2013-05-22 17:36:55 +02:00
|
|
|
<?php
|
|
|
|
|
2016-07-19 20:28:11 +02:00
|
|
|
namespace PHPCensor;
|
2013-05-22 17:36:55 +02:00
|
|
|
|
2015-02-12 12:42:09 +01:00
|
|
|
use b8\Exception\HttpException\ForbiddenException;
|
2013-05-22 17:36:55 +02:00
|
|
|
use b8\Http\Request;
|
|
|
|
use b8\Http\Response;
|
2018-03-04 08:30:34 +01:00
|
|
|
use PHPCensor\Store\Factory;
|
2018-02-17 05:59:02 +01:00
|
|
|
use PHPCensor\Model\User;
|
|
|
|
use PHPCensor\Store\UserStore;
|
2013-05-22 17:36:55 +02:00
|
|
|
|
2018-03-04 10:15:21 +01:00
|
|
|
class Controller
|
2013-05-22 17:36:55 +02:00
|
|
|
{
|
2013-10-08 19:24:20 +02:00
|
|
|
/**
|
2018-03-04 10:15:21 +01:00
|
|
|
* @var Request
|
|
|
|
*/
|
|
|
|
protected $request;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @var Response
|
|
|
|
*/
|
|
|
|
protected $response;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @var Config
|
|
|
|
*/
|
|
|
|
protected $config;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @var View
|
|
|
|
*/
|
2013-10-08 19:24:20 +02:00
|
|
|
protected $controllerView;
|
|
|
|
|
|
|
|
/**
|
2018-02-16 14:18:04 +01:00
|
|
|
* @var View
|
2013-10-08 19:24:20 +02:00
|
|
|
*/
|
|
|
|
protected $view;
|
|
|
|
|
2015-01-11 11:44:34 +01:00
|
|
|
/**
|
2018-02-16 14:18:04 +01:00
|
|
|
* @var string
|
|
|
|
*/
|
|
|
|
protected $className;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @var View
|
2015-01-11 11:44:34 +01:00
|
|
|
*/
|
|
|
|
public $layout;
|
|
|
|
|
2014-12-08 12:25:33 +01:00
|
|
|
/**
|
|
|
|
* Initialise the controller.
|
|
|
|
*/
|
2013-10-10 02:01:06 +02:00
|
|
|
public function init()
|
|
|
|
{
|
|
|
|
// Extended by actual controllers.
|
|
|
|
}
|
2013-05-22 17:36:55 +02:00
|
|
|
|
2014-12-08 12:25:33 +01:00
|
|
|
/**
|
2017-11-05 15:48:36 +01:00
|
|
|
* @param Config $config
|
|
|
|
* @param Request $request
|
2014-12-08 12:25:33 +01:00
|
|
|
* @param Response $response
|
|
|
|
*/
|
2013-10-10 02:01:06 +02:00
|
|
|
public function __construct(Config $config, Request $request, Response $response)
|
|
|
|
{
|
2018-03-04 10:15:21 +01:00
|
|
|
$this->config = $config;
|
|
|
|
$this->request = $request;
|
|
|
|
$this->response = $response;
|
2013-05-22 17:36:55 +02:00
|
|
|
|
2013-10-10 02:01:06 +02:00
|
|
|
$class = explode('\\', get_class($this));
|
|
|
|
$this->className = substr(array_pop($class), 0, -10);
|
|
|
|
$this->setControllerView();
|
2018-02-17 05:59:02 +01:00
|
|
|
|
2018-03-04 10:15:21 +01:00
|
|
|
if (!empty($_SESSION['php-censor-user'])) {
|
|
|
|
unset($_SESSION['php-censor-user']);
|
|
|
|
}
|
2013-10-10 02:01:06 +02:00
|
|
|
}
|
2013-05-22 17:36:55 +02:00
|
|
|
|
2014-12-08 12:25:33 +01:00
|
|
|
/**
|
|
|
|
* Set the view that this controller should use.
|
|
|
|
*/
|
2013-10-10 02:01:06 +02:00
|
|
|
protected function setControllerView()
|
|
|
|
{
|
|
|
|
if (View::exists($this->className)) {
|
|
|
|
$this->controllerView = new View($this->className);
|
|
|
|
} else {
|
2018-02-16 14:18:04 +01:00
|
|
|
$this->controllerView = new View('{@content}');
|
2013-10-10 02:01:06 +02:00
|
|
|
}
|
|
|
|
}
|
2013-05-22 17:36:55 +02:00
|
|
|
|
2014-12-08 12:25:33 +01:00
|
|
|
/**
|
|
|
|
* Set the view that this controller action should use.
|
2017-11-05 15:48:36 +01:00
|
|
|
*
|
|
|
|
* @param string $action
|
2014-12-08 12:25:33 +01:00
|
|
|
*/
|
2013-10-10 02:01:06 +02:00
|
|
|
protected function setView($action)
|
|
|
|
{
|
|
|
|
if (View::exists($this->className . '/' . $action)) {
|
|
|
|
$this->view = new View($this->className . '/' . $action);
|
|
|
|
}
|
|
|
|
}
|
2013-05-22 17:36:55 +02:00
|
|
|
|
2014-12-08 12:25:33 +01:00
|
|
|
/**
|
|
|
|
* Handle the incoming request.
|
2017-11-05 15:48:36 +01:00
|
|
|
*
|
|
|
|
* @param string $action
|
|
|
|
* @param array $actionParams
|
|
|
|
*
|
2016-05-09 08:20:26 +02:00
|
|
|
* @return Response
|
2014-12-08 12:25:33 +01:00
|
|
|
*/
|
2013-10-10 02:01:06 +02:00
|
|
|
public function handleAction($action, $actionParams)
|
|
|
|
{
|
|
|
|
$this->setView($action);
|
2018-03-04 10:15:21 +01:00
|
|
|
$response = call_user_func_array([$this, $action], $actionParams);
|
2013-05-22 17:36:55 +02:00
|
|
|
|
2015-02-12 13:37:56 +01:00
|
|
|
if ($response instanceof Response) {
|
|
|
|
return $response;
|
|
|
|
}
|
|
|
|
|
2013-10-10 02:01:06 +02:00
|
|
|
if (is_string($response)) {
|
|
|
|
$this->controllerView->content = $response;
|
|
|
|
} elseif (isset($this->view)) {
|
|
|
|
$this->controllerView->content = $this->view->render();
|
|
|
|
}
|
2013-05-22 17:36:55 +02:00
|
|
|
|
2013-10-10 02:01:06 +02:00
|
|
|
$this->response->setContent($this->controllerView->render());
|
2013-05-22 17:36:55 +02:00
|
|
|
|
2013-10-10 02:01:06 +02:00
|
|
|
return $this->response;
|
|
|
|
}
|
2014-07-11 16:29:27 +02:00
|
|
|
|
2014-12-02 17:26:55 +01:00
|
|
|
/**
|
|
|
|
* Require that the currently logged in user is an administrator.
|
2017-11-05 15:48:36 +01:00
|
|
|
*
|
2014-12-02 17:26:55 +01:00
|
|
|
* @throws ForbiddenException
|
|
|
|
*/
|
2014-07-11 16:29:27 +02:00
|
|
|
protected function requireAdmin()
|
|
|
|
{
|
2014-12-02 17:26:55 +01:00
|
|
|
if (!$this->currentUserIsAdmin()) {
|
2014-07-11 16:29:27 +02:00
|
|
|
throw new ForbiddenException('You do not have permission to do that.');
|
|
|
|
}
|
|
|
|
}
|
2014-12-02 17:26:55 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Check if the currently logged in user is an administrator.
|
2017-11-05 15:48:36 +01:00
|
|
|
*
|
|
|
|
* @return boolean
|
2014-12-02 17:26:55 +01:00
|
|
|
*/
|
|
|
|
protected function currentUserIsAdmin()
|
|
|
|
{
|
2018-02-17 05:59:02 +01:00
|
|
|
$user = $this->getUser();
|
|
|
|
if (!$user) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
return $this->getUser()->getIsAdmin();
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @return User|null
|
|
|
|
*/
|
|
|
|
protected function getUser()
|
|
|
|
{
|
|
|
|
if (empty($_SESSION['php-censor-user-id'])) {
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
|
|
|
|
/** @var UserStore $userStore */
|
|
|
|
$userStore = Factory::getStore('User');
|
|
|
|
|
|
|
|
return $userStore->getById($_SESSION['php-censor-user-id']);
|
2014-12-02 17:26:55 +01:00
|
|
|
}
|
2018-03-04 10:15:21 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* @param string $name
|
|
|
|
*
|
|
|
|
* @return boolean
|
|
|
|
*/
|
|
|
|
public function hasAction($name)
|
|
|
|
{
|
|
|
|
if (method_exists($this, $name)) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (method_exists($this, '__call')) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Get a hash of incoming request parameters ($_GET, $_POST)
|
|
|
|
*
|
|
|
|
* @return array
|
|
|
|
*/
|
|
|
|
public function getParams()
|
|
|
|
{
|
|
|
|
return $this->request->getParams();
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Get a specific incoming request parameter.
|
|
|
|
*
|
|
|
|
* @param string $key
|
|
|
|
* @param mixed $default Default return value (if key does not exist)
|
|
|
|
*
|
|
|
|
* @return mixed
|
|
|
|
*/
|
|
|
|
public function getParam($key, $default = null)
|
|
|
|
{
|
|
|
|
return $this->request->getParam($key, $default);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Change the value of an incoming request parameter.
|
|
|
|
*
|
|
|
|
* @param string $key
|
|
|
|
* @param mixed $value
|
|
|
|
*/
|
|
|
|
public function setParam($key, $value)
|
|
|
|
{
|
|
|
|
$this->request->setParam($key, $value);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Remove an incoming request parameter.
|
|
|
|
*
|
|
|
|
* @param string $key
|
|
|
|
*/
|
|
|
|
public function unsetParam($key)
|
|
|
|
{
|
|
|
|
$this->request->unsetParam($key);
|
|
|
|
}
|
2013-10-10 02:01:06 +02:00
|
|
|
}
|