getRequestParameter('id')); $accessRights = AdminService::getUsersPermissions($resource->getUri()); $this->setData('privileges', PermissionProvider::getRightLabels()); $users = []; $roles = []; foreach ($accessRights as $uri => $privileges) { $identity = new core_kernel_classes_Resource($uri); if ($identity->isInstanceOf(tao_models_classes_RoleService::singleton()->getRoleClass())) { $roles[$uri] = [ 'label' => $identity->getLabel(), 'privileges' => $privileges, ]; unset($accessRights[$uri]); } } if (!empty($accessRights)) { $userService = $this->getServiceLocator()->get(UserService::SERVICE_ID); $usersInfo = $userService->getUsers(array_keys($accessRights)); foreach ($usersInfo as $uri => $user) { $labels = $user->getPropertyValues(OntologyRdfs::RDFS_LABEL); $users[$uri] = [ 'label' => empty($labels) ? 'unknown user' : reset($labels), 'privileges' => $accessRights[$uri], ]; } } $this->setData('users', $users); $this->setData('roles', $roles); $this->setData('isClass', $resource->isClass()); $permissionsServiceFactory = $this->getServiceLocator()->get(PermissionsServiceFactory::SERVICE_ID); $this->setData('recursive', $permissionsServiceFactory->getOption(PermissionsServiceFactory::OPTION_RECURSIVE_BY_DEFAULT)); $this->setData('uri', $resource->getUri()); $this->setData('label', _dh($resource->getLabel())); $this->setView('AdminAccessController/index.tpl'); } /** * Add privileges for a group of users on resources. It works for add or modify privileges * * @requiresRight resource_id GRANT */ public function savePermissions(): void { $recursive = ($this->getRequest()->getParameter('recursive') === '1'); try { $taskParameters = [ ChangePermissionsTask::PARAM_RECURSIVE => $recursive, ChangePermissionsTask::PARAM_RESOURCE => $this->getResourceFromRequest(), ChangePermissionsTask::PARAM_PRIVILEGES => $this->getPrivilegesFromRequest() ]; /** @var QueueDispatcher $queueDispatcher */ $queueDispatcher = $this->getServiceLocator()->get(QueueDispatcher::SERVICE_ID); $task = $queueDispatcher->createTask(new ChangePermissionsTask(), $taskParameters, 'Processing permissions'); $this->returnTaskJson($task); } catch (common_exception_Unauthorized $e) { $this->response = $this->getPsrResponse()->withStatus(403, __('Unable to process your request')); } catch (PermissionsServiceException $e) { $this->response = $this->getPsrResponse() ->withStatus(400, $e->getMessage()) ->withBody(stream_for(json_encode(['success' => false, 'message' => $e->getMessage()]))) ->withHeader('Content-Type', 'application/json'); } catch (Exception $e) { $this->logError($e->getMessage()); $this->returnJson(['success' => false], 500); } } /** * Find users to assign access rights */ public function findUser() { $params = $this->getGetParameter('params'); $query = $params['query']; /** @var UserService $userService */ $userService = $this->getServiceLocator()->get(UserService::SERVICE_ID); $data = []; foreach ($userService->findUser($query) as $user) { $labels = $user->getPropertyValues(OntologyRdfs::RDFS_LABEL); $label = empty($labels) ? __('unknown user') : reset($labels); $data[] = [ 'id' => $user->getIdentifier(), 'label' => $label, OntologyRdfs::RDFS_LABEL => $label,//@deprecated ]; } $response = [ 'success' => true, 'page' => 1, 'total' => 1, 'records' => count($data), 'data' => $data, ]; return $this->returnJson($response); } private function getPrivilegesFromRequest(): array { if ($this->hasRequestParameter('privileges')) { $privileges = $this->getRequestParameter('privileges'); } else { $privileges = []; foreach ($this->getRequest()->getParameter('users') as $userId => $data) { unset($data['type']); $privileges[$userId] = array_keys($data); } } return $privileges; } /** * @return string * * @throws common_exception_Error */ private function getResourceFromRequest(): string { if ($this->hasRequestParameter('uri')) { $resourceId = $this->getRequest()->getParameter('uri'); } else { $resourceId = (string)$this->getRequest()->getParameter('resource_id'); } return $resourceId; } }