static function isAllowed($resource, $module = "default", $username = null) { $users_roles_table = new UsersRoles(); $user_roles = array(); $roles_table = new Roles(); if (!is_null($username)) { $users_roles_db = $users_roles_table->fetchAll($users_roles_table->select()->where("username = ?", $username)); $user_roles = array(); if (count($users_roles_db) > 0) { foreach ($users_roles_db as $role) { $user_roles[] = $role->role_id; } } } else { $user_roles = array($roles_table->getIdByShortname("guest")); } $resource_name = $module . "-@@EXTRA-" . $resource; $out = false; if (Zend_Registry::isRegistered('acl')) { $acl = Zend_Registry::get('acl'); if ($acl->has($resource_name)) { foreach ($user_roles as $role) { if ($acl->isAllowed($role, $resource_name)) { $out = true; } } } } return $out; }
static function isAllowed($resource,$module = "default",$username = null,$controller = null){ $users_roles_table = new UsersRoles(); $roles_table = new Roles(); if(!is_null($username)){ $users_roles_db = $users_roles_table->fetchAll($users_roles_table->select()->where("username = ?",$username)); if(count($users_roles_db) > 0){ $user_roles = array(); $users_roles_db = $users_roles_db->toArray(); foreach($users_roles_db as $role){ $ancs = $roles_table->getAllAncestors($role['role_id']); foreach ($ancs as $anc => $value) { $user_roles[] = $value; } array_push($user_roles, $role['role_id']); } $user_roles = array_unique($user_roles); } } else { $user_roles = array($roles_table->getIdByShortname("guest")); } if (is_null($controller)) { $controller = "@@EXTRA"; } $resource_name = $module ."-". $controller ."-". $resource; $out = array(); if(Zend_Registry::isRegistered('acl')){ $acl = Zend_Registry::get('acl'); if($acl->has($resource_name)){ foreach($user_roles as $role){ if($acl->isAllowed($role, $resource_name)){ $out[] = $role; } } } } return $out; }
public function _bumpRegionalAccess ($bypass = null) { $roles_table = new Roles(); $roles_resources_table = new RolesResources(); if (isset($this->resource_locale)) { $resource_locale = $this->resource_locale; } else { $resource_locale = $this->locale_code; } $role_lock = array(); if ($this->_identity->isAdmin) { $role_lock = @RivetyCore_ResourceCheck::isAllowed("locale_specific_admin_role", "default", $this->_identity->username); } if(count($role_lock) > 0){ //user is under some type of locale restriction $shortnames = array(); if (is_array($role_lock)){ foreach ($role_lock as $i) { $shortnames[] = $roles_table->getShortnameById($i); //get the shortnames of the locked roles } } $match = array(); foreach ($shortnames as $sn) { if(stristr($sn,$resource_locale)){ //we've got an access match to a shortname locale $match[] = array("id" => $roles_table->getIdByShortname($sn), "shortname" => $sn); } else { $no_match[] = array("id" => $roles_table->getIdByShortname($sn), "shortname" => $sn); } } $access = array(); if (count($match) > 0 || count($bypass) > 0) { if (count($match) > 0) { foreach ($match as $m) { $m_in = $this->_checkMatch($m['id']); if (count($m_in) > 0) { foreach ($m_in as $m) { $access[] = array("id"=>$m,"shortname"=>$roles_table->getShortnameById($m)); } } } } if (count($bypass) > 0) { foreach ($bypass as $bp) { $b_in = $this->_checkMatch($bp); if (count($b_in) > 0) { foreach ($b_in as $b) { $access[] = array("id"=>$b,"shortname"=>$roles_table->getShortnameById($b)); } } } } } if (count($access) === 0) { //if no access we have to put them somewhere they belong. $allowed = array(); foreach ($shortnames as $allowed_locales) { $allowed[] = strtolower(substr($allowed_locales, -5)); } if (!in_array($this->locale_code,$allowed) && count($allowed) > 0) { $this->locale_code = $allowed[0]; } $this->_redirect('/default/admin/index/'); // bump to admin home } else { $this->restricted_role_id = $access; return $access; } } }
function registerAction() { $errors = array(); $request = new RivetyCore_Request($this->getRequest()); if ($this->_auth->hasIdentity()) $this->_redirect('/default/user/profile/username/' . $this->_identity->username); $users_table = new Users(); $user = array(); $pre_register_params = array(); if ($request->has('url')) { $this->view->url_param = $request->url; $pre_register_params['return_url'] = $request->url; } else { $pre_register_params['return_url'] = false; } $pre_register_params = $this->_rivety_plugin->doFilter('default_pre_register', $pre_register_params); // FILTER HOOK foreach ($pre_register_params as $key=>$value) { if ($key == 'return_url') $this->view->url_param = $value; else $this->view->$key = $value; } if ($this->getRequest()->isPost()) { $request->addValidator('username', 'Username is required.'); $request->addValidator('email', 'Email address is required.'); $request->addValidator('password', 'Password is required.'); $request->addValidator('confirm', 'Password confirmation is required.'); if (!$request->isValid()) $errors = array_merge($errors, $request->getValidationErrors()); if (count($errors) == 0) { $user['username'] = $request->username; // if ($request->has('full_name')) // { // if (strlen($request->full_name) < 1) $user['full_name'] = $this->_T("Anonymous"); // else $user['full_name'] = $request->full_name; // } // else // { // $user['full_name'] = $this->_T("Anonymous"); // } $user['email'] = $request->email; $user['password'] = $request->password; $user['confirm'] = $request->confirm; // TODO: remove anything relating to birthday // if ($request->has('Birthday_Day') && $request->has('Birthday_Month') && $request->has('Birthday_Year')) // { // $user['birthday'] = strtotime($request->Birthday_Day ." ". $request->Birthday_Month ." ". $request->Birthday_Year); // } // else // { // $user['birthday'] = null; // } // validate username $username_validator = new Zend_Validate(); $username_validator->addValidator(new Zend_Validate_StringLength(1, RivetyCore_Registry::get('username_length'))); $username_validator->addValidator(new Zend_Validate_Alnum()); if (!$username_validator->isValid($user['username'])) { $show_username = "******".$user['username']."'"; if (trim($user['username']) == "") $show_username = "******".$this->_T("empty")."]"; $errors[] = $this->_T("%s is not a valid username. (Between %d and %d characters, only letters and numbers)",array($show_username,1,RivetyCore_Registry::get('username_length'))); $this->screenAlert('error', $this->_T("%s is not a valid username. (Between %d and %d characters, only letters and numbers)",array($show_username,1,RivetyCore_Registry::get('username_length')))); } $user_where = $users_table->getAdapter()->quoteInto('username = ?', $user['username']); if ($users_table->getCountByWhereClause($user_where) > 0) { $errors[] = $this->_T("The username '%s' is already in use",$user['username']); $this->screenAlert('error', $this->_T("The username '%s' is already in use",$user['username'])); } // validate email $email_validator = new Zend_Validate_EmailAddress(); if (!$email_validator->isValid($user['email'])) { $show_email = "'" . $user['email']."'"; if (trim($user['email']) == "") $show_email = "[" . $this->_T("empty") . "]"; $errors[] = $show_email . ' ' . $this->_T('is not a valid email.'); $this->screenAlert('error', $show_email . ' ' . $this->_T('is not a valid email.')); } // make sure no one is using this email already $email_where = $users_table->getAdapter()->quoteInto('email = ?',$user['email']); if ($users_table->getCountByWhereClause($email_where) > 0) { $errors[] = $this->_T("Email is already in use."); $this->screenAlert('error', 'This email address is already in use.'); } $password_validator = new Zend_Validate(); $password_validator->addValidator(new Zend_Validate_StringLength(6, 32)); // make sure password is at least six chars if (!$password_validator->isValid($user['password'])) { $errors[] = $this->_T("Password must be between %d and %d characters", array(6, RivetyCore_Registry::get('password_length'))); $this->screenAlert('error', $this->_T("Password must be between %d and %d characters", array(6, RivetyCore_Registry::get('password_length')))); } // if password is set, make sure it matches confirm if ($user['password'] != $user['confirm']) { $errors[] = $this->_T("Passwords don't match"); $this->screenAlert('error', $this->_T("Passwords don't match")); } // // do we meet the minimum age? // $minimum_age = RivetyCore_Registry::get('minimum_registration_age', '13') ; // $years_ago = strtotime($minimum_age . ' years ago'); // if ($user['birthday'] > $years_ago) // { // $errors[] = $this->_T("You must be at least %d years old to register.", $minimum_age); // } $params = array( 'request' => $this->getRequest(), 'user' => $user, 'errors' => $errors, ); $additional = $this->_rivety_plugin->doFilter($this->_mca, $params); // FILTER HOOK $errors = $additional['errors']; $user = $additional['user']; // convert birthday_ts to mysql date // $birthday_db = date(DB_DATETIME_FORMAT, $user['birthday']); if (count($errors) == 0) { $roles_table = new Roles(); $users_roles_table = new UsersRoles(); $default_role_shortname = RivetyCore_Registry::get('default_role_shortname'); $role_data = array("username" => $user['username'], "role_id" => $roles_table->getIdByShortname($default_role_shortname)); $users_roles_table->insert($role_data); $user_data = array( 'username' => $user['username'], 'email' => $user['email'], // 'full_name' => $user['full_name'], // 'birthday' => $birthday_db, 'password' => $user['password'], 'created_on' => date("Y-m-d H:i:s"), 'ip' => getenv('REMOTE_ADDR'), ); // if (array_key_exists('about_me', $additional['user'])) // { // $user_data['about_me'] = $additional['user']['about_me']; // } // MAKE IT OFFICIAL $users_table->insert($user_data); // DO SOME PLUGINS $params = array( 'user' => $user_data, 'request' => $request, 'username' => $user['username'], 'autologin' => true, 'autologin_username' => $user['username'], 'autologin_password' => $user['password'], 'autologin_password_hash' => md5($user['password']), 'locale_code' => $this->locale_code, ); $params = $this->_rivety_plugin->doFilter("default_post_register", $params); // FILTER HOOK $this->_rivety_plugin->doAction($this->_mca . "_post_register", $params); // ACTION HOOK (deprecated) // SET UP AUTO-LOGIN, OR DON'T if ($params['autologin']) { $appNamespace = new Zend_Session_Namespace('RivetyCore_Temp'); $appNamespace->autoLogin = $params['autologin']; $appNamespace->autoLoginUsername = $params['autologin_username']; $appNamespace->autoLoginPassword = $params['autologin_password']; $appNamespace->autoLoginPasswordHash = $params['autologin_password_hash']; } // SEND THE USER ON THEIR WAY $url = '/default/user/postregister'; // if there was a URL passed in then add that encoded URL as a param to the default redirect if ($request->has('url')) $url .= '/url/' . $request->url; $this->_redirect($url); } } } $this->view->user = $user; $this->view->pagetitle = $this->_T("Register"); foreach ($errors as $error) { $this->screenAlert('error', $error); } $errors = null; switch ($this->format) { case 'json': die(!empty($this->screen_alerts) ? json_encode(array('messages' => $this->screen_alerts)) : '200 OK'); default: break; } }
function init() { $params = array('username' => null); $modules_table = new Modules("core"); $roles_table = new Roles(); $enabled_modules = $modules_table->getEnabledModules(); foreach ($enabled_modules as $enabled_module) { $this->view->{"module_" . $enabled_module} = true; } if (!empty($_SERVER['HTTPS'])) { $this->view->is_ssl = true; $this->_is_ssl = true; } else { $this->view->is_ssl = false; $this->_is_ssl = false; } $this->_uri = $_SERVER['REQUEST_URI']; $this->_host_id = Zend_Registry::get('host_id'); $this->view->host_id = $this->_host_id; $this->view->session_id = Zend_Session::getId(); $this->view->site_url = Bolts_Registry::get('site_url'); $this->view->site_name = Bolts_Registry::get('site_name'); $this->registry = Zend_Registry::getInstance(); $this->session = new Zend_Session_Namespace('Default'); $this->_mca = $this->_request->getModuleName() . "_" . $this->_request->getControllerName() . "_" . $this->_request->getActionName(); $this->view->mca = str_replace("_", "-", $this->_mca); $this->view->controller_name = $this->_request->getControllerName(); $this->module_name = $this->_request->getModuleName(); $this->view->module_name = $this->_request->getModuleName(); $this->view->action_name = $this->_request->getActionName(); $this->_auth = Zend_Auth::getInstance(); if ($this->_auth->hasIdentity()) { $this->_identity = $this->_auth->getIdentity(); $this->view->isLoggedIn = true; $params['username'] = $this->_identity->username; $users_table = new Users(); $loggedInUser = $users_table->fetchByUsername($this->_identity->username); if (!is_null($loggedInUser)) { $this->_loggedInUser = $loggedInUser; $this->view->loggedInUser = $loggedInUser->toArray(); } $this->view->loggedInUsername = $this->_identity->username; $this->view->loggedInFullName = $this->_identity->full_name; $loggedInRoleIds = $roles_table->getRoleIdsByUsername($this->_identity->username); $this->view->loggedInRoleIds = $loggedInRoleIds; foreach ($loggedInRoleIds as $role_id) { $role = $roles_table->fetchRow('id = ' . $role_id); if ((bool) $role->isadmin) { $this->view->isAdmin = true; $this->_identity->isAdmin = true; } } } else { $this->_identity = null; $this->view->isLoggedIn = false; } $appNamespace = new Zend_Session_Namespace('Bolts_Temp'); $this->view->last_login = $appNamespace->last_login; $this->_Bolts_plugin = Bolts_Plugin::getInstance(); $this->_theme_locations = Zend_Registry::get('theme_locations'); // Theme filter block: Allow plugin's to alter the current theme based on request, locale, etc. $theme_params = array('request' => $this->_request, 'admin' => array('current_theme' => $this->_theme_locations['admin']['current_theme']), 'frontend' => array('current_theme' => $this->_theme_locations['frontend']['current_theme'])); $theme_params = $this->_Bolts_plugin->doFilter('current_themes', $theme_params); // FILTER HOOK if (file_exists($theme_params['admin']['current_theme']['path'])) { $this->_theme_locations['admin']['current_theme'] = $theme_params['admin']['current_theme']; } if (file_exists($theme_params['frontend']['current_theme']['path'])) { $this->_theme_locations['frontend']['current_theme'] = $theme_params['frontend']['current_theme']; $template_path = $this->_theme_locations['frontend']['current_theme']['path'] . "/modules/" . $this->getRequest()->getModuleName(); $this->view->setScriptPath($template_path); } // Theme filter block: End. $this->view->theme_path = $this->_theme_locations['frontend']['current_theme']['path']; $this->view->theme_url = $this->_theme_locations['frontend']['current_theme']['url']; $this->view->theme_global_path = $this->_theme_locations['frontend']['current_theme']['path'] . "/global"; $this->view->theme_global = $this->view->theme_global_path; $this->view->theme_controller_path = $this->_theme_locations['frontend']['current_theme']['path'] . '/modules/' . $this->getRequest()->getModuleName() . "/" . $this->getRequest()->getControllerName(); $this->view->theme_module_path = $this->_theme_locations['frontend']['current_theme']['path'] . '/modules/' . $this->getRequest()->getModuleName(); $this->view->default_theme_path = $this->_theme_locations['frontend']['default_theme']['path']; $this->view->default_theme_url = $this->_theme_locations['frontend']['default_theme']['url']; $this->view->default_theme_global_path = $this->_theme_locations['frontend']['default_theme']['path'] . "/global"; $this->view->default_theme_controller_path = $this->_theme_locations['frontend']['default_theme']['path'] . '/modules/' . $this->getRequest()->getModuleName() . "/" . $this->getRequest()->getControllerName(); $this->view->default_theme_module_path = $this->_theme_locations['frontend']['default_theme']['path'] . '/modules/' . $this->getRequest()->getModuleName(); Bolts_Log::report("Current path " . $this->_mca, null, Zend_Log::INFO); $this->view->isAdminController = false; $this->view->title_prefix = Bolts_Registry::get('title_prefix'); $locale_is_valid = true; $default_locale_code = str_replace('_', '-', trim(strtolower(Bolts_Registry::get('default_locale')))); $this->locale_code = $default_locale_code; if (Bolts_Registry::get('enable_localization') == '1') { // to set the locale code, look in the URL, not in the cookie // the only thing that should check the cookie is the home page and optionally the locale chooser page $locales_table = new Locales(); $db_locales_full = $locales_table->getLocaleCodesArray(true); $db_locales = array_keys($db_locales_full); // Get the locales allowed in the config $allowed_locales = explode(',', Bolts_Registry::get('allowed_locales')); if (!empty($allowed_locales) && (bool) array_filter($allowed_locales)) { $allowed_locales = array_map('trim', $allowed_locales); $allowed_locales = array_map('strtolower', $allowed_locales); $allowed_locales = str_replace('_', '-', $allowed_locales); } else { throw new Exception('Localization is enabled, but no locales are set in `allowed_locales`'); } // Load the allowed locales into Smarty for the admin drop down $all_locales = array(); foreach ($db_locales_full as $code => $name) { if (in_array($code, $allowed_locales)) { $all_locales[$code] = $name; } } $this->view->locale_codes = $all_locales; // Get the locales allowed on the frontend in the config $live_locales = explode(',', Bolts_Registry::get('live_locales')); if (!empty($live_locales) && (bool) array_filter($live_locales)) { $live_locales = array_map('trim', $live_locales); $live_locales = array_map('strtolower', $live_locales); $live_locales = str_replace('_', '-', $live_locales); $this->live_locales = $live_locales; } else { throw new Exception('Localization is enabled, but no locales are set in `live_locales`'); } if ($this->_request->has('locale') && $this->_request->locale != '') { $locale_code = $this->_request->get('locale'); if ($locale_code !== $default_locale_code) { if (ereg("^..-.{2,5}", $locale_code) !== false) { // Get the locales out of the database if (!in_array($locale_code, $db_locales) || !in_array($locale_code, $allowed_locales)) { $locale_is_valid = false; } if ($this->view->isAdmin !== true) { if (!in_array($locale_code, $this->live_locales)) { $locale_is_valid = false; } } } else { $locale_is_valid = false; } } if ($locale_is_valid) { $store_locales = explode(',', Bolts_Registry::get('store_enabled_locales')); if (!empty($store_locales) && (bool) array_filter($store_locales)) { $store_locales = array_map('trim', $store_locales); $store_locales = array_map('strtolower', $store_locales); $store_locales = str_replace('_', '-', $store_locales); if (!in_array($locale_code, $store_locales)) { $this->view->store_enabled = false; } else { $this->view->store_enabled = true; } } else { $this->view->store_enabled = false; } } $locale_params = array('request' => $this->_request, 'locale_code' => $locale_code, 'locale_is_valid' => $locale_is_valid); $locale_params = $this->_Bolts_plugin->doFilter('validate_locale', $locale_params); // FILTER HOOK $locale_code = $locale_params['locale_code']; $locale_is_valid = $locale_params['locale_is_valid']; if ($locale_is_valid == true) { // The locale is good. $this->locale_code = $locale_code; $this->default_locale_code = $default_locale_code; $this->view->locale_code = $locale_code; $this->view->default_locale_code = $default_locale_code; $this->view->request_locale = $locale_code; $this->view->default_locale_code = $default_locale_code; } else { if (strtolower($locale_code) !== $locale_code) { // The locale is probably just upper case. Try lower case. $this->locale_code = strtolower($locale_code); $url = str_replace("/{$locale_code}/", '/', $_SERVER['REDIRECT_URL']); // See Apache Quirks: http://framework.zend.com/manual/en/zend.controller.request.html $this->_redirect($url, array('code' => 301)); } else { // This locale is just bad. $this->locale_code = $default_locale_code; $this->view->locale_code = $default_locale_code; // Checking hasIdentity() here would be incorrect, as guests do not have identities, but may have access to this action if (@Bolts_ResourceCheck::isAllowed("choose", "default", $this->_identity->username, 'Locale')) { $this->_redirect("/bolts/locale/choose/"); } else { if (empty($this->_request->locale)) { $this->_redirect("/", array('code' => 301)); } else { $this->_redirect("/bolts/auth/missing/"); } } } } } elseif ($this->_mca == "default_index_index" && isset($_COOKIE['locale_code'])) { $this->_redirect("/" . $_COOKIE['locale_code'] . "/", array(), false); } else { // Checking hasIdentity() here would be incorrect, as guests do not have identities, but may have access to this action if (@Bolts_ResourceCheck::isAllowed("choose", "default", $this->_identity->username, 'Locale')) { $this->_redirect($default_locale_code . "/bolts/locale/choose/"); } else { $this->_redirect($default_locale_code . "/bolts/auth/missing/"); } } } $this->view->custom_metadata = Bolts_Registry::get('custom_metadata'); $language = substr($this->locale_code, 0, strpos($this->locale_code, '-')); // TODO - these should not be hardcoded here switch ($language) { case 'de': $this->view->format_date = "%e. %b. %Y, %l:%M Uhr"; $this->view->format_datetime = "%A, %e. %B %Y um %l:%M:%S%p Uhr"; $this->view->format_datetime_small = "%e %b %Y, %l:%M%p"; break; case 'fr': $this->view->format_date = "%e %b %Y, %l:%M:%S"; $this->view->format_datetime = "%A %e %B %Y à %l:%M:%S%p"; $this->view->format_datetime_small = "%e %b %Y, %l:%M%p"; break; default: $this->view->format_date = Bolts_Registry::get('format_date'); $this->view->format_datetime = Bolts_Registry::get('format_datetime'); $this->view->format_datetime_small = Bolts_Registry::get('format_datetime_small'); break; } $this->view->current_year = date("Y"); // SAVED FOR FUTURE USE - changing the language pack based on locale // $locale_table = new Locales(); // $locale_data = $locale_table->fetchByLocaleCode($this->view->locale_code); // if (count($locale_data) > 0) { // $this->locale_data = $locale_data['0']; // $this->view->locale_data = $this->locale_data; // $lan_pk = $this->locale_data['language_code'].'_'.$this->locale_data['country_code'].'.UTF-8'; // setlocale(LC_ALL, $lan_pk); // setlocale(LC_NUMERIC, 'en_US.UTF-8'); // setlocale(LC_COLLATE, 'en_US.UTF-8'); // } // this is a way to force the browser to reload some scripts if (Bolts_Registry::get('uncache_css_js_version')) { $this->view->uncache_version = "?v=" . Bolts_Registry::get('uncache_css_js_version'); } if (Bolts_Registry::get('uncache_flash_version')) { $this->view->uncache_flash = "?v=" . Bolts_Registry::get('uncache_flash_version'); } // Set the content type to UTF-8 header('Content-type: text/html; charset=UTF-8'); // get navigation items from database or cache // check for role of identity, if we don't have one, use guest. // TODO - move this to the place where role is determined, there should only be one place if ($this->_auth->hasIdentity()) { $tmp_ids = $loggedInRoleIds; $this->my_roles = $roles_table->fetchRolesByUsername($this->_identity->username)->toArray(); $username = $this->_identity->username; $this->view->username = $username; } else { $tmp_ids = array($roles_table->getIdByShortname("guest")); $this->my_roles = array(0 => array("id" => "1", "shortname" => "guest", "description" => "Guest", "is_admin" => "0", "isguest" => "1", "isdefault" => "0")); } $this->view->my_roles = $this->my_roles; // find the parent roles, add the parent role IDs to the nav_role_ids for inheritance. $nav_parent_role_ids = array(); foreach ($tmp_ids as $nav_role) { $nav_parent_role_ids = array_merge($nav_parent_role_ids, $roles_table->getAllAncestors($nav_role)); } $nav_role_ids = array(); $nav_role_ids = array_merge($nav_parent_role_ids, $tmp_ids); $unique_ids = array_unique($nav_role_ids); sort($unique_ids); $nav_table = new Navigation($unique_ids, $this->locale_code); $cache_name = 'navigation_' . $this->locale_code . '-' . md5(implode($unique_ids, "-")); // MD5 The Unique IDs to shorten the cache name $cache_tags = array('navigation', $this->locale_code); $nav_items_temp = false; if (Bolts_Registry::get('enable_navigation_cache') == '1') { $nav_items_temp = Bolts_Cache::load($cache_name); } if ($nav_items_temp === false || !isset($nav_items_temp)) { $nav_items_temp = array(); foreach ($unique_ids as $nav_role_id) { $nav_items_temp = array_merge($nav_items_temp, $nav_table->getNavTree($nav_role_id)); } if (Bolts_Registry::get('enable_navigation_cache') == '1') { Bolts_Cache::save($nav_items_temp, $cache_name, $cache_tags); } } $navparams = array('nav_items' => $nav_items_temp, 'request' => $this->_request, 'locale_code' => $this->locale_code); $navparams = $this->_Bolts_plugin->doFilter('controller_nav', $navparams); // FILTER HOOK $this->view->nav_items = $navparams['nav_items']; // TODO - Rich fix this // // VIEW STATES // if (!$this->session->view_states) { // $this->session->view_states = array(); // } // // TODO - allow use of regular expressions such as /auth/* // $last_visited_pages_filter = explode('|', Bolts_Registry::get('last_visited_pages_filter')); // if (!in_array($this->_uri, $last_visited_pages_filter)) { // $this->session->view_states['last_visited'] = $this->_uri; // } // $this->view->view_states = $this->session->view_states; // CONTROLLER INIT HOOK $params['request'] = $this->_request; $params['locale_code'] = $this->locale_code; $params['session'] = $this->session; $additional = $this->_Bolts_plugin->doFilter('controller_init', $params); // FILTER HOOK unset($additional['request']); // we don't want to send the request to the view if (isset($additional['filter_redirect'])) { $this->_redirect($additional['filter_redirect']); } foreach ($additional as $key => $value) { $this->view->{$key} = $value; } }
public function preDispatch(Zend_Controller_Request_Abstract $request) { $frontController = Zend_Controller_Front :: getInstance(); $auth = Zend_Auth :: getInstance(); $roles_table = new Roles(); $appNamespace = new Zend_Session_Namespace('RivetyCore_Temp'); if (Zend_Registry :: isRegistered('acl')) { $acl = Zend_Registry :: get('acl'); } else { $acl = new RivetyCore_Acl($auth); Zend_Registry::set('acl', $acl); } // determine role if ($auth->hasIdentity()) { $user = Zend_Auth :: getInstance()->getIdentity(); $users_roles_table = new UsersRoles(); $users_roles_db = $users_roles_table->fetchAll($users_roles_table->select()->where("username = ?", $user->username)); $user_roles = array(); if (count($users_roles_db) > 0) { foreach ($users_roles_db as $role) { $user_roles[] = $role->role_id; $user_roles = array_merge($user_roles, $roles_table->getAllAncestors($role->role_id)); } } $user_roles = array_unique($user_roles); $user_is_guest = false; $defaultNamespace = new Zend_Session_Namespace('Zend_Auth'); // REFRESH THE SESSION EXPIRATION $defaultNamespace->setExpirationSeconds((int)RivetyCore_Registry::get('session_timeout')); } else { $user_roles = array($roles_table->getIdByShortname("guest")); $user_is_guest = true; } $requested = $request->getModuleName() . "-" . ucfirst(strtolower($request->getControllerName())) . "-" . $request->getActionName(); $url = $frontController->getBaseUrl() . "/"; if (!$acl->has($requested)) { // this doesn't exist, throw to 404 $request->setModuleName('default'); $request->setControllerName('auth'); $request->setActionName('missing'); } else { $isAllowed = array(); foreach ($user_roles as $user_role) { $isAllowed[$user_role] = $acl->isAllowed($user_role, $requested); // if ($acl->isAllowed($user_role, $requested)) // { // $isAllowed[$user_role] = true; // } // else // { // $isAllowed[$user_role] = false; // } } if (!in_array(true, $isAllowed)) { if ($user_is_guest) { $url .= $request->getModuleName() . "/"; $url .= $request->getControllerName() . "/"; $url .= $request->getActionName() . "/"; $params = $request->getParams(); while ($param = current($params)) { if (key($params) != "module" && key($params) != "controller" && key($params) != "action") $url .= key($params) . '/' . $param . "/"; next($params); } if (substr($url,strlen($url) - 1, 1) == "/") { $url = substr($url, 0, strlen($url) - 1); } // place requested url in the session, unless this is the login controller if ($request->getControllerName() != "auth") { $request->setParam('ourl', base64_encode($url)); // $appNamespace->requestedUrl = $url; } $blockedActions = RivetyCore_Registry::get('disable_login_redirect'); if (!empty($blockedActions)) $blockedActions = explode(',', $blockedActions); $mca = $request->getModuleName() . "_" . $request->getControllerName() . "_" . $request->getActionName(); if (is_array($blockedActions) && in_array($mca, $blockedActions)) { // forward to the 401 Unauthorized page $request->setModuleName('default'); $request->setControllerName('auth'); $request->setActionName('unauthorized'); } else { // forward to the login script $request->setModuleName('default'); $request->setControllerName('auth'); $request->setActionName('login'); } } else { $admin = "default-Admin-index"; $isAdmin = array(); foreach($user_roles as $user_role) { $isAdmin[$user_role] = $acl->isAllowed($user_role, $admin); // if ($acl->isAllowed($user_role, $admin)) // { // $isAdmin[$user_role] = true; // } // else // { // $isAdmin[$user_role] = false; // } } if (!in_array(true, $isAdmin)) { $request->setModuleName('default'); $request->setControllerName('auth'); $request->setActionName('denied'); } else { $request->setModuleName('default'); $request->setControllerName('admin'); $request->setActionName('index'); } } } } }
public function preDispatch(Zend_Controller_Request_Abstract $request) { $frontController = Zend_Controller_Front::getInstance(); $auth = Zend_Auth::getInstance(); $roles_table = new Roles(); $appNamespace = new Zend_Session_Namespace('Bolts_Temp'); if (Zend_Registry::isRegistered('acl')) { $acl = Zend_Registry::get('acl'); } else { $acl = new Bolts_Acl($auth); Zend_Registry::set('acl', $acl); } // determine role if ($auth->hasIdentity()) { $user = Zend_Auth::getInstance()->getIdentity(); $users_roles_table = new UsersRoles(); $users_roles_db = $users_roles_table->fetchAll($users_roles_table->select()->where("username = ?", $user->username)); $user_roles = array(); if (count($users_roles_db) > 0) { foreach ($users_roles_db as $role) { $user_roles[] = $role->role_id; $user_roles = array_merge($user_roles, $roles_table->getAllAncestors($role->role_id)); } } $user_roles = array_unique($user_roles); $user_is_guest = false; $defaultNamespace = new Zend_Session_Namespace('Zend_Auth'); $defaultNamespace->setExpirationSeconds(86400); } else { $user_roles = array($roles_table->getIdByShortname("guest")); $user_is_guest = true; } $requested = $request->getModuleName() . "-" . ucfirst(strtolower($request->getControllerName())) . "-" . $request->getActionName(); $url = $frontController->getBaseUrl() . "/"; if (!$acl->has($requested)) { // this doesn't exist, throw to 404 $request->setModuleName('bolts'); $request->setControllerName('auth'); $request->setActionName('missing'); } else { $isAllowed = array(); foreach ($user_roles as $user_role) { if ($acl->isAllowed($user_role, $requested)) { $isAllowed[$user_role] = true; } else { $isAllowed[$user_role] = false; } } if (!in_array(true, $isAllowed)) { if ($user_is_guest) { $url .= $request->getModuleName() . "/"; $url .= $request->getControllerName() . "/"; $url .= $request->getActionName() . "/"; $params = $request->getParams(); while ($param = current($params)) { if (key($params) != "module" and key($params) != "controller" and key($params) != "action") { $url .= key($params) . '/' . $param . "/"; } next($params); } if (substr($url, strlen($url) - 1, 1) == "/") { $url = substr($url, 0, strlen($url) - 1); } //Zend_debug::dump($params); //Zend_debug::dump($url); // place requested url in the sesson, // unless this is the login controller if ($request->getControllerName() != "auth") { $request->setParam('url', base64_encode($url)); //$appNamespace->requestedUrl = $url; } // send on to the login scipt $request->setModuleName('bolts'); $request->setControllerName('auth'); $request->setActionName('login'); } else { $admin = "bolts-Admin-index"; $isAdmin = array(); foreach ($user_roles as $user_role) { if ($acl->isAllowed($user_role, $admin)) { $isAdmin[$user_role] = true; } else { $isAdmin[$user_role] = false; } } if (!in_array(true, $isAdmin)) { $request->setModuleName('bolts'); $request->setControllerName('auth'); $request->setActionName('denied'); } else { $request->setModuleName('bolts'); $request->setControllerName('admin'); $request->setActionName('index'); } } } } }