public function pageGroupAuthorization($group_id) { // Access-controlled page if (!$this->_app->user->checkAccess('uri_authorization_settings')) { $this->_app->notFound(); } $group = Group::find($group_id); // Load all auth rules $rules = GroupAuth::where('group_id', $group_id)->get(); $this->_app->render('config/authorization.twig', ["group" => $group, "rules" => $rules]); }
/** * Processes the request to create a new auth rule. * * Processes the request from the auth creation form, checking that: * 1. The group does not already have a rule for the specified hook. * 2. The user has the necessary permissions to update the posted field(s); * 3. The submitted data is valid. * This route requires authentication (and should generally be limited to admins or the root user). * Request type: POST * @see formAuthCreate * @todo make this work for user-level rules as well */ public function createAuthRule($id, $type = "group") { $post = $this->_app->request->post(); // Load the request schema $requestSchema = new \Fortress\RequestSchema($this->_app->config('schema.path') . "/forms/auth-create.json"); // Get the alert message stream $ms = $this->_app->alerts; // TODO: Check that the group exists $group = Group::find($id); // Access-controlled resource if (!$this->_app->user->checkAccess('create_auth', ['group' => $group])) { $ms->addMessageTranslated("danger", "ACCESS_DENIED"); $this->_app->halt(403); } // Set up Fortress to process the request $rf = new \Fortress\HTTPRequestFortress($ms, $requestSchema, $post); // Sanitize data $rf->sanitize(); // Validate, and halt on validation errors. $error = !$rf->validate(true); // Get the filtered data $data = $rf->data(); // Remove csrf_token from object data $rf->removeFields(['csrf_token']); // Perform desired data transformations on required fields. $data['hook'] = trim($data['hook']); $data['conditions'] = trim($data['conditions']); // Check if the group already has a rule for this hook if (GroupAuth::where("group_id", $id)->where("hook", $data['hook'])->first()) { $post['name'] = $group->name; $ms->addMessageTranslated("danger", "GROUP_AUTH_EXISTS", $post); $this->_app->halt(400); } // Halt on any validation errors if ($error) { $this->_app->halt(400); } // Create the rule $rule = new GroupAuth(); $rule->group_id = $id; $rule->hook = $data['hook']; $rule->conditions = $data['conditions']; // Store new group to database $rule->save(); // Success message $data['name'] = $group['name']; $ms->addMessageTranslated("success", "GROUP_AUTH_CREATION_SUCCESSFUL", $data); }