403Webshell
Server IP : 80.87.202.40  /  Your IP : 216.73.216.169
Web Server : Apache
System : Linux rospirotorg.ru 5.14.0-539.el9.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Dec 5 22:26:13 UTC 2024 x86_64
User : bitrix ( 600)
PHP Version : 8.2.27
Disable Function : NONE
MySQL : OFF |  cURL : ON |  WGET : ON |  Perl : ON |  Python : OFF |  Sudo : ON |  Pkexec : ON
Directory :  /home/bitrix/ext_www/cvetdv.ru/bitrix/modules/catalog/lib/controller/

Upload File :
current_dir [ Writeable] document_root [ Writeable]

 

Command :

[ Back ]     

Current File : /home/bitrix/ext_www/cvetdv.ru/bitrix/modules/catalog/lib/controller/store.php
<?php

namespace Bitrix\Catalog\Controller;

use Bitrix\Catalog\Access\ActionDictionary;
use Bitrix\Catalog\StoreTable;
use Bitrix\Main\Error;
use Bitrix\Main\Result;
use CCatalogStore;

final class Store extends Controller
{
	use ListAction; // default listAction realization
	use CheckExists; // default implementation of existence check

	//region Actions
	public function getFieldsAction(): array
	{
		return [$this->getServiceItemName() => $this->getViewFields()];
	}

	/**
	 * public function listAction
	 * @see ListAction::listAction
	 */

	public function getAction($id): ?array
	{
		$id = (int)$id;

		if (!$this->exists($id)->isSuccess())
		{
			$this->addErrorEntityNotExists();

			return null;
		}

		$storeInfo = $this->get($id);

		if (!$this->checkSpecificStoreReadRight($id))
		{
			$this->addError($this->getErrorReadAccessDenied());

			return null;
		}

		return [
			$this->getServiceItemName() => $storeInfo,
		];
	}

	public function addAction(array $fields)
	{
		$result = CCatalogStore::Add($fields);
		if (!$result)
		{
			global $APPLICATION;
			$exception = $APPLICATION->GetException();
			$error = $exception instanceof \CApplicationException ? $exception->GetString() : 'Unknown error';
			$this->addError(new Error($error));
			$APPLICATION->ResetException();

			return null;
		}

		return [
			$this->getServiceItemName() => $this->get($result),
		];
	}

	public function updateAction(int $id, array $fields)
	{
		$existsResult = $this->exists($id);
		if (!$existsResult->isSuccess())
		{
			$this->addErrors($existsResult->getErrors());

			return null;
		}

		if (!$this->checkSpecificStoreModifyRights($id)
		)
		{
			$this->addError($this->getErrorModifyAccessDenied());

			return null;
		}

		$result = CCatalogStore::Update($id, $fields);
		if (!$result)
		{
			global $APPLICATION;
			$exception = $APPLICATION->GetException();
			$error = $exception instanceof \CApplicationException ? $exception->GetString() : 'Unknown error';
			$this->addError(new Error($error));
			$APPLICATION->ResetException();

			return null;
		}

		return [
			$this->getServiceItemName() => $this->get($result),
		];
	}

	public function deleteAction(int $id)
	{
		$existsResult = $this->exists($id);
		if (!$existsResult->isSuccess())
		{
			$this->addErrors($existsResult->getErrors());

			return null;
		}

		if (!$this->checkSpecificStoreModifyRights($id))
		{
			$this->addError($this->getErrorModifyAccessDenied());

			return null;
		}

		$result = CCatalogStore::Delete($id);
		if (!$result)
		{
			global $APPLICATION;
			$exception = $APPLICATION->GetException();
			$error = $exception instanceof \CApplicationException ? $exception->GetString() : 'Unknown error';
			$this->addError(new Error($error));
			$APPLICATION->ResetException();

			return null;
		}

		return true;
	}

	protected function getEntityTable()
	{
		return new StoreTable();
	}

	protected function checkModifyPermissionEntity()
	{
		$r = new Result();

		if (!$this->accessController->check(ActionDictionary::ACTION_STORE_MODIFY))
		{
			$r->addError($this->getErrorModifyAccessDenied());
		}

		return $r;
	}

	protected function checkReadPermissionEntity()
	{
		$r = new Result();

		if (
			!(
				$this->accessController->check(ActionDictionary::ACTION_CATALOG_READ)
				|| $this->accessController->check(ActionDictionary::ACTION_STORE_VIEW)
			)
		)
		{
			$r->addError($this->getErrorReadAccessDenied());
		}
		return $r;
	}

	/**
	 * @inheritDoc
	 * @param array $params
	 * @return array
	 */
	protected function modifyListActionParameters(array $params): array
	{
		$accessFilter = $this->accessController->getEntityFilter(
			ActionDictionary::ACTION_STORE_VIEW,
			get_class($this->getEntityTable())
		);

		$innerFilter = [
			'LOGIC' => 'OR',
		];

		if ($accessFilter)
		{
			$innerFilter[] = $accessFilter;

			if ($this->checkModifyPermissionEntity()->isSuccess())
			{
				$innerFilter[] = ['=USER_ID' => $this->accessController->getUser()->getUserId()];
			}
		}

		$params['filter'] = [
			$innerFilter,
			$params['filter'],
		];

		return $params;
	}

	protected function getErrorCodeEntityNotExists(): string
	{
		return ErrorCode::STORE_ENTITY_NOT_EXISTS;
	}

	protected function checkSpecificStoreReadRight(int $storeId): bool
	{
		$creatorId = StoreTable::getStoreCreatorId($storeId);

		return
			$this->accessController->checkByValue(ActionDictionary::ACTION_STORE_VIEW, (string)$storeId)
			|| (
				$this->accessController->check(ActionDictionary::ACTION_STORE_MODIFY)
				&& $creatorId === $this->accessController->getUser()->getUserId()
			)
		;
	}

	protected function checkSpecificStoreModifyRights(int $storeId): bool
	{
		return
			$this->accessController->check(ActionDictionary::ACTION_STORE_MODIFY)
			&& $this->checkSpecificStoreReadRight($storeId)
		;
	}
}

Youez - 2016 - github.com/yon3zu
LinuXploit