public function Authenticate($pageTypeUniqId, $root_url, $returnUrl) { if (isset($this->UserUniqId)) { // members, contributors, and admin all have access to secured pages by default if ($this->Role == 'Member' || $this->Role == 'Contributor' || $this->Role == 'Admin') { return true; } else { // check permissions if (Utilities::CanPerformAction($pageTypeUniqId, $this->CanView) == false) { $this->Redirect($root_url, $returnUrl, '#invalid-permissions'); } else { return true; } } } else { $this->Redirect($root_url, $returnUrl); } }
/** * @method POST */ function post() { // get token $token = Utilities::ValidateJWTToken(apache_request_headers()); // check if token is not null if ($token != NULL) { // get user $user = User::GetByUserId($token->UserId); $site = Site::GetBySiteId($token->SiteId); // creates an access object $access = Utilities::SetAccess($user); parse_str($this->request->data, $request); // parse request $pageId = $request['pageId']; // get page type $content = $request['content']; // get page type $status = 'draft'; // get page and site $page = Page::GetByPageId($pageId); // make sure the user is part of the site (or is a superadmin) if ($user['SiteId'] != $page['SiteId']) { return new Tonic\Response(Tonic\Response::UNAUTHORIZED); } // default is root $pageTypeId = -1; $pageType = NULL; // determine if file is in sub-direcotry if ($page['PageTypeId'] != -1) { $pageType = PageType::GetByPageTypeId($page['PageTypeId']); // set page type $pageTypeId = $pageType['PageTypeId']; } // get permissions $canEdit = Utilities::CanPerformAction($pageTypeId, $access['CanEdit']); $canPublish = Utilities::CanPerformAction($pageTypeId, $access['CanPublish']); // check permissions to save a draft if ($canEdit == true || $canPublish == true) { // create a preview $url = Publish::PublishPage($page['PageId'], true); } // strip leading '../' from string $url = str_replace('../', '', $url); $response = new Tonic\Response(Tonic\Response::OK); $response->contentType = 'text/html'; $response->body = $url; return $response; } else { // unauthorized access return new Tonic\Response(Tonic\Response::UNAUTHORIZED); } }
/** * @method POST */ function unpublish($pageUniqId) { // get an authuser $authUser = new AuthUser(); if (isset($authUser->UserUniqId)) { // check if authorized // get page $page = Page::GetByPageUniqId($pageUniqId); // make sure the user is part of the site (or is a superadmin) if ($authUser->IsSuperAdmin == false && $authUser->SiteId != $page['SiteId']) { return new Tonic\Response(Tonic\Response::UNAUTHORIZED); } // delete page $site = Site::GetBySiteId($page['SiteId']); $filename = '../sites/' . $site['FriendlyId'] . '/'; // default is root $pageTypeUniqId = -1; // get $pageTypeUniqId if ($page['PageTypeId'] != -1) { $pageType = PageType::GetByPageTypeId($page['PageTypeId']); $filename .= strtolower($pageType['FriendlyId']) . '/'; $pageTypeUniqId = $pageType['PageTypeUniqId']; } // check permissions if (Utilities::CanPerformAction($pageTypeUniqId, $authUser->CanPublish) == false) { return new Tonic\Response(Tonic\Response::UNAUTHORIZED); } // set active Page::SetIsActive($pageUniqId, 0); // remove file $filename = $filename . $page['FriendlyId'] . '.php'; if (file_exists($filename)) { unlink($filename); } // return a json response $response = new Tonic\Response(Tonic\Response::OK); } else { // unauthorized access return new Tonic\Response(Tonic\Response::UNAUTHORIZED); } }
/** * @method GET */ function get() { // get token $token = Utilities::ValidateJWTToken(apache_request_headers()); // check if token is not null if ($token != NULL) { $siteId = $token->SiteId; // get user $user = User::GetByUserId($token->UserId); // creates an access object $access = Utilities::SetAccess($user); // get pagetype $list = PageType::GetPageTypes($siteId); // allowed $allowed = array(); // create a root element in the array $root = array('FriendlyId' => '', 'IsSecure' => 0, 'LastModifiedBy' => NULL, 'LastModifiedDate' => NULL, 'Layout' => 'content', 'PageTypeId' => -1, 'PageTypeId' => -1, 'SiteId' => -1, 'Stylesheet' => 'content'); // return the entire list for all access if ($access['CanAccess'] == 'All') { $allowed = $list; array_unshift($allowed, $root); } else { foreach ($list as $row) { $pageTypeId = $row['PageTypeId']; if (Utilities::CanPerformAction('root', $access['CanAccess']) != false) { array_push($allowed, $root); } //print('$pageTypeId='.$pageTypeId.' access='.$access['CanAccess']); // check permissions if (Utilities::CanPerformAction($pageTypeId, $access['CanAccess']) != false) { array_push($allowed, $row); } } } // return a json response $response = new Tonic\Response(Tonic\Response::OK); $response->contentType = 'application/json'; $response->body = json_encode($allowed); return $response; } else { // unauthorized access return new Tonic\Response(Tonic\Response::UNAUTHORIZED); } }
/** * @method GET */ function get() { // get an authuser $authUser = new AuthUser(); if (isset($authUser->UserUniqId)) { // check if authorized $siteId = $authUser->SiteId; // get pagetype $list = PageType::GetPageTypes($siteId); // allowed $allowed = array(); // return the entire list for all access if ($authUser->Access == 'All') { $allowed = $list; } else { foreach ($list as $row) { $pageTypeUniqId = $row['PageTypeUniqId']; // check permissions if (Utilities::CanPerformAction($pageTypeUniqId, $authUser->Access) !== false) { array_push($allowed, $row); } } } // return a json response $response = new Tonic\Response(Tonic\Response::OK); $response->contentType = 'application/json'; $response->body = json_encode($allowed); return $response; } else { // unauthorized access return new Tonic\Response(Tonic\Response::UNAUTHORIZED); } }