function action() { $s = owa_coreAPI::serviceSingleton(); // lookup method class $do = $s->getApiMethodClass($this->getParam('do')); if ($do) { // check credentials /* PERFORM AUTHENTICATION */ if (array_key_exists('required_capability', $do)) { /* CHECK USER FOR CAPABILITIES */ if (!owa_coreAPI::isCurrentUserCapable($do['required_capability'])) { // doesn't look like the currentuser has the necessary priviledges owa_coreAPI::debug('User does not have capability required by this controller.'); // auth user $auth =& owa_auth::get_instance(); $status = $auth->authenticateUser(); // if auth was not successful then return login view. if ($status['auth_status'] != true) { return 'This method requires authentication.'; } else { //check for needed capability again now that they are authenticated if (!owa_coreAPI::isCurrentUserCapable($do['required_capability'])) { return 'Your user does not have privileges to access this method.'; } } } } //perform $map = owa_coreAPI::getRequest()->getAllOwaParams(); echo owa_coreAPI::executeApiCommand($map); } }
/** * Handles request from caller * */ function doAction() { owa_coreAPI::debug('Performing Action: ' . get_class($this)); // check if the schema needs to be updated and force the update // not sure this should go here... if ($this->is_admin === true) { // do not intercept if its the updatesApply action or a re-install else updates will never apply $do = $this->getParam('do'); if ($do != 'base.updatesApply' && !defined('OWA_INSTALLING') && !defined('OWA_UPDATING')) { if (owa_coreAPI::isUpdateRequired()) { $this->e->debug('Updates Required. Redirecting action.'); $data = array(); $data['view_method'] = 'redirect'; $data['action'] = 'base.updates'; return $data; } } } /* Check validity of nonce */ if ($this->is_nonce_required == true) { $nonce = $this->getParam('nonce'); if ($nonce) { $is_nonce_valid = $this->verifyNonce($nonce); } if (!$nonce || !$is_nonce_valid) { $this->e->debug('Nonce is not valid.'); $ret = $this->notAuthenticatedAction(); if (!empty($ret)) { $this->post(); return $ret; } else { $this->post(); return $this->data; } } } /* CHECK USER FOR CAPABILITIES */ if (!owa_coreAPI::isCurrentUserCapable($this->getRequiredCapability())) { owa_coreAPI::debug('User does not have capability required by this controller.'); // check to see if the user has already been authenticated if (owa_coreAPI::isCurrentUserAuthenticated()) { $this->authenticatedButNotCapableAction(); return $this->data; } /* PERFORM AUTHENTICATION */ $auth =& owa_auth::get_instance(); $status = $auth->authenticateUser(); // if auth was not successful then return login view. if ($status['auth_status'] != true) { $this->notAuthenticatedAction(); return $this->data; } else { //check for needed capability again now that they are authenticated if (!owa_coreAPI::isCurrentUserCapable($this->getRequiredCapability())) { $this->authenticatedButNotCapableAction(); //needed? $this->set('go', urlencode(owa_lib::get_current_url())); // needed? -- set auth status for downstream views $this->set('auth_status', true); return $this->data; } } } // TODO: These sets need to be removed and added to pre(), action() or post() methods // in various concrete controller classes as they screw up things when // redirecting from one controller to another. // set auth status for downstream views //$this->set('auth_status', true); //set request params $this->set('params', $this->params); // set site_id $this->set('site_id', $this->get('site_id')); // set status msg - NEEDED HERE? doesnt owa_ view handle this? if (array_key_exists('status_code', $this->params)) { $this->set('status_code', $this->getParam('status_code')); } // get error msg from error code passed on the query string from a redirect. if (array_key_exists('error_code', $this->params)) { $this->set('error_code', $this->getParam('error_code')); } // check to see if the controller has created a validator if (!empty($this->v)) { // if so do the validations required $this->v->doValidations(); //check for errors if ($this->v->hasErrors === true) { //print_r($this->v); // if errors, do the errorAction instead of the normal action $this->set('validation_errors', $this->getValidationErrorMsgs()); $ret = $this->errorAction(); if (!empty($ret)) { $this->post(); return $ret; } else { $this->post(); return $this->data; } } } /* PERFORM PRE ACTION */ // often used by abstract descendant controllers to set various things $this->pre(); /* PERFORM MAIN ACTION */ // need to check ret for backwards compatability with older // controllers that donot use $this->data $ret = $this->action(); if (!empty($ret)) { $this->post(); return $ret; } else { $this->post(); return $this->data; } }