/**
* Add page to section.
*
* @param Navigation_Abstract $page
* @param int $priority
* @return $this
*/
public function add_page(Navigation_Abstract &$page, $priority = 1)
{
$priority = (int) $priority;
// Check permissions
if (!ACL::check($page->permissions)) {
return $this;
}
// Priority
if (isset($page->priority)) {
$priority = (int) $page->priority;
}
// Typeof
if ($page instanceof Navigation_Section) {
$this->_sections[] = $page;
$page->set_section($this);
} else {
// Change priority
if (isset($this->_pages[$priority])) {
while (isset($this->_pages[$priority])) {
$priority++;
}
}
// Store page
$this->_pages[$priority] = $page;
}
// Add page buttons
if (isset($page->buttons)) {
$page->add_buttons($page->buttons);
}
//
$page->set_section($this);
return $this->update()->sort();
}
/**
* List of pages (blogs/posts/etc.) with a specific tag
*
* @throws HTTP_Exception_404
*
* @uses Log::add
* @uses Text::ucfirst
* @uses ACL::check
* @uses Meta::links
* @uses URL::canonical
* @uses Route::url
*/
public function action_view()
{
$id = (int) $this->request->param('id', 0);
$tag = ORM::factory('tag', $id);
if (!$tag->loaded()) {
throw HTTP_Exception::factory(404, 'Tag :tag not found!', array(':tag' => $id));
}
$this->title = __(':title', array(':title' => Text::ucfirst($tag->name)));
$view = View::factory('tag/view')->set('teaser', TRUE)->bind('pagination', $pagination)->bind('posts', $posts);
$posts = $tag->posts;
if (!ACL::check('administer tags') and !ACL::check('administer content')) {
$posts->where('status', '=', 'publish');
}
$total = $posts->reset(FALSE)->count_all();
if ($total == 0) {
Log::info('No posts found.');
$this->response->body(View::factory('page/none'));
return;
}
$pagination = Pagination::factory(array('current_page' => array('source' => 'cms', 'key' => 'page'), 'total_items' => $total, 'items_per_page' => 15, 'uri' => $tag->url));
$posts = $posts->order_by('created', 'DESC')->limit($pagination->items_per_page)->offset($pagination->offset)->find_all();
$this->response->body($view);
// Set the canonical and shortlink for search engines
if ($this->auto_render === TRUE) {
Meta::links(URL::canonical($tag->url, $pagination), array('rel' => 'canonical'));
Meta::links(Route::url('tag', array('action' => 'view', 'id' => $tag->id)), array('rel' => 'shortlink'));
}
}
/**
* @dataProvider providerPerms
*/
public function testacl_check($perm, $user_id)
{
$user = ORM::factory('user', $user_id);
if ($user_id == 1) {
$this->assertFalse(ACL::check($perm, $user));
} else {
$this->assertTrue(ACL::check($perm, $user));
}
}
public function before()
{
parent::before();
if ($this->auth_required === TRUE and !Auth::is_logged_in() and !in_array($this->request->action(), $this->public_actions)) {
$this->_deny_access();
}
if ($this->auth_required === TRUE and !in_array($this->request->action(), $this->allowed_actions) and !ACL::check($this->request)) {
$this->_deny_access();
}
}
public function rest_delete()
{
if (!ACL::check('dshboard.empty')) {
throw HTTP_API_Exception::factory(API::ERROR_PERMISSIONS, 'You don\'t have permission to :permission', array(':permission' => __('Empty dashboard')));
}
Dashboard::remove_data();
Cache::register_shutdown_function();
Kohana::$log->add(Log::INFO, ':user empty dashboard')->write();
$this->message('Dashboard is empty!');
}
public function get_clear()
{
if (!ACL::check('system.session.clear')) {
throw HTTP_API_Exception::factory(API::ERROR_PERMISSIONS, 'You don\'t have permission to :permission', array(':permission' => __('Сlear user sessions')));
}
if (Session::$default == 'database') {
DB::delete('sessions')->execute();
Kohana::$log->add(Log::INFO, ':user clear user sessions')->write();
$this->message('User sessions has been cleared!');
}
}
public function rest_delete()
{
if (!ACL::check('system.cache.clear')) {
throw HTTP_API_Exception::factory(API::ERROR_PERMISSIONS, 'You don\'t have permission to :permission', array(':permission' => __('Сlear cache')));
}
if (Kohana::$caching === TRUE) {
Cache::register_shutdown_function();
}
Kohana::$log->add(Log::INFO, ':user clear cache')->write();
$this->message('Cache has been cleared!');
}
/**
* Before the controller execute an action, check security access.
* @throws HTTP_Exception
*/
public function before()
{
parent::before();
// Check public actions
if ($this->auth_required === true && !Auth::is_logged_in() && !in_array($this->request->action(), $this->public_actions)) {
$this->_deny_access();
}
// Check allowed actions
if ($this->auth_required === true && !in_array($this->request->action(), $this->allowed_actions) && !ACL::check($this->request)) {
$this->_deny_access();
}
}
public function rest_put()
{
if (!ACL::check('plugins.change_status')) {
throw HTTP_API_Exception::factory(API::ERROR_PERMISSIONS, 'You don\'t have permission to :permission', array(':permission' => __('Install or uninstall plugin')));
}
Plugins::find_all();
$plugin = Plugins::get_registered($this->param('id', NULL, TRUE));
if (!$plugin->is_activated() and (bool) $this->param('installed') === TRUE) {
$plugin->activate();
} else {
$plugin->deactivate((bool) $this->param('remove_data'));
}
Kohana::$log->add(Log::INFO, ':user :action plugin :name', array(':action' => $plugin->is_activated() ? 'activate' : 'deactivate', ':name' => $plugin->title()))->write();
$this->response($this->_get_info($plugin));
}
public function post_refresh()
{
if (!ACL::check('system.api.refresh_key')) {
throw HTTP_API_Exception::factory(API::ERROR_PERMISSIONS, 'You don\'t have permission to :permission', array(':permission' => __('Refresh API key')));
}
$key_exists = Config::get('api', 'key') !== NULL;
$key = $this->param('key', NULL, $key_exists);
if ($key_exists === TRUE) {
$key = ORM::factory('api_key')->refresh($key);
} else {
$key = ORM::factory('api_key')->generate('KodiCMS API key');
}
Config::set('api', 'key', $key);
$this->response($key);
}
public function before()
{
if ($this->request->action() != 'create') {
$ds_id = (int) $this->request->param('id');
$this->section($ds_id);
if ($this->section()->has_access_edit()) {
$this->allowed_actions[] = 'edit';
}
if ($this->section()->has_access_remove()) {
$this->allowed_actions[] = 'remove';
}
} else {
$type = strtolower($this->request->param('id'));
if (ACL::check($type . '.section.create')) {
$this->allowed_actions[] = 'create';
}
}
parent::before();
}
public function action_edit()
{
$layout_name = $this->request->param('id');
$layout = new Model_File_Layout($layout_name);
if (!$layout->is_exists()) {
if (($found_file = $layout->find_file()) !== FALSE) {
$layout = new Model_File_Layout($found_file);
} else {
Messages::errors(__('Layout not found!'));
$this->go();
}
}
$this->set_title($layout_name);
// check if trying to save
if (Request::current()->method() == Request::POST and ACL::check('layout.edit')) {
return $this->_edit($layout);
}
Assets::package('ace');
$this->template->content = View::factory('layout/edit', array('action' => 'edit', 'layout' => $layout));
}
public function get_database()
{
if (!ACL::check('update.database_apply')) {
throw HTTP_API_Exception::factory(API::ERROR_PERMISSIONS, 'You don\'t have permission to :permission', array(':permission' => __('Update database')));
}
$db_sql = Database_Helper::schema();
$file_sql = Database_Helper::install_schema();
$compare = new Database_Helper();
$diff = $compare->get_updates($db_sql, $file_sql, TRUE);
try {
Database_Helper::insert_sql($diff);
$this->message('Database schema updated successfully!');
Cache::instance()->delete(Update::CACHE_KEY_DB_SHEMA);
$this->response(TRUE);
} catch (Exception $ex) {
$this->message('Something went wrong!');
$this->response(FALSE);
}
Kohana::$log->add(Log::INFO, ':user update database')->write();
}
public function action_edit()
{
$snippet_name = $this->request->param('id');
$snippet = new Model_File_Snippet($snippet_name);
if (!$snippet->is_exists()) {
if (($found_file = $snippet->find_file()) !== FALSE) {
$snippet = new Model_File_Snippet($found_file);
} else {
Messages::errors(__('Snippet not found!'));
$this->go();
}
}
$this->template->title = __('Edit snippet');
$this->breadcrumbs->add($snippet_name);
// check if trying to save
if (Request::current()->method() == Request::POST and ACL::check('snippet.edit')) {
return $this->_edit($snippet_name);
}
Assets::package('ace');
$this->template->content = View::factory('snippet/edit', array('action' => 'edit', 'filters' => WYSIWYG::findAll(), 'snippet' => $snippet));
}
/**
*
* @param Model_Navigation_Page $page
* @param integer $priority
* @return \Model_Navigation_Section
*/
public function add_page(Model_Navigation_Abstract &$page, $priority = 1)
{
$priority = (int) $priority;
if (!ACL::check($page->permissions)) {
return $this;
}
if (isset($page->priority)) {
$priority = (int) $page->priority;
}
if ($page instanceof Model_Navigation_Section) {
$this->_sections[] = $page;
$page->set_section($this);
} else {
if (isset($this->_pages[$priority])) {
while (isset($this->_pages[$priority])) {
$priority++;
}
}
$this->_pages[$priority] = $page;
}
$page->set_section($this);
return $this->update()->sort();
}
if ($child->has_children) {
?>
<?php
if ($child->is_expanded) {
echo UI::icon('minus fa-fw item-expander item-expander-expand');
} else {
echo UI::icon('plus fa-fw item-expander');
}
?>
<?php
}
?>
<?php
if (!ACL::check('page.edit') or !Auth::has_permissions($child->get_permissions())) {
?>
<?php
echo UI::icon('lock fa-fw');
?>
<?php
echo $child->title;
?>
<?php
} else {
?>
<?php
echo HTML::anchor($child->get_url(), $child->title, array('data-icon' => ($child->children_rows instanceof View and $child->children_rows->childrens) ? 'folder-open fa-fw' : 'file-o fa-fw'));
?>
<?php
}
<?php
}
?>
</div>
</div>
<div class="right-col">
<hr class="profile-content-hr no-grid-gutter-h">
<div class="profile-content tabbable">
<?php
Observer::notify('view_user_profile_information', $user->id);
?>
<?php
if (!empty($permissions) and ACL::check('users.view.permissions')) {
?>
<div class="panel-heading">
<span class="panel-title"><?php
echo __('Section permissions');
?>
</span>
</div>
<div class="panel-body">
<?php
foreach ($permissions as $title => $actions) {
?>
<div class="panel-heading">
<span class="panel-title"><?php
echo __(ucfirst($title));
?>
<?php
echo Form::select('setting[page][check_date]', Form::choices(), Config::get('site', 'check_page_date', Config::NO));
?>
</div>
</div>
</div>
<div class="panel-heading" data-icon="hdd-o">
<span class="panel-title"><?php
echo __('Session settings');
?>
</span>
</div>
<div class="panel-body">
<?php
if (ACL::check('system.session.clear') and Session::$default == 'database') {
?>
<div class="well">
<?php
echo UI::button(__('Clear user sessions'), array('icon' => UI::icon('trash-o fa-lg'), 'class' => 'btn-warning btn-lg', 'data-api-url' => 'session.clear'));
?>
</div>
<?php
}
?>
<div class="note note-warning">
<?php
echo UI::icon('lightbulb-o fa-lg');
?>
<?php
private function _edit($user)
{
$data = $this->request->post('user');
$profile = $this->request->post('profile');
$this->auto_render = FALSE;
if (ACL::check('users.change_password') or $user->id == Auth::get_id()) {
if (strlen($data['password']) == 0) {
unset($data['password'], $data['password_confirm']);
}
} else {
unset($data['password']);
}
if (empty($profile['notice'])) {
$profile['notice'] = 0;
}
try {
if ($user->update_user($data, array('email', 'username', 'password'))) {
$profile['user_id'] = $user->id;
$user->profile->values($profile)->save();
if (Acl::check('users.change_roles') and $user->id > 1) {
// now we need to add permissions
$user_roles = $this->request->post('user_roles');
if (!empty($user_roles)) {
$user->update_related_ids('roles', explode(',', $user_roles));
}
}
Messages::success(__('User has been saved!'));
}
} catch (ORM_Validation_Exception $e) {
Messages::errors($e->errors('validation'));
$this->go_back();
}
// save and quit or save and continue editing?
if ($this->request->post('commit') !== NULL) {
$this->go();
} else {
$this->go(array('action' => 'edit', 'id' => $user->id));
}
}
<div class="form-group">
<?php
echo $page->label('needs_login', array('class' => 'control-label col-md-3'));
?>
<div class="col-md-6">
<?php
echo $page->field('needs_login', array('prefix' => 'page'));
?>
</div>
</div>
<?php
}
?>
</div>
<?php
if (ACL::check('page.permissions')) {
?>
<div class="panel-heading">
<?php
echo $page->label('page_permissions', array('class' => 'panel-title'));
?>
</div>
<div class="panel-body">
<?php
echo Form::select('page_permissions[]', $permissions, array_keys($page_permissions));
?>
</div>
<?php
}
Observer::notify('view_page_edit_sidebar_after', $page);
<?php
defined('SYSPATH') or die('No direct script access.');
/**
* Set the default cache driver
*/
Cache::$default = defined('CACHE_TYPE') ? CACHE_TYPE : 'file';
Observer::observe('modules::after_load', function () {
if (IS_INSTALLED and ACL::check('system.cache.settings')) {
Observer::observe('view_setting_plugins', function () {
echo View::factory('cache/settings');
});
Observer::observe('validation_settings', function ($validation, $filter) {
$filter->rule('cache.front_page', 'intval')->rule('cache.page_parts', 'intval')->rule('cache.tags', 'intval');
});
}
});
/**
* Tags view
*
* @throw HTTP_Exception_404
*/
public function action_tag()
{
$config = Config::load('blog');
$id = (int) $this->request->param('id', 0);
$tag = ORM::factory('tag', array('id' => $id, 'type' => 'blog'));
if (!$tag->loaded()) {
throw HTTP_Exception::factory(404, 'Tag ":tag" Not Found', array(':tag' => $id));
}
$this->title = __(':title', array(':title' => Text::ucfirst($tag->name)));
$view = View::factory('blog/list')->set('teaser', TRUE)->set('config', $config)->bind('rss_link', $rss_link)->bind('pagination', $pagination)->bind('posts', $posts);
$posts = $tag->posts;
if (!ACL::check('administer tags') and !ACL::check('administer content')) {
$posts->where('status', '=', 'publish');
}
$total = $posts->reset(FALSE)->count_all();
if ($total == 0) {
Log::info('No blogs found.');
$this->response->body(View::factory('blog/none'));
return;
}
$rss_link = Route::get('rss')->uri(array('controller' => 'blog', 'action' => 'tag', 'id' => $tag->id));
$pagination = Pagination::factory(array('current_page' => array('source' => 'cms', 'key' => 'page'), 'total_items' => $total, 'items_per_page' => $config->get('items_per_page', 15), 'uri' => $tag->url));
$posts = $posts->order_by('created', 'DESC')->limit($pagination->items_per_page)->offset($pagination->offset)->find_all();
$this->response->body($view);
// Set the canonical and shortlink for search engines
if ($this->auto_render) {
Meta::links(URL::canonical($tag->url, $pagination), array('rel' => 'canonical'));
Meta::links(Route::url('blog', array('action' => 'tag', 'id' => $tag->id), TRUE), array('rel' => 'shortlink'));
Meta::links(Route::url('rss', array('controller' => 'blog', 'action' => 'tag', 'id' => $tag->id), TRUE), array('rel' => 'alternate', 'type' => 'application/rss+xml', 'title' => Template::getSiteName() . ' : ' . $tag->name));
}
}
<?php
echo Form::label('_captcha', __('Security'), array('class' => 'form-control nowrap'));
?>
<?php
echo Form::input('_captcha', '', array('class' => 'text form-control'));
?>
<?php
echo $captcha;
?>
</div>
<?php
}
?>
</div>
</div>
<?php
if (!ACL::check('administer comment') or !$is_edit) {
?>
<div class="form-actions">
<?php
echo Form::submit('comment', __('Post Comment'), array('class' => 'btn btn-default bth-lg'));
?>
</div>
<?php
}
?>
<?php
echo Form::close();
Route::filter('guest', function () {
if (Auth::check()) {
return Redirect::to('/');
}
});
/*
|--------------------------------------------------------------------------
| permissions Filter
|--------------------------------------------------------------------------
|
| The "permissions" receives as a parameter the permission name and path to
| be executed if not have access, this parameter is optional
|
*/
Route::filter('permissions', function ($route = '/', $request, $namePermissions) {
if (!ACL::check($namePermissions)) {
return Redirect::to($route);
}
});
/*
|--------------------------------------------------------------------------
| CSRF Protection Filter
|--------------------------------------------------------------------------
|
| The CSRF filter is responsible for protecting your application against
| cross-site request forgery attacks. If this special token in a user
| session does not match the one given in this request, we'll bail.
|
*/
Route::filter('csrf', function () {
if (Session::token() !== Input::get('_token')) {
<?php
$sections = Datasource_Data_Manager::types();
foreach ($sections as $type => $title) {
if (!ACL::check($type . '.section.create')) {
unset($sections[$type]);
}
}
foreach ($tree as $type => $data) {
foreach ($data as $id => $section) {
if (array_key_exists($section->folder_id(), $folders)) {
$folders[$section->folder_id()]['sections'][$id] = $section;
unset($tree[$type][$id]);
}
}
}
$folders_status = Model_User_Meta::get('datasource_folders', array());
?>
<div class="navigation">
<?php
if (!empty($sections)) {
?>
<div class="compose-btn">
<div class="btn-group">
<?php
echo UI::button(__('Create section'), array('href' => '#', 'class' => 'dropdown-toggle btn-primary btn-labeled btn-block', 'data-icon-append' => 'caret-down btn-label', 'data-toggle' => 'dropdown'));
?>
<ul class="dropdown-menu">
<?php
foreach ($sections as $type => $title) {
</tbody>
</table>
</div>
<div class="panel-footer">
<?php
if (ACL::check($section->has_access('document.create', TRUE))) {
?>
<?php
echo UI::button(__('Create Document'), array('href' => Route::get('datasources')->uri(array('controller' => 'document', 'directory' => $section->type(), 'action' => 'create')) . URL::query(array('ds_id' => $section->id())), 'icon' => UI::icon('plus')));
?>
<?php
}
?>
<?php
if (ACL::check($section->has_access_view())) {
?>
<?php
echo UI::button(__('Goto section'), array('href' => Route::get('datasources')->uri(array('controller' => 'data', 'directory' => 'datasources')) . URL::query(array('ds_id' => $section->id())), 'icon' => UI::icon(Datasource_Data_Manager::get_icon($section->type())), 'class' => 'btn-xs btn-inverse'));
?>
<?php
}
?>
</div>
<?php
} else {
?>
<div class="note note-warning">
<?php
echo UI::icon('lightbulb-o fa-lg');
?>
echo Form::input('_captcha', '', array('class' => 'form-control'));
?>
<br>
<?php
echo $captcha;
?>
</div>
<?php
}
?>
</div>
<div id="side-info-column" class="col-md-3">
<?php
if (ACL::check('administer content') or ACL::check('administer page')) {
?>
<div id="submitdiv" class="panel panel-info">
<div class="panel-heading">
<h3 class="panel-title"><?php
echo __('Publication');
?>
</h3>
</div>
<div class="panel-body" id="submitpost">
<div id="minor-publishing">
<div class="form-group <?php
echo isset($errors['status']) ? 'has-error' : '';
?>
">
<?php
echo UI::button(__('File manager'), array('class' => 'btn-filemanager btn-flat btn-info btn-sm', 'data-el' => 'textarea_content', 'icon' => UI::icon('folder-open'), 'data-hotkeys' => 'ctrl+m'));
?>
</div>
<?php
}
?>
</div>
<?php
echo Form::textarea('content', $layout->content, array('class' => 'form-control', 'id' => 'textarea_content', 'data-height' => 600, 'data-readonly' => (!$layout->is_exists() or $layout->is_exists() and $layout->is_writable()) ? 'off' : 'on'));
?>
<?php
if ($layout->is_exists() and !$layout->is_writable()) {
?>
<div class="panel-default alert alert-danger alert-dark no-margin-b">
<?php
echo __('File is not writable');
?>
</div>
<?php
} elseif (ACL::check('layout.edit')) {
?>
<div class="form-actions panel-footer">
<?php
echo UI::actions($page_name);
?>
</div>
<?php
}
echo Form::close();
public function action_delete()
{
if (!ACL::check('delete oaclient2')) {
throw new HTTP_Exception_404('You have no permission to delete oauth2 clients.');
}
$id = (int) $this->request->param('id');
$redirect = empty($this->redirect) ? Route::get('oauth2/client')->uri(array('action' => 'list')) : $this->redirect;
$oaclient = ORM::factory('oaclient', $id);
if (!$oaclient->loaded()) {
Message::error(__('oaclient: doesn\'t exists!'));
Kohana::$log->add(Log::ERROR, 'Attempt to delete non-existent oaclient');
$this->request->redirect(Route::get('oauth2/client')->uri(array('action' => 'list')));
}
$clone_oaclient = clone $oaclient;
if (!Access::oaclient('delete', $oaclient)) {
// If the lead was not loaded, we return access denied.
throw new HTTP_Exception_404('Attempt to non-existent oaclient.');
}
$this->title = __('Delete oaclient');
$this->subtitle = Text::plain($oaclient->client_id);
$form = View::factory('form/confirm')->set('action', $oaclient->delete_url)->set('title', $oaclient->client_id);
// If deletion is not desired, redirect to post
if (isset($_POST['no']) and $this->valid_post()) {
$this->request->redirect('oauth2/client');
}
// If deletion is confirmed
if (isset($_POST['yes']) and $this->valid_post()) {
try {
$oaclient->delete();
Message::success(__('oaclient: :title deleted successfully', array(':title' => $clone_oaclient->client_id)));
$this->request->redirect($redirect);
} catch (Exception $e) {
Message::error(__('oaclient: :title unable to delete the record', array(':title' => $clone_oaclient->client_id)));
$this->request->redirect($redirect);
}
}
$this->response->body($form);
}
echo Date::format($snippet->modified());
?>
</td>
<td class="size">
<?php
echo Text::bytes($snippet->size());
?>
</td>
<td class="direction hidden-xs">
<?php
echo UI::label($snippet->get_relative_path());
?>
</td>
<td class="actions text-right">
<?php
if (ACL::check('snippet.delete')) {
?>
<?php
echo UI::button(NULL, array('href' => Route::get('backend')->uri(array('controller' => 'snippet', 'action' => 'delete', 'id' => $snippet->name)), 'icon' => UI::icon('times fa-inverse'), 'class' => 'btn-xs btn-danger btn-confirm'));
?>
<?php
}
?>
</td>
</tr>
<?php
}
?>
</tbody>
</table>
</div>
