private function validateView() { if (!isset($_REQUEST['view'])) { $this->exitWithError('View not set'); } $className = $_REQUEST['view']; //check if request is for view folder if (strpos($className, 'View_') !== 0) { $this->exitWithError('View does not existe'); } if (!class_exists($className)) { $this->exitWithError('View does not exist'); } $user = new Core_Auth_User(); $acl = Application::getAcl(); $role = $user->getRole(); if ($role != 'admin' && $role != 'superadmin') { $acl->addCurrentAsset($_REQUEST['view']); $acl->validate(); } return $className; }
private function validateModel() { if (!isset($_REQUEST['model'])) { $this->exitWithError('No model set'); } if (sizeof($_REQUEST['model']) > 1) { $this->exitWithError('Only one model allowed'); } $className = key($_REQUEST['model']); //check if request is for view folder if (strpos($className, 'Model_') !== 0) { $this->exitWithError('Model does not exist'); exit; } if (!class_exists($className)) { $this->exitWithError('Model does not exist'); } if (!isset($_REQUEST['method'])) { //request method does not exist default it to select if (!isset($_REQUEST['model'][$className]['method'])) { $method = null; } else { $method = $_REQUEST['model'][$className]['method']; } } else { $method = $_REQUEST['method']; } if ($method != null) { if (!method_exists($className, $method)) { echo $className . ' -- ' . $method; $this->exitWithError('Request method does not exist'); } } $user = new Core_Auth_User(); $acl = Application::getAcl(); $role = $user->getRole(); if ($role != 'admin' && $role != 'superadmin') { $acl->addCurrentAsset($className . '_' . $method); $acl->validate(); } return array('class' => $className, 'method' => $method); }