/
Controller.php
558 lines (479 loc) · 17.4 KB
/
Controller.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
<?php
/**
* Base controller class.
* Controllers are the cornerstone of all site functionality in SilverStripe. The {@link Director}
* selects a controller to pass control to, and then calls {@link run()}. This method will execute
* the appropriate action - either by calling the action method, or displaying the action's template.
*
* See {@link getTemplate()} for information on how the template is chosen.
* @package framework
* @subpackage control
*/
class Controller extends RequestHandler implements TemplateGlobalProvider {
/**
* @var array $urlParams An array of arguments extracted from the URL
*/
protected $urlParams;
/**
* @var array $requestParams Contains all GET and POST parameters
* passed to the current {@link SS_HTTPRequest}.
* @uses SS_HTTPRequest->requestVars()
*/
protected $requestParams;
/**
* @var string $action The URL part matched on the current controller as
* determined by the "$Action" part of the {@link $url_handlers} definition.
* Should correlate to a public method on this controller.
* Used in {@link render()} and {@link getViewer()} to determine
* action-specific templates.
*/
protected $action;
/**
* The {@link Session} object for this controller
*/
protected $session;
/**
* Stack of current controllers.
* Controller::$controller_stack[0] is the current controller.
*/
protected static $controller_stack = array();
protected $basicAuthEnabled = true;
/**
* @var SS_HTTPResponse $response The response object that the controller returns.
* Set in {@link handleRequest()}.
*/
protected $response;
/**
* Default URL handlers - (Action)/(ID)/(OtherID)
*/
static $url_handlers = array(
'$Action//$ID/$OtherID' => 'handleAction',
);
static $allowed_actions = array(
'handleAction',
'handleIndex',
);
/**
* Initialisation function that is run before any action on the controller is called.
*
* @uses BasicAuth::requireLogin()
*/
function init() {
if($this->basicAuthEnabled) BasicAuth::protect_site_if_necessary();
// Directly access the session variable just in case the Group or Member tables don't yet exist
if(Session::get('loggedInAs') && Security::database_is_ready()) {
$member = Member::currentUser();
if($member) {
if(!headers_sent()) Cookie::set("PastMember", true, 90, null, null, false, true);
DB::query("UPDATE \"Member\" SET \"LastVisited\" = " . DB::getConn()->now() . " WHERE \"ID\" = $member->ID", null);
}
}
// This is used to test that subordinate controllers are actually calling parent::init() - a common bug
$this->baseInitCalled = true;
}
/**
* Returns a link to this controller. Overload with your own Link rules if they exist.
*/
function Link() {
return get_class($this) .'/';
}
/**
* Executes this controller, and return an {@link SS_HTTPResponse} object with the result.
*
* This method first does a few set-up activities:
* - Push this controller ont to the controller stack -
* see {@link Controller::curr()} for information about this.
* - Call {@link init()}
* - Defer to {@link RequestHandler->handleRequest()} to determine which action
* should be executed
*
* Note: $requestParams['executeForm'] support was removed,
* make the following change in your URLs:
* "/?executeForm=FooBar" -> "/FooBar"
* Also make sure "FooBar" is in the $allowed_actions of your controller class.
*
* Note: You should rarely need to overload run() -
* this kind of change is only really appropriate for things like nested
* controllers - {@link ModelAsController} and {@link RootURLController}
* are two examples here. If you want to make more
* orthodox functionality, it's better to overload {@link init()} or {@link index()}.
*
* Important: If you are going to overload handleRequest,
* make sure that you start the method with $this->pushCurrent()
* and end the method with $this->popCurrent().
* Failure to do this will create weird session errors.
*
* @param $request The {@link SS_HTTPRequest} object that is responsible
* for distributing request parsing.
* @return SS_HTTPResponse The response that this controller produces,
* including HTTP headers such as redirection info
*/
function handleRequest(SS_HTTPRequest $request, DataModel $model) {
if(!$request) user_error("Controller::handleRequest() not passed a request!", E_USER_ERROR);
$this->pushCurrent();
$this->urlParams = $request->allParams();
$this->request = $request;
$this->response = new SS_HTTPResponse();
$this->setDataModel($model);
$this->extend('onBeforeInit');
// Init
$this->baseInitCalled = false;
$this->init();
if(!$this->baseInitCalled) user_error("init() method on class '$this->class' doesn't call Controller::init(). Make sure that you have parent::init() included.", E_USER_WARNING);
$this->extend('onAfterInit');
// If we had a redirection or something, halt processing.
if($this->response->isFinished()) {
$this->popCurrent();
return $this->response;
}
$body = parent::handleRequest($request, $model);
if($body instanceof SS_HTTPResponse) {
if(isset($_REQUEST['debug_request'])) Debug::message("Request handler returned SS_HTTPResponse object to $this->class controller; returning it without modification.");
$this->response = $body;
} else {
if(is_object($body)) {
if(isset($_REQUEST['debug_request'])) Debug::message("Request handler $body->class object to $this->class controller;, rendering with template returned by $body->class::getViewer()");
$body = $body->getViewer($request->latestParam('Action'))->process($body);
}
$this->response->setBody($body);
}
ContentNegotiator::process($this->response);
HTTP::add_cache_headers($this->response);
$this->popCurrent();
return $this->response;
}
/**
* Controller's default action handler. It will call the method named in $Action, if that method exists.
* If $Action isn't given, it will use "index" as a default.
*/
public function handleAction($request) {
// urlParams, requestParams, and action are set for backward compatability
foreach($request->latestParams() as $k => $v) {
if($v || !isset($this->urlParams[$k])) $this->urlParams[$k] = $v;
}
$this->action = str_replace("-","_",$request->param('Action'));
$this->requestParams = $request->requestVars();
if(!$this->action) $this->action = 'index';
if(!$this->hasAction($this->action)) {
$this->httpError(404, "The action '$this->action' does not exist in class $this->class");
}
// run & init are manually disabled, because they create infinite loops and other dodgy situations
if(!$this->checkAccessAction($this->action) || in_array(strtolower($this->action), array('run', 'init'))) {
return $this->httpError(403, "Action '$this->action' isn't allowed on class $this->class");
}
if($this->hasMethod($this->action)) {
$result = $this->{$this->action}($request);
// If the action returns an array, customise with it before rendering the template.
if(is_array($result)) {
return $this->getViewer($this->action)->process($this->customise($result));
} else {
return $result;
}
} else {
return $this->getViewer($this->action)->process($this);
}
}
function setURLParams($urlParams) {
$this->urlParams = $urlParams;
}
/**
* @return array The parameters extracted from the URL by the {@link Director}.
*/
function getURLParams() {
return $this->urlParams;
}
/**
* Returns the SS_HTTPResponse object that this controller is building up.
* Can be used to set the status code and headers
*/
function getResponse() {
return $this->response;
}
protected $baseInitCalled = false;
/**
* Return the object that is going to own a form that's being processed, and handle its execution.
* Note that the result needn't be an actual controller object.
*/
function getFormOwner() {
// Get the appropraite ocntroller: sometimes we want to get a form from another controller
if(isset($this->requestParams['formController'])) {
$formController = Director::getControllerForURL($this->requestParams['formController']);
while(is_a($formController, 'NestedController')) {
$formController = $formController->getNestedController();
}
return $formController;
} else {
return $this;
}
}
/**
* This is the default action handler used if a method doesn't exist.
* It will process the controller object with the template returned by {@link getViewer()}
*/
function defaultAction($action) {
return $this->getViewer($action)->process($this);
}
/**
* Returns the action that is being executed on this controller.
*/
function getAction() {
return $this->action;
}
/**
* Return an SSViewer object to process the data
* @return SSViewer The viewer identified being the default handler for this Controller/Action combination
*/
function getViewer($action) {
// Hard-coded templates
if($this->templates[$action]) {
$templates = $this->templates[$action];
} else if($this->templates['index']) {
$templates = $this->templates['index'];
} else if($this->template) {
$templates = $this->template;
} else {
// Add action-specific templates for inheritance chain
$parentClass = $this->class;
if($action && $action != 'index') {
$parentClass = $this->class;
while($parentClass != "Controller") {
$templates[] = strtok($parentClass,'_') . '_' . $action;
$parentClass = get_parent_class($parentClass);
}
}
// Add controller templates for inheritance chain
$parentClass = $this->class;
while($parentClass != "Controller") {
$templates[] = strtok($parentClass,'_');
$parentClass = get_parent_class($parentClass);
}
// remove duplicates
$templates = array_unique($templates);
}
return new SSViewer($templates);
}
public function hasAction($action) {
return parent::hasAction($action) || $this->hasActionTemplate($action);
}
/**
* Removes all the "action" part of the current URL and returns the result.
* If no action parameter is present, returns the full URL
* @static
* @return String
*/
public function removeAction($fullURL, $action = null) {
if (!$action) $action = $this->getAction(); //default to current action
$returnURL = $fullURL;
if (($pos = strpos($fullURL, $action)) !== false) {
$returnURL = substr($fullURL,0,$pos);
}
return $returnURL;
}
/**
* Returns TRUE if this controller has a template that is specifically designed to handle a specific action.
*
* @param string $action
* @return bool
*/
public function hasActionTemplate($action) {
if(isset($this->templates[$action])) return true;
$parentClass = $this->class;
$templates = array();
while($parentClass != 'Controller') {
$templates[] = strtok($parentClass, '_') . '_' . $action;
$parentClass = get_parent_class($parentClass);
}
return SSViewer::hasTemplate($templates);
}
/**
* Render the current controller with the templates determined
* by {@link getViewer()}.
*
* @param array $params Key-value array for custom template variables (Optional)
* @return string Parsed template content
*/
function render($params = null) {
$template = $this->getViewer($this->getAction());
// if the object is already customised (e.g. through Controller->run()), use it
$obj = ($this->customisedObj) ? $this->customisedObj : $this;
if($params) $obj = $this->customise($params);
return $template->process($obj);
}
/**
* Call this to disable site-wide basic authentication for a specific contoller.
* This must be called before Controller::init(). That is, you must call it in your controller's
* init method before it calls parent::init().
*/
function disableBasicAuth() {
$this->basicAuthEnabled = false;
}
/**
* Returns the current controller
* @returns Controller
*/
public static function curr() {
if(Controller::$controller_stack) {
return Controller::$controller_stack[0];
} else {
user_error("No current controller available", E_USER_WARNING);
}
}
/**
* Tests whether we have a currently active controller or not
* @return boolean True if there is at least 1 controller in the stack.
*/
public static function has_curr() {
return Controller::$controller_stack ? true : false;
}
/**
* Returns true if the member is allowed to do the given action.
* @param perm The permission to be checked, such as 'View'.
* @param member The member whose permissions need checking. Defaults to the currently logged
* in user.
* @return boolean
*/
function can($perm, $member = null) {
if(!$member) $member = Member::currentUser();
if(is_array($perm)) {
$perm = array_map(array($this, 'can'), $perm, array_fill(0, count($perm), $member));
return min($perm);
}
if($this->hasMethod($methodName = 'can' . $perm)) {
return $this->$methodName($member);
} else {
return true;
}
}
//-----------------------------------------------------------------------------------
/**
* Pushes this controller onto the stack of current controllers.
* This means that any redirection, session setting, or other things that rely on Controller::curr() will now write to this
* controller object.
*/
function pushCurrent() {
array_unshift(self::$controller_stack, $this);
// Create a new session object
if(!$this->session) {
if(isset(self::$controller_stack[1])) {
$this->session = self::$controller_stack[1]->getSession();
} else {
$this->session = new Session(null);
}
}
}
/**
* Pop this controller off the top of the stack.
*/
function popCurrent() {
if($this === self::$controller_stack[0]) {
array_shift(self::$controller_stack);
} else {
user_error("popCurrent called on $this->class controller, but it wasn't at the top of the stack", E_USER_WARNING);
}
}
/**
* Redirct to the given URL.
* It is generally recommended to call Director::redirect() rather than calling this function directly.
*/
function redirect($url, $code=302) {
if(!$this->response) $this->response = new SS_HTTPResponse();
if($this->response->getHeader('Location')) {
user_error("Already directed to " . $this->response->getHeader('Location') . "; now trying to direct to $url", E_USER_WARNING);
return;
}
// Attach site-root to relative links, if they have a slash in them
if($url == "" || $url[0] == '?' || (substr($url,0,4) != "http" && $url[0] != "/" && strpos($url,'/') !== false)){
$url = Director::baseURL() . $url;
}
$this->response->redirect($url, $code);
}
/**
* Redirect back. Uses either the HTTP_REFERER or a manually set request-variable called "BackURL".
* This variable is needed in scenarios where not HTTP-Referer is sent (
* e.g when calling a page by location.href in IE).
* If none of the two variables is available, it will redirect to the base
* URL (see {@link Director::baseURL()}).
* @uses redirect()
*/
function redirectBack() {
$url = null;
// In edge-cases, this will be called outside of a handleRequest() context; in that case,
// redirect to the homepage - don't break into the global state at this stage because we'll
// be calling from a test context or something else where the global state is inappropraite
if($this->request) {
if($this->request->requestVar('BackURL')) {
$url = $this->request->requestVar('BackURL');
} else if($this->request->getHeader('Referer')) {
$url = $this->request->getHeader('Referer');
}
}
if(!$url) $url = Director::baseURL();
// absolute redirection URLs not located on this site may cause phishing
if(Director::is_site_url($url)) {
return $this->redirect($url);
} else {
return false;
}
}
/**
* Tests whether a redirection has been requested.
* @return string If redirect() has been called, it will return the URL redirected to. Otherwise, it will return null;
*/
function redirectedTo() {
return $this->response && $this->response->getHeader('Location');
}
/**
* Get the Session object representing this Controller's session
* @return Session
*/
function getSession() {
return $this->session;
}
/**
* Set the Session object.
*/
function setSession(Session $session) {
$this->session = $session;
}
/**
* Joins two or more link segments together, putting a slash between them if necessary.
* Use this for building the results of {@link Link()} methods.
* If either of the links have query strings,
* then they will be combined and put at the end of the resulting url.
*
* Caution: All parameters are expected to be URI-encoded already.
*
* @param String
* @return String
*/
static function join_links() {
$args = func_get_args();
$result = "";
$querystrings = array();
$fragmentIdentifier = null;
foreach($args as $arg) {
// Find fragment identifier - keep the last one
if(strpos($arg,'#') !== false) {
list($arg, $fragmentIdentifier) = explode('#',$arg,2);
}
// Find querystrings
if(strpos($arg,'?') !== false) {
list($arg, $suffix) = explode('?',$arg,2);
$querystrings[] = $suffix;
}
if((is_string($arg) && $arg) || is_numeric($arg)) {
$arg = (string)$arg;
if($result && substr($result,-1) != '/' && $arg[0] != '/') $result .= "/$arg";
else $result .= (substr($result, -1) == '/' && $arg[0] == '/') ? ltrim($arg, '/') : $arg;
}
}
if($querystrings) $result .= '?' . implode('&', $querystrings);
if($fragmentIdentifier) $result .= "#$fragmentIdentifier";
return $result;
}
public static function get_template_global_variables() {
return array(
'CurrentPage' => 'curr',
);
}
}