app/Plugin/TabaBannerManager2/Controller/AdminController.php line 515

Open in your IDE?
  1. <?php
  2. /*
  3.  * Copyright (C) 2018 SPREAD WORKS Inc.
  4.  *
  5.  * For the full copyright and license information, please view the LICENSE
  6.  * file that was distributed with this source code.
  7.  */
  8. namespace Plugin\TabaBannerManager2\Controller;
  10. use Eccube\Application;
  11. use Eccube\Controller\AbstractController;
  12. use Eccube\Common\Constant;
  13. use Plugin\TabaBannerManager2\Common\Constants;
  14. use Plugin\TabaBannerManager2\Entity\Area;
  15. use Plugin\TabaBannerManager2\Entity\Banner;
  16. use Plugin\TabaBannerManager2\Repository\AreaRepository;
  17. use Plugin\TabaBannerManager2\Repository\BannerRepository;
  18. use Plugin\TabaBannerManager2\Form\Type\AreaType;
  19. use Plugin\TabaBannerManager2\Form\Type\BannerType;
  20. use Symfony\Component\HttpFoundation\Request;
  21. use Symfony\Component\HttpFoundation\JsonResponse;
  22. use Symfony\Component\HttpFoundation\BinaryFileResponse;
  23. use Symfony\Component\Security\Csrf\CsrfToken;
  24. use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;
  25. use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
  26. use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
  27. use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
  28. use Symfony\Component\HttpKernel\Exception\UnsupportedMediaTypeHttpException;
  29. use Symfony\Component\Routing\Annotation\Route;
  30. use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template;
  32. /**
  33.  * 管理画面用コントローラー
  34.  *
  35.  * @Route(Plugin\TabaBannerManager2\Common\Constants::ADMIN_URI_PREFIX,name=Plugin\TabaBannerManager2\Common\Constants::ADMIN_BIND_PREFIX)
  36.  */
  37. class AdminController extends AbstractController
  38. {
  40.     /**
  41.      * @var AreaRepository
  42.      */
  43.     private $areaRepo;
  45.     /**
  46.      * @var BannerRepository
  47.      */
  48.     private $bannerRepo;
  50.     /**
  51.      * @var CsrfTokenManagerInterface
  52.      */
  53.     protected $csrfTokenManager;
  55.     /**
  56.      *
  57.      * @param AreaRepository $areaRepo
  58.      * @param BannerRepository $bannerRepo
  59.      * @param CsrfTokenManagerInterface $csrfTokenManager
  60.      */
  61.     public function __construct(AreaRepository $areaRepoBannerRepository $bannerRepoCsrfTokenManagerInterface $csrfTokenManager)
  62.     {
  63.         $this->areaRepo $areaRepo;
  64.         $this->bannerRepo $bannerRepo;
  65.         $this->csrfTokenManager $csrfTokenManager;
  66.     }
  68.     /**
  69.      * index
  70.      *
  71.      * @param Request $request
  72.      * @return \Symfony\Component\HttpFoundation\Response
  73.      *
  74.      * @Route("/",name="_index")
  75.      */
  76.     public function index(Request $request)
  77.     {
  78.         return $this->redirectToRoute(Constants::ADMIN_BIND_PREFIX '_area_list');
  79.     }
  81.     /**
  82.      * バナーエリア / リスト
  83.      *
  84.      * @param Request $request
  85.      * @return \Symfony\Component\HttpFoundation\Response
  86.      *
  87.      * @Route("/area_list",name="_area_list")
  88.      * @Template("@TabaBannerManager2/admin/area_list.twig")
  89.      */
  90.     public function area_list(Request $request)
  91.     {
  92.         $list $this->areaRepo->getList();
  93.         return [
  94.             'list' => $list
  95.         ];
  96.     }
  98.     /**
  99.      * バナーエリア / 新規登録・編集
  100.      *
  101.      * @param Request $request
  102.      * @param integer $area_id
  103.      * @return \Symfony\Component\HttpFoundation\Response
  104.      *
  105.      * @Route("/area_edit",name="_area_new")
  106.      * @Route("/area_edit/{area_id}",name="_area_edit",requirements={"area_id" = "\d+"})
  107.      * @Template("@TabaBannerManager2/admin/area_edit.twig")
  108.      */
  109.     public function area_edit(Request $request$area_id null)
  110.     {
  111.         $area null;
  112.         if ($area_id) {
  113.             if (! ($area $this->areaRepo->find($area_id))) {
  114.                 throw new NotFoundHttpException();
  115.             }
  116.         } else {
  117.             $area = new Area(true);
  118.         }
  120.         // フォームの生成
  121.         $builder $this->formFactory->createBuilder(AreaType::class, $area);
  122.         $form $builder->getForm();
  124.         // 登録・変更実行
  125.         if ('POST' === $request->getMethod()) {
  126.             // データキーが入力されていない場合
  127.             // 値を生成しリクエスト値にセットします。
  128.             $params $request->request->all();
  129.             if (empty($params[$form->getName()]['data_key'])) {
  130.                 $data_key "area";
  131.                 $id $this->areaRepo->getMaxAreaId() + 1;
  132.                 for ($i $id$i <= 1000 $id$i) {
  133.                     if (! $this->areaRepo->getList(array(
  134.                         'data_key' => $data_key "_" $i
  135.                     ))) {
  136.                         $data_key $data_key "_" $i;
  137.                         break;
  138.                     }
  139.                 }
  140.                 $params[$form->getName()]['data_key'] = $data_key;
  141.                 $request->request->replace($params);
  142.             }
  144.             $form->handleRequest($request);
  145.             if ($form->isValid()) {
  146.                 // $data = $form->getData();
  147.                 if ($this->areaRepo->save($area)) {
  148.                     $this->addSuccess('admin.common.save_complete''admin');
  149.                     return $this->redirectToRoute(Constants::ADMIN_BIND_PREFIX '_area_edit', array(
  150.                         'area_id' => $area->getAreaId()
  151.                     ));
  152.                 } else {
  153.                     $this->addError('admin.common.save_error''admin');
  154.                 }
  155.             } else {
  156.                 $this->addError('admin.common.save_error''admin');
  157.             }
  158.         }
  160.         return [
  161.             'form' => $form->createView(),
  162.             'area' => $area
  163.         ];
  164.     }
  166.     /**
  167.      * バナーエリア / 削除
  168.      *
  169.      * @param Application $app
  170.      * @param Request $request
  171.      * @param integer $area_id
  172.      * @return \Symfony\Component\HttpFoundation\Response
  173.      *
  174.      * @Route("/area_delete/{area_id}",name="_area_delete",requirements={"area_id" = "\d+"})
  175.      */
  176.     public function area_delete(Request $request$area_id)
  177.     {
  178.         // バナーエリア操作オブジェクトの生成
  179.         $status false;
  180.         if (! empty($area_id) && ($area $this->areaRepo->find($area_id))) {
  181.             $status $this->areaRepo->delete($area);
  182.         } else {
  183.             throw new NotFoundHttpException();
  184.         }
  186.         if ($status) {
  187.             $this->addSuccess('admin.common.delete_complete''admin');
  188.         } else {
  189.             $this->addError('admin.common.delete_error''admin');
  190.         }
  192.         return $this->redirectToRoute(Constants::ADMIN_BIND_PREFIX '_area_list');
  193.     }
  195.     /**
  196.      * バナー / リスト
  197.      *
  198.      * @param Application $app
  199.      * @param Request $request
  200.      * @return \Symfony\Component\HttpFoundation\Response
  201.      *
  202.      * @Route("/banner_list/{area_id}",name="_banner_list",requirements={"area_id" = "\d+"})
  203.      * @Template("@TabaBannerManager2/admin/banner_list.twig")
  204.      */
  205.     public function banner_list(Request $request$area_id)
  206.     {
  207.         // バナーエリア取得
  208.         $area null;
  209.         if (! ($area $this->areaRepo->find($area_id))) {
  210.             throw new NotFoundHttpException();
  211.         }
  213.         // バナーリスト取得
  214.         $list $this->bannerRepo->getList($area_id);
  216.         return [
  217.             'csrf_token' => $this->csrfTokenManager->getToken(Constant::TOKEN_NAME)->getValue(),
  218.             'area' => $area,
  219.             'list' => $list
  220.         ];
  221.     }
  223.     /**
  224.      * バナー / 新規登録・編集
  225.      *
  226.      * @param Application $app
  227.      * @param Request $request
  228.      * @param integer $id
  229.      * @return \Symfony\Component\HttpFoundation\Response
  230.      *
  231.      * @Route("/banner_edit/{area_id}",name="_banner_new",requirements={"area_id" = "\d+"})
  232.      * @Route("/banner_edit/{area_id}/{banner_id}",name="_banner_edit",requirements={"area_id" = "\d+","banner_id" = "\d+"})
  233.      * @Template("@TabaBannerManager2/admin/banner_edit.twig")
  234.      */
  235.     public function banner_edit(Request $request$area_id$banner_id null)
  236.     {
  237.         // バナーエリア取得
  238.         $area null;
  239.         if (! ($area $this->areaRepo->find($area_id))) {
  240.             throw new NotFoundHttpException();
  241.         }
  243.         // バナー操作オブジェクトの生成
  244.         $banner null;
  245.         if ($banner_id) {
  246.             if (! ($banner $this->bannerRepo->find($banner_id))) {
  247.                 throw new NotFoundHttpException();
  248.             }
  249.         } else {
  250.             $banner = new Banner(true);
  251.         }
  252.         $banner->setArea($area);
  253.         $originBannerFileName $banner->getBannerFileName();
  254.         $originBannerFileName2 $banner->getBannerFileName2();
  255.         $originBannerFileName3 $banner->getBannerFileName3();
  256.         $originBannerFileName4 $banner->getBannerFileName4();
  257.         $originBannerFileName5 $banner->getBannerFileName5();
  259.         $imageEdited false// 画像編集済みかチェックするフラグ
  261.         // フォームの生成
  262.         $builder $this->formFactory->createBuilder(BannerType::class, $banner);
  263.         $form $builder->getForm();
  265.         // 登録・変更実行
  266.         if ('POST' === $request->getMethod()) {
  267.             $form->handleRequest($request);
  269.             //
  270.             // 画像 1
  271.             //
  272.             if ($originBannerFileName != $banner->getBannerFileName()) $imageEdited true;
  273.             if ($form->isValid()) {
  274.                 $imageEdited false;
  275.                 if ($this->bannerRepo->save($banner)) {
  277.                     //
  278.                     // 画像 1
  279.                     //
  280.                     // 画像を移動
  281.                     if (!empty($banner->getBannerFileName()) && file_exists($this->eccubeConfig['eccube_temp_image_dir'] . '/' $banner->getBannerFileName())) {
  282.                         rename($this->eccubeConfig['eccube_temp_image_dir'] . '/' $banner->getBannerFileName(), $this->eccubeConfig['eccube_save_image_dir'] . '/' $banner->getBannerFileName());
  283.                     }
  284.                     // 画像削除
  285.                     $oldPath $newPath null;
  286.                     if ($originBannerFileName$oldPath $this->eccubeConfig['eccube_save_image_dir'] . '/' $originBannerFileName;
  287.                     if ($banner->getBannerFileName()) $newPath $this->eccubeConfig['eccube_save_image_dir'] . '/' $banner->getBannerFileName();
  288.                     if (!$banner->getBannerFileName()) {
  289.                         if (file_exists($newPath)) unlink($newPath);
  290.                         if (file_exists($oldPath)) unlink($oldPath);
  291.                     } else if ($originBannerFileName != $banner->getBannerFileName()) {
  292.                         if (file_exists($oldPath)) unlink($oldPath);
  293.                     }
  295.                     //
  296.                     // 画像 2
  297.                     //
  298.                     // 画像を移動
  299.                     if (!empty($banner->getBannerFileName2()) && file_exists($this->eccubeConfig['eccube_temp_image_dir'] . '/' $banner->getBannerFileName2())) {
  300.                         rename($this->eccubeConfig['eccube_temp_image_dir'] . '/' $banner->getBannerFileName2(), $this->eccubeConfig['eccube_save_image_dir'] . '/' $banner->getBannerFileName2());
  301.                     }
  302.                     // 画像削除
  303.                     $oldPath $newPath null;
  304.                     if ($originBannerFileName2$oldPath $this->eccubeConfig['eccube_save_image_dir'] . '/' $originBannerFileName2;
  305.                     if ($banner->getBannerFileName2()) $newPath $this->eccubeConfig['eccube_save_image_dir'] . '/' $banner->getBannerFileName2();
  306.                     if (!$banner->getBannerFileName2()) {
  307.                         if (file_exists($newPath)) unlink($newPath);
  308.                         if (file_exists($oldPath)) unlink($oldPath);
  309.                     } else if ($originBannerFileName2 != $banner->getBannerFileName2()) {
  310.                         if (file_exists($oldPath)) unlink($oldPath);
  311.                     }
  313.                     //
  314.                     // 画像 3
  315.                     //
  316.                     // 画像を移動
  317.                     if (!empty($banner->getBannerFileName3()) && file_exists($this->eccubeConfig['eccube_temp_image_dir'] . '/' $banner->getBannerFileName3())) {
  318.                         rename($this->eccubeConfig['eccube_temp_image_dir'] . '/' $banner->getBannerFileName3(), $this->eccubeConfig['eccube_save_image_dir'] . '/' $banner->getBannerFileName3());
  319.                     }
  320.                     // 画像削除
  321.                     $oldPath $newPath null;
  322.                     if ($originBannerFileName3$oldPath $this->eccubeConfig['eccube_save_image_dir'] . '/' $originBannerFileName3;
  323.                     if ($banner->getBannerFileName3()) $newPath $this->eccubeConfig['eccube_save_image_dir'] . '/' $banner->getBannerFileName3();
  324.                     if (!$banner->getBannerFileName3()) {
  325.                         if (file_exists($newPath)) unlink($newPath);
  326.                         if (file_exists($oldPath)) unlink($oldPath);
  327.                     } else if ($originBannerFileName3 != $banner->getBannerFileName3()) {
  328.                         if (file_exists($oldPath)) unlink($oldPath);
  329.                     }
  331.                     //
  332.                     // 画像 4
  333.                     //
  334.                     // 画像を移動
  335.                     if (!empty($banner->getBannerFileName4()) && file_exists($this->eccubeConfig['eccube_temp_image_dir'] . '/' $banner->getBannerFileName4())) {
  336.                         rename($this->eccubeConfig['eccube_temp_image_dir'] . '/' $banner->getBannerFileName4(), $this->eccubeConfig['eccube_save_image_dir'] . '/' $banner->getBannerFileName4());
  337.                     }
  338.                     // 画像削除
  339.                     $oldPath $newPath null;
  340.                     if ($originBannerFileName4$oldPath $this->eccubeConfig['eccube_save_image_dir'] . '/' $originBannerFileName4;
  341.                     if ($banner->getBannerFileName4()) $newPath $this->eccubeConfig['eccube_save_image_dir'] . '/' $banner->getBannerFileName4();
  342.                     if (!$banner->getBannerFileName4()) {
  343.                         if (file_exists($newPath)) unlink($newPath);
  344.                         if (file_exists($oldPath)) unlink($oldPath);
  345.                     } else if ($originBannerFileName4 != $banner->getBannerFileName4()) {
  346.                         if (file_exists($oldPath)) unlink($oldPath);
  347.                     }
  349.                     //
  350.                     // 画像 5
  351.                     //
  352.                     // 画像を移動
  353.                     if (!empty($banner->getBannerFileName5()) && file_exists($this->eccubeConfig['eccube_temp_image_dir'] . '/' $banner->getBannerFileName5())) {
  354.                         rename($this->eccubeConfig['eccube_temp_image_dir'] . '/' $banner->getBannerFileName5(), $this->eccubeConfig['eccube_save_image_dir'] . '/' $banner->getBannerFileName5());
  355.                     }
  356.                     // 画像削除
  357.                     $oldPath $newPath null;
  358.                     if ($originBannerFileName5$oldPath $this->eccubeConfig['eccube_save_image_dir'] . '/' $originBannerFileName5;
  359.                     if ($banner->getBannerFileName5()) $newPath $this->eccubeConfig['eccube_save_image_dir'] . '/' $banner->getBannerFileName5();
  360.                     if (!$banner->getBannerFileName5()) {
  361.                         if (file_exists($newPath)) unlink($newPath);
  362.                         if (file_exists($oldPath)) unlink($oldPath);
  363.                     } else if ($originBannerFileName5 != $banner->getBannerFileName5()) {
  364.                         if (file_exists($oldPath)) unlink($oldPath);
  365.                     }
  367.                     $this->addSuccess('admin.common.save_complete''admin');
  368.                     return $this->redirectToRoute(Constants::ADMIN_BIND_PREFIX '_banner_edit', [
  369.                         'area_id' => $area_id,
  370.                         'banner_id' => $banner->getBannerId()
  371.                     ]);
  372.                 } else {
  373.                     $this->addError('admin.common.save_error''admin');
  374.                 }
  375.             }
  376.         }
  378.         return [
  379.             'csrf_token' => $this->csrfTokenManager->getToken(Constant::TOKEN_NAME)->getValue(),
  380.             'form' => $form->createView(),
  381.             'area' => $area,
  382.             'banner' => $banner,
  383.             'image_edited' => $imageEdited,
  384.         ];
  385.     }
  387.     /**
  388.      * バナー / 削除
  389.      *
  390.      * @param Application $app
  391.      * @param Request $request
  392.      * @param integer $banner_id
  393.      * @return \Symfony\Component\HttpFoundation\Response
  394.      *
  395.      * @Route("/banner_delete/{banner_id}",name="_banner_delete",requirements={"banner_id" = "\d+"})
  396.      */
  397.     public function banner_delete(Request $request$banner_id null)
  398.     {
  399.         // バナーエリア操作オブジェクトの生成
  400.         $status false;
  401.         $banner $this->bannerRepo->find($banner_id);
  402.         $area_id $banner->getAreaId();
  403.         if (! empty($banner)) {
  404.             $status $this->bannerRepo->delete($banner);
  405.         } else {
  406.             throw new NotFoundHttpException();
  407.         }
  409.         if ($status) {
  410.             $this->addSuccess('admin.common.delete_complete''admin');
  411.         } else {
  412.             $this->addError('admin.common.delete_error''admin');
  413.         }
  415.         return $this->redirectToRoute(Constants::ADMIN_BIND_PREFIX '_banner_list', [
  416.             'area_id' => $area_id
  417.         ]);
  418.     }
  420.     /**
  421.      * バナー画像アップロード
  422.      *
  423.      * @param Request $request
  424.      * @throws BadRequestHttpException
  425.      * @throws UnsupportedMediaTypeHttpException
  426.      * @return \Symfony\Component\HttpFoundation\Response
  427.      *
  428.      * @Route("/banner_upload",name="_banner_upload")
  429.      */
  430.     public function banner_upload(Request $request)
  431.     {
  432.         // CSRF
  433.         if (!$this->csrfTokenManager->isTokenValid(new CsrfToken(Constant::TOKEN_NAME$request->get(Constant::TOKEN_NAME)))) {
  434.             throw new AccessDeniedHttpException('CSRF token is invalid.');
  435.         }
  437.         // XMLHttpRequest
  438.         if (! $request->isXmlHttpRequest()) {
  439.             throw new BadRequestHttpException('Request is invalid.');
  440.         }
  442.         $files $request->files->get(Constants::PLUGIN_CODE_LC '_banner');
  444.         $file_name null;
  445.         if (count($files) > 0) {
  446.             foreach ($files as $file) {
  447. //                 log_debug("[FILE OBJECT] " . print_r($file, true));
  448.                 if (!== strpos($file->getMimeType(), 'image')) {
  449.                     throw new UnsupportedMediaTypeHttpException('File format is invalid.');
  450.                 }
  451.                 $extension $file->getClientOriginalExtension();
  452.                 $file_name date('mdHis') . uniqid('_') . '.' $extension;
  453.                 $file->move($this->eccubeConfig['eccube_temp_image_dir'], $file_name);
  454.                 break;
  455.             }
  456.         }
  458.         return new JsonResponse(array(
  459.             'file' => $file_name
  460.         ));
  461.     }
  463.     /**
  464.      * バナー / ソート
  465.      *
  466.      * @param Request $request
  467.      * @param integer $area_id
  468.      * @return \Symfony\Component\HttpFoundation\Response
  469.      *
  470.      * @Route("/banner_sort/{area_id}",name="_banner_sort",requirements={"area_id" = "\d+"})
  471.      */
  472.     public function banner_sort(Request $request$area_id)
  473.     {
  474.         // CSRF
  475.         if (! $this->csrfTokenManager->isTokenValid(new CsrfToken(Constant::TOKEN_NAME$request->get(Constant::TOKEN_NAME)))) {
  476.             throw new AccessDeniedHttpException('CSRF token is invalid.');
  477.         }
  479.         // XMLHttpRequest
  480.         if (! $request->isXmlHttpRequest()) {
  481.             throw new BadRequestHttpException('Request is invalid.');
  482.         }
  484.         $params $request->request->all();
  485.         if (!empty($area_id) && isset($params['banner_ids']) && is_array($params['banner_ids'])) {
  486.             if (! ($this->areaRepo->find($area_id))) {
  487.                 throw new NotFoundHttpException();
  488.             }
  490.             $no 1;
  491.             foreach ($params['banner_ids'] as $banner_id) {
  492.                 $banner $this->bannerRepo->find($banner_id);
  493.                 $banner->setOrderNo($no ++);
  494.                 if (! ($this->bannerRepo->save($banner))) {
  495.                     log_debug("順番の更新が出来ませんでした");
  496.                 }
  497.             }
  498.         } else {
  499.             throw new BadRequestHttpException('必要なパラメーターが取得できません');
  500.         }
  502.         return new JsonResponse([]);
  503.     }
  505.     /**
  506.      * 各種ファイルを出力します。
  507.      *
  508.      * @param Request $request
  509.      * @param string $file
  510.      * @throws NotFoundHttpException
  511.      * @return BinaryFileResponse
  512.      *
  513.      * @Route("/assets/{file}",name="_assets",requirements={"file" = "[a-zA-Z0-9-_/\s.]+"})
  514.      */
  515.     public function assets(Request $request,$file) {
  516.         if (strpos($file,'..')) {
  517.             log_critical("ディレクトリトラバーサル攻撃の可能性があります。 [FILE] " $file);
  518.             throw new NotFoundHttpException();
  519.         }
  521.         $file Constants::TEMPLATE_PATH DIRECTORY_SEPARATOR .  "admin" DIRECTORY_SEPARATOR "assets" .  DIRECTORY_SEPARATOR $file;
  522.         if (file_exists($this->eccubeConfig['plugin_realdir'] . DIRECTORY_SEPARATOR $file)) {
  523.             log_debug("[ASSETS] [FILE] " $file);
  525.             // 拡張子によりMIMEを設定します。
  526.             $suffixes explode(".",$file);
  527.             $suffix end($suffixes);
  528.             $suffix_def = array(
  529.                 "jpeg" => "image/jpg",
  530.                 "jpg" => "image/jpg",
  531.                 "gif" => "image/gif",
  532.                 "png" => "image/png",
  533.                 "svg" => "image/svg+xml",
  534.                 "js" => "application/x-javascript",
  535.                 "css" => "text/css",
  536.             );
  537.             if (in_array($suffix,array_keys($suffix_def))) {
  538.                 $response = new BinaryFileResponse($this->eccubeConfig['plugin_realdir'] . DIRECTORY_SEPARATOR $file);
  539.                 $response->headers->set('Content-Type',$suffix_def[$suffix]);
  540.                 return $response;
  541.             } else {
  542.                 throw new NotFoundHttpException();
  543.             }
  544.         } else {
  545.             throw new NotFoundHttpException();
  546.         }
  547.     }
  548. }