/**
* This action is executed before execute any action in the application
*/
public function beforeDispatch(Event $event, Dispatcher $dispatcher)
{
// Ignore all this if the user is logging out
$sModuleName = strtolower(explode('\\', $dispatcher->getNamespaceName())[0]);
if ($this->dispatcher->getActionName() == 'logout' && $this->dispatcher->getControllerName() == 'users' && $sModuleName == 'frontend' || $sModuleName == 'raw') {
return null;
}
// Otherwise proceed with various whatnots and security checks
/** @var Users $oLoggedInUser */
$oLoggedInUser = false;
$oRs = new \RememberedSessions();
$sUsername = $oRs->getValidPersistentSession();
if ($sUsername) {
$oLoggedInUser = Users::findFirst(array('username = :un:', 'bind' => array('un' => $sUsername)));
$sUserHash = $oLoggedInUser->getLoginSessionHash();
$aSessionData = array('userhash' => $sUserHash, 'full_name' => $oLoggedInUser->getFullName());
$this->session->set('auth', $aSessionData);
} else {
$auth = $this->session->get('auth');
if ($auth && isset($auth['userhash'])) {
$oLoggedInUser = Users::findFirst(array('MD5(CONCAT(password, username, "' . Users::HASH_SALT . '")) = :userhash:', 'bind' => array('userhash' => $auth['userhash'])));
}
}
/** @var Users $oLoggedInUser */
if ($oLoggedInUser) {
Users::setCurrent($oLoggedInUser);
}
$sModuleName = strtolower(explode('\\', $dispatcher->getNamespaceName())[0]);
if ($sModuleName != 'frontend' && !$oLoggedInUser) {
if ($this->getDI()->get('request')->isAjax()) {
die(json_encode(array('status' => 'error', 'message' => 'Insufficient permissions')));
} else {
$this->getDI()->get('response')->redirect('/users/login', true);
return false;
}
}
$acl = array('frontend' => '*', 'content' => array('admin', 'data_entry'), 'admin' => 'admin');
$aUserRoleSlugs = array();
if ($sModuleName != 'frontend') {
/** @var \UsersRoles $oUR */
foreach (Users::getCurrent()->usersRoles as $oUR) {
$aUserRoleSlugs[] = $oUR->getRoleSlug();
$aUserRoleSlugs = array_unique($aUserRoleSlugs);
}
}
if (isset($acl[$sModuleName]) && $acl[$sModuleName] != '*') {
$aPermissions = (array) $acl[$sModuleName];
if (array_intersect($aUserRoleSlugs, $aPermissions) == array()) {
throw new \Exception('You do not have sufficient permissions to access this part of the website.');
}
}
return true;
}
public function beforeExecuteRoute(Dispatcher $dispatcher)
{
$actionName = $dispatcher->getActionName();
$controllerName = $dispatcher->getControllerName() . 'Controller';
$nameSpaceName = $dispatcher->getNamespaceName();
$className = $nameSpaceName . '\\' . ucwords($controllerName);
$no_auth_array = [];
if (class_exists($className)) {
$no_auth_array = array_merge($className::$no_auth_array, self::$no_auth_array);
}
if (in_array($actionName, $no_auth_array)) {
return true;
}
if ($this->isLogin()) {
//判断是否有权限操作此资源
if (!$this->isAllowed($actionName)) {
//echo '没有权限';
$dispatcher->forward(array('controller' => 'index', 'action' => 'noauth'));
//die();
return false;
}
return true;
} else {
if (!($host = $this->request->getServerName())) {
$host = $this->request->getHttpHost();
}
$sourceUrl = $this->request->getScheme() . '://' . $host . $this->request->getURI();
$url = $this->request->getScheme() . '://' . $host . self::USER_LOGIN_URL . '?ref=' . $sourceUrl;
$this->redirect($url);
}
}
/**
* @param Event $event
* @param MvcDispatcher $dispatcher
*/
public function beforeExecuteRoute(Event $event, MvcDispatcher $dispatcher)
{
if ($dispatcher->getNamespaceName() !== $dispatcher->getDefaultNamespace()) {
/** @var MvcView $view */
$view = $dispatcher->getDI()->get('view');
if ($view->isDisabled()) {
return;
}
$viewPathParts = array_values(array_diff(explode('\\', strtolower($dispatcher->getHandlerClass())), explode('\\', strtolower($dispatcher->getDefaultNamespace()))));
$viewPathParts[] = $dispatcher->getActionName();
$view->setLayout($viewPathParts[0]);
$view->pick(implode(DIRECTORY_SEPARATOR, $viewPathParts));
}
}
public function load()
{
$strContext = __CLASS__ . '->' . __FUNCTION__ . ': ';
$oLogger = $this->_di->getFileLogger();
$oDispatcher = $this->_di->getDispatcher();
$arParams = $oDispatcher->getParams();
if ($strPath = $this->pathFinder($arParams['media'], $arParams['major'], $arParams['minor'])) {
$oLogger->debug($strContext . ' got path: ' . $strPath);
$oLoader = $this->_di->getLoader();
$oLogger->debug(Tester::ec("'" . $this->dispatcher->getNamespaceName() . "'", true));
$arRequiredNamespace = array($this->dispatcher->getNamespaceName() => $strPath);
$oLoader->registerNamespaces($arRequiredNamespace, true);
$oLogger->debug($strContext . ' registered namespace: ' . print_r($arRequiredNamespace, true));
$arNewNamespaces = $oLoader->getNamespaces();
$oLogger->debug($strContext . ' complete namespaces list is: ' . print_r($arNewNamespaces, true));
} else {
$oLogger->debug($strContext . ' got no path: "' . $strPath . '"');
}
// $oDispatcher->get
// $this->setExistingRoutes();
//
// $oLogger->debug(__CLASS__ . ': routes are: ' . print_r($this->routes, true));
//
// $oRouter = $this->_di->getRouter();
//
//// $oRouter->handle($oRouter->getRewriteUri());
//
// $boolMatched = $oRouter->wasMatched();
//
// $strMatched = $boolMatched ? 'matched' : 'mismatched';
//
// $oLogger->debug(__CLASS__ . ': route: ' . $strMatched);
//// $oRouter->get
//
// $oLogger->debug(__CLASS__ . ': route matched for "' . $oRouter->getRewriteUri() . '" is: ' . $oRouter->getMatchedRoute()->getPattern());
$oLogger->debug(__CLASS__ . ': trying to dispatch:' . ' module: ' . $oDispatcher->getModuleName() . ' media: ' . $arParams['media'] . ' version: v' . $arParams['major'] . '_' . $arParams['minor'] . ' controller: ' . $oDispatcher->getControllerName() . ' controller class: ' . $oDispatcher->getControllerClass() . ' action: ' . $oDispatcher->getActionName() . ' active method: ' . $oDispatcher->getActiveMethod());
}
/**
* This action is executed before execute any action in the application
*
* @param Event $event
* @param Dispatcher $dispatcher
* @return bool
*/
public function beforeDispatch(Event $event, Dispatcher $dispatcher)
{
$auth = $this->session->get('auth');
if (!$auth) {
$role = 'Guests';
} else {
$role = 'Users';
}
$namespace = $dispatcher->getNamespaceName();
$controller = $dispatcher->getControllerName();
$path = $namespace . '\\' . $controller;
$action = $dispatcher->getActionName();
$acl = $this->getAcl();
$allowed = $acl->isAllowed($role, $path, $action);
if ($allowed != Acl::ALLOW) {
$dispatcher->forward(array('namespace' => 'App\\Controllers', 'controller' => 'errors', 'action' => 'show401'));
$this->session->destroy();
return false;
}
}
public function beforeDispatch(Event $event, Dispatcher $dispatcher)
{
$role = 'Guests';
// If the user is not logged in set his/her role to guest, otherwise get group name
if ($this->session->get('auth')) {
$role = Groups::findFirstByGroupId($this->session->get('auth')['group_id'])->name;
}
// Get namespace of the controller we're trying to access
$namespace = $dispatcher->getNamespaceName();
// Get all ACL rules for this namespace
$acl = $this->getAcl($namespace);
// Get the controller we're trying to access
$controller = $dispatcher->getControllerName();
// Get the action we are trying to access
$action = $dispatcher->getActionName();
// Check if user is allowed to use this action
$allowed = $acl->isAllowed($role, $controller, $action);
// If not return a 401 error
if ($allowed != Acl::ALLOW) {
$dispatcher->forward(array('namespace' => 'Controllers\\BaseControllers', 'controller' => 'error', 'action' => 'send403'));
}
// In all other situations return true
return true;
}
private function checkPermission(Event $event, Dispatcher $dispatcher)
{
$namespaceName = $dispatcher->getNamespaceName();
if ($namespaceName != 'MyApp\\Controllers') {
$prefix = strtolower(substr($namespaceName, strrpos($namespaceName, '\\') + 1));
$controller = $prefix . '/' . $dispatcher->getControllerName();
} else {
$controller = $dispatcher->getControllerName();
}
$action = $dispatcher->getActionName();
// 不检查public 与 api/sso控制器, 防止forward后二次检查
if (in_array($controller, ['public', 'api/sso'])) {
return true;
}
$acl = $this->getAcl($dispatcher);
$user_id = $this->session->get('user_id');
if (!isset($user_id)) {
$role = 'Guests';
} else {
$role = 'Users';
}
// 无权限
if ($acl->isResource($controller) != $acl->isAllowed($role, $controller, $action)) {
$dispatcher->forward(['namespace' => 'MyApp\\Controllers', 'controller' => 'public', 'action' => 'show401']);
return false;
}
}
