Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
For Concrete5 v8, how to programmatically set file permissions so that they are only accessible by a single user plus a single group of users and are stored outside of the webroot.
use Concrete\Core\Entity\File\File;
use Concrete\Core\File\Set\Set as FileSet;
use Concrete\Core\File\StorageLocation\StorageLocationFactory as FileStorageLocationFactory;
use Concrete\Core\Permission\Access\Entity\GroupEntity as GroupPermissionAccessEntity;
use Concrete\Core\Permission\Access\Entity\UserEntity as UserPermissionAccessEntity;
use Concrete\Core\Support\Facade\Application;
use Concrete\Core\User\Group\Group as UserGroup;
use PermissionKey;
use UserInfo;
// assumes Advanced Permissions have been enabled
function adjustPermissions(
File $f,
string $fileSetName,
string $fileStorageLocationName, // for security, this should reside outside of webroot
string $groupName,
int $uID)
{
// add file to file set
$fs = FileSet::createAndGetSet($fileSetName, FileSet::TYPE_PUBLIC, 1);
$fs->addFileToSet($f);
// assign storage location
$app = Application::getFacadeApplication();
$location = $app[FileStorageLocationFactory::class]->fetchByName($fileStorageLocationName)[0];
$f->setFileStorageLocation($location);
// override parent folder permissions
$f->resetPermissions(1);
// remove Guest access
$pk = PermissionKey::getByHandle('view_file');
$pk->setPermissionObject($f);
$pa = $pk->getPermissionAccessObject();
$pe = GroupPermissionAccessEntity::getOrCreate(UserGroup::getByID(GUEST_GROUP_ID));
$pa->removeListItem($pe);
// enable access by passed-in group
$g = UserGroup::getByName($groupName);
if (is_object($g)) {
$pae = GroupPermissionAccessEntity::getOrCreate($g);
$pa->addListItem($pae, false, PermissionKey::ACCESS_TYPE_INCLUDE);
}
// enable access by passed-in user
$ui = UserInfo::getByID($uID);
if (is_object($ui)) {
$pae = UserPermissionAccessEntity::getOrCreate($ui);
$pa->addListItem($pae, false, PermissionKey::ACCESS_TYPE_INCLUDE);
}
// apply the above access settings
$pa->markAsInUse();
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment