/** * Returns the group ids with access to front- or backend of a page * @param \Cx\Core\ContentManager\Model\Entity\Page $page Page to get the group ids of * @param boolean $frontend True for frontend access groups, false for backend * @return mixed Array of group ids or false on error * @throws PageGuardException */ public function getAssignedGroupIds($page, $frontend) { if ($frontend && !$page->isFrontendProtected()) { return array(); } if (!$frontend && !$page->isBackendProtected()) { return array(); } try { $accessId = $this->getAccessId($page, $frontend); } catch (PageGuardException $e) { // the selected page is listed as protected but does not have an access id. // this is probably due to a db inconsistency, which we should be able to handle gracefully: $accessId = \Permission::createNewDynamicAccessId(); if ($frontend && $accessId) { $page->setFrontendAccessId($accessId); } elseif (!$frontend && $accessId) { $page->setBackendAccessId($accessId); } else { // cannot create a new dynamic access id. throw new PageGuardException('This protected page doesn\'t have an access id associated with it. Contrexx encountered an error while generating a new access id.'); } Env::get('em')->persist($page); Env::get('em')->flush(); } return \Permission::getGroupIdsForAccessId($accessId); }
/** * Checks if this page can be displayed in frontend, redirects to login of not * @param \Cx\Core\ContentManager\Model\Entity\Page $page Page to check * @param int $history (optional) Revision of page to use, 0 means current, default 0 */ public function checkPageFrontendProtection($page, $history = 0) { global $sessionObj; $page_protected = $page->isFrontendProtected(); $pageAccessId = $page->getFrontendAccessId(); if ($history) { $pageAccessId = $page->getBackendAccessId(); } // login pages are unprotected by design $checkLogin = array($page); while (count($checkLogin)) { $currentPage = array_pop($checkLogin); if ($currentPage->getType() == \Cx\Core\ContentManager\Model\Entity\Page::TYPE_FALLBACK) { try { array_push($checkLogin, $this->getFallbackPage($currentPage)); } catch (ResolverException $e) { } } if ($currentPage->getModule() == 'Login') { return; } } // Authentification for protected pages if (($page_protected || $history || !empty($_COOKIE['PHPSESSID'])) && (!isset($_REQUEST['section']) || $_REQUEST['section'] != 'Login')) { if (empty($sessionObj)) { $sessionObj = \cmsSession::getInstance(); } $_SESSION->cmsSessionStatusUpdate('frontend'); if (\FWUser::getFWUserObject()->objUser->login()) { if ($page_protected) { if (!\Permission::checkAccess($pageAccessId, 'dynamic', true)) { $link = base64_encode(\Env::get('cx')->getRequest()->getUrl()->toString()); \Cx\Core\Csrf\Controller\Csrf::header('Location: ' . \Cx\Core\Routing\Url::fromModuleAndCmd('Login', 'noaccess', '', array('redirect' => $link))); exit; } } if ($history && !\Permission::checkAccess(78, 'static', true)) { $link = base64_encode(\Env::get('cx')->getRequest()->getUrl()->toString()); \Cx\Core\Csrf\Controller\Csrf::header('Location: ' . \Cx\Core\Routing\Url::fromModuleAndCmd('Login', 'noaccess', '', array('redirect' => $link))); exit; } } elseif (!empty($_COOKIE['PHPSESSID']) && !$page_protected) { unset($_COOKIE['PHPSESSID']); } else { if (isset($_GET['redirect'])) { $link = $_GET['redirect']; } else { $link = base64_encode(\Env::get('cx')->getRequest()->getUrl()->toString()); } \Cx\Core\Csrf\Controller\Csrf::header('Location: ' . \Cx\Core\Routing\Url::fromModuleAndCmd('Login', '', '', array('redirect' => $link))); exit; } } }
public function isFrontendProtected() { $this->_load(); return parent::isFrontendProtected(); }