-
Notifications
You must be signed in to change notification settings - Fork 195
/
Admin.php
128 lines (115 loc) · 3.97 KB
/
Admin.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
<?php
/**
* Omeka
*
* @copyright Copyright 2007-2012 Roy Rosenzweig Center for History and New Media
* @license http://www.gnu.org/licenses/gpl-3.0.txt GNU GPLv3
*/
/**
* This controller plugin allows for all functionality that is specific to the
* Admin theme.
*
* For now, all this includes is preventing unauthenticated access to all admin
* pages, with the exception of a few white-listed URLs, which are stored in
* this plugin.
*
* This controller plugin should be loaded only in the admin bootstrap.
*
* @package Omeka\Controller\Plugin
*/
class Omeka_Controller_Plugin_Admin extends Zend_Controller_Plugin_Abstract
{
/**
* Controller/Action list for admin actions that do not require being logged-in
*
* @var string
*/
protected $_adminWhitelist = array(
array('controller' => 'users', 'action' => 'activate'),
array('controller' => 'users', 'action' => 'login'),
array('controller' => 'users', 'action' => 'forgot-password'),
array('controller' => 'installer', 'action' => 'notify'),
array('controller' => 'error', 'action' => 'error')
);
/**
* Direct requests to the admin interface.
* Called upon router startup, before the request is routed.
*
* @param Zend_Controller_Request_Abstract $request
*/
public function routeStartup(Zend_Controller_Request_Abstract $request)
{
// Let the request know that we want to go through the admin interface.
$request->setParam('admin', true);
}
/**
* Require login when attempting to access the admin interface.
* Whitelisted controller/action combinations are exempt from this
* requirement.
* Called before dispatching.
*
* @param Zend_Controller_Request_Abstract $request
*/
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$this->_adminWhitelist = apply_filters('admin_whitelist', $this->_adminWhitelist);
if ($this->_requireLogin($request)) {
$user = Zend_Controller_Front::getInstance()->getParam('bootstrap')->getResource('Currentuser');
if (!$user) {
// capture the intended controller / action for the redirect
$session = new Zend_Session_Namespace;
$session->redirect = $request->getPathInfo() .
(!empty($_GET) ? '?' . http_build_query($_GET) : '');
// finally, send to a login page
$this->getRedirector()->goto('login', 'users', 'default');
}
}
}
/**
* Return the redirector action helper.
*
* @return Zend_Controller_Action_Helper_Redirector
*/
public function getRedirector()
{
return Zend_Controller_Action_HelperBroker::getStaticHelper('redirector');
}
/**
* Return the auth object.
*
* @return Zend_Auth
*/
public function getAuth()
{
return Zend_Auth::getInstance();
}
/**
* Determine whether or not the request requires an authenticated
* user.
*
* @return bool
*/
private function _requireLogin($request)
{
$action = $request->getActionName();
$controller = $request->getControllerName();
$module = $request->getModuleName();
foreach ($this->_adminWhitelist as $entry) {
// Any whitelist entry that omits the module will be assumed to be
// talking about the default module.
if (!array_key_exists('module', $entry)) {
$entry['module'] = 'default';
}
$inWhitelist = ($entry['controller'] == $controller)
&& ($entry['action'] == $action);
// Module name is not always defined in the request.
if ($module !== null) {
$inWhitelist = $inWhitelist && ($entry['module'] == $module);
}
if ($inWhitelist) {
return false;
}
}
return true;
}
}