public function Authenticate($pageTypeUniqId, $root_url, $returnUrl)
{
if (isset($this->UserUniqId)) {
// members, contributors, and admin all have access to secured pages by default
if ($this->Role == 'Member' || $this->Role == 'Contributor' || $this->Role == 'Admin') {
return true;
} else {
// check permissions
if (Utilities::CanPerformAction($pageTypeUniqId, $this->CanView) == false) {
$this->Redirect($root_url, $returnUrl, '#invalid-permissions');
} else {
return true;
}
}
} else {
$this->Redirect($root_url, $returnUrl);
}
}
/**
* @method POST
*/
function post()
{
// get token
$token = Utilities::ValidateJWTToken(apache_request_headers());
// check if token is not null
if ($token != NULL) {
// get user
$user = User::GetByUserId($token->UserId);
$site = Site::GetBySiteId($token->SiteId);
// creates an access object
$access = Utilities::SetAccess($user);
parse_str($this->request->data, $request);
// parse request
$pageId = $request['pageId'];
// get page type
$content = $request['content'];
// get page type
$status = 'draft';
// get page and site
$page = Page::GetByPageId($pageId);
// make sure the user is part of the site (or is a superadmin)
if ($user['SiteId'] != $page['SiteId']) {
return new Tonic\Response(Tonic\Response::UNAUTHORIZED);
}
// default is root
$pageTypeId = -1;
$pageType = NULL;
// determine if file is in sub-direcotry
if ($page['PageTypeId'] != -1) {
$pageType = PageType::GetByPageTypeId($page['PageTypeId']);
// set page type
$pageTypeId = $pageType['PageTypeId'];
}
// get permissions
$canEdit = Utilities::CanPerformAction($pageTypeId, $access['CanEdit']);
$canPublish = Utilities::CanPerformAction($pageTypeId, $access['CanPublish']);
// check permissions to save a draft
if ($canEdit == true || $canPublish == true) {
// create a preview
$url = Publish::PublishPage($page['PageId'], true);
}
// strip leading '../' from string
$url = str_replace('../', '', $url);
$response = new Tonic\Response(Tonic\Response::OK);
$response->contentType = 'text/html';
$response->body = $url;
return $response;
} else {
// unauthorized access
return new Tonic\Response(Tonic\Response::UNAUTHORIZED);
}
}
/**
* @method POST
*/
function unpublish($pageUniqId)
{
// get an authuser
$authUser = new AuthUser();
if (isset($authUser->UserUniqId)) {
// check if authorized
// get page
$page = Page::GetByPageUniqId($pageUniqId);
// make sure the user is part of the site (or is a superadmin)
if ($authUser->IsSuperAdmin == false && $authUser->SiteId != $page['SiteId']) {
return new Tonic\Response(Tonic\Response::UNAUTHORIZED);
}
// delete page
$site = Site::GetBySiteId($page['SiteId']);
$filename = '../sites/' . $site['FriendlyId'] . '/';
// default is root
$pageTypeUniqId = -1;
// get $pageTypeUniqId
if ($page['PageTypeId'] != -1) {
$pageType = PageType::GetByPageTypeId($page['PageTypeId']);
$filename .= strtolower($pageType['FriendlyId']) . '/';
$pageTypeUniqId = $pageType['PageTypeUniqId'];
}
// check permissions
if (Utilities::CanPerformAction($pageTypeUniqId, $authUser->CanPublish) == false) {
return new Tonic\Response(Tonic\Response::UNAUTHORIZED);
}
// set active
Page::SetIsActive($pageUniqId, 0);
// remove file
$filename = $filename . $page['FriendlyId'] . '.php';
if (file_exists($filename)) {
unlink($filename);
}
// return a json response
$response = new Tonic\Response(Tonic\Response::OK);
} else {
// unauthorized access
return new Tonic\Response(Tonic\Response::UNAUTHORIZED);
}
}
/**
* @method GET
*/
function get()
{
// get token
$token = Utilities::ValidateJWTToken(apache_request_headers());
// check if token is not null
if ($token != NULL) {
$siteId = $token->SiteId;
// get user
$user = User::GetByUserId($token->UserId);
// creates an access object
$access = Utilities::SetAccess($user);
// get pagetype
$list = PageType::GetPageTypes($siteId);
// allowed
$allowed = array();
// create a root element in the array
$root = array('FriendlyId' => '', 'IsSecure' => 0, 'LastModifiedBy' => NULL, 'LastModifiedDate' => NULL, 'Layout' => 'content', 'PageTypeId' => -1, 'PageTypeId' => -1, 'SiteId' => -1, 'Stylesheet' => 'content');
// return the entire list for all access
if ($access['CanAccess'] == 'All') {
$allowed = $list;
array_unshift($allowed, $root);
} else {
foreach ($list as $row) {
$pageTypeId = $row['PageTypeId'];
if (Utilities::CanPerformAction('root', $access['CanAccess']) != false) {
array_push($allowed, $root);
}
//print('$pageTypeId='.$pageTypeId.' access='.$access['CanAccess']);
// check permissions
if (Utilities::CanPerformAction($pageTypeId, $access['CanAccess']) != false) {
array_push($allowed, $row);
}
}
}
// return a json response
$response = new Tonic\Response(Tonic\Response::OK);
$response->contentType = 'application/json';
$response->body = json_encode($allowed);
return $response;
} else {
// unauthorized access
return new Tonic\Response(Tonic\Response::UNAUTHORIZED);
}
}
/**
* @method GET
*/
function get()
{
// get an authuser
$authUser = new AuthUser();
if (isset($authUser->UserUniqId)) {
// check if authorized
$siteId = $authUser->SiteId;
// get pagetype
$list = PageType::GetPageTypes($siteId);
// allowed
$allowed = array();
// return the entire list for all access
if ($authUser->Access == 'All') {
$allowed = $list;
} else {
foreach ($list as $row) {
$pageTypeUniqId = $row['PageTypeUniqId'];
// check permissions
if (Utilities::CanPerformAction($pageTypeUniqId, $authUser->Access) !== false) {
array_push($allowed, $row);
}
}
}
// return a json response
$response = new Tonic\Response(Tonic\Response::OK);
$response->contentType = 'application/json';
$response->body = json_encode($allowed);
return $response;
} else {
// unauthorized access
return new Tonic\Response(Tonic\Response::UNAUTHORIZED);
}
}
