2014-07-20 12:26:15 +02:00
|
|
|
<?php
|
|
|
|
|
|
|
|
namespace Controller;
|
|
|
|
|
2014-12-22 19:15:38 +01:00
|
|
|
use Pimple\Container;
|
2014-10-22 19:59:09 +02:00
|
|
|
use Core\Tool;
|
2014-07-20 12:26:15 +02:00
|
|
|
use Core\Security;
|
2014-12-22 19:15:38 +01:00
|
|
|
use Core\Request;
|
|
|
|
use Core\Response;
|
|
|
|
use Core\Template;
|
|
|
|
use Core\Session;
|
2014-07-20 12:26:15 +02:00
|
|
|
use Model\LastLogin;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Base controller
|
|
|
|
*
|
|
|
|
* @package controller
|
|
|
|
* @author Frederic Guillot
|
2014-10-22 19:59:09 +02:00
|
|
|
*
|
2014-12-22 19:15:38 +01:00
|
|
|
* @property \Model\Acl $acl
|
|
|
|
* @property \Model\Authentication $authentication
|
|
|
|
* @property \Model\Action $action
|
|
|
|
* @property \Model\Board $board
|
|
|
|
* @property \Model\Category $category
|
|
|
|
* @property \Model\Color $color
|
|
|
|
* @property \Model\Comment $comment
|
|
|
|
* @property \Model\Config $config
|
|
|
|
* @property \Model\DateParser $dateParser
|
|
|
|
* @property \Model\File $file
|
|
|
|
* @property \Model\LastLogin $lastLogin
|
|
|
|
* @property \Model\Notification $notification
|
|
|
|
* @property \Model\Project $project
|
|
|
|
* @property \Model\ProjectPermission $projectPermission
|
|
|
|
* @property \Model\ProjectAnalytic $projectAnalytic
|
|
|
|
* @property \Model\ProjectDailySummary $projectDailySummary
|
|
|
|
* @property \Model\SubTask $subTask
|
|
|
|
* @property \Model\Task $task
|
|
|
|
* @property \Model\TaskCreation $taskCreation
|
|
|
|
* @property \Model\TaskModification $taskModification
|
|
|
|
* @property \Model\TaskDuplication $taskDuplication
|
|
|
|
* @property \Model\TaskHistory $taskHistory
|
|
|
|
* @property \Model\TaskExport $taskExport
|
|
|
|
* @property \Model\TaskFinder $taskFinder
|
|
|
|
* @property \Model\TaskPosition $taskPosition
|
|
|
|
* @property \Model\TaskPermission $taskPermission
|
|
|
|
* @property \Model\TaskStatus $taskStatus
|
|
|
|
* @property \Model\TaskValidator $taskValidator
|
|
|
|
* @property \Model\CommentHistory $commentHistory
|
|
|
|
* @property \Model\SubtaskHistory $subtaskHistory
|
|
|
|
* @property \Model\TimeTracking $timeTracking
|
|
|
|
* @property \Model\User $user
|
|
|
|
* @property \Model\Webhook $webhook
|
2014-07-20 12:26:15 +02:00
|
|
|
*/
|
|
|
|
abstract class Base
|
|
|
|
{
|
|
|
|
/**
|
|
|
|
* Request instance
|
|
|
|
*
|
2014-12-22 19:15:38 +01:00
|
|
|
* @accesss protected
|
2014-07-20 12:26:15 +02:00
|
|
|
* @var \Core\Request
|
|
|
|
*/
|
2014-12-22 19:15:38 +01:00
|
|
|
protected $request;
|
2014-07-20 12:26:15 +02:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Response instance
|
|
|
|
*
|
2014-12-22 19:15:38 +01:00
|
|
|
* @accesss protected
|
2014-07-20 12:26:15 +02:00
|
|
|
* @var \Core\Response
|
|
|
|
*/
|
2014-12-22 19:15:38 +01:00
|
|
|
protected $response;
|
2014-07-20 12:26:15 +02:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Template instance
|
|
|
|
*
|
2014-12-22 19:15:38 +01:00
|
|
|
* @accesss protected
|
2014-07-20 12:26:15 +02:00
|
|
|
* @var \Core\Template
|
|
|
|
*/
|
2014-12-22 19:15:38 +01:00
|
|
|
protected $template;
|
2014-07-20 12:26:15 +02:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Session instance
|
|
|
|
*
|
|
|
|
* @accesss public
|
|
|
|
* @var \Core\Session
|
|
|
|
*/
|
2014-12-22 19:15:38 +01:00
|
|
|
protected $session;
|
2014-07-20 12:26:15 +02:00
|
|
|
|
|
|
|
/**
|
2014-12-22 19:15:38 +01:00
|
|
|
* Container instance
|
2014-07-20 12:26:15 +02:00
|
|
|
*
|
|
|
|
* @access private
|
2014-12-22 19:15:38 +01:00
|
|
|
* @var \Pimple\Container
|
2014-07-20 12:26:15 +02:00
|
|
|
*/
|
2014-12-22 19:15:38 +01:00
|
|
|
private $container;
|
2014-07-20 12:26:15 +02:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Constructor
|
|
|
|
*
|
|
|
|
* @access public
|
2014-12-22 19:15:38 +01:00
|
|
|
* @param \Pimple\Container $container
|
|
|
|
*/
|
|
|
|
public function __construct(Container $container)
|
|
|
|
{
|
|
|
|
$this->container = $container;
|
|
|
|
$this->request = new Request;
|
|
|
|
$this->response = new Response;
|
|
|
|
$this->session = new Session;
|
|
|
|
$this->template = new Template;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Destructor
|
|
|
|
*
|
|
|
|
* @access public
|
2014-07-20 12:26:15 +02:00
|
|
|
*/
|
2014-12-22 19:15:38 +01:00
|
|
|
public function __destruct()
|
2014-07-20 12:26:15 +02:00
|
|
|
{
|
2014-12-22 19:15:38 +01:00
|
|
|
// foreach ($this->container['db']->getLogMessages() as $message) {
|
|
|
|
// $this->container['logger']->addDebug($message);
|
|
|
|
// }
|
2014-07-20 12:26:15 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Load automatically models
|
|
|
|
*
|
|
|
|
* @access public
|
2014-12-22 19:15:38 +01:00
|
|
|
* @param string $name Model name
|
2014-07-20 12:26:15 +02:00
|
|
|
* @return mixed
|
|
|
|
*/
|
|
|
|
public function __get($name)
|
|
|
|
{
|
2014-12-22 19:15:38 +01:00
|
|
|
return Tool::loadModel($this->container, $name);
|
2014-07-20 12:26:15 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Method executed before each action
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
*/
|
|
|
|
public function beforeAction($controller, $action)
|
|
|
|
{
|
|
|
|
// Start the session
|
2014-12-22 19:15:38 +01:00
|
|
|
$this->session->open(BASE_URL_DIRECTORY);
|
2014-07-20 12:26:15 +02:00
|
|
|
|
|
|
|
// HTTP secure headers
|
|
|
|
$this->response->csp(array('style-src' => "'self' 'unsafe-inline'"));
|
|
|
|
$this->response->nosniff();
|
|
|
|
$this->response->xss();
|
|
|
|
|
2014-11-23 20:13:38 +01:00
|
|
|
// Allow the public board iframe inclusion
|
|
|
|
if ($action !== 'readonly') {
|
|
|
|
$this->response->xframe();
|
|
|
|
}
|
|
|
|
|
|
|
|
if (ENABLE_HSTS) {
|
|
|
|
$this->response->hsts();
|
|
|
|
}
|
2014-07-20 12:26:15 +02:00
|
|
|
|
2014-11-23 20:13:38 +01:00
|
|
|
$this->config->setupTranslations();
|
|
|
|
$this->config->setupTimezone();
|
2014-07-20 12:26:15 +02:00
|
|
|
|
|
|
|
// Authentication
|
2014-10-22 19:59:09 +02:00
|
|
|
if (! $this->authentication->isAuthenticated($controller, $action)) {
|
2014-12-22 19:15:38 +01:00
|
|
|
|
|
|
|
if ($this->request->isAjax()) {
|
|
|
|
$this->response->text('Not Authorized', 401);
|
|
|
|
}
|
|
|
|
|
2014-11-23 20:13:38 +01:00
|
|
|
$this->response->redirect('?controller=user&action=login&redirect_query='.urlencode($this->request->getQueryString()));
|
2014-07-20 12:26:15 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// Check if the user is allowed to see this page
|
|
|
|
if (! $this->acl->isPageAccessAllowed($controller, $action)) {
|
|
|
|
$this->response->redirect('?controller=user&action=forbidden');
|
|
|
|
}
|
|
|
|
|
|
|
|
// Attach events
|
2014-10-22 19:59:09 +02:00
|
|
|
$this->attachEvents();
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Attach events
|
|
|
|
*
|
|
|
|
* @access private
|
|
|
|
*/
|
|
|
|
private function attachEvents()
|
|
|
|
{
|
|
|
|
$models = array(
|
2014-11-23 20:13:38 +01:00
|
|
|
'projectActivity', // Order is important
|
2014-12-22 19:15:38 +01:00
|
|
|
'projectDailySummary',
|
2014-10-22 19:59:09 +02:00
|
|
|
'action',
|
|
|
|
'project',
|
|
|
|
'webhook',
|
|
|
|
'notification',
|
|
|
|
);
|
|
|
|
|
|
|
|
foreach ($models as $model) {
|
|
|
|
$this->$model->attachEvents();
|
|
|
|
}
|
2014-07-20 12:26:15 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Application not found page (404 error)
|
|
|
|
*
|
|
|
|
* @access public
|
2014-10-22 19:59:09 +02:00
|
|
|
* @param boolean $no_layout Display the layout or not
|
2014-07-20 12:26:15 +02:00
|
|
|
*/
|
2014-10-22 19:59:09 +02:00
|
|
|
public function notfound($no_layout = false)
|
2014-07-20 12:26:15 +02:00
|
|
|
{
|
2014-12-22 19:15:38 +01:00
|
|
|
$this->response->html($this->template->layout('app/notfound', array(
|
2014-10-22 19:59:09 +02:00
|
|
|
'title' => t('Page not found'),
|
|
|
|
'no_layout' => $no_layout,
|
|
|
|
)));
|
2014-07-20 12:26:15 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Application forbidden page
|
|
|
|
*
|
|
|
|
* @access public
|
2014-10-22 19:59:09 +02:00
|
|
|
* @param boolean $no_layout Display the layout or not
|
2014-07-20 12:26:15 +02:00
|
|
|
*/
|
2014-10-22 19:59:09 +02:00
|
|
|
public function forbidden($no_layout = false)
|
2014-07-20 12:26:15 +02:00
|
|
|
{
|
2014-12-22 19:15:38 +01:00
|
|
|
$this->response->html($this->template->layout('app/forbidden', array(
|
2014-10-22 19:59:09 +02:00
|
|
|
'title' => t('Access Forbidden'),
|
|
|
|
'no_layout' => $no_layout,
|
|
|
|
)));
|
2014-07-20 12:26:15 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Check if the CSRF token from the URL is correct
|
|
|
|
*
|
|
|
|
* @access protected
|
|
|
|
*/
|
|
|
|
protected function checkCSRFParam()
|
|
|
|
{
|
|
|
|
if (! Security::validateCSRFToken($this->request->getStringParam('csrf_token'))) {
|
|
|
|
$this->forbidden();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Check if the current user have access to the given project
|
|
|
|
*
|
|
|
|
* @access protected
|
|
|
|
* @param integer $project_id Project id
|
|
|
|
*/
|
|
|
|
protected function checkProjectPermissions($project_id)
|
|
|
|
{
|
2014-11-23 20:13:38 +01:00
|
|
|
if ($this->acl->isRegularUser() && ! $this->projectPermission->isUserAllowed($project_id, $this->acl->getUserId())) {
|
|
|
|
$this->forbidden();
|
2014-07-20 12:26:15 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Redirection when there is no project in the database
|
|
|
|
*
|
|
|
|
* @access protected
|
|
|
|
*/
|
|
|
|
protected function redirectNoProject()
|
|
|
|
{
|
|
|
|
$this->session->flash(t('There is no active project, the first step is to create a new project.'));
|
|
|
|
$this->response->redirect('?controller=project&action=create');
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Common layout for task views
|
|
|
|
*
|
|
|
|
* @access protected
|
|
|
|
* @param string $template Template name
|
|
|
|
* @param array $params Template parameters
|
|
|
|
* @return string
|
|
|
|
*/
|
|
|
|
protected function taskLayout($template, array $params)
|
|
|
|
{
|
2014-11-23 20:13:38 +01:00
|
|
|
if (isset($params['task']) && $this->taskPermission->canRemoveTask($params['task']) === false) {
|
|
|
|
$params['hide_remove_menu'] = true;
|
|
|
|
}
|
|
|
|
|
2014-07-20 12:26:15 +02:00
|
|
|
$content = $this->template->load($template, $params);
|
|
|
|
$params['task_content_for_layout'] = $content;
|
2014-12-22 19:15:38 +01:00
|
|
|
$params['title'] = $params['task']['project_name'].' > '.$params['task']['title'];
|
|
|
|
$params['board_selector'] = $this->projectPermission->getAllowedProjects($this->acl->getUserId());
|
2014-07-20 12:26:15 +02:00
|
|
|
|
2014-12-22 19:15:38 +01:00
|
|
|
return $this->template->layout('task/layout', $params);
|
2014-07-20 12:26:15 +02:00
|
|
|
}
|
|
|
|
|
2014-10-22 19:59:09 +02:00
|
|
|
/**
|
|
|
|
* Common layout for project views
|
|
|
|
*
|
|
|
|
* @access protected
|
|
|
|
* @param string $template Template name
|
|
|
|
* @param array $params Template parameters
|
|
|
|
* @return string
|
|
|
|
*/
|
|
|
|
protected function projectLayout($template, array $params)
|
|
|
|
{
|
|
|
|
$content = $this->template->load($template, $params);
|
|
|
|
$params['project_content_for_layout'] = $content;
|
2014-12-22 19:15:38 +01:00
|
|
|
$params['title'] = $params['project']['name'] === $params['title'] ? $params['title'] : $params['project']['name'].' > '.$params['title'];
|
|
|
|
$params['board_selector'] = $this->projectPermission->getAllowedProjects($this->acl->getUserId());
|
2014-10-22 19:59:09 +02:00
|
|
|
|
2014-12-22 19:15:38 +01:00
|
|
|
return $this->template->layout('project/layout', $params);
|
2014-10-22 19:59:09 +02:00
|
|
|
}
|
|
|
|
|
2014-07-20 12:26:15 +02:00
|
|
|
/**
|
|
|
|
* Common method to get a task for task views
|
|
|
|
*
|
|
|
|
* @access protected
|
|
|
|
* @return array
|
|
|
|
*/
|
|
|
|
protected function getTask()
|
|
|
|
{
|
2014-11-23 20:13:38 +01:00
|
|
|
$task = $this->taskFinder->getDetails($this->request->getIntegerParam('task_id'));
|
2014-07-20 12:26:15 +02:00
|
|
|
|
|
|
|
if (! $task) {
|
|
|
|
$this->notfound();
|
|
|
|
}
|
|
|
|
|
|
|
|
$this->checkProjectPermissions($task['project_id']);
|
|
|
|
|
|
|
|
return $task;
|
|
|
|
}
|
2014-10-22 19:59:09 +02:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Common method to get a project
|
|
|
|
*
|
|
|
|
* @access protected
|
|
|
|
* @param integer $project_id Default project id
|
|
|
|
* @return array
|
|
|
|
*/
|
|
|
|
protected function getProject($project_id = 0)
|
|
|
|
{
|
|
|
|
$project_id = $this->request->getIntegerParam('project_id', $project_id);
|
|
|
|
$project = $this->project->getById($project_id);
|
|
|
|
|
|
|
|
if (! $project) {
|
|
|
|
$this->session->flashError(t('Project not found.'));
|
|
|
|
$this->response->redirect('?controller=project');
|
|
|
|
}
|
|
|
|
|
|
|
|
$this->checkProjectPermissions($project['id']);
|
|
|
|
|
|
|
|
return $project;
|
|
|
|
}
|
2014-11-23 20:13:38 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Common method to get a project with administration rights
|
|
|
|
*
|
|
|
|
* @access protected
|
|
|
|
* @return array
|
|
|
|
*/
|
|
|
|
protected function getProjectManagement()
|
|
|
|
{
|
|
|
|
$project = $this->project->getById($this->request->getIntegerParam('project_id'));
|
|
|
|
|
|
|
|
if (! $project) {
|
|
|
|
$this->notfound();
|
|
|
|
}
|
|
|
|
|
|
|
|
if ($this->acl->isRegularUser() && ! $this->projectPermission->adminAllowed($project['id'], $this->acl->getUserId())) {
|
|
|
|
$this->forbidden();
|
|
|
|
}
|
|
|
|
|
|
|
|
return $project;
|
|
|
|
}
|
2014-07-20 12:26:15 +02:00
|
|
|
}
|