Magento: app/code/core/Mage/Admin/Model/Session.php Source File

00001 <?php
00002 /**
00003  * Magento
00004  *
00005  * NOTICE OF LICENSE
00006  *
00007  * This source file is subject to the Open Software License (OSL 3.0)
00008  * that is bundled with this package in the file LICENSE.txt.
00009  * It is also available through the world-wide-web at this URL:
00010  * http://opensource.org/licenses/osl-3.0.php
00011  * If you did not receive a copy of the license and are unable to
00012  * obtain it through the world-wide-web, please send an email
00013  * to license@magentocommerce.com so we can send you a copy immediately.
00014  *
00015  * DISCLAIMER
00016  *
00017  * Do not edit or add to this file if you wish to upgrade Magento to newer
00018  * versions in the future. If you wish to customize Magento for your
00019  * needs please refer to http://www.magentocommerce.com for more information.
00020  *
00021  * @category    Mage
00022  * @package     Mage_Admin
00023  * @copyright   Copyright (c) 2008 Irubin Consulting Inc. DBA Varien (http://www.varien.com)
00024  * @license     http://opensource.org/licenses/osl-3.0.php  Open Software License (OSL 3.0)
00025  */
00026 
00027 
00028 /**
00029  * Auth session model
00030  *
00031  * @category    Mage
00032  * @package     Mage_Admin
00033  * @author      Magento Core Team <core@magentocommerce.com>
00034  */
00035 class Mage_Admin_Model_Session extends Mage_Core_Model_Session_Abstract
00036 {
00037 
00038     /**
00039      * Whether it is the first page after successfull login
00040      *
00041      * @var boolean
00042      */
00043     protected $_isFirstPageAfterLogin;
00044 
00045     /**
00046      * Class constructor
00047      *
00048      */
00049     public function __construct()
00050     {
00051         $this->init('admin');
00052     }
00053 
00054     /**
00055      * Try to login user in admin
00056      *
00057      * @param  string $username
00058      * @param  string $password
00059      * @param  Mage_Core_Controller_Request_Http $request
00060      * @return Mage_Admin_Model_User|null
00061      */
00062     public function login($username, $password, $request = null)
00063     {
00064         if (empty($username) || empty($password)) {
00065             return;
00066         }
00067 
00068         try {
00069             /* @var $user Mage_Admin_Model_User */
00070             $user = Mage::getModel('admin/user');
00071             $user->login($username, $password);
00072             if ($user->getId()) {
00073 
00074                 if (Mage::getSingleton('adminhtml/url')->useSecretKey()) {
00075                     Mage::getSingleton('adminhtml/url')->renewSecretUrls();
00076                 }
00077                 $session = Mage::getSingleton('admin/session');
00078                 $session->setIsFirstVisit(true);
00079                 $session->setUser($user);
00080                 $session->setAcl(Mage::getResourceModel('admin/acl')->loadAcl());
00081                 if ($requestUri = $this->_getRequestUri($request)) {
00082                     Mage::dispatchEvent('admin_session_user_login_success', array('user'=>$user));
00083                     header('Location: ' . $requestUri);
00084                     exit;
00085                 }
00086             }
00087             else {
00088                 Mage::throwException(Mage::helper('adminhtml')->__('Invalid Username or Password.'));
00089             }
00090         }
00091         catch (Mage_Core_Exception $e) {
00092             Mage::dispatchEvent('admin_session_user_login_failed', array('user_name'=>$username, 'exception' => $e));
00093             if ($request && !$request->getParam('messageSent')) {
00094                 Mage::getSingleton('adminhtml/session')->addError($e->getMessage());
00095                 $request->setParam('messageSent', true);
00096             }
00097         }
00098 
00099         return $user;
00100     }
00101 
00102     /**
00103      * Refresh ACL resources stored in session
00104      *
00105      * @param  Mage_Admin_Model_User $user
00106      * @return Mage_Admin_Model_Session
00107      */
00108     public function refreshAcl($user=null)
00109     {
00110         if (is_null($user)) {
00111             $user = $this->getUser();
00112         }
00113         if (!$user) {
00114             return $this;
00115         }
00116         if (!$this->getAcl() || $user->getReloadAclFlag()) {
00117             $this->setAcl(Mage::getResourceModel('admin/acl')->loadAcl());
00118         }
00119         if ($user->getReloadAclFlag()) {
00120             $user->unsetData('password');
00121             $user->setReloadAclFlag('0')->save();
00122         }
00123         return $this;
00124     }
00125 
00126     /**
00127      * Check current user permission on resource and privilege
00128      *
00129      * Mage::getSingleton('admin/session')->isAllowed('admin/catalog')
00130      * Mage::getSingleton('admin/session')->isAllowed('catalog')
00131      *
00132      * @param   string $resource
00133      * @param   string $privilege
00134      * @return  boolean
00135      */
00136     public function isAllowed($resource, $privilege=null)
00137     {
00138         $user = $this->getUser();
00139         $acl = $this->getAcl();
00140 
00141         if ($user && $acl) {
00142             if (!preg_match('/^admin/', $resource)) {
00143                 $resource = 'admin/'.$resource;
00144             }
00145 
00146             try {
00147                 return $acl->isAllowed($user->getAclRole(), $resource, $privilege);
00148             } catch (Exception $e) {
00149                 try {
00150                     if (!$acl->has($resource)) {
00151                         return $acl->isAllowed($user->getAclRole(), null, $privilege);
00152                     }
00153                 } catch (Exception $e) { }
00154             }
00155         }
00156         return false;
00157     }
00158 
00159     /**
00160      * Check if user is logged in
00161      *
00162      * @return boolean
00163      */
00164     public function isLoggedIn()
00165     {
00166         return $this->getUser() && $this->getUser()->getId();
00167     }
00168 
00169     /**
00170      * Check if it is the first page after successfull login
00171      *
00172      * @return boolean
00173      */
00174     public function isFirstPageAfterLogin()
00175     {
00176         if (is_null($this->_isFirstPageAfterLogin)) {
00177             $this->_isFirstPageAfterLogin = $this->getData('is_first_visit', true);
00178         }
00179         return $this->_isFirstPageAfterLogin;
00180     }
00181 
00182     /**
00183      * Custom REQUEST_URI logic
00184      *
00185      * @param Mage_Core_Controller_Request_Http $request
00186      * @return string|null
00187      */
00188     protected function _getRequestUri($request = null)
00189     {
00190         if (Mage::getSingleton('adminhtml/url')->useSecretKey()) {
00191             return Mage::getSingleton('adminhtml/url')->getUrl('*/*/*', array('_current' => true));
00192         } elseif ($request) {
00193             return $request->getRequestUri();
00194         } else {
00195             return null;
00196         }
00197     }
00198 }