Example #1
0
 /**
  * @param Delete $delete
  * @return mixed
  * @throws Exception\RuntimeException
  * @throws \Directus\Acl\Exception\UnauthorizedTableBigDeleteException
  * @throws \Directus\Acl\Exception\UnauthorizedTableDeleteException
  */
 protected function executeDelete(Delete $delete)
 {
     $cuurrentUserId = null;
     if (Auth::loggedIn()) {
         $currentUser = Auth::getUserInfo();
         $currentUserId = intval($currentUser['id']);
     }
     $deleteState = $delete->getRawState();
     $deleteTable = $this->getRawTableNameFromQueryStateTable($deleteState['table']);
     $cmsOwnerColumn = $this->acl->getCmsOwnerColumnByTable($deleteTable);
     $canBigHardDelete = $this->acl->hasTablePrivilege($deleteTable, 'bigharddelete');
     $canHardDelete = $this->acl->hasTablePrivilege($deleteTable, 'harddelete');
     $aclErrorPrefix = $this->acl->getErrorMessagePrefix();
     // Is this table a junction table?
     $deleteTableSchema = TableSchema::getTable($deleteTable);
     $isDeleteTableAJunction = array_key_exists('is_junction_table', $deleteTableSchema) ? (bool) $deleteTableSchema['is_junction_table'] : false;
     if ($isDeleteTableAJunction || !TableSchema::hasTableColumn($deleteTable, STATUS_COLUMN_NAME)) {
         if ($this->acl->hasTablePrivilege($deleteTable, 'bigdelete')) {
             $canBigHardDelete = true;
         } else {
             if ($this->acl->hasTablePrivilege($deleteTable, 'delete')) {
                 $canHardDelete = true;
             }
         }
     }
     // @todo: clean way
     if ($deleteTable === 'directus_bookmarks') {
         $canBigHardDelete = true;
     }
     /**
      * ACL Enforcement
      */
     if (!$canBigHardDelete && !$canHardDelete) {
         throw new UnauthorizedTableBigDeleteException($aclErrorPrefix . "BigHardDelete/HardDelete access forbidden on table `{$deleteTable}`.");
     }
     if (false === $cmsOwnerColumn) {
         // cannot delete if there's no magic owner column and can't big delete
         if (!$canBigHardDelete) {
             // All deletes are "big" deletes if there is no magic owner column.
             throw new UnauthorizedTableBigDeleteException($aclErrorPrefix . "The table `{$deleteTable}` is missing the `user_create_column` within `directus_tables` (BigHardDelete Permission Forbidden)");
         }
     } else {
         if (!$canBigHardDelete) {
             // Who are the owners of these rows?
             list($predicateResultQty, $predicateOwnerIds) = $this->acl->getCmsOwnerIdsByTableGatewayAndPredicate($this, $deleteState['where']);
             if (in_array($currentUserId, $predicateOwnerIds)) {
                 $exceptionMessage = "Table harddelete access forbidden on {$predicateResultQty} `{$deleteTable}` table records owned by the authenticated CMS user (#{$currentUserId}).";
                 $aclErrorPrefix = $this->acl->getErrorMessagePrefix();
                 throw new UnauthorizedTableDeleteException($aclErrorPrefix . $exceptionMessage);
             }
         }
     }
     try {
         return parent::executeDelete($delete);
     } catch (\Zend\Db\Adapter\Exception\InvalidQueryException $e) {
         if ('production' !== DIRECTUS_ENV) {
             throw new \RuntimeException("This query failed: " . $this->dumpSql($delete), 0, $e);
         }
         // @todo send developer warning
         throw $e;
     }
 }
Example #2
0
 public function drop($tableName = null)
 {
     if ($tableName == null) {
         $tableName = $this->table;
     }
     if (!TableSchema::getTable($tableName)) {
         return false;
     }
     // get drop table query
     $sql = new Sql($this->adapter);
     $drop = new Ddl\DropTable($tableName);
     $query = $sql->getSqlStringForSqlObject($drop);
     $this->runHook('table.drop:before', [$tableName]);
     $dropped = $this->adapter->query($query)->execute();
     if (!$dropped) {
         return false;
     }
     $this->runHook('table.drop', [$tableName]);
     $this->runHook('table.drop:after', [$tableName]);
     // remove table privileges
     if ($tableName != 'directus_privileges') {
         $privilegesTableGateway = new TableGateway('directus_privileges', $this->adapter);
         $privilegesTableGateway->delete(['table_name' => $tableName]);
     }
     // remove column from directus_tables
     $tablesTableGateway = new TableGateway('directus_tables', $this->adapter);
     $tablesTableGateway->delete(['table_name' => $tableName]);
     // remove column from directus_preferences
     $preferencesTableGateway = new TableGateway('directus_preferences', $this->adapter);
     $preferencesTableGateway->delete(['table_name' => $tableName]);
     return $dropped;
 }
Example #3
0
            $TableGateway->update($table_settings, array('table_name' => $table));
        } else {
            $TableGateway->insert($table_settings);
        }
        $column_settings = array();
        foreach ($data['columns'] as $col) {
            $columnData = array('table_name' => $table, 'column_name' => $col['column_name'], 'ui' => $col['ui'], 'hidden_input' => $col['hidden_input'], 'required' => $col['required'], 'master' => $col['master'], 'sort' => array_key_exists('sort', $col) ? $col['sort'] : 99999, 'comment' => array_key_exists('comment', $col) ? $col['comment'] : '');
            $existing = $ColumnsTableGateway->select(array('table_name' => $table, 'column_name' => $col['column_name']))->toArray();
            if (count($existing) > 0) {
                $columnData['id'] = $existing[0]['id'];
            }
            array_push($column_settings, $columnData);
        }
        $ColumnsTableGateway->updateCollection($column_settings);
    }
    $response = TableSchema::getTable($table);
    JsonView::render($response);
})->via('GET', 'PUT')->name('table_meta');
/**
 * UPLOAD COLLECTION
 */
$app->post("/{$v}/upload/?", function () use($params, $requestPayload, $app, $acl, $ZendDb) {
    // $Transfer = new Files\Transfer();
    // $Storage = new Files\Storage\Storage();
    $Files = new Directus\Files\Files();
    $result = [];
    foreach ($_FILES as $file) {
        $result[] = $Files->upload($file);
    }
    JsonView::render($result);
});
Example #4
0
 public function drop($tableName = null)
 {
     if ($tableName == null) {
         $tableName = $this->table;
     }
     if (!\Directus\Db\TableSchema::getTable($tableName)) {
         return false;
     }
     if (!$this->acl->hasTablePrivilege($tableName, 'alter')) {
         $aclErrorPrefix = $this->acl->getErrorMessagePrefix();
         throw new UnauthorizedTableAddException($aclErrorPrefix . 'Table alter access forbidden on table ' . $tableName);
     }
     // get drop table query
     $sql = new Sql($this->adapter);
     $drop = new Ddl\DropTable($tableName);
     $query = $sql->getSqlStringForSqlObject($drop);
     $this->emitter->run('table.drop:before', [$tableName]);
     $dropped = $this->adapter->query($query)->execute();
     if (!$dropped) {
         return false;
     }
     $this->emitter->run('table.drop', [$tableName]);
     $this->emitter->run('table.drop:after', [$tableName]);
     // remove table privileges
     if ($tableName != 'directus_privileges') {
         $privilegesTableGateway = new TableGateway('directus_privileges', $this->adapter);
         $privilegesTableGateway->delete(['table_name' => $tableName]);
     }
     // remove column from directus_tables
     $tablesTableGateway = new TableGateway('directus_tables', $this->adapter);
     $tablesTableGateway->delete(['table_name' => $tableName]);
     // remove column from directus_preferences
     $preferencesTableGateway = new TableGateway('directus_preferences', $this->adapter);
     $preferencesTableGateway->delete(['table_name' => $tableName]);
     return $dropped;
 }