/**
* @return \Member
*/
protected static function getBasicAuthMember()
{
$realm = \Config::inst()->get('HttpAuth', 'Realm');
$permissionCode = \Config::inst()->get('HttpAuth', 'PermissionCode');
$isRunningTests = class_exists('SapphireTest', false) && \SapphireTest::is_running_test();
$tryUsingSessionLogin = $isRunningTests || \Config::inst()->get('HttpAuth', 'TryUsingSessionLogin');
try {
$member = \BasicAuth::requireLogin($realm, $permissionCode, $tryUsingSessionLogin);
return $member;
} catch (\Exception $ex) {
return null;
}
}
/**
* If not logged in attempt HTTP auth and check permission, otherwise check logged in members permission
* @throws PermissionFailureException
* @return ReplicantAction this
*/
public function checkPerm()
{
if (!($member = Member::currentUserID())) {
if ($member = BasicAuth::requireLogin("Replicant", static::$required_permission, true)) {
$member->logIn();
$res = true;
}
} else {
$res = Permission::check(static::$required_permission);
}
if (!$res) {
$this->failed("Permission Failure: " . static::$required_permission)->output();
throw new PermissionFailureException("Not allowed to " . static::$required_permission);
}
return $this;
}
/**
* Initialisation function that is run before any action on the controller is called.
*
* @uses BasicAuth::requireLogin()
*/
function init() {
// Test and development sites should be secured, via basic-auth
if(Director::isTest() && $this->basicAuthEnabled && Security::database_is_ready()) {
BasicAuth::requireLogin("SilverStripe test website. Use your CMS login", "ADMIN");
}
// Directly access the session variable just in case the Group or Member tables don't yet exist
if(Session::get('loggedInAs') && Security::database_is_ready()) {
if($member = Member::currentUser()) {
Cookie::set("PastMember", true);
DB::query("UPDATE Member SET LastVisited = NOW() WHERE ID = $member->ID", null);
}
}
// This is used to test that subordinate controllers are actually calling parent::init() - a common bug
$this->baseInitCalled = true;
}
function basicauthlogin()
{
$member = BasicAuth::requireLogin("SilverStripe login", 'ADMIN');
$member->LogIn();
}
function index($request)
{
// For 2.3 and 2.4 compatibility
$bt = defined('DB::USE_ANSI_SQL') ? "\"" : "`";
BasicAuth::enable();
BasicAuth::requireLogin("CMS RSS feed access. Use your CMS login", "CMS_ACCESS_CMSMain");
$member = $this->getBasicAuthMember();
// Due to a bug in 2.3.0 we can't get the information that we need from $request
$params = Director::urlParams();
// Default value
if (!isset($params['Data']) || !$params['Data']) {
$params['Data'] = 'all';
}
switch ($params['Data']) {
case 'all':
$changes = $this->changes();
break;
case 'page':
if ((int) $params['PageID']) {
$changes = $this->changes("{$bt}SiteTree{$bt}.{$bt}ID{$bt} = " . (int) $params['PageID']);
} else {
return new HTTPResponse("<h1>Bad Page ID</h1><p>Bad page ID when getting RSS feed of changes to a page.</p>", 400);
}
break;
default:
user_error("CMSChangeTracker Data param value '{$params['Data']}' not implemented; this is probably due to a bad URL rule.", E_USER_ERROR);
}
$processedChanges = new DataObjectSet();
foreach ($changes as $change) {
if ($change->canEdit($member)) {
$author = DataObject::get_by_id("Member", $change->AuthorID);
$verbed = $change->Version == 1 ? "created" : "edited";
if ($author) {
$changeTitle = "'{$change->Title}' {$verbed} by {$author->FirstName} {$author->Surname}";
$changeAuthor = "{$author->FirstName} {$author->Surname}";
$firstParagraph = "{$author->FirstName} {$author->Surname} (<a href=\"mailto:{$author->Email}\">{$author->Email}</a>) has {$verbed} the '{$change->Title}' page.";
} else {
$changeTitle = "'{$change->Title}' {$verbed}";
$changeAuthor = "";
$firstParagraph = "The '{$change->Title}' page has been {$verbed}.";
}
$actionLinks = "";
$cmsLink = Director::absoluteURL("admin/show/{$change->ID}");
$actionLinks .= "<li><a href=\"{$cmsLink}\">Edit in CMS</a></li>\n";
$page = DataObject::get_by_id('SiteTree', $change->ID);
if ($page) {
$link = $page->AbsoluteLink();
$actionLinks .= "<li><a href=\"{$link}\">See the page on site</a></li>\n";
}
if ($change->Version > 1) {
$prevVersion = $change->Version - 1;
$diffLink = Director::absoluteURL("admin/compareversions/{$change->ID}/?From={$prevVersion}&To={$change->Version}");
$actionLinks .= "<li><a href=\"{$diffLink}\">See the changes in CMS</a></li>\n";
}
$changeDescription = <<<HTML
<p>{$firstParagraph}</p>
<h3>Actions and links</h3>
<ul>
\t{$actionLinks}
</ul>
HTML;
$processedChange = new CMSChangeTracker_Change(array("ChangeTitle" => $changeTitle, "Author" => $changeAuthor, "Content" => $changeDescription, "Link" => $change->Link() . "version/{$change->Version}"));
$processedChanges->push($processedChange);
}
}
$feed = new RSSFeed($processedChanges, Director::absoluteURL("admin/"), "SilverStripe Content Changes", "", "ChangeTitle");
return $feed->outputToBrowser();
}
/**
* This function will return true if the site is in a test environment.
* For information about environment types, see {@link Director::set_environment_type()}.
*/
static function isTest()
{
// Use ?isTest=1 to get test access on the live server, or explicitly set your environment
if (isset($_GET['isTest'])) {
if (Security::database_is_ready()) {
BasicAuth::requireLogin("SilverStripe developer access. Use your CMS login", "ADMIN");
$_SESSION['isTest'] = $_GET['isTest'];
} else {
return true;
}
}
if (self::isDev()) {
return false;
}
if (self::$environment_type) {
return self::$environment_type == 'test';
}
// Check if we are running on one of the test servers
if (isset($_SERVER['HTTP_HOST']) && in_array($_SERVER['HTTP_HOST'], Director::$test_servers)) {
return true;
}
return false;
}
/**
* Initialisation function that is run before any action on the controller is called.
*/
function init()
{
// Test and development sites should be secured, via basic-auth
if (ClassInfo::hasTable("Group") && ClassInfo::hasTable("Member") && Director::isTest() && $this->basicAuthEnabled) {
BasicAuth::requireLogin("SilverStripe test website. Use your CMS login", "ADMIN");
}
//
Cookie::set("PastVisitor", true);
// ClassInfo::hasTable() called to ensure that we're not in a very-first-setup stage
if (ClassInfo::hasTable("Group") && ClassInfo::hasTable("Member") && ($member = Member::currentUser())) {
Cookie::set("PastMember", true);
DB::query("UPDATE Member SET LastVisited = NOW() WHERE ID = {$member->ID}", null);
}
// This is used to test that subordinate controllers are actually calling parent::init() - a common bug
$this->baseInitCalled = true;
}
/**
* Enable basic auth on the API
*/
public function init()
{
$this->member = BasicAuth::requireLogin('Deploynaut API');
parent::init();
}
/**
* Requires user to be logged in (via BasicAuth if not already logged in).
* @return SS_HTTPResponse|void
*/
public function init()
{
BasicAuth::requireLogin('Please login');
parent::init();
}
/**
* This function will return true if the site is in a test environment.
* For information about environment types, see {@link Director::set_environment_type()}.
*
* @param $skipDatabase Skips database checks for current login permissions if set to TRUE,
* which is useful for checks happening before the database is functional.
*/
public static function isTest($skipDatabase = false)
{
// Use ?isTest=1 to get test access on the live server, or explicitly set your environment
if (!$skipDatabase && isset($_GET['isTest'])) {
if (Security::database_is_ready()) {
BasicAuth::requireLogin("SilverStripe developer access. Use your CMS login", "ADMIN");
$_SESSION['isTest'] = $_GET['isTest'];
} else {
return true;
}
}
if (self::isDev($skipDatabase)) {
return false;
}
if (Config::inst()->get('Director', 'environment_type')) {
return Config::inst()->get('Director', 'environment_type') == 'test';
}
// Check if we are running on one of the test servers
$testServers = (array) Config::inst()->get('Director', 'test_servers');
if (isset($_SERVER['HTTP_HOST']) && in_array($_SERVER['HTTP_HOST'], $testServers)) {
return true;
}
return false;
}
/**
* This function will return true if the site is in a development environment.
* For information about environment types, see {@link Director::set_environment_type()}.
*/
static function isDev()
{
if (self::$environment_type) {
return self::$environment_type == 'dev';
}
// Use ?isDev=1 to get development access on the live server
if (isset($_GET['isDev'])) {
if (ClassInfo::ready()) {
BasicAuth::requireLogin("SilverStripe developer access. Use your CMS login", "ADMIN");
$_SESSION['isDev'] = $_GET['isDev'];
} else {
return true;
}
}
if (isset($_SESSION['isDev']) && $_SESSION['isDev']) {
return true;
}
// Check if we are running on one of the development servers
if (in_array($_SERVER['HTTP_HOST'], Director::$dev_servers)) {
return true;
}
/*
// Check if we are running on one of the test servers
if(in_array($_SERVER['HTTP_HOST'], Director::$test_servers)) {
return true;
}
*/
return false;
}
/**
* @param null|int|Member $member
* @param string $permission
*
* @return bool
*
* @throws SS_HTTPResponse_Exception
*/
function canAccess($member = null, $permission = "ADMIN")
{
if (!$member) {
$member = Member::currentUser();
}
if (!$member) {
$member = BasicAuth::requireLogin('Environment Checker', $permission, false);
}
// We allow access to this controller regardless of live-status or ADMIN permission only
// if on CLI. Access to this controller is always allowed in "dev-mode", or of the user is ADMIN.
if (Director::isDev() || Director::is_cli() || empty($permission) || Permission::checkMember($member, $permission)) {
return true;
}
// Extended access checks.
// "Veto" style, return NULL to abstain vote.
$canExtended = null;
$results = $this->extend('canAccess', $member);
if ($results && is_array($results)) {
if (!min($results)) {
return false;
} else {
return true;
}
}
return false;
}
