public function executeUpload(sfWebRequest $request) { $language = LanguageTable::getInstance()->find($request->getParameter('id')); /* @var $language Language */ if (!$language) { return $this->notFound(); } if ($request->getPostParameter('csrf_token') == UtilCSRF::gen('language_upload', $language->getId())) { $this->ajax()->setAlertTarget('#upload', 'append'); $file = $request->getFiles('file'); if ($file && $file['tmp_name']) { $parser = new sfMessageSource_XLIFF(); if ($parser->loadData($file['tmp_name'])) { $dir = dirname($language->i18nFileWidget()); if (!file_exists($dir)) { mkdir($dir); } move_uploaded_file($file['tmp_name'], $language->i18nFileWidget()); $language->i18nCacheWidgetClear(); return $this->ajax()->alert('Language file updated.', '', null, null, false, 'success')->render(true); } return $this->ajax()->alert('File invalid.', '', null, null, false, 'error')->render(true); } return $this->ajax()->alert('Upload failed.', '', null, null, false, 'error')->render(true); } return $this->notFound(); }
public function executeMembers() { $this->petition_rights_list = PetitionRightsTable::getInstance()->queryByPetition($this->petition)->execute(); $this->admin = $this->petition->isMemberEditable($this->getGuardUser()); if (isset($this->no_admin) && $this->no_admin) { $this->admin = false; } $this->csrf_token = UtilCSRF::gen('action_members'); $this->become_admin = !$this->getGuardUser()->isPetitionAdmin($this->petition) && $this->petition->getCampaign()->getBecomePetitionAdmin(); if ($this->become_admin) { $this->csrf_token_admin = UtilCSRF::gen('action_join_admin'); } }
public function executeList() { $page = isset($this->page) ? $this->page : 1; if (isset($this->petition)) { $this->form = new FilterWidgetForm(); $this->form->bindSelf('p' . $this->petition->getId()); $this->widgets = new policatPager(WidgetTable::getInstance()->queryByPetition($this->petition), $page, 'widget_pager_petition', array('id' => $this->petition->getId()), true, 20, $this->form); } else { $this->form = new FilterWidgetForm(array(), array(FilterWidgetForm::WITH_CAMPAIGN => true, FilterWidgetForm::USER => $this->getGuardUser())); $this->form->bindSelf('all'); $this->widgets = new policatPager(WidgetTable::getInstance()->queryByUser($this->getGuardUser()), $page, 'widget_pager', array(), true, 20, $this->form); } $this->csrf_token = UtilCSRF::gen('widget_data_owner'); $this->csrf_token_revoke = UtilCSRF::gen('widget_revoke_data_owner'); }
function executeTodo() { $page = isset($this->page) ? $this->page : 1; $user = $this->getGuardUser(); if ($user) { $query = TicketTable::getInstance()->queryForUser($this->getGuardUser(), array(TicketTable::STATUS_NEW, TicketTable::STATUS_READ)); if (isset($this->campaign_id)) { $query->andWhere($query->getRootAlias() . '.campaign_id = ?', $this->campaign_id); } if (isset($this->petition_id)) { $query->andWhere($query->getRootAlias() . '.petition_id = ?', $this->petition_id); } $this->tickets = new policatPager($query, $page, 'ticket_todo', array(), true, 10); $this->csrf_token = UtilCSRF::gen('tickets'); } }
public function executeView(sfWebRequest $request) { $ticket = TicketTable::getInstance()->find($request->getParameter('id')); if (!$ticket) { return $this->notFound(); } if (!$this->hasTicketRight($ticket)) { return $this->ajax()->alert('You have no rights to handle this ticket.', 'Error', '#todo', 'append')->render(); } $csrf_token = in_array($ticket->getStatus(), array(TicketTable::STATUS_APPROVED, TicketTable::STATUS_DENIED)) ? null : UtilCSRF::gen('tickets'); return $this->ajax()->appendPartial('body', 'view', array('ticket' => $ticket, 'csrf_token' => $csrf_token, 'campaign_id' => $request->getGetParameter('campaign_id'), 'petition_id' => $request->getGetParameter('petition_id')))->modal('#ticket_view_modal')->render(); }
public function executeUndelete(sfWebRequest $request) { $id = $request->getParameter('id'); if (is_numeric($id)) { $campaign = CampaignTable::getInstance()->findById($id, true); /* @var $campaign Campaign */ if (!$campaign) { return $this->notFound('xx'); } } $csrf_token = UtilCSRF::gen('undelete_campaign', $campaign->getId()); if ($request->isMethod('post')) { if ($request->getPostParameter('csrf_token') != $csrf_token) { return $this->ajax()->alert('CSRF Attack detected, please relogin.', 'Error', '#campaign_undelete_modal .modal-body')->render(); } $campaign->setStatus(CampaignTable::STATUS_ACTIVE); $campaign->save(); return $this->ajax()->redirectRotue('campaign_edit_', array('id' => $campaign->getId()))->render(); } return $this->ajax()->appendPartial('body', 'undelete', array('id' => $id, 'name' => $campaign->getName(), 'csrf_token' => $csrf_token))->modal('#campaign_undelete_modal')->render(); }
public function executeWidgetval(sfWebRequest $request) { if ($request->hasParameter('code')) { $idcode = $request->getParameter('code'); if (is_string($idcode)) { $idcode = explode('-', trim($idcode)); } if (is_array($idcode) && count($idcode) === 2) { list($id, $code) = $idcode; $id = ltrim($id, '0 '); $widget = Doctrine_Core::getTable('Widget')->createQuery('w')->where('w.id = ?', $id)->leftJoin('w.PetitionText pt')->select('w.*, pt.id, pt.language_id')->fetchOne(); /* @var $widget Widget */ if (!empty($widget)) { // $this->lang = $widget->getPetitionText()->getLanguageId(); // $this->getContext()->getI18N()->setCulture($this->lang); // $this->getUser()->setCulture($this->lang); if ($code === $widget->getValidationData()) { $this->idcode = $id . '-' . $code; $this->id = $widget->getId(); if ($widget->getValidationStatus() == Widget::VALIDATION_STATUS_PENDING) { $widget->setValidationStatus(Widget::VALIDATION_STATUS_VERIFIED); $widget->save(); } if ($this->getUser()->isAuthenticated()) { if ($widget->getValidationStatus() != Widget::VALIDATION_STATUS_OWNER) { $this->csrf_token = UtilCSRF::gen('widgetval'); if ($request->isMethod('post')) { if ($request->getPostParameter('csrf_token') != $this->csrf_token) { return $this->ajax()->alert('CSRF Attack detected, please relogin.', 'Error')->render(); } $widget->setUser($this->getGuardUser()); $widget->setValidationStatus(Widget::VALIDATION_STATUS_OWNER); $widget->save(); return $this->ajax()->addClass('#connect a', 'disabled')->afterPartial('#connect', 'widget_link', array('id' => $widget->getId()))->alert('Successfully connected.', '', '#connect', 'after', false, 'success')->render(); } } } else { $storage = sfContext::getInstance()->getStorage(); if ($storage instanceof policatSessionStorage) { $storage->needSession(); } $this->getUser()->setAttribute(myUser::SESSION_WIDGETVAL_IDCODE, $this->idcode); $this->getUser()->setAttribute(myUser::SESSION_WIDGETVAL_ON, 0); } } } } } }
public function executeTruncate(sfWebRequest $request) { $target_list = $this->findTargetList(); /* @var $target_list MailingList */ if (!$target_list) { return $this->notFound(); } if (!$this->getGuardUser()->isTargetListMember($target_list, true)) { return $this->noAccess(); } $csrf_token = UtilCSRF::gen('truncate_target_list', $target_list->getId(), $this->getUser()->getUserId()); if ($request->isMethod('post')) { if ($request->getPostParameter('csrf_token') != $csrf_token) { return $this->ajax()->alert('CSRF Attack detected, please relogin.', 'Error', '#contact_truncate_modal .modal-body')->render(); } $id = $target_list->getId(); $target_list->getContact()->delete(); return $this->ajax()->remove('#contacts table tbody tr')->modal('#contact_truncate_modal', 'hide')->render(); } return $this->ajax()->appendPartial('body', 'truncate', array('id' => $target_list->getId(), 'name' => $target_list->getName(), 'csrf_token' => $csrf_token))->modal('#contact_truncate_modal')->render(); }
public function executeEditMembers(sfWebRequest $request) { $this->ajax()->setAlertTarget('#petition_members', 'after'); $petition = PetitionTable::getInstance()->findById($request->getParameter('id'), $this->userIsAdmin()); /* @var $petition Petition */ if (!$petition) { return $this->ajax()->alert('Action not found', 'Error')->render(); } if (!$petition->isMemberEditable($this->getGuardUser())) { return $this->ajax()->alert('You are not admin', 'Error')->render(); } if ($request->getPostParameter('csrf_token') !== UtilCSRF::gen('action_members')) { return $this->ajax()->alert('CSRF Attack detected, please relogin.', 'Error')->render(); } $ids = $request->getPostParameter('ids'); $method = $request->getPostParameter('method'); if (!in_array($method, array('block', 'member', 'admin'))) { return $this->ajax()->alert('Something is wrong.', 'Error')->render(); } $self = false; if (is_array($ids)) { foreach (PetitionRightsTable::getInstance()->queryByPetitionAndUsers($petition->getId(), $ids)->execute() as $petition_rights) { /* @var $petition_rights PetitionRights */ if ($this->isSelfUser($petition_rights->getUserId())) { $self = true; continue; } if ($method === 'block') { $petition_rights->setActive(0); } elseif ($method === 'member') { $petition_rights->setActive(1); $petition_rights->setMember(1); $petition_rights->setAdmin(0); } elseif ($method === 'admin') { $petition_rights->setActive(1); $petition_rights->setMember(1); $petition_rights->setAdmin(1); } $petition_rights->save(); } } $this->ajax()->replaceWithComponent('#petition_members', 'd_action', 'members', array('petition' => $petition)); if ($self) { $this->ajax()->alert('You can not edit yourself.', 'Error'); } return $this->ajax()->render(); }
public function executeMembers() { $this->campaign_rights_list = CampaignRightsTable::getInstance()->queryByCampaign($this->campaign)->execute(); $this->admin = $this->getGuardUser()->isCampaignAdmin($this->campaign); $this->csrf_token = UtilCSRF::gen('revoke', $this->campaign->getId()); }
public function executeMembers() { $this->target_list_rights_list = TargetListRightsTable::getInstance()->queryByTargetList($this->target_list)->execute(); $this->admin = $this->getGuardUser()->isCampaignAdmin($this->target_list->getCampaign()); $this->csrf_token = UtilCSRF::gen('target_list_members'); }
public function executeUnblock(sfWebRequest $request) { $id = $request->getParameter('id'); if (is_numeric($id)) { $user = sfGuardUserTable::getInstance()->find($id); /* @var $user sfGuardUser */ if (!$user) { return $this->notFound(); } } $csrf_token = UtilCSRF::gen('unblock_user', $user->getId()); if ($request->isMethod('post')) { if ($request->getPostParameter('csrf_token') != $csrf_token) { return $this->ajax()->alert('CSRF Attack detected, please relogin.', 'Error', '#user_unblock_modal .modal-body')->render(); } if (!$user->hasPermission(myUser::CREDENTIAL_USER)) { $user->addPermissionByName(myUser::CREDENTIAL_USER); } $user->state(Doctrine_Record::STATE_DIRTY); $user->save(); return $this->ajax()->redirectRotue('user_idx')->render(); } return $this->ajax()->appendPartial('body', 'unblock', array('id' => $id, 'name' => $user->getFullName(), 'csrf_token' => $csrf_token))->modal('#user_unblock_modal')->render(); }
public function executeDelete(sfWebRequest $request) { $id = $request->getParameter('id'); $signing = PetitionSigningTable::getInstance()->find($id); /* @var $signing PetitionSigning */ if (!$signing) { return $this->notFound(); } $user_id = $this->getUser()->getUserId(); if (!$user_id || $user_id != $signing->getPetition()->getCampaign()->getDataOwnerId()) { return $this->notFound(); } $csrf_token = UtilCSRF::gen('delete_signing', $signing->getId(), $user_id); if ($request->isMethod('post')) { if ($request->getPostParameter('csrf_token') != $csrf_token) { return $this->ajax()->alert('CSRF Attack detected, please relogin.', 'Error', '#signing_delete_modal .modal-body')->render(); } $signing->delete(); return $this->ajax()->remove('#signing_row_' . $id)->modal('#signing_delete_modal', 'hide')->render(); } return $this->ajax()->appendPartial('body', 'delete', array('id' => $id, 'name' => $signing->getComputedName(), 'csrf_token' => $csrf_token))->modal('#signing_delete_modal')->render(); }