hazza/Phraseanet
1
0
Fork 0
mirror of https://github.com/alchemy-fr/Phraseanet.git synced 2025-10-10 11:33:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

PHRAS-508_acl-cache

Browse Source 
- wip
This commit is contained in:
Jean-Yves Gaulier
2016-10-20 19:36:26 +02:00
parent f4f85dc3b7
commit 6a2285f66d
72 changed files with 571 additions and 599 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
lib/Alchemy/Phrasea/Collection/CollectionService.php
View File

@@ -269,23 +269,23 @@ class CollectionService
public function grantAdminRights(CollectionReference $reference, User $user) public function grantAdminRights(CollectionReference $reference, User $user)
{ {
$rights = [ $rights = [
"canputinalbum" => "1", \ACL::CANPUTINALBUM => "1",
"candwnldhd" => "1", \ACL::CANDWNLDHD => "1",
"nowatermark" => "1", \ACL::NOWATERMARK => "1",
"candwnldpreview" => "1", \ACL::CANDWNLDPREVIEW => "1",
"cancmd" => "1", \ACL::CANCMD => "1",
"canadmin" => "1", \ACL::CANADMIN => "1",
"actif" => "1", \ACL::ACTIF => "1",
"canreport" => "1", \ACL::CANREPORT => "1",
"canpush" => "1", \ACL::CANPUSH => "1",
"basusr_infousr" => "", "basusr_infousr" => "",
"canaddrecord" => "1", \ACL::CANADDRECORD => "1",
"canmodifrecord" => "1", \ACL::CANMODIFRECORD => "1",
"candeleterecord" => "1", \ACL::CANDELETERECORD => "1",
"chgstatus" => "1", \ACL::CHGSTATUS => "1",
"imgtools" => "1", \ACL::IMGTOOLS => "1",
"manage" => "1", \ACL::MANAGE => "1",
"modify_struct" => "1" \ACL::MODIFY_STRUCT => "1"
]; ];
$this->app->getAclForUser($user)->update_rights_to_base($reference->getBaseId(), $rights); $this->app->getAclForUser($user)->update_rights_to_base($reference->getBaseId(), $rights);
@@ -318,18 +318,28 @@ class CollectionService
$userQuery = $factory(); $userQuery = $factory();
$result = $userQuery->on_base_ids([ $reference->getBaseId()] ) $result = $userQuery->on_base_ids([ $reference->getBaseId()] )
->who_have_right(['order_master']) ->who_have_right([\ACL::ORDER_MASTER])
->execute()->get_results(); ->execute()->get_results();
/** @var ACLProvider $acl */ /** @var ACLProvider $acl */
$acl = $this->app['acl']; $acl = $this->app['acl'];
foreach ($result as $user) { foreach ($result as $user) {
$acl->get($user)->update_rights_to_base($reference->getBaseId(), ['order_master' => false]); $acl->get($user)->update_rights_to_base(
$reference->getBaseId(),
[
\ACL::ORDER_MASTER => false
]
);
} }
foreach ($admins as $admin) { foreach ($admins as $admin) {
$acl->get($admin)->update_rights_to_base($reference->getBaseId(), ['order_master' => true]); $acl->get($admin)->update_rights_to_base(
$reference->getBaseId(),
[
\ACL::ORDER_MASTER => true
]
);
} }
$conn->commit(); $conn->commit();

4
lib/Alchemy/Phrasea/Controller/Admin/CollectionController.php
View File

@@ -46,10 +46,10 @@ class CollectionController extends Controller
$admins = []; $admins = [];
if ($this->getAclForUser()->has_right_on_base($bas_id, 'manage')) { if ($this->getAclForUser()->has_right_on_base($bas_id, \ACL::COLL_MANAGE)) {
$query = $this->createUserQuery(); $query = $this->createUserQuery();
$admins = $query->on_base_ids([$bas_id]) $admins = $query->on_base_ids([$bas_id])
->who_have_right(['order_master']) ->who_have_right([\ACL::ORDER_MASTER])
->execute() ->execute()
->get_results(); ->get_results();
} }

8
lib/Alchemy/Phrasea/Controller/Admin/UserController.php
View File

@@ -285,7 +285,7 @@ class UserController extends Controller
$on_base = $request->request->get('base_id') ? : null; $on_base = $request->request->get('base_id') ? : null;
$on_sbas = $request->request->get('sbas_id') ? : null; $on_sbas = $request->request->get('sbas_id') ? : null;
$eligible_users = $user_query->on_bases_where_i_am($this->getAclForConnectedUser(), ['canadmin']) $eligible_users = $user_query->on_bases_where_i_am($this->getAclForConnectedUser(), [\ACL::CANADMIN])
->like($like_field, $like_value) ->like($like_field, $like_value)
->on_base_ids($on_base) ->on_base_ids($on_base)
->on_sbas_ids($on_sbas); ->on_sbas_ids($on_sbas);
@@ -357,7 +357,7 @@ class UserController extends Controller
$userRegistrations = []; $userRegistrations = [];
/** @var RegistrationRepository $registrationRepository */ /** @var RegistrationRepository $registrationRepository */
$registrationRepository = $this->app['repo.registrations']; $registrationRepository = $this->app['repo.registrations'];
$collections = $this->getAclForConnectedUser()->get_granted_base(['canadmin']); $collections = $this->getAclForConnectedUser()->get_granted_base([\ACL::CANADMIN]);
$authenticatedUserId = $authenticatedUser->getId(); $authenticatedUserId = $authenticatedUser->getId();
foreach ($registrationRepository->getPendingRegistrations($collections) as $registration) { foreach ($registrationRepository->getPendingRegistrations($collections) as $registration) {
$user = $registration->getUser(); $user = $registration->getUser();
@@ -689,7 +689,7 @@ class UserController extends Controller
]); ]);
} }
$basList = array_keys($this->getAclForConnectedUser()->get_granted_base(['manage'])); $basList = array_keys($this->getAclForConnectedUser()->get_granted_base([\ACL::COLL_MANAGE]));
/** @var NativeQueryProvider $query */ /** @var NativeQueryProvider $query */
$query = $this->app['orm.em.native-query']; $query = $this->app['orm.em.native-query'];
$models = $query->getModelForUser($this->getAuthenticatedUser(), $basList); $models = $query->getModelForUser($this->getAuthenticatedUser(), $basList);
@@ -832,7 +832,7 @@ class UserController extends Controller
$this->getAclForUser($newUser)->apply_model( $this->getAclForUser($newUser)->apply_model(
$userRepository->find($model), $userRepository->find($model),
array_keys($this->getAclForConnectedUser()->get_granted_base(['manage'])) array_keys($this->getAclForConnectedUser()->get_granted_base([\ACL::COLL_MANAGE]))
); );
$nbCreation++; $nbCreation++;

20
lib/Alchemy/Phrasea/Controller/Api/V1Controller.php
View File

@@ -485,7 +485,7 @@ class V1Controller extends Controller
{ {
$userQuery = new \User_Query($this->app); $userQuery = new \User_Query($this->app);
$orderMasters = $userQuery->on_base_ids([ $collection->get_base_id() ] ) $orderMasters = $userQuery->on_base_ids([ $collection->get_base_id() ] )
->who_have_right(['order_master']) ->who_have_right([\ACL::ORDER_MASTER])
->execute() ->execute()
->get_results() ->get_results()
->map(function (User $user) { ->map(function (User $user) {
@@ -1034,7 +1034,7 @@ class V1Controller extends Controller
return null; return null;
} }
if ($media->get_name() === 'document' if ($media->get_name() === 'document'
&& !$acl->has_right_on_base($record->getBaseId(), 'candwnldhd') && !$acl->has_right_on_base($record->getBaseId(), \ACL::CANDWNLDHD)
&& !$acl->has_hd_grant($record) && !$acl->has_hd_grant($record)
) { ) {
return null; return null;
@@ -2769,9 +2769,11 @@ class V1Controller extends Controller
$user = $this->getApiAuthenticatedUser(); $user = $this->getApiAuthenticatedUser();
$acl = $this->getAclForUser($user); $acl = $this->getAclForUser($user);
if (! $acl->has_access_to_module('admin') || ! $acl->has_right('manageusers')) { if (! $acl->has_access_to_module('admin') || ! $acl->has_right(\ACL::CANADMIN)) {
return Result::createError($request, 401, 'You are not authorized')->createResponse(); return Result::createError($request, 401, 'You are not authorized')->createResponse();
} }
return null;
} }
public function ensureAccessToDatabox(Request $request) public function ensureAccessToDatabox(Request $request)
@@ -2813,7 +2815,7 @@ class V1Controller extends Controller
public function ensureCanModifyRecord(Request $request) public function ensureCanModifyRecord(Request $request)
{ {
$user = $this->getApiAuthenticatedUser(); $user = $this->getApiAuthenticatedUser();
if (!$this->getAclForUser($user)->has_right('modifyrecord')) { if (!$this->getAclForUser($user)->has_right(\ACL::CANMODIFRECORD)) {
return Result::createError($request, 401, 'You are not authorized')->createResponse(); return Result::createError($request, 401, 'You are not authorized')->createResponse();
} }
@@ -2825,7 +2827,7 @@ class V1Controller extends Controller
$user = $this->getApiAuthenticatedUser(); $user = $this->getApiAuthenticatedUser();
$record = $this->findDataboxById($request->attributes->get('databox_id')) $record = $this->findDataboxById($request->attributes->get('databox_id'))
->get_record($request->attributes->get('record_id')); ->get_record($request->attributes->get('record_id'));
if (!$this->getAclForUser($user)->has_right_on_base($record->getBaseId(), 'chgstatus')) { if (!$this->getAclForUser($user)->has_right_on_base($record->getBaseId(), \ACL::CHGSTATUS)) {
return Result::createError($request, 401, 'You are not authorized')->createResponse(); return Result::createError($request, 401, 'You are not authorized')->createResponse();
} }
@@ -2849,9 +2851,9 @@ class V1Controller extends Controller
$record = $this->findDataboxById($request->attributes->get('databox_id')) $record = $this->findDataboxById($request->attributes->get('databox_id'))
->get_record($request->attributes->get('record_id')); ->get_record($request->attributes->get('record_id'));
// TODO: Check comparison. seems to be a mismatch // TODO: Check comparison. seems to be a mismatch
if ((!$this->getAclForUser($user)->has_right('addrecord') if ((!$this->getAclForUser($user)->has_right(\ACL::CANADDRECORD)
&& !$this->getAclForUser($user)->has_right('deleterecord')) && !$this->getAclForUser($user)->has_right(\ACL::CANDELETERECORD))
|| !$this->getAclForUser($user)->has_right_on_base($record->getBaseId(), 'candeleterecord') || !$this->getAclForUser($user)->has_right_on_base($record->getBaseId(), \ACL::CANDELETERECORD)
) { ) {
return Result::createError($request, 401, 'You are not authorized')->createResponse(); return Result::createError($request, 401, 'You are not authorized')->createResponse();
} }
@@ -2865,7 +2867,7 @@ class V1Controller extends Controller
$record = $this->findDataboxById($request->attributes->get('databox_id')) $record = $this->findDataboxById($request->attributes->get('databox_id'))
->get_record($request->attributes->get('record_id')); ->get_record($request->attributes->get('record_id'));
if (!$this->getAclForUser($user)->has_right_on_base($record->getBaseId(), 'candeleterecord')) { if (!$this->getAclForUser($user)->has_right_on_base($record->getBaseId(), \ACL::CANDELETERECORD)) {
return Result::createError($request, 401, 'You are not authorized')->createResponse(); return Result::createError($request, 401, 'You are not authorized')->createResponse();
} }

8
lib/Alchemy/Phrasea/Controller/Prod/EditController.php
View File

@@ -38,7 +38,7 @@ class EditController extends Controller
$this->app, $this->app,
$request, $request,
RecordsRequest::FLATTEN_YES_PRESERVE_STORIES, RecordsRequest::FLATTEN_YES_PRESERVE_STORIES,
['canmodifrecord'] [\ACL::CANMODIFRECORD]
); );
$thesaurus = false; $thesaurus = false;
@@ -120,7 +120,7 @@ class EditController extends Controller
} }
// generate javascript status // generate javascript status
if ($this->getAclForUser()->has_right('changestatus')) { if ($this->getAclForUser()->has_right(\ACL::CHGSTATUS)) {
$statusStructure = $databox->getStatusStructure(); $statusStructure = $databox->getStatusStructure();
foreach ($statusStructure as $statbit) { foreach ($statusStructure as $statbit) {
$bit = $statbit['bit']; $bit = $statbit['bit'];
@@ -156,7 +156,7 @@ class EditController extends Controller
]; ];
$elements[$indice]['statbits'] = []; $elements[$indice]['statbits'] = [];
if ($this->getAclForUser()->has_right_on_base($record->getBaseId(), 'chgstatus')) { if ($this->getAclForUser()->has_right_on_base($record->getBaseId(), \ACL::CHGSTATUS)) {
foreach ($status as $n => $s) { foreach ($status as $n => $s) {
$tmp_val = substr(strrev($record->getStatus()), $n, 1); $tmp_val = substr(strrev($record->getStatus()), $n, 1);
$elements[$indice]['statbits'][$n]['value'] = ($tmp_val == '1') ? '1' : '0'; $elements[$indice]['statbits'][$n]['value'] = ($tmp_val == '1') ? '1' : '0';
@@ -273,7 +273,7 @@ class EditController extends Controller
public function applyAction(Request $request) { public function applyAction(Request $request) {
$records = RecordsRequest::fromRequest($this->app, $request, RecordsRequest::FLATTEN_YES_PRESERVE_STORIES, ['canmodifrecord']); $records = RecordsRequest::fromRequest($this->app, $request, RecordsRequest::FLATTEN_YES_PRESERVE_STORIES, [\ACL::CANMODIFRECORD]);
$databoxes = $records->databoxes(); $databoxes = $records->databoxes();
if (count($databoxes) !== 1) { if (count($databoxes) !== 1) {

8
lib/Alchemy/Phrasea/Controller/Prod/PropertyController.php
View File

@@ -28,7 +28,7 @@ class PropertyController extends Controller
$this->app->abort(400); $this->app->abort(400);
} }
$records = RecordsRequest::fromRequest($this->app, $request, false, ['chgstatus']); $records = RecordsRequest::fromRequest($this->app, $request, false, [\ACL::CHGSTATUS]);
$databoxes = $records->databoxes(); $databoxes = $records->databoxes();
if (count($databoxes) > 1) { if (count($databoxes) > 1) {
@@ -81,7 +81,7 @@ class PropertyController extends Controller
$this->app->abort(400); $this->app->abort(400);
} }
$records = RecordsRequest::fromRequest($this->app, $request, false, ['canmodifrecord']); $records = RecordsRequest::fromRequest($this->app, $request, false, [\ACL::CANMODIFRECORD]);
$recordsType = []; $recordsType = [];
@@ -115,7 +115,7 @@ class PropertyController extends Controller
public function changeStatus(Request $request) public function changeStatus(Request $request)
{ {
$applyStatusToChildren = $request->request->get('apply_to_children', []); $applyStatusToChildren = $request->request->get('apply_to_children', []);
$records = RecordsRequest::fromRequest($this->app, $request, false, ['chgstatus']); $records = RecordsRequest::fromRequest($this->app, $request, false, [\ACL::CHGSTATUS]);
$updated = []; $updated = [];
$postStatus = (array) $request->request->get('status'); $postStatus = (array) $request->request->get('status');
@@ -149,7 +149,7 @@ class PropertyController extends Controller
public function changeType(Request $request) public function changeType(Request $request)
{ {
$typeLst = $request->request->get('types', []); $typeLst = $request->request->get('types', []);
$records = RecordsRequest::fromRequest($this->app, $request, false, ['canmodifrecord']); $records = RecordsRequest::fromRequest($this->app, $request, false, [\ACL::CANMODIFRECORD]);
$mimeLst = $request->request->get('mimes', []); $mimeLst = $request->request->get('mimes', []);
$forceType = $request->request->get('force_types', ''); $forceType = $request->request->get('force_types', '');
$updated = []; $updated = [];

2
lib/Alchemy/Phrasea/Controller/Prod/PushController.php
View File

@@ -431,7 +431,7 @@ class PushController extends Controller
$result = ['success' => false, 'message' => '', 'user' => null]; $result = ['success' => false, 'message' => '', 'user' => null];
try { try {
if (!$this->getAclForUser($this->getAuthenticatedUser())->has_right('manageusers')) if (!$this->getAclForUser($this->getAuthenticatedUser())->has_right(\ACL::CANADMIN))
throw new ControllerException($this->app->trans('You are not allowed to add users')); throw new ControllerException($this->app->trans('You are not allowed to add users'));
if (!$request->request->get('firstname')) if (!$request->request->get('firstname'))

17
lib/Alchemy/Phrasea/Controller/Prod/RecordController.php
View File

@@ -121,9 +121,11 @@ class RecordController extends Controller
public function doDeleteRecords(Request $request) public function doDeleteRecords(Request $request)
{ {
$flatten = (bool)($request->request->get('del_children')) ? RecordsRequest::FLATTEN_YES_PRESERVE_STORIES : RecordsRequest::FLATTEN_NO; $flatten = (bool)($request->request->get('del_children')) ? RecordsRequest::FLATTEN_YES_PRESERVE_STORIES : RecordsRequest::FLATTEN_NO;
$records = RecordsRequest::fromRequest($this->app, $request, $flatten, [ $records = RecordsRequest::fromRequest(
'candeleterecord' $this->app,
]); $request,$flatten,
[\ACL::CANDELETERECORD]
);
$basketElementsRepository = $this->getBasketElementRepository(); $basketElementsRepository = $this->getBasketElementRepository();
$StoryWZRepository = $this->getStoryWorkZoneRepository(); $StoryWZRepository = $this->getStoryWorkZoneRepository();
@@ -166,9 +168,12 @@ class RecordController extends Controller
*/ */
public function whatCanIDelete(Request $request) public function whatCanIDelete(Request $request)
{ {
$records = RecordsRequest::fromRequest($this->app, $request, !!$request->request->get('del_children'), [ $records = RecordsRequest::fromRequest(
'candeleterecord', $this->app,
]); $request,
!!$request->request->get('del_children'),
[\ACL::CANDELETERECORD]
);
return $this->render('prod/actions/delete_records_confirm.html.twig', [ return $this->render('prod/actions/delete_records_confirm.html.twig', [
'records' => $records, 'records' => $records,

6
lib/Alchemy/Phrasea/Controller/Prod/StoryController.php
View File

@@ -109,7 +109,7 @@ class StoryController extends Controller
{ {
$Story = new \record_adapter($this->app, $sbas_id, $record_id); $Story = new \record_adapter($this->app, $sbas_id, $record_id);
if (!$this->getAclForUser()->has_right_on_base($Story->getBaseId(), 'canmodifrecord')) { if (!$this->getAclForUser()->has_right_on_base($Story->getBaseId(), \ACL::CANMODIFRECORD)) {
throw new AccessDeniedHttpException('You can not add document to this Story'); throw new AccessDeniedHttpException('You can not add document to this Story');
} }
@@ -145,7 +145,7 @@ class StoryController extends Controller
$story = new \record_adapter($this->app, $sbas_id, $record_id); $story = new \record_adapter($this->app, $sbas_id, $record_id);
$record = new \record_adapter($this->app, $child_sbas_id, $child_record_id); $record = new \record_adapter($this->app, $child_sbas_id, $child_record_id);
if (!$this->getAclForUser()->has_right_on_base($story->getBaseId(), 'canmodifrecord')) { if (!$this->getAclForUser()->has_right_on_base($story->getBaseId(), \ACL::CANMODIFRECORD)) {
throw new AccessDeniedHttpException('You can not add document to this Story'); throw new AccessDeniedHttpException('You can not add document to this Story');
} }
@@ -188,7 +188,7 @@ class StoryController extends Controller
throw new \Exception('This is not a story'); throw new \Exception('This is not a story');
} }
if (!$this->getAclForUser()->has_right_on_base($story->getBaseId(), 'canmodifrecord')) { if (!$this->getAclForUser()->has_right_on_base($story->getBaseId(), \ACL::CANMODIFRECORD)) {
throw new ControllerException($this->app->trans('You can not edit this story')); throw new ControllerException($this->app->trans('You can not edit this story'));
} }

14
lib/Alchemy/Phrasea/Controller/Prod/ToolsController.php
View File

@@ -52,8 +52,8 @@ class ToolsController extends Controller
$acl = $this->getAclForUser(); $acl = $this->getAclForUser();
if ($acl->has_right('bas_chupub') if ($acl->has_right('bas_chupub')
&& $acl->has_right_on_base($record->getBaseId(), 'canmodifrecord') && $acl->has_right_on_base($record->getBaseId(), \ACL::CANMODIFRECORD)
&& $acl->has_right_on_base($record->getBaseId(), 'imgtools') && $acl->has_right_on_base($record->getBaseId(), \ACL::IMGTOOLS)
) { ) {
$databoxSubdefs = $record->getDatabox()->get_subdef_structure()->getSubdefGroup($record->getType()); $databoxSubdefs = $record->getDatabox()->get_subdef_structure()->getSubdefGroup($record->getType());
@@ -64,7 +64,7 @@ class ToolsController extends Controller
} }
if ('document' == $subdefName) { if ('document' == $subdefName) {
if (!$acl->has_right_on_base($record->getBaseId(), 'candwnldhd')) { if (!$acl->has_right_on_base($record->getBaseId(), \ACL::CANDWNLDHD)) {
continue; continue;
} }
$label = $this->app->trans('prod::tools: document'); $label = $this->app->trans('prod::tools: document');
@@ -147,7 +147,7 @@ class ToolsController extends Controller
$force = $request->request->get('force_substitution') == '1'; $force = $request->request->get('force_substitution') == '1';
$selection = RecordsRequest::fromRequest($this->app, $request, false, array('canmodifrecord')); $selection = RecordsRequest::fromRequest($this->app, $request, false, [\ACL::CANMODIFRECORD]);
foreach ($selection as $record) { foreach ($selection as $record) {
$substituted = false; $substituted = false;
@@ -341,9 +341,9 @@ class ToolsController extends Controller
$acl = $this->getAclForUser(); $acl = $this->getAclForUser();
if (!$acl->has_right('bas_chupub') if (!$acl->has_right('bas_chupub')
|| !$acl->has_right_on_base($record->getBaseId(), 'canmodifrecord') || !$acl->has_right_on_base($record->getBaseId(), \ACL::CANMODIFRECORD)
|| !$acl->has_right_on_base($record->getBaseId(), 'imgtools') || !$acl->has_right_on_base($record->getBaseId(), \ACL::IMGTOOLS)
|| ('document' == $subdefName && !$acl->has_right_on_base($record->getBaseId(), 'candwnldhd')) || ('document' == $subdefName && !$acl->has_right_on_base($record->getBaseId(), \ACL::CANDWNLDHD))
|| ('document' != $subdefName && !$acl->has_access_to_subdef($record, $subdefName)) || ('document' != $subdefName && !$acl->has_access_to_subdef($record, $subdefName))
) { ) {
$this->app->abort(403); $this->app->abort(403);

2
lib/Alchemy/Phrasea/ControllerProvider/Admin/Collection.php
View File

@@ -45,7 +45,7 @@ class Collection implements ControllerProviderInterface, ServiceProviderInterfac
$controllers->before(function (Request $request) use ($firewall) { $controllers->before(function (Request $request) use ($firewall) {
$firewall $firewall
->requireAccessToModule('admin') ->requireAccessToModule('admin')
->requireRightOnBase($request->attributes->get('bas_id'), 'canadmin'); ->requireRightOnBase($request->attributes->get('bas_id'), \ACL::CANADMIN);
}); });
$controllers->get('/{bas_id}/', 'controller.admin.collection:getCollection') $controllers->get('/{bas_id}/', 'controller.admin.collection:getCollection')

2
lib/Alchemy/Phrasea/ControllerProvider/Admin/Users.php
View File

@@ -43,7 +43,7 @@ class Users implements ControllerProviderInterface, ServiceProviderInterface
$controllers->before(function () use ($firewall) { $controllers->before(function () use ($firewall) {
$firewall->requireAccessToModule('admin') $firewall->requireAccessToModule('admin')
->requireRight('manageusers'); ->requireRight(\ACL::CANADMIN);
}); });
$controllers->match('/rights/', 'controller.admin.users:editRightsAction') $controllers->match('/rights/', 'controller.admin.users:editRightsAction')

2
lib/Alchemy/Phrasea/ControllerProvider/Prod/Edit.php
View File

@@ -47,7 +47,7 @@ class Edit implements ControllerProviderInterface, ServiceProviderInterface
$controllers->before(function () use ($firewall) { $controllers->before(function () use ($firewall) {
$firewall $firewall
->requireNotGuest() ->requireNotGuest()
->requireRight('modifyrecord'); ->requireRight(\ACL::CANMODIFRECORD);
}); });
$controllers->post('/', 'controller.prod.edit:submitAction'); $controllers->post('/', 'controller.prod.edit:submitAction');

2
lib/Alchemy/Phrasea/ControllerProvider/Prod/Lazaret.php
View File

@@ -53,7 +53,7 @@ class Lazaret implements ControllerProviderInterface, ServiceProviderInterface
$firewall = $this->getFirewall($app); $firewall = $this->getFirewall($app);
$controllers->before(function () use ($firewall) { $controllers->before(function () use ($firewall) {
$firewall->requireRight('addrecord'); $firewall->requireRight(\ACL::CANADDRECORD);
}); });
$controllers->get('/', 'controller.prod.lazaret:listElement') $controllers->get('/', 'controller.prod.lazaret:listElement')

4
lib/Alchemy/Phrasea/ControllerProvider/Prod/MoveCollection.php
View File

@@ -41,8 +41,8 @@ class MoveCollection implements ControllerProviderInterface, ServiceProviderInte
$controllers->before(function () use ($firewall) { $controllers->before(function () use ($firewall) {
$firewall $firewall
->requireRight('addrecord') ->requireRight(\ACL::CANADDRECORD)
->requireRight('deleterecord'); ->requireRight(\ACL::CANDELETERECORD);
}); });
$controllers->post('/', 'controller.prod.move-collection:displayForm') $controllers->post('/', 'controller.prod.move-collection:displayForm')

2
lib/Alchemy/Phrasea/ControllerProvider/Prod/Tools.php
View File

@@ -46,7 +46,7 @@ class Tools implements ControllerProviderInterface, ServiceProviderInterface
$firewall = $this->getFirewall($app); $firewall = $this->getFirewall($app);
$controllers->before(function () use ($firewall) { $controllers->before(function () use ($firewall) {
$firewall->requireRight('doctools'); $firewall->requireRight(\ACL::IMGTOOLS);
}); });
$controllers->get('/', 'controller.prod.tools:indexAction'); $controllers->get('/', 'controller.prod.tools:indexAction');

2
lib/Alchemy/Phrasea/ControllerProvider/Prod/Upload.php
View File

@@ -55,7 +55,7 @@ class Upload implements ControllerProviderInterface, ServiceProviderInterface
$firewall = $this->getFirewall($app); $firewall = $this->getFirewall($app);
$controllers->before(function () use ($firewall) { $controllers->before(function () use ($firewall) {
$firewall->requireRight('addrecord'); $firewall->requireRight(\ACL::CANADDRECORD);
}); });
$controllers->get('/', 'controller.prod.upload:getUploadForm') $controllers->get('/', 'controller.prod.upload:getUploadForm')

2
lib/Alchemy/Phrasea/Core/Event/Subscriber/OrderSubscriber.php
View File

@@ -48,7 +48,7 @@ class OrderSubscriber extends AbstractNotificationSubscriber
$query = $this->app['phraseanet.user-query']; $query = $this->app['phraseanet.user-query'];
/** @var User[] $users */ /** @var User[] $users */
$users = $query->on_base_ids($base_ids) $users = $query->on_base_ids($base_ids)
->who_have_right(['order_master']) ->who_have_right([\ACL::ORDER_MASTER])
->execute()->get_results(); ->execute()->get_results();
if (count($users) == 0) { if (count($users) == 0) {

44
lib/Alchemy/Phrasea/Helper/User/Edit.php
View File

@@ -71,7 +71,7 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
protected function delete_user(User $user) protected function delete_user(User $user)
{ {
$list = array_keys($this->app->getAclForUser($this->app->getAuthenticatedUser())->get_granted_base(['canadmin'])); $list = array_keys($this->app->getAclForUser($this->app->getAuthenticatedUser())->get_granted_base([\ACL::CANADMIN]));
$this->app->getAclForUser($user)->revoke_access_from_bases($list); $this->app->getAclForUser($user)->revoke_access_from_bases($list);
@@ -84,7 +84,7 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
public function get_users_rights() public function get_users_rights()
{ {
$list = array_keys($this->app->getAclForUser($this->app->getAuthenticatedUser())->get_granted_base(['canadmin'])); $list = array_keys($this->app->getAclForUser($this->app->getAuthenticatedUser())->get_granted_base([\ACL::CANADMIN]));
$sql = "SELECT $sql = "SELECT
b.sbas_id, b.sbas_id,
@@ -477,29 +477,29 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
public function apply_rights() public function apply_rights()
{ {
$ACL = $this->app->getAclForUser($this->app->getAuthenticatedUser()); $ACL = $this->app->getAclForUser($this->app->getAuthenticatedUser());
$base_ids = array_keys($ACL->get_granted_base(['canadmin'])); $base_ids = array_keys($ACL->get_granted_base([\ACL::CANADMIN]));
$update = $create = $delete = $create_sbas = $update_sbas = []; $update = $create = $delete = $create_sbas = $update_sbas = [];
foreach ($base_ids as $base_id) { foreach ($base_ids as $base_id) {
$rights = [ $rights = [
'access', 'access',
'actif', \ACL::ACTIF,
'canputinalbum', \ACL::CANPUTINALBUM,
'nowatermark', \ACL::NOWATERMARK,
'candwnldpreview', \ACL::CANDWNLDPREVIEW,
'candwnldhd', \ACL::CANDWNLDHD,
'cancmd', \ACL::CANCMD,
'canaddrecord', \ACL::CANADDRECORD,
'canmodifrecord', \ACL::CANMODIFRECORD,
'chgstatus', \ACL::CHGSTATUS,
'candeleterecord', \ACL::CANDELETERECORD,
'imgtools', \ACL::IMGTOOLS,
'canadmin', \ACL::CANADMIN,
'canreport', \ACL::CANREPORT,
'canpush', \ACL::CANPUSH,
'manage', \ACL::MANAGE,
'modify_struct' \ACL::MODIFY_STRUCT
]; ];
foreach ($rights as $k => $right) { foreach ($rights as $k => $right) {
if (($right == 'access' && !$ACL->has_access_to_base($base_id)) if (($right == 'access' && !$ACL->has_access_to_base($base_id))
@@ -688,7 +688,7 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
throw new AccessDeniedHttpException('You are not the owner of the template'); throw new AccessDeniedHttpException('You are not the owner of the template');
} }
$base_ids = array_keys($this->app->getAclForUser($this->app->getAuthenticatedUser())->get_granted_base(['canadmin'])); $base_ids = array_keys($this->app->getAclForUser($this->app->getAuthenticatedUser())->get_granted_base([\ACL::CANADMIN]));
foreach ($this->users as $usr_id) { foreach ($this->users as $usr_id) {
$user = $this->app['repo.users']->find($usr_id); $user = $this->app['repo.users']->find($usr_id);
@@ -744,7 +744,7 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
$activate = !!$this->request->get('limit'); $activate = !!$this->request->get('limit');
$base_ids = array_keys($this->app->getAclForUser($this->app->getAuthenticatedUser())->get_granted_base(['canadmin'])); $base_ids = array_keys($this->app->getAclForUser($this->app->getAuthenticatedUser())->get_granted_base([\ACL::CANADMIN]));
foreach ($this->users as $usr_id) { foreach ($this->users as $usr_id) {
$user = $this->app['repo.users']->find($usr_id); $user = $this->app['repo.users']->find($usr_id);
@@ -763,7 +763,7 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
public function resetRights() public function resetRights()
{ {
$base_ids = array_keys($this->app->getAclForUser($this->app->getAuthenticatedUser())->get_granted_base(['canadmin'])); $base_ids = array_keys($this->app->getAclForUser($this->app->getAuthenticatedUser())->get_granted_base([\ACL::CANADMIN]));
foreach ($this->users as $usr_id) { foreach ($this->users as $usr_id) {
$user = $this->app['repo.users']->find($usr_id); $user = $this->app['repo.users']->find($usr_id);

4
lib/Alchemy/Phrasea/Helper/User/Manage.php
View File

@@ -71,7 +71,7 @@ class Manage extends Helper
->last_model_is($this->query_parms['last_model']) ->last_model_is($this->query_parms['last_model'])
->get_inactives($this->query_parms['inactives']) ->get_inactives($this->query_parms['inactives'])
->include_templates(false) ->include_templates(false)
->on_bases_where_i_am($this->app->getAclForUser($this->app->getAuthenticatedUser()), ['canadmin']) ->on_bases_where_i_am($this->app->getAclForUser($this->app->getAuthenticatedUser()), [\ACL::CANADMIN])
->execute(); ->execute();
return $results->get_results(); return $results->get_results();
@@ -109,7 +109,7 @@ class Manage extends Helper
->last_model_is($this->query_parms['last_model']) ->last_model_is($this->query_parms['last_model'])
->get_inactives($this->query_parms['inactives']) ->get_inactives($this->query_parms['inactives'])
->include_templates(true) ->include_templates(true)
->on_bases_where_i_am($this->app->getAclForUser($this->app->getAuthenticatedUser()), ['canadmin']) ->on_bases_where_i_am($this->app->getAclForUser($this->app->getAuthenticatedUser()), [\ACL::CANADMIN])
->limit($offset_start, $results_quantity) ->limit($offset_start, $results_quantity)
->execute(); ->execute();

30
lib/Alchemy/Phrasea/Model/Manipulator/ACLManipulator.php
View File

@@ -101,23 +101,23 @@ class ACLManipulator implements ManipulatorInterface
$acl->remove_quotas_on_base($baseId); $acl->remove_quotas_on_base($baseId);
$acl->set_masks_on_base($baseId, '0', '0', '0', '0'); $acl->set_masks_on_base($baseId, '0', '0', '0', '0');
$acl->update_rights_to_base($baseId, [ $acl->update_rights_to_base($baseId, [
'canputinalbum' => '1', \ACL::CANPUTINALBUM => '1',
'candwnldhd' => '1', \ACL::CANDWNLDHD => '1',
'candwnldsubdef' => '1', 'candwnldsubdef' => '1',
'nowatermark' => '1', \ACL::NOWATERMARK => '1',
'candwnldpreview' => '1', \ACL::CANDWNLDPREVIEW => '1',
'cancmd' => '1', \ACL::CANCMD => '1',
'canadmin' => '1', \ACL::CANADMIN => '1',
'canreport' => '1', \ACL::CANREPORT => '1',
'canpush' => '1', \ACL::CANPUSH => '1',
'creationdate' => '1', 'creationdate' => '1',
'canaddrecord' => '1', \ACL::CANADDRECORD => '1',
'canmodifrecord' => '1', \ACL::CANMODIFRECORD => '1',
'candeleterecord' => '1', \ACL::CANDELETERECORD => '1',
'chgstatus' => '1', \ACL::CHGSTATUS => '1',
'imgtools' => '1', \ACL::IMGTOOLS => '1',
'manage' => '1', \ACL::MANAGE => '1',
'modify_struct' => '1', \ACL::MODIFY_STRUCT => '1',
'bas_modify_struct' => '1' 'bas_modify_struct' => '1'
]); ]);
} }

10
lib/Alchemy/Phrasea/Model/Manipulator/RegistrationManipulator.php
View File

@@ -82,11 +82,11 @@ class RegistrationManipulator implements ManipulatorInterface
$this->aclProvider->get($user)->give_access_to_sbas([$collection->get_sbas_id()]); $this->aclProvider->get($user)->give_access_to_sbas([$collection->get_sbas_id()]);
$this->aclProvider->get($user)->give_access_to_base([$collection->get_base_id()]); $this->aclProvider->get($user)->give_access_to_base([$collection->get_base_id()]);
$this->aclProvider->get($user)->update_rights_to_base($collection->get_base_id(), [ $this->aclProvider->get($user)->update_rights_to_base($collection->get_base_id(), [
'canputinalbum' => '1', \ACL::CANPUTINALBUM => '1',
'candwnldhd' => (string) (int) $grantHd, \ACL::CANDWNLDHD => (string) (int) $grantHd,
'nowatermark' => (string) (int) $grantWatermark, \ACL::NOWATERMARK => (string) (int) $grantWatermark,
'candwnldpreview' => '1', \ACL::CANDWNLDPREVIEW => '1',
'actif' => '1', \ACL::ACTIF => '1'
]); ]);
$this->em->remove($registration); $this->em->remove($registration);
$this->em->flush(); $this->em->flush();

50
lib/Alchemy/Phrasea/Model/NativeQueryProvider.php
View File

@@ -32,16 +32,13 @@ class NativeQueryProvider
$selectClause = $rsm->generateSelectClause(); $selectClause = $rsm->generateSelectClause();
return $this->em->createNativeQuery(" return $this->em->createNativeQuery(
SELECT d.date_modif AS date_demand, d.base_id AS base_demand, " . $selectClause . " "SELECT d.date_modif AS date_demand, d.base_id AS base_demand, " . $selectClause . "\n"
FROM (demand d INNER JOIN Users u ON d.usr_id=u.id . " FROM (demand d INNER JOIN Users u ON d.usr_id=u.id AND d.en_cours=1 AND u.deleted=0)\n"
AND d.en_cours=1 . " WHERE (base_id='" . implode("' OR base_id='", $basList) . "')\n"
AND u.deleted=0 . " ORDER BY d.usr_id DESC, d.base_id ASC",
) $rsm
WHERE (base_id='" . implode("' OR base_id='", $basList) . "') )->getResult();
ORDER BY d.usr_id DESC, d.base_id ASC
", $rsm)
->getResult();
} }
public function getModelForUser(User $user, array $basList) public function getModelForUser(User $user, array $basList)
@@ -51,14 +48,14 @@ class NativeQueryProvider
$selectClause = $rsm->generateSelectClause(); $selectClause = $rsm->generateSelectClause();
$query = $this->em->createNativeQuery(" $query = $this->em->createNativeQuery(
SELECT " . $selectClause . " "SELECT " . $selectClause . " FROM Users u INNER JOIN basusr b ON (b.usr_id=u.id)\n"
FROM Users u . " WHERE u.model_of = :user_id\n"
INNER JOIN basusr b ON (b.usr_id=u.id) . " AND b.base_id IN (" . implode(', ', $basList) . ")\n"
WHERE u.model_of = :user_id . " AND u.deleted='0'\n"
AND b.base_id IN (" . implode(', ', $basList) . ") . " GROUP BY u.id",
AND u.deleted='0' $rsm
GROUP BY u.id", $rsm); );
$query->setParameter(':user_id', $user->getId()); $query->setParameter(':user_id', $user->getId());
@@ -72,14 +69,15 @@ class NativeQueryProvider
$rsm->addScalarResult('base_id', 'base_id'); $rsm->addScalarResult('base_id', 'base_id');
$selectClause = $rsm->generateSelectClause(); $selectClause = $rsm->generateSelectClause();
$query = $this->em->createNativeQuery(' $query = $this->em->createNativeQuery(
SELECT b.base_id, '.$selectClause.' FROM Users u, basusr b "SELECT b.base_id, ".$selectClause." FROM Users u, basusr b\n"
WHERE u.id = b.usr_id . " WHERE u.id = b.usr_id\n"
AND b.base_id IN (' . implode(', ', $basList) . ') . " AND b.base_id IN (" . implode(', ', $basList) . ")\n"
AND u.model_of IS NULL . " AND u.model_of IS NULL\n"
AND b.actif="1" . " AND b.actif=1\n"
AND b.canadmin="1" . " AND b.canadmin=1\n"
AND u.deleted="0"', $rsm . " AND u.deleted=0",
$rsm
); );
return $query->getResult(); return $query->getResult();

2
lib/Alchemy/Phrasea/Order/Controller/ProdOrderController.php
View File

@@ -109,7 +109,7 @@ class ProdOrderController extends BaseOrderController
$sort = $request->query->get('sort'); $sort = $request->query->get('sort');
$baseIds = array_keys($this->getAclForUser()->get_granted_base(['order_master'])); $baseIds = array_keys($this->getAclForUser()->get_granted_base([\ACL::ORDER_MASTER]));
$ordersList = $this->getOrderRepository()->listOrders($baseIds, $offsetStart, $perPage, $sort); $ordersList = $this->getOrderRepository()->listOrders($baseIds, $offsetStart, $perPage, $sort);
$total = $this->getOrderRepository()->countTotalOrders($baseIds); $total = $this->getOrderRepository()->countTotalOrders($baseIds);

2
lib/Alchemy/Phrasea/Order/OrderValidator.php
View File

@@ -114,7 +114,7 @@ class OrderValidator
$element->getRecordId() $element->getRecordId()
); );
$acl->grant_hd_on($recordReference, $user, 'order'); $acl->grant_hd_on($recordReference, $user, \ACL::GRANT_ACTION_ORDER);
} }
} }

2
lib/Alchemy/Phrasea/Search/SubdefTransformer.php
View File

@@ -53,7 +53,7 @@ class SubdefTransformer extends TransformerAbstract
return null; return null;
} }
if ($media->get_name() === 'document' if ($media->get_name() === 'document'
&& !$acl->has_right_on_base($record->getBaseId(), 'candwnldhd') && !$acl->has_right_on_base($record->getBaseId(), \ACL::CANDWNLDHD)
&& !$acl->has_hd_grant($record) && !$acl->has_hd_grant($record)
) { ) {
return null; return null;

4
lib/Alchemy/Phrasea/SearchEngine/SearchEngineOptions.php
View File

@@ -639,9 +639,9 @@ class SearchEngineOptions
$options->onCollections($bas); $options->onCollections($bas);
if ($isAuthenticated && $acl->has_right('modifyrecord')) { if ($isAuthenticated && $acl->has_right(\ACL::CANMODIFRECORD)) {
$bf = array_filter($bas, function (\collection $collection) use ($acl) { $bf = array_filter($bas, function (\collection $collection) use ($acl) {
return $acl->has_right_on_base($collection->get_base_id(), 'canmodifrecord'); return $acl->has_right_on_base($collection->get_base_id(), \ACL::CANMODIFRECORD);
}); });
$options->allowBusinessFieldsOn($bf); $options->allowBusinessFieldsOn($bf);

2
lib/Alchemy/Phrasea/Security/Firewall.php
View File

@@ -146,7 +146,7 @@ class Firewall
public function requireOrdersAdmin() public function requireOrdersAdmin()
{ {
if (empty($this->app->getAclForUser($this->app->getAuthenticatedUser())->get_granted_base(['order_master']))) { if (empty($this->app->getAclForUser($this->app->getAuthenticatedUser())->get_granted_base([\ACL::ORDER_MASTER]))) {
$this->app->abort(403, 'You are not an order admin'); $this->app->abort(403, 'You are not an order admin');
} }

27
lib/Alchemy/Phrasea/Setup/Installer.php
View File

@@ -60,8 +60,10 @@ class Installer
->give_access_to_sbas([$databox->get_sbas_id()]) ->give_access_to_sbas([$databox->get_sbas_id()])
->update_rights_to_sbas( ->update_rights_to_sbas(
$databox->get_sbas_id(), [ $databox->get_sbas_id(), [
'bas_manage' => 1, 'bas_modify_struct' => 1, 'bas_manage' => 1,
'bas_modif_th' => 1, 'bas_chupub' => 1 'bas_modify_struct' => 1,
'bas_modif_th' => 1,
'bas_chupub' => 1
] ]
); );
@@ -69,11 +71,22 @@ class Installer
$this->app->getAclForUser($admin)->give_access_to_base([$collection->get_base_id()]); $this->app->getAclForUser($admin)->give_access_to_base([$collection->get_base_id()]);
$this->app->getAclForUser($admin)->update_rights_to_base($collection->get_base_id(), [ $this->app->getAclForUser($admin)->update_rights_to_base($collection->get_base_id(), [
'canpush' => 1, 'cancmd' => 1 \ACL::CANPUSH => 1,
, 'canputinalbum' => 1, 'candwnldhd' => 1, 'candwnldpreview' => 1, 'canadmin' => 1 \ACL::CANCMD => 1,
, 'actif' => 1, 'canreport' => 1, 'canaddrecord' => 1, 'canmodifrecord' => 1 \ACL::CANPUTINALBUM => 1,
, 'candeleterecord' => 1, 'chgstatus' => 1, 'imgtools' => 1, 'manage' => 1 \ACL::CANDWNLDHD => 1,
, 'modify_struct' => 1, 'nowatermark' => 1 \ACL::CANDWNLDPREVIEW => 1,
\ACL::CANADMIN => 1,
\ACL::ACTIF => 1,
\ACL::CANREPORT => 1,
\ACL::CANADDRECORD => 1,
\ACL::CANMODIFRECORD => 1,
\ACL::CANDELETERECORD => 1,
\ACL::CHGSTATUS => 1,
\ACL::IMGTOOLS => 1,
\ACL::MANAGE => 1,
\ACL::MODIFY_STRUCT => 1,
\ACL::NOWATERMARK => 1
] ]
); );

2
lib/Alchemy/Phrasea/Twig/PhraseanetExtension.php
View File

@@ -133,7 +133,7 @@ class PhraseanetExtension extends \Twig_Extension
$structure = $databox->getStatusStructure()->toArray(); $structure = $databox->getStatusStructure()->toArray();
if (!$this->isGrantedOnCollection($record->getBaseId(), 'chgstatus')) { if (!$this->isGrantedOnCollection($record->getBaseId(), \ACL::CHGSTATUS)) {
$structure = array_filter($structure, function($status) { $structure = array_filter($structure, function($status) {
return (bool) $status['printable']; return (bool) $status['printable'];
}); });

2
lib/Alchemy/Phrasea/Vocabulary/ControlProvider/UserProvider.php
View File

@@ -56,7 +56,7 @@ class UserProvider implements ControlProviderInterface
->like(\User_Query::LIKE_LOGIN, $query) ->like(\User_Query::LIKE_LOGIN, $query)
->like_match(\User_Query::LIKE_MATCH_OR) ->like_match(\User_Query::LIKE_MATCH_OR)
->include_phantoms(true) ->include_phantoms(true)
->on_bases_where_i_am($this->app->getAclForUser($for_user), ['canadmin']) ->on_bases_where_i_am($this->app->getAclForUser($for_user), [\ACL::CANADMIN])
->limit(0, 50) ->limit(0, 50)
->execute()->get_results(); ->execute()->get_results();

433
lib/classes/ACL.php
View File

@@ -32,25 +32,42 @@ use Doctrine\DBAL\DBALException;
class ACL implements cache_cacheableInterface class ACL implements cache_cacheableInterface
{ {
const ACTIF = 'actif';
const CANADDRECORD = 'canaddrecord';
const CANADMIN = 'canadmin';
const CANCMD = 'cancmd';
const CANDELETERECORD = 'candeleterecord';
const CANDWNLDHD = 'candwnldhd';
const CANDWNLDPREVIEW = 'candwnldpreview';
const CANMODIFRECORD = 'canmodifrecord';
const CANPUSH = 'canpush';
const CANPUTINALBUM = 'canputinalbum';
const CANREPORT = 'canreport';
const CHGSTATUS = 'chgstatus';
const IMGTOOLS = 'imgtools';
const COLL_MANAGE = 'manage';
const COLL_MODIFY_STRUCT = 'modify_struct';
const NOWATERMARK = 'nowatermark';
const ORDER_MASTER = 'order_master';
protected static $bas_rights = [ protected static $bas_rights = [
'actif', 'actif',
'canaddrecord', 'canaddrecord',
'canadmin', self::CANADMIN,
'cancmd', 'cancmd',
'candeleterecord', self::CANDELETERECORD,
'candwnldhd', self::CANDWNLDHD,
'candwnldpreview', self::CANDWNLDPREVIEW,
'canmodifrecord', self::CANMODIFRECORD,
'canpush', 'canpush',
'canputinalbum', self::CANPUTINALBUM,
'canreport', 'canreport',
'chgstatus', self::CHGSTATUS,
'imgtools', self::IMGTOOLS,
'manage', self::COLL_MANAGE,
'modify_struct', self::COLL_MODIFY_STRUCT,
'nowatermark', 'nowatermark',
'order_master', self::ORDER_MASTER,
]; ];
/** /**
@@ -89,23 +106,23 @@ class ACL implements cache_cacheableInterface
protected $is_admin; protected $is_admin;
protected $_global_rights = [ protected $_global_rights = [
'addrecord' => false, self::CANADDRECORD => false,
'addtoalbum' => false, self::CANPUTINALBUM => false,
'bas_chupub' => false, 'bas_chupub' => false,
'bas_manage' => false, 'bas_manage' => false,
'bas_modif_th' => false, 'bas_modif_th' => false,
'bas_modify_struct' => false, 'bas_modify_struct' => false,
'candwnldhd' => true, self::CANDWNLDHD => true,
'candwnldpreview' => true, 'candwnldpreview' => true,
'changestatus' => false, self::CHGSTATUS => false,
'coll_manage' => false, self::COLL_MANAGE => false,
'coll_modify_struct' => false, self::COLL_MODIFY_STRUCT => false,
'deleterecord' => false, self::CANDELETERECORD => false,
'doctools' => false, self::IMGTOOLS => false,
'manageusers' => false, self::CANADMIN => false,
'modifyrecord' => false, self::CANMODIFRECORD => false,
'order' => false, 'order' => false,
'order_master' => false, self::ORDER_MASTER => false,
'push' => false, 'push' => false,
'report' => false, 'report' => false,
'taskmanager' => false, 'taskmanager' => false,
@@ -124,6 +141,7 @@ class ACL implements cache_cacheableInterface
const CACHE_GLOBAL_RIGHTS = 'global_rights'; const CACHE_GLOBAL_RIGHTS = 'global_rights';
const GRANT_ACTION_PUSH = 'push'; const GRANT_ACTION_PUSH = 'push';
const GRANT_ACTION_VALIDATE = 'validate'; const GRANT_ACTION_VALIDATE = 'validate';
const GRANT_ACTION_ORDER = 'order';
/** /**
* Constructor * Constructor
@@ -179,17 +197,16 @@ class ACL implements cache_cacheableInterface
public function grant_hd_on(RecordReferenceInterface $record, User $pusher, $action) public function grant_hd_on(RecordReferenceInterface $record, User $pusher, $action)
{ {
$sql = 'REPLACE INTO records_rights $sql = "REPLACE INTO records_rights\n"
(id, usr_id, sbas_id, record_id, document, `case`, pusher_usr_id) . "(id, usr_id, sbas_id, record_id, document, `case`, pusher_usr_id)\n"
VALUES . "VALUES (null, :usr_id, :sbas_id, :record_id, 1, :case, :pusher)";
(null, :usr_id, :sbas_id, :record_id, 1, :case, :pusher)';
$params = [ $params = [
':usr_id' => $this->user->getId() ':usr_id' => $this->user->getId(),
, ':sbas_id' => $record->getDataboxId() ':sbas_id' => $record->getDataboxId(),
, ':record_id' => $record->getRecordId() ':record_id' => $record->getRecordId(),
, ':case' => $action ':case' => $action,
, ':pusher' => $pusher->getId() ':pusher' => $pusher->getId()
]; ];
$stmt = $this->app->getApplicationBox()->get_connection()->prepare($sql); $stmt = $this->app->getApplicationBox()->get_connection()->prepare($sql);
@@ -203,10 +220,10 @@ class ACL implements cache_cacheableInterface
public function grant_preview_on(RecordReferenceInterface $record, User $pusher, $action) public function grant_preview_on(RecordReferenceInterface $record, User $pusher, $action)
{ {
$sql = 'REPLACE INTO records_rights $sql = "REPLACE INTO records_rights\n"
(id, usr_id, sbas_id, record_id, preview, `case`, pusher_usr_id) . " (id, usr_id, sbas_id, record_id, preview, `case`, pusher_usr_id)\n"
VALUES . " VALUES\n"
(null, :usr_id, :sbas_id, :record_id, 1, :case, :pusher)'; . " (null, :usr_id, :sbas_id, :record_id, 1, :case, :pusher)";
$params = [ $params = [
':usr_id' => $this->user->getId() ':usr_id' => $this->user->getId()
@@ -279,11 +296,11 @@ class ACL implements cache_cacheableInterface
if ($subdef_class == databox_subdef::CLASS_THUMBNAIL) { if ($subdef_class == databox_subdef::CLASS_THUMBNAIL) {
$granted = true; $granted = true;
} elseif ($subdef_class == databox_subdef::CLASS_PREVIEW && $this->has_right_on_base($record->getBaseId(), 'candwnldpreview')) { } elseif ($subdef_class == databox_subdef::CLASS_PREVIEW && $this->has_right_on_base($record->getBaseId(), self::CANDWNLDPREVIEW)) {
$granted = true; $granted = true;
} elseif ($subdef_class == databox_subdef::CLASS_PREVIEW && $this->has_preview_grant($record)) { } elseif ($subdef_class == databox_subdef::CLASS_PREVIEW && $this->has_preview_grant($record)) {
$granted = true; $granted = true;
} elseif ($subdef_class == databox_subdef::CLASS_DOCUMENT && $this->has_right_on_base($record->getBaseId(), 'candwnldhd')) { } elseif ($subdef_class == databox_subdef::CLASS_DOCUMENT && $this->has_right_on_base($record->getBaseId(), self::CANDWNLDHD)) {
$granted = true; $granted = true;
} elseif ($subdef_class == databox_subdef::CLASS_DOCUMENT && $this->has_hd_grant($record)) { } elseif ($subdef_class == databox_subdef::CLASS_DOCUMENT && $this->has_hd_grant($record)) {
$granted = true; $granted = true;
@@ -448,10 +465,10 @@ class ACL implements cache_cacheableInterface
} }
/** /**
* * @param $base_id
* @param int $base_id * @param $right
* @param string $right * @return bool
* @return boolean * @throws Exception
*/ */
public function has_right_on_base($base_id, $right) public function has_right_on_base($base_id, $right)
{ {
@@ -472,9 +489,8 @@ class ACL implements cache_cacheableInterface
} }
/** /**
* * @param string|null $option
* @param <type> $option * @return string
* @return <type>
*/ */
public function get_cache_key($option = null) public function get_cache_key($option = null)
{ {
@@ -482,9 +498,7 @@ class ACL implements cache_cacheableInterface
} }
/** /**
* * @param string|null $option
* @param <type> $option
* @return <type>
*/ */
public function delete_data_from_cache($option = null) public function delete_data_from_cache($option = null)
{ {
@@ -508,13 +522,12 @@ class ACL implements cache_cacheableInterface
break; break;
} }
return $this->app->getApplicationBox()->delete_data_from_cache($this->get_cache_key($option)); $this->app->getApplicationBox()->delete_data_from_cache($this->get_cache_key($option));
} }
/** /**
* * @param string|null $option
* @param <type> $option * @return array
* @return <type>
*/ */
public function get_data_from_cache($option = null) public function get_data_from_cache($option = null)
{ {
@@ -522,11 +535,10 @@ class ACL implements cache_cacheableInterface
} }
/** /**
* * @param $value
* @param <type> $value * @param string|null $option
* @param <type> $option * @param int $duration
* @param <type> $duration * @return bool
* @return <type>
*/ */
public function set_data_to_cache($value, $option = null, $duration = 0) public function set_data_to_cache($value, $option = null, $duration = 0)
{ {
@@ -824,8 +836,7 @@ class ACL implements cache_cacheableInterface
} catch (\Exception $e) { } catch (\Exception $e) {
} }
$sql = 'SELECT sbas_id, record_id, preview, document $sql = "SELECT sbas_id, record_id, preview, document FROM records_rights WHERE usr_id = :usr_id";
FROM records_rights WHERE usr_id = :usr_id';
$stmt = $this->app->getApplicationBox()->get_connection()->prepare($sql); $stmt = $this->app->getApplicationBox()->get_connection()->prepare($sql);
$stmt->execute([':usr_id' => $this->user->getId()]); $stmt->execute([':usr_id' => $this->user->getId()]);
@@ -844,8 +855,8 @@ class ACL implements cache_cacheableInterface
} }
$datas = [ $datas = [
'preview' => $this->_rights_records_preview 'preview' => $this->_rights_records_preview,
, 'document' => $this->_rights_records_document 'document' => $this->_rights_records_document
]; ];
$this->set_data_to_cache($datas, self::CACHE_RIGHTS_RECORDS); $this->set_data_to_cache($datas, self::CACHE_RIGHTS_RECORDS);
@@ -883,9 +894,7 @@ class ACL implements cache_cacheableInterface
} }
$sql = 'SELECT sbasusr.* FROM sbasusr, sbas $sql = "SELECT sbasusr.* FROM sbasusr INNER JOIN sbas USING(sbas_id) WHERE usr_id= :usr_id";
WHERE usr_id= :usr_id
AND sbas.sbas_id = sbasusr.sbas_id';
$stmt = $this->app->getApplicationBox()->get_connection()->prepare($sql); $stmt = $this->app->getApplicationBox()->get_connection()->prepare($sql);
$stmt->execute([':usr_id' => $this->user->getId()]); $stmt->execute([':usr_id' => $this->user->getId()]);
@@ -900,20 +909,12 @@ class ACL implements cache_cacheableInterface
$this->_global_rights['bas_chupub'] = false; $this->_global_rights['bas_chupub'] = false;
foreach ($rs as $row) { foreach ($rs as $row) {
$sbid = $row['sbas_id'];
if ($row['bas_modif_th'] == '1') $this->_rights_sbas[$sbid] = [];
$this->_global_rights['bas_modif_th'] = true; $this->_global_rights['bas_modif_th'] |= ($this->_rights_sbas[$sbid]['bas_modif_th'] = ($row['bas_modif_th'] == '1'));
if ($row['bas_modify_struct'] == '1') $this->_global_rights['bas_modify_struct'] |= ($this->_rights_sbas[$sbid]['bas_modify_struct'] = ($row['bas_modify_struct'] == '1'));
$this->_global_rights['bas_modify_struct'] = true; $this->_global_rights['bas_manage'] |= ($this->_rights_sbas[$sbid]['bas_manage'] = ($row['bas_manage'] == '1'));
if ($row['bas_manage'] == '1') $this->_global_rights['bas_chupub'] |= ($this->_rights_sbas[$sbid]['bas_chupub'] = ($row['bas_chupub'] == '1'));
$this->_global_rights['bas_manage'] = true;
if ($row['bas_chupub'] == '1')
$this->_global_rights['bas_chupub'] = true;
$this->_rights_sbas[$row['sbas_id']]['bas_modify_struct'] = ($row['bas_modify_struct'] == '1');
$this->_rights_sbas[$row['sbas_id']]['bas_manage'] = ($row['bas_manage'] == '1');
$this->_rights_sbas[$row['sbas_id']]['bas_chupub'] = ($row['bas_chupub'] == '1');
$this->_rights_sbas[$row['sbas_id']]['bas_modif_th'] = ($row['bas_modif_th'] == '1');
} }
$this->set_data_to_cache($this->_rights_sbas, self::CACHE_RIGHTS_SBAS); $this->set_data_to_cache($this->_rights_sbas, self::CACHE_RIGHTS_SBAS);
$this->set_data_to_cache($this->_global_rights, self::CACHE_GLOBAL_RIGHTS); $this->set_data_to_cache($this->_global_rights, self::CACHE_GLOBAL_RIGHTS);
@@ -956,9 +957,9 @@ class ACL implements cache_cacheableInterface
} }
$sql = "SELECT u.* FROM basusr u, bas b, sbas s\n" $sql = "SELECT u.* FROM basusr u, bas b, sbas s\n"
. "WHERE usr_id= :usr_id\n" . " WHERE usr_id= :usr_id\n"
. "AND b.base_id = u.base_id\n" . " AND b.base_id = u.base_id\n"
. "AND s.sbas_id = b.sbas_id"; . " AND s.sbas_id = b.sbas_id";
$stmt = $this->app->getApplicationBox()->get_connection()->prepare($sql); $stmt = $this->app->getApplicationBox()->get_connection()->prepare($sql);
$stmt->execute([':usr_id' => $this->user->getId()]); $stmt->execute([':usr_id' => $this->user->getId()]);
@@ -967,55 +968,25 @@ class ACL implements cache_cacheableInterface
$this->_rights_bas = $this->_limited = []; $this->_rights_bas = $this->_limited = [];
$this->_global_rights['manageusers'] = false; $this->_global_rights[self::CANADMIN] = false;
$this->_global_rights['coll_manage'] = false; $this->_global_rights[self::COLL_MANAGE] = false;
$this->_global_rights['coll_modify_struct'] = false; $this->_global_rights[self::COLL_MODIFY_STRUCT] = false;
$this->_global_rights['order'] = false; $this->_global_rights['order'] = false;
$this->_global_rights['push'] = false; $this->_global_rights['push'] = false;
$this->_global_rights['addrecord'] = false; $this->_global_rights[self::CANADDRECORD] = false;
$this->_global_rights['modifyrecord'] = false; $this->_global_rights[self::CANMODIFRECORD] = false;
$this->_global_rights['changestatus'] = false; $this->_global_rights[self::CHGSTATUS] = false;
$this->_global_rights['doctools'] = false; $this->_global_rights[self::IMGTOOLS] = false;
$this->_global_rights['deleterecord'] = false; $this->_global_rights[self::CANDELETERECORD] = false;
$this->_global_rights['addtoalbum'] = false; $this->_global_rights[self::CANPUTINALBUM] = false;
$this->_global_rights['report'] = false; $this->_global_rights['report'] = false;
$this->_global_rights['candwnldpreview'] = false; $this->_global_rights[self::CANDWNLDPREVIEW] = false;
$this->_global_rights['candwnldhd'] = false; $this->_global_rights[self::CANDWNLDHD] = false;
$this->_global_rights['order_master'] = false; $this->_global_rights[self::ORDER_MASTER] = false;
foreach ($rs as $row) { foreach ($rs as $row) {
$this->_rights_bas[$row['base_id']]['actif'] = ($row['actif'] == '1'); $bid = $row['base_id'];
$this->_rights_bas[$bid]['actif'] = ($row['actif'] == '1');
if ($row['canadmin'] == '1')
$this->_global_rights['manageusers'] = true;
if ($row['manage'] == '1')
$this->_global_rights['coll_manage'] = true;
if ($row['modify_struct'] == '1')
$this->_global_rights['coll_modify_struct'] = true;
if ($row['cancmd'] == '1')
$this->_global_rights['order'] = true;
if ($row['canpush'] == '1')
$this->_global_rights['push'] = true;
if ($row['canaddrecord'] == '1')
$this->_global_rights['addrecord'] = true;
if ($row['canmodifrecord'] == '1')
$this->_global_rights['modifyrecord'] = true;
if ($row['chgstatus'] == '1')
$this->_global_rights['changestatus'] = true;
if ($row['imgtools'] == '1')
$this->_global_rights['doctools'] = true;
if ($row['candeleterecord'] == '1')
$this->_global_rights['deleterecord'] = true;
if ($row['canputinalbum'] == '1')
$this->_global_rights['addtoalbum'] = true;
if ($row['canreport'] == '1')
$this->_global_rights['report'] = true;
if ($row['candwnldpreview'] == '1')
$this->_global_rights['candwnldpreview'] = true;
if ($row['candwnldhd'] == '1')
$this->_global_rights['candwnldhd'] = true;
if ($row['order_master'] == '1')
$this->_global_rights['order_master'] = true;
$row['limited_from'] = $row['limited_from'] == '0000-00-00 00:00:00' ? '' : trim($row['limited_from']); $row['limited_from'] = $row['limited_from'] == '0000-00-00 00:00:00' ? '' : trim($row['limited_from']);
$row['limited_to'] = $row['limited_to'] == '0000-00-00 00:00:00' ? '' : trim($row['limited_to']); $row['limited_to'] = $row['limited_to'] == '0000-00-00 00:00:00' ? '' : trim($row['limited_to']);
@@ -1023,54 +994,41 @@ class ACL implements cache_cacheableInterface
if ($row['time_limited'] == '1' if ($row['time_limited'] == '1'
&& ($row['limited_from'] !== '' || $row['limited_to'] !== '')) { && ($row['limited_from'] !== '' || $row['limited_to'] !== '')) {
$this->_limited[$row['base_id']] = [ $this->_limited[$row['base_id']] = [
'dmin' => $row['limited_from'] ? new DateTime($row['limited_from']) : null 'dmin' => $row['limited_from'] ? new DateTime($row['limited_from']) : null,
, 'dmax' => $row['limited_to'] ? new DateTime($row['limited_to']) : null 'dmax' => $row['limited_to'] ? new DateTime($row['limited_to']) : null
]; ];
} }
$this->_rights_bas[$row['base_id']]['imgtools'] $this->_global_rights[self::IMGTOOLS] |= ($this->_rights_bas[$bid][self::IMGTOOLS] = ($row['imgtools'] == '1'));
= $row['imgtools'] == '1'; $this->_global_rights[self::CHGSTATUS] |= ($this->_rights_bas[$bid][self::CHGSTATUS] = ($row['chgstatus'] == '1'));
$this->_global_rights['order'] |= ($this->_rights_bas[$bid]['cancmd'] = ($row['cancmd'] == '1'));
$this->_global_rights[self::CANADDRECORD] |= ($this->_rights_bas[$bid][self::CANADDRECORD] = ($row['canaddrecord'] == '1'));
$this->_global_rights['push'] |= ($this->_rights_bas[$bid]['canpush'] = ($row['canpush'] == '1'));
$this->_global_rights[self::CANDELETERECORD] |= ($this->_rights_bas[$bid][self::CANDELETERECORD] = ($row['candeleterecord'] == '1'));
$this->_global_rights[self::CANADMIN] |= ($this->_rights_bas[$bid][self::CANADMIN] = ($row['canadmin'] == '1'));
$this->_global_rights[self::CANDWNLDPREVIEW] |= ($this->_rights_bas[$bid][self::CANDWNLDPREVIEW] = ($row['candwnldpreview'] == '1'));
$this->_global_rights[self::CANDWNLDHD] |= ($this->_rights_bas[$bid][self::CANDWNLDHD] = ($row['candwnldhd'] == '1'));
$this->_global_rights[self::CANMODIFRECORD] |= ($this->_rights_bas[$bid][self::CANMODIFRECORD] = ($row['canmodifrecord'] == '1'));
$this->_global_rights[self::CANPUTINALBUM] |= ($this->_rights_bas[$bid][self::CANPUTINALBUM] = ($row['canputinalbum'] == '1'));
$this->_global_rights['report'] |= ($this->_rights_bas[$bid]['canreport'] = ($row['canreport'] == '1'));
$this->_global_rights[self::COLL_MODIFY_STRUCT] |= ($this->_rights_bas[$bid][self::COLL_MODIFY_STRUCT] = ($row['modify_struct'] == '1'));
$this->_global_rights[self::COLL_MANAGE] |= ($this->_rights_bas[$bid][self::COLL_MANAGE] = ($row['manage'] == '1'));
$this->_global_rights[self::ORDER_MASTER] |= ($this->_rights_bas[$bid][self::ORDER_MASTER] = ($row[\ACL::ORDER_MASTER] == '1'));
$this->_rights_bas[$bid]['nowatermark'] = ($row['nowatermark'] == '1');
$this->_rights_bas[$bid]['restrict_dwnld'] = ($row['restrict_dwnld'] == '1');
$this->_rights_bas[$bid]['remain_dwnld'] = (int) $row['remain_dwnld'];
$this->_rights_bas[$bid]['mask_and'] = (int) $row['mask_and'];
$this->_rights_bas[$bid]['mask_xor'] = (int) $row['mask_xor'];
$this->_rights_bas[$row['base_id']]['chgstatus'] $row['limited_from'] = $row['limited_from'] == '0000-00-00 00:00:00' ? '' : trim($row['limited_from']);
= $row['chgstatus'] == '1'; $row['limited_to'] = $row['limited_to'] == '0000-00-00 00:00:00' ? '' : trim($row['limited_to']);
$this->_rights_bas[$row['base_id']]['cancmd']
= $row['cancmd'] == '1'; if ($row['time_limited'] == '1' && ($row['limited_from'] !== '' || $row['limited_to'] !== '')) {
$this->_rights_bas[$row['base_id']]['canaddrecord'] $this->_limited[$row['base_id']] = [
= $row['canaddrecord'] == '1'; 'dmin' => $row['limited_from'] ? new DateTime($row['limited_from']) : null,
$this->_rights_bas[$row['base_id']]['canpush'] 'dmax' => $row['limited_to'] ? new DateTime($row['limited_to']) : null
= $row['canpush'] == '1'; ];
$this->_rights_bas[$row['base_id']]['candeleterecord'] }
= $row['candeleterecord'] == '1';
$this->_rights_bas[$row['base_id']]['canadmin']
= $row['canadmin'] == '1';
$this->_rights_bas[$row['base_id']]['chgstatus']
= $row['chgstatus'] == '1';
$this->_rights_bas[$row['base_id']]['candwnldpreview']
= $row['candwnldpreview'] == '1';
$this->_rights_bas[$row['base_id']]['candwnldhd']
= $row['candwnldhd'] == '1';
$this->_rights_bas[$row['base_id']]['nowatermark']
= $row['nowatermark'] == '1';
$this->_rights_bas[$row['base_id']]['restrict_dwnld']
= $row['restrict_dwnld'] == '1';
$this->_rights_bas[$row['base_id']]['remain_dwnld']
= (int) $row['remain_dwnld'];
$this->_rights_bas[$row['base_id']]['canmodifrecord']
= $row['canmodifrecord'] == '1';
$this->_rights_bas[$row['base_id']]['canputinalbum']
= $row['canputinalbum'] == '1';
$this->_rights_bas[$row['base_id']]['canreport']
= $row['canreport'] == '1';
$this->_rights_bas[$row['base_id']]['mask_and']
= (int) $row['mask_and'];
$this->_rights_bas[$row['base_id']]['mask_xor']
= (int) $row['mask_xor'];
$this->_rights_bas[$row['base_id']]['modify_struct']
= $row['modify_struct'] == '1';
$this->_rights_bas[$row['base_id']]['manage']
= $row['manage'] == '1';
$this->_rights_bas[$row['base_id']]['order_master']
= $row['order_master'] == '1';
} }
$this->set_data_to_cache($this->_global_rights, self::CACHE_GLOBAL_RIGHTS); $this->set_data_to_cache($this->_global_rights, self::CACHE_GLOBAL_RIGHTS);
@@ -1106,17 +1064,17 @@ class ACL implements cache_cacheableInterface
case 'admin': case 'admin':
return ( return (
($this->has_right('bas_modify_struct') || ($this->has_right('bas_modify_struct') ||
$this->has_right('coll_modify_struct') || $this->has_right(self::COLL_MODIFY_STRUCT) ||
$this->has_right('bas_manage') || $this->has_right('bas_manage') ||
$this->has_right('coll_manage') || $this->has_right(self::COLL_MANAGE) ||
$this->has_right('manageusers') || $this->has_right(self::CANADMIN) ||
$this->is_admin()) ); $this->is_admin()) );
break; break;
case 'thesaurus': case 'thesaurus':
return ($this->has_right('bas_modif_th') === true ); return ($this->has_right('bas_modif_th') === true );
break; break;
case 'upload': case 'upload':
return ($this->has_right('addrecord') === true); return ($this->has_right(self::CANADDRECORD) === true);
break; break;
case 'report': case 'report':
return ($this->has_right('report') === true); return ($this->has_right('report') === true);
@@ -1168,48 +1126,31 @@ class ACL implements cache_cacheableInterface
*/ */
public function give_access_to_base(Array $base_ids) public function give_access_to_base(Array $base_ids)
{ {
$sql_ins = 'INSERT INTO basusr (id, base_id, usr_id, actif) $sql = "INSERT INTO basusr (id, base_id, usr_id, actif)\n"
VALUES (null, :base_id, :usr_id, "1")'; . "VALUES (null, :base_id, :usr_id, '1')\n"
$stmt_ins = $this->app->getApplicationBox()->get_connection()->prepare($sql_ins); . "ON DUPLICATE KEY UPDATE actif='1";
$stmt = $this->app->getApplicationBox()->get_connection()->prepare($sql);
$usr_id = $this->user->getId(); $usr_id = $this->user->getId();
$to_update = [];
$this->load_rights_bas(); $this->load_rights_bas();
foreach ($base_ids as $base_id) { foreach ($base_ids as $base_id) {
if (!isset($this->_rights_bas[$base_id])) { if (!isset($this->_rights_bas[$base_id]) || $this->_rights_bas[$base_id]['actif'] === false) {
try { $stmt->execute([':base_id' => $base_id, ':usr_id' => $usr_id]);
$stmt_ins->execute([':base_id' => $base_id, ':usr_id' => $usr_id]); if($stmt->rowCount() > 0) {
} catch (DBALException $e) { $this->app['dispatcher']->dispatch(
// if (null !== $e) { AclEvents::ACCESS_TO_BASE_GRANTED,
// var_dump(get_class($e->getPrevious())); new AccessToBaseGrantedEvent(
// } $this,
if (($e->getCode() == 23000)) { array(
$to_update[] = $base_id; 'base_id'=>$base_id
} )
)
);
} }
} elseif ($this->_rights_bas[$base_id]['actif'] === false) {
$to_update[] = $base_id;
} }
} }
$stmt_ins->closeCursor(); $stmt->closeCursor();
$sql_upd = 'UPDATE basusr SET actif="1"
WHERE usr_id = :usr_id AND base_id = :base_id';
$stmt_upd = $this->app->getApplicationBox()->get_connection()->prepare($sql_upd);
foreach ($to_update as $base_id) {
$stmt_upd->execute([':usr_id' => $usr_id, ':base_id' => $base_id]);
$this->app['dispatcher']->dispatch(
AclEvents::ACCESS_TO_BASE_GRANTED,
new AccessToBaseGrantedEvent(
$this,
array(
'base_id'=>$base_id
)
)
);
}
$stmt_upd->closeCursor();
$this->delete_data_from_cache(self::CACHE_RIGHTS_BAS); $this->delete_data_from_cache(self::CACHE_RIGHTS_BAS);
$this->inject_rights(); $this->inject_rights();
@@ -1358,23 +1299,21 @@ class ACL implements cache_cacheableInterface
$sql_args = []; $sql_args = [];
$usr_id = $this->user->getId(); $usr_id = $this->user->getId();
$params = [':sbas_id' => $sbas_id, ':usr_id' => $usr_id];
foreach ($rights as $right => $v) { foreach ($rights as $right => $v) {
$sql_args[] = " " . $right . " = :" . $right; $sql_args[] = "`" . $right . "`=" . ($v ? '1' : '0');
$params[':' . $right] = $v ? '1' : '0';
} }
if (count($sql_args) == 0) { if (count($sql_args) == 0) {
return $this; return $this;
} }
$sql_up .= implode(', ', $sql_args) . ' $sql_up .= implode(', ', $sql_args) . "\n"
WHERE sbas_id = :sbas_id AND usr_id = :usr_id'; . " WHERE sbas_id = :sbas_id AND usr_id = :usr_id";
$stmt_up = $this->app->getApplicationBox()->get_connection()->prepare($sql_up); $stmt_up = $this->app->getApplicationBox()->get_connection()->prepare($sql_up);
if (!$stmt_up->execute($params)) { if (!$stmt_up->execute([':sbas_id' => $sbas_id, ':usr_id' => $usr_id])) {
throw new Exception('Error while updating some rights'); throw new Exception('Error while updating some rights');
} }
$stmt_up->closeCursor(); $stmt_up->closeCursor();
@@ -1401,9 +1340,8 @@ class ACL implements cache_cacheableInterface
*/ */
public function remove_quotas_on_base($base_id) public function remove_quotas_on_base($base_id)
{ {
$sql = 'UPDATE basusr $sql = "UPDATE basusr SET remain_dwnld = 0, restrict_dwnld = 0, month_dwnld_max = 0\n"
SET remain_dwnld = 0, restrict_dwnld = 0, month_dwnld_max = 0 . " WHERE usr_id = :usr_id AND base_id = :base_id";
WHERE usr_id = :usr_id AND base_id = :base_id ';
$stmt = $this->app->getApplicationBox()->get_connection()->prepare($sql); $stmt = $this->app->getApplicationBox()->get_connection()->prepare($sql);
$stmt->execute([':usr_id' => $this->user->getId(), ':base_id' => $base_id]); $stmt->execute([':usr_id' => $this->user->getId(), ':base_id' => $base_id]);
@@ -1427,16 +1365,15 @@ class ACL implements cache_cacheableInterface
public function update_download_restrictions() public function update_download_restrictions()
{ {
$sql = 'UPDATE basusr SET remain_dwnld = month_dwnld_max $sql = "UPDATE basusr SET remain_dwnld = month_dwnld_max\n"
WHERE actif = 1 . " WHERE actif = 1"
AND usr_id = :usr_id . " AND usr_id = :usr_id"
AND MONTH(lastconn) != MONTH(NOW()) AND restrict_dwnld = 1'; . " AND MONTH(lastconn) != MONTH(NOW()) AND restrict_dwnld = 1'";
$stmt = $this->app->getApplicationBox()->get_connection()->prepare($sql); $stmt = $this->app->getApplicationBox()->get_connection()->prepare($sql);
$stmt->execute([':usr_id' => $this->user->getId()]); $stmt->execute([':usr_id' => $this->user->getId()]);
$stmt->closeCursor(); $stmt->closeCursor();
$sql = "UPDATE basusr SET lastconn=now() $sql = "UPDATE basusr SET lastconn=now() WHERE usr_id = :usr_id AND actif = 1";
WHERE usr_id = :usr_id AND actif = 1";
$stmt = $this->app->getApplicationBox()->get_connection()->prepare($sql); $stmt = $this->app->getApplicationBox()->get_connection()->prepare($sql);
$stmt->execute([':usr_id' => $this->user->getId()]); $stmt->execute([':usr_id' => $this->user->getId()]);
$stmt->closeCursor(); $stmt->closeCursor();
@@ -1463,9 +1400,8 @@ class ACL implements cache_cacheableInterface
*/ */
public function set_quotas_on_base($base_id, $droits, $restes) public function set_quotas_on_base($base_id, $droits, $restes)
{ {
$sql = 'UPDATE basusr $sql = "UPDATE basusr SET remain_dwnld = :restes, restrict_dwnld = 1, month_dwnld_max = :droits\n"
SET remain_dwnld = :restes, restrict_dwnld = 1, month_dwnld_max = :droits . " WHERE usr_id = :usr_id AND base_id = :base_id";
WHERE usr_id = :usr_id AND base_id = :base_id ';
$params = [ $params = [
':usr_id' => $this->user->getId(), ':usr_id' => $this->user->getId(),
@@ -1498,8 +1434,7 @@ class ACL implements cache_cacheableInterface
public function duplicate_right_from_bas($base_id_from, $base_id_dest) public function duplicate_right_from_bas($base_id_from, $base_id_dest)
{ {
$sql = 'SELECT * FROM basusr $sql = "SELECT * FROM basusr WHERE base_id = :base_from AND usr_id = :usr_id";
WHERE base_id = :base_from AND usr_id = :usr_id';
$params = [ $params = [
':base_from' => $base_id_from, ':base_from' => $base_id_from,
@@ -1522,16 +1457,12 @@ class ACL implements cache_cacheableInterface
'mask_xor' => $row['mask_xor'], 'mask_xor' => $row['mask_xor'],
]; ];
if ($row['canputinalbum']) $rights[self::CANPUTINALBUM] = ($row['canputinalbum'] == '1');
$rights['canputinalbum'] = true; $rights[self::CANDWNLDHD] = ($row['candwnldhd'] == '1');
if ($row['candwnldhd']) $rights[self::CANDWNLDPREVIEW] = ($row['candwnldpreview'] == '1');
$rights['candwnldhd'] = true;
if ($row['candwnldpreview'])
$rights['candwnldpreview'] = true;
if ($row['cancmd']) if ($row['cancmd'])
$rights['cancmd'] = true; $rights['cancmd'] = true;
if ($row['canadmin']) $rights[self::CANADMIN] = ($row['canadmin'] == '1');
$rights['canadmin'] = true;
if ($row['canreport']) if ($row['canreport'])
$rights['canreport'] = true; $rights['canreport'] = true;
if ($row['canpush']) if ($row['canpush'])
@@ -1540,18 +1471,12 @@ class ACL implements cache_cacheableInterface
$rights['nowatermark'] = true; $rights['nowatermark'] = true;
if ($row['canaddrecord']) if ($row['canaddrecord'])
$rights['canaddrecord'] = true; $rights['canaddrecord'] = true;
if ($row['canmodifrecord']) $rights[self::CANMODIFRECORD] = ($row['canmodifrecord' == '1']);
$rights['canmodifrecord'] = true; $rights[self::CANDELETERECORD] = ($row['candeleterecord'] == '1');
if ($row['candeleterecord']) $rights[self::CHGSTATUS] = ($row['chgstatus'] == '1');
$rights['candeleterecord'] = true; $rights[self::IMGTOOLS] = ($row['imgtools'] == '1');
if ($row['chgstatus']) $rights[self::COLL_MANAGE] = ($row['manage'] == '1');
$rights['chgstatus'] = true; $rights[self::COLL_MODIFY_STRUCT] = ($row['modify_struct'] == '1');
if ($row['imgtools'])
$rights['imgtools'] = true;
if ($row['manage'])
$rights['manage'] = true;
if ($row['modify_struct'])
$rights['modify_struct'] = true;
$this->update_rights_to_base($base_id_dest, $rights); $this->update_rights_to_base($base_id_dest, $rights);
@@ -1695,6 +1620,13 @@ class ACL implements cache_cacheableInterface
return $lim_max || $lim_min; return $lim_max || $lim_min;
} }
/**
* returns date limits ['dmin'=>x, 'dmax'=>y] with x,y : NullableDateTime
*
*
* @param $base_id
* @return array|null
*/
public function get_limits($base_id) public function get_limits($base_id)
{ {
$this->load_rights_bas(); $this->load_rights_bas();
@@ -1753,7 +1685,7 @@ class ACL implements cache_cacheableInterface
{ {
// a user can see the business fields if he has at least the right on one collection to edit a record // a user can see the business fields if he has at least the right on one collection to edit a record
foreach($databox->get_collections() as $collection) { foreach($databox->get_collections() as $collection) {
if ($this->has_access_to_base($collection->get_base_id()) && $this->has_right_on_base($collection->get_base_id(), 'canmodifrecord')) { if ($this->has_access_to_base($collection->get_base_id()) && $this->has_right_on_base($collection->get_base_id(), self::CANMODIFRECORD)) {
return true; return true;
} }
} }
@@ -1768,7 +1700,7 @@ class ACL implements cache_cacheableInterface
*/ */
public function getOrderMasterCollectionsBaseIds() public function getOrderMasterCollectionsBaseIds()
{ {
$sql = 'SELECT base_id FROM basusr WHERE order_master="1" AND usr_id= :usr_id'; $sql = "SELECT base_id FROM basusr WHERE order_master='1' AND usr_id= :usr_id";
$result = $this->app->getApplicationBox() $result = $this->app->getApplicationBox()
->get_connection() ->get_connection()
->executeQuery($sql, [':usr_id' => $this->user->getId()]) ->executeQuery($sql, [':usr_id' => $this->user->getId()])
@@ -1819,8 +1751,7 @@ class ACL implements cache_cacheableInterface
*/ */
public function set_order_master(\collection $collection, $bool) public function set_order_master(\collection $collection, $bool)
{ {
$sql = 'UPDATE basusr SET order_master = :master $sql = "UPDATE basusr SET order_master = :master WHERE usr_id = :usr_id AND base_id = :base_id";
WHERE usr_id = :usr_id AND base_id = :base_id';
$stmt = $this->app->getApplicationBox()->get_connection()->prepare($sql); $stmt = $this->app->getApplicationBox()->get_connection()->prepare($sql);
$stmt->execute([ $stmt->execute([

32
lib/classes/databox.php
View File

@@ -1155,22 +1155,22 @@ class databox extends base implements ThumbnailedElement
foreach ($base_ids as $base_id) { foreach ($base_ids as $base_id) {
$this->app->getAclForUser($user)->update_rights_to_base($base_id, [ $this->app->getAclForUser($user)->update_rights_to_base($base_id, [
'canpush' => 1, \ACL::CANPUSH => 1,
'cancmd' => 1, \ACL::CANCMD => 1,
'canputinalbum' => 1, \ACL::CANPUTINALBUM => 1,
'candwnldhd' => 1, \ACL::CANDWNLDHD => 1,
'candwnldpreview' => 1, \ACL::CANDWNLDPREVIEW => 1,
'canadmin' => 1, \ACL::CANADMIN => 1,
'actif' => 1, \ACL::ACTIF => 1,
'canreport' => 1, \ACL::CANREPORT => 1,
'canaddrecord' => 1, \ACL::CANADDRECORD => 1,
'canmodifrecord' => 1, \ACL::CANMODIFRECORD => 1,
'candeleterecord' => 1, \ACL::CANDELETERECORD => 1,
'chgstatus' => 1, \ACL::CHGSTATUS => 1,
'imgtools' => 1, \ACL::IMGTOOLS => 1,
'manage' => 1, \ACL::MANAGE => 1,
'modify_struct' => 1, \ACL::MODIFY_STRUCT => 1,
'nowatermark' => 1 \ACL::NOWATERMARK => 1
]); ]);
} }

2
lib/classes/databox/status.php
View File

@@ -24,7 +24,7 @@ class databox_status
foreach ($app->getAclForUser($app->getAuthenticatedUser())->get_granted_sbas() as $databox) { foreach ($app->getAclForUser($app->getAuthenticatedUser())->get_granted_sbas() as $databox) {
$see_all = false; $see_all = false;
foreach ($databox->get_collections() as $collection) { foreach ($databox->get_collections() as $collection) {
if ($app->getAclForUser($app->getAuthenticatedUser())->has_right_on_base($collection->get_base_id(), 'chgstatus')) { if ($app->getAclForUser($app->getAuthenticatedUser())->has_right_on_base($collection->get_base_id(), \ACL::CHGSTATUS)) {
$see_all = true; $see_all = true;
break; break;
} }

2
lib/classes/eventsmanager/notify/autoregister.php
View File

@@ -73,6 +73,6 @@ class eventsmanager_notify_autoregister extends eventsmanager_notifyAbstract
return false; return false;
} }
return $this->app->getAclForUser($user)->has_right('manageusers'); return $this->app->getAclForUser($user)->has_right(\ACL::CANADMIN);
} }
} }

2
lib/classes/eventsmanager/notify/order.php
View File

@@ -75,6 +75,6 @@ class eventsmanager_notify_order extends eventsmanager_notifyAbstract
*/ */
public function is_available(User $user) public function is_available(User $user)
{ {
return $this->app->getAclForUser($user)->has_right('order_master'); return $this->app->getAclForUser($user)->has_right(\ACL::ORDER_MASTER);
} }
} }

2
lib/classes/eventsmanager/notify/register.php
View File

@@ -75,6 +75,6 @@ class eventsmanager_notify_register extends eventsmanager_notifyAbstract
return false; return false;
} }
return $this->app->getAclForUser($user)->has_right('manageusers'); return $this->app->getAclForUser($user)->has_right(\ACL::CANADMIN);
} }
} }

2
lib/classes/eventsmanager/notify/uploadquarantine.php
View File

@@ -75,6 +75,6 @@ class eventsmanager_notify_uploadquarantine extends eventsmanager_notifyAbstract
*/ */
public function is_available(User $user) public function is_available(User $user)
{ {
return $this->app->getAclForUser($user)->has_right('addrecord'); return $this->app->getAclForUser($user)->has_right(\ACL::CANADDRECORD);
} }
} }

6
lib/classes/record/exportElement.php
View File

@@ -99,10 +99,10 @@ class record_exportElement extends record_adapter
'thumbnail' => true 'thumbnail' => true
]; ];
if ($this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_base($this->getBaseId(), 'candwnldhd')) { if ($this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_base($this->getBaseId(), \ACL::CANDWNLDHD)) {
$go_dl['document'] = true; $go_dl['document'] = true;
} }
if ($this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_base($this->getBaseId(), 'candwnldpreview')) { if ($this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_base($this->getBaseId(), \ACL::CANDWNLDPREVIEW)) {
$go_dl['preview'] = true; $go_dl['preview'] = true;
} }
if ($this->app->getAclForUser($this->app->getAuthenticatedUser())->has_hd_grant($this)) { if ($this->app->getAclForUser($this->app->getAuthenticatedUser())->has_hd_grant($this)) {
@@ -116,7 +116,7 @@ class record_exportElement extends record_adapter
$query = $this->app['phraseanet.user-query']; $query = $this->app['phraseanet.user-query'];
$masters = $query->on_base_ids([$this->getBaseId()]) $masters = $query->on_base_ids([$this->getBaseId()])
->who_have_right(['order_master']) ->who_have_right([\ACL::ORDER_MASTER])
->execute()->get_results(); ->execute()->get_results();
$go_cmd = (count($masters) > 0 && $this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_base($this->getBaseId(), 'cancmd')); $go_cmd = (count($masters) > 0 && $this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_base($this->getBaseId(), 'cancmd'));

14
lib/classes/set/export.php
View File

@@ -175,7 +175,7 @@ class set_export extends set_abstract
/** @var record_exportElement $download_element */ /** @var record_exportElement $download_element */
foreach ($this->get_elements() as $download_element) { foreach ($this->get_elements() as $download_element) {
if ($app->getAclForUser($app->getAuthenticatedUser())->has_right_on_base($download_element->getBaseId(), 'canmodifrecord')) { if ($app->getAclForUser($app->getAuthenticatedUser())->has_right_on_base($download_element->getBaseId(), \ACL::CANMODIFRECORD)) {
$this->businessFieldsAccess = true; $this->businessFieldsAccess = true;
} }
@@ -227,11 +227,11 @@ class set_export extends set_abstract
$display_ftp = []; $display_ftp = [];
$hasadminright = $app->getAclForUser($app->getAuthenticatedUser())->has_right('addrecord') $hasadminright = $app->getAclForUser($app->getAuthenticatedUser())->has_right(\ACL::CANADDRECORD)
|| $app->getAclForUser($app->getAuthenticatedUser())->has_right('deleterecord') || $app->getAclForUser($app->getAuthenticatedUser())->has_right(\ACL::CANDELETERECORD)
|| $app->getAclForUser($app->getAuthenticatedUser())->has_right('modifyrecord') || $app->getAclForUser($app->getAuthenticatedUser())->has_right(\ACL::CANMODIFRECORD)
|| $app->getAclForUser($app->getAuthenticatedUser())->has_right('coll_manage') || $app->getAclForUser($app->getAuthenticatedUser())->has_right(\ACL::COLL_MANAGE)
|| $app->getAclForUser($app->getAuthenticatedUser())->has_right('coll_modify_struct'); || $app->getAclForUser($app->getAuthenticatedUser())->has_right(\ACL::COLL_MODIFY_STRUCT);
$this->ftp_datas = []; $this->ftp_datas = [];
@@ -419,7 +419,7 @@ class set_export extends set_abstract
$BF = false; $BF = false;
if ($includeBusinessFields && $this->app->getAclForUser($user)->has_right_on_base($download_element->getBaseId(), 'canmodifrecord')) { if ($includeBusinessFields && $this->app->getAclForUser($user)->has_right_on_base($download_element->getBaseId(), \ACL::CANMODIFRECORD)) {
$BF = true; $BF = true;
} }

14
templates/web/admin/collection/collection.html.twig
View File

@@ -35,7 +35,7 @@
<li>{{ collection.get_record_amount() }} records <a class="ajax" target="rights" href="{{ path('admin_collection_display_document_details', { 'bas_id' : collection.get_base_id() }) }}">{{ 'phraseanet:: details' | trans }}</a></li> <li>{{ collection.get_record_amount() }} records <a class="ajax" target="rights" href="{{ path('admin_collection_display_document_details', { 'bas_id' : collection.get_base_id() }) }}">{{ 'phraseanet:: details' | trans }}</a></li>
</ul> </ul>
{% if app.getAclForUser(app.getAuthenticatedUser()).has_right_on_base(bas_id, 'manage') %} {% if app.getAclForUser(app.getAuthenticatedUser()).has_right_on_base(bas_id, constant('\\ACL::COLL_MANAGE')) %}
<div class="well well-small"> <div class="well well-small">
<h5>{{ 'admin::collection:: Gestionnaires des commandes' | trans }}</h5> <h5>{{ 'admin::collection:: Gestionnaires des commandes' | trans }}</h5>
<form id="admin_adder" action="{{ path('admin_collection_submit_order_admins', { 'bas_id' : bas_id }) }}" method="post" style="margin:0;"> <form id="admin_adder" action="{{ path('admin_collection_submit_order_admins', { 'bas_id' : bas_id }) }}" method="post" style="margin:0;">
@@ -144,7 +144,7 @@
<h5>{{ 'admin::base:collection: minilogo actuel' | trans }}</h5> <h5>{{ 'admin::base:collection: minilogo actuel' | trans }}</h5>
{% if collection.getLogo(bas_id, app) is not empty %} {% if collection.getLogo(bas_id, app) is not empty %}
<div class="thumbnail" style="width:120px;height:24px;margin-top:5px;margin-bottom:5px">{{ collection.getLogo(bas_id, app) | raw }}</div> <div class="thumbnail" style="width:120px;height:24px;margin-top:5px;margin-bottom:5px">{{ collection.getLogo(bas_id, app) | raw }}</div>
{% if app.getAclForUser(app.getAuthenticatedUser()).has_right_on_base(bas_id, 'manage') %} {% if app.getAclForUser(app.getAuthenticatedUser()).has_right_on_base(bas_id, constant('\\ACL::COLL_MANAGE')) %}
<form method="post" action="{{ path('admin_collection_delete_logo', { 'bas_id' : bas_id }) }}" style="margin:0;"> <form method="post" action="{{ path('admin_collection_delete_logo', { 'bas_id' : bas_id }) }}" style="margin:0;">
<button class="btn btn-danger btn-mini" > <button class="btn btn-danger btn-mini" >
<i class="icon-trash icon-white"></i> <i class="icon-trash icon-white"></i>
@@ -152,7 +152,7 @@
</button> </button>
</form> </form>
{% endif%} {% endif%}
{% elseif app.getAclForUser(app.getAuthenticatedUser()).has_right_on_base(bas_id, 'manage') %} {% elseif app.getAclForUser(app.getAuthenticatedUser()).has_right_on_base(bas_id, constant('\\ACL::COLL_MANAGE')) %}
<span>{{ 'admin::base:collection: aucun fichier (minilogo, watermark ...)' | trans }}</span> <span>{{ 'admin::base:collection: aucun fichier (minilogo, watermark ...)' | trans }}</span>
<form class="fileupload no-ajax" enctype="multipart/form-data" method="post" action="{{ path('admin_collection_submit_logo', { 'bas_id' : bas_id }) }}" style="margin:0;"> <form class="fileupload no-ajax" enctype="multipart/form-data" method="post" action="{{ path('admin_collection_submit_logo', { 'bas_id' : bas_id }) }}" style="margin:0;">
<span class="btn btn-success fileinput-button"> <span class="btn btn-success fileinput-button">
@@ -169,7 +169,7 @@
<h5>{{ "Watermark" | trans }}</h5> <h5>{{ "Watermark" | trans }}</h5>
{% if collection.getWatermark(bas_id) is not empty %} {% if collection.getWatermark(bas_id) is not empty %}
<div class="thumbnail">{{ collection.getWatermark(bas_id)| raw }}</div> <div class="thumbnail">{{ collection.getWatermark(bas_id)| raw }}</div>
{% if app.getAclForUser(app.getAuthenticatedUser()).has_right_on_base(bas_id, 'manage') %} {% if app.getAclForUser(app.getAuthenticatedUser()).has_right_on_base(bas_id, constant('\\ACL::COLL_MANAGE')) %}
<form method="post" action="{{ path('admin_collection_delete_watermark', { 'bas_id' : bas_id }) }}" style="margin:0;"> <form method="post" action="{{ path('admin_collection_delete_watermark', { 'bas_id' : bas_id }) }}" style="margin:0;">
<button class="btn btn-danger btn-mini"> <button class="btn btn-danger btn-mini">
<i class="icon-trash icon-white"></i> <i class="icon-trash icon-white"></i>
@@ -177,7 +177,7 @@
</button> </button>
</form> </form>
{% endif%} {% endif%}
{% elseif app.getAclForUser(app.getAuthenticatedUser()).has_right_on_base(bas_id, 'manage') %} {% elseif app.getAclForUser(app.getAuthenticatedUser()).has_right_on_base(bas_id, constant('\\ACL::COLL_MANAGE')) %}
<span>{{ 'admin::base:collection: aucun fichier (minilogo, watermark ...)' | trans }}</span> <span>{{ 'admin::base:collection: aucun fichier (minilogo, watermark ...)' | trans }}</span>
<form class="fileupload no-ajax" enctype="multipart/form-data" method="post" action="{{ path('admin_collection_submit_watermark', { 'bas_id' : bas_id }) }}" style="margin:0;"> <form class="fileupload no-ajax" enctype="multipart/form-data" method="post" action="{{ path('admin_collection_submit_watermark', { 'bas_id' : bas_id }) }}" style="margin:0;">
<span class="btn btn-success fileinput-button"> <span class="btn btn-success fileinput-button">
@@ -194,7 +194,7 @@
<h5>{{ "Stamp logo" | trans }}</h5> <h5>{{ "Stamp logo" | trans }}</h5>
{% if collection.getStamp(bas_id) is not empty %} {% if collection.getStamp(bas_id) is not empty %}
<div class="thumbnail" style="max-height:120px;max-width:260px">{{ collection.getStamp(bas_id)| raw }}</div> <div class="thumbnail" style="max-height:120px;max-width:260px">{{ collection.getStamp(bas_id)| raw }}</div>
{% if app.getAclForUser(app.getAuthenticatedUser()).has_right_on_base(bas_id, 'manage') %} {% if app.getAclForUser(app.getAuthenticatedUser()).has_right_on_base(bas_id, constant('\\ACL::COLL_MANAGE')) %}
<form method="post" action="{{ path('admin_collection_delete_stamp', { 'bas_id' : bas_id }) }}" style="margin:0;"> <form method="post" action="{{ path('admin_collection_delete_stamp', { 'bas_id' : bas_id }) }}" style="margin:0;">
<button class="btn btn-danger btn-mini"> <button class="btn btn-danger btn-mini">
<i class="icon-trash icon-white"></i> <i class="icon-trash icon-white"></i>
@@ -202,7 +202,7 @@
</button> </button>
</form> </form>
{% endif%} {% endif%}
{% elseif app.getAclForUser(app.getAuthenticatedUser()).has_right_on_base(bas_id, 'manage') %} {% elseif app.getAclForUser(app.getAuthenticatedUser()).has_right_on_base(bas_id, constant('\\ACL::COLL_MANAGE')) %}
<span>{{ 'admin::base:collection: aucun fichier (minilogo, watermark ...)' | trans }}</span> <span>{{ 'admin::base:collection: aucun fichier (minilogo, watermark ...)' | trans }}</span>
<form class="fileupload no-ajax" enctype="multipart/form-data" method="post" action="{{ path('admin_collection_submit_stamp', { 'bas_id' : bas_id }) }}" style="margin:0;"> <form class="fileupload no-ajax" enctype="multipart/form-data" method="post" action="{{ path('admin_collection_submit_stamp', { 'bas_id' : bas_id }) }}" style="margin:0;">
<span class="btn btn-success fileinput-button"> <span class="btn btn-success fileinput-button">

4
templates/web/admin/collection/create.html.twig
View File

@@ -32,10 +32,10 @@
</div> </div>
<div class="control-group"> <div class="control-group">
<div class="controls"> <div class="controls">
{% if app.getAclForUser(app.getAuthenticatedUser()).get_granted_base(["canadmin"]) | length > 0 %} {% if app.getAclForUser(app.getAuthenticatedUser()).get_granted_base([constant('\\ACL::CANADMIN')]) | length > 0 %}
<select id="othcollsel" name="othcollsel" disabled> <select id="othcollsel" name="othcollsel" disabled>
<option>{{ "choisir" | trans }}</option> <option>{{ "choisir" | trans }}</option>
{% for collection in app.getAclForUser(app.getAuthenticatedUser()).get_granted_base(["canadmin"]) %} {% for collection in app.getAclForUser(app.getAuthenticatedUser()).get_granted_base([constant('\\ACL::CANADMIN')]) %}
<option value="{{ collection.get_base_id() }}">{{ collection.get_label(app['locale']) }}</option> <option value="{{ collection.get_base_id() }}">{{ collection.get_label(app['locale']) }}</option>
{% endfor %} {% endfor %}
</select> </select>

2
templates/web/admin/databox/databox.html.twig
View File

@@ -155,7 +155,7 @@
<li> <li>
<form class="form-inline" method="post" action="{{ path('admin_database_mount_collection', {'databox_id': databox.get_sbas_id(), 'collection_id' : collId }) }}"> <form class="form-inline" method="post" action="{{ path('admin_database_mount_collection', {'databox_id': databox.get_sbas_id(), 'collection_id' : collId }) }}">
{% trans with {'%name%' : name} %}Monter la collection %name%{% endtrans %}<br/> {% trans with {'%name%' : name} %}Monter la collection %name%{% endtrans %}<br/>
{% if app.getAclForUser(app.getAuthenticatedUser()).get_granted_base(["canadmin"]) | length > 0 %} {% if app.getAclForUser(app.getAuthenticatedUser()).get_granted_base([constant('\\ACL::CANADMIN')]) | length > 0 %}
<label for="othcollsel">{{ "admin::base:collection: Vous pouvez choisir une collection de reference pour donenr des acces" | trans }}</label> <label for="othcollsel">{{ "admin::base:collection: Vous pouvez choisir une collection de reference pour donenr des acces" | trans }}</label>
<select id="othcollsel" name="othcollsel" > <select id="othcollsel" name="othcollsel" >
<option value="">{{ "choisir" | trans }}</option> <option value="">{{ "choisir" | trans }}</option>

26
templates/web/admin/editusers.html.twig
View File

@@ -347,16 +347,16 @@
{{_self.format_checkbox(app.getAuthenticatedUser(), rights, 'actif', users, 'base')}} {{_self.format_checkbox(app.getAuthenticatedUser(), rights, 'actif', users, 'base')}}
</td> </td>
<td class="users_col case_right_canputinalbum" title="{{ 'Allowed to add in basket' | trans }}"> <td class="users_col case_right_canputinalbum" title="{{ 'Allowed to add in basket' | trans }}">
{{_self.format_checkbox(app.getAuthenticatedUser(), rights, 'canputinalbum', users, 'base')}} {{_self.format_checkbox(app.getAuthenticatedUser(), rights, constant('\\ACL::CANPUTINALBUM'), users, 'base')}}
</td> </td>
<td class="users_col case_right_candwnldpreview" title="{{ 'Access to preview' | trans }}"> <td class="users_col case_right_candwnldpreview" title="{{ 'Access to preview' | trans }}">
{{_self.format_checkbox(app.getAuthenticatedUser(), rights, 'candwnldpreview', users, 'base')}} {{_self.format_checkbox(app.getAuthenticatedUser(), rights, constant('\\ACL::CANDWNLDPREVIEW'), users, 'base')}}
</td> </td>
<td class="users_col case_right_nowatermark" title="{{ 'Remove watermark' | trans }}"> <td class="users_col case_right_nowatermark" title="{{ 'Remove watermark' | trans }}">
{{_self.format_checkbox(app.getAuthenticatedUser(), rights, 'nowatermark', users, 'base')}} {{_self.format_checkbox(app.getAuthenticatedUser(), rights, 'nowatermark', users, 'base')}}
</td> </td>
<td class="users_col case_right_candwnldhd" title="{{ 'Access to HD' | trans }}"> <td class="users_col case_right_candwnldhd" title="{{ 'Access to HD' | trans }}">
{{_self.format_checkbox(app.getAuthenticatedUser(), rights, 'candwnldhd', users, 'base')}} {{_self.format_checkbox(app.getAuthenticatedUser(), rights, constant('\\ACL::CANDWNLDHD'), users, 'base')}}
</td> </td>
<td class="users_col case_right_cancmd" title="{{ 'Allowed to order' | trans }}"> <td class="users_col case_right_cancmd" title="{{ 'Allowed to order' | trans }}">
{{_self.format_checkbox(app.getAuthenticatedUser(), rights, 'cancmd', users, 'base')}} {{_self.format_checkbox(app.getAuthenticatedUser(), rights, 'cancmd', users, 'base')}}
@@ -395,34 +395,34 @@
<td style="text-align:center;width:100px;"></td> <td style="text-align:center;width:100px;"></td>
<td class="users_col case_right_canaddrecord" title="{{ 'Allowed to add' | trans }}"> <td class="users_col case_right_canaddrecord" title="{{ 'Allowed to add' | trans }}">
{{_self.format_checkbox(app.getAuthenticatedUser(), rights, 'canaddrecord', users, 'base')}} {{_self.format_checkbox(app.getAuthenticatedUser(), rights, constant('\\ACL::CANADDRECORD'), users, 'base')}}
</td> </td>
<td class="users_col case_right_canmodifrecord" title="{{ 'Allowed to edit' | trans }}"> <td class="users_col case_right_canmodifrecord" title="{{ 'Allowed to edit' | trans }}">
{{_self.format_checkbox(app.getAuthenticatedUser(), rights, 'canmodifrecord', users, 'base')}} {{_self.format_checkbox(app.getAuthenticatedUser(), rights, constant('\\ACL::CANMODIFRECORD'), users, 'base')}}
</td> </td>
<td class="users_col case_right_chgstatus" title="{{ 'Allowed to change statuses' | trans }}"> <td class="users_col case_right_chgstatus" title="{{ 'Allowed to change statuses' | trans }}">
{{_self.format_checkbox(app.getAuthenticatedUser(), rights, 'chgstatus', users, 'base')}} {{_self.format_checkbox(app.getAuthenticatedUser(), rights, constant('\\ACL::CHGSTATUS'), users, 'base')}}
</td> </td>
<td class="users_col case_right_candeleterecord" title="{{ 'Allowed to delete' | trans }}"> <td class="users_col case_right_candeleterecord" title="{{ 'Allowed to delete' | trans }}">
{{_self.format_checkbox(app.getAuthenticatedUser(), rights, 'candeleterecord', users, 'base')}} {{_self.format_checkbox(app.getAuthenticatedUser(), rights, constant('\\ACL::CANDELETERECORD'), users, 'base')}}
</td> </td>
<td class="users_col case_right_imgtools" title="{{ 'Access to image tools' | trans }}"> <td class="users_col case_right_imgtools" title="{{ 'Access to image tools' | trans }}">
{{_self.format_checkbox(app.getAuthenticatedUser(), rights, 'imgtools', users, 'base')}} {{_self.format_checkbox(app.getAuthenticatedUser(), rights, constant('\\ACL::IMGTOOLS'), users, 'base')}}
</td> </td>
<td class="users_col case_right_canadmin" title="{{ 'Manage users' | trans }}"> <td class="users_col case_right_canadmin" title="{{ 'Manage users' | trans }}">
{{_self.format_checkbox(app.getAuthenticatedUser(), rights, 'canadmin', users, 'base')}} {{_self.format_checkbox(app.getAuthenticatedUser(), rights, constant('\\ACL::CANADMIN'), users, 'base')}}
</td> </td>
<td class="users_col case_right_canreport" title="{{ 'Allowed to access report' | trans }}"> <td class="users_col case_right_canreport" title="{{ 'Allowed to access report' | trans }}">
{{_self.format_checkbox(app.getAuthenticatedUser(), rights, 'canreport', users, 'base')}} {{_self.format_checkbox(app.getAuthenticatedUser(), rights, constant('\\ACL::CANREPORT'), users, 'base')}}
</td> </td>
<td class="users_col case_right_canpush" title="{{ 'Allowed to push' | trans }}"> <td class="users_col case_right_canpush" title="{{ 'Allowed to push' | trans }}">
{{_self.format_checkbox(app.getAuthenticatedUser(), rights, 'canpush', users, 'base')}} {{_self.format_checkbox(app.getAuthenticatedUser(), rights, constant('\\ACL::CANPUSH'), users, 'base')}}
</td> </td>
<td class="users_col case_right_manage" title="{{ 'Manage collection' | trans }}"> <td class="users_col case_right_manage" title="{{ 'Manage collection' | trans }}">
{{_self.format_checkbox(app.getAuthenticatedUser(), rights, 'manage', users, 'base')}} {{_self.format_checkbox(app.getAuthenticatedUser(), rights, constant('\\ACL::MANAGE'), users, 'base')}}
</td> </td>
<td class="users_col case_right_modify" title="{{ 'Manage values lists' | trans }}"> <td class="users_col case_right_modify" title="{{ 'Manage values lists' | trans }}">
{{_self.format_checkbox(app.getAuthenticatedUser(), rights, 'modify_struct', users, 'base')}} {{_self.format_checkbox(app.getAuthenticatedUser(), rights, constant('\\ACL::MODIFY_STRUCT'), users, 'base')}}
</td> </td>
<td colspan="5"> <td colspan="5">

14
templates/web/admin/tree.html.twig
View File

@@ -36,7 +36,7 @@
</a> </a>
</li> </li>
{% if app.getAclForUser(app.getAuthenticatedUser()).has_right('manageusers') %} {% if app.getAclForUser(app.getAuthenticatedUser()).has_right(constant('\\ACL::CANADMIN')) %}
<li class="{% if feature == 'users' %}selected{% endif %}"> <li class="{% if feature == 'users' %}selected{% endif %}">
<a target="right" href="{{ path('admin_users_search') }}" class="ajax zone_editusers"> <a target="right" href="{{ path('admin_users_search') }}" class="ajax zone_editusers">
<img src="/assets/admin/images/Users.png" /> <img src="/assets/admin/images/Users.png" />
@@ -152,7 +152,7 @@
{% set seeUsrGene = false %} {% set seeUsrGene = false %}
{% for coll in databox.get_collections() %} {% for coll in databox.get_collections() %}
{% if app.getAclForUser(app.getAuthenticatedUser()).has_right_on_base( coll.get_base_id() , 'canadmin') %} {% if app.getAclForUser(app.getAuthenticatedUser()).has_right_on_base( coll.get_base_id() , constant('\\ACL::CANADMIN')) %}
{% set seeUsrGene = true %} {% set seeUsrGene = true %}
{% endif %} {% endif %}
{% endfor %} {% endfor %}
@@ -167,9 +167,9 @@
{% endif %} {% endif %}
{% for collection in databox.get_collections()|sort_collections %} {% for collection in databox.get_collections()|sort_collections %}
{% if (collection.get_base_id() in app.getAclForUser(app.getAuthenticatedUser()).get_granted_base(['canadmin'])|keys {% if (collection.get_base_id() in app.getAclForUser(app.getAuthenticatedUser()).get_granted_base([constant('\\ACL::CANADMIN')])|keys
or collection.get_base_id() in app.getAclForUser(app.getAuthenticatedUser()).get_granted_base(['manage'])|keys or collection.get_base_id() in app.getAclForUser(app.getAuthenticatedUser()).get_granted_base([constant('\\ACL::MANAGE')])|keys
or collection.get_base_id() in app.getAclForUser(app.getAuthenticatedUser()).get_granted_base(['modify_struct'])|keys) %} or collection.get_base_id() in app.getAclForUser(app.getAuthenticatedUser()).get_granted_base([constant('\\ACL::MODIFY_STRUCT')])|keys) %}
{% if feature == 'collection' and featured == collection.get_base_id() %} {% if feature == 'collection' and featured == collection.get_base_id() %}
{% set coll_selected = true %} {% set coll_selected = true %}
@@ -185,7 +185,7 @@
</div> </div>
<ul> <ul>
{% if (app.getAclForUser(app.getAuthenticatedUser()).has_right_on_base(collection.get_base_id(), 'modify_struct')) %} {% if (app.getAclForUser(app.getAuthenticatedUser()).has_right_on_base(collection.get_base_id(), constant('\\ACL::COLL_MODIFY_STRUCT'))) %}
<li> <li>
<a target="right" href="{{ path('admin_collection_display_suggested_values', { 'bas_id' : collection.get_base_id() }) }}" class="ajax"> <a target="right" href="{{ path('admin_collection_display_suggested_values', { 'bas_id' : collection.get_base_id() }) }}" class="ajax">
<img src="/assets/common/images/icons/foldph20open_0.gif"/> <img src="/assets/common/images/icons/foldph20open_0.gif"/>
@@ -194,7 +194,7 @@
</li> </li>
{% endif %} {% endif %}
{% if app.getAclForUser(app.getAuthenticatedUser()).has_right_on_base(collection.get_base_id(), 'canadmin') %} {% if app.getAclForUser(app.getAuthenticatedUser()).has_right_on_base(collection.get_base_id(), constant('\\ACL::CANADMIN')) %}
<li> <li>
<a target="right" href="{{ path('admin_users_search', { 'base_id' : [ collection.get_base_id() ] }) }}" class="ajax"> <a target="right" href="{{ path('admin_users_search', { 'base_id' : [ collection.get_base_id() ] }) }}" class="ajax">
<img src="/assets/admin/images/Users.png"/> <img src="/assets/admin/images/Users.png"/>

2
templates/web/common/caption.html.twig
View File

@@ -1,6 +1,6 @@
{% import 'common/macros.html.twig' as macro %} {% import 'common/macros.html.twig' as macro %}
{% set business = granted_on_collection(record.baseId, 'canmodifrecord') %} {% set business = granted_on_collection(record.baseId, constant('\\ACL::CANMODIFRECORD')) %}
{% set display_exif = true %} {% set display_exif = true %}
{% if view == 'answer' %} {% if view == 'answer' %}

2
templates/web/common/menubar.html.twig
View File

@@ -87,7 +87,7 @@
</li> </li>
{% endif %} {% endif %}
{% if module is defined and module == "prod" and app.getAclForUser(app.getAuthenticatedUser()).has_right('order_master') %} {% if module is defined and module == "prod" and app.getAclForUser(app.getAuthenticatedUser()).has_right(constant('\\ACL::ORDER_MASTER')) %}
<li> <li>
<a href="{{ path('prod_orders') }}" class="dialog full-dialog" title="{{ 'Orders manager' | trans }}"> <a href="{{ path('prod_orders') }}" class="dialog full-dialog" title="{{ 'Orders manager' | trans }}">
<span> <span>

2
templates/web/lightbox/IE6/feed.html.twig
View File

@@ -82,7 +82,7 @@
<div class="right_column_wrapper right_column_wrapper_caption left unselectable" style="width:230px;height:auto;"> <div class="right_column_wrapper right_column_wrapper_caption left unselectable" style="width:230px;height:auto;">
<div id="record_infos"> <div id="record_infos">
<div class="lightbox_container"> <div class="lightbox_container">
{% set business = app.getAclForUser(app.getAuthenticatedUser()).has_right_on_base(first_item.getRecord(app).get_base_id(), 'canmodifrecord') %} {% set business = app.getAclForUser(app.getAuthenticatedUser()).has_right_on_base(first_item.getRecord(app).get_base_id(), constant('\\ACL::CANMODIFRECORD')) %}
{% if first_item %} {% if first_item %}
{{macro.caption(first_item.getRecord(app), business, false)}} {{macro.caption(first_item.getRecord(app), business, false)}}
{% endif %} {% endif %}

2
templates/web/lightbox/IE6/validate.html.twig
View File

@@ -94,7 +94,7 @@
<div id="record_infos"> <div id="record_infos">
<div class="lightbox_container"> <div class="lightbox_container">
{% if basket_element %} {% if basket_element %}
{% set business = app.getAclForUser(app.getAuthenticatedUser()).has_right_on_base(basket_element.getRecord(app).get_base_id(), 'canmodifrecord') %} {% set business = app.getAclForUser(app.getAuthenticatedUser()).has_right_on_base(basket_element.getRecord(app).get_base_id(), constant('\\ACL::CANMODIFRECORD')) %}
{{macro.caption(basket_element.getRecord(app), business, false)}} {{macro.caption(basket_element.getRecord(app), business, false)}}
{% endif %} {% endif %}
</div> </div>

2
templates/web/lightbox/feed.html.twig
View File

@@ -79,7 +79,7 @@
<div class="right_column_wrapper caption right_column_wrapper_caption PNB"> <div class="right_column_wrapper caption right_column_wrapper_caption PNB">
<div id="record_infos" class="PNB"> <div id="record_infos" class="PNB">
<div class="lightbox_container PNB"> <div class="lightbox_container PNB">
{% set business = app.getAclForUser(app.getAuthenticatedUser()).has_right_on_base(first_item.getRecord(app).get_base_id(), 'canmodifrecord') %} {% set business = app.getAclForUser(app.getAuthenticatedUser()).has_right_on_base(first_item.getRecord(app).get_base_id(), constant('\\ACL::CANMODIFRECORD')) %}
{% if first_item %} {% if first_item %}
{{macro.caption(first_item.getRecord(app), business, false, true)}} {{macro.caption(first_item.getRecord(app), business, false, true)}}
{% endif %} {% endif %}

2
templates/web/lightbox/validate.html.twig
View File

@@ -94,7 +94,7 @@
<div id="record_infos" class="PNB"> <div id="record_infos" class="PNB">
<div class="lightbox_container PNB"> <div class="lightbox_container PNB">
{% if basket_element %} {% if basket_element %}
{% set business = app.getAclForUser(app.getAuthenticatedUser()).has_right_on_base(basket_element.getRecord(app).get_base_id(), 'canmodifrecord') %} {% set business = app.getAclForUser(app.getAuthenticatedUser()).has_right_on_base(basket_element.getRecord(app).get_base_id(), constant('\\ACL::CANMODIFRECORD')) %}
{{macro.caption(basket_element.getRecord(app), business, false, true)}} {{macro.caption(basket_element.getRecord(app), business, false, true)}}
{% endif %} {% endif %}
</div> </div>

8
templates/web/prod/WorkZone/Basket.html.twig
View File

@@ -11,19 +11,19 @@
<img src="/assets/common/images/icons/print_history.png"/> <img src="/assets/common/images/icons/print_history.png"/>
</button> </button>
{% if app.getAclForUser(app.getAuthenticatedUser()).has_right('modifyrecord') %} {% if app.getAclForUser(app.getAuthenticatedUser()).has_right(constant('\\ACL::CANMODIFRECORD')) %}
<button class="ui-corner-all TOOL_ppen_btn basket_window" title="{{ 'action : editer' | trans }}"> <button class="ui-corner-all TOOL_ppen_btn basket_window" title="{{ 'action : editer' | trans }}">
<img src="/assets/common/images/icons/ppen_history.png"/> <img src="/assets/common/images/icons/ppen_history.png"/>
</button> </button>
{% endif %} {% endif %}
{% if app.getAclForUser(app.getAuthenticatedUser()).has_right('changestatus') %} {% if app.getAclForUser(app.getAuthenticatedUser()).has_right(constant('\\ACL::CHGSTATUS')) %}
<button class="ui-corner-all TOOL_chgstatus_btn basket_window" title="{{ 'action : status' | trans }}"> <button class="ui-corner-all TOOL_chgstatus_btn basket_window" title="{{ 'action : status' | trans }}">
<img src="/assets/common/images/icons/chgstatus_history.png"/> <img src="/assets/common/images/icons/chgstatus_history.png"/>
</button> </button>
{% endif %} {% endif %}
{% if app.getAclForUser(app.getAuthenticatedUser()).has_right('deleterecord') and app.getAclForUser(app.getAuthenticatedUser()).has_right('addrecord') %} {% if app.getAclForUser(app.getAuthenticatedUser()).has_right(constant('\\ACL::CANDELETERECORD')) and app.getAclForUser(app.getAuthenticatedUser()).has_right(constant('\\ACL::CANADDRECORD')) %}
<button class="ui-corner-all TOOL_chgcoll_btn basket_window" title="{{ 'action : collection' | trans }}"> <button class="ui-corner-all TOOL_chgcoll_btn basket_window" title="{{ 'action : collection' | trans }}">
<img src="/assets/common/images/icons/chgcoll_history.png"/> <img src="/assets/common/images/icons/chgcoll_history.png"/>
</button> </button>
@@ -49,7 +49,7 @@
</button> </button>
{% endif %} {% endif %}
{% if app.getAclForUser(app.getAuthenticatedUser()).has_right('doctools') %} {% if app.getAclForUser(app.getAuthenticatedUser()).has_right(constant('\\ACL::IMGTOOLS')) %}
<button class="ui-corner-all TOOL_imgtools_btn basket_window" title="{{ 'action : outils' | trans }}"> <button class="ui-corner-all TOOL_imgtools_btn basket_window" title="{{ 'action : outils' | trans }}">
<img src="/assets/common/images/icons/imgtools_history.png"/> <img src="/assets/common/images/icons/imgtools_history.png"/>
</button> </button>

4
templates/web/prod/WorkZone/Macros.html.twig
View File

@@ -48,7 +48,7 @@
onclick="downloadThis('ssel={{basket.getId()}}');">{{ 'action::exporter' | trans }} onclick="downloadThis('ssel={{basket.getId()}}');">{{ 'action::exporter' | trans }}
</div> </div>
</div> </div>
{% if app.getAclForUser(app.getAuthenticatedUser()).has_right('modifyrecord') %} {% if app.getAclForUser(app.getAuthenticatedUser()).has_right(constant('\\ACL::CANMODIFRECORD')) %}
<div title="" class="context-menu-item menu3-custom-item"> <div title="" class="context-menu-item menu3-custom-item">
<div onclick="editThis('SSTT','{{basket.getId()}}');" style="" <div onclick="editThis('SSTT','{{basket.getId()}}');" style=""
class="context-menu-item-inner">{{ 'edit' | trans }} class="context-menu-item-inner">{{ 'edit' | trans }}
@@ -230,7 +230,7 @@
onclick="downloadThis('lst={{story.getRecord(app).get_serialize_key()}}');">{{ 'action::exporter' | trans }} onclick="downloadThis('lst={{story.getRecord(app).get_serialize_key()}}');">{{ 'action::exporter' | trans }}
</div> </div>
</div> </div>
{% if app.getAclForUser(app.getAuthenticatedUser()).has_right('modifyrecord') %} {% if app.getAclForUser(app.getAuthenticatedUser()).has_right(constant('\\ACL::CANMODIFRECORD')) %}
<div title="" class="context-menu-item menu3-custom-item"> <div title="" class="context-menu-item menu3-custom-item">
<div onclick="editThis('IMGT','{{story.getRecord(app).get_serialize_key()}}');" style="" <div onclick="editThis('IMGT','{{story.getRecord(app).get_serialize_key()}}');" style=""
class="context-menu-item-inner">{{ 'action::editer' | trans }} class="context-menu-item-inner">{{ 'action::editer' | trans }}

8
templates/web/prod/WorkZone/Story.html.twig
View File

@@ -11,19 +11,19 @@
<img src="/assets/common/images/icons/print_history.png"/> <img src="/assets/common/images/icons/print_history.png"/>
</button> </button>
{% if app.getAclForUser(app.getAuthenticatedUser()).has_right('modifyrecord') %} {% if app.getAclForUser(app.getAuthenticatedUser()).has_right(constant('\\ACL::CANMODIFRECORD')) %}
<button class="ui-corner-all TOOL_ppen_btn story_window" title="{{ 'action : editer' | trans }}"> <button class="ui-corner-all TOOL_ppen_btn story_window" title="{{ 'action : editer' | trans }}">
<img src="/assets/common/images/icons/ppen_history.png"/> <img src="/assets/common/images/icons/ppen_history.png"/>
</button> </button>
{% endif %} {% endif %}
{% if app.getAclForUser(app.getAuthenticatedUser()).has_right('changestatus') %} {% if app.getAclForUser(app.getAuthenticatedUser()).has_right(constant('\\ACL::CHGSTATUS')) %}
<button class="ui-corner-all TOOL_chgstatus_btn story_window" title="{{ 'action : status' | trans }}"> <button class="ui-corner-all TOOL_chgstatus_btn story_window" title="{{ 'action : status' | trans }}">
<img src="/assets/common/images/icons/chgstatus_history.png"/> <img src="/assets/common/images/icons/chgstatus_history.png"/>
</button> </button>
{% endif %} {% endif %}
{% if app.getAclForUser(app.getAuthenticatedUser()).has_right('deleterecord') and app.getAclForUser(app.getAuthenticatedUser()).has_right('addrecord') %} {% if app.getAclForUser(app.getAuthenticatedUser()).has_right(constant('\\ACL::CANDELETERECORD')) and app.getAclForUser(app.getAuthenticatedUser()).has_right(constant('\\ACL::CANADDRECORD')) %}
<button class="ui-corner-all TOOL_chgcoll_btn story_window" title="{{ 'action : collection' | trans }}"> <button class="ui-corner-all TOOL_chgcoll_btn story_window" title="{{ 'action : collection' | trans }}">
<img src="/assets/common/images/icons/chgcoll_history.png"/> <img src="/assets/common/images/icons/chgcoll_history.png"/>
</button> </button>
@@ -49,7 +49,7 @@
</button> </button>
{% endif %} {% endif %}
{% if app.getAclForUser(app.getAuthenticatedUser()).has_right('doctools') %} {% if app.getAclForUser(app.getAuthenticatedUser()).has_right(constant('\\ACL::IMGTOOLS')) %}
<button class="ui-corner-all TOOL_imgtools_btn story_window" title="{{ 'action : outils' | trans }}"> <button class="ui-corner-all TOOL_imgtools_btn story_window" title="{{ 'action : outils' | trans }}">
<img src="/assets/common/images/icons/imgtools_history.png"/> <img src="/assets/common/images/icons/imgtools_history.png"/>
</button> </button>

2
templates/web/prod/actions/Push.html.twig
View File

@@ -87,7 +87,7 @@
<input class="search" name="users-search" placeholder="{{ 'Users' | trans }}" type="text" style="width:210px;"/> <input class="search" name="users-search" placeholder="{{ 'Users' | trans }}" type="text" style="width:210px;"/>
<br/> <br/>
{{ 'Select a user in the list' | trans }} <br/> {{ 'Select a user in the list' | trans }} <br/>
{% if app.getAclForUser(app.getAuthenticatedUser()).has_right('manageusers') %} {% if app.getAclForUser(app.getAuthenticatedUser()).has_right(constant('\\ACL::CANADMIN')) %}
{{ 'or' | trans }} {{ 'or' | trans }}
<a href="{{ path('prod_push_add_user') }}" class="user_adder btn btn-mini">{{ 'Add user' | trans }}</a> <a href="{{ path('prod_push_add_user') }}" class="user_adder btn btn-mini">{{ 'Add user' | trans }}</a>
{% endif %} {% endif %}

2
templates/web/prod/actions/edit_default.html.twig
View File

@@ -27,7 +27,7 @@
{% endif %} {% endif %}
{% set class_status = 'nostatus' %} {% set class_status = 'nostatus' %}
{% if app.getAclForUser(app.getAuthenticatedUser()).has_right_on_base(record.get_base_id(), 'chgstatus') %} {% if app.getAclForUser(app.getAuthenticatedUser()).has_right_on_base(record.get_base_id(), constant('\\ACL::CHGSTATUS')) %}
{% set class_status = '' %} {% set class_status = '' %}
{% endif %} {% endif %}

2
templates/web/prod/index.html.twig
View File

@@ -145,7 +145,7 @@
{{ 'Browse Baskets' | trans }} {{ 'Browse Baskets' | trans }}
</a> </a>
</div> </div>
{% if app['conf'].get(['registry', 'modules', 'stories']) and app.getAclForUser(app.getAuthenticatedUser()).has_right('addrecord') %} {% if app['conf'].get(['registry', 'modules', 'stories']) and app.getAclForUser(app.getAuthenticatedUser()).has_right(constant('\\ACL::CANADDRECORD')) %}
<div class="context-menu-item-inner"> <div class="context-menu-item-inner">
<a title="{{ 'action:: nouveau reportage' | trans }}" class="dialog small-dialog" href="{{ path('prod_stories_create') }}"> <a title="{{ 'action:: nouveau reportage' | trans }}" class="dialog small-dialog" href="{{ path('prod_stories_create') }}">
<img style="cursor:pointer;" src="/assets/common/images/icons/mtadd_0.gif" title="{{ 'action:: nouveau reportage' | trans }}" /> <img style="cursor:pointer;" src="/assets/common/images/icons/mtadd_0.gif" title="{{ 'action:: nouveau reportage' | trans }}" />

2
templates/web/prod/preview/caption.html.twig
View File

@@ -1,6 +1,6 @@
{% import 'common/macros.html.twig' as macro %} {% import 'common/macros.html.twig' as macro %}
{% set can_edit = granted_on_collection(record.baseId, 'canmodifrecord') %} {% set can_edit = granted_on_collection(record.baseId, constant('\\ACL::CANMODIFRECORD')) %}
{% set can_see_business = can_edit %} {% set can_see_business = can_edit %}
{% if can_edit %} {% if can_edit %}

4
templates/web/prod/preview/tools.html.twig
View File

@@ -1,5 +1,5 @@
{% if (record.is_from_basket is empty) and app.getAclForUser(app.getAuthenticatedUser()).has_right_on_base(record.get_base_id(), 'canputinalbum') %} {% if (record.is_from_basket is empty) and app.getAclForUser(app.getAuthenticatedUser()).has_right_on_base(record.get_base_id(), constant('\\ACL::CANPUTINALBUM')) %}
<div sbas="{{record.get_sbas_id()}}" id="PREV_BASKADD_{{record.get_serialize_key}}" <div sbas="{{record.get_sbas_id()}}" id="PREV_BASKADD_{{record.get_serialize_key}}"
class="baskAdder" title="{{ 'action : ajouter au panier' | trans }}" class="baskAdder" title="{{ 'action : ajouter au panier' | trans }}"
onclick="evt_add_in_chutier('{{record.get_sbas_id()}}','{{record.get_record_id()}}',false,this);return(false);"> onclick="evt_add_in_chutier('{{record.get_sbas_id()}}','{{record.get_record_id()}}',false,this);return(false);">
@@ -21,7 +21,7 @@
<img src="/assets/common/images/icons/print_history.png" height="16" width="16" class="btn-image" title="'{{ 'action : print' | trans }}"> <img src="/assets/common/images/icons/print_history.png" height="16" width="16" class="btn-image" title="'{{ 'action : print' | trans }}">
</div> </div>
{% if app.getAclForUser(app.getAuthenticatedUser()).has_right_on_base(record.get_base_id(), 'candwnldhd') or app.getAclForUser(app.getAuthenticatedUser()).has_right_on_base(record.get_base_id(), 'candwnldpreview') %} {% if app.getAclForUser(app.getAuthenticatedUser()).has_right_on_base(record.get_base_id(), constant('\\ACL::CANDWNLDHD')) or app.getAclForUser(app.getAuthenticatedUser()).has_right_on_base(record.get_base_id(), constant('\\ACL::CANDWNLDPREVIEW')) %}
<div onclick="evt_dwnl('{{record.get_sbas_id()}}_{{record.get_record_id()}}');return(false);"> <div onclick="evt_dwnl('{{record.get_sbas_id()}}_{{record.get_record_id()}}');return(false);">
<img src="/assets/common/images/icons/disktt_history.png" height="16" width="16" class="btn-image" title="{{ 'action : exporter' | trans }}"> <img src="/assets/common/images/icons/disktt_history.png" height="16" width="16" class="btn-image" title="{{ 'action : exporter' | trans }}">
{# <img style="vertical-align:middle" src="/assets/common/images/icons/basket.png" width="16">#} {# <img style="vertical-align:middle" src="/assets/common/images/icons/basket.png" width="16">#}

2
templates/web/prod/results/list.html.twig
View File

@@ -13,7 +13,7 @@
<td valign="middle"> <td valign="middle">
<div class='desc' style='max-height:{{ settings.images_size + 70 }}px;overflow-y:auto;'> <div class='desc' style='max-height:{{ settings.images_size + 70 }}px;overflow-y:auto;'>
<div class="fixeddesc"> <div class="fixeddesc">
{% set can_see_business = granted_on_collection(record.baseId, 'canmodifrecord') %} {% set can_see_business = granted_on_collection(record.baseId, constant('\\ACL::CANMODIFRECORD')) %}
{{ macro.caption(record, can_see_business) }} {{ macro.caption(record, can_see_business) }}
</div> </div>
</div> </div>

6
templates/web/prod/results/record.html.twig
View File

@@ -18,7 +18,7 @@
</div> </div>
</div> </div>
{% set can_see_business = granted_on_collection(record.baseId, 'canmodifrecord') %} {% set can_see_business = granted_on_collection(record.baseId, constant('\\ACL::CANMODIFRECORD')) %}
<div class="thumb captionTips" <div class="thumb captionTips"
{% if settings.rollover_thumbnail == 'caption' %}title="{{ macro.caption(record, can_see_business, false) | e }}"{% endif %} {% if settings.rollover_thumbnail == 'caption' %}title="{{ macro.caption(record, can_see_business, false) | e }}"{% endif %}
@@ -105,7 +105,7 @@
<tr> <tr>
<td> <td>
<div class="context-menu context-menu-theme-vista"> <div class="context-menu context-menu-theme-vista">
{% if granted_on_collection(record.baseId, 'canputinalbum') and not record.story %} {% if granted_on_collection(record.baseId, constant('\\ACL::CANPUTINALBUM')) and not record.story %}
<div title="" class="context-menu-item"> <div title="" class="context-menu-item">
<div class="context-menu-item-inner" <div class="context-menu-item-inner"
onclick="evt_add_in_chutier('{{record.databoxId}}','{{record.recordId}}',false,this);return(false);"> onclick="evt_add_in_chutier('{{record.databoxId}}','{{record.recordId}}',false,this);return(false);">
@@ -113,7 +113,7 @@
</div> </div>
</div> </div>
{% endif %} {% endif %}
{% if granted_on_collection(record.baseId, 'candwnldpreview') or granted_on_collection(record.baseId, 'candwnldhd') %} {% if granted_on_collection(record.baseId, constant('\\ACL::CANDWNLDPREVIEW')) or granted_on_collection(record.baseId, constant('\\ACL::CANDWNLDHD')) %}
<div title="" class="context-menu-item"> <div title="" class="context-menu-item">
<div class="context-menu-item-inner" <div class="context-menu-item-inner"
onclick="evt_dwnl('{{record.id}}',false,this);return(false);"> onclick="evt_dwnl('{{record.id}}',false,this);return(false);">

10
templates/web/prod/toolbar.html.twig
View File

@@ -63,19 +63,19 @@
</span> </span>
{% set actions = {} %} {% set actions = {} %}
{% if acl.has_right('modifyrecord') %} {% if acl.has_right(constant('\\ACL::CANMODIFRECORD')) %}
{% set label %} {% set label %}
{{ 'action : editer' | trans }} {{ 'action : editer' | trans }}
{% endset %} {% endset %}
{% set actions = actions|merge( { 'edit' : {'icon': "/assets/common/images/icons/ppen_history.png", 'class':'TOOL_ppen_btn', 'label' : label} }) %} {% set actions = actions|merge( { 'edit' : {'icon': "/assets/common/images/icons/ppen_history.png", 'class':'TOOL_ppen_btn', 'label' : label} }) %}
{% endif %} {% endif %}
{% if acl.has_right('changestatus') %} {% if acl.has_right(constant('\\ACL::CHGSTATUS')) %}
{% set label %} {% set label %}
{{ 'action : status' | trans }} {{ 'action : status' | trans }}
{% endset %} {% endset %}
{% set actions = actions|merge( { 'status' : {'icon': "/assets/common/images/icons/chgstatus_history.png", 'class':'TOOL_chgstatus_btn', 'label' : label} }) %} {% set actions = actions|merge( { 'status' : {'icon': "/assets/common/images/icons/chgstatus_history.png", 'class':'TOOL_chgstatus_btn', 'label' : label} }) %}
{% endif %} {% endif %}
{% if acl.has_right('deleterecord') and acl.has_right('addrecord') %} {% if acl.has_right(constant('\\ACL::CANDELETERECORD')) and acl.has_right(constant('\\ACL::CANADDRECORD')) %}
{% set label %} {% set label %}
{{ 'action : collection' | trans }} {{ 'action : collection' | trans }}
{% endset %} {% endset %}
@@ -287,7 +287,7 @@
</span> </span>
{% endif %} {% endif %}
{% if acl.has_right('doctools') %} {% if acl.has_right(constant('\\ACL::IMGTOOLS')) %}
<span class="classicButton"> <span class="classicButton">
<div class="btn-group"> <div class="btn-group">
<button class="TOOL_imgtools_btn results_window btn btn-inverse"> <button class="TOOL_imgtools_btn results_window btn btn-inverse">
@@ -296,7 +296,7 @@
</div> </div>
</span> </span>
{% endif %} {% endif %}
{% if acl.has_right('deleterecord') %} {% if acl.has_right(constant('\\ACL::CANDELETERECORD')) %}
<span class="classicButton"> <span class="classicButton">
<div class="btn-group"> <div class="btn-group">
<button class="TOOL_trash_btn results_window btn btn-inverse"> <button class="TOOL_trash_btn results_window btn btn-inverse">

4
templates/web/prod/upload/lazaret.html.twig
View File

@@ -383,8 +383,8 @@
{% for record in records %} {% for record in records %}
{% set reasons = record['reasons'] %} {% set reasons = record['reasons'] %}
{% set record = record['record'] %} {% set record = record['record'] %}
{% if app.getAclForUser(app.getAuthenticatedUser()).has_right_on_base(record.get_base_id(), "canaddrecord") {% if app.getAclForUser(app.getAuthenticatedUser()).has_right_on_base(record.get_base_id(), constant('\\ACL::CANADDRECORD'))
and app.getAclForUser(app.getAuthenticatedUser()).has_right_on_base(record.get_base_id(), "candeleterecord") %} and app.getAclForUser(app.getAuthenticatedUser()).has_right_on_base(record.get_base_id(), constant('\\ACL::CANDELETERECORD')) %}
<li class="records-subititution span3" style="width:210px"> <li class="records-subititution span3" style="width:210px">
{% include 'prod/results/record.html.twig' with { {% include 'prod/results/record.html.twig' with {
'record': record, 'record': record,

2
tests/Alchemy/Tests/Phrasea/Controller/Admin/AdminCollectionTest.php
View File

@@ -283,7 +283,7 @@ class AdminCollectionTest extends \PhraseanetAuthenticatedWebTestCase
$this->checkRedirection(self::$DI['client']->getResponse(), '/admin/collection/' . self::$DI['collection']->get_base_id() . '/?success=1'); $this->checkRedirection(self::$DI['client']->getResponse(), '/admin/collection/' . self::$DI['collection']->get_base_id() . '/?success=1');
$this->assertTrue(self::$DI['app']->getAclForUser(self::$DI['user_alt1'])->has_right_on_base(self::$DI['collection']->get_base_id(), 'order_master')); $this->assertTrue(self::$DI['app']->getAclForUser(self::$DI['user_alt1'])->has_right_on_base(self::$DI['collection']->get_base_id(), \ACL::ORDER_MASTER));
} }
/** /**

14
tests/Alchemy/Tests/Phrasea/Controller/Admin/UsersTest.php
View File

@@ -70,9 +70,9 @@ class UsersTest extends \PhraseanetAuthenticatedWebTestCase
$datas = json_decode($response->getContent()); $datas = json_decode($response->getContent());
$this->assertFalse($datas->error); $this->assertFalse($datas->error);
$this->assertTrue(self::$DI['app']->getAclForUser($user)->has_right_on_base(self::$DI['collection']->get_base_id(), "manage")); $this->assertTrue(self::$DI['app']->getAclForUser($user)->has_right_on_base(self::$DI['collection']->get_base_id(), \ACL::COLL_MANAGE));
$this->assertTrue(self::$DI['app']->getAclForUser($user)->has_right_on_base(self::$DI['collection']->get_base_id(), "canpush")); $this->assertTrue(self::$DI['app']->getAclForUser($user)->has_right_on_base(self::$DI['collection']->get_base_id(), \ACL::CANPUSH));
$this->assertTrue(self::$DI['app']->getAclForUser($user)->has_right_on_base(self::$DI['collection']->get_base_id(), "canreport")); $this->assertTrue(self::$DI['app']->getAclForUser($user)->has_right_on_base(self::$DI['collection']->get_base_id(), \ACL::CANREPORT));
self::$DI['app']['orm.em']->refresh($user); self::$DI['app']['orm.em']->refresh($user);
self::$DI['app']['manipulator.user']->delete($user); self::$DI['app']['manipulator.user']->delete($user);
@@ -355,10 +355,10 @@ class UsersTest extends \PhraseanetAuthenticatedWebTestCase
self::$DI['app']->getAclForUser($user)->give_access_to_base([$base_id]); self::$DI['app']->getAclForUser($user)->give_access_to_base([$base_id]);
$rights = [ $rights = [
'canputinalbum' => '1' \ACL::CANPUTINALBUM => '1',
, 'candwnldhd' => '1' \ACL::CANDWNLDHD => '1',
, 'candwnldsubdef' => '1' 'candwnldsubdef' => '1',
, 'nowatermark' => '1' \ACL::NOWATERMARK => '1'
]; ];
self::$DI['app']->getAclForUser($user)->update_rights_to_base($collection->get_base_id(), $rights); self::$DI['app']->getAclForUser($user)->update_rights_to_base($collection->get_base_id(), $rights);

25
tests/Alchemy/Tests/Phrasea/Controller/Api/ApiJsonTest.php
View File

@@ -1010,10 +1010,12 @@ class ApiJsonTest extends ApiTestCase
$collection->set_public_presentation('none'); $collection->set_public_presentation('none');
} }
$app->getAclForUser(self::$DI['user_notAdmin'])->update_rights_to_base( $app->getAclForUser(self::$DI['user_notAdmin'])->update_rights_to_base(
$collection->get_base_id(), array( $collection->get_base_id(),
'candwnldpreview' => 1, [
'candwnldhd' => 1 \ACL::CANDWNLDPREVIEW => 1,
)); \ACL::CANDWNLDHD => 1
]
);
/** @var \record_adapter $record_1 */ /** @var \record_adapter $record_1 */
$record_1 = self::$DI['record_1']; $record_1 = self::$DI['record_1'];
@@ -1052,8 +1054,8 @@ class ApiJsonTest extends ApiTestCase
$this->setToken($this->userAccessToken); $this->setToken($this->userAccessToken);
self::$DI['app']->getAclForUser(self::$DI['user_notAdmin'])->update_rights_to_base(self::$DI['collection']->get_base_id(), array( self::$DI['app']->getAclForUser(self::$DI['user_notAdmin'])->update_rights_to_base(self::$DI['collection']->get_base_id(), array(
'candwnldpreview' => 1, \ACL::CANDWNLDPREVIEW => 1,
'candwnldhd' => 0 \ACL::CANDWNLDHD => 0
)); ));
$route = '/api/v1/records/' . self::$DI['record_1']->get_sbas_id() . '/' . self::$DI['record_1']->get_record_id() . '/embed/'; $route = '/api/v1/records/' . self::$DI['record_1']->get_sbas_id() . '/' . self::$DI['record_1']->get_record_id() . '/embed/';
@@ -1075,10 +1077,13 @@ class ApiJsonTest extends ApiTestCase
{ {
$this->setToken($this->userAccessToken); $this->setToken($this->userAccessToken);
self::$DI['app']->getAclForUser(self::$DI['user_notAdmin'])->update_rights_to_base(self::$DI['collection']->get_base_id(), array( self::$DI['app']->getAclForUser(self::$DI['user_notAdmin'])->update_rights_to_base(
'candwnldpreview' => 0, self::$DI['collection']->get_base_id(),
'candwnldhd' => 0 [
)); \ACL::CANDWNLDPREVIEW => 0,
\ACL::CANDWNLDHD => 0
]
);
$route = '/api/v1/records/' . self::$DI['record_1']->get_sbas_id() . '/' . self::$DI['record_1']->get_record_id() . '/embed/'; $route = '/api/v1/records/' . self::$DI['record_1']->get_sbas_id() . '/' . self::$DI['record_1']->get_record_id() . '/embed/';

4
tests/Alchemy/Tests/Phrasea/Controller/Prod/PropertyTest.php
View File

@@ -85,11 +85,11 @@ class PropertyTest extends \PhraseanetAuthenticatedWebTestCase
->will($this->returnValue(true)); ->will($this->returnValue(true));
$acl->expects($this->any()) $acl->expects($this->any())
->method('has_right_on_base') ->method('has_right_on_base')
->with($this->isType(\PHPUnit_Framework_Constraint_IsType::TYPE_INT), $this->equalTo('chgstatus')) ->with($this->isType(\PHPUnit_Framework_Constraint_IsType::TYPE_INT), $this->equalTo(\ACL::CHGSTATUS))
->will($this->returnValue(true)); ->will($this->returnValue(true));
$acl->expects($this->any()) $acl->expects($this->any())
->method('has_right_on_sbas') ->method('has_right_on_sbas')
->with($this->isType(\PHPUnit_Framework_Constraint_IsType::TYPE_INT), $this->equalTo('chgstatus')) ->with($this->isType(\PHPUnit_Framework_Constraint_IsType::TYPE_INT), $this->equalTo(\ACL::CHGSTATUS))
->will($this->returnValue(true)); ->will($this->returnValue(true));
$aclProvider = $this->getMockBuilder('Alchemy\Phrasea\Authentication\ACLProvider') $aclProvider = $this->getMockBuilder('Alchemy\Phrasea\Authentication\ACLProvider')

7
tests/Alchemy/Tests/Phrasea/Controller/RecordsRequestTest.php
View File

@@ -105,7 +105,10 @@ class RecordsRequestTest extends \PhraseanetAuthenticatedTestCase
public function testSimpleWithoutBasRights() public function testSimpleWithoutBasRights()
{ {
self::$DI['app']->getAclForUser(self::$DI['app']->getAuthenticatedUser()) self::$DI['app']->getAclForUser(self::$DI['app']->getAuthenticatedUser())
->update_rights_to_base(self::$DI['record_2']->get_base_id(), ['chgstatus' => 0]); ->update_rights_to_base(
self::$DI['record_2']->get_base_id(),
[\ACL::CHGSTATUS => 0]
);
$request = new Request([ $request = new Request([
'lst' => implode(';', [ 'lst' => implode(';', [
@@ -113,7 +116,7 @@ class RecordsRequestTest extends \PhraseanetAuthenticatedTestCase
]) ])
]); ]);
$records = RecordsRequest::fromRequest(self::$DI['app'], $request, false, ['chgstatus']); $records = RecordsRequest::fromRequest(self::$DI['app'], $request, false, [\ACL::CHGSTATUS]);
$this->assertEquals(0, count($records)); $this->assertEquals(0, count($records));
$this->assertEquals(1, count($records->received())); $this->assertEquals(1, count($records->received()));

60
tests/Alchemy/Tests/Phrasea/Model/Manipulator/ACLManipulatorTest.php
View File

@@ -32,23 +32,23 @@ class ACLManipulatorTest extends \PhraseanetTestCase
$acl->set_masks_on_base($baseId, '1', '1', '1', '1'); $acl->set_masks_on_base($baseId, '1', '1', '1', '1');
$acl->update_rights_to_base($baseId, [ $acl->update_rights_to_base($baseId, [
'canputinalbum' => '0', \ACL::CANPUTINALBUM => '0',
'candwnldhd' => '0', \ACL::CANDWNLDHD => '0',
'candwnldsubdef' => '0', 'candwnldsubdef' => '0',
'nowatermark' => '0', \ACL::NOWATERMARK => '0',
'candwnldpreview' => '0', \ACL::CANDWNLDPREVIEW => '0',
'cancmd' => '0', \ACL::CANCMD => '0',
'canadmin' => '0', \ACL::CANADMIN => '0',
'canreport' => '0', \ACL::CANREPORT => '0',
'canpush' => '0', \ACL::CANPUSH => '0',
'creationdate' => '0', 'creationdate' => '0',
'canaddrecord' => '0', \ACL::CANADDRECORD => '0',
'canmodifrecord' => '0', \ACL::CANMODIFRECORD => '0',
'candeleterecord' => '0', \ACL::CANDELETERECORD => '0',
'chgstatus' => '0', \ACL::CHGSTATUS => '0',
'imgtools' => '0', \ACL::IMGTOOLS => '0',
'manage' => '0', \ACL::MANAGE => '0',
'modify_struct' => '0', \ACL::MODIFY_STRUCT => '0',
'bas_modify_struct' => '0' 'bas_modify_struct' => '0'
]); ]);
@@ -70,21 +70,21 @@ class ACLManipulatorTest extends \PhraseanetTestCase
$this->assertTrue($acl->has_right_on_sbas($databoxId, 'bas_modif_th')); $this->assertTrue($acl->has_right_on_sbas($databoxId, 'bas_modif_th'));
$this->assertTrue($acl->has_right_on_sbas($databoxId, 'bas_chupub')); $this->assertTrue($acl->has_right_on_sbas($databoxId, 'bas_chupub'));
$this->assertTrue($acl->has_right_on_base($baseId, 'canputinalbum')); $this->assertTrue($acl->has_right_on_base($baseId, \ACL::CANPUTINALBUM));
$this->assertTrue($acl->has_right_on_base($baseId, 'candwnldhd')); $this->assertTrue($acl->has_right_on_base($baseId, \ACL::CANDWNLDHD));
$this->assertTrue($acl->has_right_on_base($baseId, 'nowatermark')); $this->assertTrue($acl->has_right_on_base($baseId, \ACL::NOWATERMARK));
$this->assertTrue($acl->has_right_on_base($baseId, 'candwnldpreview')); $this->assertTrue($acl->has_right_on_base($baseId, \ACL::CANDWNLDPREVIEW));
$this->assertTrue($acl->has_right_on_base($baseId, 'cancmd')); $this->assertTrue($acl->has_right_on_base($baseId, \ACL::CANCMD));
$this->assertTrue($acl->has_right_on_base($baseId, 'canadmin')); $this->assertTrue($acl->has_right_on_base($baseId, \ACL::CANADMIN));
$this->assertTrue($acl->has_right_on_base($baseId, 'canreport')); $this->assertTrue($acl->has_right_on_base($baseId, \ACL::CANREPORT));
$this->assertTrue($acl->has_right_on_base($baseId, 'canpush')); $this->assertTrue($acl->has_right_on_base($baseId, \ACL::CANPUSH));
$this->assertTrue($acl->has_right_on_base($baseId, 'canaddrecord')); $this->assertTrue($acl->has_right_on_base($baseId, \ACL::CANADDRECORD));
$this->assertTrue($acl->has_right_on_base($baseId, 'canmodifrecord')); $this->assertTrue($acl->has_right_on_base($baseId, \ACL::CANMODIFRECORD));
$this->assertTrue($acl->has_right_on_base($baseId, 'candeleterecord')); $this->assertTrue($acl->has_right_on_base($baseId, \ACL::CANDELETERECORD));
$this->assertTrue($acl->has_right_on_base($baseId, 'chgstatus')); $this->assertTrue($acl->has_right_on_base($baseId, \ACL::CHGSTATUS));
$this->assertTrue($acl->has_right_on_base($baseId, 'imgtools')); $this->assertTrue($acl->has_right_on_base($baseId, \ACL::IMGTOOLS));
$this->assertTrue($acl->has_right_on_base($baseId, 'manage')); $this->assertTrue($acl->has_right_on_base($baseId, \ACL::MANAGE));
$this->assertTrue($acl->has_right_on_base($baseId, 'modify_struct')); $this->assertTrue($acl->has_right_on_base($baseId, \ACL::MODIFY_STRUCT));
$this->assertEquals(0, $acl->get_limits($baseId)); $this->assertEquals(0, $acl->get_limits($baseId));
$this->assertEquals(0, $acl->get_limits($acl->get_mask_xor($baseId))); $this->assertEquals(0, $acl->get_limits($acl->get_mask_xor($baseId)));

10
tests/Alchemy/Tests/Phrasea/Model/Manipulator/RegistrationManipulatorTest.php
View File

@@ -40,11 +40,11 @@ class RegistrationManipulatorTest extends \PhraseanetTestCase
$aclMock->expects($this->once())->method('give_access_to_sbas')->with($this->equalTo([self::$DI['collection']->get_sbas_id()])); $aclMock->expects($this->once())->method('give_access_to_sbas')->with($this->equalTo([self::$DI['collection']->get_sbas_id()]));
$aclMock->expects($this->once())->method('give_access_to_base')->with($this->equalTo([self::$DI['collection']->get_base_id()])); $aclMock->expects($this->once())->method('give_access_to_base')->with($this->equalTo([self::$DI['collection']->get_base_id()]));
$aclMock->expects($this->once())->method('update_rights_to_base')->with($this->equalTo(self::$DI['collection']->get_base_id()), $this->equalTo([ $aclMock->expects($this->once())->method('update_rights_to_base')->with($this->equalTo(self::$DI['collection']->get_base_id()), $this->equalTo([
'canputinalbum' => '1', \ACL::CANPUTINALBUM => '1',
'candwnldhd' => '1', \ACL::CANDWNLDHD => '1',
'nowatermark' => '0', \ACL::NOWATERMARK => '0',
'candwnldpreview' => '1', \ACL::CANDWNLDPREVIEW => '1',
'actif' => '1', \ACL::ACTIF => '1',
])); ]));
$aclProviderMock = $this->getMockBuilder('Alchemy\Phrasea\Authentication\ACLProvider')->disableOriginalConstructor()->getMock(); $aclProviderMock = $this->getMockBuilder('Alchemy\Phrasea\Authentication\ACLProvider')->disableOriginalConstructor()->getMock();

53
tests/classes/ACLTest.php
View File

@@ -189,16 +189,21 @@ class ACLTest extends \PhraseanetTestCase
$this->object->give_access_to_base([$base_id]); $this->object->give_access_to_base([$base_id]);
if ($first) { if ($first) {
$this->object->update_rights_to_base($base_id, ['imgtools' => true, 'chgstatus' => true, 'canaddrecord' => true, 'canputinalbum' => true]); $this->object->update_rights_to_base($base_id, [
\ACL::IMGTOOLS => true,
\ACL::CHGSTATUS => true,
\ACL::CANADDRECORD => true,
\ACL::CANPUTINALBUM => true
]);
$base_ref = $base_id; $base_ref = $base_id;
} else { } else {
$this->object->duplicate_right_from_bas($base_ref, $base_id); $this->object->duplicate_right_from_bas($base_ref, $base_id);
} }
$this->assertTrue($this->object->has_right_on_base($base_id, 'imgtools')); $this->assertTrue($this->object->has_right_on_base($base_id, \ACL::IMGTOOLS));
$this->assertTrue($this->object->has_right_on_base($base_id, 'chgstatus')); $this->assertTrue($this->object->has_right_on_base($base_id, \ACL::CHGSTATUS));
$this->assertTrue($this->object->has_right_on_base($base_id, 'canaddrecord')); $this->assertTrue($this->object->has_right_on_base($base_id, \ACL::CANADDRECORD));
$this->assertTrue($this->object->has_right_on_base($base_id, 'canputinalbum')); $this->assertTrue($this->object->has_right_on_base($base_id, \ACL::CANPUTINALBUM));
$first = false; $first = false;
} }
@@ -216,16 +221,16 @@ class ACLTest extends \PhraseanetTestCase
public function testHasRightOnBase() public function testHasRightOnBase()
{ {
$rights_false = [ $rights_false = [
'imgtools' => false, \ACL::IMGTOOLS => false,
'chgstatus' => false, \ACL::CHGSTATUS => false,
'canaddrecord' => false, \ACL::CANADDRECORD => false,
'canputinalbum' => false, \ACL::CANPUTINALBUM => false,
]; ];
$rights_true = [ $rights_true = [
'imgtools' => true, \ACL::IMGTOOLS => true,
'chgstatus' => true, \ACL::CHGSTATUS => true,
'canaddrecord' => true, \ACL::CANADDRECORD => true,
]; ];
foreach (self::$DI['app']->getDataboxes() as $databox) { foreach (self::$DI['app']->getDataboxes() as $databox) {
@@ -233,20 +238,20 @@ class ACLTest extends \PhraseanetTestCase
$base_id = $collection->get_base_id(); $base_id = $collection->get_base_id();
$this->object->give_access_to_base([$base_id]); $this->object->give_access_to_base([$base_id]);
$this->object->update_rights_to_base($base_id, $rights_false); $this->object->update_rights_to_base($base_id, $rights_false);
$this->assertFalse($this->object->has_right_on_base($base_id, 'imgtools')); $this->assertFalse($this->object->has_right_on_base($base_id, \ACL::IMGTOOLS));
$this->assertFalse($this->object->has_right_on_base($base_id, 'chgstatus')); $this->assertFalse($this->object->has_right_on_base($base_id, \ACL::CHGSTATUS));
$this->assertFalse($this->object->has_right_on_base($base_id, 'canaddrecord')); $this->assertFalse($this->object->has_right_on_base($base_id, \ACL::CANADDRECORD));
$this->assertFalse($this->object->has_right_on_base($base_id, 'canputinalbum')); $this->assertFalse($this->object->has_right_on_base($base_id, \ACL::CANPUTINALBUM));
$this->object->update_rights_to_base($base_id, $rights_true); $this->object->update_rights_to_base($base_id, $rights_true);
$this->assertTrue($this->object->has_right_on_base($base_id, 'imgtools')); $this->assertTrue($this->object->has_right_on_base($base_id, \ACL::IMGTOOLS));
$this->assertTrue($this->object->has_right_on_base($base_id, 'chgstatus')); $this->assertTrue($this->object->has_right_on_base($base_id, \ACL::CHGSTATUS));
$this->assertTrue($this->object->has_right_on_base($base_id, 'canaddrecord')); $this->assertTrue($this->object->has_right_on_base($base_id, \ACL::CANADDRECORD));
$this->assertFalse($this->object->has_right_on_base($base_id, 'canputinalbum')); $this->assertFalse($this->object->has_right_on_base($base_id, \ACL::CANPUTINALBUM));
$this->object->update_rights_to_base($base_id, $rights_false); $this->object->update_rights_to_base($base_id, $rights_false);
$this->assertFalse($this->object->has_right_on_base($base_id, 'imgtools')); $this->assertFalse($this->object->has_right_on_base($base_id, \ACL::IMGTOOLS));
$this->assertFalse($this->object->has_right_on_base($base_id, 'chgstatus')); $this->assertFalse($this->object->has_right_on_base($base_id, \ACL::CHGSTATUS));
$this->assertFalse($this->object->has_right_on_base($base_id, 'canaddrecord')); $this->assertFalse($this->object->has_right_on_base($base_id, \ACL::CANADDRECORD));
$this->assertFalse($this->object->has_right_on_base($base_id, 'canputinalbum')); $this->assertFalse($this->object->has_right_on_base($base_id, \ACL::CANPUTINALBUM));
} }
} }
} }

38
tests/classes/PhraseanetTestCase.php
View File

@@ -594,27 +594,27 @@ abstract class PhraseanetTestCase extends WebTestCase
$app->getAclForUser($user)->delete_data_from_cache(\ACL::CACHE_RIGHTS_BAS); $app->getAclForUser($user)->delete_data_from_cache(\ACL::CACHE_RIGHTS_BAS);
$app->getAclForUser($user)->give_access_to_base([$base_id]); $app->getAclForUser($user)->give_access_to_base([$base_id]);
$app->getAclForUser($user)->update_rights_to_base($base_id, ['order_master' => true]); $app->getAclForUser($user)->update_rights_to_base($base_id, [\ACL::ORDER_MASTER => true]);
$rights = [ $rights = [
'canputinalbum' => '1' \ACL::CANPUTINALBUM => '1',
, 'candwnldhd' => '1' \ACL::CANDWNLDHD => '1',
, 'candwnldsubdef' => '1' 'candwnldsubdef' => '1',
, 'nowatermark' => '1' \ACL::NOWATERMARK => '1',
, 'candwnldpreview' => '1' \ACL::CANDWNLDPREVIEW => '1',
, 'cancmd' => '1' \ACL::CANCMD => '1',
, 'canadmin' => '1' \ACL::CANADMIN => '1',
, 'canreport' => '1' \ACL::CANREPORT => '1',
, 'canpush' => '1' \ACL::CANPUSH => '1',
, 'creationdate' => '1' 'creationdate' => '1',
, 'canaddrecord' => '1' \ACL::CANADDRECORD => '1',
, 'canmodifrecord' => '1' \ACL::CANMODIFRECORD => '1',
, 'candeleterecord' => '1' \ACL::CANDELETERECORD => '1',
, 'chgstatus' => '1' \ACL::CHGSTATUS => '1',
, 'imgtools' => '1' \ACL::IMGTOOLS => '1',
, 'manage' => '1' \ACL::MANAGE => '1',
, 'modify_struct' => '1' \ACL::MODIFY_STRUCT => '1',
, 'bas_modify_struct' => '1' 'bas_modify_struct' => '1'
]; ];
$app->getAclForUser($user)->update_rights_to_base($collection->get_base_id(), $rights); $app->getAclForUser($user)->update_rights_to_base($collection->get_base_id(), $rights);