File modules/cms/action/Action.class.php
Last commit: Fri Apr 15 14:51:22 2022 +0200 dankert Refactoring: User,Config and Database info is now stored in the Request, because so there is no session required for clients which are using Basic Authorization.
1 <?php 2 3 namespace cms\action; 4 5 use cms\base\Configuration; 6 use cms\base\Language as L; 7 use cms\model\ModelBase; 8 use cms\model\User; 9 use language\Messages; 10 use logger\Logger; 11 use util\Cookie; 12 use util\ClassUtils; 13 use util\exception\SecurityException; 14 use util\Request; 15 use util\Session; 16 use util\text\TextMessage; 17 18 19 /** 20 * Eltern-Klasse fuer alle Actions. 21 * 22 * Diese Klasse stellt grundlegende action-uebergreifende Methoden 23 * bereit. 24 * Dient als Ueberklasse fuer alle abgeleiteten Action-Klassen in 25 * diesem Package bzw. Verzeichnis. 26 * 27 * @author Jan Dankert 28 * @package openrat.actions 29 * @abstract 30 */ 31 abstract class Action 32 { 33 const NOTICE_OK = 'ok'; 34 const NOTICE_INFO = 'info'; 35 const NOTICE_WARN = 'warning'; 36 const NOTICE_ERROR = 'error'; 37 38 /** 39 * Checks if the actual action is allowed. 40 */ 41 abstract function checkAccess(); 42 43 44 /** 45 * The Response to the actual request. 46 * 47 * @var Response 48 */ 49 public $response; 50 51 /** 52 * Current user. 53 * 54 * @var User User 55 */ 56 public $currentUser; 57 58 /** 59 * Request. 60 * 61 * @var RequestParams 62 */ 63 public $request; 64 65 66 /** 67 * Will be called by the Dispatcher right after the conStruction of this class instance. 68 */ 69 public function init() 70 { 71 72 } 73 74 75 public function __construct() 76 { 77 $this->currentUser = Request::getUser(); 78 $this->response = new Response(); 79 } 80 81 82 83 /** 84 * Setzt eine Variable f�r die Oberfl�che. 85 * 86 * @param String $varName Schl�ssel 87 * @param Mixed $value 88 */ 89 protected function setTemplateVar($varName, $value) 90 { 91 $this->response->addOutput( $varName, $value ); 92 } 93 94 95 /** 96 * Setzt eine Liste von Variablen f�r die Oberfl�che. 97 * 98 * @param array $varList Output variables 99 */ 100 protected function setTemplateVars($varList) 101 { 102 $this->response->addOutputList( $varList ); 103 } 104 105 106 /** 107 * Adding a HTTP header. 108 * 109 * @param $name 110 * @param $value 111 */ 112 protected function addHeader( $name, $value ) { 113 $this->response->addHeader( $name, $value ); 114 } 115 116 117 /** 118 * Sets the content security policy. 119 * 120 * @param $csp string content security policy as array 121 */ 122 protected function setContentSecurityPolicy( $csp ) { 123 $this->response->setContentSecurityPolicy( $csp ); 124 } 125 126 127 /** 128 * Sets the content type. 129 * 130 * @param $type 131 */ 132 protected function setContentType( $type ) { 133 $this->response->setContentType( $type ); 134 } 135 136 /** 137 * F�gt einen Validierungsfehler hinzu. 138 * 139 * @param String $name Name des validierten Eingabefeldes 140 * @param String Textschl�ssel der Fehlermeldung (optional) 141 */ 142 public function addValidationError($name, $message = Messages::COMMON_VALIDATION_ERROR, $vars = array() ) 143 { 144 if ( ! empty($message) ) 145 $this->addErrorFor( null, $message, $vars ); 146 147 $this->response->addError( $name ); 148 } 149 150 151 /** 152 * @param $baseObject ModelBase 153 * @param $key String 154 * @param array $vars 155 * @param string|array $message 156 */ 157 protected function addNoticeFor($baseObject,$key,$vars = array(), $message='') { 158 $this->addNoticeInternal($baseObject, $key, Action::NOTICE_OK, $vars, $message); 159 } 160 161 /** 162 * @param $baseObject ModelBase 163 * @param $key String 164 * @param array $vars 165 * @param string $message 166 */ 167 protected function addInfoFor($baseObject,$key,$vars = array(), $message='') { 168 $this->addNoticeInternal($baseObject, $key, Action::NOTICE_INFO, $vars, $message); 169 } 170 171 /** 172 * @param $baseObject ModelBase 173 * @param $key String 174 * @param array $vars 175 * @param string $message 176 */ 177 protected function addWarningFor($baseObject,$key,$vars = array(), $message='') { 178 $this->addNoticeInternal($baseObject, $key, Action::NOTICE_WARN, $vars, $message); 179 } 180 181 /** 182 * @param $baseObject ModelBase 183 * @param $key String 184 * @param array $vars 185 * @param string $message 186 */ 187 protected function addErrorFor($baseObject,$key,$vars = array(), $message='') { 188 189 $this->addNoticeInternal( $baseObject, $key, Action::NOTICE_ERROR, $vars, $message); 190 } 191 192 193 194 private function addNoticeInternal($baseObject,$key,$noticeType,$vars, $message) { 195 196 if ( is_object($baseObject) ) { 197 $type = strtolower(ClassUtils::getSimpleClassName($baseObject)); 198 $id = $baseObject->getId(); 199 $name = $baseObject->getName(); 200 } else { 201 $type = ''; 202 $id = ''; 203 $name = ''; 204 } 205 206 $this->response->addNotice($type,$id,$name, $key, $noticeType, $vars, $message); 207 } 208 209 210 211 public function getResponse() { 212 return $this->response; 213 } 214 215 216 /** 217 * Has the current user administration rights? 218 * 219 * @return boolean true, if current user is an administrator 220 */ 221 protected function userIsAdmin() 222 { 223 return $this->currentUser && $this->currentUser->isAdmin; 224 } 225 226 227 /** 228 * Returns the current user id if there is one. 229 * @return int|null 230 */ 231 protected function getCurrentUserId() { 232 233 if ( $this->currentUser ) 234 return $this->currentUser->userid; 235 else 236 return null; 237 } 238 239 /** 240 * Using the HTTP-Caching, the "Conditional GET". 241 * 242 * The HTTP-header "Last-Modified" is set. 243 * 244 * Ist der Inhalt der Seite nicht neuer, so wird der Inhalt 245 * der Seite nicht ausgegeben, sondern nur HTTP-Status 304 246 * ("304 not modified") gesetzt. 247 * Der Rest der Seite muss dann nicht mehr erzeugt werden, 248 * wodurch die Performance stark erhoeht werden kann. 249 * 250 * Credits: Thanks to Charles Miller 251 * @see http://fishbowl.pastiche.org/2002/10/21/http_conditional_get_for_rss_hackers 252 * 253 * Found here: 254 * @see http://simon.incutio.com/archive/2003/04/23/conditionalGet 255 * 256 * @param $time int Last modification timestamp of this resource 257 * @param $expirationDuration int Gültigkeitsdauer 258 */ 259 protected function lastModified($time, $expirationDuration = 0) 260 { 261 if ( DEVELOPMENT ) 262 return; 263 264 // Is HTTP-Cache enabled by config? 265 if ( ! Configuration::subset('cache')->is('conditional_get',true) ) 266 return; 267 268 $expires = substr(date('r', time() + $expirationDuration - date('Z')), 0, -5) . 'GMT'; 269 $lastModified = substr(date('r', $time - date('Z')), 0, -5) . 'GMT'; 270 $etag = '"' . base_convert($time, 10, 36) . '"'; // a short representation of the unix timestamp. 271 272 // Header senden 273 $this->addHeader('Expires' , $expires); 274 $this->addHeader('Last-Modified' , $lastModified); 275 $this->addHeader('ETag' , $etag); 276 277 // Die vom Interpreter sonst automatisch gesetzten 278 // Header uebersteuern 279 $this->addHeader('Cache-Control','must-revalidate'); 280 $this->addHeader('Pragma' ,''); 281 282 // See if the client has provided the required headers 283 $if_modified_since = isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? stripslashes($_SERVER['HTTP_IF_MODIFIED_SINCE']) : false; 284 $if_none_match = isset($_SERVER['HTTP_IF_NONE_MATCH'] ) ? stripslashes($_SERVER['HTTP_IF_NONE_MATCH' ]) : false; 285 286 // Bug in Apache 2.2, mod_deflat adds '-gzip' to E-Tag 287 if (substr($if_none_match, -6) == '-gzip"') 288 $if_none_match = substr($if_none_match, 0, -6) . '"'; 289 290 // At least one of the headers is there - check them 291 if ($if_none_match && $if_none_match != $etag) 292 return; // etag is there but doesn't match 293 294 if ($if_modified_since && $if_modified_since != $lastModified) 295 return; // if-modified-since is there but doesn't match 296 297 if (!$if_modified_since && !$if_none_match) 298 return; 299 300 // Der entfernte Browser bzw. Proxy holt die Seite nun aus seinem Cache 301 header('HTTP/1.0 304 Not Modified'); 302 exit; // Sofortiges Skript-Ende 303 } 304 305 306 /** 307 * Last used username. 308 */ 309 const COOKIE_USERNAME = 'or_username'; 310 /** 311 * Login token. 312 */ 313 const COOKIE_TOKEN = 'or_token'; 314 315 /** 316 * Database id. 317 */ 318 const COOKIE_DB_ID = 'or_dbid'; 319 320 /** 321 * Sets a cookie. 322 * 323 * @param $name string cookie name 324 * @param $value string cookie value, null or empty to delete 325 */ 326 protected function setCookie($name, $value = '' ) { 327 328 Cookie::set( $name, $value ); 329 } 330 }
Downloadmodules/cms/action/Action.class.php
History Fri, 15 Apr 2022 14:51:22 +0200 dankert Refactoring: User,Config and Database info is now stored in the Request, because so there is no session required for clients which are using Basic Authorization. Sat, 19 Mar 2022 00:09:47 +0100 dankert Refactoring: Outputs are setting their content-type themself. Wed, 9 Mar 2022 01:57:45 +0100 dankert Fix: Do not write the language to a cookie. Wed, 9 Mar 2022 00:53:10 +0100 dankert Fix: Setting the correct timezone from the user property. Sun, 13 Feb 2022 23:35:26 +0100 dankert Refactoring: New class "Response" which stores all output information. Sat, 27 Nov 2021 23:31:32 +0100 Jan Dankert Fix: Saving values for unauthenticated users. Sun, 14 Mar 2021 23:51:49 +0100 Jan Dankert Refactoring: Using the ValidationException where possible. Sun, 14 Mar 2021 22:29:56 +0100 Jan Dankert Refactoring: Clearer access check. Fri, 26 Feb 2021 01:06:01 +0100 Jan Dankert Refactoring accessing the request parameter values. Thu, 19 Nov 2020 16:15:24 +0100 Jan Dankert Fix: $baseObject in addNoticeFor can be null. Thu, 19 Nov 2020 14:49:58 +0100 Jan Dankert Fix: Action::addNotice() is replaced by Action::addNoticeFor() Thu, 19 Nov 2020 12:36:44 +0100 Jan Dankert Fix: nextSubAction() is depracated and should not be used. Thu, 19 Nov 2020 00:45:44 +0100 Jan Dankert Security fix: We must update the login token on every login; Administrators are able to see the login tokens of users. Wed, 18 Nov 2020 20:42:57 +0100 Jan Dankert Getting/Setting cookies with constants, this is more safe. Tue, 17 Nov 2020 23:51:00 +0100 Jan Dankert Refactoring: Every Actionmethod has now its own class. Sat, 14 Nov 2020 22:02:21 +0100 Jan Dankert Fixed: Notices may display a message. Sat, 31 Oct 2020 13:54:19 +0100 Jan Dankert Cleanup: Use constants for session keys. Sat, 24 Oct 2020 00:23:19 +0200 Jan Dankert Fix: Do not set strict cookies (as they are not send on the first request); Using new configuraton class. Fri, 23 Oct 2020 23:09:52 +0200 Jan Dankert Refactoring: Using the new config classes. Fri, 2 Oct 2020 23:11:48 +0200 Jan Dankert Cleanup: No '.inputholder' any more, notices with links to objects. Tue, 29 Sep 2020 22:17:11 +0200 Jan Dankert Refactoring: Do not use global constants. Sat, 26 Sep 2020 12:20:43 +0200 Jan Dankert Refactoring: No global variables like $SESS any more. All constants are capsulated by classes. Sat, 26 Sep 2020 04:26:55 +0200 Jan Dankert Refactoring: read configuration values with a class. Sat, 26 Sep 2020 04:03:53 +0200 Jan Dankert Refactoring: read language keys with a class. Thu, 10 Sep 2020 23:49:43 +0200 Jan Dankert Some cleanup. Thu, 10 Sep 2020 18:02:54 +0200 Jan Dankert The dispatcher is now able to call the action methods with parameters. Sat, 22 Aug 2020 23:13:01 +0200 Jan Dankert Security: Configuration-setting for the SameSite-Cookie-Policy. Sun, 23 Feb 2020 04:01:30 +0100 Jan Dankert Refactoring with Namespaces for the cms modules, part 1: moving.