*/
class Mage_Adminhtml_Controller_Action extends Mage_Core_Controller_Varien_Action
{
/**
* Name of "is URLs checked" flag
*/
const FLAG_IS_URLS_CHECKED = 'check_url_settings';
/**
* Session namespace to refer in other places
*/
const SESSION_NAMESPACE = 'adminhtml';
/**
* Array of actions which can be processed without secret key validation
*
* @var array
*/
protected $_publicActions = array();
/**
* Used module name in current adminhtml controller
*/
protected $_usedModuleName = 'adminhtml';
/**
* Currently used area
*
* @var string
*/
protected $_currentArea = 'adminhtml';
/**
* Namespace for session.
*
* @var string
*/
protected $_sessionNamespace = self::SESSION_NAMESPACE;
protected function _isAllowed()
{
return Mage::getSingleton('admin/session')->isAllowed('admin');
}
/**
* Retrieve adminhtml session model object
*
* @return Mage_Adminhtml_Model_Session
*/
protected function _getSession()
{
return Mage::getSingleton('adminhtml/session');
}
/**
* Retrieve base admihtml helper
*
* @return Mage_Adminhtml_Helper_Data
*/
protected function _getHelper()
{
return Mage::helper('adminhtml');
}
/**
* Define active menu item in menu block
*
* @return Mage_Adminhtml_Controller_Action
*/
protected function _setActiveMenu($menuPath)
{
$this->getLayout()->getBlock('menu')->setActive($menuPath);
return $this;
}
/**
* @return Mage_Adminhtml_Controller_Action
*/
protected function _addBreadcrumb($label, $title, $link=null)
{
$this->getLayout()->getBlock('breadcrumbs')->addLink($label, $title, $link);
return $this;
}
/**
* @return Mage_Adminhtml_Controller_Action
*/
protected function _addContent(Mage_Core_Block_Abstract $block)
{
$this->getLayout()->getBlock('content')->append($block);
return $this;
}
protected function _addLeft(Mage_Core_Block_Abstract $block)
{
$this->getLayout()->getBlock('left')->append($block);
return $this;
}
protected function _addJs(Mage_Core_Block_Abstract $block)
{
$this->getLayout()->getBlock('js')->append($block);
return $this;
}
/**
* Controller predispatch method
*
* @return Mage_Adminhtml_Controller_Action
*/
public function preDispatch()
{
// override admin store design settings via stores section
Mage::getDesign()
->setArea($this->_currentArea)
->setPackageName((string)Mage::getConfig()->getNode('stores/admin/design/package/name'))
->setTheme((string)Mage::getConfig()->getNode('stores/admin/design/theme/default'))
;
foreach (array('layout', 'template', 'skin', 'locale') as $type) {
if ($value = (string)Mage::getConfig()->getNode("stores/admin/design/theme/{$type}")) {
Mage::getDesign()->setTheme($type, $value);
}
}
$this->getLayout()->setArea($this->_currentArea);
Mage::dispatchEvent('adminhtml_controller_action_predispatch_start', array());
parent::preDispatch();
$_isValidFormKey = true;
$_isValidSecretKey = true;
$_keyErrorMsg = '';
if (Mage::getSingleton('admin/session')->isLoggedIn()) {
if ($this->getRequest()->isPost()) {
$_isValidFormKey = $this->_validateFormKey();
$_keyErrorMsg = Mage::helper('adminhtml')->__('Invalid Form Key. Please refresh the page.');
} elseif (Mage::getSingleton('adminhtml/url')->useSecretKey()) {
$_isValidSecretKey = $this->_validateSecretKey();
$_keyErrorMsg = Mage::helper('adminhtml')->__('Invalid Secret Key. Please refresh the page.');
}
}
if (!$_isValidFormKey || !$_isValidSecretKey) {
$this->setFlag('', self::FLAG_NO_DISPATCH, true);
$this->setFlag('', self::FLAG_NO_POST_DISPATCH, true);
if ($this->getRequest()->getQuery('isAjax', false) || $this->getRequest()->getQuery('ajax', false)) {
$this->getResponse()->setBody(Mage::helper('core')->jsonEncode(array(
'error' => true,
'message' => $_keyErrorMsg
)));
} else {
$this->_redirect( Mage::getSingleton('admin/session')->getUser()->getStartupPageUrl() );
}
return $this;
}
if ($this->getRequest()->isDispatched()
&& $this->getRequest()->getActionName() !== 'denied'
&& !$this->_isAllowed()) {
$this->_forward('denied');
$this->setFlag('', self::FLAG_NO_DISPATCH, true);
return $this;
}
if (!$this->getFlag('', self::FLAG_IS_URLS_CHECKED)
&& !$this->getRequest()->getParam('forwarded')
&& !$this->_getSession()->getIsUrlNotice(true)
&& !Mage::getConfig()->getNode('global/can_use_base_url')) {
//$this->_checkUrlSettings();
$this->setFlag('', self::FLAG_IS_URLS_CHECKED, true);
}
if (is_null(Mage::getSingleton('adminhtml/session')->getLocale())) {
Mage::getSingleton('adminhtml/session')->setLocale(Mage::app()->getLocale()->getLocaleCode());
}
return $this;
}
/**
* @deprecated after 1.4.0.0 alpha, logic moved to Mage_Adminhtml_Block_Notification_Baseurl
* @return Mage_Adminhtml_Controller_Action
*/
protected function _checkUrlSettings()
{
/**
* Don't check for data saving actions
*/
if ($this->getRequest()->getPost() || $this->getRequest()->getQuery('isAjax')) {
return $this;
}
$configData = Mage::getModel('core/config_data');
$defaultUnsecure = (string)Mage::getConfig()->getNode(
'default/' . Mage_Core_Model_Store::XML_PATH_UNSECURE_BASE_URL
);
$defaultSecure = (string)Mage::getConfig()->getNode(
'default/' . Mage_Core_Model_Store::XML_PATH_SECURE_BASE_URL
);
if ($defaultSecure == '{{base_url}}' || $defaultUnsecure == '{{base_url}}') {
$this->_getSession()->addNotice(
$this->__('{{base_url}} is not recommended to use in a production environment to declare the Base Unsecure URL / Base Secure URL. It is highly recommended to change this value in your Magento configuration.', $this->getUrl('adminhtml/system_config/edit', array('section'=>'web')))
);
return $this;
}
$dataCollection = $configData->getCollection()
->addValueFilter('{{base_url}}');
$url = false;
foreach ($dataCollection as $data) {
if ($data->getScope() == 'stores') {
$code = Mage::app()->getStore($data->getScopeId())->getCode();
$url = $this->getUrl('adminhtml/system_config/edit', array('section'=>'web', 'store'=>$code));
}
if ($data->getScope() == 'websites') {
$code = Mage::app()->getWebsite($data->getScopeId())->getCode();
$url = $this->getUrl('adminhtml/system_config/edit', array('section'=>'web', 'website'=>$code));
}
if ($url) {
$this->_getSession()->addNotice(
$this->__('{{base_url}} is not recommended to use in a production environment to declare the Base Unsecure URL / Base Secure URL. It is highly recommended to change this value in your Magento configuration.', $url)
);
return $this;
}
}
return $this;
}
public function deniedAction()
{
$this->getResponse()->setHeader('HTTP/1.1','403 Forbidden');
if (!Mage::getSingleton('admin/session')->isLoggedIn()) {
$this->_redirect('*/index/login');
return;
}
$this->loadLayout(array('default', 'adminhtml_denied'));
$this->renderLayout();
}
public function loadLayout($ids=null, $generateBlocks=true, $generateXml=true)
{
parent::loadLayout($ids, $generateBlocks, $generateXml);
$this->_initLayoutMessages('adminhtml/session');
return $this;
}
public function norouteAction($coreRoute = null)
{
$this->getResponse()->setHeader('HTTP/1.1','404 Not Found');
$this->getResponse()->setHeader('Status','404 File not found');
$this->loadLayout(array('default', 'adminhtml_noroute'));
$this->renderLayout();
}
/**
* Retrieve currently used module name
*
* @return string
*/
public function getUsedModuleName()
{
return $this->_usedModuleName;
}
/**
* Set currently used module name
*
* @param string $moduleName
* @return Mage_Adminhtml_Controller_Action
*/
public function setUsedModuleName($moduleName)
{
$this->_usedModuleName = $moduleName;
return $this;
}
/**
* Translate a phrase
*
* @return string
*/
public function __()
{
$args = func_get_args();
$expr = new Mage_Core_Model_Translate_Expr(array_shift($args), $this->getUsedModuleName());
array_unshift($args, $expr);
return Mage::app()->getTranslator()->translate($args);
}
/**
* Set referer url for redirect in responce
*
* Is overriden here to set defaultUrl to admin url
*
* @param string $defaultUrl
* @return Mage_Adminhtml_Controller_Action
*/
protected function _redirectReferer($defaultUrl=null)
{
$defaultUrl = empty($defaultUrl) ? $this->getUrl('*') : $defaultUrl;
parent::_redirectReferer($defaultUrl);
return $this;
}
/**
* Set redirect into responce
*
* @param string $path
* @param array $arguments
*/
protected function _redirect($path, $arguments=array())
{
$this->_getSession()->setIsUrlNotice($this->getFlag('', self::FLAG_IS_URLS_CHECKED));
$this->getResponse()->setRedirect($this->getUrl($path, $arguments));
return $this;
}
protected function _forward($action, $controller = null, $module = null, array $params = null)
{
$this->_getSession()->setIsUrlNotice($this->getFlag('', self::FLAG_IS_URLS_CHECKED));
return parent::_forward($action, $controller, $module, $params);
}
/**
* Generate url by route and parameters
*
* @param string $route
* @param array $params
* @return string
*/
public function getUrl($route='', $params=array())
{
return Mage::helper('adminhtml')->getUrl($route, $params);
}
/**
* Validate Secret Key
*
* @return bool
*/
protected function _validateSecretKey()
{
if (is_array($this->_publicActions) && in_array($this->getRequest()->getActionName(), $this->_publicActions)) {
return true;
}
if (!($secretKey = $this->getRequest()->getParam(Mage_Adminhtml_Model_Url::SECRET_KEY_PARAM_NAME, null))
|| $secretKey != Mage::getSingleton('adminhtml/url')->getSecretKey()) {
return false;
}
return true;
}
/**
* Validate password for current admin user
*
* @param string $password - current password
*
* @return mixed - returns true or array of errors
*/
protected function _validateCurrentPassword($password)
{
$user = Mage::getSingleton('admin/session')->getUser();
return $user->validateCurrentPassword($password);
}
}