Hello, @jess,
I created a PHP script which adds new access control profile by using the accessControlProfile service and the KalturaAccessControlProfile class.
<?php
require_once("API/KalturaClient.php");
// Your Kaltura account Id (aka partnerId), taken from KMC>Settings>Integration Settings.
// define("KALTURA_PARTNER_ID", 000);
define("KALTURA_PARTNER_ID", "101");
// Make sure to replace "myUploaderUser@domain.com" with your system user id.
// When allowing anonymous uploads, make sure to create a new user in the Kaltura system that has only upload permissions, then set partnerUserID to the that user.
// define("KALTURA_PARTNER_USER_ID", 'myUploaderUser@domain.com');
define("KALTURA_PARTNER_USER_ID", "username@mykalturaserver.com");
// Taken from KMC>Settings>Integration Settings.
// define("KALTURA_PARTNER_WEB_SERVICE_SECRET", '');
define("KALTURA_PARTNER_WEB_SERVICE_SECRET", "mysecret0123456789abcdef");
// Kaltura service URL (can be changed to work with on-prem deployments).
//define("KALTURA_SERVICE_URL", 'https://corp.kaltura.com/');
define("KALTURA_SERVICE_URL", "https://mykaltuarserver.com");
// Session length (seconds)
define("SESSION_LENGTH", 86400);
// Maximum number of entries per page.
define("MAX_PAGE_SIZE", 500);
// Root category name
define("ROOT_CATEGORY_NAME", "Moodle");
$kalturahost = KALTURA_SERVICE_URL;
while (substr($kalturahost, -1) == "/") {
$kalturahost = substr($kalturahost, 0, strlen($kalturahost) - 1);
}
try {
// Construction of Kaltura object.
$config = new KalturaConfiguration(KALTURA_PARTNER_ID);
$config->serviceUrl = KALTURA_SERVICE_URL;
// Construction of Kaltura Client object.
$client = new KalturaClient($config);
if (empty($client)) {
echo 'Cannot connect to ' . $kalturahost . PHP_EOL;
} else {
// Start kaltura session.
$ks = $client->session->start(KALTURA_PARTNER_WEB_SERVICE_SECRET,
KALTURA_PARTNER_USER_ID,
KalturaSessionType::ADMIN,
KALTURA_PARTNER_ID,
SESSION_LENGTH);
if (!$ks) {
echo 'Cannot start a session' . PHP_EOL;
} else { // When connection started.
$client->setKs($ks);
$control = new KalturaAccessControlProfile();
try {
$control->name = 'Internal Access 2';
$control->systemName = 'moodleprofile 2';
$control->description = 'Access conrtorl for internal only';
$control->isDefault = KalturaNullableBoolean::NULL_VALUE;
$control->relatedObjects = null;
$rule = new KalturaRule();
$rule->description = null;
$rule->ruleData = null;
$rule->message = null;
$rule->code = null;
$action = new KalturaAccessControlBlockAction;
$action->type = KalturaRuleActionType::BLOCK;
$action->relatedObjects = null;
$rule->actions = array($action);
$conditionarray = array();
$condition = new KalturaIpAddressCondition();
$value = new KalturaStringValue();
$value->value = '133.62.0.0/16';
$value->description = null;
$value->relatedObjects = null;
$condition->values[] = $value;
$value = new KalturaStringValue();
$value->value = '10.0.0.0/8';
$value->description = null;
$value->relatedObjects = null;
$condition->values[] = $value;
$value = new KalturaStringValue();
$value->value = '172.16.0.0/12';
$value->description = null;
$value->relatedObjects = null;
$condition->values[] = $value;
$value = new KalturaStringValue();
$value->value = '192.168.0.0/16';
$value->description = null;
$value->relatedObjects = null;
$condition->values[] = $value;
$condition->httpHeader = null;
$condition->acceptInternalIps = null;
$condition->matchType = KalturaMatchConditionType::MATCH_ALL;
$condition->type = KalturaConditionType::IP_ADDRESS;
$condition->description = null;
$condition->not = true;
$condition->relatedObjects = null;
$conditionarray[] = $condition;
$rule->conditions = $conditionarray;
$contextarray = array();
$context = new KalturaContextTypeHolder();
$context->type = KalturaContextType::PLAY;
$context->relatedObjects = null;
$contextarray[] = $context;
$context = new KalturaContextTypeHolder();
$context->type = KalturaContextType::DOWNLOAD;
$context->relatedObjects = null;
$contextarray[] = $context;
$rule->contexts = $contextarray;
$rule->stopProcessing = null;
$rule->forceAdminValidation = null;
$rule->relatedObjects = null;
$control->rules = array($rule);
$control = $client->accessControlProfile->add($control);
} catch (Exception $ex) {
echo $ex->getMessage();
}
$result = $client->accessControlProfile->listAction();
print_r($result);
$client->session->end();
}
}
} catch(Exception $ex) {
echo $ex->getMessage();
}
Then, I executed this script.
“accessControlProfile->listAction()” displayed the following results.
KalturaAccessControlProfileListResponse Object
(
[objects] => Array
(
[0] => KalturaAccessControlProfile Object
(
[id] => 2
[partnerId] => 101
[name] => Default
[systemName] => Default
[description] => Default access control profile
[createdAt] => 1530883616
[updatedAt] => 1546675597
[isDefault] =>
[rules] => Array
(
)
[relatedObjects] =>
)
[1] => KalturaAccessControlProfile Object
(
[id] => 8
[partnerId] => 101
[name] => Internal Access
[systemName] => moodleprofile
[description] => Access conrtorl for internal only
[createdAt] => 1546689443
[updatedAt] => 1546693361
[isDefault] =>
[rules] => Array
(
[0] => KalturaRule Object
(
[description] =>
[ruleData] =>
[message] =>
[code] =>
[actions] => Array
(
[0] => KalturaAccessControlBlockAction Object
(
[type] => 1
[relatedObjects] =>
)
)
[conditions] => Array
(
[0] => KalturaIpAddressCondition Object
(
[acceptInternalIps] =>
[httpHeader] =>
[values] => Array
(
[0] => KalturaStringValue Object
(
[value] => 133.62.0.0/16
[description] =>
[relatedObjects] =>
)
[1] => KalturaStringValue Object
(
[value] => 10.0.0.0/8
[description] =>
[relatedObjects] =>
)
[2] => KalturaStringValue Object
(
[value] => 172.16.0.0/12
[description] =>
[relatedObjects] =>
)
[3] => KalturaStringValue Object
(
[value] => 192.168.0.0/16
[description] =>
[relatedObjects] =>
)
)
[matchType] => 2
[type] => 3
[description] =>
[not] => 1
[relatedObjects] =>
)
)
[contexts] => Array
(
[0] => KalturaAccessControlContextTypeHolder Object
(
[type] => 1
[relatedObjects] =>
)
[1] => KalturaAccessControlContextTypeHolder Object
(
[type] => 2
[relatedObjects] =>
)
)
[stopProcessing] =>
[forceAdminValidation] =>
[relatedObjects] =>
)
)
[relatedObjects] =>
)
[2] => KalturaAccessControlProfile Object
(
[id] => 10
[partnerId] => 101
[name] => Internal Access 2
[systemName] => moodleprofile 2
[description] => Access conrtorl for internal only
[createdAt] => 1549973390
[updatedAt] => 1549973390
[isDefault] =>
[rules] => Array
(
[0] => KalturaRule Object
(
[description] =>
[ruleData] =>
[message] =>
[code] =>
[actions] => Array
(
[0] => KalturaAccessControlBlockAction Object
(
[type] => 1
[relatedObjects] =>
)
)
[conditions] => Array
(
[0] => KalturaIpAddressCondition Object
(
[acceptInternalIps] =>
[httpHeader] =>
[values] => Array
(
[0] => KalturaStringValue Object
(
[value] => 133.62.0.0/16
[description] =>
[relatedObjects] =>
)
[1] => KalturaStringValue Object
(
[value] => 10.0.0.0/8
[description] =>
[relatedObjects] =>
)
[2] => KalturaStringValue Object
(
[value] => 172.16.0.0/12
[description] =>
[relatedObjects] =>
)
[3] => KalturaStringValue Object
(
[value] => 192.168.0.0/16
[description] =>
[relatedObjects] =>
)
)
[matchType] => 2
[type] => 3
[description] =>
[not] => 1
[relatedObjects] =>
)
)
[contexts] => Array
(
[0] => KalturaAccessControlContextTypeHolder Object
(
[type] => 1
[relatedObjects] =>
)
[1] => KalturaAccessControlContextTypeHolder Object
(
[type] => 2
[relatedObjects] =>
)
)
[stopProcessing] =>
[forceAdminValidation] =>
[relatedObjects] =>
)
)
[relatedObjects] =>
)
)
[totalCount] => 3
[relatedObjects] =>
)
In the results, the profile (id=8) is added by using the accessControl service and the KalturaAccessControl class.
And, the profile (id=10) is added by using the PHP script described above.
I wrote this script so that the similar content as the profile (id=8) is displayed.
When I log-in to the KMCng, the list of the access control profiles was displayed as follows.
So, the profile (id=10, named “Internal Access 2”) seems to have no IP address restrictions.
Then, I opend an edit dialog.
Like the list screen, the profile (id=10, named “Internal Access 2”) seems to have no IP address restrictions.
So that, I added IP address restrictions and tried to save the profile.
Then, the following error message wad displayed.
And, I tried to delete the profile (id=10).
Then, the following error message wad displayed.
When the profile (id=10) wad generated by the PHP script, the IP address restrictions of the profile were safely stored in access_control table.
MariaDB [kaltura]> select * from access_control where id=10 \G
*************************** 1. row ***************************
id: 10
partner_id: 101
name: Internal Access 2
system_name: moodleprofile 2
description: Access conrtorl for internal only
created_at: 2019-02-12 21:09:50
updated_at: 2019-02-12 21:09:50
deleted_at: NULL
site_restrict_type: NULL
site_restrict_list: NULL
country_restrict_type: NULL
country_restrict_list: NULL
ks_restrict_privilege: NULL
prv_restrict_privilege: NULL
prv_restrict_length: NULL
kdir_restrict_type: NULL
custom_data: a:3:{s:22:"rules_array_compressed";b:0;s:18:"special_properties";a:1:{s:27:"SERVE_FROM_SERVER_NODE_RULE";b:0;}s:7:"ip_tree";N;}
rules: a:1:{i:0;O:5:"kRule":9:{s:11:"description";N;s:8:"ruleData";N;s:13:" * conditions";a:1:{i:0;O:19:"kIpAddressCondition":9:{s:20:" * acceptInternalIps";N;s:13:" * httpHeader";N;s:9:" * values";a:4:{i:0;O:12:"kStringValue":2:{s:8:" * value";s:13:"133.62.0.0/16";s:14:" * description";N;}i:1;O:12:"kStringValue":2:{s:8:" * value";s:10:"10.0.0.0/8";s:14:" * description";N;}i:2;O:12:"kStringValue":2:{s:8:" * value";s:13:"172.16.0.0/12";s:14:" * description";N;}i:3;O:12:"kStringValue":2:{s:8:" * value";s:14:"192.168.0.0/16";s:14:" * description";N;}}s:12:" * matchType";s:1:"2";s:16:" * dynamicValues";N;s:7:" * type";i:3;s:14:" * description";N;s:6:" * not";b:1;s:18:" * extraProperties";a:0:{}}}s:10:" * message";N;s:7:" * code";N;s:10:" * actions";a:1:{i:0;O:11:"kRuleAction":1:{s:7:" * type";i:1;}}s:11:" * contexts";a:2:{i:0;s:1:"1";i:1;s:1:"2";}s:17:" * stopProcessing";N;s:23:" * forceAdminValidation";N;}}
For reference, I also post the record of the profile (id=8).
MariaDB [kaltura]> select * from access_control where id=8 \G
*************************** 1. row ***************************
id: 8
partner_id: 101
name: Internal Access
system_name: moodleprofile
description: Access conrtorl for internal only
created_at: 2019-01-05 20:57:23
updated_at: 2019-01-05 22:02:41
deleted_at: NULL
site_restrict_type: NULL
site_restrict_list: NULL
country_restrict_type: NULL
country_restrict_list: NULL
ks_restrict_privilege: NULL
prv_restrict_privilege: NULL
prv_restrict_length: NULL
kdir_restrict_type: NULL
custom_data: a:3:{s:22:"rules_array_compressed";b:0;s:18:"special_properties";a:1:{s:27:"SERVE_FROM_SERVER_NODE_RULE";b:0;}s:7:"ip_tree";N;}
rules: a:1:{i:0;O:34:"kAccessControlIpAddressRestriction":10:{s:11:"description";N;s:8:"ruleData";N;s:13:" * conditions";a:1:{i:0;O:19:"kIpAddressCondition":9:{s:20:" * acceptInternalIps";N;s:13:" * httpHeader";N;s:9:" * values";a:4:{i:0;O:12:"kStringValue":2:{s:8:" * value";s:13:"133.62.0.0/16";s:14:" * description";N;}i:1;O:12:"kStringValue":2:{s:8:" * value";s:10:"10.0.0.0/8";s:14:" * description";N;}i:2;O:12:"kStringValue":2:{s:8:" * value";s:13:"172.16.0.0/12";s:14:" * description";N;}i:3;O:12:"kStringValue":2:{s:8:" * value";s:14:"192.168.0.0/16";s:14:" * description";N;}}s:12:" * matchType";i:2;s:16:" * dynamicValues";N;s:7:" * type";i:3;s:14:" * description";N;s:6:" * not";b:1;s:18:" * extraProperties";a:0:{}}}s:10:" * message";N;s:7:" * code";N;s:10:" * actions";a:1:{i:0;O:20:"kAccessControlAction":1:{s:7:" * type";i:1;}}s:11:" * contexts";a:2:{i:0;i:1;i:1;i:2;}s:17:" * stopProcessing";N;s:23:" * forceAdminValidation";N;s:8:" * scope";N;}}
And, the profile (id=10) can work correctly and we can edit/delete the profile through PHP scripts.
We use the Kaltura CE 14.8.0 (cluster) and 14.10.0 (single server).
Both servers encounter this problem.
On the other hand, after I created the profile which has no restrictions thorugh a PHP script, I can edit the profile through the KMCng and the KMC.
Best regards