Mibew/mibew
1
0
Fork 0
mirror of https://github.com/Mibew/mibew.git synced 2025-02-07 16:24:43 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

Replace "operator/permissions.php" with a controller

Browse Source
This commit is contained in:
Dmitriy Simushev 2014-05-23 09:08:13 +00:00
parent e4cce9618e
commit c39131199d
11 changed files with 239 additions and 151 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
src/mibew/libs/classes/Mibew/Controller/Operator/AbstractController.php Normal file
View File

@ -0,0 +1,62 @@
<?php
/*
* Copyright 2005-2014 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
namespace Mibew\Controller\Operator;
use Mibew\Controller\AbstractController as BaseController;
use Symfony\Component\HttpFoundation\Request;
/**
* Provides a set of utility functions.
*/
abstract class AbstractController extends BaseController
{
/**
* Builds list of the operator tabs.
*
* @param Request $request Current request.
* @return array Tabs list. The keys of the array are tabs titles and the
* values are tabs URLs.
*/
protected function buildTabs(Request $request)
{
$tabs = array();
$route = $request->attributes->get('_route');
$operator_id = $request->attributes->get('operator_id', false);
$args = array('operator_id' => $operator_id);
if ($operator_id) {
$tabs[getlocal('page_agent.tab.main')] = ($route != 'operator_edit')
? $this->generateUrl('operator_edit', $args)
: '';
$tabs[getlocal('page_agent.tab.avatar')] = ($route != 'operator_avatar')
? $this->generateUrl('operator_avatar', $args)
: '';
$tabs[getlocal('page_agent.tab.groups')] = ($route != 'operator_groups')
? $this->generateUrl('operator_groups', $args)
: '';
$tabs[getlocal('page_agent.tab.permissions')] = ($route != 'operator_permissions')
? $this->generateUrl('operator_permissions', $args)
: '';
}
return $tabs;
}
}

3
src/mibew/libs/classes/Mibew/Controller/Operator/AvatarController.php
View File

@ -17,7 +17,6 @@
namespace Mibew\Controller\Operator;
use Mibew\Controller\AbstractController;
use Mibew\Settings;
use Mibew\Http\Exception\AccessDeniedException;
use Mibew\Http\Exception\NotFoundException;
@ -67,7 +66,7 @@ class AvatarController extends AbstractController
$page['menuid'] = ($operator['operatorid'] == $op_id) ? 'profile' : 'operators';
$page = array_merge($page, prepare_menu($operator));
$page['tabs'] = setup_operator_settings_tabs($op_id, 1);
$page['tabs'] = $this->buildTabs($request);
return $this->render('operator_avatar', $page);
}

3
src/mibew/libs/classes/Mibew/Controller/Operator/GroupsController.php
View File

@ -17,7 +17,6 @@
namespace Mibew\Controller\Operator;
use Mibew\Controller\AbstractController;
use Mibew\Http\Exception\AccessDeniedException;
use Mibew\Http\Exception\BadRequestException;
use Mibew\Http\Exception\NotFoundException;
@ -95,7 +94,7 @@ class GroupsController extends AbstractController
$page['title'] = getlocal('operator.groups.title');
$page['menuid'] = ($operator['operatorid'] == $op_id) ? 'profile' : 'operators';
$page = array_merge($page, prepare_menu($operator));
$page['tabs'] = setup_operator_settings_tabs($op_id, 2);
$page['tabs'] = $this->buildTabs($request);
return $this->render('operator_groups', $page);
}

1
src/mibew/libs/classes/Mibew/Controller/Operator/ManagementController.php
View File

@ -17,7 +17,6 @@
namespace Mibew\Controller\Operator;
use Mibew\Controller\AbstractController;
use Mibew\Database;
use Mibew\Http\Exception\NotFoundException;
use Symfony\Component\HttpFoundation\Request;

154
src/mibew/libs/classes/Mibew/Controller/Operator/PermissionsController.php Normal file
View File

@ -0,0 +1,154 @@
<?php
/*
* Copyright 2005-2014 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
namespace Mibew\Controller\Operator;
use Mibew\Http\Exception\AccessDeniedException;
use Mibew\Http\Exception\BadRequestException;
use Mibew\Http\Exception\NotFoundException;
use Symfony\Component\HttpFoundation\Request;
/**
* Contains all actions which are related with operator's permissions.
*/
class PermissionsController extends AbstractController
{
/**
* Builds a page with form for edit operator's permissions.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
* @throws NotFoundException If the operator with specified ID is not found
* in the system.
* @throws AccessDeniedException If the current operator has not enough
* rights to view the page.
*/
public function showFormAction(Request $request)
{
set_csrf_token();
$operator = $request->attributes->get('_operator');
$op_id = $request->attributes->get('operator_id');
$page = array(
'opid' => $op_id,
'canmodify' => is_capable(CAN_ADMINISTRATE, $operator) ? '1' : '',
'errors' => array(),
);
// Check if the curent operator has enough rights to access the page
if ($op_id != $operator['operatorid'] && !is_capable(CAN_ADMINISTRATE, $operator)) {
throw new AccessDeniedException();
}
$op = operator_by_id($op_id);
if (!$op) {
throw new NotFoundException('The operator is not found.');
}
// Check if the target operator exists
$page['currentop'] = $op
? get_operator_name($op) . ' (' . $op['vclogin'] . ')'
: getlocal('not_found');
// Build list of permissions which belongs to the target operator.
$checked_permissions = array();
foreach (permission_ids() as $perm => $id) {
if (is_capable($perm, $op)) {
$checked_permissions[] = $id;
}
}
// Build list of all available permissions
$page['permissionsList'] = array();
foreach (get_permission_list() as $perm) {
$perm['checked'] = in_array($perm['id'], $checked_permissions);
$page['permissionsList'][] = $perm;
}
$page['stored'] = $request->query->has('stored');
$page['title'] = getlocal('permissions.title');
$page['menuid'] = ($operator['operatorid'] == $op_id) ? 'profile' : 'operators';
$page = array_merge($page, prepare_menu($operator));
$page['tabs'] = $this->buildTabs($request);
return $this->render('operator_permissions', $page);
}
/**
* Processes submitting of the form which is generated in
* {@link \Mibew\Controller\Operator\PermissionsController::showFormAction()}
* method.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
* @throws NotFoundException If the operator with specified ID is not found
* in the system.
* @throws BadRequestException If the "op" field of the form is in wrong
* format.
*/
public function submitFormAction(Request $request)
{
csrf_check_token($request);
$operator = $request->attributes->get('_operator');
// Use value from the form and not from the path to make sure it is
// correct. If not, throw an exception.
$op_id = $request->request->get('op');
if (!preg_match("/^\d{1,10}$/", $op_id)) {
throw new BadRequestException('Wrong value of "op" form field.');
}
// Check if the target operator exists
$op = operator_by_id($op_id);
if (!$op) {
throw new NotFoundException('The operator is not found.');
}
$new_permissions = isset($op['iperm']) ? $op['iperm'] : 0;
foreach (permission_ids() as $perm => $id) {
if ($request->request->get('permissions' . $id) == 'on') {
$new_permissions |= (1 << $perm);
} else {
$new_permissions &= ~(1 << $perm);
}
}
// Update operator's permissions in the database and in cached session
// data if it is needed.
update_operator_permissions($op['operatorid'], $new_permissions);
if ($operator['operatorid'] == $op_id) {
$operator['iperm'] = $new_permissions;
$_SESSION[SESSION_PREFIX . 'operator'] = $operator;
$request->attributes->set('_operator', $operator);
}
// Redirect the current operator to the same page using GET method.
$redirect_to = $this->generateUrl(
'operator_permissions',
array(
'operator_id' => $op_id,
'stored' => true,
)
);
return $this->redirect($redirect_to);
}
}

3
src/mibew/libs/classes/Mibew/Controller/Operator/ProfileController.php
View File

@ -17,7 +17,6 @@
namespace Mibew\Controller\Operator;
use Mibew\Controller\AbstractController;
use Mibew\Http\Exception\AccessDeniedException;
use Mibew\Http\Exception\NotFoundException;
use Symfony\Component\HttpFoundation\Request;
@ -109,7 +108,7 @@ class ProfileController extends AbstractController
$page['requirePassword'] = (!$op_id || $page['needChangePassword']);
$page['formaction'] = $request->getBaseUrl() . $request->getPathInfo();
$page = array_merge($page, prepare_menu($operator));
$page['tabs'] = setup_operator_settings_tabs($op_id, 0);
$page['tabs'] = $this->buildTabs($request);
return $this->render('operator_edit', $page);
}

1
src/mibew/libs/init.php
View File

@ -105,7 +105,6 @@ require_once(MIBEW_FS_ROOT . '/libs/groups.php');
require_once(MIBEW_FS_ROOT . '/libs/invitation.php');
require_once(MIBEW_FS_ROOT . '/libs/notify.php');
require_once(MIBEW_FS_ROOT . '/libs/operator.php');
require_once(MIBEW_FS_ROOT . '/libs/operator_settings.php');
require_once(MIBEW_FS_ROOT . '/libs/pagination.php');
require_once(MIBEW_FS_ROOT . '/libs/statistics.php');
require_once(MIBEW_FS_ROOT . '/libs/settings.php');

49
src/mibew/libs/operator_settings.php
View File

@ -1,49 +0,0 @@
<?php
/*
* Copyright 2005-2014 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* Builds list of operator settings tabs. The keys of the resulting array are
* tabs titles and the values are tabs URLs.
*
* @param int $operator_id ID of the operator whose settings page is displayed.
* @param int $active Number of the active tab. The count starts from 0.
* @return array Tabs list
* @deprecated
*/
function setup_operator_settings_tabs($operator_id, $active)
{
$tabs = array();
if ($operator_id) {
$tabs = array(
getlocal("page_agent.tab.main") => ($active != 0
? (MIBEW_WEB_ROOT . "/operator/operator/" . $operator_id . "/edit")
: ""),
getlocal("page_agent.tab.avatar") => ($active != 1
? (MIBEW_WEB_ROOT . "/operator/operator/" . $operator_id . "/avatar")
: ""),
getlocal("page_agent.tab.groups") => ($active != 2
? (MIBEW_WEB_ROOT . "/operator/operator/" . $operator_id . "/groups")
: ""),
getlocal("page_agent.tab.permissions") => ($active != 3
? (MIBEW_WEB_ROOT . "/operator/permissions.php?op=" . $operator_id)
: ""),
);
}
return $tabs;
}

19
src/mibew/libs/routing.yml
View File

@ -274,6 +274,25 @@ operator_groups_save:
operator_id: \d{1,10}
methods: [POST]
operator_permissions:
path: /operator/operator/{operator_id}/permissions
defaults:
_controller: Mibew\Controller\Operator\PermissionsController::showFormAction
_access_check: Mibew\AccessControl\Check\LoggedInCheck
requirements:
operator_id: \d{1,10}
methods: [GET]
operator_permissions_save:
path: /operator/operator/{operator_id}/permissions
defaults:
_controller: Mibew\Controller\Operator\PermissionsController::submitFormAction
_access_check: Mibew\AccessControl\Check\PermissionsCheck
_access_permissions: [CAN_ADMINISTRATE]
requirements:
operator_id: \d{1,10}
methods: [POST]
operators:
path: /operator/operator
defaults:

93
src/mibew/operator/permissions.php
View File

@ -1,93 +0,0 @@
<?php
/*
* Copyright 2005-2014 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
// Import namespaces and classes of the core
use Mibew\Style\PageStyle;
// Initialize libraries
require_once(dirname(dirname(__FILE__)) . '/libs/init.php');
$operator = check_login();
csrf_check_token();
$op_id = verify_param("op", "/^\d{1,9}$/");
$page = array(
'opid' => $op_id,
'canmodify' => is_capable(CAN_ADMINISTRATE, $operator) ? "1" : "",
'errors' => array(),
);
$op = operator_by_id($op_id);
if (!$op) {
$page['errors'][] = getlocal("no_such_operator");
} elseif (isset($_POST['op'])) {
if (!is_capable(CAN_ADMINISTRATE, $operator)) {
$page['errors'][] = getlocal('page_agent.cannot_modify');
}
$new_permissions = isset($op['iperm']) ? $op['iperm'] : 0;
foreach (permission_ids() as $perm => $id) {
if (verify_param("permissions$id", "/^on$/", "") == "on") {
$new_permissions |= (1 << $perm);
} else {
$new_permissions &= ~(1 << $perm);
}
}
if (count($page['errors']) == 0) {
update_operator_permissions($op['operatorid'], $new_permissions);
if ($op_id && $_SESSION[SESSION_PREFIX . "operator"] && $operator['operatorid'] == $op_id) {
$_SESSION[SESSION_PREFIX . "operator"]['iperm'] = $new_permissions;
}
header("Location: " . MIBEW_WEB_ROOT . "/operator/permissions.php?op=" . intval($op_id) . "&stored");
exit;
}
}
$page['currentop'] = $op
? get_operator_name($op) . " (" . $op['vclogin'] . ")"
: getlocal("not_found");
$checked_permissions = array();
if ($op) {
foreach (permission_ids() as $perm => $id) {
if (is_capable($perm, $op)) {
$checked_permissions[] = $id;
}
}
}
$page['permissionsList'] = array();
foreach (get_permission_list() as $perm) {
$perm['checked'] = in_array($perm['id'], $checked_permissions);
$page['permissionsList'][] = $perm;
}
$page['stored'] = isset($_GET['stored']);
$page['title'] = getlocal("permissions.title");
$page['menuid'] = ($operator['operatorid'] == $op_id) ? "profile" : "operators";
$page = array_merge($page, prepare_menu($operator));
$page['tabs'] = setup_operator_settings_tabs($op_id, 3);
$page_style = new PageStyle(PageStyle::getCurrentStyle());
$page_style->render('permissions', $page);

2
src/mibew/styles/pages/default/templates_src/server_side/permissions.handlebars → src/mibew/styles/pages/default/templates_src/server_side/operator_permissions.handlebars
View File

@ -13,7 +13,7 @@
<div id="formmessage">{{l10n "data.saved"}}</div>
{{/if}}
<form name="permissionsForm" method="post" action="{{mibewRoot}}/operator/permissions.php">
<form name="permissionsForm" method="post" action="{{mibewRoot}}/operator/operator/{{opid}}/permissions">
{{csrfTokenInput}}
<input type="hidden" name="op" value="{{opid}}"/>