vendor/shopware/administration/Controller/AdministrationController.php line 121

Open in your IDE?
  1. <?php declare(strict_types=1);
  3. namespace Shopware\Administration\Controller;
  5. use Doctrine\DBAL\Connection;
  6. use Shopware\Administration\Events\PreResetExcludedSearchTermEvent;
  7. use Shopware\Administration\Framework\Routing\KnownIps\KnownIpsCollectorInterface;
  8. use Shopware\Administration\Snippet\SnippetFinderInterface;
  9. use Shopware\Core\Defaults;
  10. use Shopware\Core\DevOps\Environment\EnvironmentHelper;
  11. use Shopware\Core\Framework\Adapter\Twig\TemplateFinder;
  12. use Shopware\Core\Framework\Context;
  13. use Shopware\Core\Framework\DataAbstractionLayer\DefinitionInstanceRegistry;
  14. use Shopware\Core\Framework\DataAbstractionLayer\EntityRepositoryInterface;
  15. use Shopware\Core\Framework\DataAbstractionLayer\Exception\InconsistentCriteriaIdsException;
  16. use Shopware\Core\Framework\DataAbstractionLayer\Field\Flag\AllowHtml;
  17. use Shopware\Core\Framework\DataAbstractionLayer\Search\Criteria;
  18. use Shopware\Core\Framework\DataAbstractionLayer\Search\Filter\EqualsFilter;
  19. use Shopware\Core\Framework\DataAbstractionLayer\Search\Filter\MultiFilter;
  20. use Shopware\Core\Framework\DataAbstractionLayer\Search\Filter\NotFilter;
  21. use Shopware\Core\Framework\Feature;
  22. use Shopware\Core\Framework\Log\Package;
  23. use Shopware\Core\Framework\Routing\Annotation\Since;
  24. use Shopware\Core\Framework\Routing\Exception\InvalidRequestParameterException;
  25. use Shopware\Core\Framework\Routing\Exception\LanguageNotFoundException;
  26. use Shopware\Core\Framework\Store\Services\FirstRunWizardClient;
  27. use Shopware\Core\Framework\Util\HtmlSanitizer;
  28. use Shopware\Core\Framework\Uuid\Uuid;
  29. use Shopware\Core\Framework\Validation\Exception\ConstraintViolationException;
  30. use Shopware\Core\PlatformRequest;
  31. use Shopware\Core\System\Currency\CurrencyEntity;
  32. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  33. use Symfony\Component\DependencyInjection\ParameterBag\ParameterBagInterface;
  34. use Symfony\Component\HttpFoundation\JsonResponse;
  35. use Symfony\Component\HttpFoundation\Request;
  36. use Symfony\Component\HttpFoundation\Response;
  37. use Symfony\Component\Routing\Annotation\Route;
  38. use Symfony\Component\Validator\ConstraintViolation;
  39. use Symfony\Component\Validator\ConstraintViolationList;
  40. use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
  41. use function version_compare;
  43. /**
  44. * @Route(defaults={"_routeScope"={"administration"}})
  45. */
  46. #[Package('administration')]
  47. class AdministrationController extends AbstractController
  48. {
  49. private TemplateFinder $finder;
  51. private FirstRunWizardClient $firstRunWizardClient;
  53. private SnippetFinderInterface $snippetFinder;
  55. /**
  56. * @var list<int>
  57. */
  58. private array $supportedApiVersions;
  60. private KnownIpsCollectorInterface $knownIpsCollector;
  62. private Connection $connection;
  64. private EventDispatcherInterface $eventDispatcher;
  66. private string $shopwareCoreDir;
  68. private EntityRepositoryInterface $customerRepo;
  70. private EntityRepositoryInterface $currencyRepository;
  72. private HtmlSanitizer $htmlSanitizer;
  74. private DefinitionInstanceRegistry $definitionInstanceRegistry;
  76. private bool $esAdministrationEnabled;
  78. /**
  79. * @internal
  80. *
  81. * @param list<int> $supportedApiVersions
  82. */
  83. public function __construct(
  84. TemplateFinder $finder,
  85. FirstRunWizardClient $firstRunWizardClient,
  86. SnippetFinderInterface $snippetFinder,
  87. array $supportedApiVersions,
  88. KnownIpsCollectorInterface $knownIpsCollector,
  89. Connection $connection,
  90. EventDispatcherInterface $eventDispatcher,
  91. string $shopwareCoreDir,
  92. EntityRepositoryInterface $customerRepo,
  93. EntityRepositoryInterface $currencyRepository,
  94. HtmlSanitizer $htmlSanitizer,
  95. DefinitionInstanceRegistry $definitionInstanceRegistry,
  96. ParameterBagInterface $params
  97. ) {
  98. $this->finder = $finder;
  99. $this->firstRunWizardClient = $firstRunWizardClient;
  100. $this->snippetFinder = $snippetFinder;
  101. $this->supportedApiVersions = $supportedApiVersions;
  102. $this->knownIpsCollector = $knownIpsCollector;
  103. $this->connection = $connection;
  104. $this->eventDispatcher = $eventDispatcher;
  105. $this->shopwareCoreDir = $shopwareCoreDir;
  106. $this->customerRepo = $customerRepo;
  107. $this->currencyRepository = $currencyRepository;
  108. $this->htmlSanitizer = $htmlSanitizer;
  109. $this->definitionInstanceRegistry = $definitionInstanceRegistry;
  111. // param is only available if the elasticsearch bundle is enabled
  112. $this->esAdministrationEnabled = $params->has('elasticsearch.administration.enabled')
  113. ? $params->get('elasticsearch.administration.enabled')
  114. : false;
  115. }
  117. /**
  118. * @Since("6.3.3.0")
  119. * @Route("/%shopware_administration.path_name%", defaults={"auth_required"=false}, name="administration.index", methods={"GET"})
  120. */
  121. public function index(Request $request, Context $context): Response
  122. {
  123. $template = $this->finder->find('@Administration/administration/index.html.twig');
  125. /** @var CurrencyEntity $defaultCurrency */
  126. $defaultCurrency = $this->currencyRepository->search(new Criteria([Defaults::CURRENCY]), $context)->first();
  128. return $this->render($template, [
  129. 'features' => Feature::getAll(),
  130. 'systemLanguageId' => Defaults::LANGUAGE_SYSTEM,
  131. 'defaultLanguageIds' => [Defaults::LANGUAGE_SYSTEM],
  132. 'systemCurrencyId' => Defaults::CURRENCY,
  133. 'disableExtensions' => EnvironmentHelper::getVariable('DISABLE_EXTENSIONS', false),
  134. 'systemCurrencyISOCode' => $defaultCurrency->getIsoCode(),
  135. 'liveVersionId' => Defaults::LIVE_VERSION,
  136. 'firstRunWizard' => $this->firstRunWizardClient->frwShouldRun(),
  137. 'apiVersion' => $this->getLatestApiVersion(),
  138. 'cspNonce' => $request->attributes->get(PlatformRequest::ATTRIBUTE_CSP_NONCE),
  139. 'adminEsEnable' => $this->esAdministrationEnabled,
  140. ]);
  141. }
  143. /**
  144. * @Since("6.1.0.0")
  145. * @Route("/api/_admin/snippets", name="api.admin.snippets", methods={"GET"})
  146. */
  147. public function snippets(Request $request): Response
  148. {
  149. $locale = $request->query->get('locale', 'en-GB');
  150. $snippets[$locale] = $this->snippetFinder->findSnippets((string) $locale);
  152. if ($locale !== 'en-GB') {
  153. $snippets['en-GB'] = $this->snippetFinder->findSnippets('en-GB');
  154. }
  156. return new JsonResponse($snippets);
  157. }
  159. /**
  160. * @Since("6.3.1.0")
  161. * @Route("/api/_admin/known-ips", name="api.admin.known-ips", methods={"GET"})
  162. */
  163. public function knownIps(Request $request): Response
  164. {
  165. $ips = [];
  167. foreach ($this->knownIpsCollector->collectIps($request) as $ip => $name) {
  168. $ips[] = [
  169. 'name' => $name,
  170. 'value' => $ip,
  171. ];
  172. }
  174. return new JsonResponse(['ips' => $ips]);
  175. }
  177. /**
  178. * @deprecated tag:v6.5.0 - reason:return-type-change - native return type JsonResponse will be added
  179. *
  180. * @Since("6.4.0.1")
  181. * @Route("/api/_admin/reset-excluded-search-term", name="api.admin.reset-excluded-search-term", methods={"POST"}, defaults={"_acl"={"system_config:update", "system_config:create", "system_config:delete"}})
  182. *
  183. * @return JsonResponse
  184. */
  185. public function resetExcludedSearchTerm(Context $context)
  186. {
  187. $searchConfigId = $this->connection->fetchOne('SELECT id FROM product_search_config WHERE language_id = :language_id', ['language_id' => Uuid::fromHexToBytes($context->getLanguageId())]);
  189. if ($searchConfigId === false) {
  190. throw new LanguageNotFoundException($context->getLanguageId());
  191. }
  193. $deLanguageId = $this->fetchLanguageIdByName('de-DE', $this->connection);
  194. $enLanguageId = $this->fetchLanguageIdByName('en-GB', $this->connection);
  196. switch ($context->getLanguageId()) {
  197. case $deLanguageId:
  198. $defaultExcludedTerm = require $this->shopwareCoreDir . '/Migration/Fixtures/stopwords/de.php';
  200. break;
  201. case $enLanguageId:
  202. $defaultExcludedTerm = require $this->shopwareCoreDir . '/Migration/Fixtures/stopwords/en.php';
  204. break;
  205. default:
  206. /** @var PreResetExcludedSearchTermEvent $preResetExcludedSearchTermEvent */
  207. $preResetExcludedSearchTermEvent = $this->eventDispatcher->dispatch(new PreResetExcludedSearchTermEvent($searchConfigId, [], $context));
  208. $defaultExcludedTerm = $preResetExcludedSearchTermEvent->getExcludedTerms();
  209. }
  211. $this->connection->executeStatement(
  212. 'UPDATE `product_search_config` SET `excluded_terms` = :excludedTerms WHERE `id` = :id',
  213. [
  214. 'excludedTerms' => json_encode($defaultExcludedTerm),
  215. 'id' => $searchConfigId,
  216. ]
  217. );
  219. return new JsonResponse([
  220. 'success' => true,
  221. ]);
  222. }
  224. /**
  225. * @Since("6.4.0.1")
  226. * @Route("/api/_admin/check-customer-email-valid", name="api.admin.check-customer-email-valid", methods={"POST"})
  227. */
  228. public function checkCustomerEmailValid(Request $request, Context $context): JsonResponse
  229. {
  230. if (!$request->request->has('email')) {
  231. throw new \InvalidArgumentException('Parameter "email" is missing.');
  232. }
  234. $email = (string) $request->request->get('email');
  235. $boundSalesChannelId = $request->request->get('bound_sales_channel_id');
  237. if ($boundSalesChannelId !== null && !\is_string($boundSalesChannelId)) {
  238. throw new InvalidRequestParameterException('bound_sales_channel_id');
  239. }
  241. if ($this->isEmailValid((string) $request->request->get('id'), $email, $context, $boundSalesChannelId)) {
  242. return new JsonResponse(
  243. ['isValid' => true]
  244. );
  245. }
  247. $message = 'The email address {{ email }} is already in use';
  248. $params['{{ email }}'] = $email;
  250. if ($boundSalesChannelId !== null) {
  251. $message .= ' in the sales channel {{ salesChannelId }}';
  252. $params['{{ salesChannelId }}'] = $boundSalesChannelId;
  253. }
  255. $violations = new ConstraintViolationList();
  256. $violations->add(new ConstraintViolation(
  257. str_replace(array_keys($params), array_values($params), $message),
  258. $message,
  259. $params,
  260. null,
  261. null,
  262. $email,
  263. null,
  264. '79d30fe0-febf-421e-ac9b-1bfd5c9007f7'
  265. ));
  267. throw new ConstraintViolationException($violations, $request->request->all());
  268. }
  270. /**
  271. * @Since("6.4.2.0")
  272. * @Route("/api/_admin/sanitize-html", name="api.admin.sanitize-html", methods={"POST"})
  273. */
  274. public function sanitizeHtml(Request $request, Context $context): JsonResponse
  275. {
  276. if (!$request->request->has('html')) {
  277. throw new \InvalidArgumentException('Parameter "html" is missing.');
  278. }
  280. $html = (string) $request->request->get('html');
  281. $field = (string) $request->request->get('field');
  283. if ($field === '') {
  284. return new JsonResponse(
  285. ['preview' => $this->htmlSanitizer->sanitize($html)]
  286. );
  287. }
  289. [$entityName, $propertyName] = explode('.', $field);
  290. $property = $this->definitionInstanceRegistry->getByEntityName($entityName)->getField($propertyName);
  292. if ($property === null) {
  293. throw new \InvalidArgumentException('Invalid field property provided.');
  294. }
  296. $flag = $property->getFlag(AllowHtml::class);
  298. if ($flag === null) {
  299. return new JsonResponse(
  300. ['preview' => strip_tags($html)]
  301. );
  302. }
  304. if ($flag instanceof AllowHtml && !$flag->isSanitized()) {
  305. return new JsonResponse(
  306. ['preview' => $html]
  307. );
  308. }
  310. return new JsonResponse(
  311. ['preview' => $this->htmlSanitizer->sanitize($html, [], false, $field)]
  312. );
  313. }
  315. private function fetchLanguageIdByName(string $isoCode, Connection $connection): ?string
  316. {
  317. $languageId = $connection->fetchOne(
  318. '
  319. SELECT `language`.id FROM `language`
  320. INNER JOIN locale ON language.translation_code_id = locale.id
  321. WHERE `code` = :code',
  322. ['code' => $isoCode]
  323. );
  325. return $languageId === false ? null : Uuid::fromBytesToHex($languageId);
  326. }
  328. private function getLatestApiVersion(): ?int
  329. {
  330. $sortedSupportedApiVersions = array_values($this->supportedApiVersions);
  332. usort($sortedSupportedApiVersions, function (int $version1, int $version2) {
  333. return version_compare((string) $version1, (string) $version2);
  334. });
  336. return array_pop($sortedSupportedApiVersions);
  337. }
  339. /**
  340. * @throws InconsistentCriteriaIdsException
  341. */
  342. private function isEmailValid(string $customerId, string $email, Context $context, ?string $boundSalesChannelId): bool
  343. {
  344. $criteria = new Criteria();
  345. $criteria->addFilter(new EqualsFilter('email', $email));
  346. $criteria->addFilter(new EqualsFilter('guest', false));
  347. $criteria->addFilter(new NotFilter(
  348. NotFilter::CONNECTION_AND,
  349. [new EqualsFilter('id', $customerId)]
  350. ));
  352. $criteria->addFilter(new MultiFilter(MultiFilter::CONNECTION_OR, [
  353. new EqualsFilter('boundSalesChannelId', null),
  354. new EqualsFilter('boundSalesChannelId', $boundSalesChannelId),
  355. ]));
  357. return $this->customerRepo->searchIds($criteria, $context)->getTotal() === 0;
  358. }
  359. }