2020-05-29 13:41:58 +02:00
|
|
|
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* CakePHP(tm) : Rapid Development Framework (https://cakephp.org)
|
|
|
|
* Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org)
|
|
|
|
*
|
|
|
|
* Licensed under The MIT License
|
|
|
|
* For full copyright and license information, please see the LICENSE.txt
|
|
|
|
* Redistributions of files must retain the above copyright notice.
|
|
|
|
*
|
|
|
|
* @copyright Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org)
|
|
|
|
* @link https://cakephp.org CakePHP(tm) Project
|
|
|
|
* @since 0.2.9
|
|
|
|
* @license https://opensource.org/licenses/mit-license.php MIT License
|
|
|
|
*/
|
|
|
|
namespace App\Controller;
|
|
|
|
|
|
|
|
use Cake\Controller\Controller;
|
|
|
|
use Cake\Core\Configure;
|
|
|
|
use Cake\Core\Configure\Engine\PhpConfig;
|
|
|
|
use Cake\Event\EventInterface;
|
|
|
|
use Cake\Utility\Text;
|
|
|
|
use Cake\Http\Exception\NotFoundException;
|
|
|
|
use Cake\Http\Exception\MethodNotAllowedException;
|
|
|
|
use Cake\Http\Exception\ForbiddenException;
|
2020-06-04 10:05:45 +02:00
|
|
|
use Cake\Error\Debugger;
|
2020-05-29 13:41:58 +02:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Application Controller
|
|
|
|
*
|
|
|
|
* Add your application-wide methods in the class below, your controllers
|
|
|
|
* will inherit them.
|
|
|
|
*
|
|
|
|
* @link https://book.cakephp.org/4/en/controllers.html#the-app-controller
|
|
|
|
*/
|
|
|
|
class AppController extends Controller
|
|
|
|
{
|
|
|
|
|
|
|
|
public $isRest = null;
|
2020-06-09 15:59:30 +02:00
|
|
|
public $restResponsePayload = null;
|
2020-06-21 21:27:11 +02:00
|
|
|
public $user = null;
|
2021-09-09 11:05:00 +02:00
|
|
|
public $breadcrumb = [];
|
2022-02-07 02:01:59 +01:00
|
|
|
public $request_ip = null;
|
2020-05-29 13:41:58 +02:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Initialization hook method.
|
|
|
|
*
|
|
|
|
* Use this method to add common initialization code like loading components.
|
|
|
|
*
|
|
|
|
* e.g. `$this->loadComponent('FormProtection');`
|
|
|
|
*
|
|
|
|
* @return void
|
|
|
|
*/
|
|
|
|
public function initialize(): void
|
|
|
|
{
|
|
|
|
parent::initialize();
|
|
|
|
$this->loadComponent('RequestHandler');
|
|
|
|
$this->loadComponent('Flash');
|
|
|
|
$this->loadComponent('RestResponse');
|
2020-06-21 21:27:11 +02:00
|
|
|
$this->loadComponent('Security');
|
2020-06-09 15:59:30 +02:00
|
|
|
$this->loadComponent('ParamHandler', [
|
|
|
|
'request' => $this->request
|
|
|
|
]);
|
2020-09-28 01:25:07 +02:00
|
|
|
$this->loadModel('MetaFields');
|
|
|
|
$this->loadModel('MetaTemplates');
|
2021-09-02 11:30:09 +02:00
|
|
|
$table = $this->getTableLocator()->get($this->modelClass);
|
2020-06-09 15:59:30 +02:00
|
|
|
$this->loadComponent('CRUD', [
|
|
|
|
'request' => $this->request,
|
2021-09-02 11:30:09 +02:00
|
|
|
'table' => $table,
|
2020-09-28 01:25:07 +02:00
|
|
|
'MetaFields' => $this->MetaFields,
|
|
|
|
'MetaTemplates' => $this->MetaTemplates
|
2020-06-09 15:59:30 +02:00
|
|
|
]);
|
2020-06-21 21:27:11 +02:00
|
|
|
$this->loadComponent('Authentication.Authentication');
|
|
|
|
$this->loadComponent('ACL', [
|
|
|
|
'request' => $this->request,
|
|
|
|
'Authentication' => $this->Authentication
|
|
|
|
]);
|
2021-09-09 11:05:00 +02:00
|
|
|
$this->loadComponent('Navigation', [
|
|
|
|
'request' => $this->request,
|
|
|
|
]);
|
2022-01-24 15:13:28 +01:00
|
|
|
$this->loadComponent('Notification', [
|
|
|
|
'request' => $this->request,
|
|
|
|
]);
|
2020-05-29 13:41:58 +02:00
|
|
|
if (Configure::read('debug')) {
|
|
|
|
Configure::write('DebugKit.panels', ['DebugKit.Packages' => true]);
|
|
|
|
Configure::write('DebugKit.forceEnable', true);
|
|
|
|
}
|
2021-01-13 14:21:25 +01:00
|
|
|
$this->loadComponent('CustomPagination');
|
2022-02-07 02:01:59 +01:00
|
|
|
$this->loadComponent('FloodProtection');
|
2020-05-29 13:41:58 +02:00
|
|
|
/*
|
|
|
|
* Enable the following component for recommended CakePHP form protection settings.
|
|
|
|
* see https://book.cakephp.org/4/en/controllers/components/form-protection.html
|
|
|
|
*/
|
|
|
|
//$this->loadComponent('FormProtection');
|
|
|
|
}
|
|
|
|
|
|
|
|
public function beforeFilter(EventInterface $event)
|
|
|
|
{
|
2020-06-22 17:45:00 +02:00
|
|
|
$this->loadModel('Users');
|
|
|
|
$this->Users->checkForNewInstance();
|
2021-06-17 08:54:09 +02:00
|
|
|
if ($this->ParamHandler->isRest()) {
|
2022-09-19 02:14:57 +02:00
|
|
|
$this->authApiUser();
|
2021-06-17 08:54:09 +02:00
|
|
|
$this->Security->setConfig('unlockedActions', [$this->request->getParam('action')]);
|
|
|
|
}
|
2020-06-21 21:27:11 +02:00
|
|
|
$this->ACL->setPublicInterfaces();
|
|
|
|
if (!empty($this->request->getAttribute('identity'))) {
|
|
|
|
$user = $this->Users->get($this->request->getAttribute('identity')->getIdentifier(), [
|
2021-11-24 01:28:52 +01:00
|
|
|
'contain' => ['Roles', 'Individuals' => 'Organisations', 'UserSettings', 'Organisations']
|
2020-06-21 21:27:11 +02:00
|
|
|
]);
|
|
|
|
if (!empty($user['disabled'])) {
|
|
|
|
$this->Authentication->logout();
|
|
|
|
$this->Flash->error(__('The user account is disabled.'));
|
2021-04-30 23:59:53 +02:00
|
|
|
return $this->redirect(\Cake\Routing\Router::url('/users/login'));
|
2020-06-21 21:27:11 +02:00
|
|
|
}
|
|
|
|
unset($user['password']);
|
|
|
|
$this->ACL->setUser($user);
|
2021-11-17 15:46:32 +01:00
|
|
|
$this->request->getSession()->write('authUser', $user);
|
2020-06-21 23:13:17 +02:00
|
|
|
$this->isAdmin = $user['role']['perm_admin'];
|
2021-11-24 01:50:55 +01:00
|
|
|
if (!$this->ParamHandler->isRest()) {
|
|
|
|
$this->set('menu', $this->ACL->getMenu());
|
|
|
|
$this->set('loggedUser', $this->ACL->getUser());
|
2021-12-01 14:23:27 +01:00
|
|
|
$this->set('roleAccess', $this->ACL->getRoleAccess(false, false));
|
2021-11-24 01:50:55 +01:00
|
|
|
}
|
2020-06-21 23:13:17 +02:00
|
|
|
} else if ($this->ParamHandler->isRest()) {
|
|
|
|
throw new MethodNotAllowedException(__('Invalid user credentials.'));
|
2020-06-21 21:27:11 +02:00
|
|
|
}
|
2021-03-15 22:47:13 +01:00
|
|
|
|
2021-03-19 11:14:02 +01:00
|
|
|
if ($this->request->getParam('action') === 'index') {
|
|
|
|
$this->Security->setConfig('validatePost', false);
|
|
|
|
}
|
2021-03-15 22:47:13 +01:00
|
|
|
$this->Security->setConfig('unlockedActions', ['index']);
|
2021-06-17 14:13:10 +02:00
|
|
|
if ($this->ParamHandler->isRest()) {
|
|
|
|
$this->Security->setConfig('unlockedActions', [$this->request->getParam('action')]);
|
|
|
|
$this->Security->setConfig('validatePost', false);
|
|
|
|
}
|
2021-03-15 22:47:13 +01:00
|
|
|
|
2020-06-21 21:27:11 +02:00
|
|
|
$this->ACL->checkAccess();
|
2021-12-01 14:23:27 +01:00
|
|
|
if (!$this->ParamHandler->isRest()) {
|
|
|
|
$this->set('ajax', $this->request->is('ajax'));
|
|
|
|
$this->request->getParam('prefix');
|
|
|
|
$this->set('baseurl', Configure::read('App.fullBaseUrl'));
|
|
|
|
if (!empty($user) && !empty($user->user_settings_by_name['ui.bsTheme']['value'])) {
|
|
|
|
$this->set('bsTheme', $user->user_settings_by_name['ui.bsTheme']['value']);
|
|
|
|
} else {
|
|
|
|
$this->set('bsTheme', Configure::check('ui.bsTheme') ? Configure::read('ui.bsTheme') : 'default');
|
|
|
|
}
|
2021-09-03 09:49:20 +02:00
|
|
|
|
2021-12-01 14:23:27 +01:00
|
|
|
if ($this->modelClass == 'Tags.Tags') {
|
|
|
|
$this->set('metaGroup', !empty($this->isAdmin) ? 'Administration' : 'Cerebrate');
|
|
|
|
}
|
2022-09-19 01:11:18 +02:00
|
|
|
$this->response = $this->response->withHeader('X-Frame-Options', 'DENY');
|
2021-09-03 09:49:20 +02:00
|
|
|
}
|
2022-02-07 02:14:53 +01:00
|
|
|
if (mt_rand(1, 50) === 1) {
|
|
|
|
$this->FloodProtection->cleanup();
|
|
|
|
}
|
2020-05-29 13:41:58 +02:00
|
|
|
}
|
|
|
|
|
2021-12-01 08:25:01 +01:00
|
|
|
public function beforeRender(EventInterface $event)
|
|
|
|
{
|
2022-01-25 11:29:50 +01:00
|
|
|
if (!empty($this->request->getAttribute('identity'))) {
|
|
|
|
if (!$this->ParamHandler->isRest()) {
|
|
|
|
$this->set('breadcrumb', $this->Navigation->getBreadcrumb());
|
|
|
|
$this->set('notifications', $this->Notification->getNotifications());
|
|
|
|
}
|
2022-01-20 09:31:51 +01:00
|
|
|
}
|
2021-12-01 08:25:01 +01:00
|
|
|
}
|
|
|
|
|
2020-06-21 23:13:17 +02:00
|
|
|
private function authApiUser(): void
|
|
|
|
{
|
|
|
|
if (!empty($_SERVER['HTTP_AUTHORIZATION']) && strlen($_SERVER['HTTP_AUTHORIZATION'])) {
|
|
|
|
$this->loadModel('AuthKeys');
|
2021-11-17 15:46:32 +01:00
|
|
|
$logModel = $this->Users->auditLogs();
|
2020-08-07 21:47:04 +02:00
|
|
|
$authKey = $this->AuthKeys->checkKey($_SERVER['HTTP_AUTHORIZATION']);
|
2020-06-21 23:13:17 +02:00
|
|
|
if (!empty($authKey)) {
|
|
|
|
$this->loadModel('Users');
|
|
|
|
$user = $this->Users->get($authKey['user_id']);
|
2021-11-17 15:46:32 +01:00
|
|
|
$logModel->insert([
|
2021-11-24 01:50:55 +01:00
|
|
|
'request_action' => 'login',
|
2021-11-17 15:46:32 +01:00
|
|
|
'model' => 'Users',
|
|
|
|
'model_id' => $user['id'],
|
2021-11-24 01:28:52 +01:00
|
|
|
'model_title' => $user['username'],
|
2021-11-25 00:57:31 +01:00
|
|
|
'changed' => []
|
2021-11-17 15:46:32 +01:00
|
|
|
]);
|
2020-06-21 23:13:17 +02:00
|
|
|
if (!empty($user)) {
|
|
|
|
$this->Authentication->setIdentity($user);
|
|
|
|
}
|
2021-11-17 15:46:32 +01:00
|
|
|
} else {
|
|
|
|
$user = $logModel->userInfo();
|
|
|
|
$logModel->insert([
|
2021-11-24 01:50:55 +01:00
|
|
|
'request_action' => 'login',
|
2021-11-17 15:46:32 +01:00
|
|
|
'model' => 'Users',
|
|
|
|
'model_id' => $user['id'],
|
|
|
|
'model_title' => $user['name'],
|
2021-11-25 00:57:31 +01:00
|
|
|
'changed' => []
|
2021-11-17 15:46:32 +01:00
|
|
|
]);
|
2020-06-21 23:13:17 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-05-29 13:41:58 +02:00
|
|
|
public function generateUUID()
|
|
|
|
{
|
|
|
|
$uuid = Text::uuid();
|
|
|
|
return $this->RestResponse->viewData(['uuid' => $uuid], 'json');
|
|
|
|
}
|
2020-06-04 10:05:45 +02:00
|
|
|
|
2020-06-21 21:27:11 +02:00
|
|
|
public function queryACL()
|
|
|
|
{
|
2020-09-29 13:18:28 +02:00
|
|
|
return $this->RestResponse->viewData($this->ACL->findMissingFunctionNames());
|
2020-06-21 21:27:11 +02:00
|
|
|
}
|
2021-11-30 00:00:05 +01:00
|
|
|
|
|
|
|
public function getRoleAccess()
|
|
|
|
{
|
2021-12-01 14:23:27 +01:00
|
|
|
return $this->RestResponse->viewData($this->ACL->getRoleAccess(false, false));
|
2021-11-30 00:00:05 +01:00
|
|
|
}
|
2020-05-29 13:41:58 +02:00
|
|
|
}
|