vendor/shopware/administration/Controller/AdministrationController.php line 121

Open in your IDE?
  1. <?php declare(strict_types=1);
  3. namespace Shopware\Administration\Controller;
  5. use Doctrine\DBAL\Connection;
  6. use Shopware\Administration\Events\PreResetExcludedSearchTermEvent;
  7. use Shopware\Administration\Framework\Routing\KnownIps\KnownIpsCollectorInterface;
  8. use Shopware\Administration\Snippet\SnippetFinderInterface;
  9. use Shopware\Core\Defaults;
  10. use Shopware\Core\DevOps\Environment\EnvironmentHelper;
  11. use Shopware\Core\Framework\Adapter\Twig\TemplateFinder;
  12. use Shopware\Core\Framework\Context;
  13. use Shopware\Core\Framework\DataAbstractionLayer\DefinitionInstanceRegistry;
  14. use Shopware\Core\Framework\DataAbstractionLayer\EntityRepositoryInterface;
  15. use Shopware\Core\Framework\DataAbstractionLayer\Exception\InconsistentCriteriaIdsException;
  16. use Shopware\Core\Framework\DataAbstractionLayer\Field\Flag\AllowHtml;
  17. use Shopware\Core\Framework\DataAbstractionLayer\Search\Criteria;
  18. use Shopware\Core\Framework\DataAbstractionLayer\Search\Filter\EqualsFilter;
  19. use Shopware\Core\Framework\DataAbstractionLayer\Search\Filter\MultiFilter;
  20. use Shopware\Core\Framework\DataAbstractionLayer\Search\Filter\NotFilter;
  21. use Shopware\Core\Framework\Feature;
  22. use Shopware\Core\Framework\Log\Package;
  23. use Shopware\Core\Framework\Routing\Annotation\Since;
  24. use Shopware\Core\Framework\Routing\Exception\InvalidRequestParameterException;
  25. use Shopware\Core\Framework\Routing\Exception\LanguageNotFoundException;
  26. use Shopware\Core\Framework\Store\Services\FirstRunWizardClient;
  27. use Shopware\Core\Framework\Util\HtmlSanitizer;
  28. use Shopware\Core\Framework\Uuid\Uuid;
  29. use Shopware\Core\Framework\Validation\Exception\ConstraintViolationException;
  30. use Shopware\Core\PlatformRequest;
  31. use Shopware\Core\System\Currency\CurrencyEntity;
  32. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  33. use Symfony\Component\DependencyInjection\ParameterBag\ParameterBagInterface;
  34. use Symfony\Component\HttpFoundation\JsonResponse;
  35. use Symfony\Component\HttpFoundation\Request;
  36. use Symfony\Component\HttpFoundation\Response;
  37. use Symfony\Component\Routing\Annotation\Route;
  38. use Symfony\Component\Validator\ConstraintViolation;
  39. use Symfony\Component\Validator\ConstraintViolationList;
  40. use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
  41. use function version_compare;
  43. /**
  44.  * @Route(defaults={"_routeScope"={"administration"}})
  45.  */
  46. #[Package('administration')]
  47. class AdministrationController extends AbstractController
  48. {
  49.     private TemplateFinder $finder;
  51.     private FirstRunWizardClient $firstRunWizardClient;
  53.     private SnippetFinderInterface $snippetFinder;
  55.     /**
  56.      * @var list<int>
  57.      */
  58.     private array $supportedApiVersions;
  60.     private KnownIpsCollectorInterface $knownIpsCollector;
  62.     private Connection $connection;
  64.     private EventDispatcherInterface $eventDispatcher;
  66.     private string $shopwareCoreDir;
  68.     private EntityRepositoryInterface $customerRepo;
  70.     private EntityRepositoryInterface $currencyRepository;
  72.     private HtmlSanitizer $htmlSanitizer;
  74.     private DefinitionInstanceRegistry $definitionInstanceRegistry;
  76.     private bool $esAdministrationEnabled;
  78.     /**
  79.      * @internal
  80.      *
  81.      * @param list<int> $supportedApiVersions
  82.      */
  83.     public function __construct(
  84.         TemplateFinder $finder,
  85.         FirstRunWizardClient $firstRunWizardClient,
  86.         SnippetFinderInterface $snippetFinder,
  87.         array $supportedApiVersions,
  88.         KnownIpsCollectorInterface $knownIpsCollector,
  89.         Connection $connection,
  90.         EventDispatcherInterface $eventDispatcher,
  91.         string $shopwareCoreDir,
  92.         EntityRepositoryInterface $customerRepo,
  93.         EntityRepositoryInterface $currencyRepository,
  94.         HtmlSanitizer $htmlSanitizer,
  95.         DefinitionInstanceRegistry $definitionInstanceRegistry,
  96.         ParameterBagInterface $params
  97.     ) {
  98.         $this->finder $finder;
  99.         $this->firstRunWizardClient $firstRunWizardClient;
  100.         $this->snippetFinder $snippetFinder;
  101.         $this->supportedApiVersions $supportedApiVersions;
  102.         $this->knownIpsCollector $knownIpsCollector;
  103.         $this->connection $connection;
  104.         $this->eventDispatcher $eventDispatcher;
  105.         $this->shopwareCoreDir $shopwareCoreDir;
  106.         $this->customerRepo $customerRepo;
  107.         $this->currencyRepository $currencyRepository;
  108.         $this->htmlSanitizer $htmlSanitizer;
  109.         $this->definitionInstanceRegistry $definitionInstanceRegistry;
  111.         // param is only available if the elasticsearch bundle is enabled
  112.         $this->esAdministrationEnabled $params->has('elasticsearch.administration.enabled')
  113.             ? $params->get('elasticsearch.administration.enabled')
  114.             : false;
  115.     }
  117.     /**
  118.      * @Since("6.3.3.0")
  119.      * @Route("/%shopware_administration.path_name%", defaults={"auth_required"=false}, name="administration.index", methods={"GET"})
  120.      */
  121.     public function index(Request $requestContext $context): Response
  122.     {
  123.         $template $this->finder->find('@Administration/administration/index.html.twig');
  125.         /** @var CurrencyEntity $defaultCurrency */
  126.         $defaultCurrency $this->currencyRepository->search(new Criteria([Defaults::CURRENCY]), $context)->first();
  128.         return $this->render($template, [
  129.             'features' => Feature::getAll(),
  130.             'systemLanguageId' => Defaults::LANGUAGE_SYSTEM,
  131.             'defaultLanguageIds' => [Defaults::LANGUAGE_SYSTEM],
  132.             'systemCurrencyId' => Defaults::CURRENCY,
  133.             'disableExtensions' => EnvironmentHelper::getVariable('DISABLE_EXTENSIONS'false),
  134.             'systemCurrencyISOCode' => $defaultCurrency->getIsoCode(),
  135.             'liveVersionId' => Defaults::LIVE_VERSION,
  136.             'firstRunWizard' => $this->firstRunWizardClient->frwShouldRun(),
  137.             'apiVersion' => $this->getLatestApiVersion(),
  138.             'cspNonce' => $request->attributes->get(PlatformRequest::ATTRIBUTE_CSP_NONCE),
  139.             'adminEsEnable' => $this->esAdministrationEnabled,
  140.         ]);
  141.     }
  143.     /**
  144.      * @Since("6.1.0.0")
  145.      * @Route("/api/_admin/snippets", name="api.admin.snippets", methods={"GET"})
  146.      */
  147.     public function snippets(Request $request): Response
  148.     {
  149.         $locale $request->query->get('locale''en-GB');
  150.         $snippets[$locale] = $this->snippetFinder->findSnippets((string) $locale);
  152.         if ($locale !== 'en-GB') {
  153.             $snippets['en-GB'] = $this->snippetFinder->findSnippets('en-GB');
  154.         }
  156.         return new JsonResponse($snippets);
  157.     }
  159.     /**
  160.      * @Since("6.3.1.0")
  161.      * @Route("/api/_admin/known-ips", name="api.admin.known-ips", methods={"GET"})
  162.      */
  163.     public function knownIps(Request $request): Response
  164.     {
  165.         $ips = [];
  167.         foreach ($this->knownIpsCollector->collectIps($request) as $ip => $name) {
  168.             $ips[] = [
  169.                 'name' => $name,
  170.                 'value' => $ip,
  171.             ];
  172.         }
  174.         return new JsonResponse(['ips' => $ips]);
  175.     }
  177.     /**
  178.      * @deprecated tag:v6.5.0 - reason:return-type-change - native return type JsonResponse will be added
  179.      *
  180.      * @Since("6.4.0.1")
  181.      * @Route("/api/_admin/reset-excluded-search-term", name="api.admin.reset-excluded-search-term", methods={"POST"}, defaults={"_acl"={"system_config:update", "system_config:create", "system_config:delete"}})
  182.      *
  183.      * @return JsonResponse
  184.      */
  185.     public function resetExcludedSearchTerm(Context $context)
  186.     {
  187.         $searchConfigId $this->connection->fetchOne('SELECT id FROM product_search_config WHERE language_id = :language_id', ['language_id' => Uuid::fromHexToBytes($context->getLanguageId())]);
  189.         if ($searchConfigId === false) {
  190.             throw new LanguageNotFoundException($context->getLanguageId());
  191.         }
  193.         $deLanguageId $this->fetchLanguageIdByName('de-DE'$this->connection);
  194.         $enLanguageId $this->fetchLanguageIdByName('en-GB'$this->connection);
  196.         switch ($context->getLanguageId()) {
  197.             case $deLanguageId:
  198.                 $defaultExcludedTerm = require $this->shopwareCoreDir '/Migration/Fixtures/stopwords/de.php';
  200.                 break;
  201.             case $enLanguageId:
  202.                 $defaultExcludedTerm = require $this->shopwareCoreDir '/Migration/Fixtures/stopwords/en.php';
  204.                 break;
  205.             default:
  206.                 /** @var PreResetExcludedSearchTermEvent $preResetExcludedSearchTermEvent */
  207.                 $preResetExcludedSearchTermEvent $this->eventDispatcher->dispatch(new PreResetExcludedSearchTermEvent($searchConfigId, [], $context));
  208.                 $defaultExcludedTerm $preResetExcludedSearchTermEvent->getExcludedTerms();
  209.         }
  211.         $this->connection->executeStatement(
  212.             'UPDATE `product_search_config` SET `excluded_terms` = :excludedTerms WHERE `id` = :id',
  213.             [
  214.                 'excludedTerms' => json_encode($defaultExcludedTerm),
  215.                 'id' => $searchConfigId,
  216.             ]
  217.         );
  219.         return new JsonResponse([
  220.             'success' => true,
  221.         ]);
  222.     }
  224.     /**
  225.      * @Since("6.4.0.1")
  226.      * @Route("/api/_admin/check-customer-email-valid", name="api.admin.check-customer-email-valid", methods={"POST"})
  227.      */
  228.     public function checkCustomerEmailValid(Request $requestContext $context): JsonResponse
  229.     {
  230.         if (!$request->request->has('email')) {
  231.             throw new \InvalidArgumentException('Parameter "email" is missing.');
  232.         }
  234.         $email = (string) $request->request->get('email');
  235.         $boundSalesChannelId $request->request->get('bound_sales_channel_id');
  237.         if ($boundSalesChannelId !== null && !\is_string($boundSalesChannelId)) {
  238.             throw new InvalidRequestParameterException('bound_sales_channel_id');
  239.         }
  241.         if ($this->isEmailValid((string) $request->request->get('id'), $email$context$boundSalesChannelId)) {
  242.             return new JsonResponse(
  243.                 ['isValid' => true]
  244.             );
  245.         }
  247.         $message 'The email address {{ email }} is already in use';
  248.         $params['{{ email }}'] = $email;
  250.         if ($boundSalesChannelId !== null) {
  251.             $message .= ' in the sales channel {{ salesChannelId }}';
  252.             $params['{{ salesChannelId }}'] = $boundSalesChannelId;
  253.         }
  255.         $violations = new ConstraintViolationList();
  256.         $violations->add(new ConstraintViolation(
  257.             str_replace(array_keys($params), array_values($params), $message),
  258.             $message,
  259.             $params,
  260.             null,
  261.             null,
  262.             $email,
  263.             null,
  264.             '79d30fe0-febf-421e-ac9b-1bfd5c9007f7'
  265.         ));
  267.         throw new ConstraintViolationException($violations$request->request->all());
  268.     }
  270.     /**
  271.      * @Since("6.4.2.0")
  272.      * @Route("/api/_admin/sanitize-html", name="api.admin.sanitize-html", methods={"POST"})
  273.      */
  274.     public function sanitizeHtml(Request $requestContext $context): JsonResponse
  275.     {
  276.         if (!$request->request->has('html')) {
  277.             throw new \InvalidArgumentException('Parameter "html" is missing.');
  278.         }
  280.         $html = (string) $request->request->get('html');
  281.         $field = (string) $request->request->get('field');
  283.         if ($field === '') {
  284.             return new JsonResponse(
  285.                 ['preview' => $this->htmlSanitizer->sanitize($html)]
  286.             );
  287.         }
  289.         [$entityName$propertyName] = explode('.'$field);
  290.         $property $this->definitionInstanceRegistry->getByEntityName($entityName)->getField($propertyName);
  292.         if ($property === null) {
  293.             throw new \InvalidArgumentException('Invalid field property provided.');
  294.         }
  296.         $flag $property->getFlag(AllowHtml::class);
  298.         if ($flag === null) {
  299.             return new JsonResponse(
  300.                 ['preview' => strip_tags($html)]
  301.             );
  302.         }
  304.         if ($flag instanceof AllowHtml && !$flag->isSanitized()) {
  305.             return new JsonResponse(
  306.                 ['preview' => $html]
  307.             );
  308.         }
  310.         return new JsonResponse(
  311.             ['preview' => $this->htmlSanitizer->sanitize($html, [], false$field)]
  312.         );
  313.     }
  315.     private function fetchLanguageIdByName(string $isoCodeConnection $connection): ?string
  316.     {
  317.         $languageId $connection->fetchOne(
  318.             '
  319.             SELECT `language`.id FROM `language`
  320.             INNER JOIN locale ON language.translation_code_id = locale.id
  321.             WHERE `code` = :code',
  322.             ['code' => $isoCode]
  323.         );
  325.         return $languageId === false null Uuid::fromBytesToHex($languageId);
  326.     }
  328.     private function getLatestApiVersion(): ?int
  329.     {
  330.         $sortedSupportedApiVersions array_values($this->supportedApiVersions);
  332.         usort($sortedSupportedApiVersions, function (int $version1int $version2) {
  333.             return version_compare((string) $version1, (string) $version2);
  334.         });
  336.         return array_pop($sortedSupportedApiVersions);
  337.     }
  339.     /**
  340.      * @throws InconsistentCriteriaIdsException
  341.      */
  342.     private function isEmailValid(string $customerIdstring $emailContext $context, ?string $boundSalesChannelId): bool
  343.     {
  344.         $criteria = new Criteria();
  345.         $criteria->addFilter(new EqualsFilter('email'$email));
  346.         $criteria->addFilter(new EqualsFilter('guest'false));
  347.         $criteria->addFilter(new NotFilter(
  348.             NotFilter::CONNECTION_AND,
  349.             [new EqualsFilter('id'$customerId)]
  350.         ));
  352.         $criteria->addFilter(new MultiFilter(MultiFilter::CONNECTION_OR, [
  353.             new EqualsFilter('boundSalesChannelId'null),
  354.             new EqualsFilter('boundSalesChannelId'$boundSalesChannelId),
  355.         ]));
  357.         return $this->customerRepo->searchIds($criteria$context)->getTotal() === 0;
  358.     }
  359. }