/** * @param Delete $delete * @return mixed * @throws Exception\RuntimeException * @throws \Directus\Acl\Exception\UnauthorizedTableBigDeleteException * @throws \Directus\Acl\Exception\UnauthorizedTableDeleteException */ protected function executeDelete(Delete $delete) { $cuurrentUserId = null; if (Auth::loggedIn()) { $currentUser = Auth::getUserInfo(); $currentUserId = intval($currentUser['id']); } $deleteState = $delete->getRawState(); $deleteTable = $this->getRawTableNameFromQueryStateTable($deleteState['table']); $cmsOwnerColumn = $this->acl->getCmsOwnerColumnByTable($deleteTable); $canBigHardDelete = $this->acl->hasTablePrivilege($deleteTable, 'bigharddelete'); $canHardDelete = $this->acl->hasTablePrivilege($deleteTable, 'harddelete'); $aclErrorPrefix = $this->acl->getErrorMessagePrefix(); // Is this table a junction table? $deleteTableSchema = TableSchema::getTable($deleteTable); $isDeleteTableAJunction = array_key_exists('is_junction_table', $deleteTableSchema) ? (bool) $deleteTableSchema['is_junction_table'] : false; if ($isDeleteTableAJunction || !TableSchema::hasTableColumn($deleteTable, STATUS_COLUMN_NAME)) { if ($this->acl->hasTablePrivilege($deleteTable, 'bigdelete')) { $canBigHardDelete = true; } else { if ($this->acl->hasTablePrivilege($deleteTable, 'delete')) { $canHardDelete = true; } } } // @todo: clean way if ($deleteTable === 'directus_bookmarks') { $canBigHardDelete = true; } /** * ACL Enforcement */ if (!$canBigHardDelete && !$canHardDelete) { throw new UnauthorizedTableBigDeleteException($aclErrorPrefix . "BigHardDelete/HardDelete access forbidden on table `{$deleteTable}`."); } if (false === $cmsOwnerColumn) { // cannot delete if there's no magic owner column and can't big delete if (!$canBigHardDelete) { // All deletes are "big" deletes if there is no magic owner column. throw new UnauthorizedTableBigDeleteException($aclErrorPrefix . "The table `{$deleteTable}` is missing the `user_create_column` within `directus_tables` (BigHardDelete Permission Forbidden)"); } } else { if (!$canBigHardDelete) { // Who are the owners of these rows? list($predicateResultQty, $predicateOwnerIds) = $this->acl->getCmsOwnerIdsByTableGatewayAndPredicate($this, $deleteState['where']); if (in_array($currentUserId, $predicateOwnerIds)) { $exceptionMessage = "Table harddelete access forbidden on {$predicateResultQty} `{$deleteTable}` table records owned by the authenticated CMS user (#{$currentUserId})."; $aclErrorPrefix = $this->acl->getErrorMessagePrefix(); throw new UnauthorizedTableDeleteException($aclErrorPrefix . $exceptionMessage); } } } try { return parent::executeDelete($delete); } catch (\Zend\Db\Adapter\Exception\InvalidQueryException $e) { if ('production' !== DIRECTUS_ENV) { throw new \RuntimeException("This query failed: " . $this->dumpSql($delete), 0, $e); } // @todo send developer warning throw $e; } }
public function drop($tableName = null) { if ($tableName == null) { $tableName = $this->table; } if (!TableSchema::getTable($tableName)) { return false; } // get drop table query $sql = new Sql($this->adapter); $drop = new Ddl\DropTable($tableName); $query = $sql->getSqlStringForSqlObject($drop); $this->runHook('table.drop:before', [$tableName]); $dropped = $this->adapter->query($query)->execute(); if (!$dropped) { return false; } $this->runHook('table.drop', [$tableName]); $this->runHook('table.drop:after', [$tableName]); // remove table privileges if ($tableName != 'directus_privileges') { $privilegesTableGateway = new TableGateway('directus_privileges', $this->adapter); $privilegesTableGateway->delete(['table_name' => $tableName]); } // remove column from directus_tables $tablesTableGateway = new TableGateway('directus_tables', $this->adapter); $tablesTableGateway->delete(['table_name' => $tableName]); // remove column from directus_preferences $preferencesTableGateway = new TableGateway('directus_preferences', $this->adapter); $preferencesTableGateway->delete(['table_name' => $tableName]); return $dropped; }
$TableGateway->update($table_settings, array('table_name' => $table)); } else { $TableGateway->insert($table_settings); } $column_settings = array(); foreach ($data['columns'] as $col) { $columnData = array('table_name' => $table, 'column_name' => $col['column_name'], 'ui' => $col['ui'], 'hidden_input' => $col['hidden_input'], 'required' => $col['required'], 'master' => $col['master'], 'sort' => array_key_exists('sort', $col) ? $col['sort'] : 99999, 'comment' => array_key_exists('comment', $col) ? $col['comment'] : ''); $existing = $ColumnsTableGateway->select(array('table_name' => $table, 'column_name' => $col['column_name']))->toArray(); if (count($existing) > 0) { $columnData['id'] = $existing[0]['id']; } array_push($column_settings, $columnData); } $ColumnsTableGateway->updateCollection($column_settings); } $response = TableSchema::getTable($table); JsonView::render($response); })->via('GET', 'PUT')->name('table_meta'); /** * UPLOAD COLLECTION */ $app->post("/{$v}/upload/?", function () use($params, $requestPayload, $app, $acl, $ZendDb) { // $Transfer = new Files\Transfer(); // $Storage = new Files\Storage\Storage(); $Files = new Directus\Files\Files(); $result = []; foreach ($_FILES as $file) { $result[] = $Files->upload($file); } JsonView::render($result); });
public function drop($tableName = null) { if ($tableName == null) { $tableName = $this->table; } if (!\Directus\Db\TableSchema::getTable($tableName)) { return false; } if (!$this->acl->hasTablePrivilege($tableName, 'alter')) { $aclErrorPrefix = $this->acl->getErrorMessagePrefix(); throw new UnauthorizedTableAddException($aclErrorPrefix . 'Table alter access forbidden on table ' . $tableName); } // get drop table query $sql = new Sql($this->adapter); $drop = new Ddl\DropTable($tableName); $query = $sql->getSqlStringForSqlObject($drop); $this->emitter->run('table.drop:before', [$tableName]); $dropped = $this->adapter->query($query)->execute(); if (!$dropped) { return false; } $this->emitter->run('table.drop', [$tableName]); $this->emitter->run('table.drop:after', [$tableName]); // remove table privileges if ($tableName != 'directus_privileges') { $privilegesTableGateway = new TableGateway('directus_privileges', $this->adapter); $privilegesTableGateway->delete(['table_name' => $tableName]); } // remove column from directus_tables $tablesTableGateway = new TableGateway('directus_tables', $this->adapter); $tablesTableGateway->delete(['table_name' => $tableName]); // remove column from directus_preferences $preferencesTableGateway = new TableGateway('directus_preferences', $this->adapter); $preferencesTableGateway->delete(['table_name' => $tableName]); return $dropped; }