Categories ordrering in the catalog

core/lib/Thelia/Action/BaseAction.php

@@ -28,14 +28,38 @@ use Thelia\Form\BaseForm;
 use Thelia\Core\HttpFoundation\Request;
 use Thelia\Action\Exception\FormValidationException;
 use Thelia\Core\Event\ActionEvent;
+use Symfony\Component\Form\Form;
+use Symfony\Component\DependencyInjection\ContainerAware;
+use Thelia\Core\Template\ParserContext;
+use Thelia\Log\Tlog;
+use Symfony\Component\DependencyInjection\ContainerInterface;
+use Thelia\Core\Security\SecurityContext;
+use Thelia\Core\Security\Exception\AuthorizationException;
 
-abstract class BaseAction
+class BaseAction
 {
+	/**
+	 * @var The container
+	 */
+	protected $container;
+
+	public function __construct(ContainerInterface $container) {
+		$this->container = $container;
+	}
+
+	/**
+	 * Validate a BaseForm
+	 *
+	 * @param BaseForm $aBaseForm the form
+	 * @param string $expectedMethod the expected method, POST or GET, or null for any of them
+	 * @throws FormValidationException is the form contains error, or the method is not the right one
+	 * @return Symfony\Component\Form\Form Form the symfony form object
+	 */
 	protected function validateForm(BaseForm $aBaseForm, $expectedMethod = null)
 	{
     	$form = $aBaseForm->getForm();
 
-    	if ($aBaseForm->getRequest()->isMethod($expectedMethod)) {
+    	if ($expectedMethod == null || $aBaseForm->getRequest()->isMethod($expectedMethod)) {
 
     		$form->bind($aBaseForm->getRequest());
 
@@ -53,10 +77,11 @@ abstract class BaseAction
 	}
 
 	/**
+	 * Propagate a form error in the action event
 	 *
-	 * @param BaseForm $aBaseForm
-	 * @param string $error_message
-	 * @param ActionEvent $event
+	 * @param BaseForm $aBaseForm the form
+	 * @param string $error_message an error message that may be displayed to the customer
+	 * @param ActionEvent $event the action event
 	 */
 	protected function propagateFormError(BaseForm $aBaseForm, $error_message, ActionEvent $event) {
 
@@ -71,6 +96,62 @@ abstract class BaseAction
         $event->stopPropagation();
 	}
 
+	/**
+	 * Check current user authorisations.
+	 *
+	 * @param mixed $roles a single role or an array of roles.
+	 * @param mixed $permissions a single permission or an array of permissions.
+	 *
+	 * @throws AuthenticationException if permissions are not granted to the current user.
+	 */
+	protected function checkAuth($roles, $permissions, $context = false) {
+
+		if (! $this->getSecurityContext($context)->isGranted(
+				is_array($roles) ? $roles : array($roles),
+				is_array($permissions) ? $permissions : array($permissions)) ) {
+
+			Tlog::getInstance()->addAlert("Authorization roles:", $roles, " permissions:", $permissions, " refused.");
+
+			throw new AuthorizationException("Sorry, you're not allowed to perform this action");
+		}
+	}
+
+	/**
+	 * Return the event dispatcher,
+	 *
+	 * @return ParserContext
+	 */
+	protected function getDispatcher()
+	{
+		return $this->container->get('event_dispatcher');
+	}
+
+	/**
+	 * Return the parser context,
+	 *
+	 * @return ParserContext
+	 */
+	protected function getParserContext()
+	{
+		return $this->container->get('thelia.parser.context');
+	}
+
+	/**
+	 * Return the security context, by default in admin mode.
+	 *
+	 * @param string the context, either SecurityContext::CONTEXT_BACK_OFFICE or SecurityContext::CONTEXT_FRONT_OFFICE
+	 *
+	 * @return Thelia\Core\Security\SecurityContext
+	 */
+	protected function getSecurityContext($context = false)
+	{
+		$securityContext = $this->container->get('thelia.securityContext');
+
+		$securityContext->setContext($context === false ? SecurityContext::CONTEXT_BACK_OFFICE : $context);
+
+		return $securityContext;
+	}
+
     protected function redirect($url, $status = 302)
     {
         $response = new RedirectResponse($url, $status);
@@ -78,5 +159,4 @@ abstract class BaseAction
         $response->send();
         exit;
     }
-
 }