From 4277bd5d064b48068781a1574e1ec37622639b04 Mon Sep 17 00:00:00 2001 From: aynsix Date: Wed, 18 Mar 2020 14:48:19 +0300 Subject: [PATCH] add command system:apply-rights --- bin/console | 2 + .../Phrasea/Command/ApplyRightsCommand.php | 89 +++++++++++++++++++ 2 files changed, 91 insertions(+) create mode 100644 lib/Alchemy/Phrasea/Command/ApplyRightsCommand.php diff --git a/bin/console b/bin/console index 0f315afa68..c49fc89052 100755 --- a/bin/console +++ b/bin/console @@ -57,6 +57,7 @@ use Alchemy\Phrasea\Command\User\UserCreateCommand; use Alchemy\Phrasea\Command\User\UserPasswordCommand; use Alchemy\Phrasea\Command\User\UserListCommand; use Alchemy\Phrasea\Command\UpgradeDBDatas; +use Alchemy\Phrasea\Command\ApplyRightsCommand; require_once __DIR__ . '/../lib/autoload.php'; @@ -93,6 +94,7 @@ $cli->command(new \module_console_aboutLicense('about:license')); $cli->command(new CheckConfig('check:config')); $cli->command(new UpgradeDBDatas('system:upgrade-datas')); +$cli->command(new ApplyRightsCommand('system:apply-rights')); $cli->command(new \module_console_systemMailCheck('system:mail-check')); $cli->command(new \module_console_systemBackupDB('system:backup-db')); diff --git a/lib/Alchemy/Phrasea/Command/ApplyRightsCommand.php b/lib/Alchemy/Phrasea/Command/ApplyRightsCommand.php new file mode 100644 index 0000000000..bcf0b3d0e7 --- /dev/null +++ b/lib/Alchemy/Phrasea/Command/ApplyRightsCommand.php @@ -0,0 +1,89 @@ +setDescription('Apply right on databox, inject appbox:basusr to dboxes:collusr') + ->addOption('user_id', null, InputOption::VALUE_REQUIRED, 'the user ID to apply rights') + ; + + return $this; + } + + protected function doExecute(InputInterface $input, OutputInterface $output) + { + $userId = $input->getOption('user_id'); + $userRepository = $this->container['repo.users']; + + if ($userId) { + if (($user = $userRepository->find($userId)) === null) { + $output->writeln('user not found!'); + + return 0; + } + + $this->injectRightsSbas($user); + } else { + foreach ($userRepository->findAll() as $user) { + $this->injectRightsSbas($user); + } + } + + $output->writeln('Apply right on databox finished!'); + + return 0; + } + + private function injectRightsSbas(User $user) + { + $userAcl = $this->container->getAclForUser($user); + + foreach ($userAcl->get_granted_sbas() as $databox) { + + $userAcl->delete_injected_rights_sbas($databox); + + $sql = "INSERT INTO collusr + (site, usr_id, coll_id, mask_and, mask_xor, ord) + VALUES (:site_id, :usr_id, :coll_id, :mask_and, :mask_xor, :ord)"; + $stmt = $databox->get_connection()->prepare($sql); + $iord = 0; + + // fix collusr if user has right on collection + foreach ($userAcl->get_granted_base([], [$databox->get_sbas_id()]) as $collection) { + try { + $stmt->execute([ + ':site_id' => $this->container['conf']->get(['main', 'key']), + ':usr_id' => $user->getId(), + ':coll_id' => $collection->get_coll_id(), + ':mask_and' => $userAcl->get_mask_and($collection->get_base_id()), + ':mask_xor' => $userAcl->get_mask_xor($collection->get_base_id()), + ':ord' => $iord++ + ]); + } catch (DBALException $e) { + + } + } + + $stmt->closeCursor(); + } + } +}