SproutCMS

This is the code documentation for the SproutCMS project

source of /sprout/Controllers/Admin/OperatorCategoryAdminController.php

  1. <?php
  2. /*
  3.  * Copyright (C) 2017 Karmabunny Pty Ltd.
  4.  *
  5.  * This file is a part of SproutCMS.
  6.  *
  7.  * SproutCMS is free software: you can redistribute it and/or modify it under the terms
  8.  * of the GNU General Public License as published by the Free Software Foundation, either
  9.  * version 2 of the License, or (at your option) any later version.
  10.  *
  11.  * For more information, visit <http://getsproutcms.com>.
  12.  */
  13.  
  14. namespace Sprout\Controllers\Admin;
  15.  
  16. use Sprout\Exceptions\ValidationException;
  17. use Sprout\Helpers\AdminError;
  18. use Sprout\Helpers\AdminPerms;
  19. use Sprout\Helpers\MultiEdit;
  20. use Sprout\Helpers\Pdb;
  21. use Sprout\Helpers\Register;
  22. use Sprout\Helpers\Validator;
  23. use Sprout\Helpers\Validity;
  24.  
  25.  
  26. /**
  27. * Handles most processing for operator categories
  28. **/
  29. class OperatorCategoryAdminController extends CategoryAdminController
  30. {
  31. protected $controller_name = 'operator_category';
  32. protected $friendly_name = 'Operator categories';
  33.  
  34. /**
  35.   * The view to use for editing existing category records
  36.   */
  37. protected $edit_view_name = 'sprout/admin/operator_category_edit';
  38.  
  39.  
  40. public function _getAddForm()
  41. {
  42. if (! AdminPerms::canAccess('access_operators')) return new AdminError('Access denied');
  43. return parent::_getAddForm();
  44. }
  45.  
  46. public function _getEditForm($item_id)
  47. {
  48. if (! AdminPerms::canAccess('access_operators')) return new AdminError('Access denied');
  49. return parent::_getEditForm($item_id);
  50. }
  51.  
  52. public function _getDeleteForm($item_id)
  53. {
  54. if (! AdminPerms::canAccess('access_operators')) return new AdminError('Access denied');
  55. return parent::_getDeleteForm($item_id);
  56. }
  57.  
  58.  
  59. public function _editPreRender($view, $item_id)
  60. {
  61. parent::_editPreRender($view, $item_id);
  62.  
  63. $controllers = Register::getAdminControllers();
  64.  
  65. // Remove category controllers, use controller friendly name
  66. foreach ($controllers as $shorthand => $ctlr_class) {
  67. $reflect = new \ReflectionClass($ctlr_class);
  68. if ($reflect->isSubclassOf('Sprout\\Controllers\\Admin\\CategoryAdminController')) {
  69. unset($controllers[$shorthand]);
  70. continue;
  71. }
  72. $props = $reflect->getDefaultProperties();
  73. $controllers[$shorthand] = $props['friendly_name'];
  74. }
  75.  
  76. asort($controllers);
  77. $view->controllers = $controllers;
  78.  
  79. // Grab the current ones for the multiedit
  80. if (! isset($view->data['multiedit_permissions'])) {
  81. $view->data['multiedit_permissions'] = MultiEdit::load('operatorcategory_permissions', ['operatorcategory_id' => $item_id], 'controller');
  82. }
  83.  
  84. // Get the subsites
  85. $view->subsites = Pdb::lookup('subsites');
  86.  
  87. // Fetch the per-subsite permissions
  88. $q = "SELECT subsite_id
  89. FROM ~operatorcategory_subsites
  90. WHERE ~operatorcategory_subsites.operatorcategory_id = ?";
  91. $subs_ops = Pdb::q($q, [$item_id], 'arr');
  92.  
  93. // Grab the current settings and load into array
  94. $subsites_permitted = array();
  95. foreach ($subs_ops as $sub_op) {
  96. $subsites_permitted[] = $sub_op['subsite_id'];
  97. }
  98. $view->data['subsites_permitted'] = $subsites_permitted;
  99.  
  100. // Fetch the manage categories
  101. if (!isset($view->data['manage_categories'])) {
  102. $q = "SELECT manage_category_id
  103. FROM ~operatorcategory_manage_categories
  104. WHERE operatorcategory_id = ?";
  105. $view->data['manage_categories'] = Pdb::q($q, [$item_id], 'col');
  106. }
  107. }
  108.  
  109. /**
  110.   * Saves the provided POST data the specified record
  111.   *
  112.   * @param int $item_id The record to update
  113.   * @param bool True on success, false on failure
  114.   **/
  115. public function _editSave($item_id)
  116. {
  117. $item_id = (int) $item_id;
  118.  
  119. if (! AdminPerms::canAccess('access_operators')) return false;
  120.  
  121. unset($_SESSION['admin']['field_errors']);
  122. $_SESSION['admin']['field_values'] = Validator::trim($_POST);
  123.  
  124. $ip_list = preg_split('/,\s*/', trim($_POST['allowed_ips']));
  125. $ip_list = array_filter($ip_list);
  126.  
  127. // Validate
  128. $valid = new Validator($_POST);
  129. $valid->setFieldLabel('allowed_ips', 'Restrict access to specific IPs');
  130. $valid->required(['name']);
  131. $valid->check('name', 'Validity::length', 0, 200);
  132. $valid->check('allowed_ips', 'Validity::length', 0, 200);
  133.  
  134. foreach ($ip_list as $ip) {
  135. try {
  136. Validity::ipv4AddrOrCidr($ip);
  137. } catch (ValidationException $ex) {
  138. $err = $ex->getMessage() . ': ' . $ip;
  139. $valid->addFieldError('allowed_ips', $err);
  140. }
  141. }
  142.  
  143. if ($valid->hasErrors()) {
  144. $_SESSION['admin']['field_errors'] = $valid->getFieldErrors();
  145. $valid->createNotifications();
  146. return false;
  147. }
  148.  
  149. // Start transaction
  150. $res = Pdb::transact();
  151.  
  152. // Update item
  153. $update_fields = array();
  154. $update_fields['name'] = $_POST['name'];
  155. $update_fields['access_operators'] = (int) (bool) @$_POST['access_operators'];
  156. $update_fields['access_noapproval'] = (int) (bool) @$_POST['access_noapproval'];
  157. $update_fields['access_reportemail'] = (int) (bool) @$_POST['access_reportemail'];
  158. $update_fields['access_homepage'] = (int) (bool) @$_POST['access_homepage'];
  159. $update_fields['default_allow'] = (int) (bool) @$_POST['default_allow'];
  160. $update_fields['access_all_subsites'] = (int) (bool) @$_POST['access_all_subsites'];
  161. $update_fields['allowed_ips'] = implode(', ', $ip_list);
  162.  
  163. Pdb::update($this->table_name, $update_fields, ['id' => $item_id]);
  164.  
  165.  
  166. // Update the per-tab permissions
  167. if (@!is_array($_POST['multiedit_permissions'])) $_POST['multiedit_permissions'] = array();
  168.  
  169. $new_set = array();
  170. foreach ($_POST['multiedit_permissions'] as $data) {
  171. if (MultiEdit::recordEmpty($data)) continue;
  172.  
  173. $update_fields = array();
  174. $update_fields['id'] = (int) $data['id'];
  175. $update_fields['operatorcategory_id'] = $item_id;
  176. $update_fields['controller'] = $data['controller'];
  177.  
  178. $update_fields['access_contents'] = (int) @$data['access_contents'];
  179. $update_fields['access_export'] = (int) @$data['access_export'];
  180. $update_fields['access_report'] = (int) @$data['access_report'];
  181. $update_fields['access_import'] = (int) @$data['access_import'];
  182. $update_fields['access_add'] = (int) @$data['access_add'];
  183. $update_fields['access_edit'] = (int) @$data['access_edit'];
  184. $update_fields['access_delete'] = (int) @$data['access_delete'];
  185. $update_fields['access_categories'] = (int) @$data['access_categories'];
  186. $update_fields['access_reorder'] = (int) @$data['access_reorder'];
  187.  
  188. $new_set[] = $update_fields;
  189. }
  190.  
  191. $this->replaceSet('operatorcategory_permissions', $new_set, ['operatorcategory_id' => $item_id]);
  192.  
  193.  
  194. // Update the per-subsite permissions
  195. if (@!is_array($_POST['subsites_permitted'])) $_POST['subsites_permitted'] = array();
  196.  
  197. $new_set = array();
  198. foreach ($_POST['subsites_permitted'] as $idx => $subsite_id) {
  199. $update_fields = array();
  200. $update_fields['subsite_id'] = (int) $subsite_id;
  201. $update_fields['operatorcategory_id'] = $item_id;
  202. $update_fields['date_modified'] = Pdb::now();
  203.  
  204. $new_set[] = $update_fields;
  205. }
  206.  
  207. $this->replaceSet('operatorcategory_subsites', $new_set, ['operatorcategory_id' => $item_id]);
  208.  
  209.  
  210. // Update the operator management permissions
  211. if (@!is_array($_POST['manage_categories'])) $_POST['manage_categories'] = array();
  212.  
  213. $new_set = array();
  214. foreach ($_POST['manage_categories'] as $idx => $category_id) {
  215. $update_fields = array();
  216. $update_fields['manage_category_id'] = (int) $category_id;
  217. $update_fields['operatorcategory_id'] = $item_id;
  218. $update_fields['date_modified'] = Pdb::now();
  219.  
  220. $new_set[] = $update_fields;
  221. }
  222.  
  223. $this->replaceSet('operatorcategory_manage_categories', $new_set, ['operatorcategory_id' => $item_id]);
  224.  
  225.  
  226. // Commit
  227. Pdb::commit();
  228.  
  229. return true;
  230. }
  231. }
  232.  
  233.  
  234.