PageRenderTime 58ms CodeModel.GetById 19ms RepoModel.GetById 1ms app.codeStats 0ms

/system/handlers/adminhandler.php

https://github.com/HabariMag/habarimag-old
PHP | 628 lines | 457 code | 56 blank | 115 comment | 72 complexity | ea836faab825800e6d54964d9f744be7 MD5 | raw file
Possible License(s): Apache-2.0
  1. <?php
  2. /**
  3. * @package Habari
  4. *
  5. */
  6. /**
  7. * Habari AdminHandler Class
  8. * Backbone of the admin area, handles requests and functionality.
  9. *
  10. * @todo Split into page-specific controllers.
  11. * Discussion: See http://groups.google.com/group/habari-dev/browse_thread/thread/9c469a4fcb61c814
  12. * Branch: https://trac.habariproject.org/habari/browser/branches/adminhandler
  13. * Related branch: http://trac.habariproject.org/habari/browser/branches/handlers
  14. */
  15. class AdminHandler extends ActionHandler
  16. {
  17. /** An instance of the active public theme, which allows plugin hooks to execute */
  18. protected $active_theme = null;
  19. /**
  20. * Verifies user credentials before creating the theme and displaying the request.
  21. */
  22. public function __construct()
  23. {
  24. $user = User::identify();
  25. if ( !$user->loggedin ) {
  26. Session::add_to_set( 'login', $_SERVER['REQUEST_URI'], 'original' );
  27. if ( URL::get_matched_rule()->name == 'admin_ajax' && isset( $_SERVER['HTTP_REFERER'] ) ) {
  28. header( 'Content-Type: text/javascript;charset=utf-8' );
  29. echo '{callback: function(){location.href="'.$_SERVER['HTTP_REFERER'].'"} }';
  30. }
  31. else {
  32. $post_raw = $_POST->get_array_copy_raw();
  33. if ( !empty( $post_raw ) ) {
  34. Session::add_to_set( 'last_form_data', $post_raw, 'post' );
  35. Session::error( _t( 'We saved the last form you posted. Log back in to continue its submission.' ), 'expired_form_submission' );
  36. }
  37. $get_raw = $_GET->get_array_copy_raw();
  38. if ( !empty( $get_raw ) ) {
  39. Session::add_to_set( 'last_form_data', $get_raw, 'get' );
  40. Session::error( _t( 'We saved the last form you posted. Log back in to continue its submission.' ), 'expired_form_submission' );
  41. }
  42. Utils::redirect( URL::get( 'auth', array( 'page' => 'login' ) ) );
  43. }
  44. exit;
  45. }
  46. $last_form_data = Session::get_set( 'last_form_data' ); // This was saved in the "if ( !$user )" above, UserHandler transferred it properly.
  47. /* At this point, Controller has not created handler_vars, so we have to modify $_POST/$_GET. */
  48. if ( isset( $last_form_data['post'] ) ) {
  49. $_POST = $_POST->merge( $last_form_data['post'] );
  50. $_SERVER['REQUEST_METHOD'] = 'POST'; // This will trigger the proper act_admin switches.
  51. Session::remove_error( 'expired_form_submission' );
  52. }
  53. if ( isset( $last_form_data['get'] ) ) {
  54. $_GET = $_GET->merge( $last_form_data['get'] );
  55. Session::remove_error( 'expired_form_submission' );
  56. // No need to change REQUEST_METHOD since GET is the default.
  57. }
  58. $user->remember();
  59. // Create an instance of the active public theme so that its plugin functions are implemented
  60. $this->active_theme = Themes::create();
  61. // setup the stacks for javascript in the admin - it's a method so a plugin can call it externally
  62. self::setup_stacks();
  63. // on every page load check the plugins currently loaded against the list we last checked for updates and trigger a cron if we need to
  64. Update::check_plugins();
  65. }
  66. /**
  67. * Create the admin theme instance
  68. *
  69. * @param string $page The admin page requested
  70. * @param string $type The content type included in the request
  71. */
  72. public function setup_admin_theme( $page, $type = '' )
  73. {
  74. if ( !isset( $this->theme ) ) {
  75. $theme_dir = Plugins::filter( 'admin_theme_dir', Site::get_dir( 'admin_theme', true ) );
  76. $this->theme = Themes::create( 'admin', 'RawPHPEngine', $theme_dir );
  77. // Add some default stylesheets
  78. Stack::add( 'admin_stylesheet', array( Site::get_url( 'admin_theme' ) . '/css/admin.css', 'screen' ), 'admin' );
  79. Stack::add( 'admin_stylesheet', array( Site::get_url( 'admin_theme' ) . '/css/jqueryui.css', 'screen' ), 'jqueryui' );
  80. // Add some default template variables
  81. $this->set_admin_template_vars( $this->theme );
  82. $this->theme->admin_type = $type;
  83. $this->theme->admin_page = $page;
  84. $this->theme->admin_page_url = ( $page == 'dashboard' ) ? URL::get( 'admin', 'page=' ) : URL::get( 'admin', 'page=' . $page );
  85. $this->theme->page = $page;
  86. $this->theme->admin_title = MultiByte::ucwords( $page ) . ( $type != '' ? ' ' . MultiByte::ucwords( $type ) : '' );
  87. $this->theme->admin_title =
  88. isset( $this->theme->mainmenu[$this->theme->admin_page]['text'] )
  89. ? $this->theme->mainmenu[$this->theme->admin_page]['text']
  90. : MultiByte::ucwords( $page ) . ( $type != '' ? ' ' . MultiByte::ucwords( $type ) : '' );
  91. }
  92. }
  93. /**
  94. * Dispatches the request to the defined method. (ie: post_{page})
  95. */
  96. public function act_admin()
  97. {
  98. $page = ( isset( $this->handler_vars['page'] ) && !empty( $this->handler_vars['page'] ) ) ? $this->handler_vars['page'] : 'dashboard';
  99. if ( isset( $this->handler_vars['content_type'] ) ) {
  100. $type = Plugins::filter( 'post_type_display', Post::type_name( $this->handler_vars['content_type'] ), 'singular' );
  101. }
  102. elseif ( $page == 'publish' && isset( $this->handler_vars['id'] ) ) {
  103. $type = Post::type_name( Post::get( array( 'status' => Post::status( 'any' ), 'id' => intval( $this->handler_vars['id'] ) ) )->content_type );
  104. $type = Plugins::filter( 'post_type_display', Post::type_name( Post::get( array( 'status' => Post::status( 'any' ), 'id' => intval( $this->handler_vars['id'] ) ) )->content_type ), 'singular' );
  105. }
  106. else {
  107. $type = '';
  108. }
  109. //$type = ( isset( $this->handler_vars['content_type'] ) && !empty( $this->handler_vars['content_type'] ) ) ? $this->handler_vars['content_type'] : '';
  110. $this->setup_admin_theme( $page, $type );
  111. // Access check to see if the user is allowed the requested page
  112. Utils::check_request_method( array( 'GET', 'HEAD', 'POST' ) );
  113. if ( !$this->access_allowed( $page, $type ) ) {
  114. Session::error( _t( 'Access to that page has been denied by the administrator.' ) );
  115. $this->get_blank();
  116. }
  117. switch ( $_SERVER['REQUEST_METHOD'] ) {
  118. case 'POST':
  119. // Let plugins try to handle the page
  120. Plugins::act( 'admin_theme_post_' . $page, $this, $this->theme );
  121. // Handle POSTs to the admin pages
  122. $fn = 'post_' . $page;
  123. if ( method_exists( $this, $fn ) ) {
  124. $this->$fn();
  125. }
  126. else {
  127. $classname = get_class( $this );
  128. echo sprintf( _t( '%1$s->%2$s() does not exist.' ), $classname, $fn );
  129. exit;
  130. }
  131. break;
  132. case 'GET':
  133. case 'HEAD':
  134. // Let plugins try to handle the page
  135. Plugins::act( 'admin_theme_get_' . $page, $this, $this->theme );
  136. // Handle GETs of the admin pages
  137. $fn = 'get_' . $page;
  138. if ( method_exists( $this, $fn ) ) {
  139. $this->$fn();
  140. exit;
  141. }
  142. // If a get_ function doesn't exist, just load the template and display it
  143. if ( $this->theme->template_exists( $page ) ) {
  144. $this->display( $page );
  145. }
  146. else {
  147. // The requested console page doesn't exist
  148. header( 'HTTP/1.1 404 Not Found', true, 404 );
  149. $this->get_blank( _t( 'The page you were looking for was not found.' ) );
  150. }
  151. break;
  152. }
  153. }
  154. /**
  155. * Handle incoming requests to /admin_ajax for admin ajax requests
  156. */
  157. public function act_admin_ajax()
  158. {
  159. header( 'Content-Type: text/javascript;charset=utf-8' );
  160. $context = $this->handler_vars['context'];
  161. if ( method_exists( $this, 'ajax_' . $context ) ) {
  162. $type = ( isset( $this->handler_vars['content_type'] ) && !empty( $this->handler_vars['content_type'] ) ) ? $this->handler_vars['content_type'] : '';
  163. // Access check to see if the user is allowed the requested page
  164. if ( $this->access_allowed( 'ajax_' . $context, $type ) ) {
  165. call_user_func( array( $this, 'ajax_' . $context ), $this->handler_vars );
  166. }
  167. }
  168. else {
  169. header( 'HTTP/1.1 403 Forbidden', true, 403 );
  170. die();
  171. }
  172. }
  173. /**
  174. * Handles get requests for the system information page.
  175. */
  176. public function get_sysinfo()
  177. {
  178. $sysinfo = array();
  179. $siteinfo = array();
  180. // Assemble Site Info
  181. $siteinfo[ _t( 'Habari Version' ) ] = Version::get_habariversion();
  182. if ( Version::is_devel() ) {
  183. $siteinfo[ _t( 'Habari Version' ) ] .= " r" . Version::get_svn_revision();
  184. }
  185. $siteinfo[ _t( 'Habari API Version' ) ] = Version::get_apiversion();
  186. $siteinfo[ _t( 'Habari DB Version' ) ] = Version::get_dbversion();
  187. $siteinfo[ _t( 'Active Theme' ) ] = Options::get( 'theme_name' );
  188. $siteinfo[ _t( 'Site Language' ) ] = strlen( Options::get( 'system_locale' ) ) ? Options::get( 'system_locale' ) : 'en-us';
  189. $this->theme->siteinfo = $siteinfo;
  190. // Assemble System Info
  191. $sysinfo[ _t( 'PHP Version' ) ] = phpversion();
  192. $sysinfo[ _t( 'Server Software' ) ] = $_SERVER['SERVER_SOFTWARE'];
  193. $sysinfo[ _t( 'Database' ) ] = DB::get_driver_name() . ' - ' . DB::get_driver_version();
  194. $sysinfo[ _t( 'PHP Extensions' ) ] = implode( ', ', get_loaded_extensions() );
  195. if ( defined( 'PCRE_VERSION' ) ) {
  196. $sysinfo[ _t( 'PCRE Version' ) ] = PCRE_VERSION;
  197. }
  198. else {
  199. // probably PHP < 5.2.4
  200. ob_start();
  201. phpinfo( 8 );
  202. $phpinfo = ob_get_contents();
  203. ob_end_clean();
  204. preg_match( '/PCRE Library Version.*class="v">(.*)$/mi', $phpinfo, $matches );
  205. $sysinfo[ _t( 'PCRE Version' ) ] = $matches[ 1 ];
  206. }
  207. $sysinfo[ _t( 'Browser' ) ] = $_SERVER[ 'HTTP_USER_AGENT' ];
  208. $this->theme->sysinfo = $sysinfo;
  209. // Assemble Class Info
  210. $classinfo = Utils::glob( HABARI_PATH . "/user/classes/*.php" );
  211. if ( count( $classinfo ) ) {
  212. $classinfo = array_map( 'realpath', $classinfo );
  213. }
  214. $this->theme->classinfo = $classinfo;
  215. // Assemble Plugin Info
  216. $raw_plugins = Plugins::get_active();
  217. $plugins = array( 'system'=>array(), 'user'=>array(), '3rdparty'=>array(), 'other'=>array() );
  218. foreach ( $raw_plugins as $plugin ) {
  219. $file = $plugin->get_file();
  220. if ( preg_match( '%[\\\\/](system|3rdparty|user)[\\\\/]plugins[\\\\/]%i', $file, $matches ) ) {
  221. // A plugin's info is XML, cast the element to a string. See #1026.
  222. $plugins[strtolower( $matches[1] )][(string)$plugin->info->name] = $file;
  223. }
  224. else {
  225. $plugins['other'][$plugin->info->name] = $file;
  226. }
  227. }
  228. $this->theme->plugins = $plugins;
  229. $this->display( 'sysinfo' );
  230. }
  231. /**
  232. * Display a blank admin page with appropriate navigation.
  233. * This function terminates execution before returning.
  234. * Useful for displaying errors when permission is denied for viewing.
  235. *
  236. * @param string $content Optional default content to display
  237. */
  238. public function get_blank( $content = '' )
  239. {
  240. $this->theme->content = Plugins::filter( 'admin_blank_content', $content );
  241. $this->display( 'blank' );
  242. exit();
  243. }
  244. /**
  245. * Assembles the main menu for the admin area.
  246. * @param Theme $theme The theme to add the menu to
  247. */
  248. protected function get_main_menu( $theme )
  249. {
  250. $page = ( isset( $this->handler_vars['page'] ) && !empty( $this->handler_vars['page'] ) ) ? $this->handler_vars['page'] : 'dashboard';
  251. // These need to be replaced with submenus, but access to them is provided temporarily
  252. $createmenu = array();
  253. $managemenu = array();
  254. $createperms = array();
  255. $manageperms = array();
  256. Plugins::register( array( $this, 'default_post_type_display' ), 'filter', 'post_type_display', 4 );
  257. $i = 1;
  258. foreach ( Post::list_active_post_types() as $type => $typeint ) {
  259. if ( $typeint == 0 ) {
  260. continue;
  261. }
  262. if ( $i == 10 ) {
  263. $hotkey = 0;
  264. }
  265. elseif ( $i > 10 ) {
  266. $hotkey = false;
  267. }
  268. else {
  269. $hotkey = $i;
  270. }
  271. $plural = Plugins::filter( 'post_type_display', $type, 'plural' );
  272. $singular = Plugins::filter( 'post_type_display', $type, 'singular' );
  273. $createperm = array( 'post_' . $type => ACL::get_bitmask( 'create' ), 'post_any' => ACL::get_bitmask( 'create' ) );
  274. $createmenu['create_' . $typeint] = array( 'url' => URL::get( 'admin', 'page=publish&content_type=' . $type ), 'title' => _t( 'Create a new %s', array( $singular ) ), 'text' => $singular, 'access' => $createperm );
  275. $createperms = array_merge( $createperms, $createperm );
  276. $manageperm = array( 'post_' . $type => array( ACL::get_bitmask( 'edit' ), ACL::get_bitmask( 'delete' ) ), 'own_posts'=>array( ACL::get_bitmask( 'edit' ), ACL::get_bitmask( 'delete' ) ), 'post_any'=>array( ACL::get_bitmask( 'edit' ), ACL::get_bitmask( 'delete' ) ) );
  277. $managemenu['manage_' . $typeint] = array( 'url' => URL::get( 'admin', 'page=posts&type=' . $typeint ), 'title' => _t( 'Manage %s', array( $plural ) ), 'text' => $plural, 'access'=> $manageperm );
  278. $manageperms = array_merge( $manageperms, $manageperm );
  279. $createmenu['create_' . $typeint]['hotkey'] = $hotkey;
  280. $managemenu['manage_' . $typeint]['hotkey'] = $hotkey;
  281. if ( $page == 'publish' && isset( $this->handler_vars['content_type'] ) && $this->handler_vars['content_type'] == $type ) {
  282. $createmenu['create_' . $typeint]['selected'] = true;
  283. }
  284. if ( $page == 'posts' && isset( $this->handler_vars['type'] ) && $this->handler_vars['type'] == $typeint ) {
  285. $managemenu['manage_' . $typeint]['selected'] = true;
  286. }
  287. $i++;
  288. }
  289. $createperms = array_merge( $createperms, array( 'own_posts'=>array( ACL::get_bitmask( 'create' ) ) ) );
  290. $manageperms = array_merge( $manageperms, array( 'own_posts'=>array( ACL::get_bitmask( 'edit' ), ACL::get_bitmask( 'delete' ) ) ) );
  291. $adminmenu = array(
  292. 'create' => array( 'url' => '', 'title' => _t( 'Create content' ), 'text' => _t( 'New' ), 'hotkey' => 'N', 'submenu' => $createmenu ),
  293. 'manage' => array( 'url' => '', 'title' => _t( 'Manage content' ), 'text' => _t( 'Manage' ), 'hotkey' => 'M', 'submenu' => $managemenu ),
  294. 'comments' => array( 'url' => URL::get( 'admin', 'page=comments' ), 'title' => _t( 'Manage comments' ), 'text' => _t( 'Comments' ), 'hotkey' => 'C', 'access' => array( 'manage_all_comments' => true, 'manage_own_post_comments' => true ) ),
  295. 'tags' => array( 'url' => URL::get( 'admin', 'page=tags' ), 'title' => _t( 'Manage tags' ), 'text' => _t( 'Tags' ), 'hotkey' => 'A', 'access'=>array( 'manage_tags'=>true ) ),
  296. 'dashboard' => array( 'url' => URL::get( 'admin', 'page=' ), 'title' => _t( 'View your user dashboard' ), 'text' => _t( 'Dashboard' ), 'hotkey' => 'D' ),
  297. 'options' => array( 'url' => URL::get( 'admin', 'page=options' ), 'title' => _t( 'View and configure site options' ), 'text' => _t( 'Options' ), 'hotkey' => 'O', 'access'=>array( 'manage_options'=>true ) ),
  298. 'themes' => array( 'url' => URL::get( 'admin', 'page=themes' ), 'title' => _t( 'Preview and activate themes' ), 'text' => _t( 'Themes' ), 'hotkey' => 'T', 'access'=>array( 'manage_theme'=>true ) ),
  299. 'plugins' => array( 'url' => URL::get( 'admin', 'page=plugins' ), 'title' => _t( 'Activate, deactivate, and configure plugins' ), 'text' => _t( 'Plugins' ), 'hotkey' => 'P', 'access'=>array( 'manage_plugins'=>true, 'manage_plugins_config' => true ) ),
  300. 'import' => array( 'url' => URL::get( 'admin', 'page=import' ), 'title' => _t( 'Import content from another site' ), 'text' => _t( 'Import' ), 'hotkey' => 'I', 'access'=>array( 'manage_import'=>true ) ),
  301. 'users' => array( 'url' => URL::get( 'admin', 'page=users' ), 'title' => _t( 'View and manage users' ), 'text' => _t( 'Users' ), 'hotkey' => 'U', 'access'=>array( 'manage_users'=>true ) ),
  302. 'profile' => array( 'url' => URL::get( 'admin', 'page=user' ), 'title' => _t( 'Manage your user profile' ), 'text' => _t( 'My Profile' ), 'hotkey' => 'Y', 'access'=>array( 'manage_self'=>true, 'manage_users'=>true ) ),
  303. 'groups' => array( 'url' => URL::get( 'admin', 'page=groups' ), 'title' => _t( 'View and manage groups' ), 'text' => _t( 'Groups' ), 'hotkey' => 'G', 'access'=>array( 'manage_groups'=>true ) ),
  304. 'logs' => array( 'url' => URL::get( 'admin', 'page=logs' ), 'title' => _t( 'View system log messages' ), 'text' => _t( 'Logs' ), 'hotkey' => 'L', 'access'=>array( 'manage_logs'=>true ) ) ,
  305. 'logout' => array( 'url' => URL::get( 'auth', 'page=logout' ), 'title' => _t( 'Log out of the administration interface' ), 'text' => _t( 'Logout' ), 'hotkey' => 'X' ),
  306. );
  307. $mainmenus = array_merge( $adminmenu );
  308. foreach ( $mainmenus as $menu_id => $menu ) {
  309. // Change this to set the correct menu as the active menu
  310. if ( !isset( $mainmenus[$menu_id]['selected'] ) ) {
  311. $mainmenus[$menu_id]['selected'] = false;
  312. }
  313. }
  314. $mainmenus = Plugins::filter( 'adminhandler_post_loadplugins_main_menu', $mainmenus );
  315. foreach ( $mainmenus as $key => $attrs ) {
  316. if ( $page == $key ) {
  317. $mainmenus[$key]['selected'] = true;
  318. }
  319. }
  320. $mainmenus = $this->filter_menus_by_permission( $mainmenus );
  321. // Strip out import if no importers are available
  322. if ( !Plugins::filter( 'import_names', array() ) )
  323. unset( $mainmenus['import'] );
  324. // Make submenu links default to the first available item
  325. foreach ( array_keys( $mainmenus ) as $action ) {
  326. if ( !$mainmenus[$action]['url'] && !empty( $mainmenus[$action]['submenu'] ) ) {
  327. $default = current( $mainmenus[$action]['submenu'] );
  328. $mainmenus[$action]['url'] = $default['url'];
  329. }
  330. }
  331. $theme->assign( 'mainmenu', $mainmenus );
  332. }
  333. /**
  334. * Remove menus for which the user does not have qualifying permissions.
  335. *
  336. * @param array $menuarray The master array of admin menu items
  337. * @return array The modified array of admin menu items
  338. */
  339. protected function filter_menus_by_permission( $menuarray )
  340. {
  341. $user = User::identify();
  342. foreach ( $menuarray as $key => $attrs ) {
  343. if ( isset( $attrs['access'] ) ) {
  344. $attrs['access'] = Utils::single_array( $attrs['access'] );
  345. $pass = false;
  346. foreach ( $attrs['access'] as $token => $masks ) {
  347. $masks = Utils::single_array( $masks );
  348. foreach ( $masks as $mask ) {
  349. if ( is_bool( $mask ) ) {
  350. if ( $user->can( $token ) ) {
  351. $pass = true;
  352. break;
  353. }
  354. }
  355. else {
  356. if ( $user->cannot( $token ) ) {
  357. break 2;
  358. }
  359. else {
  360. if ( $user->can( $token, $mask ) ) {
  361. $pass = true;
  362. break 2;
  363. }
  364. }
  365. }
  366. }
  367. }
  368. if ( !$pass ) {
  369. unset( $menuarray[$key] );
  370. }
  371. }
  372. if ( isset( $attrs['submenu'] ) && count( $attrs['submenu'] ) > 0 ) {
  373. $menuarray[$key]['submenu'] = $this->filter_menus_by_permission( $attrs['submenu'] );
  374. if ( count( $menuarray[$key]['submenu'] ) == 0 ) {
  375. unset( $menuarray[$key]['submenu'] );
  376. unset( $menuarray[$key] );
  377. }
  378. }
  379. if ( isset( $menuarray[$key] ) && count( $menuarray[$key] ) == 0 ) {
  380. unset( $menuarray[$key] );
  381. }
  382. }
  383. return $menuarray;
  384. }
  385. /**
  386. * Checks if the currently logged in user has access to a page and post type.
  387. */
  388. private function access_allowed( $page, $type )
  389. {
  390. $user = User::identify();
  391. $require_any = array();
  392. $result = false;
  393. switch ( $page ) {
  394. case 'comment':
  395. case 'comments':
  396. case 'ajax_comments':
  397. case 'ajax_in_edit':
  398. case 'ajax_update_comment':
  399. $require_any = array( 'manage_all_comments' => true, 'manage_own_post_comments' => true );
  400. break;
  401. case 'tags':
  402. case 'ajax_tags':
  403. $require_any = array( 'manage_tags' => true );
  404. break;
  405. case 'options':
  406. $require_any = array( 'manage_options' => true );
  407. break;
  408. case 'themes':
  409. $require_any = array( 'manage_themes' => true, 'manage_theme_config' => true );
  410. break;
  411. case 'activate_theme':
  412. $require_any = array( 'manage_themes' => true );
  413. break;
  414. case 'preview_theme':
  415. $require_any = array( 'manage_themes' => true );
  416. break;
  417. case 'plugins':
  418. $require_any = array( 'manage_plugins' => true, 'manage_plugins_config' => true );
  419. break;
  420. case 'plugin_toggle':
  421. $require_any = array( 'manage_plugins' => true );
  422. break;
  423. case 'import':
  424. $require_any = array( 'manage_import' => true );
  425. break;
  426. case 'users':
  427. case 'ajax_update_users':
  428. case 'ajax_users':
  429. $require_any = array( 'manage_users' => true );
  430. break;
  431. case 'user':
  432. $require_any = array( 'manage_users' => true, 'manage_self' => true );
  433. break;
  434. case 'groups':
  435. case 'group':
  436. case 'ajax_update_groups':
  437. case 'ajax_groups':
  438. $require_any = array( 'manage_groups' => true );
  439. break;
  440. case 'logs':
  441. case 'ajax_delete_logs':
  442. case 'ajax_logs':
  443. $require_any = array( 'manage_logs' => true );
  444. break;
  445. case 'publish':
  446. case 'ajax_media':
  447. case 'ajax_media_panel':
  448. $type = Post::type_name( $type );
  449. $require_any = array(
  450. 'post_any' => array( ACL::get_bitmask( 'create' ), ACL::get_bitmask( 'edit' ) ),
  451. 'post_' . $type => array( ACL::get_bitmask( 'create' ), ACL::get_bitmask( 'edit' ) ),
  452. 'own_posts' => array( ACL::get_bitmask( 'create' ), ACL::get_bitmask( 'edit' ) ),
  453. );
  454. break;
  455. case 'delete_post':
  456. $type = Post::type_name( $type );
  457. $require_any = array(
  458. 'post_any' => ACL::get_bitmask( 'delete' ),
  459. 'post_' . $type => ACL::get_bitmask( 'delete' ),
  460. 'own_posts' => ACL::get_bitmask( 'delete' ),
  461. );
  462. break;
  463. case 'posts':
  464. case 'ajax_posts':
  465. case 'ajax_update_posts':
  466. $require_any = array(
  467. 'post_any' => array( ACL::get_bitmask( 'delete' ), ACL::get_bitmask( 'edit' ) ),
  468. 'own_posts' => array( ACL::get_bitmask( 'delete' ), ACL::get_bitmask( 'edit' ) ),
  469. );
  470. foreach ( Post::list_active_post_types() as $type => $type_id ) {
  471. $require_any['post_' . $type] = array( ACL::get_bitmask( 'delete' ), ACL::get_bitmask( 'edit' ) );
  472. }
  473. break;
  474. case 'sysinfo':
  475. $require_any = array( 'super_user' => true );
  476. break;
  477. case 'dashboard':
  478. case 'ajax_dashboard':
  479. $result = true;
  480. break;
  481. case 'ajax_add_block':
  482. $result = true;
  483. break;
  484. case 'ajax_delete_block':
  485. $result = true;
  486. break;
  487. case 'configure_block':
  488. $result = true;
  489. break;
  490. case 'ajax_save_areas':
  491. $result = true;
  492. break;
  493. default:
  494. break;
  495. }
  496. $require_any = Plugins::filter( 'admin_access_tokens', $require_any, $page, $type );
  497. foreach ( $require_any as $token => $access ) {
  498. $access = Utils::single_array( $access );
  499. foreach ( $access as $mask ) {
  500. if ( is_bool( $mask ) && $user->can( $token ) ) {
  501. $result = true;
  502. break;
  503. }
  504. elseif ( $user->can( $token, $mask ) ) {
  505. $result = true;
  506. break 2;
  507. }
  508. }
  509. }
  510. $result = Plugins::filter( 'admin_access', $result, $page, $type );
  511. return $result;
  512. }
  513. /**
  514. * How to display the built-in post types.
  515. */
  516. public function default_post_type_display( $type, $foruse )
  517. {
  518. $names = array(
  519. 'entry' => array(
  520. 'singular' => _t( 'Entry' ),
  521. 'plural' => _t( 'Entries' ),
  522. ),
  523. 'page' => array(
  524. 'singular' => _t( 'Page' ),
  525. 'plural' => _t( 'Pages' ),
  526. ),
  527. );
  528. return isset( $names[$type][$foruse] ) ? $names[$type][$foruse] : $type;
  529. }
  530. /**
  531. * Assigns the main menu to $mainmenu into the theme.
  532. */
  533. protected function set_admin_template_vars( $theme )
  534. {
  535. $this->get_main_menu( $theme );
  536. }
  537. /**
  538. * Helper function to assign all handler_vars into the theme and displays a theme template.
  539. * @param template_name Name of template to display (note: not the filename)
  540. */
  541. protected function display( $template_name )
  542. {
  543. $this->theme->display( $template_name );
  544. }
  545. /**
  546. * Setup the default admin javascript stack here so that it can be called
  547. * from plugins, etc. This is not an ideal solution, but works for now.
  548. *
  549. */
  550. public static function setup_stacks()
  551. {
  552. Stack::add( 'admin_header_javascript', Site::get_url( 'vendor' ) . "/jquery.js", 'jquery' );
  553. Stack::add( 'admin_header_javascript', Site::get_url( 'vendor' ) . "/jquery-ui.min.js", 'jquery.ui', 'jquery' );
  554. Stack::add( 'admin_header_javascript', Site::get_url( 'vendor' ) . "/jquery.color.js", 'jquery.color', 'jquery' );
  555. Stack::add( 'admin_header_javascript', Site::get_url( 'vendor' ) . "/jquery.ui.nestedSortable.js", 'jquery-nested-sortable', 'jquery.ui' );
  556. Stack::add( 'admin_header_javascript', Site::get_url( 'vendor' ) . "/humanmsg/humanmsg.js", 'humanmsg', 'jquery' );
  557. Stack::add( 'admin_header_javascript', Site::get_url( 'vendor' ) . "/jquery.hotkeys.js", 'jquery.hotkeys', 'jquery' );
  558. Stack::add( 'admin_header_javascript', Site::get_url( 'admin_theme' ) . "/js/media.js", 'media', 'jquery' );
  559. Stack::add( 'admin_header_javascript', Site::get_url( 'admin_theme' ) . "/js/admin.js", 'admin', 'jquery' );
  560. Stack::add( 'admin_header_javascript', Site::get_url( 'vendor' ) . "/crc32.js", 'crc32' );
  561. }
  562. public function create_theme()
  563. {
  564. $theme_dir = Plugins::filter( 'admin_theme_dir', Site::get_dir( 'admin_theme', true ) );
  565. $this->theme = Themes::create( 'admin', 'RawPHPEngine', $theme_dir );
  566. }
  567. }
  568. ?>