vendor/pimcore/pimcore/bundles/AdminBundle/Controller/Admin/IndexController.php line 131

Open in your IDE?
  1. <?php
  3. /**
  4.  * Pimcore
  5.  *
  6.  * This source file is available under two different licenses:
  7.  * - GNU General Public License version 3 (GPLv3)
  8.  * - Pimcore Commercial License (PCL)
  9.  * Full copyright and license information is available in
  10.  * LICENSE.md which is distributed with this source code.
  11.  *
  12.  *  @copyright  Copyright (c) Pimcore GmbH (http://www.pimcore.org)
  13.  *  @license    http://www.pimcore.org/license     GPLv3 and PCL
  14.  */
  16. namespace Pimcore\Bundle\AdminBundle\Controller\Admin;
  18. use Pimcore\Analytics\Google\Config\SiteConfigProvider;
  19. use Pimcore\Bundle\AdminBundle\Controller\AdminController;
  20. use Pimcore\Bundle\AdminBundle\HttpFoundation\JsonResponse;
  21. use Pimcore\Bundle\AdminBundle\Security\CsrfProtectionHandler;
  22. use Pimcore\Config;
  23. use Pimcore\Controller\KernelResponseEventInterface;
  24. use Pimcore\Db\ConnectionInterface;
  25. use Pimcore\Event\Admin\IndexActionSettingsEvent;
  26. use Pimcore\Event\AdminEvents;
  27. use Pimcore\Extension\Bundle\PimcoreBundleManager;
  28. use Pimcore\Maintenance\Executor;
  29. use Pimcore\Maintenance\ExecutorInterface;
  30. use Pimcore\Model\Document\DocType;
  31. use Pimcore\Model\Element\Service;
  32. use Pimcore\Model\Staticroute;
  33. use Pimcore\Model\User;
  34. use Pimcore\Tool;
  35. use Pimcore\Tool\Admin;
  36. use Pimcore\Tool\Session;
  37. use Pimcore\Version;
  38. use Symfony\Component\HttpFoundation\Request;
  39. use Symfony\Component\HttpFoundation\Response;
  40. use Symfony\Component\HttpFoundation\Session\Attribute\AttributeBagInterface;
  41. use Symfony\Component\HttpKernel\Event\ResponseEvent;
  42. use Symfony\Component\HttpKernel\KernelInterface;
  43. use Symfony\Component\Routing\Annotation\Route;
  44. use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
  46. /**
  47.  * @internal
  48.  */
  49. class IndexController extends AdminController implements KernelResponseEventInterface
  50. {
  51.     /**
  52.      * @var EventDispatcherInterface
  53.      */
  54.     private $eventDispatcher;
  56.     /**
  57.      * @param EventDispatcherInterface $eventDispatcher
  58.      */
  59.     public function __construct(EventDispatcherInterface $eventDispatcher)
  60.     {
  61.         $this->eventDispatcher $eventDispatcher;
  62.     }
  64.     /**
  65.      * @Route("/", name="pimcore_admin_index", methods={"GET"})
  66.      *
  67.      * @param Request $request
  68.      * @param SiteConfigProvider $siteConfigProvider
  69.      * @param KernelInterface $kernel
  70.      * @param Executor $maintenanceExecutor
  71.      * @param CsrfProtectionHandler $csrfProtection
  72.      * @param Config $config
  73.      *
  74.      * @return Response
  75.      *
  76.      * @throws \Exception
  77.      */
  78.     public function indexAction(
  79.         Request $request,
  80.         SiteConfigProvider $siteConfigProvider,
  81.         KernelInterface $kernel,
  82.         Executor $maintenanceExecutor,
  83.         CsrfProtectionHandler $csrfProtection,
  84.         Config $config
  85.     ) {
  86.         $user $this->getAdminUser();
  87.         $perspectiveConfig = new \Pimcore\Perspective\Config();
  88.         $templateParams = [
  89.             'config' => $config,
  90.             'perspectiveConfig' => $perspectiveConfig,
  91.         ];
  93.         $this
  94.             ->addRuntimePerspective($templateParams$user)
  95.             ->addPluginAssets($templateParams);
  97.         $this->buildPimcoreSettings($request$templateParams$user$kernel$maintenanceExecutor$csrfProtection$siteConfigProvider);
  99.         if ($user->getTwoFactorAuthentication('required') && !$user->getTwoFactorAuthentication('enabled')) {
  100.             // only one login is allowed to setup 2FA by the user himself
  101.             $user->setTwoFactorAuthentication('enabled'true);
  102.             // disable the 2FA prompt for the current session
  103.             Tool\Session::useSession(function (AttributeBagInterface $adminSession) {
  104.                 $adminSession->set('2fa_required'false);
  105.             });
  107.             $user->save();
  109.             $templateParams['settings']['twoFactorSetupRequired'] = true;
  110.         }
  112.         // allow to alter settings via an event
  113.         $settingsEvent = new IndexActionSettingsEvent($templateParams['settings'] ?? []);
  114.         $this->eventDispatcher->dispatch($settingsEventAdminEvents::INDEX_ACTION_SETTINGS);
  115.         $templateParams['settings'] = $settingsEvent->getSettings();
  117.         return $this->render('@PimcoreAdmin/Admin/Index/index.html.twig'$templateParams);
  118.     }
  120.     /**
  121.      * @Route("/index/statistics", name="pimcore_admin_index_statistics", methods={"GET"})
  122.      *
  123.      * @param Request $request
  124.      * @param ConnectionInterface $db
  125.      * @param KernelInterface $kernel
  126.      *
  127.      * @return JsonResponse
  128.      *
  129.      * @throws \Exception
  130.      */
  131.     public function statisticsAction(Request $requestConnectionInterface $dbKernelInterface $kernel)
  132.     {
  133.         // DB
  134.         try {
  135.             $tables $db->fetchAll('SELECT TABLE_NAME as name,TABLE_ROWS as `rows` from information_schema.TABLES
  136.                 WHERE TABLE_ROWS IS NOT NULL AND TABLE_SCHEMA = ?', [$db->getDatabase()]);
  137.         } catch (\Exception $e) {
  138.             $tables = [];
  139.         }
  141.         try {
  142.             $mysqlVersion $db->fetchOne('SELECT VERSION()');
  143.         } catch (\Exception $e) {
  144.             $mysqlVersion null;
  145.         }
  147.         try {
  148.             $data = [
  149.                 'instanceId' => $this->getInstanceId(),
  150.                 'pimcore_major_version' => 10,
  151.                 'pimcore_version' => Version::getVersion(),
  152.                 'pimcore_hash' => Version::getRevision(),
  153.                 'php_version' => PHP_VERSION,
  154.                 'mysql_version' => $mysqlVersion,
  155.                 'bundles' => array_keys($kernel->getBundles()),
  156.                 'tables' => $tables,
  157.             ];
  158.         } catch (\Exception $e) {
  159.             $data = [];
  160.         }
  162.         return $this->adminJson($data);
  163.     }
  165.     /**
  166.      * @param array $templateParams
  167.      * @param User $user
  168.      *
  169.      * @return $this
  170.      */
  171.     protected function addRuntimePerspective(array &$templateParamsUser $user)
  172.     {
  173.         $runtimePerspective \Pimcore\Perspective\Config::getRuntimePerspective($user);
  174.         $templateParams['runtimePerspective'] = $runtimePerspective;
  176.         return $this;
  177.     }
  179.     /**
  180.      * @param array $templateParams
  181.      *
  182.      * @return $this
  183.      */
  184.     protected function addPluginAssets(array &$templateParams)
  185.     {
  186.         $bundleManager $this->get(PimcoreBundleManager::class);
  188.         $templateParams['pluginJsPaths'] = $bundleManager->getJsPaths();
  189.         $templateParams['pluginCssPaths'] = $bundleManager->getCssPaths();
  191.         return $this;
  192.     }
  194.     /**
  195.      * @param Request $request
  196.      * @param array $templateParams
  197.      * @param User $user
  198.      * @param KernelInterface $kernel
  199.      * @param ExecutorInterface $maintenanceExecutor
  200.      * @param CsrfProtectionHandler $csrfProtection
  201.      * @param SiteConfigProvider $siteConfigProvider
  202.      *
  203.      * @return $this
  204.      */
  205.     protected function buildPimcoreSettings(Request $request, array &$templateParamsUser $userKernelInterface $kernelExecutorInterface $maintenanceExecutorCsrfProtectionHandler $csrfProtectionSiteConfigProvider $siteConfigProvider)
  206.     {
  207.         $config $templateParams['config'];
  208.         $dashboardHelper = new \Pimcore\Helper\Dashboard($user);
  210.         $settings = [
  211.             'instanceId' => $this->getInstanceId(),
  212.             'version' => Version::getVersion(),
  213.             'build' => Version::getRevision(),
  214.             'debug' => \Pimcore::inDebugMode(),
  215.             'devmode' => \Pimcore::inDevMode(),
  216.             'disableMinifyJs' => \Pimcore::disableMinifyJs(),
  217.             'environment' => $kernel->getEnvironment(),
  218.             'cached_environments' => Tool::getCachedSymfonyEnvironments(),
  219.             'sessionId' => htmlentities(Session::getSessionId(), ENT_QUOTES'UTF-8'),
  221.             // languages
  222.             'language' => $request->getLocale(),
  223.             'websiteLanguages' => Admin::reorderWebsiteLanguages(
  224.                 $this->getAdminUser(),
  225.                 $config['general']['valid_languages'],
  226.                 true
  227.             ),
  229.             // flags
  230.             'showCloseConfirmation' => true,
  231.             'debug_admin_translations' => (bool)$config['general']['debug_admin_translations'],
  232.             'document_generatepreviews' => (bool)$config['documents']['generate_preview'],
  233.             'asset_disable_tree_preview' => (bool)$config['assets']['disable_tree_preview'],
  234.             'chromium' => \Pimcore\Image\Chromium::isSupported(),
  235.             'htmltoimage' => \Pimcore\Image\HtmlToImage::isSupported(),
  236.             'videoconverter' => \Pimcore\Video::isAvailable(),
  237.             'asset_hide_edit' => (bool)$config['assets']['hide_edit_image'],
  238.             'main_domain' => $config['general']['domain'],
  239.             'timezone' => $config['general']['timezone'],
  240.             'tile_layer_url_template' => $config['maps']['tile_layer_url_template'],
  241.             'geocoding_url_template' => $config['maps']['geocoding_url_template'],
  242.             'reverse_geocoding_url_template' => $config['maps']['reverse_geocoding_url_template'],
  243.             'asset_tree_paging_limit' => $config['assets']['tree_paging_limit'],
  244.             'document_tree_paging_limit' => $config['documents']['tree_paging_limit'],
  245.             'object_tree_paging_limit' => $config['objects']['tree_paging_limit'],
  246.             'maxmind_geoip_installed' => (bool) $this->getParameter('pimcore.geoip.db_file'),
  247.             'hostname' => htmlentities(\Pimcore\Tool::getHostname(), ENT_QUOTES'UTF-8'),
  249.             'document_auto_save_interval' => $config['documents']['auto_save_interval'],
  250.             'object_auto_save_interval' => $config['objects']['auto_save_interval'],
  252.             // perspective and portlets
  253.             'perspective' => $templateParams['runtimePerspective'],
  254.             'availablePerspectives' => \Pimcore\Perspective\Config::getAvailablePerspectives($user),
  255.             'disabledPortlets' => $dashboardHelper->getDisabledPortlets(),
  257.             // google analytics
  258.             'google_analytics_enabled' => (bool) $siteConfigProvider->isSiteReportingConfigured(),
  260.             // this stuff is used to decide whether the "add" button should be grayed out or not
  261.             'image-thumbnails-writeable' => (new \Pimcore\Model\Asset\Image\Thumbnail\Config())->isWriteable(),
  262.             'video-thumbnails-writeable' => (new \Pimcore\Model\Asset\Video\Thumbnail\Config())->isWriteable(),
  263.             'custom-reports-writeable' => (new \Pimcore\Model\Tool\CustomReport\Config())->isWriteable(),
  264.             'document-types-writeable' => (new DocType())->isWriteable(),
  265.             'web2print-writeable' => \Pimcore\Web2Print\Config::isWriteable(),
  266.             'predefined-properties-writeable' => (new \Pimcore\Model\Property\Predefined())->isWriteable(),
  267.             'predefined-asset-metadata-writeable' => (new \Pimcore\Model\Metadata\Predefined())->isWriteable(),
  268.             'staticroutes-writeable' => (new Staticroute())->isWriteable(),
  269.             'perspectives-writeable' => \Pimcore\Perspective\Config::isWriteable(),
  270.             'custom-views-writeable' => \Pimcore\CustomView\Config::isWriteable(),
  271.         ];
  273.         $this
  274.             ->addSystemVarSettings($settings)
  275.             ->addMaintenanceSettings($settings$maintenanceExecutor)
  276.             ->addMailSettings($settings$config)
  277.             ->addCustomViewSettings($settings);
  279.         $settings['csrfToken'] = $csrfProtection->getCsrfToken();
  281.         $templateParams['settings'] = $settings;
  283.         return $this;
  284.     }
  286.     /**
  287.      * @return string
  288.      */
  289.     private function getInstanceId()
  290.     {
  291.         $instanceId 'not-set';
  293.         try {
  294.             $instanceId $this->getParameter('secret');
  295.             $instanceId sha1(substr($instanceId3, -3));
  296.         } catch (\Exception $e) {
  297.             // nothing to do
  298.         }
  300.         return $instanceId;
  301.     }
  303.     /**
  304.      * @param array $settings
  305.      *
  306.      * @return $this
  307.      */
  308.     protected function addSystemVarSettings(array &$settings)
  309.     {
  310.         // upload limit
  311.         $max_upload filesize2bytes(ini_get('upload_max_filesize') . 'B');
  312.         $max_post filesize2bytes(ini_get('post_max_size') . 'B');
  313.         $upload_mb min($max_upload$max_post);
  315.         $settings['upload_max_filesize'] = (int) $upload_mb;
  317.         // session lifetime (gc)
  318.         $session_gc_maxlifetime ini_get('session.gc_maxlifetime');
  319.         if (empty($session_gc_maxlifetime)) {
  320.             $session_gc_maxlifetime 120;
  321.         }
  323.         $settings['session_gc_maxlifetime'] = (int)$session_gc_maxlifetime;
  325.         return $this;
  326.     }
  328.     /**
  329.      * @param array $settings
  330.      * @param ExecutorInterface $maintenanceExecutor
  331.      *
  332.      * @return $this
  333.      */
  334.     protected function addMaintenanceSettings(array &$settingsExecutorInterface $maintenanceExecutor)
  335.     {
  336.         // check maintenance
  337.         $maintenance_active false;
  338.         if ($lastExecution $maintenanceExecutor->getLastExecution()) {
  339.             if ((time() - $lastExecution) < 3660) { // maintenance script should run at least every hour + a little tolerance
  340.                 $maintenance_active true;
  341.             }
  342.         }
  344.         $settings['maintenance_active'] = $maintenance_active;
  345.         $settings['maintenance_mode'] = Admin::isInMaintenanceMode();
  347.         return $this;
  348.     }
  350.     /**
  351.      * @param array $settings
  352.      * @param Config $config
  353.      *
  354.      * @return $this
  355.      */
  356.     protected function addMailSettings(array &$settings$config)
  357.     {
  358.         //mail settings
  359.         $mailIncomplete false;
  360.         if (isset($config['email'])) {
  361.             if (\Pimcore::inDebugMode() && empty($config['email']['debug']['email_addresses'])) {
  362.                 $mailIncomplete true;
  363.             }
  364.             if (empty($config['email']['sender']['email'])) {
  365.                 $mailIncomplete true;
  366.             }
  367.         }
  369.         $settings['mail'] = !$mailIncomplete;
  370.         $settings['mailDefaultAddress'] = $config['email']['sender']['email'] ?? null;
  372.         return $this;
  373.     }
  375.     /**
  376.      * @param array $settings
  377.      *
  378.      * @return $this
  379.      */
  380.     protected function addCustomViewSettings(array &$settings)
  381.     {
  382.         $cvData = [];
  384.         // still needed when publishing objects
  385.         $cvConfig \Pimcore\CustomView\Config::get();
  387.         if ($cvConfig) {
  388.             foreach ($cvConfig as $node) {
  389.                 $tmpData $node;
  390.                 // backwards compatibility
  391.                 $treeType $tmpData['treetype'] ? $tmpData['treetype'] : 'object';
  392.                 $rootNode Service::getElementByPath($treeType$tmpData['rootfolder']);
  394.                 if ($rootNode) {
  395.                     $tmpData['rootId'] = $rootNode->getId();
  396.                     $tmpData['allowedClasses'] = $tmpData['classes'] ?? null;
  397.                     $tmpData['showroot'] = (bool)$tmpData['showroot'];
  399.                     // Check if a user has privileges to that node
  400.                     if ($rootNode->isAllowed('list')) {
  401.                         $cvData[] = $tmpData;
  402.                     }
  403.                 }
  404.             }
  405.         }
  407.         $settings['customviews'] = $cvData;
  409.         return $this;
  410.     }
  412.     /**
  413.      * {@inheritdoc}
  414.      */
  415.     public function onKernelResponseEvent(ResponseEvent $event)
  416.     {
  417.         $event->getResponse()->headers->set('X-Frame-Options''deny'true);
  418.     }
  419. }