/**
* Returns the group ids with access to front- or backend of a page
* @param \Cx\Core\ContentManager\Model\Entity\Page $page Page to get the group ids of
* @param boolean $frontend True for frontend access groups, false for backend
* @return mixed Array of group ids or false on error
* @throws PageGuardException
*/
public function getAssignedGroupIds($page, $frontend)
{
if ($frontend && !$page->isFrontendProtected()) {
return array();
}
if (!$frontend && !$page->isBackendProtected()) {
return array();
}
try {
$accessId = $this->getAccessId($page, $frontend);
} catch (PageGuardException $e) {
// the selected page is listed as protected but does not have an access id.
// this is probably due to a db inconsistency, which we should be able to handle gracefully:
$accessId = \Permission::createNewDynamicAccessId();
if ($frontend && $accessId) {
$page->setFrontendAccessId($accessId);
} elseif (!$frontend && $accessId) {
$page->setBackendAccessId($accessId);
} else {
// cannot create a new dynamic access id.
throw new PageGuardException('This protected page doesn\'t have an access id associated with
it. Contrexx encountered an error while generating a new access id.');
}
Env::get('em')->persist($page);
Env::get('em')->flush();
}
return \Permission::getGroupIdsForAccessId($accessId);
}
/**
* Checks if this page can be displayed in frontend, redirects to login of not
* @param \Cx\Core\ContentManager\Model\Entity\Page $page Page to check
* @param int $history (optional) Revision of page to use, 0 means current, default 0
*/
public function checkPageFrontendProtection($page, $history = 0)
{
global $sessionObj;
$page_protected = $page->isFrontendProtected();
$pageAccessId = $page->getFrontendAccessId();
if ($history) {
$pageAccessId = $page->getBackendAccessId();
}
// login pages are unprotected by design
$checkLogin = array($page);
while (count($checkLogin)) {
$currentPage = array_pop($checkLogin);
if ($currentPage->getType() == \Cx\Core\ContentManager\Model\Entity\Page::TYPE_FALLBACK) {
try {
array_push($checkLogin, $this->getFallbackPage($currentPage));
} catch (ResolverException $e) {
}
}
if ($currentPage->getModule() == 'Login') {
return;
}
}
// Authentification for protected pages
if (($page_protected || $history || !empty($_COOKIE['PHPSESSID'])) && (!isset($_REQUEST['section']) || $_REQUEST['section'] != 'Login')) {
if (empty($sessionObj)) {
$sessionObj = \cmsSession::getInstance();
}
$_SESSION->cmsSessionStatusUpdate('frontend');
if (\FWUser::getFWUserObject()->objUser->login()) {
if ($page_protected) {
if (!\Permission::checkAccess($pageAccessId, 'dynamic', true)) {
$link = base64_encode(\Env::get('cx')->getRequest()->getUrl()->toString());
\Cx\Core\Csrf\Controller\Csrf::header('Location: ' . \Cx\Core\Routing\Url::fromModuleAndCmd('Login', 'noaccess', '', array('redirect' => $link)));
exit;
}
}
if ($history && !\Permission::checkAccess(78, 'static', true)) {
$link = base64_encode(\Env::get('cx')->getRequest()->getUrl()->toString());
\Cx\Core\Csrf\Controller\Csrf::header('Location: ' . \Cx\Core\Routing\Url::fromModuleAndCmd('Login', 'noaccess', '', array('redirect' => $link)));
exit;
}
} elseif (!empty($_COOKIE['PHPSESSID']) && !$page_protected) {
unset($_COOKIE['PHPSESSID']);
} else {
if (isset($_GET['redirect'])) {
$link = $_GET['redirect'];
} else {
$link = base64_encode(\Env::get('cx')->getRequest()->getUrl()->toString());
}
\Cx\Core\Csrf\Controller\Csrf::header('Location: ' . \Cx\Core\Routing\Url::fromModuleAndCmd('Login', '', '', array('redirect' => $link)));
exit;
}
}
}
public function isFrontendProtected()
{
$this->_load();
return parent::isFrontendProtected();
}
