/** * Loads the data from the server * * @access public * @param \Zepi\Turbo\Framework $framework * @param \Zepi\Turbo\Request\WebRequest $request * @param \Zepi\Turbo\Response\Response $response */ public function execute(Framework $framework, WebRequest $request, Response $response) { // Verify the session if (!$request->hasSession() || $request->getRouteParam('token') == '') { $response->redirectTo('/'); return; } $token = $request->getRouteParam('token'); // Verify the datatable session data if (!$this->hasValidSessionData($request, $token)) { $response->redirectTo('/'); return; } $class = $request->getSessionData('dt-class-' . $token); $time = $request->getSessionData('dt-time-' . $token); // Session time expired if ($time > time() + 600) { $response->redirectTo('/'); return; } $table = new $class($framework, false); $generator = $this->getTableRenderer(); $preparedTable = $generator->prepareTable($request, $table, ''); $data = array('data' => array()); foreach ($preparedTable->getBody()->getRows() as $row) { $data['data'][] = $row->toArray(); } $response->setOutput(json_encode($data)); }
/** * Displays the administration overview page * * @access public * @param \Zepi\Turbo\Framework $framework * @param \Zepi\Turbo\Request\WebRequest $request * @param \Zepi\Turbo\Response\Response $response */ public function execute(Framework $framework, WebRequest $request, Response $response) { // Redirect if the user hasn't a valid session if (!$request->hasSession()) { $response->redirectTo('/'); return; } // Prepare the page $this->setTitle($this->translate('Administration', '\\Zepi\\Web\\General')); $menuEntry = $this->activateMenuEntry(); // Generate the overview page $overviewPage = $this->getOverviewPageRenderer()->render($framework, $menuEntry); // Display the overview page $response->setOutput($this->render('\\Zepi\\Web\\General\\Templates\\Administration', array('overviewPage' => $overviewPage))); }
/** * Registers the menu entries which are only accessable if the user is logged in * or not logged in, in example login or logout menu entry. * * @access public * @param \Zepi\Turbo\Framework $framework * @param \Zepi\Turbo\Request\WebRequest $request * @param \Zepi\Turbo\Response\Response $response */ public function execute(Framework $framework, WebRequest $request, Response $response) { if ($request->hasSession()) { $profileMenuEntry = new \Zepi\Web\General\Entity\MenuEntry('profile', $this->translate('Profile', '\\Zepi\\Web\\AccessControl'), 'profile', 'mdi-person'); $this->getMenuManager()->addMenuEntry('menu-right', $profileMenuEntry, 90); // Add the hidden user settings menu entry $userSettingsSubMenuEntry = new \Zepi\Web\General\Entity\HiddenMenuEntry($this->translate('User settings', '\\Zepi\\Web\\AccessControl')); $profileMenuEntry->addChild($userSettingsSubMenuEntry); // Add the hidden change password menu entry $changePasswordSubMenuEntry = new \Zepi\Web\General\Entity\HiddenMenuEntry($this->translate('Change password', '\\Zepi\\Web\\AccessControl'), 'profile/change-password', 'mdi-vpn-key'); $userSettingsSubMenuEntry->addChild($changePasswordSubMenuEntry); // Add the logout menu entry $menuEntry = new \Zepi\Web\General\Entity\MenuEntry('logout', $this->translate('Logout', '\\Zepi\\Web\\AccessControl'), 'logout', 'glyphicon-log-out'); $this->getMenuManager()->addMenuEntry('menu-right', $menuEntry, 100); } else { if ($this->getSetting('accesscontrol.allowRegistration')) { $menuEntry = new \Zepi\Web\General\Entity\MenuEntry('registration', $this->translate('Registration', '\\Pmx\\Autopilot\\AccessControl'), '/register/', 'mdi-account-circle'); $this->getMenuManager()->addMenuEntry('menu-right', $menuEntry); } $menuEntry = new \Zepi\Web\General\Entity\MenuEntry('login', $this->translate('Login', '\\Zepi\\Web\\AccessControl'), 'login', 'glyphicon-log-in'); $this->getMenuManager()->addMenuEntry('menu-right', $menuEntry, 100); } }
/** * Filters the given menu entries and removes all protected menu * entries for which the sender hasn't the correct permission. * * @access public * @param \Zepi\Turbo\Framework $framework * @param \Zepi\Turbo\Request\WebRequest $request * @param \Zepi\Turbo\Response\Response $response */ public function execute(Framework $framework, WebRequest $request, Response $response) { // Redirect if the user already has a valid session if ($request->hasSession()) { $response->redirectTo('/', 307); return; } // Set the title for the page $this->setTitle($this->translate('Login', '\\Zepi\\Web\\AccessControl')); // Get the form object $loginForm = $this->createForm($framework, $request, $response); // Process the submitted form data $loginForm->processFormData($request); // Validate the form data and authorize the user $result = false; $errors = array(); if ($loginForm->isSubmitted()) { $errors = $loginForm->validateFormData($framework); if (count($errors) === 0) { $result = $this->authorizeUser($loginForm, $framework, $request, $response); } } // Fill the errors into the error box $errorBox = $loginForm->getPart('login-errors'); $errorBox->updateErrorBox($loginForm, $result, $errors); // If $result isn't true, display the login form if (!$loginForm->isSubmitted() || $errorBox->hasErrors()) { $renderedOutput = $this->render('\\Zepi\\Web\\AccessControl\\Templates\\LoginForm', array('result' => $result, 'errors' => $errors, 'form' => $loginForm, 'layoutRenderer' => $this->getLayoutRenderer(), 'allowRegistration' => $this->getSetting('accesscontrol.allowRegistration'), 'allowRenewPassword' => $this->getSetting('accesscontrol.allowRenewPassword'))); $response->setOutput($renderedOutput); } }
/** * Verifies a protected menu entry. * * @access protected * @param \Zepi\Web\General\Entity\ProtectedMenuEntry $protectedEntry * @param \Zepi\Turbo\Request\WebRequest $request * @return boolean */ protected function verifyProtectedEntry(ProtectedMenuEntry $protectedEntry, WebRequest $request) { // If the user has no session we do not have to check the permissions if (!$request->hasSession()) { return false; } // If the access level key is empty but the user has a // session everything is fine with this entry. if ($request->hasSession() && $protectedEntry->getAccessLevelKey() === '') { return true; } // Check the permissions if ($request->getSession()->hasAccess($protectedEntry->getAccessLevelKey())) { return true; } // If the user has no access to the database we return false return false; }