Merge branch 'master' of https://github.com/thelia/thelia
Conflicts: core/lib/Thelia/Controller/Admin/CustomerController.php
This commit is contained in:
Franck Allimant
@@ -27,6 +27,7 @@ use Symfony\Component\EventDispatcher\EventSubscriberInterface;
|
||||
use Symfony\Component\Filesystem\Filesystem;
|
||||
use Thelia\Core\Event\Cache\CacheEvent;
|
||||
use Thelia\Core\Event\Module\ModuleDeleteEvent;
|
||||
use Thelia\Core\Event\Module\ModuleEvent;
|
||||
use Thelia\Core\Event\Module\ModuleToggleActivationEvent;
|
||||
use Thelia\Core\Event\TheliaEvents;
|
||||
use Thelia\Model\Map\ModuleTableMap;
|
||||
@@ -99,6 +100,28 @@ class Module extends BaseAction implements EventSubscriberInterface
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @param ModuleEvent $event
|
||||
*/
|
||||
public function update(ModuleEvent $event)
|
||||
{
|
||||
if (null !== $module = ModuleQuery::create()->findPk($event->getId())) {
|
||||
|
||||
$module
|
||||
->setDispatcher($this->getDispatcher())
|
||||
->setLocale($event->getLocale())
|
||||
->setTitle($event->getTitle())
|
||||
->setChapo($event->getChapo())
|
||||
->setDescription($event->getDescription())
|
||||
->setPostscriptum($event->getPostscriptum())
|
||||
;
|
||||
|
||||
$module->save();
|
||||
|
||||
$event->setModule($module);
|
||||
}
|
||||
}
|
||||
|
||||
protected function cacheClear()
|
||||
{
|
||||
$cacheEvent = new CacheEvent($this->container->getParameter('kernel.cache_dir'));
|
||||
@@ -130,7 +153,8 @@ class Module extends BaseAction implements EventSubscriberInterface
|
||||
{
|
||||
return array(
|
||||
TheliaEvents::MODULE_TOGGLE_ACTIVATION => array('toggleActivation', 128),
|
||||
TheliaEvents::MODULE_DELETE => array('delete', 128)
|
||||
TheliaEvents::MODULE_DELETE => array('delete', 128),
|
||||
TheliaEvents::MODULE_UPDATE => array('update', 128),
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -122,6 +122,8 @@
|
||||
<form name="thelia.lang.url" class="Thelia\Form\Lang\LangUrlForm"/>
|
||||
|
||||
<form name="thelia.system-logs.configuration" class="Thelia\Form\SystemLogConfigurationForm"/>
|
||||
|
||||
<form name="thelia.admin.module.modification" class="Thelia\Form\ModuleModificationForm"/>
|
||||
</forms>
|
||||
|
||||
</config>
|
||||
|
||||
@@ -921,16 +921,25 @@
|
||||
|
||||
<!-- Modules rule management -->
|
||||
|
||||
<route id="admin.module" path="/admin/configuration/modules">
|
||||
<route id="admin.module" path="/admin/modules">
|
||||
<default key="_controller">Thelia\Controller\Admin\ModuleController::indexAction</default>
|
||||
</route>
|
||||
|
||||
<route id="admin.module.toggle-activation" path="/admin/configuration/modules/toggle-activation/{module_id}">
|
||||
<route id="admin.module.update" path="/admin/module/update/{module_id}">
|
||||
<default key="_controller">Thelia\Controller\Admin\ModuleController::updateAction</default>
|
||||
<requirement key="module_id">\d+</requirement>
|
||||
</route>
|
||||
|
||||
<route id="admin.module.save" path="/admin/module/save">
|
||||
<default key="_controller">Thelia\Controller\Admin\ModuleController::processUpdateAction</default>
|
||||
</route>
|
||||
|
||||
<route id="admin.module.toggle-activation" path="/admin/modules/toggle-activation/{module_id}">
|
||||
<default key="_controller">Thelia\Controller\Admin\ModuleController::toggleActivationAction</default>
|
||||
<requirement key="module_id">\d+</requirement>
|
||||
</route>
|
||||
|
||||
<route id="admin.module.delete" path="/admin/configuration/modules/delete">
|
||||
<route id="admin.module.delete" path="/admin/modules/delete">
|
||||
<default key="_controller">Thelia\Controller\Admin\ModuleController::deleteAction</default>
|
||||
</route>
|
||||
|
||||
|
||||
@@ -267,7 +267,7 @@ abstract class AbstractCrudController extends BaseAdminController
|
||||
*/
|
||||
public function defaultAction()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::VIEW)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::VIEW)) return $response;
|
||||
return $this->renderList();
|
||||
}
|
||||
|
||||
@@ -279,7 +279,7 @@ abstract class AbstractCrudController extends BaseAdminController
|
||||
public function createAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::CREATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::CREATE)) return $response;
|
||||
|
||||
$error_msg = false;
|
||||
|
||||
@@ -340,7 +340,7 @@ abstract class AbstractCrudController extends BaseAdminController
|
||||
public function updateAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
// Load the object
|
||||
$object = $this->getExistingObject();
|
||||
@@ -366,7 +366,7 @@ abstract class AbstractCrudController extends BaseAdminController
|
||||
public function processUpdateAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
$error_msg = false;
|
||||
|
||||
@@ -431,7 +431,7 @@ abstract class AbstractCrudController extends BaseAdminController
|
||||
public function updatePositionAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
try {
|
||||
$mode = $this->getRequest()->get('mode', null);
|
||||
@@ -465,7 +465,7 @@ abstract class AbstractCrudController extends BaseAdminController
|
||||
protected function genericUpdatePositionAction($object, $eventName, $doFinalRedirect = true)
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
if ($object != null) {
|
||||
|
||||
@@ -499,7 +499,7 @@ abstract class AbstractCrudController extends BaseAdminController
|
||||
public function setToggleVisibilityAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
$changeEvent = $this->createToggleVisibilityEvent($this->getRequest());
|
||||
|
||||
@@ -521,7 +521,7 @@ abstract class AbstractCrudController extends BaseAdminController
|
||||
public function deleteAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::DELETE)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::DELETE)) return $response;
|
||||
|
||||
// Get the currency id, and dispatch the delet request
|
||||
$deleteEvent = $this->getDeleteEvent();
|
||||
|
||||
@@ -56,7 +56,7 @@ class AddressController extends AbstractCrudController
|
||||
|
||||
public function useAddressAction()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
$address_id = $this->getRequest()->request->get('address_id');
|
||||
|
||||
|
||||
@@ -32,7 +32,7 @@ class AdminLogsController extends BaseAdminController
|
||||
|
||||
public function defaultAction()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth(self::RESOURCE_CODE, AccessManager::VIEW)) return $response;
|
||||
if (null !== $response = $this->checkAuth(self::RESOURCE_CODE, array(), AccessManager::VIEW)) return $response;
|
||||
|
||||
// Render the edition template.
|
||||
return $this->render('admin-logs');
|
||||
|
||||
@@ -231,7 +231,7 @@ class AreaController extends AbstractCrudController
|
||||
public function addCountry()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
$areaCountryForm = new AreaCountryForm($this->getRequest());
|
||||
$error_msg = null;
|
||||
@@ -273,7 +273,7 @@ class AreaController extends AbstractCrudController
|
||||
public function removeCountry()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response;
|
||||
$request = $this->getRequest();
|
||||
$removeCountryEvent = new AreaRemoveCountryEvent($request->request->get('areai_id', 0), $request->request->get('country_id', 0));
|
||||
|
||||
@@ -284,7 +284,7 @@ class AreaController extends AbstractCrudController
|
||||
|
||||
public function updatePostageAction()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
$areaUpdateForm = new AreaPostageForm($this->getRequest());
|
||||
$error_msg = null;
|
||||
|
||||
@@ -235,7 +235,7 @@ class AttributeController extends AbstractCrudController
|
||||
protected function addRemoveFromAllTemplates($eventType)
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
try {
|
||||
if (null !== $object = $this->getExistingObject()) {
|
||||
|
||||
@@ -118,17 +118,18 @@ class BaseAdminController extends BaseController
|
||||
* Check current admin user authorisations. An ADMIN role is assumed.
|
||||
*
|
||||
* @param mixed $resources a single resource or an array of resources.
|
||||
* @param mixed $modules a single module or an array of modules.
|
||||
* @param mixed $accesses a single access or an array of accesses.
|
||||
*
|
||||
* @return mixed null if authorization is granted, or a Response object which contains the error page otherwise
|
||||
*
|
||||
*/
|
||||
protected function checkAuth($resources, $accesses)
|
||||
protected function checkAuth($resources, $modules, $accesses)
|
||||
{
|
||||
$resources = is_array($resources) ? $resources : array($resources);
|
||||
$modules = is_array($modules) ? $modules : array($modules);
|
||||
$accesses = is_array($accesses) ? $accesses : array($accesses);
|
||||
|
||||
if ($this->getSecurityContext()->isGranted(array("ADMIN"), $resources, $accesses)) {
|
||||
if ($this->getSecurityContext()->isGranted(array("ADMIN"), $resources, $modules, $accesses)) {
|
||||
// Okay !
|
||||
return null;
|
||||
}
|
||||
|
||||
@@ -215,7 +215,7 @@ class CategoryController extends AbstractCrudController
|
||||
public function setToggleVisibilityAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
$event = new CategoryToggleVisibilityEvent($this->getExistingObject());
|
||||
|
||||
@@ -295,7 +295,7 @@ class CategoryController extends AbstractCrudController
|
||||
public function addRelatedContentAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
$content_id = intval($this->getRequest()->get('content_id'));
|
||||
|
||||
@@ -325,7 +325,7 @@ class CategoryController extends AbstractCrudController
|
||||
public function addRelatedPictureAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) {
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) {
|
||||
return $response;
|
||||
}
|
||||
|
||||
@@ -353,7 +353,7 @@ class CategoryController extends AbstractCrudController
|
||||
public function deleteRelatedContentAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
$content_id = intval($this->getRequest()->get('content_id'));
|
||||
|
||||
|
||||
@@ -186,7 +186,7 @@ class ConfigController extends AbstractCrudController
|
||||
public function changeValuesAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
$variables = $this->getRequest()->get('variable', array());
|
||||
|
||||
|
||||
@@ -69,7 +69,7 @@ class ContentController extends AbstractCrudController
|
||||
public function addAdditionalFolderAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
$folder_id = intval($this->getRequest()->request->get('additional_folder_id'));
|
||||
|
||||
@@ -97,7 +97,7 @@ class ContentController extends AbstractCrudController
|
||||
public function removeAdditionalFolderAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
$folder_id = intval($this->getRequest()->request->get('additional_folder_id'));
|
||||
|
||||
|
||||
@@ -235,7 +235,7 @@ class CountryController extends AbstractCrudController
|
||||
|
||||
public function toggleDefaultAction()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response;
|
||||
$content = null;
|
||||
if (null !== $country_id = $this->getRequest()->get('country_id')) {
|
||||
$toogleDefaultEvent = new CountryToggleDefaultEvent($country_id);
|
||||
|
||||
@@ -62,7 +62,7 @@ class CouponController extends BaseAdminController
|
||||
*/
|
||||
public function browseAction()
|
||||
{
|
||||
$this->checkAuth(AdminResources::COUPON, AccessManager::VIEW);
|
||||
$this->checkAuth(AdminResources::COUPON, array(), AccessManager::VIEW);
|
||||
|
||||
$args['urlReadCoupon'] = $this->getRoute(
|
||||
'admin.coupon.read',
|
||||
@@ -94,7 +94,7 @@ class CouponController extends BaseAdminController
|
||||
*/
|
||||
public function readAction($couponId)
|
||||
{
|
||||
$this->checkAuth(AdminResources::COUPON, AccessManager::VIEW);
|
||||
$this->checkAuth(AdminResources::COUPON, array(), AccessManager::VIEW);
|
||||
|
||||
// Database request repeated in the loop but cached
|
||||
$search = CouponQuery::create();
|
||||
@@ -122,7 +122,7 @@ class CouponController extends BaseAdminController
|
||||
public function createAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
$response = $this->checkAuth(AdminResources::COUPON, AccessManager::CREATE);
|
||||
$response = $this->checkAuth(AdminResources::COUPON, array(), AccessManager::CREATE);
|
||||
if ($response !== null) {
|
||||
return $response;
|
||||
}
|
||||
@@ -170,7 +170,7 @@ class CouponController extends BaseAdminController
|
||||
public function updateAction($couponId)
|
||||
{
|
||||
// Check current user authorization
|
||||
$response = $this->checkAuth(AdminResources::COUPON, AccessManager::UPDATE);
|
||||
$response = $this->checkAuth(AdminResources::COUPON, array(), AccessManager::UPDATE);
|
||||
if ($response !== null) {
|
||||
return $response;
|
||||
}
|
||||
@@ -274,7 +274,7 @@ class CouponController extends BaseAdminController
|
||||
*/
|
||||
public function getConditionInputAction($conditionId)
|
||||
{
|
||||
$this->checkAuth(AdminResources::COUPON, AccessManager::VIEW);
|
||||
$this->checkAuth(AdminResources::COUPON, array(), AccessManager::VIEW);
|
||||
|
||||
$this->checkXmlHttpRequest();
|
||||
|
||||
@@ -304,7 +304,7 @@ class CouponController extends BaseAdminController
|
||||
*/
|
||||
public function updateConditionsAction($couponId)
|
||||
{
|
||||
$this->checkAuth(AdminResources::COUPON, AccessManager::VIEW);
|
||||
$this->checkAuth(AdminResources::COUPON, array(), AccessManager::VIEW);
|
||||
|
||||
$this->checkXmlHttpRequest();
|
||||
|
||||
|
||||
@@ -185,7 +185,7 @@ class CurrencyController extends AbstractCrudController
|
||||
public function updateRatesAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
try {
|
||||
$this->dispatch(TheliaEvents::CURRENCY_UPDATE_RATES);
|
||||
@@ -203,7 +203,7 @@ class CurrencyController extends AbstractCrudController
|
||||
public function setDefaultAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
$changeEvent = new CurrencyUpdateEvent($this->getRequest()->get('currency_id', 0));
|
||||
|
||||
|
||||
@@ -47,6 +47,7 @@ class CustomerController extends AbstractCrudController
|
||||
{
|
||||
public function __construct()
|
||||
{
|
||||
|
||||
parent::__construct(
|
||||
'customer',
|
||||
'lastname',
|
||||
|
||||
@@ -235,7 +235,7 @@ class FeatureController extends AbstractCrudController
|
||||
protected function addRemoveFromAllTemplates($eventType)
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
try {
|
||||
if (null !== $object = $this->getExistingObject()) {
|
||||
|
||||
@@ -71,7 +71,7 @@ class FileController extends BaseAdminController
|
||||
*/
|
||||
public function saveImageAjaxAction($parentId, $parentType)
|
||||
{
|
||||
$this->checkAuth(AdminResources::retrieve($parentType), AccessManager::UPDATE);
|
||||
$this->checkAuth(AdminResources::retrieve($parentType), array(), AccessManager::UPDATE);
|
||||
$this->checkXmlHttpRequest();
|
||||
|
||||
if ($this->isParentTypeValid($parentType)) {
|
||||
@@ -161,7 +161,7 @@ class FileController extends BaseAdminController
|
||||
*/
|
||||
public function saveDocumentAjaxAction($parentId, $parentType)
|
||||
{
|
||||
$this->checkAuth(AdminResources::retrieve($parentType), AccessManager::UPDATE);
|
||||
$this->checkAuth(AdminResources::retrieve($parentType), array(), AccessManager::UPDATE);
|
||||
$this->checkXmlHttpRequest();
|
||||
|
||||
if ($this->isParentTypeValid($parentType)) {
|
||||
@@ -239,7 +239,7 @@ class FileController extends BaseAdminController
|
||||
*/
|
||||
public function getImageListAjaxAction($parentId, $parentType)
|
||||
{
|
||||
$this->checkAuth(AdminResources::retrieve($parentType), AccessManager::UPDATE);
|
||||
$this->checkAuth(AdminResources::retrieve($parentType), array(), AccessManager::UPDATE);
|
||||
$this->checkXmlHttpRequest();
|
||||
$args = array('imageType' => $parentType, 'parentId' => $parentId);
|
||||
|
||||
@@ -256,7 +256,7 @@ class FileController extends BaseAdminController
|
||||
*/
|
||||
public function getDocumentListAjaxAction($parentId, $parentType)
|
||||
{
|
||||
$this->checkAuth(AdminResources::retrieve($parentType), AccessManager::UPDATE);
|
||||
$this->checkAuth(AdminResources::retrieve($parentType), array(), AccessManager::UPDATE);
|
||||
$this->checkXmlHttpRequest();
|
||||
$args = array('documentType' => $parentType, 'parentId' => $parentId);
|
||||
|
||||
@@ -273,7 +273,7 @@ class FileController extends BaseAdminController
|
||||
*/
|
||||
public function getImageFormAjaxAction($parentId, $parentType)
|
||||
{
|
||||
$this->checkAuth(AdminResources::retrieve($parentType), AccessManager::UPDATE);
|
||||
$this->checkAuth(AdminResources::retrieve($parentType), array(), AccessManager::UPDATE);
|
||||
$this->checkXmlHttpRequest();
|
||||
$args = array('imageType' => $parentType, 'parentId' => $parentId);
|
||||
|
||||
@@ -290,7 +290,7 @@ class FileController extends BaseAdminController
|
||||
*/
|
||||
public function getDocumentFormAjaxAction($parentId, $parentType)
|
||||
{
|
||||
$this->checkAuth(AdminResources::retrieve($parentType), AccessManager::UPDATE);
|
||||
$this->checkAuth(AdminResources::retrieve($parentType), array(), AccessManager::UPDATE);
|
||||
$this->checkXmlHttpRequest();
|
||||
$args = array('documentType' => $parentType, 'parentId' => $parentId);
|
||||
|
||||
@@ -307,7 +307,7 @@ class FileController extends BaseAdminController
|
||||
*/
|
||||
public function viewImageAction($imageId, $parentType)
|
||||
{
|
||||
if (null !== $response = $this->checkAuth(AdminResources::retrieve($parentType), AccessManager::UPDATE)) {
|
||||
if (null !== $response = $this->checkAuth(AdminResources::retrieve($parentType), array(), AccessManager::UPDATE)) {
|
||||
return $response;
|
||||
}
|
||||
try {
|
||||
@@ -336,7 +336,7 @@ class FileController extends BaseAdminController
|
||||
*/
|
||||
public function viewDocumentAction($documentId, $parentType)
|
||||
{
|
||||
if (null !== $response = $this->checkAuth(AdminResources::retrieve($parentType), AccessManager::UPDATE)) {
|
||||
if (null !== $response = $this->checkAuth(AdminResources::retrieve($parentType), array(), AccessManager::UPDATE)) {
|
||||
return $response;
|
||||
}
|
||||
try {
|
||||
@@ -365,7 +365,7 @@ class FileController extends BaseAdminController
|
||||
*/
|
||||
public function updateImageAction($imageId, $parentType)
|
||||
{
|
||||
if (null !== $response = $this->checkAuth(AdminResources::retrieve($parentType), AccessManager::UPDATE)) {
|
||||
if (null !== $response = $this->checkAuth(AdminResources::retrieve($parentType), array(), AccessManager::UPDATE)) {
|
||||
return $response;
|
||||
}
|
||||
|
||||
@@ -442,7 +442,7 @@ class FileController extends BaseAdminController
|
||||
*/
|
||||
public function updateDocumentAction($documentId, $parentType)
|
||||
{
|
||||
if (null !== $response = $this->checkAuth(AdminResources::retrieve($parentType), AccessManager::UPDATE)) {
|
||||
if (null !== $response = $this->checkAuth(AdminResources::retrieve($parentType), array(), AccessManager::UPDATE)) {
|
||||
return $response;
|
||||
}
|
||||
|
||||
@@ -519,7 +519,7 @@ class FileController extends BaseAdminController
|
||||
*/
|
||||
public function deleteImageAction($imageId, $parentType)
|
||||
{
|
||||
$this->checkAuth(AdminResources::retrieve($parentType), AccessManager::UPDATE);
|
||||
$this->checkAuth(AdminResources::retrieve($parentType), array(), AccessManager::UPDATE);
|
||||
$this->checkXmlHttpRequest();
|
||||
|
||||
$fileManager = new FileManager($this->container);
|
||||
@@ -591,7 +591,7 @@ class FileController extends BaseAdminController
|
||||
*/
|
||||
public function deleteDocumentAction($documentId, $parentType)
|
||||
{
|
||||
$this->checkAuth(AdminResources::retrieve($parentType), AccessManager::UPDATE);
|
||||
$this->checkAuth(AdminResources::retrieve($parentType), array(), AccessManager::UPDATE);
|
||||
$this->checkXmlHttpRequest();
|
||||
|
||||
$fileManager = new FileManager($this->container);
|
||||
|
||||
@@ -33,7 +33,7 @@ class HomeController extends BaseAdminController
|
||||
|
||||
public function defaultAction()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth(self::RESOURCE_CODE, AccessManager::VIEW)) return $response;
|
||||
if (null !== $response = $this->checkAuth(self::RESOURCE_CODE, array(), AccessManager::VIEW)) return $response;
|
||||
|
||||
// Render the edition template.
|
||||
return $this->render('home');
|
||||
|
||||
@@ -51,7 +51,7 @@ class LangController extends BaseAdminController
|
||||
|
||||
public function defaultAction()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE, AccessManager::VIEW)) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE, array(), AccessManager::VIEW)) return $response;
|
||||
return $this->renderDefault();
|
||||
}
|
||||
|
||||
@@ -72,7 +72,7 @@ class LangController extends BaseAdminController
|
||||
|
||||
public function updateAction($lang_id)
|
||||
{
|
||||
if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
$this->checkXmlHttpRequest();
|
||||
|
||||
@@ -96,7 +96,7 @@ class LangController extends BaseAdminController
|
||||
|
||||
public function processUpdateAction($lang_id)
|
||||
{
|
||||
if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
$error_msg = false;
|
||||
|
||||
@@ -138,7 +138,7 @@ class LangController extends BaseAdminController
|
||||
|
||||
public function toggleDefaultAction($lang_id)
|
||||
{
|
||||
if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
$this->checkXmlHttpRequest();
|
||||
$error = false;
|
||||
@@ -169,7 +169,7 @@ class LangController extends BaseAdminController
|
||||
|
||||
public function addAction()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE, AccessManager::CREATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE, array(), AccessManager::CREATE)) return $response;
|
||||
|
||||
$createForm = new LangCreateForm($this->getRequest());
|
||||
|
||||
@@ -211,7 +211,7 @@ class LangController extends BaseAdminController
|
||||
|
||||
public function deleteAction()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE, AccessManager::DELETE)) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE, array(), AccessManager::DELETE)) return $response;
|
||||
|
||||
$error_msg = false;
|
||||
|
||||
@@ -235,7 +235,7 @@ class LangController extends BaseAdminController
|
||||
|
||||
public function defaultBehaviorAction()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
$error_msg = false;
|
||||
|
||||
@@ -267,7 +267,7 @@ class LangController extends BaseAdminController
|
||||
|
||||
public function domainAction()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
$error_msg = false;
|
||||
$langUrlForm = new LangUrlForm($this->getRequest());
|
||||
@@ -314,7 +314,7 @@ class LangController extends BaseAdminController
|
||||
|
||||
private function domainActivation($activate)
|
||||
{
|
||||
if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
$error_msg = false;
|
||||
|
||||
|
||||
@@ -35,7 +35,7 @@ class LanguageController extends BaseAdminController
|
||||
{
|
||||
public function defaultAction()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE, AccessManager::VIEW)) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE, array(), AccessManager::VIEW)) return $response;
|
||||
return $this->render("languages");
|
||||
}
|
||||
|
||||
|
||||
@@ -36,7 +36,7 @@ class MailingSystemController extends BaseAdminController
|
||||
|
||||
public function defaultAction()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth(self::RESOURCE_CODE, AccessManager::VIEW)) return $response;
|
||||
if (null !== $response = $this->checkAuth(self::RESOURCE_CODE, array(), AccessManager::VIEW)) return $response;
|
||||
|
||||
// Hydrate the form abd pass it to the parser
|
||||
$data = array(
|
||||
@@ -64,7 +64,7 @@ class MailingSystemController extends BaseAdminController
|
||||
public function updateAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth(self::RESOURCE_CODE, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth(self::RESOURCE_CODE, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
$error_msg = false;
|
||||
|
||||
|
||||
@@ -23,12 +23,15 @@
|
||||
|
||||
namespace Thelia\Controller\Admin;
|
||||
|
||||
use Thelia\Core\Event\Module\ModuleEvent;
|
||||
use Thelia\Core\Security\Resource\AdminResources;
|
||||
|
||||
use Thelia\Core\Event\Module\ModuleDeleteEvent;
|
||||
use Thelia\Core\Event\Module\ModuleToggleActivationEvent;
|
||||
use Thelia\Core\Event\TheliaEvents;
|
||||
use Thelia\Core\Security\AccessManager;
|
||||
use Thelia\Form\ModuleModificationForm;
|
||||
use Thelia\Model\ModuleQuery;
|
||||
use Thelia\Module\ModuleManagement;
|
||||
|
||||
/**
|
||||
@@ -36,28 +39,158 @@ use Thelia\Module\ModuleManagement;
|
||||
* @package Thelia\Controller\Admin
|
||||
* @author Manuel Raynaud <mraynaud@openstudio.fr>
|
||||
*/
|
||||
class ModuleController extends BaseAdminController
|
||||
class ModuleController extends AbstractCrudController
|
||||
{
|
||||
public function __construct()
|
||||
{
|
||||
parent::__construct(
|
||||
'module',
|
||||
null,
|
||||
null,
|
||||
|
||||
AdminResources::MODULE,
|
||||
|
||||
null,
|
||||
TheliaEvents::MODULE_UPDATE,
|
||||
null
|
||||
);
|
||||
}
|
||||
|
||||
protected function getCreationForm()
|
||||
{
|
||||
return null;
|
||||
}
|
||||
|
||||
protected function getUpdateForm()
|
||||
{
|
||||
return new ModuleModificationForm($this->getRequest());
|
||||
}
|
||||
|
||||
protected function getCreationEvent($formData)
|
||||
{
|
||||
return null;
|
||||
}
|
||||
|
||||
protected function getUpdateEvent($formData)
|
||||
{
|
||||
$event = new ModuleEvent();
|
||||
|
||||
$event->setLocale($formData['locale']);
|
||||
$event->setId($formData['id']);
|
||||
$event->setTitle($formData['title']);
|
||||
$event->setChapo($formData['chapo']);
|
||||
$event->setDescription($formData['description']);
|
||||
$event->setPostscriptum($formData['postscriptum']);
|
||||
|
||||
return $event;
|
||||
}
|
||||
|
||||
protected function getDeleteEvent()
|
||||
{
|
||||
return null;
|
||||
}
|
||||
|
||||
protected function eventContainsObject($event)
|
||||
{
|
||||
return $event->hasModule();
|
||||
}
|
||||
|
||||
protected function hydrateObjectForm($object)
|
||||
{
|
||||
$object->setLocale($this->getCurrentEditionLocale());
|
||||
$data = array(
|
||||
'id' => $object->getId(),
|
||||
'locale' => $object->getLocale(),
|
||||
'title' => $object->getTitle(),
|
||||
'chapo' => $object->getChapo(),
|
||||
'description' => $object->getDescription(),
|
||||
'postscriptum' => $object->getPostscriptum(),
|
||||
);
|
||||
|
||||
// Setup the object form
|
||||
return new ModuleModificationForm($this->getRequest(), "form", $data);
|
||||
}
|
||||
|
||||
protected function getObjectFromEvent($event)
|
||||
{
|
||||
return $event->hasModule() ? $event->getModule() : null;
|
||||
}
|
||||
|
||||
protected function getExistingObject()
|
||||
{
|
||||
return ModuleQuery::create()
|
||||
->joinWithI18n($this->getCurrentEditionLocale())
|
||||
->findOneById($this->getRequest()->get('module_id'));
|
||||
}
|
||||
|
||||
|
||||
protected function getObjectLabel($object)
|
||||
{
|
||||
return $object->getTitle();
|
||||
}
|
||||
|
||||
protected function getObjectId($object)
|
||||
{
|
||||
return $object->getId();
|
||||
}
|
||||
|
||||
protected function getViewArguments()
|
||||
{
|
||||
return array();
|
||||
}
|
||||
|
||||
protected function getRouteArguments($module_id = null)
|
||||
{
|
||||
return array(
|
||||
'module_id' => $module_id === null ? $this->getRequest()->get('module_id') : $module_id,
|
||||
);
|
||||
}
|
||||
|
||||
protected function renderListTemplate($currentOrder)
|
||||
{
|
||||
// We always return to the feature edition form
|
||||
return $this->render(
|
||||
'modules',
|
||||
array()
|
||||
);
|
||||
}
|
||||
|
||||
protected function renderEditionTemplate()
|
||||
{
|
||||
// We always return to the feature edition form
|
||||
return $this->render('module-edit', array_merge($this->getViewArguments(), $this->getRouteArguments()));
|
||||
}
|
||||
|
||||
protected function redirectToEditionTemplate($request = null, $country = null)
|
||||
{
|
||||
// We always return to the module edition form
|
||||
$this->redirectToRoute(
|
||||
"admin.module.update",
|
||||
$this->getViewArguments(),
|
||||
$this->getRouteArguments()
|
||||
);
|
||||
}
|
||||
|
||||
protected function redirectToListTemplate()
|
||||
{
|
||||
$this->redirectToRoute(
|
||||
"admin.module"
|
||||
);
|
||||
}
|
||||
|
||||
public function indexAction()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth(AdminResources::MODULE, AccessManager::VIEW)) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::MODULE, array(), AccessManager::VIEW)) return $response;
|
||||
|
||||
$modulemanagement = new ModuleManagement();
|
||||
$modulemanagement->updateModules();
|
||||
$moduleManagement = new ModuleManagement();
|
||||
$moduleManagement->updateModules();
|
||||
|
||||
return $this->render("modules");
|
||||
}
|
||||
|
||||
public function updateAction($module_id)
|
||||
{
|
||||
return $this->render("module-edit", array(
|
||||
"module_id" => $module_id
|
||||
));
|
||||
}
|
||||
|
||||
public function toggleActivationAction($module_id)
|
||||
{
|
||||
if (null !== $response = $this->checkAuth(AdminResources::MODULE, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::MODULE, array(), AccessManager::UPDATE)) return $response;
|
||||
$message = null;
|
||||
try {
|
||||
$event = new ModuleToggleActivationEvent($module_id);
|
||||
@@ -89,7 +222,7 @@ class ModuleController extends BaseAdminController
|
||||
|
||||
public function deleteAction()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth(AdminResources::MODULE, AccessManager::DELETE)) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::MODULE, array(), AccessManager::DELETE)) return $response;
|
||||
|
||||
$message = null;
|
||||
try {
|
||||
|
||||
@@ -47,7 +47,7 @@ class OrderController extends BaseAdminController
|
||||
{
|
||||
public function indexAction()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth(AdminResources::ORDER, AccessManager::VIEW)) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::ORDER, array(), AccessManager::VIEW)) return $response;
|
||||
return $this->render("orders", array("display_order" => 20));
|
||||
}
|
||||
|
||||
@@ -60,7 +60,7 @@ class OrderController extends BaseAdminController
|
||||
|
||||
public function updateStatus($order_id = null)
|
||||
{
|
||||
if (null !== $response = $this->checkAuth(AdminResources::ORDER, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::ORDER, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
$message = null;
|
||||
|
||||
@@ -111,7 +111,7 @@ class OrderController extends BaseAdminController
|
||||
|
||||
public function updateDeliveryRef($order_id)
|
||||
{
|
||||
if (null !== $response = $this->checkAuth(AdminResources::ORDER, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::ORDER, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
$message = null;
|
||||
|
||||
@@ -146,7 +146,7 @@ class OrderController extends BaseAdminController
|
||||
|
||||
public function updateAddress($order_id)
|
||||
{
|
||||
if (null !== $response = $this->checkAuth(AdminResources::ORDER, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::ORDER, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
$message = null;
|
||||
|
||||
@@ -212,7 +212,7 @@ class OrderController extends BaseAdminController
|
||||
|
||||
protected function generatePdf($order_id, $fileName)
|
||||
{
|
||||
if (null !== $response = $this->checkAuth(AdminResources::ORDER, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::ORDER, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
$html = $this->renderRaw(
|
||||
$fileName,
|
||||
|
||||
@@ -407,7 +407,7 @@ class ProductController extends AbstractCrudController
|
||||
public function setToggleVisibilityAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
$event = new ProductToggleVisibilityEvent($this->getExistingObject());
|
||||
|
||||
@@ -483,7 +483,7 @@ class ProductController extends AbstractCrudController
|
||||
{
|
||||
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
$content_id = intval($this->getRequest()->get('content_id'));
|
||||
|
||||
@@ -509,7 +509,7 @@ class ProductController extends AbstractCrudController
|
||||
{
|
||||
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
$content_id = intval($this->getRequest()->get('content_id'));
|
||||
|
||||
@@ -561,7 +561,7 @@ class ProductController extends AbstractCrudController
|
||||
public function addAccessoryAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
$accessory_id = intval($this->getRequest()->get('accessory_id'));
|
||||
|
||||
@@ -586,7 +586,7 @@ class ProductController extends AbstractCrudController
|
||||
public function deleteAccessoryAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
$accessory_id = intval($this->getRequest()->get('accessory_id'));
|
||||
|
||||
@@ -642,7 +642,7 @@ class ProductController extends AbstractCrudController
|
||||
public function setProductTemplateAction($productId)
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
$product = ProductQuery::create()->findPk($productId);
|
||||
|
||||
@@ -739,7 +739,7 @@ class ProductController extends AbstractCrudController
|
||||
public function addAdditionalCategoryAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
$category_id = intval($this->getRequest()->request->get('additional_category_id'));
|
||||
|
||||
@@ -764,7 +764,7 @@ class ProductController extends AbstractCrudController
|
||||
public function deleteAdditionalCategoryAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
$category_id = intval($this->getRequest()->get('additional_category_id'));
|
||||
|
||||
@@ -861,7 +861,7 @@ class ProductController extends AbstractCrudController
|
||||
public function addProductSaleElementAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
$event = new ProductSaleElementCreateEvent(
|
||||
$this->getExistingObject(),
|
||||
@@ -885,7 +885,7 @@ class ProductController extends AbstractCrudController
|
||||
public function deleteProductSaleElementAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
$event = new ProductSaleElementDeleteEvent(
|
||||
$this->getRequest()->get('product_sale_element_id',0),
|
||||
@@ -944,7 +944,7 @@ class ProductController extends AbstractCrudController
|
||||
protected function processProductSaleElementUpdate($changeForm)
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
$error_msg = false;
|
||||
|
||||
@@ -1053,7 +1053,7 @@ class ProductController extends AbstractCrudController
|
||||
public function buildCombinationsAction() {
|
||||
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
$error_msg = false;
|
||||
|
||||
|
||||
@@ -221,7 +221,7 @@ class ProfileController extends AbstractCrudController
|
||||
|
||||
public function updateAction()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
$object = $this->getExistingObject();
|
||||
|
||||
@@ -306,7 +306,7 @@ class ProfileController extends AbstractCrudController
|
||||
public function processUpdateResourceAccess()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
$error_msg = false;
|
||||
|
||||
@@ -355,7 +355,7 @@ class ProfileController extends AbstractCrudController
|
||||
public function processUpdateModuleAccess()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
$error_msg = false;
|
||||
|
||||
|
||||
@@ -42,13 +42,13 @@ class ShippingZoneController extends BaseAdminController
|
||||
|
||||
public function indexAction()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth(AdminResources::SHIPPING_ZONE, AccessManager::VIEW)) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::SHIPPING_ZONE, array(), AccessManager::VIEW)) return $response;
|
||||
return $this->render("shipping-zones", array("display_shipping_zone" => 20));
|
||||
}
|
||||
|
||||
public function updateAction($shipping_zones_id)
|
||||
{
|
||||
if (null !== $response = $this->checkAuth(AdminResources::SHIPPING_ZONE, AccessManager::VIEW)) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::SHIPPING_ZONE, array(), AccessManager::VIEW)) return $response;
|
||||
return $this->render("shipping-zones-edit", array(
|
||||
"shipping_zones_id" => $shipping_zones_id
|
||||
));
|
||||
@@ -59,7 +59,7 @@ class ShippingZoneController extends BaseAdminController
|
||||
*/
|
||||
public function addArea()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth(AdminResources::SHIPPING_ZONE, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::SHIPPING_ZONE, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
$shippingAreaForm = new ShippingZoneAddArea($this->getRequest());
|
||||
$error_msg = null;
|
||||
@@ -94,7 +94,7 @@ class ShippingZoneController extends BaseAdminController
|
||||
|
||||
public function removeArea()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth(AdminResources::SHIPPING_ZONE, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::SHIPPING_ZONE, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
$shippingAreaForm = new ShippingZoneRemoveArea($this->getRequest());
|
||||
$error_msg = null;
|
||||
|
||||
@@ -86,7 +86,7 @@ class SystemLogController extends BaseAdminController
|
||||
|
||||
public function defaultAction()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth(AdminResources::SYSTEM_LOG, AccessManager::VIEW)) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::SYSTEM_LOG, array(), AccessManager::VIEW)) return $response;
|
||||
|
||||
/*
|
||||
const VAR_LEVEL = "tlog_level";
|
||||
@@ -121,7 +121,7 @@ class SystemLogController extends BaseAdminController
|
||||
|
||||
public function saveAction()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
$error_msg = false;
|
||||
|
||||
|
||||
@@ -219,7 +219,7 @@ class TaxRuleController extends AbstractCrudController
|
||||
|
||||
public function updateAction()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
$object = $this->getExistingObject();
|
||||
|
||||
@@ -237,7 +237,7 @@ class TaxRuleController extends AbstractCrudController
|
||||
|
||||
public function setDefaultAction()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
$setDefaultEvent = new TaxRuleEvent();
|
||||
|
||||
@@ -255,7 +255,7 @@ class TaxRuleController extends AbstractCrudController
|
||||
public function processUpdateTaxesAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth($this->resourceCode, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
$error_msg = false;
|
||||
|
||||
|
||||
@@ -211,7 +211,7 @@ class TemplateController extends AbstractCrudController
|
||||
public function addAttributeAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth(AdminResources::TEMPLATE, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::TEMPLATE, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
$attribute_id = intval($this->getRequest()->get('attribute_id'));
|
||||
|
||||
@@ -235,7 +235,7 @@ class TemplateController extends AbstractCrudController
|
||||
public function deleteAttributeAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth(AdminResources::TEMPLATE, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::TEMPLATE, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
$event = new TemplateDeleteAttributeEvent(
|
||||
$this->getExistingObject(),
|
||||
@@ -270,7 +270,7 @@ class TemplateController extends AbstractCrudController
|
||||
public function addFeatureAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth(AdminResources::TEMPLATE, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::TEMPLATE, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
$feature_id = intval($this->getRequest()->get('feature_id'));
|
||||
|
||||
@@ -294,7 +294,7 @@ class TemplateController extends AbstractCrudController
|
||||
public function deleteFeatureAction()
|
||||
{
|
||||
// Check current user authorization
|
||||
if (null !== $response = $this->checkAuth(AdminResources::TEMPLATE, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::TEMPLATE, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
$event = new TemplateDeleteFeatureEvent(
|
||||
$this->getExistingObject(),
|
||||
|
||||
@@ -161,14 +161,14 @@ class TranslationsController extends BaseAdminController
|
||||
|
||||
public function defaultAction()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth(AdminResources::TRANSLATIONS, AccessManager::VIEW)) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::TRANSLATIONS, array(), AccessManager::VIEW)) return $response;
|
||||
|
||||
return $this->renderTemplate();
|
||||
}
|
||||
|
||||
public function updateAction()
|
||||
{
|
||||
if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE, AccessManager::UPDATE)) return $response;
|
||||
if (null !== $response = $this->checkAuth(AdminResources::LANGUAGE, array(), AccessManager::UPDATE)) return $response;
|
||||
|
||||
return $this->renderTemplate();
|
||||
}
|
||||
|
||||
@@ -37,6 +37,109 @@ class ModuleEvent extends ActionEvent
|
||||
*/
|
||||
protected $module;
|
||||
|
||||
protected $id;
|
||||
protected $locale;
|
||||
protected $title;
|
||||
protected $chapo;
|
||||
protected $description;
|
||||
protected $postscriptum;
|
||||
|
||||
/**
|
||||
* @param mixed $chapo
|
||||
*/
|
||||
public function setChapo($chapo)
|
||||
{
|
||||
$this->chapo = $chapo;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return mixed
|
||||
*/
|
||||
public function getChapo()
|
||||
{
|
||||
return $this->chapo;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param mixed $description
|
||||
*/
|
||||
public function setDescription($description)
|
||||
{
|
||||
$this->description = $description;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return mixed
|
||||
*/
|
||||
public function getDescription()
|
||||
{
|
||||
return $this->description;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param mixed $id
|
||||
*/
|
||||
public function setId($id)
|
||||
{
|
||||
$this->id = $id;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return mixed
|
||||
*/
|
||||
public function getId()
|
||||
{
|
||||
return $this->id;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param mixed $locale
|
||||
*/
|
||||
public function setLocale($locale)
|
||||
{
|
||||
$this->locale = $locale;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return mixed
|
||||
*/
|
||||
public function getLocale()
|
||||
{
|
||||
return $this->locale;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param mixed $postscriptum
|
||||
*/
|
||||
public function setPostscriptum($postscriptum)
|
||||
{
|
||||
$this->postscriptum = $postscriptum;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return mixed
|
||||
*/
|
||||
public function getPostscriptum()
|
||||
{
|
||||
return $this->postscriptum;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param mixed $title
|
||||
*/
|
||||
public function setTitle($title)
|
||||
{
|
||||
$this->title = $title;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return mixed
|
||||
*/
|
||||
public function getTitle()
|
||||
{
|
||||
return $this->title;
|
||||
}
|
||||
|
||||
public function __construct(Module $module = null)
|
||||
{
|
||||
$this->module = $module;
|
||||
|
||||
@@ -693,8 +693,9 @@ final class TheliaEvents
|
||||
const MODULE_TOGGLE_ACTIVATION = 'thelia.module.toggleActivation';
|
||||
|
||||
/**
|
||||
* sent when a module is deleted
|
||||
* module
|
||||
*/
|
||||
const MODULE_UPDATE = 'thelia.module.update';
|
||||
const MODULE_DELETE = 'thelia.module.delete';
|
||||
|
||||
/**
|
||||
|
||||
@@ -84,7 +84,7 @@ final class AdminResources
|
||||
|
||||
const MESSAGE = "admin.configuration.message";
|
||||
|
||||
const MODULE = "admin.configuration.module";
|
||||
const MODULE = "admin.module";
|
||||
|
||||
const ORDER = "admin.order";
|
||||
|
||||
|
||||
@@ -123,7 +123,7 @@ class SecurityContext
|
||||
*
|
||||
* @return Boolean
|
||||
*/
|
||||
final public function isGranted(array $roles, array $resources, array $accesses)
|
||||
final public function isGranted(array $roles, array $resources, array $modules, array $accesses)
|
||||
{
|
||||
// Find a user which matches the required roles.
|
||||
$user = $this->getCustomerUser();
|
||||
@@ -140,7 +140,7 @@ class SecurityContext
|
||||
return false;
|
||||
}
|
||||
|
||||
if (empty($resources) || empty($accesses)) {
|
||||
if ((empty($resources) && empty($modules)) || empty($accesses)) {
|
||||
return true;
|
||||
}
|
||||
|
||||
@@ -172,6 +172,28 @@ class SecurityContext
|
||||
}
|
||||
}
|
||||
|
||||
foreach ($modules as $module) {
|
||||
if ($module === '') {
|
||||
continue;
|
||||
}
|
||||
|
||||
if(!array_key_exists('module', $userPermissions)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$module = strtolower($module);
|
||||
|
||||
if (!array_key_exists($module, $userPermissions['module'])) {
|
||||
return false;
|
||||
}
|
||||
|
||||
foreach ($accesses as $access) {
|
||||
if (!$userPermissions['module'][$module]->can($access)) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
@@ -60,6 +60,12 @@ class Auth extends BaseLoop implements ArraySearchLoopInterface
|
||||
new AlphaNumStringListType()
|
||||
)
|
||||
),
|
||||
new Argument(
|
||||
'module',
|
||||
new TypeCollection(
|
||||
new AlphaNumStringListType()
|
||||
)
|
||||
),
|
||||
new Argument(
|
||||
'access',
|
||||
new TypeCollection(
|
||||
@@ -79,10 +85,20 @@ class Auth extends BaseLoop implements ArraySearchLoopInterface
|
||||
{
|
||||
$roles = $this->getRole();
|
||||
$resource = $this->getResource();
|
||||
$module = $this->getModule();
|
||||
$access = $this->getAccess();
|
||||
|
||||
if(null !== $module) {
|
||||
$in = true;
|
||||
}
|
||||
|
||||
try {
|
||||
if (true === $this->securityContext->isGranted($roles, $resource === null ? array() : $resource, $access === null ? array() : $access)) {
|
||||
if (true === $this->securityContext->isGranted(
|
||||
$roles,
|
||||
$resource === null ? array() : $resource,
|
||||
$module === null ? array() : $module,
|
||||
$access === null ? array() : $access)
|
||||
) {
|
||||
|
||||
// Create an empty row: loop is no longer empty :)
|
||||
$loopResult->addRow(new LoopResultRow());
|
||||
|
||||
@@ -102,9 +102,9 @@ class FolderPath extends BaseI18nLoop implements ArraySearchLoopInterface
|
||||
if ($folder != null) {
|
||||
|
||||
$results[] = array(
|
||||
"ID" => $result->getId(),
|
||||
"TITLE" => $result->getVirtualColumn('i18n_TITLE'),
|
||||
"URL" => $result->getUrl($this->locale),
|
||||
"ID" => $folder->getId(),
|
||||
"TITLE" => $folder->getVirtualColumn('i18n_TITLE'),
|
||||
"URL" => $folder->getUrl($this->locale),
|
||||
"LOCALE" => $this->locale,
|
||||
);
|
||||
|
||||
|
||||
@@ -69,6 +69,7 @@ class AdminUtilities extends AbstractSmartyPlugin
|
||||
{
|
||||
// The required permissions
|
||||
$resource = $this->getParam($params, 'resource');
|
||||
$module = $this->getParam($params, 'module');
|
||||
$access = $this->getParam($params, 'access');
|
||||
|
||||
// The base position change path
|
||||
@@ -92,7 +93,12 @@ class AdminUtilities extends AbstractSmartyPlugin
|
||||
<a href="{url path='/admin/configuration/currencies/positionDown' currency_id=$ID}"><i class="icon-arrow-down"></i></a>
|
||||
*/
|
||||
|
||||
if ($permissions == null || $this->securityContext->isGranted("ADMIN", array($resource), array($access))) {
|
||||
if ($permissions == null || $this->securityContext->isGranted(
|
||||
"ADMIN",
|
||||
$resource === null ? array() : array($resource),
|
||||
$module === null ? array() : array($module),
|
||||
array($access))
|
||||
) {
|
||||
|
||||
return $this->fetch_snippet($smarty, 'includes/admin-utilities-position-block', array(
|
||||
'admin_utilities_go_up_url' => URL::getInstance()->absoluteUrl($path, array('mode' => 'up', $url_parameter => $id)),
|
||||
|
||||
@@ -55,9 +55,10 @@ class Security extends AbstractSmartyPlugin
|
||||
{
|
||||
$roles = $this->_explode($this->getParam($params, 'role'));
|
||||
$resources = $this->_explode($this->getParam($params, 'resource'));
|
||||
$modules = $this->_explode($this->getParam($params, 'module'));
|
||||
$accesses = $this->_explode($this->getParam($params, 'access'));
|
||||
|
||||
if (! $this->securityContext->isGranted($roles, $resources, $accesses)) {
|
||||
if (! $this->securityContext->isGranted($roles, $resources, $modules, $accesses)) {
|
||||
|
||||
$ex = new AuthenticationException(
|
||||
sprintf("User not granted for roles '%s', to access resources '%s' with %s in context '%s'.",
|
||||
|
||||
75
core/lib/Thelia/Form/ModuleModificationForm.php
Executable file
75
core/lib/Thelia/Form/ModuleModificationForm.php
Executable file
@@ -0,0 +1,75 @@
|
||||
<?php
|
||||
/*************************************************************************************/
|
||||
/* */
|
||||
/* Thelia */
|
||||
/* */
|
||||
/* Copyright (c) OpenStudio */
|
||||
/* email : info@thelia.net */
|
||||
/* web : http://www.thelia.net */
|
||||
/* */
|
||||
/* This program is free software; you can redistribute it and/or modify */
|
||||
/* it under the terms of the GNU General Public License as published by */
|
||||
/* the Free Software Foundation; either version 3 of the License */
|
||||
/* */
|
||||
/* This program is distributed in the hope that it will be useful, */
|
||||
/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
|
||||
/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
|
||||
/* GNU General Public License for more details. */
|
||||
/* */
|
||||
/* You should have received a copy of the GNU General Public License */
|
||||
/* along with this program. If not, see <http://www.gnu.org/licenses/>. */
|
||||
/* */
|
||||
/*************************************************************************************/
|
||||
|
||||
namespace Thelia\Form;
|
||||
|
||||
use Symfony\Component\Validator\Constraints;
|
||||
use Symfony\Component\Validator\ExecutionContextInterface;
|
||||
use Thelia\Model\ModuleQuery;
|
||||
|
||||
class ModuleModificationForm extends BaseForm
|
||||
{
|
||||
use StandardDescriptionFieldsTrait;
|
||||
|
||||
protected function buildForm()
|
||||
{
|
||||
$this->addStandardDescFields();
|
||||
|
||||
$this->formBuilder
|
||||
->add("id", "hidden", array(
|
||||
"required" => true,
|
||||
"constraints" => array(
|
||||
new Constraints\NotBlank(),
|
||||
new Constraints\Callback(
|
||||
array(
|
||||
"methods" => array(
|
||||
array($this, "verifyModuleId"),
|
||||
),
|
||||
)
|
||||
),
|
||||
),
|
||||
"attr" => array(
|
||||
"id" => "module_update_id",
|
||||
),
|
||||
))
|
||||
;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return string the name of you form. This name must be unique
|
||||
*/
|
||||
public function getName()
|
||||
{
|
||||
return "thelia_admin_module_modification";
|
||||
}
|
||||
|
||||
public function verifyModuleId($value, ExecutionContextInterface $context)
|
||||
{
|
||||
$module = ModuleQuery::create()
|
||||
->findPk($value);
|
||||
|
||||
if (null === $module) {
|
||||
$context->addViolation("Module ID not found");
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -35,15 +35,24 @@ class Admin extends BaseAdmin implements UserInterface
|
||||
return AdminResources::SUPERADMINISTRATOR;
|
||||
}
|
||||
|
||||
$userPermissionsQuery = ProfileResourceQuery::create()
|
||||
$userResourcePermissionsQuery = ProfileResourceQuery::create()
|
||||
->joinResource("resource", Criteria::LEFT_JOIN)
|
||||
->withColumn('resource.code', 'code')
|
||||
->filterByProfileId($profileId)
|
||||
->find();
|
||||
|
||||
$userModulePermissionsQuery = ProfileModuleQuery::create()
|
||||
->joinModule("module", Criteria::LEFT_JOIN)
|
||||
->withColumn('module.code', 'code')
|
||||
->filterByProfileId($profileId)
|
||||
->find();
|
||||
|
||||
$userPermissions = array();
|
||||
foreach($userPermissionsQuery as $userPermission) {
|
||||
$userPermissions[$userPermission->getVirtualColumn('code')] = new AccessManager($userPermission->getAccess());
|
||||
foreach($userResourcePermissionsQuery as $userResourcePermission) {
|
||||
$userPermissions[$userResourcePermission->getVirtualColumn('code')] = new AccessManager($userResourcePermission->getAccess());
|
||||
}
|
||||
foreach($userModulePermissionsQuery as $userModulePermission) {
|
||||
$userPermissions['module'][strtolower($userModulePermission->getVirtualColumn('code'))] = new AccessManager($userModulePermission->getAccess());
|
||||
}
|
||||
|
||||
return $userPermissions;
|
||||
|
||||
@@ -4,8 +4,11 @@ namespace Thelia\Model;
|
||||
|
||||
use Propel\Runtime\Connection\ConnectionInterface;
|
||||
use Thelia\Model\Base\Module as BaseModule;
|
||||
use Thelia\Model\Tools\ModelEventDispatcherTrait;
|
||||
|
||||
class Module extends BaseModule {
|
||||
class Module extends BaseModule
|
||||
{
|
||||
use ModelEventDispatcherTrait;
|
||||
|
||||
public function postSave(ConnectionInterface $con = null)
|
||||
{
|
||||
@@ -32,4 +35,4 @@ class Module extends BaseModule {
|
||||
public function getI18nPath() {
|
||||
return $this->getBaseDir() . DS . "I18n";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user