Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
| Total | |
0.00% |
0 / 45 |
|
0.00% |
0 / 7 |
CRAP | |
0.00% |
0 / 1 |
| Client_Portal_Router | |
0.00% |
0 / 44 |
|
0.00% |
0 / 7 |
462 | |
0.00% |
0 / 1 |
| redirect_contacts_upon_login | |
0.00% |
0 / 3 |
|
0.00% |
0 / 1 |
12 | |||
| get_endpoint | |
0.00% |
0 / 13 |
|
0.00% |
0 / 1 |
42 | |||
| jpcrm_is_easy_access_hash | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
| jpcrm_get_portal_single_objid_or_hash | |
0.00% |
0 / 4 |
|
0.00% |
0 / 1 |
6 | |||
| access_is_via_hash | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
| get_obj_id_from_current_portal_page_url | |
0.00% |
0 / 13 |
|
0.00% |
0 / 1 |
42 | |||
| jpcrm_get_obj_id_by_hash | |
0.00% |
0 / 9 |
|
0.00% |
0 / 1 |
6 | |||
| 1 | <?php |
| 2 | /** |
| 3 | * Jetpack CRM |
| 4 | * https://jetpackcrm.com |
| 5 | * |
| 6 | * Client Portal Router |
| 7 | * |
| 8 | * @package automattic/jetpack-crm |
| 9 | */ |
| 10 | |
| 11 | namespace Automattic\JetpackCRM; |
| 12 | |
| 13 | defined( 'ZEROBSCRM_PATH' ) || exit( 0 ); |
| 14 | |
| 15 | /** |
| 16 | * Client Portal class that takes care of all the routing |
| 17 | */ |
| 18 | class Client_Portal_Router { |
| 19 | /** |
| 20 | * Redirect CRM contacts to Client Portal after login. |
| 21 | * |
| 22 | * @param string $redirect_to The redirect destination URL. |
| 23 | * @param int $request The requested redirect destination URL passed as a parameter. |
| 24 | * @param \WP_User $wp_user WP_User object if login was successful, WP_Error object otherwise. |
| 25 | * |
| 26 | * @return string $redirect_to |
| 27 | */ |
| 28 | public function redirect_contacts_upon_login( $redirect_to, $request, $wp_user ) { |
| 29 | |
| 30 | if ( isset( $wp_user->roles ) && in_array( 'zerobs_customer', $wp_user->roles, true ) ) { |
| 31 | $redirect_to = zeroBS_portal_link(); |
| 32 | } |
| 33 | |
| 34 | return $redirect_to; |
| 35 | } |
| 36 | |
| 37 | /** |
| 38 | * Gets client portal endpoint name for a given object type. |
| 39 | * |
| 40 | * @param int $obj_type_id object type ID. |
| 41 | * |
| 42 | * @return string | bool false if endpoint is not supported |
| 43 | */ |
| 44 | public function get_endpoint( $obj_type_id ) { |
| 45 | $endpoint = ''; |
| 46 | |
| 47 | // determine which endpoint we are on |
| 48 | switch ( $obj_type_id ) { |
| 49 | case ZBS_TYPE_INVOICE: |
| 50 | $endpoint = 'invoices'; |
| 51 | break; |
| 52 | case ZBS_TYPE_QUOTE: |
| 53 | $endpoint = 'quote'; |
| 54 | break; |
| 55 | default: |
| 56 | $endpoint = false; |
| 57 | } |
| 58 | |
| 59 | // fail if endpoint is not supported |
| 60 | if ( ! $endpoint ) { |
| 61 | return false; |
| 62 | } |
| 63 | |
| 64 | // support custom endpoints if enabled in Client Portal Pro |
| 65 | if ( function_exists( 'zeroBSCRM_clientPortalgetEndpoint' ) ) { |
| 66 | $endpoint = zeroBSCRM_clientPortalgetEndpoint( $endpoint ); |
| 67 | } |
| 68 | |
| 69 | return $endpoint; |
| 70 | } |
| 71 | |
| 72 | /** |
| 73 | * Determines if the string is an easy-access hash or not. |
| 74 | * |
| 75 | * @param string $obj_id_or_hash Object ID or hash. |
| 76 | * |
| 77 | * @return bool |
| 78 | */ |
| 79 | public function jpcrm_is_easy_access_hash( $obj_id_or_hash = '' ) { |
| 80 | return str_starts_with( $obj_id_or_hash, 'zh-' ); |
| 81 | } |
| 82 | |
| 83 | /** |
| 84 | * Gets current objid or hash from query parameters |
| 85 | * For use on singles, which are potentially easy-access calls |
| 86 | * |
| 87 | * @param int $obj_type_id Object type ID. |
| 88 | * |
| 89 | * @return string - object id or easy-access hash, or '' |
| 90 | */ |
| 91 | public function jpcrm_get_portal_single_objid_or_hash( $obj_type_id ) { |
| 92 | $endpoint = $this->get_endpoint( $obj_type_id ); |
| 93 | |
| 94 | // fail if bad endpoint |
| 95 | if ( ! $endpoint ) { |
| 96 | return ''; |
| 97 | } |
| 98 | |
| 99 | return sanitize_text_field( get_query_var( $endpoint ) ); |
| 100 | } |
| 101 | |
| 102 | /** |
| 103 | * Returns bool if current portal access is provided via easy-access hash |
| 104 | * |
| 105 | * @param int $obj_type_id Object type ID. |
| 106 | * @return bool - true if current access is via hash |
| 107 | */ |
| 108 | public function access_is_via_hash( $obj_type_id ) { |
| 109 | return $this->jpcrm_is_easy_access_hash( $this->jpcrm_get_portal_single_objid_or_hash( $obj_type_id ) ); |
| 110 | } |
| 111 | |
| 112 | /** |
| 113 | * Gets current object ID based on portal page URL. |
| 114 | * |
| 115 | * @param int $obj_type_id Object type ID. |
| 116 | * |
| 117 | * @return int | false if invalid object, bad permissions, or any other failure |
| 118 | */ |
| 119 | public function get_obj_id_from_current_portal_page_url( $obj_type_id ) { |
| 120 | |
| 121 | // get object ID from URL |
| 122 | $obj_id_or_hash = $this->jpcrm_get_portal_single_objid_or_hash( $obj_type_id ); |
| 123 | |
| 124 | // valid obj id or hash? |
| 125 | if ( empty( $obj_id_or_hash ) ) { |
| 126 | return false; |
| 127 | } |
| 128 | |
| 129 | // if a hash... |
| 130 | if ( $this->jpcrm_is_easy_access_hash( $obj_id_or_hash ) ) { |
| 131 | |
| 132 | // fail if access via hash is not allowed |
| 133 | if ( ! jpcrm_can_access_portal_via_hash( $obj_type_id ) ) { |
| 134 | return false; |
| 135 | } |
| 136 | |
| 137 | // retrieve obj ID by hash |
| 138 | $obj_id = $this->jpcrm_get_obj_id_by_hash( $obj_id_or_hash, $obj_type_id ); |
| 139 | |
| 140 | // was an invalid hash |
| 141 | if ( ! $obj_id ) { |
| 142 | return false; |
| 143 | } |
| 144 | } else { |
| 145 | |
| 146 | // not a hash, so cast to int |
| 147 | $obj_id = (int) $obj_id_or_hash; |
| 148 | |
| 149 | // fail if current user isn't allowed |
| 150 | if ( ! jpcrm_can_current_wp_user_view_object( $obj_id, $obj_type_id ) ) { |
| 151 | return false; |
| 152 | } |
| 153 | } |
| 154 | |
| 155 | return $obj_id; |
| 156 | } |
| 157 | |
| 158 | /** |
| 159 | * Returns security request name by object type. |
| 160 | * |
| 161 | * @param string $raw_obj_hash Raw object hash. |
| 162 | * @param int $obj_type_id Object type ID. |
| 163 | * |
| 164 | * @return int id | bool false if no match |
| 165 | */ |
| 166 | public function jpcrm_get_obj_id_by_hash( $raw_obj_hash, $obj_type_id ) { |
| 167 | |
| 168 | // remove 'zh-' prefix |
| 169 | $obj_hash = substr( $raw_obj_hash, 3 ); |
| 170 | |
| 171 | $security_request_name = jpcrm_get_easy_access_security_request_name_by_obj_type( $obj_type_id ); |
| 172 | |
| 173 | // log request |
| 174 | $request_id = zeroBSCRM_security_logRequest( $security_request_name, $obj_hash ); |
| 175 | |
| 176 | // check hash |
| 177 | $obj = zeroBSCRM_hashes_GetObjFromHash( $obj_hash, -1, $obj_type_id ); |
| 178 | |
| 179 | // bad hash |
| 180 | if ( ! $obj['success'] ) { |
| 181 | return false; |
| 182 | } |
| 183 | |
| 184 | $obj_id = (int) $obj['data']['ID']; |
| 185 | |
| 186 | // clear request |
| 187 | zeroBSCRM_security_finiRequest( $request_id ); |
| 188 | |
| 189 | return $obj_id; |
| 190 | } |
| 191 | } |