public function updatePaths() { $this->set('pff_path_public', $this->_publicFolder); $this->set('pff_path_css', $this->_cssFolder); $this->set('pff_path_img', $this->_imgFolder); $this->set('pff_path_js', $this->_jsFolder); if (ModuleManager::isLoaded('pff2-s3')) { $s3 = ModuleManager::loadModule('pff2-s3'); $this->set('pff_path_files', $s3->getCloudfrontUrl() ?: $this->_filesFolder); } else { $this->set('pff_path_files', $this->_filesFolder); } $this->set('pff_path_vendor', $this->_vendorFolder); $this->set('pff_root_ext', $this->_app->getExternalPath()); }
/** * @return bool * @throws \Doctrine\ORM\ORMException * @throws \Doctrine\ORM\OptimisticLockException * @throws \Doctrine\ORM\TransactionRequiredException * @throws PffException */ public function doBefore() { $annotationReader = ModuleManager::loadModule('pff2-annotations'); $class_permissions = $annotationReader->getClassAnnotation('Pff2Permissions'); $method_permissions = $annotationReader->getMethodAnnotation('Pff2Permissions'); //There's no permissions, let the user in if (!$method_permissions && !$class_permissions) { return true; } if ($method_permissions && !$class_permissions) { $annotations = $method_permissions; } else { if (!$method_permissions && $class_permissions) { $annotations = $class_permissions; } else { $annotations = array_merge($method_permissions, $class_permissions); $annotations = array_unique($annotations); } } if (isset($_SESSION['logged_data'][$this->sessionUserId])) { if ($this->dbType == 'odm') { $user = $this->_controller->_dm->find('\\pff\\models\\' . $this->userClass, $_SESSION['logged_data'][$this->sessionUserId]); } else { $user = $this->_controller->_em->find('\\pff\\models\\' . $this->userClass, $_SESSION['logged_data'][$this->sessionUserId]); } $perm = call_user_func(array($user, $this->getPermission)); if (!$perm) { throw new PffException('Action not permitted', 403); } } else { header("Location: " . $this->_app->getExternalPath() . $this->controllerNotLogged . "/" . $this->actionNotLogged); exit; } foreach ($annotations as $a) { if (!call_user_func(array($perm, 'get' . $a))) { throw new PffException('Action not permitted', 403); } } return true; }