SproutCMS

This is the code documentation for the SproutCMS project

More info
Project:
Home   Sprout SproutModules

Search documentation

Search term:

What to search:





Path or filename:

source of /sprout/Controllers/Admin/OperatorCategoryAdminController.php

  1. <?php
  2. /*
  3.  * Copyright (C) 2017 Karmabunny Pty Ltd.
  4.  *
  5.  * This file is a part of SproutCMS.
  6.  *
  7.  * SproutCMS is free software: you can redistribute it and/or modify it under the terms
  8.  * of the GNU General Public License as published by the Free Software Foundation, either
  9.  * version 2 of the License, or (at your option) any later version.
  10.  *
  11.  * For more information, visit <http://getsproutcms.com>.
  12.  */
  13.  
  14. namespace Sprout\Controllers\Admin;
  15.  
  16. use Sprout\Exceptions\ValidationException;
  17. use Sprout\Helpers\AdminError;
  18. use Sprout\Helpers\AdminPerms;
  19. use Sprout\Helpers\MultiEdit;
  20. use Sprout\Helpers\Pdb;
  21. use Sprout\Helpers\Register;
  22. use Sprout\Helpers\Validator;
  23. use Sprout\Helpers\Validity;
  24.  
  25.  
  26. /**
  27. * Handles most processing for operator categories
  28. **/
  29. class OperatorCategoryAdminController extends CategoryAdminController
  30. {
  31.     protected $controller_name = 'operator_category';
  32.     protected $friendly_name = 'Operator categories';
  33.  
  34.     /**
  35.      * The view to use for editing existing category records
  36.      */
  37.     protected $edit_view_name = 'sprout/admin/operator_category_edit';
  38.  
  39.  
  40.     public function _getAddForm()
  41.     {
  42.         if (! AdminPerms::canAccess('access_operators')) return new AdminError('Access denied');
  43.         return parent::_getAddForm();
  44.     }
  45.  
  46.     public function _getEditForm($item_id)
  47.     {
  48.         if (! AdminPerms::canAccess('access_operators')) return new AdminError('Access denied');
  49.         return parent::_getEditForm($item_id);
  50.     }
  51.  
  52.     public function _getDeleteForm($item_id)
  53.     {
  54.         if (! AdminPerms::canAccess('access_operators')) return new AdminError('Access denied');
  55.         return parent::_getDeleteForm($item_id);
  56.     }
  57.  
  58.  
  59.     public function _editPreRender($view, $item_id)
  60.     {
  61.         parent::_editPreRender($view, $item_id);
  62.  
  63.         $controllers = Register::getAdminControllers();
  64.  
  65.         // Remove category controllers, use controller friendly name
  66.         foreach ($controllers as $shorthand => $ctlr_class) {
  67.             $reflect = new \ReflectionClass($ctlr_class);
  68.             if ($reflect->isSubclassOf('Sprout\\Controllers\\Admin\\CategoryAdminController')) {
  69.                 unset($controllers[$shorthand]);
  70.                 continue;
  71.             }
  72.             $props = $reflect->getDefaultProperties();
  73.             $controllers[$shorthand] = $props['friendly_name'];
  74.         }
  75.  
  76.         asort($controllers);
  77.         $view->controllers = $controllers;
  78.  
  79.         // Grab the current ones for the multiedit
  80.         if (! isset($view->data['multiedit_permissions'])) {
  81.             $view->data['multiedit_permissions'] = MultiEdit::load('operatorcategory_permissions', ['operatorcategory_id' => $item_id], 'controller');
  82.         }
  83.  
  84.         // Get the subsites
  85.         $view->subsites = Pdb::lookup('subsites');
  86.  
  87.         // Fetch the per-subsite permissions
  88.         $q = "SELECT subsite_id
  89.             FROM ~operatorcategory_subsites
  90.             WHERE ~operatorcategory_subsites.operatorcategory_id = ?";
  91.         $subs_ops = Pdb::q($q, [$item_id], 'arr');
  92.  
  93.         // Grab the current settings and load into array
  94.         $subsites_permitted = array();
  95.         foreach ($subs_ops as $sub_op) {
  96.             $subsites_permitted[] = $sub_op['subsite_id'];
  97.         }
  98.         $view->data['subsites_permitted'] = $subsites_permitted;
  99.  
  100.         // Fetch the manage categories
  101.         if (!isset($view->data['manage_categories'])) {
  102.             $q = "SELECT manage_category_id
  103.                 FROM ~operatorcategory_manage_categories
  104.                 WHERE operatorcategory_id = ?";
  105.             $view->data['manage_categories'] = Pdb::q($q, [$item_id], 'col');
  106.         }
  107.     }
  108.  
  109.     /**
  110.     * Saves the provided POST data the specified record
  111.     *
  112.     * @param int $item_id The record to update
  113.     * @param bool True on success, false on failure
  114.     **/
  115.     public function _editSave($item_id)
  116.     {
  117.         $item_id = (int) $item_id;
  118.  
  119.         if (! AdminPerms::canAccess('access_operators')) return false;
  120.  
  121.         unset($_SESSION['admin']['field_errors']);
  122.         $_SESSION['admin']['field_values'] = Validator::trim($_POST);
  123.  
  124.         $ip_list = preg_split('/,\s*/', trim($_POST['allowed_ips']));
  125.         $ip_list = array_filter($ip_list);
  126.  
  127.         // Validate
  128.         $valid = new Validator($_POST);
  129.         $valid->setFieldLabel('allowed_ips', 'Restrict access to specific IPs');
  130.         $valid->required(['name']);
  131.         $valid->check('name', 'Validity::length', 0, 200);
  132.         $valid->check('allowed_ips', 'Validity::length', 0, 200);
  133.  
  134.         foreach ($ip_list as $ip) {
  135.             try {
  136.                 Validity::ipv4AddrOrCidr($ip);
  137.             } catch (ValidationException $ex) {
  138.                 $err = $ex->getMessage() . ': ' . $ip;
  139.                 $valid->addFieldError('allowed_ips', $err);
  140.             }
  141.         }
  142.  
  143.         if ($valid->hasErrors()) {
  144.             $_SESSION['admin']['field_errors'] = $valid->getFieldErrors();
  145.             $valid->createNotifications();
  146.             return false;
  147.         }
  148.  
  149.         // Start transaction
  150.         $res = Pdb::transact();
  151.  
  152.         // Update item
  153.         $update_fields = array();
  154.         $update_fields['name'] = $_POST['name'];
  155.         $update_fields['access_operators'] = (int) (bool) @$_POST['access_operators'];
  156.         $update_fields['access_noapproval'] = (int) (bool) @$_POST['access_noapproval'];
  157.         $update_fields['access_reportemail'] = (int) (bool) @$_POST['access_reportemail'];
  158.         $update_fields['access_homepage'] = (int) (bool) @$_POST['access_homepage'];
  159.         $update_fields['default_allow'] = (int) (bool) @$_POST['default_allow'];
  160.         $update_fields['access_all_subsites'] = (int) (bool) @$_POST['access_all_subsites'];
  161.         $update_fields['allowed_ips'] = implode(', ', $ip_list);
  162.  
  163.         Pdb::update($this->table_name, $update_fields, ['id' => $item_id]);
  164.  
  165.  
  166.         // Update the per-tab permissions
  167.         if (@!is_array($_POST['multiedit_permissions'])) $_POST['multiedit_permissions'] = array();
  168.  
  169.         $new_set = array();
  170.         foreach ($_POST['multiedit_permissions'] as $data) {
  171.             if (MultiEdit::recordEmpty($data)) continue;
  172.  
  173.             $update_fields = array();
  174.             $update_fields['id'] = (int) $data['id'];
  175.             $update_fields['operatorcategory_id'] = $item_id;
  176.             $update_fields['controller'] = $data['controller'];
  177.  
  178.             $update_fields['access_contents'] = (int) @$data['access_contents'];
  179.             $update_fields['access_export'] = (int) @$data['access_export'];
  180.             $update_fields['access_report'] = (int) @$data['access_report'];
  181.             $update_fields['access_import'] = (int) @$data['access_import'];
  182.             $update_fields['access_add'] = (int) @$data['access_add'];
  183.             $update_fields['access_edit'] = (int) @$data['access_edit'];
  184.             $update_fields['access_delete'] = (int) @$data['access_delete'];
  185.             $update_fields['access_categories'] = (int) @$data['access_categories'];
  186.             $update_fields['access_reorder'] = (int) @$data['access_reorder'];
  187.  
  188.             $new_set[] = $update_fields;
  189.         }
  190.  
  191.         $this->replaceSet('operatorcategory_permissions', $new_set, ['operatorcategory_id' => $item_id]);
  192.  
  193.  
  194.         // Update the per-subsite permissions
  195.         if (@!is_array($_POST['subsites_permitted'])) $_POST['subsites_permitted'] = array();
  196.  
  197.         $new_set = array();
  198.         foreach ($_POST['subsites_permitted'] as $idx => $subsite_id) {
  199.             $update_fields = array();
  200.             $update_fields['subsite_id'] = (int) $subsite_id;
  201.             $update_fields['operatorcategory_id'] = $item_id;
  202.             $update_fields['date_modified'] = Pdb::now();
  203.  
  204.             $new_set[] = $update_fields;
  205.         }
  206.  
  207.         $this->replaceSet('operatorcategory_subsites', $new_set, ['operatorcategory_id' => $item_id]);
  208.  
  209.  
  210.         // Update the operator management permissions
  211.         if (@!is_array($_POST['manage_categories'])) $_POST['manage_categories'] = array();
  212.  
  213.         $new_set = array();
  214.         foreach ($_POST['manage_categories'] as $idx => $category_id) {
  215.             $update_fields = array();
  216.             $update_fields['manage_category_id'] = (int) $category_id;
  217.             $update_fields['operatorcategory_id'] = $item_id;
  218.             $update_fields['date_modified'] = Pdb::now();
  219.  
  220.             $new_set[] = $update_fields;
  221.         }
  222.  
  223.         $this->replaceSet('operatorcategory_manage_categories', $new_set, ['operatorcategory_id' => $item_id]);
  224.  
  225.  
  226.         // Commit
  227.         Pdb::commit();
  228.  
  229.         return true;
  230.     }
  231. }
  232.  
  233.  
  234.  
Powered by Pelzini, version 0.9.0 Documentation is made available under the GNU Free Documentation License 1.2.
Generated: Monday, 3rd April, 2023 at 02:59 pm