1: <?php
2: /**
3: * Magento
4: *
5: * NOTICE OF LICENSE
6: *
7: * This source file is subject to the Open Software License (OSL 3.0)
8: * that is bundled with this package in the file LICENSE.txt.
9: * It is also available through the world-wide-web at this URL:
10: * http://opensource.org/licenses/osl-3.0.php
11: * If you did not receive a copy of the license and are unable to
12: * obtain it through the world-wide-web, please send an email
13: * to license@magentocommerce.com so we can send you a copy immediately.
14: *
15: * DISCLAIMER
16: *
17: * Do not edit or add to this file if you wish to upgrade Magento to newer
18: * versions in the future. If you wish to customize Magento for your
19: * needs please refer to http://www.magentocommerce.com for more information.
20: *
21: * @category Mage
22: * @package Mage_Admin
23: * @copyright Copyright (c) 2012 Magento Inc. (http://www.magentocommerce.com)
24: * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
25: */
26:
27:
28: /**
29: * Auth session model
30: *
31: * @category Mage
32: * @package Mage_Admin
33: * @author Magento Core Team <core@magentocommerce.com>
34: */
35: class Mage_Admin_Model_Session extends Mage_Core_Model_Session_Abstract
36: {
37:
38: /**
39: * Whether it is the first page after successfull login
40: *
41: * @var boolean
42: */
43: protected $_isFirstPageAfterLogin;
44:
45: /**
46: * Class constructor
47: *
48: */
49: public function __construct()
50: {
51: $this->init('admin');
52: }
53:
54: /**
55: * Pull out information from session whether there is currently the first page after log in
56: *
57: * The idea is to set this value on login(), then redirect happens,
58: * after that on next request the value is grabbed once the session is initialized
59: * Since the session is used as a singleton, the value will be in $_isFirstPageAfterLogin until the end of request,
60: * unless it is reset intentionally from somewhere
61: *
62: * @param string $namespace
63: * @param string $sessionName
64: * @return Mage_Admin_Model_Session
65: * @see self::login()
66: */
67: public function init($namespace, $sessionName = null)
68: {
69: parent::init($namespace, $sessionName);
70: $this->isFirstPageAfterLogin();
71: return $this;
72: }
73:
74: /**
75: * Try to login user in admin
76: *
77: * @param string $username
78: * @param string $password
79: * @param Mage_Core_Controller_Request_Http $request
80: * @return Mage_Admin_Model_User|null
81: */
82: public function login($username, $password, $request = null)
83: {
84: if (empty($username) || empty($password)) {
85: return;
86: }
87:
88: try {
89: /** @var $user Mage_Admin_Model_User */
90: $user = Mage::getModel('admin/user');
91: $user->login($username, $password);
92: if ($user->getId()) {
93: $this->renewSession();
94:
95: if (Mage::getSingleton('adminhtml/url')->useSecretKey()) {
96: Mage::getSingleton('adminhtml/url')->renewSecretUrls();
97: }
98: $this->setIsFirstPageAfterLogin(true);
99: $this->setUser($user);
100: $this->setAcl(Mage::getResourceModel('admin/acl')->loadAcl());
101:
102: $requestUri = $this->_getRequestUri($request);
103: if ($requestUri) {
104: Mage::dispatchEvent('admin_session_user_login_success', array('user' => $user));
105: header('Location: ' . $requestUri);
106: exit;
107: }
108: } else {
109: Mage::throwException(Mage::helper('adminhtml')->__('Invalid User Name or Password.'));
110: }
111: } catch (Mage_Core_Exception $e) {
112: Mage::dispatchEvent('admin_session_user_login_failed',
113: array('user_name' => $username, 'exception' => $e));
114: if ($request && !$request->getParam('messageSent')) {
115: Mage::getSingleton('adminhtml/session')->addError($e->getMessage());
116: $request->setParam('messageSent', true);
117: }
118: }
119:
120: return $user;
121: }
122:
123: /**
124: * Refresh ACL resources stored in session
125: *
126: * @param Mage_Admin_Model_User $user
127: * @return Mage_Admin_Model_Session
128: */
129: public function refreshAcl($user = null)
130: {
131: if (is_null($user)) {
132: $user = $this->getUser();
133: }
134: if (!$user) {
135: return $this;
136: }
137: if (!$this->getAcl() || $user->getReloadAclFlag()) {
138: $this->setAcl(Mage::getResourceModel('admin/acl')->loadAcl());
139: }
140: if ($user->getReloadAclFlag()) {
141: $user->unsetData('password');
142: $user->setReloadAclFlag('0')->save();
143: }
144: return $this;
145: }
146:
147: /**
148: * Check current user permission on resource and privilege
149: *
150: * Mage::getSingleton('admin/session')->isAllowed('admin/catalog')
151: * Mage::getSingleton('admin/session')->isAllowed('catalog')
152: *
153: * @param string $resource
154: * @param string $privilege
155: * @return boolean
156: */
157: public function isAllowed($resource, $privilege = null)
158: {
159: $user = $this->getUser();
160: $acl = $this->getAcl();
161:
162: if ($user && $acl) {
163: if (!preg_match('/^admin/', $resource)) {
164: $resource = 'admin/' . $resource;
165: }
166:
167: try {
168: return $acl->isAllowed($user->getAclRole(), $resource, $privilege);
169: } catch (Exception $e) {
170: try {
171: if (!$acl->has($resource)) {
172: return $acl->isAllowed($user->getAclRole(), null, $privilege);
173: }
174: } catch (Exception $e) { }
175: }
176: }
177: return false;
178: }
179:
180: /**
181: * Check if user is logged in
182: *
183: * @return boolean
184: */
185: public function isLoggedIn()
186: {
187: return $this->getUser() && $this->getUser()->getId();
188: }
189:
190: /**
191: * Check if it is the first page after successfull login
192: *
193: * @return boolean
194: */
195: public function isFirstPageAfterLogin()
196: {
197: if (is_null($this->_isFirstPageAfterLogin)) {
198: $this->_isFirstPageAfterLogin = $this->getData('is_first_visit', true);
199: }
200: return $this->_isFirstPageAfterLogin;
201: }
202:
203: /**
204: * Setter whether the current/next page should be treated as first page after login
205: *
206: * @param bool $value
207: * @return Mage_Admin_Model_Session
208: */
209: public function setIsFirstPageAfterLogin($value)
210: {
211: $this->_isFirstPageAfterLogin = (bool)$value;
212: return $this->setIsFirstVisit($this->_isFirstPageAfterLogin);
213: }
214:
215: /**
216: * Custom REQUEST_URI logic
217: *
218: * @param Mage_Core_Controller_Request_Http $request
219: * @return string|null
220: */
221: protected function _getRequestUri($request = null)
222: {
223: if (Mage::getSingleton('adminhtml/url')->useSecretKey()) {
224: return Mage::getSingleton('adminhtml/url')->getUrl('*/*/*', array('_current' => true));
225: } elseif ($request) {
226: return $request->getRequestUri();
227: } else {
228: return null;
229: }
230: }
231: }
232: