public function executeUpload(sfWebRequest $request)
{
$language = LanguageTable::getInstance()->find($request->getParameter('id'));
/* @var $language Language */
if (!$language) {
return $this->notFound();
}
if ($request->getPostParameter('csrf_token') == UtilCSRF::gen('language_upload', $language->getId())) {
$this->ajax()->setAlertTarget('#upload', 'append');
$file = $request->getFiles('file');
if ($file && $file['tmp_name']) {
$parser = new sfMessageSource_XLIFF();
if ($parser->loadData($file['tmp_name'])) {
$dir = dirname($language->i18nFileWidget());
if (!file_exists($dir)) {
mkdir($dir);
}
move_uploaded_file($file['tmp_name'], $language->i18nFileWidget());
$language->i18nCacheWidgetClear();
return $this->ajax()->alert('Language file updated.', '', null, null, false, 'success')->render(true);
}
return $this->ajax()->alert('File invalid.', '', null, null, false, 'error')->render(true);
}
return $this->ajax()->alert('Upload failed.', '', null, null, false, 'error')->render(true);
}
return $this->notFound();
}
public function executeMembers()
{
$this->petition_rights_list = PetitionRightsTable::getInstance()->queryByPetition($this->petition)->execute();
$this->admin = $this->petition->isMemberEditable($this->getGuardUser());
if (isset($this->no_admin) && $this->no_admin) {
$this->admin = false;
}
$this->csrf_token = UtilCSRF::gen('action_members');
$this->become_admin = !$this->getGuardUser()->isPetitionAdmin($this->petition) && $this->petition->getCampaign()->getBecomePetitionAdmin();
if ($this->become_admin) {
$this->csrf_token_admin = UtilCSRF::gen('action_join_admin');
}
}
public function executeList()
{
$page = isset($this->page) ? $this->page : 1;
if (isset($this->petition)) {
$this->form = new FilterWidgetForm();
$this->form->bindSelf('p' . $this->petition->getId());
$this->widgets = new policatPager(WidgetTable::getInstance()->queryByPetition($this->petition), $page, 'widget_pager_petition', array('id' => $this->petition->getId()), true, 20, $this->form);
} else {
$this->form = new FilterWidgetForm(array(), array(FilterWidgetForm::WITH_CAMPAIGN => true, FilterWidgetForm::USER => $this->getGuardUser()));
$this->form->bindSelf('all');
$this->widgets = new policatPager(WidgetTable::getInstance()->queryByUser($this->getGuardUser()), $page, 'widget_pager', array(), true, 20, $this->form);
}
$this->csrf_token = UtilCSRF::gen('widget_data_owner');
$this->csrf_token_revoke = UtilCSRF::gen('widget_revoke_data_owner');
}
function executeTodo()
{
$page = isset($this->page) ? $this->page : 1;
$user = $this->getGuardUser();
if ($user) {
$query = TicketTable::getInstance()->queryForUser($this->getGuardUser(), array(TicketTable::STATUS_NEW, TicketTable::STATUS_READ));
if (isset($this->campaign_id)) {
$query->andWhere($query->getRootAlias() . '.campaign_id = ?', $this->campaign_id);
}
if (isset($this->petition_id)) {
$query->andWhere($query->getRootAlias() . '.petition_id = ?', $this->petition_id);
}
$this->tickets = new policatPager($query, $page, 'ticket_todo', array(), true, 10);
$this->csrf_token = UtilCSRF::gen('tickets');
}
}
public function executeView(sfWebRequest $request)
{
$ticket = TicketTable::getInstance()->find($request->getParameter('id'));
if (!$ticket) {
return $this->notFound();
}
if (!$this->hasTicketRight($ticket)) {
return $this->ajax()->alert('You have no rights to handle this ticket.', 'Error', '#todo', 'append')->render();
}
$csrf_token = in_array($ticket->getStatus(), array(TicketTable::STATUS_APPROVED, TicketTable::STATUS_DENIED)) ? null : UtilCSRF::gen('tickets');
return $this->ajax()->appendPartial('body', 'view', array('ticket' => $ticket, 'csrf_token' => $csrf_token, 'campaign_id' => $request->getGetParameter('campaign_id'), 'petition_id' => $request->getGetParameter('petition_id')))->modal('#ticket_view_modal')->render();
}
public function executeUndelete(sfWebRequest $request)
{
$id = $request->getParameter('id');
if (is_numeric($id)) {
$campaign = CampaignTable::getInstance()->findById($id, true);
/* @var $campaign Campaign */
if (!$campaign) {
return $this->notFound('xx');
}
}
$csrf_token = UtilCSRF::gen('undelete_campaign', $campaign->getId());
if ($request->isMethod('post')) {
if ($request->getPostParameter('csrf_token') != $csrf_token) {
return $this->ajax()->alert('CSRF Attack detected, please relogin.', 'Error', '#campaign_undelete_modal .modal-body')->render();
}
$campaign->setStatus(CampaignTable::STATUS_ACTIVE);
$campaign->save();
return $this->ajax()->redirectRotue('campaign_edit_', array('id' => $campaign->getId()))->render();
}
return $this->ajax()->appendPartial('body', 'undelete', array('id' => $id, 'name' => $campaign->getName(), 'csrf_token' => $csrf_token))->modal('#campaign_undelete_modal')->render();
}
public function executeWidgetval(sfWebRequest $request)
{
if ($request->hasParameter('code')) {
$idcode = $request->getParameter('code');
if (is_string($idcode)) {
$idcode = explode('-', trim($idcode));
}
if (is_array($idcode) && count($idcode) === 2) {
list($id, $code) = $idcode;
$id = ltrim($id, '0 ');
$widget = Doctrine_Core::getTable('Widget')->createQuery('w')->where('w.id = ?', $id)->leftJoin('w.PetitionText pt')->select('w.*, pt.id, pt.language_id')->fetchOne();
/* @var $widget Widget */
if (!empty($widget)) {
// $this->lang = $widget->getPetitionText()->getLanguageId();
// $this->getContext()->getI18N()->setCulture($this->lang);
// $this->getUser()->setCulture($this->lang);
if ($code === $widget->getValidationData()) {
$this->idcode = $id . '-' . $code;
$this->id = $widget->getId();
if ($widget->getValidationStatus() == Widget::VALIDATION_STATUS_PENDING) {
$widget->setValidationStatus(Widget::VALIDATION_STATUS_VERIFIED);
$widget->save();
}
if ($this->getUser()->isAuthenticated()) {
if ($widget->getValidationStatus() != Widget::VALIDATION_STATUS_OWNER) {
$this->csrf_token = UtilCSRF::gen('widgetval');
if ($request->isMethod('post')) {
if ($request->getPostParameter('csrf_token') != $this->csrf_token) {
return $this->ajax()->alert('CSRF Attack detected, please relogin.', 'Error')->render();
}
$widget->setUser($this->getGuardUser());
$widget->setValidationStatus(Widget::VALIDATION_STATUS_OWNER);
$widget->save();
return $this->ajax()->addClass('#connect a', 'disabled')->afterPartial('#connect', 'widget_link', array('id' => $widget->getId()))->alert('Successfully connected.', '', '#connect', 'after', false, 'success')->render();
}
}
} else {
$storage = sfContext::getInstance()->getStorage();
if ($storage instanceof policatSessionStorage) {
$storage->needSession();
}
$this->getUser()->setAttribute(myUser::SESSION_WIDGETVAL_IDCODE, $this->idcode);
$this->getUser()->setAttribute(myUser::SESSION_WIDGETVAL_ON, 0);
}
}
}
}
}
}
public function executeTruncate(sfWebRequest $request)
{
$target_list = $this->findTargetList();
/* @var $target_list MailingList */
if (!$target_list) {
return $this->notFound();
}
if (!$this->getGuardUser()->isTargetListMember($target_list, true)) {
return $this->noAccess();
}
$csrf_token = UtilCSRF::gen('truncate_target_list', $target_list->getId(), $this->getUser()->getUserId());
if ($request->isMethod('post')) {
if ($request->getPostParameter('csrf_token') != $csrf_token) {
return $this->ajax()->alert('CSRF Attack detected, please relogin.', 'Error', '#contact_truncate_modal .modal-body')->render();
}
$id = $target_list->getId();
$target_list->getContact()->delete();
return $this->ajax()->remove('#contacts table tbody tr')->modal('#contact_truncate_modal', 'hide')->render();
}
return $this->ajax()->appendPartial('body', 'truncate', array('id' => $target_list->getId(), 'name' => $target_list->getName(), 'csrf_token' => $csrf_token))->modal('#contact_truncate_modal')->render();
}
public function executeEditMembers(sfWebRequest $request)
{
$this->ajax()->setAlertTarget('#petition_members', 'after');
$petition = PetitionTable::getInstance()->findById($request->getParameter('id'), $this->userIsAdmin());
/* @var $petition Petition */
if (!$petition) {
return $this->ajax()->alert('Action not found', 'Error')->render();
}
if (!$petition->isMemberEditable($this->getGuardUser())) {
return $this->ajax()->alert('You are not admin', 'Error')->render();
}
if ($request->getPostParameter('csrf_token') !== UtilCSRF::gen('action_members')) {
return $this->ajax()->alert('CSRF Attack detected, please relogin.', 'Error')->render();
}
$ids = $request->getPostParameter('ids');
$method = $request->getPostParameter('method');
if (!in_array($method, array('block', 'member', 'admin'))) {
return $this->ajax()->alert('Something is wrong.', 'Error')->render();
}
$self = false;
if (is_array($ids)) {
foreach (PetitionRightsTable::getInstance()->queryByPetitionAndUsers($petition->getId(), $ids)->execute() as $petition_rights) {
/* @var $petition_rights PetitionRights */
if ($this->isSelfUser($petition_rights->getUserId())) {
$self = true;
continue;
}
if ($method === 'block') {
$petition_rights->setActive(0);
} elseif ($method === 'member') {
$petition_rights->setActive(1);
$petition_rights->setMember(1);
$petition_rights->setAdmin(0);
} elseif ($method === 'admin') {
$petition_rights->setActive(1);
$petition_rights->setMember(1);
$petition_rights->setAdmin(1);
}
$petition_rights->save();
}
}
$this->ajax()->replaceWithComponent('#petition_members', 'd_action', 'members', array('petition' => $petition));
if ($self) {
$this->ajax()->alert('You can not edit yourself.', 'Error');
}
return $this->ajax()->render();
}
public function executeMembers()
{
$this->campaign_rights_list = CampaignRightsTable::getInstance()->queryByCampaign($this->campaign)->execute();
$this->admin = $this->getGuardUser()->isCampaignAdmin($this->campaign);
$this->csrf_token = UtilCSRF::gen('revoke', $this->campaign->getId());
}
public function executeMembers()
{
$this->target_list_rights_list = TargetListRightsTable::getInstance()->queryByTargetList($this->target_list)->execute();
$this->admin = $this->getGuardUser()->isCampaignAdmin($this->target_list->getCampaign());
$this->csrf_token = UtilCSRF::gen('target_list_members');
}
public function executeUnblock(sfWebRequest $request)
{
$id = $request->getParameter('id');
if (is_numeric($id)) {
$user = sfGuardUserTable::getInstance()->find($id);
/* @var $user sfGuardUser */
if (!$user) {
return $this->notFound();
}
}
$csrf_token = UtilCSRF::gen('unblock_user', $user->getId());
if ($request->isMethod('post')) {
if ($request->getPostParameter('csrf_token') != $csrf_token) {
return $this->ajax()->alert('CSRF Attack detected, please relogin.', 'Error', '#user_unblock_modal .modal-body')->render();
}
if (!$user->hasPermission(myUser::CREDENTIAL_USER)) {
$user->addPermissionByName(myUser::CREDENTIAL_USER);
}
$user->state(Doctrine_Record::STATE_DIRTY);
$user->save();
return $this->ajax()->redirectRotue('user_idx')->render();
}
return $this->ajax()->appendPartial('body', 'unblock', array('id' => $id, 'name' => $user->getFullName(), 'csrf_token' => $csrf_token))->modal('#user_unblock_modal')->render();
}
public function executeDelete(sfWebRequest $request)
{
$id = $request->getParameter('id');
$signing = PetitionSigningTable::getInstance()->find($id);
/* @var $signing PetitionSigning */
if (!$signing) {
return $this->notFound();
}
$user_id = $this->getUser()->getUserId();
if (!$user_id || $user_id != $signing->getPetition()->getCampaign()->getDataOwnerId()) {
return $this->notFound();
}
$csrf_token = UtilCSRF::gen('delete_signing', $signing->getId(), $user_id);
if ($request->isMethod('post')) {
if ($request->getPostParameter('csrf_token') != $csrf_token) {
return $this->ajax()->alert('CSRF Attack detected, please relogin.', 'Error', '#signing_delete_modal .modal-body')->render();
}
$signing->delete();
return $this->ajax()->remove('#signing_row_' . $id)->modal('#signing_delete_modal', 'hide')->render();
}
return $this->ajax()->appendPartial('body', 'delete', array('id' => $id, 'name' => $signing->getComputedName(), 'csrf_token' => $csrf_token))->modal('#signing_delete_modal')->render();
}
