From 67b836164997527b91452b19adbcb8aa3c5decf1 Mon Sep 17 00:00:00 2001 From: Frederic Guillot Date: Sun, 15 May 2016 18:31:47 -0400 Subject: Refactoring: added controlled middleware and changed response class --- app/Controller/BaseController.php | 158 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 158 insertions(+) create mode 100644 app/Controller/BaseController.php (limited to 'app/Controller/BaseController.php') diff --git a/app/Controller/BaseController.php b/app/Controller/BaseController.php new file mode 100644 index 00000000..ad02f708 --- /dev/null +++ b/app/Controller/BaseController.php @@ -0,0 +1,158 @@ +token->validateCSRFToken($this->request->getStringParam('csrf_token'))) { + throw new AccessForbiddenException(); + } + } + + /** + * Check webhook token + * + * @access protected + */ + protected function checkWebhookToken() + { + if ($this->config->get('webhook_token') !== $this->request->getStringParam('token')) { + $this->response->text('Not Authorized', 401); + } + } + + /** + * Common method to get a task for task views + * + * @access protected + * @return array + * @throws PageNotFoundException + * @throws AccessForbiddenException + */ + protected function getTask() + { + $project_id = $this->request->getIntegerParam('project_id'); + $task = $this->taskFinder->getDetails($this->request->getIntegerParam('task_id')); + + if (empty($task)) { + throw new PageNotFoundException(); + } + + if ($project_id !== 0 && $project_id != $task['project_id']) { + throw new AccessForbiddenException(); + } + + return $task; + } + + /** + * Get Task or Project file + * + * @access protected + * @return array + * @throws PageNotFoundException + * @throws AccessForbiddenException + */ + protected function getFile() + { + $task_id = $this->request->getIntegerParam('task_id'); + $file_id = $this->request->getIntegerParam('file_id'); + $model = 'projectFile'; + + if ($task_id > 0) { + $model = 'taskFile'; + $project_id = $this->taskFinder->getProjectId($task_id); + + if ($project_id !== $this->request->getIntegerParam('project_id')) { + throw new AccessForbiddenException(); + } + } + + $file = $this->$model->getById($file_id); + + if (empty($file)) { + throw new PageNotFoundException(); + } + + $file['model'] = $model; + return $file; + } + + /** + * Common method to get a project + * + * @access protected + * @param integer $project_id Default project id + * @return array + * @throws PageNotFoundException + */ + protected function getProject($project_id = 0) + { + $project_id = $this->request->getIntegerParam('project_id', $project_id); + $project = $this->project->getByIdWithOwner($project_id); + + if (empty($project)) { + throw new PageNotFoundException(); + } + + return $project; + } + + /** + * Common method to get the user + * + * @access protected + * @return array + * @throws PageNotFoundException + * @throws AccessForbiddenException + */ + protected function getUser() + { + $user = $this->user->getById($this->request->getIntegerParam('user_id', $this->userSession->getId())); + + if (empty($user)) { + throw new PageNotFoundException(); + } + + if (! $this->userSession->isAdmin() && $this->userSession->getId() != $user['id']) { + throw new AccessForbiddenException(); + } + + return $user; + } + + /** + * Get the current subtask + * + * @access protected + * @return array + * @throws PageNotFoundException + */ + protected function getSubtask() + { + $subtask = $this->subtask->getById($this->request->getIntegerParam('subtask_id')); + + if (empty($subtask)) { + throw new PageNotFoundException(); + } + + return $subtask; + } +} -- cgit v1.2.3