src/Administration/Controller/AdministrationController.php line 75

  1. <?php declare(strict_types=1);
  3. namespace Shopware\Administration\Controller;
  5. use Doctrine\DBAL\Connection;
  6. use Shopware\Administration\Events\PreResetExcludedSearchTermEvent;
  7. use Shopware\Administration\Framework\Routing\KnownIps\KnownIpsCollectorInterface;
  8. use Shopware\Administration\Snippet\SnippetFinderInterface;
  9. use Shopware\Core\Defaults;
  10. use Shopware\Core\DevOps\Environment\EnvironmentHelper;
  11. use Shopware\Core\Framework\Adapter\Twig\TemplateFinder;
  12. use Shopware\Core\Framework\Context;
  13. use Shopware\Core\Framework\DataAbstractionLayer\DefinitionInstanceRegistry;
  14. use Shopware\Core\Framework\DataAbstractionLayer\EntityRepository;
  15. use Shopware\Core\Framework\DataAbstractionLayer\Exception\InconsistentCriteriaIdsException;
  16. use Shopware\Core\Framework\DataAbstractionLayer\Field\Flag\AllowHtml;
  17. use Shopware\Core\Framework\DataAbstractionLayer\Search\Criteria;
  18. use Shopware\Core\Framework\DataAbstractionLayer\Search\Filter\EqualsFilter;
  19. use Shopware\Core\Framework\DataAbstractionLayer\Search\Filter\MultiFilter;
  20. use Shopware\Core\Framework\DataAbstractionLayer\Search\Filter\NotFilter;
  21. use Shopware\Core\Framework\Feature;
  22. use Shopware\Core\Framework\Log\Package;
  23. use Shopware\Core\Framework\Routing\Exception\InvalidRequestParameterException;
  24. use Shopware\Core\Framework\Routing\Exception\LanguageNotFoundException;
  25. use Shopware\Core\Framework\Store\Services\FirstRunWizardService;
  26. use Shopware\Core\Framework\Util\HtmlSanitizer;
  27. use Shopware\Core\Framework\Uuid\Uuid;
  28. use Shopware\Core\Framework\Validation\Exception\ConstraintViolationException;
  29. use Shopware\Core\PlatformRequest;
  30. use Shopware\Core\System\Currency\CurrencyEntity;
  31. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  32. use Symfony\Component\DependencyInjection\ParameterBag\ParameterBagInterface;
  33. use Symfony\Component\HttpFoundation\JsonResponse;
  34. use Symfony\Component\HttpFoundation\Request;
  35. use Symfony\Component\HttpFoundation\Response;
  36. use Symfony\Component\Routing\Annotation\Route;
  37. use Symfony\Component\Validator\ConstraintViolation;
  38. use Symfony\Component\Validator\ConstraintViolationList;
  39. use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
  40. use function version_compare;
  42. #[Route(defaults: ['_routeScope' => ['administration']])]
  43. #[Package('administration')]
  44. class AdministrationController extends AbstractController
  45. {
  46.     private readonly bool $esAdministrationEnabled;
  48.     /**
  49.      * @internal
  50.      *
  51.      * @param array<int, int> $supportedApiVersions
  52.      */
  53.     public function __construct(
  54.         private readonly TemplateFinder $finder,
  55.         private readonly FirstRunWizardService $firstRunWizardService,
  56.         private readonly SnippetFinderInterface $snippetFinder,
  57.         private readonly array $supportedApiVersions,
  58.         private readonly KnownIpsCollectorInterface $knownIpsCollector,
  59.         private readonly Connection $connection,
  60.         private readonly EventDispatcherInterface $eventDispatcher,
  61.         private readonly string $shopwareCoreDir,
  62.         private readonly EntityRepository $customerRepo,
  63.         private readonly EntityRepository $currencyRepository,
  64.         private readonly HtmlSanitizer $htmlSanitizer,
  65.         private readonly DefinitionInstanceRegistry $definitionInstanceRegistry,
  66.         ParameterBagInterface $params
  67.     ) {
  68.         // param is only available if the elasticsearch bundle is enabled
  69.         $this->esAdministrationEnabled $params->has('elasticsearch.administration.enabled')
  70.             ? $params->get('elasticsearch.administration.enabled')
  71.             : false;
  72.     }
  74.     #[Route(path'/%shopware_administration.path_name%'name'administration.index'defaults: ['auth_required' => false], methods: ['GET'])]
  75.     public function index(Request $requestContext $context): Response
  76.     {
  77.         $template $this->finder->find('@Administration/administration/index.html.twig');
  79.         /** @var CurrencyEntity $defaultCurrency */
  80.         $defaultCurrency $this->currencyRepository->search(new Criteria([Defaults::CURRENCY]), $context)->first();
  82.         return $this->render($template, [
  83.             'features' => Feature::getAll(),
  84.             'systemLanguageId' => Defaults::LANGUAGE_SYSTEM,
  85.             'defaultLanguageIds' => [Defaults::LANGUAGE_SYSTEM],
  86.             'systemCurrencyId' => Defaults::CURRENCY,
  87.             'disableExtensions' => EnvironmentHelper::getVariable('DISABLE_EXTENSIONS'false),
  88.             'systemCurrencyISOCode' => $defaultCurrency->getIsoCode(),
  89.             'liveVersionId' => Defaults::LIVE_VERSION,
  90.             'firstRunWizard' => $this->firstRunWizardService->frwShouldRun(),
  91.             'apiVersion' => $this->getLatestApiVersion(),
  92.             'cspNonce' => $request->attributes->get(PlatformRequest::ATTRIBUTE_CSP_NONCE),
  93.             'adminEsEnable' => $this->esAdministrationEnabled,
  94.         ]);
  95.     }
  97.     #[Route(path'/api/_admin/snippets'name'api.admin.snippets'methods: ['GET'])]
  98.     public function snippets(Request $request): Response
  99.     {
  100.         $snippets = [];
  101.         $locale $request->query->get('locale''en-GB');
  102.         $snippets[$locale] = $this->snippetFinder->findSnippets((string) $locale);
  104.         if ($locale !== 'en-GB') {
  105.             $snippets['en-GB'] = $this->snippetFinder->findSnippets('en-GB');
  106.         }
  108.         return new JsonResponse($snippets);
  109.     }
  111.     #[Route(path'/api/_admin/known-ips'name'api.admin.known-ips'methods: ['GET'])]
  112.     public function knownIps(Request $request): Response
  113.     {
  114.         $ips = [];
  116.         foreach ($this->knownIpsCollector->collectIps($request) as $ip => $name) {
  117.             $ips[] = [
  118.                 'name' => $name,
  119.                 'value' => $ip,
  120.             ];
  121.         }
  123.         return new JsonResponse(['ips' => $ips]);
  124.     }
  126.     #[Route(path'/api/_admin/reset-excluded-search-term'name'api.admin.reset-excluded-search-term'defaults: ['_acl' => ['system_config:update''system_config:create''system_config:delete']], methods: ['POST'])]
  127.     public function resetExcludedSearchTerm(Context $context): JsonResponse
  128.     {
  129.         $searchConfigId $this->connection->fetchOne('SELECT id FROM product_search_config WHERE language_id = :language_id', ['language_id' => Uuid::fromHexToBytes($context->getLanguageId())]);
  131.         if ($searchConfigId === false) {
  132.             throw new LanguageNotFoundException($context->getLanguageId());
  133.         }
  135.         $deLanguageId $this->fetchLanguageIdByName('de-DE'$this->connection);
  136.         $enLanguageId $this->fetchLanguageIdByName('en-GB'$this->connection);
  138.         switch ($context->getLanguageId()) {
  139.             case $deLanguageId:
  140.                 $defaultExcludedTerm = require $this->shopwareCoreDir '/Migration/Fixtures/stopwords/de.php';
  142.                 break;
  143.             case $enLanguageId:
  144.                 $defaultExcludedTerm = require $this->shopwareCoreDir '/Migration/Fixtures/stopwords/en.php';
  146.                 break;
  147.             default:
  148.                 /** @var PreResetExcludedSearchTermEvent $preResetExcludedSearchTermEvent */
  149.                 $preResetExcludedSearchTermEvent $this->eventDispatcher->dispatch(new PreResetExcludedSearchTermEvent($searchConfigId, [], $context));
  150.                 $defaultExcludedTerm $preResetExcludedSearchTermEvent->getExcludedTerms();
  151.         }
  153.         $this->connection->executeStatement(
  154.             'UPDATE `product_search_config` SET `excluded_terms` = :excludedTerms WHERE `id` = :id',
  155.             [
  156.                 'excludedTerms' => json_encode($defaultExcludedTerm\JSON_THROW_ON_ERROR),
  157.                 'id' => $searchConfigId,
  158.             ]
  159.         );
  161.         return new JsonResponse([
  162.             'success' => true,
  163.         ]);
  164.     }
  166.     #[Route(path'/api/_admin/check-customer-email-valid'name'api.admin.check-customer-email-valid'methods: ['POST'])]
  167.     public function checkCustomerEmailValid(Request $requestContext $context): JsonResponse
  168.     {
  169.         $params = [];
  170.         if (!$request->request->has('email')) {
  171.             throw new \InvalidArgumentException('Parameter "email" is missing.');
  172.         }
  174.         $email = (string) $request->request->get('email');
  175.         $boundSalesChannelId $request->request->get('bound_sales_channel_id');
  177.         if ($boundSalesChannelId !== null && !\is_string($boundSalesChannelId)) {
  178.             throw new InvalidRequestParameterException('bound_sales_channel_id');
  179.         }
  181.         if ($this->isEmailValid((string) $request->request->get('id'), $email$context$boundSalesChannelId)) {
  182.             return new JsonResponse(
  183.                 ['isValid' => true]
  184.             );
  185.         }
  187.         $message 'The email address {{ email }} is already in use';
  188.         $params['{{ email }}'] = $email;
  190.         if ($boundSalesChannelId !== null) {
  191.             $message .= ' in the sales channel {{ salesChannelId }}';
  192.             $params['{{ salesChannelId }}'] = $boundSalesChannelId;
  193.         }
  195.         $violations = new ConstraintViolationList();
  196.         $violations->add(new ConstraintViolation(
  197.             str_replace(array_keys($params), array_values($params), $message),
  198.             $message,
  199.             $params,
  200.             null,
  201.             null,
  202.             $email,
  203.             null,
  204.             '79d30fe0-febf-421e-ac9b-1bfd5c9007f7'
  205.         ));
  207.         throw new ConstraintViolationException($violations$request->request->all());
  208.     }
  210.     #[Route(path'/api/_admin/sanitize-html'name'api.admin.sanitize-html'methods: ['POST'])]
  211.     public function sanitizeHtml(Request $requestContext $context): JsonResponse
  212.     {
  213.         if (!$request->request->has('html')) {
  214.             throw new \InvalidArgumentException('Parameter "html" is missing.');
  215.         }
  217.         $html = (string) $request->request->get('html');
  218.         $field = (string) $request->request->get('field');
  220.         if ($field === '') {
  221.             return new JsonResponse(
  222.                 ['preview' => $this->htmlSanitizer->sanitize($html)]
  223.             );
  224.         }
  226.         [$entityName$propertyName] = explode('.'$field);
  227.         $property $this->definitionInstanceRegistry->getByEntityName($entityName)->getField($propertyName);
  229.         if ($property === null) {
  230.             throw new \InvalidArgumentException('Invalid field property provided.');
  231.         }
  233.         $flag $property->getFlag(AllowHtml::class);
  235.         if ($flag === null) {
  236.             return new JsonResponse(
  237.                 ['preview' => strip_tags($html)]
  238.             );
  239.         }
  241.         if ($flag instanceof AllowHtml && !$flag->isSanitized()) {
  242.             return new JsonResponse(
  243.                 ['preview' => $html]
  244.             );
  245.         }
  247.         return new JsonResponse(
  248.             ['preview' => $this->htmlSanitizer->sanitize($html, [], false$field)]
  249.         );
  250.     }
  252.     private function fetchLanguageIdByName(string $isoCodeConnection $connection): ?string
  253.     {
  254.         $languageId $connection->fetchOne(
  255.             '
  256.             SELECT `language`.id FROM `language`
  257.             INNER JOIN locale ON language.translation_code_id = locale.id
  258.             WHERE `code` = :code',
  259.             ['code' => $isoCode]
  260.         );
  262.         return $languageId === false null Uuid::fromBytesToHex($languageId);
  263.     }
  265.     private function getLatestApiVersion(): ?int
  266.     {
  267.         $sortedSupportedApiVersions array_values($this->supportedApiVersions);
  269.         usort($sortedSupportedApiVersions, fn (int $version1int $version2) => version_compare((string) $version1, (string) $version2));
  271.         return array_pop($sortedSupportedApiVersions);
  272.     }
  274.     /**
  275.      * @throws InconsistentCriteriaIdsException
  276.      */
  277.     private function isEmailValid(string $customerIdstring $emailContext $context, ?string $boundSalesChannelId): bool
  278.     {
  279.         $criteria = new Criteria();
  280.         $criteria->addFilter(new EqualsFilter('email'$email));
  281.         $criteria->addFilter(new EqualsFilter('guest'false));
  282.         $criteria->addFilter(new NotFilter(
  283.             NotFilter::CONNECTION_AND,
  284.             [new EqualsFilter('id'$customerId)]
  285.         ));
  287.         $criteria->addFilter(new MultiFilter(MultiFilter::CONNECTION_OR, [
  288.             new EqualsFilter('boundSalesChannelId'null),
  289.             new EqualsFilter('boundSalesChannelId'$boundSalesChannelId),
  290.         ]));
  292.         return $this->customerRepo->searchIds($criteria$context)->getTotal() === 0;
  293.     }
  294. }