/**
  * Validate if everything is correct
  */
 function validate()
 {
     // first of all, check if we have a valid blog id
     $this->_blogId = $this->_request->getValue("blogId");
     if ($this->_blogId == "" || $this->_blogId < 0) {
         // check if the user really belongs to one or more blogs and if not, quit
         $users = new Users();
         $userBlogs = $users->getUsersBlogs($this->_userInfo->getId(), BLOG_STATUS_ACTIVE);
         if (count($userBlogs) == 0) {
             $this->_view = new AdminSimpleErrorView();
             $this->_view->setValue("message", $this->_locale->tr("error_dont_belong_to_any_blog"));
             return false;
         }
         // if everything went fine, then we can continue...
         $this->_view = new AdminDashboardView($this->_userInfo, $userBlogs);
         return false;
     }
     // load the blog
     $blogs = new Blogs();
     $this->_blogInfo = $blogs->getBlogInfo($this->_blogId);
     // check if the blog really exists
     if (!$this->_blogInfo) {
         $this->_view = new AdminSimpleErrorView();
         $this->_view->setValue("message", $this->_locale->tr("error_incorrect_blog_id"));
         return false;
     }
     // if so, check that it is active
     if ($this->_blogInfo->getStatus() != BLOG_STATUS_ACTIVE) {
         $this->_view = new AdminSimpleErrorView();
         $this->_view->setValue("message", $this->_locale->tr("error_incorrect_blog_id"));
         return false;
     }
     // if the blog identifier is valid, now we should now check if the user belongs
     // to that blog so that we know for sure that nobody has tried to forge the
     // parameter in the meantime
     $userPermissions = new UserPermissions();
     $blogUserPermissions = $userPermissions->getUserPermissions($this->_userInfo->getId(), $this->_blogInfo->getId());
     if (!$blogUserPermissions) {
         $this->_view = new AdminSimpleErrorView();
         $this->_view->setValue("message", $this->_locale->tr("error_no_permissions"));
         return false;
     }
     // if all correct, we can now set the blogInfo object in the session for later
     // use
     $this->_session->setValue("blogInfo", $this->_blogInfo);
     $session = HttpVars::getSession();
     $session["SessionInfo"] = $this->_session;
     HttpVars::setSession($session);
     return true;
 }
 function perform()
 {
     // fetch the validated data
     $this->_userName = Textfilter::filterAllHTML($this->_request->getValue("userName"));
     $this->_userPassword = $this->_request->getValue("newUserPassword");
     $this->_userEmail = Textfilter::filterAllHTML($this->_request->getValue("userEmail"));
     $this->_userFullName = Textfilter::filterAllHTML($this->_request->getValue("userFullName"));
     $this->_userStatus = $this->_request->getValue("userStatus");
     $this->_userBlog = $this->_request->getValue("userBlog");
     // now that we have validated the data, we can proceed to create the user, making
     // sure that it doesn't already exists
     $users = new Users();
     $userInfo = $users->userExists($this->_userName);
     if ($userInfo) {
         $this->_form->setFieldValidationStatus("userName", false);
         $this->_view = new AdminAddUserView($this->_blogInfo);
         $this->setCommonData(true);
         return false;
     }
     // otherwise, we can create a new one
     $user = new UserInfo($this->_userName, $this->_userPassword, $this->_userEmail, "", $this->_userFullName, 0, $this->_properties);
     $user->setStatus($this->_userStatus);
     $this->notifyEvent(EVENT_PRE_USER_ADD, array("user" => &$user));
     $newUserId = $users->addUser($user);
     if (!$newUserId) {
         $this->_view = new AdminAddUserView($this->_blogInfo);
         $this->_form->setFieldValidationStatus("userName", false);
         $this->setCommonData(true);
         return false;
     }
     // if the userBlog parameter is different than 0, we have to add a relationship
     // between that user and the blog
     if ($this->_userBlog > 0) {
         $permissions = new UserPermissions();
         $result = $permissions->grantPermission($newUserId, $this->_userBlog, PERMISSION_BLOG_USER);
     }
     $this->notifyEvent(EVENT_POST_USER_ADD, array("user" => &$user));
     $this->_view = new AdminSiteUsersListView($this->_blogInfo);
     $this->_view->setSuccessMessage($this->_locale->pr("user_added_ok", $user->getUsername()));
     $this->setCommonData();
     return true;
 }
Example #3
0
 /**
  * Default action for TinyMCE Responsive File Manager. Config file available
  * via <code>\ResponsiveFileManager::$aConfig</code> variable. For 
  * non-commercial usage only.
  * 
  * @access	public
  * @since	1.0.0-dev
  * @version	1.0.1
  */
 public function actionDefault()
 {
     $sFileManagerAction = Router::getParam('fmaction');
     if (!in_array($sFileManagerAction, ['dialog', 'ajax_calls', 'execute', 'force_download', 'upload'])) {
         throw new Code404Exception();
     }
     if (!\UserPermissions::hasPerm('wysiwyg_filemanager')) {
         throw new Code401Exception();
     }
     $sLang = Router::getLang();
     \ResponsiveFileManager::$aConfig['default_language'] = $sLang;
 }
 function _revokePermissions()
 {
     // now that we have the list of users we'd like to remove
     // let's go through it and remove those that have been selected
     $users = new Users();
     $userPermissions = new UserPermissions();
     $successMessage = "";
     $errorMessage = "";
     $totalOk = 0;
     foreach ($this->_userIds as $userId) {
         $res = $userPermissions->revokePermission($userId, $this->_blogInfo->getId(), PERMISSION_BLOG_USER);
         $userInfo = $users->getUserInfoFromId($userId);
         if ($res) {
             $totalOk++;
             if ($totalOk < 2) {
                 $successMessage = $this->_locale->pr("user_removed_from_blog_ok", $userInfo->getUsername());
             } else {
                 $successMessage = $this->_locale->pr("users_removed_from_blog_ok", $totalOk);
             }
         } else {
             if ($userInfo) {
                 $errorMessage .= $this->_locale->pr("error_removing_user_from_blog", $userInfo->getUsername()) . "<br/>";
             } else {
                 $errorMessage .= $this->_locale->pr("error_removing_user_from_blog2", $userId) . "<br/>";
             }
         }
     }
     $this->_view = new AdminBlogUsersListView($this->_blogInfo);
     if ($successMessage != "") {
         $this->_view->setSuccessMessage($successMessage);
     }
     if ($errorMessage != "") {
         $this->_view->setErrorMessage($errorMessage);
     }
     $this->setCommonData();
     return true;
 }
 function perform()
 {
     $this->_notificationText = $this->_request->getValue("newBlogUserText");
     $this->_newUsername = Textfilter::filterAllHTML($this->_request->getValue("newBlogUserName"));
     // see if the user exists
     $users = new Users();
     $userInfo = $users->getUserInfoFromUsername($this->_newUsername);
     if (!$userInfo) {
         $this->_view = new AdminTemplatedView($this->_blogInfo, "addbloguser");
         $this->_view->setErrorMessage($this->_locale->pr("error_invalid_user"), $this->_newUsername);
         $this->_form->setFieldValidationStatus("newBlogUserName", false);
         $this->setCommonData(true);
         return false;
     }
     $this->notifyEvent(EVENT_USER_LOADED, array("user" => &$userInfo));
     // now we can add this user to the blog
     $userPerms = new UserPermissions();
     $res = $userPerms->grantPermission($userInfo->getId(), $this->_blogInfo->getId(), PERMISSION_BLOG_USER);
     $this->notifyEvent(EVENT_PRE_USER_UPDATE, array("user" => &$userInfo));
     if (!$res) {
         // there was an error adding the user to the blog
         $this->_view = new AdminTemplatedView($this->_blogInfo, "addbloguser");
         $this->_view->setErrorMessage($this->_locale->pr("error_adding_user", $userInfo->getUsername()));
         $this->setCommonData();
         return false;
     }
     $this->notifyEvent(EVENT_POST_USER_UPDATE, array("user" => &$userInfo));
     // send a notification if enabled
     if ($this->_sendNotification) {
         $this->sendNotificationEmail($userInfo);
     }
     $this->_view = new AdminBlogUsersListView($this->_blogInfo);
     $this->_view->setSuccessMessage($this->_locale->pr("user_added_to_blog_ok", $userInfo->getUsername()));
     $this->setCommonData();
     return true;
 }
Example #6
0
 /**
  * Action used to do multileveled sort on model entities.
  *
  * @access     public
  * @since      1.0.0-alpha
  * @version    1.0.0-alpha
  */
 public function actionSortList()
 {
     // check access
     if (!\UserPermissions::hasPerm('backend_ajax_sort_list')) {
         Route::factory('home')->redirectTo();
     }
     // @TODO: check permissions
     $sObjects = filter_input(INPUT_POST, 'objects');
     $sModel = filter_input(INPUT_POST, 'model');
     $aObjectsTmp = [];
     $aOrderNumber = [];
     // if list of objects is empty
     if (empty($sObjects)) {
         $this->setStatus('error');
         return __('List of objects is empty.');
     }
     // parse objects array from query string
     parse_str($sObjects, $aObjectsTmp);
     $aObjects = $aObjectsTmp['object'];
     // rewrite each object
     foreach ($aObjects as $iID => $sParentID) {
         if ($sParentID === 'null') {
             $sParentID = 0;
         }
         $iParentID = (int) $sParentID;
         if (!isset($aOrderNumber[$iParentID])) {
             $aOrderNumber[$iParentID] = 0;
         }
         $aObjects[$iID] = ['order_parent' => $iParentID, 'order' => $aOrderNumber[$iParentID]];
         $aOrderNumber[$iParentID]++;
     }
     // check if particular model has `order` property
     if (!property_exists($sModel, 'order_number')) {
         $this->setStatus('error');
         return __('Wrong node type.');
     }
     // get all model instances
     $aEntities = DB::query('SELECT t FROM ' . $sModel . ' t WHERE t.id IN (:list)')->param('list', array_keys($aObjects))->execute();
     foreach ($aEntities as $oEntity) {
         /* @var $oEntity ModelCore|ModelCore\Traits\Sortable */
         $aObjData = $aObjects[$oEntity->getId()];
         $oEntity->setOrderNumber($aObjData['order']);
         $oEntity->setOrderParent($aObjData['order_parent']);
         $oEntity->save();
         DB::flush();
     }
     return 'saved';
 }
Example #7
0
 /**
  * Constructor.
  *
  * @access   public
  * @since    1.0.0-alpha
  * @version  1.0.0-alpha
  */
 public function __construct()
 {
     # initialize theme
     Theme::initBackend();
     # call parent
     parent::__construct();
     if ($this->sModel !== NULL) {
         $this->setModel(new $this->sModel());
     }
     if (!User::isLogged() || !\UserPermissions::hasPerm(static::PERM_ADMIN_ACCESS)) {
         Route::factory('home')->redirectTo();
     }
     // set body classes
     $this->addBodyClass('skin-red');
     // add main breadcrumbs and title
     $this->alterBreadcrumbsTitleMain();
     // reset JavaScripts and CSS
     $this->resetCss();
     $this->resetJs();
     // add CSS and JavaScript files
     $this->addCss('https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,700&subset=latin,latin-ext');
     $this->addCss('https://maxcdn.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.min.css');
     $this->addCss('https://code.ionicframework.com/ionicons/2.0.1/css/ionicons.min.css');
     $this->addCssByTheme('/bootstrap/css/bootstrap.min.css');
     $this->addCssByTheme('/css/backend.css');
     $this->addJsByTheme('/plugins/jQuery/jQuery-2.1.4.min.js');
     $this->addJsByTheme('/plugins/jQueryUI/jquery-ui.min.js');
     $this->addJsByTheme('/bootstrap/js/bootstrap.min.js');
     $this->addJsByTheme('/js/backend.js');
     $this->addJsByTheme('/js/jquery.mjs.nestedSortable.js');
     $this->addJsByTheme('/js/app.min.js');
     $this->addJsByTheme('/js/backend_after_theme_load.js');
     # add viewport
     $this->addMetaTagRegular('viewport', 'width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no');
     // generate menu
     $menuView = $this->generateMenu();
     $this->oViewBody->bind('menu', $menuView);
 }
Example #8
0
 /**
  * ACTION - User login.
  *
  * @access   public
  * @return   View
  * @since    1.0.2, 2013-12-07
  * @version  1.0.7-dev, 2015-05-04
  */
 public function actionLogin()
 {
     $this->setTitle(Core::getAppName() . ' - ' . __('Login form'));
     $this->addBreadCrumb(__('Login form'));
     $oLoggedUser = Model\User::getLoggedUser();
     if ($oLoggedUser instanceof Model\User) {
         Route::factory('user_profile')->redirectTo(['id' => $oLoggedUser->getId()]);
     }
     $failedLogins = \User\LoginFail::getCachedData();
     if ($failedLogins > 4) {
         return View::factory('base/alert')->set('sType', 'danger')->set('sMsg', __('to.many.incorrect.logins'));
     }
     $oLoginForm = Form::factory('login');
     $oLoginForm->addField(Form\Field\Text::factory('login', $oLoginForm));
     $oLoginForm->addField(Form\Field\Password::factory('password', $oLoginForm));
     if ($oLoginForm->isSubmittedAndValid()) {
         $sUsername = $oLoginForm->get('login');
         $sPassword = $oLoginForm->get('password');
         $sEncryptedPassword = Helper\Encrypter::factory()->encrypt($sUsername, $sPassword);
         $oUser = DB::query("SELECT u FROM \\Model\\User u WHERE u.login = :login AND u.password = :pass")->param('login', $sUsername)->param('pass', $sEncryptedPassword)->single();
         if ($oUser instanceof Model\User) {
             Session::set('username', $sUsername);
             Session::set('uid', (int) $oUser->getId());
             $oUser->setLoginDateNOW();
             DB::flush();
             # Get role permissions for particular user and set them in session
             \UserPermissions::reset();
             Route::factory(Router::getCurrentRouteName())->redirectTo();
         } else {
             $currentUrl = Router::currentUrl();
             $alert = __('You have entered wrong username or password. Try again.');
             \User\LoginFail::addLoginFail();
             Session::flash($currentUrl, $alert, 'danger');
         }
     }
     $oLoginForm->addToSuffix(View::factory('user/frontend/login_links')->render());
     return View::factory('base/form')->bind('oForm', $oLoginForm);
 }
 /**
  * 检查用户是否可以读取Swf模块
  *
  * @param string $modular ep:Email.inbox
  * @return bool
  */
 public function checkSwfPermission($modular)
 {
     if ($this->checkNotAuthSwf($modular) && !$this->checkRequireAuthSwf($modular)) {
         return true;
     }
     if (!($uid = Session::get(USER_AUTH_KEY))) {
         return false;
     }
     if (Session::is_setLocal('administrator')) {
         return true;
     }
     if ("MDI.Desktop" == $modular) {
         return true;
     }
     $accessList = Session::get('_ACCESS_LIST');
     if (!$accessList) {
         $accessList = UserPermissions::getGUIPermissions($uid);
     }
     if (array_key_exists($modular, $accessList)) {
         return true;
     }
     return false;
 }
 /**
  * Removes users from the database
  *
  * @param userId The identifier of the user we are trying to remove
  */
 function deleteUser($userId)
 {
     // first, delete all of his/her permissions
     $perms = new UserPermissions();
     $perms->revokeUserPermissions($userId);
     $query = "DELETE FROM " . $this->getPrefix() . "users WHERE id = {$userId};";
     $result = $this->Execute($query);
     if (!$result) {
         return false;
     }
     if ($this->_db->Affected_Rows() == 0) {
         return false;
     }
     return true;
 }
if ($stmt = $mysqli->prepare("SELECT group_id FROM users\n        WHERE username = ?\n        LIMIT 1")) {
    $stmt->bind_param('s', $_SESSION['username']);
    $stmt->execute();
    // Execute the prepared query.
    $stmt->store_result();
    $stmt->bind_result($user_group);
    $stmt->fetch();
    //get the user's permissions
    if ($stmt = $mysqli->prepare("SELECT permissions FROM groups\n        WHERE id = ?\n        LIMIT 1")) {
        $stmt->bind_param('s', $user_group);
        $stmt->execute();
        // Execute the prepared query.
        $stmt->store_result();
        $stmt->bind_result($user_permissions);
        $stmt->fetch();
        $user_permission = new UserPermissions($user_permissions);
        //echo 'Permissions set';
    } else {
        echo 'Database or SQL error';
    }
} else {
    echo 'Database or SQL error';
}
//echo "Starting Tests...";
//run some tests
if ($user_group == 1) {
    //standard user
    //echo "for standard user";
    if (!$user_permission->hasPermission(UserPermissions::READ_ACCOUNT) == true) {
        echo "failed test 1";
    }
 /**
  * @private
  */
 function getUsersInfo()
 {
     if ($this->_usersInfo == null) {
         $userpermissions = new UserPermissions();
         $blogUsers = $userpermissions->getBlogUsers($this->getId());
         $this->setUsersInfo($blogUsers);
     }
     return $this->_usersInfo;
 }
Example #13
0
}
//
// check if the plugin has been enabled for this blog
//
$blogSettings = $blogInfo->getSettings();
$pluginEnabled = $blogSettings->getValue("plugin_moblog_enabled");
if (!$pluginEnabled) {
    $response = new MoblogResponse($request->getReplyTo(), "pLog Moblog: Error", "The plugin has not been enabled for this blog.");
    MoblogLogger::log("Plugin not enabled for blog " . $request->getBlogId());
    $response->send();
    return false;
}
//
// now check if the user has permissions over the blog
//
$userPermissions = new UserPermissions();
$userPerm = $userPermissions->getUserPermissions($userInfo->getId(), $blogInfo->getId());
if (!$userPerm) {
    $response = new MoblogResponse($request->getReplyTo(), "pLog Moblog: Error", "You have no permissions in the given blog.");
    MoblogLogger::log("User '" . $request->getUser() . "' has no permissions in blog " . $request->getBlogId());
    $response->send();
    return false;
}
//
// if everything's correct, then we can proceed to find if the category
// chosen by the user exists. Since there is no way to fetch a category by its name,
// we'll have to fetch them all and loop through them
//
$articleCategories = new ArticleCategories();
// load the category as defined in the plugin settings page
$categoryId = $blogSettings->getValue("plugin_moblog_article_category_id");
Example #14
0
 /**
  * Check if currently logged user has access to this route.
  *
  * @access   public
  * @param    array $aParams
  * @return   bool
  * @sicne    1.0.0-alpha
  * @version  1.0.0-alpha
  */
 public function hasAccess(array $aParams = [])
 {
     // check if access was verified previously
     if ($this->hasAccess !== NULL) {
         return $this->hasAccess;
     }
     // firstly, check required permissions
     foreach ($this->getPermissions() as $sPermission) {
         if (\UserPermissions::hasPerm($sPermission) === FALSE) {
             return $this->hasAccess = FALSE;
         }
     }
     // secondly, check access functions
     foreach ($this->getAccessFunctions() as $oFunction) {
         /* @var $oFunction \Closure */
         if ($oFunction($this, $aParams) === FALSE) {
             return $this->hasAccess = FALSE;
         }
     }
     // return TRUE = has access
     return $this->hasAccess = TRUE;
 }
 public function updatepermission($id)
 {
     if (ACL::checkUserPermission('user.permission') == false) {
         return Redirect::action('dashboard');
     }
     if (Input::has('permission')) {
         $permission = Input::get('permission');
         $userpermission = ACL::saveUserPermission($id, $permission);
     } else {
         UserPermissions::where('user_id', '=', $id)->delete();
     }
     $message = 'User Permission has been modified';
     return Redirect::action('')->with('success', $message);
 }
 /**
  * Removes a blog from the database. It also removes all its posts, its posts categories
  * its links, its links categories, its trackbacks and its comments
  *
  * @param blogId the id of the blog we'd like to delete
  */
 function deleteBlog($blogId)
 {
     // first of all, delete the posts
     $articles = new Articles();
     $articles->deleteBlogPosts($blogId);
     // next is to remove the article categories
     $articleCategories = new ArticleCategories();
     $articleCategories->deleteBlogCategories($blogId);
     // next, all the links and links categories
     $myLinks = new MyLinks();
     $myLinks->deleteBlogMyLinks($blogId);
     $myLinksCategories = new MyLinksCategories();
     $myLinksCategories->deleteBlogMyLinksCategories($blogId);
     // the permissions for the blog
     $perms = new UserPermissions();
     $perms->revokeBlogPermissions($blogId);
     // and finally, delete the blog
     $query = "DELETE FROM " . $this->getPrefix() . "blogs WHERE id = {$blogId}";
     $result = $this->Execute($query);
     return $result;
 }
Example #17
0
 /**
  * Method which can be used to overwrite of access checking operation..
  *
  * @access   protected
  * @throws   Exception\Fatal
  * @throws   Exception\Code403
  * @since    1.0.0-alpha
  * @version  1.0.0-alpha
  */
 protected function alterListAccess()
 {
     if (!$this->getModel() instanceof ModelCore) {
         throw new Exception\Fatal('Model of this backend site is not defined. Set `$sModel` variable in your backend controller.');
     }
     if (!\UserPermissions::hasPerm($this->getPermissionPrefix() . 'edit_own') && !\UserPermissions::hasPerm($this->getPermissionPrefix() . 'delete_own')) {
         throw new Exception\Code403(__('Permission denied.'));
     }
 }
Example #18
0
 /**
  * Fields config for backend.
  *
  * @access     public
  * @return     MConfig
  * @since      1.0.0
  * @version    2.1.0-dev
  */
 protected static function generateConfig()
 {
     # get all permissions list
     $aRoles = [];
     $aResult = DB::queryList('\\Model\\User\\Role')->execute();
     foreach ($aResult as $oRole) {
         /* @var $oRole User\Role */
         $aRoles[] = ['value' => $oRole->getId(), 'label' => $oRole->getName()];
     }
     # get config from parent
     $config = parent::generateConfig();
     # create fields
     $config->addField(FormField\Hidden::singleton('id')->setLabel(__('ID'))->setDisabled());
     $config->addField(FormFieldPassword::singleton('password')->setLabel(__('Password'))->addRulesSet(RulesSetBuilder\String::factory()->containNumbers(':value')->containText(':value')->containUppercase(':value')->containCustomCharacters(':value')));
     $config->addField(FormField\Text::singleton('login')->setLabel('Login')->addTipParagraph(__('This value can contain only letters, numbers and "-" or "_" characters.'))->setDisabled()->addRulesSet(RulesSetBuilder\String::factory()->onlyLettersNumsAndChars(':value', '\\-_', __('This value can contain only letters, numbers and "-" or "_" characters.')))->addRulesSet(RulesSetBuilder\Database::factory()->unique(':value', ':valuefrom:id', '\\Model\\User', 'login')));
     $config->addField(FormField\Text::singleton('email')->setLabel('E-mail')->setDisabled()->addRulesSet(RulesSetBuilder\String::factory()->email(':value'))->addRulesSet(RulesSetBuilder\Database::factory()->unique(':value', ':valuefrom:id', '\\Model\\User', 'email')));
     $config->addField(FormField\Text::singleton('firstname')->setLabel(__('Firstname'))->addRulesSet(RulesSetBuilder\String::factory()->onlyLetters(':value')));
     $config->addField(FormField\Text::singleton('lastname')->setLabel(__('Lastname'))->addRulesSet(RulesSetBuilder\String::factory()->onlyLetters(':value')));
     $config->addField(FormField\Text::singleton('nickname')->setLabel(__('Nickname')));
     $config->addField(FormField\ImageModel::singleton('image')->setBrokerModel('\\Model\\User\\Image')->setUploadPath('uploads/users/image')->setLabel(__('Image'))->addRulesSet(RulesSetBuilder\FileModel::factory()->allowedExt(':value', ['jpg', 'png', 'gif'])->maxSize(':value', 1024)));
     $config->addField(FormField\Text::singleton('city')->setLabel(__('City'))->addRulesSet(RulesSetBuilder\String::factory()->onlyLetters(':value')));
     $config->addField(FormField\Textarea::singleton('description')->setLabel(__('Description')));
     if (\UserPermissions::hasPerm('users_edit')) {
         $config->addField(CheckboxRelationFormField::singleton('roles')->setRelatedModelName('\\Model\\User\\Role')->setOptions($aRoles)->setLabel(__('Roles')));
     }
     $config->addFieldFormatter('registration_date', FieldFormatterDate::factory());
     $config->addFieldFormatter('login_date', FieldFormatterDate::factory());
     # return config
     return $config;
 }
Example #19
0
<?php

use Plethora\Route;
use Plethora\Router;
# home
Router::addRoute('home', '/');
# 404
Router::addRoute('err404', '/err404')->setController('Frontend\\Error404');
# cron
Router::addRoute('cron', '/cron/{token}')->setController('Cron');
# cron - clear temp directory
Router::addRoute('cron_clear_temp', '/cron_clear_temp')->setController('Cron')->setAction('ClearTemp');
# changelog
Router::addRoute('framework_changelog', '/fw/changelog')->setController('Base')->setAction('Changelog')->addDefault('package', 'Backend');
# backend
Router::addRoute('backend', '/a(/{controller}(/{action}(/{id}(/{extra}))))')->setController('Dashboard')->addParameterType('id', '[a-zA-Z0-9]+')->addParameterType('extra', '[a-zA-Z0-9]+')->addParameterType('controller', '[a-zA-Z0-9_]+')->addParameterType('action', '[a-zA-Z0-9_]+')->addDefault('package', 'Backend')->addDefault('css', 'backend')->addDefault('id', NULL)->addDefault('extra', NULL)->addAccessFunction(function (Route $oRoute, array $aParams = []) {
    $sClass = '\\Controller\\Backend\\' . str_replace('_', '\\', ucfirst($aParams['controller']));
    $sPrefix = call_user_func([$sClass, 'getPermissionPrefix']);
    $sPermission = $sPrefix . $aParams['action'];
    return UserPermissions::hasPerm($sPermission);
});
# AJAX
Router::addRoute('ajax', '/ajax(/{controller}(/{action}(/{id}(/{extra}))))')->setController('Dashboard')->addParameterType('id', '[a-zA-Z0-9]+')->addParameterType('extra', '[a-zA-Z0-9]+')->addParameterType('controller', '[a-zA-Z0-9_]+')->addParameterType('action', '[a-zA-Z0-9_]+')->addDefault('package', 'Ajax')->addDefault('css', 'backend')->addDefault('id', NULL)->addDefault('extra', NULL)->addAccessFunction(function (Route $oRoute, array $aParams = []) {
    $sClass = '\\Controller\\Backend\\' . str_replace('_', '\\', ucfirst($aParams['controller']));
    $sPrefix = call_user_func([$sClass, 'getPermissionPrefix']);
    $sPermission = $sPrefix . $aParams['action'];
    return UserPermissions::hasPerm($sPermission);
});
 /**
  * Carries out the specified action
  */
 function perform()
 {
     // fetch the values from the form which have already been validated
     $this->_blogName = Textfilter::filterAllHTML($this->_request->getValue("blogName"));
     $this->_blogLocale = $this->_request->getValue("blogLocale");
     $this->_blogTemplate = $this->_request->getValue("blogTemplate");
     $this->_blogOwner = $this->_request->getValue("blogOwner");
     $this->_editBlogId = $this->_request->getValue("blogId");
     $this->_blogTimeOffset = $this->_request->getValue("blogTimeOffset");
     $this->_blogProperties = $this->_request->getValue("properties");
     $this->_blogQuota = $this->_request->getValue("blogResourcesQuota");
     $this->_blogUsers = $this->_request->getValue("blogUsers");
     $this->_blogStatus = $this->_request->getValue("blogStatus");
     //print_r($_REQUEST);
     // get the blog we're trying to update
     $blogs = new Blogs();
     $blogInfo = $blogs->getBlogInfo($this->_editBlogId);
     if (!$blogInfo) {
         $this->_view = new AdminSiteBlogsListView($this->_blogInfo);
         $this->_view->setErrorMessage($this->_locale->tr("error_fetching_blog"));
         $this->setCommonData();
         return false;
     }
     $this->notifyEvent(EVENT_BLOG_LOADED, array("blog" => &$blogInfo));
     // make sure that the user we'd like to set as owner exists
     $users = new Users();
     $userInfo = $users->getUserInfoFromId($this->_blogOwner);
     if (!$userInfo) {
         $this->_view = new AdminSiteBlogsListView($this->_blogInfo);
         $this->_view->setErrorMessage($this->_locale->tr("error_incorrect_blog_owner"));
         $this->setCommonData();
         return false;
     }
     $this->notifyEvent(EVENT_USER_LOADED, array("user" => &$userInfo));
     // set the different settings
     $blogSettings = $blogInfo->getSettings();
     $blogSettings->setValue("locale", $this->_blogLocale);
     $blogSettings->setValue("template", $this->_blogTemplate);
     $blogSettings->setValue("time_offset", $this->_blogTimeOffset);
     $blogInfo->setSettings($blogSettings);
     $blogInfo->setResourcesQuota($this->_blogQuota);
     $blogInfo->setBlog($this->_blogName);
     $blogInfo->setProperties($this->_blogProperties);
     $blogInfo->setOwner($this->_blogOwner);
     $blogInfo->setStatus($this->_blogStatus);
     $blogInfo->setMangledBlog(Textfilter::urlize($blogInfo->getBlog()));
     $this->notifyEvent(EVENT_PRE_BLOG_UPDATE, array("blog" => &$blogInfo));
     if (!$blogs->updateBlog($blogInfo->getId(), $blogInfo)) {
         $this->_view = new AdminSiteBlogsListView($this->_blogInfo);
         $this->_view->setErrorMessage($this->_locale->pr("error_updating_blog_settings", $blogInfo->getBlog()));
         $this->setCommonData();
         return false;
     }
     // update the user permissions, even if they didn't change (but we have no way to
     // check that anyway!)
     $permissions = new UserPermissions();
     if (!$permissions->updateBlogUserPermissions($this->_editBlogId, $this->_blogUsers)) {
         $this->_view = new AdminSiteBlogsListView($this->_blogInfo);
         $this->_view->setErrorMessage($this->_locale->pr("error_updating_blog_settings", $blogInfo->getBlog()));
         $this->setCommonData();
         return false;
     }
     $this->notifyEvent(EVENT_POST_BLOG_UPDATE, array("blog" => &$blogInfo));
     // do it again, baby :)))
     if ($this->_blogInfo->getId() == $blogInfo->getId()) {
         $this->_blogInfo->setSettings($blogSettings);
         $blogInfo->setProperties($this->_blogProperties);
         $this->_session->setValue("blogInfo", $this->_blogInfo);
         $this->saveSession();
     }
     // if everything went fine, we can show a nice message
     $this->_view = new AdminSiteBlogsListView($this->_blogInfo);
     $this->_view->setSuccessMessage($this->_locale->pr("edit_blog_settings_updated_ok", $blogInfo->getBlog()));
     $this->setCommonData();
     // clear the cache
     CacheControl::resetBlogCache($blogInfo->getId());
     // better to return true if everything fine
     return true;
 }
Example #21
0
 /**
  * Create response for particular Controller.
  *
  * @access   public
  * @param    View $oContent
  * @return   Response
  * @since    1.0.0-alpha
  * @version  1.0.0-alpha
  */
 public function createResponse(View $oContent = NULL)
 {
     if (is_null($oContent)) {
         $oContent = $this->{Router::getActionName()}();
         $this->afterAction();
     }
     $sContent = '';
     if ($oContent !== NULL) {
         $this->oView->bind('oContent', $oContent);
         // developers toolbar - CSS
         if (Router::hasModule('dev_toolbar') && \UserPermissions::hasPerm('dev_toolbar')) {
             $this->addJs('/themes/_common/js/dev_toolbar.js');
             $this->addCss('/themes/backend/css/dev_toolbar.css');
             $this->addBodyClass('dev_toolbar');
         }
         // render page View
         $sContent = $this->oViewMain->render();
         // add last benchmark
         Benchmark::mark('end');
         // developers toolbar
         if (Router::hasModule('dev_toolbar') && \UserPermissions::hasPerm('dev_toolbar')) {
             $sToolbar = \DevToolbar\Toolbar::factory()->render();
             $sContent = str_replace('</body>', $sToolbar . '</body>', $sContent);
         }
     }
     // create response
     $oResponse = new Response();
     $oResponse->setContent($sContent);
     // clear temp data after response creation
     Session::clearTempData();
     // return response
     return $oResponse;
 }
Example #22
0
 /**
  * Save User Permission into acl_user_permissions
  */
 public static function saveUserPermission($userId, $data = array())
 {
     UserPermissions::where('user_id', '=', $userId)->delete();
     foreach ($data as $key => $val) {
         if ($val != "" || $val != null) {
             $userpermission = new UserPermissions();
             $userpermission->user_id = $userId;
             $userpermission->permission_id = $key;
             $userpermission->value = $val;
             $userpermission->date_created = new DateTime();
             $userpermission->save();
         }
     }
 }
 public function actionGrandpermission($id)
 {
     $model = $this->loadModeluser($id);
     $permission = Permission::model()->findAll();
     $grand = UserPermissions::model()->findAll("userid = :uid", array(":uid" => $model->id));
     $arr = array();
     foreach ($grand as $allow) {
         array_push($arr, $allow->permission_id);
     }
     if (isset($_POST['permission'])) {
         $collect = $_POST["permission"];
         UserPermissions::model()->deleteAll("userid = :uid", array(":uid" => $model->id));
         foreach ($collect as $item) {
             $up = new UserPermissions();
             $up->userid = $model->id;
             $up->permission_id = $item;
             $up->save();
         }
         $this->redirect("/adminuser");
     }
     $this->render('grandpermission', array('model' => $model, 'permission' => $permission, 'grand' => $arr));
 }