Orion PHP  0.11.12
The PHP5.3 framework
controller.php
Go to the documentation of this file.
00001 <?php
00002 
00003 namespace Orion\Core;
00004 
00005 
00006 /**
00007  * \Orion\Core\Controller
00008  * 
00009  * Orion controller base class.
00010  * 
00011  * Extend this class to create a new controller.
00012  *
00013  * @author Thibaut Despoulain
00014  * @license BSD 4-clauses
00015  * @version 0.11.12
00016  */
00017 abstract class Controller
00018 {
00019     /**
00020      * Security prefix for controller methods.
00021      * Each module function name must start with this prefix.
00022      */
00023     const FUNCTION_PREFIX = '_';
00024     
00025     /**
00026      * Module name placeholder, used for base routing.
00027      * Module name must be lowercase.
00028      * If module name is "module" then you can access it via BASEURL/module(.html|/uri.html).
00029      * @var string
00030      */
00031     protected $name = null;
00032 
00033     /**
00034      * Module route object placeholder.
00035      * Must be created in child module consturctor.
00036      *
00037      * @var OrionRoute
00038      */
00039     protected $route = null;
00040 
00041     /**
00042      * Resticted functions names
00043      */
00044     private $RESTRICTED_FUNCTIONS = array('__construct'
00045                                       ,'__destruct'
00046                                       ,'toString'
00047                                       ,'load'
00048                                       ,'isRestrictedFunction'
00049                                       ,'respond');
00050     
00051     private $FUNCTION_NAME_MATCH = '[a-zA-Z_]+';
00052 
00053     /**
00054      * Main module function, executed right after module loading by Orion.
00055      * Handles route parsing and function callbacks.
00056      */
00057     public function load()
00058     {
00059         if ( $this->route == null )
00060         {
00061             if ( !\Orion::config()->defined( 'ROUTING_AUTO' ) || \Orion::config()->get( 'ROUTING_AUTO' ) == false )
00062                 throw new Exception( 'No route object found in module and automatic routing is disabled.', E_USER_ERROR, get_class( $this ) );
00063 
00064             $this->route = new Route();
00065             $function = $this->route->decodeAuto();
00066         }
00067         else
00068         {
00069             $function = $this->route->decode();
00070         }
00071 
00072         if ( Tools::startWith( $function->getName(), '__' ) )
00073             throw new Exception( 'Trying to access a resticted function, you are not allowed to use methods starting with "__".', E_USER_ERROR, get_class( $this ) );
00074 
00075         if ( Tools::startWith( $function->getName(), self::FUNCTION_PREFIX ) )
00076             throw new Exception( 'Function name in rule must be declared without function prefix ' . self::FUNCTION_PREFIX . '.', E_USER_ERROR, get_class( $this ) );
00077 
00078         if ( !is_callable( array( $this, self::FUNCTION_PREFIX . $function->getName() ) ) )
00079             Context::redirect( 404 );
00080 
00081         Tools::callClassMethod( $this, self::FUNCTION_PREFIX . $function->getName(), $function->getArgs() );
00082     }
00083 
00084     /**
00085      * Allows access only to logged users that have a level equal to or less than provided role. If permission is not granted, it will automatically redirect the user to the login module.
00086      * <p><b>Note that while it's doing all login/auth/redirection work automatically, you still have to create the corresponding user table in your database in addition to provide the login module into orion's module directory.</b></p>
00087      * @see Auth
00088      *      MainConfig
00089      *      LoginModule
00090      * @param string $slug the role identifier (ie: 'administrator', 'member', etc.). See your configuration file for a liste of roles and their permission level.
00091      */
00092     public function allow( $slug )
00093     {
00094         Auth::login();
00095         if ( !Auth::allow( $slug ) )
00096         {// this exception prevents any redirection defect or hack
00097             throw new Exception( 'Access denied', E_USER_ERROR, $this->name );
00098         }
00099     }
00100 
00101     /**
00102      * Write response to output
00103      * @param mixed $output
00104      * @param boolean $exit 
00105      * @param int $code the status code to use
00106      */
00107     public function respond( $output, $exit=true, $code=null )
00108     {
00109         if ( $code != null )
00110             Context::setHeaderCode( $code );
00111         echo $output;
00112         if ( $exit )
00113             exit();
00114     }
00115 
00116     /**
00117      * Security function name testing. (Not used as of now)
00118      *
00119      * @param string Function name to test
00120      * @deprecated
00121      * @see OrionSecurity
00122      */
00123     private function isRestrictedFunction( $name )
00124     {
00125         return (!Tools::startWith( $function, '_' )
00126                 && Tools::match( $function, $this->FUNCTION_NAME_MATCH )
00127                 && in_array( $function, $this->RESTRICTED_FUNCTIONS ));
00128     }
00129 
00130     /**
00131      * Returns module name identifier
00132      * @return string
00133      */
00134     public function getName()
00135     {
00136         return $this->name;
00137     }
00138 
00139 }
00140 
00141 ?>