/** * This method triggers the internal processing. * It may be overridden if required, e.g. to implement your own action-handling. * By default, the method to be called is set up out of the action-param passed. * Example: The action requested is names "newPage". Therefore, the framework tries to * call actionNewPage(). If no method matching the schema is found, an exception is being thrown. * The actions' output is saved back to self::strOutput and, is returned in addition. * Returning the content is only implemented to remain backwards compatible with older implementations. * Since Kajona 4.0, the check on declarative permissions via annotations is supported. * Therefore the list of permissions, named after the "permissions" annotation are validated against * the module currently loaded. * * @param string $strAction * * @see class_rights::validatePermissionString * * @throws class_exception * @return string * @since 3.4 */ public function action($strAction = "") { if ($strAction != "") { $this->setAction($strAction); } $strAction = $this->getAction(); //search for the matching method - build method name $strMethodName = "action" . uniStrtoupper($strAction[0]) . uniSubstr($strAction, 1); if (method_exists($this, $strMethodName)) { //validate the permissions required to call this method, the xml-part is validated afterwards $objAnnotations = new class_reflection(get_class($this)); $strPermissions = $objAnnotations->getMethodAnnotationValue($strMethodName, "@permissions"); if ($strPermissions !== false) { if (validateSystemid($this->getSystemid()) && class_objectfactory::getInstance()->getObject($this->getSystemid()) != null) { $objObjectToCheck = class_objectfactory::getInstance()->getObject($this->getSystemid()); } else { $objObjectToCheck = $this->getObjModule(); } if (!class_carrier::getInstance()->getObjRights()->validatePermissionString($strPermissions, $objObjectToCheck)) { class_response_object::getInstance()->setStrStatusCode(class_http_statuscodes::SC_UNAUTHORIZED); $this->strOutput = $this->objToolkit->warningBox($this->getLang("commons_error_permissions")); $objException = new class_exception("you are not authorized/authenticated to call this action", class_exception::$level_ERROR); if (_xmlLoader_) { throw $objException; } else { $objException->setIntDebuglevel(0); $objException->processException(); return $this->strOutput; } } } //validate the loading channel - xml or regular if (_xmlLoader_ === true) { //check it the method is allowed for xml-requests if (!$objAnnotations->hasMethodAnnotation($strMethodName, "@xml") && substr(get_class($this), -3) != "xml") { throw new class_exception("called method " . $strMethodName . " not allowed for xml-requests", class_exception::$level_FATALERROR); } if ($this->getArrModule("modul") != $this->getParam("module") && $this->getParam("module") != "messaging") { class_response_object::getInstance()->setStrStatusCode(class_http_statuscodes::SC_UNAUTHORIZED); throw new class_exception("you are not authorized/authenticated to call this action", class_exception::$level_FATALERROR); } } $this->strOutput = $this->{$strMethodName}(); } else { $objReflection = new ReflectionClass($this); //if the pe was requested and the current module is a login-module, there are insufficient permissions given if ($this->getArrModule("template") == "/login.tpl" && $this->getParam("pe") != "") { throw new class_exception("You have to be logged in to use the portal editor!!!", class_exception::$level_ERROR); } if (get_class($this) == "class_module_login_admin_xml") { class_response_object::getInstance()->setStrStatusCode(class_http_statuscodes::SC_UNAUTHORIZED); throw new class_exception("you are not authorized/authenticated to call this action", class_exception::$level_FATALERROR); } $this->strOutput = $this->objToolkit->warningBox("called method " . $strMethodName . " not existing for class " . $objReflection->getName()); $objException = new class_exception("called method " . $strMethodName . " not existing for class " . $objReflection->getName(), class_exception::$level_ERROR); $objException->setIntDebuglevel(0); $objException->processException(); } return $this->strOutput; }
/** * This method is called, if an exception was thrown in the code but not caught * by an try-catch block. * * @param class_exception $objException * * @return void */ public static function globalExceptionHandler($objException) { if (!$objException instanceof class_exception) { $objException = new class_exception((string) $objException, class_exception::$level_FATALERROR); } $objException->processException(); class_response_object::getInstance()->sendHeaders(); }