/** * observer will only be called at * controller_action_postdispatch_customer_account_loginPost * because the logged in customer object is not available in the pre dispatch! * * @param Varien_Event_Observer $observer */ public function restrictCmsPageAfterLogin(Varien_Event_Observer $observer) { $this->_initProperties($observer); /* we keep these two var just to be sure it is called correctly :-| */ $isMageCustomerAccountController = $this->_controller instanceof Mage_Customer_AccountController; $isCustomerLoginPost = $this->_request->getActionName() === 'loginPost'; if ($isMageCustomerAccountController && $isCustomerLoginPost && $this->_hasSessionRedirectUrl()) { $this->_pageIdentifier = $this->_getSessionRedirectUrl(); $url = TRUE === Mage::helper('schumacherfm_cmsrestriction')->isCustomerAllowed($this->_getPageModelInstance()) ? $this->_pageIdentifier : Mage::helper('schumacherfm_cmsrestriction')->getAccessDeniedUrl(); $this->_unsSessionRedirectUrl(); $this->_handleRedirect($url); } }
/** * Validate customer attribute actions * * @param Mage_Adminhtml_Controller_Action $controller * @return bool */ public function validateCustomerAttributeActions($controller) { $actionName = strtolower($this->_request->getActionName()); $attributeId = $this->_request->getParam('attribute_id'); $websiteId = $this->_request->getParam('website'); if (in_array($actionName, array('new', 'delete')) || in_array($actionName, array('edit', 'save')) && !$attributeId || $websiteId && !$this->_role->hasWebsiteAccess($websiteId, true)) { $this->_forward(); return false; } return true; }
/** * Block editing of Hierarchy if GWS permissions are applicable * * @param Mage_Adminhtml_Controller_Action $controller * @return bool|void */ public function validateCmsHierarchyAction($controller) { if (!$this->_role->getIsAll()) { $requestAction = $this->_request->getActionName(); if ($requestAction == 'delete' || $requestAction == 'copy') { $scopesParam = $this->_request->getParam('scopes'); $scopesParamIsArray = true; if (!is_array($scopesParam)) { $scopesParam = array($scopesParam); $scopesParamIsArray = false; } $validatedScopes = array(); foreach (array_unique($scopesParam) as $value) { if (0 === strpos($value, Enterprise_Cms_Helper_Hierarchy::SCOPE_PREFIX_WEBSITE)) { $scopeId = (int) str_replace(Enterprise_Cms_Helper_Hierarchy::SCOPE_PREFIX_WEBSITE, '', $value); if ($this->_role->hasExclusiveAccess((array) $scopeId)) { $validatedScopes[] = $value; } } elseif (0 === strpos($value, Enterprise_Cms_Helper_Hierarchy::SCOPE_PREFIX_STORE)) { $scopeId = (int) str_replace(Enterprise_Cms_Helper_Hierarchy::SCOPE_PREFIX_STORE, '', $value); if ($this->_role->hasExclusiveStoreAccess((array) $scopeId)) { $validatedScopes[] = $value; } } } if (count($validatedScopes) > 0) { if ($requestAction == 'delete' && !$scopesParamIsArray && count($validatedScopes) == 1 && isset($validatedScopes[0])) { $validatedScopes = $validatedScopes[0]; } $this->_request->setParam('scopes', $validatedScopes); } else { $this->_forward(); return false; } } else { $websiteCode = $controller->getRequest()->getParam('website'); $website = Mage::app()->getWebsite($websiteCode); $websiteId = $website->getId(); if (!$this->_role->hasExclusiveAccess((array) $websiteId)) { $storeCode = $controller->getRequest()->getParam('store'); $store = Mage::app()->getStore($storeCode); $storeId = $store->getId(); if (!$this->_role->hasExclusiveStoreAccess((array) $storeId)) { $this->_forward(); return false; } } } } return true; }
/** * Forward current request * * @param string $action * @param string $module * @param string $controller * @return void */ protected function _forward($action = 'denied', $module = null, $controller = null) { if ($this->_request->getActionName() === $action && (null === $module || $this->_request->getModuleName() === $module) && (null === $controller || $this->_request->getControllerName() === $controller)) { return; } $this->_request->initForward(); if ($module) { $this->_request->setModuleName($module); } if ($controller) { $this->_request->setControllerName($controller); } $this->_request->setActionName($action)->setDispatched(false); }
/** * Checks whether route/controller action is allowed to be reached depending on initializer state * * @param Mage_Core_Controller_Request_Http $request * @return bool */ public function isAllowed(Mage_Core_Controller_Request_Http $request) { if ($this->isDataCollected()) { return true; } if (count($this->_restrictions) == 1) { $initializerAclNode = Mage::getConfig()->getNode('default/xcom/initializer_acl'); if ($initializerAclNode) { $this->_restrictions += $initializerAclNode->asArray(); } } $parts = array('module' => str_replace('_adminhtml', '', strtolower($request->getControllerModule())), 'controller' => strtolower($request->getControllerName()), 'action' => strtolower($request->getActionName()), 'urn' => trim(strtolower($request->getRequestString()), '/')); $moduleParts = explode('_', $parts['module']); $parts['namespace'] = $moduleParts[0]; $this->_currentMatch = array('scopeWeight' => 0, 'directionWeight' => 2, 'urn' => ''); foreach ($this->_restrictions as $issuer => $rules) { if ($issuer != '*') { if (!Mage::getResourceModel('xcom_initializer/job')->hasJobsLeft($issuer)) { continue; } } foreach (array('allowed', 'denied') as $direction) { if (empty($rules[$direction])) { continue; } foreach ($rules[$direction] as $scope => $values) { if (!is_array($values)) { Mage::log(printf('Invalid configuration for scope node %s', $scope)); continue; } foreach ($values as $value) { $value = strtolower(is_array($value) ? current($value) : $value); $hasMatched = false; if (empty($value)) { Mage::log(printf('Empty node inside scope %s', $scope)); continue; } switch (strtolower($scope)) { case 'namespace': if ('denied' == $direction) { $hasMatched = $value == $parts['namespace']; } else { Mage::log('<namespace> node allowed in <denied> section only'); } break; case 'action': case 'controller': $pattern = '(?P<module>.+)/(?P<controller>.+)'; $scopes = array('module', 'controller'); if ('action' == $scope) { $pattern .= '::(?P<action>.+)'; $scopes[] = 'action'; } if (preg_match('#' . $pattern . '#', $value, $matches)) { // Split value into module and controller (and action, if it's 'action' rule) $hasMatched = true; foreach ($scopes as $_scope) { if (!in_array($matches[$_scope], array('*', $parts[$_scope]))) { // Value part doesn't match corresponding part of current request or '*' $hasMatched = false; break; } } } else { Mage::log(printf('Invalid action/controller definition: %s. Allowed pattern: namespace_module/controller::action', $value)); } break; case 'module': $hasMatched = $value == $parts['module']; break; case 'urn': $value = trim($value, '/'); $hasMatched = 0 === strpos($parts['urn'], $value); break; default: Mage::log(printf('Unknown rule scope: %s', $scope)); } if ($hasMatched) { $this->_matched($scope, $direction, 'urn' == $scope ? $value : ''); } } } } } return $this->_isAllowed(); }
/** * Check is controller action is allowed w/o authorization * * @param Mage_Core_Controller_Request_Http $request * @param Mage_XmlConnect_Controller_AdminAction $controllerAction * @return bool|null */ protected function _checkAdminController($request, $controllerAction) { if ($controllerAction instanceof Mage_XmlConnect_Controller_AdminAction) { foreach ($controllerAction->getAllowedControllerActions() as $controller => $allowedActions) { if ($request->getControllerName() == $controller && in_array(strtolower($request->getActionName()), $allowedActions)) { return true; } } return false; } }
/** * Return whether request corresponds to an export request from our module for handled grid * * @param Mage_Core_Controller_Request_Http $request Request object * @param string $gridType Grid block type * @return bool */ public function isExportRequest($request, $gridType) { $action = $request->getRouteName() . '/' . $request->getControllerName() . '/' . $request->getActionName(); foreach ($this->_getExportTypes($gridType) as $type) { if ($type['url'] == $action) { return true; } } return false; }
/** * Get the empty handles handler for any given request * * @param Mage_Core_Controller_Request_Http $request * @return string */ public function getHandler(Mage_Core_Controller_Request_Http $request) { $requestParts = array($request->getModuleName(), $request->getControllerName(), $request->getActionName()); return 'emptyhandles/handler_' . implode('_', $requestParts); }
public function matchRoute(Mage_Core_Controller_Request_Http $request, $route) { $path = explode('/', $route); for ($i = 0; $i < 3; $i++) { if (!isset($path[$i])) { $path[$i] = 'index'; } else { if ($path[$i][0] == '(') { $path[$i] = explode('|', trim($path[$i], '()')); } } } return $this->_compareComponents($path, array($request->getRouteName(), $request->getControllerName(), $request->getActionName())); }
public function getFullActionName(Mage_Core_Controller_Request_Http $request) { return $request->getModuleName() . '_' . $request->getControllerName() . '_' . $request->getActionName(); }
/** * @param Mage_Core_Controller_Request_Http $request * @param $route * @return bool */ public function isMatchedRequestRoute($request, $route) { $this->debug('Testing route : ' . $route . ' with ' . $request->getControllerModule() . '/' . $request->getControllerName() . '/' . $request->getActionName()); $route = trim($route); $route_parts = explode('/', $route); if (isset($route_parts[0])) { $module = $route_parts[0]; $module_name = strtolower($request->getControllerModule()); if (strtolower($module) == strtolower($module_name)) { if (isset($route_parts[1])) { $controller = $route_parts[1]; $controller_name = strtolower($request->getControllerName()); if (strtolower($controller) == strtolower($controller_name)) { if (isset($route_parts[2])) { $action = $route_parts[2]; $action_name = strtolower($request->getActionName()); if (strtolower($action) == strtolower($action_name)) { return true; } } else { return true; } } } else { return true; } } } return false; }
/** * Match controller name * * @param Mage_Core_Controller_Request_Http $request * @param string $param * @return string */ protected function _matchActionName(Mage_Core_Controller_Request_Http $request, $param) { if (empty($action)) { if ($request->getActionName()) { $action = $request->getActionName(); } else { $action = !empty($param) ? $param : $this->getFront()->getDefault('action'); } } else { $action = $param; } return $action; }