Elgg  Version 4.3
ActionsService.php
Go to the documentation of this file.
1 <?php
2 
3 namespace Elgg;
4 
9 use Elgg\Router\Middleware\Gatekeeper as MiddlewareGateKeeper;
13 
21 
22  use Loggable;
23 
27  private static $access_levels = ['public', 'logged_in', 'logged_out', 'admin'];
28 
33  private static $bypass_csrf = [
34  'logout',
35  ];
36 
40  protected $routes;
41 
45  protected $handlers;
46 
53  public function __construct(RouteRegistrationService $routes, HandlersService $handlers) {
54  $this->routes = $routes;
55  $this->handlers = $handlers;
56  }
57 
71  public function register(string $action, $handler = '', string $access = 'logged_in') {
72  // plugins are encouraged to call actions with a trailing / to prevent 301
73  // redirects but we store the actions without it
74  $action = trim($action, '/');
75 
76  if (empty($handler)) {
77  $path = Paths::elgg() . 'actions';
78  $handler = Paths::sanitize("$path/$action.php", false);
79  }
80 
81  $file = null;
82  $controller = null;
83 
84  if (is_string($handler) && substr($handler, -4) === '.php') {
85  $file = $handler;
86  } else {
87  $controller = $handler;
88  }
89 
90  if (!in_array($access, self::$access_levels)) {
91  $this->getLogger()->error("Unrecognized value '{$access}' for \$access in " . __METHOD__);
92  $access = 'admin';
93  }
94 
95  $middleware = [];
96 
97  if (!in_array($action, self::$bypass_csrf)) {
98  $middleware[] = CsrfFirewall::class;
99  }
100 
101  if ($access == 'admin') {
102  $middleware[] = AdminGatekeeper::class;
103  } elseif ($access == 'logged_in') {
104  $middleware[] = MiddlewareGateKeeper::class;
105  } elseif ($access == 'logged_out') {
106  $middleware[] = LoggedOutGatekeeper::class;
107  }
108 
109  $middleware[] = ActionMiddleware::class;
110 
111  $this->routes->register("action:$action", [
112  'path' => "/action/$action",
113  'file' => $file,
114  'controller' => $controller,
115  'middleware' => $middleware,
116  'walled' => false,
117  ]);
118 
119  return true;
120  }
121 
131  public function unregister(string $action) {
132  $action = trim($action, '/');
133 
134  $route = $this->routes->get("action:$action");
135  if (!$route) {
136  return false;
137  }
138 
139  $this->routes->unregister("action:$action");
140  return true;
141  }
142 
152  public function exists(string $action) {
153  $action = trim($action, '/');
154  $route = $this->routes->get("action:$action");
155  if (!$route) {
156  return false;
157  }
158 
159  $file = $route->getDefault('_file');
160  $controller = $route->getDefault('_controller');
161 
162  if (!$file && !$controller) {
163  return false;
164  }
165 
166  if ($file && !file_exists($file)) {
167  return false;
168  }
169 
170  if ($controller && !$this->handlers->isCallable($controller)) {
171  return false;
172  }
173 
174  return true;
175  }
176 
182  public function getAllActions() {
183  $actions = [];
184  $routes = $this->routes->all();
185  foreach ($routes as $name => $route) {
186  if (strpos($name, 'action:') !== 0) {
187  continue;
188  }
189 
190  $action = substr($name, 7);
191 
192  $access = 'public';
193  $middleware = (array) $route->getDefault('_middleware');
194  if (in_array(MiddlewareGateKeeper::class, $middleware)) {
195  $access = 'logged_in';
196  } elseif (in_array(LoggedOutGatekeeper::class, $middleware)) {
197  $access = 'logged_out';
198  } elseif (in_array(AdminGatekeeper::class, $middleware)) {
199  $access = 'admin';
200  }
201 
202  $actions[$action] = array_filter([
203  'file' => $route->getDefault('_file'),
204  'controller' => $route->getDefault('_controller'),
205  'access' => $access,
206  ]);
207  }
208 
209  return $actions;
210  }
211 }
Helpers for providing callable-based APIs.
if(!$user||!$user->canDelete()) $name
Definition: delete.php:22
__construct(RouteRegistrationService $routes, HandlersService $handlers)
Constructor.
if(elgg_view_exists("widgets/{$widget->handler}/edit")) $access
Definition: save.php:19
exists(string $action)
Check if an action is registered and its script exists.
getAllActions()
Get all actions.
$path
Definition: details.php:68
trait Loggable
Enables adding a logger.
Definition: Loggable.php:14
Protects a route from non-authenticated users.
Definition: Gatekeeper.php:11
if(!$menu instanceof\Elgg\Menu\PreparedMenu) $actions
Definition: user_hover.php:16
unregister(string $action)
Unregisters an action.
$action
Definition: subscribe.php:11
getLogger()
Returns logger.
Definition: Loggable.php:37
if($item instanceof\ElggEntity) elseif($item instanceof\ElggRiverItem) elseif($item instanceof ElggRelationship) elseif(is_callable([$item, 'getType']))
Definition: item.php:48
Actions service.
$handler
Definition: add.php:7
var elgg
Definition: elgglib.js:4