $user + * + * @return \ACL + */ + public function get(\User_Adapter $user) + { + if (null !== $acl = $this->fetchFromCache($user)) { + return $acl; + } + + return $this->fetch($user); + } + + /** + * Purges ACL cache + */ + public function purge() + { + self::$cache = array(); + } + + /** + * Fetchs ACL from cache for users. + * + * @param User $user + * + * @return null || \ACL + */ + private function fetchFromCache(\User_Adapter $user) + { + return $this->hasCache($user) ? self::$cache[$user->get_id()] : null; + } + + /** + * Tells whether ACL for user is already cached. + * + * @param User $user + * + * @return boolean + */ + private function hasCache(\User_Adapter $user) + { + return isset(self::$cache[$user->get_id()]); + } + + /** + * Saves user's ACL in cache and returns it. + * + * @param User $user + * + * @return \ACL + */ + private function fetch(\User_Adapter $user) + { + return self::$cache[$user->get_id()] = new \ACL($user, $this->app); + } +} diff --git a/lib/Alchemy/Phrasea/Authentication/AccountCreator.php b/lib/Alchemy/Phrasea/Authentication/AccountCreator.php index 6ec69b5a3e..bee068c7ee 100644 --- a/lib/Alchemy/Phrasea/Authentication/AccountCreator.php +++ b/lib/Alchemy/Phrasea/Authentication/AccountCreator.php @@ -89,7 +89,7 @@ class AccountCreator } foreach (array_merge($this->templates, $templates) as $template) { - $user->ACL()->apply_model($template, $base_ids); + $app['acl']->get($user)->apply_model($template, $base_ids); } return $user; diff --git a/lib/Alchemy/Phrasea/Authentication/Authenticator.php b/lib/Alchemy/Phrasea/Authentication/Authenticator.php index 7752ce2cd8..b9d1c39abd 100644 --- a/lib/Alchemy/Phrasea/Authentication/Authenticator.php +++ b/lib/Alchemy/Phrasea/Authentication/Authenticator.php @@ -78,7 +78,7 @@ class Authenticator $this->session->set('session_id', $session->getId()); - foreach ($user->ACL()->get_granted_sbas() as $databox) { + foreach ($this->app['acl']->get($user)->get_granted_sbas() as $databox) { \cache_databox::insertClient($this->app, $databox); } $this->reinitUser(); @@ -102,7 +102,7 @@ class Authenticator $this->session->set('usr_id', $session->getUsrId()); $this->session->set('session_id', $session->getId()); - foreach ($user->ACL()->get_granted_sbas() as $databox) { + foreach ($this->app['acl']->get($user)->get_granted_sbas() as $databox) { \cache_databox::insertClient($this->app, $databox); } diff --git a/lib/Alchemy/Phrasea/Command/CreateCollection.php b/lib/Alchemy/Phrasea/Command/CreateCollection.php index 89d6f7ce22..2de3a9ce48 100644 --- a/lib/Alchemy/Phrasea/Command/CreateCollection.php +++ b/lib/Alchemy/Phrasea/Command/CreateCollection.php @@ -47,7 +47,7 @@ class CreateCollection extends Command $databox = $this->container['phraseanet.appbox'] ->get_databox((int) $input->getArgument('databox_id')); - $new_collection = \collection::create($app, $databox, $this->container['phraseanet.appbox'], $input->getArgument('collname')); + $new_collection = \collection::create($this->container, $databox, $this->container['phraseanet.appbox'], $input->getArgument('collname')); if ($new_collection && $input->getOption('base_id_rights')) { @@ -58,7 +58,7 @@ class CreateCollection extends Command while ($n < $total) { $results = $query->limit($n, 40)->execute()->get_results(); foreach ($results as $user) { - $user->ACL()->duplicate_right_from_bas($input->getOption('base_id_rights'), $new_collection->get_base_id()); + $this->container['acl']->get($user)->duplicate_right_from_bas($input->getOption('base_id_rights'), $new_collection->get_base_id()); } $n+=40; } diff --git a/lib/Alchemy/Phrasea/Controller/Admin/Collection.php b/lib/Alchemy/Phrasea/Controller/Admin/Collection.php index 3d28155a17..274cacc22c 100644 --- a/lib/Alchemy/Phrasea/Controller/Admin/Collection.php +++ b/lib/Alchemy/Phrasea/Controller/Admin/Collection.php @@ -132,7 +132,7 @@ class Collection implements ControllerProviderInterface $admins = array(); - if ($app['authentication']->getUser()->ACL()->has_right_on_base($bas_id, 'manage')) { + if ($app['acl']->get($app['authentication']->getUser())->has_right_on_base($bas_id, 'manage')) { $query = new \User_Query($app); $admins = $query->on_base_ids(array($bas_id)) ->who_have_right(array('order_master')) @@ -194,12 +194,12 @@ class Collection implements ControllerProviderInterface ->execute()->get_results(); foreach ($result as $user) { - $user->ACL()->update_rights_to_base($bas_id, array('order_master' => false)); + $app['acl']->get($user)->update_rights_to_base($bas_id, array('order_master' => false)); } foreach (array_filter($newAdmins) as $admin) { $user = \User_Adapter::getInstance($admin, $app); - $user->ACL()->update_rights_to_base($bas_id, array('order_master' => true)); + $app['acl']->get($user)->update_rights_to_base($bas_id, array('order_master' => true)); } $conn->commit(); diff --git a/lib/Alchemy/Phrasea/Controller/Admin/Databox.php b/lib/Alchemy/Phrasea/Controller/Admin/Databox.php index 3cc89a33f8..22ccf964fb 100644 --- a/lib/Alchemy/Phrasea/Controller/Admin/Databox.php +++ b/lib/Alchemy/Phrasea/Controller/Admin/Databox.php @@ -409,7 +409,7 @@ class Databox implements ControllerProviderInterface $results = $query->limit($n, 50)->execute()->get_results(); foreach ($results as $user) { - $user->ACL()->duplicate_right_from_bas($othCollSel, $baseId); + $app['acl']->get($user)->duplicate_right_from_bas($othCollSel, $baseId); } $n += 50; @@ -725,7 +725,7 @@ class Databox implements ControllerProviderInterface public function getReorder(Application $app, Request $request, $databox_id) { return $app['twig']->render('admin/collection/reorder.html.twig', array( - 'collections' => $app['authentication']->getUser()->ACL()->get_granted_base(array(), array($databox_id)), + 'collections' => $app['acl']->get($app['authentication']->getUser())->get_granted_base(array(), array($databox_id)), )); } @@ -805,7 +805,7 @@ class Databox implements ControllerProviderInterface while ($n < $total) { $results = $query->limit($n, 20)->execute()->get_results(); foreach ($results as $user) { - $user->ACL()->duplicate_right_from_bas($othcollsel, $collection->get_base_id()); + $app['acl']->get($user)->duplicate_right_from_bas($othcollsel, $collection->get_base_id()); } $n += 20; } diff --git a/lib/Alchemy/Phrasea/Controller/Admin/Databoxes.php b/lib/Alchemy/Phrasea/Controller/Admin/Databoxes.php index 4ba18d1140..ea97f529fb 100644 --- a/lib/Alchemy/Phrasea/Controller/Admin/Databoxes.php +++ b/lib/Alchemy/Phrasea/Controller/Admin/Databoxes.php @@ -69,8 +69,8 @@ class Databoxes implements ControllerProviderInterface public function getDatabases(Application $app, Request $request) { $sbasIds = array_merge( - array_keys($app['authentication']->getUser()->ACL()->get_granted_sbas(array('bas_manage'))) - , array_keys($app['authentication']->getUser()->ACL()->get_granted_sbas(array('bas_modify_struct'))) + array_keys($app['acl']->get($app['authentication']->getUser())->get_granted_sbas(array('bas_manage'))) + , array_keys($app['acl']->get($app['authentication']->getUser())->get_granted_sbas(array('bas_modify_struct'))) ); $sbas = array(); @@ -177,7 +177,7 @@ class Databoxes implements ControllerProviderInterface try { $base = \databox::create($app, $connbas, $dataTemplate, $app['phraseanet.registry']); $base->registerAdmin($app['authentication']->getUser()); - $app['authentication']->getUser()->ACL()->delete_data_from_cache(); + $app['acl']->get($app['authentication']->getUser())->delete_data_from_cache(); return $app->redirectPath('admin_database', array('databox_id' => $base->get_sbas_id(), 'success' => 1, 'reload-tree' => 1)); } catch (\Exception $e) { diff --git a/lib/Alchemy/Phrasea/Controller/Admin/Publications.php b/lib/Alchemy/Phrasea/Controller/Admin/Publications.php index c7dc1461a0..dc1fbd8f77 100644 --- a/lib/Alchemy/Phrasea/Controller/Admin/Publications.php +++ b/lib/Alchemy/Phrasea/Controller/Admin/Publications.php @@ -38,7 +38,7 @@ class Publications implements ControllerProviderInterface $controllers->get('/list/', function (PhraseaApplication $app) { $feeds = $app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\Feed')->getAllForUser( - $app['authentication']->getUser() + $app['acl']->get($app['authentication']->getUser()) ); return $app['twig'] diff --git a/lib/Alchemy/Phrasea/Controller/Admin/Root.php b/lib/Alchemy/Phrasea/Controller/Admin/Root.php index fab9bd3723..9874eadfc0 100644 --- a/lib/Alchemy/Phrasea/Controller/Admin/Root.php +++ b/lib/Alchemy/Phrasea/Controller/Admin/Root.php @@ -30,11 +30,11 @@ class Root implements ControllerProviderInterface $controllers = $app['controllers_factory']; - $controllers->before(function (Request $request) use ($app) { + $controllers->before(function(Request $request) use ($app) { $app['firewall']->requireAccessToModule('admin'); }); - $controllers->get('/', function (Application $app, Request $request) { + $controllers->get('/', function(Application $app, Request $request) { try { \Session_Logger::updateClientInfos($app, 3); } catch (SessionNotFound $e) { @@ -70,7 +70,7 @@ class Root implements ControllerProviderInterface $databoxes = $off_databoxes = array(); foreach ($app['phraseanet.appbox']->get_databoxes() as $databox) { try { - if (!$app['authentication']->getUser()->ACL()->has_access_to_sbas($databox->get_sbas_id())) { + if (!$app['acl']->get($app['authentication']->getUser())->has_access_to_sbas($databox->get_sbas_id())) { continue; } $databox->get_connection(); @@ -139,7 +139,7 @@ class Root implements ControllerProviderInterface $databoxes = $off_databoxes = array(); foreach ($app['phraseanet.appbox']->get_databoxes() as $databox) { try { - if (!$app['authentication']->getUser()->ACL()->has_access_to_sbas($databox->get_sbas_id())) { + if (!$app['acl']->get($app['authentication']->getUser())->has_access_to_sbas($databox->get_sbas_id())) { continue; } @@ -197,7 +197,7 @@ class Root implements ControllerProviderInterface ->bind('admin_test_paths'); $controllers->get('/structure/{databox_id}/', function (Application $app, Request $request, $databox_id) { - if (!$app['authentication']->getUser()->ACL()->has_right_on_sbas($databox_id, 'bas_modify_struct')) { + if (!$app['acl']->get($app['authentication']->getUser())->has_right_on_sbas($databox_id, 'bas_modify_struct')) { $app->abort(403); } @@ -224,7 +224,7 @@ class Root implements ControllerProviderInterface ->bind('database_display_stucture'); $controllers->post('/structure/{databox_id}/', function (Application $app, Request $request, $databox_id) { - if (!$app['authentication']->getUser()->ACL()->has_right_on_sbas($databox_id, 'bas_modify_struct')) { + if (!$app['acl']->get($app['authentication']->getUser())->has_right_on_sbas($databox_id, 'bas_modify_struct')) { $app->abort(403); } @@ -250,7 +250,7 @@ class Root implements ControllerProviderInterface ->bind('database_submit_stucture'); $controllers->get('/statusbit/{databox_id}/', function (Application $app, Request $request, $databox_id) { - if (!$app['authentication']->getUser()->ACL()->has_right_on_sbas($databox_id, 'bas_modify_struct')) { + if (!$app['acl']->get($app['authentication']->getUser())->has_right_on_sbas($databox_id, 'bas_modify_struct')) { $app->abort(403); } @@ -261,7 +261,7 @@ class Root implements ControllerProviderInterface ->bind('database_display_statusbit'); $controllers->get('/statusbit/{databox_id}/status/{bit}/', function (Application $app, Request $request, $databox_id, $bit) { - if (!$app['authentication']->getUser()->ACL()->has_right_on_sbas($databox_id, 'bas_modify_struct')) { + if (!$app['acl']->get($app['authentication']->getUser())->has_right_on_sbas($databox_id, 'bas_modify_struct')) { $app->abort(403); } @@ -315,12 +315,12 @@ class Root implements ControllerProviderInterface ->assert('bit', '\d+') ->bind('database_display_statusbit_form'); - $controllers->post('/statusbit/{databox_id}/status/{bit}/delete/', function (Application $app, Request $request, $databox_id, $bit) { + $controllers->post('/statusbit/{databox_id}/status/{bit}/delete/', function(Application $app, Request $request, $databox_id, $bit) { if (!$request->isXmlHttpRequest() || !array_key_exists($request->getMimeType('json'), array_flip($request->getAcceptableContentTypes()))) { $app->abort(400, _('Bad request format, only JSON is allowed')); } - if (!$app['authentication']->getUser()->ACL()->has_right_on_sbas($databox_id, 'bas_modify_struct')) { + if (!$app['acl']->get($app['authentication']->getUser())->has_right_on_sbas($databox_id, 'bas_modify_struct')) { $app->abort(403); } @@ -338,8 +338,8 @@ class Root implements ControllerProviderInterface ->assert('databox_id', '\d+') ->assert('bit', '\d+'); - $controllers->post('/statusbit/{databox_id}/status/{bit}/', function (Application $app, Request $request, $databox_id, $bit) { - if (!$app['authentication']->getUser()->ACL()->has_right_on_sbas($databox_id, 'bas_modify_struct')) { + $controllers->post('/statusbit/{databox_id}/status/{bit}/', function(Application $app, Request $request, $databox_id, $bit) { + if (!$app['acl']->get($app['authentication']->getUser())->has_right_on_sbas($databox_id, 'bas_modify_struct')) { $app->abort(403); } diff --git a/lib/Alchemy/Phrasea/Controller/Admin/Users.php b/lib/Alchemy/Phrasea/Controller/Admin/Users.php index 224b2f8eba..f9da5d13c9 100644 --- a/lib/Alchemy/Phrasea/Controller/Admin/Users.php +++ b/lib/Alchemy/Phrasea/Controller/Admin/Users.php @@ -217,7 +217,7 @@ class Users implements ControllerProviderInterface $on_base = $request->query->get('on_base') ? : array(); $elligible_users = $user_query - ->on_sbas_where_i_am($app['authentication']->getUser()->ACL(), $rights) + ->on_sbas_where_i_am($app['acl']->get($app['authentication']->getUser()), $rights) ->like(\User_Query::LIKE_EMAIL, $like_value) ->like(\User_Query::LIKE_FIRSTNAME, $like_value) ->like(\User_Query::LIKE_LASTNAME, $like_value) @@ -275,7 +275,7 @@ class Users implements ControllerProviderInterface $on_base = $request->request->get('base_id') ? : null; $on_sbas = $request->request->get('sbas_id') ? : null; - $elligible_users = $user_query->on_bases_where_i_am($app['authentication']->getUser()->ACL(), array('canadmin')) + $elligible_users = $user_query->on_bases_where_i_am($app['acl']->get($app['authentication']->getUser()), array('canadmin')) ->like($like_field, $like_value) ->on_base_ids($on_base) ->on_sbas_ids($on_sbas); @@ -349,7 +349,7 @@ class Users implements ControllerProviderInterface $stmt->execute(array(':date' => date('Y-m-d', $lastMonth))); $stmt->closeCursor(); - $baslist = array_keys($app['authentication']->getUser()->ACL()->get_granted_base(array('canadmin'))); + $baslist = array_keys($app['acl']->get($app['authentication']->getUser())->get_granted_base(array('canadmin'))); $sql = 'SELECT usr_id, usr_login FROM usr WHERE model_of = :usr_id'; @@ -450,9 +450,9 @@ class Users implements ControllerProviderInterface $cache_to_update[$usr] = true; $user_template = \User_Adapter::getInstance($template_id, $app); - $base_ids = array_keys($user_template->ACL()->get_granted_base()); + $base_ids = array_keys($app['acl']->get($user_template)->get_granted_base()); - $user->ACL()->apply_model($user_template, $base_ids); + $app['acl']->get($user)->apply_model($user_template, $base_ids); if (!isset($done[$usr])) { $done[$usr] = array(); @@ -499,7 +499,7 @@ class Users implements ControllerProviderInterface $cache_to_update[$usr] = true; foreach ($bases as $bas) { - $user->ACL()->give_access_to_sbas(array(\phrasea::sbasFromBas($app, $bas))); + $app['acl']->get($user)->give_access_to_sbas(array(\phrasea::sbasFromBas($app, $bas))); $rights = array( 'canputinalbum' => '1' @@ -509,8 +509,8 @@ class Users implements ControllerProviderInterface , 'actif' => '1' ); - $user->ACL()->give_access_to_base(array($bas)); - $user->ACL()->update_rights_to_base($bas, $rights); + $app['acl']->get($user)->give_access_to_base(array($bas)); + $app['acl']->get($user)->update_rights_to_base($bas, $rights); if (!isset($done[$usr])) { $done[$usr] = array(); @@ -527,7 +527,7 @@ class Users implements ControllerProviderInterface foreach (array_keys($cache_to_update) as $usr_id) { $user = \User_Adapter::getInstance($usr_id, $app); - $user->ACL()->delete_data_from_cache(); + $app['acl']->get($user)->delete_data_from_cache(); unset($user); } @@ -654,7 +654,7 @@ class Users implements ControllerProviderInterface if ($loginToAdd === "") { $out['errors'][] = sprintf(_("Login line %d is empty"), $nbLine + 1); } elseif (in_array($loginToAdd, $loginNew)) { - $out['errors'][] = sprintf(_("Login %s is already defined in the file at line %d"), $loginToAdd, $i); + $out['errors'][] = sprintf(_("Login %s is already defined in the file at line %d"), $loginToAdd, $nbLine); } else { if (\User_Adapter::get_usr_id_from_login($app, $loginToAdd)) { $out['errors'][] = sprintf(_("Login %s already exists in database"), $loginToAdd); @@ -711,7 +711,7 @@ class Users implements ControllerProviderInterface INNER JOIN basusr ON (basusr.usr_id=usr.usr_id) WHERE usr.model_of = :usr_id - AND base_id in(" . implode(', ', array_keys($app['authentication']->getUser()->ACL()->get_granted_base(array('manage')))) . ") + AND base_id in(" . implode(', ', array_keys($app['acl']->get($app['authentication']->getUser())->get_granted_base(array('manage')))) . ") AND usr_login not like '(#deleted_%)' GROUP BY usr_id"; @@ -849,8 +849,8 @@ class Users implements ControllerProviderInterface $NewUser->set_company($curUser['societe']); } - $NewUser->ACL()->apply_model( - \User_Adapter::getInstance($model, $app), array_keys($app['authentication']->getUser()->ACL()->get_granted_base(array('manage'))) + $app['acl']->get($NewUser)->apply_model( + \User_Adapter::getInstance($model, $app), array_keys($app['acl']->get($app['authentication']->getUser())->get_granted_base(array('manage'))) ); $nbCreation++; diff --git a/lib/Alchemy/Phrasea/Controller/Api/V1.php b/lib/Alchemy/Phrasea/Controller/Api/V1.php index b79ce7efd5..5c3c36a1a3 100644 --- a/lib/Alchemy/Phrasea/Controller/Api/V1.php +++ b/lib/Alchemy/Phrasea/Controller/Api/V1.php @@ -180,7 +180,7 @@ class V1 implements ControllerProviderInterface */ $mustBeAdmin = function (Request $request) use ($app) { $user = $app['token']->get_account()->get_user(); - if (!$user->ACL()->is_admin()) { + if (!$app['acl']->get($user)->is_admin()) { throw new \API_V1_exception_unauthorized('You are not authorized'); } }; diff --git a/lib/Alchemy/Phrasea/Controller/Client/Root.php b/lib/Alchemy/Phrasea/Controller/Client/Root.php index 1234fea097..c510d3affd 100644 --- a/lib/Alchemy/Phrasea/Controller/Client/Root.php +++ b/lib/Alchemy/Phrasea/Controller/Client/Root.php @@ -138,9 +138,9 @@ class Root implements ControllerProviderInterface $isImage = true; } - $canDownload = $app['authentication']->getUser()->ACL()->has_right_on_base($record->get_base_id(), 'candwnldpreview') || - $app['authentication']->getUser()->ACL()->has_right_on_base($record->get_base_id(), 'candwnldhd') || - $app['authentication']->getUser()->ACL()->has_right_on_base($record->get_base_id(), 'cancmd'); + $canDownload = $app['acl']->get($app['authentication']->getUser())->has_right_on_base($record->get_base_id(), 'candwnldpreview') || + $app['acl']->get($app['authentication']->getUser())->has_right_on_base($record->get_base_id(), 'candwnldhd') || + $app['acl']->get($app['authentication']->getUser())->has_right_on_base($record->get_base_id(), 'cancmd'); try { $previewExists = $record->get_preview()->is_physically_present(); @@ -159,7 +159,7 @@ class Root implements ControllerProviderInterface 'is_image' => $isImage, 'is_document' => $isDocument, 'can_download' => $canDownload, - 'can_add_to_basket' => $app['authentication']->getUser()->ACL()->has_right_on_base($record->get_base_id(), 'canputinalbum') + 'can_add_to_basket' => $app['acl']->get($app['authentication']->getUser())->has_right_on_base($record->get_base_id(), 'canputinalbum') ); } @@ -297,13 +297,13 @@ class Root implements ControllerProviderInterface { $allDataboxes = $allCollections = array(); - foreach ($app['authentication']->getUser()->ACL()->get_granted_sbas() as $databox) { + foreach ($app['acl']->get($app['authentication']->getUser())->get_granted_sbas() as $databox) { if (count($app['phraseanet.appbox']->get_databoxes()) > 0) { $allDataboxes[$databox->get_sbas_id()] = array('databox' => $databox, 'collections' => array()); } if (count($databox->get_collections()) > 0) { - foreach ($app['authentication']->getUser()->ACL()->get_granted_base(array(), array($databox->get_sbas_id())) as $coll) { + foreach ($app['acl']->get($app['authentication']->getUser())->get_granted_base(array(), array($databox->get_sbas_id())) as $coll) { $allDataboxes[$databox->get_sbas_id()]['collections'][$coll->get_base_id()] = $coll; $allCollections[$coll->get_base_id()] = $coll; } @@ -447,7 +447,7 @@ class Root implements ControllerProviderInterface $collections = array_merge($collections, $bases); } } else { - $collections = array_keys($app['authentication']->getUser()->ACL()->get_granted_base()); + $collections = array_keys($app['acl']->get($app['authentication']->getUser())->get_granted_base()); } $queryParameters["mod"] = $app['authentication']->getUser()->getPrefs('client_view') ?: '3X6'; @@ -477,7 +477,7 @@ class Root implements ControllerProviderInterface private function getPublicationStartPage(Application $app) { return $app['twig']->render('client/home_inter_pub_basket.html.twig', array( - 'feeds' => Aggregate::createFromUser($app['EM'], $app['authentication']->getUser()), + 'feeds' => Aggregate::createFromUser($app, $app['authentication']->getUser()), 'image_size' => (int) $app['authentication']->getUser()->getPrefs('images_size') )); } diff --git a/lib/Alchemy/Phrasea/Controller/Datafiles.php b/lib/Alchemy/Phrasea/Controller/Datafiles.php index 804c36edc1..bef54978e7 100644 --- a/lib/Alchemy/Phrasea/Controller/Datafiles.php +++ b/lib/Alchemy/Phrasea/Controller/Datafiles.php @@ -64,12 +64,12 @@ class Datafiles extends AbstractDelivery throw new NotFoundHttpException; } - if (!$app['authentication']->getUser()->ACL()->has_access_to_subdef($record, $subdef)) { + if (!$app['acl']->get($app['authentication']->getUser())->has_access_to_subdef($record, $subdef)) { throw new AccessDeniedHttpException(sprintf('User has not access to subdef %s', $subdef)); } $stamp = false; - $watermark = !$app['authentication']->getUser()->ACL()->has_right_on_base($record->get_base_id(), 'nowatermark'); + $watermark = !$app['acl']->get($app['authentication']->getUser())->has_right_on_base($record->get_base_id(), 'nowatermark'); if ($watermark && !$all_access) { $subdef_class = $databox @@ -77,9 +77,9 @@ class Datafiles extends AbstractDelivery ->get_subdef($record->get_type(), $subdef) ->get_class(); - if ($subdef_class == \databox_subdef::CLASS_PREVIEW && $app['authentication']->getUser()->ACL()->has_preview_grant($record)) { + if ($subdef_class == \databox_subdef::CLASS_PREVIEW && $app['acl']->get($app['authentication']->getUser())->has_preview_grant($record)) { $watermark = false; - } elseif ($subdef_class == \databox_subdef::CLASS_DOCUMENT && $app['authentication']->getUser()->ACL()->has_hd_grant($record)) { + } elseif ($subdef_class == \databox_subdef::CLASS_DOCUMENT && $app['acl']->get($app['authentication']->getUser())->has_hd_grant($record)) { $watermark = false; } } @@ -88,7 +88,7 @@ class Datafiles extends AbstractDelivery $repository = $app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\BasketElement'); - /* @var $repository Alchemy\Phrasea\Model\Repositories\BasketElementRepository */ + /* @var $repository BasketElementRepository */ $ValidationByRecord = $repository->findReceivedValidationElementsByRecord($record, $app['authentication']->getUser()); $ReceptionByRecord = $repository->findReceivedElementsByRecord($record, $app['authentication']->getUser()); diff --git a/lib/Alchemy/Phrasea/Controller/Permalink.php b/lib/Alchemy/Phrasea/Controller/Permalink.php index aff5210703..75cb69d4d7 100644 --- a/lib/Alchemy/Phrasea/Controller/Permalink.php +++ b/lib/Alchemy/Phrasea/Controller/Permalink.php @@ -72,7 +72,7 @@ class Permalink extends AbstractDelivery if ($app['authentication']->isAuthenticated()) { $user = \User_Adapter::getInstance($app['authentication']->getUser()->get_id(), $app); - $watermark = !$user->ACL()->has_right_on_base($record->get_base_id(), 'nowatermark'); + $watermark = !$app['acl']->get($user)->has_right_on_base($record->get_base_id(), 'nowatermark'); if ($watermark) { diff --git a/lib/Alchemy/Phrasea/Controller/Prod/Edit.php b/lib/Alchemy/Phrasea/Controller/Prod/Edit.php index ba4086303a..bc54f51928 100644 --- a/lib/Alchemy/Phrasea/Controller/Prod/Edit.php +++ b/lib/Alchemy/Phrasea/Controller/Prod/Edit.php @@ -120,7 +120,7 @@ class Edit implements ControllerProviderInterface /** * generate javascript status */ - if ($app['authentication']->getUser()->ACL()->has_right('changestatus')) { + if ($app['acl']->get($app['authentication']->getUser())->has_right('changestatus')) { $dbstatus = \databox_status::getDisplayStatus($app); if (isset($dbstatus[$databox->get_sbas_id()])) { foreach ($dbstatus[$databox->get_sbas_id()] as $n => $statbit) { @@ -156,7 +156,7 @@ class Edit implements ControllerProviderInterface ); $elements[$indice]['statbits'] = array(); - if ($app['authentication']->getUser()->ACL()->has_right_on_base($record->get_base_id(), 'chgstatus')) { + if ($app['acl']->get($app['authentication']->getUser())->has_right_on_base($record->get_base_id(), 'chgstatus')) { foreach ($status as $n => $s) { $tmp_val = substr(strrev($record->get_status()), $n, 1); $elements[$indice]['statbits'][$n]['value'] = ($tmp_val == '1') ? '1' : '0'; diff --git a/lib/Alchemy/Phrasea/Controller/Prod/Feed.php b/lib/Alchemy/Phrasea/Controller/Prod/Feed.php index 74ea31ca48..36372043eb 100644 --- a/lib/Alchemy/Phrasea/Controller/Prod/Feed.php +++ b/lib/Alchemy/Phrasea/Controller/Prod/Feed.php @@ -41,7 +41,9 @@ class Feed implements ControllerProviderInterface }); $controllers->post('/requestavailable/', function (Application $app, Request $request) { - $feeds = $app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\Feed')->getAllForUser($app['authentication']->getUser()); + $feeds = $app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\Feed')->getAllForUser( + $app['acl']->get($app['authentication']->getUser()) + ); $publishing = RecordsRequest::fromRequest($app, $request, true, array(), array('bas_chupub')); return $app['twig']->render('prod/actions/publish/publish.html.twig', array('publishing' => $publishing, 'feeds' => $feeds)); @@ -106,7 +108,7 @@ class Feed implements ControllerProviderInterface throw new AccessDeniedHttpException(); } - $feeds = $app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\Feed')->getAllForUser($app['authentication']->getUser()); + $feeds = $app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\Feed')->getAllForUser($app['acl']->get($app['authentication']->getUser())); $datas = $app['twig']->render('prod/actions/publish/publish_edit.html.twig', array('entry' => $entry, 'feeds' => $feeds)); @@ -203,12 +205,12 @@ class Feed implements ControllerProviderInterface $app['firewall']->requireRight('bas_chupub'); }); - $controllers->get('/', function (Application $app, Request $request) { + $controllers->get('/', function(Application $app, Request $request) { $request = $app['request']; $page = (int) $request->query->get('page'); $page = $page > 0 ? $page : 1; - $feeds = $app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\Feed')->getAllForUser($app['authentication']->getUser()); + $feeds = $app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\Feed')->getAllForUser($app['acl']->get($app['authentication']->getUser())); $datas = $app['twig']->render('prod/feeds/feeds.html.twig', array( 'feeds' => $feeds, @@ -227,7 +229,7 @@ class Feed implements ControllerProviderInterface if (!$feed->isAccessible($app['authentication']->getUser(), $app)) { $app->abort(404, 'Feed not found'); } - $feeds = $app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\Feed')->getAllForUser($app['authentication']->getUser()); + $feeds = $app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\Feed')->getAllForUser($app['acl']->get($app['authentication']->getUser())); $datas = $app['twig']->render('prod/feeds/feeds.html.twig', array('feed' => $feed, 'feeds' => $feeds, 'page' => $page)); @@ -239,7 +241,7 @@ class Feed implements ControllerProviderInterface $controllers->get('/subscribe/aggregated/', function (Application $app, Request $request) { $renew = ($request->query->get('renew') === 'true'); - $feeds = $app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\Feed')->getAllForUser($app['authentication']->getUser()); + $feeds = $app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\Feed')->getAllForUser($app['acl']->get($app['authentication']->getUser())); $link = $app['feed.aggregate-link-generator']->generate(new Aggregate($app['EM'], $feeds), $app['authentication']->getUser(), diff --git a/lib/Alchemy/Phrasea/Controller/Prod/Lazaret.php b/lib/Alchemy/Phrasea/Controller/Prod/Lazaret.php index 7a85d43661..b4bcf78643 100644 --- a/lib/Alchemy/Phrasea/Controller/Prod/Lazaret.php +++ b/lib/Alchemy/Phrasea/Controller/Prod/Lazaret.php @@ -87,7 +87,7 @@ class Lazaret implements ControllerProviderInterface */ public function listElement(Application $app, Request $request) { - $baseIds = array_keys($app['authentication']->getUser()->ACL()->get_granted_base(array('canaddrecord'))); + $baseIds = array_keys($app['acl']->get($app['authentication']->getUser())->get_granted_base(array('canaddrecord'))); $lazaretFiles = null; diff --git a/lib/Alchemy/Phrasea/Controller/Prod/MoveCollection.php b/lib/Alchemy/Phrasea/Controller/Prod/MoveCollection.php index 7264697717..683fb75e92 100644 --- a/lib/Alchemy/Phrasea/Controller/Prod/MoveCollection.php +++ b/lib/Alchemy/Phrasea/Controller/Prod/MoveCollection.php @@ -52,7 +52,7 @@ class MoveCollection implements ControllerProviderInterface return $databox->get_sbas_id(); }, $records->databoxes()); - $collections = $app['authentication']->getUser()->ACL() + $collections = $app['acl']->get($app['authentication']->getUser()) ->get_granted_base(array('canaddrecord'), $sbas_ids); $parameters = array( @@ -80,7 +80,7 @@ class MoveCollection implements ControllerProviderInterface return $app->json($datas); } - if (!$app['authentication']->getUser()->ACL()->has_right_on_base($request->request->get('base_id'), 'canaddrecord')) { + if (!$app['acl']->get($app['authentication']->getUser())->has_right_on_base($request->request->get('base_id'), 'canaddrecord')) { $datas['message'] = sprintf(_("You do not have the permission to move records to %s"), \phrasea::bas_labels($move->getBaseIdDestination(), $app)); return $app->json($datas); @@ -99,7 +99,7 @@ class MoveCollection implements ControllerProviderInterface if ($request->request->get("chg_coll_son") == "1") { foreach ($record->get_children() as $child) { - if ($app['authentication']->getUser()->ACL()->has_right_on_base($child->get_base_id(), 'candeleterecord')) { + if ($app['acl']->get($app['authentication']->getUser())->has_right_on_base($child->get_base_id(), 'candeleterecord')) { $child->move_to_collection($collection, $app['phraseanet.appbox']); } } diff --git a/lib/Alchemy/Phrasea/Controller/Prod/Order.php b/lib/Alchemy/Phrasea/Controller/Prod/Order.php index 4df1a1fc0b..917992ffc5 100644 --- a/lib/Alchemy/Phrasea/Controller/Prod/Order.php +++ b/lib/Alchemy/Phrasea/Controller/Prod/Order.php @@ -195,7 +195,7 @@ class Order implements ControllerProviderInterface $perPage = (int) $request->query->get('per-page', 10); $sort = $request->query->get('sort'); - $baseIds = array_keys($app['authentication']->getUser()->ACL()->get_granted_base(array('order_master'))); + $baseIds = array_keys($app['acl']->get($app['authentication']->getUser())->get_granted_base(array('order_master'))); $ordersList = $app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\Order')->listOrders($baseIds, $offsetStart, $perPage, $sort); $total = $app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\Order')->countTotalOrders($baseIds); @@ -278,7 +278,7 @@ class Order implements ControllerProviderInterface $basket->addElement($basketElement); $n++; - $dest_user->ACL()->grant_hd_on($record, $app['authentication']->getUser(), 'order'); + $app['acl']->get($dest_user)->grant_hd_on($record, $app['authentication']->getUser(), 'order'); } } diff --git a/lib/Alchemy/Phrasea/Controller/Prod/Push.php b/lib/Alchemy/Phrasea/Controller/Prod/Push.php index ceb087708a..eb0a72b2fa 100644 --- a/lib/Alchemy/Phrasea/Controller/Prod/Push.php +++ b/lib/Alchemy/Phrasea/Controller/Prod/Push.php @@ -204,13 +204,13 @@ class Push implements ControllerProviderInterface $Basket->addElement($BasketElement); if ($receiver['HD']) { - $user_receiver->ACL()->grant_hd_on( + $app['acl']->get($user_receiver)->grant_hd_on( $BasketElement->getRecord($app) , $app['authentication']->getUser() , \ACL::GRANT_ACTION_PUSH ); } else { - $user_receiver->ACL()->grant_preview_on( + $app['acl']->get($user_receiver)->grant_preview_on( $BasketElement->getRecord($app) , $app['authentication']->getUser() , \ACL::GRANT_ACTION_PUSH @@ -392,13 +392,13 @@ class Push implements ControllerProviderInterface $BasketElement->addValidationData($ValidationData); if ($participant['HD']) { - $participant_user->ACL()->grant_hd_on( + $app['acl']->get($participant_user)->grant_hd_on( $BasketElement->getRecord($app) , $app['authentication']->getUser() , \ACL::GRANT_ACTION_VALIDATE ); } else { - $participant_user->ACL()->grant_preview_on( + $app['acl']->get($participant_user)->grant_preview_on( $BasketElement->getRecord($app) , $app['authentication']->getUser() , \ACL::GRANT_ACTION_VALIDATE @@ -478,7 +478,7 @@ class Push implements ControllerProviderInterface $query = new \User_Query($app); - $query->on_bases_where_i_am($app['authentication']->getUser()->ACL(), array('canpush')); + $query->on_bases_where_i_am($app['acl']->get($app['authentication']->getUser()), array('canpush')); $query->in(array($usr_id)); @@ -515,7 +515,7 @@ class Push implements ControllerProviderInterface $result = array('success' => false, 'message' => '', 'user' => null); try { - if (!$app['authentication']->getUser()->ACL()->has_right('manageusers')) + if (!$app['acl']->get($app['authentication']->getUser())->has_right('manageusers')) throw new ControllerException(_('You are not allowed to add users')); if (!$request->request->get('firstname')) @@ -587,7 +587,7 @@ class Push implements ControllerProviderInterface $query = new \User_Query($app); - $query->on_bases_where_i_am($app['authentication']->getUser()->ACL(), array('canpush')); + $query->on_bases_where_i_am($app['acl']->get($app['authentication']->getUser()), array('canpush')); $query->like(\User_Query::LIKE_FIRSTNAME, $request->query->get('query')) ->like(\User_Query::LIKE_LASTNAME, $request->query->get('query')) @@ -627,7 +627,7 @@ class Push implements ControllerProviderInterface $query = new \User_Query($app); - $query->on_bases_where_i_am($app['authentication']->getUser()->ACL(), array('canpush')); + $query->on_bases_where_i_am($app['acl']->get($app['authentication']->getUser()), array('canpush')); if ($request->get('query')) { $query->like($request->get('like_field'), $request->get('query')) diff --git a/lib/Alchemy/Phrasea/Controller/Prod/Root.php b/lib/Alchemy/Phrasea/Controller/Prod/Root.php index 61a323b023..512fe9018d 100644 --- a/lib/Alchemy/Phrasea/Controller/Prod/Root.php +++ b/lib/Alchemy/Phrasea/Controller/Prod/Root.php @@ -74,8 +74,8 @@ class Root implements ControllerProviderInterface $cssfile = '000000'; } - $feeds = $app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\Feed')->getAllForUser($app['authentication']->getUser()); - $aggregate = Aggregate::createFromUser($app['EM'], $app['authentication']->getUser()); + $feeds = $app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\Feed')->getAllForUser($app['acl']->get($app['authentication']->getUser())); + $aggregate = Aggregate::createFromUser($app, $app['authentication']->getUser()); $thjslist = ""; diff --git a/lib/Alchemy/Phrasea/Controller/Prod/Share.php b/lib/Alchemy/Phrasea/Controller/Prod/Share.php index 031ddb60a2..1748c10e97 100644 --- a/lib/Alchemy/Phrasea/Controller/Prod/Share.php +++ b/lib/Alchemy/Phrasea/Controller/Prod/Share.php @@ -53,7 +53,7 @@ class Share implements ControllerProviderInterface { $record = new \record_adapter($app, \phrasea::sbasFromBas($app, $base_id), $record_id); - if (!$app['authentication']->getUser()->ACL()->has_access_to_subdef($record, 'preview')) { + if (!$app['acl']->get($app['authentication']->getUser())->has_access_to_subdef($record, 'preview')) { $app->abort(403); } diff --git a/lib/Alchemy/Phrasea/Controller/Prod/Story.php b/lib/Alchemy/Phrasea/Controller/Prod/Story.php index 749129b8ca..5d09f80222 100644 --- a/lib/Alchemy/Phrasea/Controller/Prod/Story.php +++ b/lib/Alchemy/Phrasea/Controller/Prod/Story.php @@ -45,7 +45,7 @@ class Story implements ControllerProviderInterface /* @var $request \Symfony\Component\HttpFoundation\Request */ $collection = \collection::get_from_base_id($app, $request->request->get('base_id')); - if (!$app['authentication']->getUser()->ACL()->has_right_on_base($collection->get_base_id(), 'canaddrecord')) { + if (!$app['acl']->get($app['authentication']->getUser())->has_right_on_base($collection->get_base_id(), 'canaddrecord')) { throw new AccessDeniedHttpException('You can not create a story on this collection'); } @@ -123,7 +123,7 @@ class Story implements ControllerProviderInterface $controllers->post('/{sbas_id}/{record_id}/addElements/', function (Application $app, Request $request, $sbas_id, $record_id) { $Story = new \record_adapter($app, $sbas_id, $record_id); - if (!$app['authentication']->getUser()->ACL()->has_right_on_base($Story->get_base_id(), 'canmodifrecord')) + if (!$app['acl']->get($app['authentication']->getUser())->has_right_on_base($Story->get_base_id(), 'canmodifrecord')) throw new AccessDeniedHttpException('You can not add document to this Story'); $n = 0; @@ -156,7 +156,7 @@ class Story implements ControllerProviderInterface $record = new \record_adapter($app, $child_sbas_id, $child_record_id); - if (!$app['authentication']->getUser()->ACL()->has_right_on_base($Story->get_base_id(), 'canmodifrecord')) + if (!$app['acl']->get($app['authentication']->getUser())->has_right_on_base($Story->get_base_id(), 'canmodifrecord')) throw new AccessDeniedHttpException('You can not add document to this Story'); $Story->removeChild($record); @@ -209,7 +209,7 @@ class Story implements ControllerProviderInterface throw new \Exception('This is not a story'); } - if (!$app['authentication']->getUser()->ACL()->has_right_on_base($story->get_base_id(), 'canmodifrecord')) { + if (!$app['acl']->get($app['authentication']->getUser())->has_right_on_base($story->get_base_id(), 'canmodifrecord')) { throw new ControllerException(_('You can not edit this story')); } diff --git a/lib/Alchemy/Phrasea/Controller/Prod/TOU.php b/lib/Alchemy/Phrasea/Controller/Prod/TOU.php index f84f648982..0a5ac013cb 100644 --- a/lib/Alchemy/Phrasea/Controller/Prod/TOU.php +++ b/lib/Alchemy/Phrasea/Controller/Prod/TOU.php @@ -57,10 +57,10 @@ class TOU implements ControllerProviderInterface try { $databox = $app['phraseanet.appbox']->get_databox((int) $sbas_id); - $app['authentication']->getUser()->ACL()->revoke_access_from_bases( - array_keys($app['authentication']->getUser()->ACL()->get_granted_base(array(), array($databox->get_sbas_id()))) + $app['acl']->get($app['authentication']->getUser())->revoke_access_from_bases( + array_keys($app['acl']->get($app['authentication']->getUser())->get_granted_base(array(), array($databox->get_sbas_id()))) ); - $app['authentication']->getUser()->ACL()->revoke_unused_sbas_rights(); + $app['acl']->get($app['authentication']->getUser())->revoke_unused_sbas_rights(); $app['authentication']->closeAccount(); diff --git a/lib/Alchemy/Phrasea/Controller/Prod/Upload.php b/lib/Alchemy/Phrasea/Controller/Prod/Upload.php index 5e22040a9a..7486df99fb 100644 --- a/lib/Alchemy/Phrasea/Controller/Prod/Upload.php +++ b/lib/Alchemy/Phrasea/Controller/Prod/Upload.php @@ -78,7 +78,7 @@ class Upload implements ControllerProviderInterface return $app['twig']->render( 'prod/upload/upload-flash.html.twig', array( 'sessionId' => session_id(), - 'collections' => $this->getGrantedCollections($app['authentication']->getUser()), + 'collections' => $this->getGrantedCollections($app['acl']->get($app['authentication']->getUser())), 'maxFileSize' => $maxFileSize, 'maxFileSizeReadable' => \p4string::format_octets($maxFileSize) )); @@ -98,7 +98,7 @@ class Upload implements ControllerProviderInterface return $app['twig']->render( 'prod/upload/upload.html.twig', array( - 'collections' => $this->getGrantedCollections($app['authentication']->getUser()), + 'collections' => $this->getGrantedCollections($app['acl']->get($app['authentication']->getUser())), 'maxFileSize' => $maxFileSize, 'maxFileSizeReadable' => \p4string::format_octets($maxFileSize) )); @@ -144,7 +144,7 @@ class Upload implements ControllerProviderInterface throw new BadRequestHttpException('Missing base_id parameter'); } - if (!$app['authentication']->getUser()->ACL()->has_right_on_base($base_id, 'canaddrecord')) { + if (!$app['acl']->get($app['authentication']->getUser())->has_right_on_base($base_id, 'canaddrecord')) { throw new AccessDeniedHttpException('User is not allowed to add record on this collection'); } @@ -269,14 +269,15 @@ class Upload implements ControllerProviderInterface /** * Get current user's granted collections where he can upload * - * @param \User_Adapter $user + * @param \ACL $acl The user's ACL. + * * @return array */ - private function getGrantedCollections(\User_Adapter $user) + private function getGrantedCollections(\ACL $acl) { $collections = array(); - foreach ($user->ACL()->get_granted_base(array('canaddrecord')) as $collection) { + foreach ($acl->get_granted_base(array('canaddrecord')) as $collection) { $databox = $collection->get_databox(); if ( ! isset($collections[$databox->get_sbas_id()])) { diff --git a/lib/Alchemy/Phrasea/Controller/Prod/WorkZone.php b/lib/Alchemy/Phrasea/Controller/Prod/WorkZone.php index 0ceb02d0df..d5f4af6188 100644 --- a/lib/Alchemy/Phrasea/Controller/Prod/WorkZone.php +++ b/lib/Alchemy/Phrasea/Controller/Prod/WorkZone.php @@ -142,7 +142,7 @@ class WorkZone implements ControllerProviderInterface throw new \Exception('You can only attach stories'); } - if (!$app['authentication']->getUser()->ACL()->has_access_to_base($Story->get_base_id())) { + if (!$app['acl']->get($app['authentication']->getUser())->has_access_to_base($Story->get_base_id())) { throw new AccessDeniedHttpException('You do not have access to this Story'); } diff --git a/lib/Alchemy/Phrasea/Controller/RecordsRequest.php b/lib/Alchemy/Phrasea/Controller/RecordsRequest.php index 3546d5a64c..6b8fa58b5f 100644 --- a/lib/Alchemy/Phrasea/Controller/RecordsRequest.php +++ b/lib/Alchemy/Phrasea/Controller/RecordsRequest.php @@ -244,20 +244,20 @@ class RecordsRequest extends ArrayCollection foreach ($elements as $id => $record) { - if (!$app['authentication']->getUser()->ACL()->has_access_to_record($record)) { + if (!$app['acl']->get($app['authentication']->getUser())->has_access_to_record($record)) { $to_remove[] = $id; continue; } foreach ($rightsColl as $right) { - if (!$app['authentication']->getUser()->ACL()->has_right_on_base($record->get_base_id(), $right)) { + if (!$app['acl']->get($app['authentication']->getUser())->has_right_on_base($record->get_base_id(), $right)) { $to_remove[] = $id; continue; } } foreach ($rightsDatabox as $right) { - if (!$app['authentication']->getUser()->ACL()->has_right_on_sbas($record->get_sbas_id(), $right)) { + if (!$app['acl']->get($app['authentication']->getUser())->has_right_on_sbas($record->get_sbas_id(), $right)) { $to_remove[] = $id; continue; } diff --git a/lib/Alchemy/Phrasea/Controller/Root/Login.php b/lib/Alchemy/Phrasea/Controller/Root/Login.php index c0386655bc..a55dc2028d 100644 --- a/lib/Alchemy/Phrasea/Controller/Root/Login.php +++ b/lib/Alchemy/Phrasea/Controller/Root/Login.php @@ -378,15 +378,15 @@ class Login implements ControllerProviderInterface foreach (array_keys($inscOK) as $base_id) { $base_ids[] = $base_id; } - $user->ACL()->apply_model($template_user, $base_ids); + $app['acl']->get($user)->apply_model($template_user, $base_ids); } - $autoReg = $user->ACL()->get_granted_base(); + $autoReg = $app['acl']->get($user)->get_granted_base(); $appbox_register = new \appbox_register($app['phraseanet.appbox']); foreach ($inscOK as $base_id => $autorisation) { - if (false === $autorisation || $user->ACL()->has_access_to_base($base_id)) { + if (false === $autorisation || $app['acl']->get($user)->has_access_to_base($base_id)) { continue; } @@ -561,7 +561,7 @@ class Login implements ControllerProviderInterface $app['tokens']->removeToken($code); - if (count($user->ACL()->get_granted_base()) > 0) { + if (count($app['acl']->get($user)->get_granted_base()) > 0) { $mail = MailSuccessEmailConfirmationRegistered::create($app, $receiver); $app['notification.deliverer']->deliver($mail); @@ -791,11 +791,11 @@ class Login implements ControllerProviderInterface $inviteUsrid = \User_Adapter::get_usr_id_from_login($app, 'invite'); $invite_user = \User_Adapter::getInstance($inviteUsrid, $app); - $usr_base_ids = array_keys($user->ACL()->get_granted_base()); - $user->ACL()->revoke_access_from_bases($usr_base_ids); + $usr_base_ids = array_keys($app['acl']->get($user)->get_granted_base()); + $app['acl']->get($user)->revoke_access_from_bases($usr_base_ids); - $invite_base_ids = array_keys($invite_user->ACL()->get_granted_base()); - $user->ACL()->apply_model($invite_user, $invite_base_ids); + $invite_base_ids = array_keys($app['acl']->get($invite_user)->get_granted_base()); + $app['acl']->get($user)->apply_model($invite_user, $invite_base_ids); $this->postAuthProcess($app, $user); @@ -1032,7 +1032,7 @@ class Login implements ControllerProviderInterface $response = $this->generateAuthResponse($app, $app['browser'], $request->request->get('redirect')); $response->headers->clearCookie('invite-usr-id'); - $user->ACL()->inject_rights(); + $app['acl']->get($user)->inject_rights(); if ($request->cookies->has('postlog') && $request->cookies->get('postlog') == '1') { if (!$user->is_guest() && $request->cookies->has('invite-usr_id')) { diff --git a/lib/Alchemy/Phrasea/Controller/Root/RSSFeeds.php b/lib/Alchemy/Phrasea/Controller/Root/RSSFeeds.php index 66fc32c145..ab3f646e66 100644 --- a/lib/Alchemy/Phrasea/Controller/Root/RSSFeeds.php +++ b/lib/Alchemy/Phrasea/Controller/Root/RSSFeeds.php @@ -71,7 +71,7 @@ class RSSFeeds implements ControllerProviderInterface $user = \User_Adapter::getInstance($token->getUsrId(), $app); - $feeds = $app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\Feed')->getAllForUser($user); + $feeds = $app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\Feed')->getAllForUser($app['acl']->get($user)); $aggregate = new Aggregate($app['EM'], $feeds, $token); diff --git a/lib/Alchemy/Phrasea/Core/Provider/PhraseanetServiceProvider.php b/lib/Alchemy/Phrasea/Core/Provider/PhraseanetServiceProvider.php index 9ac3896522..9f607969eb 100644 --- a/lib/Alchemy/Phrasea/Core/Provider/PhraseanetServiceProvider.php +++ b/lib/Alchemy/Phrasea/Core/Provider/PhraseanetServiceProvider.php @@ -11,6 +11,7 @@ namespace Alchemy\Phrasea\Core\Provider; +use Alchemy\Phrasea\Authentication\ACLProvider; use Alchemy\Phrasea\Security\Firewall; use Silex\Application as SilexApplication; use Silex\ServiceProviderInterface; @@ -37,6 +38,10 @@ class PhraseanetServiceProvider implements ServiceProviderInterface return $events; }); + + $app['acl'] = $app->share(function(SilexApplication $app) { + return new ACLProvider($app); + }); } public function boot(SilexApplication $app) diff --git a/lib/Alchemy/Phrasea/Feed/Aggregate.php b/lib/Alchemy/Phrasea/Feed/Aggregate.php index aee3f80c4c..65cbb36e9c 100644 --- a/lib/Alchemy/Phrasea/Feed/Aggregate.php +++ b/lib/Alchemy/Phrasea/Feed/Aggregate.php @@ -12,6 +12,7 @@ namespace Alchemy\Phrasea\Feed; use Alchemy\Phrasea\Application; +use Alchemy\Phrasea\Authentication\ACLProvider; use Alchemy\Phrasea\Exception\LogicException; use Doctrine\ORM\EntityManager; use Alchemy\Phrasea\Model\Entities\AggregateToken; @@ -74,12 +75,12 @@ class Aggregate implements FeedInterface * * @return Aggregate */ - public static function createFromUser(EntityManager $em, \User_Adapter $user) + public static function createFromUser(Application $app, \User_Adapter $user) { - $feeds = $em->getRepository('Alchemy\Phrasea\Model\Entities\Feed')->getAllForUser($user); - $token = $em->getRepository('Alchemy\Phrasea\Model\Entities\AggregateToken')->findOneBy(array('usrId' => $user->get_id())); + $feeds = $app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\Feed')->getAllForUser($app['acl']->get($user)); + $token = $app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\AggregateToken')->findOneBy(array('usrId' => $user->get_id())); - return new static($em, $feeds, $token); + return new static($app['EM'], $feeds, $token); } /** @@ -92,7 +93,7 @@ class Aggregate implements FeedInterface */ public static function create(Application $app, array $feed_ids) { - $feeds = $this->em->getRepository('Alchemy\Phrasea\Model\Entities\Feed')->findByIds($feed_ids); + $feeds = $app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\Feed')->findByIds($feed_ids); return new static($app, $feeds); } diff --git a/lib/Alchemy/Phrasea/Helper/Prod.php b/lib/Alchemy/Phrasea/Helper/Prod.php index c2af5cde9f..ea6c329b21 100644 --- a/lib/Alchemy/Phrasea/Helper/Prod.php +++ b/lib/Alchemy/Phrasea/Helper/Prod.php @@ -35,7 +35,7 @@ class Prod extends Helper $searchSet = json_decode($this->app['authentication']->getUser()->getPrefs('search'), true); - foreach ($this->app['authentication']->getUser()->ACL()->get_granted_sbas() as $databox) { + foreach ($this->app['acl']->get($this->app['authentication']->getUser())->get_granted_sbas() as $databox) { $sbas_id = $databox->get_sbas_id(); $bases[$sbas_id] = array( @@ -45,7 +45,7 @@ class Prod extends Helper 'sbas_id' => $sbas_id ); - foreach ($this->app['authentication']->getUser()->ACL()->get_granted_base(array(), array($databox->get_sbas_id())) as $coll) { + foreach ($this->app['acl']->get($this->app['authentication']->getUser())->get_granted_base(array(), array($databox->get_sbas_id())) as $coll) { $selected = (isset($searchSet['bases']) && isset($searchSet['bases'][$sbas_id])) ? (in_array($coll->get_base_id(), $searchSet['bases'][$sbas_id])) : true; $bases[$sbas_id]['collections'][] = @@ -83,7 +83,7 @@ class Prod extends Helper if (! $bases[$sbas_id]['thesaurus']) { continue; } - if ( ! $this->app['authentication']->getUser()->ACL()->has_right_on_sbas($sbas_id, 'bas_modif_th')) { + if ( ! $this->app['acl']->get($this->app['authentication']->getUser())->has_right_on_sbas($sbas_id, 'bas_modif_th')) { continue; } diff --git a/lib/Alchemy/Phrasea/Helper/User/Edit.php b/lib/Alchemy/Phrasea/Helper/User/Edit.php index b029cf6b4f..264949f2ef 100644 --- a/lib/Alchemy/Phrasea/Helper/User/Edit.php +++ b/lib/Alchemy/Phrasea/Helper/User/Edit.php @@ -74,11 +74,11 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper protected function delete_user(\User_Adapter $user) { - $list = array_keys($this->app['authentication']->getUser()->ACL()->get_granted_base(array('canadmin'))); + $list = array_keys($this->app['acl']->get($this->app['authentication']->getUser())->get_granted_base(array('canadmin'))); - $user->ACL()->revoke_access_from_bases($list); + $this->app['acl']->get($user)->revoke_access_from_bases($list); - if ($user->ACL()->is_phantom()) { + if ($this->app['acl']->get($user)->is_phantom()) { $user->delete(); } @@ -87,7 +87,7 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper public function get_users_rights() { - $list = array_keys($this->app['authentication']->getUser()->ACL()->get_granted_base(array('canadmin'))); + $list = array_keys($this->app['acl']->get($this->app['authentication']->getUser())->get_granted_base(array('canadmin'))); $sql = "SELECT b.sbas_id, @@ -441,7 +441,7 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper public function apply_rights() { $request = \http_request::getInstance(); - $ACL = $this->app['authentication']->getUser()->ACL(); + $ACL = $this->app['acl']->get($this->app['authentication']->getUser()); $base_ids = array_keys($ACL->get_granted_base(array('canadmin'))); $update = $create = $delete = $create_sbas = $update_sbas = array(); @@ -535,21 +535,21 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper $this->app['phraseanet.appbox']->get_connection()->beginTransaction(); $user = \User_Adapter::getInstance($usr_id, $this->app); - $user->ACL()->revoke_access_from_bases($delete) + $this->app['acl']->get($user)->revoke_access_from_bases($delete) ->give_access_to_base($create) ->give_access_to_sbas($create_sbas); foreach ($update as $base_id => $rights) { - $user->ACL()->update_rights_to_base($base_id, $rights); + $this->app['acl']->get($user)->update_rights_to_base($base_id, $rights); } foreach ($update_sbas as $sbas_id => $rights) { - $user->ACL()->update_rights_to_sbas($sbas_id, $rights); + $this->app['acl']->get($user)->update_rights_to_sbas($sbas_id, $rights); } $this->app['phraseanet.appbox']->get_connection()->commit(); - $user->ACL()->revoke_unused_sbas_rights(); + $this->app['acl']->get($user)->revoke_unused_sbas_rights(); unset($user); } catch (\Exception $e) { @@ -649,7 +649,7 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper throw new AccessDeniedHttpException('You are not the owner of the template'); } - $base_ids = array_keys($this->app['authentication']->getUser()->ACL()->get_granted_base(array('canadmin'))); + $base_ids = array_keys($this->app['acl']->get($this->app['authentication']->getUser())->get_granted_base(array('canadmin'))); foreach ($this->users as $usr_id) { $user = \User_adapter::getInstance($usr_id, $this->app); @@ -658,7 +658,7 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper continue; } - $user->ACL()->apply_model($template, $base_ids); + $this->app['acl']->get($user)->apply_model($template, $base_ids); } return $this; @@ -671,9 +671,9 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper foreach ($this->users as $usr_id) { $user = \User_Adapter::getInstance($usr_id, $this->app); if ($this->request->get('quota')) - $user->ACL()->set_quotas_on_base($this->base_id, $this->request->get('droits'), $this->request->get('restes')); + $this->app['acl']->get($user)->set_quotas_on_base($this->base_id, $this->request->get('droits'), $this->request->get('restes')); else - $user->ACL()->remove_quotas_on_base($this->base_id); + $this->app['acl']->get($user)->remove_quotas_on_base($this->base_id); } return $this; @@ -692,7 +692,7 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper foreach ($this->users as $usr_id) { $user = \User_Adapter::getInstance($usr_id, $this->app); - $user->ACL()->set_masks_on_base($this->base_id, $vand_and, $vand_or, $vxor_and, $vxor_or); + $this->app['acl']->get($user)->set_masks_on_base($this->base_id, $vand_and, $vand_or, $vxor_and, $vxor_or); } } @@ -709,16 +709,16 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper $activate = !!$this->request->get('limit'); - $base_ids = array_keys($this->app['authentication']->getUser()->ACL()->get_granted_base(array('canadmin'))); + $base_ids = array_keys($this->app['acl']->get($this->app['authentication']->getUser())->get_granted_base(array('canadmin'))); foreach ($this->users as $usr_id) { $user = \User_Adapter::getInstance($usr_id, $this->app); if ($this->base_id > 0) { - $user->ACL()->set_limits($this->base_id, $activate, $dmin, $dmax); + $this->app['acl']->get($user)->set_limits($this->base_id, $activate, $dmin, $dmax); } elseif ($sbas_id > 0) { foreach ($base_ids as $base_id) { - $user->ACL()->set_limits($base_id, $activate, $dmin, $dmax); + $this->app['acl']->get($user)->set_limits($base_id, $activate, $dmin, $dmax); } } else { $this->app->abort(400, 'No collection or databox id available'); @@ -728,11 +728,11 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper public function resetRights() { - $base_ids = array_keys($this->app['authentication']->getUser()->ACL()->get_granted_base(array('canadmin'))); + $base_ids = array_keys($this->app['acl']->get($this->app['authentication']->getUser())->get_granted_base(array('canadmin'))); foreach ($this->users as $usr_id) { $user = \User_Adapter::getInstance($usr_id, $this->app); - $ACL = $user->ACL(); + $ACL = $this->app['acl']->get($user); if ($user->is_template()) { $template = $user; diff --git a/lib/Alchemy/Phrasea/Helper/User/Manage.php b/lib/Alchemy/Phrasea/Helper/User/Manage.php index 34fd6f587f..b711635cb0 100644 --- a/lib/Alchemy/Phrasea/Helper/User/Manage.php +++ b/lib/Alchemy/Phrasea/Helper/User/Manage.php @@ -73,7 +73,7 @@ class Manage extends Helper ->last_model_is($this->query_parms['last_model']) ->get_inactives($this->query_parms['inactives']) ->include_templates(false) - ->on_bases_where_i_am($this->app['authentication']->getUser()->ACL(), array('canadmin')) + ->on_bases_where_i_am($this->app['acl']->get($this->app['authentication']->getUser()), array('canadmin')) ->execute(); return $this->results->get_results(); @@ -111,7 +111,7 @@ class Manage extends Helper ->last_model_is($this->query_parms['last_model']) ->get_inactives($this->query_parms['inactives']) ->include_templates(true) - ->on_bases_where_i_am($this->app['authentication']->getUser()->ACL(), array('canadmin')) + ->on_bases_where_i_am($this->app['acl']->get($this->app['authentication']->getUser()), array('canadmin')) ->limit($offset_start, $results_quantity) ->execute(); diff --git a/lib/Alchemy/Phrasea/Model/Entities/Feed.php b/lib/Alchemy/Phrasea/Model/Entities/Feed.php index a4f11d97bf..94284c6159 100644 --- a/lib/Alchemy/Phrasea/Model/Entities/Feed.php +++ b/lib/Alchemy/Phrasea/Model/Entities/Feed.php @@ -461,7 +461,7 @@ class Feed implements FeedInterface public function hasAccess(\User_Adapter $user, Application $app) { if ($this->getCollection($app) instanceof collection) { - return $user->ACL()->has_access_to_base($this->collection->get_base_id()); + return $app['acl']->get($user)->has_access_to_base($this->collection->get_base_id()); } return true; @@ -558,7 +558,7 @@ class Feed implements FeedInterface $coll = $this->getCollection($app); if ($this->isPublic() || $coll === null - || in_array($coll->get_base_id(), array_keys($user->ACL()->get_granted_base()))) { + || in_array($coll->get_base_id(), array_keys($app['acl']->get($user)->get_granted_base()))) { return true; } diff --git a/lib/Alchemy/Phrasea/Model/Entities/User.php b/lib/Alchemy/Phrasea/Model/Entities/User.php index 42d724c54f..322e22908e 100644 --- a/lib/Alchemy/Phrasea/Model/Entities/User.php +++ b/lib/Alchemy/Phrasea/Model/Entities/User.php @@ -287,11 +287,6 @@ class User **/ private $notificationSettings; - /** - * @var \ACL - */ - private $acl; - /** * @var ArrayCollection */ @@ -1010,20 +1005,6 @@ class User return $this; } - /** - * @param Application $app - * - * @return \ACL - */ - public function ACL(Application $app) - { - if (!$this->acl instanceof \ACL) { - $this->acl = new \ACL($this, $app); - } - - return $this->acl; - } - /** * @return boolean */ diff --git a/lib/Alchemy/Phrasea/Model/Repositories/FeedRepository.php b/lib/Alchemy/Phrasea/Model/Repositories/FeedRepository.php index b29098dcd5..48fb94845f 100644 --- a/lib/Alchemy/Phrasea/Model/Repositories/FeedRepository.php +++ b/lib/Alchemy/Phrasea/Model/Repositories/FeedRepository.php @@ -18,9 +18,9 @@ class FeedRepository extends EntityRepository * @param User_Adapter $user * @return \Doctrine\Common\Collections\Collection */ - public function getAllForUser(\User_Adapter $user) + public function getAllForUser(\ACL $userACL) { - $base_ids = array_keys($user->ACL()->get_granted_base()); + $base_ids = array_keys($userACL->get_granted_base()); $qb = $this ->createQueryBuilder('f'); diff --git a/lib/Alchemy/Phrasea/Out/Module/PDF.php b/lib/Alchemy/Phrasea/Out/Module/PDF.php index 8c4a28cf9b..ec2d10562f 100644 --- a/lib/Alchemy/Phrasea/Out/Module/PDF.php +++ b/lib/Alchemy/Phrasea/Out/Module/PDF.php @@ -166,7 +166,7 @@ class PDF $fimg = $subdef->get_pathfile(); - if (!$this->app['authentication']->getUser()->ACL()->has_right_on_base($rec->get_base_id(), "nowatermark") + if (!$this->app['acl']->get($this->app['authentication']->getUser())->has_right_on_base($rec->get_base_id(), "nowatermark") && $subdef->get_type() == \media_subdef::TYPE_IMAGE) { $fimg = \recordutils_image::watermark($this->app, $subdef); } @@ -425,7 +425,7 @@ class PDF $f = $subdef->get_pathfile(); - if (!$this->app['authentication']->getUser()->ACL()->has_right_on_base($rec->get_base_id(), "nowatermark") + if (!$this->app['acl']->get($this->app['authentication']->getUser())->has_right_on_base($rec->get_base_id(), "nowatermark") && $subdef->get_type() == \media_subdef::TYPE_IMAGE) $f = \recordutils_image::watermark($this->app, $subdef); diff --git a/lib/Alchemy/Phrasea/SearchEngine/SearchEngineOptions.php b/lib/Alchemy/Phrasea/SearchEngine/SearchEngineOptions.php index 8be3d460a2..74335dc2b9 100644 --- a/lib/Alchemy/Phrasea/SearchEngine/SearchEngineOptions.php +++ b/lib/Alchemy/Phrasea/SearchEngine/SearchEngineOptions.php @@ -626,12 +626,12 @@ class SearchEngineOptions } elseif (!$app['authentication']->isAuthenticated()) { $bas = $app->getOpenCollections(); } else { - $bas = $app['authentication']->getUser()->ACL()->get_granted_base(); + $bas = $app['acl']->get($app['authentication']->getUser())->get_granted_base(); } $bas = array_filter($bas, function ($collection) use ($app) { if ($app['authentication']->isAuthenticated()) { - return $app['authentication']->getUser()->ACL()->has_access_to_base($collection->get_base_id()); + return $app['acl']->get($app['authentication']->getUser())->has_access_to_base($collection->get_base_id()); } else { return in_array($collection, $app->getOpenCollections()); } @@ -645,9 +645,9 @@ class SearchEngineOptions } } - if ($app['authentication']->isAuthenticated() && $app['authentication']->getUser()->ACL()->has_right('modifyrecord')) { - $BF = array_filter($bas, function ($collection) use ($app) { - return $app['authentication']->getUser()->ACL()->has_right_on_base($collection->get_base_id(), 'canmodifrecord'); + if ($app['authentication']->isAuthenticated() && $app['acl']->get($app['authentication']->getUser())->has_right('modifyrecord')) { + $BF = array_filter($bas, function( $collection) use ($app) { + return $app['acl']->get($app['authentication']->getUser())->has_right_on_base($collection->get_base_id(), 'canmodifrecord'); }); $options->allowBusinessFieldsOn($BF); diff --git a/lib/Alchemy/Phrasea/Security/Firewall.php b/lib/Alchemy/Phrasea/Security/Firewall.php index ab9307d968..fad8a1eb9e 100644 --- a/lib/Alchemy/Phrasea/Security/Firewall.php +++ b/lib/Alchemy/Phrasea/Security/Firewall.php @@ -28,7 +28,7 @@ class Firewall { $this->requireNotGuest(); - if (!$this->app['authentication']->getUser()->ACL()->is_admin()) { + if (!$this->app['acl']->get($this->app['authentication']->getUser())->is_admin()) { $this->app->abort(403, 'Admin role is required'); } @@ -39,7 +39,7 @@ class Firewall { $this->requireAuthentication(); - if (!$this->app['authentication']->getUser()->ACL()->has_access_to_module($module)) { + if (!$this->app['acl']->get($this->app['authentication']->getUser())->has_access_to_module($module)) { $this->app->abort(403, 'You do not have required rights'); } @@ -50,7 +50,7 @@ class Firewall { $this->requireAuthentication(); - if (!$this->app['authentication']->getUser()->ACL()->has_access_to_sbas($sbas_id)) { + if (!$this->app['acl']->get($this->app['authentication']->getUser())->has_access_to_sbas($sbas_id)) { $this->app->abort(403, 'You do not have required rights'); } @@ -61,7 +61,7 @@ class Firewall { $this->requireAuthentication(); - if (!$this->app['authentication']->getUser()->ACL()->has_access_to_base($base_id)) { + if (!$this->app['acl']->get($this->app['authentication']->getUser())->has_access_to_base($base_id)) { $this->app->abort(403, 'You do not have required rights'); } @@ -72,7 +72,7 @@ class Firewall { $this->requireAuthentication(); - if (!$this->app['authentication']->getUser()->ACL()->has_right($right)) { + if (!$this->app['acl']->get($this->app['authentication']->getUser())->has_right($right)) { $this->app->abort(403, 'You do not have required rights'); } @@ -83,7 +83,7 @@ class Firewall { $this->requireAuthentication(); - if (!$this->app['authentication']->getUser()->ACL()->has_right_on_base($base_id, $right)) { + if (!$this->app['acl']->get($this->app['authentication']->getUser())->has_right_on_base($base_id, $right)) { $this->app->abort(403, 'You do not have required rights'); } @@ -94,7 +94,7 @@ class Firewall { $this->requireAuthentication(); - if (!$this->app['authentication']->getUser()->ACL()->has_right_on_sbas($sbas_id, $right)) { + if (!$this->app['acl']->get($this->app['authentication']->getUser())->has_right_on_sbas($sbas_id, $right)) { $this->app->abort(403, 'You do not have required rights'); } @@ -136,7 +136,7 @@ class Firewall public function requireOrdersAdmin() { - if (false === !!count($this->app['authentication']->getUser()->ACL()->get_granted_base(array('order_master')))) { + if (false === !!count($this->app['acl']->get($this->app['authentication']->getUser())->get_granted_base(array('order_master')))) { $this->app->abort(403, 'You are not an order admin'); } diff --git a/lib/Alchemy/Phrasea/Setup/Installer.php b/lib/Alchemy/Phrasea/Setup/Installer.php index bdd7e86366..a0b5c115b4 100644 --- a/lib/Alchemy/Phrasea/Setup/Installer.php +++ b/lib/Alchemy/Phrasea/Setup/Installer.php @@ -78,7 +78,7 @@ class Installer { $template = new \SplFileInfo(__DIR__ . '/../../../conf.d/data_templates/' . $template . '-simple.xml'); $databox = \databox::create($this->app, $dbConn, $template, $this->app['phraseanet.registry']); - $this->app['authentication']->getUser()->ACL() + $this->app['acl']->get($this->app['authentication']->getUser()) ->give_access_to_sbas(array($databox->get_sbas_id())) ->update_rights_to_sbas( $databox->get_sbas_id(), array( @@ -89,8 +89,8 @@ class Installer $collection = \collection::create($this->app, $databox, $this->app['phraseanet.appbox'], 'test', $this->app['authentication']->getUser()); - $this->app['authentication']->getUser()->ACL()->give_access_to_base(array($collection->get_base_id())); - $this->app['authentication']->getUser()->ACL()->update_rights_to_base($collection->get_base_id(), array( + $this->app['acl']->get($this->app['authentication']->getUser())->give_access_to_base(array($collection->get_base_id())); + $this->app['acl']->get($this->app['authentication']->getUser())->update_rights_to_base($collection->get_base_id(), array( 'canpush' => 1, 'cancmd' => 1 , 'canputinalbum' => 1, 'candwnldhd' => 1, 'candwnldpreview' => 1, 'canadmin' => 1 , 'actif' => 1, 'canreport' => 1, 'canaddrecord' => 1, 'canmodifrecord' => 1 diff --git a/lib/Alchemy/Phrasea/Vocabulary/ControlProvider/UserProvider.php b/lib/Alchemy/Phrasea/Vocabulary/ControlProvider/UserProvider.php index 7efebbe362..a4738d6744 100644 --- a/lib/Alchemy/Phrasea/Vocabulary/ControlProvider/UserProvider.php +++ b/lib/Alchemy/Phrasea/Vocabulary/ControlProvider/UserProvider.php @@ -65,7 +65,7 @@ class UserProvider implements ControlProviderInterface ->like(\User_Query::LIKE_LOGIN, $query) ->like_match(\User_Query::LIKE_MATCH_OR) ->include_phantoms(true) - ->on_bases_where_i_am($for_user->ACL(), array('canadmin')) + ->on_bases_where_i_am($this->app['acl']->get($for_user), array('canadmin')) ->limit(0, 50) ->execute()->get_results(); diff --git a/lib/classes/ACL.php b/lib/classes/ACL.php index 12dafbcb0d..6db000f21e 100644 --- a/lib/classes/ACL.php +++ b/lib/classes/ACL.php @@ -291,7 +291,7 @@ class ACL implements cache_cacheableInterface $sbas_to_acces = array(); $rights_to_give = array(); - foreach ($template_user->ACL()->get_granted_sbas() as $databox) { + foreach ($this->app['acl']->get($template_user)->get_granted_sbas() as $databox) { $sbas_id = $databox->get_sbas_id(); if (!in_array($sbas_id, $sbas_ids)) @@ -302,7 +302,7 @@ class ACL implements cache_cacheableInterface } foreach ($sbas_rights as $right) { - if ($template_user->ACL()->has_right_on_sbas($sbas_id, $right)) { + if ($this->app['acl']->get($template_user)->has_right_on_sbas($sbas_id, $right)) { $rights_to_give[$sbas_id][$right] = '1'; } } @@ -336,7 +336,7 @@ class ACL implements cache_cacheableInterface '11' => array('aa' => '1', 'ao' => '1', 'xa' => '1', 'xo' => '1') ); - foreach ($template_user->ACL()->get_granted_base() as $collection) { + foreach ($this->app['acl']->get($template_user)->get_granted_base() as $collection) { $base_id = $collection->get_base_id(); if (!in_array($base_id, $base_ids)) @@ -347,13 +347,13 @@ class ACL implements cache_cacheableInterface } foreach ($bas_rights as $right) { - if ($template_user->ACL()->has_right_on_base($base_id, $right)) { + if ($this->app['acl']->get($template_user)->has_right_on_base($base_id, $right)) { $rights_to_give[$base_id][$right] = '1'; } } - $mask_and = $template_user->ACL()->get_mask_and($base_id); - $mask_xor = $template_user->ACL()->get_mask_xor($base_id); + $mask_and = $this->app['acl']->get($template_user)->get_mask_and($base_id); + $mask_xor = $this->app['acl']->get($template_user)->get_mask_xor($base_id); $mask_and = ctype_digit($mask_and) ? $mask_and : '0'; $mask_xor = ctype_digit($mask_xor) ? $mask_xor : '0'; @@ -408,7 +408,7 @@ class ACL implements cache_cacheableInterface private function apply_template_time_limits(User_Interface $template_user, Array $base_ids) { foreach ($base_ids as $base_id) { - $limited = $template_user->ACL()->get_limits($base_id); + $limited = $this->app['acl']->get($template_user)->get_limits($base_id); if (null !== $limited) { $this->set_limits($base_id, '1', $limited['dmin'], $limited['dmax']); } else { diff --git a/lib/classes/API/V1/Interface.php b/lib/classes/API/V1/Interface.php index 3751f78490..eacc52567c 100644 --- a/lib/classes/API/V1/Interface.php +++ b/lib/classes/API/V1/Interface.php @@ -10,6 +10,7 @@ */ use Symfony\Component\HttpFoundation\Request; +use Silex\Application; /** * diff --git a/lib/classes/API/V1/adapter.php b/lib/classes/API/V1/adapter.php index fa1bdf9ed7..2ab6bb9b1e 100644 --- a/lib/classes/API/V1/adapter.php +++ b/lib/classes/API/V1/adapter.php @@ -13,7 +13,6 @@ use Alchemy\Phrasea\Feed\Aggregate; use Alchemy\Phrasea\Feed\FeedInterface; use Alchemy\Phrasea\SearchEngine\SearchEngineOptions; use Alchemy\Phrasea\SearchEngine\SearchEngineSuggestion; -use Alchemy\Phrasea\Application; use Alchemy\Phrasea\Border\File; use Alchemy\Phrasea\Border\Attribute\Status; use Alchemy\Phrasea\Border\Manager as BorderManager; @@ -26,6 +25,7 @@ use Alchemy\Phrasea\Model\Entities\LazaretFile; use Alchemy\Phrasea\Model\Entities\Task; use Alchemy\Phrasea\Model\Entities\UserQuery; use Alchemy\Phrasea\Model\Entities\ValidationParticipant; +use Silex\Application; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpKernel\Exception\NotFoundHttpException; @@ -660,7 +660,7 @@ class API_V1_adapter extends API_V1_Abstract $collection = \collection::get_from_base_id($this->app, $request->get('base_id')); - if (!$app['authentication']->getUser()->ACL()->has_right_on_base($request->get('base_id'), 'canaddrecord')) { + if (!$app['acl']->get($app['authentication']->getUser())->has_right_on_base($request->get('base_id'), 'canaddrecord')) { throw new API_V1_exception_forbidden(sprintf('You do not have access to collection %s', $collection->get_label($this->app['locale.I18n']))); } @@ -735,7 +735,7 @@ class API_V1_adapter extends API_V1_Abstract $offset_start = max($request->get('offset_start', 0), 0); $per_page = min(max($request->get('per_page', 10), 1), 20); - $baseIds = array_keys($app['authentication']->getUser()->ACL()->get_granted_base(array('canaddrecord'))); + $baseIds = array_keys($app['acl']->get($app['authentication']->getUser())->get_granted_base(array('canaddrecord'))); $lazaretFiles = array(); @@ -773,7 +773,7 @@ class API_V1_adapter extends API_V1_Abstract throw new \API_V1_exception_notfound(sprintf('Lazaret file id %d not found', $lazaret_id)); } - if (!$app['authentication']->getUser()->ACL()->has_right_on_base($lazaretFile->getBaseId(), 'canaddrecord')) { + if (!$app['acl']->get($app['authentication']->getUser())->has_right_on_base($lazaretFile->getBaseId(), 'canaddrecord')) { throw new \API_V1_exception_forbidden('You do not have access to this quarantine item'); } @@ -1477,7 +1477,7 @@ class API_V1_adapter extends API_V1_Abstract { $result = new API_V1_result($this->app, $request, $this); - $coll = $this->app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\Feed')->getAllForUser($user); + $coll = $this->app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\Feed')->getAllForUser($this->app['acl']->get($user)); $datas = array(); foreach ($coll as $feed) { @@ -1535,7 +1535,7 @@ class API_V1_adapter extends API_V1_Abstract { $result = new API_V1_result($this->app, $request, $this); - $feed = Aggregate::createFromUser($this->app['EM'], $user); + $feed = Aggregate::createFromUser($this->app, $user); $offset_start = (int) ($request->get('offset_start') ? : 0); $per_page = (int) ($request->get('per_page') ? : 5); @@ -1562,7 +1562,7 @@ class API_V1_adapter extends API_V1_Abstract $collection = $entry->getFeed()->getCollection($this->app); - if (null !== $collection && !$user->ACL()->has_access_to_base($collection->get_base_id())) { + if (null !== $collection && !$this->app['acl']->get($user)->has_access_to_base($collection->get_base_id())) { throw new \API_V1_exception_forbidden('You have not access to the parent feed'); } diff --git a/lib/classes/Session/Logger.php b/lib/classes/Session/Logger.php index b0c7a189dd..af995e438d 100644 --- a/lib/classes/Session/Logger.php +++ b/lib/classes/Session/Logger.php @@ -101,7 +101,7 @@ class Session_Logger $colls = array(); if ($app['authentication']->getUser()) { - $bases = $app['authentication']->getUser()->ACL()->get_granted_base(array(), array($databox->get_sbas_id())); + $bases = $app['acl']->get($app['authentication']->getUser())->get_granted_base(array(), array($databox->get_sbas_id())); foreach ($bases as $collection) { $colls[] = $collection->get_coll_id(); } @@ -224,7 +224,7 @@ class Session_Logger ); if (isset($appName[$appId])) { - $sbas_ids = array_keys($user->ACL()->get_granted_sbas()); + $sbas_ids = array_keys($app['acl']->get($user)->get_granted_sbas()); foreach ($sbas_ids as $sbas_id) { try { diff --git a/lib/classes/User/Adapter.php b/lib/classes/User/Adapter.php index 8a161057ba..9a1913e4e4 100644 --- a/lib/classes/User/Adapter.php +++ b/lib/classes/User/Adapter.php @@ -334,16 +334,6 @@ class User_Adapter implements User_Interface, cache_cacheableInterface return array_key_exists($id, self::$_instance) ? self::$_instance[$id] : false; } - /** - * Return Access Control List object for the user - * - * @return ACL - */ - public function ACL() - { - return $this->get_ACL(); - } - /** * * @param Application $app @@ -351,8 +341,8 @@ class User_Adapter implements User_Interface, cache_cacheableInterface protected function set_app(Application $app) { $this->app = $app; - if (null !== $this->ACL) { - $this->ACL->set_app($app); + if (null !== $app['acl']->get($this)) { + $app['acl']->get($this)->set_app($app); } } @@ -404,20 +394,6 @@ class User_Adapter implements User_Interface, cache_cacheableInterface return $this; } - /** - * Load if needed of the ACL for the current user - * - * @return ACL - */ - protected function get_ACL() - { - if (!$this->ACL instanceof ACL) { - $this->ACL = new ACL($this, $this->app); - } - - return $this->ACL; - } - /** * * @return string @@ -1255,7 +1231,7 @@ class User_Adapter implements User_Interface, cache_cacheableInterface foreach ($app['phraseanet.appbox']->get_databoxes() as $databox) { foreach (array_keys($users) as $usr_id) { $user = User_Adapter::getInstance($usr_id, $app); - $user->ACL()->give_access_to_sbas(array($databox->get_sbas_id())); + $app['acl']->get($user)->give_access_to_sbas(array($databox->get_sbas_id())); $rights = array( 'bas_manage' => '1' @@ -1264,10 +1240,10 @@ class User_Adapter implements User_Interface, cache_cacheableInterface , 'bas_chupub' => '1' ); - $user->ACL()->update_rights_to_sbas($databox->get_sbas_id(), $rights); + $app['acl']->get($user)->update_rights_to_sbas($databox->get_sbas_id(), $rights); foreach ($databox->get_collections() as $collection) { - $user->ACL()->give_access_to_base(array($collection->get_base_id())); + $app['acl']->get($user)->give_access_to_base(array($collection->get_base_id())); $rights = array( 'canputinalbum' => '1' @@ -1290,8 +1266,8 @@ class User_Adapter implements User_Interface, cache_cacheableInterface , 'bas_modify_struct' => '1' ); - $user->ACL()->update_rights_to_base($collection->get_base_id(), $rights); - $user->ACL()->set_limits($collection->get_base_id(), false); + $app['acl']->get($user)->update_rights_to_base($collection->get_base_id(), $rights); + $app['acl']->get($user)->set_limits($collection->get_base_id(), false); } } } diff --git a/lib/classes/User/Interface.php b/lib/classes/User/Interface.php index fa49525f24..f3dfed6595 100644 --- a/lib/classes/User/Interface.php +++ b/lib/classes/User/Interface.php @@ -24,8 +24,6 @@ interface User_Interface public function __construct($id, Application $app); - public function ACL(); - public function set_password($pasword); public function set_email($email); diff --git a/lib/classes/collection.php b/lib/classes/collection.php index 8e5dacc3c7..7818a6a854 100644 --- a/lib/classes/collection.php +++ b/lib/classes/collection.php @@ -525,8 +525,8 @@ class collection implements cache_cacheableInterface while ($n < $total) { $results = $query->limit($n, 50)->execute()->get_results(); foreach ($results as $user) { - $user->ACL()->delete_data_from_cache(ACL::CACHE_RIGHTS_SBAS); - $user->ACL()->delete_data_from_cache(ACL::CACHE_RIGHTS_BAS); + $app['acl']->get($user)->delete_data_from_cache(ACL::CACHE_RIGHTS_SBAS); + $app['acl']->get($user)->delete_data_from_cache(ACL::CACHE_RIGHTS_BAS); } $n+=50; } @@ -626,7 +626,7 @@ class collection implements cache_cacheableInterface "modify_struct" => "1" ); - $user->ACL()->update_rights_to_base($base_id, $rights); + $this->app['acl']->get($user)->update_rights_to_base($base_id, $rights); return true; } diff --git a/lib/classes/databox.php b/lib/classes/databox.php index f1956dcaf3..d5d8d6287c 100644 --- a/lib/classes/databox.php +++ b/lib/classes/databox.php @@ -445,9 +445,9 @@ class databox extends base while ($n < $total) { $results = $query->limit($n, 50)->execute()->get_results(); foreach ($results as $user) { - $user->ACL()->delete_data_from_cache(ACL::CACHE_RIGHTS_SBAS); - $user->ACL()->delete_data_from_cache(ACL::CACHE_RIGHTS_BAS); - $user->ACL()->delete_injected_rights_sbas($this); + $this->app['acl']->get($user)->delete_data_from_cache(ACL::CACHE_RIGHTS_SBAS); + $this->app['acl']->get($user)->delete_data_from_cache(ACL::CACHE_RIGHTS_BAS); + $this->app['acl']->get($user)->delete_injected_rights_sbas($this); } $n+=50; } @@ -972,7 +972,7 @@ class databox extends base { $conn = connection::getPDOConnection($this->app); - $user->ACL() + $this->app['acl']->get($user) ->give_access_to_sbas(array($this->id)) ->update_rights_to_sbas( $this->id, array( @@ -1006,9 +1006,9 @@ class databox extends base } } - $user->ACL()->give_access_to_base($base_ids); + $this->app['acl']->get($user)->give_access_to_base($base_ids); foreach ($base_ids as $base_id) { - $user->ACL()->update_rights_to_base($base_id, array( + $this->app['acl']->get($user)->update_rights_to_base($base_id, array( 'canpush' => 1, 'cancmd' => 1 , 'canputinalbum' => 1, 'candwnldhd' => 1, 'candwnldpreview' => 1, 'canadmin' => 1 , 'actif' => 1, 'canreport' => 1, 'canaddrecord' => 1, 'canmodifrecord' => 1 diff --git a/lib/classes/databox/cgu.php b/lib/classes/databox/cgu.php index 5339463185..d0fb21176e 100644 --- a/lib/classes/databox/cgu.php +++ b/lib/classes/databox/cgu.php @@ -64,7 +64,7 @@ class databox_cgu $userValidation = true; if (! $home) { - if ( ! $app['authentication']->getUser()->ACL()->has_access_to_sbas($databox->get_sbas_id())) { + if ( ! $app['acl']->get($app['authentication']->getUser())->has_access_to_sbas($databox->get_sbas_id())) { continue; } $userValidation = ($app['authentication']->getUser()->getPrefs('terms_of_use_' . $databox->get_sbas_id()) !== $update && trim($value) !== ''); diff --git a/lib/classes/databox/status.php b/lib/classes/databox/status.php index 2c22b9d335..06656df722 100644 --- a/lib/classes/databox/status.php +++ b/lib/classes/databox/status.php @@ -136,7 +136,7 @@ class databox_status return self::$_statuses; } - $sbas_ids = $app['authentication']->getUser()->ACL()->get_granted_sbas(); + $sbas_ids = $app['acl']->get($app['authentication']->getUser())->get_granted_sbas(); $statuses = array(); @@ -157,7 +157,7 @@ class databox_status { $statuses = array(); - $sbas_ids = $app['authentication']->getUser()->ACL()->get_granted_sbas(); + $sbas_ids = $app['acl']->get($app['authentication']->getUser())->get_granted_sbas(); $see_all = array(); @@ -165,7 +165,7 @@ class databox_status $see_all[$databox->get_sbas_id()] = false; foreach ($databox->get_collections() as $collection) { - if ($app['authentication']->getUser()->ACL()->has_right_on_base($collection->get_base_id(), 'chgstatus')) { + if ($app['acl']->get($app['authentication']->getUser())->has_right_on_base($collection->get_base_id(), 'chgstatus')) { $see_all[$databox->get_sbas_id()] = true; break; } @@ -183,7 +183,7 @@ class databox_status $see_this = isset($see_all[$sbas_id]) ? $see_all[$sbas_id] : false; - if ($app['authentication']->getUser()->ACL()->has_right_on_sbas($sbas_id, 'bas_modify_struct')) { + if ($app['acl']->get($app['authentication']->getUser())->has_right_on_sbas($sbas_id, 'bas_modify_struct')) { $see_this = true; } diff --git a/lib/classes/eventsmanager/notify/autoregister.php b/lib/classes/eventsmanager/notify/autoregister.php index c45ce1b63a..185e22eec9 100644 --- a/lib/classes/eventsmanager/notify/autoregister.php +++ b/lib/classes/eventsmanager/notify/autoregister.php @@ -225,7 +225,7 @@ class eventsmanager_notify_autoregister extends eventsmanager_notifyAbstract return false; } - if ($this->app['authentication']->getUser()->ACL()->has_right('manageusers') === true) { + if ($this->app['acl']->get($this->app['authentication']->getUser())->has_right('manageusers') === true) { $bool = true; } diff --git a/lib/classes/eventsmanager/notify/order.php b/lib/classes/eventsmanager/notify/order.php index f4e5f88aa8..4b41677299 100644 --- a/lib/classes/eventsmanager/notify/order.php +++ b/lib/classes/eventsmanager/notify/order.php @@ -192,7 +192,7 @@ class eventsmanager_notify_order extends eventsmanager_notifyAbstract return false; } - if ($this->app['authentication']->getUser()->ACL()->has_right('order_master')) { + if ($this->app['acl']->get($this->app['authentication']->getUser())->has_right('order_master')) { $bool = true; } diff --git a/lib/classes/eventsmanager/notify/register.php b/lib/classes/eventsmanager/notify/register.php index ca87912432..96632a40e0 100644 --- a/lib/classes/eventsmanager/notify/register.php +++ b/lib/classes/eventsmanager/notify/register.php @@ -204,7 +204,7 @@ class eventsmanager_notify_register extends eventsmanager_notifyAbstract return false; } - if ($this->app['authentication']->getUser()->ACL()->has_right('manageusers')) { + if ($this->app['acl']->get($this->app['authentication']->getUser())->has_right('manageusers')) { $bool = true; } diff --git a/lib/classes/eventsmanager/notify/uploadquarantine.php b/lib/classes/eventsmanager/notify/uploadquarantine.php index d1a098e3f6..a0fb5e4b76 100644 --- a/lib/classes/eventsmanager/notify/uploadquarantine.php +++ b/lib/classes/eventsmanager/notify/uploadquarantine.php @@ -188,7 +188,7 @@ class eventsmanager_notify_uploadquarantine extends eventsmanager_notifyAbstract public function is_available() { if (null !== $this->app['authentication']->getUser()) { - return $this->app['authentication']->getUser()->ACL()->has_right('addrecord'); + return $this->app['acl']->get($this->app['authentication']->getUser())->has_right('addrecord'); } return false; diff --git a/lib/classes/eventsmanager/notify/validationdone.php b/lib/classes/eventsmanager/notify/validationdone.php index 1118328c79..a0742f5235 100644 --- a/lib/classes/eventsmanager/notify/validationdone.php +++ b/lib/classes/eventsmanager/notify/validationdone.php @@ -189,7 +189,7 @@ class eventsmanager_notify_validationdone extends eventsmanager_notifyAbstract return false; } - if ($this->app['authentication']->getUser()->ACL()->has_right('push')) { + if ($this->app['acl']->get($this->app['authentication']->getUser())->has_right('push')) { $bool = true; } diff --git a/lib/classes/module/report/dashboard.php b/lib/classes/module/report/dashboard.php index d3da57baeb..493989a9d4 100644 --- a/lib/classes/module/report/dashboard.php +++ b/lib/classes/module/report/dashboard.php @@ -241,7 +241,7 @@ class module_report_dashboard implements module_report_dashboard_componentInterf { $all_coll = array(); - $base_ids = $this->usr->ACL()->get_granted_base(array('canreport')); + $base_ids = $this->app['acl']->get($this->usr)->get_granted_base(array('canreport')); foreach ($base_ids as $base_id => $collection) { $databox = $collection->get_databox(); diff --git a/lib/classes/patch/320f.php b/lib/classes/patch/320f.php index 831a76e92d..b9a9945282 100644 --- a/lib/classes/patch/320f.php +++ b/lib/classes/patch/320f.php @@ -207,7 +207,7 @@ class patch_320f implements patchInterface $app['EM']->flush(); } elseif ($pub_restrict == 1) { - $collections = $user->ACL()->get_granted_base(); + $collections = $app['acl']->get($user)->get_granted_base(); $collection = array_shift($collections); if ( ! ($collection instanceof collection)) { foreach ($appbox->get_databoxes() as $databox) { diff --git a/lib/classes/record/adapter.php b/lib/classes/record/adapter.php index 13b09bf591..65867fd9f4 100644 --- a/lib/classes/record/adapter.php +++ b/lib/classes/record/adapter.php @@ -400,7 +400,7 @@ class record_adapter implements record_Interface, cache_cacheableInterface if (isset($dstatus[$sbas_id])) { foreach ($dstatus[$sbas_id] as $n => $statbit) { if ($statbit['printable'] == '0' && - !$this->app['authentication']->getUser()->ACL()->has_right_on_base($this->base_id, 'chgstatus')) { + !$this->app['acl']->get($this->app['authentication']->getUser())->has_right_on_base($this->base_id, 'chgstatus')) { continue; } diff --git a/lib/classes/record/exportElement.php b/lib/classes/record/exportElement.php index a619dafa57..b7f949abfa 100644 --- a/lib/classes/record/exportElement.php +++ b/lib/classes/record/exportElement.php @@ -107,17 +107,17 @@ class record_exportElement extends record_adapter 'thumbnail' => true ); - if ($this->app['authentication']->getUser()->ACL()->has_right_on_base($this->get_base_id(), 'candwnldhd')) { + if ($this->app['acl']->get($this->app['authentication']->getUser())->has_right_on_base($this->get_base_id(), 'candwnldhd')) { $go_dl['document'] = true; } - if ($this->app['authentication']->getUser()->ACL()->has_right_on_base($this->get_base_id(), 'candwnldpreview')) { + if ($this->app['acl']->get($this->app['authentication']->getUser())->has_right_on_base($this->get_base_id(), 'candwnldpreview')) { $go_dl['preview'] = true; } - if ($this->app['authentication']->getUser()->ACL()->has_hd_grant($this)) { + if ($this->app['acl']->get($this->app['authentication']->getUser())->has_hd_grant($this)) { $go_dl['document'] = true; $go_dl['preview'] = true; } - if ($this->app['authentication']->getUser()->ACL()->has_preview_grant($this)) { + if ($this->app['acl']->get($this->app['authentication']->getUser())->has_preview_grant($this)) { $go_dl['preview'] = true; } @@ -127,14 +127,14 @@ class record_exportElement extends record_adapter ->who_have_right(array('order_master')) ->execute()->get_results(); - $go_cmd = (count($masters) > 0 && $this->app['authentication']->getUser()->ACL()->has_right_on_base($this->base_id, 'cancmd')); + $go_cmd = (count($masters) > 0 && $this->app['acl']->get($this->app['authentication']->getUser())->has_right_on_base($this->base_id, 'cancmd')); $orderable['document'] = false; $downloadable['document'] = false; if (isset($sd['document']) && is_file($sd['document']->get_pathfile())) { if ($go_dl['document'] === true) { - if ($this->app['authentication']->getUser()->ACL()->is_restricted_download($this->base_id)) { + if ($this->app['acl']->get($this->app['authentication']->getUser())->is_restricted_download($this->base_id)) { $this->remain_hd --; if ($this->remain_hd >= 0) $downloadable['document'] = array( @@ -182,7 +182,7 @@ class record_exportElement extends record_adapter if (isset($sd[$name]) && $sd[$name]->is_physically_present()) { if ($class == 'document') { - if ($this->app['authentication']->getUser()->ACL()->is_restricted_download($this->base_id)) { + if ($this->app['acl']->get($this->app['authentication']->getUser())->is_restricted_download($this->base_id)) { $this->remain_hd --; if ($this->remain_hd >= 0) $downloadable[$name] = array( diff --git a/lib/classes/record/preview.php b/lib/classes/record/preview.php index a0ca4f2a30..c1d1ea392d 100644 --- a/lib/classes/record/preview.php +++ b/lib/classes/record/preview.php @@ -337,7 +337,7 @@ class record_preview extends record_adapter $tab = array(); - $report = $this->app['authentication']->getUser()->ACL()->has_right_on_base($this->get_base_id(), 'canreport'); + $report = $this->app['acl']->get($this->app['authentication']->getUser())->has_right_on_base($this->get_base_id(), 'canreport'); $connsbas = connection::getPDOConnection($this->app, $this->get_sbas_id()); @@ -420,7 +420,7 @@ class record_preview extends record_adapter return $this->view_popularity; } - $report = $this->app['authentication']->getUser()->ACL()->has_right_on_base( + $report = $this->app['acl']->get($this->app['authentication']->getUser())->has_right_on_base( $this->get_base_id(), 'canreport'); if ( ! $report && ! $this->app['phraseanet.registry']->get('GV_google_api')) { @@ -509,7 +509,7 @@ class record_preview extends record_adapter return $this->refferer_popularity; } - $report = $this->app['authentication']->getUser()->ACL()->has_right_on_base( + $report = $this->app['acl']->get($this->app['authentication']->getUser())->has_right_on_base( $this->get_base_id(), 'canreport'); if ( ! $report && ! $this->app['phraseanet.registry']->get('GV_google_api')) { @@ -581,7 +581,7 @@ class record_preview extends record_adapter return $this->download_popularity; } - $report = $this->app['authentication']->getUser()->ACL()->has_right_on_base($this->get_base_id(), 'canreport'); + $report = $this->app['acl']->get($this->app['authentication']->getUser())->has_right_on_base($this->get_base_id(), 'canreport'); $ret = false; if ( ! $report && ! $this->app['phraseanet.registry']->get('GV_google_api')) { diff --git a/lib/classes/set/export.php b/lib/classes/set/export.php index 75915365a4..2cba27ab0e 100644 --- a/lib/classes/set/export.php +++ b/lib/classes/set/export.php @@ -69,8 +69,8 @@ class set_export extends set_abstract $record_id = $basket_element->getRecord($this->app)->get_record_id(); if (!isset($remain_hd[$base_id])) { - if ($app['authentication']->getUser()->ACL()->is_restricted_download($base_id)) { - $remain_hd[$base_id] = $app['authentication']->getUser()->ACL()->remaining_download($base_id); + if ($app['acl']->get($app['authentication']->getUser())->is_restricted_download($base_id)) { + $remain_hd[$base_id] = $app['acl']->get($app['authentication']->getUser())->remaining_download($base_id); } else { $remain_hd[$base_id] = false; } @@ -109,8 +109,8 @@ class set_export extends set_abstract $record_id = $child_basrec->get_record_id(); if (!isset($remain_hd[$base_id])) { - if ($app['authentication']->getUser()->ACL()->is_restricted_download($base_id)) { - $remain_hd[$base_id] = $app['authentication']->getUser()->ACL()->remaining_download($base_id); + if ($app['acl']->get($app['authentication']->getUser())->is_restricted_download($base_id)) { + $remain_hd[$base_id] = $app['acl']->get($app['authentication']->getUser())->remaining_download($base_id); } else { $remain_hd[$base_id] = false; } @@ -132,8 +132,8 @@ class set_export extends set_abstract $record_id = $record->get_record_id(); if (!isset($remain_hd[$base_id])) { - if ($app['authentication']->getUser()->ACL()->is_restricted_download($base_id)) { - $remain_hd[$base_id] = $app['authentication']->getUser()->ACL()->remaining_download($base_id); + if ($app['acl']->get($app['authentication']->getUser())->is_restricted_download($base_id)) { + $remain_hd[$base_id] = $app['acl']->get($app['authentication']->getUser())->remaining_download($base_id); } else { $remain_hd[$base_id] = false; } @@ -167,7 +167,7 @@ class set_export extends set_abstract $this->businessFieldsAccess = false; foreach ($this->elements as $download_element) { - if ($app['authentication']->getUser()->ACL()->has_right_on_base($download_element->get_base_id(), 'canmodifrecord')) { + if ($app['acl']->get($app['authentication']->getUser())->has_right_on_base($download_element->get_base_id(), 'canmodifrecord')) { $this->businessFieldsAccess = true; } @@ -219,11 +219,11 @@ class set_export extends set_abstract $display_ftp = array(); - $hasadminright = $app['authentication']->getUser()->ACL()->has_right('addrecord') - || $app['authentication']->getUser()->ACL()->has_right('deleterecord') - || $app['authentication']->getUser()->ACL()->has_right('modifyrecord') - || $app['authentication']->getUser()->ACL()->has_right('coll_manage') - || $app['authentication']->getUser()->ACL()->has_right('coll_modify_struct'); + $hasadminright = $app['acl']->get($app['authentication']->getUser())->has_right('addrecord') + || $app['acl']->get($app['authentication']->getUser())->has_right('deleterecord') + || $app['acl']->get($app['authentication']->getUser())->has_right('modifyrecord') + || $app['acl']->get($app['authentication']->getUser())->has_right('coll_manage') + || $app['acl']->get($app['authentication']->getUser())->has_right('coll_modify_struct'); $this->ftp_datas = array(); @@ -231,7 +231,7 @@ class set_export extends set_abstract $display_ftp = $display_download; $this->total_ftp = $this->total_download; - $lst_base_id = array_keys($app['authentication']->getUser()->ACL()->get_granted_base()); + $lst_base_id = array_keys($app['acl']->get($app['authentication']->getUser())->get_granted_base()); if ($hasadminright) { $sql = "SELECT usr.usr_id,usr_login,usr.usr_mail, FtpCredential.* @@ -432,7 +432,7 @@ class set_export extends set_abstract $BF = false; - if ($includeBusinessFields && $user->ACL()->has_right_on_base($download_element->get_base_id(), 'canmodifrecord')) { + if ($includeBusinessFields && $this->app['acl']->get($user)->has_right_on_base($download_element->get_base_id(), 'canmodifrecord')) { $BF = true; } @@ -515,8 +515,8 @@ class set_export extends set_abstract 'path' => $sd[$name]->get_path() , 'file' => $sd[$name]->get_file() ); - if (!$user->ACL()->has_right_on_base($download_element->get_base_id(), "nowatermark") - && !$user->ACL()->has_preview_grant($download_element) + if (!$this->app['acl']->get($user)->has_right_on_base($download_element->get_base_id(), "nowatermark") + && !$this->app['acl']->get($user)->has_preview_grant($download_element) && $sd[$name]->get_type() == media_subdef::TYPE_IMAGE) { $path = recordutils_image::watermark($this->app, $sd[$name]); if (file_exists($path)) { @@ -792,7 +792,7 @@ class set_export extends set_abstract $log["shortXml"] = $record_object->get_caption()->serialize(caption_record::SERIALIZE_XML); $tmplog[$record_object->get_base_id()][] = $log; if (!$anonymous && $o == 'document') { - $app['authentication']->getUser()->ACL()->remove_remaining($record_object->get_base_id()); + $app['acl']->get($app['authentication']->getUser())->remove_remaining($record_object->get_base_id()); } } @@ -810,11 +810,11 @@ class set_export extends set_abstract $stmt = $app['phraseanet.appbox']->get_connection()->prepare($sql); foreach ($list_base as $base_id) { - if ($app['authentication']->getUser()->ACL()->is_restricted_download($base_id)) { + if ($app['acl']->get($app['authentication']->getUser())->is_restricted_download($base_id)) { $params = array( - ':remain_dl' => $app['authentication']->getUser()->ACL()->remaining_download($base_id) + ':remain_dl' => $app['acl']->get($app['authentication']->getUser())->remaining_download($base_id) , ':base_id' => $base_id - , ':usr_id' => $app['authentication']->getUser()->get_id() + , ':usr_id' => $app['acl']->get($app['authentication']->getUser())->get_id() ); $stmt->execute($params); diff --git a/lib/classes/set/selection.php b/lib/classes/set/selection.php index d25e41eefc..8af560da28 100644 --- a/lib/classes/set/selection.php +++ b/lib/classes/set/selection.php @@ -63,26 +63,26 @@ class set_selection extends set_abstract $sbas_id = $record->get_sbas_id(); $record_id = $record->get_record_id(); if (! $rights) { - if ($this->app['authentication']->getUser()->ACL()->has_hd_grant($record)) { + if ($this->app['acl']->get($this->app['authentication']->getUser())->has_hd_grant($record)) { continue; } - if ($this->app['authentication']->getUser()->ACL()->has_preview_grant($record)) { + if ($this->app['acl']->get($this->app['authentication']->getUser())->has_preview_grant($record)) { continue; } - if ( ! $this->app['authentication']->getUser()->ACL()->has_access_to_base($base_id)) { + if ( ! $this->app['acl']->get($this->app['authentication']->getUser())->has_access_to_base($base_id)) { $to_remove[] = $id; continue; } } else { foreach ($rights as $right) { - if ( ! $this->app['authentication']->getUser()->ACL()->has_right_on_base($base_id, $right)) { + if ( ! $this->app['acl']->get($this->app['authentication']->getUser())->has_right_on_base($base_id, $right)) { $to_remove[] = $id; continue; } } foreach ($sbas_rights as $right) { - if ( ! $this->app['authentication']->getUser()->ACL()->has_right_on_sbas($sbas_id, $right)) { + if ( ! $this->app['acl']->get($this->app['authentication']->getUser())->has_right_on_sbas($sbas_id, $right)) { $to_remove[] = $id; continue; } @@ -94,8 +94,8 @@ class set_selection extends set_abstract $sql = 'SELECT record_id FROM record - WHERE ((status ^ ' . $this->app['authentication']->getUser()->ACL()->get_mask_xor($base_id) . ') - & ' . $this->app['authentication']->getUser()->ACL()->get_mask_and($base_id) . ')=0 + WHERE ((status ^ ' . $this->app['acl']->get($this->app['authentication']->getUser())->get_mask_xor($base_id) . ') + & ' . $this->app['acl']->get($this->app['authentication']->getUser())->get_mask_and($base_id) . ')=0 AND record_id = :record_id'; $stmt = $connsbas->prepare($sql); diff --git a/templates/web/admin/collection/collection.html.twig b/templates/web/admin/collection/collection.html.twig index a1bea7eedb..a90ee6e652 100644 --- a/templates/web/admin/collection/collection.html.twig +++ b/templates/web/admin/collection/collection.html.twig @@ -34,7 +34,7 @@
  • {{ collection.get_record_amount() }} records {% trans 'phraseanet:: details' %}
    • -{% if app['authentication'].getUser().ACL.has_right_on_base(bas_id, 'manage') %} +{% if app['acl'].get(app['authentication'].getUser()).has_right_on_base(bas_id, 'manage') %}
    {% trans 'admin::collection:: Gestionnaires des commandes' %}
    @@ -143,7 +143,7 @@
    {% trans 'admin::base:collection: minilogo actuel' %}
    {% if collection.getLogo(bas_id, app) is not empty %}
    {{ collection.getLogo(bas_id, app) | raw }}
    - {% if app['authentication'].getUser().ACL.has_right_on_base(bas_id, 'manage') %} + {% if app['acl'].get(app['authentication'].getUser()).has_right_on_base(bas_id, 'manage') %}
    {% endif%} - {% elseif app['authentication'].getUser().ACL.has_right_on_base(bas_id, 'manage') %} + {% elseif app['acl'].get(app['authentication'].getUser()).has_right_on_base(bas_id, 'manage') %} {% trans 'admin::base:collection: aucun fichier (minilogo, watermark ...)' %}
    @@ -168,7 +168,7 @@
    {% trans "Watermark" %}
    {% if collection.getWatermark(bas_id) is not empty %}
    {{ collection.getWatermark(bas_id)| raw }}
    - {% if app['authentication'].getUser().ACL.has_right_on_base(bas_id, 'manage') %} + {% if app['acl'].get(app['authentication'].getUser()).has_right_on_base(bas_id, 'manage') %} {% endif%} - {% elseif app['authentication'].getUser().ACL.has_right_on_base(bas_id, 'manage') %} + {% elseif app['acl'].get(app['authentication'].getUser()).has_right_on_base(bas_id, 'manage') %} {% trans 'admin::base:collection: aucun fichier (minilogo, watermark ...)' %}
    @@ -193,7 +193,7 @@
    {% trans "Stamp logo" %}
    {% if collection.getStamp(bas_id) is not empty %}
    {{ collection.getStamp(bas_id)| raw }}
    - {% if app['authentication'].getUser().ACL.has_right_on_base(bas_id, 'manage') %} + {% if app['acl'].get(app['authentication'].getUser()).has_right_on_base(bas_id, 'manage') %} {% endif%} - {% elseif app['authentication'].getUser().ACL.has_right_on_base(bas_id, 'manage') %} + {% elseif app['acl'].get(app['authentication'].getUser()).has_right_on_base(bas_id, 'manage') %} {% trans 'admin::base:collection: aucun fichier (minilogo, watermark ...)' %}
    @@ -218,7 +218,7 @@
    {% trans 'admin::base:collection: image de presentation : ' %}
    {% if collection.getPresentation(bas_id) is not empty %}
    {{ collection.getPresentation(bas_id)| raw }}
    - {% if app['authentication'].getUser().ACL.has_right_on_base(bas_id, 'manage') %} + {% if app['acl'].get(app['authentication'].getUser()).has_right_on_base(bas_id, 'manage') %} {% endif%} - {% elseif app['authentication'].getUser().ACL.has_right_on_base(bas_id, 'manage') %} + {% elseif app['acl'].get(app['authentication'].getUser()).has_right_on_base(bas_id, 'manage') %} {% trans 'admin::base:collection: aucun fichier (minilogo, watermark ...)' %}
    diff --git a/templates/web/admin/collection/create.html.twig b/templates/web/admin/collection/create.html.twig index 43c9046c69..227c7d0b9b 100644 --- a/templates/web/admin/collection/create.html.twig +++ b/templates/web/admin/collection/create.html.twig @@ -32,10 +32,10 @@
    - {% if app['authentication'].getUser().ACL().get_granted_base(["canadmin"]) | length > 0 %} + {% if app['acl'].get(app['authentication'].getUser()).get_granted_base(["canadmin"]) | length > 0 %} diff --git a/templates/web/admin/connected-users.html.twig b/templates/web/admin/connected-users.html.twig index 2bef2def0e..d36ed7179d 100644 --- a/templates/web/admin/connected-users.html.twig +++ b/templates/web/admin/connected-users.html.twig @@ -24,7 +24,7 @@ {{ 'admin::monitor: bases sur lesquelles l\'utilisateur est connecte : ' | trans }} : - {% for databox in user.ACL().get_granted_sbas() %} + {% for databox in app['acl'].get(user).get_granted_sbas() %} {{ databox.get_label(app['locale.I18n']) }} diff --git a/templates/web/admin/databases.html.twig b/templates/web/admin/databases.html.twig index b6b5fe1945..7d8ea95060 100644 --- a/templates/web/admin/databases.html.twig +++ b/templates/web/admin/databases.html.twig @@ -43,7 +43,7 @@
    -{% if app['authentication'].getUser().ACL().is_admin() %} +{% if app['acl'].get(app['authentication'].getUser()).is_admin() %}

    {% trans 'admin::base: Version' %}

    diff --git a/templates/web/admin/databox/databox.html.twig b/templates/web/admin/databox/databox.html.twig index 62e46ff14c..f4c79c452e 100644 --- a/templates/web/admin/databox/databox.html.twig +++ b/templates/web/admin/databox/databox.html.twig @@ -30,7 +30,7 @@
  • {% trans 'admin::base: Alias' %} : {{ databox.get_label(app['locale.I18n']) }} - {% if app['authentication'].getUser().ACL().has_right_on_sbas(databox.get_sbas_id(), "bas_manage") %} + {% if app['acl'].get(app['authentication'].getUser()).has_right_on_sbas(databox.get_sbas_id(), "bas_manage") %}
    • -{% if app['authentication'].getUser().ACL().has_right_on_sbas(databox.get_sbas_id(), "bas_manage") %} +{% if app['acl'].get(app['authentication'].getUser()).has_right_on_sbas(databox.get_sbas_id(), "bas_manage") %}
    {% endif %} {% else %} - {% if class != 'checked' and type == 'base' and admin.ACL().has_right_on_base(id, name) is empty %} + {% if class != 'checked' and type == 'base' and app['acl'].get(admin).has_right_on_base(id, name) is empty %}
    - {% elseif class != 'checked' and type == 'sbas' and admin.ACL().has_right_on_sbas(id, name) is empty %} + {% elseif class != 'checked' and type == 'sbas' and app['acl'].get(admin).has_right_on_sbas(id, name) is empty %}
    {% else %} diff --git a/templates/web/admin/publications/fiche.html.twig b/templates/web/admin/publications/fiche.html.twig index 57e0c65dcd..7a913af0e6 100644 --- a/templates/web/admin/publications/fiche.html.twig +++ b/templates/web/admin/publications/fiche.html.twig @@ -101,7 +101,7 @@
    - {% for databox in app['authentication'].getUser().ACL().get_granted_sbas('bas_chupub') %} + {% for databox in app['acl'].get(app['authentication'].getUser()).get_granted_sbas('bas_chupub') %} {% for collection in databox.get_collections() %} diff --git a/templates/web/admin/tree.html.twig b/templates/web/admin/tree.html.twig index e7d1c5a539..f7c04eaee9 100644 --- a/templates/web/admin/tree.html.twig +++ b/templates/web/admin/tree.html.twig @@ -2,7 +2,7 @@
    - {% if app['authentication'].getUser().ACL().has_right_on_base(record.get_base_id(), 'candwnldhd') - or app['authentication'].getUser().ACL().has_right_on_base(record.get_base_id(), 'candwnldpreview') - or app['authentication'].getUser().ACL().has_right_on_base(record.get_base_id(), 'cancmd') - or app['authentication'].getUser().ACL().has_preview_grant(record) %} + {% if app['acl'].get(app['authentication'].getUser()).has_right_on_base(record.get_base_id(), 'candwnldhd') + or app['acl'].get(app['authentication'].getUser()).has_right_on_base(record.get_base_id(), 'candwnldpreview') + or app['acl'].get(app['authentication'].getUser()).has_right_on_base(record.get_base_id(), 'cancmd') + or app['acl'].get(app['authentication'].getUser()).has_preview_grant(record) %}
    {% endif %} diff --git a/templates/web/common/caption.html.twig b/templates/web/common/caption.html.twig index 929230543a..f46684dee5 100644 --- a/templates/web/common/caption.html.twig +++ b/templates/web/common/caption.html.twig @@ -6,7 +6,7 @@ {% import 'common/caption_templates/preview.html.twig' as cap_prev %} {% if app['authentication'].getUser() %} - {% set business = app['authentication'].getUser().ACL().has_right_on_base(record.get_base_id(), 'canmodifrecord') %} + {% set business = app['acl'].get(app['authentication'].getUser()).has_right_on_base(record.get_base_id(), 'canmodifrecord') %} {% else %} {% set business = false %} {% endif %} diff --git a/templates/web/common/drop_down_options.html.twig b/templates/web/common/drop_down_options.html.twig index 6fff066800..763a905564 100644 --- a/templates/web/common/drop_down_options.html.twig +++ b/templates/web/common/drop_down_options.html.twig @@ -8,7 +8,7 @@
    - {% if app['authentication'].getUser().ACL.has_right_on_base(record.get_base_id, 'canputinalbum') and not record.is_grouping() %} + {% if app['acl'].get(app['authentication'].getUser()).has_right_on_base(record.get_base_id, 'canputinalbum') and not record.is_grouping() %}
    @@ -16,7 +16,7 @@
    {% endif %} - {% if app['authentication'].getUser().ACL.has_right_on_base(record.get_base_id, 'candwnldpreview') or app['authentication'].getUser().ACL.has_right_on_base(record.get_base_id, 'candwnldhd') %} + {% if app['acl'].get(app['authentication'].getUser()).has_right_on_base(record.get_base_id, 'candwnldpreview') or app['acl'].get(app['authentication'].getUser()).has_right_on_base(record.get_base_id, 'candwnldhd') %}
    @@ -30,7 +30,7 @@ {% trans 'action : print' %}
    - {% if app['phraseanet.registry'].get('GV_social_tools') == 'all' or (app['phraseanet.registry'].get('GV_social_tools') == 'publishers' and user.ACL().has_right_on_sbas(record.get_sbas_id(), 'bas_chupub')) %} + {% if app['phraseanet.registry'].get('GV_social_tools') == 'all' or (app['phraseanet.registry'].get('GV_social_tools') == 'publishers' and app['acl'].get(user).has_right_on_sbas(record.get_sbas_id(), 'bas_chupub')) %} {% if record.is_grouping() is empty %}
    - {% if app['browser'].isNewGeneration and app['phraseanet.registry'].get('GV_thesaurus') == true and app['authentication'].getUser().ACL.has_access_to_module('thesaurus') %} + {% if app['browser'].isNewGeneration and app['phraseanet.registry'].get('GV_thesaurus') == true and app['acl'].get(app['authentication'].getUser()).has_access_to_module('thesaurus') %}
  • @@ -45,7 +45,7 @@ {# MODULE #} - {% if app['authentication'].getUser().ACL.has_access_to_module('admin') %} + {% if app['acl'].get(app['authentication'].getUser()).has_access_to_module('admin') %}
  • @@ -56,7 +56,7 @@ {% endif %} {# MODULE #} - {% if app['authentication'].getUser().ACL.has_access_to_module('report') %} + {% if app['acl'].get(app['authentication'].getUser()).has_access_to_module('report') %}
  • @@ -75,9 +75,9 @@
    • - {# MODULE #} + {# MODULE #} {% if module is defined and module == "prod" %} - {% if app['authentication'].getUser().ACL.has_access_to_module('upload') %} + {% if app['acl'].get(app['authentication'].getUser()).has_access_to_module('upload') %}
  • {% set link = path('upload_form') %} @@ -105,7 +105,7 @@
    • {% endif %} - {% if module is defined and module == "prod" and app['authentication'].getUser().ACL.has_right('order_master') %} + {% if module is defined and module == "prod" and app['acl'].get(app['authentication'].getUser()).has_right('order_master') %}
  • diff --git a/templates/web/common/preview.html.twig b/templates/web/common/preview.html.twig index d05aee273d..6aaa327f0d 100644 --- a/templates/web/common/preview.html.twig +++ b/templates/web/common/preview.html.twig @@ -9,7 +9,7 @@ {% set previewHtml5 = null %} -{% if app['authentication'].getUser().ACL().has_access_to_subdef(record, 'preview') %} +{% if app['acl'].get(app['authentication'].getUser()).has_access_to_subdef(record, 'preview') %} {% set preview_obj = record.get_preview() %} {% else %} {% set preview_obj = record.get_thumbnail() %} diff --git a/templates/web/lightbox/IE6/feed.html.twig b/templates/web/lightbox/IE6/feed.html.twig index c961530e19..f02e652bff 100644 --- a/templates/web/lightbox/IE6/feed.html.twig +++ b/templates/web/lightbox/IE6/feed.html.twig @@ -34,7 +34,7 @@
    • {% if first_item %} - {% if app['authentication'].getUser().ACL().has_access_to_subdef(first_item.getRecord(app), 'preview') %} + {% if app['acl'].get(app['authentication'].getUser()).has_access_to_subdef(first_item.getRecord(app), 'preview') %} {% set preview = first_item.getRecord(app).get_preview() %} {% else %} {% set preview = first_item.getRecord(app).get_thumbnail() %} @@ -81,7 +81,7 @@
    - {% set business = app['authentication'].getUser().ACL().has_right_on_base(first_item.getRecord(app).get_base_id(), 'canmodifrecord') %} + {% set business = app['acl'].get(app['authentication'].getUser()).has_right_on_base(first_item.getRecord(app).get_base_id(), 'canmodifrecord') %} {% if first_item %} {{caption.format_caption(first_item.getRecord(app), '', null, business)}} {% endif %} diff --git a/templates/web/lightbox/IE6/validate.html.twig b/templates/web/lightbox/IE6/validate.html.twig index 1e1f77b7e4..d35d726c9a 100644 --- a/templates/web/lightbox/IE6/validate.html.twig +++ b/templates/web/lightbox/IE6/validate.html.twig @@ -94,7 +94,7 @@
    {% if basket_element %} - {% set business = app['authentication'].getUser().ACL().has_right_on_base(basket_element.getRecord(app).get_base_id(), 'canmodifrecord') %} + {% set business = app['acl'].get(app['authentication'].getUser()).has_right_on_base(basket_element.getRecord(app).get_base_id(), 'canmodifrecord') %} {{caption.format_caption(basket_element.getRecord(app), '', null, business)}} {% endif %}
    diff --git a/templates/web/lightbox/feed.html.twig b/templates/web/lightbox/feed.html.twig index 29d9ad466e..b2e2b8f042 100644 --- a/templates/web/lightbox/feed.html.twig +++ b/templates/web/lightbox/feed.html.twig @@ -42,7 +42,7 @@
    {% if first_item %} - {% if app['authentication'].getUser().ACL().has_access_to_subdef(first_item.getRecord(app), 'preview') %} + {% if app['acl'].get(app['authentication'].getUser()).has_access_to_subdef(first_item.getRecord(app), 'preview') %} {% set bask_prev = first_item.getRecord(app).get_preview() %} {% else %} {% set bask_prev = first_item.getRecord(app).get_thumbnail() %} @@ -81,7 +81,7 @@
    - {% set business = app['authentication'].getUser().ACL().has_right_on_base(first_item.getRecord(app).get_base_id(), 'canmodifrecord') %} + {% set business = app['acl'].get(app['authentication'].getUser()).has_right_on_base(first_item.getRecord(app).get_base_id(), 'canmodifrecord') %} {% if first_item %} {{caption.format_caption(first_item.getRecord(app), '', null, business)}} {% endif %} diff --git a/templates/web/lightbox/validate.html.twig b/templates/web/lightbox/validate.html.twig index a9e60c5ae2..9c4356f2cd 100644 --- a/templates/web/lightbox/validate.html.twig +++ b/templates/web/lightbox/validate.html.twig @@ -97,7 +97,7 @@
    {% if basket_element %} - {% set business = app['authentication'].getUser().ACL().has_right_on_base(basket_element.getRecord(app).get_base_id(), 'canmodifrecord') %} + {% set business = app['acl'].get(app['authentication'].getUser()).has_right_on_base(basket_element.getRecord(app).get_base_id(), 'canmodifrecord') %} {{caption.format_caption(basket_element.getRecord(app), '', null, business)}} {% endif %}
    diff --git a/templates/web/prod/Story/Create.html.twig b/templates/web/prod/Story/Create.html.twig index 62b445d52b..debecf6c4b 100644 --- a/templates/web/prod/Story/Create.html.twig +++ b/templates/web/prod/Story/Create.html.twig @@ -2,7 +2,7 @@ diff --git a/templates/web/prod/WorkZone/Basket.html.twig b/templates/web/prod/WorkZone/Basket.html.twig index 98a3099927..af94792856 100644 --- a/templates/web/prod/WorkZone/Basket.html.twig +++ b/templates/web/prod/WorkZone/Basket.html.twig @@ -10,36 +10,36 @@ - {% if app['authentication'].getUser().ACL().has_right('modifyrecord') %} + {% if app['acl'].get(app['authentication'].getUser()).has_right('modifyrecord') %} {% endif %} - {% if app['authentication'].getUser().ACL().has_right('changestatus') %} + {% if app['acl'].get(app['authentication'].getUser()).has_right('changestatus') %} {% endif %} - {% if app['authentication'].getUser().ACL().has_right('deleterecord') and app['authentication'].getUser().ACL().has_right('addrecord') %} + {% if app['acl'].get(app['authentication'].getUser()).has_right('deleterecord') and app['acl'].get(app['authentication'].getUser()).has_right('addrecord') %} {% endif %} - {% if app['authentication'].getUser().ACL().has_right('push') %} + {% if app['acl'].get(app['authentication'].getUser()).has_right('push') %} {% endif %} - {% if app['authentication'].getUser().ACL().has_right('push') %} + {% if app['acl'].get(app['authentication'].getUser()).has_right('push') %} {% endif %} - {% if app['authentication'].getUser().ACL().has_right('bas_chupub') %} + {% if app['acl'].get(app['authentication'].getUser()).has_right('bas_chupub') %} @@ -48,7 +48,7 @@ {% endif %} - {% if app['authentication'].getUser().ACL().has_right('doctools') %} + {% if app['acl'].get(app['authentication'].getUser()).has_right('doctools') %} diff --git a/templates/web/prod/WorkZone/Story.html.twig b/templates/web/prod/WorkZone/Story.html.twig index 70ec09fd51..be7fbd79d8 100644 --- a/templates/web/prod/WorkZone/Story.html.twig +++ b/templates/web/prod/WorkZone/Story.html.twig @@ -9,36 +9,36 @@ - {% if app['authentication'].getUser().ACL().has_right('modifyrecord') %} + {% if app['acl'].get(app['authentication'].getUser()).has_right('modifyrecord') %} {% endif %} - {% if app['authentication'].getUser().ACL().has_right('changestatus') %} + {% if app['acl'].get(app['authentication'].getUser()).has_right('changestatus') %} {% endif %} - {% if app['authentication'].getUser().ACL().has_right('deleterecord') and app['authentication'].getUser().ACL().has_right('addrecord') %} + {% if app['acl'].get(app['authentication'].getUser()).has_right('deleterecord') and app['acl'].get(app['authentication'].getUser()).has_right('addrecord') %} {% endif %} - {% if app['authentication'].getUser().ACL().has_right('push') %} + {% if app['acl'].get(app['authentication'].getUser()).has_right('push') %} {% endif %} - {% if app['authentication'].getUser().ACL().has_right('push') %} + {% if app['acl'].get(app['authentication'].getUser()).has_right('push') %} {% endif %} - {% if app['authentication'].getUser().ACL().has_right('bas_chupub') %} + {% if app['acl'].get(app['authentication'].getUser()).has_right('bas_chupub') %} @@ -47,7 +47,7 @@ {% endif %} - {% if app['authentication'].getUser().ACL().has_right('doctools') %} + {% if app['acl'].get(app['authentication'].getUser()).has_right('doctools') %} diff --git a/templates/web/prod/actions/Push.html.twig b/templates/web/prod/actions/Push.html.twig index 535aa77a65..5584c8f117 100644 --- a/templates/web/prod/actions/Push.html.twig +++ b/templates/web/prod/actions/Push.html.twig @@ -87,7 +87,7 @@
    {% trans 'Select a user in the list'%}
    - {% if app['authentication'].getUser().ACL().has_right('manageusers') %} + {% if app['acl'].get(app['authentication'].getUser()).has_right('manageusers') %} {% trans 'or' %} {% trans 'Add user' %} {% endif %} diff --git a/templates/web/prod/actions/edit_default.html.twig b/templates/web/prod/actions/edit_default.html.twig index c63eba2384..6907aedf12 100644 --- a/templates/web/prod/actions/edit_default.html.twig +++ b/templates/web/prod/actions/edit_default.html.twig @@ -27,7 +27,7 @@ {% endif %} {% set class_status = 'nostatus' %} - {% if app['authentication'].getUser().ACL().has_right_on_base(record.get_base_id(), 'chgstatus') %} + {% if app['acl'].get(app['authentication'].getUser()).has_right_on_base(record.get_base_id(), 'chgstatus') %} {% set class_status = '' %} {% endif %} diff --git a/templates/web/prod/index.html.twig b/templates/web/prod/index.html.twig index 77095472e3..6a504cd8fe 100644 --- a/templates/web/prod/index.html.twig +++ b/templates/web/prod/index.html.twig @@ -169,7 +169,7 @@
    @@ -209,7 +209,7 @@
    - {% if app['authentication'].getUser().ACL().has_access_to_module('thesaurus') %} + {% if app['acl'].get(app['authentication'].getUser()).has_access_to_module('thesaurus') %}
    @@ -248,7 +248,7 @@ {% trans 'Browse Baskets' %}
    - {% if app['phraseanet.registry'].get('GV_multiAndReport') and app['authentication'].getUser().ACL().has_right('addrecord') %} + {% if app['phraseanet.registry'].get('GV_multiAndReport') and app['acl'].get(app['authentication'].getUser()).has_right('addrecord') %}
    @@ -531,19 +531,19 @@ {% set actions = {} %} - {% if app['authentication'].getUser().ACL().has_right('modifyrecord') %} + {% if app['acl'].get(app['authentication'].getUser()).has_right('modifyrecord') %} {% set label %} {% trans 'action : editer' %} {% endset %} {% set actions = actions|merge( { 'edit' : {'icon': "/skins/prod/000000/images/ppen_history.gif", 'class':'TOOL_ppen_btn', 'label' : label} }) %} {% endif %} - {% if app['authentication'].getUser().ACL().has_right('changestatus') %} + {% if app['acl'].get(app['authentication'].getUser()).has_right('changestatus') %} {% set label %} {% trans 'action : status' %} {% endset %} {% set actions = actions|merge( { 'status' : {'icon': "/skins/prod/000000/images/chgstatus_history.gif", 'class':'TOOL_chgstatus_btn', 'label' : label} }) %} {% endif %} - {% if app['authentication'].getUser().ACL().has_right('deleterecord') and app['authentication'].getUser().ACL().has_right('addrecord') %} + {% if app['acl'].get(app['authentication'].getUser()).has_right('deleterecord') and app['acl'].get(app['authentication'].getUser()).has_right('addrecord') %} {% set label %} {% trans 'action : collection' %} {% endset %} @@ -591,7 +591,7 @@ {% endif %} - {% if app['authentication'].getUser().ACL().has_right('push') and app['authentication'].getUser().ACL().has_right('bas_chupub') %} + {% if app['acl'].get(app['authentication'].getUser()).has_right('push') and app['acl'].get(app['authentication'].getUser()).has_right('bas_chupub') %}
    - {% elseif app['authentication'].getUser().ACL().has_right('push') %} + {% elseif app['acl'].get(app['authentication'].getUser()).has_right('push') %}
    - {% elseif app['authentication'].getUser().ACL().has_right('bas_chupub') %} + {% elseif app['acl'].get(app['authentication'].getUser()).has_right('bas_chupub') %}
    {% endif %} - {% if app['authentication'].getUser().ACL().has_right('deleterecord') %} + {% if app['acl'].get(app['authentication'].getUser()).has_right('deleterecord') %}