|
Xavier Langlois
|
Thursday 18 June 2009 9:56:12 am
Hello nice people ;) I'm doing an extension wich is able to create a new site by creating a new siteaccess and a new design in a new extension. Everything's fine except this: after my new site generation, when I call my new site URL, I have the "permission denied" error until I add this policy to the anonymous role:
Module: user
Fonction: login
Limitation SiteAccess(<my_new_siteaccess>) I would like to do this with my php code. You might think I'm lazy, 'cause everything should be somewhere near kernel/role/edit.php and policyedit.php, but time is precious and if somebody can help me before I find out by myself, that would be great!
Thank you for you're interest.
Hope to hear from you very soon.
Xavier
--
There were these two cows, chatting over the fence between their fields.
The first cow said, "I tell you, this mad-cow-disease is really pretty scary. Don't you think ?"
The other cow replies, "Hell, I ain't worried, I'm a duck !"
|
|
Carlos Revillo
|
Thursday 18 June 2009 2:28:02 pm
Hi. maybe you can try this
$role = eZRole::fetchByName( 'Anonymous' );
$roleID = $role->ID;
$policy = eZPolicy::createNew( $roleID, array( 'ModuleName'=> "user",
'FunctionName' => "login" ) );
$policyLimitation = eZPolicyLimitation::createNew( $policy->attribute('id'), "SiteAccess", "user", "login" );
$value = eZSys::ezcrc32( "site" ); // your siteaccess here
eZPolicyLimitationValue::createNew( $policyLimitation->attribute( 'id' ), $value );
eZUser::cleanupCache();
of course, you will need to be logged as a user who has permissions to edit roles.
hope it helps.
|
|
Xavier Langlois
|
Friday 19 June 2009 1:48:03 am
Hi Carlos Thank you a lot ! that really speed my work:
my final function if somebody wants it :
it takes care of
- the case : the user login policy doesn't already exists
- the case : the user login policy already exists with others limitation so we want to add ours
- the case : the user login policy already exists but with no limitations so you don't need to add yours cause that will stop the permissions in the others siteaccess
/*
* Add a policy : user / login / siteaccess(<your_siteaccess>) to the role you want
* eg: to add user / login / siteaccess('fr') to the anonymous role you can do
* addUserLoginSiteAccess('fr', 'Anonymous');
* or
* addUserLoginSiteAccess('fr', false, 1); //1 is the ID of the anonymous role
*
*/
function addUserLoginSiteAccess($siteAccessName, $roleName = false, $roleID = false)
{
$res = $oRole = false;
$siteAccessName = trim($siteAccessName);
if($roleID)
{
$oRole = eZRole::fetch( $roleID );
}
else if($roleName)
{
$oRole = eZRole::fetchByName( $roleName );
}
if($oRole && !empty($siteAccessName))
{
$sSiteAccessLimitationValue = eZSys::ezcrc32( $siteAccessName );
$rolePolicyList = $oRole->attribute( 'policies' );
$oPolicy = $oPolicyLimitation = $hasAlready = false;
if(!empty($rolePolicyList))
{
foreach($rolePolicyList as $policy)
{
if($policy->attribute('module_name')=='user' && $policy->attribute('function_name')=='login' )
{
$oPolicy = $policy;//echo '<pre>$oPolicy = '.print_r($oPolicy,true).'</pre>';
break;
}
}
}
if($oPolicy)
{
$policyLimitationList = $oPolicy->limitationList();
if(empty($policyLimitationList))
{
$hasAlready = true;
}
else
{
foreach($policyLimitationList as $limitation)
{
if($limitation->attribute('identifier')=='SiteAccess')
{
$oPolicyLimitation = $limitation;//echo '<pre>$oPolicyLimitation = '.print_r($oPolicyLimitation,true).'</pre>';
$valueList = $oPolicyLimitation->valueList();//echo '<pre>$valueList = '.print_r($valueList,true).'</pre>';
foreach($valueList as $value)
{
if($value->attribute('value') == $sSiteAccessLimitationValue)
{
$hasAlready = true;
break;
}
}
break;
}
}
}
}
if(!$hasAlready)
{
if(!$oPolicy) $oPolicy = eZPolicy::createNew( $oRole->ID , array( 'ModuleName'=> "user",'FunctionName' => "login" ) );
if(!$oPolicyLimitation) $oPolicyLimitation = eZPolicyLimitation::createNew( $oPolicy->attribute('id'), "SiteAccess", "user", "login" );
eZPolicyLimitationValue::createNew( $oPolicyLimitation->attribute( 'id' ), $sSiteAccessLimitationValue );
eZUser::cleanupCache();
}
$res = true;
}
return $res;
}
Thank you again
Bye
Xavier
--
There were these two cows, chatting over the fence between their fields.
The first cow said, "I tell you, this mad-cow-disease is really pretty scary. Don't you think ?"
The other cow replies, "Hell, I ain't worried, I'm a duck !"
|