/** * Securely calls an action. Before the actual call, this handler will validate all parameters defined at the module.xml * and check the user permissions. * * @param WebSoccer $website Current WebSoccer context. * @param DbConnection $db Data base connection. * @param I18n $i18n Messages context. * @param string $actionId ID of action to validate and execute. * @return string|NULL ID of page to display after the execution of this action or NULL if the current page shall be displayed. * @throws Exception if action could not be found, a double-submit occured, access is denied, controller could not be found * or if the executed controller has thrown an Exception. */ public static function handleAction(WebSoccer $website, DbConnection $db, I18n $i18n, $actionId) { if ($actionId == NULL) { return; } // check double-submit if (isset($_SESSION[DOUBLE_SUBMIT_CHECK_SESSIONKEY_ACTIONID]) && $_SESSION[DOUBLE_SUBMIT_CHECK_SESSIONKEY_ACTIONID] == $actionId && isset($_SESSION[DOUBLE_SUBMIT_CHECK_SESSIONKEY_TIME]) && $_SESSION[DOUBLE_SUBMIT_CHECK_SESSIONKEY_TIME] + DOUBLE_SUBMIT_CHECK_SECONDS > $website->getNowAsTimestamp()) { throw new Exception($i18n->getMessage('error_double_submit')); } $actionConfig = json_decode($website->getAction($actionId), true); $actionXml = ModuleConfigHelper::findModuleConfigAsXmlObject($actionConfig['module']); // check permissions $user = $website->getUser(); // is admin action if (strpos($actionConfig['role'], 'admin') !== false) { if (!$user->isAdmin()) { throw new AccessDeniedException($i18n->getMessage('error_access_denied')); } } else { // all other actions $requiredRoles = explode(',', $actionConfig['role']); if (!in_array($user->getRole(), $requiredRoles)) { throw new AccessDeniedException($i18n->getMessage('error_access_denied')); } } // validate parameters $params = $actionXml->xpath('//action[@id = "' . $actionId . '"]/param'); $validatedParams = array(); if ($params) { $validatedParams = self::_validateParameters($params, $website, $i18n); } $controllerName = $actionConfig['controller']; // handle premium actions if (isset($actionConfig['premiumBalanceMin']) && $actionConfig['premiumBalanceMin']) { return self::_handlePremiumAction($website, $db, $i18n, $actionId, $actionConfig['premiumBalanceMin'], $validatedParams, $controllerName); } $actionReturn = self::_executeAction($website, $db, $i18n, $actionId, $controllerName, $validatedParams); // create log entry if (isset($actionConfig['log']) && $actionConfig['log'] && $website->getUser()->id) { ActionLogDataService::createOrUpdateActionLog($website, $db, $website->getUser()->id, $actionId); } return $actionReturn; }
if ($loggingEnabled) { $loggingColumns = (string) $overviewConfig[0]->attributes()->loggingcolumns; if (!strlen($loggingColumns)) { throw new Exception($i18n->getMessage("entitylogging_nologgingcolumns")); } } if (isset($_REQUEST['id'])) { $id = (int) $_REQUEST['id']; } echo "<h1>" . $i18n->getMessage("entity_" . $entity) . "</h1>"; // remove alias $tablePrefix = $website->getConfig("db_prefix") . "_"; $mainTable = $tablePrefix . $entityConfig[0]->attributes()->dbtable; $spaceTablePos = strrpos($mainTable, " "); $mainTableAlias = $spaceTablePos ? substr($mainTable, $spaceTablePos) . "." : ""; $dbTableWithoutPrefix = ModuleConfigHelper::removeAliasFromDbTableName($entityConfig[0]->attributes()->dbtable); $dbTable = $tablePrefix . $dbTableWithoutPrefix; // show overview by default $showOverview = TRUE; // process add/edit form action if ($show == "add" || $show == "edit") { $showOverview = FALSE; $enableFileUpload = FALSE; // field config $fields = $entityConfig[0]->xpath("editform/field"); $formFields = array(); foreach ($fields as $field) { $attrs = $field->attributes(); if ($show == "add" && (bool) $attrs["editonly"]) { continue; }
warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with OpenWebSoccer-Sim. If not, see <http://www.gnu.org/licenses/>. ******************************************************/ if (isset($id) && $id) { $del_id = array($id); } if ($admin["r_demo"]) { throw new Exception($i18n->getMessage("error_access_denied")); } if (count($del_id)) { $dependencies = ModuleConfigHelper::findDependentEntities($dbTableWithoutPrefix); foreach ($del_id as $deleteId) { // log action if ($loggingEnabled) { $result = $db->querySelect($loggingColumns, $dbTable, "id = %d", $deleteId); $item = $result->fetch_array(MYSQLI_ASSOC); $result->free(); logAdminAction($website, LOG_TYPE_DELETE, $admin["name"], $entity, json_encode($item)); } // delete item $db->queryDelete($dbTable, "id = %d", $deleteId); foreach ($dependencies as $dependency) { $fromTable = $website->getConfig("db_prefix") . "_" . $dependency["dbtable"]; $whereCondition = $dependency["columnid"] . " = %d"; if (strtolower($dependency["cascade"]) == "delete") { $db->queryDelete($fromTable, $whereCondition, $deleteId);