-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathExecutionFilter.php
155 lines (135 loc) · 5.08 KB
/
ExecutionFilter.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
<?php
/*
* This file has its roots as part of the Mojavi package which was
* Copyright (c) 2003 Sean Kerr. It has been incorporated into this
* derivative work under the terms of the LGPL V2.1.
* (http://www.gnu.org/licenses/lgpl-2.1.html)
*/
namespace Xmf\Xadr;
use Xmf\Xadr\Exceptions\MissingResponderException;
use Xmf\Xadr\Exceptions\InvalidConfigurationException;
/**
* ExecutionFilter is the main filter that controls validation,
* action execution and response rendering.
*
* @category Xmf\Xadr\ExecutionFilter
* @package Xmf
* @author Richard Griffith <[email protected]>
* @author Sean Kerr <[email protected]>
* @copyright 2013-2015 XOOPS Project (http://xoops.org)
* @copyright 2003 Sean Kerr
* @license GNU GPL 2 or later (http://www.gnu.org/licenses/gpl-2.0.html)
* @link http://xoops.org
*/
class ExecutionFilter extends Filter
{
/**
* Execute this filter.
*
* @return void
*/
public function executePreAction()
{
// retrieve current action instance
$execChain = $this->controller()->getExecutionChain();
$action = $execChain->getAction();
$actionName = $this->controller()->getCurrentAction();
$unitName = $this->controller()->getCurrentUnit();
// get current method
$method = $this->request()->getMethod();
// initialize the action
if (!$action->initialize()) {
return;
}
// does this action require authentication and authorization?
if (!$this->checkAuthorization($action)) {
return;
}
if (($action->getRequestMethods() & $method) != $method) {
// This action doesn't handle the current request method, use the default
// response. Can force this by specifying Xadr::REQUEST_NONE in getRequestMethods()
$responseSelected = $action->getDefaultResponse();
} else {
// create a ValidatorManager instance
$validManager = new ValidatorManager($this->context);
// register individual validators
$action->registerValidators($validManager);
// check individual validators, and if they succeed,
// validate entire request
if (!$validManager->execute()
|| !$action->validate()
) {
// one or more individual validators failed or
// request validation failed
$responseSelected = $action->getErrorResponse();
} else {
// execute the action
$responseSelected = $action->execute();
}
}
$responseSelected->setDefaultAction($unitName, $actionName);
if (Xadr::RESPONSE_NONE === $responseSelected->getResponseCode()) {
return; // nothing more to do
}
$this->processResponse($responseSelected);
}
/**
* checkAuthorization - establish that proper authority exists to execute an action
*
* @param Action $action action instance
*
* @return boolean true if authorized, false if not authorized
*
* @throws Xmf\Xadr\Exceptions\InvalidConfigurationException;
*/
protected function checkAuthorization(Action $action)
{
// does this action require authentication and authorization?
if ($action->isLoginRequired()) {
// get authorization handler and required privilege
$authHandler = $this->controller()->getAuthorizationHandler();
if ($authHandler === null) {
$actionName = get_class($action);
throw new InvalidConfigurationException(
"Action {$actionName} requires security but no authorization handler is set"
);
} elseif (!$authHandler->execute($action)) {
// user doesn't have access
return false;
}
}
// user has authorization or no authorization is required
return true;
}
/**
* processResponder
*
* @param ResponseSelector $responseSelected object describing the appropriate responder.
*
* @return void
*
* @throws Xmf\Xadr\Exceptions\MissingResponderException;
*/
protected function processResponse(ResponseSelector $responseSelected)
{
$responder = $this->controller()->getResponder($responseSelected);
if ($responder === null) {
$error = sprintf(
"%s\\%s does not have a responder for %s",
$responseSelected->getResponseUnit(),
$responseSelected->getResponseAction(),
$responseSelected->getResponseCode()
);
throw new MissingResponderException($error);
}
// execute, render and cleanup responder
$responder->initialize();
$renderer = $responder->execute();
if ($renderer) {
$renderer->execute();
// add the renderer to the request
$this->request()->attributes()->set('org.mojavi.renderer', $renderer);
}
$responder->cleanup();
}
}