/** * Get possible actions from Controller class. * Note! Code accelerator (eaccelerator, apc, xcache, etc ) should be disabled to get comment line. * Method returns only public methods that ends with "Action" * @param string $controllerName * @return array like array( * array( * 'name' => action name without "Action" postfix * 'comment'=> doc comment * ) * ) */ public static function getPossibleActions($controllerName) { $manager = new Backend_Modules_Manager(); $appCfg = Registry::get('main', 'config'); $designerConfig = Config::factory(Config::File_Array, $appCfg->get('configs') . 'designer.php'); $templates = $designerConfig->get('templates'); $reflector = new ReflectionClass($controllerName); if (!$reflector->isSubclassOf('Backend_Controller') && !$reflector->isSubclassOf('Frontend_Controller')) { return array(); } $actions = array(); $methods = $reflector->getMethods(ReflectionMethod::IS_PUBLIC); $url = array(); if ($reflector->isSubclassOf('Backend_Controller')) { $url[] = $templates['adminpath']; $url[] = $manager->getModuleName($controllerName); } elseif ($reflector->isSubclassOf('Frontend_Controller')) { if ($appCfg['frontend_router_type'] == 'module') { $module = self::_moduleByClass($controllerName); if ($module !== false) { $urlcode = Model::factory('Page')->getCodeByModule($module); if ($urlcode !== false) { $url[] = $urlcode; } } } elseif ($appCfg['frontend_router_type'] == 'path') { $paths = explode('_', str_replace(array('Frontend_'), '', $controllerName)); $pathsCount = count($paths) - 1; if ($paths[$pathsCount] === 'Controller') { $paths = array_slice($paths, 0, $pathsCount); } $url = array_merge($url, $paths); } elseif ($appCfg['frontend_router_type'] == 'config') { $urlCode = self::_moduleByClass($controllerName); if ($urlCode !== false) { $url[] = $urlCode; } } } if (!empty($methods)) { Request::setDelimiter($templates['urldelimiter']); Request::setRoot($templates['wwwroot']); foreach ($methods as $method) { if (substr($method->name, -6) !== 'Action') { continue; } $actionName = substr($method->name, 0, -6); $paths = $url; $paths[] = $actionName; $actions[] = array('name' => $actionName, 'code' => $method->name, 'url' => Request::url($paths, false), 'comment' => self::_clearDocSymbols($method->getDocComment())); } Request::setDelimiter($appCfg['urlDelimiter']); Request::setRoot($appCfg['wwwroot']); } return $actions; }
/** * Route request to the Controller * @return void */ public function route() { $cfg = Registry::get('backend', 'config'); $controller = $this->_request->getPart(1); $controller = Utils_String::formatClassName(Filter::filterValue('pagecode', $controller)); if (in_array('Backend_' . $controller . '_Controller', $cfg->get('system_controllers'))) { $controller = 'Backend_' . $controller . '_Controller'; } else { $manager = new Backend_Modules_Manager(); $controller = $manager->getModuleController($controller); if ($controller === false) { if (Request::isAjax()) { Response::jsonError(Lang::lang()->get('WRONG_REQUEST') . ' ' . Request::getInstance()->getUri()); } $controller = 'Backend_Index_Controller'; } } $this->runController($controller, $this->_request->getPart(2)); }
/** * Delete module */ public function deletemoduleAction() { $this->_checkCanEdit(); $module = Request::post('id', 'string', false); $removeRelated = Request::post('delete_related', 'boolean', false); $manager = new Backend_Modules_Manager(); $moduleName = $manager->getModuleName($module); if (!$module || !strlen($module) || !$manager->isValidModule($moduleName)) { Response::jsonError($this->_lang->WRONG_REQUEST); } $filesToDelete = array(); if ($removeRelated) { $item = $manager->getModuleConfig($moduleName); $classFile = './system/app/' . str_replace('_', '/', $item['class']) . '.php'; if (file_exists($classFile)) { $filesToDelete[] = $classFile; } if (!empty($item['designer'])) { if (file_exists($item['designer'])) { $filesToDelete[] = $item['designer']; } $crudJs = './js/app/system/crud/' . strtolower($manager->getModuleName($item['class'])) . '.js'; if (file_exists($crudJs)) { $filesToDelete[] = $crudJs; } $actionJs = './js/app/actions/' . strtolower($manager->getModuleName($item['class'])) . '.js'; if (file_exists($actionJs)) { $filesToDelete[] = $actionJs; } } } // check before deleting if (!empty($filesToDelete)) { $err = array(); foreach ($filesToDelete as $file) { if (!is_writable($file)) { $err[] = $file; } } if (!empty($err)) { Response::jsonError($this->_lang->CANT_WRITE_FS . "\n<br>" . implode(",\n<br>", $err)); } } $manager->removeModule($moduleName); if (!$manager->save()) { Response::jsonError($this->_lang->CANT_WRITE_FS . ' ' . $manager->getConfig()->getName()); } // try to delete if (!empty($filesToDelete)) { $err = array(); foreach ($filesToDelete as $file) { if (!unlink($file)) { $err[] = $file; } } if (!empty($err)) { Response::jsonError($this->_lang->CANT_WRITE_FS . "\n<br>" . implode(",\n<br>", $err)); } } Response::jsonSuccess(); }
/** * List permissions action */ public function permissionsAction() { $user = Request::post('user_id', 'int', 0); $group = Request::post('group_id', 'int', 0); $data = array(); if ($user && $group) { Response::jsonError($this->_lang->get('WRONG_REQUEST')); } if ($group) { $data = Model::factory('Permissions')->getGroupPermissions($group); } if (!empty($data)) { $data = Utils::rekey('module', $data); } $manager = new Backend_Modules_Manager(); $modules = $manager->getRegisteredModules(); foreach ($modules as $name) { if (!isset($data[$name])) { $data[$name] = array('module' => $name, 'view' => false, 'edit' => false, 'delete' => false, 'publish' => false); } } foreach ($data as $k => &$v) { $class = $manager->getModuleController($k); if (!class_exists($class)) { $v['rc'] = false; continue; } $reflector = new ReflectionClass($class); if ($reflector->isSubclassOf('Backend_Controller_Crud_Vc')) { $v['rc'] = true; } else { $v['rc'] = false; } } unset($v); Response::jsonSuccess(array_values($data)); }
/** * Check user permissions and authentication */ public function checkAuth() { $user = User::getInstance(); $uid = false; if ($user->isAuthorized()) { $uid = $user->id; } if (!$uid || !$user->isAdmin()) { if (Request::isAjax()) { Response::jsonError($this->_lang->MSG_AUTHORIZE); } else { $this->loginAction(); } } /* * Check CSRF token */ if ($this->_configBackend->get('use_csrf_token') && Request::hasPost()) { $csrf = new Security_Csrf(); $csrf->setOptions(array('lifetime' => $this->_configBackend->get('use_csrf_token_lifetime'), 'cleanupLimit' => $this->_configBackend->get('use_csrf_token_garbage_limit'))); if (!$csrf->checkHeader() && !$csrf->checkPost()) { $this->_errorResponse($this->_lang->MSG_NEED_CSRF_TOKEN); } } $this->_user = $user; $isSysController = in_array(get_called_class(), $this->_configBackend->get('system_controllers'), true); if ($isSysController) { return; } if (!$this->_user->canView($this->_module)) { $this->_errorResponse($this->_lang->CANT_VIEW); } $moduleManager = new Backend_Modules_Manager(); // $modules = Config::factory(Config::File_Array , $this->_configMain['backend_modules']); /* * Redirect for undefined module */ if (!$moduleManager->isValidModule($this->_module)) { $this->_errorResponse($this->_lang->WRONG_REQUEST); } $moduleCfg = $moduleManager->getModuleConfig($this->_module); /* * Redirect for disabled module */ if ($moduleCfg['active'] == false) { $this->_errorResponse($this->_lang->CANT_VIEW); } /* * Redirect for dev module at prouction */ if ($moduleCfg['dev'] && !$this->_configMain['development']) { $this->_errorResponse($this->_lang->CANT_VIEW); } }
protected function _prepareRecords($adminPass, $adminEmail, $adminName) { try { $toCleanModels = array(Model::factory('User'), Model::factory('Group'), Model::factory('Permissions'), Model::factory('Page')); foreach ($toCleanModels as $model) { $model->getDbConnection()->delete($model->table()); } // Add group $group = new Db_Object('Group'); $group->setValues(array('title' => $this->_dictionary['ADMINISTRATORS'], 'system' => true)); $group->save(true, false); $groupId = $group->getId(); // Add user $user = new Db_Object('user'); $user->setValues(array('name' => 'Admin', 'email' => $adminEmail, 'login' => $adminName, 'pass' => Utils::hash($adminPass), 'enabled' => true, 'admin' => true, 'registration_date' => date('Y-m-d H:i:s'), 'confirmation_code' => md5(date('Y-m-d H:i:s')), 'group_id' => $groupId, 'confirmed' => true, 'avatar' => '', 'registration_ip' => $_SERVER['REMOTE_ADDR'], 'last_ip' => $_SERVER['REMOTE_ADDR'], 'confirmation_date' => date('Y-m-d H:i:s'))); $userId = $user->save(false, false); if (!$userId) { return false; } // Add permissions $permissionsModel = Model::factory('Permissions'); $modulesManager = new Backend_Modules_Manager(); $modules = $modulesManager->getList(); foreach ($modules as $name => $config) { if (!$permissionsModel->setGroupPermissions($groupId, $name, true, true, true, true)) { return false; } } $u = User::getInstance(); $u->setId($userId); $u->setAuthorized(); // Add index Page $page = new Db_Object('Page'); $page->setValues(array('code' => 'index', 'is_fixed' => 1, 'html_title' => 'Index', 'menu_title' => 'Index', 'page_title' => 'Index', 'meta_keywords' => '', 'meta_description' => '', 'parent_id' => null, 'text' => '[Index page content]', 'func_code' => '', 'order_no' => 1, 'show_blocks' => true, 'published' => true, 'published_version' => 0, 'editor_id' => $userId, 'date_created' => date('Y-m-d H:i:s'), 'date_updated' => date('Y-m-d H:i:s'), 'author_id' => $userId, 'blocks' => '', 'theme' => 'default', 'date_published' => date('Y-m-d H:i:s'), 'in_site_map' => true, 'default_blocks' => true)); if (!$page->save(true, false)) { return false; } //404 Page $page = new Db_Object('Page'); $page->setValues(array('code' => '404', 'is_fixed' => 1, 'html_title' => 'Error 404. Page not found', 'menu_title' => '404', 'page_title' => 'We cannot find the page you are looking for.', 'meta_keywords' => '', 'meta_description' => '', 'parent_id' => null, 'text' => 'We cannot find the page you are looking for.', 'func_code' => '', 'order_no' => 2, 'show_blocks' => true, 'published' => true, 'published_version' => 0, 'editor_id' => $userId, 'date_created' => date('Y-m-d H:i:s'), 'date_updated' => date('Y-m-d H:i:s'), 'author_id' => $userId, 'blocks' => '', 'theme' => 'default', 'date_published' => date('Y-m-d H:i:s'), 'in_site_map' => false, 'default_blocks' => true)); if (!$page->save(true, false)) { return false; } //API Page $page = new Db_Object('Page'); $page->setValues(array('code' => 'api', 'is_fixed' => 1, 'html_title' => 'API [System]', 'menu_title' => 'API', 'page_title' => 'API [System]', 'meta_keywords' => '', 'meta_description' => '', 'parent_id' => null, 'text' => '', 'func_code' => 'api', 'order_no' => 3, 'show_blocks' => false, 'published' => true, 'published_version' => 0, 'editor_id' => $userId, 'date_created' => date('Y-m-d H:i:s'), 'date_updated' => date('Y-m-d H:i:s'), 'author_id' => $userId, 'blocks' => '', 'theme' => 'default', 'date_published' => date('Y-m-d H:i:s'), 'in_site_map' => false, 'default_blocks' => false)); if (!$page->save(true, false)) { return false; } return true; } catch (Exception $e) { return false; } }
/** * Reset modules cache */ public function resetCache() { self::$_classRoutes = false; Config::resetCache(); }