/** * Loads a single plugin and checks the user's permissions. * * @param int|string $idOrCode * @throws Exception * @return Plugin */ private function getPluginById($idOrCode, PropelPDO $con = null) { $user = $this->requireUser(); if (!$user->isAdmin()) { throw new Exception('Non-administrative user "' . $user->getFQN() . '" cannot access plugins directly.'); } $idOrCode = trim($idOrCode); if (substr($idOrCode, 0, 1) === '<') { // Protect against CSRF attacks if (!Form::verifyPersist('plugin.execute')) { throw new Exception('Plugin execution authentication failed.'); } $plugin = new Plugin(); $plugin->setCode($idOrCode); return $plugin; } elseif (is_numeric($idOrCode) and preg_match('`^\\d+$`', $idOrCode)) { $plugin = PluginQuery::create()->findOneById($idOrCode, $con); } else { $plugin = PluginQuery::create()->findOneByIdentifier($idOrCode, $con); } if ($plugin === null) { throw new Exception('Plugin with ID ' . $idOrCode . ' not found!'); } // Check if the vacation belongs to the user's account if ($plugin->getAccountId() != $user->getAccount($con)->getId()) { throw new Exception('The selected plugin belongs to a different account!'); } return $plugin; }