hazza/Phraseanet
1
0
Fork 0
mirror of https://github.com/alchemy-fr/Phraseanet.git synced 2025-10-14 21:43:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #734 from nlegoff/acl_service

Browse Source 
[3.9] Add ACL as a service
This commit is contained in:
Romain Neutron
2013-11-05 08:08:09 -08:00
parent f27fa53d4c 43a2e75c0f
commit 3fbd4a7daa
124 changed files with 792 additions and 658 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/Alchemy/Phrasea/Application.php
View File

@@ -736,7 +736,7 @@ class Application extends SilexApplication
return false; return false;
} }
return count(\User_Adapter::getInstance($usrId, $this)->ACL()->get_granted_base()) > 0; return count($this['acl']->get(\User_Adapter::getInstance($usrId, $this))->get_granted_base()) > 0;
} }
/** /**

92
lib/Alchemy/Phrasea/Authentication/ACLProvider.php Normal file
View File

@@ -0,0 +1,92 @@
<?php
/*
* This file is part of Phraseanet
*
* (c) 2005-2013 Alchemy
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace Alchemy\Phrasea\Authentication;
use Alchemy\Phrasea\Model\Entities\User;
use Silex\Application;
class ACLProvider
{
/**
* An array cache for ACL's.
*
* @var array
*/
private static $cache = array();
private $app;
public function __construct(Application $app)
{
$this->app = $app;
}
/**
* Gets ACL for user.
*
* @param User $user
*
* @return \ACL
*/
public function get(\User_Adapter $user)
{
if (null !== $acl = $this->fetchFromCache($user)) {
return $acl;
}
return $this->fetch($user);
}
/**
* Purges ACL cache
*/
public function purge()
{
self::$cache = array();
}
/**
* Fetchs ACL from cache for users.
*
* @param User $user
*
* @return null || \ACL
*/
private function fetchFromCache(\User_Adapter $user)
{
return $this->hasCache($user) ? self::$cache[$user->get_id()] : null;
}
/**
* Tells whether ACL for user is already cached.
*
* @param User $user
*
* @return boolean
*/
private function hasCache(\User_Adapter $user)
{
return isset(self::$cache[$user->get_id()]);
}
/**
* Saves user's ACL in cache and returns it.
*
* @param User $user
*
* @return \ACL
*/
private function fetch(\User_Adapter $user)
{
return self::$cache[$user->get_id()] = new \ACL($user, $this->app);
}
}

2
lib/Alchemy/Phrasea/Authentication/AccountCreator.php
View File

@@ -89,7 +89,7 @@ class AccountCreator
} }
foreach (array_merge($this->templates, $templates) as $template) { foreach (array_merge($this->templates, $templates) as $template) {
$user->ACL()->apply_model($template, $base_ids); $app['acl']->get($user)->apply_model($template, $base_ids);
} }
return $user; return $user;

4
lib/Alchemy/Phrasea/Authentication/Authenticator.php
View File

@@ -78,7 +78,7 @@ class Authenticator
$this->session->set('session_id', $session->getId()); $this->session->set('session_id', $session->getId());
foreach ($user->ACL()->get_granted_sbas() as $databox) { foreach ($this->app['acl']->get($user)->get_granted_sbas() as $databox) {
\cache_databox::insertClient($this->app, $databox); \cache_databox::insertClient($this->app, $databox);
} }
$this->reinitUser(); $this->reinitUser();
@@ -102,7 +102,7 @@ class Authenticator
$this->session->set('usr_id', $session->getUsrId()); $this->session->set('usr_id', $session->getUsrId());
$this->session->set('session_id', $session->getId()); $this->session->set('session_id', $session->getId());
foreach ($user->ACL()->get_granted_sbas() as $databox) { foreach ($this->app['acl']->get($user)->get_granted_sbas() as $databox) {
\cache_databox::insertClient($this->app, $databox); \cache_databox::insertClient($this->app, $databox);
} }

4
lib/Alchemy/Phrasea/Command/CreateCollection.php
View File

@@ -47,7 +47,7 @@ class CreateCollection extends Command
$databox = $this->container['phraseanet.appbox'] $databox = $this->container['phraseanet.appbox']
->get_databox((int) $input->getArgument('databox_id')); ->get_databox((int) $input->getArgument('databox_id'));
$new_collection = \collection::create($app, $databox, $this->container['phraseanet.appbox'], $input->getArgument('collname')); $new_collection = \collection::create($this->container, $databox, $this->container['phraseanet.appbox'], $input->getArgument('collname'));
if ($new_collection && $input->getOption('base_id_rights')) { if ($new_collection && $input->getOption('base_id_rights')) {
@@ -58,7 +58,7 @@ class CreateCollection extends Command
while ($n < $total) { while ($n < $total) {
$results = $query->limit($n, 40)->execute()->get_results(); $results = $query->limit($n, 40)->execute()->get_results();
foreach ($results as $user) { foreach ($results as $user) {
$user->ACL()->duplicate_right_from_bas($input->getOption('base_id_rights'), $new_collection->get_base_id()); $this->container['acl']->get($user)->duplicate_right_from_bas($input->getOption('base_id_rights'), $new_collection->get_base_id());
} }
$n+=40; $n+=40;
} }

6
lib/Alchemy/Phrasea/Controller/Admin/Collection.php
View File

@@ -132,7 +132,7 @@ class Collection implements ControllerProviderInterface
$admins = array(); $admins = array();
if ($app['authentication']->getUser()->ACL()->has_right_on_base($bas_id, 'manage')) { if ($app['acl']->get($app['authentication']->getUser())->has_right_on_base($bas_id, 'manage')) {
$query = new \User_Query($app); $query = new \User_Query($app);
$admins = $query->on_base_ids(array($bas_id)) $admins = $query->on_base_ids(array($bas_id))
->who_have_right(array('order_master')) ->who_have_right(array('order_master'))
@@ -194,12 +194,12 @@ class Collection implements ControllerProviderInterface
->execute()->get_results(); ->execute()->get_results();
foreach ($result as $user) { foreach ($result as $user) {
$user->ACL()->update_rights_to_base($bas_id, array('order_master' => false)); $app['acl']->get($user)->update_rights_to_base($bas_id, array('order_master' => false));
} }
foreach (array_filter($newAdmins) as $admin) { foreach (array_filter($newAdmins) as $admin) {
$user = \User_Adapter::getInstance($admin, $app); $user = \User_Adapter::getInstance($admin, $app);
$user->ACL()->update_rights_to_base($bas_id, array('order_master' => true)); $app['acl']->get($user)->update_rights_to_base($bas_id, array('order_master' => true));
} }
$conn->commit(); $conn->commit();

6
lib/Alchemy/Phrasea/Controller/Admin/Databox.php
View File

@@ -409,7 +409,7 @@ class Databox implements ControllerProviderInterface
$results = $query->limit($n, 50)->execute()->get_results(); $results = $query->limit($n, 50)->execute()->get_results();
foreach ($results as $user) { foreach ($results as $user) {
$user->ACL()->duplicate_right_from_bas($othCollSel, $baseId); $app['acl']->get($user)->duplicate_right_from_bas($othCollSel, $baseId);
} }
$n += 50; $n += 50;
@@ -725,7 +725,7 @@ class Databox implements ControllerProviderInterface
public function getReorder(Application $app, Request $request, $databox_id) public function getReorder(Application $app, Request $request, $databox_id)
{ {
return $app['twig']->render('admin/collection/reorder.html.twig', array( return $app['twig']->render('admin/collection/reorder.html.twig', array(
'collections' => $app['authentication']->getUser()->ACL()->get_granted_base(array(), array($databox_id)), 'collections' => $app['acl']->get($app['authentication']->getUser())->get_granted_base(array(), array($databox_id)),
)); ));
} }
@@ -805,7 +805,7 @@ class Databox implements ControllerProviderInterface
while ($n < $total) { while ($n < $total) {
$results = $query->limit($n, 20)->execute()->get_results(); $results = $query->limit($n, 20)->execute()->get_results();
foreach ($results as $user) { foreach ($results as $user) {
$user->ACL()->duplicate_right_from_bas($othcollsel, $collection->get_base_id()); $app['acl']->get($user)->duplicate_right_from_bas($othcollsel, $collection->get_base_id());
} }
$n += 20; $n += 20;
} }

6
lib/Alchemy/Phrasea/Controller/Admin/Databoxes.php
View File

@@ -69,8 +69,8 @@ class Databoxes implements ControllerProviderInterface
public function getDatabases(Application $app, Request $request) public function getDatabases(Application $app, Request $request)
{ {
$sbasIds = array_merge( $sbasIds = array_merge(
array_keys($app['authentication']->getUser()->ACL()->get_granted_sbas(array('bas_manage'))) array_keys($app['acl']->get($app['authentication']->getUser())->get_granted_sbas(array('bas_manage')))
, array_keys($app['authentication']->getUser()->ACL()->get_granted_sbas(array('bas_modify_struct'))) , array_keys($app['acl']->get($app['authentication']->getUser())->get_granted_sbas(array('bas_modify_struct')))
); );
$sbas = array(); $sbas = array();
@@ -177,7 +177,7 @@ class Databoxes implements ControllerProviderInterface
try { try {
$base = \databox::create($app, $connbas, $dataTemplate, $app['phraseanet.registry']); $base = \databox::create($app, $connbas, $dataTemplate, $app['phraseanet.registry']);
$base->registerAdmin($app['authentication']->getUser()); $base->registerAdmin($app['authentication']->getUser());
$app['authentication']->getUser()->ACL()->delete_data_from_cache(); $app['acl']->get($app['authentication']->getUser())->delete_data_from_cache();
return $app->redirectPath('admin_database', array('databox_id' => $base->get_sbas_id(), 'success' => 1, 'reload-tree' => 1)); return $app->redirectPath('admin_database', array('databox_id' => $base->get_sbas_id(), 'success' => 1, 'reload-tree' => 1));
} catch (\Exception $e) { } catch (\Exception $e) {

2
lib/Alchemy/Phrasea/Controller/Admin/Publications.php
View File

@@ -38,7 +38,7 @@ class Publications implements ControllerProviderInterface
$controllers->get('/list/', function (PhraseaApplication $app) { $controllers->get('/list/', function (PhraseaApplication $app) {
$feeds = $app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\Feed')->getAllForUser( $feeds = $app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\Feed')->getAllForUser(
$app['authentication']->getUser() $app['acl']->get($app['authentication']->getUser())
); );
return $app['twig'] return $app['twig']

24
lib/Alchemy/Phrasea/Controller/Admin/Root.php
View File

@@ -30,11 +30,11 @@ class Root implements ControllerProviderInterface
$controllers = $app['controllers_factory']; $controllers = $app['controllers_factory'];
$controllers->before(function (Request $request) use ($app) { $controllers->before(function(Request $request) use ($app) {
$app['firewall']->requireAccessToModule('admin'); $app['firewall']->requireAccessToModule('admin');
}); });
$controllers->get('/', function (Application $app, Request $request) { $controllers->get('/', function(Application $app, Request $request) {
try { try {
\Session_Logger::updateClientInfos($app, 3); \Session_Logger::updateClientInfos($app, 3);
} catch (SessionNotFound $e) { } catch (SessionNotFound $e) {
@@ -70,7 +70,7 @@ class Root implements ControllerProviderInterface
$databoxes = $off_databoxes = array(); $databoxes = $off_databoxes = array();
foreach ($app['phraseanet.appbox']->get_databoxes() as $databox) { foreach ($app['phraseanet.appbox']->get_databoxes() as $databox) {
try { try {
if (!$app['authentication']->getUser()->ACL()->has_access_to_sbas($databox->get_sbas_id())) { if (!$app['acl']->get($app['authentication']->getUser())->has_access_to_sbas($databox->get_sbas_id())) {
continue; continue;
} }
$databox->get_connection(); $databox->get_connection();
@@ -139,7 +139,7 @@ class Root implements ControllerProviderInterface
$databoxes = $off_databoxes = array(); $databoxes = $off_databoxes = array();
foreach ($app['phraseanet.appbox']->get_databoxes() as $databox) { foreach ($app['phraseanet.appbox']->get_databoxes() as $databox) {
try { try {
if (!$app['authentication']->getUser()->ACL()->has_access_to_sbas($databox->get_sbas_id())) { if (!$app['acl']->get($app['authentication']->getUser())->has_access_to_sbas($databox->get_sbas_id())) {
continue; continue;
} }
@@ -197,7 +197,7 @@ class Root implements ControllerProviderInterface
->bind('admin_test_paths'); ->bind('admin_test_paths');
$controllers->get('/structure/{databox_id}/', function (Application $app, Request $request, $databox_id) { $controllers->get('/structure/{databox_id}/', function (Application $app, Request $request, $databox_id) {
if (!$app['authentication']->getUser()->ACL()->has_right_on_sbas($databox_id, 'bas_modify_struct')) { if (!$app['acl']->get($app['authentication']->getUser())->has_right_on_sbas($databox_id, 'bas_modify_struct')) {
$app->abort(403); $app->abort(403);
} }
@@ -224,7 +224,7 @@ class Root implements ControllerProviderInterface
->bind('database_display_stucture'); ->bind('database_display_stucture');
$controllers->post('/structure/{databox_id}/', function (Application $app, Request $request, $databox_id) { $controllers->post('/structure/{databox_id}/', function (Application $app, Request $request, $databox_id) {
if (!$app['authentication']->getUser()->ACL()->has_right_on_sbas($databox_id, 'bas_modify_struct')) { if (!$app['acl']->get($app['authentication']->getUser())->has_right_on_sbas($databox_id, 'bas_modify_struct')) {
$app->abort(403); $app->abort(403);
} }
@@ -250,7 +250,7 @@ class Root implements ControllerProviderInterface
->bind('database_submit_stucture'); ->bind('database_submit_stucture');
$controllers->get('/statusbit/{databox_id}/', function (Application $app, Request $request, $databox_id) { $controllers->get('/statusbit/{databox_id}/', function (Application $app, Request $request, $databox_id) {
if (!$app['authentication']->getUser()->ACL()->has_right_on_sbas($databox_id, 'bas_modify_struct')) { if (!$app['acl']->get($app['authentication']->getUser())->has_right_on_sbas($databox_id, 'bas_modify_struct')) {
$app->abort(403); $app->abort(403);
} }
@@ -261,7 +261,7 @@ class Root implements ControllerProviderInterface
->bind('database_display_statusbit'); ->bind('database_display_statusbit');
$controllers->get('/statusbit/{databox_id}/status/{bit}/', function (Application $app, Request $request, $databox_id, $bit) { $controllers->get('/statusbit/{databox_id}/status/{bit}/', function (Application $app, Request $request, $databox_id, $bit) {
if (!$app['authentication']->getUser()->ACL()->has_right_on_sbas($databox_id, 'bas_modify_struct')) { if (!$app['acl']->get($app['authentication']->getUser())->has_right_on_sbas($databox_id, 'bas_modify_struct')) {
$app->abort(403); $app->abort(403);
} }
@@ -315,12 +315,12 @@ class Root implements ControllerProviderInterface
->assert('bit', '\d+') ->assert('bit', '\d+')
->bind('database_display_statusbit_form'); ->bind('database_display_statusbit_form');
$controllers->post('/statusbit/{databox_id}/status/{bit}/delete/', function (Application $app, Request $request, $databox_id, $bit) { $controllers->post('/statusbit/{databox_id}/status/{bit}/delete/', function(Application $app, Request $request, $databox_id, $bit) {
if (!$request->isXmlHttpRequest() || !array_key_exists($request->getMimeType('json'), array_flip($request->getAcceptableContentTypes()))) { if (!$request->isXmlHttpRequest() || !array_key_exists($request->getMimeType('json'), array_flip($request->getAcceptableContentTypes()))) {
$app->abort(400, _('Bad request format, only JSON is allowed')); $app->abort(400, _('Bad request format, only JSON is allowed'));
} }
if (!$app['authentication']->getUser()->ACL()->has_right_on_sbas($databox_id, 'bas_modify_struct')) { if (!$app['acl']->get($app['authentication']->getUser())->has_right_on_sbas($databox_id, 'bas_modify_struct')) {
$app->abort(403); $app->abort(403);
} }
@@ -338,8 +338,8 @@ class Root implements ControllerProviderInterface
->assert('databox_id', '\d+') ->assert('databox_id', '\d+')
->assert('bit', '\d+'); ->assert('bit', '\d+');
$controllers->post('/statusbit/{databox_id}/status/{bit}/', function (Application $app, Request $request, $databox_id, $bit) { $controllers->post('/statusbit/{databox_id}/status/{bit}/', function(Application $app, Request $request, $databox_id, $bit) {
if (!$app['authentication']->getUser()->ACL()->has_right_on_sbas($databox_id, 'bas_modify_struct')) { if (!$app['acl']->get($app['authentication']->getUser())->has_right_on_sbas($databox_id, 'bas_modify_struct')) {
$app->abort(403); $app->abort(403);
} }

26
lib/Alchemy/Phrasea/Controller/Admin/Users.php
View File

@@ -217,7 +217,7 @@ class Users implements ControllerProviderInterface
$on_base = $request->query->get('on_base') ? : array(); $on_base = $request->query->get('on_base') ? : array();
$elligible_users = $user_query $elligible_users = $user_query
->on_sbas_where_i_am($app['authentication']->getUser()->ACL(), $rights) ->on_sbas_where_i_am($app['acl']->get($app['authentication']->getUser()), $rights)
->like(\User_Query::LIKE_EMAIL, $like_value) ->like(\User_Query::LIKE_EMAIL, $like_value)
->like(\User_Query::LIKE_FIRSTNAME, $like_value) ->like(\User_Query::LIKE_FIRSTNAME, $like_value)
->like(\User_Query::LIKE_LASTNAME, $like_value) ->like(\User_Query::LIKE_LASTNAME, $like_value)
@@ -275,7 +275,7 @@ class Users implements ControllerProviderInterface
$on_base = $request->request->get('base_id') ? : null; $on_base = $request->request->get('base_id') ? : null;
$on_sbas = $request->request->get('sbas_id') ? : null; $on_sbas = $request->request->get('sbas_id') ? : null;
$elligible_users = $user_query->on_bases_where_i_am($app['authentication']->getUser()->ACL(), array('canadmin')) $elligible_users = $user_query->on_bases_where_i_am($app['acl']->get($app['authentication']->getUser()), array('canadmin'))
->like($like_field, $like_value) ->like($like_field, $like_value)
->on_base_ids($on_base) ->on_base_ids($on_base)
->on_sbas_ids($on_sbas); ->on_sbas_ids($on_sbas);
@@ -349,7 +349,7 @@ class Users implements ControllerProviderInterface
$stmt->execute(array(':date' => date('Y-m-d', $lastMonth))); $stmt->execute(array(':date' => date('Y-m-d', $lastMonth)));
$stmt->closeCursor(); $stmt->closeCursor();
$baslist = array_keys($app['authentication']->getUser()->ACL()->get_granted_base(array('canadmin'))); $baslist = array_keys($app['acl']->get($app['authentication']->getUser())->get_granted_base(array('canadmin')));
$sql = 'SELECT usr_id, usr_login FROM usr WHERE model_of = :usr_id'; $sql = 'SELECT usr_id, usr_login FROM usr WHERE model_of = :usr_id';
@@ -450,9 +450,9 @@ class Users implements ControllerProviderInterface
$cache_to_update[$usr] = true; $cache_to_update[$usr] = true;
$user_template = \User_Adapter::getInstance($template_id, $app); $user_template = \User_Adapter::getInstance($template_id, $app);
$base_ids = array_keys($user_template->ACL()->get_granted_base()); $base_ids = array_keys($app['acl']->get($user_template)->get_granted_base());
$user->ACL()->apply_model($user_template, $base_ids); $app['acl']->get($user)->apply_model($user_template, $base_ids);
if (!isset($done[$usr])) { if (!isset($done[$usr])) {
$done[$usr] = array(); $done[$usr] = array();
@@ -499,7 +499,7 @@ class Users implements ControllerProviderInterface
$cache_to_update[$usr] = true; $cache_to_update[$usr] = true;
foreach ($bases as $bas) { foreach ($bases as $bas) {
$user->ACL()->give_access_to_sbas(array(\phrasea::sbasFromBas($app, $bas))); $app['acl']->get($user)->give_access_to_sbas(array(\phrasea::sbasFromBas($app, $bas)));
$rights = array( $rights = array(
'canputinalbum' => '1' 'canputinalbum' => '1'
@@ -509,8 +509,8 @@ class Users implements ControllerProviderInterface
, 'actif' => '1' , 'actif' => '1'
); );
$user->ACL()->give_access_to_base(array($bas)); $app['acl']->get($user)->give_access_to_base(array($bas));
$user->ACL()->update_rights_to_base($bas, $rights); $app['acl']->get($user)->update_rights_to_base($bas, $rights);
if (!isset($done[$usr])) { if (!isset($done[$usr])) {
$done[$usr] = array(); $done[$usr] = array();
@@ -527,7 +527,7 @@ class Users implements ControllerProviderInterface
foreach (array_keys($cache_to_update) as $usr_id) { foreach (array_keys($cache_to_update) as $usr_id) {
$user = \User_Adapter::getInstance($usr_id, $app); $user = \User_Adapter::getInstance($usr_id, $app);
$user->ACL()->delete_data_from_cache(); $app['acl']->get($user)->delete_data_from_cache();
unset($user); unset($user);
} }
@@ -654,7 +654,7 @@ class Users implements ControllerProviderInterface
if ($loginToAdd === "") { if ($loginToAdd === "") {
$out['errors'][] = sprintf(_("Login line %d is empty"), $nbLine + 1); $out['errors'][] = sprintf(_("Login line %d is empty"), $nbLine + 1);
} elseif (in_array($loginToAdd, $loginNew)) { } elseif (in_array($loginToAdd, $loginNew)) {
$out['errors'][] = sprintf(_("Login %s is already defined in the file at line %d"), $loginToAdd, $i); $out['errors'][] = sprintf(_("Login %s is already defined in the file at line %d"), $loginToAdd, $nbLine);
} else { } else {
if (\User_Adapter::get_usr_id_from_login($app, $loginToAdd)) { if (\User_Adapter::get_usr_id_from_login($app, $loginToAdd)) {
$out['errors'][] = sprintf(_("Login %s already exists in database"), $loginToAdd); $out['errors'][] = sprintf(_("Login %s already exists in database"), $loginToAdd);
@@ -711,7 +711,7 @@ class Users implements ControllerProviderInterface
INNER JOIN basusr INNER JOIN basusr
ON (basusr.usr_id=usr.usr_id) ON (basusr.usr_id=usr.usr_id)
WHERE usr.model_of = :usr_id WHERE usr.model_of = :usr_id
AND base_id in(" . implode(', ', array_keys($app['authentication']->getUser()->ACL()->get_granted_base(array('manage')))) . ") AND base_id in(" . implode(', ', array_keys($app['acl']->get($app['authentication']->getUser())->get_granted_base(array('manage')))) . ")
AND usr_login not like '(#deleted_%)' AND usr_login not like '(#deleted_%)'
GROUP BY usr_id"; GROUP BY usr_id";
@@ -849,8 +849,8 @@ class Users implements ControllerProviderInterface
$NewUser->set_company($curUser['societe']); $NewUser->set_company($curUser['societe']);
} }
$NewUser->ACL()->apply_model( $app['acl']->get($NewUser)->apply_model(
\User_Adapter::getInstance($model, $app), array_keys($app['authentication']->getUser()->ACL()->get_granted_base(array('manage'))) \User_Adapter::getInstance($model, $app), array_keys($app['acl']->get($app['authentication']->getUser())->get_granted_base(array('manage')))
); );
$nbCreation++; $nbCreation++;

2
lib/Alchemy/Phrasea/Controller/Api/V1.php
View File

@@ -180,7 +180,7 @@ class V1 implements ControllerProviderInterface
*/ */
$mustBeAdmin = function (Request $request) use ($app) { $mustBeAdmin = function (Request $request) use ($app) {
$user = $app['token']->get_account()->get_user(); $user = $app['token']->get_account()->get_user();
if (!$user->ACL()->is_admin()) { if (!$app['acl']->get($user)->is_admin()) {
throw new \API_V1_exception_unauthorized('You are not authorized'); throw new \API_V1_exception_unauthorized('You are not authorized');
} }
}; };

16
lib/Alchemy/Phrasea/Controller/Client/Root.php
View File

@@ -138,9 +138,9 @@ class Root implements ControllerProviderInterface
$isImage = true; $isImage = true;
} }
$canDownload = $app['authentication']->getUser()->ACL()->has_right_on_base($record->get_base_id(), 'candwnldpreview') || $canDownload = $app['acl']->get($app['authentication']->getUser())->has_right_on_base($record->get_base_id(), 'candwnldpreview') ||
$app['authentication']->getUser()->ACL()->has_right_on_base($record->get_base_id(), 'candwnldhd') || $app['acl']->get($app['authentication']->getUser())->has_right_on_base($record->get_base_id(), 'candwnldhd') ||
$app['authentication']->getUser()->ACL()->has_right_on_base($record->get_base_id(), 'cancmd'); $app['acl']->get($app['authentication']->getUser())->has_right_on_base($record->get_base_id(), 'cancmd');
try { try {
$previewExists = $record->get_preview()->is_physically_present(); $previewExists = $record->get_preview()->is_physically_present();
@@ -159,7 +159,7 @@ class Root implements ControllerProviderInterface
'is_image' => $isImage, 'is_image' => $isImage,
'is_document' => $isDocument, 'is_document' => $isDocument,
'can_download' => $canDownload, 'can_download' => $canDownload,
'can_add_to_basket' => $app['authentication']->getUser()->ACL()->has_right_on_base($record->get_base_id(), 'canputinalbum') 'can_add_to_basket' => $app['acl']->get($app['authentication']->getUser())->has_right_on_base($record->get_base_id(), 'canputinalbum')
); );
} }
@@ -297,13 +297,13 @@ class Root implements ControllerProviderInterface
{ {
$allDataboxes = $allCollections = array(); $allDataboxes = $allCollections = array();
foreach ($app['authentication']->getUser()->ACL()->get_granted_sbas() as $databox) { foreach ($app['acl']->get($app['authentication']->getUser())->get_granted_sbas() as $databox) {
if (count($app['phraseanet.appbox']->get_databoxes()) > 0) { if (count($app['phraseanet.appbox']->get_databoxes()) > 0) {
$allDataboxes[$databox->get_sbas_id()] = array('databox' => $databox, 'collections' => array()); $allDataboxes[$databox->get_sbas_id()] = array('databox' => $databox, 'collections' => array());
} }
if (count($databox->get_collections()) > 0) { if (count($databox->get_collections()) > 0) {
foreach ($app['authentication']->getUser()->ACL()->get_granted_base(array(), array($databox->get_sbas_id())) as $coll) { foreach ($app['acl']->get($app['authentication']->getUser())->get_granted_base(array(), array($databox->get_sbas_id())) as $coll) {
$allDataboxes[$databox->get_sbas_id()]['collections'][$coll->get_base_id()] = $coll; $allDataboxes[$databox->get_sbas_id()]['collections'][$coll->get_base_id()] = $coll;
$allCollections[$coll->get_base_id()] = $coll; $allCollections[$coll->get_base_id()] = $coll;
} }
@@ -447,7 +447,7 @@ class Root implements ControllerProviderInterface
$collections = array_merge($collections, $bases); $collections = array_merge($collections, $bases);
} }
} else { } else {
$collections = array_keys($app['authentication']->getUser()->ACL()->get_granted_base()); $collections = array_keys($app['acl']->get($app['authentication']->getUser())->get_granted_base());
} }
$queryParameters["mod"] = $app['authentication']->getUser()->getPrefs('client_view') ?: '3X6'; $queryParameters["mod"] = $app['authentication']->getUser()->getPrefs('client_view') ?: '3X6';
@@ -477,7 +477,7 @@ class Root implements ControllerProviderInterface
private function getPublicationStartPage(Application $app) private function getPublicationStartPage(Application $app)
{ {
return $app['twig']->render('client/home_inter_pub_basket.html.twig', array( return $app['twig']->render('client/home_inter_pub_basket.html.twig', array(
'feeds' => Aggregate::createFromUser($app['EM'], $app['authentication']->getUser()), 'feeds' => Aggregate::createFromUser($app, $app['authentication']->getUser()),
'image_size' => (int) $app['authentication']->getUser()->getPrefs('images_size') 'image_size' => (int) $app['authentication']->getUser()->getPrefs('images_size')
)); ));
} }

10
lib/Alchemy/Phrasea/Controller/Datafiles.php
View File

@@ -64,12 +64,12 @@ class Datafiles extends AbstractDelivery
throw new NotFoundHttpException; throw new NotFoundHttpException;
} }
if (!$app['authentication']->getUser()->ACL()->has_access_to_subdef($record, $subdef)) { if (!$app['acl']->get($app['authentication']->getUser())->has_access_to_subdef($record, $subdef)) {
throw new AccessDeniedHttpException(sprintf('User has not access to subdef %s', $subdef)); throw new AccessDeniedHttpException(sprintf('User has not access to subdef %s', $subdef));
} }
$stamp = false; $stamp = false;
$watermark = !$app['authentication']->getUser()->ACL()->has_right_on_base($record->get_base_id(), 'nowatermark'); $watermark = !$app['acl']->get($app['authentication']->getUser())->has_right_on_base($record->get_base_id(), 'nowatermark');
if ($watermark && !$all_access) { if ($watermark && !$all_access) {
$subdef_class = $databox $subdef_class = $databox
@@ -77,9 +77,9 @@ class Datafiles extends AbstractDelivery
->get_subdef($record->get_type(), $subdef) ->get_subdef($record->get_type(), $subdef)
->get_class(); ->get_class();
if ($subdef_class == \databox_subdef::CLASS_PREVIEW && $app['authentication']->getUser()->ACL()->has_preview_grant($record)) { if ($subdef_class == \databox_subdef::CLASS_PREVIEW && $app['acl']->get($app['authentication']->getUser())->has_preview_grant($record)) {
$watermark = false; $watermark = false;
} elseif ($subdef_class == \databox_subdef::CLASS_DOCUMENT && $app['authentication']->getUser()->ACL()->has_hd_grant($record)) { } elseif ($subdef_class == \databox_subdef::CLASS_DOCUMENT && $app['acl']->get($app['authentication']->getUser())->has_hd_grant($record)) {
$watermark = false; $watermark = false;
} }
} }
@@ -88,7 +88,7 @@ class Datafiles extends AbstractDelivery
$repository = $app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\BasketElement'); $repository = $app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\BasketElement');
/* @var $repository Alchemy\Phrasea\Model\Repositories\BasketElementRepository */ /* @var $repository BasketElementRepository */
$ValidationByRecord = $repository->findReceivedValidationElementsByRecord($record, $app['authentication']->getUser()); $ValidationByRecord = $repository->findReceivedValidationElementsByRecord($record, $app['authentication']->getUser());
$ReceptionByRecord = $repository->findReceivedElementsByRecord($record, $app['authentication']->getUser()); $ReceptionByRecord = $repository->findReceivedElementsByRecord($record, $app['authentication']->getUser());

2
lib/Alchemy/Phrasea/Controller/Permalink.php
View File

@@ -72,7 +72,7 @@ class Permalink extends AbstractDelivery
if ($app['authentication']->isAuthenticated()) { if ($app['authentication']->isAuthenticated()) {
$user = \User_Adapter::getInstance($app['authentication']->getUser()->get_id(), $app); $user = \User_Adapter::getInstance($app['authentication']->getUser()->get_id(), $app);
$watermark = !$user->ACL()->has_right_on_base($record->get_base_id(), 'nowatermark'); $watermark = !$app['acl']->get($user)->has_right_on_base($record->get_base_id(), 'nowatermark');
if ($watermark) { if ($watermark) {

4
lib/Alchemy/Phrasea/Controller/Prod/Edit.php
View File

@@ -120,7 +120,7 @@ class Edit implements ControllerProviderInterface
/** /**
* generate javascript status * generate javascript status
*/ */
if ($app['authentication']->getUser()->ACL()->has_right('changestatus')) { if ($app['acl']->get($app['authentication']->getUser())->has_right('changestatus')) {
$dbstatus = \databox_status::getDisplayStatus($app); $dbstatus = \databox_status::getDisplayStatus($app);
if (isset($dbstatus[$databox->get_sbas_id()])) { if (isset($dbstatus[$databox->get_sbas_id()])) {
foreach ($dbstatus[$databox->get_sbas_id()] as $n => $statbit) { foreach ($dbstatus[$databox->get_sbas_id()] as $n => $statbit) {
@@ -156,7 +156,7 @@ class Edit implements ControllerProviderInterface
); );
$elements[$indice]['statbits'] = array(); $elements[$indice]['statbits'] = array();
if ($app['authentication']->getUser()->ACL()->has_right_on_base($record->get_base_id(), 'chgstatus')) { if ($app['acl']->get($app['authentication']->getUser())->has_right_on_base($record->get_base_id(), 'chgstatus')) {
foreach ($status as $n => $s) { foreach ($status as $n => $s) {
$tmp_val = substr(strrev($record->get_status()), $n, 1); $tmp_val = substr(strrev($record->get_status()), $n, 1);
$elements[$indice]['statbits'][$n]['value'] = ($tmp_val == '1') ? '1' : '0'; $elements[$indice]['statbits'][$n]['value'] = ($tmp_val == '1') ? '1' : '0';

14
lib/Alchemy/Phrasea/Controller/Prod/Feed.php
View File

@@ -41,7 +41,9 @@ class Feed implements ControllerProviderInterface
}); });
$controllers->post('/requestavailable/', function (Application $app, Request $request) { $controllers->post('/requestavailable/', function (Application $app, Request $request) {
$feeds = $app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\Feed')->getAllForUser($app['authentication']->getUser()); $feeds = $app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\Feed')->getAllForUser(
$app['acl']->get($app['authentication']->getUser())
);
$publishing = RecordsRequest::fromRequest($app, $request, true, array(), array('bas_chupub')); $publishing = RecordsRequest::fromRequest($app, $request, true, array(), array('bas_chupub'));
return $app['twig']->render('prod/actions/publish/publish.html.twig', array('publishing' => $publishing, 'feeds' => $feeds)); return $app['twig']->render('prod/actions/publish/publish.html.twig', array('publishing' => $publishing, 'feeds' => $feeds));
@@ -106,7 +108,7 @@ class Feed implements ControllerProviderInterface
throw new AccessDeniedHttpException(); throw new AccessDeniedHttpException();
} }
$feeds = $app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\Feed')->getAllForUser($app['authentication']->getUser()); $feeds = $app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\Feed')->getAllForUser($app['acl']->get($app['authentication']->getUser()));
$datas = $app['twig']->render('prod/actions/publish/publish_edit.html.twig', array('entry' => $entry, 'feeds' => $feeds)); $datas = $app['twig']->render('prod/actions/publish/publish_edit.html.twig', array('entry' => $entry, 'feeds' => $feeds));
@@ -203,12 +205,12 @@ class Feed implements ControllerProviderInterface
$app['firewall']->requireRight('bas_chupub'); $app['firewall']->requireRight('bas_chupub');
}); });
$controllers->get('/', function (Application $app, Request $request) { $controllers->get('/', function(Application $app, Request $request) {
$request = $app['request']; $request = $app['request'];
$page = (int) $request->query->get('page'); $page = (int) $request->query->get('page');
$page = $page > 0 ? $page : 1; $page = $page > 0 ? $page : 1;
$feeds = $app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\Feed')->getAllForUser($app['authentication']->getUser()); $feeds = $app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\Feed')->getAllForUser($app['acl']->get($app['authentication']->getUser()));
$datas = $app['twig']->render('prod/feeds/feeds.html.twig', array( $datas = $app['twig']->render('prod/feeds/feeds.html.twig', array(
'feeds' => $feeds, 'feeds' => $feeds,
@@ -227,7 +229,7 @@ class Feed implements ControllerProviderInterface
if (!$feed->isAccessible($app['authentication']->getUser(), $app)) { if (!$feed->isAccessible($app['authentication']->getUser(), $app)) {
$app->abort(404, 'Feed not found'); $app->abort(404, 'Feed not found');
} }
$feeds = $app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\Feed')->getAllForUser($app['authentication']->getUser()); $feeds = $app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\Feed')->getAllForUser($app['acl']->get($app['authentication']->getUser()));
$datas = $app['twig']->render('prod/feeds/feeds.html.twig', array('feed' => $feed, 'feeds' => $feeds, 'page' => $page)); $datas = $app['twig']->render('prod/feeds/feeds.html.twig', array('feed' => $feed, 'feeds' => $feeds, 'page' => $page));
@@ -239,7 +241,7 @@ class Feed implements ControllerProviderInterface
$controllers->get('/subscribe/aggregated/', function (Application $app, Request $request) { $controllers->get('/subscribe/aggregated/', function (Application $app, Request $request) {
$renew = ($request->query->get('renew') === 'true'); $renew = ($request->query->get('renew') === 'true');
$feeds = $app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\Feed')->getAllForUser($app['authentication']->getUser()); $feeds = $app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\Feed')->getAllForUser($app['acl']->get($app['authentication']->getUser()));
$link = $app['feed.aggregate-link-generator']->generate(new Aggregate($app['EM'], $feeds), $link = $app['feed.aggregate-link-generator']->generate(new Aggregate($app['EM'], $feeds),
$app['authentication']->getUser(), $app['authentication']->getUser(),

2
lib/Alchemy/Phrasea/Controller/Prod/Lazaret.php
View File

@@ -87,7 +87,7 @@ class Lazaret implements ControllerProviderInterface
*/ */
public function listElement(Application $app, Request $request) public function listElement(Application $app, Request $request)
{ {
$baseIds = array_keys($app['authentication']->getUser()->ACL()->get_granted_base(array('canaddrecord'))); $baseIds = array_keys($app['acl']->get($app['authentication']->getUser())->get_granted_base(array('canaddrecord')));
$lazaretFiles = null; $lazaretFiles = null;

6
lib/Alchemy/Phrasea/Controller/Prod/MoveCollection.php
View File

@@ -52,7 +52,7 @@ class MoveCollection implements ControllerProviderInterface
return $databox->get_sbas_id(); return $databox->get_sbas_id();
}, $records->databoxes()); }, $records->databoxes());
$collections = $app['authentication']->getUser()->ACL() $collections = $app['acl']->get($app['authentication']->getUser())
->get_granted_base(array('canaddrecord'), $sbas_ids); ->get_granted_base(array('canaddrecord'), $sbas_ids);
$parameters = array( $parameters = array(
@@ -80,7 +80,7 @@ class MoveCollection implements ControllerProviderInterface
return $app->json($datas); return $app->json($datas);
} }
if (!$app['authentication']->getUser()->ACL()->has_right_on_base($request->request->get('base_id'), 'canaddrecord')) { if (!$app['acl']->get($app['authentication']->getUser())->has_right_on_base($request->request->get('base_id'), 'canaddrecord')) {
$datas['message'] = sprintf(_("You do not have the permission to move records to %s"), \phrasea::bas_labels($move->getBaseIdDestination(), $app)); $datas['message'] = sprintf(_("You do not have the permission to move records to %s"), \phrasea::bas_labels($move->getBaseIdDestination(), $app));
return $app->json($datas); return $app->json($datas);
@@ -99,7 +99,7 @@ class MoveCollection implements ControllerProviderInterface
if ($request->request->get("chg_coll_son") == "1") { if ($request->request->get("chg_coll_son") == "1") {
foreach ($record->get_children() as $child) { foreach ($record->get_children() as $child) {
if ($app['authentication']->getUser()->ACL()->has_right_on_base($child->get_base_id(), 'candeleterecord')) { if ($app['acl']->get($app['authentication']->getUser())->has_right_on_base($child->get_base_id(), 'candeleterecord')) {
$child->move_to_collection($collection, $app['phraseanet.appbox']); $child->move_to_collection($collection, $app['phraseanet.appbox']);
} }
} }

4
lib/Alchemy/Phrasea/Controller/Prod/Order.php
View File

@@ -195,7 +195,7 @@ class Order implements ControllerProviderInterface
$perPage = (int) $request->query->get('per-page', 10); $perPage = (int) $request->query->get('per-page', 10);
$sort = $request->query->get('sort'); $sort = $request->query->get('sort');
$baseIds = array_keys($app['authentication']->getUser()->ACL()->get_granted_base(array('order_master'))); $baseIds = array_keys($app['acl']->get($app['authentication']->getUser())->get_granted_base(array('order_master')));
$ordersList = $app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\Order')->listOrders($baseIds, $offsetStart, $perPage, $sort); $ordersList = $app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\Order')->listOrders($baseIds, $offsetStart, $perPage, $sort);
$total = $app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\Order')->countTotalOrders($baseIds); $total = $app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\Order')->countTotalOrders($baseIds);
@@ -278,7 +278,7 @@ class Order implements ControllerProviderInterface
$basket->addElement($basketElement); $basket->addElement($basketElement);
$n++; $n++;
$dest_user->ACL()->grant_hd_on($record, $app['authentication']->getUser(), 'order'); $app['acl']->get($dest_user)->grant_hd_on($record, $app['authentication']->getUser(), 'order');
} }
} }

16
lib/Alchemy/Phrasea/Controller/Prod/Push.php
View File

@@ -204,13 +204,13 @@ class Push implements ControllerProviderInterface
$Basket->addElement($BasketElement); $Basket->addElement($BasketElement);
if ($receiver['HD']) { if ($receiver['HD']) {
$user_receiver->ACL()->grant_hd_on( $app['acl']->get($user_receiver)->grant_hd_on(
$BasketElement->getRecord($app) $BasketElement->getRecord($app)
, $app['authentication']->getUser() , $app['authentication']->getUser()
, \ACL::GRANT_ACTION_PUSH , \ACL::GRANT_ACTION_PUSH
); );
} else { } else {
$user_receiver->ACL()->grant_preview_on( $app['acl']->get($user_receiver)->grant_preview_on(
$BasketElement->getRecord($app) $BasketElement->getRecord($app)
, $app['authentication']->getUser() , $app['authentication']->getUser()
, \ACL::GRANT_ACTION_PUSH , \ACL::GRANT_ACTION_PUSH
@@ -392,13 +392,13 @@ class Push implements ControllerProviderInterface
$BasketElement->addValidationData($ValidationData); $BasketElement->addValidationData($ValidationData);
if ($participant['HD']) { if ($participant['HD']) {
$participant_user->ACL()->grant_hd_on( $app['acl']->get($participant_user)->grant_hd_on(
$BasketElement->getRecord($app) $BasketElement->getRecord($app)
, $app['authentication']->getUser() , $app['authentication']->getUser()
, \ACL::GRANT_ACTION_VALIDATE , \ACL::GRANT_ACTION_VALIDATE
); );
} else { } else {
$participant_user->ACL()->grant_preview_on( $app['acl']->get($participant_user)->grant_preview_on(
$BasketElement->getRecord($app) $BasketElement->getRecord($app)
, $app['authentication']->getUser() , $app['authentication']->getUser()
, \ACL::GRANT_ACTION_VALIDATE , \ACL::GRANT_ACTION_VALIDATE
@@ -478,7 +478,7 @@ class Push implements ControllerProviderInterface
$query = new \User_Query($app); $query = new \User_Query($app);
$query->on_bases_where_i_am($app['authentication']->getUser()->ACL(), array('canpush')); $query->on_bases_where_i_am($app['acl']->get($app['authentication']->getUser()), array('canpush'));
$query->in(array($usr_id)); $query->in(array($usr_id));
@@ -515,7 +515,7 @@ class Push implements ControllerProviderInterface
$result = array('success' => false, 'message' => '', 'user' => null); $result = array('success' => false, 'message' => '', 'user' => null);
try { try {
if (!$app['authentication']->getUser()->ACL()->has_right('manageusers')) if (!$app['acl']->get($app['authentication']->getUser())->has_right('manageusers'))
throw new ControllerException(_('You are not allowed to add users')); throw new ControllerException(_('You are not allowed to add users'));
if (!$request->request->get('firstname')) if (!$request->request->get('firstname'))
@@ -587,7 +587,7 @@ class Push implements ControllerProviderInterface
$query = new \User_Query($app); $query = new \User_Query($app);
$query->on_bases_where_i_am($app['authentication']->getUser()->ACL(), array('canpush')); $query->on_bases_where_i_am($app['acl']->get($app['authentication']->getUser()), array('canpush'));
$query->like(\User_Query::LIKE_FIRSTNAME, $request->query->get('query')) $query->like(\User_Query::LIKE_FIRSTNAME, $request->query->get('query'))
->like(\User_Query::LIKE_LASTNAME, $request->query->get('query')) ->like(\User_Query::LIKE_LASTNAME, $request->query->get('query'))
@@ -627,7 +627,7 @@ class Push implements ControllerProviderInterface
$query = new \User_Query($app); $query = new \User_Query($app);
$query->on_bases_where_i_am($app['authentication']->getUser()->ACL(), array('canpush')); $query->on_bases_where_i_am($app['acl']->get($app['authentication']->getUser()), array('canpush'));
if ($request->get('query')) { if ($request->get('query')) {
$query->like($request->get('like_field'), $request->get('query')) $query->like($request->get('like_field'), $request->get('query'))

4
lib/Alchemy/Phrasea/Controller/Prod/Root.php
View File

@@ -74,8 +74,8 @@ class Root implements ControllerProviderInterface
$cssfile = '000000'; $cssfile = '000000';
} }
$feeds = $app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\Feed')->getAllForUser($app['authentication']->getUser()); $feeds = $app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\Feed')->getAllForUser($app['acl']->get($app['authentication']->getUser()));
$aggregate = Aggregate::createFromUser($app['EM'], $app['authentication']->getUser()); $aggregate = Aggregate::createFromUser($app, $app['authentication']->getUser());
$thjslist = ""; $thjslist = "";

2
lib/Alchemy/Phrasea/Controller/Prod/Share.php
View File

@@ -53,7 +53,7 @@ class Share implements ControllerProviderInterface
{ {
$record = new \record_adapter($app, \phrasea::sbasFromBas($app, $base_id), $record_id); $record = new \record_adapter($app, \phrasea::sbasFromBas($app, $base_id), $record_id);
if (!$app['authentication']->getUser()->ACL()->has_access_to_subdef($record, 'preview')) { if (!$app['acl']->get($app['authentication']->getUser())->has_access_to_subdef($record, 'preview')) {
$app->abort(403); $app->abort(403);
} }

8
lib/Alchemy/Phrasea/Controller/Prod/Story.php
View File

@@ -45,7 +45,7 @@ class Story implements ControllerProviderInterface
/* @var $request \Symfony\Component\HttpFoundation\Request */ /* @var $request \Symfony\Component\HttpFoundation\Request */
$collection = \collection::get_from_base_id($app, $request->request->get('base_id')); $collection = \collection::get_from_base_id($app, $request->request->get('base_id'));
if (!$app['authentication']->getUser()->ACL()->has_right_on_base($collection->get_base_id(), 'canaddrecord')) { if (!$app['acl']->get($app['authentication']->getUser())->has_right_on_base($collection->get_base_id(), 'canaddrecord')) {
throw new AccessDeniedHttpException('You can not create a story on this collection'); throw new AccessDeniedHttpException('You can not create a story on this collection');
} }
@@ -123,7 +123,7 @@ class Story implements ControllerProviderInterface
$controllers->post('/{sbas_id}/{record_id}/addElements/', function (Application $app, Request $request, $sbas_id, $record_id) { $controllers->post('/{sbas_id}/{record_id}/addElements/', function (Application $app, Request $request, $sbas_id, $record_id) {
$Story = new \record_adapter($app, $sbas_id, $record_id); $Story = new \record_adapter($app, $sbas_id, $record_id);
if (!$app['authentication']->getUser()->ACL()->has_right_on_base($Story->get_base_id(), 'canmodifrecord')) if (!$app['acl']->get($app['authentication']->getUser())->has_right_on_base($Story->get_base_id(), 'canmodifrecord'))
throw new AccessDeniedHttpException('You can not add document to this Story'); throw new AccessDeniedHttpException('You can not add document to this Story');
$n = 0; $n = 0;
@@ -156,7 +156,7 @@ class Story implements ControllerProviderInterface
$record = new \record_adapter($app, $child_sbas_id, $child_record_id); $record = new \record_adapter($app, $child_sbas_id, $child_record_id);
if (!$app['authentication']->getUser()->ACL()->has_right_on_base($Story->get_base_id(), 'canmodifrecord')) if (!$app['acl']->get($app['authentication']->getUser())->has_right_on_base($Story->get_base_id(), 'canmodifrecord'))
throw new AccessDeniedHttpException('You can not add document to this Story'); throw new AccessDeniedHttpException('You can not add document to this Story');
$Story->removeChild($record); $Story->removeChild($record);
@@ -209,7 +209,7 @@ class Story implements ControllerProviderInterface
throw new \Exception('This is not a story'); throw new \Exception('This is not a story');
} }
if (!$app['authentication']->getUser()->ACL()->has_right_on_base($story->get_base_id(), 'canmodifrecord')) { if (!$app['acl']->get($app['authentication']->getUser())->has_right_on_base($story->get_base_id(), 'canmodifrecord')) {
throw new ControllerException(_('You can not edit this story')); throw new ControllerException(_('You can not edit this story'));
} }

6
lib/Alchemy/Phrasea/Controller/Prod/TOU.php
View File

@@ -57,10 +57,10 @@ class TOU implements ControllerProviderInterface
try { try {
$databox = $app['phraseanet.appbox']->get_databox((int) $sbas_id); $databox = $app['phraseanet.appbox']->get_databox((int) $sbas_id);
$app['authentication']->getUser()->ACL()->revoke_access_from_bases( $app['acl']->get($app['authentication']->getUser())->revoke_access_from_bases(
array_keys($app['authentication']->getUser()->ACL()->get_granted_base(array(), array($databox->get_sbas_id()))) array_keys($app['acl']->get($app['authentication']->getUser())->get_granted_base(array(), array($databox->get_sbas_id())))
); );
$app['authentication']->getUser()->ACL()->revoke_unused_sbas_rights(); $app['acl']->get($app['authentication']->getUser())->revoke_unused_sbas_rights();
$app['authentication']->closeAccount(); $app['authentication']->closeAccount();

13
lib/Alchemy/Phrasea/Controller/Prod/Upload.php
View File

@@ -78,7 +78,7 @@ class Upload implements ControllerProviderInterface
return $app['twig']->render( return $app['twig']->render(
'prod/upload/upload-flash.html.twig', array( 'prod/upload/upload-flash.html.twig', array(
'sessionId' => session_id(), 'sessionId' => session_id(),
'collections' => $this->getGrantedCollections($app['authentication']->getUser()), 'collections' => $this->getGrantedCollections($app['acl']->get($app['authentication']->getUser())),
'maxFileSize' => $maxFileSize, 'maxFileSize' => $maxFileSize,
'maxFileSizeReadable' => \p4string::format_octets($maxFileSize) 'maxFileSizeReadable' => \p4string::format_octets($maxFileSize)
)); ));
@@ -98,7 +98,7 @@ class Upload implements ControllerProviderInterface
return $app['twig']->render( return $app['twig']->render(
'prod/upload/upload.html.twig', array( 'prod/upload/upload.html.twig', array(
'collections' => $this->getGrantedCollections($app['authentication']->getUser()), 'collections' => $this->getGrantedCollections($app['acl']->get($app['authentication']->getUser())),
'maxFileSize' => $maxFileSize, 'maxFileSize' => $maxFileSize,
'maxFileSizeReadable' => \p4string::format_octets($maxFileSize) 'maxFileSizeReadable' => \p4string::format_octets($maxFileSize)
)); ));
@@ -144,7 +144,7 @@ class Upload implements ControllerProviderInterface
throw new BadRequestHttpException('Missing base_id parameter'); throw new BadRequestHttpException('Missing base_id parameter');
} }
if (!$app['authentication']->getUser()->ACL()->has_right_on_base($base_id, 'canaddrecord')) { if (!$app['acl']->get($app['authentication']->getUser())->has_right_on_base($base_id, 'canaddrecord')) {
throw new AccessDeniedHttpException('User is not allowed to add record on this collection'); throw new AccessDeniedHttpException('User is not allowed to add record on this collection');
} }
@@ -269,14 +269,15 @@ class Upload implements ControllerProviderInterface
/** /**
* Get current user's granted collections where he can upload * Get current user's granted collections where he can upload
* *
* @param \User_Adapter $user * @param \ACL $acl The user's ACL.
*
* @return array * @return array
*/ */
private function getGrantedCollections(\User_Adapter $user) private function getGrantedCollections(\ACL $acl)
{ {
$collections = array(); $collections = array();
foreach ($user->ACL()->get_granted_base(array('canaddrecord')) as $collection) { foreach ($acl->get_granted_base(array('canaddrecord')) as $collection) {
$databox = $collection->get_databox(); $databox = $collection->get_databox();
if ( ! isset($collections[$databox->get_sbas_id()])) { if ( ! isset($collections[$databox->get_sbas_id()])) {

2
lib/Alchemy/Phrasea/Controller/Prod/WorkZone.php
View File

@@ -142,7 +142,7 @@ class WorkZone implements ControllerProviderInterface
throw new \Exception('You can only attach stories'); throw new \Exception('You can only attach stories');
} }
if (!$app['authentication']->getUser()->ACL()->has_access_to_base($Story->get_base_id())) { if (!$app['acl']->get($app['authentication']->getUser())->has_access_to_base($Story->get_base_id())) {
throw new AccessDeniedHttpException('You do not have access to this Story'); throw new AccessDeniedHttpException('You do not have access to this Story');
} }

6
lib/Alchemy/Phrasea/Controller/RecordsRequest.php
View File

@@ -244,20 +244,20 @@ class RecordsRequest extends ArrayCollection
foreach ($elements as $id => $record) { foreach ($elements as $id => $record) {
if (!$app['authentication']->getUser()->ACL()->has_access_to_record($record)) { if (!$app['acl']->get($app['authentication']->getUser())->has_access_to_record($record)) {
$to_remove[] = $id; $to_remove[] = $id;
continue; continue;
} }
foreach ($rightsColl as $right) { foreach ($rightsColl as $right) {
if (!$app['authentication']->getUser()->ACL()->has_right_on_base($record->get_base_id(), $right)) { if (!$app['acl']->get($app['authentication']->getUser())->has_right_on_base($record->get_base_id(), $right)) {
$to_remove[] = $id; $to_remove[] = $id;
continue; continue;
} }
} }
foreach ($rightsDatabox as $right) { foreach ($rightsDatabox as $right) {
if (!$app['authentication']->getUser()->ACL()->has_right_on_sbas($record->get_sbas_id(), $right)) { if (!$app['acl']->get($app['authentication']->getUser())->has_right_on_sbas($record->get_sbas_id(), $right)) {
$to_remove[] = $id; $to_remove[] = $id;
continue; continue;
} }

18
lib/Alchemy/Phrasea/Controller/Root/Login.php
View File

@@ -378,15 +378,15 @@ class Login implements ControllerProviderInterface
foreach (array_keys($inscOK) as $base_id) { foreach (array_keys($inscOK) as $base_id) {
$base_ids[] = $base_id; $base_ids[] = $base_id;
} }
$user->ACL()->apply_model($template_user, $base_ids); $app['acl']->get($user)->apply_model($template_user, $base_ids);
} }
$autoReg = $user->ACL()->get_granted_base(); $autoReg = $app['acl']->get($user)->get_granted_base();
$appbox_register = new \appbox_register($app['phraseanet.appbox']); $appbox_register = new \appbox_register($app['phraseanet.appbox']);
foreach ($inscOK as $base_id => $autorisation) { foreach ($inscOK as $base_id => $autorisation) {
if (false === $autorisation || $user->ACL()->has_access_to_base($base_id)) { if (false === $autorisation || $app['acl']->get($user)->has_access_to_base($base_id)) {
continue; continue;
} }
@@ -561,7 +561,7 @@ class Login implements ControllerProviderInterface
$app['tokens']->removeToken($code); $app['tokens']->removeToken($code);
if (count($user->ACL()->get_granted_base()) > 0) { if (count($app['acl']->get($user)->get_granted_base()) > 0) {
$mail = MailSuccessEmailConfirmationRegistered::create($app, $receiver); $mail = MailSuccessEmailConfirmationRegistered::create($app, $receiver);
$app['notification.deliverer']->deliver($mail); $app['notification.deliverer']->deliver($mail);
@@ -791,11 +791,11 @@ class Login implements ControllerProviderInterface
$inviteUsrid = \User_Adapter::get_usr_id_from_login($app, 'invite'); $inviteUsrid = \User_Adapter::get_usr_id_from_login($app, 'invite');
$invite_user = \User_Adapter::getInstance($inviteUsrid, $app); $invite_user = \User_Adapter::getInstance($inviteUsrid, $app);
$usr_base_ids = array_keys($user->ACL()->get_granted_base()); $usr_base_ids = array_keys($app['acl']->get($user)->get_granted_base());
$user->ACL()->revoke_access_from_bases($usr_base_ids); $app['acl']->get($user)->revoke_access_from_bases($usr_base_ids);
$invite_base_ids = array_keys($invite_user->ACL()->get_granted_base()); $invite_base_ids = array_keys($app['acl']->get($invite_user)->get_granted_base());
$user->ACL()->apply_model($invite_user, $invite_base_ids); $app['acl']->get($user)->apply_model($invite_user, $invite_base_ids);
$this->postAuthProcess($app, $user); $this->postAuthProcess($app, $user);
@@ -1032,7 +1032,7 @@ class Login implements ControllerProviderInterface
$response = $this->generateAuthResponse($app, $app['browser'], $request->request->get('redirect')); $response = $this->generateAuthResponse($app, $app['browser'], $request->request->get('redirect'));
$response->headers->clearCookie('invite-usr-id'); $response->headers->clearCookie('invite-usr-id');
$user->ACL()->inject_rights(); $app['acl']->get($user)->inject_rights();
if ($request->cookies->has('postlog') && $request->cookies->get('postlog') == '1') { if ($request->cookies->has('postlog') && $request->cookies->get('postlog') == '1') {
if (!$user->is_guest() && $request->cookies->has('invite-usr_id')) { if (!$user->is_guest() && $request->cookies->has('invite-usr_id')) {

2
lib/Alchemy/Phrasea/Controller/Root/RSSFeeds.php
View File

@@ -71,7 +71,7 @@ class RSSFeeds implements ControllerProviderInterface
$user = \User_Adapter::getInstance($token->getUsrId(), $app); $user = \User_Adapter::getInstance($token->getUsrId(), $app);
$feeds = $app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\Feed')->getAllForUser($user); $feeds = $app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\Feed')->getAllForUser($app['acl']->get($user));
$aggregate = new Aggregate($app['EM'], $feeds, $token); $aggregate = new Aggregate($app['EM'], $feeds, $token);

5
lib/Alchemy/Phrasea/Core/Provider/PhraseanetServiceProvider.php
View File

@@ -11,6 +11,7 @@
namespace Alchemy\Phrasea\Core\Provider; namespace Alchemy\Phrasea\Core\Provider;
use Alchemy\Phrasea\Authentication\ACLProvider;
use Alchemy\Phrasea\Security\Firewall; use Alchemy\Phrasea\Security\Firewall;
use Silex\Application as SilexApplication; use Silex\Application as SilexApplication;
use Silex\ServiceProviderInterface; use Silex\ServiceProviderInterface;
@@ -37,6 +38,10 @@ class PhraseanetServiceProvider implements ServiceProviderInterface
return $events; return $events;
}); });
$app['acl'] = $app->share(function(SilexApplication $app) {
return new ACLProvider($app);
});
} }
public function boot(SilexApplication $app) public function boot(SilexApplication $app)

11
lib/Alchemy/Phrasea/Feed/Aggregate.php
View File

@@ -12,6 +12,7 @@
namespace Alchemy\Phrasea\Feed; namespace Alchemy\Phrasea\Feed;
use Alchemy\Phrasea\Application; use Alchemy\Phrasea\Application;
use Alchemy\Phrasea\Authentication\ACLProvider;
use Alchemy\Phrasea\Exception\LogicException; use Alchemy\Phrasea\Exception\LogicException;
use Doctrine\ORM\EntityManager; use Doctrine\ORM\EntityManager;
use Alchemy\Phrasea\Model\Entities\AggregateToken; use Alchemy\Phrasea\Model\Entities\AggregateToken;
@@ -74,12 +75,12 @@ class Aggregate implements FeedInterface
* *
* @return Aggregate * @return Aggregate
*/ */
public static function createFromUser(EntityManager $em, \User_Adapter $user) public static function createFromUser(Application $app, \User_Adapter $user)
{ {
$feeds = $em->getRepository('Alchemy\Phrasea\Model\Entities\Feed')->getAllForUser($user); $feeds = $app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\Feed')->getAllForUser($app['acl']->get($user));
$token = $em->getRepository('Alchemy\Phrasea\Model\Entities\AggregateToken')->findOneBy(array('usrId' => $user->get_id())); $token = $app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\AggregateToken')->findOneBy(array('usrId' => $user->get_id()));
return new static($em, $feeds, $token); return new static($app['EM'], $feeds, $token);
} }
/** /**
@@ -92,7 +93,7 @@ class Aggregate implements FeedInterface
*/ */
public static function create(Application $app, array $feed_ids) public static function create(Application $app, array $feed_ids)
{ {
$feeds = $this->em->getRepository('Alchemy\Phrasea\Model\Entities\Feed')->findByIds($feed_ids); $feeds = $app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\Feed')->findByIds($feed_ids);
return new static($app, $feeds); return new static($app, $feeds);
} }

6
lib/Alchemy/Phrasea/Helper/Prod.php
View File

@@ -35,7 +35,7 @@ class Prod extends Helper
$searchSet = json_decode($this->app['authentication']->getUser()->getPrefs('search'), true); $searchSet = json_decode($this->app['authentication']->getUser()->getPrefs('search'), true);
foreach ($this->app['authentication']->getUser()->ACL()->get_granted_sbas() as $databox) { foreach ($this->app['acl']->get($this->app['authentication']->getUser())->get_granted_sbas() as $databox) {
$sbas_id = $databox->get_sbas_id(); $sbas_id = $databox->get_sbas_id();
$bases[$sbas_id] = array( $bases[$sbas_id] = array(
@@ -45,7 +45,7 @@ class Prod extends Helper
'sbas_id' => $sbas_id 'sbas_id' => $sbas_id
); );
foreach ($this->app['authentication']->getUser()->ACL()->get_granted_base(array(), array($databox->get_sbas_id())) as $coll) { foreach ($this->app['acl']->get($this->app['authentication']->getUser())->get_granted_base(array(), array($databox->get_sbas_id())) as $coll) {
$selected = (isset($searchSet['bases']) && $selected = (isset($searchSet['bases']) &&
isset($searchSet['bases'][$sbas_id])) ? (in_array($coll->get_base_id(), $searchSet['bases'][$sbas_id])) : true; isset($searchSet['bases'][$sbas_id])) ? (in_array($coll->get_base_id(), $searchSet['bases'][$sbas_id])) : true;
$bases[$sbas_id]['collections'][] = $bases[$sbas_id]['collections'][] =
@@ -83,7 +83,7 @@ class Prod extends Helper
if (! $bases[$sbas_id]['thesaurus']) { if (! $bases[$sbas_id]['thesaurus']) {
continue; continue;
} }
if ( ! $this->app['authentication']->getUser()->ACL()->has_right_on_sbas($sbas_id, 'bas_modif_th')) { if ( ! $this->app['acl']->get($this->app['authentication']->getUser())->has_right_on_sbas($sbas_id, 'bas_modif_th')) {
continue; continue;
} }

38
lib/Alchemy/Phrasea/Helper/User/Edit.php
View File

@@ -74,11 +74,11 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
protected function delete_user(\User_Adapter $user) protected function delete_user(\User_Adapter $user)
{ {
$list = array_keys($this->app['authentication']->getUser()->ACL()->get_granted_base(array('canadmin'))); $list = array_keys($this->app['acl']->get($this->app['authentication']->getUser())->get_granted_base(array('canadmin')));
$user->ACL()->revoke_access_from_bases($list); $this->app['acl']->get($user)->revoke_access_from_bases($list);
if ($user->ACL()->is_phantom()) { if ($this->app['acl']->get($user)->is_phantom()) {
$user->delete(); $user->delete();
} }
@@ -87,7 +87,7 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
public function get_users_rights() public function get_users_rights()
{ {
$list = array_keys($this->app['authentication']->getUser()->ACL()->get_granted_base(array('canadmin'))); $list = array_keys($this->app['acl']->get($this->app['authentication']->getUser())->get_granted_base(array('canadmin')));
$sql = "SELECT $sql = "SELECT
b.sbas_id, b.sbas_id,
@@ -441,7 +441,7 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
public function apply_rights() public function apply_rights()
{ {
$request = \http_request::getInstance(); $request = \http_request::getInstance();
$ACL = $this->app['authentication']->getUser()->ACL(); $ACL = $this->app['acl']->get($this->app['authentication']->getUser());
$base_ids = array_keys($ACL->get_granted_base(array('canadmin'))); $base_ids = array_keys($ACL->get_granted_base(array('canadmin')));
$update = $create = $delete = $create_sbas = $update_sbas = array(); $update = $create = $delete = $create_sbas = $update_sbas = array();
@@ -535,21 +535,21 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
$this->app['phraseanet.appbox']->get_connection()->beginTransaction(); $this->app['phraseanet.appbox']->get_connection()->beginTransaction();
$user = \User_Adapter::getInstance($usr_id, $this->app); $user = \User_Adapter::getInstance($usr_id, $this->app);
$user->ACL()->revoke_access_from_bases($delete) $this->app['acl']->get($user)->revoke_access_from_bases($delete)
->give_access_to_base($create) ->give_access_to_base($create)
->give_access_to_sbas($create_sbas); ->give_access_to_sbas($create_sbas);
foreach ($update as $base_id => $rights) { foreach ($update as $base_id => $rights) {
$user->ACL()->update_rights_to_base($base_id, $rights); $this->app['acl']->get($user)->update_rights_to_base($base_id, $rights);
} }
foreach ($update_sbas as $sbas_id => $rights) { foreach ($update_sbas as $sbas_id => $rights) {
$user->ACL()->update_rights_to_sbas($sbas_id, $rights); $this->app['acl']->get($user)->update_rights_to_sbas($sbas_id, $rights);
} }
$this->app['phraseanet.appbox']->get_connection()->commit(); $this->app['phraseanet.appbox']->get_connection()->commit();
$user->ACL()->revoke_unused_sbas_rights(); $this->app['acl']->get($user)->revoke_unused_sbas_rights();
unset($user); unset($user);
} catch (\Exception $e) { } catch (\Exception $e) {
@@ -649,7 +649,7 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
throw new AccessDeniedHttpException('You are not the owner of the template'); throw new AccessDeniedHttpException('You are not the owner of the template');
} }
$base_ids = array_keys($this->app['authentication']->getUser()->ACL()->get_granted_base(array('canadmin'))); $base_ids = array_keys($this->app['acl']->get($this->app['authentication']->getUser())->get_granted_base(array('canadmin')));
foreach ($this->users as $usr_id) { foreach ($this->users as $usr_id) {
$user = \User_adapter::getInstance($usr_id, $this->app); $user = \User_adapter::getInstance($usr_id, $this->app);
@@ -658,7 +658,7 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
continue; continue;
} }
$user->ACL()->apply_model($template, $base_ids); $this->app['acl']->get($user)->apply_model($template, $base_ids);
} }
return $this; return $this;
@@ -671,9 +671,9 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
foreach ($this->users as $usr_id) { foreach ($this->users as $usr_id) {
$user = \User_Adapter::getInstance($usr_id, $this->app); $user = \User_Adapter::getInstance($usr_id, $this->app);
if ($this->request->get('quota')) if ($this->request->get('quota'))
$user->ACL()->set_quotas_on_base($this->base_id, $this->request->get('droits'), $this->request->get('restes')); $this->app['acl']->get($user)->set_quotas_on_base($this->base_id, $this->request->get('droits'), $this->request->get('restes'));
else else
$user->ACL()->remove_quotas_on_base($this->base_id); $this->app['acl']->get($user)->remove_quotas_on_base($this->base_id);
} }
return $this; return $this;
@@ -692,7 +692,7 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
foreach ($this->users as $usr_id) { foreach ($this->users as $usr_id) {
$user = \User_Adapter::getInstance($usr_id, $this->app); $user = \User_Adapter::getInstance($usr_id, $this->app);
$user->ACL()->set_masks_on_base($this->base_id, $vand_and, $vand_or, $vxor_and, $vxor_or); $this->app['acl']->get($user)->set_masks_on_base($this->base_id, $vand_and, $vand_or, $vxor_and, $vxor_or);
} }
} }
@@ -709,16 +709,16 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
$activate = !!$this->request->get('limit'); $activate = !!$this->request->get('limit');
$base_ids = array_keys($this->app['authentication']->getUser()->ACL()->get_granted_base(array('canadmin'))); $base_ids = array_keys($this->app['acl']->get($this->app['authentication']->getUser())->get_granted_base(array('canadmin')));
foreach ($this->users as $usr_id) { foreach ($this->users as $usr_id) {
$user = \User_Adapter::getInstance($usr_id, $this->app); $user = \User_Adapter::getInstance($usr_id, $this->app);
if ($this->base_id > 0) { if ($this->base_id > 0) {
$user->ACL()->set_limits($this->base_id, $activate, $dmin, $dmax); $this->app['acl']->get($user)->set_limits($this->base_id, $activate, $dmin, $dmax);
} elseif ($sbas_id > 0) { } elseif ($sbas_id > 0) {
foreach ($base_ids as $base_id) { foreach ($base_ids as $base_id) {
$user->ACL()->set_limits($base_id, $activate, $dmin, $dmax); $this->app['acl']->get($user)->set_limits($base_id, $activate, $dmin, $dmax);
} }
} else { } else {
$this->app->abort(400, 'No collection or databox id available'); $this->app->abort(400, 'No collection or databox id available');
@@ -728,11 +728,11 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
public function resetRights() public function resetRights()
{ {
$base_ids = array_keys($this->app['authentication']->getUser()->ACL()->get_granted_base(array('canadmin'))); $base_ids = array_keys($this->app['acl']->get($this->app['authentication']->getUser())->get_granted_base(array('canadmin')));
foreach ($this->users as $usr_id) { foreach ($this->users as $usr_id) {
$user = \User_Adapter::getInstance($usr_id, $this->app); $user = \User_Adapter::getInstance($usr_id, $this->app);
$ACL = $user->ACL(); $ACL = $this->app['acl']->get($user);
if ($user->is_template()) { if ($user->is_template()) {
$template = $user; $template = $user;

4
lib/Alchemy/Phrasea/Helper/User/Manage.php
View File

@@ -73,7 +73,7 @@ class Manage extends Helper
->last_model_is($this->query_parms['last_model']) ->last_model_is($this->query_parms['last_model'])
->get_inactives($this->query_parms['inactives']) ->get_inactives($this->query_parms['inactives'])
->include_templates(false) ->include_templates(false)
->on_bases_where_i_am($this->app['authentication']->getUser()->ACL(), array('canadmin')) ->on_bases_where_i_am($this->app['acl']->get($this->app['authentication']->getUser()), array('canadmin'))
->execute(); ->execute();
return $this->results->get_results(); return $this->results->get_results();
@@ -111,7 +111,7 @@ class Manage extends Helper
->last_model_is($this->query_parms['last_model']) ->last_model_is($this->query_parms['last_model'])
->get_inactives($this->query_parms['inactives']) ->get_inactives($this->query_parms['inactives'])
->include_templates(true) ->include_templates(true)
->on_bases_where_i_am($this->app['authentication']->getUser()->ACL(), array('canadmin')) ->on_bases_where_i_am($this->app['acl']->get($this->app['authentication']->getUser()), array('canadmin'))
->limit($offset_start, $results_quantity) ->limit($offset_start, $results_quantity)
->execute(); ->execute();

4
lib/Alchemy/Phrasea/Model/Entities/Feed.php
View File

@@ -461,7 +461,7 @@ class Feed implements FeedInterface
public function hasAccess(\User_Adapter $user, Application $app) public function hasAccess(\User_Adapter $user, Application $app)
{ {
if ($this->getCollection($app) instanceof collection) { if ($this->getCollection($app) instanceof collection) {
return $user->ACL()->has_access_to_base($this->collection->get_base_id()); return $app['acl']->get($user)->has_access_to_base($this->collection->get_base_id());
} }
return true; return true;
@@ -558,7 +558,7 @@ class Feed implements FeedInterface
$coll = $this->getCollection($app); $coll = $this->getCollection($app);
if ($this->isPublic() if ($this->isPublic()
|| $coll === null || $coll === null
|| in_array($coll->get_base_id(), array_keys($user->ACL()->get_granted_base()))) { || in_array($coll->get_base_id(), array_keys($app['acl']->get($user)->get_granted_base()))) {
return true; return true;
} }

19
lib/Alchemy/Phrasea/Model/Entities/User.php
View File

@@ -287,11 +287,6 @@ class User
**/ **/
private $notificationSettings; private $notificationSettings;
/**
* @var \ACL
*/
private $acl;
/** /**
* @var ArrayCollection * @var ArrayCollection
*/ */
@@ -1010,20 +1005,6 @@ class User
return $this; return $this;
} }
/**
* @param Application $app
*
* @return \ACL
*/
public function ACL(Application $app)
{
if (!$this->acl instanceof \ACL) {
$this->acl = new \ACL($this, $app);
}
return $this->acl;
}
/** /**
* @return boolean * @return boolean
*/ */

4
lib/Alchemy/Phrasea/Model/Repositories/FeedRepository.php
View File

@@ -18,9 +18,9 @@ class FeedRepository extends EntityRepository
* @param User_Adapter $user * @param User_Adapter $user
* @return \Doctrine\Common\Collections\Collection * @return \Doctrine\Common\Collections\Collection
*/ */
public function getAllForUser(\User_Adapter $user) public function getAllForUser(\ACL $userACL)
{ {
$base_ids = array_keys($user->ACL()->get_granted_base()); $base_ids = array_keys($userACL->get_granted_base());
$qb = $this $qb = $this
->createQueryBuilder('f'); ->createQueryBuilder('f');

4
lib/Alchemy/Phrasea/Out/Module/PDF.php
View File

@@ -166,7 +166,7 @@ class PDF
$fimg = $subdef->get_pathfile(); $fimg = $subdef->get_pathfile();
if (!$this->app['authentication']->getUser()->ACL()->has_right_on_base($rec->get_base_id(), "nowatermark") if (!$this->app['acl']->get($this->app['authentication']->getUser())->has_right_on_base($rec->get_base_id(), "nowatermark")
&& $subdef->get_type() == \media_subdef::TYPE_IMAGE) { && $subdef->get_type() == \media_subdef::TYPE_IMAGE) {
$fimg = \recordutils_image::watermark($this->app, $subdef); $fimg = \recordutils_image::watermark($this->app, $subdef);
} }
@@ -425,7 +425,7 @@ class PDF
$f = $subdef->get_pathfile(); $f = $subdef->get_pathfile();
if (!$this->app['authentication']->getUser()->ACL()->has_right_on_base($rec->get_base_id(), "nowatermark") if (!$this->app['acl']->get($this->app['authentication']->getUser())->has_right_on_base($rec->get_base_id(), "nowatermark")
&& $subdef->get_type() == \media_subdef::TYPE_IMAGE) && $subdef->get_type() == \media_subdef::TYPE_IMAGE)
$f = \recordutils_image::watermark($this->app, $subdef); $f = \recordutils_image::watermark($this->app, $subdef);

10
lib/Alchemy/Phrasea/SearchEngine/SearchEngineOptions.php
View File

@@ -626,12 +626,12 @@ class SearchEngineOptions
} elseif (!$app['authentication']->isAuthenticated()) { } elseif (!$app['authentication']->isAuthenticated()) {
$bas = $app->getOpenCollections(); $bas = $app->getOpenCollections();
} else { } else {
$bas = $app['authentication']->getUser()->ACL()->get_granted_base(); $bas = $app['acl']->get($app['authentication']->getUser())->get_granted_base();
} }
$bas = array_filter($bas, function ($collection) use ($app) { $bas = array_filter($bas, function ($collection) use ($app) {
if ($app['authentication']->isAuthenticated()) { if ($app['authentication']->isAuthenticated()) {
return $app['authentication']->getUser()->ACL()->has_access_to_base($collection->get_base_id()); return $app['acl']->get($app['authentication']->getUser())->has_access_to_base($collection->get_base_id());
} else { } else {
return in_array($collection, $app->getOpenCollections()); return in_array($collection, $app->getOpenCollections());
} }
@@ -645,9 +645,9 @@ class SearchEngineOptions
} }
} }
if ($app['authentication']->isAuthenticated() && $app['authentication']->getUser()->ACL()->has_right('modifyrecord')) { if ($app['authentication']->isAuthenticated() && $app['acl']->get($app['authentication']->getUser())->has_right('modifyrecord')) {
$BF = array_filter($bas, function ($collection) use ($app) { $BF = array_filter($bas, function( $collection) use ($app) {
return $app['authentication']->getUser()->ACL()->has_right_on_base($collection->get_base_id(), 'canmodifrecord'); return $app['acl']->get($app['authentication']->getUser())->has_right_on_base($collection->get_base_id(), 'canmodifrecord');
}); });
$options->allowBusinessFieldsOn($BF); $options->allowBusinessFieldsOn($BF);

16
lib/Alchemy/Phrasea/Security/Firewall.php
View File

@@ -28,7 +28,7 @@ class Firewall
{ {
$this->requireNotGuest(); $this->requireNotGuest();
if (!$this->app['authentication']->getUser()->ACL()->is_admin()) { if (!$this->app['acl']->get($this->app['authentication']->getUser())->is_admin()) {
$this->app->abort(403, 'Admin role is required'); $this->app->abort(403, 'Admin role is required');
} }
@@ -39,7 +39,7 @@ class Firewall
{ {
$this->requireAuthentication(); $this->requireAuthentication();
if (!$this->app['authentication']->getUser()->ACL()->has_access_to_module($module)) { if (!$this->app['acl']->get($this->app['authentication']->getUser())->has_access_to_module($module)) {
$this->app->abort(403, 'You do not have required rights'); $this->app->abort(403, 'You do not have required rights');
} }
@@ -50,7 +50,7 @@ class Firewall
{ {
$this->requireAuthentication(); $this->requireAuthentication();
if (!$this->app['authentication']->getUser()->ACL()->has_access_to_sbas($sbas_id)) { if (!$this->app['acl']->get($this->app['authentication']->getUser())->has_access_to_sbas($sbas_id)) {
$this->app->abort(403, 'You do not have required rights'); $this->app->abort(403, 'You do not have required rights');
} }
@@ -61,7 +61,7 @@ class Firewall
{ {
$this->requireAuthentication(); $this->requireAuthentication();
if (!$this->app['authentication']->getUser()->ACL()->has_access_to_base($base_id)) { if (!$this->app['acl']->get($this->app['authentication']->getUser())->has_access_to_base($base_id)) {
$this->app->abort(403, 'You do not have required rights'); $this->app->abort(403, 'You do not have required rights');
} }
@@ -72,7 +72,7 @@ class Firewall
{ {
$this->requireAuthentication(); $this->requireAuthentication();
if (!$this->app['authentication']->getUser()->ACL()->has_right($right)) { if (!$this->app['acl']->get($this->app['authentication']->getUser())->has_right($right)) {
$this->app->abort(403, 'You do not have required rights'); $this->app->abort(403, 'You do not have required rights');
} }
@@ -83,7 +83,7 @@ class Firewall
{ {
$this->requireAuthentication(); $this->requireAuthentication();
if (!$this->app['authentication']->getUser()->ACL()->has_right_on_base($base_id, $right)) { if (!$this->app['acl']->get($this->app['authentication']->getUser())->has_right_on_base($base_id, $right)) {
$this->app->abort(403, 'You do not have required rights'); $this->app->abort(403, 'You do not have required rights');
} }
@@ -94,7 +94,7 @@ class Firewall
{ {
$this->requireAuthentication(); $this->requireAuthentication();
if (!$this->app['authentication']->getUser()->ACL()->has_right_on_sbas($sbas_id, $right)) { if (!$this->app['acl']->get($this->app['authentication']->getUser())->has_right_on_sbas($sbas_id, $right)) {
$this->app->abort(403, 'You do not have required rights'); $this->app->abort(403, 'You do not have required rights');
} }
@@ -136,7 +136,7 @@ class Firewall
public function requireOrdersAdmin() public function requireOrdersAdmin()
{ {
if (false === !!count($this->app['authentication']->getUser()->ACL()->get_granted_base(array('order_master')))) { if (false === !!count($this->app['acl']->get($this->app['authentication']->getUser())->get_granted_base(array('order_master')))) {
$this->app->abort(403, 'You are not an order admin'); $this->app->abort(403, 'You are not an order admin');
} }

6
lib/Alchemy/Phrasea/Setup/Installer.php
View File

@@ -78,7 +78,7 @@ class Installer
{ {
$template = new \SplFileInfo(__DIR__ . '/../../../conf.d/data_templates/' . $template . '-simple.xml'); $template = new \SplFileInfo(__DIR__ . '/../../../conf.d/data_templates/' . $template . '-simple.xml');
$databox = \databox::create($this->app, $dbConn, $template, $this->app['phraseanet.registry']); $databox = \databox::create($this->app, $dbConn, $template, $this->app['phraseanet.registry']);
$this->app['authentication']->getUser()->ACL() $this->app['acl']->get($this->app['authentication']->getUser())
->give_access_to_sbas(array($databox->get_sbas_id())) ->give_access_to_sbas(array($databox->get_sbas_id()))
->update_rights_to_sbas( ->update_rights_to_sbas(
$databox->get_sbas_id(), array( $databox->get_sbas_id(), array(
@@ -89,8 +89,8 @@ class Installer
$collection = \collection::create($this->app, $databox, $this->app['phraseanet.appbox'], 'test', $this->app['authentication']->getUser()); $collection = \collection::create($this->app, $databox, $this->app['phraseanet.appbox'], 'test', $this->app['authentication']->getUser());
$this->app['authentication']->getUser()->ACL()->give_access_to_base(array($collection->get_base_id())); $this->app['acl']->get($this->app['authentication']->getUser())->give_access_to_base(array($collection->get_base_id()));
$this->app['authentication']->getUser()->ACL()->update_rights_to_base($collection->get_base_id(), array( $this->app['acl']->get($this->app['authentication']->getUser())->update_rights_to_base($collection->get_base_id(), array(
'canpush' => 1, 'cancmd' => 1 'canpush' => 1, 'cancmd' => 1
, 'canputinalbum' => 1, 'candwnldhd' => 1, 'candwnldpreview' => 1, 'canadmin' => 1 , 'canputinalbum' => 1, 'candwnldhd' => 1, 'candwnldpreview' => 1, 'canadmin' => 1
, 'actif' => 1, 'canreport' => 1, 'canaddrecord' => 1, 'canmodifrecord' => 1 , 'actif' => 1, 'canreport' => 1, 'canaddrecord' => 1, 'canmodifrecord' => 1

2
lib/Alchemy/Phrasea/Vocabulary/ControlProvider/UserProvider.php
View File

@@ -65,7 +65,7 @@ class UserProvider implements ControlProviderInterface
->like(\User_Query::LIKE_LOGIN, $query) ->like(\User_Query::LIKE_LOGIN, $query)
->like_match(\User_Query::LIKE_MATCH_OR) ->like_match(\User_Query::LIKE_MATCH_OR)
->include_phantoms(true) ->include_phantoms(true)
->on_bases_where_i_am($for_user->ACL(), array('canadmin')) ->on_bases_where_i_am($this->app['acl']->get($for_user), array('canadmin'))
->limit(0, 50) ->limit(0, 50)
->execute()->get_results(); ->execute()->get_results();

14
lib/classes/ACL.php
View File

@@ -291,7 +291,7 @@ class ACL implements cache_cacheableInterface
$sbas_to_acces = array(); $sbas_to_acces = array();
$rights_to_give = array(); $rights_to_give = array();
foreach ($template_user->ACL()->get_granted_sbas() as $databox) { foreach ($this->app['acl']->get($template_user)->get_granted_sbas() as $databox) {
$sbas_id = $databox->get_sbas_id(); $sbas_id = $databox->get_sbas_id();
if (!in_array($sbas_id, $sbas_ids)) if (!in_array($sbas_id, $sbas_ids))
@@ -302,7 +302,7 @@ class ACL implements cache_cacheableInterface
} }
foreach ($sbas_rights as $right) { foreach ($sbas_rights as $right) {
if ($template_user->ACL()->has_right_on_sbas($sbas_id, $right)) { if ($this->app['acl']->get($template_user)->has_right_on_sbas($sbas_id, $right)) {
$rights_to_give[$sbas_id][$right] = '1'; $rights_to_give[$sbas_id][$right] = '1';
} }
} }
@@ -336,7 +336,7 @@ class ACL implements cache_cacheableInterface
'11' => array('aa' => '1', 'ao' => '1', 'xa' => '1', 'xo' => '1') '11' => array('aa' => '1', 'ao' => '1', 'xa' => '1', 'xo' => '1')
); );
foreach ($template_user->ACL()->get_granted_base() as $collection) { foreach ($this->app['acl']->get($template_user)->get_granted_base() as $collection) {
$base_id = $collection->get_base_id(); $base_id = $collection->get_base_id();
if (!in_array($base_id, $base_ids)) if (!in_array($base_id, $base_ids))
@@ -347,13 +347,13 @@ class ACL implements cache_cacheableInterface
} }
foreach ($bas_rights as $right) { foreach ($bas_rights as $right) {
if ($template_user->ACL()->has_right_on_base($base_id, $right)) { if ($this->app['acl']->get($template_user)->has_right_on_base($base_id, $right)) {
$rights_to_give[$base_id][$right] = '1'; $rights_to_give[$base_id][$right] = '1';
} }
} }
$mask_and = $template_user->ACL()->get_mask_and($base_id); $mask_and = $this->app['acl']->get($template_user)->get_mask_and($base_id);
$mask_xor = $template_user->ACL()->get_mask_xor($base_id); $mask_xor = $this->app['acl']->get($template_user)->get_mask_xor($base_id);
$mask_and = ctype_digit($mask_and) ? $mask_and : '0'; $mask_and = ctype_digit($mask_and) ? $mask_and : '0';
$mask_xor = ctype_digit($mask_xor) ? $mask_xor : '0'; $mask_xor = ctype_digit($mask_xor) ? $mask_xor : '0';
@@ -408,7 +408,7 @@ class ACL implements cache_cacheableInterface
private function apply_template_time_limits(User_Interface $template_user, Array $base_ids) private function apply_template_time_limits(User_Interface $template_user, Array $base_ids)
{ {
foreach ($base_ids as $base_id) { foreach ($base_ids as $base_id) {
$limited = $template_user->ACL()->get_limits($base_id); $limited = $this->app['acl']->get($template_user)->get_limits($base_id);
if (null !== $limited) { if (null !== $limited) {
$this->set_limits($base_id, '1', $limited['dmin'], $limited['dmax']); $this->set_limits($base_id, '1', $limited['dmin'], $limited['dmax']);
} else { } else {

1
lib/classes/API/V1/Interface.php
View File

@@ -10,6 +10,7 @@
*/ */
use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Request;
use Silex\Application;
/** /**
* *

14
lib/classes/API/V1/adapter.php
View File

@@ -13,7 +13,6 @@ use Alchemy\Phrasea\Feed\Aggregate;
use Alchemy\Phrasea\Feed\FeedInterface; use Alchemy\Phrasea\Feed\FeedInterface;
use Alchemy\Phrasea\SearchEngine\SearchEngineOptions; use Alchemy\Phrasea\SearchEngine\SearchEngineOptions;
use Alchemy\Phrasea\SearchEngine\SearchEngineSuggestion; use Alchemy\Phrasea\SearchEngine\SearchEngineSuggestion;
use Alchemy\Phrasea\Application;
use Alchemy\Phrasea\Border\File; use Alchemy\Phrasea\Border\File;
use Alchemy\Phrasea\Border\Attribute\Status; use Alchemy\Phrasea\Border\Attribute\Status;
use Alchemy\Phrasea\Border\Manager as BorderManager; use Alchemy\Phrasea\Border\Manager as BorderManager;
@@ -26,6 +25,7 @@ use Alchemy\Phrasea\Model\Entities\LazaretFile;
use Alchemy\Phrasea\Model\Entities\Task; use Alchemy\Phrasea\Model\Entities\Task;
use Alchemy\Phrasea\Model\Entities\UserQuery; use Alchemy\Phrasea\Model\Entities\UserQuery;
use Alchemy\Phrasea\Model\Entities\ValidationParticipant; use Alchemy\Phrasea\Model\Entities\ValidationParticipant;
use Silex\Application;
use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException; use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
@@ -660,7 +660,7 @@ class API_V1_adapter extends API_V1_Abstract
$collection = \collection::get_from_base_id($this->app, $request->get('base_id')); $collection = \collection::get_from_base_id($this->app, $request->get('base_id'));
if (!$app['authentication']->getUser()->ACL()->has_right_on_base($request->get('base_id'), 'canaddrecord')) { if (!$app['acl']->get($app['authentication']->getUser())->has_right_on_base($request->get('base_id'), 'canaddrecord')) {
throw new API_V1_exception_forbidden(sprintf('You do not have access to collection %s', $collection->get_label($this->app['locale.I18n']))); throw new API_V1_exception_forbidden(sprintf('You do not have access to collection %s', $collection->get_label($this->app['locale.I18n'])));
} }
@@ -735,7 +735,7 @@ class API_V1_adapter extends API_V1_Abstract
$offset_start = max($request->get('offset_start', 0), 0); $offset_start = max($request->get('offset_start', 0), 0);
$per_page = min(max($request->get('per_page', 10), 1), 20); $per_page = min(max($request->get('per_page', 10), 1), 20);
$baseIds = array_keys($app['authentication']->getUser()->ACL()->get_granted_base(array('canaddrecord'))); $baseIds = array_keys($app['acl']->get($app['authentication']->getUser())->get_granted_base(array('canaddrecord')));
$lazaretFiles = array(); $lazaretFiles = array();
@@ -773,7 +773,7 @@ class API_V1_adapter extends API_V1_Abstract
throw new \API_V1_exception_notfound(sprintf('Lazaret file id %d not found', $lazaret_id)); throw new \API_V1_exception_notfound(sprintf('Lazaret file id %d not found', $lazaret_id));
} }
if (!$app['authentication']->getUser()->ACL()->has_right_on_base($lazaretFile->getBaseId(), 'canaddrecord')) { if (!$app['acl']->get($app['authentication']->getUser())->has_right_on_base($lazaretFile->getBaseId(), 'canaddrecord')) {
throw new \API_V1_exception_forbidden('You do not have access to this quarantine item'); throw new \API_V1_exception_forbidden('You do not have access to this quarantine item');
} }
@@ -1477,7 +1477,7 @@ class API_V1_adapter extends API_V1_Abstract
{ {
$result = new API_V1_result($this->app, $request, $this); $result = new API_V1_result($this->app, $request, $this);
$coll = $this->app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\Feed')->getAllForUser($user); $coll = $this->app['EM']->getRepository('Alchemy\Phrasea\Model\Entities\Feed')->getAllForUser($this->app['acl']->get($user));
$datas = array(); $datas = array();
foreach ($coll as $feed) { foreach ($coll as $feed) {
@@ -1535,7 +1535,7 @@ class API_V1_adapter extends API_V1_Abstract
{ {
$result = new API_V1_result($this->app, $request, $this); $result = new API_V1_result($this->app, $request, $this);
$feed = Aggregate::createFromUser($this->app['EM'], $user); $feed = Aggregate::createFromUser($this->app, $user);
$offset_start = (int) ($request->get('offset_start') ? : 0); $offset_start = (int) ($request->get('offset_start') ? : 0);
$per_page = (int) ($request->get('per_page') ? : 5); $per_page = (int) ($request->get('per_page') ? : 5);
@@ -1562,7 +1562,7 @@ class API_V1_adapter extends API_V1_Abstract
$collection = $entry->getFeed()->getCollection($this->app); $collection = $entry->getFeed()->getCollection($this->app);
if (null !== $collection && !$user->ACL()->has_access_to_base($collection->get_base_id())) { if (null !== $collection && !$this->app['acl']->get($user)->has_access_to_base($collection->get_base_id())) {
throw new \API_V1_exception_forbidden('You have not access to the parent feed'); throw new \API_V1_exception_forbidden('You have not access to the parent feed');
} }

4
lib/classes/Session/Logger.php
View File

@@ -101,7 +101,7 @@ class Session_Logger
$colls = array(); $colls = array();
if ($app['authentication']->getUser()) { if ($app['authentication']->getUser()) {
$bases = $app['authentication']->getUser()->ACL()->get_granted_base(array(), array($databox->get_sbas_id())); $bases = $app['acl']->get($app['authentication']->getUser())->get_granted_base(array(), array($databox->get_sbas_id()));
foreach ($bases as $collection) { foreach ($bases as $collection) {
$colls[] = $collection->get_coll_id(); $colls[] = $collection->get_coll_id();
} }
@@ -224,7 +224,7 @@ class Session_Logger
); );
if (isset($appName[$appId])) { if (isset($appName[$appId])) {
$sbas_ids = array_keys($user->ACL()->get_granted_sbas()); $sbas_ids = array_keys($app['acl']->get($user)->get_granted_sbas());
foreach ($sbas_ids as $sbas_id) { foreach ($sbas_ids as $sbas_id) {
try { try {

38
lib/classes/User/Adapter.php
View File

@@ -334,16 +334,6 @@ class User_Adapter implements User_Interface, cache_cacheableInterface
return array_key_exists($id, self::$_instance) ? self::$_instance[$id] : false; return array_key_exists($id, self::$_instance) ? self::$_instance[$id] : false;
} }
/**
* Return Access Control List object for the user
*
* @return ACL
*/
public function ACL()
{
return $this->get_ACL();
}
/** /**
* *
* @param Application $app * @param Application $app
@@ -351,8 +341,8 @@ class User_Adapter implements User_Interface, cache_cacheableInterface
protected function set_app(Application $app) protected function set_app(Application $app)
{ {
$this->app = $app; $this->app = $app;
if (null !== $this->ACL) { if (null !== $app['acl']->get($this)) {
$this->ACL->set_app($app); $app['acl']->get($this)->set_app($app);
} }
} }
@@ -404,20 +394,6 @@ class User_Adapter implements User_Interface, cache_cacheableInterface
return $this; return $this;
} }
/**
* Load if needed of the ACL for the current user
*
* @return ACL
*/
protected function get_ACL()
{
if (!$this->ACL instanceof ACL) {
$this->ACL = new ACL($this, $this->app);
}
return $this->ACL;
}
/** /**
* *
* @return string * @return string
@@ -1255,7 +1231,7 @@ class User_Adapter implements User_Interface, cache_cacheableInterface
foreach ($app['phraseanet.appbox']->get_databoxes() as $databox) { foreach ($app['phraseanet.appbox']->get_databoxes() as $databox) {
foreach (array_keys($users) as $usr_id) { foreach (array_keys($users) as $usr_id) {
$user = User_Adapter::getInstance($usr_id, $app); $user = User_Adapter::getInstance($usr_id, $app);
$user->ACL()->give_access_to_sbas(array($databox->get_sbas_id())); $app['acl']->get($user)->give_access_to_sbas(array($databox->get_sbas_id()));
$rights = array( $rights = array(
'bas_manage' => '1' 'bas_manage' => '1'
@@ -1264,10 +1240,10 @@ class User_Adapter implements User_Interface, cache_cacheableInterface
, 'bas_chupub' => '1' , 'bas_chupub' => '1'
); );
$user->ACL()->update_rights_to_sbas($databox->get_sbas_id(), $rights); $app['acl']->get($user)->update_rights_to_sbas($databox->get_sbas_id(), $rights);
foreach ($databox->get_collections() as $collection) { foreach ($databox->get_collections() as $collection) {
$user->ACL()->give_access_to_base(array($collection->get_base_id())); $app['acl']->get($user)->give_access_to_base(array($collection->get_base_id()));
$rights = array( $rights = array(
'canputinalbum' => '1' 'canputinalbum' => '1'
@@ -1290,8 +1266,8 @@ class User_Adapter implements User_Interface, cache_cacheableInterface
, 'bas_modify_struct' => '1' , 'bas_modify_struct' => '1'
); );
$user->ACL()->update_rights_to_base($collection->get_base_id(), $rights); $app['acl']->get($user)->update_rights_to_base($collection->get_base_id(), $rights);
$user->ACL()->set_limits($collection->get_base_id(), false); $app['acl']->get($user)->set_limits($collection->get_base_id(), false);
} }
} }
} }

2
lib/classes/User/Interface.php
View File

@@ -24,8 +24,6 @@ interface User_Interface
public function __construct($id, Application $app); public function __construct($id, Application $app);
public function ACL();
public function set_password($pasword); public function set_password($pasword);
public function set_email($email); public function set_email($email);

6
lib/classes/collection.php
View File

@@ -525,8 +525,8 @@ class collection implements cache_cacheableInterface
while ($n < $total) { while ($n < $total) {
$results = $query->limit($n, 50)->execute()->get_results(); $results = $query->limit($n, 50)->execute()->get_results();
foreach ($results as $user) { foreach ($results as $user) {
$user->ACL()->delete_data_from_cache(ACL::CACHE_RIGHTS_SBAS); $app['acl']->get($user)->delete_data_from_cache(ACL::CACHE_RIGHTS_SBAS);
$user->ACL()->delete_data_from_cache(ACL::CACHE_RIGHTS_BAS); $app['acl']->get($user)->delete_data_from_cache(ACL::CACHE_RIGHTS_BAS);
} }
$n+=50; $n+=50;
} }
@@ -626,7 +626,7 @@ class collection implements cache_cacheableInterface
"modify_struct" => "1" "modify_struct" => "1"
); );
$user->ACL()->update_rights_to_base($base_id, $rights); $this->app['acl']->get($user)->update_rights_to_base($base_id, $rights);
return true; return true;
} }

12
lib/classes/databox.php
View File

@@ -445,9 +445,9 @@ class databox extends base
while ($n < $total) { while ($n < $total) {
$results = $query->limit($n, 50)->execute()->get_results(); $results = $query->limit($n, 50)->execute()->get_results();
foreach ($results as $user) { foreach ($results as $user) {
$user->ACL()->delete_data_from_cache(ACL::CACHE_RIGHTS_SBAS); $this->app['acl']->get($user)->delete_data_from_cache(ACL::CACHE_RIGHTS_SBAS);
$user->ACL()->delete_data_from_cache(ACL::CACHE_RIGHTS_BAS); $this->app['acl']->get($user)->delete_data_from_cache(ACL::CACHE_RIGHTS_BAS);
$user->ACL()->delete_injected_rights_sbas($this); $this->app['acl']->get($user)->delete_injected_rights_sbas($this);
} }
$n+=50; $n+=50;
} }
@@ -972,7 +972,7 @@ class databox extends base
{ {
$conn = connection::getPDOConnection($this->app); $conn = connection::getPDOConnection($this->app);
$user->ACL() $this->app['acl']->get($user)
->give_access_to_sbas(array($this->id)) ->give_access_to_sbas(array($this->id))
->update_rights_to_sbas( ->update_rights_to_sbas(
$this->id, array( $this->id, array(
@@ -1006,9 +1006,9 @@ class databox extends base
} }
} }
$user->ACL()->give_access_to_base($base_ids); $this->app['acl']->get($user)->give_access_to_base($base_ids);
foreach ($base_ids as $base_id) { foreach ($base_ids as $base_id) {
$user->ACL()->update_rights_to_base($base_id, array( $this->app['acl']->get($user)->update_rights_to_base($base_id, array(
'canpush' => 1, 'cancmd' => 1 'canpush' => 1, 'cancmd' => 1
, 'canputinalbum' => 1, 'candwnldhd' => 1, 'candwnldpreview' => 1, 'canadmin' => 1 , 'canputinalbum' => 1, 'candwnldhd' => 1, 'candwnldpreview' => 1, 'canadmin' => 1
, 'actif' => 1, 'canreport' => 1, 'canaddrecord' => 1, 'canmodifrecord' => 1 , 'actif' => 1, 'canreport' => 1, 'canaddrecord' => 1, 'canmodifrecord' => 1

2
lib/classes/databox/cgu.php
View File

@@ -64,7 +64,7 @@ class databox_cgu
$userValidation = true; $userValidation = true;
if (! $home) { if (! $home) {
if ( ! $app['authentication']->getUser()->ACL()->has_access_to_sbas($databox->get_sbas_id())) { if ( ! $app['acl']->get($app['authentication']->getUser())->has_access_to_sbas($databox->get_sbas_id())) {
continue; continue;
} }
$userValidation = ($app['authentication']->getUser()->getPrefs('terms_of_use_' . $databox->get_sbas_id()) !== $update && trim($value) !== ''); $userValidation = ($app['authentication']->getUser()->getPrefs('terms_of_use_' . $databox->get_sbas_id()) !== $update && trim($value) !== '');

8
lib/classes/databox/status.php
View File

@@ -136,7 +136,7 @@ class databox_status
return self::$_statuses; return self::$_statuses;
} }
$sbas_ids = $app['authentication']->getUser()->ACL()->get_granted_sbas(); $sbas_ids = $app['acl']->get($app['authentication']->getUser())->get_granted_sbas();
$statuses = array(); $statuses = array();
@@ -157,7 +157,7 @@ class databox_status
{ {
$statuses = array(); $statuses = array();
$sbas_ids = $app['authentication']->getUser()->ACL()->get_granted_sbas(); $sbas_ids = $app['acl']->get($app['authentication']->getUser())->get_granted_sbas();
$see_all = array(); $see_all = array();
@@ -165,7 +165,7 @@ class databox_status
$see_all[$databox->get_sbas_id()] = false; $see_all[$databox->get_sbas_id()] = false;
foreach ($databox->get_collections() as $collection) { foreach ($databox->get_collections() as $collection) {
if ($app['authentication']->getUser()->ACL()->has_right_on_base($collection->get_base_id(), 'chgstatus')) { if ($app['acl']->get($app['authentication']->getUser())->has_right_on_base($collection->get_base_id(), 'chgstatus')) {
$see_all[$databox->get_sbas_id()] = true; $see_all[$databox->get_sbas_id()] = true;
break; break;
} }
@@ -183,7 +183,7 @@ class databox_status
$see_this = isset($see_all[$sbas_id]) ? $see_all[$sbas_id] : false; $see_this = isset($see_all[$sbas_id]) ? $see_all[$sbas_id] : false;
if ($app['authentication']->getUser()->ACL()->has_right_on_sbas($sbas_id, 'bas_modify_struct')) { if ($app['acl']->get($app['authentication']->getUser())->has_right_on_sbas($sbas_id, 'bas_modify_struct')) {
$see_this = true; $see_this = true;
} }

2
lib/classes/eventsmanager/notify/autoregister.php
View File

@@ -225,7 +225,7 @@ class eventsmanager_notify_autoregister extends eventsmanager_notifyAbstract
return false; return false;
} }
if ($this->app['authentication']->getUser()->ACL()->has_right('manageusers') === true) { if ($this->app['acl']->get($this->app['authentication']->getUser())->has_right('manageusers') === true) {
$bool = true; $bool = true;
} }

2
lib/classes/eventsmanager/notify/order.php
View File

@@ -192,7 +192,7 @@ class eventsmanager_notify_order extends eventsmanager_notifyAbstract
return false; return false;
} }
if ($this->app['authentication']->getUser()->ACL()->has_right('order_master')) { if ($this->app['acl']->get($this->app['authentication']->getUser())->has_right('order_master')) {
$bool = true; $bool = true;
} }

2
lib/classes/eventsmanager/notify/register.php
View File

@@ -204,7 +204,7 @@ class eventsmanager_notify_register extends eventsmanager_notifyAbstract
return false; return false;
} }
if ($this->app['authentication']->getUser()->ACL()->has_right('manageusers')) { if ($this->app['acl']->get($this->app['authentication']->getUser())->has_right('manageusers')) {
$bool = true; $bool = true;
} }

2
lib/classes/eventsmanager/notify/uploadquarantine.php
View File

@@ -188,7 +188,7 @@ class eventsmanager_notify_uploadquarantine extends eventsmanager_notifyAbstract
public function is_available() public function is_available()
{ {
if (null !== $this->app['authentication']->getUser()) { if (null !== $this->app['authentication']->getUser()) {
return $this->app['authentication']->getUser()->ACL()->has_right('addrecord'); return $this->app['acl']->get($this->app['authentication']->getUser())->has_right('addrecord');
} }
return false; return false;

2
lib/classes/eventsmanager/notify/validationdone.php
View File

@@ -189,7 +189,7 @@ class eventsmanager_notify_validationdone extends eventsmanager_notifyAbstract
return false; return false;
} }
if ($this->app['authentication']->getUser()->ACL()->has_right('push')) { if ($this->app['acl']->get($this->app['authentication']->getUser())->has_right('push')) {
$bool = true; $bool = true;
} }

2
lib/classes/module/report/dashboard.php
View File

@@ -241,7 +241,7 @@ class module_report_dashboard implements module_report_dashboard_componentInterf
{ {
$all_coll = array(); $all_coll = array();
$base_ids = $this->usr->ACL()->get_granted_base(array('canreport')); $base_ids = $this->app['acl']->get($this->usr)->get_granted_base(array('canreport'));
foreach ($base_ids as $base_id => $collection) { foreach ($base_ids as $base_id => $collection) {
$databox = $collection->get_databox(); $databox = $collection->get_databox();

2
lib/classes/patch/320f.php
View File

@@ -207,7 +207,7 @@ class patch_320f implements patchInterface
$app['EM']->flush(); $app['EM']->flush();
} elseif ($pub_restrict == 1) { } elseif ($pub_restrict == 1) {
$collections = $user->ACL()->get_granted_base(); $collections = $app['acl']->get($user)->get_granted_base();
$collection = array_shift($collections); $collection = array_shift($collections);
if ( ! ($collection instanceof collection)) { if ( ! ($collection instanceof collection)) {
foreach ($appbox->get_databoxes() as $databox) { foreach ($appbox->get_databoxes() as $databox) {

2
lib/classes/record/adapter.php
View File

@@ -400,7 +400,7 @@ class record_adapter implements record_Interface, cache_cacheableInterface
if (isset($dstatus[$sbas_id])) { if (isset($dstatus[$sbas_id])) {
foreach ($dstatus[$sbas_id] as $n => $statbit) { foreach ($dstatus[$sbas_id] as $n => $statbit) {
if ($statbit['printable'] == '0' && if ($statbit['printable'] == '0' &&
!$this->app['authentication']->getUser()->ACL()->has_right_on_base($this->base_id, 'chgstatus')) { !$this->app['acl']->get($this->app['authentication']->getUser())->has_right_on_base($this->base_id, 'chgstatus')) {
continue; continue;
} }

14
lib/classes/record/exportElement.php
View File

@@ -107,17 +107,17 @@ class record_exportElement extends record_adapter
'thumbnail' => true 'thumbnail' => true
); );
if ($this->app['authentication']->getUser()->ACL()->has_right_on_base($this->get_base_id(), 'candwnldhd')) { if ($this->app['acl']->get($this->app['authentication']->getUser())->has_right_on_base($this->get_base_id(), 'candwnldhd')) {
$go_dl['document'] = true; $go_dl['document'] = true;
} }
if ($this->app['authentication']->getUser()->ACL()->has_right_on_base($this->get_base_id(), 'candwnldpreview')) { if ($this->app['acl']->get($this->app['authentication']->getUser())->has_right_on_base($this->get_base_id(), 'candwnldpreview')) {
$go_dl['preview'] = true; $go_dl['preview'] = true;
} }
if ($this->app['authentication']->getUser()->ACL()->has_hd_grant($this)) { if ($this->app['acl']->get($this->app['authentication']->getUser())->has_hd_grant($this)) {
$go_dl['document'] = true; $go_dl['document'] = true;
$go_dl['preview'] = true; $go_dl['preview'] = true;
} }
if ($this->app['authentication']->getUser()->ACL()->has_preview_grant($this)) { if ($this->app['acl']->get($this->app['authentication']->getUser())->has_preview_grant($this)) {
$go_dl['preview'] = true; $go_dl['preview'] = true;
} }
@@ -127,14 +127,14 @@ class record_exportElement extends record_adapter
->who_have_right(array('order_master')) ->who_have_right(array('order_master'))
->execute()->get_results(); ->execute()->get_results();
$go_cmd = (count($masters) > 0 && $this->app['authentication']->getUser()->ACL()->has_right_on_base($this->base_id, 'cancmd')); $go_cmd = (count($masters) > 0 && $this->app['acl']->get($this->app['authentication']->getUser())->has_right_on_base($this->base_id, 'cancmd'));
$orderable['document'] = false; $orderable['document'] = false;
$downloadable['document'] = false; $downloadable['document'] = false;
if (isset($sd['document']) && is_file($sd['document']->get_pathfile())) { if (isset($sd['document']) && is_file($sd['document']->get_pathfile())) {
if ($go_dl['document'] === true) { if ($go_dl['document'] === true) {
if ($this->app['authentication']->getUser()->ACL()->is_restricted_download($this->base_id)) { if ($this->app['acl']->get($this->app['authentication']->getUser())->is_restricted_download($this->base_id)) {
$this->remain_hd --; $this->remain_hd --;
if ($this->remain_hd >= 0) if ($this->remain_hd >= 0)
$downloadable['document'] = array( $downloadable['document'] = array(
@@ -182,7 +182,7 @@ class record_exportElement extends record_adapter
if (isset($sd[$name]) && $sd[$name]->is_physically_present()) { if (isset($sd[$name]) && $sd[$name]->is_physically_present()) {
if ($class == 'document') { if ($class == 'document') {
if ($this->app['authentication']->getUser()->ACL()->is_restricted_download($this->base_id)) { if ($this->app['acl']->get($this->app['authentication']->getUser())->is_restricted_download($this->base_id)) {
$this->remain_hd --; $this->remain_hd --;
if ($this->remain_hd >= 0) if ($this->remain_hd >= 0)
$downloadable[$name] = array( $downloadable[$name] = array(

8
lib/classes/record/preview.php
View File

@@ -337,7 +337,7 @@ class record_preview extends record_adapter
$tab = array(); $tab = array();
$report = $this->app['authentication']->getUser()->ACL()->has_right_on_base($this->get_base_id(), 'canreport'); $report = $this->app['acl']->get($this->app['authentication']->getUser())->has_right_on_base($this->get_base_id(), 'canreport');
$connsbas = connection::getPDOConnection($this->app, $this->get_sbas_id()); $connsbas = connection::getPDOConnection($this->app, $this->get_sbas_id());
@@ -420,7 +420,7 @@ class record_preview extends record_adapter
return $this->view_popularity; return $this->view_popularity;
} }
$report = $this->app['authentication']->getUser()->ACL()->has_right_on_base( $report = $this->app['acl']->get($this->app['authentication']->getUser())->has_right_on_base(
$this->get_base_id(), 'canreport'); $this->get_base_id(), 'canreport');
if ( ! $report && ! $this->app['phraseanet.registry']->get('GV_google_api')) { if ( ! $report && ! $this->app['phraseanet.registry']->get('GV_google_api')) {
@@ -509,7 +509,7 @@ class record_preview extends record_adapter
return $this->refferer_popularity; return $this->refferer_popularity;
} }
$report = $this->app['authentication']->getUser()->ACL()->has_right_on_base( $report = $this->app['acl']->get($this->app['authentication']->getUser())->has_right_on_base(
$this->get_base_id(), 'canreport'); $this->get_base_id(), 'canreport');
if ( ! $report && ! $this->app['phraseanet.registry']->get('GV_google_api')) { if ( ! $report && ! $this->app['phraseanet.registry']->get('GV_google_api')) {
@@ -581,7 +581,7 @@ class record_preview extends record_adapter
return $this->download_popularity; return $this->download_popularity;
} }
$report = $this->app['authentication']->getUser()->ACL()->has_right_on_base($this->get_base_id(), 'canreport'); $report = $this->app['acl']->get($this->app['authentication']->getUser())->has_right_on_base($this->get_base_id(), 'canreport');
$ret = false; $ret = false;
if ( ! $report && ! $this->app['phraseanet.registry']->get('GV_google_api')) { if ( ! $report && ! $this->app['phraseanet.registry']->get('GV_google_api')) {

40
lib/classes/set/export.php
View File

@@ -69,8 +69,8 @@ class set_export extends set_abstract
$record_id = $basket_element->getRecord($this->app)->get_record_id(); $record_id = $basket_element->getRecord($this->app)->get_record_id();
if (!isset($remain_hd[$base_id])) { if (!isset($remain_hd[$base_id])) {
if ($app['authentication']->getUser()->ACL()->is_restricted_download($base_id)) { if ($app['acl']->get($app['authentication']->getUser())->is_restricted_download($base_id)) {
$remain_hd[$base_id] = $app['authentication']->getUser()->ACL()->remaining_download($base_id); $remain_hd[$base_id] = $app['acl']->get($app['authentication']->getUser())->remaining_download($base_id);
} else { } else {
$remain_hd[$base_id] = false; $remain_hd[$base_id] = false;
} }
@@ -109,8 +109,8 @@ class set_export extends set_abstract
$record_id = $child_basrec->get_record_id(); $record_id = $child_basrec->get_record_id();
if (!isset($remain_hd[$base_id])) { if (!isset($remain_hd[$base_id])) {
if ($app['authentication']->getUser()->ACL()->is_restricted_download($base_id)) { if ($app['acl']->get($app['authentication']->getUser())->is_restricted_download($base_id)) {
$remain_hd[$base_id] = $app['authentication']->getUser()->ACL()->remaining_download($base_id); $remain_hd[$base_id] = $app['acl']->get($app['authentication']->getUser())->remaining_download($base_id);
} else { } else {
$remain_hd[$base_id] = false; $remain_hd[$base_id] = false;
} }
@@ -132,8 +132,8 @@ class set_export extends set_abstract
$record_id = $record->get_record_id(); $record_id = $record->get_record_id();
if (!isset($remain_hd[$base_id])) { if (!isset($remain_hd[$base_id])) {
if ($app['authentication']->getUser()->ACL()->is_restricted_download($base_id)) { if ($app['acl']->get($app['authentication']->getUser())->is_restricted_download($base_id)) {
$remain_hd[$base_id] = $app['authentication']->getUser()->ACL()->remaining_download($base_id); $remain_hd[$base_id] = $app['acl']->get($app['authentication']->getUser())->remaining_download($base_id);
} else { } else {
$remain_hd[$base_id] = false; $remain_hd[$base_id] = false;
} }
@@ -167,7 +167,7 @@ class set_export extends set_abstract
$this->businessFieldsAccess = false; $this->businessFieldsAccess = false;
foreach ($this->elements as $download_element) { foreach ($this->elements as $download_element) {
if ($app['authentication']->getUser()->ACL()->has_right_on_base($download_element->get_base_id(), 'canmodifrecord')) { if ($app['acl']->get($app['authentication']->getUser())->has_right_on_base($download_element->get_base_id(), 'canmodifrecord')) {
$this->businessFieldsAccess = true; $this->businessFieldsAccess = true;
} }
@@ -219,11 +219,11 @@ class set_export extends set_abstract
$display_ftp = array(); $display_ftp = array();
$hasadminright = $app['authentication']->getUser()->ACL()->has_right('addrecord') $hasadminright = $app['acl']->get($app['authentication']->getUser())->has_right('addrecord')
|| $app['authentication']->getUser()->ACL()->has_right('deleterecord') || $app['acl']->get($app['authentication']->getUser())->has_right('deleterecord')
|| $app['authentication']->getUser()->ACL()->has_right('modifyrecord') || $app['acl']->get($app['authentication']->getUser())->has_right('modifyrecord')
|| $app['authentication']->getUser()->ACL()->has_right('coll_manage') || $app['acl']->get($app['authentication']->getUser())->has_right('coll_manage')
|| $app['authentication']->getUser()->ACL()->has_right('coll_modify_struct'); || $app['acl']->get($app['authentication']->getUser())->has_right('coll_modify_struct');
$this->ftp_datas = array(); $this->ftp_datas = array();
@@ -231,7 +231,7 @@ class set_export extends set_abstract
$display_ftp = $display_download; $display_ftp = $display_download;
$this->total_ftp = $this->total_download; $this->total_ftp = $this->total_download;
$lst_base_id = array_keys($app['authentication']->getUser()->ACL()->get_granted_base()); $lst_base_id = array_keys($app['acl']->get($app['authentication']->getUser())->get_granted_base());
if ($hasadminright) { if ($hasadminright) {
$sql = "SELECT usr.usr_id,usr_login,usr.usr_mail, FtpCredential.* $sql = "SELECT usr.usr_id,usr_login,usr.usr_mail, FtpCredential.*
@@ -432,7 +432,7 @@ class set_export extends set_abstract
$BF = false; $BF = false;
if ($includeBusinessFields && $user->ACL()->has_right_on_base($download_element->get_base_id(), 'canmodifrecord')) { if ($includeBusinessFields && $this->app['acl']->get($user)->has_right_on_base($download_element->get_base_id(), 'canmodifrecord')) {
$BF = true; $BF = true;
} }
@@ -515,8 +515,8 @@ class set_export extends set_abstract
'path' => $sd[$name]->get_path() 'path' => $sd[$name]->get_path()
, 'file' => $sd[$name]->get_file() , 'file' => $sd[$name]->get_file()
); );
if (!$user->ACL()->has_right_on_base($download_element->get_base_id(), "nowatermark") if (!$this->app['acl']->get($user)->has_right_on_base($download_element->get_base_id(), "nowatermark")
&& !$user->ACL()->has_preview_grant($download_element) && !$this->app['acl']->get($user)->has_preview_grant($download_element)
&& $sd[$name]->get_type() == media_subdef::TYPE_IMAGE) { && $sd[$name]->get_type() == media_subdef::TYPE_IMAGE) {
$path = recordutils_image::watermark($this->app, $sd[$name]); $path = recordutils_image::watermark($this->app, $sd[$name]);
if (file_exists($path)) { if (file_exists($path)) {
@@ -792,7 +792,7 @@ class set_export extends set_abstract
$log["shortXml"] = $record_object->get_caption()->serialize(caption_record::SERIALIZE_XML); $log["shortXml"] = $record_object->get_caption()->serialize(caption_record::SERIALIZE_XML);
$tmplog[$record_object->get_base_id()][] = $log; $tmplog[$record_object->get_base_id()][] = $log;
if (!$anonymous && $o == 'document') { if (!$anonymous && $o == 'document') {
$app['authentication']->getUser()->ACL()->remove_remaining($record_object->get_base_id()); $app['acl']->get($app['authentication']->getUser())->remove_remaining($record_object->get_base_id());
} }
} }
@@ -810,11 +810,11 @@ class set_export extends set_abstract
$stmt = $app['phraseanet.appbox']->get_connection()->prepare($sql); $stmt = $app['phraseanet.appbox']->get_connection()->prepare($sql);
foreach ($list_base as $base_id) { foreach ($list_base as $base_id) {
if ($app['authentication']->getUser()->ACL()->is_restricted_download($base_id)) { if ($app['acl']->get($app['authentication']->getUser())->is_restricted_download($base_id)) {
$params = array( $params = array(
':remain_dl' => $app['authentication']->getUser()->ACL()->remaining_download($base_id) ':remain_dl' => $app['acl']->get($app['authentication']->getUser())->remaining_download($base_id)
, ':base_id' => $base_id , ':base_id' => $base_id
, ':usr_id' => $app['authentication']->getUser()->get_id() , ':usr_id' => $app['acl']->get($app['authentication']->getUser())->get_id()
); );
$stmt->execute($params); $stmt->execute($params);

14
lib/classes/set/selection.php
View File

@@ -63,26 +63,26 @@ class set_selection extends set_abstract
$sbas_id = $record->get_sbas_id(); $sbas_id = $record->get_sbas_id();
$record_id = $record->get_record_id(); $record_id = $record->get_record_id();
if (! $rights) { if (! $rights) {
if ($this->app['authentication']->getUser()->ACL()->has_hd_grant($record)) { if ($this->app['acl']->get($this->app['authentication']->getUser())->has_hd_grant($record)) {
continue; continue;
} }
if ($this->app['authentication']->getUser()->ACL()->has_preview_grant($record)) { if ($this->app['acl']->get($this->app['authentication']->getUser())->has_preview_grant($record)) {
continue; continue;
} }
if ( ! $this->app['authentication']->getUser()->ACL()->has_access_to_base($base_id)) { if ( ! $this->app['acl']->get($this->app['authentication']->getUser())->has_access_to_base($base_id)) {
$to_remove[] = $id; $to_remove[] = $id;
continue; continue;
} }
} else { } else {
foreach ($rights as $right) { foreach ($rights as $right) {
if ( ! $this->app['authentication']->getUser()->ACL()->has_right_on_base($base_id, $right)) { if ( ! $this->app['acl']->get($this->app['authentication']->getUser())->has_right_on_base($base_id, $right)) {
$to_remove[] = $id; $to_remove[] = $id;
continue; continue;
} }
} }
foreach ($sbas_rights as $right) { foreach ($sbas_rights as $right) {
if ( ! $this->app['authentication']->getUser()->ACL()->has_right_on_sbas($sbas_id, $right)) { if ( ! $this->app['acl']->get($this->app['authentication']->getUser())->has_right_on_sbas($sbas_id, $right)) {
$to_remove[] = $id; $to_remove[] = $id;
continue; continue;
} }
@@ -94,8 +94,8 @@ class set_selection extends set_abstract
$sql = 'SELECT record_id $sql = 'SELECT record_id
FROM record FROM record
WHERE ((status ^ ' . $this->app['authentication']->getUser()->ACL()->get_mask_xor($base_id) . ') WHERE ((status ^ ' . $this->app['acl']->get($this->app['authentication']->getUser())->get_mask_xor($base_id) . ')
& ' . $this->app['authentication']->getUser()->ACL()->get_mask_and($base_id) . ')=0 & ' . $this->app['acl']->get($this->app['authentication']->getUser())->get_mask_and($base_id) . ')=0
AND record_id = :record_id'; AND record_id = :record_id';
$stmt = $connsbas->prepare($sql); $stmt = $connsbas->prepare($sql);

18
templates/web/admin/collection/collection.html.twig
View File

@@ -34,7 +34,7 @@
<li>{{ collection.get_record_amount() }} records <a class="ajax" target="rights" href="{{ path('admin_collection_display_document_details', { 'bas_id' : collection.get_base_id() }) }}">{% trans 'phraseanet:: details' %}</a></li> <li>{{ collection.get_record_amount() }} records <a class="ajax" target="rights" href="{{ path('admin_collection_display_document_details', { 'bas_id' : collection.get_base_id() }) }}">{% trans 'phraseanet:: details' %}</a></li>
</ul> </ul>
{% if app['authentication'].getUser().ACL.has_right_on_base(bas_id, 'manage') %} {% if app['acl'].get(app['authentication'].getUser()).has_right_on_base(bas_id, 'manage') %}
<div class="well well-small"> <div class="well well-small">
<h5>{% trans 'admin::collection:: Gestionnaires des commandes' %}</h5> <h5>{% trans 'admin::collection:: Gestionnaires des commandes' %}</h5>
<form id="admin_adder" action="{{ path('admin_collection_submit_order_admins', { 'bas_id' : bas_id }) }}" method="post" style="margin:0;"> <form id="admin_adder" action="{{ path('admin_collection_submit_order_admins', { 'bas_id' : bas_id }) }}" method="post" style="margin:0;">
@@ -143,7 +143,7 @@
<h5>{% trans 'admin::base:collection: minilogo actuel' %}</h5> <h5>{% trans 'admin::base:collection: minilogo actuel' %}</h5>
{% if collection.getLogo(bas_id, app) is not empty %} {% if collection.getLogo(bas_id, app) is not empty %}
<div class="thumbnail" style="width:120px;height:24px;margin-top:5px;margin-bottom:5px">{{ collection.getLogo(bas_id, app) | raw }}</div> <div class="thumbnail" style="width:120px;height:24px;margin-top:5px;margin-bottom:5px">{{ collection.getLogo(bas_id, app) | raw }}</div>
{% if app['authentication'].getUser().ACL.has_right_on_base(bas_id, 'manage') %} {% if app['acl'].get(app['authentication'].getUser()).has_right_on_base(bas_id, 'manage') %}
<form method="post" action="{{ path('admin_collection_delete_logo', { 'bas_id' : bas_id }) }}" style="margin:0;"> <form method="post" action="{{ path('admin_collection_delete_logo', { 'bas_id' : bas_id }) }}" style="margin:0;">
<button class="btn btn-danger btn-mini" > <button class="btn btn-danger btn-mini" >
<i class="icon-trash icon-white"></i> <i class="icon-trash icon-white"></i>
@@ -151,7 +151,7 @@
</button> </button>
</form> </form>
{% endif%} {% endif%}
{% elseif app['authentication'].getUser().ACL.has_right_on_base(bas_id, 'manage') %} {% elseif app['acl'].get(app['authentication'].getUser()).has_right_on_base(bas_id, 'manage') %}
<span>{% trans 'admin::base:collection: aucun fichier (minilogo, watermark ...)' %}</span> <span>{% trans 'admin::base:collection: aucun fichier (minilogo, watermark ...)' %}</span>
<form class="fileupload no-ajax" enctype="multipart/form-data" method="post" action="{{ path('admin_collection_submit_logo', { 'bas_id' : bas_id }) }}" style="margin:0;"> <form class="fileupload no-ajax" enctype="multipart/form-data" method="post" action="{{ path('admin_collection_submit_logo', { 'bas_id' : bas_id }) }}" style="margin:0;">
<span class="btn btn-success fileinput-button"> <span class="btn btn-success fileinput-button">
@@ -168,7 +168,7 @@
<h5>{% trans "Watermark" %}</h5> <h5>{% trans "Watermark" %}</h5>
{% if collection.getWatermark(bas_id) is not empty %} {% if collection.getWatermark(bas_id) is not empty %}
<div class="thumbnail">{{ collection.getWatermark(bas_id)| raw }}</div> <div class="thumbnail">{{ collection.getWatermark(bas_id)| raw }}</div>
{% if app['authentication'].getUser().ACL.has_right_on_base(bas_id, 'manage') %} {% if app['acl'].get(app['authentication'].getUser()).has_right_on_base(bas_id, 'manage') %}
<form method="post" action="{{ path('admin_collection_delete_watermark', { 'bas_id' : bas_id }) }}" style="margin:0;"> <form method="post" action="{{ path('admin_collection_delete_watermark', { 'bas_id' : bas_id }) }}" style="margin:0;">
<button class="btn btn-danger btn-mini"> <button class="btn btn-danger btn-mini">
<i class="icon-trash icon-white"></i> <i class="icon-trash icon-white"></i>
@@ -176,7 +176,7 @@
</button> </button>
</form> </form>
{% endif%} {% endif%}
{% elseif app['authentication'].getUser().ACL.has_right_on_base(bas_id, 'manage') %} {% elseif app['acl'].get(app['authentication'].getUser()).has_right_on_base(bas_id, 'manage') %}
<span>{% trans 'admin::base:collection: aucun fichier (minilogo, watermark ...)' %}</span> <span>{% trans 'admin::base:collection: aucun fichier (minilogo, watermark ...)' %}</span>
<form class="fileupload no-ajax" enctype="multipart/form-data" method="post" action="{{ path('admin_collection_submit_watermark', { 'bas_id' : bas_id }) }}" style="margin:0;"> <form class="fileupload no-ajax" enctype="multipart/form-data" method="post" action="{{ path('admin_collection_submit_watermark', { 'bas_id' : bas_id }) }}" style="margin:0;">
<span class="btn btn-success fileinput-button"> <span class="btn btn-success fileinput-button">
@@ -193,7 +193,7 @@
<h5>{% trans "Stamp logo" %}</h5> <h5>{% trans "Stamp logo" %}</h5>
{% if collection.getStamp(bas_id) is not empty %} {% if collection.getStamp(bas_id) is not empty %}
<div class="thumbnail" style="max-height:120px;max-width:260px">{{ collection.getStamp(bas_id)| raw }}</div> <div class="thumbnail" style="max-height:120px;max-width:260px">{{ collection.getStamp(bas_id)| raw }}</div>
{% if app['authentication'].getUser().ACL.has_right_on_base(bas_id, 'manage') %} {% if app['acl'].get(app['authentication'].getUser()).has_right_on_base(bas_id, 'manage') %}
<form method="post" action="{{ path('admin_collection_delete_stamp', { 'bas_id' : bas_id }) }}" style="margin:0;"> <form method="post" action="{{ path('admin_collection_delete_stamp', { 'bas_id' : bas_id }) }}" style="margin:0;">
<button class="btn btn-danger btn-mini"> <button class="btn btn-danger btn-mini">
<i class="icon-trash icon-white"></i> <i class="icon-trash icon-white"></i>
@@ -201,7 +201,7 @@
</button> </button>
</form> </form>
{% endif%} {% endif%}
{% elseif app['authentication'].getUser().ACL.has_right_on_base(bas_id, 'manage') %} {% elseif app['acl'].get(app['authentication'].getUser()).has_right_on_base(bas_id, 'manage') %}
<span>{% trans 'admin::base:collection: aucun fichier (minilogo, watermark ...)' %}</span> <span>{% trans 'admin::base:collection: aucun fichier (minilogo, watermark ...)' %}</span>
<form class="fileupload no-ajax" enctype="multipart/form-data" method="post" action="{{ path('admin_collection_submit_stamp', { 'bas_id' : bas_id }) }}" style="margin:0;"> <form class="fileupload no-ajax" enctype="multipart/form-data" method="post" action="{{ path('admin_collection_submit_stamp', { 'bas_id' : bas_id }) }}" style="margin:0;">
<span class="btn btn-success fileinput-button"> <span class="btn btn-success fileinput-button">
@@ -218,7 +218,7 @@
<h5>{% trans 'admin::base:collection: image de presentation : ' %}</h5> <h5>{% trans 'admin::base:collection: image de presentation : ' %}</h5>
{% if collection.getPresentation(bas_id) is not empty %} {% if collection.getPresentation(bas_id) is not empty %}
<div class="thumbnail" style="width:650px;height:200px">{{ collection.getPresentation(bas_id)| raw }}</div> <div class="thumbnail" style="width:650px;height:200px">{{ collection.getPresentation(bas_id)| raw }}</div>
{% if app['authentication'].getUser().ACL.has_right_on_base(bas_id, 'manage') %} {% if app['acl'].get(app['authentication'].getUser()).has_right_on_base(bas_id, 'manage') %}
<form method="post" action="{{ path('admin_collection_delete_banner', { 'bas_id' : bas_id }) }}" style="margin:0;"> <form method="post" action="{{ path('admin_collection_delete_banner', { 'bas_id' : bas_id }) }}" style="margin:0;">
<button class="btn btn-danger btn-mini"> <button class="btn btn-danger btn-mini">
<i class="icon-trash icon-white"></i> <i class="icon-trash icon-white"></i>
@@ -226,7 +226,7 @@
</button> </button>
</form> </form>
{% endif%} {% endif%}
{% elseif app['authentication'].getUser().ACL.has_right_on_base(bas_id, 'manage') %} {% elseif app['acl'].get(app['authentication'].getUser()).has_right_on_base(bas_id, 'manage') %}
<span>{% trans 'admin::base:collection: aucun fichier (minilogo, watermark ...)' %}</span> <span>{% trans 'admin::base:collection: aucun fichier (minilogo, watermark ...)' %}</span>
<form class="fileupload no-ajax" enctype="multipart/form-data" method="post" action="{{ path('admin_collection_submit_banner', { 'bas_id' : bas_id }) }}" style="margin:0;"> <form class="fileupload no-ajax" enctype="multipart/form-data" method="post" action="{{ path('admin_collection_submit_banner', { 'bas_id' : bas_id }) }}" style="margin:0;">
<span class="btn btn-success fileinput-button"> <span class="btn btn-success fileinput-button">

4
templates/web/admin/collection/create.html.twig
View File

@@ -32,10 +32,10 @@
</div> </div>
<div class="control-group"> <div class="control-group">
<div class="controls"> <div class="controls">
{% if app['authentication'].getUser().ACL().get_granted_base(["canadmin"]) | length > 0 %} {% if app['acl'].get(app['authentication'].getUser()).get_granted_base(["canadmin"]) | length > 0 %}
<select id="othcollsel" name="othcollsel" disabled> <select id="othcollsel" name="othcollsel" disabled>
<option>{% trans "choisir" %}</option> <option>{% trans "choisir" %}</option>
{% for collection in app['authentication'].getUser().ACL().get_granted_base(["canadmin"]) %} {% for collection in app['acl'].get(app['authentication'].getUser()).get_granted_base(["canadmin"]) %}
<option value="{{ collection.get_base_id() }}">{{ collection.get_label(app['locale.I18n']) }}</option> <option value="{{ collection.get_base_id() }}">{{ collection.get_label(app['locale.I18n']) }}</option>
{% endfor %} {% endfor %}
</select> </select>

2
templates/web/admin/connected-users.html.twig
View File

@@ -24,7 +24,7 @@
<tr> <tr>
<td colspan="2"><strong>{{ 'admin::monitor: bases sur lesquelles l\'utilisateur est connecte : ' | trans }} :</strong></td> <td colspan="2"><strong>{{ 'admin::monitor: bases sur lesquelles l\'utilisateur est connecte : ' | trans }} :</strong></td>
</tr> </tr>
{% for databox in user.ACL().get_granted_sbas() %} {% for databox in app['acl'].get(user).get_granted_sbas() %}
<tr> <tr>
<td colspan="2" style="overflow:hidden;" >{{ databox.get_label(app['locale.I18n']) }}</td> <td colspan="2" style="overflow:hidden;" >{{ databox.get_label(app['locale.I18n']) }}</td>
</tr> </tr>

2
templates/web/admin/databases.html.twig
View File

@@ -43,7 +43,7 @@
</ul> </ul>
</div> </div>
{% if app['authentication'].getUser().ACL().is_admin() %} {% if app['acl'].get(app['authentication'].getUser()).is_admin() %}
<div class="db_infos"> <div class="db_infos">
<h2>{% trans 'admin::base: Version' %}</h2> <h2>{% trans 'admin::base: Version' %}</h2>

10
templates/web/admin/databox/databox.html.twig
View File

@@ -30,7 +30,7 @@
<li> <li>
{% trans 'admin::base: Alias' %} : <span id="viewname">{{ databox.get_label(app['locale.I18n']) }}</span> {% trans 'admin::base: Alias' %} : <span id="viewname">{{ databox.get_label(app['locale.I18n']) }}</span>
{% if app['authentication'].getUser().ACL().has_right_on_sbas(databox.get_sbas_id(), "bas_manage") %} {% if app['acl'].get(app['authentication'].getUser()).has_right_on_sbas(databox.get_sbas_id(), "bas_manage") %}
<img src="/skins/icons/edit_0.gif" id="show-view-name" /> <img src="/skins/icons/edit_0.gif" id="show-view-name" />
<div class="well well-small" id="change-view-name" style="display:none;"> <div class="well well-small" id="change-view-name" style="display:none;">
<form method="post" action="{{ path('admin_database_rename', {'databox_id': databox.get_sbas_id()}) }}"> <form method="post" action="{{ path('admin_database_rename', {'databox_id': databox.get_sbas_id()}) }}">
@@ -87,7 +87,7 @@
</div> </div>
</div> </div>
{% if app['authentication'].getUser().ACL().has_right_on_sbas(databox.get_sbas_id(), "bas_manage") %} {% if app['acl'].get(app['authentication'].getUser()).has_right_on_sbas(databox.get_sbas_id(), "bas_manage") %}
<div> <div>
<form method="post" action="{{ path('admin_database_set_indexable', {'databox_id': databox.get_sbas_id()}) }}" style="margin:0;"> <form method="post" action="{{ path('admin_database_set_indexable', {'databox_id': databox.get_sbas_id()}) }}" style="margin:0;">
<label class="checkbox" for="is_indexable"> <label class="checkbox" for="is_indexable">
@@ -178,7 +178,7 @@
<li> <li>
<form class="form-inline" method="post" action="{{ path('admin_database_mount_collection', {'databox_id': databox.get_sbas_id(), 'collection_id' : collId }) }}"> <form class="form-inline" method="post" action="{{ path('admin_database_mount_collection', {'databox_id': databox.get_sbas_id(), 'collection_id' : collId }) }}">
{% trans "Monter" %} {{ name }} {% trans "Monter" %} {{ name }}
{% if app['authentication'].getUser().ACL().get_granted_base(["canadmin"]) | length > 0 %} {% if app['acl'].get(app['authentication'].getUser()).get_granted_base(["canadmin"]) | length > 0 %}
<label for="othcollsel">{% trans "admin::base:collection: Vous pouvez choisir une collection de reference pour donenr des acces " %}</label> <label for="othcollsel">{% trans "admin::base:collection: Vous pouvez choisir une collection de reference pour donenr des acces " %}</label>
<select id="othcollsel" name="othcollsel" > <select id="othcollsel" name="othcollsel" >
<option>{% trans "choisir" %}</option> <option>{% trans "choisir" %}</option>
@@ -227,7 +227,7 @@
<h4>{% trans "admin::base: logo impression PDF" %}</h4> <h4>{% trans "admin::base: logo impression PDF" %}</h4>
<div id="printLogoDIV_OK"> <div id="printLogoDIV_OK">
<img class="thumbnail" id="printLogo" src="/custom/minilogos/logopdf_{{ databox.get_sbas_id() }}.jpg" /> <img class="thumbnail" id="printLogo" src="/custom/minilogos/logopdf_{{ databox.get_sbas_id() }}.jpg" />
{% if app['authentication'].getUser().ACL().has_right_on_sbas(databox.get_sbas_id(), "bas_manage") %} {% if app['acl'].get(app['authentication'].getUser()).has_right_on_sbas(databox.get_sbas_id(), "bas_manage") %}
<form method="post" target="right" action="{{ path('admin_database_delete_logo', {'databox_id': databox.get_sbas_id()}) }}" > <form method="post" target="right" action="{{ path('admin_database_delete_logo', {'databox_id': databox.get_sbas_id()}) }}" >
<button class="btn btn-mini btn-danger">{% trans "admin::base:collection: supprimer le logo" %}</button> <button class="btn btn-mini btn-danger">{% trans "admin::base:collection: supprimer le logo" %}</button>
</form> </form>
@@ -235,7 +235,7 @@
</div> </div>
<div id="printLogoDIV_NONE"> <div id="printLogoDIV_NONE">
{% trans "admin::base:collection: aucun fichier (minilogo, watermark ...)" %} {% trans "admin::base:collection: aucun fichier (minilogo, watermark ...)" %}
{% if app['authentication'].getUser().ACL().has_right_on_sbas(databox.get_sbas_id(), "bas_manage") %} {% if app['acl'].get(app['authentication'].getUser()).has_right_on_sbas(databox.get_sbas_id(), "bas_manage") %}
<input id="fileupload" class="no-ajax" type="file" name="newLogoPdf" data-url="{{ path('admin_database_submit_logo', {'databox_id': databox.get_sbas_id()}) }}" accept="image/jpg, image/jpeg"> <input id="fileupload" class="no-ajax" type="file" name="newLogoPdf" data-url="{{ path('admin_database_submit_logo', {'databox_id': databox.get_sbas_id()}) }}" accept="image/jpg, image/jpeg">
<i>{% trans "admin::base: envoyer un logo (jpeg 35px de hauteur max)" %}</i> <i>{% trans "admin::base: envoyer un logo (jpeg 35px de hauteur max)" %}</i>
{% endif %} {% endif %}

6
templates/web/admin/editusers.html.twig
View File

@@ -25,7 +25,7 @@
{% endif %} {% endif %}
{% if name == 'access' %} {% if name == 'access' %}
{% if class != 'checked' and type == 'base' and admin.ACL().has_access_to_base(id) is empty %} {% if class != 'checked' and type == 'base' and app['acl'].get(admin).has_access_to_base(id) is empty %}
<div class="no_switch"> <div class="no_switch">
</div> </div>
{% else %} {% else %}
@@ -34,10 +34,10 @@
</div> </div>
{% endif %} {% endif %}
{% else %} {% else %}
{% if class != 'checked' and type == 'base' and admin.ACL().has_right_on_base(id, name) is empty %} {% if class != 'checked' and type == 'base' and app['acl'].get(admin).has_right_on_base(id, name) is empty %}
<div class="no_switch"> <div class="no_switch">
</div> </div>
{% elseif class != 'checked' and type == 'sbas' and admin.ACL().has_right_on_sbas(id, name) is empty %} {% elseif class != 'checked' and type == 'sbas' and app['acl'].get(admin).has_right_on_sbas(id, name) is empty %}
<div class="no_switch"> <div class="no_switch">
</div> </div>
{% else %} {% else %}

2
templates/web/admin/publications/fiche.html.twig
View File

@@ -101,7 +101,7 @@
<div class="controls"> <div class="controls">
<select id="edit_pub_base_id" class="input-large" name="base_id" {% if feed.isPublic() %}disabled="disabled"{% endif %}> <select id="edit_pub_base_id" class="input-large" name="base_id" {% if feed.isPublic() %}disabled="disabled"{% endif %}>
<option value="">{% trans 'Non-Restreinte (publique)' %}</option> <option value="">{% trans 'Non-Restreinte (publique)' %}</option>
{% for databox in app['authentication'].getUser().ACL().get_granted_sbas('bas_chupub') %} {% for databox in app['acl'].get(app['authentication'].getUser()).get_granted_sbas('bas_chupub') %}
<optgroup label="{{ databox.get_label(app['locale.I18n']) }}"> <optgroup label="{{ databox.get_label(app['locale.I18n']) }}">
{% for collection in databox.get_collections() %} {% for collection in databox.get_collections() %}
<option {% if feed.getBaseId() and feed.getCollection(app).get_base_id() == collection.get_base_id() %}selected="selected"{% endif %} value="{{ collection.get_base_id() }}">{{ collection.get_name() }}</option> <option {% if feed.getBaseId() and feed.getCollection(app).get_base_id() == collection.get_base_id() %}selected="selected"{% endif %} value="{{ collection.get_base_id() }}">{{ collection.get_name() }}</option>

2
templates/web/admin/publications/list.html.twig
View File

@@ -23,7 +23,7 @@
<div class="controls"> <div class="controls">
<select id="add_pub_base_id" class="input-large" name="base_id"> <select id="add_pub_base_id" class="input-large" name="base_id">
<option value="">{% trans 'Non-Restreinte (publique)' %}</option> <option value="">{% trans 'Non-Restreinte (publique)' %}</option>
{% for databox in app['authentication'].getUser().ACL().get_granted_sbas('bas_chupub') %} {% for databox in app['acl'].get(app['authentication'].getUser()).get_granted_sbas('bas_chupub') %}
<optgroup label="{{ databox.get_label(app['locale.I18n']) }}"> <optgroup label="{{ databox.get_label(app['locale.I18n']) }}">
{% for collection in databox.get_collections() %} {% for collection in databox.get_collections() %}
<option value="{{ collection.get_base_id() }}">{{ collection.get_name() }}</option> <option value="{{ collection.get_base_id() }}">{{ collection.get_name() }}</option>

30
templates/web/admin/tree.html.twig
View File

@@ -2,7 +2,7 @@
<ul id="tree" class="filetree"> <ul id="tree" class="filetree">
{% if app['authentication'].getUser().ACL().is_admin() %} {% if app['acl'].get(app['authentication'].getUser()).is_admin() %}
<li> <li>
<a target="right" href="{{ path('admin_dashbord') }}" class="ajax"> <a target="right" href="{{ path('admin_dashbord') }}" class="ajax">
<img src="/skins/admin/Dashboard.png" /> <img src="/skins/admin/Dashboard.png" />
@@ -15,7 +15,7 @@
</li> </li>
{% endif %} {% endif %}
{% if app['authentication'].getUser().ACL().is_admin() %} {% if app['acl'].get(app['authentication'].getUser()).is_admin() %}
<li> <li>
<a target="right" href="{{ path('setup_display_globals') }}" class="ajax"> <a target="right" href="{{ path('setup_display_globals') }}" class="ajax">
<img src="/skins/admin/Setup.png" /> <img src="/skins/admin/Setup.png" />
@@ -36,7 +36,7 @@
</a> </a>
</li> </li>
{% if app['authentication'].getUser().ACL().has_right('manageusers') %} {% if app['acl'].get(app['authentication'].getUser()).has_right('manageusers') %}
<li class="{% if feature == 'users' %}selected{% endif %}"> <li class="{% if feature == 'users' %}selected{% endif %}">
<a target="right" href="{{ path('admin_users_search') }}" class="ajax zone_editusers"> <a target="right" href="{{ path('admin_users_search') }}" class="ajax zone_editusers">
<img src="/skins/admin/Users.png" /> <img src="/skins/admin/Users.png" />
@@ -51,7 +51,7 @@
</li> </li>
{% endif %} {% endif %}
{% if app['authentication'].getUser().ACL().has_right('bas_chupub') %} {% if app['acl'].get(app['authentication'].getUser()).has_right('bas_chupub') %}
<li class=""> <li class="">
<a target="right" href="{{ path('admin_feeds_list') }}" class="ajax"> <a target="right" href="{{ path('admin_feeds_list') }}" class="ajax">
<img src="/skins/icons/rss16.png" /> <img src="/skins/icons/rss16.png" />
@@ -60,7 +60,7 @@
</li> </li>
{% endif %} {% endif %}
{% if app['authentication'].getUser().ACL().has_right('taskmanager') %} {% if app['acl'].get(app['authentication'].getUser()).has_right('taskmanager') %}
<li class="{% if feature == 'taskmanager' %}selected{% endif %}"> <li class="{% if feature == 'taskmanager' %}selected{% endif %}">
<a target="right" href="{{ path('admin_tasks_list') }}" class="ajax"> <a target="right" href="{{ path('admin_tasks_list') }}" class="ajax">
<img src="/skins/admin/TaskManager.png" /> <img src="/skins/admin/TaskManager.png" />
@@ -103,7 +103,7 @@
</div> </div>
<ul> <ul>
{% if app['authentication'].getUser().ACL().has_right_on_sbas( sbas_id , 'bas_modify_struct') %} {% if app['acl'].get(app['authentication'].getUser()).has_right_on_sbas( sbas_id , 'bas_modify_struct') %}
<li> <li>
<a target="right" class="ajax" href="{{ path('database_display_stucture', { 'databox_id' : sbas_id }) }}"> <a target="right" class="ajax" href="{{ path('database_display_stucture', { 'databox_id' : sbas_id }) }}">
<img src="/skins/icons/miniadjust01.gif"/> <img src="/skins/icons/miniadjust01.gif"/>
@@ -144,7 +144,7 @@
{% set seeUsrGene = false %} {% set seeUsrGene = false %}
{% for coll in databox.get_collections() %} {% for coll in databox.get_collections() %}
{% if app['authentication'].getUser().ACL.has_right_on_base( coll.get_base_id() , 'canadmin') %} {% if app['acl'].get(app['authentication'].getUser()).has_right_on_base( coll.get_base_id() , 'canadmin') %}
{% set seeUsrGene = true %} {% set seeUsrGene = true %}
{% endif %} {% endif %}
{% endfor %} {% endfor %}
@@ -159,9 +159,9 @@
{% endif %} {% endif %}
{% for collection in databox.get_collections() %} {% for collection in databox.get_collections() %}
{% if (collection.get_base_id() in app['authentication'].getUser().ACL.get_granted_base(['canadmin'])|keys {% if (collection.get_base_id() in app['acl'].get(app['authentication'].getUser()).get_granted_base(['canadmin'])|keys
or collection.get_base_id() in app['authentication'].getUser().ACL.get_granted_base(['manage'])|keys or collection.get_base_id() in app['acl'].get(app['authentication'].getUser()).get_granted_base(['manage'])|keys
or collection.get_base_id() in app['authentication'].getUser().ACL.get_granted_base(['modify_struct'])|keys) %} or collection.get_base_id() in app['acl'].get(app['authentication'].getUser()).get_granted_base(['modify_struct'])|keys) %}
<li> <li>
<div style="padding:0 0 2px 0;"> <div style="padding:0 0 2px 0;">
@@ -171,7 +171,7 @@
</div> </div>
<ul> <ul>
{% if (app['authentication'].getUser().ACL.has_right_on_base(collection.get_base_id(), 'modify_struct')) %} {% if (app['acl'].get(app['authentication'].getUser()).has_right_on_base(collection.get_base_id(), 'modify_struct')) %}
<li> <li>
<a target="right" href="{{ path('admin_collection_display_suggested_values', { 'bas_id' : collection.get_base_id() }) }}" class="ajax"> <a target="right" href="{{ path('admin_collection_display_suggested_values', { 'bas_id' : collection.get_base_id() }) }}" class="ajax">
<img src="/skins/icons/foldph20open_0.gif"/> <img src="/skins/icons/foldph20open_0.gif"/>
@@ -180,10 +180,10 @@
</li> </li>
{% endif %} {% endif %}
{% if (app['authentication'].getUser().ACL.has_right_on_base( collection.get_base_id(), 'canadmin')) %} {% if (app['acl'].get(app['authentication'].getUser()).has_right_on_base( collection.get_base_id(), 'canadmin')) %}
{% if (app['authentication'].getUser().ACL.has_right_on_base( collection.get_base_id(), 'canmodifrecord') {% if (app['acl'].get(app['authentication'].getUser()).has_right_on_base( collection.get_base_id(), 'canmodifrecord')
and app['authentication'].getUser().ACL.has_right_on_base( collection.get_base_id(), 'manage') and app['acl'].get(app['authentication'].getUser()).has_right_on_base( collection.get_base_id(), 'manage')
and app['authentication'].getUser().ACL.has_right_on_sbas( sbas_id, 'bas_manage') ) %} and app['acl'].get(app['authentication'].getUser()).has_right_on_sbas( sbas_id, 'bas_manage') ) %}
<li> <li>
<a target="right" href="{{ path('admin_users_search', { 'base_id' : [ collection.get_base_id() ] }) }}" class="ajax"> <a target="right" href="{{ path('admin_users_search', { 'base_id' : [ collection.get_base_id() ] }) }}" class="ajax">
<img src="/skins/admin/Users.png"/> <img src="/skins/admin/Users.png"/>

2
templates/web/admin/users.html.twig
View File

@@ -130,7 +130,7 @@
{% if usr.is_template() %} {% if usr.is_template() %}
<img title="{% trans 'This is a template' %}" src="/skins/icons/template.png"/> <img title="{% trans 'This is a template' %}" src="/skins/icons/template.png"/>
{% else %} {% else %}
{% if usr.ACL().is_phantom() %} {% if app['acl'].get(usr).is_phantom() %}
<img title="{% trans 'This user has no rights' %}" src="/skins/admin/ghost.png"/> <img title="{% trans 'This user has no rights' %}" src="/skins/admin/ghost.png"/>
{% endif %} {% endif %}
{{usr.get_id()}} {{usr.get_id()}}

10
templates/web/client/baskets.html.twig
View File

@@ -45,7 +45,7 @@
<div class="baskCreate" title="{% trans 'action:: nouveau panier' %}" onclick="newBasket();"></div> <div class="baskCreate" title="{% trans 'action:: nouveau panier' %}" onclick="newBasket();"></div>
<div style="float:right;position:relative;width:3px;height:16px;"></div> <div style="float:right;position:relative;width:3px;height:16px;"></div>
{% if total_baskets > 0 and (app['authentication'].getUser().ACL().has_right("candwnldhd") or app['authentication'].getUser().ACL().has_right("candwnldpreview") or app['authentication'].getUser().ACL().has_right("cancmd") > 0) %} {% if total_baskets > 0 and (app['acl'].get(app['authentication'].getUser()).has_right("candwnldhd") or app['acl'].get(app['authentication'].getUser()).has_right("candwnldpreview") or app['acl'].get(app['authentication'].getUser()).has_right("cancmd") > 0) %}
<div class="baskDownload" title="{% trans 'action : exporter' %}" onclick="evt_dwnl();"></div> <div class="baskDownload" title="{% trans 'action : exporter' %}" onclick="evt_dwnl();"></div>
{% endif %} {% endif %}
@@ -117,10 +117,10 @@
onclick="evt_del_in_chutier({{ element.getId() }});" onclick="evt_del_in_chutier({{ element.getId() }});"
title="{% trans 'action : supprimer' %}"> title="{% trans 'action : supprimer' %}">
</div> </div>
{% if app['authentication'].getUser().ACL().has_right_on_base(record.get_base_id(), 'candwnldhd') {% if app['acl'].get(app['authentication'].getUser()).has_right_on_base(record.get_base_id(), 'candwnldhd')
or app['authentication'].getUser().ACL().has_right_on_base(record.get_base_id(), 'candwnldpreview') or app['acl'].get(app['authentication'].getUser()).has_right_on_base(record.get_base_id(), 'candwnldpreview')
or app['authentication'].getUser().ACL().has_right_on_base(record.get_base_id(), 'cancmd') or app['acl'].get(app['authentication'].getUser()).has_right_on_base(record.get_base_id(), 'cancmd')
or app['authentication'].getUser().ACL().has_preview_grant(record) %} or app['acl'].get(app['authentication'].getUser()).has_preview_grant(record) %}
<div class="baskOneDownload" onclick="evt_dwnl('{{ record.get_serialize_key() }}');" title="{% trans 'action : exporter' %}"></div> <div class="baskOneDownload" onclick="evt_dwnl('{{ record.get_serialize_key() }}');" title="{% trans 'action : exporter' %}"></div>
{% endif %} {% endif %}
</div> </div>

2
templates/web/common/caption.html.twig
View File

@@ -6,7 +6,7 @@
{% import 'common/caption_templates/preview.html.twig' as cap_prev %} {% import 'common/caption_templates/preview.html.twig' as cap_prev %}
{% if app['authentication'].getUser() %} {% if app['authentication'].getUser() %}
{% set business = app['authentication'].getUser().ACL().has_right_on_base(record.get_base_id(), 'canmodifrecord') %} {% set business = app['acl'].get(app['authentication'].getUser()).has_right_on_base(record.get_base_id(), 'canmodifrecord') %}
{% else %} {% else %}
{% set business = false %} {% set business = false %}
{% endif %} {% endif %}

6
templates/web/common/drop_down_options.html.twig
View File

@@ -8,7 +8,7 @@
<tr> <tr>
<td> <td>
<div class="context-menu context-menu-theme-vista"> <div class="context-menu context-menu-theme-vista">
{% if app['authentication'].getUser().ACL.has_right_on_base(record.get_base_id, 'canputinalbum') and not record.is_grouping() %} {% if app['acl'].get(app['authentication'].getUser()).has_right_on_base(record.get_base_id, 'canputinalbum') and not record.is_grouping() %}
<div title="" class="context-menu-item"> <div title="" class="context-menu-item">
<div class="context-menu-item-inner" <div class="context-menu-item-inner"
onclick="evt_add_in_chutier('{{record.get_sbas_id}}','{{record.get_record_id}}',false,this);return(false);"> onclick="evt_add_in_chutier('{{record.get_sbas_id}}','{{record.get_record_id}}',false,this);return(false);">
@@ -16,7 +16,7 @@
</div> </div>
</div> </div>
{% endif %} {% endif %}
{% if app['authentication'].getUser().ACL.has_right_on_base(record.get_base_id, 'candwnldpreview') or app['authentication'].getUser().ACL.has_right_on_base(record.get_base_id, 'candwnldhd') %} {% if app['acl'].get(app['authentication'].getUser()).has_right_on_base(record.get_base_id, 'candwnldpreview') or app['acl'].get(app['authentication'].getUser()).has_right_on_base(record.get_base_id, 'candwnldhd') %}
<div title="" class="context-menu-item"> <div title="" class="context-menu-item">
<div class="context-menu-item-inner" <div class="context-menu-item-inner"
onclick="evt_dwnl('{{record.get_sbas_id}}_{{record.get_record_id}}',false,this);return(false);"> onclick="evt_dwnl('{{record.get_sbas_id}}_{{record.get_record_id}}',false,this);return(false);">
@@ -30,7 +30,7 @@
{% trans 'action : print' %} {% trans 'action : print' %}
</div> </div>
</div> </div>
{% if app['phraseanet.registry'].get('GV_social_tools') == 'all' or (app['phraseanet.registry'].get('GV_social_tools') == 'publishers' and user.ACL().has_right_on_sbas(record.get_sbas_id(), 'bas_chupub')) %} {% if app['phraseanet.registry'].get('GV_social_tools') == 'all' or (app['phraseanet.registry'].get('GV_social_tools') == 'publishers' and app['acl'].get(user).has_right_on_sbas(record.get_sbas_id(), 'bas_chupub')) %}
{% if record.is_grouping() is empty %} {% if record.is_grouping() is empty %}
<div title="" class="context-menu-item"> <div title="" class="context-menu-item">
<div class="context-menu-item-inner" <div class="context-menu-item-inner"

12
templates/web/common/menubar.html.twig
View File

@@ -33,7 +33,7 @@
{% endif %} {% endif %}
</li> </li>
{% if app['browser'].isNewGeneration and app['phraseanet.registry'].get('GV_thesaurus') == true and app['authentication'].getUser().ACL.has_access_to_module('thesaurus') %} {% if app['browser'].isNewGeneration and app['phraseanet.registry'].get('GV_thesaurus') == true and app['acl'].get(app['authentication'].getUser()).has_access_to_module('thesaurus') %}
<li> <li>
<a target="_blank" href="{{ path('thesaurus') }}"> <a target="_blank" href="{{ path('thesaurus') }}">
<span class="{% if module is defined and module == "thesaurus" %}selected{% endif %}"> <span class="{% if module is defined and module == "thesaurus" %}selected{% endif %}">
@@ -45,7 +45,7 @@
{# MODULE #} {# MODULE #}
{% if app['authentication'].getUser().ACL.has_access_to_module('admin') %} {% if app['acl'].get(app['authentication'].getUser()).has_access_to_module('admin') %}
<li> <li>
<a target="_blank" href="{{ path('admin') }}"> <a target="_blank" href="{{ path('admin') }}">
<span class="{% if module is defined and module == "admin" %}selected{% endif %}"> <span class="{% if module is defined and module == "admin" %}selected{% endif %}">
@@ -56,7 +56,7 @@
{% endif %} {% endif %}
{# MODULE #} {# MODULE #}
{% if app['authentication'].getUser().ACL.has_access_to_module('report') %} {% if app['acl'].get(app['authentication'].getUser()).has_access_to_module('report') %}
<li> <li>
<a target="_blank" href="{{ path('report_dashboard') }}"> <a target="_blank" href="{{ path('report_dashboard') }}">
<span class="{% if module is defined and module == "report" %}selected{% endif %}"> <span class="{% if module is defined and module == "report" %}selected{% endif %}">
@@ -75,9 +75,9 @@
</a> </a>
</li> </li>
{# MODULE #} {# MODULE #}
{% if module is defined and module == "prod" %} {% if module is defined and module == "prod" %}
{% if app['authentication'].getUser().ACL.has_access_to_module('upload') %} {% if app['acl'].get(app['authentication'].getUser()).has_access_to_module('upload') %}
<li> <li>
{% set link = path('upload_form') %} {% set link = path('upload_form') %}
@@ -105,7 +105,7 @@
</li> </li>
{% endif %} {% endif %}
{% if module is defined and module == "prod" and app['authentication'].getUser().ACL.has_right('order_master') %} {% if module is defined and module == "prod" and app['acl'].get(app['authentication'].getUser()).has_right('order_master') %}
<li> <li>
<a href="{{ path('prod_orders') }}" class="dialog full-dialog" title="{% trans 'Orders manager' %}"> <a href="{{ path('prod_orders') }}" class="dialog full-dialog" title="{% trans 'Orders manager' %}">
<span> <span>

2
templates/web/common/preview.html.twig
View File

@@ -9,7 +9,7 @@
{% set previewHtml5 = null %} {% set previewHtml5 = null %}
{% if app['authentication'].getUser().ACL().has_access_to_subdef(record, 'preview') %} {% if app['acl'].get(app['authentication'].getUser()).has_access_to_subdef(record, 'preview') %}
{% set preview_obj = record.get_preview() %} {% set preview_obj = record.get_preview() %}
{% else %} {% else %}
{% set preview_obj = record.get_thumbnail() %} {% set preview_obj = record.get_thumbnail() %}

4
templates/web/lightbox/IE6/feed.html.twig
View File

@@ -34,7 +34,7 @@
</div> </div>
<div class="lightbox_container left"> <div class="lightbox_container left">
{% if first_item %} {% if first_item %}
{% if app['authentication'].getUser().ACL().has_access_to_subdef(first_item.getRecord(app), 'preview') %} {% if app['acl'].get(app['authentication'].getUser()).has_access_to_subdef(first_item.getRecord(app), 'preview') %}
{% set preview = first_item.getRecord(app).get_preview() %} {% set preview = first_item.getRecord(app).get_preview() %}
{% else %} {% else %}
{% set preview = first_item.getRecord(app).get_thumbnail() %} {% set preview = first_item.getRecord(app).get_thumbnail() %}
@@ -81,7 +81,7 @@
<div class="right_column_wrapper right_column_wrapper_caption left unselectable" style="width:230px;height:auto;"> <div class="right_column_wrapper right_column_wrapper_caption left unselectable" style="width:230px;height:auto;">
<div id="record_infos"> <div id="record_infos">
<div class="lightbox_container"> <div class="lightbox_container">
{% set business = app['authentication'].getUser().ACL().has_right_on_base(first_item.getRecord(app).get_base_id(), 'canmodifrecord') %} {% set business = app['acl'].get(app['authentication'].getUser()).has_right_on_base(first_item.getRecord(app).get_base_id(), 'canmodifrecord') %}
{% if first_item %} {% if first_item %}
{{caption.format_caption(first_item.getRecord(app), '', null, business)}} {{caption.format_caption(first_item.getRecord(app), '', null, business)}}
{% endif %} {% endif %}

2
templates/web/lightbox/IE6/validate.html.twig
View File

@@ -94,7 +94,7 @@
<div id="record_infos"> <div id="record_infos">
<div class="lightbox_container"> <div class="lightbox_container">
{% if basket_element %} {% if basket_element %}
{% set business = app['authentication'].getUser().ACL().has_right_on_base(basket_element.getRecord(app).get_base_id(), 'canmodifrecord') %} {% set business = app['acl'].get(app['authentication'].getUser()).has_right_on_base(basket_element.getRecord(app).get_base_id(), 'canmodifrecord') %}
{{caption.format_caption(basket_element.getRecord(app), '', null, business)}} {{caption.format_caption(basket_element.getRecord(app), '', null, business)}}
{% endif %} {% endif %}
</div> </div>

4
templates/web/lightbox/feed.html.twig
View File

@@ -42,7 +42,7 @@
</div> </div>
<div class="lightbox_container PNB record_display_box"> <div class="lightbox_container PNB record_display_box">
{% if first_item %} {% if first_item %}
{% if app['authentication'].getUser().ACL().has_access_to_subdef(first_item.getRecord(app), 'preview') %} {% if app['acl'].get(app['authentication'].getUser()).has_access_to_subdef(first_item.getRecord(app), 'preview') %}
{% set bask_prev = first_item.getRecord(app).get_preview() %} {% set bask_prev = first_item.getRecord(app).get_preview() %}
{% else %} {% else %}
{% set bask_prev = first_item.getRecord(app).get_thumbnail() %} {% set bask_prev = first_item.getRecord(app).get_thumbnail() %}
@@ -81,7 +81,7 @@
<div class="right_column_wrapper caption right_column_wrapper_caption PNB"> <div class="right_column_wrapper caption right_column_wrapper_caption PNB">
<div id="record_infos" class="PNB"> <div id="record_infos" class="PNB">
<div class="lightbox_container PNB"> <div class="lightbox_container PNB">
{% set business = app['authentication'].getUser().ACL().has_right_on_base(first_item.getRecord(app).get_base_id(), 'canmodifrecord') %} {% set business = app['acl'].get(app['authentication'].getUser()).has_right_on_base(first_item.getRecord(app).get_base_id(), 'canmodifrecord') %}
{% if first_item %} {% if first_item %}
{{caption.format_caption(first_item.getRecord(app), '', null, business)}} {{caption.format_caption(first_item.getRecord(app), '', null, business)}}
{% endif %} {% endif %}

2
templates/web/lightbox/validate.html.twig
View File

@@ -97,7 +97,7 @@
<div id="record_infos" class="PNB"> <div id="record_infos" class="PNB">
<div class="lightbox_container PNB"> <div class="lightbox_container PNB">
{% if basket_element %} {% if basket_element %}
{% set business = app['authentication'].getUser().ACL().has_right_on_base(basket_element.getRecord(app).get_base_id(), 'canmodifrecord') %} {% set business = app['acl'].get(app['authentication'].getUser()).has_right_on_base(basket_element.getRecord(app).get_base_id(), 'canmodifrecord') %}
{{caption.format_caption(basket_element.getRecord(app), '', null, business)}} {{caption.format_caption(basket_element.getRecord(app), '', null, business)}}
{% endif %} {% endif %}
</div> </div>

2
templates/web/prod/Story/Create.html.twig
View File

@@ -2,7 +2,7 @@
<label>{% trans 'Collection' %}</label> <label>{% trans 'Collection' %}</label>
<select name="base_id"> <select name="base_id">
{% for collection in app['authentication'].getUser().ACL().get_granted_base(['canaddrecord']) %} {% for collection in app['acl'].get(app['authentication'].getUser()).get_granted_base(['canaddrecord']) %}
<option value="{{ collection.get_base_id() }}">{{ collection.get_databox().get_label(app['locale.I18n']) }} / {{ collection.get_label(app['locale.I18n']) }}</option> <option value="{{ collection.get_base_id() }}">{{ collection.get_databox().get_label(app['locale.I18n']) }} / {{ collection.get_label(app['locale.I18n']) }}</option>
{% endfor %} {% endfor %}
</select> </select>

14
templates/web/prod/WorkZone/Basket.html.twig
View File

@@ -10,36 +10,36 @@
<img src="/skins/prod/000000/images/print_history.gif"/> <img src="/skins/prod/000000/images/print_history.gif"/>
</button> </button>
{% if app['authentication'].getUser().ACL().has_right('modifyrecord') %} {% if app['acl'].get(app['authentication'].getUser()).has_right('modifyrecord') %}
<button class="ui-corner-all TOOL_ppen_btn basket_window" title="{% trans 'action : editer' %}"> <button class="ui-corner-all TOOL_ppen_btn basket_window" title="{% trans 'action : editer' %}">
<img src="/skins/prod/000000/images/ppen_history.gif"/> <img src="/skins/prod/000000/images/ppen_history.gif"/>
</button> </button>
{% endif %} {% endif %}
{% if app['authentication'].getUser().ACL().has_right('changestatus') %} {% if app['acl'].get(app['authentication'].getUser()).has_right('changestatus') %}
<button class="ui-corner-all TOOL_chgstatus_btn basket_window" title="{% trans 'action : status' %}"> <button class="ui-corner-all TOOL_chgstatus_btn basket_window" title="{% trans 'action : status' %}">
<img src="/skins/prod/000000/images/chgstatus_history.gif"/> <img src="/skins/prod/000000/images/chgstatus_history.gif"/>
</button> </button>
{% endif %} {% endif %}
{% if app['authentication'].getUser().ACL().has_right('deleterecord') and app['authentication'].getUser().ACL().has_right('addrecord') %} {% if app['acl'].get(app['authentication'].getUser()).has_right('deleterecord') and app['acl'].get(app['authentication'].getUser()).has_right('addrecord') %}
<button class="ui-corner-all TOOL_chgcoll_btn basket_window" title="{% trans 'action : collection' %}"> <button class="ui-corner-all TOOL_chgcoll_btn basket_window" title="{% trans 'action : collection' %}">
<img src="/skins/prod/000000/images/chgcoll_history.gif"/> <img src="/skins/prod/000000/images/chgcoll_history.gif"/>
</button> </button>
{% endif %} {% endif %}
{% if app['authentication'].getUser().ACL().has_right('push') %} {% if app['acl'].get(app['authentication'].getUser()).has_right('push') %}
<button class="ui-corner-all TOOL_pushdoc_btn basket_window" title="{% trans 'action : push' %}"> <button class="ui-corner-all TOOL_pushdoc_btn basket_window" title="{% trans 'action : push' %}">
<img src="/skins/icons/push16.png"/> <img src="/skins/icons/push16.png"/>
</button> </button>
{% endif %} {% endif %}
{% if app['authentication'].getUser().ACL().has_right('push') %} {% if app['acl'].get(app['authentication'].getUser()).has_right('push') %}
<button class="ui-corner-all TOOL_feedback_btn basket_window" title="{% trans 'Feedback' %}"> <button class="ui-corner-all TOOL_feedback_btn basket_window" title="{% trans 'Feedback' %}">
<img src="/skins/icons/feedback16.png"/> <img src="/skins/icons/feedback16.png"/>
</button> </button>
{% endif %} {% endif %}
{% if app['authentication'].getUser().ACL().has_right('bas_chupub') %} {% if app['acl'].get(app['authentication'].getUser()).has_right('bas_chupub') %}
<button class="ui-corner-all TOOL_bridge_btn basket_window" title="{% trans 'action : bridge' %}"> <button class="ui-corner-all TOOL_bridge_btn basket_window" title="{% trans 'action : bridge' %}">
<img src="/skins/icons/door.png"/> <img src="/skins/icons/door.png"/>
</button> </button>
@@ -48,7 +48,7 @@
</button> </button>
{% endif %} {% endif %}
{% if app['authentication'].getUser().ACL().has_right('doctools') %} {% if app['acl'].get(app['authentication'].getUser()).has_right('doctools') %}
<button class="ui-corner-all TOOL_imgtools_btn basket_window" title="{% trans 'action : outils' %}"> <button class="ui-corner-all TOOL_imgtools_btn basket_window" title="{% trans 'action : outils' %}">
<img src="/skins/prod/000000/images/imgtools_history.gif"/> <img src="/skins/prod/000000/images/imgtools_history.gif"/>
</button> </button>

14
templates/web/prod/WorkZone/Story.html.twig
View File

@@ -9,36 +9,36 @@
<img src="/skins/prod/000000/images/print_history.gif"/> <img src="/skins/prod/000000/images/print_history.gif"/>
</button> </button>
{% if app['authentication'].getUser().ACL().has_right('modifyrecord') %} {% if app['acl'].get(app['authentication'].getUser()).has_right('modifyrecord') %}
<button class="ui-corner-all TOOL_ppen_btn story_window" title="{% trans 'action : editer' %}"> <button class="ui-corner-all TOOL_ppen_btn story_window" title="{% trans 'action : editer' %}">
<img src="/skins/prod/000000/images/ppen_history.gif"/> <img src="/skins/prod/000000/images/ppen_history.gif"/>
</button> </button>
{% endif %} {% endif %}
{% if app['authentication'].getUser().ACL().has_right('changestatus') %} {% if app['acl'].get(app['authentication'].getUser()).has_right('changestatus') %}
<button class="ui-corner-all TOOL_chgstatus_btn story_window" title="{% trans 'action : status' %}"> <button class="ui-corner-all TOOL_chgstatus_btn story_window" title="{% trans 'action : status' %}">
<img src="/skins/prod/000000/images/chgstatus_history.gif"/> <img src="/skins/prod/000000/images/chgstatus_history.gif"/>
</button> </button>
{% endif %} {% endif %}
{% if app['authentication'].getUser().ACL().has_right('deleterecord') and app['authentication'].getUser().ACL().has_right('addrecord') %} {% if app['acl'].get(app['authentication'].getUser()).has_right('deleterecord') and app['acl'].get(app['authentication'].getUser()).has_right('addrecord') %}
<button class="ui-corner-all TOOL_chgcoll_btn story_window" title="{% trans 'action : collection' %}"> <button class="ui-corner-all TOOL_chgcoll_btn story_window" title="{% trans 'action : collection' %}">
<img src="/skins/prod/000000/images/chgcoll_history.gif"/> <img src="/skins/prod/000000/images/chgcoll_history.gif"/>
</button> </button>
{% endif %} {% endif %}
{% if app['authentication'].getUser().ACL().has_right('push') %} {% if app['acl'].get(app['authentication'].getUser()).has_right('push') %}
<button class="ui-corner-all TOOL_pushdoc_btn story_window" title="{% trans 'action : push' %}"> <button class="ui-corner-all TOOL_pushdoc_btn story_window" title="{% trans 'action : push' %}">
<img src="/skins/icons/push16.png"/> <img src="/skins/icons/push16.png"/>
</button> </button>
{% endif %} {% endif %}
{% if app['authentication'].getUser().ACL().has_right('push') %} {% if app['acl'].get(app['authentication'].getUser()).has_right('push') %}
<button class="ui-corner-all TOOL_feedback_btn story_window" title="{% trans 'Feedback' %}"> <button class="ui-corner-all TOOL_feedback_btn story_window" title="{% trans 'Feedback' %}">
<img src="/skins/icons/feedback16.png"/> <img src="/skins/icons/feedback16.png"/>
</button> </button>
{% endif %} {% endif %}
{% if app['authentication'].getUser().ACL().has_right('bas_chupub') %} {% if app['acl'].get(app['authentication'].getUser()).has_right('bas_chupub') %}
<button class="ui-corner-all TOOL_bridge_btn story_window" title="{% trans 'action : bridge' %}"> <button class="ui-corner-all TOOL_bridge_btn story_window" title="{% trans 'action : bridge' %}">
<img src="/skins/icons/door.png"/> <img src="/skins/icons/door.png"/>
</button> </button>
@@ -47,7 +47,7 @@
</button> </button>
{% endif %} {% endif %}
{% if app['authentication'].getUser().ACL().has_right('doctools') %} {% if app['acl'].get(app['authentication'].getUser()).has_right('doctools') %}
<button class="ui-corner-all TOOL_imgtools_btn story_window" title="{% trans 'action : outils' %}"> <button class="ui-corner-all TOOL_imgtools_btn story_window" title="{% trans 'action : outils' %}">
<img src="/skins/prod/000000/images/imgtools_history.gif"/> <img src="/skins/prod/000000/images/imgtools_history.gif"/>
</button> </button>

2
templates/web/prod/actions/Push.html.twig
View File

@@ -87,7 +87,7 @@
<input class="search" name="users-search" placeholder="{% trans 'Users' %}" type="text" style="width:210px;"/> <input class="search" name="users-search" placeholder="{% trans 'Users' %}" type="text" style="width:210px;"/>
<br/> <br/>
{% trans 'Select a user in the list'%} <br/> {% trans 'Select a user in the list'%} <br/>
{% if app['authentication'].getUser().ACL().has_right('manageusers') %} {% if app['acl'].get(app['authentication'].getUser()).has_right('manageusers') %}
{% trans 'or' %} {% trans 'or' %}
<a href="{{ path('prod_push_add_user') }}" class="user_adder link">{% trans 'Add user' %}</a> <a href="{{ path('prod_push_add_user') }}" class="user_adder link">{% trans 'Add user' %}</a>
{% endif %} {% endif %}

2
templates/web/prod/actions/edit_default.html.twig
View File

@@ -27,7 +27,7 @@
{% endif %} {% endif %}
{% set class_status = 'nostatus' %} {% set class_status = 'nostatus' %}
{% if app['authentication'].getUser().ACL().has_right_on_base(record.get_base_id(), 'chgstatus') %} {% if app['acl'].get(app['authentication'].getUser()).has_right_on_base(record.get_base_id(), 'chgstatus') %}
{% set class_status = '' %} {% set class_status = '' %}
{% endif %} {% endif %}

22
templates/web/prod/index.html.twig
View File

@@ -169,7 +169,7 @@
<div id="THPD_tabs"> <div id="THPD_tabs">
<ul> <ul>
<li class="th_tab"><a href="#THPD_T"><span>{% trans 'prod::thesaurusTab:thesaurus' %}</span></a></li> <li class="th_tab"><a href="#THPD_T"><span>{% trans 'prod::thesaurusTab:thesaurus' %}</span></a></li>
{% if app['authentication'].getUser().ACL().has_access_to_module('thesaurus') %} {% if app['acl'].get(app['authentication'].getUser()).has_access_to_module('thesaurus') %}
<li class="th_tab"><a href="#THPD_C"><span>{% trans 'prod::thesaurusTab:candidats' %}</span></a></li> <li class="th_tab"><a href="#THPD_C"><span>{% trans 'prod::thesaurusTab:candidats' %}</span></a></li>
{% endif %} {% endif %}
</ul> </ul>
@@ -209,7 +209,7 @@
</div> </div>
</div> </div>
</div> </div>
{% if app['authentication'].getUser().ACL().has_access_to_module('thesaurus') %} {% if app['acl'].get(app['authentication'].getUser()).has_access_to_module('thesaurus') %}
<div id="THPD_C"> <div id="THPD_C">
<div id='THPD_C_treeBox' class="searchZone"> <div id='THPD_C_treeBox' class="searchZone">
<div onclick="Xclick(event);return(false);" ondblclick="CXdblClick(event);"> <div onclick="Xclick(event);return(false);" ondblclick="CXdblClick(event);">
@@ -248,7 +248,7 @@
{% trans 'Browse Baskets' %} {% trans 'Browse Baskets' %}
</a> </a>
</div> </div>
{% if app['phraseanet.registry'].get('GV_multiAndReport') and app['authentication'].getUser().ACL().has_right('addrecord') %} {% if app['phraseanet.registry'].get('GV_multiAndReport') and app['acl'].get(app['authentication'].getUser()).has_right('addrecord') %}
<div class="context-menu-item-inner"> <div class="context-menu-item-inner">
<a title="{% trans 'action:: nouveau reportage' %}" class="dialog small-dialog" href="{{ path('prod_stories_create') }}"> <a title="{% trans 'action:: nouveau reportage' %}" class="dialog small-dialog" href="{{ path('prod_stories_create') }}">
<img style="cursor:pointer;" src="/skins/icons/mtadd_0.gif" title="{% trans 'action:: nouveau reportage' %}" /> <img style="cursor:pointer;" src="/skins/icons/mtadd_0.gif" title="{% trans 'action:: nouveau reportage' %}" />
@@ -531,19 +531,19 @@
</span> </span>
{% set actions = {} %} {% set actions = {} %}
{% if app['authentication'].getUser().ACL().has_right('modifyrecord') %} {% if app['acl'].get(app['authentication'].getUser()).has_right('modifyrecord') %}
{% set label %} {% set label %}
{% trans 'action : editer' %} {% trans 'action : editer' %}
{% endset %} {% endset %}
{% set actions = actions|merge( { 'edit' : {'icon': "/skins/prod/000000/images/ppen_history.gif", 'class':'TOOL_ppen_btn', 'label' : label} }) %} {% set actions = actions|merge( { 'edit' : {'icon': "/skins/prod/000000/images/ppen_history.gif", 'class':'TOOL_ppen_btn', 'label' : label} }) %}
{% endif %} {% endif %}
{% if app['authentication'].getUser().ACL().has_right('changestatus') %} {% if app['acl'].get(app['authentication'].getUser()).has_right('changestatus') %}
{% set label %} {% set label %}
{% trans 'action : status' %} {% trans 'action : status' %}
{% endset %} {% endset %}
{% set actions = actions|merge( { 'status' : {'icon': "/skins/prod/000000/images/chgstatus_history.gif", 'class':'TOOL_chgstatus_btn', 'label' : label} }) %} {% set actions = actions|merge( { 'status' : {'icon': "/skins/prod/000000/images/chgstatus_history.gif", 'class':'TOOL_chgstatus_btn', 'label' : label} }) %}
{% endif %} {% endif %}
{% if app['authentication'].getUser().ACL().has_right('deleterecord') and app['authentication'].getUser().ACL().has_right('addrecord') %} {% if app['acl'].get(app['authentication'].getUser()).has_right('deleterecord') and app['acl'].get(app['authentication'].getUser()).has_right('addrecord') %}
{% set label %} {% set label %}
{% trans 'action : collection' %} {% trans 'action : collection' %}
{% endset %} {% endset %}
@@ -591,7 +591,7 @@
</span> </span>
{% endif %} {% endif %}
{% if app['authentication'].getUser().ACL().has_right('push') and app['authentication'].getUser().ACL().has_right('bas_chupub') %} {% if app['acl'].get(app['authentication'].getUser()).has_right('push') and app['acl'].get(app['authentication'].getUser()).has_right('bas_chupub') %}
<span class="dropdownButton"> <span class="dropdownButton">
<div class="btn-group"> <div class="btn-group">
<button class="TOOL_pushdoc_btn default_action results_window btn btn-inverse"> <button class="TOOL_pushdoc_btn default_action results_window btn btn-inverse">
@@ -622,7 +622,7 @@
</ul> </ul>
</div> </div>
</span> </span>
{% elseif app['authentication'].getUser().ACL().has_right('push') %} {% elseif app['acl'].get(app['authentication'].getUser()).has_right('push') %}
<span class="dropdownButton"> <span class="dropdownButton">
<div class="btn-group"> <div class="btn-group">
<button class="TOOL_pushdoc_btn default_action results_window btn btn-inverse" > <button class="TOOL_pushdoc_btn default_action results_window btn btn-inverse" >
@@ -639,7 +639,7 @@
</ul> </ul>
</div> </div>
</span> </span>
{% elseif app['authentication'].getUser().ACL().has_right('bas_chupub') %} {% elseif app['acl'].get(app['authentication'].getUser()).has_right('bas_chupub') %}
<span class="dropdownButton"> <span class="dropdownButton">
<div class="btn-group"> <div class="btn-group">
<button class="TOOL_pushdoc_btn default_action results_window btn btn-inverse" > <button class="TOOL_pushdoc_btn default_action results_window btn btn-inverse" >
@@ -658,7 +658,7 @@
</span> </span>
{% endif %} {% endif %}
{% if app['authentication'].getUser().ACL().has_right('doctools') %} {% if app['acl'].get(app['authentication'].getUser()).has_right('doctools') %}
<span class="classicButton"> <span class="classicButton">
<div class="btn-group"> <div class="btn-group">
<button class="TOOL_imgtools_btn results_window btn btn-inverse" > <button class="TOOL_imgtools_btn results_window btn btn-inverse" >
@@ -667,7 +667,7 @@
</div> </div>
</span> </span>
{% endif %} {% endif %}
{% if app['authentication'].getUser().ACL().has_right('deleterecord') %} {% if app['acl'].get(app['authentication'].getUser()).has_right('deleterecord') %}
<span class="classicButton"> <span class="classicButton">
<div class="btn-group"> <div class="btn-group">
<button class="TOOL_trash_btn results_window btn btn-inverse" > <button class="TOOL_trash_btn results_window btn btn-inverse" >

4
templates/web/prod/preview/caption.html.twig
View File

@@ -1,6 +1,6 @@
{% import 'common/caption_templates/preview.html.twig' as caption %} {% import 'common/caption_templates/preview.html.twig' as caption %}
{% if app['authentication'].getUser().ACL().has_right_on_base(record.get_base_id, 'canmodifrecord') %} {% if app['acl'].get(app['authentication'].getUser()).has_right_on_base(record.get_base_id, 'canmodifrecord') %}
<div class="edit_button" style="text-align:right"> <div class="edit_button" style="text-align:right">
<a href="#" onclick="editThis('IMGT','{{record.get_serialize_key()}}');"> <a href="#" onclick="editThis('IMGT','{{record.get_serialize_key()}}');">
<img style="vertical-align:middle" src="/skins/prod/000000/images/ppen_history.gif" /> <img style="vertical-align:middle" src="/skins/prod/000000/images/ppen_history.gif" />
@@ -11,7 +11,7 @@
<div style="text-align:center;"> <div style="text-align:center;">
{{record.get_status_icons()|raw}} {{record.get_status_icons()|raw}}
</div> </div>
{% set business = app['authentication'].getUser().ACL().has_right_on_base(record.get_base_id(), 'canmodifrecord') %} {% set business = app['acl'].get(app['authentication'].getUser()).has_right_on_base(record.get_base_id(), 'canmodifrecord') %}
{% if record.is_from_reg() %} {% if record.is_from_reg() %}
{{caption.format_caption(record, '', null, business)}} {{caption.format_caption(record, '', null, business)}}
{% else %} {% else %}

2
templates/web/prod/preview/short_history.html.twig
View File

@@ -55,7 +55,7 @@
{% trans 'report::Modification du document -- je ne me souviens plus de quoi...' %} {% trans 'report::Modification du document -- je ne me souviens plus de quoi...' %}
{% endif %} {% endif %}
<span class="actor"> <span class="actor">
{% if app['authentication'].getUser().ACL().has_right_on_base(record.get_base_id(), 'canreport') %} {% if app['acl'].get(app['authentication'].getUser()).has_right_on_base(record.get_base_id(), 'canreport') %}
{% if done['user'] and done['user'].get_id() != app['authentication'].getUser().get_id() %} {% if done['user'] and done['user'].get_id() != app['authentication'].getUser().get_id() %}
{% set user_infos = done['user'].get_display_name() %} {% set user_infos = done['user'].get_display_name() %}
{% trans %}report:: par {{ user_infos }}{% endtrans %} {% trans %}report:: par {{ user_infos }}{% endtrans %}

4
templates/web/prod/preview/tools.html.twig
View File

@@ -1,5 +1,5 @@
{% if (record.is_from_basket is empty) and app['authentication'].getUser().ACL().has_right_on_base(record.get_base_id(), 'canputinalbum') %} {% if (record.is_from_basket is empty) and app['acl'].get(app['authentication'].getUser()).has_right_on_base(record.get_base_id(), 'canputinalbum') %}
<div sbas="{{record.get_sbas_id()}}" id="PREV_BASKADD_{{record.get_serialize_key}}" <div sbas="{{record.get_sbas_id()}}" id="PREV_BASKADD_{{record.get_serialize_key}}"
class="baskAdder" title="{% trans 'action : ajouter au panier' %}" class="baskAdder" title="{% trans 'action : ajouter au panier' %}"
onclick="evt_add_in_chutier('{{record.get_sbas_id()}}','{{record.get_record_id()}}',false,this);return(false);"></div> onclick="evt_add_in_chutier('{{record.get_sbas_id()}}','{{record.get_record_id()}}',false,this);return(false);"></div>
@@ -17,7 +17,7 @@
<div class="printer" title="'{% trans 'action : print' %}" <div class="printer" title="'{% trans 'action : print' %}"
onclick="evt_print('{{record.get_sbas_id()}}_{{record.get_record_id()}}');return(false);"></div> onclick="evt_print('{{record.get_sbas_id()}}_{{record.get_record_id()}}');return(false);"></div>
{% if app['authentication'].getUser().ACL().has_right_on_base(record.get_base_id(), 'candwnldhd') or app['authentication'].getUser().ACL().has_right_on_base(record.get_base_id(), 'candwnldpreview') %} {% if app['acl'].get(app['authentication'].getUser()).has_right_on_base(record.get_base_id(), 'candwnldhd') or app['acl'].get(app['authentication'].getUser()).has_right_on_base(record.get_base_id(), 'candwnldpreview') %}
<div class="downloader" title="{% trans 'action : exporter' %}" <div class="downloader" title="{% trans 'action : exporter' %}"
onclick="evt_dwnl('{{record.get_sbas_id()}}_{{record.get_record_id()}}');return(false);"></div> onclick="evt_dwnl('{{record.get_sbas_id()}}_{{record.get_record_id()}}');return(false);"></div>
{% endif %} {% endif %}

2
templates/web/prod/results/answerlist.html.twig
View File

@@ -14,7 +14,7 @@
<td valign="middle"> <td valign="middle">
<div class='desc' style='max-height:{{th_size+70}}px;overflow-y:auto;'> <div class='desc' style='max-height:{{th_size+70}}px;overflow-y:auto;'>
<div class="fixeddesc"> <div class="fixeddesc">
{% set business = app['authentication'].getUser().ACL().has_right_on_base(record.get_base_id(), 'canmodifrecord') %} {% set business = app['acl'].get(app['authentication'].getUser()).has_right_on_base(record.get_base_id(), 'canmodifrecord') %}
{{caption.format_caption(record, highlight, searchEngine, business)}} {{caption.format_caption(record, highlight, searchEngine, business)}}
{% if app['authentication'].getUser().getPrefs('technical_display') == 'group' %}<hr/>{{record.get_technical_infos|raw}}{% endif %} {% if app['authentication'].getUser().getPrefs('technical_display') == 'group' %}<hr/>{{record.get_technical_infos|raw}}{% endif %}
</div> </div>

2
templates/web/prod/results/record.html.twig
View File

@@ -80,7 +80,7 @@
{% endif %} {% endif %}
<td style='text-align:right;width:{{l_width}}px;' valign='bottom'> <td style='text-align:right;width:{{l_width}}px;' valign='bottom'>
{{drop_down.prod(record, entry_id)}} {{drop_down.prod(record, entry_id)}}
{% if record.has_preview() and app['authentication'].getUser().ACL().has_access_to_subdef(record, 'preview') %} {% if record.has_preview() and app['acl'].get(app['authentication'].getUser()).has_access_to_subdef(record, 'preview') %}
<div tooltipsrc="{{ path('prod_tooltip_preview', { 'sbas_id' : record.get_sbas_id(), 'record_id' : record.get_record_id() }) }}" class="previewTips"></div> <div tooltipsrc="{{ path('prod_tooltip_preview', { 'sbas_id' : record.get_sbas_id(), 'record_id' : record.get_record_id() }) }}" class="previewTips"></div>
{% endif %} {% endif %}
{% if user_rollover_thumbnail == 'preview' %} {% if user_rollover_thumbnail == 'preview' %}

4
templates/web/prod/upload/lazaret.html.twig
View File

@@ -318,8 +318,8 @@
</h5> </h5>
<ul class="thumbnails"> <ul class="thumbnails">
{% for record in records %} {% for record in records %}
{% if app['authentication'].getUser().ACL().has_right_on_base(record.get_base_id(), "canaddrecord") {% if app['acl'].get(app['authentication'].getUser()).has_right_on_base(record.get_base_id(), "canaddrecord")
and app['authentication'].getUser().ACL().has_right_on_base(record.get_base_id(), "candeleterecord") %} and app['acl'].get(app['authentication'].getUser()).has_right_on_base(record.get_base_id(), "candeleterecord") %}
<li class="records-subititution span3"> <li class="records-subititution span3">
<div class="thumbnail"> <div class="thumbnail">
<div class="record-thumb" style="text-align:center;"> <div class="record-thumb" style="text-align:center;">

4
tests/Alchemy/Tests/Phrasea/Application/ApiAbstract.php
View File

@@ -14,7 +14,7 @@ abstract class ApiAbstract extends \PhraseanetWebTestCaseAbstract
{ {
/** /**
* *
* @var Symfony\Component\HttpKernel\Client * @var Client
*/ */
protected $client; protected $client;
@@ -1999,7 +1999,7 @@ abstract class ApiAbstract extends \PhraseanetWebTestCaseAbstract
$lazaretSession = new \Alchemy\Phrasea\Model\Entities\LazaretSession(); $lazaretSession = new \Alchemy\Phrasea\Model\Entities\LazaretSession();
self::$DI['app']['EM']->persist($lazaretSession); self::$DI['app']['EM']->persist($lazaretSession);
$quarantineItem; $quarantineItem = null;
$callback = function ($element, $visa, $code) use (&$quarantineItem) { $callback = function ($element, $visa, $code) use (&$quarantineItem) {
$quarantineItem = $element; $quarantineItem = $element;
}; };

16
tests/Alchemy/Tests/Phrasea/Authentication/ACLProviderTest.php Normal file
View File

@@ -0,0 +1,16 @@
<?php
namespace Alchemy\Tests\Phrasea\Authentication;
use Alchemy\Phrasea\Application;
use Alchemy\Phrasea\Authentication\ACLProvider;
class ACLProviderTest extends \PhraseanetPHPUnitAbstract
{
public function testGetACL()
{
$acl = self::$DI['app']['acl']->get(self::$DI['user']);
$this->assertInstanceOf('\ACL', $acl);
}
}

9
tests/Alchemy/Tests/Phrasea/Authentication/AuthenticatorTest.php
View File

@@ -96,10 +96,15 @@ class AuthenticatorTest extends \PhraseanetPHPUnitAbstract
->method('get_granted_sbas') ->method('get_granted_sbas')
->will($this->returnValue(array())); ->will($this->returnValue(array()));
$user->expects($this->once()) $aclProvider = $this->getMockBuilder('Alchemy\Phrasea\Authentication\ACLProvider')
->method('ACL') ->disableOriginalConstructor()
->getMock();
$aclProvider->expects($this->any())
->method('get')
->will($this->returnValue($acl)); ->will($this->returnValue($acl));
$app['acl'] = $aclProvider;
$em->expects($this->at(0)) $em->expects($this->at(0))
->method('persist') ->method('persist')
->with($this->isInstanceOf('Alchemy\Phrasea\Model\Entities\Session')) ->with($this->isInstanceOf('Alchemy\Phrasea\Model\Entities\Session'))

16
tests/Alchemy/Tests/Phrasea/Controller/Admin/AdminCollectionTest.php
View File

@@ -3,6 +3,7 @@
namespace Alchemy\Tests\Phrasea\Controller\Admin; namespace Alchemy\Tests\Phrasea\Controller\Admin;
use Alchemy\Phrasea\Application; use Alchemy\Phrasea\Application;
use Alchemy\Phrasea\Authentication\ACLProvider;
use Alchemy\Phrasea\Border\File; use Alchemy\Phrasea\Border\File;
class AdminCollectionTest extends \PhraseanetWebTestCaseAuthenticatedAbstract class AdminCollectionTest extends \PhraseanetWebTestCaseAuthenticatedAbstract
@@ -12,7 +13,7 @@ class AdminCollectionTest extends \PhraseanetWebTestCaseAuthenticatedAbstract
public function tearDown() public function tearDown()
{ {
self::$DI['app']['authentication']->setUser(self::$DI['user']); self::$DI['app']['acl'] = new ACLProvider(self::$DI['app']);
foreach (self::$createdCollections as $collection) { foreach (self::$createdCollections as $collection) {
try { try {
$collection->unmount_collection(self::$DI['app']); $collection->unmount_collection(self::$DI['app']);
@@ -26,6 +27,7 @@ class AdminCollectionTest extends \PhraseanetWebTestCaseAuthenticatedAbstract
} }
} }
self::$createdCollections = array(); self::$createdCollections = array();
// /!\ re enable collection // /!\ re enable collection
self::$DI['collection']->enable(self::$DI['app']['phraseanet.appbox']); self::$DI['collection']->enable(self::$DI['app']['phraseanet.appbox']);
@@ -38,8 +40,8 @@ class AdminCollectionTest extends \PhraseanetWebTestCaseAuthenticatedAbstract
self::$DI['app'] = new Application('test'); self::$DI['app'] = new Application('test');
self::giveRightsToUser(self::$DI['app'], self::$DI['user']); self::giveRightsToUser(self::$DI['app'], self::$DI['user']);
self::$DI['user']->ACL()->revoke_access_from_bases(array(self::$DI['collection_no_access']->get_base_id())); self::$DI['app']['acl']->get(self::$DI['user'])->revoke_access_from_bases(array(self::$DI['collection_no_access']->get_base_id()));
self::$DI['user']->ACL()->set_masks_on_base(self::$DI['collection_no_access_by_status']->get_base_id(), '0000000000000000000000000000000000000000000000000001000000000000', '0000000000000000000000000000000000000000000000000001000000000000', '0000000000000000000000000000000000000000000000000001000000000000', '0000000000000000000000000000000000000000000000000001000000000000'); self::$DI['app']['acl']->get(self::$DI['user'])->set_masks_on_base(self::$DI['collection_no_access_by_status']->get_base_id(), '0000000000000000000000000000000000000000000000000001000000000000', '0000000000000000000000000000000000000000000000000001000000000000', '0000000000000000000000000000000000000000000000000001000000000000', '0000000000000000000000000000000000000000000000000001000000000000');
parent::tearDownAfterClass(); parent::tearDownAfterClass();
} }
@@ -103,12 +105,10 @@ class AdminCollectionTest extends \PhraseanetWebTestCaseAuthenticatedAbstract
{ {
$this->setAdmin(true); $this->setAdmin(true);
$collection = $this->createOneCollection(); $file = new File(self::$DI['app'], self::$DI['app']['mediavorus']->guess(__DIR__ . '/../../../../../files/test001.jpg'), self::$DI['collection']);
$file = new File(self::$DI['app'], self::$DI['app']['mediavorus']->guess(__DIR__ . '/../../../../../files/test001.jpg'), $collection);
\record_adapter::createFromFile($file, self::$DI['app']); \record_adapter::createFromFile($file, self::$DI['app']);
self::$DI['client']->request('GET', '/admin/collection/' . $collection->get_base_id() . '/informations/details/'); self::$DI['client']->request('GET', '/admin/collection/' . self::$DI['collection']->get_base_id() . '/informations/details/');
$this->assertTrue(self::$DI['client']->getResponse()->isOk()); $this->assertTrue(self::$DI['client']->getResponse()->isOk());
} }
@@ -279,7 +279,7 @@ class AdminCollectionTest extends \PhraseanetWebTestCaseAuthenticatedAbstract
$this->checkRedirection(self::$DI['client']->getResponse(), '/admin/collection/' . self::$DI['collection']->get_base_id() . '/?success=1'); $this->checkRedirection(self::$DI['client']->getResponse(), '/admin/collection/' . self::$DI['collection']->get_base_id() . '/?success=1');
$this->assertTrue(self::$DI['user_alt1']->ACL()->has_right_on_base(self::$DI['collection']->get_base_id(), 'order_master')); $this->assertTrue(self::$DI['app']['acl']->get(self::$DI['user_alt1'])->has_right_on_base(self::$DI['collection']->get_base_id(), 'order_master'));
} }
/** /**

Some files were not shown because too many files have changed in this diff Show More