function action()
{
$s = owa_coreAPI::serviceSingleton();
// lookup method class
$do = $s->getApiMethodClass($this->getParam('do'));
if ($do) {
// check credentials
/* PERFORM AUTHENTICATION */
if (array_key_exists('required_capability', $do)) {
/* CHECK USER FOR CAPABILITIES */
if (!owa_coreAPI::isCurrentUserCapable($do['required_capability'])) {
// doesn't look like the currentuser has the necessary priviledges
owa_coreAPI::debug('User does not have capability required by this controller.');
// auth user
$auth =& owa_auth::get_instance();
$status = $auth->authenticateUser();
// if auth was not successful then return login view.
if ($status['auth_status'] != true) {
return 'This method requires authentication.';
} else {
//check for needed capability again now that they are authenticated
if (!owa_coreAPI::isCurrentUserCapable($do['required_capability'])) {
return 'Your user does not have privileges to access this method.';
}
}
}
}
//perform
$map = owa_coreAPI::getRequest()->getAllOwaParams();
echo owa_coreAPI::executeApiCommand($map);
}
}
/**
* Handles request from caller
*
*/
function doAction()
{
owa_coreAPI::debug('Performing Action: ' . get_class($this));
// check if the schema needs to be updated and force the update
// not sure this should go here...
if ($this->is_admin === true) {
// do not intercept if its the updatesApply action or a re-install else updates will never apply
$do = $this->getParam('do');
if ($do != 'base.updatesApply' && !defined('OWA_INSTALLING') && !defined('OWA_UPDATING')) {
if (owa_coreAPI::isUpdateRequired()) {
$this->e->debug('Updates Required. Redirecting action.');
$data = array();
$data['view_method'] = 'redirect';
$data['action'] = 'base.updates';
return $data;
}
}
}
/* Check validity of nonce */
if ($this->is_nonce_required == true) {
$nonce = $this->getParam('nonce');
if ($nonce) {
$is_nonce_valid = $this->verifyNonce($nonce);
}
if (!$nonce || !$is_nonce_valid) {
$this->e->debug('Nonce is not valid.');
$ret = $this->notAuthenticatedAction();
if (!empty($ret)) {
$this->post();
return $ret;
} else {
$this->post();
return $this->data;
}
}
}
/* CHECK USER FOR CAPABILITIES */
if (!owa_coreAPI::isCurrentUserCapable($this->getRequiredCapability())) {
owa_coreAPI::debug('User does not have capability required by this controller.');
// check to see if the user has already been authenticated
if (owa_coreAPI::isCurrentUserAuthenticated()) {
$this->authenticatedButNotCapableAction();
return $this->data;
}
/* PERFORM AUTHENTICATION */
$auth =& owa_auth::get_instance();
$status = $auth->authenticateUser();
// if auth was not successful then return login view.
if ($status['auth_status'] != true) {
$this->notAuthenticatedAction();
return $this->data;
} else {
//check for needed capability again now that they are authenticated
if (!owa_coreAPI::isCurrentUserCapable($this->getRequiredCapability())) {
$this->authenticatedButNotCapableAction();
//needed?
$this->set('go', urlencode(owa_lib::get_current_url()));
// needed? -- set auth status for downstream views
$this->set('auth_status', true);
return $this->data;
}
}
}
// TODO: These sets need to be removed and added to pre(), action() or post() methods
// in various concrete controller classes as they screw up things when
// redirecting from one controller to another.
// set auth status for downstream views
//$this->set('auth_status', true);
//set request params
$this->set('params', $this->params);
// set site_id
$this->set('site_id', $this->get('site_id'));
// set status msg - NEEDED HERE? doesnt owa_ view handle this?
if (array_key_exists('status_code', $this->params)) {
$this->set('status_code', $this->getParam('status_code'));
}
// get error msg from error code passed on the query string from a redirect.
if (array_key_exists('error_code', $this->params)) {
$this->set('error_code', $this->getParam('error_code'));
}
// check to see if the controller has created a validator
if (!empty($this->v)) {
// if so do the validations required
$this->v->doValidations();
//check for errors
if ($this->v->hasErrors === true) {
//print_r($this->v);
// if errors, do the errorAction instead of the normal action
$this->set('validation_errors', $this->getValidationErrorMsgs());
$ret = $this->errorAction();
if (!empty($ret)) {
$this->post();
return $ret;
} else {
$this->post();
return $this->data;
}
}
}
/* PERFORM PRE ACTION */
// often used by abstract descendant controllers to set various things
$this->pre();
/* PERFORM MAIN ACTION */
// need to check ret for backwards compatability with older
// controllers that donot use $this->data
$ret = $this->action();
if (!empty($ret)) {
$this->post();
return $ret;
} else {
$this->post();
return $this->data;
}
}
