is() public method

Uses the built in detection rules as well as additional rules defined with CakeRequest::addDetector(). Any detector can be called as is($type) or is$Type().
public is ( string | array $type ) : boolean
$type string | array The type of request you want to check. If an array this method will return true if the request matches any type.
return boolean Whether or not the request is the type you are checking.
Esempio n. 1
0
 public function getUser(CakeRequest $request)
 {
     if ($request->is('post') && isset($request->data['password'])) {
         $password = $request->data['password'];
         if ($this->checkPassword($password)) {
             return array('loggedin' => true);
         } else {
             throw new ForbiddenException(__('Wrong Password'));
         }
     }
     return false;
 }
 /**
  * Determines the content type of the data the client has sent (i.e. in a POST request)
  *
  * @param mixed $type Can be null (or no parameter), a string type name, or an array of types
  * @return mixed If a single type is supplied a boolean will be returned.  If no type is provided
  *   The mapped value of CONTENT_TYPE will be returned. If an array is supplied the first type
  *   in the request content type will be returned.
  */
 public function requestedWith($type = null)
 {
     if (!$this->request->is('post') && !$this->request->is('put')) {
         return null;
     }
     list($contentType) = explode(';', env('CONTENT_TYPE'));
     if ($type == null) {
         return $this->mapType($contentType);
     } elseif (is_array($type)) {
         foreach ($type as $t) {
             if ($this->requestedWith($t)) {
                 return $t;
             }
         }
         return false;
     } elseif (is_string($type)) {
         return $type == $this->mapType($contentType);
     }
 }
 /**
  * Ensures that the current request is validated for Authentication
  *
  * @return void
  */
 protected function configureApiAccess()
 {
     if (isset($this->settings['auth']) && !$this->settings['auth']) {
         return true;
     }
     if ($this->hasError()) {
         return;
     }
     // Do not require authentication if the request isn't considered API
     if (!$this->request->is('api')) {
         return;
     }
     // If its a public action, do not enforce API security checks
     if (in_array($this->controller->action, $this->publicActions)) {
         return;
     }
     // If the user has a isAuthorizedApi method, call it and don't check anything else
     if (method_exists($this->controller, 'isAuthorizedApi')) {
         if (!$this->controller->isAuthorizedApi()) {
             throw new ForbiddenException('Permission denied');
         }
         return;
     }
     // Do not enforce authentication if the request is already authenticated
     if ($this->controller->Auth && $this->controller->Auth->user()) {
         return;
     }
     // Get the access token, if any
     $token = ApiUtility::getRequestToken($this->request);
     // Deny access if no AccessToken is provided
     if (empty($token)) {
         throw new ForbiddenException('Permission denied, missing access token');
     }
     // Deny access if the AccessToken isn't valid
     if (!$this->controller->Auth->login()) {
         throw new ForbiddenException('Permission denied, invalid access token');
     }
 }
 /**
  * Generic delete action
  *
  * Triggers the following callbacks
  *	- beforeFind
  *	- recordNotFound
  *	- beforeDelete
  *	- afterDelete
  *
  * @param string $id
  * @return void
  */
 protected function _deleteAction($id = null)
 {
     if (empty($id)) {
         $id = $this->getIdFromRequest();
     }
     $this->_validateId($id);
     if (!$this->_request->is('delete') && !($this->_request->is('post') && false === $this->config('secureDelete'))) {
         $subject = $this->_getSubject(compact('id'));
         $this->_setFlash('invalid_http_request.error');
         return $this->_redirect($subject, $this->_controller->referer(array('action' => 'index')));
     }
     $query = array();
     $query['conditions'] = array($this->_model->escapeField() => $id);
     $findMethod = $this->_getFindMethod(null, 'count');
     $subject = $this->trigger('beforeFind', compact('id', 'query', 'findMethod'));
     $query = $subject->query;
     $count = $this->_model->find($subject->findMethod, $query);
     if (empty($count)) {
         $subject = $this->trigger('recordNotFound', compact('id'));
         $this->_setFlash('find.error');
         return $this->_redirect($subject, $this->_controller->referer(array('action' => 'index')));
     }
     $subject = $this->trigger('beforeDelete', compact('id'));
     if ($subject->stopped) {
         $this->_setFlash('delete.error');
         return $this->_redirect($subject, $this->_controller->referer(array('action' => 'index')));
     }
     if ($this->_model->delete($id)) {
         $this->_setFlash('delete.success');
         $subject = $this->trigger('afterDelete', array('id' => $id, 'success' => true));
     } else {
         $this->_setFlash('delete.error');
         $subject = $this->trigger('afterDelete', array('id' => $id, 'success' => false));
     }
     return $this->_redirect($subject, $this->_controller->referer(array('action' => 'index')));
 }
Esempio n. 5
0
 /**
  * Check if access requires secure connection
  *
  * @param Controller $controller Instantiating controller
  * @return bool True if secure connection required
  */
 protected function _secureRequired(Controller $controller)
 {
     if (is_array($this->requireSecure) && !empty($this->requireSecure)) {
         $requireSecure = $this->requireSecure;
         if (in_array($this->_action, $requireSecure) || $this->requireSecure === array('*')) {
             if (!$this->request->is('ssl')) {
                 if (!$this->blackHole($controller, 'secure')) {
                     return false;
                 }
             }
         }
     }
     return true;
 }
 /**
  * Test is('requested') and isRequested()
  *
  * @return void
  */
 public function testIsRequested()
 {
     $request = new CakeRequest('/posts/index');
     $request->addParams(array('controller' => 'posts', 'action' => 'index', 'plugin' => null, 'requested' => 1));
     $this->assertTrue($request->is('requested'));
     $this->assertTrue($request->isRequested());
     $request = new CakeRequest('/posts/index');
     $request->addParams(array('controller' => 'posts', 'action' => 'index', 'plugin' => null));
     $this->assertFalse($request->is('requested'));
     $this->assertFalse($request->isRequested());
 }
Esempio n. 7
0
/**
 * Performs a delete on given scaffolded Model.
 *
 * @param CakeRequest $request Request for scaffolding
 * @return mixed Success on delete, error if delete fails
 * @throws MethodNotAllowedException When HTTP method is not a DELETE
 * @throws NotFoundException When id being deleted does not exist.
 */
	protected function _scaffoldDelete(CakeRequest $request) {
		if ($this->controller->beforeScaffold('delete')) {
			if (!$request->is('post')) {
				throw new MethodNotAllowedException();
			}
			$id = false;
			if (isset($request->params['pass'][0])) {
				$id = $request->params['pass'][0];
			}
			$this->ScaffoldModel->id = $id;
			if (!$this->ScaffoldModel->exists()) {
				throw new NotFoundException(__d('cake', 'Invalid %s', Inflector::humanize($this->modelClass)));
			}
			if ($this->ScaffoldModel->delete()) {
				$message = __d('cake', 'The %1$s with id: %2$s has been deleted.', Inflector::humanize($this->modelClass), $id);
				return $this->_sendMessage($message);
			} else {
				$message = __d('cake',
					'There was an error deleting the %1$s with id: %2$s',
					Inflector::humanize($this->modelClass),
					$id
				);
				return $this->_sendMessage($message);
			}
		} elseif ($this->controller->scaffoldError('delete') === false) {
			return $this->_scaffoldError();
		}
	}
 public function isLoginDataAvailable(CakeRequest $request)
 {
     return $request->is('post');
 }
Esempio n. 9
0
 /**
  * Setup access for origin and methods on cross origin requests
  *
  * This method allow multiple ways to setup the domains, see the examples
  *
  * ### Full URI
  * e.g `cors($request, 'http://www.cakephp.org');`
  *
  * ### URI with wildcard
  * e.g `cors($request, 'http://*.cakephp.org');`
  *
  * ### Ignoring the requested protocol
  * e.g `cors($request, 'www.cakephp.org');`
  *
  * ### Any URI
  * e.g `cors($request, '*');`
  *
  * ### Whitelist of URIs
  * e.g `cors($request, array('http://www.cakephp.org', '*.google.com', 'https://myproject.github.io'));`
  *
  * @param CakeRequest $request Request object
  * @param string|array $allowedDomains List of allowed domains, see method description for more details
  * @param string|array $allowedMethods List of HTTP verbs allowed
  * @param string|array $allowedHeaders List of HTTP headers allowed
  * @return void
  */
 public function cors(CakeRequest $request, $allowedDomains, $allowedMethods = array(), $allowedHeaders = array())
 {
     $origin = $request->header('Origin');
     if (!$origin) {
         return;
     }
     $allowedDomains = $this->_normalizeCorsDomains((array) $allowedDomains, $request->is('ssl'));
     foreach ($allowedDomains as $domain) {
         if (!preg_match($domain['preg'], $origin)) {
             continue;
         }
         $this->header('Access-Control-Allow-Origin', $domain['original'] === '*' ? '*' : $origin);
         $allowedMethods && $this->header('Access-Control-Allow-Methods', implode(', ', (array) $allowedMethods));
         $allowedHeaders && $this->header('Access-Control-Allow-Headers', implode(', ', (array) $allowedHeaders));
         break;
     }
 }
Esempio n. 10
0
 /**
  * test adding detectors and having them work.
  *
  * @return void
  */
 function testAddDetector()
 {
     $request = new CakeRequest('some/path');
     $request->addDetector('compare', array('env' => 'TEST_VAR', 'value' => 'something'));
     $_SERVER['TEST_VAR'] = 'something';
     $this->assertTrue($request->is('compare'), 'Value match failed.');
     $_SERVER['TEST_VAR'] = 'wrong';
     $this->assertFalse($request->is('compare'), 'Value mis-match failed.');
     $request->addDetector('banana', array('env' => 'TEST_VAR', 'pattern' => '/^ban.*$/'));
     $_SERVER['TEST_VAR'] = 'banana';
     $this->assertTrue($request->isBanana());
     $_SERVER['TEST_VAR'] = 'wrong value';
     $this->assertFalse($request->isBanana());
     $request->addDetector('mobile', array('options' => array('Imagination')));
     $_SERVER['HTTP_USER_AGENT'] = 'Imagination land';
     $this->assertTrue($request->isMobile());
     $_SERVER['HTTP_USER_AGENT'] = 'iPhone 3.0';
     $this->assertTrue($request->isMobile());
     $request->addDetector('callme', array('env' => 'TEST_VAR', 'callback' => array($this, '_detectCallback')));
     $request->return = true;
     $this->assertTrue($request->isCallMe());
     $request->return = false;
     $this->assertFalse($request->isCallMe());
 }
Esempio n. 11
0
 /**
  * check request request authorization
  *
  */
 public function authorize($user, CakeRequest $request)
 {
     // Admin role is allowed to perform all actions, bypassing ACL
     if ($this->_isAdmin($user)) {
         return true;
     }
     $allowed = false;
     $Acl = $this->_Collection->load('Acl');
     list($plugin, $userModel) = pluginSplit($this->settings['userModel']);
     $path = '/:plugin/:controller/:action';
     if ($request->is('api')) {
         $path = '/:prefix' . $path;
     }
     $action = $this->action($request, $path);
     $cacheName = 'permissions_' . strval($user['id']);
     if (($permissions = Cache::read($cacheName, 'permissions')) === false) {
         $permissions = array();
         Cache::write($cacheName, $permissions, 'permissions');
     }
     if (!isset($permissions[$action])) {
         $User = ClassRegistry::init($this->settings['userModel']);
         $User->id = $user['id'];
         $allowed = $Acl->check($User, $action);
         $permissions[$action] = $allowed;
         Cache::write($cacheName, $permissions, 'permissions');
         $hit = false;
     } else {
         $allowed = $permissions[$action];
         $hit = true;
     }
     if (Configure::read('debug')) {
         $status = $allowed ? ' allowed.' : ' denied.';
         $cached = $hit ? ' (cache hit)' : ' (cache miss)';
         CakeLog::write(LOG_ERR, $user['username'] . ' - ' . $action . $status . $cached);
     }
     if (!$allowed) {
         return false;
     }
     if (!Configure::read('Access Control.rowLevel')) {
         return $allowed;
     }
     // bail out when controller's primary model does not want row level acl
     $controller = $this->controller();
     $model = $controller->modelClass;
     $Model = $controller->{$model};
     if ($Model && !$Model->Behaviors->attached('RowLevelAcl')) {
         return $allowed;
     }
     $primaryKey = $Model->primaryKey;
     $ids = array();
     if ($request->is('get') && !empty($request->params['pass'][0])) {
         // collect id from actions such as: Nodes/admin_edit/1
         $ids[] = $request->params['pass'][0];
     } elseif (($request->is('post') || $request->is('put')) && isset($request->data[$model]['action'])) {
         // collect ids from 'bulk' processing action such as: Nodes/admin_process
         foreach ($request->data[$model] as $id => $flag) {
             if (isset($flag[$primaryKey]) && $flag[$primaryKey] == 1) {
                 $ids[] = $id;
             }
         }
     }
     foreach ($ids as $id) {
         if (is_numeric($id)) {
             try {
                 $allowed = $this->_authorizeByContent($user, $request, $id);
             } catch (CakeException $e) {
                 $allowed = false;
             }
         } else {
             continue;
         }
         if (!$allowed) {
             break;
         }
     }
     return $allowed;
 }
 /**
  * Returns true if the current call a DELETE request
  *
  * @return boolean True if call is a DELETE
  * @deprecated Use $this->request->is('delete'); from your controller.
  */
 public function isDelete()
 {
     return $this->request->is('delete');
 }
Esempio n. 13
0
 /**
  * Check if access requires secure connection
  *
  * @param object $controller Instantiating controller
  * @return bool true if secure connection required
  */
 protected function _secureRequired($controller)
 {
     if (is_array($this->requireSecure) && !empty($this->requireSecure)) {
         $requireSecure = array_map('strtolower', $this->requireSecure);
         if (in_array($this->_action, $requireSecure) || $this->requireSecure == array('*')) {
             if (!$this->request->is('ssl')) {
                 if (!$this->blackHole($controller, 'secure')) {
                     return null;
                 }
             }
         }
     }
     return true;
 }
Esempio n. 14
0
 /**
  * Authenticate a user based on the request information
  *
  * @see BaseAuthenticate::authenticate()
  */
 public function authenticate(CakeRequest $request, CakeResponse $response)
 {
     if (!empty($request->data) || $request->is('post')) {
         return false;
     }
     return $this->getUser($request);
 }
 /**
  * add 4 standard request method detectors for ajax calls
  * add 4 standard request method detectors for nonajax calls
  *
  * @param $request CakeRequest. This will be passed by reference
  * @return CakeRequest. Just in case caller did not know that the CakeRequest object was passed by reference
  */
 public function addAjaxMethodDetectorsTo(CakeRequest $request)
 {
     // the 4 method detectors for ajax calls
     $request->addDetector('ajax_get', array('callback' => function ($request) {
         return $request->is('ajax') && $request->is('get');
     }));
     $request->addDetector('ajax_post', array('callback' => function ($request) {
         return $request->is('ajax') && $request->is('post');
     }));
     $request->addDetector('ajax_put', array('callback' => function ($request) {
         return $request->is('ajax') && $request->is('put');
     }));
     $request->addDetector('ajax_delete', array('callback' => function ($request) {
         return $request->is('ajax') && $request->is('delete');
     }));
     // the 4 method detectors for NON-ajax calls
     $request->addDetector('nonajax_get', array('callback' => function ($request) {
         return !$request->is('ajax') && $request->is('get');
     }));
     $request->addDetector('nonajax_post', array('callback' => function ($request) {
         return !$request->is('ajax') && $request->is('post');
     }));
     $request->addDetector('nonajax_put', array('callback' => function ($request) {
         return !$request->is('ajax') && $request->is('put');
     }));
     $request->addDetector('nonajax_delete', array('callback' => function ($request) {
         return !$request->is('ajax') && $request->is('delete');
     }));
     return $request;
 }
Esempio n. 16
0
 /**
  * Performs a delete on given scaffolded Model.
  *
  * @param CakeRequest $request Request for scaffolding
  * @return mixed Success on delete, error if delete fails
  * @throws MethodNotAllowedException When HTTP method is not a DELETE
  * @throws NotFoundException When id being deleted does not exist.
  */
 protected function _scaffoldDelete(CakeRequest $request)
 {
     if ($this->controller->beforeScaffold('delete')) {
         $modelClass = $this->controller->modelClass;
         if (!$request->is('post')) {
             throw new MethodNotAllowedException();
         }
         $id = false;
         if (isset($request->params['pass'][0])) {
             $id = $request->params['pass'][0];
         }
         $this->ScaffoldModel->id = $id;
         if (!$this->ScaffoldModel->exists()) {
             throw new NotFoundException(__d('cake', '%s inválido', Inflector::humanize($this->modelClass)));
         }
         $deleteID = $this->ScaffoldModel->id;
         if ($deleteID) {
             $tableFields = $this->ScaffoldModel->_schema;
             foreach ($tableFields as $key => $val) {
                 if (subStr($key, -5) == '_file' || subStr($key, -10) == '_th_hidden') {
                     $thisRecord = $this->ScaffoldModel->find('all', array('conditions' => array($modelClass . '.id' => $id)));
                     if (file_exists($thisRecord[0][$modelClass][$key])) {
                         if (!unlink($thisRecord[0][$modelClass][$key])) {
                             unlink($thisRecord[0][$modelClass][$key]);
                         }
                     }
                 }
             }
         }
         if ($this->ScaffoldModel->delete()) {
             $message = __d('cake', '%1$s com o id: %2$s foi apagado.', Inflector::humanize($this->modelClass), $id);
             return $this->_sendMessage($message);
         } else {
             $message = __d('cake', 'Houve um erro ao apagar %1$s com o id: %2$s', Inflector::humanize($this->modelClass), $id);
             return $this->_sendMessage($message);
         }
     } elseif ($this->controller->scaffoldError('delete') === false) {
         return $this->_scaffoldError();
     }
 }