Elgg  Version master
ActionsService.php
Go to the documentation of this file.
1 <?php
2 
3 namespace Elgg;
4 
10 use Elgg\Router\Middleware\Gatekeeper as MiddlewareGateKeeper;
14 
22 
23  use Loggable;
24 
28  private static $access_levels = ['public', 'logged_in', 'logged_out', 'admin'];
29 
34  private static $bypass_csrf = [
35  'logout',
36  ];
37 
41  protected $routes;
42 
46  protected $handlers;
47 
54  public function __construct(RouteRegistrationService $routes, HandlersService $handlers) {
55  $this->routes = $routes;
56  $this->handlers = $handlers;
57  }
58 
71  public function register(string $action, string $handler = '', string $access = 'logged_in'): void {
72  if (!in_array($access, self::$access_levels)) {
73  throw new DomainException("Unrecognized value '{$access}' for \$access in " . __METHOD__);
74  }
75 
76  // plugins are encouraged to call actions with a trailing / to prevent 301
77  // redirects but we store the actions without it
78  $action = trim($action, '/');
79 
80  if (empty($handler)) {
81  $path = Paths::elgg() . 'actions';
82  $handler = Paths::sanitize("{$path}/{$action}.php", false);
83  }
84 
85  $file = null;
86  $controller = null;
87 
88  if (str_ends_with($handler, '.php')) {
89  $file = $handler;
90  } else {
91  $controller = $handler;
92  }
93 
94  $middleware = [];
95 
96  if (!in_array($action, self::$bypass_csrf)) {
97  $middleware[] = CsrfFirewall::class;
98  }
99 
100  if ($access == 'admin') {
101  $middleware[] = AdminGatekeeper::class;
102  } elseif ($access == 'logged_in') {
103  $middleware[] = MiddlewareGateKeeper::class;
104  } elseif ($access == 'logged_out') {
105  $middleware[] = LoggedOutGatekeeper::class;
106  }
107 
108  $middleware[] = ActionMiddleware::class;
109 
110  $this->routes->register("action:{$action}", [
111  'path' => "/action/{$action}",
112  'file' => $file,
113  'controller' => $controller,
114  'middleware' => $middleware,
115  'walled' => false,
116  ]);
117  }
118 
128  public function unregister(string $action): void {
129  $action = trim($action, '/');
130 
131  $route = $this->routes->get("action:{$action}");
132  if (!$route) {
133  return;
134  }
135 
136  $this->routes->unregister("action:{$action}");
137  }
138 
148  public function exists(string $action): bool {
149  $action = trim($action, '/');
150  $route = $this->routes->get("action:$action");
151  if (!$route) {
152  return false;
153  }
154 
155  $file = $route->getDefault('_file');
156  $controller = $route->getDefault('_controller');
157 
158  if (!$file && !$controller) {
159  return false;
160  }
161 
162  if ($file && !file_exists($file)) {
163  return false;
164  }
165 
166  if ($controller && !$this->handlers->isCallable($controller)) {
167  return false;
168  }
169 
170  return true;
171  }
172 
178  public function getAllActions(): array {
179  $actions = [];
180  $routes = $this->routes->all();
181  foreach ($routes as $name => $route) {
182  if (!str_starts_with($name, 'action:')) {
183  continue;
184  }
185 
186  $action = substr($name, 7);
187 
188  $access = 'public';
189  $middleware = (array) $route->getDefault('_middleware');
190  if (in_array(MiddlewareGateKeeper::class, $middleware)) {
191  $access = 'logged_in';
192  } elseif (in_array(LoggedOutGatekeeper::class, $middleware)) {
193  $access = 'logged_out';
194  } elseif (in_array(AdminGatekeeper::class, $middleware)) {
195  $access = 'admin';
196  }
197 
198  $actions[$action] = array_filter([
199  'file' => $route->getDefault('_file'),
200  'controller' => $route->getDefault('_controller'),
201  'access' => $access,
202  ]);
203  }
204 
205  return $actions;
206  }
207 }
Helpers for providing callable-based APIs.
if(!$user||!$user->canDelete()) $name
Definition: delete.php:22
__construct(RouteRegistrationService $routes, HandlersService $handlers)
Constructor.
if(elgg_view_exists("widgets/{$widget->handler}/edit")) $access
Definition: save.php:19
c Accompany it with the information you received as to the offer to distribute corresponding source complete source code means all the source code for all modules it plus any associated interface definition plus the scripts used to control compilation and installation of the executable as a special the source code distributed need not include anything that is normally and so on of the operating system on which the executable unless that component itself accompanies the executable If distribution of executable or object code is made by offering access to copy from a designated then offering equivalent access to copy the source code from the same place counts as distribution of the source even though third parties are not compelled to copy the source along with the object code You may not or distribute the Program except as expressly provided under this License Any attempt otherwise to sublicense or distribute the Program is void
Definition: LICENSE.txt:215
Exception thrown if a value does not adhere to a defined valid data domain.
exists(string $action)
Check if an action is registered and its script exists.
if($item instanceof\ElggEntity) elseif($item instanceof\ElggRiverItem) elseif($item instanceof\ElggRelationship) elseif(is_callable([$item, 'getType']))
Definition: item.php:48
getAllActions()
Get all actions.
$path
Definition: details.php:70
trait Loggable
Enables adding a logger.
Definition: Loggable.php:14
Protects a route from non-authenticated users.
Definition: Gatekeeper.php:11
if(!$menu instanceof\Elgg\Menu\PreparedMenu) $actions
Definition: user_hover.php:16
unregister(string $action)
Unregisters an action.
$action
Definition: subscribe.php:11
Actions service.
$handler
Definition: add.php:7
var elgg
Definition: elgglib.js:4