1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
|
<?php
/**
* Piwik - Open source web analytics
*
* @link http://piwik.org
* @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
*
* @category Piwik_Plugins
* @package Piwik_SegmentEditor
*/
use Piwik\Piwik;
use Piwik\Common;
use Piwik\Date;
use Piwik\Segment;
/**
* The SegmentEditor API lets you add, update, delete custom Segments, and list saved segments.a
*
* @package Piwik_SegmentEditor
*/
class Piwik_SegmentEditor_API
{
const DELETE_SEGMENT_EVENT = 'SegmentEditor.delete';
static private $instance = null;
/**
* @return Piwik_SegmentEditor_API
*/
static public function getInstance()
{
if (self::$instance == null) {
self::$instance = new self;
}
return self::$instance;
}
protected function checkSegmentValue($definition, $idSite)
{
// unsanitize so we don't record the HTML entitied segment
$definition = Common::unsanitizeInputValue($definition);
$definition = str_replace("#", '%23', $definition); // hash delimiter
$definition = str_replace("'", '%27', $definition); // not encoded in JS
$definition = str_replace("&", '%26', $definition);
try {
$segment = new Segment($definition, $idSite);
$segment->getHash();
} catch (Exception $e) {
throw new Exception("The specified segment is invalid: " . $e->getMessage());
}
return $definition;
}
protected function checkSegmentName($name)
{
if (empty($name)) {
throw new Exception("Invalid name for this custom segment.");
}
}
protected function checkEnabledAllUsers($enabledAllUsers)
{
$enabledAllUsers = (int)$enabledAllUsers;
if ($enabledAllUsers
&& !Piwik::isUserIsSuperUser()
) {
throw new Exception("enabledAllUsers=1 requires Super User access");
}
return $enabledAllUsers;
}
protected function checkIdSite($idSite)
{
if (empty($idSite)) {
if (!Piwik::isUserIsSuperUser()) {
throw new Exception("idSite is required, unless you are Super User and can create the segment across all websites");
}
} else {
if (!is_numeric($idSite)) {
throw new Exception("idSite should be a numeric value");
}
Piwik::checkUserHasViewAccess($idSite);
}
$idSite = (int)$idSite;
return $idSite;
}
protected function checkAutoArchive($autoArchive, $idSite)
{
$autoArchive = (int)$autoArchive;
if ($autoArchive) {
$exception = new Exception("To prevent abuse, autoArchive=1 requires Super User or Admin access.");
if (empty($idSite)) {
if (!Piwik::isUserIsSuperUser()) {
throw $exception;
}
} else {
if (!Piwik::isUserHasAdminAccess($idSite)) {
throw $exception;
}
}
}
return $autoArchive;
}
protected function getSegmentOrFail($idSegment)
{
$segment = $this->get($idSegment);
if (empty($segment)) {
throw new Exception("Requested segment not found");
}
return $segment;
}
protected function checkUserIsNotAnonymous()
{
if(Piwik::isUserIsAnonymous()) {
throw new Exception("To create, edit or delete Custom Segments, please sign in first.");
}
}
/**
* Deletes a stored segment.
*
* @param $idSegment
* @return bool
*/
public function delete($idSegment)
{
$this->checkUserIsNotAnonymous();
// allow plugins using the segment to throw an exception or propagate the deletion
Piwik_PostEvent(self::DELETE_SEGMENT_EVENT, array(&$idSegment));
$segment = $this->getSegmentOrFail($idSegment);
$db = Zend_Registry::get('db');
$db->delete(Common::prefixTable('segment'), 'idsegment = ' . $idSegment);
return true;
}
/**
* Modifies an existing stored segment.
*
* @param int $idSegment The ID of the stored segment to modify.
* @param string $name The new name of the segment.
* @param string $definition The new definition of the segment.
* @param bool $idSite If supplied, associates the stored segment with as single site.
* @param bool $autoArchive Whether to automatically archive data with the segment or not.
* @param bool $enabledAllUsers Whether the stored segment is viewable by all users or just the one that created it.
*
* @return bool
*/
public function update($idSegment, $name, $definition, $idSite = false, $autoArchive = false, $enabledAllUsers = false)
{
$this->checkUserIsNotAnonymous();
$segment = $this->getSegmentOrFail($idSegment);
$idSite = $this->checkIdSite($idSite);
$this->checkSegmentName($name);
$definition = $this->checkSegmentValue($definition, $idSite);
$enabledAllUsers = $this->checkEnabledAllUsers($enabledAllUsers);
$autoArchive = $this->checkAutoArchive($autoArchive, $idSite);
$bind = array(
'name' => $name,
'definition' => $definition,
'enable_all_users' => $enabledAllUsers,
'enable_only_idsite' => $idSite,
'auto_archive' => $autoArchive,
'ts_last_edit' => Date::now()->getDatetime(),
);
$db = Zend_Registry::get('db');
$db->update(Common::prefixTable("segment"),
$bind,
"idsegment = $idSegment"
);
return true;
}
/**
* Adds a new stored segment.
*
* @param string $name The new name of the segment.
* @param string $definition The new definition of the segment.
* @param bool $idSite If supplied, associates the stored segment with as single site.
* @param bool $autoArchive Whether to automatically archive data with the segment or not.
* @param bool $enabledAllUsers Whether the stored segment is viewable by all users or just the one that created it.
*
* @return int The newly created segment Id
*/
public function add($name, $definition, $idSite = false, $autoArchive = false, $enabledAllUsers = false)
{
$this->checkUserIsNotAnonymous();
$idSite = $this->checkIdSite($idSite);
$this->checkSegmentName($name);
$definition = $this->checkSegmentValue($definition, $idSite);
$enabledAllUsers = $this->checkEnabledAllUsers($enabledAllUsers);
$autoArchive = $this->checkAutoArchive($autoArchive, $idSite);
$db = Zend_Registry::get('db');
$bind = array(
'name' => $name,
'definition' => $definition,
'login' => Piwik::getCurrentUserLogin(),
'enable_all_users' => $enabledAllUsers,
'enable_only_idsite' => $idSite,
'auto_archive' => $autoArchive,
'ts_created' => Date::now()->getDatetime(),
'deleted' => 0,
);
$db->insert(Common::prefixTable("segment"), $bind);
return $db->lastInsertId();
}
/**
* Returns a stored segment by ID
*
* @param $idSegment
* @throws Exception
* @return bool
*/
public function get($idSegment)
{
Piwik::checkUserHasSomeViewAccess();
if (!is_numeric($idSegment)) {
throw new Exception("idSegment should be numeric.");
}
$segment = Zend_Registry::get('db')->fetchRow("SELECT * " .
" FROM " . Common::prefixTable("segment") .
" WHERE idsegment = ?", $idSegment);
if (empty($segment)) {
return false;
}
try {
Piwik::checkUserIsSuperUserOrTheUser($segment['login']);
} catch (Exception $e) {
throw new Exception("You can only edit the custom segments you have created yourself. This segment was created and 'shared with you' by the Super User. " .
"To modify this segment, you can first create a new one by clicking on 'Add new segment'. Then you can customize the segment's definition.");
}
if ($segment['deleted']) {
throw new Exception("This segment is marked as deleted. ");
}
return $segment;
}
/**
* Returns all stored segments.
*
* @param bool $idSite Whether to return stored segments that are only auto-archived for a specific idSite, or all of them. If supplied, must be a valid site ID.
* @param bool $returnOnlyAutoArchived Whether to only return stored segments that are auto-archived or not.
* @return array
*/
public function getAll($idSite = false, $returnOnlyAutoArchived = false)
{
if(!empty($idSite) ) {
Piwik::checkUserHasViewAccess($idSite);
} else {
Piwik::checkUserHasSomeViewAccess();
}
$bind = array();
// Build basic segment filtering
$whereIdSite = '';
if(!empty($idSite)) {
$whereIdSite = 'enable_only_idsite = ? OR ';
$bind[] = $idSite;
}
$bind[] = Piwik::getCurrentUserLogin();
$extraWhere = '';
if($returnOnlyAutoArchived) {
$extraWhere = ' AND auto_archive = 1';
}
// Query
$sql = "SELECT * " .
" FROM " . Common::prefixTable("segment") .
" WHERE ($whereIdSite enable_only_idsite = 0)
AND (enable_all_users = 1 OR login = ?)
AND deleted = 0
$extraWhere
ORDER BY name ASC";
$segments = Zend_Registry::get('db')->fetchAll($sql, $bind);
return $segments;
}
}
|
