/**
* Securely calls an action. Before the actual call, this handler will validate all parameters defined at the module.xml
* and check the user permissions.
*
* @param WebSoccer $website Current WebSoccer context.
* @param DbConnection $db Data base connection.
* @param I18n $i18n Messages context.
* @param string $actionId ID of action to validate and execute.
* @return string|NULL ID of page to display after the execution of this action or NULL if the current page shall be displayed.
* @throws Exception if action could not be found, a double-submit occured, access is denied, controller could not be found
* or if the executed controller has thrown an Exception.
*/
public static function handleAction(WebSoccer $website, DbConnection $db, I18n $i18n, $actionId)
{
if ($actionId == NULL) {
return;
}
// check double-submit
if (isset($_SESSION[DOUBLE_SUBMIT_CHECK_SESSIONKEY_ACTIONID]) && $_SESSION[DOUBLE_SUBMIT_CHECK_SESSIONKEY_ACTIONID] == $actionId && isset($_SESSION[DOUBLE_SUBMIT_CHECK_SESSIONKEY_TIME]) && $_SESSION[DOUBLE_SUBMIT_CHECK_SESSIONKEY_TIME] + DOUBLE_SUBMIT_CHECK_SECONDS > $website->getNowAsTimestamp()) {
throw new Exception($i18n->getMessage('error_double_submit'));
}
$actionConfig = json_decode($website->getAction($actionId), true);
$actionXml = ModuleConfigHelper::findModuleConfigAsXmlObject($actionConfig['module']);
// check permissions
$user = $website->getUser();
// is admin action
if (strpos($actionConfig['role'], 'admin') !== false) {
if (!$user->isAdmin()) {
throw new AccessDeniedException($i18n->getMessage('error_access_denied'));
}
} else {
// all other actions
$requiredRoles = explode(',', $actionConfig['role']);
if (!in_array($user->getRole(), $requiredRoles)) {
throw new AccessDeniedException($i18n->getMessage('error_access_denied'));
}
}
// validate parameters
$params = $actionXml->xpath('//action[@id = "' . $actionId . '"]/param');
$validatedParams = array();
if ($params) {
$validatedParams = self::_validateParameters($params, $website, $i18n);
}
$controllerName = $actionConfig['controller'];
// handle premium actions
if (isset($actionConfig['premiumBalanceMin']) && $actionConfig['premiumBalanceMin']) {
return self::_handlePremiumAction($website, $db, $i18n, $actionId, $actionConfig['premiumBalanceMin'], $validatedParams, $controllerName);
}
$actionReturn = self::_executeAction($website, $db, $i18n, $actionId, $controllerName, $validatedParams);
// create log entry
if (isset($actionConfig['log']) && $actionConfig['log'] && $website->getUser()->id) {
ActionLogDataService::createOrUpdateActionLog($website, $db, $website->getUser()->id, $actionId);
}
return $actionReturn;
}
if ($loggingEnabled) {
$loggingColumns = (string) $overviewConfig[0]->attributes()->loggingcolumns;
if (!strlen($loggingColumns)) {
throw new Exception($i18n->getMessage("entitylogging_nologgingcolumns"));
}
}
if (isset($_REQUEST['id'])) {
$id = (int) $_REQUEST['id'];
}
echo "<h1>" . $i18n->getMessage("entity_" . $entity) . "</h1>";
// remove alias
$tablePrefix = $website->getConfig("db_prefix") . "_";
$mainTable = $tablePrefix . $entityConfig[0]->attributes()->dbtable;
$spaceTablePos = strrpos($mainTable, " ");
$mainTableAlias = $spaceTablePos ? substr($mainTable, $spaceTablePos) . "." : "";
$dbTableWithoutPrefix = ModuleConfigHelper::removeAliasFromDbTableName($entityConfig[0]->attributes()->dbtable);
$dbTable = $tablePrefix . $dbTableWithoutPrefix;
// show overview by default
$showOverview = TRUE;
// process add/edit form action
if ($show == "add" || $show == "edit") {
$showOverview = FALSE;
$enableFileUpload = FALSE;
// field config
$fields = $entityConfig[0]->xpath("editform/field");
$formFields = array();
foreach ($fields as $field) {
$attrs = $field->attributes();
if ($show == "add" && (bool) $attrs["editonly"]) {
continue;
}
warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with OpenWebSoccer-Sim.
If not, see <http://www.gnu.org/licenses/>.
******************************************************/
if (isset($id) && $id) {
$del_id = array($id);
}
if ($admin["r_demo"]) {
throw new Exception($i18n->getMessage("error_access_denied"));
}
if (count($del_id)) {
$dependencies = ModuleConfigHelper::findDependentEntities($dbTableWithoutPrefix);
foreach ($del_id as $deleteId) {
// log action
if ($loggingEnabled) {
$result = $db->querySelect($loggingColumns, $dbTable, "id = %d", $deleteId);
$item = $result->fetch_array(MYSQLI_ASSOC);
$result->free();
logAdminAction($website, LOG_TYPE_DELETE, $admin["name"], $entity, json_encode($item));
}
// delete item
$db->queryDelete($dbTable, "id = %d", $deleteId);
foreach ($dependencies as $dependency) {
$fromTable = $website->getConfig("db_prefix") . "_" . $dependency["dbtable"];
$whereCondition = $dependency["columnid"] . " = %d";
if (strtolower($dependency["cascade"]) == "delete") {
$db->queryDelete($fromTable, $whereCondition, $deleteId);
