| [ Index ] |
PHP Cross Reference of vtigercrm-6.1.0 |
[Summary view] [Print] [Text view]
1 <?php 2 /*+********************************************************************************** 3 * The contents of this file are subject to the vtiger CRM Public License Version 1.1 4 * ("License"); You may not use this file except in compliance with the License 5 * The Original Code is: vtiger CRM Open Source 6 * The Initial Developer of the Original Code is vtiger. 7 * Portions created by vtiger are Copyright (C) vtiger. 8 * All Rights Reserved. 9 ************************************************************************************/ 10 11 require_once 'include/utils/utils.php'; 12 require_once 'include/utils/CommonUtils.php'; 13 14 require_once 'includes/Loader.php'; 15 vimport ('includes.runtime.EntryPoint'); 16 17 class Vtiger_WebUI extends Vtiger_EntryPoint { 18 19 /** 20 * Function to check if the User has logged in 21 * @param Vtiger_Request $request 22 * @throws AppException 23 */ 24 protected function checkLogin (Vtiger_Request $request) { 25 if (!$this->hasLogin()) { 26 header('Location: index.php'); 27 throw new AppException('Login is required'); 28 } 29 } 30 31 /** 32 * Function to get the instance of the logged in User 33 * @return Users object 34 */ 35 function getLogin() { 36 $user = parent::getLogin(); 37 if (!$user) { 38 $userid = Vtiger_Session::get('AUTHUSERID', $_SESSION['authenticated_user_id']); 39 if ($userid) { 40 $user = CRMEntity::getInstance('Users'); 41 $user->retrieveCurrentUserInfoFromFile($userid); 42 $this->setLogin($user); 43 } 44 } 45 return $user; 46 } 47 48 protected function triggerCheckPermission($handler, $request) { 49 $moduleName = $request->getModule(); 50 $moduleModel = Vtiger_Module_Model::getInstance($moduleName); 51 52 if (empty($moduleModel)) { 53 throw new AppException(vtranslate('LBL_HANDLER_NOT_FOUND')); 54 } 55 56 $userPrivilegesModel = Users_Privileges_Model::getCurrentUserPrivilegesModel(); 57 $permission = $userPrivilegesModel->hasModulePermission($moduleModel->getId()); 58 59 if ($permission) { 60 $handler->checkPermission($request); 61 return; 62 } 63 throw new AppException(vtranslate($moduleName).' '.vtranslate('LBL_NOT_ACCESSIBLE')); 64 } 65 66 protected function triggerPreProcess($handler, $request) { 67 if($request->isAjax()){ 68 return true; 69 } 70 $handler->preProcess($request); 71 } 72 73 protected function triggerPostProcess($handler, $request) { 74 if($request->isAjax()){ 75 return true; 76 } 77 $handler->postProcess($request); 78 } 79 80 function isInstalled() { 81 global $dbconfig; 82 if (empty($dbconfig) || empty($dbconfig['db_name']) || $dbconfig['db_name'] == '_DBC_TYPE_') { 83 return false; 84 } 85 return true; 86 } 87 88 function process (Vtiger_Request $request) { 89 Vtiger_Session::init(); 90 91 // Better place this here as session get initiated 92 require_once 'libraries/csrf-magic/csrf-magic.php'; 93 94 // TODO - Get rid of global variable $current_user 95 // common utils api called, depend on this variable right now 96 $currentUser = $this->getLogin(); 97 vglobal('current_user', $currentUser); 98 99 global $default_language; 100 vglobal('default_language', $default_language); 101 $currentLanguage = Vtiger_Language_Handler::getLanguage(); 102 vglobal('current_language',$currentLanguage); 103 $module = $request->getModule(); 104 $qualifiedModuleName = $request->getModule(false); 105 106 if ($currentUser && $qualifiedModuleName) { 107 $moduleLanguageStrings = Vtiger_Language_Handler::getModuleStringsFromFile($currentLanguage,$qualifiedModuleName); 108 vglobal('mod_strings', $moduleLanguageStrings['languageStrings']); 109 } 110 111 if ($currentUser) { 112 $moduleLanguageStrings = Vtiger_Language_Handler::getModuleStringsFromFile($currentLanguage); 113 vglobal('app_strings', $moduleLanguageStrings['languageStrings']); 114 } 115 116 $view = $request->get('view'); 117 $action = $request->get('action'); 118 $response = false; 119 120 try { 121 if($this->isInstalled() === false && $module != 'Install') { 122 header('Location:index.php?module=Install&view=Index'); 123 exit; 124 } 125 126 if(empty($module)) { 127 if ($this->hasLogin()) { 128 $defaultModule = vglobal('default_module'); 129 if(!empty($defaultModule) && $defaultModule != 'Home') { 130 $module = $defaultModule; $qualifiedModuleName = $defaultModule; $view = 'List'; 131 if($module == 'Calendar') { 132 // To load MyCalendar instead of list view for calendar 133 //TODO: see if it has to enhanced and get the default view from module model 134 $view = 'Calendar'; 135 } 136 } else { 137 $module = 'Home'; $qualifiedModuleName = 'Home'; $view = 'DashBoard'; 138 } 139 } else { 140 $module = 'Users'; $qualifiedModuleName = 'Settings:Users'; $view = 'Login'; 141 } 142 $request->set('module', $module); 143 $request->set('view', $view); 144 } 145 146 if (!empty($action)) { 147 $componentType = 'Action'; 148 $componentName = $action; 149 } else { 150 $componentType = 'View'; 151 if(empty($view)) { 152 $view = 'Index'; 153 } 154 $componentName = $view; 155 } 156 $handlerClass = Vtiger_Loader::getComponentClassName($componentType, $componentName, $qualifiedModuleName); 157 $handler = new $handlerClass(); 158 159 if ($handler) { 160 vglobal('currentModule', $module); 161 162 // Ensure handler validates the request 163 $handler->validateRequest($request); 164 165 if ($handler->loginRequired()) { 166 $this->checkLogin ($request); 167 } 168 169 //TODO : Need to review the design as there can potential security threat 170 $skipList = array('Users', 'Home', 'CustomView', 'Import', 'Export', 'Inventory', 'Vtiger','PriceBooks','Migration','Install'); 171 172 if(!in_array($module, $skipList) && stripos($qualifiedModuleName, 'Settings') === false) { 173 $this->triggerCheckPermission($handler, $request); 174 } 175 176 // Every settings page handler should implement this method 177 if(stripos($qualifiedModuleName, 'Settings') === 0 || ($module=='Users')) { 178 $handler->checkPermission($request); 179 } 180 181 $notPermittedModules = array('ModComments','Integration' ,'DashBoard'); 182 183 if(in_array($module, $notPermittedModules) && $view == 'List'){ 184 header('Location:index.php?module=Home&view=DashBoard'); 185 } 186 187 $this->triggerPreProcess($handler, $request); 188 $response = $handler->process($request); 189 $this->triggerPostProcess($handler, $request); 190 } else { 191 throw new AppException(vtranslate('LBL_HANDLER_NOT_FOUND')); 192 } 193 } catch(Exception $e) { 194 if ($view) { 195 // Log for developement. 196 error_log($e->getTraceAsString(), E_NOTICE); 197 198 $viewer = new Vtiger_Viewer(); 199 $viewer->assign('MESSAGE', $e->getMessage()); 200 $viewer->view('OperationNotPermitted.tpl', 'Vtiger'); 201 } else { 202 $response = new Vtiger_Response(); 203 $response->setEmitType(Vtiger_Response::$EMIT_JSON); 204 $response->setError($e->getMessage()); 205 } 206 } 207 208 if ($response) { 209 $response->emit(); 210 } 211 } 212 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Fri Nov 28 20:08:37 2014 | Cross-referenced by PHPXref 0.7.1 |