/**
* Return the selected view mode if any
* @return bollean|string, view mode name or false
* @access getViewMode
*/
function getViewMode()
{
$enabled = Configure::read('App.gui.viewModes.enabled');
// check if different view modes are actives for this context
$allowed = Common::requestAllowed($this->Controller->name, $this->Controller->action, Configure::read('App.gui.viewModes.conditions'));
// options must be enabled and allowed for controller:action
if ($enabled && $allowed) {
// list allowed view modes
$allowed = Configure::read('App.gui.viewModes.options');
$urlName = Configure::read('App.gui.viewModes.urlName');
$requested = array();
if (isset($this->Controller->params['named'][$urlName]) && isset($allowed[$this->Controller->params['named'][$urlName]])) {
// check if the view mode is requested in the url
$requested = $this->Controller->params['named'][$urlName];
User::setValue('Preference.gui.viewModes.default', $requested);
} elseif (User::get('Preference.gui.viewModes.default')) {
// check if there was any preferences in the past
$requested = User::get('Preference.gui.viewModes.default');
} else {
// default option
$requested = Configure::read('App.gui.viewModes.default');
}
return $requested;
}
return false;
}
/**
* undocumented function
*
* @return void
* @access public
*/
function beforeFilter()
{
if (!defined('CAKEPHP_UNIT_TEST_EXECUTION')) {
Assert::false($this->name == 'App', '404');
Assert::true(!!$this->action, '404');
}
$this->Session = $this->AppSession;
ClassRegistry::addObject('Component.Session', $this->Session);
ClassRegistry::addObject('Component.RequestHandler', $this->RequestHandler);
ClassRegistry::addObject('Component.Cookie', $this->Cookie);
ClassRegistry::addObject('Component.Email', $this->Email);
ClassRegistry::addObject('Component.Pgp', $this->Pgp);
$this->_loadPermissions();
$this->_setLanguage();
$this->_loadPluginConfigs();
if ($this->isAdmin()) {
$this->layout = 'admin';
}
if (defined('CAKEPHP_UNIT_TEST_EXECUTION')) {
return;
}
$this->RequestHandler->setContent('list', 'text/html');
if (empty($this->ignoreUserSession)) {
$rules = Configure::read('App.userPermissions.' . User::get('Role.name'));
Assert::notEmpty($rules, '500');
$canAccess = Common::requestAllowed($this->name, $this->action, $rules, true);
if (!$canAccess) {
Assert::true(User::is('guest'), '403');
if ($this->isOkForSessionRedirect()) {
$this->Session->write($this->loginRedirectSesskey, $this->here);
}
$this->Session->write('cant_access', true);
return $this->redirect('/admin/auth/login', '403', true);
}
if (!User::is('guest') && $this->name == 'auth' && $this->action == 'login') {
$url = '/admin/home';
if ($this->Session->check($this->loginRedirectSesskey)) {
$url = $this->Session->read($this->loginRedirectSesskey);
}
$this->redirect($url);
}
}
$here = $this->params['url']['url'];
if (!empty($here) && $here[0] != '/') {
$here = '/' . $here;
}
$this->setJson('here', $here);
$ajax = $isAjax = false;
if ($this->isAjax()) {
$this->layout = 'ajax';
$ajax = $isAjax = true;
}
$this->set(compact('ajax', 'isAjax', 'here'));
}
/**
* Use UserLog model to create a log entry
* @return void
* @access public
*/
function log()
{
$logRules = Configure::read('App.logs.controllers.rules');
// log if there is matching rule
foreach ($logRules as $rules => $verbose) {
$verbose = $this->__getVerbose($verbose);
if (!$verbose) {
continue;
}
if (Common::requestAllowed($this->Controller->name, $this->Controller->action, $rules)) {
$this->__UserLog->data = $this->__getDataForLogs($verbose);
$this->__UserLog->save($this->__UserLog->data, false);
// log only once
break;
}
}
}
/**
* Get the siderbar for a given section
* @param $section name
*/
function get($options = null)
{
$results = array();
if (!isset($options) || empty($options)) {
return $results;
}
$section = isset($options['section']) ? $options['section'] : null;
$controller = $options['controller'];
$action = $options['action'];
$widgets = $this->__getSidebarElements($section);
// check permissions
// 1. sidebar inclusion rules for controller:action
// 2. user/role rights to access sidebar:widget
foreach ($widgets as $key => $widget) {
if (Common::requestAllowed($controller, $action, $widget['rules']) && User::isAuthorized($controller, $action)) {
$results[$key] = $widget;
}
}
return $results;
}
/**
* Get and group permissions
* @param $role (optional)
* @return arrray $item[$controller][$action]
*/
static function getPermissions($role = null)
{
$permissions = Configure::read('App.permissions.options');
$controller = '';
$action = '';
$items = array();
foreach ($permissions as $perm) {
$perm = trim($perm);
$permData = explode(':', $perm);
$controller = $permData[0];
$action = $permData[1];
if (!isset($role['Role']['permissions'])) {
$allowed = '0';
} else {
$allowed = Common::requestAllowed($controller, $action, $role['Role']['permissions'], true);
}
$items[$controller][$action] = $allowed;
}
return $items;
}
/**
* undocumented function
*
* @param string $obj
* @return void
* @access public
*/
function allowed($controller, $action, $obj = null)
{
if (User::is('root')) {
return true;
}
$result = true;
if (!empty($obj)) {
$officeId = $this->Session->read('Office.id');
if (isset($obj['Gift']['office_id'])) {
$result = $obj['Gift']['office_id'] == $officeId;
}
if (isset($obj['Appeal']['office_id'])) {
$result = $obj['Appeal']['office_id'] == $officeId;
}
if (isset($obj['User']['office_id'])) {
$result = $obj['User']['office_id'] == $officeId;
}
}
$rolePerms = User::get('Role.permissions');
$result = $result && Common::requestAllowed($controller, $action, $rolePerms, true);
$indivPerms = User::get('permissions');
return $result && Common::requestAllowed($controller, $action, $indivPerms, true);
}
/**
* Is a user allowed to do something?
* @param array $ressource
* @param array $property
* @param string $rules - something like "*:*,!users:delete"
*/
static function isAuthorized($ressource, $property)
{
return Common::requestAllowed($ressource, $property, User::get('Role.permissions') . ',' . User::get('User.permissions'));
}
