Magento: app/code/core/Mage/Api/Model/Session.php Source File

00001 <?php
00002 /**
00003  * Magento
00004  *
00005  * NOTICE OF LICENSE
00006  *
00007  * This source file is subject to the Open Software License (OSL 3.0)
00008  * that is bundled with this package in the file LICENSE.txt.
00009  * It is also available through the world-wide-web at this URL:
00010  * http://opensource.org/licenses/osl-3.0.php
00011  * If you did not receive a copy of the license and are unable to
00012  * obtain it through the world-wide-web, please send an email
00013  * to license@magentocommerce.com so we can send you a copy immediately.
00014  *
00015  * DISCLAIMER
00016  *
00017  * Do not edit or add to this file if you wish to upgrade Magento to newer
00018  * versions in the future. If you wish to customize Magento for your
00019  * needs please refer to http://www.magentocommerce.com for more information.
00020  *
00021  * @category   Mage
00022  * @package    Mage_Api
00023  * @copyright  Copyright (c) 2008 Irubin Consulting Inc. DBA Varien (http://www.varien.com)
00024  * @license    http://opensource.org/licenses/osl-3.0.php  Open Software License (OSL 3.0)
00025  */
00026 
00027 /**
00028  * Webservice api session
00029  *
00030  * @category   Mage
00031  * @package    Mage_Api
00032  * @author     Magento Core Team <core@magentocommerce.com>
00033  */
00034 class Mage_Api_Model_Session extends Mage_Core_Model_Session_Abstract
00035 {
00036     public $sessionIds = array();
00037     protected $_currentSessId = null;
00038 
00039     public function start($sessionName=null)
00040     {
00041 //        parent::start($sessionName=null);
00042         $this->_currentSessId = md5(time() . $sessionName);
00043         $this->sessionIds[] = $this->getSessionId();
00044         return $this;
00045     }
00046 
00047     public function init($namespace, $sessionName=null)
00048     {
00049         if (is_null($this->_currentSessId)) {
00050             $this->start();
00051         }
00052         return $this;
00053     }
00054 
00055     public function getSessionId()
00056     {
00057         return $this->_currentSessId;
00058     }
00059 
00060     public function setSessionId($sessId = null)
00061     {
00062         if (!is_null($sessId)) {
00063             $this->_currentSessId = $sessId;
00064         }
00065         return $this;
00066     }
00067 
00068     public function revalidateCookie()
00069     {
00070         // In api we don't use cookies
00071     }
00072 
00073     public function clear() {
00074         if ($sessId = $this->getSessionId()) {
00075             try {
00076                 Mage::getModel('api/user')->logoutBySessId($sessId);
00077             } catch (Exception $e) {
00078                 return false;
00079             }
00080         }
00081         return true;
00082     }
00083 
00084     public function login($username, $apiKey)
00085     {
00086         if (empty($username) || empty($apiKey)) {
00087             return;
00088         }
00089 
00090         $user = Mage::getModel('api/user')
00091             ->setSessid($this->getSessionId())
00092             ->login($username, $apiKey);
00093 
00094         if ( $user->getId() && $user->getIsActive() != '1' ) {
00095             Mage::throwException(Mage::helper('api')->__('Your Account has been deactivated.'));
00096         } elseif (!Mage::getModel('api/user')->hasAssigned2Role($user->getId())) {
00097             Mage::throwException(Mage::helper('api')->__('Access Denied.'));
00098         } else {
00099             if ($user->getId()) {
00100                 $this->setUser($user);
00101                 $this->setAcl(Mage::getResourceModel('api/acl')->loadAcl());
00102             } else {
00103                 Mage::throwException(Mage::helper('api')->__('Unable to login.'));
00104             }
00105         }
00106 
00107         return $user;
00108     }
00109 
00110     public function refreshAcl($user=null)
00111     {
00112         if (is_null($user)) {
00113             $user = $this->getUser();
00114         }
00115         if (!$user) {
00116             return $this;
00117         }
00118         if (!$this->getAcl() || $user->getReloadAclFlag()) {
00119             $this->setAcl(Mage::getResourceModel('api/acl')->loadAcl());
00120         }
00121         if ($user->getReloadAclFlag()) {
00122             $user->unsetData('api_key');
00123             $user->setReloadAclFlag('0')->save();
00124         }
00125         return $this;
00126     }
00127 
00128     /**
00129      * Check current user permission on resource and privilege
00130      *
00131      *
00132      * @param   string $resource
00133      * @param   string $privilege
00134      * @return  bool
00135      */
00136     public function isAllowed($resource, $privilege=null)
00137     {
00138         $user = $this->getUser();
00139         $acl = $this->getAcl();
00140 
00141         if ($user && $acl) {
00142             try {
00143                 if ($acl->isAllowed($user->getAclRole(), 'all', null)){
00144                     return true;
00145                 }
00146             } catch (Exception $e) {}
00147 
00148             try {
00149                 return $acl->isAllowed($user->getAclRole(), $resource, $privilege);
00150             } catch (Exception $e) {
00151                 return false;
00152             }
00153         }
00154         return false;
00155     }
00156 
00157     /**
00158      *  Check session expiration
00159      *
00160      *  @return   boolean
00161      */
00162     public function isSessionExpired ($user)
00163     {
00164         if (!$user->getId()) {
00165             return true;
00166         }
00167         $timeout = strtotime( now() ) - strtotime( $user->getLogdate() );
00168         return $timeout > Mage::getStoreConfig('api/config/session_timeout');
00169     }
00170 
00171 
00172     public function isLoggedIn($sessId = false)
00173     {
00174         $userExists = $this->getUser() && $this->getUser()->getId();
00175 
00176         if (!$userExists && $sessId !== false) {
00177             return $this->_renewBySessId($sessId);
00178         }
00179 
00180         if ($userExists) {
00181             Mage::register('isSecureArea', true, true);
00182         }
00183         return $userExists;
00184     }
00185 
00186     /**
00187      *  Renew user by session ID if session not expired
00188      *
00189      *  @param    string $sessId
00190      *  @return   boolean
00191      */
00192     protected function _renewBySessId ($sessId)
00193     {
00194         $user = Mage::getModel('api/user')->loadBySessId($sessId);
00195         if (!$user->getId() || !$user->getSessid()) {
00196             return false;
00197         }
00198 
00199         if ($user->getSessid() == $sessId && !$this->isSessionExpired($user)) {
00200             $this->setUser($user);
00201             $this->setAcl(Mage::getResourceModel('api/acl')->loadAcl());
00202 
00203             $user->getResource()->recordLogin($user)
00204                 ->recordSession($user);
00205 
00206             return true;
00207         }
00208         return false;
00209     }
00210 
00211 } // Class Mage_Api_Model_Session End