public function __construct(KConfigInterface $config)
{
parent::__construct($config);
if (KRequest::type() == 'AJAX' && KRequest::method() == 'POST') {
$this->unregisterCallback('after.dispatch', array($this, 'forward'));
}
}
protected function _initialize($config)
{
$config->append(array('request' => array('sort' => 'created_on', 'direction' => 'desc')));
if (KRequest::method() != 'GET') {
$config->request->append(array('id' => KRequest::get('post.id', 'int')));
}
parent::_initialize($config);
}
public function canAdd()
{
$itemid = $this->getRequest()->Itemid;
$page = $this->getService('com://site/docman.model.pages')->id($itemid)->getItem();
$view = $this->getView()->getName();
$page_view = $page->query['view'];
// We only allow these views to have an edit form/add something
if (!in_array($page_view, array('list', 'document', 'submit'))) {
return false;
}
// User could pass through Joomla menu access checks, so has access
if ($page->query['view'] === 'submit') {
return true;
}
// If a POST request is made, we need to be sure it's for a document controller
if (KRequest::method() !== KHttpRequest::GET
&& !in_array($this->getMixer()->getIdentifier()->name, array('document', 'submit'))) {
return false;
}
if ($page_view === 'list')
{
// canAdd is being run on a GET request to determine if we should show the add button
if (KRequest::method() === KHttpRequest::GET)
{
// If we are on a certain category make sure user can add something here
if ($view === 'list' && $this->getRequest()->slug) {
$category = $this->getModel()->getItem();
return (!$category->isAclable() || $category->canPerform('add'));
}
$authorized_categories = $this->getAuthorisedCategories(array('core.create'));
if ($page->children) {
// make sure user can add something to at least one category
return (bool) array_intersect($authorized_categories, $page->children);
}
else {
// top level category link, return true if user can add something to any category
return (bool) count($authorized_categories);
}
}
else {
// POSTing a new document
// Can only add something to a category reachable by the menu item
if ($page->children && !in_array($this->_context->data->docman_category_id, $page->children)) {
return false;
}
}
}
return parent::canAdd();
}
protected function _initialize(KConfig $config)
{
if (JFactory::getUser()->guest) {
if (KRequest::method() == KHttpRequest::GET) {
//Force the view to prevent a redirect
KRequest::set('get.view', 'login');
$config->controller = 'login';
}
}
parent::_initialize($config);
}
protected function _actionDispatch(KCommandContext $context)
{
if (KRequest::method() == KHttpRequest::GET) {
$view = KRequest::get('get.view', 'cmd', $this->_controller);
if ($view == 'modules' && !KRequest::has('get.application')) {
$url = clone KRequest::url();
$url->query['application'] = 'site';
JFactory::getApplication()->redirect($url);
}
}
return parent::_actionDispatch($context);
}
/**
* Check the token to prevent CSRF exploits
*
* @param object The command context
* @return boolean Returns FALSE if the check failed. Otherwise TRUE.
*/
protected function _checkToken(KCommandContext $context)
{
//Check the token
if ($context->caller->isDispatched()) {
$method = KRequest::method();
//Only check the token for PUT, DELETE and POST requests
if ($method != KHttpRequest::GET && $method != KHttpRequest::OPTIONS) {
if (KRequest::token() !== JUtility::getToken()) {
return false;
}
}
}
return true;
}
/**
* @see KDispatcherAbstract::_actionDispatch()
*/
protected function _actionDispatch(KCommandContext $context)
{
$identifier = clone $this->getIdentifier();
$identifier->name = 'aliases';
$identifier->path = array();
//Load the component aliases
$this->getService('koowa:loader')->loadIdentifier($identifier);
//if a command line the either do get or
//post depending if there are any action
if (PHP_SAPI == 'cli') {
$method = KRequest::get('post.action', 'cmd', 'get');
} elseif (file_exists(JPATH_COMPONENT . '/' . $this->getIdentifier()->package . '.php') || file_exists(JPATH_COMPONENT . '/' . 'admin.' . $this->getIdentifier()->package . '.php')) {
$method = 'renderlegacy';
} else {
$method = strtolower(KRequest::method());
}
$result = $this->execute($method, $context);
return $result;
}
/**
* Get the action
*
* @return string The action to dispatch
*/
public function getAction()
{
//For none GET requests get the action based on action variable or request method
if (KRequest::method() != KHttpRequest::GET) {
$action = KRequest::get('post.action', 'cmd', strtolower(KRequest::method()));
} else {
$action = $this->getController()->getAction();
}
return $action;
}
/**
* Check the token to prevent CSRF exploits
*
* @param object The command context
* @return boolean Returns FALSE if the check failed. Otherwise TRUE.
*/
protected function _checkToken(KCommandContext $context)
{
//Check the token
if ($context->caller->isDispatched()) {
$method = KRequest::method();
//Only check the token for PUT, DELETE and POST requests
if ($method != KHttpRequest::GET && $method != KHttpRequest::OPTIONS) {
$token = version_compare(JVERSION, '3.0', 'ge') ? JSession::getFormToken() : JUtility::getToken();
if (KRequest::token() !== $token) {
return false;
}
}
}
return true;
}
/**
* Load the site
*
* This function checks if the site exists in the request, or in the session. If not it
* falls back on the default site.
*
* @param string $site The name of the site to load
* @return void
* @throws KException If the site could not be found
* @since Nooku Server 0.7
*/
protected function _loadSite($default)
{
$method = strtolower(KRequest::method());
if (KRequest::has($method . '.site')) {
$site = KRequest::get($method . '.site', 'cmd');
} else {
$site = JFactory::getSession()->get('site', $default);
}
parent::_loadSite($site);
}
/**
* Load the site
*
* This function checks if the site exists in the request, it not it tries
* to get the site form the url falling back on the default is no site was
* found
*
* @param string $site The name of the site to load
* @return void
* @throws KException If the site could not be found
* @since Nooku Server 0.7
*/
protected function _loadSite($site)
{
$method = strtolower(KRequest::method());
if(!KRequest::has($method.'.site'))
{
$uri = clone(JURI::getInstance());
$path = trim(str_replace(array(JURI::base(true)), '', $uri->getPath()), '/');
$path = trim(str_replace('index.php', '', $path), '/');
$segments = array();
if(!empty($path)) {
$segments = explode('/', $path);
}
if(!empty($segments))
{
// Check if the site exists
if(KFactory::get('com://admin/sites.model.sites')->getList()->find($segments[0])) {
$site = array_shift($segments);
}
}
}
else $site = KRequest::get($method.'.site', 'cmd');
parent::_loadSite($site);
}
/**
* Check the token
*
* @return boolean Returns FALSE if the token is not valid or the session timed-out.
*/
public function checkToken()
{
if (KRequest::method() != KHttpRequest::GET) {
if (KRequest::token() !== JUtility::getToken()) {
return false;
}
}
return true;
}
/**
* Dispatch the controller
*
* @param object A command context object
* @return mixed
*/
protected function _actionDispatch(KCommandContext $context)
{
$action = KRequest::get('post.action', 'cmd', strtolower(KRequest::method()));
if (KRequest::method() != KHttpRequest::GET) {
$context->data = KRequest::get(strtolower(KRequest::method()), 'raw');
}
$result = $this->getController()->execute($action, $context);
return $result;
}
/**
* Return if the request is put.
*
* @return bool
*/
public function getMethod()
{
return KRequest::method();
}
/**
* Get the real action that is was/will be performed relevant for acl checks.
*
* @return string Action name
*/
public function getRealAction()
{
$action = $this->getAction();
if (empty($action)) {
switch (KRequest::method()) {
case 'GET':
//Determine if the action is browse or read based on the view information
$view = KRequest::get('get.view', 'cmd');
$action = KInflector::isPlural($view) ? 'browse' : 'read';
break;
case 'POST':
//If an action override exists in the post request use it
if (!($action = KRequest::get('post.action', 'cmd'))) {
$action = 'add';
}
break;
case 'PUT':
$action = 'edit';
break;
case 'DELETE':
$action = 'delete';
break;
}
}
if ($action == 'apply') {
$action = 'save';
}
if ($action == 'save') {
$action = (bool) KRequest::get('get.id', 'int') ? 'edit' : 'add';
}
return $action;
}
