vendor/pimcore/pimcore/bundles/AdminBundle/Controller/Admin/IndexController.php line 132

Open in your IDE?
  1. <?php
  3. /**
  4.  * Pimcore
  5.  *
  6.  * This source file is available under two different licenses:
  7.  * - GNU General Public License version 3 (GPLv3)
  8.  * - Pimcore Commercial License (PCL)
  9.  * Full copyright and license information is available in
  10.  * LICENSE.md which is distributed with this source code.
  11.  *
  12.  *  @copyright  Copyright (c) Pimcore GmbH (http://www.pimcore.org)
  13.  *  @license    http://www.pimcore.org/license     GPLv3 and PCL
  14.  */
  16. namespace Pimcore\Bundle\AdminBundle\Controller\Admin;
  18. use Doctrine\DBAL\Connection;
  19. use Exception;
  20. use Pimcore\Analytics\Google\Config\SiteConfigProvider;
  21. use Pimcore\Bundle\AdminBundle\Controller\AdminController;
  22. use Pimcore\Bundle\AdminBundle\HttpFoundation\JsonResponse;
  23. use Pimcore\Bundle\AdminBundle\Security\CsrfProtectionHandler;
  24. use Pimcore\Config;
  25. use Pimcore\Controller\KernelResponseEventInterface;
  26. use Pimcore\Event\Admin\IndexActionSettingsEvent;
  27. use Pimcore\Event\AdminEvents;
  28. use Pimcore\Maintenance\Executor;
  29. use Pimcore\Maintenance\ExecutorInterface;
  30. use Pimcore\Model\Document\DocType;
  31. use Pimcore\Model\Element\Service;
  32. use Pimcore\Model\Staticroute;
  33. use Pimcore\Model\User;
  34. use Pimcore\Tool;
  35. use Pimcore\Tool\Admin;
  36. use Pimcore\Tool\Session;
  37. use Pimcore\Version;
  38. use Symfony\Component\HttpFoundation\Request;
  39. use Symfony\Component\HttpFoundation\Response;
  40. use Symfony\Component\HttpFoundation\Session\Attribute\AttributeBagInterface;
  41. use Symfony\Component\HttpKernel\Event\ResponseEvent;
  42. use Symfony\Component\HttpKernel\KernelInterface;
  43. use Symfony\Component\Routing\Annotation\Route;
  44. use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
  45. use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
  47. /**
  48.  * @internal
  49.  */
  50. class IndexController extends AdminController implements KernelResponseEventInterface
  51. {
  52.     /**
  53.      * @var EventDispatcherInterface
  54.      */
  55.     private $eventDispatcher;
  57.     /**
  58.      * @param EventDispatcherInterface $eventDispatcher
  59.      */
  60.     public function __construct(EventDispatcherInterface $eventDispatcher)
  61.     {
  62.         $this->eventDispatcher $eventDispatcher;
  63.     }
  65.     /**
  66.      * @Route("/", name="pimcore_admin_index", methods={"GET"})
  67.      *
  68.      * @param Request $request
  69.      * @param SiteConfigProvider $siteConfigProvider
  70.      * @param KernelInterface $kernel
  71.      * @param Executor $maintenanceExecutor
  72.      * @param CsrfProtectionHandler $csrfProtection
  73.      * @param Config $config
  74.      *
  75.      * @return Response
  76.      *
  77.      * @throws \Exception
  78.      */
  79.     public function indexAction(
  80.         Request $request,
  81.         SiteConfigProvider $siteConfigProvider,
  82.         KernelInterface $kernel,
  83.         Executor $maintenanceExecutor,
  84.         CsrfProtectionHandler $csrfProtection,
  85.         Config $config
  86.     ) {
  87.         $user $this->getAdminUser();
  88.         $perspectiveConfig = new \Pimcore\Perspective\Config();
  89.         $templateParams = [
  90.             'config' => $config,
  91.             'perspectiveConfig' => $perspectiveConfig,
  92.         ];
  94.         $this
  95.             ->addRuntimePerspective($templateParams$user)
  96.             ->addPluginAssets($templateParams);
  98.         $this->buildPimcoreSettings($request$templateParams$user$kernel$maintenanceExecutor$csrfProtection$siteConfigProvider);
  100.         if ($user->getTwoFactorAuthentication('required') && !$user->getTwoFactorAuthentication('enabled')) {
  101.             // only one login is allowed to setup 2FA by the user himself
  102.             $user->setTwoFactorAuthentication('enabled'true);
  103.             // disable the 2FA prompt for the current session
  104.             Tool\Session::useSession(function (AttributeBagInterface $adminSession) {
  105.                 $adminSession->set('2fa_required'false);
  106.             });
  108.             $user->save();
  110.             $templateParams['settings']['twoFactorSetupRequired'] = true;
  111.         }
  113.         // allow to alter settings via an event
  114.         $settingsEvent = new IndexActionSettingsEvent($templateParams['settings'] ?? []);
  115.         $this->eventDispatcher->dispatch($settingsEventAdminEvents::INDEX_ACTION_SETTINGS);
  116.         $templateParams['settings'] = $settingsEvent->getSettings();
  118.         return $this->render('@PimcoreAdmin/Admin/Index/index.html.twig'$templateParams);
  119.     }
  121.     /**
  122.      * @Route("/index/statistics", name="pimcore_admin_index_statistics", methods={"GET"})
  123.      *
  124.      * @param Request $request
  125.      * @param Connection $db
  126.      * @param KernelInterface $kernel
  127.      *
  128.      * @return JsonResponse
  129.      *
  130.      * @throws \Exception
  131.      */
  132.     public function statisticsAction(Request $requestConnection $dbKernelInterface $kernel)
  133.     {
  134.         // DB
  135.         try {
  136.             $tables $db->fetchAllAssociative('SELECT TABLE_NAME as name,TABLE_ROWS as `rows` from information_schema.TABLES
  137.                 WHERE TABLE_ROWS IS NOT NULL AND TABLE_SCHEMA = ?', [$db->getDatabase()]);
  138.         } catch (\Exception $e) {
  139.             $tables = [];
  140.         }
  142.         try {
  143.             $mysqlVersion $db->fetchOne('SELECT VERSION()');
  144.         } catch (\Exception $e) {
  145.             $mysqlVersion null;
  146.         }
  148.         try {
  149.             $data = [
  150.                 'instanceId' => $this->getInstanceId(),
  151.                 'pimcore_major_version' => 10,
  152.                 'pimcore_version' => Version::getVersion(),
  153.                 'pimcore_hash' => Version::getRevision(),
  154.                 'php_version' => PHP_VERSION,
  155.                 'mysql_version' => $mysqlVersion,
  156.                 'bundles' => array_keys($kernel->getBundles()),
  157.                 'tables' => $tables,
  158.             ];
  159.         } catch (\Exception $e) {
  160.             $data = [];
  161.         }
  163.         return $this->adminJson($data);
  164.     }
  166.     /**
  167.      * @param array $templateParams
  168.      * @param User $user
  169.      *
  170.      * @return $this
  171.      */
  172.     protected function addRuntimePerspective(array &$templateParamsUser $user)
  173.     {
  174.         $runtimePerspective \Pimcore\Perspective\Config::getRuntimePerspective($user);
  175.         $templateParams['runtimePerspective'] = $runtimePerspective;
  177.         return $this;
  178.     }
  180.     /**
  181.      * @param array $templateParams
  182.      *
  183.      * @return $this
  184.      */
  185.     protected function addPluginAssets(array &$templateParams)
  186.     {
  187.         $templateParams['pluginJsPaths'] = $this->getBundleManager()->getJsPaths();
  188.         $templateParams['pluginCssPaths'] = $this->getBundleManager()->getCssPaths();
  190.         return $this;
  191.     }
  193.     /**
  194.      * @param Request $request
  195.      * @param array $templateParams
  196.      * @param User $user
  197.      * @param KernelInterface $kernel
  198.      * @param ExecutorInterface $maintenanceExecutor
  199.      * @param CsrfProtectionHandler $csrfProtection
  200.      * @param SiteConfigProvider $siteConfigProvider
  201.      *
  202.      * @return $this
  203.      */
  204.     protected function buildPimcoreSettings(Request $request, array &$templateParamsUser $userKernelInterface $kernelExecutorInterface $maintenanceExecutorCsrfProtectionHandler $csrfProtectionSiteConfigProvider $siteConfigProvider)
  205.     {
  206.         $config                $templateParams['config'];
  207.         $dashboardHelper       = new \Pimcore\Helper\Dashboard($user);
  208.         $customAdminEntrypoint $this->getParameter('pimcore_admin.custom_admin_route_name');
  210.         try {
  211.             $adminEntrypointUrl $this->generateUrl($customAdminEntrypoint, [], UrlGeneratorInterface::ABSOLUTE_URL);
  212.         } catch (Exception) {
  213.             // if the custom admin entrypoint is not defined, return null in the settings
  214.             $adminEntrypointUrl null;
  215.         }
  217.         $settings = [
  218.             'instanceId'          => $this->getInstanceId(),
  219.             'version'             => Version::getVersion(),
  220.             'build'               => Version::getRevision(),
  221.             'debug'               => \Pimcore::inDebugMode(),
  222.             'devmode'             => \Pimcore::inDevMode(),
  223.             'disableMinifyJs'     => \Pimcore::disableMinifyJs(),
  224.             'environment'         => $kernel->getEnvironment(),
  225.             'cached_environments' => Tool::getCachedSymfonyEnvironments(),
  226.             'sessionId'           => htmlentities(Session::getSessionId(), ENT_QUOTES'UTF-8'),
  228.             // languages
  229.             'language'         => $request->getLocale(),
  230.             'websiteLanguages' => Admin::reorderWebsiteLanguages(
  231.                 $this->getAdminUser(),
  232.                 $config['general']['valid_languages'],
  233.                 true
  234.             ),
  236.             // flags
  237.             'showCloseConfirmation'          => true,
  238.             'debug_admin_translations'       => (bool)$config['general']['debug_admin_translations'],
  239.             'document_generatepreviews'      => (bool)$config['documents']['generate_preview'],
  240.             'asset_disable_tree_preview'     => (bool)$config['assets']['disable_tree_preview'],
  241.             'chromium'                       => \Pimcore\Image\Chromium::isSupported(),
  242.             'htmltoimage'                    => \Pimcore\Image\HtmlToImage::isSupported(),
  243.             'videoconverter'                 => \Pimcore\Video::isAvailable(),
  244.             'asset_hide_edit'                => (bool)$config['assets']['hide_edit_image'],
  245.             'main_domain'                    => $config['general']['domain'],
  246.             'custom_admin_entrypoint_url'    => $adminEntrypointUrl,
  247.             'timezone'                       => $config['general']['timezone'],
  248.             'tile_layer_url_template'        => $config['maps']['tile_layer_url_template'],
  249.             'geocoding_url_template'         => $config['maps']['geocoding_url_template'],
  250.             'reverse_geocoding_url_template' => $config['maps']['reverse_geocoding_url_template'],
  251.             'asset_tree_paging_limit'        => $config['assets']['tree_paging_limit'],
  252.             'document_tree_paging_limit'     => $config['documents']['tree_paging_limit'],
  253.             'object_tree_paging_limit'       => $config['objects']['tree_paging_limit'],
  254.             'maxmind_geoip_installed'        => (bool) $this->getParameter('pimcore.geoip.db_file'),
  255.             'hostname'                       => htmlentities(\Pimcore\Tool::getHostname(), ENT_QUOTES'UTF-8'),
  257.             'document_auto_save_interval' => $config['documents']['auto_save_interval'],
  258.             'object_auto_save_interval'   => $config['objects']['auto_save_interval'],
  260.             // perspective and portlets
  261.             'perspective'           => $templateParams['runtimePerspective'],
  262.             'availablePerspectives' => \Pimcore\Perspective\Config::getAvailablePerspectives($user),
  263.             'disabledPortlets'      => $dashboardHelper->getDisabledPortlets(),
  265.             // google analytics
  266.             'google_analytics_enabled' => (bool) $siteConfigProvider->isSiteReportingConfigured(),
  268.             // this stuff is used to decide whether the "add" button should be grayed out or not
  269.             'image-thumbnails-writeable'          => (new \Pimcore\Model\Asset\Image\Thumbnail\Config())->isWriteable(),
  270.             'video-thumbnails-writeable'          => (new \Pimcore\Model\Asset\Video\Thumbnail\Config())->isWriteable(),
  271.             'custom-reports-writeable'            => (new \Pimcore\Model\Tool\CustomReport\Config())->isWriteable(),
  272.             'document-types-writeable'            => (new DocType())->isWriteable(),
  273.             'web2print-writeable'                 => \Pimcore\Web2Print\Config::isWriteable(),
  274.             'predefined-properties-writeable'     => (new \Pimcore\Model\Property\Predefined())->isWriteable(),
  275.             'predefined-asset-metadata-writeable' => (new \Pimcore\Model\Metadata\Predefined())->isWriteable(),
  276.             'staticroutes-writeable'              => (new Staticroute())->isWriteable(),
  277.             'perspectives-writeable'              => \Pimcore\Perspective\Config::isWriteable(),
  278.             'custom-views-writeable'              => \Pimcore\CustomView\Config::isWriteable(),
  279.             'class-definition-writeable'          => isset($_SERVER['PIMCORE_CLASS_DEFINITION_WRITABLE']) ? (bool)$_SERVER['PIMCORE_CLASS_DEFINITION_WRITABLE'] : true,
  280.         ];
  282.         $this
  283.             ->addSystemVarSettings($settings)
  284.             ->addMaintenanceSettings($settings$maintenanceExecutor)
  285.             ->addMailSettings($settings$config)
  286.             ->addCustomViewSettings($settings);
  288.         $settings['csrfToken'] = $csrfProtection->getCsrfToken();
  290.         $templateParams['settings'] = $settings;
  292.         return $this;
  293.     }
  295.     /**
  296.      * @return string
  297.      */
  298.     private function getInstanceId()
  299.     {
  300.         $instanceId 'not-set';
  302.         try {
  303.             $instanceId $this->getParameter('secret');
  304.             $instanceId sha1(substr($instanceId3, -3));
  305.         } catch (\Exception $e) {
  306.             // nothing to do
  307.         }
  309.         return $instanceId;
  310.     }
  312.     /**
  313.      * @param array $settings
  314.      *
  315.      * @return $this
  316.      */
  317.     protected function addSystemVarSettings(array &$settings)
  318.     {
  319.         // upload limit
  320.         $max_upload filesize2bytes(ini_get('upload_max_filesize') . 'B');
  321.         $max_post filesize2bytes(ini_get('post_max_size') . 'B');
  322.         $upload_mb min($max_upload$max_post);
  324.         $settings['upload_max_filesize'] = (int) $upload_mb;
  326.         // session lifetime (gc)
  327.         $session_gc_maxlifetime ini_get('session.gc_maxlifetime');
  328.         if (empty($session_gc_maxlifetime)) {
  329.             $session_gc_maxlifetime 120;
  330.         }
  332.         $settings['session_gc_maxlifetime'] = (int)$session_gc_maxlifetime;
  334.         return $this;
  335.     }
  337.     /**
  338.      * @param array $settings
  339.      * @param ExecutorInterface $maintenanceExecutor
  340.      *
  341.      * @return $this
  342.      */
  343.     protected function addMaintenanceSettings(array &$settingsExecutorInterface $maintenanceExecutor)
  344.     {
  345.         // check maintenance
  346.         $maintenance_active false;
  347.         if ($lastExecution $maintenanceExecutor->getLastExecution()) {
  348.             if ((time() - $lastExecution) < 3660) { // maintenance script should run at least every hour + a little tolerance
  349.                 $maintenance_active true;
  350.             }
  351.         }
  353.         $settings['maintenance_active'] = $maintenance_active;
  354.         $settings['maintenance_mode'] = Admin::isInMaintenanceMode();
  356.         return $this;
  357.     }
  359.     /**
  360.      * @param array $settings
  361.      * @param Config $config
  362.      *
  363.      * @return $this
  364.      */
  365.     protected function addMailSettings(array &$settings$config)
  366.     {
  367.         //mail settings
  368.         $mailIncomplete false;
  369.         if (isset($config['email'])) {
  370.             if (\Pimcore::inDebugMode() && empty($config['email']['debug']['email_addresses'])) {
  371.                 $mailIncomplete true;
  372.             }
  373.             if (empty($config['email']['sender']['email'])) {
  374.                 $mailIncomplete true;
  375.             }
  376.         }
  378.         $settings['mail'] = !$mailIncomplete;
  379.         $settings['mailDefaultAddress'] = $config['email']['sender']['email'] ?? null;
  381.         return $this;
  382.     }
  384.     /**
  385.      * @param array $settings
  386.      *
  387.      * @return $this
  388.      */
  389.     protected function addCustomViewSettings(array &$settings)
  390.     {
  391.         $cvData = [];
  393.         // still needed when publishing objects
  394.         $cvConfig \Pimcore\CustomView\Config::get();
  396.         if ($cvConfig) {
  397.             foreach ($cvConfig as $node) {
  398.                 $tmpData $node;
  399.                 // backwards compatibility
  400.                 $treeType $tmpData['treetype'] ? $tmpData['treetype'] : 'object';
  401.                 $rootNode Service::getElementByPath($treeType$tmpData['rootfolder']);
  403.                 if ($rootNode) {
  404.                     $tmpData['rootId'] = $rootNode->getId();
  405.                     $tmpData['allowedClasses'] = $tmpData['classes'] ?? null;
  406.                     $tmpData['showroot'] = (bool)$tmpData['showroot'];
  408.                     // Check if a user has privileges to that node
  409.                     if ($rootNode->isAllowed('list')) {
  410.                         $cvData[] = $tmpData;
  411.                     }
  412.                 }
  413.             }
  414.         }
  416.         $settings['customviews'] = $cvData;
  418.         return $this;
  419.     }
  421.     /**
  422.      * {@inheritdoc}
  423.      */
  424.     public function onKernelResponseEvent(ResponseEvent $event)
  425.     {
  426.         $event->getResponse()->headers->set('X-Frame-Options''deny'true);
  427.     }
  428. }