eZ api based code sample to add a policy to a role

Previous topic

Developer

Next topic

Author	Message
Xavier Langlois	Thursday 18 June 2009 9:56:12 am Hello nice people ;) I'm doing an extension wich is able to create a new site by creating a new siteaccess and a new design in a new extension. Everything's fine except this: after my new site generation, when I call my new site URL, I have the "permission denied" error until I add this policy to the anonymous role: Module: user Fonction: login Limitation SiteAccess(<my_new_siteaccess>) I would like to do this with my php code. You might think I'm lazy, 'cause everything should be somewhere near kernel/role/edit.php and policyedit.php, but time is precious and if somebody can help me before I find out by myself, that would be great! Thank you for you're interest. Hope to hear from you very soon. Xavier -- There were these two cows, chatting over the fence between their fields. The first cow said, "I tell you, this mad-cow-disease is really pretty scary. Don't you think ?" The other cow replies, "Hell, I ain't worried, I'm a duck !"
Carlos Revillo	Thursday 18 June 2009 2:28:02 pm Hi. maybe you can try this $role = eZRole::fetchByName( 'Anonymous' ); $roleID = $role->ID; $policy = eZPolicy::createNew( $roleID, array( 'ModuleName'=> "user", 'FunctionName' => "login" ) ); $policyLimitation = eZPolicyLimitation::createNew( $policy->attribute('id'), "SiteAccess", "user", "login" ); $value = eZSys::ezcrc32( "site" ); // your siteaccess here eZPolicyLimitationValue::createNew( $policyLimitation->attribute( 'id' ), $value ); eZUser::cleanupCache(); of course, you will need to be logged as a user who has permissions to edit roles. hope it helps.
Xavier Langlois	Friday 19 June 2009 1:48:03 am Hi Carlos Thank you a lot ! that really speed my work: my final function if somebody wants it : it takes care of - the case : the user login policy doesn't already exists - the case : the user login policy already exists with others limitation so we want to add ours - the case : the user login policy already exists but with no limitations so you don't need to add yours cause that will stop the permissions in the others siteaccess /* * Add a policy : user / login / siteaccess(<your_siteaccess>) to the role you want * eg: to add user / login / siteaccess('fr') to the anonymous role you can do * addUserLoginSiteAccess('fr', 'Anonymous'); * or * addUserLoginSiteAccess('fr', false, 1); //1 is the ID of the anonymous role * */ function addUserLoginSiteAccess($siteAccessName, $roleName = false, $roleID = false) { $res = $oRole = false; $siteAccessName = trim($siteAccessName); if($roleID) { $oRole = eZRole::fetch( $roleID ); } else if($roleName) { $oRole = eZRole::fetchByName( $roleName ); } if($oRole && !empty($siteAccessName)) { $sSiteAccessLimitationValue = eZSys::ezcrc32( $siteAccessName ); $rolePolicyList = $oRole->attribute( 'policies' ); $oPolicy = $oPolicyLimitation = $hasAlready = false; if(!empty($rolePolicyList)) { foreach($rolePolicyList as $policy) { if($policy->attribute('module_name')=='user' && $policy->attribute('function_name')=='login' ) { $oPolicy = $policy;//echo '<pre>$oPolicy = '.print_r($oPolicy,true).'</pre>'; break; } } } if($oPolicy) { $policyLimitationList = $oPolicy->limitationList(); if(empty($policyLimitationList)) { $hasAlready = true; } else { foreach($policyLimitationList as $limitation) { if($limitation->attribute('identifier')=='SiteAccess') { $oPolicyLimitation = $limitation;//echo '<pre>$oPolicyLimitation = '.print_r($oPolicyLimitation,true).'</pre>'; $valueList = $oPolicyLimitation->valueList();//echo '<pre>$valueList = '.print_r($valueList,true).'</pre>'; foreach($valueList as $value) { if($value->attribute('value') == $sSiteAccessLimitationValue) { $hasAlready = true; break; } } break; } } } } if(!$hasAlready) { if(!$oPolicy) $oPolicy = eZPolicy::createNew( $oRole->ID , array( 'ModuleName'=> "user",'FunctionName' => "login" ) ); if(!$oPolicyLimitation) $oPolicyLimitation = eZPolicyLimitation::createNew( $oPolicy->attribute('id'), "SiteAccess", "user", "login" ); eZPolicyLimitationValue::createNew( $oPolicyLimitation->attribute( 'id' ), $sSiteAccessLimitationValue ); eZUser::cleanupCache(); } $res = true; } return $res; } Thank you again Bye Xavier -- There were these two cows, chatting over the fence between their fields. The first cow said, "I tell you, this mad-cow-disease is really pretty scary. Don't you think ?" The other cow replies, "Hell, I ain't worried, I'm a duck !"

Author

Message

Xavier Langlois

Thursday 18 June 2009 9:56:12 am

Hello nice people ;)

I'm doing an extension wich is able to create a new site by creating a new siteaccess and a new design in a new extension. Everything's fine except this: after my new site generation, when I call my new site URL, I have the "permission denied" error until I add this policy to the anonymous role:

Module: user
Fonction: login
Limitation SiteAccess(<my_new_siteaccess>)

I would like to do this with my php code.

You might think I'm lazy, 'cause everything should be somewhere near kernel/role/edit.php and policyedit.php, but time is precious and if somebody can help me before I find out by myself, that would be great!

Thank you for you're interest.
Hope to hear from you very soon.
Xavier

--
There were these two cows, chatting over the fence between their fields.
The first cow said, "I tell you, this mad-cow-disease is really pretty scary. Don't you think ?"
The other cow replies, "Hell, I ain't worried, I'm a duck !"

Carlos Revillo

Thursday 18 June 2009 2:28:02 pm

Hi. maybe you can try this

$role  = eZRole::fetchByName( 'Anonymous' );
$roleID = $role->ID;
$policy = eZPolicy::createNew( $roleID, array( 'ModuleName'=> "user",
                                               'FunctionName' => "login" ) );
$policyLimitation = eZPolicyLimitation::createNew( $policy->attribute('id'), "SiteAccess", "user", "login" );
$value = eZSys::ezcrc32( "site" ); // your siteaccess here
eZPolicyLimitationValue::createNew( $policyLimitation->attribute( 'id' ), $value );
eZUser::cleanupCache();

of course, you will need to be logged as a user who has permissions to edit roles.
hope it helps.

Xavier Langlois

Friday 19 June 2009 1:48:03 am

Hi Carlos

Thank you a lot ! that really speed my work:

my final function if somebody wants it :
it takes care of
- the case : the user login policy doesn't already exists
- the case : the user login policy already exists with others limitation so we want to add ours
- the case : the user login policy already exists but with no limitations so you don't need to add yours cause that will stop the permissions in the others siteaccess

/*
 * Add a policy : user / login / siteaccess(<your_siteaccess>) to the role you want
 * eg: to add user / login / siteaccess('fr') to the anonymous role you can do
 * addUserLoginSiteAccess('fr', 'Anonymous');
 * or
 * addUserLoginSiteAccess('fr', false, 1); //1 is the ID of the anonymous role
 * 
 */
function addUserLoginSiteAccess($siteAccessName, $roleName = false, $roleID = false)
{
	$res = $oRole = false;
	
	$siteAccessName = trim($siteAccessName);
	
	if($roleID)
	{
		$oRole = eZRole::fetch( $roleID );
	}
	else if($roleName)
	{
		$oRole = eZRole::fetchByName( $roleName );
	}
	
	if($oRole && !empty($siteAccessName))
	{
		$sSiteAccessLimitationValue = eZSys::ezcrc32( $siteAccessName );
		$rolePolicyList = $oRole->attribute( 'policies' );
		$oPolicy = $oPolicyLimitation = $hasAlready = false;
		if(!empty($rolePolicyList))
		{
			foreach($rolePolicyList as $policy)
			{
				if($policy->attribute('module_name')=='user' && $policy->attribute('function_name')=='login' )
				{
					$oPolicy = $policy;//echo '<pre>$oPolicy = '.print_r($oPolicy,true).'</pre>';
					break;
				}
			}
		}
		
		if($oPolicy)
		{
			$policyLimitationList = $oPolicy->limitationList();
			if(empty($policyLimitationList))
			{
				$hasAlready = true;
			}
			else
			{
				foreach($policyLimitationList as $limitation)
				{	
					if($limitation->attribute('identifier')=='SiteAccess')
					{
						$oPolicyLimitation = $limitation;//echo '<pre>$oPolicyLimitation = '.print_r($oPolicyLimitation,true).'</pre>';
						
						$valueList = $oPolicyLimitation->valueList();//echo '<pre>$valueList = '.print_r($valueList,true).'</pre>';
						
						foreach($valueList as $value)
						{
							if($value->attribute('value') == $sSiteAccessLimitationValue)
							{
								$hasAlready = true;
								break;
							}
						}
						
						break;
					}
				}
			}
		}
		
		if(!$hasAlready)
		{
			if(!$oPolicy) $oPolicy = eZPolicy::createNew( $oRole->ID , array( 'ModuleName'=> "user",'FunctionName' => "login" ) );
			if(!$oPolicyLimitation) $oPolicyLimitation = eZPolicyLimitation::createNew( $oPolicy->attribute('id'), "SiteAccess", "user", "login" );
			eZPolicyLimitationValue::createNew( $oPolicyLimitation->attribute( 'id' ), $sSiteAccessLimitationValue );
			eZUser::cleanupCache();
		}
		
		$res = true;
	}
	return $res;
}

Thank you again
Bye
Xavier

eZ debug

Timing:	Jan 18 2025 16:26:49
Script start
Timing:	Jan 18 2025 16:26:49
Module start 'layout'
Timing:	Jan 18 2025 16:26:49
Module start 'content'
Timing:	Jan 18 2025 16:26:50
Module end 'content'
Timing:	Jan 18 2025 16:26:50
Script end

Main resources:

Total runtime	0.7087 sec
Peak memory usage	4,096.0000 KB
Database Queries	57

Timing points:

Checkpoint	Start (sec)	Duration (sec)	Memory at start (KB)	Memory used (KB)
Script start	0.0000	0.0048	588.0469	152.6406
Module start 'layout'	0.0048	0.0026	740.6875	39.4922
Module start 'content'	0.0074	0.6997	780.1797	554.2891
Module end 'content'	0.7071	0.0016	1,334.4688	16.1250
Script end	0.7086		1,350.5938

Time accumulators:

Accumulator	Duration (sec)	Duration (%)	Count	Average (sec)
Ini load
Load cache	0.0031	0.4341	16	0.0002
Check MTime	0.0013	0.1790	16	0.0001
Mysql Total
Database connection	0.0010	0.1384	1	0.0010
Mysqli_queries	0.6599	93.1108	57	0.0116
Looping result	0.0006	0.0784	55	0.0000
Template Total	0.6802	96.0	2	0.3401
Template load	0.0023	0.3285	2	0.0012
Template processing	0.6778	95.6468	2	0.3389
Template load and register function	0.0001	0.0121	1	0.0001
states
state_id_array	0.0007	0.1003	1	0.0007
state_identifier_array	0.0011	0.1606	2	0.0006
Override
Cache load	0.0019	0.2719	32	0.0001
Sytem overhead
Fetch class attribute can translate value	0.0004	0.0604	2	0.0002
Fetch class attribute name	0.0010	0.1479	4	0.0003
XML
Image XML parsing	0.0005	0.0729	2	0.0003
class_abstraction
Instantiating content class attribute	0.0000	0.0017	5	0.0000
General
dbfile	0.0009	0.1214	16	0.0001
String conversion	0.0000	0.0007	4	0.0000
Note: percentages do not add up to 100% because some accumulators overlap

Templates used to render the page:

Usage	Requested template	Template	Template loaded
1	node/view/full.tpl	full/forum_topic.tpl	extension/sevenx/design/simple/override/templates/full/forum_topic.tpl
2	content/datatype/view/ezimage.tpl	<No override>	extension/sevenx/design/simple/templates/content/datatype/view/ezimage.tpl
3	content/datatype/view/ezxmltext.tpl	<No override>	extension/community_design/design/suncana/templates/content/datatype/view/ezxmltext.tpl
8	content/datatype/view/ezxmltags/paragraph.tpl	<No override>	extension/ezwebin/design/ezwebin/templates/content/datatype/view/ezxmltags/paragraph.tpl
5	content/datatype/view/ezxmltags/line.tpl	<No override>	design/standard/templates/content/datatype/view/ezxmltags/line.tpl
2	content/datatype/view/ezxmltags/literal.tpl	<No override>	extension/community/design/standard/templates/content/datatype/view/ezxmltags/literal.tpl
1	print_pagelayout.tpl	<No override>	extension/community/design/community/templates/print_pagelayout.tpl
Number of times templates used: 22 Number of unique templates used: 7

Time used to render debug report: 0.0001 secs