From 4621551acf0126cb357c99f22a39668da31eeb1c Mon Sep 17 00:00:00 2001 From: lLefevre Date: Thu, 17 Nov 2011 16:05:06 +0000 Subject: [PATCH] // fix added form.tpl in AdminWebserviceController git-svn-id: http://dev.prestashop.com/svn/v1/branches/1.5.x@10224 b9a71923-0436-4b27-9f14-aed3839534dd --- .../themes/template/helper/form/form.tpl | 2 +- admin-dev/themes/template/webservice/form.tpl | 67 +++- classes/AdminController.php | 4 + classes/webservice/WebserviceKey.php | 58 ++-- .../admin/AdminWebserviceController.php | 324 ++++++++---------- 5 files changed, 233 insertions(+), 222 deletions(-) diff --git a/admin-dev/themes/template/helper/form/form.tpl b/admin-dev/themes/template/helper/form/form.tpl index dc4df32d3..73bac2f13 100644 --- a/admin-dev/themes/template/helper/form/form.tpl +++ b/admin-dev/themes/template/helper/form/form.tpl @@ -95,7 +95,7 @@ {else} + +{block name="end_field_block"} + {if $input.type == 'text' && $input.name == 'key'} + + {/if} + +{/block} + +{block name="start_field_block"} +
+ {if $input.type == 'resources'} +

{l s='Set the resource permissions for this key:'}

+ + + + + + + + + + + + + + + + + + + + + + + {foreach $ressources as $resource_name => $resource} + + + + + + + + + + {/foreach} + +
{l s='Resource'}{l s='View (GET)'}{l s='Modify (PUT)'}{l s='Add (POST)'}{l s='Delete (DELETE)'}{l s='Fast view (HEAD)'}
{$resource_name}
+ {/if} +{/block} + +{block name="script"} $(function() { - $('table.permissions input.all').click(function() { + $('table.accesses input.all').click(function() { if($(this).is(':checked')) $(this).parent().parent().find('input.get:not(:checked), input.put:not(:checked), input.post:not(:checked), input.delete:not(:checked), input.head:not(:checked)').click(); else $(this).parent().parent().find('input.get:checked, input.put:checked, input.post:checked, input.delete:checked, input.head:checked').click(); }); - $('table.permissions .all_get').click(function() { + $('table.accesses .all_get').click(function() { if($(this).is(':checked')) $(this).parent().parent().parent().find('input.get:not(:checked)').click(); else $(this).parent().parent().parent().find('input.get:checked').click(); }); - $('table.permissions .all_put').click(function() { + $('table.accesses .all_put').click(function() { if($(this).is(':checked')) $(this).parent().parent().parent().find('input.put:not(:checked)').click(); else $(this).parent().parent().parent().find('input.put:checked').click(); }); - $('table.permissions .all_post').click(function() { + $('table.accesses .all_post').click(function() { if($(this).is(':checked')) $(this).parent().parent().parent().find('input.post:not(:checked)').click(); else $(this).parent().parent().parent().find('input.post:checked').click(); }); - $('table.permissions .all_delete').click(function() { + $('table.accesses .all_delete').click(function() { if($(this).is(':checked')) $(this).parent().parent().parent().find('input.delete:not(:checked)').click(); else $(this).parent().parent().parent().find('input.delete:checked').click(); }); - $('table.permissions .all_head').click(function() { + $('table.accesses .all_head').click(function() { if($(this).is(':checked')) $(this).parent().parent().parent().find('input.head:not(:checked)').click(); else $(this).parent().parent().parent().find('input.head:checked').click(); }); }); - {/block} diff --git a/classes/AdminController.php b/classes/AdminController.php index 390e77aee..5a9f4bd51 100644 --- a/classes/AdminController.php +++ b/classes/AdminController.php @@ -629,7 +629,11 @@ class AdminControllerCore extends Controller $this->_errors[] = Tools::displayError('You do not have permission to add here.'); } } + $this->_errors = array_unique($this->_errors); + if (count($this->_errors) > 0); + return; + return $object; } diff --git a/classes/webservice/WebserviceKey.php b/classes/webservice/WebserviceKey.php index b55e0a421..f640efc96 100755 --- a/classes/webservice/WebserviceKey.php +++ b/classes/webservice/WebserviceKey.php @@ -28,20 +28,20 @@ class WebserviceKeyCore extends ObjectModel { /** @var string Key */ - public $key; + public $key; /** @var boolean Webservice Account statuts */ - public $active = true; + public $active = true; /** @var string Webservice Account description */ - public $description; + public $description; - protected $fieldsRequired = array('key'); - protected $fieldsSize = array('key' => 32); - protected $fieldsValidate = array('active' => 'isBool'); + protected $fieldsRequired = array('key'); + protected $fieldsSize = array('key' => 32); + protected $fieldsValidate = array('active' => 'isBool'); - protected $table = 'webservice_account'; - protected $identifier = 'id_webservice_account'; + protected $table = 'webservice_account'; + protected $identifier = 'id_webservice_account'; public function add($autodate = true, $nullValues = false) @@ -51,7 +51,7 @@ class WebserviceKeyCore extends ObjectModel return parent::add($autodate = true, $nullValues = false); } - static public function keyExists($key) + public static function keyExists($key) { return (!Db::getInstance(_PS_USE_SQL_SLAVE_)->executeS('SELECT `key` FROM '._DB_PREFIX_.'webservice_account @@ -63,29 +63,27 @@ class WebserviceKeyCore extends ObjectModel $this->validateFields(); $fields['key'] = pSQL($this->key); - $fields['active'] = (int)($this->active); + $fields['active'] = (int)$this->active; $fields['description'] = pSQL($this->description); return $fields; } public function delete() { - if (!parent::delete() OR $this->deleteAssociations() === false) + if (!parent::delete() || $this->deleteAssociations() === false) return false; return true; } public function deleteAssociations() { - if ( - Db::getInstance()->execute(' + if (Db::getInstance()->execute(' DELETE FROM `'._DB_PREFIX_.'webservice_permission` - WHERE `id_webservice_account` = '.(int)($this->id)) === false + WHERE `id_webservice_account` = '.(int)$this->id) === false || Db::getInstance()->execute(' DELETE FROM `'._DB_PREFIX_.'webservice_permission` - WHERE `id_webservice_account` = '.(int)($this->id)) === false - ) + WHERE `id_webservice_account` = '.(int)$this->id) === false) return false; return true; } @@ -115,9 +113,7 @@ class WebserviceKeyCore extends ObjectModel if (!isset($result[0])) return null; else - { return isset($result[0]['active']) && $result[0]['active']; - } } public static function getClassFromKey($auth_key) @@ -130,38 +126,36 @@ class WebserviceKeyCore extends ObjectModel if (!isset($result[0])) return null; else - { return $result[0]['class']; - } } - public static function setPermissionForAccount($idAccount, $permissionsToSet) + public static function setPermissionForAccount($id_account, $permissions_to_set) { $ok = true; - $sql = 'DELETE FROM `'._DB_PREFIX_.'webservice_permission` WHERE `id_webservice_account` = '.(int)($idAccount); + $sql = 'DELETE FROM `'._DB_PREFIX_.'webservice_permission` WHERE `id_webservice_account` = '.(int)$id_account; if (!Db::getInstance()->execute($sql)) $ok = false; - if (isset($permissionsToSet)) - { + if (isset($permissions_to_set)) + { $permissions = array(); $resources = WebserviceRequest::getResources(); $methods = array('GET', 'PUT', 'POST', 'DELETE', 'HEAD'); - foreach ($permissionsToSet as $resourceName => $resource_methods) - if (in_array($resourceName, array_keys($resources))) - foreach (array_keys($resource_methods) as $methodName) - if (in_array($methodName, $methods)) - $permissions[] = array($methodName, $resourceName); - $account = new WebserviceKey($idAccount); + foreach ($permissions_to_set as $resource_name => $resource_methods) + if (in_array($resource_name, array_keys($resources))) + foreach (array_keys($resource_methods) as $method_name) + if (in_array($method_name, $methods)) + $permissions[] = array($method_name, $resource_name); + $account = new WebserviceKey($id_account); if ($account->deleteAssociations() && $permissions) { $sql = 'INSERT INTO `'._DB_PREFIX_.'webservice_permission` (`id_webservice_permission` ,`resource` ,`method` ,`id_webservice_account`) VALUES '; foreach ($permissions as $permission) - $sql .= '(NULL , \''.pSQL($permission[1]).'\', \''.pSQL($permission[0]).'\', '.(int)($idAccount).'), '; + $sql .= '(NULL , \''.pSQL($permission[1]).'\', \''.pSQL($permission[0]).'\', '.(int)$id_account.'), '; $sql = rtrim($sql, ', '); if (!Db::getInstance()->execute($sql)) $ok = false; } - } + } return $ok; } } diff --git a/controllers/admin/AdminWebserviceController.php b/controllers/admin/AdminWebserviceController.php index 96e93718b..8e71819df 100755 --- a/controllers/admin/AdminWebserviceController.php +++ b/controllers/admin/AdminWebserviceController.php @@ -1,6 +1,6 @@ table = 'webservice_account'; - $this->className = 'WebserviceKey'; + $this->className = 'WebserviceKey'; $this->lang = false; $this->edit = true; $this->delete = true; $this->id_lang_default = Configuration::get('PS_LANG_DEFAULT'); - + $this->fieldsDisplay = array( - 'key' => array('title' => $this->l('Key'), 'align' => 'center', 'width' => 32), - 'active' => array('title' => $this->l('Enabled'), 'align' => 'center', 'active' => 'status', 'type' => 'bool', 'orderby' => false), - 'description' => array('title' => $this->l('Key description'), 'align' => 'center', 'orderby' => false) + 'key' => array( + 'title' => $this->l('Key'), + 'align' => 'center', + 'width' => 32 + ), + 'active' => array( + 'title' => $this->l('Enabled'), + 'align' => 'center', + 'active' => 'status', + 'type' => 'bool', + 'orderby' => false + ), + 'description' => array( + 'title' => $this->l('Key description'), + 'align' => 'center', + 'orderby' => false + ) ); - + if (file_exists(_PS_ROOT_DIR_.'/.htaccess')) $this->options = array( 'general' => array( 'title' => $this->l('Configuration'), 'fields' => array( - 'PS_WEBSERVICE' => array('title' => $this->l('Enable PrestaShop Webservice:'), + 'PS_WEBSERVICE' => array('title' => $this->l('Enable PrestaShop Webservice:'), 'desc' => $this->l('Before activating the webservice, you must be sure to: '). - '
  1. '.$this->l('be certain URL rewrite is available on this server'). - '
  2. '.$this->l('be certain that the 5 methods GET, POST, PUT, DELETE and HEAD are supported by this server'). - '
', + '
    +
  1. '.$this->l('be certain URL rewrite is available on this server').'
  2. +
  3. '.$this->l('be certain that the 5 methods GET, POST, PUT, DELETE and HEAD are supported by this server').'
  4. +
', 'cast' => 'intval', 'type' => 'bool'), ), @@ -63,138 +78,97 @@ class AdminWebserviceControllerCore extends AdminController parent::__construct(); } - - protected function afterAdd($object) - { - WebserviceKey::setPermissionForAccount($object->id, Tools::getValue('resources', array())); - } - - protected function afterUpdate($object) - { - WebserviceKey::setPermissionForAccount($object->id, Tools::getValue('resources', array())); - } - - public function checkForWarning() - { - if (!file_exists(_PS_ROOT_DIR_.'/.htaccess')) - $this->warnings[] = $this->l('In order to enable the PrestaShop Webservice, please generate the .htaccess file via the "Generators" tab (in the "Tools" tab).'); - if (strpos($_SERVER['SERVER_SOFTWARE'], 'Apache') === false) - $this->warnings[] = $this->l('To avoid operating problems, please use an Apache server.'); - { - if (function_exists('apache_get_modules')) - { - $apache_modules = apache_get_modules(); - if (!in_array('mod_auth_basic', $apache_modules)) - $this->warnings[] = $this->l('Please activate the Apache module \'mod_auth_basic\' to allow authentication of PrestaShop webservice.'); - if (!in_array('mod_rewrite', $apache_modules)) - $this->warnings[] = $this->l('Please activate the Apache module \'mod_rewrite\' to allow using the PrestaShop webservice.'); - } - else - { - $this->warnings[] = $this->l('We could not check if basic authentication and rewrite extensions are activated. Please manually check if they are activated in order to use the PrestaShop webservice.'); - } - } - if (!extension_loaded('SimpleXML')) - $this->warnings[] = $this->l('Please activate the PHP extension \'SimpleXML\' to allow testing of PrestaShop webservice.'); - if (!configuration::get('PS_SSL_ENABLED')) - $this->warnings[] = $this->l('If possible, it is preferable to use SSL (https) for webservice calls, as it avoids the security issues of type "man in the middle".'); - - foreach ($this->_list as $k => $item) - if ($item['is_module'] && $item['class_name'] && $item['module_name'] && - ($instance = Module::getInstanceByName($item['module_name'])) && - !$instance->useNormalPermissionBehaviour()) - unset($this->_list[$k]); - $this->initList(); - } - - /** @todo : to fill $this->fields_form in order to generate - * the form automatically.. - * - */ - public function initForm($isMainTab = true) + public function initForm() { - $content = ''; + $this->fields_form = array( + 'legend' => array( + 'title' => $this->l('Webservice Accounts:'), + 'image' => '../img/admin/access.png' + ), + 'input' => array( + array( + 'type' => 'text', + 'label' => $this->l('Key:'), + 'name' => 'key', + 'id' => 'code', + 'size' => 32, + 'required' => true, + 'p' => $this->l('Webservice account key'), + ), + array( + 'type' => 'textarea', + 'label' => $this->l('Key description:'), + 'name' => 'description', + 'rows' => 3, + 'cols' => 110, + 'p' => $this->l('Key description'), + ), + array( + 'type' => 'radio', + 'label' => $this->l('Status:'), + 'name' => 'active', + 'required' => false, + 'class' => 't', + 'is_bool' => true, + 'values' => array( + array( + 'id' => 'active_on', + 'value' => 1, + 'label' => $this->l('Enabled') + ), + array( + 'id' => 'active_off', + 'value' => 0, + 'label' => $this->l('Disabled') + ) + ) + ), + array( + 'type' => 'resources', + 'label' => $this->l('Permissions:'), + 'name' => 'resources', + ) + ) + ); + + if (Shop::isFeatureActive()) + { + $this->fields_form['input'][] = array( + 'type' => 'shop', + 'label' => $this->l('Shop association:'), + 'name' => 'checkBoxShopAsso', + 'values' => Shop::getTree() + ); + } + + $this->fields_form['submit'] = array( + 'title' => $this->l(' Save '), + 'class' => 'button' + ); + if (!($obj = $this->loadObject(true))) return; - - $content = ' -
- '.($obj->id ? '' : '').' -
'.$this->l('Webservice Accounts').' - -
- - - * -

'.$this->l('Webservice account key').'

-
- -
- -

'.$this->l('Key description').'

-
- -
- id OR Tools::getValue('active', $obj->active)) ? 'checked="checked" ' : '').'/> - - active) AND $obj->id) ? 'checked="checked" ' : '').'/> - -
- -
-

'.$this->l('Set the resource permissions for this key:').'

- - - - - - - - - - - - - - - - - - - - - - - - '; + $ressources = WebserviceRequest::getResources(); $permissions = WebserviceKey::getPermissionForAccount($obj->key); - foreach ($ressources as $resourceName => $resource) - $content .= ' - - - - - - - - - '; - $content .= ' - -
'.$this->l('Resource').''.$this->l('View (GET)').''.$this->l('Modify (PUT)').''.$this->l('Add (POST)').''.$this->l('Delete (DELETE)').''.$this->l('Fast view (HEAD)').'
'.$resourceName.'
-
-
- -
-
* '.$this->l('Required field').'
-
-
'; - $this->tpl_form_vars['custom_form'] = $content; + + $this->tpl_form_vars = array( + 'ressources' => $ressources, + 'permissions' => $permissions + ); + return parent::initForm(); } + public function initContent() + { + if ($this->display != 'add' && $this->display != 'edit') + $this->checkForWarning(); + + parent::initContent(); + } + public function postProcess() { if (Tools::getValue('key') && strlen(Tools::getValue('key')) < 32) @@ -204,57 +178,49 @@ class AdminWebserviceControllerCore extends AdminController return parent::postProcess(); } - public function initContent() + protected function afterAdd($object) { - $content = ''; - // Include other tab in current tab - if ($this->includeSubTab('display', array('submitAdd2', 'add', 'update', 'view'))){} + WebserviceKey::setPermissionForAccount($object->id, Tools::getValue('resources', array())); + } - // Include current tab - elseif ((Tools::getValue('submitAdd'.$this->table) AND sizeof($this->_errors)) OR isset($_GET['add'.$this->table])) + protected function afterUpdate($object) + { + WebserviceKey::setPermissionForAccount($object->id, Tools::getValue('resources', array())); + } + + public function checkForWarning() + { + if (!file_exists(_PS_ROOT_DIR_.'/.htaccess')) + $this->warnings[] = $this->l('In order to enable the PrestaShop Webservice, + please generate the .htaccess file via the "Generators" tab (in the "Tools" tab).'); + if (strpos($_SERVER['SERVER_SOFTWARE'], 'Apache') === false) { - if ($this->tabAccess['add'] === '1') + $this->warnings[] = $this->l('To avoid operating problems, please use an Apache server.'); + if (function_exists('apache_get_modules')) { - $this->display = 'add'; -// $content .= $this->initForm(); - if ($this->tabAccess['view']) - $content .= '

'.((Tools::getValue('back')) ? $this->l('Back') : $this->l('Back to list')).'
'; + $apache_modules = apache_get_modules(); + if (!in_array('mod_auth_basic', $apache_modules)) + $this->warnings[] = $this->l('Please activate the Apache module \'mod_auth_basic\' to allow authentication of PrestaShop webservice.'); + if (!in_array('mod_rewrite', $apache_modules)) + $this->warnings[] = $this->l('Please activate the Apache module \'mod_rewrite\' to allow using the PrestaShop webservice.'); } else - $content .= $this->l('You do not have permission to add here'); + $this->warnings[] = $this->l('We could not check if basic authentication and rewrite extensions are activated. + Please manually check if they are activated in order to use the PrestaShop webservice.'); } - elseif (isset($_GET['update'.$this->table])) - { - if ($this->tabAccess['edit'] === '1' OR ($this->table == 'employee' AND $this->context->employee->id == Tools::getValue('id_employee'))) - { - $content .= $this->initForm(); - if ($this->tabAccess['view']) - $content .= '

'.((Tools::getValue('back')) ? $this->l('Back') : $this->l('Back to list')).'
'; - } - else - $content .= $this->l('You do not have permission to edit here'); - } - elseif (isset($_GET['view'.$this->table])) - $this->{'view'.$this->table}(); - else - { - $this->checkForWarning(); - -/* - $this->getList($this->context->language->id); - $this->displayList(); - - $this->displayRequiredFields(); - $this->includeSubTab('display'); - $assos_shop = Shop::getAssoTables(); - if (isset($assos_shop[$this->table]) AND $assos_shop[$this->table]['type'] == 'shop') - $this->displayAssoShop(); - elseif (isset($assos_shop[$this->table]) AND $assos_shop[$this->table]['type'] == 'group_shop') - $this->displayAssoShop('group_shop'); - $this->displayOptionsList(); -*/ - } - parent::initContent(); + if (!extension_loaded('SimpleXML')) + $this->warnings[] = $this->l('Please activate the PHP extension \'SimpleXML\' to allow testing of PrestaShop webservice.'); + if (!configuration::get('PS_SSL_ENABLED')) + $this->warnings[] = $this->l('If possible, it is preferable to use SSL (https) for webservice calls, + as it avoids the security issues of type "man in the middle".'); + + foreach ($this->_list as $k => $item) + if ($item['is_module'] && $item['class_name'] && $item['module_name'] && + ($instance = Module::getInstanceByName($item['module_name'])) && + !$instance->useNormalPermissionBehaviour()) + unset($this->_list[$k]); + + $this->initList(); } }