public function showRoles() { if (!$this->hasPermission(self::PERMISSION_ROLES)) { throw new Exception('You dont have permission to access this view.'); } $this->addMenu(); $user = User::getUser(); $backendModules = Curry_Backend::getBackendList(); $disable = array(); $backend = array("*" => "All"); if (!$user->hasAccess('*')) { $disable[] = '*'; } foreach ($backendModules as $backendClass => $backendName) { $backend[$backendClass] = $backendName; $permissions = method_exists($backendClass, 'getPermissions') ? call_user_func(array($backendClass, 'getPermissions')) : array(); foreach ($permissions as $permission) { $backend[$backendClass . "/" . $permission] = Curry_Core::SELECT_TREE_PREFIX . $permission; if (!$user->hasAccess($backendClass . "/" . $permission)) { $disable[] = $backendClass . "/" . $permission; } } if (!$user->hasAccess($backendClass)) { $disable[] = $backendClass; } } $content = array(); $contentAccess = array("*" => "All") + Curry_Module::getModuleList(); $allContentAccess = $user->hasAccess('Curry_Backend_Content/*'); foreach ($contentAccess as $k => $v) { $content['Curry_Backend_Content/' . $k] = $v; if (!$allContentAccess && !$user->hasAccess('Curry_Backend_Content/' . $k)) { $disable[] = 'Curry_Backend_Content/' . $k; } } $form = new Curry_ModelView_Form('UserRole', array('elements' => array('backend' => array('multiselect', array('label' => 'Backend access', 'multiOptions' => $backend, 'size' => 10, 'order' => 1, 'disable' => $disable, 'validators' => array(array('InArray', true, array(array_diff(array_keys($backend), $disable)))))), 'content' => array('multiselect', array('label' => 'Content access', 'multiOptions' => $content, 'size' => 10, 'order' => 2, 'disable' => $disable, 'validators' => array(array('InArray', true, array(array_diff(array_keys($content), $disable))))))), 'onFillForm' => function (UserRole $role, $form) { $access = UserRoleAccessQuery::create()->filterByUserRole($role)->select('Module')->find()->getArrayCopy(); $form->backend->setValue($access); $form->content->setValue($access); }, 'onFillModel' => function (UserRole $role, $form, $values) { $access = array_merge((array) $values['backend'], (array) $values['content']); $collection = new PropelObjectCollection(); $collection->setModel('UserRoleAccess'); foreach ($access as $a) { $ura = new UserRoleAccess(); $ura->setModule($a); $collection->append($ura); } $role->setUserRoleAccesss($collection); })); $q = UserRoleQuery::create(); $list = new Curry_ModelView_List($q, array('modelForm' => $form)); $list->addAction('file_permissions', array('action' => $this->getFileAccessList(), 'class' => 'inline', 'single' => true)); $list->show($this); }
/** * Shows the backend. This is the main method of this class. */ public function show() { $twig = $this->getTwig(); $templateFile = 'main.html'; $backendList = null; // Set content-type with charset (some webservers may otherwise override the charset) $encoding = Curry_Core::$config->curry->outputEncoding; header("Content-type: text/html; charset=" . $encoding); $htmlHead = $this->getHtmlHead(); $htmlHead->addStylesheet('shared/css/icons.css'); $htmlHead->addScript('shared/libs/jquery-ui-1.8.17/js/jquery-1.7.1.min.js'); $htmlHead->addScript('shared/backend/common/js/core.js'); $htmlHead->addScript('shared/backend/common/js/plugins.js'); $htmlHead->addScript('shared/backend/common/js/main.js'); $htmlHead->addScript('shared/backend/common/js/finder.js'); $htmlHead->addScript('shared/js/URI.js'); // Project backend css/js if (file_exists(Curry_Core::$config->curry->wwwPath . '/css/backend.css')) { $htmlHead->addStylesheet('css/backend.css'); } if (file_exists(Curry_Core::$config->curry->wwwPath . '/js/backend.js')) { $htmlHead->addScript('js/backend.js'); } // Set language if (Curry_Core::$config->curry->fallbackLanguage) { Curry_Language::setLanguage(Curry_Core::$config->curry->fallbackLanguage); } // Globals $twig->addGlobal('ProjectName', Curry_Core::$config->curry->name); $twig->addGlobal('Encoding', $encoding); $twig->addGlobal('Version', Curry_Core::VERSION); // Logotype if (Curry_Core::$config->curry->backend->logotype) { $twig->addGlobal('Logotype', Curry_Core::$config->curry->backend->logotype); } // Current module $currentModule = 'Curry_Backend_Page'; if (isset($_GET['module'])) { $currentModule = $_GET['module']; } if (Curry_Core::$config->curry->setup) { if ($currentModule !== 'Curry_Backend_Setup') { url('', array('module' => 'Curry_Backend_Setup'))->redirect(); } if (!class_exists('User')) { eval("class User { public static function getUser(){ return new self; } public function hasAccess() { return true; } public function getName() { return 'Dummy'; } }"); } else { User::dummyAuth(); } $backendList = array('Curry_Backend_Setup' => 'Setup'); } else { if (Curry_Core::$config->curry->backend->noauth) { User::dummyAuth(); } } $user = User::getUser(); if (!$user) { $loginRedirect = ''; if (isset($_POST['login_redirect'])) { $loginRedirect = $_POST['login_redirect']; } else { if (!isset($_GET['logout']) && count($_GET)) { $loginRedirect = (string) url('', $_GET); } } $twig->addGlobal('LoginRedirect', $loginRedirect); $this->addBodyClass('tpl-login'); $templateFile = 'login.html'; } else { $twig->addGlobal('user', array('Name' => $user->getName())); // Current module if ($backendList === null) { $backendList = Curry_Backend::getBackendList(); } if ($currentModule != 'Curry_Backend_Setup') { unset($backendList['Curry_Backend_Setup']); } if (!array_key_exists($currentModule, $backendList)) { throw new Exception('Backend module "' . $currentModule . '" not found'); } // Do we need to upgrade? $systemModules = array('Curry_Backend_System', 'Curry_Backend_Database', 'Curry_Backend_Setup'); if (Curry_Core::requireMigration() && !in_array($currentModule, $systemModules)) { url('', array('module' => 'Curry_Backend_System', 'view' => 'Upgrade'))->redirect(); } // Modules $backendGroups = array('Content' => array(), 'Appearance' => array(), 'Accounts' => array(), 'System' => array()); foreach ($backendList as $module => $moduleName) { if (!$user->hasAccess($module)) { continue; } $group = "Other"; if (method_exists($module, 'getGroup')) { $group = call_user_func(array($module, 'getGroup')); } $name = $moduleName; if (method_exists($module, 'getName')) { $n = call_user_func(array($module, 'getName')); if ($n) { $name = $n; } } $message = ''; if (method_exists($module, 'getMessage')) { $message = call_user_func(array($module, 'getMessage')); } $notifications = ''; if (method_exists($module, 'getNotifications')) { try { $notifications = call_user_func(array($module, 'getNotifications')); if (!isset($backendGroups[$group]['Notifications'])) { $backendGroups[$group]['Notifications'] = 0; } $backendGroups[$group]['Notifications'] += (int) $notifications; } catch (Exception $e) { } } $moduleProperties = array('Module' => $module, 'Active' => $module === $currentModule, 'Url' => url('', array("module" => $module)), 'Name' => $name, 'Title' => $message, 'Notifications' => $notifications); if ($group) { if (!isset($backendGroups[$group])) { $backendGroups[$group] = array(); } if (!isset($backendGroups[$group]['modules'])) { $backendGroups[$group]['modules'] = array(); } $backendGroups[$group]['modules'][$module] = $moduleProperties; $backendGroups[$group]['Name'] = $group; $backendGroups[$group]['Active'] = $module == $currentModule; } if ($module == $currentModule) { $twig->addGlobal('module', $moduleProperties); } } $twig->addGlobal('moduleGroups', $backendGroups); if ($currentModule && class_exists($currentModule)) { if ($user->hasAccess($currentModule)) { $this->backend = new $currentModule($this); if ($this->backend) { if (!in_array($currentModule, $systemModules)) { if (self::isPropelBuildInvalid()) { $this->backend->addMessage('Propel has been upgraded and you need to rebuild your database, use <a href="' . url('', array('module' => 'Curry_Backend_Database', 'view' => 'Propel')) . '">auto rebuild</a>.', Curry_Backend::MSG_WARNING, false); } if (Curry_Core::$config->curry->backend->noauth) { $this->backend->addMessage('Authorization has been disabled for backend. You can re-enable it if you go to <a href="' . url('', array('module' => 'Curry_Backend_System')) . '">System Settings</a>.', Curry_Backend::MSG_WARNING, false); } if (Curry_Core::$config->curry->maintenance->enabled) { $this->backend->addMessage('Site has been disabled for maintenance. You can re-enable it in <a href="' . url('', array('module' => 'Curry_Backend_System')) . '">System Settings</a>.', Curry_Backend::MSG_WARNING, false); } $this->doAutoBackup(); } $twig->addGlobal('content', $this->backend->show()); } } else { header('HTTP/1.1 403 Forbidden'); header('Status: 403 Forbidden'); $twig->addGlobal('content', 'Access denied'); } } } // Finalize HtmlHead and add global $htmlHead->addInlineScript('$.registerLibrary(' . Zend_Json::encode($this->libraries, false, array('enableJsonExprFinder' => true)) . ');'); $twig->addGlobal('HtmlHead', $htmlHead->getContent()); $twig->addGlobal('BodyClass', $this->getBodyClass()); // Render template $template = $twig->loadTemplate($templateFile); $template->display(array()); }