/** * This event handler lists all activated modules with the description * of each module. * * @access public * @param \Zepi\Turbo\Framework $framework * @param \Zepi\Turbo\Request\WebRequest $request * @param \Zepi\Turbo\Response\Response $response */ public function execute(Framework $framework, WebRequest $request, Response $response, $value = null) { // Get the route params $type = $request->getRouteParam('type'); // Type of the asset $hash = $request->getRouteParam('hash'); // Hash of the asset $version = $request->getRouteParam('version'); // Version of the file // Check if all values are available if ($type == false || $hash == false || $version == false) { $response->setOutput('/** Zepi Assets Manager: Malformed request! */'); return; } // If the file isn't cached display nothing if (!$this->assetCacheManager->isCached($type, $hash, $version)) { $response->setOutput('/** Zepi Assets Manager: Not cached! */'); return; } // Load the content $content = $this->assetCacheManager->getAssetContent($type, $hash, $version); if ($content === '') { $content = '/** Zepi Assets Manager: File is empty or does not exists! */'; } $this->deliverContent($response, $type, $hash, $version, $content); }
/** * Displays the administration overview page * * @access public * @param \Zepi\Turbo\Framework $framework * @param \Zepi\Turbo\Request\WebRequest $request * @param \Zepi\Turbo\Response\Response $response */ public function execute(Framework $framework, WebRequest $request, Response $response) { // Redirect if the user hasn't a valid session if (!$request->hasSession()) { $response->redirectTo('/'); return; } // Prepare the page $this->setTitle($this->translate('Administration', '\\Zepi\\Web\\General')); $menuEntry = $this->activateMenuEntry(); // Generate the overview page $overviewPage = $this->getOverviewPageRenderer()->render($framework, $menuEntry); // Display the overview page $response->setOutput($this->render('\\Zepi\\Web\\General\\Templates\\Administration', array('overviewPage' => $overviewPage))); }
/** * Deletes a cluster in the database * * @access public * @param \Zepi\Turbo\Framework $framework * @param \Zepi\Turbo\Request\WebRequest $request * @param \Zepi\Turbo\Response\Response $response */ public function execute(Framework $framework, WebRequest $request, Response $response) { $title = $this->translate('Activate account', '\\Zepi\\Web\\AccessControl'); // Prepare the page $this->setTitle($title); // Get the cluster $uuid = $request->getRouteParam('uuid'); $activationToken = $request->getRouteParam('token'); // Activate the user $result = array('result' => false, 'message' => $this->translate('Wrong request parameters.', '\\Zepi\\Web\\AccessControl')); if ($uuid != false && $activationToken != false) { $result = $this->activateUser($uuid, $activationToken); } // Display the result $response->setOutput($this->render('\\Zepi\\Web\\AccessControl\\Templates\\Activation', array('result' => $result))); }
/** * Registers the menu entries which are only accessable if the user is logged in * or not logged in, in example login or logout menu entry. * * @access public * @param \Zepi\Turbo\Framework $framework * @param \Zepi\Turbo\Request\WebRequest $request * @param \Zepi\Turbo\Response\Response $response */ public function execute(Framework $framework, WebRequest $request, Response $response) { if ($request->hasSession()) { $profileMenuEntry = new \Zepi\Web\General\Entity\MenuEntry('profile', $this->translate('Profile', '\\Zepi\\Web\\AccessControl'), 'profile', 'mdi-person'); $this->getMenuManager()->addMenuEntry('menu-right', $profileMenuEntry, 90); // Add the hidden user settings menu entry $userSettingsSubMenuEntry = new \Zepi\Web\General\Entity\HiddenMenuEntry($this->translate('User settings', '\\Zepi\\Web\\AccessControl')); $profileMenuEntry->addChild($userSettingsSubMenuEntry); // Add the hidden change password menu entry $changePasswordSubMenuEntry = new \Zepi\Web\General\Entity\HiddenMenuEntry($this->translate('Change password', '\\Zepi\\Web\\AccessControl'), 'profile/change-password', 'mdi-vpn-key'); $userSettingsSubMenuEntry->addChild($changePasswordSubMenuEntry); // Add the logout menu entry $menuEntry = new \Zepi\Web\General\Entity\MenuEntry('logout', $this->translate('Logout', '\\Zepi\\Web\\AccessControl'), 'logout', 'glyphicon-log-out'); $this->getMenuManager()->addMenuEntry('menu-right', $menuEntry, 100); } else { if ($this->getSetting('accesscontrol.allowRegistration')) { $menuEntry = new \Zepi\Web\General\Entity\MenuEntry('registration', $this->translate('Registration', '\\Pmx\\Autopilot\\AccessControl'), '/register/', 'mdi-account-circle'); $this->getMenuManager()->addMenuEntry('menu-right', $menuEntry); } $menuEntry = new \Zepi\Web\General\Entity\MenuEntry('login', $this->translate('Login', '\\Zepi\\Web\\AccessControl'), 'login', 'glyphicon-log-in'); $this->getMenuManager()->addMenuEntry('menu-right', $menuEntry, 100); } }
/** * Displays the edit user form and saves the data to the database. * * @access public * @param \Zepi\Turbo\Framework $framework * @param \Zepi\Turbo\Request\WebRequest $request * @param \Zepi\Turbo\Response\Response $response */ public function execute(Framework $framework, WebRequest $request, Response $response) { // Prepare the page $additionalTitle = $this->translate('Delete group', '\\Zepi\\Web\\AccessControl'); $title = $this->translate('Group management', '\\Zepi\\Web\\AccessControl'); $this->activateMenuEntry('group-administration'); $this->setTitle($title, $additionalTitle); // Get the user $uuid = $request->getRouteParam('uuid'); // If the UUID does not exists redirect to the overview page if (!is_string($uuid) || !$this->groupManager->hasGroupForUuid($uuid)) { $response->redirectTo($request->getFullRoute('/administration/groups/')); return; } $group = $this->groupManager->getGroupForUuid($uuid); // If $result isn't true, display the edit user form if ($request->getRouteParam('confirmation') === 'confirmed') { $this->groupManager->deleteGroup($group); $response->setOutput($this->render('\\Zepi\\Web\\AccessControl\\Templates\\Administration\\DeleteGroupFinished', array('group' => $group))); } else { // Display the delete user confirmation $response->setOutput($this->render('\\Zepi\\Web\\AccessControl\\Templates\\Administration\\DeleteGroup', array('group' => $group))); } }
/** * Returns true if the session data has the needed * token data * * @param string $token * @return boolean */ protected function hasValidSessionData(WebRequest $request, $token) { return $request->getSessionData('dt-class-' . $token) !== false && $request->getSessionData('dt-time-' . $token) !== false; }
/** * Send the api result to the client * * @access public * @param \Zepi\Turbo\Request\WebRequest $request * @param \Zepi\Turbo\Response\Response $response * @param array $result */ public function sendResponse(WebRequest $request, Response $response, $result) { $dataType = $request->getHeader('Accept'); switch ($dataType) { case 'text/xml': $xml = new \SimpleXMLElement('<root/>'); $this->fillXml($xml, $result); $result = $xml->asXML(); if ($result === false) { $result = ''; } $response->sendHeader('Content-Type: text/xml'); $response->setOutput($result); break; case 'application/json': default: $response->sendHeader('Content-Type: application/json'); $response->setOutput(json_encode($result)); break; } }
/** * Regenerates the session. It makes the old session id obsolete and generates a new * session id. * * @access protected * @param \Zepi\Turbo\Request\WebRequest $request */ protected function regenerateSession(WebRequest $request) { // Let the old session expire... $request->setSessionData('isObsolete', true); $request->setSessionData('maxLifetime', time() + 60); // Regenerate the session id but don't delete the old one session_regenerate_id(false); // Get the new session id $newSessionId = session_id(); // Close both sessions to free them for other requests session_write_close(); // Start the session with the new id session_id($newSessionId); session_start(); // Delete the temporary session data $request->deleteSessionData('isObsolete'); $request->deleteSessionData('maxLifetime'); }
/** * Changes the password for the logged in user. * * @access protected * @param \Zepi\Turbo\Request\WebRequest $request * @param \Zepi\Web\AccessControl\Entity\User $user */ protected function saveUser(WebRequest $request, User $user) { $formValues = $this->layout->getFormValues(); // Set the username $user->setName($formValues['required-data.username']); // Set the password to a new user or if the user has changed the password if ($user->isNew() || $formValues['required-data.password'] != '') { $user->setNewPassword($formValues['required-data.password']); } // Set the optional data $user->setMetaData('email', $formValues['optional-data.email']); $user->setMetaData('location', $formValues['optional-data.location']); $user->setMetaData('website', $formValues['optional-data.website']); $user->setMetaData('twitter', $formValues['optional-data.twitter']); $user->setMetaData('biography', $formValues['optional-data.biography']); // Save the user if ($user->isNew()) { $user = $this->userManager->addUser($user); } else { $this->userManager->updateUser($user); } if ($user === false) { return false; } // Save the access levels $this->accessControlManager->updatePermissions($user, $formValues['access-levels'], $request->getSession()->getUser()); return true; }
/** * Generates the csrf key and token and saves them * in the session data. * * @access public * @param \Zepi\Turbo\Request\WebRequest $request * @return array */ public function generateCsrfToken(WebRequest $request) { $key = 'csrf-' . $this->generateHash(32); $token = $this->generateHash(128); $request->setSessionData($key, $token); return array('key' => $key, 'token' => $token); }
/** * Generates a DataRequest object * * @access protected * @param \Zepi\Turbo\Request\WebRequest $request * @param \Zepi\Web\UserInterface\Table\TableAbstract $table * @param false|integer $numberOfEntries * @return \Zepi\Web\UserInterface\Table\DataRequest */ protected function generateDataRequest(WebRequest $request, TableAbstract $table, $numberOfEntries) { $sortBy = 'name'; $sortByDirection = 'ASC'; // If the session has a data request object for the table, load it and refresh the data. $savedDataRequestKey = get_class($table) . '.DataRequest.Saved'; $dataRequest = false; if ($table->shouldSaveDataRequest() && $request->getSessionData($savedDataRequestKey) !== false) { $dataRequest = unserialize($request->getSessionData($savedDataRequestKey)); } // Check if the data request is valid if ($dataRequest === false) { $dataRequest = new DataRequest(1, $numberOfEntries, $sortBy, $sortByDirection); } // Save the data request to the session if needed if ($table->shouldSaveDataRequest()) { $request->setSessionData($savedDataRequestKey, serialize($dataRequest)); } return $dataRequest; }
/** * Returns the Form object for the login form * * @access protected * @param \Zepi\Turbo\Framework $framework * @param \Zepi\Turbo\Request\WebRequest $request * @param \Zepi\Turbo\Response\Response $response * @return \Zepi\Web\UserInterface\Form\Form */ protected function createForm(Framework $framework, WebRequest $request, Response $response) { // Create the form $form = new Form('login', $request->getFullRoute('login'), 'post'); // Add the user data group $errorBox = new ErrorBox('login-errors', 1); $form->addPart($errorBox); $origin = ''; if ($request->hasParam('_origin')) { $origin = $request->getParam('_origin'); } $helpText = ''; if ($this->getSetting('accesscontrol.allowRenewPassword')) { $helpText = $this->translate('Lost your password? <a href="%link%">Renew it here.</a>', '\\Zepi\\Web\\AccessControl', array('link' => $request->getFullRoute('request-new-password'))); } // Add the user data group $group = new Group('user-data', $this->translate('User data', '\\Zepi\\Web\\AccessControl'), array(new Text('username', $this->translate('Username', '\\Zepi\\Web\\AccessControl'), true), new Password('password', $this->translate('Password', '\\Zepi\\Web\\AccessControl'), true, '', $helpText), new Hidden('origin', $origin)), 10); $form->addPart($group); // Add the submit button $buttonGroup = new ButtonGroup('buttons', array(new Submit('submit', $this->translate('Login', '\\Zepi\\Web\\AccessControl'))), 100); $form->addPart($buttonGroup); return $form; }
/** * Returns the Form object for the change password form * * @access protected * @param \Zepi\Turbo\Framework $framework * @param \Zepi\Turbo\Request\WebRequest $request * @param \Zepi\Turbo\Response\Response $response * @return \Zepi\Web\UserInterface\Form\Form */ protected function createForm(Framework $framework, WebRequest $request, Response $response) { // Create the form $form = new Form('change-password', $request->getFullRoute('profile/change-password'), 'post'); // Add the user data group $errorBox = new ErrorBox('login-errors', 1); $form->addPart($errorBox); // Add the user data group $group = new Group('change-password', $this->translate('Please insert your old and your new password', '\\Zepi\\Web\\AccessControl'), array(new Password('old-password', $this->translate('Old password', '\\Zepi\\Web\\AccessControl'), true), new Password('new-password', $this->translate('New password', '\\Zepi\\Web\\AccessControl'), true), new Password('new-password-confirmed', $this->translate('Confirm new password', '\\Zepi\\Web\\AccessControl'), true))); $form->addPart($group); // Add the submit button $buttonGroup = new ButtonGroup('buttons', array(new Submit('submit', $this->translate('Change password', '\\Zepi\\Web\\AccessControl'))), 100); $form->addPart($buttonGroup); return $form; }
/** * Verifies a protected menu entry. * * @access protected * @param \Zepi\Web\General\Entity\ProtectedMenuEntry $protectedEntry * @param \Zepi\Turbo\Request\WebRequest $request * @return boolean */ protected function verifyProtectedEntry(ProtectedMenuEntry $protectedEntry, WebRequest $request) { // If the user has no session we do not have to check the permissions if (!$request->hasSession()) { return false; } // If the access level key is empty but the user has a // session everything is fine with this entry. if ($request->hasSession() && $protectedEntry->getAccessLevelKey() === '') { return true; } // Check the permissions if ($request->getSession()->hasAccess($protectedEntry->getAccessLevelKey())) { return true; } // If the user has no access to the database we return false return false; }
/** * Saves the group * * @access protected * @param \Zepi\Turbo\Request\WebRequest $request * @param \Zepi\Web\AccessControl\Entity\EntityGroup $group */ protected function saveGroup(WebRequest $request, EntityGroup $group) { $formValues = $this->layout->getFormValues(); // Set the groupname $group->setName($formValues['required-data.groupname']); // Set the optional data $group->setMetaData('description', $formValues['optional-data.description']); // Save the group if ($group->isNew()) { $group = $this->groupManager->addGroup($group); } else { $this->groupManager->updateGroup($group); } if ($group === false) { return false; } // Save the access levels $accessLevels = $this->cleanAccessLevels($group->getUuid(), $formValues['access-levels']); $this->accessControlManager->updatePermissions($group, $accessLevels, $request->getSession()->getUser()); return true; }