PageRenderTime 42ms CodeModel.GetById 16ms RepoModel.GetById 0ms app.codeStats 0ms

/controllers/admin/AdminAccessController.php

https://github.com/netplayer/PrestaShop
PHP | 253 lines | 181 code | 30 blank | 42 comment | 26 complexity | d235a57d152c1cc586e3408e4728138f MD5 | raw file
Possible License(s): CC-BY-SA-3.0, LGPL-2.1, LGPL-3.0 
    

  1. <?php
    2. 

  2. /*
    3. 

  3. * 2007-2014 PrestaShop
    4. 

  4. *
    5. 

  5. * NOTICE OF LICENSE
    6. 

  6. *
    7. 

  7. * This source file is subject to the Open Software License (OSL 3.0)
    8. 

  8. * that is bundled with this package in the file LICENSE.txt.
    9. 

  9. * It is also available through the world-wide-web at this URL:
    10. 

  10. * http://opensource.org/licenses/osl-3.0.php
    11. 

  11. * If you did not receive a copy of the license and are unable to
    12. 

  12. * obtain it through the world-wide-web, please send an email
    13. 

  13. * to license@prestashop.com so we can send you a copy immediately.
    14. 

  14. *
    15. 

  15. * DISCLAIMER
    16. 

  16. *
    17. 

  17. * Do not edit or add to this file if you wish to upgrade PrestaShop to newer
    18. 

  18. * versions in the future. If you wish to customize PrestaShop for your
    19. 

  19. * needs please refer to http://www.prestashop.com for more information.
    20. 

  20. *
    21. 

  21. *  @author PrestaShop SA <contact@prestashop.com>
    22. 

  22. *  @copyright  2007-2014 PrestaShop SA
    23. 

  23. *  @license    http://opensource.org/licenses/osl-3.0.php  Open Software License (OSL 3.0)
    24. 

  24. *  International Registered Trademark & Property of PrestaShop SA
    25. 

  25. */
    26. 

  26. 

  27. class AdminAccessControllerCore extends AdminController
    28. 

  28. {
    29. 

  29. 	/* @var array : Black list of id_tab that do not have access */
    30. 

  30. 	public $accesses_black_list = array();
    31. 

  31. 

  32. 	public function __construct()
    33. 

  33. 	{
    34. 

  34. 		$this->bootstrap = true;
    35. 

  35. 		$this->show_toolbar = false;
    36. 

  36. 		$this->table = 'access';
    37. 

  37. 		$this->className = 'Profile';
    38. 

  38. 		$this->multishop_context = Shop::CONTEXT_ALL;
    39. 

  39. 		$this->lang = false;
    40. 

  40. 		$this->context = Context::getContext();
    41. 

  41. 

  42. 		// Blacklist AdminLogin
    43. 

  43. 		$this->accesses_black_list[] = Tab::getIdFromClassName('AdminLogin');
    44. 

  44. 

  45. 		parent::__construct();
    46. 

  46. 	}
    47. 

  47. 

  48. 	/**
    49. 

  49. 	 * AdminController::renderForm() override
    50. 

  50. 	 * @see AdminController::renderForm()
    51. 

  51. 	 */
    52. 

  52. 	public function renderForm()
    53. 

  53. 	{
    54. 

  54. 		$current_profile = (int)$this->getCurrentProfileId();
    55. 

  55. 		$profiles = Profile::getProfiles($this->context->language->id);
    56. 

  56. 		$tabs = Tab::getTabs($this->context->language->id);
    57. 

  57. 		$accesses = array();
    58. 

  58. 		foreach ($profiles as $profile)
    59. 

  59. 			$accesses[$profile['id_profile']] = Profile::getProfileAccesses($profile['id_profile']);
    60. 

  60. 

  61. 		// Deleted id_tab that do not have access
    62. 

  62. 		foreach ($tabs as $key => $tab)
    63. 

  63. 		{
    64. 

  64. 			// Don't allow permissions for unnamed tabs (ie. AdminLogin)
    65. 

  65. 			if (empty($tab['name']))
    66. 

  66. 				unset($tabs[$key]);
    67. 

  67. 

  68. 			foreach ($this->accesses_black_list as $id_tab)
    69. 

  69. 				if ($tab['id_tab'] == (int)$id_tab)
    70. 

  70. 					unset($tabs[$key]);
    71. 

  71. 		}
    72. 

  72. 

  73. 		$modules = array();
    74. 

  74. 		foreach ($profiles as $profile)
    75. 

  75. 		{
    76. 

  76. 			$modules[$profile['id_profile']] = Db::getInstance(_PS_USE_SQL_SLAVE_)->executeS('
    77. 

  77. 				SELECT ma.`id_module`, m.`name`, ma.`view`, ma.`configure`
    78. 

  78. 				FROM '._DB_PREFIX_.'module_access ma
    79. 

  79. 				LEFT JOIN '._DB_PREFIX_.'module m
    80. 

  80. 					ON ma.id_module = m.id_module
    81. 

  81. 				WHERE id_profile = '.(int)$profile['id_profile'].'
    82. 

  82. 				ORDER BY m.name
    83. 

  83. 			');
    84. 

  84. 			foreach ($modules[$profile['id_profile']] as $k => &$module)
    85. 

  85. 			{
    86. 

  86. 				$m = Module::getInstanceById($module['id_module']);
    87. 

  87. 				// the following condition handles invalid modules
    88. 

  88. 				if ($m)
    89. 

  89. 					$module['name'] = $m->displayName;
    90. 

  90. 				else
    91. 

  91. 					unset($modules[$profile['id_profile']][$k]);
    92. 

  92. 			}
    93. 

  93. 

  94. 			uasort($modules[$profile['id_profile']], array($this, 'sortModuleByName'));
    95. 

  95. 		}
    96. 

  96. 

  97. 		$this->fields_form = array('');
    98. 

  98. 		$this->tpl_form_vars = array(
    99. 

  99. 			'profiles' => $profiles,
    100. 

  100. 			'accesses' => $accesses,
    101. 

  101. 			'tabs' => $tabs,
    102. 

  102. 			'current_profile' => (int)$current_profile,
    103. 

  103. 			'admin_profile' => (int)_PS_ADMIN_PROFILE_,
    104. 

  104. 			'access_edit' => $this->tabAccess['edit'],
    105. 

  105. 			'perms' => array('view', 'add', 'edit', 'delete'),
    106. 

  106. 			'modules' => $modules,
    107. 

  107. 			'link' => $this->context->link
    108. 

  108. 		);
    109. 

  109. 

  110. 		return parent::renderForm();
    111. 

  111. 	}
    112. 

  112. 

  113. 	/**
    114. 

  114. 	 * AdminController::initContent() override
    115. 

  115. 	 * @see AdminController::initContent()
    116. 

  116. 	 */
    117. 

  117. 	public function initContent()
    118. 

  118. 	{
    119. 

  119. 		$this->display = 'edit';
    120. 

  120. 		$this->initTabModuleList();
    121. 

  121. 		if (!$this->loadObject(true))
    122. 

  122. 			return;
    123. 

  123. 

  124. 		$this->initPageHeaderToolbar();
    125. 

  125. 

  126. 		$this->content .= $this->renderForm();
    127. 

  127. 		$this->context->smarty->assign(array(
    128. 

  128. 			'content' => $this->content,
    129. 

  129. 			'url_post' => self::$currentIndex.'&token='.$this->token,
    130. 

  130. 			'show_page_header_toolbar' => $this->show_page_header_toolbar,
    131. 

  131. 			'page_header_toolbar_title' => $this->page_header_toolbar_title,
    132. 

  132. 			'page_header_toolbar_btn' => $this->page_header_toolbar_btn
    133. 

  133. 		));
    134. 

  134. 	}
    135. 

  135. 

  136. 	public function initToolbarTitle()
    137. 

  137. 	{
    138. 

  138. 		$this->toolbar_title = array_unique($this->breadcrumbs);
    139. 

  139. 	}
    140. 

  140. 

  141. 	public function initPageHeaderToolbar()
    142. 

  142. 	{
    143. 

  143. 		parent::initPageHeaderToolbar();
    144. 

  144. 		unset($this->page_header_toolbar_btn['cancel']);
    145. 

  145. 	}
    146. 

  146. 

  147. 	public function ajaxProcessUpdateAccess()
    148. 

  148. 	{
    149. 

  149. 		if (_PS_MODE_DEMO_)
    150. 

  150. 			throw new PrestaShopException(Tools::displayError('This functionality has been disabled.'));
    151. 

  151. 		if ($this->tabAccess['edit'] != '1')
    152. 

  152. 			throw new PrestaShopException(Tools::displayError('You do not have permission to edit this.'));
    153. 

  153. 

  154. 		if (Tools::isSubmit('submitAddAccess'))
    155. 

  155. 		{
    156. 

  156. 			$perm = Tools::getValue('perm');
    157. 

  157. 			if (!in_array($perm, array('view', 'add', 'edit', 'delete', 'all')))
    158. 

  158. 				throw new PrestaShopException('permission does not exist');
    159. 

  159. 

  160. 			$enabled = (int)Tools::getValue('enabled');
    161. 

  161. 			$id_tab = (int)Tools::getValue('id_tab');
    162. 

  162. 			$id_profile = (int)Tools::getValue('id_profile');
    163. 

  163. 			$where = '`id_tab`';
    164. 

  164. 			$join = '';
    165. 

  165. 			if (Tools::isSubmit('addFromParent'))
    166. 

  166. 			{
    167. 

  167. 				$where = 't.`id_parent`';
    168. 

  168. 				$join = 'LEFT JOIN `'._DB_PREFIX_.'tab` t ON (t.`id_tab` = a.`id_tab`)';
    169. 

  169. 			}
    170. 

  170. 

  171. 			if ($id_tab == -1)
    172. 

  172. 			{
    173. 

  173. 				if ($perm == 'all')
    174. 

  174. 					$sql = '
    175. 

  175. 					UPDATE `'._DB_PREFIX_.'access` a
    176. 

  176. 					SET `view` = '.(int)$enabled.', `add` = '.(int)$enabled.', `edit` = '.(int)$enabled.', `delete` = '.(int)$enabled.'
    177. 

  177. 					WHERE `id_profile` = '.(int)$id_profile;
    178. 

  178. 				else
    179. 

  179. 					$sql = '
    180. 

  180. 					UPDATE `'._DB_PREFIX_.'access` a
    181. 

  181. 					SET `'.bqSQL($perm).'` = '.(int)$enabled.'
    182. 

  182. 					WHERE `id_profile` = '.(int)$id_profile;
    183. 

  183. 			}
    184. 

  184. 			else
    185. 

  185. 			{
    186. 

  186. 				if ($perm == 'all')
    187. 

  187. 					$sql = '
    188. 

  188. 					UPDATE `'._DB_PREFIX_.'access` a '.$join.'
    189. 

  189. 					SET `view` = '.(int)$enabled.', `add` = '.(int)$enabled.', `edit` = '.(int)$enabled.', `delete` = '.(int)$enabled.'
    190. 

  190. 					WHERE '.$where.' = '.(int)$id_tab.' AND `id_profile` = '.(int)$id_profile;
    191. 

  191. 				else
    192. 

  192. 					$sql = '
    193. 

  193. 					UPDATE `'._DB_PREFIX_.'access` a '.$join.'
    194. 

  194. 					SET `'.bqSQL($perm).'` = '.(int)$enabled.'
    195. 

  195. 					WHERE '.$where.' = '.(int)$id_tab.' AND `id_profile` = '.(int)$id_profile;
    196. 

  196. 			}
    197. 

  197. 

  198. 			$res = Db::getInstance()->execute($sql) ? 'ok' : 'error';
    199. 

  199. 

  200. 			die($res);
    201. 

  201. 		}
    202. 

  202. 	}
    203. 

  203. 

  204. 	public function ajaxProcessUpdateModuleAccess()
    205. 

  205. 	{
    206. 

  206. 		if (_PS_MODE_DEMO_)
    207. 

  207. 			throw new PrestaShopException(Tools::displayError('This functionality has been disabled.'));
    208. 

  208. 		if ($this->tabAccess['edit'] != '1')
    209. 

  209. 			throw new PrestaShopException(Tools::displayError('You do not have permission to edit this.'));
    210. 

  210. 

  211. 		if (Tools::isSubmit('changeModuleAccess'))
    212. 

  212. 		{
    213. 

  213. 			$perm = Tools::getValue('perm');
    214. 

  214. 			$enabled = (int)Tools::getValue('enabled');
    215. 

  215. 			$id_module = (int)Tools::getValue('id_module');
    216. 

  216. 			$id_profile = (int)Tools::getValue('id_profile');
    217. 

  217. 

  218. 			if (!in_array($perm, array('view', 'configure')))
    219. 

  219. 				throw new PrestaShopException('permission does not exist');
    220. 

  220. 

  221. 			if ($id_module == -1)
    222. 

  222. 				$sql = '
    223. 

  223. 					UPDATE `'._DB_PREFIX_.'module_access`
    224. 

  224. 					SET `'.bqSQL($perm).'` = '.(int)$enabled.'
    225. 

  225. 					WHERE `id_profile` = '.(int)$id_profile;
    226. 

  226. 			else
    227. 

  227. 				$sql = '
    228. 

  228. 					UPDATE `'._DB_PREFIX_.'module_access`
    229. 

  229. 					SET `'.bqSQL($perm).'` = '.(int)$enabled.'
    230. 

  230. 					WHERE `id_module` = '.(int)$id_module.'
    231. 

  231. 						AND `id_profile` = '.(int)$id_profile;
    232. 

    233. 

  233. 			$res = Db::getInstance()->execute($sql) ? 'ok' : 'error';
    234. 

  234. 

  235. 			die($res);
    236. 

  236. 		}
    237. 

  237. 	}
    238. 

  238. 

  239. 	/**
    240. 

  240. 	* Get the current profile id
    241. 

  241. 	*
    242. 

  242. 	* @return the $_GET['profile'] if valid, else 1 (the first profile id)
    243. 

  243. 	*/
    244. 

  244. 	public function getCurrentProfileId()
    245. 

  245. 	{
    246. 

  246. 		return (isset($_GET['id_profile']) && !empty($_GET['id_profile']) && is_numeric($_GET['id_profile'])) ? (int)$_GET['id_profile'] : 1;
    247. 

  247. 	}
    248. 

  248. 

  249. 	private function sortModuleByName($a, $b)
    250. 

  250. 	{
    251. 

  251. 		return strnatcmp($a['name'], $b['name']);
    252. 

  252. 	}
    253. 

  253. }
    254. 

  254.