summaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
Diffstat (limited to 'app')
-rw-r--r--app/Controller/Base.php28
-rw-r--r--app/Core/Http/Router.php2
2 files changed, 16 insertions, 14 deletions
diff --git a/app/Controller/Base.php b/app/Controller/Base.php
index 6d0ecae9..b090356e 100644
--- a/app/Controller/Base.php
+++ b/app/Controller/Base.php
@@ -17,18 +17,18 @@ abstract class Base extends \Kanboard\Core\Base
*
* @access public
*/
- public function beforeAction($controller, $action)
+ public function beforeAction()
{
$this->sessionManager->open();
$this->dispatcher->dispatch('app.bootstrap');
- $this->sendHeaders($action);
+ $this->sendHeaders();
$this->authenticationManager->checkCurrentSession();
- if (! $this->applicationAuthorization->isAllowed($controller, $action, Role::APP_PUBLIC)) {
+ if (! $this->applicationAuthorization->isAllowed($this->router->getController(), $this->router->getAction(), Role::APP_PUBLIC)) {
$this->handleAuthentication();
- $this->handlePostAuthentication($controller, $action);
- $this->checkApplicationAuthorization($controller, $action);
- $this->checkProjectAuthorization($controller, $action);
+ $this->handlePostAuthentication();
+ $this->checkApplicationAuthorization();
+ $this->checkProjectAuthorization();
}
}
@@ -37,7 +37,7 @@ abstract class Base extends \Kanboard\Core\Base
*
* @access private
*/
- private function sendHeaders($action)
+ private function sendHeaders()
{
// HTTP secure headers
$this->response->csp($this->container['cspRules']);
@@ -45,7 +45,7 @@ abstract class Base extends \Kanboard\Core\Base
$this->response->xss();
// Allow the public board iframe inclusion
- if (ENABLE_XFRAME && $action !== 'readonly') {
+ if (ENABLE_XFRAME && $this->router->getAction() !== 'readonly') {
$this->response->xframe();
}
@@ -76,8 +76,10 @@ abstract class Base extends \Kanboard\Core\Base
*
* @access private
*/
- private function handlePostAuthentication($controller, $action)
+ private function handlePostAuthentication()
{
+ $controller = strtolower($this->router->getController());
+ $action = strtolower($this->router->getAction());
$ignore = ($controller === 'twofactor' && in_array($action, array('code', 'check'))) || ($controller === 'auth' && $action === 'logout');
if ($ignore === false && $this->userSession->hasPostAuthentication() && ! $this->userSession->isPostAuthenticationValidated()) {
@@ -94,9 +96,9 @@ abstract class Base extends \Kanboard\Core\Base
*
* @access private
*/
- private function checkApplicationAuthorization($controller, $action)
+ private function checkApplicationAuthorization()
{
- if (! $this->helper->user->hasAccess($controller, $action)) {
+ if (! $this->helper->user->hasAccess($this->router->getController(), $this->router->getAction())) {
$this->forbidden();
}
}
@@ -106,7 +108,7 @@ abstract class Base extends \Kanboard\Core\Base
*
* @access private
*/
- private function checkProjectAuthorization($controller, $action)
+ private function checkProjectAuthorization()
{
$project_id = $this->request->getIntegerParam('project_id');
$task_id = $this->request->getIntegerParam('task_id');
@@ -116,7 +118,7 @@ abstract class Base extends \Kanboard\Core\Base
$project_id = $this->taskFinder->getProjectId($task_id);
}
- if ($project_id > 0 && ! $this->helper->user->hasProjectAccess($controller, $action, $project_id)) {
+ if ($project_id > 0 && ! $this->helper->user->hasProjectAccess($this->router->getController(), $this->router->getAction(), $project_id)) {
$this->forbidden();
}
}
diff --git a/app/Core/Http/Router.php b/app/Core/Http/Router.php
index 8b58a947..0fe80ecc 100644
--- a/app/Core/Http/Router.php
+++ b/app/Core/Http/Router.php
@@ -147,7 +147,7 @@ class Router extends Base
}
$instance = new $class($this->container);
- $instance->beforeAction($this->controller, $this->action);
+ $instance->beforeAction();
$instance->{$this->action}();
return $instance;
}