| [ Index ] |
|
Code source de LifeType 1.2.4 |
1 <?php 2 3 lt_include( PLOG_CLASS_PATH."class/action/action.class.php" ); 4 lt_include( PLOG_CLASS_PATH."class/locale/locales.class.php" ); 5 lt_include( PLOG_CLASS_PATH."class/net/http/httpvars.class.php" ); 6 lt_include( PLOG_CLASS_PATH."class/template/templateservice.class.php" ); 7 lt_include( PLOG_CLASS_PATH."class/misc/version.class.php" ); 8 lt_include( PLOG_CLASS_PATH."class/plugin/pluginmanager.class.php" ); 9 lt_include( PLOG_CLASS_PATH."class/template/cachecontrol.class.php" ); 10 lt_include( PLOG_CLASS_PATH."class/view/admin/admindefaultview.class.php" ); 11 lt_include( PLOG_CLASS_PATH."class/data/textfilter.class.php" ); 12 lt_include( PLOG_CLASS_PATH."class/dao/users.class.php" ); 13 14 /** 15 * @see AdminAction::requirePermission() 16 */ 17 define( "ADMIN_PERMISSION", 1 ); 18 define( "BLOG_PERMISSION", 2 ); 19 20 /** 21 * \ingroup Action 22 * 23 * In the same way BlogAction sets some predefined information to be available for every action 24 * for the public side of the blog, this one does the same but for the administrative interface. 25 * So far it fetches information from the session, such as the UserInfo and the BlogInfo objects 26 * so that they are available for every template. 27 * 28 * This is the most basic action for the admin interface and it allows all users to see them. If you 29 * need to create an action that can only be accessed by users with certain privileges, 30 * please use BlogOwnerAdminAction and SiteAdminAction. 31 * 32 * @see BlogOwnerAdminAction 33 * @see SiteAdminAction 34 */ 35 class AdminAction extends Action 36 { 37 38 var $_blogInfo; 39 var $_userInfo; 40 var $_session; 41 var $_config; 42 var $_locale; 43 var $_pm; 44 var $_userBlogs; 45 var $_permissions; 46 47 /** 48 * Constructor. 49 * 50 * @param actionInfo An ActionInfo object as provided by the constroller 51 * @param request A valid HTTP request 52 */ 53 function AdminAction( $actionInfo, $request ) 54 { 55 $this->Action( $actionInfo, $request ); 56 57 // permission stuff 58 $this->_permissions = Array(); 59 60 // get information about the session 61 $session = HttpVars::getSession(); 62 $this->_session = $session["SessionInfo"]; 63 64 $this->_config =& Config::getConfig(); 65 66 // get the information about the user and quit if we don't have it... 67 $this->_getUserInfo(); 68 if( empty( $this->_userInfo ) ) { 69 header( "HTTP/1.0 403 Forbidden" ); 70 print($this->mustAuthenticatePage()); 71 die(); 72 } 73 74 // do the same with the information about the blog 75 $this->_getBlogInfo(); 76 if( empty( $this->_blogInfo )) { 77 if( $this->_actionInfo->getActionParamValue() != "blogSelect" && 78 $this->_actionInfo->getActionParamValue() != "registerBlog" && 79 $this->_actionInfo->getActionParamValue() != "finishRegisterBlog" ) { 80 header( "HTTP/1.0 403 Forbidden" ); 81 print($this->mustAuthenticatePage()); 82 die(); 83 } 84 } 85 86 // prepare the plugin manager in case we'd like to throw events 87 $this->_pm =& PluginManager::getPluginManager(); 88 89 // fetch the site locale 90 $this->_locale =& $this->getLocale(); 91 92 $users =& new Users(); 93 $this->_userBlogs = $users->getUsersBlogs( $this->_userInfo->getId(), BLOG_STATUS_ACTIVE ); 94 // in case we're in "admin mode" (where administrators can log into anybody's blog), we should also 95 // display the current blog in the drop-down list on the top left corner, if only to make it clear to 96 // the user that this is another completely different blog 97 if( !empty( $this->_blogInfo ) && $this->_blogInfo->getOwnerId() != $this->_userInfo->getId() && $this->_userInfo->isSiteAdmin() ) { 98 $find = false; 99 foreach( $this->_userBlogs as $userBlog ) { 100 if( $userBlog->getId() == $this->_blogInfo->getId() ) { 101 $find = true; 102 break; 103 } 104 } 105 106 if( !$find ) { 107 $this->_userBlogs[] = $this->_blogInfo; 108 } 109 } 110 } 111 112 /** 113 * Retrieves the blogInfo object from the session 114 * @private 115 */ 116 function _getBlogInfo() 117 { 118 $session = HttpVars::getSession(); 119 $sessionInfo = $session["SessionInfo"]; 120 121 $this->_blogInfo = $sessionInfo->getValue( "blogInfo" ); 122 } 123 124 /** 125 * Retrieves the userInfo object from the session 126 * @private 127 */ 128 function _getUserInfo() 129 { 130 $session = HttpVars::getSession(); 131 $sessionInfo = $session["SessionInfo"]; 132 $this->_userInfo = $sessionInfo->getValue("userInfo"); 133 } 134 135 /** 136 * sets the default locale, in case we want to send localized messages to the user. 137 * @private 138 */ 139 function &getLocale() 140 { 141 // don't like this so much... 142 if( !empty( $this->_blogInfo ) ) { 143 $this->_blogSettings = $this->_blogInfo->getSettings(); 144 //$locale =& Locales::getLocale( $this->_blogSettings->getValue("locale")); 145 $locale =& $this->_blogInfo->getLocale(); 146 } 147 else { 148 $locale =& Locales::getLocale( $this->_config->getValue("default_locale")); 149 } 150 151 return $locale; 152 } 153 154 /** 155 * Adds some common data to the view. this function must be manually called once 156 * we've set up a view. 157 * 158 * @param copyFormValues 159 * @see Action::setCommonData() 160 */ 161 function setCommonData( $copyFormValues = false ) 162 { 163 parent::setCommonData( $copyFormValues ); 164 165 // initialiaze plugins 166 $this->_pm->setBlogInfo( $this->_blogInfo ); 167 $this->_pm->setUserInfo( $this->_userInfo ); 168 $this->_pm->getPlugins(); 169 170 $this->_view->setValue( "user", $this->_userInfo ); 171 $this->_view->setValue( "userBlogs", $this->_userBlogs); 172 $this->_view->setUserInfo( $this->_userInfo ); 173 $this->_view->setValue( "blog", $this->_blogInfo ); 174 if( $this->_blogInfo ) 175 $this->_view->setValue( "blogsettings", $this->_blogInfo->getSettings()); 176 $this->_view->setValue( "op", $this->_actionInfo->_actionParamValue ); 177 $this->_view->setValue( "locale", $this->_locale ); 178 $this->_view->setValue( "config", $this->_config ); 179 } 180 181 /** 182 * Saves the session data 183 * @private 184 */ 185 function saveSession() 186 { 187 if( !empty( $this->_blogInfo ) ) 188 $this->_session->setValue( "blogId", $this->_blogInfo->getId() ); 189 if( !empty( $this->_userInfo ) ) 190 $this->_session->setValue( "userInfo", $this->_userInfo ); 191 //$_SESSION["SessionInfo"] = $this->_session; 192 $session = HttpVars::getSession(); 193 $session["SessionInfo"] = $this->_session; 194 HttpVars::setSession( $session ); 195 } 196 197 /** 198 * Generates a page which shows an "access forbidden" message, prompting the user to 199 * authenticate first using the login page. 200 * @private 201 */ 202 function mustAuthenticatePage() 203 { 204 $locale = $this->getLocale(); 205 $config =& Config::getConfig(); 206 $destinationUrl = $config->getValue( "logout_destination_url", "" ); 207 if( $destinationUrl == "" ) { 208 $view = new AdminDefaultView(); 209 } 210 else { 211 // nothing else to do, just redirect the browser once we've cleaned up the session 212 lt_include( PLOG_CLASS_PATH."class/view/redirectview.class.php" ); 213 $view = new RedirectView( $destinationUrl ); 214 } 215 $view->setErrorMessage( $locale->tr("error_access_forbidden" )); 216 217 return $view->render(); 218 } 219 220 /** 221 * centralized way of throwing events, it also adds some useful information so that 222 * child classes do not have to do it 223 * 224 * @param eventType 225 * @param params 226 * 227 * @see PluginManager::notifyEvent() 228 */ 229 function notifyEvent( $eventType, $params = Array()) 230 { 231 $params[ "from" ] = $this->_actionInfo->getActionParamValue(); 232 $params[ "request" ] = $this->_request; 233 234 return $this->_pm->notifyEvent( $eventType, $params ); 235 } 236 237 /** 238 * Returns true if the user has the requested permission (in the given mode) 239 * or false otherwise 240 * 241 * @param permName Name of the permission 242 * @param mode Either BLOG_PERMISSION or ADMIN_PERMISSION, depending on whether 243 * we're checking the user's permissions in this blog or an admin permission 244 */ 245 function userHasPermission( $permName, $mode = BLOG_PERMISSION ) 246 { 247 // check for the permission, whether the user is the blog owner or 248 // whether the user is a site administrator 249 $hasPermission = false; 250 if( $mode == BLOG_PERMISSION ) { 251 $hasPermission = ( 252 $this->_userInfo->hasPermissionByName( $permName, $this->_blogInfo->getId()) || 253 $this->_blogInfo->getOwnerId() == $this->_userInfo->getId() || 254 $this->_userInfo->hasPermissionByName( "edit_blog_admin_mode", 0 ) 255 ); 256 } 257 else { 258 $hasPermission = ( $this->_userInfo->hasPermissionByName( $permName, 0 )); 259 } 260 261 return( $hasPermission ); 262 } 263 264 /** 265 * tbd 266 */ 267 function canPerform() 268 { 269 foreach( $this->getRequiredPermissions() as $permData ) { 270 if( !$this->userHasPermission( $permData["perm"], $permData["mode"] )) 271 return( false ); 272 } 273 274 return( true ); 275 } 276 277 /** 278 * This method should be called by action classes to specify 279 * what kind of permission is required to execute the current action. 280 * 281 * @param perm The name of the permission, given as a string 282 * @param mode Either ADMIN_PERMISSION if the permission is an admin permission 283 * or BLOG_PERMISSION if the permission is a blog permission 284 */ 285 function requirePermission( $perm, $mode = BLOG_PERMISSION ) 286 { 287 $this->_permissions[] = Array( "perm" => $perm, "mode" => $mode ); 288 } 289 290 /** 291 * Informs the action that the given admin permission is required 292 * 293 * @param perm An admin permission 294 * @see requireAdminPermission 295 */ 296 function requireAdminPermission( $perm ) 297 { 298 $this->_permissions[] = Array( "perm" => $perm, "mode" => ADMIN_PERMISSION ); 299 } 300 301 /** 302 * tbd 303 */ 304 function getRequiredPermissions() 305 { 306 return( $this->_permissions ); 307 } 308 } 309 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Mon Nov 26 21:04:15 2007 | par Balluche grâce à PHPXref 0.7 |
|
|