/**
* authenticate complete menu
* checks whether current user/admin fulfills requirements defined in site.ini.xml
*
* if a menu needs authentication and admin meets the required authentication level the menu entries are checked
* if single entries require a higher authentication level, they are hidden by setting their display-property to "none"
*
* authenticateMenuByTableRowAccess(Menu $m)
* authenticateMenuByMiscRules(Menu $m)
* should be implemented on a per-application level
*
* @param Menu $m
* @return boolean
*/
protected function authenticateMenu(Menu $m)
{
if (is_null($m->getAuth())) {
return TRUE;
}
$admin = User::getSessionUser();
if (!$admin || !$admin->isAuthenticated()) {
return FALSE;
}
// unhide all menu entries, in case privileges have changed
foreach ($m->getEntries() as $e) {
$e->setAttribute('display', NULL);
}
// superadmin sees everything
if ($admin->hasSuperAdminPrivileges()) {
return TRUE;
}
// handle different authentication levels
if ($m->getAuth() === User::AUTH_OBSERVE_TABLE && $admin->getPrivilegeLevel() >= User::AUTH_OBSERVE_TABLE) {
if ($this->authenticateMenuByTableRowAccess($m)) {
foreach ($m->getEntries() as $e) {
if (!$this->authenticateMenuEntry($e)) {
$e->setAttribute('display', 'none');
}
}
return TRUE;
} else {
return FALSE;
}
}
if ($m->getAuth() === User::AUTH_OBSERVE_ROW && $admin->getPrivilegeLevel() >= User::AUTH_OBSERVE_ROW) {
if ($this->authenticateMenuByTableRowAccess($m)) {
foreach ($m->getEntries() as $e) {
if (!$this->authenticateMenuEntry($e)) {
$e->setAttribute('display', 'none');
}
}
return TRUE;
} else {
return FALSE;
}
}
if ($m->getAuth() >= $admin->getPrivilegeLevel()) {
foreach ($m->getEntries() as $e) {
if (!$e->isAuthenticatedBy($admin->getPrivilegeLevel())) {
$e->setAttribute('display', 'none');
}
}
return TRUE;
}
// optional custom fallback
return $this->authenticateMenuByMiscRules($m);
}
/**
* Parse XML menu entries and creates menu instance
*
* @param simpleXmlElement $menu
* @return Menu
*/
private function parseMenu(\SimpleXMLElement $menu)
{
$a = $menu->attributes();
$root = isset($a->script) ? (string) $a->script : $this->site->root_document;
$type = isset($a->type) && (string) $a->type === 'dynamic' ? 'dynamic' : 'static';
$service = !empty($a->service) ? (string) $a->service : NULL;
$id = !empty($a->id) ? (string) $a->id : NULL;
if ($type === 'dynamic' && !$service) {
throw new ConfigException("A dynamic menu requires a configured service.");
}
$m = new Menu($root, $id, $type, $service);
if (isset($a->auth)) {
// set optional authentication level; if level is not defined, menu is locked for everyone
// if auth level is defined, additional authentication parameters can be set
$menuAuth = strtoupper(trim((string) $a->auth));
if (defined("vxPHP\\User\\User::AUTH_{$menuAuth}")) {
$m->setAuth(constant("vxPHP\\User\\User::AUTH_{$menuAuth}"));
if (isset($a->auth_parameters)) {
$m->setAuthParameters((string) $a->auth_parameters);
}
} else {
$m->setAuth(-1);
}
} else {
$menuAuth = NULL;
}
foreach ($menu->children() as $entry) {
if ($entry->getName() == 'menuentry') {
$a = $entry->attributes();
if (isset($a->page) && isset($a->path)) {
throw new ConfigException(sprintf("Menu entry with both page ('%s') and path ('%s') attribute found.", (string) $a->page, (string) $a->path));
}
// menu entry comes with a path attribute (which can also link an external resource)
if (isset($a->path)) {
$path = (string) $a->path;
$local = strpos($path, '/') !== 0 && !preg_match('~^[a-z]+://~', $path);
$e = new MenuEntry($path, $a, $local);
} else {
if (isset($a->page)) {
$page = (string) $a->page;
if (!isset($this->routes[$m->getScript()][$page])) {
throw new ConfigException(sprintf("No route for menu entry ('%s') found. Available routes for script '%s' are '%s'.", $page, $m->getScript(), empty($this->routes[$m->getScript()]) ? 'none' : implode("', '", array_keys($this->routes[$m->getScript()]))));
}
$e = new MenuEntry((string) $this->routes[$m->getScript()][$page]->getPath(NULL, TRUE), $a, TRUE);
}
}
// handle authentication settings of menu entry
if ($menuAuth || isset($a->auth)) {
// fallback to menu settings, when auth attribute is not set
if (!isset($a->auth)) {
$e->setAuth($m->getAuth());
$e->setAuthParameters($m->getAuthParameters());
} else {
// set optional authentication level; if level is not defined, entry is locked for everyone
// if auth level is defined, additional authentication parameters can be set
$auth = strtoupper(trim((string) $a->auth));
if (defined("UserAbstract::AUTH_{$auth}")) {
$e->setAuth(constant("UserAbstract::AUTH_{$auth}"));
if (isset($a->auth_parameters)) {
$e->setAuthParameters((string) $a->auth_parameters);
}
} else {
$e->setAuth(-1);
}
}
}
$m->appendEntry($e);
if (isset($entry->menu)) {
$e->appendMenu($this->parseMenu($entry->menu));
}
} else {
if ($entry->getName() == 'menuentry_placeholder') {
$a = $entry->attributes();
$e = new DynamicMenuEntry(NULL, $a);
$m->appendEntry($e);
}
}
}
return $m;
}
