From 8ddc56eec5f1c1d035aa06b24436df8b40514272 Mon Sep 17 00:00:00 2001 From: Matias Griese Date: Fri, 23 Aug 2019 12:54:41 +0300 Subject: [PATCH] Pages: Updated parent field logic --- classes/plugin/AdminBaseController.php | 82 ++++++++++++++++++++++---- classes/plugin/AdminController.php | 36 ++++++----- 2 files changed, 89 insertions(+), 29 deletions(-) diff --git a/classes/plugin/AdminBaseController.php b/classes/plugin/AdminBaseController.php index 3dac61f0..3d8c0c33 100644 --- a/classes/plugin/AdminBaseController.php +++ b/classes/plugin/AdminBaseController.php @@ -15,7 +15,10 @@ use Grav\Common\User\Interfaces\UserInterface; use Grav\Common\Utils; use Grav\Common\Plugin; use Grav\Common\Theme; -use Grav\Framework\Psr7\Response; +use Grav\Framework\Controller\Traits\ControllerResponseTrait; +use Grav\Framework\RequestHandler\Exception\RequestException; +use Psr\Http\Message\ResponseInterface; +use Psr\Http\Message\ServerRequestInterface; use RocketTheme\Toolbox\Event\Event; use RocketTheme\Toolbox\File\File; @@ -26,6 +29,8 @@ use RocketTheme\Toolbox\File\File; */ class AdminBaseController { + use ControllerResponseTrait; + /** * @var Grav */ @@ -109,16 +114,22 @@ class AdminBaseController if (method_exists($this, $method)) { try { - $success = $this->{$method}(); + $response = $this->{$method}(); + } catch (RequestException $e) { + $response = $this->createErrorResponse($e); } catch (\RuntimeException $e) { - $success = true; + $response = true; $this->admin->setMessage($e->getMessage(), 'error'); } } else { - $success = $this->grav->fireEvent('onAdminTaskExecute', + $response = $this->grav->fireEvent('onAdminTaskExecute', new Event(['controller' => $this, 'method' => $method])); } + if ($response instanceof ResponseInterface) { + $this->close($response); + } + // Grab redirect parameter. $redirect = $this->post['_redirect'] ?? null; unset($this->post['_redirect']); @@ -128,7 +139,7 @@ class AdminBaseController $this->setRedirect($redirect); } - return $success; + return $response; } protected function validateNonce() @@ -216,15 +227,16 @@ class AdminBaseController protected function sendJsonResponse(array $json, $code = 200): void { // JSON response. - $response = new Response( - $code, - [ - 'Content-Type' => 'application/json', - 'Cache-Control' => 'no-cache, no-store, must-revalidate' - ], - json_encode($json) - ); + $response = $this->createJsonResponse($json, $code); + $this->close($response); + } + + /** + * @param ResponseInterface $response + */ + protected function close(ResponseInterface $response): void + { $this->grav->close($response); } @@ -467,6 +479,21 @@ class AdminBaseController return true; } + /** + * Checks if the user is allowed to perform the given task with its associated permissions. + * Throws exception if the check fails. + * + * @param string $task The task to execute + * @param array $permissions The permissions given + * @throws RequestException + */ + public function checkTaskAuthorization($task = '', $permissions = []) + { + if (!$this->admin->authorize($permissions)) { + throw new RequestException($this->getRequest(), $this->admin::translate('PLUGIN_ADMIN.INSUFFICIENT_PERMISSIONS_FOR_TASK') . ' ' . $task . '.', 403); + } + } + /** * Gets the permissions needed to access a given view * @@ -1085,4 +1112,33 @@ class AdminBaseController return true; } + + /** + * @param string $message + * @param string $type + * @return $this + */ + protected function setMessage(string $message, string $type = 'info'): self + { + $this->admin->setMessage($message, $type); + + return $this; + } + + /** + * @return Config + */ + protected function getConfig(): Config + { + return $this->grav['config']; + } + + /** + * @return ServerRequestInterface + */ + protected function getRequest(): ServerRequestInterface + { + /** @var ServerRequestInterface $request */ + return $this->grav['request']; + } } diff --git a/classes/plugin/AdminController.php b/classes/plugin/AdminController.php index e53b548d..fc3e1188 100644 --- a/classes/plugin/AdminController.php +++ b/classes/plugin/AdminController.php @@ -24,9 +24,11 @@ use Grav\Common\User\Interfaces\UserCollectionInterface; use Grav\Common\User\User; use Grav\Common\Utils; use Grav\Framework\Psr7\Response; +use Grav\Framework\RequestHandler\Exception\RequestException; use Grav\Plugin\Login\TwoFactorAuth\TwoFactorAuth; use Grav\Common\Yaml; use PicoFeed\Parser\MalformedXmlException; +use Psr\Http\Message\ResponseInterface; use RocketTheme\Toolbox\Event\Event; use RocketTheme\Toolbox\File\File; use RocketTheme\Toolbox\ResourceLocator\UniformResourceLocator; @@ -75,7 +77,7 @@ class AdminController extends AdminBaseController { $response = new Response(200); - $this->grav->close($response); + $this->close($response); } /** @@ -612,7 +614,7 @@ class AdminController extends AdminBaseController if (0 !== strpos($file, $backups_root_dir)) { $response = new Response(401); - $this->grav->close($response); + $this->close($response); } Utils::download($file, true); @@ -1693,37 +1695,39 @@ class AdminController extends AdminBaseController * $data['base'] = $this->grav['uri']->param('base'); * $initial = (bool) $this->grav['uri']->param('initial'); * - * @return bool + * @return ResponseInterface + * @throws RequestException */ - protected function taskGetFolderListing() + protected function taskGetLevelListing(): ResponseInterface { -// if (!$this->authorizeTask('save', $this->dataPermissions())) { -// return false; -// } + $this->checkTaskAuthorization('save', $this->dataPermissions()); - // Get data from post - $data = $this->post; + $request = $this->getRequest(); + $data = $request->getParsedBody(); + + if (!isset($data['field'])) { + throw new RequestException($request, 'Bad Request', 400); + } // Base64 decode the route $data['route'] = isset($data['route']) ? base64_decode($data['route']) : null; - $initial = $data['initial'] ?? null; + $initial = $data['initial'] ?? null; if ($initial) { $data['leaf_route'] = $data['route']; $data['route'] = null; $data['level'] = 1; } - list($status, $message, $response) = $this->getFolderListing($data); + [$status, $message, $response] = $this->getLevelListing($data); - $this->admin->json_response = [ + $json = [ 'status' => $status, 'message' => $this->admin::translate($message ?? 'PLUGIN_ADMIN.NO_ROUTE_PROVIDED'), 'data' => array_values($response) ]; - return true; - + return $this->createJsonResponse($json, 200); } protected function taskGetChildTypes() @@ -2260,7 +2264,7 @@ class AdminController extends AdminBaseController return true; } - protected function getFolderListing($data) + protected function getLevelListing($data) { // Valid types are dir|file|link $default_filters = ['type'=> ['root', 'dir'], 'name' => null, 'extension' => null]; @@ -2295,7 +2299,7 @@ class AdminController extends AdminBaseController $sub_route = '/' . implode('/', array_slice($nodes, 1, $data['level']++ )); $data['route'] = $sub_route; - list($status, $msg, $children, $extra) = $this->getFolderListing($data); + list($status, $msg, $children, $extra,) = $this->getLevelListing($data); }