hazza/Phraseanet
1
0
Fork 0
mirror of https://github.com/alchemy-fr/Phraseanet.git synced 2025-10-17 15:03:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add AclAware Trait

Browse Source
This commit is contained in:
Benoît Burnichon
2015-06-30 20:09:23 +02:00
parent 4880f2bf5a
commit d645b92afa
52 changed files with 267 additions and 186 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/Alchemy/Phrasea/Application.php
View File

@@ -12,6 +12,7 @@
namespace Alchemy\Phrasea; namespace Alchemy\Phrasea;
use Alchemy\Geonames\GeonamesServiceProvider; use Alchemy\Geonames\GeonamesServiceProvider;
use Alchemy\Phrasea\Application\Helper\AclAware;
use Alchemy\Phrasea\Application\Helper\ApplicationBoxAware; use Alchemy\Phrasea\Application\Helper\ApplicationBoxAware;
use Alchemy\Phrasea\Application\Helper\AuthenticatorAware; use Alchemy\Phrasea\Application\Helper\AuthenticatorAware;
use Alchemy\Phrasea\ControllerProvider\Thesaurus\Xmlhttp as ThesaurusXMLHttp; use Alchemy\Phrasea\ControllerProvider\Thesaurus\Xmlhttp as ThesaurusXMLHttp;
@@ -118,6 +119,7 @@ use XPDF\XPDFServiceProvider;
class Application extends SilexApplication class Application extends SilexApplication
{ {
use AclAware;
use ApplicationBoxAware; use ApplicationBoxAware;
use AuthenticatorAware; use AuthenticatorAware;
use UrlGeneratorTrait; use UrlGeneratorTrait;
@@ -597,7 +599,7 @@ class Application extends SilexApplication
return false; return false;
} }
return count($this['acl']->get($user)->get_granted_base()) > 0; return count($this->getAclForUser($user)->get_granted_base()) > 0;
} }
/** /**

79
lib/Alchemy/Phrasea/Application/Helper/AclAware.php Normal file
View File

@@ -0,0 +1,79 @@
<?php
/*
* This file is part of Phraseanet
*
* (c) 2005-2015 Alchemy
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace Alchemy\Phrasea\Application\Helper;
use Alchemy\Phrasea\Authentication\ACLProvider;
use Alchemy\Phrasea\Model\Entities\User;
trait AclAware
{
/** @var ACLProvider */
private $aclProvider;
/**
* @param ACLProvider|callable $provider
* @return $this
*/
public function setAclProvider($provider)
{
if (!$provider instanceof ACLProvider && !is_callable($provider)) {
throw new \InvalidArgumentException(sprintf(
'%s expects parameter to be a "%s" instance or a callable, got "%s".',
__METHOD__,
ACLProvider::class,
is_object($provider) ? get_class($provider) : gettype($provider)
));
}
$this->aclProvider = $provider;
return $this;
}
/**
* @return ACLProvider
*/
public function getAclProvider()
{
if ($this->aclProvider instanceof ACLProvider) {
return $this->aclProvider;
}
if (null === $this->aclProvider && $this instanceof \Pimple && $this->offsetExists('acl')) {
$this->aclProvider = function () {
return $this['acl'];
};
}
if (null === $this->aclProvider) {
throw new \LogicException(ACLProvider::class . ' instance or locator was not set');
}
$instance = call_user_func($this->aclProvider);
if (!$instance instanceof ACLProvider) {
throw new \LogicException(sprintf(
'Expects locator to return instance of "%s", got "%s"',
ACLProvider::class,
is_object($instance) ? get_class($instance) : gettype($instance)
));
}
$this->aclProvider = $instance;
return $this->aclProvider;
}
/**
* @param User $user
* @return \ACL
*/
public function getAclForUser(User $user)
{
return $this->getAclProvider()->get($user);
}
}

2
lib/Alchemy/Phrasea/Authentication/AccountCreator.php
View File

@@ -91,7 +91,7 @@ class AccountCreator
} }
foreach (array_merge($this->templates, $templates) as $template) { foreach (array_merge($this->templates, $templates) as $template) {
$app['acl']->get($user)->apply_model($template, $base_ids); $app->getAclForUser($user)->apply_model($template, $base_ids);
} }
return $user; return $user;

4
lib/Alchemy/Phrasea/Authentication/Authenticator.php
View File

@@ -83,7 +83,7 @@ class Authenticator
$this->populateSession($session); $this->populateSession($session);
foreach ($this->app['acl']->get($user)->get_granted_sbas() as $databox) { foreach ($this->app->getAclForUser($user)->get_granted_sbas() as $databox) {
\cache_databox::insertClient($this->app, $databox); \cache_databox::insertClient($this->app, $databox);
} }
$this->reinitUser(); $this->reinitUser();
@@ -112,7 +112,7 @@ class Authenticator
$this->session->clear(); $this->session->clear();
$this->populateSession($session); $this->populateSession($session);
foreach ($this->app['acl']->get($user)->get_granted_sbas() as $databox) { foreach ($this->app->getAclForUser($user)->get_granted_sbas() as $databox) {
\cache_databox::insertClient($this->app, $databox); \cache_databox::insertClient($this->app, $databox);
} }

2
lib/Alchemy/Phrasea/Command/CreateCollection.php
View File

@@ -50,7 +50,7 @@ class CreateCollection extends Command
while ($n < $total) { while ($n < $total) {
$results = $query->limit($n, 40)->execute()->get_results(); $results = $query->limit($n, 40)->execute()->get_results();
foreach ($results as $user) { foreach ($results as $user) {
$this->container['acl']->get($user)->duplicate_right_from_bas($input->getOption('base_id_rights'), $new_collection->get_base_id()); $this->container->getAclForUser($user)->duplicate_right_from_bas($input->getOption('base_id_rights'), $new_collection->get_base_id());
} }
$n+=40; $n+=40;
} }

2
lib/Alchemy/Phrasea/Command/Developer/JsFixtures.php
View File

@@ -85,7 +85,7 @@ class JsFixtures extends Command
{ {
$user = $app['manipulator.user']->createUser(uniqid('fixturejs'), uniqid('fixturejs'), uniqid('fixturejs') . '@js.js', true); $user = $app['manipulator.user']->createUser(uniqid('fixturejs'), uniqid('fixturejs'), uniqid('fixturejs') . '@js.js', true);
$app['acl']->get($user)->set_admin(true); $app->getAclForUser($user)->set_admin(true);
$app['manipulator.acl']->resetAdminRights($user); $app['manipulator.acl']->resetAdminRights($user);
return $user; return $user;

6
lib/Alchemy/Phrasea/Controller/RecordsRequest.php
View File

@@ -243,20 +243,20 @@ class RecordsRequest extends ArrayCollection
$to_remove = []; $to_remove = [];
foreach ($elements as $id => $record) { foreach ($elements as $id => $record) {
if (!$app['acl']->get($app->getAuthenticatedUser())->has_access_to_record($record)) { if (!$app->getAclForUser($app->getAuthenticatedUser())->has_access_to_record($record)) {
$to_remove[] = $id; $to_remove[] = $id;
continue; continue;
} }
foreach ($rightsColl as $right) { foreach ($rightsColl as $right) {
if (!$app['acl']->get($app->getAuthenticatedUser())->has_right_on_base($record->get_base_id(), $right)) { if (!$app->getAclForUser($app->getAuthenticatedUser())->has_right_on_base($record->get_base_id(), $right)) {
$to_remove[] = $id; $to_remove[] = $id;
continue; continue;
} }
} }
foreach ($rightsDatabox as $right) { foreach ($rightsDatabox as $right) {
if (!$app['acl']->get($app->getAuthenticatedUser())->has_right_on_sbas($record->get_sbas_id(), $right)) { if (!$app->getAclForUser($app->getAuthenticatedUser())->has_right_on_sbas($record->get_sbas_id(), $right)) {
$to_remove[] = $id; $to_remove[] = $id;
continue; continue;
} }

2
lib/Alchemy/Phrasea/Feed/Aggregate.php
View File

@@ -78,7 +78,7 @@ class Aggregate implements FeedInterface
*/ */
public static function createFromUser(Application $app, User $user, array $restrictions = []) public static function createFromUser(Application $app, User $user, array $restrictions = [])
{ {
$feeds = $app['repo.feeds']->getAllForUser($app['acl']->get($user), $restrictions); $feeds = $app['repo.feeds']->getAllForUser($app->getAclForUser($user), $restrictions);
$token = $app['repo.aggregate-tokens']->findOneBy(['user' => $user]); $token = $app['repo.aggregate-tokens']->findOneBy(['user' => $user]);
return new static($app['orm.em'], $feeds, $token); return new static($app['orm.em'], $feeds, $token);

6
lib/Alchemy/Phrasea/Helper/Prod.php
View File

@@ -32,12 +32,12 @@ class Prod extends Helper
$searchSet = json_decode($this->app['settings']->getUserSetting($this->app->getAuthenticatedUser(), 'search'), true); $searchSet = json_decode($this->app['settings']->getUserSetting($this->app->getAuthenticatedUser(), 'search'), true);
$saveSettings = $this->app['settings']->getUserSetting($this->app->getAuthenticatedUser(), 'advanced_search_reload'); $saveSettings = $this->app['settings']->getUserSetting($this->app->getAuthenticatedUser(), 'advanced_search_reload');
foreach ($this->app['acl']->get($this->app->getAuthenticatedUser())->get_granted_sbas() as $databox) { foreach ($this->app->getAclForUser($this->app->getAuthenticatedUser())->get_granted_sbas() as $databox) {
$sbasId = $databox->get_sbas_id(); $sbasId = $databox->get_sbas_id();
$bases[$sbasId] = array('thesaurus' => (trim($databox->get_thesaurus()) !== ""), 'cterms' => false, 'collections' => array(), 'sbas_id' => $sbasId); $bases[$sbasId] = array('thesaurus' => (trim($databox->get_thesaurus()) !== ""), 'cterms' => false, 'collections' => array(), 'sbas_id' => $sbasId);
foreach ($this->app['acl']->get($this->app->getAuthenticatedUser())->get_granted_base([], [$databox->get_sbas_id()]) as $coll) { foreach ($this->app->getAclForUser($this->app->getAuthenticatedUser())->get_granted_base([], [$databox->get_sbas_id()]) as $coll) {
$selected = $saveSettings ? ((isset($searchSet['bases']) && isset($searchSet['bases'][$sbasId])) ? (in_array($coll->get_base_id(), $searchSet['bases'][$sbasId])) : true) : true; $selected = $saveSettings ? ((isset($searchSet['bases']) && isset($searchSet['bases'][$sbasId])) ? (in_array($coll->get_base_id(), $searchSet['bases'][$sbasId])) : true) : true;
$bases[$sbasId]['collections'][] = array('selected' => $selected, 'base_id' => $coll->get_base_id()); $bases[$sbasId]['collections'][] = array('selected' => $selected, 'base_id' => $coll->get_base_id());
} }
@@ -78,7 +78,7 @@ class Prod extends Helper
if (!$bases[$sbasId]['thesaurus']) { if (!$bases[$sbasId]['thesaurus']) {
continue; continue;
} }
if (!$this->app['acl']->get($this->app->getAuthenticatedUser())->has_right_on_sbas($sbasId, 'bas_modif_th')) { if (!$this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_sbas($sbasId, 'bas_modif_th')) {
continue; continue;
} }

38
lib/Alchemy/Phrasea/Helper/User/Edit.php
View File

@@ -71,11 +71,11 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
protected function delete_user(User $user) protected function delete_user(User $user)
{ {
$list = array_keys($this->app['acl']->get($this->app->getAuthenticatedUser())->get_granted_base(['canadmin'])); $list = array_keys($this->app->getAclForUser($this->app->getAuthenticatedUser())->get_granted_base(['canadmin']));
$this->app['acl']->get($user)->revoke_access_from_bases($list); $this->app->getAclForUser($user)->revoke_access_from_bases($list);
if ($this->app['acl']->get($user)->is_phantom()) { if ($this->app->getAclForUser($user)->is_phantom()) {
$this->app['manipulator.user']->delete($user); $this->app['manipulator.user']->delete($user);
} }
@@ -84,7 +84,7 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
public function get_users_rights() public function get_users_rights()
{ {
$list = array_keys($this->app['acl']->get($this->app->getAuthenticatedUser())->get_granted_base(['canadmin'])); $list = array_keys($this->app->getAclForUser($this->app->getAuthenticatedUser())->get_granted_base(['canadmin']));
$sql = "SELECT $sql = "SELECT
b.sbas_id, b.sbas_id,
@@ -476,7 +476,7 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
public function apply_rights() public function apply_rights()
{ {
$ACL = $this->app['acl']->get($this->app->getAuthenticatedUser()); $ACL = $this->app->getAclForUser($this->app->getAuthenticatedUser());
$base_ids = array_keys($ACL->get_granted_base(['canadmin'])); $base_ids = array_keys($ACL->get_granted_base(['canadmin']));
$update = $create = $delete = $create_sbas = $update_sbas = []; $update = $create = $delete = $create_sbas = $update_sbas = [];
@@ -571,21 +571,21 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
$user = $this->app['repo.users']->find($usr_id); $user = $this->app['repo.users']->find($usr_id);
$this->app['acl']->get($user)->revoke_access_from_bases($delete) $this->app->getAclForUser($user)->revoke_access_from_bases($delete)
->give_access_to_base($create) ->give_access_to_base($create)
->give_access_to_sbas($create_sbas); ->give_access_to_sbas($create_sbas);
foreach ($update as $base_id => $rights) { foreach ($update as $base_id => $rights) {
$this->app['acl']->get($user)->update_rights_to_base($base_id, $rights); $this->app->getAclForUser($user)->update_rights_to_base($base_id, $rights);
} }
foreach ($update_sbas as $sbas_id => $rights) { foreach ($update_sbas as $sbas_id => $rights) {
$this->app['acl']->get($user)->update_rights_to_sbas($sbas_id, $rights); $this->app->getAclForUser($user)->update_rights_to_sbas($sbas_id, $rights);
} }
$this->app['phraseanet.appbox']->get_connection()->commit(); $this->app['phraseanet.appbox']->get_connection()->commit();
$this->app['acl']->get($user)->revoke_unused_sbas_rights(); $this->app->getAclForUser($user)->revoke_unused_sbas_rights();
unset($user); unset($user);
} catch (\Exception $e) { } catch (\Exception $e) {
@@ -688,12 +688,12 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
throw new AccessDeniedHttpException('You are not the owner of the template'); throw new AccessDeniedHttpException('You are not the owner of the template');
} }
$base_ids = array_keys($this->app['acl']->get($this->app->getAuthenticatedUser())->get_granted_base(['canadmin'])); $base_ids = array_keys($this->app->getAclForUser($this->app->getAuthenticatedUser())->get_granted_base(['canadmin']));
foreach ($this->users as $usr_id) { foreach ($this->users as $usr_id) {
$user = $this->app['repo.users']->find($usr_id); $user = $this->app['repo.users']->find($usr_id);
$this->app['acl']->get($user)->apply_model($template, $base_ids); $this->app->getAclForUser($user)->apply_model($template, $base_ids);
} }
return $this; return $this;
@@ -706,9 +706,9 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
foreach ($this->users as $usr_id) { foreach ($this->users as $usr_id) {
$user = $this->app['repo.users']->find($usr_id); $user = $this->app['repo.users']->find($usr_id);
if ($this->request->get('quota')) if ($this->request->get('quota'))
$this->app['acl']->get($user)->set_quotas_on_base($this->base_id, $this->request->get('droits'), $this->request->get('restes')); $this->app->getAclForUser($user)->set_quotas_on_base($this->base_id, $this->request->get('droits'), $this->request->get('restes'));
else else
$this->app['acl']->get($user)->remove_quotas_on_base($this->base_id); $this->app->getAclForUser($user)->remove_quotas_on_base($this->base_id);
} }
return $this; return $this;
@@ -727,7 +727,7 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
foreach ($this->users as $usr_id) { foreach ($this->users as $usr_id) {
$user = $this->app['repo.users']->find($usr_id); $user = $this->app['repo.users']->find($usr_id);
$this->app['acl']->get($user)->set_masks_on_base($this->base_id, $vand_and, $vand_or, $vxor_and, $vxor_or); $this->app->getAclForUser($user)->set_masks_on_base($this->base_id, $vand_and, $vand_or, $vxor_and, $vxor_or);
} }
} }
@@ -744,16 +744,16 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
$activate = !!$this->request->get('limit'); $activate = !!$this->request->get('limit');
$base_ids = array_keys($this->app['acl']->get($this->app->getAuthenticatedUser())->get_granted_base(['canadmin'])); $base_ids = array_keys($this->app->getAclForUser($this->app->getAuthenticatedUser())->get_granted_base(['canadmin']));
foreach ($this->users as $usr_id) { foreach ($this->users as $usr_id) {
$user = $this->app['repo.users']->find($usr_id); $user = $this->app['repo.users']->find($usr_id);
if ($this->base_id > 0) { if ($this->base_id > 0) {
$this->app['acl']->get($user)->set_limits($this->base_id, $activate, $dmin, $dmax); $this->app->getAclForUser($user)->set_limits($this->base_id, $activate, $dmin, $dmax);
} elseif ($sbas_id > 0) { } elseif ($sbas_id > 0) {
foreach ($base_ids as $base_id) { foreach ($base_ids as $base_id) {
$this->app['acl']->get($user)->set_limits($base_id, $activate, $dmin, $dmax); $this->app->getAclForUser($user)->set_limits($base_id, $activate, $dmin, $dmax);
} }
} else { } else {
$this->app->abort(400, 'No collection or databox id available'); $this->app->abort(400, 'No collection or databox id available');
@@ -763,11 +763,11 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
public function resetRights() public function resetRights()
{ {
$base_ids = array_keys($this->app['acl']->get($this->app->getAuthenticatedUser())->get_granted_base(['canadmin'])); $base_ids = array_keys($this->app->getAclForUser($this->app->getAuthenticatedUser())->get_granted_base(['canadmin']));
foreach ($this->users as $usr_id) { foreach ($this->users as $usr_id) {
$user = $this->app['repo.users']->find($usr_id); $user = $this->app['repo.users']->find($usr_id);
$ACL = $this->app['acl']->get($user); $ACL = $this->app->getAclForUser($user);
if ($user->isTemplate()) { if ($user->isTemplate()) {
$template = $user; $template = $user;

4
lib/Alchemy/Phrasea/Helper/User/Manage.php
View File

@@ -76,7 +76,7 @@ class Manage extends Helper
->last_model_is($this->query_parms['last_model']) ->last_model_is($this->query_parms['last_model'])
->get_inactives($this->query_parms['inactives']) ->get_inactives($this->query_parms['inactives'])
->include_templates(false) ->include_templates(false)
->on_bases_where_i_am($this->app['acl']->get($this->app->getAuthenticatedUser()), ['canadmin']) ->on_bases_where_i_am($this->app->getAclForUser($this->app->getAuthenticatedUser()), ['canadmin'])
->execute(); ->execute();
return $this->results->get_results(); return $this->results->get_results();
@@ -114,7 +114,7 @@ class Manage extends Helper
->last_model_is($this->query_parms['last_model']) ->last_model_is($this->query_parms['last_model'])
->get_inactives($this->query_parms['inactives']) ->get_inactives($this->query_parms['inactives'])
->include_templates(true) ->include_templates(true)
->on_bases_where_i_am($this->app['acl']->get($this->app->getAuthenticatedUser()), ['canadmin']) ->on_bases_where_i_am($this->app->getAclForUser($this->app->getAuthenticatedUser()), ['canadmin'])
->limit($offset_start, $results_quantity) ->limit($offset_start, $results_quantity)
->execute(); ->execute();

4
lib/Alchemy/Phrasea/Model/Entities/Feed.php
View File

@@ -459,7 +459,7 @@ class Feed implements FeedInterface
public function hasAccess(User $user, Application $app) public function hasAccess(User $user, Application $app)
{ {
if ($this->getCollection($app) instanceof collection) { if ($this->getCollection($app) instanceof collection) {
return $app['acl']->get($user)->has_access_to_base($this->collection->get_base_id()); return $app->getAclForUser($user)->has_access_to_base($this->collection->get_base_id());
} }
return true; return true;
@@ -556,7 +556,7 @@ class Feed implements FeedInterface
$coll = $this->getCollection($app); $coll = $this->getCollection($app);
if ($this->isPublic() if ($this->isPublic()
|| $coll === null || $coll === null
|| in_array($coll->get_base_id(), array_keys($app['acl']->get($user)->get_granted_base()))) { || in_array($coll->get_base_id(), array_keys($app->getAclForUser($user)->get_granted_base()))) {
return true; return true;
} }

4
lib/Alchemy/Phrasea/Out/Module/PDF.php
View File

@@ -166,7 +166,7 @@ class PDF
$fimg = $subdef->get_pathfile(); $fimg = $subdef->get_pathfile();
if (!$this->app['acl']->get($this->app->getAuthenticatedUser())->has_right_on_base($rec->get_base_id(), "nowatermark") if (!$this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_base($rec->get_base_id(), "nowatermark")
&& $subdef->get_type() == \media_subdef::TYPE_IMAGE) { && $subdef->get_type() == \media_subdef::TYPE_IMAGE) {
$fimg = \recordutils_image::watermark($this->app, $subdef); $fimg = \recordutils_image::watermark($this->app, $subdef);
} }
@@ -438,7 +438,7 @@ class PDF
$f = $subdef->get_pathfile(); $f = $subdef->get_pathfile();
if (!$this->app['acl']->get($this->app->getAuthenticatedUser())->has_right_on_base($rec->get_base_id(), "nowatermark") if (!$this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_base($rec->get_base_id(), "nowatermark")
&& $subdef->get_type() == \media_subdef::TYPE_IMAGE) && $subdef->get_type() == \media_subdef::TYPE_IMAGE)
$f = \recordutils_image::watermark($this->app, $subdef); $f = \recordutils_image::watermark($this->app, $subdef);

2
lib/Alchemy/Phrasea/SearchEngine/Elastic/ElasticSearchEngine.php
View File

@@ -400,7 +400,7 @@ class ElasticSearchEngine implements SearchEngineInterface
return []; return [];
} }
$acl = $this->app['acl']->get($this->app->getAuthenticatedUser()); $acl = $this->app->getAclForUser($this->app->getAuthenticatedUser());
$grantedCollections = array_keys($acl->get_granted_base(['actif'])); $grantedCollections = array_keys($acl->get_granted_base(['actif']));

16
lib/Alchemy/Phrasea/Security/Firewall.php
View File

@@ -41,7 +41,7 @@ class Firewall
{ {
$this->requireNotGuest(); $this->requireNotGuest();
if (!$this->app['acl']->get($this->app->getAuthenticatedUser())->is_admin()) { if (!$this->app->getAclForUser($this->app->getAuthenticatedUser())->is_admin()) {
$this->app->abort(403, 'Admin role is required'); $this->app->abort(403, 'Admin role is required');
} }
@@ -50,7 +50,7 @@ class Firewall
public function requireAccessToModule($module) public function requireAccessToModule($module)
{ {
if (!$this->app['acl']->get($this->app->getAuthenticatedUser())->has_access_to_module($module)) { if (!$this->app->getAclForUser($this->app->getAuthenticatedUser())->has_access_to_module($module)) {
$this->app->abort(403, 'You do not have required rights'); $this->app->abort(403, 'You do not have required rights');
} }
@@ -59,7 +59,7 @@ class Firewall
public function requireAccessToSbas($sbas_id) public function requireAccessToSbas($sbas_id)
{ {
if (!$this->app['acl']->get($this->app->getAuthenticatedUser())->has_access_to_sbas($sbas_id)) { if (!$this->app->getAclForUser($this->app->getAuthenticatedUser())->has_access_to_sbas($sbas_id)) {
$this->app->abort(403, 'You do not have required rights'); $this->app->abort(403, 'You do not have required rights');
} }
@@ -68,7 +68,7 @@ class Firewall
public function requireAccessToBase($base_id) public function requireAccessToBase($base_id)
{ {
if (!$this->app['acl']->get($this->app->getAuthenticatedUser())->has_access_to_base($base_id)) { if (!$this->app->getAclForUser($this->app->getAuthenticatedUser())->has_access_to_base($base_id)) {
$this->app->abort(403, 'You do not have required rights'); $this->app->abort(403, 'You do not have required rights');
} }
@@ -77,7 +77,7 @@ class Firewall
public function requireRight($right) public function requireRight($right)
{ {
if (!$this->app['acl']->get($this->app->getAuthenticatedUser())->has_right($right)) { if (!$this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right($right)) {
$this->app->abort(403, 'You do not have required rights'); $this->app->abort(403, 'You do not have required rights');
} }
@@ -86,7 +86,7 @@ class Firewall
public function requireRightOnBase($base_id, $right) public function requireRightOnBase($base_id, $right)
{ {
if (!$this->app['acl']->get($this->app->getAuthenticatedUser())->has_right_on_base($base_id, $right)) { if (!$this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_base($base_id, $right)) {
$this->app->abort(403, 'You do not have required rights'); $this->app->abort(403, 'You do not have required rights');
} }
@@ -95,7 +95,7 @@ class Firewall
public function requireRightOnSbas($sbas_id, $right) public function requireRightOnSbas($sbas_id, $right)
{ {
if (!$this->app['acl']->get($this->app->getAuthenticatedUser())->has_right_on_sbas($sbas_id, $right)) { if (!$this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_sbas($sbas_id, $right)) {
$this->app->abort(403, 'You do not have required rights'); $this->app->abort(403, 'You do not have required rights');
} }
@@ -146,7 +146,7 @@ class Firewall
public function requireOrdersAdmin() public function requireOrdersAdmin()
{ {
if (false === !!count($this->app['acl']->get($this->app->getAuthenticatedUser())->get_granted_base(['order_master']))) { if (false === !!count($this->app->getAclForUser($this->app->getAuthenticatedUser())->get_granted_base(['order_master']))) {
$this->app->abort(403, 'You are not an order admin'); $this->app->abort(403, 'You are not an order admin');
} }

6
lib/Alchemy/Phrasea/Setup/Installer.php
View File

@@ -62,7 +62,7 @@ class Installer
$template = new \SplFileInfo(__DIR__ . '/../../../conf.d/data_templates/' . $template . '-simple.xml'); $template = new \SplFileInfo(__DIR__ . '/../../../conf.d/data_templates/' . $template . '-simple.xml');
$databox = \databox::create($this->app, $dbConn, $template); $databox = \databox::create($this->app, $dbConn, $template);
$this->app['acl']->get($admin) $this->app->getAclForUser($admin)
->give_access_to_sbas([$databox->get_sbas_id()]) ->give_access_to_sbas([$databox->get_sbas_id()])
->update_rights_to_sbas( ->update_rights_to_sbas(
$databox->get_sbas_id(), [ $databox->get_sbas_id(), [
@@ -73,8 +73,8 @@ class Installer
$collection = \collection::create($this->app, $databox, $this->app['phraseanet.appbox'], 'test', $admin); $collection = \collection::create($this->app, $databox, $this->app['phraseanet.appbox'], 'test', $admin);
$this->app['acl']->get($admin)->give_access_to_base([$collection->get_base_id()]); $this->app->getAclForUser($admin)->give_access_to_base([$collection->get_base_id()]);
$this->app['acl']->get($admin)->update_rights_to_base($collection->get_base_id(), [ $this->app->getAclForUser($admin)->update_rights_to_base($collection->get_base_id(), [
'canpush' => 1, 'cancmd' => 1 'canpush' => 1, 'cancmd' => 1
, 'canputinalbum' => 1, 'candwnldhd' => 1, 'candwnldpreview' => 1, 'canadmin' => 1 , 'canputinalbum' => 1, 'candwnldhd' => 1, 'candwnldpreview' => 1, 'canadmin' => 1
, 'actif' => 1, 'canreport' => 1, 'canaddrecord' => 1, 'canmodifrecord' => 1 , 'actif' => 1, 'canreport' => 1, 'canaddrecord' => 1, 'canmodifrecord' => 1

6
lib/Alchemy/Phrasea/Twig/PhraseanetExtension.php
View File

@@ -135,7 +135,7 @@ class PhraseanetExtension extends \Twig_Extension
$rights = (array) $rights; $rights = (array) $rights;
foreach ($rights as $right) { foreach ($rights as $right) {
if (false === $this->app['acl']->get($this->app->getAuthenticatedUser())->has_right_on_sbas($databoxId, $right)) { if (false === $this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_sbas($databoxId, $right)) {
return false; return false;
} }
@@ -153,7 +153,7 @@ class PhraseanetExtension extends \Twig_Extension
$rights = (array) $rights; $rights = (array) $rights;
foreach ($rights as $right) { foreach ($rights as $right) {
if (false === $this->app['acl']->get($this->app->getAuthenticatedUser())->has_right_on_base($baseId, $right)) { if (false === $this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_base($baseId, $right)) {
return false; return false;
} }
@@ -182,7 +182,7 @@ class PhraseanetExtension extends \Twig_Extension
return false; return false;
} }
return $this->app['acl']->get($this->app->getAuthenticatedUser())->has_access_to_subdef($record, $subDefinition); return $this->app->getAclForUser($this->app->getAuthenticatedUser())->has_access_to_subdef($record, $subDefinition);
} }
public function getDoctypeIcon(RecordInterface $record) public function getDoctypeIcon(RecordInterface $record)

2
lib/Alchemy/Phrasea/Vocabulary/ControlProvider/UserProvider.php
View File

@@ -60,7 +60,7 @@ class UserProvider implements ControlProviderInterface
->like(\User_Query::LIKE_LOGIN, $query) ->like(\User_Query::LIKE_LOGIN, $query)
->like_match(\User_Query::LIKE_MATCH_OR) ->like_match(\User_Query::LIKE_MATCH_OR)
->include_phantoms(true) ->include_phantoms(true)
->on_bases_where_i_am($this->app['acl']->get($for_user), ['canadmin']) ->on_bases_where_i_am($this->app->getAclForUser($for_user), ['canadmin'])
->limit(0, 50) ->limit(0, 50)
->execute()->get_results(); ->execute()->get_results();

14
lib/classes/ACL.php
View File

@@ -310,7 +310,7 @@ class ACL implements cache_cacheableInterface
$sbas_to_acces = []; $sbas_to_acces = [];
$rights_to_give = []; $rights_to_give = [];
foreach ($this->app['acl']->get($template_user)->get_granted_sbas() as $databox) { foreach ($this->app->getAclForUser($template_user)->get_granted_sbas() as $databox) {
$sbas_id = $databox->get_sbas_id(); $sbas_id = $databox->get_sbas_id();
if (!in_array($sbas_id, $sbas_ids)) if (!in_array($sbas_id, $sbas_ids))
@@ -321,7 +321,7 @@ class ACL implements cache_cacheableInterface
} }
foreach ($sbas_rights as $right) { foreach ($sbas_rights as $right) {
if ($this->app['acl']->get($template_user)->has_right_on_sbas($sbas_id, $right)) { if ($this->app->getAclForUser($template_user)->has_right_on_sbas($sbas_id, $right)) {
$rights_to_give[$sbas_id][$right] = '1'; $rights_to_give[$sbas_id][$right] = '1';
} }
} }
@@ -348,7 +348,7 @@ class ACL implements cache_cacheableInterface
'11' => ['aa' => '1', 'ao' => '1', 'xa' => '1', 'xo' => '1'] '11' => ['aa' => '1', 'ao' => '1', 'xa' => '1', 'xo' => '1']
]; ];
foreach ($this->app['acl']->get($template_user)->get_granted_base() as $collection) { foreach ($this->app->getAclForUser($template_user)->get_granted_base() as $collection) {
$base_id = $collection->get_base_id(); $base_id = $collection->get_base_id();
if (!in_array($base_id, $base_ids)) if (!in_array($base_id, $base_ids))
@@ -359,13 +359,13 @@ class ACL implements cache_cacheableInterface
} }
foreach ($bas_rights as $right) { foreach ($bas_rights as $right) {
if ($this->app['acl']->get($template_user)->has_right_on_base($base_id, $right)) { if ($this->app->getAclForUser($template_user)->has_right_on_base($base_id, $right)) {
$rights_to_give[$base_id][$right] = '1'; $rights_to_give[$base_id][$right] = '1';
} }
} }
$mask_and = $this->app['acl']->get($template_user)->get_mask_and($base_id); $mask_and = $this->app->getAclForUser($template_user)->get_mask_and($base_id);
$mask_xor = $this->app['acl']->get($template_user)->get_mask_xor($base_id); $mask_xor = $this->app->getAclForUser($template_user)->get_mask_xor($base_id);
/** /**
* apply sb is substractive * apply sb is substractive
@@ -417,7 +417,7 @@ class ACL implements cache_cacheableInterface
private function apply_template_time_limits(User $template_user, Array $base_ids) private function apply_template_time_limits(User $template_user, Array $base_ids)
{ {
foreach ($base_ids as $base_id) { foreach ($base_ids as $base_id) {
$limited = $this->app['acl']->get($template_user)->get_limits($base_id); $limited = $this->app->getAclForUser($template_user)->get_limits($base_id);
if (null !== $limited) { if (null !== $limited) {
$this->set_limits($base_id, '1', $limited['dmin'], $limited['dmax']); $this->set_limits($base_id, '1', $limited['dmin'], $limited['dmax']);
} else { } else {

4
lib/classes/Session/Logger.php
View File

@@ -99,7 +99,7 @@ class Session_Logger
$colls = []; $colls = [];
if ($app->getAuthenticatedUser()) { if ($app->getAuthenticatedUser()) {
$bases = $app['acl']->get($app->getAuthenticatedUser())->get_granted_base([], [$databox->get_sbas_id()]); $bases = $app->getAclForUser($app->getAuthenticatedUser())->get_granted_base([], [$databox->get_sbas_id()]);
foreach ($bases as $collection) { foreach ($bases as $collection) {
$colls[] = $collection->get_coll_id(); $colls[] = $collection->get_coll_id();
} }
@@ -218,7 +218,7 @@ class Session_Logger
]; ];
if (isset($appName[$appId])) { if (isset($appName[$appId])) {
$sbas_ids = array_keys($app['acl']->get($app->getAuthenticatedUser())->get_granted_sbas()); $sbas_ids = array_keys($app->getAclForUser($app->getAuthenticatedUser())->get_granted_sbas());
foreach ($sbas_ids as $sbas_id) { foreach ($sbas_ids as $sbas_id) {
try { try {

6
lib/classes/collection.php
View File

@@ -541,8 +541,8 @@ class collection implements cache_cacheableInterface
while ($n < $total) { while ($n < $total) {
$results = $query->limit($n, 50)->execute()->get_results(); $results = $query->limit($n, 50)->execute()->get_results();
foreach ($results as $user) { foreach ($results as $user) {
$app['acl']->get($user)->delete_data_from_cache(ACL::CACHE_RIGHTS_SBAS); $app->getAclForUser($user)->delete_data_from_cache(ACL::CACHE_RIGHTS_SBAS);
$app['acl']->get($user)->delete_data_from_cache(ACL::CACHE_RIGHTS_BAS); $app->getAclForUser($user)->delete_data_from_cache(ACL::CACHE_RIGHTS_BAS);
} }
$n+=50; $n+=50;
} }
@@ -654,7 +654,7 @@ class collection implements cache_cacheableInterface
"modify_struct" => "1" "modify_struct" => "1"
]; ];
$this->app['acl']->get($user)->update_rights_to_base($base_id, $rights); $this->app->getAclForUser($user)->update_rights_to_base($base_id, $rights);
return true; return true;
} }

12
lib/classes/databox.php
View File

@@ -477,9 +477,9 @@ class databox extends base
while ($n < $total) { while ($n < $total) {
$results = $query->limit($n, 50)->execute()->get_results(); $results = $query->limit($n, 50)->execute()->get_results();
foreach ($results as $user) { foreach ($results as $user) {
$this->app['acl']->get($user)->delete_data_from_cache(ACL::CACHE_RIGHTS_SBAS); $this->app->getAclForUser($user)->delete_data_from_cache(ACL::CACHE_RIGHTS_SBAS);
$this->app['acl']->get($user)->delete_data_from_cache(ACL::CACHE_RIGHTS_BAS); $this->app->getAclForUser($user)->delete_data_from_cache(ACL::CACHE_RIGHTS_BAS);
$this->app['acl']->get($user)->delete_injected_rights_sbas($this); $this->app->getAclForUser($user)->delete_injected_rights_sbas($this);
} }
$n+=50; $n+=50;
} }
@@ -1038,7 +1038,7 @@ class databox extends base
{ {
$conn = $this->app['phraseanet.appbox']->get_connection(); $conn = $this->app['phraseanet.appbox']->get_connection();
$this->app['acl']->get($user) $this->app->getAclForUser($user)
->give_access_to_sbas([$this->id]) ->give_access_to_sbas([$this->id])
->update_rights_to_sbas( ->update_rights_to_sbas(
$this->id, [ $this->id, [
@@ -1073,9 +1073,9 @@ class databox extends base
} }
$stmt->closeCursor(); $stmt->closeCursor();
$this->app['acl']->get($user)->give_access_to_base($base_ids); $this->app->getAclForUser($user)->give_access_to_base($base_ids);
foreach ($base_ids as $base_id) { foreach ($base_ids as $base_id) {
$this->app['acl']->get($user)->update_rights_to_base($base_id, [ $this->app->getAclForUser($user)->update_rights_to_base($base_id, [
'canpush' => 1, 'cancmd' => 1 'canpush' => 1, 'cancmd' => 1
, 'canputinalbum' => 1, 'candwnldhd' => 1, 'candwnldpreview' => 1, 'canadmin' => 1 , 'canputinalbum' => 1, 'candwnldhd' => 1, 'candwnldpreview' => 1, 'canadmin' => 1
, 'actif' => 1, 'canreport' => 1, 'canaddrecord' => 1, 'canmodifrecord' => 1 , 'actif' => 1, 'canreport' => 1, 'canaddrecord' => 1, 'canmodifrecord' => 1

2
lib/classes/databox/cgu.php
View File

@@ -59,7 +59,7 @@ class databox_cgu
$userValidation = true; $userValidation = true;
if (! $home) { if (! $home) {
if ( ! $app['acl']->get($app->getAuthenticatedUser())->has_access_to_sbas($databox->get_sbas_id())) { if ( ! $app->getAclForUser($app->getAuthenticatedUser())->has_access_to_sbas($databox->get_sbas_id())) {
continue; continue;
} }
$userValidation = ($app['settings']->getUserSetting($app->getAuthenticatedUser(), 'terms_of_use_' . $databox->get_sbas_id()) !== $update && trim($value) !== ''); $userValidation = ($app['settings']->getUserSetting($app->getAuthenticatedUser(), 'terms_of_use_' . $databox->get_sbas_id()) !== $update && trim($value) !== '');

4
lib/classes/databox/status.php
View File

@@ -22,10 +22,10 @@ class databox_status
public static function getSearchStatus(Application $app) public static function getSearchStatus(Application $app)
{ {
$see_all = $structures = $stats = []; $see_all = $structures = $stats = [];
foreach ($app['acl']->get($app->getAuthenticatedUser())->get_granted_sbas() as $databox) { foreach ($app->getAclForUser($app->getAuthenticatedUser())->get_granted_sbas() as $databox) {
$see_all[$databox->get_sbas_id()] = false; $see_all[$databox->get_sbas_id()] = false;
foreach ($databox->get_collections() as $collection) { foreach ($databox->get_collections() as $collection) {
if ($app['acl']->get($app->getAuthenticatedUser())->has_right_on_base($collection->get_base_id(), 'chgstatus')) { if ($app->getAclForUser($app->getAuthenticatedUser())->has_right_on_base($collection->get_base_id(), 'chgstatus')) {
$see_all[$databox->get_sbas_id()] = true; $see_all[$databox->get_sbas_id()] = true;
break; break;
} }

2
lib/classes/eventsmanager/notify/autoregister.php
View File

@@ -73,6 +73,6 @@ class eventsmanager_notify_autoregister extends eventsmanager_notifyAbstract
return false; return false;
} }
return $this->app['acl']->get($user)->has_right('manageusers'); return $this->app->getAclForUser($user)->has_right('manageusers');
} }
} }

2
lib/classes/eventsmanager/notify/order.php
View File

@@ -75,6 +75,6 @@ class eventsmanager_notify_order extends eventsmanager_notifyAbstract
*/ */
public function is_available(User $user) public function is_available(User $user)
{ {
return $this->app['acl']->get($user)->has_right('order_master'); return $this->app->getAclForUser($user)->has_right('order_master');
} }
} }

2
lib/classes/eventsmanager/notify/register.php
View File

@@ -75,6 +75,6 @@ class eventsmanager_notify_register extends eventsmanager_notifyAbstract
return false; return false;
} }
return $this->app['acl']->get($user)->has_right('manageusers'); return $this->app->getAclForUser($user)->has_right('manageusers');
} }
} }

2
lib/classes/eventsmanager/notify/uploadquarantine.php
View File

@@ -79,6 +79,6 @@ class eventsmanager_notify_uploadquarantine extends eventsmanager_notifyAbstract
*/ */
public function is_available(User $user) public function is_available(User $user)
{ {
return $this->app['acl']->get($user)->has_right('addrecord'); return $this->app->getAclForUser($user)->has_right('addrecord');
} }
} }

2
lib/classes/eventsmanager/notify/validationdone.php
View File

@@ -90,6 +90,6 @@ class eventsmanager_notify_validationdone extends eventsmanager_notifyAbstract
*/ */
public function is_available(User $user) public function is_available(User $user)
{ {
return $this->app['acl']->get($user)->has_right('push'); return $this->app->getAclForUser($user)->has_right('push');
} }
} }

2
lib/classes/module/report/dashboard.php
View File

@@ -241,7 +241,7 @@ class module_report_dashboard implements module_report_dashboard_componentInterf
{ {
$all_coll = []; $all_coll = [];
$base_ids = $this->app['acl']->get($this->usr)->get_granted_base(['canreport']); $base_ids = $this->app->getAclForUser($this->usr)->get_granted_base(['canreport']);
foreach ($base_ids as $base_id => $collection) { foreach ($base_ids as $base_id => $collection) {
$databox = $collection->get_databox(); $databox = $collection->get_databox();

2
lib/classes/patch/320alpha4b.php
View File

@@ -212,7 +212,7 @@ class patch_320alpha4b extends patchAbstract
$app['orm.em']->flush(); $app['orm.em']->flush();
} elseif ($pub_restrict == 1) { } elseif ($pub_restrict == 1) {
$collections = $app['acl']->get($user)->get_granted_base(); $collections = $app->getAclForUser($user)->get_granted_base();
$collection = array_shift($collections); $collection = array_shift($collections);
if ( ! ($collection instanceof collection)) { if ( ! ($collection instanceof collection)) {
foreach ($appbox->get_databoxes() as $databox) { foreach ($appbox->get_databoxes() as $databox) {

14
lib/classes/record/exportElement.php
View File

@@ -102,17 +102,17 @@ class record_exportElement extends record_adapter
'thumbnail' => true 'thumbnail' => true
]; ];
if ($this->app['acl']->get($this->app->getAuthenticatedUser())->has_right_on_base($this->get_base_id(), 'candwnldhd')) { if ($this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_base($this->get_base_id(), 'candwnldhd')) {
$go_dl['document'] = true; $go_dl['document'] = true;
} }
if ($this->app['acl']->get($this->app->getAuthenticatedUser())->has_right_on_base($this->get_base_id(), 'candwnldpreview')) { if ($this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_base($this->get_base_id(), 'candwnldpreview')) {
$go_dl['preview'] = true; $go_dl['preview'] = true;
} }
if ($this->app['acl']->get($this->app->getAuthenticatedUser())->has_hd_grant($this)) { if ($this->app->getAclForUser($this->app->getAuthenticatedUser())->has_hd_grant($this)) {
$go_dl['document'] = true; $go_dl['document'] = true;
$go_dl['preview'] = true; $go_dl['preview'] = true;
} }
if ($this->app['acl']->get($this->app->getAuthenticatedUser())->has_preview_grant($this)) { if ($this->app->getAclForUser($this->app->getAuthenticatedUser())->has_preview_grant($this)) {
$go_dl['preview'] = true; $go_dl['preview'] = true;
} }
@@ -122,14 +122,14 @@ class record_exportElement extends record_adapter
->who_have_right(['order_master']) ->who_have_right(['order_master'])
->execute()->get_results(); ->execute()->get_results();
$go_cmd = (count($masters) > 0 && $this->app['acl']->get($this->app->getAuthenticatedUser())->has_right_on_base($this->base_id, 'cancmd')); $go_cmd = (count($masters) > 0 && $this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_base($this->base_id, 'cancmd'));
$orderable['document'] = false; $orderable['document'] = false;
$downloadable['document'] = false; $downloadable['document'] = false;
if (isset($sd['document']) && is_file($sd['document']->get_pathfile())) { if (isset($sd['document']) && is_file($sd['document']->get_pathfile())) {
if ($go_dl['document'] === true) { if ($go_dl['document'] === true) {
if ($this->app['acl']->get($this->app->getAuthenticatedUser())->is_restricted_download($this->base_id)) { if ($this->app->getAclForUser($this->app->getAuthenticatedUser())->is_restricted_download($this->base_id)) {
$this->remain_hd --; $this->remain_hd --;
if ($this->remain_hd >= 0) { if ($this->remain_hd >= 0) {
$localizedLabel = $this->app->trans('document original'); $localizedLabel = $this->app->trans('document original');
@@ -183,7 +183,7 @@ class record_exportElement extends record_adapter
if (isset($sd[$name]) && $sd[$name]->is_physically_present()) { if (isset($sd[$name]) && $sd[$name]->is_physically_present()) {
if ($class == 'document') { if ($class == 'document') {
if ($this->app['acl']->get($this->app->getAuthenticatedUser())->is_restricted_download($this->base_id)) { if ($this->app->getAclForUser($this->app->getAuthenticatedUser())->is_restricted_download($this->base_id)) {
$this->remain_hd --; $this->remain_hd --;
if ($this->remain_hd >= 0) if ($this->remain_hd >= 0)
$downloadable[$name] = [ $downloadable[$name] = [

8
lib/classes/record/preview.php
View File

@@ -325,7 +325,7 @@ class record_preview extends record_adapter
$tab = []; $tab = [];
$report = $this->app['acl']->get($this->app->getAuthenticatedUser())->has_right_on_base($this->get_base_id(), 'canreport'); $report = $this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_base($this->get_base_id(), 'canreport');
$databox = $this->app->findDataboxById($this->get_sbas_id()); $databox = $this->app->findDataboxById($this->get_sbas_id());
$connsbas = $databox->get_connection(); $connsbas = $databox->get_connection();
@@ -401,7 +401,7 @@ class record_preview extends record_adapter
return $this->view_popularity; return $this->view_popularity;
} }
$report = $this->app['acl']->get($this->app->getAuthenticatedUser())->has_right_on_base( $report = $this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_base(
$this->get_base_id(), 'canreport'); $this->get_base_id(), 'canreport');
if ( ! $report && ! $this->app['conf']->get(['registry', 'webservices', 'google-charts-enabled'])) { if ( ! $report && ! $this->app['conf']->get(['registry', 'webservices', 'google-charts-enabled'])) {
@@ -491,7 +491,7 @@ class record_preview extends record_adapter
return $this->refferer_popularity; return $this->refferer_popularity;
} }
$report = $this->app['acl']->get($this->app->getAuthenticatedUser())->has_right_on_base( $report = $this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_base(
$this->get_base_id(), 'canreport'); $this->get_base_id(), 'canreport');
if ( ! $report && ! $this->app['conf']->get(['registry', 'webservices', 'google-charts-enabled'])) { if ( ! $report && ! $this->app['conf']->get(['registry', 'webservices', 'google-charts-enabled'])) {
@@ -564,7 +564,7 @@ class record_preview extends record_adapter
return $this->download_popularity; return $this->download_popularity;
} }
$report = $this->app['acl']->get($this->app->getAuthenticatedUser())->has_right_on_base($this->get_base_id(), 'canreport'); $report = $this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_base($this->get_base_id(), 'canreport');
$ret = false; $ret = false;
if ( ! $report && ! $this->app['conf']->get(['registry', 'webservices', 'google-charts-enabled'])) { if ( ! $report && ! $this->app['conf']->get(['registry', 'webservices', 'google-charts-enabled'])) {

40
lib/classes/set/export.php
View File

@@ -66,8 +66,8 @@ class set_export extends set_abstract
$record_id = $basket_element->getRecord($this->app)->get_record_id(); $record_id = $basket_element->getRecord($this->app)->get_record_id();
if (!isset($remain_hd[$base_id])) { if (!isset($remain_hd[$base_id])) {
if ($app['acl']->get($app->getAuthenticatedUser())->is_restricted_download($base_id)) { if ($app->getAclForUser($app->getAuthenticatedUser())->is_restricted_download($base_id)) {
$remain_hd[$base_id] = $app['acl']->get($app->getAuthenticatedUser())->remaining_download($base_id); $remain_hd[$base_id] = $app->getAclForUser($app->getAuthenticatedUser())->remaining_download($base_id);
} else { } else {
$remain_hd[$base_id] = false; $remain_hd[$base_id] = false;
} }
@@ -106,8 +106,8 @@ class set_export extends set_abstract
$record_id = $child_basrec->get_record_id(); $record_id = $child_basrec->get_record_id();
if (!isset($remain_hd[$base_id])) { if (!isset($remain_hd[$base_id])) {
if ($app['acl']->get($app->getAuthenticatedUser())->is_restricted_download($base_id)) { if ($app->getAclForUser($app->getAuthenticatedUser())->is_restricted_download($base_id)) {
$remain_hd[$base_id] = $app['acl']->get($app->getAuthenticatedUser())->remaining_download($base_id); $remain_hd[$base_id] = $app->getAclForUser($app->getAuthenticatedUser())->remaining_download($base_id);
} else { } else {
$remain_hd[$base_id] = false; $remain_hd[$base_id] = false;
} }
@@ -129,8 +129,8 @@ class set_export extends set_abstract
$record_id = $record->get_record_id(); $record_id = $record->get_record_id();
if (!isset($remain_hd[$base_id])) { if (!isset($remain_hd[$base_id])) {
if ($app['acl']->get($app->getAuthenticatedUser())->is_restricted_download($base_id)) { if ($app->getAclForUser($app->getAuthenticatedUser())->is_restricted_download($base_id)) {
$remain_hd[$base_id] = $app['acl']->get($app->getAuthenticatedUser())->remaining_download($base_id); $remain_hd[$base_id] = $app->getAclForUser($app->getAuthenticatedUser())->remaining_download($base_id);
} else { } else {
$remain_hd[$base_id] = false; $remain_hd[$base_id] = false;
} }
@@ -164,7 +164,7 @@ class set_export extends set_abstract
$this->businessFieldsAccess = false; $this->businessFieldsAccess = false;
foreach ($this->elements as $download_element) { foreach ($this->elements as $download_element) {
if ($app['acl']->get($app->getAuthenticatedUser())->has_right_on_base($download_element->get_base_id(), 'canmodifrecord')) { if ($app->getAclForUser($app->getAuthenticatedUser())->has_right_on_base($download_element->get_base_id(), 'canmodifrecord')) {
$this->businessFieldsAccess = true; $this->businessFieldsAccess = true;
} }
@@ -216,11 +216,11 @@ class set_export extends set_abstract
$display_ftp = []; $display_ftp = [];
$hasadminright = $app['acl']->get($app->getAuthenticatedUser())->has_right('addrecord') $hasadminright = $app->getAclForUser($app->getAuthenticatedUser())->has_right('addrecord')
|| $app['acl']->get($app->getAuthenticatedUser())->has_right('deleterecord') || $app->getAclForUser($app->getAuthenticatedUser())->has_right('deleterecord')
|| $app['acl']->get($app->getAuthenticatedUser())->has_right('modifyrecord') || $app->getAclForUser($app->getAuthenticatedUser())->has_right('modifyrecord')
|| $app['acl']->get($app->getAuthenticatedUser())->has_right('coll_manage') || $app->getAclForUser($app->getAuthenticatedUser())->has_right('coll_manage')
|| $app['acl']->get($app->getAuthenticatedUser())->has_right('coll_modify_struct'); || $app->getAclForUser($app->getAuthenticatedUser())->has_right('coll_modify_struct');
$this->ftp_datas = []; $this->ftp_datas = [];
@@ -228,7 +228,7 @@ class set_export extends set_abstract
$display_ftp = $display_download; $display_ftp = $display_download;
$this->total_ftp = $this->total_download; $this->total_ftp = $this->total_download;
$lst_base_id = array_keys($app['acl']->get($app->getAuthenticatedUser())->get_granted_base()); $lst_base_id = array_keys($app->getAclForUser($app->getAuthenticatedUser())->get_granted_base());
if ($hasadminright) { if ($hasadminright) {
$sql = "SELECT Users.id AS usr_id ,Users.login AS usr_login ,Users.email AS usr_mail, FtpCredential.* $sql = "SELECT Users.id AS usr_id ,Users.login AS usr_login ,Users.email AS usr_mail, FtpCredential.*
@@ -429,7 +429,7 @@ class set_export extends set_abstract
$BF = false; $BF = false;
if ($includeBusinessFields && $this->app['acl']->get($user)->has_right_on_base($download_element->get_base_id(), 'canmodifrecord')) { if ($includeBusinessFields && $this->app->getAclForUser($user)->has_right_on_base($download_element->get_base_id(), 'canmodifrecord')) {
$BF = true; $BF = true;
} }
@@ -512,8 +512,8 @@ class set_export extends set_abstract
'path' => $sd[$name]->get_path() 'path' => $sd[$name]->get_path()
, 'file' => $sd[$name]->get_file() , 'file' => $sd[$name]->get_file()
]; ];
if (!$this->app['acl']->get($user)->has_right_on_base($download_element->get_base_id(), "nowatermark") if (!$this->app->getAclForUser($user)->has_right_on_base($download_element->get_base_id(), "nowatermark")
&& !$this->app['acl']->get($user)->has_preview_grant($download_element) && !$this->app->getAclForUser($user)->has_preview_grant($download_element)
&& $sd[$name]->get_type() == media_subdef::TYPE_IMAGE) { && $sd[$name]->get_type() == media_subdef::TYPE_IMAGE) {
$path = recordutils_image::watermark($this->app, $sd[$name]); $path = recordutils_image::watermark($this->app, $sd[$name]);
if (file_exists($path)) { if (file_exists($path)) {
@@ -776,7 +776,7 @@ class set_export extends set_abstract
$log["shortXml"] = $app['serializer.caption']->serialize($record_object->get_caption(), CaptionSerializer::SERIALIZE_XML); $log["shortXml"] = $app['serializer.caption']->serialize($record_object->get_caption(), CaptionSerializer::SERIALIZE_XML);
$tmplog[$record_object->get_base_id()][] = $log; $tmplog[$record_object->get_base_id()][] = $log;
if (!$anonymous && $o == 'document' && null !== $app->getAuthenticatedUser()) { if (!$anonymous && $o == 'document' && null !== $app->getAuthenticatedUser()) {
$app['acl']->get($app->getAuthenticatedUser())->remove_remaining($record_object->get_base_id()); $app->getAclForUser($app->getAuthenticatedUser())->remove_remaining($record_object->get_base_id());
} }
} }
@@ -794,11 +794,11 @@ class set_export extends set_abstract
$stmt = $app['phraseanet.appbox']->get_connection()->prepare($sql); $stmt = $app['phraseanet.appbox']->get_connection()->prepare($sql);
foreach ($list_base as $base_id) { foreach ($list_base as $base_id) {
if ($app['acl']->get($app->getAuthenticatedUser())->is_restricted_download($base_id)) { if ($app->getAclForUser($app->getAuthenticatedUser())->is_restricted_download($base_id)) {
$params = [ $params = [
':remain_dl' => $app['acl']->get($app->getAuthenticatedUser())->remaining_download($base_id) ':remain_dl' => $app->getAclForUser($app->getAuthenticatedUser())->remaining_download($base_id)
, ':base_id' => $base_id , ':base_id' => $base_id
, ':usr_id' => $app['acl']->get($app->getAuthenticatedUser())->getId() , ':usr_id' => $app->getAclForUser($app->getAuthenticatedUser())->getId()
]; ];
$stmt->execute($params); $stmt->execute($params);

14
lib/classes/set/selection.php
View File

@@ -57,26 +57,26 @@ class set_selection extends set_abstract
$sbas_id = $record->get_sbas_id(); $sbas_id = $record->get_sbas_id();
$record_id = $record->get_record_id(); $record_id = $record->get_record_id();
if (! $rights) { if (! $rights) {
if ($this->app['acl']->get($this->app->getAuthenticatedUser())->has_hd_grant($record)) { if ($this->app->getAclForUser($this->app->getAuthenticatedUser())->has_hd_grant($record)) {
continue; continue;
} }
if ($this->app['acl']->get($this->app->getAuthenticatedUser())->has_preview_grant($record)) { if ($this->app->getAclForUser($this->app->getAuthenticatedUser())->has_preview_grant($record)) {
continue; continue;
} }
if ( ! $this->app['acl']->get($this->app->getAuthenticatedUser())->has_access_to_base($base_id)) { if ( ! $this->app->getAclForUser($this->app->getAuthenticatedUser())->has_access_to_base($base_id)) {
$to_remove[] = $id; $to_remove[] = $id;
continue; continue;
} }
} else { } else {
foreach ($rights as $right) { foreach ($rights as $right) {
if ( ! $this->app['acl']->get($this->app->getAuthenticatedUser())->has_right_on_base($base_id, $right)) { if ( ! $this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_base($base_id, $right)) {
$to_remove[] = $id; $to_remove[] = $id;
continue; continue;
} }
} }
foreach ($sbas_rights as $right) { foreach ($sbas_rights as $right) {
if ( ! $this->app['acl']->get($this->app->getAuthenticatedUser())->has_right_on_sbas($sbas_id, $right)) { if ( ! $this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_sbas($sbas_id, $right)) {
$to_remove[] = $id; $to_remove[] = $id;
continue; continue;
} }
@@ -88,8 +88,8 @@ class set_selection extends set_abstract
$sql = 'SELECT record_id $sql = 'SELECT record_id
FROM record FROM record
WHERE ((status ^ ' . $this->app['acl']->get($this->app->getAuthenticatedUser())->get_mask_xor($base_id) . ') WHERE ((status ^ ' . $this->app->getAclForUser($this->app->getAuthenticatedUser())->get_mask_xor($base_id) . ')
& ' . $this->app['acl']->get($this->app->getAuthenticatedUser())->get_mask_and($base_id) . ')=0 & ' . $this->app->getAclForUser($this->app->getAuthenticatedUser())->get_mask_and($base_id) . ')=0
AND record_id = :record_id'; AND record_id = :record_id';
$stmt = $connsbas->prepare($sql); $stmt = $connsbas->prepare($sql);

2
tests/Alchemy/Tests/Phrasea/Authentication/ACLProviderTest.php
View File

@@ -10,7 +10,7 @@ class ACLProviderTest extends \PhraseanetTestCase
{ {
public function testGetACL() public function testGetACL()
{ {
$acl = self::$DI['app']['acl']->get(self::$DI['user']); $acl = self::$DI['app']->getAclForUser(self::$DI['user']);
$this->assertInstanceOf('\ACL', $acl); $this->assertInstanceOf('\ACL', $acl);
} }

2
tests/Alchemy/Tests/Phrasea/Controller/Admin/AdminCollectionTest.php
View File

@@ -281,7 +281,7 @@ class AdminCollectionTest extends \PhraseanetAuthenticatedWebTestCase
$this->checkRedirection(self::$DI['client']->getResponse(), '/admin/collection/' . self::$DI['collection']->get_base_id() . '/?success=1'); $this->checkRedirection(self::$DI['client']->getResponse(), '/admin/collection/' . self::$DI['collection']->get_base_id() . '/?success=1');
$this->assertTrue(self::$DI['app']['acl']->get(self::$DI['user_alt1'])->has_right_on_base(self::$DI['collection']->get_base_id(), 'order_master')); $this->assertTrue(self::$DI['app']->getAclForUser(self::$DI['user_alt1'])->has_right_on_base(self::$DI['collection']->get_base_id(), 'order_master'));
} }
/** /**

6
tests/Alchemy/Tests/Phrasea/Controller/Admin/PublicationTest.php
View File

@@ -25,7 +25,7 @@ class PublicationTest extends \PhraseanetAuthenticatedWebTestCase
$crawler = self::$DI['client']->request('GET', '/admin/publications/list/'); $crawler = self::$DI['client']->request('GET', '/admin/publications/list/');
$pageContent = self::$DI['client']->getResponse()->getContent(); $pageContent = self::$DI['client']->getResponse()->getContent();
$this->assertTrue(self::$DI['client']->getResponse()->isOk()); $this->assertTrue(self::$DI['client']->getResponse()->isOk());
$feeds = self::$DI['app']['orm.em']->getRepository('Phraseanet:Feed')->getAllForUser(self::$DI['app']['acl']->get(self::$DI['user'])); $feeds = self::$DI['app']['orm.em']->getRepository('Phraseanet:Feed')->getAllForUser(self::$DI['app']->getAclForUser(self::$DI['user']));
foreach ($feeds as $feed) { foreach ($feeds as $feed) {
$this->assertRegExp('/\/admin\/publications\/feed\/' . $feed->getId() . '/', $pageContent); $this->assertRegExp('/\/admin\/publications\/feed\/' . $feed->getId() . '/', $pageContent);
@@ -40,14 +40,14 @@ class PublicationTest extends \PhraseanetAuthenticatedWebTestCase
public function testCreate() public function testCreate()
{ {
$feeds = self::$DI['app']['orm.em']->getRepository('Phraseanet:Feed')->getAllForUser(self::$DI['app']['acl']->get(self::$DI['user'])); $feeds = self::$DI['app']['orm.em']->getRepository('Phraseanet:Feed')->getAllForUser(self::$DI['app']->getAclForUser(self::$DI['user']));
$count = sizeof($feeds); $count = sizeof($feeds);
$crawler = self::$DI['client']->request('POST', '/admin/publications/create/', ["title" => "hello", "subtitle" => "coucou", "base_id" => self::$DI['collection']->get_base_id()]); $crawler = self::$DI['client']->request('POST', '/admin/publications/create/', ["title" => "hello", "subtitle" => "coucou", "base_id" => self::$DI['collection']->get_base_id()]);
$this->assertTrue(self::$DI['client']->getResponse()->isRedirect('/admin/publications/list/')); $this->assertTrue(self::$DI['client']->getResponse()->isRedirect('/admin/publications/list/'));
$feeds = self::$DI['app']['orm.em']->getRepository('Phraseanet:Feed')->getAllForUser(self::$DI['app']['acl']->get(self::$DI['user'])); $feeds = self::$DI['app']['orm.em']->getRepository('Phraseanet:Feed')->getAllForUser(self::$DI['app']->getAclForUser(self::$DI['user']));
$count_after = sizeof($feeds); $count_after = sizeof($feeds);
$this->assertGreaterThan($count, $count_after); $this->assertGreaterThan($count, $count_after);
} }

26
tests/Alchemy/Tests/Phrasea/Controller/Admin/UsersTest.php
View File

@@ -69,9 +69,9 @@ class UsersTest extends \PhraseanetAuthenticatedWebTestCase
$datas = json_decode($response->getContent()); $datas = json_decode($response->getContent());
$this->assertFalse($datas->error); $this->assertFalse($datas->error);
$this->assertTrue(self::$DI['app']['acl']->get($user)->has_right_on_base(self::$DI['collection']->get_base_id(), "manage")); $this->assertTrue(self::$DI['app']->getAclForUser($user)->has_right_on_base(self::$DI['collection']->get_base_id(), "manage"));
$this->assertTrue(self::$DI['app']['acl']->get($user)->has_right_on_base(self::$DI['collection']->get_base_id(), "canpush")); $this->assertTrue(self::$DI['app']->getAclForUser($user)->has_right_on_base(self::$DI['collection']->get_base_id(), "canpush"));
$this->assertTrue(self::$DI['app']['acl']->get($user)->has_right_on_base(self::$DI['collection']->get_base_id(), "canreport")); $this->assertTrue(self::$DI['app']->getAclForUser($user)->has_right_on_base(self::$DI['collection']->get_base_id(), "canreport"));
self::$DI['app']['orm.em']->refresh($user); self::$DI['app']['orm.em']->refresh($user);
self::$DI['app']['manipulator.user']->delete($user); self::$DI['app']['manipulator.user']->delete($user);
@@ -94,7 +94,7 @@ class UsersTest extends \PhraseanetAuthenticatedWebTestCase
public function testRouteQuota() public function testRouteQuota()
{ {
$keys = array_keys(self::$DI['app']['acl']->get(self::$DI['user'])->get_granted_base()); $keys = array_keys(self::$DI['app']->getAclForUser(self::$DI['user'])->get_granted_base());
$base_id = array_pop($keys); $base_id = array_pop($keys);
$params = ['base_id' => $base_id, 'users' => self::$DI['user']->getId()]; $params = ['base_id' => $base_id, 'users' => self::$DI['user']->getId()];
self::$DI['client']->request('POST', '/admin/users/rights/quotas/', $params); self::$DI['client']->request('POST', '/admin/users/rights/quotas/', $params);
@@ -114,7 +114,7 @@ class UsersTest extends \PhraseanetAuthenticatedWebTestCase
public function testRouteQuotaRemove() public function testRouteQuotaRemove()
{ {
$keys = array_keys(self::$DI['app']['acl']->get(self::$DI['user'])->get_granted_base()); $keys = array_keys(self::$DI['app']->getAclForUser(self::$DI['user'])->get_granted_base());
$base_id = array_pop($keys); $base_id = array_pop($keys);
$params = ['base_id' => $base_id, 'users' => self::$DI['user']->getId()]; $params = ['base_id' => $base_id, 'users' => self::$DI['user']->getId()];
@@ -125,7 +125,7 @@ class UsersTest extends \PhraseanetAuthenticatedWebTestCase
public function testRouteRightTime() public function testRouteRightTime()
{ {
$keys = array_keys(self::$DI['app']['acl']->get(self::$DI['user'])->get_granted_base()); $keys = array_keys(self::$DI['app']->getAclForUser(self::$DI['user'])->get_granted_base());
$base_id = array_pop($keys); $base_id = array_pop($keys);
$params = ['base_id' => $base_id, 'users' => self::$DI['user']->getId()]; $params = ['base_id' => $base_id, 'users' => self::$DI['user']->getId()];
@@ -188,7 +188,7 @@ class UsersTest extends \PhraseanetAuthenticatedWebTestCase
public function testRouteRightMask() public function testRouteRightMask()
{ {
$keys = array_keys(self::$DI['app']['acl']->get(self::$DI['user'])->get_granted_base()); $keys = array_keys(self::$DI['app']->getAclForUser(self::$DI['user'])->get_granted_base());
$base_id = array_pop($keys); $base_id = array_pop($keys);
$params = ['base_id' => $base_id, 'users' => self::$DI['user']->getId()]; $params = ['base_id' => $base_id, 'users' => self::$DI['user']->getId()];
@@ -333,7 +333,7 @@ class UsersTest extends \PhraseanetAuthenticatedWebTestCase
{ {
$user = self::$DI['app']['manipulator.user']->createUser(uniqid('user_'), "test"); $user = self::$DI['app']['manipulator.user']->createUser(uniqid('user_'), "test");
self::$DI['app']['acl']->get($user)->give_access_to_sbas(array_keys(self::$DI['app']->getDataboxes())); self::$DI['app']->getAclForUser($user)->give_access_to_sbas(array_keys(self::$DI['app']->getDataboxes()));
foreach (self::$DI['app']->getDataboxes() as $databox) { foreach (self::$DI['app']->getDataboxes() as $databox) {
@@ -344,11 +344,11 @@ class UsersTest extends \PhraseanetAuthenticatedWebTestCase
, 'bas_chupub' => '1' , 'bas_chupub' => '1'
]; ];
self::$DI['app']['acl']->get($user)->update_rights_to_sbas($databox->get_sbas_id(), $rights); self::$DI['app']->getAclForUser($user)->update_rights_to_sbas($databox->get_sbas_id(), $rights);
foreach ($databox->get_collections() as $collection) { foreach ($databox->get_collections() as $collection) {
$base_id = $collection->get_base_id(); $base_id = $collection->get_base_id();
self::$DI['app']['acl']->get($user)->give_access_to_base([$base_id]); self::$DI['app']->getAclForUser($user)->give_access_to_base([$base_id]);
$rights = [ $rights = [
'canputinalbum' => '1' 'canputinalbum' => '1'
@@ -357,7 +357,7 @@ class UsersTest extends \PhraseanetAuthenticatedWebTestCase
, 'nowatermark' => '1' , 'nowatermark' => '1'
]; ];
self::$DI['app']['acl']->get($user)->update_rights_to_base($collection->get_base_id(), $rights); self::$DI['app']->getAclForUser($user)->update_rights_to_base($collection->get_base_id(), $rights);
break; break;
} }
} }
@@ -369,7 +369,7 @@ class UsersTest extends \PhraseanetAuthenticatedWebTestCase
$datas = json_decode($response->getContent()); $datas = json_decode($response->getContent());
$this->assertTrue(is_object($datas)); $this->assertTrue(is_object($datas));
$this->assertFalse($datas->error); $this->assertFalse($datas->error);
$this->assertFalse(self::$DI['app']['acl']->get($user)->has_access_to_base($base_id)); $this->assertFalse(self::$DI['app']->getAclForUser($user)->has_access_to_base($base_id));
self::$DI['app']['manipulator.user']->delete($user); self::$DI['app']['manipulator.user']->delete($user);
} }
@@ -436,7 +436,7 @@ class UsersTest extends \PhraseanetAuthenticatedWebTestCase
// create a template // create a template
if (null === self::$DI['app']['repo.users']->findByLogin('csv_template')) { if (null === self::$DI['app']['repo.users']->findByLogin('csv_template')) {
$user = self::$DI['app']['manipulator.user']->createTemplate('csv_template', self::$DI['app']->getAuthenticatedUser()); $user = self::$DI['app']['manipulator.user']->createTemplate('csv_template', self::$DI['app']->getAuthenticatedUser());
self::$DI['app']['acl']->get($user)->update_rights_to_base(self::$DI['collection']->get_base_id(), ['actif'=> 1]); self::$DI['app']->getAclForUser($user)->update_rights_to_base(self::$DI['collection']->get_base_id(), ['actif'=> 1]);
} }
$nativeQueryMock = $this->getMockBuilder('Alchemy\Phrasea\Model\NativeQueryProvider') $nativeQueryMock = $this->getMockBuilder('Alchemy\Phrasea\Model\NativeQueryProvider')

6
tests/Alchemy/Tests/Phrasea/Controller/Api/ApiTestCase.php
View File

@@ -973,7 +973,7 @@ abstract class ApiTestCase extends \PhraseanetWebTestCase
{ {
$this->setToken($this->userAccessToken); $this->setToken($this->userAccessToken);
self::$DI['app']['acl']->get(self::$DI['user_notAdmin'])->update_rights_to_base(self::$DI['collection']->get_base_id(), array( self::$DI['app']->getAclForUser(self::$DI['user_notAdmin'])->update_rights_to_base(self::$DI['collection']->get_base_id(), array(
'candwnldpreview' => 1, 'candwnldpreview' => 1,
'candwnldhd' => 1 'candwnldhd' => 1
)); ));
@@ -1011,7 +1011,7 @@ abstract class ApiTestCase extends \PhraseanetWebTestCase
{ {
$this->setToken($this->userAccessToken); $this->setToken($this->userAccessToken);
self::$DI['app']['acl']->get(self::$DI['user_notAdmin'])->update_rights_to_base(self::$DI['collection']->get_base_id(), array( self::$DI['app']->getAclForUser(self::$DI['user_notAdmin'])->update_rights_to_base(self::$DI['collection']->get_base_id(), array(
'candwnldpreview' => 1, 'candwnldpreview' => 1,
'candwnldhd' => 0 'candwnldhd' => 0
)); ));
@@ -1035,7 +1035,7 @@ abstract class ApiTestCase extends \PhraseanetWebTestCase
{ {
$this->setToken($this->userAccessToken); $this->setToken($this->userAccessToken);
self::$DI['app']['acl']->get(self::$DI['user_notAdmin'])->update_rights_to_base(self::$DI['collection']->get_base_id(), array( self::$DI['app']->getAclForUser(self::$DI['user_notAdmin'])->update_rights_to_base(self::$DI['collection']->get_base_id(), array(
'candwnldpreview' => 0, 'candwnldpreview' => 0,
'candwnldhd' => 0 'candwnldhd' => 0
)); ));

6
tests/Alchemy/Tests/Phrasea/Controller/Prod/FeedTest.php
View File

@@ -18,7 +18,7 @@ class FeedTest extends \PhraseanetAuthenticatedWebTestCase
{ {
$crawler = self::$DI['client']->request('POST', '/prod/feeds/requestavailable/'); $crawler = self::$DI['client']->request('POST', '/prod/feeds/requestavailable/');
$this->assertTrue(self::$DI['client']->getResponse()->isOk()); $this->assertTrue(self::$DI['client']->getResponse()->isOk());
$feeds = self::$DI['app']['orm.em']->getRepository('Phraseanet:Feed')->getAllForUser(self::$DI['app']['acl']->get(self::$DI['user'])); $feeds = self::$DI['app']['orm.em']->getRepository('Phraseanet:Feed')->getAllForUser(self::$DI['app']->getAclForUser(self::$DI['user']));
foreach ($feeds as $one_feed) { foreach ($feeds as $one_feed) {
if ($one_feed->isPublisher(self::$DI['user'])) { if ($one_feed->isPublisher(self::$DI['user'])) {
$this->assertEquals(1, $crawler->filterXPath("//input[@value='" . $one_feed->getId() . "' and @name='feed_proposal[]']")->count()); $this->assertEquals(1, $crawler->filterXPath("//input[@value='" . $one_feed->getId() . "' and @name='feed_proposal[]']")->count());
@@ -338,7 +338,7 @@ class FeedTest extends \PhraseanetAuthenticatedWebTestCase
{ {
$crawler = self::$DI['client']->request('GET', '/prod/feeds/'); $crawler = self::$DI['client']->request('GET', '/prod/feeds/');
$this->assertTrue(self::$DI['client']->getResponse()->isOk()); $this->assertTrue(self::$DI['client']->getResponse()->isOk());
$feeds = self::$DI['app']['orm.em']->getRepository('Phraseanet:Feed')->getAllForUser(self::$DI['app']['acl']->get(self::$DI['user'])); $feeds = self::$DI['app']['orm.em']->getRepository('Phraseanet:Feed')->getAllForUser(self::$DI['app']->getAclForUser(self::$DI['user']));
foreach ($feeds as $one_feed) { foreach ($feeds as $one_feed) {
$path = CssSelector::toXPath("ul.submenu a[href='/prod/feeds/feed/" . $one_feed->getId() . "/']"); $path = CssSelector::toXPath("ul.submenu a[href='/prod/feeds/feed/" . $one_feed->getId() . "/']");
@@ -355,7 +355,7 @@ class FeedTest extends \PhraseanetAuthenticatedWebTestCase
public function testGetFeed() public function testGetFeed()
{ {
$feed = self::$DI['app']['orm.em']->find('Phraseanet:Feed', 1); $feed = self::$DI['app']['orm.em']->find('Phraseanet:Feed', 1);
$feeds = self::$DI['app']['orm.em']->getRepository('Phraseanet:Feed')->getAllForUser(self::$DI['app']['acl']->get(self::$DI['user'])); $feeds = self::$DI['app']['orm.em']->getRepository('Phraseanet:Feed')->getAllForUser(self::$DI['app']->getAclForUser(self::$DI['user']));
$crawler = self::$DI['client']->request('GET', '/prod/feeds/feed/' . $feed->getId() . "/"); $crawler = self::$DI['client']->request('GET', '/prod/feeds/feed/' . $feed->getId() . "/");
foreach ($feeds as $one_feed) { foreach ($feeds as $one_feed) {

2
tests/Alchemy/Tests/Phrasea/Controller/Prod/QueryTest.php
View File

@@ -46,7 +46,7 @@ class QueryTest extends \PhraseanetAuthenticatedWebTestCase
self::$DI['record_2']; self::$DI['record_2'];
$options = new SearchEngineOptions(); $options = new SearchEngineOptions();
$options->onCollections(self::$DI['app']['acl']->get(self::$DI['app']->getAuthenticatedUser())->get_granted_base()); $options->onCollections(self::$DI['app']->getAclForUser(self::$DI['app']->getAuthenticatedUser())->get_granted_base());
$serializedOptions = $options->serialize(); $serializedOptions = $options->serialize();
self::$DI['client']->request('POST', '/prod/query/answer-train/', [ self::$DI['client']->request('POST', '/prod/query/answer-train/', [

2
tests/Alchemy/Tests/Phrasea/Controller/Prod/RecordsTest.php
View File

@@ -122,7 +122,7 @@ class RecordsTest extends \PhraseanetAuthenticatedWebTestCase
self::$DI['record_1']; self::$DI['record_1'];
$options = new SearchEngineOptions(); $options = new SearchEngineOptions();
$acl = self::$DI['app']['acl']->get(self::$DI['app']->getAuthenticatedUser()); $acl = self::$DI['app']->getAclForUser(self::$DI['app']->getAuthenticatedUser());
$options->onCollections($acl->get_granted_base()); $options->onCollections($acl->get_granted_base());
$serializedOptions = $options->serialize(); $serializedOptions = $options->serialize();

4
tests/Alchemy/Tests/Phrasea/Controller/Prod/StoryTest.php
View File

@@ -17,7 +17,7 @@ class StoryTest extends \PhraseanetAuthenticatedWebTestCase
self::$DI['app']['phraseanet.SE'] = $this->createSearchEngineMock(); self::$DI['app']['phraseanet.SE'] = $this->createSearchEngineMock();
$route = "/prod/story/"; $route = "/prod/story/";
$collections = self::$DI['app']['acl']->get(self::$DI['app']->getAuthenticatedUser()) $collections = self::$DI['app']->getAclForUser(self::$DI['app']->getAuthenticatedUser())
->get_granted_base(['canaddrecord']); ->get_granted_base(['canaddrecord']);
$collection = array_shift($collections); $collection = array_shift($collections);
@@ -46,7 +46,7 @@ class StoryTest extends \PhraseanetAuthenticatedWebTestCase
{ {
$route = "/prod/story/"; $route = "/prod/story/";
$collections = self::$DI['app']['acl']->get(self::$DI['app']->getAuthenticatedUser()) $collections = self::$DI['app']->getAclForUser(self::$DI['app']->getAuthenticatedUser())
->get_granted_base(['canaddrecord']); ->get_granted_base(['canaddrecord']);
$collection = array_shift($collections); $collection = array_shift($collections);

2
tests/Alchemy/Tests/Phrasea/Controller/Prod/TOUTest.php
View File

@@ -54,7 +54,7 @@ class TOUTest extends \PhraseanetAuthenticatedWebTestCase
unset($response, $databoxes); unset($response, $databoxes);
foreach ($databox->get_collections() as $collection) { foreach ($databox->get_collections() as $collection) {
$this->assertFalse(self::$DI['app']['acl']->get(self::$DI['user_alt2'])->has_access_to_base($collection->get_base_id())); $this->assertFalse(self::$DI['app']->getAclForUser(self::$DI['user_alt2'])->has_access_to_base($collection->get_base_id()));
} }
} }

4
tests/Alchemy/Tests/Phrasea/Controller/RecordsRequestTest.php
View File

@@ -78,7 +78,7 @@ class RecordsRequestTest extends \PhraseanetAuthenticatedTestCase
public function testSimpleWithoutSbasRights() public function testSimpleWithoutSbasRights()
{ {
self::$DI['app']['acl']->get(self::$DI['app']->getAuthenticatedUser()) self::$DI['app']->getAclForUser(self::$DI['app']->getAuthenticatedUser())
->update_rights_to_sbas(self::$DI['record_2']->get_sbas_id(), ['bas_chupub' => 0]); ->update_rights_to_sbas(self::$DI['record_2']->get_sbas_id(), ['bas_chupub' => 0]);
$request = new Request([ $request = new Request([
@@ -104,7 +104,7 @@ class RecordsRequestTest extends \PhraseanetAuthenticatedTestCase
public function testSimpleWithoutBasRights() public function testSimpleWithoutBasRights()
{ {
self::$DI['app']['acl']->get(self::$DI['app']->getAuthenticatedUser()) self::$DI['app']->getAclForUser(self::$DI['app']->getAuthenticatedUser())
->update_rights_to_base(self::$DI['record_2']->get_base_id(), ['chgstatus' => 0]); ->update_rights_to_base(self::$DI['record_2']->get_base_id(), ['chgstatus' => 0]);
$request = new Request([ $request = new Request([

8
tests/Alchemy/Tests/Phrasea/Controller/Root/LoginTest.php
View File

@@ -243,7 +243,7 @@ class LoginTest extends \PhraseanetAuthenticatedWebTestCase
$revokeBases[] = $collection->get_base_id(); $revokeBases[] = $collection->get_base_id();
} }
} }
self::$DI['app']['acl']->get($user)->revoke_access_from_bases($revokeBases); self::$DI['app']->getAclForUser($user)->revoke_access_from_bases($revokeBases);
$this->deleteRequest(); $this->deleteRequest();
self::$DI['client']->request('GET', '/login/register-confirm/', ['code' => $token->getValue()]); self::$DI['client']->request('GET', '/login/register-confirm/', ['code' => $token->getValue()]);
@@ -1287,7 +1287,7 @@ class LoginTest extends \PhraseanetAuthenticatedWebTestCase
*/ */
public function testGuestAuthenticate() public function testGuestAuthenticate()
{ {
self::$DI['app']['acl']->get(self::$DI['user_guest'])->give_access_to_base([self::$DI['collection']->get_base_id()]); self::$DI['app']->getAclForUser(self::$DI['user_guest'])->give_access_to_base([self::$DI['collection']->get_base_id()]);
$this->logout(self::$DI['app']); $this->logout(self::$DI['app']);
@@ -1314,7 +1314,7 @@ class LoginTest extends \PhraseanetAuthenticatedWebTestCase
$this->assertEquals($context, $event->getContext()->getContext()); $this->assertEquals($context, $event->getContext()->getContext());
}); });
self::$DI['app']['acl']->get(self::$DI['user_guest'])->give_access_to_base([self::$DI['collection']->get_base_id()]); self::$DI['app']->getAclForUser(self::$DI['user_guest'])->give_access_to_base([self::$DI['collection']->get_base_id()]);
$this->logout(self::$DI['app']); $this->logout(self::$DI['app']);
@@ -1329,7 +1329,7 @@ class LoginTest extends \PhraseanetAuthenticatedWebTestCase
*/ */
public function testGuestAuthenticateWithGetMethod() public function testGuestAuthenticateWithGetMethod()
{ {
self::$DI['app']['acl']->get(self::$DI['user_guest'])->give_access_to_base([self::$DI['collection']->get_base_id()]); self::$DI['app']->getAclForUser(self::$DI['user_guest'])->give_access_to_base([self::$DI['collection']->get_base_id()]);
$this->logout(self::$DI['app']); $this->logout(self::$DI['app']);
$this->set_user_agent(self::USER_AGENT_FIREFOX8MAC, self::$DI['app']); $this->set_user_agent(self::USER_AGENT_FIREFOX8MAC, self::$DI['app']);

4
tests/Alchemy/Tests/Phrasea/Model/Manipulator/ACLManipulatorTest.php
View File

@@ -11,7 +11,7 @@ class ACLManipulatorTest extends \PhraseanetTestCase
public function testResetAdminRights() public function testResetAdminRights()
{ {
$user = self::$DI['app']['manipulator.user']->createUser(uniqid('toto'), 'toto', null, true); $user = self::$DI['app']['manipulator.user']->createUser(uniqid('toto'), 'toto', null, true);
$acl = self::$DI['app']['acl']->get($user); $acl = self::$DI['app']->getAclForUser($user);
$databoxId = null; $databoxId = null;
$baseId = null; $baseId = null;
@@ -59,7 +59,7 @@ class ACLManipulatorTest extends \PhraseanetTestCase
self::$DI['app']['manipulator.acl']->resetAdminRights($user); self::$DI['app']['manipulator.acl']->resetAdminRights($user);
self::$DI['app']['acl']->purge(); self::$DI['app']['acl']->purge();
$acl = self::$DI['app']['acl']->get($user); $acl = self::$DI['app']->getAclForUser($user);
if ($baseId === null) { if ($baseId === null) {
$this->fail("Need at least one collection"); $this->fail("Need at least one collection");

22
tests/classes/ACLTest.php
View File

@@ -14,7 +14,7 @@ class ACLTest extends \PhraseanetTestCase
parent::setUp(); parent::setUp();
self::resetUsersRights(self::$DI['app'], self::$DI['user']); self::resetUsersRights(self::$DI['app'], self::$DI['user']);
$this->object = self::$DI['app']['acl']->get(self::$DI['user']); $this->object = self::$DI['app']->getAclForUser(self::$DI['user']);
} }
public function tearDown() public function tearDown()
@@ -60,42 +60,42 @@ class ACLTest extends \PhraseanetTestCase
public function testApplyModel() public function testApplyModel()
{ {
$base_ids = [self::$DI['collection']->get_base_id()]; $base_ids = [self::$DI['collection']->get_base_id()];
self::$DI['app']['acl']->get(self::$DI['user_template'])->give_access_to_base($base_ids); self::$DI['app']->getAclForUser(self::$DI['user_template'])->give_access_to_base($base_ids);
foreach ($base_ids as $base_id) { foreach ($base_ids as $base_id) {
self::$DI['app']['acl']->get(self::$DI['user_template'])->set_limits($base_id, 0); self::$DI['app']->getAclForUser(self::$DI['user_template'])->set_limits($base_id, 0);
} }
self::$DI['app']['acl']->get(self::$DI['user_1'])->apply_model(self::$DI['user_template'], $base_ids); self::$DI['app']->getAclForUser(self::$DI['user_1'])->apply_model(self::$DI['user_template'], $base_ids);
foreach ($base_ids as $base_id) { foreach ($base_ids as $base_id) {
$this->assertTrue(self::$DI['app']['acl']->get(self::$DI['user_1'])->has_access_to_base($base_id)); $this->assertTrue(self::$DI['app']->getAclForUser(self::$DI['user_1'])->has_access_to_base($base_id));
} }
foreach ($base_ids as $base_id) { foreach ($base_ids as $base_id) {
$this->assertNull(self::$DI['app']['acl']->get(self::$DI['user_1'])->get_limits($base_id)); $this->assertNull(self::$DI['app']->getAclForUser(self::$DI['user_1'])->get_limits($base_id));
} }
} }
public function testApplyModelWithTimeLimit() public function testApplyModelWithTimeLimit()
{ {
$base_ids = [self::$DI['collection']->get_base_id()]; $base_ids = [self::$DI['collection']->get_base_id()];
self::$DI['app']['acl']->get(self::$DI['user_template'])->give_access_to_base($base_ids); self::$DI['app']->getAclForUser(self::$DI['user_template'])->give_access_to_base($base_ids);
$limit_from = new \DateTime('-1 day'); $limit_from = new \DateTime('-1 day');
$limit_to = new \DateTime('+1 day'); $limit_to = new \DateTime('+1 day');
foreach ($base_ids as $base_id) { foreach ($base_ids as $base_id) {
self::$DI['app']['acl']->get(self::$DI['user_template'])->set_limits($base_id, 1, $limit_from, $limit_to); self::$DI['app']->getAclForUser(self::$DI['user_template'])->set_limits($base_id, 1, $limit_from, $limit_to);
} }
self::$DI['app']['acl']->get(self::$DI['user_2'])->apply_model(self::$DI['user_template'], $base_ids); self::$DI['app']->getAclForUser(self::$DI['user_2'])->apply_model(self::$DI['user_template'], $base_ids);
foreach ($base_ids as $base_id) { foreach ($base_ids as $base_id) {
$this->assertTrue(self::$DI['app']['acl']->get(self::$DI['user_2'])->has_access_to_base($base_id)); $this->assertTrue(self::$DI['app']->getAclForUser(self::$DI['user_2'])->has_access_to_base($base_id));
} }
foreach ($base_ids as $base_id) { foreach ($base_ids as $base_id) {
$this->assertEquals(['dmin' => $limit_from, 'dmax' => $limit_to], self::$DI['app']['acl']->get(self::$DI['user_2'])->get_limits($base_id)); $this->assertEquals(['dmin' => $limit_from, 'dmax' => $limit_to], self::$DI['app']->getAclForUser(self::$DI['user_2'])->get_limits($base_id));
} }
} }

2
tests/classes/PhraseanetAuthenticatedWebTestCase.php
View File

@@ -119,7 +119,7 @@ abstract class PhraseanetAuthenticatedWebTestCase extends \PhraseanetAuthenticat
, 'bas_chupub' => '1' , 'bas_chupub' => '1'
]; ];
$app['acl']->get($app->getAuthenticatedUser())->update_rights_to_sbas($databox->get_sbas_id(), $rights); $app->getAclForUser($app->getAuthenticatedUser())->update_rights_to_sbas($databox->get_sbas_id(), $rights);
$databox->registerAdmin($app->getAuthenticatedUser()); $databox->registerAdmin($app->getAuthenticatedUser());

32
tests/classes/PhraseanetTestCase.php
View File

@@ -457,9 +457,9 @@ abstract class PhraseanetTestCase extends WebTestCase
switch ($user->getId()) { switch ($user->getId()) {
case self::$fixtureIds['user']['test_phpunit']: case self::$fixtureIds['user']['test_phpunit']:
self::giveRightsToUser($app, $user); self::giveRightsToUser($app, $user);
$app['acl']->get($user)->set_admin(true); $app->getAclForUser($user)->set_admin(true);
$app['acl']->get($user)->revoke_access_from_bases([self::$DI['collection_no_access']->get_base_id()]); $app->getAclForUser($user)->revoke_access_from_bases([self::$DI['collection_no_access']->get_base_id()]);
$app['acl']->get($user)->set_masks_on_base(self::$DI['collection_no_access_by_status']->get_base_id(), '00000000000000000000000000010000', '00000000000000000000000000010000', '00000000000000000000000000010000', '00000000000000000000000000010000'); $app->getAclForUser($user)->set_masks_on_base(self::$DI['collection_no_access_by_status']->get_base_id(), '00000000000000000000000000010000', '00000000000000000000000000010000', '00000000000000000000000000010000', '00000000000000000000000000010000');
break; break;
case self::$fixtureIds['user']['user_1']: case self::$fixtureIds['user']['user_1']:
case self::$fixtureIds['user']['user_2']: case self::$fixtureIds['user']['user_2']:
@@ -469,9 +469,9 @@ abstract class PhraseanetTestCase extends WebTestCase
case self::$fixtureIds['user']['test_phpunit_alt2']: case self::$fixtureIds['user']['test_phpunit_alt2']:
case self::$fixtureIds['user']['user_template']: case self::$fixtureIds['user']['user_template']:
self::giveRightsToUser($app, $user); self::giveRightsToUser($app, $user);
$app['acl']->get($user)->set_admin(false); $app->getAclForUser($user)->set_admin(false);
$app['acl']->get($user)->revoke_access_from_bases([self::$DI['collection_no_access']->get_base_id()]); $app->getAclForUser($user)->revoke_access_from_bases([self::$DI['collection_no_access']->get_base_id()]);
$app['acl']->get($user)->set_masks_on_base(self::$DI['collection_no_access_by_status']->get_base_id(), '00000000000000000000000000010000', '00000000000000000000000000010000', '00000000000000000000000000010000', '00000000000000000000000000010000'); $app->getAclForUser($user)->set_masks_on_base(self::$DI['collection_no_access_by_status']->get_base_id(), '00000000000000000000000000010000', '00000000000000000000000000010000', '00000000000000000000000000010000', '00000000000000000000000000010000');
break; break;
default: default:
throw new \InvalidArgumentException(sprintf('User %s not found', $user->getLogin())); throw new \InvalidArgumentException(sprintf('User %s not found', $user->getLogin()));
@@ -485,12 +485,12 @@ abstract class PhraseanetTestCase extends WebTestCase
*/ */
public static function giveRightsToUser(Application $app, User $user, $base_ids = null, $force = false) public static function giveRightsToUser(Application $app, User $user, $base_ids = null, $force = false)
{ {
$app['acl']->get($user)->delete_data_from_cache(\ACL::CACHE_GLOBAL_RIGHTS); $app->getAclForUser($user)->delete_data_from_cache(\ACL::CACHE_GLOBAL_RIGHTS);
$app['acl']->get($user)->delete_data_from_cache(databox::CACHE_COLLECTIONS); $app->getAclForUser($user)->delete_data_from_cache(databox::CACHE_COLLECTIONS);
$app['acl']->get($user)->give_access_to_sbas(array_keys($app->getDataboxes())); $app->getAclForUser($user)->give_access_to_sbas(array_keys($app->getDataboxes()));
foreach ($app->getDataboxes() as $databox) { foreach ($app->getDataboxes() as $databox) {
$app['acl']->get($user)->delete_data_from_cache(\ACL::CACHE_RIGHTS_SBAS); $app->getAclForUser($user)->delete_data_from_cache(\ACL::CACHE_RIGHTS_SBAS);
$rights = [ $rights = [
'bas_manage' => '1' 'bas_manage' => '1'
@@ -499,7 +499,7 @@ abstract class PhraseanetTestCase extends WebTestCase
, 'bas_chupub' => '1' , 'bas_chupub' => '1'
]; ];
$app['acl']->get($user)->update_rights_to_sbas($databox->get_sbas_id(), $rights); $app->getAclForUser($user)->update_rights_to_sbas($databox->get_sbas_id(), $rights);
foreach ($databox->get_collections() as $collection) { foreach ($databox->get_collections() as $collection) {
if (null !== $base_ids && !in_array($collection->get_base_id(), (array) $base_ids, true)) { if (null !== $base_ids && !in_array($collection->get_base_id(), (array) $base_ids, true)) {
@@ -509,13 +509,13 @@ abstract class PhraseanetTestCase extends WebTestCase
$base_id = $collection->get_base_id(); $base_id = $collection->get_base_id();
if ($app['acl']->get($user)->has_access_to_base($base_id) && false === $force) { if ($app->getAclForUser($user)->has_access_to_base($base_id) && false === $force) {
continue; continue;
} }
$app['acl']->get($user)->delete_data_from_cache(\ACL::CACHE_RIGHTS_BAS); $app->getAclForUser($user)->delete_data_from_cache(\ACL::CACHE_RIGHTS_BAS);
$app['acl']->get($user)->give_access_to_base([$base_id]); $app->getAclForUser($user)->give_access_to_base([$base_id]);
$app['acl']->get($user)->update_rights_to_base($base_id, ['order_master' => true]); $app->getAclForUser($user)->update_rights_to_base($base_id, ['order_master' => true]);
$rights = [ $rights = [
'canputinalbum' => '1' 'canputinalbum' => '1'
@@ -538,7 +538,7 @@ abstract class PhraseanetTestCase extends WebTestCase
, 'bas_modify_struct' => '1' , 'bas_modify_struct' => '1'
]; ];
$app['acl']->get($user)->update_rights_to_base($collection->get_base_id(), $rights); $app->getAclForUser($user)->update_rights_to_base($collection->get_base_id(), $rights);
} }
} }
} }

2
tests/classes/Session/LoggerTest.php
View File

@@ -25,7 +25,7 @@ class Session_LoggerTest extends \PhraseanetAuthenticatedTestCase
$this->authenticate(self::$DI['app']); $this->authenticate(self::$DI['app']);
$logger_creater = self::$DI['app']['phraseanet.logger']; $logger_creater = self::$DI['app']['phraseanet.logger'];
foreach (self::$DI['app']['acl']->get($user)->get_granted_sbas() as $databox) { foreach (self::$DI['app']->getAclForUser($user)->get_granted_sbas() as $databox) {
$this->object = $logger_creater($databox); $this->object = $logger_creater($databox);
$this->databox = $databox; $this->databox = $databox;
break; break;