Autodoc
  • Namespace
  • Class
  • Tree

Namespaces

  • BlueTihi
    • Context
  • Brickrouge
    • Element
      • Nodes
    • Renderer
    • Widget
  • ICanBoogie
    • ActiveRecord
    • AutoConfig
    • CLDR
    • Composer
    • Core
    • Event
    • Exception
    • HTTP
      • Dispatcher
      • Request
    • I18n
      • Translator
    • Mailer
    • Modules
      • Taxonomy
        • Support
      • Thumbnailer
        • Versions
    • Object
    • Operation
      • Dispatcher
    • Prototype
    • Routes
    • Routing
      • Dispatcher
    • Session
  • Icybee
    • ActiveRecord
      • Model
    • ConfigOperation
    • Document
    • EditBlock
    • Element
      • ActionbarContextual
      • ActionbarSearch
      • ActionbarToolbar
    • FormBlock
    • Installer
    • ManageBlock
    • Modules
      • Articles
      • Cache
        • Collection
        • ManageBlock
      • Comments
        • ManageBlock
      • Contents
        • ManageBlock
      • Dashboard
      • Editor
        • Collection
      • Files
        • File
        • ManageBlock
      • Forms
        • Form
        • ManageBlock
      • I18n
      • Images
        • ManageBlock
      • Members
      • Modules
        • ManageBlock
      • Nodes
        • ManageBlock
        • Module
      • Pages
        • BreadcrumbElement
        • LanguagesElement
        • ManageBlock
        • NavigationBranchElement
        • NavigationElement
        • Page
        • PageController
      • Registry
      • Search
      • Seo
      • Sites
        • ManageBlock
      • Taxonomy
        • Terms
          • ManageBlock
        • Vocabulary
          • ManageBlock
      • Users
        • ManageBlock
        • NonceLogin
        • Roles
      • Views
        • ActiveRecordProvider
        • Collection
        • View
    • Operation
      • ActiveRecord
      • Constructor
      • Module
      • Widget
    • Rendering
  • None
  • Patron
  • PHP

Classes

  • ActivateOperation
  • AvailableSitesBlock
  • ConfigBlock
  • ConfigOperation
  • DeactivateOperation
  • DeleteBlock
  • DeleteOperation
  • EditBlock
  • Hooks
  • IsUniqueOperation
  • LoginComboElement
  • LoginForm
  • LoginOperation
  • LogoutOperation
  • ManageBlock
  • Model
  • Module
  • OwnershipResolver
  • PermissionResolver
  • ProfileController
  • QueryOperationOperation
  • SaveOperation
  • UnlockLoginOperation
  • Update20131021
  • User
  • ViewProvider

Interfaces

  • OwnershipResolverInterface
  • PermissionResolverInterface

Traits

  • LoggedAtProperty

Exceptions

  • WebsiteAdminNotAccessible
  1 <?php
  2 
  3 /*
  4  * This file is part of the Icybee package.
  5  *
  6  * (c) Olivier Laviale <olivier.laviale@gmail.com>
  7  *
  8  * For the full copyright and license information, please view the LICENSE
  9  * file that was distributed with this source code.
 10  */
 11 
 12 namespace Icybee\Modules\Users;
 13 
 14 use ICanBoogie\ActiveRecord;
 15 use ICanBoogie\Core;
 16 use ICanBoogie\Debug;
 17 use ICanBoogie\HTTP\RedirectResponse;
 18 use ICanBoogie\HTTP\Request;
 19 use ICanBoogie\HTTP\Response;
 20 use ICanBoogie\Operation;
 21 use ICanBoogie\Operation\ProcessEvent;
 22 use ICanBoogie\PermissionRequired;
 23 use ICanBoogie\PropertyNotDefined;
 24 use ICanBoogie\Route;
 25 use ICanBoogie\SecurityException;
 26 use ICanBoogie\Session;
 27 
 28 use Icybee\AdminDecorator;
 29 use Icybee\DocumentDecorator;
 30 
 31 class Hooks
 32 {
 33     /*
 34      * Events
 35      */
 36 
 37     /**
 38      * Checks if the role to be deleted is used or not.
 39      *
 40      * @param BeforeProcessEvent $event
 41      * @param \Icybee\Modules\Users\Roles\DeleteOperation $operation
 42      */
 43     static public function before_roles_delete(Operation\BeforeProcessEvent $event, \Icybee\Modules\Users\Roles\DeleteOperation $operation)
 44     {
 45         global $core;
 46 
 47         $rid = $operation->key;
 48         $count = $core->models['users/has_many_roles']->filter_by_rid($rid)->count;
 49 
 50         if (!$count)
 51         {
 52             return;
 53         }
 54 
 55         $event->errors['rid'] = $event->errors->format('The role %name is used by :count users.', [ 'name' => $operation->record->name, ':count' => $count ]);
 56     }
 57 
 58     /**
 59      * Displays a login form on {@link SecurityException}.
 60      *
 61      * @param \ICanBoogie\Exception\RescueEvent $event
 62      * @param SecurityException $target
 63      */
 64     static public function on_security_exception_rescue(\ICanBoogie\Exception\RescueEvent $event, SecurityException $target)
 65     {
 66         global $core;
 67 
 68         $request = $event->request;
 69 
 70         if ($request->context->dispatcher instanceof \ICanBoogie\Operation\Dispatcher && $request->is_xhr)
 71         {
 72             return;
 73         }
 74 
 75         if ($target instanceof PermissionRequired || \ICanBoogie\Routing\decontextualize($request->normalized_path) != '/admin/')
 76         {
 77             \ICanBoogie\log_error($target->getMessage());
 78         }
 79 
 80         $block = $core->modules['users']->getBlock('connect');
 81 
 82         $document = new \Icybee\DocumentDecorator(new \Icybee\AdminDecorator($block));
 83         $document->body->add_class('page-slug-authenticate');
 84 
 85         $event->response = new Response((string) $document, $target->getCode(), [
 86 
 87             'Content-Type' => 'text/html; charset=utf-8'
 88 
 89         ]);
 90 
 91         $event->stop();
 92     }
 93 
 94     /**
 95      * Displays an _available websites_ form on {@link WebsiteAdminNotAccessible}.
 96      *
 97      * @param \ICanboogie\Exception\RescueEvent $event
 98      * @param WebsiteAdminNotAccessible $target
 99      */
100     static public function on_website_admin_not_accessible_rescue(\ICanboogie\Exception\RescueEvent $event, WebsiteAdminNotAccessible $target)
101     {
102         global $core;
103 
104         $block = $core->modules['users']->getBlock('available-sites');
105 
106         $document = new \Icybee\DocumentDecorator(new \Icybee\AdminDecorator($block));
107 
108         $event->response = new Response((string) $document, $target->getCode(), [
109 
110             'Content-Type' => 'text/html; charset=utf-8'
111 
112         ]);
113 
114         $event->stop();
115     }
116 
117     /**
118      * The {@link PermissionRequired} exception is thrown if a member attempts to enter the admin.
119      *
120      * Authenticated users who don't have access to the admin of a website are redirected to the
121      * `/admin/pofile/sites` URL, in which case the `response` property of the event is altered
122      * with a {@link RedirectResponse}.
123      *
124      * @param \ICanBoogie\HTTP\Dispatcher\BeforeDispatchEvent $event
125      * @param \ICanBoogie\HTTP\Dispatcher $target
126      *
127      * @throws PermissionRequired if a member attempt to enter the admin.
128      * @throws WebsiteAdminNotAccessible if a user attempts to access the admin of a website he
129      * doesn't have access to.
130      */
131     static public function before_routing_dispatcher_dispatch(\ICanBoogie\Routing\Dispatcher\BeforeDispatchEvent $event, \ICanBoogie\Routing\Dispatcher $target)
132     {
133         global $core;
134 
135         $path = $event->request->decontextualized_path;
136 
137         if (strpos($path, '/admin/') !== 0)
138         {
139             return;
140         }
141 
142         $user = $core->user;
143 
144         if ($user->is_guest || $user instanceof \Icybee\Modules\Members\Member)
145         {
146             throw new PermissionRequired();
147         }
148 
149         if ($user->language)
150         {
151             $core->locale = $user->language;
152         }
153 
154         if (strpos($path, '/admin/profile/sites') === 0)
155         {
156             return;
157         }
158 
159         $restricted_sites = null;
160 
161         try
162         {
163             $restricted_sites = $user->restricted_sites_ids;
164         }
165         catch (PropertyNotDefined $e)
166         {
167             throw $e;
168         }
169         catch (\Exception $e) { }
170 
171         if (!$restricted_sites || in_array($core->site_id, $restricted_sites))
172         {
173             return;
174         }
175 
176         throw new WebsiteAdminNotAccessible();
177     }
178 
179     /**
180      * Adds an info alert informing the user that the security was improved and he could benefit
181      * from it by entering its password again.
182      *
183      * @param ProcessEvent $event
184      * @param LoginOperation $target
185      */
186     static public function on_login(ProcessEvent $event, LoginOperation $target)
187     {
188         $user = $target->record;
189 
190         if ($user->has_legacy_password_hash)
191         {
192             \ICanBoogie\log_info('users.login.updated_security', [ '!url' => $user->url('profile') ]);
193         }
194     }
195 
196     /*
197      * Prototype methods
198      */
199 
200     /**
201      * Returns the user's identifier.
202      *
203      * This is the getter for the `$core->user_id` property.
204      *
205      * @param Core $core
206      *
207      * @return int|null Returns the identifier of the user or null if the user is a guest.
208      *
209      * @see \Icybee\Modules\Users\User::login()
210      */
211     static public function get_user_id(Core $core)
212     {
213         if (!Session::exists())
214         {
215             return;
216         }
217 
218         $session = $core->session;
219 
220         return isset($session->users['user_id']) ? $session->users['user_id'] : null;
221     }
222 
223     /**
224      * Returns the user object.
225      *
226      * If the user identifier can be retrieved from the session, it is used to find the
227      * corresponding user.
228      *
229      * If no user could be found, a guest user object is returned.
230      *
231      * This is the getter for the `$core->user` property.
232      *
233      * @param Core $core
234      *
235      * @return User The user object, or guest user object.
236      */
237     static public function get_user(Core $core)
238     {
239         $user = null;
240         $uid = $core->user_id;
241         $model = $core->models['users'];
242 
243         try
244         {
245             if ($uid)
246             {
247                 $user = $model[$uid];
248             }
249         }
250         catch (\Exception $e) {}
251 
252         if (!$user)
253         {
254             if (Session::exists())
255             {
256                 unset($core->session->users['user_id']);
257             }
258 
259             $user = new User($model);
260         }
261 
262         return $user;
263     }
264 
265     /**
266      * Returns a user permission resolver configurer with the `users` config.
267      *
268      * @param Core $core
269      *
270      * @return PermissionResolver
271      */
272     static public function get_user_permission_resolver(Core $core)
273     {
274         return new PermissionResolver($core->configs['users_permission_resolver_list']);
275     }
276 
277     /**
278      * Returns a user permission resolver configurer with the `users` config.
279      *
280      * @param Core $core
281      *
282      * @return OwnershipResolver
283      */
284     static public function get_user_ownership_resolver(Core $core)
285     {
286         return new OwnershipResolver($core->configs['users_ownership_resolver_list']);
287     }
288 
289     /**
290      * Checks if a user has a given permission.
291      *
292      * @param Core $core
293      * @param User $user
294      * @param string $permission
295      * @param string $target
296      */
297     static public function check_user_permission(Core $core, User $user, $permission, $target=null)
298     {
299         return $core->user_permission_resolver->__invoke($user, $permission, $target);
300     }
301 
302     /**
303      * Checks if a user has the ownership of a record.
304      *
305      * @param Core $core
306      * @param User $user
307      * @param ActiveRecord $record
308      */
309     static public function check_user_ownership(Core $core, User $user, ActiveRecord $record)
310     {
311         return $core->user_ownership_resolver->__invoke($user, $record);
312     }
313 
314     /**
315      * Resolves user ownership of a record.
316      *
317      * @param User $user
318      * @param ActiveRecord $record
319      *
320      * @return boolean|null `true` if the user identifier is 1, or the `uid` property of
321      * the record is not empty and it matches the user identifier. `null` otherwise.
322      */
323     static public function resolve_user_ownership(User $user, ActiveRecord $record)
324     {
325         $uid = $user->uid;
326 
327         if ($uid == 1 || (!empty($record->uid) && $record->uid == $uid))
328         {
329             return true;
330         }
331     }
332 
333     /*
334      * Markups
335      */
336 
337     static public function markup_form_login(array $args, $engine, $template)
338     {
339         $form = new LoginForm();
340 
341         return $template ? $engine($template, $form) : $form;
342     }
343 
344     /**
345      * Retrieves the current user.
346      *
347      * <pre>
348      * <p:user>
349      * <!-- Content: with-param*, template -->
350      * </p:user>
351      * </pre>
352      *
353      * @param array $args
354      * @param \Patron\Engine $engine
355      * @param array $template
356      */
357     static public function markup_user(array $args, $engine, $template)
358     {
359         global $core;
360 
361         return $engine($template, $core->user);
362     }
363 }
Autodoc API documentation generated by ApiGen 2.8.0