File code/core/Mage/Adminhtml/Controller/Action.php

  1: <?php
  2: /**
  3:  * Magento
  4:  *
  5:  * NOTICE OF LICENSE
  6:  *
  7:  * This source file is subject to the Open Software License (OSL 3.0)
  8:  * that is bundled with this package in the file LICENSE.txt.
  9:  * It is also available through the world-wide-web at this URL:
 10:  * http://opensource.org/licenses/osl-3.0.php
 11:  * If you did not receive a copy of the license and are unable to
 12:  * obtain it through the world-wide-web, please send an email
 13:  * to license@magentocommerce.com so we can send you a copy immediately.
 14:  *
 15:  * DISCLAIMER
 16:  *
 17:  * Do not edit or add to this file if you wish to upgrade Magento to newer
 18:  * versions in the future. If you wish to customize Magento for your
 19:  * needs please refer to http://www.magentocommerce.com for more information.
 20:  *
 21:  * @category    Mage
 22:  * @package     Mage_Adminhtml
 23:  * @copyright   Copyright (c) 2012 Magento Inc. (http://www.magentocommerce.com)
 24:  * @license     http://opensource.org/licenses/osl-3.0.php  Open Software License (OSL 3.0)
 25:  */
 26: 
 27: /**
 28:  * Base adminhtml controller
 29:  *
 30:  * @category    Mage
 31:  * @package     Mage_Adminhtml
 32:  * @author      Magento Core Team <core@magentocommerce.com>
 33:  */
 34: class Mage_Adminhtml_Controller_Action extends Mage_Core_Controller_Varien_Action
 35: {
 36:     /**
 37:      * Name of "is URLs checked" flag
 38:      */
 39:     const FLAG_IS_URLS_CHECKED = 'check_url_settings';
 40: 
 41:     /**
 42:      * Session namespace to refer in other places
 43:      */
 44:     const SESSION_NAMESPACE = 'adminhtml';
 45: 
 46:     /**
 47:      * Array of actions which can be processed without secret key validation
 48:      *
 49:      * @var array
 50:      */
 51:     protected $_publicActions = array();
 52: 
 53:     /**
 54:      * Used module name in current adminhtml controller
 55:      */
 56:     protected $_usedModuleName = 'adminhtml';
 57: 
 58:     /**
 59:      * Currently used area
 60:      *
 61:      * @var string
 62:      */
 63:     protected $_currentArea = 'adminhtml';
 64: 
 65:     /**
 66:      * Namespace for session.
 67:      *
 68:      * @var string
 69:      */
 70:     protected $_sessionNamespace = self::SESSION_NAMESPACE;
 71: 
 72:     protected function _isAllowed()
 73:     {
 74:         return true;
 75:     }
 76: 
 77:     /**
 78:      * Retrieve adminhtml session model object
 79:      *
 80:      * @return Mage_Adminhtml_Model_Session
 81:      */
 82:     protected function _getSession()
 83:     {
 84:         return Mage::getSingleton('adminhtml/session');
 85:     }
 86: 
 87:     /**
 88:      * Retrieve base admihtml helper
 89:      *
 90:      * @return Mage_Adminhtml_Helper_Data
 91:      */
 92:     protected function _getHelper()
 93:     {
 94:         return Mage::helper('adminhtml');
 95:     }
 96: 
 97:     /**
 98:      * Define active menu item in menu block
 99:      *
100:      * @return Mage_Adminhtml_Controller_Action
101:      */
102:     protected function _setActiveMenu($menuPath)
103:     {
104:         $this->getLayout()->getBlock('menu')->setActive($menuPath);
105:         return $this;
106:     }
107: 
108:     /**
109:      * @return Mage_Adminhtml_Controller_Action
110:      */
111:     protected function _addBreadcrumb($label, $title, $link=null)
112:     {
113:         $this->getLayout()->getBlock('breadcrumbs')->addLink($label, $title, $link);
114:         return $this;
115:     }
116: 
117:     /**
118:      * @return Mage_Adminhtml_Controller_Action
119:      */
120:     protected function _addContent(Mage_Core_Block_Abstract $block)
121:     {
122:         $this->getLayout()->getBlock('content')->append($block);
123:         return $this;
124:     }
125: 
126:     protected function _addLeft(Mage_Core_Block_Abstract $block)
127:     {
128:         $this->getLayout()->getBlock('left')->append($block);
129:         return $this;
130:     }
131: 
132:     protected function _addJs(Mage_Core_Block_Abstract $block)
133:     {
134:         $this->getLayout()->getBlock('js')->append($block);
135:         return $this;
136:     }
137: 
138:     /**
139:      * Controller predispatch method
140:      *
141:      * @return Mage_Adminhtml_Controller_Action
142:      */
143:     public function preDispatch()
144:     {
145:         // override admin store design settings via stores section
146:         Mage::getDesign()
147:             ->setArea($this->_currentArea)
148:             ->setPackageName((string)Mage::getConfig()->getNode('stores/admin/design/package/name'))
149:             ->setTheme((string)Mage::getConfig()->getNode('stores/admin/design/theme/default'))
150:         ;
151:         foreach (array('layout', 'template', 'skin', 'locale') as $type) {
152:             if ($value = (string)Mage::getConfig()->getNode("stores/admin/design/theme/{$type}")) {
153:                 Mage::getDesign()->setTheme($type, $value);
154:             }
155:         }
156: 
157:         $this->getLayout()->setArea($this->_currentArea);
158: 
159:         Mage::dispatchEvent('adminhtml_controller_action_predispatch_start', array());
160:         parent::preDispatch();
161:         $_isValidFormKey = true;
162:         $_isValidSecretKey = true;
163:         $_keyErrorMsg = '';
164:         if (Mage::getSingleton('admin/session')->isLoggedIn()) {
165:             if ($this->getRequest()->isPost()) {
166:                 $_isValidFormKey = $this->_validateFormKey();
167:                 $_keyErrorMsg = Mage::helper('adminhtml')->__('Invalid Form Key. Please refresh the page.');
168:             } elseif (Mage::getSingleton('adminhtml/url')->useSecretKey()) {
169:                 $_isValidSecretKey = $this->_validateSecretKey();
170:                 $_keyErrorMsg = Mage::helper('adminhtml')->__('Invalid Secret Key. Please refresh the page.');
171:             }
172:         }
173:         if (!$_isValidFormKey || !$_isValidSecretKey) {
174:             $this->setFlag('', self::FLAG_NO_DISPATCH, true);
175:             $this->setFlag('', self::FLAG_NO_POST_DISPATCH, true);
176:             if ($this->getRequest()->getQuery('isAjax', false) || $this->getRequest()->getQuery('ajax', false)) {
177:                 $this->getResponse()->setBody(Mage::helper('core')->jsonEncode(array(
178:                     'error' => true,
179:                     'message' => $_keyErrorMsg
180:                 )));
181:             } else {
182:                 $this->_redirect( Mage::getSingleton('admin/session')->getUser()->getStartupPageUrl() );
183:             }
184:             return $this;
185:         }
186: 
187:         if ($this->getRequest()->isDispatched()
188:             && $this->getRequest()->getActionName() !== 'denied'
189:             && !$this->_isAllowed()) {
190:             $this->_forward('denied');
191:             $this->setFlag('', self::FLAG_NO_DISPATCH, true);
192:             return $this;
193:         }
194: 
195:         if (!$this->getFlag('', self::FLAG_IS_URLS_CHECKED)
196:             && !$this->getRequest()->getParam('forwarded')
197:             && !$this->_getSession()->getIsUrlNotice(true)
198:             && !Mage::getConfig()->getNode('global/can_use_base_url')) {
199:             //$this->_checkUrlSettings();
200:             $this->setFlag('', self::FLAG_IS_URLS_CHECKED, true);
201:         }
202:         if (is_null(Mage::getSingleton('adminhtml/session')->getLocale())) {
203:             Mage::getSingleton('adminhtml/session')->setLocale(Mage::app()->getLocale()->getLocaleCode());
204:         }
205: 
206:         return $this;
207:     }
208: 
209:     /**
210:      * @deprecated after 1.4.0.0 alpha, logic moved to Mage_Adminhtml_Block_Notification_Baseurl
211:      * @return Mage_Adminhtml_Controller_Action
212:      */
213:     protected function _checkUrlSettings()
214:     {
215:         /**
216:          * Don't check for data saving actions
217:          */
218:         if ($this->getRequest()->getPost() || $this->getRequest()->getQuery('isAjax')) {
219:             return $this;
220:         }
221: 
222:         $configData = Mage::getModel('core/config_data');
223: 
224:         $defaultUnsecure = (string)Mage::getConfig()->getNode(
225:             'default/' . Mage_Core_Model_Store::XML_PATH_UNSECURE_BASE_URL
226:         );
227:         $defaultSecure = (string)Mage::getConfig()->getNode(
228:             'default/' . Mage_Core_Model_Store::XML_PATH_SECURE_BASE_URL
229:         );
230: 
231:         if ($defaultSecure == '{{base_url}}' || $defaultUnsecure == '{{base_url}}') {
232:             $this->_getSession()->addNotice(
233:                 $this->__('{{base_url}} is not recommended to use in a production environment to declare the Base Unsecure URL / Base Secure URL. It is highly recommended to change this value in your Magento <a href="%s">configuration</a>.', $this->getUrl('adminhtml/system_config/edit', array('section'=>'web')))
234:             );
235:             return $this;
236:         }
237: 
238:         $dataCollection = $configData->getCollection()
239:             ->addValueFilter('{{base_url}}');
240: 
241:         $url = false;
242:         foreach ($dataCollection as $data) {
243:             if ($data->getScope() == 'stores') {
244:                 $code = Mage::app()->getStore($data->getScopeId())->getCode();
245:                 $url = $this->getUrl('adminhtml/system_config/edit', array('section'=>'web', 'store'=>$code));
246:             }
247:             if ($data->getScope() == 'websites') {
248:                 $code = Mage::app()->getWebsite($data->getScopeId())->getCode();
249:                 $url = $this->getUrl('adminhtml/system_config/edit', array('section'=>'web', 'website'=>$code));
250:             }
251: 
252:             if ($url) {
253:                 $this->_getSession()->addNotice(
254:                     $this->__('{{base_url}} is not recommended to use in a production environment to declare the Base Unsecure URL / Base Secure URL. It is highly recommended to change this value in your Magento <a href="%s">configuration</a>.', $url)
255:                 );
256:                 return $this;
257:             }
258:         }
259:         return $this;
260:     }
261: 
262:     public function deniedAction()
263:     {
264:         $this->getResponse()->setHeader('HTTP/1.1','403 Forbidden');
265:         if (!Mage::getSingleton('admin/session')->isLoggedIn()) {
266:             $this->_redirect('*/index/login');
267:             return;
268:         }
269:         $this->loadLayout(array('default', 'adminhtml_denied'));
270:         $this->renderLayout();
271:     }
272: 
273:     public function loadLayout($ids=null, $generateBlocks=true, $generateXml=true)
274:     {
275:         parent::loadLayout($ids, $generateBlocks, $generateXml);
276:         $this->_initLayoutMessages('adminhtml/session');
277:         return $this;
278:     }
279: 
280:     public function norouteAction($coreRoute = null)
281:     {
282:         $this->getResponse()->setHeader('HTTP/1.1','404 Not Found');
283:         $this->getResponse()->setHeader('Status','404 File not found');
284:         $this->loadLayout(array('default', 'adminhtml_noroute'));
285:         $this->renderLayout();
286:     }
287: 
288: 
289:     /**
290:      * Retrieve currently used module name
291:      *
292:      * @return string
293:      */
294:     public function getUsedModuleName()
295:     {
296:         return $this->_usedModuleName;
297:     }
298: 
299:     /**
300:      * Set currently used module name
301:      *
302:      * @param string $moduleName
303:      * @return Mage_Adminhtml_Controller_Action
304:      */
305:     public function setUsedModuleName($moduleName)
306:     {
307:         $this->_usedModuleName = $moduleName;
308:         return $this;
309:     }
310: 
311:     /**
312:      * Translate a phrase
313:      *
314:      * @return string
315:      */
316:     public function __()
317:     {
318:         $args = func_get_args();
319:         $expr = new Mage_Core_Model_Translate_Expr(array_shift($args), $this->getUsedModuleName());
320:         array_unshift($args, $expr);
321:         return Mage::app()->getTranslator()->translate($args);
322:     }
323: 
324:     /**
325:      * Set referer url for redirect in responce
326:      *
327:      * Is overriden here to set defaultUrl to admin url
328:      *
329:      * @param   string $defaultUrl
330:      * @return  Mage_Adminhtml_Controller_Action
331:      */
332:     protected function _redirectReferer($defaultUrl=null)
333:     {
334:         $defaultUrl = empty($defaultUrl) ? $this->getUrl('*') : $defaultUrl;
335:         parent::_redirectReferer($defaultUrl);
336:         return $this;
337:     }
338: 
339:     /**
340:      * Set redirect into responce
341:      *
342:      * @param   string $path
343:      * @param   array $arguments
344:      */
345:     protected function _redirect($path, $arguments=array())
346:     {
347:         $this->_getSession()->setIsUrlNotice($this->getFlag('', self::FLAG_IS_URLS_CHECKED));
348:         $this->getResponse()->setRedirect($this->getUrl($path, $arguments));
349:         return $this;
350:     }
351: 
352:     protected function _forward($action, $controller = null, $module = null, array $params = null)
353:     {
354:         $this->_getSession()->setIsUrlNotice($this->getFlag('', self::FLAG_IS_URLS_CHECKED));
355:         return parent::_forward($action, $controller, $module, $params);
356:     }
357: 
358:     /**
359:      * Generate url by route and parameters
360:      *
361:      * @param   string $route
362:      * @param   array $params
363:      * @return  string
364:      */
365:     public function getUrl($route='', $params=array())
366:     {
367:         return Mage::helper('adminhtml')->getUrl($route, $params);
368:     }
369: 
370:     /**
371:      * Validate Secret Key
372:      *
373:      * @return bool
374:      */
375:     protected function _validateSecretKey()
376:     {
377:         if (is_array($this->_publicActions) && in_array($this->getRequest()->getActionName(), $this->_publicActions)) {
378:             return true;
379:         }
380: 
381:         if (!($secretKey = $this->getRequest()->getParam(Mage_Adminhtml_Model_Url::SECRET_KEY_PARAM_NAME, null))
382:             || $secretKey != Mage::getSingleton('adminhtml/url')->getSecretKey()) {
383:             return false;
384:         }
385:         return true;
386:     }
387: }
388:
Packages

Classes

Interfaces

Exceptions
