This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | namespace AdminModule; |
||
4 | |||
5 | use Nette\Application\UI; |
||
6 | use Nette\Mail; |
||
7 | |||
8 | /** |
||
9 | * Users presenter. |
||
10 | * @author Tomáš Voslař <tomas.voslar at webcook.cz> |
||
11 | * @package WebCMS2 |
||
12 | */ |
||
13 | class UsersPresenter extends \AdminModule\BasePresenter |
||
14 | { |
||
15 | /* @var User */ |
||
16 | private $userEntity; |
||
17 | |||
18 | /* @var Role */ |
||
19 | private $role; |
||
20 | |||
21 | 4 | protected function beforeRender() |
|
22 | { |
||
23 | 4 | parent::beforeRender(); |
|
24 | 4 | } |
|
25 | |||
26 | 4 | protected function startup() |
|
27 | { |
||
28 | 4 | parent::startup(); |
|
29 | 4 | } |
|
30 | |||
31 | 1 | public function renderDefault() |
|
32 | { |
||
33 | 1 | $this->reloadContent(); |
|
34 | 1 | } |
|
35 | |||
36 | 4 | protected function createComponentUserForm() |
|
37 | { |
||
38 | 1 | $roles = $this->em->getRepository("WebCMS\Entity\Role")->findAll(); |
|
39 | 1 | $tmp = array(); |
|
40 | 1 | foreach ($roles as $r) { |
|
41 | 1 | $tmp[$r->getId()] = $r->getName(); |
|
42 | 1 | } |
|
43 | 1 | $roles = $tmp; |
|
44 | |||
45 | 1 | if ($this->getUser()->getRoles()[0] !== 'superadmin') { |
|
46 | unset($roles[1]); |
||
47 | } |
||
48 | |||
49 | 1 | $infoEmail = $this->settings->get('Info email', \WebCMS\Settings::SECTION_BASIC)->getValue(); |
|
50 | 1 | $disableEmail = empty($infoEmail); |
|
51 | |||
52 | 1 | $form = $this->createForm(); |
|
53 | 1 | $form->addText('username', 'Username')->setAttribute('class', 'form-control'); |
|
54 | 1 | $form->addSelect('role', 'Role')->setTranslator(null)->setItems($roles)->setAttribute('class', 'form-control'); |
|
55 | 1 | $form->addText('name', 'Name')->setAttribute('class', 'form-control'); |
|
56 | 1 | $form->addText('email', 'Email')->setAttribute('class', 'form-control'); |
|
57 | 1 | $form->addPassword('password', 'Password')->setAttribute('class', 'form-control'); |
|
58 | 1 | $form->addCheckbox('sendInfoEmail', 'Send info email with password')->setDisabled($disableEmail); |
|
59 | 1 | $form->addSubmit('save', 'Save')->setAttribute('class', 'btn btn-success'); |
|
60 | |||
61 | 1 | $form->onSuccess[] = callback($this, 'userEntityFormSubmitted'); |
|
62 | |||
63 | 1 | if ($this->userEntity) { |
|
64 | 1 | $form->setDefaults($this->userEntity->toArray()); |
|
65 | 4 | } |
|
66 | |||
67 | 1 | return $form; |
|
68 | } |
||
69 | |||
70 | 4 | protected function createComponentGrid($name) |
|
71 | { |
||
72 | 1 | $grid = $this->createGrid($this, $name, "User", null, array( |
|
73 | 1 | 'id <> 1', |
|
74 | 1 | )); |
|
75 | |||
76 | 1 | $grid->addColumnText('username', 'Name')->setSortable(); |
|
77 | |||
78 | 4 | $grid->addActionHref("updateUser", 'Edit')->getElementPrototype()->addAttributes(array('class' => array('btn', 'btn-primary', 'ajax'), 'data-toggle' => 'modal', 'data-target' => '#myModal', 'data-remote' => 'false')); |
|
79 | 4 | $grid->addActionHref("deleteUser", 'Delete')->getElementPrototype()->addAttributes(array('class' => array('btn', 'btn-danger'), 'data-confirm' => 'Are you sure you want to delete the item?')); |
|
80 | |||
81 | 4 | return $grid; |
|
82 | 4 | } |
|
83 | |||
84 | 4 | public function actionUpdateUser($id) |
|
85 | 4 | { |
|
86 | 4 | if ($id) { |
|
87 | $this->userEntity = $this->em->find("WebCMS\Entity\User", $id); |
||
88 | } else { |
||
89 | 1 | $this->userEntity = new \WebCMS\Entity\User(); |
|
90 | } |
||
91 | 1 | } |
|
92 | |||
93 | public function actionDeleteUser($id) |
||
94 | { |
||
95 | $this->userEntity = $this->em->find("WebCMS\Entity\User", $id); |
||
96 | $this->em->remove($this->userEntity); |
||
97 | $this->em->flush(); |
||
98 | |||
99 | $this->flashMessage('User has been removed.', 'success'); |
||
100 | |||
101 | $this->forward('Users:default'); |
||
102 | } |
||
103 | |||
104 | 1 | public function renderUpdateUser($id) |
|
105 | { |
||
106 | 1 | $this->reloadModalContent(); |
|
107 | |||
108 | 1 | $this->template->userEntity = $this->userEntity; |
|
109 | 1 | } |
|
110 | |||
111 | 4 | public function userEntityFormSubmitted(UI\Form $form) |
|
112 | { |
||
113 | $values = $form->getValues(); |
||
114 | |||
115 | $role = $this->em->find("WebCMS\Entity\Role", $values->role); |
||
116 | $password = $this->getContext()->authenticator->calculateHash($values->password); |
||
117 | |||
118 | $this->userEntity->setName($values->name); |
||
119 | $this->userEntity->setEmail($values->email); |
||
120 | |||
121 | if (array_key_exists('sendInfoEmail', $values) && $values->sendInfoEmail) { |
||
122 | // send mail with new password |
||
123 | $email = new Mail\Message(); |
||
124 | $email->setFrom($this->settings->get('Info email', \WebCMS\Settings::SECTION_BASIC)->getValue()); |
||
125 | $email->addTo($this->userEntity->getEmail()); |
||
126 | $email->setSubject($this->settings->get('User new password subject', \WebCMS\Settings::SECTION_EMAIL)->getValue(false)); |
||
127 | $email->setHtmlBody($this->settings->get('User new password', \WebCMS\Settings::SECTION_EMAIL)->getValue(false, array( |
||
128 | '[PASSWORD]', |
||
129 | '[LOGIN]', |
||
130 | ), array( |
||
131 | $values->password, |
||
132 | $values->username, |
||
133 | ))); |
||
134 | |||
135 | $email->send(); |
||
136 | |||
137 | $this->flashMessage('Info email with new password has been sent.', 'success'); |
||
138 | } |
||
139 | |||
140 | if (!empty($values->password)) { |
||
141 | $this->userEntity->setPassword($password); |
||
142 | 4 | } |
|
143 | |||
144 | $this->userEntity->setUsername($values->username); |
||
145 | $this->userEntity->setRole($role); |
||
146 | |||
147 | 4 | $this->em->persist($this->userEntity); |
|
148 | $this->em->flush(); |
||
149 | |||
150 | $this->flashMessage('User has been updated.', 'success'); |
||
151 | |||
152 | $this->forward('Users:default'); |
||
153 | } |
||
154 | |||
155 | /* ROLES */ |
||
156 | |||
157 | 1 | public function renderRoles() |
|
158 | { |
||
159 | 1 | $this->reloadContent(); |
|
160 | 1 | } |
|
161 | |||
162 | 2 | public function actionUpdateRole($id) |
|
163 | 2 | { |
|
164 | 1 | if ($id) { |
|
165 | $this->role = $this->em->find("WebCMS\Entity\Role", $id); |
||
166 | } else { |
||
167 | 1 | $this->role = new \WebCMS\Entity\Role(); |
|
168 | } |
||
169 | 1 | } |
|
170 | |||
171 | View Code Duplication | public function actionDeleteRole($id) |
|
0 ignored issues
–
show
|
|||
172 | { |
||
173 | $this->role = $this->em->find("WebCMS\Entity\Role", $id); |
||
174 | $this->em->remove($this->role); |
||
175 | $this->em->flush(); |
||
176 | |||
177 | $this->flashMessage('Role has been removed.', 'success'); |
||
178 | |||
179 | $this->forward('Users:roles'); |
||
180 | } |
||
181 | |||
182 | 1 | public function renderUpdateRole($id) |
|
183 | { |
||
184 | 1 | $this->reloadContent(); |
|
185 | |||
186 | 1 | $this->template->role = $this->role; |
|
187 | 1 | } |
|
188 | |||
189 | 2 | protected function createComponentRoleForm() |
|
190 | { |
||
191 | 1 | $resources = \WebCMS\Helpers\SystemHelper::getResources(); |
|
192 | |||
193 | 1 | $pages = $this->em->getRepository('WebCMS\Entity\Page')->findAll(); |
|
194 | |||
195 | 1 | foreach ($pages as $page) { |
|
196 | if ($page->getParent() != NULL) { |
||
197 | $module = $this->createObject($page->getModuleName()); |
||
198 | |||
199 | foreach ($module->getPresenters() as $presenter) { |
||
200 | $suffix = $presenter['name'] == $page->getModuleName() ? '' : ' '.$presenter['name']; |
||
201 | |||
202 | $key = 'admin:'.$page->getModuleName().':'.$presenter['name'].$page->getId(); |
||
203 | $resources[$key] = $page->getTitle().$suffix.' ('.$page->getLanguage()->getName().')'; |
||
204 | } |
||
205 | } |
||
206 | 1 | } |
|
207 | |||
208 | 1 | $form = $this->createForm(); |
|
209 | 1 | $form->addCheckbox('automaticEnable', 'Automatic enable'); |
|
210 | 1 | $form->addText('name', 'Name')->setAttribute('class', 'form-control'); |
|
211 | |||
212 | 1 | $c = 0; |
|
213 | 1 | foreach ($resources as $key => $r) { |
|
214 | 1 | if (strpos('$r', ':') !== FALSE) { |
|
215 | $form->addCheckbox('res'.str_replace(':', '', $key), $r)->setAttribute('class', 'check'); |
||
216 | } else { |
||
217 | 1 | $form->addCheckbox('res'.str_replace(':', '', $key), $r)->setTranslator(null)->setAttribute('class', 'check'); |
|
218 | } |
||
219 | |||
220 | 2 | $c++; |
|
221 | 1 | } |
|
222 | |||
223 | // defaults setting |
||
224 | 1 | $new = $this->role->getName(); |
|
225 | 1 | if (!empty($new)) { |
|
226 | $defaultsPermissions = array(); |
||
227 | foreach ($this->role->getPermissions() as $key => $per) { |
||
228 | $defaultsPermissions['res'.str_replace(':', '', $per->getResource())] = $per->getRead(); |
||
229 | } |
||
230 | |||
231 | $form->setDefaults($this->role->toArray() + $defaultsPermissions); |
||
232 | } |
||
233 | |||
234 | 1 | $form->onSuccess[] = callback($this, 'roleFormSubmitted'); |
|
235 | 1 | $form->addSubmit('save', 'Save')->setAttribute('class', 'btn btn-success'); |
|
236 | |||
237 | 1 | return $form; |
|
238 | } |
||
239 | |||
240 | 1 | protected function createComponentRolesGrid($name) |
|
241 | { |
||
242 | 1 | $grid = $this->createGrid($this, $name, "Role", null, array( |
|
243 | 1 | 'id <> 1', |
|
244 | 1 | )); |
|
245 | |||
246 | 1 | $grid->addColumnText('name', 'Name')->setSortable(); |
|
247 | |||
248 | 1 | $grid->addActionHref("updateRole", 'Edit')->getElementPrototype()->addAttributes(array('class' => array('btn', 'btn-primary', 'ajax'))); |
|
249 | 1 | $grid->addActionHref("deleteRole", 'Delete')->getElementPrototype()->addAttributes(array('class' => array('btn', 'btn-danger'), 'data-confirm' => 'Are you sure you want to delete the item?')); |
|
250 | |||
251 | 1 | return $grid; |
|
252 | } |
||
253 | |||
254 | 2 | public function roleFormSubmitted(UI\Form $form) |
|
255 | { |
||
256 | $values = $form->getValues(); |
||
257 | |||
258 | if (empty($values->name)) { |
||
259 | $this->flashMessage('Please fill in at least the name.', 'danger'); |
||
260 | $this->forward('this'); |
||
261 | } |
||
262 | |||
263 | $this->role->setName($values->name); |
||
264 | $this->role->setAutomaticEnable($values->automaticEnable); |
||
265 | |||
266 | if (!$this->role->getId()) { |
||
267 | $this->em->persist($this->role); |
||
268 | } |
||
269 | |||
270 | $this->flashMessage('Role has been added.', 'success'); |
||
271 | |||
272 | // delete permissions |
||
273 | $permissions = $this->role->getPermissions(); |
||
274 | foreach ($permissions as $per) { |
||
275 | $this->em->remove($per); |
||
276 | } |
||
277 | |||
278 | // save permissions |
||
279 | $perArray = array(); |
||
280 | foreach ($values as $key => $val) { |
||
281 | if (strpos($key, 'res') !== FALSE) { |
||
282 | $permission = new \WebCMS\Entity\Permission(); |
||
283 | |||
284 | $pageId = filter_var($key, FILTER_SANITIZE_NUMBER_INT); |
||
285 | $page = $this->em->getRepository('WebCMS\Entity\Page')->find($pageId); |
||
286 | |||
287 | $resource = 'admin:'.str_replace('resadmin', '', $key); |
||
288 | 2 | $permission->setResource($resource); |
|
289 | $permission->setPage($page); |
||
290 | $permission->setRead($val); |
||
291 | |||
292 | $perArray[] = $permission; |
||
293 | } |
||
294 | } |
||
295 | |||
296 | $this->role->setPermissions($perArray); |
||
297 | |||
298 | $this->em->flush(); // persist all changes |
||
299 | |||
300 | $this->forward('Users:roles'); |
||
301 | } |
||
302 | } |
||
303 |
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.
You can also find more detailed suggestions in the “Code” section of your repository.