public function addSessionScripts() { $response = $this->pageStack->getPageResponse(); $session = array(); $session['userId'] = null; $session['lang'] = 'en'; if ($this->pageStack->getSession() && $this->pageStack->getSession()->has('admin_language')) { $session['lang'] = $this->pageStack->getSession()->get('admin_language'); } $session['access'] = $this->acl->check(ACLRequest::create('jarves/entryPoint', ['path' => '/admin'])); if ($this->pageStack->isLoggedIn()) { $user = $this->pageStack->getUser(); $session['userId'] = $user->getId(); $session['username'] = $user->getUsername(); $session['lastLogin'] = $user->getLastLogin(); $session['firstName'] = $user->getFirstName(); $session['lastName'] = $user->getLastName(); // $email = $user->getEmail(); // $session['emailMd5'] = $email ? md5(strtolower(trim($email))) : null; $session['imagePath'] = $user->getImagePath(); } $session['token'] = get_class($this->pageStack->getToken()); $css = 'window._session = ' . json_encode($session) . ';'; $response->addJs($css); }
public function checkPageAccess(Node $page) { /** @var Node $oriPage */ $oriPage = $page; if ($page->getAccessFrom() > 0 && $page->getAccessFrom() > time()) { $page = false; } if ($page->getAccessTo() > 0 && $page->getAccessTo() < time()) { $page = false; } if ($page->getAccessFromGroups() != '') { $access = false; $groups = ',' . $page->getAccessFromGroups() . ","; //eg ,2,4,5, $cgroups = null; if ($page['access_need_via'] == 0) { //we need to move this to a extra listener // $cgroups =& $this->getJarves()->getClient()->getUser()->getGroups(); } else { // $htuser = $this->getJarves()->getClient()->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']); // // if ($htuser['id'] > 0) { // $cgroups =& $htuser['groups']; // } } if ($cgroups) { foreach ($cgroups as $group) { if (strpos($groups, "," . $group['group_id'] . ",") !== false) { $access = true; } } } if (!$access) { //maybe we have access through the backend auth? if ($this->pageStack->isLoggedIn()) { foreach ($this->pageStack->getUser()->getGroupIdsArray() as $groupId) { if (false !== strpos($groups, "," . $groupId . ",")) { $access = true; break; } } } } if (!$access) { $page = false; } } if (!$page && ($to = $oriPage->getAccessRedirectTo())) { if (intval($to) > 0) { $to = $this->pageStack->getNodeUrl($to); } return new RedirectResponse($to); } // // if (!$page && $oriPage->getAccessNeedVia() == 1) { // $response = new Response('', 404); // // return $response; // } }
/** * @return LogRequest */ public function getLogRequest() { if (!$this->logRequest && $this->pageStack->getRequest()) { $this->logRequest = new LogRequest(); $this->logRequest->setId(md5(mt_rand() . ':' . uniqid())); $this->logRequest->setDate(microtime(true)); $this->logRequest->setIp($this->pageStack->getRequest()->getClientIp()); $this->logRequest->setPath(substr($this->pageStack->getRequest()->getPathInfo(), 0, 254)); $this->logRequest->setUsername($this->pageStack->getUser() instanceof UserInterface ? $this->pageStack->getUser()->getUsername() : 'Guest'); } return $this->logRequest; }
/** * Filters $contents and returns only $content items which have valid access. (is visible, accessible by current user etc) * * @param Content[] $contents * * @return array */ protected function filterContentsForAccess($contents) { $filteredContents = []; foreach ($contents as $content) { $access = true; if (is_string($content)) { $filteredContents[] = $content; continue; } if ($content->getAccessFrom() + 0 > 0 && $content->getAccessFrom() > time() || $content->getAccessTo() + 0 > 0 && $content->getAccessTo() < time()) { $access = false; } if ($content->getHide()) { $access = false; } if ($access && $content->getAccessFromGroups()) { $access = false; $groups = ',' . $content->getAccessFromGroups() . ','; $userGroups = $this->pageStack->getUser()->getUserGroups(); foreach ($userGroups as $group) { if (strpos($groups, ',' . $group->getGroupId() . ',') !== false) { $access = true; break; } } if (!$access) { $adminGroups = $this->pageStack->getUser()->getUserGroups(); foreach ($adminGroups as $group) { if (strpos($groups, ',' . $group->getGroupId() . ',') !== false) { $access = true; break; } } } } if ($access) { $filteredContents[] = $content; } } return $filteredContents; }
/** * Adds a new news-feed entry. If not message (means null) is passed we generate a diff. * * @param Objects $repo * @param string $objectKey * @param array $item * @param string $verb * @param string|null $message * @throws \Propel\Runtime\Exception\PropelException */ public function newNewsFeed(Objects $repo, $objectKey, $item, $verb, $message = null) { $definition = $repo->getDefinition($objectKey); $itemLabel = ''; if ($labelField = $definition->getLabelField()) { $itemLabel = $item[$labelField]; } if (!$itemLabel) { $pks = $definition->getPrimaryKeys(); $itemLabel = '#' . $item[$pks[0]->getId()]; } $username = '******'; $userId = 0; if ($user = $this->pageStack->getUser()) { $userId = $user->getId(); if ($user->getFirstName() || $user->getLastName()) { $username = $user->getFirstName(); if ($username) { $username .= ' '; } $username .= $user->getLastName(); } else { $username = $user->getUsername(); } } $newsFeed = new \Jarves\Model\NewsFeed(); $newsFeed->setUsername($username); $newsFeed->setUserId($userId); $newsFeed->setVerb($verb); $newsFeed->setTargetObject($objectKey); $newsFeed->setTargetPk($repo->getObjectUrlId($objectKey, $item)); $newsFeed->setTargetLabel($itemLabel); $newsFeed->setCreated(time()); $newsFeed->setMessage(null === $message ? $this->generateDiff($repo, $objectKey, $item) : $message); $newsFeed->save(); }
/** * @param ACLRequest $aclRequest * * @return bool */ public function check(ACLRequest $aclRequest) { $objectKey = Objects::normalizeObjectKey($aclRequest->getObjectKey()); $targetType = $aclRequest->getTargetType(); $targetId = $aclRequest->getTargetId(); $pk = $aclRequest->getPrimaryKey(); $field = $aclRequest->getField(); $pk = $this->objects->normalizePkString($objectKey, $pk); if (ACL::TARGET_TYPE_USER === $targetType && null === $targetId) { //0 means guest $targetId = $this->pageStack->getUser() ? $this->pageStack->getUser()->getId() : 0; } $user = $this->pageStack->getUser(); if ($user) { $groupIds = $user->getGroupIds(); if (false !== strpos(',' . $groupIds . ',', ',1,')) { //user is in the admin group, so he has always access. return true; } } if (ACL::TARGET_TYPE_USER === $targetType && 1 === $targetId) { //user admin has always access return true; } if (ACL::TARGET_TYPE_GROUP === $targetType && 1 === $targetId) { //group admin has always access return true; } if (0 === $targetId) { //guests do always have no access return false; } if (ACL::TARGET_TYPE_GROUP === $targetType && !$targetId) { throw new \InvalidArgumentException('For type TARGET_TYPE_GROUP a targetId is required.'); } $cacheKey = null; if ($pk && $this->getCaching()) { $pkString = $this->objects->getObjectUrlId($objectKey, $pk); $cacheKey = md5($targetType . '.' . $targetId . '.' . $objectKey . '/' . $pkString . '/' . json_encode($field)); $cached = $this->cacher->getDistributedCache('core/acl/' . $cacheKey); if (null !== $cached) { return $cached; } } $rules = self::getRules($objectKey, $aclRequest->getMode(), $targetType, $targetId); if (count($rules) === 0) { //no rules found, so we have no access return false; } $access = null; $currentObjectPk = $pk; $definition = $this->objects->getDefinition($objectKey); $not_found = true; //starts directly as if we were in the parent checking. $parent_acl = $aclRequest->isAsParent(); $fCount = null; $fKey = null; $fValue = null; $fIsArray = is_array($field); if ($fIsArray) { $fCount = count($field); $fKey = key($field); $fValue = current($field); if (is_int($fKey)) { $fKey = $fValue; $fValue = null; } } $depth = 0; $match = false; $originObjectItemPk = $currentObjectPk; while ($not_found) { $currentObjectPkString = null; if ($currentObjectPk) { $currentObjectPkString = $this->objects->getObjectUrlId($objectKey, $currentObjectPk); } $depth++; if ($depth > 50) { $not_found = false; break; } foreach ($rules as $aclRule) { if ($parent_acl && !$aclRule['sub']) { //as soon we enter the parent_acl mode we only take acl rules into consideration //that are also valid for children (sub=true) continue; } $match = false; /* * CUSTOM CONSTRAINT */ if ($aclRule['constraint_type'] === ACL::CONSTRAINT_CONDITION) { $objectItem = null; if ($originObjectItemPk === $currentObjectPk && null !== $aclRequest->getPrimaryObjectItem()) { $objectItem = $aclRequest->getPrimaryObjectItem(); } else { if ($originObjectItemPk) { $objectItem = $this->objects->get($objectKey, $currentObjectPk); } } if ($objectItem && $this->conditionOperator->satisfy($aclRule['constraint_code'], $objectItem, $objectKey)) { $match = true; } /* * EXACT */ } else { if ($aclRule['constraint_type'] === ACL::CONSTRAINT_EXACT) { if ($currentObjectPk && $aclRule['constraint_code'] === $currentObjectPkString) { $match = true; } /** * ALL */ } else { $match = true; } } if (!$match && $aclRule['sub'] && $currentObjectPk) { // we need to check if a parent matches this $acl as we have sub=true $parentItem = $this->objects->normalizePkString($objectKey, $currentObjectPk); $parentCondition = Condition::create($aclRule['constraint_code']); $parentOptions['fields'] = $this->conditionOperator->extractFields($parentCondition); while ($parentItem = $this->objects->getParent($objectKey, $this->objects->getObjectPk($objectKey, $parentItem), $parentOptions)) { if ($aclRule['constraint_type'] === ACL::CONSTRAINT_CONDITION && $this->conditionOperator->satisfy($parentCondition, $parentItem)) { $match = true; break; } else { if ($aclRule['constraint_type'] === ACL::CONSTRAINT_EXACT && $aclRule['constraint_code'] === $this->objects->getObjectUrlId($objectKey, $parentItem)) { $match = true; break; } } } } if ($match) { //match, check all $field $field2Key = $field; if ($field) { if ($fIsArray && $fCount === 1) { if (is_string($fKey) && is_array($aclRule['fields'][$fKey])) { //this field has limits if (($field2Acl = $aclRule['fields'][$fKey]) !== null) { if (is_array($field2Acl[0])) { //complex field rule, $field2Acl = ([{access: no, condition: [['id', '>', 2], ..]}, {}, ..]) foreach ($field2Acl as $fRule) { $satisfy = false; if (($f = $definition->getField($fKey)) && $f->getType() === 'object') { $uri = $f->getObject() . '/' . $fValue; $uriObject = $this->objects->getFromUrl($uri); $satisfy = $this->conditionOperator->satisfy($fRule['condition'], $uriObject); } else { if (null !== $fValue) { $satisfy = $this->conditionOperator->satisfy($fRule['condition'], $field); } } if ($satisfy) { return $fRule['access'] === 1 ? true : false; } } //if no field rules fits, we consider the whole rule if ($aclRule['access'] !== 2) { return $aclRule['access'] === 1 ? true : false; } } else { //simple field rule $field2Acl = ({"value1": yes, "value2": no} if ($field2Acl[$fKey] !== null) { return $field2Acl[$fKey] === 1 ? true : false; } else { //current($field) is not exactly defined in $field2Acl, so we set $access to $acl['access'] // //if access = 2 then wo do not know it, cause 2 means 'inherited', so maybe //a other rule has more detailed rule if ($aclRule['access'] !== 2) { $access = $aclRule['access'] === 1 ? true : false; break; } } } } } else { //this field has only true or false $field2Key = $fKey; } } if (!is_array($field2Key)) { if ($aclRule['fields'] && ($field2Acl = $aclRule['fields'][$field2Key]) !== null && !is_array($aclRule['fields'][$field2Key])) { $access = $field2Acl === 1 ? true : false; break; } else { //$field is not exactly defined, so we set $access to $acl['access'] //and maybe a rule with the same code has the field defined // if access = 2 then this rule is only for exactly define fields if ($aclRule['access'] !== 2) { $access = $aclRule['access'] === 1 ? true : false; break; } } } } else { $access = $aclRule['access'] === 1 ? true : false; break; } } } //foreach if (null === $access && $definition->isNested() && $pk) { //$access has not defined yet (no rule matched yet). Check if nested and $pk is given //load its root and check again if (null === ($currentObjectPk = $this->objects->getParentPk($objectKey, $currentObjectPk))) { $access = $aclRequest->isRootHasAccess() ? true : $access; break; } $parent_acl = true; } else { break; } } $access = (bool) $access; if ($pk && $this->getCaching()) { $this->cacher->setDistributedCache('core/acl/' . $cacheKey, $access); } return $access; }
/** * @ApiDoc( * section="Backend", * description="Returns a array with settings for the administration interface" * ) * * items: * modules * configs * layouts * contents * navigations * themes * themeProperties * user * groups * langs * * Example: settings?keys[]=modules&keys[]=layouts * * @Rest\QueryParam(name="keys", map=true, requirements=".+", description="List of config keys to filter")) * * @Rest\Get("/admin/backend/settings") * * @param ParamFetcher $paramFetcher * * @return array */ public function getSettingsAction(ParamFetcher $paramFetcher) { $keys = $paramFetcher->get('keys'); $loadKeys = $keys; if (!$loadKeys) { $loadKeys = false; } $res = array(); if ($loadKeys == false || in_array('modules', $loadKeys)) { foreach ($this->jarves->getConfigs() as $config) { $res['bundles'][] = $config->getBundleName(); } } if ($loadKeys == false || in_array('configs', $loadKeys)) { $res['configs'] = $this->jarves->getConfigs()->toArray(); } if ($loadKeys == false || in_array('themes', $loadKeys)) { foreach ($this->jarves->getConfigs() as $key => $config) { if ($config->getThemes()) { foreach ($config->getThemes() as $themeTitle => $theme) { /** @var $theme \Jarves\Configuration\Theme */ $res['themes'][$theme->getId()] = $theme->toArray(); } } } } if ($loadKeys == false || in_array('upload_max_filesize', $loadKeys)) { $v = ini_get('upload_max_filesize'); $v2 = ini_get('post_max_size'); $b = $this->toBytes($v < $v2 ? $v : $v2); $res['upload_max_filesize'] = $b; } if ($loadKeys == false || in_array('groups', $loadKeys)) { $res['groups'] = GroupQuery::create()->find()->toArray(null, null, TableMap::TYPE_CAMELNAME); } if ($loadKeys == false || in_array('user', $loadKeys)) { $user = $this->pageStack->getUser(); if ($settings = $user->getSettings()) { if ($settings instanceof Properties) { $res['user'] = $settings->toArray(); } } if (!isset($res['user'])) { $res['user'] = array(); } } if ($loadKeys == false || in_array('system', $loadKeys)) { $system = clone $this->jarves->getSystemConfig(); $system->setDatabase(null); $system->setPasswordHashKey(''); $res['system'] = $system->toArray(); } if ($loadKeys == false || in_array('domains', $loadKeys)) { $res['domains'] = $this->container->get('jarves.objects')->getList('JarvesBundle:Domain', null, array('permissionCheck' => true)); } if ($loadKeys == false || in_array('langs', $loadKeys)) { $codes = Tools::listToArray($this->jarves->getSystemConfig()->getLanguages()); $query = LanguageQuery::create()->filterByCode($codes); $tlangs = $query->find()->toArray(null, null, TableMap::TYPE_CAMELNAME); $langs = []; foreach ($tlangs as $lang) { $langs[$lang['code']] = $lang; } #$langs = dbToKeyIndex($tlangs, 'code'); $res['langs'] = $langs; } return $res; }
/** * @param array $objectItem * @param array $conditionRule * @param string $objectKey * * @return bool */ public function checkRule($objectItem, $conditionRule, $objectKey = null) { $field = $conditionRule[0]; $operator = $conditionRule[1]; $value = $conditionRule[2]; if (is_numeric($field)) { $ovalue = $field; } else { $ovalue = @$objectItem[$field]; if (null === $ovalue && $objectKey && ($definition = $this->objects->getDefinition($objectKey))) { $tableName = substr($field, 0, strpos($field, '.')); $fieldName = substr($field, strpos($field, '.') + 1); if ($tableName === $definition->getTable()) { $ovalue = $objectItem[$fieldName]; } } } if ($value instanceof ConditionSubSelect) { $value = $value->getValue($objectKey); } //'<', '>', '<=', '>=', '=', 'LIKE', 'IN', 'REGEXP' switch (strtoupper($operator)) { case '!=': case 'NOT EQUAL': return $ovalue != $value; case 'LIKE': $value = preg_quote($value, '/'); $value = str_replace('%', '.*', $value); $value = str_replace('_', '.', $value); return !!preg_match('/^' . $value . '$/', $ovalue); case 'REGEXP': return !!preg_match('/' . preg_quote($value, '/') . '/', $ovalue); case 'NOT IN': return strpos(',' . $value . ',', ',' . $ovalue . ',') === false; case 'IN': return strpos(',' . $value . ',', ',' . $ovalue . ',') !== false; case '<': case 'LESS': return $ovalue < $value; case '>': case 'GREATER': return $ovalue > $value; case '<=': case '=<': case 'LESSEQUAL': return $ovalue <= $value; case '>=': case '=>': case 'GREATEREQUAL': return $ovalue >= $value; case '= CURRENT_USER': case 'EQUAL CURRENT_USER': return $this->pageStack->isLoggedIn() && $ovalue == $this->pageStack->getUser()->getId(); case '!= CURRENT_USER': case 'NOT EQUAL CURRENT_USER': return $this->pageStack->isLoggedIn() && $ovalue != $this->pageStack->getUser()->getId(); case '=': case 'EQUAL': default: return $ovalue == $value; } }