eZ api based code sample to add a policy to a role

Author Message

Xavier Langlois

Thursday 18 June 2009 9:56:12 am

Hello nice people ;)

I'm doing an extension wich is able to create a new site by creating a new siteaccess and a new design in a new extension. Everything's fine except this: after my new site generation, when I call my new site URL, I have the "permission denied" error until I add this policy to the anonymous role:

Module: user
Fonction: login
Limitation SiteAccess(<my_new_siteaccess>)

I would like to do this with my php code.

You might think I'm lazy, 'cause everything should be somewhere near kernel/role/edit.php and policyedit.php, but time is precious and if somebody can help me before I find out by myself, that would be great!

Thank you for you're interest.
Hope to hear from you very soon.
Xavier

--
There were these two cows, chatting over the fence between their fields.
The first cow said, "I tell you, this mad-cow-disease is really pretty scary. Don't you think ?"
The other cow replies, "Hell, I ain't worried, I'm a duck !"

Carlos Revillo

Thursday 18 June 2009 2:28:02 pm

Hi. maybe you can try this

$role  = eZRole::fetchByName( 'Anonymous' );
$roleID = $role->ID;
$policy = eZPolicy::createNew( $roleID, array( 'ModuleName'=> "user",
                                               'FunctionName' => "login" ) );
$policyLimitation = eZPolicyLimitation::createNew( $policy->attribute('id'), "SiteAccess", "user", "login" );
$value = eZSys::ezcrc32( "site" ); // your siteaccess here
eZPolicyLimitationValue::createNew( $policyLimitation->attribute( 'id' ), $value );
eZUser::cleanupCache();

of course, you will need to be logged as a user who has permissions to edit roles.
hope it helps.

Xavier Langlois

Friday 19 June 2009 1:48:03 am

Hi Carlos

Thank you a lot ! that really speed my work:

my final function if somebody wants it :
it takes care of
- the case : the user login policy doesn't already exists
- the case : the user login policy already exists with others limitation so we want to add ours
- the case : the user login policy already exists but with no limitations so you don't need to add yours cause that will stop the permissions in the others siteaccess

/*
 * Add a policy : user / login / siteaccess(<your_siteaccess>) to the role you want
 * eg: to add user / login / siteaccess('fr') to the anonymous role you can do
 * addUserLoginSiteAccess('fr', 'Anonymous');
 * or
 * addUserLoginSiteAccess('fr', false, 1); //1 is the ID of the anonymous role
 * 
 */
function addUserLoginSiteAccess($siteAccessName, $roleName = false, $roleID = false)
{
	$res = $oRole = false;
	
	$siteAccessName = trim($siteAccessName);
	
	if($roleID)
	{
		$oRole = eZRole::fetch( $roleID );
	}
	else if($roleName)
	{
		$oRole = eZRole::fetchByName( $roleName );
	}
	
	if($oRole && !empty($siteAccessName))
	{
		$sSiteAccessLimitationValue = eZSys::ezcrc32( $siteAccessName );
		$rolePolicyList = $oRole->attribute( 'policies' );
		$oPolicy = $oPolicyLimitation = $hasAlready = false;
		if(!empty($rolePolicyList))
		{
			foreach($rolePolicyList as $policy)
			{
				if($policy->attribute('module_name')=='user' && $policy->attribute('function_name')=='login' )
				{
					$oPolicy = $policy;//echo '<pre>$oPolicy = '.print_r($oPolicy,true).'</pre>';
					break;
				}
			}
		}
		
		if($oPolicy)
		{
			$policyLimitationList = $oPolicy->limitationList();
			if(empty($policyLimitationList))
			{
				$hasAlready = true;
			}
			else
			{
				foreach($policyLimitationList as $limitation)
				{	
					if($limitation->attribute('identifier')=='SiteAccess')
					{
						$oPolicyLimitation = $limitation;//echo '<pre>$oPolicyLimitation = '.print_r($oPolicyLimitation,true).'</pre>';
						
						$valueList = $oPolicyLimitation->valueList();//echo '<pre>$valueList = '.print_r($valueList,true).'</pre>';
						
						foreach($valueList as $value)
						{
							if($value->attribute('value') == $sSiteAccessLimitationValue)
							{
								$hasAlready = true;
								break;
							}
						}
						
						break;
					}
				}
			}
		}
		
		if(!$hasAlready)
		{
			if(!$oPolicy) $oPolicy = eZPolicy::createNew( $oRole->ID , array( 'ModuleName'=> "user",'FunctionName' => "login" ) );
			if(!$oPolicyLimitation) $oPolicyLimitation = eZPolicyLimitation::createNew( $oPolicy->attribute('id'), "SiteAccess", "user", "login" );
			eZPolicyLimitationValue::createNew( $oPolicyLimitation->attribute( 'id' ), $sSiteAccessLimitationValue );
			eZUser::cleanupCache();
		}
		
		$res = true;
	}
	return $res;
}

Thank you again
Bye
Xavier

--
There were these two cows, chatting over the fence between their fields.
The first cow said, "I tell you, this mad-cow-disease is really pretty scary. Don't you think ?"
The other cow replies, "Hell, I ain't worried, I'm a duck !"

Powered by eZ Publish™ CMS Open Source Web Content Management. Copyright © 1999-2014 eZ Systems AS (except where otherwise noted). All rights reserved.