hazza/Phraseanet
1
0
Fork 0
mirror of https://github.com/alchemy-fr/Phraseanet.git synced 2025-10-23 18:03:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

PHRAS-508_acl-cache

Browse Source 
- wip
This commit is contained in:
Jean-Yves Gaulier
2016-10-25 17:15:20 +02:00
parent 6a2285f66d
commit 642da0fca5
56 changed files with 446 additions and 418 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
lib/Alchemy/Phrasea/Collection/CollectionService.php
View File

@@ -269,23 +269,23 @@ class CollectionService
public function grantAdminRights(CollectionReference $reference, User $user)
{
$rights = [
\ACL::CANPUTINALBUM => "1",
\ACL::CANDWNLDHD => "1",
\ACL::NOWATERMARK => "1",
\ACL::CANDWNLDPREVIEW => "1",
\ACL::CANCMD => "1",
\ACL::CANADMIN => "1",
\ACL::ACTIF => "1",
\ACL::CANREPORT => "1",
\ACL::CANPUSH => "1",
"basusr_infousr" => "",
\ACL::CANADDRECORD => "1",
\ACL::CANMODIFRECORD => "1",
\ACL::CANDELETERECORD => "1",
\ACL::CHGSTATUS => "1",
\ACL::IMGTOOLS => "1",
\ACL::MANAGE => "1",
\ACL::MODIFY_STRUCT => "1"
\ACL::CANPUTINALBUM => "1",
\ACL::CANDWNLDHD => "1",
\ACL::NOWATERMARK => "1",
\ACL::CANDWNLDPREVIEW => "1",
\ACL::CANCMD => "1",
\ACL::CANADMIN => "1",
\ACL::ACTIF => "1",
\ACL::CANREPORT => "1",
\ACL::CANPUSH => "1",
"basusr_infousr" => "",
\ACL::CANADDRECORD => "1",
\ACL::CANMODIFRECORD => "1",
\ACL::CANDELETERECORD => "1",
\ACL::CHGSTATUS => "1",
\ACL::IMGTOOLS => "1",
\ACL::COLL_MANAGE => "1",
\ACL::COLL_MODIFY_STRUCT => "1"
];
$this->app->getAclForUser($user)->update_rights_to_base($reference->getBaseId(), $rights);

4
lib/Alchemy/Phrasea/Controller/Admin/DataboxesController.php
View File

@@ -31,8 +31,8 @@ class DataboxesController extends Controller
{
$acl = $this->getAclForUser();
$sbasIds = array_merge(
array_keys($acl->get_granted_sbas(['bas_manage'])),
array_keys($acl->get_granted_sbas(['bas_modify_struct']))
array_keys($acl->get_granted_sbas([\ACL::BAS_MANAGE])),
array_keys($acl->get_granted_sbas([\ACL::BAS_MODIFY_STRUCT]))
);
$sbas = [];

12
lib/Alchemy/Phrasea/Controller/Admin/RootController.php
View File

@@ -88,7 +88,7 @@ class RootController extends Controller
*/
public function displayStatusBitAction($databox_id)
{
if (!$this->getAclForUser()->has_right_on_sbas($databox_id, 'bas_modify_struct')) {
if (!$this->getAclForUser()->has_right_on_sbas($databox_id, \ACL::BAS_MODIFY_STRUCT)) {
$this->app->abort(403);
}
@@ -105,7 +105,7 @@ class RootController extends Controller
*/
public function displayDataboxStructureAction(Request $request, $databox_id)
{
if (!$this->getAclForUser()->has_right_on_sbas($databox_id, 'bas_modify_struct')) {
if (!$this->getAclForUser()->has_right_on_sbas($databox_id, \ACL::BAS_MODIFY_STRUCT)) {
$this->app->abort(403);
}
@@ -132,7 +132,7 @@ class RootController extends Controller
public function submitDatabaseStructureAction(Request $request, $databox_id)
{
if (!$this->getAclForUser()->has_right_on_sbas($databox_id, 'bas_modify_struct')) {
if (!$this->getAclForUser()->has_right_on_sbas($databox_id, \ACL::BAS_MODIFY_STRUCT)) {
$this->app->abort(403);
}
@@ -162,7 +162,7 @@ class RootController extends Controller
public function displayDatabaseStatusBitFormAction(Request $request, $databox_id, $bit)
{
if (!$this->getAclForUser()->has_right_on_sbas($databox_id, 'bas_modify_struct')) {
if (!$this->getAclForUser()->has_right_on_sbas($databox_id, \ACL::BAS_MODIFY_STRUCT)) {
$this->app->abort(403);
}
@@ -220,7 +220,7 @@ class RootController extends Controller
$this->app->abort(400, $this->app->trans('Bad request format, only JSON is allowed'));
}
if (!$this->getAclForUser()->has_right_on_sbas($databox_id, 'bas_modify_struct')) {
if (!$this->getAclForUser()->has_right_on_sbas($databox_id, \ACL::BAS_MODIFY_STRUCT)) {
$this->app->abort(403);
}
@@ -238,7 +238,7 @@ class RootController extends Controller
}
public function submitStatusBitAction(Request $request, $databox_id, $bit) {
if (!$this->getAclForUser()->has_right_on_sbas($databox_id, 'bas_modify_struct')) {
if (!$this->getAclForUser()->has_right_on_sbas($databox_id, \ACL::BAS_MODIFY_STRUCT)) {
$this->app->abort(403);
}

12
lib/Alchemy/Phrasea/Controller/Api/V1Controller.php
View File

@@ -631,7 +631,7 @@ class V1Controller extends Controller
$offset_start = max($request->get('offset_start', 0), 0);
$per_page = min(max($request->get('per_page', 10), 1), 1000);
$baseIds = array_keys($this->getAclForUser()->get_granted_base(['canaddrecord']));
$baseIds = array_keys($this->getAclForUser()->get_granted_base([\ACL::CANADDRECORD]));
$lazaretFiles = [];
@@ -666,7 +666,7 @@ class V1Controller extends Controller
return Result::createError($request, 404, sprintf('Lazaret file id %d not found', $lazaret_id))->createResponse();
}
if (!$this->getAclForUser()->has_right_on_base($lazaretFile->getBaseId(), 'canaddrecord')) {
if (!$this->getAclForUser()->has_right_on_base($lazaretFile->getBaseId(), \ACL::CANADDRECORD)) {
return Result::createError($request, 403, 'You do not have access to this quarantine item')->createResponse();
}
@@ -905,7 +905,7 @@ class V1Controller extends Controller
$collection = \collection::getByBaseId($this->app, $request->get('base_id'));
if (!$this->getAclForUser()->has_right_on_base($request->get('base_id'), 'canaddrecord')) {
if (!$this->getAclForUser()->has_right_on_base($request->get('base_id'), \ACL::CANADDRECORD)) {
return Result::createError($request, 403, sprintf(
'You do not have access to collection %s', $collection->get_label($this->app['locale'])
))->createResponse();
@@ -1002,7 +1002,7 @@ class V1Controller extends Controller
$record = $this->findDataboxById($request->get('databox_id'))->get_record($request->get('record_id'));
$base_id = $record->getBaseId();
$collection = \collection::getByBaseId($this->app, $base_id);
if (!$this->getAclForUser()->has_right_on_base($base_id, 'canaddrecord')) {
if (!$this->getAclForUser()->has_right_on_base($base_id, \ACL::CANADDRECORD)) {
return Result::createError($request, 403, sprintf(
'You do not have access to collection %s', $collection->get_label($this->app['locale.I18n'])
));
@@ -2447,7 +2447,7 @@ class V1Controller extends Controller
{
$collection = \collection::getByBaseId($this->app, $data->{'base_id'});
if (!$this->getAclForUser()->has_right_on_base($collection->get_base_id(), 'canaddrecord')) {
if (!$this->getAclForUser()->has_right_on_base($collection->get_base_id(), \ACL::CANADDRECORD)) {
$this->app->abort(403, sprintf('You can not create a story on this collection %s', $collection->get_base_id()));
}
@@ -2838,7 +2838,7 @@ class V1Controller extends Controller
{
$user = $this->getApiAuthenticatedUser();
$databox = $this->findDataboxById($request->attributes->get('databox_id'));
if (!$this->getAclForUser($user)->has_right_on_sbas($databox->get_sbas_id(), 'bas_modify_struct')) {
if (!$this->getAclForUser($user)->has_right_on_sbas($databox->get_sbas_id(), \ACL::BAS_MODIFY_STRUCT)) {
return Result::createError($request, 401, 'You are not authorized')->createResponse();
}

2
lib/Alchemy/Phrasea/Controller/DatafileController.php
View File

@@ -66,7 +66,7 @@ class DatafileController extends AbstractDelivery
$stamp = false;
$watermark = !$this->acl->get($this->authentication->getUser())
->has_right_on_base($record->getBaseId(), 'nowatermark');
->has_right_on_base($record->getBaseId(), \ACL::NOWATERMARK);
if ($watermark && !$all_access) {
$subdef_class = null;

2
lib/Alchemy/Phrasea/Controller/PermalinkController.php
View File

@@ -136,7 +136,7 @@ class PermalinkController extends AbstractDelivery
}
if ($this->authentication->isAuthenticated()) {
$watermark = !$this->acl->get($this->authentication->getUser())->has_right_on_base($record->getBaseId(), 'nowatermark');
$watermark = !$this->acl->get($this->authentication->getUser())->has_right_on_base($record->getBaseId(), \ACL::NOWATERMARK);
if ($watermark) {
/** @var BasketElementRepository $repository */

6
lib/Alchemy/Phrasea/Controller/Prod/FeedController.php
View File

@@ -37,7 +37,7 @@ class FeedController extends Controller
public function publishRecordsAction(Request $request)
{
$feeds = $this->getFeedRepository()->getAllForUser($this->getAclForUser());
$publishing = RecordsRequest::fromRequest($this->app, $request, true, [], ['bas_chupub']);
$publishing = RecordsRequest::fromRequest($this->app, $request, true, [], [\ACL::BAS_CHUPUB]);
return $this->render(
'prod/actions/publish/publish.html.twig',
@@ -76,7 +76,7 @@ class FeedController extends Controller
$feed->addEntry($entry);
$publishing = RecordsRequest::fromRequest($this->app, $request, true, [], ['bas_chupub']);
$publishing = RecordsRequest::fromRequest($this->app, $request, true, [], [\ACL::BAS_CHUPUB]);
$manager = $this->getEntityManager();
foreach ($publishing as $record) {
$item = new FeedItem();
@@ -270,7 +270,7 @@ class FeedController extends Controller
public function ensureUserHasPublishRight()
{
$this->requireRight('bas_chupub');
$this->requireRight(\ACL::BAS_CHUPUB);
}
/**

2
lib/Alchemy/Phrasea/Controller/Prod/LazaretController.php
View File

@@ -45,7 +45,7 @@ class LazaretController extends Controller
*/
public function listElement(Request $request)
{
$baseIds = array_keys($this->getAclForUser()->get_granted_base(['canaddrecord']));
$baseIds = array_keys($this->getAclForUser()->get_granted_base([\ACL::CANADDRECORD]));
$lazaretFiles = null;
$perPage = 10;

10
lib/Alchemy/Phrasea/Controller/Prod/MoveCollectionController.php
View File

@@ -17,13 +17,13 @@ class MoveCollectionController extends Controller
{
public function displayForm(Request $request)
{
$records = RecordsRequest::fromRequest($this->app, $request, false, ['candeleterecord']);
$records = RecordsRequest::fromRequest($this->app, $request, false, [\ACL::CANDELETERECORD]);
$sbas_ids = array_map(function (\databox $databox) {
return $databox->get_sbas_id();
}, $records->databoxes());
$collections = $this->getAclForUser()->get_granted_base(['canaddrecord'], $sbas_ids);
$collections = $this->getAclForUser()->get_granted_base([\ACL::CANADDRECORD], $sbas_ids);
$parameters = [
'records' => $records,
@@ -37,7 +37,7 @@ class MoveCollectionController extends Controller
public function apply(Request $request)
{
/** @var \record_adapter[] $records */
$records = RecordsRequest::fromRequest($this->app, $request, false, ['candeleterecord']);
$records = RecordsRequest::fromRequest($this->app, $request, false, [\ACL::CANDELETERECORD]);
$datas = [
'success' => false,
@@ -51,7 +51,7 @@ class MoveCollectionController extends Controller
return $this->app->json($datas);
}
if (!$this->getAclForUser()->has_right_on_base($request->request->get('base_id'), 'canaddrecord')) {
if (!$this->getAclForUser()->has_right_on_base($request->request->get('base_id'), \ACL::CANADDRECORD)) {
$datas['message'] = $this->app->trans("You do not have the permission to move records to %collection%", ['%collection%', \phrasea::bas_labels($request->request->get('base_id'), $this->app)]);
return $this->app->json($datas);
@@ -71,7 +71,7 @@ class MoveCollectionController extends Controller
if ($request->request->get("chg_coll_son") == "1") {
/** @var \record_adapter $child */
foreach ($record->getChildren() as $child) {
if ($this->getAclForUser()->has_right_on_base($child->getBaseId(), 'candeleterecord')) {
if ($this->getAclForUser()->has_right_on_base($child->getBaseId(), \ACL::CANDELETERECORD)) {
$child->move_to_collection($collection, $this->getApplicationBox());
}
}

2
lib/Alchemy/Phrasea/Controller/Prod/StoryController.php
View File

@@ -35,7 +35,7 @@ class StoryController extends Controller
{
$collection = \collection::getByBaseId($this->app, $request->request->get('base_id'));
if (!$this->getAclForUser()->has_right_on_base($collection->get_base_id(), 'canaddrecord')) {
if (!$this->getAclForUser()->has_right_on_base($collection->get_base_id(), \ACL::CANADDRECORD)) {
throw new AccessDeniedHttpException('You can not create a story on this collection');
}

4
lib/Alchemy/Phrasea/Controller/Prod/ToolsController.php
View File

@@ -51,7 +51,7 @@ class ToolsController extends Controller
$acl = $this->getAclForUser();
if ($acl->has_right('bas_chupub')
if ($acl->has_right(\ACL::BAS_CHUPUB)
&& $acl->has_right_on_base($record->getBaseId(), \ACL::CANMODIFRECORD)
&& $acl->has_right_on_base($record->getBaseId(), \ACL::IMGTOOLS)
) {
@@ -340,7 +340,7 @@ class ToolsController extends Controller
$state = $request->request->get('state') == 'true' ? true : false;
$acl = $this->getAclForUser();
if (!$acl->has_right('bas_chupub')
if (!$acl->has_right(\ACL::BAS_CHUPUB)
|| !$acl->has_right_on_base($record->getBaseId(), \ACL::CANMODIFRECORD)
|| !$acl->has_right_on_base($record->getBaseId(), \ACL::IMGTOOLS)
|| ('document' == $subdefName && !$acl->has_right_on_base($record->getBaseId(), \ACL::CANDWNLDHD))

4
lib/Alchemy/Phrasea/Controller/Prod/UploadController.php
View File

@@ -115,7 +115,7 @@ class UploadController extends Controller
throw new BadRequestHttpException('Missing base_id parameter');
}
if (!$this->getAclForUser()->has_right_on_base($base_id, 'canaddrecord')) {
if (!$this->getAclForUser()->has_right_on_base($base_id, \ACL::CANADDRECORD)) {
throw new AccessDeniedHttpException('User is not allowed to add record on this collection');
}
@@ -243,7 +243,7 @@ class UploadController extends Controller
{
$collections = [];
foreach ($acl->get_granted_base(['canaddrecord']) as $collection) {
foreach ($acl->get_granted_base([\ACL::CANADDRECORD]) as $collection) {
$databox = $collection->get_databox();
if ( ! isset($collections[$databox->get_sbas_id()])) {

2
lib/Alchemy/Phrasea/Controller/Report/RootController.php
View File

@@ -53,7 +53,7 @@ class RootController extends Controller
$granted = [];
foreach ($this->getAclForUser()->get_granted_base(['canreport']) as $collection) {
foreach ($this->getAclForUser()->get_granted_base([\ACL::CANREPORT]) as $collection) {
if (!isset($granted[$collection->get_sbas_id()])) {
$granted[$collection->get_sbas_id()] = [
'id' => $collection->get_sbas_id(),

4
lib/Alchemy/Phrasea/ControllerProvider/Admin/Databox.php
View File

@@ -135,11 +135,11 @@ class Databox implements ControllerProviderInterface, ServiceProviderInterface
public function requireManageRightOnSbas(Request $request, Application $app)
{
$this->getFirewall($app)->requireRightOnSbas($request->attributes->get('databox_id'), 'bas_manage');
$this->getFirewall($app)->requireRightOnSbas($request->attributes->get('databox_id'), \ACL::BAS_MANAGE);
}
public function requireChangeSbasStructureRight(Request $request, Application $app)
{
$this->getFirewall($app)->requireRightOnSbas($request->attributes->get('databox_id'), 'bas_modify_struct');
$this->getFirewall($app)->requireRightOnSbas($request->attributes->get('databox_id'), \ACL::BAS_MODIFY_STRUCT);
}
}

2
lib/Alchemy/Phrasea/ControllerProvider/Admin/Feeds.php
View File

@@ -41,7 +41,7 @@ class Feeds implements ControllerProviderInterface, ServiceProviderInterface
$controllers->before(function () use ($firewall) {
$firewall
->requireAccessToModule('admin')
->requireRight('bas_chupub');
->requireRight(\ACL::BAS_CHUPUB);
});
$controllers->get('/list/', 'controller.admin.feeds:listFeedsAction')

2
lib/Alchemy/Phrasea/ControllerProvider/Admin/Fields.php
View File

@@ -51,7 +51,7 @@ class Fields implements ControllerProviderInterface, ServiceProviderInterface
$controllers->before(function () use ($firewall) {
$firewall
->requireAccessToModule('admin')
->requireRight('bas_modify_struct');
->requireRight(\ACL::BAS_MODIFY_STRUCT);
});
$controllers->get('/language.json', 'controller.admin.fields:getLanguage')

2
lib/Alchemy/Phrasea/ControllerProvider/Admin/Subdefs.php
View File

@@ -41,7 +41,7 @@ class Subdefs implements ControllerProviderInterface, ServiceProviderInterface
$controllers->before(function (Request $request) use ($firewall) {
$firewall->requireAccessToModule('admin')
->requireRightOnSbas($request->attributes->get('sbas_id'), 'bas_modify_struct');
->requireRightOnSbas($request->attributes->get('sbas_id'), \ACL::BAS_MODIFY_STRUCT);
});
$controllers->get('/{sbas_id}/', 'controller.admin.subdefs:indexAction')

2
lib/Alchemy/Phrasea/ControllerProvider/Admin/TaskManager.php
View File

@@ -46,7 +46,7 @@ class TaskManager implements ControllerProviderInterface, ServiceProviderInterfa
};
$controllers->before(function () use ($firewall) {
$firewall->requireRight('taskmanager');
$firewall->requireRight(\ACL::TASKMANAGER);
});
$controllers

2
lib/Alchemy/Phrasea/ControllerProvider/Prod/Bridge.php
View File

@@ -40,7 +40,7 @@ class Bridge implements ControllerProviderInterface, ServiceProviderInterface
$firewall = $this->getFirewall($app);
$controllers->before(function () use ($firewall) {
$firewall->requireRight('bas_chupub');
$firewall->requireRight(\ACL::BAS_CHUPUB);
});
$controllers

2
lib/Alchemy/Phrasea/ControllerProvider/Prod/Order.php
View File

@@ -72,7 +72,7 @@ class Order implements ControllerProviderInterface, ServiceProviderInterface
};
$controllers->before(function () use ($firewall) {
$firewall->requireRight('order');
$firewall->requireRight(\ACL::CANCMD);
});
$controllers->get('/', 'controller.prod.order:displayOrders')

2
lib/Alchemy/Phrasea/ControllerProvider/Prod/Push.php
View File

@@ -46,7 +46,7 @@ class Push implements ControllerProviderInterface, ServiceProviderInterface
$firewall = $this->getFirewall($app);
$controllers->before(function () use ($firewall) {
$firewall->requireRight('push');
$firewall->requireRight(\ACL::CANPUSH);
});
$controllers->post('/sendform/', 'controller.prod.push:postFormAction');

2
lib/Alchemy/Phrasea/ControllerProvider/Prod/Share.php
View File

@@ -49,7 +49,7 @@ class Share implements ControllerProviderInterface, ServiceProviderInterface
->before(function (Request $request) use ($app, $firewall) {
$firewall->requireRightOnSbas(
\phrasea::sbasFromBas($app, $request->attributes->get('base_id')),
'bas_chupub'
\ACL::BAS_CHUPUB
);
})
->bind('share_record');

2
lib/Alchemy/Phrasea/Core/Event/Subscriber/LazaretSubscriber.php
View File

@@ -38,7 +38,7 @@ class LazaretSubscriber extends AbstractNotificationSubscriber
$query = $this->app['phraseanet.user-query'];
$users = $query
->on_base_ids([$lazaretFile->getBaseId()])
->who_have_right(['canaddrecord'])
->who_have_right([\ACL::CANADDRECORD])
->execute()
->get_results();

137
lib/Alchemy/Phrasea/Helper/User/Edit.php
View File

@@ -86,53 +86,52 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
{
$list = array_keys($this->app->getAclForUser($this->app->getAuthenticatedUser())->get_granted_base([\ACL::CANADMIN]));
$sql = "SELECT
b.sbas_id,
b.base_id,
sum(actif) as actif,
sum(canputinalbum) as canputinalbum,
sum(candwnldpreview) as candwnldpreview,
sum(candwnldhd) as candwnldhd,
sum(cancmd) as cancmd,
sum(nowatermark) as nowatermark,
$sql = "SELECT b.sbas_id, b.base_id,\n"
sum(canaddrecord) as canaddrecord,
sum(canmodifrecord) as canmodifrecord,
sum(chgstatus) as chgstatus,
sum(candeleterecord) as candeleterecord,
sum(imgtools) as imgtools,
. " SUM(actif) AS actif,\n"
. " SUM(canputinalbum) AS canputinalbum,\n"
. " SUM(candwnldpreview) AS candwnldpreview,\n"
. " SUM(candwnldhd) AS candwnldhd,\n"
. " SUM(cancmd) AS cancmd,\n"
. " SUM(nowatermark) AS nowatermark,\n"
sum(canadmin) as canadmin,
sum(canreport) as canreport,
sum(canpush) as canpush,
sum(manage) as manage,
sum(modify_struct) as modify_struct,
. " SUM(canaddrecord) AS canaddrecord,\n"
. " SUM(canmodifrecord) AS canmodifrecord,\n"
. " SUM(chgstatus) AS chgstatus,\n"
. " SUM(candeleterecord) AS candeleterecord,\n"
. " SUM(imgtools) AS imgtools,\n"
sum(sbu.bas_modif_th) as bas_modif_th,
sum(sbu.bas_manage) as bas_manage,
sum(sbu.bas_modify_struct) as bas_modify_struct,
sum(sbu.bas_chupub) as bas_chupub,
. " SUM(canadmin) AS canadmin,\n"
. " SUM(canreport) AS canreport,\n"
. " SUM(canpush) AS canpush,\n"
. " SUM(manage) AS manage,\n"
. " SUM(modify_struct) AS modify_struct,\n"
sum(time_limited) as time_limited,
DATE_FORMAT(limited_from,'%Y%m%d') as limited_from,
DATE_FORMAT(limited_to,'%Y%m%d') as limited_to,
. " SUM(sbu.bas_modif_th) AS bas_modif_th,\n"
. " SUM(sbu.bas_manage) AS bas_manage,\n"
. " SUM(sbu.bas_modify_struct) AS bas_modify_struct,\n"
. " SUM(sbu.bas_chupub) AS bas_chupub,\n"
sum(restrict_dwnld) as restrict_dwnld,
sum(remain_dwnld) as remain_dwnld,
sum(month_dwnld_max) as month_dwnld_max,
. " SUM(time_limited) AS time_limited,\n"
. " SUM(restrict_dwnld) AS restrict_dwnld,\n"
sum(mask_and + mask_xor) as masks
// --- wtf doing sum on non booleans ?
. " SUM(remain_dwnld) AS remain_dwnld,\n"
. " SUM(month_dwnld_max) AS month_dwnld_max,\n"
. " SUM(mask_and + mask_xor) AS masks,\n"
// ---
FROM (Users u, bas b, sbas s)
LEFT JOIN (basusr bu)
ON (bu.base_id = b.base_id AND u.id = bu.usr_id)
LEFT join sbasusr sbu
ON (sbu.sbas_id = b.sbas_id AND u.id = sbu.usr_id)
WHERE ( (u.id IN (:users) )
AND b.sbas_id = s.sbas_id
AND (b.base_id IN (:bases)))
GROUP BY b.base_id
ORDER BY s.ord, s.sbas_id, b.ord, b.base_id ";
// -- wtf no aggregate fct ?
. " DATE_FORMAT(limited_from,'%Y%m%d') AS limited_from,\n"
. " DATE_FORMAT(limited_to,'%Y%m%d') AS limited_to\n"
// ---
. " FROM (Users u, bas b, sbas s)\n"
. " LEFT JOIN (basusr bu) ON (bu.base_id = b.base_id AND u.id = bu.usr_id)\n"
. " LEFT join sbasusr sbu ON (sbu.sbas_id = b.sbas_id AND u.id = sbu.usr_id)\n"
. " WHERE ( (u.id IN (:users) ) AND b.sbas_id = s.sbas_id AND (b.base_id IN (:bases)))\n"
. " GROUP BY b.base_id\n"
. " ORDER BY s.ord, s.sbas_id, b.ord, b.base_id ";
$rs = $this->app->getApplicationBox()->get_connection()->fetchAll(
$sql,
@@ -146,10 +145,10 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
]
);
$sql = 'SELECT base_id, sum(1) as access FROM basusr
WHERE (usr_id IN (:users))
AND (base_id IN (:bases))
GROUP BY base_id';
$sql = "SELECT base_id, SUM(1) AS access FROM basusr\n"
. " WHERE (usr_id IN (:users)) AND (base_id IN (:bases))\n"
. " GROUP BY base_id";
$access = $this->app->getApplicationBox()->get_connection()->fetchAll(
$sql,
[
@@ -164,12 +163,13 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
$base_ids = [];
foreach ($access as $acc) {
$base_ids[$acc['base_id']] = $acc;
$base_ids[$acc['base_id']] = $acc['access'];
}
unset($access);
// add a 'access' column
foreach ($rs as $k => $row) {
$rs[$k]['access'] = array_key_exists($row['base_id'], $base_ids) ? $base_ids[$row['base_id']]['access'] : '0';
$rs[$k]['access'] = array_key_exists($row['base_id'], $base_ids) ? $base_ids[$row['base_id']] : '0';
foreach ($row as $dk => $data) {
if (is_null($data))
$rs[$k][$dk] = '0';
@@ -483,7 +483,7 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
foreach ($base_ids as $base_id) {
$rights = [
'access',
\ACL::ACCESS,
\ACL::ACTIF,
\ACL::CANPUTINALBUM,
\ACL::NOWATERMARK,
@@ -498,12 +498,12 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
\ACL::CANADMIN,
\ACL::CANREPORT,
\ACL::CANPUSH,
\ACL::MANAGE,
\ACL::MODIFY_STRUCT
\ACL::COLL_MANAGE,
\ACL::COLL_MODIFY_STRUCT
];
foreach ($rights as $k => $right) {
if (($right == 'access' && !$ACL->has_access_to_base($base_id))
|| ($right != 'access' && !$ACL->has_right_on_base($base_id, $right))) {
if (($right == \ACL::ACCESS && !$ACL->has_access_to_base($base_id))
|| ($right != \ACL::ACCESS && !$ACL->has_right_on_base($base_id, $right))) {
unset($rights[$k]);
continue;
}
@@ -520,7 +520,7 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
$p = implode('_', $serial);
if ($p == 'access') {
if ($p == \ACL::ACCESS) {
if ($v === '1') {
$create_sbas[\phrasea::sbasFromBas($this->app, $base_id)] = \phrasea::sbasFromBas($this->app, $base_id);
$create[] = $base_id;
@@ -537,10 +537,10 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
foreach ($sbas_ids as $databox) {
$rights = [
'bas_modif_th',
'bas_manage',
'bas_modify_struct',
'bas_chupub'
\ACL::BAS_MODIF_TH,
\ACL::BAS_MANAGE,
\ACL::BAS_MODIFY_STRUCT,
\ACL::BAS_CHUPUB
];
foreach ($rights as $k => $right) {
if (!$ACL->has_right_on_sbas($databox->get_sbas_id(), $right)) {
@@ -569,6 +569,7 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
try {
$this->app->getApplicationBox()->get_connection()->beginTransaction();
/** @var User $user */
$user = $this->app['repo.users']->find($usr_id);
$this->app->getAclForUser($user)->revoke_access_from_bases($delete)
@@ -611,18 +612,18 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
}
$infos = [
'gender'
, 'first_name'
, 'last_name'
, 'email'
, 'address'
, 'zip'
, 'geonameid'
, 'function'
, 'company'
, 'activite'
, 'telephone'
, 'fax'
'gender',
'first_name',
'last_name',
'email',
'address',
'zip',
'geonameid',
'function',
'company',
'activite',
'telephone',
'fax'
];
$parm = $this->unserializedRequestData($this->request, $infos, 'user_infos');

40
lib/Alchemy/Phrasea/Model/Manipulator/ACLManipulator.php
View File

@@ -72,10 +72,10 @@ class ACLManipulator implements ManipulatorInterface
$collections = $databox->get_collections();
$acl->update_rights_to_sbas($databox->get_sbas_id(), [
'bas_manage' => '1',
'bas_modify_struct' => '1',
'bas_modif_th' => '1',
'bas_chupub' => '1'
\ACL::BAS_MANAGE => '1',
\ACL::BAS_MODIFY_STRUCT => '1',
\ACL::BAS_MODIF_TH => '1',
\ACL::BAS_CHUPUB => '1'
]);
$acl->give_access_to_base(array_map(function (\collection $collection) {
@@ -101,24 +101,24 @@ class ACLManipulator implements ManipulatorInterface
$acl->remove_quotas_on_base($baseId);
$acl->set_masks_on_base($baseId, '0', '0', '0', '0');
$acl->update_rights_to_base($baseId, [
\ACL::CANPUTINALBUM => '1',
\ACL::CANDWNLDHD => '1',
\ACL::CANPUTINALBUM => '1',
\ACL::CANDWNLDHD => '1',
'candwnldsubdef' => '1',
\ACL::NOWATERMARK => '1',
\ACL::CANDWNLDPREVIEW => '1',
\ACL::CANCMD => '1',
\ACL::CANADMIN => '1',
\ACL::CANREPORT => '1',
\ACL::CANPUSH => '1',
\ACL::NOWATERMARK => '1',
\ACL::CANDWNLDPREVIEW => '1',
\ACL::CANCMD => '1',
\ACL::CANADMIN => '1',
\ACL::CANREPORT => '1',
\ACL::CANPUSH => '1',
'creationdate' => '1',
\ACL::CANADDRECORD => '1',
\ACL::CANMODIFRECORD => '1',
\ACL::CANDELETERECORD => '1',
\ACL::CHGSTATUS => '1',
\ACL::IMGTOOLS => '1',
\ACL::MANAGE => '1',
\ACL::MODIFY_STRUCT => '1',
'bas_modify_struct' => '1'
\ACL::CANADDRECORD => '1',
\ACL::CANMODIFRECORD => '1',
\ACL::CANDELETERECORD => '1',
\ACL::CHGSTATUS => '1',
\ACL::IMGTOOLS => '1',
\ACL::COLL_MANAGE => '1',
\ACL::COLL_MODIFY_STRUCT => '1',
\ACL::BAS_MODIFY_STRUCT => '1'
]);
}

2
lib/Alchemy/Phrasea/Order/Controller/ApiOrderController.php
View File

@@ -240,7 +240,7 @@ class ApiOrderController extends BaseOrderController
$filtered = [];
foreach ($records as $index => $record) {
if ($acl->has_right_on_base($record->getBaseId(), 'cancmd')) {
if ($acl->has_right_on_base($record->getBaseId(), \ACL::CANCMD)) {
$filtered[$index] = $record;
}
}

4
lib/Alchemy/Phrasea/Out/Module/PDF.php
View File

@@ -166,7 +166,7 @@ class PDF
$fimg = $subdef->getRealPath();
if (!$this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_base($rec->getBaseId(), "nowatermark")
if (!$this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_base($rec->getBaseId(), \ACL::NOWATERMARK)
&& $subdef->get_type() == \media_subdef::TYPE_IMAGE) {
$fimg = \recordutils_image::watermark($this->app, $subdef);
}
@@ -438,7 +438,7 @@ class PDF
$f = $subdef->getRealPath();
if (!$this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_base($rec->getBaseId(), "nowatermark")
if (!$this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_base($rec->getBaseId(), \ACL::NOWATERMARK)
&& $subdef->get_type() == \media_subdef::TYPE_IMAGE)
$f = \recordutils_image::watermark($this->app, $subdef);

46
lib/Alchemy/Phrasea/Setup/Installer.php
View File

@@ -60,33 +60,35 @@ class Installer
->give_access_to_sbas([$databox->get_sbas_id()])
->update_rights_to_sbas(
$databox->get_sbas_id(), [
'bas_manage' => 1,
'bas_modify_struct' => 1,
'bas_modif_th' => 1,
'bas_chupub' => 1
\ACL::BAS_MANAGE => 1,
\ACL::BAS_MODIFY_STRUCT => 1,
\ACL::BAS_MODIF_TH => 1,
\ACL::BAS_CHUPUB => 1
]
);
$collection = \collection::create($this->app, $databox, $this->app['phraseanet.appbox'], 'test', $admin);
$this->app->getAclForUser($admin)->give_access_to_base([$collection->get_base_id()]);
$this->app->getAclForUser($admin)->update_rights_to_base($collection->get_base_id(), [
\ACL::CANPUSH => 1,
\ACL::CANCMD => 1,
\ACL::CANPUTINALBUM => 1,
\ACL::CANDWNLDHD => 1,
\ACL::CANDWNLDPREVIEW => 1,
\ACL::CANADMIN => 1,
\ACL::ACTIF => 1,
\ACL::CANREPORT => 1,
\ACL::CANADDRECORD => 1,
\ACL::CANMODIFRECORD => 1,
\ACL::CANDELETERECORD => 1,
\ACL::CHGSTATUS => 1,
\ACL::IMGTOOLS => 1,
\ACL::MANAGE => 1,
\ACL::MODIFY_STRUCT => 1,
\ACL::NOWATERMARK => 1
$this->app->getAclForUser($admin)
->give_access_to_base([$collection->get_base_id()]);
$this->app->getAclForUser($admin)
->update_rights_to_base($collection->get_base_id(), [
\ACL::CANPUSH => 1,
\ACL::CANCMD => 1,
\ACL::CANPUTINALBUM => 1,
\ACL::CANDWNLDHD => 1,
\ACL::CANDWNLDPREVIEW => 1,
\ACL::CANADMIN => 1,
\ACL::ACTIF => 1,
\ACL::CANREPORT => 1,
\ACL::CANADDRECORD => 1,
\ACL::CANMODIFRECORD => 1,
\ACL::CANDELETERECORD => 1,
\ACL::CHGSTATUS => 1,
\ACL::IMGTOOLS => 1,
\ACL::COLL_MANAGE => 1,
\ACL::COLL_MODIFY_STRUCT => 1,
\ACL::NOWATERMARK => 1
]
);

222
lib/classes/ACL.php
View File

@@ -32,6 +32,12 @@ use Doctrine\DBAL\DBALException;
class ACL implements cache_cacheableInterface
{
const BAS_MODIF_TH = 'bas_modif_th';
const BAS_MODIFY_STRUCT = 'bas_modify_struct';
const BAS_MANAGE = 'bas_manage';
const BAS_CHUPUB = 'bas_chupub';
const ACCESS = 'access';
const ACTIF = 'actif';
const CANADDRECORD = 'canaddrecord';
const CANADMIN = 'canadmin';
@@ -49,24 +55,27 @@ class ACL implements cache_cacheableInterface
const COLL_MODIFY_STRUCT = 'modify_struct';
const NOWATERMARK = 'nowatermark';
const ORDER_MASTER = 'order_master';
const RESTRICT_DWNLD = 'restrict_dwnld';
const TASKMANAGER = 'taskmanager';
protected static $bas_rights = [
'actif',
'canaddrecord',
self::ACTIF,
self::CANADDRECORD,
self::CANADMIN,
'cancmd',
self::CANCMD,
self::CANDELETERECORD,
self::CANDWNLDHD,
self::CANDWNLDPREVIEW,
self::CANMODIFRECORD,
'canpush',
self::CANPUSH,
self::CANPUTINALBUM,
'canreport',
self::CANREPORT,
self::CHGSTATUS,
self::IMGTOOLS,
self::COLL_MANAGE,
self::COLL_MODIFY_STRUCT,
'nowatermark',
self::NOWATERMARK,
self::ORDER_MASTER,
];
@@ -106,26 +115,28 @@ class ACL implements cache_cacheableInterface
protected $is_admin;
protected $_global_rights = [
self::CANADDRECORD => false,
self::CANPUTINALBUM => false,
'bas_chupub' => false,
'bas_manage' => false,
'bas_modif_th' => false,
'bas_modify_struct' => false,
self::CANADDRECORD => false,
self::CANPUTINALBUM => false,
self::CANDWNLDHD => true,
'candwnldpreview' => true,
self::CHGSTATUS => false,
self::CANDWNLDPREVIEW => true,
self::CHGSTATUS => false,
self::COLL_MANAGE => false,
self::COLL_MODIFY_STRUCT => false,
self::CANDELETERECORD => false,
self::CANDELETERECORD => false,
self::IMGTOOLS => false,
self::CANADMIN => false,
self::CANMODIFRECORD => false,
'order' => false,
self::CANADMIN => false,
self::CANMODIFRECORD => false,
self::CANCMD => false,
self::ORDER_MASTER => false,
'push' => false,
'report' => false,
'taskmanager' => false,
self::CANPUSH => false,
self::CANREPORT => false,
self::BAS_CHUPUB => false,
self::BAS_MANAGE => false,
self::BAS_MODIF_TH => false,
self::BAS_MODIFY_STRUCT => false,
self::TASKMANAGER => false,
];
/**
@@ -334,7 +345,12 @@ class ACL implements cache_cacheableInterface
$sbas_ids = array_unique($sbas_ids);
$sbas_rights = ['bas_manage', 'bas_modify_struct', 'bas_modif_th', 'bas_chupub'];
$sbas_rights = [
self::BAS_MANAGE,
self::BAS_MODIFY_STRUCT,
self::BAS_MODIF_TH,
self::BAS_CHUPUB
];
$sbas_to_acces = [];
$rights_to_give = [];
@@ -559,7 +575,7 @@ class ACL implements cache_cacheableInterface
return false;
}
return $this->_rights_bas[$base_id]['restrict_dwnld'];
return $this->_rights_bas[$base_id][self::RESTRICT_DWNLD];
}
/**
@@ -689,7 +705,7 @@ class ACL implements cache_cacheableInterface
$this->load_rights_bas();
return (isset($this->_rights_bas[$base_id]) &&
$this->_rights_bas[$base_id]['actif'] === true);
$this->_rights_bas[$base_id][self::ACTIF] === true);
}
/**
@@ -903,18 +919,18 @@ class ACL implements cache_cacheableInterface
$this->_rights_sbas = [];
$this->_global_rights['bas_modif_th'] = false;
$this->_global_rights['bas_modify_struct'] = false;
$this->_global_rights['bas_manage'] = false;
$this->_global_rights['bas_chupub'] = false;
$this->_global_rights[self::BAS_MODIF_TH] = false;
$this->_global_rights[self::BAS_MODIFY_STRUCT] = false;
$this->_global_rights[self::BAS_MANAGE] = false;
$this->_global_rights[self::BAS_CHUPUB] = false;
foreach ($rs as $row) {
$sbid = $row['sbas_id'];
$this->_rights_sbas[$sbid] = [];
$this->_global_rights['bas_modif_th'] |= ($this->_rights_sbas[$sbid]['bas_modif_th'] = ($row['bas_modif_th'] == '1'));
$this->_global_rights['bas_modify_struct'] |= ($this->_rights_sbas[$sbid]['bas_modify_struct'] = ($row['bas_modify_struct'] == '1'));
$this->_global_rights['bas_manage'] |= ($this->_rights_sbas[$sbid]['bas_manage'] = ($row['bas_manage'] == '1'));
$this->_global_rights['bas_chupub'] |= ($this->_rights_sbas[$sbid]['bas_chupub'] = ($row['bas_chupub'] == '1'));
$this->_global_rights[self::BAS_MODIF_TH] |= ($this->_rights_sbas[$sbid][self::BAS_MODIF_TH] = ($row['bas_modif_th'] == '1'));
$this->_global_rights[self::BAS_MODIFY_STRUCT] |= ($this->_rights_sbas[$sbid][self::BAS_MODIFY_STRUCT] = ($row['bas_modify_struct'] == '1'));
$this->_global_rights[self::BAS_MANAGE] |= ($this->_rights_sbas[$sbid][self::BAS_MANAGE] = ($row['bas_manage'] == '1'));
$this->_global_rights[self::BAS_CHUPUB] |= ($this->_rights_sbas[$sbid][self::BAS_CHUPUB] = ($row['bas_chupub'] == '1'));
}
$this->set_data_to_cache($this->_rights_sbas, self::CACHE_RIGHTS_SBAS);
$this->set_data_to_cache($this->_global_rights, self::CACHE_GLOBAL_RIGHTS);
@@ -971,15 +987,15 @@ class ACL implements cache_cacheableInterface
$this->_global_rights[self::CANADMIN] = false;
$this->_global_rights[self::COLL_MANAGE] = false;
$this->_global_rights[self::COLL_MODIFY_STRUCT] = false;
$this->_global_rights['order'] = false;
$this->_global_rights['push'] = false;
$this->_global_rights[self::CANCMD] = false;
$this->_global_rights[self::CANPUSH] = false;
$this->_global_rights[self::CANADDRECORD] = false;
$this->_global_rights[self::CANMODIFRECORD] = false;
$this->_global_rights[self::CHGSTATUS] = false;
$this->_global_rights[self::IMGTOOLS] = false;
$this->_global_rights[self::CANDELETERECORD] = false;
$this->_global_rights[self::CANPUTINALBUM] = false;
$this->_global_rights['report'] = false;
$this->_global_rights[self::CANREPORT] = false;
$this->_global_rights[self::CANDWNLDPREVIEW] = false;
$this->_global_rights[self::CANDWNLDHD] = false;
$this->_global_rights[self::ORDER_MASTER] = false;
@@ -999,23 +1015,24 @@ class ACL implements cache_cacheableInterface
];
}
$this->_global_rights[self::IMGTOOLS] |= ($this->_rights_bas[$bid][self::IMGTOOLS] = ($row['imgtools'] == '1'));
$this->_global_rights[self::CHGSTATUS] |= ($this->_rights_bas[$bid][self::CHGSTATUS] = ($row['chgstatus'] == '1'));
$this->_global_rights['order'] |= ($this->_rights_bas[$bid]['cancmd'] = ($row['cancmd'] == '1'));
$this->_global_rights[self::CANADDRECORD] |= ($this->_rights_bas[$bid][self::CANADDRECORD] = ($row['canaddrecord'] == '1'));
$this->_global_rights['push'] |= ($this->_rights_bas[$bid]['canpush'] = ($row['canpush'] == '1'));
$this->_global_rights[self::CANDELETERECORD] |= ($this->_rights_bas[$bid][self::CANDELETERECORD] = ($row['candeleterecord'] == '1'));
$this->_global_rights[self::CANADMIN] |= ($this->_rights_bas[$bid][self::CANADMIN] = ($row['canadmin'] == '1'));
$this->_global_rights[self::CANDWNLDPREVIEW] |= ($this->_rights_bas[$bid][self::CANDWNLDPREVIEW] = ($row['candwnldpreview'] == '1'));
$this->_global_rights[self::CANDWNLDHD] |= ($this->_rights_bas[$bid][self::CANDWNLDHD] = ($row['candwnldhd'] == '1'));
$this->_global_rights[self::CANMODIFRECORD] |= ($this->_rights_bas[$bid][self::CANMODIFRECORD] = ($row['canmodifrecord'] == '1'));
$this->_global_rights[self::CANPUTINALBUM] |= ($this->_rights_bas[$bid][self::CANPUTINALBUM] = ($row['canputinalbum'] == '1'));
$this->_global_rights['report'] |= ($this->_rights_bas[$bid]['canreport'] = ($row['canreport'] == '1'));
$this->_global_rights[self::COLL_MODIFY_STRUCT] |= ($this->_rights_bas[$bid][self::COLL_MODIFY_STRUCT] = ($row['modify_struct'] == '1'));
$this->_global_rights[self::COLL_MANAGE] |= ($this->_rights_bas[$bid][self::COLL_MANAGE] = ($row['manage'] == '1'));
$this->_global_rights[self::ORDER_MASTER] |= ($this->_rights_bas[$bid][self::ORDER_MASTER] = ($row[\ACL::ORDER_MASTER] == '1'));
$this->_rights_bas[$bid]['nowatermark'] = ($row['nowatermark'] == '1');
$this->_rights_bas[$bid]['restrict_dwnld'] = ($row['restrict_dwnld'] == '1');
$this->_global_rights[self::IMGTOOLS] |= ($this->_rights_bas[$bid][self::IMGTOOLS] = ($row['imgtools'] == '1'));
$this->_global_rights[self::CHGSTATUS] |= ($this->_rights_bas[$bid][self::CHGSTATUS] = ($row['chgstatus'] == '1'));
$this->_global_rights[self::CANCMD] |= ($this->_rights_bas[$bid][self::CANCMD] = ($row['cancmd'] == '1'));
$this->_global_rights[self::CANADDRECORD] |= ($this->_rights_bas[$bid][self::CANADDRECORD] = ($row['canaddrecord'] == '1'));
$this->_global_rights[self::CANPUSH] |= ($this->_rights_bas[$bid][self::CANPUSH] = ($row['canpush'] == '1'));
$this->_global_rights[self::CANDELETERECORD] |= ($this->_rights_bas[$bid][self::CANDELETERECORD] = ($row['candeleterecord'] == '1'));
$this->_global_rights[self::CANADMIN] |= ($this->_rights_bas[$bid][self::CANADMIN] = ($row['canadmin'] == '1'));
$this->_global_rights[self::CANDWNLDPREVIEW] |= ($this->_rights_bas[$bid][self::CANDWNLDPREVIEW] = ($row['candwnldpreview'] == '1'));
$this->_global_rights[self::CANDWNLDHD] |= ($this->_rights_bas[$bid][self::CANDWNLDHD] = ($row['candwnldhd'] == '1'));
$this->_global_rights[self::CANMODIFRECORD] |= ($this->_rights_bas[$bid][self::CANMODIFRECORD] = ($row['canmodifrecord'] == '1'));
$this->_global_rights[self::CANPUTINALBUM] |= ($this->_rights_bas[$bid][self::CANPUTINALBUM] = ($row['canputinalbum'] == '1'));
$this->_global_rights[self::CANREPORT] |= ($this->_rights_bas[$bid][self::CANREPORT] = ($row['canreport'] == '1'));
$this->_global_rights[self::COLL_MODIFY_STRUCT] |= ($this->_rights_bas[$bid][self::COLL_MODIFY_STRUCT] = ($row['modify_struct'] == '1'));
$this->_global_rights[self::COLL_MANAGE] |= ($this->_rights_bas[$bid][self::COLL_MANAGE] = ($row['manage'] == '1'));
$this->_global_rights[self::ORDER_MASTER] |= ($this->_rights_bas[$bid][self::ORDER_MASTER] = ($row['order_master'] == '1'));
$this->_rights_bas[$bid][self::NOWATERMARK] = ($row['nowatermark'] == '1');
$this->_rights_bas[$bid][self::RESTRICT_DWNLD] = ($row['restrict_dwnld'] == '1');
$this->_rights_bas[$bid]['remain_dwnld'] = (int) $row['remain_dwnld'];
$this->_rights_bas[$bid]['mask_and'] = (int) $row['mask_and'];
$this->_rights_bas[$bid]['mask_xor'] = (int) $row['mask_xor'];
@@ -1024,7 +1041,7 @@ class ACL implements cache_cacheableInterface
$row['limited_to'] = $row['limited_to'] == '0000-00-00 00:00:00' ? '' : trim($row['limited_to']);
if ($row['time_limited'] == '1' && ($row['limited_from'] !== '' || $row['limited_to'] !== '')) {
$this->_limited[$row['base_id']] = [
$this->_limited[$bid] = [
'dmin' => $row['limited_from'] ? new DateTime($row['limited_from']) : null,
'dmax' => $row['limited_to'] ? new DateTime($row['limited_to']) : null
];
@@ -1047,7 +1064,7 @@ class ACL implements cache_cacheableInterface
{
$this->load_rights_bas();
$this->load_rights_sbas();
$this->_global_rights['taskmanager'] = $this->is_admin();
$this->_global_rights[self::TASKMANAGER] = $this->is_admin();
return $this;
}
@@ -1063,21 +1080,21 @@ class ACL implements cache_cacheableInterface
switch ($module_name) {
case 'admin':
return (
($this->has_right('bas_modify_struct') ||
($this->has_right(self::BAS_MODIFY_STRUCT) ||
$this->has_right(self::COLL_MODIFY_STRUCT) ||
$this->has_right('bas_manage') ||
$this->has_right(self::BAS_MANAGE) ||
$this->has_right(self::COLL_MANAGE) ||
$this->has_right(self::CANADMIN) ||
$this->is_admin()) );
break;
case 'thesaurus':
return ($this->has_right('bas_modif_th') === true );
return ($this->has_right(self::BAS_MODIF_TH) === true );
break;
case 'upload':
return ($this->has_right(self::CANADDRECORD) === true);
break;
case 'report':
return ($this->has_right('report') === true);
return ($this->has_right(self::CANREPORT) === true);
break;
default:
break;
@@ -1087,9 +1104,10 @@ class ACL implements cache_cacheableInterface
}
/**
*
* @param array $base_ids
* @return ACL
* @param array $base_ids
* @return $this
* @throws DBALException
* @throws Exception
*/
public function revoke_access_from_bases(Array $base_ids)
{
@@ -1126,31 +1144,40 @@ class ACL implements cache_cacheableInterface
*/
public function give_access_to_base(Array $base_ids)
{
$sql = "INSERT INTO basusr (id, base_id, usr_id, actif)\n"
. "VALUES (null, :base_id, :usr_id, '1')\n"
. "ON DUPLICATE KEY UPDATE actif='1";
$stmt = $this->app->getApplicationBox()->get_connection()->prepare($sql);
$usr_id = $this->user->getId();
$this->load_rights_bas();
$sql_i = "INSERT INTO basusr (base_id, usr_id, actif) VALUES (:base_id, :usr_id, '1')";
$sql_u = "UPDATE basusr SET UPDATE actif='1' WHERE base_id = :base_id AND usr_id = :usr_id";
$stmt_i = $this->app->getApplicationBox()->get_connection()->prepare($sql_i);
$stmt_u = $this->app->getApplicationBox()->get_connection()->prepare($sql_u);
$usr_id = $this->user->getId();
foreach ($base_ids as $base_id) {
if (!isset($this->_rights_bas[$base_id]) || $this->_rights_bas[$base_id]['actif'] === false) {
$stmt->execute([':base_id' => $base_id, ':usr_id' => $usr_id]);
if($stmt->rowCount() > 0) {
$this->app['dispatcher']->dispatch(
AclEvents::ACCESS_TO_BASE_GRANTED,
new AccessToBaseGrantedEvent(
$this,
array(
'base_id'=>$base_id
if (!isset($this->_rights_bas[$base_id]) || $this->_rights_bas[$base_id][self::ACTIF] === false) {
try {
$stmt_i->execute([':base_id' => $base_id, ':usr_id' => $usr_id]);
if($stmt_i->rowCount() > 0) {
$this->app['dispatcher']->dispatch(
AclEvents::ACCESS_TO_BASE_GRANTED,
new AccessToBaseGrantedEvent(
$this,
array(
'base_id'=>$base_id
)
)
)
);
);
}
else {
$stmt_u->execute([':base_id' => $base_id, ':usr_id' => $usr_id]);
}
}
catch(\Exception $e) {
// no-opp
}
}
}
$stmt->closeCursor();
$stmt_u->closeCursor();
$stmt_i->closeCursor();
$this->delete_data_from_cache(self::CACHE_RIGHTS_BAS);
$this->inject_rights();
@@ -1368,12 +1395,12 @@ class ACL implements cache_cacheableInterface
$sql = "UPDATE basusr SET remain_dwnld = month_dwnld_max\n"
. " WHERE actif = 1"
. " AND usr_id = :usr_id"
. " AND MONTH(lastconn) != MONTH(NOW()) AND restrict_dwnld = 1'";
. " AND MONTH(lastconn) != MONTH(NOW()) AND restrict_dwnld = 1";
$stmt = $this->app->getApplicationBox()->get_connection()->prepare($sql);
$stmt->execute([':usr_id' => $this->user->getId()]);
$stmt->closeCursor();
$sql = "UPDATE basusr SET lastconn=now() WHERE usr_id = :usr_id AND actif = 1";
$sql = "UPDATE basusr SET lastconn=NOW() WHERE usr_id = :usr_id AND actif = 1";
$stmt = $this->app->getApplicationBox()->get_connection()->prepare($sql);
$stmt->execute([':usr_id' => $this->user->getId()]);
$stmt->closeCursor();
@@ -1457,25 +1484,20 @@ class ACL implements cache_cacheableInterface
'mask_xor' => $row['mask_xor'],
];
$rights[self::CANPUTINALBUM] = ($row['canputinalbum'] == '1');
$rights[self::CANDWNLDHD] = ($row['candwnldhd'] == '1');
$rights[self::CANDWNLDPREVIEW] = ($row['candwnldpreview'] == '1');
if ($row['cancmd'])
$rights['cancmd'] = true;
$rights[self::CANADMIN] = ($row['canadmin'] == '1');
if ($row['canreport'])
$rights['canreport'] = true;
if ($row['canpush'])
$rights['canpush'] = true;
if ($row['nowatermark'])
$rights['nowatermark'] = true;
if ($row['canaddrecord'])
$rights['canaddrecord'] = true;
$rights[self::CANMODIFRECORD] = ($row['canmodifrecord' == '1']);
$rights[self::CANDELETERECORD] = ($row['candeleterecord'] == '1');
$rights[self::CHGSTATUS] = ($row['chgstatus'] == '1');
$rights[self::IMGTOOLS] = ($row['imgtools'] == '1');
$rights[self::COLL_MANAGE] = ($row['manage'] == '1');
$rights[self::CANPUTINALBUM] = ($row['canputinalbum'] == '1');
$rights[self::CANDWNLDHD] = ($row['candwnldhd'] == '1');
$rights[self::CANDWNLDPREVIEW] = ($row['candwnldpreview'] == '1');
$rights[self::CANCMD] = ($row['cancmd'] == '1');
$rights[self::CANADMIN] = ($row['canadmin'] == '1');
$rights[self::CANREPORT] = ($row['canreport'] == '1');
$rights[self::CANPUSH] = ($row['canpush'] == '1');
$rights[self::NOWATERMARK] = ($row['nowatermark'] == '1');
$rights[self::CANADDRECORD] = ($row['canaddrecord'] == '1');
$rights[self::CANMODIFRECORD] = ($row['canmodifrecord' == '1']);
$rights[self::CANDELETERECORD] = ($row['candeleterecord'] == '1');
$rights[self::CHGSTATUS] = ($row['chgstatus'] == '1');
$rights[self::IMGTOOLS] = ($row['imgtools'] == '1');
$rights[self::COLL_MANAGE] = ($row['manage'] == '1');
$rights[self::COLL_MODIFY_STRUCT] = ($row['modify_struct'] == '1');
$this->update_rights_to_base($base_id_dest, $rights);

10
lib/classes/databox.php
View File

@@ -1120,8 +1120,10 @@ class databox extends base implements ThumbnailedElement
->give_access_to_sbas([$this->id])
->update_rights_to_sbas(
$this->id, [
'bas_manage' => 1, 'bas_modify_struct' => 1,
'bas_modif_th' => 1, 'bas_chupub' => 1
\ACL::BAS_MANAGE => 1,
\ACL::BAS_MODIFY_STRUCT => 1,
\ACL::BAS_MODIF_TH => 1,
\ACL::BAS_CHUPUB => 1
]
);
@@ -1168,8 +1170,8 @@ class databox extends base implements ThumbnailedElement
\ACL::CANDELETERECORD => 1,
\ACL::CHGSTATUS => 1,
\ACL::IMGTOOLS => 1,
\ACL::MANAGE => 1,
\ACL::MODIFY_STRUCT => 1,
\ACL::COLL_MANAGE => 1,
\ACL::COLL_MODIFY_STRUCT => 1,
\ACL::NOWATERMARK => 1
]);
}

2
lib/classes/eventsmanager/notify/validationdone.php
View File

@@ -90,6 +90,6 @@ class eventsmanager_notify_validationdone extends eventsmanager_notifyAbstract
*/
public function is_available(User $user)
{
return $this->app->getAclForUser($user)->has_right('push');
return $this->app->getAclForUser($user)->has_right(\ACL::CANPUSH);
}
}

2
lib/classes/module/report/dashboard.php
View File

@@ -241,7 +241,7 @@ class module_report_dashboard implements module_report_dashboard_componentInterf
{
$all_coll = [];
$base_ids = $this->app->getAclForUser($this->usr)->get_granted_base(['canreport']);
$base_ids = $this->app->getAclForUser($this->usr)->get_granted_base([\ACL::CANREPORT]);
foreach ($base_ids as $base_id => $collection) {
$databox = $collection->get_databox();

2
lib/classes/record/exportElement.php
View File

@@ -119,7 +119,7 @@ class record_exportElement extends record_adapter
->who_have_right([\ACL::ORDER_MASTER])
->execute()->get_results();
$go_cmd = (count($masters) > 0 && $this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_base($this->getBaseId(), 'cancmd'));
$go_cmd = (count($masters) > 0 && $this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_base($this->getBaseId(), \ACL::CANCMD));
$orderable['document'] = false;
$downloadable['document'] = false;

16
lib/classes/record/preview.php
View File

@@ -307,9 +307,10 @@ class record_preview extends record_adapter
$tab = [];
$report = $this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_base($this->getBaseId(), 'canreport');
$report = $this->app->getAclForUser($this->app->getAuthenticatedUser())
->has_right_on_base($this->getBaseId(), \ACL::CANREPORT);
$sql = 'SELECT d . * , l.user, l.usrid as usr_id, l.site
$sql = 'SELECT d.* , l.user, l.usrid as usr_id, l.site
FROM log_docs d, log l
WHERE d.log_id = l.id
AND d.record_id = :record_id ';
@@ -374,8 +375,8 @@ class record_preview extends record_adapter
return $this->view_popularity;
}
$report = $this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_base(
$this->getBaseId(), 'canreport');
$report = $this->app->getAclForUser($this->app->getAuthenticatedUser())
->has_right_on_base($this->getBaseId(), \ACL::CANREPORT);
if ( ! $report && ! $this->app['conf']->get(['registry', 'webservices', 'google-charts-enabled'])) {
$this->view_popularity = false;
@@ -458,8 +459,8 @@ class record_preview extends record_adapter
return $this->refferer_popularity;
}
$report = $this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_base(
$this->getBaseId(), 'canreport');
$report = $this->app->getAclForUser($this->app->getAuthenticatedUser())
->has_right_on_base($this->getBaseId(), \ACL::CANREPORT);
if ( ! $report && ! $this->app['conf']->get(['registry', 'webservices', 'google-charts-enabled'])) {
$this->refferer_popularity = false;
@@ -526,7 +527,8 @@ class record_preview extends record_adapter
return $this->download_popularity;
}
$report = $this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_base($this->getBaseId(), 'canreport');
$report = $this->app->getAclForUser($this->app->getAuthenticatedUser())
->has_right_on_base($this->getBaseId(), \ACL::CANREPORT);
$ret = false;
if ( ! $report && ! $this->app['conf']->get(['registry', 'webservices', 'google-charts-enabled'])) {

2
lib/classes/set/export.php
View File

@@ -512,7 +512,7 @@ class set_export extends set_abstract
'path' => $subdef->get_path(),
'file' => $subdef->get_file(),
];
if (!$this->app->getAclForUser($user)->has_right_on_base($download_element->getBaseId(), "nowatermark")
if (!$this->app->getAclForUser($user)->has_right_on_base($download_element->getBaseId(), \ACL::NOWATERMARK)
&& !$this->app->getAclForUser($user)->has_preview_grant($download_element)
&& $subdef->get_type() == media_subdef::TYPE_IMAGE
) {

8
templates/web/admin/databox/databox.html.twig
View File

@@ -30,7 +30,7 @@
<li>
{{ 'admin::base: Alias' | trans }} : <span id="viewname">{{ databox.get_label(app['locale']) }}</span>
{% if app.getAclForUser(app.getAuthenticatedUser()).has_right_on_sbas(databox.get_sbas_id(), "bas_manage") %}
{% if app.getAclForUser(app.getAuthenticatedUser()).has_right_on_sbas(databox.get_sbas_id(), constant('\\ACL::BAS_MANAGE')) %}
<img src="/assets/common/images/icons/edit_0.gif" id="show-view-name" />
<div class="well well-small" id="change-view-name" style="display:none;">
<form method="post" action="{{ path('admin_database_rename', {'databox_id': databox.get_sbas_id()}) }}">
@@ -64,7 +64,7 @@
</div>
</div>
{% if app.getAclForUser(app.getAuthenticatedUser()).has_right_on_sbas(databox.get_sbas_id(), "bas_manage") %}
{% if app.getAclForUser(app.getAuthenticatedUser()).has_right_on_sbas(databox.get_sbas_id(), constant('\\ACL::BAS_MANAGE')) %}
<div>
<form method="post" action="{{ path('admin_database_set_indexable', {'databox_id': databox.get_sbas_id()}) }}" style="margin:0;">
<label class="checkbox" for="is_indexable">
@@ -204,7 +204,7 @@
<h4>{{ "admin::base: logo impression PDF" | trans }}</h4>
<div id="printLogoDIV_OK">
<img class="thumbnail" id="printLogo" src="/custom/minilogos/logopdf_{{ databox.get_sbas_id() }}.jpg" />
{% if app.getAclForUser(app.getAuthenticatedUser()).has_right_on_sbas(databox.get_sbas_id(), "bas_manage") %}
{% if app.getAclForUser(app.getAuthenticatedUser()).has_right_on_sbas(databox.get_sbas_id(), constant('\\ACL::BAS_MANAGE')) %}
<form method="post" target="right" action="{{ path('admin_database_delete_logo', {'databox_id': databox.get_sbas_id()}) }}" >
<button class="btn btn-mini btn-danger">{{ "admin::base:collection: supprimer le logo" | trans }}</button>
</form>
@@ -212,7 +212,7 @@
</div>
<div id="printLogoDIV_NONE">
{{ "admin::base:collection: aucun fichier (minilogo, watermark ...)" | trans }}
{% if app.getAclForUser(app.getAuthenticatedUser()).has_right_on_sbas(databox.get_sbas_id(), "bas_manage") %}
{% if app.getAclForUser(app.getAuthenticatedUser()).has_right_on_sbas(databox.get_sbas_id(), constant('\\ACL::BAS_MANAGE')) %}
<input id="fileupload" class="no-ajax" type="file" name="newLogoPdf" data-url="{{ path('admin_database_submit_logo', {'databox_id': databox.get_sbas_id()}) }}" accept="image/jpg, image/jpeg">
<i>{{ "admin::base: envoyer un logo (jpeg 35px de hauteur max)" | trans }}</i>
{% endif %}

25
templates/web/admin/editusers.html.twig
View File

@@ -11,11 +11,10 @@
{% set display = 'block' %}
{% if right[name] != users|length and name != 'access' and right['access'] != users|length and type != 'sbas' %}
{% if right[name] != users|length and name != constant('\\ACL::ACCESS') and right[constant('\\ACL::ACCESS')] != users|length and type != 'sbas' %}
{% set display = 'none' %}
{% endif %}
{% if right[name] == 0 %}
{% set class = 'unchecked' %}
{% elseif right[name] == users|length %}
@@ -322,16 +321,16 @@
</div>
</td>
<td style="text-align:center;width:19px;" title="{{ 'Allowed to publish' | trans }}">
{{_self.format_checkbox(app.getAuthenticatedUser(), rights, 'bas_chupub', users, 'sbas')}}
{{_self.format_checkbox(app.getAuthenticatedUser(), rights, constant('\\ACL::BAS_CHUPUB'), users, 'sbas')}}
</td>
<td style="text-align:center;width:19px;" title="{{ 'Manage Thesaurus' | trans }}">
{{_self.format_checkbox(app.getAuthenticatedUser(), rights, 'bas_modif_th', users, 'sbas')}}
{{_self.format_checkbox(app.getAuthenticatedUser(), rights, constant('\\ACL::BAS_MODIF_TH'), users, 'sbas')}}
</td>
<td style="text-align:center;width:19px;" title="{{ 'Manage Database' | trans }}">
{{_self.format_checkbox(app.getAuthenticatedUser(), rights, 'bas_manage', users, 'sbas')}}
{{_self.format_checkbox(app.getAuthenticatedUser(), rights, constant('\\ACL::BAS_MANAGE'), users, 'sbas')}}
</td>
<td style="text-align:center;width:19px;" title="{{ 'Manage DB fields' | trans }}">
{{_self.format_checkbox(app.getAuthenticatedUser(), rights, 'bas_modify_struct', users, 'sbas')}}
{{_self.format_checkbox(app.getAuthenticatedUser(), rights, constant('\\ACL::BAS_MODIFY_STRUCT'), users, 'sbas')}}
</td>
<td style="text-align:center;width:48px;"></td>
</tr>
@@ -341,10 +340,10 @@
{{rights['base_id']|bas_labels(app)}}
</td>
<td class="users_col case_right_access" title="{{ 'Access' | trans }}">
{{_self.format_checkbox(app.getAuthenticatedUser(), rights, 'access', users, 'base')}}
{{_self.format_checkbox(app.getAuthenticatedUser(), rights, constant('\\ACL::ACCESS'), users, 'base')}}
</td>
<td class="users_col case_right_actif" title="{{ 'Active' | trans }}">
{{_self.format_checkbox(app.getAuthenticatedUser(), rights, 'actif', users, 'base')}}
{{_self.format_checkbox(app.getAuthenticatedUser(), rights, constant('\\ACL::ACTIF'), users, 'base')}}
</td>
<td class="users_col case_right_canputinalbum" title="{{ 'Allowed to add in basket' | trans }}">
{{_self.format_checkbox(app.getAuthenticatedUser(), rights, constant('\\ACL::CANPUTINALBUM'), users, 'base')}}
@@ -353,17 +352,17 @@
{{_self.format_checkbox(app.getAuthenticatedUser(), rights, constant('\\ACL::CANDWNLDPREVIEW'), users, 'base')}}
</td>
<td class="users_col case_right_nowatermark" title="{{ 'Remove watermark' | trans }}">
{{_self.format_checkbox(app.getAuthenticatedUser(), rights, 'nowatermark', users, 'base')}}
{{_self.format_checkbox(app.getAuthenticatedUser(), rights, constant('\\ACL::NOWATERMARK'), users, 'base')}}
</td>
<td class="users_col case_right_candwnldhd" title="{{ 'Access to HD' | trans }}">
{{_self.format_checkbox(app.getAuthenticatedUser(), rights, constant('\\ACL::CANDWNLDHD'), users, 'base')}}
</td>
<td class="users_col case_right_cancmd" title="{{ 'Allowed to order' | trans }}">
{{_self.format_checkbox(app.getAuthenticatedUser(), rights, 'cancmd', users, 'base')}}
{{_self.format_checkbox(app.getAuthenticatedUser(), rights, constant('\\ACL::CANCMD'), users, 'base')}}
</td>
<td class="users_col case_right_quota" title="{{ 'Set download quotas' | trans }}">
<div class="quota_trigger quota_{{rights['base_id']}} base_{{rights['base_id']}}">
{% if rights['restrict_dwnld'] > 0 %}
{% if rights[constant('\\ACL::RESTRICT_DWNLD')] > 0 %}
<img src="/assets/common/images/icons/user_details_on.png" />
{% else %}
<img src="/assets/common/images/icons/user_details_off.png" />
@@ -419,10 +418,10 @@
{{_self.format_checkbox(app.getAuthenticatedUser(), rights, constant('\\ACL::CANPUSH'), users, 'base')}}
</td>
<td class="users_col case_right_manage" title="{{ 'Manage collection' | trans }}">
{{_self.format_checkbox(app.getAuthenticatedUser(), rights, constant('\\ACL::MANAGE'), users, 'base')}}
{{_self.format_checkbox(app.getAuthenticatedUser(), rights, constant('\\ACL::COLL_MANAGE'), users, 'base')}}
</td>
<td class="users_col case_right_modify" title="{{ 'Manage values lists' | trans }}">
{{_self.format_checkbox(app.getAuthenticatedUser(), rights, constant('\\ACL::MODIFY_STRUCT'), users, 'base')}}
{{_self.format_checkbox(app.getAuthenticatedUser(), rights, constant('\\ACL::COLL_MODIFY_STRUCT'), users, 'base')}}
</td>
<td colspan="5">

4
templates/web/admin/editusers_quotas.html.twig
View File

@@ -5,8 +5,8 @@
{% for usr_id, data in datas %}
{% if restrict == -1 %}
{% set restrict = data['restrict_dwnld'] %}
{% elseif restrict != data['restrict_dwnld'] %}
{% set restrict = data[constant('\\ACL::RESTRICT_DWNLD')] %}
{% elseif restrict != data[constant('\\ACL::RESTRICT_DWNLD')] %}
{% set restrict = 2 %}
{% endif %}

2
templates/web/admin/publications/fiche.html.twig
View File

@@ -106,7 +106,7 @@
<div class="controls">
<select id="edit_pub_base_id" class="input-large" name="base_id" {% if feed.isPublic() %}disabled="disabled"{% endif %}>
<option value="">{{ 'Non-Restreinte (publique)' | trans }}</option>
{% for databox in app.getAclForUser(app.getAuthenticatedUser()).get_granted_sbas('bas_chupub') %}
{% for databox in app.getAclForUser(app.getAuthenticatedUser()).get_granted_sbas(constant('\\ACL::BAS_CHUPUB')) %}
<optgroup label="{{ databox.get_label(app['locale']) }}">
{% for collection in databox.get_collections() %}
<option {% if feed.getBaseId() and feed.getCollection(app).get_base_id() == collection.get_base_id() %}selected="selected"{% endif %} value="{{ collection.get_base_id() }}">{{ collection.get_name() }}</option>

2
templates/web/admin/publications/list.html.twig
View File

@@ -23,7 +23,7 @@
<div class="controls">
<select id="add_pub_base_id" class="input-large" name="base_id">
<option value="">{{ 'Non-Restreinte (publique)' | trans }}</option>
{% for databox in app.getAclForUser(app.getAuthenticatedUser()).get_granted_sbas('bas_chupub') %}
{% for databox in app.getAclForUser(app.getAuthenticatedUser()).get_granted_sbas(constant('\\ACL::BAS_CHUPUB')) %}
<optgroup label="{{ databox.get_label(app['locale']) }}">
{% for collection in databox.get_collections() %}
<option value="{{ collection.get_base_id() }}">{{ collection.get_name() }}</option>

10
templates/web/admin/tree.html.twig
View File

@@ -51,7 +51,7 @@
</li>
{% endif %}
{% if app.getAclForUser(app.getAuthenticatedUser()).has_right('bas_chupub') %}
{% if app.getAclForUser(app.getAuthenticatedUser()).has_right(constant('\\ACL::BAS_CHUPUB')) %}
<li class="">
<a target="right" href="{{ path('admin_feeds_list') }}" class="ajax">
<img src="/assets/common/images/icons/rss16.png" />
@@ -60,7 +60,7 @@
</li>
{% endif %}
{% if app.getAclForUser(app.getAuthenticatedUser()).has_right('taskmanager') %}
{% if app.getAclForUser(app.getAuthenticatedUser()).has_right(constant('\\ACL::TASKMANAGER')) %}
<li class="{% if feature == 'taskmanager' %}selected{% endif %}">
<a target="right" href="{{ path('admin_tasks_list') }}" class="ajax">
<img src="/assets/admin/images/TaskManager.png" />
@@ -110,7 +110,7 @@
</div>
<ul>
{% if app.getAclForUser(app.getAuthenticatedUser()).has_right_on_sbas( sbas_id , 'bas_modify_struct') %}
{% if app.getAclForUser(app.getAuthenticatedUser()).has_right_on_sbas( sbas_id , constant('\\ACL::BAS_MODIFY_STRUCT')) %}
<li>
<a target="right" class="ajax" href="{{ path('database_display_stucture', { 'databox_id' : sbas_id }) }}">
<img src="/assets/common/images/icons/miniadjust01.gif"/>
@@ -168,8 +168,8 @@
{% for collection in databox.get_collections()|sort_collections %}
{% if (collection.get_base_id() in app.getAclForUser(app.getAuthenticatedUser()).get_granted_base([constant('\\ACL::CANADMIN')])|keys
or collection.get_base_id() in app.getAclForUser(app.getAuthenticatedUser()).get_granted_base([constant('\\ACL::MANAGE')])|keys
or collection.get_base_id() in app.getAclForUser(app.getAuthenticatedUser()).get_granted_base([constant('\\ACL::MODIFY_STRUCT')])|keys) %}
or collection.get_base_id() in app.getAclForUser(app.getAuthenticatedUser()).get_granted_base([constant('\\ACL::COLL_MANAGE')])|keys
or collection.get_base_id() in app.getAclForUser(app.getAuthenticatedUser()).get_granted_base([constant('\\ACL::COLL_MODIFY_STRUCT')])|keys) %}
{% if feature == 'collection' and featured == collection.get_base_id() %}
{% set coll_selected = true %}

2
templates/web/prod/Story/Create.html.twig
View File

@@ -2,7 +2,7 @@
<label>{{ 'Collection' | trans }}</label>
<select name="base_id">
{% for collection in app.getAclForUser(app.getAuthenticatedUser()).get_granted_base(['canaddrecord']) %}
{% for collection in app.getAclForUser(app.getAuthenticatedUser()).get_granted_base([constant('\\ACL::CANADDRECORD')]) %}
<option value="{{ collection.get_base_id() }}">{{ collection.get_databox().get_label(app['locale']) }} / {{ collection.get_label(app['locale']) }}</option>
{% endfor %}
</select>

6
templates/web/prod/WorkZone/Basket.html.twig
View File

@@ -29,18 +29,18 @@
</button>
{% endif %}
{% if app.getAclForUser(app.getAuthenticatedUser()).has_right('push') %}
{% if app.getAclForUser(app.getAuthenticatedUser()).has_right(constant('\\ACL::CANPUSH')) %}
<button class="ui-corner-all TOOL_pushdoc_btn basket_window" title="{{ 'action : push' | trans }}">
<img src="/assets/common/images/icons/push16.png"/>
</button>
{% endif %}
{% if app.getAclForUser(app.getAuthenticatedUser()).has_right('push') %}
{% if app.getAclForUser(app.getAuthenticatedUser()).has_right(constant('\\ACL::CANPUSH')) %}
<button class="ui-corner-all TOOL_feedback_btn basket_window" title="{{ 'Feedback' | trans }}">
<img src="/assets/common/images/icons/feedback16.png"/>
</button>
{% endif %}
{% if app.getAclForUser(app.getAuthenticatedUser()).has_right('bas_chupub') %}
{% if app.getAclForUser(app.getAuthenticatedUser()).has_right(constant('\\ACL::BAS_CHUPUB')) %}
<button class="ui-corner-all TOOL_bridge_btn basket_window" title="{{ 'action : bridge' | trans }}" data-href="{{ path("prod_bridge_manager") }}">
<img src="/assets/common/images/icons/door.png"/>
</button>

6
templates/web/prod/WorkZone/Story.html.twig
View File

@@ -29,18 +29,18 @@
</button>
{% endif %}
{% if app.getAclForUser(app.getAuthenticatedUser()).has_right('push') %}
{% if app.getAclForUser(app.getAuthenticatedUser()).has_right(constant('\\ACL::CANPUSH')) %}
<button class="ui-corner-all TOOL_pushdoc_btn story_window" title="{{ 'action : push' | trans }}">
<img src="/assets/common/images/icons/push16.png"/>
</button>
{% endif %}
{% if app.getAclForUser(app.getAuthenticatedUser()).has_right('push') %}
{% if app.getAclForUser(app.getAuthenticatedUser()).has_right(constant('\\ACL::CANPUSH')) %}
<button class="ui-corner-all TOOL_feedback_btn story_window" title="{{ 'Feedback' | trans }}">
<img src="/assets/common/images/icons/feedback16.png"/>
</button>
{% endif %}
{% if app.getAclForUser(app.getAuthenticatedUser()).has_right('bas_chupub') %}
{% if app.getAclForUser(app.getAuthenticatedUser()).has_right(cnstant('\\ACL::BAS_CHUPUB')) %}
<button class="ui-corner-all TOOL_bridge_btn story_window" title="{{ 'action : bridge' | trans }}" data-href="{{ path("prod_bridge_manager") }}">
<img src="/assets/common/images/icons/door.png"/>
</button>

2
templates/web/prod/preview/short_history.html.twig
View File

@@ -55,7 +55,7 @@
{{ 'report::Modification du document -- je ne me souviens plus de quoi...' | trans }}
{% endif %}
<span class="actor">
{% if app.getAclForUser(app.getAuthenticatedUser()).has_right_on_base(record.get_base_id(), 'canreport') %}
{% if app.getAclForUser(app.getAuthenticatedUser()).has_right_on_base(record.get_base_id(), constant('\\ACL::CANREPORT')) %}
{% if done['user'] and done['user'].getId() != app.getAuthenticatedUser().getId() %}
{% set user_infos = done['user'].getDisplayName() %}
{% trans with {'%user_infos%' : user_infos} %}report:: par %user_infos%{% endtrans %}

2
templates/web/prod/results/record.html.twig
View File

@@ -129,7 +129,7 @@
</div>
{% if app['conf'].get(['registry', 'actions', 'social-tools']) == 'all'
or (app['conf'].get(['registry', 'actions', 'social-tools']) == 'publishers'
and granted_on_databox(record.databoxId, 'bas_chupub')) %}
and granted_on_databox(record.databoxId, constant('\\ACL::BAS_CHUPUB'))) %}
{% if record.story is empty %}
<div title="" class="context-menu-item">
<div class="context-menu-item-inner"

6
templates/web/prod/toolbar.html.twig
View File

@@ -124,7 +124,7 @@
</span>
{% endif %}
{% if acl.has_right('push') and acl.has_right('bas_chupub') %}
{% if acl.has_right(constant('\\ACL::CANPUSH')) and acl.has_right(constant('\\ACL::BAS_CHUPUB')) %}
<span class="dropdownButton">
<div class="btn-group">
<button class="TOOL_pushdoc_btn default_action results_window btn btn-inverse">
@@ -173,7 +173,7 @@
</ul>
</div>
</span>
{% elseif acl.has_right('push') %}
{% elseif acl.has_right(constant('\\ACL::CANPUSH')) %}
<span class="dropdownButton">
<div class="btn-group">
<button class="TOOL_pushdoc_btn default_action results_window btn btn-inverse">
@@ -208,7 +208,7 @@
</ul>
</div>
</span>
{% elseif acl.has_right('bas_chupub') %}
{% elseif acl.has_right(constant('\\ACL::BAS_CHUPUB')) %}
<span class="dropdownButton">
<div class="btn-group">
<button class="TOOL_pushdoc_btn default_action results_window btn btn-inverse">

6
tests/Alchemy/Tests/Phrasea/Controller/Admin/DataboxTest.php
View File

@@ -138,7 +138,7 @@ class DataboxTest extends \PhraseanetAuthenticatedWebTestCase
'has_right_on_sbas'=> function (\PHPUnit_Framework_MockObject_MockObject $acl) {
$acl->expects($this->once())
->method('has_right_on_sbas')
->with($this->equalTo(self::$DI['collection']->get_sbas_id()), 'bas_modify_struct')
->with($this->equalTo(self::$DI['collection']->get_sbas_id()), \ACL::BAS_MODIFY_STRUCT)
->will($this->returnValue(false));
}
]);
@@ -157,7 +157,7 @@ class DataboxTest extends \PhraseanetAuthenticatedWebTestCase
'has_right_on_sbas'=> function (\PHPUnit_Framework_MockObject_MockObject $acl) {
$acl->expects($this->once())
->method('has_right_on_sbas')
->with($this->equalTo(self::$DI['collection']->get_sbas_id()), 'bas_modify_struct')
->with($this->equalTo(self::$DI['collection']->get_sbas_id()), \ACL::BAS_MODIFY_STRUCT)
->will($this->returnValue(true));
}
]);
@@ -191,7 +191,7 @@ class DataboxTest extends \PhraseanetAuthenticatedWebTestCase
'has_right_on_sbas'=> function (\PHPUnit_Framework_MockObject_MockObject $acl) {
$acl->expects($this->once())
->method('has_right_on_sbas')
->with($this->equalTo(self::$DI['collection']->get_sbas_id()), 'bas_modify_struct')
->with($this->equalTo(self::$DI['collection']->get_sbas_id()), \ACL::BAS_MODIFY_STRUCT)
->will($this->returnValue(true));
}
]);

8
tests/Alchemy/Tests/Phrasea/Controller/Admin/UsersTest.php
View File

@@ -342,10 +342,10 @@ class UsersTest extends \PhraseanetAuthenticatedWebTestCase
foreach (self::$DI['app']->getDataboxes() as $databox) {
$rights = [
'bas_manage' => '1'
, 'bas_modify_struct' => '1'
, 'bas_modif_th' => '1'
, 'bas_chupub' => '1'
\ACL::BAS_MANAGE => '1',
\ACL::BAS_MODIFY_STRUCT => '1',
\ACL::BAS_MODIF_TH => '1',
\ACL::BAS_CHUPUB => '1',
];
self::$DI['app']->getAclForUser($user)->update_rights_to_sbas($databox->get_sbas_id(), $rights);

4
tests/Alchemy/Tests/Phrasea/Controller/Prod/StoryTest.php
View File

@@ -18,7 +18,7 @@ class StoryTest extends \PhraseanetAuthenticatedWebTestCase
$route = "/prod/story/";
$collections = self::$DI['app']->getAclForUser(self::$DI['app']->getAuthenticatedUser())
->get_granted_base(['canaddrecord']);
->get_granted_base([\ACL::CANADDRECORD]);
$collection = array_shift($collections);
@@ -47,7 +47,7 @@ class StoryTest extends \PhraseanetAuthenticatedWebTestCase
$route = "/prod/story/";
$collections = self::$DI['app']->getAclForUser(self::$DI['app']->getAuthenticatedUser())
->get_granted_base(['canaddrecord']);
->get_granted_base([\ACL::CANADDRECORD]);
$collection = array_shift($collections);

4
tests/Alchemy/Tests/Phrasea/Controller/RecordsRequestTest.php
View File

@@ -79,7 +79,7 @@ class RecordsRequestTest extends \PhraseanetAuthenticatedTestCase
public function testSimpleWithoutSbasRights()
{
self::$DI['app']->getAclForUser(self::$DI['app']->getAuthenticatedUser())
->update_rights_to_sbas(self::$DI['record_2']->get_sbas_id(), ['bas_chupub' => 0]);
->update_rights_to_sbas(self::$DI['record_2']->get_sbas_id(), [\ACL::BAS_CHUPUB => 0]);
$request = new Request([
'lst' => implode(';', [
@@ -87,7 +87,7 @@ class RecordsRequestTest extends \PhraseanetAuthenticatedTestCase
])
]);
$records = RecordsRequest::fromRequest(self::$DI['app'], $request, false, [], ['bas_chupub']);
$records = RecordsRequest::fromRequest(self::$DI['app'], $request, false, [], [\ACL::BAS_CHUPUB]);
$this->assertEquals(0, count($records));
$this->assertEquals(1, count($records->received()));

52
tests/Alchemy/Tests/Phrasea/Model/Manipulator/ACLManipulatorTest.php
View File

@@ -20,10 +20,10 @@ class ACLManipulatorTest extends \PhraseanetTestCase
$databoxId = $databox->get_sbas_id();
$acl->update_rights_to_sbas($databoxId, [
'bas_manage' => '0',
'bas_modify_struct' => '0',
'bas_modif_th' => '0',
'bas_chupub' => '0'
\ACL::BAS_MANAGE => '0',
\ACL::BAS_MODIFY_STRUCT => '0',
\ACL::BAS_MODIF_TH => '0',
\ACL::BAS_CHUPUB => '0',
]);
foreach ($databox->get_collections() as $collection) {
@@ -32,24 +32,24 @@ class ACLManipulatorTest extends \PhraseanetTestCase
$acl->set_masks_on_base($baseId, '1', '1', '1', '1');
$acl->update_rights_to_base($baseId, [
\ACL::CANPUTINALBUM => '0',
\ACL::CANDWNLDHD => '0',
\ACL::CANPUTINALBUM => '0',
\ACL::CANDWNLDHD => '0',
'candwnldsubdef' => '0',
\ACL::NOWATERMARK => '0',
\ACL::CANDWNLDPREVIEW => '0',
\ACL::CANCMD => '0',
\ACL::CANADMIN => '0',
\ACL::CANREPORT => '0',
\ACL::CANPUSH => '0',
\ACL::NOWATERMARK => '0',
\ACL::CANDWNLDPREVIEW => '0',
\ACL::CANCMD => '0',
\ACL::CANADMIN => '0',
\ACL::CANREPORT => '0',
\ACL::CANPUSH => '0',
'creationdate' => '0',
\ACL::CANADDRECORD => '0',
\ACL::CANMODIFRECORD => '0',
\ACL::CANDELETERECORD => '0',
\ACL::CHGSTATUS => '0',
\ACL::IMGTOOLS => '0',
\ACL::MANAGE => '0',
\ACL::MODIFY_STRUCT => '0',
'bas_modify_struct' => '0'
\ACL::CANADDRECORD => '0',
\ACL::CANMODIFRECORD => '0',
\ACL::CANDELETERECORD => '0',
\ACL::CHGSTATUS => '0',
\ACL::IMGTOOLS => '0',
\ACL::COLL_MANAGE => '0',
\ACL::COLL_MODIFY_STRUCT => '0',
\ACL::BAS_MODIFY_STRUCT => '0'
]);
break 2;
@@ -65,10 +65,10 @@ class ACLManipulatorTest extends \PhraseanetTestCase
$this->fail("Need at least one collection");
}
$this->assertTrue($acl->has_right_on_sbas($databoxId, 'bas_manage'));
$this->assertTrue($acl->has_right_on_sbas($databoxId, 'bas_modify_struct'));
$this->assertTrue($acl->has_right_on_sbas($databoxId, 'bas_modif_th'));
$this->assertTrue($acl->has_right_on_sbas($databoxId, 'bas_chupub'));
$this->assertTrue($acl->has_right_on_sbas($databoxId, \ACL::BAS_MANAGE));
$this->assertTrue($acl->has_right_on_sbas($databoxId, \ACL::BAS_MODIFY_STRUCT));
$this->assertTrue($acl->has_right_on_sbas($databoxId, \ACL::BAS_MODIF_TH));
$this->assertTrue($acl->has_right_on_sbas($databoxId, \ACL::BAS_CHUPUB));
$this->assertTrue($acl->has_right_on_base($baseId, \ACL::CANPUTINALBUM));
$this->assertTrue($acl->has_right_on_base($baseId, \ACL::CANDWNLDHD));
@@ -83,8 +83,8 @@ class ACLManipulatorTest extends \PhraseanetTestCase
$this->assertTrue($acl->has_right_on_base($baseId, \ACL::CANDELETERECORD));
$this->assertTrue($acl->has_right_on_base($baseId, \ACL::CHGSTATUS));
$this->assertTrue($acl->has_right_on_base($baseId, \ACL::IMGTOOLS));
$this->assertTrue($acl->has_right_on_base($baseId, \ACL::MANAGE));
$this->assertTrue($acl->has_right_on_base($baseId, \ACL::MODIFY_STRUCT));
$this->assertTrue($acl->has_right_on_base($baseId, \ACL::COLL_MANAGE));
$this->assertTrue($acl->has_right_on_base($baseId, \ACL::COLL_MODIFY_STRUCT));
$this->assertEquals(0, $acl->get_limits($baseId));
$this->assertEquals(0, $acl->get_limits($acl->get_mask_xor($baseId)));

60
tests/classes/ACLTest.php
View File

@@ -341,54 +341,54 @@ class ACLTest extends \PhraseanetTestCase
$databox = self::$DI['collection']->get_databox();
$this->object->give_access_to_sbas([$databox->get_sbas_id()]);
$this->object->update_rights_to_sbas($databox->get_sbas_id(), [
'bas_modify_struct' => false,
'bas_modif_th' => false,
\ACL::BAS_MODIFY_STRUCT => false,
\ACL::BAS_MODIF_TH => false,
]);
$this->assertFalse($this->object->has_right('bas_modify_struct'));
$this->assertFalse($this->object->has_right('bas_modif_th'));
$this->assertFalse($this->object->has_right(\ACL::BAS_MODIFY_STRUCT ));
$this->assertFalse($this->object->has_right(\ACL::BAS_MODIF_TH));
$this->object->update_rights_to_sbas($databox->get_sbas_id(), [
'bas_modify_struct' => true,
\ACL::BAS_MODIFY_STRUCT => true,
]);
$this->assertTrue($this->object->has_right('bas_modify_struct'));
$this->assertFalse($this->object->has_right('bas_modif_th'));
$this->assertTrue($this->object->has_right(\ACL::BAS_MODIFY_STRUCT ));
$this->assertFalse($this->object->has_right(\ACL::BAS_MODIF_TH));
}
public function testHasRightOnSbas()
{
$rights_false = [
'bas_modify_struct' => false,
'bas_manage' => false,
'bas_chupub' => false,
'bas_modif_th' => false,
\ACL::BAS_MODIFY_STRUCT => false,
\ACL::BAS_MANAGE => false,
\ACL::BAS_CHUPUB => false,
\ACL::BAS_MODIF_TH => false,
];
$rights_true = [
'bas_modify_struct' => true,
'bas_manage' => true,
'bas_chupub' => true,
'bas_modif_th' => true,
\ACL::BAS_MODIFY_STRUCT => true,
\ACL::BAS_MANAGE => true,
\ACL::BAS_CHUPUB => true,
\ACL::BAS_MODIF_TH => true,
];
foreach (self::$DI['app']->getDataboxes() as $databox) {
$this->object->give_access_to_sbas([$databox->get_sbas_id()]);
$this->object->update_rights_to_sbas($databox->get_sbas_id(), $rights_false);
$this->assertFalse($this->object->has_right_on_sbas($databox->get_sbas_id(), 'bas_modify_struct'));
$this->assertFalse($this->object->has_right_on_sbas($databox->get_sbas_id(), 'bas_manage'));
$this->assertFalse($this->object->has_right_on_sbas($databox->get_sbas_id(), 'bas_chupub'));
$this->assertFalse($this->object->has_right_on_sbas($databox->get_sbas_id(), 'bas_modif_th'));
$this->assertFalse($this->object->has_right_on_sbas($databox->get_sbas_id(), \ACL::BAS_MODIFY_STRUCT));
$this->assertFalse($this->object->has_right_on_sbas($databox->get_sbas_id(), \ACL::BAS_MANAGE));
$this->assertFalse($this->object->has_right_on_sbas($databox->get_sbas_id(), \ACL::BAS_CHUPUB));
$this->assertFalse($this->object->has_right_on_sbas($databox->get_sbas_id(), \ACL::BAS_MODIF_TH));
$this->object->update_rights_to_sbas($databox->get_sbas_id(), $rights_true);
$this->assertTrue($this->object->has_right_on_sbas($databox->get_sbas_id(), 'bas_modify_struct'));
$this->assertTrue($this->object->has_right_on_sbas($databox->get_sbas_id(), 'bas_manage'));
$this->assertTrue($this->object->has_right_on_sbas($databox->get_sbas_id(), 'bas_chupub'));
$this->assertTrue($this->object->has_right_on_sbas($databox->get_sbas_id(), 'bas_modif_th'));
$this->assertTrue($this->object->has_right_on_sbas($databox->get_sbas_id(), \ACL::BAS_MODIFY_STRUCT));
$this->assertTrue($this->object->has_right_on_sbas($databox->get_sbas_id(), \ACL::BAS_MANAGE));
$this->assertTrue($this->object->has_right_on_sbas($databox->get_sbas_id(), \ACL::BAS_CHUPUB));
$this->assertTrue($this->object->has_right_on_sbas($databox->get_sbas_id(), \ACL::BAS_MODIF_TH));
$this->object->update_rights_to_sbas($databox->get_sbas_id(), $rights_false);
$this->assertFalse($this->object->has_right_on_sbas($databox->get_sbas_id(), 'bas_modify_struct'));
$this->assertFalse($this->object->has_right_on_sbas($databox->get_sbas_id(), 'bas_manage'));
$this->assertFalse($this->object->has_right_on_sbas($databox->get_sbas_id(), 'bas_chupub'));
$this->assertFalse($this->object->has_right_on_sbas($databox->get_sbas_id(), 'bas_modif_th'));
$this->assertFalse($this->object->has_right_on_sbas($databox->get_sbas_id(), \ACL::BAS_MODIFY_STRUCT));
$this->assertFalse($this->object->has_right_on_sbas($databox->get_sbas_id(), \ACL::BAS_MANAGE));
$this->assertFalse($this->object->has_right_on_sbas($databox->get_sbas_id(), \ACL::BAS_CHUPUB));
$this->assertFalse($this->object->has_right_on_sbas($databox->get_sbas_id(), \ACL::BAS_MODIF_TH));
}
}
@@ -568,7 +568,7 @@ class ACLTest extends \PhraseanetTestCase
foreach ($databox->get_collections() as $collection) {
$base_id = $collection->get_base_id();
$base_ids[] = $base_id;
$this->object->update_rights_to_base($base_id, ['canreport' => true]);
$this->object->update_rights_to_base($base_id, [\ACL::CANREPORT => true]);
$found = true;
break;
}
@@ -580,7 +580,7 @@ class ACLTest extends \PhraseanetTestCase
$this->assertFalse($this->object->has_access_to_module('upload'));
foreach (self::$DI['app']->getDataboxes() as $databox) {
$this->object->update_rights_to_sbas($databox->get_sbas_id(), ['bas_modif_th' => true]);
$this->object->update_rights_to_sbas($databox->get_sbas_id(), [\ACL::BAS_MODIF_TH => true]);
$found = true;
}
$this->assertTrue($this->object->has_access_to_module('report'));
@@ -592,7 +592,7 @@ class ACLTest extends \PhraseanetTestCase
foreach ($databox->get_collections() as $collection) {
$base_id = $collection->get_base_id();
$base_ids[] = $base_id;
$this->object->update_rights_to_base($base_id, ['canaddrecord' => true]);
$this->object->update_rights_to_base($base_id, [\ACL::CANADDRECORD => true]);
$found = true;
break;
}

8
tests/classes/PhraseanetAuthenticatedWebTestCase.php
View File

@@ -109,10 +109,10 @@ abstract class PhraseanetAuthenticatedWebTestCase extends \PhraseanetAuthenticat
self::$createdDataboxes[] = $databox;
$rights = [
'bas_manage' => '1'
, 'bas_modify_struct' => '1'
, 'bas_modif_th' => '1'
, 'bas_chupub' => '1'
\ACL::BAS_MANAGE => '1',
\ACL::BAS_MODIFY_STRUCT => '1',
\ACL::BAS_MODIF_TH => '1',
\ACL::BAS_CHUPUB => '1'
];
$app->getAclForUser($app->getAuthenticatedUser())->update_rights_to_sbas($databox->get_sbas_id(), $rights);

38
tests/classes/PhraseanetTestCase.php
View File

@@ -572,10 +572,10 @@ abstract class PhraseanetTestCase extends WebTestCase
$app->getAclForUser($user)->delete_data_from_cache(\ACL::CACHE_RIGHTS_SBAS);
$rights = [
'bas_manage' => '1'
, 'bas_modify_struct' => '1'
, 'bas_modif_th' => '1'
, 'bas_chupub' => '1'
\ACL::BAS_MANAGE => '1',
\ACL::BAS_MODIFY_STRUCT => '1',
\ACL::BAS_MODIF_TH => '1',
\ACL::BAS_CHUPUB => '1'
];
$app->getAclForUser($user)->update_rights_to_sbas($databox->get_sbas_id(), $rights);
@@ -597,24 +597,24 @@ abstract class PhraseanetTestCase extends WebTestCase
$app->getAclForUser($user)->update_rights_to_base($base_id, [\ACL::ORDER_MASTER => true]);
$rights = [
\ACL::CANPUTINALBUM => '1',
\ACL::CANDWNLDHD => '1',
\ACL::CANPUTINALBUM => '1',
\ACL::CANDWNLDHD => '1',
'candwnldsubdef' => '1',
\ACL::NOWATERMARK => '1',
\ACL::CANDWNLDPREVIEW => '1',
\ACL::CANCMD => '1',
\ACL::CANADMIN => '1',
\ACL::CANREPORT => '1',
\ACL::CANPUSH => '1',
\ACL::CANDWNLDPREVIEW => '1',
\ACL::CANCMD => '1',
\ACL::CANADMIN => '1',
\ACL::CANREPORT => '1',
\ACL::CANPUSH => '1',
'creationdate' => '1',
\ACL::CANADDRECORD => '1',
\ACL::CANMODIFRECORD => '1',
\ACL::CANDELETERECORD => '1',
\ACL::CHGSTATUS => '1',
\ACL::IMGTOOLS => '1',
\ACL::MANAGE => '1',
\ACL::MODIFY_STRUCT => '1',
'bas_modify_struct' => '1'
\ACL::CANADDRECORD => '1',
\ACL::CANMODIFRECORD => '1',
\ACL::CANDELETERECORD => '1',
\ACL::CHGSTATUS => '1',
\ACL::IMGTOOLS => '1',
\ACL::COLL_MANAGE => '1',
\ACL::COLL_MODIFY_STRUCT => '1',
\ACL::BAS_MODIFY_STRUCT => '1'
];
$app->getAclForUser($user)->update_rights_to_base($collection->get_base_id(), $rights);

6
tests/classes/record/adapterTest.php
View File

@@ -54,7 +54,7 @@ class record_adapterTest extends \PhraseanetAuthenticatedTestCase
$acl = $this->stubACL();
$acl->expects($this->any())
->method('has_right')
->with($this->equalTo('order'))
->with($this->equalTo(\ACL::CANCMD))
->will($this->returnValue(true));
$acl->expects($this->any())
->method('has_access_to_record')
@@ -62,11 +62,11 @@ class record_adapterTest extends \PhraseanetAuthenticatedTestCase
->will($this->returnValue(true));
$acl->expects($this->any())
->method('has_right_on_base')
->with($this->isType(\PHPUnit_Framework_Constraint_IsType::TYPE_INT), $this->equalTo('cancmd'))
->with($this->isType(\PHPUnit_Framework_Constraint_IsType::TYPE_INT), $this->equalTo(\ACL::CANCMD))
->will($this->returnValue(true));
$acl->expects($this->any())
->method('has_right_on_sbas')
->with($this->isType(\PHPUnit_Framework_Constraint_IsType::TYPE_INT), $this->equalTo('cancmd'))
->with($this->isType(\PHPUnit_Framework_Constraint_IsType::TYPE_INT), $this->equalTo(\ACl::CANCMD))
->will($this->returnValue(true));
$app = $this->getApplication();