Is the given module allowed for the current user
public static isAllowedModule ( string $module ) : boolean | ||
$module | string | The module to check for. |
Résultat | boolean |
private function getAllowedModule() { // create filter with modules which may not be displayed $filter = array('Authentication', 'Error', 'Core'); // get all modules $modules = array_diff(BackendModel::getModules(), $filter); $allowedModule = false; if (BackendAuthentication::isAllowedModule('Dashboard')) { $allowedModule = 'Dashboard'; } else { foreach ($modules as $module) { if (BackendAuthentication::isAllowedModule($module)) { $allowedModule = $module; break; } } } return $allowedModule; }
/** * Process a regular request * * @param string $module The requested module. * @param string $action The requested action. * @param string $language The requested language. */ private function processRegularRequest($module, $action, $language) { // the person isn't logged in? or the module doesn't require authentication if (!Authentication::isLoggedIn() && !Authentication::isAllowedModule($module)) { // redirect to login $this->redirect('/' . NAMED_APPLICATION . '/' . $language . '/authentication?querystring=' . rawurlencode('/' . $this->getQueryString())); } elseif (Authentication::isLoggedIn() && !Authentication::isAllowedModule($module)) { // the person is logged in, but doesn't have access to our action // if the module is the dashboard redirect to the first allowed module if ($module == 'Dashboard') { // require navigation-file require_once Navigation::getCacheDirectory() . 'navigation.php'; // loop the navigation to find the first allowed module foreach ($navigation as $value) { // split up chunks list($module, $action) = explode('/', $value['url']); // user allowed? if (Authentication::isAllowedModule($module)) { // redirect to the page $this->redirect('/' . NAMED_APPLICATION . '/' . $language . '/' . $value['url']); } else { if (array_key_exists('children', $value)) { foreach ($value['children'] as $subItem) { // split up chunks list($module, $action) = explode('/', $subItem['url']); // user allowed? if (Authentication::isAllowedModule($module)) { $finder = new Finder(); $files = $finder->files()->name('*.php')->in(BACKEND_MODULES_PATH . '/' . \SpoonFilter::toCamelCase($module) . '/Actions'); foreach ($files as $file) { $moduleAction = mb_substr($file->getFilename(), 0, -4); if (Authentication::isAllowedAction($moduleAction, $module)) { $this->redirect('/' . NAMED_APPLICATION . '/' . $language . '/' . $module . '/' . $moduleAction); } } } } } } } } // the user doesn't have access, redirect to error page $this->redirect('/' . NAMED_APPLICATION . '/' . $language . '/error?type=module-not-allowed&querystring=' . rawurlencode('/' . $this->getQueryString()), 307); } elseif (!Authentication::isAllowedAction($action, $module)) { // the user hasn't access, redirect to error page $this->redirect('/' . NAMED_APPLICATION . '/' . $language . '/error?type=action-not-allowed&querystring=' . rawurlencode('/' . $this->getQueryString()), 307); } else { // set the working language, this is not the interface language BackendLanguage::setWorkingLanguage($language); $this->setLocale(); $this->setModule($module); $this->setAction($action); } }
/** * Clean the navigation * * @param array $navigation The navigation array. * @return array */ private function cleanup(array $navigation) { foreach ($navigation as $key => $value) { $allowedChildren = array(); $allowed = true; if (!isset($value['url']) || !isset($value['label'])) { $allowed = false; } list($module, $action) = explode('/', $value['url']); $module = \SpoonFilter::toCamelCase($module); $action = \SpoonFilter::toCamelCase($action); if (!Authentication::isAllowedModule($module)) { $allowed = false; } if (!Authentication::isAllowedAction($action, $module)) { $allowed = false; } if (isset($value['children']) && is_array($value['children']) && !empty($value['children'])) { foreach ($value['children'] as $keyB => $valueB) { $allowed = true; $allowedChildrenB = array(); if (!isset($valueB['url']) || !isset($valueB['label'])) { $allowed = false; } list($module, $action) = explode('/', $valueB['url']); $module = \SpoonFilter::toCamelCase($module); $action = \SpoonFilter::toCamelCase($action); if (!Authentication::isAllowedModule($module)) { $allowed = false; } if (!Authentication::isAllowedAction($action, $module)) { $allowed = false; } // has children if (isset($valueB['children']) && is_array($valueB['children']) && !empty($valueB['children'])) { // loop children foreach ($valueB['children'] as $keyC => $valueC) { $allowed = true; if (!isset($valueC['url']) || !isset($valueC['label'])) { $allowed = false; } list($module, $action) = explode('/', $valueC['url']); $module = \SpoonFilter::toCamelCase($module); $action = \SpoonFilter::toCamelCase($action); if (!Authentication::isAllowedModule($module)) { $allowed = false; } if (!Authentication::isAllowedAction($action, $module)) { $allowed = false; } if (!$allowed) { unset($navigation[$key]['children'][$keyB]['children'][$keyC]); continue; } elseif (!in_array($navigation[$key]['children'][$keyB]['children'][$keyC], $allowedChildrenB)) { // store allowed children $allowedChildrenB[] = $navigation[$key]['children'][$keyB]['children'][$keyC]; } } } if (!$allowed && empty($allowedChildrenB)) { // error occurred and no allowed children on level B unset($navigation[$key]['children'][$keyB]); continue; } elseif (!in_array($navigation[$key]['children'][$keyB], $allowedChildren)) { // store allowed children on level B $allowedChildren[] = $navigation[$key]['children'][$keyB]; } // assign new base url for level B if (!empty($allowedChildrenB)) { $navigation[$key]['children'][$keyB]['url'] = $allowedChildrenB[0]['url']; } } } // error occurred and no allowed children if (!$allowed && empty($allowedChildren)) { unset($navigation[$key]); continue; } elseif (!empty($allowedChildren)) { $allowed = true; list($module, $action) = explode('/', $allowedChildren[0]['url']); if (!Authentication::isAllowedModule($module)) { $allowed = false; } if (!Authentication::isAllowedAction($action, $module)) { $allowed = false; } if ($allowed) { $navigation[$key]['url'] = $allowedChildren[0]['url']; } else { $child = reset($navigation[$key]['children']); $navigation[$key]['url'] = $child['url']; } } } return $navigation; }
/** * Load the data */ private function loadData() { $modules = BackendModel::getModules(); $userSequence = BackendAuthentication::getUser()->getSetting('dashboard_sequence'); $fs = new Filesystem(); // user sequence does not exist? if (!isset($userSequence)) { // get group ID of user $groupId = BackendAuthentication::getUser()->getGroupId(); // get group preset $userSequence = BackendGroupsModel::getSetting($groupId, 'dashboard_sequence'); } // loop all modules foreach ($modules as $module) { // build pathName $pathName = BACKEND_MODULES_PATH . '/' . $module; // you have sufficient rights? if (BackendAuthentication::isAllowedModule($module) && $fs->exists($pathName . '/Widgets')) { $finder = new Finder(); $finder->name('*.php'); // loop widgets foreach ($finder->files()->in($pathName . '/Widgets') as $file) { /** @ver $file \SplFileInfo */ $widgetName = $file->getBaseName('.php'); $className = 'Backend\\Modules\\' . $module . '\\Widgets\\' . $widgetName; if ($module == 'Core') { $className = 'Backend\\Core\\Widgets\\' . $widgetName; } if (!class_exists($className)) { throw new BackendException('The widgetfile ' . $className . ' could not be found.'); } // present? $present = isset($userSequence[$module][$widgetName]['present']) ? $userSequence[$module][$widgetName]['present'] : false; // if not present, continue if (!$present) { continue; } // create instance /** @var $instance BackendBaseWidget */ $instance = new $className($this->getKernel()); // has rights if (!$instance->isAllowed()) { continue; } // hidden? $hidden = isset($userSequence[$module][$widgetName]['hidden']) ? $userSequence[$module][$widgetName]['hidden'] : false; // execute instance if it is not hidden if (!$hidden) { $instance->execute(); } // user sequence provided? $column = isset($userSequence[$module][$widgetName]['column']) ? $userSequence[$module][$widgetName]['column'] : $instance->getColumn(); $position = isset($userSequence[$module][$widgetName]['position']) ? $userSequence[$module][$widgetName]['position'] : $instance->getPosition(); $title = \SpoonFilter::ucfirst(BL::lbl(\SpoonFilter::toCamelCase($module))) . ': ' . BL::lbl(\SpoonFilter::toCamelCase($widgetName)); $templatePath = $instance->getTemplatePath(); // reset template path if ($templatePath == null) { $templatePath = BACKEND_PATH . '/Modules/' . $module . '/Layout/Widgets/' . $widgetName . '.tpl'; } // build item $item = array('template' => $templatePath, 'module' => $module, 'widget' => $widgetName, 'title' => $title, 'hidden' => $hidden); // add on new position if no position is set or if the position is already used if ($position === null || isset($this->widgets[$column][$position])) { $this->widgets[$column][] = $item; } else { // add on requested position $this->widgets[$column][$position] = $item; } } } } // sort the widgets foreach ($this->widgets as &$column) { ksort($column); } }
/** * Set the module * * @param string $module The module to load. * @throws Exception If module is not allowed */ public function setModule($module) { // is this module allowed? if (!Authentication::isAllowedModule($module)) { // set correct headers header('HTTP/1.1 403 Forbidden'); // throw exception throw new Exception('Module not allowed.'); } // set property $this->module = $module; }
/** * Get the widgets */ private function getWidgets() { $finder = new Finder(); $finder->name('*.php')->in(BACKEND_MODULES_PATH . '/*/Widgets'); foreach ($finder->files() as $file) { $module = $file->getPathInfo()->getPathInfo()->getBasename(); if (BackendAuthentication::isAllowedModule($module)) { $widgetName = $file->getBasename('.php'); $class = 'Backend\\Modules\\' . $module . '\\Widgets\\' . $widgetName; if (class_exists($class)) { // add to array $this->widgetInstances[] = array('module' => $module, 'widget' => $widgetName, 'className' => $class); // create reflection class $reflection = new \ReflectionClass($class); $phpDoc = trim($reflection->getDocComment()); if ($phpDoc != '') { $offset = strpos($reflection->getDocComment(), '*', 7); $description = substr($reflection->getDocComment(), 0, $offset); $description = str_replace('*', '', $description); $description = trim(str_replace('/', '', $description)); } else { $description = ''; } // check if model file exists $pathName = $file->getPathInfo()->getPathInfo()->getRealPath(); if (is_file($pathName . '/engine/model.php')) { // require model require_once $pathName . '/engine/model.php'; } // add to array $this->widgets[] = array('checkbox_name' => \SpoonFilter::toCamelCase($module) . \SpoonFilter::toCamelCase($widgetName), 'module_name' => $module, 'label' => \SpoonFilter::toCamelCase($widgetName), 'value' => $widgetName, 'description' => $description); } } } }
/** * Set the module * * @param string $module The module to load. * @throws Exception If module is not allowed */ public function setModule($module) { // is this module allowed? if (!Authentication::isAllowedModule($module)) { // set correct headers \SpoonHTTP::setHeadersByCode(403); // throw exception throw new Exception('Module not allowed.'); } // set property $this->module = $module; }
/** * Load the data */ private function loadData() { $modules = BackendModel::getModules(); $filesystem = new Filesystem(); // fetch the hidden widgets for all groups the user is in $hiddenWidgets = []; $userGroups = BackendAuthentication::getUser()->getGroups(); $groupCount = count($userGroups); foreach ($userGroups as $group) { foreach (BackendGroupsModel::getSetting($group, 'hidden_on_dashboard') as $module => $widgets) { foreach ($widgets as $widget) { $hiddenWidgets[] = $module . $widget; } } } // only widgets hidden for all user groups should really be hidden $hiddenWidgets = array_count_values($hiddenWidgets); $hiddenWidgets = array_filter($hiddenWidgets, function ($hiddenCount) use($groupCount) { return $hiddenCount === $groupCount; }); // loop all modules foreach ($modules as $module) { // build pathName $pathName = BACKEND_MODULES_PATH . '/' . $module; // you have sufficient rights? if (BackendAuthentication::isAllowedModule($module) && $filesystem->exists($pathName . '/Widgets')) { $finder = new Finder(); $finder->name('*.php'); // loop widgets foreach ($finder->files()->in($pathName . '/Widgets') as $file) { /** @ver $file \SplFileInfo */ $widgetName = $file->getBasename('.php'); $className = 'Backend\\Modules\\' . $module . '\\Widgets\\' . $widgetName; if ($module == 'Core') { $className = 'Backend\\Core\\Widgets\\' . $widgetName; } // if the widget is hidden for all the users groups, don't render it if (array_key_exists($module . $widgetName, $hiddenWidgets)) { continue; } if (!class_exists($className)) { throw new BackendException('The widgetfile ' . $className . ' could not be found.'); } // create instance /** @var $instance BackendBaseWidget */ $instance = new $className($this->getKernel()); // has rights if (!$instance->isAllowed()) { continue; } $instance->execute(); // user sequence provided? $title = \SpoonFilter::ucfirst(BL::lbl(\SpoonFilter::toCamelCase($module))) . ': ' . BL::lbl(\SpoonFilter::toCamelCase($widgetName)); $templatePath = $instance->getTemplatePath(); // reset template path if ($templatePath == null) { $templatePath = '/' . $module . '/Layout/Widgets/' . $widgetName . '.html.twig'; } $templating = $this->get('template'); $content = trim($templating->getContent($templatePath)); if (empty($content)) { continue; } // build item $item = array('content' => $content, 'module' => $module, 'widget' => $widgetName, 'title' => $title); // add on new position if no position is set or if the position is already used $this->widgets[] = $item; } } } }