/** * Generates the order by statement * * @param class_reflection $objReflection * * @return string */ private function getOrderBy(class_reflection $objReflection) { //try to load the sort criteria $arrPropertiesOrder = $objReflection->getPropertiesWithAnnotation(class_orm_base::STR_ANNOTATION_LISTORDER); $arrOrderByCriteria = array(); foreach ($this->arrOrderBy as $objOneOrder) { $arrOrderByCriteria[] = $objOneOrder->getStrOrderBy(); } if (count($arrPropertiesOrder) > 0) { $arrPropertiesORM = $objReflection->getPropertiesWithAnnotation(class_orm_base::STR_ANNOTATION_TABLECOLUMN); foreach ($arrPropertiesOrder as $strProperty => $strAnnotation) { if (isset($arrPropertiesORM[$strProperty])) { $arrColumn = explode(".", $arrPropertiesORM[$strProperty]); if (count($arrColumn) == 2) { $strColumn = $arrColumn[1]; } else { $strColumn = $arrColumn[0]; } //get order $strOrder = uniStrtoupper($strAnnotation) == "DESC" ? "DESC" : "ASC"; //get column if ($strColumn != "") { $arrOrderByCriteria[] = " " . $strColumn . " " . $strOrder . " "; } } } } $arrOrderByCriteria[] = " system_sort ASC "; $strOrderBy = ""; if (count($arrOrderByCriteria) > 0) { $strOrderBy = "ORDER BY " . implode(" , ", $arrOrderByCriteria) . " "; } return $strOrderBy; }
/** * This method triggers the internal processing. * It may be overridden if required, e.g. to implement your own action-handling. * By default, the method to be called is set up out of the action-param passed. * Example: The action requested is names "newPage". Therefore, the framework tries to * call actionNewPage(). If no method matching the schema is found, an exception is being thrown. * The actions' output is saved back to self::strOutput and, is returned in addition. * Returning the content is only implemented to remain backwards compatible with older implementations. * Since Kajona 4.0, the check on declarative permissions via annotations is supported. * Therefore the list of permissions, named after the "permissions" annotation are validated against * the module currently loaded. * * @param string $strAction * * @see class_rights::validatePermissionString * * @throws class_exception * @return string * @since 3.4 */ public function action($strAction = "") { if ($strAction != "") { $this->setAction($strAction); } $strAction = $this->getAction(); //search for the matching method - build method name $strMethodName = "action" . uniStrtoupper($strAction[0]) . uniSubstr($strAction, 1); if (method_exists($this, $strMethodName)) { //validate the permissions required to call this method, the xml-part is validated afterwards $objAnnotations = new class_reflection(get_class($this)); $strPermissions = $objAnnotations->getMethodAnnotationValue($strMethodName, "@permissions"); if ($strPermissions !== false) { if (validateSystemid($this->getSystemid()) && class_objectfactory::getInstance()->getObject($this->getSystemid()) != null) { $objObjectToCheck = class_objectfactory::getInstance()->getObject($this->getSystemid()); } else { $objObjectToCheck = $this->getObjModule(); } if (!class_carrier::getInstance()->getObjRights()->validatePermissionString($strPermissions, $objObjectToCheck)) { class_response_object::getInstance()->setStrStatusCode(class_http_statuscodes::SC_UNAUTHORIZED); $this->strOutput = $this->objToolkit->warningBox($this->getLang("commons_error_permissions")); $objException = new class_exception("you are not authorized/authenticated to call this action", class_exception::$level_ERROR); if (_xmlLoader_) { throw $objException; } else { $objException->setIntDebuglevel(0); $objException->processException(); return $this->strOutput; } } } //validate the loading channel - xml or regular if (_xmlLoader_ === true) { //check it the method is allowed for xml-requests if (!$objAnnotations->hasMethodAnnotation($strMethodName, "@xml") && substr(get_class($this), -3) != "xml") { throw new class_exception("called method " . $strMethodName . " not allowed for xml-requests", class_exception::$level_FATALERROR); } if ($this->getArrModule("modul") != $this->getParam("module") && $this->getParam("module") != "messaging") { class_response_object::getInstance()->setStrStatusCode(class_http_statuscodes::SC_UNAUTHORIZED); throw new class_exception("you are not authorized/authenticated to call this action", class_exception::$level_FATALERROR); } } $this->strOutput = $this->{$strMethodName}(); } else { $objReflection = new ReflectionClass($this); //if the pe was requested and the current module is a login-module, there are insufficient permissions given if ($this->getArrModule("template") == "/login.tpl" && $this->getParam("pe") != "") { throw new class_exception("You have to be logged in to use the portal editor!!!", class_exception::$level_ERROR); } if (get_class($this) == "class_module_login_admin_xml") { class_response_object::getInstance()->setStrStatusCode(class_http_statuscodes::SC_UNAUTHORIZED); throw new class_exception("you are not authorized/authenticated to call this action", class_exception::$level_FATALERROR); } $this->strOutput = $this->objToolkit->warningBox("called method " . $strMethodName . " not existing for class " . $objReflection->getName()); $objException = new class_exception("called method " . $strMethodName . " not existing for class " . $objReflection->getName(), class_exception::$level_ERROR); $objException->setIntDebuglevel(0); $objException->processException(); } return $this->strOutput; }
/** * This method triggers the internal processing. * It may be overridden if required, e.g. to implement your own action-handling. * By default, the method to be called is set up out of the action-param passed. * Example: The action requested is named "newPage". Therefore, the framework tries to * call actionNewPage(). If now method matching the schema is found, nothing is done. * <b> Please note that this is different from the admin-handling! </b> In the case of admin-classes, * an exception is thrown. But since there could be many modules on a single page, not each module * may be triggered. * Since Kajona 4.0, the check on declarative permissions via annotations is supported. * Therefore the list of permissions, named after the "permissions" annotation are validated against * the module currently loaded. * * * @param string $strAction * * @see class_rights::validatePermissionString * @throws class_exception * @return string * @since 3.4 */ public function action($strAction = "") { if ($strAction != "") { $this->setAction($strAction); } $strAction = $this->getAction(); //search for the matching method - build method name $strMethodName = "action" . uniStrtoupper($strAction[0]) . uniSubstr($strAction, 1); $objAnnotations = new class_reflection(get_class($this)); if (method_exists($this, $strMethodName)) { //validate the permissions required to call this method, the xml-part is validated afterwards $strPermissions = $objAnnotations->getMethodAnnotationValue($strMethodName, "@permissions"); if ($strPermissions !== false) { if (validateSystemid($this->getSystemid()) && class_objectfactory::getInstance()->getObject($this->getSystemid()) != null) { $objObjectToCheck = class_objectfactory::getInstance()->getObject($this->getSystemid()); } else { $objObjectToCheck = $this->getObjModule(); } if (!class_carrier::getInstance()->getObjRights()->validatePermissionString($strPermissions, $objObjectToCheck)) { $this->strOutput = $this->getLang("commons_error_permissions"); //redirect to the error page if ($this->getPagename() != class_module_system_setting::getConfigValue("_pages_errorpage_")) { $this->portalReload(class_link::getLinkPortalHref(class_module_system_setting::getConfigValue("_pages_errorpage_"), "")); return ""; } class_response_object::getInstance()->setStrStatusCode(class_http_statuscodes::SC_UNAUTHORIZED); throw new class_exception("you are not authorized/authenticated to call this action", class_exception::$level_ERROR); } } if (_xmlLoader_ === true) { //check it the method is allowed for xml-requests $objAnnotations = new class_reflection(get_class($this)); if (!$objAnnotations->hasMethodAnnotation($strMethodName, "@xml") && substr(get_class($this), -3) != "xml") { throw new class_exception("called method " . $strMethodName . " not allowed for xml-requests", class_exception::$level_FATALERROR); } } $this->strOutput = $this->{$strMethodName}(); } else { if (_xmlLoader_ === true) { $objReflection = new ReflectionClass($this); throw new class_exception("called method " . $strMethodName . " not existing for class " . $objReflection->getName(), class_exception::$level_FATALERROR); } //try to load the list-method $strListMethodName = "actionList"; if (method_exists($this, $strListMethodName)) { $strPermissions = $objAnnotations->getMethodAnnotationValue($strListMethodName, "@permissions"); if ($strPermissions !== false) { if (validateSystemid($this->getSystemid()) && class_objectfactory::getInstance()->getObject($this->getSystemid()) != null) { $objObjectToCheck = class_objectfactory::getInstance()->getObject($this->getSystemid()); } else { $objObjectToCheck = $this->getObjModule(); } if (!class_carrier::getInstance()->getObjRights()->validatePermissionString($strPermissions, $objObjectToCheck)) { $this->strOutput = $this->getLang("commons_error_permissions"); throw new class_exception("you are not authorized/authenticated to call this action", class_exception::$level_ERROR); } } $this->strOutput = $this->{$strListMethodName}(); } else { $objReflection = new ReflectionClass($this); throw new class_exception("called method " . $strMethodName . " not existing for class " . $objReflection->getName(), class_exception::$level_ERROR); } } return $this->strOutput; }