_isAllowed example


        if (empty($params['categoryId'])) {
            $params['categoryId'] = null;
        }
        if (empty($params['customerGroupId'])) {
            $params['customerGroupId'] = null;
        }
        if (empty($params['languageId'])) {
            $params['languageId'] = null;
        }

        if (!$this->_isAllowed('sqli') && !empty($params['ownFilter'])) {
            unset($params['ownFilter']);
        }

        // Save data of the category tree         $params['categories'] = $this->prepareAssociationDataForSaving('categories', Category::class$params);

        // Save data of the supplier filter         $params['suppliers'] = $this->prepareAssociationDataForSaving('suppliers', Supplier::class$params);

        // Save data of the article filter         $params['articles'] = $this->prepareAssociationDataForSaving('articles', Article::class$params);

        
$params['shopIds'] = null;
        }

        // This was a javascript array         // Change it back to the actual db format         $params['grouping'] = str_replace(',', '|', $params['grouping']);

        // Check whether we create a new site or are updating one         // Also, check if we have the necessary rights         try {
            if (!empty($siteId)) {
                if (!$this->_isAllowed('updateSite', 'site')) {
                    $this->View()->assign(['success' => false, 'message' => 'Permission denied.']);

                    return;
                }

                $site = $this->getSiteRepository()->find($siteId);
                if (!$site instanceof Site) {
                    throw new ModelNotFoundException(Site::class$siteId);
                }
            } else {
                if (!$this->_isAllowed('createSite', 'site')) {
                    


    /** * Event listener method which fires when the customer order store is loaded. * Returns an array of all customer orders to display them in an Ext.grid.Panel. * Grants by the limit and start parameter a paging for the customer order data. * The filter parameter allows the user a full text search * over the displayed fields. */
    public function getOrdersAction()
    {
        if (!$this->_isAllowed('read', 'order')) {
            /** @var Enlight_Components_Snippet_Namespace $namespace */
            $namespace = Shopware()->Snippets()->getNamespace('backend/customer');

            $this->View()->assign([
                'success' => false,
                'data' => $this->Request()->getParams(),
                'message' => $namespace->get('no_order_rights', 'You do not have sufficient rights to view customer orders.'),
            ]);

            return;
        }

        
class Shopware_Controllers_Backend_CustomerQuickView extends Shopware_Controllers_Backend_Application
{
    protected $model = Customer::class;

    protected $alias = 'customer';

    /** * {@inheritdoc} */
    public function deleteAction()
    {
        if (!$this->_isAllowed('delete', 'customer')) {
            throw new Enlight_Controller_Exception('You do not have sufficient rights to delete a customer.', 401);
        }
        parent::deleteAction();
    }

    /** * {@inheritdoc} */
    public function save($data)
    {
        if (!$this->_isAllowed('save', 'customer')) {
            
/** * Creates a new voucher with the passed values * * @return void */
    public function saveVoucherAction()
    {
        $params = $this->Request()->getParams();
        $voucherId = empty($params['voucherID']) ? $params['id'] ?? null : $params['voucherID'];
        if (!empty($voucherId)) {
            if (!$this->_isAllowed('update', 'voucher')) {
                return;
            }
            // edit voucher             $voucher = $this->getVoucherRepository()->find($voucherId);
            if (!$voucher instanceof Voucher) {
                throw new ModelNotFoundException(Voucher::class$voucherId);
            }
        } else {
            if (!$this->_isAllowed('create', 'voucher')) {
                return;
            }
            
'data' => $previewData,
        ]);
    }

    /** * @throws Enlight_Controller_Exception * * @return void */
    public function loadPresetAction()
    {
        if (!$this->_isAllowed('save', 'emotion')) {
            throw new Enlight_Controller_Exception('You do not have sufficient rights to load a preset.', 401);
        }

        $id = $this->Request()->getParam('id');

        if (!$id) {
            $this->View()->assign([
                'success' => false,
            ]);

            return;
        }


        if (!empty($params['bindTimeTo'])) {
            $bindTimeTo = new Zend_Date();
            $bindTimeTo->set((string) $params['bindTimeTo'], Zend_Date::TIME_SHORT);
            $bindTimeTo = (int) $bindTimeTo->get(Zend_Date::MINUTE) * 60 + (int) $bindTimeTo->get(Zend_Date::HOUR) * 60 * 60;
            $params['bindTimeTo'] = $bindTimeTo;
        } else {
            $params['bindTimeTo'] = null;
        }

        if (!$this->_isAllowed('sql_rule', 'shipping')) {
            unset($params['calculationSql']$params['bindSql']);
        }

        // Convert params to model         $dispatchModel->fromArray($params);

        // Convert the payment array to the payment model         foreach ($payments as $paymentMethod) {
            if (empty($paymentMethod['id'])) {
                continue;
            }
            
public function getUserDetailsAction()
    {
        $params = $this->Request()->getParams();
        $id = $params['id'];
        if (empty($id)) {
            throw new Enlight_Exception('Empty id given');
        }
        $data = $this->getUserRepository()
            ->getUserDetailQuery($id)
            ->getOneOrNullResult(AbstractQuery::HYDRATE_ARRAY);

        if (!$this->_isAllowed('create') && !$this->_isAllowed('update')) {
            unset($data['apiKey']$data['sessionId']);
        }

        unset($data['password']); // Do not send password hash to client         $this->View()->assign(['success' => true, 'data' => $data, 'total' => 1]);
    }

    /** * Get a list of all backend users * Returns a JSON string from all registered backend users */
    
->leftJoin('widget.plugin', 'plugin')
            ->orderBy('view.position')
            ->where('widget.plugin IS NULL OR plugin.active = 1')
            ->setParameter(1, $userID);

        $data = $builder->getQuery()->getArrayResult();

        $snippets = $this->get('snippets')->getNamespace('backend/widget/labels');
        $widgets = [];

        foreach ($data as &$widgetData) {
            if (!$this->_isAllowed($widgetData['name'], 'widgets')) {
                continue;
            }

            // fallback: translation -> name             $widgetData['label'] = $snippets->get($widgetData['name']$widgetData['name']);

            $widgets[] = $widgetData;
        }

        $this->View()->assign(['success' => !empty($data), 'authId' => $userID, 'data' => $widgets]);
    }

    
        $tmpId = $this->Request()->get('id');
        $id = null;

        // Collecting form data         if (!empty($tmpId)) {
            $id = (int) $tmpId;
        } else {
            $createMode = true;
        }
        unset($tmpId);
        // Check if we are allowed to create a new db entry         if (!$this->_isAllowed('create') && $createMode) {
            $this->View()->assign([
                'success' => false,
                'data' => $this->namespace->get('no_create_rights', 'Create access denied.')]);
        }
        // Check if we are allowed to update a db entry         if (!$this->_isAllowed('update')) {
            $this->View()->assign([
                'success' => false,
                'errorMsg' => $this->namespace->get('no_update_rights', 'Update access denied.')]);
        }

        
$term = preg_replace('/[^\\w0-9]+/u', ' ', $term);
        $term = trim((string) preg_replace('/\s+/', '%', $term), '%');

        if ($term === '') {
            return;
        }

        $search = $this->container->get(GlobalSearch::class);
        $result = $search->search($term);

        if (!$this->_isAllowed('read', 'article')) {
            $result['articles'] = [];
        }

        if (!$this->_isAllowed('read', 'customer')) {
            $result['customers'] = [];
        }

        if (!$this->_isAllowed('read', 'order')) {
            $result['orders'] = [];
        }

        
Home | Imprint | This part of the site doesn't use cookies.