/** * Add page to section. * * @param Navigation_Abstract $page * @param int $priority * @return $this */ public function add_page(Navigation_Abstract &$page, $priority = 1) { $priority = (int) $priority; // Check permissions if (!ACL::check($page->permissions)) { return $this; } // Priority if (isset($page->priority)) { $priority = (int) $page->priority; } // Typeof if ($page instanceof Navigation_Section) { $this->_sections[] = $page; $page->set_section($this); } else { // Change priority if (isset($this->_pages[$priority])) { while (isset($this->_pages[$priority])) { $priority++; } } // Store page $this->_pages[$priority] = $page; } // Add page buttons if (isset($page->buttons)) { $page->add_buttons($page->buttons); } // $page->set_section($this); return $this->update()->sort(); }
/** * List of pages (blogs/posts/etc.) with a specific tag * * @throws HTTP_Exception_404 * * @uses Log::add * @uses Text::ucfirst * @uses ACL::check * @uses Meta::links * @uses URL::canonical * @uses Route::url */ public function action_view() { $id = (int) $this->request->param('id', 0); $tag = ORM::factory('tag', $id); if (!$tag->loaded()) { throw HTTP_Exception::factory(404, 'Tag :tag not found!', array(':tag' => $id)); } $this->title = __(':title', array(':title' => Text::ucfirst($tag->name))); $view = View::factory('tag/view')->set('teaser', TRUE)->bind('pagination', $pagination)->bind('posts', $posts); $posts = $tag->posts; if (!ACL::check('administer tags') and !ACL::check('administer content')) { $posts->where('status', '=', 'publish'); } $total = $posts->reset(FALSE)->count_all(); if ($total == 0) { Log::info('No posts found.'); $this->response->body(View::factory('page/none')); return; } $pagination = Pagination::factory(array('current_page' => array('source' => 'cms', 'key' => 'page'), 'total_items' => $total, 'items_per_page' => 15, 'uri' => $tag->url)); $posts = $posts->order_by('created', 'DESC')->limit($pagination->items_per_page)->offset($pagination->offset)->find_all(); $this->response->body($view); // Set the canonical and shortlink for search engines if ($this->auto_render === TRUE) { Meta::links(URL::canonical($tag->url, $pagination), array('rel' => 'canonical')); Meta::links(Route::url('tag', array('action' => 'view', 'id' => $tag->id)), array('rel' => 'shortlink')); } }
/** * @dataProvider providerPerms */ public function testacl_check($perm, $user_id) { $user = ORM::factory('user', $user_id); if ($user_id == 1) { $this->assertFalse(ACL::check($perm, $user)); } else { $this->assertTrue(ACL::check($perm, $user)); } }
public function before() { parent::before(); if ($this->auth_required === TRUE and !Auth::is_logged_in() and !in_array($this->request->action(), $this->public_actions)) { $this->_deny_access(); } if ($this->auth_required === TRUE and !in_array($this->request->action(), $this->allowed_actions) and !ACL::check($this->request)) { $this->_deny_access(); } }
public function rest_delete() { if (!ACL::check('dshboard.empty')) { throw HTTP_API_Exception::factory(API::ERROR_PERMISSIONS, 'You don\'t have permission to :permission', array(':permission' => __('Empty dashboard'))); } Dashboard::remove_data(); Cache::register_shutdown_function(); Kohana::$log->add(Log::INFO, ':user empty dashboard')->write(); $this->message('Dashboard is empty!'); }
public function get_clear() { if (!ACL::check('system.session.clear')) { throw HTTP_API_Exception::factory(API::ERROR_PERMISSIONS, 'You don\'t have permission to :permission', array(':permission' => __('Сlear user sessions'))); } if (Session::$default == 'database') { DB::delete('sessions')->execute(); Kohana::$log->add(Log::INFO, ':user clear user sessions')->write(); $this->message('User sessions has been cleared!'); } }
public function rest_delete() { if (!ACL::check('system.cache.clear')) { throw HTTP_API_Exception::factory(API::ERROR_PERMISSIONS, 'You don\'t have permission to :permission', array(':permission' => __('Сlear cache'))); } if (Kohana::$caching === TRUE) { Cache::register_shutdown_function(); } Kohana::$log->add(Log::INFO, ':user clear cache')->write(); $this->message('Cache has been cleared!'); }
/** * Before the controller execute an action, check security access. * @throws HTTP_Exception */ public function before() { parent::before(); // Check public actions if ($this->auth_required === true && !Auth::is_logged_in() && !in_array($this->request->action(), $this->public_actions)) { $this->_deny_access(); } // Check allowed actions if ($this->auth_required === true && !in_array($this->request->action(), $this->allowed_actions) && !ACL::check($this->request)) { $this->_deny_access(); } }
public function rest_put() { if (!ACL::check('plugins.change_status')) { throw HTTP_API_Exception::factory(API::ERROR_PERMISSIONS, 'You don\'t have permission to :permission', array(':permission' => __('Install or uninstall plugin'))); } Plugins::find_all(); $plugin = Plugins::get_registered($this->param('id', NULL, TRUE)); if (!$plugin->is_activated() and (bool) $this->param('installed') === TRUE) { $plugin->activate(); } else { $plugin->deactivate((bool) $this->param('remove_data')); } Kohana::$log->add(Log::INFO, ':user :action plugin :name', array(':action' => $plugin->is_activated() ? 'activate' : 'deactivate', ':name' => $plugin->title()))->write(); $this->response($this->_get_info($plugin)); }
public function post_refresh() { if (!ACL::check('system.api.refresh_key')) { throw HTTP_API_Exception::factory(API::ERROR_PERMISSIONS, 'You don\'t have permission to :permission', array(':permission' => __('Refresh API key'))); } $key_exists = Config::get('api', 'key') !== NULL; $key = $this->param('key', NULL, $key_exists); if ($key_exists === TRUE) { $key = ORM::factory('api_key')->refresh($key); } else { $key = ORM::factory('api_key')->generate('KodiCMS API key'); } Config::set('api', 'key', $key); $this->response($key); }
public function before() { if ($this->request->action() != 'create') { $ds_id = (int) $this->request->param('id'); $this->section($ds_id); if ($this->section()->has_access_edit()) { $this->allowed_actions[] = 'edit'; } if ($this->section()->has_access_remove()) { $this->allowed_actions[] = 'remove'; } } else { $type = strtolower($this->request->param('id')); if (ACL::check($type . '.section.create')) { $this->allowed_actions[] = 'create'; } } parent::before(); }
public function action_edit() { $layout_name = $this->request->param('id'); $layout = new Model_File_Layout($layout_name); if (!$layout->is_exists()) { if (($found_file = $layout->find_file()) !== FALSE) { $layout = new Model_File_Layout($found_file); } else { Messages::errors(__('Layout not found!')); $this->go(); } } $this->set_title($layout_name); // check if trying to save if (Request::current()->method() == Request::POST and ACL::check('layout.edit')) { return $this->_edit($layout); } Assets::package('ace'); $this->template->content = View::factory('layout/edit', array('action' => 'edit', 'layout' => $layout)); }
public function get_database() { if (!ACL::check('update.database_apply')) { throw HTTP_API_Exception::factory(API::ERROR_PERMISSIONS, 'You don\'t have permission to :permission', array(':permission' => __('Update database'))); } $db_sql = Database_Helper::schema(); $file_sql = Database_Helper::install_schema(); $compare = new Database_Helper(); $diff = $compare->get_updates($db_sql, $file_sql, TRUE); try { Database_Helper::insert_sql($diff); $this->message('Database schema updated successfully!'); Cache::instance()->delete(Update::CACHE_KEY_DB_SHEMA); $this->response(TRUE); } catch (Exception $ex) { $this->message('Something went wrong!'); $this->response(FALSE); } Kohana::$log->add(Log::INFO, ':user update database')->write(); }
public function action_edit() { $snippet_name = $this->request->param('id'); $snippet = new Model_File_Snippet($snippet_name); if (!$snippet->is_exists()) { if (($found_file = $snippet->find_file()) !== FALSE) { $snippet = new Model_File_Snippet($found_file); } else { Messages::errors(__('Snippet not found!')); $this->go(); } } $this->template->title = __('Edit snippet'); $this->breadcrumbs->add($snippet_name); // check if trying to save if (Request::current()->method() == Request::POST and ACL::check('snippet.edit')) { return $this->_edit($snippet_name); } Assets::package('ace'); $this->template->content = View::factory('snippet/edit', array('action' => 'edit', 'filters' => WYSIWYG::findAll(), 'snippet' => $snippet)); }
/** * * @param Model_Navigation_Page $page * @param integer $priority * @return \Model_Navigation_Section */ public function add_page(Model_Navigation_Abstract &$page, $priority = 1) { $priority = (int) $priority; if (!ACL::check($page->permissions)) { return $this; } if (isset($page->priority)) { $priority = (int) $page->priority; } if ($page instanceof Model_Navigation_Section) { $this->_sections[] = $page; $page->set_section($this); } else { if (isset($this->_pages[$priority])) { while (isset($this->_pages[$priority])) { $priority++; } } $this->_pages[$priority] = $page; } $page->set_section($this); return $this->update()->sort(); }
if ($child->has_children) { ?> <?php if ($child->is_expanded) { echo UI::icon('minus fa-fw item-expander item-expander-expand'); } else { echo UI::icon('plus fa-fw item-expander'); } ?> <?php } ?> <?php if (!ACL::check('page.edit') or !Auth::has_permissions($child->get_permissions())) { ?> <?php echo UI::icon('lock fa-fw'); ?> <?php echo $child->title; ?> <?php } else { ?> <?php echo HTML::anchor($child->get_url(), $child->title, array('data-icon' => ($child->children_rows instanceof View and $child->children_rows->childrens) ? 'folder-open fa-fw' : 'file-o fa-fw')); ?> <?php }
<?php } ?> </div> </div> <div class="right-col"> <hr class="profile-content-hr no-grid-gutter-h"> <div class="profile-content tabbable"> <?php Observer::notify('view_user_profile_information', $user->id); ?> <?php if (!empty($permissions) and ACL::check('users.view.permissions')) { ?> <div class="panel-heading"> <span class="panel-title"><?php echo __('Section permissions'); ?> </span> </div> <div class="panel-body"> <?php foreach ($permissions as $title => $actions) { ?> <div class="panel-heading"> <span class="panel-title"><?php echo __(ucfirst($title)); ?>
<?php echo Form::select('setting[page][check_date]', Form::choices(), Config::get('site', 'check_page_date', Config::NO)); ?> </div> </div> </div> <div class="panel-heading" data-icon="hdd-o"> <span class="panel-title"><?php echo __('Session settings'); ?> </span> </div> <div class="panel-body"> <?php if (ACL::check('system.session.clear') and Session::$default == 'database') { ?> <div class="well"> <?php echo UI::button(__('Clear user sessions'), array('icon' => UI::icon('trash-o fa-lg'), 'class' => 'btn-warning btn-lg', 'data-api-url' => 'session.clear')); ?> </div> <?php } ?> <div class="note note-warning"> <?php echo UI::icon('lightbulb-o fa-lg'); ?> <?php
private function _edit($user) { $data = $this->request->post('user'); $profile = $this->request->post('profile'); $this->auto_render = FALSE; if (ACL::check('users.change_password') or $user->id == Auth::get_id()) { if (strlen($data['password']) == 0) { unset($data['password'], $data['password_confirm']); } } else { unset($data['password']); } if (empty($profile['notice'])) { $profile['notice'] = 0; } try { if ($user->update_user($data, array('email', 'username', 'password'))) { $profile['user_id'] = $user->id; $user->profile->values($profile)->save(); if (Acl::check('users.change_roles') and $user->id > 1) { // now we need to add permissions $user_roles = $this->request->post('user_roles'); if (!empty($user_roles)) { $user->update_related_ids('roles', explode(',', $user_roles)); } } Messages::success(__('User has been saved!')); } } catch (ORM_Validation_Exception $e) { Messages::errors($e->errors('validation')); $this->go_back(); } // save and quit or save and continue editing? if ($this->request->post('commit') !== NULL) { $this->go(); } else { $this->go(array('action' => 'edit', 'id' => $user->id)); } }
<div class="form-group"> <?php echo $page->label('needs_login', array('class' => 'control-label col-md-3')); ?> <div class="col-md-6"> <?php echo $page->field('needs_login', array('prefix' => 'page')); ?> </div> </div> <?php } ?> </div> <?php if (ACL::check('page.permissions')) { ?> <div class="panel-heading"> <?php echo $page->label('page_permissions', array('class' => 'panel-title')); ?> </div> <div class="panel-body"> <?php echo Form::select('page_permissions[]', $permissions, array_keys($page_permissions)); ?> </div> <?php } Observer::notify('view_page_edit_sidebar_after', $page);
<?php defined('SYSPATH') or die('No direct script access.'); /** * Set the default cache driver */ Cache::$default = defined('CACHE_TYPE') ? CACHE_TYPE : 'file'; Observer::observe('modules::after_load', function () { if (IS_INSTALLED and ACL::check('system.cache.settings')) { Observer::observe('view_setting_plugins', function () { echo View::factory('cache/settings'); }); Observer::observe('validation_settings', function ($validation, $filter) { $filter->rule('cache.front_page', 'intval')->rule('cache.page_parts', 'intval')->rule('cache.tags', 'intval'); }); } });
/** * Tags view * * @throw HTTP_Exception_404 */ public function action_tag() { $config = Config::load('blog'); $id = (int) $this->request->param('id', 0); $tag = ORM::factory('tag', array('id' => $id, 'type' => 'blog')); if (!$tag->loaded()) { throw HTTP_Exception::factory(404, 'Tag ":tag" Not Found', array(':tag' => $id)); } $this->title = __(':title', array(':title' => Text::ucfirst($tag->name))); $view = View::factory('blog/list')->set('teaser', TRUE)->set('config', $config)->bind('rss_link', $rss_link)->bind('pagination', $pagination)->bind('posts', $posts); $posts = $tag->posts; if (!ACL::check('administer tags') and !ACL::check('administer content')) { $posts->where('status', '=', 'publish'); } $total = $posts->reset(FALSE)->count_all(); if ($total == 0) { Log::info('No blogs found.'); $this->response->body(View::factory('blog/none')); return; } $rss_link = Route::get('rss')->uri(array('controller' => 'blog', 'action' => 'tag', 'id' => $tag->id)); $pagination = Pagination::factory(array('current_page' => array('source' => 'cms', 'key' => 'page'), 'total_items' => $total, 'items_per_page' => $config->get('items_per_page', 15), 'uri' => $tag->url)); $posts = $posts->order_by('created', 'DESC')->limit($pagination->items_per_page)->offset($pagination->offset)->find_all(); $this->response->body($view); // Set the canonical and shortlink for search engines if ($this->auto_render) { Meta::links(URL::canonical($tag->url, $pagination), array('rel' => 'canonical')); Meta::links(Route::url('blog', array('action' => 'tag', 'id' => $tag->id), TRUE), array('rel' => 'shortlink')); Meta::links(Route::url('rss', array('controller' => 'blog', 'action' => 'tag', 'id' => $tag->id), TRUE), array('rel' => 'alternate', 'type' => 'application/rss+xml', 'title' => Template::getSiteName() . ' : ' . $tag->name)); } }
<?php echo Form::label('_captcha', __('Security'), array('class' => 'form-control nowrap')); ?> <?php echo Form::input('_captcha', '', array('class' => 'text form-control')); ?> <?php echo $captcha; ?> </div> <?php } ?> </div> </div> <?php if (!ACL::check('administer comment') or !$is_edit) { ?> <div class="form-actions"> <?php echo Form::submit('comment', __('Post Comment'), array('class' => 'btn btn-default bth-lg')); ?> </div> <?php } ?> <?php echo Form::close();
Route::filter('guest', function () { if (Auth::check()) { return Redirect::to('/'); } }); /* |-------------------------------------------------------------------------- | permissions Filter |-------------------------------------------------------------------------- | | The "permissions" receives as a parameter the permission name and path to | be executed if not have access, this parameter is optional | */ Route::filter('permissions', function ($route = '/', $request, $namePermissions) { if (!ACL::check($namePermissions)) { return Redirect::to($route); } }); /* |-------------------------------------------------------------------------- | CSRF Protection Filter |-------------------------------------------------------------------------- | | The CSRF filter is responsible for protecting your application against | cross-site request forgery attacks. If this special token in a user | session does not match the one given in this request, we'll bail. | */ Route::filter('csrf', function () { if (Session::token() !== Input::get('_token')) {
<?php $sections = Datasource_Data_Manager::types(); foreach ($sections as $type => $title) { if (!ACL::check($type . '.section.create')) { unset($sections[$type]); } } foreach ($tree as $type => $data) { foreach ($data as $id => $section) { if (array_key_exists($section->folder_id(), $folders)) { $folders[$section->folder_id()]['sections'][$id] = $section; unset($tree[$type][$id]); } } } $folders_status = Model_User_Meta::get('datasource_folders', array()); ?> <div class="navigation"> <?php if (!empty($sections)) { ?> <div class="compose-btn"> <div class="btn-group"> <?php echo UI::button(__('Create section'), array('href' => '#', 'class' => 'dropdown-toggle btn-primary btn-labeled btn-block', 'data-icon-append' => 'caret-down btn-label', 'data-toggle' => 'dropdown')); ?> <ul class="dropdown-menu"> <?php foreach ($sections as $type => $title) {
</tbody> </table> </div> <div class="panel-footer"> <?php if (ACL::check($section->has_access('document.create', TRUE))) { ?> <?php echo UI::button(__('Create Document'), array('href' => Route::get('datasources')->uri(array('controller' => 'document', 'directory' => $section->type(), 'action' => 'create')) . URL::query(array('ds_id' => $section->id())), 'icon' => UI::icon('plus'))); ?> <?php } ?> <?php if (ACL::check($section->has_access_view())) { ?> <?php echo UI::button(__('Goto section'), array('href' => Route::get('datasources')->uri(array('controller' => 'data', 'directory' => 'datasources')) . URL::query(array('ds_id' => $section->id())), 'icon' => UI::icon(Datasource_Data_Manager::get_icon($section->type())), 'class' => 'btn-xs btn-inverse')); ?> <?php } ?> </div> <?php } else { ?> <div class="note note-warning"> <?php echo UI::icon('lightbulb-o fa-lg'); ?>
echo Form::input('_captcha', '', array('class' => 'form-control')); ?> <br> <?php echo $captcha; ?> </div> <?php } ?> </div> <div id="side-info-column" class="col-md-3"> <?php if (ACL::check('administer content') or ACL::check('administer page')) { ?> <div id="submitdiv" class="panel panel-info"> <div class="panel-heading"> <h3 class="panel-title"><?php echo __('Publication'); ?> </h3> </div> <div class="panel-body" id="submitpost"> <div id="minor-publishing"> <div class="form-group <?php echo isset($errors['status']) ? 'has-error' : ''; ?> ">
<?php echo UI::button(__('File manager'), array('class' => 'btn-filemanager btn-flat btn-info btn-sm', 'data-el' => 'textarea_content', 'icon' => UI::icon('folder-open'), 'data-hotkeys' => 'ctrl+m')); ?> </div> <?php } ?> </div> <?php echo Form::textarea('content', $layout->content, array('class' => 'form-control', 'id' => 'textarea_content', 'data-height' => 600, 'data-readonly' => (!$layout->is_exists() or $layout->is_exists() and $layout->is_writable()) ? 'off' : 'on')); ?> <?php if ($layout->is_exists() and !$layout->is_writable()) { ?> <div class="panel-default alert alert-danger alert-dark no-margin-b"> <?php echo __('File is not writable'); ?> </div> <?php } elseif (ACL::check('layout.edit')) { ?> <div class="form-actions panel-footer"> <?php echo UI::actions($page_name); ?> </div> <?php } echo Form::close();
public function action_delete() { if (!ACL::check('delete oaclient2')) { throw new HTTP_Exception_404('You have no permission to delete oauth2 clients.'); } $id = (int) $this->request->param('id'); $redirect = empty($this->redirect) ? Route::get('oauth2/client')->uri(array('action' => 'list')) : $this->redirect; $oaclient = ORM::factory('oaclient', $id); if (!$oaclient->loaded()) { Message::error(__('oaclient: doesn\'t exists!')); Kohana::$log->add(Log::ERROR, 'Attempt to delete non-existent oaclient'); $this->request->redirect(Route::get('oauth2/client')->uri(array('action' => 'list'))); } $clone_oaclient = clone $oaclient; if (!Access::oaclient('delete', $oaclient)) { // If the lead was not loaded, we return access denied. throw new HTTP_Exception_404('Attempt to non-existent oaclient.'); } $this->title = __('Delete oaclient'); $this->subtitle = Text::plain($oaclient->client_id); $form = View::factory('form/confirm')->set('action', $oaclient->delete_url)->set('title', $oaclient->client_id); // If deletion is not desired, redirect to post if (isset($_POST['no']) and $this->valid_post()) { $this->request->redirect('oauth2/client'); } // If deletion is confirmed if (isset($_POST['yes']) and $this->valid_post()) { try { $oaclient->delete(); Message::success(__('oaclient: :title deleted successfully', array(':title' => $clone_oaclient->client_id))); $this->request->redirect($redirect); } catch (Exception $e) { Message::error(__('oaclient: :title unable to delete the record', array(':title' => $clone_oaclient->client_id))); $this->request->redirect($redirect); } } $this->response->body($form); }
echo Date::format($snippet->modified()); ?> </td> <td class="size"> <?php echo Text::bytes($snippet->size()); ?> </td> <td class="direction hidden-xs"> <?php echo UI::label($snippet->get_relative_path()); ?> </td> <td class="actions text-right"> <?php if (ACL::check('snippet.delete')) { ?> <?php echo UI::button(NULL, array('href' => Route::get('backend')->uri(array('controller' => 'snippet', 'action' => 'delete', 'id' => $snippet->name)), 'icon' => UI::icon('times fa-inverse'), 'class' => 'btn-xs btn-danger btn-confirm')); ?> <?php } ?> </td> </tr> <?php } ?> </tbody> </table> </div>