Example #1
0
 /**
  * This event handler lists all activated modules with the description
  * of each module.
  * 
  * @access public
  * @param \Zepi\Turbo\Framework $framework
  * @param \Zepi\Turbo\Request\WebRequest $request
  * @param \Zepi\Turbo\Response\Response $response
  */
 public function execute(Framework $framework, WebRequest $request, Response $response, $value = null)
 {
     // Get the route params
     $type = $request->getRouteParam('type');
     // Type of the asset
     $hash = $request->getRouteParam('hash');
     // Hash of the asset
     $version = $request->getRouteParam('version');
     // Version of the file
     // Check if all values are available
     if ($type == false || $hash == false || $version == false) {
         $response->setOutput('/** Zepi Assets Manager: Malformed request! */');
         return;
     }
     // If the file isn't cached display nothing
     if (!$this->assetCacheManager->isCached($type, $hash, $version)) {
         $response->setOutput('/** Zepi Assets Manager: Not cached! */');
         return;
     }
     // Load the content
     $content = $this->assetCacheManager->getAssetContent($type, $hash, $version);
     if ($content === '') {
         $content = '/** Zepi Assets Manager: File is empty or does not exists! */';
     }
     $this->deliverContent($response, $type, $hash, $version, $content);
 }
Example #2
0
 /**
  * Displays the administration overview page
  * 
  * @access public
  * @param \Zepi\Turbo\Framework $framework
  * @param \Zepi\Turbo\Request\WebRequest $request
  * @param \Zepi\Turbo\Response\Response $response
  */
 public function execute(Framework $framework, WebRequest $request, Response $response)
 {
     // Redirect if the user hasn't a valid session
     if (!$request->hasSession()) {
         $response->redirectTo('/');
         return;
     }
     // Prepare the page
     $this->setTitle($this->translate('Administration', '\\Zepi\\Web\\General'));
     $menuEntry = $this->activateMenuEntry();
     // Generate the overview page
     $overviewPage = $this->getOverviewPageRenderer()->render($framework, $menuEntry);
     // Display the overview page
     $response->setOutput($this->render('\\Zepi\\Web\\General\\Templates\\Administration', array('overviewPage' => $overviewPage)));
 }
Example #3
0
 /**
  * Deletes a cluster in the database
  * 
  * @access public
  * @param \Zepi\Turbo\Framework $framework
  * @param \Zepi\Turbo\Request\WebRequest $request
  * @param \Zepi\Turbo\Response\Response $response
  */
 public function execute(Framework $framework, WebRequest $request, Response $response)
 {
     $title = $this->translate('Activate account', '\\Zepi\\Web\\AccessControl');
     // Prepare the page
     $this->setTitle($title);
     // Get the cluster
     $uuid = $request->getRouteParam('uuid');
     $activationToken = $request->getRouteParam('token');
     // Activate the user
     $result = array('result' => false, 'message' => $this->translate('Wrong request parameters.', '\\Zepi\\Web\\AccessControl'));
     if ($uuid != false && $activationToken != false) {
         $result = $this->activateUser($uuid, $activationToken);
     }
     // Display the result
     $response->setOutput($this->render('\\Zepi\\Web\\AccessControl\\Templates\\Activation', array('result' => $result)));
 }
Example #4
0
 /**
  * Registers the menu entries which are only accessable if the user is logged in
  * or not logged in, in example login or logout menu entry.
  * 
  * @access public
  * @param \Zepi\Turbo\Framework $framework
  * @param \Zepi\Turbo\Request\WebRequest $request
  * @param \Zepi\Turbo\Response\Response $response
  */
 public function execute(Framework $framework, WebRequest $request, Response $response)
 {
     if ($request->hasSession()) {
         $profileMenuEntry = new \Zepi\Web\General\Entity\MenuEntry('profile', $this->translate('Profile', '\\Zepi\\Web\\AccessControl'), 'profile', 'mdi-person');
         $this->getMenuManager()->addMenuEntry('menu-right', $profileMenuEntry, 90);
         // Add the hidden user settings menu entry
         $userSettingsSubMenuEntry = new \Zepi\Web\General\Entity\HiddenMenuEntry($this->translate('User settings', '\\Zepi\\Web\\AccessControl'));
         $profileMenuEntry->addChild($userSettingsSubMenuEntry);
         // Add the hidden change password menu entry
         $changePasswordSubMenuEntry = new \Zepi\Web\General\Entity\HiddenMenuEntry($this->translate('Change password', '\\Zepi\\Web\\AccessControl'), 'profile/change-password', 'mdi-vpn-key');
         $userSettingsSubMenuEntry->addChild($changePasswordSubMenuEntry);
         // Add the logout menu entry
         $menuEntry = new \Zepi\Web\General\Entity\MenuEntry('logout', $this->translate('Logout', '\\Zepi\\Web\\AccessControl'), 'logout', 'glyphicon-log-out');
         $this->getMenuManager()->addMenuEntry('menu-right', $menuEntry, 100);
     } else {
         if ($this->getSetting('accesscontrol.allowRegistration')) {
             $menuEntry = new \Zepi\Web\General\Entity\MenuEntry('registration', $this->translate('Registration', '\\Pmx\\Autopilot\\AccessControl'), '/register/', 'mdi-account-circle');
             $this->getMenuManager()->addMenuEntry('menu-right', $menuEntry);
         }
         $menuEntry = new \Zepi\Web\General\Entity\MenuEntry('login', $this->translate('Login', '\\Zepi\\Web\\AccessControl'), 'login', 'glyphicon-log-in');
         $this->getMenuManager()->addMenuEntry('menu-right', $menuEntry, 100);
     }
 }
Example #5
0
 /**
  * Displays the edit user form and saves the data to the database.
  * 
  * @access public
  * @param \Zepi\Turbo\Framework $framework
  * @param \Zepi\Turbo\Request\WebRequest $request
  * @param \Zepi\Turbo\Response\Response $response
  */
 public function execute(Framework $framework, WebRequest $request, Response $response)
 {
     // Prepare the page
     $additionalTitle = $this->translate('Delete group', '\\Zepi\\Web\\AccessControl');
     $title = $this->translate('Group management', '\\Zepi\\Web\\AccessControl');
     $this->activateMenuEntry('group-administration');
     $this->setTitle($title, $additionalTitle);
     // Get the user
     $uuid = $request->getRouteParam('uuid');
     // If the UUID does not exists redirect to the overview page
     if (!is_string($uuid) || !$this->groupManager->hasGroupForUuid($uuid)) {
         $response->redirectTo($request->getFullRoute('/administration/groups/'));
         return;
     }
     $group = $this->groupManager->getGroupForUuid($uuid);
     // If $result isn't true, display the edit user form
     if ($request->getRouteParam('confirmation') === 'confirmed') {
         $this->groupManager->deleteGroup($group);
         $response->setOutput($this->render('\\Zepi\\Web\\AccessControl\\Templates\\Administration\\DeleteGroupFinished', array('group' => $group)));
     } else {
         // Display the delete user confirmation
         $response->setOutput($this->render('\\Zepi\\Web\\AccessControl\\Templates\\Administration\\DeleteGroup', array('group' => $group)));
     }
 }
Example #6
0
 /**
  * Returns true if the session data has the needed
  * token data
  * 
  * @param string $token
  * @return boolean
  */
 protected function hasValidSessionData(WebRequest $request, $token)
 {
     return $request->getSessionData('dt-class-' . $token) !== false && $request->getSessionData('dt-time-' . $token) !== false;
 }
Example #7
0
 /**
  * Send the api result to the client
  *
  * @access public
  * @param \Zepi\Turbo\Request\WebRequest $request
  * @param \Zepi\Turbo\Response\Response $response
  * @param array $result
  */
 public function sendResponse(WebRequest $request, Response $response, $result)
 {
     $dataType = $request->getHeader('Accept');
     switch ($dataType) {
         case 'text/xml':
             $xml = new \SimpleXMLElement('<root/>');
             $this->fillXml($xml, $result);
             $result = $xml->asXML();
             if ($result === false) {
                 $result = '';
             }
             $response->sendHeader('Content-Type: text/xml');
             $response->setOutput($result);
             break;
         case 'application/json':
         default:
             $response->sendHeader('Content-Type: application/json');
             $response->setOutput(json_encode($result));
             break;
     }
 }
Example #8
0
 /**
  * Regenerates the session. It makes the old session id obsolete and generates a new 
  * session id.
  * 
  * @access protected
  * @param \Zepi\Turbo\Request\WebRequest $request
  */
 protected function regenerateSession(WebRequest $request)
 {
     // Let the old session expire...
     $request->setSessionData('isObsolete', true);
     $request->setSessionData('maxLifetime', time() + 60);
     // Regenerate the session id but don't delete the old one
     session_regenerate_id(false);
     // Get the new session id
     $newSessionId = session_id();
     // Close both sessions to free them for other requests
     session_write_close();
     // Start the session with the new id
     session_id($newSessionId);
     session_start();
     // Delete the temporary session data
     $request->deleteSessionData('isObsolete');
     $request->deleteSessionData('maxLifetime');
 }
Example #9
0
 /**
  * Changes the password for the logged in user.
  * 
  * @access protected
  * @param \Zepi\Turbo\Request\WebRequest $request
  * @param \Zepi\Web\AccessControl\Entity\User $user
  */
 protected function saveUser(WebRequest $request, User $user)
 {
     $formValues = $this->layout->getFormValues();
     // Set the username
     $user->setName($formValues['required-data.username']);
     // Set the password to a new user or if the user has changed the password
     if ($user->isNew() || $formValues['required-data.password'] != '') {
         $user->setNewPassword($formValues['required-data.password']);
     }
     // Set the optional data
     $user->setMetaData('email', $formValues['optional-data.email']);
     $user->setMetaData('location', $formValues['optional-data.location']);
     $user->setMetaData('website', $formValues['optional-data.website']);
     $user->setMetaData('twitter', $formValues['optional-data.twitter']);
     $user->setMetaData('biography', $formValues['optional-data.biography']);
     // Save the user
     if ($user->isNew()) {
         $user = $this->userManager->addUser($user);
     } else {
         $this->userManager->updateUser($user);
     }
     if ($user === false) {
         return false;
     }
     // Save the access levels
     $this->accessControlManager->updatePermissions($user, $formValues['access-levels'], $request->getSession()->getUser());
     return true;
 }
Example #10
0
 /**
  * Generates the csrf key and token and saves them 
  * in the session data.
  * 
  * @access public
  * @param \Zepi\Turbo\Request\WebRequest $request
  * @return array
  */
 public function generateCsrfToken(WebRequest $request)
 {
     $key = 'csrf-' . $this->generateHash(32);
     $token = $this->generateHash(128);
     $request->setSessionData($key, $token);
     return array('key' => $key, 'token' => $token);
 }
Example #11
0
 /**
  * Generates a DataRequest object
  * 
  * @access protected
  * @param \Zepi\Turbo\Request\WebRequest $request
  * @param \Zepi\Web\UserInterface\Table\TableAbstract $table
  * @param false|integer $numberOfEntries
  * @return \Zepi\Web\UserInterface\Table\DataRequest
  */
 protected function generateDataRequest(WebRequest $request, TableAbstract $table, $numberOfEntries)
 {
     $sortBy = 'name';
     $sortByDirection = 'ASC';
     // If the session has a data request object for the table, load it and refresh the data.
     $savedDataRequestKey = get_class($table) . '.DataRequest.Saved';
     $dataRequest = false;
     if ($table->shouldSaveDataRequest() && $request->getSessionData($savedDataRequestKey) !== false) {
         $dataRequest = unserialize($request->getSessionData($savedDataRequestKey));
     }
     // Check if the data request is valid
     if ($dataRequest === false) {
         $dataRequest = new DataRequest(1, $numberOfEntries, $sortBy, $sortByDirection);
     }
     // Save the data request to the session if needed
     if ($table->shouldSaveDataRequest()) {
         $request->setSessionData($savedDataRequestKey, serialize($dataRequest));
     }
     return $dataRequest;
 }
Example #12
0
 /**
  * Returns the Form object for the login form
  * 
  * @access protected
  * @param \Zepi\Turbo\Framework $framework
  * @param \Zepi\Turbo\Request\WebRequest $request
  * @param \Zepi\Turbo\Response\Response $response
  * @return \Zepi\Web\UserInterface\Form\Form
  */
 protected function createForm(Framework $framework, WebRequest $request, Response $response)
 {
     // Create the form
     $form = new Form('login', $request->getFullRoute('login'), 'post');
     // Add the user data group
     $errorBox = new ErrorBox('login-errors', 1);
     $form->addPart($errorBox);
     $origin = '';
     if ($request->hasParam('_origin')) {
         $origin = $request->getParam('_origin');
     }
     $helpText = '';
     if ($this->getSetting('accesscontrol.allowRenewPassword')) {
         $helpText = $this->translate('Lost your password? <a href="%link%">Renew it here.</a>', '\\Zepi\\Web\\AccessControl', array('link' => $request->getFullRoute('request-new-password')));
     }
     // Add the user data group
     $group = new Group('user-data', $this->translate('User data', '\\Zepi\\Web\\AccessControl'), array(new Text('username', $this->translate('Username', '\\Zepi\\Web\\AccessControl'), true), new Password('password', $this->translate('Password', '\\Zepi\\Web\\AccessControl'), true, '', $helpText), new Hidden('origin', $origin)), 10);
     $form->addPart($group);
     // Add the submit button
     $buttonGroup = new ButtonGroup('buttons', array(new Submit('submit', $this->translate('Login', '\\Zepi\\Web\\AccessControl'))), 100);
     $form->addPart($buttonGroup);
     return $form;
 }
Example #13
0
 /**
  * Returns the Form object for the change password form
  * 
  * @access protected
  * @param \Zepi\Turbo\Framework $framework
  * @param \Zepi\Turbo\Request\WebRequest $request
  * @param \Zepi\Turbo\Response\Response $response
  * @return \Zepi\Web\UserInterface\Form\Form
  */
 protected function createForm(Framework $framework, WebRequest $request, Response $response)
 {
     // Create the form
     $form = new Form('change-password', $request->getFullRoute('profile/change-password'), 'post');
     // Add the user data group
     $errorBox = new ErrorBox('login-errors', 1);
     $form->addPart($errorBox);
     // Add the user data group
     $group = new Group('change-password', $this->translate('Please insert your old and your new password', '\\Zepi\\Web\\AccessControl'), array(new Password('old-password', $this->translate('Old password', '\\Zepi\\Web\\AccessControl'), true), new Password('new-password', $this->translate('New password', '\\Zepi\\Web\\AccessControl'), true), new Password('new-password-confirmed', $this->translate('Confirm new password', '\\Zepi\\Web\\AccessControl'), true)));
     $form->addPart($group);
     // Add the submit button
     $buttonGroup = new ButtonGroup('buttons', array(new Submit('submit', $this->translate('Change password', '\\Zepi\\Web\\AccessControl'))), 100);
     $form->addPart($buttonGroup);
     return $form;
 }
 /**
  * Verifies a protected menu entry.
  * 
  * @access protected
  * @param \Zepi\Web\General\Entity\ProtectedMenuEntry $protectedEntry
  * @param \Zepi\Turbo\Request\WebRequest $request
  * @return boolean
  */
 protected function verifyProtectedEntry(ProtectedMenuEntry $protectedEntry, WebRequest $request)
 {
     // If the user has no session we do not have to check the permissions
     if (!$request->hasSession()) {
         return false;
     }
     // If the access level key is empty but the user has a
     // session everything is fine with this entry.
     if ($request->hasSession() && $protectedEntry->getAccessLevelKey() === '') {
         return true;
     }
     // Check the permissions
     if ($request->getSession()->hasAccess($protectedEntry->getAccessLevelKey())) {
         return true;
     }
     // If the user has no access to the database we return false
     return false;
 }
Example #15
0
 /**
  * Saves the group
  *
  * @access protected
  * @param \Zepi\Turbo\Request\WebRequest $request
  * @param \Zepi\Web\AccessControl\Entity\EntityGroup $group
  */
 protected function saveGroup(WebRequest $request, EntityGroup $group)
 {
     $formValues = $this->layout->getFormValues();
     // Set the groupname
     $group->setName($formValues['required-data.groupname']);
     // Set the optional data
     $group->setMetaData('description', $formValues['optional-data.description']);
     // Save the group
     if ($group->isNew()) {
         $group = $this->groupManager->addGroup($group);
     } else {
         $this->groupManager->updateGroup($group);
     }
     if ($group === false) {
         return false;
     }
     // Save the access levels
     $accessLevels = $this->cleanAccessLevels($group->getUuid(), $formValues['access-levels']);
     $this->accessControlManager->updatePermissions($group, $accessLevels, $request->getSession()->getUser());
     return true;
 }