public function after($response)
{
// If a response has been provided, just go with it
if (!is_null($response)) {
return $response;
}
// Populate the sidebar
$this->sidebar = \Admin::getSidebarConfig();
// Add assets
$this->data['assets'] = array('js' => \Arr::get($this->assets, 'js', array()), 'css' => \Arr::get($this->assets, 'css', array()));
// JSON encode the JS
$this->js['settings'] = $this->getSettings();
$this->data['js_data'] = json_encode($this->js);
// Info about the user
$user = \CMF\Auth::current_user();
$this->user = array('account' => '/admin/users/' . $user->id . '/edit', 'username' => $user->username, 'super_user' => $user->super_user);
// Some vital settings
$this->admin_title = \Lang::get('admin.title', array(), \Config::get("cmf.admin.title", ''));
$this->base_url = \Admin::$base;
$this->modules = \Config::get('cmf.admin.modules', false);
$this->current_module = \Admin::$current_module;
$this->current_class = \Admin::$current_class;
$this->dashboard_title = \Lang::get('admin.modules.' . \Admin::$current_module . '.title', array(), \Config::get('cmf.admin.modules.' . \Admin::$current_module . '.title', \Lang::get('admin.common.dashboard', array(), 'Dashboard')));
$this->headers['X-XSS-Protection'] = 0;
return \Response::forge(\View::forge($this->template, $this->data, false), $this->status, $this->headers);
}
/**
* Creates a log entry with the given data
* @param \CMF\Model\User $user User to log against
* @param \CMF\Model\Base $item Item to log against
* @param string $action The name of the action that has happened
* @param string $message An additional verbose message if required
* @return void
*/
public static function add($user = null, $item = null, $action = 'view', $message = '')
{
$log = array();
// Set the user info
if ($user === null) {
$user = \CMF\Auth::current_user();
}
if ($user !== null) {
$log['user_id'] = $user->id;
$log['user_type'] = get_class($user);
} else {
$log['user_id'] = $log['user_type'] = null;
}
// Set the item data
if ($item === null) {
$item = \CMF::currentModel();
}
if ($item !== null) {
$log['item_id'] = $item->id;
$log['item_type'] = get_class($item);
$log['item_label'] = strip_tags($item->display());
} else {
$log['item_id'] = $log['item_type'] = $log['item_label'] = null;
}
// Action and message
$log['action'] = $action;
$log['message'] = $message;
// Add the log
static::$logs_made[] = $log;
\DB::insert('logs')->columns(array('date', 'user_id', 'user_type', 'item_id', 'item_type', 'item_label', 'action', 'message'))->values(array(\Date::forge()->format('mysql'), $log['user_id'], $log['user_type'], $log['item_id'], $log['item_type'], $log['item_label'], $log['action'], $log['message']))->execute();
}
/**
* Creates a new session and API key
* @return array
*/
public function action_add()
{
$user_type = \Input::param('user_type') ?: 'Admin\\Model_User';
$scope = \Input::param('scope') ?: 'api';
if (\CMF\Auth::authenticate(\Input::post('username'), \Input::post('password'), $user_type)) {
// Purge old keys
$this->removeOldKeys();
// Find the logged in user and get an API key for it
$user = \CMF\Auth::current_user();
$key = $this->getKey($user, $user_type, $scope);
$user_data = $user->toArray();
unset($user_data['encrypted_password']);
return array('user' => $user_data, 'api_key' => $key->toArray());
}
throw new \HttpException('Invalid Login', \HttpException::UNAUTHORIZED);
}
/**
* Gets called from action_index() when a model is found to extend CMF\Model|Node
* @param string $class_name
* @return void
*/
public function treeView($class_name)
{
\Admin::setCurrentClass($class_name);
$metadata = $class_name::metadata();
// Create static items
\Admin::createStaticInstances($metadata);
// Add some context for the template
$this->plural = $class_name::plural();
$this->singular = $class_name::singular();
$this->icon = $class_name::icon();
// Get permissions
$can_create = \CMF\Auth::can('create', $class_name);
$can_edit = \CMF\Auth::can('edit', $class_name);
$can_delete = \CMF\Auth::can('delete', $class_name);
$can_manage = \CMF\Auth::can(array('view', 'edit'), 'CMF\\Model\\Permission');
$classes = array();
$classes[$class_name] = array('plural' => $this->plural, 'singular' => $this->singular, 'icon' => $this->icon, 'table_name' => $metadata->table['name'], 'can_create' => $can_create && $can_edit, 'can_edit' => $can_edit, 'can_delete' => $can_delete, 'superclass' => $class_name::superclass(), 'allowed_children' => $class_name::allowedChildren(), 'allowed_parents' => $class_name::allowedParents());
foreach ($metadata->subClasses as $sub_class) {
$subclass_metadata = $sub_class::metadata();
$classes[$sub_class] = array('static' => $sub_class::_static(), 'superlock' => $sub_class::superlock(), 'plural' => $sub_class::plural(), 'singular' => $sub_class::singular(), 'icon' => $sub_class::icon(), 'table_name' => $subclass_metadata->table['name'], 'can_create' => \CMF\Auth::can('create', $sub_class), 'can_edit' => \CMF\Auth::can('edit', $sub_class), 'can_delete' => \CMF\Auth::can('delete', $sub_class), 'superclass' => false, 'allowed_children' => $sub_class::allowedChildren(), 'allowed_parents' => $sub_class::allowedParents(), 'disallowed_children' => $sub_class::disallowedChildren(), 'disallowed_parents' => $sub_class::disallowedParents());
}
// Item-specific permissions
$user = \CMF\Auth::current_user();
$item_permissions = array();
$ids = array();
$excluded_ids = array();
$root_node = $class_name::getRootNode(true);
$repo = \D::manager()->getRepository($class_name);
$qb = $repo->getNodesHierarchyQueryBuilder($root_node);
$this->tree_errors = null;
$this->tree_is_valid = true;
// If we have URLs, join them to the query
if ($class_name::hasUrlField()) {
$qb->addSelect('url, alias')->leftJoin('node.url', 'url')->leftJoin('url.alias', 'alias');
}
$q = $qb->getQuery();
// Set the query hint if multi lingual!
if (\CMF\Doctrine\Extensions\Translatable::enabled()) {
$q->setHint(\Doctrine\ORM\Query::HINT_CUSTOM_OUTPUT_WALKER, 'Gedmo\\Translatable\\Query\\TreeWalker\\TranslationWalker');
}
//$tree = $this->processTreeNodes(\D::manager()->getRepository($class_name)->childrenHierarchy($root_node), $metadata, $ids);
$tree = $this->processTreeNodes($repo->buildTree($q->getArrayResult()), $metadata, $ids);
if (!$user->super_user) {
$permissions = \CMF\Model\Permission::select('item.id, item.action, item.resource, item.item_id')->leftJoin('item.roles', 'roles')->where("item.resource = '{$class_name}'")->andWhere("item.item_id IN(?1)")->andWhere("roles IN (?2)")->setParameter(1, $ids)->setParameter(2, $user->roles->toArray())->getQuery()->getArrayResult();
foreach ($permissions as $permission) {
$item_actions = isset($item_permissions[$permission['item_id']]) ? $item_permissions[$permission['item_id']] : array();
$item_actions[] = $permission['action'];
$item_permissions[$permission['item_id']] = $item_actions;
}
foreach ($item_permissions as $item_id => $item_actions) {
if (in_array('none', $item_actions) || count($item_actions) > 0 && !in_array('view', $item_actions)) {
$excluded_ids[] = $item_id;
}
}
$tree = $this->filterTreeNodes($tree, $excluded_ids);
} else {
$this->tree_errors = $repo->verify();
$this->tree_is_valid = $this->tree_errors === true;
}
// Import actions
$importMethods = $class_name::importMethods();
// Add more context for the template
$this->table_name = $metadata->table['name'];
$this->template = 'admin/item/tree.twig';
$this->superlock = $class_name::superlock();
$this->num_nodes = count($tree);
// Permissions
$this->can_create = $can_create && $can_edit;
$this->can_edit = $can_edit;
$this->can_delete = $can_delete;
$this->can_manage = $can_manage;
$this->can_import = !empty($importMethods) && $can_manage;
// Add the stuff for JS
$this->js['tree'] = $tree;
$this->js['item_permissions'] = $item_permissions;
$this->js['excluded_ids'] = $excluded_ids;
$this->js['classes'] = $classes;
$this->js['table_name'] = $metadata->table['name'];
$this->js['plural'] = $this->plural;
$this->js['singular'] = $this->singular;
$this->js['class_name'] = $class_name;
// Permissions for JS
$this->js['can_create'] = $can_create && $can_edit;
$this->js['can_edit'] = $can_edit;
$this->js['can_delete'] = $can_delete;
$this->js['can_manage'] = $can_manage;
}
