TheCoreDev/sterivein
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

permission management

Browse Source
This commit is contained in:
Etienne Roudeix
2013-10-22 11:09:24 +02:00
parent cdeda0123e
commit b00f70fa24
97 changed files with 568 additions and 902 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
core/lib/Thelia/Controller/Admin/AbstractCrudController.php
View File

@@ -23,6 +23,7 @@
namespace Thelia\Controller\Admin;
use Thelia\Core\Security\AccessManager;
use Thelia\Form\Exception\FormValidationException;
use Thelia\Core\Event\UpdatePositionEvent;
@@ -40,10 +41,7 @@ abstract class AbstractCrudController extends BaseAdminController
protected $orderRequestParameterName;
// Permissions
protected $viewPermissionIdentifier;
protected $createPermissionIdentifier;
protected $updatePermissionIdentifier;
protected $deletePermissionIdentifier;
protected $resourceCode;
// Events
protected $createEventIdentifier;
@@ -58,10 +56,7 @@ abstract class AbstractCrudController extends BaseAdminController
* @param string $defaultListOrder the default object list order, or null if list is not sortable. Example: manual
* @param string $orderRequestParameterName Name of the request parameter that set the list order (null if list is not sortable)
*
* @param string $viewPermissionIdentifier the 'view' permission identifier. Example: "admin.configuration.message.view"
* @param string $createPermissionIdentifier the 'create' permission identifier. Example: "admin.configuration.message.create"
* @param string $updatePermissionIdentifier the 'update' permission identifier. Example: "admin.configuration.message.update"
* @param string $deletePermissionIdentifier the 'delete' permission identifier. Example: "admin.configuration.message.delete"
* @param string $resourceCode the 'resource' code. Example: "admin.configuration.message"
*
* @param string $createEventIdentifier the dispatched create TheliaEvent identifier. Example: TheliaEvents::MESSAGE_CREATE
* @param string $updateEventIdentifier the dispatched update TheliaEvent identifier. Example: TheliaEvents::MESSAGE_UPDATE
@@ -76,10 +71,7 @@ abstract class AbstractCrudController extends BaseAdminController
$defaultListOrder = null,
$orderRequestParameterName = null,
$viewPermissionIdentifier,
$createPermissionIdentifier,
$updatePermissionIdentifier,
$deletePermissionIdentifier,
$resourceCode,
$createEventIdentifier,
$updateEventIdentifier,
@@ -92,10 +84,7 @@ abstract class AbstractCrudController extends BaseAdminController
$this->defaultListOrder = $defaultListOrder;
$this->orderRequestParameterName = $orderRequestParameterName;
$this->viewPermissionIdentifier = $viewPermissionIdentifier;
$this->createPermissionIdentifier = $createPermissionIdentifier;
$this->updatePermissionIdentifier = $updatePermissionIdentifier;
$this->deletePermissionIdentifier = $deletePermissionIdentifier;
$this->resourceCode = $resourceCode;
$this->createEventIdentifier = $createEventIdentifier;
$this->updateEventIdentifier = $updateEventIdentifier;
@@ -278,7 +267,7 @@ abstract class AbstractCrudController extends BaseAdminController
*/
public function defaultAction()
{
if (null !== $response = $this->checkAuth($this->viewPermissionIdentifier)) return $response;
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::VIEW)) return $response;
return $this->renderList();
}
@@ -290,7 +279,7 @@ abstract class AbstractCrudController extends BaseAdminController
public function createAction()
{
// Check current user authorization
if (null !== $response = $this->checkAuth($this->createPermissionIdentifier)) return $response;
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::CREATE)) return $response;
$error_msg = false;
@@ -351,7 +340,7 @@ abstract class AbstractCrudController extends BaseAdminController
public function updateAction()
{
// Check current user authorization
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
// Load the object
$object = $this->getExistingObject();
@@ -377,7 +366,7 @@ abstract class AbstractCrudController extends BaseAdminController
public function processUpdateAction()
{
// Check current user authorization
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
$error_msg = false;
@@ -442,7 +431,7 @@ abstract class AbstractCrudController extends BaseAdminController
public function updatePositionAction()
{
// Check current user authorization
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
try {
$mode = $this->getRequest()->get('mode', null);
@@ -476,7 +465,7 @@ abstract class AbstractCrudController extends BaseAdminController
protected function genericUpdatePositionAction($object, $eventName, $doFinalRedirect = true)
{
// Check current user authorization
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
if ($object != null) {
@@ -510,7 +499,7 @@ abstract class AbstractCrudController extends BaseAdminController
public function setToggleVisibilityAction()
{
// Check current user authorization
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
$changeEvent = $this->createToggleVisibilityEvent($this->getRequest());
@@ -532,7 +521,7 @@ abstract class AbstractCrudController extends BaseAdminController
public function deleteAction()
{
// Check current user authorization
if (null !== $response = $this->checkAuth($this->deletePermissionIdentifier)) return $response;
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::DELETE)) return $response;
// Get the currency id, and dispatch the delet request
$deleteEvent = $this->getDeleteEvent();

10
core/lib/Thelia/Controller/Admin/AddressController.php
View File

@@ -24,8 +24,9 @@
namespace Thelia\Controller\Admin;
use Thelia\Core\Event\Address\AddressCreateOrUpdateEvent;
use Thelia\Core\Event\Address\AddressEvent;
use Thelia\Core\Event\AdminResources;
use Thelia\Core\Security\Resource\AdminResources;
use Thelia\Core\Event\TheliaEvents;
use Thelia\Core\Security\AccessManager;
use Thelia\Form\AddressCreateForm;
use Thelia\Form\AddressUpdateForm;
use Thelia\Model\AddressQuery;
@@ -45,10 +46,7 @@ class AddressController extends AbstractCrudController
null,
null,
AdminResources::ADDRESS_VIEW,
AdminResources::ADDRESS_CREATE,
AdminResources::ADDRESS_UPDATE,
AdminResources::ADDRESS_DELETE,
AdminResources::ADDRESS,
TheliaEvents::ADDRESS_CREATE,
TheliaEvents::ADDRESS_UPDATE,
@@ -61,7 +59,7 @@ class AddressController extends AbstractCrudController
public function useAddressAction()
{
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
$address_id = $this->getRequest()->request->get('address_id');

14
core/lib/Thelia/Controller/Admin/AreaController.php
View File

@@ -23,7 +23,7 @@
namespace Thelia\Controller\Admin;
use Thelia\Core\Event\AdminResources;
use Thelia\Core\Security\Resource\AdminResources;
use Thelia\Core\Event\Area\AreaAddCountryEvent;
use Thelia\Core\Event\Area\AreaCreateEvent;
use Thelia\Core\Event\Area\AreaDeleteEvent;
@@ -31,6 +31,7 @@ use Thelia\Core\Event\Area\AreaRemoveCountryEvent;
use Thelia\Core\Event\Area\AreaUpdateEvent;
use Thelia\Core\Event\Area\AreaUpdatePostageEvent;
use Thelia\Core\Event\TheliaEvents;
use Thelia\Core\Security\AccessManager;
use Thelia\Form\Area\AreaCountryForm;
use Thelia\Form\Area\AreaCreateForm;
use Thelia\Form\Area\AreaModificationForm;
@@ -53,10 +54,7 @@ class AreaController extends AbstractCrudController
null,
null,
AdminResources::AREA_VIEW,
AdminResources::AREA_CREATE,
AdminResources::AREA_UPDATE,
AdminResources::AREA_DELETE,
AdminResources::AREA,
TheliaEvents::AREA_CREATE,
TheliaEvents::AREA_UPDATE,
@@ -233,7 +231,7 @@ class AreaController extends AbstractCrudController
public function addCountry()
{
// Check current user authorization
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
$areaCountryForm = new AreaCountryForm($this->getRequest());
$error_msg = null;
@@ -275,7 +273,7 @@ class AreaController extends AbstractCrudController
public function removeCountry()
{
// Check current user authorization
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
$request = $this->getRequest();
$removeCountryEvent = new AreaRemoveCountryEvent($request->request->get('areai_id', 0), $request->request->get('country_id', 0));
@@ -286,7 +284,7 @@ class AreaController extends AbstractCrudController
public function updatePostageAction()
{
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
$areaUpdateForm = new AreaPostageForm($this->getRequest());
$error_msg = null;

2
core/lib/Thelia/Controller/Admin/AttributeAvController.php
View File

@@ -23,7 +23,7 @@
namespace Thelia\Controller\Admin;
use Thelia\Core\Event\AdminResources;
use Thelia\Core\Security\Resource\AdminResources;
use Thelia\Core\Event\Attribute\AttributeAvDeleteEvent;
use Thelia\Core\Event\TheliaEvents;
use Thelia\Core\Event\Attribute\AttributeAvUpdateEvent;

10
core/lib/Thelia/Controller/Admin/AttributeController.php
View File

@@ -23,11 +23,12 @@
namespace Thelia\Controller\Admin;
use Thelia\Core\Event\AdminResources;
use Thelia\Core\Security\Resource\AdminResources;
use Thelia\Core\Event\Attribute\AttributeDeleteEvent;
use Thelia\Core\Event\TheliaEvents;
use Thelia\Core\Event\Attribute\AttributeUpdateEvent;
use Thelia\Core\Event\Attribute\AttributeCreateEvent;
use Thelia\Core\Security\AccessManager;
use Thelia\Model\AttributeQuery;
use Thelia\Form\AttributeModificationForm;
use Thelia\Form\AttributeCreationForm;
@@ -51,10 +52,7 @@ class AttributeController extends AbstractCrudController
'manual',
'order',
AdminResources::ATTRIBUTE_VIEW,
AdminResources::ATTRIBUTE_CREATE,
AdminResources::ATTRIBUTE_UPDATE,
AdminResources::ATTRIBUTE_DELETE,
AdminResources::ATTRIBUTE,
TheliaEvents::ATTRIBUTE_CREATE,
TheliaEvents::ATTRIBUTE_UPDATE,
@@ -254,7 +252,7 @@ class AttributeController extends AbstractCrudController
protected function addRemoveFromAllTemplates($eventType)
{
// Check current user authorization
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
try {
if (null !== $object = $this->getExistingObject()) {

10
core/lib/Thelia/Controller/Admin/BaseAdminController.php
View File

@@ -111,16 +111,18 @@ class BaseAdminController extends BaseController
/**
* Check current admin user authorisations. An ADMIN role is assumed.
*
* @param mixed $permissions a single permission or an array of permissions.
* @param mixed $resources a single resource or an array of resources.
* @param mixed $accesses a single access or an array of accesses.
*
* @return mixed null if authorization is granted, or a Response object which contains the error page otherwise
*
*/
protected function checkAuth($permissions)
protected function checkAuth($resources, $accesses)
{
$permArr = is_array($permissions) ? $permissions : array($permissions);
$resources = is_array($resources) ? $resources : array($resources);
$accesses = is_array($accesses) ? $accesses : array($accesses);
if ($this->getSecurityContext()->isGranted(array("ADMIN"), $permArr)) {
if ($this->getSecurityContext()->isGranted(array("ADMIN"), $resources, $accesses)) {
// Okay !
return null;
}

16
core/lib/Thelia/Controller/Admin/CategoryController.php
View File

@@ -24,11 +24,12 @@
namespace Thelia\Controller\Admin;
use Symfony\Component\HttpFoundation\Response;
use Thelia\Core\Event\AdminResources;
use Thelia\Core\Security\Resource\AdminResources;
use Thelia\Core\Event\Category\CategoryDeleteEvent;
use Thelia\Core\Event\TheliaEvents;
use Thelia\Core\Event\Category\CategoryUpdateEvent;
use Thelia\Core\Event\Category\CategoryCreateEvent;
use Thelia\Core\Security\AccessManager;
use Thelia\Model\CategoryQuery;
use Thelia\Form\CategoryModificationForm;
use Thelia\Form\CategoryCreationForm;
@@ -55,10 +56,7 @@ class CategoryController extends AbstractCrudController
'manual',
'category_order',
AdminResources::CATEGORY_VIEW,
AdminResources::CATEGORY_CREATE,
AdminResources::CATEGORY_UPDATE,
AdminResources::CATEGORY_DELETE,
AdminResources::CATEGORY,
TheliaEvents::CATEGORY_CREATE,
TheliaEvents::CATEGORY_UPDATE,
@@ -217,7 +215,7 @@ class CategoryController extends AbstractCrudController
public function setToggleVisibilityAction()
{
// Check current user authorization
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
$event = new CategoryToggleVisibilityEvent($this->getExistingObject());
@@ -297,7 +295,7 @@ class CategoryController extends AbstractCrudController
public function addRelatedContentAction()
{
// Check current user authorization
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
$content_id = intval($this->getRequest()->get('content_id'));
@@ -327,7 +325,7 @@ class CategoryController extends AbstractCrudController
public function addRelatedPictureAction()
{
// Check current user authorization
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) {
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) {
return $response;
}
@@ -355,7 +353,7 @@ class CategoryController extends AbstractCrudController
public function deleteRelatedContentAction()
{
// Check current user authorization
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
$content_id = intval($this->getRequest()->get('content_id'));

10
core/lib/Thelia/Controller/Admin/ConfigController.php
View File

@@ -23,11 +23,12 @@
namespace Thelia\Controller\Admin;
use Thelia\Core\Event\AdminResources;
use Thelia\Core\Security\Resource\AdminResources;
use Thelia\Core\Event\Config\ConfigDeleteEvent;
use Thelia\Core\Event\TheliaEvents;
use Thelia\Core\Event\Config\ConfigUpdateEvent;
use Thelia\Core\Event\Config\ConfigCreateEvent;
use Thelia\Core\Security\AccessManager;
use Thelia\Model\ConfigQuery;
use Thelia\Form\ConfigModificationForm;
use Thelia\Form\ConfigCreationForm;
@@ -46,10 +47,7 @@ class ConfigController extends AbstractCrudController
'name',
'order',
AdminResources::CONFIG_VIEW,
AdminResources::CONFIG_CREATE,
AdminResources::CONFIG_UPDATE,
AdminResources::CONFIG_DELETE,
AdminResources::CONFIG,
TheliaEvents::CONFIG_CREATE,
TheliaEvents::CONFIG_UPDATE,
@@ -188,7 +186,7 @@ class ConfigController extends AbstractCrudController
public function changeValuesAction()
{
// Check current user authorization
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
$variables = $this->getRequest()->get('variable', array());

12
core/lib/Thelia/Controller/Admin/ContentController.php
View File

@@ -22,7 +22,7 @@
/*************************************************************************************/
namespace Thelia\Controller\Admin;
use Thelia\Core\Event\AdminResources;
use Thelia\Core\Security\Resource\AdminResources;
use Thelia\Core\Event\Content\ContentAddFolderEvent;
use Thelia\Core\Event\Content\ContentCreateEvent;
use Thelia\Core\Event\Content\ContentDeleteEvent;
@@ -31,6 +31,7 @@ use Thelia\Core\Event\Content\ContentToggleVisibilityEvent;
use Thelia\Core\Event\Content\ContentUpdateEvent;
use Thelia\Core\Event\TheliaEvents;
use Thelia\Core\Event\UpdatePositionEvent;
use Thelia\Core\Security\AccessManager;
use Thelia\Form\ContentCreationForm;
use Thelia\Form\ContentModificationForm;
use Thelia\Model\ContentQuery;
@@ -50,10 +51,7 @@ class ContentController extends AbstractCrudController
'manual',
'content_order',
AdminResources::CONTENT_VIEW,
AdminResources::CONTENT_CREATE,
AdminResources::CONTENT_UPDATE,
AdminResources::CONTENT_DELETE,
AdminResources::CONTENT,
TheliaEvents::CONTENT_CREATE,
TheliaEvents::CONTENT_UPDATE,
@@ -71,7 +69,7 @@ class ContentController extends AbstractCrudController
public function addAdditionalFolderAction()
{
// Check current user authorization
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
$folder_id = intval($this->getRequest()->request->get('additional_folder_id'));
@@ -99,7 +97,7 @@ class ContentController extends AbstractCrudController
public function removeAdditionalFolderAction()
{
// Check current user authorization
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
$folder_id = intval($this->getRequest()->request->get('additional_folder_id'));

10
core/lib/Thelia/Controller/Admin/CountryController.php
View File

@@ -22,12 +22,13 @@
/*************************************************************************************/
namespace Thelia\Controller\Admin;
use Thelia\Core\Event\AdminResources;
use Thelia\Core\Security\Resource\AdminResources;
use Thelia\Core\Event\Country\CountryCreateEvent;
use Thelia\Core\Event\Country\CountryDeleteEvent;
use Thelia\Core\Event\Country\CountryToggleDefaultEvent;
use Thelia\Core\Event\Country\CountryUpdateEvent;
use Thelia\Core\Event\TheliaEvents;
use Thelia\Core\Security\AccessManager;
use Thelia\Form\CountryCreationForm;
use Thelia\Form\CountryModificationForm;
use Thelia\Model\CountryQuery;
@@ -47,10 +48,7 @@ class CountryController extends AbstractCrudController
'manual',
'country_order',
AdminResources::COUNTRY_VIEW,
AdminResources::COUNTRY_CREATE,
AdminResources::COUNTRY_UPDATE,
AdminResources::COUNTRY_DELETE,
AdminResources::COUNTRY,
TheliaEvents::COUNTRY_CREATE,
TheliaEvents::COUNTRY_UPDATE,
@@ -237,7 +235,7 @@ class CountryController extends AbstractCrudController
public function toggleDefaultAction()
{
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
$content = null;
if (null !== $country_id = $this->getRequest()->get('country_id')) {
$toogleDefaultEvent = new CountryToggleDefaultEvent($country_id);

15
core/lib/Thelia/Controller/Admin/CouponController.php
View File

@@ -27,11 +27,12 @@ use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Routing\Router;
use Thelia\Condition\ConditionFactory;
use Thelia\Condition\ConditionManagerInterface;
use Thelia\Core\Event\AdminResources;
use Thelia\Core\Security\Resource\AdminResources;
use Thelia\Core\Event\Condition\ConditionCreateOrUpdateEvent;
use Thelia\Core\Event\Coupon\CouponConsumeEvent;
use Thelia\Core\Event\Coupon\CouponCreateOrUpdateEvent;
use Thelia\Core\Event\TheliaEvents;
use Thelia\Core\Security\AccessManager;
use Thelia\Coupon\CouponManager;
use Thelia\Coupon\ConditionCollection;
use Thelia\Coupon\Type\CouponInterface;
@@ -63,7 +64,7 @@ class CouponController extends BaseAdminController
*/
public function browseAction()
{
$this->checkAuth('ADMIN', AdminResources::COUPON_VIEW);
$this->checkAuth(AdminResources::COUPON, AccessManager::VIEW);
$args['urlReadCoupon'] = $this->getRoute(
'admin.coupon.read',
@@ -95,7 +96,7 @@ class CouponController extends BaseAdminController
*/
public function readAction($couponId)
{
$this->checkAuth('ADMIN', AdminResources::COUPON_VIEW);
$this->checkAuth(AdminResources::COUPON, AccessManager::VIEW);
// Database request repeated in the loop but cached
$search = CouponQuery::create();
@@ -123,7 +124,7 @@ class CouponController extends BaseAdminController
public function createAction()
{
// Check current user authorization
$response = $this->checkAuth(AdminResources::COUPON_CREATE);
$response = $this->checkAuth(AdminResources::COUPON, AccessManager::CREATE);
if ($response !== null) {
return $response;
}
@@ -171,7 +172,7 @@ class CouponController extends BaseAdminController
public function updateAction($couponId)
{
// Check current user authorization
$response = $this->checkAuth(AdminResources::COUPON_UPDATE);
$response = $this->checkAuth(AdminResources::COUPON, AccessManager::UPDATE);
if ($response !== null) {
return $response;
}
@@ -278,7 +279,7 @@ var_dump($coupon->getIsRemovingPostage());;
*/
public function getConditionInputAction($conditionId)
{
$this->checkAuth('ADMIN', AdminResources::COUPON_VIEW);
$this->checkAuth(AdminResources::COUPON, AccessManager::VIEW);
$this->checkXmlHttpRequest();
@@ -308,7 +309,7 @@ var_dump($coupon->getIsRemovingPostage());;
*/
public function updateConditionsAction($couponId)
{
$this->checkAuth('ADMIN', AdminResources::COUPON_VIEW);
$this->checkAuth(AdminResources::COUPON, AccessManager::VIEW);
$this->checkXmlHttpRequest();

11
core/lib/Thelia/Controller/Admin/CurrencyController.php
View File

@@ -23,7 +23,7 @@
namespace Thelia\Controller\Admin;
use Thelia\Core\Event\AdminResources;
use Thelia\Core\Security\Resource\AdminResources;
use Thelia\Core\Event\Currency\CurrencyDeleteEvent;
use Thelia\Core\Event\TheliaEvents;
use Thelia\Core\Event\Currency\CurrencyUpdateEvent;
@@ -47,10 +47,7 @@ class CurrencyController extends AbstractCrudController
'manual',
'order',
AdminResources::CURRENCY_VIEW,
AdminResources::CURRENCY_CREATE,
AdminResources::CURRENCY_UPDATE,
AdminResources::CURRENCY_DELETE,
AdminResources::CURRENCY,
TheliaEvents::CURRENCY_CREATE,
TheliaEvents::CURRENCY_UPDATE,
@@ -187,7 +184,7 @@ class CurrencyController extends AbstractCrudController
public function updateRatesAction()
{
// Check current user authorization
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
try {
$this->dispatch(TheliaEvents::CURRENCY_UPDATE_RATES);
@@ -205,7 +202,7 @@ class CurrencyController extends AbstractCrudController
public function setDefaultAction()
{
// Check current user authorization
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
$changeEvent = new CurrencyUpdateEvent($this->getRequest()->get('currency_id', 0));

11
core/lib/Thelia/Controller/Admin/CustomerController.php
View File

@@ -24,11 +24,12 @@
namespace Thelia\Controller\Admin;
use Propel\Runtime\Exception\PropelException;
use Thelia\Core\Event\AdminResources;
use Thelia\Core\Security\Resource\AdminResources;
use Thelia\Core\Event\Customer\CustomerAddressEvent;
use Thelia\Core\Event\Customer\CustomerCreateOrUpdateEvent;
use Thelia\Core\Event\Customer\CustomerEvent;
use Thelia\Core\Event\TheliaEvents;
use Thelia\Core\Security\AccessManager;
use Thelia\Form\CustomerModification;
use Thelia\Form\Exception\FormValidationException;
use Thelia\Model\CustomerQuery;
@@ -43,13 +44,13 @@ class CustomerController extends BaseAdminController
{
public function indexAction()
{
if (null !== $response = $this->checkAuth(AdminResources::CUSTOMER_VIEW)) return $response;
if (null !== $response = $this->checkAuth(AdminResources::CUSTOMER, AccessManager::VIEW)) return $response;
return $this->render("customers", array("display_customer" => 20));
}
public function viewAction($customer_id)
{
if (null !== $response = $this->checkAuth(AdminResources::CUSTOMER_VIEW)) return $response;
if (null !== $response = $this->checkAuth(AdminResources::CUSTOMER, AccessManager::VIEW)) return $response;
return $this->render("customer-edit", array(
"customer_id" => $customer_id
));
@@ -63,7 +64,7 @@ class CustomerController extends BaseAdminController
*/
public function updateAction($customer_id)
{
if (null !== $response = $this->checkAuth(AdminResources::CUSTOMER_UPDATE)) return $response;
if (null !== $response = $this->checkAuth(AdminResources::CUSTOMER, AccessManager::UPDATE)) return $response;
$message = false;
@@ -119,7 +120,7 @@ class CustomerController extends BaseAdminController
public function deleteAction()
{
if (null !== $response = $this->checkAuth(AdminResources::CUSTOMER_DELETE)) return $response;
if (null !== $response = $this->checkAuth(AdminResources::CUSTOMER, AccessManager::DELETE)) return $response;
$message = null;

2
core/lib/Thelia/Controller/Admin/FeatureAvController.php
View File

@@ -23,7 +23,7 @@
namespace Thelia\Controller\Admin;
use Thelia\Core\Event\AdminResources;
use Thelia\Core\Security\Resource\AdminResources;
use Thelia\Core\Event\Feature\FeatureAvDeleteEvent;
use Thelia\Core\Event\TheliaEvents;
use Thelia\Core\Event\Feature\FeatureAvUpdateEvent;

10
core/lib/Thelia/Controller/Admin/FeatureController.php
View File

@@ -23,11 +23,12 @@
namespace Thelia\Controller\Admin;
use Thelia\Core\Event\AdminResources;
use Thelia\Core\Security\Resource\AdminResources;
use Thelia\Core\Event\Feature\FeatureDeleteEvent;
use Thelia\Core\Event\TheliaEvents;
use Thelia\Core\Event\Feature\FeatureUpdateEvent;
use Thelia\Core\Event\Feature\FeatureCreateEvent;
use Thelia\Core\Security\AccessManager;
use Thelia\Model\FeatureQuery;
use Thelia\Form\FeatureModificationForm;
use Thelia\Form\FeatureCreationForm;
@@ -51,10 +52,7 @@ class FeatureController extends AbstractCrudController
'manual',
'order',
AdminResources::FEATURE_VIEW,
AdminResources::FEATURE_CREATE,
AdminResources::FEATURE_UPDATE,
AdminResources::FEATURE_DELETE,
AdminResources::FEATURE,
TheliaEvents::FEATURE_CREATE,
TheliaEvents::FEATURE_UPDATE,
@@ -254,7 +252,7 @@ class FeatureController extends AbstractCrudController
protected function addRemoveFromAllTemplates($eventType)
{
// Check current user authorization
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
try {
if (null !== $object = $this->getExistingObject()) {

27
core/lib/Thelia/Controller/Admin/FileController.php
View File

@@ -26,12 +26,13 @@ namespace Thelia\Controller\Admin;
use Propel\Runtime\Exception\PropelException;
use Symfony\Component\HttpFoundation\File\UploadedFile;
use Symfony\Component\HttpFoundation\Response;
use Thelia\Core\Event\AdminResources;
use Thelia\Core\Security\Resource\AdminResources;
use Thelia\Core\Event\Document\DocumentCreateOrUpdateEvent;
use Thelia\Core\Event\Document\DocumentDeleteEvent;
use Thelia\Core\Event\Image\ImageCreateOrUpdateEvent;
use Thelia\Core\Event\Image\ImageDeleteEvent;
use Thelia\Core\Event\TheliaEvents;
use Thelia\Core\Security\AccessManager;
use Thelia\Form\Exception\FormValidationException;
use Thelia\Log\Tlog;
use Thelia\Model\CategoryDocument;
@@ -70,7 +71,7 @@ class FileController extends BaseAdminController
*/
public function saveImageAjaxAction($parentId, $parentType)
{
$this->checkAuth('ADMIN', AdminResources::retrieve($parentType, 'update'));
$this->checkAuth(AdminResources::retrieve($parentType), AccessManager::UPDATE);
$this->checkXmlHttpRequest();
if ($this->isParentTypeValid($parentType)) {
@@ -146,7 +147,7 @@ class FileController extends BaseAdminController
*/
public function saveDocumentAjaxAction($parentId, $parentType)
{
$this->checkAuth('ADMIN', AdminResources::retrieve($parentType, 'update'));
$this->checkAuth(AdminResources::retrieve($parentType), AccessManager::UPDATE);
$this->checkXmlHttpRequest();
if ($this->isParentTypeValid($parentType)) {
@@ -210,7 +211,7 @@ class FileController extends BaseAdminController
*/
public function getImageListAjaxAction($parentId, $parentType)
{
$this->checkAuth('ADMIN', AdminResources::retrieve($parentType, 'update'));
$this->checkAuth(AdminResources::retrieve($parentType), AccessManager::UPDATE);
$this->checkXmlHttpRequest();
$args = array('imageType' => $parentType, 'parentId' => $parentId);
@@ -227,7 +228,7 @@ class FileController extends BaseAdminController
*/
public function getDocumentListAjaxAction($parentId, $parentType)
{
$this->checkAuth('ADMIN', AdminResources::retrieve($parentType, 'update'));
$this->checkAuth(AdminResources::retrieve($parentType), AccessManager::UPDATE);
$this->checkXmlHttpRequest();
$args = array('documentType' => $parentType, 'parentId' => $parentId);
@@ -244,7 +245,7 @@ class FileController extends BaseAdminController
*/
public function getImageFormAjaxAction($parentId, $parentType)
{
$this->checkAuth('ADMIN', AdminResources::retrieve($parentType, 'update'));
$this->checkAuth(AdminResources::retrieve($parentType), AccessManager::UPDATE);
$this->checkXmlHttpRequest();
$args = array('imageType' => $parentType, 'parentId' => $parentId);
@@ -261,7 +262,7 @@ class FileController extends BaseAdminController
*/
public function getDocumentFormAjaxAction($parentId, $parentType)
{
$this->checkAuth('ADMIN', AdminResources::retrieve($parentType, 'update'));
$this->checkAuth(AdminResources::retrieve($parentType), AccessManager::UPDATE);
$this->checkXmlHttpRequest();
$args = array('documentType' => $parentType, 'parentId' => $parentId);
@@ -278,7 +279,7 @@ class FileController extends BaseAdminController
*/
public function viewImageAction($imageId, $parentType)
{
if (null !== $response = $this->checkAuth('ADMIN', AdminResources::retrieve($parentType, 'update'))) {
if (null !== $response = $this->checkAuth(AdminResources::retrieve($parentType), AccessManager::UPDATE)) {
return $response;
}
try {
@@ -307,7 +308,7 @@ class FileController extends BaseAdminController
*/
public function viewDocumentAction($documentId, $parentType)
{
if (null !== $response = $this->checkAuth('ADMIN', AdminResources::retrieve($parentType, 'update'))) {
if (null !== $response = $this->checkAuth(AdminResources::retrieve($parentType), AccessManager::UPDATE)) {
return $response;
}
try {
@@ -336,7 +337,7 @@ class FileController extends BaseAdminController
*/
public function updateImageAction($imageId, $parentType)
{
if (null !== $response = $this->checkAuth('ADMIN', AdminResources::retrieve($parentType, 'update'))) {
if (null !== $response = $this->checkAuth(AdminResources::retrieve($parentType), AccessManager::UPDATE)) {
return $response;
}
@@ -413,7 +414,7 @@ class FileController extends BaseAdminController
*/
public function updateDocumentAction($documentId, $parentType)
{
if (null !== $response = $this->checkAuth('ADMIN', AdminResources::retrieve($parentType, 'update'))) {
if (null !== $response = $this->checkAuth(AdminResources::retrieve($parentType), AccessManager::UPDATE)) {
return $response;
}
@@ -490,7 +491,7 @@ class FileController extends BaseAdminController
*/
public function deleteImageAction($imageId, $parentType)
{
$this->checkAuth('ADMIN', AdminResources::retrieve($parentType, 'update'));
$this->checkAuth(AdminResources::retrieve($parentType), AccessManager::UPDATE);
$this->checkXmlHttpRequest();
$fileManager = new FileManager($this->container);
@@ -533,7 +534,7 @@ class FileController extends BaseAdminController
*/
public function deleteDocumentAction($documentId, $parentType)
{
$this->checkAuth('ADMIN', AdminResources::retrieve($parentType, 'update'));
$this->checkAuth(AdminResources::retrieve($parentType), AccessManager::UPDATE);
$this->checkXmlHttpRequest();
$fileManager = new FileManager($this->container);

2
core/lib/Thelia/Controller/Admin/FolderController.php
View File

@@ -22,7 +22,7 @@
/*************************************************************************************/
namespace Thelia\Controller\Admin;
use Thelia\Core\Event\AdminResources;
use Thelia\Core\Security\Resource\AdminResources;
use Thelia\Core\Event\Folder\FolderCreateEvent;
use Thelia\Core\Event\Folder\FolderDeleteEvent;
use Thelia\Core\Event\Folder\FolderToggleVisibilityEvent;

5
core/lib/Thelia/Controller/Admin/LanguageController.php
View File

@@ -23,7 +23,8 @@
namespace Thelia\Controller\Admin;
use Thelia\Core\Event\AdminResources;
use Thelia\Core\Security\Resource\AdminResources;
use Thelia\Core\Security\AccessManager;
/**
* Class LanguageController
@@ -34,7 +35,7 @@ class LanguageController extends BaseAdminController
{
public function defaultAction()
{
if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE_VIEW)) return $response;
if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE, AccessManager::VIEW)) return $response;
return $this->render("languages");
}

5
core/lib/Thelia/Controller/Admin/MailingSystemController.php
View File

@@ -23,7 +23,8 @@
namespace Thelia\Controller\Admin;
use Thelia\Core\Event\AdminResources;
use Thelia\Core\Security\Resource\AdminResources;
use Thelia\Core\Security\AccessManager;
/**
* Class MailingSystemController
@@ -34,7 +35,7 @@ class MailingSystemController extends BaseAdminController
{
public function defaultAction()
{
if (null !== $response = $this->checkAuth(AdminResources::MAILING_SYSTEM_VIEW)) return $response;
if (null !== $response = $this->checkAuth(AdminResources::MAILING_SYSTEM, AccessManager::VIEW)) return $response;
return $this->render("mailing-system");
}

2
core/lib/Thelia/Controller/Admin/MessageController.php
View File

@@ -23,7 +23,7 @@
namespace Thelia\Controller\Admin;
use Thelia\Core\Event\AdminResources;
use Thelia\Core\Security\Resource\AdminResources;
use Thelia\Core\Event\Message\MessageDeleteEvent;
use Thelia\Core\Event\TheliaEvents;use Thelia\Core\Event\Message\MessageUpdateEvent;
use Thelia\Core\Event\Message\MessageCreateEvent;

9
core/lib/Thelia/Controller/Admin/ModuleController.php
View File

@@ -23,11 +23,12 @@
namespace Thelia\Controller\Admin;
use Thelia\Core\Event\AdminResources;
use Thelia\Core\Security\Resource\AdminResources;
use Thelia\Core\Event\Module\ModuleDeleteEvent;
use Thelia\Core\Event\Module\ModuleToggleActivationEvent;
use Thelia\Core\Event\TheliaEvents;
use Thelia\Core\Security\AccessManager;
use Thelia\Module\ModuleManagement;
/**
@@ -39,7 +40,7 @@ class ModuleController extends BaseAdminController
{
public function indexAction()
{
if (null !== $response = $this->checkAuth(AdminResources::MODULE_VIEW)) return $response;
if (null !== $response = $this->checkAuth(AdminResources::MODULE, AccessManager::VIEW)) return $response;
$modulemanagement = new ModuleManagement();
$modulemanagement->updateModules();
@@ -56,7 +57,7 @@ class ModuleController extends BaseAdminController
public function toggleActivationAction($module_id)
{
if (null !== $response = $this->checkAuth("admin.module.update")) return $response;
if (null !== $response = $this->checkAuth(AdminResources::MODULE, AccessManager::UPDATE)) return $response;
$message = null;
try {
$event = new ModuleToggleActivationEvent($module_id);
@@ -88,7 +89,7 @@ class ModuleController extends BaseAdminController
public function deleteAction()
{
if (null !== $response = $this->checkAuth("admin.module.delete")) return $response;
if (null !== $response = $this->checkAuth(AdminResources::MODULE, AccessManager::DELETE)) return $response;
$message = null;
try {

13
core/lib/Thelia/Controller/Admin/OrderController.php
View File

@@ -24,11 +24,12 @@
namespace Thelia\Controller\Admin;
use Symfony\Component\HttpFoundation\Response;
use Thelia\Core\Event\AdminResources;
use Thelia\Core\Security\Resource\AdminResources;
use Thelia\Core\Event\Order\OrderAddressEvent;
use Thelia\Core\Event\Order\OrderEvent;
use Thelia\Core\Event\PdfEvent;
use Thelia\Core\Event\TheliaEvents;
use Thelia\Core\Security\AccessManager;
use Thelia\Form\OrderUpdateAddress;
use Thelia\Model\ConfigQuery;
use Thelia\Model\Base\OrderAddressQuery;
@@ -45,7 +46,7 @@ class OrderController extends BaseAdminController
{
public function indexAction()
{
if (null !== $response = $this->checkAuth(AdminResources::ORDER_VIEW)) return $response;
if (null !== $response = $this->checkAuth(AdminResources::ORDER, AccessManager::VIEW)) return $response;
return $this->render("orders", array("display_order" => 20));
}
@@ -58,7 +59,7 @@ class OrderController extends BaseAdminController
public function updateStatus($order_id = null)
{
if (null !== $response = $this->checkAuth(AdminResources::ORDER_UPDATE)) return $response;
if (null !== $response = $this->checkAuth(AdminResources::ORDER, AccessManager::UPDATE)) return $response;
$message = null;
@@ -109,7 +110,7 @@ class OrderController extends BaseAdminController
public function updateDeliveryRef($order_id)
{
if (null !== $response = $this->checkAuth(AdminResources::ORDER_UPDATE)) return $response;
if (null !== $response = $this->checkAuth(AdminResources::ORDER, AccessManager::UPDATE)) return $response;
$message = null;
@@ -144,7 +145,7 @@ class OrderController extends BaseAdminController
public function updateAddress($order_id)
{
if (null !== $response = $this->checkAuth(AdminResources::ORDER_UPDATE)) return $response;
if (null !== $response = $this->checkAuth(AdminResources::ORDER, AccessManager::UPDATE)) return $response;
$message = null;
@@ -210,7 +211,7 @@ class OrderController extends BaseAdminController
protected function generatePdf($order_id, $fileName)
{
if (null !== $response = $this->checkAuth(AdminResources::ORDER_UPDATE)) return $response;
if (null !== $response = $this->checkAuth(AdminResources::ORDER, AccessManager::UPDATE)) return $response;
$html = $this->renderRaw(
$fileName,

28
core/lib/Thelia/Controller/Admin/ProductController.php
View File

@@ -23,13 +23,14 @@
namespace Thelia\Controller\Admin;
use Thelia\Core\Event\AdminResources;
use Thelia\Core\Security\Resource\AdminResources;
use Thelia\Core\Event\Product\ProductAddCategoryEvent;
use Thelia\Core\Event\Product\ProductDeleteCategoryEvent;
use Thelia\Core\Event\Product\ProductDeleteEvent;
use Thelia\Core\Event\TheliaEvents;
use Thelia\Core\Event\Product\ProductUpdateEvent;
use Thelia\Core\Event\Product\ProductCreateEvent;
use Thelia\Core\Security\AccessManager;
use Thelia\Model\ProductQuery;
use Thelia\Form\ProductModificationForm;
use Thelia\Form\ProductCreationForm;
@@ -62,10 +63,7 @@ class ProductController extends AbstractCrudController
'manual',
'product_order',
AdminResources::PRODUCT_VIEW,
AdminResources::PRODUCT_CREATE,
AdminResources::PRODUCT_UPDATE,
AdminResources::PRODUCT_DELETE,
AdminResources::PRODUCT,
TheliaEvents::PRODUCT_CREATE,
TheliaEvents::PRODUCT_UPDATE,
@@ -281,7 +279,7 @@ class ProductController extends AbstractCrudController
public function setToggleVisibilityAction()
{
// Check current user authorization
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
$event = new ProductToggleVisibilityEvent($this->getExistingObject());
@@ -357,7 +355,7 @@ class ProductController extends AbstractCrudController
{
// Check current user authorization
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
$content_id = intval($this->getRequest()->get('content_id'));
@@ -383,7 +381,7 @@ class ProductController extends AbstractCrudController
{
// Check current user authorization
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
$content_id = intval($this->getRequest()->get('content_id'));
@@ -435,7 +433,7 @@ class ProductController extends AbstractCrudController
public function addAccessoryAction()
{
// Check current user authorization
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
$accessory_id = intval($this->getRequest()->get('accessory_id'));
@@ -460,7 +458,7 @@ class ProductController extends AbstractCrudController
public function deleteAccessoryAction()
{
// Check current user authorization
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
$accessory_id = intval($this->getRequest()->get('accessory_id'));
@@ -516,7 +514,7 @@ class ProductController extends AbstractCrudController
public function setProductTemplateAction($productId)
{
// Check current user authorization
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
$product = ProductQuery::create()->findPk($productId);
@@ -613,7 +611,7 @@ class ProductController extends AbstractCrudController
public function addAdditionalCategoryAction()
{
// Check current user authorization
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
$category_id = intval($this->getRequest()->request->get('additional_category_id'));
@@ -638,7 +636,7 @@ class ProductController extends AbstractCrudController
public function deleteAdditionalCategoryAction()
{
// Check current user authorization
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
$category_id = intval($this->getRequest()->get('additional_category_id'));
@@ -735,7 +733,7 @@ class ProductController extends AbstractCrudController
public function addCombinationAction()
{
// Check current user authorization
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
$event = new ProductCreateCombinationEvent(
$this->getExistingObject(),
@@ -760,7 +758,7 @@ class ProductController extends AbstractCrudController
public function deleteCombinationAction()
{
// Check current user authorization
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
$event = new ProductDeleteCombinationEvent(
$this->getExistingObject(),

7
core/lib/Thelia/Controller/Admin/ProfileController.php
View File

@@ -23,7 +23,7 @@
namespace Thelia\Controller\Admin;
use Thelia\Core\Event\AdminResources;
use Thelia\Core\Security\Resource\AdminResources;
use Thelia\Core\Event\Profile\ProfileEvent;
use Thelia\Core\Event\TheliaEvents;
use Thelia\Form\ProfileCreationForm;
@@ -40,10 +40,7 @@ class ProfileController extends AbstractCrudController
'manual',
'order',
AdminResources::PRODUCT_VIEW,
AdminResources::PRODUCT_CREATE,
AdminResources::PRODUCT_UPDATE,
AdminResources::PRODUCT_DELETE,
AdminResources::PROFILE,
TheliaEvents::PROFILE_CREATE,
TheliaEvents::PROFILE_UPDATE,

11
core/lib/Thelia/Controller/Admin/ShippingZoneController.php
View File

@@ -22,10 +22,11 @@
/*************************************************************************************/
namespace Thelia\Controller\Admin;
use Thelia\Core\Event\AdminResources;
use Thelia\Core\Security\Resource\AdminResources;
use Thelia\Core\Event\ShippingZone\ShippingZoneAddAreaEvent;
use Thelia\Core\Event\ShippingZone\ShippingZoneRemoveAreaEvent;
use Thelia\Core\Event\TheliaEvents;
use Thelia\Core\Security\AccessManager;
use Thelia\Form\Exception\FormValidationException;
use Thelia\Form\ShippingZone\ShippingZoneAddArea;
use Thelia\Form\ShippingZone\ShippingZoneRemoveArea;
@@ -41,13 +42,13 @@ class ShippingZoneController extends BaseAdminController
public function indexAction()
{
if (null !== $response = $this->checkAuth(AdminResources::SHIPPING_ZONE_VIEW)) return $response;
if (null !== $response = $this->checkAuth(AdminResources::SHIPPING_ZONE, AccessManager::VIEW)) return $response;
return $this->render("shipping-zones", array("display_shipping_zone" => 20));
}
public function updateAction($shipping_zones_id)
{
if (null !== $response = $this->checkAuth(AdminResources::SHIPPING_ZONE_VIEW)) return $response;
if (null !== $response = $this->checkAuth(AdminResources::SHIPPING_ZONE, AccessManager::VIEW)) return $response;
return $this->render("shipping-zones-edit", array(
"shipping_zones_id" => $shipping_zones_id
));
@@ -58,7 +59,7 @@ class ShippingZoneController extends BaseAdminController
*/
public function addArea()
{
if (null !== $response = $this->checkAuth(AdminResources::SHIPPING_ZONE_UPDATE)) return $response;
if (null !== $response = $this->checkAuth(AdminResources::SHIPPING_ZONE, AccessManager::UPDATE)) return $response;
$shippingAreaForm = new ShippingZoneAddArea($this->getRequest());
$error_msg = null;
@@ -93,7 +94,7 @@ class ShippingZoneController extends BaseAdminController
public function removeArea()
{
if (null !== $response = $this->checkAuth(AdminResources::SHIPPING_ZONE_UPDATE)) return $response;
if (null !== $response = $this->checkAuth(AdminResources::SHIPPING_ZONE, AccessManager::UPDATE)) return $response;
$shippingAreaForm = new ShippingZoneRemoveArea($this->getRequest());
$error_msg = null;

2
core/lib/Thelia/Controller/Admin/TaxController.php
View File

@@ -23,7 +23,7 @@
namespace Thelia\Controller\Admin;
use Thelia\Core\Event\AdminResources;
use Thelia\Core\Security\Resource\AdminResources;
use Thelia\Core\Event\Tax\TaxEvent;
use Thelia\Core\Event\TheliaEvents;
use Thelia\Form\TaxCreationForm;

14
core/lib/Thelia/Controller/Admin/TaxRuleController.php
View File

@@ -23,9 +23,10 @@
namespace Thelia\Controller\Admin;
use Thelia\Core\Event\AdminResources;
use Thelia\Core\Security\Resource\AdminResources;
use Thelia\Core\Event\Tax\TaxRuleEvent;
use Thelia\Core\Event\TheliaEvents;
use Thelia\Core\Security\AccessManager;
use Thelia\Form\TaxRuleCreationForm;
use Thelia\Form\TaxRuleModificationForm;
use Thelia\Form\TaxRuleTaxListUpdateForm;
@@ -41,10 +42,7 @@ class TaxRuleController extends AbstractCrudController
'manual',
'order',
AdminResources::TAX_VIEW,
AdminResources::TAX_CREATE,
AdminResources::TAX_UPDATE,
AdminResources::TAX_DELETE,
AdminResources::TAX,
TheliaEvents::TAX_RULE_CREATE,
TheliaEvents::TAX_RULE_UPDATE,
@@ -221,7 +219,7 @@ class TaxRuleController extends AbstractCrudController
public function updateAction()
{
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
$object = $this->getExistingObject();
@@ -239,7 +237,7 @@ class TaxRuleController extends AbstractCrudController
public function setDefaultAction()
{
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
$setDefaultEvent = new TaxRuleEvent();
@@ -257,7 +255,7 @@ class TaxRuleController extends AbstractCrudController
public function processUpdateTaxesAction()
{
// Check current user authorization
if (null !== $response = $this->checkAuth($this->updatePermissionIdentifier)) return $response;
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
$error_msg = false;

16
core/lib/Thelia/Controller/Admin/TemplateController.php
View File

@@ -23,11 +23,12 @@
namespace Thelia\Controller\Admin;
use Thelia\Core\Event\AdminResources;
use Thelia\Core\Security\Resource\AdminResources;
use Thelia\Core\Event\Template\TemplateDeleteEvent;
use Thelia\Core\Event\TheliaEvents;
use Thelia\Core\Event\Template\TemplateUpdateEvent;
use Thelia\Core\Event\Template\TemplateCreateEvent;
use Thelia\Core\Security\AccessManager;
use Thelia\Model\TemplateQuery;
use Thelia\Form\TemplateModificationForm;
use Thelia\Form\TemplateCreationForm;
@@ -52,10 +53,7 @@ class TemplateController extends AbstractCrudController
null,
null,
AdminResources::TEMPLATE_VIEW,
AdminResources::TEMPLATE_CREATE,
AdminResources::TEMPLATE_UPDATE,
AdminResources::TEMPLATE_DELETE,
AdminResources::TEMPLATE,
TheliaEvents::TEMPLATE_CREATE,
TheliaEvents::TEMPLATE_UPDATE,
@@ -213,7 +211,7 @@ class TemplateController extends AbstractCrudController
public function addAttributeAction()
{
// Check current user authorization
if (null !== $response = $this->checkAuth(AdminResources::TEMPLATE_UPDATE)) return $response;
if (null !== $response = $this->checkAuth(AdminResources::TEMPLATE, AccessManager::UPDATE)) return $response;
$attribute_id = intval($this->getRequest()->get('attribute_id'));
@@ -237,7 +235,7 @@ class TemplateController extends AbstractCrudController
public function deleteAttributeAction()
{
// Check current user authorization
if (null !== $response = $this->checkAuth(AdminResources::TEMPLATE_UPDATE)) return $response;
if (null !== $response = $this->checkAuth(AdminResources::TEMPLATE, AccessManager::UPDATE)) return $response;
$event = new TemplateDeleteAttributeEvent(
$this->getExistingObject(),
@@ -272,7 +270,7 @@ class TemplateController extends AbstractCrudController
public function addFeatureAction()
{
// Check current user authorization
if (null !== $response = $this->checkAuth(AdminResources::TEMPLATE_UPDATE)) return $response;
if (null !== $response = $this->checkAuth(AdminResources::TEMPLATE, AccessManager::UPDATE)) return $response;
$feature_id = intval($this->getRequest()->get('feature_id'));
@@ -296,7 +294,7 @@ class TemplateController extends AbstractCrudController
public function deleteFeatureAction()
{
// Check current user authorization
if (null !== $response = $this->checkAuth(AdminResources::TEMPLATE_UPDATE)) return $response;
if (null !== $response = $this->checkAuth(AdminResources::TEMPLATE, AccessManager::UPDATE)) return $response;
$event = new TemplateDeleteFeatureEvent(
$this->getExistingObject(),

84
core/lib/Thelia/Core/Security/AccessManager.php Normal file
View File

@@ -0,0 +1,84 @@
<?php
/*************************************************************************************/
/* */
/* Thelia */
/* */
/* Copyright (c) OpenStudio */
/* email : info@thelia.net */
/* web : http://www.thelia.net */
/* */
/* This program is free software; you can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 3 of the License */
/* */
/* This program is distributed in the hope that it will be useful, */
/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
/* GNU General Public License for more details. */
/* */
/* You should have received a copy of the GNU General Public License */
/* along with this program. If not, see <http://www.gnu.org/licenses/>. */
/* */
/*************************************************************************************/
namespace Thelia\Core\Security;
use Propel\Runtime\ActiveQuery\Criteria;
use Thelia\Core\Security\Resource\AdminResources;
use Thelia\Core\Security\User\UserInterface;
use Thelia\Core\HttpFoundation\Request;
use Thelia\Model\ProfileQuery;
use Thelia\Model\ProfileResourceQuery;
/**
* A simple security manager, in charge of checking user
*
* @author Etienne Roudeix <eroudeix@openstudio.fr>
*/
class AccessManager
{
const VIEW = 'VIEW';
const CREATE = 'CREATE';
const UPDATE = 'UPDATE';
const DELETE = 'DELETE';
protected $accessGranted = array(
self::VIEW => false,
self::CREATE => false,
self::UPDATE => false,
self::DELETE => false,
);
protected $accessPows = array(
self::VIEW => 3,
self::CREATE => 2,
self::UPDATE => 1,
self::DELETE => 0,
);
protected $accessValue;
public function __construct($accessValue)
{
$this->accessValue = $accessValue;
foreach($this->accessPows as $type => $value) {
if($accessValue >= $value) {
$accessValue -= $value;
$this->accessGranted[$type] = true;
} else {
$this->accessGranted[$type] = false;
}
}
}
public function can($type)
{
if(!array_key_exists($type, $this->accessGranted)) {
return false;
}
return $this->accessGranted[$type];
}
}

121
core/lib/Thelia/Core/Security/Resource/AdminResources.php
View File

@@ -21,7 +21,7 @@
/* */
/*************************************************************************************/
namespace Thelia\Core\Event;
namespace Thelia\Core\Security\Resource;
use Thelia\Core\Security\Exception\ResourceException;
@@ -35,9 +35,9 @@ final class AdminResources
{
static private $selfReflection = null;
static public function retrieve($name, $action)
static public function retrieve($name)
{
$contantName = strtoupper($name . '_' . $action);
$contantName = strtoupper($name);
if(null === self::$selfReflection) {
self::$selfReflection = new \ReflectionClass(__CLASS__);
@@ -52,118 +52,49 @@ final class AdminResources
const SUPERADMINISTRATOR = "SUPERADMINISTRATOR";
const ADDRESS_VIEW = "admin.address.view";
const ADDRESS_CREATE = "admin.address.create";
const ADDRESS_UPDATE = "admin.address.update";
const ADDRESS_DELETE = "admin.address.delete";
const ADDRESS = "admin.address";
const ADMIN_VIEW = "admin.configuration.admin.view";
const ADMIN_CREATE = "admin.configuration.admin.create";
const ADMIN_UPDATE = "admin.configuration.admin.update";
const ADMIN_DELETE = "admin.configuration.admin.delete";
const ADMIN = "admin.configuration.admin";
const AREA_VIEW = "admin.configuration.area.view";
const AREA_CREATE = "admin.configuration.area.create";
const AREA_UPDATE = "admin.configuration.area.update";
const AREA_DELETE = "admin.configuration.area.delete";
const AREA = "admin.configuration.area";
const ATTRIBUTE_VIEW = "admin.configuration.attribute.view";
const ATTRIBUTE_CREATE = "admin.configuration.attribute.create";
const ATTRIBUTE_UPDATE = "admin.configuration.attribute.update";
const ATTRIBUTE_DELETE = "admin.configuration.attribute.delete";
const ATTRIBUTE = "admin.configuration.attribute";
const CATEGORY_VIEW = "admin.category.view";
const CATEGORY_CREATE = "admin.category.create";
const CATEGORY_UPDATE = "admin.category.update";
const CATEGORY_DELETE = "admin.category.delete";
const CATEGORY = "admin.category";
const CONFIG_VIEW = "admin.configuration.view";
const CONFIG_CREATE = "admin.configuration.create";
const CONFIG_UPDATE = "admin.configuration.update";
const CONFIG_DELETE = "admin.configuration.delete";
const CONFIG = "admin.configuration";
const CONTENT_VIEW = "admin.content.view";
const CONTENT_CREATE = "admin.content.create";
const CONTENT_UPDATE = "admin.content.update";
const CONTENT_DELETE = "admin.content.delete";
const CONTENT = "admin.content";
const COUNTRY_VIEW = "admin.configuration.country.view";
const COUNTRY_CREATE = "admin.configuration.country.create";
const COUNTRY_UPDATE = "admin.configuration.country.update";
const COUNTRY_DELETE = "admin.configuration.country.delete";
const COUNTRY = "admin.configuration.country";
const COUPON_VIEW = "admin.coupon.view";
const COUPON_CREATE = "admin.coupon.create";
const COUPON_UPDATE = "admin.coupon.update";
const COUPON_DELETE = "admin.coupon.delete";
const COUPON = "admin.coupon";
const CURRENCY_VIEW = "admin.configuration.currency.view";
const CURRENCY_CREATE = "admin.configuration.currency.create";
const CURRENCY_UPDATE = "admin.configuration.currency.update";
const CURRENCY_DELETE = "admin.configuration.currency.delete";
const CURRENCY = "admin.configuration.currency";
const CUSTOMER_VIEW = "admin.customer.view";
const CUSTOMER_CREATE = "admin.customer.create";
const CUSTOMER_UPDATE = "admin.customer.update";
const CUSTOMER_DELETE = "admin.customer.delete";
const CUSTOMER = "admin.customer";
const FEATURE_VIEW = "admin.configuration.feature.view";
const FEATURE_CREATE = "admin.configuration.feature.create";
const FEATURE_UPDATE = "admin.configuration.feature.update";
const FEATURE_DELETE = "admin.configuration.feature.delete";
const FEATURE = "admin.configuration.feature";
const FOLDER_VIEW = "admin.folder.view";
const FOLDER_CREATE = "admin.folder.create";
const FOLDER_UPDATE = "admin.folder.update";
const FOLDER_DELETE = "admin.folder.delete";
const FOLDER = "admin.folder";
const LANGUAGE_VIEW = "admin.configuration.language.view";
const LANGUAGE_CREATE = "admin.configuration.language.create";
const LANGUAGE_UPDATE = "admin.configuration.language.update";
const LANGUAGE_DELETE = "admin.configuration.language.delete";
const LANGUAGE = "admin.configuration.language";
const MAILING_SYSTEM_VIEW = "admin.configuration.mailing-system.view";
const MAILING_SYSTEM_CREATE = "admin.configuration.mailing-system.create";
const MAILING_SYSTEM_UPDATE = "admin.configuration.mailing-system.update";
const MAILING_SYSTEM_DELETE = "admin.configuration.mailing-system.delete";
const MAILING_SYSTEM = "admin.configuration.mailing-system";
const MESSAGE_VIEW = "admin.configuration.message.view";
const MESSAGE_CREATE = "admin.configuration.message.create";
const MESSAGE_UPDATE = "admin.configuration.message.update";
const MESSAGE_DELETE = "admin.configuration.message.delete";
const MESSAGE = "admin.configuration.message";
const MODULE_VIEW = "admin.configuration.module.view";
const MODULE_CREATE = "admin.configuration.module.create";
const MODULE_UPDATE = "admin.configuration.module.update";
const MODULE_DELETE = "admin.configuration.module.delete";
const MODULE = "admin.configuration.module";
const ORDER_VIEW = "admin.order.view";
const ORDER_CREATE = "admin.order.create";
const ORDER_UPDATE = "admin.order.update";
const ORDER_DELETE = "admin.order.delete";
const ORDER = "admin.order";
const PRODUCT_VIEW = "admin.product.view";
const PRODUCT_CREATE = "admin.product.create";
const PRODUCT_UPDATE = "admin.product.update";
const PRODUCT_DELETE = "admin.product.delete";
const PRODUCT = "admin.product";
const PROFILE_VIEW = "admin.configuration.profile.view";
const PROFILE_CREATE = "admin.configuration.profile.create";
const PROFILE_UPDATE = "admin.configuration.profile.update";
const PROFILE_DELETE = "admin.configuration.profile.delete";
const PROFILE = "admin.configuration.profile";
const SHIPPING_ZONE_VIEW = "admin.configuration.shipping-zone.view";
const SHIPPING_ZONE_CREATE = "admin.configuration.shipping-zone.create";
const SHIPPING_ZONE_UPDATE = "admin.configuration.shipping-zone.update";
const SHIPPING_ZONE_DELETE = "admin.configuration.shipping-zone.delete";
const SHIPPING_ZONE = "admin.configuration.shipping-zone";
const TAX_VIEW = "admin.configuration.tax.view";
const TAX_CREATE = "admin.configuration.tax.create";
const TAX_UPDATE = "admin.configuration.tax.update";
const TAX_DELETE = "admin.configuration.tax.delete";
const TAX = "admin.configuration.tax";
const TEMPLATE_VIEW = "admin.configuration.template.view";
const TEMPLATE_CREATE = "admin.configuration.template.create";
const TEMPLATE_UPDATE = "admin.configuration.template.update";
const TEMPLATE_DELETE = "admin.configuration.template.delete";
const TEMPLATE = "admin.configuration.template";
}

28
core/lib/Thelia/Core/Security/SecurityContext.php
View File

@@ -24,7 +24,7 @@
namespace Thelia\Core\Security;
use Propel\Runtime\ActiveQuery\Criteria;
use Thelia\Core\Event\AdminResources;
use Thelia\Core\Security\Resource\AdminResources;
use Thelia\Core\Security\User\UserInterface;
use Thelia\Core\HttpFoundation\Request;
use Thelia\Model\ProfileQuery;
@@ -126,12 +126,8 @@ class SecurityContext
*
* @return Boolean
*/
final public function isGranted(array $roles, array $permissions)
final public function isGranted(array $roles, array $resources, array $accesses)
{
if (empty($permissions)) {
return true;
}
// Find a user which matches the required roles.
$user = $this->getCustomerUser();
@@ -147,7 +143,11 @@ class SecurityContext
return false;
}
if( !method_exists($user, 'getProfileId') ) {
if (empty($resources) || empty($accesses)) {
return true;
}
if( !method_exists($user, 'getPermissions') ) {
return false;
}
@@ -157,14 +157,22 @@ class SecurityContext
return true;
}
foreach($permissions as $permission) {
if($permission === '') {
foreach($resources as $resource) {
if($resource === '') {
continue;
}
if(! in_array($permission, $userPermissions)) {
$resource = strtolower($resource);
if(!array_key_exists($resource, $userPermissions)) {
return false;
}
foreach($accesses as $access) {
if(!$userPermissions[$resource]->can($access)) {
return false;
}
}
}
return true;

50
core/lib/Thelia/Core/Template/Loop/Auth.php
View File

@@ -29,6 +29,9 @@ use Thelia\Core\Template\Element\LoopResultRow;
use Thelia\Core\Template\Loop\Argument\ArgumentCollection;
use Thelia\Core\Template\Loop\Argument\Argument;
use Thelia\Type\AlphaNumStringListType;
use Thelia\Type\EnumListType;
use Thelia\Type\TypeCollection;
/**
*
@@ -41,40 +44,45 @@ class Auth extends BaseLoop
public function getArgDefinitions()
{
return new ArgumentCollection(
Argument::createAnyTypeArgument('roles', null, true),
Argument::createAnyTypeArgument('permissions'),
new Argument(
'roles',
new TypeCollection(
new AlphaNumStringListType()
),
null,
true
),
new Argument(
'resource',
new TypeCollection(
new AlphaNumStringListType()
)
),
new Argument(
'access',
new TypeCollection(
new EnumListType(array("view", "create", "update", "delete"))
)
),
Argument::createAnyTypeArgument('context', 'front', false)
);
}
private function _explode($commaSeparatedValues)
{
$array = explode(',', $commaSeparatedValues);
if (array_walk($array, function(&$item) {
$item = strtoupper(trim($item));
})) {
return $array;
}
return array();
}
/**
* @param $pagination
*
*
* @return \Thelia\Core\Template\Element\LoopResult
* @return LoopResult
*/
public function exec(&$pagination)
{
$roles = $this->_explode($this->getRoles());
$permissions = $this->_explode($this->getPermissions());
$roles = $this->getRoles();
$resource = $this->getResource();
$access = $this->getAccess();
$loopResult = new LoopResult();
try {
if (true === $this->securityContext->isGranted($roles, $permissions == null ? array() : $permissions)) {
if (true === $this->securityContext->isGranted($roles, $resource === null ? array() : $resource, $access === null ? array() : $access)) {
// Create an empty row: loop is no longer empty :)
$loopResult->addRow(new LoopResultRow());

4
core/lib/Thelia/Core/Template/Smarty/AbstractSmartyPlugin.php
View File

@@ -40,6 +40,10 @@ abstract class AbstractSmartyPlugin
*/
protected function _explode($commaSeparatedValues)
{
if(null === $commaSeparatedValues) {
return array();
}
$array = explode(',', $commaSeparatedValues);
if (array_walk($array, function(&$item) {

5
core/lib/Thelia/Core/Template/Smarty/Plugins/AdminUtilities.php
View File

@@ -45,7 +45,8 @@ class AdminUtilities extends AbstractSmartyPlugin
public function generatePositionChangeBlock($params, &$smarty)
{
// The required permissions
$permission = $this->getParam($params, 'permission');
$resource = $this->getParam($params, 'resource');
$access = $this->getParam($params, 'access');
// The base position change path
$path = $this->getParam($params, 'path');
@@ -68,7 +69,7 @@ class AdminUtilities extends AbstractSmartyPlugin
<a href="{url path='/admin/configuration/currencies/positionDown' currency_id=$ID}"><i class="icon-arrow-down"></i></a>
*/
if ($permissions == null || $this->securityContext->isGranted("ADMIN", array($permission))) {
if ($permissions == null || $this->securityContext->isGranted("ADMIN", array($resource), array($access))) {
return sprintf(
'<a href="%s"><i class="glyphicon glyphicon-arrow-up"></i></a><span class="%s" data-id="%s">%s</span><a href="%s"><i class="glyphicon glyphicon-arrow-down"></i></a>',
URL::getInstance()->absoluteUrl($path, array('mode' => 'up', $url_parameter => $id)),

11
core/lib/Thelia/Core/Template/Smarty/Plugins/Security.php
View File

@@ -53,14 +53,15 @@ class Security extends AbstractSmartyPlugin
*/
public function checkAuthFunction($params, &$smarty)
{
$roles = $this->_explode($this->getParam($params, 'roles'));
$permissions = $this->_explode($this->getParam($params, 'permissions'));
$roles = $this->_explode($this->getParam($params, 'role'));
$resources = $this->_explode($this->getParam($params, 'resource'));
$accesses = $this->_explode($this->getParam($params, 'access'));
if (! $this->securityContext->isGranted($roles, $permissions)) {
if (! $this->securityContext->isGranted($roles, $resources, $accesses)) {
$ex = new AuthenticationException(
sprintf("User not granted for roles '%s', permissions '%s' in context '%s'.",
implode(',', $roles), implode(',', $permissions), $context
sprintf("User not granted for roles '%s', to access resources '%s' with %s in context '%s'.",
implode(',', $roles), implode(',', $resources), implode(',', $accesses), $context
)
);

5
core/lib/Thelia/Model/Admin.php
View File

@@ -3,7 +3,8 @@
namespace Thelia\Model;
use Propel\Runtime\ActiveQuery\Criteria;
use Thelia\Core\Event\AdminResources;
use Thelia\Core\Security\Resource\AdminResources;
use Thelia\Core\Security\AccessManager;
use Thelia\Core\Security\User\UserInterface;
use Thelia\Core\Security\Role\Role;
@@ -39,7 +40,7 @@ class Admin extends BaseAdmin implements UserInterface
$userPermissions = array();
foreach($userPermissionsQuery as $userPermission) {
$userPermissions[] = $userPermission->getVirtualColumn('code');
$userPermissions[$userPermission->getVirtualColumn('code')] = new AccessManager($userPermission->getAccess());
}
return $userPermissions;

134
core/lib/Thelia/Model/Base/ProfileResource.php
View File

@@ -77,18 +77,11 @@ abstract class ProfileResource implements ActiveRecordInterface
protected $resource_id;
/**
* The value for the read field.
* The value for the access field.
* Note: this column has a database default value of: 0
* @var int
*/
protected $read;
/**
* The value for the write field.
* Note: this column has a database default value of: 0
* @var int
*/
protected $write;
protected $access;
/**
* The value for the created_at field.
@@ -128,8 +121,7 @@ abstract class ProfileResource implements ActiveRecordInterface
*/
public function applyDefaultValues()
{
$this->read = 0;
$this->write = 0;
$this->access = 0;
}
/**
@@ -426,25 +418,14 @@ abstract class ProfileResource implements ActiveRecordInterface
}
/**
* Get the [read] column value.
* Get the [access] column value.
*
* @return int
*/
public function getRead()
public function getAccess()
{
return $this->read;
}
/**
* Get the [write] column value.
*
* @return int
*/
public function getWrite()
{
return $this->write;
return $this->access;
}
/**
@@ -559,46 +540,25 @@ abstract class ProfileResource implements ActiveRecordInterface
} // setResourceId()
/**
* Set the value of [read] column.
* Set the value of [access] column.
*
* @param int $v new value
* @return \Thelia\Model\ProfileResource The current object (for fluent API support)
*/
public function setRead($v)
public function setAccess($v)
{
if ($v !== null) {
$v = (int) $v;
}
if ($this->read !== $v) {
$this->read = $v;
$this->modifiedColumns[] = ProfileResourceTableMap::READ;
if ($this->access !== $v) {
$this->access = $v;
$this->modifiedColumns[] = ProfileResourceTableMap::ACCESS;
}
return $this;
} // setRead()
/**
* Set the value of [write] column.
*
* @param int $v new value
* @return \Thelia\Model\ProfileResource The current object (for fluent API support)
*/
public function setWrite($v)
{
if ($v !== null) {
$v = (int) $v;
}
if ($this->write !== $v) {
$this->write = $v;
$this->modifiedColumns[] = ProfileResourceTableMap::WRITE;
}
return $this;
} // setWrite()
} // setAccess()
/**
* Sets the value of [created_at] column to a normalized version of the date/time value specified.
@@ -652,11 +612,7 @@ abstract class ProfileResource implements ActiveRecordInterface
*/
public function hasOnlyDefaultValues()
{
if ($this->read !== 0) {
return false;
}
if ($this->write !== 0) {
if ($this->access !== 0) {
return false;
}
@@ -696,19 +652,16 @@ abstract class ProfileResource implements ActiveRecordInterface
$col = $row[TableMap::TYPE_NUM == $indexType ? 2 + $startcol : ProfileResourceTableMap::translateFieldName('ResourceId', TableMap::TYPE_PHPNAME, $indexType)];
$this->resource_id = (null !== $col) ? (int) $col : null;
$col = $row[TableMap::TYPE_NUM == $indexType ? 3 + $startcol : ProfileResourceTableMap::translateFieldName('Read', TableMap::TYPE_PHPNAME, $indexType)];
$this->read = (null !== $col) ? (int) $col : null;
$col = $row[TableMap::TYPE_NUM == $indexType ? 3 + $startcol : ProfileResourceTableMap::translateFieldName('Access', TableMap::TYPE_PHPNAME, $indexType)];
$this->access = (null !== $col) ? (int) $col : null;
$col = $row[TableMap::TYPE_NUM == $indexType ? 4 + $startcol : ProfileResourceTableMap::translateFieldName('Write', TableMap::TYPE_PHPNAME, $indexType)];
$this->write = (null !== $col) ? (int) $col : null;
$col = $row[TableMap::TYPE_NUM == $indexType ? 5 + $startcol : ProfileResourceTableMap::translateFieldName('CreatedAt', TableMap::TYPE_PHPNAME, $indexType)];
$col = $row[TableMap::TYPE_NUM == $indexType ? 4 + $startcol : ProfileResourceTableMap::translateFieldName('CreatedAt', TableMap::TYPE_PHPNAME, $indexType)];
if ($col === '0000-00-00 00:00:00') {
$col = null;
}
$this->created_at = (null !== $col) ? PropelDateTime::newInstance($col, null, '\DateTime') : null;
$col = $row[TableMap::TYPE_NUM == $indexType ? 6 + $startcol : ProfileResourceTableMap::translateFieldName('UpdatedAt', TableMap::TYPE_PHPNAME, $indexType)];
$col = $row[TableMap::TYPE_NUM == $indexType ? 5 + $startcol : ProfileResourceTableMap::translateFieldName('UpdatedAt', TableMap::TYPE_PHPNAME, $indexType)];
if ($col === '0000-00-00 00:00:00') {
$col = null;
}
@@ -721,7 +674,7 @@ abstract class ProfileResource implements ActiveRecordInterface
$this->ensureConsistency();
}
return $startcol + 7; // 7 = ProfileResourceTableMap::NUM_HYDRATE_COLUMNS.
return $startcol + 6; // 6 = ProfileResourceTableMap::NUM_HYDRATE_COLUMNS.
} catch (Exception $e) {
throw new PropelException("Error populating \Thelia\Model\ProfileResource object", 0, $e);
@@ -977,11 +930,8 @@ abstract class ProfileResource implements ActiveRecordInterface
if ($this->isColumnModified(ProfileResourceTableMap::RESOURCE_ID)) {
$modifiedColumns[':p' . $index++] = 'RESOURCE_ID';
}
if ($this->isColumnModified(ProfileResourceTableMap::READ)) {
$modifiedColumns[':p' . $index++] = 'READ';
}
if ($this->isColumnModified(ProfileResourceTableMap::WRITE)) {
$modifiedColumns[':p' . $index++] = 'WRITE';
if ($this->isColumnModified(ProfileResourceTableMap::ACCESS)) {
$modifiedColumns[':p' . $index++] = 'ACCESS';
}
if ($this->isColumnModified(ProfileResourceTableMap::CREATED_AT)) {
$modifiedColumns[':p' . $index++] = 'CREATED_AT';
@@ -1009,11 +959,8 @@ abstract class ProfileResource implements ActiveRecordInterface
case 'RESOURCE_ID':
$stmt->bindValue($identifier, $this->resource_id, PDO::PARAM_INT);
break;
case 'READ':
$stmt->bindValue($identifier, $this->read, PDO::PARAM_INT);
break;
case 'WRITE':
$stmt->bindValue($identifier, $this->write, PDO::PARAM_INT);
case 'ACCESS':
$stmt->bindValue($identifier, $this->access, PDO::PARAM_INT);
break;
case 'CREATED_AT':
$stmt->bindValue($identifier, $this->created_at ? $this->created_at->format("Y-m-d H:i:s") : null, PDO::PARAM_STR);
@@ -1093,15 +1040,12 @@ abstract class ProfileResource implements ActiveRecordInterface
return $this->getResourceId();
break;
case 3:
return $this->getRead();
return $this->getAccess();
break;
case 4:
return $this->getWrite();
break;
case 5:
return $this->getCreatedAt();
break;
case 6:
case 5:
return $this->getUpdatedAt();
break;
default:
@@ -1136,10 +1080,9 @@ abstract class ProfileResource implements ActiveRecordInterface
$keys[0] => $this->getId(),
$keys[1] => $this->getProfileId(),
$keys[2] => $this->getResourceId(),
$keys[3] => $this->getRead(),
$keys[4] => $this->getWrite(),
$keys[5] => $this->getCreatedAt(),
$keys[6] => $this->getUpdatedAt(),
$keys[3] => $this->getAccess(),
$keys[4] => $this->getCreatedAt(),
$keys[5] => $this->getUpdatedAt(),
);
$virtualColumns = $this->virtualColumns;
foreach ($virtualColumns as $key => $virtualColumn) {
@@ -1197,15 +1140,12 @@ abstract class ProfileResource implements ActiveRecordInterface
$this->setResourceId($value);
break;
case 3:
$this->setRead($value);
$this->setAccess($value);
break;
case 4:
$this->setWrite($value);
break;
case 5:
$this->setCreatedAt($value);
break;
case 6:
case 5:
$this->setUpdatedAt($value);
break;
} // switch()
@@ -1235,10 +1175,9 @@ abstract class ProfileResource implements ActiveRecordInterface
if (array_key_exists($keys[0], $arr)) $this->setId($arr[$keys[0]]);
if (array_key_exists($keys[1], $arr)) $this->setProfileId($arr[$keys[1]]);
if (array_key_exists($keys[2], $arr)) $this->setResourceId($arr[$keys[2]]);
if (array_key_exists($keys[3], $arr)) $this->setRead($arr[$keys[3]]);
if (array_key_exists($keys[4], $arr)) $this->setWrite($arr[$keys[4]]);
if (array_key_exists($keys[5], $arr)) $this->setCreatedAt($arr[$keys[5]]);
if (array_key_exists($keys[6], $arr)) $this->setUpdatedAt($arr[$keys[6]]);
if (array_key_exists($keys[3], $arr)) $this->setAccess($arr[$keys[3]]);
if (array_key_exists($keys[4], $arr)) $this->setCreatedAt($arr[$keys[4]]);
if (array_key_exists($keys[5], $arr)) $this->setUpdatedAt($arr[$keys[5]]);
}
/**
@@ -1253,8 +1192,7 @@ abstract class ProfileResource implements ActiveRecordInterface
if ($this->isColumnModified(ProfileResourceTableMap::ID)) $criteria->add(ProfileResourceTableMap::ID, $this->id);
if ($this->isColumnModified(ProfileResourceTableMap::PROFILE_ID)) $criteria->add(ProfileResourceTableMap::PROFILE_ID, $this->profile_id);
if ($this->isColumnModified(ProfileResourceTableMap::RESOURCE_ID)) $criteria->add(ProfileResourceTableMap::RESOURCE_ID, $this->resource_id);
if ($this->isColumnModified(ProfileResourceTableMap::READ)) $criteria->add(ProfileResourceTableMap::READ, $this->read);
if ($this->isColumnModified(ProfileResourceTableMap::WRITE)) $criteria->add(ProfileResourceTableMap::WRITE, $this->write);
if ($this->isColumnModified(ProfileResourceTableMap::ACCESS)) $criteria->add(ProfileResourceTableMap::ACCESS, $this->access);
if ($this->isColumnModified(ProfileResourceTableMap::CREATED_AT)) $criteria->add(ProfileResourceTableMap::CREATED_AT, $this->created_at);
if ($this->isColumnModified(ProfileResourceTableMap::UPDATED_AT)) $criteria->add(ProfileResourceTableMap::UPDATED_AT, $this->updated_at);
@@ -1332,8 +1270,7 @@ abstract class ProfileResource implements ActiveRecordInterface
{
$copyObj->setProfileId($this->getProfileId());
$copyObj->setResourceId($this->getResourceId());
$copyObj->setRead($this->getRead());
$copyObj->setWrite($this->getWrite());
$copyObj->setAccess($this->getAccess());
$copyObj->setCreatedAt($this->getCreatedAt());
$copyObj->setUpdatedAt($this->getUpdatedAt());
if ($makeNew) {
@@ -1474,8 +1411,7 @@ abstract class ProfileResource implements ActiveRecordInterface
$this->id = null;
$this->profile_id = null;
$this->resource_id = null;
$this->read = null;
$this->write = null;
$this->access = null;
$this->created_at = null;
$this->updated_at = null;
$this->alreadyInSave = false;

79
core/lib/Thelia/Model/Base/ProfileResourceQuery.php
View File

@@ -24,16 +24,14 @@ use Thelia\Model\Map\ProfileResourceTableMap;
* @method ChildProfileResourceQuery orderById($order = Criteria::ASC) Order by the id column
* @method ChildProfileResourceQuery orderByProfileId($order = Criteria::ASC) Order by the profile_id column
* @method ChildProfileResourceQuery orderByResourceId($order = Criteria::ASC) Order by the resource_id column
* @method ChildProfileResourceQuery orderByRead($order = Criteria::ASC) Order by the read column
* @method ChildProfileResourceQuery orderByWrite($order = Criteria::ASC) Order by the write column
* @method ChildProfileResourceQuery orderByAccess($order = Criteria::ASC) Order by the access column
* @method ChildProfileResourceQuery orderByCreatedAt($order = Criteria::ASC) Order by the created_at column
* @method ChildProfileResourceQuery orderByUpdatedAt($order = Criteria::ASC) Order by the updated_at column
*
* @method ChildProfileResourceQuery groupById() Group by the id column
* @method ChildProfileResourceQuery groupByProfileId() Group by the profile_id column
* @method ChildProfileResourceQuery groupByResourceId() Group by the resource_id column
* @method ChildProfileResourceQuery groupByRead() Group by the read column
* @method ChildProfileResourceQuery groupByWrite() Group by the write column
* @method ChildProfileResourceQuery groupByAccess() Group by the access column
* @method ChildProfileResourceQuery groupByCreatedAt() Group by the created_at column
* @method ChildProfileResourceQuery groupByUpdatedAt() Group by the updated_at column
*
@@ -55,16 +53,14 @@ use Thelia\Model\Map\ProfileResourceTableMap;
* @method ChildProfileResource findOneById(int $id) Return the first ChildProfileResource filtered by the id column
* @method ChildProfileResource findOneByProfileId(int $profile_id) Return the first ChildProfileResource filtered by the profile_id column
* @method ChildProfileResource findOneByResourceId(int $resource_id) Return the first ChildProfileResource filtered by the resource_id column
* @method ChildProfileResource findOneByRead(int $read) Return the first ChildProfileResource filtered by the read column
* @method ChildProfileResource findOneByWrite(int $write) Return the first ChildProfileResource filtered by the write column
* @method ChildProfileResource findOneByAccess(int $access) Return the first ChildProfileResource filtered by the access column
* @method ChildProfileResource findOneByCreatedAt(string $created_at) Return the first ChildProfileResource filtered by the created_at column
* @method ChildProfileResource findOneByUpdatedAt(string $updated_at) Return the first ChildProfileResource filtered by the updated_at column
*
* @method array findById(int $id) Return ChildProfileResource objects filtered by the id column
* @method array findByProfileId(int $profile_id) Return ChildProfileResource objects filtered by the profile_id column
* @method array findByResourceId(int $resource_id) Return ChildProfileResource objects filtered by the resource_id column
* @method array findByRead(int $read) Return ChildProfileResource objects filtered by the read column
* @method array findByWrite(int $write) Return ChildProfileResource objects filtered by the write column
* @method array findByAccess(int $access) Return ChildProfileResource objects filtered by the access column
* @method array findByCreatedAt(string $created_at) Return ChildProfileResource objects filtered by the created_at column
* @method array findByUpdatedAt(string $updated_at) Return ChildProfileResource objects filtered by the updated_at column
*
@@ -155,7 +151,7 @@ abstract class ProfileResourceQuery extends ModelCriteria
*/
protected function findPkSimple($key, $con)
{
$sql = 'SELECT ID, PROFILE_ID, RESOURCE_ID, READ, WRITE, CREATED_AT, UPDATED_AT FROM profile_resource WHERE ID = :p0 AND PROFILE_ID = :p1 AND RESOURCE_ID = :p2';
$sql = 'SELECT ID, PROFILE_ID, RESOURCE_ID, ACCESS, CREATED_AT, UPDATED_AT FROM profile_resource WHERE ID = :p0 AND PROFILE_ID = :p1 AND RESOURCE_ID = :p2';
try {
$stmt = $con->prepare($sql);
$stmt->bindValue(':p0', $key[0], PDO::PARAM_INT);
@@ -388,16 +384,16 @@ abstract class ProfileResourceQuery extends ModelCriteria
}
/**
* Filter the query on the read column
* Filter the query on the access column
*
* Example usage:
* <code>
* $query->filterByRead(1234); // WHERE read = 1234
* $query->filterByRead(array(12, 34)); // WHERE read IN (12, 34)
* $query->filterByRead(array('min' => 12)); // WHERE read > 12
* $query->filterByAccess(1234); // WHERE access = 1234
* $query->filterByAccess(array(12, 34)); // WHERE access IN (12, 34)
* $query->filterByAccess(array('min' => 12)); // WHERE access > 12
* </code>
*
* @param mixed $read The value to use as filter.
* @param mixed $access The value to use as filter.
* Use scalar values for equality.
* Use array values for in_array() equivalent.
* Use associative array('min' => $minValue, 'max' => $maxValue) for intervals.
@@ -405,16 +401,16 @@ abstract class ProfileResourceQuery extends ModelCriteria
*
* @return ChildProfileResourceQuery The current query, for fluid interface
*/
public function filterByRead($read = null, $comparison = null)
public function filterByAccess($access = null, $comparison = null)
{
if (is_array($read)) {
if (is_array($access)) {
$useMinMax = false;
if (isset($read['min'])) {
$this->addUsingAlias(ProfileResourceTableMap::READ, $read['min'], Criteria::GREATER_EQUAL);
if (isset($access['min'])) {
$this->addUsingAlias(ProfileResourceTableMap::ACCESS, $access['min'], Criteria::GREATER_EQUAL);
$useMinMax = true;
}
if (isset($read['max'])) {
$this->addUsingAlias(ProfileResourceTableMap::READ, $read['max'], Criteria::LESS_EQUAL);
if (isset($access['max'])) {
$this->addUsingAlias(ProfileResourceTableMap::ACCESS, $access['max'], Criteria::LESS_EQUAL);
$useMinMax = true;
}
if ($useMinMax) {
@@ -425,48 +421,7 @@ abstract class ProfileResourceQuery extends ModelCriteria
}
}
return $this->addUsingAlias(ProfileResourceTableMap::READ, $read, $comparison);
}
/**
* Filter the query on the write column
*
* Example usage:
* <code>
* $query->filterByWrite(1234); // WHERE write = 1234
* $query->filterByWrite(array(12, 34)); // WHERE write IN (12, 34)
* $query->filterByWrite(array('min' => 12)); // WHERE write > 12
* </code>
*
* @param mixed $write The value to use as filter.
* Use scalar values for equality.
* Use array values for in_array() equivalent.
* Use associative array('min' => $minValue, 'max' => $maxValue) for intervals.
* @param string $comparison Operator to use for the column comparison, defaults to Criteria::EQUAL
*
* @return ChildProfileResourceQuery The current query, for fluid interface
*/
public function filterByWrite($write = null, $comparison = null)
{
if (is_array($write)) {
$useMinMax = false;
if (isset($write['min'])) {
$this->addUsingAlias(ProfileResourceTableMap::WRITE, $write['min'], Criteria::GREATER_EQUAL);
$useMinMax = true;
}
if (isset($write['max'])) {
$this->addUsingAlias(ProfileResourceTableMap::WRITE, $write['max'], Criteria::LESS_EQUAL);
$useMinMax = true;
}
if ($useMinMax) {
return $this;
}
if (null === $comparison) {
$comparison = Criteria::IN;
}
}
return $this->addUsingAlias(ProfileResourceTableMap::WRITE, $write, $comparison);
return $this->addUsingAlias(ProfileResourceTableMap::ACCESS, $access, $comparison);
}
/**

46
core/lib/Thelia/Model/Map/ProfileResourceTableMap.php
View File

@@ -57,7 +57,7 @@ class ProfileResourceTableMap extends TableMap
/**
* The total number of columns
*/
const NUM_COLUMNS = 7;
const NUM_COLUMNS = 6;
/**
* The number of lazy-loaded columns
@@ -67,7 +67,7 @@ class ProfileResourceTableMap extends TableMap
/**
* The number of columns to hydrate (NUM_COLUMNS - NUM_LAZY_LOAD_COLUMNS)
*/
const NUM_HYDRATE_COLUMNS = 7;
const NUM_HYDRATE_COLUMNS = 6;
/**
* the column name for the ID field
@@ -85,14 +85,9 @@ class ProfileResourceTableMap extends TableMap
const RESOURCE_ID = 'profile_resource.RESOURCE_ID';
/**
* the column name for the READ field
* the column name for the ACCESS field
*/
const READ = 'profile_resource.READ';
/**
* the column name for the WRITE field
*/
const WRITE = 'profile_resource.WRITE';
const ACCESS = 'profile_resource.ACCESS';
/**
* the column name for the CREATED_AT field
@@ -116,12 +111,12 @@ class ProfileResourceTableMap extends TableMap
* e.g. self::$fieldNames[self::TYPE_PHPNAME][0] = 'Id'
*/
protected static $fieldNames = array (
self::TYPE_PHPNAME => array('Id', 'ProfileId', 'ResourceId', 'Read', 'Write', 'CreatedAt', 'UpdatedAt', ),
self::TYPE_STUDLYPHPNAME => array('id', 'profileId', 'resourceId', 'read', 'write', 'createdAt', 'updatedAt', ),
self::TYPE_COLNAME => array(ProfileResourceTableMap::ID, ProfileResourceTableMap::PROFILE_ID, ProfileResourceTableMap::RESOURCE_ID, ProfileResourceTableMap::READ, ProfileResourceTableMap::WRITE, ProfileResourceTableMap::CREATED_AT, ProfileResourceTableMap::UPDATED_AT, ),
self::TYPE_RAW_COLNAME => array('ID', 'PROFILE_ID', 'RESOURCE_ID', 'READ', 'WRITE', 'CREATED_AT', 'UPDATED_AT', ),
self::TYPE_FIELDNAME => array('id', 'profile_id', 'resource_id', 'read', 'write', 'created_at', 'updated_at', ),
self::TYPE_NUM => array(0, 1, 2, 3, 4, 5, 6, )
self::TYPE_PHPNAME => array('Id', 'ProfileId', 'ResourceId', 'Access', 'CreatedAt', 'UpdatedAt', ),
self::TYPE_STUDLYPHPNAME => array('id', 'profileId', 'resourceId', 'access', 'createdAt', 'updatedAt', ),
self::TYPE_COLNAME => array(ProfileResourceTableMap::ID, ProfileResourceTableMap::PROFILE_ID, ProfileResourceTableMap::RESOURCE_ID, ProfileResourceTableMap::ACCESS, ProfileResourceTableMap::CREATED_AT, ProfileResourceTableMap::UPDATED_AT, ),
self::TYPE_RAW_COLNAME => array('ID', 'PROFILE_ID', 'RESOURCE_ID', 'ACCESS', 'CREATED_AT', 'UPDATED_AT', ),
self::TYPE_FIELDNAME => array('id', 'profile_id', 'resource_id', 'access', 'created_at', 'updated_at', ),
self::TYPE_NUM => array(0, 1, 2, 3, 4, 5, )
);
/**
@@ -131,12 +126,12 @@ class ProfileResourceTableMap extends TableMap
* e.g. self::$fieldKeys[self::TYPE_PHPNAME]['Id'] = 0
*/
protected static $fieldKeys = array (
self::TYPE_PHPNAME => array('Id' => 0, 'ProfileId' => 1, 'ResourceId' => 2, 'Read' => 3, 'Write' => 4, 'CreatedAt' => 5, 'UpdatedAt' => 6, ),
self::TYPE_STUDLYPHPNAME => array('id' => 0, 'profileId' => 1, 'resourceId' => 2, 'read' => 3, 'write' => 4, 'createdAt' => 5, 'updatedAt' => 6, ),
self::TYPE_COLNAME => array(ProfileResourceTableMap::ID => 0, ProfileResourceTableMap::PROFILE_ID => 1, ProfileResourceTableMap::RESOURCE_ID => 2, ProfileResourceTableMap::READ => 3, ProfileResourceTableMap::WRITE => 4, ProfileResourceTableMap::CREATED_AT => 5, ProfileResourceTableMap::UPDATED_AT => 6, ),
self::TYPE_RAW_COLNAME => array('ID' => 0, 'PROFILE_ID' => 1, 'RESOURCE_ID' => 2, 'READ' => 3, 'WRITE' => 4, 'CREATED_AT' => 5, 'UPDATED_AT' => 6, ),
self::TYPE_FIELDNAME => array('id' => 0, 'profile_id' => 1, 'resource_id' => 2, 'read' => 3, 'write' => 4, 'created_at' => 5, 'updated_at' => 6, ),
self::TYPE_NUM => array(0, 1, 2, 3, 4, 5, 6, )
self::TYPE_PHPNAME => array('Id' => 0, 'ProfileId' => 1, 'ResourceId' => 2, 'Access' => 3, 'CreatedAt' => 4, 'UpdatedAt' => 5, ),
self::TYPE_STUDLYPHPNAME => array('id' => 0, 'profileId' => 1, 'resourceId' => 2, 'access' => 3, 'createdAt' => 4, 'updatedAt' => 5, ),
self::TYPE_COLNAME => array(ProfileResourceTableMap::ID => 0, ProfileResourceTableMap::PROFILE_ID => 1, ProfileResourceTableMap::RESOURCE_ID => 2, ProfileResourceTableMap::ACCESS => 3, ProfileResourceTableMap::CREATED_AT => 4, ProfileResourceTableMap::UPDATED_AT => 5, ),
self::TYPE_RAW_COLNAME => array('ID' => 0, 'PROFILE_ID' => 1, 'RESOURCE_ID' => 2, 'ACCESS' => 3, 'CREATED_AT' => 4, 'UPDATED_AT' => 5, ),
self::TYPE_FIELDNAME => array('id' => 0, 'profile_id' => 1, 'resource_id' => 2, 'access' => 3, 'created_at' => 4, 'updated_at' => 5, ),
self::TYPE_NUM => array(0, 1, 2, 3, 4, 5, )
);
/**
@@ -159,8 +154,7 @@ class ProfileResourceTableMap extends TableMap
$this->addPrimaryKey('ID', 'Id', 'INTEGER', true, null, null);
$this->addForeignPrimaryKey('PROFILE_ID', 'ProfileId', 'INTEGER' , 'profile', 'ID', true, null, null);
$this->addForeignPrimaryKey('RESOURCE_ID', 'ResourceId', 'INTEGER' , 'resource', 'ID', true, null, null);
$this->addColumn('READ', 'Read', 'TINYINT', false, null, 0);
$this->addColumn('WRITE', 'Write', 'TINYINT', false, null, 0);
$this->addColumn('ACCESS', 'Access', 'INTEGER', true, null, 0);
$this->addColumn('CREATED_AT', 'CreatedAt', 'TIMESTAMP', false, null, null);
$this->addColumn('UPDATED_AT', 'UpdatedAt', 'TIMESTAMP', false, null, null);
} // initialize()
@@ -377,16 +371,14 @@ class ProfileResourceTableMap extends TableMap
$criteria->addSelectColumn(ProfileResourceTableMap::ID);
$criteria->addSelectColumn(ProfileResourceTableMap::PROFILE_ID);
$criteria->addSelectColumn(ProfileResourceTableMap::RESOURCE_ID);
$criteria->addSelectColumn(ProfileResourceTableMap::READ);
$criteria->addSelectColumn(ProfileResourceTableMap::WRITE);
$criteria->addSelectColumn(ProfileResourceTableMap::ACCESS);
$criteria->addSelectColumn(ProfileResourceTableMap::CREATED_AT);
$criteria->addSelectColumn(ProfileResourceTableMap::UPDATED_AT);
} else {
$criteria->addSelectColumn($alias . '.ID');
$criteria->addSelectColumn($alias . '.PROFILE_ID');
$criteria->addSelectColumn($alias . '.RESOURCE_ID');
$criteria->addSelectColumn($alias . '.READ');
$criteria->addSelectColumn($alias . '.WRITE');
$criteria->addSelectColumn($alias . '.ACCESS');
$criteria->addSelectColumn($alias . '.CREATED_AT');
$criteria->addSelectColumn($alias . '.UPDATED_AT');
}

2
core/lib/Thelia/Type/AlphaNumStringListType.php
View File

@@ -38,7 +38,7 @@ class AlphaNumStringListType extends BaseType
public function isValid($values)
{
foreach (explode(',', $values) as $value) {
if(!preg_match('#^[a-zA-Z0-9\-_]+$#', $value))
if(!preg_match('#^[a-zA-Z0-9\-_\.]+$#', $value))
return false;
}

2
core/lib/Thelia/Type/AlphaNumStringType.php
View File

@@ -37,7 +37,7 @@ class AlphaNumStringType extends BaseType
public function isValid($value)
{
return preg_match('#^[a-zA-Z0-9\-_]+$#', $value) ? true : false;
return preg_match('#^[a-zA-Z0-9\-_\.]+$#', $value) ? true : false;
}
public function getFormattedValue($value)

115
install/insert.sql
View File

@@ -1198,95 +1198,26 @@ INSERT INTO `order_status_i18n` (`id`, `locale`, `title`, `description`, `chapo`
generated with command : php Thelia thelia:generate-resources --output sql
*/
INSERT INTO resource (`id`, `code`, `created_at`, `updated_at`) VALUES
(NULL, 'admin.address.view', NOW(), NOW()),
(NULL, 'admin.address.create', NOW(), NOW()),
(NULL, 'admin.address.update', NOW(), NOW()),
(NULL, 'admin.address.delete', NOW(), NOW()),
(NULL, 'admin.configuration.admin.view', NOW(), NOW()),
(NULL, 'admin.configuration.admin.create', NOW(), NOW()),
(NULL, 'admin.configuration.admin.update', NOW(), NOW()),
(NULL, 'admin.configuration.admin.delete', NOW(), NOW()),
(NULL, 'admin.configuration.area.view', NOW(), NOW()),
(NULL, 'admin.configuration.area.create', NOW(), NOW()),
(NULL, 'admin.configuration.area.update', NOW(), NOW()),
(NULL, 'admin.configuration.area.delete', NOW(), NOW()),
(NULL, 'admin.configuration.attribute.view', NOW(), NOW()),
(NULL, 'admin.configuration.attribute.create', NOW(), NOW()),
(NULL, 'admin.configuration.attribute.update', NOW(), NOW()),
(NULL, 'admin.configuration.attribute.delete', NOW(), NOW()),
(NULL, 'admin.category.view', NOW(), NOW()),
(NULL, 'admin.category.create', NOW(), NOW()),
(NULL, 'admin.category.update', NOW(), NOW()),
(NULL, 'admin.category.delete', NOW(), NOW()),
(NULL, 'admin.configuration.view', NOW(), NOW()),
(NULL, 'admin.configuration.create', NOW(), NOW()),
(NULL, 'admin.configuration.update', NOW(), NOW()),
(NULL, 'admin.configuration.delete', NOW(), NOW()),
(NULL, 'admin.content.view', NOW(), NOW()),
(NULL, 'admin.content.create', NOW(), NOW()),
(NULL, 'admin.content.update', NOW(), NOW()),
(NULL, 'admin.content.delete', NOW(), NOW()),
(NULL, 'admin.configuration.country.view', NOW(), NOW()),
(NULL, 'admin.configuration.country.create', NOW(), NOW()),
(NULL, 'admin.configuration.country.update', NOW(), NOW()),
(NULL, 'admin.configuration.country.delete', NOW(), NOW()),
(NULL, 'admin.coupon.view', NOW(), NOW()),
(NULL, 'admin.coupon.create', NOW(), NOW()),
(NULL, 'admin.coupon.update', NOW(), NOW()),
(NULL, 'admin.coupon.delete', NOW(), NOW()),
(NULL, 'admin.configuration.currency.view', NOW(), NOW()),
(NULL, 'admin.configuration.currency.create', NOW(), NOW()),
(NULL, 'admin.configuration.currency.update', NOW(), NOW()),
(NULL, 'admin.configuration.currency.delete', NOW(), NOW()),
(NULL, 'admin.customer.view', NOW(), NOW()),
(NULL, 'admin.customer.create', NOW(), NOW()),
(NULL, 'admin.customer.update', NOW(), NOW()),
(NULL, 'admin.customer.delete', NOW(), NOW()),
(NULL, 'admin.configuration.feature.view', NOW(), NOW()),
(NULL, 'admin.configuration.feature.create', NOW(), NOW()),
(NULL, 'admin.configuration.feature.update', NOW(), NOW()),
(NULL, 'admin.configuration.feature.delete', NOW(), NOW()),
(NULL, 'admin.folder.view', NOW(), NOW()),
(NULL, 'admin.folder.create', NOW(), NOW()),
(NULL, 'admin.folder.update', NOW(), NOW()),
(NULL, 'admin.folder.delete', NOW(), NOW()),
(NULL, 'admin.configuration.language.view', NOW(), NOW()),
(NULL, 'admin.configuration.language.create', NOW(), NOW()),
(NULL, 'admin.configuration.language.update', NOW(), NOW()),
(NULL, 'admin.configuration.language.delete', NOW(), NOW()),
(NULL, 'admin.configuration.mailing-system.view', NOW(), NOW()),
(NULL, 'admin.configuration.mailing-system.create', NOW(), NOW()),
(NULL, 'admin.configuration.mailing-system.update', NOW(), NOW()),
(NULL, 'admin.configuration.mailing-system.delete', NOW(), NOW()),
(NULL, 'admin.configuration.message.view', NOW(), NOW()),
(NULL, 'admin.configuration.message.create', NOW(), NOW()),
(NULL, 'admin.configuration.message.update', NOW(), NOW()),
(NULL, 'admin.configuration.message.delete', NOW(), NOW()),
(NULL, 'admin.configuration.module.view', NOW(), NOW()),
(NULL, 'admin.configuration.module.create', NOW(), NOW()),
(NULL, 'admin.configuration.module.update', NOW(), NOW()),
(NULL, 'admin.configuration.module.delete', NOW(), NOW()),
(NULL, 'admin.order.view', NOW(), NOW()),
(NULL, 'admin.order.create', NOW(), NOW()),
(NULL, 'admin.order.update', NOW(), NOW()),
(NULL, 'admin.order.delete', NOW(), NOW()),
(NULL, 'admin.product.view', NOW(), NOW()),
(NULL, 'admin.product.create', NOW(), NOW()),
(NULL, 'admin.product.update', NOW(), NOW()),
(NULL, 'admin.product.delete', NOW(), NOW()),
(NULL, 'admin.configuration.profile.view', NOW(), NOW()),
(NULL, 'admin.configuration.profile.create', NOW(), NOW()),
(NULL, 'admin.configuration.profile.update', NOW(), NOW()),
(NULL, 'admin.configuration.profile.delete', NOW(), NOW()),
(NULL, 'admin.configuration.shipping-zone.view', NOW(), NOW()),
(NULL, 'admin.configuration.shipping-zone.create', NOW(), NOW()),
(NULL, 'admin.configuration.shipping-zone.update', NOW(), NOW()),
(NULL, 'admin.configuration.shipping-zone.delete', NOW(), NOW()),
(NULL, 'admin.configuration.tax.view', NOW(), NOW()),
(NULL, 'admin.configuration.tax.create', NOW(), NOW()),
(NULL, 'admin.configuration.tax.update', NOW(), NOW()),
(NULL, 'admin.configuration.tax.delete', NOW(), NOW()),
(NULL, 'admin.configuration.template.view', NOW(), NOW()),
(NULL, 'admin.configuration.template.create', NOW(), NOW()),
(NULL, 'admin.configuration.template.update', NOW(), NOW()),
(NULL, 'admin.configuration.template.delete', NOW(), NOW());
(NULL, 'admin.address', NOW(), NOW()),
(NULL, 'admin.configuration.admin', NOW(), NOW()),
(NULL, 'admin.configuration.area', NOW(), NOW()),
(NULL, 'admin.configuration.attribute', NOW(), NOW()),
(NULL, 'admin.category', NOW(), NOW()),
(NULL, 'admin.configuration', NOW(), NOW()),
(NULL, 'admin.content', NOW(), NOW()),
(NULL, 'admin.configuration.country', NOW(), NOW()),
(NULL, 'admin.coupon', NOW(), NOW()),
(NULL, 'admin.configuration.currency', NOW(), NOW()),
(NULL, 'admin.customer', NOW(), NOW()),
(NULL, 'admin.configuration.feature', NOW(), NOW()),
(NULL, 'admin.folder', NOW(), NOW()),
(NULL, 'admin.configuration.language', NOW(), NOW()),
(NULL, 'admin.configuration.mailing-system', NOW(), NOW()),
(NULL, 'admin.configuration.message', NOW(), NOW()),
(NULL, 'admin.configuration.module', NOW(), NOW()),
(NULL, 'admin.order', NOW(), NOW()),
(NULL, 'admin.product', NOW(), NOW()),
(NULL, 'admin.configuration.profile', NOW(), NOW()),
(NULL, 'admin.configuration.shipping-zone', NOW(), NOW()),
(NULL, 'admin.configuration.tax', NOW(), NOW()),
(NULL, 'admin.configuration.template', NOW(), NOW())

3
install/thelia.sql
View File

@@ -1002,8 +1002,7 @@ CREATE TABLE `profile_resource`
`id` INTEGER NOT NULL AUTO_INCREMENT,
`profile_id` INTEGER NOT NULL,
`resource_id` INTEGER NOT NULL,
`read` TINYINT DEFAULT 0,
`write` TINYINT DEFAULT 0,
`access` INTEGER DEFAULT 0 NOT NULL,
`created_at` DATETIME,
`updated_at` DATETIME,
PRIMARY KEY (`id`,`profile_id`,`resource_id`),

3
local/config/schema.xml
View File

@@ -776,8 +776,7 @@
<column autoIncrement="true" name="id" primaryKey="true" required="true" type="INTEGER" />
<column name="profile_id" primaryKey="true" required="true" type="INTEGER" />
<column name="resource_id" primaryKey="true" required="true" type="INTEGER" />
<column defaultValue="0" name="read" type="TINYINT" />
<column defaultValue="0" name="write" type="TINYINT" />
<column defaultValue="0" name="access" required="true" type="INTEGER" />
<foreign-key foreignTable="profile" name="fk_profile_resource_profile_id" onDelete="CASCADE" onUpdate="RESTRICT">
<reference foreign="id" local="profile_id" />
</foreign-key>

2
templates/admin/default/admin-layout.tpl
View File

@@ -1,7 +1,7 @@
{* -- By default, check admin login ----------------------------------------- *}
{block name="check-auth"}
{check_auth roles="ADMIN" permissions="{block name="check-permissions"}{/block}" login_tpl="/admin/login"}
{check_auth role="ADMIN" resource="{block name="check-resource"}{/block}" access="{block name="check-access"}{/block}" login_tpl="/admin/login"}
{/block}
{* -- Define some stuff for Smarty ----------------------------------------- *}

219
templates/admin/default/admin-profiles.html
View File

@@ -1,219 +0,0 @@
{extends file="admin-layout.tpl"}
{block name="page-title"}{intl l='Admin profiles'}{/block}
{block name="check-permissions"}admin.admin-profiles.view{/block}
{block name="main-content"}
<div class="admin-profiles">
<div id="wrapper" class="container">
<div class="clearfix">
<ul class="breadcrumb pull-left">
<li><a href="{url path='/admin/home'}">{intl l="Home"}</a></li>
<li><a href="{url path='/admin/configuration'}">{intl l="Configuration"}</a></li>
<li><a href="{url path='/admin/configuration/admin_profiles'}">{intl l="Admin profiles"}</a></li>
</ul>
{loop type="auth" name="can_create" roles="ADMIN" permissions="admin.admin-profiles.create"}
<a class="btn btn-default btn-primary pull-right" title="{intl l='Create a new admin profile'}" href="#creation_dialog" data-toggle="modal">
<span class="glyphicon glyphicon-plus"></span>
</a>
{/loop}
</div>
{module_include location='admin_profiles_top'}
<div class="row">
<div class="col-md-12">
<div class="general-block-decorator">
<div class="table-responsive">
<form action="">
<table class="table table-striped table-condensed table-left-aligned">
<caption>
{intl l="Profile"}
</caption>
<tbody>
<tr>
<td><label for="" class="label-control">{intl l="Profile"}</label></td>
<td>
<select name="" id="" data-toggle="selectpicker">
<option value="">1</option>
<option value="">2</option>
<option value="">3</option>
</select>
</td>
</tr>
<tr>
<td><label for="" class="label-control">{intl l="Wording"}</label></td>
<td><input type="text" class="form-control" name="" value="gestionnairecommande" readonly></td>
</tr>
<tr>
<td><label for="" class="label-control">{intl l="Name"}</label></td>
<td><input type="text" class="form-control" name="" value=""></td>
</tr>
<tr>
<td><label for="" class="label-control">{intl l="Description"}</label></td>
<td><textarea type="text" class="form-control" name=""></textarea></td>
</tr>
</tbody>
<tfoot>
<tr>
<td colspan="2">
<div class="btn-group pull-right">
<button type="submit" class="btn btn-default btn-primary"><span class="glyphicon glyphicon-check"></span> {intl l="Save"}</button>
<button class="btn btn-default"><span class="glyphicon glyphicon-trash"></span> {intl l="Delete"}</button>
</div>
</td>
</tr>
</tfoot>
</table>
</form>
</div>
</div>
</div>
</div>
<div class="row">
<div class="col-md-12">
<div class="general-block-decorator">
<div class="table-responsive">
<form action="">
<table class="table table-striped table-condensed table-left-aligned">
<caption>
{intl l="General rights"}
</caption>
<thead>
<tr>
<th>{intl l="Authorization"}</th>
<th>{intl l="Description"}</th>
<th>{intl l="Access"}</th>
</tr>
</thead>
<tbody>
<tr>
<td>Access to customers</td>
<td>
Lorem ipsum dolor sit amet, consectetur adipisicing elit. Aspernatur, saepe, libero, veniam ab quod.
</td>
<td>
<div class="make-switch switch-small" data-on="success" data-off="danger" data-on-label="<i class='glyphicon glyphicon-ok'></i>" data-off-label="<i class='glyphicon glyphicon-remove'></i>">
<input type="checkbox" checked>
</div>
</td>
</tr>
<tr>
<td>Access to orders</td>
<td>
Lorem ipsum dolor sit amet, consectetur adipisicing elit. Aspernatur, saepe, libero, veniam ab quod.
</td>
<td>
<div class="make-switch switch-small" data-on="success" data-off="danger" data-on-label="<i class='glyphicon glyphicon-ok'></i>" data-off-label="<i class='glyphicon glyphicon-remove'></i>">
<input type="checkbox">
</div>
</td>
</tr>
<tr>
<td>Access to catalog</td>
<td>
Lorem ipsum dolor sit amet, consectetur adipisicing elit. Aspernatur, saepe, libero, veniam ab quod.
</td>
<td>
<div class="make-switch switch-small" data-on="success" data-off="danger" data-on-label="<i class='glyphicon glyphicon-ok'></i>" data-off-label="<i class='glyphicon glyphicon-remove'></i>">
<input type="checkbox">
</div>
</td>
</tr>
</tbody>
<tfoot>
<tr>
<td colspan="3">
<button type="submit" class="btn btn-default btn-primary pull-right"><span class="glyphicon glyphicon-check"></span> {intl l="Save"}</button>
</td>
</tr>
</tfoot>
</table>
</form>
</div>
</div>
</div>
</div>
{module_include location='admin_profiles_bottom'}
</div>
</div>
{* Creation dialog *}
{form name="thelia.admin.admin-profile.creation"}
{* Capture the dialog body, to pass it to the generic dialog *}
{capture "creation_dialog"}
{form_hidden_fields form=$form}
{* Be sure to get the language_id, even if the form could not be validated *}
<input type="hidden" name="language_id" value="{$language_id}" />
{form_field form=$form field='success_url'}
{* on success, redirect to the edition page, _ID_ is replaced with the created object ID, see controller *}
<input type="hidden" name="{$name}" value="{url path='/admin/configuration/admin_profile/update' admin_profile_id='_ID_'}" />
{/form_field}
{form_field form=$form field='wording'}
<div class="form-group {if $error}has-error{/if}">
<label for="{$label_attr.for}" class="control-label">{intl l="{$label}"} : </label>
<input type="text" id="{$label_attr.for}" name="{$name}" class="form-control" title="{intl l="{$label}"}" placeholder="{intl l='Wording'}">
</div>
{/form_field}
{form_field form=$form field='name'}
<div class="form-group {if $error}has-error{/if}">
<label for="{$label_attr.for}" class="control-label">{intl l="{$label}"} : </label>
<input type="text" id="{$label_attr.for}" name="{$name}" class="form-control" title="{intl l="{$label}"}" placeholder="{intl l='Name'}">
</div>
{/form_field}
{form_field form=$form field='description'}
<div class="form-group {if $error}has-error{/if}">
<label for="{$label_attr.for}" class="control-label">{intl l="{$label}"} : </label>
<textarea id="{$label_attr.for}" name="{$name}" class="form-control" title="{intl l="{$label}"}" placeholder="{intl l='Description'}"></textarea>
</div>
{/form_field}
{module_include location='admin_profile_create_form'}
{/capture}
{include
file = "includes/generic-create-dialog.html"
dialog_id = "creation_dialog"
dialog_title = {intl l="Create a new admin profile"}
dialog_body = {$smarty.capture.creation_dialog nofilter}
dialog_ok_label = {intl l="Create this admin profile"}
form_action = {url path='/admin/configuration/admin_profile/create'}
form_enctype = {form_enctype form=$form}
form_error_message = $form_error_message
}
{/form}
{/block}
{block name="javascript-initialization"}
{javascripts file='assets/js/bootstrap-switch/bootstrap-switch.js'}
<script src="{$asset_url}"></script>
{/javascripts}
{javascripts file='assets/js/bootstrap-select/bootstrap-select.js'}
<script src="{$asset_url}"></script>
{/javascripts}
{javascripts file='assets/js/main.js'}
<script src="{$asset_url}"></script>
{/javascripts}
{/block}

6
templates/admin/default/ajax/product-related-tab.html
View File

@@ -90,7 +90,8 @@
<td class="text-center">
{admin_position_block
permission="admin.products.edit"
resource="admin.product"
access="update"
path={url path='/admin/product/update-content-position' product_id=$product_id current_tab="related"}
url_parameter="content_id"
in_place_edit_class="contentPositionChange"
@@ -210,7 +211,8 @@
<td class="text-center">
{admin_position_block
permission="admin.products.edit"
resource="admin.product"
access="update"
path={url path='/admin/product/update-accessory-position' product_id=$product_id current_tab="related"}
url_parameter="accessory_id"
in_place_edit_class="accessoryPositionChange"

3
templates/admin/default/ajax/template-attribute-list.html
View File

@@ -50,7 +50,8 @@
<td class="text-center">
{admin_position_block
permission="admin.templates.edit"
resource="admin.configuration.template"
access="update"
path={url path="admin/template/update-attribute-position" template_id=$template_id}
url_parameter="attribute_id"
in_place_edit_class="attributePositionChange"

3
templates/admin/default/ajax/template-feature-list.html
View File

@@ -52,7 +52,8 @@
<td class="text-center">
{admin_position_block
permission="admin.templates.edit"
resource="admin.configuration.template"
access="update"
path={url path="/admin/template/update-feature-position" template_id=$template_id}
url_parameter="feature_id"
in_place_edit_class="featurePositionChange"

6
templates/admin/default/attribute-edit.html
View File

@@ -2,7 +2,8 @@
{block name="page-title"}{intl l='Edit an attribute'}{/block}
{block name="check-permissions"}admin.configuration.attributes.edit{/block}
{block name="check-resource"}admin.configuration.attribute{/block}
{block name="check-access"}update{/block}
{block name="main-content"}
<div class="attributes edit-attribute">
@@ -133,7 +134,8 @@
<td class="text-center">
{admin_position_block
permission="admin.attributes.edit"
resource="admin.configuration.attribute"
access="update"
path={url path='/admin/configuration/attributes-av/update-position' attribute_id=$attribute_id}
url_parameter="attributeav_id"
in_place_edit_class="positionChange"

6
templates/admin/default/attributes.html
View File

@@ -2,7 +2,8 @@
{block name="page-title"}{intl l='Thelia Product Attributes'}{/block}
{block name="check-permissions"}admin.configuration.attributes.view{/block}
{block name="check-resource"}admin.configuration.attribute{/block}
{block name="check-access"}view{/block}
{block name="main-content"}
<div class="attributes">
@@ -86,7 +87,8 @@
<td class="text-center">
{admin_position_block
permission="admin.attributes.edit"
resource="admin.configuration.attribute"
access="update"
path="/admin/configuration/attributes/update-position"
url_parameter="attribute_id"
in_place_edit_class="positionChange"

9
templates/admin/default/categories.html
View File

@@ -2,7 +2,8 @@
{block name="page-title"}{intl l='Categories'}{/block}
{block name="check-permissions"}admin.categories.view{/block}
{block name="check-resource"}admin.category{/block}
{block name="check-access"}view{/block}
{block name="main-content"}
<div class="categories">
@@ -127,7 +128,8 @@
<td>
{admin_position_block
permission="admin.categories.edit"
resource="admin.category"
access="update"
path={url path='admin/categories/update-position' category_id=$ID}
url_parameter="category_id"
in_place_edit_class="categoryPositionChange"
@@ -294,7 +296,8 @@
<td>
{admin_position_block
permission="admin.product.edit"
resource="admin.product"
access="update"
path={url path='/admin/products/update-position' product_id=$ID}
url_parameter="product_id"
in_place_edit_class="productPositionChange"

3
templates/admin/default/category-edit.html
View File

@@ -1,6 +1,7 @@
{extends file="admin-layout.tpl"}
{block name="check-permissions"}admin.catalog.view{/block}
{block name="check-resource"}admin.category{/block}
{block name="check-access"}update{/block}
{block name="page-title"}{intl l='Edit category'}{/block}

3
templates/admin/default/configuration.html
View File

@@ -2,7 +2,8 @@
{block name="page-title"}{intl l='Configuration'}{/block}
{block name="check-permissions"}admin.configuration.view{/block}
{block name="check-resource"}admin.configuration{/block}
{block name="check-access"}view{/block}
{block name="main-content"}
<div class="configuration">

3
templates/admin/default/content-edit.html
View File

@@ -1,6 +1,7 @@
{extends file="admin-layout.tpl"}
{block name="check-permissions"}admin.content.view{/block}
{block name="check-resource"}admin.content{/block}
{block name="check-access"}view{/block}
{block name="page-title"}{intl l='Edit content'}{/block}

3
templates/admin/default/countries.html
View File

@@ -2,7 +2,8 @@
{block name="page-title"}{intl l='Countries'}{/block}
{block name="check-permissions"}admin.configuration.countries.view{/block}
{block name="check-resource"}admin.configuration.country{/block}
{block name="check-access"}view{/block}
{block name="main-content"}
<div class="countries">

3
templates/admin/default/country-edit.html
View File

@@ -2,7 +2,8 @@
{block name="page-title"}{intl l='Edit a country'}{/block}
{block name="check-permissions"}admin.configuration.countries.edit{/block}
{block name="check-resource"}admin.configuration.country{/block}
{block name="check-access"}update{/block}
{block name="main-content"}
<div class="countries edit-country">

5
templates/admin/default/coupon-create.html
View File

@@ -1,5 +1,8 @@
{extends file="admin-layout.tpl"}
{block name="check-permissions"}admin.coupon.create{/block}
{block name="check-resource"}admin.coupon{/block}
{block name="check-access"}create{/block}
{block name="page-title"}{intl l='Create coupon'}{/block}
{block name="main-content"}

5
templates/admin/default/coupon-list.html
View File

@@ -1,5 +1,8 @@
{extends file="admin-layout.tpl"}
{block name="check-permissions"}admin.coupon.view{/block}
{block name="check-resource"}admin.coupon{/block}
{block name="check-access"}view{/block}
{block name="page-title"}{intl l='Coupons'}{/block}
{block name="main-content"}

5
templates/admin/default/coupon-read.html
View File

@@ -1,5 +1,8 @@
{extends file="admin-layout.tpl"}
{block name="check-permissions"}admin.coupon.view{/block}
{block name="check-resource"}admin.coupon{/block}
{block name="check-access"}view{/block}
{block name="page-title"}{intl l='Coupon'}{/block}
{block name="main-content"}

5
templates/admin/default/coupon-update.html
View File

@@ -1,5 +1,8 @@
{extends file="admin-layout.tpl"}
{block name="check-permissions"}admin.coupon.update{/block}
{block name="check-resource"}admin.coupon{/block}
{block name="check-access"}update{/block}
{block name="page-title"}{intl l='Update coupon'}{/block}
{block name="main-content"}

16
templates/admin/default/currencies.html
View File

@@ -2,7 +2,8 @@
{block name="page-title"}{intl l='Currencies'}{/block}
{block name="check-permissions"}admin.configuration.currencies.view{/block}
{block name="check-resource"}admin.configuration.currency{/block}
{block name="check-access"}view{/block}
{block name="main-content"}
<div class="currencies">
@@ -137,12 +138,13 @@
<td class="text-center">
{admin_position_block
permission="admin.currencies.edit"
path="/admin/configuration/currencies/update-position"
url_parameter="currency_id"
in_place_edit_class="currencyPositionChange"
position="$POSITION"
id="$ID"
resource="admin.configuration.currency"
access="update"
path="/admin/configuration/currencies/update-position"
url_parameter="currency_id"
in_place_edit_class="currencyPositionChange"
position="$POSITION"
id="$ID"
}
</td>

3
templates/admin/default/currency-edit.html
View File

@@ -2,7 +2,8 @@
{block name="page-title"}{intl l='Edit a currency'}{/block}
{block name="check-permissions"}admin.configuration.currencies.edit{/block}
{block name="check-resource"}admin.configuration.currency{/block}
{block name="check-access"}update{/block}
{block name="main-content"}
<div class="currencies edit-currency">

3
templates/admin/default/customer-edit.html
View File

@@ -2,7 +2,8 @@
{block name="page-title"}{intl l='Edit a customer'}{/block}
{block name="check-permissions"}admin.customer.edit{/block}
{block name="check-resource"}admin.customer{/block}
{block name="check-access"}update{/block}
{block name="main-content"}
<div class="customers edit-customer">

3
templates/admin/default/customers.html
View File

@@ -3,7 +3,8 @@
{block name="page-title"}{intl l='Customer'}{/block}
{block name="check-permissions"}admin.customer.view{/block}
{block name="check-resource"}admin.customer{/block}
{block name="check-access"}view{/block}
{block name="main-content"}
{assign var=customer_page value={$smarty.get.page|default:1}}

3
templates/admin/default/document-edit.html
View File

@@ -2,7 +2,8 @@
{block name="page-title"}{intl l='Edit a document'}{/block}
{block name="check-permissions"}admin.document.edit{/block}
{block name="check-resource"}admin.document{/block}
{block name="check-access"}update{/block}
{block name="main-content"}
<div class="documents edit-document">

16
templates/admin/default/feature-edit.html
View File

@@ -2,7 +2,8 @@
{block name="page-title"}{intl l='Edit a feature'}{/block}
{block name="check-permissions"}admin.configuration.features.edit{/block}
{block name="check-resource"}admin.configuration.feature{/block}
{block name="check-access"}update{/block}
{block name="main-content"}
<div class="features edit-feature">
@@ -133,12 +134,13 @@
<td class="text-center">
{admin_position_block
permission="admin.features.edit"
path={url path='/admin/configuration/features-av/update-position' feature_id=$feature_id}
url_parameter="featureav_id"
in_place_edit_class="positionChange"
position="$POSITION"
id="$ID"
resource="admin.configuration.feature"
access="update"
path={url path='/admin/configuration/features-av/update-position' feature_id=$feature_id}
url_parameter="featureav_id"
in_place_edit_class="positionChange"
position="$POSITION"
id="$ID"
}
</td>

16
templates/admin/default/features.html
View File

@@ -2,7 +2,8 @@
{block name="page-title"}{intl l='Thelia Product Features'}{/block}
{block name="check-permissions"}admin.configuration.features.view{/block}
{block name="check-resource"}admin.configuration.feature{/block}
{block name="check-access"}view{/block}
{block name="main-content"}
<div class="features">
@@ -86,12 +87,13 @@
<td class="text-center">
{admin_position_block
permission="admin.features.edit"
path="/admin/configuration/features/update-position"
url_parameter="feature_id"
in_place_edit_class="positionChange"
position="$POSITION"
id="$ID"
resource="admin.configuration.feature"
access="update"
path="/admin/configuration/features/update-position"
url_parameter="feature_id"
in_place_edit_class="positionChange"
position="$POSITION"
id="$ID"
}
</td>

3
templates/admin/default/folder-edit.html
View File

@@ -1,6 +1,7 @@
{extends file="admin-layout.tpl"}
{block name="check-permissions"}admin.folder.view{/block}
{block name="check-resource"}admin.folder{/block}
{block name="check-access"}update{/block}
{block name="page-title"}{intl l='Edit folder'}{/block}

29
templates/admin/default/folders.html
View File

@@ -2,7 +2,8 @@
{block name="page-title"}{intl l='Folders'}{/block}
{block name="check-permissions"}admin.folders.view{/block}
{block name="check-resource"}admin.folder{/block}
{block name="check-access"}view{/block}
{block name="main-content"}
<div class="folders">
@@ -132,12 +133,13 @@
<td>
{admin_position_block
permission="admin.folders.edit"
path={url path='admin/folders/update-position' folder_id=$ID}
url_parameter="folder_id"
in_place_edit_class="folderPositionChange"
position=$POSITION
id=$ID
resource="admin.folder"
access="update"
path={url path='admin/folders/update-position' folder_id=$ID}
url_parameter="folder_id"
in_place_edit_class="folderPositionChange"
position=$POSITION
id=$ID
}
</td>
@@ -287,12 +289,13 @@
<td>
{admin_position_block
permission="admin.content.edit"
path={url path='/admin/content/update-position' content_id=$ID}
url_parameter="content_id"
in_place_edit_class="contentPositionChange"
position=$POSITION
id=$ID
resource="admin.content"
access="update"
path={url path='/admin/content/update-position' content_id=$ID}
url_parameter="content_id"
in_place_edit_class="contentPositionChange"
position=$POSITION
id=$ID
}
</td>

3
templates/admin/default/image-edit.html
View File

@@ -2,7 +2,8 @@
{block name="page-title"}{intl l='Edit an image'}{/block}
{block name="check-permissions"}admin.image.edit{/block}
{block name="check-resource"}admin.image{/block}
{block name="check-access"}update{/block}
{block name="main-content"}
<div class="documents edit-image">

3
templates/admin/default/languages.html
View File

@@ -2,7 +2,8 @@
{block name="page-title"}{intl l='Thelia Languages'}{/block}
{block name="check-permissions"}admin.configuration.languages.view{/block}
{block name="check-resource"}admin.configuration.language{/block}
{block name="check-access"}view{/block}
{block name="main-content"}
<div class="languages">

3
templates/admin/default/mailing-system.html
View File

@@ -2,7 +2,8 @@
{block name="page-title"}{intl l='Thelia Mailing System'}{/block}
{block name="check-permissions"}admin.configuration.mailing-system.view{/block}
{block name="check-resource"}admin.configuration.mailing-system{/block}
{block name="check-access"}view{/block}
{block name="main-content"}
<div class="mailing-system">

3
templates/admin/default/message-edit.html
View File

@@ -2,7 +2,8 @@
{block name="page-title"}{intl l='Edit a mailing template'}{/block}
{block name="check-permissions"}admin.configuration.messages.edit{/block}
{block name="check-resource"}admin.configuration.message{/block}
{block name="check-access"}update{/block}
{block name="main-content"}
<div class="messages edit-message">

3
templates/admin/default/messages.html
View File

@@ -2,7 +2,8 @@
{block name="page-title"}{intl l='Thelia Mailing Templates'}{/block}
{block name="check-permissions"}admin.configuration.messages.view{/block}
{block name="check-resource"}admin.configuration.message{/block}
{block name="check-access"}view{/block}
{block name="main-content"}
<div class="messages">

3
templates/admin/default/modules.html
View File

@@ -2,7 +2,8 @@
{block name="page-title"}{intl l='Modules'}{/block}
{block name="check-permissions"}admin.modules.view{/block}
{block name="check-resource"}admin.configuration.module{/block}
{block name="check-access"}view{/block}
{block name="main-content"}
<div class="modules">

3
templates/admin/default/order-edit.html
View File

@@ -2,7 +2,8 @@
{block name="page-title"}{intl l='Edit an order'}{/block}
{block name="check-permissions"}admin.order.edit{/block}
{block name="check-resource"}admin.order{/block}
{block name="check-access"}update{/block}
{block name="main-content"}

3
templates/admin/default/orders.html
View File

@@ -2,7 +2,8 @@
{block name="page-title"}{intl l='Orders'}{/block}
{block name="check-permissions"}admin.orders.view{/block}
{block name="check-resource"}admin.order{/block}
{block name="check-access"}view{/block}
{block name="main-content"}
{assign order_page {$smarty.get.page|default:1}}

3
templates/admin/default/product-edit.html
View File

@@ -1,6 +1,7 @@
{extends file="admin-layout.tpl"}
{block name="check-permissions"}admin.catalog.view{/block}
{block name="check-resource"}admin.product{/block}
{block name="check-access"}update{/block}
{block name="page-title"}{intl l='Edit product'}{/block}

3
templates/admin/default/profile-edit.html
View File

@@ -2,7 +2,8 @@
{block name="page-title"}{intl l='Edit a profile'}{/block}
{block name="check-permissions"}admin.configuration.profiles.edit{/block}
{block name="check-resource"}admin.configuration.profile{/block}
{block name="check-access"}update{/block}
{block name="main-content"}

3
templates/admin/default/profiles.html
View File

@@ -2,7 +2,8 @@
{block name="page-title"}{intl l='Taxes rules'}{/block}
{block name="check-permissions"}admin.profile.view{/block}
{block name="check-resource"}admin.configuration.profile{/block}
{block name="check-access"}view{/block}
{block name="main-content"}
<div>

3
templates/admin/default/shipping-configuration-edit.html
View File

@@ -2,7 +2,8 @@
{block name="page-title"}{intl l='Edit a shipping configuration'}{/block}
{block name="check-permissions"}admin.configuration.shipping-configuration.edit{/block}
{block name="check-resource"}admin.configuration.shipping-configuration{/block}
{block name="check-access"}update{/block}
{block name="main-content"}
<div class="shipping-configuration edit-shipping-configuration">

3
templates/admin/default/shipping-configuration.html
View File

@@ -2,7 +2,8 @@
{block name="page-title"}{intl l='Thelia Shipping configuration'}{/block}
{block name="check-permissions"}admin.configuration.shipping-configuration.view{/block}
{block name="check-resource"}admin.configuration.shipping-configuration{/block}
{block name="check-access"}view{/block}
{block name="main-content"}
<div class="shipping-configurations">

3
templates/admin/default/shipping-zones-edit.html
View File

@@ -2,7 +2,8 @@
{block name="page-title"}{intl l='Edit a shipping zone'}{/block}
{block name="check-permissions"}admin.configuration.shipping-zones.edit{/block}
{block name="check-resource"}admin.configuration.shipping-zone{/block}
{block name="check-access"}update{/block}
{block name="main-content"}
<div class="shipping-zones edit-shipping-zones">

3
templates/admin/default/shipping-zones.html
View File

@@ -2,7 +2,8 @@
{block name="page-title"}{intl l='Thelia Shipping zones'}{/block}
{block name="check-permissions"}admin.configuration.shipping-zones.view{/block}
{block name="check-resource"}admin.configuration.shipping-zone{/block}
{block name="check-access"}view{/block}
{block name="main-content"}
<div class="shipping-zones">

3
templates/admin/default/tax-edit.html
View File

@@ -2,7 +2,8 @@
{block name="page-title"}{intl l='Edit a tax'}{/block}
{block name="check-permissions"}admin.configuration.taxes.edit{/block}
{block name="check-resource"}admin.configuration.tax{/block}
{block name="check-access"}update{/block}
{block name="main-content"}

3
templates/admin/default/tax-rule-edit.html
View File

@@ -2,7 +2,8 @@
{block name="page-title"}{intl l='Edit a tax rule'}{/block}
{block name="check-permissions"}admin.configuration.taxes-rules.edit{/block}
{block name="check-resource"}admin.configuration.tax{/block}
{block name="check-access"}update{/block}
{block name="main-content"}

3
templates/admin/default/taxes-rules.html
View File

@@ -2,7 +2,8 @@
{block name="page-title"}{intl l='Taxes rules'}{/block}
{block name="check-permissions"}admin.taxes-rules.view{/block}
{block name="check-resource"}admin.configuration.tax{/block}
{block name="check-access"}view{/block}
{block name="main-content"}
<div class="taxes-rules">

3
templates/admin/default/template-edit.html
View File

@@ -2,7 +2,8 @@
{block name="page-title"}{intl l='Edit a template'}{/block}
{block name="check-permissions"}admin.configuration.templates.edit{/block}
{block name="check-resource"}admin.configuration.template{/block}
{block name="check-access"}update{/block}
{block name="main-content"}
<div class="templates edit-template">

3
templates/admin/default/templates.html
View File

@@ -2,7 +2,8 @@
{block name="page-title"}{intl l='Thelia Product Templates'}{/block}
{block name="check-permissions"}admin.configuration.templates.view{/block}
{block name="check-resource"}admin.configuration.template{/block}
{block name="check-access"}view{/block}
{block name="main-content"}
<div class="templates">

3
templates/admin/default/variable-edit.html
View File

@@ -2,7 +2,8 @@
{block name="page-title"}{intl l='Edit a system variable'}{/block}
{block name="check-permissions"}admin.configuration.variables.edit{/block}
{block name="check-resource"}admin.configuration.variable{/block}
{block name="check-access"}update{/block}
{block name="main-content"}
<div class="variables edit-variable">

3
templates/admin/default/variables.html
View File

@@ -2,7 +2,8 @@
{block name="page-title"}{intl l='Thelia System Variables'}{/block}
{block name="check-permissions"}admin.configuration.variables.view{/block}
{block name="check-resource"}admin.configuration.variable{/block}
{block name="check-access"}view{/block}
{block name="main-content"}
<div class="variables">

2
templates/default/account.html
View File

@@ -1,7 +1,7 @@
{extends file="layout.tpl"}
{block name="no-return-functions" prepend}
{check_auth context="front" roles="CUSTOMER" login_tpl="login"}
{check_auth context="front" role="CUSTOMER" login_tpl="login"}
{/block}
{* Breadcrumb *}

2
templates/default/address-update.html
View File

@@ -1,7 +1,7 @@
{extends file="layout.tpl"}
{block name="no-return-functions"}
{check_auth context="front" roles="CUSTOMER" login_tpl="login"}
{check_auth context="front" role="CUSTOMER" login_tpl="login"}
{/block}
{* Body Class *}

2
templates/default/address.html
View File

@@ -1,7 +1,7 @@
{extends file="layout.tpl"}
{block name="no-return-functions"}
{check_auth context="front" roles="CUSTOMER" login_tpl="login"}
{check_auth context="front" role="CUSTOMER" login_tpl="login"}
{/block}
{* Body Class *}

2
templates/default/order-delivery.html
View File

@@ -1,7 +1,7 @@
{extends file="layout.tpl"}
{block name="no-return-functions"}
{check_auth context="front" roles="CUSTOMER" login_tpl="login"}
{check_auth context="front" role="CUSTOMER" login_tpl="login"}
{check_cart_not_empty}
{/block}

2
templates/default/order-invoice.html
View File

@@ -1,7 +1,7 @@
{extends file="layout.tpl"}
{block name="no-return-functions"}
{check_auth context="front" roles="CUSTOMER" login_tpl="login"}
{check_auth context="front" role="CUSTOMER" login_tpl="login"}
{check_cart_not_empty}
{check_valid_delivery}
{/block}