| 
									
										
										
										
											2009-11-07 19:18:22 -05:00
										 |  |  | <?php | 
					
						
							|  |  |  | /** | 
					
						
							|  |  |  |  * StatusNet, the distributed open-source microblogging tool | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  * Superclass for admin panel actions | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  * PHP version 5 | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  * LICENCE: This program is free software: you can redistribute it and/or modify | 
					
						
							|  |  |  |  * it under the terms of the GNU Affero General Public License as published by | 
					
						
							|  |  |  |  * the Free Software Foundation, either version 3 of the License, or | 
					
						
							|  |  |  |  * (at your option) any later version. | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  * This program is distributed in the hope that it will be useful, | 
					
						
							|  |  |  |  * but WITHOUT ANY WARRANTY; without even the implied warranty of | 
					
						
							|  |  |  |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the | 
					
						
							|  |  |  |  * GNU Affero General Public License for more details. | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  * You should have received a copy of the GNU Affero General Public License | 
					
						
							|  |  |  |  * along with this program.  If not, see <http://www.gnu.org/licenses/>. | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  * @category  UI | 
					
						
							|  |  |  |  * @package   StatusNet | 
					
						
							|  |  |  |  * @author    Evan Prodromou <evan@status.net> | 
					
						
							|  |  |  |  * @copyright 2009 StatusNet, Inc. | 
					
						
							|  |  |  |  * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 | 
					
						
							|  |  |  |  * @link      http://status.net/ | 
					
						
							|  |  |  |  */ | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | if (!defined('STATUSNET')) { | 
					
						
							|  |  |  |     exit(1); | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /** | 
					
						
							|  |  |  |  * superclass for admin panel actions | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  * Common code for all admin panel actions. | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  * @category UI | 
					
						
							|  |  |  |  * @package  StatusNet | 
					
						
							|  |  |  |  * @author   Evan Prodromou <evan@status.net> | 
					
						
							|  |  |  |  * @license  http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 | 
					
						
							|  |  |  |  * @link     http://status.net/ | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  * @todo Find some commonalities with SettingsAction and combine | 
					
						
							|  |  |  |  */ | 
					
						
							|  |  |  | class AdminPanelAction extends Action | 
					
						
							|  |  |  | { | 
					
						
							|  |  |  |     var $success = true; | 
					
						
							|  |  |  |     var $msg     = null; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							|  |  |  |      * Prepare for the action | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * We check to see that the user is logged in, has | 
					
						
							|  |  |  |      * authenticated in this session, and has the right | 
					
						
							|  |  |  |      * to configure the site. | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * @param array $args Array of arguments from Web driver | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * @return boolean success flag | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     function prepare($args) | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         parent::prepare($args); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // User must be logged in.
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         if (!common_logged_in()) { | 
					
						
							| 
									
										
										
										
											2010-04-10 22:50:15 +02:00
										 |  |  |             // TRANS: Client error message thrown when trying to access the admin panel while not logged in.
 | 
					
						
							| 
									
										
										
										
											2009-11-07 19:18:22 -05:00
										 |  |  |             $this->clientError(_('Not logged in.')); | 
					
						
							| 
									
										
										
										
											2010-01-08 01:00:29 -08:00
										 |  |  |             return false; | 
					
						
							| 
									
										
										
										
											2009-11-07 19:18:22 -05:00
										 |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $user = common_current_user(); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-11-07 23:16:34 -05:00
										 |  |  |         // ...because they're logged in
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         assert(!empty($user)); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-11-07 19:18:22 -05:00
										 |  |  |         // It must be a "real" login, not saved cookie login
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         if (!common_is_real_login()) { | 
					
						
							|  |  |  |             // Cookie theft is too easy; we require automatic
 | 
					
						
							|  |  |  |             // logins to re-authenticate before admining the site
 | 
					
						
							|  |  |  |             common_set_returnto($this->selfUrl()); | 
					
						
							|  |  |  |             if (Event::handle('RedirectToLogin', array($this, $user))) { | 
					
						
							|  |  |  |                 common_redirect(common_local_url('login'), 303); | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // User must have the right to change admin settings
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         if (!$user->hasRight(Right::CONFIGURESITE)) { | 
					
						
							| 
									
										
										
										
											2010-04-10 22:50:15 +02:00
										 |  |  |             // TRANS: Client error message thrown when a user tries to change admin settings but has no access rights.
 | 
					
						
							| 
									
										
										
										
											2009-11-07 19:18:22 -05:00
										 |  |  |             $this->clientError(_('You cannot make changes to this site.')); | 
					
						
							| 
									
										
										
										
											2010-01-08 01:00:29 -08:00
										 |  |  |             return false; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // This panel must be enabled
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $name = $this->trimmed('action'); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $name = mb_substr($name, 0, -10); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-02-06 16:32:50 +01:00
										 |  |  |         if (!self::canAdmin($name)) { | 
					
						
							| 
									
										
										
										
											2010-04-10 22:50:15 +02:00
										 |  |  |             // TRANS: Client error message throw when a certain panel's settings cannot be changed.
 | 
					
						
							| 
									
										
										
										
											2010-01-08 01:00:29 -08:00
										 |  |  |             $this->clientError(_('Changes to that panel are not allowed.'), 403); | 
					
						
							|  |  |  |             return false; | 
					
						
							| 
									
										
										
										
											2009-11-07 19:18:22 -05:00
										 |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         return true; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							|  |  |  |      * handle the action | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * Check session token and try to save the settings if this is a | 
					
						
							|  |  |  |      * POST. Otherwise, show the form. | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * @param array $args unused. | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * @return void | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     function handle($args) | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         if ($_SERVER['REQUEST_METHOD'] == 'POST') { | 
					
						
							|  |  |  |             $this->checkSessionToken(); | 
					
						
							|  |  |  |             try { | 
					
						
							|  |  |  |                 $this->saveSettings(); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-11-07 23:16:34 -05:00
										 |  |  |                 // Reload settings
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 Config::loadSettings(); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-11-07 19:18:22 -05:00
										 |  |  |                 $this->success = true; | 
					
						
							| 
									
										
										
										
											2010-03-02 22:01:18 +01:00
										 |  |  |                 // TRANS: Message after successful saving of administrative settings.
 | 
					
						
							| 
									
										
										
										
											2009-11-07 19:18:22 -05:00
										 |  |  |                 $this->msg     = _('Settings saved.'); | 
					
						
							|  |  |  |             } catch (Exception $e) { | 
					
						
							|  |  |  |                 $this->success = false; | 
					
						
							|  |  |  |                 $this->msg     = $e->getMessage(); | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         $this->showPage(); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-11-09 13:40:37 -05:00
										 |  |  |     /** | 
					
						
							|  |  |  |      * Show tabset for this page | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * Uses the AdminPanelNav widget | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * @return void | 
					
						
							|  |  |  |      * @see AdminPanelNav | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     function showLocalNav() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         $nav = new AdminPanelNav($this); | 
					
						
							|  |  |  |         $nav->show(); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-11-07 19:18:22 -05:00
										 |  |  |     /** | 
					
						
							|  |  |  |      * Show the content section of the page | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * Here, we show the admin panel's form. | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * @return void. | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     function showContent() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         $this->showForm(); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-03-03 12:18:20 -08:00
										 |  |  |     /** | 
					
						
							|  |  |  |      * Show content block. Overrided just to add a special class | 
					
						
							| 
									
										
										
										
											2010-03-03 14:32:14 -08:00
										 |  |  |      * to the content div to allow styling. | 
					
						
							| 
									
										
										
										
											2010-03-03 12:18:20 -08:00
										 |  |  |      * | 
					
						
							|  |  |  |      * @return nothing | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     function showContentBlock() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         $this->elementStart('div', array('id' => 'content', 'class' => 'admin')); | 
					
						
							|  |  |  |         $this->showPageTitle(); | 
					
						
							|  |  |  |         $this->showPageNoticeBlock(); | 
					
						
							|  |  |  |         $this->elementStart('div', array('id' => 'content_inner')); | 
					
						
							|  |  |  |         // show the actual content (forms, lists, whatever)
 | 
					
						
							|  |  |  |         $this->showContent(); | 
					
						
							|  |  |  |         $this->elementEnd('div'); | 
					
						
							|  |  |  |         $this->elementEnd('div'); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-11-07 19:18:22 -05:00
										 |  |  |     /** | 
					
						
							|  |  |  |      * show human-readable instructions for the page, or | 
					
						
							|  |  |  |      * a success/failure on save. | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * @return void | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     function showPageNotice() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         if ($this->msg) { | 
					
						
							|  |  |  |             $this->element('div', ($this->success) ? 'success' : 'error', | 
					
						
							|  |  |  |                            $this->msg); | 
					
						
							|  |  |  |         } else { | 
					
						
							|  |  |  |             $inst   = $this->getInstructions(); | 
					
						
							|  |  |  |             $output = common_markup_to_html($inst); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             $this->elementStart('div', 'instructions'); | 
					
						
							|  |  |  |             $this->raw($output); | 
					
						
							|  |  |  |             $this->elementEnd('div'); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							|  |  |  |      * Show the admin panel form | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * Sub-classes should overload this. | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * @return void | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     function showForm() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2010-04-10 22:50:15 +02:00
										 |  |  |         // TRANS: Client error message.
 | 
					
						
							| 
									
										
										
										
											2009-11-07 19:18:22 -05:00
										 |  |  |         $this->clientError(_('showForm() not implemented.')); | 
					
						
							|  |  |  |         return; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							|  |  |  |      * Instructions for using this form. | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * String with instructions for using the form. | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * Subclasses should overload this. | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * @return void | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     function getInstructions() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         return ''; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							|  |  |  |      * Save settings from the form | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * Validate and save the settings from the user. | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * @return void | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     function saveSettings() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2010-03-02 22:01:18 +01:00
										 |  |  |         // TRANS: Client error message
 | 
					
						
							| 
									
										
										
										
											2009-11-07 19:18:22 -05:00
										 |  |  |         $this->clientError(_('saveSettings() not implemented.')); | 
					
						
							|  |  |  |         return; | 
					
						
							|  |  |  |     } | 
					
						
							| 
									
										
										
										
											2010-01-08 01:00:29 -08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-11-18 18:25:36 -08:00
										 |  |  |     /** | 
					
						
							|  |  |  |      * Delete a design setting | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * // XXX: Maybe this should go in Design? --Z
 | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * @return mixed $result false if something didn't work | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     function deleteSetting($section, $setting) | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         $config = new Config(); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $config->section = $section; | 
					
						
							|  |  |  |         $config->setting = $setting; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         if ($config->find(true)) { | 
					
						
							|  |  |  |             $result = $config->delete(); | 
					
						
							|  |  |  |             if (!$result) { | 
					
						
							|  |  |  |                 common_log_db_error($config, 'DELETE', __FILE__); | 
					
						
							| 
									
										
										
										
											2010-04-10 22:50:15 +02:00
										 |  |  |                 // TRANS: Client error message thrown if design settings could not be deleted in
 | 
					
						
							|  |  |  |                 // TRANS: the admin panel Design.
 | 
					
						
							| 
									
										
										
										
											2009-11-18 18:25:36 -08:00
										 |  |  |                 $this->clientError(_("Unable to delete design setting.")); | 
					
						
							|  |  |  |                 return null; | 
					
						
							|  |  |  |             } | 
					
						
							| 
									
										
										
										
											2010-04-21 17:16:42 +02:00
										 |  |  |             return $result; | 
					
						
							| 
									
										
										
										
											2009-11-18 18:25:36 -08:00
										 |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-04-21 17:16:42 +02:00
										 |  |  |         return null; | 
					
						
							| 
									
										
										
										
											2009-11-18 18:25:36 -08:00
										 |  |  |     } | 
					
						
							| 
									
										
										
										
											2010-02-06 16:32:50 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  |     function canAdmin($name) | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         $isOK = false; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         if (Event::handle('AdminPanelCheck', array($name, &$isOK))) { | 
					
						
							|  |  |  |             $isOK = in_array($name, common_config('admin', 'panels')); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         return $isOK; | 
					
						
							|  |  |  |     } | 
					
						
							| 
									
										
										
										
											2009-11-07 19:18:22 -05:00
										 |  |  | } |