PluginProbe ʕ •ᴥ•ʔ
VikAppointments Services Booking Calendar / trunk
VikAppointments Services Booking Calendar vtrunk
trunk 1.2.17 1.2.18 1.2.19
vikappointments / admin / controllers / analytics.php
vikappointments / admin / controllers Last commit date
analytics.php 4 years ago apiban.php 4 years ago apilog.php 4 years ago apiplugin.php 4 years ago apiuser.php 4 years ago backup.php 4 years ago calendar.php 4 years ago city.php 4 years ago closure.php 1 month ago configapp.php 4 years ago configcldays.php 2 years ago configcron.php 4 years ago configemp.php 4 years ago configsmsapi.php 4 years ago configuration.php 1 month ago conversion.php 1 year ago country.php 4 years ago coupon.php 4 years ago coupongroup.php 4 years ago cronjob.php 2 years ago cronjoblog.php 4 years ago customer.php 4 months ago customf.php 1 year ago dashboard.php 4 years ago emplocwdays.php 4 years ago employee.php 1 year ago emprates.php 4 years ago export.php 4 years ago exportres.php 4 years ago file.php 4 months ago findreservation.php 1 month ago group.php 4 years ago import.php 4 years ago index.html 4 years ago invoice.php 1 month ago langcustomf.php 4 years ago langemployee.php 4 years ago langgroup.php 4 years ago langmedia.php 4 years ago langoption.php 4 years ago langoptiongroup.php 4 years ago langpackage.php 4 years ago langpackgroup.php 4 years ago langpayment.php 4 years ago langservice.php 4 years ago langstatuscode.php 4 years ago langsubscr.php 4 years ago langtax.php 4 years ago location.php 4 years ago mailtext.php 2 years ago makerecurrence.php 1 month ago media.php 4 years ago multiorder.php 4 years ago option.php 4 months ago optiongroup.php 4 years ago package.php 2 years ago packgroup.php 4 years ago packorder.php 1 year ago payment.php 4 years ago rate.php 4 years ago reportsemp.php 4 years ago reportsser.php 4 years ago reservation.php 1 month ago restriction.php 4 years ago review.php 4 years ago service.php 1 year ago serworkday.php 4 months ago state.php 4 years ago statuscode.php 4 years ago subscription.php 4 years ago subscrorder.php 4 years ago tag.php 4 years ago tax.php 4 years ago usernote.php 4 years ago waitinglist.php 4 years ago webhook.php 4 years ago wizard.php 1 year ago
analytics.php
370 lines
1 <?php
2 /**
3 * @package VikAppointments
4 * @subpackage core
5 * @author E4J s.r.l.
6 * @copyright Copyright (C) 2021 E4J s.r.l. All Rights Reserved.
7 * @license http://www.gnu.org/licenses/gpl-2.0.html GNU/GPL
8 * @link https://vikwp.com
9 */
10
11 // No direct access
12 defined('ABSPATH') or die('No script kiddies please!');
13
14 VAPLoader::import('libraries.mvc.controllers.admin');
15
16 /**
17 * VikAppointments analytics controller.
18 *
19 * @since 1.7
20 */
21 class VikAppointmentsControllerAnalytics extends VAPControllerAdmin
22 {
23 /**
24 * Task used to access the creation page of a new record.
25 *
26 * @return boolean
27 */
28 public function add()
29 {
30 $app = JFactory::getApplication();
31
32 $data = array();
33
34 $location = $app->input->get('location', null, 'string');
35
36 if ($location)
37 {
38 $data['location'] = $location;
39 }
40
41 // unset user state for being recovered again
42 $app->setUserState('vap.statistics.data', $data);
43
44 // calculate the ACL rule according to the specified request data
45 $acl = $this->getACL($data);
46
47 // check user permissions
48 if (!JFactory::getUser()->authorise($acl, 'com_vikappointments'))
49 {
50 // back to main list, not authorised to create records
51 $app->enqueueMessage(JText::translate('JERROR_ALERTNOAUTHOR'), 'error');
52 $this->cancel();
53
54 return false;
55 }
56
57 $this->setRedirect('index.php?option=com_vikappointments&view=manageanalytics');
58
59 return true;
60 }
61
62 /**
63 * Task used to save the record data set in the request.
64 * After saving, the user is redirected to the main list.
65 *
66 * @return void
67 */
68 public function saveclose()
69 {
70 if ($this->save())
71 {
72 $this->cancel();
73 }
74 }
75
76 /**
77 * Task used to save the record data set in the request.
78 * After saving, the user is redirected to the management
79 * page of the record that has been saved.
80 *
81 * @return boolean
82 */
83 public function save()
84 {
85 $app = JFactory::getApplication();
86 $input = $app->input;
87 $user = JFactory::getUser();
88
89 $widgets_id = $input->get('widget_id', array(), 'uint');
90 $widgets_id_user = $input->get('widget_id_user', array(), 'uint');
91 $widgets_name = $input->get('widget_name', array(), 'string');
92 $widgets_class = $input->get('widget_class', array(), 'string');
93 $widgets_position = $input->get('widget_position', array(), 'string');
94 $widgets_size = $input->get('widget_size', array(), 'string');
95
96 $location = $input->get('location', null, 'string');
97
98 // calculate the ACL rule according to the specified request data
99 $acl = $this->getACL(array('location' => $location));
100
101 // check user permissions
102 if (!$user->authorise($acl, 'com_vikappointments'))
103 {
104 // back to main list, not authorised to create/edit records
105 $app->enqueueMessage(JText::translate('JERROR_ALERTNOAUTHOR'), 'error');
106 $this->cancel();
107
108 return false;
109 }
110
111 // get widget model
112 $widget = $this->getModel('statswidget');
113
114 for ($i = 0; $i < count($widgets_id); $i++)
115 {
116 // prepare data
117 $data = array(
118 'id' => $widgets_id[$i],
119 'id_user' => $widgets_id_user[$i],
120 'name' => $widgets_name[$i],
121 'widget' => $widgets_class[$i],
122 'position' => $widgets_position[$i],
123 'size' => $widgets_size[$i],
124 'location' => $location,
125 'ordering' => $i + 1,
126 );
127
128 // save widget
129 $widget->save($data);
130 }
131
132 // delete widgets
133 $widgets_delete = $input->get('widgets_delete', array(), 'uint');
134 $widget->delete($widgets_delete);
135
136 // display generic successful message
137 $app->enqueueMessage(JText::translate('JLIB_APPLICATION_SAVE_SUCCESS'));
138
139 // redirect to edit page
140 $this->setRedirect('index.php?option=com_vikappointments&task=analytics.add&location=' . $location);
141
142 return true;
143 }
144
145 /**
146 * Redirects the users to the main records list.
147 *
148 * @return void
149 */
150 public function cancel()
151 {
152 $input = JFactory::getApplication()->input;
153
154 // get location
155 $location = $input->get('location', null, 'string');
156
157 if ($location && $location != 'dashboard')
158 {
159 // back to specific analytics locations
160 $this->setRedirect('index.php?option=com_vikappointments&view=analytics&location=' . $location);
161 }
162 else
163 {
164 // back to dashboard
165 $this->setRedirect('index.php?option=com_vikappointments');
166 }
167 }
168
169 /**
170 * AJAX end-point used to obtain the widget contents or datasets.
171 *
172 * @return void
173 */
174 public function loadwidgetdata()
175 {
176 $app = JFactory::getApplication();
177 $input = $app->input;
178 $user = JFactory::getUser();
179
180 if (!JSession::checkToken())
181 {
182 // missing CSRF-proof token
183 UIErrorFactory::raiseError(403, JText::translate('JINVALID_TOKEN'));
184 }
185
186 // get widget name and ID
187 $widget = $input->get('widget', '', 'string');
188 $id = $input->get('id', 0, 'uint');
189
190 VAPLoader::import('libraries.statistics.factory');
191
192 try
193 {
194 // try to instantiate the widget
195 $widget = VAPStatisticsFactory::getWidget($widget);
196
197 if (!$widget->checkPermissions($user))
198 {
199 // not authorised to access this widget
200 throw new Exception(JText::translate('JERROR_ALERTNOAUTHOR'), 403);
201 }
202
203 // set up widget ID
204 $widget->setID($id);
205 }
206 catch (Exception $e)
207 {
208 // an error occurred while trying to access the widget
209 UIErrorFactory::raiseError($e->getCode(), $e->getMessage());
210 }
211
212 // fetch widget data
213 $data = $widget->getData();
214
215 // save only in case of existing widget
216 if ($input->getBool('tmp') == false)
217 {
218 // save parameters for later use
219 $widget->saveParams();
220 }
221
222 // send response to caller
223 $this->sendJSON(json_encode($data));
224 }
225
226 /**
227 * AJAX end-point used to save the widget contents.
228 *
229 * @return void
230 */
231 public function savewidgetdata()
232 {
233 $app = JFactory::getApplication();
234 $input = $app->input;
235 $user = JFactory::getUser();
236
237 if (!JSession::checkToken())
238 {
239 // missing CSRF-proof token
240 UIErrorFactory::raiseError(403, JText::translate('JINVALID_TOKEN'));
241 }
242
243 // get widget name and ID
244 $widget = $input->get('widget', '', 'string');
245 $id = $input->get('id', 0, 'uint');
246
247 VAPLoader::import('libraries.statistics.factory');
248
249 try
250 {
251 // try to instantiate the widget
252 $widget = VAPStatisticsFactory::getWidget($widget);
253
254 if (!$widget->checkPermissions($user))
255 {
256 // not authorised to access this widget
257 throw new Exception(JText::translate('JERROR_ALERTNOAUTHOR'), 403);
258 }
259
260 // set up widget ID
261 $widget->setID($id);
262 }
263 catch (Exception $e)
264 {
265 // an error occurred while trying to access the widget
266 UIErrorFactory::raiseError($e->getCode(), $e->getMessage());
267 }
268
269 // save parameters
270 $widget->saveParams();
271
272 // send response to caller
273 $this->sendJSON(1);
274 }
275
276 /**
277 * AJAX end-point used to export the widget contents or datasets.
278 *
279 * @return void
280 */
281 public function export()
282 {
283 $app = JFactory::getApplication();
284 $input = $app->input;
285 $user = JFactory::getUser();
286
287 if (!JSession::checkToken('get'))
288 {
289 // missing CSRF-proof token
290 UIErrorFactory::raiseError(403, JText::translate('JINVALID_TOKEN'));
291 }
292
293 // get widget name and ID
294 $widget = $input->get('widget', '', 'string');
295 $id = $input->get('id', 0, 'uint');
296 $rule = $input->get('rule', null, 'string');
297
298 VAPLoader::import('libraries.statistics.factory');
299
300 try
301 {
302 // try to instantiate the widget
303 $widget = VAPStatisticsFactory::getInstance($widget);
304
305 if (!$widget->checkPermissions($user))
306 {
307 // not authorised to access this widget
308 throw new Exception(JText::translate('JERROR_ALERTNOAUTHOR'), 403);
309 }
310
311 if (!$widget->isExportable())
312 {
313 // the widget doesn't support exportable data
314 throw new Exception('Widget not exportable', 500);
315 }
316
317 // set up widget ID
318 $widget->setID($id);
319 }
320 catch (Exception $e)
321 {
322 // an error occurred while trying to access the widget
323 UIErrorFactory::raiseError($e->getCode(), $e->getMessage());
324 }
325
326 // load widget parameters
327 $widget->setOptions($widget->getParams());
328
329 // fetch export data according to the specified rule (if any)
330 $widget->export($rule);
331
332 // Do not terminate because the widget might display some contents
333 // to support the browser print features. Inject tmpl=component
334 // to display a blank page.
335 $input->set('tmpl', 'component');
336
337 // append widget name to the browser title
338 $doc = JFactory::getDocument();
339 $doc->setTitle($doc->getTitle() . ' - ' . $widget->getTitle());
340 }
341
342 /**
343 * Calculate the ACL rule according to the specified request data.
344 *
345 * @param array $data The request array.
346 *
347 * @return string The related ACL rule.
348 */
349 protected function getACL(array $data)
350 {
351 // default super user
352 $acl = 'core.admin';
353
354 $location = isset($data['location']) ? $data['location'] : '';
355
356 if ($location == 'dashboard' || !$location)
357 {
358 // allow dashboard management
359 $acl = 'core.access.dashboard';
360 }
361 else
362 {
363 // allow specific location of analytics
364 $acl = 'core.access.analytics.' . $location;
365 }
366
367 return $acl;
368 }
369 }
370