PageRenderTime 49ms CodeModel.GetById 21ms RepoModel.GetById 0ms app.codeStats 0ms

/plugins/SegmentEditor/API.php

https://github.com/CodeYellowBV/piwik
PHP | 334 lines | 318 code | 3 blank | 13 comment | 0 complexity | d2a88f58ac350ab92559f7277b9848e1 MD5 | raw file
Possible License(s): LGPL-3.0, JSON, MIT, GPL-3.0, LGPL-2.1, GPL-2.0, AGPL-1.0, BSD-2-Clause, BSD-3-Clause 
    

  1. <?php
    2. 

  2. /**
    3. 

  3.  * Piwik - free/libre analytics platform
    4. 

  4.  *
    5. 

  5.  * @link http://piwik.org
    6. 

  6.  * @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
    7. 

  7.  *
    8. 

  8.  */
    9. 

  9. namespace Piwik\Plugins\SegmentEditor;
    10. 

  10. 

  11. use Exception;
    12. 

  12. use Piwik\Common;
    13. 

  13. use Piwik\Date;
    14. 

  14. use Piwik\Db;
    15. 

  15. use Piwik\Piwik;
    16. 

  16. use Piwik\Config;
    17. 

  17. use Piwik\Plugins\UsersManager\UsersManager;
    18. 

  18. use Piwik\Segment;
    19. 

  19. 

  20. /**
    21. 

  21.  * The SegmentEditor API lets you add, update, delete custom Segments, and list saved segments.a
    22. 

  22.  *
    23. 

  23.  * @method static \Piwik\Plugins\SegmentEditor\API getInstance()
    24. 

  24.  */
    25. 

  25. class API extends \Piwik\Plugin\API
    26. 

  26. {
    27. 

  27.     protected function checkSegmentValue($definition, $idSite)
    28. 

  28.     {
    29. 

  29.         // unsanitize so we don't record the HTML entitied segment
    30. 

  30.         $definition = Common::unsanitizeInputValue($definition);
    31. 

  31.         $definition = str_replace("#", '%23', $definition); // hash delimiter
    32. 

  32.         $definition = str_replace("'", '%27', $definition); // not encoded in JS
    33. 

  33.         $definition = str_replace("&", '%26', $definition);
    34. 

  34. 

  35.         try {
    36. 

  36.             $segment = new Segment($definition, $idSite);
    37. 

  37.             $segment->getHash();
    38. 

  38.         } catch (Exception $e) {
    39. 

  39.             throw new Exception("The specified segment is invalid: " . $e->getMessage());
    40. 

  40.         }
    41. 

  41.         return $definition;
    42. 

  42.     }
    43. 

  43. 

  44.     protected function checkSegmentName($name)
    45. 

  45.     {
    46. 

  46.         if (empty($name)) {
    47. 

  47.             throw new Exception("Invalid name for this custom segment.");
    48. 

  48.         }
    49. 

  49.     }
    50. 

  50. 

  51.     protected function checkEnabledAllUsers($enabledAllUsers)
    52. 

  52.     {
    53. 

  53.         $enabledAllUsers = (int)$enabledAllUsers;
    54. 

  54.         if ($enabledAllUsers
    55. 

  55.             && !Piwik::hasUserSuperUserAccess()
    56. 

  56.         ) {
    57. 

  57.             throw new Exception("enabledAllUsers=1 requires Super User access");
    58. 

  58.         }
    59. 

  59.         return $enabledAllUsers;
    60. 

  60.     }
    61. 

  61. 

  62.     protected function checkIdSite($idSite)
    63. 

  63.     {
    64. 

  64.         if (empty($idSite)) {
    65. 

  65.             if (!Piwik::hasUserSuperUserAccess()) {
    66. 

  66.                 throw new Exception($this->getMessageCannotEditSegmentCreatedBySuperUser());
    67. 

  67.             }
    68. 

  68.         } else {
    69. 

  69.             if (!is_numeric($idSite)) {
    70. 

  70.                 throw new Exception("idSite should be a numeric value");
    71. 

  71.             }
    72. 

  72.             Piwik::checkUserHasViewAccess($idSite);
    73. 

  73.         }
    74. 

  74.         $idSite = (int)$idSite;
    75. 

  75.         return $idSite;
    76. 

  76.     }
    77. 

  77. 

  78.     protected function checkAutoArchive($autoArchive, $idSite)
    79. 

  79.     {
    80. 

  80.         $autoArchive = (int)$autoArchive;
    81. 

  81.         if ($autoArchive) {
    82. 

  82.             $exception = new Exception("To prevent abuse, autoArchive=1 requires Super User or ControllerAdmin access.");
    83. 

  83.             if (empty($idSite)) {
    84. 

  84.                 if (!Piwik::hasUserSuperUserAccess()) {
    85. 

  85.                     throw $exception;
    86. 

  86.                 }
    87. 

  87.             } else {
    88. 

  88.                 if (!Piwik::isUserHasAdminAccess($idSite)) {
    89. 

  89.                     throw $exception;
    90. 

  90.                 }
    91. 

  91.             }
    92. 

  92.         }
    93. 

  93.         return $autoArchive;
    94. 

  94.     }
    95. 

  95. 

  96.     protected function getSegmentOrFail($idSegment)
    97. 

  97.     {
    98. 

  98.         $segment = $this->get($idSegment);
    99. 

  99. 

  100.         if (empty($segment)) {
    101. 

  101.             throw new Exception("Requested segment not found");
    102. 

  102.         }
    103. 

  103.         return $segment;
    104. 

  104.     }
    105. 

  105. 

  106.     protected function checkUserIsNotAnonymous()
    107. 

  107.     {
    108. 

  108.         if (Piwik::isUserIsAnonymous()) {
    109. 

  109.             throw new Exception("To create, edit or delete Custom Segments, please sign in first.");
    110. 

  110.         }
    111. 

  111.     }
    112. 

  112. 

  113.     protected function checkUserCanAddNewSegment($idSite)
    114. 

  114.     {
    115. 

  115.         if(!$this->isUserCanAddNewSegment($idSite)) {
    116. 

  116.             throw new Exception(Piwik::translate('SegmentEditor_YouDontHaveAccessToCreateSegments'));
    117. 

  117.         }
    118. 

  118.     }
    119. 

  119. 

  120.     public function isUserCanAddNewSegment($idSite)
    121. 

  121.     {
    122. 

  122.         if(Piwik::isUserIsAnonymous()) {
    123. 

  123.             return false;
    124. 

  124.         }
    125. 

  125. 

  126.         $requiredAccess = Config::getInstance()->General['adding_segment_requires_access'];
    127. 

  127. 

  128.         $authorized =
    129. 

  129.             ($requiredAccess == 'view' && Piwik::isUserHasViewAccess($idSite)) ||
    130. 

  130.             ($requiredAccess == 'admin' && Piwik::isUserHasAdminAccess($idSite)) ||
    131. 

  131.             ($requiredAccess == 'superuser' && Piwik::hasUserSuperUserAccess())
    132. 

  132.         ;
    133. 

  133. 

  134.         return $authorized;
    135. 

  135.     }
    136. 

  136. 

  137.     protected function checkUserCanEditOrDeleteSegment($segment)
    138. 

  138.     {
    139. 

  139.         if(Piwik::hasUserSuperUserAccess()) {
    140. 

  140.             return;
    141. 

  141.         }
    142. 

  142. 

  143.         $this->checkUserIsNotAnonymous();
    144. 

  144. 

  145.         if($segment['login'] != Piwik::getCurrentUserLogin()) {
    146. 

  146.             throw new Exception($this->getMessageCannotEditSegmentCreatedBySuperUser());
    147. 

  147.         }
    148. 

  148.     }
    149. 

  149. 

  150.     /**
    151. 

  151.      * Deletes a stored segment.
    152. 

  152.      *
    153. 

  153.      * @param $idSegment
    154. 

  154.      * @return bool
    155. 

  155.      */
    156. 

  156.     public function delete($idSegment)
    157. 

  157.     {
    158. 

  158.         $segment = $this->getSegmentOrFail($idSegment);
    159. 

  159.         $this->checkUserCanEditOrDeleteSegment($segment);
    160. 

  160. 

  161.         /**
    162. 

  162.          * Triggered before a segment is deleted or made invisible.
    163. 

  163.          *
    164. 

  164.          * This event can be used by plugins to throw an exception
    165. 

  165.          * or do something else.
    166. 

  166.          *
    167. 

  167.          * @param int $idSegment The ID of the segment being deleted.
    168. 

  168.          */
    169. 

  169.         Piwik::postEvent('SegmentEditor.deactivate', array($idSegment));
    170. 

  170. 

  171.         $db = Db::get();
    172. 

  172.         $db->delete(Common::prefixTable('segment'), 'idsegment = ' . $idSegment);
    173. 

  173.         return true;
    174. 

  174.     }
    175. 

  175. 

  176.     /**
    177. 

  177.      * Modifies an existing stored segment.
    178. 

  178.      *
    179. 

  179.      * @param int $idSegment The ID of the stored segment to modify.
    180. 

  180.      * @param string $name The new name of the segment.
    181. 

  181.      * @param string $definition The new definition of the segment.
    182. 

  182.      * @param bool $idSite If supplied, associates the stored segment with as single site.
    183. 

  183.      * @param bool $autoArchive Whether to automatically archive data with the segment or not.
    184. 

  184.      * @param bool $enabledAllUsers Whether the stored segment is viewable by all users or just the one that created it.
    185. 

  185.      *
    186. 

  186.      * @return bool
    187. 

  187.      */
    188. 

  188.     public function update($idSegment, $name, $definition, $idSite = false, $autoArchive = false, $enabledAllUsers = false)
    189. 

  189.     {
    190. 

  190.         $segment = $this->getSegmentOrFail($idSegment);
    191. 

  191.         $this->checkUserCanEditOrDeleteSegment($segment);
    192. 

  192. 

  193.         $idSite = $this->checkIdSite($idSite);
    194. 

  194.         $this->checkSegmentName($name);
    195. 

  195.         $definition = $this->checkSegmentValue($definition, $idSite);
    196. 

  196.         $enabledAllUsers = $this->checkEnabledAllUsers($enabledAllUsers);
    197. 

  197.         $autoArchive = $this->checkAutoArchive($autoArchive, $idSite);
    198. 

  198. 

  199.         $bind = array(
    200. 

  200.             'name'               => $name,
    201. 

  201.             'definition'         => $definition,
    202. 

  202.             'enable_all_users'   => $enabledAllUsers,
    203. 

  203.             'enable_only_idsite' => $idSite,
    204. 

  204.             'auto_archive'       => $autoArchive,
    205. 

  205.             'ts_last_edit'       => Date::now()->getDatetime(),
    206. 

  206.         );
    207. 

  207. 

  208.         /**
    209. 

  209.          * Triggered before a segment is modified.
    210. 

  210.          *
    211. 

  211.          * This event can be used by plugins to throw an exception
    212. 

  212.          * or do something else.
    213. 

  213.          *
    214. 

  214.          * @param int $idSegment The ID of the segment which visibility is reduced.
    215. 

  215.          */
    216. 

  216.         Piwik::postEvent('SegmentEditor.update', array($idSegment, $bind));
    217. 

  217. 

  218. 

  219.         $db = Db::get();
    220. 

  220.         $db->update(Common::prefixTable("segment"),
    221. 

  221.             $bind,
    222. 

  222.             "idsegment = $idSegment"
    223. 

  223.         );
    224. 

  224.         return true;
    225. 

  225.     }
    226. 

  226. 

  227.     /**
    228. 

  228.      * Adds a new stored segment.
    229. 

  229.      *
    230. 

  230.      * @param string $name The new name of the segment.
    231. 

  231.      * @param string $definition The new definition of the segment.
    232. 

  232.      * @param bool $idSite If supplied, associates the stored segment with as single site.
    233. 

  233.      * @param bool $autoArchive Whether to automatically archive data with the segment or not.
    234. 

  234.      * @param bool $enabledAllUsers Whether the stored segment is viewable by all users or just the one that created it.
    235. 

  235.      *
    236. 

  236.      * @return int The newly created segment Id
    237. 

  237.      */
    238. 

  238.     public function add($name, $definition, $idSite = false, $autoArchive = false, $enabledAllUsers = false)
    239. 

  239.     {
    240. 

  240.         $this->checkUserCanAddNewSegment($idSite);
    241. 

  241.         $idSite = $this->checkIdSite($idSite);
    242. 

  242.         $this->checkSegmentName($name);
    243. 

  243.         $definition = $this->checkSegmentValue($definition, $idSite);
    244. 

  244.         $enabledAllUsers = $this->checkEnabledAllUsers($enabledAllUsers);
    245. 

  245.         $autoArchive = $this->checkAutoArchive($autoArchive, $idSite);
    246. 

  246. 

  247.         $db = Db::get();
    248. 

  248.         $bind = array(
    249. 

  249.             'name'               => $name,
    250. 

  250.             'definition'         => $definition,
    251. 

  251.             'login'              => Piwik::getCurrentUserLogin(),
    252. 

  252.             'enable_all_users'   => $enabledAllUsers,
    253. 

  253.             'enable_only_idsite' => $idSite,
    254. 

  254.             'auto_archive'       => $autoArchive,
    255. 

  255.             'ts_created'         => Date::now()->getDatetime(),
    256. 

  256.             'deleted'            => 0,
    257. 

  257.         );
    258. 

  258.         $db->insert(Common::prefixTable("segment"), $bind);
    259. 

  259.         return $db->lastInsertId();
    260. 

  260.     }
    261. 

  261. 

  262.     /**
    263. 

  263.      * Returns a stored segment by ID
    264. 

  264.      *
    265. 

  265.      * @param $idSegment
    266. 

  266.      * @throws Exception
    267. 

  267.      * @return bool
    268. 

  268.      */
    269. 

  269.     public function get($idSegment)
    270. 

  270.     {
    271. 

  271.         Piwik::checkUserHasSomeViewAccess();
    272. 

  272.         if (!is_numeric($idSegment)) {
    273. 

  273.             throw new Exception("idSegment should be numeric.");
    274. 

  274.         }
    275. 

  275.         $segment = Db::get()->fetchRow("SELECT * " .
    276. 

  276.             " FROM " . Common::prefixTable("segment") .
    277. 

  277.             " WHERE idsegment = ?", $idSegment);
    278. 

  278. 

  279.         if (empty($segment)) {
    280. 

  280.             return false;
    281. 

  281.         }
    282. 

  282.         try {
    283. 

  283. 

  284.             if (!$segment['enable_all_users']) {
    285. 

  285.                 Piwik::checkUserHasSuperUserAccessOrIsTheUser($segment['login']);
    286. 

  286.             }
    287. 

  287. 

  288.         } catch (Exception $e) {
    289. 

  289.             throw new Exception($this->getMessageCannotEditSegmentCreatedBySuperUser());
    290. 

  290.         }
    291. 

  291. 

  292.         if ($segment['deleted']) {
    293. 

  293.             throw new Exception("This segment is marked as deleted. ");
    294. 

  294.         }
    295. 

  295.         return $segment;
    296. 

  296.     }
    297. 

  297. 

  298.     /**
    299. 

  299.      * Returns all stored segments.
    300. 

  300.      *
    301. 

  301.      * @param bool|int $idSite Whether to return stored segments for a specific idSite, or all of them. If supplied, must be a valid site ID.
    302. 

  302.      * @return array
    303. 

  303.      */
    304. 

  304.     public function getAll($idSite = false)
    305. 

  305.     {
    306. 

  306.         if (!empty($idSite)) {
    307. 

  307.             Piwik::checkUserHasViewAccess($idSite);
    308. 

  308.         } else {
    309. 

  309.             Piwik::checkUserHasSomeViewAccess();
    310. 

  310.         }
    311. 

  311. 

  312.         $userLogin = Piwik::getCurrentUserLogin();
    313. 

  313. 

  314.         $model = new Model();
    315. 

  315.         if (empty($idSite)) {
    316. 

  316.             $segments = $model->getAllSegments($userLogin);
    317. 

  317.         } else {
    318. 

  318.             $segments = $model->getAllSegmentsForSite($idSite, $userLogin);
    319. 

  319.         }
    320. 

  320. 

  321.         return $segments;
    322. 

  322.     }
    323. 

  323. 

  324.     /**
    325. 

  325.      * @return string
    326. 

  326.      */
    327. 

  327.     private function getMessageCannotEditSegmentCreatedBySuperUser()
    328. 

  328.     {
    329. 

  329.         $message = "You can only edit and delete custom segments that you have created yourself. This segment was created and 'shared with you' by the Super User. " .
    330. 

  330.             "To modify this segment, you can first create a new one by clicking on 'Add new segment'. Then you can customize the segment's definition.";
    331. 

  331. 

  332.         return $message;
    333. 

  333.     }
    334. 

  334. }
    335. 

  335.