- added interface - for CRUD, ensures all methods are present and aligned.
- added trait for checking authorisation with redirect stored in session to return - shows which controllers requires auth, adds check function
This commit is contained in:
parent
baa051ab11
commit
a852dccd8b
@ -2,11 +2,7 @@
|
||||
|
||||
class AttachmentController {
|
||||
|
||||
private function check_access($f3){
|
||||
if(!$f3->exists('SESSION.user')){
|
||||
$f3->reroute('/login');
|
||||
}
|
||||
}
|
||||
use RequiresAuth;
|
||||
|
||||
// list attachments
|
||||
public function index($f3){
|
||||
|
||||
@ -1,13 +1,8 @@
|
||||
<?php
|
||||
|
||||
class KBController {
|
||||
class KBController implements CRUD {
|
||||
|
||||
protected function check_access($f3){
|
||||
if(!$f3->exists('SESSION.user')){
|
||||
// $f3->set('SESSION.error', 'You don\'t have permission for this ticket.');
|
||||
$f3->reroute('/login');
|
||||
}
|
||||
}
|
||||
use RequiresAuth;
|
||||
|
||||
public function index($f3){
|
||||
|
||||
|
||||
@ -1,12 +1,8 @@
|
||||
<?php
|
||||
|
||||
class TagController {
|
||||
class TagController implements CRUD {
|
||||
|
||||
protected function check_access($f3){
|
||||
if(!$f3->exists('SESSION.user')){
|
||||
$f3->reroute('/login');
|
||||
}
|
||||
}
|
||||
use RequiresAuth;
|
||||
|
||||
/**
|
||||
* List all tags
|
||||
@ -40,5 +36,20 @@ class TagController {
|
||||
$db->exec('INSERT IGNORE INTO tags (name, color) VALUES (?, ?)', [$name, $color]);
|
||||
$f3->reroute('/tags');
|
||||
}
|
||||
|
||||
public function view($f3)
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
public function editForm($f3)
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
public function update($f3)
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
@ -1,6 +1,8 @@
|
||||
<?php
|
||||
|
||||
class TicketController {
|
||||
class TicketController implements CRUD {
|
||||
|
||||
use RequiresAuth;
|
||||
|
||||
// list all tickts
|
||||
public function index($f3){
|
||||
@ -22,6 +24,7 @@ class TicketController {
|
||||
}
|
||||
|
||||
// view a single ticket
|
||||
// TODO_PROJECTS: show a link back to the related project
|
||||
public function view($f3){
|
||||
$this->check_access($f3);
|
||||
|
||||
@ -41,6 +44,7 @@ class TicketController {
|
||||
}
|
||||
|
||||
// show create form
|
||||
// TODO_PROJECTS: dropdown to associate ticket with project
|
||||
public function createForm($f3){
|
||||
$this->check_access($f3);
|
||||
$f3->set('content', '../ui/views/ticket/create.html');
|
||||
@ -92,6 +96,7 @@ class TicketController {
|
||||
|
||||
// show edit form
|
||||
// including custom forms
|
||||
// TODO_PROJECTS: allow reasssigning or removing a project association
|
||||
public function editForm($f3){
|
||||
$this->check_access($f3);
|
||||
|
||||
@ -207,12 +212,7 @@ class TicketController {
|
||||
$f3->reroute('/ticket/' . $parent_id);
|
||||
}
|
||||
|
||||
protected function check_access($f3){
|
||||
if(!$f3->exists('SESSION.user')){
|
||||
// $f3->set('SESSION.error', 'You don\'t have permission for this ticket.');
|
||||
$f3->reroute('/login');
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
protected function get_ticket_check_edit_permission($f3){
|
||||
|
||||
|
||||
@ -1,16 +1,11 @@
|
||||
<?php
|
||||
|
||||
class UserController {
|
||||
class UserController implements CRUD {
|
||||
|
||||
use RequiresAuth;
|
||||
|
||||
// list all users (admin only)
|
||||
|
||||
protected function check_access($f3){
|
||||
$current_user = $f3->get('SESSION.user');
|
||||
if(!$current_user || $current_user['role_name'] !== 'admin'){
|
||||
$f3->reroute('/login');
|
||||
}
|
||||
}
|
||||
|
||||
public function index($f3){
|
||||
|
||||
$this->check_access($f3);
|
||||
@ -59,4 +54,20 @@ class UserController {
|
||||
[$new_username, $user_id]);
|
||||
$f3->reroute('/users');
|
||||
}
|
||||
|
||||
public function createForm($f3)
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
public function create($f3)
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
public function view($f3)
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
25
app/interfaces/CRUD.php
Normal file
25
app/interfaces/CRUD.php
Normal file
@ -0,0 +1,25 @@
|
||||
<?php
|
||||
|
||||
interface CRUD {
|
||||
|
||||
|
||||
// list all
|
||||
public function index($f3);
|
||||
|
||||
// show form
|
||||
public function createForm($f3);
|
||||
|
||||
// handle POST
|
||||
public function create($f3);
|
||||
|
||||
// show single
|
||||
public function view($f3);
|
||||
|
||||
// show edit form
|
||||
public function editForm($f3);
|
||||
|
||||
// handle post
|
||||
public function update($f3);
|
||||
|
||||
|
||||
}
|
||||
13
app/traits/RequiresAuth.php
Normal file
13
app/traits/RequiresAuth.php
Normal file
@ -0,0 +1,13 @@
|
||||
<?php
|
||||
|
||||
trait RequiresAuth {
|
||||
|
||||
public function check_access($f3){
|
||||
if(!$f3->exists('SESSION.user')){
|
||||
// $f3->set('SESSION.error', 'You don\'t have permission for this ticket.');
|
||||
$f3->set('SESSION.redirect', $f3->get('PATH'));
|
||||
$f3->reroute('/login');
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user