/controllers/admin/AdminAccessController.php
PHP | 253 lines | 181 code | 30 blank | 42 comment | 26 complexity | d235a57d152c1cc586e3408e4728138f MD5 | raw file
Possible License(s): CC-BY-SA-3.0, LGPL-2.1, LGPL-3.0
- <?php
- /*
- * 2007-2014 PrestaShop
- *
- * NOTICE OF LICENSE
- *
- * This source file is subject to the Open Software License (OSL 3.0)
- * that is bundled with this package in the file LICENSE.txt.
- * It is also available through the world-wide-web at this URL:
- * http://opensource.org/licenses/osl-3.0.php
- * If you did not receive a copy of the license and are unable to
- * obtain it through the world-wide-web, please send an email
- * to license@prestashop.com so we can send you a copy immediately.
- *
- * DISCLAIMER
- *
- * Do not edit or add to this file if you wish to upgrade PrestaShop to newer
- * versions in the future. If you wish to customize PrestaShop for your
- * needs please refer to http://www.prestashop.com for more information.
- *
- * @author PrestaShop SA <contact@prestashop.com>
- * @copyright 2007-2014 PrestaShop SA
- * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
- * International Registered Trademark & Property of PrestaShop SA
- */
- class AdminAccessControllerCore extends AdminController
- {
- /* @var array : Black list of id_tab that do not have access */
- public $accesses_black_list = array();
- public function __construct()
- {
- $this->bootstrap = true;
- $this->show_toolbar = false;
- $this->table = 'access';
- $this->className = 'Profile';
- $this->multishop_context = Shop::CONTEXT_ALL;
- $this->lang = false;
- $this->context = Context::getContext();
- // Blacklist AdminLogin
- $this->accesses_black_list[] = Tab::getIdFromClassName('AdminLogin');
- parent::__construct();
- }
- /**
- * AdminController::renderForm() override
- * @see AdminController::renderForm()
- */
- public function renderForm()
- {
- $current_profile = (int)$this->getCurrentProfileId();
- $profiles = Profile::getProfiles($this->context->language->id);
- $tabs = Tab::getTabs($this->context->language->id);
- $accesses = array();
- foreach ($profiles as $profile)
- $accesses[$profile['id_profile']] = Profile::getProfileAccesses($profile['id_profile']);
- // Deleted id_tab that do not have access
- foreach ($tabs as $key => $tab)
- {
- // Don't allow permissions for unnamed tabs (ie. AdminLogin)
- if (empty($tab['name']))
- unset($tabs[$key]);
- foreach ($this->accesses_black_list as $id_tab)
- if ($tab['id_tab'] == (int)$id_tab)
- unset($tabs[$key]);
- }
- $modules = array();
- foreach ($profiles as $profile)
- {
- $modules[$profile['id_profile']] = Db::getInstance(_PS_USE_SQL_SLAVE_)->executeS('
- SELECT ma.`id_module`, m.`name`, ma.`view`, ma.`configure`
- FROM '._DB_PREFIX_.'module_access ma
- LEFT JOIN '._DB_PREFIX_.'module m
- ON ma.id_module = m.id_module
- WHERE id_profile = '.(int)$profile['id_profile'].'
- ORDER BY m.name
- ');
- foreach ($modules[$profile['id_profile']] as $k => &$module)
- {
- $m = Module::getInstanceById($module['id_module']);
- // the following condition handles invalid modules
- if ($m)
- $module['name'] = $m->displayName;
- else
- unset($modules[$profile['id_profile']][$k]);
- }
- uasort($modules[$profile['id_profile']], array($this, 'sortModuleByName'));
- }
- $this->fields_form = array('');
- $this->tpl_form_vars = array(
- 'profiles' => $profiles,
- 'accesses' => $accesses,
- 'tabs' => $tabs,
- 'current_profile' => (int)$current_profile,
- 'admin_profile' => (int)_PS_ADMIN_PROFILE_,
- 'access_edit' => $this->tabAccess['edit'],
- 'perms' => array('view', 'add', 'edit', 'delete'),
- 'modules' => $modules,
- 'link' => $this->context->link
- );
- return parent::renderForm();
- }
- /**
- * AdminController::initContent() override
- * @see AdminController::initContent()
- */
- public function initContent()
- {
- $this->display = 'edit';
- $this->initTabModuleList();
- if (!$this->loadObject(true))
- return;
- $this->initPageHeaderToolbar();
- $this->content .= $this->renderForm();
- $this->context->smarty->assign(array(
- 'content' => $this->content,
- 'url_post' => self::$currentIndex.'&token='.$this->token,
- 'show_page_header_toolbar' => $this->show_page_header_toolbar,
- 'page_header_toolbar_title' => $this->page_header_toolbar_title,
- 'page_header_toolbar_btn' => $this->page_header_toolbar_btn
- ));
- }
- public function initToolbarTitle()
- {
- $this->toolbar_title = array_unique($this->breadcrumbs);
- }
- public function initPageHeaderToolbar()
- {
- parent::initPageHeaderToolbar();
- unset($this->page_header_toolbar_btn['cancel']);
- }
- public function ajaxProcessUpdateAccess()
- {
- if (_PS_MODE_DEMO_)
- throw new PrestaShopException(Tools::displayError('This functionality has been disabled.'));
- if ($this->tabAccess['edit'] != '1')
- throw new PrestaShopException(Tools::displayError('You do not have permission to edit this.'));
- if (Tools::isSubmit('submitAddAccess'))
- {
- $perm = Tools::getValue('perm');
- if (!in_array($perm, array('view', 'add', 'edit', 'delete', 'all')))
- throw new PrestaShopException('permission does not exist');
- $enabled = (int)Tools::getValue('enabled');
- $id_tab = (int)Tools::getValue('id_tab');
- $id_profile = (int)Tools::getValue('id_profile');
- $where = '`id_tab`';
- $join = '';
- if (Tools::isSubmit('addFromParent'))
- {
- $where = 't.`id_parent`';
- $join = 'LEFT JOIN `'._DB_PREFIX_.'tab` t ON (t.`id_tab` = a.`id_tab`)';
- }
- if ($id_tab == -1)
- {
- if ($perm == 'all')
- $sql = '
- UPDATE `'._DB_PREFIX_.'access` a
- SET `view` = '.(int)$enabled.', `add` = '.(int)$enabled.', `edit` = '.(int)$enabled.', `delete` = '.(int)$enabled.'
- WHERE `id_profile` = '.(int)$id_profile;
- else
- $sql = '
- UPDATE `'._DB_PREFIX_.'access` a
- SET `'.bqSQL($perm).'` = '.(int)$enabled.'
- WHERE `id_profile` = '.(int)$id_profile;
- }
- else
- {
- if ($perm == 'all')
- $sql = '
- UPDATE `'._DB_PREFIX_.'access` a '.$join.'
- SET `view` = '.(int)$enabled.', `add` = '.(int)$enabled.', `edit` = '.(int)$enabled.', `delete` = '.(int)$enabled.'
- WHERE '.$where.' = '.(int)$id_tab.' AND `id_profile` = '.(int)$id_profile;
- else
- $sql = '
- UPDATE `'._DB_PREFIX_.'access` a '.$join.'
- SET `'.bqSQL($perm).'` = '.(int)$enabled.'
- WHERE '.$where.' = '.(int)$id_tab.' AND `id_profile` = '.(int)$id_profile;
- }
- $res = Db::getInstance()->execute($sql) ? 'ok' : 'error';
- die($res);
- }
- }
- public function ajaxProcessUpdateModuleAccess()
- {
- if (_PS_MODE_DEMO_)
- throw new PrestaShopException(Tools::displayError('This functionality has been disabled.'));
- if ($this->tabAccess['edit'] != '1')
- throw new PrestaShopException(Tools::displayError('You do not have permission to edit this.'));
- if (Tools::isSubmit('changeModuleAccess'))
- {
- $perm = Tools::getValue('perm');
- $enabled = (int)Tools::getValue('enabled');
- $id_module = (int)Tools::getValue('id_module');
- $id_profile = (int)Tools::getValue('id_profile');
- if (!in_array($perm, array('view', 'configure')))
- throw new PrestaShopException('permission does not exist');
- if ($id_module == -1)
- $sql = '
- UPDATE `'._DB_PREFIX_.'module_access`
- SET `'.bqSQL($perm).'` = '.(int)$enabled.'
- WHERE `id_profile` = '.(int)$id_profile;
- else
- $sql = '
- UPDATE `'._DB_PREFIX_.'module_access`
- SET `'.bqSQL($perm).'` = '.(int)$enabled.'
- WHERE `id_module` = '.(int)$id_module.'
- AND `id_profile` = '.(int)$id_profile;
- $res = Db::getInstance()->execute($sql) ? 'ok' : 'error';
- die($res);
- }
- }
- /**
- * Get the current profile id
- *
- * @return the $_GET['profile'] if valid, else 1 (the first profile id)
- */
- public function getCurrentProfileId()
- {
- return (isset($_GET['id_profile']) && !empty($_GET['id_profile']) && is_numeric($_GET['id_profile'])) ? (int)$_GET['id_profile'] : 1;
- }
- private function sortModuleByName($a, $b)
- {
- return strnatcmp($a['name'], $b['name']);
- }
- }