vendor/pimcore/pimcore/bundles/AdminBundle/Controller/Admin/IndexController.php line 139

Open in your IDE?
  1. <?php
  3. /**
  4.  * Pimcore
  5.  *
  6.  * This source file is available under two different licenses:
  7.  * - GNU General Public License version 3 (GPLv3)
  8.  * - Pimcore Commercial License (PCL)
  9.  * Full copyright and license information is available in
  10.  * LICENSE.md which is distributed with this source code.
  11.  *
  12.  *  @copyright  Copyright (c) Pimcore GmbH (http://www.pimcore.org)
  13.  *  @license    http://www.pimcore.org/license     GPLv3 and PCL
  14.  */
  16. namespace Pimcore\Bundle\AdminBundle\Controller\Admin;
  18. use Doctrine\DBAL\Connection;
  19. use Exception;
  20. use Pimcore\Analytics\Google\Config\SiteConfigProvider;
  21. use Pimcore\Bundle\AdminBundle\Controller\AdminAbstractController;
  22. use Pimcore\Bundle\AdminBundle\Security\CsrfProtectionHandler;
  23. use Pimcore\Config;
  24. use Pimcore\Controller\KernelResponseEventInterface;
  25. use Pimcore\Event\Admin\IndexActionSettingsEvent;
  26. use Pimcore\Event\AdminEvents;
  27. use Pimcore\Extension\Bundle\PimcoreBundleManager;
  28. use Pimcore\Maintenance\Executor;
  29. use Pimcore\Maintenance\ExecutorInterface;
  30. use Pimcore\Model\Document\DocType;
  31. use Pimcore\Model\Element\Service;
  32. use Pimcore\Model\Staticroute;
  33. use Pimcore\Model\User;
  34. use Pimcore\Tool;
  35. use Pimcore\Tool\Admin;
  36. use Pimcore\Tool\Session;
  37. use Pimcore\Version;
  38. use Symfony\Component\HttpFoundation\JsonResponse;
  39. use Symfony\Component\HttpFoundation\Request;
  40. use Symfony\Component\HttpFoundation\Response;
  41. use Symfony\Component\HttpFoundation\Session\Attribute\AttributeBagInterface;
  42. use Symfony\Component\HttpKernel\Event\ResponseEvent;
  43. use Symfony\Component\HttpKernel\KernelInterface;
  44. use Symfony\Component\Routing\Annotation\Route;
  45. use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
  46. use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
  48. /**
  49.  * @internal
  50.  */
  51. class IndexController extends AdminAbstractController implements KernelResponseEventInterface
  52. {
  53.     /**
  54.      * @var EventDispatcherInterface
  55.      */
  56.     private $eventDispatcher;
  58.     /**
  59.      * @var PimcoreBundleManager
  60.      */
  61.     private $bundleManager;
  63.     /**
  64.      * @param EventDispatcherInterface $eventDispatcher
  65.      */
  66.     public function __construct(EventDispatcherInterface $eventDispatcherPimcoreBundleManager $bundleManager)
  67.     {
  68.         $this->eventDispatcher $eventDispatcher;
  69.         $this->bundleManager $bundleManager;
  70.     }
  72.     /**
  73.      * @Route("/", name="pimcore_admin_index", methods={"GET"})
  74.      *
  75.      * @param Request $request
  76.      * @param SiteConfigProvider $siteConfigProvider
  77.      * @param KernelInterface $kernel
  78.      * @param Executor $maintenanceExecutor
  79.      * @param CsrfProtectionHandler $csrfProtection
  80.      * @param Config $config
  81.      *
  82.      * @return Response
  83.      *
  84.      * @throws \Exception
  85.      */
  86.     public function indexAction(
  87.         Request $request,
  88.         SiteConfigProvider $siteConfigProvider,
  89.         KernelInterface $kernel,
  90.         Executor $maintenanceExecutor,
  91.         CsrfProtectionHandler $csrfProtection,
  92.         Config $config
  93.     ) {
  94.         $user $this->getAdminUser();
  95.         $perspectiveConfig = new \Pimcore\Perspective\Config();
  96.         $templateParams = [
  97.             'config' => $config,
  98.             'perspectiveConfig' => $perspectiveConfig,
  99.         ];
  101.         $this
  102.             ->addRuntimePerspective($templateParams$user)
  103.             ->addPluginAssets($templateParams);
  105.         $this->buildPimcoreSettings($request$templateParams$user$kernel$maintenanceExecutor$csrfProtection$siteConfigProvider);
  107.         if ($user->getTwoFactorAuthentication('required') && !$user->getTwoFactorAuthentication('enabled')) {
  108.             // only one login is allowed to setup 2FA by the user himself
  109.             $user->setTwoFactorAuthentication('enabled'true);
  110.             // disable the 2FA prompt for the current session
  111.             Tool\Session::useSession(function (AttributeBagInterface $adminSession) {
  112.                 $adminSession->set('2fa_required'false);
  113.             });
  115.             $user->save();
  117.             $templateParams['settings']['twoFactorSetupRequired'] = true;
  118.         }
  120.         // allow to alter settings via an event
  121.         $settingsEvent = new IndexActionSettingsEvent($templateParams['settings'] ?? []);
  122.         $this->eventDispatcher->dispatch($settingsEventAdminEvents::INDEX_ACTION_SETTINGS);
  123.         $templateParams['settings'] = $settingsEvent->getSettings();
  125.         return $this->render('@PimcoreAdmin/Admin/Index/index.html.twig'$templateParams);
  126.     }
  128.     /**
  129.      * @Route("/index/statistics", name="pimcore_admin_index_statistics", methods={"GET"})
  130.      *
  131.      * @param Request $request
  132.      * @param Connection $db
  133.      * @param KernelInterface $kernel
  134.      *
  135.      * @return JsonResponse
  136.      *
  137.      * @throws \Exception
  138.      */
  139.     public function statisticsAction(Request $requestConnection $dbKernelInterface $kernel)
  140.     {
  141.         // DB
  142.         try {
  143.             $tables $db->fetchAllAssociative('SELECT TABLE_NAME as name,TABLE_ROWS as `rows` from information_schema.TABLES
  144.                 WHERE TABLE_ROWS IS NOT NULL AND TABLE_SCHEMA = ?', [$db->getDatabase()]);
  145.         } catch (\Exception $e) {
  146.             $tables = [];
  147.         }
  149.         try {
  150.             $mysqlVersion $db->fetchOne('SELECT VERSION()');
  151.         } catch (\Exception $e) {
  152.             $mysqlVersion null;
  153.         }
  155.         try {
  156.             $data = [
  157.                 'instanceId' => $this->getInstanceId(),
  158.                 'pimcore_major_version' => Version::getMajorVersion(),
  159.                 'pimcore_version' => Version::getVersion(),
  160.                 'pimcore_hash' => Version::getRevision(),
  161.                 'php_version' => PHP_VERSION,
  162.                 'mysql_version' => $mysqlVersion,
  163.                 'bundles' => array_keys($kernel->getBundles()),
  164.                 'tables' => $tables,
  165.             ];
  166.         } catch (\Exception $e) {
  167.             $data = [];
  168.         }
  170.         return $this->adminJson($data);
  171.     }
  173.     /**
  174.      * @param array $templateParams
  175.      * @param User $user
  176.      *
  177.      * @return $this
  178.      */
  179.     protected function addRuntimePerspective(array &$templateParamsUser $user)
  180.     {
  181.         $runtimePerspective \Pimcore\Perspective\Config::getRuntimePerspective($user);
  182.         $templateParams['runtimePerspective'] = $runtimePerspective;
  184.         return $this;
  185.     }
  187.     /**
  188.      * @param array $templateParams
  189.      *
  190.      * @return $this
  191.      */
  192.     protected function addPluginAssets(array &$templateParams)
  193.     {
  194.         $templateParams['pluginJsPaths'] = $this->bundleManager->getJsPaths();
  195.         $templateParams['pluginCssPaths'] = $this->bundleManager->getCssPaths();
  197.         return $this;
  198.     }
  200.     /**
  201.      * @param Request $request
  202.      * @param array $templateParams
  203.      * @param User $user
  204.      * @param KernelInterface $kernel
  205.      * @param ExecutorInterface $maintenanceExecutor
  206.      * @param CsrfProtectionHandler $csrfProtection
  207.      * @param SiteConfigProvider $siteConfigProvider
  208.      *
  209.      * @return $this
  210.      */
  211.     protected function buildPimcoreSettings(Request $request, array &$templateParamsUser $userKernelInterface $kernelExecutorInterface $maintenanceExecutorCsrfProtectionHandler $csrfProtectionSiteConfigProvider $siteConfigProvider)
  212.     {
  213.         $config                $templateParams['config'];
  214.         $dashboardHelper       = new \Pimcore\Helper\Dashboard($user);
  215.         $customAdminEntrypoint $this->getParameter('pimcore_admin.custom_admin_route_name');
  217.         try {
  218.             $adminEntrypointUrl $this->generateUrl($customAdminEntrypoint, [], UrlGeneratorInterface::ABSOLUTE_URL);
  219.         } catch (Exception) {
  220.             // if the custom admin entrypoint is not defined, return null in the settings
  221.             $adminEntrypointUrl null;
  222.         }
  224.         $settings = [
  225.             'instanceId'          => $this->getInstanceId(),
  226.             'version'             => Version::getVersion(),
  227.             'build'               => Version::getRevision(),
  228.             'debug'               => \Pimcore::inDebugMode(),
  229.             'devmode'             => \Pimcore::inDevMode(),
  230.             'disableMinifyJs'     => \Pimcore::disableMinifyJs(),
  231.             'environment'         => $kernel->getEnvironment(),
  232.             'cached_environments' => Tool::getCachedSymfonyEnvironments(),
  233.             'sessionId'           => htmlentities(Session::getSessionId(), ENT_QUOTES'UTF-8'),
  235.             // languages
  236.             'language'         => $request->getLocale(),
  237.             'websiteLanguages' => Admin::reorderWebsiteLanguages(
  238.                 $this->getAdminUser(),
  239.                 $config['general']['valid_languages'],
  240.                 true
  241.             ),
  243.             // flags
  244.             'showCloseConfirmation'          => true,
  245.             'debug_admin_translations'       => (bool)$config['general']['debug_admin_translations'],
  246.             'document_generatepreviews'      => (bool)$config['documents']['generate_preview'],
  247.             'asset_disable_tree_preview'     => (bool)$config['assets']['disable_tree_preview'],
  248.             'chromium'                       => \Pimcore\Image\Chromium::isSupported(),
  249.             'htmltoimage'                    => \Pimcore\Image\HtmlToImage::isSupported(),
  250.             'videoconverter'                 => \Pimcore\Video::isAvailable(),
  251.             'asset_hide_edit'                => (bool)$config['assets']['hide_edit_image'],
  252.             'main_domain'                    => $config['general']['domain'],
  253.             'custom_admin_entrypoint_url'    => $adminEntrypointUrl,
  254.             'timezone'                       => $config['general']['timezone'],
  255.             'tile_layer_url_template'        => $config['maps']['tile_layer_url_template'],
  256.             'geocoding_url_template'         => $config['maps']['geocoding_url_template'],
  257.             'reverse_geocoding_url_template' => $config['maps']['reverse_geocoding_url_template'],
  258.             'asset_tree_paging_limit'        => $config['assets']['tree_paging_limit'],
  259.             'document_tree_paging_limit'     => $config['documents']['tree_paging_limit'],
  260.             'object_tree_paging_limit'       => $config['objects']['tree_paging_limit'],
  261.             'maxmind_geoip_installed'        => (bool) $this->getParameter('pimcore.geoip.db_file'),
  262.             'hostname'                       => htmlentities(\Pimcore\Tool::getHostname(), ENT_QUOTES'UTF-8'),
  264.             'document_auto_save_interval' => $config['documents']['auto_save_interval'],
  265.             'object_auto_save_interval'   => $config['objects']['auto_save_interval'],
  267.             // perspective and portlets
  268.             'perspective'           => $templateParams['runtimePerspective'],
  269.             'availablePerspectives' => \Pimcore\Perspective\Config::getAvailablePerspectives($user),
  270.             'disabledPortlets'      => $dashboardHelper->getDisabledPortlets(),
  272.             // google analytics
  273.             'google_analytics_enabled' => (bool) $siteConfigProvider->isSiteReportingConfigured(),
  275.             // this stuff is used to decide whether the "add" button should be grayed out or not
  276.             'image-thumbnails-writeable'          => (new \Pimcore\Model\Asset\Image\Thumbnail\Config())->isWriteable(),
  277.             'video-thumbnails-writeable'          => (new \Pimcore\Model\Asset\Video\Thumbnail\Config())->isWriteable(),
  278.             'custom-reports-writeable'            => (new \Pimcore\Model\Tool\CustomReport\Config())->isWriteable(),
  279.             'document-types-writeable'            => (new DocType())->isWriteable(),
  280.             'web2print-writeable'                 => \Pimcore\Web2Print\Config::isWriteable(),
  281.             'predefined-properties-writeable'     => (new \Pimcore\Model\Property\Predefined())->isWriteable(),
  282.             'predefined-asset-metadata-writeable' => (new \Pimcore\Model\Metadata\Predefined())->isWriteable(),
  283.             'staticroutes-writeable'              => (new Staticroute())->isWriteable(),
  284.             'perspectives-writeable'              => \Pimcore\Perspective\Config::isWriteable(),
  285.             'custom-views-writeable'              => \Pimcore\CustomView\Config::isWriteable(),
  286.             'class-definition-writeable'          => isset($_SERVER['PIMCORE_CLASS_DEFINITION_WRITABLE']) ? (bool)$_SERVER['PIMCORE_CLASS_DEFINITION_WRITABLE'] : true,
  287.         ];
  289.         $this
  290.             ->addSystemVarSettings($settings)
  291.             ->addMaintenanceSettings($settings$maintenanceExecutor)
  292.             ->addMailSettings($settings$config)
  293.             ->addCustomViewSettings($settings);
  295.         $settings['csrfToken'] = $csrfProtection->getCsrfToken();
  297.         $templateParams['settings'] = $settings;
  299.         return $this;
  300.     }
  302.     /**
  303.      * @return string
  304.      */
  305.     private function getInstanceId()
  306.     {
  307.         $instanceId 'not-set';
  309.         try {
  310.             $instanceId $this->getParameter('secret');
  311.             $instanceId sha1(substr($instanceId3, -3));
  312.         } catch (\Exception $e) {
  313.             // nothing to do
  314.         }
  316.         return $instanceId;
  317.     }
  319.     /**
  320.      * @param array $settings
  321.      *
  322.      * @return $this
  323.      */
  324.     protected function addSystemVarSettings(array &$settings)
  325.     {
  326.         // upload limit
  327.         $max_upload filesize2bytes(ini_get('upload_max_filesize') . 'B');
  328.         $max_post filesize2bytes(ini_get('post_max_size') . 'B');
  329.         $upload_mb min($max_upload$max_post);
  331.         $settings['upload_max_filesize'] = (int) $upload_mb;
  333.         // session lifetime (gc)
  334.         $session_gc_maxlifetime ini_get('session.gc_maxlifetime');
  335.         if (empty($session_gc_maxlifetime)) {
  336.             $session_gc_maxlifetime 120;
  337.         }
  339.         $settings['session_gc_maxlifetime'] = (int)$session_gc_maxlifetime;
  341.         return $this;
  342.     }
  344.     /**
  345.      * @param array $settings
  346.      * @param ExecutorInterface $maintenanceExecutor
  347.      *
  348.      * @return $this
  349.      */
  350.     protected function addMaintenanceSettings(array &$settingsExecutorInterface $maintenanceExecutor)
  351.     {
  352.         // check maintenance
  353.         $maintenance_active false;
  354.         if ($lastExecution $maintenanceExecutor->getLastExecution()) {
  355.             if ((time() - $lastExecution) < 3660) { // maintenance script should run at least every hour + a little tolerance
  356.                 $maintenance_active true;
  357.             }
  358.         }
  360.         $settings['maintenance_active'] = $maintenance_active;
  361.         $settings['maintenance_mode'] = Admin::isInMaintenanceMode();
  363.         return $this;
  364.     }
  366.     /**
  367.      * @param array $settings
  368.      * @param Config $config
  369.      *
  370.      * @return $this
  371.      */
  372.     protected function addMailSettings(array &$settings$config)
  373.     {
  374.         //mail settings
  375.         $mailIncomplete false;
  376.         if (isset($config['email'])) {
  377.             if (\Pimcore::inDebugMode() && empty($config['email']['debug']['email_addresses'])) {
  378.                 $mailIncomplete true;
  379.             }
  380.             if (empty($config['email']['sender']['email'])) {
  381.                 $mailIncomplete true;
  382.             }
  383.         }
  385.         $settings['mail'] = !$mailIncomplete;
  386.         $settings['mailDefaultAddress'] = $config['email']['sender']['email'] ?? null;
  388.         return $this;
  389.     }
  391.     /**
  392.      * @param array $settings
  393.      *
  394.      * @return $this
  395.      */
  396.     protected function addCustomViewSettings(array &$settings)
  397.     {
  398.         $cvData = [];
  400.         // still needed when publishing objects
  401.         $cvConfig \Pimcore\CustomView\Config::get();
  403.         if ($cvConfig) {
  404.             foreach ($cvConfig as $node) {
  405.                 $tmpData $node;
  406.                 // backwards compatibility
  407.                 $treeType $tmpData['treetype'] ? $tmpData['treetype'] : 'object';
  408.                 $rootNode Service::getElementByPath($treeType$tmpData['rootfolder']);
  410.                 if ($rootNode) {
  411.                     $tmpData['rootId'] = $rootNode->getId();
  412.                     $tmpData['allowedClasses'] = $tmpData['classes'] ?? null;
  413.                     $tmpData['showroot'] = (bool)$tmpData['showroot'];
  415.                     // Check if a user has privileges to that node
  416.                     if ($rootNode->isAllowed('list')) {
  417.                         $cvData[] = $tmpData;
  418.                     }
  419.                 }
  420.             }
  421.         }
  423.         $settings['customviews'] = $cvData;
  425.         return $this;
  426.     }
  428.     /**
  429.      * {@inheritdoc}
  430.      */
  431.     public function onKernelResponseEvent(ResponseEvent $event)
  432.     {
  433.         $event->getResponse()->headers->set('X-Frame-Options''deny'true);
  434.     }
  435. }