AhmedYahyaE
diff --git a/‎.htaccess
+25 b/‎.htaccess
+25
diff --git a/‎App/Controllers/Admin/AccessController.php
+52 b/‎App/Controllers/Admin/AccessController.php
+52
diff --git a/‎App/Controllers/Admin/AdsController.php
+210 b/‎App/Controllers/Admin/AdsController.php
+210
@@ -0,0 +1,25 @@
+# If the mod_rewrite module is enabled (in the central Apache configuration file "httpd.conf")
+<IfModule mod_rewrite.c>
+    # Enable the mod_rewrite engine, allowing URL rewriting rules to take effect
+    RewriteEngine On
+
+    # Allow the server to follow symbolic links, Prevent Indexing (i.e. directory listing)
+	Options +FollowSymLinks -Indexes
+
+    # Handle Front Controller...
+    # The rewrite conditions (the conditions when rewrite rule are required to be activated)
+    # These rewrite conditions ensure that the rewrite rule is only applied if the requested URL does not correspond to an existing directory or file
+    # If the requested filename is not a directory (!-d)
+    RewriteCond %{REQUEST_FILENAME} !-d
+    # If the requested filename is not a regular file (!-f)
+    RewriteCond %{REQUEST_FILENAME} !-f
+
+    # Then, the rewrite rule is
+
+    # The rewrite rule
+    RewriteRule ^(.*)$ index.php [QSA,L]
+    # The [QSA] flag stands for "Query String Append." When this flag is used in a RewriteRule, it instructs Apache to append the existing query string from the original URL to the rewritten URL. The [L] flag indicates that this is the last rule to process if the conditions are met.
+
+    #    ^(.*)$    Regular Expression. ^ is a metacharacter that denotes the start of a string or line. $ is a metacharacter that denotes the end of a string or line. () is a capturing group that captures the matched sequence of characters. . matches any single character except for a newline character. * is a quantifier that matches zero or more occurrences of the preceding element (in this case, .). Combining these elements,    ^(.*)$    will match any sequence of characters from the beginning (^) to the end ($) of a string and capture it within the parentheses. It effectively captures the entire input string.
+    # Summary: If the requested URL doesn't correspond to an existing directory or file, redirect all requests (anything) to 'index.php'. Also, prevent directory indexing and allow the server to follow symbolic links.
+</IfModule>
@@ -0,0 +1,52 @@
+<?php
+
+namespace App\Controllers\Admin;
+
+use System\Controller;
+
+class AccessController extends Controller
+{
+    /**
+    * Check User Permissions to access admin pages
+    *
+    * @return void
+    */
+    public function index()
+    {
+        $loginModel = $this->load->model('Login');
+
+        $ignoredPages = ['/admin/login', '/admin/login/submit'];
+                         
+        $currentRoute = $this->route->getCurrentRouteUrl();
+
+        // First Scenario :
+        // User is not logged in and he is not requesting login page
+        // then we will redirect him to login page
+        if (($isNotLogged =  ! $loginModel->isLogged()) AND ! in_array($currentRoute , $ignoredPages)) {
+            return $this->url->redirectTo('/admin/login');
+        }
+
+        // On going to this line
+        // it means that there are two possibilities
+        // First One the user is not logged in and he is requesting login page
+        // Second One the user is logged in successfully and he is requesting
+        // an admin page
+
+        if ($isNotLogged) {
+            return false;
+        }
+
+        $user = $loginModel->user();
+
+        $usersGroupsModel = $this->load->model('UsersGroups');
+
+        $usersGroup = $usersGroupsModel->get($user->users_group_id);
+
+        // If the user doesn't have permissions to access this page
+        //  then he will be redirected to 404 page
+        if (! in_array($currentRoute, $usersGroup->pages)) {
+            // we may create access-denied page
+            return $this->url->redirectTo('/404');
+        }
+    }
+}
@@ -0,0 +1,210 @@
+<?php
+
+namespace App\Controllers\Admin;
+
+use System\Controller;
+
+class AdsController extends Controller
+{
+    /**
+    * Display Ads  List
+    *
+    * @return mixed
+    */
+    public function index()
+    {
+        $this->html->setTitle('Ads');
+
+        $data['ads'] = $this->load->model('Ads')->all();
+
+        $data['success'] = $this->session->has('success') ? $this->session->pull('success') : null;
+
+        $view = $this->view->render('admin/ads/list', $data);
+
+        return $this->adminLayout->render($view);
+    }
+
+    /**
+    * Open Ads  Form
+    *
+    * @return string
+    */
+    public function add()
+    {
+        return $this->form();
+    }
+
+    /**
+    * Submit for creating new ad
+    *
+    * @return string | json
+    */
+    public function submit()
+    {
+        $json = [];
+
+        if ($this->isValid()) {
+            // it means there are no errors in form validation
+            $this->load->model('Ads')->create();
+
+            $json['success'] = 'Ad Has Been Created Successfully';
+
+            $json['redirectTo'] = $this->url->link('/admin/ads');
+        } else {
+            // it means there are errors in form validation
+            $json['errors'] = $this->validator->flattenMessages();
+        }
+
+        return $this->json($json);
+    }
+
+     /**
+     * Display Edit Form
+     *
+     * @param int $id
+     * @return string
+     */
+    public function edit($id)
+    {
+        $adsModel = $this->load->model('Ads');
+
+        if (! $adsModel->exists($id)) {
+            return $this->url->redirectTo('/404');
+        }
+
+        $ad = $adsModel->get($id);
+
+        return $this->form($ad);
+    }
+
+     /**
+     * Display Form
+     *
+     * @param \stdClass $ad
+     */
+    private function form($ad = null)
+    {
+        if ($ad) {
+            // editing form
+            $data['target'] = 'edit-ad-' . $ad->id;
+
+            $data['action'] = $this->url->link('/admin/ads/save/' . $ad->id);
+
+            $data['heading'] = 'Edit ' . $ad->title;
+        } else {
+            // adding form
+            $data['target'] = 'add-ad-form';
+
+            $data['action'] = $this->url->link('/admin/ads/submit');
+
+            $data['heading'] = 'Add New Ad';
+        }
+
+        $ad = (array) $ad;
+
+        $data['link'] = array_get($ad, 'link');
+        $data['name'] = array_get($ad, 'name');
+        $data['ad_page'] = array_get($ad, 'page');
+        $data['status'] = array_get($ad, 'status', 'enabled');
+
+        $data['start_at'] = ! empty($ad['start_at']) ? date('d-m-Y', $ad['start_at']) : false;
+        $data['end_at'] = ! empty($ad['end_at']) ? date('d-m-Y', $ad['end_at']) : false;
+
+        $data['image'] = '';
+
+        if (! empty($ad['image'])) {
+            // default path to upload ad image : public/images
+            $data['image'] = $this->url->link('public/images/' . $ad['image']);
+        }
+
+        $data['pages'] = $this->getPermissionPages();
+
+        return $this->view->render('admin/ads/form', $data);
+    }
+
+     /**
+     * Get All Permission Pages
+     *
+     * @return array
+     */
+     private function getPermissionPages()
+     {
+         $permissions = [];
+
+         foreach ($this->route->routes() AS $route) {
+             if (strpos($route['url'], '/admin') !== 0) {
+                 $permissions[] = $route['url'];
+             }
+         }
+
+         return $permissions;
+     }
+
+    /**
+    * Submit for creating new ad
+    *
+    * @return string | json
+    */
+    public function save($id)
+    {
+        $json = [];
+
+        if ($this->isValid($id)) {
+            // it means there are no errors in form validation
+            $this->load->model('Ads')->update($id);
+
+            $json['success'] = 'Ads  Has Been Updated Successfully';
+
+            $json['redirectTo'] = $this->url->link('/admin/ads');
+        } else {
+            // it means there are errors in form validation
+            $json['errors'] = $this->validator->flattenMessages();
+        }
+
+        return $this->json($json);
+    }
+
+     /**
+     * Delete Record
+     *
+     * @param int $id
+     * @return mixed
+     */
+    public function delete($id)
+    {
+        $adsModel = $this->load->model('Ads');
+
+        if (! $adsModel->exists($id)) {
+            return $this->url->redirectTo('/404');
+        }
+
+        $adsModel->delete($id);
+
+        $json['success'] = 'Ad Has Been Deleted Successfully';
+
+        return $this->json($json);
+    }
+
+     /**
+     * Validate the form
+     *
+     * @param int $id
+     * @return bool
+     */
+    private function isValid($id = null)
+    {
+        $this->validator->required('name');
+        $this->validator->required('link');
+        $this->validator->required('page');
+        $this->validator->required('start_at');
+        $this->validator->required('end_at');
+
+        if (is_null($id)) {
+            $this->validator->requiredFile('image')->image('image');
+        } else {
+            $this->validator->image('image');
+        }
+
+        return $this->validator->passes();
+    }
+}