// force single entityId into an array
$array = array($entityId);
// update pointer
$entityId = $array;
}
try {
$bp = BlueprintReader::read($entitySignature);
$dao = new EntityDAO($bp);
$failures = 0;
foreach ($entityId as $id) {
$xmlDelete = $xmlAttempts->addChild("delete");
$xmlDelete->addAttribute("signature", $entitySignature);
$xmlDelete->addAttribute("id", $id);
try {
// Make sure the user has permission to perform this action
if (BPConfig::$guardian_enable !== true || Guardian::authorize(Session::user(BPConfig::$guardian_identity_session_key), "DELETE", $bp->getKey(), $id)) {
$dao->delete($id);
$xmlDelete->addChild("status", "success");
$xmlDelete->addChild("message", "Entity was deleted successfully.");
$xmlDelete->addChild("html", "Deleted " . $entitySignature . " with ID#" . $id);
} else {
Log::warning("* Guardian denied access to delete " . $bp->getKey() . " with ID {$id}");
$failures++;
$xmlDelete->addChild("message", "Access denied.");
$xmlDelete->addChild("html", "Access to delete " . $entitySignature . " with ID#" . $id . " was denied.");
}
} catch (Exception $e) {
Log::error("* Caught Exception: " . $e->getMessage());
$failures++;
$xmlDelete->addChild("status", "error");
$xmlDelete->addChild("message", "Caught Exception: " . htmlentities($e->getMessage()));
// Add entityId to $params ?necessary?
$params["entityId"] = $entityId;
}
// ? Only test Guardian auth() if entityId is defined
// ? Or, add a new META accessType to <AccessGroup>
// ... test for META access when entityId is not defined
// Make sure the user has permission to access this resource
$flag_guardian_access_approved = false;
list($bpKey) = explode(".", $entitySignature);
if (BPConfig::$guardian_enable === false) {
$flag_guardian_access_approved = true;
} else {
if (empty($entityId) && Guardian::authorize(Session::user(BPConfig::$guardian_identity_session_key), "META", $bpKey, null)) {
$flag_guardian_access_approved = true;
} else {
if (Guardian::authorize(Session::user(BPConfig::$guardian_identity_session_key), "SELECT", $bpKey, $entityId)) {
$flag_guardian_access_approved = true;
} else {
// No access to this resource
}
}
}
if ($flag_guardian_access_approved) {
switch ($view) {
case "xml":
// Render XML
$xmlRendering = DraftingDesk::renderForm("FormXMLDrafter", $entitySignature, $formSignature, $params);
// Prepare response
$xml->addChild("status", "success");
$xml->addChild("message", "Successfully rendered a form as xml");
$xml->addChild("xml", $xmlRendering);
* Login Page
* ----------
*
* [1]. manager/login
*
*/
Route::accept($config->manager->slug . '/login', function () use($config, $speak) {
if (!File::exist(File::D(__DIR__) . DS . 'launch.php')) {
Shield::abort('404-manager');
}
if (Guardian::happy()) {
Guardian::kick($config->manager->slug . '/article');
}
Config::set(array('page_title' => $speak->log_in . $config->title_separator . $config->title, 'cargo' => 'cargo.login.php'));
include __DIR__ . DS . 'cargo.php';
if ($request = Request::post()) {
Guardian::authorize()->kick(isset($request['kick']) ? $request['kick'] : $config->manager->slug . '/article');
}
Shield::attach('manager-login');
}, 20);
/**
* Logout Page
* -----------
*
* [1]. manager/logout
*
*/
Route::accept($config->manager->slug . '/logout', function () use($config, $speak) {
Notify::success(ucfirst(strtolower($speak->logged_out)) . '.');
Guardian::reject()->kick($config->manager->slug . '/login');
}, 21);
} else {
Log::warning("* Guardian denied access to update " . $entityBP->getKey() . " with ID {$entityId}");
$responseNode->appendChild($dom->createElement("status", "error"));
$responseNode->appendChild($dom->createElement("message", "Access Denied"));
}
} catch (Exception $e) {
$responseNode->appendChild($dom->createElement("status", "error"));
$responseNode->appendChild($dom->createElement("message", "Caught Exception : " . $e->getMessage()));
}
} else {
/*
// Insert a new Entity
*/
try {
// Make sure the user has permission to perform this action
if (BPConfig::$guardian_enable !== true || Guardian::authorize(Session::user(BPConfig::$guardian_identity_session_key), "INSERT", $entityBP->getKey(), null)) {
$insertId = $dao->insert($entity);
$entity->setId($insertId);
$responseNode->appendChild($dom->createElement("status", "success"));
$responseNode->appendChild($dom->createElement("message", "Inserted {$entitySignature} ({$insertId})"));
} else {
Log::warning("* Guardian denied access to insert new " . $entityBP->getKey());
$responseNode->appendChild($dom->createElement("status", "error"));
$responseNode->appendChild($dom->createElement("message", "Access Denied"));
}
} catch (Exception $e) {
$responseNode->appendChild($dom->createElement("status", "error"));
$responseNode->appendChild($dom->createElement("message", "Caught Exception : " . $e->getMessage()));
}
}
} else {
