/** * @param array $attributes * @param bool $clearErrors * * @throws DreamFactory\Platform\Exceptions\ForbiddenException * @return bool */ public function validate($attributes = null, $clearErrors = true) { if ($this->_skipped) { $this->_emailAddress = null; return true; } /** @var User $_user */ if (null === ($_user = User::model()->findByPk(Session::getCurrentUserId()))) { throw new ForbiddenException(); } if (empty($this->_emailAddress)) { $this->_emailAddress = $_user->email; } return parent::validate($attributes, $clearErrors); }
/** * Authenticates the password. * This is the 'authenticate' validator as declared in rules(). */ public function authenticate($attribute, $params) { if (!$this->hasErrors()) { try { $_duration = $this->rememberMe ? 3600 * 24 * 30 : 0; /** @var PlatformUserIdentity $_identity */ if (Session::userLogin($this->username, $this->password, $_duration, false)) { return true; } $this->addError(static::ERROR_ATTRIBUTE, static::ERROR_MESSAGE); } catch (\Exception $_ex) { $this->addError(static::ERROR_ATTRIBUTE, $_ex->getMessage()); } } return false; }
/** * {@InheritDoc} */ public function init() { // Admins only! if (!Session::isSystemAdmin()) { throw new \CHttpException(HttpResponse::Forbidden, 'Access Denied.'); } parent::init(); // We want merged update/create... $this->setSingleViewMode(true); $this->layout = 'mobile'; $this->defaultAction = 'index'; // Everything is auth-required $this->addUserActions(static::Authenticated, array('cache', 'index', 'update', 'error', 'create')); // Set the command map static::$_cacheCommandMap = array('flush' => function () { return Platform::storeDeleteAll(); }); }
/** * Displays the system configuration page if an admin */ public function actionConfig() { if (!Session::isSystemAdmin()) { throw new NotFoundException(); } phpinfo(INFO_ALL); Pii::end(); }
/** * /rest/index */ public function actionIndex() { try { // require admin currently to list APIs Session::checkServicePermission(HttpMethod::GET, null); $_result = array('service' => Service::available(false, array('name', 'api_name'))); $_outputFormat = RestResponse::detectResponseFormat(null, $_internal); $_result = DataFormatter::reformatData($_result, null, $_outputFormat); RestResponse::sendResults($_result, RestResponse::Ok, $_outputFormat); } catch (\Exception $_ex) { RestResponse::sendErrors($_ex); } }