mirror of
https://github.com/alchemy-fr/Phraseanet.git
synced 2025-10-17 23:13:15 +00:00
Merge pull request #734 from nlegoff/acl_service
[3.9] Add ACL as a service
This commit is contained in:
Romain Neutron
@@ -291,7 +291,7 @@ class ACL implements cache_cacheableInterface
|
||||
$sbas_to_acces = array();
|
||||
$rights_to_give = array();
|
||||
|
||||
foreach ($template_user->ACL()->get_granted_sbas() as $databox) {
|
||||
foreach ($this->app['acl']->get($template_user)->get_granted_sbas() as $databox) {
|
||||
$sbas_id = $databox->get_sbas_id();
|
||||
|
||||
if (!in_array($sbas_id, $sbas_ids))
|
||||
@@ -302,7 +302,7 @@ class ACL implements cache_cacheableInterface
|
||||
}
|
||||
|
||||
foreach ($sbas_rights as $right) {
|
||||
if ($template_user->ACL()->has_right_on_sbas($sbas_id, $right)) {
|
||||
if ($this->app['acl']->get($template_user)->has_right_on_sbas($sbas_id, $right)) {
|
||||
$rights_to_give[$sbas_id][$right] = '1';
|
||||
}
|
||||
}
|
||||
@@ -336,7 +336,7 @@ class ACL implements cache_cacheableInterface
|
||||
'11' => array('aa' => '1', 'ao' => '1', 'xa' => '1', 'xo' => '1')
|
||||
);
|
||||
|
||||
foreach ($template_user->ACL()->get_granted_base() as $collection) {
|
||||
foreach ($this->app['acl']->get($template_user)->get_granted_base() as $collection) {
|
||||
$base_id = $collection->get_base_id();
|
||||
|
||||
if (!in_array($base_id, $base_ids))
|
||||
@@ -347,13 +347,13 @@ class ACL implements cache_cacheableInterface
|
||||
}
|
||||
|
||||
foreach ($bas_rights as $right) {
|
||||
if ($template_user->ACL()->has_right_on_base($base_id, $right)) {
|
||||
if ($this->app['acl']->get($template_user)->has_right_on_base($base_id, $right)) {
|
||||
$rights_to_give[$base_id][$right] = '1';
|
||||
}
|
||||
}
|
||||
|
||||
$mask_and = $template_user->ACL()->get_mask_and($base_id);
|
||||
$mask_xor = $template_user->ACL()->get_mask_xor($base_id);
|
||||
$mask_and = $this->app['acl']->get($template_user)->get_mask_and($base_id);
|
||||
$mask_xor = $this->app['acl']->get($template_user)->get_mask_xor($base_id);
|
||||
|
||||
$mask_and = ctype_digit($mask_and) ? $mask_and : '0';
|
||||
$mask_xor = ctype_digit($mask_xor) ? $mask_xor : '0';
|
||||
@@ -408,7 +408,7 @@ class ACL implements cache_cacheableInterface
|
||||
private function apply_template_time_limits(User_Interface $template_user, Array $base_ids)
|
||||
{
|
||||
foreach ($base_ids as $base_id) {
|
||||
$limited = $template_user->ACL()->get_limits($base_id);
|
||||
$limited = $this->app['acl']->get($template_user)->get_limits($base_id);
|
||||
if (null !== $limited) {
|
||||
$this->set_limits($base_id, '1', $limited['dmin'], $limited['dmax']);
|
||||
} else {
|
||||
|
||||
@@ -10,6 +10,7 @@
|
||||
*/
|
||||
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Silex\Application;
|
||||
|
||||
/**
|
||||
*
|
||||
|
||||
@@ -13,7 +13,6 @@ use Alchemy\Phrasea\Feed\Aggregate;
|
||||
use Alchemy\Phrasea\Feed\FeedInterface;
|
||||
use Alchemy\Phrasea\SearchEngine\SearchEngineOptions;
|
||||
use Alchemy\Phrasea\SearchEngine\SearchEngineSuggestion;
|
||||
use Alchemy\Phrasea\Application;
|
||||
use Alchemy\Phrasea\Border\File;
|
||||
use Alchemy\Phrasea\Border\Attribute\Status;
|
||||
use Alchemy\Phrasea\Border\Manager as BorderManager;
|
||||
@@ -26,6 +25,7 @@ use Alchemy\Phrasea\Model\Entities\LazaretFile;
|
||||
use Alchemy\Phrasea\Model\Entities\Task;
|
||||
use Alchemy\Phrasea\Model\Entities\UserQuery;
|
||||
use Alchemy\Phrasea\Model\Entities\ValidationParticipant;
|
||||
use Silex\Application;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
||||
|
||||
@@ -660,7 +660,7 @@ class API_V1_adapter extends API_V1_Abstract
|
||||
|
||||
$collection = \collection::get_from_base_id($this->app, $request->get('base_id'));
|
||||
|
||||
if (!$app['authentication']->getUser()->ACL()->has_right_on_base($request->get('base_id'), 'canaddrecord')) {
|
||||
if (!$app['acl']->get($app['authentication']->getUser())->has_right_on_base($request->get('base_id'), 'canaddrecord')) {
|
||||
throw new API_V1_exception_forbidden(sprintf('You do not have access to collection %s', $collection->get_label($this->app['locale.I18n'])));
|
||||
}
|
||||
|
||||
@@ -735,7 +735,7 @@ class API_V1_adapter extends API_V1_Abstract
|
||||
$offset_start = max($request->get('offset_start', 0), 0);
|
||||
$per_page = min(max($request->get('per_page', 10), 1), 20);
|
||||
|
||||
$baseIds = array_keys($app['authentication']->getUser()->ACL()->get_granted_base(array('canaddrecord')));
|
||||
$baseIds = array_keys($app['acl']->get($app['authentication']->getUser())->get_granted_base(array('canaddrecord')));
|
||||
|
||||
$lazaretFiles = array();
|
||||
|
||||
@@ -773,7 +773,7 @@ class API_V1_adapter extends API_V1_Abstract
|
||||
throw new \API_V1_exception_notfound(sprintf('Lazaret file id %d not found', $lazaret_id));
|
||||
}
|
||||
|
||||
if (!$app['authentication']->getUser()->ACL()->has_right_on_base($lazaretFile->getBaseId(), 'canaddrecord')) {
|
||||
if (!$app['acl']->get($app['authentication']->getUser())->has_right_on_base($lazaretFile->getBaseId(), 'canaddrecord')) {
|
||||
throw new \API_V1_exception_forbidden('You do not have access to this quarantine item');
|
||||
}
|
||||
|
||||
@@ -1477,7 +1477,7 @@ class API_V1_adapter extends API_V1_Abstract
|
||||
{
|
||||
$result = new API_V1_result($this->app, $request, $this);
|
||||
|
||||
$coll = $this->app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\Feed')->getAllForUser($user);
|
||||
$coll = $this->app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\Feed')->getAllForUser($this->app['acl']->get($user));
|
||||
|
||||
$datas = array();
|
||||
foreach ($coll as $feed) {
|
||||
@@ -1535,7 +1535,7 @@ class API_V1_adapter extends API_V1_Abstract
|
||||
{
|
||||
$result = new API_V1_result($this->app, $request, $this);
|
||||
|
||||
$feed = Aggregate::createFromUser($this->app['EM'], $user);
|
||||
$feed = Aggregate::createFromUser($this->app, $user);
|
||||
|
||||
$offset_start = (int) ($request->get('offset_start') ? : 0);
|
||||
$per_page = (int) ($request->get('per_page') ? : 5);
|
||||
@@ -1562,7 +1562,7 @@ class API_V1_adapter extends API_V1_Abstract
|
||||
|
||||
$collection = $entry->getFeed()->getCollection($this->app);
|
||||
|
||||
if (null !== $collection && !$user->ACL()->has_access_to_base($collection->get_base_id())) {
|
||||
if (null !== $collection && !$this->app['acl']->get($user)->has_access_to_base($collection->get_base_id())) {
|
||||
throw new \API_V1_exception_forbidden('You have not access to the parent feed');
|
||||
}
|
||||
|
||||
|
||||
@@ -101,7 +101,7 @@ class Session_Logger
|
||||
$colls = array();
|
||||
|
||||
if ($app['authentication']->getUser()) {
|
||||
$bases = $app['authentication']->getUser()->ACL()->get_granted_base(array(), array($databox->get_sbas_id()));
|
||||
$bases = $app['acl']->get($app['authentication']->getUser())->get_granted_base(array(), array($databox->get_sbas_id()));
|
||||
foreach ($bases as $collection) {
|
||||
$colls[] = $collection->get_coll_id();
|
||||
}
|
||||
@@ -224,7 +224,7 @@ class Session_Logger
|
||||
);
|
||||
|
||||
if (isset($appName[$appId])) {
|
||||
$sbas_ids = array_keys($user->ACL()->get_granted_sbas());
|
||||
$sbas_ids = array_keys($app['acl']->get($user)->get_granted_sbas());
|
||||
|
||||
foreach ($sbas_ids as $sbas_id) {
|
||||
try {
|
||||
|
||||
@@ -334,16 +334,6 @@ class User_Adapter implements User_Interface, cache_cacheableInterface
|
||||
return array_key_exists($id, self::$_instance) ? self::$_instance[$id] : false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return Access Control List object for the user
|
||||
*
|
||||
* @return ACL
|
||||
*/
|
||||
public function ACL()
|
||||
{
|
||||
return $this->get_ACL();
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @param Application $app
|
||||
@@ -351,8 +341,8 @@ class User_Adapter implements User_Interface, cache_cacheableInterface
|
||||
protected function set_app(Application $app)
|
||||
{
|
||||
$this->app = $app;
|
||||
if (null !== $this->ACL) {
|
||||
$this->ACL->set_app($app);
|
||||
if (null !== $app['acl']->get($this)) {
|
||||
$app['acl']->get($this)->set_app($app);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -404,20 +394,6 @@ class User_Adapter implements User_Interface, cache_cacheableInterface
|
||||
return $this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Load if needed of the ACL for the current user
|
||||
*
|
||||
* @return ACL
|
||||
*/
|
||||
protected function get_ACL()
|
||||
{
|
||||
if (!$this->ACL instanceof ACL) {
|
||||
$this->ACL = new ACL($this, $this->app);
|
||||
}
|
||||
|
||||
return $this->ACL;
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @return string
|
||||
@@ -1255,7 +1231,7 @@ class User_Adapter implements User_Interface, cache_cacheableInterface
|
||||
foreach ($app['phraseanet.appbox']->get_databoxes() as $databox) {
|
||||
foreach (array_keys($users) as $usr_id) {
|
||||
$user = User_Adapter::getInstance($usr_id, $app);
|
||||
$user->ACL()->give_access_to_sbas(array($databox->get_sbas_id()));
|
||||
$app['acl']->get($user)->give_access_to_sbas(array($databox->get_sbas_id()));
|
||||
|
||||
$rights = array(
|
||||
'bas_manage' => '1'
|
||||
@@ -1264,10 +1240,10 @@ class User_Adapter implements User_Interface, cache_cacheableInterface
|
||||
, 'bas_chupub' => '1'
|
||||
);
|
||||
|
||||
$user->ACL()->update_rights_to_sbas($databox->get_sbas_id(), $rights);
|
||||
$app['acl']->get($user)->update_rights_to_sbas($databox->get_sbas_id(), $rights);
|
||||
|
||||
foreach ($databox->get_collections() as $collection) {
|
||||
$user->ACL()->give_access_to_base(array($collection->get_base_id()));
|
||||
$app['acl']->get($user)->give_access_to_base(array($collection->get_base_id()));
|
||||
|
||||
$rights = array(
|
||||
'canputinalbum' => '1'
|
||||
@@ -1290,8 +1266,8 @@ class User_Adapter implements User_Interface, cache_cacheableInterface
|
||||
, 'bas_modify_struct' => '1'
|
||||
);
|
||||
|
||||
$user->ACL()->update_rights_to_base($collection->get_base_id(), $rights);
|
||||
$user->ACL()->set_limits($collection->get_base_id(), false);
|
||||
$app['acl']->get($user)->update_rights_to_base($collection->get_base_id(), $rights);
|
||||
$app['acl']->get($user)->set_limits($collection->get_base_id(), false);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -24,8 +24,6 @@ interface User_Interface
|
||||
|
||||
public function __construct($id, Application $app);
|
||||
|
||||
public function ACL();
|
||||
|
||||
public function set_password($pasword);
|
||||
|
||||
public function set_email($email);
|
||||
|
||||
@@ -525,8 +525,8 @@ class collection implements cache_cacheableInterface
|
||||
while ($n < $total) {
|
||||
$results = $query->limit($n, 50)->execute()->get_results();
|
||||
foreach ($results as $user) {
|
||||
$user->ACL()->delete_data_from_cache(ACL::CACHE_RIGHTS_SBAS);
|
||||
$user->ACL()->delete_data_from_cache(ACL::CACHE_RIGHTS_BAS);
|
||||
$app['acl']->get($user)->delete_data_from_cache(ACL::CACHE_RIGHTS_SBAS);
|
||||
$app['acl']->get($user)->delete_data_from_cache(ACL::CACHE_RIGHTS_BAS);
|
||||
}
|
||||
$n+=50;
|
||||
}
|
||||
@@ -626,7 +626,7 @@ class collection implements cache_cacheableInterface
|
||||
"modify_struct" => "1"
|
||||
);
|
||||
|
||||
$user->ACL()->update_rights_to_base($base_id, $rights);
|
||||
$this->app['acl']->get($user)->update_rights_to_base($base_id, $rights);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
@@ -445,9 +445,9 @@ class databox extends base
|
||||
while ($n < $total) {
|
||||
$results = $query->limit($n, 50)->execute()->get_results();
|
||||
foreach ($results as $user) {
|
||||
$user->ACL()->delete_data_from_cache(ACL::CACHE_RIGHTS_SBAS);
|
||||
$user->ACL()->delete_data_from_cache(ACL::CACHE_RIGHTS_BAS);
|
||||
$user->ACL()->delete_injected_rights_sbas($this);
|
||||
$this->app['acl']->get($user)->delete_data_from_cache(ACL::CACHE_RIGHTS_SBAS);
|
||||
$this->app['acl']->get($user)->delete_data_from_cache(ACL::CACHE_RIGHTS_BAS);
|
||||
$this->app['acl']->get($user)->delete_injected_rights_sbas($this);
|
||||
}
|
||||
$n+=50;
|
||||
}
|
||||
@@ -972,7 +972,7 @@ class databox extends base
|
||||
{
|
||||
$conn = connection::getPDOConnection($this->app);
|
||||
|
||||
$user->ACL()
|
||||
$this->app['acl']->get($user)
|
||||
->give_access_to_sbas(array($this->id))
|
||||
->update_rights_to_sbas(
|
||||
$this->id, array(
|
||||
@@ -1006,9 +1006,9 @@ class databox extends base
|
||||
}
|
||||
}
|
||||
|
||||
$user->ACL()->give_access_to_base($base_ids);
|
||||
$this->app['acl']->get($user)->give_access_to_base($base_ids);
|
||||
foreach ($base_ids as $base_id) {
|
||||
$user->ACL()->update_rights_to_base($base_id, array(
|
||||
$this->app['acl']->get($user)->update_rights_to_base($base_id, array(
|
||||
'canpush' => 1, 'cancmd' => 1
|
||||
, 'canputinalbum' => 1, 'candwnldhd' => 1, 'candwnldpreview' => 1, 'canadmin' => 1
|
||||
, 'actif' => 1, 'canreport' => 1, 'canaddrecord' => 1, 'canmodifrecord' => 1
|
||||
|
||||
@@ -64,7 +64,7 @@ class databox_cgu
|
||||
$userValidation = true;
|
||||
|
||||
if (! $home) {
|
||||
if ( ! $app['authentication']->getUser()->ACL()->has_access_to_sbas($databox->get_sbas_id())) {
|
||||
if ( ! $app['acl']->get($app['authentication']->getUser())->has_access_to_sbas($databox->get_sbas_id())) {
|
||||
continue;
|
||||
}
|
||||
$userValidation = ($app['authentication']->getUser()->getPrefs('terms_of_use_' . $databox->get_sbas_id()) !== $update && trim($value) !== '');
|
||||
|
||||
@@ -136,7 +136,7 @@ class databox_status
|
||||
return self::$_statuses;
|
||||
}
|
||||
|
||||
$sbas_ids = $app['authentication']->getUser()->ACL()->get_granted_sbas();
|
||||
$sbas_ids = $app['acl']->get($app['authentication']->getUser())->get_granted_sbas();
|
||||
|
||||
$statuses = array();
|
||||
|
||||
@@ -157,7 +157,7 @@ class databox_status
|
||||
{
|
||||
$statuses = array();
|
||||
|
||||
$sbas_ids = $app['authentication']->getUser()->ACL()->get_granted_sbas();
|
||||
$sbas_ids = $app['acl']->get($app['authentication']->getUser())->get_granted_sbas();
|
||||
|
||||
$see_all = array();
|
||||
|
||||
@@ -165,7 +165,7 @@ class databox_status
|
||||
$see_all[$databox->get_sbas_id()] = false;
|
||||
|
||||
foreach ($databox->get_collections() as $collection) {
|
||||
if ($app['authentication']->getUser()->ACL()->has_right_on_base($collection->get_base_id(), 'chgstatus')) {
|
||||
if ($app['acl']->get($app['authentication']->getUser())->has_right_on_base($collection->get_base_id(), 'chgstatus')) {
|
||||
$see_all[$databox->get_sbas_id()] = true;
|
||||
break;
|
||||
}
|
||||
@@ -183,7 +183,7 @@ class databox_status
|
||||
|
||||
$see_this = isset($see_all[$sbas_id]) ? $see_all[$sbas_id] : false;
|
||||
|
||||
if ($app['authentication']->getUser()->ACL()->has_right_on_sbas($sbas_id, 'bas_modify_struct')) {
|
||||
if ($app['acl']->get($app['authentication']->getUser())->has_right_on_sbas($sbas_id, 'bas_modify_struct')) {
|
||||
$see_this = true;
|
||||
}
|
||||
|
||||
|
||||
@@ -225,7 +225,7 @@ class eventsmanager_notify_autoregister extends eventsmanager_notifyAbstract
|
||||
return false;
|
||||
}
|
||||
|
||||
if ($this->app['authentication']->getUser()->ACL()->has_right('manageusers') === true) {
|
||||
if ($this->app['acl']->get($this->app['authentication']->getUser())->has_right('manageusers') === true) {
|
||||
$bool = true;
|
||||
}
|
||||
|
||||
|
||||
@@ -192,7 +192,7 @@ class eventsmanager_notify_order extends eventsmanager_notifyAbstract
|
||||
return false;
|
||||
}
|
||||
|
||||
if ($this->app['authentication']->getUser()->ACL()->has_right('order_master')) {
|
||||
if ($this->app['acl']->get($this->app['authentication']->getUser())->has_right('order_master')) {
|
||||
$bool = true;
|
||||
}
|
||||
|
||||
|
||||
@@ -204,7 +204,7 @@ class eventsmanager_notify_register extends eventsmanager_notifyAbstract
|
||||
return false;
|
||||
}
|
||||
|
||||
if ($this->app['authentication']->getUser()->ACL()->has_right('manageusers')) {
|
||||
if ($this->app['acl']->get($this->app['authentication']->getUser())->has_right('manageusers')) {
|
||||
$bool = true;
|
||||
}
|
||||
|
||||
|
||||
@@ -188,7 +188,7 @@ class eventsmanager_notify_uploadquarantine extends eventsmanager_notifyAbstract
|
||||
public function is_available()
|
||||
{
|
||||
if (null !== $this->app['authentication']->getUser()) {
|
||||
return $this->app['authentication']->getUser()->ACL()->has_right('addrecord');
|
||||
return $this->app['acl']->get($this->app['authentication']->getUser())->has_right('addrecord');
|
||||
}
|
||||
|
||||
return false;
|
||||
|
||||
@@ -189,7 +189,7 @@ class eventsmanager_notify_validationdone extends eventsmanager_notifyAbstract
|
||||
return false;
|
||||
}
|
||||
|
||||
if ($this->app['authentication']->getUser()->ACL()->has_right('push')) {
|
||||
if ($this->app['acl']->get($this->app['authentication']->getUser())->has_right('push')) {
|
||||
$bool = true;
|
||||
}
|
||||
|
||||
|
||||
@@ -241,7 +241,7 @@ class module_report_dashboard implements module_report_dashboard_componentInterf
|
||||
{
|
||||
$all_coll = array();
|
||||
|
||||
$base_ids = $this->usr->ACL()->get_granted_base(array('canreport'));
|
||||
$base_ids = $this->app['acl']->get($this->usr)->get_granted_base(array('canreport'));
|
||||
|
||||
foreach ($base_ids as $base_id => $collection) {
|
||||
$databox = $collection->get_databox();
|
||||
|
||||
@@ -207,7 +207,7 @@ class patch_320f implements patchInterface
|
||||
$app['EM']->flush();
|
||||
|
||||
} elseif ($pub_restrict == 1) {
|
||||
$collections = $user->ACL()->get_granted_base();
|
||||
$collections = $app['acl']->get($user)->get_granted_base();
|
||||
$collection = array_shift($collections);
|
||||
if ( ! ($collection instanceof collection)) {
|
||||
foreach ($appbox->get_databoxes() as $databox) {
|
||||
|
||||
@@ -400,7 +400,7 @@ class record_adapter implements record_Interface, cache_cacheableInterface
|
||||
if (isset($dstatus[$sbas_id])) {
|
||||
foreach ($dstatus[$sbas_id] as $n => $statbit) {
|
||||
if ($statbit['printable'] == '0' &&
|
||||
!$this->app['authentication']->getUser()->ACL()->has_right_on_base($this->base_id, 'chgstatus')) {
|
||||
!$this->app['acl']->get($this->app['authentication']->getUser())->has_right_on_base($this->base_id, 'chgstatus')) {
|
||||
continue;
|
||||
}
|
||||
|
||||
|
||||
@@ -107,17 +107,17 @@ class record_exportElement extends record_adapter
|
||||
'thumbnail' => true
|
||||
);
|
||||
|
||||
if ($this->app['authentication']->getUser()->ACL()->has_right_on_base($this->get_base_id(), 'candwnldhd')) {
|
||||
if ($this->app['acl']->get($this->app['authentication']->getUser())->has_right_on_base($this->get_base_id(), 'candwnldhd')) {
|
||||
$go_dl['document'] = true;
|
||||
}
|
||||
if ($this->app['authentication']->getUser()->ACL()->has_right_on_base($this->get_base_id(), 'candwnldpreview')) {
|
||||
if ($this->app['acl']->get($this->app['authentication']->getUser())->has_right_on_base($this->get_base_id(), 'candwnldpreview')) {
|
||||
$go_dl['preview'] = true;
|
||||
}
|
||||
if ($this->app['authentication']->getUser()->ACL()->has_hd_grant($this)) {
|
||||
if ($this->app['acl']->get($this->app['authentication']->getUser())->has_hd_grant($this)) {
|
||||
$go_dl['document'] = true;
|
||||
$go_dl['preview'] = true;
|
||||
}
|
||||
if ($this->app['authentication']->getUser()->ACL()->has_preview_grant($this)) {
|
||||
if ($this->app['acl']->get($this->app['authentication']->getUser())->has_preview_grant($this)) {
|
||||
$go_dl['preview'] = true;
|
||||
}
|
||||
|
||||
@@ -127,14 +127,14 @@ class record_exportElement extends record_adapter
|
||||
->who_have_right(array('order_master'))
|
||||
->execute()->get_results();
|
||||
|
||||
$go_cmd = (count($masters) > 0 && $this->app['authentication']->getUser()->ACL()->has_right_on_base($this->base_id, 'cancmd'));
|
||||
$go_cmd = (count($masters) > 0 && $this->app['acl']->get($this->app['authentication']->getUser())->has_right_on_base($this->base_id, 'cancmd'));
|
||||
|
||||
$orderable['document'] = false;
|
||||
$downloadable['document'] = false;
|
||||
|
||||
if (isset($sd['document']) && is_file($sd['document']->get_pathfile())) {
|
||||
if ($go_dl['document'] === true) {
|
||||
if ($this->app['authentication']->getUser()->ACL()->is_restricted_download($this->base_id)) {
|
||||
if ($this->app['acl']->get($this->app['authentication']->getUser())->is_restricted_download($this->base_id)) {
|
||||
$this->remain_hd --;
|
||||
if ($this->remain_hd >= 0)
|
||||
$downloadable['document'] = array(
|
||||
@@ -182,7 +182,7 @@ class record_exportElement extends record_adapter
|
||||
if (isset($sd[$name]) && $sd[$name]->is_physically_present()) {
|
||||
if ($class == 'document') {
|
||||
|
||||
if ($this->app['authentication']->getUser()->ACL()->is_restricted_download($this->base_id)) {
|
||||
if ($this->app['acl']->get($this->app['authentication']->getUser())->is_restricted_download($this->base_id)) {
|
||||
$this->remain_hd --;
|
||||
if ($this->remain_hd >= 0)
|
||||
$downloadable[$name] = array(
|
||||
|
||||
@@ -337,7 +337,7 @@ class record_preview extends record_adapter
|
||||
|
||||
$tab = array();
|
||||
|
||||
$report = $this->app['authentication']->getUser()->ACL()->has_right_on_base($this->get_base_id(), 'canreport');
|
||||
$report = $this->app['acl']->get($this->app['authentication']->getUser())->has_right_on_base($this->get_base_id(), 'canreport');
|
||||
|
||||
$connsbas = connection::getPDOConnection($this->app, $this->get_sbas_id());
|
||||
|
||||
@@ -420,7 +420,7 @@ class record_preview extends record_adapter
|
||||
return $this->view_popularity;
|
||||
}
|
||||
|
||||
$report = $this->app['authentication']->getUser()->ACL()->has_right_on_base(
|
||||
$report = $this->app['acl']->get($this->app['authentication']->getUser())->has_right_on_base(
|
||||
$this->get_base_id(), 'canreport');
|
||||
|
||||
if ( ! $report && ! $this->app['phraseanet.registry']->get('GV_google_api')) {
|
||||
@@ -509,7 +509,7 @@ class record_preview extends record_adapter
|
||||
return $this->refferer_popularity;
|
||||
}
|
||||
|
||||
$report = $this->app['authentication']->getUser()->ACL()->has_right_on_base(
|
||||
$report = $this->app['acl']->get($this->app['authentication']->getUser())->has_right_on_base(
|
||||
$this->get_base_id(), 'canreport');
|
||||
|
||||
if ( ! $report && ! $this->app['phraseanet.registry']->get('GV_google_api')) {
|
||||
@@ -581,7 +581,7 @@ class record_preview extends record_adapter
|
||||
return $this->download_popularity;
|
||||
}
|
||||
|
||||
$report = $this->app['authentication']->getUser()->ACL()->has_right_on_base($this->get_base_id(), 'canreport');
|
||||
$report = $this->app['acl']->get($this->app['authentication']->getUser())->has_right_on_base($this->get_base_id(), 'canreport');
|
||||
|
||||
$ret = false;
|
||||
if ( ! $report && ! $this->app['phraseanet.registry']->get('GV_google_api')) {
|
||||
|
||||
@@ -69,8 +69,8 @@ class set_export extends set_abstract
|
||||
$record_id = $basket_element->getRecord($this->app)->get_record_id();
|
||||
|
||||
if (!isset($remain_hd[$base_id])) {
|
||||
if ($app['authentication']->getUser()->ACL()->is_restricted_download($base_id)) {
|
||||
$remain_hd[$base_id] = $app['authentication']->getUser()->ACL()->remaining_download($base_id);
|
||||
if ($app['acl']->get($app['authentication']->getUser())->is_restricted_download($base_id)) {
|
||||
$remain_hd[$base_id] = $app['acl']->get($app['authentication']->getUser())->remaining_download($base_id);
|
||||
} else {
|
||||
$remain_hd[$base_id] = false;
|
||||
}
|
||||
@@ -109,8 +109,8 @@ class set_export extends set_abstract
|
||||
$record_id = $child_basrec->get_record_id();
|
||||
|
||||
if (!isset($remain_hd[$base_id])) {
|
||||
if ($app['authentication']->getUser()->ACL()->is_restricted_download($base_id)) {
|
||||
$remain_hd[$base_id] = $app['authentication']->getUser()->ACL()->remaining_download($base_id);
|
||||
if ($app['acl']->get($app['authentication']->getUser())->is_restricted_download($base_id)) {
|
||||
$remain_hd[$base_id] = $app['acl']->get($app['authentication']->getUser())->remaining_download($base_id);
|
||||
} else {
|
||||
$remain_hd[$base_id] = false;
|
||||
}
|
||||
@@ -132,8 +132,8 @@ class set_export extends set_abstract
|
||||
$record_id = $record->get_record_id();
|
||||
|
||||
if (!isset($remain_hd[$base_id])) {
|
||||
if ($app['authentication']->getUser()->ACL()->is_restricted_download($base_id)) {
|
||||
$remain_hd[$base_id] = $app['authentication']->getUser()->ACL()->remaining_download($base_id);
|
||||
if ($app['acl']->get($app['authentication']->getUser())->is_restricted_download($base_id)) {
|
||||
$remain_hd[$base_id] = $app['acl']->get($app['authentication']->getUser())->remaining_download($base_id);
|
||||
} else {
|
||||
$remain_hd[$base_id] = false;
|
||||
}
|
||||
@@ -167,7 +167,7 @@ class set_export extends set_abstract
|
||||
$this->businessFieldsAccess = false;
|
||||
|
||||
foreach ($this->elements as $download_element) {
|
||||
if ($app['authentication']->getUser()->ACL()->has_right_on_base($download_element->get_base_id(), 'canmodifrecord')) {
|
||||
if ($app['acl']->get($app['authentication']->getUser())->has_right_on_base($download_element->get_base_id(), 'canmodifrecord')) {
|
||||
$this->businessFieldsAccess = true;
|
||||
}
|
||||
|
||||
@@ -219,11 +219,11 @@ class set_export extends set_abstract
|
||||
|
||||
$display_ftp = array();
|
||||
|
||||
$hasadminright = $app['authentication']->getUser()->ACL()->has_right('addrecord')
|
||||
|| $app['authentication']->getUser()->ACL()->has_right('deleterecord')
|
||||
|| $app['authentication']->getUser()->ACL()->has_right('modifyrecord')
|
||||
|| $app['authentication']->getUser()->ACL()->has_right('coll_manage')
|
||||
|| $app['authentication']->getUser()->ACL()->has_right('coll_modify_struct');
|
||||
$hasadminright = $app['acl']->get($app['authentication']->getUser())->has_right('addrecord')
|
||||
|| $app['acl']->get($app['authentication']->getUser())->has_right('deleterecord')
|
||||
|| $app['acl']->get($app['authentication']->getUser())->has_right('modifyrecord')
|
||||
|| $app['acl']->get($app['authentication']->getUser())->has_right('coll_manage')
|
||||
|| $app['acl']->get($app['authentication']->getUser())->has_right('coll_modify_struct');
|
||||
|
||||
$this->ftp_datas = array();
|
||||
|
||||
@@ -231,7 +231,7 @@ class set_export extends set_abstract
|
||||
$display_ftp = $display_download;
|
||||
$this->total_ftp = $this->total_download;
|
||||
|
||||
$lst_base_id = array_keys($app['authentication']->getUser()->ACL()->get_granted_base());
|
||||
$lst_base_id = array_keys($app['acl']->get($app['authentication']->getUser())->get_granted_base());
|
||||
|
||||
if ($hasadminright) {
|
||||
$sql = "SELECT usr.usr_id,usr_login,usr.usr_mail, FtpCredential.*
|
||||
@@ -432,7 +432,7 @@ class set_export extends set_abstract
|
||||
|
||||
$BF = false;
|
||||
|
||||
if ($includeBusinessFields && $user->ACL()->has_right_on_base($download_element->get_base_id(), 'canmodifrecord')) {
|
||||
if ($includeBusinessFields && $this->app['acl']->get($user)->has_right_on_base($download_element->get_base_id(), 'canmodifrecord')) {
|
||||
$BF = true;
|
||||
}
|
||||
|
||||
@@ -515,8 +515,8 @@ class set_export extends set_abstract
|
||||
'path' => $sd[$name]->get_path()
|
||||
, 'file' => $sd[$name]->get_file()
|
||||
);
|
||||
if (!$user->ACL()->has_right_on_base($download_element->get_base_id(), "nowatermark")
|
||||
&& !$user->ACL()->has_preview_grant($download_element)
|
||||
if (!$this->app['acl']->get($user)->has_right_on_base($download_element->get_base_id(), "nowatermark")
|
||||
&& !$this->app['acl']->get($user)->has_preview_grant($download_element)
|
||||
&& $sd[$name]->get_type() == media_subdef::TYPE_IMAGE) {
|
||||
$path = recordutils_image::watermark($this->app, $sd[$name]);
|
||||
if (file_exists($path)) {
|
||||
@@ -792,7 +792,7 @@ class set_export extends set_abstract
|
||||
$log["shortXml"] = $record_object->get_caption()->serialize(caption_record::SERIALIZE_XML);
|
||||
$tmplog[$record_object->get_base_id()][] = $log;
|
||||
if (!$anonymous && $o == 'document') {
|
||||
$app['authentication']->getUser()->ACL()->remove_remaining($record_object->get_base_id());
|
||||
$app['acl']->get($app['authentication']->getUser())->remove_remaining($record_object->get_base_id());
|
||||
}
|
||||
}
|
||||
|
||||
@@ -810,11 +810,11 @@ class set_export extends set_abstract
|
||||
$stmt = $app['phraseanet.appbox']->get_connection()->prepare($sql);
|
||||
|
||||
foreach ($list_base as $base_id) {
|
||||
if ($app['authentication']->getUser()->ACL()->is_restricted_download($base_id)) {
|
||||
if ($app['acl']->get($app['authentication']->getUser())->is_restricted_download($base_id)) {
|
||||
$params = array(
|
||||
':remain_dl' => $app['authentication']->getUser()->ACL()->remaining_download($base_id)
|
||||
':remain_dl' => $app['acl']->get($app['authentication']->getUser())->remaining_download($base_id)
|
||||
, ':base_id' => $base_id
|
||||
, ':usr_id' => $app['authentication']->getUser()->get_id()
|
||||
, ':usr_id' => $app['acl']->get($app['authentication']->getUser())->get_id()
|
||||
);
|
||||
|
||||
$stmt->execute($params);
|
||||
|
||||
@@ -63,26 +63,26 @@ class set_selection extends set_abstract
|
||||
$sbas_id = $record->get_sbas_id();
|
||||
$record_id = $record->get_record_id();
|
||||
if (! $rights) {
|
||||
if ($this->app['authentication']->getUser()->ACL()->has_hd_grant($record)) {
|
||||
if ($this->app['acl']->get($this->app['authentication']->getUser())->has_hd_grant($record)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
if ($this->app['authentication']->getUser()->ACL()->has_preview_grant($record)) {
|
||||
if ($this->app['acl']->get($this->app['authentication']->getUser())->has_preview_grant($record)) {
|
||||
continue;
|
||||
}
|
||||
if ( ! $this->app['authentication']->getUser()->ACL()->has_access_to_base($base_id)) {
|
||||
if ( ! $this->app['acl']->get($this->app['authentication']->getUser())->has_access_to_base($base_id)) {
|
||||
$to_remove[] = $id;
|
||||
continue;
|
||||
}
|
||||
} else {
|
||||
foreach ($rights as $right) {
|
||||
if ( ! $this->app['authentication']->getUser()->ACL()->has_right_on_base($base_id, $right)) {
|
||||
if ( ! $this->app['acl']->get($this->app['authentication']->getUser())->has_right_on_base($base_id, $right)) {
|
||||
$to_remove[] = $id;
|
||||
continue;
|
||||
}
|
||||
}
|
||||
foreach ($sbas_rights as $right) {
|
||||
if ( ! $this->app['authentication']->getUser()->ACL()->has_right_on_sbas($sbas_id, $right)) {
|
||||
if ( ! $this->app['acl']->get($this->app['authentication']->getUser())->has_right_on_sbas($sbas_id, $right)) {
|
||||
$to_remove[] = $id;
|
||||
continue;
|
||||
}
|
||||
@@ -94,8 +94,8 @@ class set_selection extends set_abstract
|
||||
|
||||
$sql = 'SELECT record_id
|
||||
FROM record
|
||||
WHERE ((status ^ ' . $this->app['authentication']->getUser()->ACL()->get_mask_xor($base_id) . ')
|
||||
& ' . $this->app['authentication']->getUser()->ACL()->get_mask_and($base_id) . ')=0
|
||||
WHERE ((status ^ ' . $this->app['acl']->get($this->app['authentication']->getUser())->get_mask_xor($base_id) . ')
|
||||
& ' . $this->app['acl']->get($this->app['authentication']->getUser())->get_mask_and($base_id) . ')=0
|
||||
AND record_id = :record_id';
|
||||
|
||||
$stmt = $connsbas->prepare($sql);
|
||||
|
||||
Reference in New Issue
Block a user