/**
* Handle a request. This method is the starting point for all Dataface application requests.
* It will delegate the request to the appropriate handler.
* The order of delegation is as follows:
* 0. Uses the ActionTool to check permissions for the action. If permissions are not granted,
* dispatch the error handler. If permissions are granted then we continue down the delegation
* chain.
* 1. If the current table's delegate class defines a handleRequest() method, then call that.
* 2. If the current table's delegate class does not have a handleRequest() method or that method
* returns a PEAR_Error object with code E_DATAFACE_REQUEST_NOT_HANDLED, then check for a handler
* bearing the name of the action in one of the actions directories. Check the directories
* in the following order:
* a. <site url>/tables/<table name>/actions
* b. <site url>/actions
* b. <dataface url>/actions
* 3. If no handler can be found then use the default handler. The default handler can be quite
* powerful as it accepts the '-template' query parameter to use a specific template for display.
*/
function handleRequest($disableCache = false)
{
if (!$disableCache and @$_GET['-action'] != 'getBlob' and isset($this->_conf['_output_cache']) and @$this->_conf['_output_cache']['enabled'] and count($_POST) == 0) {
import('Dataface/OutputCache.php');
$oc = new Dataface_OutputCache($this->_conf['_output_cache']);
$oc->ob_start();
}
import('Dataface/ActionTool.php');
import('Dataface/PermissionsTool.php');
import('Dataface/Table.php');
$applicationDelegate = $this->getDelegate();
if (isset($applicationDelegate) and method_exists($applicationDelegate, 'beforeHandleRequest')) {
// Do whatever we need to do before the request is handled.
$applicationDelegate->beforeHandleRequest();
}
// Set up security filters
$query =& $this->getQuery();
$table = Dataface_Table::loadTable($query['-table']);
//$table->setSecurityFilter();
/*
* Set up some preferences for the display of the application.
* These can be overridden by the getPreferences() method in the
* application delegate class.
*/
if (isset($this->_conf['_prefs']) and is_array($this->_conf['_prefs'])) {
$this->prefs = array_merge($this->prefs, $this->_conf['_prefs']);
}
if (@$this->_conf['hide_nav_menu']) {
$this->prefs['show_tables_menu'] = 0;
}
if (@$this->_conf['hide_view_tabs']) {
$this->prefs['show_table_tabs'] = 0;
}
if (@$this->_conf['hide_result_controller']) {
$this->prefs['show_result_controller'] = 0;
}
if (@$this->_conf['hide_table_result_stats']) {
$this->prefs['show_result_stats'] = 0;
}
if (@$this->_conf['hide_search']) {
$this->prefs['show_search'] = 0;
}
if (!isset($this->prefs['disable_ajax_record_details'])) {
$this->prefs['disable_ajax_record_details'] = 1;
}
if ($query['-action'] == 'login_prompt') {
$this->prefs['no_history'] = 1;
}
if (isset($applicationDelegate) and method_exists($applicationDelegate, 'getPreferences')) {
$this->prefs = array_merge($this->prefs, $applicationDelegate->getPreferences());
}
// Check to make sure that this table hasn't been disallowed
$disallowed = false;
if (isset($this->_conf['_disallowed_tables'])) {
foreach ($this->_conf['_disallowed_tables'] as $name => $pattern) {
if ($pattern[0] == '/' and preg_match($pattern, $query['-table'])) {
$disallowed = true;
break;
} else {
if ($pattern == $query['-table']) {
$disallowed = true;
break;
}
}
}
}
if ($disallowed and isset($this->_conf['_allowed_tables'])) {
foreach ($this->_conf['_allowed_tables'] as $name => $pattern) {
if ($pattern[0] == '/' and preg_match($pattern, $query['-table'])) {
$disallowed = false;
break;
} else {
if ($pattern == $query['-table']) {
$disallowed = false;
break;
}
}
}
}
if ($disallowed) {
return Dataface_Error::permissionDenied(Dataface_LanguageTool::translate("Permission Denied. This table has been disallowed in the conf.ini file", "Permission denied because this table has been disallowed in the conf.ini file '"));
}
$actionTool = Dataface_ActionTool::getInstance();
//if ( $this->_conf['multilingual_content'] ){
//import('I18Nv2/I18Nv2.php');
//I18Nv2::autoConv();
//}
$params = array('table' => $query['-table'], 'name' => $query['-action']);
if (strpos($query['-action'], 'custom_') === 0) {
$action = array('name' => $query['-action'], 'page' => substr($query['-action'], 7), 'permission' => 'view', 'mode' => 'browse', 'custom' => true);
} else {
$action = $actionTool->getAction($params);
if (is_array($action) and @$action['related'] and @$query['-relationship'] and preg_match('/relationships\\.ini/', @$action['allow_override'])) {
// This action is to be performed on the currently selected relationship.
$raction = $table->getRelationshipsAsActions(array(), $query['-relationship']);
if (is_array($raction)) {
$action = array_merge($action, $raction);
}
}
if (is_array($action) and isset($action['delegate'])) {
$params['name'] = $query['-action'] = $action['delegate'];
$tmp = $actionTool->getActions($params);
unset($action);
$action =& $tmp;
unset($tmp);
}
if (is_array($action) and isset($action['auth_type'])) {
$authTool = $this->getAuthenticationTool();
$authTool->setAuthType($action['auth_type']);
}
}
if ((PEAR::isError($action) or !@$action['permission']) and $this->_conf['security_level'] >= DATAFACE_STRICT_PERMISSIONS) {
// The only reason getAction() will return an error is if the specified action could not be found.
// If the application is set to use strict permissions and no action was defined in the ini file
// then this action cannot be performed. Strict permissions mode requires that permissions be
// strictly set or permission will be denied.
return Dataface_Error::permissionDenied(Dataface_LanguageTool::translate("Permission Denied. No action found in strict permissions mode", "Permission denied for action '" . $query['-action'] . "'. No entry for this action was found in the actions.ini file. \n\t\t\t\t\tYou are currently using strict permissions mode which requires that you define all actions that you want to use in the actions.ini file with appropriate permissions information.", array('action' => $query['-action'])));
} else {
if (PEAR::isError($action)) {
$action = array('name' => $query['-action'], 'label' => $query['-action']);
}
}
// Step 1: See if the delegate class has a handler.
$delegate = $table->getDelegate();
$handled = false;
if (method_exists($delegate, 'handleRequest')) {
$result = $delegate->handleRequest();
if (PEAR::isError($result) and $result->getCode() === DATAFACE_E_REQUEST_NOT_HANDLED) {
$handled = false;
} else {
if (PEAR::isError($result)) {
return $result;
} else {
$handled = true;
}
}
}
if (isset($action['mode']) and $action['mode']) {
$query['-mode'] = $action['mode'];
}
// Step 2: Look to see if there is a handler defined
if (isset($action['custom'])) {
$locations = array(DATAFACE_PATH . '/actions/custom.php' => 'dataface_actions_custom');
} else {
$locations = array();
$locations[DATAFACE_SITE_PATH . '/tables/' . basename($query['-table']) . '/actions/' . basename($query['-action']) . '.php'] = 'tables_' . $query['-table'] . '_actions_' . $query['-action'];
$locations[DATAFACE_SITE_PATH . '/actions/' . basename($query['-action']) . '.php'] = 'actions_' . $query['-action'];
if (isset($this->_conf['_modules']) and count($this->_conf['_modules']) > 0) {
$mt = Dataface_ModuleTool::getInstance();
foreach ($this->_conf['_modules'] as $modname => $modpath) {
$mt->loadModule($modname);
if ($modpath[0] == '/') {
$locations[dirname($modpath) . '/actions/' . basename($query['-action']) . '.php'] = 'actions_' . $query['-action'];
} else {
$locations[DATAFACE_SITE_PATH . '/' . dirname($modpath) . '/actions/' . basename($query['-action']) . '.php'] = 'actions_' . $query['-action'];
$locations[DATAFACE_PATH . '/' . dirname($modpath) . '/actions/' . basename($query['-action']) . '.php'] = 'actions_' . $query['-action'];
}
}
}
$locations[DATAFACE_PATH . '/actions/' . basename($query['-action']) . '.php'] = 'dataface_actions_' . $query['-action'];
$locations[DATAFACE_PATH . '/actions/default.php'] = 'dataface_actions_default';
}
$doParams = array('action' => &$action);
//parameters to be passed to the do method of the handler
foreach ($locations as $handlerPath => $handlerClassName) {
if (is_readable($handlerPath)) {
import($handlerPath);
$handler = new $handlerClassName();
$params = array();
if (is_array($action) and @$action['related'] and @$query['-relationship']) {
$params['relationship'] = $query['-relationship'];
}
if (!PEAR::isError($action) and method_exists($handler, 'getPermissions')) {
// check the permissions on this action to make sure that we are 'allowed' to perform it
// this method will return an array of Strings that are names of permissions granted to
// the current user.
//echo "Checking permissions:";
//print_r($params);
$permissions = $handler->getPermissions($params);
//} else if ( $applicationDelegate !== null and method_exists($applicationDelegate, 'getPermissions') ){
// $permissions =& $applicationDelegate->getPermissions($params);
} else {
//print_r($params);
//print_r($action);
$permissions = $this->getPermissions($params);
}
if (isset($action['permission']) && !(isset($permissions[$action['permission']]) and $permissions[$action['permission']])) {
return Dataface_Error::permissionDenied(Dataface_LanguageTool::translate("Permission Denied for action.", "Permission to perform action '" . $action['name'] . "' denied. \n\t\t\t\t\t\t\tRequires permission '" . $action['permission'] . "' but only granted '" . Dataface_PermissionsTool::namesAsString($permissions) . "'.", array('action' => $action, 'permissions_granted' => Dataface_PermissionsTool::namesAsString($permissions))));
}
if (method_exists($handler, 'handle')) {
$result = $handler->handle($doParams);
if (PEAR::isError($result) and $result->getCode() === DATAFACE_E_REQUEST_NOT_HANDLED) {
continue;
}
return $result;
}
}
}
trigger_error(df_translate('scripts.Dataface.Application.handleRequest.NO_HANDLER_FOUND', "No handler found for request. This should never happen because, at the very least, the default handler at dataface/actions/default.php should be called. Check the permissions on dataface/actions/default.php to make sure that it is readable by the web server.") . Dataface_Error::printStackTrace(), E_USER_ERROR);
}
