public function addSessionScripts()
{
$response = $this->pageStack->getPageResponse();
$session = array();
$session['userId'] = null;
$session['lang'] = 'en';
if ($this->pageStack->getSession() && $this->pageStack->getSession()->has('admin_language')) {
$session['lang'] = $this->pageStack->getSession()->get('admin_language');
}
$session['access'] = $this->acl->check(ACLRequest::create('jarves/entryPoint', ['path' => '/admin']));
if ($this->pageStack->isLoggedIn()) {
$user = $this->pageStack->getUser();
$session['userId'] = $user->getId();
$session['username'] = $user->getUsername();
$session['lastLogin'] = $user->getLastLogin();
$session['firstName'] = $user->getFirstName();
$session['lastName'] = $user->getLastName();
// $email = $user->getEmail();
// $session['emailMd5'] = $email ? md5(strtolower(trim($email))) : null;
$session['imagePath'] = $user->getImagePath();
}
$session['token'] = get_class($this->pageStack->getToken());
$css = 'window._session = ' . json_encode($session) . ';';
$response->addJs($css);
}
public function checkPageAccess(Node $page)
{
/** @var Node $oriPage */
$oriPage = $page;
if ($page->getAccessFrom() > 0 && $page->getAccessFrom() > time()) {
$page = false;
}
if ($page->getAccessTo() > 0 && $page->getAccessTo() < time()) {
$page = false;
}
if ($page->getAccessFromGroups() != '') {
$access = false;
$groups = ',' . $page->getAccessFromGroups() . ",";
//eg ,2,4,5,
$cgroups = null;
if ($page['access_need_via'] == 0) {
//we need to move this to a extra listener
// $cgroups =& $this->getJarves()->getClient()->getUser()->getGroups();
} else {
// $htuser = $this->getJarves()->getClient()->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
//
// if ($htuser['id'] > 0) {
// $cgroups =& $htuser['groups'];
// }
}
if ($cgroups) {
foreach ($cgroups as $group) {
if (strpos($groups, "," . $group['group_id'] . ",") !== false) {
$access = true;
}
}
}
if (!$access) {
//maybe we have access through the backend auth?
if ($this->pageStack->isLoggedIn()) {
foreach ($this->pageStack->getUser()->getGroupIdsArray() as $groupId) {
if (false !== strpos($groups, "," . $groupId . ",")) {
$access = true;
break;
}
}
}
}
if (!$access) {
$page = false;
}
}
if (!$page && ($to = $oriPage->getAccessRedirectTo())) {
if (intval($to) > 0) {
$to = $this->pageStack->getNodeUrl($to);
}
return new RedirectResponse($to);
}
//
// if (!$page && $oriPage->getAccessNeedVia() == 1) {
// $response = new Response('', 404);
//
// return $response;
// }
}
/**
* @return LogRequest
*/
public function getLogRequest()
{
if (!$this->logRequest && $this->pageStack->getRequest()) {
$this->logRequest = new LogRequest();
$this->logRequest->setId(md5(mt_rand() . ':' . uniqid()));
$this->logRequest->setDate(microtime(true));
$this->logRequest->setIp($this->pageStack->getRequest()->getClientIp());
$this->logRequest->setPath(substr($this->pageStack->getRequest()->getPathInfo(), 0, 254));
$this->logRequest->setUsername($this->pageStack->getUser() instanceof UserInterface ? $this->pageStack->getUser()->getUsername() : 'Guest');
}
return $this->logRequest;
}
/**
* Filters $contents and returns only $content items which have valid access. (is visible, accessible by current user etc)
*
* @param Content[] $contents
*
* @return array
*/
protected function filterContentsForAccess($contents)
{
$filteredContents = [];
foreach ($contents as $content) {
$access = true;
if (is_string($content)) {
$filteredContents[] = $content;
continue;
}
if ($content->getAccessFrom() + 0 > 0 && $content->getAccessFrom() > time() || $content->getAccessTo() + 0 > 0 && $content->getAccessTo() < time()) {
$access = false;
}
if ($content->getHide()) {
$access = false;
}
if ($access && $content->getAccessFromGroups()) {
$access = false;
$groups = ',' . $content->getAccessFromGroups() . ',';
$userGroups = $this->pageStack->getUser()->getUserGroups();
foreach ($userGroups as $group) {
if (strpos($groups, ',' . $group->getGroupId() . ',') !== false) {
$access = true;
break;
}
}
if (!$access) {
$adminGroups = $this->pageStack->getUser()->getUserGroups();
foreach ($adminGroups as $group) {
if (strpos($groups, ',' . $group->getGroupId() . ',') !== false) {
$access = true;
break;
}
}
}
}
if ($access) {
$filteredContents[] = $content;
}
}
return $filteredContents;
}
/**
* Adds a new news-feed entry. If not message (means null) is passed we generate a diff.
*
* @param Objects $repo
* @param string $objectKey
* @param array $item
* @param string $verb
* @param string|null $message
* @throws \Propel\Runtime\Exception\PropelException
*/
public function newNewsFeed(Objects $repo, $objectKey, $item, $verb, $message = null)
{
$definition = $repo->getDefinition($objectKey);
$itemLabel = '';
if ($labelField = $definition->getLabelField()) {
$itemLabel = $item[$labelField];
}
if (!$itemLabel) {
$pks = $definition->getPrimaryKeys();
$itemLabel = '#' . $item[$pks[0]->getId()];
}
$username = '******';
$userId = 0;
if ($user = $this->pageStack->getUser()) {
$userId = $user->getId();
if ($user->getFirstName() || $user->getLastName()) {
$username = $user->getFirstName();
if ($username) {
$username .= ' ';
}
$username .= $user->getLastName();
} else {
$username = $user->getUsername();
}
}
$newsFeed = new \Jarves\Model\NewsFeed();
$newsFeed->setUsername($username);
$newsFeed->setUserId($userId);
$newsFeed->setVerb($verb);
$newsFeed->setTargetObject($objectKey);
$newsFeed->setTargetPk($repo->getObjectUrlId($objectKey, $item));
$newsFeed->setTargetLabel($itemLabel);
$newsFeed->setCreated(time());
$newsFeed->setMessage(null === $message ? $this->generateDiff($repo, $objectKey, $item) : $message);
$newsFeed->save();
}
/**
* @param ACLRequest $aclRequest
*
* @return bool
*/
public function check(ACLRequest $aclRequest)
{
$objectKey = Objects::normalizeObjectKey($aclRequest->getObjectKey());
$targetType = $aclRequest->getTargetType();
$targetId = $aclRequest->getTargetId();
$pk = $aclRequest->getPrimaryKey();
$field = $aclRequest->getField();
$pk = $this->objects->normalizePkString($objectKey, $pk);
if (ACL::TARGET_TYPE_USER === $targetType && null === $targetId) {
//0 means guest
$targetId = $this->pageStack->getUser() ? $this->pageStack->getUser()->getId() : 0;
}
$user = $this->pageStack->getUser();
if ($user) {
$groupIds = $user->getGroupIds();
if (false !== strpos(',' . $groupIds . ',', ',1,')) {
//user is in the admin group, so he has always access.
return true;
}
}
if (ACL::TARGET_TYPE_USER === $targetType && 1 === $targetId) {
//user admin has always access
return true;
}
if (ACL::TARGET_TYPE_GROUP === $targetType && 1 === $targetId) {
//group admin has always access
return true;
}
if (0 === $targetId) {
//guests do always have no access
return false;
}
if (ACL::TARGET_TYPE_GROUP === $targetType && !$targetId) {
throw new \InvalidArgumentException('For type TARGET_TYPE_GROUP a targetId is required.');
}
$cacheKey = null;
if ($pk && $this->getCaching()) {
$pkString = $this->objects->getObjectUrlId($objectKey, $pk);
$cacheKey = md5($targetType . '.' . $targetId . '.' . $objectKey . '/' . $pkString . '/' . json_encode($field));
$cached = $this->cacher->getDistributedCache('core/acl/' . $cacheKey);
if (null !== $cached) {
return $cached;
}
}
$rules = self::getRules($objectKey, $aclRequest->getMode(), $targetType, $targetId);
if (count($rules) === 0) {
//no rules found, so we have no access
return false;
}
$access = null;
$currentObjectPk = $pk;
$definition = $this->objects->getDefinition($objectKey);
$not_found = true;
//starts directly as if we were in the parent checking.
$parent_acl = $aclRequest->isAsParent();
$fCount = null;
$fKey = null;
$fValue = null;
$fIsArray = is_array($field);
if ($fIsArray) {
$fCount = count($field);
$fKey = key($field);
$fValue = current($field);
if (is_int($fKey)) {
$fKey = $fValue;
$fValue = null;
}
}
$depth = 0;
$match = false;
$originObjectItemPk = $currentObjectPk;
while ($not_found) {
$currentObjectPkString = null;
if ($currentObjectPk) {
$currentObjectPkString = $this->objects->getObjectUrlId($objectKey, $currentObjectPk);
}
$depth++;
if ($depth > 50) {
$not_found = false;
break;
}
foreach ($rules as $aclRule) {
if ($parent_acl && !$aclRule['sub']) {
//as soon we enter the parent_acl mode we only take acl rules into consideration
//that are also valid for children (sub=true)
continue;
}
$match = false;
/*
* CUSTOM CONSTRAINT
*/
if ($aclRule['constraint_type'] === ACL::CONSTRAINT_CONDITION) {
$objectItem = null;
if ($originObjectItemPk === $currentObjectPk && null !== $aclRequest->getPrimaryObjectItem()) {
$objectItem = $aclRequest->getPrimaryObjectItem();
} else {
if ($originObjectItemPk) {
$objectItem = $this->objects->get($objectKey, $currentObjectPk);
}
}
if ($objectItem && $this->conditionOperator->satisfy($aclRule['constraint_code'], $objectItem, $objectKey)) {
$match = true;
}
/*
* EXACT
*/
} else {
if ($aclRule['constraint_type'] === ACL::CONSTRAINT_EXACT) {
if ($currentObjectPk && $aclRule['constraint_code'] === $currentObjectPkString) {
$match = true;
}
/**
* ALL
*/
} else {
$match = true;
}
}
if (!$match && $aclRule['sub'] && $currentObjectPk) {
// we need to check if a parent matches this $acl as we have sub=true
$parentItem = $this->objects->normalizePkString($objectKey, $currentObjectPk);
$parentCondition = Condition::create($aclRule['constraint_code']);
$parentOptions['fields'] = $this->conditionOperator->extractFields($parentCondition);
while ($parentItem = $this->objects->getParent($objectKey, $this->objects->getObjectPk($objectKey, $parentItem), $parentOptions)) {
if ($aclRule['constraint_type'] === ACL::CONSTRAINT_CONDITION && $this->conditionOperator->satisfy($parentCondition, $parentItem)) {
$match = true;
break;
} else {
if ($aclRule['constraint_type'] === ACL::CONSTRAINT_EXACT && $aclRule['constraint_code'] === $this->objects->getObjectUrlId($objectKey, $parentItem)) {
$match = true;
break;
}
}
}
}
if ($match) {
//match, check all $field
$field2Key = $field;
if ($field) {
if ($fIsArray && $fCount === 1) {
if (is_string($fKey) && is_array($aclRule['fields'][$fKey])) {
//this field has limits
if (($field2Acl = $aclRule['fields'][$fKey]) !== null) {
if (is_array($field2Acl[0])) {
//complex field rule, $field2Acl = ([{access: no, condition: [['id', '>', 2], ..]}, {}, ..])
foreach ($field2Acl as $fRule) {
$satisfy = false;
if (($f = $definition->getField($fKey)) && $f->getType() === 'object') {
$uri = $f->getObject() . '/' . $fValue;
$uriObject = $this->objects->getFromUrl($uri);
$satisfy = $this->conditionOperator->satisfy($fRule['condition'], $uriObject);
} else {
if (null !== $fValue) {
$satisfy = $this->conditionOperator->satisfy($fRule['condition'], $field);
}
}
if ($satisfy) {
return $fRule['access'] === 1 ? true : false;
}
}
//if no field rules fits, we consider the whole rule
if ($aclRule['access'] !== 2) {
return $aclRule['access'] === 1 ? true : false;
}
} else {
//simple field rule $field2Acl = ({"value1": yes, "value2": no}
if ($field2Acl[$fKey] !== null) {
return $field2Acl[$fKey] === 1 ? true : false;
} else {
//current($field) is not exactly defined in $field2Acl, so we set $access to $acl['access']
//
//if access = 2 then wo do not know it, cause 2 means 'inherited', so maybe
//a other rule has more detailed rule
if ($aclRule['access'] !== 2) {
$access = $aclRule['access'] === 1 ? true : false;
break;
}
}
}
}
} else {
//this field has only true or false
$field2Key = $fKey;
}
}
if (!is_array($field2Key)) {
if ($aclRule['fields'] && ($field2Acl = $aclRule['fields'][$field2Key]) !== null && !is_array($aclRule['fields'][$field2Key])) {
$access = $field2Acl === 1 ? true : false;
break;
} else {
//$field is not exactly defined, so we set $access to $acl['access']
//and maybe a rule with the same code has the field defined
// if access = 2 then this rule is only for exactly define fields
if ($aclRule['access'] !== 2) {
$access = $aclRule['access'] === 1 ? true : false;
break;
}
}
}
} else {
$access = $aclRule['access'] === 1 ? true : false;
break;
}
}
}
//foreach
if (null === $access && $definition->isNested() && $pk) {
//$access has not defined yet (no rule matched yet). Check if nested and $pk is given
//load its root and check again
if (null === ($currentObjectPk = $this->objects->getParentPk($objectKey, $currentObjectPk))) {
$access = $aclRequest->isRootHasAccess() ? true : $access;
break;
}
$parent_acl = true;
} else {
break;
}
}
$access = (bool) $access;
if ($pk && $this->getCaching()) {
$this->cacher->setDistributedCache('core/acl/' . $cacheKey, $access);
}
return $access;
}
/**
* @ApiDoc(
* section="Backend",
* description="Returns a array with settings for the administration interface"
* )
*
* items:
* modules
* configs
* layouts
* contents
* navigations
* themes
* themeProperties
* user
* groups
* langs
*
* Example: settings?keys[]=modules&keys[]=layouts
*
* @Rest\QueryParam(name="keys", map=true, requirements=".+", description="List of config keys to filter"))
*
* @Rest\Get("/admin/backend/settings")
*
* @param ParamFetcher $paramFetcher
*
* @return array
*/
public function getSettingsAction(ParamFetcher $paramFetcher)
{
$keys = $paramFetcher->get('keys');
$loadKeys = $keys;
if (!$loadKeys) {
$loadKeys = false;
}
$res = array();
if ($loadKeys == false || in_array('modules', $loadKeys)) {
foreach ($this->jarves->getConfigs() as $config) {
$res['bundles'][] = $config->getBundleName();
}
}
if ($loadKeys == false || in_array('configs', $loadKeys)) {
$res['configs'] = $this->jarves->getConfigs()->toArray();
}
if ($loadKeys == false || in_array('themes', $loadKeys)) {
foreach ($this->jarves->getConfigs() as $key => $config) {
if ($config->getThemes()) {
foreach ($config->getThemes() as $themeTitle => $theme) {
/** @var $theme \Jarves\Configuration\Theme */
$res['themes'][$theme->getId()] = $theme->toArray();
}
}
}
}
if ($loadKeys == false || in_array('upload_max_filesize', $loadKeys)) {
$v = ini_get('upload_max_filesize');
$v2 = ini_get('post_max_size');
$b = $this->toBytes($v < $v2 ? $v : $v2);
$res['upload_max_filesize'] = $b;
}
if ($loadKeys == false || in_array('groups', $loadKeys)) {
$res['groups'] = GroupQuery::create()->find()->toArray(null, null, TableMap::TYPE_CAMELNAME);
}
if ($loadKeys == false || in_array('user', $loadKeys)) {
$user = $this->pageStack->getUser();
if ($settings = $user->getSettings()) {
if ($settings instanceof Properties) {
$res['user'] = $settings->toArray();
}
}
if (!isset($res['user'])) {
$res['user'] = array();
}
}
if ($loadKeys == false || in_array('system', $loadKeys)) {
$system = clone $this->jarves->getSystemConfig();
$system->setDatabase(null);
$system->setPasswordHashKey('');
$res['system'] = $system->toArray();
}
if ($loadKeys == false || in_array('domains', $loadKeys)) {
$res['domains'] = $this->container->get('jarves.objects')->getList('JarvesBundle:Domain', null, array('permissionCheck' => true));
}
if ($loadKeys == false || in_array('langs', $loadKeys)) {
$codes = Tools::listToArray($this->jarves->getSystemConfig()->getLanguages());
$query = LanguageQuery::create()->filterByCode($codes);
$tlangs = $query->find()->toArray(null, null, TableMap::TYPE_CAMELNAME);
$langs = [];
foreach ($tlangs as $lang) {
$langs[$lang['code']] = $lang;
}
#$langs = dbToKeyIndex($tlangs, 'code');
$res['langs'] = $langs;
}
return $res;
}
/**
* @param array $objectItem
* @param array $conditionRule
* @param string $objectKey
*
* @return bool
*/
public function checkRule($objectItem, $conditionRule, $objectKey = null)
{
$field = $conditionRule[0];
$operator = $conditionRule[1];
$value = $conditionRule[2];
if (is_numeric($field)) {
$ovalue = $field;
} else {
$ovalue = @$objectItem[$field];
if (null === $ovalue && $objectKey && ($definition = $this->objects->getDefinition($objectKey))) {
$tableName = substr($field, 0, strpos($field, '.'));
$fieldName = substr($field, strpos($field, '.') + 1);
if ($tableName === $definition->getTable()) {
$ovalue = $objectItem[$fieldName];
}
}
}
if ($value instanceof ConditionSubSelect) {
$value = $value->getValue($objectKey);
}
//'<', '>', '<=', '>=', '=', 'LIKE', 'IN', 'REGEXP'
switch (strtoupper($operator)) {
case '!=':
case 'NOT EQUAL':
return $ovalue != $value;
case 'LIKE':
$value = preg_quote($value, '/');
$value = str_replace('%', '.*', $value);
$value = str_replace('_', '.', $value);
return !!preg_match('/^' . $value . '$/', $ovalue);
case 'REGEXP':
return !!preg_match('/' . preg_quote($value, '/') . '/', $ovalue);
case 'NOT IN':
return strpos(',' . $value . ',', ',' . $ovalue . ',') === false;
case 'IN':
return strpos(',' . $value . ',', ',' . $ovalue . ',') !== false;
case '<':
case 'LESS':
return $ovalue < $value;
case '>':
case 'GREATER':
return $ovalue > $value;
case '<=':
case '=<':
case 'LESSEQUAL':
return $ovalue <= $value;
case '>=':
case '=>':
case 'GREATEREQUAL':
return $ovalue >= $value;
case '= CURRENT_USER':
case 'EQUAL CURRENT_USER':
return $this->pageStack->isLoggedIn() && $ovalue == $this->pageStack->getUser()->getId();
case '!= CURRENT_USER':
case 'NOT EQUAL CURRENT_USER':
return $this->pageStack->isLoggedIn() && $ovalue != $this->pageStack->getUser()->getId();
case '=':
case 'EQUAL':
default:
return $ovalue == $value;
}
}
