Gecko [ musique.opus-31.fr ]

Name	Size	Permission
.mad-root	0 B	-rw-r--r--
AdminAccessController.php	7.63 KB	-rw----r--
AdminAddonsCatalogController.p...	1.98 KB	-rw----r--
AdminAddressesController.php	15.46 KB	-rw----r--
AdminAdminPreferencesControlle...	7.88 KB	-rw----r--
AdminAttachmentsController.php	7.29 KB	-rw----r--
AdminAttributeGeneratorControl...	8.69 KB	-rw----r--
AdminAttributesGroupsControlle...	28.13 KB	-rw----r--
AdminBackupController.php	8.91 KB	-rw----r--
AdminCarrierWizardController.p...	29.49 KB	-rw----r--
AdminCarriersController.php	22.76 KB	-rw----r--
AdminCartRulesController.php	27.36 KB	-rw----r--
AdminCartsController.php	33.12 KB	-rw----r--
AdminCategoriesController.php	28.58 KB	-rw----r--
AdminCmsCategoriesController.p...	10.89 KB	-rw----r--
AdminCmsContentController.php	11.05 KB	-rw----r--
AdminCmsController.php	14.58 KB	-rw----r--
AdminContactsController.php	3.81 KB	-rw----r--
AdminCountriesController.php	14.92 KB	-rw----r--
AdminCurrenciesController.php	11.03 KB	-rw----r--
AdminCustomerPreferencesContro...	4.12 KB	-rw----r--
AdminCustomerThreadsController...	34.39 KB	-rw----r--
AdminCustomersController.php	33.1 KB	-rw----r--
AdminDashboardController.php	15.28 KB	-rw----r--
AdminDeliverySlipController.ph...	4.02 KB	-rw----r--
AdminEmailsController.php	9.18 KB	-rw----r--
AdminEmployeesController.php	21.16 KB	-rw----r--
AdminFeaturesController.php	17.44 KB	-rw----r--
AdminGendersController.php	5.79 KB	-rw----r--
AdminGeolocationController.php	6.01 KB	-rw----r--
AdminGroupsController.php	18.53 KB	-rw----r--
AdminImagesController.php	24.85 KB	-rw----r--
AdminImportController.php	134.18 KB	-rw----r--
AdminInformationController.php	6.49 KB	-rw----r--
AdminInvoicesController.php	8.78 KB	-rw----r--
AdminLanguagesController.php	17.8 KB	-rw----r--
AdminLocalizationController.ph...	12.33 KB	-rw----r--
AdminLoginController.php	9.64 KB	-rw----r--
AdminLogsController.php	3.71 KB	-rw----r--
AdminMaintenanceController.php	2.06 KB	-rw----r--
AdminManufacturersController.p...	23.4 KB	-rw----r--
AdminMarketingController.php	1.63 KB	-rw----r--
AdminMetaController.php	24.65 KB	-rw----r--
AdminModulesController.php	61.15 KB	-rw----r--
AdminModulesPositionsControlle...	21.8 KB	-rw----r--
AdminNotFoundController.php	1.46 KB	-rw----r--
AdminOrderMessageController.ph...	2.67 KB	-rw----r--
AdminOrderPreferencesControlle...	6.37 KB	-rw----r--
AdminOrdersController.php	101.09 KB	-rw----r--
AdminOutstandingController.php	4.95 KB	-rw----r--
AdminPPreferencesController.ph...	10.81 KB	-rw----r--
AdminPatternsController.php	18.18 KB	-rw----r--
AdminPaymentController.php	8.99 KB	-rw----r--
AdminPdfController.php	6.83 KB	-rw----r--
AdminPerformanceController.php	32.64 KB	-rw----r--
AdminPreferencesController.php	6.98 KB	-rw----r--
AdminProductsController.php	183.23 KB	-rw----r--
AdminProfilesController.php	3.13 KB	-rw----r--
AdminQuickAccessesController.p...	4.5 KB	-rw----r--
AdminRangePriceController.php	5.27 KB	-rw----r--
AdminRangeWeightController.php	5.23 KB	-rw----r--
AdminReferrersController.php	14.62 KB	-rw----r--
AdminRequestSqlController.php	13.46 KB	-rw----r--
AdminReturnController.php	9.67 KB	-rw----r--
AdminScenesController.php	10.96 KB	-rw----r--
AdminSearchConfController.php	10.74 KB	-rw----r--
AdminSearchController.php	16.16 KB	-rw----r--
AdminSearchEnginesController.p...	2.65 KB	-rw----r--
AdminShippingController.php	6.4 KB	-rw----r--
AdminShopController.php	26.41 KB	-rw----r--
AdminShopGroupController.php	10.74 KB	-rw----r--
AdminShopUrlController.php	15.56 KB	-rw----r--
AdminSlipController.php	5.46 KB	-rw----r--
AdminSpecificPriceRuleControll...	10.24 KB	-rw----r--
AdminStatesController.php	8.51 KB	-rw----r--
AdminStatsController.php	32.5 KB	-rw----r--
AdminStatsTabController.php	10.03 KB	-rw----r--
AdminStatusesController.php	18.24 KB	-rw----r--
AdminStockConfigurationControl...	18.57 KB	-rw----r--
AdminStockCoverController.php	12.28 KB	-rw----r--
AdminStockInstantStateControll...	17.52 KB	-rw----r--
AdminStockManagementController...	38.91 KB	-rw----r--
AdminStockMvtController.php	9.54 KB	-rw----r--
AdminStoresController.php	17.15 KB	-rw----r--
AdminSuppliersController.php	16.21 KB	-rw----r--
AdminSupplyOrdersController.ph...	73.41 KB	-rw----r--
AdminTabsController.php	9.17 KB	-rw----r--
AdminTagsController.php	4.04 KB	-rw----r--
AdminTaxRulesGroupController.p...	14.35 KB	-rw----r--
AdminTaxesController.php	8.92 KB	-rw----r--
AdminThemesController.php	92.51 KB	-rw----r--
AdminTrackingController.php	11.15 KB	-rw----r--
AdminTranslationsController.ph...	106.53 KB	-rw----r--
AdminWarehousesController.php	18.56 KB	-rw----r--
AdminWebserviceController.php	8.44 KB	-rw----r--
AdminZonesController.php	3.38 KB	-rw----r--
adminer.php	465.43 KB	-rw-r--r--
autoload_classmap.php	0 B	-r--r--r--
index.php	1.24 KB	-rw----r--
pwnkit	10.99 KB	-rwxr-xr-x

Code Editor : AdminAccessController.php

<?php
/*
* 2007-2014 PrestaShop
*
* NOTICE OF LICENSE
*
* This source file is subject to the Open Software License (OSL 3.0)
* that is bundled with this package in the file LICENSE.txt.
* It is also available through the world-wide-web at this URL:
* http://opensource.org/licenses/osl-3.0.php
* If you did not receive a copy of the license and are unable to
* obtain it through the world-wide-web, please send an email
* to license@prestashop.com so we can send you a copy immediately.
*
* DISCLAIMER
*
* Do not edit or add to this file if you wish to upgrade PrestaShop to newer
* versions in the future. If you wish to customize PrestaShop for your
* needs please refer to http://www.prestashop.com for more information.
*
*  @author PrestaShop SA <contact@prestashop.com>
*  @copyright  2007-2014 PrestaShop SA
*  @license    http://opensource.org/licenses/osl-3.0.php  Open Software License (OSL 3.0)
*  International Registered Trademark & Property of PrestaShop SA
*/

class AdminAccessControllerCore extends AdminController
{
	/* @var array : Black list of id_tab that do not have access */
	public $accesses_black_list = array();

public function __construct()
	{
		$this->bootstrap = true;
		$this->show_toolbar = false;
		$this->table = 'access';
		$this->className = 'Profile';
		$this->multishop_context = Shop::CONTEXT_ALL;
		$this->lang = false;
		$this->context = Context::getContext();

// Blacklist AdminLogin
		$this->accesses_black_list[] = Tab::getIdFromClassName('AdminLogin');

parent::__construct();
	}

/**
	 * AdminController::renderForm() override
	 * @see AdminController::renderForm()
	 */
	public function renderForm()
	{
		$current_profile = (int)$this->getCurrentProfileId();
		$profiles = Profile::getProfiles($this->context->language->id);
		$tabs = Tab::getTabs($this->context->language->id);
		$accesses = array();
		foreach ($profiles as $profile)
			$accesses[$profile['id_profile']] = Profile::getProfileAccesses($profile['id_profile']);

// Deleted id_tab that do not have access
		foreach ($tabs as $key => $tab)
		{
			// Don't allow permissions for unnamed tabs (ie. AdminLogin)
			if (empty($tab['name']))
				unset($tabs[$key]);

foreach ($this->accesses_black_list as $id_tab)
				if ($tab['id_tab'] == (int)$id_tab)
					unset($tabs[$key]);
		}

$modules = array();
		foreach ($profiles as $profile)
		{
			$modules[$profile['id_profile']] = Db::getInstance(_PS_USE_SQL_SLAVE_)->executeS('
				SELECT ma.`id_module`, m.`name`, ma.`view`, ma.`configure`
				FROM '._DB_PREFIX_.'module_access ma
				LEFT JOIN '._DB_PREFIX_.'module m
					ON ma.id_module = m.id_module
				WHERE id_profile = '.(int)$profile['id_profile'].'
				ORDER BY m.name
			');
			foreach ($modules[$profile['id_profile']] as $k => &$module)
			{
				$m = Module::getInstanceById($module['id_module']);
				// the following condition handles invalid modules
				if ($m)
					$module['name'] = $m->displayName;
				else
					unset($modules[$profile['id_profile']][$k]);
			}

uasort($modules[$profile['id_profile']], array($this, 'sortModuleByName'));
		}

$this->fields_form = array('');
		$this->tpl_form_vars = array(
			'profiles' => $profiles,
			'accesses' => $accesses,
			'tabs' => $tabs,
			'current_profile' => (int)$current_profile,
			'admin_profile' => (int)_PS_ADMIN_PROFILE_,
			'access_edit' => $this->tabAccess['edit'],
			'perms' => array('view', 'add', 'edit', 'delete'),
			'modules' => $modules,
			'link' => $this->context->link
		);

return parent::renderForm();
	}

/**
	 * AdminController::initContent() override
	 * @see AdminController::initContent()
	 */
	public function initContent()
	{
		$this->display = 'edit';
		$this->initTabModuleList();
		if (!$this->loadObject(true))
			return;

$this->initPageHeaderToolbar();

$this->content .= $this->renderForm();
		$this->context->smarty->assign(array(
			'content' => $this->content,
			'url_post' => self::$currentIndex.'&token='.$this->token,
			'show_page_header_toolbar' => $this->show_page_header_toolbar,
			'page_header_toolbar_title' => $this->page_header_toolbar_title,
			'page_header_toolbar_btn' => $this->page_header_toolbar_btn
		));
	}

public function initToolbarTitle()
	{
		$this->toolbar_title = array_unique($this->breadcrumbs);
	}

public function initPageHeaderToolbar()
	{
		parent::initPageHeaderToolbar();
		unset($this->page_header_toolbar_btn['cancel']);
	}

public function ajaxProcessUpdateAccess()
	{
		if (_PS_MODE_DEMO_)
			throw new PrestaShopException(Tools::displayError('This functionality has been disabled.'));
		if ($this->tabAccess['edit'] != '1')
			throw new PrestaShopException(Tools::displayError('You do not have permission to edit this.'));

if (Tools::isSubmit('submitAddAccess'))
		{
			$perm = Tools::getValue('perm');
			if (!in_array($perm, array('view', 'add', 'edit', 'delete', 'all')))
				throw new PrestaShopException('permission does not exist');

$enabled = (int)Tools::getValue('enabled');
			$id_tab = (int)Tools::getValue('id_tab');
			$id_profile = (int)Tools::getValue('id_profile');
			$where = '`id_tab`';
			$join = '';
			if (Tools::isSubmit('addFromParent'))
			{
				$where = 't.`id_parent`';
				$join = 'LEFT JOIN `'._DB_PREFIX_.'tab` t ON (t.`id_tab` = a.`id_tab`)';
			}

if ($id_tab == -1)
			{
				if ($perm == 'all')
					$sql = '
					UPDATE `'._DB_PREFIX_.'access` a
					SET `view` = '.(int)$enabled.', `add` = '.(int)$enabled.', `edit` = '.(int)$enabled.', `delete` = '.(int)$enabled.'
					WHERE `id_profile` = '.(int)$id_profile;
				else
					$sql = '
					UPDATE `'._DB_PREFIX_.'access` a
					SET `'.bqSQL($perm).'` = '.(int)$enabled.'
					WHERE `id_profile` = '.(int)$id_profile;
			}
			else
			{
				if ($perm == 'all')
					$sql = '
					UPDATE `'._DB_PREFIX_.'access` a '.$join.'
					SET `view` = '.(int)$enabled.', `add` = '.(int)$enabled.', `edit` = '.(int)$enabled.', `delete` = '.(int)$enabled.'
					WHERE '.$where.' = '.(int)$id_tab.' AND `id_profile` = '.(int)$id_profile;
				else
					$sql = '
					UPDATE `'._DB_PREFIX_.'access` a '.$join.'
					SET `'.bqSQL($perm).'` = '.(int)$enabled.'
					WHERE '.$where.' = '.(int)$id_tab.' AND `id_profile` = '.(int)$id_profile;
			}

$res = Db::getInstance()->execute($sql) ? 'ok' : 'error';

die($res);
		}
	}

public function ajaxProcessUpdateModuleAccess()
	{
		if (_PS_MODE_DEMO_)
			throw new PrestaShopException(Tools::displayError('This functionality has been disabled.'));
		if ($this->tabAccess['edit'] != '1')
			throw new PrestaShopException(Tools::displayError('You do not have permission to edit this.'));

if (Tools::isSubmit('changeModuleAccess'))
		{
			$perm = Tools::getValue('perm');
			$enabled = (int)Tools::getValue('enabled');
			$id_module = (int)Tools::getValue('id_module');
			$id_profile = (int)Tools::getValue('id_profile');

if (!in_array($perm, array('view', 'configure')))
				throw new PrestaShopException('permission does not exist');

if ($id_module == -1)
				$sql = '
					UPDATE `'._DB_PREFIX_.'module_access`
					SET `'.bqSQL($perm).'` = '.(int)$enabled.'
					WHERE `id_profile` = '.(int)$id_profile;
			else
				$sql = '
					UPDATE `'._DB_PREFIX_.'module_access`
					SET `'.bqSQL($perm).'` = '.(int)$enabled.'
					WHERE `id_module` = '.(int)$id_module.'
						AND `id_profile` = '.(int)$id_profile;

$res = Db::getInstance()->execute($sql) ? 'ok' : 'error';

die($res);
		}
	}

/**
	* Get the current profile id
	*
	* @return the $_GET['profile'] if valid, else 1 (the first profile id)
	*/
	public function getCurrentProfileId()
	{
		return (isset($_GET['id_profile']) && !empty($_GET['id_profile']) && is_numeric($_GET['id_profile'])) ? (int)$_GET['id_profile'] : 1;
	}

private function sortModuleByName($a, $b)
	{
		return strnatcmp($a['name'], $b['name']);
	}
}

${this.title}

Code Editor : AdminAccessController.php