UI.class.php (3814B)
1 <?php 2 3 namespace cms\ui; 4 5 use BadMethodCallException; 6 use cms\action\RequestParams; 7 use cms\base\Language as L; 8 use cms\Dispatcher; 9 use Exception; 10 use template_engine\engine\TemplateRunner; 11 use util\Http; 12 use logger\Logger; 13 use LogicException; 14 use \util\exception\ObjectNotFoundException; 15 use util\exception\UIException; 16 use util\exception\SecurityException; 17 use template_engine\engine\TemplateEngine; 18 use util\text\TextMessage; 19 20 21 /** 22 * Executing the Openrat CMS User Interface. 23 * The request is executed by a dispatcher and the output is displayed with a template. 24 * 25 * @package cms\ui 26 */ 27 class UI 28 { 29 /** 30 * Shows the complete UI. 31 */ 32 public static function execute() 33 { 34 $request = new RequestParams(); 35 36 try 37 { 38 define('COOKIE_PATH',dirname($_SERVER['SCRIPT_NAME']).'/'); 39 40 // Everything is UTF-8. 41 header('Content-Type: text/html; charset=UTF-8'); 42 43 // Sending the Content-Security-Policy. 44 self::setContentSecurityPolicy(); 45 46 if ( @$_REQUEST['scope']=='openid' ) { 47 $request->action = 'login'; 48 $request->method = 'oidc'; 49 } 50 elseif (empty($request->action)) { 51 $request->action = 'index'; 52 $request->method = 'show'; 53 } 54 55 if ( $request->isAction ) 56 throw new \RuntimeException('The UI does not accept POST requests'); 57 58 if ( in_array( $request->action,['index','tree','title','usergroup']) ) 59 $request->isUIAction = true; 60 61 UI::executeAction($request); 62 63 } catch (BadMethodCallException $e) { 64 // Action-Method does not exist. 65 Logger::debug( $e ); 66 Http::noContent(); 67 } catch (ObjectNotFoundException $e) { 68 Logger::debug( $e ); // only debug, because this may happen on links to deleted objects. 69 Http::noContent(); 70 } catch (UIException $e) { 71 Logger::warn( $e ); 72 throw new LogicException(L::lang($e->key,$e->params),0, $e); 73 } catch (SecurityException $e) { 74 Logger::info($e); 75 Http::noContent(); 76 77 // this is not good at all, because the user may have signed off. 78 //Http::notAuthorized("You are not allowed to execute this action."); 79 } catch (Exception $e) { 80 Logger::warn( $e ); 81 throw new LogicException("Internal CMS error",0, $e); 82 } 83 } 84 85 86 private static function executeAction($request) 87 { 88 $dispatcher = new Dispatcher(); 89 $dispatcher->request = $request; 90 91 $data = $dispatcher->doAction(); 92 93 94 // The action is able to change its method and action name. 95 $subaction = $dispatcher->request->method; 96 $action = $dispatcher->request->action; 97 98 UI::outputTemplate($request,$action, $subaction, $data['output']); 99 } 100 101 102 /** 103 * Executes and outputs a HTML template. 104 * 105 * @param $request RequestParams 106 * @param $action string action 107 * @param $subaction string method 108 * @param $outputData array Output data 109 */ 110 private static function outputTemplate($request, $action, $subaction, $outputData) 111 { 112 $templateFile = __DIR__ . '/themes/default/html/views/' . $action.'/'.$subaction . '.php'; 113 114 if ( DEVELOPMENT ) 115 header('X-OR-Template: '.$templateFile); 116 117 $engine = new TemplateRunner(); 118 $engine->request = $request; 119 $engine->executeTemplate( $templateFile, $outputData ); 120 } 121 122 123 /** 124 * Content-Security-Policy. 125 */ 126 private static function setContentSecurityPolicy() 127 { 128 // config is not loaded yet. Allow nothing... 129 header('Content-Security-Policy: default-src \'none\'' ); 130 131 // This will be overwritten by the index action 132 } 133 134 135 }