private function validateView()
{
if (!isset($_REQUEST['view'])) {
$this->exitWithError('View not set');
}
$className = $_REQUEST['view'];
//check if request is for view folder
if (strpos($className, 'View_') !== 0) {
$this->exitWithError('View does not existe');
}
if (!class_exists($className)) {
$this->exitWithError('View does not exist');
}
$user = new Core_Auth_User();
$acl = Application::getAcl();
$role = $user->getRole();
if ($role != 'admin' && $role != 'superadmin') {
$acl->addCurrentAsset($_REQUEST['view']);
$acl->validate();
}
return $className;
}
private function validateModel()
{
if (!isset($_REQUEST['model'])) {
$this->exitWithError('No model set');
}
if (sizeof($_REQUEST['model']) > 1) {
$this->exitWithError('Only one model allowed');
}
$className = key($_REQUEST['model']);
//check if request is for view folder
if (strpos($className, 'Model_') !== 0) {
$this->exitWithError('Model does not exist');
exit;
}
if (!class_exists($className)) {
$this->exitWithError('Model does not exist');
}
if (!isset($_REQUEST['method'])) {
//request method does not exist default it to select
if (!isset($_REQUEST['model'][$className]['method'])) {
$method = null;
} else {
$method = $_REQUEST['model'][$className]['method'];
}
} else {
$method = $_REQUEST['method'];
}
if ($method != null) {
if (!method_exists($className, $method)) {
echo $className . ' -- ' . $method;
$this->exitWithError('Request method does not exist');
}
}
$user = new Core_Auth_User();
$acl = Application::getAcl();
$role = $user->getRole();
if ($role != 'admin' && $role != 'superadmin') {
$acl->addCurrentAsset($className . '_' . $method);
$acl->validate();
}
return array('class' => $className, 'method' => $method);
}
