Example #1
0
 /**
  * Loads a single plugin and checks the user's permissions.
  *
  * @param int|string $idOrCode
  * @throws Exception
  * @return Plugin
  */
 private function getPluginById($idOrCode, PropelPDO $con = null)
 {
     $user = $this->requireUser();
     if (!$user->isAdmin()) {
         throw new Exception('Non-administrative user "' . $user->getFQN() . '" cannot access plugins directly.');
     }
     $idOrCode = trim($idOrCode);
     if (substr($idOrCode, 0, 1) === '<') {
         // Protect against CSRF attacks
         if (!Form::verifyPersist('plugin.execute')) {
             throw new Exception('Plugin execution authentication failed.');
         }
         $plugin = new Plugin();
         $plugin->setCode($idOrCode);
         return $plugin;
     } elseif (is_numeric($idOrCode) and preg_match('`^\\d+$`', $idOrCode)) {
         $plugin = PluginQuery::create()->findOneById($idOrCode, $con);
     } else {
         $plugin = PluginQuery::create()->findOneByIdentifier($idOrCode, $con);
     }
     if ($plugin === null) {
         throw new Exception('Plugin with ID ' . $idOrCode . ' not found!');
     }
     // Check if the vacation belongs to the user's account
     if ($plugin->getAccountId() != $user->getAccount($con)->getId()) {
         throw new Exception('The selected plugin belongs to a different account!');
     }
     return $plugin;
 }