mirror of
https://github.com/alchemy-fr/Phraseanet.git
synced 2025-10-17 15:03:25 +00:00
Add AclAware Trait
This commit is contained in:
Benoît Burnichon
@@ -12,6 +12,7 @@
|
||||
namespace Alchemy\Phrasea;
|
||||
|
||||
use Alchemy\Geonames\GeonamesServiceProvider;
|
||||
use Alchemy\Phrasea\Application\Helper\AclAware;
|
||||
use Alchemy\Phrasea\Application\Helper\ApplicationBoxAware;
|
||||
use Alchemy\Phrasea\Application\Helper\AuthenticatorAware;
|
||||
use Alchemy\Phrasea\ControllerProvider\Thesaurus\Xmlhttp as ThesaurusXMLHttp;
|
||||
@@ -118,6 +119,7 @@ use XPDF\XPDFServiceProvider;
|
||||
|
||||
class Application extends SilexApplication
|
||||
{
|
||||
use AclAware;
|
||||
use ApplicationBoxAware;
|
||||
use AuthenticatorAware;
|
||||
use UrlGeneratorTrait;
|
||||
@@ -597,7 +599,7 @@ class Application extends SilexApplication
|
||||
return false;
|
||||
}
|
||||
|
||||
return count($this['acl']->get($user)->get_granted_base()) > 0;
|
||||
return count($this->getAclForUser($user)->get_granted_base()) > 0;
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
79
lib/Alchemy/Phrasea/Application/Helper/AclAware.php
Normal file
79
lib/Alchemy/Phrasea/Application/Helper/AclAware.php
Normal file
@@ -0,0 +1,79 @@
|
||||
<?php
|
||||
/*
|
||||
* This file is part of Phraseanet
|
||||
*
|
||||
* (c) 2005-2015 Alchemy
|
||||
*
|
||||
* For the full copyright and license information, please view the LICENSE
|
||||
* file that was distributed with this source code.
|
||||
*/
|
||||
namespace Alchemy\Phrasea\Application\Helper;
|
||||
|
||||
use Alchemy\Phrasea\Authentication\ACLProvider;
|
||||
use Alchemy\Phrasea\Model\Entities\User;
|
||||
|
||||
trait AclAware
|
||||
{
|
||||
/** @var ACLProvider */
|
||||
private $aclProvider;
|
||||
|
||||
/**
|
||||
* @param ACLProvider|callable $provider
|
||||
* @return $this
|
||||
*/
|
||||
public function setAclProvider($provider)
|
||||
{
|
||||
if (!$provider instanceof ACLProvider && !is_callable($provider)) {
|
||||
throw new \InvalidArgumentException(sprintf(
|
||||
'%s expects parameter to be a "%s" instance or a callable, got "%s".',
|
||||
__METHOD__,
|
||||
ACLProvider::class,
|
||||
is_object($provider) ? get_class($provider) : gettype($provider)
|
||||
));
|
||||
}
|
||||
$this->aclProvider = $provider;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return ACLProvider
|
||||
*/
|
||||
public function getAclProvider()
|
||||
{
|
||||
if ($this->aclProvider instanceof ACLProvider) {
|
||||
return $this->aclProvider;
|
||||
}
|
||||
|
||||
if (null === $this->aclProvider && $this instanceof \Pimple && $this->offsetExists('acl')) {
|
||||
$this->aclProvider = function () {
|
||||
return $this['acl'];
|
||||
};
|
||||
}
|
||||
|
||||
if (null === $this->aclProvider) {
|
||||
throw new \LogicException(ACLProvider::class . ' instance or locator was not set');
|
||||
}
|
||||
|
||||
$instance = call_user_func($this->aclProvider);
|
||||
if (!$instance instanceof ACLProvider) {
|
||||
throw new \LogicException(sprintf(
|
||||
'Expects locator to return instance of "%s", got "%s"',
|
||||
ACLProvider::class,
|
||||
is_object($instance) ? get_class($instance) : gettype($instance)
|
||||
));
|
||||
}
|
||||
$this->aclProvider = $instance;
|
||||
|
||||
return $this->aclProvider;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param User $user
|
||||
* @return \ACL
|
||||
*/
|
||||
public function getAclForUser(User $user)
|
||||
{
|
||||
return $this->getAclProvider()->get($user);
|
||||
}
|
||||
}
|
||||
@@ -91,7 +91,7 @@ class AccountCreator
|
||||
}
|
||||
|
||||
foreach (array_merge($this->templates, $templates) as $template) {
|
||||
$app['acl']->get($user)->apply_model($template, $base_ids);
|
||||
$app->getAclForUser($user)->apply_model($template, $base_ids);
|
||||
}
|
||||
|
||||
return $user;
|
||||
|
||||
@@ -83,7 +83,7 @@ class Authenticator
|
||||
|
||||
$this->populateSession($session);
|
||||
|
||||
foreach ($this->app['acl']->get($user)->get_granted_sbas() as $databox) {
|
||||
foreach ($this->app->getAclForUser($user)->get_granted_sbas() as $databox) {
|
||||
\cache_databox::insertClient($this->app, $databox);
|
||||
}
|
||||
$this->reinitUser();
|
||||
@@ -112,7 +112,7 @@ class Authenticator
|
||||
$this->session->clear();
|
||||
$this->populateSession($session);
|
||||
|
||||
foreach ($this->app['acl']->get($user)->get_granted_sbas() as $databox) {
|
||||
foreach ($this->app->getAclForUser($user)->get_granted_sbas() as $databox) {
|
||||
\cache_databox::insertClient($this->app, $databox);
|
||||
}
|
||||
|
||||
|
||||
@@ -50,7 +50,7 @@ class CreateCollection extends Command
|
||||
while ($n < $total) {
|
||||
$results = $query->limit($n, 40)->execute()->get_results();
|
||||
foreach ($results as $user) {
|
||||
$this->container['acl']->get($user)->duplicate_right_from_bas($input->getOption('base_id_rights'), $new_collection->get_base_id());
|
||||
$this->container->getAclForUser($user)->duplicate_right_from_bas($input->getOption('base_id_rights'), $new_collection->get_base_id());
|
||||
}
|
||||
$n+=40;
|
||||
}
|
||||
|
||||
@@ -85,7 +85,7 @@ class JsFixtures extends Command
|
||||
{
|
||||
$user = $app['manipulator.user']->createUser(uniqid('fixturejs'), uniqid('fixturejs'), uniqid('fixturejs') . '@js.js', true);
|
||||
|
||||
$app['acl']->get($user)->set_admin(true);
|
||||
$app->getAclForUser($user)->set_admin(true);
|
||||
$app['manipulator.acl']->resetAdminRights($user);
|
||||
|
||||
return $user;
|
||||
|
||||
@@ -243,20 +243,20 @@ class RecordsRequest extends ArrayCollection
|
||||
$to_remove = [];
|
||||
|
||||
foreach ($elements as $id => $record) {
|
||||
if (!$app['acl']->get($app->getAuthenticatedUser())->has_access_to_record($record)) {
|
||||
if (!$app->getAclForUser($app->getAuthenticatedUser())->has_access_to_record($record)) {
|
||||
$to_remove[] = $id;
|
||||
continue;
|
||||
}
|
||||
|
||||
foreach ($rightsColl as $right) {
|
||||
if (!$app['acl']->get($app->getAuthenticatedUser())->has_right_on_base($record->get_base_id(), $right)) {
|
||||
if (!$app->getAclForUser($app->getAuthenticatedUser())->has_right_on_base($record->get_base_id(), $right)) {
|
||||
$to_remove[] = $id;
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
foreach ($rightsDatabox as $right) {
|
||||
if (!$app['acl']->get($app->getAuthenticatedUser())->has_right_on_sbas($record->get_sbas_id(), $right)) {
|
||||
if (!$app->getAclForUser($app->getAuthenticatedUser())->has_right_on_sbas($record->get_sbas_id(), $right)) {
|
||||
$to_remove[] = $id;
|
||||
continue;
|
||||
}
|
||||
|
||||
@@ -78,7 +78,7 @@ class Aggregate implements FeedInterface
|
||||
*/
|
||||
public static function createFromUser(Application $app, User $user, array $restrictions = [])
|
||||
{
|
||||
$feeds = $app['repo.feeds']->getAllForUser($app['acl']->get($user), $restrictions);
|
||||
$feeds = $app['repo.feeds']->getAllForUser($app->getAclForUser($user), $restrictions);
|
||||
$token = $app['repo.aggregate-tokens']->findOneBy(['user' => $user]);
|
||||
|
||||
return new static($app['orm.em'], $feeds, $token);
|
||||
|
||||
@@ -32,12 +32,12 @@ class Prod extends Helper
|
||||
$searchSet = json_decode($this->app['settings']->getUserSetting($this->app->getAuthenticatedUser(), 'search'), true);
|
||||
$saveSettings = $this->app['settings']->getUserSetting($this->app->getAuthenticatedUser(), 'advanced_search_reload');
|
||||
|
||||
foreach ($this->app['acl']->get($this->app->getAuthenticatedUser())->get_granted_sbas() as $databox) {
|
||||
foreach ($this->app->getAclForUser($this->app->getAuthenticatedUser())->get_granted_sbas() as $databox) {
|
||||
$sbasId = $databox->get_sbas_id();
|
||||
|
||||
$bases[$sbasId] = array('thesaurus' => (trim($databox->get_thesaurus()) !== ""), 'cterms' => false, 'collections' => array(), 'sbas_id' => $sbasId);
|
||||
|
||||
foreach ($this->app['acl']->get($this->app->getAuthenticatedUser())->get_granted_base([], [$databox->get_sbas_id()]) as $coll) {
|
||||
foreach ($this->app->getAclForUser($this->app->getAuthenticatedUser())->get_granted_base([], [$databox->get_sbas_id()]) as $coll) {
|
||||
$selected = $saveSettings ? ((isset($searchSet['bases']) && isset($searchSet['bases'][$sbasId])) ? (in_array($coll->get_base_id(), $searchSet['bases'][$sbasId])) : true) : true;
|
||||
$bases[$sbasId]['collections'][] = array('selected' => $selected, 'base_id' => $coll->get_base_id());
|
||||
}
|
||||
@@ -78,7 +78,7 @@ class Prod extends Helper
|
||||
if (!$bases[$sbasId]['thesaurus']) {
|
||||
continue;
|
||||
}
|
||||
if (!$this->app['acl']->get($this->app->getAuthenticatedUser())->has_right_on_sbas($sbasId, 'bas_modif_th')) {
|
||||
if (!$this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_sbas($sbasId, 'bas_modif_th')) {
|
||||
continue;
|
||||
}
|
||||
|
||||
|
||||
@@ -71,11 +71,11 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
|
||||
|
||||
protected function delete_user(User $user)
|
||||
{
|
||||
$list = array_keys($this->app['acl']->get($this->app->getAuthenticatedUser())->get_granted_base(['canadmin']));
|
||||
$list = array_keys($this->app->getAclForUser($this->app->getAuthenticatedUser())->get_granted_base(['canadmin']));
|
||||
|
||||
$this->app['acl']->get($user)->revoke_access_from_bases($list);
|
||||
$this->app->getAclForUser($user)->revoke_access_from_bases($list);
|
||||
|
||||
if ($this->app['acl']->get($user)->is_phantom()) {
|
||||
if ($this->app->getAclForUser($user)->is_phantom()) {
|
||||
$this->app['manipulator.user']->delete($user);
|
||||
}
|
||||
|
||||
@@ -84,7 +84,7 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
|
||||
|
||||
public function get_users_rights()
|
||||
{
|
||||
$list = array_keys($this->app['acl']->get($this->app->getAuthenticatedUser())->get_granted_base(['canadmin']));
|
||||
$list = array_keys($this->app->getAclForUser($this->app->getAuthenticatedUser())->get_granted_base(['canadmin']));
|
||||
|
||||
$sql = "SELECT
|
||||
b.sbas_id,
|
||||
@@ -476,7 +476,7 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
|
||||
|
||||
public function apply_rights()
|
||||
{
|
||||
$ACL = $this->app['acl']->get($this->app->getAuthenticatedUser());
|
||||
$ACL = $this->app->getAclForUser($this->app->getAuthenticatedUser());
|
||||
$base_ids = array_keys($ACL->get_granted_base(['canadmin']));
|
||||
|
||||
$update = $create = $delete = $create_sbas = $update_sbas = [];
|
||||
@@ -571,21 +571,21 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
|
||||
|
||||
$user = $this->app['repo.users']->find($usr_id);
|
||||
|
||||
$this->app['acl']->get($user)->revoke_access_from_bases($delete)
|
||||
$this->app->getAclForUser($user)->revoke_access_from_bases($delete)
|
||||
->give_access_to_base($create)
|
||||
->give_access_to_sbas($create_sbas);
|
||||
|
||||
foreach ($update as $base_id => $rights) {
|
||||
$this->app['acl']->get($user)->update_rights_to_base($base_id, $rights);
|
||||
$this->app->getAclForUser($user)->update_rights_to_base($base_id, $rights);
|
||||
}
|
||||
|
||||
foreach ($update_sbas as $sbas_id => $rights) {
|
||||
$this->app['acl']->get($user)->update_rights_to_sbas($sbas_id, $rights);
|
||||
$this->app->getAclForUser($user)->update_rights_to_sbas($sbas_id, $rights);
|
||||
}
|
||||
|
||||
$this->app['phraseanet.appbox']->get_connection()->commit();
|
||||
|
||||
$this->app['acl']->get($user)->revoke_unused_sbas_rights();
|
||||
$this->app->getAclForUser($user)->revoke_unused_sbas_rights();
|
||||
|
||||
unset($user);
|
||||
} catch (\Exception $e) {
|
||||
@@ -688,12 +688,12 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
|
||||
throw new AccessDeniedHttpException('You are not the owner of the template');
|
||||
}
|
||||
|
||||
$base_ids = array_keys($this->app['acl']->get($this->app->getAuthenticatedUser())->get_granted_base(['canadmin']));
|
||||
$base_ids = array_keys($this->app->getAclForUser($this->app->getAuthenticatedUser())->get_granted_base(['canadmin']));
|
||||
|
||||
foreach ($this->users as $usr_id) {
|
||||
$user = $this->app['repo.users']->find($usr_id);
|
||||
|
||||
$this->app['acl']->get($user)->apply_model($template, $base_ids);
|
||||
$this->app->getAclForUser($user)->apply_model($template, $base_ids);
|
||||
}
|
||||
|
||||
return $this;
|
||||
@@ -706,9 +706,9 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
|
||||
foreach ($this->users as $usr_id) {
|
||||
$user = $this->app['repo.users']->find($usr_id);
|
||||
if ($this->request->get('quota'))
|
||||
$this->app['acl']->get($user)->set_quotas_on_base($this->base_id, $this->request->get('droits'), $this->request->get('restes'));
|
||||
$this->app->getAclForUser($user)->set_quotas_on_base($this->base_id, $this->request->get('droits'), $this->request->get('restes'));
|
||||
else
|
||||
$this->app['acl']->get($user)->remove_quotas_on_base($this->base_id);
|
||||
$this->app->getAclForUser($user)->remove_quotas_on_base($this->base_id);
|
||||
}
|
||||
|
||||
return $this;
|
||||
@@ -727,7 +727,7 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
|
||||
foreach ($this->users as $usr_id) {
|
||||
$user = $this->app['repo.users']->find($usr_id);
|
||||
|
||||
$this->app['acl']->get($user)->set_masks_on_base($this->base_id, $vand_and, $vand_or, $vxor_and, $vxor_or);
|
||||
$this->app->getAclForUser($user)->set_masks_on_base($this->base_id, $vand_and, $vand_or, $vxor_and, $vxor_or);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -744,16 +744,16 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
|
||||
|
||||
$activate = !!$this->request->get('limit');
|
||||
|
||||
$base_ids = array_keys($this->app['acl']->get($this->app->getAuthenticatedUser())->get_granted_base(['canadmin']));
|
||||
$base_ids = array_keys($this->app->getAclForUser($this->app->getAuthenticatedUser())->get_granted_base(['canadmin']));
|
||||
|
||||
foreach ($this->users as $usr_id) {
|
||||
$user = $this->app['repo.users']->find($usr_id);
|
||||
|
||||
if ($this->base_id > 0) {
|
||||
$this->app['acl']->get($user)->set_limits($this->base_id, $activate, $dmin, $dmax);
|
||||
$this->app->getAclForUser($user)->set_limits($this->base_id, $activate, $dmin, $dmax);
|
||||
} elseif ($sbas_id > 0) {
|
||||
foreach ($base_ids as $base_id) {
|
||||
$this->app['acl']->get($user)->set_limits($base_id, $activate, $dmin, $dmax);
|
||||
$this->app->getAclForUser($user)->set_limits($base_id, $activate, $dmin, $dmax);
|
||||
}
|
||||
} else {
|
||||
$this->app->abort(400, 'No collection or databox id available');
|
||||
@@ -763,11 +763,11 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
|
||||
|
||||
public function resetRights()
|
||||
{
|
||||
$base_ids = array_keys($this->app['acl']->get($this->app->getAuthenticatedUser())->get_granted_base(['canadmin']));
|
||||
$base_ids = array_keys($this->app->getAclForUser($this->app->getAuthenticatedUser())->get_granted_base(['canadmin']));
|
||||
|
||||
foreach ($this->users as $usr_id) {
|
||||
$user = $this->app['repo.users']->find($usr_id);
|
||||
$ACL = $this->app['acl']->get($user);
|
||||
$ACL = $this->app->getAclForUser($user);
|
||||
|
||||
if ($user->isTemplate()) {
|
||||
$template = $user;
|
||||
|
||||
@@ -76,7 +76,7 @@ class Manage extends Helper
|
||||
->last_model_is($this->query_parms['last_model'])
|
||||
->get_inactives($this->query_parms['inactives'])
|
||||
->include_templates(false)
|
||||
->on_bases_where_i_am($this->app['acl']->get($this->app->getAuthenticatedUser()), ['canadmin'])
|
||||
->on_bases_where_i_am($this->app->getAclForUser($this->app->getAuthenticatedUser()), ['canadmin'])
|
||||
->execute();
|
||||
|
||||
return $this->results->get_results();
|
||||
@@ -114,7 +114,7 @@ class Manage extends Helper
|
||||
->last_model_is($this->query_parms['last_model'])
|
||||
->get_inactives($this->query_parms['inactives'])
|
||||
->include_templates(true)
|
||||
->on_bases_where_i_am($this->app['acl']->get($this->app->getAuthenticatedUser()), ['canadmin'])
|
||||
->on_bases_where_i_am($this->app->getAclForUser($this->app->getAuthenticatedUser()), ['canadmin'])
|
||||
->limit($offset_start, $results_quantity)
|
||||
->execute();
|
||||
|
||||
|
||||
@@ -459,7 +459,7 @@ class Feed implements FeedInterface
|
||||
public function hasAccess(User $user, Application $app)
|
||||
{
|
||||
if ($this->getCollection($app) instanceof collection) {
|
||||
return $app['acl']->get($user)->has_access_to_base($this->collection->get_base_id());
|
||||
return $app->getAclForUser($user)->has_access_to_base($this->collection->get_base_id());
|
||||
}
|
||||
|
||||
return true;
|
||||
@@ -556,7 +556,7 @@ class Feed implements FeedInterface
|
||||
$coll = $this->getCollection($app);
|
||||
if ($this->isPublic()
|
||||
|| $coll === null
|
||||
|| in_array($coll->get_base_id(), array_keys($app['acl']->get($user)->get_granted_base()))) {
|
||||
|| in_array($coll->get_base_id(), array_keys($app->getAclForUser($user)->get_granted_base()))) {
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
@@ -166,7 +166,7 @@ class PDF
|
||||
|
||||
$fimg = $subdef->get_pathfile();
|
||||
|
||||
if (!$this->app['acl']->get($this->app->getAuthenticatedUser())->has_right_on_base($rec->get_base_id(), "nowatermark")
|
||||
if (!$this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_base($rec->get_base_id(), "nowatermark")
|
||||
&& $subdef->get_type() == \media_subdef::TYPE_IMAGE) {
|
||||
$fimg = \recordutils_image::watermark($this->app, $subdef);
|
||||
}
|
||||
@@ -438,7 +438,7 @@ class PDF
|
||||
|
||||
$f = $subdef->get_pathfile();
|
||||
|
||||
if (!$this->app['acl']->get($this->app->getAuthenticatedUser())->has_right_on_base($rec->get_base_id(), "nowatermark")
|
||||
if (!$this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_base($rec->get_base_id(), "nowatermark")
|
||||
&& $subdef->get_type() == \media_subdef::TYPE_IMAGE)
|
||||
$f = \recordutils_image::watermark($this->app, $subdef);
|
||||
|
||||
|
||||
@@ -400,7 +400,7 @@ class ElasticSearchEngine implements SearchEngineInterface
|
||||
return [];
|
||||
}
|
||||
|
||||
$acl = $this->app['acl']->get($this->app->getAuthenticatedUser());
|
||||
$acl = $this->app->getAclForUser($this->app->getAuthenticatedUser());
|
||||
|
||||
$grantedCollections = array_keys($acl->get_granted_base(['actif']));
|
||||
|
||||
|
||||
@@ -41,7 +41,7 @@ class Firewall
|
||||
{
|
||||
$this->requireNotGuest();
|
||||
|
||||
if (!$this->app['acl']->get($this->app->getAuthenticatedUser())->is_admin()) {
|
||||
if (!$this->app->getAclForUser($this->app->getAuthenticatedUser())->is_admin()) {
|
||||
$this->app->abort(403, 'Admin role is required');
|
||||
}
|
||||
|
||||
@@ -50,7 +50,7 @@ class Firewall
|
||||
|
||||
public function requireAccessToModule($module)
|
||||
{
|
||||
if (!$this->app['acl']->get($this->app->getAuthenticatedUser())->has_access_to_module($module)) {
|
||||
if (!$this->app->getAclForUser($this->app->getAuthenticatedUser())->has_access_to_module($module)) {
|
||||
$this->app->abort(403, 'You do not have required rights');
|
||||
}
|
||||
|
||||
@@ -59,7 +59,7 @@ class Firewall
|
||||
|
||||
public function requireAccessToSbas($sbas_id)
|
||||
{
|
||||
if (!$this->app['acl']->get($this->app->getAuthenticatedUser())->has_access_to_sbas($sbas_id)) {
|
||||
if (!$this->app->getAclForUser($this->app->getAuthenticatedUser())->has_access_to_sbas($sbas_id)) {
|
||||
$this->app->abort(403, 'You do not have required rights');
|
||||
}
|
||||
|
||||
@@ -68,7 +68,7 @@ class Firewall
|
||||
|
||||
public function requireAccessToBase($base_id)
|
||||
{
|
||||
if (!$this->app['acl']->get($this->app->getAuthenticatedUser())->has_access_to_base($base_id)) {
|
||||
if (!$this->app->getAclForUser($this->app->getAuthenticatedUser())->has_access_to_base($base_id)) {
|
||||
$this->app->abort(403, 'You do not have required rights');
|
||||
}
|
||||
|
||||
@@ -77,7 +77,7 @@ class Firewall
|
||||
|
||||
public function requireRight($right)
|
||||
{
|
||||
if (!$this->app['acl']->get($this->app->getAuthenticatedUser())->has_right($right)) {
|
||||
if (!$this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right($right)) {
|
||||
$this->app->abort(403, 'You do not have required rights');
|
||||
}
|
||||
|
||||
@@ -86,7 +86,7 @@ class Firewall
|
||||
|
||||
public function requireRightOnBase($base_id, $right)
|
||||
{
|
||||
if (!$this->app['acl']->get($this->app->getAuthenticatedUser())->has_right_on_base($base_id, $right)) {
|
||||
if (!$this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_base($base_id, $right)) {
|
||||
$this->app->abort(403, 'You do not have required rights');
|
||||
}
|
||||
|
||||
@@ -95,7 +95,7 @@ class Firewall
|
||||
|
||||
public function requireRightOnSbas($sbas_id, $right)
|
||||
{
|
||||
if (!$this->app['acl']->get($this->app->getAuthenticatedUser())->has_right_on_sbas($sbas_id, $right)) {
|
||||
if (!$this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_sbas($sbas_id, $right)) {
|
||||
$this->app->abort(403, 'You do not have required rights');
|
||||
}
|
||||
|
||||
@@ -146,7 +146,7 @@ class Firewall
|
||||
|
||||
public function requireOrdersAdmin()
|
||||
{
|
||||
if (false === !!count($this->app['acl']->get($this->app->getAuthenticatedUser())->get_granted_base(['order_master']))) {
|
||||
if (false === !!count($this->app->getAclForUser($this->app->getAuthenticatedUser())->get_granted_base(['order_master']))) {
|
||||
$this->app->abort(403, 'You are not an order admin');
|
||||
}
|
||||
|
||||
|
||||
@@ -62,7 +62,7 @@ class Installer
|
||||
$template = new \SplFileInfo(__DIR__ . '/../../../conf.d/data_templates/' . $template . '-simple.xml');
|
||||
$databox = \databox::create($this->app, $dbConn, $template);
|
||||
|
||||
$this->app['acl']->get($admin)
|
||||
$this->app->getAclForUser($admin)
|
||||
->give_access_to_sbas([$databox->get_sbas_id()])
|
||||
->update_rights_to_sbas(
|
||||
$databox->get_sbas_id(), [
|
||||
@@ -73,8 +73,8 @@ class Installer
|
||||
|
||||
$collection = \collection::create($this->app, $databox, $this->app['phraseanet.appbox'], 'test', $admin);
|
||||
|
||||
$this->app['acl']->get($admin)->give_access_to_base([$collection->get_base_id()]);
|
||||
$this->app['acl']->get($admin)->update_rights_to_base($collection->get_base_id(), [
|
||||
$this->app->getAclForUser($admin)->give_access_to_base([$collection->get_base_id()]);
|
||||
$this->app->getAclForUser($admin)->update_rights_to_base($collection->get_base_id(), [
|
||||
'canpush' => 1, 'cancmd' => 1
|
||||
, 'canputinalbum' => 1, 'candwnldhd' => 1, 'candwnldpreview' => 1, 'canadmin' => 1
|
||||
, 'actif' => 1, 'canreport' => 1, 'canaddrecord' => 1, 'canmodifrecord' => 1
|
||||
|
||||
@@ -135,7 +135,7 @@ class PhraseanetExtension extends \Twig_Extension
|
||||
|
||||
$rights = (array) $rights;
|
||||
foreach ($rights as $right) {
|
||||
if (false === $this->app['acl']->get($this->app->getAuthenticatedUser())->has_right_on_sbas($databoxId, $right)) {
|
||||
if (false === $this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_sbas($databoxId, $right)) {
|
||||
|
||||
return false;
|
||||
}
|
||||
@@ -153,7 +153,7 @@ class PhraseanetExtension extends \Twig_Extension
|
||||
|
||||
$rights = (array) $rights;
|
||||
foreach ($rights as $right) {
|
||||
if (false === $this->app['acl']->get($this->app->getAuthenticatedUser())->has_right_on_base($baseId, $right)) {
|
||||
if (false === $this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_base($baseId, $right)) {
|
||||
|
||||
return false;
|
||||
}
|
||||
@@ -182,7 +182,7 @@ class PhraseanetExtension extends \Twig_Extension
|
||||
return false;
|
||||
}
|
||||
|
||||
return $this->app['acl']->get($this->app->getAuthenticatedUser())->has_access_to_subdef($record, $subDefinition);
|
||||
return $this->app->getAclForUser($this->app->getAuthenticatedUser())->has_access_to_subdef($record, $subDefinition);
|
||||
}
|
||||
|
||||
public function getDoctypeIcon(RecordInterface $record)
|
||||
|
||||
@@ -60,7 +60,7 @@ class UserProvider implements ControlProviderInterface
|
||||
->like(\User_Query::LIKE_LOGIN, $query)
|
||||
->like_match(\User_Query::LIKE_MATCH_OR)
|
||||
->include_phantoms(true)
|
||||
->on_bases_where_i_am($this->app['acl']->get($for_user), ['canadmin'])
|
||||
->on_bases_where_i_am($this->app->getAclForUser($for_user), ['canadmin'])
|
||||
->limit(0, 50)
|
||||
->execute()->get_results();
|
||||
|
||||
|
||||
@@ -310,7 +310,7 @@ class ACL implements cache_cacheableInterface
|
||||
$sbas_to_acces = [];
|
||||
$rights_to_give = [];
|
||||
|
||||
foreach ($this->app['acl']->get($template_user)->get_granted_sbas() as $databox) {
|
||||
foreach ($this->app->getAclForUser($template_user)->get_granted_sbas() as $databox) {
|
||||
$sbas_id = $databox->get_sbas_id();
|
||||
|
||||
if (!in_array($sbas_id, $sbas_ids))
|
||||
@@ -321,7 +321,7 @@ class ACL implements cache_cacheableInterface
|
||||
}
|
||||
|
||||
foreach ($sbas_rights as $right) {
|
||||
if ($this->app['acl']->get($template_user)->has_right_on_sbas($sbas_id, $right)) {
|
||||
if ($this->app->getAclForUser($template_user)->has_right_on_sbas($sbas_id, $right)) {
|
||||
$rights_to_give[$sbas_id][$right] = '1';
|
||||
}
|
||||
}
|
||||
@@ -348,7 +348,7 @@ class ACL implements cache_cacheableInterface
|
||||
'11' => ['aa' => '1', 'ao' => '1', 'xa' => '1', 'xo' => '1']
|
||||
];
|
||||
|
||||
foreach ($this->app['acl']->get($template_user)->get_granted_base() as $collection) {
|
||||
foreach ($this->app->getAclForUser($template_user)->get_granted_base() as $collection) {
|
||||
$base_id = $collection->get_base_id();
|
||||
|
||||
if (!in_array($base_id, $base_ids))
|
||||
@@ -359,13 +359,13 @@ class ACL implements cache_cacheableInterface
|
||||
}
|
||||
|
||||
foreach ($bas_rights as $right) {
|
||||
if ($this->app['acl']->get($template_user)->has_right_on_base($base_id, $right)) {
|
||||
if ($this->app->getAclForUser($template_user)->has_right_on_base($base_id, $right)) {
|
||||
$rights_to_give[$base_id][$right] = '1';
|
||||
}
|
||||
}
|
||||
|
||||
$mask_and = $this->app['acl']->get($template_user)->get_mask_and($base_id);
|
||||
$mask_xor = $this->app['acl']->get($template_user)->get_mask_xor($base_id);
|
||||
$mask_and = $this->app->getAclForUser($template_user)->get_mask_and($base_id);
|
||||
$mask_xor = $this->app->getAclForUser($template_user)->get_mask_xor($base_id);
|
||||
|
||||
/**
|
||||
* apply sb is substractive
|
||||
@@ -417,7 +417,7 @@ class ACL implements cache_cacheableInterface
|
||||
private function apply_template_time_limits(User $template_user, Array $base_ids)
|
||||
{
|
||||
foreach ($base_ids as $base_id) {
|
||||
$limited = $this->app['acl']->get($template_user)->get_limits($base_id);
|
||||
$limited = $this->app->getAclForUser($template_user)->get_limits($base_id);
|
||||
if (null !== $limited) {
|
||||
$this->set_limits($base_id, '1', $limited['dmin'], $limited['dmax']);
|
||||
} else {
|
||||
|
||||
@@ -99,7 +99,7 @@ class Session_Logger
|
||||
$colls = [];
|
||||
|
||||
if ($app->getAuthenticatedUser()) {
|
||||
$bases = $app['acl']->get($app->getAuthenticatedUser())->get_granted_base([], [$databox->get_sbas_id()]);
|
||||
$bases = $app->getAclForUser($app->getAuthenticatedUser())->get_granted_base([], [$databox->get_sbas_id()]);
|
||||
foreach ($bases as $collection) {
|
||||
$colls[] = $collection->get_coll_id();
|
||||
}
|
||||
@@ -218,7 +218,7 @@ class Session_Logger
|
||||
];
|
||||
|
||||
if (isset($appName[$appId])) {
|
||||
$sbas_ids = array_keys($app['acl']->get($app->getAuthenticatedUser())->get_granted_sbas());
|
||||
$sbas_ids = array_keys($app->getAclForUser($app->getAuthenticatedUser())->get_granted_sbas());
|
||||
|
||||
foreach ($sbas_ids as $sbas_id) {
|
||||
try {
|
||||
|
||||
@@ -541,8 +541,8 @@ class collection implements cache_cacheableInterface
|
||||
while ($n < $total) {
|
||||
$results = $query->limit($n, 50)->execute()->get_results();
|
||||
foreach ($results as $user) {
|
||||
$app['acl']->get($user)->delete_data_from_cache(ACL::CACHE_RIGHTS_SBAS);
|
||||
$app['acl']->get($user)->delete_data_from_cache(ACL::CACHE_RIGHTS_BAS);
|
||||
$app->getAclForUser($user)->delete_data_from_cache(ACL::CACHE_RIGHTS_SBAS);
|
||||
$app->getAclForUser($user)->delete_data_from_cache(ACL::CACHE_RIGHTS_BAS);
|
||||
}
|
||||
$n+=50;
|
||||
}
|
||||
@@ -654,7 +654,7 @@ class collection implements cache_cacheableInterface
|
||||
"modify_struct" => "1"
|
||||
];
|
||||
|
||||
$this->app['acl']->get($user)->update_rights_to_base($base_id, $rights);
|
||||
$this->app->getAclForUser($user)->update_rights_to_base($base_id, $rights);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
@@ -477,9 +477,9 @@ class databox extends base
|
||||
while ($n < $total) {
|
||||
$results = $query->limit($n, 50)->execute()->get_results();
|
||||
foreach ($results as $user) {
|
||||
$this->app['acl']->get($user)->delete_data_from_cache(ACL::CACHE_RIGHTS_SBAS);
|
||||
$this->app['acl']->get($user)->delete_data_from_cache(ACL::CACHE_RIGHTS_BAS);
|
||||
$this->app['acl']->get($user)->delete_injected_rights_sbas($this);
|
||||
$this->app->getAclForUser($user)->delete_data_from_cache(ACL::CACHE_RIGHTS_SBAS);
|
||||
$this->app->getAclForUser($user)->delete_data_from_cache(ACL::CACHE_RIGHTS_BAS);
|
||||
$this->app->getAclForUser($user)->delete_injected_rights_sbas($this);
|
||||
}
|
||||
$n+=50;
|
||||
}
|
||||
@@ -1038,7 +1038,7 @@ class databox extends base
|
||||
{
|
||||
$conn = $this->app['phraseanet.appbox']->get_connection();
|
||||
|
||||
$this->app['acl']->get($user)
|
||||
$this->app->getAclForUser($user)
|
||||
->give_access_to_sbas([$this->id])
|
||||
->update_rights_to_sbas(
|
||||
$this->id, [
|
||||
@@ -1073,9 +1073,9 @@ class databox extends base
|
||||
}
|
||||
$stmt->closeCursor();
|
||||
|
||||
$this->app['acl']->get($user)->give_access_to_base($base_ids);
|
||||
$this->app->getAclForUser($user)->give_access_to_base($base_ids);
|
||||
foreach ($base_ids as $base_id) {
|
||||
$this->app['acl']->get($user)->update_rights_to_base($base_id, [
|
||||
$this->app->getAclForUser($user)->update_rights_to_base($base_id, [
|
||||
'canpush' => 1, 'cancmd' => 1
|
||||
, 'canputinalbum' => 1, 'candwnldhd' => 1, 'candwnldpreview' => 1, 'canadmin' => 1
|
||||
, 'actif' => 1, 'canreport' => 1, 'canaddrecord' => 1, 'canmodifrecord' => 1
|
||||
|
||||
@@ -59,7 +59,7 @@ class databox_cgu
|
||||
$userValidation = true;
|
||||
|
||||
if (! $home) {
|
||||
if ( ! $app['acl']->get($app->getAuthenticatedUser())->has_access_to_sbas($databox->get_sbas_id())) {
|
||||
if ( ! $app->getAclForUser($app->getAuthenticatedUser())->has_access_to_sbas($databox->get_sbas_id())) {
|
||||
continue;
|
||||
}
|
||||
$userValidation = ($app['settings']->getUserSetting($app->getAuthenticatedUser(), 'terms_of_use_' . $databox->get_sbas_id()) !== $update && trim($value) !== '');
|
||||
|
||||
@@ -22,10 +22,10 @@ class databox_status
|
||||
public static function getSearchStatus(Application $app)
|
||||
{
|
||||
$see_all = $structures = $stats = [];
|
||||
foreach ($app['acl']->get($app->getAuthenticatedUser())->get_granted_sbas() as $databox) {
|
||||
foreach ($app->getAclForUser($app->getAuthenticatedUser())->get_granted_sbas() as $databox) {
|
||||
$see_all[$databox->get_sbas_id()] = false;
|
||||
foreach ($databox->get_collections() as $collection) {
|
||||
if ($app['acl']->get($app->getAuthenticatedUser())->has_right_on_base($collection->get_base_id(), 'chgstatus')) {
|
||||
if ($app->getAclForUser($app->getAuthenticatedUser())->has_right_on_base($collection->get_base_id(), 'chgstatus')) {
|
||||
$see_all[$databox->get_sbas_id()] = true;
|
||||
break;
|
||||
}
|
||||
|
||||
@@ -73,6 +73,6 @@ class eventsmanager_notify_autoregister extends eventsmanager_notifyAbstract
|
||||
return false;
|
||||
}
|
||||
|
||||
return $this->app['acl']->get($user)->has_right('manageusers');
|
||||
return $this->app->getAclForUser($user)->has_right('manageusers');
|
||||
}
|
||||
}
|
||||
|
||||
@@ -75,6 +75,6 @@ class eventsmanager_notify_order extends eventsmanager_notifyAbstract
|
||||
*/
|
||||
public function is_available(User $user)
|
||||
{
|
||||
return $this->app['acl']->get($user)->has_right('order_master');
|
||||
return $this->app->getAclForUser($user)->has_right('order_master');
|
||||
}
|
||||
}
|
||||
|
||||
@@ -75,6 +75,6 @@ class eventsmanager_notify_register extends eventsmanager_notifyAbstract
|
||||
return false;
|
||||
}
|
||||
|
||||
return $this->app['acl']->get($user)->has_right('manageusers');
|
||||
return $this->app->getAclForUser($user)->has_right('manageusers');
|
||||
}
|
||||
}
|
||||
|
||||
@@ -79,6 +79,6 @@ class eventsmanager_notify_uploadquarantine extends eventsmanager_notifyAbstract
|
||||
*/
|
||||
public function is_available(User $user)
|
||||
{
|
||||
return $this->app['acl']->get($user)->has_right('addrecord');
|
||||
return $this->app->getAclForUser($user)->has_right('addrecord');
|
||||
}
|
||||
}
|
||||
|
||||
@@ -90,6 +90,6 @@ class eventsmanager_notify_validationdone extends eventsmanager_notifyAbstract
|
||||
*/
|
||||
public function is_available(User $user)
|
||||
{
|
||||
return $this->app['acl']->get($user)->has_right('push');
|
||||
return $this->app->getAclForUser($user)->has_right('push');
|
||||
}
|
||||
}
|
||||
|
||||
@@ -241,7 +241,7 @@ class module_report_dashboard implements module_report_dashboard_componentInterf
|
||||
{
|
||||
$all_coll = [];
|
||||
|
||||
$base_ids = $this->app['acl']->get($this->usr)->get_granted_base(['canreport']);
|
||||
$base_ids = $this->app->getAclForUser($this->usr)->get_granted_base(['canreport']);
|
||||
|
||||
foreach ($base_ids as $base_id => $collection) {
|
||||
$databox = $collection->get_databox();
|
||||
|
||||
@@ -212,7 +212,7 @@ class patch_320alpha4b extends patchAbstract
|
||||
$app['orm.em']->flush();
|
||||
|
||||
} elseif ($pub_restrict == 1) {
|
||||
$collections = $app['acl']->get($user)->get_granted_base();
|
||||
$collections = $app->getAclForUser($user)->get_granted_base();
|
||||
$collection = array_shift($collections);
|
||||
if ( ! ($collection instanceof collection)) {
|
||||
foreach ($appbox->get_databoxes() as $databox) {
|
||||
|
||||
@@ -102,17 +102,17 @@ class record_exportElement extends record_adapter
|
||||
'thumbnail' => true
|
||||
];
|
||||
|
||||
if ($this->app['acl']->get($this->app->getAuthenticatedUser())->has_right_on_base($this->get_base_id(), 'candwnldhd')) {
|
||||
if ($this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_base($this->get_base_id(), 'candwnldhd')) {
|
||||
$go_dl['document'] = true;
|
||||
}
|
||||
if ($this->app['acl']->get($this->app->getAuthenticatedUser())->has_right_on_base($this->get_base_id(), 'candwnldpreview')) {
|
||||
if ($this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_base($this->get_base_id(), 'candwnldpreview')) {
|
||||
$go_dl['preview'] = true;
|
||||
}
|
||||
if ($this->app['acl']->get($this->app->getAuthenticatedUser())->has_hd_grant($this)) {
|
||||
if ($this->app->getAclForUser($this->app->getAuthenticatedUser())->has_hd_grant($this)) {
|
||||
$go_dl['document'] = true;
|
||||
$go_dl['preview'] = true;
|
||||
}
|
||||
if ($this->app['acl']->get($this->app->getAuthenticatedUser())->has_preview_grant($this)) {
|
||||
if ($this->app->getAclForUser($this->app->getAuthenticatedUser())->has_preview_grant($this)) {
|
||||
$go_dl['preview'] = true;
|
||||
}
|
||||
|
||||
@@ -122,14 +122,14 @@ class record_exportElement extends record_adapter
|
||||
->who_have_right(['order_master'])
|
||||
->execute()->get_results();
|
||||
|
||||
$go_cmd = (count($masters) > 0 && $this->app['acl']->get($this->app->getAuthenticatedUser())->has_right_on_base($this->base_id, 'cancmd'));
|
||||
$go_cmd = (count($masters) > 0 && $this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_base($this->base_id, 'cancmd'));
|
||||
|
||||
$orderable['document'] = false;
|
||||
$downloadable['document'] = false;
|
||||
|
||||
if (isset($sd['document']) && is_file($sd['document']->get_pathfile())) {
|
||||
if ($go_dl['document'] === true) {
|
||||
if ($this->app['acl']->get($this->app->getAuthenticatedUser())->is_restricted_download($this->base_id)) {
|
||||
if ($this->app->getAclForUser($this->app->getAuthenticatedUser())->is_restricted_download($this->base_id)) {
|
||||
$this->remain_hd --;
|
||||
if ($this->remain_hd >= 0) {
|
||||
$localizedLabel = $this->app->trans('document original');
|
||||
@@ -183,7 +183,7 @@ class record_exportElement extends record_adapter
|
||||
if (isset($sd[$name]) && $sd[$name]->is_physically_present()) {
|
||||
if ($class == 'document') {
|
||||
|
||||
if ($this->app['acl']->get($this->app->getAuthenticatedUser())->is_restricted_download($this->base_id)) {
|
||||
if ($this->app->getAclForUser($this->app->getAuthenticatedUser())->is_restricted_download($this->base_id)) {
|
||||
$this->remain_hd --;
|
||||
if ($this->remain_hd >= 0)
|
||||
$downloadable[$name] = [
|
||||
|
||||
@@ -325,7 +325,7 @@ class record_preview extends record_adapter
|
||||
|
||||
$tab = [];
|
||||
|
||||
$report = $this->app['acl']->get($this->app->getAuthenticatedUser())->has_right_on_base($this->get_base_id(), 'canreport');
|
||||
$report = $this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_base($this->get_base_id(), 'canreport');
|
||||
|
||||
$databox = $this->app->findDataboxById($this->get_sbas_id());
|
||||
$connsbas = $databox->get_connection();
|
||||
@@ -401,7 +401,7 @@ class record_preview extends record_adapter
|
||||
return $this->view_popularity;
|
||||
}
|
||||
|
||||
$report = $this->app['acl']->get($this->app->getAuthenticatedUser())->has_right_on_base(
|
||||
$report = $this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_base(
|
||||
$this->get_base_id(), 'canreport');
|
||||
|
||||
if ( ! $report && ! $this->app['conf']->get(['registry', 'webservices', 'google-charts-enabled'])) {
|
||||
@@ -491,7 +491,7 @@ class record_preview extends record_adapter
|
||||
return $this->refferer_popularity;
|
||||
}
|
||||
|
||||
$report = $this->app['acl']->get($this->app->getAuthenticatedUser())->has_right_on_base(
|
||||
$report = $this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_base(
|
||||
$this->get_base_id(), 'canreport');
|
||||
|
||||
if ( ! $report && ! $this->app['conf']->get(['registry', 'webservices', 'google-charts-enabled'])) {
|
||||
@@ -564,7 +564,7 @@ class record_preview extends record_adapter
|
||||
return $this->download_popularity;
|
||||
}
|
||||
|
||||
$report = $this->app['acl']->get($this->app->getAuthenticatedUser())->has_right_on_base($this->get_base_id(), 'canreport');
|
||||
$report = $this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_base($this->get_base_id(), 'canreport');
|
||||
|
||||
$ret = false;
|
||||
if ( ! $report && ! $this->app['conf']->get(['registry', 'webservices', 'google-charts-enabled'])) {
|
||||
|
||||
@@ -66,8 +66,8 @@ class set_export extends set_abstract
|
||||
$record_id = $basket_element->getRecord($this->app)->get_record_id();
|
||||
|
||||
if (!isset($remain_hd[$base_id])) {
|
||||
if ($app['acl']->get($app->getAuthenticatedUser())->is_restricted_download($base_id)) {
|
||||
$remain_hd[$base_id] = $app['acl']->get($app->getAuthenticatedUser())->remaining_download($base_id);
|
||||
if ($app->getAclForUser($app->getAuthenticatedUser())->is_restricted_download($base_id)) {
|
||||
$remain_hd[$base_id] = $app->getAclForUser($app->getAuthenticatedUser())->remaining_download($base_id);
|
||||
} else {
|
||||
$remain_hd[$base_id] = false;
|
||||
}
|
||||
@@ -106,8 +106,8 @@ class set_export extends set_abstract
|
||||
$record_id = $child_basrec->get_record_id();
|
||||
|
||||
if (!isset($remain_hd[$base_id])) {
|
||||
if ($app['acl']->get($app->getAuthenticatedUser())->is_restricted_download($base_id)) {
|
||||
$remain_hd[$base_id] = $app['acl']->get($app->getAuthenticatedUser())->remaining_download($base_id);
|
||||
if ($app->getAclForUser($app->getAuthenticatedUser())->is_restricted_download($base_id)) {
|
||||
$remain_hd[$base_id] = $app->getAclForUser($app->getAuthenticatedUser())->remaining_download($base_id);
|
||||
} else {
|
||||
$remain_hd[$base_id] = false;
|
||||
}
|
||||
@@ -129,8 +129,8 @@ class set_export extends set_abstract
|
||||
$record_id = $record->get_record_id();
|
||||
|
||||
if (!isset($remain_hd[$base_id])) {
|
||||
if ($app['acl']->get($app->getAuthenticatedUser())->is_restricted_download($base_id)) {
|
||||
$remain_hd[$base_id] = $app['acl']->get($app->getAuthenticatedUser())->remaining_download($base_id);
|
||||
if ($app->getAclForUser($app->getAuthenticatedUser())->is_restricted_download($base_id)) {
|
||||
$remain_hd[$base_id] = $app->getAclForUser($app->getAuthenticatedUser())->remaining_download($base_id);
|
||||
} else {
|
||||
$remain_hd[$base_id] = false;
|
||||
}
|
||||
@@ -164,7 +164,7 @@ class set_export extends set_abstract
|
||||
$this->businessFieldsAccess = false;
|
||||
|
||||
foreach ($this->elements as $download_element) {
|
||||
if ($app['acl']->get($app->getAuthenticatedUser())->has_right_on_base($download_element->get_base_id(), 'canmodifrecord')) {
|
||||
if ($app->getAclForUser($app->getAuthenticatedUser())->has_right_on_base($download_element->get_base_id(), 'canmodifrecord')) {
|
||||
$this->businessFieldsAccess = true;
|
||||
}
|
||||
|
||||
@@ -216,11 +216,11 @@ class set_export extends set_abstract
|
||||
|
||||
$display_ftp = [];
|
||||
|
||||
$hasadminright = $app['acl']->get($app->getAuthenticatedUser())->has_right('addrecord')
|
||||
|| $app['acl']->get($app->getAuthenticatedUser())->has_right('deleterecord')
|
||||
|| $app['acl']->get($app->getAuthenticatedUser())->has_right('modifyrecord')
|
||||
|| $app['acl']->get($app->getAuthenticatedUser())->has_right('coll_manage')
|
||||
|| $app['acl']->get($app->getAuthenticatedUser())->has_right('coll_modify_struct');
|
||||
$hasadminright = $app->getAclForUser($app->getAuthenticatedUser())->has_right('addrecord')
|
||||
|| $app->getAclForUser($app->getAuthenticatedUser())->has_right('deleterecord')
|
||||
|| $app->getAclForUser($app->getAuthenticatedUser())->has_right('modifyrecord')
|
||||
|| $app->getAclForUser($app->getAuthenticatedUser())->has_right('coll_manage')
|
||||
|| $app->getAclForUser($app->getAuthenticatedUser())->has_right('coll_modify_struct');
|
||||
|
||||
$this->ftp_datas = [];
|
||||
|
||||
@@ -228,7 +228,7 @@ class set_export extends set_abstract
|
||||
$display_ftp = $display_download;
|
||||
$this->total_ftp = $this->total_download;
|
||||
|
||||
$lst_base_id = array_keys($app['acl']->get($app->getAuthenticatedUser())->get_granted_base());
|
||||
$lst_base_id = array_keys($app->getAclForUser($app->getAuthenticatedUser())->get_granted_base());
|
||||
|
||||
if ($hasadminright) {
|
||||
$sql = "SELECT Users.id AS usr_id ,Users.login AS usr_login ,Users.email AS usr_mail, FtpCredential.*
|
||||
@@ -429,7 +429,7 @@ class set_export extends set_abstract
|
||||
|
||||
$BF = false;
|
||||
|
||||
if ($includeBusinessFields && $this->app['acl']->get($user)->has_right_on_base($download_element->get_base_id(), 'canmodifrecord')) {
|
||||
if ($includeBusinessFields && $this->app->getAclForUser($user)->has_right_on_base($download_element->get_base_id(), 'canmodifrecord')) {
|
||||
$BF = true;
|
||||
}
|
||||
|
||||
@@ -512,8 +512,8 @@ class set_export extends set_abstract
|
||||
'path' => $sd[$name]->get_path()
|
||||
, 'file' => $sd[$name]->get_file()
|
||||
];
|
||||
if (!$this->app['acl']->get($user)->has_right_on_base($download_element->get_base_id(), "nowatermark")
|
||||
&& !$this->app['acl']->get($user)->has_preview_grant($download_element)
|
||||
if (!$this->app->getAclForUser($user)->has_right_on_base($download_element->get_base_id(), "nowatermark")
|
||||
&& !$this->app->getAclForUser($user)->has_preview_grant($download_element)
|
||||
&& $sd[$name]->get_type() == media_subdef::TYPE_IMAGE) {
|
||||
$path = recordutils_image::watermark($this->app, $sd[$name]);
|
||||
if (file_exists($path)) {
|
||||
@@ -776,7 +776,7 @@ class set_export extends set_abstract
|
||||
$log["shortXml"] = $app['serializer.caption']->serialize($record_object->get_caption(), CaptionSerializer::SERIALIZE_XML);
|
||||
$tmplog[$record_object->get_base_id()][] = $log;
|
||||
if (!$anonymous && $o == 'document' && null !== $app->getAuthenticatedUser()) {
|
||||
$app['acl']->get($app->getAuthenticatedUser())->remove_remaining($record_object->get_base_id());
|
||||
$app->getAclForUser($app->getAuthenticatedUser())->remove_remaining($record_object->get_base_id());
|
||||
}
|
||||
}
|
||||
|
||||
@@ -794,11 +794,11 @@ class set_export extends set_abstract
|
||||
$stmt = $app['phraseanet.appbox']->get_connection()->prepare($sql);
|
||||
|
||||
foreach ($list_base as $base_id) {
|
||||
if ($app['acl']->get($app->getAuthenticatedUser())->is_restricted_download($base_id)) {
|
||||
if ($app->getAclForUser($app->getAuthenticatedUser())->is_restricted_download($base_id)) {
|
||||
$params = [
|
||||
':remain_dl' => $app['acl']->get($app->getAuthenticatedUser())->remaining_download($base_id)
|
||||
':remain_dl' => $app->getAclForUser($app->getAuthenticatedUser())->remaining_download($base_id)
|
||||
, ':base_id' => $base_id
|
||||
, ':usr_id' => $app['acl']->get($app->getAuthenticatedUser())->getId()
|
||||
, ':usr_id' => $app->getAclForUser($app->getAuthenticatedUser())->getId()
|
||||
];
|
||||
|
||||
$stmt->execute($params);
|
||||
|
||||
@@ -57,26 +57,26 @@ class set_selection extends set_abstract
|
||||
$sbas_id = $record->get_sbas_id();
|
||||
$record_id = $record->get_record_id();
|
||||
if (! $rights) {
|
||||
if ($this->app['acl']->get($this->app->getAuthenticatedUser())->has_hd_grant($record)) {
|
||||
if ($this->app->getAclForUser($this->app->getAuthenticatedUser())->has_hd_grant($record)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
if ($this->app['acl']->get($this->app->getAuthenticatedUser())->has_preview_grant($record)) {
|
||||
if ($this->app->getAclForUser($this->app->getAuthenticatedUser())->has_preview_grant($record)) {
|
||||
continue;
|
||||
}
|
||||
if ( ! $this->app['acl']->get($this->app->getAuthenticatedUser())->has_access_to_base($base_id)) {
|
||||
if ( ! $this->app->getAclForUser($this->app->getAuthenticatedUser())->has_access_to_base($base_id)) {
|
||||
$to_remove[] = $id;
|
||||
continue;
|
||||
}
|
||||
} else {
|
||||
foreach ($rights as $right) {
|
||||
if ( ! $this->app['acl']->get($this->app->getAuthenticatedUser())->has_right_on_base($base_id, $right)) {
|
||||
if ( ! $this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_base($base_id, $right)) {
|
||||
$to_remove[] = $id;
|
||||
continue;
|
||||
}
|
||||
}
|
||||
foreach ($sbas_rights as $right) {
|
||||
if ( ! $this->app['acl']->get($this->app->getAuthenticatedUser())->has_right_on_sbas($sbas_id, $right)) {
|
||||
if ( ! $this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_sbas($sbas_id, $right)) {
|
||||
$to_remove[] = $id;
|
||||
continue;
|
||||
}
|
||||
@@ -88,8 +88,8 @@ class set_selection extends set_abstract
|
||||
|
||||
$sql = 'SELECT record_id
|
||||
FROM record
|
||||
WHERE ((status ^ ' . $this->app['acl']->get($this->app->getAuthenticatedUser())->get_mask_xor($base_id) . ')
|
||||
& ' . $this->app['acl']->get($this->app->getAuthenticatedUser())->get_mask_and($base_id) . ')=0
|
||||
WHERE ((status ^ ' . $this->app->getAclForUser($this->app->getAuthenticatedUser())->get_mask_xor($base_id) . ')
|
||||
& ' . $this->app->getAclForUser($this->app->getAuthenticatedUser())->get_mask_and($base_id) . ')=0
|
||||
AND record_id = :record_id';
|
||||
|
||||
$stmt = $connsbas->prepare($sql);
|
||||
|
||||
@@ -10,7 +10,7 @@ class ACLProviderTest extends \PhraseanetTestCase
|
||||
{
|
||||
public function testGetACL()
|
||||
{
|
||||
$acl = self::$DI['app']['acl']->get(self::$DI['user']);
|
||||
$acl = self::$DI['app']->getAclForUser(self::$DI['user']);
|
||||
|
||||
$this->assertInstanceOf('\ACL', $acl);
|
||||
}
|
||||
|
||||
@@ -281,7 +281,7 @@ class AdminCollectionTest extends \PhraseanetAuthenticatedWebTestCase
|
||||
|
||||
$this->checkRedirection(self::$DI['client']->getResponse(), '/admin/collection/' . self::$DI['collection']->get_base_id() . '/?success=1');
|
||||
|
||||
$this->assertTrue(self::$DI['app']['acl']->get(self::$DI['user_alt1'])->has_right_on_base(self::$DI['collection']->get_base_id(), 'order_master'));
|
||||
$this->assertTrue(self::$DI['app']->getAclForUser(self::$DI['user_alt1'])->has_right_on_base(self::$DI['collection']->get_base_id(), 'order_master'));
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -25,7 +25,7 @@ class PublicationTest extends \PhraseanetAuthenticatedWebTestCase
|
||||
$crawler = self::$DI['client']->request('GET', '/admin/publications/list/');
|
||||
$pageContent = self::$DI['client']->getResponse()->getContent();
|
||||
$this->assertTrue(self::$DI['client']->getResponse()->isOk());
|
||||
$feeds = self::$DI['app']['orm.em']->getRepository('Phraseanet:Feed')->getAllForUser(self::$DI['app']['acl']->get(self::$DI['user']));
|
||||
$feeds = self::$DI['app']['orm.em']->getRepository('Phraseanet:Feed')->getAllForUser(self::$DI['app']->getAclForUser(self::$DI['user']));
|
||||
|
||||
foreach ($feeds as $feed) {
|
||||
$this->assertRegExp('/\/admin\/publications\/feed\/' . $feed->getId() . '/', $pageContent);
|
||||
@@ -40,14 +40,14 @@ class PublicationTest extends \PhraseanetAuthenticatedWebTestCase
|
||||
|
||||
public function testCreate()
|
||||
{
|
||||
$feeds = self::$DI['app']['orm.em']->getRepository('Phraseanet:Feed')->getAllForUser(self::$DI['app']['acl']->get(self::$DI['user']));
|
||||
$feeds = self::$DI['app']['orm.em']->getRepository('Phraseanet:Feed')->getAllForUser(self::$DI['app']->getAclForUser(self::$DI['user']));
|
||||
$count = sizeof($feeds);
|
||||
|
||||
$crawler = self::$DI['client']->request('POST', '/admin/publications/create/', ["title" => "hello", "subtitle" => "coucou", "base_id" => self::$DI['collection']->get_base_id()]);
|
||||
|
||||
$this->assertTrue(self::$DI['client']->getResponse()->isRedirect('/admin/publications/list/'));
|
||||
|
||||
$feeds = self::$DI['app']['orm.em']->getRepository('Phraseanet:Feed')->getAllForUser(self::$DI['app']['acl']->get(self::$DI['user']));
|
||||
$feeds = self::$DI['app']['orm.em']->getRepository('Phraseanet:Feed')->getAllForUser(self::$DI['app']->getAclForUser(self::$DI['user']));
|
||||
$count_after = sizeof($feeds);
|
||||
$this->assertGreaterThan($count, $count_after);
|
||||
}
|
||||
|
||||
@@ -69,9 +69,9 @@ class UsersTest extends \PhraseanetAuthenticatedWebTestCase
|
||||
$datas = json_decode($response->getContent());
|
||||
$this->assertFalse($datas->error);
|
||||
|
||||
$this->assertTrue(self::$DI['app']['acl']->get($user)->has_right_on_base(self::$DI['collection']->get_base_id(), "manage"));
|
||||
$this->assertTrue(self::$DI['app']['acl']->get($user)->has_right_on_base(self::$DI['collection']->get_base_id(), "canpush"));
|
||||
$this->assertTrue(self::$DI['app']['acl']->get($user)->has_right_on_base(self::$DI['collection']->get_base_id(), "canreport"));
|
||||
$this->assertTrue(self::$DI['app']->getAclForUser($user)->has_right_on_base(self::$DI['collection']->get_base_id(), "manage"));
|
||||
$this->assertTrue(self::$DI['app']->getAclForUser($user)->has_right_on_base(self::$DI['collection']->get_base_id(), "canpush"));
|
||||
$this->assertTrue(self::$DI['app']->getAclForUser($user)->has_right_on_base(self::$DI['collection']->get_base_id(), "canreport"));
|
||||
|
||||
self::$DI['app']['orm.em']->refresh($user);
|
||||
self::$DI['app']['manipulator.user']->delete($user);
|
||||
@@ -94,7 +94,7 @@ class UsersTest extends \PhraseanetAuthenticatedWebTestCase
|
||||
|
||||
public function testRouteQuota()
|
||||
{
|
||||
$keys = array_keys(self::$DI['app']['acl']->get(self::$DI['user'])->get_granted_base());
|
||||
$keys = array_keys(self::$DI['app']->getAclForUser(self::$DI['user'])->get_granted_base());
|
||||
$base_id = array_pop($keys);
|
||||
$params = ['base_id' => $base_id, 'users' => self::$DI['user']->getId()];
|
||||
self::$DI['client']->request('POST', '/admin/users/rights/quotas/', $params);
|
||||
@@ -114,7 +114,7 @@ class UsersTest extends \PhraseanetAuthenticatedWebTestCase
|
||||
|
||||
public function testRouteQuotaRemove()
|
||||
{
|
||||
$keys = array_keys(self::$DI['app']['acl']->get(self::$DI['user'])->get_granted_base());
|
||||
$keys = array_keys(self::$DI['app']->getAclForUser(self::$DI['user'])->get_granted_base());
|
||||
$base_id = array_pop($keys);
|
||||
$params = ['base_id' => $base_id, 'users' => self::$DI['user']->getId()];
|
||||
|
||||
@@ -125,7 +125,7 @@ class UsersTest extends \PhraseanetAuthenticatedWebTestCase
|
||||
|
||||
public function testRouteRightTime()
|
||||
{
|
||||
$keys = array_keys(self::$DI['app']['acl']->get(self::$DI['user'])->get_granted_base());
|
||||
$keys = array_keys(self::$DI['app']->getAclForUser(self::$DI['user'])->get_granted_base());
|
||||
$base_id = array_pop($keys);
|
||||
$params = ['base_id' => $base_id, 'users' => self::$DI['user']->getId()];
|
||||
|
||||
@@ -188,7 +188,7 @@ class UsersTest extends \PhraseanetAuthenticatedWebTestCase
|
||||
|
||||
public function testRouteRightMask()
|
||||
{
|
||||
$keys = array_keys(self::$DI['app']['acl']->get(self::$DI['user'])->get_granted_base());
|
||||
$keys = array_keys(self::$DI['app']->getAclForUser(self::$DI['user'])->get_granted_base());
|
||||
$base_id = array_pop($keys);
|
||||
$params = ['base_id' => $base_id, 'users' => self::$DI['user']->getId()];
|
||||
|
||||
@@ -333,7 +333,7 @@ class UsersTest extends \PhraseanetAuthenticatedWebTestCase
|
||||
{
|
||||
$user = self::$DI['app']['manipulator.user']->createUser(uniqid('user_'), "test");
|
||||
|
||||
self::$DI['app']['acl']->get($user)->give_access_to_sbas(array_keys(self::$DI['app']->getDataboxes()));
|
||||
self::$DI['app']->getAclForUser($user)->give_access_to_sbas(array_keys(self::$DI['app']->getDataboxes()));
|
||||
|
||||
foreach (self::$DI['app']->getDataboxes() as $databox) {
|
||||
|
||||
@@ -344,11 +344,11 @@ class UsersTest extends \PhraseanetAuthenticatedWebTestCase
|
||||
, 'bas_chupub' => '1'
|
||||
];
|
||||
|
||||
self::$DI['app']['acl']->get($user)->update_rights_to_sbas($databox->get_sbas_id(), $rights);
|
||||
self::$DI['app']->getAclForUser($user)->update_rights_to_sbas($databox->get_sbas_id(), $rights);
|
||||
|
||||
foreach ($databox->get_collections() as $collection) {
|
||||
$base_id = $collection->get_base_id();
|
||||
self::$DI['app']['acl']->get($user)->give_access_to_base([$base_id]);
|
||||
self::$DI['app']->getAclForUser($user)->give_access_to_base([$base_id]);
|
||||
|
||||
$rights = [
|
||||
'canputinalbum' => '1'
|
||||
@@ -357,7 +357,7 @@ class UsersTest extends \PhraseanetAuthenticatedWebTestCase
|
||||
, 'nowatermark' => '1'
|
||||
];
|
||||
|
||||
self::$DI['app']['acl']->get($user)->update_rights_to_base($collection->get_base_id(), $rights);
|
||||
self::$DI['app']->getAclForUser($user)->update_rights_to_base($collection->get_base_id(), $rights);
|
||||
break;
|
||||
}
|
||||
}
|
||||
@@ -369,7 +369,7 @@ class UsersTest extends \PhraseanetAuthenticatedWebTestCase
|
||||
$datas = json_decode($response->getContent());
|
||||
$this->assertTrue(is_object($datas));
|
||||
$this->assertFalse($datas->error);
|
||||
$this->assertFalse(self::$DI['app']['acl']->get($user)->has_access_to_base($base_id));
|
||||
$this->assertFalse(self::$DI['app']->getAclForUser($user)->has_access_to_base($base_id));
|
||||
self::$DI['app']['manipulator.user']->delete($user);
|
||||
}
|
||||
|
||||
@@ -436,7 +436,7 @@ class UsersTest extends \PhraseanetAuthenticatedWebTestCase
|
||||
// create a template
|
||||
if (null === self::$DI['app']['repo.users']->findByLogin('csv_template')) {
|
||||
$user = self::$DI['app']['manipulator.user']->createTemplate('csv_template', self::$DI['app']->getAuthenticatedUser());
|
||||
self::$DI['app']['acl']->get($user)->update_rights_to_base(self::$DI['collection']->get_base_id(), ['actif'=> 1]);
|
||||
self::$DI['app']->getAclForUser($user)->update_rights_to_base(self::$DI['collection']->get_base_id(), ['actif'=> 1]);
|
||||
}
|
||||
|
||||
$nativeQueryMock = $this->getMockBuilder('Alchemy\Phrasea\Model\NativeQueryProvider')
|
||||
|
||||
@@ -973,7 +973,7 @@ abstract class ApiTestCase extends \PhraseanetWebTestCase
|
||||
{
|
||||
$this->setToken($this->userAccessToken);
|
||||
|
||||
self::$DI['app']['acl']->get(self::$DI['user_notAdmin'])->update_rights_to_base(self::$DI['collection']->get_base_id(), array(
|
||||
self::$DI['app']->getAclForUser(self::$DI['user_notAdmin'])->update_rights_to_base(self::$DI['collection']->get_base_id(), array(
|
||||
'candwnldpreview' => 1,
|
||||
'candwnldhd' => 1
|
||||
));
|
||||
@@ -1011,7 +1011,7 @@ abstract class ApiTestCase extends \PhraseanetWebTestCase
|
||||
{
|
||||
$this->setToken($this->userAccessToken);
|
||||
|
||||
self::$DI['app']['acl']->get(self::$DI['user_notAdmin'])->update_rights_to_base(self::$DI['collection']->get_base_id(), array(
|
||||
self::$DI['app']->getAclForUser(self::$DI['user_notAdmin'])->update_rights_to_base(self::$DI['collection']->get_base_id(), array(
|
||||
'candwnldpreview' => 1,
|
||||
'candwnldhd' => 0
|
||||
));
|
||||
@@ -1035,7 +1035,7 @@ abstract class ApiTestCase extends \PhraseanetWebTestCase
|
||||
{
|
||||
$this->setToken($this->userAccessToken);
|
||||
|
||||
self::$DI['app']['acl']->get(self::$DI['user_notAdmin'])->update_rights_to_base(self::$DI['collection']->get_base_id(), array(
|
||||
self::$DI['app']->getAclForUser(self::$DI['user_notAdmin'])->update_rights_to_base(self::$DI['collection']->get_base_id(), array(
|
||||
'candwnldpreview' => 0,
|
||||
'candwnldhd' => 0
|
||||
));
|
||||
|
||||
@@ -18,7 +18,7 @@ class FeedTest extends \PhraseanetAuthenticatedWebTestCase
|
||||
{
|
||||
$crawler = self::$DI['client']->request('POST', '/prod/feeds/requestavailable/');
|
||||
$this->assertTrue(self::$DI['client']->getResponse()->isOk());
|
||||
$feeds = self::$DI['app']['orm.em']->getRepository('Phraseanet:Feed')->getAllForUser(self::$DI['app']['acl']->get(self::$DI['user']));
|
||||
$feeds = self::$DI['app']['orm.em']->getRepository('Phraseanet:Feed')->getAllForUser(self::$DI['app']->getAclForUser(self::$DI['user']));
|
||||
foreach ($feeds as $one_feed) {
|
||||
if ($one_feed->isPublisher(self::$DI['user'])) {
|
||||
$this->assertEquals(1, $crawler->filterXPath("//input[@value='" . $one_feed->getId() . "' and @name='feed_proposal[]']")->count());
|
||||
@@ -338,7 +338,7 @@ class FeedTest extends \PhraseanetAuthenticatedWebTestCase
|
||||
{
|
||||
$crawler = self::$DI['client']->request('GET', '/prod/feeds/');
|
||||
$this->assertTrue(self::$DI['client']->getResponse()->isOk());
|
||||
$feeds = self::$DI['app']['orm.em']->getRepository('Phraseanet:Feed')->getAllForUser(self::$DI['app']['acl']->get(self::$DI['user']));
|
||||
$feeds = self::$DI['app']['orm.em']->getRepository('Phraseanet:Feed')->getAllForUser(self::$DI['app']->getAclForUser(self::$DI['user']));
|
||||
|
||||
foreach ($feeds as $one_feed) {
|
||||
$path = CssSelector::toXPath("ul.submenu a[href='/prod/feeds/feed/" . $one_feed->getId() . "/']");
|
||||
@@ -355,7 +355,7 @@ class FeedTest extends \PhraseanetAuthenticatedWebTestCase
|
||||
public function testGetFeed()
|
||||
{
|
||||
$feed = self::$DI['app']['orm.em']->find('Phraseanet:Feed', 1);
|
||||
$feeds = self::$DI['app']['orm.em']->getRepository('Phraseanet:Feed')->getAllForUser(self::$DI['app']['acl']->get(self::$DI['user']));
|
||||
$feeds = self::$DI['app']['orm.em']->getRepository('Phraseanet:Feed')->getAllForUser(self::$DI['app']->getAclForUser(self::$DI['user']));
|
||||
$crawler = self::$DI['client']->request('GET', '/prod/feeds/feed/' . $feed->getId() . "/");
|
||||
|
||||
foreach ($feeds as $one_feed) {
|
||||
|
||||
@@ -46,7 +46,7 @@ class QueryTest extends \PhraseanetAuthenticatedWebTestCase
|
||||
self::$DI['record_2'];
|
||||
|
||||
$options = new SearchEngineOptions();
|
||||
$options->onCollections(self::$DI['app']['acl']->get(self::$DI['app']->getAuthenticatedUser())->get_granted_base());
|
||||
$options->onCollections(self::$DI['app']->getAclForUser(self::$DI['app']->getAuthenticatedUser())->get_granted_base());
|
||||
$serializedOptions = $options->serialize();
|
||||
|
||||
self::$DI['client']->request('POST', '/prod/query/answer-train/', [
|
||||
|
||||
@@ -122,7 +122,7 @@ class RecordsTest extends \PhraseanetAuthenticatedWebTestCase
|
||||
self::$DI['record_1'];
|
||||
|
||||
$options = new SearchEngineOptions();
|
||||
$acl = self::$DI['app']['acl']->get(self::$DI['app']->getAuthenticatedUser());
|
||||
$acl = self::$DI['app']->getAclForUser(self::$DI['app']->getAuthenticatedUser());
|
||||
$options->onCollections($acl->get_granted_base());
|
||||
$serializedOptions = $options->serialize();
|
||||
|
||||
|
||||
@@ -17,7 +17,7 @@ class StoryTest extends \PhraseanetAuthenticatedWebTestCase
|
||||
self::$DI['app']['phraseanet.SE'] = $this->createSearchEngineMock();
|
||||
$route = "/prod/story/";
|
||||
|
||||
$collections = self::$DI['app']['acl']->get(self::$DI['app']->getAuthenticatedUser())
|
||||
$collections = self::$DI['app']->getAclForUser(self::$DI['app']->getAuthenticatedUser())
|
||||
->get_granted_base(['canaddrecord']);
|
||||
|
||||
$collection = array_shift($collections);
|
||||
@@ -46,7 +46,7 @@ class StoryTest extends \PhraseanetAuthenticatedWebTestCase
|
||||
{
|
||||
$route = "/prod/story/";
|
||||
|
||||
$collections = self::$DI['app']['acl']->get(self::$DI['app']->getAuthenticatedUser())
|
||||
$collections = self::$DI['app']->getAclForUser(self::$DI['app']->getAuthenticatedUser())
|
||||
->get_granted_base(['canaddrecord']);
|
||||
|
||||
$collection = array_shift($collections);
|
||||
|
||||
@@ -54,7 +54,7 @@ class TOUTest extends \PhraseanetAuthenticatedWebTestCase
|
||||
unset($response, $databoxes);
|
||||
|
||||
foreach ($databox->get_collections() as $collection) {
|
||||
$this->assertFalse(self::$DI['app']['acl']->get(self::$DI['user_alt2'])->has_access_to_base($collection->get_base_id()));
|
||||
$this->assertFalse(self::$DI['app']->getAclForUser(self::$DI['user_alt2'])->has_access_to_base($collection->get_base_id()));
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -78,7 +78,7 @@ class RecordsRequestTest extends \PhraseanetAuthenticatedTestCase
|
||||
|
||||
public function testSimpleWithoutSbasRights()
|
||||
{
|
||||
self::$DI['app']['acl']->get(self::$DI['app']->getAuthenticatedUser())
|
||||
self::$DI['app']->getAclForUser(self::$DI['app']->getAuthenticatedUser())
|
||||
->update_rights_to_sbas(self::$DI['record_2']->get_sbas_id(), ['bas_chupub' => 0]);
|
||||
|
||||
$request = new Request([
|
||||
@@ -104,7 +104,7 @@ class RecordsRequestTest extends \PhraseanetAuthenticatedTestCase
|
||||
|
||||
public function testSimpleWithoutBasRights()
|
||||
{
|
||||
self::$DI['app']['acl']->get(self::$DI['app']->getAuthenticatedUser())
|
||||
self::$DI['app']->getAclForUser(self::$DI['app']->getAuthenticatedUser())
|
||||
->update_rights_to_base(self::$DI['record_2']->get_base_id(), ['chgstatus' => 0]);
|
||||
|
||||
$request = new Request([
|
||||
|
||||
@@ -243,7 +243,7 @@ class LoginTest extends \PhraseanetAuthenticatedWebTestCase
|
||||
$revokeBases[] = $collection->get_base_id();
|
||||
}
|
||||
}
|
||||
self::$DI['app']['acl']->get($user)->revoke_access_from_bases($revokeBases);
|
||||
self::$DI['app']->getAclForUser($user)->revoke_access_from_bases($revokeBases);
|
||||
$this->deleteRequest();
|
||||
|
||||
self::$DI['client']->request('GET', '/login/register-confirm/', ['code' => $token->getValue()]);
|
||||
@@ -1287,7 +1287,7 @@ class LoginTest extends \PhraseanetAuthenticatedWebTestCase
|
||||
*/
|
||||
public function testGuestAuthenticate()
|
||||
{
|
||||
self::$DI['app']['acl']->get(self::$DI['user_guest'])->give_access_to_base([self::$DI['collection']->get_base_id()]);
|
||||
self::$DI['app']->getAclForUser(self::$DI['user_guest'])->give_access_to_base([self::$DI['collection']->get_base_id()]);
|
||||
|
||||
$this->logout(self::$DI['app']);
|
||||
|
||||
@@ -1314,7 +1314,7 @@ class LoginTest extends \PhraseanetAuthenticatedWebTestCase
|
||||
$this->assertEquals($context, $event->getContext()->getContext());
|
||||
});
|
||||
|
||||
self::$DI['app']['acl']->get(self::$DI['user_guest'])->give_access_to_base([self::$DI['collection']->get_base_id()]);
|
||||
self::$DI['app']->getAclForUser(self::$DI['user_guest'])->give_access_to_base([self::$DI['collection']->get_base_id()]);
|
||||
|
||||
$this->logout(self::$DI['app']);
|
||||
|
||||
@@ -1329,7 +1329,7 @@ class LoginTest extends \PhraseanetAuthenticatedWebTestCase
|
||||
*/
|
||||
public function testGuestAuthenticateWithGetMethod()
|
||||
{
|
||||
self::$DI['app']['acl']->get(self::$DI['user_guest'])->give_access_to_base([self::$DI['collection']->get_base_id()]);
|
||||
self::$DI['app']->getAclForUser(self::$DI['user_guest'])->give_access_to_base([self::$DI['collection']->get_base_id()]);
|
||||
$this->logout(self::$DI['app']);
|
||||
|
||||
$this->set_user_agent(self::USER_AGENT_FIREFOX8MAC, self::$DI['app']);
|
||||
|
||||
@@ -11,7 +11,7 @@ class ACLManipulatorTest extends \PhraseanetTestCase
|
||||
public function testResetAdminRights()
|
||||
{
|
||||
$user = self::$DI['app']['manipulator.user']->createUser(uniqid('toto'), 'toto', null, true);
|
||||
$acl = self::$DI['app']['acl']->get($user);
|
||||
$acl = self::$DI['app']->getAclForUser($user);
|
||||
|
||||
$databoxId = null;
|
||||
$baseId = null;
|
||||
@@ -59,7 +59,7 @@ class ACLManipulatorTest extends \PhraseanetTestCase
|
||||
self::$DI['app']['manipulator.acl']->resetAdminRights($user);
|
||||
|
||||
self::$DI['app']['acl']->purge();
|
||||
$acl = self::$DI['app']['acl']->get($user);
|
||||
$acl = self::$DI['app']->getAclForUser($user);
|
||||
|
||||
if ($baseId === null) {
|
||||
$this->fail("Need at least one collection");
|
||||
|
||||
@@ -14,7 +14,7 @@ class ACLTest extends \PhraseanetTestCase
|
||||
parent::setUp();
|
||||
|
||||
self::resetUsersRights(self::$DI['app'], self::$DI['user']);
|
||||
$this->object = self::$DI['app']['acl']->get(self::$DI['user']);
|
||||
$this->object = self::$DI['app']->getAclForUser(self::$DI['user']);
|
||||
}
|
||||
|
||||
public function tearDown()
|
||||
@@ -60,42 +60,42 @@ class ACLTest extends \PhraseanetTestCase
|
||||
public function testApplyModel()
|
||||
{
|
||||
$base_ids = [self::$DI['collection']->get_base_id()];
|
||||
self::$DI['app']['acl']->get(self::$DI['user_template'])->give_access_to_base($base_ids);
|
||||
self::$DI['app']->getAclForUser(self::$DI['user_template'])->give_access_to_base($base_ids);
|
||||
|
||||
foreach ($base_ids as $base_id) {
|
||||
self::$DI['app']['acl']->get(self::$DI['user_template'])->set_limits($base_id, 0);
|
||||
self::$DI['app']->getAclForUser(self::$DI['user_template'])->set_limits($base_id, 0);
|
||||
}
|
||||
|
||||
self::$DI['app']['acl']->get(self::$DI['user_1'])->apply_model(self::$DI['user_template'], $base_ids);
|
||||
self::$DI['app']->getAclForUser(self::$DI['user_1'])->apply_model(self::$DI['user_template'], $base_ids);
|
||||
|
||||
foreach ($base_ids as $base_id) {
|
||||
$this->assertTrue(self::$DI['app']['acl']->get(self::$DI['user_1'])->has_access_to_base($base_id));
|
||||
$this->assertTrue(self::$DI['app']->getAclForUser(self::$DI['user_1'])->has_access_to_base($base_id));
|
||||
}
|
||||
|
||||
foreach ($base_ids as $base_id) {
|
||||
$this->assertNull(self::$DI['app']['acl']->get(self::$DI['user_1'])->get_limits($base_id));
|
||||
$this->assertNull(self::$DI['app']->getAclForUser(self::$DI['user_1'])->get_limits($base_id));
|
||||
}
|
||||
}
|
||||
|
||||
public function testApplyModelWithTimeLimit()
|
||||
{
|
||||
$base_ids = [self::$DI['collection']->get_base_id()];
|
||||
self::$DI['app']['acl']->get(self::$DI['user_template'])->give_access_to_base($base_ids);
|
||||
self::$DI['app']->getAclForUser(self::$DI['user_template'])->give_access_to_base($base_ids);
|
||||
|
||||
$limit_from = new \DateTime('-1 day');
|
||||
$limit_to = new \DateTime('+1 day');
|
||||
|
||||
foreach ($base_ids as $base_id) {
|
||||
self::$DI['app']['acl']->get(self::$DI['user_template'])->set_limits($base_id, 1, $limit_from, $limit_to);
|
||||
self::$DI['app']->getAclForUser(self::$DI['user_template'])->set_limits($base_id, 1, $limit_from, $limit_to);
|
||||
}
|
||||
|
||||
self::$DI['app']['acl']->get(self::$DI['user_2'])->apply_model(self::$DI['user_template'], $base_ids);
|
||||
self::$DI['app']->getAclForUser(self::$DI['user_2'])->apply_model(self::$DI['user_template'], $base_ids);
|
||||
|
||||
foreach ($base_ids as $base_id) {
|
||||
$this->assertTrue(self::$DI['app']['acl']->get(self::$DI['user_2'])->has_access_to_base($base_id));
|
||||
$this->assertTrue(self::$DI['app']->getAclForUser(self::$DI['user_2'])->has_access_to_base($base_id));
|
||||
}
|
||||
foreach ($base_ids as $base_id) {
|
||||
$this->assertEquals(['dmin' => $limit_from, 'dmax' => $limit_to], self::$DI['app']['acl']->get(self::$DI['user_2'])->get_limits($base_id));
|
||||
$this->assertEquals(['dmin' => $limit_from, 'dmax' => $limit_to], self::$DI['app']->getAclForUser(self::$DI['user_2'])->get_limits($base_id));
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -119,7 +119,7 @@ abstract class PhraseanetAuthenticatedWebTestCase extends \PhraseanetAuthenticat
|
||||
, 'bas_chupub' => '1'
|
||||
];
|
||||
|
||||
$app['acl']->get($app->getAuthenticatedUser())->update_rights_to_sbas($databox->get_sbas_id(), $rights);
|
||||
$app->getAclForUser($app->getAuthenticatedUser())->update_rights_to_sbas($databox->get_sbas_id(), $rights);
|
||||
|
||||
$databox->registerAdmin($app->getAuthenticatedUser());
|
||||
|
||||
|
||||
@@ -457,9 +457,9 @@ abstract class PhraseanetTestCase extends WebTestCase
|
||||
switch ($user->getId()) {
|
||||
case self::$fixtureIds['user']['test_phpunit']:
|
||||
self::giveRightsToUser($app, $user);
|
||||
$app['acl']->get($user)->set_admin(true);
|
||||
$app['acl']->get($user)->revoke_access_from_bases([self::$DI['collection_no_access']->get_base_id()]);
|
||||
$app['acl']->get($user)->set_masks_on_base(self::$DI['collection_no_access_by_status']->get_base_id(), '00000000000000000000000000010000', '00000000000000000000000000010000', '00000000000000000000000000010000', '00000000000000000000000000010000');
|
||||
$app->getAclForUser($user)->set_admin(true);
|
||||
$app->getAclForUser($user)->revoke_access_from_bases([self::$DI['collection_no_access']->get_base_id()]);
|
||||
$app->getAclForUser($user)->set_masks_on_base(self::$DI['collection_no_access_by_status']->get_base_id(), '00000000000000000000000000010000', '00000000000000000000000000010000', '00000000000000000000000000010000', '00000000000000000000000000010000');
|
||||
break;
|
||||
case self::$fixtureIds['user']['user_1']:
|
||||
case self::$fixtureIds['user']['user_2']:
|
||||
@@ -469,9 +469,9 @@ abstract class PhraseanetTestCase extends WebTestCase
|
||||
case self::$fixtureIds['user']['test_phpunit_alt2']:
|
||||
case self::$fixtureIds['user']['user_template']:
|
||||
self::giveRightsToUser($app, $user);
|
||||
$app['acl']->get($user)->set_admin(false);
|
||||
$app['acl']->get($user)->revoke_access_from_bases([self::$DI['collection_no_access']->get_base_id()]);
|
||||
$app['acl']->get($user)->set_masks_on_base(self::$DI['collection_no_access_by_status']->get_base_id(), '00000000000000000000000000010000', '00000000000000000000000000010000', '00000000000000000000000000010000', '00000000000000000000000000010000');
|
||||
$app->getAclForUser($user)->set_admin(false);
|
||||
$app->getAclForUser($user)->revoke_access_from_bases([self::$DI['collection_no_access']->get_base_id()]);
|
||||
$app->getAclForUser($user)->set_masks_on_base(self::$DI['collection_no_access_by_status']->get_base_id(), '00000000000000000000000000010000', '00000000000000000000000000010000', '00000000000000000000000000010000', '00000000000000000000000000010000');
|
||||
break;
|
||||
default:
|
||||
throw new \InvalidArgumentException(sprintf('User %s not found', $user->getLogin()));
|
||||
@@ -485,12 +485,12 @@ abstract class PhraseanetTestCase extends WebTestCase
|
||||
*/
|
||||
public static function giveRightsToUser(Application $app, User $user, $base_ids = null, $force = false)
|
||||
{
|
||||
$app['acl']->get($user)->delete_data_from_cache(\ACL::CACHE_GLOBAL_RIGHTS);
|
||||
$app['acl']->get($user)->delete_data_from_cache(databox::CACHE_COLLECTIONS);
|
||||
$app['acl']->get($user)->give_access_to_sbas(array_keys($app->getDataboxes()));
|
||||
$app->getAclForUser($user)->delete_data_from_cache(\ACL::CACHE_GLOBAL_RIGHTS);
|
||||
$app->getAclForUser($user)->delete_data_from_cache(databox::CACHE_COLLECTIONS);
|
||||
$app->getAclForUser($user)->give_access_to_sbas(array_keys($app->getDataboxes()));
|
||||
|
||||
foreach ($app->getDataboxes() as $databox) {
|
||||
$app['acl']->get($user)->delete_data_from_cache(\ACL::CACHE_RIGHTS_SBAS);
|
||||
$app->getAclForUser($user)->delete_data_from_cache(\ACL::CACHE_RIGHTS_SBAS);
|
||||
|
||||
$rights = [
|
||||
'bas_manage' => '1'
|
||||
@@ -499,7 +499,7 @@ abstract class PhraseanetTestCase extends WebTestCase
|
||||
, 'bas_chupub' => '1'
|
||||
];
|
||||
|
||||
$app['acl']->get($user)->update_rights_to_sbas($databox->get_sbas_id(), $rights);
|
||||
$app->getAclForUser($user)->update_rights_to_sbas($databox->get_sbas_id(), $rights);
|
||||
|
||||
foreach ($databox->get_collections() as $collection) {
|
||||
if (null !== $base_ids && !in_array($collection->get_base_id(), (array) $base_ids, true)) {
|
||||
@@ -509,13 +509,13 @@ abstract class PhraseanetTestCase extends WebTestCase
|
||||
$base_id = $collection->get_base_id();
|
||||
|
||||
|
||||
if ($app['acl']->get($user)->has_access_to_base($base_id) && false === $force) {
|
||||
if ($app->getAclForUser($user)->has_access_to_base($base_id) && false === $force) {
|
||||
continue;
|
||||
}
|
||||
|
||||
$app['acl']->get($user)->delete_data_from_cache(\ACL::CACHE_RIGHTS_BAS);
|
||||
$app['acl']->get($user)->give_access_to_base([$base_id]);
|
||||
$app['acl']->get($user)->update_rights_to_base($base_id, ['order_master' => true]);
|
||||
$app->getAclForUser($user)->delete_data_from_cache(\ACL::CACHE_RIGHTS_BAS);
|
||||
$app->getAclForUser($user)->give_access_to_base([$base_id]);
|
||||
$app->getAclForUser($user)->update_rights_to_base($base_id, ['order_master' => true]);
|
||||
|
||||
$rights = [
|
||||
'canputinalbum' => '1'
|
||||
@@ -538,7 +538,7 @@ abstract class PhraseanetTestCase extends WebTestCase
|
||||
, 'bas_modify_struct' => '1'
|
||||
];
|
||||
|
||||
$app['acl']->get($user)->update_rights_to_base($collection->get_base_id(), $rights);
|
||||
$app->getAclForUser($user)->update_rights_to_base($collection->get_base_id(), $rights);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -25,7 +25,7 @@ class Session_LoggerTest extends \PhraseanetAuthenticatedTestCase
|
||||
$this->authenticate(self::$DI['app']);
|
||||
$logger_creater = self::$DI['app']['phraseanet.logger'];
|
||||
|
||||
foreach (self::$DI['app']['acl']->get($user)->get_granted_sbas() as $databox) {
|
||||
foreach (self::$DI['app']->getAclForUser($user)->get_granted_sbas() as $databox) {
|
||||
$this->object = $logger_creater($databox);
|
||||
$this->databox = $databox;
|
||||
break;
|
||||
|
||||
Reference in New Issue
Block a user