PageRenderTime 24ms CodeModel.GetById 12ms app.highlight 8ms RepoModel.GetById 1ms app.codeStats 0ms

/magento/app/code/core/Mage/Admin/Model/Session.php

https://bitbucket.org/jit_bec/shopifine
PHP | 231 lines | 113 code | 18 blank | 100 comment | 21 complexity | 36e2e10aaa818d4f2717ea269eee30be MD5 | raw file
  1<?php
  2/**
  3 * Magento
  4 *
  5 * NOTICE OF LICENSE
  6 *
  7 * This source file is subject to the Open Software License (OSL 3.0)
  8 * that is bundled with this package in the file LICENSE.txt.
  9 * It is also available through the world-wide-web at this URL:
 10 * http://opensource.org/licenses/osl-3.0.php
 11 * If you did not receive a copy of the license and are unable to
 12 * obtain it through the world-wide-web, please send an email
 13 * to license@magentocommerce.com so we can send you a copy immediately.
 14 *
 15 * DISCLAIMER
 16 *
 17 * Do not edit or add to this file if you wish to upgrade Magento to newer
 18 * versions in the future. If you wish to customize Magento for your
 19 * needs please refer to http://www.magentocommerce.com for more information.
 20 *
 21 * @category    Mage
 22 * @package     Mage_Admin
 23 * @copyright   Copyright (c) 2012 Magento Inc. (http://www.magentocommerce.com)
 24 * @license     http://opensource.org/licenses/osl-3.0.php  Open Software License (OSL 3.0)
 25 */
 26
 27
 28/**
 29 * Auth session model
 30 *
 31 * @category    Mage
 32 * @package     Mage_Admin
 33 * @author      Magento Core Team <core@magentocommerce.com>
 34 */
 35class Mage_Admin_Model_Session extends Mage_Core_Model_Session_Abstract
 36{
 37
 38    /**
 39     * Whether it is the first page after successfull login
 40     *
 41     * @var boolean
 42     */
 43    protected $_isFirstPageAfterLogin;
 44
 45    /**
 46     * Class constructor
 47     *
 48     */
 49    public function __construct()
 50    {
 51        $this->init('admin');
 52    }
 53
 54    /**
 55     * Pull out information from session whether there is currently the first page after log in
 56     *
 57     * The idea is to set this value on login(), then redirect happens,
 58     * after that on next request the value is grabbed once the session is initialized
 59     * Since the session is used as a singleton, the value will be in $_isFirstPageAfterLogin until the end of request,
 60     * unless it is reset intentionally from somewhere
 61     *
 62     * @param string $namespace
 63     * @param string $sessionName
 64     * @return Mage_Admin_Model_Session
 65     * @see self::login()
 66     */
 67    public function init($namespace, $sessionName = null)
 68    {
 69        parent::init($namespace, $sessionName);
 70        $this->isFirstPageAfterLogin();
 71        return $this;
 72    }
 73
 74    /**
 75     * Try to login user in admin
 76     *
 77     * @param  string $username
 78     * @param  string $password
 79     * @param  Mage_Core_Controller_Request_Http $request
 80     * @return Mage_Admin_Model_User|null
 81     */
 82    public function login($username, $password, $request = null)
 83    {
 84        if (empty($username) || empty($password)) {
 85            return;
 86        }
 87
 88        try {
 89            /** @var $user Mage_Admin_Model_User */
 90            $user = Mage::getModel('admin/user');
 91            $user->login($username, $password);
 92            if ($user->getId()) {
 93                $this->renewSession();
 94
 95                if (Mage::getSingleton('adminhtml/url')->useSecretKey()) {
 96                    Mage::getSingleton('adminhtml/url')->renewSecretUrls();
 97                }
 98                $this->setIsFirstPageAfterLogin(true);
 99                $this->setUser($user);
100                $this->setAcl(Mage::getResourceModel('admin/acl')->loadAcl());
101
102                $requestUri = $this->_getRequestUri($request);
103                if ($requestUri) {
104                    Mage::dispatchEvent('admin_session_user_login_success', array('user' => $user));
105                    header('Location: ' . $requestUri);
106                    exit;
107                }
108            } else {
109                Mage::throwException(Mage::helper('adminhtml')->__('Invalid User Name or Password.'));
110            }
111        } catch (Mage_Core_Exception $e) {
112            Mage::dispatchEvent('admin_session_user_login_failed',
113                array('user_name' => $username, 'exception' => $e));
114            if ($request && !$request->getParam('messageSent')) {
115                Mage::getSingleton('adminhtml/session')->addError($e->getMessage());
116                $request->setParam('messageSent', true);
117            }
118        }
119
120        return $user;
121    }
122
123    /**
124     * Refresh ACL resources stored in session
125     *
126     * @param  Mage_Admin_Model_User $user
127     * @return Mage_Admin_Model_Session
128     */
129    public function refreshAcl($user = null)
130    {
131        if (is_null($user)) {
132            $user = $this->getUser();
133        }
134        if (!$user) {
135            return $this;
136        }
137        if (!$this->getAcl() || $user->getReloadAclFlag()) {
138            $this->setAcl(Mage::getResourceModel('admin/acl')->loadAcl());
139        }
140        if ($user->getReloadAclFlag()) {
141            $user->unsetData('password');
142            $user->setReloadAclFlag('0')->save();
143        }
144        return $this;
145    }
146
147    /**
148     * Check current user permission on resource and privilege
149     *
150     * Mage::getSingleton('admin/session')->isAllowed('admin/catalog')
151     * Mage::getSingleton('admin/session')->isAllowed('catalog')
152     *
153     * @param   string $resource
154     * @param   string $privilege
155     * @return  boolean
156     */
157    public function isAllowed($resource, $privilege = null)
158    {
159        $user = $this->getUser();
160        $acl = $this->getAcl();
161
162        if ($user && $acl) {
163            if (!preg_match('/^admin/', $resource)) {
164                $resource = 'admin/' . $resource;
165            }
166
167            try {
168                return $acl->isAllowed($user->getAclRole(), $resource, $privilege);
169            } catch (Exception $e) {
170                try {
171                    if (!$acl->has($resource)) {
172                        return $acl->isAllowed($user->getAclRole(), null, $privilege);
173                    }
174                } catch (Exception $e) { }
175            }
176        }
177        return false;
178    }
179
180    /**
181     * Check if user is logged in
182     *
183     * @return boolean
184     */
185    public function isLoggedIn()
186    {
187        return $this->getUser() && $this->getUser()->getId();
188    }
189
190    /**
191     * Check if it is the first page after successfull login
192     *
193     * @return boolean
194     */
195    public function isFirstPageAfterLogin()
196    {
197        if (is_null($this->_isFirstPageAfterLogin)) {
198            $this->_isFirstPageAfterLogin = $this->getData('is_first_visit', true);
199        }
200        return $this->_isFirstPageAfterLogin;
201    }
202
203    /**
204     * Setter whether the current/next page should be treated as first page after login
205     *
206     * @param bool $value
207     * @return Mage_Admin_Model_Session
208     */
209    public function setIsFirstPageAfterLogin($value)
210    {
211        $this->_isFirstPageAfterLogin = (bool)$value;
212        return $this->setIsFirstVisit($this->_isFirstPageAfterLogin);
213    }
214
215    /**
216     * Custom REQUEST_URI logic
217     *
218     * @param Mage_Core_Controller_Request_Http $request
219     * @return string|null
220     */
221    protected function _getRequestUri($request = null)
222    {
223        if (Mage::getSingleton('adminhtml/url')->useSecretKey()) {
224            return Mage::getSingleton('adminhtml/url')->getUrl('*/*/*', array('_current' => true));
225        } elseif ($request) {
226            return $request->getRequestUri();
227        } else {
228            return null;
229        }
230    }
231}