protected function makeConfirmBlock() { $role = $this->Registry->Viewer->getRoleId(); $email = $this->Registry->Viewer->email; if (\strstr($role, 'unactivated')) { /** * @todo Translate strings */ return \tplConfirmemail::parse(array('email' => $email, 'notConfirmed' => $this->_('not validated'), 'sendLink' => $this->_('send me validation link'))); } return ''; }
/** * * Check if a user has permission * either on a specific resource * or on site's permission * * This is basically a wrapper for Zend_Acl isAllowed() * method, but the order of params is different here * because we tend to most often * only have the privilege param and $role is * usually a Viewer and $resource is usually omitted * because we are checking a site-wide permission * * @param string $privilege name of privilege (like 'add_comments') * * @param object $role our User Object is fine because it implements Zned_Acl_Role_Interface * * @param mixed $resource object or string name of resource * * @return mixed object $this if everything is OK * OR throws exception is access is denied * * @throws If permission is denied, then we throw a special * Exception: Lampcms\AuthException if user is not logged in, * which would cause the template to present a login form * on the error page * * OR Lampcms\AccessException if user is logged in * which would mean a user does not have appropriate * access privileges */ public function checkAccessPermission($privilege = null, RoleInterface $role = null, $resource = null) { //d('$privilege: '.$privilege.' '.var_export($privilege, true)); if (null === $privilege) { d('$privilege is null'); if (!isset($this->permission)) { d('$this->permission not set'); return $this; } $privilege = $this->permission; } /** * If $role is not passed here * then we use the current user ($this->oViewer) * but we must reload the user details because * otherwise the data may be somewhat stale - use object * is stored in session and what if admin has banned * the user after the user logged in or maybe * admin demoted the user from moderator to * normal user or assigned a user to 'spammers' group * This is why we need the very latest user data, * so we get the user object (User) from * session ($this->oViewer usually points to object in session) * then we call the reload() method which basically replaces that array * of data with the fresh new array. The fresh new array is still * taken via cache, so if user data has not changed, then the whole * reload operation does not require even a single sql select * */ //d('role: '.$role. ' $this->Registry->Viewer: '.$this->Registry->Viewer); /** * How not to reload the object? * The only way is to NOT store Viewer in session at all * if only storing uid in session then * initViewer would always get data from USERS collection * on every visit instead of from SESSION * Will be easier to maintain, session objects will be smaller * Can still have custom session handler to store * location, username, avatar? Not sure yet * If in initViewer will have something like $_SESSION['username'] * = Viewer->getScrenName().... then yes. * * But it would mean lots of calls to viewer object on every * page load. Is this big deal to make extra 2 calls to already * inflated object? No! * * Problem with this approach is that we will lose * the class type. For example, if Viewer is TwitterUser * or FacebookUser, then will will lose this ability to * differentiate user types. It's just better to * reload viewer here, it's not all that slow - Mongo * select is fast! * */ $role = null !== $role ? $role : $this->Registry->Viewer; $Tr = $this->Registry->Tr; /** * oACL can be cached, which saves about 5-7 milliseconds * on my dev machine. The downside is that if you * edit acl.ini you must manually remove * Acl key from cache. (from C_Cache collection) */ $oACL = $this->Registry->Acl; $roleID = $role->getRoleId(); d('$roleID ' . $roleID . ' $privilege: ' . $privilege); if (!$oACL->isAllowed($role, $resource, $privilege)) { if (!$this->isLoggedin()) { /** * @todo translate string */ throw new AuthException($Tr->get('Please Register or Login to perform this action')); } if (\strstr($roleID, 'unactivated')) { if ($role instanceof User && strlen($role->email) > 6) { /** * @todo * Translate string */ $email = $role->email; $err = \tplConfirmemail::parse(array('email' => $email, 'notConfirmed' => $Tr->get('not validated'), 'sendLink' => $Tr->get('send me validation link'))) . '<br>'; } else { $err = $Tr->get('You have not confirmed email address') . '<br><a href="/settings/">' . $Tr->get('Request activation email') . '</a><br>'; } throw new UnactivatedException($err); } throw new AccessException($Tr->get('Your account does not have permission to perform this action')); } return $this; }
protected function makeConfirmBlock() { $role = $this->Registry->Viewer->getRoleId(); $email = $this->Registry->Viewer->email; if (\strstr($role, 'unactivated')) { return \tplConfirmemail::parse(array('email' => $email), false); } return ''; }