1
|
|
|
<?php |
2
|
|
|
|
3
|
|
|
use Symfony\Component\HttpFoundation\Request; |
4
|
|
|
|
5
|
|
|
/** |
6
|
|
|
* @todo Configure the AdminController to be behind a Symfony firewall |
7
|
|
|
*/ |
8
|
|
|
class AdminController extends HTMLController |
9
|
|
|
{ |
10
|
|
|
private static $wipeableModels = ['Ban', 'Map', 'Match', 'News', 'NewsCategory', 'Page', 'Server', 'Team']; |
|
|
|
|
11
|
|
|
|
12
|
|
|
public function listAction() |
13
|
|
|
{ |
14
|
|
|
$rolesToDisplay = Role::getLeaderRoles(); |
15
|
|
|
$roles = array(); |
16
|
|
|
|
17
|
|
|
foreach ($rolesToDisplay as $role) { |
18
|
|
|
$roleMembers = $role->getUsers(); |
|
|
|
|
19
|
|
|
|
20
|
|
|
if (count($roleMembers) > 0) { |
21
|
|
|
$roles[] = array( |
22
|
|
|
"role" => $role, |
23
|
|
|
"members" => $roleMembers |
24
|
|
|
); |
25
|
|
|
} |
26
|
|
|
} |
27
|
|
|
|
28
|
|
|
return array("role_sections" => $roles); |
29
|
|
|
} |
30
|
|
|
|
31
|
|
|
public function landingAction(Player $me) |
32
|
|
|
{ |
33
|
|
|
if (!$me->isValid()) { |
34
|
|
|
throw new ForbiddenException('Please log in to view this page.'); |
35
|
|
|
} |
36
|
|
|
|
37
|
|
|
// @todo Model editing should be a generic permission |
38
|
|
|
$canViewModelEditor = true; |
39
|
|
|
$canViewPageEditor = $this->isEditorFor(Page::class, $me); |
40
|
|
|
$canViewRoleEditor = $this->isEditorFor(Role::class, $me); |
41
|
|
|
$canViewVisitLog = $me->hasPermission(Permission::VIEW_VISITOR_LOG); |
42
|
|
|
|
43
|
|
|
if (!$canViewPageEditor && !$canViewRoleEditor && !$canViewVisitLog) { |
44
|
|
|
throw new ForbiddenException('Contact a site administrator if you feel you should have access to this page.'); |
45
|
|
|
} |
46
|
|
|
|
47
|
|
|
return [ |
48
|
|
|
'canViewPageEditor' => $canViewPageEditor, |
49
|
|
|
'canViewRoleEditor' => $canViewRoleEditor, |
50
|
|
|
'canViewModelEditor' => $canViewModelEditor, |
51
|
|
|
'canViewVisitLog' => $canViewVisitLog, |
52
|
|
|
]; |
53
|
|
|
} |
54
|
|
|
|
55
|
|
View Code Duplication |
public function pageListAction(Player $me) |
|
|
|
|
56
|
|
|
{ |
57
|
|
|
if (!$me->isValid()) { |
58
|
|
|
throw new ForbiddenException('Please log in to view this page.'); |
59
|
|
|
} |
60
|
|
|
|
61
|
|
|
if (!$this->isEditorFor(Page::class, $me)) { |
62
|
|
|
throw new ForbiddenException('Contact a site administrator if you feel you should have access to this page.'); |
63
|
|
|
} |
64
|
|
|
|
65
|
|
|
$pages = Page::getQueryBuilder() |
66
|
|
|
->where('status')->notEquals('deleted') |
67
|
|
|
->getModels(true) |
68
|
|
|
; |
69
|
|
|
|
70
|
|
|
return [ |
71
|
|
|
'pages' => $pages, |
72
|
|
|
'canCreate' => $me->hasPermission(Page::CREATE_PERMISSION), |
73
|
|
|
'canEdit' => $me->hasPermission(Page::EDIT_PERMISSION), |
74
|
|
|
'canDelete' => $me->hasPermission(Page::SOFT_DELETE_PERMISSION), |
75
|
|
|
'canWipe' => $me->hasPermission(Page::HARD_DELETE_PERMISSION), |
76
|
|
|
]; |
77
|
|
|
} |
78
|
|
|
|
79
|
|
View Code Duplication |
public function roleListAction(Player $me) |
|
|
|
|
80
|
|
|
{ |
81
|
|
|
if (!$me->isValid()) { |
82
|
|
|
throw new ForbiddenException('Please log in to view this page.'); |
83
|
|
|
} |
84
|
|
|
|
85
|
|
|
if (!$this->isEditorFor(Role::class, $me)) { |
86
|
|
|
throw new ForbiddenException('Contact a site administrator if you feel you should have access to this page.'); |
87
|
|
|
} |
88
|
|
|
|
89
|
|
|
$roles = Role::getQueryBuilder() |
90
|
|
|
->sortBy('display_order') |
91
|
|
|
->getModels($fast = true) |
92
|
|
|
; |
93
|
|
|
|
94
|
|
|
return [ |
95
|
|
|
'roles' => $roles, |
96
|
|
|
'canCreate' => $me->hasPermission(Role::CREATE_PERMISSION), |
97
|
|
|
'canEdit' => $me->hasPermission(Role::EDIT_PERMISSION), |
98
|
|
|
'canDelete' => $me->hasPermission(Role::SOFT_DELETE_PERMISSION), |
99
|
|
|
'canWipe' => $me->hasPermission(Role::HARD_DELETE_PERMISSION), |
100
|
|
|
]; |
101
|
|
|
} |
102
|
|
|
|
103
|
|
|
public function modelsAction(Player $me) |
104
|
|
|
{ |
105
|
|
|
if (!$me->isValid()) { |
106
|
|
|
throw new ForbiddenException('Please log in to view this page.'); |
107
|
|
|
} |
108
|
|
|
|
109
|
|
|
// @todo Implement a new and proper "Model Editor" permission |
110
|
|
|
if (!$me->hasPermission(Team::SOFT_DELETE_PERMISSION)) { |
111
|
|
|
throw new ForbiddenException('Contact a site administrator if you feel you should have access to this page.'); |
112
|
|
|
} |
113
|
|
|
|
114
|
|
|
return [ |
115
|
|
|
|
116
|
|
|
]; |
117
|
|
|
} |
118
|
|
|
|
119
|
|
|
public function modelListAction(Request $request, Player $me, $type) |
120
|
|
|
{ |
121
|
|
|
$type = ucfirst($type); |
122
|
|
|
|
123
|
|
|
if (!$me->isValid()) { |
124
|
|
|
throw new ForbiddenException('Please log in to view this page.'); |
125
|
|
|
} |
126
|
|
|
|
127
|
|
|
if (!$me->hasPermission($type::SOFT_DELETE_PERMISSION)) { |
128
|
|
|
throw new ForbiddenException('Contact a site administrator if you feel you should have access to this page.'); |
129
|
|
|
} |
130
|
|
|
|
131
|
|
|
$searchTerm = $request->get('search'); |
132
|
|
|
|
133
|
|
|
$currentPage = $this->getCurrentPage(); |
134
|
|
|
|
135
|
|
|
/** @var QueryBuilder $qb */ |
136
|
|
|
$qb = $type::getQueryBuilder() |
137
|
|
|
->where('status')->equals('deleted') |
138
|
|
|
->sortBy('name') |
139
|
|
|
; |
140
|
|
|
|
141
|
|
|
if ($searchTerm !== null) { |
142
|
|
|
$qb->where('name')->isLike($searchTerm); |
143
|
|
|
} |
144
|
|
|
|
145
|
|
|
$models = $qb |
146
|
|
|
->limit(15) |
147
|
|
|
->fromPage($currentPage) |
148
|
|
|
->getModels() |
149
|
|
|
; |
150
|
|
|
|
151
|
|
|
return [ |
152
|
|
|
'type' => $type, |
153
|
|
|
'models' => $models, |
154
|
|
|
'canRestore' => $me->hasPermission($type::SOFT_DELETE_PERMISSION), |
155
|
|
|
'canWipe' => $me->hasPermission($type::HARD_DELETE_PERMISSION), |
156
|
|
|
'currentPage' => $currentPage, |
157
|
|
|
'totalPages' => $qb->countPages(), |
158
|
|
|
'searchTerm' => $searchTerm, |
159
|
|
|
]; |
160
|
|
|
} |
161
|
|
|
|
162
|
|
|
public function wipeAction(Player $me) |
163
|
|
|
{ |
164
|
|
|
$canViewThisPage = false; |
165
|
|
|
$wipeable = array('Ban', 'Map', 'Match', 'News', 'NewsCategory', 'Page', 'Server', 'Team'); |
166
|
|
|
$models = array(); |
167
|
|
|
|
168
|
|
|
foreach ($wipeable as $type) { |
169
|
|
|
if (!$me->hasPermission($type::HARD_DELETE_PERMISSION)) { |
170
|
|
|
continue; |
171
|
|
|
} |
172
|
|
|
|
173
|
|
|
$canViewThisPage = true; |
174
|
|
|
$models = array_merge($models, $type::getQueryBuilder() |
175
|
|
|
->where('status')->equals('deleted') |
176
|
|
|
->getModels()); |
177
|
|
|
} |
178
|
|
|
|
179
|
|
|
// Permission checking |
180
|
|
|
if (!$me->isValid()) { |
181
|
|
|
throw new ForbiddenException("Please log in to view this page."); |
182
|
|
|
} |
183
|
|
|
if (!$canViewThisPage) { |
184
|
|
|
throw new ForbiddenException("Contact a site administrator if you feel you should have access to this page."); |
185
|
|
|
} |
186
|
|
|
|
187
|
|
|
return array('models' => $models); |
188
|
|
|
} |
189
|
|
|
|
190
|
|
|
private function isEditorFor($className, Player $me) |
191
|
|
|
{ |
192
|
|
|
$permissionConstants = [ |
193
|
|
|
'CREATE_PERMISSION', |
194
|
|
|
'EDIT_PERMISSION', |
195
|
|
|
'SOFT_DELETE_PERMISSION', |
196
|
|
|
'HARD_DELETE_PERMISSION', |
197
|
|
|
]; |
198
|
|
|
|
199
|
|
|
$reflector = new ReflectionClass($className); |
200
|
|
|
|
201
|
|
|
foreach ($permissionConstants as $permission) { |
202
|
|
|
$permissionName = $reflector->getConstant($permission); |
203
|
|
|
|
204
|
|
|
if ($me->hasPermission($permissionName)) { |
205
|
|
|
return true; |
206
|
|
|
} |
207
|
|
|
} |
208
|
|
|
|
209
|
|
|
return false; |
210
|
|
|
} |
211
|
|
|
} |
212
|
|
|
|
This check marks private properties in classes that are never used. Those properties can be removed.