From 53ee12b9a7dbaa535a982cb4bac4aa84475b6494 Mon Sep 17 00:00:00 2001 From: "VINADES.,JSC" Date: Tue, 16 Mar 2021 17:42:34 +0700 Subject: [PATCH] =?UTF-8?q?Add=20API=20manager=20(Ch=C6=B0a=20xong)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- admin/authors/admin.menu.php | 4 + admin/authors/api-credentials.php | 224 ++++++++++++ admin/authors/api-roles.php | 330 ++++++++++++++++++ admin/authors/functions.php | 108 ++++++ admin/settings/system.php | 5 + composer.json | 68 ++-- includes/api/index.html | 0 includes/language/en/admin_authors.php | 41 +++ includes/language/en/admin_settings.php | 3 + includes/language/fr/admin_authors.php | 41 +++ includes/language/fr/admin_settings.php | 3 + includes/language/vi/admin_authors.php | 46 +++ includes/language/vi/admin_settings.php | 3 + install/action_mysql.php | 24 ++ install/data.php | 3 + .../modules/authors/api-credentials-list.tpl | 45 +++ .../authors/api-credentials-result.tpl | 49 +++ .../modules/authors/api-credentials.tpl | 66 ++++ .../modules/authors/api-roles.tpl | 189 ++++++++++ .../admin_default/modules/settings/system.tpl | 8 + vendor/composer/ClassLoader.php | 6 +- vendor/composer/autoload_classmap.php | 1 + vendor/composer/autoload_psr4.php | 2 + vendor/composer/autoload_real.php | 7 +- vendor/composer/autoload_static.php | 11 + vendor/composer/platform_check.php | 29 ++ 26 files changed, 1281 insertions(+), 35 deletions(-) create mode 100644 admin/authors/api-credentials.php create mode 100644 admin/authors/api-roles.php create mode 100644 includes/api/index.html create mode 100644 themes/admin_default/modules/authors/api-credentials-list.tpl create mode 100644 themes/admin_default/modules/authors/api-credentials-result.tpl create mode 100644 themes/admin_default/modules/authors/api-credentials.tpl create mode 100644 themes/admin_default/modules/authors/api-roles.tpl create mode 100644 vendor/composer/platform_check.php diff --git a/admin/authors/admin.menu.php b/admin/authors/admin.menu.php index 6eaf8b9f4d..d44042608b 100755 --- a/admin/authors/admin.menu.php +++ b/admin/authors/admin.menu.php @@ -30,7 +30,11 @@ if (defined('NV_IS_GODADMIN')) { $submenu['module'] = $lang_module['module_admin']; + $submenu['api-credentials'] = $lang_module['api_cr']; + $submenu['api-roles'] = $lang_module['api_roles']; $submenu['config'] = $lang_module['config']; $allow_func[] = 'module'; + $allow_func[] = 'api-credentials'; + $allow_func[] = 'api-roles'; $allow_func[] = 'config'; } diff --git a/admin/authors/api-credentials.php b/admin/authors/api-credentials.php new file mode 100644 index 0000000000..677280b6b4 --- /dev/null +++ b/admin/authors/api-credentials.php @@ -0,0 +1,224 @@ + + * @Copyright (C) 2014 VINADES.,JSC. All rights reserved + * @License GNU/GPL version 2 or any later version + * @Createdate 2-1-2010 21:24 + */ + +if (!defined('NV_IS_FILE_AUTHORS')) { + die('Stop!!!'); +} + +$page_title = $nv_Lang->getModule('api_cr'); + +// Lấy tất cả API Roles +$sql = 'SELECT role_id, role_title FROM ' . NV_AUTHORS_GLOBALTABLE . '_api_role ORDER BY role_id DESC'; +$result = $db->query($sql); + +$global_array_roles = []; +while ($row = $result->fetch()) { + $global_array_roles[$row['role_id']] = $row; +} + +if (empty($global_array_roles)) { + $url = NV_BASE_ADMINURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=api-roles'; + $contents = nv_theme_alert($nv_Lang->getGlobal('site_info'), $nv_Lang->getModule('api_cr_error_role_empty'), 'info', $url, $nv_Lang->getModule('api_roles_add')); + include NV_ROOTDIR . '/includes/header.php'; + echo nv_admin_theme($contents); + include NV_ROOTDIR . '/includes/footer.php'; +} + +// Lấy tất cả các API Credential +$db->sqlreset()->from(NV_AUTHORS_GLOBALTABLE . '_api_credential tb1'); +$db->join('INNER JOIN ' . NV_AUTHORS_GLOBALTABLE . ' tb2 ON tb1.admin_id=tb2.admin_id INNER JOIN ' . NV_USERS_GLOBALTABLE . ' tb3 ON tb1.admin_id=tb3.userid'); +$db->select('tb1.admin_id, tb1.credential_title, tb1.credential_ident, tb1.api_roles, tb1.addtime, tb1.edittime, tb1.last_access, tb2.lev, tb3.username, tb3.first_name, tb3.last_name'); +$db->order('tb1.addtime DESC'); + +$result = $db->query($db->sql()); + +$array = []; +while ($row = $result->fetch()) { + $row['full_name'] = nv_show_name_user($row['first_name'], $row['last_name']); + $row['api_roles'] = array_filter(explode(',', $row['api_roles'])); + + $api_roles = []; + foreach ($row['api_roles'] as $role_id) { + if (isset($global_array_roles[$role_id])) { + $api_roles[] = $global_array_roles[$role_id]['role_title']; + } + } + $row['api_roles_show'] = $api_roles; + + $array[$row['credential_ident']] = $row; +} + + +// Xóa API Credential +if ($nv_Request->isset_request('del', 'post')) { + if (!defined('NV_IS_AJAX')) { + die('Wrong URL!!!'); + } + + $credential_ident = $nv_Request->get_title('credential_ident', 'post', ''); + if (!isset($array[$credential_ident])) { + nv_htmlOutput('NO'); + } + + $db->query('DELETE FROM ' . NV_AUTHORS_GLOBALTABLE . '_api_credential WHERE credential_ident=' . $db->quote($credential_ident)); + nv_insert_logs(NV_LANG_DATA, $module_name, 'Delete API Credential', $credential_ident, $admin_info['userid']); + nv_htmlOutput('OK'); +} + +// Thêm, sửa API Credential +$credential_ident = $nv_Request->get_title('credential_ident', 'get', ''); +if (!empty($credential_ident) and !isset($array[$credential_ident])) { + nv_redirect_location(NV_BASE_ADMINURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=' . $op); +} + +$tpl = new \NukeViet\Template\Smarty(); +$tpl->setTemplateDir(NV_ROOTDIR . '/themes/' . $global_config['module_theme'] . '/modules/' . $module_file); +$tpl->assign('LANG', $nv_Lang); +$tpl->assign('LINK_ADD', NV_BASE_ADMINURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=' . $op . '&add=1'); + +if ($nv_Request->isset_request('add', 'get') or !empty($credential_ident)) { + // Lấy tất cả các Admin + $db->sqlreset()->from(NV_AUTHORS_GLOBALTABLE . ' tb1'); + $db->join('INNER JOIN ' . NV_USERS_GLOBALTABLE . ' tb2 ON tb1.admin_id=tb2.userid'); + $db->select('tb1.admin_id, tb1.lev, tb2.username, tb2.first_name, tb2.last_name'); + $result = $db->query($db->sql()); + $array_admins = []; + while ($row = $result->fetch()) { + $row['full_name'] = nv_show_name_user($row['first_name'], $row['last_name']); + $array_admins[$row['admin_id']] = $row; + } + + $error = ''; + if ($credential_ident) { + $form_action = NV_BASE_ADMINURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=' . $op . '&credential_ident=' . $credential_ident; + $array_post = [ + 'admin_id' => $array[$credential_ident]['admin_id'], + 'credential_title' => $array[$credential_ident]['credential_title'], + 'api_roles' => $array[$credential_ident]['api_roles'] + ]; + } else { + $form_action = NV_BASE_ADMINURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=' . $op . '&add=1'; + $array_post = [ + 'admin_id' => 0, + 'credential_title' => '', + 'api_roles' => [] + ]; + } + + if ($nv_Request->isset_request('submit', 'post')) { + $array_post['credential_title'] = nv_substr($nv_Request->get_title('credential_title', 'post', ''), 0, 255); + if (empty($credential_ident)) { + $array_post['admin_id'] = $nv_Request->get_int('admin_id', 'post', 0); + } + $array_post['api_roles'] = $nv_Request->get_typed_array('api_roles', 'post', 'int', []); + $array_post['api_roles'] = array_intersect($array_post['api_roles'], array_keys($global_array_roles)); + if (empty($array_post['credential_title'])) { + $error = $nv_Lang->getModule('api_cr_error_title'); + } elseif (!isset($array_admins[$array_post['admin_id']])) { + $error = $nv_Lang->getModule('api_cr_error_admin'); + } elseif (empty($array_post['api_roles'])) { + $error = $nv_Lang->getModule('api_cr_error_roles'); + } else { + if (empty($credential_ident)) { + // Tạo mới + $new_credential_ident = ''; + $new_credential_secret = ''; + while (empty($new_credential_ident) or $db->query('SELECT admin_id FROM ' . NV_AUTHORS_GLOBALTABLE . '_api_credential WHERE credential_ident=' . $db->quote($new_credential_ident))->fetchColumn()) { + $new_credential_ident = nv_genpass(32, 3); + } + while (empty($new_credential_secret) or $db->query('SELECT admin_id FROM ' . NV_AUTHORS_GLOBALTABLE . '_api_credential WHERE credential_ident=' . $db->quote($new_credential_secret))->fetchColumn()) { + $new_credential_secret = nv_genpass(32, 3); + } + + $sql = 'INSERT INTO ' . NV_AUTHORS_GLOBALTABLE . '_api_credential ( + admin_id, credential_title, credential_ident, credential_secret, api_roles, addtime + ) VALUES ( + ' . $array_post['admin_id'] . ', :credential_title, :credential_ident, :credential_secret, :api_roles, ' . NV_CURRENTTIME . ' + )'; + $sth = $db->prepare($sql); + + $new_credential_secret_db = $crypt->encrypt($new_credential_secret); + $api_roles = implode(',', $array_post['api_roles']); + + $sth->bindParam(':credential_title', $array_post['credential_title'], PDO::PARAM_STR); + $sth->bindParam(':credential_ident', $new_credential_ident, PDO::PARAM_STR); + $sth->bindParam(':credential_secret', $new_credential_secret_db, PDO::PARAM_STR); + $sth->bindParam(':api_roles', $api_roles, PDO::PARAM_STR); + + if ($sth->execute()) { + nv_insert_logs(NV_LANG_DATA, $module_name, 'Add API Credential', $new_credential_ident, $admin_info['userid']); + + $tpl->assign('CREDENTIAL_IDENT', $new_credential_ident); + $tpl->assign('CREDENTIAL_SECRET', $new_credential_secret); + $tpl->assign('URL_BACK', NV_BASE_ADMINURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=' . $op); + + $contents = $tpl->fetch('api-credentials-result.tpl'); + + include NV_ROOTDIR . '/includes/header.php'; + echo nv_admin_theme($contents); + include NV_ROOTDIR . '/includes/footer.php'; + } else { + $error = 'Unknow Error!!!'; + } + } else { + // Cập nhật + $sql = 'UPDATE ' . NV_AUTHORS_GLOBALTABLE . '_api_credential SET + credential_title=:credential_title, + api_roles=:api_roles, + edittime=' . NV_CURRENTTIME . ' + WHERE credential_ident=' . $db->quote($credential_ident); + $sth = $db->prepare($sql); + $api_roles = implode(',', $array_post['api_roles']); + $sth->bindParam(':credential_title', $array_post['credential_title'], PDO::PARAM_STR); + $sth->bindParam(':api_roles', $api_roles, PDO::PARAM_STR); + if ($sth->execute()) { + nv_insert_logs(NV_LANG_DATA, $module_name, 'Edit API Credential', $credential_ident, $admin_info['userid']); + nv_redirect_location(NV_BASE_ADMINURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=' . $op); + } else { + $error = 'Unknow error!!!'; + } + } + } + } + + $tpl->assign('CREDENTIAL_IDENT', $credential_ident); + $tpl->assign('DATA', $array_post); + $tpl->assign('FORM_ACTION', $form_action); + $tpl->assign('ERROR', $error); + $tpl->assign('ARRAY_ADMINS', $array_admins); + $tpl->assign('ARRAY_ROLES', $global_array_roles); + + $contents = $tpl->fetch('api-credentials.tpl'); + + include NV_ROOTDIR . '/includes/header.php'; + echo nv_admin_theme($contents); + include NV_ROOTDIR . '/includes/footer.php'; +} + +if (empty($array)) { + nv_redirect_location(NV_BASE_ADMINURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=' . $op . '&add=1'); +} + +$tpl->registerPlugin('modifier', 'implode', 'implode'); +$tpl->registerPlugin('modifier', 'date', 'nv_date'); + +// Thông báo nếu Remote API đang tắt. +$tpl->assign('NV_BASE_ADMINURL', NV_BASE_ADMINURL); +$tpl->assign('REMOTE_API_ACCESS', $global_config['remote_api_access']); +$tpl->assign('URL_CONFIG', NV_BASE_ADMINURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=settings&' . NV_OP_VARIABLE . '=system'); +$tpl->assign('ARRAY', $array); +$tpl->assign('MODULE_NAME', $module_name); +$tpl->assign('OP', $op); + +$contents = $tpl->fetch('api-credentials-list.tpl'); + +include NV_ROOTDIR . '/includes/header.php'; +echo nv_admin_theme($contents); +include NV_ROOTDIR . '/includes/footer.php'; diff --git a/admin/authors/api-roles.php b/admin/authors/api-roles.php new file mode 100644 index 0000000000..e189b87a32 --- /dev/null +++ b/admin/authors/api-roles.php @@ -0,0 +1,330 @@ + + * @Copyright (C) 2014 VINADES.,JSC. All rights reserved + * @License GNU/GPL version 2 or any later version + * @Createdate 2-1-2010 21:24 + */ + +if (!defined('NV_IS_FILE_AUTHORS')) { + die('Stop!!!'); +} + +$page_title = $lang_module['api_roles']; +$array_api_actions = nv_get_api_actions(); +$array_api_cats = $array_api_actions[2]; +$array_api_keys = $array_api_actions[1]; +$array_api_actions = $array_api_actions[0]; + +$xtpl = new XTemplate('api-roles.tpl', NV_ROOTDIR . '/themes/' . $global_config['module_theme'] . '/modules/' . $module_file); +$xtpl->assign('LANG', $lang_module); +$xtpl->assign('GLANG', $lang_global); +$xtpl->assign('NV_BASE_ADMINURL', NV_BASE_ADMINURL); +$xtpl->assign('MODULE_NAME', $module_name); +$xtpl->assign('OP', $op); + +// Danh sách +$sql = 'SELECT * FROM ' . NV_AUTHORS_GLOBALTABLE . '_api_role ORDER BY role_id DESC'; +$result = $db->query($sql); + +$array = []; +while ($row = $result->fetch()) { + $row['role_data'] = empty($row['role_data']) ? [] : unserialize($row['role_data']); + + // Xử lý các API theo cat + $row['apis'] = []; + $row['apis'][''] = $row['apis'][NV_LANG_DATA] = []; + $row['apitotal'] = 0; + if (!empty($row['role_data']['sys'])) { + foreach ($row['role_data']['sys'] as $api_cmd) { + $cat = $array_api_cats[''][$api_cmd]; + if (!isset($row['apis'][''][$cat['key']])) { + $row['apis'][''][$cat['key']] = [ + 'title' => $cat['title'], + 'apis' => [] + ]; + } + $row['apis'][''][$cat['key']]['apis'][$api_cmd] = $cat['api_title']; + $row['apitotal']++; + } + } + if (!empty($row['role_data'][NV_LANG_DATA])) { + foreach ($row['role_data'][NV_LANG_DATA] as $mod_title => $mod_data) { + if (isset($array_api_cats[$mod_title])) { + foreach ($mod_data as $api_cmd) { + $cat = $array_api_cats[$mod_title][$api_cmd]; + if (!isset($row['apis'][NV_LANG_DATA][$mod_title])) { + $row['apis'][NV_LANG_DATA][$mod_title] = []; + } + if (!isset($row['apis'][NV_LANG_DATA][$mod_title][$cat['key']])) { + $row['apis'][NV_LANG_DATA][$mod_title][$cat['key']] = [ + 'title' => $cat['title'], + 'apis' => [] + ]; + } + $row['apis'][NV_LANG_DATA][$mod_title][$cat['key']]['apis'][$api_cmd] = $cat['api_title']; + $row['apitotal']++; + } + } + } + } + + $array[$row['role_id']] = $row; +} + +// Xóa API Role +if ($nv_Request->isset_request('del', 'post')) { + if (!defined('NV_IS_AJAX')) { + die('Wrong URL!!!'); + } + + $role_id = $nv_Request->get_int('role_id', 'post', 0); + if (!isset($array[$role_id])) { + nv_htmlOutput('NO'); + } + + $db->query('DELETE FROM ' . NV_AUTHORS_GLOBALTABLE . '_api_role WHERE role_id=' . $role_id); + nv_insert_logs(NV_LANG_DATA, $module_name, 'Delete API role', $role_id . ': ' . $array[$role_id]['role_title'], $admin_info['userid']); + nv_htmlOutput('OK'); +} + +//$tpl->assign('SITE_MODS', $site_mods); + +$current_cat = ''; +$error = ''; +$role_id = $nv_Request->get_int('role_id', 'get', 0); + +if ($role_id) { + if (!isset($array[$role_id])) { + nv_redirect_location(NV_BASE_ADMINURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=' . $op); + } + $form_action = NV_BASE_ADMINURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=' . $op . '&role_id=' . $role_id; + $array_post = $array[$role_id]; + if (!isset($array_post['role_data']['sys'])) { + $array_post['role_data']['sys'] = []; + } + if (!isset($array_post['role_data'][NV_LANG_DATA])) { + $array_post['role_data'][NV_LANG_DATA] = []; + } + $caption = $lang_module['api_roles_edit']; +} else { + $form_action = NV_BASE_ADMINURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=' . $op; + $array_post = [ + 'role_title' => '', + 'role_description' => '' + ]; + $array_post['role_data'] = []; + $array_post['role_data']['sys'] = []; + $array_post['role_data'][NV_LANG_DATA] = []; + $caption = $lang_module['api_roles_add']; +} + +$is_submit_form = false; +if ($nv_Request->isset_request('submit', 'post')) { + $is_submit_form = true; + $current_cat = $nv_Request->get_title('current_cat', 'post', ''); + + $array_post['role_title'] = nv_substr($nv_Request->get_title('role_title', 'post', ''), 0, 250); + $array_post['role_description'] = nv_substr($nv_Request->get_textarea('role_description', '', ''), 0, 250); + $array_post['role_data'] = []; + // Các API của hệ thống + $array_post['role_data']['sys'] = []; + // Các API của module theo ngôn ngữ + $array_post['role_data'][NV_LANG_DATA] = []; + + // Lấy các API được phép + foreach ($array_api_actions as $keysysmodule => $sysmodule_data) { + // Các API không có CAT + $api_nocat = $nv_Request->get_typed_array('api_' . $keysysmodule, 'post', 'string', []); + $api_cat = []; + foreach ($sysmodule_data as $catkey => $catapis) { + $api_cat = array_merge_recursive($api_cat, $nv_Request->get_typed_array('api_' . $keysysmodule . '_' . $catkey, 'post', 'string', [])); + } + $api_submits = array_filter(array_unique(array_merge_recursive($api_nocat, $api_cat))); + $api_submits = array_intersect($api_submits, $array_api_keys[$keysysmodule]); + if (empty($keysysmodule)) { + $array_post['role_data']['sys'] = $api_submits; + } elseif (!empty($api_submits)) { + $array_post['role_data'][NV_LANG_DATA][$keysysmodule] = $api_submits; + } + } + + $sql = 'SELECT role_id FROM ' . NV_AUTHORS_GLOBALTABLE . '_api_role WHERE role_title=:role_title' . ($role_id ? (' AND role_id!=' . $role_id) : ''); + $sth = $db->prepare($sql); + $sth->bindParam(':role_title', $array_post['role_title'], PDO::PARAM_STR); + $sth->execute(); + $is_exists = $sth->fetchColumn(); + + if (empty($array_post['role_title'])) { + $error = $lang_module['api_roles_error_title']; + } elseif (empty($array_post['role_data']['sys']) and empty($array_post['role_data'][NV_LANG_DATA])) { + $error = $lang_module['api_roles_error_role']; + } elseif ($is_exists) { + $error = $lang_module['api_roles_error_exists']; + } else { + if ($role_id) { + $sql = 'UPDATE ' . NV_AUTHORS_GLOBALTABLE . '_api_role SET + role_title=:role_title, + role_description=:role_description, + role_data=:role_data, + edittime=' . NV_CURRENTTIME . ' + WHERE role_id=' . $role_id; + $sth = $db->prepare($sql); + $role_data = serialize($array_post['role_data']); + $sth->bindParam(':role_title', $array_post['role_title'], PDO::PARAM_STR); + $sth->bindParam(':role_description', $array_post['role_description'], PDO::PARAM_STR, strlen($array_post['role_description'])); + $sth->bindParam(':role_data', $role_data, PDO::PARAM_STR, strlen($role_data)); + if ($sth->execute()) { + nv_insert_logs(NV_LANG_DATA, $module_name, 'Edit API role', $role_id . ': ' . $array[$role_id]['role_title'], $admin_info['userid']); + } else { + $error = 'Unknow error!!!'; + } + } else { + $sql = 'INSERT INTO ' . NV_AUTHORS_GLOBALTABLE . '_api_role ( + role_title, role_description, role_data, addtime + ) VALUES ( + :role_title, :role_description, :role_data, ' . NV_CURRENTTIME . ' + )'; + $array_insert = []; + $array_insert['role_title'] = $array_post['role_title']; + $array_insert['role_description'] = $array_post['role_description']; + $array_insert['role_data'] = serialize($array_post['role_data']); + + $_role_id = $db->insert_id($sql, 'role_id', $array_insert); + if ($_role_id) { + nv_insert_logs(NV_LANG_DATA, $module_name, 'Add API role', $_role_id . ': ' . $array_post['role_title'], $admin_info['userid']); + } else { + $error = 'Unknow error!!!'; + } + } + + if (empty($error)) { + nv_redirect_location(NV_BASE_ADMINURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=' . $op); + } + } +} + +// Thêm/sửa api role +$cat_order = 0; +$total_api_enabled = 0; +$array_api_trees = []; +$array_api_contents = []; + +foreach ($array_api_actions as $keysysmodule => $sysmodule_data) { + $cat1_is_active = ($keysysmodule == $current_cat and !empty($current_cat)) ? true : false; + $cat1_total_api = 0; + + // Lev1: Hệ thống hoặc các module + $array_api_trees[$keysysmodule] = [ + 'active' => $cat1_is_active, + 'total_api' => 0, + 'key' => $keysysmodule, + 'name' => $keysysmodule ? $site_mods[$keysysmodule]['custom_title'] : $lang_module['api_of_system'], + 'subs' => [] + ]; + + // Lev 2: Các cat của hệ thống hoặc các module, trong HTML đối xử ngang nhau + foreach ($sysmodule_data as $catkey => $catapis) { + $cat_order++; + + if (!empty($catkey)) { + $cat2_key = $keysysmodule . '_' . $catkey; + $cat2_is_active = ($cat2_key == $current_cat or (!$cat1_is_active and $cat_order == 1 and empty($current_cat))) ? true : false; + $cat2_total_api = 0; + + $array_api_trees[$keysysmodule]['subs'][$cat2_key] = [ + 'active' => $cat2_is_active, + 'total_api' => 0, + 'key' => $cat2_key, + 'name' => $catapis['title'] + ]; + + // Các API của lev1 (Các api có cat của lev2 trống) + $array_api_contents[$cat2_key] = [ + 'key' => $cat2_key, + 'active' => $cat2_is_active, + 'apis' => [] + ]; + + foreach ($catapis['apis'] as $api) { + $api_checked = ((empty($keysysmodule) and in_array($api['cmd'], $array_post['role_data']['sys'])) or (!empty($keysysmodule) and isset($array_post['role_data'][NV_LANG_DATA][$keysysmodule]) and in_array($api['cmd'], $array_post['role_data'][NV_LANG_DATA][$keysysmodule]))); + $total_api_enabled += $api_checked ? 1 : 0; + $cat2_total_api += $api_checked ? 1 : 0; + + $array_api_contents[$cat2_key]['apis'][] = [ + 'cmd' => $api['cmd'], + 'name' => $api['title'], + 'checked' => $api_checked + ]; + } + + $array_api_trees[$keysysmodule]['subs'][$cat2_key]['total_api'] = $cat2_total_api; + } else { + // Các API của lev1 (Các api có cat của lev2 trống) + $array_api_contents[$keysysmodule] = [ + 'key' => $keysysmodule, + 'active' => $cat1_is_active, + 'apis' => [] + ]; + + foreach ($catapis['apis'] as $api) { + $api_checked = ((empty($keysysmodule) and in_array($api['cmd'], $array_post['role_data']['sys'])) or (!empty($keysysmodule) and isset($array_post['role_data'][NV_LANG_DATA][$keysysmodule]) and in_array($api['cmd'], $array_post['role_data'][NV_LANG_DATA][$keysysmodule]))); + $total_api_enabled += $api_checked ? 1 : 0; + $cat1_total_api += $api_checked ? 1 : 0; + + $array_api_contents[$keysysmodule]['apis'][] = [ + 'cmd' => $api['cmd'], + 'name' => $api['title'], + 'checked' => $api_checked + ]; + } + } + } + + $array_api_trees[$keysysmodule]['total_api'] = $cat1_total_api; +} + +//$tpl->assign('ROLE_ID', $role_id); +//$tpl->assign('IS_SUBMIT_FORM', $is_submit_form); +//$tpl->assign('ERROR', $error); +//$tpl->assign('ARRAY_API_TREES', $array_api_trees); +//$tpl->assign('ARRAY_API_CONTENTS', $array_api_contents); + +$xtpl->assign('FORM_ACTION', $form_action); +$xtpl->assign('CAPTION', $caption); +$xtpl->assign('CURRENT_CAT', $current_cat); +$xtpl->assign('DATA', $array_post); + +if (empty($array)) { + $xtpl->parse('main.empty'); +} else { + //$tpl->assign('ARRAY', $array); + $xtpl->parse('main.data'); +} + +if (!empty($error)) { + $xtpl->assign('ERROR', $error); + $xtpl->parse('main.error'); +} + +if (!$is_submit_form) { + $xtpl->parse('main.add_notice'); +} + +if ($is_submit_form or $role_id) { + $xtpl->parse('main.scrolltop'); +} + +if ($total_api_enabled) { + $xtpl->assign('TOTAL_API_ENABLED', $total_api_enabled); + $xtpl->parse('main.total_api_enabled'); +} + +$xtpl->parse('main'); +$contents = $xtpl->text('main'); + +include NV_ROOTDIR . '/includes/header.php'; +echo nv_admin_theme($contents); +include NV_ROOTDIR . '/includes/footer.php'; diff --git a/admin/authors/functions.php b/admin/authors/functions.php index eb064ae8ad..6d13a6f5ee 100755 --- a/admin/authors/functions.php +++ b/admin/authors/functions.php @@ -134,3 +134,111 @@ function nv_admin_edit_result($result) echo nv_admin_theme($contents); include NV_ROOTDIR . '/includes/footer.php'; } + +/** + * @return array[] + */ +function nv_get_api_actions() +{ + global $lang_module, $sys_mods; + + $array_apis = [ + '' => [] + ]; + $array_keys = $array_cats = $array_apis; + + // Các API của hệ thống + $files = nv_scandir(NV_ROOTDIR . '/includes/api', '/(.*?)/'); + foreach ($files as $file) { + if (preg_match('/^([^0-9]+[a-z0-9\_]{0,})\.php$/', $file, $m)) { + $class_name = $m[1]; + $class_namespaces = 'NukeViet\\Api\\' . $class_name; + if (nv_class_exists($class_namespaces)) { + $class_cat = $class_namespaces::getCat(); + $cat_title = $lang_module['api_' . $class_cat]; + $api_title = $lang_module['api_' . $class_cat . '_' . $class_name]; + if (!isset($array_apis[''][$class_cat])) { + $array_apis[''][$class_cat] = [ + 'title' => $lang_module['api_' . $class_cat], + 'apis' => [] + ]; + } + $array_apis[''][$class_cat]['apis'][$class_name] = [ + 'title' => $api_title, + 'cmd' => $class_name + ]; + $array_keys[''][$class_name] = $class_name; + $array_cats[''][$class_name] = [ + 'key' => $class_cat, + 'title' => $cat_title, + 'api_title' => $api_title + ]; + } + } + } + + $lang_module_backup = $lang_module; + + // Các API của module cung cấp + foreach ($sys_mods as $module_name => $module_info) { + $module_file = $module_info['module_file']; + if (file_exists(NV_ROOTDIR . '/modules/' . $module_file . '/Api')) { + // Đọc ngôn ngữ tạm của module + $lang_module = []; + if (file_exists(NV_ROOTDIR . '/modules/' . $module_file . '/language/admin_' . NV_LANG_INTERFACE . '.php')) { + include NV_ROOTDIR . '/modules/' . $module_file . '/language/admin_' . NV_LANG_INTERFACE . '.php'; + } elseif (file_exists(NV_ROOTDIR . '/modules/' . $module_file . '/language/admin_en.php')) { + include NV_ROOTDIR . '/modules/' . $module_file . '/language/admin_en.php'; + } + + // Lấy các API + $files = nv_scandir(NV_ROOTDIR . '/modules/' . $module_file . '/Api', '/(.*?)/'); + foreach ($files as $file) { + if (preg_match('/^([^0-9]+[a-z0-9\_]{0,})\.php$/', $file, $m)) { + $class_name = $m[1]; + $class_namespaces = 'NukeViet\\Module\\' . $module_file . '\\Api\\' . $class_name; + if (nv_class_exists($class_namespaces)) { + $class_cat = $class_namespaces::getCat(); + $cat_title = $class_cat ? $lang_module['api_' . $class_cat] : ''; + $api_title = $class_cat ? $lang_module['api_' . $class_cat . '_' . $class_name] : $lang_module['api_' . $class_name]; + + // Xác định key + if (!isset($array_keys[$module_name])) { + $array_keys[$module_name] = []; + } + $array_keys[$module_name][$class_name] = $class_name; + + // Xác định cây thư mục + if (!isset($array_apis[$module_name])) { + $array_apis[$module_name] = []; + } + if (!isset($array_apis[$module_name][$class_cat])) { + $array_apis[$module_name][$class_cat] = [ + 'title' => $cat_title, + 'apis' => [] + ]; + } + $array_apis[$module_name][$class_cat]['apis'][$class_name] = [ + 'title' => $api_title, + 'cmd' => $class_name + ]; + + // Phân theo cat + if (!isset($array_cats[$module_name])) { + $array_cats[$module_name] = []; + } + $array_cats[$module_name][$class_name] = [ + 'key' => $class_cat, + 'title' => $cat_title, + 'api_title' => $api_title + ]; + } + } + } + } + } + + $lang_module = $lang_module_backup; + + return [$array_apis, $array_keys, $array_cats]; +} diff --git a/admin/settings/system.php b/admin/settings/system.php index e7dc5f6a9a..c21e1108dc 100755 --- a/admin/settings/system.php +++ b/admin/settings/system.php @@ -171,6 +171,9 @@ } } + $array_config_global['remote_api_access'] = (int) $nv_Request->get_bool('remote_api_access', 'post', false); + $array_config_global['remote_api_log'] = (int) $nv_Request->get_bool('remote_api_log', 'post', false); + $sth = $db->prepare("UPDATE " . NV_CONFIG_GLOBALTABLE . " SET config_value = :config_value WHERE lang = 'sys' AND module = 'global' AND config_name = :config_name"); foreach ($array_config_global as $config_name => $config_value) { $sth->bindParam(':config_name', $config_name, PDO::PARAM_STR, 30); @@ -247,6 +250,8 @@ $xtpl->assign('CHECKED_ERROR_SET_LOGS', ($array_config_global['error_set_logs']) ? ' checked="checked"' : ''); $xtpl->assign('CHECKED_REWRITE_ENABLE', ($array_config_global['rewrite_enable'] == 1) ? ' checked ' : ''); $xtpl->assign('CHECKED_REWRITE_OPTIONAL', ($array_config_global['rewrite_optional'] == 1) ? ' checked ' : ''); + $xtpl->assign('CHECKED_REMOTE_API_ACCESS', ($array_config_global['remote_api_access'] == 1) ? ' checked ' : ''); + $xtpl->assign('CHECKED_REMOTE_API_LOG', ($array_config_global['remote_api_log'] == 1) ? ' checked ' : ''); $xtpl->assign('MY_DOMAINS', $array_config_global['my_domains']); diff --git a/composer.json b/composer.json index 986ab50f9c..b94b28a33e 100644 --- a/composer.json +++ b/composer.json @@ -1,44 +1,50 @@ { - "name": "nukeviet/nukeviet", - "version": "4.4.01", - "type": "project", - "description": "NukeViet is the first opensource CMS in Vietnam.", - "keywords": ["cms","nukeviet", "nukeviet4", "portal"], - "homepage": "https://github.com/nukeviet/nukeviet", - "license": "GPL-2.0+", - "authors": [ - { - "name": "VINADES.,JSC", - "email": "contact@vinades.vn", - "homepage": "http://vinades.vn", - "role": "Developer" + "name" : "nukeviet/nukeviet", + "version" : "4.4.01", + "type" : "project", + "description" : "NukeViet is the first opensource CMS in Vietnam.", + "keywords" : [ + "cms", + "nukeviet", + "nukeviet4", + "portal" + ], + "homepage" : "https://github.com/nukeviet/nukeviet", + "license" : "GPL-2.0+", + "authors" : [{ + "name" : "VINADES.,JSC", + "email" : "contact@vinades.vn", + "homepage" : "http://vinades.vn", + "role" : "Developer" } ], - "support": { - "email": "admin@nukeviet.vn", - "issues": "https://github.com/nukeviet/nukeviet/issues", - "forum": "http://forum.nukeviet.vn", - "wiki": "http://wiki.nukeviet.vn", - "source": "https://github.com/nukeviet/nukeviet/releases" + "support" : { + "email" : "admin@nukeviet.vn", + "issues" : "https://github.com/nukeviet/nukeviet/issues", + "forum" : "http://forum.nukeviet.vn", + "wiki" : "http://wiki.nukeviet.vn", + "source" : "https://github.com/nukeviet/nukeviet/releases" }, "autoload" : { "psr-4" : { - "NukeViet\\" : "vendor/vinades/nukeviet" + "NukeViet\\" : "vendor/vinades/nukeviet", + "NukeViet\\Api\\" : "includes/api", + "NukeViet\\Module\\" : "modules" }, "classmap" : [ "vendor/vinades/pclzip/pclzip.lib.php" ] }, - "require": { - "php": ">=5.6.0", - "ext-mbstring": "*", - "ext-gd": "*", - "ext-json": "*", - "ext-xml": "*", - "ext-session": "*", - "and/oauth": "^0.7-dev", - "endroid/qrcode": "^1.9.1", - "true/punycode": "^2.1", - "phpmailer/phpmailer": "^6.1" + "require" : { + "php" : ">=5.6.0", + "ext-mbstring" : "*", + "ext-gd" : "*", + "ext-json" : "*", + "ext-xml" : "*", + "ext-session" : "*", + "and/oauth" : "^0.7-dev", + "endroid/qrcode" : "^1.9.1", + "true/punycode" : "^2.1", + "phpmailer/phpmailer" : "^6.1" } } diff --git a/includes/api/index.html b/includes/api/index.html new file mode 100644 index 0000000000..e69de29bb2 diff --git a/includes/language/en/admin_authors.php b/includes/language/en/admin_authors.php index 8222a3f9b1..743d2e25fb 100644 --- a/includes/language/en/admin_authors.php +++ b/includes/language/en/admin_authors.php @@ -166,3 +166,44 @@ $lang_module['2step_error_oauth_exists'] = 'This account is already in the verification list'; $lang_module['2step_addtime'] = 'Add time'; $lang_module['ip_version'] = 'IP Version'; +$lang_module['api_addtime'] = 'Add time'; +$lang_module['api_edittime'] = 'Edit time'; +$lang_module['api_roles'] = 'Manage Roles API'; +$lang_module['api_roles_list'] = 'List of API Roles'; +$lang_module['api_roles_empty'] = 'No API Role yet added. Please complete the form below to add the new API Role'; +$lang_module['api_roles_add'] = 'Create new API Role'; +$lang_module['api_roles_edit'] = 'Edit API Role'; +$lang_module['api_roles_title'] = 'Name'; +$lang_module['api_roles_description'] = 'Description'; +$lang_module['api_roles_allowed'] = 'APIs allowed to access'; +$lang_module['api_roles_error_title'] = 'Error: The API Role name was not entered'; +$lang_module['api_roles_error_exists'] = 'Error: This API Role Name already exists, please enter a different name to avoid confusion'; +$lang_module['api_roles_error_role'] = 'Error: No APIs selected'; +$lang_module['api_roles_checkall'] = 'Select all'; +$lang_module['api_roles_uncheckall'] = 'Deselect all'; +$lang_module['api_roles_detail'] = 'Details APIs of'; +$lang_module['api_role_notice'] = 'Note: Depending on the level of the licensed administrator account the APIs used in each Role API will be redefined.'; +$lang_module['api_role_notice_lang'] = 'System APIs are valid for all languages. APIs of the module are only valid for the current language.'; +$lang_module['api_of_system'] = 'System'; +$lang_module['api_cr'] = 'API Credential'; +$lang_module['api_cr_error_role_empty'] = 'No API Role is created, please create a Role API first. The system will automatically switch to the Role API creation page in a moment'; +$lang_module['api_remote_off'] = 'Remote API is off, accounts with API access below will not be able to place API calls. To make an API call, enable the Remote API here'; +$lang_module['api_cr_last_access_none'] = 'None'; +$lang_module['api_cr_last_access'] = 'Recently used'; +$lang_module['api_cr_add'] = 'Add API Credential'; +$lang_module['api_cr_edit'] = 'Edit API Credential'; +$lang_module['api_cr_title'] = 'Describe the rights'; +$lang_module['api_cr_for_admin'] = 'Select administrator'; +$lang_module['api_cr_roles'] = 'Select API Role'; +$lang_module['api_cr_roles1'] = 'API Role'; +$lang_module['api_cr_error_title'] = 'Error: Please enter an API access description'; +$lang_module['api_cr_error_admin'] = 'Error: Please select administrator'; +$lang_module['api_cr_error_roles'] = 'Error: Please select the API Role'; +$lang_module['api_cr_result'] = 'Here is the access key and the secret code. You need to keep the secret code in a safe place before leaving this screen. After leaving this screen you will not be able to retrieve the secret code. If you lose the access and secret code you need to recreate other API access.'; +$lang_module['api_cr_credential_ident'] = 'Access keys'; +$lang_module['api_cr_credential_secret'] = 'Secret code'; +$lang_module['api_cr_back'] = 'Done copied'; +$lang_module['api_cr_notice'] = 'Note: Keep your secret code secret and special access keys secret. If the secret code and the access key are exposed, the saboteurs can perform undesirable operations'; +$lang_module['api_System'] = 'System functions'; +$lang_module['api_System_SendMail'] = 'Send email'; +$lang_module['other_info'] = 'Other information'; diff --git a/includes/language/en/admin_settings.php b/includes/language/en/admin_settings.php index 1b6167de86..310b72af3b 100644 --- a/includes/language/en/admin_settings.php +++ b/includes/language/en/admin_settings.php @@ -242,6 +242,9 @@ $lang_module['ftp_error_detect_root'] = 'Can not find any suitable parameters, check your username and password'; $lang_module['ftp_error_support'] = 'Your server is blocking or does not support FTP library, please contact the provider to be enabled.'; $lang_module['cdn_url'] = 'Hosting CDN for javascript, css'; +$lang_module['remote_api_access'] = 'Enable Remote API'; +$lang_module['remote_api_access_help'] = 'Disabling all API access from outside will be blocked. Internal APIs are still used normally'; +$lang_module['remote_api_log'] = 'Enable Remote API Logging'; $lang_module['plugin'] = 'Configuration Plugin'; $lang_module['plugin_info'] = 'php file plugin implementation is contained in the “includes/plugin/”. The plugin will always run when the system is activated'; $lang_module['plugin_file'] = 'Executable File'; diff --git a/includes/language/fr/admin_authors.php b/includes/language/fr/admin_authors.php index e9b0c8ee93..5c92c69dbb 100644 --- a/includes/language/fr/admin_authors.php +++ b/includes/language/fr/admin_authors.php @@ -166,3 +166,44 @@ $lang_module['2step_error_oauth_exists'] = 'Ce compte est déjà dans la liste de vérification'; $lang_module['2step_addtime'] = 'Ajouter du temps'; $lang_module['ip_version'] = 'Version IP'; +$lang_module['api_addtime'] = 'Créé à'; +$lang_module['api_edittime'] = 'Mis à jour à'; +$lang_module['api_roles'] = 'Gérer l\'API des rôles'; +$lang_module['api_roles_list'] = 'Liste des rôles de l\'API'; +$lang_module['api_roles_empty'] = 'Aucun rôle d\'API n\'a encore été ajouté. Veuillez compléter le formulaire ci-dessous pour ajouter le nouveau rôle de l\'API'; +$lang_module['api_roles_add'] = 'Créer un nouveau rôle API'; +$lang_module['api_roles_edit'] = 'Modifier le rôle de l\'API'; +$lang_module['api_roles_title'] = 'Nom de rôle de l\'API'; +$lang_module['api_roles_description'] = 'Rôle de description d\'API'; +$lang_module['api_roles_allowed'] = 'API autorisées à accéder'; +$lang_module['api_roles_error_title'] = 'Erreur: le nom du rôle de l\'API n\'a pas été entré'; +$lang_module['api_roles_error_exists'] = 'Erreur: Ce nom de rôle d\'API existe déjà. Veuillez entrer un nom différent pour éviter toute confusion.'; +$lang_module['api_roles_error_role'] = 'Erreur: Aucune API sélectionnée'; +$lang_module['api_roles_checkall'] = 'Sélectionner tout'; +$lang_module['api_roles_uncheckall'] = 'Décocher tout'; +$lang_module['api_roles_detail'] = 'Détails des API'; +$lang_module['api_role_notice'] = 'Remarque: Selon le niveau du compte d\'administrateur sous licence, les API utilisées dans chaque API de rôle seront redéfinies.'; +$lang_module['api_role_notice_lang'] = 'Les API système sont valides pour toutes les langues. Les API du module ne sont valides que pour la langue actuelle.'; +$lang_module['api_of_system'] = 'Système'; +$lang_module['api_cr'] = 'Accès à l\'API'; +$lang_module['api_cr_error_role_empty'] = 'Aucun rôle d\'API n\'est créé. Veuillez d\'abord créer une API de rôle. Le système bascule automatiquement sur la page de création de l\'API de rôle dans un instant'; +$lang_module['api_remote_off'] = 'L\'API distante étant désactivée, les comptes disposant d\'un accès API ci-dessous ne pourront pas passer d\'appels d\'API. Pour effectuer un appel d\'API, activer l\'API à distance ici'; +$lang_module['api_cr_last_access_none'] = 'Pas encore'; +$lang_module['api_cr_last_access'] = 'Récemment utilisé'; +$lang_module['api_cr_add'] = 'Ajouter un accès à l\'API'; +$lang_module['api_cr_edit'] = 'Corriger l\'accès à l\'API'; +$lang_module['api_cr_title'] = 'Décrivez les droits'; +$lang_module['api_cr_for_admin'] = 'Sélectionnez l\'administrateur'; +$lang_module['api_cr_roles'] = 'Sélectionnez le rôle de l\'API'; +$lang_module['api_cr_roles1'] = 'Rôle API'; +$lang_module['api_cr_error_title'] = 'Erreur: Veuillez entrer une description d\'accès à l\'API'; +$lang_module['api_cr_error_admin'] = 'Erreur: Veuillez sélectionner l\'administrateur'; +$lang_module['api_cr_error_roles'] = 'Erreur: Veuillez sélectionner l\'API de rôle'; +$lang_module['api_cr_result'] = 'Voici la clé d\'accès et le code secret. Vous devez garder le code secret dans un endroit sûr avant de quitter cet écran. Après avoir quitté cet écran, vous ne serez pas en mesure de récupérer le code secret. Si vous perdez l\'accès et le code secret, vous devez recréer un autre accès à l\'API.'; +$lang_module['api_cr_credential_ident'] = 'Touches d\'accès'; +$lang_module['api_cr_credential_secret'] = 'Code secret'; +$lang_module['api_cr_back'] = 'Fait copié'; +$lang_module['api_cr_notice'] = 'Note: Gardez votre code secret secret et vos clés d\'accès spéciales secrètes. Si le code secret et la clé d\'accès sont exposés, les saboteurs peuvent effectuer des opérations indésirables'; +$lang_module['api_System'] = 'Fonctions du système'; +$lang_module['api_System_SendMail'] = 'Envoyer un email'; +$lang_module['other_info'] = 'Autres informations'; diff --git a/includes/language/fr/admin_settings.php b/includes/language/fr/admin_settings.php index 54685ff92a..2d8490603f 100644 --- a/includes/language/fr/admin_settings.php +++ b/includes/language/fr/admin_settings.php @@ -242,6 +242,9 @@ $lang_module['ftp_error_detect_root'] = 'Il est impossible de déterminer, merci de vérifier l\'identifiant et le mot de passe'; $lang_module['ftp_error_support'] = 'Votre hébergeur a bloqué FTP, veuillez leur contacter pour l\'activer'; $lang_module['cdn_url'] = 'Hosting CDN pour javascript, css'; +$lang_module['remote_api_access'] = 'Activer l\'API à distance'; +$lang_module['remote_api_access_help'] = 'La désactivation de tous les accès API de l\'extérieur sera bloquée. Les API internes sont toujours utilisées normalement'; +$lang_module['remote_api_log'] = 'Activer la journalisation d\'API à distance'; $lang_module['plugin'] = 'Configuration du Plugin'; $lang_module['plugin_info'] = 'Plugin doit être un fichier php se situé dans le dossier “includes/plugin/”. Ces Plugin exécutent toujours avec le système en cas d\'activation'; $lang_module['plugin_file'] = 'Fichier Plugin'; diff --git a/includes/language/vi/admin_authors.php b/includes/language/vi/admin_authors.php index b116011ca6..a8742fb693 100755 --- a/includes/language/vi/admin_authors.php +++ b/includes/language/vi/admin_authors.php @@ -170,3 +170,49 @@ $lang_module['2step_delete_all'] = 'Gỡ tất cả'; $lang_module['2step_error_oauth_exists'] = 'Tài khoản này đã có trong danh sách xác thực'; $lang_module['2step_addtime'] = 'Thêm lúc'; + +$lang_module['api_addtime'] = 'Tạo lúc'; +$lang_module['api_edittime'] = 'Cập nhật'; +$lang_module['api_roles'] = 'Quản lý API Roles'; +$lang_module['api_roles_list'] = 'Danh sách API Roles'; +$lang_module['api_roles_empty'] = 'Chưa có API Role nào được thêm. Mời bạn hoàn thành mẫu bên dưới để thêm mới API Role'; +$lang_module['api_roles_add'] = 'Tạo mới API Role'; +$lang_module['api_roles_edit'] = 'Sửa API Role'; +$lang_module['api_roles_title'] = 'Tên gọi API Role'; +$lang_module['api_roles_description'] = 'Mô tả API Role'; +$lang_module['api_roles_allowed'] = 'Các API được phép truy cập'; +$lang_module['api_roles_error_title'] = 'Lỗi: Chưa nhập tên gọi API Role'; +$lang_module['api_roles_error_exists'] = 'Lỗi: Tên gọi API Role này đã có, mời nhập tên gọi khác để tránh nhầm lẫn'; +$lang_module['api_roles_error_role'] = 'Lỗi: Chưa có API nào được chọn'; +$lang_module['api_roles_checkall'] = 'Chọn tất cả'; +$lang_module['api_roles_uncheckall'] = 'Bỏ chọn tất cả'; +$lang_module['api_roles_detail'] = 'Chi tiết các API của'; +$lang_module['api_role_notice'] = 'Lưu ý: Tùy theo cấp độ của tài khoản quản trị được cấp phép mà các API được quyền sử dụng trong mỗi API Role sẽ được xác định lại'; +$lang_module['api_role_notice_lang'] = 'Các API của hệ thống sẽ hiệu lực đối với tất cả các ngôn ngữ. Các API của module chỉ có hiệu lực đối với ngôn ngữ hiện tại.'; + +$lang_module['api_of_system'] = 'Hệ thống'; + +$lang_module['api_cr'] = 'Quyền truy cập API'; +$lang_module['api_cr_error_role_empty'] = 'Chưa có API Role được tạo, hãy tạo API Role trước. Hệ thống sẽ tự động chuyển trến trang tạo API Role trong giây lát'; +$lang_module['api_remote_off'] = 'Remote API đang tắt, các tài khoản được phép truy cập API bên dưới sẽ không thể thực hiện các cuộc gọi API. Để thực hiện được cuộc gọi API, hãy bật Remote API tại đây'; +$lang_module['api_cr_last_access_none'] = 'Chưa'; +$lang_module['api_cr_last_access'] = 'Dùng gần đây'; +$lang_module['api_cr_add'] = 'Thêm quyền truy cập API'; +$lang_module['api_cr_edit'] = 'Sửa quyền truy cập API'; +$lang_module['api_cr_title'] = 'Mô tả quyền'; +$lang_module['api_cr_for_admin'] = 'Chọn quản trị'; +$lang_module['api_cr_roles'] = 'Chọn API Role'; +$lang_module['api_cr_roles1'] = 'API Role'; +$lang_module['api_cr_error_title'] = 'Lỗi: Vui lòng nhập mô tả quyền truy cập API'; +$lang_module['api_cr_error_admin'] = 'Lỗi: Vui lòng chọn quản trị'; +$lang_module['api_cr_error_roles'] = 'Lỗi: Vui lòng chọn API Role'; +$lang_module['api_cr_result'] = 'Dưới đây là khóa truy cập và mã bí mật. Bạn cần lưu trữ lại mã bí mật ở một nơi an toàn trước khi thoát khỏi màn hình này. Sau khi thoát khỏi màn hình này bạn sẽ không thể lấy lại mã bí mật. Nếu bị mất khóa truy cập và mã bí mật bạn cần phải tạo lại quyền truy cập API khác.'; +$lang_module['api_cr_credential_ident'] = 'Khóa truy cập'; +$lang_module['api_cr_credential_secret'] = 'Mã bí mật'; +$lang_module['api_cr_back'] = 'Đã sao chép xong'; +$lang_module['api_cr_notice'] = 'Chú ý: Giữ an toàn cho mã bí mật và khóa truy cập đặc biệt là mã bí mật. Nếu mã bí mật và khóa truy cập bị lộ, kẻ phá hoại có thể thực hiện các thao tác không mong muốn'; + +$lang_module['api_System'] = 'Các chức năng hệ thống'; +$lang_module['api_System_SendMail'] = 'Gửi email'; + +$lang_module['other_info'] = 'Thông tin khác'; diff --git a/includes/language/vi/admin_settings.php b/includes/language/vi/admin_settings.php index 34a1c74ff6..7bd319f900 100755 --- a/includes/language/vi/admin_settings.php +++ b/includes/language/vi/admin_settings.php @@ -252,6 +252,9 @@ $lang_module['ftp_error_detect_root'] = 'Không thể tìm thấy thông số nào phù hợp, hãy kiểm tra lại tên đăng nhập và mật khẩu'; $lang_module['ftp_error_support'] = 'Máy chủ của bạn hiện đang chặn hoặc không hỗ trợ thư viện FTP, hãy liên hệ với nhà cung cấp để được kích hoạt.'; $lang_module['cdn_url'] = 'Hosting CDN cho javascript, css'; +$lang_module['remote_api_access'] = 'Bật Remote API'; +$lang_module['remote_api_access_help'] = 'Nếu tắt toàn bộ quyền truy cập API từ bên ngoài sẽ bị chặn. Các API bên trong vẫn sử dụng bình thường'; +$lang_module['remote_api_log'] = 'Ghi lại nhật ký Remote API'; $lang_module['plugin'] = 'Thiết lập Plugin'; $lang_module['plugin_info'] = 'Plugin thi phải là file php được chứa trong thư mục “includes/plugin/”. Các Plugin này sẽ luôn luôn chạy cùng hệ thống khi được kích hoạt'; diff --git a/install/action_mysql.php b/install/action_mysql.php index b524bf2d18..ebc83c6d6a 100755 --- a/install/action_mysql.php +++ b/install/action_mysql.php @@ -78,6 +78,30 @@ KEY oauth_email (oauth_email) ) ENGINE=MyISAM COMMENT 'Bảng lưu xác thực 2 bước từ oauth của admin'"; +$sql_create_table[] = "CREATE TABLE " . NV_AUTHORS_GLOBALTABLE . "_api_role ( + role_id smallint(4) NOT NULL AUTO_INCREMENT, + role_title varchar(250) NOT NULL DEFAULT '', + role_description text NOT NULL, + role_data text NOT NULL, + addtime int(11) NOT NULL DEFAULT '0', + edittime int(11) NOT NULL DEFAULT '0', + PRIMARY KEY (role_id) +) ENGINE=InnoDB COMMENT 'Bảng lưu quyền truy cập API'"; + +$sql_create_table[] = "CREATE TABLE " . NV_AUTHORS_GLOBALTABLE . "_api_credential ( + admin_id int(11) unsigned NOT NULL, + credential_title varchar(255) NOT NULL DEFAULT '', + credential_ident varchar(50) NOT NULL DEFAULT '', + credential_secret varchar(250) NOT NULL DEFAULT '', + api_roles varchar(255) NOT NULL DEFAULT '', + addtime int(11) NOT NULL DEFAULT '0', + edittime int(11) NOT NULL DEFAULT '0', + last_access int(11) NOT NULL DEFAULT '0', + UNIQUE KEY credential_ident (credential_ident), + UNIQUE KEY credential_secret (credential_secret(191)), + KEY admin_id (admin_id) +) ENGINE=InnoDB COMMENT 'Bảng lưu key API của quản trị'"; + $sql_create_table[] = "CREATE TABLE " . NV_CONFIG_GLOBALTABLE . " ( lang varchar(3) NOT NULL DEFAULT 'sys', module varchar(50) NOT NULL DEFAULT 'global', diff --git a/install/data.php b/install/data.php index 660d903c29..1f02ed1e9a 100755 --- a/install/data.php +++ b/install/data.php @@ -150,6 +150,9 @@ $sql_create_table[] = "INSERT INTO " . NV_CONFIG_GLOBALTABLE . " (lang, module, config_name, config_value) VALUES ('sys', 'global', 'crossadmin_valid_ips', '')"; $sql_create_table[] = "INSERT INTO " . NV_CONFIG_GLOBALTABLE . " (lang, module, config_name, config_value) VALUES ('sys', 'global', 'domains_whitelist', '[\"youtube.com\",\"www.youtube.com\",\"google.com\",\"www.google.com\",\"drive.google.com\",\"docs.google.com\"]')"; $sql_create_table[] = "INSERT INTO " . NV_CONFIG_GLOBALTABLE . " (lang, module, config_name, config_value) VALUES ('sys', 'global', 'domains_restrict', '1')"; +$sql_create_table[] = "INSERT INTO " . NV_CONFIG_GLOBALTABLE . " (lang, module, config_name, config_value) VALUES ('sys', 'global', 'remote_api_access', '0')"; +$sql_create_table[] = "INSERT INTO " . NV_CONFIG_GLOBALTABLE . " (lang, module, config_name, config_value) VALUES ('sys', 'global', 'remote_api_log', '1')"; + $sql_create_table[] = "INSERT INTO " . NV_CONFIG_GLOBALTABLE . " (lang, module, config_name, config_value) VALUES ('sys', 'define', 'nv_gfx_width', '150')"; $sql_create_table[] = "INSERT INTO " . NV_CONFIG_GLOBALTABLE . " (lang, module, config_name, config_value) VALUES ('sys', 'define', 'nv_gfx_height', '40')"; $sql_create_table[] = "INSERT INTO " . NV_CONFIG_GLOBALTABLE . " (lang, module, config_name, config_value) VALUES ('sys', 'define', 'nv_max_width', '1500')"; diff --git a/themes/admin_default/modules/authors/api-credentials-list.tpl b/themes/admin_default/modules/authors/api-credentials-list.tpl new file mode 100644 index 0000000000..ac8f2bbf19 --- /dev/null +++ b/themes/admin_default/modules/authors/api-credentials-list.tpl @@ -0,0 +1,45 @@ +{if empty($REMOTE_API_ACCESS)} + +{/if} +
+
+
+ {$LANG->get('api_cr_add')} +
+
+
+
+ + + + + + + + + + + + + {foreach from=$ARRAY item=row} + + + + + + + + + {/foreach} + +
{$LANG->get('api_cr_credential_ident')}{$LANG->get('api_cr_title')}{$LANG->get('users')}{$LANG->get('api_cr_roles1')}{$LANG->get('api_cr_last_access')}{$LANG->get('funcs')}
{$row.credential_ident}{$row.credential_title}{for $lev=1 to 3}{/for} {$row.username}{", "|implode:$row.api_roles_show}{if empty($row.last_access)}{$LANG->get('api_cr_last_access_none')}{else}{"H:i d/m/Y"|date:$row.last_access}{/if} + {$LANG->get('edit')} + {$LANG->get('delete')} +
+
+
+
diff --git a/themes/admin_default/modules/authors/api-credentials-result.tpl b/themes/admin_default/modules/authors/api-credentials-result.tpl new file mode 100644 index 0000000000..ef99552910 --- /dev/null +++ b/themes/admin_default/modules/authors/api-credentials-result.tpl @@ -0,0 +1,49 @@ + +
+
+
+ {$LANG->get('api_cr_result')} +
+
+
+ +
+ +
+ +
+
+
+
+ +
+ +
+ +
+
+
+
+

{$LANG->get('api_cr_notice')}.

+ {$LANG->get('api_cr_back')} +
+
+
+
+{literal} + +{/literal} diff --git a/themes/admin_default/modules/authors/api-credentials.tpl b/themes/admin_default/modules/authors/api-credentials.tpl new file mode 100644 index 0000000000..d3658a67c9 --- /dev/null +++ b/themes/admin_default/modules/authors/api-credentials.tpl @@ -0,0 +1,66 @@ + + + +{if not empty($ERROR)} + +{/if} +
+
+ {if $CREDENTIAL_IDENT}{$LANG->get('api_cr_edit')}{else}{$LANG->get('api_cr_add')}{/if} +
+
+
+
+ +
+ +
+
+ {if empty($CREDENTIAL_IDENT)} +
+ +
+ +
+
+ {/if} +
+ +
+
+ {foreach from=$ARRAY_ROLES key=key item=role} +
+ +
+ {/foreach} +
+
+
+
+ +
+ +
+
+
+
+
+ diff --git a/themes/admin_default/modules/authors/api-roles.tpl b/themes/admin_default/modules/authors/api-roles.tpl new file mode 100644 index 0000000000..4c03ab888b --- /dev/null +++ b/themes/admin_default/modules/authors/api-roles.tpl @@ -0,0 +1,189 @@ + + +
{LANG.api_roles_empty}.
+ + +
{LANG.api_role_notice}.
+ +
+ +
{LANG.api_role_notice_lang}.
+ + +
{ERROR}
+ +
+
+ {CAPTION} +
+
+
+
+ +
+ +
+
+
+ +
+ +
+
+
+
+ {LANG.api_roles_allowed} {TOTAL_API_ENABLED} +
+
+
+
+
+ + +
+
+
+
+
+
+ + + + + + + +{if empty($ARRAY)} +{else} +
+
+ {$LANG->get('api_roles_list')} +
+
+
+ + + + + + + + + + + + {foreach from=$ARRAY item=row} + + + + + + + + + + + {/foreach} + +
{$LANG->get('api_roles_title')}{$LANG->get('api_roles_description')}{$LANG->get('api_addtime')}{$LANG->get('api_edittime')}{$LANG->get('funcs')}
+ {$row.role_title} ({$row.apitotal}) + {$row.role_description}{"H:i d/m/Y"|date:$row.addtime}{if $row.edittime}{"H:i d/m/Y"|date:$row.edittime}{/if} + {$LANG->get('edit')} + {$LANG->get('delete')} +
+
+
+
+{/if} +
+
+
+
+ +
+
+
+ +
+
+
+
+
+ {foreach from=$ARRAY_API_CONTENTS item=apicontent} +
+
+
+ {foreach from=$apicontent.apis item=api} +
+ +
+ {/foreach} +
+
+
+
+ +
+
+ {/foreach} +
+
+
+
+
+
+
+
diff --git a/themes/admin_default/modules/settings/system.tpl b/themes/admin_default/modules/settings/system.tpl index 73a3bec377..3f724f242f 100755 --- a/themes/admin_default/modules/settings/system.tpl +++ b/themes/admin_default/modules/settings/system.tpl @@ -128,6 +128,14 @@ {LANG.nv_debug} + + {LANG.remote_api_access} + + + + {LANG.remote_api_log} + + {LANG.error_send_email} diff --git a/vendor/composer/ClassLoader.php b/vendor/composer/ClassLoader.php index fce8549f07..1a58957d25 100644 --- a/vendor/composer/ClassLoader.php +++ b/vendor/composer/ClassLoader.php @@ -37,8 +37,8 @@ * * @author Fabien Potencier * @author Jordi Boggiano - * @see http://www.php-fig.org/psr/psr-0/ - * @see http://www.php-fig.org/psr/psr-4/ + * @see https://www.php-fig.org/psr/psr-0/ + * @see https://www.php-fig.org/psr/psr-4/ */ class ClassLoader { @@ -60,7 +60,7 @@ class ClassLoader public function getPrefixes() { if (!empty($this->prefixesPsr0)) { - return call_user_func_array('array_merge', $this->prefixesPsr0); + return call_user_func_array('array_merge', array_values($this->prefixesPsr0)); } return array(); diff --git a/vendor/composer/autoload_classmap.php b/vendor/composer/autoload_classmap.php index 8933be9fce..9d10b1723b 100644 --- a/vendor/composer/autoload_classmap.php +++ b/vendor/composer/autoload_classmap.php @@ -6,5 +6,6 @@ $baseDir = dirname($vendorDir); return array( + 'Composer\\InstalledVersions' => $vendorDir . '/composer/InstalledVersions.php', 'PclZip' => $vendorDir . '/vinades/pclzip/pclzip.lib.php', ); diff --git a/vendor/composer/autoload_psr4.php b/vendor/composer/autoload_psr4.php index cf108dd620..68dbc5a207 100644 --- a/vendor/composer/autoload_psr4.php +++ b/vendor/composer/autoload_psr4.php @@ -11,6 +11,8 @@ 'Symfony\\Component\\OptionsResolver\\' => array($vendorDir . '/symfony/options-resolver'), 'PHPMailer\\PHPMailer\\' => array($vendorDir . '/phpmailer/phpmailer/src'), 'OAuth\\' => array($vendorDir . '/and/oauth/src'), + 'NukeViet\\Module\\' => array($baseDir . '/modules'), + 'NukeViet\\Api\\' => array($baseDir . '/includes/api'), 'NukeViet\\' => array($vendorDir . '/vinades/nukeviet'), 'League\\Url\\' => array($vendorDir . '/league/url/src'), 'Endroid\\QrCode\\' => array($vendorDir . '/endroid/qrcode/src'), diff --git a/vendor/composer/autoload_real.php b/vendor/composer/autoload_real.php index 5b9a65643d..2e3b3aaa56 100644 --- a/vendor/composer/autoload_real.php +++ b/vendor/composer/autoload_real.php @@ -13,19 +13,24 @@ public static function loadClassLoader($class) } } + /** + * @return \Composer\Autoload\ClassLoader + */ public static function getLoader() { if (null !== self::$loader) { return self::$loader; } + require __DIR__ . '/platform_check.php'; + spl_autoload_register(array('ComposerAutoloaderInit8c9f50366561a5497ebe188ba93ba4da', 'loadClassLoader'), true, true); self::$loader = $loader = new \Composer\Autoload\ClassLoader(); spl_autoload_unregister(array('ComposerAutoloaderInit8c9f50366561a5497ebe188ba93ba4da', 'loadClassLoader')); $useStaticLoader = PHP_VERSION_ID >= 50600 && !defined('HHVM_VERSION') && (!function_exists('zend_loader_file_encoded') || !zend_loader_file_encoded()); if ($useStaticLoader) { - require_once __DIR__ . '/autoload_static.php'; + require __DIR__ . '/autoload_static.php'; call_user_func(\Composer\Autoload\ComposerStaticInit8c9f50366561a5497ebe188ba93ba4da::getInitializer($loader)); } else { diff --git a/vendor/composer/autoload_static.php b/vendor/composer/autoload_static.php index 6d9990c916..486b144ef2 100644 --- a/vendor/composer/autoload_static.php +++ b/vendor/composer/autoload_static.php @@ -30,6 +30,8 @@ class ComposerStaticInit8c9f50366561a5497ebe188ba93ba4da ), 'N' => array ( + 'NukeViet\\Module\\' => 16, + 'NukeViet\\Api\\' => 13, 'NukeViet\\' => 9, ), 'L' => @@ -63,6 +65,14 @@ class ComposerStaticInit8c9f50366561a5497ebe188ba93ba4da array ( 0 => __DIR__ . '/..' . '/and/oauth/src', ), + 'NukeViet\\Module\\' => + array ( + 0 => __DIR__ . '/../..' . '/modules', + ), + 'NukeViet\\Api\\' => + array ( + 0 => __DIR__ . '/../..' . '/includes/api', + ), 'NukeViet\\' => array ( 0 => __DIR__ . '/..' . '/vinades/nukeviet', @@ -99,6 +109,7 @@ class ComposerStaticInit8c9f50366561a5497ebe188ba93ba4da ); public static $classMap = array ( + 'Composer\\InstalledVersions' => __DIR__ . '/..' . '/composer/InstalledVersions.php', 'PclZip' => __DIR__ . '/..' . '/vinades/pclzip/pclzip.lib.php', ); diff --git a/vendor/composer/platform_check.php b/vendor/composer/platform_check.php new file mode 100644 index 0000000000..da648618b2 --- /dev/null +++ b/vendor/composer/platform_check.php @@ -0,0 +1,29 @@ += 50600)) { + $issues[] = 'Your Composer dependencies require a PHP version ">= 5.6.0". You are running ' . PHP_VERSION . '.'; +} + +$missingExtensions = array(); +extension_loaded('ctype') || $missingExtensions[] = 'ctype'; +extension_loaded('filter') || $missingExtensions[] = 'filter'; +extension_loaded('gd') || $missingExtensions[] = 'gd'; +extension_loaded('json') || $missingExtensions[] = 'json'; +extension_loaded('mbstring') || $missingExtensions[] = 'mbstring'; +extension_loaded('reflection') || $missingExtensions[] = 'reflection'; +extension_loaded('session') || $missingExtensions[] = 'session'; +extension_loaded('spl') || $missingExtensions[] = 'spl'; +extension_loaded('xml') || $missingExtensions[] = 'xml'; + +if ($missingExtensions) { + $issues[] = 'Your Composer dependencies require the following PHP extensions to be installed: ' . implode(', ', $missingExtensions); +} + +if ($issues) { + echo 'Composer detected issues in your platform:' . "\n\n" . implode("\n", $issues); + exit(104); +}