// force single entityId into an array $array = array($entityId); // update pointer $entityId = $array; } try { $bp = BlueprintReader::read($entitySignature); $dao = new EntityDAO($bp); $failures = 0; foreach ($entityId as $id) { $xmlDelete = $xmlAttempts->addChild("delete"); $xmlDelete->addAttribute("signature", $entitySignature); $xmlDelete->addAttribute("id", $id); try { // Make sure the user has permission to perform this action if (BPConfig::$guardian_enable !== true || Guardian::authorize(Session::user(BPConfig::$guardian_identity_session_key), "DELETE", $bp->getKey(), $id)) { $dao->delete($id); $xmlDelete->addChild("status", "success"); $xmlDelete->addChild("message", "Entity was deleted successfully."); $xmlDelete->addChild("html", "Deleted " . $entitySignature . " with ID#" . $id); } else { Log::warning("* Guardian denied access to delete " . $bp->getKey() . " with ID {$id}"); $failures++; $xmlDelete->addChild("message", "Access denied."); $xmlDelete->addChild("html", "Access to delete " . $entitySignature . " with ID#" . $id . " was denied."); } } catch (Exception $e) { Log::error("* Caught Exception: " . $e->getMessage()); $failures++; $xmlDelete->addChild("status", "error"); $xmlDelete->addChild("message", "Caught Exception: " . htmlentities($e->getMessage()));
// Add entityId to $params ?necessary? $params["entityId"] = $entityId; } // ? Only test Guardian auth() if entityId is defined // ? Or, add a new META accessType to <AccessGroup> // ... test for META access when entityId is not defined // Make sure the user has permission to access this resource $flag_guardian_access_approved = false; list($bpKey) = explode(".", $entitySignature); if (BPConfig::$guardian_enable === false) { $flag_guardian_access_approved = true; } else { if (empty($entityId) && Guardian::authorize(Session::user(BPConfig::$guardian_identity_session_key), "META", $bpKey, null)) { $flag_guardian_access_approved = true; } else { if (Guardian::authorize(Session::user(BPConfig::$guardian_identity_session_key), "SELECT", $bpKey, $entityId)) { $flag_guardian_access_approved = true; } else { // No access to this resource } } } if ($flag_guardian_access_approved) { switch ($view) { case "xml": // Render XML $xmlRendering = DraftingDesk::renderForm("FormXMLDrafter", $entitySignature, $formSignature, $params); // Prepare response $xml->addChild("status", "success"); $xml->addChild("message", "Successfully rendered a form as xml"); $xml->addChild("xml", $xmlRendering);
* Login Page * ---------- * * [1]. manager/login * */ Route::accept($config->manager->slug . '/login', function () use($config, $speak) { if (!File::exist(File::D(__DIR__) . DS . 'launch.php')) { Shield::abort('404-manager'); } if (Guardian::happy()) { Guardian::kick($config->manager->slug . '/article'); } Config::set(array('page_title' => $speak->log_in . $config->title_separator . $config->title, 'cargo' => 'cargo.login.php')); include __DIR__ . DS . 'cargo.php'; if ($request = Request::post()) { Guardian::authorize()->kick(isset($request['kick']) ? $request['kick'] : $config->manager->slug . '/article'); } Shield::attach('manager-login'); }, 20); /** * Logout Page * ----------- * * [1]. manager/logout * */ Route::accept($config->manager->slug . '/logout', function () use($config, $speak) { Notify::success(ucfirst(strtolower($speak->logged_out)) . '.'); Guardian::reject()->kick($config->manager->slug . '/login'); }, 21);
} else { Log::warning("* Guardian denied access to update " . $entityBP->getKey() . " with ID {$entityId}"); $responseNode->appendChild($dom->createElement("status", "error")); $responseNode->appendChild($dom->createElement("message", "Access Denied")); } } catch (Exception $e) { $responseNode->appendChild($dom->createElement("status", "error")); $responseNode->appendChild($dom->createElement("message", "Caught Exception : " . $e->getMessage())); } } else { /* // Insert a new Entity */ try { // Make sure the user has permission to perform this action if (BPConfig::$guardian_enable !== true || Guardian::authorize(Session::user(BPConfig::$guardian_identity_session_key), "INSERT", $entityBP->getKey(), null)) { $insertId = $dao->insert($entity); $entity->setId($insertId); $responseNode->appendChild($dom->createElement("status", "success")); $responseNode->appendChild($dom->createElement("message", "Inserted {$entitySignature} ({$insertId})")); } else { Log::warning("* Guardian denied access to insert new " . $entityBP->getKey()); $responseNode->appendChild($dom->createElement("status", "error")); $responseNode->appendChild($dom->createElement("message", "Access Denied")); } } catch (Exception $e) { $responseNode->appendChild($dom->createElement("status", "error")); $responseNode->appendChild($dom->createElement("message", "Caught Exception : " . $e->getMessage())); } } } else {