1: <?php
2: namespace Opencart\Admin\Controller\User;
3: /**
4: * Class User Permission
5: *
6: * @package Opencart\Admin\Controller\User
7: */
8: class UserPermission extends \Opencart\System\Engine\Controller {
9: /**
10: * Index
11: *
12: * @return void
13: */
14: public function index(): void {
15: $this->load->language('user/user_group');
16:
17: $this->document->setTitle($this->language->get('heading_title'));
18:
19: $url = '';
20:
21: if (isset($this->request->get['sort'])) {
22: $url .= '&sort=' . $this->request->get['sort'];
23: }
24:
25: if (isset($this->request->get['order'])) {
26: $url .= '&order=' . $this->request->get['order'];
27: }
28:
29: if (isset($this->request->get['page'])) {
30: $url .= '&page=' . $this->request->get['page'];
31: }
32:
33: $data['breadcrumbs'] = [];
34:
35: $data['breadcrumbs'][] = [
36: 'text' => $this->language->get('text_home'),
37: 'href' => $this->url->link('common/dashboard', 'user_token=' . $this->session->data['user_token'])
38: ];
39:
40: $data['breadcrumbs'][] = [
41: 'text' => $this->language->get('heading_title'),
42: 'href' => $this->url->link('user/user_permission', 'user_token=' . $this->session->data['user_token'] . $url)
43: ];
44:
45: $data['add'] = $this->url->link('user/user_permission.form', 'user_token=' . $this->session->data['user_token'] . $url);
46: $data['delete'] = $this->url->link('user/user_permission.delete', 'user_token=' . $this->session->data['user_token']);
47:
48: $data['list'] = $this->getList();
49:
50: $data['user_token'] = $this->session->data['user_token'];
51:
52: $data['header'] = $this->load->controller('common/header');
53: $data['column_left'] = $this->load->controller('common/column_left');
54: $data['footer'] = $this->load->controller('common/footer');
55:
56: $this->response->setOutput($this->load->view('user/user_group', $data));
57: }
58:
59: /**
60: * List
61: *
62: * @return void
63: */
64: public function list(): void {
65: $this->load->language('user/user_group');
66:
67: $this->response->setOutput($this->getList());
68: }
69:
70: /**
71: * Get List
72: *
73: * @return string
74: */
75: protected function getList(): string {
76: if (isset($this->request->get['sort'])) {
77: $sort = (string)$this->request->get['sort'];
78: } else {
79: $sort = 'name';
80: }
81:
82: if (isset($this->request->get['order'])) {
83: $order = (string)$this->request->get['order'];
84: } else {
85: $order = 'ASC';
86: }
87:
88: if (isset($this->request->get['page'])) {
89: $page = (int)$this->request->get['page'];
90: } else {
91: $page = 1;
92: }
93:
94: $url = '';
95:
96: if (isset($this->request->get['sort'])) {
97: $url .= '&sort=' . $this->request->get['sort'];
98: }
99:
100: if (isset($this->request->get['order'])) {
101: $url .= '&order=' . $this->request->get['order'];
102: }
103:
104: if (isset($this->request->get['page'])) {
105: $url .= '&page=' . $this->request->get['page'];
106: }
107:
108: $data['action'] = $this->url->link('user/user_permission.list', 'user_token=' . $this->session->data['user_token'] . $url);
109:
110: $data['user_groups'] = [];
111:
112: $filter_data = [
113: 'sort' => $sort,
114: 'order' => $order,
115: 'start' => ($page - 1) * $this->config->get('config_pagination_admin'),
116: 'limit' => $this->config->get('config_pagination_admin')
117: ];
118:
119: $this->load->model('user/user_group');
120:
121: $results = $this->model_user_user_group->getUserGroups($filter_data);
122:
123: foreach ($results as $result) {
124: $data['user_groups'][] = [
125: 'user_group_id' => $result['user_group_id'],
126: 'name' => $result['name'],
127: 'edit' => $this->url->link('user/user_permission.form', 'user_token=' . $this->session->data['user_token'] . '&user_group_id=' . $result['user_group_id'] . $url)
128: ];
129: }
130:
131: $url = '';
132:
133: if ($order == 'ASC') {
134: $url .= '&order=DESC';
135: } else {
136: $url .= '&order=ASC';
137: }
138:
139: $data['sort_name'] = $this->url->link('user/user_permission.list', 'user_token=' . $this->session->data['user_token'] . '&sort=name' . $url);
140:
141: $url = '';
142:
143: if (isset($this->request->get['sort'])) {
144: $url .= '&sort=' . $this->request->get['sort'];
145: }
146:
147: if (isset($this->request->get['order'])) {
148: $url .= '&order=' . $this->request->get['order'];
149: }
150:
151: $user_group_total = $this->model_user_user_group->getTotalUserGroups();
152:
153: $data['pagination'] = $this->load->controller('common/pagination', [
154: 'total' => $user_group_total,
155: 'page' => $page,
156: 'limit' => $this->config->get('config_pagination_admin'),
157: 'url' => $this->url->link('user/user_permission.list', 'user_token=' . $this->session->data['user_token'] . $url . '&page={page}')
158: ]);
159:
160: $data['results'] = sprintf($this->language->get('text_pagination'), ($user_group_total) ? (($page - 1) * $this->config->get('config_pagination_admin')) + 1 : 0, ((($page - 1) * $this->config->get('config_pagination_admin')) > ($user_group_total - $this->config->get('config_pagination_admin'))) ? $user_group_total : ((($page - 1) * $this->config->get('config_pagination_admin')) + $this->config->get('config_pagination_admin')), $user_group_total, ceil($user_group_total / $this->config->get('config_pagination_admin')));
161:
162: $data['sort'] = $sort;
163: $data['order'] = $order;
164:
165: return $this->load->view('user/user_group_list', $data);
166: }
167:
168: /**
169: * Form
170: *
171: * @return void
172: */
173: public function form(): void {
174: $this->load->language('user/user_group');
175:
176: $this->document->setTitle($this->language->get('heading_title'));
177:
178: $data['text_form'] = !isset($this->request->get['user_group_id']) ? $this->language->get('text_add') : $this->language->get('text_edit');
179:
180: $url = '';
181:
182: if (isset($this->request->get['sort'])) {
183: $url .= '&sort=' . $this->request->get['sort'];
184: }
185:
186: if (isset($this->request->get['order'])) {
187: $url .= '&order=' . $this->request->get['order'];
188: }
189:
190: if (isset($this->request->get['page'])) {
191: $url .= '&page=' . $this->request->get['page'];
192: }
193:
194: $data['breadcrumbs'] = [];
195:
196: $data['breadcrumbs'][] = [
197: 'text' => $this->language->get('text_home'),
198: 'href' => $this->url->link('common/dashboard', 'user_token=' . $this->session->data['user_token'])
199: ];
200:
201: $data['breadcrumbs'][] = [
202: 'text' => $this->language->get('heading_title'),
203: 'href' => $this->url->link('user/user_permission', 'user_token=' . $this->session->data['user_token'] . $url)
204: ];
205:
206: $data['save'] = $this->url->link('user/user_permission.save', 'user_token=' . $this->session->data['user_token']);
207: $data['back'] = $this->url->link('user/user_permission', 'user_token=' . $this->session->data['user_token'] . $url);
208:
209: if (isset($this->request->get['user_group_id'])) {
210: $this->load->model('user/user_group');
211:
212: $user_group_info = $this->model_user_user_group->getUserGroup($this->request->get['user_group_id']);
213: }
214:
215: if (isset($this->request->get['user_group_id'])) {
216: $data['user_group_id'] = (int)$this->request->get['user_group_id'];
217: } else {
218: $data['user_group_id'] = 0;
219: }
220:
221: if (!empty($user_group_info)) {
222: $data['name'] = $user_group_info['name'];
223: } else {
224: $data['name'] = '';
225: }
226:
227: // Routes to ignore
228: $ignore = [
229: 'common/dashboard',
230: 'common/startup',
231: 'common/login',
232: 'common/logout',
233: 'common/forgotten',
234: 'common/authorize',
235: 'common/footer',
236: 'common/header',
237: 'common/column_left',
238: 'common/language',
239: 'common/pagination',
240: 'error/not_found',
241: 'error/permission',
242: 'event/currency',
243: 'event/debug',
244: 'event/language',
245: 'event/statistics',
246: 'startup/application',
247: 'startup/authorize',
248: 'startup/error',
249: 'startup/event',
250: 'startup/extension',
251: 'startup/language',
252: 'startup/login',
253: 'startup/notification',
254: 'startup/permission',
255: 'startup/sass',
256: 'startup/session',
257: 'startup/setting',
258: 'startup/startup'
259: ];
260:
261: $files = [];
262:
263: // Make path into an array
264: $path = [DIR_APPLICATION . 'controller/*'];
265:
266: // While the path array is still populated keep looping through
267: while (count($path) != 0) {
268: $next = array_shift($path);
269:
270: foreach (glob($next . '/*') as $file) {
271: // If directory add to path array
272: if (is_dir($file)) {
273: $path[] = $file;
274: }
275:
276: // Add the file to the files to be deleted array
277: if (is_file($file) && substr($file, strrpos($file, '.')) == '.php') {
278: $files[] = $file;
279: }
280: }
281: }
282:
283: // Sort the file array
284: sort($files);
285:
286: $data['permissions'] = [];
287:
288: foreach ($files as $file) {
289: $controller = substr($file, strlen(DIR_APPLICATION . 'controller/'));
290:
291: $permission = substr($controller, 0, strrpos($controller, '.'));
292:
293: if (!in_array($permission, $ignore)) {
294: $data['permissions'][] = $permission;
295: }
296: }
297:
298: $data['extensions'] = [];
299:
300: // Extension permissions
301: $results = glob(DIR_EXTENSION . '*/admin/controller/*/*.php');
302:
303: foreach ($results as $result) {
304: $path = substr($result, strlen(DIR_EXTENSION));
305:
306: $data['extensions'][] = 'extension/' . str_replace('admin/controller/', '', substr($path, 0, strrpos($path, '.')));
307: }
308:
309: if (isset($user_group_info['permission']['access'])) {
310: $data['access'] = $user_group_info['permission']['access'];
311: } else {
312: $data['access'] = [];
313: }
314:
315: if (isset($user_group_info['permission']['modify'])) {
316: $data['modify'] = $user_group_info['permission']['modify'];
317: } else {
318: $data['modify'] = [];
319: }
320:
321: $data['user_token'] = $this->session->data['user_token'];
322:
323: $data['header'] = $this->load->controller('common/header');
324: $data['column_left'] = $this->load->controller('common/column_left');
325: $data['footer'] = $this->load->controller('common/footer');
326:
327: $this->response->setOutput($this->load->view('user/user_group_form', $data));
328: }
329:
330: /**
331: * Save
332: *
333: * @return void
334: */
335: public function save(): void {
336: $this->load->language('user/user_group');
337:
338: $json = [];
339:
340: if (!$this->user->hasPermission('modify', 'user/user_permission')) {
341: $json['error']['warning'] = $this->language->get('error_permission');
342: }
343:
344: if ((oc_strlen($this->request->post['name']) < 3) || (oc_strlen($this->request->post['name']) > 64)) {
345: $json['error']['name'] = $this->language->get('error_name');
346: }
347:
348: if (!$json) {
349: $this->load->model('user/user_group');
350:
351: if (!$this->request->post['user_group_id']) {
352: $json['user_group_id'] = $this->model_user_user_group->addUserGroup($this->request->post);
353: } else {
354: $this->model_user_user_group->editUserGroup($this->request->post['user_group_id'], $this->request->post);
355: }
356:
357: $json['success'] = $this->language->get('text_success');
358: }
359:
360: $this->response->addHeader('Content-Type: application/json');
361: $this->response->setOutput(json_encode($json));
362: }
363:
364: /**
365: * Delete
366: *
367: * @return void
368: */
369: public function delete(): void {
370: $this->load->language('user/user_group');
371:
372: $json = [];
373:
374: if (isset($this->request->post['selected'])) {
375: $selected = $this->request->post['selected'];
376: } else {
377: $selected = [];
378: }
379:
380: if (!$this->user->hasPermission('modify', 'user/user_permission')) {
381: $json['error'] = $this->language->get('error_permission');
382: }
383:
384: $this->load->model('user/user');
385:
386: foreach ($selected as $user_group_id) {
387: $user_total = $this->model_user_user->getTotalUsersByGroupId($user_group_id);
388:
389: if ($user_total) {
390: $json['error'] = sprintf($this->language->get('error_user'), $user_total);
391: }
392: }
393:
394: if (!$json) {
395: $this->load->model('user/user_group');
396:
397: foreach ($selected as $user_group_id) {
398: $this->model_user_user_group->deleteUserGroup($user_group_id);
399: }
400:
401: $json['success'] = $this->language->get('text_success');
402: }
403:
404: $this->response->addHeader('Content-Type: application/json');
405: $this->response->setOutput(json_encode($json));
406: }
407: }
408: