1: <?php
2: /**
3: * Magento
4: *
5: * NOTICE OF LICENSE
6: *
7: * This source file is subject to the Open Software License (OSL 3.0)
8: * that is bundled with this package in the file LICENSE.txt.
9: * It is also available through the world-wide-web at this URL:
10: * http://opensource.org/licenses/osl-3.0.php
11: * If you did not receive a copy of the license and are unable to
12: * obtain it through the world-wide-web, please send an email
13: * to license@magentocommerce.com so we can send you a copy immediately.
14: *
15: * DISCLAIMER
16: *
17: * Do not edit or add to this file if you wish to upgrade Magento to newer
18: * versions in the future. If you wish to customize Magento for your
19: * needs please refer to http://www.magentocommerce.com for more information.
20: *
21: * @category Mage
22: * @package Mage_Admin
23: * @copyright Copyright (c) 2012 Magento Inc. (http://www.magentocommerce.com)
24: * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
25: */
26:
27: /**
28: * Admin observer model
29: *
30: * @category Mage
31: * @package Mage_Admin
32: * @author Magento Core Team <core@magentocommerce.com>
33: */
34: class Mage_Admin_Model_Observer
35: {
36: const FLAG_NO_LOGIN = 'no-login';
37: /**
38: * Handler for controller_action_predispatch event
39: *
40: * @param Varien_Event_Observer $observer
41: * @return boolean
42: */
43: public function actionPreDispatchAdmin($observer)
44: {
45: $session = Mage::getSingleton('admin/session');
46: /** @var $session Mage_Admin_Model_Session */
47: $request = Mage::app()->getRequest();
48: $user = $session->getUser();
49:
50: $requestedActionName = $request->getActionName();
51: $openActions = array(
52: 'forgotpassword',
53: 'resetpassword',
54: 'resetpasswordpost',
55: 'logout',
56: 'refresh' // captcha refresh
57: );
58: if (in_array($requestedActionName, $openActions)) {
59: $request->setDispatched(true);
60: } else {
61: if($user) {
62: $user->reload();
63: }
64: if (!$user || !$user->getId()) {
65: if ($request->getPost('login')) {
66: $postLogin = $request->getPost('login');
67: $username = isset($postLogin['username']) ? $postLogin['username'] : '';
68: $password = isset($postLogin['password']) ? $postLogin['password'] : '';
69: $session->login($username, $password, $request);
70: $request->setPost('login', null);
71: }
72: if (!$request->getParam('forwarded')) {
73: if ($request->getParam('isIframe')) {
74: $request->setParam('forwarded', true)
75: ->setControllerName('index')
76: ->setActionName('deniedIframe')
77: ->setDispatched(false);
78: } elseif($request->getParam('isAjax')) {
79: $request->setParam('forwarded', true)
80: ->setControllerName('index')
81: ->setActionName('deniedJson')
82: ->setDispatched(false);
83: } else {
84: $request->setParam('forwarded', true)
85: ->setRouteName('adminhtml')
86: ->setControllerName('index')
87: ->setActionName('login')
88: ->setDispatched(false);
89: }
90: return false;
91: }
92: }
93: }
94:
95: $session->refreshAcl();
96: }
97:
98: /**
99: * Unset session first visit flag after displaying page
100: *
101: * @deprecated after 1.4.0.1, logic moved to admin session
102: * @param Varien_Event_Observer $event
103: */
104: public function actionPostDispatchAdmin($event)
105: {
106: }
107: }
108: