Is the given module allowed for the current user
| public static isAllowedModule ( string $module ) : boolean | ||
| $module | string | The module to check for. |
| return | boolean | |
private function getAllowedModule()
{
// create filter with modules which may not be displayed
$filter = array('Authentication', 'Error', 'Core');
// get all modules
$modules = array_diff(BackendModel::getModules(), $filter);
$allowedModule = false;
if (BackendAuthentication::isAllowedModule('Dashboard')) {
$allowedModule = 'Dashboard';
} else {
foreach ($modules as $module) {
if (BackendAuthentication::isAllowedModule($module)) {
$allowedModule = $module;
break;
}
}
}
return $allowedModule;
}
/**
* Process a regular request
*
* @param string $module The requested module.
* @param string $action The requested action.
* @param string $language The requested language.
*/
private function processRegularRequest($module, $action, $language)
{
// the person isn't logged in? or the module doesn't require authentication
if (!Authentication::isLoggedIn() && !Authentication::isAllowedModule($module)) {
// redirect to login
$this->redirect('/' . NAMED_APPLICATION . '/' . $language . '/authentication?querystring=' . rawurlencode('/' . $this->getQueryString()));
} elseif (Authentication::isLoggedIn() && !Authentication::isAllowedModule($module)) {
// the person is logged in, but doesn't have access to our action
// if the module is the dashboard redirect to the first allowed module
if ($module == 'Dashboard') {
// require navigation-file
require_once Navigation::getCacheDirectory() . 'navigation.php';
// loop the navigation to find the first allowed module
foreach ($navigation as $value) {
// split up chunks
list($module, $action) = explode('/', $value['url']);
// user allowed?
if (Authentication::isAllowedModule($module)) {
// redirect to the page
$this->redirect('/' . NAMED_APPLICATION . '/' . $language . '/' . $value['url']);
} else {
if (array_key_exists('children', $value)) {
foreach ($value['children'] as $subItem) {
// split up chunks
list($module, $action) = explode('/', $subItem['url']);
// user allowed?
if (Authentication::isAllowedModule($module)) {
$finder = new Finder();
$files = $finder->files()->name('*.php')->in(BACKEND_MODULES_PATH . '/' . \SpoonFilter::toCamelCase($module) . '/Actions');
foreach ($files as $file) {
$moduleAction = mb_substr($file->getFilename(), 0, -4);
if (Authentication::isAllowedAction($moduleAction, $module)) {
$this->redirect('/' . NAMED_APPLICATION . '/' . $language . '/' . $module . '/' . $moduleAction);
}
}
}
}
}
}
}
}
// the user doesn't have access, redirect to error page
$this->redirect('/' . NAMED_APPLICATION . '/' . $language . '/error?type=module-not-allowed&querystring=' . rawurlencode('/' . $this->getQueryString()), 307);
} elseif (!Authentication::isAllowedAction($action, $module)) {
// the user hasn't access, redirect to error page
$this->redirect('/' . NAMED_APPLICATION . '/' . $language . '/error?type=action-not-allowed&querystring=' . rawurlencode('/' . $this->getQueryString()), 307);
} else {
// set the working language, this is not the interface language
BackendLanguage::setWorkingLanguage($language);
$this->setLocale();
$this->setModule($module);
$this->setAction($action);
}
}
/**
* Clean the navigation
*
* @param array $navigation The navigation array.
* @return array
*/
private function cleanup(array $navigation)
{
foreach ($navigation as $key => $value) {
$allowedChildren = array();
$allowed = true;
if (!isset($value['url']) || !isset($value['label'])) {
$allowed = false;
}
list($module, $action) = explode('/', $value['url']);
$module = \SpoonFilter::toCamelCase($module);
$action = \SpoonFilter::toCamelCase($action);
if (!Authentication::isAllowedModule($module)) {
$allowed = false;
}
if (!Authentication::isAllowedAction($action, $module)) {
$allowed = false;
}
if (isset($value['children']) && is_array($value['children']) && !empty($value['children'])) {
foreach ($value['children'] as $keyB => $valueB) {
$allowed = true;
$allowedChildrenB = array();
if (!isset($valueB['url']) || !isset($valueB['label'])) {
$allowed = false;
}
list($module, $action) = explode('/', $valueB['url']);
$module = \SpoonFilter::toCamelCase($module);
$action = \SpoonFilter::toCamelCase($action);
if (!Authentication::isAllowedModule($module)) {
$allowed = false;
}
if (!Authentication::isAllowedAction($action, $module)) {
$allowed = false;
}
// has children
if (isset($valueB['children']) && is_array($valueB['children']) && !empty($valueB['children'])) {
// loop children
foreach ($valueB['children'] as $keyC => $valueC) {
$allowed = true;
if (!isset($valueC['url']) || !isset($valueC['label'])) {
$allowed = false;
}
list($module, $action) = explode('/', $valueC['url']);
$module = \SpoonFilter::toCamelCase($module);
$action = \SpoonFilter::toCamelCase($action);
if (!Authentication::isAllowedModule($module)) {
$allowed = false;
}
if (!Authentication::isAllowedAction($action, $module)) {
$allowed = false;
}
if (!$allowed) {
unset($navigation[$key]['children'][$keyB]['children'][$keyC]);
continue;
} elseif (!in_array($navigation[$key]['children'][$keyB]['children'][$keyC], $allowedChildrenB)) {
// store allowed children
$allowedChildrenB[] = $navigation[$key]['children'][$keyB]['children'][$keyC];
}
}
}
if (!$allowed && empty($allowedChildrenB)) {
// error occurred and no allowed children on level B
unset($navigation[$key]['children'][$keyB]);
continue;
} elseif (!in_array($navigation[$key]['children'][$keyB], $allowedChildren)) {
// store allowed children on level B
$allowedChildren[] = $navigation[$key]['children'][$keyB];
}
// assign new base url for level B
if (!empty($allowedChildrenB)) {
$navigation[$key]['children'][$keyB]['url'] = $allowedChildrenB[0]['url'];
}
}
}
// error occurred and no allowed children
if (!$allowed && empty($allowedChildren)) {
unset($navigation[$key]);
continue;
} elseif (!empty($allowedChildren)) {
$allowed = true;
list($module, $action) = explode('/', $allowedChildren[0]['url']);
if (!Authentication::isAllowedModule($module)) {
$allowed = false;
}
if (!Authentication::isAllowedAction($action, $module)) {
$allowed = false;
}
if ($allowed) {
$navigation[$key]['url'] = $allowedChildren[0]['url'];
} else {
$child = reset($navigation[$key]['children']);
$navigation[$key]['url'] = $child['url'];
}
}
}
return $navigation;
}
/**
* Load the data
*/
private function loadData()
{
$modules = BackendModel::getModules();
$userSequence = BackendAuthentication::getUser()->getSetting('dashboard_sequence');
$fs = new Filesystem();
// user sequence does not exist?
if (!isset($userSequence)) {
// get group ID of user
$groupId = BackendAuthentication::getUser()->getGroupId();
// get group preset
$userSequence = BackendGroupsModel::getSetting($groupId, 'dashboard_sequence');
}
// loop all modules
foreach ($modules as $module) {
// build pathName
$pathName = BACKEND_MODULES_PATH . '/' . $module;
// you have sufficient rights?
if (BackendAuthentication::isAllowedModule($module) && $fs->exists($pathName . '/Widgets')) {
$finder = new Finder();
$finder->name('*.php');
// loop widgets
foreach ($finder->files()->in($pathName . '/Widgets') as $file) {
/** @ver $file \SplFileInfo */
$widgetName = $file->getBaseName('.php');
$className = 'Backend\\Modules\\' . $module . '\\Widgets\\' . $widgetName;
if ($module == 'Core') {
$className = 'Backend\\Core\\Widgets\\' . $widgetName;
}
if (!class_exists($className)) {
throw new BackendException('The widgetfile ' . $className . ' could not be found.');
}
// present?
$present = isset($userSequence[$module][$widgetName]['present']) ? $userSequence[$module][$widgetName]['present'] : false;
// if not present, continue
if (!$present) {
continue;
}
// create instance
/** @var $instance BackendBaseWidget */
$instance = new $className($this->getKernel());
// has rights
if (!$instance->isAllowed()) {
continue;
}
// hidden?
$hidden = isset($userSequence[$module][$widgetName]['hidden']) ? $userSequence[$module][$widgetName]['hidden'] : false;
// execute instance if it is not hidden
if (!$hidden) {
$instance->execute();
}
// user sequence provided?
$column = isset($userSequence[$module][$widgetName]['column']) ? $userSequence[$module][$widgetName]['column'] : $instance->getColumn();
$position = isset($userSequence[$module][$widgetName]['position']) ? $userSequence[$module][$widgetName]['position'] : $instance->getPosition();
$title = \SpoonFilter::ucfirst(BL::lbl(\SpoonFilter::toCamelCase($module))) . ': ' . BL::lbl(\SpoonFilter::toCamelCase($widgetName));
$templatePath = $instance->getTemplatePath();
// reset template path
if ($templatePath == null) {
$templatePath = BACKEND_PATH . '/Modules/' . $module . '/Layout/Widgets/' . $widgetName . '.tpl';
}
// build item
$item = array('template' => $templatePath, 'module' => $module, 'widget' => $widgetName, 'title' => $title, 'hidden' => $hidden);
// add on new position if no position is set or if the position is already used
if ($position === null || isset($this->widgets[$column][$position])) {
$this->widgets[$column][] = $item;
} else {
// add on requested position
$this->widgets[$column][$position] = $item;
}
}
}
}
// sort the widgets
foreach ($this->widgets as &$column) {
ksort($column);
}
}
/**
* Set the module
*
* @param string $module The module to load.
* @throws Exception If module is not allowed
*/
public function setModule($module)
{
// is this module allowed?
if (!Authentication::isAllowedModule($module)) {
// set correct headers
header('HTTP/1.1 403 Forbidden');
// throw exception
throw new Exception('Module not allowed.');
}
// set property
$this->module = $module;
}
/**
* Get the widgets
*/
private function getWidgets()
{
$finder = new Finder();
$finder->name('*.php')->in(BACKEND_MODULES_PATH . '/*/Widgets');
foreach ($finder->files() as $file) {
$module = $file->getPathInfo()->getPathInfo()->getBasename();
if (BackendAuthentication::isAllowedModule($module)) {
$widgetName = $file->getBasename('.php');
$class = 'Backend\\Modules\\' . $module . '\\Widgets\\' . $widgetName;
if (class_exists($class)) {
// add to array
$this->widgetInstances[] = array('module' => $module, 'widget' => $widgetName, 'className' => $class);
// create reflection class
$reflection = new \ReflectionClass($class);
$phpDoc = trim($reflection->getDocComment());
if ($phpDoc != '') {
$offset = strpos($reflection->getDocComment(), '*', 7);
$description = substr($reflection->getDocComment(), 0, $offset);
$description = str_replace('*', '', $description);
$description = trim(str_replace('/', '', $description));
} else {
$description = '';
}
// check if model file exists
$pathName = $file->getPathInfo()->getPathInfo()->getRealPath();
if (is_file($pathName . '/engine/model.php')) {
// require model
require_once $pathName . '/engine/model.php';
}
// add to array
$this->widgets[] = array('checkbox_name' => \SpoonFilter::toCamelCase($module) . \SpoonFilter::toCamelCase($widgetName), 'module_name' => $module, 'label' => \SpoonFilter::toCamelCase($widgetName), 'value' => $widgetName, 'description' => $description);
}
}
}
}
/**
* Set the module
*
* @param string $module The module to load.
* @throws Exception If module is not allowed
*/
public function setModule($module)
{
// is this module allowed?
if (!Authentication::isAllowedModule($module)) {
// set correct headers
\SpoonHTTP::setHeadersByCode(403);
// throw exception
throw new Exception('Module not allowed.');
}
// set property
$this->module = $module;
}
/**
* Load the data
*/
private function loadData()
{
$modules = BackendModel::getModules();
$filesystem = new Filesystem();
// fetch the hidden widgets for all groups the user is in
$hiddenWidgets = [];
$userGroups = BackendAuthentication::getUser()->getGroups();
$groupCount = count($userGroups);
foreach ($userGroups as $group) {
foreach (BackendGroupsModel::getSetting($group, 'hidden_on_dashboard') as $module => $widgets) {
foreach ($widgets as $widget) {
$hiddenWidgets[] = $module . $widget;
}
}
}
// only widgets hidden for all user groups should really be hidden
$hiddenWidgets = array_count_values($hiddenWidgets);
$hiddenWidgets = array_filter($hiddenWidgets, function ($hiddenCount) use($groupCount) {
return $hiddenCount === $groupCount;
});
// loop all modules
foreach ($modules as $module) {
// build pathName
$pathName = BACKEND_MODULES_PATH . '/' . $module;
// you have sufficient rights?
if (BackendAuthentication::isAllowedModule($module) && $filesystem->exists($pathName . '/Widgets')) {
$finder = new Finder();
$finder->name('*.php');
// loop widgets
foreach ($finder->files()->in($pathName . '/Widgets') as $file) {
/** @ver $file \SplFileInfo */
$widgetName = $file->getBasename('.php');
$className = 'Backend\\Modules\\' . $module . '\\Widgets\\' . $widgetName;
if ($module == 'Core') {
$className = 'Backend\\Core\\Widgets\\' . $widgetName;
}
// if the widget is hidden for all the users groups, don't render it
if (array_key_exists($module . $widgetName, $hiddenWidgets)) {
continue;
}
if (!class_exists($className)) {
throw new BackendException('The widgetfile ' . $className . ' could not be found.');
}
// create instance
/** @var $instance BackendBaseWidget */
$instance = new $className($this->getKernel());
// has rights
if (!$instance->isAllowed()) {
continue;
}
$instance->execute();
// user sequence provided?
$title = \SpoonFilter::ucfirst(BL::lbl(\SpoonFilter::toCamelCase($module))) . ': ' . BL::lbl(\SpoonFilter::toCamelCase($widgetName));
$templatePath = $instance->getTemplatePath();
// reset template path
if ($templatePath == null) {
$templatePath = '/' . $module . '/Layout/Widgets/' . $widgetName . '.html.twig';
}
$templating = $this->get('template');
$content = trim($templating->getContent($templatePath));
if (empty($content)) {
continue;
}
// build item
$item = array('content' => $content, 'module' => $module, 'widget' => $widgetName, 'title' => $title);
// add on new position if no position is set or if the position is already used
$this->widgets[] = $item;
}
}
}
}
