function admin_actionAll() { if (!empty($this->data['_Tech']['action'])) { if (isset($this->Acl)) { if ($this->Acl->check($this->Auth->user(), 'Cities/admin_' . $this->data['_Tech']['action'])) { $this->setAction('admin_' . $this->data['_Tech']['action']); } else { $this->Session->setFlash(___d('alaxos', 'not authorized', true), 'flash_error', array('plugin' => 'alaxos')); $this->redirect($this->referer()); } } elseif (isset($this->Auth) && $this->Auth->user() == null) { /* * Manually check permission, as the setAction() method does not check for permission rights */ if (in_array(strtolower('admin_' . $this->data['_Tech']['action']), $this->Auth->allowedActions)) { $this->setAction('admin_' . $this->data['_Tech']['action']); } else { $this->Session->setFlash(___d('alaxos', 'not authorized', true), 'flash_error', array('plugin' => 'alaxos')); $this->redirect($this->referer()); } } else { /* * neither Auth nor Acl, or Auth + logged user * -> grant access */ $this->setAction('admin_' . $this->data['_Tech']['action']); } } else { $this->Session->setFlash(___d('alaxos', 'the action to perform is not defined', true), 'flash_error', array('plugin' => 'alaxos')); $this->redirect($this->referer()); } }
function check_access() { $authorized = false; $user_logged = false; $action = $this->controller->action; if (isset($this->controller->params['prefix'])) { $prefix = $this->controller->params['prefix']; } if (array_key_exists($action, $this->actions_roles_mapping)) { /* * The action is protected * -> check if logged User has the right to do the action */ if ($this->Session->check(LOGGED_USER)) { $logged_user = $this->Session->read(LOGGED_USER); if (isset($logged_user)) { $user_logged = true; foreach ($this->actions_roles_mapping[$action] as $authorized_role_id) { foreach ($logged_user[LOGGED_USER_ROLES] as $role) { if ($role['id'] == $authorized_role_id || $role['id'] == ROLE_ID_ADMINISTRATOR) { $authorized = true; break; } } } } } } elseif (isset($prefix) && array_key_exists($prefix, $this->prefix_roles_mapping)) { /* * The action is protected * -> check if logged User has the right to do the action */ if ($this->Session->check(LOGGED_USER)) { $logged_user = $this->Session->read(LOGGED_USER); if (isset($logged_user)) { $user_logged = true; foreach ($this->prefix_roles_mapping[$prefix] as $authorized_role_id) { foreach ($logged_user[LOGGED_USER_ROLES] as $role) { if ($role['id'] == $authorized_role_id || $role['id'] == ROLE_ID_ADMINISTRATOR) { $authorized = true; break; } } } } } } else { $authorized = true; } if (!$authorized) { if (isset($this->controller->RequestHandler) && $this->controller->RequestHandler->isAjax()) { if ($user_logged) { e('<span class="error">' . ___d('alaxos', 'not authorized', true) . '</span>'); } else { e('<span class="error">' . ___d('alaxos', 'please login', true) . '</span>'); } die; } else { if ($user_logged) { $this->Session->setFlash(___d('alaxos', 'not authorized', true), 'flash_error', array('class' => 'error')); } else { $this->Session->setFlash(___d('alaxos', 'please login', true), 'flash_error', array('class' => 'error')); } $return_url = $this->controller->get_return_url(); /* * Note: * we use 'admin' => '0' because 'admin' => false leads to an infinite redirection loop * Why ? * TODO: discover why... ;-) */ $this->controller->redirect(array('admin' => '0', 'controller' => $this->login_controller, 'action' => $this->login_action . '?' . RETURN_URL . '=' . $return_url)); } } }
/** * Return a dropdown list filled with actions that can be performed on the selected elements of a datat list * It also automatically set the needed translated Javascript variables. * * @param string $fieldName * @param array $options */ public function input_actions_list($fieldName = '_Tech.action', $options = array()) { $options['id'] = !empty($options['id']) ? $options['id'] : 'ActionToPerform'; $actions = !empty($options['actions']) ? $options['actions'] : array('deleteAll' => ___d('alaxos', 'delete all', true), 'activateAll' => ___d('alaxos', 'activate all', true), 'deactivateAll' => ___d('alaxos', 'deactivate all', true)); /* * Include translated texts for JS confirm box */ $script = 'var confirmDeleteAllText = "' . ___d('alaxos', 'are you sure you want to delete all those items ?', true) . '";' . "\n"; $script .= 'var pleaseChooseActionToPerformText = "' . ___d('alaxos', 'please choose the action to perform', true) . '";' . "\n"; $this->AlaxosHtml->scriptBlock($script, array('inline' => false)); unset($options['actions']); return $this->select($fieldName, $actions, null, $options); }
public function get_pagination_limit_combobox($options = array()) { $html = []; $html[] = '<div class="row">'; $html[] = ' <div class="col-md-12 col-sm-12 col-xs-12 text-right">'; $select_options = []; $select_options['id'] = 'select_pagination_limit'; $select_options['value'] = isset($this->request->query['limit']) ? $this->request->query['limit'] : $this->Paginator->param('perPage'); $select_limit = $this->Form->select('_Tech.pagination_limit', array_combine($options['pagination_limits'], $options['pagination_limits']), $select_options); $js = []; $js[] = '<script type="text/javascript">'; $js[] = '$(document).ready(function(){'; $js[] = ' $("#select_pagination_limit").change(function(){'; $js[] = ' window.location = "' . $this->request->here . '" + "?limit=" +$(this).val();'; $js[] = ' });'; $js[] = '});'; $js[] = '</script>'; $html[] = ___d('alaxos', $options['pagination_limits_text'], $select_limit); $html[] = implode("\n", $js); $html[] = ' </div>'; $html[] = '</div>'; return implode("\n", $html); }
/** * Logs the given user in by using the Auth component * * @param unknown_type $user */ protected function log_user($user) { if (isset($user) && is_array($user)) { if (isset($this->controller->Auth)) { return $this->controller->Auth->login($user); } else { $this->add_error(___d('alaxos', 'the Auth component must be loaded to use the Alaxos.ShibbolethAuthenticator component', true)); return false; } } }