Refactoring: added controlled middleware and changed response class

author: Frederic Guillot <fred@kanboard.net> 2016-05-15 18:31:47 -0400
committer: Frederic Guillot <fred@kanboard.net> 2016-05-15 18:31:47 -0400
commit: 67b836164997527b91452b19adbcb8aa3c5decf1 (patch)
tree: b5876d311912e97b0592c7e208639f7b52813a75 /app/Controller/BaseController.php
parent: 108e867605dbc7ece4cbcbecc89a674e9c154a9b (diff)
1 files changed, 158 insertions, 0 deletions
diff --git a/app/Controller/BaseController.php b/app/Controller/BaseController.php
new file mode 100644
index 00000000..ad02f708
--- /dev/null
+++ b/app/Controller/BaseController.php
@@ -0,0 +1,158 @@
+<?php
+
+namespace Kanboard\Controller;
+
+use Kanboard\Core\Base;
+use Kanboard\Core\Controller\AccessForbiddenException;
+use Kanboard\Core\Controller\PageNotFoundException;
+
+/**
+ * Base Controller
+ *
+ * @package  Kanboard\Controller
+ * @author   Frederic Guillot
+ */
+abstract class BaseController extends Base
+{
+    /**
+     * Check if the CSRF token from the URL is correct
+     *
+     * @access protected
+     */
+    protected function checkCSRFParam()
+    {
+        if (! $this->token->validateCSRFToken($this->request->getStringParam('csrf_token'))) {
+            throw new AccessForbiddenException();
+        }
+    }
+
+    /**
+     * Check webhook token
+     *
+     * @access protected
+     */
+    protected function checkWebhookToken()
+    {
+        if ($this->config->get('webhook_token') !== $this->request->getStringParam('token')) {
+            $this->response->text('Not Authorized', 401);
+        }
+    }
+
+    /**
+     * Common method to get a task for task views
+     *
+     * @access protected
+     * @return array
+     * @throws PageNotFoundException
+     * @throws AccessForbiddenException
+     */
+    protected function getTask()
+    {
+        $project_id = $this->request->getIntegerParam('project_id');
+        $task = $this->taskFinder->getDetails($this->request->getIntegerParam('task_id'));
+
+        if (empty($task)) {
+            throw new PageNotFoundException();
+        }
+
+        if ($project_id !== 0 && $project_id != $task['project_id']) {
+            throw new AccessForbiddenException();
+        }
+
+        return $task;
+    }
+
+    /**
+     * Get Task or Project file
+     *
+     * @access protected
+     * @return array
+     * @throws PageNotFoundException
+     * @throws AccessForbiddenException
+     */
+    protected function getFile()
+    {
+        $task_id = $this->request->getIntegerParam('task_id');
+        $file_id = $this->request->getIntegerParam('file_id');
+        $model = 'projectFile';
+
+        if ($task_id > 0) {
+            $model = 'taskFile';
+            $project_id = $this->taskFinder->getProjectId($task_id);
+
+            if ($project_id !== $this->request->getIntegerParam('project_id')) {
+                throw new AccessForbiddenException();
+            }
+        }
+
+        $file = $this->$model->getById($file_id);
+
+        if (empty($file)) {
+            throw new PageNotFoundException();
+        }
+
+        $file['model'] = $model;
+        return $file;
+    }
+
+    /**
+     * Common method to get a project
+     *
+     * @access protected
+     * @param  integer      $project_id    Default project id
+     * @return array
+     * @throws PageNotFoundException
+     */
+    protected function getProject($project_id = 0)
+    {
+        $project_id = $this->request->getIntegerParam('project_id', $project_id);
+        $project = $this->project->getByIdWithOwner($project_id);
+
+        if (empty($project)) {
+            throw new PageNotFoundException();
+        }
+
+        return $project;
+    }
+
+    /**
+     * Common method to get the user
+     *
+     * @access protected
+     * @return array
+     * @throws PageNotFoundException
+     * @throws AccessForbiddenException
+     */
+    protected function getUser()
+    {
+        $user = $this->user->getById($this->request->getIntegerParam('user_id', $this->userSession->getId()));
+
+        if (empty($user)) {
+            throw new PageNotFoundException();
+        }
+
+        if (! $this->userSession->isAdmin() && $this->userSession->getId() != $user['id']) {
+            throw new AccessForbiddenException();
+        }
+
+        return $user;
+    }
+
+    /**
+     * Get the current subtask
+     *
+     * @access protected
+     * @return array
+     * @throws PageNotFoundException
+     */
+    protected function getSubtask()
+    {
+        $subtask = $this->subtask->getById($this->request->getIntegerParam('subtask_id'));
+
+        if (empty($subtask)) {
+            throw new PageNotFoundException();
+        }
+
+        return $subtask;
+    }
+}
author	Frederic Guillot <fred@kanboard.net>	2016-05-15 18:31:47 -0400
committer	Frederic Guillot <fred@kanboard.net>	2016-05-15 18:31:47 -0400
commit	67b836164997527b91452b19adbcb8aa3c5decf1 (patch)
tree	b5876d311912e97b0592c7e208639f7b52813a75 /app/Controller/BaseController.php
parent	108e867605dbc7ece4cbcbecc89a674e9c154a9b (diff)