diff --git a/controllers/Controller.php b/controllers/Controller.php index 1ca2f7c..9521e87 100644 --- a/controllers/Controller.php +++ b/controllers/Controller.php @@ -6,7 +6,7 @@ class Controller { private function _is_logged_in(&$request, &$response) { session_start(); - if(!array_key_exists('user_id', $_SESSION)) { + if(!session('user_id')) { session_destroy(); $response->setStatusCode(302); $response->headers->set('Location', '/login?return_to='.$request->getPathInfo()); @@ -28,10 +28,36 @@ class Controller { return $response; } + // If there is an account in the query string, set the session variable and redirect back to the dashboard + if($request->get('account') || !session('account')) { + // Check that the user has permission to access this account + $role = ORM::for_table('roles')->where('user_id', session('user_id'))->where('site_id', $request->get('account'))->find_one(); + if(!$role) { + $role = ORM::for_table('roles')->join('sites', 'roles.site_id = sites.id') + ->where('user_id', session('user_id'))->order_by_asc('sites.created_at')->find_one(); + } + $_SESSION['account'] = $role->site_id; + $response->setStatusCode(302); + $response->headers->set('Location', '/dashboard'); + return $response; + } + + $response->setContent(view('dashboard', [ - 'title' => 'Telegraph Dashboard' + 'title' => 'Telegraph Dashboard', + 'user' => $this->_user(), + 'accounts' => $this->_accounts() ])); return $response; } + private function _user() { + return ORM::for_table('users')->where_id_is(session('user_id'))->find_one(); + } + + private function _accounts() { + return ORM::for_table('sites')->join('roles', 'roles.site_id = sites.id') + ->where('roles.user_id', session('user_id')) + ->find_many(); + } } diff --git a/lib/helpers.php b/lib/helpers.php index 994d861..9e8868c 100644 --- a/lib/helpers.php +++ b/lib/helpers.php @@ -34,3 +34,12 @@ function random_string($len) { } return $str; } + +function display_url($url) { + return preg_replace(['/^https?:\/\//','/\/$/'], '', $url); +} + +function session($k, $default=null) { + if(!isset($_SESSION)) return $default; + return array_key_exists($k, $_SESSION) ? $_SESSION[$k] : $default; +} diff --git a/views/dashboard.php b/views/dashboard.php index 2ca7e67..653e19c 100644 --- a/views/dashboard.php +++ b/views/dashboard.php @@ -1,3 +1 @@ -layout('layout', ['title' => $title]); ?> - - +layout('layout-loggedin', ['title' => $title, 'accounts' => $accounts, 'user' => $user]); ?> diff --git a/views/layout-loggedin.php b/views/layout-loggedin.php new file mode 100644 index 0000000..8e76389 --- /dev/null +++ b/views/layout-loggedin.php @@ -0,0 +1,25 @@ +layout('layout', ['title' => $title]); ?> + + +section('content') ?>